Commit Graph

8118 Commits

Author SHA1 Message Date
Nick Mathewson
ab87b61a9d Don't unlock a new log until done logging the tor version.
This might please coverity scan.
2010-01-25 14:09:18 -05:00
Sebastian Hahn
7e89cc31ab Be quieter about failing to decode authority digests
This was freaking out some relay operators without good reason, as
it is nothing the relay operator can do anything about anyways.

Quieting this warning suggested by rieo.
2010-01-25 18:05:20 +01:00
Nick Mathewson
a93cabd9ab Since dump_microdescriptor() can return -1; make its type ssize_t 2010-01-24 16:24:47 -05:00
Peter Palfrader
256861023e Handle errors reported by fwrite() in dump_microdescriptor()
Does not deal with error handling in dump_microdescriptor's callers.
2010-01-24 15:05:20 -05:00
Nick Mathewson
0552deb613 Merge commit 'origin/maint-0.2.1'
Resolved conflicts in:
	configure.in
	src/or/Makefile.am
	src/tools/Makefile.am
2010-01-24 15:03:45 -05:00
Nick Mathewson
b6038f4ac6 Add --enable-static-(openssl|libevent) options
These options only work when using --with-(openssl|libevent)-dir to
explicitly pick a libevent or openssl location.
2010-01-24 14:34:47 -05:00
Nick Mathewson
3b4b6009a0 Merge remote branch 'origin/maint-0.2.1' 2010-01-23 20:46:57 -05:00
Nick Mathewson
aec4aea190 Fix two rare leaks spotted by rieo. 2010-01-23 20:46:38 -05:00
Nick Mathewson
4ad5094c90 Avoid a possible crash in tls_log_errors.
We were checking for msg==NULL, but not lib or proc.  This case can
only occur if we have an error whose string we somehow haven't loaded,
but it's worth coding defensively here.

Spotted by rieo on IRC.
2010-01-22 16:32:15 -05:00
Nick Mathewson
d4354b506b Don't use OutboundBindAddress to connect to localhost
The OutboundBindAddress option is useful for making sure that all of
your outbond connections use a given interface.  But when connecting
to 127.0.0.1 (or ::1 even) it's important to actually have the
connection come _from_ localhost, since lots of programs running on
localhost use the source address to authenticate that the connection
is really coming from the same host.

Our old code always bound to OutboundBindAddress, whether connecting
to localhost or not.  This would potentially break DNS servers on
localhost, and socks proxies on localhost.  This patch changes the
behavior so that we only look at OutboundBindAddress when connecting
to a non-loopback address.
2010-01-20 13:09:10 -05:00
Roger Dingledine
c939509051 bump to 0.2.2.7-alpha 2010-01-19 17:59:33 -05:00
Roger Dingledine
8d84b4bfa1 Merge branch 'maint-0.2.1'
Conflicts:

	ChangeLog
2010-01-19 17:54:41 -05:00
Roger Dingledine
1fc94bfd0e spread guard rotation out throughout the month 2010-01-19 17:52:52 -05:00
Roger Dingledine
0642ab2428 weight guard choice by bandwidth; discard old guards 2010-01-19 17:30:52 -05:00
Roger Dingledine
37ca182c7e Merge branch 'maint-0.2.1' into master
Conflicts:

	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-01-19 14:51:39 -05:00
Roger Dingledine
f43f87db5b bump to 0.2.1.22, and give it a changelog 2010-01-19 14:43:05 -05:00
Roger Dingledine
708f47ecc9 downgrade a warning
this case can now legitimately happen, if you have a cached v2 status
from moria1, and you run with the new list of dirservers that's missing
the old moria1. it's nothing to worry about; the file will die off in
a month or two.
2010-01-19 14:25:15 -05:00
Roger Dingledine
adae600715 rotate keys for moria1 and gabelmoo 2010-01-19 14:12:39 -05:00
Sebastian Hahn
4728bd904f Fix build on Solaris by disabling support for DisableAllSwap
Fixes bug 1198. Solaris doesn't have RLIMIT_MEMLOCK for get/setrlimit,
so disable support because we don't know if all memory can be locked.
2010-01-19 05:04:50 +01:00
Michael Witten
a5e83769b7 Build Bug: -lm should come after passing ../common/libor.a to linker
The following commit:

    commit e56747f9cf
    Author: Nick Mathewson <nickm@torproject.org>
    Date:   Tue Dec 15 14:32:55 2009 -0500

        Refactor a bit so that it is safe to include math.h, and mostly not needed.

introduced this line:

    tor_resolve_LDADD = -lm ../common/libor.a @TOR_LIB_WS32@

which caused the build to fail, because only ../common/libor.a
(via the embedded ../common/util.o via ../common/util.c)
referenced libm's `lround' and `log' symbols, so that the
linker (GNU ld) didn't bother to import those symbols before
reading ../common/libor.a, thus leaving those symbols undefined.

The solution was to swap the order, producing the line:

    tor_resolve_LDADD = ../common/libor.a -lm @TOR_LIB_WS32@

Signed-off-by: Michael Witten <mfwitten@gmail.com>
2010-01-18 22:10:06 -05:00
Sebastian Hahn
c32e8c292e Log a notice when we get a new control connection 2010-01-18 19:14:36 -05:00
Roger Dingledine
79eaeef1cd stop bridge authorities from leaking their bridge list 2010-01-17 19:41:22 -05:00
Nick Mathewson
571c94a735 Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-01-16 16:29:54 -05:00
Roger Dingledine
b9f1bd3c4e whitespace fixes 2010-01-15 15:58:35 -05:00
Roger Dingledine
f1d74f611d fix an impossible-to-actually-trigger overflow in descriptor generation 2010-01-15 15:56:54 -05:00
Roger Dingledine
0450813227 resolve path weighting edge case; fixes bug 1203 2010-01-15 15:56:54 -05:00
Roger Dingledine
50e8210943 trivial cleanups 2010-01-15 15:56:54 -05:00
Roger Dingledine
f22c063067 remove redundant validate_addr_policies() checks 2010-01-15 15:56:53 -05:00
Roger Dingledine
fd5eb23c29 don't warn if stats/bridge-stats is missing
if we try to read it to publish stats and it's not there,
that means there are no stats to publish.

reported by swisstorexit.
2010-01-15 15:56:53 -05:00
Roger Dingledine
356c927476 don't list windows capabilities in windows uname
we never used them, and maybe it's a bad idea to publish them
2010-01-15 15:56:53 -05:00
Roger Dingledine
8cba62cc2a don't div by 0 during path selection 2010-01-02 13:13:30 -05:00
Roger Dingledine
485fa5c425 when loading bridge stats, mkdir $datadir/stats first 2010-01-02 09:28:19 -05:00
Roger Dingledine
4d71d43772 add config options to override.
somebody should add man page entries.
2009-12-29 23:13:03 -05:00
Roger Dingledine
f255272f45 add separate per-conn write limiting 2009-12-29 22:25:02 -05:00
Sebastian Hahn
9a07f30b90 Authorities now support conditional consensuses
Mark them this way in add_trusted_dir_server
2009-12-25 16:35:47 +01:00
Sebastian Hahn
51c00dbdec Remove some old, commented out code 2009-12-25 16:35:47 +01:00
Sebastian Hahn
9f1618b518 Remove online config descriptions.
They weren't in sync with reality nor manpage, and only useful to a human
who could simply have checked the manpage.
2009-12-25 16:35:47 +01:00
Sebastian Hahn
03da1af9ca Fix a typo 2009-12-25 16:33:56 +01:00
Roger Dingledine
2ef988c065 New consensus params "bwconnrate" and "bwconnburst"
...to let us
rate-limit client connections as they enter the network. It's
controlled in the consensus so we can turn it on and off for
experiments. It's starting out off. Based on proposal 163.
2009-12-23 04:56:24 -05:00
Roger Dingledine
7d832cc988 make the os x tiger compiler shut up
it's wrong, but that's our problem not its problem
2009-12-21 04:58:03 -05:00
Roger Dingledine
937607056b a changelog and doc fixes for the strictnodes work 2009-12-21 04:38:49 -05:00
Roger Dingledine
22e07b4ead fix compile 2009-12-21 03:52:34 -05:00
Roger Dingledine
2138b05f17 Use nodes in ExitNodes even if they're not fast/stable 2009-12-21 03:52:33 -05:00
Roger Dingledine
cc73bc3853 Use nodes in EntryNodes even if they're not fast/stable 2009-12-21 03:52:33 -05:00
Roger Dingledine
7346804ec6 instrument entry_is_live to tell why our guard isn't live 2009-12-21 03:52:33 -05:00
Roger Dingledine
ef81649d2f Be more willing to use an unsuitable circuit for exit.
Specifically, there are two cases: a) are we willing to start a new
circuit at a node not in your ExitNodes config option, and b) are we
willing to make use of a circuit that's already established but has an
unsuitable exit.

Now we discard all your circuits when you set ExitNodes, so the only
way you could end up with an exit circuit that ends at an unsuitable
place is if we explicitly ran out of exit nodes, StrictNodes was 0,
and we built this circuit to solve a stream that needs solving.

Fixes bug in dc322931, which would ignore the just-built circuit because
it has an unsuitable exit.
2009-12-21 03:52:32 -05:00
Roger Dingledine
c75a2eea60 Abandon circs if the user changes Exclude*Nodes
If ExcludeNodes or ExcludeExitNodes changes on a config reload,
mark and discard all our origin circuits.
2009-12-21 03:52:32 -05:00
Roger Dingledine
f2c51cb998 comments and cleanups, no actual changes 2009-12-21 03:52:32 -05:00
Roger Dingledine
1a65bdd232 Make EntryNodes config option much more aggressive.
Before it would prepend your requested entrynodes to your list of guard
nodes, but feel free to use others after that. Now it chooses only
from your EntryNodes if any of those are available, and only falls back
to others if a) they're all down and b) StrictNodes is not set.

Also, now we refresh your entry guards from EntryNode at each consensus
fetch (rather than just at startup and then they slowly rot as the
network changes).

The goal here is to make users less likely to set StrictNodes, since
it's doing closer to what they expect it should be doing.
2009-12-21 03:52:31 -05:00
Roger Dingledine
580066f2f6 Switch to a StrictNodes config option.
This is step one of handling ExcludedNodes better. This first
step is just to make EntryNodes and ExitNodes do what they did
before.
2009-12-21 03:52:31 -05:00
Roger Dingledine
5201e05fc5 bump to 0.2.1.21 so we can release 2009-12-21 03:22:49 -05:00
Roger Dingledine
5fee54a50f fix some typos 2009-12-19 05:12:00 -05:00
Nick Mathewson
05a2473b7f Merge branch 'ewma' 2009-12-18 22:33:02 -05:00
Nick Mathewson
7edae58984 Merge commit 'karsten/fix-bridge-stats-master-4' 2009-12-18 14:16:41 -05:00
Karsten Loesing
3a5a728d4a Permit an empty "bridge-ips" line when parsing bridge stats. 2009-12-18 13:29:51 +01:00
Karsten Loesing
f80672d747 Remove duplicate words and a duplicate newline. 2009-12-18 12:55:05 +01:00
Nick Mathewson
235f1e1a96 Refactor out the 'find string at start of any line' logic.
We do this in too many places throughout the code; it's time to start
clamping down.

Also, refactor Karsten's patch to use strchr-then-strndup, rather than
malloc-then-strlcpy-then-strchr-then-clear.
2009-12-17 18:29:37 -05:00
Karsten Loesing
498c293afe Make changes to latest bridge-stats fixes as suggested by Nick. 2009-12-17 11:20:31 +01:00
Karsten Loesing
e1e5c1b3ab Fix bridge statistics.
Fix statistics on client numbers by country as seen by bridges that were
broken in 0.2.2.1-alpha. Also switch to reporting full 24-hour intervals
instead of variable 12-to-48-hour intervals.
2009-12-17 09:22:55 +01:00
Karsten Loesing
d38268a8c7 Remove v0 hidden service statistics code.
The HSAuthorityRecordStats option was used to track statistics of overall
hidden service usage on the version 0 hidden service authorities. With the
version 2 hidden service directories being deployed and version 0
descriptors being phased out, these statistics are not as useful anymore.

Goodbye, you fine piece of software; my first major code contribution to
Tor.
2009-12-17 09:15:06 +01:00
Nick Mathewson
62c2a5a883 Merge commit 'karsten/fix-cell-stats'
Conflicts:
	ChangeLog
2009-12-16 21:59:25 -05:00
Nick Mathewson
350181529e Merge branch 'safelogging2'
Conflicts:
	ChangeLog
2009-12-15 17:26:09 -05:00
Nick Mathewson
fcbd65b45c Refactor the safe_str_*() API to make more sense.
The new rule is: safe_str_X() means "this string is a piece of X
information; make it safe to log."  safe_str() on its own means
"this string is a piece of who-knows-what; make it safe to log".
2009-12-15 17:25:34 -05:00
Nick Mathewson
616cbb31c7 Merge commit 'origin/maint-0.2.1' 2009-12-15 17:11:40 -05:00
Nick Mathewson
3b896195cb Stop using lround in or.h, and check for bad values of RECENT_CIRCUITS 2009-12-15 17:11:27 -05:00
Nick Mathewson
1c87a27574 Fix bug 1173: remove an assert(unsigned >= 0). 2009-12-15 15:51:59 -05:00
Nick Mathewson
d42c689b8e Merge commit 'sebastian/coverity' 2009-12-15 14:50:49 -05:00
Nick Mathewson
5db4b96089 Merge branch 'mathlog' 2009-12-15 14:42:09 -05:00
Nick Mathewson
e56747f9cf Refactor a bit so that it is safe to include math.h, and mostly not needed. 2009-12-15 14:40:49 -05:00
Nick Mathewson
60b01c6d5e Change interface for configuring cell ewma algorithm.
The rule is now: take the value from the CircuitPriorityHalflife
config option if it is set.  If it zero, disable the cell_ewma
algorithm.  If it is set, use it to calculate the scaling factor.
If it is not set, look for a CircPriorityHalflifeMsec parameter in the
consensus networkstatus.  If *that* is zero, then disable the cell_ewma
algorithm; if it is set, use it to calculate the scaling factor.
If it is not set at all, disable the algorithm.
2009-12-15 13:58:24 -05:00
Nick Mathewson
296381eda0 Merge commit 'sebastian/ewma2' into ewma
Conflicts:
	src/or/relay.c
2009-12-15 13:23:27 -05:00
Nick Mathewson
1292a9ddfe Fix various comment typos in ewma patch; found by arma. 2009-12-15 13:20:22 -05:00
Nick Mathewson
2c672f73bf Fix comment typos in container.c 2009-12-15 13:20:02 -05:00
Sebastian Hahn
d384f5e1ed Fix compile warning on Panther.
Apparently Panther doesn't like comparing ints and enums
2009-12-14 10:07:20 +01:00
Sebastian Hahn
182c583497 Remove some dead code found by coverity, cid 404
In connection_dir_client_reached_eof, we make sure that we either
return when we get an http status code of 503 or handle the problem
and set it to 200. Later we check if the status code is 503. Remove
that check.
2009-12-14 09:53:31 +01:00
Sebastian Hahn
27b7746c51 Fix Snow Leopard compile and a codestyle violation
When calculating the current tick, cap (tv_sec / EWMA_TICK_LEN) to an unsigned int.
2009-12-14 05:17:45 +01:00
Nick Mathewson
06e8370c33 Optimize cell-ewma circuit priority algorithm.
There are two big changes here:
  - We store active circuits in a priority queue for each or_conn,
    rather than doing a linear search over all the active circuits
    before we send each cell.
  - Rather than multiplying every circuit's cell-ewma by a decay
    factor every time we send a cell (thus normalizing the value of a
    current cell to 1.0 and a past cell to alpha^t), we instead
    only scale down the cell-ewma every tick (ten seconds atm),
    normalizing so that a cell sent at the start of the tick has
    value 1.0).
2009-12-13 21:05:53 -05:00
Roger Dingledine
f7d99b62a3 New controller command "getinfo config-text"
It returns the contents that Tor would write if you send it a SAVECONF
command, so the controller can write the file to disk itself.
2009-12-13 19:21:06 -05:00
Nick Mathewson
c43fee131d Adjust EWMA patch to conform to whitespace style. 2009-12-12 19:06:38 -05:00
Can Tang
d3be00e0f4 Favor quiet circuits when choosing which order to relay cells in.
Each circuit is ranked in terms of how many cells from it have been
relayed recently, using a time-weighted average.

This patch has been tested this on a private Tor network on PlanetLab,
and gotten improvements of 12-35% in time it takes to fetch a small
web page while there's a simultaneous large data transfer going on
simultaneously.

[Commit msg by nickm based on mail from Ian Goldberg.]
2009-12-12 19:06:38 -05:00
Nick Mathewson
c210db0d41 Enhance pqueue so we can remove items from the middle.
This changes the pqueue API by requiring an additional int in every
structure that we store in a pqueue to hold the index of that structure
within the heap.
2009-12-12 19:06:38 -05:00
Nick Mathewson
d086c9a7f7 Merge commit 'sebastian/fixes' 2009-12-12 02:10:57 -05:00
Nick Mathewson
9e6225ae16 Merge commit 'sebastian/coverity' 2009-12-12 02:10:19 -05:00
Nick Mathewson
0c1b3070cf Now that FOO_free(NULL) always works, remove checks before calling it. 2009-12-12 02:07:59 -05:00
Nick Mathewson
79f72d0ef6 Make rend_cache_entry_free() typecheck when possible. 2009-12-12 01:31:35 -05:00
Nick Mathewson
a8190b09a3 Cache the parsed value of SafeLogging as an enum. 2009-12-12 01:12:47 -05:00
Sebastian Hahn
3807db001d *_free functions now accept NULL
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.

This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
2009-12-12 03:29:44 +01:00
Sebastian Hahn
28b29e0fd7 Fix typo in a comment 2009-12-12 02:53:27 +01:00
Sebastian Hahn
f258647433 Allow SafeLogging to exclude client related information 2009-12-12 02:26:11 +01:00
Nick Mathewson
b51a33e527 Merge commit 'origin/maint-0.2.1' 2009-12-04 14:31:17 -05:00
Martin Peck
3a2d677fa7 Improved workaround for disabled OpenSSL renegotiation.
It turns out that OpenSSL 0.9.8m is likely to take a completely
different approach for reenabling renegotiation than OpenSSL 0.9.8l
did, so we need to work with both. :p   Fixes bug 1158.

(patch by coderman; commit message by nickm)
2009-12-04 14:25:08 -05:00
Karsten Loesing
16fbb2f745 Minor fix to buffer stats.
Do not segfault when writing buffer stats when we haven't observed a
single circuit to report about.  This is a minor bug that would only show
up in testing environments with no traffic and with reduced stats
intervals.
2009-12-03 10:51:51 +01:00
Roger Dingledine
cee9a28d1e Merge commit 'origin/maint-0.2.1' 2009-11-23 10:16:38 -05:00
Roger Dingledine
a89f51c936 fix race condition that can cause crashes at client or exit relay
Avoid crashing if the client is trying to upload many bytes and the
circuit gets torn down at the same time, or if the flip side
happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
2009-11-23 10:13:50 -05:00
Roger Dingledine
403f99eaa4 add a minimum for CircuitStreamTimeout, plus a man page
plus some other unrelated touchups that have been sitting in my
sandbox
2009-11-22 07:15:30 -05:00
Roger Dingledine
7f3f88bed3 New config option "CircuitStreamTimeout"
New config option "CircuitStreamTimeout" to override our internal
timeout schedule for how many seconds until we detach a stream from
a circuit and try a new circuit. If your network is particularly
slow, you might want to set this to a number like 60.
2009-11-21 23:36:36 -05:00
Roger Dingledine
fdd58f3bd5 If somebody tries to overflow my dirport, don't log his IP by default.
aka Fix an instance where a Tor directory mirror might accidentally
log the IP address of a misbehaving Tor client. Bugfix on
0.1.0.1-rc.
2009-11-21 23:09:24 -05:00
Roger Dingledine
4f8b36a1e2 clobber connections with different number than we clobber circuits 2009-11-21 23:02:10 -05:00
Roger Dingledine
7b6b931ccc stop assuming that our downcasts have a struct offset of 0
shouldn't actually change anything, but who knows.
2009-11-21 22:59:18 -05:00
Roger Dingledine
01a9cc0413 bump to 0.2.2.6-alpha-dev 2009-11-21 22:57:05 -05:00
Nick Mathewson
2b1bb233b3 Use the same mlockall checks with tor_set_max_memlock 2009-11-20 14:45:29 -05:00
Nick Mathewson
444eff6286 Fix compilation on OSX 10.3.
On this OSX version, there is a stub mlockall() function
that doesn't work, *and* the declaration for it is hidden by
an '#ifdef _P1003_1B_VISIBLE'.  This would make autoconf
successfully find the function, but our code fail to build
when no declaration was found.

This patch adds an additional test for the declaration.
2009-11-20 13:28:16 -05:00
Roger Dingledine
1ee580407c bump to 0.2.2.6-alpha 2009-11-19 14:16:11 -05:00
Nick Mathewson
9be682942c Not everybody likes debugging printfs as much as I 2009-11-18 11:26:44 -05:00
Nick Mathewson
e722ffa605 Do not report a partially-successful detached signature add as failed.
Also, regenerate the detached-signature document whenever any signatures are
successfully added.
2009-11-17 14:24:59 -05:00
Roger Dingledine
2ebd22152e only complain when rejecting a descriptor if it has contact info 2009-11-17 07:39:15 -05:00
Jacob Appelbaum
6f1fe7e941 Fix compilation with with bionic libc.
This fixes bug 1147:

 bionic doesn't have an actual implementation of mlockall();
 mlockall() is merely in the headers but not actually in the library.
 This prevents Tor compilation with the bionic libc for Android handsets.
2009-11-14 16:45:14 -05:00
Roger Dingledine
22f674fcb8 Fix a memory leak on directory authorities during voting
Fix a memory leak on directory authorities during voting that was
introduced in 0.2.2.1-alpha. Found via valgrind.
2009-11-12 01:31:26 -05:00
Nick Mathewson
69c0147ea6 Fix building from a separate build directory. 2009-11-08 00:38:46 -05:00
Nick Mathewson
0a58567ce3 Merge commit 'origin/maint-0.2.1'
Conflicts:
	src/common/tortls.c
2009-11-06 15:24:52 -05:00
Nick Mathewson
ce0a89e262 Make Tor work with OpenSSL 0.9.8l
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default.  We are not affected by this security problem, however,
since we do renegotiation right.  (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.

Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.

For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done.  There's no way to exploit a second handshake
either, but we might as well not allow it.
2009-11-05 18:13:08 -05:00
Nick Mathewson
eb1faf8a0a Fix a URL in a log message. 2009-11-04 11:39:10 -05:00
Sebastian Hahn
f1b7295b27 Disallow command line keywords with more than two dashes as prefix.
This might help fix cid 422, where coverity fails to notice that
argv strings are null-escaped.
2009-10-27 17:50:24 +01:00
Sebastian Hahn
b0e8c33617 Make it more obvious for coverity that cid 404 is not dead code 2009-10-27 14:19:32 +01:00
Jacob Appelbaum
2aac39a779 Implement DisableAllSwap to avoid putting secret info in page files.
This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.

Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
2009-10-27 04:28:40 -04:00
Karsten Loesing
56c2385157 Fix bug 1113.
Bridges do not use the default exit policy, but reject *:* by default.
2009-10-27 01:03:41 -07:00
Roger Dingledine
8c34e79263 Merge commit 'karsten/log-1092' 2009-10-27 02:26:58 -04:00
Karsten Loesing
c8b27a8e9e Improve log statement when publishing v2 hs desc. 2009-10-26 23:09:10 -07:00
Karsten Loesing
19ddee5582 Fix bug 1042.
If your relay can't keep up with the number of incoming create cells, it
would log one warning per failure into your logs. Limit warnings to 1 per
minute.
2009-10-26 22:49:43 -07:00
Sebastian Hahn
70abd843fd crypto_cipher_set_key cannot fail
In 5e4d53d535 we made it so that
crypto_cipher_set_key cannot fail. The call will now
always succeed, to returning a boolean for success/failure makes
no sense.
2009-10-27 04:31:23 +01:00
Nick Mathewson
54973a45a6 Fix an apparently bogus check; fortunately, it seems to be untriggered. 2009-10-26 23:14:53 -04:00
Nick Mathewson
311315e077 Fix an accidentally removed free in 385853a282, and repair a check. 2009-10-26 23:13:29 -04:00
Roger Dingledine
ad525685f6 Merge commit 'karsten/fix-1066-3' 2009-10-26 22:45:12 -04:00
Nick Mathewson
385853a282 Fix/annotate deadcode for CID 402,403 2009-10-26 22:40:41 -04:00
Nick Mathewson
134ac8059b Fix the very noisy unit test memory leak of CID 420-421.
On any failing case in test_util_config_line, we would leak a couple
of strings.
2009-10-26 22:40:41 -04:00
Nick Mathewson
caa141617f Fix dead code found by Coverity (CID 419).
This was left over from an early draft of the microdescriptor code; it
began to populate the signatures array of a networkstatus vote, even
though there's no actual need to do that for a vote.
2009-10-26 22:40:41 -04:00
Nick Mathewson
98cd8c5d16 Fix a very stupid coverity complaint (CID 416).
In its zeal to keep me from saying memset(x, '0', sizeof(x)), Coverity
disallows memset(x, 48, sizeof(x)).  Fine.  I'll choose a different
magic number, see if I care!
2009-10-26 22:40:41 -04:00
Nick Mathewson
5e4d53d535 Remove checks for array existence. (CID 410..415)
In C, the code "char x[10]; if (x) {...}" always takes the true branch of
the if statement.  Coverity notices this now.

In some cases, we were testing arrays to make sure that an operation
we wanted to do would suceed.  Those cases are now always-true.

In some cases, we were testing arrays to see if something was _set_.
Those caes are now tests for strlen(s), or tests for
!tor_mem_is_zero(d,len).
2009-10-26 22:40:41 -04:00
Nick Mathewson
cec698d29e Fix CID 409: check return value of base64_encode in tests 2009-10-26 22:40:41 -04:00
Nick Mathewson
a457cd91fa Clarification to suppress Coverity CID 405.
Every or conn has an outbuf, but coverity has no way of knowing that.
Add an assert to ease its conscience.
2009-10-26 22:40:40 -04:00
Nick Mathewson
8519d36633 Merge commit 'origin/maint-0.2.1' 2009-10-26 22:40:24 -04:00
Karsten Loesing
4256a96461 Fix bug 1066.
If all authorities restart at once right before a consensus vote, nobody
will vote about "Running", and clients will get a consensus with no usable
relays. Instead, authorities refuse to build a consensus if this happens.
2009-10-26 19:27:54 -07:00
Nick Mathewson
5c73da7faa Fix two memory leaks found by Coverity (CIDs 417-418)
The first happens on an error case when a controller wants an
impossible directory object.  The second happens when we can't write
our fingerprint file.
2009-10-26 22:12:40 -04:00
Nick Mathewson
8bada1ef67 Add missing break statements for Coverity CIDs #406,407.
The code for these was super-wrong, but will only break things when we
reset an option on a platform where sizeof(time_t) is different from
sizeof(int).
2009-10-26 21:35:26 -04:00
Nick Mathewson
071521e02f Merge commit 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
2009-10-26 20:15:03 -04:00
Nick Mathewson
56048637a5 Only send the if_modified_since header for a v3 consensus.
Spotted by xmux; bugfix on 0.2.0.10-alpha.
(Bug introduced by 20b10859)
2009-10-26 20:14:11 -04:00
Karsten Loesing
d2b4b49ff0 Reduce log level for someone else sending us weak DH keys.
See task 1114. The most plausible explanation for someone sending us weak
DH keys is that they experiment with their Tor code or implement a new Tor
client. Usually, we don't care about such events, especially not on warn
level. If we really care about someone not following the Tor protocol, we
can set ProtocolWarnings to 1.
2009-10-25 23:47:05 -07:00
Roger Dingledine
fa23430496 clean up the XXX comments around bug 1038 2009-10-26 01:32:27 -04:00
Nick Mathewson
afc76a4e71 Fix two bugs found by Coverity scan.
One was a simple buffer overrun; the other was a high-speed pointer
collision.  Both were introduced by my microdescs branch.
2009-10-19 23:19:42 -04:00
Nick Mathewson
f629687053 Merge branch 'microdesc' 2009-10-19 00:45:47 -04:00
Nick Mathewson
465d4e1cd1 Document some formerly undocumented functions. 2009-10-19 00:30:52 -04:00
Sebastian Hahn
740806c453 Fix compile with warnings problems on Snow Leopard 2009-10-19 01:30:46 +02:00
Nick Mathewson
bb22d8fc45 Add functions to serve microdescs and flavored consensuses. 2009-10-18 18:46:12 -04:00
Nick Mathewson
200c39b66c Document the microdescriptor code better. 2009-10-18 18:46:12 -04:00
Nick Mathewson
d61b5df9c1 Fix various bugs in microdescriptor caching. 2009-10-18 18:46:07 -04:00
Nick Mathewson
e26a79ca8a Make start_writing_to_stdio_file() respect O_BINARY. 2009-10-15 15:17:13 -04:00
Nick Mathewson
851a980065 Actually remember all the consensus types when we are done generating them. 2009-10-15 15:17:13 -04:00
Nick Mathewson
a19981725d Parse detached signatures and microdesc networkstatuses correctly. 2009-10-15 15:17:13 -04:00
Nick Mathewson
3471057486 Implement signatures for microdesc consensuses right.
This means we need to handle the existence of multiple flavors of signature
in a detached signatures document, generate them correctly, and so on.
2009-10-15 15:17:13 -04:00
Nick Mathewson
d9c71816b1 Generate all the flavors of consensuses when building consensuses. 2009-10-15 15:17:13 -04:00
Nick Mathewson
5576a3a094 Parse detached signature documents with multiple flavors and algorithms. 2009-10-15 15:17:13 -04:00
Nick Mathewson
3b2fc659a8 Refactor consensus signature storage for multiple digests and flavors.
This patch introduces a new type called document_signature_t to represent the
signature of a consensus document.  Now, each consensus document can have up
to one document signature per voter per digest algorithm.  Also, each
detached-signatures document can have up to one signature per <voter,
algorithm, flavor>.
2009-10-15 15:17:13 -04:00
Nick Mathewson
e1ddee8bbe Code to generate, store, and parse microdescriptors and consensuses.
The consensus documents are not signed properly, not served, and not
exchanged yet.
2009-10-15 15:17:13 -04:00
Nick Mathewson
a8e92ba8fd Add a function to get the most frequent member of a list. 2009-10-15 15:17:13 -04:00
Nick Mathewson
a7ba02f3f1 Add ability to parse one or more m line from a vote. 2009-10-15 15:17:13 -04:00
Nick Mathewson
bdf4839395 Functions to encode microdescriptors and their lines. 2009-10-15 15:17:12 -04:00
Nick Mathewson
c5f7f04aff Allow signed data to include other hashes later.
Previously, we insisted that a valid signature must be a signature of
the expected digest.  Now we accept anything that starts with the
expected digest.  This lets us include another digest later.
2009-10-15 15:17:12 -04:00
Nick Mathewson
15f4e9600c Signature-checking code can handle longer digests. 2009-10-15 15:17:12 -04:00
Nick Mathewson
8b2f6b27fd Make signature-generation code handle different key and digest lengths. 2009-10-15 15:17:12 -04:00
Nick Mathewson
8d41e6c471 Support for encoding and decoding 256-bit digests in base64 2009-10-15 15:17:12 -04:00
Nick Mathewson
5ef97ddd42 Merge commit 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/or/config.c
	src/win32/orconfig.h
2009-10-15 12:33:22 -04:00
Roger Dingledine
16dc543851 bump to 0.2.1.20 2009-10-15 12:14:18 -04:00
Roger Dingledine
2bee297d57 Move moria1 and Tonga to alternate IP addresses. 2009-10-15 12:14:18 -04:00
Roger Dingledine
2394336426 read the "circwindow" parameter from the consensus
backport of c43859c5c1
backport of 0d13e0ed14
2009-10-14 17:07:32 -04:00
Nick Mathewson
83c3f118db Code to parse and access network parameters.
Partial backport of 381766ce4b.
Partial backport of 56c6d78520.
2009-10-14 16:15:41 -04:00
Nick Mathewson
71cdd99dd7 Another event2 evdns fix. 2009-10-13 18:57:25 -04:00
Nick Mathewson
81eee0ecff Fix a crash when using evdns from Libevent 2.
When we tried to use the deprecated non-threadsafe evdns
interfaces in Libevent 2 without using the also-deprecated
event_init() interface, Libevent 2 would sensibly crash, since it
has no guess where to find the Libevent library.

Here we use the evdns_base_*() functions instead if they're
present, and fake them if they aren't.
2009-10-13 17:54:04 -04:00
Roger Dingledine
4b55ef26c9 bump to 0.2.2.5-alpha-dev 2009-10-12 15:28:29 -04:00
Nick Mathewson
da990d09c3 Merge commit 'public/android' 2009-10-11 23:30:19 -04:00
Roger Dingledine
9d6c79cbbb fix compile on windows 2009-10-11 17:23:47 -04:00
Roger Dingledine
255245a289 bump to 0.2.2.5-alpha 2009-10-11 14:59:20 -04:00
Roger Dingledine
6265b9f09d Move dizum to an alternate IP address. 2009-10-11 14:59:14 -04:00
Peter Palfrader
c4a5e06098 Ship test.h in release
The test suite need the test.h file to build. Add it to
noinst_HEADERS in the Makefile.am so it gets included
in the tarball that make dist produces.
2009-10-11 10:44:16 -04:00
Peter Palfrader
2f760c5461 Fix testsuite call.
tinytest_main() returns 0 on success, -1 on errors and 1 on test
failures.  So test.c should check on !=0 instead of <0.
2009-10-10 18:58:54 -04:00
Roger Dingledine
a9e0e2f819 bump to 0.2.2.4-alpha 2009-10-10 17:29:44 -04:00
Nick Mathewson
5a6575c2d4 Don't set unreachable from dirvote unless we've been running a while.
This is a possible fix for bug 1023, where if we vote (or make a v2
consensus networkstatus) right after we come online, we can call
rep_hist_note_router_unreachable() on every router we haven't connected
to yet, and thereby make all their uptime values reset.
2009-10-10 15:23:00 -04:00
Roger Dingledine
1c62b9d5fa fix a bug where we were decrementing the wrong bucket
i think this doesn't actually affect anything, since linked
conns usually don't impact buckets
2009-10-10 14:52:41 -04:00
Roger Dingledine
746a19e84d remove some dead code. some of it was tickling coverity. 2009-10-10 13:39:41 -04:00
Sebastian Hahn
e35f9414d6 Fix a memleak when throwing away some build times
This was introduced in f7e6e852e8.
Found by Coverity
2009-10-10 13:41:44 +02:00
Mike Perry
18689317e4 Tweak an assert that shouldn't fire either way.
There were however other places where we used to call this
function that might have caused this to fire. Better
safe than sorry now.
2009-10-07 13:05:28 -07:00
Mike Perry
ec05e64a68 Tweak values for when to discard all of our history.
This seems to be happening to me a lot on a garbage DSL line.
We may need to come up with 2 threshholds: a high short onehop
count and a lower longer count.
2009-10-07 12:49:13 -07:00
Mike Perry
b918cd8f04 Remove another overzealous assert.
Pretimeouts may have build time data, just no timeout data.
2009-10-07 12:24:40 -07:00
Roger Dingledine
b4e0d09202 try to stem the 'sea of fail' 2009-10-01 05:35:24 -04:00
Roger Dingledine
9325b9269c Ignore one-hop circuits for circuit timeout calc
Don't count one-hop circuits when we're estimating how long it
takes circuits to build on average. Otherwise we'll set our circuit
build timeout lower than we should. Bugfix on 0.2.2.2-alpha.
2009-10-01 04:15:45 -04:00
Roger Dingledine
b9e8f0a013 Move Tonga to an alternate IP address 2009-09-30 22:35:05 -04:00
Roger Dingledine
69ecc127e9 Move moria1 to a nearby IP address 2009-09-30 18:46:55 -04:00
Roger Dingledine
53a7636a05 Dir auths reject relays running < Tor 0.1.2.14
Directory authorities now reject Tor relays with versions less than
0.1.2.14. This step cuts out four relays from the current network,
none of which are very big.
2009-09-30 18:34:21 -04:00
Mike Perry
f7e6e852e8 Fix 1108: Handle corrupt or large build times state.
1108 was actually just a fencepost error in an assert,
but making the state file handling code resilient is a
good idea.
2009-09-29 14:07:04 -04:00
Nick Mathewson
d471795764 Make tor-gencert build on Android
Previously, tor-gencert would call RSA_generate_key() directly.
This won't work on Android, which removes the (deprecated since
OpenSSL 0.9.8) function.  We can't call RSA_generate_key_ex()
unconditionally either, since that didn't exist before 0.9.8.
Instead, we must call our own crypto_pk_generate_key_with_bits,
which knows how to call RSA_generate_key or RSA_generate_key_ex as
appropriate.

 [Based on patch by Nathan Freitas]
2009-09-29 00:53:43 -04:00
Nick Mathewson
cfba9c01bf Alter keygen function to generate keys of different lengths. 2009-09-29 00:53:25 -04:00
Nathan Freitas
76d26ae52d Disable OpenSSL engines when building for Android.
Apparently the Android developers dumped OpenSSL's support for hardware
acceleration in order to save some memory, so you can't build programs using
engines on Android.

[Patch revised by nickm]
2009-09-29 00:53:10 -04:00
Nathan Freitas
8c585cce39 Include util.h and log.h as relative paths.
This shouldn't be necessary, but apparently the Android cross-compiler
doesn't respect -I as well as it should.  (-I is supposed to add to the
*front* of the search path.  Android's gcc wrapper apparently likes to add to
the end.  This is broken, but we need to work around it.)
2009-09-29 00:52:52 -04:00
Nick Mathewson
2e70642c3a Whitespace fix 2009-09-28 23:50:57 -04:00
Roger Dingledine
768bc04feb fix two comment bugs for load_stats_file() 2009-09-28 23:25:23 -04:00
Roger Dingledine
b4709066c9 Merge commit 'karsten/fix-another-stats-bug' 2009-09-28 23:23:39 -04:00
Nick Mathewson
3e82981795 Fix some win32 compilation warnings 2009-09-28 19:56:36 -04:00
Karsten Loesing
94b57f9f36 Fix an issue with including stats in extra-info descriptors. 2009-09-28 15:20:21 +02:00
Nick Mathewson
008dc890d8 Improved fix for test_memeq_hex leak.
The earlier fix would only handle the success case.  In the failing
case, test_mem_op does a goto done, which would leave the leak leaking.
2009-09-27 12:07:33 -04:00
Sebastian Hahn
a24b9e6088 Fix a memleak
Found by coverity

test_mem_op_hex was leaking memory, which showed up in a few
tests.

Also, the dir_param test had a memleak of its own.

Found by Coverity
2009-09-27 12:02:35 -04:00
Sebastian Hahn
6a68b50597 Make sure we can't overflow in connection_ap_handshake_send_resolve
Found by Coverity
2009-09-27 12:02:02 -04:00
Nick Mathewson
a4d6d83051 Make a NULL check in test_dir.c non-redundant.
Should quiet a coverity warning.
2009-09-27 12:01:29 -04:00
Sebastian Hahn
7f1f6984da Fix memory leak
Some memory could be lost in the error case of
circuit_build_times_parse_state.

Found by Coverity
2009-09-27 12:00:02 -04:00
Nick Mathewson
0a438c7daf Describe how to regenerate the TLS state name table. 2009-09-25 15:15:06 -04:00
Roger Dingledine
891b3d8633 Merge branch 'master' of ssh://git.torproject.org/git/tor 2009-09-24 19:17:46 -04:00
Roger Dingledine
cbbd6f9263 Revert to the "June 3 2009" ip-to-country file.
The September one seems to have removed most US IP addresses.
2009-09-24 19:15:24 -04:00
Roger Dingledine
180a4b6a74 Merge commit 'karsten/stats-fixes-master' 2009-09-24 18:54:01 -04:00
Karsten Loesing
457bebe01a Fix a couple of smaller issues with gathering statistics.
- Avoid memmoving 0 bytes which might lead to compiler warnings.

- Don't require relays to be entry node AND bridge at the same to time to
  record clients.

- Fix a memory leak when writing dirreq-stats.

- Don't say in the stats files that measurement intervals are twice as long
  as they really are.

- Reduce minimum observation time for requests to 12 hours, or we might
  never record usage.

- Clear exit stats correctly after writing them, or we accumulate old stats
  over time.

- Reset interval start for buffer stats, too.
2009-09-24 21:58:56 +02:00
Nick Mathewson
a3f1da2ec0 Fix compilation on OpenSSLs with unusual state lists.
"Unusual" in this context means "not the same as nickm's."  We should grow a
better list later.

(Also, move TLS state table to a separate header.)
2009-09-24 13:00:28 -04:00
Nick Mathewson
b8b2935367 Debugging logs for TLS handshake
The big change is to add a function to display the current SSL handshake
state, and to log it everywhere reasonable.  (A failure in
SSL23_ST_CR_SRVR_HELLO_A is different from one in
SSL3_ST_CR_SESSION_TICKET_A.)

This patch also adds a new log domain for OR handshaking, so you can pull out
all the handshake log messages without having to run at debug for everything.
For example, you'd just say "log notice-err [handshake]debug-err file
tor.log".
2009-09-24 12:31:22 -04:00
Roger Dingledine
eed5cae9d1 downgrade a log notice at startup
This was the only log notice that happened during other
tor invocations, like --verify-config and --list-fingerprint.
Plus, now we think it works, so no need to hear about it.
2009-09-23 04:59:05 -04:00
Nick Mathewson
5f20b0849c Do not distribute tinytest_demo.c in the tarball 2009-09-23 00:24:43 -04:00
Nick Mathewson
cb52e17d3d Carve out unrelated parts of test_dir_formats 2009-09-23 00:24:43 -04:00
Nick Mathewson
fa693118b1 Split directory tests into their own module.
(Also, clean up some whitespace.)
2009-09-23 00:24:43 -04:00
Nick Mathewson
050545405a Split test_util() into smaller functions. 2009-09-23 00:24:43 -04:00
Nick Mathewson
d9d0813809 Split general util and address tests into their own files. 2009-09-23 00:24:43 -04:00
Nick Mathewson
d2857d524c Split container tests into their own module 2009-09-23 00:24:43 -04:00
Nick Mathewson
cea1225199 Split crypto tests into a separate module. 2009-09-23 00:24:43 -04:00
Sebastian Hahn
410f31e576 Remove a warning on ./autogen.sh 2009-09-23 00:24:43 -04:00
Nick Mathewson
da1aa66f70 Move testing code into new src/test directory. 2009-09-23 00:24:43 -04:00
Nick Mathewson
d4b54549b8 Refactor unit tests to use the tinytest framework.
"Tinytest" is a minimalist C unit testing framework I wrote for
Libevent.  It supports some generally useful features, like being able
to run separate unit tests in their own processes.

I tried to do the refactoring to change test.c as little as possible.
Thus, we mostly don't call the tinytest macros directly.  Instead, the
test.h header is now a wrapper on tinytest.h to make our existing
test_foo() macros work.

The next step(s) here will be:
  - To break test.c into separate files, each with its own test group.
  - To look into which things we can test
  - To refactor the more fiddly tests to use the tinytest macros
    directly and/or run forked.
  - To see about writing unit tests for things we couldn't previously
    test without forking.
2009-09-23 00:24:43 -04:00
Nick Mathewson
1c2d7732f0 Bump version to 0.2.2.3-alpha-dev 2009-09-23 00:24:37 -04:00
Roger Dingledine
8e3af72ed0 bump to 0.2.2.3-alpha, plus add a changelog for bug 1103 2009-09-22 22:15:56 -04:00
Roger Dingledine
0d13e0ed14 Be more robust to bad circwindow values
If the networkstatus consensus tells us that we should use a
negative circuit package window, ignore it. Otherwise we'll
believe it and then trigger an assert.

Also, change the interface for networkstatus_get_param() so we
don't have to lookup the consensus beforehand.
2009-09-22 22:09:33 -04:00
Nick Mathewson
6acfa31d59 Merge commit 'mikeperry/circuittimeout-1103' 2009-09-21 23:35:49 -04:00
Mike Perry
fd7454f9e3 Fix Bug 1103.
Don't pass in a quantile that is too high during pretimeout
calcualtion.
2009-09-21 20:01:20 -07:00
Nick Mathewson
52b75c9a55 Bump version to 0.2.2.2-alpha-dev 2009-09-21 15:51:08 -04:00
Roger Dingledine
54ba86d9d0 downgrade a log severity, since this event has been known
to happen and there's nothing the user can do about it
2009-09-21 03:32:28 -04:00
Roger Dingledine
3ddd7212e6 Update to the "September 4 2009" ip-to-country file. 2009-09-21 01:44:59 -04:00
Roger Dingledine
5488cda19a bump to 0.2.2.2-alpha 2009-09-21 01:31:39 -04:00
Roger Dingledine
fa63d47f83 Merge branch 'maint-0.2.1' 2009-09-20 23:53:03 -04:00
Roger Dingledine
95008db08d Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
This reverts commit dc3229313b.

We're going to do this more thoroughly in 0.2.2.x, and not in
maint-0.2.1.
2009-09-20 23:50:48 -04:00
Sebastian Hahn
772ce9d085 Fix compile on Snow Leopard 2009-09-20 23:17:00 -04:00
Nick Mathewson
93b33e15ab Fix build warnings on OSX 10.5.8 2009-09-20 23:01:43 -04:00
Mike Perry
134266b984 Change the condition on the nonlive timeout counting.
Try to clarify things in the comment too.
2009-09-20 18:20:10 -07:00
Mike Perry
e2cc4e353a Add a couple of time helper functions.
Also add rounding support to tv_mdiff().
2009-09-20 18:03:39 -07:00
Roger Dingledine
cf2afcd707 Fix typos and comments, plus two bugs
A) We were considering a circuit had timed out in the special cases
where we close rendezvous circuits because the final rendezvous
circuit couldn't be built in time.
B) We were looking at the wrong timestamp_created when considering
a timeout.
2009-09-20 19:50:44 -04:00
Mike Perry
f39bedf250 Implement and document new network liveness algorithm.
Based on irc discussion with arma.
2009-09-20 14:51:30 -07:00
Mike Perry
6700e528be Fix some precision-related asserts in unit tests.
Mostly by storing the timeout as milliseconds and not seconds
internally.
2009-09-20 14:43:45 -07:00
Roger Dingledine
cc53e7cb0e disable the end of circuitbuildtimeout units tests
until mike figures out some other way to make them pass reliably
2009-09-18 02:00:20 -04:00
Sebastian Hahn
335b67a354 Fix compile on freebsd 2009-09-18 02:43:45 +02:00
Roger Dingledine
67f280feb3 Let our config abbreviations rewrite more than once 2009-09-17 20:32:42 -04:00
Roger Dingledine
b02b11c4b4 a mish-mash of stuff in my sandbox 2009-09-17 01:58:39 -04:00
Roger Dingledine
ee89061ef2 give proposal 151 a changelog and other touchups 2009-09-17 01:42:33 -04:00
Roger Dingledine
feccaa5c83 Choose early circuit idle timeout better.
Don't discard all circuits every MaxCircuitDirtiness, because the
user might legitimately have set that to a very lower number.

Also don't use up all of our idle circuits with testing circuits,
since that defeats the point of preemptive circuits.
2009-09-17 01:41:47 -04:00
Nick Mathewson
4b10ba484b Merge commit 'origin/maint-0.2.1' 2009-09-17 00:42:41 -04:00
Nick Mathewson
9c38941195 Work around a memory leak in openssl 0.9.8g (and maybe others) 2009-09-17 00:01:20 -04:00
Nick Mathewson
b3991ea7d1 Merge commit 'karsten/fix-1073' into maint-0.2.1 2009-09-16 23:36:01 -04:00
Roger Dingledine
4850a3a75f Merge commit 'mikeperry/circuitbuildtimeout-final' 2009-09-16 21:43:31 -04:00
Mike Perry
43c18746bd Clarify use of magic number 0.98 with #define. 2009-09-16 18:41:22 -07:00
Roger Dingledine
926ca5befd Merge branch 'maint-0.2.1' 2009-09-16 21:28:49 -04:00
Roger Dingledine
7d838971dd Merge commit 'karsten/no-time-maint-0.2.1' 2009-09-16 20:45:01 -04:00
Roger Dingledine
9eb5edc093 Merge commit 'sebastian/specconformance' 2009-09-16 20:37:43 -04:00
Sebastian Hahn
1aac7de1ea Fix unit tests and compile issues on Snow Leopard 2009-09-16 17:22:21 -07:00
Mike Perry
e2c2fa7a1f Change liveness value to be a function of the timeout.
And also the number of recent circuits used to decide
when the network changes.
2009-09-16 17:20:34 -07:00
Mike Perry
e4e0ce94f0 Add log message so we have accurate build time values. 2009-09-16 17:20:34 -07:00
Mike Perry
5bd60d8a41 Address nickm's issues from his review #1. 2009-09-16 17:20:29 -07:00
Mike Perry
0352d43917 Move circuitbuildtimeout config check.
We want it to be under our control so it doesn't mess
up initialization. This is likely the cause for
the bug the previous assert-adding commit (09a75ad) was
trying to address.
2009-09-16 15:58:42 -07:00
Mike Perry
09a75ad316 Time for some debugging by asserts.
Got a negative timeout value on startup. Need to narrow it down.
2009-09-16 15:55:51 -07:00
Mike Perry
742e08046f Fix bugs relating to not counting timeouts as circuit builds.
Also use bin midpoints for time values.
2009-09-16 15:55:51 -07:00
Mike Perry
67cee75ca2 Document functions and constants. 2009-09-16 15:55:50 -07:00
Mike Perry
c9363df09f Remove an assert.
It seems to fire because of precision issues. Added
more debug info to the warn to try to figure out for sure.
2009-09-16 15:55:50 -07:00
Mike Perry
63be2df84f Fix issues found by arma in review. 2009-09-16 15:55:36 -07:00
Roger Dingledine
672e2f6908 space/indent cleanups, plus point out three bugs 2009-09-16 15:55:32 -07:00
Mike Perry
4b3bc714a3 Woops. Fix a couple memory leaks.
Also change the max timeout quantile to 0.98, so we can
avoid huge synthetic timeout values.
2009-09-16 15:54:37 -07:00
Karsten Loesing
b508e4748f Remove trailing spaces. As if bytes were free...
Also correct some typos.
2009-09-16 15:52:05 -07:00
Mike Perry
535423a3bb Resolve mode ties in favor of the higher (slower) mode. 2009-09-16 15:52:04 -07:00
Mike Perry
8210336182 More detail for some log msgs. 2009-09-16 15:52:04 -07:00
Mike Perry
6eba08e22f Use our variable directly for timeout.
Using CircuitBuildTimeout is prone to issues with SIGHUP, etc.
Also, shuffle the circuit build times array after loading it
in so that newer measurements don't replace chunks of
similarly timed measurements.
2009-09-16 15:52:04 -07:00
Mike Perry
fca8446949 Fix a couple of assert bugs. 2009-09-16 15:52:03 -07:00
Mike Perry
c4e6b3eadb Fix timeout edge case when we get enough samples.
Also switch Xm calculation to mode, not min.
2009-09-16 15:52:03 -07:00
Mike Perry
95735e5478 Fix the math.h log() conflict.
It was compiling, but causing segfaults.

Also, adjust when the timer starts for new test circs
and save state every 25 circuits.
2009-09-16 15:51:17 -07:00
Mike Perry
7ac9a66c8f Recover from changing network connections.
Also add code to keep creating circuits every minute until we
hit our minimum threshhold.
2009-09-16 15:51:16 -07:00
Mike Perry
411b60325b Factor out the pretimeout handling code.
We need to also call it if we're going to calculate alpha
after a normal circuit build.
2009-09-16 15:51:15 -07:00
Mike Perry
b52bce91fc Write unit tests and fix issues they uncovered. 2009-09-16 15:51:10 -07:00
Mike Perry
04414830fe Implement the pareto fitting and timeout calculating bits. 2009-09-16 15:48:52 -07:00
Mike Perry
7750bee21d Clean up Fallon's partially complete GSoC project.
The code actually isn't that bad. It's a shame she didn't finish.
Using it as the base for this feature.
2009-09-16 15:48:51 -07:00
Roger Dingledine
2dbf5b7741 Merge branch 'tmp' 2009-09-16 17:18:35 -04:00
Sebastian Hahn
dc3229313b Teach connection_ap_can_use_exit about Exclude*Nodes
To further attempt to fix bug 1090, make sure connection_ap_can_use_exit
always returns 0 when the chosen exit router is excluded. This should fix
bug1090.
2009-09-16 02:29:57 +02:00
Nick Mathewson
ed7283d283 Merge commit 'origin/maint-0.2.1'
Resolved conflicts in:
	src/or/circuitbuild.c
2009-09-15 19:37:26 -04:00
Nick Mathewson
24c740e5fd Merge commit 'sebastian/memleak' into maint-0.2.1 2009-09-15 19:35:16 -04:00
Sebastian Hahn
113ba0e727 make some bug 1090 warnings go away
When we excluded some Exits, we were sometimes warning the user that we
were going to use the node regardless. Many of those warnings were in
fact bogus, because the relay in question was not used to connect to
the outside world.

Based on patch by Rotor, thanks!
2009-09-16 01:17:51 +02:00
Nick Mathewson
f9226ae030 Merge commit 'origin/maint-0.2.1' 2009-09-15 12:53:44 -04:00
Sebastian Hahn
b73ecdc232 Fix compile on Snow Leopard 2009-09-15 07:13:36 -04:00
Sebastian Hahn
5e01a86b42 some cleanups:
documentation fix for get_uint64
remove extra "." from a log line
fix a long line
2009-09-15 07:12:12 -04:00
Roger Dingledine
c43859c5c1 Read "circwindow=x" from the consensus and use it
Tor now reads the "circwindow" parameter out of the consensus,
and uses that value for its circuit package window rather than the
default of 1000 cells. Begins the implementation of proposal 168.
2009-09-15 06:33:33 -04:00
Roger Dingledine
40bcab1faf ConsensusParams config option lists key=value params
finishes the authority-operator interface side of proposal 167.
2009-09-15 04:40:08 -04:00
Nick Mathewson
56c6d78520 Parameter access function, with unit tests. 2009-09-14 23:39:08 -04:00
Nick Mathewson
381766ce4b Implement proposal 167: Authorities vote on network parameters.
This code adds a new field to vote on: "params".  It consists of a list of
sorted key=int pairs.  The output is computed as the median of all the
integers for any key on which anybody voted.

Improved with input from Roger.
2009-09-14 23:21:53 -04:00
Nick Mathewson
0edc39303d Add a median_int32 and find_nth_int32 2009-09-14 23:21:52 -04:00
Sebastian Hahn
b792afa919 Fix a memory leak when parsing a ns
Adding the same vote to a networkstatus consensus leads to a memory leak
on the client side. Fix that by only using the first vote from any given
voter, and ignoring the others.

Problem found by Rotor, who also helped writing the patch. Thanks!
2009-09-14 22:25:08 +02:00
Sebastian Hahn
c1a6fb42ac Fix a spec conformance issue when parsing a ns vote
A vote may only contain exactly one signature. Make sure we reject
votes that violate this.

Problem found by Rotor, who also helped writing the patch. Thanks!
2009-09-14 22:06:21 +02:00
Roger Dingledine
86af2ecbda minor fixes in some comments 2009-09-06 20:09:08 -04:00
Karsten Loesing
995606a7e1 Avoid calling time(NULL) too often.
Found by "rotator".
2009-09-03 10:17:08 +02:00
Roger Dingledine
fcacf22491 Fix obscure 64-bit big-endian hidserv bug
Fix an obscure bug where hidden services on 64-bit big-endian
systems might mis-read the timestamp in v3 introduce cells, and
refuse to connect back to the client. Discovered by "rotor".
Bugfix on 0.2.1.6-alpha.
2009-09-02 20:36:11 -04:00
Roger Dingledine
3de5ac9baa i couldn't break nick's tor_parse_double()
i guess that means i should call them unit tests and check them in.
2009-09-02 01:10:10 -04:00
Sebastian Hahn
0a71d1c6a7 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 22:16:46 +02:00
Nick Mathewson
1cda6f3e75 Merge commit 'origin/maint-0.2.1' 2009-09-01 15:59:40 -04:00
Sebastian Hahn
d76fd59a7e Remove a debug printf 2009-09-01 21:58:11 +02:00
Sebastian Hahn
742788b737 typo 2009-09-01 21:58:06 +02:00
Nick Mathewson
bddda9bbdb Use an _actual_ fix for the byte-reverse warning.
(Given that we're pretty much assuming that int is 32 bits, and given that
hex values are always unsigned, taking out the "ul" from 0xff000000 should
be fine.)
2009-09-01 15:51:09 -04:00
Nick Mathewson
2f0184ece1 Use a simpler fix for the byte-reversing warning 2009-09-01 15:41:38 -04:00
Sebastian Hahn
aea9cf1011 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 18:36:27 +02:00
Nick Mathewson
cdc8ea2976 Merge commit 'public/bug1076' 2009-09-01 02:01:49 -04:00
Roger Dingledine
075c004095 Add getinfo accepted-server-descriptor. Clean spec.
Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.
2009-08-31 18:37:25 -04:00
Karsten Loesing
da219ee924 Reduce log level for bug case that we now know really exists. 2009-09-01 00:16:33 +02:00
Roger Dingledine
a225469ded Merge branch 'maint-0.2.1' 2009-08-31 16:26:01 -04:00
Roger Dingledine
4c297f74f7 Only send reachability status events on overall success/failure
We were telling the controller about CHECKING_REACHABILITY and
REACHABILITY_FAILED status events whenever we launch a testing
circuit or notice that one has failed. Instead, only tell the
controller when we want to inform the user of overall success or
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
by SwissTorExit.
2009-08-31 16:14:41 -04:00
Nick Mathewson
00b37f071d Revise parsing of time and memory units to handle spaces.
When we added support for fractional units (like 1.5 MB) I broke
support for giving units with no space (like 2MB).  This patch should
fix that.  It also adds a propoer tor_parse_double().

Fix for bug 1076.  Bugfix on 0.2.2.1-alpha.
2009-08-31 00:18:55 -04:00
Karsten Loesing
dd8f16beb5 Avoid segfault when accessing hidden service. 2009-08-29 19:41:08 +02:00
Roger Dingledine
0bb59f1c38 Merge branch 'maint-0.2.1' 2009-08-28 03:47:18 -04:00
Roger Dingledine
64f393d56f Only send netinfo clock_skew to controller if an authority told us so
We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
2009-08-28 03:42:09 -04:00
Roger Dingledine
85e22a8adb bump to 0.2.2.1-alpha-dev 2009-08-27 22:27:31 -04:00
Roger Dingledine
659552a3c6 Merge branch 'maint-0.2.1' 2009-08-27 21:42:58 -04:00
Karsten Loesing
889c07f1fc When Tor fails to parse a descriptor of any kind, dump it to disk. 2009-08-26 20:15:47 -04:00
Roger Dingledine
5308eceef3 bump to 0.2.2.1-alpha 2009-08-26 15:01:43 -04:00
Nick Mathewson
1d9b8a1e16 Merge commit 'karsten/proposal-166-impl-master' 2009-08-26 11:36:40 -04:00
Nick Mathewson
c9203749a2 A changelog entry and a bit more documentation for socks-client 2009-08-26 11:34:45 -04:00
Nick Mathewson
707a6bd659 Merge commit 'public/socks-client'
Resolved conflict in:
	src/or/or.h
2009-08-26 11:27:19 -04:00
Nick Mathewson
903f9ef50e Clean up a couple of style issues in the socks-client branch. 2009-08-25 10:30:54 -04:00
Karsten Loesing
8c29b7920a Add some fixes after discussion with Nick.
- Refactor geoip.c by moving duplicate code into rotate_request_period().
- Don't leak memory when cleaning up cell queues.
- Make sure that exit_(streams|bytes_(read|written)) are initialized in all
  places accessing these arrays.
- Read only the last block from *stats files and ensure that its timestamp
  is not more than 25 hours in the past and not more than 1 hour in the
  future.
- Stop truncating the last character when reading *stats files.

The only thing that's left now is to avoid reading whole *stats files into
memory.
2009-08-21 23:02:36 +02:00
Nick Mathewson
b51c592547 Refactor geoip_get_dirreq_history() some more.
This patch avoids a bunch of allocations, and avoids using unallocated
memory.
2009-08-21 13:50:32 -04:00
Nick Mathewson
d4a75a222f Fix a memory leak in summarizing directory request timing.
Spotted by Coverity Scan.
2009-08-21 13:33:20 -04:00
Nick Mathewson
daa0326aaa Add the first 8 bytes of the git commit digest to our versions.
Note that unlike subversion revision numbers, it isn't meaningful to
compare these for anything but equality.  We define a sort-order anyway,
in case one of these accidentally slips into a recommended-versions
list.
2009-08-21 12:31:13 -04:00
Roger Dingledine
eb829cc330 Survive unparseable cached cert file 2009-08-20 16:56:21 -04:00
Roger Dingledine
7f518873eb Notice v3 cert parsing failures
If any the v3 certs we download are unparseable, we should actually
notice the failure so we don't retry indefinitely. Bugfix on 0.2.0.x;
reported by "rotator".
2009-08-20 16:50:51 -04:00
Nick Mathewson
5da3b45fdc Make crypto_digest_get_digest nondestructive again.
Fixes bug in f57883a39.
2009-08-20 12:03:32 -04:00
Nick Mathewson
9d11827780 Fix a rare infinite-recursion bug when shutting down.
Once we had called log_free_all(), anything that tried to log a
message (like a failed tor_assert()) would fail like this:

   1. The logging call eventually invokes the _log() function.
   2. _log() calls tor_mutex_lock(log_mutex).
   3. tor_mutex_lock(m) calls tor_assert(m).
   4. Since we freed the log_mutex, tor_assert() fails, and tries to
      log its failure.
   5. GOTO 1.

Now we allocate the mutex statically, and never destroy it on
shutdown.

Bugfix on 0.2.0.16-alpha, which introduced the log mutex.

This bug was found by Matt Edman.
2009-08-20 11:55:33 -04:00
Nick Mathewson
8771fdfda4 Make consensus_method_is_supported() be the canonical source for its info.
Add a new function to derive the declared method list from
consensus_method_is_supported().
2009-08-20 10:04:33 -04:00
Nick Mathewson
d0c212995a Add a SHA256 implementation for platforms that lack it.
(This would be everywhere running OpenSSL 0.9.7x and earlier, including
all current Macintosh users.)

The code is based on Tom St Denis's LibTomCrypt implementation,
modified to be way less general and use Tor's existing facilities.  I
picked this one because it was pretty fast and pretty free, and
because Python uses it too.
2009-08-20 01:47:13 -04:00
Nick Mathewson
f57883a39e Add basic support for SHA256.
This adds an openssl 0.9.8 dependency.  Let's see if anybody cares.
2009-08-19 19:43:54 -04:00
Karsten Loesing
75c59d1a92 Some final (?) cleanups of proposal 166 implementation. 2009-08-19 23:36:27 +02:00
Karsten Loesing
93fd0d3755 Fix a couple of bugs that showed up at runtime. 2009-08-19 19:16:00 +02:00
Karsten Loesing
6592cbe3e1 Don't write extra-info document to debug logs. 2009-08-19 17:15:51 +02:00
Karsten Loesing
42229d1d84 Move all *-stats file to subdirectory stats/. 2009-08-19 17:10:40 +02:00
Karsten Loesing
a5508583ee Include only the last 24 hours of stats in extra-info documents. 2009-08-19 16:30:00 +02:00
Karsten Loesing
4e29f33427 Write all statistics to disk exactly every 24 hours. 2009-08-19 15:41:12 +02:00
Karsten Loesing
dccadb30cd Clean up proposal 166 and its implementation. 2009-08-18 15:53:08 +02:00
Karsten Loesing
799af41157 Use memory pool for insertion times. 2009-08-17 13:30:11 +02:00
Karsten Loesing
f37af0180d Implement queue with O(1) operations, and correct some math. 2009-08-17 13:30:11 +02:00
Karsten Loesing
858a8f809d Reduce cell statistics accuracy from 1 ms to 10 ms. 2009-08-17 13:30:11 +02:00
Karsten Loesing
20c95a3d21 Fix trivial bug when uploading extra-info documents. 2009-08-17 13:30:10 +02:00
Karsten Loesing
9179bcb923 Include contents of *-stats files in descriptor. 2009-08-17 13:30:10 +02:00
Karsten Loesing
d97e95cb62 Remove ./configure option for cell statistics. 2009-08-17 13:30:09 +02:00
Karsten Loesing
ab7729f472 Remove ./configure option for entry and dir request statistics. 2009-08-17 13:29:50 +02:00
Nick Mathewson
b9e45cc508 Merge commit 'mikeperry/bandwidth-voting-final' 2009-08-14 17:12:05 -04:00
Karsten Loesing
9d16a59fcc Remove ./configure option for exit port statistics. 2009-08-14 14:56:38 +02:00
Nick Mathewson
e0dc2e907e Merge commit 'origin/maint-0.2.1' 2009-08-12 22:02:07 -04:00
Karsten Loesing
a98643c1b5 Fix possible segmentation fault on directory authorities.
The more verbose logs that were added in ee58153 also include a string
that might not have been initialized. This can lead to segfaults, e.g.,
when setting up private Tor networks. Initialize this string with NULL.
2009-08-11 17:33:58 +02:00
Roger Dingledine
afc9da7287 Merge branch 'maint-0.2.1' 2009-08-10 04:17:32 -04:00
Roger Dingledine
e50b7768b9 Send sendmes when we're down 100 cells, not 101.
Send circuit or stream sendme cells when our window has decreased
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
by Karsten when testing the "reduce circuit window" performance
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.
2009-08-10 04:13:18 -04:00
Roger Dingledine
5f0fb9a109 Merge branch 'maint-0.2.1' into tmp_merge 2009-08-10 01:37:29 -04:00
Roger Dingledine
8abe3bac7e Set up urras as the seventh v3 directory authority. 2009-08-10 01:32:51 -04:00
Mike Perry
9e1fe29beb Switch over to tor_strtok_r instead of strtok_r. 2009-08-09 18:42:29 -07:00
Mike Perry
cb477f9cc0 Merge commit 'nickm/strtok' into mp-voting-final 2009-08-09 18:23:53 -07:00
Mike Perry
1060b4d824 Fix issues found by Nick in code review. 2009-08-09 18:21:15 -07:00
Nick Mathewson
3886467f38 Add a new tor_strtok_r for platforms that don't have one, plus tests.
I don't think we actually use (or plan to use) strtok_r in a reentrant
way anywhere in our code, but would be nice not to have to think about
whether we're doing it.
2009-08-09 17:30:15 -07:00
Jacob Appelbaum
33762b5296 LetsKillNoConnect removes support for .noconnect
This is a patch to remove support for .noconnect.
We are removing .noconnect because of a talk at Defcon 17 by Gregory Fleischer.
2009-08-08 19:15:22 -07:00
Roger Dingledine
3e4379c2e7 Disable .exit notation unless AllowDotExit is 1. 2009-08-07 19:26:41 -04:00
Mike Perry
ca676c3924 Display consensus bandwidth to the control port.
Also div vote and other bandwidth by 1000, not 1024.
2009-08-06 14:47:08 -07:00
Mike Perry
b074e61ad3 Throw the switch on consensus method 6. 2009-08-06 14:47:04 -07:00
Roger Dingledine
da88e05edc try loading the bandwidth measurement file on startup too,
in case it's broken.
2009-08-06 11:48:03 -07:00
Mike Perry
6fbdf635fa Implement measured bw parsing + unit tests. 2009-08-06 11:48:03 -07:00
Nick Mathewson
df354a002c Merge commit 'origin/maint-0.2.1'
Resolved onflicts in:
	ChangeLog
	src/or/config.c
	src/or/or.h
2009-07-30 10:16:04 -04:00
Nick Mathewson
4577bda766 Cleaner fix for get_effective_bw(rate|burst), with comment on why it is ok. 2009-07-30 10:14:12 -04:00
Nick Mathewson
efe966944d Fix signed/unsigned comparison warnings in get_effective_bw(rate|burst) 2009-07-30 09:15:07 -04:00
Roger Dingledine
6249b0fd77 Fix a signed/unsigned compile warning in 0.2.1.19 2009-07-28 18:34:35 -04:00
Roger Dingledine
e8e88922a7 Merge branch 'maint-0.2.1' into master 2009-07-28 18:19:57 -04:00
Roger Dingledine
69706f99e8 bump to 0.2.1.19 2009-07-28 17:39:51 -04:00
Sebastian Hahn
3e45445104 Changing MaxAdvertisedBW may not need a republish
Relays no longer publish a new server descriptor if they change
their MaxAdvertisedBandwidth config option but it doesn't end up
changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc;
fixes bug 1026. Patch from Sebastian.
2009-07-27 23:53:06 -04:00
Roger Dingledine
a73acdd46f Write fingerprint to file and log without spaces
Now it will look like the fingerprints in our bridges documentation,
and confuse fewer users.
2009-07-27 22:51:20 -04:00
Roger Dingledine
0a4e2397c0 Don't leak memory if we get too many create cells
Specifically, every time we get a create cell but we have so many already
queued that we refuse it.

Bugfix on 0.2.0.19-alpha; fixes bug 1034. Reported by BarkerJr.
2009-07-27 22:38:09 -04:00
Roger Dingledine
2b63fa40e8 three hacks to workaround bug 1038
The problem is that clients and hidden services are receiving
relay_early cells, and they tear down the circuit.

Hack #1 is for rendezvous points to rewrite relay_early cells to
relay cells. That way there are never any incoming relay_early cells.

Hack #2 is for clients and hidden services to never send a relay_early
cell on an established rendezvous circuit. That works around rendezvous
points that haven't upgraded yet.

Hack #3 is for clients and hidden services to not tear down the circuit
when they receive an inbound relay_early cell. We already refuse extend
cells at clients.
2009-07-27 21:58:32 -04:00
Karsten Loesing
7b716878cb Fix dirreq and cell stats on 32-bit architectures.
When determining how long directory requests take or how long cells spend
in queues, we were comparing timestamps on microsecond detail only to
convert results to second or millisecond detail later on. But on 32-bit
architectures this means that 2^31 microseconds only cover time
differences of up to 36 minutes. Instead, compare timestamps on
millisecond detail.
2009-07-27 16:23:53 +02:00
Nick Mathewson
2b0e8fb39f Merge commit 'ioerror/DirFetchInfoExtraEarly'
Conflicts:
	ChangeLog
2009-07-25 00:52:54 -04:00
Roger Dingledine
52b142219b bump to 0.2.1.18 2009-07-24 17:31:04 -04:00
Karsten Loesing
f80537e3e0 Fix unit tests.
Now that we require EntryStatistics to be 1 for counting connecting
clients, unit tests need to set that config option, too.

Reported by Sebastian Hahn.
2009-07-24 01:13:33 +02:00
Sebastian Hahn
5c0b418a6f don't warn about DirReqStatistics when the option is disabled
Reported by Zax on #tor
2009-07-23 13:50:18 +02:00
Karsten Loesing
b71bbdc69a Make exit stats compile on 64-bit machines, too. 2009-07-18 10:35:20 -04:00
Roger Dingledine
c0a2d7dc73 Clean up the accountingmax section in torrc.sample
Also, suggest a default of 4GB/day (46KB/s) rather than 1GB/day (11.5KB/s).
No use asking low.
2009-07-16 17:15:59 -04:00
Nick Mathewson
022d251cb7 Merge branch 'dirreq-timing' 2009-07-16 15:26:07 -04:00
Nick Mathewson
cbe4327391 Switch dirreq_map to use HT_ functions rather than strmap. 2009-07-16 15:26:01 -04:00
Nick Mathewson
82795eebb7 Include AccountingMax in torrc.sample
"There's room for one more till the end of creation." -- _Sandman_

(Based on patch from David [edeca].  Closes bug 1036.)
2009-07-16 14:02:07 -04:00
Sebastian Hahn
989e74e5c0 fix long line 2009-07-15 17:26:11 +02:00
Karsten Loesing
8c496d1660 Some tweaks to statistics.
Changes to directory request statistics:

- Rename GEOIP statistics to DIRREQ statistics, because they now include
  more than only GeoIP-based statistics, whereas other statistics are
  GeoIP-dependent, too.
- Rename output file from geoip-stats to dirreq-stats.
- Add new config option DirReqStatistics that is required to measure
  directory request statistics.
- Clean up ChangeLog.

Also ensure that entry guards statistics have access to a local GeoIP
database.
2009-07-15 16:32:40 +02:00
Karsten Loesing
416940d93b Some tweaks to directory request download times.
- Use common prefixes DIRREQ_* and dirreq_*.
- Replace enums in structs with bitfields.
2009-07-15 16:14:14 +02:00
Karsten Loesing
85e7f67e1c Round up results to the next multiple of 4. 2009-07-15 16:12:45 +02:00
Karsten Loesing
4002980d1c Right, the u in uint stands for unsigned. 2009-07-15 16:12:45 +02:00
Karsten Loesing
3c05132575 Directories now also measure download times of network statuses. 2009-07-15 16:12:45 +02:00
Nick Mathewson
d4b31cf98f Allow interval and memunit cfg variables to be set to fractions. 2009-07-15 10:02:49 -04:00
Roger Dingledine
05975e2a89 make it compile without warnings 2009-07-14 14:13:04 -04:00
Nick Mathewson
31b72732c6 Merge commit 'karsten/geoipstats-download-resp-master'
Conflicts:
	src/or/geoip.c
2009-07-14 12:18:27 -04:00
Nick Mathewson
e90843eb68 Merge commit 'karsten/geoipstats-shares-master' 2009-07-14 12:15:24 -04:00
Nick Mathewson
49136bb18f Merge commit 'karsten/geoipstats-newoverthereistan-master' 2009-07-14 12:14:19 -04:00
Karsten Loesing
409386cede Handle unsigned ints correctly. 2009-07-14 01:50:55 +02:00
Karsten Loesing
59dd9de858 Write number of rejected requests to geoip-stats file. 2009-07-14 01:46:17 +02:00
Jacob Appelbaum
e7576f92de Add support for a new option: FetchDirInfoExtraEarly
This new option will allow clients to download the newest fresh consensus
much sooner than they normally would do so, even if they previously set
FetchDirInfoEarly. This includes a proper ChangeLog entry and an updated man
page.
2009-07-13 16:30:42 -07:00
Roger Dingledine
b48e3371d7 remove experimental 'getinfo unregistered-servers-'
it never really worked, and hasn't been used for years.
2009-07-13 17:34:47 -04:00
Roger Dingledine
9ece0955f7 fix comments and other typos 2009-07-13 17:34:46 -04:00
Karsten Loesing
8f1a973669 Two tweaks to exit-port statistics.
Add two functions for round_to_next_multiple_of() for uint32_t and
uint64_t.

Avoid division in every step of the loop over all ports.
2009-07-13 22:43:06 +02:00
Karsten Loesing
707a44a7b0 Replace two %d with %u's. 2009-07-13 22:11:21 +02:00
Karsten Loesing
d1437245c7 Simplify the math to round up to the next multiple of some value. 2009-07-11 00:44:27 +02:00
Karsten Loesing
7fb206e554 Tweak exit port statistics a bit.
Introduce a threshold of 0.01% of bytes that must be read and written per
port in order to be included in the statistics. Otherwise we cannot include
these statistics in extra-info documents, because they are too big.

Change the labels "-written" and "-read" so that the meanings are as
intended.
2009-07-09 23:55:13 +02:00
Karsten Loesing
fa2374a163 List unresolved requests in geoip stats as country '??'. 2009-07-09 15:34:53 +02:00
Nick Mathewson
041a7b9896 Merge commit 'karsten/entrystats-master'
Conflicts:
	ChangeLog
	configure.in
	src/or/config.c
	src/or/or.h
2009-07-07 14:26:50 -04:00
Nick Mathewson
1c1b223910 Merge commit 'karsten/bufferstats-master' 2009-07-07 13:21:33 -04:00
Nick Mathewson
aa0cf31c51 Merge commit 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2009-07-07 12:42:24 -04:00
Nick Mathewson
d996b7463e Bump version to 0.2.1.17-rc-dev 2009-07-07 12:39:35 -04:00
Nick Mathewson
32d4060724 Bump version to 0.2.1.17-rc 2009-07-07 12:22:46 -04:00
Nick Mathewson
258b980331 Make "Invalid onion hostname" msg respect SafeLogging.
Patch by Roger; fixes bug 1027.
2009-07-07 12:19:04 -04:00
Karsten Loesing
c0b6cb132b If configured, write entry-node statistics to disk periodically. 2009-07-05 20:48:16 +02:00
Karsten Loesing
b493a2ccb9 If configured, write cell statistics to disk periodically. 2009-07-05 19:53:25 +02:00
Karsten Loesing
c1f6c2ba30 Estimate v2 and v3 shares as mean values over measurement interval. 2009-07-04 22:17:08 +02:00
Karsten Loesing
4d6af73db8 If configured, write per-port exit statistics to disk periodically.
[Original patch series from Karsten, revised and squashed by Nick]
2009-07-02 12:37:05 -04:00
Nick Mathewson
078c34e28e Merge commit 'origin/maint-0.2.1'
[Didn't take Karsten's full bug 1024 workaround, since 0.2.2 doesn't
use v0 rend descs.]
2009-07-02 10:20:20 -04:00
Karsten Loesing
3e6bb050dd Make an attempt to fix bug 1024.
The internal error "could not find intro key" occurs when we want to send
an INTRODUCE1 cell over a recently finished introduction circuit and think
we built the introduction circuit with a v2 hidden service descriptor, but
cannot find the introduction key in our descriptor.

My first guess how we can end up in this situation is that we are wrong in
thinking that we built the introduction circuit based on a v2 hidden
service descriptor. This patch checks if we have a v0 descriptor, too, and
uses that instead.
2009-07-02 10:00:28 -04:00
Roger Dingledine
690db1331d another minor patch to add to 0.2.1.x
o Minor features:
    - If we're a relay and we change our IP address, be more verbose
      about the reason that made us change. Should help track down
      further bugs for relays on dynamic IP addresses.
2009-06-30 10:21:30 -04:00
Nick Mathewson
9f28cfe86a Merge commit 'origin/maint-0.2.1' 2009-06-30 10:13:51 -04:00
Roger Dingledine
e7bc189f7c the third piece of bug 969 fixing
when we write out our stability info, detect relays that have slipped
through the cracks. log about them and correct the problem.

if we continue to see a lot of these over time, it means there's another
spot where relays fall out of the routerlist without being marked as
unreachable.
2009-06-30 10:10:13 -04:00
Roger Dingledine
bdca5476da the second piece of bug 969 fixing
whenever we remove a relay from the main routerlist, tell the
rephist module that it's no longer running.
2009-06-30 10:10:13 -04:00
Roger Dingledine
0cd16c4ad3 the first piece of bug 969 fixing
tell the rephist module that a given relay is down whenever
we determine that it's down, not just when we thought it used
to be up.
2009-06-30 10:10:13 -04:00
Nick Mathewson
7ce767181f Have eventdns set the "truncated" bit correctly.
Fixed bug 1022; This isn't actually a live bug in Tor, since in Tor
we never generate large DNS replies.
2009-06-30 10:05:42 -04:00
Nick Mathewson
f466f3d12c Merge commit 'sebastian/geoipnotice' 2009-06-25 12:09:57 -04:00
Sebastian Hahn
38476e2555 Log a notice about collecting geoip stats 2009-06-25 18:06:52 +02:00
Roger Dingledine
9fc3d87827 stop capping bandwidths we see in the consensus
but continue capping bandwidths we see in local server
descriptors, if we have no consensus weights for them.
2009-06-25 11:38:05 -04:00
Nick Mathewson
d2cac1afc3 Merge commit 'origin/maint-0.2.1' 2009-06-24 19:02:00 -04:00
Marcus Griep
d308738919 Ignore control port commands after a QUIT
When a QUIT has been issued on a control port connection, then
ignore further commands on that port. This fixes bug 1016.
2009-06-24 00:10:22 -04:00
Marcus Griep
fa89c9f086 Flush long replies over control port on QUIT
Marks the control port connection for flushing before closing when
the QUIT command is issued. This allows a QUIT to be issued during
a long reply over the control port, flushing the reply and then
closing the connection. Fixes bug 1015.
2009-06-24 00:10:20 -04:00
Nick Mathewson
39551b494e Merge commit 'origin/maint-0.2.1' 2009-06-22 14:08:19 -04:00
Roger Dingledine
1aaab8288d Clients now use bandwidth values in the consensus
rather than the bandwidth values in each relay descriptor. This approach
opens the door to more accurate bandwidth estimates once the directory
authorities start doing active measurements. Implements more of proposal
141.
2009-06-22 14:01:34 -04:00
Nick Mathewson
3f4f6f9075 Merge commit 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
2009-06-22 12:36:06 -04:00
Nick Mathewson
262455527a Serve DirPortFrontPage even if the write bucket is low.
arma's rationale: "I think this is a bug, since people intentionally
set DirPortFrontPage, so they really do want their relay to serve that
page when it's asked for. Having it appear only sometimes (or roughly
never in Sebastian's case) makes it way less useful."

Fixes bug 1013; bugfix on 0.2.1.8-alpha.
2009-06-22 12:34:32 -04:00
Karsten Loesing
e6a1e7001b Add warning that the results of --enable-geoip-stats are different from those in master. 2009-06-22 11:51:19 -04:00
Nick Mathewson
da416d9884 Bump version to 0.2.1.16-rc.dev 2009-06-20 21:54:56 -04:00
Nick Mathewson
ac3dedacce Bump version to 0.2.1.16-rc 2009-06-20 01:14:07 -04:00
Nick Mathewson
659fc13da5 Change proxy-address type to tor_addr_t to allow ipv6 proxies. 2009-06-19 12:48:00 -04:00
Nick Mathewson
015189b5df Move SOCKS reason-decoding switches into reasons.c 2009-06-19 12:40:23 -04:00
Christopher Davis
75472c19c3 Enable Tor to connect through SOCKS 4/5 proxies
Added a sanity check in config.c and a check in directory.c
directory_initiate_command_rend() to catch any direct connection attempts
when a socks proxy is configured.
2009-06-19 12:16:15 -04:00
Karsten Loesing
f266ecbeec Better fix for 997. 2009-06-19 16:26:02 +02:00
Karsten Loesing
20883f5e83 Revert "Backport fix for bug 997."
This reverts commit 3847f54945.
2009-06-19 15:46:13 +02:00
Nick Mathewson
aa88c8d91a Merge commit 'origin/maint-0.2.1' 2009-06-18 11:10:27 -04:00
Nick Mathewson
298dc95dfd tor-resolve: Don't automatically refuse .onion addresses.
If the Tor is running with AutomapHostsOnResolve set, it _is_
reasonable to do a DNS lookup on a .onion address.  So instead we make
tor-resolve willing to try to resolve anything.  Only if Tor refuses
to resolve it do we suggest to the user that resolving a .onion
address may not work.

Fix for bug 1005.
2009-06-18 11:08:10 -04:00
Nick Mathewson
94e8c34cb7 Set EV_PERSIST flag on signal events with Libevent < 2.0.
Fix for bug 1007.
2009-06-18 10:07:26 -04:00
Nick Mathewson
df03d6eca8 Merge commit 'karsten/bug997-hidservfetch' 2009-06-16 16:26:02 -04:00
Karsten Loesing
3847f54945 Backport fix for bug 997.
Backporting 6a32beb and ca8708a.
2009-06-16 16:25:35 -04:00
Nick Mathewson
0d2976d64b Merge commit 'origin/maint-0.2.1' 2009-06-16 16:18:16 -04:00
Nick Mathewson
7f8a6c5e92 Revise earlier check for correct IPv4 addr length to check for ==4.
We need this to match the check in connection_ap_handshake_socks_resolved().

Found by optimist.
2009-06-16 16:12:06 -04:00
Sebastian Hahn
0caf8dd0b6 Fix bug 1001
For compatibility with Libevent2, tor_event_new should accept
a NULL base without crashing.
2009-06-16 17:30:08 +02:00
Karsten Loesing
ca8708a9ce Fix more of bug 997.
Fix refetching of hidden service descriptors when all introduction points
have turned out to not work.
2009-06-13 12:21:58 +02:00
Nick Mathewson
74bf885b2d Whitespace and osx fixes on libevent2 patch. 2009-06-12 15:09:09 -04:00
Nick Mathewson
1e709c79d1 Isolate Libevent API dependency to just main.c and dns.c in src/or.
The rest of the code was only including event.h so that it could see
EV_READ and EV_WRITE, which we were using as part of the
connection_watch_events interface for no very good reason.
2009-06-12 14:27:53 -04:00