Commit Graph

14204 Commits

Author SHA1 Message Date
Nick Mathewson
d5558f0072 circuit_build_failed: distinguish "first hop chan failed", "CREATE failed"
Roger spotted this on tor-dev in his comments on proposal 221.

(Actually, detect DESTROY vs everything else, since arma likes
network timeout indicating failure but not overload indicating failure.)
2014-07-25 11:59:00 -04:00
Nick Mathewson
e001610c99 Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2014-07-25 11:59:00 -04:00
Roger Dingledine
bdc2cefd4e Merge branch 'maint-0.2.5' 2014-07-24 19:49:29 -04:00
Roger Dingledine
a3d8ffe010 fix typo that crept in to 0.2.4.4-alpha 2014-07-24 17:07:39 -04:00
Roger Dingledine
eb3e0e3da3 Merge branch 'maint-0.2.5' 2014-07-24 16:30:50 -04:00
Roger Dingledine
a57c07b210 Raise guard threshold to top 25% or 2000 kilounits
Authorities now assign the Guard flag to the fastest 25% of the
network (it used to be the fastest 50%). Also raise the consensus
weight that guarantees the Guard flag from 250 to 2000. For the
current network, this results in about 1100 guards, down from 2500.
This step paves the way for moving the number of entry guards
down to 1 (proposal 236) while still providing reasonable expected
performance for most users.

Implements ticket 12690.
2014-07-24 16:24:17 -04:00
Roger Dingledine
bc9866e13f Merge branch 'maint-0.2.5' 2014-07-24 16:23:26 -04:00
Roger Dingledine
a4c641cce9 Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-24 16:23:08 -04:00
Roger Dingledine
9fc276a1c7 add a NumDirectoryGuards consensus param too 2014-07-24 16:19:47 -04:00
Roger Dingledine
56ee61b8ae Add and use a new NumEntryGuards consensus parameter.
When specified, it overrides our default of 3 entry guards.

(By default, it overrides the number of directory guards too.)

Implements ticket 12688.
2014-07-24 16:19:47 -04:00
Nick Mathewson
e7e92fb2f9 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-21 14:01:00 -04:00
Nick Mathewson
486bd4fae7 Use safe_str in channel_dumpstats: improve 12184 diagnostic 2014-07-18 21:20:44 +02:00
Nick Mathewson
b408125288 Merge remote-tracking branch 'andrea/bug11302' 2014-07-16 16:58:41 +02:00
Nick Mathewson
5690284559 Fix wide lines, make entry_is_live() non-inline 2014-07-16 16:52:16 +02:00
Nick Mathewson
368ff2291b Merge remote-tracking branch 'asn/bug12202' 2014-07-16 16:49:07 +02:00
Nick Mathewson
f74a932e0b Merge remote-tracking branch 'sysrqb/bug12573' 2014-07-16 15:38:10 +02:00
Nick Mathewson
d8705ec720 Merge remote-tracking branch 'asn/bug12207_second_draft' 2014-07-16 15:33:00 +02:00
Arlo Breault
15e170e01b Add an option to overwrite logs
* Issue #5583
2014-07-16 12:16:49 +02:00
Nick Mathewson
4da4c4c63f Apply GeoIPExcludeUnknown before checking transitions
Otherwise, it always seems as though our Exclude* options have
changed, since we're comparing modified to unmodified values.

Patch from qwerty1. Fixes bug 9801. Bugfix on 0.2.4.10-alpha, where
GeoIPExcludeUnknown was introduced.
2014-07-16 11:14:59 +02:00
Nick Mathewson
7591ce64fb Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-16 11:01:20 +02:00
Anthony G. Basile
d504a4e36f src/or/connection.c: expose bucket_millis_empty for bufferevents test
Currently tor fails to build its test when enabled with bufferevents
because an #ifndef USE_BUFFEREVENTS hides bucket_millis_empty() and
friends.  This is fine if we don't run tests, but if we do, we need
these functions in src/or/libtor-testing.a when linking src/test/test.

This patch moves the functions outside the #ifndef and exposes them.

See downstream bug:

	https://bugs.gentoo.org/show_bug.cgi?id=510124
2014-07-16 10:37:00 +02:00
Nick Mathewson
5d2045ee8b diagnostic for 12184: Add a call to channel_dump_statistics 2014-07-16 10:34:39 +02:00
Nick Mathewson
32495ee309 Add another 8387 diagnostic
When we run into bug 8387 (if we run into it again), report when we
last called circuit_expire_old_circuits_clientside().  This will let
us know -- if my fix for 8387 doesn't work -- whether my diagnosis
was at least correct.

Suggested by Andrea.
2014-07-16 10:05:00 +02:00
Nick Mathewson
856114ab1c Merge remote-tracking branch 'public/bug8387_024' into maint-0.2.5 2014-07-16 10:01:56 +02:00
Nick Mathewson
ed3d7892c7 Fix a bug where streams would linger forever when we had no dirinfo
fixes bug 8387; fix on 0.1.1.11-alpha (code), or on 0.2.4.10-alpha (behavior).
2014-07-09 16:15:05 -04:00
George Kadianakis
b74442db94 Change interface of router_descriptor_is_too_old(). 2014-07-09 19:20:41 +03:00
Nick Mathewson
35791f4238 Remove executable bit from control.c, router.c
Fix for 12512.
2014-07-09 08:54:08 -04:00
Matthew Finkel
43bba9541a Only active relays should be given HSDir
We should only assign a relay the HSDir flag if it is currently
considered valid. We can accomplish this by only considering active
relays, and as a consequence of this we also exclude relays that are
currently hibernating. Fixes #12573
2014-07-09 00:48:00 +00:00
George Kadianakis
8bbb217964 Change the interface of entry_is_live() to take a bitmap. 2014-06-25 15:44:36 -04:00
George Kadianakis
46d41e6e9b Basic entry_is_live() unittest. 2014-06-25 15:39:00 -04:00
George Kadianakis
4245662b28 Functionify the descriptor age check so that we can NOP it in tests. 2014-06-24 14:19:07 -04:00
Arlo Breault
48d7fceee5 Update a comment and undef an identifier
* Trac #11452
2014-06-23 20:28:34 -04:00
Nick Mathewson
58f4200789 Thread support is now required
Long ago we supported systems where there was no support for
threads, or where the threading library was broken. We shouldn't
have do that any more: on every OS that matters, threads exist, and
the OS supports running threads across multiple CPUs.

This resolves tickets 9495 and 12439.  It's a prerequisite to making
our workqueue code work better, since sensible workqueue
implementations don't split across multiple processes.
2014-06-20 10:20:10 -04:00
Nick Mathewson
5b4ee475aa Remove code for Windows CE support
As far as I know, nobody has used this in ages.  It would be a
pretty big surprise if it had worked.

Closes ticket 11446.
2014-06-20 09:49:36 -04:00
Nick Mathewson
456184c2a0 Authorities also advertise caches-extra-info
(Whoops, thought I had committed this before)

Improvement to 11683 fix. Based on patch from Karsten.
2014-06-20 09:02:24 -04:00
Nick Mathewson
922be84ca3 Merge remote-tracking branch 'karsten/bug11683' 2014-06-19 10:42:19 -04:00
Nick Mathewson
dd362b52f3 whitespace fixes 2014-06-16 15:18:02 -04:00
George Kadianakis
61629b4f6c Document choose_random_entry_impl() and populate_live_entry_guards(). 2014-06-15 19:03:38 -07:00
George Kadianakis
bf263a9b99 Make a few entrynodes.c functions testable. 2014-06-15 19:02:59 -07:00
George Kadianakis
71da44f159 Make populate_live_entry_guards() more smoothly testable. 2014-06-15 19:02:59 -07:00
George Kadianakis
c7b05a6aef Constify aggressively in populate_live_entry_guards(). 2014-06-15 19:02:59 -07:00
George Kadianakis
a59429f1e4 Fix the functionality of populate_live_entry_guards(). 2014-06-15 19:02:55 -07:00
George Kadianakis
427cc8a452 Move code from choose_random_entry_impl() to the new function.
This commit only _moves_ code.
2014-06-15 18:25:45 -07:00
George Kadianakis
e8c366e9ea Create skeleton for populate_live_entry_guards().
Now we are ready to move code from choose_random_entry_impl() to it.
2014-06-15 18:25:45 -07:00
George Kadianakis
f75c6ce981 choose_random_entry_impl(): Remove useless consider_exit_family.
The variable was useless since it was only toggled off in disabled code.

If the 'exit_family' smartlist is empty, we don't consider exit family
anyway.
2014-06-15 18:25:45 -07:00
George Kadianakis
115b3e7645 Remove a piece of disabled code in choose_random_entry_impl(). 2014-06-15 18:25:45 -07:00
Nick Mathewson
a7cafb1ea9 Merge branch 'bug8746_v2_squashed'
Conflicts:
	src/common/include.am
2014-06-14 11:46:38 -04:00
Nick Mathewson
4ed03965a5 New waitpid-handler functions to run callbacks when a child exits.
Also, move 'procmon' into libor_event library, since it uses libevent.
2014-06-14 11:40:27 -04:00
Nick Mathewson
a58d94fb7c Merge branch 'bug12184_diagnostic_squashed' 2014-06-14 11:01:04 -04:00
Nick Mathewson
8f3e3279c1 Try to diagnose bug 12184
Check for consistency between the queued destroy cells and the marked
circuit IDs.  Check for consistency in the count of queued destroy
cells in several ways.  Check to see whether any of the marked circuit
IDs have somehow been marked longer than the channel has existed.
2014-06-14 11:00:44 -04:00
Nick Mathewson
cfca2a6037 Merge branch 'bug12191_squashed' 2014-06-13 08:40:59 -04:00
Nick Mathewson
f9f450d688 Also raise the check for 0 circuit ID in created cell.
And add a comment about why conditions that would cause us to drop a
cell should get checked before actions that would cause us to send a
destroy cell.

Spotted by 'cypherpunks'.

And note that these issues have been present since 0.0.8pre1 (commit
0da256ef), where we added a "shutting down" state, and started
responding to all create cells with DESTROY when shutting down.
2014-06-13 08:39:39 -04:00
Nick Mathewson
bbb1ffe535 sandbox: Permit stat() of DataDir/stats
This is a fix for another case of 12064 that alphawolf just spotted.

There's already an 0.2.5.5 changelog entry for this.
2014-06-13 08:36:43 -04:00
Nick Mathewson
02dafc270c whitespaces fixes 2014-06-11 12:00:14 -04:00
Nick Mathewson
3a2e25969f Merge remote-tracking branch 'public/ticket6799_024_v2_squashed'
Conflicts:
	src/or/channel.c
	src/or/circuitlist.c
	src/or/connection.c

Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
2014-06-11 11:57:56 -04:00
Nick Mathewson
6557e61295 Replace last_added_nonpadding with last_had_circuits
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits.  But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.

This is part of fixing 6799.

When applied to 0.2.5, it is also a fix for 12023.
2014-06-11 11:27:04 -04:00
Nick Mathewson
463f6628d3 Give each or_connection_t a slightly randomized idle_timeout
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.

Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.

Fix for ticket 6799.
2014-06-11 11:27:04 -04:00
Nick Mathewson
6f20dd7bfc Merge remote-tracking branch 'public/bug11970' 2014-06-11 11:01:52 -04:00
Nick Mathewson
e8dd34f165 Merge remote-tracking branch 'public/not_bug8093' 2014-06-11 09:24:16 -04:00
Nick Mathewson
af53e4bd1c Move circuit-id-in-use check for CREATE cells to before all other checks
This means that we never send a DESTROY cell in response to an attempt
to CREATE an existing circuit.  Fixes bug 12191.
2014-06-10 22:41:13 -04:00
Nick Mathewson
562299d57b Improved diagnostic log for bug 8387.
When we find a stranded one-hop circuit, log whether it is dirty,
log information about any streams on it, and log information about
connections they might be linked to.
2014-06-10 12:04:06 -04:00
Nick Mathewson
95d47a7481 Merge remote-tracking branch 'public/bug12169_relay_check' 2014-06-04 15:30:43 -04:00
Nick Mathewson
0073c5b517 Merge remote-tracking branch 'andrea/bug10616' 2014-06-04 15:12:45 -04:00
Nick Mathewson
b16321425f Bulletproof our 11246 fix a little, based on recommendation from andrea. 2014-06-04 12:27:42 -04:00
Nick Mathewson
e74c360156 Merge remote-tracking branch 'public/bug12195' 2014-06-04 12:16:03 -04:00
Nick Mathewson
84ed086d48 Fix ancient code that only checked circ_id, not circ_id and chan
This code mis-handled the case where a circuit got the same circuit
ID in both directions.  I found three instances of it in the
codebase, by grepping for [pn]_circ_id.

Because of the issue in command_process_relay_cell(), this would
have made roughly one circuit in a million completely nonfunctional.

Fixes bug 12195.
2014-06-03 18:19:08 -04:00
Andrea Shepard
2de0281879 Squelch spurious LD_BUG message in connection_ap_handshake_socks_reply() 2014-06-03 14:37:49 -07:00
Nick Mathewson
dd0745d066 Don't try to fetch bridge descriptors when DisableNetwork is set
Patch from Roger; changes file by me.

Fixes 10405; bugfix on 0.2.3.9-alpha, where DisableNetwork was
introduced.
2014-06-02 02:17:28 -04:00
Nick Mathewson
723894f114 Merge remote-tracking branch 'public/bug12170_024_v2' 2014-06-02 00:47:51 -04:00
Nick Mathewson
ad8977e394 Avoid needless router_dir_info_has_changed from router_set_status
On some profiles of Andrea's from #11332, I found that a great deal
of time can still be attributed to functions called from
update_router_have_minimum_dir_info().  This is making our
digestmap, tor_memeq, and siphash functions take a much bigger
portion of runtime than they really should.

If we're calling update_router_have_minimum_dir_info() too often,
that's because we're calling router_dir_info_changed() too often.
And it looks like most of the callers of router_dir_info_changed()
are coming as tail-calls from router_set_status() as invoked by
channel_do_open_actions().

But we don't need to call router_dir_info_changed() so much!  (I'm
not quite sure we need to call it from here at all, but...) Surely
we don't need to call it from router_set_status when the router's
status has not actually changed.

This patch makes us call router_dir_info_changed() from
router_set_status only when we are changing the router's status.

Fix for bug 12170.  This is leftover from our fix back in 273ee3e81
in 0.1.2.1-alpha, where we started caching the value of
update_router_have_minimum_dir_info().
2014-06-02 00:45:15 -04:00
Nick Mathewson
d9564d5285 Use uint32 !=, not tor_memneq, for relay cell integrity checking
tor_memeq has started to show up on profiles, and this is one of the
most frequent callers of that function, appearing as it does on every
cell handled for entry or exit.

59f9097d5c introduced tor_memneq here;
it went into Tor 0.2.1.31.  Fixes part of 12169.
2014-06-01 14:05:10 -04:00
Nick Mathewson
14842de9a7 sandbox: Allow DirPortFrontPage unconditionally if it's set
fixes 12114; bug not in any release.

Improves fix for 12028
2014-05-27 19:21:11 -04:00
Nick Mathewson
824bebd409 sandbox: Correct fix for hs part of 12064
Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor
2014-05-23 11:46:44 -04:00
Nick Mathewson
5de91d118d Merge branch 'bug11965_v2' 2014-05-23 11:23:00 -04:00
Nick Mathewson
802c063148 Postpone fetches based on should_delay_dir_fetch(), not DisableNetwork
Without this fix, when running with bridges, we would try fetching
directory info far too early, and have up to a 60 second delay if we
started with bridge descriptors available.

Fixes bug 11965. Fix on 0.2.3.6-alpha, arma thinks.
2014-05-23 11:22:35 -04:00
Nick Mathewson
cfd0ee514c sandbox: allow reading of hidden service configuration files.
fixes part of 12064
2014-05-22 20:39:10 -04:00
Nick Mathewson
85f49abfbe sandbox: refactor string-based option-unchanged tests to use a macro
There was too much code duplication in doing it the old way, and I
nearly made a copy-and-paste error in the last commit.
2014-05-22 20:00:22 -04:00
Nick Mathewson
ffc1fde01f sandbox: allow access to cookie files, approved-routers
fixes part of 12064
2014-05-22 19:56:56 -04:00
Michael Wolf
387f294d40 sandbox: allow access to various stats/*-stats files
Fix for 12064 part 1
2014-05-22 19:48:24 -04:00
Nick Mathewson
e425fc7804 sandbox: revamp sandbox_getaddrinfo cacheing
The old cache had problems:
     * It needed to be manually preloaded. (It didn't remember any
       address you didn't tell it to remember)
     * It was AF_INET only.
     * It looked at its cache even if the sandbox wasn't turned on.
     * It couldn't remember errors.
     * It had some memory management problems. (You can't use memcpy
       to copy an addrinfo safely; it has pointers in.)

This patch fixes those issues, and moves to a hash table.

Fixes bug 11970; bugfix on 0.2.5.1-alpha.
2014-05-22 17:39:36 -04:00
Nick Mathewson
1a73e17801 Merge remote-tracking branch 'andrea/bug11476' 2014-05-22 16:27:29 -04:00
Andrea Shepard
170e0df741 Eliminate #ifdef ENABLE_MEMPOOLS in packed_cell_new/free() 2014-05-21 10:53:25 -07:00
Yawning Angel
60ac9f1c90 Improve the log message when a transport doesn't support proxies.
Per feedback, explicltly note that the transport will be killed when it
does not acknowledge the configured outgoing proxy.
2014-05-21 08:14:39 +00:00
Yawning Angel
1210bdf146 Log the correct proxy type on failure.
get_proxy_addrport fills in proxy_type with the correct value, so there
is no point in logging something that's a "best guess" based off the
config.
2014-05-21 08:14:39 +00:00
Yawning Angel
cd56b1a86e Remove get_bridge_pt_addrport().
The code was not disambiguating ClientTransportPlugin configured and
not used, and ClientTransportPlugin configured, but in a failed state.

The right thing to do is to undo moving the get_transport_by_addrport()
call back into get_proxy_addrport(), and remove and explicit check for
using a Bridge since by the time the check is made, if a Bridge is
being used, it is PT/proxy-less.
2014-05-21 08:14:39 +00:00
Yawning Angel
41d2b4d3af Allow ClientTransportPlugins to use proxies
This change allows using Socks4Proxy, Socks5Proxy and HTTPSProxy with
ClientTransportPlugins via the TOR_PT_PROXY extension to the
pluggable transport specification.

This fixes bug #8402.
2014-05-21 08:14:38 +00:00
Nick Mathewson
2609b939d6 fix a wide line 2014-05-20 15:22:27 -04:00
Nick Mathewson
c21377e7bc sandbox: support logfile rotation
Fixes bug 12032; bugfix on 0.2.5.1-alpha
2014-05-20 15:21:48 -04:00
Nick Mathewson
268a117cdf sandbox: tolerate reloading with DirPortFrontPage set
Also, don't tolerate changing DirPortFrontPage.

Fixes bug 12028; bugfix on 0.2.5.1-alpha.
2014-05-20 14:58:28 -04:00
Nick Mathewson
465982012c sandbox: Disallow options which would make us call exec()
None of the things we might exec() can possibly run under the
sanbox, so rather than crash later, we have to refuse to accept the
configuration nice and early.

The longer-term solution is to have an exec() helper, but wow is
that risky.

fixes 12043; bugfix on 0.2.5.1-alpha
2014-05-20 12:21:31 -04:00
Nick Mathewson
f87071f49e sandbox: Permit access to stats/dirreq-stats
This prevents a crash when rotating logs with dirreq-stats enabled

fixes 12035; bugfix on 0.2.5.1-alpha.
2014-05-20 12:06:08 -04:00
Nick Mathewson
0b2b5b7606 Oops; permit rename with the correct filename 2014-05-20 12:03:27 -04:00
Nick Mathewson
ace9063fb4 Fix a sentence that I never 2014-05-20 11:58:18 -04:00
Nick Mathewson
f6d3006363 Sandbox: allow access to stats/bridge-stats
Fix for 12041; bugfix on 0.2.5.1-alpha.
2014-05-20 11:57:29 -04:00
Roger Dingledine
767b18ea8e note a comment that nickm didn't finish 2014-05-17 00:02:41 -04:00
Nick Mathewson
2d21a8f4d6 Merge remote-tracking branch 'public/bug11469_024' 2014-05-15 13:35:08 -04:00
Nick Mathewson
1badef5cec Use DirPort for uploading descriptors.
When we converted the horrible set of options that previously
controlled "use ORPort or DirPort? Anonymously or Non-anonymouly?" to
a single 'indirection' argument, we missed
directory_post_to_dirservers.

The problematic code was introduced in 5cbeb6080, which went into
0.2.4.3-alpha.  This is a fix for bug 11469.
2014-05-14 21:49:57 -04:00
Nick Mathewson
79c875ecdc Would-be fix for bug 7733: learn bridge ID from descriptor
If somebody has configured a client to use a bridge without setting
an identity digest (not recommended), learn the identity digest from
whatever bridge descriptor we have downloaded or have in our cache.
2014-05-14 14:34:01 -04:00
Nick Mathewson
9b4ac986cb Use tor_getpw{nam,uid} wrappers to fix bug 11946
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd).  The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.

To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.

(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox.  It's not desirable either.)
2014-05-14 13:53:14 -04:00
Nick Mathewson
e12af2adb0 Add a pair of wrapper functions: tor_getpwnam() and tor_getpwuid()
We'll use these to deal with being unable to access the user DB
after we install the sandbox, to fix bug 11946.
2014-05-14 13:50:43 -04:00
Andrea Shepard
39d4e67be8 Add --disable-mempools configure option 2014-05-12 18:23:34 -07:00
dana koch
d6e6c63baf Quench clang's complaints with -Wshorten-64-to-32 when time_t is not long.
On OpenBSD 5.4, time_t is a 32-bit integer. These instances contain
implicit treatment of long and time_t as comparable types, so explicitly
cast to time_t.
2014-05-11 23:36:00 -04:00
Nick Mathewson
4eb3018f94 Move structures into (private) part of buffers.h so we can inspect them while testing 2014-05-08 12:40:40 -04:00
Nick Mathewson
5b861ae53f Merge remote-tracking branch 'public/bug11648' 2014-05-08 12:01:23 -04:00
Nick Mathewson
411c622906 Merge commit 'bb9b4c37f8e7f5cf78918f382e90d8b11ff42551' into maint-0.2.4 2014-05-07 23:11:32 -04:00
Nick Mathewson
683b80bf81 Merge remote-tracking branch 'public/bug11737_diagnostic' 2014-05-07 22:52:44 -04:00
Nick Mathewson
0de2625675 Merge remote-tracking branch 'public/bug8387_diagnostic' 2014-05-07 22:15:24 -04:00
Nick Mathewson
48b9c6fcc6 Better log message for 8387 diagnostic 2014-05-07 22:13:29 -04:00
Nick Mathewson
6d39c8d156 Always finalize a zlib stream of server descriptors.
Possible fix for bug 11648.
2014-05-07 10:23:08 -04:00
Nick Mathewson
499e77663e Basic tests for get_unique_circ_id_by_chan. 2014-05-07 02:57:50 -04:00
Nick Mathewson
4a740451ac Merge remote-tracking branch 'public/bug11750' 2014-05-06 20:44:41 -04:00
Nick Mathewson
5cea500ce7 Merge branch 'bug11743_option_b' 2014-05-06 20:40:40 -04:00
Nick Mathewson
2fa601c797 Future-proof "id" lines against proposal 220. 2014-05-06 17:10:59 -04:00
Nick Mathewson
f077bb55ab fix a copy-paste comment mistake 2014-05-06 17:09:16 -04:00
Nick Mathewson
c7549cb4cd Merge remote-tracking branch 'karsten/bug11742' 2014-05-06 13:54:37 -04:00
Nick Mathewson
a06044a485 Check HT_REP_IS_BAD_() when giving a bug-7164 warning.
This may let us know if we're hitting 7164 because of an
hte_hash-corruption situation proposed by "cypherpunks" in bug
11737.
2014-05-06 13:03:24 -04:00
Nick Mathewson
0ad607d604 Faster chan_circid_entry_hash implementation
Since this is critical-path, let's tune the value we pass to
csiphash a little so it fits into one whole round.
2014-05-06 12:27:18 -04:00
Nick Mathewson
78301d99fe Fix compilation with DEBUG_DNS_CACHE
Reported by cypherpunks.

Fix for #11761; bugfix on 0.2.3.13-alpha where we made ht.h stop using
_identifiers.
2014-05-06 10:18:34 -04:00
Nick Mathewson
8127f4db30 Use siphash on channel/circuit-id map too
Fixes ticket 11750.
2014-05-05 12:13:58 -04:00
Nick Mathewson
4a621a50f5 Consensus method 18: Add a base64 ID digest to the microdesc
This is a stopgap measure to make sure that microdescriptors never
collide; see bug 11743.
2014-05-05 11:31:24 -04:00
Nick Mathewson
5d496963b4 Don't start sandbox except for CMD_RUN_TOR
This was crashing on --verify-config in the debian startup script, if you
had sandboxing enabled.  Fixes 11609; fix on 0.2.5.1-alpha.
2014-05-05 10:29:35 -04:00
Karsten Loesing
5e9bd1b5db Believe that v3 dirauths always serve extra infos.
Clients should always believe that v3 directory authorities serve
extra-info documents, regardless of whether their server descriptor
contains a "caches-extra-info" line or not.

Fixes part of #11683.
2014-05-05 15:31:52 +02:00
Karsten Loesing
1289474dbd Remove /tor/dbg-stability.txt URL.
The /tor/dbg-stability.txt URL was meant to help debug WFU and MTBF
calculations, but nobody was using it.

Fixes #11742.
2014-05-05 11:21:35 +02:00
Nick Mathewson
df03e9b737 have only one code path for #9635 logging 2014-05-01 12:40:33 -04:00
Nick Mathewson
7ad0cd209c Merge remote-tracking branch 'public/bug9635' 2014-05-01 12:39:39 -04:00
Nick Mathewson
a2b59dba71 Merge branch 'bug11654_squashed' 2014-05-01 12:34:59 -04:00
George Kadianakis
a787575b7f Fix a misuse of strlcpy() introduced by the #11156 patch. 2014-05-01 12:34:50 -04:00
Nick Mathewson
0e20825bf2 whitespace fix 2014-05-01 12:31:38 -04:00
Nick Mathewson
b51ce90777 Merge remote-tracking branch 'public/valgrind_tests' 2014-05-01 12:29:31 -04:00
Nick Mathewson
b6c8a14bf3 Merge remote-tracking branch 'public/bug4345a_024' 2014-05-01 12:13:07 -04:00
Nick Mathewson
1bbd3811c1 Merge remote-tracking branch 'public/bug10849_025'
Conflicts:
	src/or/config.c
2014-05-01 11:51:22 -04:00
Nick Mathewson
14bc6e8993 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/microdesc.c
2014-05-01 11:44:25 -04:00
Nick Mathewson
6a4f5d9b4d Downgrade bug 7164 warning to INFO
The 0.2.5.x warning is the one that might help us track this down; the
warnings in stable are just annoying users over and over and over.
2014-05-01 11:42:02 -04:00
Nick Mathewson
630b4af260 Merge remote-tracking branch 'andrea/bug11476' 2014-05-01 11:30:55 -04:00
Nick Mathewson
9511522bd4 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-30 20:26:55 -04:00
Nick Mathewson
efab3484e6 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-30 20:25:15 -04:00
Nick Mathewson
8828794dc2 Merge remote-tracking branch 'public/bug10849_023_bruteforce' into maint-0.2.3 2014-04-30 20:23:22 -04:00
Nick Mathewson
35699ef9f5 Drop the MaxMemInCellQueues lower limit down to 256 MB.
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.

This is a backport of 647248729f to 0.2.4.

Note that in 0.2.4, the option is called MaxMemInCellQueues.
2014-04-29 20:48:22 -04:00
Nick Mathewson
b0e078d5af Log info on ancient one-hop circuits in heartbeat
This is an attempt to diagnose 8387.
2014-04-29 14:02:12 -04:00
dana koch
88679aa53f Quench gcc's complaints about discarding constness in TO_ORIGIN_CIRCUIT.
This was previously satisfied by using a temporary variable, but there
are three other instances in circuitlist.c that gcc is now bothered by,
so now introduce a CONST_TO_ORIGIN_CIRCUIT that takes a const
circuit_t instead.
2014-04-29 13:18:12 -04:00
Nick Mathewson
0514bcd37c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-29 13:03:27 -04:00
Nick Mathewson
1d3ffc0ec9 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-29 13:02:18 -04:00
Nick Mathewson
65575b0755 Stop leaking memory in error cases of md parsing
When clearing a list of tokens, it's important to do token_clear()
on them first, or else any keys they contain will leak.  This didn't
leak memory on any of the successful microdescriptor parsing paths,
but it does leak on some failing paths when the failure happens
during tokenization.

Fixes bug 11618; bugfix on 0.2.2.6-alpha.
2014-04-29 13:00:00 -04:00
Nick Mathewson
212e982d9b Fix leaks in dir voting tests 2014-04-29 12:48:02 -04:00
Andrea Shepard
91ff10f6be Make --disable-buf-freelists build and pass unit tests 2014-04-29 02:18:34 -07:00
Nick Mathewson
1b7e297985 Fix capitalization of MaxMemInQueues
This won't affect anybody's configuration, but it makes it match what
we documented. Fixes part of 11634.
2014-04-28 12:25:52 -04:00
Nick Mathewson
4b519de5f9 Actually put ExtORPortCookieAuthFile into config.c
Fixes bug 11635; bugfix on 0.2.5.1-alpha.
2014-04-28 12:23:18 -04:00
Nick Mathewson
c7951731ed Fix memory leaks in test_circuit_timeout
Found with valgrind.
2014-04-26 00:10:04 -04:00
Nick Mathewson
f8248abbd6 Forbid TunneledDirConns 0 and PreferTunneledDirConns 0 if being a HS
Fixes bug 10849; bugfix on 0.2.1.1-alpha (I believe)
2014-04-25 14:24:41 -04:00
Nick Mathewson
d3c05a79f0 Merge branch 'scanbuild_fixes' 2014-04-25 01:24:39 -04:00
Nick Mathewson
95e617c828 whitespace fix 2014-04-24 12:34:23 -04:00
Nick Mathewson
5a9ac0df99 Merge remote-tracking branch 'public/bug11553_025' 2014-04-24 10:48:32 -04:00
Nick Mathewson
67aa3685e7 Merge branch 'bug11396_v2_squashed'
Conflicts:
	src/or/main.c
2014-04-24 10:31:38 -04:00
Nick Mathewson
e3af72647d Expose the real maxmeminqueues via a GETINFO
That is, GETINFO limits/max-mem-in-queues
2014-04-24 10:26:14 -04:00
Nick Mathewson
17ecd04fde Change the logic for the default for MaxMemInQueues
If we can't detect the physical memory, the new default is 8 GB on
64-bit architectures, and 1 GB on 32-bit architectures.

If we *can* detect the physical memory, the new default is
  CLAMP(256 MB, phys_mem * 0.75, MAX_DFLT)
where MAX_DFLT is 8 GB on 64-bit architectures and 2 GB on 32-bit
architectures.

You can still override the default by hand.  The logic here is simply
trying to choose a lower default value on systems with less than 12 GB
of physical RAM.
2014-04-24 10:26:14 -04:00
Nick Mathewson
aca05fc5c0 get_total_system_memory(): see how much RAM we have 2014-04-24 10:26:14 -04:00
Nick Mathewson
17ad309d33 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025
Conflicts:
	src/or/circuitbuild.c
2014-04-23 12:44:18 -04:00
Nick Mathewson
a770b74501 Improvements to #11553 fix based on review
Use a per-channel ratelim_t to control the rate at which we report
failures for each channel.

Explain why I picked N=32.

Never return a zero circID.

Thanks to Andrea and to cypherpunks.
2014-04-23 12:39:01 -04:00
Nick Mathewson
7a8cac14d5 Merge remote-tracking branch 'public/bug10268' 2014-04-23 11:11:08 -04:00
Nick Mathewson
66833311eb Merge remote-tracking branch 'public/bug11200' 2014-04-23 11:07:52 -04:00
Nick Mathewson
830492fbda Merge branch 'bug11156_issue2_squashed' 2014-04-23 11:05:54 -04:00
George Kadianakis
29c28d312c Slightly improve the documentation of src/or/transports.c
Make it clear that a SIGHUP is not the only action that can cause a
config re-read.
2014-04-23 11:05:45 -04:00
George Kadianakis
fa0c5da68b Rename the got_hup element of managed proxies.
Since we need to toggle that element in non-SIGHUP situations too where
the config was re-read (like in SETCONF or RESETCONF).
2014-04-23 11:05:45 -04:00
George Kadianakis
bf7cb6acf6 Don't halt bootstrap to figure out if we should restart PT proxies.
Instead, figure out if we should restart PT proxies _immediately_ after
we re-read the config file.
2014-04-23 11:05:45 -04:00
Nick Mathewson
9e44df2c98 Merge remote-tracking branch 'public/bug9229_024' into maint-0.2.4 2014-04-23 11:01:39 -04:00
Nick Mathewson
7b4b137dc9 Merge remote-tracking branch 'public/bug9229_025'
Conflicts:
	src/or/entrynodes.c
2014-04-23 11:00:49 -04:00
Nick Mathewson
78f555a248 scan-build: sizeof(ptr*) in a debugging log in ext_orport.c
Instead of taking the length of a buffer, we were taking the length of
a pointer, so that our debugging log would cover only the first
sizeof(void*) bytes of the client nonce.
2014-04-19 12:53:57 -04:00
Nick Mathewson
d4ad254917 scan-build: bulletproof last-chance errormsg generation in rendservice.c
If 'intro' is NULL in these functions, I'm pretty sure that the
error message must be set before we hit the end.  But scan-build
doesn't notice that, and is worried that we'll do a null-pointer
dereference in the last-chance errormsg generation.
2014-04-18 21:24:16 -04:00
Nick Mathewson
1b3bddd013 scan-build: Have clear_pending_onions walk the lists more obviously
As it stands, it relies on the fact that onion_queue_entry_remove
will magically remove each onionskin from the right list.  This
patch changes the logic to be more resilient to possible bugs in
onion_queue_entry_remove, and less confusing to static analysis tools.
2014-04-18 21:17:40 -04:00
Nick Mathewson
78bc814c04 scan-build: in cpuworker, initialize tv_start
scan-build doesn't realize that a request can't be timed at the end
unless it's timed at the start, and so it's not possible for us to
be subtracting start from end without start being set.
Nevertheless, let's not confuse it.
2014-04-18 21:12:45 -04:00
Nick Mathewson
895b6789e8 scan-build: get_proxy_addrport should always set its outputs
When get_proxy_addrport returned PROXY_NONE, it would leave
addr/port unset. This is inconsistent, and could (if we used the
function in a stupid way) lead to undefined behavior. Bugfix on
5b050a9b0, though I don't think it affects tor-as-it-is.
2014-04-18 20:41:40 -04:00
Nick Mathewson
7cd9520ba9 scan-build: when logging a path length, check build_state.
Throughout circuituse, when we log about a circuit, we log its
desired path length from build_state. scan-build is irrationally
concerned that build_state might be NULL.
2014-04-18 20:40:34 -04:00
Nick Mathewson
7106492571 scan-build: Be consistent with a needless check in circuitmux.c
In circuitmux_detach_all_circuits, we check whether an HT iterator
gives us NULL.  That should be impossible for an HT iterator.  But
our checking it has confused scan-build (justly) into thinking that
our later use of HT_NEXT_RMV might not be kosher.  I'm taking the
coward's route here and strengthening the check.  Bugfix on
fd31dd44. (Not a real bug though)
2014-04-18 20:35:59 -04:00
Nick Mathewson
0fd0f5f7a9 scan-build: Avoid crashing on BUG in circuit_get_by_rend_token_and_purpose
If we fail in circuit_get_by_rend_token_and_purpose because the
circuit has no rend_info, don't try to reference fiends from its
rend_info when logging an error.  Bugfix on 8b9a2cb68, which is
going into Tor 0.2.5.4-alpha.
2014-04-18 20:31:42 -04:00
Nick Mathewson
d1be2f5cf8 scan-build: circuit_cpath_support_ntor had a dead initialization
We were initializing cpath twice, which doesn't make sense.
2014-04-18 20:29:51 -04:00
Nick Mathewson
41a8930fa1 scan-build: check impossible null-pointer case in buffers.c
When maintaining buffer freelists, we don't skip more than there
are, so (*chp) can't be null to begin with.  scan-build has no way
to know that.
2014-04-18 20:28:46 -04:00
Nick Mathewson
0cca8dc35a Merge remote-tracking branch 'public/bug9963_v2_024' 2014-04-18 15:25:36 -04:00
Nick Mathewson
fd9961d220 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025 2014-04-18 13:23:44 -04:00
Nick Mathewson
985deaaaf7 Add a rate-limiter for the other circuitID exhaustion warning 2014-04-18 13:22:42 -04:00
Nick Mathewson
47a0c10728 Diagnostic warning to see if it's pending destroys causing 11553 2014-04-18 13:04:37 -04:00
Nick Mathewson
bd169aa9a5 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025
Conflicts:
	src/or/channel.h
2014-04-18 13:00:45 -04:00
Nick Mathewson
0d75344b0e Switch to random allocation on circuitIDs.
Fixes a possible root cause of 11553 by only making 64 attempts at
most to pick a circuitID.  Previously, we would test every possible
circuit ID until we found one or ran out.

This algorithm succeeds probabilistically. As the comment says:

  This potentially causes us to give up early if our circuit ID
  space is nearly full.  If we have N circuit IDs in use, then we
  will reject a new circuit with probability (N / max_range) ^
  MAX_CIRCID_ATTEMPTS.  This means that in practice, a few percent
  of our circuit ID capacity will go unused.

  The alternative here, though, is to do a linear search over the
  whole circuit ID space every time we extend a circuit, which is
  not so great either.

This makes new vs old clients distinguishable, so we should try to
batch it with other patches that do that, like 11438.
2014-04-18 12:58:58 -04:00
Nick Mathewson
bb9b4c37f8 Supply better and less frequent warnings on circID exhaustion
Fixes the surface behavior of #11553
2014-04-18 12:31:06 -04:00
Nick Mathewson
4367cbd71b Merge remote-tracking branch 'public/sandbox_fixes_rebased_2' 2014-04-16 23:45:55 -04:00
Nick Mathewson
c856193199 Merge remote-tracking branch 'andrea/bug11304' 2014-04-16 23:13:30 -04:00
Nick Mathewson
74ddd5f739 Merge remote-tracking branch 'andrea/bug11306' 2014-04-16 23:13:27 -04:00
Nick Mathewson
973661394a Merge branch '10267_plus_10896_rebased_twice' 2014-04-16 23:03:41 -04:00
Nick Mathewson
89e520e2a7 Call pf-divert openbsd-specific, not no-linux 2014-04-16 23:03:25 -04:00
Nick Mathewson
c00c45fee1 Fix OSX compilation. 2014-04-16 23:03:25 -04:00
Nick Mathewson
db8259c230 Whitespace, doc fixes 2014-04-16 23:03:25 -04:00
dana koch
f680d0fdd2 Educate tor on OpenBSD's use of divert-to rules with the pf firewall.
This means that tor can run without needing to communicate with ioctls
to the firewall, and therefore doesn't need to run with privileges to
open the /dev/pf device node.

A new TransProxyType is added for this purpose, "pf-divert"; if the user
specifies this TransProxyType in their torrc, then the pf device node is
never opened and the connection destination is determined with getsockname
(as per pf(4)). The default behaviour (ie., when TransProxyType is "default"
when using the pf firewall) is still to assume that pf is configured with
rdr-to rules.
2014-04-16 23:03:25 -04:00
Nick Mathewson
08ef8c0958 tor_addr_from_sockaddr() is applicable in ipfw code, so use it. 2014-04-16 23:03:25 -04:00
Nick Mathewson
3e4680f312 ipfw TransPort support on FreeBSD (10267)
This isn't on by default; to get it, you need to set "TransProxyType
ipfw".  (The original patch had automatic detection for whether
/dev/pf is present and openable, but that seems marginally fragile.)
2014-04-16 23:03:25 -04:00
Nick Mathewson
2ae47d3c3a Block certain option transitions while sandbox enabled 2014-04-16 22:03:18 -04:00
Nick Mathewson
c80a6bd9d5 Don't reload logs or rewrite pidfile while sandbox is active 2014-04-16 22:03:18 -04:00
Nick Mathewson
6194970765 Don't allow change to ConnLimit while sandbox is active 2014-04-16 22:03:18 -04:00
Nick Mathewson
18f7f49a8c Allow reloading torrc and writing to router-stability 2014-04-16 22:03:17 -04:00
Nick Mathewson
ce776cf270 Add a couple of missing renames so the server sandbox works again 2014-04-16 22:03:09 -04:00
Nick Mathewson
e6785ee16d Get Libevent's PRNG functioning under the linux sandbox
Libevent uses an arc4random implementation (I know, I know) to
generate DNS transaction IDs and capitalization.  But it liked to
initialize it either with opening /dev/urandom (which won't work
under the sandbox if it doesn't use the right pointer), or with
sysctl({CTL_KERN,KERN_RANDOM,RANDOM_UUIC}).  To make _that_ work, we
were permitting sysctl unconditionally.  That's not such a great
idea.

Instead, we try to initialize the libevent PRNG _before_ installing
the sandbox, and make sysctl always fail with EPERM under the
sandbox.
2014-04-16 22:03:09 -04:00
Nick Mathewson
156eefca45 Make sure everything using an interned string is preceded by a log
(It's nice to know what we were about to rename before we died from
renaming it.)
2014-04-16 22:03:09 -04:00
Nick Mathewson
71eaebd971 Drop 'fr' parameter from sandbox code.
Appearently, the majority of the filenames we pass to
sandbox_cfg_allow() functions are "freeable right after". So, consider
_all_ of them safe-to-steal, and add a tor_strdup() in the few cases
that aren't.

(Maybe buggy; revise when I can test.)
2014-04-16 22:03:08 -04:00
Nick Mathewson
e051e192a8 Remove nonsensical exec permission from sandbox code. 2014-04-16 22:03:08 -04:00
Nick Mathewson
cbfb8e703e Add 'rename' to the sandboxed syscalls
(If we don't restrict rename, there's not much point in restricting
open, since an attacker could always use rename to make us open
whatever they want.)
2014-04-16 22:03:08 -04:00
Nick Mathewson
ae9d6d73f5 Fix some initial sandbox issues.
Allow files that weren't in the list; Allow the _sysctl syscall;
allow accept4 with CLOEXEC and NONBLOCK.
2014-04-16 22:03:07 -04:00
Nick Mathewson
438a03ef7c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-16 15:37:19 -04:00
Nick Mathewson
3fc0f9efb8 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 14:57:14 -04:00
Nick Mathewson
ef3d7f2f97 remove note about dannenberg; it has upgraded. 2014-04-16 14:56:49 -04:00
Nick Mathewson
f050cf75b0 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 13:32:20 -04:00
Nick Mathewson
2ce0750d21 Update the authority signing key blacklist
Now it only has dannenberg
2014-04-16 13:31:40 -04:00
Andrea Shepard
65a0f895c7 Check for orconns and use connection_or_close_for_error() when appropriate in connection_handle_write_impl() 2014-04-15 23:03:16 -07:00
Andrea Shepard
6ee9138576 Call connection_or_close_for_error() properly if write_to_buf() ever fails on an orconn 2014-04-15 21:25:49 -07:00
Andrea Shepard
f36e93206a Avoid redundant calls to connection_mark_for_close() on listeners when setting DisableNetwork to 1 2014-04-15 20:35:31 -07:00
Andrea Shepard
a5544e589d Close orconns correctly through channels when setting DisableNetwork to 1 2014-04-15 20:19:39 -07:00
Nick Mathewson
03e0c7e366 Answer a question in a comment; fix a wide line. 2014-04-15 20:52:31 -04:00
dana koch
3ce3984772 Uplift status.c unit test coverage with new test cases and macros.
A new set of unit test cases are provided, as well as introducing
an alternative paradigm and macros to support it. Primarily, each test
case is given its own namespace, in order to isolate tests from each
other. We do this by in the usual fashion, by appending module and
submodule names to our symbols. New macros assist by reducing friction
for this and other tasks, like overriding a function in the global
namespace with one in the current namespace, or declaring integer
variables to assist tracking how many times a mock has been called.

A set of tests for a small-scale module has been included in this
commit, in order to highlight how the paradigm can be used. This
suite gives 100% coverage to status.c in test execution.
2014-04-15 15:00:34 -04:00
Nick Mathewson
9556668f5f Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-15 14:52:12 -04:00
Nick Mathewson
f3c20a28ab Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/circuituse.c
2014-04-15 14:51:19 -04:00
Nick Mathewson
b2106956e0 Don't send uninitialized stack to the controller and say it's a date.
Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha.
2014-04-14 21:51:30 -04:00
Nick Mathewson
bc4c966851 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-14 18:00:54 -04:00
Nick Mathewson
149931571a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/routerlist.h
2014-04-14 18:00:38 -04:00
Nick Mathewson
09ed8a5dbb Tweak changes file and comment dates. 2014-04-14 17:58:49 -04:00
Nick Mathewson
46cf63bb42 Fill in the list of blacklisted signing keys.
I used a list of certificate files from arma, and a little script,
both at 11464.
2014-04-14 17:57:39 -04:00
Nick Mathewson
50ad393924 Code to blacklist authority signing keys
(I need a list of actual signing keys to blacklist.)
2014-04-14 17:57:39 -04:00
Nick Mathewson
a790454368 Demote "we stalled too much while trying to write" message to INFO
Resolves ticket 5286.
2014-04-09 11:34:00 -04:00
Nick Mathewson
fa6b80d6e5 Merge remote-tracking branch 'public/bug10431' 2014-04-09 08:29:21 -04:00
Roger Dingledine
aacbf551c4 note a missing word 2014-04-09 01:01:52 -04:00
Nick Mathewson
6a0dc0e585 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-08 20:30:30 -04:00
Nick Mathewson
6ab10a5466 Make num_bridges_usable work properly.
My first implementation was broken, since it returned "whether there
is one bridge" rather than "how many bridges."

Also, the implementation for the n_options_out feature in
choose_random_entry_impl was completely broken due to a missing *.
2014-04-08 15:51:40 -04:00
Nick Mathewson
689863d0a9 Merge branch 'bug2454_025_squashed' 2014-04-08 15:37:15 -04:00
Matthew Finkel
2d5a7b1842 Check for new IP addr after circuit liveliness returns
When we successfully create a usable circuit after it previously
timed out for a certain amount of time, we should make sure that
our public IP address hasn't changed and update our descriptor.
2014-04-08 15:37:01 -04:00
Nick Mathewson
245f273aaf Merge branch 'bug7952_final'
Conflicts:
	src/test/include.am
	src/test/test.c
2014-04-08 13:55:02 -04:00
rl1987
51e13cd1ad Making entire exit policy available to Tor controller. 2014-04-08 13:50:02 -04:00
Nick Mathewson
3ac426afe8 Merge remote-tracking branch 'public/bug4241' 2014-04-08 12:41:03 -04:00
Nick Mathewson
fffc59b0e9 Merge remote-tracking branch 'public/bug9841_025' 2014-04-08 12:06:03 -04:00
Nick Mathewson
ab1a679eef Fix a small memory leak when resolving PTR addresses
Fixes bug 11437; bugfix on 0.2.4.7-alpha.

Found by coverity; this is CID 1198198.
2014-04-07 23:29:47 -04:00
Nick Mathewson
f0bce2dc35 Fix some harmless/untriggerable memory leaks found by coverity 2014-04-07 23:20:13 -04:00
Nick Mathewson
595303fd1e Merge remote-tracking branch 'public/bug10363_024_squashed' 2014-04-07 23:03:04 -04:00
Nick Mathewson
092ac26ea2 Fix undefined behavior with pointer addition in channeltls.c
In C, it's a bad idea to do this:

   char *cp = array;
   char *end = array + array_len;

   /* .... */

   if (cp + 3 >= end) { /* out of bounds */ }

because cp+3 might be more than one off the end of the array, and
you are only allowed to construct pointers to the array elements,
and to an element one past the end.  Instead you have to say

   if (cp - array + 3 >= array_len) { /* ... */ }

or something like that.

This patch fixes two of these: one in process_versions_cell
introduced in 0.2.0.10-alpha, and one in process_certs_cell
introduced in 0.2.3.6-alpha.  These are both tracked under bug
10363. "bobnomnom" found and reported both. See also 10313.

In our code, this is likely to be a problem as we used it only if we
get a nasty allocator that makes allocations end close to (void*)-1.
But it's best not to have to worry about such things at all, so
let's just fix all of these we can find.
2014-04-07 22:56:42 -04:00
Nick Mathewson
6d0991ea08 Give no answer, not NOTIMPL, for unsupported DNS query types
According to reports, most programs degrade somewhat gracefully on
getting no answer for an MX or a CERT for www.example.com, but many
flip out completely on a NOTIMPL error.

Also, treat a QTYPE_ALL query as just asking for an A record.

The real fix here is to implement proposal 219 or something like it.

Fixes bug 10268; bugfix on 0.2.0.1-alpha.

Based on a patch from "epoch".
2014-04-07 22:08:41 -04:00
Nick Mathewson
90341b4852 For missing transport, say "PT_MISSING" not "NO_ROUTE" 2014-04-07 13:44:22 -04:00
Nick Mathewson
754a50592c Forward-port bug9665 fix to work with our fix for 11069 2014-04-07 13:41:07 -04:00
Fábio J. Bertinatto
08ae53e400 Fix bug9665 2014-04-07 13:36:36 -04:00
Nick Mathewson
bc0882c868 Merge remote-tracking branch 'public/bug9650' 2014-04-05 14:53:48 -04:00
Nick Mathewson
2ff664ee20 Merge remote-tracking branch 'public/bug10801_024'
Conflicts:
	src/common/address.c
	src/or/config.c
2014-04-05 14:50:57 -04:00
Nick Mathewson
8f16a77d6a Protocol_Warn when a rendezvous cookie is used twice. 2014-04-04 12:17:16 -04:00
Nick Mathewson
1bb6e3b503 Merge remote-tracking branch 'public/bug9841_024_v2' into bug9841_025 2014-04-04 12:05:51 -04:00
Nick Mathewson
09dbcf3b82 Fix to 9841 fix: setting a token to NULL should clear it
Found by testing with chutney.  The old behavior was "fail an
assertion", which obviously isn't optimal.

Bugfix on 8b9a2cb68b290e550695124d7ef0511225b451d5; bug not in any
released version.
2014-04-04 12:01:49 -04:00
Nick Mathewson
d290e36576 Fix make_socket_reusable() on windows. Bug not in any released Tor 2014-04-02 21:11:45 -04:00
Nick Mathewson
24c4b56a39 Merge remote-tracking branch 'public/bug10081' 2014-04-02 15:45:20 -04:00
Nick Mathewson
da908a593f Unit tests for connection_edge_process_resolved_cell
Also rename a function to be more accurate (resolve->resolved)
2014-04-02 15:38:00 -04:00
Nick Mathewson
c230ff4ca9 Look at all of a RESOLVED cell; not just the first answer.
Also, stop accepting the old kind of RESOLVED cells with no TTL
fields; they haven't been sent since 0.1.1.6-alpha.

This patch won't work without the fix to #10468 -- it will break
DNSPorts unless they set the proper ipv4/6 flags on entry_connection_t.
2014-04-02 15:38:00 -04:00
Nick Mathewson
2f59d6e2d8 Drop MAX_REND_FAILURES to 8 2014-04-02 15:36:13 -04:00
Nick Mathewson
4fb3ae69a6 Extract code to handle RESOLVED cells
No other changes have been made; only code has been moved.
2014-04-01 23:30:41 -04:00
Nick Mathewson
17d5734df4 Merge remote-tracking branch 'public/bug11278' 2014-04-01 21:56:49 -04:00
Nick Mathewson
86f619d0d3 Merge remote-tracking branch 'public/bug10468_024' 2014-04-01 21:50:55 -04:00
Nick Mathewson
fc9e84062b Merge remote-tracking branch 'public/bug4645'
Conflicts:
	src/or/dirserv.c
2014-04-01 21:49:01 -04:00
Nick Mathewson
408bd98e79 Add one more missing heck on bug4645 fixes 2014-04-01 21:10:14 -04:00
Nick Mathewson
b4b91864bb Merge remote-tracking branch 'public/bug9870'
Conflicts:
	src/or/config.c
2014-04-01 20:48:15 -04:00
Nick Mathewson
c0441cca8b Merge branch 'bug8787_squashed' 2014-03-31 11:57:56 -04:00
Nick Mathewson
1a9b4bd28c Munmap the right pointers in routerlist_free() 2014-03-31 11:43:51 -04:00
Nick Mathewson
449b87791d NULL out all mappings after tor_munmap_file() 2014-03-31 11:42:49 -04:00
Andrea Shepard
abdf1878a3 Always check returns from unlink() 2014-03-31 11:27:08 -04:00
Andrea Shepard
df076eccfa Always check returns from tor_munmap_file() in microdesc.c 2014-03-31 11:27:08 -04:00
Andrea Shepard
947a6daa31 Always check returns from tor_munmap_file() in routerlist.c 2014-03-31 11:27:08 -04:00
Nick Mathewson
f82e499aa5 Merge remote-tracking branch 'public/bug11342' 2014-03-31 10:51:09 -04:00
Nick Mathewson
5e0cfba969 Fix a clang compilation warning
Subtracting two time_t values was yielding something that maybe
can't be fit in an int.

Bugfix on 0389d4aa; bug not in any released Tor.
2014-03-31 10:07:42 -04:00
Nick Mathewson
bfe783f167 Make dump_desc() use binary mode
Otherwise, it could mung the thing that came over the net on windows,
which would defeat the purpose of recording the unparseable thing.

Fixes bug 11342; bugfix on 0.2.2.1-alpha.
2014-03-27 23:53:03 -04:00
Nick Mathewson
9efd970dd9 Merge branch 'bug9658_refactor' 2014-03-27 23:00:28 -04:00
Nick Mathewson
6ad7f3417c Renamed "onionskins_completed" to "onionskins_assigned"
This improves the accuracy of the function/variable names.
2014-03-27 22:57:53 -04:00
Nick Mathewson
46a3914079 Respond to AAAA requests on DNSPort with AAAA automaps
Other DNS+IPv6 problems remain, but at least this fixes the
automapping.

Fixes bug 10468; bugfix on 0.2.4.7-alpha.
2014-03-27 17:41:43 -04:00
Nick Mathewson
753a246a14 check outputs from get_first_listener_addrport_string
Fix for 9650; bugfix for 0.2.3.16-alpha.
2014-03-27 17:12:01 -04:00
Nick Mathewson
b0bbe6b2f1 Report only the first bootstrap failure from an orconn
Otherwise, when we report "identity mismatch", we then later report
DONE when the connection gets closed.

Fixes bug 10431; bugfix on 0.2.1.1-alpha.
2014-03-27 15:58:43 -04:00
Nick Mathewson
24e0b1088a whitespace fix 2014-03-27 15:34:57 -04:00
Nick Mathewson
9c0a1adfa2 Don't do a DNS lookup on a bridge line address
Fixes bug 10801; bugfix on 07bf274d in 0.2.0.1-alpha.
2014-03-27 15:31:29 -04:00
Nick Mathewson
2721246f5d Merge branch 'bug7164_diagnose_harder_v2' 2014-03-27 14:26:21 -04:00
Nick Mathewson
0389d4aa56 More logs to try to diagnose bug 7164
This time, check in microdesc_cache_clean() to see what could be
going wrong with an attempt to clean a microdesc that's held by a node.
2014-03-27 14:23:19 -04:00
Nick Mathewson
de9de9e7dd Give specific warnings when client-side onionskin handshakes fail
Fix for bug9635.
2014-03-27 14:15:53 -04:00
Nick Mathewson
60abc4804f Don't warn when setsockopt(SO_REUSEABLE) on accept()ed socket says EINVAL
This should fix bug10081.  I believe this bug pertains to OSX
behavior, not any Tor behavior change.
2014-03-27 13:55:18 -04:00
Nick Mathewson
5b36f0d7e7 Log descriptor-download bootstrapping messages less verbosely
This is a fix for 9963.  I say this is a feature, but if it's a
bugfix, it's a bugfix on 0.2.4.18-rc.

Old behavior:

    Mar 27 11:02:19.000 [notice] Bootstrapped 50%: Loading relay descriptors.
    Mar 27 11:02:20.000 [notice] Bootstrapped 51%: Loading relay descriptors.
    Mar 27 11:02:20.000 [notice] Bootstrapped 52%: Loading relay descriptors.
    ... [Many lines omitted] ...
    Mar 27 11:02:29.000 [notice] Bootstrapped 78%: Loading relay descriptors.
    Mar 27 11:02:33.000 [notice] We now have enough directory information to build circuits.

New behavior:

    Mar 27 11:16:17.000 [notice] Bootstrapped 50%: Loading relay descriptors
    Mar 27 11:16:19.000 [notice] Bootstrapped 55%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 60%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 65%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 70%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 75%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] We now have enough directory information to build circuits.
2014-03-27 11:23:53 -04:00
Nick Mathewson
6da2544f20 Turn off testing code for #9683.
(This wasn't supposed to get committed turned-on.)
2014-03-26 10:31:56 -04:00
Nick Mathewson
07eb481492 Demote "Invalid length on ESTABLISH_RENDEZVOUS" to protocol_warn
Fixes bug 11279
2014-03-25 11:55:27 -04:00
Nick Mathewson
d5e11f21cc Fix warnings from doxygen
Most of these are simple.  The only nontrivial part is that our
pattern for using ENUM_BF was confusing doxygen by making declarations
that didn't look like declarations.
2014-03-25 11:27:43 -04:00
Nick Mathewson
852fd1819e Free placeholder circid/chan->circuit map entries on exit
In circuitlist_free_all, we free all the circuits, removing them from
the map as we go, but we weren't actually freeing the placeholder
entries that we use to indicate pending DESTROY cells.

Fix for bug 11278; bugfix on the 7912 code that was merged in
0.2.5.1-alpha
2014-03-25 10:14:26 -04:00
Roger Dingledine
85ef58e5ba quiet the debug message in circuit_build_times_disabled()
something recently made it get called once per second, which will clutter
up your debug log file.
2014-03-24 02:33:17 -04:00
Nick Mathewson
3ddbf2880f Merge remote-tracking branch 'public/bug11275_024' 2014-03-23 15:56:23 -04:00
Roger Dingledine
eff16e834b Stop leaking 'sig' at each call of router_append_dirobj_signature()
The refactoring in commit cb75519b (tor 0.2.4.13-alpha) introduced
this leak.
2014-03-23 15:53:51 -04:00
Roger Dingledine
ddaeb4deee Be more lenient in our fix for bug 11149
There are still quite a few 0.2.3.2x relays running for x<5, and while I
agree they should upgrade, I don't think cutting them out of the network
is a net win on either side.
2014-03-23 02:53:08 -04:00
Nick Mathewson
f560eeadc3 Remove the unused circuit_dump_by_chan().
Also remove its helper function.
2014-03-23 00:28:39 -04:00
Nick Mathewson
2cfc4453c2 Merge remote-tracking branch 'public/bug9683_rebased' 2014-03-23 00:20:05 -04:00
Nick Mathewson
f4e2c72bee Merge remote-tracking branch 'karsten/task-11070' 2014-03-23 00:18:48 -04:00
Nick Mathewson
f2c6c5e69c Merge branch 'ticket11149' 2014-03-23 00:18:11 -04:00
Andrea Shepard
3b31b45ddb Appease make check-spaces 2014-03-18 10:26:44 -07:00
Karsten Loesing
7450403410 Take out remaining V1 directory code. 2014-03-18 10:40:10 +01:00
Nick Mathewson
d769cab3e5 Defensive programming: null [pn]_chan,circ_id in circuit_mark_for_close_
Doing this as part of the patch for #9683 to prevent possible bugs
down the line
2014-03-14 11:58:34 -04:00
Nick Mathewson
1a74360c2d Test code for implementation of faster circuit_unlink_all_from_channel
This contains the obvious implementation using the circuitmux data
structure.  It also runs the old (slow) algorithm and compares
the results of the two to make sure that they're the same.

Needs review and testing.
2014-03-14 11:57:51 -04:00
Nick Mathewson
d01cf18ecb should_disable_dir_fetches() now returns 1 if DisableNetwork==1
This change prevents LD_BUG warnings and bootstrap failure messages
when we try to do directory fetches when starting with
DisableNetwork == 1, a consensus present, but no descriptors (or
insufficient descriptors) yet.

Fixes bug 11200 and bug 10405.  It's a bugfix on 0.2.3.9-alpha.
Thanks to mcs for walking me through the repro instructions!
2014-03-14 10:42:49 -04:00
Nick Mathewson
df836b45b0 Merge remote-tracking branch 'asn/bug5018_notice' 2014-03-12 11:10:51 -04:00
Nick Mathewson
9077118ee2 Remove the unused router_hex_digest_matches
When I removed some unused functions in 5bfa373eee, this became
unused as well.
2014-03-11 11:17:46 -04:00
Nick Mathewson
cce06b649e Merge remote-tracking branch 'asn/bug11069_take2' 2014-03-11 11:04:47 -04:00
George Kadianakis
1c475eb018 Throw control port warning if we failed to connect to all our bridges. 2014-03-10 22:52:07 +00:00
George Kadianakis
cc1bb19d56 Tone down the log message for when we don't need a PT proxy. 2014-03-10 22:05:31 +00:00
Nick Mathewson
7aa2192048 Fix our check for the "first" bridge descriptor.
This is meant to be a better bug 9229 fix -- or at least, one more
in tune with the intent of the original code, which calls
router_retry_directory_downloads() only on the first bridge descriptor.
2014-03-10 15:11:21 -04:00
Nick Mathewson
db72479eea Update ns downloads when we receive a bridge descriptor
This prevents long stalls when we're starting with a state file but
with no bridge descriptors.  Fixes bug 9229.  I believe this bug has
been present since 0.2.0.3-alpha.
2014-03-10 15:01:27 -04:00
Nick Mathewson
b8ceb464e5 Merge branch 'bug11156_squashed' 2014-03-10 14:08:38 -04:00
Nick Mathewson
0c04416c11 Merge branch 'bug11043_take2_squashed' 2014-03-10 14:08:29 -04:00
George Kadianakis
6606e676ee Don't do directory fetches before all PTs have been configured. 2014-03-10 14:07:56 -04:00
George Kadianakis
8c8e21e296 Improve the log message for when the Extended ORPort is not enabled. 2014-03-10 12:54:46 -04:00
Nick Mathewson
a50690e68f Merge remote-tracking branch 'origin/maint-0.2.4' 2014-03-06 11:52:22 -05:00
Nick Mathewson
4a2a1e572e Merge branch 'bug11108' 2014-03-06 10:22:40 -05:00
Nick Mathewson
cbf9e74236 Correct the URL in the "a relay on win95???" message
This is a fix for 9393; it's not a bugfix on any Tor version per se,
but rather on whatever Tor version was current when we reorganized the
wiki.
2014-03-06 09:57:42 -05:00
Nick Mathewson
a4b447604a Stop accepting 0.2.2 relay uploads for the consensus.
Resolves ticket 11149.
2014-03-06 09:38:35 -05:00
Nick Mathewson
663aba07e5 Fix whitespace errors, all of them mine. 2014-03-05 14:36:32 -05:00
Nick Mathewson
22ccfc6b5f Rename PredictedCircsRelevanceTime->PredictedPortsRelevanceTime
All circuits are predictive; it's the ports that are expiring here.
2014-03-05 14:35:07 -05:00
Nick Mathewson
103cebd924 Merge branch 'ticket9176_squashed'
Conflicts:
	doc/tor.1.txt
2014-03-05 14:32:05 -05:00
Nick Mathewson
25374d307d Fix wide lines. 2014-03-05 14:31:13 -05:00
Nick Mathewson
2c25bb413e Lower the maximum for PrecictedCircsRelevanceTime to one hour 2014-03-05 14:31:13 -05:00
unixninja92
4f03804b08 Fixed spacing. 2014-03-05 14:31:13 -05:00
unixninja92
5c310a4fa2 Added max value to PredictedCircsRelevanceTime. 2014-03-05 14:31:13 -05:00
unixninja92
898154f717 PredictedCircsRelevanceTime: limit how long we predict a port will be used
By default, after you've made a connection to port XYZ, we assume
you might still want to have an exit ready to connect to XYZ for one
hour. This patch lets you lower that interval.

Implements ticket 91
2014-03-05 14:29:54 -05:00
Nick Mathewson
f0b2dc83b6 Merge remote-tracking branch 'arma/ticket5528'
Conflicts:
	src/or/router.c
	src/test/test_dir.c
2014-03-05 12:44:40 -05:00
Nick Mathewson
496fe685fd Include v3 in documented 'protocols' in rend_service_descriptor_t
Also make it unsigned and document that it's for INTRODUCE cell versions.

Fixes 9099; bugfix on 0.2.1.5-alpha, which introduced the v3 protocol.
2014-03-04 12:03:18 -05:00
Nick Mathewson
ab225aaf28 Merge branch 'bug10169_025_v2'
Conflicts:
	src/test/test.c
2014-03-04 11:03:30 -05:00
Nick Mathewson
bb37544214 Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/common/compat_libevent.h
	src/or/relay.c
2014-03-04 11:00:02 -05:00
Nick Mathewson
46118d7d75 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	src/or/relay.c
2014-03-04 10:54:54 -05:00
Nick Mathewson
0db39eb89f ATTR_NORETURN is needed on lost_owning_controller now
This should fixes some "hey, that function could have
__attribute__((noreturn))" warnings  introduced by f96400d9.

Bug not in any released version of Tor.
2014-03-03 10:54:20 -05:00
Nick Mathewson
4050dfa320 Warn if ports are specified in {Socks,Dir}Policy
We have ignored any ports listed here since 80365b989 (0.0.7rc1),
but we didn't warn the user that we were ignoring them.  This patch
adds a warning if you put explicit ports in any of the options
{Socks,Dir}Policy or AuthDir{Reject,Invalid,BadDir,BadExit}.  It
also adjusts the manpage to say that ports are ignored.

Fixes ticket 11108.
2014-03-03 10:45:39 -05:00
Roger Dingledine
bd49653f8e trivial whitespace fixes 2014-03-03 06:53:08 -05:00
Nick Mathewson
0b7a66fac7 whitespace fix 2014-02-28 08:57:29 -05:00
Nick Mathewson
273f536d72 Merge branch 'bug10884_squashed' 2014-02-28 08:54:50 -05:00
Nick Mathewson
886d4be149 Unit tests for test_routerkeys_write_fingerprint 2014-02-28 08:53:14 -05:00
Nick Mathewson
25c0435aa5 Tighten router_write_fingerprint impl 2014-02-28 08:53:14 -05:00
Karsten Loesing
3ca5fe81e3 Write hashed bridge fingerprint to logs and to disk.
Implements #10884.
2014-02-28 08:53:13 -05:00
Nick Mathewson
043329eeb6 Merge remote-tracking branch 'karsten/task-5824' 2014-02-28 08:32:13 -05:00
Nick Mathewson
833d027778 Monotonize the OOM-killer data timers
In a couple of places, to implement the OOM-circuit-killer defense
against sniper attacks, we have counters to remember the age of
cells or data chunks.  These timers were based on wall clock time,
which can move backwards, thus giving roll-over results for our age
calculation.  This commit creates a low-budget monotonic time, based
on ratcheting gettimeofday(), so that even in the event of a time
rollback, we don't do anything _really_ stupid.

A future version of Tor should update this function to do something
even less stupid here, like employ clock_gettime() or its kin.
2014-02-26 09:51:30 -05:00
Nick Mathewson
bf1678603f Merge remote-tracking branch 'public/bug10449' 2014-02-25 16:09:15 -05:00
Nick Mathewson
c3800f631b Merge remote-tracking branch 'public/no_itime_queue' into maint-0.2.4 2014-02-25 15:58:53 -05:00
Nick Mathewson
d21b24b3b6 Merge remote-tracking branch 'public/feature9777_024_squashed' into maint-0.2.4 2014-02-24 13:05:25 -05:00
Nick Mathewson
1753975ece When not an exit node, don't test for DNS hijacking.
Back in 5e762e6a5c, non-exit servers
stopped launching DNS requests for users.  So there's no need for them
to see if their DNS answers are hijacked.

Patch from Matt Pagan.  I think this is a 965 fix.
2014-02-21 18:04:48 +00:00
Nick Mathewson
6eba3584b1 Merge remote-tracking branch 'public/bug10987_024' 2014-02-21 17:29:48 +00:00
Nick Mathewson
f3e8271652 Style tweaks on code, changes file for 10987 2014-02-21 17:27:35 +00:00
David Goulet
1532cff2ce Fix: send back correct IPv6 SOCKS5 connect reply
For a client using a SocksPort connection and IPv6, the connect reply
from tor daemon did not handle AF_INET6 thus sending back the wrong
payload to the client.

A changes file is provided and this fixes #10987

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-02-21 17:19:11 +00:00
Nick Mathewson
3dfed0806c Merge remote-tracking branch 'public/bug10722' 2014-02-16 12:13:12 -05:00
Nick Mathewson
b5d6e47002 Warning message when bug 10722 would trigger
If somebody's excludenodes settings are keeping their hidden service
connections from working, they should probably get notified about it.
2014-02-16 12:11:07 -05:00
Nick Mathewson
35423d397f Merge branch 'bug4900_siphash_v2' 2014-02-15 15:59:10 -05:00
Nick Mathewson
b3a6907493 Remove a bunch of functions that were never called. 2014-02-15 15:33:34 -05:00
Nick Mathewson
67749475f5 Merge remote-tracking branch 'public/bug10841' 2014-02-15 15:06:06 -05:00
Nick Mathewson
ac5ae794bd tristate->enum in rendcommon functions
When we have more than two return values, we should really be using
an enum rather than "-2 means this, -1 means that, 0 means this, and
1 or more means a number."
2014-02-14 23:23:53 -05:00
Karsten Loesing
c024ff8671 Remove another unused v0 hidserv function.
Noted by Nick on #10841.
2014-02-14 17:54:16 +01:00
Nick Mathewson
949c9ae26b Tweak sign of rend_token params for consistency 2014-02-13 15:24:09 -05:00
Nick Mathewson
ecf61e924d Merge remote-tracking branch 'public/bug9841_024_v2' into bug9841_025
Conflicts:
	src/or/circuitlist.c
2014-02-13 14:49:15 -05:00
Nick Mathewson
8b9a2cb68b Faster circuit_get_by_rend_token_and_purpose()
On busy servers, this function takes up something like 3-7% in
different profiles, and gets invoked every time we need to participate
as the midpoint in a hidden service.

So maybe walking through a linked list of all the circuits here wasn't
a good idea.
2014-02-13 14:44:43 -05:00
Nick Mathewson
c4bb3c8d44 Log only one message for dangerous log settings.
We log only one message, containing a complete list of what's
wrong.  We log the complete list whenever any of the possible things
that could have gotten wrong gets worse.

Fix for #9870. Bugfix on 10480dff01, which we merged in
0.2.5.1-alpha.
2014-02-12 15:32:50 -05:00
Nick Mathewson
79c234e0e3 On OOM, also log N circuits remaining 2014-02-12 13:09:02 -05:00
Nick Mathewson
c8d41da52d More unit tests for OOM handling.
This gets us up to no interesting untested new or changed lines for
the 10169 code.
2014-02-12 12:50:16 -05:00
Nick Mathewson
9a07ec751f Refactor OOM-handling functions for more testability
This patch splits out some of the functions in OOM handling so that
it's easier to check them without involving the rest of Tor or
requiring that the circuits be "wired up".
2014-02-12 12:48:20 -05:00
Nick Mathewson
f425cf8338 Start writing tests for 10169.
Now we cover more chunk allocation functions.
2014-02-12 12:47:49 -05:00
Nick Mathewson
eb6f433bdb Debugging code inbuffers.c for debugging chunk allocation.
Currently on; will disable later in this branch.
2014-02-12 12:46:17 -05:00
Nick Mathewson
87fb1e324c Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/or/circuitlist.c
2014-02-12 12:44:58 -05:00
Nick Mathewson
05d8111eed Merge remote-tracking branch 'public/bug10169_023' into bug10169_024 2014-02-12 12:39:15 -05:00
Nick Mathewson
fd28754dd3 Actually release buffer freelists when handling OOM conditions.
Otherwise freeing buffers won't help for a little while.
2014-02-12 12:38:20 -05:00
Nick Mathewson
7951591744 Fix bugs in bug10169 bugfix memory tracking
The chunk_grow() and chunk_copy() functions weren't adjusting the
memory totals properly.

Bugfix not on any released Tor version.
2014-02-12 12:37:41 -05:00
Nick Mathewson
d3fb846d8c Split crypto_global_init() into pre/post config
It's increasingly apparent that we want to make sure we initialize our
PRNG nice and early, or else OpenSSL will do it for us.  (OpenSSL
doesn't do _too_ bad a job, but it's nice to do it ourselves.)

We'll also need this for making sure we initialize the siphash key
before we do any hashes.
2014-02-12 12:04:07 -05:00
Nick Mathewson
0e97c8e23e Siphash-2-4 is now our hash in nearly all cases.
I've made an exception for cases where I'm sure that users can't
influence the inputs.  This is likely to cause a slowdown somewhere,
but it's safer to siphash everything and *then* look for cases to
optimize.

This patch doesn't actually get us any _benefit_ from siphash yet,
since we don't really randomize the key at any point.
2014-02-12 11:32:10 -05:00
Nick Mathewson
2c0088b8aa Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-12 09:17:11 -05:00
Nick Mathewson
d6e6eaba60 Fix windows compilation of e0c8031516
There is no WSAEPERM; we were implying that there was.This fixes a
bug in e0c8031516, which hadn't yet
appeared in any released Tor.
2014-02-12 09:16:22 -05:00
Karsten Loesing
74c2bff781 Remove remaining v0 hidden service descriptor code.
Fixes the rest of #10841 after #10881 already removed some hidden service
authority code.
2014-02-12 14:36:08 +01:00
Nick Mathewson
0ee449ca92 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-11 18:58:58 -05:00
Nick Mathewson
91d4bb0b00 Merge branch 'bug10777_netunreach_024' into maint-0.2.4 2014-02-11 18:57:55 -05:00
Nick Mathewson
8836c1ee2f Merge remote-tracking branch 'public/bug10777_nointernal_024' into maint-0.2.4 2014-02-11 18:55:26 -05:00
Nick Mathewson
10d4d3e2d5 Merge remote-tracking branch 'public/no_itime_queue_025' 2014-02-11 11:52:35 -05:00
Nick Mathewson
5e0cdc5ef2 Merge branch 'bug10881' 2014-02-11 11:42:06 -05:00
Nick Mathewson
ce450bddb7 Remove TunnelDirConns and PreferTunnelledDirConns
These options were added back in 0.1.2.5-alpha, but no longer make any
sense now that all directories support tunneled connections and
BEGIN_DIR cells.  These options were on by default; now they are
always-on.

This is a fix for 10849, where TunnelDirConns 0 would break hidden
services -- and that bug arrived, I think, in 0.2.0.10-alpha.
2014-02-11 11:10:55 -05:00
Nick Mathewson
cb065a55bd Merge remote-tracking branch 'karsten/one-dirauth' 2014-02-11 10:15:03 -05:00
Nick Mathewson
cb28fe486f Merge remote-tracking branch 'public/bug10722' 2014-02-11 10:08:58 -05:00
Nick Mathewson
c0483c7f85 Remove options for configuring HS authorities.
(There is no longer meaningfully any such thing as a HS authority,
since we stopped uploading or downloading v0 hs descriptors in
0.2.2.1-alpha.)

Implements #10881, and part of #10841.
2014-02-10 22:41:52 -05:00
Roger Dingledine
dd3f2f6332 fix trivial typo 2014-02-10 16:05:35 -05:00
Nick Mathewson
e0c8031516 make EACCES survivable too. 2014-02-10 15:06:10 -05:00
Nick Mathewson
5b55e0e181 Merge remote-tracking branch 'public/no_itime_queue'
The conflicts here were tricky, and required me to eliminate the
command-queue as well.  That wasn't so hard.

Conflicts:
	src/or/or.h
	src/or/relay.c
2014-02-10 15:04:23 -05:00
Nick Mathewson
3133cde3c1 Excise the insertion_time_elem_t logic
It's now redundant with the inserted_time field in packed_cell_t

Fixes bug 10870.
2014-02-10 13:55:27 -05:00
Nick Mathewson
a73b0da653 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-09 21:41:59 -05:00
Nick Mathewson
b15f75b632 Don't treat END_STREAM_REASON_INTERNAL as total circuit failure
It can happen because we sent something that got an ENETUNREACH
response.

Bugfix on 0.2.4.8-alpha; fixes a part of bug 10777.
2014-02-09 21:35:14 -05:00
Nick Mathewson
f5d32c08ba Call ENETUNREACH a case of NOROUTE, not a case of INTERNAL.
Found by cypherpunks; fix for a part of bug 10777; bugfix on 0.1.0.1-rc.
2014-02-09 21:30:23 -05:00
Andrea Shepard
c330d63ff7 Make sure orconn->chan gets nulled out when channels exit from channel_free_all() too 2014-02-08 14:05:51 -08:00
Karsten Loesing
ebe7e22045 Suppress warning in networks with only 1 dirauth. 2014-02-08 11:02:27 +01:00
Nick Mathewson
f1682a615f Merge remote-tracking branch 'houqp/hs_control_fix' 2014-02-07 12:22:56 -05:00
Nick Mathewson
040b478692 Remove a needless check in channel_tls_handle_incoming
This patch removes an "if (chan)" that occurred at a place where
chan was definitely non-NULL.  Having it there made some static
analysis tools conclude that we were up to shenanigans.

This resolves #9979.
2014-02-07 12:01:16 -05:00
Nick Mathewson
ef4eb823f3 Merge the circuit_{free,clear}_cpath functions
(Based on a suggestion by arma at #9777)
2014-02-07 10:50:06 -05:00
Nick Mathewson
babbd3ff08 Merge remote-tracking branch 'public/feature9777_024_squashed'
Conflicts:
	src/or/circuitbuild.c
2014-02-07 10:47:34 -05:00
Nick Mathewson
1068e50aec Discard circuit paths on which nobody supports ntor
Right now this accounts for about 1% of circuits over all, but if you
pick a guard that's running 0.2.3, it will be about 6% of the circuits
running through that guard.

Making sure that every circuit has at least one ntor link means that
we're getting plausibly good forward secrecy on every circuit.

This implements ticket 9777,
2014-02-07 10:45:34 -05:00
Nick Mathewson
372adfa09a Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-07 10:38:24 -05:00
Andrea Shepard
707c1e2e26 NULL out conns on tlschans when freeing in case channel_run_cleanup() is late; fixes bug 9602 2014-02-06 14:47:34 -08:00
Nick Mathewson
b4e8d8dc0e Merge remote-tracking branch 'public/bug9716_024' into maint-0.2.4 2014-02-06 16:29:08 -05:00
Nick Mathewson
075482ff80 Merge remote-tracking branch 'public/bug10543_024_v2' 2014-02-06 16:25:26 -05:00
Nick Mathewson
dffac251f1 Make the handling for usable-exit counting handle ExitNodes better
It's possible to set your ExitNodes to contains only exits that don't
have the Exit flag.  If you do that, we'll decide that 0 of your exits
are working.  Instead, in that case we should look at nodes which have
(or which might have) exit policies that don't reject everything.

Fix for bug 10543; bugfix on 0.2.4.10-alpha.
2014-02-06 16:24:08 -05:00
Qingping Hou
0fbe7f3188 remove node_describe_by_id() function
This function is not used anymore
2014-02-06 16:13:55 -05:00
Qingping Hou
bf66ff915a fix longname returned in HS_DESC control events
According to control spec, longname should not contain any spaces and is
consists only of identy_digest + nickname

added two functions:
* node_get_verbose_nickname_by_id()
* node_describe_longname_by_id()
2014-02-06 16:13:55 -05:00
Nick Mathewson
1b93e3c6d9 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	changes/bug10485
	src/or/rephist.c
	src/or/status.c
2014-02-06 13:27:04 -05:00
Nick Mathewson
655adbf667 Add a missing include 2014-02-06 13:25:36 -05:00
Nick Mathewson
edc6fa2570 Deliver circuit handshake counts as part of the heartbeat
Previously, they went out once an hour, unconditionally.

Fixes 10485; bugfix on 0.2.4.17-rc.
2014-02-06 13:03:01 -05:00
Nick Mathewson
dafed84dab Fixes for bug4645 fix. 2014-02-03 14:31:31 -05:00
rl1987
e82e772f2b Using proper functions to create tor_addr_t. 2014-02-03 14:20:24 -05:00
rl1987
3a4b24c3ab Removing is_internal_IP() function. Resolves ticket 4645. 2014-02-03 14:20:17 -05:00
Nick Mathewson
5991f9a156 TransProxyType replaces TransTPROXY option
I'm making this change now since ipfw will want its own option too,
and proliferating options here isn't sensible.

(See #10582 and #10267)
2014-02-03 13:56:19 -05:00
Karsten Loesing
00ec6e6af0 More fixes to rip out all of the v2 directory code.
(This was a squash commit, but I forgot to squash it. Sorry! --Nick)
2014-02-03 13:34:30 -05:00
rl1987
881c7c0f7d 10365: Close connections if the VERSIONS cell has an odd length.
Fixes issue 10365.
2014-02-03 13:14:27 -05:00
Nick Mathewson
f96400d9df bug10449: a dying owning controller makes Tor exit immediately
If you want a slow shutdown, send SIGNAL SHUTDOWN.

(Why not just have the default be SIGNAL QUIT?  Because this case
should only happen when an owning controller has crashed, and a
crashed controller won't be able to give the user any "tor is
shutting down" feedback, and so the user gets confused for a while.
See bug 10449 for more info)
2014-02-03 12:54:06 -05:00
Nick Mathewson
696b484d4d Defensive programming in control_event_hs_descriptor_*
It looks to me like these functions can never get called with NULL
arguments, but better safe than sorry.
2014-02-03 12:35:35 -05:00
Nick Mathewson
fee7f25ff8 Merge remote-tracking branch 'houqp/hs_control' 2014-02-03 12:28:42 -05:00
Nick Mathewson
c6c87fb6d1 Merge remote-tracking branch 'public/bug10758' 2014-02-03 11:05:29 -05:00
Nick Mathewson
fd8947afc2 Move the friendly warning about TPROXY and root to EPERM time
I'm doing this because:
   * User doesn't mean you're running as root, and running as root
     doesn't mean you've set User.
   * It's possible that the user has done some other
     capability-based hack to retain the necessary privileges.
2014-02-02 15:45:00 -05:00
Nick Mathewson
09ccc4c4a3 Add support for TPROXY via new TransTPRoxy option
Based on patch from "thomo" at #10582.
2014-01-31 12:59:35 -05:00
Qingping Hou
29c18f5b71 add hidden service descriptor async control event 2014-01-29 22:23:57 -05:00
Nick Mathewson
3193cbe2ba Rip out all of the v2 directory code.
The remaining vestige is that we continue to publish the V2dir flag,
and that, for the controller, we continue to emit v2 directory
formats when requested.
2014-01-29 15:17:05 -05:00
Nick Mathewson
bb21d14255 Apply StrictNodes to hidden service directories early
Previously, we would sometimes decide in directory_get_from_hs_dir()
to connect to an excluded node, and then later in
directory_initiate_command_routerstatus_rend() notice that it was
excluded and strictnodes was set, and catch it as a stopgap.

Additionally, this patch preferentially tries to fetch from
non-excluded nodes even when StrictNodes is off.

Fix for bug #10722. Bugfix on 0.2.0.10-alpha (the v2 hidserv directory
system was introduced in e136f00ca). Reported by "mr-4".
2014-01-24 12:56:10 -05:00
Nick Mathewson
9be105f94b whitespace fixes 2014-01-17 12:41:56 -05:00
Nick Mathewson
85b46d57bc Check spawn_func() return value
If we don't, we can wind up with a wedged cpuworker, and write to it
for ages and ages.

Found by skruffy.  This was a bug in 2dda97e8fd, a.k.a. svn
revision 402. It's been there since we have been using cpuworkers.
2014-01-17 12:04:53 -05:00
Nick Mathewson
5c45a333c3 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/or.h

The conflicts were all pretty trivial.
2014-01-03 10:53:22 -05:00
Nick Mathewson
9030360277 Add explicit check for 0-length extend2 cells
This is harmless in the Tor of today, but important for correctness.

Fixes bug 10536; bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
2014-01-03 10:43:09 -05:00
Nick Mathewson
573ee36eae Merge remote-tracking branch 'public/bug10485' 2013-12-24 11:42:35 -05:00
Nick Mathewson
2b8962bc64 Move onion-type stats message into heartbeat
Fix for 10485. Fix on 0.2.4.17-alpha.
2013-12-24 11:41:48 -05:00
Nick Mathewson
6276cca8ce Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-22 17:26:25 -05:00
Nick Mathewson
b9f6e40ecb Fix automapping to ipv6
Bugfix on 0.2.4.7-alpha; fixes bug 10465.
2013-12-22 17:19:22 -05:00
Nick Mathewson
bbc85b18ca Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-21 21:16:06 -05:00
Nick Mathewson
b5d13d11c9 Fix a logic error in circuit_stream_is_being_handled.
When I introduced the unusable_for_new_circuits flag in
62fb209d83, I had a spurious ! in the
circuit_stream_is_being_handled loop.  This made us decide that
non-unusable circuits (that is, usable ones) were the ones to avoid,
and caused it to launch a bunch of extra circuits.

Fixes bug 10456; bugfix on 0.2.4.12-alpha.
2013-12-21 10:15:09 -05:00
Karsten Loesing
b7d8a1e141 Report complete directory request statistics on bridges.
When we wrote the directory request statistics code in August 2009, we
thought that these statistics were only relevant for bridges, and that
bridges should not report them.  That's why we added a switch to discard
relevant observations made by bridges.  This code was first released in
0.2.2.1-alpha.

In May 2012 we learned that we didn't fully disable directory request
statistics on bridges.  Bridges did report directory request statistics,
but these statistics contained empty dirreq-v3-ips and dirreq-v3-reqs
lines.  But the remaining dirreq-* lines have always been non-empty.  (We
didn't notice for almost three years, because directory-request statistics
were disabled by default until 0.2.3.1-alpha, and all statistics have been
removed from bridge descriptors before publishing them on the metrics
website.)

Proposal 201, created in May 2012, suggests to add a new line called
bridge-v3-reqs that is similar to dirreq-v3-reqs, but that is published
only by bridges.  This proposal is still open as of December 2013.

Since October 2012 we're using dirreq-v3-resp (not -reqs) lines in
combination with bridge-ips lines to estimate bridge user numbers; see
task 8462.  This estimation method has superseded the older approach that
was only based on bridge-ips lines in November 2013.  Using dirreq-v3-resp
and bridge-ips lines is a workaround.  The cleaner approach would be to
use dirreq-v3-reqs instead.

This commit makes bridges report the same directory request statistics as
relays, including dirreq-v3-ips and dirreq-v3-reqs lines.  It makes
proposal 201 obsolete.
2013-12-18 18:02:10 +01:00
Karsten Loesing
90f0358e3e Disable (Cell,Entry,ExitPort)Statistics on bridges
In 0.2.3.8-alpha we attempted to "completely disable stats if we aren't
running as a relay", but instead disabled them only if we aren't running
as a server.

This commit leaves DirReqStatistics enabled on both relays and bridges,
and disables (Cell,Entry,ExitPort)Statistics on bridges.
2013-12-18 18:01:25 +01:00
Nick Mathewson
f12d3fe9aa Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-17 13:54:02 -05:00
Nick Mathewson
561d9880f8 Merge branch 'bug10423' into maint-0.2.4 2013-12-17 13:53:11 -05:00
Nick Mathewson
adfcc1da4a Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/microdesc.c

Conflict because one change was on line adjacent to line where
01206893 got fixed.
2013-12-17 13:18:00 -05:00
Nick Mathewson
3d5154550c Merge remote-tracking branch 'public/bug10409_023' into maint-0.2.4 2013-12-17 13:15:45 -05:00
Nick Mathewson
46b3b6208d Avoid double-free on failure to dump_descriptor() a cached md
This is a fix for 10423, which was introducd in caa0d15c in 0.2.4.13-alpha.

Spotted by bobnomnom.
2013-12-17 13:12:52 -05:00
Nick Mathewson
d8cfa2ef4e Avoid free()ing from an mmap on corrupted microdesc cache
The 'body' field of a microdesc_t holds a strdup()'d value if the
microdesc's saved_location field is SAVED_IN_JOURNAL or
SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the
microdesc is SAVED_IN_CACHE.  But we weren't setting that field
until a while after we parsed the microdescriptor, which left an
interval where microdesc_free() would try to free() the middle of
the mmap().

This patch also includes a regression test.

This is a fix for #10409; bugfix on 0.2.2.6-alpha.
2013-12-16 13:06:00 -05:00
rl1987
e6590efaa7 Fix get_configured_bridge_by_addr_port_digest(.,.,NULL)
The old behavior was that NULL matched only bridges without known
identities; the correct behavior is that NULL should match all
bridges (assuming that their addr:port matches).
2013-12-09 11:22:22 -05:00
Nick Mathewson
9c048d90b6 Merge remote-tracking branch 'public/bug10131_024' 2013-12-09 11:06:20 -05:00
Nick Mathewson
c56bb30044 Remove a check in channeltls.c that could never fail.
We were checking whether a 8-bit length field had overflowed a
503-byte buffer. Unless somebody has found a way to store "504" in a
single byte, it seems unlikely.

Fix for 10313 and 9980. Based on a pach by Jared L Wong. First found
by David Fifield with STACK.
2013-12-09 11:02:34 -05:00
Nick Mathewson
23dae51976 Only update view of micrdescriptor pos if pos is fetchable.
It's conceivable (but probably impossible given our code) that lseek
could return -1 on an error; when that happens, we don't want off to
become -1.

Fixes CID 1035124.
2013-11-22 12:38:58 -05:00
Nick Mathewson
647248729f Drop the MaxMemInQueues lower limit down to 256 MB.
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.
2013-11-20 12:13:30 -05:00
Nick Mathewson
e572ec856d Rename MaxMemInCellQueues to MaxMemInQueues 2013-11-20 12:12:23 -05:00
Nick Mathewson
a406f6d0f0 doxygen comments for 10169 code 2013-11-20 12:05:36 -05:00
Nick Mathewson
eabcab2b7c Count freed buffer bytes from buffers when oom-killing circuits.
Also, aggressively clear the buffers to try to make their bytes go
away fast rather than waiting for the close-marked-connection code
to get 'em.
2013-11-20 11:57:45 -05:00
Nick Mathewson
03da9be2f1 Merge remote-tracking branch 'sysrqb/bug9859_5' 2013-11-20 11:03:37 -05:00
Nick Mathewson
a7c9d64fd6 Merge branch 'finish_prop157' 2013-11-18 13:27:06 -05:00
Nick Mathewson
ec9d88e5a2 Tweak #10162 documentation a bit 2013-11-18 13:26:58 -05:00
Nick Mathewson
bd25bda7c0 Remove 'struct timeval now' that was shadowing 'struct timeval now'.
This was a mistake in the merge commit 7a2b30fe16. It
would have made the CellStatistics code give completely bogus
results. Bug not in any released Tor.
2013-11-18 11:20:35 -05:00
Nick Mathewson
fbc20294aa Merge branch 'backtrace_squashed'
Conflicts:
	src/common/sandbox.c
	src/common/sandbox.h
	src/common/util.c
	src/or/main.c
	src/test/include.am
	src/test/test.c
2013-11-18 11:00:16 -05:00
Nick Mathewson
0cf234317f Unit tests for new functions in log.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
bd8ad674b9 Add a sighandler-safe logging mechanism
We had accidentially grown two fake ones: one for backtrace.c, and one
for sandbox.c.  Let's do this properly instead.

Now, when we configure logs, we keep track of fds that should get told
about bad stuff happening from signal handlers.  There's another entry
point for these that avoids using non-signal-handler-safe functions.
2013-11-18 10:43:15 -05:00
Nick Mathewson
063bea58bc Basic backtrace ability
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure.  By default, I log
them to DataDir/stack_dump and to stderr.
2013-11-18 10:43:14 -05:00
Nick Mathewson
91ec6f7269 Have the OOM handler also count the age the data in a stream buffer 2013-11-15 18:38:52 -05:00
Nick Mathewson
7a2b30fe16 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c

Conflict changes were easy; compilation fixes required were using
using TOR_SIMPLEQ_FIRST to get head of cell queue.
2013-11-15 15:35:00 -05:00
Nick Mathewson
59f50c80d4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/or.h
	src/or/relay.c

Conflicts were simple to resolve.  More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
2013-11-15 15:29:24 -05:00
Nick Mathewson
f6e07c158f Make the dir-key-crosscert element required
In proposal 157, we added a cross-certification element for
directory authority certificates. We implemented it in
0.2.1.9-alpha.  All Tor directory authorities now generate it.
Here, as planned, make it required, so that we can finally close
proposal 157.

The biggest change in the code is in the unit test data, where some
old hardcoded certs that we made long ago have become no longer
valid and now need to be replaced.
2013-11-14 09:37:41 -05:00
Nick Mathewson
fc5a881bd3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-11-10 12:24:12 -05:00
Nick Mathewson
8bfa596c15 Fix two more DirServer mentions in log 2013-11-10 12:23:56 -05:00
Nick Mathewson
56ac75b265 Fix a wide line 2013-11-10 12:22:34 -05:00
Nick Mathewson
532f70a807 Change documentation DirServer->DirAuthority
We renamed the option, but we didn't actually fix it in the log
messages or the docs.  This patch does that.

For #10124.  Patch by sqrt2.
2013-11-10 12:21:23 -05:00
rl1987
86cfc64d45 Implementing --allow-missing-torrc CLI option. 2013-11-07 14:26:05 -05:00
Nick Mathewson
1b8ceb83c9 Improved circuit queue out-of-memory handler
Previously, when we ran low on memory, we'd close whichever circuits
had the most queued cells. Now, we close those that have the
*oldest* queued cells, on the theory that those are most responsible
for us running low on memory, and that those are the least likely to
actually drain on their own if we wait a little longer.

Based on analysis from a forthcoming paper by Jansen, Tschorsch,
Johnson, and Scheuermann. Fixes bug 9093.
2013-11-07 12:15:30 -05:00
Nick Mathewson
12dc55f487 Merge branch 'prop221_squashed_024'
Conflicts:
	src/or/or.h
2013-11-01 10:28:01 -04:00
Nick Mathewson
5de88dda0a circuit_build_failed: distinguish "got DESTROY" case
Roger spotted this on tor-dev in his comments on proposal 221.

We etect DESTROY vs everything else, since arma likes network
timeout indicating failure but not overload indicating failure.
2013-11-01 10:04:48 -04:00
Nick Mathewson
0de71bf8eb Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2013-11-01 10:04:48 -04:00
Nick Mathewson
5cc155e02a Merge remote-tracking branch 'public/bug9645' into maint-0.2.4 2013-10-31 16:09:41 -04:00
Nick Mathewson
275ab61ad4 Appease make check-spaces 2013-10-31 14:45:20 -04:00
Nick Mathewson
9bcd93a364 Merge remote-tracking branch 'public/bug10063' 2013-10-31 14:43:20 -04:00
Nick Mathewson
761ee93c69 Add missing includes for circpathbias.h 2013-10-31 14:33:34 -04:00
Nick Mathewson
8f793c38fb Move other #9731 check to start of its functions
At arma's suggestion.  Looks like I missed this one.
2013-10-31 14:29:18 -04:00
Nick Mathewson
5cba0ddfc4 Make circpathbias and circuitbuild compile.
That was the tricky part
2013-10-31 14:28:49 -04:00
Nick Mathewson
b4ebf8421a Move pathbias functions into a new file.
Does not compile yet.  This is the "no code changed" diff.
2013-10-31 14:17:49 -04:00
Nick Mathewson
96f92f2062 Move #9731 checks to start of their functions
At arma's suggestion.
2013-10-31 14:10:23 -04:00
Nick Mathewson
702c0502cf Merge remote-tracking branch 'public/bug9731' 2013-10-31 14:09:18 -04:00
Nick Mathewson
db2c2a6909 Merge remote-tracking branch 'public/bug9731b' into maint-0.2.4 2013-10-31 14:08:28 -04:00
Nick Mathewson
f6fee77375 Add some clarity and checks to cell_queue_append_packed_copy
It's not cool to have "circ may be NULL if use_stats false, but
otherwise we crash" as an undocumented API constraint. :)
2013-10-30 23:03:20 -04:00
Nick Mathewson
83d9d72bf3 Merge remote-tracking branch 'karsten/morestats5' 2013-10-30 22:53:05 -04:00
George Kadianakis
9e0ed8136a Fix an always-true assert in PT code. 2013-10-29 22:49:37 +00:00
Nick Mathewson
4b6f074df9 Merge remote-tracking branch 'public/bug5018'
Conflicts:
	src/or/entrynodes.c
2013-10-29 01:29:59 -04:00
David Fifield
2235d65240 Document that unneeded transports are ignored.
Suggested by Roger in
https://trac.torproject.org/projects/tor/ticket/5018#comment:11.
2013-10-29 01:06:03 -04:00
David Fifield
e6e6c245c8 Simplify transport_is_needed.
By Roger at
https://trac.torproject.org/projects/tor/ticket/5018#comment:11.
2013-10-29 01:05:57 -04:00
George Kadianakis
6f33dffec1 Only launch transport proxies that provide useful transports. 2013-10-29 01:05:56 -04:00
Karsten Loesing
2e0fad542c Merge branch 'morestats4' into morestats5
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/connection.h
	src/or/control.c
	src/or/control.h
	src/or/or.h
	src/or/relay.c
	src/or/relay.h
	src/test/test.c
2013-10-28 12:09:42 +01:00
Karsten Loesing
e46de82c97 squash! Pass const uint64_t pointers, document array length.
Don't cast uint64_t * to const uint64_t * explicitly.  The cast is always
safe, so C does it for us.  Doing the cast explitictly can hide bugs if
the input is secretly the wrong type.

Suggested by Nick.
2013-10-28 10:48:18 +01:00
Nick Mathewson
7578606a22 Merge remote-tracking branch 'public/bug9934_nm' 2013-10-25 12:15:31 -04:00
Nick Mathewson
f249074e41 Merge remote-tracking branch 'Ryman/bug5605' 2013-10-25 12:03:42 -04:00
Nick Mathewson
4b8282e50c Log the origin address of controller connections
Resolves 9698; patch from "sigpipe".
2013-10-25 11:52:45 -04:00
Matthew Finkel
b36f93a671 A Bridge Authority should compute flag thresholds
As a bridge authority, before we create our networkstatus document, we
should compute the thresholds needed for the various status flags
assigned to each bridge based on the status of all other bridges. We
then add these thresholds to the networkstatus document for easy access.
Fixes for #1117 and #9859.
2013-10-21 17:49:33 +00:00
Nick Mathewson
71bd100976 DROPGUARDS controller command
Implements ticket 9934; patch from "ra"
2013-10-21 13:02:25 -04:00
Nick Mathewson
17d368281a Merge remote-tracking branch 'linus/bug9206_option' 2013-10-16 11:20:43 -04:00
Nick Mathewson
7f2415683a Merge remote-tracking branch 'asn/bug9651' 2013-10-14 11:43:33 -04:00
Roger Dingledine
a26a5794a3 Merge branch 'maint-0.2.4' 2013-10-12 10:48:30 -04:00
Roger Dingledine
8f9fb63cdb be willing to bootstrap from all three of our directory guards
Also fix a bug where if the guard we choose first doesn't answer, we
would try the second guard, but once we connected to the second guard
we would abandon it and retry the first one, slowing down bootstrapping.

The fix in both cases is to treat all our initially chosen guards as
acceptable to use.

Fixes bug 9946.
2013-10-12 10:42:27 -04:00
Nick Mathewson
0546edde66 Merge branch 'bug1376' 2013-10-11 12:51:15 -04:00
Nick Mathewson
6f9584b3fd Make --version, --help, etc incremement quiet level, never decrease it
Fixes other case of #9578
2013-10-11 12:32:59 -04:00
Roger Dingledine
f96a8d5fa3 Report bootstrapping progress correctly when downloading microdescs
We had updated our "do we have enough microdescs to begin building
circuits?" logic most recently in 0.2.4.10-alpha (see bug 5956), but we
left the bootstrap status event logic at "how far through getting 1/4
of them are we?"

Fixes bug 9958; bugfix on 0.2.2.36, which is where they diverged (see
bug 5343).
2013-10-10 21:39:21 -04:00
Nick Mathewson
43f95e38ab Merge remote-tracking branch 'sysrqb/bug9950' 2013-10-10 11:27:28 -04:00
Nick Mathewson
df4693fed5 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 11:24:16 -04:00
Nick Mathewson
2c7ed0406f Merge branch 'bug9644_024' into maint-0.2.4 2013-10-10 11:23:46 -04:00
Matthew Finkel
528e3bf892 Free the smartlist after parsing csv config option
Bugfix on 1293835440, which implemented
6752: Not in any released tor.
2013-10-09 23:16:57 +00:00
Nick Mathewson
66624ded39 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c
2013-10-08 13:38:47 -04:00
Nick Mathewson
50fc8fb5c5 Merge remote-tracking branch 'public/bug9927' into maint-0.2.4 2013-10-08 13:37:13 -04:00
Nick Mathewson
b571b966f2 Tweak a comment 2013-10-08 12:18:31 -04:00
Nick Mathewson
1060688d2a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-08 12:17:14 -04:00
Nick Mathewson
7e0f1fa52a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-08 12:16:42 -04:00
Nick Mathewson
5e0404265f Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-08 12:11:37 -04:00
Nick Mathewson
0c3c47565d Merge remote-tracking branch 'public/bug9596' into maint-0.2.4 2013-10-08 12:10:47 -04:00
Nick Mathewson
63234b1839 Merge branch 'bug9922' 2013-10-08 12:03:09 -04:00
Roger Dingledine
5f13ae4b03 don't lie about bootstrap progress when clients use bridges
we were listing 50% as soon as we got a bridge's relay descriptor,
even if we didn't have any consensus, certificates, etc yet.
2013-10-08 11:50:53 -04:00
Nick Mathewson
c8c2298015 Simply route length generation code.
The old code had logic to use a shorter path length if we didn't
have enough nodes. But we don't support 2-node networks anwyay.

Fix for #9926.  I'm not calling this a bugfix on any particular
version, since a 2-node network would fail to work for you for a lot
of other reasons too, and it's not clear to me when that began, or if
2-node networks would ever have worked.
2013-10-08 11:48:33 -04:00
Nick Mathewson
c7c24785ee Generate bootstrapping status messages for microdescs too
Fix for 9927.
2013-10-08 11:32:02 -04:00
Linus Nordberg
fab8fd2c18 Add TestingDirAuthVoteGuard option for specifying relays to vote Guard on.
Addresses ticket 9206.
2013-10-07 13:33:42 +02:00
Nick Mathewson
566645b5ed Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-02 22:40:01 -04:00
Nick Mathewson
557f332957 Fix a bug in our bug 9776 fix.
By calling circuit_n_chan_done() unconditionally on close, we were
closing pending connections that might not have been pending quite for
the connection we were closing.  Fix for bug 9880.

Thanks to skruffy for finding this and explaining it patiently until
we understood.
2013-10-02 22:20:18 -04:00
Roger Dingledine
a980d844cd what is logging "above" notice? 2013-10-01 08:55:57 -04:00
Roger Dingledine
0d8632e585 fix another confusing whitespace instance 2013-09-30 01:47:24 -04:00
Roger Dingledine
2cf41cc70d fix confusing whitespace 2013-09-30 01:41:48 -04:00
Roger Dingledine
1b6ea92a57 fix whitespace in log message 2013-09-29 06:15:00 -04:00
Roger Dingledine
c902b4981b fix two cases where we were printing unsigned int as %d 2013-09-29 06:13:59 -04:00
Nick Mathewson
759de9f756 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-24 10:47:26 -04:00
Andrea Shepard
938ee9b24d Always call circuit_n_chan_done(chan, 0) from channel_closed() 2013-09-24 10:42:12 -04:00
George Kadianakis
43b9b51389 Warn when the Extended ORPort should be on but it's not. 2013-09-24 12:30:25 +01:00
Nick Mathewson
5b1c257d9a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-23 01:48:30 -04:00
Nick Mathewson
116e6af7a7 Fix a compilation warning with older gcc 2013-09-23 01:47:52 -04:00
Nick Mathewson
c4031ee847 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-21 08:55:45 -04:00
Nick Mathewson
d1dbaf2473 Relays should send timestamp in NETINFO.
This avoids skew warnings as authorities test reachability.

Fix 9798; fix not on any released Tor.
2013-09-21 08:54:42 -04:00
Roger Dingledine
99703c9b31 Merge branch 'maint-0.2.4' 2013-09-21 02:21:15 -04:00
Roger Dingledine
4f036acd27 back out most of 1d0ba9a
this was causing directory authorities to send a time of 0 on all
connections they generated themselves, which means everybody reachability
test caused a time skew warning in the log for that relay.

(i didn't just revert, because the changes file has been modified by
other later commits.)
2013-09-21 02:11:51 -04:00
Nick Mathewson
6178aaea06 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-20 11:01:10 -04:00
Nick Mathewson
fd2954d06d Round down hidden service descriptor publication times to nearest hour
Implements part of proposal 222.  We can do this safely, since
REND_CACHE_MAX_SKEW is 24 hours.
2013-09-20 11:00:27 -04:00
Nick Mathewson
accadd8752 Remove the timestamp from AUTHENTICATE cells; replace with random bytes
This isn't actually much of an issue, since only relays send
AUTHENTICATE cells, but while we're removing timestamps, we might as
well do this too.

Part of proposal 222.  I didn't take the approach in the proposal of
using a time-based HMAC, since that was a bad-prng-mitigation hack
from SSL3, and in real life, if you don't have a good RNG, you're
hopeless as a Tor server.
2013-09-20 11:00:27 -04:00
Nick Mathewson
f8b44eedf7 Get ready to stop sending timestamps in INTRODUCE cells
For now, round down to the nearest 10 minutes.  Later, eliminate entirely by
setting a consensus parameter.

(This rounding is safe because, in 0.2.2, where the timestamp mattered,
REND_REPLAY_TIME_INTERVAL was a nice generous 60 minutes.)
2013-09-20 11:00:27 -04:00
Nick Mathewson
1d0ba9a61f Stop sending the current time in client NETINFO handshakes.
Implements part of proposal 222.
2013-09-20 11:00:27 -04:00
Nick Mathewson
ee01e41937 Fix compilation with libevent 1
a9910d89 added trickery to make us work with interned strings and
seccomp; it requires libevent 2.

Fix for 9785; bug not in any released tor.
2013-09-19 20:25:05 -04:00
Nick Mathewson
7dbf66713f When freeing a cert_list_t, avoid memory leak.
We were freeing these on exit, but when we added the dl_status_map
field to them in fddb814f, we forgot to arrange for it to be freed.

I've moved the cert_list_free() code into its own function, and added
an appropriate dsmap_free() call.

Fixes bug 9644; bugfix on 0.2.4.13-alpha.
2013-09-19 12:22:49 -04:00
Nick Mathewson
67bb1a44bd Merge remote-tracking branch 'public/bug9716_024' 2013-09-19 10:50:34 -04:00
Nick Mathewson
dece40fd77 Fix an assert when disabling ORPort with accounting disabled.
The problem was that the server_identity_key_is_set() function could
return true under conditions where we don't really have an identity
key -- specifically, where we used to have one, but we stopped being a
server.

This is a fix for 6979; bugfix on 0.2.2.18-alpha where we added that
assertion to get_server_identity_key().
2013-09-18 10:26:32 -04:00
Nick Mathewson
15b9a1ff10 Correctly re-process non-option cmdline args on sighup
Whenever we had an non-option commandline arguments *and*
option-bearing commandline arguments on the commandline, we would save
only the latter across invocations of options_init_from_torrc, but
take their existence as license not to re-parse the former.  Yuck!

Incidentally, this fix lets us throw away the backup_arg[gv] logic.

Fix for bug 9746; bugfix on d98dfb3746,
not in any released Tor.  Found by Damian. Thanks, Damian!
2013-09-16 13:07:45 -04:00
Nick Mathewson
c5532889a8 Don't apply read/write buckets to cpuworker connections
Fixes bug 9731
2013-09-13 13:39:18 -04:00
Nick Mathewson
9205552daa Don't apply read/write buckets to non-limited connections
Fixes bug 9731
2013-09-13 13:37:53 -04:00
Nick Mathewson
147a0f31bd Fix a windows compilation warning from 4647 branch 2013-09-13 13:10:17 -04:00
Nick Mathewson
ccbf1cfacd Whoops; make or_state_validate conform to validate_fn_t.
Bugfix on 1293835440, which implemented
6752: Not in any released tor.
2013-09-13 12:56:14 -04:00
Nick Mathewson
25a3ae922f Merge remote-tracking branch 'Ryman/bug6384'
Conflicts:
	src/or/config.c
	src/or/main.c
2013-09-13 12:55:53 -04:00
Nick Mathewson
e35c972851 Merge branch 'bug4647_squashed' 2013-09-13 12:36:55 -04:00
Nick Mathewson
aac4f30d23 Add a --dump-config option to help testing option parsing. 2013-09-13 12:36:40 -04:00
Nick Mathewson
7972af7073 Whoops; make options_validate conform to validate_fn_t.
This just goes to show: never cast a function pointer.  Found while
testing new command line parse logic.

Bugfix on 1293835440, which implemented
6752: Not in any released tor.
2013-09-13 12:36:40 -04:00
Nick Mathewson
a6cad4db70 Add '--digests' to "that which implies --hush."
And have these various commandline options imply "hush", not "quiet",
since we like to see warnings.
2013-09-13 12:36:40 -04:00
Nick Mathewson
75d795b1d7 Disallow --hash-password with no commandline arguments.
Fixes bug 9573.

Bugfix on 59453ac6e in 0.0.9pre5, which fixed a crash in a silly way.
2013-09-13 12:36:40 -04:00
Nick Mathewson
b523167f2f Make config_parse_commandline table-driven for its list of cmdline args 2013-09-13 12:36:40 -04:00
Nick Mathewson
a1096fe180 Use commandline parser for other options
These were previously allowed only in the initial position:
  --help, -h , --version, --digests, --list-torrc-options
2013-09-13 12:36:39 -04:00
Nick Mathewson
34ec954f8e Expose commandline parser so that we can use it for --quiet,etc.
Fix for bug 9578.
2013-09-13 12:36:39 -04:00
Cristian Toader
d98dfb3746 Patch for 4647 (rewrite command line parser) 2013-09-13 12:36:26 -04:00
Nick Mathewson
e0b2cd061b Merge remote-tracking branch 'ctoader/gsoc-cap-stage2'
Conflicts:
	src/common/sandbox.c
2013-09-13 12:31:41 -04:00
Karsten Loesing
b43a37bc5b Pass const uint64_t pointers, document array length.
Suggested by nickm.
2013-09-12 10:51:55 +02:00
Karsten Loesing
d5f0d792dd Pass around const struct timeval * instead of struct timeval.
Suggested by nickm.
2013-09-12 10:10:38 +02:00
Karsten Loesing
6553bdde8c Don't format cell stats for unattached circuits. 2013-09-12 09:21:13 +02:00
Nick Mathewson
a2754d418d Try using INT_MAX, not SOMAXCONN, to set listen() backlog.
Fall back to SOMAXCONN if INT_MAX doesn't work.

We'd like to do this because the actual maximum is overrideable by the
kernel, and the value in the header file might not be right at all.
All implementations I can find out about claim that this is supported.

Fix for 9716; bugfix on every Tor.
2013-09-11 13:30:45 -04:00
Nick Mathewson
4e00625bbe Build correctly with older libevents 2013-09-09 15:29:19 -04:00
Nick Mathewson
00fd0cc5f9 Basic compilation fixes. 2013-09-09 14:55:47 -04:00
Nick Mathewson
c7113e702b Merge remote-tracking branch 'public/bug9645' 2013-09-05 09:59:07 -04:00
Roger Dingledine
86907ea4db Merge branch 'maint-0.2.4' 2013-09-05 02:34:58 -04:00
Roger Dingledine
2c877d2da4 collect and log statistics about onionskins received/processed
we skip onionskins that came from non-relays, so we're less likely to
run into privacy troubles.

starts to implement ticket 9658.
2013-09-05 01:44:52 -04:00
Roger Dingledine
f51add6dbc Revert e443beff and solve it a different way
Now we explicitly check for overflow.

This approach seemed smarter than a cascade of "change int to unsigned
int and hope nothing breaks right before the release".

Nick, feel free to fix in a better way, maybe in master.
2013-09-05 01:41:07 -04:00
Roger Dingledine
e443beffeb don't let recently_chosen_ntors overflow
with commit c6f1668d we let it grow arbitrarily large.

it can still overflow, but the damage is very small now.
2013-09-05 01:27:46 -04:00
Roger Dingledine
6156887adf Merge branch 'maint-0.2.4'
Conflicts:
	src/test/test.c
2013-09-04 23:44:39 -04:00
Roger Dingledine
c6f1668db3 nickm wants us to prioritize tap in a currently-rare edge case 2013-09-04 23:21:46 -04:00
Roger Dingledine
a4400952ee Be more general in calculating expected onion queue processing time
Now we consider the TAP cells we'll process while draining the NTor
queue, and vice versa.
2013-09-04 23:21:45 -04:00
Roger Dingledine
a66791230f let the NumNTorsPerTAP consensus param override our queue choice 2013-09-04 23:21:45 -04:00
Roger Dingledine
7acc7c3dc6 do a lopsided round-robin between the onion queues
that way tap won't starve entirely, but we'll still handle ntor requests
quicker.
2013-09-04 23:21:45 -04:00
Roger Dingledine
16b5c609a4 check bounds on handshake_type more thoroughly 2013-09-04 23:21:45 -04:00
Roger Dingledine
9d2030e580 add info-level logs to help track onion queue sizes 2013-09-04 23:21:45 -04:00
Roger Dingledine
bb32bfa2f2 refactor and give it unit tests 2013-09-04 23:21:45 -04:00
Roger Dingledine
87a18514ef Separate cpuworker queues by handshake type
Now we prioritize ntor create cells over tap create cells.

Starts to address ticket 9574.
2013-09-04 23:21:45 -04:00
Nick Mathewson
d5e9573ed2 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/circuituse.c
2013-09-04 16:11:20 -04:00
Nick Mathewson
a60d21a85d Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/circuitbuild.c
2013-09-04 16:08:02 -04:00
Nick Mathewson
4f3dbb3c0a use !cbt_disabled in place of LearnCBT to avoid needless circs
This would make us do testing circuits "even when cbt is disabled by
consensus, or when we're a directory authority, or when we've failed
to write cbt history to our state file lately." (Roger's words.)

This is a fix for 9671 and an improvement in our fix for 5049.
The original misbehavior was in 0.2.2.14-alpha; the incomplete
fix was in 0.2.3.17-beta.
2013-09-04 15:54:05 -04:00
Nick Mathewson
264aa271a7 Fix bug 9645: don't forget an md just because we can't save it. 2013-09-03 14:25:01 -04:00
Nick Mathewson
5c9008e0b0 Fix some "ISO C90 forbids mixed declarations and code" warnings 2013-09-03 13:39:31 -04:00
Nick Mathewson
eb5f22eff2 Merge remote-tracking branch 'Ryman/bug4341' 2013-09-03 13:16:22 -04:00
Kevin Butler
db318dc77f Minor changes to adhere to codebase conventions. 2013-09-03 17:47:03 +01:00
Nick Mathewson
270b4f030a Handle HTTP minor versions greater than 9
(In practice they don't exist, but so long as we're making changes for
standards compliance...)

Also add several more unit tests for good and bad URL types.
2013-09-03 11:38:15 -04:00
Kevin Butler
5327605caa Tougher validation for parsing urls from HTTP headers. Fixes #2767. 2013-09-03 01:14:43 +01:00
Kevin Butler
b336e8c74e No longer writing control ports to file if updating reversible options fail. Fixes #5605. 2013-09-02 19:25:08 +01:00
Cristian Toader
fe6e2733ab added contingency message to test for sandbox_getaddrinfo 2013-09-02 12:16:02 +03:00
Cristian Toader
1ef0b2e1a3 changed how sb getaddrinfo works such that it supports storing multiple results 2013-09-02 11:44:04 +03:00
Kevin Butler
6e17fa6d7b Added --library-versions flag to print the compile time and runtime versions of libevent, openssl and zlib. Partially implements #6384. 2013-09-01 17:38:01 +01:00
Kevin Butler
1bdb391ed0 Added no_tempfile parameter to write_chunks_to_file to do non-atomic writes. Implements #1376. 2013-09-01 00:24:07 +01:00
Kevin Butler
bb69bf8882 Changed signature for check_nickname_list to remove warnings on free. 2013-08-31 05:14:48 +01:00
Kevin Butler
0513643317 MyFamily option will now fix fingerprints missing their leading instead of complaining. Should fix #4341. 2013-08-31 04:49:04 +01:00
Cristian Toader
d5f43b5254 _array filter functions now rely on final NULL parameter 2013-08-29 15:42:30 +03:00
Cristian Toader
b1f7105506 supporting /dev/urandom instead of /dev/random 2013-08-29 15:22:14 +03:00
Cristian Toader
148c6dc473 updated open syscall strings 2013-08-26 21:19:22 +03:00
Nick Mathewson
a5f6cb908c Increase POLICY_BUF_LEN to 72 to accomodate IPv6 exit policy items.
Fixes bug 9596; bugfix on 0.2.4.7-alpha.
2013-08-26 11:30:09 -04:00
Nick Mathewson
00bcc25d05 Cleanup whitespaces 2013-08-25 12:22:20 -04:00
Nick Mathewson
078d6bcda5 Basic unit test for EVENT_TRANSPORT_LAUNCHED 2013-08-25 11:29:03 -04:00
Nick Mathewson
69312c7a84 Widen event_mask_t to 64 bits 2013-08-25 10:46:53 -04:00
George Kadianakis
6dd462e8bc Implement the TRANSPORT_LAUNCHED control port event. 2013-08-25 10:37:03 -04:00
Nick Mathewson
2452302354 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-08-25 00:34:23 -04:00
Nick Mathewson
8611195a00 Merge remote-tracking branch 'public/bug9546_023_v2' into maint-0.2.3 2013-08-25 00:32:27 -04:00
Nick Mathewson
4107ddd003 Merge remote-tracking branch 'public/bug9546_v2' into maint-0.2.4 2013-08-25 00:31:51 -04:00
Nick Mathewson
1ee1c8fb4f Merge remote-tracking branch 'public/bug9366' into maint-0.2.4 2013-08-25 00:29:49 -04:00
Nick Mathewson
3727a978b8 Merge remote-tracking branch 'public/bug9543' into maint-0.2.4 2013-08-25 00:29:06 -04:00
Roger Dingledine
0fd8f5781b fix typos 2013-08-23 21:43:57 -04:00
Nick Mathewson
223c7da080 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-08-22 20:47:23 -04:00
Nick Mathewson
43f187ec2e Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-08-22 20:47:10 -04:00
Nick Mathewson
8920fc5457 Hide the contents of the circuit_build_times structure.
There were only two functions outside of circuitstats that actually
wanted to know what was inside this.  Making the structure itself
hidden should help isolation and prevent us from spaghettifying the
thing more.
2013-08-22 10:15:57 -04:00
Nick Mathewson
79cad08b4f Documentation for new cbt accessors 2013-08-22 10:15:56 -04:00
Nick Mathewson
775c491502 Separate mutable/const accessors for circuit_build_times
(These have proved invaluable for other global accessors.)
2013-08-22 10:15:56 -04:00
Nick Mathewson
e1c9b43b8e Rename get_circuit_nbuild_* to end with _ms 2013-08-22 10:15:56 -04:00
vagrant
4834641dce Make circ_times static and add accessor functions.
Change the global circ_times to a static variable and use
accessor functions throughout the code, instead of
accessing it directly.
2013-08-22 10:15:56 -04:00
Nick Mathewson
2530c84220 Replace return with continue in update_consensus_networkstatus_downloads
Fix for bug 9564; bugfix on 0.2.3.14-alpha.
2013-08-22 10:00:37 -04:00
Nick Mathewson
71ec90fdc8 Tweak/cleanup 5526 fix. 2013-08-21 13:41:53 -04:00
Peter Retzlaff
a337d4b7cb Print accounting information in heartbeat messages.
Implements ticket 5526.
2013-08-21 13:26:57 -04:00
Nick Mathewson
af7970b6bc Add a 30-day maximum on user-supplied MaxCircuitDirtiness
Fix for bug 9543.
2013-08-21 11:35:00 -04:00
Nick Mathewson
cbc53a2d52 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:29:19 -04:00
Nick Mathewson
940cef3367 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:28:58 -04:00
Nick Mathewson
0daa26a473 Send NETINFO on receiving a NETINFO if we have not yet sent one.
(Backport to Tor 0.2.3)

Relays previously, when initiating a connection, would only send a
NETINFO after sending an AUTHENTICATE.  But bridges, when receiving a
connection, would never send AUTH_CHALLENGE.  So relays wouldn't
AUTHENTICATE, and wouldn't NETINFO, and then bridges would be
surprised to be receiving CREATE cells on a non-open circuit.

Fixes bug 9546.
2013-08-21 11:28:57 -04:00
Cristian Toader
bc19ea100c make check-spaces fixes 2013-08-21 17:57:15 +03:00
Nick Mathewson
1bb4a4f9bd Send NETINFO on receiving a NETINFO if we have not yet sent one.
Relays previously, when initiating a connection, would only send a
NETINFO after sending an AUTHENTICATE.  But bridges, when receiving a
connection, would never send AUTH_CHALLENGE.  So relays wouldn't
AUTHENTICATE, and wouldn't NETINFO, and then bridges would be
surprised to be receiving CREATE cells on a non-open circuit.

Fixes bug 9546.
2013-08-20 14:52:56 -04:00
Cristian Toader
a9910d89f1 finalised fix on libevent open string issue 2013-08-19 11:41:46 +03:00
Nick Mathewson
a3ffa1f76e Rename circuit_get_global_list to remove trailing _ 2013-08-15 15:37:23 -04:00
Nick Mathewson
d4634d1b72 Merge remote-tracking branch 'majek/bug9108'
Conflicts:
	src/or/circuitlist.h
2013-08-15 15:36:04 -04:00
Nick Mathewson
74262f1571 Merge branch 'bug5040_4773_rebase_3' 2013-08-15 12:04:56 -04:00
George Kadianakis
794447d03d Fix some #5040 bugs found by Nick's tests.
- Set conn->address when we receive a USERADDR command.
- Set conn->state to a sane value when we transition from Extended
  ORPort to ORPort.
2013-08-15 12:03:38 -04:00
George Kadianakis
f549e4c36d Write some free_all functions to free the auth. cookies.
We started allocating space for them on the heap in the previous
commit.

Conflicts:
	src/or/ext_orport.h
2013-08-15 12:03:38 -04:00
George Kadianakis
33c3e60a37 Implement and use a generic auth. cookie initialization function.
Use the generic function for both the ControlPort cookie and the
ExtORPort cookie.

Also, place the global cookie variables in the heap so that we can
pass them around more easily as pointers.

Also also, fix the unit tests that broke by this change.

Conflicts:
	src/or/config.h
	src/or/ext_orport.c
2013-08-15 12:03:37 -04:00
George Kadianakis
13784d4753 Warn if the Extended ORPort listens on a public IP address. 2013-08-15 12:03:37 -04:00
George Kadianakis
bdeddecd29 Better documentation for ext_or_auth_correct_client_hash. 2013-08-15 12:03:37 -04:00
Nick Mathewson
28bb673584 White-box tests for the succeeding case of ext_or_port handshake.
(Okay, white-box plus mocking enough other functions so they don't
crash.)
2013-08-15 12:03:37 -04:00
Nick Mathewson
ba78a3c800 Make 0x01==SAFECOOKIE a macro, not a magic number 2013-08-15 12:03:37 -04:00
Nick Mathewson
d7358e8598 Expose/mock some functions to make ext_orport.c testing possible 2013-08-15 12:03:37 -04:00
Nick Mathewson
4526c3e0b6 Unit test for basic ext_or_cookie authentication backend 2013-08-15 12:03:37 -04:00
Nick Mathewson
b64351ed17 Split the cryptographic part of handle_client_auth_nonce into new fn 2013-08-15 12:03:36 -04:00
George Kadianakis
e1d1d7a8da Fix some ext_orport.c DOCDOCs. 2013-08-15 12:03:36 -04:00
Nick Mathewson
03e3881043 Tests for connection_write_ext_or_command. 2013-08-15 12:03:36 -04:00
Nick Mathewson
c342ea9879 Unit tests for ext_or_id_map. 2013-08-15 12:03:36 -04:00
Nick Mathewson
7da59721a9 Unit tests for fetch_ext_or_cmd 2013-08-15 12:03:36 -04:00
Nick Mathewson
9d8ffa91ce Add a clientmap_entry_free().
Remove a nedless strdup/free pair.
2013-08-15 12:03:36 -04:00
Nick Mathewson
34d02484c0 Fix hash functions for transport_name in client entry 2013-08-15 12:03:35 -04:00
Nick Mathewson
50136b6698 Use memdup_nulterm and check for NULs in handle_cmd_transport 2013-08-15 12:03:35 -04:00
Nick Mathewson
550af7be0a Fix a variety of issues in 4773
memwipe some stack-allocated stuff
Add DOCDOC comments for state machines
Use memdup_nulterm as appropriate
Check for NULs in useraddr
Add a macro so that <= AUTH_MAX has a meaning.
2013-08-15 12:03:35 -04:00
Nick Mathewson
6dd8ff0ad9 Break up <??> differently, and explain why 2013-08-15 12:03:35 -04:00
Nick Mathewson
e4a241af11 Add guards to ext_orport.h, rename get_file to get_file_name 2013-08-15 12:03:34 -04:00
Nick Mathewson
6568424410 Use only uintptr_t for the value of transport_count 2013-08-15 12:03:34 -04:00
George Kadianakis
6ad535e6dc If a single client connects with multiple transports, note all transports. 2013-08-15 12:03:34 -04:00
George Kadianakis
cb54e44587 Fix a number of issues with the #5040 code.
- Don't leak if a transport proxy sends us a TRANSPORT command more
  than once.

- Don't use smartlist_string_isin() in geoip_get_transport_history().
  (pointed out by Nick)

- Use the 'join' argument of smartlist_join_strings() instead of
  trying to write the separator on our own.
  (pointed out by Nick)

- Document 'ext_or_transport' a bit better.
  (pointed out by Nick)

- Be a bit more consistent with the types of the values of 'transport_counts'.
  (pointed out by Nick)
2013-08-15 12:03:34 -04:00
George Kadianakis
b2c7379aec Make check-spaces happy. 2013-08-15 12:03:34 -04:00
Cristian Toader
e2a7b484f4 partial libevent open fix 2013-08-14 23:03:38 +03:00
Cristian Toader
8a85a48b9d attempt to add stat64 filename filters; failed due to getaddrinfo.. 2013-08-12 21:14:43 +03:00
Nick Mathewson
4361795145 Merge remote-tracking branch 'asn/bug9363_take2' 2013-08-12 09:46:54 -04:00
Roger Dingledine
49fd76be05 Merge branch 'maint-0.2.4' 2013-08-10 18:30:20 -04:00
Nick Mathewson
d5cfbf96a2 Fix an uninitialized-read when parsing v3 introduction requests.
Fortunately, later checks mean that uninitialized data can't get sent
to the network by this bug.  Unfortunately, reading uninitialized heap
*can* (in some cases, with some allocators) cause a crash if you get
unlucky and go off the end of a page.

Found by asn.  Bugfix on 0.2.4.1-alpha.
2013-08-10 17:49:51 -04:00
Cristian Toader
44a4464cf6 fixed memory leak, added array filter support 2013-08-10 18:04:48 +03:00
Cristian Toader
89b39db003 updated filters to work with orport 2013-08-09 19:07:20 +03:00
Cristian Toader
b3a8c08a92 orport progress (not functional), nickm suggested fixes 2013-08-07 13:13:12 +03:00
George Kadianakis
0c4baa016f Also test that server transports get written to Tor's state. 2013-08-05 21:05:39 +03:00
Nick Mathewson
b9f9110ac7 Don't allow all ORPort values to be NoAdvertise
Fix for bug #9366
2013-08-05 12:14:48 -04:00
Cristian Toader
356b646976 added execve and multi-configuration support 2013-08-05 15:40:23 +03:00
Cristian Toader
d897690fc7 fixes suggested by nickm 2013-08-05 14:17:46 +03:00
Arlo Breault
506a01bda8 Use size_t for length in replaycache_add_test_and_elapsed()
For consistency with the rest of buffer lengths in Tor.

See #8960
2013-08-04 09:29:22 -04:00
Peter Retzlaff
ebd4ab1506 Prepare patch for ticket 5129 for merging.
- Preserve old eventdns code.
- Add function to close sockets cross-platform, without accounting.
- Add changes/ file.
2013-08-02 09:35:24 -04:00
Nick Mathewson
83a859e24c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-31 21:49:30 -04:00
Nick Mathewson
0a0f93d277 Merge remote-tracking branch 'arma/bug9354' into maint-0.2.4 2013-07-31 21:48:48 -04:00
George Kadianakis
5a5147dd2e Fix invalid-read when a managed proxy configuration fails. 2013-07-31 13:56:07 -04:00
Nick Mathewson
904a58d10f Merge branch 'bug9288_rebased'
Conflicts:
	src/test/test_pt.c
2013-07-31 13:51:15 -04:00
Nick Mathewson
22a074caa7 Update pt/configure_proxy until it stops segfaulting 2013-07-31 13:34:16 -04:00
George Kadianakis
99bb6d2937 Modifications to transports.c for the unit tests to work.
Both 'managed_proxy_list' and 'unconfigured_proxies_n' are global
src/or/transports.c variables that are not initialized properly when
unit tests are run.
2013-07-31 13:34:16 -04:00
George Kadianakis
aaf79eb4d3 Write unit tests for configure_proxy(). 2013-07-31 13:34:16 -04:00
George Kadianakis
6e40806025 Fix invalid-read when a managed proxy configuration fails. 2013-07-31 13:34:16 -04:00
Cristian Toader
871e5b35a8 small filter changes; openat as separate function 2013-07-30 19:25:56 +03:00
Roger Dingledine
ff6bb13c02 NumDirectoryGuards now tracks NumEntryGuards by default
Now a user who changes only NumEntryGuards will get the behavior she
expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
2013-07-30 12:05:39 -04:00
Cristian Toader
8022def6f0 added openat parameter filter 2013-07-29 16:30:39 +03:00
Cristian Toader
8f9d3da194 Investigated access4 syscall problem, small changes to filter. 2013-07-26 19:53:05 +03:00
Nick Mathewson
d5a5a6a253 Allow {,k,kilo,m,mega,g,giga,t,tera}bit{,s} in torrc
Patch from CharlieB for ticket #9214
2013-07-26 16:07:11 +02:00
Nick Mathewson
221a0159b8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-26 15:42:10 +02:00
Nick Mathewson
11f1b7d9df Avoid assertion failure on unexepcted address family in DNS reply.
Fixes bug 9337; bugfix on 0.2.4.7-alpha.
2013-07-26 15:33:46 +02:00
Cristian Toader
626a2b23de integrated context for dynamic filters 2013-07-25 14:08:02 +03:00
Cristian Toader
3dfe1c0639 initia stages of runtime dynamic filters 2013-07-25 13:25:20 +03:00
Nick Mathewson
5d4b5018be Fix bug9309, and n_noncanonical count/continue code
When we moved channel_matches_target_addr_for_extend() into a separate
function, its sense was inverted from what one might expect, and we
didn't have a ! in one place where we should have.

Found by skruffy.
2013-07-23 05:16:56 -07:00
Cristian Toader
c15d09293b added experimental support for open syscall path param 2013-07-23 14:01:53 +03:00
Nick Mathewson
1d2e8020b7 Fix bug9309, and n_noncanonical count/continue code
When we moved channel_matches_target_addr_for_extend() into a separate
function, its sense was inverted from what one might expect, and we
didn't have a ! in one place where we should have.

Found by skruffy.
2013-07-23 11:52:10 +02:00
Nick Mathewson
18845c5507 Initialize destroy_cell_queue.
Likely fix for the crash bug of #9296, which was introduced through a
combination of #7912 and #8586.  Bugfix not in any released Tor.
2013-07-19 09:49:35 -04:00
Nick Mathewson
e1d3b44495 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-18 23:17:57 -04:00
Nick Mathewson
17a960734a Merge remote-tracking branch 'public/bug9295_023' into maint-0.2.4 2013-07-18 23:17:05 -04:00
Nick Mathewson
5977435629 tmp 2013-07-18 23:08:36 -04:00
George Kadianakis
05306ad74f Write extra-info bridge-ip-transports lines. 2013-07-18 14:59:57 -04:00
George Kadianakis
e765d6ed84 Make a channel getter method to retrieve transport names. 2013-07-18 14:59:57 -04:00
George Kadianakis
0ec4e5a698 Add transport information to the GeoIP database. 2013-07-18 14:59:57 -04:00
George Kadianakis
210210f219 Make the Extended ORPort understand the TRANSPORT command. 2013-07-18 14:59:56 -04:00
George Kadianakis
895709db07 Fix logging severities and remove some trivial XXXs. 2013-07-18 14:59:56 -04:00
George Kadianakis
c46f1b810d More Extended ORPort code improvements.
* Change name of init_ext_or_auth_cookie_authentication().
* Add a small comment.
2013-07-18 14:59:56 -04:00
George Kadianakis
d8f74cc439 Move Extended ORPort code to its own module.
Move the code from the connection_or module to ext_orport.

This commit only moves code: it shouldn't modify anything.
2013-07-18 14:59:56 -04:00
George Kadianakis
2207525a69 Satisfy check-spaces. 2013-07-18 14:59:56 -04:00
George Kadianakis
e2e0d09dab Various Extended ORPort code improvements.
* Add documentation.
* Free ext_or_auth_correct_client_hash.
* Use VPORT(ExtORPort) instead of V(ExtORPOrt).
  See dfe03d36c8 for details.
2013-07-18 14:59:56 -04:00
George Kadianakis
85b7c73168 Move USERADDR handling to a dedicated function. 2013-07-18 14:59:56 -04:00
George Kadianakis
4a55e39997 Implement Extended ORPort authentication. 2013-07-18 14:59:56 -04:00
George Kadianakis
93b9f85d41 Prepare codebase for the implementation of Extended ORPort auth. 2013-07-18 14:59:56 -04:00
George Kadianakis
d303228eca Create the Extended ORPort authentication cookie file. 2013-07-18 14:59:55 -04:00
George Kadianakis
ba30d635c5 Document code and change the Extended ORPort command numbers. 2013-07-18 14:59:55 -04:00
Nick Mathewson
8bf0382b22 Skeleton ExtORPort implementation. Needs testing, documentation.
Does not implement TransportControlPort yet.
2013-07-18 14:59:55 -04:00
Nick Mathewson
f45e1fbd5b Start of a unit test for options_validate.
I added this so I could write a unit test for ServerTransportOptions,
but it incidentally exercises the succeed-on-defaults case of
options_validate too.
2013-07-18 14:40:12 -04:00
Nick Mathewson
1e78100b25 Add a test for n_cells_in_circuit_queues 2013-07-18 11:23:45 -04:00
Nick Mathewson
ae64197195 Unit tests for cell queues.
This removes some INLINE markers from functions that probably didn't
need them.
2013-07-18 11:23:45 -04:00
Nick Mathewson
1047e7dcb0 Use TOR_SIMPLEQ for packed_cell_t 2013-07-18 11:23:45 -04:00
Nick Mathewson
27ec1fafe4 Remove a redundant declaration 2013-07-18 08:56:02 -04:00
Nick Mathewson
d7ccb6a3b1 Merge branch 'bug8978_rebase_2'
Conflicts:
	src/test/test_pt.c
2013-07-18 08:48:20 -04:00
Nick Mathewson
b551988ef4 Merge branch 'bug8929_rebase_2' 2013-07-18 08:45:13 -04:00
Nick Mathewson
8a01a7c35b Improve test coverage of 8929 code 2013-07-18 08:45:03 -04:00
George Kadianakis
c71809d403 Insert the environment variable only if we have options to pass. 2013-07-18 08:45:03 -04:00
George Kadianakis
1ee3a0cf44 Place the options in the environment after processing them properly. 2013-07-18 08:45:03 -04:00
George Kadianakis
1a0cf08841 Rename tor_escape_str_for_socks_arg() to something more generic.
Since we are going to be using that function to also escape parameters
passed to transport proxies using environment variables.
2013-07-18 08:45:03 -04:00
George Kadianakis
ea72958f25 Pass characters to be escaped to tor_escape_str_for_socks_arg().
This is in preparation for using tor_escape_str_for_socks_arg() to
escape server-side pluggable transport parameters.
2013-07-18 08:45:02 -04:00
George Kadianakis
08d9807125 Write function that parses ServerTransportOptions torrc lines.
And use it to validate them.
2013-07-18 08:45:02 -04:00
Nick Mathewson
e02b6b99f2 Add a basic unit test for pt_get_extra_info_descriptor_string. 2013-07-18 08:43:53 -04:00
George Kadianakis
924946aaaf Write transport ARGS to extra-info descriptor. 2013-07-18 08:43:52 -04:00
George Kadianakis
8bb2ba13c1 Extract ARGS from SMETHOD line and attach them to transport. 2013-07-18 08:43:52 -04:00
Nick Mathewson
f797ac465f Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-16 14:49:41 -04:00
Nick Mathewson
c36bdbd535 Re-do a cast in order to make old buggy freebsd gcc happy
Fix for #9254.  Bugfix on 0.2.4.14-alpha.

This is not actually a bug in the Tor code.
2013-07-16 14:48:12 -04:00
Andrea Shepard
9b3a166b44 Eliminate an impossible case in replaycache_scrub_if_needed_internal() 2013-07-16 06:01:50 -07:00
Nick Mathewson
55f5caf096 Appease "make check-spaces" 2013-07-15 17:35:56 -04:00
Nick Mathewson
c0391bae75 Merge remote-tracking branch 'public/fancy_test_tricks'
Conflicts:
	src/common/include.am

Conflict was from adding testsupport.h near where sandbox.h had
already been added.
2013-07-15 12:02:18 -04:00
Peter Palfrader
2cb59be999 Fix two pre-coffee typos 2013-07-15 09:43:37 -04:00
Peter Palfrader
783c52b6df Reject relative control socket paths and emit a warning.
Previously we would accept relative paths, but only if they contained a
slash somewhere (not at the end).

Otherwise we would silently not work.  Closes: #9258.  Bugfix on
0.2.3.16-alpha.
2013-07-15 09:04:17 -04:00
Roger Dingledine
6848e29307 cosmetic cleanups 2013-07-14 02:49:34 -04:00
Nick Mathewson
aac732322a Merge remote-tracking branch 'public/gsoc-ctoader-cap-phase1-squashed' 2013-07-12 17:12:43 -04:00
Nick Mathewson
14d5e7f85e Remove a bogus semicolon spotted by Gisle Vanem 2013-07-11 15:53:35 -04:00
Cristian Toader
f9c1ba6493 Add a basic seccomp2 syscall filter on Linux
It's controlled by the new Sandbox argument.  Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
2013-07-11 09:13:13 -04:00
Nick Mathewson
ec6c155f82 Add some basic unit tests for the circuit map data structure.
These show off the new mocking code by mocking the circuitmux code
so that we can test the circuit map code in isolation.
2013-07-10 15:26:34 -04:00
Nick Mathewson
17e9fc09c3 Coverage support: build with --enable-coverage to have tests run with gcov
If you pass the --enable-coverage flag on the command line, we build
our testing binaries with appropriate options eo enable coverage
testing.  We also build a "tor-cov" binary that has coverage enabled,
for integration tests.

On recent OSX versions, test coverage only works with clang, not gcc.
So we warn about that.

Also add a contrib/coverage script to actually run gcov with the
appropriate options to generate useful .gcov files.  (Thanks to
automake, the .o files will not have the names that gcov expects to
find.)

Also, remove generated gcda and gcno files on clean.
2013-07-10 15:22:16 -04:00
Nick Mathewson
a3e0a87d95 Completely refactor how FILENAME_PRIVATE works
We previously used FILENAME_PRIVATE identifiers mostly for
identifiers exposed only to the unit tests... but also for
identifiers exposed to the benchmarker, and sometimes for
identifiers exposed to a similar module, and occasionally for no
really good reason at all.

Now, we use FILENAME_PRIVATE identifiers for identifiers shared by
Tor and the unit tests.  They should be defined static when we
aren't building the unit test, and globally visible otherwise. (The
STATIC macro will keep us honest here.)

For identifiers used only by the unit tests and never by Tor at all,
on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS.

This is not the motivating use case for the split test/non-test
build system; it's just a test example to see how it works, and to
take a chance to clean up the code a little.
2013-07-10 15:20:10 -04:00
Nick Mathewson
f7d654b81e Start work on fancy compiler tricks to expose extra stuff to our tests
This is mainly a matter of automake trickery: we build each static
library in two versions now: one with the TOR_UNIT_TESTS macro
defined, and one without.  When TOR_UNIT_TESTS is defined, we can
enable mocking and expose more functions. When it's not defined, we
can lock the binary down more.

The alternatives would be to have alternate build modes: a "testing
configuration" for building the libraries with test support, and a
"production configuration" for building them without.  I don't favor
that approach, since I think it would mean more people runnning
binaries build for testing, or more people not running unit tests.
2013-07-10 15:20:09 -04:00
Nick Mathewson
fab99844fc Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-08 11:35:48 -04:00
Nick Mathewson
b34279d3ab Add a comment and a check for why flag indices will be <= 63 2013-07-08 11:35:06 -04:00
Nick Mathewson
15cd79f832 FIx undefined behavior in dirvote.c
Fix a bug in the voting algorithm that could yield incorrect results
 when a non-naming authority declared too many flags. Fixes bug 9200;
 bugfix on 0.2.0.3-alpha.

Found by coverity scan.
2013-07-03 12:01:37 -04:00
Nick Mathewson
0c3d676f9e Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-29 03:51:53 -04:00
Nick Mathewson
c955149271 Give a warning when bufferevents are enabled.
Ticket 9147.
2013-06-29 03:45:40 -04:00
Nick Mathewson
cde1a2ca05 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-24 12:55:29 -04:00
Nick Mathewson
ca6aacce16 Fix bug 9122: don't allow newdefaultoptions to be NULL
(This caused a crash that was reported as bug 9122, but the underlying
behavior has been wrong for a while.)

Fix on 0.2.3.9-alpha.
2013-06-24 12:53:37 -04:00
Marek Majkowski
10480dff01 Fix #5584 - raise awareness of safer logging - warn about potentially unsafe config options 2013-06-24 11:22:34 -04:00
Marek Majkowski
1555876d5f Fix #9108 - make global_circuitlist a doubly linked list 2013-06-20 16:56:54 +01:00
Marek Majkowski
d7538b57b4 Don't access global_circuitlist variable directly. Use a getter instead. 2013-06-20 16:40:05 +01:00
Nick Mathewson
f7986269c3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-18 14:47:15 -04:00
Nick Mathewson
7c4544e5a4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-06-18 14:45:29 -04:00
Nick Mathewson
60d633c73a Fix some problems with the bug9002 fix.
Fixes bug 9090; bug not in any released Tor.
2013-06-18 11:54:57 -04:00
Nick Mathewson
b5d1fded3d Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-18 10:25:30 -04:00
Nick Mathewson
efa342f5fa Tweak bug9063_redux patch: {n_p}_chan_cells, not {n,p}_conn_cells 2013-06-18 10:25:10 -04:00
Nick Mathewson
d3063da691 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/config.c
	src/or/relay.c
2013-06-18 10:23:03 -04:00
Nick Mathewson
c37fdc2eef Merge branch 'bug9063_redux_023_squashed' into maint-0.2.3 2013-06-18 10:16:47 -04:00
Nick Mathewson
2e1fe1fcf9 Implement a real OOM-killer for too-long circuit queues.
This implements "algorithm 1" from my discussion of bug #9072: on OOM,
find the circuits with the longest queues, and kill them.  It's also a
fix for #9063 -- without the side-effects of bug #9072.

The memory bounds aren't perfect here, and you need to be sure to
allow some slack for the rest of Tor's usage.

This isn't a perfect fix; the rest of the solutions I describe on
codeable.
2013-06-18 10:15:16 -04:00
Nick Mathewson
2974c83735 Merge remote-tracking branch 'public/bug9082' 2013-06-17 11:57:55 -04:00
Nick Mathewson
0748c06f7c Fix bug 9082: avoid leak when freeing destroy cell queues
In my #7912 fix, there wasn't any code to remove entries from the
(channel, circuit ID)->circuit map corresponding to queued but un-sent
DESTROYs.

Spotted by skruffy. Fixes bug 9082; bug not in any released Tor.
2013-06-17 11:30:56 -04:00
Nick Mathewson
dc516a5436 Limit hidden service descriptors to at most 10 guard nodes.
Fixes bug 9002; bugfix on 0.1.1.11-alpha (which introduced guard
nodes), or on 0.0.6pre1 (which introduced hidden services).
2013-06-16 20:24:48 -04:00
Andrea Shepard
469bd7a3cf Merge branch 'bug9072-024' into bug9072-025 2013-06-15 02:27:23 -07:00
Andrea Shepard
9e45d940d4 Merge branch 'bug9072-023' into bug9072-024 2013-06-15 02:20:19 -07:00
Andrea Shepard
2a95f31716 Disable middle relay queue overfill detection code due to possible guard discovery attack 2013-06-15 02:16:00 -07:00
Nick Mathewson
6f5a720d15 Merge branch 'circuit_queue_cap-0.2.5-squashed'
Conflicts:
	src/or/relay.c
2013-06-14 01:50:17 -04:00
Nick Mathewson
bd6bd1c9be Fix signed/unsigned comparison warning 2013-06-14 01:41:53 -04:00
Nick Mathewson
c974582291 Increase the limit so leaky pipe might work 2013-06-14 01:40:35 -04:00
Nick Mathewson
79cdf81ec1 Increase the limit so leaky pipe might work 2013-06-14 01:37:22 -04:00
Nick Mathewson
9e8c104ab8 Increase the limit so leaky pipe might work 2013-06-14 01:35:21 -04:00
Andrea Shepard
459aada4d0 Don't queue more cells as a middle relay than the spec allows to be in flight 2013-06-13 21:59:01 -07:00
Andrea Shepard
418c2845d0 Don't queue more cells as a middle relay than the spec allows to be in flight 2013-06-13 21:53:36 -07:00
Andrea Shepard
4cce58d3c2 Don't queue more cells as a middle relay than the spec allows to be in flight 2013-06-13 21:39:04 -07:00
Nick Mathewson
483385d2bd Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-13 21:59:27 -04:00
Nick Mathewson
73ca1cf8b7 Rename networkstatus_dl_interval() -> networkstatus_dl_check_interval() 2013-06-13 12:44:46 -04:00
Nick Mathewson
45424b2ca1 Merge remote-tracking branch 'linus/bug8532' 2013-06-13 12:42:49 -04:00
Nick Mathewson
caa0d15c49 If we write the annotation but not the microdescriptor, rewind.
This fixes bug 9047 (and some parts of 9031, 8922, 8883 that weren't
fixed in 8822).  Bugfix on 0.2.2.6-alpha.
2013-06-13 12:29:01 -04:00
Nick Mathewson
4b781e24fb Merge remote-tracking branch 'public/bug7912_squashed' 2013-06-13 10:31:02 -04:00
Nick Mathewson
e61df2ec65 Fix compile warnings wrt printf formating of int64_t 2013-06-13 10:30:34 -04:00
Andrea Shepard
16f9861b22 Add destroy balance tracking and logging to circuitmux 2013-06-13 10:14:36 -04:00
Nick Mathewson
43d53e6d86 Implementation of a fix for bug 7912
I added the code to pass a destroy cell to a queueing function rather
than writing it immediately, and the code to remember that we
shouldn't reuse the circuit id until the destroy is actually sent, and
the code to release the circuit id once the destroy has been sent...
and then I finished by hooking destroy_cell_queue into the rest of
Tor.
2013-06-13 10:14:00 -04:00
Nick Mathewson
801eea03ad Code to track on a circuit whether it has a "pending" delete cell
This will be used in a fix for bug7912.
2013-06-13 10:14:00 -04:00
Nick Mathewson
2949849143 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-13 09:43:53 -04:00
Nick Mathewson
25dddf7a8f Merge remote-tracking branch 'public/bug8822' into maint-0.2.4 2013-06-13 09:40:32 -04:00
Nick Mathewson
d7d6529898 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-12 20:55:53 -04:00
Nick Mathewson
75b7cc1785 Merge remote-tracking branch 'andrea/bug8639_v3' into maint-0.2.4 2013-06-12 20:55:35 -04:00
Nick Mathewson
e602c4031b Make all consumers of microdesc_t.body tolerate NULL
This is another fix to try to mitigate recurrences of 8031/8822.
2013-06-12 12:12:11 -04:00
Nick Mathewson
f455686b77 Unmap the microdescriptor cache before replacing it.
This is a reprise of the fix in bdff7e3299d78; 6905c1f6 reintroduced
that bug.  Briefly: windows doesn't seem to like deleting a mapped
file.  I tried adding the PROT_SHARED_DELETE flag to the createfile
all, but that didn't actually fix this issue.  Fortunately, the unit
test I added in 4f4fc63fea should
prevent us from making this particular screw-up again.

This patch also tries to limit the crash potential of a failure to
write by a little bit, although it could do a better job of retaining
microdescriptor bodies.

Fix for bug 8822, bugfix on 0.2.4.12-alpha.
2013-06-12 12:04:33 -04:00
Linus Nordberg
c132427db4 Hide consensus download interval, depending on TestingTorNetwork, in a macro. 2013-06-10 23:04:20 +02:00
Nick Mathewson
c300720bfa Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-10 12:28:30 -04:00
Nick Mathewson
607b29ae1a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-06-10 12:26:39 -04:00
Nick Mathewson
77a1935339 Fix (Open?)BSD fast-connect bug with optimistic data.
There's an assertion failure that can occur if a connection has
optimistic data waiting, and then the connect() call returns 0 on the
first attempt (rather than -1 and EINPROGRESS).  That latter behavior
from connect() appears to be an (Open?)BSDism when dealing with remote
addresses in some cases. (At least, I've only seen it reported with
the BSDs under libevent, even when the address was 127.0.0.1.  And
we've only seen this problem in Tor with OpenBSD.)

Fixes bug 9017; bugfix on 0.2.3.1-alpha, which first introduced
optimistic data. (Although you could also argue that the commented-out
connection_start_writing in 155c9b80 back in 2002 is the real source
of the issue.)
2013-06-10 12:14:49 -04:00
Linus Nordberg
4d54b9774d Add support for offsetting the voting interval in order to bootstrap faster.
A new option TestingV3AuthVotingStartOffset is added which offsets the
starting time of the voting interval. This is possible only when
TestingTorNetwork is set.

This patch makes run_scheduled_events() check for new consensus
downloads every second when TestingTorNetwork, instead of every
minute. This should be fine, see #8532 for reasoning.

This patch also brings MIN_VOTE_SECONDS and MIN_DIST_SECONDS down from
20 to 2 seconds, unconditionally. This makes sanity checking of
misconfiguration slightly less sane.

Addresses #8532.
2013-06-08 15:25:32 +02:00
Andrea Shepard
ce147a2a9a When launching a resolve request on behalf of an AF_UNIX control, omit the address field of the new entry connection. Fixes bug 8639. 2013-05-31 15:35:51 -07:00
Karsten Loesing
e39292f21d Test functions used for TB_EMPTY and CELL_STATS events. 2013-05-31 16:12:28 +02:00
Nick Mathewson
97d1caadfd Start correctly when not in testing mode.
You can't use != to compare arbitary members of or_options_t.

(Also, generate a better error message to say which Testing* option
was set.)

Fix for bug 8992. Bugfix on b0d4ca49. Bug not in any released Tor.
2013-05-28 16:13:06 -04:00
Nick Mathewson
d3125a3e40 Merge remote-tracking branch 'karsten/task-6752-3' 2013-05-28 10:59:35 -04:00
Karsten Loesing
b33b366a7f Tweak CIRC_BW event based on comments by nickm.
- Rename n_read and n_written in origin_circuit_t to make it clear that
  these are only used for CIRC_BW events.
- Extract new code in control_update_global_event_mask to new
  clear_circ_bw_fields function.
2013-05-25 19:51:38 +02:00
Karsten Loesing
ef67077fba Tweak TB_EMPTY event based on comments by nickm.
- Avoid control_event_refill_global function with 13 arguments and
  increase code reuse factor by moving more code from control.c to
  connection.c.
- Avoid an unsafe uint32_t -> int cast.
- Add TestingEnableTbEmptyEvent option.
- Prepare functions for testing.
- Rename a few functions and improve documentation.
2013-05-25 19:51:38 +02:00
Karsten Loesing
26b49f525d Tweak CELL_STATS event based on comments by nickm.
- Move cell_command_to_string from control.c to command.c.
- Use accessor for global_circuitlist instead of extern.
- Add a struct for cell statistics by command instead of six arrays.
- Split up control_event_circuit_cell_stats by using two helper functions.
- Add TestingEnableCellStatsEvent option.
- Prepare functions for testing.
- Rename a few variables and document a few things better.
2013-05-25 19:51:38 +02:00
Karsten Loesing
2f893624ab Tweak CONN_BW event based on comments by nickm.
- Rename read/write counters in connection_t to make it clear that these
  are only used for CONN_BW events.
- Add TestingEnableConnBwEvent option.
2013-05-25 19:51:38 +02:00
Karsten Loesing
a84fae7892 Tweak ORCONN event based on comments by nickm.
- Move new ID= parameter in ORCONN event to end.  Avoids possible trouble
  from controllers that parse parameters by position, even though they
  shouldn't.
2013-05-25 19:51:33 +02:00
Karsten Loesing
3795f6a78b Try harder to document default_options correctly. 2013-05-25 07:33:37 +02:00
Nick Mathewson
eef42d3863 Reformat 4282 fixes a little 2013-05-24 13:37:14 -04:00
Nick Mathewson
57e4324c42 Fix a logic error in 4282 fixes
check_or_create_data_subdir has succeeded when it returns 0, not
when it returns negative.
2013-05-24 13:36:15 -04:00
Peter Retzlaff
5b7eaa3765 Extract duplicate code in geoip and rephist.
Create new methods check_or_create_data_subdir() and
write_to_data_subdir() in config.c and use them throughout
rephist.c and geoip.c.
This should solve ticket #4282.
2013-05-24 13:12:18 -04:00
Nick Mathewson
b4b0063e48 Tweak fix for #8789 a bit; avoid double-close and add changes file 2013-05-24 12:23:21 -04:00
Arlo Breault
d25e77f2c3 Close socket at err target.
In connection_listener_new().
See #8789.
2013-05-24 12:05:57 -04:00
Karsten Loesing
b0d4ca4990 Tweak #6752 patch based on comments by nickm. 2013-05-24 10:28:31 +02:00
Nick Mathewson
f5820a1bf1 Restore 8093 log messages to WARN severity, but rate limit
See #8093 for discussion
2013-05-21 14:00:30 -04:00
Nick Mathewson
feeef00a6a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-21 13:46:28 -04:00
Nick Mathewson
30c06c187a Downgrade the unexpected sendme cell warnings for 0.2.4
See discussion on #8093
2013-05-21 13:45:21 -04:00
Nick Mathewson
cb488f9973 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-20 15:59:08 -04:00
Andrea Shepard
a2e72ac04a Copy-paste description of PathBias params from man page to or.h comment 2013-05-20 12:46:00 -07:00
Nick Mathewson
382dbe9819 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-17 14:54:19 -04:00
Nick Mathewson
bc56918e5a Fix bug 8846: better log message on IP version confusion 2013-05-17 14:50:45 -04:00
Karsten Loesing
2925e2fe78 Add new CIRC_BW event. 2013-05-16 14:18:13 +02:00
Karsten Loesing
dd5ce2157d Add new TB_EMPTY event.
Jointly authored with Rob Jansen <jansen@cs.umn.edu>.
2013-05-16 14:18:08 +02:00
Karsten Loesing
c386d2d6ce Add new CELL_STATS event.
Jointly authored with Rob Jansen <jansen@cs.umn.edu>.
2013-05-16 14:17:21 +02:00
Karsten Loesing
8d1f78c556 Add new CONN_BW event.
Jointly authored with Rob Jansen <jansen@cs.umn.edu>.
2013-05-16 13:48:35 +02:00
Karsten Loesing
e54d664f7b Add connection ID to ORCONN event.
Jointly authored with Rob Jansen <jansen@cs.umn.edu>.
2013-05-16 13:48:30 +02:00
Karsten Loesing
1293835440 Lower dir fetch retry schedules in testing networks.
Also lower maximum interval without directory requests, and raise
maximum download tries.

Implements #6752.
2013-05-16 12:08:48 +02:00
Nick Mathewson
69f66b960c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-15 10:44:17 -04:00
Roger Dingledine
0bfaf86612 Fix socks5 handshake for username/password auth
The fix for bug 8117 exposed this bug, and it turns out real-world
applications like Pidgin do care. Bugfix on 0.2.3.2-alpha; fixes bug 8879.
2013-05-15 03:34:37 -04:00
Arlo Breault
88a780d899 Check the return value of memchr().
For quality-of-implementation in munge_extrainfo_into_routerinfo().
See #8791
2013-05-14 12:23:17 -04:00
Andrea Shepard
50beb81d53 Merge branch 'maint-0.2.4' 2013-05-10 21:05:34 -07:00
Andrea Shepard
aaa3a085db Merge bug5595-v2-squashed into maint-0.2.4 2013-05-10 19:39:48 -07:00
Andrea Shepard
ac73ceb728 Rephrase comment in trusted_dirs_load_certs_from_string() to reflect 5595 fix 2013-05-09 10:55:07 -07:00
Andrea Shepard
17692b2fe2 Make warning in authority_cert_dl_failed() LD_BUG per NickM code review 2013-05-09 10:55:07 -07:00
Andrea Shepard
2824bf3445 Use tor_asprintf() and clean up string handling in authority_certs_fetch_missing() 2013-05-09 10:55:02 -07:00
Andrea Shepard
c0d96bae66 Clean up ugly constants in connection_dir_download_cert_failed(), and fix a broken one 2013-05-09 10:55:02 -07:00
Andrea Shepard
7b6ee54bdc Avoid duplicate downloads by (fp,sk) and by fp for authority certs when bootstrapping 2013-05-09 10:55:01 -07:00
Andrea Shepard
fddb814fea When downloading certificates, distinguish requesting by identity digest from requesting by ID digest, signing key pair; fixes bug 5595 2013-05-09 10:55:01 -07:00
Andrea Shepard
d5bd4a4763 Implement fp_pair_map_t 2013-05-09 10:54:55 -07:00
Nick Mathewson
82ab33c9a6 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-09 13:20:01 -04:00
Nick Mathewson
bae5dd6c8d Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-05-09 13:14:53 -04:00
Nick Mathewson
00e2310f12 Don't run off the end of the array-of-freelists
This is a fix for bug 8844, where eugenis correctly notes that there's
a sentinel value at the end of the list-of-freelists that's never
actually checked.  It's a bug since the first version of the chunked
buffer code back in 0.2.0.16-alpha.

This would probably be a crash bug if it ever happens, but nobody's
ever reported something like this, so I'm unsure whether it can occur.
It would require write_to_buf, write_to_buf_zlib, read_to_buf, or
read_to_buf_tls to get an input size of more than 32K.  Still, it's a
good idea to fix this kind of thing!
2013-05-09 13:10:48 -04:00
Andrea Shepard
9c58905a2b Merge branch 'maint-0.2.4' into master 2013-05-07 02:24:08 -07:00
Nick Mathewson
a1d7f7ea50 Use a clearer idiom for node identity in router_counts_toward_thresholds 2013-05-05 18:55:19 -04:00
Nick Mathewson
139d367f29 Fix 8833: crash bug from using NULL node->ri in dirserv.c
It appears that moria1 crashed because of one instance of this (the
one in router_counts_toward_thresholds).  The other instance I fixed
won't actually have broken anything, but I think it's more clear this
way.

Fixes bug 8833; bugfix on 0.2.4.12-alpha.
2013-05-05 18:52:53 -04:00
Nick Mathewson
ef83db4fe8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-24 22:16:07 -04:00
Nick Mathewson
f8bb0064d6 Merge remote-tracking branch 'public/bug6026' into maint-0.2.4 2013-04-24 22:15:47 -04:00
Nick Mathewson
68ea7d24d8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-24 22:05:41 -04:00
Mike Perry
ac22bf27d7 Increase the pathbias state file miscounting version check.
We now know the bug is present in 0.2.4.12-alpha too. It should be fixed in
0.2.4.13-alpha, though.
2013-04-24 22:03:03 -04:00
Mike Perry
2170f89a93 Bug 8235: Fix scaling adjustments.
We need to subtract both the current built circuits *and* the attempted
circuits from the attempt count during scaling, since *both* have already been
counted there.
2013-04-24 22:03:02 -04:00
Nick Mathewson
6defb10d72 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-18 22:45:12 -04:00
Nick Mathewson
b933360ee8 Add a boolean to flag-thresholds for "we have enough measured bandwidth"
Implements #8711.
2013-04-18 22:43:52 -04:00
Nick Mathewson
0124b10d28 Turn on ntor by default client-side
Implements #8561.
2013-04-18 22:35:15 -04:00
Nick Mathewson
ab3d5c0490 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-18 21:42:39 -04:00
Nick Mathewson
e35ca13528 Merge remote-tracking branch 'public/bug8716_023' into maint-0.2.4 2013-04-18 21:33:53 -04:00
Nick Mathewson
1b5320bfe3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-18 11:28:11 -04:00
Nick Mathewson
06efbbb47e Merge remote-tracking branch 'public/bug8719' into maint-0.2.4 2013-04-18 11:26:54 -04:00
Nick Mathewson
da30adcf0f Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/common/crypto.c
2013-04-18 11:16:05 -04:00
Nick Mathewson
8362f8854a Merge branch 'less_charbuf_rebased' into maint-0.2.4
Conflicts:
	src/or/dirserv.c
	src/or/dirserv.h
	src/test/test_dir.c
2013-04-18 11:13:36 -04:00
Nick Mathewson
992bbd02f9 Re-enable test for parsing and generating descriptor with exit policy
Looks like I turned this off in 6ac42f5e back in 2003 and never got
around to making it work again.  There has been no small amount of
code drift.
2013-04-18 11:04:58 -04:00
Nick Mathewson
0f83fcc5c2 Add a quick-and-dirty-test for generate_v2_networkstatus.
It sure is a good thing we can run each test in its own process, or
else the amount of setup I needed to do to make this thing work
would have broken all the other tests.

Test mocking would have made this easier to write too.
2013-04-18 11:04:58 -04:00
Nick Mathewson
6706a05b79 Remove the now-unused router_get_networkstatus_v3_hash 2013-04-18 11:04:57 -04:00
Nick Mathewson
c35ef8e6e9 Test improvement: include microdesc lines in our synthetic microdesc consensuses. 2013-04-18 11:04:57 -04:00
Nick Mathewson
e1128d905c Fix a couple of documentation issues. 2013-04-18 11:04:57 -04:00
Nick Mathewson
d2d5a7dabc Remove some now-needless length defines 2013-04-18 11:04:57 -04:00
Nick Mathewson
28ef450b24 Remove RS_ENTRY_LEN
Nothing uses it any longer now that we use smartlists of strings for
stuff that manipulates iles of formatted routerstatuses.
2013-04-18 11:04:57 -04:00
Nick Mathewson
cb75519bbf Refactor dirobj signature generation
Now we can compute the hash and signature of a dirobj before
concatenating the smartlist, and we don't need to play silly games
with sigbuf and realloc any more.
2013-04-18 11:04:57 -04:00
Nick Mathewson
fd93622cc8 Use chunks, not buffers, for router descriptors 2013-04-18 11:04:56 -04:00
Nick Mathewson
1186628fa9 Refactor v2 networkstatus generation to avoid buffer-style 2013-04-18 11:04:56 -04:00
Nick Mathewson
9246a7ca58 Refactor routerstatus_format_entry to avoid character-buffers 2013-04-18 11:04:56 -04:00
Nick Mathewson
cd1cdae0fa Fix some wide lines 2013-04-18 10:30:14 -04:00
Nick Mathewson
cd2b508f4e Don't leak a waiting-for-certs consensus when accepting it.
I believe this was introduced in 6bc071f765, which makes
this a fix on 0.2.0.10-alpha.  But my code archeology has not extended
to actually testing that theory.
2013-04-17 11:53:52 -04:00
Nick Mathewson
0a9c17a61a Fix memory leak when sending configuration-changed event
Fix for bug #8718; bugfix on 0.2.3.3-alpha.
2013-04-17 11:34:15 -04:00
Nick Mathewson
bb79373fe8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-17 10:50:58 -04:00
Nick Mathewson
b00a6211c5 Merge remote-tracking branch 'public/bug7143_v2' into maint-0.2.4 2013-04-17 10:49:59 -04:00
Nick Mathewson
bbc049a756 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-17 10:48:39 -04:00
Nick Mathewson
42731f69ef Merge branch 'bug8037_squashed' into maint-0.2.4 2013-04-17 10:45:45 -04:00
Nick Mathewson
0cf2c01dbd Reject most directory documents with an internal NUL.
(Specifically, we reject all the ones that aren't NUL-terminated,
since a NUL-terminated thing can't have a NUL in the middle.)

Another fix for #8037.
2013-04-17 10:45:27 -04:00
Nick Mathewson
d34d0b4dc5 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/dirserv.c
2013-04-14 21:57:56 -04:00
Nick Mathewson
a6545d6335 Merge branch 'bug8683_rebased' into maint-0.2.4 2013-04-14 21:48:44 -04:00
Nick Mathewson
f3ae628517 Remove a now-empty if body; invert the sense of its condition 2013-04-14 21:47:29 -04:00
Nick Mathewson
c4de828923 Remvoe total_bandwidth and total_exit_bandwidth as unused. 2013-04-14 21:47:29 -04:00
Nick Mathewson
52cadff0d6 Rename all fields which measure bw in kb to end with _kb 2013-04-14 21:45:05 -04:00
Nick Mathewson
49696786fb Fix some KB/B confusion in flag threshold minima. 2013-04-14 21:43:50 -04:00
Roger Dingledine
9a4e9b4a80 fix trivial typo 2013-04-12 04:27:10 -04:00
Nick Mathewson
63ab5f4849 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-12 01:14:32 -04:00
Nick Mathewson
97246a5b6d Merge remote-tracking branch 'public/bug5650_squashed' into maint-0.2.4 2013-04-12 01:13:22 -04:00
Nick Mathewson
39ac1db60e Avoid busy-looping on WANTREAD within connection_handle_write
Fix for bug 5650.  Also, if we get a WANTREAD while reading while
writing, make sure we're reading.
2013-04-12 01:11:31 -04:00
Nick Mathewson
265a7ebca6 Use credible_bandwidth uniformly in setting/using fast_bandwidth
We were using credible_bandwidth to build the fast_bandwidth
threshold, but comparing it to bandwidth_for_router.
2013-04-11 10:36:46 -04:00
Nick Mathewson
ec4ee3197f Use correct units for dirserv_get_{credible_bandwidth,bandwidth_for_router}
We were mixing bandwidth file entries (which are in kilobytes) with
router_get_advertised_bw() entries, which were in bytes.

Also, use router_get_advertised_bandwidth_capped() for credible_bandwidth.
2013-04-11 10:26:17 -04:00
Nick Mathewson
e54a5a4f3c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-11 01:47:10 -04:00
Nick Mathewson
922ab0883d Merge remote-tracking branch 'public/bug8185_diagnostic' into maint-0.2.4 2013-04-11 01:46:28 -04:00
Nick Mathewson
1b026efc62 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-11 01:43:14 -04:00
Nick Mathewson
ee3cc44f27 Merge remote-tracking branch 'public/bug7302' into maint-0.2.4
Conflicts:
	src/or/status.c
2013-04-11 01:42:54 -04:00
Nick Mathewson
3dfd1ebf12 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-11 01:40:31 -04:00
Nick Mathewson
7f50af116f Merge remote-tracking branch 'public/bug8117_023' into maint-0.2.4
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/connection.c
2013-04-11 01:39:55 -04:00
Roger Dingledine
8e7226cf7f fix text in function comment
(now that we moved to libevent)
2013-04-11 01:11:25 -04:00
Nick Mathewson
25f9ecf4b2 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-05 16:58:26 -04:00
Desoxy
74f5e304e4 Controller: Add CACHED keyword to ADDRMAP events (#8596 part 2/2)
Add keyword CACHED="YES"/"NO" to ADDRMAP control events to indicate whether the
DNS response will be cached or not.
2013-04-03 18:50:51 +02:00
Desoxy
2c40138210 Controller: Always send ADDRMAP event after RESOLVE command (#8596 part 1/2)
Since 7536c40 only DNS results for real SOCKS requests are added to the cache,
but not DNS results for DNSPort queries or control connection RESOLVE queries.
Only cache additions would trigger ADDRMAP events on successful resolve.

Change it so that DNS results received after a RESOLVE command also generate
ADDRMAP events.
2013-04-03 18:50:27 +02:00
Nick Mathewson
b349f09b47 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-03 09:36:59 -04:00
Nick Mathewson
33b7083f26 Fix a wide line 2013-04-03 09:36:37 -04:00
Mike Perry
56e7dff7bd Add additional checks for Path Bias scaling.
Just in case more issues remain with scaling, it would be nice to pin-point
them as such.
2013-04-03 09:32:15 -04:00
Mike Perry
2b05a8c671 Clip invalid path bias counts at startup.
There was a bug in Tor prior to 0.2.4.10-alpha that allowed counts to
become invalid. Clipping the counts at startup allows us to rule out
log messages due to corruption from these prior Tor versions.
2013-04-03 09:32:15 -04:00
Nick Mathewson
a934376049 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-02 10:42:53 -04:00
Nick Mathewson
856d57531b Merge remote-tracking branch 'public/bug7707_diagnostic' into maint-0.2.4 2013-04-02 10:41:14 -04:00
Nick Mathewson
7ccaf3f1a4 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-02 10:37:00 -04:00
Nick Mathewson
2c155064aa Merge remote-tracking branch 'public/bug8427' into maint-0.2.4 2013-04-02 10:36:15 -04:00
Akshay Hebbar Y S
36acde6b4e Removed obsolete code related to cached-routers 2013-04-01 21:50:35 -04:00
Nick Mathewson
c1a2be9ffe Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-29 12:26:01 -04:00
Mike Perry
9117b14218 Bug #8196: Demote a path bias notice that can be caused by controllers.
We didn't see this in normal usage anyway.
2013-03-29 12:21:28 -04:00
Mike Perry
651e49713c Bug 8419: Apply the badexit fix from #2203 to validatio too
This was causing dirauths to emit flag weight validation warns if there
was a sufficiently large amount of badexit bandwidth to make a difference in
flag weight results.
2013-03-29 12:20:54 -04:00
Mike Perry
f6a2f088fd Bug 8477: Don't warn if fromerly GENERAL circuits still have streams.
This can happen in various cases of network failure.
2013-03-29 12:20:54 -04:00
Mike Perry
a7d6683629 Bug 8230: Mark circuits as opened before reachability testing.
Should silence two path bias Bug messages seen on relays at startup.
2013-03-29 12:20:54 -04:00
Nick Mathewson
c3cc79ec38 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-29 12:19:05 -04:00
Mike Perry
d39e6736fe Don't relax the timeout for already opened 1-hop circuits. 2013-03-29 12:17:05 -04:00
Mike Perry
66586da9bc Add detail to log messages related to bug 7799.
Note this does not solve bug 7799, it is only to help us diagnose it.
2013-03-29 12:17:04 -04:00
Nick Mathewson
097a08f6fe Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-28 09:33:58 -04:00
Karsten Loesing
1bce70a9e3 Make PathsNeededToBuildCircuits option work. 2013-03-28 09:32:19 -04:00
Nick Mathewson
eb9b282cc2 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-27 21:07:36 -04:00
Nick Mathewson
7f8098d2d0 Add some missing case values to please clang
It seems that some versions of clang that would prefer the
-Wswitch-enum compiler flag to warn about switch statements with
missing enum values, even if those switch statements have a
default.

Fixes bug 8598; bugfix on 0.2.4.10-alpha.
2013-03-27 21:04:08 -04:00
Mike Perry
87d50d0617 Clarify liveness log message and lower it to notice.
It could just be due to small clock jumps, after all.
2013-03-27 16:22:43 -07:00
Mike Perry
65c0489dd4 Bug 6572: Use timestamp_created for liveness sanity checks.
This should eliminate potential regressions caused by #7341.
2013-03-26 20:28:19 -07:00
Nick Mathewson
e62b8051ee Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-26 22:20:33 -04:00
Mike Perry
914bfe765d Bug 7065: Use $ for idhex instead of = 2013-03-26 18:49:41 -07:00
Nick Mathewson
2e1f23151c count DATA cells with stream ID 0 as delivered for SENDME purposes
Found while investigating 8093, but probably not the cause of it,
since this bug would result in us sending too few SENDMEs, not in us
receiving SENDMEs unexpectedly.

Bugfix on the fix for 7889, which has appeared in 0.2.4.10-alpha, but
not yet in any released 0.2.3.x version.
2013-03-22 14:57:58 -04:00
Nick Mathewson
967503c12c Implement a placeholder mechanism in the channel,id->circ map
We'll use this to help fix bug 7912, by providing a way to mark
that a circuit ID can't get reused while a DESTROY is queued but not sent.
2013-03-21 11:55:07 -04:00
Nick Mathewson
e9ffd9890f Remove check for whether bridge_line->digest is NULL
It can never be NULL, since it's an array in bridge_line_t.

Introduced in 266f8cddd8. Found by coverity; this is CID 992691. Bug
not in any released Tor.
2013-03-21 07:47:42 -04:00
Nick Mathewson
ea6d53e724 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-21 07:25:24 -04:00
Nick Mathewson
6196d0e83d The *default* guard lifetime is two months; the *min* is one
This caused an assertion failure when pruning guards.

Fixes bug #8553; bug not in any released Tor.
2013-03-21 07:22:59 -04:00
Nick Mathewson
fa3c237739 Per-SOCKSPort configuration for bug 8117 fix.
This might be necessary if the bug8117 fix confuses any applications.

Also add a changes file.
2013-03-20 16:17:06 -04:00
Nick Mathewson
a264c4feda Prefer SOCKS_USER_PASS over SOCKS_NO_AUTH 2013-03-20 15:37:47 -04:00
Nick Mathewson
7c2eabcf8e Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-20 14:47:49 -04:00
Nick Mathewson
3412054987 Merge remote-tracking branch 'public/bug8475_023' into maint-0.2.4 2013-03-20 14:47:13 -04:00
Nick Mathewson
a87f22ef64 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-20 14:26:22 -04:00
Andrea Shepard
5c5198e713 Set default minimum bandwidth for exit flag to zero for TestingTorNetwork 2013-03-20 11:16:41 -07:00
Andrea Shepard
8e29a7ae1d Fix an EOL@EOF in circuituse.c 2013-03-20 11:03:18 -07:00
Nick Mathewson
a660fe6fd5 Let testing networks override ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
This adds a new option to fix bug 8508 which broke chutney
networks. The bug was introduced by 317d16de.
2013-03-20 13:34:57 -04:00
Nick Mathewson
63a42b38b1 Merge remote-tracking branch 'public/unsigned-time_t' 2013-03-20 10:53:07 -04:00
Nick Mathewson
80c987fbb4 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-20 10:34:31 -04:00
Nick Mathewson
5b0b51ca3f Merge remote-tracking branch 'public/bug6304_v3' into maint-0.2.4
Conflicts:
	src/or/circuitbuild.c
	src/or/config.c
2013-03-20 10:31:56 -04:00
Nick Mathewson
7d1ade251b Debugging log for bug 8185
If the bug recurs, log the filename and line number that triggered it
2013-03-19 17:00:40 -04:00
Nick Mathewson
96d39fd236 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 16:44:00 -04:00
Nick Mathewson
ca50fb4f81 Don't assert when writing a cell to a CLOSING connection.
Instead, drop the cell.

Fixes another case of bug 7350; bugfix on 0.2.4.4-alpha
2013-03-19 16:35:40 -04:00
Nick Mathewson
96e8e30ee3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 16:17:42 -04:00
Nick Mathewson
323cb655be Merge remote-tracking branch 'public/bug7164_diagnostic' into maint-0.2.4 2013-03-19 16:16:48 -04:00
Nick Mathewson
c547502ecb Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 16:15:39 -04:00
Nick Mathewson
6f20a74d52 Merge branch 'bug8240_v2_squashed' into maint-0.2.4
Conflicts:
	doc/tor.1.txt
	src/or/circuitbuild.c
	src/or/config.c
	src/or/or.h
2013-03-19 16:15:27 -04:00
Nick Mathewson
18752bca5b Drop the minimum guard lifetime back down to one month
Mike believes that raising the default to 2 months with no way to lower
it may create horrible load-balancing issues.
2013-03-19 16:04:40 -04:00
Nick Mathewson
cf734a08f6 Add support for days of the week to intervals 2013-03-19 16:03:58 -04:00
Nick Mathewson
343f7aa059 Make the guard lifetime configurable and adjustable via the consensus
Fixes 8240.

(Don't actually increase the default guard lifetime. It seems likely to
break too many things if done precipitiously.)
2013-03-19 16:02:19 -04:00
Nick Mathewson
acbfc9c8cc Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 15:32:44 -04:00
Nick Mathewson
a7b46336eb Merge remote-tracking branch 'public/bug7950' into maint-0.2.4 2013-03-19 15:32:17 -04:00
Nick Mathewson
084c857704 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 14:19:19 -04:00
Nick Mathewson
de7e99f8bb Merge remote-tracking branch 'public/bug8031' into maint-0.2.4 2013-03-19 14:18:07 -04:00
Nick Mathewson
e6602f5991 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 14:16:46 -04:00
Nick Mathewson
c101ecc8dc Merge remote-tracking branch 'asn/bug3594_rebased_and_fixed'
Conflicts:
	src/common/util.c
	src/or/entrynodes.h
2013-03-19 13:25:45 -04:00
Nick Mathewson
4eaca17f2f Merge branch 'bug7582_v2' into maint-0.2.4 2013-03-19 12:29:29 -04:00
Nick Mathewson
73a35dc3c0 Free prepend_policy values in origin circuits 2013-03-19 12:29:08 -04:00
Nick Mathewson
6e94d2fb3a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 16:36:52 -04:00
Nick Mathewson
597cd893c5 Merge remote-tracking branch 'public/bug6174' into maint-0.2.4 2013-03-18 16:36:25 -04:00
Nick Mathewson
b0f7af1615 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 16:34:29 -04:00
Nick Mathewson
01407f9718 Merge remote-tracking branch 'public/bug8062' into maint-0.2.4 2013-03-18 16:33:47 -04:00
Nick Mathewson
899c2805b1 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:57:51 -04:00
Nick Mathewson
bd9901bef2 Handle TRUNCATE correctly if our next channel isn't done yet.
Patch from 'cypherpunks'. Fixes bug #7947. Bugfix on 0.0.7.1.
2013-03-18 15:55:55 -04:00
Nick Mathewson
d404b0200f Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:46:01 -04:00
Nick Mathewson
aa4fcc4f13 Merge remote-tracking branch 'public/bug6164' into maint-0.2.4 2013-03-18 15:45:49 -04:00
Nick Mathewson
5124bc251a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:39:21 -04:00
Nick Mathewson
ad8a27a393 Fix some wide lines 2013-03-18 15:39:11 -04:00
Nick Mathewson
67709398b6 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:18:56 -04:00
Nick Mathewson
5959d1c105 Merge remote-tracking branch 'andrea/bug8435' into maint-0.2.4 2013-03-18 15:17:11 -04:00
Nick Mathewson
41cff47c6a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:16:11 -04:00
Nick Mathewson
3f837d4826 Make stream events for RESOLVE lookups more consistent
Fixes 8203; patch by Desoxy
2013-03-18 15:13:59 -04:00
Andrea Shepard
0164f16f70 Improve comment for routers_with_measured_bw static var in dirserv.c 2013-03-18 12:04:41 -07:00
Andrea Shepard
e9bdb695e8 Improve comment on router_counts_toward_thresholds() 2013-03-18 11:58:30 -07:00
Andrea Shepard
d64e5969f4 Add dirserv_has_measured_bw() predicate wrapper for dirserv_query_measured_bw_cache() 2013-03-18 11:56:42 -07:00
Nick Mathewson
f15d9cf5db Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 14:50:36 -04:00
Nick Mathewson
26639b7798 Merge remote-tracking branch 'public/no_dup_guards' into maint-0.2.4 2013-03-18 14:50:01 -04:00
Nick Mathewson
1512747656 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 14:32:18 -04:00
Nick Mathewson
173efa1051 Merge remote-tracking branch 'public/bug8059' into maint-0.2.4 2013-03-18 14:31:50 -04:00
Nick Mathewson
a770e1cc22 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 14:30:28 -04:00
Nick Mathewson
63b67577d6 Check return values from fcntl and setsockopt
(Based on a patch from flupzor; bug #8206)
2013-03-18 14:28:38 -04:00
Nick Mathewson
3fa9c9b688 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 14:24:30 -04:00
Nick Mathewson
eb9420082d Check for 0.2.4.8, not 0.2.4.7, to determine EXTEND2 support
Fixes bug 8464; bugfix on b2863739 in 0.2.4.8-alpha
2013-03-18 14:23:19 -04:00
Andrea Shepard
f93f7e331b Ignore advertised bandwidths if we have enough measured bandwidths available 2013-03-18 11:15:21 -07:00
Nick Mathewson
f48daef299 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-15 12:38:55 -04:00
Nick Mathewson
8b4728ebd6 Merge remote-tracking branch 'public/bug8180_023_v2' into maint-0.2.4 2013-03-15 12:38:11 -04:00
Nick Mathewson
686aaa5c4c Upgrade the warn for EntryNodes without UseEntryGuards to an error
fixes bug 8180
2013-03-15 12:34:29 -04:00
Nick Mathewson
b163e801bc Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/routerlist.c
2013-03-15 12:20:17 -04:00
Nick Mathewson
0cf327dc78 Merge remote-tracking branch 'public/unused_stuff' into maint-0.2.4 2013-03-15 12:17:23 -04:00
Nick Mathewson
9be3389dc7 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-14 12:06:58 -04:00
Nick Mathewson
653b09e1ec Make circuit_purpose_to_string handle CIRCUIT_PURPOSE_PATH_BIAS_TESTING 2013-03-14 12:06:03 -04:00
Nick Mathewson
1b28f366b8 Apply ClientDNSRejectInternalAddresses to IPv6 in RESOLVED cells
Fixes bug 8475; bugfix on 0.2.0.7-alpha.
2013-03-14 11:19:08 -04:00
Nick Mathewson
adfc3de833 Log fname:lineno in log messages for #7164
This should help us track down #7164 at last.
2013-03-13 10:42:58 -04:00
Nick Mathewson
b9a8f8c17c Fix the warning about LearnCircuitBuildTimeout && !CircuitBuildTimeout
This is for bug 6304.

Add a changes file too
2013-03-13 09:17:43 -04:00
Nick Mathewson
7543fb61e3 Simplify the logic of circuit_build_times_get_initial_timeout. 2013-03-13 09:11:31 -04:00
Nick Mathewson
16f2e4aa8c Don't warn about not sending a socks reply if we get a write error
If we get a write error on a SOCKS connection, we can't send a
SOCKS reply, now can we?

This bug has been here since 36baf7219, where we added the "hey, I'm
closing an AP connection but I haven't finished the socks
handshake!" message.  It's bug 8427.
2013-03-12 17:36:09 -04:00
Nick Mathewson
2b22c0aeef On END_REASON_EXITPOLICY, mark circuit as unusable for that address.
Also, don't call the exit node 'reject *' unless our decision to pick
that node was based on a non-summarized version of that node's exit
policy.

rransom and arma came up with the ideas for this fix.

Fix for 7582; the summary-related part is a bugfix on 0.2.3.2-alpha.
2013-03-11 23:37:47 -04:00
Nick Mathewson
452cfaacfc Track TLS overhead: diagnostic for bug 7707 2013-03-11 22:06:07 -04:00
Nick Mathewson
805ecb8719 Make control_event_bootstrap_problem always INFO when hibernating
When we're hibernating, the main reqason we can't bootstrap will
always be that we're hibernating: reporting anything else at severity
WARN is pointless.

Fixes part of 7302.
2013-03-11 20:52:20 -04:00
Nick Mathewson
34f07ec862 When hibernating, don't heartbeat about problems.
Fixes part of 7302.
2013-03-11 20:50:02 -04:00
Nick Mathewson
07e26005a6 Treat a changed IPv6 ORPort like an IPv4 one in retry_all_listeners()
Fix for bug 6026
2013-03-11 17:20:43 -04:00
Nick Mathewson
012068935a Fix a bug in microdescs_add_to_cache when listed_at == -1
This bug affects hosts where time_t is unsigned, which AFAICT does
not include anything we currently support.  (It _does_ include
OpenVMS, about a month of BSD4.2's history[1], and a lot of the 1970s.)

There are probably more bugs when time_t is unsigned.  This one was

[1] http://mail-index.netbsd.org/tech-userlevel/1998/06/04/0000.html
2013-03-11 16:20:20 -04:00
Nick Mathewson
1eebb56691 Another possible diagnostic for 8031.
This time, I'm checking whether our calculated offset matches our
real offset, in each case, as we go along.  I don't think this is
the bug, but it can't hurt to check.
2013-03-11 14:53:41 -04:00
Nick Mathewson
6905c1f60d Check more error codes when writing microdescriptors.
Possible partial fix, or diagnosis tool, for bug 8031.
2013-03-11 14:51:18 -04:00
Nick Mathewson
d54ccbe9fd Use fds, not stdio, to manage microdescriptor files
This is part of an attempt to mitigate 8031.
2013-03-11 14:37:44 -04:00
Nick Mathewson
fca578d9b5 Increase link_proto field to 2 bytes
This should have been 2 bytes all along, since version numbers can
be 16 bits long.  This isn't a live bug, since the call to
is_or_protocol_version_known in channel_tls_process_versions_cell
will reject any version number not in the range 1..4.  Still, let's
fix this before we accidentally start supporting version 256.

Reported pseudonymously. Fixes bug 8062; bugfix on 0.2.0.10-alpha --
specifically, on commit 6fcda529, where during development I
increased the width of a version to 16 bits without changing the
type of link_proto.
2013-03-11 12:34:14 -04:00
Nick Mathewson
b9037521c6 Fix a framing bug when reading versions from a versions cell.
Our ++ should have been += 2.  This means that we'd accept version
numbers even when they started at an odd position.

This bug should be harmless in practice for so long as every version
number we allow begins with a 0 byte, but if we ever have a version
number starting with 1, 2, 3, or 4, there will be trouble here.

Fix for bug 8059, reported pseudonymously. Bugfix on 0.2.0.10-alpha
-- specifically, commit 6fcda529, where during development I
increased the width of a version to 16 bits without changing the
loop step.
2013-03-11 12:29:28 -04:00
Roger Dingledine
331e4dcb46 Merge branch 'maint-0.2.4' 2013-03-10 23:42:14 -04:00
Roger Dingledine
0196647970 start part-way through the ssl cert lifetime
also, snap the start time and end time to a day boundary, since most
certs in the wild seem to do this.
2013-03-10 23:38:18 -04:00
Roger Dingledine
edd6f02273 randomize SSLKeyLifetime by default
resolves ticket 8443.
2013-03-10 23:38:18 -04:00
Roger Dingledine
599aeef9bc parameterize SSLKeyLifetime
no actual changes in behavior yet
2013-03-10 23:38:18 -04:00
Nick Mathewson
aa3126b5b4 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-10 23:03:17 -04:00
Nick Mathewson
e270a066a6 Merge remote-tracking branch 'arma/bug6783_big_hammer' into maint-0.2.4 2013-03-10 23:01:58 -04:00
Nick Mathewson
e4c5001bad Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-10 23:00:13 -04:00
Benjamin Kerensa
8b4195f021 Fix typos in a few log messages 2013-03-10 22:59:19 -04:00
Roger Dingledine
f8960ea22b set DisableV2DirectoryInfo_ off by default
since it's only enableable by authorities, nobody else would be able
to start their tor
2013-03-10 20:40:15 -04:00
Nick Mathewson
926b3d77f1 Tweak bug6783 patch. 2013-03-10 20:31:58 -04:00
Nick Mathewson
e4614d30e5 Add a DisableV2DirectoryInfo_ option to 404 all v2 ns requests
I have no idea whether b0rken clients will DoS the network if the v2
authorities all turn this on or not.  It's experimental. See #6783 for
a description of how to test it more or less safely, and please be
careful!
2013-03-10 20:31:53 -04:00
Nick Mathewson
4235425fce Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-10 19:53:31 -04:00
Nick Mathewson
339df5df08 Fix 8447: use %u to format circid_t.
Now that circid_t is 4 bytes long, the default integer promotions will
leave it alone when sizeof(int) == 4, which will leave us formatting an
unsigned as an int.  That's technically undefined behavior.

Fixes bug 8447 on bfffc1f0fc.  Bug not
in any released Tor.
2013-03-10 19:52:06 -04:00
Nick Mathewson
d13b996d83 Fix to test for bug8444 / 6034 2013-03-09 19:56:43 -05:00
Andrea Shepard
8027ebb5fd Better comment for dirserv_query_measured_bw_cache() 2013-03-07 15:59:30 -08:00
Andrea Shepard
b522434834 Use DIGESTMAP_FOREACH_MODIFY in dirserv_expire_measured_bw_cache() for concision 2013-03-07 15:55:01 -08:00
Andrea Shepard
6e978ab829 Add unit test for dirserv measured bandwidth cache 2013-03-07 15:41:22 -08:00
Andrea Shepard
302d1dae6c Make sure expiry check in dirserv_expire_measured_bw_cache() works if time_t is unsigned 2013-03-07 05:10:54 -08:00
Andrea Shepard
c7947619df More constness in dirserv.c 2013-03-07 05:05:56 -08:00
Andrea Shepard
75eb79a6aa Make dirserv_cache_measured_bw() use a const measured_bw_line_t * 2013-03-07 03:42:14 -08:00
Andrea Shepard
0efe96cae8 Call dirserv_clear_measured_bw_cache() from dirserv_free_all() 2013-03-05 13:11:43 -08:00
Nick Mathewson
289653c392 Remove a few more unused functions. 2013-03-01 21:57:52 -05:00
Andrea Shepard
74c33945e3 Correctly set entry->is_dir_cache when adding an entry guard for the first time
(Second part of a bug8367 fix. -NM)
2013-03-01 10:17:07 -05:00
Nick Mathewson
ad49abe5a1 Fix bootstrapping with bridges by making is_dir_cache is set on them.
This fixes bug 8367, introduced in d7089ff228. Not in
any released Tor.
2013-03-01 10:17:07 -05:00
Andrea Shepard
8b26766a66 Correctly set entry->is_dir_cache when adding an entry guard for the first time
(Second part of a bug8367 fix. -NM)
2013-03-01 09:32:37 -05:00
Nick Mathewson
c0b1f05fe7 Fix bootstrapping with bridges by making is_dir_cache is set on them.
This fixes bug 8367, introduced in d7089ff228. Not in
any released Tor.
2013-03-01 09:32:17 -05:00
Andrea Shepard
b5a164bde4 Prefer measured bandwidths over advertised when computing things for votes on a dirauth 2013-02-27 19:43:50 -08:00
George Kadianakis
05f8fd2878 Add unique client counter to the heartbeat message. 2013-02-26 12:43:53 +02:00
Nick Mathewson
6879910334 Fix a comment in tor_main.c
We don't use subversion or src/*/makefile.am any longer
2013-02-25 03:24:53 -05:00
Nick Mathewson
5bfa373eee Remove some totally unused functions 2013-02-23 23:31:31 -05:00
Nick Mathewson
365e302f61 Remove a bunch of unused macro definitions 2013-02-23 23:05:25 -05:00
Nick Mathewson
9f044eac77 Refactor format_networkstatus_vote to avoid preallocating a buffer.
This saves a lot of "are we about to overrun the buffer?" checking,
and unmoots a bunch of "did we allocate enough" discussion.
2013-02-20 00:36:59 -05:00
Nick Mathewson
7bb51fdd89 Rename circuit_expire_all_dirty_circs
The new name is circuit_mark_all_dirty_circs_as_unusable.

This resolves an XXX024
2013-02-19 18:37:03 -05:00
Nick Mathewson
62fb209d83 Stop frobbing timestamp_dirty as our sole means to mark circuits unusable
In a number of places, we decrement timestamp_dirty by
MaxCircuitDirtiness in order to mark a stream as "unusable for any
new connections.

This pattern sucks for a few reasons:
  * It is nonobvious.
  * It is error-prone: decrementing 0 can be a bad choice indeed.
  * It really wants to have a function.

It can also introduce bugs if the system time jumps backwards, or if
MaxCircuitDirtiness is increased.

So in this patch, I add an unusable_for_new_conns flag to
origin_circuit_t, make it get checked everywhere it should (I looked
for things that tested timestamp_dirty), and add a new function to
frob it.

For now, the new function does still frob timestamp_dirty (after
checking for underflow and whatnot), in case I missed any cases that
should be checking unusable_for_new_conns.

Fixes bug 6174. We first used this pattern in 516ef41ac1,
which I think was in 0.0.2pre26 (but it could have been 0.0.2pre27).
2013-02-19 18:29:17 -05:00
Nick Mathewson
3dc52e6636 Add src/or/micro-revision.i to CLEANFILES in case anybody has one
Fix for 7143.
2013-02-19 17:53:38 -05:00
Nick Mathewson
1827be0bd6 Make a parse_config_line_from_str variant that gives error messages
Without this patch, there's no way to know what went wrong when we
fail to parse a torrc line entirely (that is, we can't turn it into
a K,V pair.)  This patch introduces a new function that yields an
error message on failure, so we can at least tell the user what to
look for in their nonfunctional torrc.

(Actually, it's the same function as before with a new name:
parse_config_line_from_str is now a wrapper macro that the unit
tests use.)

Fixes bug 7950; fix on 0.2.0.16-alpha (58de695f90) which first
introduced the possibility of a torrc value not parsing correctly.
2013-02-19 17:36:17 -05:00
Nick Mathewson
5d2b2b9ede Clear up a comment about when an assertion could fire
Resolves ticket 6164
2013-02-19 16:23:58 -05:00
Nick Mathewson
337e32f5b8 fix a wide line 2013-02-19 15:08:54 -05:00
Nick Mathewson
8ddf4e218e Merge branch 'bug8065_v2' 2013-02-19 15:02:22 -05:00
Nick Mathewson
3340d3279d Downgrade an assert to LD_BUG
This should prevent crashes on further recurrence of 8065, and help
diagnose such if they occur
2013-02-19 15:02:08 -05:00
Nick Mathewson
b0b0d6af63 Merge branch 'bug2286_unit_test_squashed' 2013-02-19 14:54:05 -05:00
Nick Mathewson
6170bc5a93 Refactor storing of measured_bw versus Unmeasured=1.
This patch moves the measured_bw field and the has_measured_bw field
into vote_routerstatus_t, since only votes have 'Measured=XX' set on
their weight line.

I also added a new bw_is_unmeasured flag to routerstatus_t to
represent the Unmeasured=1 flag on a w line.  Previously, I was using
has_measured_bw for this, which was quite incorrect: has_measured_bw
means that the measured_bw field is set, and it's probably a mistake
to have it serve double duty as meaning that 'baandwidth' represents a
measured value.

While making this change,I also found a harmless but stupid bug in
dirserv_read_measured_bandwidths: It assumes that it's getting a
smartlist of routerstatus_t, when really it's getting a smartlist of
vote_routerstatus_t.  C's struct layout rules mean that we could never
actually get an error because of that, but it's still quite incorrect.
I fixed that, and in the process needed to add two more sorting and
searching helpers.

Finally, I made the Unmeasured=1 flag get parsed.  We don't use it for
anything yet, but someday we might.

This isn't complete yet -- the new 2286 unit test doesn't build.
2013-02-19 11:06:24 -05:00
Andrea Shepard
4c45b3d845 Add unit test for unmeasured bandwidth clipping in consensus 2013-02-19 11:06:24 -05:00
Nick Mathewson
869826581d Note some annoyinc copy-and-paste code 2013-02-19 11:06:23 -05:00
Nick Mathewson
e73bbea262 Tweak consensus method 17 based on arma's comments
Instead of capping whenever a router has fewer than 3 measurements,
we cap whenever a router has fewer than 3 measurements *AND* there
are at least 3 authorities publishing measured bandwidths.

We also generate bandwidth lines with a new "Unmeasured=1" flag,
meaning that we didn't have enough observations for a node to use
measured bandwidth values in the authority's input, whether we capped
it or not.
2013-02-19 11:05:15 -05:00
Roger Dingledine
f2199763cf touchups on 78582760 2013-02-19 04:07:36 -05:00
Nick Mathewson
7858276066 Revise some comments in router.c
Avoid the phrase "legally valid" (as opposed to valid but not legal)?
And document what functions really do.

Fix for bug 6935.
2013-02-19 02:43:36 -05:00
Nick Mathewson
59fc77e29b Fix a bug that roger found in the wide_circ_id code 2013-02-15 18:20:46 -05:00
Nick Mathewson
73182e3220 Merge remote-tracking branch 'public/bug8207' 2013-02-15 16:29:43 -05:00
Nick Mathewson
d6634001c9 Merge remote-tracking branch 'public/wide_circ_ids'
Conflicts:
	src/or/channel.h
	src/or/connection_or.c
	src/or/cpuworker.c
2013-02-15 16:23:43 -05:00
Nick Mathewson
5fcc5dfa77 make check-spaces 2013-02-15 16:02:57 -05:00
Nick Mathewson
0fa362cafa Merge remote-tracking branch 'public/feature4994-rebased' 2013-02-15 15:58:54 -05:00
Roger Dingledine
5d400b5f7f Authorities were adding downtime for every relay every restart
Stop marking every relay as having been down for one hour every
time we restart a directory authority. These artificial downtimes
were messing with our Stable and Guard flag calculations.

Fixes bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
2013-02-14 17:02:22 -05:00
Nick Mathewson
41e0f7146a Merge remote-tracking branch 'arma/bug1992' 2013-02-14 14:55:49 -05:00
Nick Mathewson
1070a720ad Be more robust when excluding existing nodes as new dirguards
In addition to rejecting them post-hoc, avoid picking them in the
first place.  This makes us less likely to decide that we can't add
guards at all.
2013-02-14 12:06:59 -05:00
Nick Mathewson
91027218e2 Add some code to bluntly prevent duplicate guards from getting added
Apparently something in the directory guard code made it possible
for the same node to get added as a guard over and over when there
were no actual running guard nodes.
2013-02-14 11:48:47 -05:00
Nick Mathewson
d7089ff228 Restore the entry/dirguard distinction.
We shouldn't be calling choose_random_entry() for directory
conncetions; that's what choose_random_dirguard() is for.
2013-02-12 16:23:12 -05:00
Nick Mathewson
5e0ce4c578 oops; add a missing semicolon
(Cherry-picked from fc35ee4910)
2013-02-12 10:51:20 -05:00
Roger Dingledine
178599f026 get rid of the new caching notion in resolve_my_address()
and replace it with the good old-fashioned two functions approach
2013-02-12 04:25:42 -05:00
Roger Dingledine
b166e9edb9 simplify timing checks
now that both timers are on the same schedule, there's no point
tracking separate timers.
2013-02-11 22:07:19 -05:00
Roger Dingledine
5911fc0c17 Check for IP address change every minute, not 15 minutes
Relays used to check every 10 to 60 seconds, as an accidental side effect
of calling directory_fetches_from_authorities() when considering doing
a directory fetch. The fix for bug 1992 removes that side effect. At the
same time, bridge relays never had the side effect, leading to confused
bridge operators who tried crazy tricks to get their bridges to notice
IP address changes (see ticket 1913).

The new behavior is to reinstate an every-60-seconds check for both
public relays and bridge relays, now that the side effect is gone.
2013-02-11 21:57:32 -05:00
Roger Dingledine
17089302fd Stop trying to resolve our hostname so often
For example, we were doing a resolve every time we think about doing a
directory fetch. Now we reuse the cached answer in some cases.

Fixes bugs 1992 (bugfix on 0.2.0.20-rc) and 2410 (bugfix on
0.1.2.2-alpha).
2013-02-11 21:48:18 -05:00
Roger Dingledine
cc896f7c84 Teach resolve_my_address() to return a cached answer
I didn't make any of the callers use this feature yet.
2013-02-11 17:09:10 -05:00
Nick Mathewson
99457ee776 Fix two more coverity-spotted leaks in master.
One is a probably-impossible leak if we fail to sign a consensus;
another occurs when we can't look up the user we're trying to chown
our sockets to.
2013-02-11 17:01:02 -05:00
Nick Mathewson
f3835bcb37 Avoid null-pointer deref in pathbias_is_new_circ_attempt
Coverity is worried about this (CID 980653).  It hasn't happened in
testing, but we might as well make sure it can't happen.
2013-02-11 16:59:21 -05:00
Nick Mathewson
719940df2b Fix a nigh-impossible overflow in cpuworker.c
When we compute the estimated microseconds we need to handle our
pending onionskins, we could (in principle) overflow a uint32_t if
we ever had 4 million pending onionskins before we had any data
about how onionskins take.  Nevertheless, let's compute it properly.

Fixes bug 8210; bugfix on 0.2.4.10. Found by coverity; this is CID
980651.
2013-02-11 16:46:38 -05:00
Nick Mathewson
fc35ee4910 oops; add a missing semicolon 2013-02-11 16:17:33 -05:00
Nick Mathewson
5f29bc71b3 Merge remote-tracking branch 'public/bug7816_023' 2013-02-11 16:14:17 -05:00
Nick Mathewson
afca9ab14e Fix another memory leak
This one occurs when changing configuration options. Found by
coverity.
2013-02-11 16:13:52 -05:00
Nick Mathewson
fd8ef8dc57 Merge remote-tracking branch 'public/bug8208' 2013-02-11 16:06:02 -05:00
Nick Mathewson
e3578d52e4 Check whether ei is non-NULL before altering it.
This fixes a crash bug if we fail to generate an extrainfo
descriptor.

Fixes bug 8208; bugfix on 0.2.3.16-alpha.
2013-02-11 16:05:03 -05:00
Nick Mathewson
43d2f99d54 Suppress a coverity false positive in connection_edge_package_raw_inbuf
Coverity is worried that we're checking entry_conn in some cases,
but not in the case where we set entry_conn->pending_optimistic_data.

This commit should calm it down (CID 718623).
2013-02-11 15:55:50 -05:00
Nick Mathewson
f12fafac5a Make hidden service authorization work again.
The refactoring in commit 471ab34032 wasn't complete enough: we
were checking the auth_len variable, but never actually setting it,
so it would never seem that authentication had been provided.

This commit also removes a bunch of unused variables from
rend_service_introduce, whose unusedness we hadn't noticed because
we were wiping them at the end of the function.

Fix for bug 8207; bugfix on 0.2.4.1-alpha.
2013-02-11 15:42:57 -05:00
Nick Mathewson
b9432becbe Fix a copy-and-paste issue found by coverity
Fixes CID 980650; bugfix on 0.2.4.10-alpha.
2013-02-11 14:42:33 -05:00
Nick Mathewson
01184f164f Merge remote-tracking branch 'public/bug8158' 2013-02-11 13:32:38 -05:00
Nick Mathewson
36e2eb6775 Avoid generating extra spaces when explaining how we guessed our address 2013-02-11 13:29:56 -05:00
Roger Dingledine
92ea0b86de Refactor resolve_my_address() so logs are more accurate / helpful
It returns the method by which we decided our public IP address
(explicitly configured, resolved from explicit hostname, guessed from
interfaces, learned by gethostname).

Now we can provide more helpful log messages when a relay guesses its IP
address incorrectly (e.g. due to unexpected lines in /etc/hosts). Resolves
ticket 2267.

While we're at it, stop sending a stray "(null)" in some cases for the
server status "EXTERNAL_ADDRESS" controller event. Resolves bug 8200.
2013-02-11 13:29:56 -05:00
Roger Dingledine
dfbb12cabf log the hostname that resolve_my_address() used to guess our IP 2013-02-11 13:29:56 -05:00
George Kadianakis
266f8cddd8 Refactoring to make parse_bridge_line() unittestable.
- Make parse_bridge_line() return a struct.
- Make bridge_add_from_config() accept a struct.
- Make string_is_key_value() less hysterical.
2013-02-11 18:07:26 +00:00
Nick Mathewson
2b4d4ccb3d Merge remote-tracking branch 'public/bug7801_v2' 2013-02-11 11:28:08 -05:00
Roger Dingledine
74e6a47a80 stop setting, or using, router->address
resolves ticket 5528.
2013-02-09 22:07:22 -05:00
Roger Dingledine
002c860cae use me->addr when adding our address to our exit policy
(rather than me->address)
2013-02-09 21:17:44 -05:00
Roger Dingledine
e1ec03f819 use router->addr for log messages and controller events
(rather than router->address)
2013-02-09 21:10:07 -05:00
Roger Dingledine
ccaefd65a4 stop passing "address" around the directory_initiate_command* funcs
since it was always just the string version of "addr" anyway
2013-02-09 20:49:55 -05:00
Roger Dingledine
99185397de Stop checking if ri->address is an IP
since router_parse_entry_from_string() already checks whether
!tor_inet_aton(router->address, &in)

(And no need to print address, since router_describe does that.)
2013-02-09 20:49:11 -05:00
George Kadianakis
b5dceab175 Fix various issues pointed out by Nick and Andrea.
- Document the key=value format.
- Constify equal_sign_pos.
- Pass some strings that are about to be logged to escape().
- Update documentation and fix some bugs in tor_escape_str_for_socks_arg().
- Use string_is_key_value() in parse_bridge_line().
- Parenthesize a forgotten #define
- Add some more comments.
- Add some more unit test cases.
2013-02-09 18:46:10 +00:00
George Kadianakis
8f2e980159 Send SOCKS arguments when doing SOCKS5. 2013-02-09 16:30:16 +00:00
George Kadianakis
14b84858c0 Send SOCKS arguments when doing SOCKS4. 2013-02-09 16:30:16 +00:00
George Kadianakis
faf4f6c6d1 Validate SOCKS arguments. 2013-02-09 16:30:16 +00:00
George Kadianakis
757b03aacb Add support for parsing SOCKS arguments. 2013-02-09 16:30:16 +00:00
Nick Mathewson
076654ce84 Replace magic constants for wide_circ_ids with inline function calls 2013-02-09 00:56:53 -05:00
Nick Mathewson
d86a45f991 Wrap more macro definitions in (parentheses)
To avoid surprises, good coding practice suggests parenthesizing every
macro definition -- or at the very least, all those involving an
expression.
2013-02-09 00:16:04 -05:00
Nick Mathewson
4bfd7806bf Add explicit check for !first_conn in ...resume_edge_reading_helper
This check isn't necessary (see comment on #7801), but it took at
least two smart people a little while to see why it wasn't necessary,
so let's have it in to make the code more readable.
2013-02-08 16:32:58 -05:00
Nick Mathewson
018fe7d11e Improve comment about our random stream choice algorithm 2013-02-08 16:31:46 -05:00
Nick Mathewson
8cdd8b8353 Fix numerous problems with Tor's weak RNG.
We need a weak RNG in a couple of places where the strong RNG is
both needless and too slow.  We had been using the weak RNG from our
platform's libc implementation, but that was problematic (because
many platforms have exceptionally horrible weak RNGs -- like, ones
that only return values between 0 and SHORT_MAX) and because we were
using it in a way that was wrong for LCG-based weak RNGs.  (We were
counting on the low bits of the LCG output to be as random as the
high ones, which isn't true.)

This patch adds a separate type for a weak RNG, adds an LCG
implementation for it, and uses that exclusively where we had been
using the platform weak RNG.
2013-02-08 16:28:05 -05:00
Nick Mathewson
c8f5f35d62 Add doxygen for bug8158 functions 2013-02-08 12:12:09 -05:00
Nick Mathewson
2403ef66ba Coalesce identical adjacent microdescriptor vote lines. 2013-02-08 12:09:46 -05:00
Nick Mathewson
194bd56c8a Refactor generating the m lines in a vote into its own function 2013-02-08 11:52:51 -05:00
Nick Mathewson
3433216268 Merge remote-tracking branch 'public/easy_ratelim'
Conflicts:
	src/or/connection.c
2013-02-07 17:13:51 -05:00
Nick Mathewson
ba7d93db16 Merge remote-tracking branch 'public/bug7816_023'
Conflicts:
	src/common/util.c
2013-02-07 15:20:50 -05:00
Nick Mathewson
0061d42890 Merge remote-tracking branch 'public/bug7816_024' 2013-02-07 15:13:21 -05:00
Nick Mathewson
ad28397bbf Merge branch 'bug7902' 2013-02-07 15:04:11 -05:00
Nick Mathewson
12c6475c06 Merge branch 'ticket8161_squashed' 2013-02-07 14:31:04 -05:00
Mike Perry
eb15be3d45 Mention a trac ticket relevant to an XXX comment. 2013-02-07 14:30:58 -05:00
Mike Perry
bbd38f293f Better document an XXX comment about refactoring. 2013-02-07 14:30:58 -05:00
Mike Perry
b03553737c Separate the flags for logging use bias.
I think we want both sets of messages to appear independently to help us know
what needs tuning.
2013-02-07 14:30:58 -05:00
Nick Mathewson
1cd6744338 New consensus method: clip the maximum votable unmeasured bw
If we're deciding on a node's bandwidth based on "Bandwidth="
declarations, clip it to "20" or to the maxunmeasuredbw parameter,
if it's voted on.

This adds a new consensus method.

This is "part A" of bug 2286
2013-02-05 00:46:32 -05:00
Mike Perry
a99ebaf4c7 Lower path use bias thresholds.
I noticed bad wifi networks can have low use success rates.
2013-02-04 16:57:09 -08:00
Nick Mathewson
cd4ad45ba3 Include a flag-thresholds line in each vote to describe flag cutoffs
Implements ticket 8151.
2013-02-04 13:44:05 -05:00
Nick Mathewson
12f2d986f3 Merge branch 'authdir_quick_fix' 2013-02-04 12:34:14 -05:00
Nick Mathewson
b1cb9ebb1c Merge branch 'bug8146_etc' 2013-02-04 12:34:09 -05:00
Nick Mathewson
2e9cd4b724 Quick fix on 5956 for authorities
Authorities don't set is_possible_guard on node_t, so they were
never deciding that they could build enough paths.  This is a quick
and dirty fix.

Bug not in any released version of Tor
2013-02-04 12:25:43 -05:00
Nick Mathewson
898f2d7c27 Merge branch 'bug8153' 2013-02-04 11:54:38 -05:00
Nick Mathewson
b64dc35b5c Reinstate some fixes/tweaks from 6e4a4002
These seem to have gotten conflicted out of existence while mike was
working on path bias stuff.

Thanks to sysrqb for collecting these in a handy patch.
2013-02-04 11:51:39 -05:00
Nick Mathewson
7cde094fd5 Fix a warning when building with --disable-curve25519
It appears that the code for 7291 gave an unused-value warning when
built with --disable-curve25519.
2013-02-04 11:34:23 -05:00
Nick Mathewson
4eff8b6530 When we mark a node as a sybil, mark it down and reset its uptime to 0
This prevents bug 8147, where such nodes would accrue points towards
Guard, Fast, HSDir, and so on.

Fixes bug 8147.
2013-02-04 11:11:54 -05:00
Nick Mathewson
61995d3e2c Ignore tiny bandwidths entirely when computing thresholds
Another bug 8145 fix.
2013-02-04 10:47:08 -05:00
Nick Mathewson
317d16de04 Increase the minimum value for the Fast flag to 4096.
Fix for 8145.
2013-02-04 10:41:25 -05:00
Nick Mathewson
8be7f69f8d Refactor should-count-towards-thresholds test into new function 2013-02-04 10:22:45 -05:00
Nick Mathewson
40c13240c0 When computing performance thresholds, ignore omitted-as-sybil nodes.
Fixes bug 8146.
2013-02-04 10:19:26 -05:00
Roger Dingledine
bce5019eff generalize choose_random_entry()'s dirinfo parameter
Now we can specify to skip bridges that wouldn't be able to answer the
type of dir fetch we're launching.

It's still the responsibility of the rest of the code to prevent us from
launching a given dir fetch if we have no bridges that could handle it.
2013-02-02 08:19:27 -08:00
Roger Dingledine
a8297cdbd3 use microdescriptors if *any* of our bridges can handle them
Now as we move into a future where most bridges can handle microdescs
we will generally find ourselves using them, rather than holding back
just because one of our bridges doesn't use them.
2013-02-02 08:04:20 -08:00
Nick Mathewson
acb43c0735 Merge remote-tracking branch 'public/feature7706' 2013-02-01 17:24:08 -05:00
Nick Mathewson
c93f66b103 Merge remote-tracking branch 'public/bug7708_023_v3_squashed' 2013-02-01 17:11:46 -05:00
Nick Mathewson
690ea9e8cf Clarify documentation of connection_finished_flushing 2013-02-01 17:10:15 -05:00
Nick Mathewson
b442930789 Fix serious breakage in connection_handle_write_impl
When we first implemented TLS, we assumed in conneciton_handle_write
that a TOR_TLS_WANT_WRITE from flush_buf_tls meant that nothing had
been written. But when we moved our buffers to a ring buffer
implementation back in 0.1.0.5-rc (!), we broke that invariant: it's
possible that some bytes have been written but nothing.

That's bad.  It means that if we do a sequence of TLS writes that ends
with a WANTWRITE, we don't notice that we flushed any bytes, and we
don't (I think) decrement buckets.

Fixes bug 7708; bugfix on 0.1.0.5-rc
2013-02-01 17:10:15 -05:00
Nick Mathewson
996db755c2 Fix a couple of warnings on the 8081 branch. 2013-02-01 17:03:00 -05:00
Mike Perry
fed7f01377 Add EntryGuardPathUseBias to state file keyword list. 2013-02-01 17:01:26 -05:00
Mike Perry
b3e57b760e Increment an informational counter for use failed state.
This informational counter is probably now redundant, but might as well keep
it consistent I guess.
2013-02-01 17:01:26 -05:00
Mike Perry
da5817772d Rename and relocate the bw weight scale param getter.
It had nothing to do with circuit build times.
2013-02-01 17:01:22 -05:00
Mike Perry
6e4610de02 Fix a log typo found by sysrqb. 2013-02-01 17:01:22 -05:00
Mike Perry
95d272f5d8 Bounds-check path bias rate parameters.
The other remaining parameters don't really need range checks.
2013-02-01 17:01:22 -05:00
Mike Perry
bce6714f99 Refactor code that rolls back the use state
Also document it better.

Mention this refactoring in the comments for the path state machine.
2013-02-01 17:01:16 -05:00
Mike Perry
3a63e5ef42 Refactor and rename pathbias rate evaluation. 2013-02-01 17:01:12 -05:00
Mike Perry
dfcfb5d17d Refactor the scaling parameter fetching into a single function.
Also, deprecate the torrc options for the scaling values. It's unlikely anyone
but developers will ever tweak them, even if we provided a single ratio value.
2013-02-01 17:01:12 -05:00
Mike Perry
2b2c7f23f5 Mark entry guard state dirty everwhere the pathbias code touches it. 2013-02-01 17:01:12 -05:00
Mike Perry
6828a19670 Add a tristate to guard against unexpected circ purpose transitions 2013-02-01 17:01:12 -05:00
Mike Perry
173ed05d2f Clarify state transition and related pathbias comments 2013-02-01 17:01:12 -05:00
Nick Mathewson
ec90ed4f6d Merge branch 'rename_log_7599' 2013-02-01 16:23:26 -05:00
Roger Dingledine
fd49226385 Help us track bug 8093:
Improve the log message when "Bug/attack: unexpected sendme cell
from client" occurs.
2013-02-01 16:22:34 -05:00
Nick Mathewson
7301339e33 fix wide lines from tor_log rename 2013-02-01 16:19:02 -05:00
Nick Mathewson
a141430ec3 Rename log() to tor_log() for logging
This is meant to avoid conflict with the built-in log() function in
math.h.  It resolves ticket 7599.  First reported by dhill.

This was generated with the following perl script:

 #!/usr/bin/perl -w -i -p

 s/\blog\(LOG_(ERR|WARN|NOTICE|INFO|DEBUG)\s*,\s*/log_\L$1\(/g;

 s/\blog\(/tor_log\(/g;
2013-02-01 15:43:37 -05:00
Nick Mathewson
b0dd355891 Use %d, not %02d, for decimal percentages
Cosmetic tweak on 5956; not in any released tor.
2013-01-30 17:35:28 -05:00
Nick Mathewson
35daf6f602 Rename all of the macros in tor_queue.h to start with TOR_ 2013-01-30 12:58:49 -05:00
Nick Mathewson
29136bd7e4 Merge branch 'bug5956_squashed' 2013-01-30 11:59:51 -05:00
Nick Mathewson
02c320916e Parameterize FRAC_USABLE_NEEDED for fraction of circuits
Instead of hardcoding the minimum fraction of possible paths to 0.6, we
take it from the user, and failing that from the consensus, and
failing that we fall back to 0.6.
2013-01-30 11:58:17 -05:00
Nick Mathewson
813a0f8c40 Compute whether we're ready to build circuits based on fraction of paths
Previously we did this based on the fraction of descriptors we
had. But really, we should be going based on what fraction of paths
we're able to build based on weighted bandwidth, since otherwise a
directory guard or two could make us behave quite oddly.

Implementation for feature 5956
2013-01-30 11:58:17 -05:00
Nick Mathewson
bc52e0488b Add an optional out-arg to count_usable_descriptors
This way we get the usable nodes themselves, so we can feed them into
frac_nodes_with_descriptors
2013-01-30 11:58:17 -05:00
Nick Mathewson
fcf906ec73 Add a function to compute fraction of nodes (by weighted bw) with descriptors 2013-01-30 11:58:17 -05:00
Andrea Shepard
123daffb60 Merge branch 'bug7802' of ssh://git-rw.torproject.org/mikeperry/tor 2013-01-28 16:16:45 -08:00
Nick Mathewson
acd72d4e3e Correctly copy microdescs/extrinfos with internal NUL bytes
Fixes bug 8037; bugfix on 0.2.0.1-alpha; reported by cypherpunks.
2013-01-26 18:01:06 -05:00
Andrea Shepard
dfbd19df41 Merge branch 'time_based_onionqueue_v2' of ssh://git-rw.torproject.org/nickm/tor 2013-01-24 08:10:12 -08:00
Mike Perry
a78542f0c3 Bug 8024: Check for null/closed channel before probing. 2013-01-22 21:03:28 -08:00
Mike Perry
b810d322bf squash! Remove a source of error during path bias scaling
Improve debug logs and fix a state fencepost error.
2013-01-20 14:32:56 -08:00
Mike Perry
06a1d0b044 squash! Implement Path use bias accounting.
Make a debug log more informative.
2013-01-20 14:32:56 -08:00
Mike Perry
f858370233 Prevent early close of path bias testing circuits.
We need to let them live long enough to perform the test.
2013-01-20 14:32:56 -08:00
Mike Perry
fb711e6d77 squash! Remove a source of error during path bias scaling
Move a log message about scaling to after we scale
2013-01-20 14:32:27 -08:00
Nick Mathewson
c71b7db8f3 Merge remote-tracking branch 'karsten/bug5823' 2013-01-19 09:36:55 -05:00
Mike Perry
d80b881a52 Remove a source of error during path bias scaling
If any circuits were opened during a scaling event, we were scaling attempts
and successes by different amounts. This leads to rounding error.

The fix is to record how many circuits are in a state that hasn't been fully
counted yet, and subtract that before scaling, and add it back afterwords.
2013-01-18 21:23:33 -08:00
Mike Perry
a2db17a1aa Don't immediately count cannibalized circs as used.
Since they use RELAY_EARLY (which can be seen by all hops on the path),
it's not safe to say they actually count as a successful use.

There are also problems with trying to allow them to finish extending due to
the circuit purpose state machine logic. It is way less complicated (and
possibly more semantically coherent) to simply wait until we actually try to
do something with them before claiming we 'used' them.

Also, we shouldn't call timed out circuits 'used' either, for semantic
consistency.
2013-01-18 19:46:29 -08:00
Mike Perry
24b9b9f791 Roll back the path_state for circs if we detatch a stream.
An adversary could let the first stream request succeed (ie the resolve), but
then tag and timeout the remainder (via cell dropping), forcing them on new
circuits.

Rolling back the state will cause us to probe such circuits, which should lead
to probe failures in the event of such tagging due to either unrecognized
cells coming in while we wait for the probe, or the cipher state getting out
of sync in the case of dropped cells.
2013-01-18 19:46:28 -08:00
Mike Perry
e13e30221e Implement Path use bias accounting.
Path use bias measures how often we can actually succeed using the circuits we
actually try to use. It is a subset of path bias accounting, but it is
computed as a separate statistic because the rate of client circuit use may
vary depending on use case.
2013-01-18 19:46:21 -08:00
Nick Mathewson
42c4418bed Split smartlist_choose_node_by_bandwidth_weights
This is a minimal refactoring to expose the weighted bandwidth
calculations for each node so I can use them to see what fraction of
nodes, weighted by bandwidth, we have descriptors for.
2013-01-18 12:24:54 -05:00
Nick Mathewson
ff9bdbd56f When excluding nodes by country, exclude {??} and {A1} too
This is ticket 7706, reported by "bugcatcher."  The rationale here
is that if somebody says 'ExcludeNodes {tv}', then they probably
don't just want to block definitely Tuvaluan nodes: they also want
to block nodes that have unknown country, since for all they know
such nodes are also in Tuvalu.

This behavior is controlled by a new GeoIPExcludeUnknown autobool
option.  With the default (auto) setting, we exclude ?? and A1 if
any country is excluded.  If the option is 1, we add ?? and A1
unconditionally; if the option is 0, we never add them.

(Right now our geoip file doesn't actually seem to include A1: I'm
including it here in case it comes back.)

This feature only takes effect if you have a GeoIP file.  Otherwise
you'd be excluding every node.
2013-01-17 18:07:36 -05:00
Nick Mathewson
e0581a4b57 Replace base-{16,32,64} with base{16,32,64} in the code
Patch from onizuka generated with

 find ./ -type f -perm -u+rw -exec sed -ri 's/(Base)-(16|32|64)/\1\2/gi' {} \;

Fixes issue 6875 on Tor.
2013-01-17 16:08:28 -05:00
Nick Mathewson
60a2aa8b00 Add ntor-related modules to the Makefiles.nmake 2013-01-17 15:53:36 -05:00
Nick Mathewson
1af89ce540 Fix an MSVC warning in onion.h prototypes 2013-01-17 14:42:37 -05:00
Nick Mathewson
2386a98d46 Add a missing part of bug 7311's makefile.nmake tweaks
Fix by "ultramage".

This already has a changes entry.
2013-01-17 10:01:22 -05:00
Nick Mathewson
d094a76cc8 Merge remote-tracking branch 'public/bug6302' 2013-01-17 09:20:24 -05:00
Karsten Loesing
da1e44ee51 Remove dirreq-v2-* lines from extra-info descriptors.
Implements the rest of #5823.
2013-01-17 10:46:34 +01:00
Jérémy Bobbio
aa01d0a183 Implement proposal 204: ignore subdomains in hidden service addresses
The implementation is pretty straightforward: parse_extended_hostname() is
modified to drop any leading components from an address like
'foo.aaaaaaaaaaaaaaaa.onion'.
2013-01-16 23:29:59 -05:00
Nick Mathewson
b998431a33 Merge branch '024_msvc_squashed'
Conflicts:
	src/or/or.h
	 srcwin32/orconfig.h
2013-01-16 22:32:12 -05:00
Nick Mathewson
b7cf7bd9ae Fix an instance of snprintf; don't use _snprintf directly 2013-01-16 22:29:39 -05:00
Nick Mathewson
5e06c4ee32 When building with MSVC, call every enum bitfield unsigned
Fixes bug 7305.
2013-01-16 22:29:39 -05:00
Nick Mathewson
ca3bc8973b use the /Fe flag with msvc
Fixes 7309
2013-01-16 22:29:39 -05:00
Nick Mathewson
fb497dfe9e Add missing objects to Makefile.nmake 2013-01-16 22:29:38 -05:00
Nick Mathewson
b7dd716195 Add missing includes and libs to makefile.nmake
Fixes bugs 7312 and 7310.
2013-01-16 22:29:38 -05:00
Nick Mathewson
ca18768fb2 Aftermath of isin->contains renaming
Fix wide lines and comments, and add a changes file
2013-01-16 16:57:32 -05:00
Nick Mathewson
49e619c1cf Rename *_isin to *_contains
This is an automatically generated commit, from the following perl script,
run with the options "-w -i -p".

  s/smartlist_string_num_isin/smartlist_contains_int_as_string/g;
  s/smartlist_string_isin((?:_case)?)/smartlist_contains_string$1/g;
  s/smartlist_digest_isin/smartlist_contains_digest/g;
  s/smartlist_isin/smartlist_contains/g;
  s/digestset_isin/digestset_contains/g;
2013-01-16 16:57:11 -05:00
Nick Mathewson
e4821fa14d Remove two extrneous semicolons in dirserv.c
In 6fbdf635 we added a couple of statements like:
    if (test) {
       ...
    };

The extraneous semicolons there get flagged as worrisome empty
statements by the cparser library, so let's fix them.

Patch by Christian Grothoff; fixes bug 7115.
2013-01-16 16:49:39 -05:00
Nick Mathewson
9bd811b337 Refactor: Use SOCK_ERRNO to avoid some #ifdef _WIN32s
Fixes ticket 6302
2013-01-16 15:30:20 -05:00
Nick Mathewson
65e6e68981 Merge branch 'bug7972' 2013-01-16 13:56:10 -05:00
Nick Mathewson
50f527a2c9 Actually link against nacl when we want to use it
Fixes more of bug 7972
2013-01-16 13:07:52 -05:00
Nick Mathewson
e53e6caac5 Adjust control_reason when adjusting reason (related to 7902) 2013-01-16 12:52:19 -05:00
Nick Mathewson
08de029a17 Removee dirrec-v*-sharestatistics
These were unused and sometimes inaccurate. Resolves 5823.
2013-01-16 12:43:00 -05:00
Nick Mathewson
d1b5ae903f When we get an END cell before CONNECTED, don't report SOCKS success
Bug 7902; fix on 0.1.0.1-rc.
2013-01-16 12:09:49 -05:00
Nick Mathewson
5ed8ac4e57 Merge remote-tracking branch 'asn/bug7896' 2013-01-16 11:41:37 -05:00
Nick Mathewson
4da083db3b Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
Nick Mathewson
b5ce4f94c3 Forward-port fix for 7889 2013-01-15 16:33:53 -05:00
Nick Mathewson
938cb6a55e Merge remote-tracking branch 'origin/maint-0.2.3' 2013-01-15 16:30:26 -05:00
Roger Dingledine
6e4a4002c5 Clean up odds and ends 2013-01-15 15:40:17 -05:00
Nick Mathewson
beca92c31b Fix handling of ntor handshakes received via CREATE cells
Fixes bug 7959; bugfix on 0.2.4.8-alpha.
2013-01-15 00:41:09 -05:00
Nick Mathewson
ebf30613ea Better log message to diagnose #7959 2013-01-15 00:25:07 -05:00
Nick Mathewson
47122d1d25 Revert junk accidentally included with "start folding in the changes entries"
Looks like Roger's debugging code wanted to take a tour of the world
outside his sandbox.

This reverts part of commit 19d3720236.
2013-01-14 14:41:59 -05:00
Nick Mathewson
4ccf09b1c2 Reject create/begin/etc cells with {circ,stream}ID 0.
Otherwise, it's possible to create streams or circuits with these
bogus IDs, leading to orphaned circuits or streams, or to ones that
can cause bandwidth DOS problems.

Fixes bug 7889; bugfix on all released Tors.
2013-01-14 14:02:13 -05:00
Roger Dingledine
19d3720236 start folding in the changes entries 2013-01-14 13:34:59 -05:00
Nick Mathewson
c9242f4fd4 Merge branch 'bug7869' 2013-01-14 12:32:00 -05:00
George Kadianakis
50028e4d68 Mention name of the transport used when we learn the fpr of a bridge. 2013-01-09 15:52:35 +02:00
Mike Perry
d05ff310a5 Bug 7691 review fixes.
Also add in the random nonce generation.
2013-01-08 19:29:56 -08:00
Mike Perry
f60c25cd25 Bug 7341 code review fixes. 2013-01-08 18:12:38 -08:00
Mike Perry
15fdfc2993 Bug 7691: Send a probe cell down certain types of circs.
In general, if we tried to use a circ for a stream, but then decided to place
that stream on a different circuit, we need to probe the original circuit
before deciding it was a "success".

We also need to do the same for cannibalized circuits that go unused.
2013-01-08 17:28:08 -08:00
Mike Perry
3458d904f6 Fix bug 7341.
Fix cannibalize, rend circ and intro circ timeout handling.
2013-01-08 17:21:05 -08:00
Nick Mathewson
31d888c834 Make the = at the end of ntor-onion-key optional.
Makes bug 7869 more easily fixable if we ever choose to do so.
2013-01-05 22:53:32 -05:00
Nick Mathewson
677d18278e Better handling (I think) for onionskin timing w jumpy clocks
The fix: Instead of clipping huge/negative times, ignore them as
probably invalid.
2013-01-03 13:26:59 -05:00
Nick Mathewson
30e139389b Record and report the overhead of how we handle onionskins. 2013-01-03 13:20:20 -05:00
Nick Mathewson
b9fb01721a Use a TAILQ, not a singly-linked queue, for the onion queue.
This makes removing items from the middle of the queue into an O(1)
operation, which could prove important as we let onionqueues grow
longer.

Doing this actually makes the code slightly smaller, too.
2013-01-03 13:03:41 -05:00
Nick Mathewson
b0b3c14c11 Eliminate MaxOnionsPending; replace it with MaxOnionQueueDelay
The right way to set "MaxOnionsPending" was to adjust it until the
processing delay was appropriate.  So instead, let's measure how long
it takes to process onionskins (sampling them once we have a big
number), and then limit the queue based on its expected time to
finish.

This change is extra-necessary for ntor, since there is no longer a
reasonable way to set MaxOnionsPending without knowing what mix of
onionskins you'll get.

This patch also reserves 1/3 of the onionskin spots for ntor
handshakes, on the theory that TAP handshakes shouldn't be allowed to
starve their speedier cousins.  We can change this later if need be.

Resolves 7291.
2013-01-03 13:03:41 -05:00
Nick Mathewson
b1bdecd703 Merge branch 'ntor-resquashed'
Conflicts:
	src/or/cpuworker.c
	src/or/or.h
	src/test/bench.c
2013-01-03 11:52:41 -05:00
Nick Mathewson
d3de0b91fb Check all crypto_rand return values for ntor. 2013-01-03 11:29:49 -05:00
Nick Mathewson
94cb7bd24d Complete all DOCDOC entries from the ntor branch 2013-01-03 11:29:48 -05:00
Nick Mathewson
5f219ddd02 Use safe_mem_is_zero for checking curve25519 output for 0-ness
This should make the intent more explicit.  Probably needless, though.
2013-01-03 11:29:48 -05:00
Nick Mathewson
c46ff3ec79 Add reference implementation for ntor, plus compatibility test
Before I started coding ntor in C, I did another one in Python.
Turns out, they interoperate just fine.
2013-01-03 11:29:48 -05:00
Nick Mathewson
839016ac79 ntor: Don't fail fast server-side on an unrecognized KEYID(B) 2013-01-03 11:29:48 -05:00
Nick Mathewson
d907fca29b Make libcurve25519_donna get built as a .a
This lets us give it compiler flags differing from the rest of
libor-crypto.a
2013-01-03 11:29:47 -05:00
Nick Mathewson
ef13bf4432 Fix an unused-variable warning 2013-01-03 11:29:47 -05:00
Nick Mathewson
b286373908 Enable the ntor handshake on the client side.
"works for me"
2013-01-03 11:29:47 -05:00
Nick Mathewson
ecf88b16b8 Enable handling of create2/extend2/created2/extended2 2013-01-03 11:29:47 -05:00
Nick Mathewson
5c68a1efaa Don't check create cells too much when we're relaying them
We want to sanity-check our own create cells carefully, and other
people's loosely.
2013-01-03 11:29:47 -05:00
Nick Mathewson
1ed4786dba Implement scheme to allow ntor requests/responses via older servers 2013-01-03 11:29:47 -05:00
Nick Mathewson
115e8fe9a5 Use created_cell_format where appropriate 2013-01-03 11:29:47 -05:00
Nick Mathewson
6c69b16c93 Use new wrappers for making,sending,processing create/extend cells 2013-01-03 11:29:47 -05:00
Nick Mathewson
2802ccaeb6 Teach cpuworker and others about create_cell_t and friends
The unit of work sent to a cpuworker is now a create_cell_t; its
response is now a created_cell_t.  Several of the things that call or
get called by this chain of logic now take create_cell_t or
created_cell_t too.

Since all cpuworkers are forked or spawned by Tor, they don't need a
stable wire protocol, so we can just send structs.  This saves us some
insanity, and helps p
2013-01-03 11:29:46 -05:00
Nick Mathewson
5d15d597a9 Code to parse and format CREATE{,2,_FAST} cells and their allies
As elsewhere, it makes sense when adding or extending a cell type to
actually make the code to parse it into a separate tested function.

This commit doesn't actually make anything use these new functions;
that's for a later commit.
2013-01-03 11:29:46 -05:00
Nick Mathewson
18c7d3f157 Rename handshake_digest to rend_circ_nonce
The handshake_digest field was never meaningfully a digest *of* the
handshake, but rather is a digest *from* the handshake that we exapted
to prevent replays of ESTABLISH_INTRO cells.  The ntor handshake will
generate it as more key material rather than taking it from any part
of the circuit handshake reply..
2013-01-03 11:29:46 -05:00
Nick Mathewson
f58d4dfcd6 Massive refactoring of the various handshake types
The three handshake types are now accessed from a unified interface;
their state is abstracted from the rest of the cpath state, and so on.
2013-01-03 11:29:46 -05:00
Nick Mathewson
5fa1c7484c Refactor the CREATE_FAST handshake code to match the others. 2013-01-03 11:29:02 -05:00
Nick Mathewson
f7e590df05 Split onion.[ch] into onion{,_fast,_tap}.[ch]
I'm going to want a generic "onionskin" type and set of wrappers, and
for that, it will be helpful to isolate the different circuit creation
handshakes.  Now the original handshake is in onion_tap.[ch], the
CREATE_FAST handshake is in onion_fast.[ch], and onion.[ch] now
handles the onion queue.

This commit does nothing but move code and adjust header files.
2013-01-02 14:11:14 -05:00
Nick Mathewson
5b3dd1610c Wrangle curve25519 onion keys: generate, store, load, publish, republish
Here we try to handle curve25519 onion keys from generating them,
loading and storing them, publishing them in our descriptors, putting
them in microdescriptors, and so on.

This commit is untested and probably buggy like whoa
2013-01-02 14:11:14 -05:00
Nick Mathewson
6c883bc638 Move curve25519 keypair type to src/common; give it functions
This patch moves curve25519_keypair_t from src/or/onion_ntor.h to
src/common/crypto_curve25519.h, and adds new functions to generate,
load, and store keypairs.
2013-01-02 14:11:13 -05:00
Nick Mathewson
cf4dd5fbcb Implementat the ntor handshake
The ntor handshake--described in proposal 216 and in a paper by
Goldberg, Stebila, and Ustaoglu--gets us much better performance than
our current approach.
2013-01-02 14:10:49 -05:00
Nick Mathewson
ee4182612f Avoid spurious local-port warnings
Our old warn_nonlocal_client_ports() would give a bogus warning for
every nonlocal port every time it parsed any ports at all.  So if it
parsed a nonlocal socksport, it would complain that it had a nonlocal
socksport...and then turn around and complain about the nonlocal
socksport again, calling it a nonlocal transport or nonlocal dnsport,
if it had any of those.

Fixes bug 7836; bugfix on 0.2.3.3-alpha.
2013-01-02 10:37:03 -05:00
Sebastian Hahn
11e8a445c3 Fix a couple of harmless clang3.2 warnings 2012-12-31 18:23:28 +01:00
Nick Mathewson
5e22cfe2b4 Fix a crash bug when running an node without IPv6-exit support.
Fixes bug 7814; bugfix on 0.2.4.7-alpha.
2012-12-29 01:22:34 -05:00
Nick Mathewson
f272ee6a20 Fix an impossible-in-normal-operation leaks in dirvote
Spotted by coverity; partial fix for 7816; bugfix on 0.2.0.5-alpha.
2012-12-28 23:04:44 -05:00
Nick Mathewson
ee1d8dc480 Fix a leak-on-error case in 0.2.4 spotted by coverity
This one hits if the snprintf() fails when we're writing our IPv6
exit policy. It's new in 0.2.4.7-alpha. Part of bug 7816.
2012-12-28 22:59:32 -05:00
Nick Mathewson
d3aabf4db1 Fix various small leaks on error cases
Spotted by coverity, bug 7816, bugfix on various versions.
2012-12-28 22:49:32 -05:00
Nick Mathewson
b509ead20d Avoid leaking headers received from SSL proxy
Fixes part of 7816. Spotted by coverity. Fix on 0.2.2.1-alpha.
2012-12-28 22:45:53 -05:00
Nick Mathewson
4b571d3ab3 Fix memory leak in safe-cookie authentication code
Coverity spotted this. Bug 7816. Fix on 0.2.3.13-alpha.
2012-12-28 22:38:42 -05:00
Nick Mathewson
a7334f5122 Use log_fn_ratelim in a few places. 2012-12-26 11:07:15 -05:00
Nick Mathewson
127cb39ffc Rate-limit "No circuits are opened" message to once-per-hour
mr-4 reports on #7799 that he was seeing it several times per second,
which suggests that things had gone very wrong.

This isn't a real fix, but it should make Tor usable till we can
figure out the real issue.
2012-12-26 10:05:45 -05:00
Nick Mathewson
2e9be92cd7 Fix a possibly-unused-var warning. Thank you, GCC. 2012-12-25 23:37:41 -05:00
Nick Mathewson
01a09e8f86 Fix compilation warning: must not format u64 as long. 2012-12-25 23:34:38 -05:00
Nick Mathewson
8324824d8f Fix whitespace 2012-12-25 23:34:16 -05:00
Nick Mathewson
885e8d35c7 Merge remote-tracking branch 'mikeperry/209-path-bias-changes' 2012-12-25 23:30:28 -05:00
Nick Mathewson
0f9dfef9d6 Add configuration options for directory guards
In addition to all the other ways to make directory gurads not go,
you can now set UseEntryGuardsAsDirGuards to 0.
2012-12-25 23:14:43 -05:00
Nick Mathewson
0c4210fb65 Directory guard implementation.
Implements proposal 207; ticket 6526.
2012-12-25 23:14:43 -05:00
Nick Mathewson
1df7289000 Remember which of our guards are directory caches 2012-12-25 23:10:41 -05:00
Nick Mathewson
a7c6b4ab91 Split choosing a regular directory into its own fn 2012-12-25 23:10:41 -05:00
Nick Mathewson
25afecdbf9 Make ECDHE group configurable: 224 for public, 256 for bridges (default) 2012-12-25 20:22:46 -05:00
Nick Mathewson
175b2678d7 Let servers choose better ciphersuites when clients support them
This implements the server-side of proposal 198 by detecting when
clients lack the magic list of ciphersuites that indicates that
they're lying faking some ciphers they don't really have.  When
clients lack this list, we can choose any cipher that we'd actually
like.  The newly allowed ciphersuites are, currently, "All ECDHE-RSA
ciphers that openssl supports, except for ECDHE-RSA-RC4".

The code to detect the cipher list relies on on (ab)use of
SSL_set_session_secret_cb.
2012-12-25 20:14:07 -05:00
Nick Mathewson
8b5787ec0d When there are no dir_server_ts to choose, don't crash
It's important not to call choose_array_element_by_weight and then
pass its return value unchecked to smartlist_get : it is allowed to
return -1.

Fixes bug 7756; bugfix on 4e3d07a6 (not in any released Tor)
2012-12-18 21:32:53 -05:00
Mike Perry
406d59a9c9 Nick's Code review #3 part 2. 2012-12-18 14:16:01 -08:00
Mike Perry
b0fc18c37e Changes from Nick's code review 'part 1'
I think this is actually his third code review of this branch so far.
2012-12-18 13:26:36 -08:00
Nick Mathewson
7a99d26c79 Add packaged cell fullness to the heartbeat message.
This is an attempt to diagnose the severity of bug 7743.
2012-12-18 15:16:35 -05:00
Nick Mathewson
9b9cc6774f Merge branch 'ticket7570_7571'
Conflicts:
	src/or/routerlist.c
2012-12-17 15:49:09 -05:00
Nick Mathewson
4a07ea4a8c Drop the maximum attempts to get a virtual address to 1000.
This is good enough to give P_success >= 999,999,999/1,000,000,000 so
long as the address space is less than 97.95 full.  It'd be ridiculous
for that to happen for IPv6, and usome reasonable assumptions, it
would also be pretty silly for IPv4.
2012-12-17 14:51:31 -05:00
Nick Mathewson
4ded40b0ca Add missing doxygen for DNS and automap code 2012-12-17 14:51:31 -05:00
Nick Mathewson
8d080d0b01 Per-listener option to prefer IPv6 automaps when possible. 2012-12-17 14:51:30 -05:00
Nick Mathewson
de4cc126cb Build and test most of the machinery needed for IPv6 virtualaddrmaps
With an IPv6 virtual address map, we can basically hand out a new
IPv6 address for _every_ address we connect to.  That'll be cool, and
will let us maybe get around prop205 issues.

This uses some fancy logic to try to make the code paths in the ipv4
and the ipv6 case as close as possible, and moves to randomly
generated addresses so we don't need to maintain those stupid counters
that will collide if Tor restarts but apps don't.

Also has some XXXX items to fix to make this useful. More design
needed.
2012-12-17 14:51:29 -05:00
Nick Mathewson
963b3d1549 Refactor the code to check if an address is matched by automapsuffixes 2012-12-17 14:50:55 -05:00
Nick Mathewson
88d7312ff2 Fix another uninitialized var warning from GCC 2012-12-17 14:50:05 -05:00
Nick Mathewson
8969d9e0b6 Fixed an unused-variable warning 2012-12-17 14:50:05 -05:00
Nick Mathewson
8eb422e7bd Don't use the cache when changing an IP address because of an exit policy 2012-12-17 14:50:05 -05:00
Nick Mathewson
ac990aa44a Turn off by-default use of client-side DNS cacheing. 2012-12-17 14:50:04 -05:00
Nick Mathewson
7315a67646 Refactor port_cfg_t creation into a port_cfg_new() function
This function gives us a single place to set reasonable default flags
for port_cfg_t entries, to avoid bugs like the one where we weren't
setting ipv4_traffic_ok to 1 on SocksPorts initialized in an older
way.
2012-12-17 14:50:03 -05:00
Nick Mathewson
7536c40e96 Implement option to turn off DNS cache modification by a client port
(This is part 3 of making DNS cache use enabled/disabled on a
per-client port basis.  This implements the UseCacheIPv[46]DNS options)
2012-12-17 14:48:09 -05:00
Nick Mathewson
f33487668f Implement option to turn off DNS cache use on a client port
(This is part 2 of making DNS cache use enabled/disabled on a
per-client port basis.  This implements the CacheIPv[46]DNS options,
but not the UseCachedIPv[46] ones.)
2012-12-17 14:48:09 -05:00
Nick Mathewson
32219d8313 Oops: make the check for not adding ip->ip DNS maps correct 2012-12-17 14:48:09 -05:00
Nick Mathewson
d3e9e03cac Add options to turn DNS cache use on or off per client port.
(This is part 1 of making DNS cache use enabled/disabled on a
per-client port basis.  These options are shuffled around correctly,
but don't do anything yet.)
2012-12-17 14:48:08 -05:00
Nick Mathewson
44a9a47706 Oops; make DNSPort configuration take address family options 2012-12-17 14:48:08 -05:00
Nick Mathewson
3874e74b49 Avoid a 'may be used uninitialized' warning
Fixes bug 7746; bug not in any released version of Tor.
2012-12-17 11:14:12 -05:00
Nick Mathewson
b1ff8daeb5 Nuke uses of memcmp outside of unit tests
We want to be saying fast_mem{cmp,eq,neq} when we're doing a
comparison that's allowed to exit early, or tor_mem{cmp,eq,neq} when
we need a data-invariant timing.  Direct use of memcmp tends to imply
that we haven't thought about the issue.
2012-12-13 17:34:05 -05:00
Nick Mathewson
6a468a1722 Fix two wide lines in config.c 2012-12-13 12:44:17 -05:00
Nick Mathewson
01ac961ca1 Merge branch 'fallback_dirsource_v3' 2012-12-13 12:42:29 -05:00
Mike Perry
ccaeef22e1 Tags on relay cells can result in certain reason codes.
Close the circuit (it's probably junk anyways), and make sure we don't probe
it/count it as a success.
2012-12-11 17:49:12 -08:00
Mike Perry
af9011f824 Woops, this log message triggers with the 2-hop bias commit. 2012-12-11 17:19:39 -08:00
Mike Perry
c1bc6a1124 Add a missing comment. 2012-12-10 00:36:10 -08:00
Mike Perry
d409c8a90d More log message and space fixups. 2012-12-10 00:28:07 -08:00
Mike Perry
aa16d59ee7 Clean up some XXX comments. 2012-12-09 23:50:05 -08:00
Mike Perry
4590993ff3 Space fixes. 2012-12-09 23:47:04 -08:00
Mike Perry
b75880d7b3 Fix a rather serious use-count state bug.
We need to use the success count or the use count depending on the consensus
parameter.
2012-12-09 20:56:48 -08:00
Mike Perry
2dbb62f1b5 Convert to doubles for all pathbias state.
Let's hope this solves the rounding error issue..
2012-12-09 20:53:22 -08:00
Mike Perry
ab1fce5c19 Also shorten circuit_successes to circ_successes.
For consistency and great justice.

Ok, mostly consistency.
2012-12-09 20:24:50 -08:00
Mike Perry
a90f165b83 Rename first_hop to circ_attempt.
Since we've generalized what we can count from (first or second hop), we
should generalize the variable and constant naming too.
2012-12-09 20:24:22 -08:00
Mike Perry
04866055e8 Change from first hop accounting to 2nd hop accounting
This has several advantages, including more resilience to ambient failure.

I still need to rename all the first_hop vars tho.. Saving that for a separate
commit.
2012-12-09 20:02:41 -08:00
Mike Perry
fbbf894d4d Add intro+rend cannibalize param.. 2012-12-09 20:02:08 -08:00
Mike Perry
930fbb2fec Flag cannibalized circs as used (non-ideal).
Also add some comments.
2012-12-09 19:18:04 -08:00
Mike Perry
686fc22259 Allow any valid 'end' cell to mean a circuit was used successfully.
Also improve some log messages.
2012-12-08 16:37:22 -08:00
Mike Perry
b599a6ed07 Sadly, we can't safely count client intro circ success 2012-12-08 14:16:29 -08:00
Mike Perry
5f733ccd73 Fix some hidden service edge cases. 2012-12-08 12:07:58 -08:00
Mike Perry
26fa47226c Refactor path use bias code into own function.
Also, improve and log some failure cases.
2012-12-07 17:47:23 -08:00
Mike Perry
c3b71a3fc9 Actually, both nacks and acks indicate a valid path 2012-12-07 15:50:31 -08:00
Mike Perry
dc86d7c35b Note more potential issues. 2012-12-07 15:28:38 -08:00
Mike Perry
ecaeb505fa Note a strange case for SOCKS streams. 2012-12-07 15:28:38 -08:00
Mike Perry
7a28862d56 Fix another crash bug. 2012-12-07 15:28:38 -08:00
Mike Perry
721f7e3751 Fix a crash bug and pass down a remote reason code.
Unexpected channel closures count as remote circ failures.
2012-12-07 15:28:38 -08:00
Mike Perry
9b40466072 Document that care needs to be taken with any_streams_attached. 2012-12-07 15:28:38 -08:00
Mike Perry
c3028edba6 Remove n_chan codepaths for determinining guard.
Cpath is apparently good enough.
2012-12-07 15:28:38 -08:00
Mike Perry
a630726884 Move a pathbias function that depends on entryguard_t. 2012-12-07 15:28:38 -08:00
Mike Perry
7f8cbe389d Fix a crash due to NULL circ->n_chan.
Is this redundant? Can we always rely on circ->cpath->extend_info
being present for origin circuits?
2012-12-07 15:28:38 -08:00
Mike Perry
428fbfc1d5 Prop209: Rend circuits weren't ever marked dirty. 2012-12-07 15:28:38 -08:00
Mike Perry
aa0e6e2c03 Prop 209: Add in hidserv path bias counts for usage. 2012-12-07 15:28:38 -08:00
Mike Perry
412ae099cb Prop 209: Add path bias counts for timeouts and other mechanisms.
Turns out there's more than one way to block a tagged circuit.

This seems to successfully handle all of the normal exit circuits. Hidden
services need additional tweaks, still.
2012-12-07 15:28:38 -08:00
Mike Perry
da5c398d79 Be explicit about units for timeout. 2012-12-07 15:28:37 -08:00
Mike Perry
ef1b830ef8 Fix an assert crash and an incorrectly placed return. 2012-12-07 15:28:37 -08:00
Mike Perry
bb548134cd Update with code review changes from Nick. 2012-12-07 15:28:37 -08:00
Mike Perry
192996690c Fix spaces. 2012-12-07 15:28:37 -08:00
Mike Perry
a54873648f Refactor pathbias functions to use pathbias_should_count. 2012-12-07 15:28:37 -08:00
Mike Perry
ab9c83c949 Update Path Bias log messages to match Proposal 209. 2012-12-07 15:28:37 -08:00
Mike Perry
9bf5582e73 Add log message checks for different rates.
May want to squash this forward or back..
2012-12-07 15:28:37 -08:00
Mike Perry
248fbc3619 Update pathbias parameters to match Proposal 209.
Needs manpage update and testing still..
2012-12-07 15:28:37 -08:00
Mike Perry
954f263ed5 Add the ability to count circuit timeouts for guards.
This is purely for informational reasons for debugging.
2012-12-07 15:28:36 -08:00
Nick Mathewson
c8056dcbbb Fix some wide lines 2012-12-07 14:14:20 -05:00
Nick Mathewson
3fa9151f26 Merge branch 'win64-7260'
Conflicts:
	src/or/dns.c
2012-12-07 14:12:17 -05:00
Nick Mathewson
cd4f56a37c Fix infinite loop in circuit_expire_bulding
Fixes bug 7663; bug introduced in 42e3c04a7a.  Not in any
released version of Tor.
2012-12-07 14:08:07 -05:00
Nick Mathewson
025dc19b63 Merge remote-tracking branch 'public/bug6887' 2012-12-07 11:02:27 -05:00
Mike Perry
42e3c04a7a Bug 3443: Don't count ORconn setup in circuit build time.
Also, add a hack Roger suggested where we're more patient if no circuits are
opened yet.
2012-12-07 10:34:09 -05:00
Nick Mathewson
f742b33d85 Drop FallbackNetworkstatusFile; it never worked. 2012-12-06 11:28:49 -05:00
Nick Mathewson
a8d491a8fd Add an option to weight down authorities when choosing a fallback 2012-12-06 11:28:49 -05:00
Nick Mathewson
06cd62266f Add a way to configure selection weights for dir_server_t 2012-12-06 11:28:49 -05:00
Nick Mathewson
4e3d07a68a When choosing among dirserver_ts, consider their weights 2012-12-06 11:28:49 -05:00
Nick Mathewson
90f6071d8d New FallbackDir option to add extra directories for bootstraping
This replaces the old FallbackConsensus notion, and should provide a
way -- assuming we pick reasonable nodes! -- to give clients
suggestions of placs to go to get their first consensus.
2012-12-06 11:28:49 -05:00
Nick Mathewson
46a62e3256 Refactor add_trusted_dir_server
Now creating a dir_server_t and adding it are separate functions, and
there are frontend functions for adding a trusted dirserver and a
fallback dirserver.
2012-12-06 11:28:48 -05:00
Nick Mathewson
705ee3b5d4 Rename trusted_dir_server_t to dir_server_t. Automatic renaming. 2012-12-06 11:27:20 -05:00
Nick Mathewson
ded70363a7 Rename DirServer to DirAuthority 2012-12-06 11:23:43 -05:00
Nick Mathewson
5c51b3f1f0 Start refactoring trusted_dir_servers into trusted and fallback lists
We use trusted_dir_server_t for two pieces of functionality: a list of
all directory authorities, and a list of initial places to look for
a directory.  With this patch we start to separate those two roles.

There is as of now no actual way to be a fallback directory without being
an authority.
2012-12-06 11:23:43 -05:00
Nick Mathewson
404e3dd481 Correct moribund logic about caching v2 networkstatuses 2012-12-06 11:15:01 -05:00
Nick Mathewson
194cc24792 Make output of router_get_trusted_dir_servers const 2012-12-06 11:15:01 -05:00
Nick Mathewson
6921d1fd25 Implement HKDF from RFC5869
This is a customizable extract-and-expand HMAC-KDF for deriving keys.
It derives from RFC5869, which derives its rationale from Krawczyk,
H., "Cryptographic Extraction and Key Derivation: The HKDF Scheme",
Proceedings of CRYPTO 2010, 2010, <http://eprint.iacr.org/2010/264>.

I'm also renaming the existing KDF, now that Tor has two of them.

This is the key derivation scheme specified in ntor.

There are also unit tests.
2012-12-06 01:54:09 -05:00
Nick Mathewson
bd93ff8dd7 Merge remote-tracking branch 'asn/bug7592_take2' 2012-12-04 21:47:45 -05:00
George Kadianakis
c01dfd5d7b Return connection_exit_connect() if payload creation failed.
Fixes bug #7592; bugfix on 882b389668.

The bug is not present in any released versions of Tor.
2012-12-05 04:32:11 +02:00
Roger Dingledine
e899d49e2f fix some typos 2012-12-03 13:33:43 -05:00
Nick Mathewson
190c1d4981 Merge branch 'bug7013_take2_squashed' 2012-11-27 22:18:16 -05:00
George Kadianakis
6f21d2e496 Introduce tor_addr_port_parse() and use it to parse ServerTransportListenAddr. 2012-11-27 22:18:08 -05:00
George Kadianakis
f88c303869 Add a torrc option to specify the bind address of managed proxies. 2012-11-27 22:18:08 -05:00
Nick Mathewson
267c0e5aa1 Make sure that the error in ADDRMAP events is well-formed
"error=Unable to launch resolve request" is not a nice thing to tell
the controller.  Bugfix on 0.2.0.19-alpha (c11c48fc).
2012-11-23 11:36:44 -05:00
Nick Mathewson
06703f84df Minor documentation fix 2012-11-23 10:51:11 -05:00
Nick Mathewson
864e15cd1c In comments and logs, say "UTC" not "GMT"
Fix for #6113.

Note that the RFC1123 times we generate still all say 'GMT'.  I'm
going to suggest this is not worth changing.
2012-11-23 10:05:16 -05:00
Nick Mathewson
ea893a3c30 Merge branch 'bug7493_redux' 2012-11-18 18:46:57 -05:00
Nick Mathewson
bfe8d829c2 Initialize ipv{4,6}_traffic_ok in entry_connection_new
This one is necessary for sending BEGIN cells with sane flags when
self-testing a directory port.  All real entry connections were
getting their ipv{4,6}_traffic_ok flags set from their listeners, and
for begindir entry connections we didn't care, but for directory
self-testing, we had a problem.

Fixes at least one more case of 7493; if there are more lingering
cases of 7493, this might fix them too.

Bug not in any released version of Tor.
2012-11-18 17:15:41 -05:00
Roger Dingledine
06d367ea36 when counting available descs, say whether we're counting exits 2012-11-16 11:38:56 -05:00
Nick Mathewson
ecb619d96b Give useful warning when both IPv4 and IPv6 are disabled on a socksport 2012-11-15 22:58:54 -05:00
Nick Mathewson
28cbe90839 Allow IPv4 traffic on default and old-style-config SocksPorts.
Looks like when i was writing the code to set the ipv4_traffic flag on
port_cfg_t, I missed some cases, such as the one where the port was
set from its default value.

Fix for 7493. Bug not in any released Tor.
2012-11-15 22:49:43 -05:00
Nick Mathewson
1e46952f36 Set IPv4/IPv6 flags correctly when being a SOCKS client 2012-11-15 13:00:19 -05:00
Nick Mathewson
a4fce0fee8 Remove some XXXX commens in dns.c
Previously, I was freaking out about passing an unspec address to
dns_found_answer() on an error, since I was using the address type to
determine whether the error was an error on an ipv4 address lookup or
on an ipv6 address lookup.  But now dns_found_answer() has a separate
orig_query_type argument to tell what kind of query it is, so there's
no need to freak out.
2012-11-15 12:17:36 -05:00
Nick Mathewson
12f997528d Fix up some comments in connection_edge.c 2012-11-15 12:17:30 -05:00
Nick Mathewson
e3ceac38d9 Add another missing function doc 2012-11-14 23:16:58 -05:00
Nick Mathewson
d643487cc2 Initial support for AAAA requests on DNSPort.
This is imperfect, since it sends back whatever we would send to
a socks RESOLVE request, when in reality we should send back whatever
was asked for.
2012-11-14 23:16:58 -05:00
Nick Mathewson
053f2cb7c8 Let tor-resolve generate PTR requests for IPv6 addresses 2012-11-14 23:16:57 -05:00
Nick Mathewson
50af1087c4 Accept reverse resolve requests for IPv6 addresses 2012-11-14 23:16:57 -05:00
Nick Mathewson
0f899518cf Make DNS resolve requests work for IPv6
* If there's an IPv4 and an IPv6 address, return both in the resolved
  cell.
* Treat all resolve requests as permitting IPv6, since by the spec they're
  allowed to, and by the code that won't break anything.
2012-11-14 23:16:57 -05:00
Nick Mathewson
bb2145b45b Fix a bug in policy_is_reject_star() that was making IPv4 exits break
IPv4-only exits have an implicit "reject [::]/0", which was making
policy_is_reject_star() return 1 for them, making us refuse to do
hostname lookups.

This fix chanes policy_is_reject_star() to ask about which family we meant.
2012-11-14 23:16:57 -05:00
Nick Mathewson
85e8d35fca Add some missing doxygen for ipv6 exit code 2012-11-14 23:16:57 -05:00
Nick Mathewson
882b389668 Actually send back correctly-formed IPv6 CONNECTED cells
We had some old code to send back connected cells for IPv6 addresses,
but it was wrong.  Fortunately, it was also unreachable.
2012-11-14 23:16:41 -05:00
Nick Mathewson
6b36142bcc Remove some unused defines in dns.c 2012-11-14 23:16:40 -05:00
Nick Mathewson
7197c9f14a Repair DNS NEXIST hijacking workaround
The code previously detected wildcarding and replaced wildcarded
answers with DNS_STATUS_FAILED_PERMANENT.  But that status variable
was no longer used!  Remove the status variable, and instead change
the value of 'result' in evdns_callback.

Thank goodness for compiler warnings. In this case,
unused-but-set-variable.

Thanks to Linus for finding this one.
2012-11-14 23:16:40 -05:00
Nick Mathewson
363cf02455 Implement a PreferIPv6 flag for SocksPorts 2012-11-14 23:16:40 -05:00
Nick Mathewson
c4830bfbe2 Define a wrapper for evdns_base_resolve_ipv6 for systems w/o libevent 2 2012-11-14 23:16:40 -05:00
Nick Mathewson
35ce42118f Make address_is_invalid_destination recognize ipv6 addrs as valid. 2012-11-14 23:16:40 -05:00
Nick Mathewson
1cc7736575 Actually generate microdescriptors with p6 lines. 2012-11-14 23:16:40 -05:00
Nick Mathewson
54ee7ff148 Remove a since-fixed XXX; improve a doxygen comment 2012-11-14 23:16:40 -05:00
Nick Mathewson
004f3f4e53 Actually advertise IPv6 exit policies.
I have a theory that my tests will work better if the code I'm testing
isn't disabled.
2012-11-14 23:16:40 -05:00
Nick Mathewson
2889bd2642 Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result.  As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit.  Once
we have answers or errors for both, we act accordingly.

This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.

Additionally, have a new interface for the argument passed to the
evdns_callback function.  Previously, it was just the original address
we were resolving.  But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.

The new convention is to have the first byte of that argument include
the query type.  I've refactored the code a bit to make that simpler.
2012-11-14 23:16:25 -05:00
Nick Mathewson
a58e17bcc3 Change signature of router_compare_to_my_exit_policy so dns can use it
Also, fix the function so it actually looks at our ipv6 exit policy.
2012-11-14 23:16:25 -05:00
Nick Mathewson
25cf286fb1 Whitespace cleanup 2012-11-14 23:16:24 -05:00
Nick Mathewson
0487c0d579 Reindent a block in dns.c 2012-11-14 23:16:24 -05:00
Nick Mathewson
807b781a3d Actually send BEGIN cell flags
This uses advertised IPv6 ports as an implicit version check.
2012-11-14 23:16:24 -05:00
Nick Mathewson
93591383a9 When asking for a specific address type, others aren't acceptable 2012-11-14 23:16:24 -05:00
Nick Mathewson
d276894772 I think it is correct to decorate these addresses. 2012-11-14 23:16:24 -05:00
Nick Mathewson
6e27282dab Better checking of exit policies for connections by hostname 2012-11-14 23:16:24 -05:00
Nick Mathewson
5ee1de65b0 Only send begin cell flags when we have some to send 2012-11-14 23:16:24 -05:00
Nick Mathewson
a62c03fe2c Never support IPv6 traffic on a SOCKS4 connection. 2012-11-14 23:16:24 -05:00
Nick Mathewson
cac5335195 Get the client side of receiving an IPv6 address to work
This makes it so we can handle getting an IPv6 in the 3 different
formats we specified it for in RESOLVED cells,
END_STREAM_REASON_EXITPOLICY cells, and CONNECTED cells.

We don't cache IPv6 addresses yet, since proposal 205 isn't
implemented.

There's a refactored function for parsing connected cells; it has unit
tests.
2012-11-14 23:16:23 -05:00
Nick Mathewson
93dc7dcf41 Reject IPv4 or IPv6 addresses from the user depending on SOCKS settings 2012-11-14 23:16:23 -05:00
Nick Mathewson
111321ed16 Rename ipv{4,6}_only to bind_ipv{4,6}_only
This is to avoid confusion with the ipv{4,6}_traffic flags.
2012-11-14 23:16:23 -05:00
Nick Mathewson
4bec25c3cd Add {No,}IPv{4,6}Traffic options to SOCKSPort
These options are for telling the SOCKSPort that it should allow or
not allow connections to IPv4/IPv6 addresses.

These aren't implemented yet; this is just the code to read the
options and get them into the entrey_connection_t.
2012-11-14 23:16:23 -05:00
Nick Mathewson
b7843ca554 Make DNS callback pass IPv6 answers to dns_answer_found
Also, count ipv6 timeouts vs others.  If we have too many ipv6
requests time out, then we could be degrading performance because of a
broken DNS server that ignores AAAA requests.  Other cases in which
we never learn an AAAA address aren't so bad, since they don't slow
A (ipv4) answers down very much.
2012-11-14 23:16:23 -05:00
Nick Mathewson
00633b9446 Make dns wildcarding checks work for ipv6 2012-11-14 23:16:22 -05:00
Nick Mathewson
9016d9e829 Add an IPv6Exit configuration option
Don't advertise an IPv6 exit policy, or accept IPv6 exit requests,
if IPv6Exit is not true.
2012-11-14 23:16:22 -05:00
Nick Mathewson
c3faa0ebd5 Simplest version of server-side IPv6 support (no dns)
This is a relatively simple set of changes: we mostly need to
remove a few "but not for IPv6" changes.  We also needed to tweak
the handling of DNS code to generate RESOLVED cells that could get
an IPv6 answer in return.
2012-11-14 23:16:22 -05:00
Nick Mathewson
c64ee7099f Record, send, and receive flags in BEGIN cells 2012-11-14 23:16:22 -05:00
Nick Mathewson
b35a0d1132 Add IPv6 support to compare_to_addr_to_node_policy 2012-11-14 23:16:22 -05:00
Nick Mathewson
04ea550141 Authorities put p6 lines into microdescriptors. 2012-11-14 23:16:22 -05:00
Nick Mathewson
c53adac122 Parse IPv6 policy summaries from router descriptors and microdescs 2012-11-14 23:16:22 -05:00
Nick Mathewson
a96c0affcb Better policy support for IPv6
Now, "accept *:80" means "accept all addresses on port 80", and not
just IPv4.  For just v4, say "accept *4:80"; for just v6 say "accept
*6:80".

We can parse these policies from torrc just fine, and we should be
successfully keeping them out of descriptors for now.

We also now include appropriate IPv6 addresses in "reject private:*"
2012-11-14 23:16:21 -05:00
Nick Mathewson
2eb7eafc9d Add a new family-specific syntax for tor_addr_parse_mask_ports
By default, "*" means "All IPv4 addresses" with
tor_addr_parse_mask_ports, so I won't break anything.  But if the new
EXTENDED_STAR flag is provided, then * means "any address", *4 means
"any IPv4 address" (that is, 0.0.0.0/0), and "*6" means "any IPv6
address" (that is, [::]/0).

This is going to let us have a syntax for specifying exit policies in
torrc that won't drive people mad.

Also, add a bunch of unit tests for tor_addr_parse_mask_ports to test
these new features, and to increase coverage.
2012-11-14 23:16:21 -05:00
Nick Mathewson
462ebb270a Refactor begin cell parsing into its own function, with tests.
Add 'flags' argument to begin cells, per proposal 208.
2012-11-14 23:16:21 -05:00
Nick Mathewson
ca8843df0a Refactor client_dns_set_{reverse_,}addressmap() to take a circ
We'd like these functions to be circuit-relative so that we can
implement a per-circuit DNS cache and per-circuit DNS cache rules for
proposal 205 or its successors.  I'm doing this now, as a part of the
IPv6 exits code, since there are about to be a few more instances
of code using this.
2012-11-14 23:16:21 -05:00
Nick Mathewson
7908ab2093 Move address map into its own file. 2012-11-14 23:16:20 -05:00
Andrea Shepard
2cb82c33bc Merge branch 'bug7267' of ssh://git-rw.torproject.org/user/andrea/tor 2012-11-13 18:54:24 -08:00
Andrea Shepard
3db3daa663 Add comment explaining different channel close functions 2012-11-13 18:50:37 -08:00
Nick Mathewson
02a43e5eb6 Merge remote-tracking branch 'public/bug7059' 2012-11-13 21:50:07 -05:00
Andrea Shepard
7ab3004223 Call channel_mark_for_close() properly in hibernate_go_dormant() 2012-11-13 13:45:00 -08:00
Roger Dingledine
a90affa84b Merge branch 'maint-0.2.3' 2012-11-12 23:49:37 -05:00
Roger Dingledine
88bb48e785 use a more logical operator
Fix a harmless bug when opting against publishing a relay descriptor
because DisableNetwork is set.

Fixes bug 7464; bugfix on 0.2.3.9-alpha.
2012-11-12 23:47:21 -05:00
Nick Mathewson
f473d83dea Possible fix for bug 7212
This is the simplest possible workaround: make it safe to call
circuit_cell_queue_clear() on a non-attached circuit, and make it
safe-but-a-LD_BUG-warning to call update_circuit_on_cmux() on a
non-attached circuit.

 LocalWords:  unstage src Untracked
2012-11-12 08:28:09 -05:00
Andrea Shepard
0523c8de7d Merge branch 'check_for_orconn_on_close_squashed' of ssh://git-rw.torproject.org/user/andrea/tor 2012-11-10 03:24:41 -08:00
Andrea Shepard
99e82cab30 Make everything in connection.c that uses connection_or_notify_error() also use connection_mark_and_close_internal() to avoid spurious warnings 2012-11-10 02:35:47 -08:00
Andrea Shepard
8124398835 Check for orconns in connection_mark_for_close and connection_mark_and_flush, and pass the call through channel_close_for_error with a warning to avoid asserts 2012-11-10 02:35:47 -08:00
Nick Mathewson
713736a6a7 Fix a memory leak in handling errors on CERTS cells. bug 7422 2012-11-08 23:01:39 -05:00
Nick Mathewson
e1c7d12b1d Turn some memset()s introduced in tor 0.2.4 into memwipe()s 2012-11-08 17:00:36 -05:00
Nick Mathewson
81deddb08c Merge remote-tracking branch 'origin/maint-0.2.3'
Conflicts:
	src/common/crypto.c
	src/or/rendservice.c
2012-11-08 16:48:04 -05:00
Nick Mathewson
49dd5ef3a3 Add and use and unlikely-to-be-eliminated memwipe()
Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope.  I've gone with the safest
possible replacement, which might be a bit slow.  I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.

Fixes bug 7352.
2012-11-08 16:44:50 -05:00
Andrea Shepard
9f3f5372b8 Merge branch 'bug7350' of ssh://git-rw.torproject.org/user/andrea/tor 2012-11-07 11:43:04 -08:00
Nick Mathewson
8e8c0674c4 Implement proposal-214 rules for CircID checking. 2012-11-06 21:33:53 -05:00
Nick Mathewson
1c0e87f6d8 Add a pointless 2-byte memset in cell_pack
There is probably no code that can write the 2 bytes at the end of the
packed_cell_t when the cell is only a 512-byte cell, but let's not get
overconfident there.
2012-11-06 21:24:05 -05:00
Nick Mathewson
bfffc1f0fc Allow a v4 link protocol for 4-byte circuit IDs.
Implements proposal 214.

Needs testing.
2012-11-06 21:23:46 -05:00
Andrea Shepard
80eb03ae0a Don't call channel_send_destroy() when closing a circuit on a closing channel 2012-11-06 17:58:59 -08:00
Andrea Shepard
688cea7248 Check for closing channel in channel_send_destroy() 2012-11-06 17:52:14 -08:00
Nick Mathewson
cd054ceada Merge branch 'bug7285' 2012-11-06 18:02:03 -05:00
George Kadianakis
a9f786758d Add warning message when a managed proxy dies during configuration. 2012-11-06 17:53:09 -05:00
Nick Mathewson
11c467f643 Fix a stupid logic-error in warnings about low ports.
Instead of warning about low ports that are advertised, we should have
been warning about low ports that we're listening on.  Bug 7285, fix
on 0.2.3.9-alpha.
2012-11-06 17:15:39 -05:00
Nick Mathewson
0e8be13b9f Allow an optional $ in GETINFO ns/id/<identity>
That's not where I'd want to put a $, but apparently the other
foo/id/<identity> things allow it, as does an arguably valid
interpretation of control-spec.txt.  So let's be consistent.

Fix for a piece of bug 7059.
2012-11-04 22:12:11 -05:00
Nick Mathewson
39a0a2c3ae Merge remote-tracking branch 'asn/bug7292' 2012-11-04 21:54:19 -05:00
Nick Mathewson
2b781613b0 Whitespace fixes 2012-11-04 21:52:28 -05:00
Nick Mathewson
98204729aa Clean up nonsensical calling convention for config_load_geoip_file_
(How many "load a file" functions do you typically see where the
function frees the filename argument?)
2012-11-04 21:51:02 -05:00
Nick Mathewson
626a8b60d7 Merge remote-tracking branch 'linus/bug5053-bug5055'
Conflicts:
	src/or/geoip.c
2012-11-04 21:44:31 -05:00
George Kadianakis
37f8a2263e Use LOG_WARN instead of LOG_PROTOCOL_WARN when parsing transport lines. 2012-11-02 23:48:53 +02:00
Nick Mathewson
1bfda600c3 Add a TOR_SOCKET_T_FORMAT construction for logging sockets.
We need this since win64 has a 64-bit SOCKET type.

Based on a patch from yayooo for 7260, forward-ported to 0.2.4.
2012-11-02 14:22:21 -04:00
Nick Mathewson
05194cce62 Avoid c99 designated initializers in circuitmux_ewma.c
We still want to build on compilers w/o c99 support, such as
(notoriously, shamefully) MSVC.

So I'm commenting out the designated initializers in
circuitmux_ewma.c.  The alternative would have been to use some kind
of macros to use designated initializers only when they're
supported, but that's error-prone, and can lead to code having
different meanings under different compilers.

Bug 7286; fix on 0.2.4.4-alpha; spotted by Gisle Vanem.
2012-11-02 13:14:39 -04:00
Linus Nordberg
ffddd4de2a Change some comments to reflect the multitude of GeoIP databases. 2012-10-31 16:38:07 +01:00
Nick Mathewson
9327a9f607 Fix whitespace 2012-10-31 11:27:13 -04:00
Linus Nordberg
e7e68b80a7 Don't memcmp struct in6_addr but rather its s6_addr member. 2012-10-31 15:52:56 +01:00
Linus Nordberg
6a241ff3ff Duplicate less code. 2012-10-31 13:58:55 +01:00
Andrea Shepard
be37125030 Merge branch 'bsd_queue' of ssh://git-rw.torproject.org/nickm/tor 2012-10-30 14:39:14 -07:00
Nick Mathewson
c442d85439 Fix a remotely triggerable assertion failure (CVE-2012-2250)
If we completed the handshake for the v2 link protocol but wound up
negotiating the wong protocol version, we'd become so confused about
what part of the handshake we were in that we'd promptly die with an
assertion.

This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha.
All servers running that version or later should really upgrade.

Bug and fix from "some guy from France."  I tweaked his code slightly
to make it log the IP of the offending node, and to forward-port it to
0.2.4.
2012-10-23 23:09:21 -04:00
Nick Mathewson
758428dd32 Fix a remotely triggerable assertion failure (CVE-2012-2250)
If we completed the handshake for the v2 link protocol but wound up
negotiating the wong protocol version, we'd become so confused about
what part of the handshake we were in that we'd promptly die with an
assertion.

This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha.
All servers running that version or later should really upgrade.

Bug and fix from "some guy from France."  I tweaked his code slightly
to make it log the IP of the offending node.
2012-10-23 22:58:38 -04:00
Roger Dingledine
4c06a804d9 Merge branch 'maint-0.2.3' 2012-10-23 17:26:07 -04:00
Roger Dingledine
2ecee3fce2 Let 0.2.3 clients exit to internal addresses if they want
Clients now consider the ClientRejectInternalAddresses config option
when using a microdescriptor consensus stanza to decide whether
an exit relay would allow exiting to an internal address. Fixes
bug 7190; bugfix on 0.2.3.1-alpha.
2012-10-23 17:18:01 -04:00
Roger Dingledine
e17fd57782 fix typo 2012-10-23 17:15:28 -04:00
Nick Mathewson
98c24670e7 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-23 16:28:34 -04:00
Nick Mathewson
85659d3964 Fix parse_short_policy (bug 7192.)
Our implementation of parse_short_policy was screwed up: it would
ignore the last character of every short policy.  Obviously, that's
broken.

This patch fixes the busted behavior, and adds a bunch of unit tests
to make sure the rest of that function is okay.

Fixes bug 7192; fix on 0.2.3.1-alpha.
2012-10-23 13:49:48 -04:00
Roger Dingledine
4c8b58f900 add a unit test to expose bug 7192 2012-10-22 17:09:43 -04:00
Nick Mathewson
848333c6d6 Fix more madness from the split_circuitbuild merge 2012-10-22 14:36:30 -04:00
Nick Mathewson
fa6a65756f Kill extraneous x from 907db008ab
Looks like clang doesn't complain about this kind of thing.

Spotted by Andrea.  Bug not in any released version.
2012-10-22 14:29:15 -04:00
Nick Mathewson
86258df65d Merge branch 'split_circuitbuild'
Conflicts:
	src/or/circuitbuild.c

There was a huge-looking conflict in circuitbuild.c, but the only
change that had been made to circuitbuild.c since I forked off the
split_circuitbuild branch was 17442560c4.  So I took the
split_circuitbuild version of the conflicting part, and manually
re-applied the change from 17442560c44e8093f9a..
2012-10-22 11:35:32 -04:00
Linus Nordberg
8c9b427425 Name variables more consistently. 2012-10-22 12:36:34 +02:00
Linus Nordberg
9d71d97e9d Document two functions. 2012-10-22 12:24:29 +02:00
Linus Nordberg
172aac62ed Rename C reserved identifiers missed before. 2012-10-20 20:56:59 +02:00
Linus Nordberg
cb51807236 Add "IPVersions" to control command "status/clients-seen". 2012-10-20 20:56:59 +02:00
Linus Nordberg
af175fa7e4 Duplicate less code. 2012-10-20 20:56:59 +02:00
Linus Nordberg
817ff962f8 Separate IPv4 and IPv6 geoip file loading.
Also add IPv6 geoip file digest to extra info.

Also also, add support for IPv6 addresses in control command
"ip-to-country".
2012-10-20 20:56:59 +02:00
Nick Mathewson
e8f547c181 Merge branch 'block_renegotiate_024' 2012-10-19 14:32:42 -04:00
Nick Mathewson
1cc06bd35e Merge branch 'block_renegotiate_023' into maint-0.2.3 2012-10-19 14:30:31 -04:00
Nick Mathewson
0dac0d8ad6 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-19 03:06:15 -04:00
Robert Ransom
d3bfdd6108 Don't serve or accept v2 HS descs over a DirPort
(changes file tweaked by nickm)
2012-10-19 02:56:25 -04:00
Andrea Shepard
981f25a73a Factor out common parts of channel_tls_connect() and channel_tls_handle_incoming(); fixes get_remote_addr problem with incoming connections for bug 7112 2012-10-18 21:53:50 -04:00
Nick Mathewson
3d8b73db55 Discard extraneous renegotiation attempts in the v3 link protocol
Failure to do so left us open to a remotely triggerable assertion
failure. Fixes CVE-2012-2249; bugfix on 0.2.3.6-alpha. Reported by
"some guy from France".

This patch is a forward-port to 0.2.4, to work with the new channel
logic.
2012-10-17 19:19:58 -04:00
Nick Mathewson
f357ef9dcc Discard extraneous renegotiation attempts in the v3 link protocol
Failure to do so left us open to a remotely triggerable assertion
failure. Fixes CVE-2012-2249; bugfix on 0.2.3.6-alpha. Reported by
"some guy from France".
2012-10-17 19:18:16 -04:00
Nick Mathewson
850c990144 Fix a bug in channel_dump_statistics
We were calling channel_get_actual_remote_descr() before we used the
output of a previous channel_get_canonical_remote_descr(), thus
invalidating its output.
2012-10-17 11:29:59 -04:00
Nick Mathewson
cb9d123764 Document lifespan of return values of the _remote_descr() funcs 2012-10-17 11:29:37 -04:00
Nick Mathewson
26946c659b Restore the 'address' value of tunneled connections
When we merged the channel code, we made the 'address' field of linked
directory connections created with begindir (and their associated edge
connections) contain an address:port string, when they should only
have contained the address part.

This patch also tweaks the interface to the get_descr method of
channels so that it takes a set of flags rather than a single flag.
2012-10-17 11:23:26 -04:00
Nick Mathewson
898bd1ae8f Fix for bug 7112 (spewing complaints from tor_addr_is_internal)
In 4768c0efe3 (not in any released
version of Tor), we removed a little block of code that set the addr
field of an exit connection used in making a tunneled directory
request.  Turns out that wasn't right.
2012-10-17 11:15:01 -04:00
Nick Mathewson
f633184af1 Document return value of channel_get_addr_if_possible 2012-10-17 11:12:59 -04:00
Linus Nordberg
e2313d8622 White space. 2012-10-17 14:01:02 +02:00
Andrea Shepard
35f573136d Use LD_PROTOCOL rather than LD_BUG to warn about bogus reason codes that originated remotely in circuit_end_reason_to_control_string() 2012-10-17 03:24:28 -07:00
Andrea Shepard
17442560c4 Fix mal-merge, don't | END_CIRC_REASON_CHANNEL_CLOSED into reason codes in circuit_truncated() 2012-10-17 03:23:35 -07:00
Linus Nordberg
74c6dafed6 Two changes lost in rebase resurrected. 2012-10-17 12:13:49 +02:00
Linus Nordberg
19ab7b1639 Rename reserved C identifiers. 2012-10-17 10:54:53 +02:00
Karsten Loesing
1f849f9181 Minor tweaks to nils' v4 vs v6 bridge usage code. 2012-10-17 10:54:53 +02:00
Karsten Loesing
c03e3d66a9 Minor tweaks and comments to nils' geoip v6 code. 2012-10-17 10:54:52 +02:00
nils
31e224173b Include statistics as to how many connections are IPv4 versus IPv6 2012-10-17 10:54:52 +02:00
nils
abb886014e Add GeoIP database for IPv6 addresses 2012-10-17 10:54:52 +02:00
nils
167363403b Rename address family specific IPv4 geoip functions in preparation for IPv6 support 2012-10-17 10:54:17 +02:00
Andrea Shepard
94a0309909 Merge branch 'bug7087_2' of ssh://git-rw.torproject.org/user/andrea/tor 2012-10-15 13:04:55 -07:00
Andrea Shepard
ac227cf587 Close and free channel_tls_listener correctly in channel_tls_free_all() 2012-10-15 12:22:20 -07:00
Nick Mathewson
907db008ab Move the circuit build timeout code into its own file. 2012-10-15 14:50:55 -04:00
Nick Mathewson
9e9edf71f7 Split code for entry guards and bridges into a new module. 2012-10-15 14:28:23 -04:00
Nick Mathewson
f38fb29502 whitesapce fix 2012-10-15 11:22:53 -04:00
Nick Mathewson
9f83142591 Merge remote-tracking branch 'public/bug1031' 2012-10-15 11:20:48 -04:00
Andrea Shepard
99057014ba Add debug logging to channel_listener_free()/channel_listener_force_free() 2012-10-15 07:56:35 -07:00
Nick Mathewson
469b847c70 Fix a long line 2012-10-15 10:55:52 -04:00
Markus Teich
5a959163d3 fixed differing returntype in definition and declaration of dirserv_add_extrainfo 2012-10-15 10:53:11 -04:00
Andrea Shepard
4da2864308 Merge branch 'bug7087' of git://git.torproject.org/user/andrea/tor 2012-10-15 07:22:33 -07:00
Andrea Shepard
3894ca1508 Add debug logging for channel_free() and channel_force_free() 2012-10-15 06:46:23 -07:00
Andrea Shepard
9ef286ec8f Correctly clear cmux policies and free cmux in channel_free() and channel_force_free() 2012-10-15 06:32:44 -07:00
Nick Mathewson
0d946e1773 Merge remote-tracking branch 'arma/bug7029' 2012-10-14 23:06:43 -04:00
Roger Dingledine
38b7947386 fix trivial typo 2012-10-13 18:34:24 -04:00
Nick Mathewson
2b10e99eb0 Try refactoring channel list to use HT_ and LIST_ stuff directly 2012-10-12 20:16:43 -04:00
Nick Mathewson
7c9954a02a Use SIMPLEQ, not smartlist_t, for channel cell queues.
This lets  us use fewer memory allocations, and avoid O(n^2) iterations
2012-10-12 17:58:01 -04:00
Nick Mathewson
56c0baa523 Rename all reserved C identifiers we defined
For everything we declare that starts with _, make it end with _ instead.

This is a machine-generated patch.  To make it, start by getting the
list of reserved identifiers using:

     git ls-tree -r --name-only HEAD | grep  '\.[ch]$' | \
       xargs ctags --c-kinds=defglmpstuvx -o - | grep '^_' | \
       cut -f 1 | sort| uniq

You might need gnu ctags.

Then pipe the output through this script:
==============================

use strict;

BEGIN { print "#!/usr/bin/perl -w -i -p\n\n"; }

chomp;

next if (
     /^__attribute__/ or
     /^__func__/ or
     /^_FILE_OFFSET_BITS/ or
     /^_FORTIFY_SOURCE/ or
     /^_GNU_SOURCE/ or
     /^_WIN32/ or
     /^_DARWIN_UNLIMITED/ or
     /^_FILE_OFFSET_BITS/ or
     /^_LARGEFILE64_SOURCE/ or
     /^_LFS64_LARGEFILE/ or
     /^__cdecl/ or
     /^__attribute__/ or
     /^__func__/ or
    /^_WIN32_WINNT/);

my $ident = $_;

my $better = $ident;
$better =~ s/^_//;

$better = "${better}_";

print "s/(?<![A-Za-z0-9_])$ident(?![A-Za-z0-9_])/$better/g;\n";
==============================

Then run the resulting script on all the files you want to change.
(That is, all the C except that in src/ext.)  The resulting script was:

==============================

s/(?<![A-Za-z0-9_])_address(?![A-Za-z0-9_])/address_/g;
s/(?<![A-Za-z0-9_])_aes_fill_buf(?![A-Za-z0-9_])/aes_fill_buf_/g;
s/(?<![A-Za-z0-9_])_AllowInvalid(?![A-Za-z0-9_])/AllowInvalid_/g;
s/(?<![A-Za-z0-9_])_AP_CONN_STATE_MAX(?![A-Za-z0-9_])/AP_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_AP_CONN_STATE_MIN(?![A-Za-z0-9_])/AP_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_assert_cache_ok(?![A-Za-z0-9_])/assert_cache_ok_/g;
s/(?<![A-Za-z0-9_])_A_UNKNOWN(?![A-Za-z0-9_])/A_UNKNOWN_/g;
s/(?<![A-Za-z0-9_])_base(?![A-Za-z0-9_])/base_/g;
s/(?<![A-Za-z0-9_])_BridgePassword_AuthDigest(?![A-Za-z0-9_])/BridgePassword_AuthDigest_/g;
s/(?<![A-Za-z0-9_])_buffer_stats_compare_entries(?![A-Za-z0-9_])/buffer_stats_compare_entries_/g;
s/(?<![A-Za-z0-9_])_chan_circid_entries_eq(?![A-Za-z0-9_])/chan_circid_entries_eq_/g;
s/(?<![A-Za-z0-9_])_chan_circid_entry_hash(?![A-Za-z0-9_])/chan_circid_entry_hash_/g;
s/(?<![A-Za-z0-9_])_check_no_tls_errors(?![A-Za-z0-9_])/check_no_tls_errors_/g;
s/(?<![A-Za-z0-9_])_c_hist_compare(?![A-Za-z0-9_])/c_hist_compare_/g;
s/(?<![A-Za-z0-9_])_circ(?![A-Za-z0-9_])/circ_/g;
s/(?<![A-Za-z0-9_])_circuit_get_global_list(?![A-Za-z0-9_])/circuit_get_global_list_/g;
s/(?<![A-Za-z0-9_])_circuit_mark_for_close(?![A-Za-z0-9_])/circuit_mark_for_close_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_C_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_C_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_MIN(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_OR_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_OR_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_OR_MIN(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_OR_MIN_/g;
s/(?<![A-Za-z0-9_])_cmp_int_strings(?![A-Za-z0-9_])/cmp_int_strings_/g;
s/(?<![A-Za-z0-9_])_compare_cached_resolves_by_expiry(?![A-Za-z0-9_])/compare_cached_resolves_by_expiry_/g;
s/(?<![A-Za-z0-9_])_compare_digests(?![A-Za-z0-9_])/compare_digests_/g;
s/(?<![A-Za-z0-9_])_compare_digests256(?![A-Za-z0-9_])/compare_digests256_/g;
s/(?<![A-Za-z0-9_])_compare_dir_src_ents_by_authority_id(?![A-Za-z0-9_])/compare_dir_src_ents_by_authority_id_/g;
s/(?<![A-Za-z0-9_])_compare_duration_idx(?![A-Za-z0-9_])/compare_duration_idx_/g;
s/(?<![A-Za-z0-9_])_compare_int(?![A-Za-z0-9_])/compare_int_/g;
s/(?<![A-Za-z0-9_])_compare_networkstatus_v2_published_on(?![A-Za-z0-9_])/compare_networkstatus_v2_published_on_/g;
s/(?<![A-Za-z0-9_])_compare_old_routers_by_identity(?![A-Za-z0-9_])/compare_old_routers_by_identity_/g;
s/(?<![A-Za-z0-9_])_compare_orports(?![A-Za-z0-9_])/compare_orports_/g;
s/(?<![A-Za-z0-9_])_compare_pairs(?![A-Za-z0-9_])/compare_pairs_/g;
s/(?<![A-Za-z0-9_])_compare_routerinfo_by_id_digest(?![A-Za-z0-9_])/compare_routerinfo_by_id_digest_/g;
s/(?<![A-Za-z0-9_])_compare_routerinfo_by_ip_and_bw(?![A-Za-z0-9_])/compare_routerinfo_by_ip_and_bw_/g;
s/(?<![A-Za-z0-9_])_compare_signed_descriptors_by_age(?![A-Za-z0-9_])/compare_signed_descriptors_by_age_/g;
s/(?<![A-Za-z0-9_])_compare_string_ptrs(?![A-Za-z0-9_])/compare_string_ptrs_/g;
s/(?<![A-Za-z0-9_])_compare_strings_for_pqueue(?![A-Za-z0-9_])/compare_strings_for_pqueue_/g;
s/(?<![A-Za-z0-9_])_compare_strs(?![A-Za-z0-9_])/compare_strs_/g;
s/(?<![A-Za-z0-9_])_compare_tor_version_str_ptr(?![A-Za-z0-9_])/compare_tor_version_str_ptr_/g;
s/(?<![A-Za-z0-9_])_compare_vote_rs(?![A-Za-z0-9_])/compare_vote_rs_/g;
s/(?<![A-Za-z0-9_])_compare_votes_by_authority_id(?![A-Za-z0-9_])/compare_votes_by_authority_id_/g;
s/(?<![A-Za-z0-9_])_compare_without_first_ch(?![A-Za-z0-9_])/compare_without_first_ch_/g;
s/(?<![A-Za-z0-9_])_connection_free(?![A-Za-z0-9_])/connection_free_/g;
s/(?<![A-Za-z0-9_])_connection_mark_and_flush(?![A-Za-z0-9_])/connection_mark_and_flush_/g;
s/(?<![A-Za-z0-9_])_connection_mark_for_close(?![A-Za-z0-9_])/connection_mark_for_close_/g;
s/(?<![A-Za-z0-9_])_connection_mark_unattached_ap(?![A-Za-z0-9_])/connection_mark_unattached_ap_/g;
s/(?<![A-Za-z0-9_])_connection_write_to_buf_impl(?![A-Za-z0-9_])/connection_write_to_buf_impl_/g;
s/(?<![A-Za-z0-9_])_ConnLimit(?![A-Za-z0-9_])/ConnLimit_/g;
s/(?<![A-Za-z0-9_])_CONN_TYPE_MAX(?![A-Za-z0-9_])/CONN_TYPE_MAX_/g;
s/(?<![A-Za-z0-9_])_CONN_TYPE_MIN(?![A-Za-z0-9_])/CONN_TYPE_MIN_/g;
s/(?<![A-Za-z0-9_])_CONTROL_CONN_STATE_MAX(?![A-Za-z0-9_])/CONTROL_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_CONTROL_CONN_STATE_MIN(?![A-Za-z0-9_])/CONTROL_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_CPUWORKER_STATE_MAX(?![A-Za-z0-9_])/CPUWORKER_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_CPUWORKER_STATE_MIN(?![A-Za-z0-9_])/CPUWORKER_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_crypto_dh_get_dh(?![A-Za-z0-9_])/crypto_dh_get_dh_/g;
s/(?<![A-Za-z0-9_])_crypto_global_initialized(?![A-Za-z0-9_])/crypto_global_initialized_/g;
s/(?<![A-Za-z0-9_])_crypto_new_pk_from_rsa(?![A-Za-z0-9_])/crypto_new_pk_from_rsa_/g;
s/(?<![A-Za-z0-9_])_crypto_pk_get_evp_pkey(?![A-Za-z0-9_])/crypto_pk_get_evp_pkey_/g;
s/(?<![A-Za-z0-9_])_crypto_pk_get_rsa(?![A-Za-z0-9_])/crypto_pk_get_rsa_/g;
s/(?<![A-Za-z0-9_])_DIR_CONN_STATE_MAX(?![A-Za-z0-9_])/DIR_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_DIR_CONN_STATE_MIN(?![A-Za-z0-9_])/DIR_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_DIR_PURPOSE_MAX(?![A-Za-z0-9_])/DIR_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_DIR_PURPOSE_MIN(?![A-Za-z0-9_])/DIR_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_dirreq_map_get(?![A-Za-z0-9_])/dirreq_map_get_/g;
s/(?<![A-Za-z0-9_])_dirreq_map_put(?![A-Za-z0-9_])/dirreq_map_put_/g;
s/(?<![A-Za-z0-9_])_dns_randfn(?![A-Za-z0-9_])/dns_randfn_/g;
s/(?<![A-Za-z0-9_])_dummy(?![A-Za-z0-9_])/dummy_/g;
s/(?<![A-Za-z0-9_])_edge(?![A-Za-z0-9_])/edge_/g;
s/(?<![A-Za-z0-9_])_END_CIRC_REASON_MAX(?![A-Za-z0-9_])/END_CIRC_REASON_MAX_/g;
s/(?<![A-Za-z0-9_])_END_CIRC_REASON_MIN(?![A-Za-z0-9_])/END_CIRC_REASON_MIN_/g;
s/(?<![A-Za-z0-9_])_EOF(?![A-Za-z0-9_])/EOF_/g;
s/(?<![A-Za-z0-9_])_ERR(?![A-Za-z0-9_])/ERR_/g;
s/(?<![A-Za-z0-9_])_escaped_val(?![A-Za-z0-9_])/escaped_val_/g;
s/(?<![A-Za-z0-9_])_evdns_log(?![A-Za-z0-9_])/evdns_log_/g;
s/(?<![A-Za-z0-9_])_evdns_nameserver_add_impl(?![A-Za-z0-9_])/evdns_nameserver_add_impl_/g;
s/(?<![A-Za-z0-9_])_EVENT_MAX(?![A-Za-z0-9_])/EVENT_MAX_/g;
s/(?<![A-Za-z0-9_])_EVENT_MIN(?![A-Za-z0-9_])/EVENT_MIN_/g;
s/(?<![A-Za-z0-9_])_ExcludeExitNodesUnion(?![A-Za-z0-9_])/ExcludeExitNodesUnion_/g;
s/(?<![A-Za-z0-9_])_EXIT_CONN_STATE_MAX(?![A-Za-z0-9_])/EXIT_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_EXIT_CONN_STATE_MIN(?![A-Za-z0-9_])/EXIT_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_EXIT_PURPOSE_MAX(?![A-Za-z0-9_])/EXIT_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_EXIT_PURPOSE_MIN(?![A-Za-z0-9_])/EXIT_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_extrainfo_free(?![A-Za-z0-9_])/extrainfo_free_/g;
s/(?<![A-Za-z0-9_])_find_by_keyword(?![A-Za-z0-9_])/find_by_keyword_/g;
s/(?<![A-Za-z0-9_])_free_cached_dir(?![A-Za-z0-9_])/free_cached_dir_/g;
s/(?<![A-Za-z0-9_])_free_cached_resolve(?![A-Za-z0-9_])/free_cached_resolve_/g;
s/(?<![A-Za-z0-9_])_free_duplicate_routerstatus_entry(?![A-Za-z0-9_])/free_duplicate_routerstatus_entry_/g;
s/(?<![A-Za-z0-9_])_free_link_history(?![A-Za-z0-9_])/free_link_history_/g;
s/(?<![A-Za-z0-9_])_geoip_compare_entries(?![A-Za-z0-9_])/geoip_compare_entries_/g;
s/(?<![A-Za-z0-9_])_geoip_compare_key_to_entry(?![A-Za-z0-9_])/geoip_compare_key_to_entry_/g;
s/(?<![A-Za-z0-9_])_hex_decode_digit(?![A-Za-z0-9_])/hex_decode_digit_/g;
s/(?<![A-Za-z0-9_])_idxplus1(?![A-Za-z0-9_])/idxplus1_/g;
s/(?<![A-Za-z0-9_])__libc_enable_secure(?![A-Za-z0-9_])/_libc_enable_secure_/g;
s/(?<![A-Za-z0-9_])_log_debug(?![A-Za-z0-9_])/log_debug_/g;
s/(?<![A-Za-z0-9_])_log_err(?![A-Za-z0-9_])/log_err_/g;
s/(?<![A-Za-z0-9_])_log_fn(?![A-Za-z0-9_])/log_fn_/g;
s/(?<![A-Za-z0-9_])_log_fn_function_name(?![A-Za-z0-9_])/log_fn_function_name_/g;
s/(?<![A-Za-z0-9_])_log_global_min_severity(?![A-Za-z0-9_])/log_global_min_severity_/g;
s/(?<![A-Za-z0-9_])_log_info(?![A-Za-z0-9_])/log_info_/g;
s/(?<![A-Za-z0-9_])_log_notice(?![A-Za-z0-9_])/log_notice_/g;
s/(?<![A-Za-z0-9_])_log_prefix(?![A-Za-z0-9_])/log_prefix_/g;
s/(?<![A-Za-z0-9_])_log_warn(?![A-Za-z0-9_])/log_warn_/g;
s/(?<![A-Za-z0-9_])_magic(?![A-Za-z0-9_])/magic_/g;
s/(?<![A-Za-z0-9_])_MALLOC_LOCK(?![A-Za-z0-9_])/MALLOC_LOCK_/g;
s/(?<![A-Za-z0-9_])_MALLOC_LOCK_INIT(?![A-Za-z0-9_])/MALLOC_LOCK_INIT_/g;
s/(?<![A-Za-z0-9_])_MALLOC_UNLOCK(?![A-Za-z0-9_])/MALLOC_UNLOCK_/g;
s/(?<![A-Za-z0-9_])_microdesc_eq(?![A-Za-z0-9_])/microdesc_eq_/g;
s/(?<![A-Za-z0-9_])_microdesc_hash(?![A-Za-z0-9_])/microdesc_hash_/g;
s/(?<![A-Za-z0-9_])_MIN_TOR_TLS_ERROR_VAL(?![A-Za-z0-9_])/MIN_TOR_TLS_ERROR_VAL_/g;
s/(?<![A-Za-z0-9_])_mm_free(?![A-Za-z0-9_])/mm_free_/g;
s/(?<![A-Za-z0-9_])_NIL(?![A-Za-z0-9_])/NIL_/g;
s/(?<![A-Za-z0-9_])_n_openssl_mutexes(?![A-Za-z0-9_])/n_openssl_mutexes_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_create_cb(?![A-Za-z0-9_])/openssl_dynlock_create_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_destroy_cb(?![A-Za-z0-9_])/openssl_dynlock_destroy_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_lock_cb(?![A-Za-z0-9_])/openssl_dynlock_lock_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_locking_cb(?![A-Za-z0-9_])/openssl_locking_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_mutexes(?![A-Za-z0-9_])/openssl_mutexes_/g;
s/(?<![A-Za-z0-9_])_option_abbrevs(?![A-Za-z0-9_])/option_abbrevs_/g;
s/(?<![A-Za-z0-9_])_option_vars(?![A-Za-z0-9_])/option_vars_/g;
s/(?<![A-Za-z0-9_])_OR_CONN_STATE_MAX(?![A-Za-z0-9_])/OR_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_OR_CONN_STATE_MIN(?![A-Za-z0-9_])/OR_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_OutboundBindAddressIPv4(?![A-Za-z0-9_])/OutboundBindAddressIPv4_/g;
s/(?<![A-Za-z0-9_])_OutboundBindAddressIPv6(?![A-Za-z0-9_])/OutboundBindAddressIPv6_/g;
s/(?<![A-Za-z0-9_])_PDS_PREFER_TUNNELED_DIR_CONNS(?![A-Za-z0-9_])/PDS_PREFER_TUNNELED_DIR_CONNS_/g;
s/(?<![A-Za-z0-9_])_port(?![A-Za-z0-9_])/port_/g;
s/(?<![A-Za-z0-9_])__progname(?![A-Za-z0-9_])/_progname_/g;
s/(?<![A-Za-z0-9_])_PublishServerDescriptor(?![A-Za-z0-9_])/PublishServerDescriptor_/g;
s/(?<![A-Za-z0-9_])_remove_old_client_helper(?![A-Za-z0-9_])/remove_old_client_helper_/g;
s/(?<![A-Za-z0-9_])_rend_cache_entry_free(?![A-Za-z0-9_])/rend_cache_entry_free_/g;
s/(?<![A-Za-z0-9_])_routerlist_find_elt(?![A-Za-z0-9_])/routerlist_find_elt_/g;
s/(?<![A-Za-z0-9_])_SafeLogging(?![A-Za-z0-9_])/SafeLogging_/g;
s/(?<![A-Za-z0-9_])_SHORT_FILE_(?![A-Za-z0-9_])/SHORT_FILE__/g;
s/(?<![A-Za-z0-9_])_state_abbrevs(?![A-Za-z0-9_])/state_abbrevs_/g;
s/(?<![A-Za-z0-9_])_state_vars(?![A-Za-z0-9_])/state_vars_/g;
s/(?<![A-Za-z0-9_])_t(?![A-Za-z0-9_])/t_/g;
s/(?<![A-Za-z0-9_])_t32(?![A-Za-z0-9_])/t32_/g;
s/(?<![A-Za-z0-9_])_test_op_ip6(?![A-Za-z0-9_])/test_op_ip6_/g;
s/(?<![A-Za-z0-9_])_thread1_name(?![A-Za-z0-9_])/thread1_name_/g;
s/(?<![A-Za-z0-9_])_thread2_name(?![A-Za-z0-9_])/thread2_name_/g;
s/(?<![A-Za-z0-9_])_thread_test_func(?![A-Za-z0-9_])/thread_test_func_/g;
s/(?<![A-Za-z0-9_])_thread_test_mutex(?![A-Za-z0-9_])/thread_test_mutex_/g;
s/(?<![A-Za-z0-9_])_thread_test_start1(?![A-Za-z0-9_])/thread_test_start1_/g;
s/(?<![A-Za-z0-9_])_thread_test_start2(?![A-Za-z0-9_])/thread_test_start2_/g;
s/(?<![A-Za-z0-9_])_thread_test_strmap(?![A-Za-z0-9_])/thread_test_strmap_/g;
s/(?<![A-Za-z0-9_])_tor_calloc(?![A-Za-z0-9_])/tor_calloc_/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_INTERNAL(?![A-Za-z0-9_])/TOR_CHANNEL_INTERNAL_/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_EWMA_C(?![A-Za-z0-9_])/TOR_CIRCUITMUX_EWMA_C_/g;
s/(?<![A-Za-z0-9_])_tor_free(?![A-Za-z0-9_])/tor_free_/g;
s/(?<![A-Za-z0-9_])_tor_malloc(?![A-Za-z0-9_])/tor_malloc_/g;
s/(?<![A-Za-z0-9_])_tor_malloc_zero(?![A-Za-z0-9_])/tor_malloc_zero_/g;
s/(?<![A-Za-z0-9_])_tor_memdup(?![A-Za-z0-9_])/tor_memdup_/g;
s/(?<![A-Za-z0-9_])_tor_realloc(?![A-Za-z0-9_])/tor_realloc_/g;
s/(?<![A-Za-z0-9_])_tor_strdup(?![A-Za-z0-9_])/tor_strdup_/g;
s/(?<![A-Za-z0-9_])_tor_strndup(?![A-Za-z0-9_])/tor_strndup_/g;
s/(?<![A-Za-z0-9_])_TOR_TLS_SYSCALL(?![A-Za-z0-9_])/TOR_TLS_SYSCALL_/g;
s/(?<![A-Za-z0-9_])_TOR_TLS_ZERORETURN(?![A-Za-z0-9_])/TOR_TLS_ZERORETURN_/g;
s/(?<![A-Za-z0-9_])__USE_ISOC99(?![A-Za-z0-9_])/_USE_ISOC99_/g;
s/(?<![A-Za-z0-9_])_UsingTestNetworkDefaults(?![A-Za-z0-9_])/UsingTestNetworkDefaults_/g;
s/(?<![A-Za-z0-9_])_val(?![A-Za-z0-9_])/val_/g;
s/(?<![A-Za-z0-9_])_void_for_alignment(?![A-Za-z0-9_])/void_for_alignment_/g;

==============================
2012-10-12 12:22:13 -04:00
Nick Mathewson
0cb921f3e9 Convert all include-guard macros to avoid reserved identifiers.
In C, we technically aren't supposed to define our own things that
start with an underscore.

This is a purely machine-generated commit.  First, I ran this script
on all the headers in src/{common,or,test,tools/*}/*.h :
==============================

use strict;

my %macros = ();
my %skipped = ();
FILE: for my $fn (@ARGV) {
    my $f = $fn;
    if ($fn !~ /^\.\//) {
	$f = "./$fn";
    }
    $skipped{$fn} = 0;
    open(F, $fn);
    while (<F>) {
	if (/^#ifndef ([A-Za-z0-9_]+)/) {
	    $macros{$fn} = $1;
	    next FILE;
	}
    }
}

print "#!/usr/bin/perl -w -i -p\n\n";
for my $fn (@ARGV) {
    if (! exists $macros{$fn}) {
	print "# No macro known for $fn!\n" if (!$skipped{$fn});
	next;
    }
    if ($macros{$fn} !~ /_H_?$/) {
	print "# Weird macro for $fn...\n";
    }
    my $goodmacro = uc $fn;
    $goodmacro =~ s#.*/##;
    $goodmacro =~ s#[\/\-\.]#_#g;
    print "s/(?<![A-Za-z0-9_])$macros{$fn}(?![A-Za-z0-9_])/TOR_${goodmacro}/g;\n"
}
==============================

It produced the following output, which I then re-ran on those same files:

==============================

s/(?<![A-Za-z0-9_])_TOR_ADDRESS_H(?![A-Za-z0-9_])/TOR_ADDRESS_H/g;
s/(?<![A-Za-z0-9_])_TOR_AES_H(?![A-Za-z0-9_])/TOR_AES_H/g;
s/(?<![A-Za-z0-9_])_TOR_COMPAT_H(?![A-Za-z0-9_])/TOR_COMPAT_H/g;
s/(?<![A-Za-z0-9_])_TOR_COMPAT_LIBEVENT_H(?![A-Za-z0-9_])/TOR_COMPAT_LIBEVENT_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONTAINER_H(?![A-Za-z0-9_])/TOR_CONTAINER_H/g;
s/(?<![A-Za-z0-9_])_TOR_CRYPTO_H(?![A-Za-z0-9_])/TOR_CRYPTO_H/g;
s/(?<![A-Za-z0-9_])TOR_DI_OPS_H(?![A-Za-z0-9_])/TOR_DI_OPS_H/g;
s/(?<![A-Za-z0-9_])_TOR_MEMAREA_H(?![A-Za-z0-9_])/TOR_MEMAREA_H/g;
s/(?<![A-Za-z0-9_])_TOR_MEMPOOL_H(?![A-Za-z0-9_])/TOR_MEMPOOL_H/g;
s/(?<![A-Za-z0-9_])TOR_PROCMON_H(?![A-Za-z0-9_])/TOR_PROCMON_H/g;
s/(?<![A-Za-z0-9_])_TOR_TORGZIP_H(?![A-Za-z0-9_])/TOR_TORGZIP_H/g;
s/(?<![A-Za-z0-9_])_TOR_TORINT_H(?![A-Za-z0-9_])/TOR_TORINT_H/g;
s/(?<![A-Za-z0-9_])_TOR_LOG_H(?![A-Za-z0-9_])/TOR_TORLOG_H/g;
s/(?<![A-Za-z0-9_])_TOR_TORTLS_H(?![A-Za-z0-9_])/TOR_TORTLS_H/g;
s/(?<![A-Za-z0-9_])_TOR_UTIL_H(?![A-Za-z0-9_])/TOR_UTIL_H/g;
s/(?<![A-Za-z0-9_])_TOR_BUFFERS_H(?![A-Za-z0-9_])/TOR_BUFFERS_H/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_H(?![A-Za-z0-9_])/TOR_CHANNEL_H/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_TLS_H(?![A-Za-z0-9_])/TOR_CHANNELTLS_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITBUILD_H(?![A-Za-z0-9_])/TOR_CIRCUITBUILD_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITLIST_H(?![A-Za-z0-9_])/TOR_CIRCUITLIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_EWMA_H(?![A-Za-z0-9_])/TOR_CIRCUITMUX_EWMA_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_H(?![A-Za-z0-9_])/TOR_CIRCUITMUX_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITUSE_H(?![A-Za-z0-9_])/TOR_CIRCUITUSE_H/g;
s/(?<![A-Za-z0-9_])_TOR_COMMAND_H(?![A-Za-z0-9_])/TOR_COMMAND_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONFIG_H(?![A-Za-z0-9_])/TOR_CONFIG_H/g;
s/(?<![A-Za-z0-9_])TOR_CONFPARSE_H(?![A-Za-z0-9_])/TOR_CONFPARSE_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONNECTION_EDGE_H(?![A-Za-z0-9_])/TOR_CONNECTION_EDGE_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONNECTION_H(?![A-Za-z0-9_])/TOR_CONNECTION_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONNECTION_OR_H(?![A-Za-z0-9_])/TOR_CONNECTION_OR_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONTROL_H(?![A-Za-z0-9_])/TOR_CONTROL_H/g;
s/(?<![A-Za-z0-9_])_TOR_CPUWORKER_H(?![A-Za-z0-9_])/TOR_CPUWORKER_H/g;
s/(?<![A-Za-z0-9_])_TOR_DIRECTORY_H(?![A-Za-z0-9_])/TOR_DIRECTORY_H/g;
s/(?<![A-Za-z0-9_])_TOR_DIRSERV_H(?![A-Za-z0-9_])/TOR_DIRSERV_H/g;
s/(?<![A-Za-z0-9_])_TOR_DIRVOTE_H(?![A-Za-z0-9_])/TOR_DIRVOTE_H/g;
s/(?<![A-Za-z0-9_])_TOR_DNS_H(?![A-Za-z0-9_])/TOR_DNS_H/g;
s/(?<![A-Za-z0-9_])_TOR_DNSSERV_H(?![A-Za-z0-9_])/TOR_DNSSERV_H/g;
s/(?<![A-Za-z0-9_])TOR_EVENTDNS_TOR_H(?![A-Za-z0-9_])/TOR_EVENTDNS_TOR_H/g;
s/(?<![A-Za-z0-9_])_TOR_GEOIP_H(?![A-Za-z0-9_])/TOR_GEOIP_H/g;
s/(?<![A-Za-z0-9_])_TOR_HIBERNATE_H(?![A-Za-z0-9_])/TOR_HIBERNATE_H/g;
s/(?<![A-Za-z0-9_])_TOR_MAIN_H(?![A-Za-z0-9_])/TOR_MAIN_H/g;
s/(?<![A-Za-z0-9_])_TOR_MICRODESC_H(?![A-Za-z0-9_])/TOR_MICRODESC_H/g;
s/(?<![A-Za-z0-9_])_TOR_NETWORKSTATUS_H(?![A-Za-z0-9_])/TOR_NETWORKSTATUS_H/g;
s/(?<![A-Za-z0-9_])_TOR_NODELIST_H(?![A-Za-z0-9_])/TOR_NODELIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_NTMAIN_H(?![A-Za-z0-9_])/TOR_NTMAIN_H/g;
s/(?<![A-Za-z0-9_])_TOR_ONION_H(?![A-Za-z0-9_])/TOR_ONION_H/g;
s/(?<![A-Za-z0-9_])_TOR_OR_H(?![A-Za-z0-9_])/TOR_OR_H/g;
s/(?<![A-Za-z0-9_])_TOR_POLICIES_H(?![A-Za-z0-9_])/TOR_POLICIES_H/g;
s/(?<![A-Za-z0-9_])_TOR_REASONS_H(?![A-Za-z0-9_])/TOR_REASONS_H/g;
s/(?<![A-Za-z0-9_])_TOR_RELAY_H(?![A-Za-z0-9_])/TOR_RELAY_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDCLIENT_H(?![A-Za-z0-9_])/TOR_RENDCLIENT_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDCOMMON_H(?![A-Za-z0-9_])/TOR_RENDCOMMON_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDMID_H(?![A-Za-z0-9_])/TOR_RENDMID_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDSERVICE_H(?![A-Za-z0-9_])/TOR_RENDSERVICE_H/g;
s/(?<![A-Za-z0-9_])_TOR_REPHIST_H(?![A-Za-z0-9_])/TOR_REPHIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_REPLAYCACHE_H(?![A-Za-z0-9_])/TOR_REPLAYCACHE_H/g;
s/(?<![A-Za-z0-9_])_TOR_ROUTER_H(?![A-Za-z0-9_])/TOR_ROUTER_H/g;
s/(?<![A-Za-z0-9_])_TOR_ROUTERLIST_H(?![A-Za-z0-9_])/TOR_ROUTERLIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_ROUTERPARSE_H(?![A-Za-z0-9_])/TOR_ROUTERPARSE_H/g;
s/(?<![A-Za-z0-9_])TOR_ROUTERSET_H(?![A-Za-z0-9_])/TOR_ROUTERSET_H/g;
s/(?<![A-Za-z0-9_])TOR_STATEFILE_H(?![A-Za-z0-9_])/TOR_STATEFILE_H/g;
s/(?<![A-Za-z0-9_])_TOR_STATUS_H(?![A-Za-z0-9_])/TOR_STATUS_H/g;
s/(?<![A-Za-z0-9_])TOR_TRANSPORTS_H(?![A-Za-z0-9_])/TOR_TRANSPORTS_H/g;
s/(?<![A-Za-z0-9_])_TOR_TEST_H(?![A-Za-z0-9_])/TOR_TEST_H/g;
s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_H/g;
s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_NATPMP_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_NATPMP_H/g;
s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_UPNP_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_UPNP_H/g;
==============================
2012-10-12 12:13:10 -04:00
Nick Mathewson
0d9c336a87 Add guard macro for eventdns_tor.h 2012-10-12 12:08:53 -04:00
Andrea Shepard
9c605ecb7e Install correct incoming cell handlers on reachability testing channels
Fix for bug 7086.
2012-10-12 10:02:13 -04:00
Andrea Shepard
3a33b1fe3b Merge branch 'move_contrib_source' of git://git.torproject.org/nickm/tor 2012-10-11 15:55:26 -07:00
Nick Mathewson
63f542a5c2 Move all externally maintained source files into src/ext
The rationale for treating these files differently is that we should
be checking upstream for changes as applicable, and merging changes
upstream as warranted.
2012-10-11 17:22:03 -04:00
Nick Mathewson
a45760b53b Make very sure to handle cells in-order on channels.
Fix on code for 6465, not yet in any release.
2012-10-11 00:35:58 -04:00
Nick Mathewson
7ea904cbc0 Merge branch 'bug7011'
Conflicts:
	src/or/circuitbuild.c

The conflict was trivial, since no line of code actually changed in
both branches: There was a fmt_addr() that turned into fmt_addrport()
in bug7011, and a "if (!n_conn)" that turned into "if (!n_chan)" in
master.
2012-10-10 22:31:06 -04:00
David Fifield
8b3f3fb86e Use fmt_addrport in pt_get_extra_info_descriptor_string.
This patch is by asn.
https://trac.torproject.org/projects/tor/ticket/7011#comment:11
2012-10-10 22:25:30 -04:00
David Fifield
8419d18441 Use fmt_addrport where appropriate.
This is mostly a conversion from this pattern:
	log("... %s:%d ...", fmt_and_decorate_addr(&addr), port);
to this:
	log("... %s ...", fmt_addrport(&addr, port));

The output is the same in all cases.
2012-10-10 22:25:30 -04:00
David Fifield
4b0a039cb8 Use fmt_and_decorate_addr in extra-info "transport" lines.
Apparently BridgeDB is already expecting transport lines to be formatted
thus; see https://trac.torproject.org/projects/tor/ticket/7011#comment:12 ff.
It may be that there are no extant IPv6 pluggable transport bridges yet,
so this didn't cause a problem.
2012-10-10 22:25:29 -04:00
David Fifield
5cbf0f2106 Use fmt_and_decorate_addr in TransportProxy statefile entry.
state_transport_line_is_valid calls tor_addr_port_lookup, which expects
brackets around an IPv6 address. Without this, cached transport
addresses can't be parsed later:

[warn] state: Could not parse addrport.
[warn] state: State file seems to be broken.

See #7011.
2012-10-10 22:25:29 -04:00
David Fifield
41328c7009 Decorate addresses given to a HTTP CONNECT proxy.
This affects the Request-URI and the value of the Host header. RFC 2616
doesn't directly address the formatting of IPv6 addresses, but it
delegates some productions to RFC 2396 "Uniform Resource Identifiers
(URI): Generic Syntax," which is obsoleted by RFC 3986, which requires
square brackets for IPv6 addresses in both places.

I tested this with
	HTTPSProxy 127.0.0.1:8000
	Bridge <IPv6 bridge>
	UseBridges 1
and an Ncat HTTP proxy:
	ncat --proxy-type http -l 8000 -vvv

https://tools.ietf.org/html/rfc2616#section-3.2.1
https://tools.ietf.org/html/rfc2616#section-5.1.2
https://tools.ietf.org/html/rfc2616#section-14.23
https://tools.ietf.org/html/rfc3986#section-3.2.2
2012-10-10 22:25:29 -04:00
David Fifield
34c6ee7e9b Use fmt_and_decorate_addr in log messages. 2012-10-10 22:25:29 -04:00
Andrea Shepard
8b36d4cc2a Merge branch 'bug6816_squashed_nowarn' of git://git.torproject.org/nickm/tor 2012-10-10 18:53:38 -07:00
Nick Mathewson
bd28322d38 Remove variables; fix gcc 4.7 warnings
My GCC warns when variables are assigned to but never used.  There
were a few like that in the 6816/6465 branches.
2012-10-10 21:25:52 -04:00
Andrea Shepard
5543c5b202
Fix formatting in various places after 6465/6816 work 2012-10-10 00:48:36 -07:00
Andrea Shepard
217352c362 Make channel_flush_some_cells() compile cleanly on machines with ssize_t larger than int per sjumrdoch comment 2012-10-10 00:44:47 -07:00
Andrea Shepard
bec776480d Don't remove circuitmux hash table entries in circuitmux_detach_circuit() until after circuitmux_make_circuit_inactive() 2012-10-10 00:44:47 -07:00
Andrea Shepard
1bc9a040f7 Fix 'warning: circuit was already inactive' and assert in circuitmux_make_circuit_inactive() during circuitmux_detach_all_circuits() 2012-10-10 00:44:47 -07:00
Andrea Shepard
c9e48ded5d Bring summary comment block in circuitmux.c up to date 2012-10-10 00:44:47 -07:00
Andrea Shepard
49d534e524 New and improved circuitmux_detach_all_circuits(), now without the stupid 2012-10-10 00:44:47 -07:00
Andrea Shepard
c9607694c9 Correctly set magic numbers on ewma policy data/circuit data when allocating 2012-10-10 00:44:47 -07:00
Andrea Shepard
9d615cc5c0 Set circuitmux policy on existing active channels when ewma_enabled changes 2012-10-10 00:44:47 -07:00
Andrea Shepard
bb62281ba4 Set circuitmux policy on new channels in channeltls.c 2012-10-10 00:44:47 -07:00
Andrea Shepard
0c4f717b3e Implement cell_ewma_enabled() 2012-10-10 00:44:47 -07:00
Andrea Shepard
8afe41b481 Implement channel_set_cmux_policy_everywhere() 2012-10-10 00:44:46 -07:00
Andrea Shepard
13972aee78 Fix broken circuitmux_move_active_circ_to_tail(); don't assume n_chan is not NULL in circuitmux_detach_circuit() 2012-10-10 00:44:46 -07:00
Andrea Shepard
903cc8acd1 Allow n_chan to be NULL in circuitmux_find_map_entry(); it can be but with non-NULL p_chan when extending a circuit 2012-10-10 00:44:46 -07:00
Andrea Shepard
a0200c1f6e Use circuit_get_by_circid_channel_even_if_marked() and fix some asserts in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
1498a6e84a Fix some circuitmux-related asserts in relay.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
b28119e6a8 Fix detach when setting circuit ID to 0 bug in circuit_set_circid_chan_helper() and add circuit_get_by_circid_channel_even_if_marked() 2012-10-10 00:44:46 -07:00
Andrea Shepard
c097fb33fc Detach circuits from circuitmux early when freeing channel so they can find the channel by ID 2012-10-10 00:44:46 -07:00
Andrea Shepard
3d092ffbdd Handle closing circuits correctly with circuitmux_t 2012-10-10 00:44:46 -07:00
Andrea Shepard
6830c9c232 Add a bunch of paranoid-mode expensive asserts incircuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
7598e669e8 Adjust the circuitmux_t counter correctly in circuitmux_notify_xmit_cells() 2012-10-10 00:44:46 -07:00
Andrea Shepard
96a6eff8fe Fix circuitmux attach/detach logic in circuit_set_circid_chan_helper(); it's possible for id to be zero (not assigned yet) and shouldn't be attached then 2012-10-10 00:44:46 -07:00
Andrea Shepard
60ec46a2ec Update circuitmux-related TODOs in channeltls.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
2565710fd7 Fix comment on circuit_t.n_hop and remove circuitmux TODO in or.h 2012-10-10 00:44:46 -07:00
Andrea Shepard
bbb2c31d26 Move all EWMA code into circuitmux.c and implement circuitmux_policy_t methods using it 2012-10-10 00:44:46 -07:00
Andrea Shepard
0af2eab9a2 Add circuitmux.h, circuitmux_ewma.h includes now necessary in networkstatus.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
d194b8602a Remove cell_ewma_t from or.h and from circuit_t/or_circuit_t; all that goes to the new circuitmux_ewma.c now 2012-10-10 00:44:46 -07:00
Andrea Shepard
5f9d37e74e Add circuitmux.h, circuitmux_ewma.h includes now necessary in config.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
14fe0d5859 Remove EWMA code from relay.{c,h}; it goes to a circuitmux policy now 2012-10-10 00:44:46 -07:00
Andrea Shepard
b7d5784c54 Remove ewma setup code in init_circuit_base()/or_circuit_new() of circuitlist.c; it gets allocated when the circuit is attached to a circuitmux_t with that policy now 2012-10-10 00:44:46 -07:00
Andrea Shepard
e1de2f1437 Add upcasts for circuitmux_policy_data_t and circuitmux_policy_circ_data_t to circuitmux.h 2012-10-10 00:44:46 -07:00
Andrea Shepard
184560c4f6 Add initial circuitmux_ewma.{c,h} 2012-10-10 00:44:46 -07:00
Andrea Shepard
34591c61ef Implement circuitmux_assert_okay() and helper functions in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
4a14c6aa67 Implement circuitmux_get_first_active_circuit() in circuitmux.c; add pick_active_circuit() to circuitmux_policy_t in circuitmux.h 2012-10-10 00:44:46 -07:00
Andrea Shepard
c4e5e4727d Add comment for circuitmux_notify_xmit_cells() in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
741bc97b24 Add comment for circuitmux_move_active_circ_to_tail() in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
aff77eb1a9 Implement circuitmux_notify_xmit_cells() and circuitmux_move_active_circ_to_tail() helper in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
debef8f0cd Consistently allow policy alloc_cmux_data() and alloc_circ_data() functions to return NULL if the policy does not use this in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
86d9d85dfc Implement circuitmux_clear_policy(), circuitmux_get_policy() and circuitmux_set_policy() in circuitmux.c 2012-10-10 00:44:45 -07:00
Andrea Shepard
eade7a37cd Add cmux policy notify_set_n_cells() and notify_xmit_cells() callbacks 2012-10-10 00:44:45 -07:00
Andrea Shepard
930e3d611a Allocate and free circuit-specific policy data in the right places 2012-10-10 00:44:45 -07:00
Andrea Shepard
851734d324 Implement circuitmux policy basic notifications mechanism 2012-10-10 00:44:45 -07:00
Andrea Shepard
35f5259df4 Eliminate linked list helper functions in relay.c which are no longer used 2012-10-10 00:44:45 -07:00
Andrea Shepard
38fa3b7e44 Implement circuitmux_make_circuit_inactive(), circuitmux_make_circuit_active() and linked list helper functions in circuitmux.c 2012-10-10 00:44:45 -07:00
Andrea Shepard
fd31dd440c Implement circuitmux_detach_all_circuits() in circuitmux.c 2012-10-10 00:43:18 -07:00
Andrea Shepard
9da04141e2 Implement circuitmux_is_circuit_active(), circuitmux_num_cells_for_circuit(), circuitmux_num_cells(), circuitmux_num_active_circuits() and circuitmux_num_circuits() in circuitmux.c 2012-10-10 00:43:18 -07:00
Andrea Shepard
a9deec3550 Implement circuitmux_clear_num_cells() and circuitmux_set_num_cells() in circuitmux.c, remove unneeded circuitmux_add_to_num_cells() from circuitmux.h 2012-10-10 00:43:18 -07:00
Andrea Shepard
8004448635 Handle n_mux/p_mux properly in circuitmux.c 2012-10-10 00:43:18 -07:00
Andrea Shepard
c3ebd0340c Implement circuitmux_detach_circuit() in circuitmux.c 2012-10-10 00:43:17 -07:00
Andrea Shepard
7e5c358d38 Implement circuitmux_attached_circuit_direction(), circuitmux_find_map_entry() and circuitmux_is_circuit_attached() in circuitmux.c 2012-10-10 00:41:55 -07:00
Andrea Shepard
3c41d7f414 Implement circuitmux_attach_circuit() in circuitmux.c 2012-10-10 00:41:49 -07:00
Andrea Shepard
e4a11b890e Implement circuitmux_alloc()/circuitmux_free() and chanid/circid->muxinfo hash table 2012-10-10 00:40:10 -07:00
Andrea Shepard
b208539b80 Use circuitmux_t in channels and when relaying cells 2012-10-10 00:40:06 -07:00
Andrea Shepard
c684076fc7 Add circuitmux.c, circuitmux.h 2012-10-10 00:39:11 -07:00
Andrea Shepard
bddfb9ffa8 Add magic number for type-checking channel casts 2012-10-09 23:19:53 -07:00
Andrea Shepard
f00b44ef8c Improve comments on channel_write_*() 2012-10-09 23:19:53 -07:00
Andrea Shepard
1c3362dcdc Use cell_queue_entry_new/free() functions in channel.c 2012-10-09 23:19:53 -07:00
Andrea Shepard
53454fad95 Set reason_for_closing when erroring out of channel_tls_connect() 2012-10-09 23:19:53 -07:00
Andrea Shepard
3f4b95b1a3 Split channel_t into channel_t and channel_listener_t; get rid of that big union 2012-10-09 23:19:53 -07:00
George Kadianakis
634d24c588 Don't call fmt_addr() twice in a parameter list. 2012-10-09 23:49:56 -04:00
George Kadianakis
721f99e495 Don't call fmt_addr() twice in a parameter list. 2012-10-09 23:46:04 -04:00
Andrea Shepard
6391f963fb
Conform to existing Doxygen style 2012-10-08 21:30:07 -07:00
Andrea Shepard
06a76d1db4
Refactor channel_write_cell()/channel_write_packed_cell()/channel_write_var_cell() to eliminate redundant code 2012-10-08 21:16:59 -07:00
Andrea Shepard
89a00ee63a
Use typedefs for function pointer return values and s/listener/listener_fn/ for distinctness 2012-10-08 20:49:19 -07:00
Andrea Shepard
ee4e88e4d9
s/cell_queue/incoming_queue/g in channel.c for consistency with outgoing_queue 2012-10-08 20:20:28 -07:00
Andrea Shepard
4686638743
Fix typo in comment 2012-10-08 20:15:09 -07:00
Andrea Shepard
d61e58e1ba
s/channel_request_close()/channel_mark_for_close()/g for consistency 2012-10-08 20:14:04 -07:00
Andrea Shepard
8a41dd20cb
Make channel_force_free() static 2012-10-08 20:10:13 -07:00
Andrea Shepard
123a08e4a3
Simplify channel_next_with_digest() in channel.c 2012-10-08 20:08:18 -07:00
Andrea Shepard
e877d02fdd
Eliminate unnecessary channel_set_cell_handler(), channel_set_var_cell_handler() in channel.c 2012-10-08 20:06:40 -07:00
Andrea Shepard
17356fe7fd
Eliminate unnecessary SMARTLIST_DEL_CURRENT() invocations in channel.c, channeltls.c 2012-10-08 20:02:42 -07:00
Andrea Shepard
bb92a2d7a8
Remove orphaned comment in channel_flush_some_cells_from_outgoing_queue() 2012-10-08 19:54:47 -07:00
Andrea Shepard
341928c807
Simplify channel_find_by_remote_digest() 2012-10-08 19:53:05 -07:00
Andrea Shepard
965c9de498
Abolish superfluous channel_find_by_remote_nickname() 2012-10-08 19:52:04 -07:00
Andrea Shepard
64e6f6687c
channel_free() should be a no-op 2012-10-08 19:50:41 -07:00
Andrea Shepard
e709fe320a Use U64_FORMAT/U64_PRINTF_ARG rather than %lu for channel_t 2012-10-08 19:48:06 -07:00
Andrea Shepard
71ba517e0c
Check return value from connection_or_connect() in channel_tls_connect()
It's possible for connection_or_connect() to fail and return NULL after it
sets tlschan->conn, so not checking leaves a channel hanging around in
CHANNEL_STATE_OPENING with a pointer to a freed or_connection_t forever.
2012-10-08 18:24:04 -07:00
Andrea Shepard
7138a4adac Keep better statistics about channels and dump them from dumpstats() on SIGUSR1 2012-10-08 03:06:09 -07:00
Andrea Shepard
a9a75ee59a Call channel_tls_free_all() and channel_free_all() from tor_free_all in main.c 2012-10-08 03:06:09 -07:00
Andrea Shepard
72251385b0 Call connection_or_close_normally() rather than using connection_mark_for_close()/connection_mark_and_flush() in run_connection_housekeeping() of main.c so that channels get sent to the CLOSING state correctly (avoids an assert otherwise) 2012-10-08 03:06:09 -07:00
Andrea Shepard
07f9e8fc7d Call channel_run_cleanup() in main.c, and include a comment explaining how closing or_connections related to channels 2012-10-08 03:06:09 -07:00
Andrea Shepard
cb62a0b69a Use channel_is_bad_for_new_circs(), connection_or_get_num_circs() in main.c 2012-10-08 03:06:09 -07:00
Andrea Shepard
9ad7ba9f22 Use connection_or_get_num_circuits() in control.c 2012-10-08 03:06:09 -07:00
Andrea Shepard
f0f87cb68a Convert rendmid.c to channel_t 2012-10-08 03:06:09 -07:00
Andrea Shepard
28f108bcce Use dirreq_id from channel_t when appropriate 2012-10-08 03:06:09 -07:00
Andrea Shepard
8b14db9628 Switch onion.c over to channel_t 2012-10-08 03:06:09 -07:00
Andrea Shepard
77dac97354 Use channel_t in cpuworker.c
Note: this is a squashed commit; see branch bug6465_rebased_v2 of user/andrea/tor.git for full history of the following 2 commits:

Use channel_t in cpuworker.c
Fix bug in channel_t usage in cpuworker.c that was killing relaying on channel_t-ized Tor.  The tags passed to the worker now have a channel ID, not a connection ID.
2012-10-08 03:06:09 -07:00
Andrea Shepard
6cce6241dd Query circuit count from associated channel of or_conn in control.c 2012-10-08 03:06:09 -07:00
Andrea Shepard
35924435d2 Make reachabiity test in dirserv.c use channel_t 2012-10-08 03:06:07 -07:00
Andrea Shepard
e136f7ccb4 Convert relay.c/relay.h to channel_t
Note: this is a squashed commit; see branch bug6465_rebased_v2 of user/andrea/tor.git for full history of the following 10 commits:

Convert relay.c/relay.h to channel_t
Updating the timestamp if n_flushed > 0 at the end of channel_flush_from_first_active_circuit() was redundant since channel_write_cell() et al. do it themselves.
Get rid of now-unnecessary time parameter in channel_flush_from_first_active_circuit()
Get rid of now-unnecessary time parameter in channel_flush_from_first_active_circuit() in connection_or.c
Add non-inlined external call for channeltls.c to free a packed_cell_t
Appease make check-spaces in relay.c
Replace channel_get_write_queue_len() with sufficient and easier to implement channel_has_queued_writes() in relay.c
Rename channel_touched_by_client() and client_used field for consistency with other timestamps in relay.c
Don't double-free packed cells in relay.c (channel_t Tor now bootstraps and works as a client)
Rearrange channel_t struct to use a union distinguishing listener from cell-bearing channels in relay.c
2012-10-08 03:05:26 -07:00
Andrea Shepard
4768c0efe3 Support channel_t in connection_edge.c 2012-10-08 03:05:00 -07:00
Andrea Shepard
519c971f6a Use channel_t in cmd.c 2012-10-08 03:05:00 -07:00
Andrea Shepard
32337502f1 Use channel_t rather than or_connection_t for circuits 2012-10-08 03:04:58 -07:00
Andrea Shepard
15303c32ec Initial channeltls.c/channeltls.h for bug 6465 2012-10-08 03:04:00 -07:00
Andrea Shepard
7f952da553 Fix make check-spaces in circuitbuild.c and router.h 2012-10-08 03:04:00 -07:00
Andrea Shepard
838743654c Add channel.c/channel.h for bug 6465
Note: this is a squashed commit; see branch bug6465_rebased_v2 of user/andrea/tor.git for full history of the following 90 commits:

Add channel.c/channel.h for bug 6465
Fix make check-spaces in new channel.c/channel.h
Make sure new channel.h is in nodist_HEADERS and Makefile.nmake is up to date too
Add channel_state_t and state utility functions
Add channel_change_state()
Better comments in channel.h
Add CHANNEL_STATE_LISTENING for channel_t
Fix wide line in channel.c
Add structures/prototypes for incoming cell handling
Implement channel_queue_cell() and channel_queue_var_cell()
Implement channel_process_cells()
Fix asserts in channel_queue_cell() and channel_queue_var_cell()
Add descriptive comments for channel_queue_cell() and channel_queue_var_cell()
Implement channel cell handler getters/setters
Queue outgoing writes when not in writeable state
Drain queues and test assertions when changing channel_t state
Add log_debug() messages for channel_t stuff
Add log_debug() messages for channel_t stuff
Add some channel_t metadata
Add time_t client_used to channel_t
Add channel_touched_by_client()
Declare a few channel_t metadata queries we'll have to implement later for use by circuitbuild.c
Add next_circ_id/circ_id_type to channel_t for use by circuitbuild.c
Count n_circuits in channel_t
Channel timestamp calls
Add create timestamp for channel.h
Declare some new metadata queries on channel_t
Add get_real_remote_descr() prototype
Move active_circuits stuff to channel_t, some other or.h and channel.h changes
Make channel_t refcounted and use global lists of active channels
Update channel_request_close() and channel_change_state() for channel_t registration mechanism
Handle closing channels sensibly
Add global_identifier for channels, channel_init() internal use function
Add timestamp_last_added_nonpadding to channel_t
Better comments in channel_init()
Correctly handle next_circ_id in channel_init()
Correctly handle next_circ_id in channel_init() and even compile this time
Appease make check-spaces
Update timestamps when writing cells to channel_t
Add channel_flush_some_cells() to call channel_flush_from_first_active_circuit()
Add registered channel lookup functions
Get rid of client_used in or_connection_t; it's in channel_t now
Get rid of circ_id_type in or_connection_t; implement channel_set_circ_id_type()
Eliminate is_bad_for_new_circs in or_connection_t; implement getter/setter for it in channel_t
Eliminate next_circ_id in or_connection_t in favor of channel_t
Handle packed cells in channel_t for relay.c
Add channel_identity_map and related functions
Handle add/remove from channel identity map on state transitions
Implement channel_is_local() and channel_mark_local()
Implement channel_is_client() and channel_mark_client()
Implement channel_is_outgoing() and channel_mark_outgoing()
Eliminate declaration for redundant channel_nonopen_was_started_here()
Add channel timestamps
Add channel timestamps, fix some make-check-spaces complaints
Remove redundant channel_was_started_here() function and initiated_remotely bit
Rename channel_get_remote_descr()/channel_get_real_remote_descr() to something clearer in channel.h
Replace channel_get_write_queue_len() with sufficient and easier to implement channel_has_queued_writes() in channel.h
Change return type of channel_is_bad_for_new_circs() to int for consistency
Implement channel_has_queued_writes()
Rename channel_touched_by_client() and client_used field for consistency with other timestamps in channel.{c,h}
Implement channel_get_actual_remote_descr() and channel_get_canonical_remote_descr() in channel.{c,h}
Implement channel_matches_extend_info() in channel.{c,h}
Implement channel_get_for_extend() and channel_is_better() in channel.{c,h}
Make channel_is_better() public in channel.{c,h}
Implement channel_matches_target_addr_for_extend() in channel.{c,h}
Implement channel_is_canonical_is_reliable() in channel.{c,h}
Demoronize get_remote_descr() method prototype - what the hell was I thinking there?
Timestamp channels in the right places in channel.c
Add missing tor_assert() in channel.c
Check if the lower layer accepted a cell in channel_write_cell() et al. of channel.c
Implement channel_flush_cells() in channel.c (w00t, it builds at last)
Call channel_timestamp_drained() at the right places in channel.c
Implement channel_run_cleanup()
Support optional channel_get_remote_addr() method and use it for GeoIP in channel_do_open_actions()
Get rid of channel refcounting; it'll be too complicated to handle it properly with all the pointers from circuits to channels, and closing from channel_run_cleanup() will work okay just like with connections
Doxygenate channel.c
Appease make check-spaces in channel.c
Fix superfluous semicolons in channel.c
Add/remove channels from identity digest map in all the right places in channel.c
The cell queues on channel_t must be empty when going to a CLOSED or ERROR state
Appease make check-spaces in channel.c
Add channel_clear/set_identity_digest() and some better logging to channel.{c,h}
Fix better logging to channel.c
Avoid SIGSEGV testing for queue emptiness in channel_flush_some_cells_from_outgoing_queue()
Remove TODO about checking cell queue in channel_free(); no need for it
Appease make check-spaces in channel.c
Add channel_free_all() and support functions
Check nullness of active_circuit_pqueue in channel_free()
Fix SMARTLIST_FOREACH_END usage in channel_process_cells()
Rearrange channel_t struct to use a union distinguishing listener from cell-bearing channels in channel.{c,h}
2012-10-08 03:03:58 -07:00
Roger Dingledine
016c21d871 Downgrade "Failed to hand off onionskin" messages
They're typically redundant with the "Your computer is too slow"
messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha.

(In retrospect, we should have fixed this bug back in ticket 1042.)
2012-10-05 13:35:13 -04:00
Nick Mathewson
be33c3f600 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-04 12:49:13 -04:00
Nick Mathewson
0a3dfd0423 Merge remote-tracking branch 'arma/bug7037' into maint-0.2.3 2012-10-04 12:46:33 -04:00
Nick Mathewson
91b18b12d9 Fix tabs in config.c 2012-10-04 10:34:46 -04:00
Nick Mathewson
03e4b5a9d7 Merge remote-tracking branch 'linus/bug6757' 2012-10-04 10:31:25 -04:00
Nick Mathewson
d9847165e0 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-04 10:05:55 -04:00
Roger Dingledine
10b43f4c46 pass the reason from the truncated cell to the controller
(rather than just always declaring that the reason is
END_CIRC_REASON_OR_CONN_CLOSED)

resolves bug 7039.
2012-10-03 23:56:34 -04:00
Roger Dingledine
e50fa0d6cb Refuse extra create cells with reason "resource limit"
In the past we had used reason "internal", which is more vague than
it needs to be. Resolves bug 7037.
2012-10-03 20:17:37 -04:00
Roger Dingledine
b1971d89c8 properly free the return values of rate_limit_log()
resolves bug 7022.
2012-10-03 13:15:27 -04:00
Roger Dingledine
05f6f8f26d actually use the rate-limiting string
previously we just allocated the string and then freed it.
2012-10-03 13:03:09 -04:00
Roger Dingledine
3d31771da9 Free some more still-in-use memory at exit 2012-10-03 12:46:09 -04:00
Roger Dingledine
65e85dba1b reformat; no actual changes 2012-10-02 21:03:01 -04:00
Roger Dingledine
0ca47825a7 and make the last commit compile 2012-10-02 20:50:57 -04:00
Nick Mathewson
78e8eb5f2d Fix compilation error left over from 1cbf45bed1. (Bug 7021) 2012-10-02 20:48:30 -04:00
Roger Dingledine
57b13ad5cc more consistently use [gs]et_uint8 2012-10-02 20:39:58 -04:00
Nick Mathewson
a80d8e09d3 The --version option should imply --quiet.
Patch from 'maker'.
2012-10-01 11:01:18 -04:00
Nick Mathewson
f128baf36c Add missing declaration so 6876 compiles 2012-09-28 12:03:37 -04:00
Nick Mathewson
5f494a363a Merge remote-tracking branch 'linus/enh6876_2' 2012-09-28 11:57:36 -04:00
Nick Mathewson
95d9f7e9cc Merge remote-tracking branch 'rransom/warn-about-hses-without-guards' 2012-09-25 12:39:00 -04:00
Roger Dingledine
dc014c9747 Merge branch 'maint-0.2.3' 2012-09-22 09:31:09 -04:00
Roger Dingledine
c88a4c51b4 add faravahar as our ninth v3 dir auth 2012-09-22 09:10:37 -04:00
Nick Mathewson
9d4c53534d Remove the testing_since* fields
They weren't actually used since 7a35dad00

Bug 5809
2012-09-21 22:05:09 -04:00
Nick Mathewson
b7fdb3a927 add changes file and whitespace fixes for bug 4020 2012-09-21 19:48:38 -04:00
Tom Fitzhenry
655782f302 Reinstate address in warning message when binding non-locally
bug4020

Signed-off-by: Tom Fitzhenry <tom@tom-fitzhenry.me.uk>
2012-09-21 19:44:49 -04:00
Linus Nordberg
613079fbc4 Don't leak msg when parse_virtual_addr_network() fails. 2012-09-20 17:15:15 +02:00
Linus Nordberg
1cbf45bed1 Make option OutboundBindAddress accept IPv6 addresses too.
Implements ticket 6786.
2012-09-20 17:09:25 +02:00
Linus Nordberg
ce553d4982 Have node_get_pref_orport() return an IPv6 OR port when UseBridges is set.
We used to never return an IPv6 address unless ClientUseIPv6 was
set. We should allow clients running with bridges use IPv6 OR ports
even without setting ClientUseIPv6. Configuring an IPv6 address in a
Bridge line should imply that.

Fixes th second part of #6757.
2012-09-19 17:18:06 +02:00
Linus Nordberg
9c5ba489d3 Set (and reset) node_t.ipv6_preferred for bridges based on Bridge lines.
We used to set it only when ClientPreferIPv6ORPort was set which seems
wrong.

Fixes one part of #6757.
2012-09-19 17:12:22 +02:00
Robert Ransom
38609f1354 Fix comment typo 2012-09-18 16:50:54 -04:00
Robert Ransom
130e899fbb Warn if HSes are configured on a client with UseEntryGuards disabled 2012-09-18 16:50:00 -04:00
Robert Ransom
d1c4cf2f5a Correct comment explaining why tor2web mode should disable entry guards 2012-09-18 16:38:01 -04:00
Mike Perry
acda1735fd Disable Guard usage for Tor2webMode.
Tor2webMode is fingerprintable by hidden services through repeated
usage of the same three guard nodes for its rend and intro points.
2012-09-18 16:21:35 -04:00
Nick Mathewson
704fd8bb02 Bump bug 6866 log messages back up to notice for 0.2.4 2012-09-18 16:21:24 -04:00
Nick Mathewson
920c76a2fc Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-18 16:20:01 -04:00
Nick Mathewson
aca325eb0c Whitespace fixes 2012-09-18 16:16:17 -04:00
Nick Mathewson
c35fad2bde Remove some deadcode for parsing v1 directories
Fixes bug 6887.  There are opportunities to remove more functions if
authorities can stop serving dummy v1 directory documents
2012-09-18 15:30:27 -04:00
Linus Nordberg
a989dbc3dc Print the correct address family in log printout.
Look at the address family of the preferred OR port rather than the
node.ipv6_preferred flag since the logic has changed with new
ClientUseIPv6 config option.

Fixes ticket 6884.
2012-09-18 14:41:14 +02:00
Mike Perry
4bfed4378d Bug 6866: Convert pathbias asserts into log messages.
Asserts were hit by Tor2Web mode.
2012-09-17 18:25:28 -07:00
Nick Mathewson
5dfec9f833 Merge remote-tracking branch 'linus/bug6880' 2012-09-17 16:05:09 -04:00
Linus Nordberg
bee1e46bd1 Don't do reachability testing over IPv6 unless AuthDirPublishIPv6 is set.
This affects both directory authorities and bridge authoritites.
2012-09-17 22:01:58 +02:00
Robert Ransom
62babcaf0a Implement and use crypto_pk_eq_keys 2012-09-17 11:02:53 -04:00
Nick Mathewson
32d9cea289 Merge remote-tracking branch 'public/bug6853' 2012-09-17 10:50:48 -04:00
Nick Mathewson
96d2a21683 Avoid sign-extending when computing rend auth type.
Right-shifting negative values has implementation-defined behavior.
On all the platforms we work on right now, the behavior is to
sign-extend the input.  That isn't what we wanted in

    auth_type_val = (descriptor_cookie_tmp[16] >> 4) + 1;

Fix for 6861; bugfix on 0.2.1.5-alpha; reported pseudonymously.

The broken behavior didn't actually hurt anything, I think, since the
only way to get sign-extension to happen would be to have the top bit
of descriptor_cookie_tmp[16] set, which would make the value of
descriptor_cookie_tmp[16] >> 4 somewhere between 0b11111111 and
0b11111000 (that is, between -1 and -8).  So auth_type_val would be
between -7 and 0.  And the immediate next line does:

    if (auth_type_val < 1 || auth_type_val > 2) {

So the incorrectly computed auth_type_val would be rejected as
invalid, just as a correctly computed auth_type_val would be.

Still, this stuff shouldn't sit around the codebase.
2012-09-17 10:28:14 -04:00
Nick Mathewson
414adb237b Parse votes with >31 flags correctly
We were doing (1<<p) to generate a flag at position p, but we should
have been doing (U64_LITERAL(1)<<p).

Fixes bug 6861; bugfix on 0.2.0.3-alpha; reported pseudonymously.
2012-09-17 10:24:52 -04:00
Nick Mathewson
c2c6d12a81 Move functions for seeing if we know enough nodes into nodelist 2012-09-14 10:20:01 -04:00
Nick Mathewson
725d3a32bd Remove router_get_by_{nickname,hexdigest} entirely 2012-09-14 10:20:00 -04:00
Nick Mathewson
5161a52c66 Remove the old disabled router_get_by_nickname implementation 2012-09-14 10:20:00 -04:00
Nick Mathewson
ba21ebc6d8 Move many of the node_ functions from routerlist to nodelist 2012-09-14 10:20:00 -04:00
Nick Mathewson
d995dc8bac Split the routerset code out of routerlist.c 2012-09-14 10:20:00 -04:00
Nick Mathewson
286e95f0a5 Merge branch 'bug6833' 2012-09-14 10:10:23 -04:00
Nick Mathewson
68caa834f4 document why we only allow 64 flags in votes 2012-09-14 10:10:16 -04:00
Nick Mathewson
e4ce8cd969 Fix compilation with older gccs
They don't like to have #preprocessor directives inside macro arguments.

Fixes #6842; fix on 0.2.4.2-alpha.

Found by grarpamp.
2012-09-14 10:06:00 -04:00
Nick Mathewson
7d11952bf4 Split the or_state_t portions of config.c into their own file 2012-09-13 12:20:26 -04:00
Nick Mathewson
2eb2536c0a Remove all remaining spurious or_options_t invocations in confparse.c 2012-09-13 12:20:25 -04:00
Nick Mathewson
7627b2c187 Split the generic config_fmt_t code into a new confparse.c file
This helps us split up one of our larger files, and sets the stage
for refactoring the configuration backend a little
2012-09-13 12:20:25 -04:00
Nick Mathewson
c8b98ba41c Reject votes (not consensuses) with >64 known-flags
Our flag voting code needs to handle unrecognized flags, so it stores
them in a 64-bit bitfield.  But we never actually checked for too many
flags, so we were potentially doing stuff like U64_LITERAL(1)<<flagnum
with flagnum >= 64.  That's undefined behavior.

Fix for bug 6833; bugfix on 0.2.0.1-alpha.
2012-09-13 11:45:05 -04:00
Nick Mathewson
582f2187a7 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-13 10:08:51 -04:00
Robert Ransom
0a6480cdd0 Avoid undefined behaviour when parsing HS protocol versions
Fixes bug 6827; bugfix on c58675ca72
(when the v2 HS desc parser was implemented).

Found by asn.
2012-09-13 07:48:21 -04:00
Nick Mathewson
a73dec16c5 Merge branch 'bug6815' 2012-09-12 16:28:59 -04:00
Nick Mathewson
19136f6f11 Fix a wide line 2012-09-12 16:28:46 -04:00
Nick Mathewson
35e19b9498 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-12 11:11:16 -04:00
Nick Mathewson
1f5a7917f5 Merge remote-tracking branch 'public/bug6341_a_v2' into maint-0.2.3 2012-09-12 11:10:59 -04:00
Nick Mathewson
5cbeb60805 Fix directory self-testing logic
When I removed version_supports_begindir, I accidentally removed the
mechanism we had been using to make a directory cache self-test its
directory port.  This caused bug 6815, which caused 6814 (both in
0.2.4.2-alpha).

To fix this bug, I'm replacing the "anonymized_connection" argument to
directory_initiate_command_* with an enumeration to say how indirectly
to connect to a directory server.  (I don't want to reinstate the
"version_supports_begindir" argument as "begindir_ok" or anything --
these functions already take too many arguments.)

For safety, I made sure that passing 0 and 1 for 'indirection' gives
the same result as you would have gotten before -- just in case I
missed any 0s or 1s.
2012-09-12 10:26:59 -04:00
Nick Mathewson
75c9ccd4f8 Merge remote-tracking branch 'public/bug6538'
Conflicts:
	configure.ac
2012-09-11 17:51:36 -04:00
Nick Mathewson
f8a665c87d Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-11 13:21:20 -04:00
Nick Mathewson
5833861f62 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/test/test_util.c
2012-09-11 13:20:15 -04:00
Nick Mathewson
973c18bf0e Fix assertion failure in tor_timegm.
Fixes bug 6811.
2012-09-11 13:13:07 -04:00
Roger Dingledine
d85b563dbb Merge branch 'maint-0.2.3' 2012-09-10 18:25:57 -04:00
Nick Mathewson
bf71866da0 Merge branch 'remove_old_ver_checks' 2012-09-10 15:37:13 -04:00
Nick Mathewson
4319f99828 Merge remote-tracking branch 'public/ticket6789' 2012-09-10 15:31:04 -04:00
Nick Mathewson
8731a4e148 Avoid segfault when reading state file from ancient tor
If s_values is null in rep_hist_load_bwhist_state_section, we would
call smartlist_len() on it, and die.

Fixes bug 6801.
2012-09-10 10:35:18 -04:00
Nick Mathewson
cb8f64cdc8 Fix tab introduced in f43946829c 2012-09-10 10:22:40 -04:00
Nick Mathewson
0ab7716b9e Merge remote-tracking branch 'linus/bug6797' 2012-09-10 10:19:57 -04:00
Nick Mathewson
20e0e7d9d1 Rename _UseFilteringSSLBufferevents to lose its _. Bug 3155 2012-09-10 10:09:19 -04:00
meejah
f43946829c Hide options beginning with "___" from GETINFO config/names 2012-09-10 09:51:31 -04:00
meejah
65838f4883 rename _UsingTestNetworkDefaults to start with triple-underscore 2012-09-10 09:50:24 -04:00
Roger Dingledine
e1e34ee4e4 raise bandwidthrate/bandwidthburst to a new "infinite"
addresses bug 6605.
2012-09-10 03:03:06 -04:00
Linus Nordberg
93ee62297f Don't follow the NULL pointer.
If dirvote_create_microdescriptor() returns NULL, don't use md.

Found by "f. tp.".

Fixes bug 6797.
2012-09-10 00:43:48 +02:00
Roger Dingledine
f6639d5676 finish backing out 5492de76 2012-09-09 16:51:34 -04:00
Roger Dingledine
67abdcd8d9 minor logging improvement 2012-09-09 15:54:59 -04:00
Nick Mathewson
e8b09c0d51 Remove one more check for an insanely old version 2012-09-07 23:23:49 -04:00
Nick Mathewson
7988596f66 Remove version_supports checks for versions before 0.2.2. 2012-09-07 23:21:18 -04:00
Nick Mathewson
26cee96911 Dirservers no longer accept tors released before December 2011.
Implements ticket 6789.
2012-09-07 11:15:23 -04:00
Nick Mathewson
3fe2161d28 Merge remote-tracking branch 'asn/bug6788' 2012-09-07 10:51:38 -04:00
George Kadianakis
14f4a5da45 Remove redundant declaration of find_transport_name_by_bridge_addrport(). 2012-09-07 17:44:53 +03:00
Roger Dingledine
9446efc0df a debugging log line that just helped me 2012-09-07 03:04:15 -04:00
Nick Mathewson
f4cf279eb5 Rename extend_info_alloc() --> _new()
Based on a patch from Linus, regenerated so as to not conflict with
Linus's 5535/6363 patches.
2012-09-06 11:38:32 -04:00
Linus Nordberg
09c84b50e7 Rename packed_cell_alloc() --> _new(). 2012-09-06 11:37:00 -04:00
Linus Nordberg
3327a0a61c Rename config_alloc() --> _new(). 2012-09-06 11:37:00 -04:00
Nick Mathewson
1ca9e2685f Merge branch 'quiet_lib_versions_squashed' 2012-09-06 11:32:09 -04:00
Nick Mathewson
e3a130a7eb Don't log about Libevent/OpenSSL initialization when all's well
OTOH, log the Libevent and OpenSSL versions on the first line when
we're starting Tor.
2012-09-06 11:31:22 -04:00
Nick Mathewson
ad1e8b45df Merge branch 'bug6778' 2012-09-06 11:05:16 -04:00
Nick Mathewson
30fe9080e7 Fix a dependency: micro-revision.i influences tor_main.o, not tor_main.c 2012-09-06 11:00:32 -04:00
Nick Mathewson
e9684405ac Merge remote-tracking branch 'asn/bug4567_rebased' 2012-09-06 10:12:28 -04:00
Nick Mathewson
deee0b67c3 Merge remote-tracking branch 'asn/bug6765' 2012-09-06 10:12:11 -04:00
Nick Mathewson
91fed2c703 Fix a build-warning when building out-of-tree
We were trying to incorporate all headers in common_sha1.i, not just
the src/common ones.

This is part of bug 6778; fix on 0.2.4.1-alpha
2012-09-06 09:56:48 -04:00
Roger Dingledine
00120544a4 fix punctuation in logs 2012-09-06 01:35:05 -04:00
Nick Mathewson
5d679caa32 Fix warning when implicitly casting strlen(microdesc) to int
Harmless unless we somehow generate a microdesc of more than INT_MAX
bytes.
2012-09-05 20:49:25 -04:00
George Kadianakis
8284c2bcba Use tor_malloc_zero() in var_cell_new().
This is just a precaution; we seem to be using var_cell_t.payload and
var_cell_t.payload_len correctly at the moment.
2012-09-06 01:22:32 +03:00
Roger Dingledine
b00b8272da make AuthDirHasIPv6Connectivity match the man page
we can turn it into an autobool later if we have some way for it
to make a decision.

(patch possibly got lost when nickm merged #6770; or maybe nickm meant
for it to be this way. i'm not sure.)
2012-09-05 18:17:41 -04:00
Nick Mathewson
f8c1ab7bbf Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-05 16:25:13 -04:00
Linus Nordberg
0770e4ccdb Whitespace fixes. 2012-09-05 19:40:15 +02:00
Nick Mathewson
9d9ca264ec Avoid segfault if EntryGuardPathBias precedes EntryGuard
Fix for bug 6774; bugfix on 0.2.3.17-beta.
2012-09-05 13:27:54 -04:00
George Kadianakis
4edc57caa5 Figure out ORPort and DirPort even when 'auto' is used.
Use router_get_advertised_{dir,or}_port() functions instead of
get_primary_{dir,or}_port().
2012-09-05 20:17:25 +03:00
Nick Mathewson
116c8409ba Merge remote-tracking branch 'linus/bug6770_3'
Conflicts:
	doc/tor.1.txt
	src/or/config.c
2012-09-05 11:35:26 -04:00
George Kadianakis
44fe717524 General tweaks and fixes for Nick's comments.
* Add changes/ files.
* Edit the tor-fw-helper manpage.
* Fix check-spaces.
* Add prototype for get_list_of_ports_to_forward().
* Fix tor_parse_long() TCP port range.
* Improve doc. of tor_check_port_forwarding().
* Check for overflows in tor_check_port_forwarding().
* Demote successful port forwarding to LOG_INFO.

Conflicts:
	src/common/address.c
	src/or/circuitbuild.c
2012-09-05 18:23:28 +03:00
George Kadianakis
443260ffd8 Tweak code and pump the tor-fw-helper version.
Conflicts:
	src/or/circuitbuild.h
2012-09-05 18:09:45 +03:00
George Kadianakis
da16c425ef Start passing ports to tor_check_port_forwarding().
Conflicts:
	src/or/transports.c
2012-09-05 18:08:18 +03:00
George Kadianakis
cd05f35d2c Refactor tor to support the new tor-fw-helper protocol.
Add handle_fw_helper_output(), a function responsible for parsing the
output of tor-fw-helper. Refactor tor_check_port_forwarding() and
run_scheduled_events() accordingly too.

We now issue warnings when we get control output from tor-fw-helper,
and we log the verbose output of tor-fw-helper in LOG_INFO.

Conflicts:
	src/common/util.c
2012-09-05 18:04:34 +03:00
George Kadianakis
64b2a64310 Use get_lines_from_handle() in configure_proxy(). 2012-09-05 18:02:27 +03:00
Linus Nordberg
f7c97cd40b Remove AuthDirPublishIPv6 and let AuthDirHasIPv6Connectivity fill its function.
See #4771 for rationale.

Note that this patch does not take suggested changes in #4470 into
account and keeps treating AuthDirHasIPv6Connectivity as an
AUTOBOOL. Thus, bug fixes for that are included here as well.

This is a fix on master, unreleased as of now.
2012-09-05 13:35:39 +02:00
Linus Nordberg
0e53742a85 Make AuthDirHasIPv6Connectivity a BOOL.
This is a fix of unreleased tor. It solves ticket #6770.
2012-09-05 12:47:01 +02:00
Roger Dingledine
67065c3c06 minor typos i found while constructing the changelog 2012-09-05 04:46:27 -04:00
Nick Mathewson
4d87919ba6 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-04 18:34:39 -04:00
Nick Mathewson
acfd487e7d Merge remote-tracking branch 'arma/bug6743' into maint-0.2.3 2012-09-04 18:33:56 -04:00
Nick Mathewson
d7a646edcf Merge branch 'bug5535_only_rebased' 2012-09-04 18:24:20 -04:00
Nick Mathewson
ec94d0307e Merge remote-tracking branch 'linus/bug6363_only-ln' 2012-09-04 18:23:18 -04:00
Linus Nordberg
d34c690e54 Allocate vote_microdesc_hash_t using tor_malloc_zero().
In case the struct grows in the future. Shouldn't be too expensive.
2012-09-04 20:19:41 +02:00
Linus Nordberg
8ef395d6a9 Whitespace. 2012-09-04 20:19:40 +02:00
Linus Nordberg
b337aa4c0e Remove spurious debug log printout. 2012-09-04 19:27:05 +02:00
Linus Nordberg
d827a5495a Take microdesc into account when deciding about preferred OR port. 2012-09-04 12:57:22 -04:00
Linus Nordberg
8b081231b5 Make node_ipv6_preferred() take microdescs into account.
Also, make node_get_prim_orport() indicate in its return value whether
a valid OR port was copied or not.

Maybe we should make it legal to pass ap_out==NULL?
2012-09-04 12:57:22 -04:00
Linus Nordberg
3746215350 Take microdesc IPv6 address into account when setting node->ipv6_preferred.
Also, do this only for clients, explicitly.

Also, give the flag a value every time we set consensus. We used to
touch it only when ClientPreferIPv6ORPort was set, which was wrong.
2012-09-04 12:57:21 -04:00
Linus Nordberg
0f45dbefed Use preferred OR for nodes with routerstatus and microdesc too.
extend_info_from_node() used to use the primary OR port (i.e. IPv4)
unless the node had routerinfo. Now that we have IPv6 addresses in
microdescs we may want to use them.

Note that this patch changes using r->cache_info.identity_digest into
using node->identity. I count on these being well synchronised, or
things would break in other ways. Right?
2012-09-04 12:57:21 -04:00
Linus Nordberg
7a8366a3eb Add IPv6 OR port to microdesc_t and populate it. 2012-09-04 12:57:21 -04:00
Linus Nordberg
e04e1a2e7d Clients connect to public relays over IPv6.
Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.

Use "preferred OR port" for all entry nodes, not only for bridges.

Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
configured in Bridge line and ClientPreferIPv6ORPort is set.

Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
descriptor and ClientPreferIPv6ORPort is set.

Filter "preferred OR port" through the ClientUseIPv6 config option. We
might want to move this test to where actual connection is being set
up once we have a fall back mechanism in place.

Have only non-servers pick an IPv6 address for the first hop: We
don't want relays to connect over IPv6 yet. (IPv6 has never been used
for second or third hops.)

Implements ticket 5535.
2012-09-04 12:57:21 -04:00
Linus Nordberg
d6ad00a01f Clear the ipv6_preferred flag like the others.
I'm not entirely sure that this is meningful but I'm pretty sure it's
not harmful. Seems like the logical thing to do.
2012-09-04 12:55:38 -04:00
Linus Nordberg
c76a332887 Fix a comment. 2012-09-04 12:51:08 -04:00
Linus Nordberg
585ef06978 Add tor_addr_port_new(). 2012-09-04 12:03:42 -04:00
Linus Nordberg
68901da5a1 Generate microdescriptors with "a" lines.
Generate and store all supported microdescriptor formats. Generate
votes with one "m" line for each format. Only "m" lines with version
info matching chosen consensus method will be voted upon.

An optimisation would be to combine "m" lines with identical hashes,
i.e. instead of "m 1,2,3 H1" and "m 4,5 H1", say "m 1,2,3,4,5 H1".
2012-09-04 11:56:34 -04:00
Linus Nordberg
156ffef249 Have directory authorities vote on IPv6 OR ports according to the spec
Define new new consensus method 14 adding "a" lines to vote and
consensus documents.

From proposal 186:

  As with other data in the vote derived from the descriptor, the
  consensus will include whichever set of "a" lines are given by the
  most authorities who voted for the descriptor digest that will be
  used for the router.

This patch implements this.
2012-09-04 11:52:22 -04:00
Nick Mathewson
05ded76cb6 Merge remote-tracking branch 'arma/bug6759' 2012-09-04 10:18:51 -04:00
Nick Mathewson
3da9a14f1c Merge remote-tracking branch 'arma/feature6758' 2012-09-04 10:16:15 -04:00
Nick Mathewson
978a2251f3 Merge remote-tracking branch 'arma/feature6760' 2012-09-04 10:14:55 -04:00
Roger Dingledine
0a2fcc55c5 resolve an XXX by agreeing with nickm 2012-09-03 22:15:04 -04:00
Roger Dingledine
81c6db3288 make "Launching %d requests for %d routers" message more useful
specifically, specify what sort of routers we're fetching.
2012-09-03 22:10:49 -04:00
Roger Dingledine
3ea37e5faa quiet "I learned some more directory information" on startup
Reserve it for when new directory information arrives in response to
a fetch.

Resolves ticket 6760.
2012-09-03 19:49:44 -04:00
Roger Dingledine
2131cc125b Don't log about reloading the microdescriptor cache at startup
Addresses bug 6759.
2012-09-03 18:50:27 -04:00
Roger Dingledine
e964f81143 omit the first heartbeat message (resolves ticket 6758) 2012-09-03 18:13:35 -04:00
Roger Dingledine
4bd90e20b9 fix whitespace and trivial typo 2012-09-03 02:09:39 -04:00
Roger Dingledine
eb3d079667 Make begindir_cutoff the same as general_cutoff
Allow one-hop directory fetching circuits the full "circuit build timeout"
period, rather than just half of it, before failing them and marking
the relay down. This fix should help reduce cases where clients declare
relays (or worse, bridges) unreachable because the TLS handshake takes
a few seconds to complete.

Fixes bug 6743 (one piece of bug 3443); bugfix on 0.2.2.2-alpha, where
we changed the timeout from a static 30 seconds.
2012-09-01 01:25:17 -04:00
Nick Mathewson
9982122f34 Use a time-invariant comparison in choose_array_element_by_weight 2012-08-28 12:42:25 -04:00
Nick Mathewson
5c3199cda7 In choose-by-bw, scale to better use the range of uint64
The smart part of this is based on an approach and a suggestion by
rransom. The unsmart part is my own fault.
2012-08-27 19:36:12 -04:00
Nick Mathewson
3363a0d26e Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:39:30 -04:00
Nick Mathewson
a7a4bbff47 Quiet "Set buildtimeout to low val" warnings: make them info
Fix for #6251
2012-08-27 16:37:09 -04:00
Nick Mathewson
f40378118c Merge remote-tracking branch 'mikeperry/bug6647' 2012-08-27 16:23:19 -04:00
Nick Mathewson
b252ffa7cb Downgrade path-bias warning messages to INFO for now.
We've had over two months to fix them, and didn't.  Now we need
0.2.3.x stable.  Yes, it would be cool to get this working in
0.2.3.x, but not at the expense of delaying every other feature that
_does_ work in 0.2.3.x.  We can do a real fix in 0.2.4.
2012-08-27 16:18:35 -04:00
Nick Mathewson
0c5a44ed0a Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:16:27 -04:00
Nick Mathewson
bffe0d3ccc Merge branch 'bug6710_023' into maint-0.2.3 2012-08-27 16:15:01 -04:00
Nick Mathewson
e232938ec8 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:09:29 -04:00
Nick Mathewson
443e4ae1ee Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/or/policies.c
2012-08-27 16:07:04 -04:00
Nick Mathewson
62d96284f7 Do not assert when comparing a null address/port against a policy
This can create a remote crash opportunity for/against directory
authorities.
2012-08-27 12:04:55 -04:00
Nick Mathewson
b7c172c9ec Disable extending to private/internal addresses by default
This is important, since otherwise an attacker can use timing info
to probe the internal network.

Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.

Fix for bug 6710; bugfix on all released versions of Tor.
2012-08-27 11:19:29 -04:00
Nick Mathewson
5898c09c3a Fix whitespace 2012-08-27 10:53:40 -04:00
Nick Mathewson
7795f42e4b Merge branch 'bug6524_nm' 2012-08-27 10:33:24 -04:00
Jim Meyering
90d1c85757 build: minimal adjustments to make out-of-tree build work 2012-08-27 10:00:22 -04:00
Nick Mathewson
b3b4f31936 Merge remote-tracking branch 'linus/bug6364' 2012-08-27 09:53:37 -04:00
Nick Mathewson
6f7dbd3d34 Merge remote-tracking branch 'linus/bug6362' 2012-08-27 09:50:22 -04:00
Nick Mathewson
6864a44a4a Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-24 12:51:50 -04:00
Nick Mathewson
ce4add498f Merge remote-tracking branch 'public/bug6472' into maint-0.2.3 2012-08-24 12:51:02 -04:00
Nick Mathewson
ca09ea0a8b Make node_assert_ok less duplicatey
This comes at the cost of making its failure message a little less
friendly, but since when do assertion failures count as
user-friendly?
2012-08-24 12:48:23 -04:00
Nick Mathewson
03ca9c63c8 Clarify docs on get_configured_bridge_by_*_digest 2012-08-24 12:31:09 -04:00
Mike Perry
e13abda470 Bug 6647: Use correct scale constant and prevent rounding error
We were effectively resetting our counts, and the rounding error
leads to incorrect log messages.
2012-08-23 20:28:29 -07:00
Mike Perry
4950618b13 Bug 6475: Demote pathbias log messages for 0.2.3.x
Also make a couple of them less scary.

We'll do a separate, additional commit on 0.2.4.x to bump them back
up again.
2012-08-23 20:28:25 -07:00
Mike Perry
880c71304b Disable path bias accounting if we have no guards.
This should eliminate a lot of notices for Directory Authorities and other
situations where circuits built without using guard nodes.
2012-08-23 19:47:08 -07:00
Linus Nordberg
3410a46ebc Move ipv6_preferred from routerinfo_t to node_t.
Move extend_info_from_router() from circuitbuild.c to router.c and
make it static.

Add get_configured_bridge_by_orports_digest() and have
get_configured_bridge_by_routerinfo() and
node_is_a_configured_bridge() use it. We now consider all OR ports of
a bridge when looking for it.

Move node_get_*_orport to nodelist.c.

Fix a cut'n'paste error in header of nodelist.h.

Add node_assert_ok().

Add router_get_all_orports(). It's duplicating code from
node_get_all_orports(). Worth fixing at the cost of complicating the
API slightly?
2012-08-23 22:13:12 +02:00
Nick Mathewson
6d703f8db5 Make the _sha1.i file generation quieter 2012-08-23 13:14:41 -04:00
Linus Nordberg
734b09080f Fetch IPv6 address from NETINFO "other OR's address" field.
The my_apparent_addr is still unused, apart from now being logged in
the "Got good NETINFO cell" info message.
2012-08-21 18:43:36 +02:00
Nick Mathewson
64676d0571 Merge branch 'bug6638' 2012-08-21 11:20:58 -04:00
Nick Mathewson
939d01f0ba Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-21 10:36:51 -04:00
Nick Mathewson
991a8acba2 Merge remote-tracking branch 'public/bug6404' into maint-0.2.3 2012-08-21 10:35:40 -04:00
Nick Mathewson
d517233e71 Merge remote-tracking branch 'linus/bug6621' 2012-08-21 10:21:53 -04:00
Nick Mathewson
778d90122c Avoid spurious warnings in rend_service_introduce
There was some code in the "err:" block that would always log a
warning, reporting an "unknown error" if we hadn't set err_msg.  But
there were also plenty of "goto err" blocks that did their own
logging, and never set err_msg at all.  Now we should only log when
we have an error message to log.

This fixes bug 6638, from no released Tor version.
2012-08-21 10:15:52 -04:00
Linus Nordberg
9216e2819b Send IPv6 address in NETINFO cells.
Closes #6364.
2012-08-20 17:01:18 +02:00
Linus Nordberg
5671586dc7 Make all relays, not only bridges, capable of advertising an IPv6 OR port.
Closes #6362.
2012-08-19 14:48:22 +02:00
Nick Mathewson
661bd3fe71 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 17:10:16 -04:00
Nick Mathewson
88859b2ff1 whitespace fix 2012-08-17 17:10:03 -04:00
Nick Mathewson
223e7cfabe When iterating over connections pending DNS, skip marked ones
Failure to do this would lead to double-free cases and similar,
especially when the exit's DNS was broken. See bug 6472 for full
details; this is a fix for 6472.

Anonymous patch from "cypherpunks" on trac.
2012-08-17 16:46:11 -04:00
Nick Mathewson
1c64f99a1a Merge remote-tracking branch 'public/bug5124' 2012-08-17 16:05:09 -04:00
Nick Mathewson
d9746bd468 Remove needless flush-on-write code.
Long ago, before we had cell queues, it was necessary to maybe call
connection_handle_write() from connectino_write_to_buf_impl() on OR
connections, so that we wouldn't get into a loop of reading infinite
amounts of data and queueing it all on an outbuf before bothering to
write any data.

If that doesn't sounds like what our code does now, you're right:
right now, we won't stick more than OR_CONN_HIGHWATER bytes of cells
on an outbuf, and we won't suck more than CELL_QUEUE_HIGHWATER_SIZE
cells off any edge connection. So, there's no more call for that
code.

Removing this code will simplify our data flow, and that should be
something we can all get behind.
2012-08-17 16:01:30 -04:00
Nick Mathewson
a9d56289ee Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 15:59:40 -04:00
Linus Nordberg
9ed87b37d0 Consider IPv6 OR ports when deciding whether a routerinfo change is cosmetic.
Closes #6423.
2012-08-17 15:59:13 -04:00
Nick Mathewson
eec86939d1 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 12:39:31 -04:00
Nick Mathewson
e9172e51fb Merge remote-tracking branch 'public/bug6244_part_c' into maint-0.2.3 2012-08-17 12:37:49 -04:00
Nick Mathewson
1728801bbc Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 12:34:52 -04:00
Nick Mathewson
676f71054f Merge remote-tracking branch 'public/bug6507' into maint-0.2.3 2012-08-17 12:33:17 -04:00
Nick Mathewson
a4669d8704 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 12:10:44 -04:00
Nick Mathewson
a74d4182f1 Whitespace and build fixes on 6475 patch 2012-08-17 12:10:31 -04:00
Nick Mathewson
3621f30ad4 Merge remote-tracking branch 'mikeperry/bug6475' into maint-0.2.3 2012-08-17 12:08:42 -04:00
Nick Mathewson
274e281741 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 11:54:05 -04:00
Nick Mathewson
f25e8d034b Merge remote-tracking branch 'public/bug6514' into maint-0.2.3 2012-08-17 11:53:06 -04:00
Linus Nordberg
b1c4b3ad0e Make authorities not set Running unless all advertised OR ports are reachable.
Resolves #6621.
2012-08-17 12:53:25 +02:00
Mike Perry
4e42a8a2f2 Address Nick's comments from code review.
Also promote log messages to notice and rate-limit them.
2012-08-16 16:29:19 -07:00
Mike Perry
ec6a7effb8 Bug 6475: Explicitly track our path bias state.
This is done to avoid spurious warns. Additional log lines are also
added to try to track down the codepaths where we are somehow overcounting
success counts.
2012-08-15 19:59:55 -07:00
Nick Mathewson
2ba52f4095 Fix wildcarded address mappings from the control port
Apparently, we weren't actually detecting wildcardedness when parsing
them: whoops!

bug 6244.  Bugfix on 0.2.3.9-alpha
2012-08-15 17:59:30 -04:00
Nick Mathewson
959f850056 Raise the part of torrc mapaddress handling that knows wildcards
This patch extracts the inner part of config_register_addressmaps --
the part that knows about detecting wildcard addresses addresses --
and makes it into a new function.  The new function is deliberately
not moved or reindented, so that the diff is smaller.

I need this to fix bug 6244.
2012-08-15 17:52:40 -04:00
Nick Mathewson
cdd882ee71 Check for stream_id, not conn, on extend cells.
Extend cells aren't allowed to have a stream_id, but we were only
blocking them when they had a stream_id that corresponded to a
connection.  As far as I can tell, this change is harmless: it will
make some kinds of broken clients not work any more, but afaik nobody
actually make a client that was broken in that way.

Found while hunting for other places where we made the same mistake
as in 6271.

Bugfix on d7f50337c1 back from May 2003, which introduced
telescoping circuit construction into 0.0.2pre8.
2012-08-15 13:16:41 -04:00
Nick Mathewson
a9eed33111 Fix memory leak in dirvote_create_microdescriptor
Found by George, who gets a cookie.
2012-08-14 03:07:17 -04:00
Nick Mathewson
f45cde05f9 Remove tor_malloc_roundup().
This function never actually did us any good, and it added a little
complexity.  See the changes file for more info.
2012-08-13 13:27:32 -04:00
Nick Mathewson
d993b04485 Reject attempts to say FooPort and FooPort 0 in the same cfg domain 2012-08-09 16:13:03 -04:00
Nick Mathewson
e1fb3b8d65 Fix spaces from last patch 2012-08-09 16:02:57 -04:00
Nick Mathewson
dfe03d36c8 Don't infer we have a FooPort from the presence of a FooPort line
Thanks to the changes we started making with SocksPort and friends
in 0.2.3.3-alpha, any of our code that did "if (options->Sockport)"
became wrong, since "SocksPort 0" would make that test true whereas
using the default SocksPort value would make it false.  (We didn't
actually do "if (options->SockPort)" but we did have tests for
TransPort.  When we moved DirPort, ORPort, and ControlPort over to
the same system in 0.2.3.9-alpha, the problem got worse, since our
code is littered with checks for DirPort and ORPort as booleans.

This code renames the current linelist-based FooPort options to
FooPort_lines, and adds new FooPort_set options which get set at
parse-and-validate time on the or_options_t.  FooPort_set is true
iff we will actually try to open a listener of the given type. (I
renamed the FooPort options rather than leave them alone so that
every previous user of a FooPort would need to get inspected, and so
that any new code that forgetfully uses FooPort will need fail to
compile.)

Fix for bug 6507.
2012-08-09 15:48:43 -04:00
Nick Mathewson
07df4dd52d Refactor the core of choosing by weights into a function
This eliminates duplicated code, and lets us test a hairy piece of
functionality.
2012-08-09 14:15:58 -04:00
Nick Mathewson
9bfb274abb Refactor smartlist_choose_node_by_bandwidth to be less horrible.
With this patch, I dump the old kludge of using magic negative
numbers to indicate unknown bandwidths.  I also compute each node's
weighted bandwidth exactly once, rather than computing it once in
a loop to compute the total weighted bandwidth and a second time in
a loop to find which one we picked.
2012-08-09 12:59:04 -04:00
Nick Mathewson
50aecc68ca Use a smarter fix for bug 1203.
Previously, we had incremented rand_bw so that when we later tested
"tmp >= rand_bw", we wouldn't have an off-by-one error.  But instead,
it makes more sense to leave rand_bw alone and test "tmp > rand_bw".

Note that this is still safe.  To take the example from the bug1203
writeup: Suppose that we have 3 nodes with bandwidth 1.  So the
bandwidth array is { 1, 1, 1 }, and the total bandwidth is 3.  We
choose rand_bw == 0, 1, or 2.  With the first iteration of the loop,
tmp is now 1; with the second, tmp is 2; with the third, tmp is 3.
Now that our check is tmp > rand_bw, we will set i in the first
iteration of the loop iff rand_bw == 0; in the second iteration of
the loop iff rand_bw == 1, and in the third iff rand_bw == 2.
That's what we want.

Incidentally, this change makes the bug 6538 fix more ironclad: once
rand_bw is set to UINT64_MAX, tmp > rand_bw is obviously false
regardless of the value of tmp.
2012-08-09 12:41:28 -04:00
Nick Mathewson
640a51684c Remove remaining timing-dependency in choosing nodes by bandwidth
The old approach, because of its "tmp >= rand_bw &&
!i_has_been_chosen" check, would run through the second part of the
loop slightly slower than the first part.  Now, we remove
i_has_been_chosen, and instead set rand_bw = UINT64_MAX, so that
every instance of the loop will do exactly the same amount of work
regardless of the initial value of rand_bw.

Fix for bug 6538.
2012-08-09 12:40:03 -04:00
Nick Mathewson
e106812a77 Change smartlist_choose_node_by_bandwidth to avoid double
This should make our preferred solution to #6538 easier to
implement, avoid a bunch of potential nastiness with excessive
int-vs-double math, and generally make the code there a little less
scary.

"But wait!" you say.  "Is it really safe to do this? Won't the
results come out differently?"

Yes, but not much.  We now round every weighted bandwidth to the
nearest byte before computing on it.  This will make every node that
had a fractional part of its weighted bandwidth before either
slighty more likely or slightly less likely.  Further, the rand_bw
value was only ever set with integer precision, so it can't
accurately sample routers with tiny fractional bandwidth values
anyway.  Finally, doing repeated double-vs-uint64 comparisons is
just plain sad; it will involve an implicit cast to double, which is
never a fun thing.
2012-08-09 12:21:37 -04:00
Stewart Smith
2e80ae895d fix circular dependency for generating code digests 2012-08-09 11:03:48 -04:00
Stewart Smith
7bb04f111a fix dependencies for some generated files 2012-08-09 11:03:47 -04:00
Stewart Smith
2a4a149624 Move to non-recursive make
This gives us a few benefits:
1) make -j clean all
   this will start working, as it should. It currently doesn't.
2) increased parallel build
   recursive make will max out at number of files in a directory,
   non-recursive make doesn't have such a limitation
3) Removal of duplicate information in make files,
   less error prone

I've also slightly updated how we call AM_INIT_AUTOMAKE, as the way
that was used was not only deprecated but will be *removed* in the next
major automake release (1.13).... so probably best that we can continue
to bulid tor without requiring old automake.
(see http://www.gnu.org/software/automake/manual/html_node/Public-Macros.html )

For more reasons  why, see resources such as:
http://miller.emu.id.au/pmiller/books/rmch/
2012-08-09 11:03:47 -04:00
Nick Mathewson
ca90aea5eb Temporarily make spurious sendmes warn louder at arma's suggestion. 2012-08-09 10:55:33 -04:00
Nick Mathewson
0b21170085 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-09 10:52:45 -04:00
Nick Mathewson
91b52a259a Merge remote-tracking branch 'public/bug6252_again' into maint-0.2.3 2012-08-09 10:50:11 -04:00
Nick Mathewson
aa584fd3a3 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-03 12:04:36 -04:00
Nick Mathewson
93be3a8822 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/or/routerlist.c
2012-08-03 12:04:11 -04:00
Robert Ransom
308f6dad20 Mitigate a side-channel leak of which relays Tor chooses for a circuit
Tor's and OpenSSL's current design guarantee that there are other leaks,
but this one is likely to be more easily exploitable, and is easy to fix.
2012-08-03 11:49:51 -04:00
Nick Mathewson
860c4fc811 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-03 11:46:03 -04:00
Robert Ransom
82c5e385cb Remove bogus comment claiming that an assertion is triggerable by consensus 2012-08-03 11:45:33 -04:00
Nick Mathewson
6c64681879 Fix a bunch of "implicit 64->32" warnings from introduce refactoring 2012-08-03 11:31:04 -04:00
Nick Mathewson
babf8e2a85 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-03 11:23:06 -04:00
Nick Mathewson
1040afb242 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-08-03 11:18:40 -04:00
Nick Mathewson
57e35ad3d9 Avoid possible segfault when handling networkstatus vote with bad flavor
Fix for 6530; fix on 0.2.2.6-alpha.
2012-08-03 10:53:00 -04:00
Matthew Finkel
b50eb14bbf Updated docs for new connections. 2012-08-02 16:15:23 -04:00
Nick Mathewson
65d8448209 Merge remote-tracking branch 'sysrqb/bug6518' 2012-08-02 15:45:10 -04:00
Matthew Finkel
a47e4343de Constify struct sockaddr *sa parameter for check
The values are only being checked, not modified.
2012-08-02 15:29:38 -04:00
Matthew Finkel
d91bbf376c Removed redundant check_sockaddr_family_match call 2012-08-02 15:13:34 -04:00
Nick Mathewson
2d6d5db2fe Defensive programming: clear rs_out between iterations.
I can't currently find a bug here, but there are a couple of
near-misses.  Addresses ticket 6514; reported pseudonymously on
IRC.
2012-08-01 17:25:34 -04:00
Nick Mathewson
c49975a2b8 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-31 17:20:36 -04:00
Nick Mathewson
62637fa224 Avoid hard (impossible?)-to-trigger double-free in dns_resolve()
Fixes 6480; fix on 0.2.0.1-alpha; based on pseudonymous patch.
2012-07-31 17:19:17 -04:00
Nick Mathewson
92f5eaa235 Whitespace tweaks 2012-07-31 17:08:13 -04:00
Andrea Shepard
048c128f93 Add replaycache.h to noinst_HEADERS in src/or/Makefile.am 2012-07-31 17:08:12 -04:00
Andrea Shepard
471ab34032 Refactor INTRODUCE2 parsing code in rend_service_introduce() 2012-07-31 17:08:12 -04:00
Andrea Shepard
36c968491f Use new replaycache_t structure for replay detection in rend_service_introduce() 2012-07-31 17:08:12 -04:00
Andrea Shepard
8f63ef10ad Implement replaycache_t for bug 6177, and unit tests for the preceding 2012-07-31 17:08:05 -04:00
Nick Mathewson
d3e1e458e1 Remove the upper limit on the size of MD we can generate. 2012-07-31 13:12:07 -04:00
Nick Mathewson
063138e001 Warn at parse time for routerstatus entry missing a microdesc consensus
In 0.2.3.18-rc, we started warning on this case while building a
list of missing microdescriptor digests.  That turned out to spam
the logs; instead let's warn at parse time.

Partial fix for bug 6404.
2012-07-31 11:01:57 -04:00
Nick Mathewson
7143d112a6 Don't include a router in an md consensus if we can't find a md for it.
The spec requires that every router in a microdesc consensus have an
m line; we weren't obeying that spec.

This creates a new consensus method (13) to allow voting to continue
to work right. Partial fix for bug 6404; fix on 0.2.2.6-alpha.
2012-07-31 10:54:14 -04:00
Nick Mathewson
2503cfad24 Allow microdescs to be up to 2k. Partial fix for 6404. 2012-07-31 10:48:35 -04:00
Nick Mathewson
5919e8e561 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-31 10:29:34 -04:00
Nick Mathewson
aed93f8ad9 Merge branch 'bug6490_v2' into maint-0.2.3 2012-07-31 10:28:43 -04:00
Nick Mathewson
2bd45213c9 Warn when accounting is used in a way likely to link hidden services
Fix for 6490.
2012-07-31 10:28:16 -04:00
Roger Dingledine
1049d315d7 Merge branch 'maint-0.2.3' 2012-07-31 05:10:23 -04:00
Roger Dingledine
1004489354 trivial grammar fix 2012-07-31 05:10:05 -04:00
Nick Mathewson
08e65ce04f Fix small memleak introduced in recent patch; fixe 6455. 2012-07-24 10:20:00 -04:00
Nick Mathewson
20b625a0fd Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-23 12:36:04 -04:00
Nick Mathewson
692005b38d Merge remote-tracking branch 'asn/bug6274_take3' into maint-0.2.3 2012-07-23 12:35:23 -04:00
Linus Nordberg
fff842a47c Add config option AuthDirPublishIPv6.
Test for config option AuthDirPublishIPv6 == 1 rather than for running
as a bridge authority when deciding whether to care or not about IPv6
OR ports in descriptors.

Implements enhancement #6406.
2012-07-19 17:51:15 -04:00
Nick Mathewson
6208106c18 Try to re-approximate the older semantics of nodelist_add_routerinfo 2012-07-19 17:51:15 -04:00
Linus Nordberg
dee4f068ee Don't shadow 'buf'. 2012-07-19 18:21:23 +02:00
Linus Nordberg
044da1bf0f Add configure option AuthDirHasIPv6Connectivity.
Implements enhancement 5974.
2012-07-19 18:21:22 +02:00
Linus Nordberg
cdef2b181a Rename routers_have_same_or_addr() to reflect the fact that it now checks both OR ports. 2012-07-19 18:21:22 +02:00
Linus Nordberg
7c80a4502c Include IPv6 OR ports in status documents only if we're a bridge authority. 2012-07-19 18:21:21 +02:00
Linus Nordberg
6d99c51f15 Don't put unreachable IPv6 OR port in routerstatus.
To have only reachable ports in "a" lines.
2012-07-19 18:21:21 +02:00
Linus Nordberg
dda177b19e Add "a" line to status document. 2012-07-19 18:21:21 +02:00
Linus Nordberg
4cce8ab742 Add last_reachable and testing_since for IPv6 OR port. 2012-07-19 18:21:20 +02:00
Linus Nordberg
c1ff07440e Don't assume that a node has routerinfo.
We can end up in dirserv_orconn_tls_done() with a node missing
routerinfo in at least two cases -- command_process_certs_cell() and
connection_or_check_valid_tls_handshake() -- and probably more.
2012-07-19 18:21:20 +02:00
Linus Nordberg
631ec5c4fe Move last_reachable and testing_since from routerinfo_t to node_t. 2012-07-19 18:21:20 +02:00
Nick Mathewson
24451e6f7d Avoid double-typedef of transport_t.
You can say "struct foo_t" as much as you want, but you'd better not
have "typedef struct foo_t foo_t" more than once.

Fix for bug 6416.  Bug not in any released version of Tor.
2012-07-19 09:06:11 -04:00
George Kadianakis
a1d060a68f Better handling of server managed proxies when Tor is not a relay. 2012-07-18 20:01:02 +02:00
Nick Mathewson
5ade278605 Check ewma_enabled before doing circ-has-become-inactive check
This avoids a possible crash bug in flush_from_first_active_circuit.

Fixes bug 6341; bugfix on 0.2.2.7-alpha.

Bug reported and fixed by a pseudonymous user on IRC.
2012-07-18 10:28:55 -04:00
Roger Dingledine
c1bd104111 Detect bug 6252 (unexpected sendme cell)
I only check on circuits, not streams, since bloating your stream
window past the initial circuit window can't help you much.

Also, I compare to CIRCWINDOW_START_MAX so we don't have surprising
races if we lower CIRCWINDOW_START for an experiment.
2012-07-18 10:23:04 -04:00
Nick Mathewson
f8c9cc713d Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-18 10:14:40 -04:00
Nick Mathewson
b355ddb20f Merge branch 'smartlist_shorten' into maint-0.2.3 2012-07-18 10:14:14 -04:00
Nick Mathewson
ec8bdc5da8 Merge remote-tracking branch 'asn/bug3589' 2012-07-17 12:05:08 -04:00
Nick Mathewson
f9478b7a79 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-17 12:03:10 -04:00
Nick Mathewson
4cac5df554 Improve message on spurious SOCKSListenAddress 2012-07-17 12:02:55 -04:00
Nick Mathewson
efdf6c7118 Fix the remaining instances of nexted SMARTLIST_FOREACH 2012-07-17 10:41:24 -04:00
Nick Mathewson
7faf115dff Change all SMARTLIST_FOREACH loops of >=10 lines to use BEGIN/END
The SMARTLIST_FOREACH macro is more convenient than BEGIN/END when
you have a nice short loop body, but using it for long bodies makes
your preprocessor tell the compiler that all the code is on the same
line.  That causes grief, since compiler warnings and debugger lines
will all refer to that one line.

So, here's a new style rule: SMARTLIST_FOREACH blocks need to be
short.
2012-07-17 10:34:08 -04:00
Nick Mathewson
0b6fb5ebcd Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-17 09:50:18 -04:00
Linus Nordberg
21c6c84853 Allow TestingTorNetwork when alternate dir and bridge authorities are set.
Allow TestingTorNetwork when AlternateDirAuthority and
AlternateBridgeAuthority is set even if DirServer is not.
2012-07-17 09:35:38 -04:00
Nick Mathewson
7ac8a4a037 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-16 11:50:53 -04:00
Nick Mathewson
93b7301755 Refer to the correct variable in a loop when parsing entry guard state
Fixes bug 6397 and coverity issue 709599. Bugfix on 0.2.3.17-beta.
2012-07-16 11:49:45 -04:00
George Kadianakis
8b9f4d75f2 Address Nick's comments.
- Add a changes/ file.
- Make it compile under --enable-gcc-warnings.
- Update the file-level documentation of src/or/transports.c.
- Only update descriptor if at least a managed proxy was configured.
- Add our external IP address to the extra-info descriptor instead of 0.0.0.0.
2012-07-12 15:28:43 +02:00
Roger Dingledine
1fee920999 Merge branch 'maint-0.2.3' 2012-07-06 08:59:26 -04:00
Roger Dingledine
27ec0248d2 Merge remote-tracking branch 'nickm/bug6271_part_a' into maint-0.2.3 2012-07-06 08:57:29 -04:00
Nick Mathewson
419f541aa7 Fix a bug handling SENDME cells on nonexistent streams.
This could result in bizarre window values. Report and patch
contributed pseudymously.  Fixes part of bug 6271. This bug was
introduced before the first Tor release, in svn commit r152.

(bug 6271, part a.)
2012-07-06 07:29:54 -04:00
Nick Mathewson
7e8d7a017e Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-05 05:08:54 -04:00
Nick Mathewson
e9b33ed1bf On windows, ENOBUFS starts with WSA. #6296. Fix on 0.2.18-rc 2012-07-05 05:01:00 -04:00
George Kadianakis
f8e49c5789 Change extra-info "method" to "transport". 2012-07-03 21:26:03 +03:00
George Kadianakis
ca4e986c1d Mark descriptor as dirty if all managed proxies are configured. 2012-07-03 21:26:03 +03:00
George Kadianakis
9dea3a03b9 Add pluggable transport info to extra-info descriptors. 2012-07-03 21:26:03 +03:00
George Kadianakis
4bafe24400 Constify some functions. 2012-07-03 21:26:03 +03:00
George Kadianakis
17caec3676 Make some transports.c functions static.
- Also reorder functions.
2012-07-03 21:26:03 +03:00
George Kadianakis
aecc728a5a Refactor mp->transports to use transport_t. 2012-07-03 21:26:03 +03:00
George Kadianakis
d11b772a6c Introduce a transport_t deep copy function. 2012-07-03 21:26:03 +03:00
George Kadianakis
6173d36340 Move transport-related functions from circuitbuild.c to transports.c.
Move 'transport_t' to transports.h, and all transport-related
functions that don't rely on 'bridge_list' to transports.c.
2012-07-03 21:26:03 +03:00
Roger Dingledine
46434ecf5b Merge branch 'maint-0.2.3' 2012-07-01 17:37:59 -04:00
Roger Dingledine
d13389b30e Revert "Detect bug 6252 (unexpected sendme cell)"
This reverts commit c32ec9c425.

It turns out the two sides of the circuit don't actually stay in sync,
so it is perfectly normal for the circuit window on the exit relay to
grow to 2000+. We should fix that bug and then reconsider this patch.
2012-07-01 17:36:35 -04:00
Roger Dingledine
6061cd584c Merge branch 'maint-0.2.3' 2012-07-01 05:32:37 -04:00
Roger Dingledine
c32ec9c425 Detect bug 6252 (unexpected sendme cell)
I only check on circuits, not streams, since bloating your stream
window past the initial circuit window can't help you much.

Also, I compare to CIRCWINDOW_START_MAX so we don't have surprising
races if we lower CIRCWINDOW_START for an experiment.
2012-07-01 05:27:08 -04:00
Nick Mathewson
6abdcdf116 Fix crash bug from 4a8eaad7 (Bug 6255)
We were doing a tor_strclear() on client_keys_str when it might not
even be set.

Fix for bug 6255; bug not in any release of Tor.  Thanks to katmagic
for finding this one!
2012-06-29 00:32:27 -04:00
Nick Mathewson
19a81ef020 Merge commit '81cd3d7ad641a8dbf' 2012-06-28 15:52:57 -04:00
Nick Mathewson
e13e9c40c8 Never emit the "opt" prefix in any directory stuff
Fix for bug 5124.
2012-06-28 15:47:07 -04:00
Brendan C
a6169800f8 Fix bug 3842: add a GETINFO signal/names
Also refactor SIGNAL so that it and signal/names use the same table.

(commit message by nickm)
2012-06-28 15:39:19 -04:00
meejah
12298901fd add new GETINFO config/defaults
returns the default values for every configuration item, similar
to GETINFO config/names; include a changes entry for it.

Fix for bug 4971
2012-06-28 15:15:51 -04:00
Roger Dingledine
dd7a27d17e fix grammar in comment 2012-06-28 13:43:01 -04:00
Nick Mathewson
96746e39f6 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-28 10:57:23 -04:00
Nick Mathewson
217862b317 Merge remote-tracking branch 'public/bug6244_part2' into maint-0.2.3 2012-06-28 10:49:32 -04:00
Nick Mathewson
d4a64fdc02 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-28 10:48:06 -04:00
Andrea Shepard
bdc8270280 Downgrade 'Got a certificate, but we already have it' log message from warning to info, except when we're a dirauth (fixes bug 5238) 2012-06-28 10:42:43 -04:00
Nick Mathewson
d4285f03df Extend tor_sscanf so it can replace sscanf in rephist.c
Fixes bug 4195 and Coverity CID 448
2012-06-28 09:54:05 -04:00
Nick Mathewson
28c42fe029 Fix GETINFO address-mappings/... with wildcarded addresses. 2012-06-27 23:55:01 -04:00
Nick Mathewson
e12eba55b2 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-27 23:45:59 -04:00
Nick Mathewson
23f2e37ff7 Allow wildcarded mapaddress targets in controller MAPADDRESS command 2012-06-27 23:38:04 -04:00
Nick Mathewson
4050800251 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-26 10:30:51 -04:00
Nick Mathewson
c4586f4df7 Downgrade message about md cache cleaning from notice to info
Fix for #6238
2012-06-26 10:30:11 -04:00
Nick Mathewson
7c9f6a994f Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-25 13:23:07 -04:00
George Kadianakis
53e4452f98 Don't do DNS lookups when parsing corrupted managed proxy messages.
The functions parse_{s,c}method_line() were using
tor_addr_port_lookup() which is capable of doing DNS lookups. DNS
lookups should not be necessary when parsing {C,S}METHOD lines.
2012-06-25 13:19:22 -04:00
Nick Mathewson
888d5d08fe Merge remote-tracking branch 'public/bug2385' 2012-06-25 12:05:36 -04:00
Nick Mathewson
a6688c574e Catch a few more K&R violations with make check-spaces
We now catch bare {s that should be on the previous line with a do,
while, if, or for, and elses that should share a line with their
preceding }.

That is,
    if (foo)
    {
and
    if (foo) {
      ...
    }
    else

are now detected.

We should think about maybe making Tor uncrustify-clean some day,
but configuring uncrustify is an exercise in bizarreness, and
reformatting huge gobs of Tor is always painful.
2012-06-23 15:54:01 -04:00
George Kadianakis
8c3a4a1d21 Improve log message issued when a managed proxy fails to launch. 2012-06-23 15:05:46 -04:00
Nick Mathewson
ebda15e4b5 Merge remote-tracking branch 'public/bug6211' into maint-0.2.3 2012-06-22 22:38:59 -04:00
Nick Mathewson
c239c57d3c Fix a regression bug in AllowDotExit
The code that detected the source of a remapped address checked that
an address mapping's source was a given rewrite rule if addr_orig had
no .exit, and addr did have a .exit after processing that rule.  But
addr_orig was formatted for logging: it was not the original address
at all, but rather was the address escaped for logging and possibly
replaced with "[scrubbed]".

This new logic will correctly set ADDRMAPSRC_NONE in the case when the
address starts life as a .exit address, so that AllowDotExit can work
again.

Fixes bug 6211; bugfix on 0.2.3.17-beta
2012-06-19 19:50:03 -04:00
Nick Mathewson
0600e8cab1 Disable warning for marked-but-reading in main.c
It turns out this can happen.  Even though there is no reason for
connections to be marked but reading, we leave them reading anyway,
so warning here is unwarranted.  Let's turn that back on once we do
something sensible and disable reading when we mark.  Bugfix for
6203 on Tor 0.2.3.17-beta.

Thanks to cypherpunks for pointing out the general stupidity of the
original code here.
2012-06-19 12:22:43 -04:00
Nick Mathewson
4a8eaad7ef Clear a couple more fields in rend_service_load_auth_keys 2012-06-18 13:13:53 -04:00
Nick Mathewson
b8d1e8e375 Refactor exit path in rend_service_load_auth_keys
Now it's an orthodox "goto err/done" exit path, and it isn't some
screwy thing where we stick err/done at the end of a loop and
duplicate our cleanup code.
2012-06-18 13:10:02 -04:00
Nick Mathewson
e5a61c5176 Fix indentation in rend_service_load_auth_keys 2012-06-18 13:01:33 -04:00
Nick Mathewson
be28d10622 Refactor rend_service_load_keys() into main portion and auth portion. 2012-06-18 12:59:29 -04:00
Nick Mathewson
53f5a38942 Fix indentation and whitespace in rend_service_load_keys 2012-06-18 12:45:55 -04:00
Nick Mathewson
b44693f32d Refactor rend_service_load_keys() into outer loop and loop contents 2012-06-18 12:43:20 -04:00
Nick Mathewson
e6782b355a Merge remote-tracking branch 'public/bug3311' 2012-06-18 12:07:39 -04:00
Nick Mathewson
4432fa40dd Merge remote-tracking branch 'andrea/bug6028' 2012-06-18 11:51:55 -04:00
Roger Dingledine
26855fe22c conn_type_to_string() on a listener already says it's a listener 2012-06-16 02:29:03 -04:00
Andrea Shepard
10130e5979 Appease make check-spaces 2012-06-15 21:48:15 -07:00
Andrea Shepard
b5280efc17 Clean up keys on stack in rend_parse_service_authorization() 2012-06-15 21:47:06 -07:00
Andrea Shepard
7f24b9b8c3 Clean up keys on stack in rend_client_refetch_v2_renddesc() 2012-06-15 21:39:28 -07:00
Andrea Shepard
a8bcbe7bf7 Clean up keys on stack in rend_client_send_introduction() 2012-06-15 21:25:25 -07:00
Andrea Shepard
ab2e007ffb In rend_service_load_keys(), clear extended descriptor cookie and buffer, clear temporary heap space for client key, and check if serializing client key fails 2012-06-15 21:17:02 -07:00
Andrea Shepard
276f95182c Clean keys on stack in rend_service_rendezvous_has_opened() 2012-06-15 20:54:45 -07:00
Andrea Shepard
88c5d3ca55 Clean keys on stack in rend_service_intro_has_opened() 2012-06-15 20:43:33 -07:00
Andrea Shepard
d43ba536df Clean up keys on stack in rend_service_introduce() 2012-06-15 20:19:02 -07:00
Andrea Shepard
9f55dfd915 Clean up keys on stack in rend_service_load_keys() 2012-06-15 19:54:54 -07:00
Roger Dingledine
c37b8023b7 fix the typo on the typo fix 2012-06-15 20:34:16 -04:00
Andrea Shepard
1f7f10e4f3 Always set *socket_error to something appropriate when returning -1 from connection_connect() 2012-06-15 16:53:32 -07:00
Roger Dingledine
ca525db02d fix typos from 783f705d 2012-06-15 17:08:25 -04:00
Nick Mathewson
eab75d2c36 Fix a typo found by Mike. 2012-06-15 16:12:04 -04:00
Nick Mathewson
bdfb399867 Merge remote-tracking branch 'public/xxx023' 2012-06-15 16:10:59 -04:00
Nick Mathewson
87409771c4 Clarify some messages about publishing hidden service descriptors
Fix for bug 3311.
2012-06-15 15:25:46 -04:00
Nick Mathewson
cc21e56ed4 Check the correct consensus before giving it to the client
Previously, a directory would check the latest NS consensus for
having the signatures the client wanted, and use that consensus's
valid_until time to set the HTTP lifetime.  With this patch, the
directory looks at NS consensus or the microdesc consensus,
depending on what the client asked for.
2012-06-15 15:07:54 -04:00
Nick Mathewson
32bf258881 Change a silent ignore-the-bug in microdesc.c to a LOG_INFO
I don't believe this bug occurs, but there was an XXX023 to make
sure it doesn't.
2012-06-15 15:07:54 -04:00
Nick Mathewson
e62104a7d2 Move tor_gettimeofday_cached() into compat_libevent 2012-06-15 15:07:53 -04:00
Nick Mathewson
1755f792ed Refactor GETINFO process/descriptor-limit
Previously it duplicated some getrlimit code and content from compat.c;
now it doesn't.
2012-06-15 15:07:53 -04:00
Nick Mathewson
783f705ddc Document that we are unlikely to underflow session group IDs. 2012-06-15 15:07:53 -04:00
Nick Mathewson
2491fff5a6 Triage the XXX023 and XXX022 comments: postpone many. 2012-06-15 15:07:52 -04:00
Nick Mathewson
879b1e1010 Merge remote-tracking branch 'public/bug5932' 2012-06-15 14:44:32 -04:00
Nick Mathewson
8030ec4f27 Downgrade log messages about cbt enabled/disabled. Bug 6169. 2012-06-15 09:57:18 -04:00
Roger Dingledine
a1caa96f9b another little step at making debugging 5458 easier 2012-06-15 03:58:47 -04:00
Roger Dingledine
5625812f9a tab-man returneth (this time using the name 'rob') 2012-06-15 03:28:18 -04:00
Mike Perry
daedae4115 Lower the default path bias notice rate to 40%.
I saw 72% on a test run with 26 circuits. 70% might be a little close to the
line. That, or min_circs is too low and we need to be more patient. We still
need to test/simulate more.
2012-06-14 21:20:10 -07:00
Mike Perry
61a5730392 For now, never disable any guards. 2012-06-14 13:20:01 -07:00
Mike Perry
8d59690033 Defend against entry node path bias attacks
The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.

If the failure rate exceeds a certain amount, a notice is emitted.

If it exceeds a greater amount, a warn is emitted and the guard is disabled.

These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
2012-06-14 13:19:56 -07:00
Nick Mathewson
4fdce6b091 Merge remote-tracking branch 'asn-mytor/bug5589_take2' 2012-06-14 13:05:16 -04:00
George Kadianakis
aa212b173c Remove validate_pluggable_transports_config(): redundant since 9d9b5ed0.
The warning message of validate_pluggable_transports_config() is
superseded by the changes in the warning message of
connection_or_connect() when the proxy credentials can't be found.
2012-06-14 18:01:22 +03:00
Nick Mathewson
e5beb82e04 Merge remote-tracking branch 'public/bug4663' 2012-06-13 17:01:53 -04:00
Nick Mathewson
5b0977df31 One more fix for bug 5049. 2012-06-13 16:45:13 -04:00
Andrea Shepard
d98590d3b7 Satisfy make check-spaces 2012-06-13 16:45:13 -04:00
Andrea Shepard
aa284561c8 Move cbt->liveness.timeouts_after_firsthop free code into its own function 2012-06-13 16:45:13 -04:00
Andrea Shepard
39a9178ba7 Early exit from circuit_build_times_set_timeout() if adaptive timeouts are disabled 2012-06-13 16:45:13 -04:00
Andrea Shepard
0c3c0b1ddd Don't poll to see if we need to build circuits for timeout data if LearnCircuitBuildTimeout is disabled 2012-06-13 16:45:12 -04:00
Andrea Shepard
a0f76289fd Use K&R style 2012-06-13 16:45:12 -04:00
Andrea Shepard
7df26de948 Unconditionally use config CircuitBuildTimeout if LearnCircuitBuildTimeout is disabled 2012-06-13 16:44:33 -04:00
Andrea Shepard
5177ab9e47 Don't track circuit timeout history unless we're actually using adaptive timeouts 2012-06-13 16:44:33 -04:00
Andrea Shepard
41a458ece1 Add debug logging to circuit_build_times_* of circuitbuild.c to trace queries of consensus parameters for bug 5049 2012-06-13 16:44:33 -04:00
Nick Mathewson
54ef039ba5 Merge branch 'bug5263_023' 2012-06-13 16:23:16 -04:00
Nick Mathewson
9282c88998 Add rate-limited log message to bug5263 fix
Initially I said, "I claim that we shouldn't be reading and marked;
let's see if I'm right."  But Rob finds that it does.
2012-06-13 16:21:06 -04:00
Rob G. Jansen
03b48352c6 Fix busy Libevent loops (infinite loops in Shadow)
There is a bug causing busy loops in Libevent and infinite loops in
the Shadow simulator. A connection that is marked for close, wants
to flush, is held open to flush, but is rate limited (the token
bucket is empty) triggers the bug.

This commit fixes the bug. Details are below.

This currently happens on read and write callbacks when the active
socket is marked for close. In this case, Tor doesn't actually try
to complete the read or write (it returns from those methods when
marked), but instead tries to clear the connection with
conn_close_if_marked(). Tor will not close a marked connection that
contains data: it must be flushed first. The bug occurs when this
flush operation on the marked connection can not occur because the
connection is rate-limited (its write token bucket is empty).

The fix is to detect when rate limiting is preventing a marked
connection from properly flushing. In this case, it should be
flagged as read/write_blocked_on_bandwidth and the read/write events
de-registered from Libevent. When the token bucket gets refilled, it
will check the associated read/write_blocked_on_bandwidth flag, and
add the read/write event back to Libevent, which will cause it to
fire. This time, it will be properly flushed and closed.

The reason that both read and write events are both de-registered
when the marked connection can not flush is because both result in
the same behavior. Both read/write events on marked connections will
never again do any actual reads/writes, and are only useful to
trigger the flush and close the connection. By setting the
associated read/write_blocked_on_bandwidth flag, we ensure that the
event will get added back to Libevent, properly flushed, and closed.

Why is this important? Every Shadow event occurs at a discrete time
instant. If Tor does not properly deregister Libevent events that
fire but result in Tor essentially doing nothing, Libevent will
repeatedly fire the event. In Shadow this means infinite loop,
outside of Shadow this means wasted CPU cycles.
2012-06-13 16:04:07 -04:00
Nick Mathewson
5a3d9636f5 Merge remote-tracking branch 'public/bug3940_redux' 2012-06-13 11:40:38 -04:00
Karsten Loesing
2133b6e5ba Fix integer overflow in cell stats spotted by atagar.
Fixes #5849.
2012-06-13 10:12:39 -04:00
Nick Mathewson
f4fccee4d2 Add a warning for using HTTPProxy with no other proxy.
From what I can tell, this configuration is usually a mistake, and
leads people to think that all their traffic is getting proxied when
in fact practically none of it is.  Resolves the issue behind "bug"
4663.
2012-06-12 15:21:41 -04:00
Nick Mathewson
ba9a12119c fixup! An attempt at bug3940 and making AllowDotExit 0 work with MapAddress 2012-06-11 21:50:52 -04:00
Nick Mathewson
c18b6ec3d4 Document ADDRMAPSRC_NONE. 2012-06-11 21:49:08 -04:00
Nick Mathewson
f0f70ba6f1 Merge branch 'bug5452' 2012-06-11 14:44:26 -04:00
Andrea Shepard
6b73fad709 Make RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT warning tell the user how to fix it. 2012-06-11 11:09:19 -07:00
Nick Mathewson
70910479e3 Merge remote-tracking branch 'public/bug5598'
Conflicts:
	doc/tor.1.txt

Conflict was on a formatting issue in the manpage.
2012-06-11 10:26:48 -04:00
Nick Mathewson
a6180b7f29 Merge branch 'bug6097' 2012-06-11 10:14:01 -04:00
Andrea Shepard
4fb2a14fae Warn if the user has set CircuitBuildTimeout stupidly low and turned off LearnCircuitBuildTimeout 2012-06-08 23:44:06 -07:00
Nick Mathewson
8be6058d8f changes file and whitespace fix for bug5235 patch 2012-06-08 14:33:16 -04:00
Andrea Shepard
554ec65ce7 Rate-limit 'Weighted bandwidth is 0.000000 ...' message; it can be produced in extreme quantities 2012-06-08 14:33:16 -04:00
Nick Mathewson
b0bab82790 Merge remote-tracking branch 'arma/bug3886'
Conflicts:
	src/or/dirserv.c
2012-06-07 13:30:55 -04:00
Nick Mathewson
f9fddba539 Downgrade an eventdns warning to PROTOCOL_WARN. 2012-06-07 13:03:39 -04:00
Nick Mathewson
1e5683b167 Be more careful calling wcstombs
The function is not guaranteed to NUL-terminate its output.  It
*is*, however, guaranteed not to generate more than two bytes per
multibyte character (plus terminating nul), so the general approach
I'm taking is to try to allocate enough space, AND to manually add a
NUL at the end of each buffer just in case I screwed up the "enough
space" thing.

Fixes bug 5909.
2012-06-07 11:09:38 -04:00
Nick Mathewson
99618a9641 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-06-07 09:46:14 -04:00
Robert Ransom
0dc47dfebf Send a CRLF at the end of a STATUS_* event, not in the middle of it
Fixes bug 6094; bugfix on commit 3a9351b57e.
2012-06-07 03:22:06 +00:00
Nick Mathewson
8a341cc429 Change the default for DynamicDHGroups to 0
This feature can make Tor relays less identifiable by their use of the
mod_ssl DH group, but at the cost of some usability (#4721) and bridge
tracing (#6087) regressions.

We should try to turn this on by default again if we find that the
mod_ssl group is uncommon and/or we move to a different DH group size
(see #6088).  Before we can do so, we need a fix for bugs #6087 and

Resolves ticket #5598 for now.
2012-06-06 12:00:04 -04:00
Nick Mathewson
7b2afb61b2 Merge branch 'bug5603' 2012-06-05 11:47:34 -04:00
Nick Mathewson
64167e1772 Minor changes to bug5603
* Minor stylistic changes to comments and doxygen
  * Use strcmp_opt; it already exists.
  * Tighten bridge_has_digest implementation a little.
2012-06-05 11:40:31 -04:00
Nick Mathewson
2468a1bd2c Revert "Disable (Cell,DirReq,Entry,ExitPort)Statistics on bridges"
This reverts commit 981e896dd2.

Apparently Karsten still needs DirReqStatistics for bridges; see
2012-06-05 10:47:05 -04:00
Nick Mathewson
38642a9369 Downgrade tor_assert(0) to tor_fragile_assert() in windows stub create_unix_sockaddr 2012-06-05 10:36:34 -04:00
Nick Mathewson
b4bd4964eb Merge remote-tracking branch 'public/format_doubles'
Conflicts:
	src/or/geoip.c
2012-06-05 10:30:50 -04:00
Nick Mathewson
981e896dd2 Disable (Cell,DirReq,Entry,ExitPort)Statistics on bridges
These stats are currently discarded, but we might as well
hard-disable them on bridges, to be clean.

Fix for bug 5824; bugfix on 0.2.1.17-rc.

Patch originally by Karsten Loesing.
2012-06-05 10:25:50 -04:00
Nick Mathewson
1ce0c5eba9 Merge remote-tracking branch 'public/bug4657'
Conflicts:
	src/or/router.c
2012-06-05 10:20:44 -04:00
Nick Mathewson
c19a2ff691 Merge remote-tracking branch 'public/bug4710' 2012-06-05 10:16:28 -04:00
Nick Mathewson
20d6f787aa Fix "make check-spaces" issues 2012-06-05 00:49:18 -04:00
Nick Mathewson
913067f788 Resolve about 24 DOCDOCs 2012-06-05 00:17:54 -04:00
Nick Mathewson
0fa107a6aa Update copyright dates to 2012; add a few missing copyright statements 2012-06-04 20:58:17 -04:00
Nick Mathewson
173b18c79b Add about 60 more DOCDOC comments to 0.2.3
Also, try to resolve some doxygen issues.  First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
2012-06-04 19:59:08 -04:00
Nick Mathewson
361260ff8f Resolve some markup complaints from doxygen 2012-06-04 19:56:33 -04:00
Nick Mathewson
f68c042637 Resolve all currently pending DOCDOC items in master 2012-06-04 19:05:51 -04:00
Nick Mathewson
b2be6c7f97 Document the new exit_source_out argument to addressmap_rewrite 2012-06-04 17:15:21 -04:00
Nick Mathewson
41e8bee188 Merge origin/maint-0.2.2 for 6007_strict
This code shouldn't have any effect in 0.2.3, since we already accept
(and handle) data received while we are expecting a renegotiation.
(That's because the 0.2.3.x handshake _does_ have data there instead of
the renegotiation.)

I'm leaving it in anyway, since if it breaks anything, we'll want it
broken in master too so we can find out about it.  I added an XXX023
comment so that we can come back later and fix that.
2012-06-04 11:47:36 -04:00
Nick Mathewson
491dc3a601 Merge remote-tracking branch 'public/bug6007_strict_squashed' into maint-0.2.2 2012-06-04 11:40:52 -04:00
Nick Mathewson
af54a01828 Kill non-open OR connections with any data on their inbufs.
This fixes a DoS issue where a client could send so much data in 5
minutes that they exhausted the server's RAM.  Fix for bug 5934 and
6007.  Bugfix on 0.2.0.20-rc, which enabled the v2 handshake.
2012-06-04 11:29:18 -04:00
George Kadianakis
1e95a4a1f6 Improve conflict resolution when adding new bridges. 2012-06-03 00:21:49 +03:00
Nick Mathewson
0cbe3ff313 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-31 17:00:37 -04:00
Nick Mathewson
834654f145 Make all begindir or one-hop circuits internal
This solves bug 5283, where client traffic could get sent over the
same circuit as an anonymized connection to a directory, even if
that circuit used an exit node unsuitable for clients.  By marking
the directory connection as needs_internal, we ensure that the
(non-internal!) client-traffic connection won't be sent over the
same circuit.
2012-05-31 16:55:54 -04:00
Nick Mathewson
fc0842275d Merge remote-tracking branch 'public/bug5374' 2012-05-31 15:07:19 -04:00
Nick Mathewson
d1bbd84a6d Merge remote-tracking branch 'linus/bug4873_ln' 2012-05-31 14:37:29 -04:00
Nick Mathewson
fc5d960fbd Merge remote-tracking branch 'public/bug5541_v2' 2012-05-31 12:40:30 -04:00
Nick Mathewson
155543d26e Merge remote-tracking branch 'public/bug1938' 2012-05-31 12:24:02 -04:00
Nick Mathewson
11bf5585aa Merge remote-tracking branch 'public/bug2954_more' 2012-05-31 12:22:02 -04:00
Linus Nordberg
0ed963e72a Remove unexpected "unexpectedly". 2012-05-31 13:08:57 +02:00
Linus Nordberg
c074562a17 Remove spurioius return in one out of four if-else clauses.
We do return right after the if-else.  This return (with its confusing
comments) comes from before 6b7c3b42 but doesn't make sense now.
2012-05-31 13:05:24 +02:00
Nick Mathewson
32d6acade8 Merge remote-tracking branch 'public/bug3196' 2012-05-31 01:02:27 -04:00
Nick Mathewson
ffc21b653f Merge remote-tracking branch 'origin/maint-0.2.2'
(For bug 5969 fix)
2012-05-31 00:07:52 -04:00
Nick Mathewson
3a9351b57e Fix more clang format-nonliteral warnings (bug 5969) 2012-05-30 23:59:49 -04:00
Nick Mathewson
fe68a80f8f Merge branch 'bug5604' 2012-05-30 17:00:36 -04:00
Nick Mathewson
d7e4777791 Add a little documentation for the bug5604 fix 2012-05-30 17:00:22 -04:00
Nick Mathewson
37f42c2f58 Merge remote-tracking branch 'public/bug5954' 2012-05-30 16:38:20 -04:00
Nick Mathewson
711e4b4237 Merge remote-tracking branch 'linus/bug4369' 2012-05-30 13:05:15 -04:00
Nick Mathewson
9e53cdca86 Merge remote-tracking branch 'public/bug5916' 2012-05-30 11:14:41 -04:00
Linus Nordberg
2f0c0f92f8 Fix minor typo in warning printout. 2012-05-29 15:03:22 +02:00
Nick Mathewson
9d41629aa0 Delay getsockname() call until after connect() is done
On Windows, getsockname() on a nonblocking apparently won't work
until the connection is done connecting.  On XP, it seems to fail by
reporting success and declaring that your address is INADDR_ANY.  On the
Win8 preview, though, it fails more loudly and says WSAEINVAL.

Fix for bug 5374; bugfix on 0.1.1.14-alpha.
2012-05-24 16:57:36 -04:00
Nick Mathewson
281a5e4670 Warn and ignore the MyFamily setting if BridgeRelay is also set
Roger explains at
  http://archives.seul.org/tor/talk/Nov-2011/msg00209.html :

  "If you list your bridge as part of your family in the relay
  descriptor, then everybody can learn your bridge fingerprint, and
  they can look up your bridge's descriptor (and thus location) at
  the bridge directory authority."

Now, we can't stop relays from listing bridges, but we can warn when
we notice a bridge listing anybody, which might help some.

This fixes bug 4657; it's a fix on 0.2.0.3-alpha, where bridges were
first introduced.
2012-05-24 12:39:26 -04:00
Nick Mathewson
6b7c3b42ee Change an assertion into a warning in connection_or_handle_event_cb()
Possibly addresses bug 4873, though IMO that's likely not a real
bug: it seems likely to have been an ssl version mismatch.
2012-05-24 11:14:28 -04:00
Nick Mathewson
0da40bba88 Abort writing cached-microdescs if a failed write has occurred.
Bug 2954; fix on 0.2.2.6-alpha.
2012-05-24 11:07:01 -04:00
Nick Mathewson
2418bc9594 New "GETINFO dormant" to report whether Tor has gone idle
Torbutton needs this; see bug 5954 and 4718.
2012-05-24 10:42:55 -04:00
Nick Mathewson
466276faa5 Merge remote-tracking branch 'asn/bug5602' 2012-05-18 12:36:04 -04:00
Nick Mathewson
4c4dd505be Fix a hard-to-trigger memory leak in launch_resolve
To hit this leak, you need to be a relay that gets a RESOLVE request
or an exit node getting a BEGIN or RESOLVE request.  You must either
have unconfigured (and unconfigurable) nameservers, or you must have
somehow set DisableNetwork after a network request arrived but
before you managed to process it.

So, I doubt this is reached often.  Still, a leak's a leak.  Fix for
bug 5916; bugfix on 0.2.3.9-alpha and 0.1.2.1-alpha.
2012-05-18 12:21:46 -04:00
Nick Mathewson
c1da29e22d Merge remote-tracking branch 'asn/bug5646' 2012-05-18 12:10:40 -04:00
George Kadianakis
153b9892f0 Extract data from DESTROY cell _after_ protocol violation checks. 2012-05-18 15:22:03 +03:00
George Kadianakis
a8a862c909 Ignore unknown lines from managed proxies. 2012-05-18 15:04:48 +03:00
George Kadianakis
5dc9acb5e5 Use a more helpful log message when we can't find a proxy. 2012-05-18 03:07:46 +03:00
Nick Mathewson
0bec9f320b Use %f, not %lf when formatting doubles
%f is correct; %lf is only needed with scanf.  Apparently, on some
old BSDs, %lf is deprecated.

Didn't we do this before?  Yes, we did.  But we only got the
instances of %lf, not more complicated things like %.5lf .  This
patch tries to get everything.

Based on a patch for 3894 by grarpamp.
2012-05-16 14:26:35 -04:00
Nick Mathewson
2b6e91c2ee Report EADDRNOTAVAIL and EADDRINUSE as RESOURCELIMIT
These errors usually mean address exhaustion; reporting them as such
lets clients adjust their load to try other exits.

Fix for bug 4710; bugfix on 0.1.0.1-rc, which started using
END_STREAM_REASON_RESOURCELIMIT.
2012-05-16 12:46:24 -04:00
Nick Mathewson
3f55b76360 Merge remote-tracking branch 'public/bug5139' 2012-05-16 11:47:13 -04:00
Fabian Keil
2888644a9f In connection_ap_handshake_process_socks(), mark the socks request as finished if a reply is send after a parse error
Silences the log message:
[warn] {BUG} _connection_mark_unattached_ap(): Bug: stream (marked at connection_edge.c:2224) sending two socks replies?
after the client triggered the "Tor is not an HTTP Proxy" response.

No additional socks reply was sent, though.
2012-05-16 11:37:31 -04:00
Roger Dingledine
f89de0a79f Remove over-two-months-old entry guards even while running.
Previously, we only did this check at startup, which could lead to
us holding a guard indefinitely, and give weird results.  Fixes bug
5380; bugfix on 0.2.1.14-rc.

(Patch by Roger; changes file and commit message by Nick)
2012-05-16 11:31:28 -04:00
Nick Mathewson
a6cb07bd9e Correct documentation for remove_obsolete_entry_guards. 2012-05-16 11:31:28 -04:00
Nick Mathewson
517b9c602a Merge remote-tracking branch 'public/bug2297' 2012-05-16 11:14:00 -04:00
Nick Mathewson
a925fc9189 Merge remote-tracking branch 'public/bug2822' 2012-05-16 11:10:09 -04:00
Nick Mathewson
a3046fd5e5 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-16 10:57:08 -04:00
Nick Mathewson
3ed4c5dc05 Correct the bulletproofing of routerlist_insert()
The original code updated some variables, but forgot to remove a
replaced old-routerdesc from rl->old_routers.

Related to bug 1776.
2012-05-16 10:51:02 -04:00
Nick Mathewson
ee246bbe95 Merge remote-tracking branch 'public/bug3296' 2012-05-16 10:40:21 -04:00
Nick Mathewson
b41dd8069f When ReloadTorrcOnSIGHUP=1, do non-reload activities anyway
Previously, we skipped everything that got invoked from
options_init_from_torrc.  But some of the stuff in
options_act_reversible and options_act is actually important, like
reopening the logs.

Now, a SIGHUP always makes the effects of an options_set() happen,
even though the options haven't changed.

Fix for bug 5095; bugfix on 0.2.1.9-alpha, which introduced
__ReloadTorrcOnSIGHUP.
2012-05-16 10:36:21 -04:00
Nick Mathewson
d5ccaa6e2b Merge branch 'win32_winnt' 2012-05-16 09:56:49 -04:00
Nick Mathewson
edf0d5b12c Prevent an (impossible) null-pointer dereference in connection_edge_process_relay_cell
This would happen if the deliver window could become negative
because of an nonexistent connection.  (Fortunately, _that_ can't
occur, thanks to circuit_consider_sending_sendme.  Still, if we
change our windowing logic at all, we won't want this to become
triggerable.)  Fix for bug 5541.  Bugfix on 4a66865d, back from
0.0.2pre14.  asn found this.  Nice catch, asn!
2012-05-15 14:45:51 -04:00
Nick Mathewson
521cb58187 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-15 10:05:19 -04:00
Nick Mathewson
5905a0b2db Merge branch 'bug5796_022_squashed' into maint-0.2.2 2012-05-15 10:04:49 -04:00
Nick Mathewson
f2a6eedded Fix a crash bug on SETCIRCUITPURPOSE. 2012-05-15 10:03:10 -04:00
Nick Mathewson
009453f919 Merge remote-tracking branch 'linus/task-5891' 2012-05-15 08:33:08 -04:00
Linus Nordberg
e3716598fc Assert that rep_hist_format_desc_stats() returns !NULL.
The guard against this is the test for
start_of_served_descs_stats_interval != 0 done earlier.
2012-05-15 13:12:34 +02:00
Karsten Loesing
57359b5336 Fix desc stats on bridge authorities that didn't serve anything. 2012-05-15 12:39:08 +02:00
Nick Mathewson
21e3261914 Bump _WIN32_WINNT to 0x0501 throughout the code
This tells the windows headers to give us definitions that didn't
exist before XP -- like the ones that we need for IPv6 support.

See bug #5861.  We didn't run into this issue with mingw, since
mingw doesn't respect _WIN32_WINNT as well as it should for some of
its definitions.
2012-05-14 13:46:37 -04:00
Nick Mathewson
9ffccb3f49 Remove all instances of WIN32_WINNT (without leading _)
We started adding it in 59e2c77824 back in 2004, 8 years and 3
days ago.  It's time to deprogram ourselves from this cargo cult.
2012-05-14 13:36:52 -04:00
Nick Mathewson
d8de831932 MSVC build issue: it can't tell that tor_assert(0) aborts. 2012-05-14 13:07:27 -04:00
Nick Mathewson
43e15300ba MSVC build issue: make 'const' in declaration match 'const' in definition
MSVC warns if you declare a function as having a "int foo" argument
and then implement it with a "const int foo" argument, even though
the latter "const" is not a part of the function's interface.
2012-05-14 13:05:36 -04:00
Nick Mathewson
757725ffde MSVC build issue: we use INLINE as the one that will magically work 2012-05-14 13:04:37 -04:00
Nick Mathewson
02d206a58b Be a good git person: store nmakefiles in correct text fmt 2012-05-14 13:01:05 -04:00
Nick Mathewson
31eb73f88e Do not publish the "git-XXX" tag in server descriptors
Instead, allow packagers to put a 'TOR_BUILD_TAG' field in the
server descriptor to indicate a platform-specific value, if they
need to.  (According to weasel, this was his use for the git- tag
previously.)

This is part of 2988
2012-05-11 18:06:12 -04:00
Nick Mathewson
35d08e30d8 An attempt at bug3940 and making AllowDotExit 0 work with MapAddress
This time, I follow grarpamp's suggestion and move the check for
.exit+AllowDotExit 0 to the top of connection_ap_rewrite_and_attach,
before any rewriting occurs.  This way, .exit addresses are
forbidden as they arrive from a socks connection or a DNSPort
request, and not otherwise.

It _is_ a little more complicated than that, though.  We need to
treat any .exit addresses whose source is TrackHostExits as meaning
that we can retry without that exit.  We also need to treat any
.exit address that comes from an AutomapHostsOnResolve operation as
user-provided (and thus forbidden if AllowDotExits==0), so that
transitioning from AllowDotExits==1 to AllowDotExits==0 will
actually turn off automapped .exit addresses.
2012-05-11 17:16:29 -04:00
Nick Mathewson
4bac223311 Fix a couple of wide lines 2012-05-11 13:01:07 -04:00
Nick Mathewson
0888c2f8f5 When no usable exit satisfies a predicted port, stop predicting it.
Fix for bug 3296.
2012-05-11 12:52:21 -04:00
Nick Mathewson
6757261e8f Raise thresholds for declaring bootstrapping complete.
This patch changes the total serverdesc threshold from 25% to 75%
and the exit threshold from 33% to 50%.  The goal is to make
initially constructed circuits less horrible, and to make initial
less awful (since fetching directory information in parallel with
whatever the user is trying to do can hurt their performance).

Implements ticket 3196.
2012-05-11 12:09:00 -04:00
Nick Mathewson
e0655708a2 Merge remote-tracking branch 'asn/bug4865_take2' 2012-05-11 11:52:51 -04:00
Roger Dingledine
648db9a4b7 Merge branch 'maint-0.2.2' 2012-05-10 17:57:31 -04:00
Roger Dingledine
436654ee96 fix over-wide line from f661747370 2012-05-10 17:46:19 -04:00
Nick Mathewson
02a650786b Fix O(n^2) performance when parsing a big pile of extrainfos
We were doing an O(n) strlen in router_get_extrainfo_hash() for
every one we tried to parse.  Instead, have
router_get_extrainfo_hash() take the length of the extrainfo as an
argument, so that when it's called from
extrainfo_parse_from_string(), it doesn't do a strlen() over the
whole pile of extrainfos.
2012-05-10 17:41:31 -04:00
Nick Mathewson
0b1a334842 Merge branch 'bug5786' 2012-05-10 15:44:41 -04:00
Nick Mathewson
e30a4311e2 Merge remote-tracking branch 'linus/bug5146' 2012-05-10 14:07:23 -04:00
Nick Mathewson
8c09923f20 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-10 11:50:14 -04:00
Ravi Chandra Padmala
f661747370 Add missing CRLFs to AUTHCHALLENGE failure replies
Fix #5760
2012-05-10 11:13:09 +05:30
Nick Mathewson
d9ba9f91d2 Detect out-of-bounds bwweightscale values early in the voting process
If the authorities agreed on a sufficiently bad bwweightscale value
(<=0 or == INT32_MAX), the bandwidth algorithm could make the voters
assert while computing the consensus.

Fix for bug5786; bugfix on 0.2.2.17-alpha
2012-05-07 12:47:13 -04:00
Nick Mathewson
c8a0cceae2 Check more thoroughly for dups when parsing networkstatus parameters
See changes file for details.

Partial fix for bug 5786; fix on 0.2.2.2-alpha.
2012-05-07 12:40:05 -04:00
Nick Mathewson
3f48c7575e Merge branch 'bug5645_take2' 2012-05-07 11:09:50 -04:00
Nick Mathewson
f84f75c59c Make a cast less const-violating; make a field size explicit. 2012-05-07 11:09:02 -04:00
George Kadianakis
d2e9d17134 Reorder rend_mid_rendezvous() to do protocol violation checks on top. 2012-05-07 18:05:54 +03:00
Nick Mathewson
eefdb9eec2 Using %d to printf an enum may not be by-the-standard okay. 2012-05-07 11:02:17 -04:00
Nick Mathewson
74810f95ad Fix an overwide line 2012-05-07 10:59:23 -04:00
Nick Mathewson
39e69a0a8c Fix comments: There is no such thing as a NUL pointer 2012-05-07 10:57:59 -04:00
Nick Mathewson
9ceec869b5 Document some transports.c behaviors and assumptions 2012-05-07 09:55:14 -04:00
Linus Nordberg
6b4af10716 Ignore [::] when building descriptors.
This is how IPv6 says "0.0.0.0" and something we will have to
translate into a globally reachable address before putting it in a
descriptor.

The fix is a short term solution until a real one is implemented.

Closes #5146.
2012-05-03 22:19:38 +02:00
George Kadianakis
e603692adc Make transports.c logs a bit more helpful. 2012-05-03 04:40:36 +03:00
Nick Mathewson
c9afd6f9c5 Add a missing ntohl to tell_controller_about_resolve_result
Fix for bug 5723; bugfix on 0.2.3.1-alpha (commit 22f723e4)
2012-05-01 17:21:47 -04:00
Nick Mathewson
9df89aacbd Close OR connections that send junk before AUTHORIZE/VERSIONS
Fix for 4369.
2012-04-27 12:02:55 -04:00
Nick Mathewson
7c8032c22b Bridges should never set the send_unencrypted flag on any of their descs
Fix for bug 5139.
2012-04-27 11:51:48 -04:00
Nick Mathewson
8f070ecbc0 When downloading bridge descs from a bridge authority, always be anonymous 2012-04-27 11:27:32 -04:00
Nick Mathewson
f86bd1d5a4 Merge remote-tracking branch 'arma/bug5623' 2012-04-24 15:25:21 -04:00
Roger Dingledine
1cbde0bd50 peel off some unnecessary parens 2012-04-24 12:26:00 -04:00
Roger Dingledine
ae94e36a1d Merge remote-tracking branch 'nickm/bug2497' 2012-04-24 12:19:07 -04:00
Nick Mathewson
4314d1a15a Merge remote-tracking branch 'public/bug4572' 2012-04-24 11:38:51 -04:00
Arturo Filastò
e0e4b84757 Add a check_no_tls_errors() to read_to_buf_tls
Fixes bug #4528 "read_to_buf_tls(): Inconsistency in code".

This check was added back in 0.1.0.3-rc, but somehow we forgot to
leave it in when we refactored read_to_buf_tls in 0.1.0.5-rc.

(patch by Arturo; commit message and changes file by nickm)
2012-04-24 11:36:38 -04:00
Roger Dingledine
526beb7be6 be willing to use nodes in excludeexitnodes as directory mirrors
fixes bug 5623.
2012-04-24 11:26:05 -04:00
Nick Mathewson
461771ebbc Merge branch 'bug4438-v2' 2012-04-24 11:18:41 -04:00
Nick Mathewson
db81cdbb0f Tweak the bug4438 fix a little: different check, better log
Instead of checking for 'rejected' and calling everything else okay,
let's check for 'outdated' and call everythign else a problem.  This
way we don't risk missing future errors so much.

When logging a message that _looks_ like an error message at info, we
should mention that it isn't really a problem.
2012-04-24 11:17:36 -04:00
Nick Mathewson
3e4ccbc4ba Merge remote-tracking branch 'public/bug5537' 2012-04-24 11:05:50 -04:00
Robert Ransom
627c37ad6a Don't reset intro-point creation rate-limiting timer
Previously, we would reset it at the drop of a hat -- every time a second
passes without any of the intro-point circs already launched for the
service failing.

Fixes bug 4607.
2012-04-20 17:23:31 -04:00
Nick Mathewson
5630b61f5c Merge remote-tracking branch 'public/bug5647_cleanup' 2012-04-20 11:28:57 -04:00
Nick Mathewson
2d24994d16 Merge remote-tracking branch 'asn-mytor/bug5601' 2012-04-19 17:53:19 -04:00
Nick Mathewson
f2384d5e2c Make base64_decode in rend_parse_client_keys more foolproof
In general, whenever we can, we should be doing
  base64_decode(buf, sizeof(buf), s, strlen(s)),
and not
  base_64_decode(buf, expr1, s, expr2)
where we hope that expr1 is a good name for the size of buf and expr2
is a good formula for the length of the base64 expression in s.
2012-04-19 17:13:47 -04:00
Nick Mathewson
bd7724a57e Merge remote-tracking branch 'origin/maint-0.2.2' 2012-04-19 17:08:09 -04:00
Nick Mathewson
074bf72a2c If DisableNetwork, don't even try to open non-controller listeners
Fix for 5604; bugfix on 0.2.3.9-alpha, which introduced DisableNetwork.
2012-04-18 23:32:02 -04:00
Nick Mathewson
f6afd4efa6 Fix a log-uninitialized-buffer bug.
Fix for 5647; bugfix on 0.2.1.5-alpha.
2012-04-18 23:02:09 -04:00
Nick Mathewson
e9dae1ff2e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/rendservice.c

Conflicts were due to new NON_ANONYMOUS_MODE_ENABLED tor2web code; I
think I resolved them correctly.
2012-04-18 22:30:02 -04:00
George Kadianakis
2d276ab9d9 rend_service_introduce(): do protocol violation check before anything else.
(Cherry-picked from 6ba13e4 by nickm)
2012-04-18 22:26:06 -04:00
Nick Mathewson
0b1ec16058 Don't fetch v2 networkstatuses from caches, even if auths are down
Fix for 5635; fix on 0.2.2.26-beta, where caches stopped fetching this
information.
2012-04-17 17:18:59 -04:00
George Kadianakis
6d2898607b Fix issues found by nickm.
* Document fmt_addr_impl() and friends.
* Parenthesize macro arguments.
* Rename get_first_listener_addrport_for_pt() to
  get_first_listener_addrport_string().
* Handle port_cfg_t with no_listen.
* Handle failure of router_get_active_listener_port_by_type().
* Add an XXX to router_get_active_listener_port_by_type().
2012-04-12 22:42:37 +02:00
George Kadianakis
32267809b5 Trivially refactor validate_pluggable_transports_config().
* Remove the ugly if statement.
* constify 'bridge_info_t' in SMARTLIST_FOREACH_BEGIN.
2012-04-12 01:35:46 +02:00
George Kadianakis
9d9b5ed0c6 Improve the message of validate_pluggable_transports_config(). 2012-04-12 01:27:58 +02:00
Nick Mathewson
77e51224fa Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
Closes ticket 4572.
2012-04-11 10:59:11 -04:00
Nick Mathewson
ab338e3bb8 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-04-11 10:06:49 -04:00
Nick Mathewson
dd3f4f1bdb Include a Host: header with any HTTP/1.1 proxy request
Bugfix on 0.2.2.1-alpha, which added the orginal HTTP proxy
authentication code.  Fix for bug 5593.
2012-04-10 12:00:20 -04:00
Sebastian Hahn
ed8374eb5a Simplify DH prime generation logic some.
This is just refactoring work here. The old logic was kind of
convoluted, especially after the bug 5572 fix. We don't actually need to
distinguish so many cases here. Dropping detection of the
"!old_options || !old_options->DynamicDHGroups" case is fine because
that's the same that we'd do for clients.

Also add a changes file for bug 5572.
2012-04-08 01:11:02 +02:00
Daniel 'koolfy' Faucon
ce5422ecd1 fix bug 5572 2012-04-07 23:56:52 +02:00
Nick Mathewson
15ac8c5711 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-04-04 21:05:42 -04:00
Nick Mathewson
439fc704f1 Wrap long line; strlen("ides")<strlen("turtles"). 2012-04-04 21:05:19 -04:00
Sebastian Hahn
b24487d106 ides has become turtles, and gotten a new IP address
As per ticket 5569
2012-04-05 01:53:04 +02:00
Nick Mathewson
6a9e693fbe Suppress "decided to publish new descriptor" message when not a server
The message only means that we're publishing a new descriptor when we
are actually in some kind of server mode, and publication is on.

Fix for bug 3942; bugfix on 0.2.3.2-alpha.
2012-04-02 18:59:21 -04:00
Roger Dingledine
c7cbd06d5f Merge branch 'maint-0.2.2'
Conflicts:
	src/or/config.c
2012-04-01 16:03:16 -04:00
Roger Dingledine
5fed1ccd90 put a _ before or_options_t elements that aren't configurable
it's fine with me if we change the current convention, but we should
actually decide to change it if we want to.
2012-04-01 15:59:38 -04:00
Nick Mathewson
341c6a59db Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c

Conflict was in or_options_free, where two newly added fields had free
calls in the same place.
2012-04-01 00:46:52 -04:00
Nick Mathewson
9a69c24150 Do not use strcmp() to compare an http authenticator to its expected value
This fixes a side-channel attack on the (fortunately unused!)
BridgePassword option for bridge authorities.  Fix for bug 5543;
bugfix on 0.2.0.14-alpha.
2012-04-01 00:42:04 -04:00
George Kadianakis
10232dc042 Pass OR address to PT proxy, even with IPv6 or ORListenAddress.
Introduce get_first_listener_addrport_for_pt() which returns a string
containing the addrport of the first listener we could find. Use it to
form the TOR_PT_ORPORT managed proxy protocol line.
2012-03-31 14:04:58 +02:00
George Kadianakis
fedf76a2e6 Introduce and use router_get_active_listener_port_by_type().
router_get_active_listener_port_by_type() iterates all connections,
trying to find a listener of a specific type, and returns its TCP
port.
2012-03-31 13:54:09 +02:00
Nick Mathewson
a74905cea4 We allow IPv6 connections, don't use sockaddr_in with getsockname
This fixes client_check_address_changed to work better with IPv6 Tor
clients, and prevents them from spewing errors. Fix for ticket 5537.
2012-03-30 16:43:52 -04:00
Nick Mathewson
cc35157805 Twiddle ROUTER_{MAX_COSMETIC_TIME_DIFFERENCE,MAX_AGE_TO_PUBLISH}
This is ticket 2479. Roger's original explanation was:

   We have a series of bugs where relays publish a descriptor within
   12 hours of their last descriptor, but the authorities drop it
   because it's not different "enough" from the last one and it's
   too close to the last one.

   The original goal of this idea was to a) reduce the number of new
   descriptors authorities accept (and thus have to store) and b)
   reduce the total number of descriptors that clients and mirrors
   fetch. It's a defense against bugs where relays publish a new
   descriptor every minute.

   Now that we're putting out one consensus per hour, we're doing
   better at the total damage that can be caused by 'b'.

   There are broader-scale design changes that would help here, and
   we've had a trac entry open for years about how relays should
   recognize that they're not in the consensus, or recognize when
   their publish failed, and republish sooner.

   In the mean time, I think we should change some of the parameters
   to make the problem less painful.
2012-03-30 15:38:16 -04:00
Nick Mathewson
5193752ca8 Exits don't need to fetch certs for unknown authorities
When we started RefuseUnknownExits back in 0.2.2.11-alpha, we
started making exits act like they cache directory info (since they
need an up-to-date idea of who is really a router).  But this
included fetching needless (unrecognized) authorities' certs, which
doesn't make any sense for them.

This is related to, but not necessarily the same as, the issue that
Ian reported for bug #2297.

(This patch is based on a patch from a user who I believe has asked
not to be named.  If I'm wrong about that, please add the
appropriate name onto the changelog.)
2012-03-30 15:20:06 -04:00
Robert Ransom
458718d497 Fix comment typo 2012-03-30 11:04:03 -04:00
Nick Mathewson
affbcded5c Fix a memory leak in an error case of SAFECOOKIE authentication.
Found by Coverity Scan; fix for CID 507; bugfix on 0.2.3.13-alpha.
2012-03-30 10:20:48 -04:00
Nick Mathewson
1da5223e89 Merge branch 'bug5527' 2012-03-30 10:15:35 -04:00
Nick Mathewson
491ffa540f Move router lookup to _after_ we assert that its argument is set
A previous commit in the 5527 branch had moved
router_get_mutable_by_digest(digest_rcvd) to happen before we did
tor_assert(digest_rcvd), which would have defeated the purpose of
the assert.
2012-03-30 10:14:31 -04:00
Nick Mathewson
545cb5f34e Merge remote-tracking branch 'linus/empty_desc_stats' 2012-03-30 10:06:21 -04:00
Roger Dingledine
3031def726 checking "same addr/port but with nonmatching keys" is obsolete
Specifically, I believe it dates back to when extend cells had address:port
but no digest in them. The special edge case is certainly not worth the
complexity these days.
2012-03-29 16:45:25 -04:00
Roger Dingledine
5cb82e44d1 simplify further 2012-03-29 16:37:50 -04:00
Linus Nordberg
20eb38a588 Refactor dirserv_orconn_tls_done().
Look up the router using the digest instead of looping over all routers.
2012-03-29 22:01:06 +02:00
Nick Mathewson
f348daa6fb Merge remote-tracking branch 'linus/bug4875_2' 2012-03-29 10:53:09 -04:00
Nick Mathewson
04a1696095 Merge remote-tracking branch 'linus/bug5151' 2012-03-28 17:18:30 -04:00
Linus Nordberg
734fad4103 Make relays handle an address suggestion from a directory server giving an IPv6 address.
last_guessed_ip becomes a tor_addr_t.

Most parts of router_new_address_suggestion() learns
about IPv6 (resolve_my_address() is still IPv4 only).
2012-03-28 22:16:55 +02:00
Linus Nordberg
1b6f6bfda5 Don't try to generate stats from an empty served_descs. 2012-03-28 20:57:45 +02:00
Sebastian Hahn
77bc1b803e Fix a bunch of check-spaces complaints 2012-03-28 15:02:15 +02:00
Nick Mathewson
a9c0e9fec2 Write initial documentation for the contents of the state file
Fixes bug 2987.  There is still some information to go, but now we
have a place to put it.
2012-03-28 04:08:56 -04:00
Nick Mathewson
433d757846 Reject SOCKS requests for "localhost" or ".local"
Sending them on is futile, since we will be told "127.0.0.1" and then
think we've been lied to.  Partial fix for 2822.
2012-03-28 03:19:00 -04:00
Nick Mathewson
70c17134c7 Rate-limit the warnings as a client when asked to connect a private addr
Partial fix for ticket 2822.
2012-03-28 03:06:25 -04:00
Nick Mathewson
d20c6d2a37 Keep separate time-to-downloads for each consensus flavor
This is a fix for bug 4011, where if we have a recent ns consensus we
won't even try fetching a microdesc consensus.  Fix on 0.2.3.1-alpha,
I believe.
2012-03-28 02:55:33 -04:00
Nick Mathewson
de0dca0de7 Refactor the API for setting up a block cipher.
It allows us more flexibility on the backend if the user needs to
specify the key and IV at setup time.
2012-03-27 22:37:56 -04:00
Nick Mathewson
342e753d31 Merge remote-tracking branch 'karsten/bug5053' 2012-03-27 11:22:32 -04:00
Nick Mathewson
5a2d0fbe64 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/control.c
2012-03-26 18:51:37 -04:00
Nick Mathewson
6dcbfec82d Merge remote-tracking branch 'rransom-tor/safecookie-022-v3' into maint-0.2.2 2012-03-26 14:03:29 -04:00
Sebastian Hahn
fe2b177cfb Never disable debugger attachment for the unit tests 2012-03-22 12:50:44 +01:00
Linus Nordberg
341e37e38c Move the logging of 'My line' to debug level (#5151). 2012-03-19 05:12:19 +01:00
Linus Nordberg
bb2135fea6 Reorder initialisation of port_cfg to match order of members in struct. 2012-03-19 04:57:19 +01:00
Linus Nordberg
ce5489eec0 Fix cut'n'paste bug (#5151). 2012-03-19 04:55:17 +01:00
Roger Dingledine
12594f27db Stop discarding command-line arguments when TestingTorNetwork is set
Discovered by Kevin Bauer. Fixes bug 5373; bugfix on 0.2.3.9-alpha,
where task 4552 added support for two layers of torrc files.
2012-03-14 02:40:04 -04:00
Nick Mathewson
9f88c1e14f Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/circuitbuild.c
2012-03-09 14:30:12 -05:00
Nick Mathewson
99bd5400e8 Never choose a bridge as an exit. Bug 5342. 2012-03-09 14:27:50 -05:00
Nick Mathewson
978cfcfbbb Merge remote-tracking branch 'origin/maint-0.2.2' 2012-03-09 14:25:18 -05:00
Nick Mathewson
8abfcc0804 Revise "sufficient exit nodes" check to work with restrictive ExitNodes
If you set ExitNodes so that only 1 exit node is accepted, the
previous patch would have made you unable to build circuits.
2012-03-09 14:23:23 -05:00
Nick Mathewson
d4526e1d4a Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/routerlist.c
2012-03-09 13:57:32 -05:00
Nick Mathewson
ec8a06c5a1 Require a threshold of exit nodes before building circuits
This mitigates an attack proposed by wanoskarnet, in which all of a
client's bridges collude to restrict the exit nodes that the client
knows about.  Fixes bug 5343.
2012-03-08 15:42:54 -05:00
Nick Mathewson
3fc3ed50a1 Merge remote-tracking branch 'public/bug4361'
Conflicts:
	src/or/command.c
2012-03-08 14:23:52 -05:00
Roger Dingledine
b5a8c3aa00 Remove misleading function comment (bug 5324)
In the distant past, connection_handle_read() could be called when there
are pending bytes in the TLS object during the main loop. The design
since then has been to always read all pending bytes immediately, so
read events only trigger when the socket actually has bytes to read.

Resolves bug 5324.
2012-03-07 21:07:30 -05:00
Nick Mathewson
298e08132f Merge remote-tracking branch 'public/bug4760' 2012-03-05 10:44:48 -05:00
Nick Mathewson
6a0d809f44 Merge remote-tracking branch 'sebastian/bug5231' 2012-02-29 15:16:15 -05:00
Roger Dingledine
406bc95271 Merge branch 'maint-0.2.2' 2012-02-29 13:23:23 -05:00
Roger Dingledine
e21756908f new ip address for maatuska 2012-02-29 13:22:41 -05:00
Roger Dingledine
c26aaf9cba whitespace fix 2012-02-29 13:17:52 -05:00
Sebastian Hahn
2755b09c52 Don't cannibalize already cannibalized circuits
This ensures we don't build circuits that have 5 hops or more. Patch
contributed by wanoskarnet, thanks!
2012-02-25 17:59:21 +01:00
Daniel Bryg
f7e87f41f7 When not fetching v2 dir info, don't require it for cleaning descriptors
Bugfix on 0.2.2.26-beta, which introduced the idea of caches not
cacheing v2 info.  Fixes bug 4838.
2012-02-23 13:59:37 -05:00
Robert Ransom
e111e371b4 Implement 'safe cookie authentication' 2012-02-22 05:46:09 -08:00
Roger Dingledine
3a94530595 document a cool attack that we evaluated 2012-02-17 14:02:25 -05:00
Nick Mathewson
eaedcba493 Merge branch 'bug5105-v2-squashed'
Conflicts:
	src/or/transports.c
2012-02-17 11:50:10 -05:00
Robert Ransom
33552c16ca Heap-allocate strings returned by get_current_process_environment_variables 2012-02-17 11:42:21 -05:00
Robert Ransom
c0808b795f Pass process_environment_t * to tor_spawn_background
Now tor_spawn_background's prototype is OS-independent.
2012-02-17 11:42:20 -05:00
Robert Ransom
bf1ce3f53d Rewrite managed proxy environment setup code
Now, the environment setup is entirely OS-independent, as well as less
hacky and brittle.
2012-02-17 11:42:20 -05:00
Nick Mathewson
936b7b7b0b Downgrade "Registered server transport" msg to notice. Bug 5136 2012-02-15 12:58:36 -05:00
Sebastian Hahn
efb7b9dec1 Use _NSGetEnviron() instead of environ where required
OS X would otherwise crash with a segfault when linked statically to
some libraries.
2012-02-14 11:18:39 -05:00
Nick Mathewson
c08dde7e28 Reinstate TOR_PR_EXTENDED_SERVER_PORT, just a little 2012-02-13 00:13:58 -05:00
Sebastian Hahn
93414707ae set_managed_proxy_environment() can't fail anymore
It already couldn't fail on Windows, now it can't fail on non-Windows,
either.
2012-02-12 23:39:58 -05:00
Sebastian Hahn
9857ef0fb5 Properly set up environment for managed-mode obfsproxy 2012-02-12 23:39:58 -05:00
Nick Mathewson
60b42d68f3 Try to have (and maintain!) an invariant about unconfigured_proxies_n
The invariant is: unconfigured_proxies_n is exactly the number of
managed_proxy_t not in state PT_PROTO_COMPLETED.

To maintain this, we need to stop overloading unconfigured_proxies_n
to also count managed_proxy_t items that are in PT_PROTO_COMPLETED but
which might need relaunching.  To make it so we can detect those, we
introduce another variable.

This commit also adds a function to assert that we haven't broken the
invariant.

Fix for bug 5084; bugfix on 0.2.3.6-alpha, I think.
2012-02-12 23:30:19 -05:00
Nick Mathewson
fff511a5e7 Don't smartlist_remove a managed proxy from a list we're iterating over.
In some cases, we solve this by doing a SMARTLIST_DEL_CURRENT before
calling managed_proxy_destroy.  But for a trickier one, we just make a
copy of the list before iterating over it, so that changes to the
manage proxy list don't hurt our iteration.

This could be related to bug 5084.
2012-02-12 23:30:18 -05:00
Sebastian Hahn
d7d6da28d4 Fix a check-spaces complaint 2012-02-12 23:29:22 -05:00
Nick Mathewson
4aa0aa0300 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/Makefile.am
	src/or/Makefile.am
2012-02-12 23:27:31 -05:00
Nick Mathewson
61452299d1 Unpack a smartlist_foreach and add an assert: try to hunt #5102 2012-02-12 19:42:35 -05:00
Robert Ransom
93dbc17a1a Fix #5097 on Windows, too 2012-02-12 19:13:17 -05:00
Robert Ransom
0e9663d439 Fix bug #5097: remove bogus envvar from managed proxies' environment 2012-02-12 19:12:51 -05:00
Sebastian Hahn
8ce6722d76 Properly protect paths to sed, sha1sum, openssl
in Makefile.am, we used it without quoting it, causing build failure if
your openssl/sed/sha1sum happened to live in a directory with a space in
it (very common on windows)
2012-02-10 20:12:03 +01:00
Nick Mathewson
64523609c9 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-02-10 12:03:46 -05:00
Nick Mathewson
c8b855082b Downgrade "missing a certificate" from notice to info
It was apparently getting mistaken for a problem, even though it was
at notice.

Fixes 5067; fix on 0.2.0.10-alpha.
2012-02-10 12:01:56 -05:00
Karsten Loesing
4741aa48a2 Roger notes that address and addr are two different things. 2012-02-09 15:54:00 +01:00
Karsten Loesing
cc94a48ff4 Simply geoip_get_country_by_addr based on arma's comment. 2012-02-09 15:22:42 +01:00
Karsten Loesing
218193d38d Add braces around a two-line code block. 2012-02-09 11:25:48 +01:00
Karsten Loesing
4aca55efd2 Count IPv6 connections in bridge and entry stats. 2012-02-09 11:12:30 +01:00
Sebastian Hahn
332e96d109 Fix fencepost error with HearbeatPeriod option
We'd only log every HeartbeatPeriod + 1 seconds. Discovered by Scott
Bennett, reported as bug 4942.
2012-02-08 04:44:15 -05:00
Nick Mathewson
dd68d596cd Set IPV6_V6ONLY on listener sockets bound to IPv6 addresses.
If we don't do this, [::] can be interpreted to mean all v4 and all
v6 addresses.  Found by dcf.  Fixes bug 4760.  See RFC 3493 section
5.3 for more info.
2012-01-31 16:09:49 -05:00
Nick Mathewson
79a80c88ee Fix straggling MS_WINDOWS issues; add a changes file
There was one MS_WINDOWS that remained because it wasn't on a macro
line; a few remaining uses (and the definition!) in configure.in;
and a now-nonsensical stanza of eventdns_tor.h that previously
defined 'WIN32' if it didn't exist.
2012-01-31 15:48:47 -05:00
Nick Mathewson
5cf9167f91 Use the standard _WIN32, not the Torism MS_WINDOWS or deprecated WIN32
This commit is completely mechanical; I used this perl script to make it:

 #!/usr/bin/perl -w -i.bak -p

 if (/^\s*\#/) {
     s/MS_WINDOWS/_WIN32/g;
     s/\bWIN32\b/_WIN32/g;
 }
2012-01-31 15:48:47 -05:00
Roger Dingledine
b1ee1927b1 if we ever have an old bridge, never again use microdescs
should reduce the risk of oscillation if our 0.2.2 bridge comes and goes
2012-01-27 17:22:31 -05:00
Roger Dingledine
a0f0897795 Allow 0.2.3.x clients to use 0.2.2.x bridges.
Previously the client would ask the bridge for microdescriptors, which are
only supported in 0.2.3.x and later, and then fail to bootstrap when it
didn't get the answers it wanted. Fixes bug 4013; bugfix on 0.2.3.2-alpha.

The fix here is to revert to using normal descriptors if any of our
bridges are known to not support microdescs. This is not ideal, a) because
we'll start downloading a microdesc consensus as soon as we get a bridge
descriptor, and that will waste time if we later get a bridge descriptor
that tells us we don't like microdescriptors; and b) by changing our mind
we're leaking to our other bridges that we have an old-version bridge.

The alternate fix would have been to change
we_use_microdescriptors_for_circuits() to ask if *any* of our bridges
can support microdescriptors, and then change the directory logic that
picks a bridge to only select from those that do. For people living in
the future, where 0.2.2.x is obsolete, there won't be a difference.

Note that in either of these potential fixes, we have risk of oscillation
if our one funny-looking bridges goes away / comes back.
2012-01-25 18:54:59 -05:00
Roger Dingledine
247a21379a set SO_REUSEADDR before we bind, not after
resolves bug 4950 (fixes a bug on commit aba7bb705a from #2850)
2012-01-23 15:54:02 -05:00
Sebastian Hahn
9ce9836f85 Use !SOCKET_OK to test if a socket is uninitialized
This fixes a compile warning on Windows. Fixes bug 4946, not in any
released version.
2012-01-23 02:07:03 +01:00
Roger Dingledine
2de0eeaa72 update comment to reflect our TOR_INVALID_SOCKET convention 2012-01-22 19:39:29 -05:00
Nick Mathewson
26e789fbfd Rename nonconformant identifiers.
Fixes bug 4893.

These changes are pure mechanical, and were generated with this
perl script:

  /usr/bin/perl -w -i.bak -p

  s/crypto_pk_env_t/crypto_pk_t/g;
  s/crypto_dh_env_t/crypto_dh_t/g;
  s/crypto_cipher_env_t/crypto_cipher_t/g;
  s/crypto_digest_env_t/crypto_digest_t/g;

  s/aes_free_cipher/aes_cipher_free/g;
  s/crypto_free_cipher_env/crypto_cipher_free/g;
  s/crypto_free_digest_env/crypto_digest_free/g;
  s/crypto_free_pk_env/crypto_pk_free/g;

  s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
  s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
  s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
  s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;

  s/crypto_new_cipher_env/crypto_cipher_new/g;
  s/crypto_new_digest_env/crypto_digest_new/g;
  s/crypto_new_digest256_env/crypto_digest256_new/g;
  s/crypto_new_pk_env/crypto_pk_new/g;

  s/crypto_create_crypto_env/crypto_cipher_new/g;

  s/connection_create_listener/connection_listener_new/g;
  s/smartlist_create/smartlist_new/g;
  s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
Nick Mathewson
6e8c2a3e46 Use SOCKET_OK macros in even more places
Add a TOR_INVALID_SOCKET macro to wrap -1/INVALID_SOCKET.

Partial work for bug4533.
2012-01-17 16:35:07 -05:00
Roger Dingledine
1e923dd2fb fix crash bug in original feature4207 branch
PLURAL() assumes that the plural is the canonical name for the option,
so now it is.
2012-01-16 21:20:46 -05:00
Nick Mathewson
47aa491f9f Merge remote-tracking branch 'asn-mytor/bug4751' 2012-01-16 15:16:41 -05:00
Nick Mathewson
875a54dad3 Merge remote-tracking branch 'public/bug3325' 2012-01-16 15:10:38 -05:00
Nick Mathewson
5579bc0eaf whitespace fixes 2012-01-16 15:07:47 -05:00
Nick Mathewson
9c29369a04 Convert instances of tor_malloc+tor_snprintf into tor_asprintf
These were found by looking for tor_snprintf() instances that were
preceeded closely by tor_malloc(), though I probably converted some
more snprintfs as well.

(In every case, make sure that the length variable (if any) is
removed, renamed, or lowered, so that anything else that might have
assumed a longer buffer doesn't exist.)
2012-01-16 15:03:44 -05:00
Nick Mathewson
cc02823d7f Convert instances of tor_snprintf+strdup into tor_asprintf
These were found by looking for tor_snprintf() instances that were
followed closely by tor_strdup(), though I probably converted some
other snprintfs as well.
2012-01-16 15:03:13 -05:00
Nick Mathewson
edcc9981d8 Try to use smartlist_add_asprintf consistently
(To ensure correctness, in every case, make sure that the temporary
variable is deleted, renamed, or lowered in scope, so we can't have
any bugs related to accidentally relying on the no-longer-filled
variable.)
2012-01-16 15:02:51 -05:00
Nick Mathewson
9c6d913b9e Rename smartlist_{v,}asprintf_add to smartlist_add_{v,}asprintf 2012-01-16 15:01:54 -05:00
Sebastian Hahn
88698993a9 check-spaces fix 2012-01-16 14:50:13 -05:00
Nick Mathewson
125fba2e99 Provide consensus params to constrain the threshold for Fast
resolves ticket 3946
2012-01-16 14:50:13 -05:00
Nick Mathewson
1810db9bb3 Comment fixups on 4207 suggested by arma 2012-01-16 14:45:12 -05:00
Nick Mathewson
938531773a Allow authorities to baddir/badexit/invalid/reject nodes by cc
Implements ticket #4207
2012-01-13 12:28:47 -05:00
George Kadianakis
39850f03f6 Improve names of some pluggable transport-related functions. 2012-01-13 16:44:30 +02:00
Robert Ransom
fbd243a165 Don't crash when HS circs which have not yet found an OR conn time out
Fixes bug #4897, not yet in any release.

Using n_circ_id alone here (and below, when n_conn is NULL) really sucks,
but that's a separate bug which will need a changes/ file.
2012-01-12 19:21:39 -08:00
Nick Mathewson
2cddd1d69f Move logging of bad hostnames into parse_extended_hostname
This fixes bug 3325, where a bad .exit would get logged as a bad .onion
2012-01-11 15:56:14 -05:00
Nick Mathewson
b8675e5fe3 Do not pretend to allow PADDING as the first cell of a v3 handshake 2012-01-11 12:34:28 -05:00
Nick Mathewson
f54a10caa6 Merge branch 'prop187_squashed' 2012-01-11 12:27:14 -05:00
Nick Mathewson
fa83397ecd Fix a missing iso_time_nospace_usec
Apparently I missed a case when converting sec,usec to
yyyy-mm-ddThh:mm:ss.uuuuuu .
2012-01-11 12:23:43 -05:00
Nick Mathewson
f729e1e984 Merge branch 'feature3457-v4-nm-squashed'
Conflicts:
	src/or/rendclient.c
2012-01-11 12:10:14 -05:00
Nick Mathewson
b5af456685 Use spaceless ISO8601 time format, not sec,usec. 2012-01-11 12:08:01 -05:00
Nick Mathewson
3826e058ac Implement proposal 187: reserve a cell type for client authorization
This needs a changes file and more testing.
2012-01-11 11:10:18 -05:00
Nick Mathewson
ce703bd53e defensive programming to catch duplicate calls to connection_init_or_handshake_state 2012-01-11 11:10:17 -05:00
Nick Mathewson
c5b58df775 Add clarity/typesafety wrappers for control_event_circuit_status_minor 2012-01-11 10:28:20 -05:00
Nick Mathewson
0e911abf27 Rename CIRC2 to CIRC_MINOR
Also give the arguments to control_event_circuit_status_minor real
names.
2012-01-11 10:19:24 -05:00
Nick Mathewson
fe4811471d Chop out the intro point calculation until it is simple enough for nickm to grok 2012-01-10 19:20:00 -05:00
Robert Ransom
31d6350737 Use my original formula for number of replacements for an intro point
A fixup commit which was intended to make this formula easier to read
broke it instead.
2012-01-10 19:20:00 -05:00
Nick Mathewson
5e9d349979 Merge remote-tracking branch 'public/bug4650_nm_squashed' 2012-01-10 17:59:49 -05:00
Nick Mathewson
8d74fba651 Merge branch 'absolute_cookie_file' 2012-01-10 15:00:02 -05:00
Sebastian Hahn
6b9298ef72 Log which votes we still need to fetch
This might help us see which authorities are problematic in getting
their vote published the first time.
2012-01-10 16:13:30 +01:00
Sebastian Hahn
50a50392b7 Advertise dirport if accountingmax is large enough
When we have an effective bandwidthrate configured so that we cannot
exceed our bandwidth limit in one accounting interval, don't disable
advertising the dirport. Implements ticket 2434.
2012-01-10 09:59:36 -05:00
Nick Mathewson
2a9b279163 Merge remote-tracking branch 'rransom-tor/bug4883' 2012-01-10 09:33:55 -05:00
Robert Ransom
72ed4a41f5 Fix brown-paper-bag bug in #4759 fix
Fixes #4883, not yet in any release.
2012-01-09 22:03:04 -08:00
Nick Mathewson
4e14ce4dba Report cookie file location as absolute in protocolinfo message 2012-01-09 13:20:48 -05:00
Nick Mathewson
838ec086be Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-09 12:22:29 -05:00
Nick Mathewson
6fd61cf767 Fix a trivial log message error in renservice.c
Fixes bug 4856; bugfix on 0.0.6

This bug was introduced in 79fc5217, back in 2004.
2012-01-09 12:21:04 -05:00
Nick Mathewson
d4de312b3c Merge remote-tracking branch 'rransom-tor/bug4842' 2012-01-09 11:59:08 -05:00
Roger Dingledine
ecdea4eeaf Merge branch 'maint-0.2.2' 2012-01-08 12:17:16 -05:00
Roger Dingledine
cc1580dbe0 when the consensus fails, list which dir auths were in or out 2012-01-08 12:14:44 -05:00
Roger Dingledine
04bf17c50c nickname, not identity fingerprint, will help more 2012-01-08 12:09:01 -05:00
Roger Dingledine
78e95b7b71 tell me who votes are actually for, not just where they're from 2012-01-08 10:03:46 -05:00
Roger Dingledine
19c372daf0 clean up a comment that confused arturo 2012-01-07 07:41:46 -05:00
Robert Ransom
b46a7ebb2b Don't remove rend cpath element from relaunched service-side rend circs
Fixes bug 4842, not in any release.
2012-01-06 22:44:20 -08:00
Sebastian Hahn
98959f63ac Disallow disabling DisableDebuggerAttachment on runnning Tor
Also, have tor_disable_debugger_attach() return a tristate of
success/failure/don't-know-how , and only log appropriately.
2012-01-04 15:09:02 -05:00
Nick Mathewson
65420e4cb5 Merge remote-tracking branch 'rransom-tor/bug1297b-v2' 2012-01-04 13:50:24 -05:00
Robert Ransom
0bd53b8d87 Verbotify documentation comments for the #1297-fix flags 2012-01-04 09:37:49 -08:00
Nick Mathewson
47b7a27929 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-03 13:22:34 -05:00
Sebastian Hahn
5d9be49540 Fix a check-spaces violation in compat.c
Also fix a comment typo
2011-12-30 23:30:57 +01:00
Sebastian Hahn
d861b4cc9d Fix spelling in a controlsocket log msg
Fixes bug 4803.
2011-12-30 23:27:02 +01:00
Nick Mathewson
bfae41328e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-28 16:52:31 -05:00
Nick Mathewson
84bf8e3808 Merge remote-tracking branch 'public/bug4788' into maint-0.2.2 2011-12-28 16:50:45 -05:00
Nick Mathewson
e3a6493898 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-28 15:57:48 -05:00
Nick Mathewson
c563551eef Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-12-28 15:56:37 -05:00
Nick Mathewson
120a745346 Bug 4786 fix: don't convert EARLY to RELAY on v1 connections
We used to do this as a workaround for older Tors, but now it's never
the correct thing to do (especially since anything that didn't
understand RELAY_EARLY is now deprecated hard).
2011-12-28 15:54:06 -05:00
Robert Ransom
2b189a222b Don't exit when marking a newly created _C_INTRODUCING circ for close 2011-12-28 09:02:14 -08:00
Nick Mathewson
9bcb187387 Authorities reject insecure Tors.
This patch should make us reject every Tor that was vulnerable to
CVE-2011-0427.  Additionally, it makes us reject every Tor that couldn't
handle RELAY_EARLY cells, which helps with proposal 110 (#4339).
2011-12-27 21:47:04 -05:00
Robert Ransom
836161c560 Add an option to close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
f88c8ca8c9 Don't close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
078e3e9dd5 Add an option to close 'almost-connected' HS client circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
4b13c33c0c Don't close HS client circs which are 'almost connected' on timeout 2011-12-27 08:02:42 -08:00
Nick Mathewson
334a0513de Downgrade relay_early-related warning 2011-12-26 18:11:41 -05:00
Roger Dingledine
3aade2fab7 Merge remote-tracking branch 'nickm/prop110_v2' 2011-12-25 17:43:09 -05:00
Robert Ransom
4c3a23b283 Look up the rend circ whose INTRODUCE1 is being ACKed correctly
This change cannibalizes circuit_get_by_rend_query_and_purpose because it
had exactly one caller.
2011-12-22 23:46:09 -08:00
Nick Mathewson
7cb804343b Merge remote-tracking branch 'rransom/feature2411-v4' 2011-12-22 10:51:39 -05:00
Nick Mathewson
782b7f49d8 Fix bug2571: warn on EntryNodes set and UseEntryGuards disabled 2011-12-22 10:31:52 -05:00
Kamran Riaz Khan
a1c1fc72d1 Prepend cwd for relative config file paths.
Modifies filenames which do not start with '/' or '.' on non-Windows
platforms; uses _fullpath on Windows.
2011-12-22 10:17:48 -05:00
Nick Mathewson
2710a96ba4 Allow prop110 violations if AllowNonearlyExtend is set in consensus 2011-12-22 10:12:49 -05:00
Nick Mathewson
847541ce5d Log what fraction of EXTEND cells have died for being non-early 2011-12-22 09:51:59 -05:00
Nick Mathewson
0187bd8728 Implement the last of proposal 110
Reject all EXTEND requests not received in a relay_early cell
2011-12-22 09:51:59 -05:00
Robert Ransom
66f77561c0 Mark each intro circ with the rend cookie sent in its INTRODUCE1 cell
Needed by fix for #4759.
2011-12-22 06:45:45 -08:00
Nick Mathewson
878a684386 Merge remote-tracking branch 'public/bug4697' 2011-12-22 09:45:26 -05:00
Nick Mathewson
8cdeaedf86 Convert a couple of char[256]s into sockaddr_storage 2011-12-21 11:23:13 -05:00
Nick Mathewson
f75660958c Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-21 11:20:56 -05:00
Nick Mathewson
b5e6bbc01d Do not even try to keep going on a socket with socklen==0
Back in #1240, r1eo linked to information about how this could happen
with older Linux kernels in response to nmap.  Bugs #4545 and #4547
are about how our approach to trying to deal with this condition was
broken and stupid.  Thanks to wanoskarnet for reminding us about #1240.

This is a fix for the abovementioned bugs, and is a bugfix on
0.1.0.3-rc.
2011-12-21 11:19:41 -05:00
Nick Mathewson
14127f226d Merge remote-tracking branch 'asn-mytor/bug4531' 2011-12-20 14:40:16 -05:00
Nick Mathewson
26053bd7c9 Merge remote-tracking branch 'asn-mytor/bug4725_take2' 2011-12-20 14:28:31 -05:00
George Kadianakis
0cfdd88adb Don't call tor_tls_set_logged_address till after checking conn->tls.
Fixes bug 4531.
2011-12-20 19:21:15 +01:00
Nick Mathewson
ba1766bc3f Add explicit cast to make gcc happy 2011-12-20 11:19:57 -05:00
Nick Mathewson
4080ac9eee Merge branch 'bug3825b-v8-squashed' 2011-12-20 11:15:49 -05:00
Robert Ransom
dae000735e Adjust n_intro_points_wanted when a service's intro points are closed 2011-12-20 11:15:33 -05:00
Robert Ransom
46783eb6d7 Extract function to determine how many intros an intro point has handled 2011-12-20 11:15:31 -05:00
Martin Hebnes Pedersen
d5e964731c Fixed build with GCC < 3.3
Preprocessor directives should not be put inside the arguments
of a macro. This is not supported on older GCC releases (< 3.3)
thus broke compilation on Haiku (running gcc2).
2011-12-19 11:27:08 -05:00
Martin Hebnes Pedersen
f783a326b8 -lm should not be hardcoded.
On some platforms (Haiku/BeOS) libm lives in libcore.

Also added 'network' to the list of libraries to search for connect().
2011-12-19 11:27:08 -05:00
George Kadianakis
539cb627f7 Server transports should be instructed to bind on INADDR_ANY by default. 2011-12-18 13:21:58 +01:00
Nick Mathewson
e5e50d86ca Ignore all bufferevent events on a marked connection
Bug 4697; fix on 0.2.3.1-alpha
2011-12-17 14:06:10 -05:00
Nick Mathewson
37504b5efa Merge remote-tracking branch 'asn-mytor/bug4726' 2011-12-17 12:49:15 -05:00
George Kadianakis
6d35f08e01 Doxygenize the file-level documentation of transports.c. 2011-12-16 11:01:56 +01:00
Nick Mathewson
e402edd960 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-15 11:32:49 -05:00
Nick Mathewson
562c974ee7 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-12-15 11:28:44 -05:00
Nick Mathewson
9d0777839b Add a fix for the buf_pullup bug that Vektor reported 2011-12-15 11:28:24 -05:00
Robert Ransom
59b5379424 Remove comment complaining that we try to attach all streams to circs
It's inefficient, but the more efficient solution (only try to attach
streams aiming for this HS) would require far more complexity for a gain
that should be tiny.
2011-12-09 11:28:42 -05:00
Robert Ransom
832bfc3c46 Clear stream-isolation state on rend circs if needed to attach streams
Fixes bug 4655; bugfix on 0.2.3.3-alpha.
2011-12-09 11:28:42 -05:00
Robert Ransom
7b6b2d5fb8 Refactor stream attachment in circuit_has_opened
Put the 'try attaching streams, clear isolation state if possible, retry
attaching streams' loop in its own separate function, where it belongs.
2011-12-09 11:28:33 -05:00
Roger Dingledine
ae07af564e paint bug2474's fix a different neon color
this way people with 80-column logs may read more of the warning
2011-12-08 04:41:56 -05:00
Nick Mathewson
8bb853b2a2 Merge remote-tracking branch 'public/revert_4312' 2011-12-07 21:12:20 -05:00
Roger Dingledine
299034edf5 clarify a debug line 2011-12-07 18:12:11 -05:00
Nick Mathewson
021ff31ba6 Revert "Get rid of tor_tls_block_renegotiation()."
This reverts commit 340809dd22.
2011-12-06 19:49:21 -05:00
Nick Mathewson
616b60cef3 Revert "Use callback-driven approach to block renegotiations."
This reverts commit 406ae1ba5a.
2011-12-06 19:49:20 -05:00
Nick Mathewson
df1f72329a Revert "Refactor tor_event_base_once to do what we actually want"
This reverts commit 7920ea55b8.
2011-12-06 19:49:20 -05:00
Nick Mathewson
3a17a1a62f Revert "Avoid a double-mark in connection_or_close_connection_cb"
This reverts commit 633071eb3b.
2011-12-06 19:49:20 -05:00
Nick Mathewson
135a5102a3 Revert "Make pending libevent actions cancelable"
This reverts commit aba25a6939.
2011-12-06 19:49:20 -05:00
Nick Mathewson
50fd99d7ef Revert "Set renegotiation callbacks immediately on tls inititation"
This reverts commit e27a26d568.
2011-12-06 19:49:19 -05:00
Nick Mathewson
4f47db3280 Merge remote-tracking branch 'sebastian/coverity' 2011-12-05 11:56:03 -05:00
Nick Mathewson
15d99fe4eb Add comment about bug4651 fix 2011-12-05 11:29:43 -05:00
Sebastian Hahn
60c330a251 cid 432: Remove dead code if we don't handle a consensus
Bugfix on 0.2.3.1, fixes the second half of bug 4637.
2011-12-04 17:36:23 +01:00
Robert Ransom
f5730d4698 Don't send two ESTABLISH_RENDEZVOUS cells when opening a new rend circ 2011-12-03 22:06:50 -08:00
Nick Mathewson
682a85ff7c Don't just tell the controller "foo" on id mismatch
Fixes bug 4169; bugfix on 0.2.1.1-alpha.
2011-12-02 16:27:33 -05:00
Nick Mathewson
5303918091 Init conn->addr to "unspec" on cpuworker connections
Fixes bug 4532 reported by "troll_un"
2011-12-02 16:21:50 -05:00
Nick Mathewson
6171bdd105 Don't call tor_tls_set_logged_address till after checking conn->tls
Fixes bug 4531; partial backport of e27a26d5.
2011-12-02 16:15:52 -05:00
Nick Mathewson
f78fc8cfb4 Give DirAllowPrivateAddress an explicit default
By convention, we say whether each bool's default is 0 or 1

Fixes 4536; found by "troll_un"
2011-12-02 16:04:18 -05:00
Nick Mathewson
cf14a520c8 Resolve bug 3448: remove mention of tor-ops (which is not in use) 2011-12-02 15:42:15 -05:00
Robert Ransom
5ffa7102c0 Don't segfault when checking whether a not-yet-used intro point should expire
Found by katmagic.  Bugfix on the #3460 branch, not yet in any release.
2011-12-01 15:26:45 -08:00
Linus Nordberg
c06c80b7f7 Fix warnings.
Remove environ declaration.
Use ORPort->value.  And it's a string.
Make tmp a char *.
2011-12-01 09:40:47 +01:00
Murdoch@cl.cam.ac.uk
b0d3c6a878 Only define set_buffer_lengths_to_zero if bufferevents are enabled
Otherwise, on Windows, gcc will warn about the function being unused
2011-11-30 18:06:55 -05:00
Nick Mathewson
d04f21bf39 Merge branch 'feature2553-v4-rebased' 2011-11-30 14:54:33 -05:00
Arturo Filastò
db648fe886 Add some more documentation 2011-11-30 14:54:15 -05:00
Robert Ransom
c90c33fd53 Turn off LearnCircuitBuildTimeout when tor2web mode is on 2011-11-30 14:54:15 -05:00
Robert Ransom
328c9582a9 Add ifdefs to disable assertion in connection_ap_handshake_send_begin 2011-11-30 14:54:15 -05:00
Robert Ransom
a364f88477 Add ifdefs to disable #3332 assertions 2011-11-30 14:54:15 -05:00
Robert Ransom
826f1d5b0a Use single-hop intro and rend circuits when in tor2web mode 2011-11-30 14:54:15 -05:00
Robert Ransom
29287ed0ed Perform single-hop HS desc fetches when in tor2web mode 2011-11-30 14:54:15 -05:00
Robert Ransom
ebf524b48b Don't allow tor2web-mode Tors to connect to non-HS addresses
The client's anonymity when accessing a non-HS address in tor2web-mode
would be easily nuked by inserting an inline image with a .onion URL, so
don't even pretend to access non-HS addresses through Tor.
2011-11-30 14:54:15 -05:00
Robert Ransom
5f3e6eb0b9 Warn loudly on startup and SIGHUP if Tor is built for a non-anonymous mode 2011-11-30 14:54:14 -05:00
Robert Ransom
543a36a55b Add a compile-time #define to control whether Tor runs in 'tor2web mode'
The Tor2webMode torrc option is still required to run a Tor client in
'tor2web mode', but now it can't be turned on at runtime in a normal build
of Tor.  (And a tor2web build of Tor can't be used as a normal Tor client,
so we don't have to worry as much about someone distributing packages with
this particular pistol accessible to normal users.)
2011-11-30 14:54:14 -05:00
Nick Mathewson
3b88b63826 Merge branch 'bug933_nm_rebased_v2'
Conflicts:
	src/test/test.c
2011-11-30 14:10:22 -05:00
Nick Mathewson
e8d598c4ac Tweak addressmap_rewrite a little more
This resolves a loop warning on "MapAddress *.example.com
example.com", makes the rewrite log messages correct, and fixes the
behavior of "MapAddress *.a *.b" when just given "a" as an input.
2011-11-30 14:08:11 -05:00
Nick Mathewson
66859e2d4a Fix an issue in my mapaddress domains code spotted by arma
MapAddress *.torproject.org torproject.org would have been interpreted
as a map from a domain to itself, and would have cleared the mapping.
Now we require not only a match of domains, but of wildcards.
2011-11-30 14:08:11 -05:00
Nick Mathewson
04c622d720 Add some post-comma spaces to please arma
Incidentally, we've got 30969 lines in master with a comma
in them, of which 1995 have a comma followed by a non-newline,
non-space character.  So about 93% of our commas are right,
but we have a substantial number of "crowded" lines.
2011-11-30 14:08:11 -05:00
Nick Mathewson
ff3eb8e023 Forbid remapping of *
It might be nice to support this someday, but for now it would fail
with an infinite remap cycle.  (If I say "remap * *.foo.exit",
then example.com ->
     example.com.foo.exit ->
     example.com.foo.exit.foo.exit ->
     example.com.foo.exit.foo.exit.foo.exit -> ...)
2011-11-30 14:08:11 -05:00
Nick Mathewson
69d16900aa Refactor addressmap_match_superdomains and representation of wildcards
In this new representation for wildcarded addresses, there are no
longer any 'magic addresses': rather, "a.b c.d", "*.a.b c.d" and
"*.a.b *.c.d" are all represented by a mapping from "a.b" to "c.d". we
now distinguish them by setting bits in the addressmap_entry_t
structure, where src_wildcard is set if the source address had a
wildcard, and dst_wildcard is set if the target address had a
wildcard.

This lets the case where "*.a.b *.c.d" or "*.a.b c.d" remap the
address "a.b" get handled trivially, and lets us simplify and improve
the addressmap_match_superdomains implementation: we can now have it
run in O(parts of address) rather than O(entries in addressmap).
2011-11-30 14:08:11 -05:00
Robert Hogan
53ce6bb52d Address nickm's comments at https://trac.torproject.org/projects/tor/ticket/933#comment:8
1. Only allow '*.' in MapAddress expressions. Ignore '*ample.com' and '.example.com'.
       This has resulted in a slight refactoring of config_register_addressmaps.
    2. Add some more detail to the man page entry for AddressMap.
    3. Fix initialization of a pointer to NULL rather than 0.
    4. Update the unit tests to cater for the changes in 1 and test more explicitly for
       recursive mapping.
2011-11-30 14:08:10 -05:00
Robert Hogan
909e9769ec Address nickm's comments at https://trac.torproject.org/projects/tor/ticket/933#comment:4
1. Implement the following mapping rules:

   MapAddress a.b.c d.e.f # This is what we have now
   MapAddress .a.b.c d.e.f # Replaces any address ending with .a.b.c with d.e.f
   MapAddress .a.b.c .d.e.f # Replaces the .a.b.c at the end of any addr with .d.e.f

   (Note that 'a.b.c .d.e.f' is invalid, and will be rejected.)

2. Add tests for the new rules.

3. Allow proper wildcard annotation, i.e. '*.d.e' '.d.e' will still work.

4. Update addressmap_entry_t with an is_wildcard member.
2011-11-30 14:08:10 -05:00
Robert Hogan
c6d8c6baaa bug933 - Match against super-domains in MapAddress
Allow MapAddress to handle directives such as:

MapAddress .torproject.org .torserver.exit
MapAddress .org 1.1.1.1

Add tests for addressmap_rewrite.
2011-11-30 14:08:10 -05:00
Nick Mathewson
9da99b4939 Fix a memory leak in error path of my default-torrc code
Fixes Coverity CID # 500
2011-11-30 12:16:39 -05:00
Nick Mathewson
c5e2bfa983 appease "make check-spaces" 2011-11-30 12:09:53 -05:00
Nick Mathewson
8cc8b016c8 Merge branch 'ipv6_bridges_squashed' 2011-11-30 12:02:13 -05:00
Nick Mathewson
5412b3728c Rename one more recalcitrant function. 2011-11-30 12:01:16 -05:00
Linus Nordberg
1dca559db8 Warn user about client ignoring non-preferred IP address for a bridge. 2011-11-30 11:55:46 -05:00
Linus Nordberg
32d10bdfb3 Whitespace changes. 2011-11-30 11:55:46 -05:00
Linus Nordberg
39ec781b8f Make the router_get_*_orport interface consistent with node_*. 2011-11-30 11:55:46 -05:00
Linus Nordberg
3b51b326e4 Make router_get_{prim,alt,pref}_addr_port take tor_addr_port_t *.
Rename to *_orport for consistency with node_*.
2011-11-30 11:55:46 -05:00
Linus Nordberg
2376a6ade4 Merge node_get_{prim,pref,pref_ipv6}_addr with their _orport counterparts.
This keeps the IP address and TCP for a given OR port together,
reducing the risk of using an address for one address family with a
port of another.

Make node_get_addr() a wrapper function for compatibility.
2011-11-30 11:55:46 -05:00
Linus Nordberg
529820f8ba Use correct address family where necessary for bridges on IPv6. 2011-11-30 11:55:46 -05:00
Linus Nordberg
f89c619679 Use the preferred address and port when initiating a connection.
This is not as conservative as we could do it, f.ex. by looking at the
connection and only do this for connections to bridges.  A non-bridge
should never have anything else than its primary IPv4 address set
though, so I think this is safe.
2011-11-30 11:55:46 -05:00
Linus Nordberg
f6ce9e4ea5 Take IPv6 into account when rewriting routerinfo for a bridge and maintain ipv6_preferred.
Don't touch the string representation in routerinfo_t->address.

Also, set or clear the routerinfo_t->ipv6_preferred flag based on the
address family of the bridge.
2011-11-30 11:55:45 -05:00
Linus Nordberg
6048f01971 Use preferred address when looking for bridges by routerinfo_t.
This should be safe to do for all uses of get_configured_bridge_by_routerinfo().
2011-11-30 11:55:45 -05:00
Linus Nordberg
7b02d1a73e Clarify function documentation. 2011-11-30 11:55:45 -05:00
Linus Nordberg
f786307ab7 First chunk of support for bridges on IPv6
Comments below focus on changes, see diff for added code.

New type tor_addr_port_t holding an IP address and a TCP/UDP port.

New flag in routerinfo_t, ipv6_preferred.  This should go in the
node_t instead but not now.

Replace node_get_addr() with
- node_get_prim_addr() for primary address, i.e. IPv4 for now
- node_get_pref_addr() for preferred address, IPv4 or IPv6.

Rename node_get_addr_ipv4h() node_get_prim_addr_ipv4h() for
consistency.  The primary address will not allways be an IPv4 address.
Same for node_get_orport() -> node_get_prim_orport().

Rewrite node_is_a_configured_bridge() to take all OR ports into account.

Extend argument list to extend_info_from_node and
extend_info_from_router with a flag indicating if we want to use the
routers primary address or the preferred address.  Use the preferred
address in as few situtations as possible for allowing clients to
connect to bridges over IPv6.
2011-11-30 11:55:45 -05:00
Linus Nordberg
5bee213d23 Turn get_first_advertised_v4_port_by_type() into get_first_advertised_port_by_type_af(). 2011-11-30 11:55:45 -05:00
Linus Nordberg
1c2c3314a9 Add some logging and comments. 2011-11-30 11:55:44 -05:00
Nick Mathewson
19a82d2936 Bridges can advertise a single IPv6 address with orport
This is deliberately more restrictive than we'd want to be.

Needs testing!
2011-11-30 11:55:44 -05:00
Nick Mathewson
11d5a9f63d Initial support for simplest use of prop186 or-address lines
This lets a routerinfo_t have a single IPv6 or-address, and adds
support for formatting and parsing those lines.
2011-11-30 11:55:44 -05:00
Nick Mathewson
5f0a8dcd2c Initial hacking for proposal 186.
This code handles the new ORPort options, and incidentally makes all
remaining port types use the new port configuration systems.

There are some rough edges!  It doesn't do well in the case where your
Address says one thing but you say to Advertise another ORPort.  It
doesn't handle AllAddrs.  It doesn't actually advertise anything besides
the first listed advertised IPv4 ORPort and DirPort.  It doesn't do
port forwarding to them either.

It's not tested either, it needs more documentation, and it probably
forgets to put the milk back in the refrigerator.
2011-11-30 11:55:44 -05:00
Robert Ransom
825f3d31b1 Add an assert before dereferencing entry_conn->socks_request
This may turn a segfault which katmagic saw into an assertion failure.
2011-11-29 20:34:33 -08:00
Nick Mathewson
628b735fe3 Merge remote-tracking branch 'rransom-tor/bug3460-v4'
Conflicts:
	src/or/rendservice.c
2011-11-29 20:56:39 -05:00
Nick Mathewson
fdc0aa8c45 Merge remote-tracking branch 'rransom-tor/bug4605' 2011-11-29 20:28:08 -05:00
Robert Ransom
e70610878a Add 'config-defaults-file' to getinfo_items table
Bugfix on commit 230422b955, not yet in any
release; fixes bug #4605.
2011-11-29 17:13:39 -08:00
Robert Ransom
4150d92eea Set torrc_fname in load_torrc_from_disk
Bugfix on commit 230422b955, not yet in any
release. Fixes bug #4604; reported by koolfy.
2011-11-29 17:11:49 -08:00
Nick Mathewson
8bb23c7def Merge branch 'bug4587_v2' 2011-11-29 19:15:40 -05:00
Nick Mathewson
e27a26d568 Set renegotiation callbacks immediately on tls inititation
This way, we can't miss a renegotiation attempt in a v2 handshake,
or miss excess renegotiation attempts.  Partial fix for bug 4587.
2011-11-29 19:10:19 -05:00
Nick Mathewson
da6c136817 Merge remote-tracking branch 'asn-mytor/bug4548_take2' 2011-11-29 18:30:41 -05:00
Nick Mathewson
83f66db79e Merge branch 'disable_network' 2011-11-29 17:52:23 -05:00
Nick Mathewson
9e8f3ee8e4 Fix some DOCDOCs 2011-11-29 17:52:16 -05:00
Nick Mathewson
8c5a2c5b80 Make sure we never launch an evdns resolve when DisableNetwork is 1 2011-11-29 17:46:54 -05:00
Nick Mathewson
9e25422eed Merge branch 'multilevel_cfg' 2011-11-29 17:38:19 -05:00
Nick Mathewson
aba25a6939 Make pending libevent actions cancelable
This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.
2011-11-29 17:08:29 -05:00
Nick Mathewson
116dd4ae4f log a notice when disablenetwork is set 2011-11-28 16:07:13 -05:00
Nick Mathewson
df9b76460c New 'DisableNetwork' option to prevent Tor from using the network
Some controllers want this so they can mess with Tor's configuration
for a while via the control port before actually letting Tor out of
the house.

We do this with a new DisableNetwork option, that prevents Tor from
making any outbound connections or binding any non-control
listeners.  Additionally, it shuts down the same functionality as
shuts down when we are hibernating, plus the code that launches
directory downloads.

To make sure I didn't miss anything, I added a clause straight to
connection_connect, so that we won't even try to open an outbound
socket when the network is disabled.  In my testing, I made this an
assert, but since I probably missed something, I've turned it into a
BUG warning for testing.
2011-11-28 15:44:10 -05:00
Nick Mathewson
230422b955 Support for a defaults torrc file.
This will mainly help distributors by giving a way to set system or package
defaults that a user can override, and that a later package can replace.

No promises about the particular future location or semantics for this:
we will probably want to tweak it some before 0.2.3.x-rc

The file is searched for in CONFDIR/torrc-defaults , which can be
overridden with the "--defaults-torrc" option on the command line.
2011-11-27 22:25:52 -05:00
Nick Mathewson
73436a1d6f Add the ability to append and clear linelist options from cmdline
This will be important for getting stuff to work right across zones.
2011-11-27 21:32:51 -05:00
Nick Mathewson
9ce5801e22 Make linelists always overridden by the command line
This starts an effort to refactor torrc handling code to make it easier
to live with.  It makes it possible to override exit policies from the
command line, and possible to override (rather than append to) socksport
lists from the command line.

It'll be necessary to make a "base" torrc implementation work at all.
2011-11-27 18:13:32 -05:00
Robert Ransom
a2791f43f5 Correct documentation comments for fields formerly named accepted_intros 2011-11-27 09:30:16 -08:00
Robert Ransom
256bcb4755 Rename accepted_intros fields 2011-11-27 09:26:48 -08:00
Sebastian Hahn
e5e4bfd167 Implement consensus method 12 (proposal 178) 2011-11-27 09:29:33 -05:00
George Kadianakis
055d6c01ff Write dynamic DH parameters to a file.
Instead of only writing the dynamic DH prime modulus to a file, write
the whole DH parameters set for forward compatibility. At the moment
we only accept '2' as the group generator.

The DH parameters gets stored in base64-ed DER format to the
'dynamic_dh_params' file.
2011-11-26 19:29:57 +01:00
George Kadianakis
fa013e1bc5 Normal relays should generate dynamic DH moduli as well. 2011-11-26 05:57:17 +01:00
Nick Mathewson
633071eb3b Avoid a double-mark in connection_or_close_connection_cb 2011-11-25 17:21:11 -05:00
Nick Mathewson
7920ea55b8 Refactor tor_event_base_once to do what we actually want
This version avoids the timeout system entirely, gives a nicer
interface, and lets us manage allocation explicitly.
2011-11-25 17:18:54 -05:00
Nick Mathewson
e5f2f10844 Merge remote-tracking branch 'asn/bug4312' 2011-11-25 17:00:47 -05:00
Nick Mathewson
b1bd30c24c Make the pt/transports test not crash. 2011-11-25 16:54:06 -05:00
Nick Mathewson
d6c18c5804 Make process_handle_t private and fix some unit tests
Let's *not* expose more cross-platform-compatibility structures, or
expect code to use them right.

Also, don't fclose() stdout_handle and stdin_handle until we do
tor_process_handle_destroy, or we risk a double-fclose.
2011-11-25 16:47:25 -05:00
Nick Mathewson
093e6724c7 Merge remote-tracking branch 'asn/bug3472_act2' 2011-11-25 16:00:31 -05:00
Nick Mathewson
cb8059b42d Merge remote-tracking branch 'sebastian/pure_removal' 2011-11-25 14:54:04 -05:00
George Kadianakis
e3cee8bc2e Simply initialize TLS context if DynamicDHGroups change.
We used to do init_keys() if DynamicDHGroups changed after a HUP, so
that the dynamic DH modulus was stored on the disk. Since we are now
doing dynamic DH modulus storing in crypto.c, we can simply initialize
the TLS context and be good with it.

Introduce a new function router_initialize_tls_context() which
initializes the TLS context and use it appropriately.
2011-11-25 18:15:26 +01:00
Sebastian Hahn
75d8ad7320 Purge ATTR_PURE from the code
We're using it incorrectly in many cases, and it doesn't help as far as
we know.
2011-11-25 17:57:50 +01:00
George Kadianakis
f477ddcc20 Only bother with dynamic DH moduli if we are a bridge. 2011-11-25 17:44:43 +01:00
George Kadianakis
4938bcc06a Do dynamic DH modulus storing in crypto.c. 2011-11-25 17:39:28 +01:00
Peter Palfrader
86be8fcf0a Handle build-trees better.
Properly create git revision and source file sha1sums include files when
building tor not in its source tree but in a dedicated build tree.
2011-11-24 23:56:01 -05:00
Nick Mathewson
eaa3a379f0 Move disable-debugger-attachment fn to compat where it belongs. Fix whitespace 2011-11-24 23:45:47 -05:00
Nick Mathewson
3508de3cd6 Tweak disable_debugger_attachment a little
Don't warn when we have no implementation of this function (since it's
on-by-default); reformat the changes entry; fix an overlong line.
2011-11-24 23:39:52 -05:00
Nick Mathewson
68114ca52c Merge remote-tracking branch 'ioerror/DisableDebuggerAttachment'
Conflicts:
	src/or/config.c
2011-11-24 23:38:32 -05:00
Nick Mathewson
f634228a07 Merge remote-tracking branch 'public/feature4516' 2011-11-24 22:59:37 -05:00
George Kadianakis
1d1d5ae7f8 Finishing touches.
- Make check-spaces happy.
- Remove a stray header from crypto.h
2011-11-25 01:08:31 +01:00
George Kadianakis
7c37a664c1 Rename 'dynamic prime' to 'dynamic DH modulus'. 2011-11-25 01:00:58 +01:00
George Kadianakis
782c907c7c s/DynamicPrimes/DynamicDHGroups/g 2011-11-25 01:00:14 +01:00
George Kadianakis
94076d9e3b Move crypto_get_stored_dynamic_prime() to crypto.c 2011-11-24 22:59:01 +01:00
George Kadianakis
2ef68980a7 Move store_dynamic_prime() to crypto.c. 2011-11-24 22:32:10 +01:00
George Kadianakis
cabb8e54c7 Tone down the logging. 2011-11-24 22:14:09 +01:00
George Kadianakis
8a726dd0dd Implement dynamic prime reading and storing to disk. 2011-11-24 22:13:44 +01:00
George Kadianakis
42bda231ee Make DynamicPrimes SIGHUP-able.
Instead of passing the DynamicPrimes configuration option to
crypto_global_init(), generate and set a new TLS DH prime when we read
the torrc.
2011-11-24 22:13:38 +01:00
George Kadianakis
659381e00d Introduce the DynamicPrimes configuration option. 2011-11-24 22:09:06 +01:00
Robert Ransom
17113448d2 Include circ creation time in CIRC events, etc. 2011-11-24 06:55:16 -08:00
Robert Ransom
88e0026d2f Send CIRC2 event when a circuit is cannibalized 2011-11-24 06:55:06 -08:00
Robert Ransom
296b8d0b10 Add CIRC2 control-port event, and send it when a circ's purpose changes 2011-11-24 06:54:55 -08:00
Robert Ransom
104c50fedb Log whenever a circuit's purpose is changed 2011-11-24 06:52:38 -08:00
Robert Ransom
d0ed7cbf8b List service address in CIRC events for HS-related circs 2011-11-24 06:32:55 -08:00
Robert Ransom
c7d01b0541 Report HS circ states stored in circ purpose field in CIRC events 2011-11-24 06:32:55 -08:00
Robert Ransom
8d5200c6b5 Use fewer TO_ORIGIN_CIRCUIT casts in getinfo_helper_events 2011-11-24 06:32:55 -08:00
Robert Ransom
c818f1f25d Use the new circ-description function for GETINFO circuit-status 2011-11-24 06:32:54 -08:00
Robert Ransom
b7c765b1b1 Report circuit build_state flags in CIRC events 2011-11-24 06:32:54 -08:00
Robert Ransom
9ce76adfe8 Split circuit-description code into a separate function 2011-11-24 06:32:54 -08:00
Robert Ransom
b149ab00d7 Separate circuit-close reasons from circ description 2011-11-24 06:32:54 -08:00
Robert Ransom
b2212bf9b4 Add Tor2webMode configuration option 2011-11-24 03:54:32 -08:00
Nick Mathewson
f067067ee6 Merge branch 'bug2474'
Had to resolve conflicts wrt the " (using bufferevents)" addition to the
startup string.

Conflicts:
	src/or/main.c
2011-11-23 17:14:54 -05:00
Nick Mathewson
2b4d4ffa8f Tweak the "this is not a stable release" warning some more 2011-11-23 17:09:36 -05:00
Sebastian Hahn
841247a586 Fix a compile warning on 64bit OS X
Backport of 68475fc5c5 which accidentally
only made it into master. Fixes bug 4547. Bug isn't in any released
version.
2011-11-23 12:06:55 -05:00
Sebastian Hahn
68475fc5c5 Fix a compile warning on 64bit OS X 2011-11-23 01:41:37 +01:00
Roger Dingledine
fce107b11e raise AuthDirFastGuarantee from 20KB to 100KB
This patch reverts part of 39ceda7e05 (where it used to be 100KB).
2011-11-21 18:44:59 -05:00
Roger Dingledine
58764d8ec6 apparently or_options_t likes being a const in master 2011-11-21 18:42:07 -05:00
Roger Dingledine
6a76007b08 Merge branch 'maint-0.2.2'
Conflicts:
	src/or/dirserv.c
2011-11-21 18:36:49 -05:00
Roger Dingledine
c0ec4eafc5 parameterize bw cutoffs to guarantee Fast and Guard flags
Now it will be easier for researchers to simulate Tor networks with
different values. Resolves ticket 4484.
2011-11-21 18:22:10 -05:00
Nick Mathewson
f4e053d6df Merge branch 'bug4518' into maint-0.2.2 2011-11-21 17:25:51 -05:00
Nick Mathewson
929074b368 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-21 10:52:38 -05:00
Nick Mathewson
b3c988f0d7 Merge remote-tracking branch 'public/bug3963' into maint-0.2.2 2011-11-21 10:52:15 -05:00
Nick Mathewson
0539c34c35 Merge branch 'bug4360' 2011-11-21 10:48:02 -05:00
Nick Mathewson
7992eb43c5 Log more loudly on a bad cert from an authority.
Clock skew made this situation way too frequent so we demoted it to
"protocol_warn", but when there's an authority, it should really just
be warn.
2011-11-20 00:48:25 -05:00
Nick Mathewson
8e388bc39c Only call cull_wedged_cpuworkers once every 60 seconds.
The function is over 10 or 20% on some of Moritz's profiles, depending
on how you could.

Since it's checking for a multi-hour timeout, this is safe to do.

Fixes bug 4518.
2011-11-19 18:30:55 -05:00
Nick Mathewson
53dac6df18 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-18 19:09:08 -05:00
Sebastian Hahn
6ef44b7849 Don't log about stats when running as a client without geoip
Completely disable stats if we aren't running as a relay. We won't
collect any anyway, so setting up the infrastructure for them and
logging about them is wrong. This also removes a confusing log
message that clients without a geoip db would have seen.

Fixes bug 4353.
2011-11-19 00:50:03 +01:00
Nick Mathewson
b88db7573c Merge remote-tracking branch 'public/benchmark' 2011-11-18 18:42:49 -05:00
Nick Mathewson
6e6a661296 New UserspaceIOCPBuffers option to set SO_{SND,RCV}BUF to zero
When running with IOCP, we are in theory able to use userspace-
allocated buffers to avoid filling up the stingy amount of kernel
space allocated for sockets buffers.

The bufferevent_async implementation in Libevent provides this
ability, in theory.  (There are likely to be remaining bugs).  This
patch adds a new option that, when using IOCP bufferevents, sets
each socket's send and receive buffers to 0, so that we should use
this ability.

When all the bugs are worked out here, if we are right about bug 98,
this might solve or mitigate bug 98.

This option is experimental and will likely require lots of testing
and debugging.
2011-11-18 17:43:03 -05:00
Nick Mathewson
6a6233b70b Fix a couple of memory leaks in rend_add_service spotted by coverity 2011-11-17 17:14:49 -05:00
Roger Dingledine
95163ec072 trivial code cleanup in generate_v2_networkstatus_opinion() 2011-11-16 18:59:20 -05:00
Roger Dingledine
3992c5487f fix trivial typo
somebody should s/authoritative directory server/directory authority/g
at some point
2011-11-16 18:10:13 -05:00
Nick Mathewson
2408934516 Merge remote-tracking branch 'sebastian/bug2893' 2011-11-16 17:30:24 -05:00
Sebastian Hahn
7bd46344df Eat all whitespace after a control command 2011-11-16 18:14:06 +01:00
Roger Dingledine
67650a869d allow manual control port authenticate via netcat 2011-11-16 18:14:03 +01:00
Sebastian Hahn
688b53059e Don't fail to send netinfo if real_addr is unset
If we haven't set real_addr on a connection, we also now that _base.addr
hasn't been tampered with. So we can use that.
2011-11-16 16:05:46 +01:00
Nick Mathewson
69dd993a92 Make certificate skew into a protocol warning 2011-11-15 15:57:46 -05:00
Nick Mathewson
26fcb4bb8c Merge remote-tracking branch 'sebastian/bug4469' 2011-11-15 11:59:37 -05:00
Nick Mathewson
3ef40f6993 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-15 11:42:38 -05:00
Sebastian Hahn
4b8d2ad6f5 Fix compile warnings on windows 2011-11-15 13:34:04 +01:00
Nick Mathewson
5bea660f8e Use real_addr in send_netinfo
Reported by "troll_un"; bugfix on 0.2.0.10-alpha; fixes bug 4349.
2011-11-14 22:43:40 -05:00
Nick Mathewson
4af82fb388 Merge remote-tracking branch 'public/bug4367' 2011-11-14 22:35:49 -05:00
George Kadianakis
406ae1ba5a Use callback-driven approach to block renegotiations.
Also use this new approach in the bufferevents-enabled case.
2011-11-13 14:47:11 +01:00
Nick Mathewson
ce51887291 All-in-one benchmark test for cell crypto 2011-11-11 13:06:17 -05:00
Nick Mathewson
f0589da0e3 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-09 11:04:40 -05:00
Nick Mathewson
d4489a2851 Rewrite comment at head of eventdns.c
Let's make it more obvious to the everyday reader that eventdns.c is
  a) Based on Libevent's evdns.c
  b) Slated for demolition
  c) Supposed to keep API-compatibility with Libevent.
  d) Not worth tweaking unless there's a bug.
2011-11-09 00:23:44 -05:00
Sebastian Hahn
4ccc8d0292 Don't exit on dirauths for some config transitions 2011-11-08 12:44:12 +01:00
Robert Ransom
565463243c Include HiddenServiceDir in some warning messages 2011-11-07 17:02:50 -08:00
Robert Ransom
bfb900e426 Add some XXXes 2011-11-07 15:32:43 -08:00
Robert Ransom
ef2b0bd528 Add GETINFO md/id/* and md/name/* items for relay microdescs 2011-11-07 15:32:33 -08:00
Nick Mathewson
4a7225d4c9 Merge remote-tracking branch 'rransom-tor/bug4411' 2011-11-07 11:57:07 -05:00
Robert Ransom
749b37bcf4 Fix assert on clients of and authorities for v0 HS descs 2011-11-07 08:48:23 -08:00
Nick Mathewson
ceebc8283f Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-07 11:48:02 -05:00
Nick Mathewson
ca282e5326 Merge branch 'bug4424' into maint-0.2.2 2011-11-07 11:47:28 -05:00
Nick Mathewson
02d89c5c66 Remove an extraneous "if" in the 4424 fix 2011-11-07 11:46:51 -05:00
Robert Ransom
65a0d7e7ef Don't leak an extend_info_t in rend_client_any_intro_points_usable 2011-11-07 08:35:51 -08:00
Nick Mathewson
51f53b590e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-07 10:44:02 -05:00
Nick Mathewson
4d8306e0e9 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-11-07 10:42:34 -05:00
Dan Rosenberg
d5161ab895 Fix remotely triggerable assert during ip decryption
Fixes bug 4410.
2011-11-06 17:23:14 +01:00
Nick Mathewson
c1005dd6d3 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-03 13:24:46 -04:00
George Kadianakis
3ae96845d3 Fix a memleak when fetching descriptors for bridges in ExcludeNodes. 2011-11-03 13:23:50 -04:00
Nick Mathewson
325a659cb1 Even when we can't answer an AUTH_CHALLENGE, send NETINFO.
Fixes bug 4368; fix on 0.2.3.6-alpha; bug found by "frosty".
2011-11-03 12:40:02 -04:00
Nick Mathewson
248b967ce6 Add comments and changes file for 4361; tweak control flow a bit 2011-11-03 12:31:31 -04:00
frosty
3dd2f990a3 Do not send a NETINFO cell as a client until after we have got a CERT cell 2011-11-03 12:03:05 -04:00
Nick Mathewson
88c4b425bd Fix bug 4367: correctly detect auth_challenge cells we can't use
Found by frosty_un, bugfix on 0.2.3.6-alpha, fix suggested by arma.
2011-11-03 11:52:35 -04:00
Andrea Gelmini
72d4d762c1 Remove some duplicate includes 2011-11-03 10:23:33 -04:00
Sebastian Hahn
eb30999972 Fix a check-spaces complaint 2011-11-02 20:57:58 +01:00
Sebastian Hahn
c98faa1a23 Resolve a crash when running as dirauth
When we're asked for our own descriptor, don't crash.
2011-11-02 20:57:23 +01:00
George Kadianakis
d4ba301f29 Tell the bridge operator on what ports his transports spawned.
- Add a LOG_WARN message when registering the transports of a server
  managed proxy, so that the bridge operator can see in what ports the
  transports spawned and notify his/her clients.
2011-11-02 14:23:41 +01:00
Robert Ransom
60ed98e184 Reduce lifetime of DH public key replay-detection cache elements 2011-10-31 05:05:45 -07:00
Robert Ransom
272dd90b5c Ignore timestamps of INTRODUCE2 cells 2011-10-31 05:05:45 -07:00
Roger Dingledine
be1f3a5eb5 normalize the name of the CERTS cell 2011-10-31 04:33:38 -04:00
Robert Ransom
1a52a947c5 Move the real INTRODUCE2 replay-detection cache into rend_intro_point_t 2011-10-30 04:46:58 -07:00
Robert Ransom
1eba4f0cc3 Make introduction points expire 2011-10-30 02:17:59 -07:00
Robert Ransom
00885652db Allow intro points to expire somewhat gracefully
The Right Way to expire an intro point is to establish a new one to
replace it, publish a new descriptor that doesn't list any expiring intro
points, and *then*, once our upload attempts for the new descriptor have
ended (whether in success or failure), close the expiring intro points.

Unfortunately, we can't find out when the new descriptor has actually been
uploaded, so we'll have to settle for a five-minute timer.

There should be no significant behaviour changes due to this commit (only
a log-message change or two), despite the rather massive overhaul, so this
commit doesn't include a changes/ file.  (The commit that teaches
intro_point_should_expire_now to return non-zero gets a changes/ file,
though.)
2011-10-30 02:17:10 -07:00
Robert Ransom
ae9a831294 Use SMARTLIST_FOREACH_BEGIN and _END, not a for loop 2011-10-30 02:17:07 -07:00
Robert Ransom
e46d56a9b4 Correct bogus comments
The behaviour of rend_services_introduce here is likely as bogus as the
comments were.
2011-10-30 02:17:06 -07:00
Robert Ransom
290b4dc3d6 Use a more meaningful variable name 2011-10-30 02:17:06 -07:00
Robert Ransom
68331cbd81 Determine whether an intro point was in the last HS desc in a sane way 2011-10-30 02:17:05 -07:00
Robert Ransom
3f6a2d3e2a Record which intro points were listed in the last HS desc 2011-10-30 02:17:05 -07:00
Robert Ransom
6f035cb2b4 Record the number of INTRODUCE2 cells each intro point has received 2011-10-30 02:17:04 -07:00
Robert Ransom
6b26999146 Correct a log message 2011-10-30 02:17:01 -07:00
Robert Ransom
c60148c7f5 Record the time at which each intro point was first published 2011-10-30 02:17:00 -07:00
Robert Ransom
6f220de7b9 Improve a comment 2011-10-30 02:17:00 -07:00
Robert Ransom
190aac0eab Allow different HSes to maintain different numbers of intro points 2011-10-30 02:16:59 -07:00
Roger Dingledine
eeb6588389 bridges send netinfo cells like clients on outgoing conns
fixes bug 4348
2011-10-29 21:43:23 -04:00
Sebastian Hahn
dfdb4fde1a Disable stats requiring geoip info if we have none
In other parts of the code we will otherwise attempt to collect these
statistics, and that will lead to crashes.
2011-10-29 11:20:02 +02:00
Nick Mathewson
4dd8d811d6 Merge branch 'bug4343' 2011-10-28 18:05:25 -04:00
Nick Mathewson
212c3acd42 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/command.c
2011-10-28 18:02:57 -04:00
Nick Mathewson
cf8bffa359 Discard all cells on a marked connection
Fix for bug 4299
2011-10-28 17:04:15 -04:00
Nick Mathewson
2018f86e0c "Authetnicate" is not the usual spelling 2011-10-28 16:41:04 -04:00
Nick Mathewson
c2a098e980 Fix a double-free that would occur on an invalid cert in a CERTS cell
We would stash the certs in the handshake state before checking them
for validity... and then if they turned out to be invalid, we'd give
an error and free them.  Then, later, we'd free them again when we
tore down the connection.

Fixes bug 4343; fix on 0.2.3.6-alpha.
2011-10-28 16:38:56 -04:00
Nick Mathewson
a2517fa77c Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-28 09:53:23 -04:00
Sebastian Hahn
f6b1dc2805 Fix typo, spotted by tmpname0901. Thanks! 2011-10-28 09:52:24 -04:00
Sebastian Hahn
2dec6597af Merge branch 'maint-0.2.2_secfix' into master_secfix
Conflicts:
	src/common/tortls.c
	src/or/connection_or.c
	src/or/dirserv.c
	src/or/or.h
2011-10-27 00:38:45 +02:00
Robert Ransom
4684ced1b3 Add option to give guard flag to relays without the CVE-2011-2768 fix
This way, all of the DA operators can upgrade immediately, without nuking
every client's set of entry guards as soon as a majority of them upgrade.

Until enough guards have upgraded, a majority of dirauths should set this
config option so that there are still enough guards in the network. After
a few days pass, all dirauths should use the default.
2011-10-26 23:56:47 +02:00
Robert Ransom
00fffbc1a1 Don't give the Guard flag to relays without the CVE-2011-2768 fix 2011-10-26 23:42:39 +02:00
Robert Ransom
4d0f152aad Make tor_version_same_series non-static 2011-10-26 23:36:30 +02:00
Sebastian Hahn
df05e5ef4d Merge branch 'maint-0.2.1_secfix' into maint-0.2.2_secfix
Conflicts:
	src/or/connection_or.c
2011-10-26 23:30:27 +02:00
Robert Ransom
a74e7fd40f Reject create cells on outgoing OR connections from bridges 2011-10-26 23:21:14 +02:00
Robert Ransom
c05bb53508 Mark which OR connections are outgoing 2011-10-26 23:21:11 +02:00
Robert Ransom
af12c39d6d Don't use any OR connection which sent us a CREATE_FAST cell for an EXTEND
Fix suggested by Nick Mathewson.
2011-10-26 23:20:56 +02:00
Roger Dingledine
a68867b150 manually backport a5232e0c4c 2011-10-26 17:11:52 -04:00
Roger Dingledine
cecc5b7aa1 stop asserting at boot
The patch for 3228 made us try to run init_keys() before we had loaded
our state file, resulting in an assert inside init_keys. We had moved
it too early in the function.

Now it's later in the function, but still above the accounting calls.
2011-10-26 22:09:44 +02:00
Nick Mathewson
55d9e4b8ba Reinit keys at the start of options_act().
Previously we did this nearer to the end (in the old_options &&
transition_affects_workers() block).  But other stuff cares about
keys being consistent with options... particularly anything which
tries to access a key, which can die in assert_identity_keys_ok().

Fixes bug 3228; bugfix on 0.2.2.18-alpha.

Conflicts:

	src/or/config.c
2011-10-26 22:09:44 +02:00
Robert Ransom
62c29a93ba Don't crash a bridge authority on SIGHUP if it's not in the consensus
Fixes bug 2572.
2011-10-26 22:09:44 +02:00
Sebastian Hahn
9082898944 Fix assert for relay/bridge state change
When we added support for separate client tls certs on bridges in
a2bb0bfdd5 we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.

Fixes bug 2433.

Conflicts:

	src/or/config.c
2011-10-26 22:09:44 +02:00
Nick Mathewson
b1632c3fb7 Fix memory leak in retry_all_listeners: Coverity CID 485 2011-10-26 13:22:20 -04:00
Nick Mathewson
097ed9998b Fix memory leak in options_act_reversible: fix Coverity CID 486,487 2011-10-26 13:22:13 -04:00
Nick Mathewson
e0a053be01 Do not tread vpadding cell as versions cell. Not in any released version. 2011-10-26 11:50:50 -04:00
George Kadianakis
9d53c00911 Fix a NULL pointer dereference in parse_server_transport_line(). 2011-10-26 11:21:11 -04:00
Nick Mathewson
beb9097bed Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-26 11:08:19 -04:00
Nick Mathewson
4a1a89be0c Merge remote-tracking branch 'public/cov_run224_022' into maint-0.2.2 2011-10-26 11:07:28 -04:00
Sebastian Hahn
34f12437d4 Fix a couple of pluggable transport bugs
Fix coverity complaints 490, 491 and 492. Especially the one in
parse_client_transport_line() could've been a remotely triggerable
segfault, I think.
2011-10-26 16:49:24 +02:00
Nick Mathewson
d0a91386e5 Don't crash when accountingmax is set in non-server Tors
We use a hash of the identity key to seed a prng to tell when an
accounting period should end.  But thanks to the bug998 changes,
clients no longer have server-identity keys to use as a long-term seed
in accounting calculations.  In any case, their identity keys (as used
in TLS) were never never fixed.  So we can just set the wakeup time
from a random seed instead there.  Still open is whether everybody
should be random.

This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha.

Diagnosed with help from boboper on irc.
2011-10-26 14:20:47 +02:00
Sebastian Hahn
3a890b3b70 Properly refcount client_identity_key
In a2bb0bf we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.
2011-10-26 14:17:01 +02:00
Nick Mathewson
dc557e8164 Add some asserts to get_{tlsclient|server}_identity_key
We now require that:
  - Only actual servers should ever call get_server_identity_key
  - If you're being a client or bridge, the client and server keys should
    differ.
  - If you're being a public relay, the client and server keys
    should be the same.
2011-10-26 14:16:54 +02:00
Nick Mathewson
2a2301e411 Rename get_client_identity_key to get_tlsclient_identity_key 2011-10-26 14:16:34 +02:00
Robert Ransom
59e565e2a2 Maintain separate server and client identity keys when appropriate.
Fixes a bug described in ticket #988.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:16:20 +02:00
Robert Ransom
9976df9e56 Maintain separate server and client TLS contexts.
Fixes bug #988.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:13:55 +02:00
Robert Ransom
8781640111 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:08:36 +02:00
Robert Ransom
07ab559a8e Add public_server_mode function. 2011-10-26 14:03:43 +02:00
George Kadianakis
340809dd22 Get rid of tor_tls_block_renegotiation().
Since we check for naughty renegotiations using
tor_tls_t.server_handshake_count we don't need that semi-broken
function (at least till there is a way to disable rfc5746
renegotiations too).
2011-10-26 13:16:14 +02:00
Nick Mathewson
7ab0b5ff71 Avoid likely memory fragmentation from rep_hist_note_descs_served
When you're doing malloc(sizeof(int)), something may well have gone
wrong.

This technique is a bit abusive, but we're already relying on it
working correctly in geoip.c.
2011-10-25 17:53:26 -04:00
Sebastian Hahn
7fbc018433 Add percentiles to the desc stats reporting
To get a better idea what's going on on Tonga, add some code to report
how often the most and least frequently fetched descriptor was fetched,
as well as 25, 50, 75 percentile.

Also ensure we only count bridge descriptors here.
2011-10-25 16:47:27 +02:00
George Kadianakis
6b3c3b968f Rename tor_process_destroy() to tor_process_handle_destroy(). 2011-10-24 16:04:31 +02:00
George Kadianakis
47a5b8009b Improve general code quality.
- Add a tor_process_get_pid() function that returns the PID of a
  process_handle_t.
- Conform to make check-spaces.
- Add some more documentation.
- Improve some log messages.
2011-10-24 16:01:24 +02:00
George Kadianakis
572aa4ec44 Add PT_PROTO_FAILED_LAUNCH managed proxy state.
We used to try to terminate the managed proxy process even if it
failed while launching. We introduce a new managed proxy state, to
represent a *broken* and *not launched* proxy.
2011-10-24 15:59:11 +02:00
George Kadianakis
20be928fae Make set_managed_proxy_environment() work on Windows. 2011-10-24 15:56:28 +02:00
Sebastian Hahn
f885c60501 Don't initialize desc stats for non-bridgedirauth nodes
Also make sure that calling rep_hist_note_desc_served() while stats
aren't initialized just returns.

Bug spotted by SwissTorHelp. Thanks!
2011-10-24 14:54:22 +02:00
Nick Mathewson
9d355bf479 Double-check that we really can get RSA keys from ID/Auth certs
Addresses issue 4287; issue not in any released Tor.
2011-10-23 13:31:09 -04:00
Nick Mathewson
80cf342e47 Fix memory leak in prop176 code
This fixes part of bug4252.  Bug not in any released version.
2011-10-23 13:23:53 -04:00
Nick Mathewson
0c2a3601e8 Merge remote-tracking branch 'rransom-tor/bug3825c' 2011-10-23 12:55:10 -04:00
Sebastian Hahn
42b96a041d Check for jumping clock in *format_*stats functions
None of these were real bugs (yet), because the callers made sure
everything was fine. Make it more explicit. Suggested by Nick
2011-10-21 11:21:42 -04:00
Sebastian Hahn
03c06b629f Add new stats type: descriptor fetch stats
This is used for the bridge authority currently, to get a better
intuition on how many descriptors are actually fetched from it and how
many fetches happen in total.

Implements ticket 4200.
2011-10-21 11:21:42 -04:00
Sebastian Hahn
af02c4a9c3 remove code related to tracking descriptor serving times
This had broken due to bitrot - it doesn't know about microdescriptors
at all, and afaik hasn't generally been used in ages.
2011-10-21 06:02:47 +02:00
Nick Mathewson
29825f0bfd Merge remote-tracking branch 'rransom-tor/bug4091' 2011-10-20 14:26:54 -04:00
Robert Ransom
9df99bbb91 Check whether a client port is a Unix socket before using its IP addr
Bugfix on commit c1ac0695d5, not yet in any
release.  Fixes bug 4091; bug reported by SwissTorHelp.
2011-10-20 03:17:23 -07:00
Nick Mathewson
169c81844d Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-20 00:03:43 -04:00
Nick Mathewson
3cb79a0286 Merge remote-tracking branch 'rransom-tor/bug4251-022' into maint-0.2.2 2011-10-20 00:01:58 -04:00
Nick Mathewson
384e300cb4 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-19 23:16:08 -04:00
Nick Mathewson
5aa45ed6af Fix crash when changing node restrictions with DNS lookup in progress
Fixes bug 4259, bugfix on 0.2.2.25-alpha.  Bugfix by "Tey'".

Original message by submitter:

  Changing nodes restrictions using a controller while Tor is doing
  DNS resolution could makes Tor crashes (on WinXP at least). The
  problem can be repeated by trying to reach a non-existent domain
  using Tor:

    curl --socks4a 127.0.0.1:9050 inexistantdomain.ext

  .. and changing the ExitNodes parameter through the control port
  before Tor returns a DNS resolution error (of course, the following
  command won't work directly if the control port is password
  protected):

    echo SETCONF ExitNodes=TinyTurtle | nc -v 127.0.0.1 9051

  Using a non-existent domain is needed to repeat the issue so that
  Tor takes a few seconds for resolving the domain (which allows us to
  change the configuration). Tor will crash while processing the
  configuration change.

  The bug is located in the addressmap_clear_excluded_trackexithosts
  method which iterates over the entries of the addresses map in order
  to check whether the changes made to the configuration will impact
  those entries. When a DNS resolving is in progress, the new_adress
  field of the associated entry will be set to NULL. The method
  doesn't expect this field to be NULL, hence the crash.
2011-10-19 23:14:05 -04:00
Robert Ransom
739c21e97b Free rend_data and intro_key when extra intro circs become general-purpose 2011-10-18 07:08:02 -07:00
George Kadianakis
45307ff980 Port managed proxy launching code to the new subprocess API. 2011-10-17 22:46:44 +02:00
Robert Ransom
b095be7f69 Check for intro circ timeouts properly
Previously, we would treat an intro circuit failure as a timeout iff the
circuit failed due to a mismatch in relay identity keys.  (Due to a bug
elsewhere, we only recognize relay identity-key mismatches on the first
hop, so this isn't as bad as it could have been.)

Bugfix on commit eaed37d14c, not yet in any
release.
2011-10-12 06:41:33 -07:00
Nick Mathewson
426f6bfda2 Stop using addr_port_lookup as an address splitting function
It's too risky to have a function where if you leave one parameter
NULL, it splits up address:port strings, but if you set it, it does
hostname resolution.
2011-10-11 12:02:19 -04:00
Nick Mathewson
491e20ae13 Change "reverse_lookup_name" functions to refer to "PTR_name"s
Under the new convention, having a tor_addr.*lookup function that
doesn't do hostname resolution is too close for comfort.

I used this script here, and have made no other changes.

  s/tor_addr_parse_reverse_lookup_name/tor_addr_parse_PTR_name/g;
  s/tor_addr_to_reverse_lookup_name/tor_addr_to_PTR_name/g;
2011-10-11 11:48:21 -04:00
Nick Mathewson
00b2b69add Fix names of functions that convert strings to addrs
Now let's have "lookup" indicate that there can be a hostname
resolution, and "parse" indicate that there wasn't.  Previously, we
had one "lookup" function that did resolution; four "parse" functions,
half of which did resolution; and a "from_str()" function that didn't
do resolution.  That's confusing and error-prone!

The code changes in this commit are exactly the result of this perl
script, run under "perl -p -i.bak" :

  s/tor_addr_port_parse/tor_addr_port_lookup/g;
  s/parse_addr_port(?=[^_])/addr_port_lookup/g;
  s/tor_addr_from_str/tor_addr_parse/g;

This patch leaves aton and pton alone: their naming convention and
behavior is is determined by the sockets API.

More renaming may be needed.
2011-10-11 11:30:12 -04:00
Nick Mathewson
69921837a7 Fix a bunch of whitespace errors 2011-10-11 11:30:01 -04:00
Nick Mathewson
8af0cfc10d Add some points to make it easy to turn off v3 support 2011-10-10 23:14:32 -04:00
Sebastian Hahn
35fe4825fc Quiet two notices, and spelling mistake cleanup 2011-10-10 23:14:31 -04:00
Sebastian Hahn
66200320ff Fix a few 64bit compiler warnings 2011-10-10 23:14:31 -04:00
Nick Mathewson
1bd65680bd Add more log statements for protocol/internal failures 2011-10-10 23:14:31 -04:00
Nick Mathewson
059d3d0613 Remove auth_challenge field from or_handshake_state_t
We didn't need to record this value; it was already recorded
implicitly while computing cell digests for later examination in the
authenticate cells.
2011-10-10 23:14:31 -04:00
Nick Mathewson
d79ff2ce94 spec conformance: allow only one cert of each type 2011-10-10 23:14:31 -04:00
Nick Mathewson
e56d7a3809 Give tor_cert_get_id_digests() fail-fast behavior
Right now we can take the digests only of an RSA key, and only expect to
take the digests of an RSA key.  The old tor_cert_get_id_digests() would
return a good set of digests for an RSA key, and an all-zero one for a
non-RSA key.  This behavior is too error-prone: it carries the risk that
we will someday check two non-RSA keys for equality and conclude that
they must be equal because they both have the same (zero) "digest".

Instead, let's have tor_cert_get_id_digests() return NULL for keys we
can't handle, and make its callers explicitly test for NULL.
2011-10-10 23:14:31 -04:00
Nick Mathewson
ce102f7a59 Make more safe_str usage happen for new logs in command.c 2011-10-10 23:14:30 -04:00
Nick Mathewson
23664fb3b8 Set up network parameters on non-authenticated incoming connections
Also add some info log messages for the steps of the v3 handshake.

Now my test network bootstraps!
2011-10-10 23:14:30 -04:00
Nick Mathewson
7aadae606b Make sure we stop putting cells into our hash at the right time. 2011-10-10 23:14:30 -04:00
Nick Mathewson
41b250d7ea Bugfixes for authenticate handling and generation 2011-10-10 23:14:30 -04:00
Nick Mathewson
610cb0ecc4 Fix log message about what cells we are sending 2011-10-10 23:14:30 -04:00
Nick Mathewson
f726c67dd4 more verbose log for recording an odd cell 2011-10-10 23:14:30 -04:00
Nick Mathewson
40f343e176 Actually accept cells in SERVER_RENEGOTIATING 2011-10-10 23:14:29 -04:00
Nick Mathewson
7935c4bdfa Allow "finished flushing" during v3 handshake 2011-10-10 23:14:29 -04:00
Nick Mathewson
83bb9742b5 Hook up all of the prop176 code; allow v3 negotiations to actually work 2011-10-10 23:14:18 -04:00
Nick Mathewson
9a77ebc794 Make tor_tls_cert_is_valid check key lengths 2011-10-10 23:14:17 -04:00
Nick Mathewson
3f22ec179c New functions to record digests of cells during v3 handshake
Also, free all of the new fields in or_handshake_state_t
2011-10-10 23:14:17 -04:00
Nick Mathewson
6c7f28454e Implement cert/auth cell reading 2011-10-10 23:14:17 -04:00
Nick Mathewson
81024f43ec Basic function to write authenticate cells
Also, tweak the cert cell code to send auth certs
2011-10-10 23:14:16 -04:00
Nick Mathewson
df78daa5da Functions to send cert and auth_challenge cells. 2011-10-10 23:14:10 -04:00
Nick Mathewson
1b0645acba Cell types and states for new OR handshake
Also, define all commands > 128 as variable-length when using
v3 or later link protocol.  Running into a var cell with an
unrecognized type is no longer a bug.
2011-10-10 23:14:09 -04:00
Nick Mathewson
bc2d9357f5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-10 22:50:52 -04:00
Sebastian Hahn
b4bd836f46 Consider hibernation before dropping privs
Without this patch, Tor wasn't sure whether it would be hibernating or
not, so it postponed opening listeners until after the privs had been
dropped. This doesn't work so well for low ports. Bug was introduced in
the fix for bug 2003. Fixes bug 4217, reported by Zax and katmagic.
Thanks!
2011-10-11 02:42:12 +02:00
Robert Ransom
9648f034c0 Update documentation comment for rend_client_reextend_intro_circuit
One of its callers assumes a non-zero result indicates a permanent failure
(i.e. the current attempt to connect to this HS either has failed or is
 doomed).  The other caller only requires that this function's result
never equal -2.

Bug reported by Sebastian Hahn.
2011-10-10 05:33:53 -07:00
Robert Ransom
274b25de12 Don't launch a useless circuit in rend_client_reextend_intro_circuit
Fixes bug 4212.  Bug reported by katmagic and found by Sebastian.
2011-10-10 03:05:19 -07:00
Nick Mathewson
ca597efb22 Merge remote-tracking branch 'karsten/feature3951' into maint-0.2.2 2011-10-07 16:46:50 -04:00
Nick Mathewson
1ec22eac4b Merge remote-tracking branch 'public/bug2003_nm' 2011-10-07 16:43:45 -04:00
Nick Mathewson
8b0ee60fe7 reinstate a notice for the non-loopback socksport case
Thanks to prop171, it's no longer a crazy thing to do, but you should
make sure that you really meant it!
2011-10-07 16:34:21 -04:00
Nick Mathewson
b49fcc6cf2 Merge remote-tracking branch 'rransom-tor/bug4018' 2011-10-07 16:32:04 -04:00
Nick Mathewson
ed39621a9d Merge remote-tracking branch 'asn2/bug3656'
Conflicts:
	src/common/util.c
	src/common/util.h
	src/or/config.h
	src/or/main.c
	src/test/test_util.c
2011-10-07 16:05:13 -04:00
Nick Mathewson
98e5c63eb2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-07 12:20:08 -04:00
warms0x
6d027a3823 Avoid running DNS self-tests if we're operating as a bridge 2011-10-07 12:18:26 -04:00
George Kadianakis
3be9d76fa2 Make it compile on Windows™. 2011-10-07 15:44:44 +02:00
George Kadianakis
105cc42e96 Support multiple transports in a single transport line.
Support multiple comma-separated transpotrs in a single
{Client,Server}TransportPlugin line.
2011-10-07 14:13:41 +02:00
Nick Mathewson
2412e0e402 Check return of init_keys() ip_address_changed: fix Coverity CID 484 2011-10-06 14:13:09 -04:00
Karsten Loesing
9dfb884522 Turn on directory request statistics by default.
Change the default values for collecting directory request statistics and
inlcuding them in extra-info descriptors to 1.

Don't break if we are configured to collect directory request or entry
statistics and don't have a GeoIP database. Instead, print out a notice
and skip initializing the affected statistics code.

This is the cherry-picked 499661524b.
2011-10-05 08:03:31 +02:00
Nick Mathewson
05f672c8c2 Fix compilation of 3335 and 3825 fixes
In master, they ran into problems with the edge_conn/entry_conn split.
2011-10-03 15:13:38 -04:00
Nick Mathewson
4aa4bce474 Merge remote-tracking branch 'rransom-tor/bug3335-v2'
Conflicts:
	src/or/connection_edge.c
	src/or/rendclient.c
2011-10-03 15:06:07 -04:00
Fabian Keil
13f0d22df0 Rephrase the log messages emitted if the TestSocks check is positive
Previously Tor would always claim to have been given a hostname
by the client, while actually only verifying that the client
is using SOCKS4A or SOCKS5 with hostnames. Both protocol versions
allow IP addresses, too, in which case the log messages were wrong.

Fixes #4094.
2011-10-03 12:56:46 -04:00
Robert Ransom
c5226bfe1c Remove an HS's last_hid_serv_requests entries when a conn. attempt ends 2011-10-02 16:19:36 -07:00
Robert Ransom
bcfc383dc9 Record the HS's address in last_hid_serv_request keys 2011-10-02 16:19:35 -07:00
Robert Ransom
e07307214e Fix comment typo 2011-10-02 16:19:23 -07:00
Robert Ransom
fbea8c8ef1 Detect and remove unreachable intro points 2011-10-02 12:49:35 -07:00
Robert Ransom
34a6b8b7e5 Clear the timed_out flag when an HS connection attempt ends 2011-10-02 12:49:35 -07:00
Robert Ransom
eaed37d14c Record intro point timeouts in rend_intro_point_t 2011-10-02 12:49:34 -07:00
Robert Ransom
6803c1c371 Refetch an HS's desc if we don't have a usable one
Previously, we wouldn't refetch an HS's descriptor unless we didn't
have one at all.  That was equivalent to refetching iff we didn't have
a usable one, but the next commit will make us keep some non-usable HS
descriptors around in our cache.

Code bugfix on the release that introduced the v2 HS directory system,
because rend_client_refetch_v2_renddesc's documentation comment should
have described what it actually did, not what its behaviour happened
to be equivalent to; no behaviour change in this commit.
2011-10-02 12:42:19 -07:00
Roger Dingledine
f6db0f128c refill our token buckets 10 times/sec, not 100
refilling often is good, but refilling often has unclear side effects
on a) cpu load, and b) making sure every cell, ever, is sent out one at
a time
2011-09-28 15:38:36 -04:00
Roger Dingledine
36829539d6 Merge branch 'maint-0.2.2' 2011-09-28 15:38:02 -04:00
Roger Dingledine
ff8aba7053 bridges should use create_fast cells for their own circuits
fixes bug 4124, as noticed in bug 4115
2011-09-28 15:35:27 -04:00
Roger Dingledine
4e88a3bc3e Merge branch 'maint-0.2.2' 2011-09-28 15:13:05 -04:00
Roger Dingledine
0b5d2646d5 bug 4115: make bridges use begindir for their dir fetches
removes another avenue for enumerating bridges.
2011-09-28 14:50:43 -04:00
Nick Mathewson
6201b8b361 Make sure the microdesc cache is loaded before setting a v3 md consensus
Otherwise, we can wind up munging our reference counts if we set it in
the middle of loading the nodes.  This happens because
nodelist_set_consensus() and microdesc_reload_cache() are both in the
business of adjusting microdescriptors' references.
2011-09-28 14:19:39 -04:00
Nick Mathewson
4a10845075 Add some debugging code to microdesc.[ch] 2011-09-28 14:13:49 -04:00
Nick Mathewson
a4b7525c3c Fix a crash bug in tor_assert(md->held_by_node)
The fix is to turn held_by_node into a reference count.

Fixes bug 4118; bugfix on 0.2.3.1-alpha.
2011-09-28 13:40:21 -04:00
Roger Dingledine
e98c9a1bf6 if we have enough usable guards, just pick one
we don't need to check whether we don't have enough guards right after
concluding that we do have enough.

slight efficiency fix suggested by an anonymous fellow on irc.
2011-09-27 17:35:31 -04:00
Roger Dingledine
88516f65c9 Merge branch 'maint-0.2.2' 2011-09-24 22:47:53 -04:00
Roger Dingledine
1c2e4d1336 trivial whitespace changes, take two 2011-09-24 22:46:21 -04:00
Nick Mathewson
c42a1886cc Trivial whitespace fixes 2011-09-24 22:15:59 -04:00
Tom Lowenthal
5835acc6f9 Ticket #4063 - change circuit build timeout log entries from NOTICE to INFO 2011-09-24 22:12:40 -04:00
George Kadianakis
e2703e3654 Improve wording in some comments and log messages. 2011-09-23 17:50:56 +02:00
Nick Mathewson
fee094afcd Fix issues in 3630 patch noted by Karsten 2011-09-22 15:07:35 -04:00
Nick Mathewson
41dfc4c19c Make bufferevents work with TokenBucketRefillInterval 2011-09-22 15:07:34 -04:00
Nick Mathewson
052b95e2f1 Refactor connection_bucket_refill(_helper) to avoid roundoff
We were doing "divide bandwidth by 1000, then multiply by msec", but
that would lose accuracy: instead of getting your full bandwidth,
you'd lose up to 999 bytes per sec.  (Not a big deal, but every byte
helps.)

Instead, do the multiply first, then the division.  This can easily
overflow a 32-bit value, so make sure to do it as a 64-bit operation.
2011-09-22 15:07:34 -04:00
Nick Mathewson
0721abbf1b Move around check for TokenBucketRefillInterval; disallow changes to it 2011-09-22 15:07:34 -04:00
Florian Tschorsch
6b1d8321ae New torrc option to allow bucket refill intervals of less than 1 sec
Implements bug3630.
2011-09-22 15:07:23 -04:00
Nick Mathewson
2394c74017 Log errno on listener socket creation failure.
This may help diagnose bug 4027.
2011-09-15 09:51:48 -04:00
Robert Ransom
c1ac0695d5 Fix a bogus warning 2011-09-14 00:05:03 -07:00
Roger Dingledine
1fcaeb6092 Merge branch 'maint-0.2.2' 2011-09-13 18:32:00 -04:00
Roger Dingledine
4a351b4b9e Merge branch 'maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/main.c
	src/or/router.c
2011-09-13 18:27:13 -04:00
Roger Dingledine
62ec584a30 Generate our ssl session certs with a plausible lifetime
Nobody but Tor uses certs on the wire with 2 hour lifetimes,
and it makes us stand out. Resolves ticket 4014.
2011-09-13 18:24:45 -04:00
George Kadianakis
2e73f9b3ee Put some sense into our logging.
Transform our logging severities to something more sensible.
Remove sneaky printf()s.
2011-09-12 00:10:07 +02:00
George Kadianakis
d0416ce3ec Don't warn of stray Bridges if managed proxies are still unconfigured.
With managed proxies you would always get the error message:

"You have a Bridge line using the X pluggable transport, but there
doesn't seem to be a corresponding ClientTransportPlugin line."

because the check happened directly after parse_client_transport_line()
when managed proxies were not fully configured and their transports
were not registered.

The fix is to move the validation to run_scheduled_events() and make
sure that all managed proxies are configured first.
2011-09-11 23:51:29 +02:00
George Kadianakis
e8715b3041 Constification. 2011-09-11 23:35:00 +02:00
George Kadianakis
de7565f87f Make check-spaces happy. 2011-09-11 23:34:36 +02:00
George Kadianakis
c6811c57cb Enforce transport names being C identifiers.
Introduce string_is_C_identifier() and use it to enforce transport
names according to the 180 spec.
2011-09-11 23:34:11 +02:00
George Kadianakis
3136107421 Trivial fixes around the code.
* C90-fy.
* Remove ASN comments.
* Don't smartlist_clear() before smartlist_free().
* Plug a mem. leak.
2011-09-11 23:33:31 +02:00
Nick Mathewson
386966142e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-09-11 16:25:14 -04:00
George Kadianakis
9a42ec6857 Be more defensive in get_transport_bindaddr().
Make sure that lines in get_transport_bindaddr() begin with the name
of the transport and a space.
2011-09-11 21:33:02 +02:00
George Kadianakis
ebc232bb79 Fix bug in get_transport_in_state_by_name() when using strcmpstart().
We now split the state lines into smartlists and compare the token
properly. Not that efficient but it's surely correct.
2011-09-11 21:22:37 +02:00
George Kadianakis
2703e41d8b Improve how we access or_state_t.
* Use get_or_state()->VirtualOption instead of relying on
  config_find_option(), STRUCT_VAR_P and voodoo.
2011-09-11 20:57:01 +02:00
George Kadianakis
0dcf327248 Remove connection_uses_transport() since it was unused. 2011-09-11 20:33:27 +02:00
George Kadianakis
9bf34eb65b Allow interwined {Client,Server}TransportPlugin lines. 2011-09-11 20:30:08 +02:00
George Kadianakis
a002f0e7c0 Update the transports.c documentation based on the new data. 2011-09-11 20:29:52 +02:00
George Kadianakis
1e92b24889 Update transports.[ch] to support SIGHUPs. 2011-09-11 20:29:12 +02:00
George Kadianakis
fa514fb207 Prepare circuitbuild.[ch] and config.[ch] for SIGHUPs.
* Create mark/sweep functions for transports.
* Create a transport_resolve_conflicts() function that tries to
  resolve conflicts when registering transports.
2011-09-11 20:28:47 +02:00
Roger Dingledine
cca806c56c fix whitespace (two-space indent) 2011-09-11 01:33:04 -04:00
Robert Ransom
8ea6d29fe4 Demote 'INTRODUCE2 cell is too {old,new}' message to info level 2011-09-10 21:56:05 -04:00
Robert Ransom
b10735903b Demote HS 'replay detected' log message for DH public keys to info level 2011-09-10 21:56:05 -04:00
Robert Ransom
07a5cf285a Describe rend_service_descriptor_t more completely 2011-09-10 19:09:01 -04:00
Robert Ransom
aa900b17ca Describe rend_intro_point_t more completely 2011-09-10 19:05:53 -04:00
Fabian Keil
c6f6b567e0 Stop parse_client_port_config() from misinterpreting FooListenAddress and FooPort in legacy syntax
Previously the FooPort was ignored and the default used instead,
causing Tor to bind to the wrong port if FooPort and the default
port don't match or the CONN_TYPE_FOO_LISTENER has no default port.

Fixes #3936.
2011-09-10 17:48:37 -04:00
Fabian Keil
087e0569c3 Fix whitespace in parse_client_port_config() 2011-09-10 17:48:36 -04:00
Nick Mathewson
35f9be7d04 Merge remote-tracking branch 'rransom-tor/typo-fix-ohkah8Ah' 2011-09-10 17:45:27 -04:00
Robert Ransom
c621e52883 Fix log message typo. 2011-09-10 16:15:52 -04:00
George Kadianakis
c852760b80 Replaced some leftover assert()s with tor_assert()s. 2011-09-10 00:45:28 +02:00
Nick Mathewson
a41f1fc612 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	configure.in
	src/or/circuitbuild.c
2011-09-09 12:58:12 -04:00
Nick Mathewson
b0695c11eb Merge remote-tracking branch 'public/gcc-295-fix' into maint-0.2.2 2011-09-09 12:54:27 -04:00
Nick Mathewson
4467799f45 Merge remote-tracking branch 'public/enhance_replay_detection' into maint-0.2.2 2011-09-09 12:53:45 -04:00
Nick Mathewson
cb9226bcdb Check for replays in PK-encrypted part of intro cell, not just in the g^x value 2011-09-09 12:49:47 -04:00
Nick Mathewson
45eadf3955 All NT service configuration commands should make the process exit.
Fixes bug 3963; fix on 0.2.0.7-alpha.
2011-09-08 21:54:12 -04:00
Nick Mathewson
d3ff167e09 Fix whitespace issues in patches merged today so far 2011-09-07 20:26:58 -04:00
Nick Mathewson
9bdde89027 Make the unit tests pass again after the bug2003 fix 2011-09-07 17:48:21 -04:00
Jérémy Bobbio
58a0afe30f chown() sockets when User option is set
Fixes bug 3421
2011-09-07 15:49:01 -04:00
Nick Mathewson
5c53a0f867 fix a const warning 2011-09-07 15:06:01 -04:00
Nick Mathewson
3e3480d704 Report reason for generating descriptor in an HTTP header
Suggested by arma; based on 3327.
2011-09-07 15:03:28 -04:00
Nick Mathewson
ed463404e9 Clean up HTTP request header generation a little
Use a list of headers rather than trying to printf every header that
might exist.
2011-09-07 15:02:02 -04:00
Nick Mathewson
1f4b6944c0 Upload descriptors more often when recent desc is unlisted
Right now we only force a new descriptor upload every 18 hours.
This can make servers become unlisted if they upload a descriptor at
time T which the authorities reject as being "too similar" to one
they uploaded before. Nothing will actually make the server upload a
new descriptor later on, until another 18 hours have passed.

This patch changes the upload behavior so that the 18 hour interval
applies only when we're listed in a live consensus with a descriptor
published within the last 18 hours.  Otherwise--if we're not listed
in the live consensus, or if we're listed with a publication time
over 18 hours in the past--we upload a new descriptor every 90
minutes.

This is an attempted bugfix for #3327.  If we merge it, it should
obsolete #535.
2011-09-07 15:01:52 -04:00
Nick Mathewson
41eef6680e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/dirserv.c
	src/or/networkstatus.c

Conflicts were related to routerinfo->node shift.
2011-09-07 14:51:55 -04:00
Nick Mathewson
dfa6cde4d4 Merge remote-tracking branch 'public/bug2649_squashed' into maint-0.2.2 2011-09-07 14:43:06 -04:00
Nick Mathewson
d27874a4f2 Remove a now-needless test. 2011-09-07 14:18:32 -04:00
Nick Mathewson
0cb01f5c97 Merge remote-tracking branch 'public/split_entry_conn'
Conflicts:
	src/or/connection.c
	src/or/connection_edge.c
	src/or/connection_edge.h
	src/or/dnsserv.c

Some of these were a little tricky, since they touched code that
changed because of the prop171 fixes.
2011-09-07 14:13:57 -04:00
Robert Ransom
8aad677bb7 Die if tor_vasprintf fails in connection_printf_to_buf
tor_asprintf already asserts if it fails.
2011-09-07 12:14:58 -04:00
Nick Mathewson
947012e153 Merge remote-tracking branch 'public/bug3851' 2011-09-07 11:22:24 -04:00
Nick Mathewson
9ef2cd7776 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection_edge.c

Conflicted on a router->node transition; fix was easy.
2011-09-06 20:55:31 -04:00
Nick Mathewson
2bf0e7479b Fix assertion in addressmap_clear_excluded_trackexithosts
Fixes bug 3923; bugfix on 0.2.2.25-alpha; bugfix from 'laruldan' on trac.
2011-09-06 20:26:20 -04:00
Sebastian Hahn
d10ae9c028 Don't update AccountingSoftLimitHitAt on startup
Add a "default" state which we use until we've decided whether we're
live or hibernating. This allows us to properly track whether we're
resuming a hibernation period or not. Fixes bug 2003.
2011-09-01 17:21:50 +02:00
Sebastian Hahn
ebb5f8df36 Explicitly set bucket_cfg to NULL after we freed it
This should fix bug 3888.
2011-09-01 12:34:16 +02:00
Roger Dingledine
44f6be4681 let private tor networks more reliably handle hidden services
this is a tweak on the fix in f87c6f100d (see also #2088)
2011-09-01 03:13:27 -04:00
Nick Mathewson
393e4fb5b5 Use %f with printf-style formatting, not %lf
For printf, %f and %lf are synonymous, since floats are promoted to
doubles when passed as varargs.  It's only for scanf that we need to
say "%lf" for doubles and "%f" for floats.

Apparenly, some older compilers think it's naughty to say %lf and like
to spew warnings about it.

Found by grarpamp.
2011-08-30 20:44:42 -04:00
Nick Mathewson
561ab14a5e Switch a SMARTLIST_FOREACH in circuitbuild.c to BEGIN/END
It had some cpp stuff inside, and older GCCs don't like preprocessor
directives inside macro arguments.

Found by grarpamp.
2011-08-30 20:44:30 -04:00
Sebastian Hahn
b51e21c5d0 Add a bufferevent note to startup log
This should help us easily spot if a tor was built with
--enable-bufferevent or not
2011-08-29 23:10:03 +02:00
Nick Mathewson
cdbfc2a0c2 Fix compilation on non-bufferevent systems after 3803 fix: oops. 2011-08-29 13:41:59 -04:00
Nick Mathewson
0de8afd8f5 Split out rephist parts of buckets_decrement
For bufferevents, we had all of connection_buckets_decrement() stubbed
out.  But that's not actually right!  The rephist_* parts were
essential for, inter alia, recording our own bandwidth.  This patch
splits out the rephist parts of connection_buckets_decrement() into their
own function, and makes the bufferevent code call that new function.

Fixes bug 3803, and probably 3824 and 3826 too.  Bugfix on 0.2.3.1-alpha.
2011-08-29 13:33:31 -04:00
Nick Mathewson
3b02a959b3 Make FetchUselessDescriptors fetch all desc types
Previously, if you were set up to use microdescriptors, and you
weren't a cache, you'd never fetch router descriptors (except for
bridges).  Now FetchUselessDescriptors causes descriptors and
mirodescs to get cached.  Also, FetchUselessDescriptors changes the
behavior of "UseMicrodescriptors auto" to be off, since there's no
point in saying "UseMicrodescriptors 1" when you have full descriptors
too.

Fix for bug 3851; bugfix on 0.2.3.1-alpha.
2011-08-29 11:18:06 -04:00
George Kadianakis
c554a27a44 Clarify the heartbeat message a bit. 2011-08-27 18:45:54 +02:00
Nick Mathewson
81fe1934af Fix a bufferevent-related bug that killed tunneled dirserv conns
Because tunneled connections are implemented with buffervent_pair,
writing to them can cause an immediate flush.  This means that
added to them and then checking to see whether their outbuf is
empty is _not_ an adequate way to see whether you added anything.
This caused a problem in directory server connections, since they
would try spooling a little more data out, and then close the
connection if there was no queued data to send.

This fix should improve matters; it only closes the connection if
there is no more data to spool, and all of the spooling callbacks
are supposed to put the dirconn into dir_spool_none on completion.

This is bug 3814; Sebastian found it; bugfix on 0.2.3.1-alpha.
2011-08-26 16:10:17 -04:00
Nick Mathewson
dfcd3d9ce0 Set write low-watermarks on all bufferevents.
If we don't do this, then we never invoke the bufferevent write
callbacks until all the bufferevent's data is flushed.
2011-08-24 17:31:37 -04:00
Nick Mathewson
59d0f750c9 Apply rate-limiting to the lowest bufferevent in the stack.
When we're doing filtering ssl bufferevents, we want the rate-limits
to apply to the lowest level of the bufferevent stack, so that we're
actually limiting bytes sent on the network. Otherwise, we'll read
from the network aggressively, and only limit stuff as we process it.
2011-08-24 17:31:32 -04:00
Nick Mathewson
dd6a9a923d Disable run-time changes to DisableIOCP: They do not work 2011-08-19 17:07:54 -04:00
Nick Mathewson
df96aed14f Remove warning about a loop parsing evbuffer socks
This behavior is normal when we want more data than the evbuffer
actually has for us.  We'll ask for (say) 7 bytes, get only 5
(because that's all there is), try to parse the 5 bytes, and get
told "no, I want 7".  One option would be to bail out early whenever
want_length is > buflen, but sometimes we use an over-large
want_length.  So instead, let's just remove the warning here: it's
not a bug after all.
2011-08-18 16:15:03 -04:00
Nick Mathewson
263d68aa82 Appease "make check-spaces" 2011-08-18 15:17:37 -04:00
Nick Mathewson
d2cd67c83f Use evbuffer_copyout() in inspect_evbuffer(). 2011-08-17 13:09:05 -04:00
Nick Mathewson
06be6105e4 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
2011-08-17 12:00:44 -04:00
Nick Mathewson
d79d648edc Don't write ControlPorts to disk till after we setuid and make datadir
Fix for bug 3747; bugfix on 0.2.2.26-beta.
2011-08-17 11:22:16 -04:00
Nick Mathewson
14552a12b3 Merge branch 'bug3743' 2011-08-17 10:46:28 -04:00
Nick Mathewson
6650dc932a Remove a needless config_find_option 2011-08-17 10:46:22 -04:00
Sebastian Hahn
6a06f45b04 Actually pick a random port when "auto" is specified
ddc65e2b33 had broken this
2011-08-17 10:41:36 -04:00
Kamran Riaz Khan
e6e804848c Don't compare LINELIST_S and OBSOLETE config options. 2011-08-16 06:28:38 +05:00
George Kadianakis
db4cde3810 Improve the code a tad.
* Use strcmpstart() instead of strcmp(x,y,strlen(y)).
* Warn the user if the managed proxy failed to launch.
* Improve function documentation.
* Use smartlist_len() instead of n_unconfigured_proxies.
* Split managed_proxy_destroy() to managed_proxy_destroy()
  and managed_proxy_destroy_with_transports().
* Constification.
2011-08-15 17:26:03 +02:00
Nick Mathewson
2dc40b9c49 Merge remote-tracking branch 'asn/bug3728' 2011-08-15 11:06:50 -04:00
Nick Mathewson
aeb27526f8 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-08-15 10:54:55 -04:00
Robert Ransom
03f6ee8c5f Remove extra quotation marks around the result of esc_for_log 2011-08-15 10:54:19 -04:00
Nick Mathewson
0ddc8de0b6 Oops; _actually_ enable microdesc-by-default for clients
It turns out that it wasn't enough to set the configuration to
"auto", since the correct behavior for "auto" had been disabled in
microdesc.c.   :p

(Hasn't been in a release yet, so doesn't need a changes entry.)
2011-08-15 10:52:23 -04:00
George Kadianakis
ec8d0a6d83 Free global_rate_limit in connection_free_all(). 2011-08-13 20:37:13 +02:00
George Kadianakis
a5fd07d178 Move connection_free_all() to the bottom of connection.c to enjoy maximum visibility. 2011-08-13 20:29:22 +02:00
George Kadianakis
ea3e9416c6 Spawn multiple protocols using a single managed proxy.
If multiple torrc transport lines have the same argv, tor instructs a
single managed proxy to launch multiple protocols.
2011-08-12 21:33:05 +02:00
Nick Mathewson
5da9f722f2 Whitespace tweaks 2011-08-10 15:06:45 -04:00
Nick Mathewson
5252c9434f Fix a const warning in bug1692 code 2011-08-10 15:06:11 -04:00
Nick Mathewson
b76f46c6d8 Merge branch 'bug1692-squashed' 2011-08-10 15:04:36 -04:00
Kamran Riaz Khan
02a735dfa8 Fix condition reported by nickm. 2011-08-10 15:03:25 -04:00
Kamran Riaz Khan
73f07c558b Return if CONF_CHANGED isn't interesting. 2011-08-10 15:03:25 -04:00
Kamran Riaz Khan
643913de75 Escape configuration values before sending them via CONF_CHANGED. 2011-08-10 15:03:24 -04:00
Kamran Riaz Khan
86f68ed695 Use smartlist_asprintf_add() to improve readability. 2011-08-10 15:03:24 -04:00
Nick Mathewson
333df6006d Make FooPort 0 correctly disable the FooPort.
Since the prop171 stuff, it had instead made Tor bind port 0, and
re-bind it differently all the time.

Resolves bug3704; not in any released version.
2011-08-09 14:52:22 -04:00
Sebastian Hahn
7c340a97b1 Sticking a size_t into long generates a warn on win 2011-08-09 11:34:21 +02:00
Kamran Riaz Khan
5f624805e7 Minor code readability fix. 2011-08-09 03:17:21 +05:00
Kamran Riaz Khan
23ef12462a Minor comment fix. 2011-08-08 19:58:43 +05:00
Kamran Riaz Khan
02c62b2966 Refactor to do CONF_CHANGED event formatting inside control.c 2011-08-08 19:19:06 +05:00
Nick Mathewson
a72b1815e8 Merge remote-tracking branch 'public/bug3550' 2011-08-08 10:05:41 -04:00
Robert Ransom
cb24a06a3e Remove connection_edge_streams_are_compatible
It's dead code (not used anywhere by the current proposal 171 algorithm).
2011-08-08 09:43:16 -04:00
Robert Ransom
cab3641638 Fix handling of ISO_STREAM
Now we track *which* stream with ISO_STREAM set is associated to a
particular circuit, so that we won't think that stream is incompatible
with its circuit and launch another one a second later, and we use that
same field to mark circuits which have had an ISO_STREAM stream attached
to them, so that we won't ever put a second stream on that circuit.

Fixes bug 3695.
2011-08-08 09:42:48 -04:00
Kamran Riaz Khan
5a801a8c8b Emits CONF_CHANGED events whenever Tor's configuration values change. 2011-08-08 04:38:53 +05:00
George Kadianakis
941709ee50 Server transport proxies should bind on the same port each time, if possible. 2011-08-07 18:05:40 +02:00
Robert Ransom
52421e9101 Fix log message typo 2011-08-06 00:25:07 -07:00
Nick Mathewson
ce87887461 Merge remote-tracking branch 'public/bug3683' 2011-08-05 20:21:27 -04:00
Nick Mathewson
413574ad38 Clear socks auth fields before free 2011-08-05 19:07:33 -04:00
Nick Mathewson
e511a3a4dd Handle storing much longer socks4 authentication data. 2011-08-05 18:56:30 -04:00
Karsten Loesing
d690a99dfe Clean up bridge-stats code.
Only write a bridge-stats string if bridge stats have been
initialized.  This behavior is similar to dirreq-stats, entry-stats,
etc.

Also add a few unit tests for the bridge-stats code.
2011-08-04 21:18:19 +02:00
Karsten Loesing
88083463cb Separate generation of an entry-stats string from writing it to disk.
This commit is similar to the previous two commits for dirreq-stats,
but for entry-stats.
2011-08-04 21:18:19 +02:00
Karsten Loesing
2174fc0ba0 Separate generation of a dirreq-stats string from writing it to disk.
This patch separates the generation of a dirreq-stats string from
actually writing it to disk.  The new geoip_format_dirreq_stats()
generates a dirreq-stats string that geoip_dirreq_stats_write() writes
to disk.  All the state changing (e.g., resetting the dirreq-stats
history and initializing the next measurement interval) takes place in
geoip_dirreq_stats_write().  That allows us to finally test the
dirreq-stats code better.
2011-08-04 21:18:19 +02:00
Karsten Loesing
abeaabba00 Clean up geoip_dirreq_stats_write().
We later want to split this function into one function that generates
the dirreq-stats string and one that writes it to disk.
2011-08-04 21:18:19 +02:00
Karsten Loesing
3d3ed853e7 Add unit tests for buffer-stats.
Now that formatting the buffer-stats string is separate from writing
it to disk, we can also decouple the logic to extract stats from
circuits and finally write some unit tests for the history code.
2011-08-04 21:18:18 +02:00
Karsten Loesing
07dc46e7fc Separate generation of a buffer-stats string from writing it to disk.
The new rep_hist_format_buffer_stats() generates a buffer-stats string
that rep_hist_buffer_stats_write() writes to disk.  All the state
changing (e.g., resetting the buffer-stats history and initializing
the next measurement interval) takes place in
rep_hist_buffer_stats_write().  That allows us to finally test the
buffer-stats code better.
2011-08-04 21:18:18 +02:00
Karsten Loesing
95ebd01e62 Clean up rep_hist_buffer_stats_write().
We later want to split this function into one function that generates
the buffer-stats string and one that writes it to disk.
2011-08-04 21:18:13 +02:00
Karsten Loesing
8f4e5fa2b5 Create cell-stats history even if we didn't see a single circuit.
So far, if we didn't see a single circuit, we refrained from
generating a cell-stats string and logged a warning.  Nobody will
notice the warning, and people will wonder why there's no cell-stats
string in the extra-info descriptor.  The better behavior is to
generate a cell-stats string with all zeros.
2011-08-04 21:04:44 +02:00
Karsten Loesing
a6a127c833 Replace files in stats/ rather than appending to them.
Right now, we append statistics to files in the stats/ directory for
half of the statistics, whereas we overwrite these files for the other
half. In particular, we append buffer, dirreq, and entry stats and
overwrite exit, connection, and bridge stats.

Appending to files was useful when we didn't include stats in extra-info
descriptors, because otherwise we'd have to copy them away to prevent
Tor from overwriting them.

But now that we include statistics in extra-info descriptors, it makes
no sense to keep the old statistics forever. We should change the
behavior to overwriting instead of appending for all statistics.

Implements #2930.
2011-08-04 20:57:29 +02:00
Nick Mathewson
e5e7b6d718 Make --quiet and --hush apply to default logs, not only initial logs
Fixes bug 3550; bugfix on 0.2.0.10-alpha (where --quiet was introduced).
2011-08-04 14:23:51 -04:00
Nick Mathewson
8054e81e14 Treat socks_request->{username,password} as non-NUL-terminated
They *are* non-NUL-terminated, after all (and they have to be, since
the SOCKS5 spec allows them to contain embedded NULs.  But the code
to implement proposal 171 was copying them with tor_strdup and
comparing them with strcmp_opt.

Fix for bug on 3683; bug not present in any yet-released version.
2011-08-04 12:03:31 -04:00
Nick Mathewson
6596aa022f Implement protocol-type isolation correctly.
Previously we'd just looked at the connection type, but that's
always CONN_TYPE_AP.  Instead, we should be looking at the type of
the listener that created the connection.

Spotted by rransom; fixes bug 3636.
2011-08-02 10:48:39 -04:00
Nick Mathewson
e802199cb3 Initial patch to build Tor with msvc and nmake
We'll still need to tweak it so that it looks for includes and
libraries somewhere more sensible than "where we happened to find
them on Erinn's system"; so that tests and tools get built too;
so that it's a bit documented; and so that we actually try running
the output.

Work done with Erinn Clark.
2011-08-01 12:36:59 -04:00
Nick Mathewson
569fe936b8 Move entry-only fields from edge_connection_t to entry_connection_t
Also, refactor the code accordingly.
2011-07-21 11:15:25 -04:00
Nick Mathewson
33e6a3d750 Add a new type entry_connection_t for entry connections
No fields have moved there yet; for now, it's just a placeholder type.
2011-07-21 10:39:59 -04:00
Ian Goldberg
a2bd0397ff Improve log messages for optimistic data retry 2011-07-21 09:49:00 -04:00
Roger Dingledine
d017cd67ff remember our future plan for bug 3617
(that is, to change the default for "UseOptimisticData auto" to
1 once we are more convinced that it works correctly.)
2011-07-21 00:34:58 -04:00
Nick Mathewson
2c98104c74 Add another precondition for isolation-clearing; fix 3620 2011-07-20 20:27:36 -04:00
Nick Mathewson
5df99cec98 Do not cannibalize a circuit with isolation values set. 2011-07-20 14:40:47 -04:00
Nick Mathewson
cd3709a2b0 For accuracy, s/exit_allows_optimistic_data/may_use_optimistic_data/ 2011-07-20 14:14:21 -04:00
Nick Mathewson
6e923ed8cd Add an OptimisticData option to control client-side optimistic data 2011-07-20 14:14:21 -04:00
Sebastian Hahn
9b0d3719ae Don't assert for listener connections 2011-07-20 19:42:11 +02:00
Nick Mathewson
e05ddf3e18 Check for port config before addr config in client port options
Otherwise, we'll fail, since "9050" looks like a perfectly fine address.
2011-07-20 13:40:09 -04:00
Nick Mathewson
6fa99ab32f Oops: we need to call parse_client_ports with validate_only==0 at least once 2011-07-20 13:35:02 -04:00
Nick Mathewson
2a6d12c7ad Fix a warning message. (Found by rransom) 2011-07-20 13:15:04 -04:00
Nick Mathewson
6b228726bc Initialize listener connection addr fields properly 2011-07-20 13:11:29 -04:00
Nick Mathewson
da83da9199 Add a missing break in a switch statement 2011-07-20 12:58:26 -04:00
Nick Mathewson
eaa1c05397 Merge branch 'optimistic-client'
The conflicts are with the proposal 171 circuit isolation code, and
they're all trivial: they're just a matter of both branches adding
some unrelated code in the same places.

Conflicts:
	src/or/circuituse.c
	src/or/connection.c
2011-07-20 09:50:53 -04:00
Nick Mathewson
195bcb6150 Merge remote-tracking branch 'public/prop171_v2' 2011-07-19 20:43:28 -04:00
Nick Mathewson
553ae5dfb5 Fix spurious warning in bufferevent socks parsing
The problem was that we weren't initializing want_length to 0 before
calling parse_socks() the first time, so it looked like we were
risking an infinite loop when in fact we were safe.

Fixes 3615; bugfix on 0.2.3.2-alpha.
2011-07-19 20:40:15 -04:00
Nick Mathewson
1017322b59 Fix a compile warning in config.c reported by sebastian 2011-07-19 14:04:55 -04:00
Nick Mathewson
e8b9815711 Take a smarter approach to clearing isolation info
Back when I added this logic in 20c0581a79, the rule was that whenever
a circuit finished building, we cleared its isolation info. I did that
so that we would still use the circuit even if all the streams that
had previously led us to tentatively set its isolation info had closed.

But there were problems with that approach: We could pretty easily get
into a case where S1 had led us to launch C1 and S2 had led us to
launch C2, but when C1 finished, we cleared its isolation and attached
S2 first.  Since C2 was still marked in a way that made S1
unattachable to it, we'd then launch another circuit needlessly.

So instead, we try the following approach now: when a circuit is done
building, we try to attach streams to it.  If it remains unused after
we try attaching streams, then we clear its isolation info, and try
again to attach streams.

Thanks to Sebastian for helping me figure this out.
2011-07-19 13:51:43 -04:00
Nick Mathewson
c2d3da6303 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-19 12:59:10 -04:00
Robert Ransom
f021df5824 Specify text or binary mode in every start_writing_to_stdio_file call 2011-07-19 11:11:34 -04:00
Nick Mathewson
12dfb4f5d8 Use socks username/password information in stream isolation 2011-07-19 02:44:12 -04:00
Nick Mathewson
94f85f216a Turn streq_opt into a generic strcmp_opt. 2011-07-19 02:36:11 -04:00
Nick Mathewson
172f8acbe7 Stick controller-originated resolves in their own session group 2011-07-19 02:02:17 -04:00
Nick Mathewson
8314fa5e5c Implement sensible isolation for tunneled directory conns
One-hop dirconn streams all share a session group, and get the
ISO_SESSIONGRP flag: they may share circuits with each other and
nothing else.

Anonymized dirconn streams get a new internal-use-only ISO_STREAM
flag: they may not share circuits with anything, including each other.
2011-07-19 02:02:17 -04:00
Nick Mathewson
424063e3b2 Implement destaddr-based isolation
The new candidate rule, which arma suggested and I like, is that
the original address as received from the client connection or as
rewritten by the controller is the address that counts.
2011-07-19 02:02:11 -04:00
Nick Mathewson
aef30547dc Add an option to limit the number of non-open client circuits.
This is mainly meant as a way to keep clients from accidentally
DOSing themselves by (e.g.) enabling IsolateDestAddr or
IsolateDestPort on a port that they use for HTTP.
2011-07-19 01:58:45 -04:00
Nick Mathewson
20c0581a79 Launch sufficient circuits to satisfy pending isolated streams
Our old "do we need to launch a circuit for stream S" logic was,
more or less, that if we had a pending circuit that could handle S,
we didn't need to launch a new one.

But now that we have streams isolated from one another, we need
something stronger here: It's possible that some pending C can
handle either S1 or S2, but not both.

This patch reuses the existing isolation logic for a simple
solution: when we decide during circuit launching that some pending
C would satisfy stream S1, we "hypothetically" mark C as though S1
had been connected to it.  Now if S2 is incompatible with S1, it
won't be something that can attach to C, and so we'll launch a new
stream.

When the circuit becomes OPEN for the first time (with no streams
attached to it), we reset the circuit's isolation status.  I'm not
too sure about this part: I wanted some way to be sure that, if all
streams that would have used a circuit die before the circuit is
done, the circuit can still get used.  But I worry that this
approach could also lead to us launching too many circuits.  Careful
thought needed here.
2011-07-19 01:58:45 -04:00
Nick Mathewson
773bfaf91e Implement stream isolation
This is the meat of proposal 171: we change circuit_is_acceptable()
to require that the connection is compatible with every connection
that has been linked to the circuit; we update circuit_is_better to
prefer attaching streams to circuits in the way that decreases the
circuits' usefulness the least; and we update link_apconn_to_circ()
to do the appropriate bookkeeping.
2011-07-19 01:58:45 -04:00
Nick Mathewson
1d3c8c1f74 Add a new isolation type and field: "nym epoch"
The "nym epoch" of a stream is defined as the number of times that
NEWNYM had been called before the stream was opened.  All streams
are isolated by nym epoch.

This feature should be redundant with existing signewnym stuff, but
it provides a good belt-and-suspenders way for us to avoid ever
letting any circuit type bypass signewnym.
2011-07-19 01:58:45 -04:00
Nick Mathewson
461623e7f9 Const-ify a few functions 2011-07-19 01:58:44 -04:00
Nick Mathewson
ea0a9b16b9 (Unused) backend logic for stream isolation
This patch adds fields to track how streams should be isolated, and
ensures that those fields are set correctly.  It also adds fields to
track what streams can go on a circuit, and adds functions to see
whether a streams can go on a circuit and update the circuit
accordingly.  Those functions aren't yet called.
2011-07-19 01:58:44 -04:00
Nick Mathewson
d2205ca458 Refactor listener_connection_t into its own type.
This will allow us to add more fields to listener_connection_t
without bloating the other connection types.
2011-07-19 01:58:44 -04:00
Nick Mathewson
ddc65e2b33 Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.

Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t.  Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them.  Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.

We should do a related refactoring on other port types.  For
control ports, that'll be easy enough.  For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).

This implements tickets 3514 and 3515.
2011-07-19 01:58:43 -04:00
Nick Mathewson
2163e420b2 Merge remote-tracking branch 'public/bug3560' 2011-07-18 17:57:06 -04:00
Nick Mathewson
218e84b634 Remember optimistically sent data until we have gotten a CONNECTED
Since we can retry failed streams under some circumstances, we need
to be ready to send data queued on them.
2011-07-18 15:43:16 -04:00
Nick Mathewson
34a52534bb Add a generic_buffer_t to use the best buffer type we have on hand
Also add a quick function to copy all the data in a buffer.  (This
one could be done much better, but let's see if it matters.)
2011-07-18 15:36:20 -04:00
Nick Mathewson
1e441df2d0 Only use optimistic data with exits that support it
This adds a little code complexity: we need to remember for each
node whether it supports the right feature, and then check for each
connection whether it's exiting at such a node.  We store this in a
flag in the edge_connection_t, and set that flag at link time.
2011-07-18 13:56:22 -04:00
Nick Mathewson
ba5d758104 Initial optimistic_client fixes
- Conform to make check-spaces
  - Build without warnings from passing size_t to %d
  - Use connection_get_inbuf_len(), not buf_datalen (otherwise bufferevents
    won't work).
  - Don't log that we're using this feature at warn.
2011-07-18 13:00:48 -04:00
Ian Goldberg
326d5c156d Implement the client side of optimistic data (proposal 174) 2011-07-18 12:56:45 -04:00
George Kadianakis
cfb473ed34 Changed a printf() to a log_debug(). 2011-07-18 17:08:55 +02:00
George Kadianakis
69271b2a38 Reuse get_string_from_pipe() in log_from_pipe(). 2011-07-18 17:06:16 +02:00
George Kadianakis
51cdd30c01 Let's be smarter while parsing {Client,Server}TransportPlugin lines. 2011-07-18 16:42:31 +02:00
George Kadianakis
14c5a24fe7 Replaced ST_* enum prefix for stream status with IO_STREAM_*. 2011-07-18 02:35:29 +02:00
George Kadianakis
a8f21f91cf Updated #includes etc. to use transports.[ch]. 2011-07-18 02:33:31 +02:00
George Kadianakis
d8c04c7ea5 Renamed pluggable_transports.[ch] to transports.[ch]. 2011-07-18 02:19:38 +02:00
Nick Mathewson
975150a13e Better messages when we're stalled because of microdescriptors
It's a little confusing for me to say "only X/Y descriptors" when
I have microdescriptors enabled.  So, let's fix that.
2011-07-15 19:38:27 -04:00
Nick Mathewson
b8943461c0 Fix bug in upload/download of hsdesc with microdescs
Previously we were using router_get_by_id(foo) to test "do we have a
descriptor that will let us make an anonymous circuit to foo".  But
that isn't right for microdescs: we should have been using node_t.

Fixes bug 3601; bugfix on 0.2.3.1-alpha.
2011-07-15 18:55:12 -04:00
Nick Mathewson
8157dcbdf8 Merge remote-tracking branch 'sebastian/compile_warning' 2011-07-15 17:54:49 -04:00
Nick Mathewson
2b660f9781 Fix a wide line. "Tradition!" 2011-07-15 17:53:13 -04:00
Sebastian Hahn
2d0b56a505 Fix a compile warning on OS X 10.6 2011-07-15 23:12:43 +02:00
Nick Mathewson
6aef89bda4 Remove compare_addr_to_node_policy
Instead, use compare_tor_addr_to_node_policy everywhere.

One advantage of this is that compare_tor_addr_to_node_policy can
better distinguish 0.0.0.0 from "unknown", which caused a nasty bug
with microdesc users.
2011-07-15 13:04:12 -04:00
Nick Mathewson
f40df02f3e Treat null address as "unknown", not "rejected" in md policy
Previously, we had an issue where we'd treat an unknown address as
0, which turned into "0.0.0.0", which looked like a rejected
address.  This meant in practice that as soon as we started doing
comparisons of unknown uint32 addresses to short policies, we'd get
'rejected' right away.  Because of the circumstances under which
this would be called, it would only happen when we had local DNS
cached entries and we were looking to launch new circuits.
2011-07-15 13:04:06 -04:00
Nick Mathewson
3380dc9cc0 Remove compare_addr_to_addr_policy
Nothing used it but the unit tests; everything else knows to use
compare_tor_addr_to_addr_policy instead.
2011-07-15 12:31:09 -04:00
Nick Mathewson
44cfa53873 Make WIN32_WINNT defines conditional
Requested by Gisle Vanem on tor-dev.  I'm not quite sure this is the
right solution, but it's probably harmless.
2011-07-15 10:03:59 -04:00
Nick Mathewson
852b131281 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/control.c
2011-07-14 17:22:23 -04:00
Nick Mathewson
2e34416c6d Improve error msg on failed getinfo fingerprint 2011-07-14 17:19:52 -04:00
Nick Mathewson
642cff5bca Only download microdesc consensus from caches that support it
Bugfix on 0.2.3.1-alpha; found by arma; never got a bug number.
2011-07-14 14:19:18 -04:00
George Kadianakis
86b20e0d8a Reverting the accounting thing introduced in 5492de76 till I think how it should be done properly. 2011-07-14 04:24:10 +02:00
George Kadianakis
684aca7faf Changed a couple of 180 spec stuff according to #3578.
* Restored "proxy" in external ServerTransportPlugin lines.
* Changed the extended OR port and ORPort env. vars to addr:port.
2011-07-14 01:03:35 +02:00
George Kadianakis
5492de76dd Put some last missing pieces together.
* Add some utility transport functions in circuitbuild.[ch] so that we
  can use them from pt.c.
* Make the accounting system consider traffic coming from proxies.
* Make sure that we only fetch bridge descriptors when all the
  transports are configured.
2011-07-13 19:06:07 +02:00
George Kadianakis
9ba2d0e439 Create the pluggable_transports.[ch] source files responsible for talking the 180 talk. 2011-07-13 19:00:28 +02:00
George Kadianakis
73a1e98cb9 Add support for managed {Client,Server}TransportPlugin parsing. 2011-07-13 18:58:11 +02:00
Nick Mathewson
5000e59b5f Change GETINFO fingerprint to look at server_mode, not my_descriptor
It's possible for us to be a server and have a fingerprint without
having yet generated a descriptor.

Fixes bug 3577; bugfix on 0.2.0.1-alpha
2011-07-13 12:45:18 -04:00
Nick Mathewson
e8bfe89365 Resolve a warning from the bug1666 branch 2011-07-13 12:13:12 -04:00
Nick Mathewson
1aab5b6b39 Merge remote-tracking branch 'public/bug1666'
Conflicts:
	doc/spec/socks-extensions.txt
	src/or/buffers.c
	src/or/config.c
	src/or/connection_edge.c
2011-07-13 12:12:16 -04:00
Nick Mathewson
9a6642f6f5 Avoid warning in broken_state_count_compare 2011-07-12 11:23:55 -04:00
Nick Mathewson
16c5a62a66 Add more error checks to socks parsing code
Suggested by Linus to avoid uninitialized reads or infinite loops if
it turns out our code is buggier than we had thought.
2011-07-12 10:51:31 -04:00
Nick Mathewson
597da4989e Merge branch 'bug2798' 2011-07-11 17:04:21 -04:00
Nick Mathewson
d82384658d Tweaks to bug2798 based on comments by arma 2011-07-11 17:02:03 -04:00
Nick Mathewson
b49e561f01 Turn on microdescriptors for clients 2011-07-11 16:54:43 -04:00
Nick Mathewson
b55e31aeb4 Merge remote-tracking branch 'rransom-tor/bug3427' 2011-07-11 16:32:58 -04:00
Nick Mathewson
42ff326afa Merge branch 'bug2616' 2011-07-11 16:22:12 -04:00
Nick Mathewson
2a594fcde9 Disable recording new broken conns when we have bootstrapped
Rationale: right now there seems to be no way for our bootstrap
status to dip under 100% once it has reached 100%.  Thus, recording
broken connections after that point is useless, and wastes memory.

If at some point in the future we allow our bootstrap level to go
backwards, then we should change this rule so that we disable
recording broken connection states _as long as_ the bootstrap status
is 100%.
2011-07-11 16:13:17 -04:00
Nick Mathewson
e253e9577f Clear broken connection map on successful bootstrap 2011-07-11 16:13:17 -04:00
Nick Mathewson
3f97c665aa Document feature3116 fns and improve output
- We were reporting the _bottom_ N failing states, not the top N.
- With bufferevents enabled, we logged all TLS states as being "in
  bufferevent", which isn't actually informative.
- When we had nothing to report, we reported nothing too loudly.
- Also, we needed documentation.
2011-07-11 16:13:17 -04:00
Nick Mathewson
b0de8560f6 Report the states of failed TLS connections from bootstrap_problem 2011-07-11 16:13:17 -04:00
Nick Mathewson
b25ca8af06 Limit the number of different handshake reasons to report
If connections failed in more than 10 different states, let's just
report the top ten states.
2011-07-11 16:13:17 -04:00
Nick Mathewson
734d9486f6 Record the states of failing OR connections
This code lets us record the state of any outgoing OR connection
that fails before it becomes open, so we can notice if they're all
dying in the same SSL state or the same OR handshake state.

More work is still needed:
  - We need documentation
  - We need to actually call the code that reports the failure when
    we realize that we're having a hard time connecting out or
    making circuits.
  - We need to periodically clear out all this data -- perhaps,
    whenever we build a circuit successfully?
  - We'll eventually want to expose it to controllers, perhaps.

Partial implementation of feature 3116.
2011-07-11 16:13:17 -04:00
Nick Mathewson
0fd8ce15c2 Make a function static
Now that connection_dir_about_to_close() is in directory.c, there's
no reason to expose connection_dir_request_failed().
2011-07-11 16:13:17 -04:00
Nick Mathewson
a2ad31a92b Split connection_about_to_close_connection into separate functions
This patch does NOTHING but:
  - move code
  - add declarations and includes as needed to make the new code
    work
  - declare the new functions.
2011-07-11 16:13:16 -04:00
Nick Mathewson
616d85fdd8 Fix compilation from 2841 branch 2011-07-11 15:59:03 -04:00
Nick Mathewson
e006aa5dfa Merge remote-tracking branch 'public/bug2841'
Conflicts:
	src/or/config.c
2011-07-11 15:57:12 -04:00
Linus Nordberg
4ce302c8e5 Fix cut'n'paste bug in comment. 2011-07-11 20:52:52 +02:00
Nick Mathewson
e158f8de4b Rename and tweak nodelist_add_node_family() to add node
It's very easy for nodelist_add_node_family(sl,node) to accidentally
add 'node', and kind of hard to make sure that it omits it.  Instead
of taking pains to leave 'node' out, let's instead make sure that we
always include it.

I also rename the function to nodelist_add_node_and_family, and
audit its users so that they don't add the node itself any longer,
since the function will take care of that for them.

Resolves bug 2616, which was not actually a bug.
2011-07-11 11:21:47 -04:00
Nick Mathewson
2797fd8f68 Revise code for adding EntryNodes to guards.
Previously, we'd just take all the nodes in EntryNodes, see which
ones were already in the guard list, and add the ones that weren't.
There were some problems there, though:

   * We'd add _every_ entry in EntryNodes, and add them in the order
     they appeared in the routerlist.  This wasn't a problem
     until we added the ability to give country-code or IP-range
     entries in the EntryNodes set, but now that we did, it is.

     (Fix: We now shuffle the entry nodes before adding them; only
     add up to 10*NumEntryGuards)

   * We didn't screen EntryNodes for the Guard flag.  That's okay
     if the user has specified two or three entry nodes manually,
     but if they have listed a whole subcontinent, we should
     restrict ourselves to the entries that are currently guards.

     (Fix: separate out the new guard from the new non-guard nodes,
     and add the Guards first.)

   * We'd prepend new EntryNodes _before_ the already configured
     EntryNodes.  This could lead to churn.

     (Fix: don't prepend these.)

This patch also pre-screens EntryNodes entries for
reachableaddresses/excludenodes, even though we check for that
later.  This is important now, since we cap the number of entries
we'll add.
2011-07-11 10:58:07 -04:00
Nick Mathewson
60832766ac Look at the right consensus in router_add_to_routerlist()
Just looking at the "latest" consensus could give us a microdesc
consensus, if microdescs were enabled. That would make us decide
that every routerdesc was unlisted in the latest consensus and drop
them all: Ouch.

Fixes bug 3113; bugfix on 0.2.3.1-alpha.
2011-07-11 10:02:24 -04:00
Nick Mathewson
3799ce7970 Merge branch 'bug2797' 2011-07-11 09:48:38 -04:00
Nick Mathewson
7dcd105be3 Remove a redundant condition in compare_addr_to_node_policy
A && A == A.

Found by frosty_un
2011-07-08 14:11:49 -04:00
Nick Mathewson
a4d339cf08 Make nodelist_purge avoid orphaned microdescs in rs-less nodes
We have an invariant that a node_t should have an md only if it has
a routerstatus.  nodelist_purge tried to preserve this by removing
all nodes without a routerstatus or a routerinfo.  But this left
nodes with a routerinfo and a microdesc untouched, even if they had
a routerstatus.

Bug found by frosty_un.
2011-07-07 15:28:45 -04:00
Nick Mathewson
64c8e8edda Kill redundant checks around routerset_contains_*()
All of the routerset_contains*() functions return 0 if their
routerset_t argument is NULL.  Therefore, there's no point in
doing "if (ExcludeNodes && routerset_contains*(ExcludeNodes...))",
for example.

This patch fixes every instance of
         if (X && routerstatus_contains*(X,...))

Note that there are other patterns that _aren't_ redundant.  For
example, we *don't* want to change:
        if (EntryNodes && !routerstatus_contains(EntryNodes,...))

Fixes #2797.  No bug here; just needless code.
2011-07-07 11:52:13 -04:00
Nick Mathewson
174cbff8cf Merge remote-tracking branch 'public/bug3153'
Conflicts:
	src/or/nodelist.c
2011-07-07 11:14:04 -04:00
Nick Mathewson
6b670d6032 Merge branch 'bug3263' 2011-07-07 11:08:03 -04:00
Nick Mathewson
bc3c54a07f Have transitions in public_server_mode count as affects_descriptor
Previously, we'd get a new descriptor for free when
public_server_mode() changed, since it would count as
affects_workers, which would call init_keys(), which would make us
regenerate a new descriptor.  But now that we fixed bug 3263,
init_keys() is no longer necessarily a new descriptor, and so we
need to make sure that public_server_mode() counts as a descriptor
transition.
2011-07-07 11:05:06 -04:00
Nick Mathewson
31120ff692 Remove unused var in write_to_evbuffer_zlib 2011-07-07 11:00:51 -04:00
Nick Mathewson
57822cbbbe Avoid double-free in bufferevent read/write cbs
Fixes bug 3404; bugfix on 0.2.3.1-alpha.
2011-07-07 11:00:21 -04:00
Nick Mathewson
f883ec09b5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-07 09:56:01 -04:00
Sebastian Hahn
3ab09763ce Correctly send a SUCCEEDED event for rdns requests
The issue was that we overlooked the possibility of reverse DNS success
at the end of connection_ap_handshake_socks_resolved(). Issue discovered
by katmagic, thanks!
2011-07-07 05:38:38 +02:00
Roger Dingledine
ab8c0d4c9e Merge branch 'maint-0.2.2' 2011-07-06 00:49:11 -04:00
Roger Dingledine
4f74979173 appease check-spaces 2011-07-06 00:48:22 -04:00
Nick Mathewson
0be2934186 Merge remote-tracking branch 'rransom-tor/bug3465-023-v2' 2011-07-05 16:01:07 -04:00
Nick Mathewson
335ff915c7 Merge remote-tracking branch 'rransom-tor/bug3465-022' into maint-0.2.2 2011-07-05 15:52:11 -04:00
Nick Mathewson
6053e11ee6 Refactor the interfaces of transport/proxy lookup fns
Returning a tristate is needless here; we can just use the yielded
transport/proxy_type field to tell whether there's a proxy, and have
the return indicate success/failure.

Also, store the proxy_type in the or_connection_t rather than letting
it get out of sync if a configuration reload happens between launching
the or_connection and deciding what to say with it.
2011-07-03 00:13:41 -04:00
Nick Mathewson
7212538997 Future-proof and user-proof parse_bridge_line 2011-07-03 00:02:13 -04:00
Nick Mathewson
c0de533c56 Simplify parse_client_transport_line 2011-07-02 23:32:17 -04:00
Nick Mathewson
ded6bbf70a Style and grammar tweaks on 2841 branch 2011-07-02 23:26:37 -04:00
Nick Mathewson
c4b831e92d Small tweaks to 2841 code
- const-ify some transport_t pointers
    - Remove a vestigial argument to parse_bridge_line
    - Make it compile without warnings on my laptop with
      --enable-gcc-warnings
2011-07-02 23:12:32 -04:00
Nick Mathewson
e273890b10 Merge branch 'cov217_master' 2011-07-01 12:57:21 -04:00
Nick Mathewson
734e860d98 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-01 12:56:40 -04:00
Nick Mathewson
06f0c1aa6a Merge branch 'cov217_022_squashed' into maint-0.2.2 2011-07-01 12:56:14 -04:00
Nick Mathewson
bc91cb6e45 Use strlcpy when copying node IDs into measured_bw_line_t
We were using strncpy before, which isn't our style for stuff like
this.

This isn't a bug, though: before calling strncpy, we were checking
that strlen(src) was indeed == HEX_DIGEST_LEN, which is less than
sizeof(dst), so there was no way we could fail to NUL-terminate.
Still, strncpy(a,b,sizeof(a)) is an idiom that we ought to squash
everyplace.

Fixes CID #427.
2011-07-01 12:56:07 -04:00
Nick Mathewson
2ba19f9b4a Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-07-01 12:55:23 -04:00
Nick Mathewson
959da6b7f2 Use strlcpy in create_unix_sockaddr()
Using strncpy meant that if listenaddress were ever >=
sizeof(sockaddr_un.sun_path), we would fail to nul-terminate
sun_path.  This isn't a big deal: we never read sun_path, and the
kernel is smart enough to reject the sockaddr_un if it isn't
nul-terminated.  Nonetheless, it's a dumb failure mode.  Instead, we
should reject addresses that don't fit in sockaddr_un.sun_path.

Coverity found this; it's CID 428.  Bugfix on 0.2.0.3-alpha.
2011-07-01 12:54:24 -04:00
Nick Mathewson
46297bc7bd Fix a rare memory leak in rend_cache_store
When we rejected a descriptor for not being the one we wanted, we
were letting the parsed descriptor go out of scope.

Found by Coverity; CID # 30.

Bugfix on 0.2.1.26.

(No changes file yet, since this is not in any 0.2.1.x release.)
2011-07-01 12:54:19 -04:00
Nick Mathewson
eca982d3eb Defensive programming: don't crash with broken node_t
Every node_t has either a routerinfo_t or a routerstatus_t, so every
node_t *should* have a nickname.  Nonetheless, let's make sure in
hex_digest_nickname_matches().

Should quiet CID 434.
2011-07-01 11:43:34 -04:00
Nick Mathewson
1d18c2deb6 Don't shadow parameters with local variables
This is a little error-prone when the local has a different type
from the parameter, and is very error-prone with both have the same
type.  Let's not do this.

Fixes CID #437,438,439,440,441.
2011-07-01 11:33:07 -04:00
Nick Mathewson
a0ae80788c Replace 4 more sscanf()s with tor_sscanf()
For some inexplicable reason, Coverity departs from its usual
standards of avoiding false positives here, and warns about all
sscanf usage, even when the formatting strings are totally safe.

Addresses CID # 447, 446.
2011-07-01 11:26:30 -04:00
Nick Mathewson
da62af6f6b Replace a "const const" with a "const"
Looks like this squeaked in while I was doing a search-and-replace
to constify things.  Coverity CID 483.
2011-07-01 11:11:35 -04:00
Nick Mathewson
05c424f4b8 Refactor fetch_from_buf_socks() to be greedy
Previously, fetch_from_buf_socks() might return 0 if there was still
data on the buffer and a subsequent call to fetch_from_buf_socks()
would return 1.  This was making some of the socks5 unit tests
harder to write, and could potentially have caused misbehavior with
some overly verbose SOCKS implementations.  Now,
fetch_from_buf_socks() does as much processing as it can, and
returns 0 only if it really needs more data.  This brings it into
line with the evbuffer socks implementation.
2011-06-29 17:45:27 -04:00
Nick Mathewson
ee42fe8fbb Don't drain extra data when parsing socks auth methods
We added this back in 0649fa14 in 2006, to deal with the case where
the client unconditionally sent us authentication data.  Hopefully,
that's not needed any longer, since we now can actually parse
authentication data.
2011-06-29 17:29:33 -04:00
Nick Mathewson
2e6604f42e Record username/password data in socks_request_t
This change also requires us to add and use a pair of
allocator/deallocator functions for socks_request_t, instead of
using tor_malloc_zero/tor_free directly.
2011-06-29 13:08:46 -04:00
Nick Mathewson
204bce7e3c If we negotiate authentication, require it. 2011-06-29 12:16:09 -04:00
Nick Mathewson
aec396d9d0 Be more strict about when to accept socks auth message
In the code as it stood, we would accept any number of socks5
username/password authentication messages, regardless of whether we
had actually negotiated username/password authentication.  Instead,
we should only accept one, and only if we have really negotiated
username/password authentication.

This patch also makes some fields of socks_request_t into uint8_t,
for safety.
2011-06-29 12:12:58 -04:00
Nick Mathewson
9b3f48c074 Fix 'make check-spaces' 2011-06-29 11:47:35 -04:00
Nick Mathewson
1ed615ded7 Correct byte-counting in socks auth parsing code 2011-06-29 11:45:15 -04:00
George Kadianakis
36468ec44b Trivial code tweaks and documentation updates. 2011-06-28 05:43:40 +02:00
Robert Ransom
ca6efcf507 Make handle_control_setevents table-driven 2011-06-25 17:45:33 -07:00
Robert Ransom
c780bc4d0b Merge branch 'bug3465-022' into bug3465-023
* bug3465-022:
  Add BUILDTIMEOUT_SET to the result of GETINFO events/names
  Correct a comment
  Fix minor comment issues
2011-06-25 15:04:07 -07:00
Robert Ransom
93d52f6739 Add BUILDTIMEOUT_SET to the result of GETINFO events/names 2011-06-25 15:02:11 -07:00
Robert Ransom
53f87a89f0 Correct a comment 2011-06-24 15:18:22 -07:00
Nick Mathewson
0b536469ee Merge remote-tracking branch 'rransom-tor/bug3456' 2011-06-24 16:48:38 -04:00
Robert Ransom
76d0d62bd9 Correct terminology in comment 2011-06-24 11:28:52 -07:00
Robert Ransom
58f801fadf Store cpath_build_state_t flags in one-bit bitfields, not ints 2011-06-24 11:28:15 -07:00
Robert Ransom
cb1b20dbad Fix minor comment issues 2011-06-23 15:46:15 -07:00
Nick Mathewson
9919b01275 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-22 18:15:27 -04:00
George Kadianakis
1fe8bee656 Revised how we handle ClientTransportPlugin and Bridge lines.
Multiple Bridge lines can point to the same one ClientTransportPlugin
line, and we can have multiple ClientTransportPlugin lines in our
configuration file that don't match with a bridge. We also issue a
warning when we have a Bridge line with a pluggable transport but we
can't match it to a ClientTransportPlugin line.
2011-06-22 23:28:11 +02:00
Robert Ransom
d7254bea11 Fix minor comment issues 2011-06-22 14:09:43 -07:00
George Kadianakis
5a05deb574 Various small tweaks around config.c and or.h 2011-06-21 18:49:04 +02:00
George Kadianakis
298f170036 Tweaked connection{.c,.h,_or.c} based on nick's comments.
* Tweaked doxygen comments.
* Changed returns of get_proxy_addrport().
* Ran make check-spaces.
* Various small code tweaks.
2011-06-21 18:48:43 +02:00
George Kadianakis
392e947df5 Fixes on circuitbuild.[ch] based on nick's comments.
* Renamed transport_info_t to transport_t.
* Introduced transport_get_by_name().
* Killed match_bridges_with_transports().
  We currently *don't* detect whether any bridges miss their transports,
  of if any transports miss their bridges.
* Various code and aesthetic tweaks and English language changes.
2011-06-21 18:46:50 +02:00
Nick Mathewson
64a5a4177f Merge branch 'bug3367' 2011-06-21 11:32:52 -04:00
Nick Mathewson
e617a34d58 Add, use a bufferevent-safe connection_flush()
A couple of places in control.c were using connection_handle_write()
to flush important stuff (the response to a SIGNAL command, an
ERR-level status event) before Tor went down.  But
connection_handle_write() isn't meaningful for bufferevents, so we'd
crash.

This patch adds a new connection_flush() that works for all connection
backends, and makes control.c use that instead.

Fix for bug 3367; bugfix on 0.2.3.1-alpha.
2011-06-21 10:22:54 -04:00
Nick Mathewson
8653f31d8d Fix overwide line in config.c 2011-06-20 15:29:22 -04:00
intrigeri
8b265543eb Add port 6523 (Gobby) to LongLivedPorts. 2011-06-20 12:08:46 -04:00
Nick Mathewson
a046966baf Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/or.h
2011-06-19 21:00:15 -04:00
Robert Ransom
eeedc5c13c Put hashes of all tor source files into or_sha1.i 2011-06-18 00:54:04 -07:00
Nick Mathewson
3b41551b61 Revert "Add an "auto" option to UseBridges"
This reverts commit 507c1257a4.
2011-06-17 16:45:53 -04:00
Nick Mathewson
42d6f34590 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-17 15:25:18 -04:00
Nick Mathewson
85d4c290d7 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-06-17 15:24:23 -04:00
Robert Ransom
010b8dd4f6 Abandon rendezvous circuits on SIGNAL NEWNYM 2011-06-17 15:22:23 -04:00
Nick Mathewson
31b9b1a5bb Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-17 15:04:29 -04:00
Nick Mathewson
209229f100 Merge branch 'bug3407' into maint-0.2.2 2011-06-17 14:59:39 -04:00
Robert Ransom
227896e447 Make send_control_event_impl's behaviour sane 2011-06-17 13:57:25 -04:00
Robert Ransom
70785f87bb Fix comment typo 2011-06-17 13:57:25 -04:00
Robert Ransom
68cd0a9abe Make connection_printf_to_buf's behaviour sane 2011-06-17 13:57:25 -04:00
Roger Dingledine
64bfbcb918 log when we finish ssl handshake and move to renegotiation
debug-level since it will be quite common. logged at both client
and server side. this step should help us track what's going on
with people filtering tor connections by our ssl habits.
2011-06-17 03:31:59 -04:00
Nick Mathewson
a857f61e27 Merge remote-tracking branch 'rransom-tor/bug3332-v2' 2011-06-15 11:33:40 -04:00
Robert Ransom
44eafa9697 Assert that HS operations are not performed using single-hop circuits
(with fixes by Nick Mathewson to unbreak the build)
2011-06-14 21:32:49 -07:00
Nick Mathewson
875a551409 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-14 13:46:46 -04:00
Nick Mathewson
a25c0a5bf8 Merge remote-tracking branch 'public/bug3369' into maint-0.2.2 2011-06-14 13:46:10 -04:00
Nick Mathewson
19febed9e5 Merge remote-tracking branch 'rransom-tor/bug3349' 2011-06-14 13:39:26 -04:00
Nick Mathewson
47c8433a0c Make the get_options() return const
This lets us make a lot of other stuff const, allows the compiler to
generate (slightly) better code, and will make me get slightly fewer
patches from folks who stick mutable stuff into or_options_t.

const: because not every input is an output!
2011-06-14 13:17:06 -04:00
Nick Mathewson
22efe20309 Fix another check_private_dir instance in master 2011-06-14 12:28:16 -04:00
Nick Mathewson
8839b86085 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-14 12:25:33 -04:00
Jérémy Bobbio
54d7d31cba Make ControlSocketsGroupWritable work with User.
Original message from bug3393:

check_private_dir() to ensure that ControlSocketsGroupWritable is
safe to use. Unfortunately, check_private_dir() only checks against
the currently running user… which can be root until privileges are
dropped to the user and group configured by the User config option.

The attached patch fixes the issue by adding a new effective_user
argument to check_private_dir() and updating the callers. It might
not be the best way to fix the issue, but it did in my tests.

(Code by lunar; changelog by nickm)
2011-06-14 12:18:32 -04:00
George Kadianakis
93526cdf0b Fixes small bugs. 2011-06-14 16:00:55 +02:00
George Kadianakis
5b050a9b08 This commit is an attempt to beautify the previous commit.
It creates some helper functions that return the proxy type, proxy addr/port, etc.
2011-06-14 04:28:36 +02:00
George Kadianakis
abe03f4943 Our warning now is much more specific, mentioning proxy type/addr/port.
Not included in the previous commit, because the implementation is
ugly; I see no other way of doing this though.
2011-06-14 03:27:07 +02:00
George Kadianakis
a79bea40d8 We now warn the user if a proxy server is not up when we try to connect with it. 2011-06-14 02:51:59 +02:00
intrigeri
910472c514 client-side DNS proxy server: reply NOTIMPL to unsupported queries
Fix for bug 3369.
2011-06-13 13:37:45 -04:00
George Kadianakis
00ec4b2c00 Various trivial changes.
* Improved function documentation.
* Renamed find_bridge_transport_by_addrport() to
  find_transport_by_bridge_addrport().
* Sanitized log severities we use.
* Ran check-spaces.
2011-06-12 16:41:32 +02:00
George Kadianakis
29203b7f3f We can now connect using transports as well! 2011-06-12 00:14:11 +02:00
George Kadianakis
e09f302589 We can now match our transports with our bridges. 2011-06-11 23:20:39 +02:00
George Kadianakis
20c31c80fb ClientTransportPlugin parsing done. 2011-06-11 17:08:31 +02:00
Sebastian Hahn
8283767365 Fix a memleak in nodelist_assert_ok() 2011-06-08 21:38:42 +02:00
Sebastian Hahn
f303274490 Fix a rare memleak during stats writing
If rep_hist_buffer_stats_write() was called unitinitalized, we'd leak
memory.
2011-06-08 21:35:26 +02:00
Sebastian Hahn
680646e0de Don't use signed 1-bit bitfields
This was harmless, we never compared it to anything but itself or 0.
But Coverity complained, and it had a point.
2011-06-08 21:30:41 +02:00
Sebastian Hahn
9e56ac27da Comment out some obviously dead code.
Coverity warned about it, it's harmless to comment out.
2011-06-08 21:30:41 +02:00
Sebastian Hahn
e6fff7235e Remove a few dead assignments during router parsing 2011-06-08 21:30:40 +02:00
Sebastian Hahn
3033f8459b Remove a dead variable in the heartbeat code 2011-06-08 21:11:42 +02:00
Sebastian Hahn
db7dd3ee7a remove some dead code, found by coverity 2011-06-08 21:07:54 +02:00
Sebastian Hahn
da3256b5ae Update the uptime string to include an hours indicator
Before, it wasn't really obvious if one meant hours:minutes or
minutes:seconds etc.
2011-06-08 19:52:30 +02:00
Nick Mathewson
d696bd1bfc Fix crash bug (3361) when setting off-flavor networkstatus
When we set a networkstatus in the non-preferred flavor, we'd check
the time in the current_consensus.  But that might have been NULL,
which could produce a crash as seen in bug 3361.
2011-06-07 14:46:28 -04:00
Nick Mathewson
8cd5a3c186 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-06 16:20:22 -04:00
Nick Mathewson
42e4e156d9 Detect insanely large circuit build state; don't give its length to rand_int 2011-06-06 16:18:06 -04:00
Robert Ransom
8a69cc0468 Report SIGNAL event to controllers when acting on delayed NEWNYM
Fixes bug 3349.
2011-06-05 05:43:27 -07:00
Robert Ransom
f45261cb29 Increase default required uptime for HSDirs to 25 hours 2011-06-03 12:17:53 -04:00
Robert Ransom
1546054d81 Add a VoteOnHidServDirectoriesV2 configuration option 2011-06-03 12:16:55 -04:00
Nick Mathewson
12f9c91c06 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 11:36:21 -04:00
Nick Mathewson
7aa20b20bf Merge branch 'bug3318c' into maint-0.2.2 2011-06-03 11:34:32 -04:00
Nick Mathewson
bbf2fee8ff Reject 128-byte keys that are not 1024-bit
When we added the check for key size, we required that the keys be
128 bytes.  But RSA_size (which defers to BN_num_bytes) will return
128 for keys of length 1017..1024.  This patch adds a new
crypto_pk_num_bits() that returns the actual number of significant
bits in the modulus, and uses that to enforce key sizes.

Also, credit the original bug3318 in the changes file.
2011-06-03 11:31:19 -04:00
Nick Mathewson
50e4c98a5a Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 11:18:03 -04:00
Nick Mathewson
14c0251d95 Use an autobool for UseBridges_ 2011-06-03 11:17:15 -04:00
Nick Mathewson
de069f5ea7 Merge remote-tracking branch 'rransom/bug2748-v2' into maint-0.2.2 2011-06-03 11:16:48 -04:00
Nick Mathewson
13ec1bf5c2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 10:47:35 -04:00
Nick Mathewson
507c1257a4 Add an "auto" option to UseBridges
UseBridges 1 now means "connect only to bridges; if you know no
bridges, don't make connections."  UseBridges auto means "Use bridges
if they are known, and we have no EntryNodes set, and we aren't a
server."  UseBridges 0 means "don't use bridges."
2011-06-02 15:11:21 -04:00
Nick Mathewson
587cc31140 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/rendclient.c
2011-06-02 15:07:08 -04:00
Nick Mathewson
80038b5453 Merge remote-tracking branch 'rransom-tor/bug3309' into maint-0.2.2 2011-06-02 15:06:04 -04:00
Nick Mathewson
6a320b9905 Merge remote-tracking branch 'origin/maint-0.2.2'
This merge was a bit nontrivial, since I had to write a new
node_is_a_configured_bridge to parallel router_is_a_configured_bridge.

Conflicts:
	src/or/circuitbuild.c
2011-06-02 13:05:00 -04:00
Nick Mathewson
0a4a3de3de Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/dirserv.c
2011-06-02 12:56:45 -04:00
Nick Mathewson
385c59798a Merge remote-tracking branch 'arma/bug3321' into maint-0.2.2 2011-06-02 12:55:56 -04:00
Sebastian Hahn
df42eb0a18 Fix unit test failure in dir/formats
options->DirPort is 0 in the unit tests, so
router_get_advertised_dir_port() would return 0 so we wouldn't pick a
dirport. This isn't what we want for the unit tests. Fixes bug
introduced in 95ac3ea594.
2011-06-02 13:44:33 +02:00
Robert Ransom
fc4158dad7 Add info-level log messages during HS-client-state purge
I hope these will never be useful, but having them and not needing them is
better than needing them and not having them.
2011-06-02 03:07:09 -07:00
Robert Ransom
d7af8a2f07 Refactor HS client state-clearing code into a separate function 2011-06-02 02:57:29 -07:00
Robert Ransom
b0e7925c02 Clear last_hid_serv_requests on SIGNAL NEWNYM
Fixes bug #3309.
2011-06-02 02:52:40 -07:00
Robert Ransom
a1d866edc9 Make last_hid_serv_requests functions less fragile
Previously, Tor would dereference a NULL pointer and crash if
lookup_last_hid_serv_request were called before the first call to
directory_clean_last_hid_serv_requests.  As far as I can tell, that's
currently impossible, but I want that undocumented invariant to go away
in case I^Wwe break it someday.
2011-06-02 02:52:40 -07:00
Jacob Appelbaum
f79a75f597 New configuration option: DisableDebuggerAttachment
If set to 1, Tor will attempt to prevent basic debugging
attachment attempts by other processes. (Default: 1)

Supports Mac OS X and Gnu/Linux.

Sebastian provided useful feedback and refactoring suggestions.

Signed-off-by: Jacob Appelbaum <jacob@appelbaum.net>
2011-06-01 17:35:43 -07:00
Robert Ransom
9ac2f63e0f Unbreak the build 2011-06-01 13:07:26 -04:00
Nick Mathewson
a610ebc3a6 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-01 11:08:28 -04:00
Nick Mathewson
0fd3ad75da Report wrong key sizes correctly
When we introduced NEED_KEY_1024 in routerparse.c back in
0.2.0.1-alpha, I forgot to add a *8 when logging the length of a
bad-length key.

Bugfix for 3318 on 0.2.0.1-alpha.
2011-06-01 11:07:17 -04:00
Roger Dingledine
7039c34519 fix a bridge edge case similar to 2511
If you had configured a bridge but then switched to a different bridge
via the controller, you would still be willing to use the old one.
2011-05-31 20:43:55 -04:00
Roger Dingledine
56771f392e stop asserting at boot
The patch for 3228 made us try to run init_keys() before we had loaded
our state file, resulting in an assert inside init_keys. We had moved
it too early in the function.

Now it's later in the function, but still above the accounting calls.
2011-05-30 23:50:37 -04:00
Nick Mathewson
d0e7c545ba Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 16:14:45 -04:00
Nick Mathewson
e035cea031 Merge branch 'bug3216_v2' into maint-0.2.2 2011-05-30 16:12:53 -04:00
Nick Mathewson
d274f539e5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 15:51:46 -04:00
Nick Mathewson
d35a555348 Merge branch 'bug3289' into maint-0.2.2 2011-05-30 15:50:35 -04:00
Sebastian Hahn
ca538290af Warn when two hs use the same directory
This simple implementation has a few issues, but it should do for
0.2.2.x. We will want to revisit this later and make it smarter.
2011-05-30 15:47:06 -04:00
Nick Mathewson
fa1d47293b Merge remote-tracking branch 'origin/maint-0.2.2'
The conflicts were mainly caused by the routerinfo->node transition.

Conflicts:
	src/or/circuitbuild.c
	src/or/command.c
	src/or/connection_edge.c
	src/or/directory.c
	src/or/dirserv.c
	src/or/relay.c
	src/or/rendservice.c
	src/or/routerlist.c
2011-05-30 15:41:46 -04:00
Roger Dingledine
f118dc80e0 minor cleanups while reviewing 3216 2011-05-30 15:31:06 -04:00
Nick Mathewson
7e67a24038 Merge branch 'bug3045' into maint-0.2.2
Conflicts:
	src/or/circuitbuild.c
2011-05-30 15:18:59 -04:00
Nick Mathewson
3c0d944b07 Improve comments and defensive programming for 3045
The comment fixes are trivial.  The defensive programming trick is to
tolerate receiving NULL inputs on the describe functions. That should
never actually happen, but it seems like the likeliest mistake for us
to make in the future.
2011-05-30 15:15:10 -04:00
Nick Mathewson
21de9d46e2 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/compat.c
	src/or/main.c
2011-05-30 14:58:26 -04:00
Nick Mathewson
da7c60dcf3 Merge remote-tracking branch 'public/bug3270' into maint-0.2.2 2011-05-30 14:49:49 -04:00
Nick Mathewson
5dc3c462dc Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 12:43:25 -04:00
Nick Mathewson
f08f0e9dde Reinit keys at the start of options_act().
Previously we did this nearer to the end (in the old_options &&
transition_affects_workers() block).  But other stuff cares about
keys being consistent with options... particularly anything which
tries to access a key, which can die in assert_identity_keys_ok().

Fixes bug 3228; bugfix on 0.2.2.18-alpha.
2011-05-30 12:41:46 -04:00
Nick Mathewson
4b57ec6e5e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/circuituse.c
2011-05-30 12:33:54 -04:00
Nick Mathewson
16cfca501f Merge branch 'bug1297a' into maint-0.2.2 2011-05-30 12:25:07 -04:00
Robert Ransom
8fc02a8e0c Use the normal four-hop CBT for client intro circuits
Fixes another part of bug 1297.
2011-05-30 12:24:51 -04:00
Robert Ransom
112d204fad Set timestamp_dirty on HS circuits as circuit_expire_building requires
Fixes part of #1297; bugfix on 48e0228f1e,
when circuit_expire_building was changed to assume that timestamp_dirty
was set when a circuit changed purpose to _C_REND_READY.  (It wasn't.)
2011-05-30 12:24:51 -04:00
Roger Dingledine
6917728637 Merge branch 'maint-0.2.2' 2011-05-29 19:11:07 -04:00
Roger Dingledine
5f182ea10e answer an XXX nickm asked in aa950e6c4 2011-05-29 18:52:37 -04:00
Nick Mathewson
285cf998bc Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/eventdns.c
2011-05-28 02:09:48 -04:00
Nick Mathewson
c319949550 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-05-28 02:08:39 -04:00
Nick Mathewson
ee72557d52 Merge branch 'bug2574' into maint-0.2.1 2011-05-28 02:07:48 -04:00
Nick Mathewson
42b15a0aaa Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-28 01:55:34 -04:00
Robert Ransom
39480c7978 Correct some outdated comments 2011-05-24 22:20:12 -07:00
Nick Mathewson
0e1fad648d Don't try to build descriptors when router_get_advertised_or_port()==0
The previous attempt was incomplete: it told us not to publish a
descriptor, but didn't stop us from generating one.  Now we treat an
absent OR port the same as not knowing our address.  (This means
that when we _do_ get an OR port, we need to mark the descriptor
dirty.)

More attempt to fix bug3216.
2011-05-24 18:05:37 -04:00
Nick Mathewson
95ac3ea594 Don't build descriptors if ORPort auto is set and we have no OR listener
This situation can happen easily if you set 'ORPort auto' and
'AccountingMax'.  Doing so means that when you have no ORPort, you
won't be able to set an ORPort in a descriptor, so instead you would
just generate lots of invalid descriptors, freaking out all the time.

Possible fix for 3216; fix on 0.2.2.26-beta.
2011-05-24 21:12:23 +02:00
Nick Mathewson
be76850995 Work correctly if your nameserver is ::1
We had all the code in place to handle this right... except that we
were unconditionally opening a PF_INET socket instead of looking at
sa_family.  Ow.

Fixes bug 2574; not a bugfix on any particular version, since this
never worked before.
2011-05-23 17:42:38 -04:00
Nick Mathewson
a5232e0c4c Fix GCC 4.6's new -Wunused-but-set-variable warnings.
Most instances were dead code; for those, I removed the assignments.
Some were pieces of info we don't currently plan to use, but which
we might in the future.  For those, I added an explicit cast-to-void
to indicate that we know that the thing's unused.  Finally, one was
a case where we were testing the wrong variable in a unit test.
That one I fixed.

This resolves bug 3208.
2011-05-23 17:04:38 -04:00
Nick Mathewson
2527acb2dc Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/Makefile.am
	src/or/control.c
2011-05-23 01:23:53 -04:00
Nick Mathewson
b80a8bba19 Merge branch 'feature3049-v2' into maint-0.2.2
Conflicts:
	src/common/Makefile.am
2011-05-23 01:19:04 -04:00
Nick Mathewson
cfeafe5e77 Use a 64-bit type to hold sockets on win64.
On win64, sockets are of type UINT_PTR; on win32 they're u_int;
elsewhere they're int.  The correct windows way to check a socket for
being set is to compare it with INVALID_SOCKET; elsewhere you see if
it is negative.

On Libevent 2, all callbacks take sockets as evutil_socket_t; we've
been passing them int.

This patch should fix compilation and correctness when built for
64-bit windows.  Fixes bug 3270.
2011-05-23 00:17:48 -04:00
Roger Dingledine
af0e8d834e don't mark our descriptor dirty if our onion key hasn't changed 2011-05-21 19:23:27 -04:00
Roger Dingledine
1ba1bdee4b naked constants are ugly 2011-05-21 18:55:23 -04:00
Roger Dingledine
6b54edef4f finish a comment nickm started in 8ebceeb3 2011-05-21 18:34:55 -04:00
Roger Dingledine
cb7fff193e Merge branch 'maint-0.2.2' 2011-05-21 18:14:16 -04:00
Roger Dingledine
0e8949a8fa remove some (confusing) dead code 2011-05-21 16:12:37 -04:00
Roger Dingledine
0235fe34d2 Merge branch 'bug1810' into maint-0.2.2 2011-05-21 16:09:55 -04:00
Sebastian Hahn
3ff7925a70 Don't recreate descriptor on sighup
We used to regenerate our descriptor whenever we'd get a sighup. This
was caused by a bug in options_transition_affects_workers() that would
return true even if the options were exactly the same. Down the call
path we'd call init_keys(), which made us make a new descriptor which
the authorities would reject, and the node would subsequently fall out
of the consensus.

This patch fixes only the first part of this bug:
options_transition_affects_workers() behaves correctly now. The second
part still wants a fix.
2011-05-21 16:08:21 -04:00
Roger Dingledine
a2851d3034 what's up with this trailing whitespace 2011-05-20 23:30:37 -04:00
Robert Ransom
7b34e3a965 Split out owning-controller-loss shutdown code into a function 2011-05-20 08:25:43 -07:00
Robert Ransom
bb860cedb2 Implement TAKEOWNERSHIP command 2011-05-20 08:25:43 -07:00
Robert Ransom
338a026610 Split control connection cleanup out of connection_free 2011-05-20 08:25:42 -07:00
Robert Ransom
86aeb152ca Fix comment typo 2011-05-20 08:25:42 -07:00
Robert Ransom
36afdebe1a Add an XXX 2011-05-20 08:25:42 -07:00
Robert Ransom
90f810801e Fix trailing asterisk in the output of "GETINFO info/names" 2011-05-20 08:25:42 -07:00
Robert Ransom
b3133d1cad Exit immediately if we can't monitor our owning controller process
tor_process_monitor_new can't currently return NULL, but if it ever can,
we want that to be an explicitly fatal error, without relying on the fact
that monitor_owning_controller_process's chain of caller will exit if it
fails.
2011-05-20 08:25:42 -07:00
Robert Ransom
4b266c6e72 Implement __OwningControllerProcess option
Implements part of feature 3049.
2011-05-20 08:25:42 -07:00
Roger Dingledine
0a4649e657 Merge branch 'maint-0.2.2' 2011-05-20 03:03:46 -04:00
Roger Dingledine
b8ffb00cf1 log the reason for publishing a new relay descriptor
now we have a better chance of hunting down the root cause of bug 1810.
2011-05-19 23:59:52 -04:00
Sebastian Hahn
c13fb7feb1 Fix a compile warning on OSX 10.6 2011-05-20 05:53:55 +02:00
Roger Dingledine
18f1b354ec Merge branch 'maint-0.2.2' 2011-05-17 21:15:24 -04:00
Roger Dingledine
073fed06c4 discard circuits when we change our bridge configuration
otherwise we might reuse circuits from the previous configuration,
which could be bad depending on the user's situation
2011-05-17 21:13:59 -04:00
Roger Dingledine
92081f3cdc Merge branch 'maint-0.2.2' 2011-05-17 20:50:18 -04:00
Roger Dingledine
07c5026efa refetch bridge descriptors in a timely fashion
When we configure a new bridge via the controller, don't wait up to ten
seconds before trying to fetch its descriptor. This wasn't so bad when
you listed your bridges in torrc, but it's dreadful if you configure
your bridges via vidalia.
2011-05-17 20:48:46 -04:00
Nick Mathewson
c240efab86 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-17 19:53:06 -04:00
Nick Mathewson
bc89ef0ca8 Merge branch 'bug2752' into maint-0.2.2 2011-05-17 19:51:53 -04:00
Nick Mathewson
e0e8424f1e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-17 19:47:48 -04:00
Nick Mathewson
21ed575826 Handle NULL argument to get_configured_bridge_by_addr_port_digest
Fixes bug 2313; bugfix on 0.2.2.26-beta.
2011-05-17 19:46:47 -04:00
Nick Mathewson
2e07925a52 Oops; that function got renamed. 2011-05-17 19:45:05 -04:00
Robert Ransom
480a75cbbd Check onion keys in microdescriptors, too 2011-05-17 19:39:00 -04:00
Michael Yakubovich
a3707a1052 Fix bug2752 : 48-char HTTPProxyAuthenticator limitation
Bumped the char maximum to 512 for HTTPProxyAuthenticator &
HTTPSProxyAuthenticator. Now stripping all '\n' after base64
encoding in alloc_http_authenticator.
2011-05-16 16:09:35 -04:00
Nick Mathewson
03ccce6d77 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-16 14:50:53 -04:00
Nick Mathewson
e908e3a332 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Fixed trivial conflict due to headers moving into their own .h files
from or.h.

Conflicts:
	src/or/or.h
2011-05-16 14:49:55 -04:00
Nick Mathewson
4a22046c86 squash! Add crypto_pk_check_key_public_exponent function
Rename crypto_pk_check_key_public_exponent to crypto_pk_public_exponent_ok:
it's nice to name predicates s.t. you can tell how to interpret true
and false.
2011-05-16 14:45:06 -04:00
Robert Ransom
987190c2bc Require that certain public keys have public exponent 65537 2011-05-16 14:28:46 -04:00
Robert Ransom
7571e9f1cb Check fetched rendezvous descriptors' service IDs 2011-05-16 14:07:24 -04:00
Nick Mathewson
e423447f53 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection.c
2011-05-16 11:12:22 -04:00
Nick Mathewson
919bf6ff3c Merge remote-tracking branch 'public/bug2850' into maint-0.2.2
Fixed a trivial conflict where this and the ControlSocketGroupWritable
code both added different functions to the same part of connection.c.

Conflicts:
	src/or/connection.c
2011-05-16 11:10:17 -04:00
Nick Mathewson
b95dd03e5f Log descriptions of nodes, not just nicknames.
This patch introduces a few new functions in router.c to produce a
more helpful description of a node than its nickame, and then tweaks
nearly all log messages taking a nickname as an argument to call these
functions instead.

There are a few cases where I left the old log messages alone: in
these cases, the nickname was that of an authority (whose nicknames
are useful and unique), or the message already included an identity
and/or an address.  I might have missed a couple more too.

This is a fix for bug 3045.
2011-05-15 21:58:46 -04:00
Nick Mathewson
4ac8ff9c9f Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:22:44 -04:00
Nick Mathewson
4b800408fa Check permissions on the directory holding a control socket 2011-05-15 20:20:29 -04:00
Nick Mathewson
3b6cbf2534 Add a function to pull off the final component of a path 2011-05-15 20:20:29 -04:00
Sebastian Hahn
4198261291 Clean up the 2972 implementation a little 2011-05-15 20:20:28 -04:00
Jérémy Bobbio
d41ac64ad6 Add UnixSocketsGroupWritable config flag
When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel.  But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.

This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.

See <http://bugs.debian.org/552556> for more details.
2011-05-15 20:20:28 -04:00
Nick Mathewson
f2c1702182 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/circuitbuild.h
2011-05-15 20:17:17 -04:00
Nick Mathewson
2b9c5ee301 Preserve bridge download status across SETCONF, HUP
This code changes it so that we don't remove bridges immediately when
we start re-parsing our configuration.  Instead, we mark them all, and
remove all the marked ones after re-parsing our bridge lines.  As we
add a bridge, we see if it's already in the list.  If so, we just
unmark it.

This new behavior will lose the property we used to have that bridges
were in bridge_list in the same order in which they appeared in the
torrc.  I took a quick look through the code, and I'm pretty sure we
didn't actually depend on that anywhere.

This is for bug 3019; it's a fix on 0.2.0.3-alpha.
2011-05-15 20:13:44 -04:00
Nick Mathewson
68acfefbdb Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:12:20 -04:00
Nick Mathewson
bc44393eb5 Fixup whitespace issues from 3122 commit 2011-05-15 20:12:01 -04:00
Nick Mathewson
4c3853aca8 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/networkstatus.c
2011-05-15 20:09:10 -04:00
Nick Mathewson
00ff80e0ae Fixup whitespace issues from 3122 commit 2011-05-15 20:06:36 -04:00
Nick Mathewson
1f7b9e61ce Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 12:18:39 -04:00
Nick Mathewson
69ff26b05c Merge branch 'bug3026' into maint-0.2.2 2011-05-15 12:18:23 -04:00
Nick Mathewson
37e3fb8af2 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection_edge.c
2011-05-15 11:44:51 -04:00
Nick Mathewson
f287100934 Replace a nasty add-malloc-snprintf with a nice clean asprintf 2011-05-15 11:41:49 -04:00
Nick Mathewson
a5d40c2d0f Merge branch 'bug1345' into maint-0.2.2 2011-05-15 11:40:14 -04:00
Nick Mathewson
2bb6bdc3f9 Better doc for consider_recording_trackexithost 2011-05-15 11:37:33 -04:00
Nick Mathewson
2fd9cfdc23 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/routerlist.c
2011-05-15 11:23:02 -04:00
Nick Mathewson
228b77f64e Merge branch 'bug2732-simpler' into maint-0.2.2 2011-05-15 11:17:54 -04:00
Nick Mathewson
1b512fb914 Rip out more of hid_serv_acting_as_directory
rransom notes correctly that now that we aren't checking our HSDir
flag, we have no actual reason to check whether we are listed in the
consensus at all when determining if we should act like a hidden
service directory.
2011-05-15 11:17:44 -04:00
Nick Mathewson
f11c269ed6 Merge remote-tracking branch 'asn-mytor/heartbeat' 2011-05-15 11:07:06 -04:00
George Kadianakis
ce3b553926 Fix bug3183 2011-05-15 03:13:52 +02:00
Nick Mathewson
da8297dbcb Handle transitions in Automap*, VirtualAddrNetwork correctly
Previously, if they changed in torrc during a SIGHUP, all was well,
since we would just clear all transient entries from the addrmap
thanks to bug 1345.  But if you changed them from the controller, Tor
would leave old mappings in place.

The VirtualAddrNetwork bug has been here since 0.1.1.19-rc; the
AutomapHosts* bug has been here since 0.2.0.1-alpha.
2011-05-13 16:59:31 -04:00
Nick Mathewson
a3ae591115 When TrackExitHosts changes, remove all no-longer-valid mappings
This bug couldn't happen when TrackExitHosts changed in torrc, since
the SIGHUP to reload the torrc would clear out all the transient
addressmap entries before.  But if you used SETCONF to change
TrackExitHosts, old entries would be left alone: that's a bug, and so
this is a bugfix on Tor 0.1.0.1-rc.
2011-05-13 16:28:50 -04:00
Nick Mathewson
ec81d17d0c Raise the TrackHostExits membership code into its own function 2011-05-13 16:22:10 -04:00
Nick Mathewson
09da83e1e8 Don't clear out transient addressmap entries on HUP
If you really want to purge the client DNS cache, the TrackHostExits
mappings, and the virtual address mappings, you should be using NEWNYM
instead.

Fixes bug 1345; bugfix on Tor 0.1.0.1-rc.

Note that this needs more work: now that we aren't nuking the
transient addressmap entries on HUP, we need to make sure that
configuration changes to VirtualAddressMap and TrackHostExits actually
have a reasonable effect.
2011-05-13 16:20:01 -04:00
Nick Mathewson
600744b4be Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/dirserv.c
	src/or/or.h
2011-05-13 10:48:07 -04:00
Nick Mathewson
7f654a6a6f Add a ControlPortFileGroupWritable option 2011-05-13 10:41:29 -04:00
Nick Mathewson
dad12188a6 Write automatically-chosen control ports to a file. 2011-05-13 10:41:28 -04:00
Nick Mathewson
c55c8f0d49 new GETINFO command to return list of listeners of a given type 2011-05-13 10:41:19 -04:00
Nick Mathewson
3da661b242 Advertise correct DirPort/ORPort when configured with "auto"
We'll eventually want to do more work here to make sure that the ports
are stable over multiple invocations.  Otherwise, turning your node on
and off will get you a new DirPort/ORPort needlessly.
2011-05-13 10:41:18 -04:00
Nick Mathewson
6f5998fd73 Correct the signature for is_listening_on_low_port for "auto" ports 2011-05-13 10:41:18 -04:00
Nick Mathewson
61c06cbc66 Teach retry_listener about "auto" ports.
Otherwise, it will just immediately close any port declared with "auto"
on the grounds that it wasn't configured.  Now, it will allow "auto" to
match any port.

This means FWIW if you configure a socks port with SocksPort 9999
and then transition to SocksPort auto, the original socksport will
not get closed and reopened.  I'm considering this a feature.
2011-05-13 10:41:18 -04:00
Nick Mathewson
5fec8fe559 "(Socks|Control|etc)Port auto" now tells Tor to open an arbitrary port
This is the major part of the implementation for trac issue 3076.
2011-05-13 10:41:18 -04:00
Nick Mathewson
87c79cf017 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 19:41:59 -04:00
Nick Mathewson
e0d5a6e184 Downgrade the "we launched 10 circuits for this stream" message. (See bug 3080) 2011-05-12 19:41:08 -04:00
Nick Mathewson
af85017177 Merge remote-tracking branch 'public/bug3122_memcmp_023' 2011-05-12 19:27:18 -04:00
Nick Mathewson
59a6df8882 Merge remote-tracking branch 'public/bug3122_memcmp_022' into maint-0.2.2 2011-05-12 19:25:14 -04:00
Nick Mathewson
1f678277a1 Merge remote-tracking branch 'public/bug3122_memcmp_squashed' into maint-0.2.1 2011-05-12 19:20:40 -04:00
Nick Mathewson
696cd1cfe2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 18:51:33 -04:00
mikey99
42fcf059d2 Fixes ticket #2503
HTTPS error code 403 is now reported as:
"The https proxy refused to allow connection".
Used a switch statement for additional error codes to be explained
in the future.
2011-05-12 17:33:09 -04:00
Nick Mathewson
621e95a4f3 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 11:21:59 -04:00
Nick Mathewson
bdff7e3299 Unmap microdesc cache before replacing it.
If we do a replace-then-munmap, windows will never actually rewrite
the microdesc cache.

Found by wanoskarnet; bugfix on 0.2.2.6-alpha.
2011-05-12 11:19:52 -04:00
Nick Mathewson
4ba9f3e317 Track where microdescs are referenced to prevent free errs
On IRC, wanoskarnet notes that if we ever do microdesc_free() on a
microdesc that's in the nodelist, we're in trouble.  Also, we're in
trouble if we free one that's still in the microdesc_cache map.

This code adds a flag to microdesc_t to note where the microdesc is
referenced from, and checks those flags from microdesc_free().  I
don't believe we have any errors here now, but if we introduce some
later, let's log and recover from them rather than introducing
heisenbugs later on.

Addresses bug 3153.
2011-05-12 11:10:35 -04:00
Nick Mathewson
7779c63e93 Accept hs descriptors even if we don't see an HSDir for us
The old behavior contributed to unreliability when hidden services and
hsdirs had different consensus versions, and so had different opinions
about who should be cacheing hsdir info.

Bugfix on 0.2.0.10-alpha; based on discussions surrounding bug 2732.
2011-05-12 00:53:07 -04:00
Nick Mathewson
6b83b3ba2a bug 3026: do not upload our vote to ourself 2011-05-12 00:47:00 -04:00
Nick Mathewson
3968e8d14b Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 00:14:44 -04:00
Nick Mathewson
b47f574c1e Merge branch 'bug1352' into maint-0.2.2 2011-05-12 00:14:10 -04:00
Nick Mathewson
7649adbce6 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-11 22:55:29 -04:00
Nick Mathewson
8057b7363e Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-05-11 22:52:26 -04:00
Nick Mathewson
13847b8db6 Fix crash when read_file_to_string() fails in SAVECONF
The new behavior is to try to rename the old file if there is one there
that we can't read.  In all likelihood, that will fail too, but at least
we tried, and at least it won't crash.
2011-05-11 22:05:41 -04:00
Nick Mathewson
9e16a418f9 Hand-tune the new tor_memcmp instances in 0.2.3 2011-05-11 16:46:38 -04:00
Nick Mathewson
7267647bd7 Reapply the automated memcmp conversion to 0.2.3 to catch newly added memcmps 2011-05-11 16:41:14 -04:00
Nick Mathewson
9fba014e3f Merge remote-tracking branch 'public/bug3122_memcmp_022' into bug3122_memcmp_023
Conflicts in various places, mainly node-related.  Resolved them in
favor of HEAD, with copying of tor_mem* operations from bug3122_memcmp_022.

	src/common/Makefile.am
	src/or/circuitlist.c
	src/or/connection_edge.c
	src/or/directory.c
	src/or/microdesc.c
	src/or/networkstatus.c
	src/or/router.c
	src/or/routerlist.c
	src/test/test_util.c
2011-05-11 16:39:45 -04:00
Nick Mathewson
8fb38331c3 Hand-tune the new tor_memcmp instances in 0.2.2 2011-05-11 16:32:30 -04:00
Nick Mathewson
0cbcbc3412 Re-apply the automated conversion to 0.2.2 to make handle any memcmps that snuck in 2011-05-11 16:27:27 -04:00
Nick Mathewson
44ad734573 Merge remote-tracking branch 'public/3122_memcmp_squashed' into bug3122_memcmp_022
Conflicts throughout.  All resolved in favor of taking HEAD and
adding tor_mem* or fast_mem* ops as appropriate.

	src/common/Makefile.am
	src/or/circuitbuild.c
	src/or/directory.c
	src/or/dirserv.c
	src/or/dirvote.c
	src/or/networkstatus.c
	src/or/rendclient.c
	src/or/rendservice.c
	src/or/router.c
	src/or/routerlist.c
	src/or/routerparse.c
	src/or/test.c
2011-05-11 16:24:29 -04:00
Nick Mathewson
59f9097d5c Hand-conversion and audit phase of memcmp transition
Here I looked at the results of the automated conversion and cleaned
them up as follows:

   If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
   changed it to a fast_memcmp or fast_memeq.

   Otherwise if there was a tor_memcmp that could turn into a
   tor_memneq or tor_memeq, I converted it.

This wants close attention.

[*] I'm erring on the side of caution here, and leaving some things
as tor_memcmp that could in my opinion use the data-dependent
fast_memcmp variant.
2011-05-11 16:12:51 -04:00
Nick Mathewson
db7b2a33ee Automated conversion of memcmp to tor_memcmp/tor_mem[n]eq
This commit is _exactly_ the result of

perl -i -pe 's/\bmemcmp\(/tor_memcmp\(/g' src/*/*.[ch]
perl -i -pe 's/\!\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*==\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*!=\s*tor_memcmp\(/tor_memneq\(/g' src/*/*.[ch]
git checkout src/common/di_ops.[ch]
git checkout src/or/test.c
git checkout src/common/test.h
2011-05-11 16:12:51 -04:00
Nick Mathewson
4b19730c82 Add a data-independent variant of memcmp and a d-i memeq function.
The tor_memcmp code is by Robert Ransom, and the tor_memeq code is
by me.  Both incorporate some ideas from DJB's stuff.
2011-05-11 16:12:33 -04:00
Nick Mathewson
e6980faec4 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/directory.c
2011-05-09 13:39:51 -04:00
Nick Mathewson
09d7af7789 Merge remote-tracking branch 'public/bug3022_v2' into maint-0.2.2 2011-05-09 13:37:56 -04:00
Nick Mathewson
acd6a4856b Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection.c
2011-05-09 13:36:40 -04:00
Sebastian Hahn
9da4e25183 Remove some dead code, found by clang 2011-05-09 13:19:46 -04:00
Sebastian Hahn
d7d25558fa Remove a duplicated line, found by clang 2011-05-09 13:19:46 -04:00
Sebastian Hahn
1c668540fe Fix potential null pointer deref during dirvote
Found by using clang's analyzer.
2011-05-09 13:19:46 -04:00
Sebastian Hahn
1827e60976 Fix a potential null deref when rebuilding md cache
Issue discovered using clang's static analyzer
2011-05-09 13:19:45 -04:00
Sebastian Hahn
8ebb3ce6e2 CONN_LOG_PROTECT()'s first argument may not be 0
Make that explicit by adding an assert and removing a null-check. All of
its callers currently depend on the argument being non-null anyway.
Silences a few clang complaints.
2011-05-09 13:19:45 -04:00
Sebastian Hahn
80e57af50f Appease clang - and my tortured mind
This possible div by 0 warning from clang's analyzer was quite fun to
track down. Turns out the current behaviour is safe.
2011-05-09 13:19:45 -04:00
Sebastian Hahn
58a16a4d6f Add an assert to un-confuse clang's analyzer
The analyzer assumed that bootstrap_percent could be less than 0 when we
call control_event_bootstrap_problem(), which would mean we're calling
log_fn() with undefined values. The assert makes it clear this can't
happen.
2011-05-09 13:19:44 -04:00
Sebastian Hahn
532c13693e Fix a docstring 2011-05-09 13:19:44 -04:00
Sebastian Hahn
e36f9d1d9b Link to libevent_openssl statically when requested
When configure tor with --enable-bufferevents and
--enable-static-libevent, libevent_openssl would still be linked
dynamically. Fix this and refactor src/or/Makefile.am along the way.
2011-05-06 15:38:32 +02:00
Nick Mathewson
a740994c77 Fix check-spaces issues in master 2011-05-05 21:56:52 -04:00
Nick Mathewson
1065a5ef29 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-05 21:54:04 -04:00
Nick Mathewson
330116f034 Fix up some check-spaces issues 2011-05-05 21:53:46 -04:00
Nick Mathewson
85ddc76bf1 Make microdesc use off-by-default for now, since there are not enough caches 2011-05-05 20:54:14 -04:00
Nick Mathewson
9d4c32dd2f Now that 0.2.3.1-alpha is out, require it for microdesc fetches 2011-05-05 20:54:14 -04:00
Nick Mathewson
711100c597 Move dummy authority.z fetch out of update_router_descriptor_downloads
To make sure that a server learns if its IP has changed, the server
sometimes launches authority.z descriptor fetches from
update_router_descriptor_downloads.  That's nice, but we're moving
towards a situation where update_router_descriptor_downloads doesn't
always get called.  So this patch breaks the authority.z
check-and-fetch into a new function.

This function also renames last_routerdesc_download to a more
appropriate last_descriptor_download, and adds a new
update_all_descriptor_downloads() function.

(For now, this is unnecessary, since servers don't actually use
microdescriptors.  But that could change, or bridges could start
using microdescriptors, and then we'll be glad this is refactored
nicely.)
2011-05-05 20:54:13 -04:00
Nick Mathewson
4cc348e896 Code to make clients fetch and use microdescriptors for circuit building
To turn this on, set UseMicrodescriptors to "1" (or "auto" if you
want it on-if-you're-a-client).  It should go auto-by-default once
0.2.3.1-alpha is released.

Because of our node logic, directory caches will never use
microdescriptors when they have the right routerinfo available.
2011-05-05 20:54:12 -04:00
Nick Mathewson
3df22887a3 Replace _AUTHORITY enum values with _DIRINFO values (automted) 2011-05-05 20:54:12 -04:00
Nick Mathewson
6e58575767 Automated rename from authority_type_t to dirinfo_type_t
We were already overloading this type to mean "a directory that can
serve us X" in addition to "a directory that is an authority for X."
2011-05-05 20:54:11 -04:00
Nick Mathewson
ba1143e468 Add a new configuration type, "AUTOBOOL", to handle 1/0/auto types
We only have one of these now, but I'm about to add a few more.

Yes, I have already thought of the "Filenotfoundian logic" joke.
2011-05-05 20:54:11 -04:00
Nick Mathewson
08efa70c41 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-04 23:29:56 -04:00
Nick Mathewson
9583a534ac Merge remote-tracking branch 'rransom/bug3106' into maint-0.2.2 2011-05-04 23:18:47 -04:00
Robert Ransom
66339f74b4 Handle crypto_pk_get_digest failures semi-sensibly
Fixes bug 3106.
2011-05-04 20:06:24 -07:00
Nick Mathewson
7de3a19497 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-04 20:33:38 -04:00
Nick Mathewson
ab1460f3ae Merge remote-tracking branch 'sebastian/win_warning' into maint-0.2.2 2011-05-04 20:33:16 -04:00
Sebastian Hahn
9a490bb53b Fix compile warning on windows 2011-05-05 02:22:46 +02:00
Nick Mathewson
aba7bb705a Set SO_REUSEADDR on all sockets, not just listeners
See bug 2850 for rationale: it appears that on some busy exits, the OS
decides that every single port is now unusable because they have been
all used too recently.
2011-05-03 22:22:20 -04:00
Nick Mathewson
fac99f01da Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-03 21:54:18 -04:00
Nick Mathewson
4126de6888 Fix circuit_list_path_impl(): internal circuits do not have an "exit". Trivial fix for 3079. 2011-05-03 21:53:59 -04:00
Nick Mathewson
599d1b62b4 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/main.c
	src/or/microdesc.c
2011-05-03 17:30:58 -04:00
Nick Mathewson
68ae5afa5a Change who calls microdesc_cache_rebuild().
Previously we ensured that it would get called periodically by doing
it from inside the code that added microdescriptors.  That won't work
though: it would interfere with our code that tried to read microdescs
from disk initially.  Instead, we should consider rebuilding the cache
periodically, and on startup.
2011-05-03 17:28:28 -04:00
Nick Mathewson
865d53be54 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/microdesc.c
2011-05-03 17:19:35 -04:00
Nick Mathewson
cb6c909664 Rebuild the microdesc cache when a sufficient number of bytes are dropped
Previously on 0.2.2, we'd never clean the cache.  Now that we can
clean it, we want to add a condition to rebuild it: that should happen
whenever we have dropped enough microdescriptors that we could save a
lot of space.

No changes file, since 0.2.3 doesn't need one and 0.2.2 already has some
changes files for the backport of the microdesc_clean_cahce() function.
2011-05-03 17:03:49 -04:00
Nick Mathewson
56fbd728c2 Backport microdesc_cache_clean to 0.2.2
Otherwise we have no way to keep authorities' microdesc caches in 0.2.2
from growing without bound.
2011-05-03 16:45:15 -04:00
Nick Mathewson
1f97e8322f Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/microdesc.c
2011-05-03 16:33:41 -04:00
Nick Mathewson
970715dd8f Fix a check for when to rebuild the microdesc cache. (Backport from 0.2.3. 2011-05-03 16:29:39 -04:00
Nick Mathewson
698fa0fc67 Add missing code to set cache->journal_len when reading microdesc journal
This could be one reason that authorities' journals would grow without
bound; related to bug 2230. Bugfix on 0.2.2.6-alpha.  Fix by
"cypherpunks".
2011-05-03 16:22:31 -04:00
Sebastian Hahn
47a2e5a9ce Don't choose exit nodes without desc available
n_supported[i] has a random value prior to initialization, so a node
that doesn't have routerinfo available can have a random priority.

Patch contributed by wanoskarnet from #tor. Thanks!
2011-04-30 22:03:51 +02:00
Nick Mathewson
c48d6da24c Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-29 11:15:11 -04:00
Nick Mathewson
dbd73b9689 Clean up a warning a bit 2011-04-29 11:14:53 -04:00
Nick Mathewson
4f7587a5ed Tweak the startup message to be more helpful
Instead of just saying "boogity boogity!" let's actually warn people
that they need to configure stuff right to be safe, and point them
at instructions for how to do that.

Resolves bug 2474.
2011-04-28 22:00:22 -04:00
Nick Mathewson
bcdffc0f80 Rate-limit v2 networkstatus download fail warnings
This fixes part of 1352.  We don't care deeply about these warnings,
since v2 networkstatuses aren't a big deal.
2011-04-28 21:25:24 -04:00
Nick Mathewson
50c6b55757 Rename connection_dir_download_networkstatus_failed: be clear that it means v2 2011-04-28 21:23:32 -04:00
Nick Mathewson
20d6ac3530 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 21:17:51 -04:00
Nick Mathewson
f0d9e2d650 Merge remote-tracking branch 'arma/bug3012' into maint-0.2.2 2011-04-28 21:15:14 -04:00
Roger Dingledine
66de6f7eb8 relays checkpoint their state file twice a day 2011-04-28 21:06:25 -04:00
Nick Mathewson
cd42ae7185 Only authorities should automatically download v2 networkstatus documents
Clients and relays haven't used them since early 0.2.0.x.  The only
remaining use by authorities learning about new relays ahead of scedule;
see proposal 147 for what we intend to do about that.

We're leaving in an option (FetchV2Networkstatus) to manually fetch v2
networkstatuses, because apparently dnsel and maybe bwauth want them.

This fixes bug 3022.
2011-04-28 21:06:07 -04:00
Nick Mathewson
b0a7e0d6ca Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 20:55:03 -04:00
Nick Mathewson
4010427b51 Merge remote-tracking branch 'arma/bug3039' into maint-0.2.2 2011-04-28 20:53:44 -04:00
Roger Dingledine
df3cf881d1 stop putting wacky values into state->lastwritten 2011-04-28 20:40:15 -04:00
Nick Mathewson
9d67d16c6a Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 20:38:50 -04:00
Nick Mathewson
5693fedb60 Clarify comment to say which version fixed 2722 2011-04-28 20:38:15 -04:00
Nick Mathewson
6b9aadd557 Merge remote-tracking branches 'rransom/bug2722' and 'rransom/bug2722b' into maint-0.2.2 2011-04-28 20:36:38 -04:00
Nick Mathewson
bb8689b864 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 20:05:48 -04:00
Nick Mathewson
c122897925 Merge remote-tracking branch 'sebastian/bug3020' into maint-0.2.2 2011-04-28 20:03:57 -04:00
Roger Dingledine
710227a77f fix a function comment 2011-04-28 19:19:04 -04:00
Sebastian Hahn
525d2700dd Correctly check elapsed time in last hibernation period
Fix bug 3020.
2011-04-29 01:18:32 +02:00
Nick Mathewson
f38ecd5ac0 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 18:14:50 -04:00
Nick Mathewson
6dfc0d5301 Avoid false positives from proxy_mode()
Previously it would erroneously return true if ListenAddr was set for
a client port, even if that port itself was 0.  This would give false
positives, which were not previously harmful... but which were about
to become.
2011-04-28 18:11:58 -04:00
Robert Ransom
b8708b5bd3 Fix bug 1930 2011-04-28 18:11:58 -04:00
Robert Ransom
ddd1b7be2d Ignore SIGNAL NEWNYM on relay-only Tor instances 2011-04-28 18:10:17 -04:00
Robert Ransom
df5c7fedbd Don't allow v0 HS auths to act as clients
A v0 HS authority stores v0 HS descriptors in the same descriptor
cache that its HS client functionality uses.  Thus, if the HS
authority operator clears its client HS descriptor cache, ALL v0
HS descriptors will be lost.  That would be bad.
2011-04-28 18:10:16 -04:00
Nick Mathewson
88638d40ca Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 16:05:59 -04:00
Nick Mathewson
3055acbdbe Merge remote-tracking branch 'sebastian/bug2497' into maint-0.2.2 2011-04-28 16:05:34 -04:00
Nick Mathewson
32918e954f Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/rendcommon.h
2011-04-28 15:57:27 -04:00
Robert Ransom
2c0258b69a Clean up merge of bug3k_021 2011-04-28 15:52:42 -04:00
Sebastian Hahn
4b13ebd5ab Merge branch 'bug3k_021' into bug3k_022
Conflicts:
	src/or/or.h
	src/or/rendclient.c
2011-04-28 19:00:34 +02:00
Sebastian Hahn
8a36f21251 Fix a failure case of connection_ap_handshake_attach_circuit()
tor_fragile_assert() might be a no-op, so we have to return something
here to indicate failure to the caller.
2011-04-28 18:14:50 +02:00
Robert Ransom
f1cf9bd74d Fix a bug introduced by purging rend_cache on NEWNYM
If the user sent a SIGNAL NEWNYM command after we fetched a rendezvous
descriptor, while we were building the introduction-point circuit, we
would give up entirely on trying to connect to the hidden service.

Original patch by rransom slightly edited to go into 0.2.1
2011-04-28 18:14:50 +02:00
Robert Ransom
2ad18ae736 Allow rend_client_send_introduction to fail transiently
i.e. without closing the AP connection.
2011-04-28 18:14:50 +02:00
Robert Ransom
440e48ddf2 Forget all rendezvous client state on SIGNAL NEWNYM 2011-04-28 18:14:50 +02:00
Nick Mathewson
26c022ecbc Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-27 17:26:40 -04:00
Nick Mathewson
34510f9278 Fix clear_trackhostexits_mapping() to actually work as advertised
Previously, it would remove every trackhostexits-derived mapping
*from* xyz.<exitname>.exit; it was supposed to remove every
trackhostexits-derived mapping *to* xyz.<exitname>.exit.

Bugfix on 0.2.0.20-rc: fixes an XXX020 added while staring at bug-1090
issues.
2011-04-27 17:23:05 -04:00
Roger Dingledine
d4a61c76a1 Merge branch 'maint-0.2.2'
Conflicts:
	src/or/dirserv.h
2011-04-27 15:21:27 -04:00
Nick Mathewson
78c610eea9 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	doc/tor.1.txt
2011-04-27 15:20:01 -04:00
Roger Dingledine
cba1d29b7f make make check-spaces happier.
(still not happy.)
2011-04-27 15:18:34 -04:00
cypherpunks
247cbab6c8 Fix double-free bug in microdesc parser 2011-04-27 15:15:32 -04:00
Nick Mathewson
8b686d98c4 Merge maint-0.2.2 for the bug1090-part1-squashed branch
Resolved conflicts in:
	doc/tor.1.txt
	src/or/circuitbuild.c
	src/or/circuituse.c
	src/or/connection_edge.c
	src/or/connection_edge.h
	src/or/directory.c
	src/or/rendclient.c
	src/or/routerlist.c
	src/or/routerlist.h

These were mostly releated to the routerinfo_t->node_t conversion.
2011-04-27 14:36:30 -04:00
Roger Dingledine
0c40dda3ad explain an argument in a function comment 2011-04-27 13:43:11 -04:00
Nick Mathewson
748350ace1 Instead of checking whether we have unremoved intro points, check for usable ones 2011-04-27 00:01:41 -04:00
Roger Dingledine
b8b557dcb2 better user-facing warnings for unexpected last hops
these still aren't perfect, but we won't know how to correct them until
we start experiencing surprised users.
2011-04-27 00:01:41 -04:00
Roger Dingledine
f7a5bc16d6 warn if we launch too many circuits for a given stream 2011-04-27 00:01:41 -04:00
Roger Dingledine
f962dda8c1 revert most of ef81649d2f
Now we believe it to be the case that we never build a circuit for our
stream that has an unsuitable exit, so we'll never need to use such
a circuit. The risk is that we have some code that builds the circuit,
but now we refuse to use it, meaning we just build a bazillion circuits
and ignore them all.
2011-04-27 00:01:41 -04:00
Nick Mathewson
8ee92f28e0 Add a circuit_purpose_to_string() function, and use it
We had a circuit_purpose_to_controller_string() function, but it was
pretty coarse-grained and didn't try to be human-readable.
2011-04-27 00:01:35 -04:00
Sebastian Hahn
e03e90bf59 Fix a check-spaces complaint 2011-04-26 23:55:23 -04:00
Sebastian Hahn
92ec36a061 Explain the "using anyway" log message better
Also add a request to report any cases where we are not honoring
StrictNodes to the developers: These should now all be bugs.
2011-04-26 23:55:23 -04:00
Sebastian Hahn
8e2904e269 Fix a log msg 2011-04-26 23:55:22 -04:00
Nick Mathewson
79a3b3cd37 Check transition of circuit purpose from INTRO->GENERAL if nodes are constrained
This looked at first like another fun way around our node selection
logic: if we had introduction circuits, and we wound up building too
many, we would turn extras into general-purpose circuits.  But when we
did so, we wouldn't necessarily check whether the general-purpose
circuits conformed to our node constraints.  For example, the last
node could totally be in ExcludedExitNodes and we wouldn't have cared...

...except that the circuit should already be internal, so it won't get user
streams attached to it, so the transition should generally be allowed.
Add an assert to make sure we're right about this, and have it not
check whether ExitNodes is set, since that's irrelevant to internal
circuits.
2011-04-26 23:54:18 -04:00
Nick Mathewson
6afad6b691 When cannibalizing a circuit, make sure it has no ExcludeNodes on it
This could happen if StrictNodes was 0 and we were forced to pick an
excluded node as the last hop of the circuit.
2011-04-26 23:54:17 -04:00
Nick Mathewson
80adb3de50 When there is a transition in permitted nodes, apply it to trackexithosts map
IOW, if we were using TrackExitHosts, and we added an excluded node or
removed a node from exitnodes, we wouldn't actually remove the mapping
that points us at the new node.

Also, note with an XXX022 comment a place that I think we are looking
at the wrong string.
2011-04-26 23:54:17 -04:00
Nick Mathewson
128582cc1f Simplify calls to routerset_equal
The routerset_equal function explicitly handles NULL inputs, so
there's no need to check inputs for NULL before calling it.

Also fix a bug in routerset_equal where a non-NULL routerset with no
entries didn't get counted as equal to a NULL routerset.  This was
untriggerable, I think, but potentially annoying down the road.
2011-04-26 23:54:17 -04:00
Nick Mathewson
84f0e87c6a If we have chosen an exit that shares a family with all bridges, fail the circuit
We could probably do something smarter here, but the situation is
unusual enough that it's okay to just fail the circuit.
2011-04-26 23:54:17 -04:00
Nick Mathewson
b59a289365 Do not try to download descriptors for bridges in ExcludeNodes. 2011-04-26 23:54:16 -04:00
Nick Mathewson
ad78bafb71 Correct the behavior of .exit with ExcludeNodes, StrictNodes, etc.
ExcludeExitNodes foo now means that foo.exit doesn't work.  If
StrictNodes is set, then ExcludeNodes foo also overrides foo.exit.

foo.exit , however, still works even if foo is not listed in ExitNodes.
2011-04-26 23:54:16 -04:00
Nick Mathewson
ed7c267743 Note another place that we need to fix a 1090 issue. 2011-04-26 23:54:16 -04:00
Nick Mathewson
4851de554d Do not automatically ignore Fast/Stable for exits when ExitNodes is set
This once maybe made sense when ExitNodes meant "Here are 3 exits;
use them all", but now it more typically means "Here are 3
countries; exit from there."  Using non-Fast/Stable exits created a
potential partitioning opportunity and an annoying stability
problem.

(Don't worry about the case where all of our ExitNodes are non-Fast
or non-Stable: we handle that later in the function by retrying with
need_capacity and need_uptime set to 0.)
2011-04-26 23:54:16 -04:00
Nick Mathewson
e4689d8402 Note a slightly less likely way to violate ExcludeNodes 2011-04-26 23:54:16 -04:00
Nick Mathewson
db2fd28308 Note that circuit purpose changing can violate ExcludeNodes 2011-04-26 23:54:16 -04:00
Nick Mathewson
ca74badbe9 If we're excluded, and StrictNodes is set, do not do self-tests. 2011-04-26 23:54:15 -04:00
Nick Mathewson
affdec8d04 Add an XXX022-1090 to note consider_exit_fmily b0rkenness 2011-04-26 23:54:15 -04:00
Roger Dingledine
5710ea6475 three more cases where maybe we want to exclude 2011-04-26 23:54:15 -04:00
Roger Dingledine
9f47cfc21a make formal a constraint that's been true a while now 2011-04-26 23:54:15 -04:00
Roger Dingledine
2b5c39211c refuse moria1.exit if moria1 is excluded
add a note reminding us to do this for foo.moria1.exit if we decide to.
2011-04-26 23:54:15 -04:00
Roger Dingledine
bcea155ce0 note another case where strictnodes is considered for exits 2011-04-26 23:54:14 -04:00
Roger Dingledine
0ad3836f73 If ExitNodes and Exclude{Exit}Nodes overlap, obey Exclude{Exit}Nodes.
Also, ExitNodes are always strict.
2011-04-26 23:54:14 -04:00
Roger Dingledine
5d12495d98 the new entrynodes behavior is always strict 2011-04-26 23:54:13 -04:00
Roger Dingledine
719b5b87de don't exit enclave to excluded relays 2011-04-26 23:54:13 -04:00
Roger Dingledine
7e2e8074d5 slight tweak on circuit_conforms_to_options
this function really needs to get a total rewrite (or die)

For now, use #if 0 to disable it.
2011-04-26 23:54:04 -04:00
Roger Dingledine
4906188b62 handle excludenodes for dir fetch/post
If we're picking a random directory node, never pick an excluded one.
But if we've chosen a specific one (or all), allow it unless strictnodes
is set (in which case warn so the user knows it's their fault).

When warning that we won't connect to a strictly excluded node,
log what it was we were trying to do at that node.

When ExcludeNodes is set but StrictNodes is not set, we only use
non-excluded nodes if we can, but fall back to using excluded nodes
if none of those nodes is usable.
2011-04-26 23:53:50 -04:00
Roger Dingledine
ad3da53536 If EntryNodes and ExcludeNodes overlap, obey ExcludeNodes. 2011-04-26 23:53:49 -04:00
Roger Dingledine
82178a81f6 refuse excluded hidserv nodes if strictnodes
Make hidden services more flaky for people who set both ExcludeNodes
and StrictNodes. Not recommended, especially for hidden service operators.
2011-04-26 23:53:20 -04:00
Nick Mathewson
3256627a45 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/main.h
2011-04-26 15:30:51 -04:00
Nick Mathewson
f810a1afe9 Expose a new process_signal(uintptr_t), not signal_callback()
This is a tweak to the bug2917 fix.  Basically, if we want to simulate
a signal arriving in the controller, we shouldn't have to pretend that
we're Libevent, or depend on how Tor sets up its Libevent callbacks.
2011-04-26 15:20:08 -04:00
Nick Mathewson
a7a906603e Merge remote-tracking branch 'sebastian/bug2917' into maint-0.2.2 2011-04-26 15:17:03 -04:00
Nick Mathewson
33f058a5ba Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-26 13:12:43 -04:00
Nick Mathewson
b75d1daf40 Merge remote-tracking branch 'public/bug2332' into maint-0.2.2 2011-04-26 13:10:54 -04:00
Nick Mathewson
47f472510f Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/rephist.c
2011-04-26 12:49:58 -04:00
Nick Mathewson
bb6d45af1f Downgrade notice to info when downloading a cert. 2011-04-26 12:47:09 -04:00
Roger Dingledine
9d673dcd20 fix some comments before they create conflicts 2011-04-26 11:29:22 -04:00
Nick Mathewson
6a726d34e1 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-26 11:15:03 -04:00
Nick Mathewson
1cff525973 Fix compilation in last patch 2011-04-26 11:14:46 -04:00
Nick Mathewson
f083347adf Merge remote-tracking branch 'sebastian/bug2704' into maint-0.2.2 2011-04-26 11:07:48 -04:00
Nick Mathewson
075d904d39 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/dirserv.h
2011-04-26 11:05:54 -04:00
Sebastian Hahn
6fde2b46d2 Fix more of bug 2704
The last entry of the *Maxima values in the state file was inflated by a
factor of NUM_SECS_ROLLING_MEASURE (currently 10). This could lead to
a wrong maximum value propagating through the state file history.
2011-04-26 15:36:17 +02:00
Sebastian Hahn
4c789ec08c Don't leak the local hostname in relay nicknames
Fixes bug 2979, reported by tagnaq.
2011-04-26 05:08:32 +02:00
Nick Mathewson
5230cc4fe7 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-25 19:04:13 -04:00
Nick Mathewson
f3b58dfa53 Merge commit '91aa6f08bcf0acbdfa038aaffe73e327ddd87c67' into maint-0.2.2 2011-04-25 19:03:15 -04:00
Sebastian Hahn
91aa6f08bc Make the Log configuration option expand ~ 2011-04-22 16:06:52 +02:00
Nick Mathewson
fdbdaf8fab Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-21 13:41:38 -04:00
Nick Mathewson
a0514ba531 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-04-21 13:40:00 -04:00
Nick Mathewson
e98583594d Fix a bug in removing DNSPort requests from their circular list
Under heavy load, this could result in an assertion failure.  Fix for
bug 2933; bugfix on 0.2.0.10-alpha.
2011-04-21 13:39:00 -04:00
Nick Mathewson
7c83d4043d Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-19 15:39:04 -04:00
Sebastian Hahn
3f7f96d9e7 Prevent hugely inflated observed bandwidth values
When reading the bw history from the state file, we'd add the 900-second
value as traffic that occured during one second. Fix that by adding the
average value to each second.

This bug was present since 0.2.0.5-alpha, but was hidden until
0.2.23-alpha when we started using the saved values.
2011-04-19 15:38:26 -04:00
Sebastian Hahn
13c3884ff6 Don't sometimes undercount bw average
This fixes the first part of bug 2704. It should occur only rarely when
no bw maxima are known. Bugfix on 0.2.2.23-alpha. Fixes bug 2704.
2011-04-19 15:38:10 -04:00
Nick Mathewson
4a7f979b54 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-19 12:41:01 -04:00
Nick Mathewson
5cc322e547 Standardize our printf code on %d, not %i. 2011-04-19 12:40:29 -04:00
Nick Mathewson
9eeb902d12 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-19 12:37:18 -04:00
Nick Mathewson
f52cfbfc00 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-19 12:31:55 -04:00
Nick Mathewson
0e554f93d6 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-04-19 12:31:42 -04:00
Nick Mathewson
dfc9c6a0f9 Merge remote-tracking branch 'rransom/bug2750-v3' into maint-0.2.1 2011-04-19 12:30:50 -04:00
Nick Mathewson
cfd7b118a7 Ouch: correctly tabify the micro-revision.i target in Makefile.am (0.2.1 only) 2011-04-19 12:29:20 -04:00
Nick Mathewson
750b5119c0 Merge remote-tracking branch 'asn/heartbeat' 2011-04-19 12:08:28 -04:00
Sebastian Hahn
c1927d7d5f Don't report empty bw-history lines in extrainfo
Some tor relays would report lines like these in their extrainfo
documents:
dirreq-write-history 2011-03-14 16:46:44 (900 s)

This was confusing to some people who look at the stats. It would happen
whenever a relay first starts up, or when a relay has dirport disabled.
Change this so that lines without actual bw entries are omitted.
Implements ticket 2497.
2011-04-19 14:51:40 +02:00
Nick Mathewson
48bdc2f729 Correct HS descriptor length check
Fixes bug 2948.
2011-04-18 13:53:13 -07:00
Robert Ransom
130db1bdeb Merge branch 'bug2750-v3' into bug2948 2011-04-18 13:36:19 -07:00
Robert Ransom
adc31001c2 Add an XXX 2011-04-18 13:25:48 -07:00
Robert Ransom
bfebc942ea Correct the warning emitted when rejecting an oversized HS desc 2011-04-18 13:17:40 -07:00
Robert Ransom
134da2fbcf Add an XXX to the DA code regarding bug 2722 2011-04-18 12:00:48 -07:00
George Kadianakis
c2d9d80a07 Reuse get_bytes_{read,written}() in status.c 2011-04-16 14:48:46 +02:00
Sebastian Hahn
5114e3e442 Make SIGNAL DUMP work on FreeBSD
While doing so, get rid of the now unnecessary function
control_signal_act().

Fixes bug 2917, reported by Robert Ransom. Bugfix on commit
9b4aa8d2ab. This patch is loosely based on
a patch by Robert (Changelog entry).
2011-04-15 05:35:30 +02:00
Nick Mathewson
99c2bfe76b Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/rephist.c
2011-04-08 13:37:57 -04:00
Nick Mathewson
403b6cfded Free circuits_for_buffer_stats on shutdown 2011-04-07 14:59:28 -04:00
Nick Mathewson
71fb2af62c Fix up some cell-queue stats issues in rephist.c
- Document the structure and variables.
- Make circuits_for_buffer_stats into a static variable.
- Don't die horribly if interval_length is 0.
- Remove the unused local_circ_id field.
- Reorder the fields of circ_buffer_stats_t for cleaner alignment layout.
2011-04-07 14:56:50 -04:00
Nick Mathewson
67d88a7d60 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/address.c
	src/common/compat_libevent.c
	src/common/memarea.c
	src/common/util.h
	src/or/buffers.c
	src/or/circuitbuild.c
	src/or/circuituse.c
	src/or/connection.c
	src/or/directory.c
	src/or/networkstatus.c
	src/or/or.h
	src/or/routerlist.c
2011-04-07 12:17:20 -04:00
Nick Mathewson
ba0cd8094f Merge remote-tracking branch 'public/xxx_fixups' into maint-0.2.2
Conflicts:
	src/or/or.h
2011-04-07 12:03:04 -04:00
Nick Mathewson
07ab483e62 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-07 11:55:17 -04:00
Nick Mathewson
118d8ffdcb Allow controllers a more up-to-date view of bridge usage.
Instead of answering GETINFO requests about our geoip usage only after
running for 24 hours, this patch makes us answer GETINFO requests
immediately.  We still round and quantize as before.

Implements bug2711.

Also, refactor the heck out of the bridge usage formatting code.  No
longer should we need to do a generate-parse-and-regenerate cycle to
get the controller string, and that lets us simplify the code a lot.
2011-04-07 11:53:37 -04:00
Nick Mathewson
09759a66ea Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-07 11:43:36 -04:00
Sebastian Hahn
286d44402e Fix a compile warning on OS X 10.6 2011-04-07 05:47:55 +02:00
Nick Mathewson
13f60e16eb Merge remote-tracking branch 'public/bug2381' 2011-04-06 16:19:41 -04:00
Nick Mathewson
32341ac467 Merge remote-tracking branch 'public/bug2402_again' into maint-0.2.1 2011-04-06 16:13:22 -04:00
Nick Mathewson
f6cc8f0ee3 Add a missing ! to the check for CountPrivatebandwidth. 2011-04-06 15:24:44 -04:00
Nick Mathewson
1a49fdecf8 Tweaks to Cagara's CountPrivateBandwidth patch:
- Document it in the manpage
  - Add a changes entry
  - No need to log when it is set: we don't log for other options.
  - Use doxygen to document the new flag.
  - Test truth of C variables with "if (x)", not "if (x == 1)".
  - Simplify a complex boolean expression by breaking it up.
2011-04-05 16:24:42 -04:00
Daniel Cagara
e61f3293e4 Patch from cagara: Add a CountPrivateBandwidth flag 2011-04-05 16:24:01 -04:00
Nick Mathewson
ee871e7a0e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/compat.h
	src/or/circuitlist.c
	src/or/circuituse.c
	src/or/or.h
	src/or/rephist.c
2011-03-30 14:55:50 -04:00
Nick Mathewson
65eb0e41ac Use cbt to tell when to launch parallel intro circuit
Implement feature from trac #2799
2011-03-30 14:41:53 -04:00
Nick Mathewson
aa950e6c48 Use timevals, not time_t, when expiring circuits.
We've got millisecond timers now, we might as well use them.

This change won't actually make circuits get expiered with microsecond
precision, since we only call the expiry functions once per second.
Still, it should avoid the situation where we have a circuit get
expired too early because of rounding.

A couple of the expiry functions now call tor_gettimeofday: this
should be cheap since we're only doing it once per second.  If it gets
to be called more often, though, we should onsider having the current
time be an argument again.
2011-03-30 14:41:41 -04:00
Nick Mathewson
fc64783278 Send END_STREAM_REASON_NOROUTE: clients that didn't grok it are now obsolete 2011-03-28 13:42:59 -04:00
Sebastian Hahn
8d81831d71 Add a missing cast to silence the compiler 2011-03-28 19:25:38 +02:00
Nick Mathewson
432734279d Fix handling of StreamID exhaustion.
Since svn r1475/git 5b6099e8 in tor-0.0.6, we have responded to an
exhaustion of all 65535 stream IDs on a circuit by marking that
circuit for close.  That's not the right response.  Instead, we
should mark the circuit as "too dirty for new circuits".

Of course in reality this isn't really right either.  If somebody
has managed to cram 65535 streams onto a circuit, the circuit is
probably not going to work well for any of those streams, so maybe
we should be limiting the number of streams on an origin circuit
concurrently.

Also, closing the stream in this case is probably the wrong thing to
do as well, but fixing that can also wait.
2011-03-25 18:32:28 -04:00
Nick Mathewson
f3b89c1141 Add XXX023s for our timestamp_dirty abuse. 2011-03-25 18:32:28 -04:00
Nick Mathewson
d38030381b Clarify some documentation and comments wrt resetting OR token buckets 2011-03-25 18:32:28 -04:00
Nick Mathewson
550749555c Remove workaround code for bug539
We fixed bug 539 (where directories would say "503" but send data
anyway) back in 0.2.0.16-alpha/0.1.2.19.  Because most directory
versions were affected, we added workaround to make sure that we
examined the contents of 503-replies to make sure there wasn't any
data for them to find.  But now that such routers are nonexistent,
we can remove this code.  (Even if somebody fired up an 0.1.2.19
directory cache today, it would still be fine to ignore data in its
erroneous 503 replies.)
2011-03-25 18:32:28 -04:00
Nick Mathewson
dddd333a80 Fix some 'impossible' overflow bugs in byte counting
The first was genuinely impossible, I think: it could only happen
when the amount we read differed from the amount we wanted to read
by more than INT_MAX.

The second is just very unlikely: it would give incorrect results to
the controller if you somehow wrote or read more than 4GB on one
edge conn in one second.  That one is a bugfix on 0.1.2.8-beta.
2011-03-25 18:32:28 -04:00
Nick Mathewson
6a5b94de6c Look at the right errno when sending reason for connect() failure
In afe414 (tor-0.1.0.1-rc~173), when we moved to
connection_edge_end_errno(), we used it in handling errors from
connection_connect().  That's not so good, since by the time
connection_connect() returns, the socket is no longer set, and we're
supposed to be looking at the socket_errno return value from
connection_connect() instead.  So do what we should've done, and
look at the socket_errno value that we get from connection_connect().
2011-03-25 18:32:28 -04:00
Nick Mathewson
05887f10ff Triage the XXX022 and XXX021 comments remaining in the code
Remove some, postpone others, leave some alone.  Now the only
remaining XXX022s are ones that seem important to fix or investigate.
2011-03-25 18:32:27 -04:00
Nick Mathewson
41380fa3b3 Fixup tor_addr_to_sockaddr return convention 2011-03-25 16:28:38 -04:00
Nick Mathewson
444e46d96d Remove the "fuzzy time" code
It was the start of a neat idea, but it only got used in 3 places,
none of which really needed it.
2011-03-25 16:28:37 -04:00
Nick Mathewson
8b393afa94 Merge remote branch 'origin/maint-0.2.2'
Trivial Conflicts:
	configure.in
2011-03-18 12:44:37 -04:00
Nick Mathewson
fe86be61b6 Fix signed/unsigned compare warning 2011-03-18 12:42:00 -04:00
Nick Mathewson
f3d6663665 Merge remote branch 'sebastian/bug2696' into maint-0.2.2 2011-03-18 12:39:40 -04:00
Nick Mathewson
547635c004 Futz with the clang patch a bit and tidy some geoip.c stuff 2011-03-17 14:06:04 -04:00
Nick Mathewson
1db6eb6cb7 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-03-16 18:10:24 -04:00
Nick Mathewson
9dfa244484 Document a few more members. 2011-03-16 18:10:15 -04:00
Nick Mathewson
8f9cfa0abe Remove a useless doxygen comment 2011-03-16 18:07:42 -04:00
Nick Mathewson
27d1675d93 Move the decl for tor_gettimofday_cache_clear to the right header 2011-03-16 17:54:48 -04:00
Nick Mathewson
57b954293e Merge remote-tracking branch 'origin/maint-0.2.2'
Trivial Conflicts in
	src/common/crypto.c
	src/or/main.h
	src/or/or.h
2011-03-16 17:09:32 -04:00
Nick Mathewson
6617822b84 Doxygen documentation for about 100 things that didn't have any
About 860 doxygen-less things remain in 0.2.2
2011-03-16 17:05:37 -04:00
Nick Mathewson
7f6af7a602 Fix up all doxygen warnings other than "foo is not documented" 2011-03-16 14:47:27 -04:00
Nick Mathewson
415caba967 Merge remote branch 'arma/optimistic_server' 2011-03-15 17:20:41 -04:00
Nick Mathewson
737228ed8e Merge remote branch 'origin/maint-0.2.2' 2011-03-15 17:18:29 -04:00
Nick Mathewson
c5ffd44ccd Merge branch 'bug2756_relay' into maint-0.2.2 2011-03-15 17:13:07 -04:00
Roger Dingledine
c2775196f7 whitespace fixes to pass 'make check-spaces' 2011-03-15 16:59:58 -04:00
Nick Mathewson
a86e27cf00 Fix comment for connection_edge_consider_sending_sendme 2011-03-15 15:35:11 -04:00
Nick Mathewson
4dde69a6d0 Merge remote branch 'origin/maint-0.2.2' 2011-03-15 15:19:38 -04:00
Nick Mathewson
ab418447eb Merge branch 'bug2757' into maint-0.2.2 2011-03-15 15:18:15 -04:00
Nick Mathewson
c42bd529de Merge remote branch 'origin/maint-0.2.2' 2011-03-15 15:14:28 -04:00
Nick Mathewson
5938804d17 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-03-15 15:14:12 -04:00
Sebastian Hahn
30b3f0cdb1 Fix a compile warning when using clang
Issue noticed by Steven Murdoch; fixes bug 2689. The cast didn't do
anything, and we don't need to look at the return value of the function
here.
2011-03-15 15:13:35 -04:00
Nick Mathewson
84f27eb051 Merge remote branch 'origin/maint-0.2.2' 2011-03-15 14:50:42 -04:00
Robert Ransom
98abe1420d Fix a log message typo 2011-03-15 09:48:26 -07:00
Robert Ransom
3af59dcaee Log the source of a rejected POSTed v3 vote
Related to ticket 2683.
2011-03-15 09:16:58 -07:00
Nick Mathewson
06f026de66 Check newconn, not conn, before marking newconn for close
This fixes bug 2757.  It's a bugfix on 85da676108.
2011-03-14 18:52:15 -04:00
Nick Mathewson
fe9de9231a Revise prop174 patch: make the circuit sendme calls unconditional.
The circuit_consider_sending_sendme call should be unconditional,
since the circuit windows can move independent of the state of streams.
2011-03-14 18:24:47 -04:00
Ian Goldberg
bd7721f66e Implement server side of Proposal 174 (optimistic data)
Ian's original message:
    The current code actually correctly handles queued data at the
    Exit; if there is queued data in a EXIT_CONN_STATE_CONNECTING
    stream, that data will be immediately sent when the connection
    succeeds. If the connection fails, the data will be correctly
    ignored and freed. The problem with the current server code is
    that the server currently drops DATA cells on streams in the
    EXIT_CONN_STATE_CONNECTING state. Also, if you try to queue data
    in the EXIT_CONN_STATE_RESOLVING state, bad things happen because
    streams in that state don't yet have conn->write_event set, and so
    some existing sanity checks (any stream with queued data is at
    least potentially writable) are no longer sound.

    The solution is to simply not drop received DATA cells while in
    the EXIT_CONN_STATE_CONNECTING state. Also do not send SENDME
    cells in this state, so that the OP cannot send more than one
    window's worth of data to be queued at the Exit. Finally, patch
    the sanity checks so that streams in the EXIT_CONN_STATE_RESOLVING
    state that have buffered data can pass.

    [...] Here is a simple patch. It seems to work with both regular
    streams and hidden services, but there may be other corner cases
    I'm not aware of. (Do streams used for directory fetches, hidden
    services, etc. take a different code path?)
2011-03-14 18:05:33 -04:00
Nick Mathewson
1d36a8e9ae Consider sending stream-level SENDME cells on partial flushes.
Right now, we only consider sending stream-level SENDME cells when we
have completely flushed a connection_edge's outbuf, or when it sends
us a DATA cell.  Neither of these is ideal for throughput.

This patch changes the behavior so we now call
connection_edge_consider_sending_sendme when we flush _some_ data from
an edge outbuf.

Fix for bug 2756; bugfix on svn r152.
2011-03-14 17:48:45 -04:00
Nick Mathewson
f038b45b09 clarify log messages based on suggestion from arma 2011-03-14 17:23:28 -04:00
Nick Mathewson
ebf6786ab3 Merge remote branch 'origin/maint-0.2.2'
Fixed conflict: router_get_my_routerinfo now returns const

Conflicts:
	src/or/router.c
2011-03-14 17:22:38 -04:00
Nick Mathewson
b97d9abd09 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-03-14 17:04:53 -04:00
Nick Mathewson
50c9d31029 finish a comment 2011-03-14 16:46:43 -04:00
Nick Mathewson
e91a8c5589 Merge remote branch 'origin/maint-0.2.2'
Resolved nontrivial conflict around rewrite_x_address_for_bridge and
learned_bridge_descriptor.  Now, since leanred_bridge_descriptor works
on nodes, we must make sure that rewrite_node_address_for_bridge also
works on nodes.

Conflicts:
	src/or/circuitbuild.c
2011-03-14 16:34:33 -04:00
Nick Mathewson
0588330c1d Merge remote branch 'arma/bug2510' into maint-0.2.2 2011-03-14 16:14:54 -04:00
Roger Dingledine
cb101c4815 Merge branch 'bug2511' into bug2510 2011-03-14 15:52:53 -04:00
Nick Mathewson
f1c365b032 Merge remote branch 'origin/maint-0.2.2'
Fix trivial add/add conflict in main.c

Conflicts:
	src/or/main.c
2011-03-14 15:31:24 -04:00
Nick Mathewson
b639add1a0 Merge remote branch 'arma/bug2716' into maint-0.2.2 2011-03-14 15:29:02 -04:00
Robert Ransom
96b929e743 Log malformed HS descriptor requests at the proper level
This log message should be a 'protocol warning', not a 'warning'.
2011-03-14 01:15:36 -07:00
Robert Ransom
c90097e74a Remove dead code from rend_cache_lookup_v2_desc_as_dir
hid_serv_responsible_for_desc_id's return value is never negative, and
there is no need to search through the consensus to find out whether we
are responsible for a descriptor ID before we look in our cache for a
descriptor.
2011-03-14 01:14:05 -07:00
Roger Dingledine
72b89c96bf fix two issues pointed out by nickm 2011-03-13 16:56:41 -04:00
Roger Dingledine
1a9d19e972 we're not reachable if we don't have a routerinfo yet 2011-03-13 15:47:59 -04:00
Roger Dingledine
61f648ae37 fix one more typo 2011-03-13 15:22:45 -04:00
Robert Ransom
a6cc15e2ae Revert "If we are not using BEGIN_DIR cells, don't attempt to contact hidden service directories with non-open dir port."
This reverts commit 9a7098487b.

Conflicts:

	ChangeLog (left unchanged by this commit)
2011-03-12 07:30:24 -08:00
Nick Mathewson
176fde505f Tweak bug2716 patch a little
Name the magic value "10" rather than re-deriving it.

Comment more.

Use the pattern that works for periodic timers, not the pattern that
doesn't work. ;)
2011-03-12 00:19:52 -05:00
Nick Mathewson
d52a99dc77 Merge remote branch 'origin/maint-0.2.2' 2011-03-11 23:34:46 -05:00
Nick Mathewson
d34a5cdc59 Merge branch 'hsdir_assignment' into maint-0.2.2 2011-03-11 23:30:25 -05:00
Nick Mathewson
3a0c602155 Clarify threat description and avoid negative uptimes. 2011-03-11 23:27:53 -05:00
Roger Dingledine
977e396e86 improve accuracy for when a relay went unreachable 2011-03-11 22:12:15 -05:00
Roger Dingledine
600ad7bf8d Merge commit 'sebastian/bug2663' into maint-0.2.2 2011-03-11 20:37:21 -05:00
Sebastian Hahn
f7a3cdc8f2 Use observed instead of declared uptime for HSDir
It is important to verify the uptime claim of a relay instead of just
trusting it, otherwise it becomes too easy to blackhole a specific
hidden service. rephist already has data available that we can use here.

Bugfix on 0.2.0.10-alpha.
2011-03-11 18:44:35 +01:00
Nick Mathewson
02d93caa09 Backport: Generate version tags using Git, not (broken) svn revisions.
Partial backport of daa0326aaa .
Resolves bug 2402.  Bugfix on 0.2.1.15 (for the part where we switched to
git) and on 0.2.1.30 (for the part where we dumped micro-revisions.)
2011-03-11 11:01:17 -05:00
Nick Mathewson
671318c3a8 Revert "Simplest fix to bug2402: do not include SVN versions"
This reverts commit a1073ee956.

Apparently, we totally misunderstood how the debian packages were using
microrevisions.  Better fix that!
2011-03-11 10:47:25 -05:00
Sebastian Hahn
473ff26563 Fix two compile warnings when using clang
Issue found by Steven Murdoch
2011-03-10 01:48:19 +01:00
Nick Mathewson
63651b9191 Merge remote branch 'origin/maint-0.2.2'
Trivial conflicts fixed in or.h

Conflicts:
	src/or/or.h
2011-03-08 16:20:53 -05:00
Nick Mathewson
00446973f2 Merge remote branch 'sebastian/bug2250' into maint-0.2.2 2011-03-08 16:13:28 -05:00
Nick Mathewson
f9bb3ced51 Merge remote branch 'origin/maint-0.2.2'
Resolved trivial one-line conflicts.

Conflicts:
	src/or/dirserv.c
	src/or/rephist.c
2011-03-08 16:10:40 -05:00
Nick Mathewson
0d78a16c36 Merge remote branch 'sebastian/bug1035' into maint-0.2.2 2011-03-08 15:52:43 -05:00
Nick Mathewson
d5907e7d9d Merge remote branch 'origin/maint-0.2.2' 2011-03-08 15:23:30 -05:00
Nick Mathewson
9ad083d573 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-03-08 15:20:48 -05:00
Nick Mathewson
9a6df21539 Avoid crash in any_pending_bridge_descriptor_fetches
This is based on shitlei's fix for bug2629, with extra parens removed.
Fixes bug 2629, bugfix on 0.2.1.2-alpha.
2011-03-08 15:17:41 -05:00
Sebastian Hahn
2f8e96b553 Fix log message when we have too few dirauths
The calculation of when to send the logmessage was correct, but we
didn't give the correct number of relays required: We want more than
half of all authorities we know about. Fixes bug 2663.
2011-03-07 00:06:36 +01:00
Nick Mathewson
176e8a0a2a Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/routerparse.c
2011-03-06 13:46:11 -05:00
Nick Mathewson
35fcec3880 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-03-06 13:42:28 -05:00
Nick Mathewson
4fa70e11ed Merge branch 'real_ipv6_fix' into maint-0.2.1 2011-03-06 13:42:05 -05:00
Nick Mathewson
2ce132e335 Oops, here's the *REAL* fix for the ipv6 issue
We need to _REJECT_ descriptors with accept6/reject6 lines.  If we
let them onto the network , other un-upgraded tors will crash.
2011-03-06 13:41:55 -05:00
Nick Mathewson
0f637492e3 Merge branch 'careful_with_all_descs' into maint-0.2.1 2011-03-06 13:35:42 -05:00
Nick Mathewson
3da0837b0b Revert "Disallow reject6 and accept6 lines in descriptors"
This reverts commit b3918b3bbb.
2011-03-06 13:26:38 -05:00
Nick Mathewson
07b8b439c4 Merge remote branch 'origin/maint-0.2.2' 2011-03-06 13:23:02 -05:00
Nick Mathewson
ed14888e7e Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/policies.c
2011-03-06 13:20:21 -05:00
Nick Mathewson
8b01fd7bad exit_policy_is_general_exit is IPv4 only; it should admit it. 2011-03-06 13:16:53 -05:00
Sebastian Hahn
9f614507b6 Merge branch 'maint-0.2.1' into maint-0.2.2 2011-03-06 18:25:44 +01:00
Sebastian Hahn
b3918b3bbb Disallow reject6 and accept6 lines in descriptors
This fixes a remotely triggerable assert on directory authorities, who
don't handle descriptors with ipv6 contents well yet. We will want to
revert this once we're ready to handle ipv6.

Issue raised by lorth on #tor, who wasn't able to use Tor anymore.
Analyzed with help from Christian Fromme. Fix suggested by arma. Bugfix
on 0.2.1.3-alpha.
2011-03-06 18:20:28 +01:00
Nick Mathewson
bcbc8c51cb Do not serve encrypt-only descriptors with the "all" request. Reported by piebeer 2011-03-04 00:04:25 -05:00
Nick Mathewson
d60a7c2f8d Merge remote branch 'origin/maint-0.2.2' 2011-03-01 17:15:37 -05:00
Nick Mathewson
6b7408178b Avoid spurious bwhist parsing failures
This should fix a bug that special ran into, where if your state file
didn't record period maxima, it would never decide that it had
successfully parsed itself unless you got lucky with your
uninitialized-variable values.

This patch also tries to improve error messags in the case where a
maximum value legitimately doesn't parse.
2011-03-01 17:08:02 -05:00
Sebastian Hahn
5c7c5e593f Tweak the bug2250 fix slightly
Rename the _UsingTestingTorNetwork hidden option to
_UsingTestNetworkDefaults (thanks Nick for the suggestion) and added a
changes file.
2011-03-01 10:05:18 +01:00
Nick Mathewson
42c1a47123 Revert bug1074_launch_authconn* branch: needs more design, less crashing 2011-02-28 12:58:29 -05:00
Sebastian Hahn
5a4f7fa1e4 clarify an assert
also log about running changes, even on a bridge authority.
2011-02-26 09:42:44 +01:00
Sebastian Hahn
34e47d1052 Fix GETINFO config-text for private networks
In private networks, the defaults for some options are changed. This
means that in options_validate(), where we're testing that the defaults
are what we think they are, we fail. Use a workaround by setting a
hidden configuration option _UsingTestingTorNetwork when we have altered
the configuration this way, so that options_validate() can do the right
thing.

Fixes bug 2250, bugfix on 0.2.1.2-alpha (the version introducing private
network options).
2011-02-26 09:11:41 +01:00
Nick Mathewson
b3d74045ae Add a missing const 2011-02-25 12:32:29 -05:00
Nick Mathewson
a47fdaf9a0 Merge branch 'bug1074_launch_conn_on_skew'
Fixed conflict on rename of router_get_by_digest->router_get_by_id_digest

Conflicts:
	src/or/command.c
2011-02-25 12:12:44 -05:00
Nick Mathewson
c94f3711ee whitespace fixup 2011-02-25 12:05:33 -05:00
AltF4
612c7f3242 Fix for #1074 previous rev
Changed tor_addr_from_ipv4n to tor_addr_from_ipv4h
and changed descriptor_digest to identity_digest
2011-02-25 11:57:16 -05:00
AltF4
24096d0cec Fix for #1074 "Part 3"
Changed received_netinfo_from_trusted_dir into a
tristate in order to keep track of whether we have
already tried contacting a trusted dir. So we don't
send multiple requests if we get a bunch of skews.
2011-02-25 11:57:15 -05:00
AltF4
82023f6a1e Sebastian's Changes to #1074
Fixes some small mistakes with AltF4's #1074 fix
2011-02-25 11:57:15 -05:00
AltF4
b8bef61a8f Fix time skew values from untrusted sources
Now when we receive a large time skew from a source which isn't a trusted dir, we go contact a trusted dir to trigger a NETINFO cell.
2011-02-25 11:57:11 -05:00
Nick Mathewson
a2a8adeee5 Merge remote branch 'origin/maint-0.2.2' 2011-02-25 11:24:35 -05:00
Nick Mathewson
aa178aae03 Merge branch 'bug1863_bwhist' into maint-0.2.2 2011-02-25 11:22:12 -05:00
Karsten Loesing
0642b92792 Fix two potential bugs in the bug1863 code. 2011-02-24 16:44:54 +01:00
Nick Mathewson
0a6beb9368 Fix memory leak in md-download logic
Also fix some microdesc comments

Fix for bug 2623
2011-02-24 09:47:33 -05:00
Nick Mathewson
feaa0120d0 Merge remote branch 'sebastian/osx_compile' 2011-02-24 09:27:04 -05:00
Sebastian Hahn
303c04109b Fix a couple of compile warnings on OS X 10.6 2011-02-24 07:19:09 +01:00
Nick Mathewson
22ec4d5426 Fix infinite recursion when connect() fails in microdesc consensus fetch
The underlying fix is to stop indicating requests "ns" consensuses by
putting NULL in their requested_resource field: we already had a
specialized meaning for requested_resource==NULL, which was (more or
less) "Treat a failure here as a network failure, since it's too early
to possibly be a resource or directory failure."  Overloading the two
meant that very early microdesc consensus download failures would get
treated as ns consensus download failures, so the failure count there
would get incremented, but the microdesc download would get retried
immediately in an infinite loop.

Fix for bug2381.  Diagnosed by mobmix.
2011-02-23 12:32:15 -05:00
Nick Mathewson
9265164180 Merge remote branch 'origin/maint-0.2.2'
There was a conflict from the node_t transition, but it was an easy fix.

Conflicts:
	src/or/circuitbuild.c
2011-02-22 18:41:06 -05:00
Roger Dingledine
a2727f6249 prevent same entry and exit for insane edge case 2011-02-22 17:54:25 -05:00
Nick Mathewson
491abbc65e Merge remote branch 'public/bug1859_021' into maint-0.2.1 2011-02-22 17:19:41 -05:00
Nick Mathewson
7605985b3f Merge remote branch 'public/bug2402_nothing' into maint-0.2.1 2011-02-22 15:54:13 -05:00
Nick Mathewson
2eadbd41f0 Merge remote branch 'sebastian/bug2496' 2011-02-22 14:17:11 -05:00
Nick Mathewson
b7f201f746 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/policies.c
	src/or/policies.h
2011-02-22 14:10:42 -05:00
Nick Mathewson
cdc59c198a Don't let bad DNS make exit policy and declared exit policy get out of sync
Patch from "postman" on trac. Fixes bg 2366. Bug on 0.1.2.5-alpha.
2011-02-22 14:06:28 -05:00
Nick Mathewson
46b07462ae Merge remote branch 'origin/maint-0.2.2' 2011-02-22 13:02:42 -05:00
Nick Mathewson
9d5873cdae Merge branch 'log_domains' into maint-0.2.2 2011-02-22 13:01:02 -05:00
Nick Mathewson
eb403b4696 Tweak some names and comments in asn's heartbeat patch 2011-02-22 12:41:22 -05:00
George Kadianakis
ee95430d39 Implement more heartbeat message stuff.
(This squashes multiple commits:

* Adds uptime monitoring support.
* Adds circuit counting code.
* Trivially tweaks the documentation.
* Trivial run_scheduled_events() code tweaking.
* Adds a status.h to export functions.
* Added bandwidth monitoring code.
* Added consensus presense detection code.
* Restricts the precision of the bandwidth output.
* Various fixes.
* Fixed style and spacing problems.
* Tidied up src/or/Makefile.am
* Couple of minor fixes on status.c functions.
* 'Implemented' client heartbeat support
)
2011-02-22 12:40:38 -05:00
Sebastian Hahn
098b6ba72d Initial heartbeat subsystem commit.
Sets:
* Documentation
* Logging domain
* Configuration option
* Scheduled event
* Makefile
It also creates status.c and the log_heartbeat() function.

All code was written by Sebastian Hahn. Commit message was
written by me (George Kadianakis).
2011-02-22 12:40:36 -05:00
Nick Mathewson
0ba69714b4 Merge remote branch 'sebastian/bug2444' 2011-02-22 11:10:57 -05:00
Nick Mathewson
d120ee1c63 Merge remote branch 'origin/maint-0.2.2' 2011-02-22 01:03:06 -05:00
Robert Ransom
444a955e4a Don't crash a bridge authority on SIGHUP if it's not in the consensus
Fixes bug 2572.
2011-02-16 04:12:37 -08:00
Roger Dingledine
1c5b19a31a Merge branch 'maint-0.2.2' 2011-02-11 01:21:04 -05:00
Roger Dingledine
9b745cdbf9 Merge branch 'maint-0.2.1' into maint-0.2.2 2011-02-11 01:20:47 -05:00
Roger Dingledine
28de4d83fd fix the other half of bug 1074 2011-02-10 17:11:06 -05:00
Nick Mathewson
50c259d763 Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.

(Backport from 0.2.2's 5ed73e3807)
2011-02-10 15:55:06 -05:00
Nick Mathewson
f1a004797e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	doc/tor.1.txt
2011-02-10 15:52:04 -05:00
Robert Ransom
449d895f06 Merge branch 'bug2408-v2-021-common' into bug2408-v2-022 2011-02-09 03:05:21 -08:00
Robert Ransom
7bf06d4a4f Ignore and warn about "PublishServerDescriptor hidserv"
Fixes #2408.
2011-02-09 02:33:24 -08:00
Nick Mathewson
cc9809c1f7 Merge remote branch 'origin/maint-0.2.2' 2011-02-08 14:37:31 -05:00
Nick Mathewson
d43470ad8a Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-02-08 14:37:02 -05:00
Roger Dingledine
7d2a91f5e5 support multihomed bridges (bug 2510) 2011-02-08 09:10:14 -05:00
Roger Dingledine
9a1a96ba09 don't use old non-configured bridges (bug 2511) 2011-02-08 08:08:47 -05:00
Roger Dingledine
bcbcda309a move the clause above the "if bw is too low" check 2011-02-07 23:22:45 -05:00
Roger Dingledine
20b75989ac dtrt when only relaybandwidthburst is set
fixes bug 2470
2011-02-07 23:21:33 -05:00
Sebastian Hahn
9b64227ffd Routers count as down when they change ORPort, too
rransom noticed that a change of ORPort is just as bad as a change of IP
address from a client's perspective, because both mean that the relay is
not available to them while the new information hasn't propagated.
Change the bug1035 fix accordingly.

Also make sure we don't log a bridge's IP address (which might happen
when we are the bridge authority).
2011-02-08 00:38:48 +01:00
Nick Mathewson
ff5810aea9 Merge remote branch 'origin/maint-0.2.2' 2011-02-07 12:47:04 -05:00
Nick Mathewson
98cef0ac1e Merge branch 'bug2279' into maint-0.2.2 2011-02-07 12:43:54 -05:00
Nick Mathewson
e854e01d57 Some cleanups to bug2279 messages/docs from rransom 2011-02-07 12:40:43 -05:00
Roger Dingledine
c2c1f5b2a1 another api tweak to help task 1944 2011-02-07 10:43:41 -05:00
Sebastian Hahn
a68e2043ab Fix spelling and an unused #define
both noticed by rransom
2011-02-07 16:16:10 +01:00
Roger Dingledine
d3836b02cc change APIs slightly to make #1944 easier 2011-02-07 06:39:21 -05:00
Sebastian Hahn
7736f44698 Don't tell Tor client users about missing geoip
They don't need the geoip file for stats, so a missing geoipfile is not
a big issue. Also make the log message a bit friendlier. Fixes bug 2496.
2011-02-06 00:27:47 +01:00
Nick Mathewson
69f7c0385b Merge remote branch 'origin/maint-0.2.2' for bug2203_rebased
There was a merge conflict in routerlist.c due to the new node_t logic.

Conflicts:
	src/or/routerlist.c
2011-02-04 12:26:59 -05:00
Nick Mathewson
e9803aa710 Merge branch 'bug2203_rebased' into maint-0.2.2 2011-02-04 12:22:18 -05:00
Nick Mathewson
a6c811313a Merge remote branch 'origin/maint-0.2.2' 2011-02-03 14:21:14 -05:00
John Brooks
895409011f Enable ASLR and permanent DEP for Windows executables
Fix for #2358
2011-02-03 14:18:00 -05:00
Nick Mathewson
912b76a1bf Merge remote branch 'origin/maint-0.2.2' 2011-02-03 13:56:37 -05:00
Nick Mathewson
2fa9ddb958 Merge remote branch 'public/bug2378' into maint-0.2.2 2011-02-03 13:54:28 -05:00
Sebastian Hahn
490d397dbf Log which config file we read
It is often not entirely clear what options Tor was built with, so it
might not be immediately obvious which config file Tor is using when it
found one. Log the config file at startup.
2011-01-27 15:31:34 +01:00
Nick Mathewson
0337fc7b06 Merge remote branch 'origin/maint-0.2.2' 2011-01-26 11:49:41 -05:00
Nick Mathewson
e6da9a98e9 Merge branch 'bug2181' into maint-0.2.2 2011-01-26 11:46:13 -05:00
Nick Mathewson
d92a415bed Add an option to disable the block-private-addresses feature
Suggested by rransom.  Probably necessary for testing network mode.
2011-01-26 11:35:24 -05:00
Nick Mathewson
a880429a76 Merge remote branch 'origin/maint-0.2.2' 2011-01-26 11:08:02 -05:00
Nick Mathewson
ba3b03def0 Merge branch 'bug2409' into maint-0.2.2 2011-01-26 11:06:59 -05:00
Nick Mathewson
1478aa99b7 Merge branch 'bug2321' into maint-0.2.2 2011-01-26 11:06:55 -05:00
Nick Mathewson
9a4b2ec764 Avoid sketchy integer cast in cbt code
When calling circuit_build_times_shuffle_and_store_array, we were
passing a uint32_t as an int.  arma is pretty sure that this can't
actually cause a bug, because of checks elsewhere in the code, but
it's best not to pass a uint32_t as an int anyway.

Found by doorss; fix on 0.2.2.4-alpha.
2011-01-26 11:05:21 -05:00
Nick Mathewson
411ec3c0f8 Add client code to detect attempts to connect to 127.0.0.1 etc
We detect and reject said attempts if there is no chosen exit node or
circuit: connecting to a private addr via a randomly chosen exit node
will usually fail (if all exits reject private addresses), is always
ill-defined (you're not asking for any particular host or service),
and usually an error (you've configured all requests to go over Tor
when you really wanted to configure all _remote_ requests to go over
Tor).

This can also help detect forwarding loop requests.

Found as part of bug2279.
2011-01-25 20:39:44 -05:00
Nick Mathewson
85da676108 Fix double-mark bug when failing to init transparent connection
Fixes part of bug 2279.  Bugfix on 0.1.2.1-alpha.
2011-01-25 19:07:03 -05:00
Nick Mathewson
5ce8182bdb Log more about soft-hibernation 2011-01-25 18:45:13 -05:00
Nick Mathewson
76582442a8 Handle failing cases of DH allocation 2011-01-25 18:09:38 -05:00
Nick Mathewson
2dcc98e4f7 Merge remote branch 'origin/maint-0.2.2' 2011-01-25 17:53:20 -05:00
Mike Perry
9e7691b05c Comment remaining CBT functions.
Left circuit_build_times_get_bw_scale() uncommented because it is in the wrong
place due to an improper bug2317 fix. It needs to be moved and renamed, as it
is not a cbt parameter.
2011-01-25 17:52:01 -05:00
Mike Perry
7b24b8e375 Fix authority side of 2203.
Do not add Exit bandwidth to E if BadExit is set.
2011-01-25 17:49:02 -05:00
Mike Perry
ec2ab3800f Fix client side of 2203: Do not count BadExits as Exits. 2011-01-25 17:49:02 -05:00
Nick Mathewson
a38274b1ce Merge remote branch 'origin/maint-0.2.2' 2011-01-25 17:40:41 -05:00
Mike Perry
8b4a91c2b7 Fix bug #2004 by demoting a log message.
To quote arma: "So instead of stopping your CBT from screaming, you're just
going to throw it in the closet and hope you can't hear it?"

Yep. The log message can happen because at 95% point on the curve, we can be
way beyond the max timeout we've seen, if the curve has few points and is
shallow.

Also applied Nick's rule of thumb for rewriting some other notice log messages
to read like how you would explain them to a raving lunatic on #tor who was
shouting at you demanding what they meant. Hopefully the changes live up to
that standard.
2011-01-25 17:35:39 -05:00
Nick Mathewson
71862ed763 Fix bug in verifying directory signatures with short digests
If we got a signed digest that was shorter than the required digest
length, but longer than 20 bytes, we would accept it as long
enough.... and then immediately fail when we want to check it.

Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.
2011-01-25 17:15:22 -05:00
Nick Mathewson
991b50c5a3 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/geoip.c
2011-01-25 15:58:01 -05:00
Sebastian Hahn
7a446e6754 Tell which geoip file we're parsing 2011-01-25 15:54:51 -05:00
Nick Mathewson
89ee779f92 Add a torrc option to report log domains 2011-01-25 15:53:15 -05:00
Nick Mathewson
36880b3f17 Merge remote branch 'origin/maint-0.2.2' 2011-01-25 14:30:01 -05:00
Sebastian Hahn
68f8ca357f Fix assert for relay/bridge state change
When we added support for separate client tls certs on bridges in
a2bb0bfdd5 we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.

Fixes bug 2433.
2011-01-25 14:13:06 -05:00
Nick Mathewson
a1073ee956 Simplest fix to bug2402: do not include SVN versions
When we stopped using svn, 0.2.1.x lost the ability to notice its svn
revision and report it in the version number.  However, it kept
looking at the micro-revision.i file... so if you switched to master,
built tor, then switched to 0.2.1.x, you'd get a micro-revision.i file
from master reported as an SVN tag.  This patch takes out the "include
the svn tag" logic entirely.

Bugfix on 0.2.1.15-rc; fixes bug 2402.
2011-01-25 14:08:13 -05:00
Nick Mathewson
aaa5737a2e Merge remote branch 'origin/maint-0.2.2' 2011-01-24 17:51:52 -05:00
Nick Mathewson
5ed73e3807 Make the DH parameter we use for TLS match the one from Apache's mod_ssl
Our regular DH parameters that we use for circuit and rendezvous
crypto are unchanged.  This is yet another small step on the path of
protocol fingerprinting resistance.
2011-01-24 16:50:11 -05:00
Nick Mathewson
c496229b0a Merge remote branch 'origin/maint-0.2.2' 2011-01-20 15:00:42 -05:00
Nick Mathewson
13e9a2b19d Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-20 15:00:24 -05:00
Nick Mathewson
1471e57743 Merge remote branch 'rransom/policy_summarize-assert' into maint-0.2.1 2011-01-20 14:59:23 -05:00
Robert Ransom
43414eb988 Fix bounds-checking in policy_summarize
Found by piebeer.
2011-01-20 11:17:57 -08:00
Nick Mathewson
f6a25a995e Merge remote branch 'origin/maint-0.2.2' 2011-01-19 13:26:23 -05:00
Nick Mathewson
a793f1f6f2 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-19 13:25:38 -05:00
Nick Mathewson
c8f94eed12 Oops; actually add the code to the last patch. :/ 2011-01-19 13:25:17 -05:00
Roger Dingledine
4ff97e3775 Merge branch 'maint-0.2.2' 2011-01-15 22:39:15 -05:00
Roger Dingledine
7699014e1e Merge commit 'sebastian/bug2317' into maint-0.2.2 2011-01-15 21:54:49 -05:00
Nick Mathewson
07888ed8e4 Merge remote branch 'origin/maint-0.2.2' 2011-01-15 14:17:59 -05:00
Nick Mathewson
a7790d48af Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-15 14:15:19 -05:00
Nick Mathewson
ef6fa07e48 Fix a couple of non-cleared key issues in hidden services
we need to do more hunting, but this fixes the ones mentioned in 2385.
2011-01-15 14:10:54 -05:00
Sebastian Hahn
0df51a7f39 Tighten accepted circwindow parameters
Based on discussion in bug 2317, these values seem to be sane.
2011-01-15 19:42:17 +01:00
Sebastian Hahn
b06617c948 Provide constant limits for all consensus params
This addresses Nick's concern about doing non-constant bounds checking
inside networkstatus_get_param().
2011-01-15 19:42:17 +01:00
Sebastian Hahn
026e7987ad Sanity-check consensus param values
We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.

One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.

This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
2011-01-15 19:42:17 +01:00
Sebastian Hahn
ca6c813612 Make get_net_param_from_list() static
This prepares for making the accessor method for consensus parameters
safer in the next commit.
2011-01-15 19:42:17 +01:00
Nick Mathewson
1758ef51de Merge remote branch 'origin/maint-0.2.2' 2011-01-15 13:26:02 -05:00
Nick Mathewson
1393985768 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/routerparse.c
	src/or/test.c
2011-01-15 13:25:13 -05:00
Nick Mathewson
b97b0efec8 Merge branch 'bug2352_obsize' into maint-0.2.1 2011-01-15 13:15:06 -05:00
Nick Mathewson
60fa447afa Merge remote branch 'origin/maint-0.2.2' 2011-01-15 13:11:10 -05:00
Nick Mathewson
9d133464c8 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-15 13:10:14 -05:00
Nick Mathewson
31b562e10a Add missing check for hostname answer_len in dnsserv size
This is checked elsewhere too, but let's be RFC-conformant.
2011-01-15 13:09:12 -05:00
Nick Mathewson
1b8f2ef550 Merge remote branch 'origin/maint-0.2.2' 2011-01-15 12:03:44 -05:00
Nick Mathewson
ed87738ede Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/config.c
	src/or/networkstatus.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/or/test.c
2011-01-15 12:02:55 -05:00
Nick Mathewson
115782bdbe Fix a heap overflow found by debuger, and make it harder to make that mistake again
Our public key functions assumed that they were always writing into a
large enough buffer.  In one case, they weren't.

(Incorporates fixes from sebastian)
2011-01-15 11:49:25 -05:00
Nick Mathewson
a16902b9d4 Always nul-terminate the result passed to evdns_server_add_ptr_reply
In dnsserv_resolved(), we carefully made a nul-terminated copy of the
answer in a PTR RESOLVED cell... then never used that nul-terminated
copy.  Ouch.

Surprisingly this one isn't as huge a security problem as it could be.
The only place where the input to dnsserv_resolved wasn't necessarily
nul-terminated was when it was called indirectly from relay.c with the
contents of a relay cell's payload.  If the end of the payload was
filled with junk, eventdns.c would take the strdup() of the name [This
part is bad; we might crash there if the cell is in a bad part of the
stack or the heap] and get a name of at least length
495[*]. eventdns.c then rejects any name of length over 255, so the
bogus data would be neither transmitted nor altered.

  [*] If the name was less than 495 bytes long, the client wouldn't
     actually be reading off the end of the cell.

Nonetheless this is a reasonably annoying bug.  Better fix it.

Found while looking at bug 2332, reported by doorss.  Bugfix on
0.2.0.1-alpha.
2011-01-15 11:49:25 -05:00
Nick Mathewson
1f3b442023 catch another overlong malloc possibility. found by cypherpunks 2011-01-15 10:42:11 -05:00
Nick Mathewson
b27f5cc50d Fix another instance of "128" in buffers.c. More bug2330. 2011-01-15 10:25:58 -05:00
Roger Dingledine
10d385bd71 typos 2011-01-12 18:38:52 -05:00
Nick Mathewson
468da1c28a Merge remote branch 'origin/maint-0.2.2' 2011-01-12 14:00:56 -05:00
Nick Mathewson
43e12a7988 Merge remote branch 'public/bug2363' into maint-0.2.2 2011-01-12 14:00:20 -05:00
Nick Mathewson
71d786b2d3 Merge branch 'bug2320' 2011-01-12 12:52:31 -05:00
Nick Mathewson
cbcae4aef1 Merge remote branch 'origin/maint-0.2.2' 2011-01-12 12:38:54 -05:00
Nick Mathewson
597433bcec Merge branch 'bug2346' into maint-0.2.2 2011-01-12 12:37:51 -05:00
Nick Mathewson
5044cb9752 Explain bug2346 fix better based on suggestions from arma 2011-01-12 12:37:42 -05:00
Nick Mathewson
c9f8a5eebc Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/buffers.c
2011-01-10 17:31:11 -05:00
Nick Mathewson
aa45e82593 Pull up more data when parsing socks messages
Previously, we only looked at up to 128 bytes.  This is a bad idea
since socks messages can be at least 256+x bytes long.  Now we look at
up to 512 bytes; this should be enough for 0.2.2.x to handle all valid
SOCKS messages.  For 0.2.3.x, we can think about handling trickier
cases.

Fixes 2330.  Bugfix on 0.2.0.16-alpha.
2011-01-10 17:24:16 -05:00
Nick Mathewson
95968a625e Wait 60 minutes before retrying failed state save; bug2346 2011-01-10 16:51:11 -05:00
Nick Mathewson
6a829a3404 Make eventdns server functions const void* to match libevent
partial fix for bug 2332
2011-01-10 16:00:48 -05:00
Nick Mathewson
80253ba4d7 fix some spelling in rephist comments 2011-01-10 15:13:07 -05:00
Nick Mathewson
105b94b75b Add Maxima lists to bandwidth state.
Right now, Tor routers don't save the maxima values from the
bw_history_t between sessions.  That's no good, since we use those
values to determine bandwidth.  This code adds a new BWHist.*Maximum
set of values to the state file.  If they're not present, we estimate
them by taking the observed total bandwidth and dividing it by the
period length, which provides a lower bound.

This should fix bug 1863.  I'm calling it a feature.
2011-01-10 14:47:39 -05:00
Nick Mathewson
28844c8403 On bwhist state load failure, clear dir_read/write hist too 2011-01-10 13:15:51 -05:00
Nick Mathewson
7e1502c0d1 Fix bug when parsing bwhist with unexpected Interval
Previously, our state parsing code would fail to parse a bwhist
correctly if the Interval was anything other than the default
hardcoded 15 minutes.  This change makes the parsing less incorrect,
though the resulting history array might get strange values in it if
the intervals don't match the one we're using.  (That is, if stuff was
generated in 15 minute intervals, and we read it into an array that
expects 30 minute intervals, we're fine, since values can be combined
pairwise.  But if we generate data at 30 minute intervals and read it
into 15 minute intervals, alternating buckets will be empty.)

Bugfix on 0.1.1.11-alpha.
2011-01-10 13:06:50 -05:00
Nick Mathewson
8dd4ecd14e Turn the loop bodies of rep_hist_save/load_state into functions
The trick of looping from i=0..4 , switching on i to set up some
variables, then running some common code is much better expressed by
just calling a function 4 times with 4 sets of arguments.  This should
make the code a little easier to follow and maintain here.
2011-01-10 12:59:07 -05:00
Nick Mathewson
373a1bc40e Impose maximum sizes on parsed objects
An object, you'll recall, is something between -----BEGIN----- and
-----END----- tags in a directory document.  Some of our code, as
doorss has noted in bug 2352, could assert if one of these ever
overflowed SIZE_T_CEILING but not INT_MAX.  As a solution, I'm setting
a maximum size on a single object such that neither of these limits
will ever be hit.  I'm also fixing the INT_MAX checks, just to be sure.
2011-01-10 12:12:11 -05:00
Nick Mathewson
729f404efe Add logic in routerparse to not read overlong private keys
I am not at all sure that it is possible to trigger a bug here,
but better safe than sorry.
2011-01-10 12:07:34 -05:00
Nick Mathewson
efc9a84108 Add missing parens to evdns_base_resolve_* macros while I am at it 2011-01-09 19:05:06 -05:00
Nick Mathewson
68d5b6bc52 Fix check for failed evdns request creation
When using libevent 2, we use evdns_base_resolve_*().  When not, we
fake evdns_base_resolve_*() using evdns_resolve_*().

Our old check was looking for negative values (like libevent 2
returns), but our eventdns.c code returns 1.  This code makes the
check just test for nonzero.

Note that this broken check was not for _resolve_ failures or even for
failures to _launch_ a resolve: it was for failures to _create_ or
_encode_ a resolve request.

Bug introduced in 81eee0ecfff3dac1e9438719d2f7dc0ba7e84a71; found by
lodger; uploaded to trac by rransom.  Bug 2363.  Fix on 0.2.2.6-alpha.
2011-01-09 19:02:57 -05:00
Nick Mathewson
d16923a35d Merge remote branch 'origin/maint-0.2.2' 2011-01-07 22:05:11 -05:00
Nick Mathewson
54135b72f8 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-07 22:04:40 -05:00
Nick Mathewson
045e6ebd31 Remove a loud info log message 2011-01-07 22:03:22 -05:00
Nick Mathewson
0a35ac6a22 Correctly detect and exclude addresses outside of our virtual address range
Found by cypherpunks; fixes more of 2328.  Bug was introduced in 3623a122;
first appeared in 0.2.0.5-alpha.
2011-01-07 12:24:36 -05:00
Nick Mathewson
2be65619f9 Fix wide lines in control.c 2011-01-07 12:16:12 -05:00
Damian Johnson
6661e16e7c GETINFO options for querying traffic usage
This was originally a patch provided by pipe
(http://www.mail-archive.com/or-talk@freehaven.net/msg13085.html) to
provide a method for controllers to query the total amount of traffic
tor has handled (this is a frequently requested piece of information
by relay operators).
2011-01-07 12:15:14 -05:00
Nick Mathewson
d4165ef8b4 Use autoconf's FLEXIBLE_ARRAY_MEMBER for unspecified-length arrays
C99 allows a syntax for structures whose last element is of
unspecified length:
   struct s {
     int elt1;
     ...
     char last_element[];
   };

Recent (last-5-years) autoconf versions provide an
AC_C_FLEXIBLE_ARRAY_MEMBER test that defines FLEXIBLE_ARRAY_MEMBER
to either no tokens (if you have c99 flexible array support) or to 1
(if you don't).  At that point you just use offsetof
[STRUCT_OFFSET() for us] to see where last_element begins, and
allocate your structures like:

   struct s {
     int elt1;
     ...
     char last_element[FLEXIBLE_ARRAY_MEMBER];
   };

   tor_malloc(STRUCT_OFFSET(struct s, last_element) +
                                   n_elements*sizeof(char));

The advantages are:

   1) It's easier to see which structures and elements are of
      unspecified length.
   2) The compiler and related checking tools can also see which
      structures and elements are of unspecified length, in case they
      wants to try weird bounds-checking tricks or something.
   3) The compiler can warn us if we do something dumb, like try
      to stack-allocate a flexible-length structure.
2011-01-06 15:59:05 -05:00
Nick Mathewson
3bc235d979 Fix a strdup() of uninitialized buffer in addressmap_get_virtual_address
Partial revert of 22f723e4a3.

Bugfix on 0.2.3.0-alpha
2011-01-06 13:40:27 -05:00
Nick Mathewson
d4b265d692 Merge remote branch 'origin/maint-0.2.2' 2011-01-06 13:38:08 -05:00
Nick Mathewson
d6329eda96 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-06 13:37:39 -05:00
Nick Mathewson
d6b49c55c5 Merge branch 'bug2328_021' into maint-0.2.1 2011-01-06 13:36:29 -05:00
Nick Mathewson
2008728df7 Notice a little faster if we're running out of virtual addresses
We were not decrementing "available" every time we did
++next_virtual_addr in addressmap_get_virtual_address: we left out the
--available when we skipped .00 and .255 addresses.

This didn't actually cause a bug in most cases, since the failure mode
was to keep looping around the virtual addresses until we found one,
or until available hit zero.  It could have given you an infinite loop
rather than a useful message, however, if you said "VirtualAddrNetwork
127.0.0.255/32" or something broken like that.

Spotted by cypherpunks
2011-01-06 13:29:36 -05:00
Nick Mathewson
eabddd8ca0 Handle a NULL return from addressmap_get_virtual_address
Fix for bug 2328; bugfix on 0.1.2.1-alpha; bug found by doorss.
2011-01-05 16:36:48 -05:00
Nick Mathewson
31d6659d97 Fix a double-counting bug in addrmap_get_virtual_address
We were decrementing "available" twice for each in-use address we ran
across.  This would make us declare that we ran out of virtual
addresses when the address space was only half full.
2011-01-05 16:02:43 -05:00
Nick Mathewson
8932753169 Merge remote branch 'rransom/bug2327-v2' 2011-01-03 13:07:43 -05:00
Nick Mathewson
394a6bf4cd Merge remote branch 'origin/maint-0.2.2' 2011-01-03 12:47:58 -05:00
Nick Mathewson
bb5f99d4df Merge remote branch 'sebastian/bug2314' into maint-0.2.2 2011-01-03 12:47:14 -05:00
Nick Mathewson
1e295666d9 Tweak GETINFO process/* code: no need to print an int as anything other than %d 2011-01-03 12:11:09 -05:00
Damian Johnson
8708ffa655 Implementing getinfo options for the pid, uid, user, and descriptor limit as per proposal 173. 2011-01-03 12:04:56 -05:00
Nick Mathewson
93a6d53ef3 Add a note about _compare_int not doing overflow right 2011-01-03 12:03:21 -05:00
Nick Mathewson
57a86fd433 Fix a wide line in rephist.c 2011-01-03 12:03:04 -05:00
Nick Mathewson
c5382255bd Merge remote branch 'origin/maint-0.2.2' 2011-01-03 12:00:59 -05:00
Nick Mathewson
40ef9087cf Fix a function formatting warning in rephist.c 2011-01-03 11:59:47 -05:00
Nick Mathewson
66039d9843 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/routerparse.c
2011-01-03 11:58:59 -05:00
Nick Mathewson
989db9aed1 fix whitespace issues 2011-01-03 11:57:42 -05:00
Nick Mathewson
a1ceee193b Bump copyright statements to 2011 (master) 2011-01-03 11:55:01 -05:00
Nick Mathewson
8730884ebe Merge remote branch 'origin/maint-0.2.2' 2011-01-03 11:53:28 -05:00
Nick Mathewson
30b3475e6d Bump copyright statements to 2011 (0.2.2) 2011-01-03 11:52:09 -05:00
Nick Mathewson
f1de329e78 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/test.h
	src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50 Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
Robert Ransom
305ba230fe Don't throw away incomplete SOCKS proxy responses.
Introduced in 9796b9bfa6.
2010-12-29 05:55:45 -08:00
Robert Ransom
524fdeeb1e Use evbuffer_pullup properly in fetch_from_evbuffer_socks_client.
evbuffer_pullup does nothing and returns NULL if the caller asks it to
linearize more data than the buffer contains.

Introduced in 9796b9bfa6.

Reported by piebeer; fixed with help from doors.
2010-12-29 05:52:09 -08:00
Sebastian Hahn
59a3d536d8 Fix compile without warnings on OS X 10.6 2010-12-27 11:37:16 +01:00
Sebastian Hahn
9ecf133686 Fix compile wanrings revealed by gcc 4.5 on mingw 2010-12-27 09:47:41 +01:00
Sebastian Hahn
da91900135 Disable stats requiring geoip info if we have none
In other parts of the code we will otherwise attempt to collect these
statistics, and that will lead to crashes.
2010-12-22 08:34:41 +01:00
Nick Mathewson
00775ab4ed Merge remote branch 'karsten/dirreq-stats-default'
Conflicts:
	src/or/config.c
2010-12-21 16:01:00 -05:00
Nick Mathewson
95e21779a3 Merge remote branch 'origin/maint-0.2.2' 2010-12-21 15:53:32 -05:00
Nick Mathewson
e895919b17 Merge remote branch 'public/bug2060' into maint-0.2.2 2010-12-21 15:53:03 -05:00
Nick Mathewson
0a3b7f1471 Merge remote branch 'origin/maint-0.2.2' 2010-12-21 15:50:09 -05:00
Nick Mathewson
cdbd6d0fe8 Merge remote branch 'rransom/bug2190_the_hard_way' into maint-0.2.2 2010-12-21 15:48:14 -05:00
Roger Dingledine
c79427a992 Merge branch 'maint-0.2.2' 2010-12-19 22:08:42 -05:00
Roger Dingledine
c63c937465 Merge commit 'nickm/fix_security_bug_022' into maint-0.2.2 2010-12-16 17:24:11 -05:00
Roger Dingledine
975ffe4398 Merge commit 'nickm/fix_security_bug_021' into maint-0.2.1 2010-12-16 16:59:12 -05:00
Nick Mathewson
1d0f8fe53c Merge remote branch 'origin/maint-0.2.2' 2010-12-16 10:06:36 -05:00
Nick Mathewson
591f65dde6 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-12-16 10:05:07 -05:00
Karsten Loesing
3c3b1d14fd Change gabelmoo's IP address and ports. 2010-12-16 13:28:30 +01:00
Nick Mathewson
b5e293afe6 Merge remote branch fix_security_bug_021 into fix_security_bug_022
Conflicts:
	src/common/memarea.c
	src/or/or.h
	src/or/rendclient.c
2010-12-15 22:48:23 -05:00
Nick Mathewson
b8a7bad799 Make payloads into uint8_t.
This will avoid some signed/unsigned assignment-related bugs.
2010-12-15 22:31:11 -05:00
Robert Hogan
02c2d9a4aa bug1666 - Pass-through support for SOCKS5 authentication(4)
Implement nickm's suggestion that we tolerate SOCKS5 clients
that send authentication credentials and SOCKS commands all in
one go.
2010-12-14 19:59:42 +00:00
Robert Hogan
f85f52808c bug1666 - Pass-through support for SOCKS5 authentication (2)
Address Nick's comments:
- Refactor against changes in buffers.c
- Ensure we have negotiated a method before accepting
  authentication credentials
2010-12-14 19:47:22 +00:00
Robert Hogan
bf136b94de bug1666 - Pass-through support for SOCKS5 authentication
If a SOCKS5 client insists on authentication, allow it to
negotiate a connection with Tor's SOCKS server successfully.
Any credentials the client provides are ignored.

This allows Tor to work with SOCKS5 clients that can only
support 'authenticated' connections.

Also add a bunch of basic unit tests for SOCKS4/4a/5 support
in buffers.c.
2010-12-14 19:47:22 +00:00
Nick Mathewson
4e9f9a4ee8 Merge remote branch 'origin/maint-0.2.2' 2010-12-07 11:37:14 -05:00
Nick Mathewson
f924fbf19f Merge branch 'bug2081_followup_022' into maint-0.2.2 2010-12-07 11:35:49 -05:00
Nick Mathewson
5efe6f04c6 Reject relay versions older than 0.2.0.26-rc
This was the first version to cache the correct directory information.

Fixes bug 2156.
2010-12-07 11:35:32 -05:00
Nick Mathewson
3fc43debfb Merge remote branch 'origin/maint-0.2.2' 2010-12-06 12:07:37 -05:00
Nick Mathewson
dc2f10bd81 Fix a bug in calculating wakeup time on 64-bit machines.
If you had TIME_MAX > INT_MAX, and your "time_to_exhaust_bw =
accountingmax/expected_bandwidth_usage * 60" calculation managed to
overflow INT_MAX, then your time_to_consider value could underflow and
wind up being rediculously low or high.  "Low" was no problem;
negative values got caught by the (time_to_consider <= 0) check.
"High", however, would get you a wakeup time somewhere in the distant
future.

The fix is to check for time_to_exhaust_bw overflowing INT_MAX, not
TIME_MAX: We don't allow any accounting interval longer than a month,
so if time_to_exhaust_bw is significantly larger than 31*24*60*60, we
can just clip it.

This is a bugfix on 0.0.9pre6, when accounting was first introduced.
It fixes bug 2146, unless there are other causes there too.  The fix
is from boboper.  (I tweaked it slightly by removing an assignment
that boboper marked as dead, and lowering a variable that no longer
needed to be function-scoped.)
2010-12-06 12:01:32 -05:00
Nick Mathewson
bbadf07d16 Merge remote branch 'origin/maint-0.2.2' 2010-12-06 11:37:37 -05:00
Nick Mathewson
feffbce814 Add a missing ! to directory_fetches_from_authorities
The old logic would have us fetch from authorities if we were refusing
unknown exits and our exit policy was reject*.  Instead, we want to
fetch from authorities if we're refusing unknown exits and our exit
policy is _NOT_ reject*.

Fixed by boboper.  Fixes more of 2097.  Bugfix on 0.2.2.16-alpha.
2010-12-06 11:36:01 -05:00
Nick Mathewson
36d68d2301 Fetch missing certs to authenticate microdesc consensuses as needed
Fixes bug 2253; fix by rransom
2010-12-06 11:26:45 -05:00
Nick Mathewson
0893793f01 Merge remote branch 'origin/maint-0.2.2' 2010-12-03 13:45:10 -05:00
Nick Mathewson
c0f1517d87 Don't crash when accountingmax is set in non-server Tors
We use a hash of the identity key to seed a prng to tell when an
accounting period should end.  But thanks to the bug998 changes,
clients no longer have server-identity keys to use as a long-term seed
in accounting calculations.  In any case, their identity keys (as used
in TLS) were never never fixed.  So we can just set the wakeup time
from a random seed instead there.  Still open is whether everybody
should be random.

This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha.

Diagnosed with help from boboper on irc.
2010-12-03 13:37:13 -05:00
Karsten Loesing
0bd884cd5b Make connection direction statistics compile again. 2010-12-03 17:37:13 +01:00
Karsten Loesing
8db10c6d2f Write bidirectional connection stats in single line.
There's no need to have a separate line conn-stats-end for the end date
and interval length with only a single line conn-bi-direct following.
2010-12-03 16:47:53 +01:00
Karsten Loesing
91fec693e0 Refactor conn stats and add unit tests. 2010-12-03 16:47:53 +01:00
Karsten Loesing
c3c6a6ed34 Document BIDI_* constants. 2010-12-03 16:47:52 +01:00
Karsten Loesing
f56529b4b2 Call the new config option ConnDirectionStatistics. 2010-12-03 16:47:52 +01:00
Karsten Loesing
5dfdf075ac Add metric on uni/bidirectional connection usage. 2010-12-03 16:47:51 +01:00
Nick Mathewson
520182579a Merge remote branch 'origin/maint-0.2.2' 2010-12-02 13:21:09 -05:00
Nick Mathewson
ee8f451bf1 Fix a harmless off-by-one error in counting controller argument lengths
Bugfix on 0.1.1.1-alpha; found by boboper.
2010-12-02 13:19:21 -05:00
Nick Mathewson
9908404f01 Merge remote branch 'sjmurdoch/cloexec' 2010-12-01 11:42:34 -05:00
Steven Murdoch
367794ce02 Open connection to DNS resolvers with CLOEXEC flag set
NB: this will now register the socket with the socket accounting code
2010-12-01 15:40:11 +00:00
Nick Mathewson
3ed7505dc5 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/relay.c
2010-11-30 19:23:40 -05:00
Nick Mathewson
8fa4450fde Do not invoke tls_renegotiated_cb for non-bufferevent connections too early.
This is not the most beautiful fix for this problem, but it is the simplest.

Bugfix for 2205.  Thanks to Sebastian and Mashael for finding the
bug, and boboper/cypherpunks for figuring out why it was happening
and how to fix it, and for writing a few fixes.
2010-11-30 17:55:27 -05:00
Roger Dingledine
9f51e26715 fix memory leak introduced in 26e89742
found via valgrind
2010-11-30 16:52:19 -05:00
Nick Mathewson
25b0fd8868 Revise comment on 2210 a little; clean up n_streams/num_streams confusion
Also add a changes file
2010-11-29 16:07:27 -05:00
Nick Mathewson
89e97bdf94 Add wrappers function for libc random()
On windows, it's called something different.
2010-11-29 16:00:47 -05:00
Nick Mathewson
0eafe23ff3 Fix whitespace in patch for 2210 and backport to 0.2.2 2010-11-29 16:00:43 -05:00
Mashael AlSabah
12fa6e23cb Improve fairness when activating streams in circuit_resume_edge_reading_helper
The reason the "streams problem" occurs is due to the complicated
interaction between Tor's congestion control and libevent. At some point
during the experiment, the circuit window is exhausted, which blocks all
edge streams. When a circuit level sendme is received at Exit, it
resumes edge reading by looping over linked list of edge streams, and
calling connection_start_reading() to inform libevent to resume reading.
When the streams are activated again, Tor gets the chance to service the
first three streams activated before the circuit window is exhausted
again, which causes all streams to be blocked again. As an experiment,
we reversed the order in which the streams are activated, and indeed the
first three streams, rather than the last three, got service, while the
others starved.

 Our solution is to change the order in which streams are activated. We
choose a random edge connection from the linked list, and then we
activate streams starting from that chosen stream. When we reach the end
of the list, then we continue from the head of the list until our chosen
stream (treating the linked list as a circular linked list). It would
probably be better to actually remember which streams have received
service recently, but this way is simple and effective.
2010-11-29 15:34:21 -05:00
Nick Mathewson
19019f26b0 Merge remote branch 'origin/maint-0.2.2' 2010-11-29 15:30:17 -05:00
Nick Mathewson
a5174b092e Merge branch 'exitstats' into maint-0.2.2 2010-11-29 15:28:22 -05:00
Nick Mathewson
a8a8e08220 comment karsten's bug2196 patch a little 2010-11-29 15:27:54 -05:00
Nick Mathewson
ae6b31aba9 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-11-24 17:06:26 -05:00
Robert Ransom
de75afc556 Avoid dereferencing NULL if a bridge fails to build an ei descriptor.
Reported by an anonymous commenter on Trac.
2010-11-24 13:18:11 -08:00
Karsten Loesing
4fed43ab2e Report only the top 10 ports in exit-port stats. 2010-11-24 08:45:05 +01:00
Nick Mathewson
ff014eb5ea Use S_CASE for ehostunreach, not E_CASE. Partial backport of 69deb22f. Fixes 0.2.1 compilation on windows 2010-11-23 12:47:21 -05:00
Nick Mathewson
12f3186719 Disable DirPort when BridgeRelay is set 2010-11-22 13:12:48 -05:00
Nick Mathewson
5a9903b9e0 Handle negative run lengths in wfu/mtbf calculations 2010-11-22 12:39:22 -05:00
Nick Mathewson
bea0a31c1c Treat routers whose IPs have changed as having been down for MTBF/routerinfo
calculation purposes.
2010-11-22 12:32:29 -05:00
Nick Mathewson
80357abb11 Remove an incorrect comment in connection_or_check_valid_tls_handshake 2010-11-22 11:36:22 -05:00
Nick Mathewson
2af14b671d Have authorities reject routers running verions susceptible to bug 1038. 2010-11-22 11:16:36 -05:00
Roger Dingledine
d77bc69b0c found this whitespace fix in a sandbox 2010-11-21 15:57:22 -05:00
Nick Mathewson
9cbe64db45 Add missing cast when formatting uintptr_t
Found by Christian Kujau
2010-11-20 05:18:34 -05:00
Nick Mathewson
e669d25e43 Do cloexec on socketpairs and stdio files 2010-11-20 01:16:29 -05:00
Nick Mathewson
5a66de7015 Initial work to set CLOEXEC on all possible fds
Still to go: some pipes, all stdio files.
2010-11-20 00:58:40 -05:00
Nick Mathewson
d166d18643 Better fix for 2190: defer libevent->controller messages instead of dropping 2010-11-19 22:52:32 -05:00
Nick Mathewson
e361de80bb Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/router.c
2010-11-19 16:58:22 -05:00
Nick Mathewson
54551f3148 Merge branch 'fix2183', remote branch 'rransom/fix2195-v2' into maint-0.2.2 2010-11-19 16:48:13 -05:00
Robert Ransom
69472ca421 Fix logic error in router_dump_router_to_string.
Spotted by Nick Mathewson.
2010-11-19 13:23:45 -08:00
Nick Mathewson
e88486bc9d Add comments to some of the bug2183 fix code 2010-11-19 16:13:11 -05:00
Nick Mathewson
c77a32932d Fix wide lines in SIGNAL patch 2010-11-19 15:54:53 -05:00
John Brooks
7441999738 Add a SIGNAL event for control connections
Implements ticket #1955
2010-11-19 15:49:54 -05:00
Robert Ransom
780b8f4287 Generate a router descriptor even if generating an extra-info descriptor fails.
Fixes bug #2195.
2010-11-17 08:33:48 -08:00
Robert Ransom
213bcb3c40 Do not emit an extra-info-digest descriptor line if the digest is zero. 2010-11-17 08:32:17 -08:00
Karsten Loesing
0f1afaf595 Tweak the bugfix for 2183 a bit more. 2010-11-17 10:43:14 +01:00
Roger Dingledine
6b82a6e88d Merge branch 'maint-0.2.2' 2010-11-16 00:16:25 -05:00
Roger Dingledine
a08a7e0fc6 warn more about AllowSingleHopExits 2010-11-16 00:13:25 -05:00
Roger Dingledine
a641646a98 Merge commit 'nickm/1776_redux_v1' into maint-0.2.2 2010-11-15 23:29:09 -05:00
Nick Mathewson
45b500d5a6 Clean up my 1776 fix a bit
Sebastian notes (and I think correctly) that one of our ||s should
have been an &&, which simplifies a boolean expression to decide
whether to replace bridges.  I'm also refactoring out the negation at
the start of the expression, to make it more readable.
2010-11-15 19:43:53 -05:00
Nick Mathewson
550be1df69 Merge remote branch 'origin/maint-0.2.2' 2010-11-15 15:41:37 -05:00
Nick Mathewson
cbad9f4520 Move controller event for socks warning into log_unsafe_socks_warning 2010-11-15 15:41:21 -05:00
Nick Mathewson
9399b885cd Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/buffers.c
2010-11-15 15:37:23 -05:00
Nick Mathewson
522c204ac9 Merge branch 'bug2000_nm_022' into maint-0.2.2 2010-11-15 15:31:40 -05:00
Nick Mathewson
8c2affe637 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/cpuworker.c
2010-11-15 14:14:13 -05:00
Nick Mathewson
433a98131a Merge remote branch 'sebastian/manpagefixups' into maint-0.2.2 2010-11-15 14:07:00 -05:00
Sebastian Hahn
da3a6e724f Rate-limit unsafe socks warning
Pick 5 seconds as the limit. 5 seconds is a compromise here between
making sure the user notices that the bad behaviour is (still) happening
and not spamming their log too much needlessly (the log message is
pretty long). We also keep warning every time if safesocks is
specified, because then the user presumably wants to hear about every
blocked instance.

(This is based on the original patch by Sebastian, then backported to
0.2.2 and with warnings split into their own function.)
2010-11-15 13:57:37 -05:00
Karsten Loesing
ff1cf35442 Don't use log_err for non-criticial warnings. 2010-11-15 13:39:53 +01:00
Karsten Loesing
cec21652a7 Try harder not to exceed the 50 KB extra-info descriptor limit.
Our checks that we don't exceed the 50 KB size limit of extra-info
descriptors apparently failed. This patch fixes these checks and reserves
another 250 bytes for appending the signature. Fixes bug 2183.
2010-11-15 12:51:51 +01:00
Nick Mathewson
2392290c18 Fix a remaining bug in Robert's bug1859 fix.
When intro->extend_info is created for an introduction point, it
only starts out with a nickname, not necessarily an identity digest.
Thus, doing router_get_by_digest isn't necessarily safe.
2010-11-12 19:52:27 -05:00
Robert Hogan
7488fe5a22 Issues with router_get_by_nickname()
https://trac.torproject.org/projects/tor/ticket/1859

Use router_get_by_digest() instead of router_get_by_hexdigest()
in circuit_discard_optional_exit_enclaves() and
rend_client_get_random_intro(), per Nick's comments.

Using router_get_by_digest() in rend_client_get_random_intro() will
break hidden services published by Tor versions pre 0.1.2.18 and
0.2.07-alpha as they only publish by nickname. This is acceptable
however as these versions only publish to authority tor26 and
don't work for versions in the 0.2.2.x series anyway.
2010-11-12 19:51:06 -05:00
Robert Hogan
e1d86d3817 Issues with router_get_by_nickname()
https://trac.torproject.org/projects/tor/ticket/1859

There are two problems in this bug:

1. When an OP makes a .exit request specifying itself as the exit, and the exit
   is not yet listed, Tor gets all the routerinfos needed for the circuit but
   discovers in circuit_is_acceptable() that its own routerinfo is not in the
   routerdigest list and cannot be used. Tor then gets locked in a cycle of
   repeating these two steps. When gathering the routerinfos for a circuit,
   specifically when the exit has been chosen by .exit notation, Tor needs to
   apply the same rules it uses later on when deciding if it can build a
   circuit with those routerinfos.

2. A different bug arises in the above situation when the Tor instance's
   routerinfo *is* listed in the routerlist, it shares its nickname with a
   number of other Tor nodes, and it does not have 'Named' rights to its
   nickname.
   So for example, if (i) there are five nodes named Bob in the network, (ii) I
   am running one of them but am flagged as 'Unnamed' because someone else
   claimed the 'Bob' nickname first, and (iii) I run my Tor as both client
   and exit the following can happen to me:
     - I go to www.evil.com
     - I click on a link www.evil.com.bob.exit
     - My request will exit through my own Tor node rather than the 'Named'
       node Bob or any of the others.
     - www.evil.com now knows I am actually browsing from the same computer
       that is running my 'Bob' node

So to solve both issues we need to ensure:

- When fulfilling a .exit request we only choose a routerinfo if it exists in
  the routerlist, even when that routerinfo is ours.
- When getting a router by nickname we only return our own router information
  if it is not going to be used for building a circuit.

We ensure this by removing the special treatment afforded our own router in
router_get_by_nickname(). This means the function will only return the
routerinfo of our own router if it is in the routerlist built from authority
info and has a unique nickname or is bound to a non-unique nickname.

There are some uses of router_get_by_nickname() where we are looking for the
router by name because of a configuration directive, specifically local
declaration of NodeFamilies and EntryNodes and other routers' declaration of
MyFamily. In these cases it is not at first clear if we need to continue
returning our own routerinfo even if our router is not listed and/or has a
non-unique nickname with the Unnamed flag.

The patch treats each of these cases as follows:

Other Routers' Declaration of MyFamily
 This happens in routerlist_add_family(). If another router declares our router
 in its family and our router has the Unnamed flag or is not in the routerlist
 yet, should we take advantage of the fact that we know our own routerinfo to
 add us in anyway? This patch says 'no, treat our own router just like any
 other'. This is a safe choice because it ensures our client has the same view
 of the network as other clients. We also have no good way of knowing if our
 router is Named or not independently of the authorities, so we have to rely on
 them in this.

Local declaration of NodeFamilies
 Again, we have no way of knowing if the declaration 'NodeFamilies
 Bob,Alice,Ringo' refers to our router Bob or the Named router Bob, so we have
to defer to the authorities and treat our own router like any other.

Local declaration of NodeFamilies
 Again, same as above. There's also no good reason we would want our client to
 choose it's own router as an entry guard if it does not meet the requirements
 expected of any other router on the network.

In order to reduce the possibility of error, the patch also replaces two
instances where we were using router_get_by_nickname() with calls to
router_get_by_hexdigest() where the identity digest of the router
is available.
2010-11-12 19:51:06 -05:00
Nick Mathewson
3d7772ece3 Merge remote branch 'karsten/enhancement1883' 2010-11-12 14:13:17 -05:00
Nick Mathewson
d61736aa6a Merge remote branch 'origin/maint-0.2.2' 2010-11-12 13:06:54 -05:00
Nick Mathewson
dbba84c917 Avoid perma-blocking the controller on bug in shrink_freelist
In all likelihood, this bug would make Tor assert, but if it doesn't,
let's not have two bugs.
2010-11-12 13:05:58 -05:00
Robert Ransom
a421e284d0 Disable logging to control port connections in buf_shrink_freelists.
If buf_shrink_freelists calls log_warn for some reason, we don't want the log
call itself to throw buf_shrink_freelists further off the rails.
2010-11-12 03:07:09 -08:00
Robert Ransom
81affe1949 Move the original log_info call out of the core of buf_shrink_freelists.
Sending a log message to a control port can cause Tor to allocate a buffer,
thereby changing the length of the freelist behind buf_shrink_freelists's back,
thereby causing an assertion to fail.

Fixes bug #1125.
2010-11-12 03:04:07 -08:00
Robert Ransom
6a0657d4bb Disable logging to control port connections in buf_shrink_freelists.
If buf_shrink_freelists calls log_warn for some reason, we don't want the log
call itself to throw buf_shrink_freelists further off the rails.
2010-11-12 02:34:58 -08:00
Robert Ransom
6d2e02d79b Move the original log_info call out of the core of buf_shrink_freelists.
Sending a log message to a control port can cause Tor to allocate a buffer,
thereby changing the length of the freelist behind buf_shrink_freelists's back,
thereby causing an assertion to fail.

Fixes bug #1125.
2010-11-12 02:34:51 -08:00
Karsten Loesing
8833381d9c Add two fixes to the new geoip-db-digest line. 2010-11-12 09:11:11 +01:00
Nick Mathewson
ae5cdb8fa7 Merge remote branch 'public/refactor_pports' 2010-11-11 23:09:42 -05:00
Nick Mathewson
223fc208f6 Split long lines in configure.in and Makefile.am files
Having very long single lines with lots and lots of things in them
tends to make files hard to diff and hard to merge.  Since our tools
are one-line-at-a-time, we should try to construct lists that way too,
within reason.

This incidentally turned up a few headers in configure.in that we were
for some reason searching for twice.
2010-11-11 14:22:48 -05:00
Roger Dingledine
a29596556c Merge branch 'maint-0.2.2'
Conflicts:

	src/or/config.c
2010-11-11 12:19:37 -05:00
Roger Dingledine
362bb5c625 Merge branch 'maint-0.2.1' into maint-0.2.2 2010-11-11 12:12:17 -05:00
Roger Dingledine
0a38358210 let unpublished bridges learn their ip address too 2010-11-11 11:26:42 -05:00
Nick Mathewson
d4e660ff68 Merge remote branch 'origin/maint-0.2.2' 2010-11-10 16:07:04 -05:00
Nick Mathewson
a4bf5b51e9 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-11-10 16:06:43 -05:00
Nick Mathewson
2a50dd9359 Enforce multiplicity rules when parsing annotations.
We would never actually enforce multiplicity rules when parsing
annotations, since the counts array never got entries added to it for
annotations in the token list that got added by earlier calls to
tokenize_string.

Found by piebeer.
2010-11-10 16:02:02 -05:00
Nick Mathewson
089137f011 Fix a bug where seting allow_annotations==0 only ignores annotations, but does not block them 2010-11-10 16:02:02 -05:00
Nick Mathewson
accc51b68c Bulletproof the routerlist manipulation functions to handle reinserting the same descriptor 2010-11-10 14:55:00 -05:00
Sebastian Hahn
5040c855d1 Break NoPublish support 2010-11-10 15:48:26 +01:00
Sebastian Hahn
556a1b9e45 Change Natd into NATD in our options.
Breaking this out of the last commit because this might be more
controversial.
2010-11-10 15:48:26 +01:00
Sebastian Hahn
b9cac605ab Synx manpage and source wrt option capitalization
We had a spelling discrepancy between the manpage and the source code
for some option. Resolve these in favor of the manpage, because it
makes more sense (for example, HTTP should be capitalized).
2010-11-10 15:48:26 +01:00
Sebastian Hahn
13a7e8bea3 Comment out the (unused) RunTesting option
The code that makes use of the RunTesting option is #if 0, so setting
this option has no effect. Mark the option as obsolete for now, so that
Tor doesn't list it as an available option erroneously.
2010-11-10 15:48:25 +01:00
Karsten Loesing
499661524b Turn on directory request statistics by default.
Change the default values for collecting directory request statistics and
inlcuding them in extra-info descriptors to 1.

Don't break if we are configured to collect directory request or entry
statistics and don't have a GeoIP database. Instead, print out a notice
and skip initializing the affected statistics code.
2010-11-10 12:11:08 +01:00
Nick Mathewson
d238d8386f Add a testing-only option to use bufferevent_openssl as a filter
We need filtering bufferevent_openssl so that we can wrap around
IOCP bufferevents on Windows.  This patch adds a temporary option to
turn on filtering mode, so that we can test it out on non-IOCP
systems to make sure it hasn't got any surprising bugs.

It also fixes some allocation/teardown errors in using
bufferevent_openssl as a filter.
2010-11-09 15:36:27 -05:00
Karsten Loesing
423c2a7a27 Add GeoIP file digest to extra-info descriptor. 2010-11-09 09:42:36 +01:00
Nick Mathewson
1fb342dfab Merge branch 'loggranularity' 2010-11-08 12:40:33 -05:00
Nick Mathewson
152c9cba65 Make LogTimeGranularity respect validate_only 2010-11-08 12:40:26 -05:00
Karsten Loesing
ed45bc198f Fix log granularity based on Nick's comments.
Instead of rejecting a value that doesn't divide into 1 second, round to
the nearest divisor of 1 second and warn.

Document that the option only controls the granularity written by Tor to a
file or console log. It does not (for example) "batch up" log messages to
affect times logged by a controller, times attached to syslog messages, or
the mtime fields on log files.
2010-11-08 17:38:59 +01:00
Roger Dingledine
d96c9cd00e Merge branch 'maint-0.2.2' 2010-11-06 17:42:37 -04:00
Nick Mathewson
114a371c0e Fix the assert in bug 1776
In the case where old_router == NULL but sdmap has an entry for the
router, we can currently safely infer that the old_router was not a
bridge.  Add an assert to ensure that this remains true, and fix the
logic not to die with the tor_assert(old_router) call.
2010-11-02 11:20:09 -04:00
Nick Mathewson
c109ffaef9 Fix bug in tor_parse_string when Address is given as a dotted quad.
Found by Ian Goldberg and Mashael AlSabah.

Bugfix on 0.2.3.0-alpha dev.
2010-11-01 15:52:43 -04:00
Nick Mathewson
da0912c00c Fix up comments in choose_good_entry_server. Spotted by Robert Ransom. 2010-10-29 15:55:39 -04:00
Nick Mathewson
ccec0a1bd3 Merge remote branch 'origin/maint-0.2.2' 2010-10-26 13:59:09 -04:00
Sebastian Hahn
f87c6f100d Remove delay to become HSDir in privnets 2010-10-26 18:37:57 +02:00
Sebastian Hahn
213139f887 Properly refcount client_identity_key
In a2bb0bf we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.
2010-10-26 18:22:04 +02:00
Nick Mathewson
17fdde3d92 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/common/tortls.c
2010-10-21 16:23:01 -04:00
Nick Mathewson
441241c136 Fix a whitespace error 2010-10-21 16:12:04 -04:00
Nick Mathewson
1587735c90 Merge branch 'bug988-nm' into maint-0.2.2 2010-10-21 16:11:02 -04:00
Nick Mathewson
03adb8caad Add some asserts to get_{tlsclient|server}_identity_key
We now require that:
  - Only actual servers should ever call get_server_identity_key
  - If you're being a client or bridge, the client and server keys should
    differ.
  - If you're being a public relay, the client and server keys
    should be the same.
2010-10-21 13:54:12 -04:00
Nick Mathewson
704076680a Rename get_client_identity_key to get_tlsclient_identity_key 2010-10-21 13:54:02 -04:00
Nick Mathewson
f3eb2a10ae Remove a ??? comment in node_get_by_nickname
Bug 1859 shows that the router_get_by_nickname behavior was wrong,
and the node_get_by_nickname is right.
2010-10-21 11:18:55 -04:00
Nick Mathewson
bd1a694221 Add a node_get_by_hex_id(). 2010-10-21 11:18:16 -04:00
Nick Mathewson
f32140238f Merge remote branch 'origin/maint-0.2.2' for bug 1859 patches
Some of this is already done in nodelist.
2010-10-21 11:17:34 -04:00
Nick Mathewson
5f3010667d Fix a remaining bug in Robert's bug1859 fix.
When intro->extend_info is created for an introduction point, it
only starts out with a nickname, not necessarily an identity digest.
Thus, doing router_get_by_digest isn't necessarily safe.
2010-10-21 11:09:35 -04:00
Nick Mathewson
0e8d1c2217 Merge remote branch 'hoganrobert/bug1859' into maint-0.2.2 2010-10-21 11:01:12 -04:00
Nick Mathewson
2c3dafc342 Merge remote branch 'origin/maint-0.2.2' 2010-10-21 10:52:12 -04:00
Nick Mathewson
ea7f4be6d2 Merge remote branch 'sebastian/relay_early_rend' into maint-0.2.2 2010-10-21 10:49:44 -04:00
Nick Mathewson
d17b9bf1a5 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/networkstatus.c
2010-10-20 21:32:27 -04:00
Nick Mathewson
0ac9a3df6c Fix a logic error in 98aee84. Found by boboper 2010-10-20 14:40:09 -04:00
Nick Mathewson
444193ff5d Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/networkstatus.c
2010-10-20 13:53:11 -04:00
Nick Mathewson
2849a95691 Add a ! to directory_caches_dir_info() to fix a logic error
We want to fetch directory info more aggressively if we need it to
refuseunknownexits.  Thus, we'll want it if our exit policy is _NOT_
reject *.
2010-10-20 13:49:38 -04:00
Nick Mathewson
98aee8472f Fix a read of a freed pointer while in set_current_consensus
Found by rransom while working on issue #988.  Bugfix on
0.2.2.17-alpha.  Fixes bug 2097.
2010-10-20 13:10:20 -04:00
Sebastian Hahn
d3b67cba3c Send relay_early cells in rend circs
There are no relay left that run version 0.2.1.3 through 0.2.1.18, so
changing this behaviour should be safe now.
2010-10-18 07:46:51 +02:00
Robert Hogan
0acd5e6208 Issues with router_get_by_nickname()
https://trac.torproject.org/projects/tor/ticket/1859

Use router_get_by_digest() instead of router_get_by_hexdigest()
in circuit_discard_optional_exit_enclaves() and
rend_client_get_random_intro(), per Nick's comments.

Using router_get_by_digest() in rend_client_get_random_intro() will
break hidden services published by Tor versions pre 0.1.2.18 and
0.2.07-alpha as they only publish by nickname. This is acceptable
however as these versions only publish to authority tor26 and
don't work for versions in the 0.2.2.x series anyway.
2010-10-17 12:27:57 +01:00
Nick Mathewson
a7cf788740 Merge branch 'bug1992_part1' 2010-10-15 17:08:18 -04:00
Nick Mathewson
b97da61b5a Tweak the fmt_addr32 code
Clarify documentation, rename a local, and fix a memory leak.
2010-10-15 17:07:27 -04:00
Nick Mathewson
d6bd2e55a6 Remove more unused code from routerlist.c 2010-10-15 14:25:52 -04:00
Nick Mathewson
e70cfbeb40 Remove an unused field from circ_buffer_stats_t 2010-10-15 14:25:36 -04:00
Nick Mathewson
2c51cd2b10 Make the predicted ports logic a little simpler.
Mainly, this comes from turning two lists that needed to be kept in
synch into a single list of structs.  This should save a little RAM,
and make the code simpler.
2010-10-15 14:02:55 -04:00
Nick Mathewson
006acf8b3f Fix a documention issue in circuitlist.c 2010-10-15 13:44:25 -04:00
Roger Dingledine
aab6952887 fix another typo 2010-10-15 13:00:37 -04:00
Nick Mathewson
36c5476e70 Fold timestamp_created into highres_created
There's no reason to keep a time_t and a struct timeval to represent
the same value: highres_created.tv_sec was the same as timestamp_created.

This should save a few bytes per circuit.
2010-10-15 12:38:02 -04:00
Nick Mathewson
9516c1efdb Remove XXXs about improving buf_t API: bufferevents are the future 2010-10-15 11:38:33 -04:00
Nick Mathewson
59cba1767c Make the return value of tor_addr_sockaddr always be signed 2010-10-15 11:36:16 -04:00
Nick Mathewson
247ce5876a Remove "is this too slow?" XXXX comments for code not appearing in profiles 2010-10-15 11:21:33 -04:00
Nick Mathewson
a5289fa794 Remove the unused old fuzzy-time code 2010-10-15 11:16:42 -04:00
Nick Mathewson
be13b5775a Remove an XXX in ntmain.c: a simple function call per loop is not so expensive. 2010-10-15 10:57:42 -04:00
Sebastian Hahn
9bed40eb10 Make check-spaces happy 2010-10-14 17:54:45 +02:00
Sebastian Hahn
4556f2e7c8 Rename router_get_by_digest()
We now call the function router_get_by_id_digest() to make clear that
we're talking about the identity digest here, not descriptor digest.
2010-10-14 17:49:51 +02:00
Nick Mathewson
376939c9ac Fix a few trivial bugs from the nodelist merge 2010-10-13 21:54:09 -04:00
Nick Mathewson
3af12a5557 Fix some XXXXs in connection_add_impl related to bufferevent error checking
This might make bufferevents more asserty for a while, but they should
make other bugs less likely to go unnoticed.

Noted by Sebastian.
2010-10-13 20:37:04 -04:00
Nick Mathewson
3d10c89201 Fix a couple users of buf_datalen that slipped in. Found by Sebastian 2010-10-13 20:36:34 -04:00
Nick Mathewson
44674369c5 Implement node_set_exit_policy_to_reject_all with a flag
Also remove some debugging code.
2010-10-13 20:30:40 -04:00
Nick Mathewson
3aec655694 Merge remote branch 'arma/bug1982_2'
Resolved a minor conflict in:
	src/or/circuitbuild.c
2010-10-13 16:07:37 -04:00
Nick Mathewson
8c837db38f Merge branch 'nodes' 2010-10-13 16:04:25 -04:00
Nick Mathewson
cbda016bc5 Send END cells on bufferevent tunneled directory conns
Our old code correctly called bufferevent_flush() on linked
connections to make sure that the other side got an EOF event... but
it didn't call bufferevent_flush() when the connection wasn't
hold_open_until_flushed.  Directory connections don't use
hold_open_until_flushed, so the linked exit connection never got an
EOF, so they never sent a RELAY_END cell to the client, and the
client never concluded that data had arrived.

The solution is to make the bufferevent_flush() code apply to _all_
closing linked conns whose partner is not already marked for close.
2010-10-13 15:05:06 -04:00
Robert Hogan
2d8f7a8391 Issues with router_get_by_nickname()
https://trac.torproject.org/projects/tor/ticket/1859

There are two problems in this bug:

1. When an OP makes a .exit request specifying itself as the exit, and the exit
   is not yet listed, Tor gets all the routerinfos needed for the circuit but
   discovers in circuit_is_acceptable() that its own routerinfo is not in the
   routerdigest list and cannot be used. Tor then gets locked in a cycle of
   repeating these two steps. When gathering the routerinfos for a circuit,
   specifically when the exit has been chosen by .exit notation, Tor needs to
   apply the same rules it uses later on when deciding if it can build a
   circuit with those routerinfos.

2. A different bug arises in the above situation when the Tor instance's
   routerinfo *is* listed in the routerlist, it shares its nickname with a
   number of other Tor nodes, and it does not have 'Named' rights to its
   nickname.
   So for example, if (i) there are five nodes named Bob in the network, (ii) I
   am running one of them but am flagged as 'Unnamed' because someone else
   claimed the 'Bob' nickname first, and (iii) I run my Tor as both client
   and exit the following can happen to me:
     - I go to www.evil.com
     - I click on a link www.evil.com.bob.exit
     - My request will exit through my own Tor node rather than the 'Named'
       node Bob or any of the others.
     - www.evil.com now knows I am actually browsing from the same computer
       that is running my 'Bob' node

So to solve both issues we need to ensure:

- When fulfilling a .exit request we only choose a routerinfo if it exists in
  the routerlist, even when that routerinfo is ours.
- When getting a router by nickname we only return our own router information
  if it is not going to be used for building a circuit.

We ensure this by removing the special treatment afforded our own router in
router_get_by_nickname(). This means the function will only return the
routerinfo of our own router if it is in the routerlist built from authority
info and has a unique nickname or is bound to a non-unique nickname.

There are some uses of router_get_by_nickname() where we are looking for the
router by name because of a configuration directive, specifically local
declaration of NodeFamilies and EntryNodes and other routers' declaration of
MyFamily. In these cases it is not at first clear if we need to continue
returning our own routerinfo even if our router is not listed and/or has a
non-unique nickname with the Unnamed flag.

The patch treats each of these cases as follows:

Other Routers' Declaration of MyFamily
 This happens in routerlist_add_family(). If another router declares our router
 in its family and our router has the Unnamed flag or is not in the routerlist
 yet, should we take advantage of the fact that we know our own routerinfo to
 add us in anyway? This patch says 'no, treat our own router just like any
 other'. This is a safe choice because it ensures our client has the same view
 of the network as other clients. We also have no good way of knowing if our
 router is Named or not independently of the authorities, so we have to rely on
 them in this.

Local declaration of NodeFamilies
 Again, we have no way of knowing if the declaration 'NodeFamilies
 Bob,Alice,Ringo' refers to our router Bob or the Named router Bob, so we have
to defer to the authorities and treat our own router like any other.

Local declaration of NodeFamilies
 Again, same as above. There's also no good reason we would want our client to
 choose it's own router as an entry guard if it does not meet the requirements
 expected of any other router on the network.

In order to reduce the possibility of error, the patch also replaces two
instances where we were using router_get_by_nickname() with calls to
router_get_by_hexdigest() where the identity digest of the router
is available.
2010-10-13 18:29:01 +01:00
Nick Mathewson
1c6649418d Revert accidentally-committed changes to routerlist.c
This reverts part of commit a0c1c2ac01.
2010-10-13 13:16:12 -04:00
Nick Mathewson
a0c1c2ac01 Use connection_mark_and_flush consistently. 2010-10-13 13:08:46 -04:00
Nick Mathewson
5710d99f00 Remember to re-install inbuf/outbuf callbacks on ssl bufferevents
If we don't, we will (among other bad things) never update
lastread/lastwritten, and so flood the network with keepalives.
2010-10-12 15:48:17 -04:00
Nick Mathewson
a9172c87be Actually call connection_tls_finish_handshake() with bufferevents
First start of a fix for bug2001, but my test network still isn't
working: the client and the server send each other VERSIONS cells,
but never notice that they got them.
2010-10-12 14:52:33 -04:00
Nick Mathewson
4cfa6fbaca Log OpenSSL errors coming from bufferevent_openssl 2010-10-11 13:25:41 -04:00
Nick Mathewson
9fe3cd0be3 Fix a crash bug when serving microdescs on a bufferevent. 2010-10-07 21:02:12 -04:00
Nick Mathewson
d0f1f9ce9e Remove a spurious .z from microdesc fetch URLs so they no logner end with .z.z 2010-10-07 20:41:15 -04:00
Nick Mathewson
c9dece14ae Add some missing documentation for things added in nodes branch 2010-10-07 17:10:06 -04:00
Nick Mathewson
1dffefc907 Add more documentation to microdesc.c, plus another assert. 2010-10-07 16:25:27 -04:00
Nick Mathewson
ab5b11fbb8 Add a more verbose log message to try to catch bug #2022. 2010-10-07 16:04:24 -04:00
Nick Mathewson
3061a036c8 Unit tests for microdescriptor cache
May help with tracking down bug #2022
2010-10-07 15:28:54 -04:00
Robert Ransom
a2bb0bfdd5 Maintain separate server and client identity keys when appropriate.
Fixes a bug described in ticket #988.
2010-10-04 21:51:53 -07:00
Robert Ransom
17efbe031d Maintain separate server and client TLS contexts.
Fixes bug #988.
2010-10-04 21:51:47 -07:00
Nick Mathewson
99062c4003 Spotted another missing check 2010-10-05 00:39:01 -04:00
Nick Mathewson
4080d9b0fa Fix a couple more node_t-related nullpointer bugs 2010-10-04 23:51:30 -04:00
Nick Mathewson
9edd85aa4c Switch an && to an ||, stop a *NULL. 2010-10-04 23:33:50 -04:00
Robert Ransom
d3879dbd16 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.
2010-10-04 17:57:29 -07:00
Robert Ransom
89dffade8d Add public_server_mode function. 2010-10-04 17:57:29 -07:00
Karsten Loesing
8c5ba9388b Make logging resolution configurable.
Implements enhancement 1668.
2010-10-04 08:15:18 +02:00
Roger Dingledine
22f723e4a3 refactor all these tor_inet_ntoa idioms
but don't refactor the ones that look messy
2010-10-01 21:31:09 -04:00
Nick Mathewson
b9f2ccbdcc More debugging code for node_t branch 2010-10-01 19:52:05 -04:00
Nick Mathewson
1bb9734e3a Implement policies for nodes (and for microdescriptors too) 2010-10-01 18:14:28 -04:00
Nick Mathewson
42acef68ad Fix a bug in smartlist_choose_node_by_bandwidth 2010-10-01 18:14:28 -04:00
Nick Mathewson
b5341314c1 Implement a few more node-based functions
Some of these functions only work for routerinfo-based nodes, and as
such are only usable for advisory purposes.  Fortunately, our uses
of them are compatible with this limitation.
2010-10-01 18:14:27 -04:00
Nick Mathewson
f9ea242aca Implement node-based router family code
Also, make the NodeFamily option into a list of routersets.  This
lets us git rid of router_in_nickname_list (or whatever it was
called) without porting it to work with nodes, and also lets people
specify country codes and IP ranges in NodeFamily
2010-10-01 18:14:27 -04:00
Nick Mathewson
45f1e4d5ee Rename routerstatus_t.is_running to is_flagged_running
This was the only flag in routerstatus_t that we would previously
change in a routerstatus_t in a consensus. We no longer have reason
to do so -- and probably never did -- as you can now confirm more
easily than you could have done by grepping for is_running before
this patch.

The name change is to emphasize that the routerstatus_t is_running
flag is only there to tell you whether the consensus says it's
running, not whether it *you* think it's running.
2010-10-01 18:14:27 -04:00
Nick Mathewson
26e897420e Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t.  It should try to present a consistent interface to all
of them.  There should be a node_t for a server whenever there is
  * A routerinfo_t for it in the routerlist
  * A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)

There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.

All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.

A node_t should hold all the *mutable* flags about a node.  This
patch moves the is_foo flags from routerinfo_t into node_t.  The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.

Some other highlights of this patch are:

  * Looking up routerinfo and routerstatus by nickname is now
    unified and based on the "look up a node by nickname" function.
    This tries to look only at the values from current consensus,
    and not get confused by the routerinfo_t->is_named flag, which
    could get set for other weird reasons.  This changes the
    behavior of how authorities (when acting as clients) deal with
    nodes that have been listed by nickname.

  * I tried not to artificially increase the size of the diff here
    by moving functions around.  As a result, some functions that
    now operate on nodes are now in the wrong file -- they should
    get moved to nodelist.c once this refactoring settles down.
    This moving should happen as part of a patch that moves
    functions AND NOTHING ELSE.

  * Some old code is now left around inside #if 0/1 blocks, and
    should get removed once I've verified that I don't want it
    sitting around to see how we used to do things.

There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()."  I'll work on filling in the
implementation here, piece by piece.

I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest.  Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-10-01 18:14:27 -04:00
Nick Mathewson
6dd7f85bc7 Try to make most routerstatus_t interfaces const 2010-10-01 18:14:27 -04:00
Nick Mathewson
d84d20cbb2 Try to make most routerinfo_t interfaces const 2010-10-01 18:14:27 -04:00
Nick Mathewson
fe309e7ad6 Implement a basic node and nodelist type
The node_t type is meant to serve two key functions:

  1) Abstracting difference between routerinfo_t and microdesc_t
     so that clients can use microdesc_t instead of routerinfo_t.

  2) Being a central place to hold mutable state about nodes
     formerly held in routerstatus_t and routerinfo_t.

This patch implements a nodelist type that holds a node for every
router that we would consider using.
2010-10-01 18:14:26 -04:00
Roger Dingledine
165aaf560a Merge branch 'maint-0.2.2' 2010-10-01 14:12:11 -04:00
Roger Dingledine
734ba2f937 fix comment 2010-10-01 14:11:08 -04:00
Roger Dingledine
6cb5383e56 log when we guess our ip address, not just when we fail 2010-10-01 13:32:38 -04:00
Nick Mathewson
495e630a49 Merge branch 'tor-fw-squashed2'
Conflicts:
	src/common/util.c
2010-09-30 16:22:39 -04:00
Nick Mathewson
d39e46c26d Merge remote branch 'origin/maint-0.2.2' 2010-09-30 15:30:14 -04:00
Steven Murdoch
a6dc00fa75 Start tor-fw-helper in the background, and log whatever it outputs 2010-09-30 11:40:37 -04:00
Nick Mathewson
3ad43ef75f Whitespace fixes on recent merges to master. 2010-09-30 01:36:36 -04:00
Sebastian Hahn
0702429cf7 Note an XXX about potential overflow 2010-09-30 06:24:01 +02:00
Sebastian Hahn
73def430e3 Use an upper and lower bound for bridge weights
When picking bridges (or other nodes without a consensus entry (and
thus no bandwidth weights)) we shouldn't just trust the node's
descriptor. So far we believed anything between 0 and 10MB/s, where 0
would mean that a node doesn't get any use from use unless it is our
only one, and 10MB/s would be a quite siginficant weight. To make this
situation better, we now believe weights in the range from 20kB/s to
100kB/s. This should allow new bridges to get use more quickly, and
means that it will be harder for bridges to see almost all our traffic.
2010-09-30 06:17:54 +02:00
Roger Dingledine
ea6ac0f0d1 Merge branch 'maint-0.2.2' 2010-09-30 00:10:14 -04:00
Roger Dingledine
d17fcad3ae Merge commit 'mikeperry/bug1772' into maint-0.2.2 2010-09-30 00:00:06 -04:00
Mike Perry
7eedd0f6bc Nominaly lower the minimum timeout value to 1500.
This won't change any behavior, since it will still be rounded back
up to 2seconds, but should reduce the chances of some extra warns.
2010-09-29 20:58:09 -07:00
Roger Dingledine
3cbe463e96 Merge branch 'bug1772' into maint-0.2.2 2010-09-29 23:52:18 -04:00
Roger Dingledine
f2aa8f08cb fix two casts 2010-09-29 23:51:25 -04:00
Mike Perry
c8f731fabb Comment network liveness and change detection behavior. 2010-09-29 19:35:40 -07:00
Roger Dingledine
ceb3d4d578 no measurement circs if not enough build times
In the first 100 circuits, our timeout_ms and close_ms
are the same. So we shouldn't transition circuits to purpose
CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT, since they will just timeout again
next time we check.
2010-09-29 18:05:10 -04:00
Roger Dingledine
7f10707c42 refactor and recomment; no actual changes 2010-09-29 18:01:22 -04:00
Roger Dingledine
355fc63790 Merge branch 'maint-0.2.2' 2010-09-29 17:21:43 -04:00
Roger Dingledine
48cd096276 Merge commit 'mikeperry/bug1739' into maint-0.2.2 2010-09-29 17:17:59 -04:00
Roger Dingledine
474e4d2722 Merge commit 'mikeperry/bug1740' into maint-0.2.2 2010-09-29 17:05:38 -04:00
Mike Perry
4324bb1b21 Cap the circuit build timeout to the max time we've seen.
Also, cap the measurement timeout to 2X the max we've seen.
2010-09-29 11:49:43 -07:00
Mike Perry
11910cf5b3 Do away with the complexity of the network liveness detection.
We really should ignore any timeouts that have *no* network activity for their
entire measured lifetime, now that we have the 95th percentile measurement
changes. Usually this is up to a minute, even on fast connections.
2010-09-29 11:49:43 -07:00
Mike Perry
0744a175af Fix state checks on liveness handling.
If we really want all this complexity for these stages here, we need to handle
it better for people with large timeouts. It should probably go away, though.
2010-09-29 11:49:43 -07:00
Mike Perry
9a77743b7b Fix non-live condition checks.
Rechecking the timeout condition was foolish, because it is checked on the
same codepath. It was also wrong, because we didn't round.

Also, the liveness check itself should be <, and not <=, because we only have
1 second resolution.
2010-09-29 11:49:31 -07:00
Mike Perry
c5b5643965 Send control port events for timeouts.
We now differentiate between timeouts and cutoffs by the REASON string and
the PURPOSE string.
2010-09-29 11:46:36 -07:00
Mike Perry
5aa4564ab9 Only count timeout data for 3 hop circuits.
Use 4/3 of this timeout value for 4 hop circuits, and use half of it for
canabalized circuits.
2010-09-29 11:41:27 -07:00
Roger Dingledine
0ed8d5a537 allow countries and IP addresses in EntryNodes 2010-09-29 03:00:06 -04:00
Nick Mathewson
703eb087f5 Merge remote branch 'origin/maint-0.2.2' 2010-09-29 00:38:44 -04:00