Commit Graph

15360 Commits

Author SHA1 Message Date
Nick Mathewson
cfeb1db2fb Add comments to connection_check_event(). 2017-02-07 09:48:24 -05:00
Nick Mathewson
457d38a6e9 Change behavior on missing/present event to warn instead of asserting.
Add a changes file.
2017-02-07 09:48:19 -05:00
Nick Mathewson
650c03127a If we start/stop reading on a dnsserv connection, don't assert.
Fixes bug 16248. Patch from cypherpunks.  Bugfix on 0.2.0.1-alpha.
2017-02-07 09:48:13 -05:00
Nick Mathewson
5446cb8d3d Revert "Add hidserv-stats filname to our sandbox filter"
Reverting this in 0.2.6 only -- we're no backporting
seccomp2-loosening fixes to 0.2.6.

This reverts commit 2ec5e24c58.
2017-02-07 09:28:50 -05:00
Nick Mathewson
9379984128 Merge branch 'teor_bug21357-v2_029' into maint-0.2.9 2017-02-07 09:24:08 -05:00
Nick Mathewson
c6f2ae514e Merge branch 'maint-0.2.5' into maint-0.2.6 2017-02-07 09:18:54 -05:00
Nick Mathewson
b9ef21cf56 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-02-07 09:17:59 -05:00
Nick Mathewson
e4a42242ea Backport the tonga->bifroest move to 0.2.4.
This is a backport of 19728 and 19690
2017-02-07 09:15:21 -05:00
John Brooks
053e11f397 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2017-02-07 08:31:37 -05:00
Nick Mathewson
19e25d5cab Prevention: never die from extend_info_from_node() failure.
Bug 21242 occurred because we asserted that extend_info_from_node()
had succeeded...even though we already had the code to handle such a
failure.  We fixed that in 93b39c5162.

But there were four other cases in our code where we called
extend_info_from_node() and either tor_assert()ed that it returned
non-NULL, or [in one case] silently assumed that it returned
non-NULL. That's not such a great idea.  This patch makes those
cases check for a bug of this kind instead.

Fixes bug 21372; bugfix on 0.2.3.1-alpha when
extend_info_from_node() was introduced.
2017-02-03 10:35:07 -05:00
Nick Mathewson
9d5a9feb40 Merge branch 'dgoulet/bug21302_030_01_squashed' 2017-02-03 09:54:24 -05:00
David Goulet
eea763400f hs: Remove intro point expiring node if no circuit
Once a second, we go over all services and consider the validity of the intro
points. Now, also try to remove expiring nodes that have no more circuit
associated to them. This is possible if we moved an intro point object
previously to that list and the circuit actually timed out or was closed by
the introduction point itself.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-03 09:54:07 -05:00
David Goulet
8573d99470 hs: Fix an underflow in rend_service_intro_has_opened()
In rend_service_intro_has_opened(), this is subject to a possible underflow
because of how the if() casts the results. In the case where the expiring
nodes list length is bigger than the number of IP circuits, we end up in the
following situation where the result will be cast to an unsigned int. For
instance, "5 - 6" is actually a BIG number.

Ultimately leading to closing IP circuits in a non stop loop.

Partially fixes #21302.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-03 09:54:06 -05:00
cypherpunks
27df23abb6 Use the standard OpenBSD preprocessor definition 2017-02-03 09:37:39 -05:00
Nick Mathewson
0f79fb51e5 dirauth: Fix for calling routers unreachable for wrong ed25519
Previously the dirserv_orconn_tls_done() function would skip routers
when they advertised an ed25519 key but didn't present it during the
link handshake.  But that covers all versions between 0.2.7.2-alpha
and 0.2.9.x inclusive!

Fixes bug 21107; bugfix on 0.3.0.1-alpha.
2017-02-02 10:37:25 -05:00
Nick Mathewson
d732409402 In dirserv_single_reachability_test, node can be const. 2017-02-02 09:36:36 -05:00
Nick Mathewson
6777cd0a84 Merge remote-tracking branch 'public/bug21356_029' 2017-02-02 09:03:13 -05:00
Nick Mathewson
b11f00c153 Merge branch 'bug21294_030_01_squashed' 2017-02-02 08:48:20 -05:00
David Goulet
83df359214 config: Stop recommending Tor2web if in non anonymous mode
Because we don't allow client functionalities in non anonymous mode,
recommending Tor2web is a bad idea.

If a user wants to use Tor2web as a client (losing all anonymity), it should
run a second tor, not use it with a single onion service tor.

Fixes #21294.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-02 08:47:59 -05:00
Nick Mathewson
2d2ab29ce8 Merge remote-tracking branch 'asn/bug21052' 2017-02-01 15:53:16 -05:00
David Goulet
cc0342a2ae hs: Fix possible integer underflow with IP nodes
In rend_consider_services_intro_points(), we had a possible interger underflow
which could lead to creating a very large number of intro points. We had a
safe guard against that *except* if the expiring_nodes list was not empty
which is realistic thing.

This commit removes the check on the expiring nodes length being zero. It's
not because we have an empty list of expiring nodes that we don't want to open
new IPs. Prior to this check, we remove invalid IP nodes from the main list of
a service so it should be the only thing to look at when deciding if we need
to create new IP(s) or not.

Partially fixes #21302.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01 11:07:09 -05:00
Nick Mathewson
f1530d0e5a Merge branch 'teor_bug21357-v2_029' 2017-02-01 09:39:25 -05:00
teor
408c53b7a7 Scale IPv6 address counts in policy_summary_reject to avoid overflow
This disregards anything smaller than an IPv6 /64, and rejects ports that
are rejected on an IPv6 /16 or larger.

Adjust existing unit tests, and add more to cover exceptional cases.

No IPv4 behaviour changes.

Fixes bug 21357
2017-02-01 09:39:06 -05:00
teor
4667a40ca9 Fix IPv6 support in policy_summary_reject and policy_summary_accept
This interim fix results in too many IPv6 rejections.

No behaviour change for IPv4 counts, except for overflow fixes that
would require 4 billion redundant 0.0.0.0/0 policy entries to trigger.

Part of 21357
2017-02-01 09:39:06 -05:00
teor
82850d0da6 Refactor policy_summary_reject to prepare for IPv6 changes
No behaviour change, apart from non-fatal assertions

Part of 21357
2017-02-01 09:39:06 -05:00
teor
7e7b3d3df3 Add unit tests for IPv6 address summaries and IPv4 netblock rejection
These tests currently fail due to bug 21357
2017-02-01 09:39:06 -05:00
teor
e95b8f7df9 Fix write_short_policy usage comment 2017-02-01 09:39:05 -05:00
Nick Mathewson
c3b6354412 fix a wide line 2017-02-01 09:35:29 -05:00
Nick Mathewson
222f2fe469 Merge branch 'bug21150_030_01_squashed' 2017-02-01 09:30:02 -05:00
David Goulet
51b562c605 Use an internal variable for HiddenServiceStatistics
Stop modifying the value of our torrc option HiddenServiceStatistics just
because we're not a bridge or relay. This bug was causing Tor Browser users to
write "HiddenServiceStatistics 0" in their torrc files as if they had chosen
to change the config.

Fixes #21150

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-02-01 09:29:53 -05:00
Nick Mathewson
78011bb7ba Merge branch 'bug21242' 2017-02-01 09:09:58 -05:00
Nick Mathewson
2e93bffa1d Merge remote-tracking branch 'public/bug21129' 2017-02-01 09:01:44 -05:00
Nick Mathewson
f8885b76ef Merge remote-tracking branch 'public/bug21128' 2017-02-01 09:01:28 -05:00
Nick Mathewson
a5aec6ac37 Merge branch 'bug21108_029' 2017-01-31 18:51:26 -05:00
Roger Dingledine
6ff7850f26 be explicit in clear_status_flags_on_sybil that we leave BadExit alone 2017-01-31 18:50:16 -05:00
Nick Mathewson
35d8270942 When marking guard state instances on a channel, don't mark NULL
It's okay for guard_state to be null: we might have a fallback
circuit, or we might not be using guards.

Fixes bug 211228; bugfix on 0.3.0.1-alpha
2017-01-31 14:44:14 -05:00
Nick Mathewson
0f0d4356b2 Don't try to use confirmed_idx in remove_guard_from_...lists()
Since we can call this function more than once before we update all
the confirmed_idx fields, we can't rely on all the relays having an
accurate confirmed_idx.

Fixes bug 21129; bugfix on 0.3.0.1-alpha
2017-01-31 14:34:32 -05:00
Nick Mathewson
a47c133c86 Do not clear is_bad_exit on sybil.
But do clear is_v2_dir.

Fixes bug 21108 -- bugfix on d95e7c7d67 in
0.2.0.13-alpha.
2017-01-31 14:12:14 -05:00
Nick Mathewson
d183ec231b Call monotime_init() earlier.
We need to call it before nt_service_parse_options(), since
nt_service_parse_options() can call back into nt_service_main(),
which calls do_main_loop().

Fixes bug 21356; bugfix on 0.2.9.1-alpha.
2017-01-31 13:02:49 -05:00
Nick Mathewson
746d959100 Don't build circuits till primary guards have descriptors
In addition to not wanting to build circuits until we can see most
of the paths in the network, and in addition to not wanting to build
circuits until we have a consensus ... we shouldn't build circuits
till all of our (in-use) primary guards have descriptors that we can
use for them.

This is another bug 21242 fix.
2017-01-31 12:31:43 -05:00
Nick Mathewson
02da24f8e5 Don't (usually) return any guards that are missing descriptors.
Actually, it's _fine_ to use a descriptorless guard for fetching
directory info -- we just shouldn't use it when building circuits.
Fortunately, we already have a "usage" flag that we can use here.

Partial fix for bug 21242.
2017-01-31 12:30:33 -05:00
Nick Mathewson
26957a127a entry_guard_pick_for_circuit(): TRAFFIC guards must have descriptors
This relates to the 21242 fix -- entry_guard_pick_for_circuit()
should never yield nodes without descriptors when the node is going
to be used for traffic, since we won't be able to extend through
them.
2017-01-31 11:47:09 -05:00
Nick Mathewson
93b39c5162 Downgrade assertion to nonfatal for #21242
This assertion triggered in the (error) case where we got a result
from guards_choose_guard() without a descriptor.  That's not
supposed to be possible, but it's not worth crashing over.
2017-01-31 11:35:57 -05:00
Nick Mathewson
09a00a2f82 Merge remote-tracking branch 'public/bug21300' 2017-01-31 11:09:04 -05:00
Nick Mathewson
cccd3f1dae entrynodes: Remove "split these functions" XXXXs
They now have a ticket: #21349.
2017-01-30 10:49:40 -05:00
Nick Mathewson
7d0df8bad8 Remove a couple of stale comments from entrynodes.h 2017-01-30 10:38:24 -05:00
Nick Mathewson
fe04bdcdbb GUARD_WAIT is now specified too 2017-01-30 10:33:17 -05:00
Nick Mathewson
ead934e61e Remove prop271 "spec deviation" comments -- the spec has been updated
In some cases, replace those comments with better ones.
2017-01-30 10:30:09 -05:00
Nick Mathewson
4d83999213 Make "GETCONF SocksPort" work again
I broke "GETCONF *Port" in 20956, when I made SocksPort a
subordinate option of the virtual option SocksPortLines, so that I
could make SocksPort and __SocksPort provide qthe same
functionality.  The problem was that you can't pass a subordinate
option to GETCONF.

So, this patch fixes that by letting you fetch subordinate options.

It won't always be meaningful to consider these options
out-of-context, but that can be the controller-user's
responsibility to check.

Closes ticket 21300.
2017-01-30 10:09:47 -05:00
Nick Mathewson
558c04f5b1 Merge branch 'combined-fuzzing-v4' 2017-01-30 08:40:46 -05:00
Nick Mathewson
2202ad7ab0 Fix a pair of compilation errors. 2017-01-30 08:37:27 -05:00
Nick Mathewson
143235873b Memory leak on bogus ed key in microdesc 2017-01-30 08:37:26 -05:00
Nick Mathewson
a092bcdd4f Fix a memory leak found while fuzzing 2017-01-30 08:37:26 -05:00
Nick Mathewson
b1567cf500 Three more fuzzers: consensus, hsdesc, intro points 2017-01-30 08:37:24 -05:00
teor
584d723e04 Restrict fuzzing to the directory headers 2017-01-30 08:37:23 -05:00
Nick Mathewson
e2aeaeb76c Make a bunch of signature/digest-checking functions mockable 2017-01-30 08:37:22 -05:00
meejah
fc58c37e33 Ticket #21329: GETINFO onions/current returns empty list
If there are no ephemeral or detached onion services, then
"GETINFO onions/current" or "GETINFO onions/detached" should
return an empty list instead of an error
2017-01-28 13:59:29 -07:00
Daniel Kahn Gillmor
e1337b4252 client: set IPv6Traffic to on by default
See:
  https://trac.torproject.org/projects/tor/ticket/21269
  https://bugs.debian.org/851798

Closes #21269

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-27 09:12:32 -05:00
Nick Mathewson
795582169a Bulletproof conn_get_outbound_address() a little. 2017-01-27 08:12:14 -05:00
Nick Mathewson
782c52658c Remove an impossible comparison. 2017-01-27 08:08:08 -05:00
Nick Mathewson
81c78ec755 Outbindbindaddress variants for Exit and OR.
Allow separation of exit and relay traffic to different source IP
addresses (Ticket #17975). Written by Michael Sonntag.
2017-01-27 08:05:29 -05:00
Nick Mathewson
818b44cc7c Repair the (deprecated, ugly) DROPGUARDS controller function.
This actually is much easier to write now that guard_selection_t is
first-class.
2017-01-24 09:18:56 -05:00
Nick Mathewson
fae4d3d925 Merge remote-tracking branch 'asn/remove_legacy_guards' 2017-01-24 09:01:25 -05:00
George Kadianakis
b047d97b28 Remove some more remnants of legacy guard selection. 2017-01-24 13:35:57 +02:00
Nick Mathewson
d95d988946 Merge branch 'feature_20956_029' 2017-01-23 16:07:15 -05:00
Nick Mathewson
83307fc267 Add __SocksPort etc variants for non-persistent use
Implements feature 20956.
2017-01-23 16:06:51 -05:00
David Goulet
96c7ddbc7e circuit: Change close reasons from uint16_t to int
When marking for close a circuit, the reason value, a integer, was assigned to
a uint16_t converting any negative reasons (internal) to the wrong value. On
the HS side, this was causing the client to flag introduction points to be
unreachable as the internal reason was wrongfully converted to a positive
16bit value leading to flag 2 out of 3 intro points to be unreachable.

Fixes #20307 and partially fixes #21056

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-22 19:02:01 -05:00
Nick Mathewson
e52f49aa80 Merge remote-tracking branch 'public/ticket18319' 2017-01-21 14:44:00 -05:00
teor
d35ca518b4 Remove extra newline from proxy_prepare_for_restart definition 2017-01-19 08:12:26 -05:00
Nick Mathewson
85a17ee2e7 whitespace fixes 2017-01-18 17:14:42 -05:00
Nick Mathewson
88e4ffab9e Merge remote-tracking branch 'dgoulet/ticket20029_030_06-resquash' 2017-01-18 17:13:36 -05:00
George Kadianakis
d6c14915cd Improve a few comments.
- Also remove LCOV marks from blocks of code that can be reachable by tests
  if we mock relay_send_command_from_edge().

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:59:16 -05:00
David Goulet
50cfc98340 prop224: Add unit tests for INTRODUCE1 support
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:54 -05:00
David Goulet
5208085be1 hs: Rename rend_mid_introduce() with legacy semantic
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:34 -05:00
David Goulet
db77a38da2 hs: Remove useless code in rend_mid_introduce()
With the previous commit, we validate the circuit _before_ calling
rend_mid_introduce() which handles the INTRODUCE1 payload.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:34 -05:00
David Goulet
9d7505a62a prop224: Rename hs_intro_circuit_is_suitable()
Adds a better semantic and it also follows the same interface for the
INTRODUCE1 API which is circuit_is_suitable_for_introduce1().

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:34 -05:00
David Goulet
e1497744c8 prop224: Add INTRODUCE1 cell relay support
Closes #20029

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 16:58:33 -05:00
Nick Mathewson
d5d7c3e638 Remove argument from guards_choose_dirguard 2017-01-18 15:58:19 -05:00
Nick Mathewson
3efe8bb8ac Remove some now-spurious blocks and indentation. 2017-01-18 15:45:02 -05:00
Nick Mathewson
5b97d7e110 Remove PDS_FOR_GUARD 2017-01-18 15:42:28 -05:00
Nick Mathewson
6d03e36fd0 Remove GS_TYPE_LEGACY 2017-01-18 15:37:01 -05:00
Nick Mathewson
a31a5581ee Remove UseDeprecatedGuardAlgorithm. 2017-01-18 15:33:26 -05:00
Nick Mathewson
472b277207 Remove the (no longer compiled) code for legacy guard selection.
Part of 20830.
2017-01-18 15:27:10 -05:00
Nick Mathewson
e167a0e17d Merge remote-tracking branch 'dgoulet/bug21062_030_01' 2017-01-18 15:11:36 -05:00
Nick Mathewson
e0e729d4b5 put units in constant names for DIRCACHE_MEN_MEM* 2017-01-18 15:08:10 -05:00
Neel Chauhan
426ceb41ef Rename DIRCACHE_MIN_BANDWIDTH and DIRCACHE_MIN_MB_BANDWIDTH
Renamed to DIRCACHE_MIN_MEM and DIRCACHE_MIN_MB_MEM.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 13:15:54 -05:00
David Goulet
0069d14753 circuit: Make circuit_build_times_disabled take an or_options_t
That way, when we are parsing the options and LearnCircuitBuildTimeout is set
to 0, we don't assert trying to get the options list with get_options().

Fixes #21062

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-18 12:53:01 -05:00
Nick Mathewson
fa00f2dce5 Merge branch 'ahf_bugs_17847_2_squashed' 2017-01-18 11:04:58 -05:00
Alexander Færøy
46ef32ba22 Refactor duplicated extrainfo checks into a common macro.
This patch refactors duplicated code, to check if a given router
supports fetching the extra-info document, into a common macro called
SKIP_MISSING_TRUSTED_EXTRAINFO.
2017-01-18 11:04:49 -05:00
Alexander Færøy
0ff9ea2afd Generalize router_is_already_dir_fetching_{rs,ds}.
This patch generalizes the two functions
router_is_already_dir_fetching_rs and router_is_already_dir_fetching_ds
into a single function, router_is_already_dir_fetching_, by lifting the
passing of the IPv4 & IPv6 addresses and the directory port number to
the caller.
2017-01-18 11:04:49 -05:00
Nick Mathewson
b6dce6cfec Merge remote-tracking branch 'asn/bug21142' 2017-01-18 10:44:35 -05:00
Nick Mathewson
9469aaaa82 Handle __NonSavedOptions correctly inside LINELIST_V blocks. 2017-01-18 10:25:10 -05:00
Nick Mathewson
3dd738d5f9 Simplify the VPORT() macro in config.c
It's always called with the same arguments, and there wouldn't be
much point to calling it differently.
2017-01-18 10:07:55 -05:00
Nick Mathewson
69cb6f34cb Merge remote-tracking branch 'dgoulet/bug19953_030_01' 2017-01-18 09:10:46 -05:00
Nick Mathewson
4334a4b784 Merge remote-tracking branch 'dgoulet/bug21033_030_01' 2017-01-18 09:08:16 -05:00
Nick Mathewson
e69afb853d Merge branch 'bug19769_19025_029' 2017-01-18 09:02:48 -05:00
Philipp Winter
eae68fa2d2 Initialise DNS TTL for A and AAAA records.
So far, the TTLs for both A and AAAA records were not initialised,
resulting in exit relays sending back the value 60 to Tor clients.  This
also impacts exit relays' DNS cache -- the expiry time for all domains
is set to 60.

This fixes <https://bugs.torproject.org/19025>.
2017-01-18 08:57:09 -05:00
Nick Mathewson
609065f165 DefecTor countermeasure: change server- and client-side DNS TTL clipping
The server-side clipping now clamps to one of two values, both
for what to report, and how long to cache.

Additionally, we move some defines to dns.h, and give them better
names.
2017-01-18 08:55:57 -05:00
David Goulet
1636777dc8 hs: Allow from 0 to MAX introduction points
An operator couldn't set the number of introduction point below the default
value which is 3. With this commit, from 0 to the hardcoded maximum is now
allowed.

Closes #21033

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-17 14:58:50 -05:00
David Goulet
e16148a582 relay: Honor DataDirectoryGroupReadable at key init
Our config code is checking correctly at DataDirectoryGroupReadable but then
when we initialize the keys, we ignored that option ending up at setting back
the DataDirectory to 0700 instead of 0750. Patch by "redfish".

Fixes #19953

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-17 14:40:01 -05:00
Nick Mathewson
92c3926479 Fix a double-free in rend_config_services()
Found by coverity scan; CID 1398917
2017-01-17 11:35:26 -05:00
George Kadianakis
def7115fe4 prop271: Move new funcs to top, to avoid compiler warnings. 2017-01-17 14:35:38 +02:00
George Kadianakis
2938fd3b85 prop271: When we exhaust all guards, mark all of them for retry.
In the past, when we exhausted all guards in our sampled set, we just
waited there till we mark a guard for retry again (usually takes 10 mins
for a primary guard, 1 hour for a non-primary guard). This patch marks
all guards as maybe-reachable when we exhaust all guards (this can
happen when network is down for some time).
2017-01-17 14:35:38 +02:00
George Kadianakis
1bc440eda4 Correctly maintain circuits in circuits_pending_other_guards(). 2017-01-17 13:26:59 +02:00
Nick Mathewson
111c66b2f0 Merge remote-tracking branch 'public/ticket20921' 2017-01-16 12:59:39 -05:00
Neel Chauhan
9e5512b48d Disallow setting UseBridges to 1 and UseEntryGuards to 0 2017-01-14 14:55:23 -05:00
Nick Mathewson
fc2656004a Merge remote-tracking branch 'dgoulet/bug20307_030_01' 2017-01-13 16:56:56 -05:00
Nick Mathewson
94e8f60901 Merge branch 'ipv6-only-client_squashed' 2017-01-13 16:49:48 -05:00
teor
2debcc869f Remove redundant boolean expression from firewall_is_fascist_impl()
Let A = UseBridges
Let B = ClientUseIPv4

Then firewall_is_fascist_impl expands and simplifies to:
B || (!(A || ...) && A)
B || (!A && ... && A)
B || 0
B
2017-01-13 16:49:33 -05:00
teor
0417dae580 When IPv6 addresses have not been downloaded, use hard-coded address info
The microdesc consensus does not contain any IPv6 addresses.
When a client has a microdesc consensus but no microdescriptor, make it
use the hard-coded IPv6 address for the node (if available).

(Hard-coded addresses can come from authorities, fallback directories,
or configured bridges.)

If there is no hard-coded address, log a BUG message, and fail the
connection attempt. (All existing code checks for a hard-coded address
before choosing a node address.)

Fixes 20996, fix on b167e82 from 19608 in 0.2.8.5-alpha.
2017-01-13 16:49:33 -05:00
teor
5227ff4aad Remove redundant options checks for IPv6 preference conflicts
It is no longer possible for the IPv6 preference options to differ from the
IPv6 usage: preferring IPv6 implies possibly using IPv6.

Also remove the corresponding unit test warning message checks.
(But keep the unit tests themselves - they now run without warnings.)
2017-01-13 16:49:27 -05:00
Nick Mathewson
3e45b12f38 Merge remote-tracking branch 'dgoulet/bug21054_030_01' 2017-01-13 16:45:55 -05:00
Nick Mathewson
5762d6489d Merge branch 'bug21019_030_01_squashed' 2017-01-13 12:11:00 -05:00
David Goulet
fb8dad5ceb hs: Log if service can't connect to application
In order to help an HS operator knowing if the application configured behind
it is not working properly, add a log at warning level for the connection
refused or timeout case. This log will only be printed if a client connection
fails and is rate limited.

Closes #21019

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-13 12:10:53 -05:00
Nick Mathewson
7844c5ddd7 Have circuit_get_global_origin_circuit_list() return the right list. Bug 21118 2017-01-12 13:18:09 -05:00
Nick Mathewson
f1d622e2b2 repair whitespace. 2017-01-11 14:59:19 -05:00
Nick Mathewson
62c6d5fe16 Merge remote-tracking branch 'dgoulet/ticket19925_030_01' 2017-01-11 14:33:55 -05:00
Nick Mathewson
ac3b559e93 Merge branch 'bug20569_030_02_squashed' 2017-01-11 12:52:52 -05:00
David Goulet
870b5e2227 hs: Use AES-256 for v3 descriptor
That key size is taken from proposal 224 thus specified in the protocol.

Closes #20569

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-11 12:52:34 -05:00
Nick Mathewson
7892683e7e Merge remote-tracking branch 'asn/bug20852_v1' 2017-01-11 10:14:50 -05:00
Nick Mathewson
8f893fbca9 Merge remote-tracking branch 'public/bug20974' 2017-01-11 09:51:58 -05:00
Nick Mathewson
2db858ef61 Merge remote-tracking branch 'jryans/dependant-corrected' 2017-01-11 09:28:54 -05:00
Nick Mathewson
b9054c6ee4 Merge branch 'bug20987_squashed' 2017-01-11 09:21:09 -05:00
Nick Mathewson
3a3e88dbd4 Fix memory leak when failing to configure hidden services.
In 8a0ea3ee43 we added a
temp_service_list local variable to rend_config_services, but we
didn't add a corresponding "free" for it to all of the exit paths.

Fixes bug 20987; bugfix on 0.3.0.1-alpha.
2017-01-11 09:20:23 -05:00
Nick Mathewson
730cc16b72 Merge remote-tracking branch 'teor/bug21123' 2017-01-11 09:15:04 -05:00
David Goulet
8a33abcd65 control: Add GETINFO command for the shared random values
Add the "sr/current" and "sr/previous" keys for the GETINFO command in order
to get through the control port the shared random values from the consensus.

Closes #19925

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-09 11:33:05 -05:00
George Kadianakis
e1d7661412 Max HS descriptor size is now 50kb and also consensus param. 2017-01-09 15:02:56 +02:00
Chelsea H. Komlo
655ffeadd5 comment fixups 2017-01-08 13:14:56 -05:00
teor
518ef61975
Clarify the message logged when a remote relay is unexpectedly missing a port
(Users were confusing this with a local port.)

Fixes bug 20711; bugfix on 0.2.8.2-alpha.
2017-01-03 16:56:32 +11:00
teor
18f47bbb73
Allow relays to use directory mirrors without a DirPort
These relays need to be contacted over their ORPorts using a begindir
connection, and relays try not to use begindir connections.

Fixes bug 20711; bugfix on 0.2.8.2-alpha.
2017-01-03 16:52:56 +11:00
teor
c83463ef74
Remove a rendundant check for PidFile changes at runtime
This check is already performed regardless of whether the sandbox is active.

Fixes bug 21123; bugfix on commit 2ae47d3 in 0.2.5.4-alpha.
2017-01-03 15:03:34 +11:00
Nick Mathewson
ef0559c3e3 Extract global_origin_circuit_list manipulation code into new fns.
Closes ticket 20921.
2017-01-02 13:12:06 -05:00
Nick Mathewson
97ed2ce085 Unindent long-misindented blocks.
We switched these to be "if (1) " a while back, so we could keep
the indentation and avoid merge conflicts.  But it's nice to clean
up from time to time.
2017-01-02 12:16:57 -05:00
Nick Mathewson
26651d7fdb Fix some dubious indentation 2017-01-02 12:13:11 -05:00
Nick Mathewson
b317813485 Make GETINFO entry-guards work again with prop271
This is not a great solution, but it's as close to
backward-compatible as possible.  A better GETINFO API should expose
more information.
2017-01-02 10:10:03 -05:00
Nick Mathewson
9d37449fb0 Move entry-guard-is-up notification later into dirguard path.
Previously we were marking directory guards up in
..._process_inbuf(), but that's wrong: we call that function on
close as well as on success.  Instead, we're marking the dirguard up
only after we parse the HTTP headers. Closes 20974.
2017-01-02 09:56:06 -05:00
J. Ryan Stinnett
58172be657 Use the correct spelling for "Dependent" in the control protocol.
Fixes #18146.
2016-12-29 22:32:42 -06:00
Nick Mathewson
0a0e513d42 Merge remote-tracking branch 'dgoulet/bug20991_030_01' 2016-12-23 10:56:36 -05:00
Nick Mathewson
40ce7a83c4 whitespace fix 2016-12-23 10:46:14 -05:00
Nick Mathewson
0087fe36c1 Merge remote-tracking branch 'dgoulet/bug20572_030_01' 2016-12-23 10:03:35 -05:00
Nick Mathewson
9fb2bf2f3f Merge remote-tracking branch 'dgoulet/bug19899_030_01' 2016-12-23 08:28:05 -05:00
George Kadianakis
7456677a50 Make outter (plaintext) layer of HS desc conform to prop224.
This basically means changing the 'encrypted' field to 'superencrypted'.
2016-12-23 15:07:21 +02:00
David Goulet
955d4b7abd circuit: Change close reasons from uint16_t to int
When marking for close a circuit, the reason value, a integer, was assigned to
a uint16_t converting any negative reasons (internal) to the wrong value. On
the HS side, this was causing the client to flag introduction points to be
unreachable as the internal reason was wrongfully converted to a positive
16bit value leading to flag 2 out of 3 intro points to be unreachable.

Fixes #20307 and partially fixes #21056

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-22 12:37:42 -05:00
David Goulet
2d1fa58fb4 test: Add unit test for prune_services_on_reload()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-21 15:00:19 -05:00
David Goulet
36b5ca2c8b hs: Move and improve the service pruning code
First, this commit moves the code used to prune the service list when
reloading Tor (HUP signal for instance) to a function from
rend_config_services().

Second, fix bug #21054, improve the code by using the newly added
circuit_get_next_service_intro_circ() function instead of poking at the global
list directly and add _many_ more comments.

Fixes #21054.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-21 15:00:19 -05:00
David Goulet
8a05e1a5d2 circuit: Add a function to get the next service intro circuit
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-21 15:00:19 -05:00
Nick Mathewson
2673b4b7a8 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-12-20 18:23:19 -05:00
Nick Mathewson
b6227edae1 Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.

It also closes TROVE-2016-10-001 (aka bug 20384).
2016-12-20 18:22:53 -05:00
Nick Mathewson
39ef343523 Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.
2016-12-20 18:20:01 -05:00
Nick Mathewson
8f857c23b7 Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.
2016-12-20 18:18:53 -05:00
Nick Mathewson
a9c8a5ff18 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-12-20 18:14:21 -05:00
Nick Mathewson
b18bde23cf Merge branch 'maint-0.2.5' into maint-0.2.6 2016-12-20 18:11:25 -05:00
Nick Mathewson
db58d4d16f Merge branch 'maint-0.2.4' into maint-0.2.5 2016-12-20 18:11:08 -05:00
teor
fca91a7793 for fuzzing: Add a function to make a buf with given contents
(Teor wrote the code, nick extracted it into a smaller patch.)
2016-12-19 15:02:08 -05:00
teor
02068c6391 For fuzzing: Expose directory_handle_command.
(Nick extracted this patch from a larger patch by Teor.)
2016-12-19 15:02:08 -05:00
Nick Mathewson
c468df3961 Don't warn about absent guard state when none expected.
Self-testing circuits don't use guards, and nobody uses guards when
UseEntryGuards is disabled.

Fixes bug 21007; bug not in any released Tor.
2016-12-19 12:24:30 -05:00
Nick Mathewson
f9f1e3c94b Merge branch 'maint-0.2.9' 2016-12-19 08:03:17 -05:00
Nick Mathewson
de65647461 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-19 07:58:43 -05:00
Nick Mathewson
c11de4c45f Merge branch 'bug21018_024' into maint-0.2.8 2016-12-19 07:58:21 -05:00
Nick Mathewson
2dc5226644 Merge branch 'maint-0.2.9' 2016-12-19 07:31:19 -05:00
Nick Mathewson
169a93fff2 Merge branch 'maint-0.2.8' into maint-0.2.9 2016-12-19 07:30:42 -05:00
teor
4181e812c7
Update the fallback directory mirror list in December 2016
Replace the 81 remaining fallbacks of the 100 originally introduced
in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks
(123 new, 54 existing, 27 removed) generated in December 2016.

Resolves ticket 20170.
2016-12-19 15:44:20 +11:00
Nick Mathewson
0fb3058ece Make log message warn about detected attempts to exploit 21018. 2016-12-18 20:17:28 -05:00
Nick Mathewson
d978216dea Fix parsing bug with unecognized token at EOS
In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.

This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.

Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254
2016-12-18 20:17:24 -05:00
Nick Mathewson
ae89d9745d Revert ticket 20982 changes.
They broke stem, and breaking application compatibility is usually a
bad idea.

This reverts commit 6e10130e18,
commit 78a13df158, and
commit 62f52a888a.

We might re-apply this later, if all the downstream tools can handle
it, and it turns out to be useful for some reason.
2016-12-18 10:04:36 -05:00
Roger Dingledine
51ee549a90 fix typos and trivial syntax problems 2016-12-18 04:06:02 -05:00
Nick Mathewson
762b799545 Rename 'remove' -> 'rmv' to avoid shadowing a libc global 2016-12-16 14:04:57 -05:00
J. Ryan Stinnett
19cf074f4d hs: Remove private keys from hs_desc_plaintext_data_t.
Since both the client and service will use that data structure to store the
descriptor decoded data, only the public keys are common to both.

Fixes #20572.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:48:33 -05:00
David Goulet
e76b072def test: fix the generate ESTABLISH_INTRO v3 cell
The "sig_len" fields was moved below the "end_sig_fields" in the trunnel
specification so when signing the cell content, the function generating such a
cell needed to be adjust.

Closes #20991

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:21:07 -05:00
David Goulet
db0e926849 hs: Remove a useless cast in verify_establish_intro_cell()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:21:07 -05:00
David Goulet
b0ccb6bfa5 hs: Add an extra safety check on ESTABLISH_INTRO sig len
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16 12:21:07 -05:00
Nick Mathewson
23c09b6bc2 Resolve a division-by-zero complaint from coverity. CID 1397272 2016-12-16 12:21:02 -05:00
Nick Mathewson
c52c47ae6f Disable the legacy guard algorithm. Code isn't removed yet.
(Keeping the code around in case I broke Tor in some unexpected
way.)
2016-12-16 11:42:34 -05:00
Nick Mathewson
990a863d7c Merge branch 'ticket20831_v2' 2016-12-16 11:40:19 -05:00
Nick Mathewson
506bd6d47c Make NumDirectoryGuards work with the new guard algorithm.
Now that we support NumEntryGuards, NumDirectoryGuards is pretty
easy to put back in.
2016-12-16 11:34:31 -05:00
Nick Mathewson
d9200d853d Make NumEntryGuards work as expected again.
Further, add a "guard-n-primary-guards-to-use" parameter, defaulting
to 1, for NumEntryGuards to override.
2016-12-16 11:34:31 -05:00
Nick Mathewson
deb8bcadce 271: Algorithm tweak to allow multiple entry guards.
Previously, we had NumEntryGuards kind of hardwired to 1.  Now we
have the code (but not the configuarability) to choose randomly from
among the first N primary guards that would work, where N defaults
to 1.

Part of 20831 support for making NumEntryGuards work again.
2016-12-16 11:34:31 -05:00
Nick Mathewson
385602e982 Respect GuardLifetime in prop271 code.
It overrides both the GUARD_LIFETIME and the
GUARD_CONFIRMED_MIN_LIFETIME options.
2016-12-16 11:34:31 -05:00
Nick Mathewson
3902a18a69 Remove UseDirectoryGuards
It is obsoleted in an always-on direction by prop271.
2016-12-16 11:32:51 -05:00
Nick Mathewson
988b0afbd6 Merge branch 'ticket20826_v2' 2016-12-16 11:29:02 -05:00
Nick Mathewson
e044b4f8ce Support restrictive ENTRYNODES configurations correctly.
Since we already had a separate function for getting the universe of
possible guards, all we had to do was tweak it to handle very the
GS_TYPE_RESTRICTED case.
2016-12-16 11:28:27 -05:00
Nick Mathewson
4ec9751c14 guard->nickname is never NULL. 2016-12-16 11:25:59 -05:00
Nick Mathewson
2cee38f76a Merge branch 'prop271_030_v1_squashed' 2016-12-16 11:20:59 -05:00
Nick Mathewson
20292ec497 Per suggestion, increase the retry frequency for primary guards. 2016-12-16 11:06:22 -05:00
Nick Mathewson
fc7751a989 Rewrite state transition logic in entry_guards_note_success()
asn found while testing that this function can be reached with
GUARD_STATE_COMPLETE circuits; I believe this happens when
cannibalization occurs.

The added complexity of handling one more state made it reasonable
to turn the main logic here into a switch statement.
2016-12-16 11:06:22 -05:00
Nick Mathewson
2e2f3a4d99 Add a separate, non-fractional, limit to the sampled guard set size.
Letting the maximum sample size grow proportionally to the number of
guards defeats its purpose to a certain extent.  Noted by asn during
code review.

Fixes bug 20920; bug not in any released (or merged) version of Tor.
2016-12-16 11:06:22 -05:00
Nick Mathewson
e50d85b90c Clean check for live consensus when updating the guard sample.
The valid_until check was redundant.
2016-12-16 11:06:22 -05:00
Nick Mathewson
b7088e5b5a Move a TODO comment into doxygen comments. 2016-12-16 11:06:22 -05:00
George Kadianakis
50783d0123 Easy code fixes.
- Correctly maintain the previous guard selection in choose_guard_selection().
- Print bridge identifier instead of nothing in entry_guard_describe()._
2016-12-16 11:06:22 -05:00
George Kadianakis
7ab2678074 Trivial documentation improvements. 2016-12-16 11:06:22 -05:00
Nick Mathewson
6867950432 Wrap all of the legacy guard code, and its users, in #ifdefs
This will make it easier to see what we remove down the line.
2016-12-16 11:06:22 -05:00
Nick Mathewson
2b4bfe62ee Fix a signed/unsigned warning on 32-bit 2016-12-16 11:06:21 -05:00
Nick Mathewson
52e196bab5 Don't make $hexid nicknames persistent.
(That's asking for trouble, and also totally completely redundant.)
2016-12-16 11:06:21 -05:00
Nick Mathewson
79d3e94f8b prop271: Tests for the highlevel or_state_t encode/decode functions 2016-12-16 11:06:20 -05:00
Nick Mathewson
217590ad05 Extract guard_selection_infer_type into its own function. 2016-12-16 11:06:20 -05:00
Nick Mathewson
2c8c58ab2f Another tweak for guard restrictions: don't let complete circs block
If a complete circuit C2 doesn't obey the restrictions of C1, then
C2 cannot block C1.

The patch here is a little big-ish, since we can no longer look
through all the complete circuits and all the waiting circuits on a
single pass: we have to find the best waiting circuit first.
2016-12-16 11:06:20 -05:00
Nick Mathewson
87f9b42179 Implement support for per-circuit guard restrictions.
This is an important thing I hadn't considered when writing prop271:
sometimes you have to restrict what guard you use for a particular
circuit.  Most frequently, that would be because you plan to use a
certain node as your exit, and so you can't choose that for your
guard.

This change means that the upgrade-waiting-circuits algorithm needs
a slight tweak too: circuit A cannot block circuit B from upgrading
if circuit B needs to follow a restriction that circuit A does not
follow.
2016-12-16 11:06:20 -05:00
Nick Mathewson
17c3faa2e3 guards_choose_dirguard(): replace one XXXX with another.
I had been asking myself, "hey, doesn't the new code need to look at
this "info" parameter? The old code did!"  But it turns out that the
old code hasn't, since 05f7336624.

So instead of "support this!" the comment now says "we can remove
this!"
2016-12-16 11:06:20 -05:00
Nick Mathewson
9d065ecc3d Fix a magic number in get_max_sample_size 2016-12-16 11:06:20 -05:00
Nick Mathewson
1e9cd5d2bb Note a couple of XXX-prop271s as spec deviations. 2016-12-16 11:06:19 -05:00
Nick Mathewson
f4e64c04f4 Remove some resolved "XXXX prop271" comments. 2016-12-16 11:06:19 -05:00
Nick Mathewson
80fa404625 Fix for small test networks: don't refuse to have any sampled guards.
Don't restrict the sample size if the network size is less than 20
guards.  Maybe we'll think of a better rule later on?
2016-12-16 11:06:19 -05:00
Nick Mathewson
eac8b3f758 Remove a few unused arguments. 2016-12-16 11:06:19 -05:00
Nick Mathewson
84bfa895d7 Change return value of entry_guard_succeeded to an enum.
George pointed out that (-1,0,1) for (never usable, maybe usable
later, usable right now) was a pretty rotten convention that made
the code harder to read.
2016-12-16 11:06:19 -05:00
Nick Mathewson
46619ec914 Note some large functions that could be split.
George Kadianakis pointed these out.
2016-12-16 11:06:19 -05:00
Nick Mathewson
3bcbbea350 More progress on bridge implementation with prop271 guards
Here we handle most (all?) of the remaining tasks, and fix some
bugs, in the prop271 bridge implementation.

  * We record bridge identities as we learn them.
  * We only call deprecated functions from bridges.c when the
    deprecated guard algorithm is in use.
  * We update any_bridge_descriptors_known() and
    num_bridges_usable() to work correctly with the new backend
    code. (Previously, they called into the guard selection logic.
  * We update bridge directory fetches to work with the new
    guard code.
  * We remove some erroneous assertions where we assumed that we'd
    never load a guard that wasn't for the current selection.

Also, we fix a couple of typos.
2016-12-16 11:06:18 -05:00
Nick Mathewson
82fa71610d Implement bridge backends for sampling, filtering guards.
Still missing is functionality for picking bridges when we don't
know a descriptor for them yet, and functionality for learning a
bridge ID.

Everything else remains (basically) the same. Neat!
2016-12-16 11:06:18 -05:00
Nick Mathewson
53f248f6c9 Add some needed accessors/inspectors for bridge/guard convergence 2016-12-16 11:06:18 -05:00
Nick Mathewson
1d52ac4d3f Lay down some infrastructure for bridges in the New Guard Order.
This includes:
  * making bridge_info_t exposed but opaque
  * allowing guards where we don't know an identity
  * making it possible to learn the identity of a guard
  * creating a guard that lacks a node_t
  * remembering a guard's address and port.
  * Looking up a guard by address and port.
  * Only enforcing the rule that we need a live consensus to update
    the "listed" status for guards when we are not using bridges.
2016-12-16 11:06:18 -05:00
Nick Mathewson
89f5f149df Remove guard_selection argument from status-reporting functions
This prevents us from mixing up multiple guard_selections
2016-12-16 11:06:18 -05:00
Nick Mathewson
6dcbc24a4e Add a backpointer from entry_guard_t to guard_selection_t
This is safe, because no entry_guard_t ever outlives its
guard_selection_t.

I want this because now that multiple guard selections can be active
during one tor session, we should make sure that any information we
register about guards is with respect to the selection that they came
from.
2016-12-16 11:06:18 -05:00
Nick Mathewson
404e9e5611 Have multiple guard contexts we can switch between.
Currently, this code doesn't actually have the contexts behave
differently, (except for the legacy context), but it does switch
back and forth between them nicely.
2016-12-16 11:06:18 -05:00
Nick Mathewson
c6d218c44b Unit tests for entry_guard_{pick_for_circuit,succeeded,failed} 2016-12-16 11:06:17 -05:00
Nick Mathewson
9493711077 Mark confirmed guards primary as appropriate.
If a guard becomes primary as a result of confirming it, consider
the circuit through that guard as a primary circuit.

Also, note open questions on behavior when confirming nonprimary guards
2016-12-16 11:06:17 -05:00
Nick Mathewson
d2af9826fd Turn #defines for prop271 into networkstatus params
Some of these will get torrc options to override them too; this
is just the mechanical conversion.

Also, add documentation for a couple of undocumented (but now used)
parameters.
2016-12-16 11:06:17 -05:00
Nick Mathewson
039bd01767 Add a wrapper for a common networkstatus param pattern
We frequently want to check a networkstatus parameter only when it
isn't overridden from the torrc file.
2016-12-16 11:06:16 -05:00
Nick Mathewson
2ea5aa7182 Expire circuits that have been WAITING_FOR_BETTER_GUARD too long
(This is required by 3.9 in prop271, but is better done as a
separate function IMO)
2016-12-16 11:06:16 -05:00
Nick Mathewson
e56bc1e5de Move the 'dirty' flag for the guards to a global again
It makes more sense to have a single dirty flag, since we always
regenerate the whole state file when we save it.
2016-12-16 11:06:16 -05:00
Nick Mathewson
bce0f79252 Mark some more BUG lines as unreachable. 2016-12-16 11:06:16 -05:00
Nick Mathewson
a7bc73935b Test get_guard_selection_by_name 2016-12-16 11:06:15 -05:00
Nick Mathewson
526b0e2ce2 Avoid division-by-zero in pathbias_check_*_success_count 2016-12-16 11:06:15 -05:00
Nick Mathewson
ac67819396 Make sure primary-guards are up-to-date when we inspect them.
(Plus some magic to prevent and detect recursive invocation of
entry_guards_update_primary(), since that can cause some pretty
tricky misbehavior.)
2016-12-16 11:06:15 -05:00
Nick Mathewson
f71be74340 When freeing a guard state, cancel it if its state is unknown
We don't want a guard to stay "pending" forever if the
circuit_guard_state_t for it is freed before it succeeds or fails.
2016-12-16 11:06:15 -05:00
Nick Mathewson
897626953b Rebuild the guard lists as appropriate on torrc change.
(Also, prepare to tie guard changes into the mark-all-old-circuits
logic.)
2016-12-16 11:06:15 -05:00
cypherpunks
62f52a888a Remove the version prefix from version numbers 2016-12-16 10:41:36 -05:00
cypherpunks
78a13df158 Remove the trailing dot from version numbers 2016-12-16 10:41:36 -05:00
teor
2e2d22d29a
Make fascist_firewall_use_ipv6() check ORPort & DirPort IP preferences
This makes clients try harder to find an IPv6 address when searching for
a directory server.

Required for #19608.
2016-12-16 22:30:55 +11:00
David Goulet
cacfd82c8d cell: Add a control cell ID for semantic
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-15 11:44:02 -05:00
Nick Mathewson
4098bfa260 Fix double-typedef of or_circuit_t. 2016-12-14 16:46:54 -05:00
Nick Mathewson
a8ac2a62cb Fix a few clang warnings. 2016-12-14 16:01:27 -05:00
Nick Mathewson
81360c4a5f whitespace fixes 2016-12-14 15:41:08 -05:00
Nick Mathewson
a675ef8eea Fix a "make check" regression in --list-fingerprint. 2016-12-14 15:39:31 -05:00
Nick Mathewson
c838d34921 Merge branch 'dgoulet_ticket19043_030_03_squashed' 2016-12-14 15:28:28 -05:00
David Goulet
a4eb17ed89 prop224: Use LOG_PROTOCOL_WARN instead of log_warn(LD_PROTOCOL, ...) in hs_intropoint.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-14 15:19:10 -05:00
David Goulet
118691cd47 crypto: Change crypto_mac_sha3_256 to use the key length in the construction
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-14 15:18:40 -05:00
George Kadianakis
12dfe56b1c prop224: Use new HS functions in old HS code.
This is needed to make old code unittestable.
2016-12-14 15:18:40 -05:00
George Kadianakis
d7be1fd519 prop224: Introduce the new introduction point code.
(pun not intended)

Now our code supports both legacy and prop224 ESTABLISH_INTRO cells :)

hs_intro_received_establish_intro() is the new entry point.
2016-12-14 15:18:36 -05:00
George Kadianakis
c4c90d56b5 prop224: Add code that generates ESTABLISH_INTRO cells.
Currently unused. It will only be used for creating ESTABLISH_INTRO
cells in unittests :)
2016-12-14 15:17:58 -05:00
George Kadianakis
9192e5928c prop224 prepwork: Use of HS circuitmap in existing HS code.
The new HS circuitmap API replaces old public functions as follows:
   circuit_clear_rend_token -> hs_circuitmap_remove_circuit
   circuit_get_rendezvous -> hs_circuitmap_get_rend_circ
   circuit_get_intro_point -> hs_circuitmap_get_intro_circ_v2
   circuit_set_rendezvous_cookie -> hs_circuitmap_register_rend_circ
   circuit_set_intro_point_digest -> hs_circuitmap_register_intro_circ_v2

This commit also removes the old rendinfo code that is now unused.
It also fixes the broken rendinfo unittests.
2016-12-14 15:17:58 -05:00
George Kadianakis
2b9abbef2e prop224 prepwork: Introduce HS circuitmap subsystem.
The HS circuitmap is a hash table that maps introduction and rendezvous
tokens to specific circuits such that given a token it's easy to find
the corresponding circuit. It supports rend circuits and v2/v3 intro
circuits.

It will be used by the prop224 ESTABLISH_INTRO code to register and
lookup v3 introduction circuits.

The next commit after this removes the old code and fixes the unittests.
Please consult both commits while reviewing functionality differences
between the old and new code. Let me know if you want this rebased
differently :)

WRT architectural differences, this commit removes the rendinfo pointer
from or_circuit_t. It then adds an hs_token_t pointer and a hashtable
node for the HS circuitmap. IIUC, this adds another pointer to the
weight of or_circuit_t. Let me know if you don't like this, or if you
have suggestions on improving it.
2016-12-14 15:17:58 -05:00
George Kadianakis
e17cc3f0a6 prop224 prepwork: Finish decoupling old ESTABLISH_INTRO creation logic. 2016-12-14 15:17:57 -05:00
George Kadianakis
b5b34e62f7 prpo224 prepwork: Decouple legacy ESTABLISH_INTRO creation logic.
This commit only moves code.
2016-12-14 15:17:57 -05:00
Nick Mathewson
963e70673a Merge remote-tracking branch 'teor/fix-frac-paths-comment' 2016-12-13 20:30:51 -05:00
teor
e2537a5982
Clarify a comment in compute_frac_paths_available 2016-12-14 10:25:01 +11:00
Nick Mathewson
55d02c004c Remove AuthDirMaxServersPerAuthAddr
Back when Roger had do do most of our testing on the moria host, we
needed a higher limit for the number of relays running on a single
IP address when that limit was shared with an authority. Nowadays,
the idea is pretty obsolete.

Also remove the router_addr_is_trusted_dir() function, which served
no other purpose.

Closes ticket 20960.
2016-12-13 13:09:27 -05:00
Nick Mathewson
56b11905e5 Remove a little dead code from routerparse.c
In c35fad2bde, merged in
0.2.4.7-alpha, we removed the code to parse v1 directory
objects. When we did so, we removed everything that could set the
CST_CHECK_AUTHORITY flag for check_signature_token().

So in this code, we remove the flag itself, the code to handle the
flag, and a function that only existed to handle the flag.
2016-12-13 09:36:59 -05:00
Nick Mathewson
0dd48bfe5a Change the default of AuthDirPinKeys to 1.
Closes ticket 18319.
2016-12-13 08:54:38 -05:00
Nick Mathewson
1bd562f1c4 Merge branch 'people-to-node-type' 2016-12-12 09:50:31 -05:00
J. Ryan Stinnett
d5df9fa235 Replace "people" with the appropriate network component in comments
Fixes #18145.
2016-12-12 09:50:21 -05:00
Nick Mathewson
1ad96ed9cd Merge remote-tracking branch 'rubiate/ticket20511' 2016-12-12 09:20:56 -05:00
Nick Mathewson
a40d212383 Downgrade a harmless bug warning to info.
Makes 19926 less annoying in 0.2.9.  In 0.3.0, we should actually
fix this.
2016-12-09 08:43:09 -05:00
Nick Mathewson
a3b8286b0e Merge branch 'maint-0.2.9' 2016-12-09 08:30:55 -05:00
David Goulet
9bb3bcbc41 router: Fix memory leak in signed_descriptor_move()
The signed_descriptor_move() was not releasing memory inside the destination
object before overwriting it with the source object. This commit adds a reset
function that free that memory inside a signed descriptor object and zero it.

Closes #20715.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-09 08:30:46 -05:00
Nick Mathewson
e1f00c5f86 whitespace cleanups 2016-12-08 16:53:29 -05:00
Nick Mathewson
e93234af70 Merge branch 'feature15056_v1_squashed' 2016-12-08 16:49:24 -05:00
Nick Mathewson
236e8b605e Adding some assertions to onion.c 2016-12-08 16:48:01 -05:00
Nick Mathewson
d0b76f5099 Fix comment on connection_or_client_learned_peer_id(). 2016-12-08 16:48:01 -05:00
Nick Mathewson
5eef00eb04 Tiny cleanup of chan handling when setting connection ID digests 2016-12-08 16:48:01 -05:00
Nick Mathewson
9bf9e34a01 Use connection_or_clear_identity in connection_or_clear_identity_map. 2016-12-08 16:48:01 -05:00
Nick Mathewson
937aef48ee Add an ed25519_copy; use it in a couple of places dgoulet suggested. 2016-12-08 16:48:01 -05:00
Nick Mathewson
cd741cc595 Canonicity update for ed25519.
If a node can prove its Ed25519 identity, don't consider connections
to it canonical unless they match both identities.

Includes link handshake changes needed to avoid crashing with bug
warnings, since the tests now reach more parts of the code.

Closes ticket 20355
2016-12-08 16:48:00 -05:00
Nick Mathewson
424ae9e18b helper to test a node for matching an ed25519 ID. 2016-12-08 16:48:00 -05:00
Nick Mathewson
3b1e04fe45 Teach channel_rsa_id_group_set_badness_() about Ed25519
(Only run the connection_or_group_set_badness_() function on groups
of channels that have the same RSA and Ed25519 identities.)

There's a possible opportunity here where we might want to set a
channel to "bad" if it has no ed25519 identity and some other
channel has some.  Also there's an opportunity to add a warning if
we ever have an Ed mismatch on open connections with the same RSA
ID.
2016-12-08 16:48:00 -05:00
Nick Mathewson
5ada249579 Enforce directionality in connection_or_set_identity_digest().
This function has never gotten testing for the case where an
identity had been set, and then got set to something else.  Rather
than make it handle those cases, we forbid them.
2016-12-08 16:47:59 -05:00
Nick Mathewson
68acf8f12e Tell channel_set_identity_digest() that ed keys can be NULL 2016-12-08 16:47:59 -05:00
Nick Mathewson
e0ab293837 Add a few more debug/info-level logs for ed25519 link handshake stuff 2016-12-08 16:47:59 -05:00
Nick Mathewson
3d7e485402 Add an option to disable dirauth ed25519 link key checks.
If there is some horrible bug in our ed25519 link authentication
code that causes us to label every single ed25519-having node as
non-running, we'll be glad we had this.  Otherwise we can remove it
later.
2016-12-08 16:47:59 -05:00
Nick Mathewson
7daf152172 Enforce Ed25519 identities (client-side)
This patch makes two absolutely critical changes:
  - If an ed25519 identity is not as expected when creating a channel,
    we call that channel unsuccessful and close it.
  - When a client creating a channel or an extend cell for a circuit, we
    only include the ed25519 identity if we believe that the node on
    the other side supports ed25519 link authentication (from
    #15055).  Otherwise we will insist on nodes without the right
    link protocol authenticating themselves.
  - When deciding to extend to another relay, we only upgrade the
    extend to extend by ed25519 ID when we know the ed25519 ID _and_
    we know that the other side can authenticate.

This patch also tells directory servers, when probing nodes, to
try to check their ed25519 identities too (if they can authenticate
by ed25519 identity).

Also, handle the case where we connect by RSA Id, and learn the
ED25519 ID for the node in doing so.
2016-12-08 16:47:58 -05:00
Nick Mathewson
ae6b73e847 Dirauth: Don't treat a router as reachable if the Ed25519 key didn't match 2016-12-08 16:47:58 -05:00
Nick Mathewson
88252b2d76 Comment-only: note some places where we want to propagate Ed25519 info
This is not for 15056, since it's about UI, and not about circuit
extension.
2016-12-08 16:47:58 -05:00
Nick Mathewson
9e840e6c7d Add ExtendByEd25519ID consensus parameter/torrc option
I need to be able to turn on Ed25519 support in client generation
of  extend cells so I can test it, but leave it off-by-default until
enough clients support it for us to turn it on for a bunch at once.

This is part of #15056 / prop#220.
2016-12-08 16:47:58 -05:00
Nick Mathewson
6788418f28 Propagate Ed25519 identities downwards into more functions.
Actually set ed25519 identities on channels when we set a channel's
identity.
2016-12-08 16:47:58 -05:00
Nick Mathewson
af3af49408 Add a function to check whether a given ed id key is ours 2016-12-08 16:47:58 -05:00
Nick Mathewson
c837786868 Teach circuit_extend() more about Ed25519 identities.
- forbid extending to the previous hop by Ed25519 ID.
- If we know the Ed25519 ID for the next hop and the client doesn't,
  insist on the one from the consensus.
2016-12-08 16:47:57 -05:00
Nick Mathewson
6aa239df36 Rename connection_or_remove_from_identity_map 2016-12-08 16:47:57 -05:00
Nick Mathewson
cdce221e68 Remove orconn_identity_map.
It is no longer needed; look up channels by identity instead.
2016-12-08 16:47:57 -05:00
Nick Mathewson
a20c8a81d7 Migrate main data loop for set_bad_connections to use channel structures
This was the last user of our or_connections-by-ID map.  It also had
a tendency to be O(N) in cases that only had to be O(1).
2016-12-08 16:47:57 -05:00
Nick Mathewson
bfff729728 Add a bunch of work-in-progress comments for 15056 planning 2016-12-08 16:47:57 -05:00
Nick Mathewson
ef5158b2d2 When attempting to find a channel by ID, consider Ed ID.
Right now, there's only a mechanism to look for a channel where the
RSA ID matches *and* the ED ID matches. We can add a separate map
later if we want.
2016-12-08 16:47:56 -05:00
Nick Mathewson
b658893590 Merge branch 'bug19960_2' 2016-12-07 15:23:14 -05:00
Nick Mathewson
53d4e89626 Netbsd doesn't have ipfw, only the regular pf transport stuff.
Attempted fix for 19960.

Also, fixes a typo.
2016-12-07 15:22:44 -05:00
Nick Mathewson
2499ea359a Merge branch 'maint-0.2.9' 2016-12-07 11:14:56 -05:00
Nick Mathewson
0815f96416 Fix a BUG() warning from next_random_exponential_delay().
Fixes 20875; this code is as suggested by teor on the ticket.  Thanks!
2016-12-07 11:13:11 -05:00
Nick Mathewson
41adfd6fa3 Fix a couple more crypto_digest() calls to be explicit < 0 2016-12-05 10:31:31 -05:00
Nick Mathewson
f92630941a Merge remote-tracking branch 'chelseakomlo/20717_hashing_api_bug' 2016-12-05 10:27:16 -05:00
Nick Mathewson
5923418eff Merge remote-tracking branch 'jryans/service_is_ephemeral' 2016-12-05 08:57:00 -05:00
Nick Mathewson
f96f4c0e42 Merge remote-tracking branch 'chelseakomlo/circuituse' 2016-12-05 08:25:22 -05:00
Nick Mathewson
0ded72322c Merge branch 'maint-0.2.9' 2016-12-05 08:21:46 -05:00
J. Ryan Stinnett
cf2f36b8b4 Test for .git as readable instead of a dir to support worktrees
Fixes #20492.
2016-12-05 08:21:17 -05:00
J. Ryan Stinnett
63d3ba96f9 Use rend_service_is_ephemeral for all service checks in rendservice.c
Fixes #20853.
2016-12-04 14:35:09 -06:00
teor
8a0ea3ee43
Use a temporary service list when validating and adding hidden services
This resolves two issues:
* the checks in rend_add_services were only being performed when adding
  the service, and not when the service was validated,
  (this meant that duplicate checks were not being performed, and some SETCONF
  commands appeared to succeed when they actually failed), and
* if one service failed while services were being added, then the service
  list would be left in an inconsistent state (tor dies when this happens,
  but the code is cleaner now).

Fixes #20860.
2016-12-03 09:10:46 +11:00
teor
93c62f5ac1
Add a missing rend_service_free in rend_service_add 2016-12-03 08:24:47 +11:00
teor
0446188674
Clarify the function documentation for rend_get_service_list_mutable
Comment-only change
2016-12-03 08:23:01 +11:00
Nick Mathewson
ca4a0ae0b1 Merge branch 'maint-0.2.9' 2016-12-02 12:10:39 -05:00
David Goulet
907cd8a0cf protover: Fix old tor hardcoded version check
When computing old Tor protocol line version in protover, we were looking at
0.2.7.5 twice instead of the specific case for 0.2.9.1-alpha.

Fixes #20810

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-02 12:09:08 -05:00
Nick Mathewson
ed4213fa08 Merge remote-tracking branch 'teor/bug20667' 2016-12-02 12:07:10 -05:00
Nick Mathewson
d7ec1708b1 Merge branch 'maint-0.2.9' 2016-12-02 12:00:53 -05:00
Nick Mathewson
8b93cbc16d Merge branch 'bug20716_026' into maint-0.2.9 2016-12-02 12:00:46 -05:00
overcaffeinated
3b6da3f90c Fix memory leak in bug 20716
newconn->address is strdup'ed twice when new_type == CONN_TYPE_AP
and conn->socket_family == AF_UNIX. Whilst here, juggle code to
make sure newconn->port is assigned from an initialised value in
the above case.
2016-12-01 10:14:42 -05:00
teor
b917b3875e Stop ignoring misconfigured hidden services
Instead, refuse to start tor until the misconfigurations have been corrected.

Fixes bug 20559; bugfix on multiple commits in 0.2.7.1-alpha and earlier.
2016-12-01 09:51:33 -05:00
teor
36bb900def Refactor rend_service_list substitute list selection code
Remove duplicate code.
No behaviour change.
2016-12-01 09:51:24 -05:00
Nick Mathewson
5efbd41daa Merge branch 'maint-0.2.9' 2016-12-01 09:50:17 -05:00
Nick Mathewson
f8a7972b29 Merge branch 'bug20638_029_v2_squashed' into maint-0.2.9 2016-12-01 09:45:14 -05:00
teor
f80a43d16f Stop ignoring hidden service key anonymity when first starting tor
Instead, refuse to start tor if any hidden service key has been used in
a different hidden service anonymity mode.

Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf.

The original single onion service poisoning code checked poisoning state
in options_validate, and poisoned in options_act. This was problematic,
because the global array of hidden services had not been populated in
options_validate (and there were ordrering issues with hidden service
directory creation).

This patch fixes this issue in rend_service_check_dir_and_add, which:
* creates the directory, or checks permissions on an existing directory, then
* checks the poisoning state of the directory, then
* poisons the directory.

When validating, only the permissions checks and the poisoning state checks
are perfomed (the directory is not modified).
2016-12-01 09:44:53 -05:00
teor
91abd60cad Update unit tests for 20484, 20529
Add extra logging and extra validity checks for hidden services.
2016-12-01 09:44:53 -05:00
Nick Mathewson
a7762930c3 Merge remote-tracking branch 'dgoulet/ticket20568_030_01' 2016-12-01 09:23:36 -05:00
Nick Mathewson
c1e8dfd6cf Fix compilation 2016-12-01 09:20:04 -05:00
Nick Mathewson
8edd3d2b6c Don't call into the new guard algorithm when the old one is enabled.
(I'm surprised that these are the only bugs I ran into when I
tested running with the old algorithm again!)
2016-11-30 14:44:43 -05:00
Nick Mathewson
d98b9b6d65 Fix pathbias interactions with entry guards
entry_guard_get_by_id_digest() was always returning NULL, which was
causing "adventure" and "fun"
2016-11-30 14:44:43 -05:00
Nick Mathewson
783fa2f586 Make pathbias fields persistent for new guards 2016-11-30 14:44:43 -05:00
Nick Mathewson
858c8f5593 Make new prop271 entry guards persistent
To do this, it makes sense to treat legacy guards as a separate
guard_selection_t *, and handle them separately.  This also means we
add support here for having multiple guard selections.

Note that we don't persist pathbias information yet; that will take
some refactoring.
2016-11-30 14:44:43 -05:00
Nick Mathewson
dbbaa51518 Use the new guard notification/selection APIs throughout Tor
This patch doesn't cover every case; omitted cases are marked with
"XXXX prop271", as usual.  It leaves both the old interface and the
new interface for guard status notification, since they don't
actually work in the same way: the new API wants to be told when a
circuit has failed or succeeded, whereas the old API wants to know
when a channel has failed or succeeded.

I ran into some trouble with directory guard stuff, since when we
pick the directory guard, we don't actually have a circuit to
associate it with.  I solved that by allowing guard states to be
associated with directory connections, not just circuits.
2016-11-30 14:42:53 -05:00
Nick Mathewson
de617a4714 Maintain a list of all the origin circuits.
We'll want this for upgrading waiting circuits.
2016-11-30 14:42:53 -05:00
Nick Mathewson
8e43398986 Function to cancel a guard state.
We'll want to use this if we allocate a guard state then decide,
"whoops, we don't want to use this."
2016-11-30 14:42:53 -05:00
Nick Mathewson
4689096ed1 No need to say success/failure when recording failure; remove returnval
(We can fail at succeeding, but there's no plausible way to fail at failing)
2016-11-30 14:42:53 -05:00
Nick Mathewson
af1918d289 New entry_guard_chan_failed function
To be called when an entire channel has failed: tell any/all
circuits pending for the guard of that channel that they have
failed.
2016-11-30 14:42:53 -05:00
Nick Mathewson
1fd0a547bb New function to tell the guard module "We're on the net!"
(Call it whenever we read a cell.)
2016-11-30 14:42:53 -05:00
Nick Mathewson
8dc6048c02 Add an (as yet) unused UseDeprecatedGuardAlgorithm_ option.
I expect we'll be ripping this out somewhere in 0.3.0, but let's
keep it around for a little while in case it turns out to be the
only way to avert disaster?
2016-11-30 14:42:53 -05:00
Nick Mathewson
238828c92b Add a new GUARD_WAIT state for circuits
This state corresponds to the WAITING_FOR_BETTER_GUARD state; it's
for circuits that are 100% constructed, but which we won't use until
we are sure that we wouldn't use circuits with a better guard.
2016-11-30 14:42:53 -05:00
Nick Mathewson
36e9fbd752 Backend for upgrading 'waiting' circuits to 'complete'
When a nonprimary guard's circuit is complete, we don't call it
actually usable until we are pretty sure that every better guard
is indeed not going to give us a working circuit.
2016-11-30 14:42:52 -05:00
Nick Mathewson
dd6bdab3f6 Write the easy parts of the public entryguard interface.
Here we add a little bit of state to origin circuits, and set up
the necessary functions for the circuit code to call in order to
find guards, use guards, and decide when circuits can be used.

There's also an incomplete function for the hard part of the
circuit-maintenance code, where we figure out whether any waiting
guards are ready to become usable.

(This patch finally uses the handle.c code to make safe handles to
entry_guard_t objects, so that we are allowed to free an
entry_guard_t without checking whether any origin_circuit_t is
holding a reference to it.)
2016-11-30 14:42:52 -05:00
Nick Mathewson
7bf946965b Implement most of the prop271 data structure backends.
This code handles:
  * Maintaining the sampled set, the filtered set, and the
    usable_filtered set.
  * Maintaining the confirmed and primary guard lists.
  * Picking guards for circuits, and updating guard state when
    circuit state changes.

Additionally, I've done code structure movement: even more constants
and structures from entrynodes.c have become ENTRYNODES_PRIVATE
fields of entrynodes.h.

I've also included a bunch of documentation and a bunch of unit
tests.  Coverage on the new code is pretty high.

I've noted important things to resolve before this branch is done
with the /XXXX.*prop271/ regex.
2016-11-30 14:42:52 -05:00
Nick Mathewson
6a02f9f35a Add parameters for new (prop271) guard algorithm.
These are taken from the proposal, and defined there.  Some of them
should turn into consensus parameters.

Also, remove some dead code that was there to make compilation work,
and use ATTR_UNUSED like a normal person.
2016-11-30 14:42:52 -05:00
Nick Mathewson
3c12133038 Collect old guard algorithm parameters into one place 2016-11-30 14:42:52 -05:00
Nick Mathewson
c74542c51a Add accessors as needed to repair compilation
The previous commit, in moving a bunch of functions to bridges.c,
broke compilation because bridges.c required two entry points to
entrynodes.c it didn't have.
2016-11-30 14:42:52 -05:00
Nick Mathewson
8da24c99bd Split bridge functions into a new module.
This patch is just:
   * Code movement
   * Adding headers here and there as needed
   * Adding a bridges_free_all() with a call to it.

It breaks compilation, since the bridge code needed to make exactly
2 calls into entrynodes.c internals.  I'll fix those in the next
commit.
2016-11-30 14:42:52 -05:00
Nick Mathewson
dd6def5daf Initial code to parse/encode/sample prop271 guards
The encoding code is very straightforward.  The decoding code is a
bit tricky, but clean-ish.  The sampling code is untested and
probably needs more work.
2016-11-30 14:42:52 -05:00
Nick Mathewson
539eba0a4b Teach parse_iso_time about the spaceless variant.
(We previously added support for generating the spaceless
2016-11-14T19:58:12 variant, but not for actually parsing it.)
2016-11-30 14:42:52 -05:00
Nick Mathewson
df8256a931 Add the prop271 fields to entry_guard_t. Not used yet. 2016-11-30 14:42:52 -05:00
Nick Mathewson
043e9b0151 Whitespace fixes from previous mechanical search-and-replaces 2016-11-30 14:42:52 -05:00
Nick Mathewson
f66f9c82e9 Make entry_guard_t opaque to circpathbias.c
This was a relatively mechanical change.  First, I added an accessor
function for the pathbias-state field of a guard.  Then I did a
search-and-replace in circpathbias.c to replace "guard->pb." with
"pb->".  Finally, I made sure that "pb" was declared whenever it was
needed.
2016-11-30 14:42:52 -05:00
Nick Mathewson
62477906e9 Fix remaining case of circpathbias inspecting entryguard internals 2016-11-30 14:42:52 -05:00
Nick Mathewson
823357dbe4 Add an entry_guard_describe() function
This function helpfully removes all but one remaining use of
an entry_guard_t private field in pathbias.c
2016-11-30 14:42:52 -05:00
Nick Mathewson
be447bc770 Move path-bias fields into a separate structure
(Other than the field movement, the code changes here are just
search-and-replace)
2016-11-30 14:42:52 -05:00
Nick Mathewson
22f2f13f81 prop271: make entry_guard_t mostly-private
The entry_guard_t structure should really be opaque, so that we
can change its contents and have the rest of Tor not care.

This commit makes it "mostly opaque" -- circpathbias.c can still see
inside it.  (I'm making circpathbias.c exempt since it's the only
part of Tor outside of entrynodes.c that made serious use of
entry_guard_t internals.)
2016-11-30 14:42:52 -05:00
teor
04f7944891
Stop discarding downloaded full descriptors when using microdescs for circuits
This affects clients with FetchUselessDescriptors 1.

It might also cause subtle bugs on directory mirrors and authorities,
causing them to consider all full descriptors as failed or old.
2016-11-30 12:20:28 +11:00
teor
e061cf4d1d
Remove an unneccessary FetchUselessDescriptors check in client_would_use_router 2016-11-30 11:43:04 +11:00
teor
65d793fab2
Fetch unknown certificates if FetchUselessDescriptors is true 2016-11-30 11:07:48 +11:00
teor
e5c608e535
Stop discarding consensus flavors and descriptors we wanted to fetch
Instead, fetch and store consensus flavors and descriptors we wanted to
fetch.

And serve them if we are a directory cache (or authority).
2016-11-30 11:06:36 +11:00
s7r
215cc0d527 Improve log messages related to identity key
Improve the messages logged when Tor wants or needs to load the master ed25519 identity key so the user is explicitly informed when further action is required or not. Fixes ticket #20650.
2016-11-27 13:07:43 +00:00
Chelsea H. Komlo
9d9110f65d
crypto_digest256 returns expected error value of -1 2016-11-24 12:13:07 -05:00
Chelsea H. Komlo
276d07a88a
crypto_digest returns expected error value of -1 2016-11-24 10:01:03 -05:00
Chelsea H. Komlo
2331e70d2d
fix up spacing/style in needs_circuits_for_build 2016-11-24 09:33:40 -05:00
Chelsea H. Komlo
f83ed31089
adding better comments for defines 2016-11-24 09:33:38 -05:00
Chelsea H. Komlo
b252773fe9
re-add check for if circuit is an origin circuit 2016-11-24 09:33:32 -05:00
Chelsea H. Komlo
118bba7622
Refactor to remove unnecessary check in circuit_is_available_for_use 2016-11-24 08:12:33 -05:00
Chelsea H. Komlo
cfb8363da9
extract magic numbers in circuituse.c 2016-11-24 08:12:32 -05:00
Chelsea H. Komlo
afb6ae7b0f
Refactor circuit_predict_and_launch_new 2016-11-24 08:12:30 -05:00
Nick Mathewson
c35d481f56 Merge branch 'maint-0.2.9' 2016-11-21 12:44:21 -05:00
teor
1d1d37bbc6
Refactor rend_service_check_dir_and_add
Make the function flatter, and prepare for #20559.

No behaviour change.
2016-11-18 13:35:54 +11:00
teor
8bdedab8da
Refactor duplicate code out of rend_config_services
Put that code in rend_service_check_dir_and_add.

No behaviour change.

This is a defence in depth measure against similar bugs to 20529.
2016-11-18 13:35:09 +11:00
teor
98057d274c
Create HS directories in rend_config_services, then check before use
(We only create HS directories if we are acting on the config.)

Log a BUG warning if the directories aren't present immediately before they
are used, then fail.
2016-11-18 13:34:24 +11:00
Nick Mathewson
ded58777c5 Merge remote-tracking branch 'dgoulet/bug20629_030_01' 2016-11-17 20:12:13 -05:00
Nick Mathewson
b5d738e481 Merge remote-tracking branch 'public/bug20558' 2016-11-17 20:10:40 -05:00
Nick Mathewson
a742637f5a Merge remote-tracking branch 'public/bug20630' 2016-11-17 20:09:44 -05:00
Ivan Markin
fe711c2944 Fix and simplify error handling code in rend_service_parse_port_config() 2016-11-17 20:06:37 -05:00
Ivan Markin
a847e16cbb Fix comment for rend_service_parse_port_config() 2016-11-17 20:05:19 -05:00
Roger Dingledine
f12aad7f09 don't attempt a resolve when the cached answer will do
For relays that don't know their own address, avoid attempting
a local hostname resolve for each descriptor we download. Also cut
down on the number of "Success: chose address 'x.x.x.x'" log lines.

Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
2016-11-16 16:22:11 -05:00
Roger Dingledine
3bb40b213b refactor router_pick_published_address to have another arg
no change in behavior except fewer log entries in the case where we use
a cached result.
2016-11-16 16:13:03 -05:00
Nick Mathewson
307d244640 Fix a "shouldn't have reached this" warning in connection_edge.c
This was bug 20630; bugfix on f3e158ed where I thought I was
committing a documentation-only fix but instead messed up the
control flow too.
2016-11-14 09:16:57 -05:00
Nick Mathewson
e054211237 Migrate extend2/create2 cell encoding to Trunnel
(Not extended2/created2; that's too simple.)

Incidentally, add ed25519 identities to the mix when we have them.
2016-11-11 15:29:13 -05:00
David Goulet
c82881a235 hs: Remove pointless NULL check found by Coverity
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-10 12:32:18 -05:00
David Goulet
a3bbb9ce77 fixup! Move encode_cert to torcert.c and rename it to tor_cert_encode_ed22519() 2016-11-10 11:00:59 -05:00
Neel Chauhan
9f74f8f732 Move encode_cert to torcert.c and rename it to tor_cert_encode_ed22519()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-10 11:00:50 -05:00
Nick Mathewson
b5e75ae7dd Add an ed25519 identity to extend_info 2016-11-10 09:43:27 -05:00
Nick Mathewson
8406677a5e Accessor functions to get a node's ID keys. 2016-11-10 09:43:27 -05:00
Nick Mathewson
5e16c3f5fa Merge remote-tracking branch 'dgoulet/bug20567_030_01' 2016-11-10 09:27:45 -05:00
Nick Mathewson
b6164e1604 Merge remote-tracking branch 'public/feature20552' 2016-11-10 09:25:11 -05:00
Nick Mathewson
217b895831 Merge remote-tracking branch 'dgoulet/ticket19642_030_01' 2016-11-10 09:16:00 -05:00
Matt Nordhoff
7dee70c3e1 Add "TByte" and "TBytes" units; also add "TBits" to man page 2016-11-10 09:13:27 -05:00
Nick Mathewson
0f4f63b7b8 Merge branch 'maint-0.2.9' 2016-11-10 09:11:35 -05:00
rubiate
d46c1b49a4 Do not serve a consensus if it is too old
Closes ticket 20511.
2016-11-10 10:16:18 +13:00
teor
0ec94588ab
Stop logging single onion and Tor2web long-term one-hop circuits
Single onion services and Tor2web deliberately create long-term one-hop
circuits to their intro and rend points, respectively.

These log messages are intended to diagnose issue 8387, which relates to
circuits hanging around forever for no reason.

Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly".
2016-11-09 11:23:51 +11:00
teor
5dca9487c4
Call get_options() once at the top of circuit_log_ancient_one_hop_circuits()
Refactoring, no behaviour change.
2016-11-09 11:15:48 +11:00
Nick Mathewson
c58592e658 Merge branch 'maint-0.2.9' 2016-11-08 18:51:19 -05:00
Nick Mathewson
89ec191b68 Merge remote-tracking branch 'public/bug20306_029' into maint-0.2.9 2016-11-08 18:51:07 -05:00
David Goulet
34f14a35b6 hs: Add single-onion-service line to v3 descriptor
This field indicates if the service is a Single Onion Service if present in
the descriptor.

Closes #19642

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-08 13:22:42 -05:00
Nick Mathewson
d1a0f2e7e4 Merge branch 'maint-0.2.9' 2016-11-08 07:12:16 -05:00
teor
38e3f91c63
When using exponential backoff in test networks, use a lower exponent
Lower exponents mean that delays do not vary as much. This helps test
networks bootstrap consistently.

Bugfix on 20499.
2016-11-08 16:42:26 +11:00
Nick Mathewson
3e3040a5d9 Merge branch 'maint-0.2.9'
Conflicts:
	src/or/rendservice.c
2016-11-07 16:31:40 -05:00
Nick Mathewson
c2fc0941a5 Merge remote-tracking branch 'teor/bug20484_029_v2' into maint-0.2.9 2016-11-07 16:12:13 -05:00
David Goulet
4ff534495f hs: Document arguments of rend_data_*_create()
Fixes #20567

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-07 14:03:32 -05:00
Nick Mathewson
89edef6afb Treat bacoff/schedule mismatch as a bug. 2016-11-07 11:05:57 -05:00
Nick Mathewson
1934bf75ef Merge branch 'maint-0.2.9' 2016-11-07 11:02:15 -05:00
Nick Mathewson
e51f105c41 Reduce multiplier to 3, per teor's recommendation on #20534
(Three _is_ a good number for anonymity!)
2016-11-07 11:01:21 -05:00
Nick Mathewson
85970f7047 Always increment delays by at least 1. 2016-11-07 11:01:21 -05:00
Nick Mathewson
1fdf6e5814 Avoid integer overflow in delay calculation. 2016-11-07 11:01:21 -05:00
Nick Mathewson
864c42f4d6 Count HTTP 503 as a download failure.
Because as Teor puts it: "[Resetting on 503] is exactly what we
don't want when relays are busy - imagine clients doing an automatic
reset every time they DoS a relay..."

Fixes bug 20593.
2016-11-07 11:01:21 -05:00
Nick Mathewson
667ba776b1 Adjust download schedules per teor's #20534 recommendataions 2016-11-07 11:01:20 -05:00
David Goulet
3ee9a6d6fd hs: Remove EnableOnionServiceV3 consensus param
As of #19899, we decided to allow any relay understanding the onion service
version 3 protocol to be able to use it. The service and client will be the
one controlled by a consensus parameter (different one for both of them) but
if you are a relay and you can understand a protocol, basically you should use
the feature.

Closes #19899

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-07 10:49:10 -05:00
Nick Mathewson
800dff1308 Merge branch 'maint-0.2.9' 2016-11-07 09:32:21 -05:00
Nick Mathewson
d82ffb77f3 Merge branch '20499_part1_029_squashed', remote-tracking branches 'teor/bug20591_029' and 'teor/bug20533_029' into maint-0.2.9 2016-11-07 09:20:13 -05:00
Nick Mathewson
858867a31a Allow infinitely long delays in exponential-backoff downloads
It's only safe to remove the failure limit (per 20536) if we are in
fact waiting a bit longer each time we try to download.

Fixes bug 20534; bugfix on 0.2.9.1-alpha.
2016-11-07 09:19:35 -05:00
teor
e819d420c5
When downloading certificates, check for related failures
If a consensus expires while we are waiting for certificates to download,
stop waiting for certificates.

If we stop waiting for certificates less than a minute after we started
downloading them, do not consider the certificate download failure a
separate failure.

Fixes bug 20533; bugfix on commit e0204f21 in 0.2.0.9-alpha.
2016-11-08 00:01:20 +11:00
teor
1bb28cecd9
Ensure relays don't make multiple connections during bootstrap
Relays do not deliberately launch multiple attempts, so the impact of this
bug should be minimal. This fix also defends against bugs like #20499.

Bugfix on 0.2.8.1-alpha.
2016-11-07 23:05:55 +11:00
Nick Mathewson
4e15c2cb7d Merge branch 'maint-0.2.9' 2016-11-06 20:32:21 -05:00
Nick Mathewson
f6a3d213e4 Finish a sentence in a comment. Close 20576. 2016-11-06 20:31:50 -05:00
Nick Mathewson
0b787b1daf Workaround for warning in desc_encode_v3().
Fixes bug 20581.
2016-11-06 20:27:14 -05:00
Nick Mathewson
5385a023e1 Do not apply 'max_failures' to random-exponential schedules.
Fixes bug 20536; bugfix on 0.2.9.1-alpha.
2016-11-06 20:08:11 -05:00
Nick Mathewson
e9ce181955 Change a BUG warning to be a warning, not an info. 2016-11-06 20:01:24 -05:00
Nick Mathewson
1b22eae120 Fix get_delay() code to avoid TIME_MAX overflow, not INT_MAX.
Fixes bug 20587; bugfix on 35bbf2e4a4 in 0.2.8.1-alpha.
2016-11-06 19:50:08 -05:00
Nick Mathewson
f45a581486 Fix some 32-bit warnings and clang warnings 2016-11-04 15:24:30 -04:00
Nick Mathewson
d16b4b3e48 Fix memory leaks in hs_descriptor/decode_descriptor and in encode_enc_key() 2016-11-04 14:27:45 -04:00
Nick Mathewson
a4291eef5a Expose desc_intro_point_free to the tests, and use it.
Also fix another couple of leaks.
2016-11-04 14:22:04 -04:00
David Goulet
6ac85ca2b4 prop224: Fix crosscert memory leaks on error 2016-11-04 14:16:42 -04:00
Nick Mathewson
29ae8dcf96 Fix a bunch of leaks in hs_cache/upload_and_download_hs_desc 2016-11-04 14:13:30 -04:00
David Goulet
954fb99a48 Fix a use-after-free error. 2016-11-04 14:07:33 -04:00
Nick Mathewson
6847b9f6af Fix make check-spaces 2016-11-04 14:00:08 -04:00
Nick Mathewson
09c750cce3 Check the correct key when checking RSA crosscert in hs_descriptor.c
Note that the "signed key" in the signing key certificate is the
signing key.  The "signing key" in the  signing key certificate is
the key that signs the certificate -- that is, the blinded key.
2016-11-04 13:49:05 -04:00
Nick Mathewson
dbd01590cc Fix an assertion failure in hs_cache_free_all().
It's possible for Tor to decide to exit before it's 100% done
initializing.  So, don't assert that the initialization is done.
2016-11-04 13:30:10 -04:00
Nick Mathewson
d88046a80d Fix compilation. 2016-11-04 13:26:56 -04:00
Nick Mathewson
c35c43d7d9 Merge branch 'ticket17238_029_02-resquash'
Conflicts:
	src/or/rendclient.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/test/test_dir.c
	src/trunnel/ed25519_cert.h
2016-11-04 13:26:37 -04:00
Nick Mathewson
c189cb5cc2 Use a better salted-MAC construction in build_mac() 2016-11-04 13:15:28 -04:00
David Goulet
1eed6edf36 prop224: Add a cache free all function
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
3f29688bdf prop224: Use a const pointer for the cache lookup entry
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
1263f74a12 prop224: Rename cert type to follow naming convention
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-04 10:32:50 -04:00
David Goulet
1517a8a2eb Add EnableOnionServicesV3 consensus parameter
This parameter controls if onion services version 3 (first version of prop224)
is enabled or not. If disabled, the tor daemon will not support the protocol
for all components such as relay, directory, service and client. If the
parameter is not found, it's enabled by default.

Closes #19899

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
d795ed5871 Make check-spaces happy :)
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
a8efd087bd test: Add prop224 directory fetch/upload unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:50 -04:00
George Kadianakis
f59990f24d prop224: Directory support for v3 descriptor fetch
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
45a72356cb prop224: Directory support for v3 descriptor publishing
Closes #19205

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
1aeaba4906 test: Add prop224 directory cache unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:32:49 -04:00
David Goulet
025610612d prop224: Directory cache support
This implements the proposal 224 directory descriptor cache store and lookup
functionalities. Furthermore, it merges the OOM call for the HSDir cache with
current protocol v2 and the new upcoming v3.

Add hs_cache.{c|h} with store/lookup API.

Closes #18572

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:31:35 -04:00
David Goulet
473f99bf7b test: Add prop224 descriptor unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:28 -04:00
David Goulet
cff1fd63f1 prop224: Descriptor decoding implementation
Closes #18571

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:28 -04:00
David Goulet
91b5d0789f prop224: Descriptor encoding implementation
Add hs_descriptor.{c|h} with the needed ABI to represent a descriptor and
needed component.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
David Goulet
02ad553ccd prop224: Add new cert type for hidden service
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:27 -04:00
David Goulet
e8c12175fe Move token parsing code to parsecommon.{c|h}
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:26 -04:00
David Goulet
8293356ad9 hs: Refactor rend_data_t for multi version support
In order to implement proposal 224, we need the data structure rend_data_t to
be able to accomodate versionning that is the current version of hidden
service (2) and the new version (3) and future version.

For that, we implement a series of accessors and a downcast function to get
the v2 data structure. rend_data_t becomes a top level generic place holder.

The entire rend_data_t API has been moved to hs_common.{c|h} in order to
seperate code that is shared from between HS versions and unshared code (in
rendcommon.c).

Closes #19024

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-11-04 10:29:26 -04:00
Nick Mathewson
00bdd56b18 Only check cert expiry vs TIME_MAX when time_t is less than 64-bit
Fixes issue 20558 / CID 1375988.
2016-11-03 19:29:52 -04:00
Nick Mathewson
bd6aa4f3d1 Split a wide line 2016-11-03 19:12:18 -04:00
Nick Mathewson
e8624b72a8 Merge remote-tracking branch 'dgoulet/bug20526_030_01' 2016-11-03 19:09:42 -04:00
Nick Mathewson
0533d14213 Replace some assert(1)s with nonfatal_unreached_once().
These were probably supposed to be assert(0).
2016-11-03 16:06:53 -04:00
Nick Mathewson
272572c3a2 Merge branch 'maint-0.2.9' 2016-11-03 15:45:16 -04:00
Nick Mathewson
3cd520a52d Merge branch 'maint-0.2.8' into maint-0.2.9 2016-11-03 15:44:46 -04:00
Nick Mathewson
f0b86e30d0 Add assertion that cpath_layer==NULL on OR circ 2016-11-03 14:36:10 -04:00
Nick Mathewson
40487b0141 Merge remote-tracking branch 'dgoulet/bug20376_030_01' 2016-11-03 14:35:03 -04:00
Nick Mathewson
df2615d43d fix wide lines 2016-11-03 14:29:18 -04:00
Nick Mathewson
16e75587f6 Merge branch 'bug20527_030_01_squashed' 2016-11-03 14:23:47 -04:00
Ivan Markin
2f52faee03 hs: Escape service directories before printing them
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-03 14:23:37 -04:00
Nick Mathewson
b7a1e793e6 Declare a LINKAUTH subprotocol version for #15055 (ed link handshake)
Closes ticket 20552.
2016-11-03 10:01:40 -04:00
Nick Mathewson
32854aef28 whitespace fixes 2016-11-03 08:55:54 -04:00
Nick Mathewson
d9ca4e20bd Merge branch 'feature_15055_v2' 2016-11-03 08:44:46 -04:00
Nick Mathewson
f156156d56 Audit use of tor_tls_cert_get_key().
This function is allowed to return NULL if the certified key isn't
RSA. But in a couple of places we were treating this as a bug or
internal error, and in one other place we weren't checking for it at
all!

Caught by Isis during code review for #15055.  The serious bug was
only on the 15055 branch, thank goodness.
2016-11-03 08:40:11 -04:00
Nick Mathewson
b978494ed9 Extract the common code in add_*_cert to a helper. 2016-11-03 08:40:11 -04:00
Isis Lovecruft
19abc2eae7 Mark some functions as needing documentation in src/or/routerkeys.c. 2016-11-03 08:40:10 -04:00
Isis Lovecruft
a53059c6a0 Document two additional functions in src/or/routerkeys.c.
Adds docstrings for generate_ed_link_cert() and should_make_new_ed_keys().
2016-11-03 08:40:10 -04:00
Nick Mathewson
805e97a433 Drop support for AUTHTYPE_RSA_SHA256_RFC5705 authentication.
This was a stopgap method, designed on the theory that some routers
might support it before they could support Ed25519.  But it looks
like everybody who supports RFC5705 will also have an Ed25519 key,
so there's not a lot of reason to have this even supported.
2016-11-03 08:40:10 -04:00
Nick Mathewson
5a2f70f86a Clean up comments, mark more branches as BUG. 2016-11-03 08:40:10 -04:00
Nick Mathewson
af2459f09e Unit tests for cert-chain-processing, including failed cases
Check out the coverage!
2016-11-03 08:40:10 -04:00
Nick Mathewson
a90a111a5f Label a few conditions in link authentication code as bugs. 2016-11-03 08:40:09 -04:00
Nick Mathewson
99af260acc For testing: function to construct (but not save) Ed keys and certs 2016-11-03 08:40:09 -04:00
Nick Mathewson
88c2a6b936 Send and receive AUTHENTICATE cells correctly with ED keys.
Includes updated test for authchallenge cells
2016-11-03 08:39:31 -04:00
Nick Mathewson
b4a5c77901 Verify ed25519 link handshake certificates
This code stores the ed certs as appropriate, and tries to check
them. The Ed25519 result is not yet used, and (because of its
behavior) this will break RSA authenticate cells.  That will get
fixed as we go, however.

This should implement 19157, but it needs tests, and it needs
to get wired in.
2016-11-03 08:39:28 -04:00
Nick Mathewson
99b3e54691 Add "Ed ID" arguments to a bunch of connection-ID-related fns.
In particular, these functions are the ones that set the identity of
a given connection or channel, and/or confirm that we have learned
said IDs.

There's a lot of stub code here: we don't actually need to use the
new keys till we start looking up connections/channels by Ed25519
IDs.  Still, we want to start passing the Ed25519 IDs in now, so it
makes sense to add these stubs as part of 15055.
2016-11-03 08:37:22 -04:00
Nick Mathewson
0704fa8a63 Handle u32 overflow in ed25519 cert expiration time.
The impact here isn't too bad. First, the only affected certs that
expire after 32-bit signed time overflows in Y2038. Second, it could
only make it seem that a non-expired cert is expired: it could never
make it seem that an expired cert was still live.

Fixes bug 20027; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:22 -04:00
Nick Mathewson
fae7060aea Fix a misfeature with the Ed cert expiration API
The batch-verification helper didn't expose the expiration time,
which made it pretty error-prone.

This closes ticket 15087.
2016-11-03 08:37:22 -04:00
Nick Mathewson
0b4221f98d Make the current time an argument to x509 cert-checking functions
This makes the code a bit cleaner by having more of the functions be
pure functions that don't depend on the current time.
2016-11-03 08:37:22 -04:00
Nick Mathewson
e3c8253721 Add function to check RSA->Ed cross-certifications
Also, adjust signing approach to more closely match the signing
scheme in the proposal.

(The format doesn't quite match the format in the proposal, since
RSA signatures aren't fixed-length.)

Closes 19020.
2016-11-03 08:37:22 -04:00
Nick Mathewson
348b90a915 Refactor RSA certificate checking into its own function. 2016-11-03 08:37:22 -04:00
Nick Mathewson
e94f1b4e0d Free rsa_ed_crosscert at exit.
Fixes bug 17779; bugfix on 0.2.7.2-alpha.
2016-11-03 08:37:21 -04:00
Nick Mathewson
e23389841c Migrate certificates into a sub-structure of or_handshake_state
This will help us do cert-checking in the background in the future,
perhaps.
2016-11-03 08:37:21 -04:00
Nick Mathewson
4ef42e7c52 Refactor ...compute_authenticate_cell_body() to return a var_cell_t.
This means we don't need to precompute the length.

Helps simplify the implementation of 19156.
2016-11-03 08:37:21 -04:00
Nick Mathewson
2bf6553949 Code to send correct authentication data when we are using AUTHTYPE>2
Implements the major part of 19156, except doesn't actually send the
new cell type yet.
2016-11-03 08:37:21 -04:00
Nick Mathewson
b004ff45d7 New authentication types to use RFC5705.
See proposal 244.  This feature lets us stop looking at the internals
of SSL objects, *and* should let us port better to more SSL libraries,
if they have RFC5705 support.

Preparatory for #19156
2016-11-03 08:37:20 -04:00
Nick Mathewson
fdd8f8df67 Send ed25519 certificates in certs cell, when we have them.
Implements 19155 (send CERTS cells correctly for Ed25519)

Also send RSA->Ed crosscert
2016-11-03 08:37:16 -04:00
Nick Mathewson
5205e95275 Refactor connection_or_send_certs_cell() to use trunnel
We no longer generate certs cells by pasting the certs together one
by one. Instead we use trunnel to generate them.

Preliminary work for 19155 (send CERTS cell with ed certs)
2016-11-03 08:35:40 -04:00
Nick Mathewson
986695fb74 When parsing certs cells, allow more certs types
Implements the parsing part of #19157
2016-11-03 08:35:36 -04:00
Ivan Markin
922bc45a56 hs: Added rend_service_is_ephemeral() and made related code use it
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-11-02 10:01:35 -04:00
teor
0ee9049e94
Use the latest options in rend_service_check_private_dir
Fixup on both:
* Refactor, adding a create argument... and
* Check every hidden service directory's permissions...
2016-11-02 14:55:14 +11:00
teor
1747f28861
Check every hidden service directory's permissions when configuring
Previously, we would only check the last hidden service directory.

Fixes #20529, bugfix on ticket 13942 commit 85bfad1 in 0.2.6.2-alpha.
2016-11-02 14:32:04 +11:00
teor
2f48693663
Improve comments in check_private_dir and onion poisoning
Comment changes only
2016-11-02 14:11:26 +11:00
teor
a906ff88a3
fixup! Refactor, adding a create argument to rend_service_check_private_dir 2016-11-02 14:10:52 +11:00
teor
6c54181559
Remove redundant group permission code from rend_service_check_private_dir
check_private_dir already does this for existing directories.
2016-11-02 11:20:49 +11:00
teor
c9db775243
Refactor, adding a create argument to rend_service_check_private_dir
It used to be rend_service_check_and_create_private_dir, which always
created the directory.

No behaviour change.
2016-11-02 11:20:19 +11:00
Nick Mathewson
b2f82d45b7 Always call connection_ap_attach_pending() once a second.
Fixes bug 19969; bugfix on b1d56fc58.  We can fix this some more in
later Tors, but for now, this is probably the simplest fix possible.

This is a belt-and-suspenders fix, where the earlier fix ("Ask
event_base_loop to finish when we add a pending stream") aims to respond
to new streams as soon as they arrive, and this one aims to make sure
that we definitely respond to all of the streams.
2016-11-01 20:09:44 -04:00
Roger Dingledine
d89804a69d Ask event_base_loop to finish when we add a pending stream
Fixes bug 19969; bugfix on b1d56fc58. We can fix this some more in
later Tors, but for now, this is probably the right fix for us.
2016-11-01 19:52:55 -04:00
Roger Dingledine
28b755e660 refactor out the tor_event_base_loopexit() call
no actual changes
2016-11-01 19:52:54 -04:00
Nick Mathewson
cb35a7c271 Merge branch 'maint-0.2.9' 2016-11-01 13:05:45 -04:00
Nick Mathewson
733b245283 Merge remote-tracking branch 'teor/bug20472-029-v2' into maint-0.2.9 2016-11-01 13:05:33 -04:00
Nick Mathewson
59a78187cd Merge branch 'maint-0.2.9' 2016-10-31 15:20:45 -04:00
Nick Mathewson
24b7b922ae Actually free the worker_state_t object when we do an update with it
Previously we freed the old "keys" object, but leaked the
worker_state_t that we had taken it from.

Fixes bug 20401; bugfix on 0.2.6.3-alpha.
2016-10-31 15:20:25 -04:00
Nick Mathewson
d73c671d6d policy_is_reject_star():
ome policies are default-reject, some default-accept.  But
policy_is_reject_star() assumed they were all default_reject.  Fix
that!

Also, document that policy_is_reject_star() treats a NULL policy as
empty. This allows us to simplify the checks in
parse_reachable_addresses() by quite a bit.

Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-31 15:05:56 -04:00
Nick Mathewson
8841a9e396 Create single-onion-service directory before poisoning it, if needed
(Also, refactor the code to create a hidden service directory into a
separate funcion, so we don't have to duplicate it.)

Fixes bug 20484; bugfix on 0.2.9.3-alpha.
2016-10-31 14:54:20 -04:00
teor
3158777d35
Rename routerstatus_version_supports_ntor to *_supports_extend2_cells
This helps avoid the confusion that caused bug 20472.
Bugfix on commit 10aa913 from #19163 in tor-0.2.9.3-alpha.
2016-10-31 17:02:21 +11:00
teor
d81f2b5d81
Refactor circuit_pick_create_handshake
Make the structure of circuit_pick_create_handshake consistent with
circuit_pick_extend_handshake.

No behaviour change.
2016-10-31 17:01:33 +11:00
teor
26d7a07ad7
In circuit_pick_extend_handshake, assume all hops support EXTEND2 and ntor
This simplifies the function: if we have an ntor key, use ntor/EXTEND2,
otherwise, use TAP/EXTEND.

Bugfix on commit 10aa913 from 19163 in 0.2.9.3-alpha.
2016-10-31 17:01:04 +11:00
Nick Mathewson
ada75d5567 Fix bad warning when checking IP policies.
I had replaced a comment implying that a set of ifs was meant to be
exhaustive with an actual check for exhaustiveness.  It turns out,
they were exhaustive, but not in the way I had assumed. :(

Bug introduced in f3e158edf7, not in any released Tor.
2016-10-28 15:33:12 -04:00
Nick Mathewson
f3e158edf7 Comment the heck out of the stream/circuit attaching process. 2016-10-27 12:04:43 -04:00
David Goulet
70b9e79700 Slightly refactor and fix couple callsites
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-10-27 10:34:02 -04:00
Nick Mathewson
dc79504e2a Document main.c a lot better 2016-10-27 10:25:26 -04:00
Ivan Markin
23b878b875 Do assert when calling relay_send_command_from_edge() on OR-side circs 2016-10-27 10:19:06 -04:00
Ivan Markin
2d04946960 Do not mark circs for close again after relay_send_command_from_edge() 2016-10-27 10:19:04 -04:00
overcaffeinated
265d5446fa Automated change to use smartlist_add_strdup
Use the following coccinelle script to change uses of
smartlist_add(sl, tor_strdup(str)) to
smartlist_add_strdup(sl, string) (coccinelle script from nickm
via bug 20048):

@@
expression a;
expression b;
@@
- smartlist_add
+ smartlist_add_strdup
   (a,
- tor_strdup(
   b
- )
  )
2016-10-27 10:26:06 +01:00
Nick Mathewson
77d14b5f56 Small refactoring: explain G,M,E,D,T initialization 2016-10-26 16:39:59 -04:00
Matt Traudt
7ba0ae9426 Add consensus weight calculation tests 2016-10-26 16:37:16 -04:00
Matt Traudt
909ee0e55f Fix default bw weights with new consensus method
See #14881
2016-10-26 16:33:54 -04:00
Nick Mathewson
39375db3dc Merge remote-tracking branch 'pastly/ticket20459' 2016-10-26 16:22:06 -04:00
Nick Mathewson
5a1779b7ff Merge branch 'maint-0.2.9' 2016-10-26 14:17:21 -04:00
Nick Mathewson
d288704023 Avoid tor_fragile_assert() failure with DNSPort on RESOLVED_TYPE_ERROR
The tor_fragile_assert() bug has existed here since c8a5e2d588
in tor-0.2.1.7-alpha forever, but tor_fragile_assert() was mostly a
no-op until 0.2.9.1-alpha.

Fixes bug 19869.
2016-10-26 14:16:40 -04:00
Nick Mathewson
8a38d053a0 Continue the module documentation effort with circuitbuild and circuituse 2016-10-26 13:30:23 -04:00
Nick Mathewson
9c8dbcd0d6 More module documentation (circpathbias, circuitlist) 2016-10-26 12:38:50 -04:00
Nick Mathewson
a5f07a6c2a More module-level documentation. 2016-10-26 11:02:57 -04:00
Nick Mathewson
04b8af9dc0 Whitespace fixes 2016-10-26 08:39:04 -04:00
Nick Mathewson
8cc528c750 Allow asking a bridge's own descriptor over one-hop connection
When we refactored purpose_needs_anonymity(), we made it so _all_
bridge requests required anonymity.  But that missed the case
that we are allowed to ask a bridge for its own descriptor.

With this patch, we consider the resource, and allow "authority.z"
("your own descriptor, compressed") for a bridge's server descriptor
to be non-anonymous.

Fix for bug 20410; bug not in any released Tor.
2016-10-26 08:32:48 -04:00
Matt Traudt
c09993fdf6 Fix ewma_cmp_cmux never considering policies different 2016-10-25 10:07:05 -04:00
Nick Mathewson
01482e30ad Merge remote-tracking branch 'pastly/ticket20273' 2016-10-24 12:47:29 -04:00
Nick Mathewson
961c8f4838 Module-document dnsserv.c, policies.c, routerkeys.c 2016-10-24 11:47:40 -04:00
Nick Mathewson
e3592cd8b5 html error in doxygen comment in rendservice.c 2016-10-24 10:31:16 -04:00
Nick Mathewson
3a232ef64a Module documentation for config.c and confparse.c 2016-10-24 10:16:46 -04:00
Nick Mathewson
5382b174c5 Module documentation (and an important caveat) for dirvote.c 2016-10-24 09:21:54 -04:00
Nick Mathewson
d1bcba19a9 Turn scheduler.c documentation into doxygen. 2016-10-20 11:02:04 -04:00
Ivan Markin
e77033e9ee Say 'Invalid argument' instead of unclear 'Unrecognized' 2016-10-19 18:06:04 -04:00
Nick Mathewson
c87d9b13a4 BUG in purpose_needs_anonymity if switch not matched.
I believe that this should never trigger, but if it does, it
suggests that there was a gap between is_sensitive_dir_purpose and
purpose_needs_anonymity that we need to fill.  Related to 20077.
2016-10-19 18:04:47 -04:00
Nick Mathewson
df387b94e8 Merge remote-tracking branch 'chelseakomlo/master' 2016-10-19 17:17:12 -04:00
Nick Mathewson
12cf73c451 Merge remote-tracking branch 'andrea/ticket19858_v2'
Conflict in entrynodes.c: any_bridge_supports_microdescriptors was
removed in master, and modified in 19858_v2
2016-10-19 17:11:47 -04:00
Nick Mathewson
ec4142abdf Unify code in channel_write_*cell()
Patch from pingl; patch for 13827.
2016-10-19 17:07:23 -04:00
Nick Mathewson
87e4b9259a Merge remote-tracking branch 'arma/bug6769' 2016-10-19 17:04:44 -04:00
Chelsea H. Komlo
471b0c5175
Refactor purpose_needs_anonymity to use switch statement 2016-10-19 12:25:50 -05:00
Chelsea H. Komlo
195ccce94e
Refactor to use purpose_needs_anonymity and remove is_sensitive_dir_purpose 2016-10-18 18:40:50 -05:00
Nick Mathewson
54fda6b98a Module-level docs for ext_orport and router.c 2016-10-18 19:32:49 -04:00
Nick Mathewson
4396540129 Turn replaycache.c module doc into doxygen 2016-10-18 12:31:50 -04:00
Nick Mathewson
d1b45786b1 Document connection_or.c and connection.c at module level 2016-10-18 12:25:55 -04:00
Nick Mathewson
84829e336c Module documentation for circuitmux_ewma.c 2016-10-18 11:28:40 -04:00
Nick Mathewson
56933787d5 Turn circuitmux.c comments into module docs. 2016-10-18 11:17:34 -04:00
Nick Mathewson
35df48b189 Module docs for channel.c and channeltls.c 2016-10-18 10:53:12 -04:00
Nick Mathewson
66ecdcdd75 Update the buffer sentinel fix to work with our #20081 fix. 2016-10-17 14:52:44 -04:00
Nick Mathewson
1a74881063 Merge branch 'maint-0.2.8' 2016-10-17 14:51:45 -04:00
Nick Mathewson
1df114330e Merge branch 'buf_sentinel_026_v2' into maint-0.2.8 2016-10-17 14:51:06 -04:00
Nick Mathewson
3cea86eb2f Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
This helps protect against bugs where any part of a buf_t's memory
is passed to a function that expects a NUL-terminated input.

It also closes TROVE-2016-10-001 (aka bug 20384).
2016-10-17 14:49:54 -04:00
Nick Mathewson
fd9a1045d8 Merge branch 'module_docs_1' 2016-10-17 10:17:32 -04:00
Nick Mathewson
aae034d13e Write a bunch of module documentation.
This commit adds or improves the module-level documenation for:

  buffers.c circuitstats.c command.c connection_edge.c control.c
  cpuworker.c crypto_curve25519.c crypto_curve25519.h
  crypto_ed25519.c crypto_format.c dircollate.c dirserv.c dns.c
  dns_structs.h fp_pair.c geoip.c hibernate.c keypin.c ntmain.c
  onion.c onion_fast.c onion_ntor.c onion_tap.c periodic.c
  protover.c protover.h reasons.c rephist.c replaycache.c
  routerlist.c routerparse.c routerset.c statefile.c status.c
  tor_main.c workqueue.c

In particular, I've tried to explain (for each documented module)
what each module does, what's in it, what the big idea is, why it
belongs in Tor, and who calls it.  In a few cases, I've added TODO
notes about refactoring opportunities.

I've also renamed an argument, and fixed a few DOCDOC comments.
2016-10-17 10:16:59 -04:00
Nick Mathewson
df84536ac1 Add a logic-consistency test when parsing unix socket configs
Coverity couldn't tell that 'addrport' was always non-NULL at this
point in the function, so I'm adding an explicit check. This closes
CID 1374060.
2016-10-17 08:27:10 -04:00
Nick Mathewson
55c468c521 Whitespace cleaning 2016-10-14 10:40:31 -04:00
Nick Mathewson
ac707ae70a Merge branch 'bug20176_v2' 2016-10-14 10:23:24 -04:00
Nick Mathewson
af70e43131 Merge remote-tracking branch 'public/spaces_in_unix_addrs' 2016-10-14 10:21:41 -04:00
Nick Mathewson
d2ab58c48d Merge branch 'bug18357_v2' 2016-10-14 09:10:34 -04:00
Nick Mathewson
87865c8aca Extract ExitPolicy-and-IPv6Exit check into a new function
(I've done this instead of changing the semantics of
router_compare_to_my_exit_policy, because dns.c uses
router_compare_to_my_exit_policy too, in a slightly weird way.)
2016-10-14 09:08:52 -04:00
Andrea Shepard
1c6f8841f4 Refactor to always allocate chosen_entry_guards in new guard_selection_new() function 2016-10-14 00:15:30 +00:00
Andrea Shepard
3b8a40f262 Use tor_memeq() instead of tor_memcmp() per code review 2016-10-13 23:48:49 +00:00
Andrea Shepard
fca605e763 Adjust comment per code review 2016-10-13 23:47:08 +00:00
Nick Mathewson
49d7feb8a0 Tweak patch for 18529.
- function doesn't need to be inline.

- rename function

- Make documentation more pedantically correct

- Remove needless "? 1 : 0."
2016-10-13 09:19:51 -04:00
Nick Mathewson
1fc3e29108 Remove duplicate code that checks for default authorities
Patch from ericho.

Fixes 18529. Simple refactoring.
2016-10-13 09:19:37 -04:00
Nick Mathewson
d25fed5174 Merge remote-tracking branch 'yawning-schwanenlied/bug20261' 2016-10-11 11:08:20 -04:00
Nick Mathewson
7026b607a0 Fix spurious compiler warning in do_getpass().
Some compilers apparently noticed that p2len was allowed to be equal
to msg, and so maybe we would be doing memset(prompt2, ' ', 0), and
decided that we probably meant to do memset(prompt2, 0, 0x20);
instead.

Stupid compilers, doing optimization before this kind of warning!

My fix is to just fill the entire prompt2 buffer with spaces,
because it's harmless.

Bugfix on e59f0d4cb9, not in any released Tor.
2016-10-11 09:34:08 -04:00
Nick Mathewson
3328658728 Merge remote-tracking branch 'asn/bug19223' 2016-10-11 08:48:39 -04:00
George Kadianakis
e59f0d4cb9 Fix non-triggerable heap corruption at do_getpass(). 2016-10-10 12:03:39 -04:00
Nick Mathewson
80e2896d52 comment tweak. Fixes 20271. patch from pastly. 2016-10-06 12:04:04 -04:00
Muhammad Falak R Wani
fdc0a660b4 dircollate: Use correct tor_calloc args.
Flip the tor_calloc arguments in the call.

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2016-10-05 13:06:27 -04:00
Nick Mathewson
785176e975 Clean up and fix exit policy check in connection_exit_connect().
Previously, we would reject even rendezvous connections to IPv6
addresses when IPv6Exit was false.  But that doesn't make sense; we
don't count that as "exit"ing.  I've corrected the logic and tried
to make it a lottle more clear.

Fixes bug 18357; this code has been wrong since 9016d9e829 in
0.2.4.7-alpha.
2016-10-05 12:44:53 -04:00
Nick Mathewson
05aed5b635 Allow a unix: address to contain a C-style quoted string.
Feature 18753 -- all this to allow spaces.
2016-10-04 15:43:20 -04:00
Matt Traudt
5503eec3aa Change some dirvote.c comments to reflect reality 2016-10-03 20:43:50 -04:00
Nick Mathewson
4bbdebff3f Merge remote-tracking branch 'arma/bug20277' 2016-10-03 14:05:26 -04:00
Paolo Inglese
ae4077916c Fix parse_virtual_addr_network minimum network size 2016-10-03 12:18:51 +01:00
Roger Dingledine
14a6047210 remove whitespace accidentally added in 4f1a04ff 2016-10-02 19:34:23 -04:00
Roger Dingledine
9228db5f1b remove confusing comment about conditional consensus download
We removed that feature in 0.2.4.2-alpha, but some comments seem to
have lingered.

I didn't add a changes/ file since this is just internal code cleanup.
2016-10-02 19:13:35 -04:00
Roger Dingledine
f0fb55ad30 simplify we_use_microdescriptors_for_circuits() 2016-10-02 02:22:03 -04:00
Roger Dingledine
782b6ec288 Bridges and relays now use microdescriptors
(like clients do) rather than old-style router descriptors. Now bridges
will blend in with clients in terms of the circuits they build.

Fixes bug 6769; bugfix on 0.2.3.2-alpha.
2016-10-02 01:12:27 -04:00
Roger Dingledine
bfaded9143 Bridge-using clients now use their cached microdesc consensus
Clients that use bridges were ignoring their cached microdesc-flavor
consensus files, because they only thought they should use the microdesc
flavor once they had a known-working bridge that could offer microdescs,
and at first boot no bridges are known-working.

This bug caused bridge-using clients to download a new microdesc consensus
on each startup.

Fixes bug 20269; bugfix on 0.2.3.12-alpha.
2016-10-01 16:34:17 -04:00
Yawning Angel
847e001d28 Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.
The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
2016-09-30 18:43:31 +00:00
Nick Mathewson
53255e925c Fix memory leak from prop264 branch. CID 1373401 2016-09-28 08:21:33 -07:00
Nick Mathewson
153ff4f559 fix a warning in protover. 2016-09-26 11:03:31 -07:00
Nick Mathewson
ed5d2daba1 Merge remote-tracking branch 'public/ticket20001_v2' 2016-09-26 11:01:10 -07:00
Nick Mathewson
97337844b7 Merge branch 'protover_v2_squashed' 2016-09-26 11:00:08 -07:00
Nick Mathewson
501fc3bbc6 protovers: during voting, assert that we are not voting to shut down.
As a failsafe, we should make sure that no authority ever votes for
a set of protocol versions that it does not itself support.
2016-09-26 10:56:54 -07:00
Nick Mathewson
1ab641a70e Remove version_known, and subtly change the meaning of protocols_known 2016-09-26 10:56:53 -07:00
Nick Mathewson
f3382bd722 Rename "proto " to "pr " in consensuses 2016-09-26 10:56:53 -07:00
Nick Mathewson
4cbfee14d4 Update prop264 implementation to split HSMid->HS{Intro,Rend} 2016-09-26 10:56:53 -07:00
Nick Mathewson
0a3da5ce79 prop264: sometimes check client _and_ server versions.
As before, we check server protocols whenever server_mode(options)
is true and we check client protocols whenever server_mode(options)
is false.

Additionally, we now _also_ check client protocols whenever any
client port is set.
2016-09-26 10:56:53 -07:00
Nick Mathewson
afe0419db7 Rename get_supported_protocols to protover_get_supported_protocols 2016-09-26 10:56:53 -07:00
Nick Mathewson
3a3120819c Rename compute_protover_vote to protover_compute_vote 2016-09-26 10:56:53 -07:00
Nick Mathewson
4f57d5871e Update authority votes to match updated proposal. 2016-09-26 10:56:52 -07:00
Nick Mathewson
e402cddefe Clean whitespace, add missing documentation 2016-09-26 10:56:52 -07:00
Nick Mathewson
1e29c68ba9 Remove DoS vector in protover.c voting code 2016-09-26 10:56:51 -07:00
Nick Mathewson
e525f5697f Use protocols to see when EXTEND2 support exists.
(Technically, we could just remove extend2 cell checking entirely,
since all Tor versions on our network are required to have it, but
let's keep this around as an example of How To Do It.)
2016-09-26 10:56:51 -07:00
Nick Mathewson
90a6fe318c Vote on 'proto' lines and include them after 'v' lines.
(Despite the increased size of the consensus, this should have
approximately zero effect on the compressed consensus size, since
the "proto" line should be completely implied by the "v" line.)
2016-09-26 10:56:51 -07:00
Nick Mathewson
f33b90324a Include protocol versions in votes. 2016-09-26 10:56:51 -07:00
Nick Mathewson
d97a385535 Workaround a test bug 2016-09-26 10:56:51 -07:00
Nick Mathewson
a3e82563df Implement voting on the protocol-version options 2016-09-26 10:56:51 -07:00
Nick Mathewson
84f913024d Include protocol version lines in votes. 2016-09-26 10:56:50 -07:00
Nick Mathewson
07a9b79520 Remove a little duplicated code before it becomes a lot 2016-09-26 10:56:50 -07:00
Nick Mathewson
c6a2204e23 Add code to infer protocol versions for old Tor versions. 2016-09-26 10:56:50 -07:00
Nick Mathewson
a232161f7b Cover the error cases of parsing protocol versions
Also, detect an additional failure type. Thanks, tests!

(How distinctly I recall thee)
2016-09-26 10:56:50 -07:00
Nick Mathewson
c1be8f9d57 Basic backend for the protocol-versions voting algorithm.
[This is a brute-force method that potentially uses way too much
RAM. Need to rethink this a little. Right now you can DOS an
authority by saying "Foo=1-4294967295".]
2016-09-26 10:56:49 -07:00
Nick Mathewson
7f718c46f3 Actually check for missing protocols and exit as appropriate. 2016-09-26 10:56:49 -07:00
Nick Mathewson
cca1e0acff Add necessary code to parse and handle required/recommended protocols 2016-09-26 10:56:49 -07:00
Nick Mathewson
4df12239f6 Emit and parse protocol lists in router descriptors 2016-09-26 10:56:49 -07:00
Nick Mathewson
b2b2e1c7f2 checkpoint basic protover backend 2016-09-26 10:56:48 -07:00
Andrea Shepard
006c26f54f Abolish globals in entrynodes.c; relativize guard context to new guard_selection_t structure 2016-09-25 02:11:44 +00:00
Nick Mathewson
6a01164538 Merge branch 'maint-0.2.8' 2016-09-23 09:30:56 -04:00
Nick Mathewson
db6153e70c Merge remote-tracking branch 'teor/broken-028-fallbacks' into maint-0.2.8 2016-09-23 09:29:55 -04:00
teor
30275b048f
Remove another fallback whose operator opted-out 2016-09-22 16:38:04 -07:00
Nick Mathewson
077f6a4888 Merge branch 'maint-0.2.8' 2016-09-22 15:20:31 -04:00
Nick Mathewson
6e96eababe Merge branch 'bug20203_027_squashed' into maint-0.2.8 2016-09-22 15:17:00 -04:00
Nick Mathewson
e4aaf76660 When clearing cells from a circuit for OOM reasons, tell cmux we did so.
Not telling the cmux would sometimes cause an assertion failure in
relay.c when we tried to get an active circuit and found an "active"
circuit with no cells.

Additionally, replace that assert with a test and a log message.

Fix for bug 20203. This is actually probably a bugfix on
0.2.8.1-alpha, specifically my code in 8b4e5b7ee9 where I
made circuit_mark_for_close_() do less in order to simplify our call
graph. Thanks to "cypherpunks" for help diagnosing.
2016-09-22 15:16:07 -04:00
Nick Mathewson
cff1274b06 Simplify a few functions that dont need to call get_latest_consensus() so much 2016-09-21 15:20:27 -04:00
Nick Mathewson
266d7733f8 fix wide lines 2016-09-21 15:15:17 -04:00
Nick Mathewson
2196c7ad64 Remove current_consensus macro.
It's a macro that calls down to a function whose behavior has been
getting progresively more complicated.... but we named it as if it
were a variable.  That's not so smart.  So, replace it with a
function call to a function that was just doing "return
current_consensus".

Fixes bug 20176.
2016-09-21 15:13:19 -04:00
Nick Mathewson
f6d7b71719 Merge remote-tracking branch 'isis/bug20201' 2016-09-21 12:20:33 -04:00
Isis Lovecruft
f1d7b7b600
Update documentation for parse_bridge_line() in src/or/config.c.
* FIXES #20201: https://bugs.torproject.org/20201
2016-09-21 13:26:34 +00:00
Nick Mathewson
62ee4f185f Merge branch 'maint-0.2.8' 2016-09-20 19:30:45 -04:00
Nick Mathewson
9ebe202da0 Merge remote-tracking branch 'public/bug20103_028_v3' into maint-0.2.8 2016-09-20 19:30:24 -04:00
Nick Mathewson
06d99aa2c4 Merge branch 'maint-0.2.8' 2016-09-20 19:29:17 -04:00
teor
19a9872be2
fixup! Update hard-coded fallback list based on pre-0.2.9 checks 2016-09-21 09:13:04 +10:00
David Goulet
32926b008b dns: Always enable DNS request for our DNSPort
Commit 41cc1f612b introduced a "dns_request"
configuration value which wasn't set to 1 for an entry connection on the
DNSPort leading to a refusal to resolve the given hostname.

This commit set the dns_request flag by default for every entry connection
made to the DNSPort.

Fixes #20109

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-09-20 15:05:31 -04:00
Nick Mathewson
9b5a19c64b Don't look at any routerstatus_t when the networkstatus is inconsistent
For a brief moment in networkstatus_set_current_consensus(), the old
consensus has been freed, but the node_t objects still have dead
pointers to the routerstatus_t objects within it.  During that
interval, we absolutely must not do anything that would cause Tor to
look at those dangling pointers.

Unfortunately, calling the (badly labeled!) current_consensus macro
or anything else that calls into we_use_microdescriptors_for_circuits(),
can make us look at the nodelist.

The fix is to make sure we identify the main consensus flavor
_outside_ the danger zone, and to make the danger zone much much
smaller.

Fixes bug 20103.  This bug has been implicitly present for AGES; we
just got lucky for a very long time.  It became a crash bug in
0.2.8.2-alpha when we merged 35bbf2e4a4 to make
find_dl_schedule start looking at the consensus, and 4460feaf28
which made node_get_all_orports less (accidentally) tolerant of
nodes with a valid ri pointer but dangling rs pointer.
2016-09-20 10:43:58 -04:00
teor
c6d51b4577
Update hard-coded fallback list based on pre-0.2.9 checks 2016-09-20 16:49:45 +10:00
Nick Mathewson
425f5e6d40 Fix a bogus memwipe length in rend_service_load_auth_keys().
Bugfix on a4f46ff8ba. Found by Coverity.
2016-09-14 10:58:53 -04:00
Nick Mathewson
4f4e995d42 Merge branch 'bug20081' 2016-09-14 10:17:04 -04:00
Nick Mathewson
2c7d09dfd2 Fix a check-spaces warning. 2016-09-13 10:24:45 -04:00
Nick Mathewson
9f0cb5af15 Merge branch 'feature-17178-v7-squashed-v2' 2016-09-13 10:20:08 -04:00
teor
f311c9ffa2 Replace OnionService* with HiddenService* in option names
And make consequential line-length adjustments.
2016-09-13 10:13:57 -04:00
teor
365ca3ca0f Refactor Single Onion code to improve consistency
* Check consistency between the two single onion torrc options
* Use the more relevant option each time we check for single onion mode
* Clarify log messages
* Clarify comments
* Otherwise, no behaviour change
2016-09-13 10:13:57 -04:00
teor
f686fa2ee6 Comments: prefer circuit_build_times_disabled() to LearnCircuitBuildTimeout 2016-09-13 10:13:57 -04:00
teor
a00fee2f54 Ephemeral Single Onion Services must have the NonAnonymous ADD_ONION flag
Tor checks that the flag matches the configured onion service anonymity.

Tor refuses to create unflagged onion service using ADD_ONION, if they
would be non-anonymous. The error is:
512 Tor is in non-anonymous onion mode

Similarly, if the NonAnonymous flag is present, and Tor has the default
anonymous onion config:
512 Tor is in anonymous onion mode
2016-09-13 10:13:57 -04:00
teor
a4f46ff8ba Refactor the hidden service code to use rend_service_path
And make consequential changes to make it less error-prone.

No behaviour change.
2016-09-13 10:13:57 -04:00
teor
65b2d34c9c Allow the unit tests to pass a service list to rend_service_load_all_keys 2016-09-13 10:13:56 -04:00
teor
41f96078c2 Refactor UseEntryNodes so the original configured value is preserved
Parse the value to UseEntryNodes_option, then set UseEntryNodes before
validating options.

This way, Authorities, Tor2web, and Single Onion Services don't write
spurious "UseEntryNodes 0" lines to their configs. Document the fact that
these tor configurations ignore UseEntryNodes in the manual page.

Also reorder options validation so we modify UseEntryNodes first, then
check its value against EntryNodes.

And silence a warning about disabled UseEntryNodes for hidden services
when we're actually in non-anonymous single onion service mode.
2016-09-13 10:13:56 -04:00
teor
0285f4f34d Use CircuitBuildTimeout whenever circuit_build_times_disabled is true
Previously, we checked LearnCircuitBuildTimeout directly.

Fixes bug #20073 in commit 5b0b51ca3 on tor 0.2.4.12-alpha.
2016-09-13 10:13:56 -04:00
teor
3e4a401ead Fix a typo in a comment in rend_consider_services_intro_points 2016-09-13 10:13:56 -04:00
teor
4d9d2553ba Fix a typo in the LearnCircuitBuildTimeout disabled log message 2016-09-13 10:13:56 -04:00
teor
c43211fd6c When LearnCircuitBuildTimeout is disabled by other options, be quieter 2016-09-13 10:13:56 -04:00
teor
07d32d2e68 Remove a duplicate non-anonymous warning log message
We log this message every time we validate tor's options.
There's no need to log a duplicate in main() as well.

(It is impossible to run main() without validating our options.)
2016-09-13 10:13:56 -04:00
teor (Tim Wilson-Brown)
831cf6d1d8 Refactor crypto init to use existing options variable 2016-09-13 10:13:56 -04:00
teor
e5ad00330c Make Tor2web work with ReachableAddresses and CRN_DIRECT_CONN
The changes in #19973 fixed ReachableAddresses being applied
too broadly, but they also broke Tor2web (somewhat unintentional)
compatibility with ReachableAddresses.

This patch restores that functionality, which makes intro and
rend point selection is consistent between Tor2web and Single Onion
Services.
2016-09-13 10:13:55 -04:00
teor
75ebbed557 Make Single Onion Service intro points respect ReachableAddresses 2016-09-13 10:13:55 -04:00
teor (Tim Wilson-Brown)
b560f852f2 Implement Prop #260: Single Onion Services
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.

Implements proposal #260, completes ticket #17178. Patch by teor & asn.

squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services

Redesign single onion service poisoning.

When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.

Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.

Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.

Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
2016-09-13 10:10:54 -04:00
teor (Tim Wilson-Brown)
b494ccc3c9 Make rend_service_free available to the unit tests
Also check that the port list exists before freeing it.

Patch by asn.
2016-09-13 10:08:06 -04:00
Nick Mathewson
8fdf2f583c Unit tests for proposal 271 client-side implementation 2016-09-13 09:45:55 -04:00
Nick Mathewson
08d2d7c404 prop272: Believe that all routers are Valid and Running.
(We check consensus method when deciding whether to assume a node is
valid.  No need to check the consensus method for Running, since
we will never see a method before 13.)

Closes ticket 20001

g
2016-09-13 09:29:22 -04:00
Nick Mathewson
20c4b01694 Make preferred_chunk_size avoid overflow, handle big inputs better
Also, add tests for the function.

Closes 20081; bugfix on 0.2.0.16-alpha. This is a Guido Vranken
issue. Thanks, Guido!
2016-09-13 09:07:12 -04:00
Nick Mathewson
64521a9d35 Merge remote-tracking branch 'public/solaris_warnings_028' 2016-09-11 16:52:24 -04:00
Nick Mathewson
3fcd5d71ad Fix typo error in bug warning in relay.c 2016-09-08 15:15:57 -04:00
Nick Mathewson
e9fdec2b1d capture and detect expected BUG messages in shared-random tests 2016-09-08 15:13:53 -04:00
Nick Mathewson
e9b1d0619f Merge remote-tracking branch 'dgoulet/ticket18693_029_01' 2016-09-07 11:46:00 -04:00
Nick Mathewson
2a3b651790 Merge remote-tracking branch 'sebastian/bug20064' 2016-09-07 11:38:43 -04:00
Nick Mathewson
af58a89b86 Merge remote-tracking branch 'teor/bug20012' 2016-09-06 19:14:02 -04:00
Nick Mathewson
128f7ffbc0 Merge remote-tracking branch 'public/ticket20002' 2016-09-06 14:27:13 -04:00
Nick Mathewson
5927ed8d33 checkSpace.pl now forbids more identifiers.
The functions it warns about are:
  assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
  strdup, strndup, calloc.

Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 12:35:37 -04:00
Nick Mathewson
440228907d Merge remote-tracking branch 'sebastian/bug20065' 2016-09-06 10:12:42 -04:00
teor
55a2bfb056
Fix an indentation issue in rend_config_services 2016-09-06 17:49:52 +10:00
Sebastian Hahn
74d710e7dc Give useful error if authority_signing_key doesn't exist 2016-09-06 00:14:20 +02:00
Sebastian Hahn
0d485fcfef Vote Exit correctly with DirAllowPrivateAddresses set
When allowing private addresses, mark Exits that only exit to private
locations as such. Fixes bug 20064; bugfix on 0.2.2.9-alpha.
2016-09-05 23:39:47 +02:00
Andrea Shepard
341a159ab4 Appease make check-spaces 2016-09-05 17:47:39 +00:00
Nick Mathewson
bbac9e1d0c Don't warn on unlink(bw_accounting) when errno == ENOENT
Patch from pastly; fixes bug 19964.
2016-08-31 10:57:09 -04:00
Nick Mathewson
c15b99e6e9 Fix a deref-before-null-check complaint
Found by coverity scan; this is CID 1372329.

Also, reindent some oddly indented code.
2016-08-31 10:32:10 -04:00
teor
0a3009bb85
Stop inadvertently upgrading client intro connections to ntor
Also stop logging the intro point details on error by default.

Fixes #20012, introduced with ntor in tor 0.2.4.8-alpha.
2016-08-31 15:10:58 +10:00
teor (Tim Wilson-Brown)
16386a8cd1
Count unix sockets when counting client listeners
Users can't run an anonymous client and non-anonymous single
onion service at the same time. We need to know whether we have
any client ports or sockets open to do this check.

When determining whether a client port (SOCKS, Trans, NATD, DNS)
is set, count unix sockets when counting client listeners. This
has no user-visible behaviour change, because these options are
set once and never read in the current tor codebase.

Don't count sockets when setting ControlPort_set, that's what
ControlSocket is for. (This will be reviewed in #19665.)

Don't count sockets when counting server listeners, because the code
that uses these options expects to count externally-visible ports.
(And it would change the behaviour of Tor.)
2016-08-31 13:41:31 +10:00
Nick Mathewson
e3bf8854c8 We no longer need to tag UseNTorHandshake as deprecated, since it is obsolete 2016-08-29 15:03:55 -04:00
Nick Mathewson
bbaa7d09a0 Merge remote-tracking branch 'teor/reject-tap-v6' 2016-08-29 15:02:11 -04:00
Nick Mathewson
9b9fb63276 prop272: When voting, include no non-Valid relays in consensus
Implements ticket 20002, and part of proposal 272.
2016-08-26 14:14:34 -04:00
Andrea Shepard
32fbc9738a Fix OOS comparator fix 2016-08-26 00:01:25 +00:00
David Goulet
9e1cb3660b Fix duplicated if condition in connection.c
Furthermore, fix a test that could returned an uninitialized value.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-08-25 14:52:28 -04:00
Nick Mathewson
1dfa2213a4 Merge remote-tracking branch 'andrea/ticket18640_v3' 2016-08-25 14:29:06 -04:00
teor (Tim Wilson-Brown)
382a28951f Check onion hostnames against client port flags
Check NoOnionTraffic before attaching a stream.

NoOnionTraffic refuses connections to all onion hostnames,
but permits non-onion hostnames and IP addresses.
2016-08-24 14:40:54 -04:00
teor (Tim Wilson-Brown)
b311f82026 Check non-onion hostnames & IP addresses against client port flags
Check NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic before
attaching a stream.

NoDNSRequest refuses connections to all non-onion hostnames,
but permits IP addresses.
NoIPv4Traffic refuses connections to IPv4 addresses, but resolves
hostnames.
NoIPv6Traffic refuses connections to IPv6 addresses, but resolves
hostnames.

Combined, they refuse all non-onion hostnames and IP addresses.
2016-08-24 14:40:54 -04:00
teor (Tim Wilson-Brown)
45b4e63519 Make Tor2Web error message clearer
Tor2Web refuses non-onion hostnames and IP addresses.
2016-08-24 14:40:54 -04:00
teor (Tim Wilson-Brown)
f41ddbecc6 Comment-only punctuation fix 2016-08-24 14:40:53 -04:00
teor (Tim Wilson-Brown)
41cc1f612b Parse *Port flags NoDNSRequest, NoOnionTraffic & OnionTrafficOnly
OnionTrafficOnly is equivalent to NoDNSRequest, NoIPv4Traffic,
and NoIPv6Traffic.

Add unit tests for parsing and checking option validity.
Add documentation for each flag to the man page.

Add changes file for all of #18693.

Parsing only: the flags do not change client behaviour (yet!)
2016-08-24 14:40:53 -04:00
Nick Mathewson
10f8607125 make check-spaces fixes 2016-08-24 13:39:22 -04:00
Nick Mathewson
5132905419 Merge branch 'maint-0.2.8' 2016-08-24 10:45:11 -04:00
teor
b1ad024d30 Fix path selection on firewalled clients
Signed-off-by: teor <teor2345@gmail.com>
2016-08-24 10:07:47 -04:00
Nick Mathewson
297635f806 Merge branch 'maint-0.2.8' 2016-08-24 10:03:19 -04:00
Nick Mathewson
d3a975ea05 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-08-24 10:02:52 -04:00
Isis Lovecruft
41ab23bed5 Replace Tonga with Bifroest.
* FIXES #19728: https://bugs.torproject.org/19728
 * CLOSES #19690: https://bugs.torproject.org/19690
2016-08-24 10:01:23 -04:00
teor
19816f2f78
Add a stub for rend_service_allow_direct_connection
It always returns 0. It should be replaced with the Single
Onion version from #17178 when both are merged.
2016-08-24 11:02:19 +10:00
teor (Tim Wilson-Brown)
10aa913acc
Client & HS ignore UseNTorHandshake, all non-HS handshakes use ntor
Rely on onion_populate_cpath to check that we're only using
TAP for the rare hidden service cases.

Check and log if handshakes only support TAP when they should support
ntor.
2016-08-24 11:02:00 +10:00
teor (Tim Wilson-Brown)
cad9046632
Improve comments in circuit_get_cpath_* 2016-08-24 10:32:22 +10:00
teor (Tim Wilson-Brown)
febd4ab0e5
Client & HS make sure every hop in every non-HS path supports ntor
When a client connects to an intro point not in the client's consensus,
or a hidden service connects to a rend point not in the hidden service's
consensus, we are stuck with using TAP, because there is no ntor link
specifier.
2016-08-24 10:32:10 +10:00
Nick Mathewson
a0398dd348 Merge remote-tracking branch 'jigsaw/fix-17758' 2016-08-23 09:57:14 -04:00
Nick Mathewson
ff65618f16 Merge remote-tracking branch 'jigsaw/fix-15381' 2016-08-23 09:55:37 -04:00
Nick Mathewson
e8d7953c61 Use tor_assert, not assert. 2016-08-23 09:24:20 -04:00
Nick Mathewson
bd45f7c668 Merge branch 'bug13953_squashed' 2016-08-23 09:22:04 -04:00
teor
a60ef72345 Reword the router_check_descriptor_address_port_consistency log message
The new message covers static and dynamic public IPv4 addresses,
and external / internal addresses in NAT setups.
2016-08-23 09:16:08 -04:00
Nick Mathewson
62b239dd9c Merge branch 'maint-0.2.8' 2016-08-22 10:19:15 -04:00
Nick Mathewson
0ba05313d5 Do not pass NULL to log(%s) in dir_server_new.
This bug had existed since 0.2.4.7-alpha, but now that we have
FallbackDirs by default, it actually matters.

Fixes bug 19947; bugfix on 0.2.4.7-alpha or maybe 0.2.8.1-alpha.

Rubiate wrote the patch; teor wrote the changes file.
2016-08-22 01:22:19 -04:00
Andrea Shepard
9a09513c0b Use connection_mark_for_close() rather than connection_mark_on_flush() on OOS 2016-08-20 04:43:01 +00:00
Andrea Shepard
31028af440 Add DisableOOSCheck option, on by default until we have better heuristics 2016-08-20 04:36:37 +00:00
Andrea Shepard
3efe92ba58 Consider the case that a connection doesn't have a valid socket during OOS 2016-08-20 03:57:32 +00:00
Andrea Shepard
1a7709d409 Add connection_is_moribund() inline 2016-08-20 03:34:16 +00:00
Andrea Shepard
a403230fe3 Use SMARTLIST_FOREACH in connection_count_moribund() per code review 2016-08-20 03:12:58 +00:00
Andrea Shepard
dbdac1dc27 s/connection_handle_oos/connection_check_oos/g per code review 2016-08-20 02:44:33 +00:00
Andrea Shepard
d65f030915 Unit test for pick_oos_victims() 2016-08-20 01:43:52 +00:00
Andrea Shepard
e17083b432 Unit test for kill_conn_list_for_oos() 2016-08-20 01:43:52 +00:00
Andrea Shepard
26c2ded00c Unit test for connection_handle_oos() 2016-08-20 01:43:51 +00:00
Andrea Shepard
709f2cbf58 Implement OOS comparator 2016-08-20 01:43:51 +00:00
Andrea Shepard
d502efbd47 Implement pick_oos_victims() except for sort step 2016-08-20 01:43:51 +00:00
Andrea Shepard
e9464737af Implement kill_conn_list_for_oos() 2016-08-20 01:43:50 +00:00
Andrea Shepard
c76d45bdec Stub out pick_oos_victims() and kill_conn_list_for_oos() 2016-08-20 01:43:50 +00:00
Andrea Shepard
2bc19171ef Implement connection_count_moribund() for OOS handler 2016-08-20 01:43:50 +00:00
Andrea Shepard
4f253d4c67 Don't say OOS unless the ConnLimit thresholds have been set 2016-08-20 01:43:49 +00:00
Andrea Shepard
34d9d02150 Stub out connection_handle_oos() and call it from places we can change the socket count or thresholds 2016-08-20 01:43:46 +00:00
Andrea Shepard
1c0c0022d8 Compute thresholds for OOS from ConnLimit_ when setting options 2016-08-20 01:42:30 +00:00
Nick Mathewson
3c8baa77a1 Log a warning when Testing options are deprecated. 2016-08-19 20:21:04 -04:00
Nick Mathewson
05ad2db283 Add comments to explain when things were deprecated 2016-08-19 20:09:51 -04:00
Nick Mathewson
507f07de09 Merge remote-tracking branch 'public/deprecation_v2' 2016-08-19 19:58:51 -04:00
Nick Mathewson
5aad921e3a Rename free_voting_schedule to voting_schedule_free. Wrap line. Follow if convention. 2016-08-19 19:44:19 -04:00
Nick Mathewson
3e8f93bb10 Merge remote-tracking branch 'jigsaw/fix-19562' 2016-08-19 19:41:53 -04:00
Daniel Pinto
8c0fdf6a27 Added a voting_schedule_free function to free voting schedules.
Existing Uses of the tor_free function on voting schedules were
replaced with voting_schedule_free.
Fixes #19562.
2016-08-16 17:53:38 +01:00
Daniel Pinto
3d6ae798cf Fixes inconsistent version prefix in log messages.
Fixes #15381.
2016-08-16 17:22:16 +01:00
Daniel Pinto
4f19f85eda Prevents negative number of written bytes on error message.
Fixes #17758.
2016-08-16 17:12:18 +01:00
teor
4b4389280e
Check parameters to router_check_descriptor_address_port_consistency 2016-08-16 14:39:46 +10:00
teor
427663428b
Refactor duplicate code in router_check_descriptor_address_consistency
No behaviour change
2016-08-16 14:05:46 +10:00
s7r
4d2b3164ec Make log message clearer
Longer and more explicit log message so we don't confuse users with behind NAT with working configurations and state that public IP addresses only should be provided with "Address", won't work with internal addresses.
2016-08-15 09:50:10 +00:00
Nick Mathewson
be820f41a3 Fix quite a few slow memory leaks in config.c
This bug was introduced in 8bbbbaf87b when we added a separate
or_options_free() function but didn't start using it everywhere.

Fixes bug 19466.
2016-08-12 18:47:35 -04:00
Nick Mathewson
7f145b54af Merge remote-tracking branch 'public/Fix_19450' 2016-08-12 16:11:28 -04:00
Andrea Shepard
09a0f2d0b2 Eliminate redundant hourly reset of descriptor download failures 2016-08-10 03:34:54 +00:00
Andrea Shepard
05853485a4 Debug logging for router/consensus descriptor download resets 2016-08-10 03:34:54 +00:00
Nick Mathewson
f5dcab8072 Add new warn_deprecated option to config_assign*().
Also, collapse all the config_assign*() options into a flags
argument, since having two boolean arguments was already confusing.
2016-08-03 12:52:26 -04:00
Nick Mathewson
f3314aa6e1 Deprecate some SocksPort sub-options. 2016-08-03 12:24:07 -04:00
Nick Mathewson
9b6ff4c882 Teach checkOptionDocs about deprecation.
In particular, teach it that deprecated options must exist.
2016-08-03 12:16:58 -04:00
Nick Mathewson
66e610da72 Mark a big pile of options as deprecated. 2016-08-03 12:08:57 -04:00
Nick Mathewson
e6220ccbf8 Add deprecation for configuration options that need to go away. 2016-08-03 11:43:19 -04:00
Nick Mathewson
c9b8d4c086 We no longer use config_var_description_t 2016-08-03 11:19:08 -04:00
Nick Mathewson
7b896fe61e Remove/fix remaining evbuffer references 2016-08-02 14:02:35 -04:00
Nick Mathewson
4d4ccc505b Search for remaining references to 'bufferevent'.
Remove or adjust as appropriate.
2016-08-02 13:59:47 -04:00
Nick Mathewson
46ef4487d3 Remove generic_buffer_*() functions as needless.
These functions were there so that we could abstract the differences
between evbuffer and buf_t.  But with the bufferevent removal, this
no longer serves a purpose.
2016-08-02 13:50:00 -04:00
Nick Mathewson
cd9d39d54b Rename generic_buffer_set_to_copy, since generic buffers are not a thing 2016-08-02 13:33:41 -04:00
Nick Mathewson
88a7a02728 Bufferevent removal: remove more bufferevent-only options
(All this IOCP stuff was bufferevent-only.)
2016-08-02 13:33:08 -04:00
Nick Mathewson
c68a23a135 Bufferevent removal: remove HAS_BUFFEREVENT macros and usage
This is another way that we had bufferevents-only code marked.
2016-08-02 13:15:10 -04:00
Nick Mathewson
8e9a6543e1 More bufferevent removal: bev_str is no longer needed in tor_init 2016-08-02 13:08:00 -04:00
teor
8c2ee16b8f
Get the extend_info_from_router check the right way around 2016-08-02 14:28:56 +10:00
Nick Mathewson
f3575a45ce Merge branch 'maint-0.2.8' 2016-07-29 10:23:38 -04:00
teor (Tim Wilson-Brown)
1c4a2dd208 Remove a fallback that was on the hardcoded list, then opted-out
The fallback was added in 0.2.8.2-alpha.
2016-07-29 10:23:15 -04:00
Andrea Shepard
1995328a3d Keep make check-spaces happy 2016-07-29 05:05:12 +00:00
Nick Mathewson
dffc6910b1 Three more -Wshadow fixes. 2016-07-28 11:24:03 -04:00
Nick Mathewson
94bff894f9 Fix a large pile of solaris warnings for bug 19767.
In nearly all cases, this is a matter of making sure that we include
orconfig.h before we include any standard c headers.
2016-07-28 10:47:46 -04:00
Nick Mathewson
9fe6fea1cc Fix a huge pile of -Wshadow warnings.
These appeared on some of the Jenkins platforms. Apparently some
GCCs care when you shadow globals, and some don't.
2016-07-28 10:22:10 -04:00
Nick Mathewson
a8676b1ede Merge branch 'bug18902_squashed' 2016-07-28 06:59:03 -04:00
Nick Mathewson
4757303873 Fix all -Wshadow warnings on Linux
This is a partial fix for 18902.
2016-07-28 06:58:44 -04:00
Nick Mathewson
f0488551e7 Merge branch 'bug19639_squashed' 2016-07-26 19:31:15 -04:00
teor (Tim Wilson-Brown)
64bf6b70a8 Check that extend_info_from_router is never called on a client 2016-07-26 19:31:05 -04:00
Nick Mathewson
d70fac15ff Merge remote-tracking branch 'teor/bug19702' 2016-07-26 19:12:23 -04:00
Nick Mathewson
61ce6dcb40 Make monotime test mocking work with oom tests. 2016-07-21 07:02:34 -04:00
Nick Mathewson
558f7d3701 Merge branch 'monotonic_v2_squashed' 2016-07-19 11:42:26 +02:00
Nick Mathewson
1e3cf1cc83 Be sure to call monotime_init() at startup. 2016-07-19 11:40:47 +02:00
Nick Mathewson
c7558c906a Use coarse monotonic timer instead of cached monotonized libevent time. 2016-07-19 11:40:46 +02:00
teor (Tim Wilson-Brown)
d8cd994ef6
Allow clients to retry HSDirs much faster in test networks 2016-07-18 13:25:15 +10:00
Andrea Shepard
94c27d4e8f Keep make check-spaces happy 2016-07-17 23:22:29 +00:00
teor (Tim Wilson-Brown)
579a80d4ae
Clients avoid choosing nodes that can't do ntor
If we know a node's version, and it can't do ntor, consider it not running.
If we have a node's descriptor, and it doesn't have a valid ntor key,
consider it not running.

Refactor these checks so they're consistent between authorities and clients.
2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
a76d528bec
Clients no longer download descriptors for relays without ntor 2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
24e8bb2d83
Relays make sure their own descriptor has an ntor key 2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
33da2abd05
Authorities reject descriptors without ntor keys
Before, they checked for version 0.2.4.18-rc or later, but this
would not catch relays without version lines, or buggy or malicious
relays missing an ntor key.
2016-07-15 09:55:49 +10:00
U+039b
c735220a0b
Remove bufferevents dead code
Signed-off-by: U+039b <*@0x39b.fr>
2016-07-14 18:46:37 +02:00
Nick Mathewson
466259eb50 Merge remote-tracking branch 'sebastian/libevent2' 2016-07-08 09:57:31 -04:00
Nick Mathewson
acba4cc954 test coverage on onion_fast: 0%->100% 2016-07-06 13:43:12 -04:00
Nick Mathewson
ae22c249c3 Improve test coverage a little on onion*.c 2016-07-06 12:37:52 -04:00
Nick Mathewson
9c1d8cdd8d Merge branch 'maint-0.2.8' 2016-07-06 10:17:22 -04:00
teor (Tim Wilson-Brown)
b167e82f62
When checking if a routerstatus is reachable, don't check the node
This fixes #19608, allowing IPv6-only clients to use
microdescriptors, while preserving the ability of bridge clients
to have some IPv4 bridges and some IPv6 bridges.

Fix on c281c036 in 0.2.8.2-alpha.
2016-07-06 14:46:22 +10:00
Nick Mathewson
78196c8822 Merge remote-tracking branch 'teor/bug18456' 2016-07-05 19:10:08 -04:00
Nick Mathewson
8cae4abbac Merge branch 'maint-0.2.8' 2016-07-05 12:43:17 -04:00
Nick Mathewson
8d25ab6347 Merge remote-tracking branch 'weasel/bug19557' into maint-0.2.8 2016-07-05 12:40:25 -04:00
Nick Mathewson
74cbbda86e Merge remote-tracking branch 'weasel/bug19556' into maint-0.2.8 2016-07-05 12:39:40 -04:00
Nick Mathewson
f54ffa463a Merge branch 'maint-0.2.8' 2016-07-05 12:23:25 -04:00
Nick Mathewson
f4408747d3 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-07-05 12:23:14 -04:00
Nick Mathewson
6e96aadadb Merge branch 'maint-0.2.6' into maint-0.2.7 2016-07-05 12:22:47 -04:00
Nick Mathewson
c28ba994ec Merge branch 'maint-0.2.5' into maint-0.2.6 2016-07-05 12:21:25 -04:00
Nick Mathewson
9d3de77d4d Merge branch 'maint-0.2.4' into maint-0.2.5 2016-07-05 12:20:42 -04:00
Nick Mathewson
e11cc95717 Merge remote-tracking branch 'asn/bug19555' 2016-07-05 12:17:21 -04:00
Nick Mathewson
87758dbebc Merge remote-tracking branch 'dgoulet/bug19567_029_01' 2016-07-05 12:14:04 -04:00
Nick Mathewson
8ba4ba0a74 Grammar.
I grepped and hand-inspected the "it's" instances, to see if any
were supposed to be possessive.  While doing that, I found a
"the the", so I grepped to see if there were any more.
2016-07-05 12:10:12 -04:00
Sebastian Hahn
e7b70b69ec Remove src/or/eventdns_tor.h based on cypherpunk's review 2016-07-04 21:39:43 +02:00
David Goulet
267e16ea61 sr: add the base16 RSA identity digest to commit
Keep the base16 representation of the RSA identity digest in the commit object
so we can use it without using hex_str() or dynamically encoding it everytime
we need it. It's used extensively in the logs for instance.

Fixes #19561

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 12:05:48 -04:00
David Goulet
cc34929abc sr: Fix comment in shared_random.h
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 11:44:10 -04:00
David Goulet
c6de05d529 sr: Remove useless code in disk_state_update()
This patch also updates a comment in the same function for accuracy.

Found by Coverity issue 1362985. Partily fixes #19567.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 11:33:41 -04:00
George Kadianakis
34bd333529 prop250: Fix voting_schedule_t memleak in sr_state_update(). 2016-07-04 17:42:25 +03:00
George Kadianakis
f03c74c631 prop250: Plug TorVersion memleak in disk_state_reset(). 2016-07-04 17:42:25 +03:00
Sebastian Hahn
265e40b481 Raise libevent dependency to 2.0.10-stable or newer
Only some very ancient distributions don't ship with Libevent 2 anymore,
even the oldest supported Ubuntu LTS version has it. This allows us to
get rid of a lot of compat code.
2016-07-04 12:40:09 +02:00
Sebastian Hahn
7ae34e722a
Remove urras as a default trusted directory authority
It had been a directory authority since 0.2.1.20.
2016-07-03 21:59:32 +02:00
Peter Palfrader
55d380f3df sandboxing: allow writing to stats/hidserv-stats
Our sandboxing code would not allow us to write to stats/hidserv-stats,
causing tor to abort while trying to write stats.  This was previously
masked by bug#19556.
2016-07-03 18:05:43 +02:00
Peter Palfrader
2c4e78d95b sandboxing: allow open() of stats dir
When sandboxing is enabled, we could not write any stats to disk.
check_or_create_data_subdir("stats"), which prepares the private stats
directory, calls check_private_dir(), which also opens and not just stats() the
directory.  Therefore, we need to also allow open() for the stats dir in our
sandboxing setup.
2016-07-03 17:47:45 +02:00
Andrea Shepard
be78e9ff37 Keep make check-spaces happy 2016-07-01 21:52:32 +00:00
Nick Mathewson
1597c42384 Fix i386 conversion warnings 2016-07-01 15:53:01 -04:00
Nick Mathewson
aaa3129043 Merge remote-tracking branch 'dgoulet/ticket16943_029_05-squashed'
Trivial Conflicts:
	src/or/or.h
	src/or/routerparse.c
2016-07-01 15:29:05 -04:00
David Goulet
36e201dffc prop250: Add a DEL state action and return const SRVs
The *get* state query functions for the SRVs now only return const pointers
and the DEL action needs to be used to delete the SRVs from the state.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
David Goulet
4a1904c126 prop250: Use the new dirvote_get_intermediate_param_value for AuthDirNumSRVAgreements
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
Nick Mathewson
6927467bef Refactor parameter computation and add a helper function
This patch makes us retain the intermediate list of K=V entries for
the duration of computing our vote, and lets us use that list with
a new function in order to look up parameters before the consensus
is published.

We can't actually use this function yet because of #19011: our
existing code to do this doesn't actually work, and we'll need a new
consensus method to start using it.

Closes ticket #19012.
2016-07-01 14:01:42 -04:00
David Goulet
09ecbdd8ee prop250: Fix format string encoding in log statement
Commit and reveal length macro changed from int to unsigned long int
(size_t) because of the sizeof().

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
David Goulet
e62f3133bb prop250: Change reveal_num to uint64_t and version to uint32_t
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
George Kadianakis
899d2b890b prop250: Don't use {0} to init static struct -- causes warning on clang.
See ticket #19132 for the clang/llvm warning.

Since voting_schedule is a global static struct, it will be initialized
to zero even without explicitly initializing it with {0}.

This is what the C spec says:

	If an object that has automatic storage duration is not initialized
	explicitly, its value is indeterminate. If an object that has static
	storage duration is not initialized explicitly, then:

	— if it has pointer type, it is initialized to a null pointer;
	— if it has arithmetic type, it is initialized to (positive or unsigned) zero;
	— if it is an aggregate, every member is initialized (recursively) according to these rules;
	— if it is a union, the first named member is initialized (recursively) according to these rules.
2016-07-01 14:01:41 -04:00
George Kadianakis
ebbff31740 prop250: Silence a logging message.
LOG_NOTICE is a bit too much for that one.
2016-07-01 14:01:41 -04:00
George Kadianakis
f6f4668b1d prop250: Don't reject votes containing commits of unknown dirauths.
Instead just ignore those commits.

Squash this commit with 33b2ade.
2016-07-01 14:01:41 -04:00
David Goulet
5fe9a50c31 prop250: Pass the dst length to sr_srv_encode()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
d43646e191 prop250: Fix unit tests about the RSA fingerprint check
Code has been changed so every RSA fingerprint for a commit in our state is
validated before being used. This fixes the unit tests by mocking one of the
key function and updating the hardcoded state string.

Also, fix a time parsing overflow on platforms with 32bit time_t

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
cd858d78a7 prop250: Sort commits in lexicographical order in votes
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
63ca307127 prop250: Improve log messages
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
George Kadianakis
edea044147 prop250: Sort smartlist before you get most frequent SRV.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
545b77e2f8 prop250: Only trust known authority when computing SRV
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
0f27d92e4c prop250: Add version to Commit line in vote and state
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
8ac88f6f97 prop250: Add a valid flag to sr_commit_t
We assert on it using the ASSERT_COMMIT_VALID() macro in critical places
where we use them expecting a commit to be valid.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
056b6186ad prop250: Use RSA identity digest instead of fingerprint
The prop250 code used the RSA identity key fingerprint to index commit in a
digestmap instead of using the digest.

To behavior change except the fact that we are actually using digestmap
correctly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
c0cec2ffd3 prop250: change time_t to uint64_t
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-07-01 14:01:41 -04:00
David Goulet
39be8af709 prop250: Add unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
727d419a9d prop250: Initialize the SR subsystem and us it!
This commit makes it that tor now uses the shared random protocol by
initializing the subsystem.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
0c26a6db7e prop250: Parse votes and consensus
One of the last piece that parses the votes and consensus in order to update
our state and make decision for the SR values.

We need to inform the SR subsystem when we set the current consensus because
this can be called when loaded from file or downloaded from other authorities
or computed.

The voting schedule is used for the SR timings since we are bound to the
voting system.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
ca6ceec112 prop250: Put commits and SRVs in votes/consensus
This commit adds the commit(s) line in the vote as well as the SR values. It
also has the mechanism to add the majority SRVs in the consensus.

Signed-off-by: George Kadianakis <desnacked@riseup.net>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 13:25:03 -04:00
David Goulet
5b183328fd prop250: Add commit and SR values generation code
This adds the logic of commit and SR values generation. Furthermore, the
concept of a protocol run is added that is commit is generated at the right
time as well as SR values which are also rotated before a new protocol run.

Signed-off-by: George Kadianakis <desnacked@riseup.net>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 13:23:27 -04:00
Nick Mathewson
ac9784f7f5 Fix a missing break; in dump_desc_init()
Found by coverity scan; this is CID 1362983
2016-07-01 10:02:22 -04:00
Nick Mathewson
0531d5155e Merge remote-tracking branch 'teor/bug19530-v2' 2016-07-01 10:00:37 -04:00
Nick Mathewson
903ec20c0b Merge branch 'maint-0.2.8' 2016-07-01 09:54:08 -04:00
teor (Tim Wilson-Brown)
514f0041d1
Avoid disclosing exit IP addresses in exit policies by default
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses
they knew about in their exit policy. But this may have disclosed
addresses that were otherwise unlisted.

Now, only advertised addresses are rejected by default by
ExitPolicyRejectPrivate. All known addresses are only rejected when
ExitPolicyRejectLocalInterfaces is explicitly set to 1.
2016-07-01 15:37:13 +10:00
teor (Tim Wilson-Brown)
744077dd15
When tor can't find a directory, log less 2016-07-01 14:26:00 +10:00
teor (Tim Wilson-Brown)
516c02b178
Make authority_certs_fetch_missing support bridge hints
This also fixes an issue where bridge clients may have found a
routerstatus for a directory mirror, and connected to it directly.
2016-07-01 14:01:25 +10:00
teor (Tim Wilson-Brown)
f90bfaae8d
Refactor duplicate code in authority_certs_fetch_missing 2016-07-01 14:00:25 +10:00
teor (Tim Wilson-Brown)
d3ca6fe475
Call purpose_needs_anonymity in authority_certs_fetch_missing 2016-07-01 14:00:20 +10:00
teor (Tim Wilson-Brown)
b4dcf56768
Hex-encode raw digest before printing in authority_certs_fetch_missing 2016-07-01 14:00:07 +10:00
teor (Tim Wilson-Brown)
596ccbf839
Refactor authority_certs_fetch_missing to call get_options once 2016-07-01 09:35:27 +10:00
Nick Mathewson
69e22e294b Set binary mode when checking malformed descriptor. 2016-06-30 18:23:58 -04:00
Nick Mathewson
b750a77e3f fix naked memcmps 2016-06-30 15:34:16 -04:00
Nick Mathewson
2713de2a47 Fix more naked strdup/malloc/free instances 2016-06-30 14:36:31 -04:00
Nick Mathewson
c3b720fb26 Try to fix warnings when size_t is smaller than st.st_size. 2016-06-30 14:20:04 -04:00
Nick Mathewson
b5beb2afa6 fix a syntax warning 2016-06-30 14:19:55 -04:00
Nick Mathewson
ded7e8093c Fix three -Wtautological-constant-out-of-range-compare warnings. 2016-06-30 14:08:28 -04:00
Nick Mathewson
3627718348 Fix -Wextra-semi warning 2016-06-30 13:50:16 -04:00
Nick Mathewson
6d2f006bf4 Fix a 32-bit compilation failure 2016-06-30 13:47:45 -04:00
Nick Mathewson
8917c4f19f A little more specificity in documentation for getinfo download/ stuff
Also, a const.
2016-06-30 13:42:38 -04:00
Nick Mathewson
cb54390e0f Merge remote-tracking branch 'andrea/ticket19323_squashed' 2016-06-30 11:44:58 -04:00
Nick Mathewson
c6846d7bf0 Merge remote-tracking branch 'andrea/bug18322_v3_squashed' 2016-06-30 11:18:00 -04:00
Andrea Shepard
13a16e0011 Also check if the sandbox is configured as well as if it's active; sandbox_init() runs rather late in the startup process 2016-06-30 09:37:23 +00:00
Andrea Shepard
34d9dabed1 Do sandbox_is_active() check before reconstructing dump_desc() FIFO on startup too 2016-06-30 07:45:55 +00:00
Andrea Shepard
9580b99dab Add unit test for dump_desc_populate_fifo_from_directory() 2016-06-30 07:03:26 +00:00
Andrea Shepard
f99c9df02b Make things mockable for dump_desc_populate_fifo_from_directory() unit test 2016-06-30 07:03:26 +00:00
Andrea Shepard
42f089473a Unit test for dump_desc_populate_one_file() 2016-06-30 07:03:26 +00:00
Andrea Shepard
421cf21b3c Reload unparseable descriptor dump FIFO state from on-disk dumped descriptors at startup 2016-06-30 07:03:26 +00:00
Andrea Shepard
38cced90ef Move unparseable descriptor dumps into subdirectory of DataDir 2016-06-30 07:03:25 +00:00
Andrea Shepard
dc37546cff Add sandbox_is_active() check to dump_desc() 2016-06-30 07:03:25 +00:00
Andrea Shepard
603f483092 Use uint64_t for total length of dumped descriptors, nad be careful about overflows in the loop in dump_desc_fifo_add_and_clean() 2016-06-30 07:03:25 +00:00
Andrea Shepard
2a17b93cc4 Make options_get_datadir_fname2_suffix() mockable 2016-06-30 07:03:25 +00:00
Andrea Shepard
35fc5879fb Expose a few more dump_desc()-related things to the test suite 2016-06-30 07:03:25 +00:00
Andrea Shepard
17ed2fed68 Expose dump_desc() to the test suite and make things it calls mockable 2016-06-30 07:03:24 +00:00
Andrea Shepard
726dc9acf5 Remove old unparseable descriptor logging mechanism, add bump-to-head-of-queue for repeated unparseable descriptors, rename config variable 2016-06-30 07:03:24 +00:00
Andrea Shepard
1cde3e2776 Add multiple descriptor dump support for dump_desc() in routerparse.c; fixes bug 18322 2016-06-30 07:03:24 +00:00
Roger Dingledine
4dc7b3ca28 fix typo 2016-06-29 22:56:56 -04:00
Nick Mathewson
7602b0b31f Merge remote-tracking branch 'weasel/bug19503' 2016-06-29 16:10:10 -04:00
Andrea Shepard
657eaee6ae Expose GETINFO download status statics for test suite and make things mockable 2016-06-29 05:55:42 +00:00
Andrea Shepard
c692900728 Add bridge descriptor download status queries to GETINFO 2016-06-29 05:55:42 +00:00
Andrea Shepard
8798ca4be2 Add router descriptor download status queries to GETINFO 2016-06-29 05:55:42 +00:00
Andrea Shepard
18c6e13993 Expose authority certificate download statuses on the control port 2016-06-29 05:55:42 +00:00
Nick Mathewson
f42dbc4e26 Merge branch 'maint-0.2.8' 2016-06-28 19:15:43 -04:00
Nick Mathewson
2c9354fc10 Merge branch 'bug19071-extra-squashed' into maint-0.2.8 2016-06-28 19:15:20 -04:00
teor (Tim Wilson-Brown)
26146dbe9e Comment-out fallbacks in a way the stem fallback parser understands
If we manually remove fallbacks in C by adding '/*' and '*/' on separate
lines, stem still parses them as being present, because it only looks at
the start of a line.

Add a comment to this effect in the generated source code.
2016-06-28 19:15:08 -04:00
Nick Mathewson
d793a988cd Merge branch 'maint-0.2.8' 2016-06-28 11:22:48 -04:00
Nick Mathewson
bc9a0f82b3 whitespace fixes 2016-06-28 11:14:42 -04:00
Nick Mathewson
f87aa4555d Merge remote-tracking branch 'teor/bug18812' into maint-0.2.8 2016-06-28 11:12:51 -04:00
teor (Tim Wilson-Brown)
608c12baaf
Resolve bug18812 by logging fallback key changes at info level 2016-06-28 14:18:16 +10:00
teor (Tim Wilson-Brown)
812fd416ef
Make it clear that fallbacks include authorities
Comment-only change
2016-06-28 14:14:04 +10:00
teor (Tim Wilson-Brown)
14b1c7a66e
Refactor connection_or_client_learned_peer_id for bug18812
No behavioural change.
Also clarify some comments.
2016-06-28 14:12:18 +10:00
Nick Mathewson
4e2a7cd3ae Add missing braces around conditional. 2016-06-27 13:19:49 -04:00
Nick Mathewson
14169a3d70 Remove an always-true condition: all ints are <= INT_MAX 2016-06-27 13:18:54 -04:00
Andrea Shepard
8cf9fe5ba6 Expose consensus download statuses on the control port 2016-06-27 16:38:37 +00:00
Peter Palfrader
54c3066c72 Fix a typo in the getting passphrase prompt for the ed25519 identity key 2016-06-25 13:33:35 +02:00
Nick Mathewson
703254a832 Merge remote-tracking branch 'public/bug15942_v2_alternative' 2016-06-23 09:01:24 -04:00
teor (Tim Wilson-Brown)
828e2e1a2e
Remove a fallback that changed DirPort
The operator has confirmed that the DirPort change is perament.
The relay will be reconsidered as a fallback in 0.2.9.
2016-06-23 10:38:03 +10:00
Nick Mathewson
61dac57aa3 Merge branch 'maint-0.2.8' 2016-06-22 08:20:11 -04:00
teor (Tim Wilson-Brown)
69635e41c8
Remove and blacklist 3 fallbacks which disappeared
Blacklist them in case they appear again.
2016-06-22 12:18:10 +10:00
teor (Tim Wilson-Brown)
b15cecd4f8
Remove 2 fallbacks: one lost guard, the other had bad uptime
Leave these fallbacks in the whitelist, they may improve before 0.2.9.
2016-06-22 12:18:06 +10:00
teor (Tim Wilson-Brown)
7e9532b9be
Remove and blacklist 4 fallbacks which are unsuitable
Remove a fallback that changed its fingerprint after it was listed
This happened after to a software update:
https://lists.torproject.org/pipermail/tor-relays/2016-June/009473.html

Remove a fallback that changed IPv4 address

Remove two fallbacks that were slow to deliver consensuses,
we can't guarantee they'll be fast in future.

Blacklist all these fallbacks until operators confirm they're stable.
2016-06-22 12:16:57 +10:00
Nick Mathewson
cb8557f7c9 Merge branch 'maint-0.2.8' 2016-06-21 09:00:40 -04:00
Ivan Markin
b432efb838 Remove useless message about nonexistent onion services after uploading a descriptor 2016-06-21 09:00:22 -04:00
Nick Mathewson
dd9cebf109 Merge branch 'maint-0.2.8' 2016-06-21 08:54:49 -04:00
George Kadianakis
f038e9cb00 Fix bug when disabling heartbeats.
Callbacks can't return 0.
2016-06-21 08:54:30 -04:00
David Goulet
b3b4ffce2e prop250: Add memory and disk state in new files
This commit introduces two new files with their header.

"shared_random.c" contains basic functions to initialize the state and allow
commit decoding for the disk state to be able to parse them from disk.

"shared_random_state.c" contains everything that has to do with the state
for both our memory and disk. Lots of helper functions as well as a
mechanism to query the state in a synchronized way.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-06-20 15:26:58 -04:00
Nick Mathewson
2f75b34dce Patch from dgoulet: fix a base16 problem that manifested w stem 2016-06-20 13:37:45 -04:00
Nick Mathewson
a09ec22a9b Simpler implementation of random exponential backoff.
Consumes more entropy, but is easier to read.
2016-06-20 10:10:02 -04:00
nikkolasg
568dc27a19 Make base16_decodes return number of decoded bytes
base16_decodes() now returns the number of decoded bytes. It's interface
changes from returning a "int" to a "ssize_t". Every callsite now checks the
returned value.

Fixes #14013

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-20 08:44:58 -04:00
Andrea Shepard
5a4ed29f01 Better comments on exponential-backoff related members of download_status_t 2016-06-18 19:05:46 +00:00
Andrea Shepard
1f1df4ab74 Move exponential-random backoff computation out of download_status_schedule_get_delay() into separate function, per code review 2016-06-18 18:23:55 +00:00
Andrea Shepard
1dfbfd319e Better comment for download_status_schedule_get_delay() per code review 2016-06-18 17:11:32 +00:00
Andrea Shepard
6370c4ee87 Use exponential backoff for router descriptor downloads from consensuses 2016-06-18 16:32:17 +00:00
Andrea Shepard
5cb27d8991 Use exponential backoffs for bridge descriptor downloads 2016-06-18 16:32:17 +00:00
Andrea Shepard
36d45a9f64 Use exponential backoffs for certificate downloads 2016-06-18 16:32:17 +00:00
Andrea Shepard
5104e5645f Use exponential backoffs for consensus downloads 2016-06-18 16:32:16 +00:00
Andrea Shepard
695b0bd1d5 Implement DL_SCHED_RANDOM_EXPONENTIAL support for download_status_t 2016-06-18 16:32:16 +00:00
David Goulet
ab35f9de46 Correctly close intro circuit when deleting ephemeral HS
When deleting an ephemeral HS, we were only iterating on circuit with an
OPEN state. However, it could be possible that an intro point circuit didn't
reached the open state yet.

This commit makes it that we close the circuit regardless of its state
except if it was already marked for close.

Fixes #18604

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-16 13:09:24 -04:00
David Goulet
c7f1b46a10 Perform cache lookup when FetchHidServDescriptors is set
The FetchHidServDescriptors check was placed before the descriptor cache
lookup which made the option not working because it was never using the
cache in the first place.

Fixes #18704

Patched-by: twim
Signef-off-by: David Goulet <dgoulet@torproject.org>
2016-06-15 10:04:07 -04:00
Nick Mathewson
4c90cdc0e7 Coverity dislikes (double) (int/int).
When you divide an int by an int and get a fraction and _then_ cast
to double, coverity assumes that you meant to cast to a double
first.

In my fix for -Wfloat-conversion in 493499a339, I
did something like this that coverity didn't like.

Instead, I'm taking another approach here.

Fixes CID 1232089, I hope.
2016-06-13 11:25:19 -04:00
Andrea Shepard
925f76b486 Keep make check-spaces happy 2016-06-12 21:47:14 +00:00
Roger Dingledine
0616fd6fb6 typo/comment/log fixes i found in my sandbox from montreal 2016-06-12 16:14:15 -04:00
Nick Mathewson
ada5668c5e Merge remote-tracking branch 'public/bug19203_027' into maint-0.2.8 2016-06-11 10:16:00 -04:00
Nick Mathewson
d6b2af7a3a Merge branch 'bug19180_easy_squashed' 2016-06-11 10:15:40 -04:00
Nick Mathewson
53a3b39da1 Add -Wmissing-variable-declarations, with attendant fixes
This is a big-ish patch, but it's very straightforward.  Under this
clang warning, we're not actually allowed to have a global variable
without a previous extern declaration for it.  The cases where we
violated this rule fall into three roughly equal groups:
  * Stuff that should have been static.
  * Stuff that was global but where the extern was local to some
    other C file.
  * Stuff that was only global when built for the unit tests, that
    needed a conditional extern in the headers.

The first two were IMO genuine problems; the last is a wart of how
we build tests.
2016-06-11 10:11:54 -04:00
Nick Mathewson
80f1a2cbbd Add the -Wextra-semi warning from clang, and fix the cases where it triggers 2016-06-11 10:11:54 -04:00
Nick Mathewson
c3adbf755b Resolve some warnings from OSX clang. 2016-06-11 10:11:53 -04:00
Nick Mathewson
9bbd6502f0 Use autoconf, not gcc version, to decide which warnings we have
This gives more accurate results under Clang, which can only help us
detect more warnings in more places.

Fixes bug 19216; bugfix on 0.2.0.1-alpha
2016-06-11 10:11:53 -04:00
Nick Mathewson
8f2d2933f9 Use -Wdouble-promotion in GCC >= 4.6
This warning triggers on silently promoting a float to a double.  In
our code, it's just a sign that somebody used a float by mistake,
since we always prefer double.
2016-06-11 10:11:52 -04:00
Nick Mathewson
493499a339 Add -Wfloat-conversion for GCC >= 4.9
This caught quite a few minor issues in our unit tests and elsewhere
in our code.
2016-06-11 10:11:52 -04:00
Nick Mathewson
b14c1f4082 Merge remote-tracking branch 'public/bug19203_027' into HEAD 2016-06-11 10:11:44 -04:00
Nick Mathewson
4f8086fb20 Enable -Wnull-dereference (GCC >=6.1), and fix the easy cases
This warning, IIUC, means that the compiler doesn't like it when it
sees a NULL check _after_ we've already dereferenced the
variable. In such cases, it considers itself free to eliminate the
NULL check.

There are a couple of tricky cases:

One was the case related to the fact that tor_addr_to_in6() can
return NULL if it gets a non-AF_INET6 address.  The fix was to
create a variant which asserts on the address type, and never
returns NULL.
2016-06-11 10:10:29 -04:00
Nick Mathewson
c274f825da Merge remote-tracking branch 'asn/bug17688' 2016-06-11 10:07:15 -04:00
Andrea Shepard
9eeaeddbb1 Reduce make check-spaces noise 2016-06-09 11:50:25 +00:00
George Kadianakis
36dd9538d9 Don't rely on consensus parameter to use a single guard. 2016-06-07 17:22:47 +03:00
Nick Mathewson
c19a3d1bf8 Merge branch 'maint-0.2.8' 2016-06-06 10:18:07 -04:00
Nick Mathewson
6eeedc02d8 Use directory_must_use_begindir to predict we'll surely use begindir
Previously, we used !directory_fetches_from_authorities() to predict
that we would tunnel connections.  But the rules have changed
somewhat over the course of 0.2.8
2016-06-02 10:40:39 -04:00
Nick Mathewson
4f1a04ff9c Replace nearly all XXX0vv comments with smarter ones
So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we
had better revisit this comment and fix it!"

But we have a huge pile of such comments accumulated for a large
number of released versions!  Not cool.

So, here's what I tried to do:

  * 0.2.9 and 0.2.8 are retained, since those are not yet released.

  * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks
    quite important!"

  * The others, after one-by-one examination, are downgraded to
    plain old XXX.  Which doesn't mean they aren't a problem -- just
    that they cannot possibly be a release-blocking problem.
2016-05-30 16:18:16 -04:00
Nick Mathewson
ce31db4326 We no longer generate v0 directories. Remove the code to do so 2016-05-30 16:05:37 -04:00
Nick Mathewson
bdc59e33c1 Fix a warning on unnamed nodes in node_get_by_nickname().
There was a > that should have been an ==, and a missing !.  These
together prevented us from issuing a warning in the case that a
nickname matched an Unnamed node only.

Fixes bug 19203; bugfix on 0.2.3.1-alpha.
2016-05-30 12:03:03 -04:00
Nick Mathewson
1e5ad15688 Merge remote-tracking branch 'arma/task19035-fixedup' 2016-05-27 13:22:16 -04:00
Roger Dingledine
3b83da1069 remove a now-unused section of or.h 2016-05-27 12:32:41 -04:00
Roger Dingledine
500c4bf807 remove an unneeded layer of indentation
no actual behavior changes
2016-05-27 11:15:21 -04:00
Roger Dingledine
11d52a449c Disable GET /tor/bytes.txt and GETINFO dir-usage
Remove support for "GET /tor/bytes.txt" DirPort request, and
"GETINFO dir-usage" controller request, which were only available
via a compile-time option in Tor anyway.

Feature was added in 0.2.2.1-alpha. Resolves ticket 19035.
2016-05-27 11:15:21 -04:00
Nick Mathewson
437cbb17c2 Merge remote-tracking branch 'asn/feature19036' 2016-05-27 10:37:11 -04:00
Nick Mathewson
476714e1a4 Merge remote-tracking branch 'arma/bug18840' 2016-05-27 10:35:55 -04:00
Nick Mathewson
8c1c71aa2c Merge branch 'maint-0.2.8' 2016-05-26 12:12:54 -04:00
Nick Mathewson
a873ba8edd Fix two long lines 2016-05-26 12:11:57 -04:00
George Kadianakis
d875101e03 Functionify code that writes votes to disk. 2016-05-26 15:35:13 +03:00
Nick Mathewson
28cbcd033c Merge branch 'maint-0.2.8' 2016-05-25 16:40:51 -04:00
Nick Mathewson
9cf6af76eb Fix a double-free bug in routerlist_reparse_old
I introduced this bug when I moved signing_key_cert into
signed_descriptor_t. Bug not in any released Tor.  Fixes bug 19175, and
another case of 19128.

Just like signed_descriptor_from_routerinfo(), routerlist_reparse_old()
copies the fields from one signed_descriptor_t to another, and then
clears the fields from the original that would have been double-freed by
freeing the original.  But when I fixed the s_d_f_r() bug [#19128] in
50cbf22099, I missed the fact that the code was duplicated in
r_p_o().

Duplicated code strikes again!

For a longer-term solution here, I am not only adding the missing fix to
r_p_o(): I am also extracting the duplicated code into a new function.

Many thanks to toralf for patiently sending me stack traces until
one made sense.
2016-05-25 16:11:35 -04:00
Nick Mathewson
b53a2059c4 Expose crypto_digest_algorithm_get_length from crypto.c
Also, use it in routerparse.c
2016-05-23 10:58:27 -04:00
Nick Mathewson
2a884926c0 Merge remote-tracking branch 'dgoulet/bug19066_029_01' 2016-05-23 10:45:13 -04:00
Nick Mathewson
9c7edb0f3e Merge branch 'maint-0.2.8' 2016-05-20 10:46:50 -04:00
Nick Mathewson
acc083b520 Make another variable unsigned. 2016-05-20 08:12:09 -04:00
Nick Mathewson
50cbf22099 Fix a bug related to moving signing_key_cert
Now that the field exists in signed_descriptor_t, we need to make
sure we free it when we free a signed_descriptor_t, and we need to
make sure that we don't free it when we convert a routerinfo_t to a
signed_descriptor_t.

But not in any released Tor. I found this while working on #19128.

One problem: I don't see how this could cause 19128.
2016-05-20 07:59:09 -04:00
Nick Mathewson
2775dd8649 Compute HS stats outputs without round_int64_...
Fix for bug 19130.
2016-05-19 21:21:24 -04:00
Nick Mathewson
dcc4fd4403 Merge branch 'maint-0.2.8' 2016-05-19 16:05:13 -04:00
Nick Mathewson
33841a6030 Merge remote-tracking branch 'teor/fix18809-warnings' into maint-0.2.8 2016-05-19 16:04:56 -04:00
Nick Mathewson
4a14c2cfc7 Merge branch 'maint-0.2.8' 2016-05-19 15:56:39 -04:00
Nick Mathewson
0d6f293e0e Merge remote-tracking branch 'public/bug19073' into maint-0.2.8 2016-05-19 15:56:31 -04:00
teor (Tim Wilson-Brown)
c5d87ef6af
Describe what happens when we get a consensus, but no certificates
Comment-only change
2016-05-19 12:35:09 -04:00
Nick Mathewson
d718c717a6 Merge branch 'maint-0.2.8' 2016-05-19 08:25:12 -04:00
Nick Mathewson
9f217c83b0 Merge branch 'bug18809_028_squashed' into maint-0.2.8 2016-05-19 08:17:02 -04:00
teor (Tim Wilson-Brown)
f698b509d8 Add unit tests for networkstatus_consensus_is_bootstrapping 2016-05-19 07:58:41 -04:00
teor (Tim Wilson-Brown)
d5c70d7102 Restore and improve download schedule unit tests 2016-05-19 07:58:41 -04:00
teor (Tim Wilson-Brown)
ab0a7e2961 Remove consensus_max_download_tries by refactoring
No behaviour change

This function is used twice. The code is simpler if we split
it up and inline it where it is used.
2016-05-19 07:58:40 -04:00
teor (Tim Wilson-Brown)
84ab26c320 Stop downloading consensuses when a consensus has been downloaded
Previosuly, during bootstrap, we would continue to download
consensuses if we had a consensus, but didn't have the certificates
to validate it.
2016-05-19 07:58:40 -04:00
Nick Mathewson
2729f166cb whitespace fixes 2016-05-17 20:08:03 -04:00
Nick Mathewson
ab932cd7bf Remove duplicate siging_key_cert fields.
With the fix for #17150, I added a duplicate certificate here.  Here
I remove the original location in 0.2.8.  (I wouldn't want to do
that in 027, due to the amount of authority-voting-related code
drift.)

Closes 19073.
2016-05-17 20:04:16 -04:00
Nick Mathewson
a7f6e434be Merge branch 'maint-0.2.8' 2016-05-17 19:48:49 -04:00
Nick Mathewson
3f49474349 Merge branch 'bug17150_027_extra' into maint-0.2.8 2016-05-17 19:47:22 -04:00
Nick Mathewson
00f74e0372 Improve API of routerinfo_incompatible_with_extrainfo()
This API change makes it so that routerinfo_incompatible...() no
longer takes a routerinfo_t, so that it's obvious that it should
only look at fields from the signed_descriptor_t.

This change should prevent a recurrence of #17150.
2016-05-17 13:24:01 -04:00
Nick Mathewson
49ff09aef2 Fix another, more subtle, case of bug 17150.
We need to make sure that the corresponding sd and ei match in their
certificates.
2016-05-17 13:16:36 -04:00
Nick Mathewson
8acfac7375 Copy the signing_key_cert field into signed_descriptor_t
We need this field to be in signed_descriptor_t so that
routerinfo_incompatible_with_extrainfo can work correctly (#17150).
But I don't want to move it completely in this patch, since a great
deal of the code that messes with it has been in flux since 0.2.7,
when this ticket was opened.  I should open another ticket about
removing the field from routerinfo_t and extrainfo_t later on.

This patch fixes no actual behavior.
2016-05-17 13:14:04 -04:00
Nick Mathewson
64748f2f98 Fix documentation for routerinfo_incompatible_with_extrainfo 2016-05-17 13:08:34 -04:00
Nick Mathewson
7d1eb0d570 When making sure digest256 matches in ei, look at sd, not ri.
The routerinfo we pass to routerinfo_incompatible_with_extrainfo is
the latest routerinfo for the relay.  The signed_descriptor_t, on
the other hand, is the signed_descriptor_t that corresponds to the
extrainfo.  That means we should be checking the digest256 match
with that signed_descriptor_t, not with the routerinfo.

Fixes bug 17150 (and 19017); bugfix on 0.2.7.2-alpha.
2016-05-17 12:57:03 -04:00
Nick Mathewson
44da47d3c1 Move extra_info_digest256 into signed_descriptor_t
This patch includes no semantic changes; it's just a field movement.

It's prerequisite for a fix to 19017/17150.
2016-05-17 12:53:12 -04:00
Nick Mathewson
36909674b4 Merge remote-tracking branch 'teor/bug18963-remember-v2' 2016-05-17 12:15:53 -04:00
Nick Mathewson
6382cd93cb Merge branch 'maint-0.2.8' 2016-05-17 11:10:20 -04:00
Nick Mathewson
548d14247e Merge remote-tracking branch 'arma/bug18616-v4' into maint-0.2.8 2016-05-17 10:48:12 -04:00
Roger Dingledine
06031b441e touchups and refactorings on bug 18616 branch
no behavior changes
2016-05-16 17:43:47 -04:00
David Goulet
50ff24e276 dirauth: don't use hardcoded length when parsing digests
When parsing detached signature, we make sure that we use the length of the
digest algorithm instead of an hardcoded DIGEST256_LEN in order to avoid
comparing bytes out of bound with a smaller digest length such as SHA1.

Fixes #19066

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-05-16 11:18:51 -04:00
Nick Mathewson
607a9056d4 Merge branch 'ftrapv_v3'
There were some conflicts here, and some breakage to fix concerning
library link order in newer targets.
2016-05-12 13:00:45 -04:00
Nick Mathewson
e40cfc4425 Move the ctime part of choose_array_element_by_weight into di_ops
This way it gets the ctime options.
2016-05-12 11:21:28 -04:00
Nick Mathewson
20432fc541 Refactor out u64_dbl_t
This type saved a tiny amount of allocation, but not enough to be
worth keeping.

(This is in preparation for moving choose_array_element_by_weight)
2016-05-12 11:21:28 -04:00
Nick Mathewson
ce854a8d22 Add -ftrapv to gcc-hardening ... mostly!
We know there are overflows in curve25519-donna-c32, so we'll have
to have that one be fwrapv.

Only apply the asan, ubsan, and trapv options to the code that does
not need to run in constant time.  Those options introduce branches
to the code they instrument.

(These introduced branches should never actually be taken, so it
might _still_ be constant time after all, but branch predictors are
complicated enough that I'm not really confident here. Let's aim for
safety.)

Closes 17983.
2016-05-12 11:21:28 -04:00
Nick Mathewson
58e0e587a6 Merge branch 'maint-0.2.8' 2016-05-12 11:09:40 -04:00
Nick Mathewson
ce6f2d1c4d Merge remote-tracking branch 'arma/bug19003-try2' into maint-0.2.8 2016-05-12 11:09:33 -04:00
Roger Dingledine
5a83122961 Authorities now sort the "package" lines in their votes
(They are already sorted in the consensus documents)

Fixes bug 18840; bugfix on 0.2.6.3-alpha.
2016-05-11 19:04:13 -04:00
Roger Dingledine
694f1fe808 write v3-status-votes file earlier in consensus voting
Make directory authorities write the v3-status-votes file out
to disk earlier in the consensus process, so we have the votes
even if we abort the consensus process later on.

Resolves ticket 19036.
2016-05-11 17:34:38 -04:00
Nick Mathewson
e3a4511049 Merge remote-tracking branch 'public/bug18815' 2016-05-11 14:12:39 -04:00
Roger Dingledine
ad8b9dcd47 Merge branch 'maint-0.2.8' 2016-05-11 13:43:06 -04:00
Roger Dingledine
163cee1b64 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-11 13:42:40 -04:00
Roger Dingledine
d40e8695f4 unbreak the build (when warnings are enabled) 2016-05-11 13:42:00 -04:00
Nick Mathewson
60e9e48448 Merge branch 'ticket16698_v2' 2016-05-11 13:39:38 -04:00
Nick Mathewson
03ae44a9e8 Fix comment for directory_handle_command_get 2016-05-11 13:39:11 -04:00
teor (Tim Wilson-Brown)
cdb528d841
Fetch certificates from the same directory as previous certificates
Improves the fix to #18963.
2016-05-11 13:30:30 -04:00
teor (Tim Wilson-Brown)
730cfeb6bd
Fetch certificates from the same directory as the consensus
Resolves ticket 18963; fix on #4483 in 0.2.8.1-alpha.
2016-05-11 13:30:08 -04:00
Nick Mathewson
3c6f059e6a Merge remote-tracking branch 'arma/feature18760' 2016-05-11 13:22:31 -04:00
Nick Mathewson
e9e6a1f547 Merge branch 'maint-0.2.8' 2016-05-11 13:20:57 -04:00
Nick Mathewson
8d962233f6 Merge remote-tracking branch 'teor/bug18816_simplify' into maint-0.2.8 2016-05-11 13:20:51 -04:00
Nick Mathewson
022d32252a Merge branch 'maint-0.2.8' 2016-05-11 13:17:02 -04:00
Nick Mathewson
24fbb9a81b Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-11 13:15:17 -04:00
John Brooks
bf3e32a452 Fix out-of-bounds write during voting with duplicate ed25519 keys
In dirserv_compute_performance_thresholds, we allocate arrays based
on the length of 'routers', a list of routerinfo_t, but loop over
the nodelist. The 'routers' list may be shorter when relays were
filtered by routers_make_ed_keys_unique, leading to an out-of-bounds
write on directory authorities.

This bug was originally introduced in 26e89742, but it doesn't look
possible to trigger until routers_make_ed_keys_unique was introduced
in 13a31e72.

Fixes bug 19032; bugfix on tor 0.2.8.2-alpha.
2016-05-11 13:11:03 -04:00
teor (Tim Wilson-Brown)
797ece042d
Confim we want certificates from fallbacks
Comment-only change
2016-05-11 13:08:45 -04:00
teor (Tim Wilson-Brown)
2cbad2aac7
Revert "Switch between fallback and authority when auth cert fetch fails"
This reverts commit 92d7ee08b8.
2016-05-11 13:06:13 -04:00
Roger Dingledine
b8b5bccfd9 refactor the #19003 patches
fix the logic in one of the comments
2016-05-11 13:03:49 -04:00
Nick Mathewson
71267bef4c Merge branch 'maint-0.2.8' 2016-05-11 12:36:55 -04:00
Nick Mathewson
28e1aa1118 Merge branch 'bug18761_028_squashed' into maint-0.2.8 2016-05-11 12:36:27 -04:00
Nick Mathewson
b59d79134e Log find_rp_for_intro_() failures at LOG_PROTOCOL_WARN.
Closes ticket 18761.

Also fix a whitespace issue.
2016-05-11 12:36:19 -04:00
Nick Mathewson
79f9e63ebf Merge branch 'maint-0.2.8' 2016-05-11 12:30:18 -04:00
Nick Mathewson
50d777dcf4 Split directory_handle_command_get into subfunctions.
This was one of our longest functions, at 600 lines.  It makes a nice
table-driven URL-based function instead.

The code is a bit ugly, it leave the indentation as it is in hopes of
making pending directory.c changes easier to merge.  Later we can
clean up the indentation.

Also, remove unused mallinfo export code from directory.c

Closes ticket 16698
2016-05-10 14:19:03 -04:00
teor (Tim Wilson-Brown)
92d7ee08b8
Switch between fallback and authority when auth cert fetch fails 2016-05-10 11:25:55 -04:00
teor (Tim Wilson-Brown)
64b948f5fa
Use the consensus download schedule for authority certificates
Previously, we were using the generic schedule for some downloads,
and the consensus schedule for others.

Resolves ticket 18816; fix on fddb814fe in 0.2.4.13-alpha.
2016-05-10 11:25:50 -04:00
Roger Dingledine
53aaed81dd get rid of another no-longer-used function 2016-05-10 11:16:30 -04:00
Roger Dingledine
be0e1e9e2f Stop being so strict about the payload length of "rendezvous1" cells
We used to be locked in to the "tap" handshake length, and now we can
handle better handshakes like "ntor".

Resolves ticket 18998.

I checked that relay_send_command_from_edge() behaves fine when you
hand it a payload with length 0. Clients behave fine too, since current
clients remain strict about the required length in the rendezvous2 cells.
(Clients will want to become less strict once they have an alternate
format that they're willing to receive.)
2016-05-09 20:34:27 -04:00
Roger Dingledine
aa6341d4b9 stop looping once we know what the answer will be
suggested during code review by dgoulet
2016-05-09 14:42:42 -04:00
Roger Dingledine
1f72653544 fix a bug where relays would use the aggressive client bootstrapping retry number 2016-05-09 14:42:32 -04:00
Roger Dingledine
d5a96286c2 simplify more -- we only call these funcs when bootstrapping 2016-05-09 14:42:21 -04:00
Roger Dingledine
c98fbd4169 remove some more unused code 2016-05-09 14:42:09 -04:00
Roger Dingledine
bcae392e0e avoid another redundant check
we should avoid launching a consensus fetch if we don't want one,
but if we do end up with an extra one, we should let the other checks
take care of it.
2016-05-09 14:41:54 -04:00
Nick Mathewson
33d3572a1d Merge branch 'feature15588_squashed' 2016-05-09 14:41:36 -04:00
Roger Dingledine
e230e80ab3 get rid of the scattered checks to cancel a consensus fetch
We'll back off from the request in connection_ap_handshake_attach_circuit,
or cancel it in connection_dir_close_consensus_fetches, and those are the
only places we need to check.
2016-05-09 14:41:32 -04:00
Roger Dingledine
a7665df2f8 close other consensus fetches when we get a consensus
not once per second, and only do it when a consensus arrives
2016-05-09 14:41:14 -04:00
Roger Dingledine
59da060f10 use the new function here too 2016-05-09 14:40:54 -04:00
Roger Dingledine
91c58013be avoid following through on a consensus fetch if we have one already arriving 2016-05-09 14:40:42 -04:00
Roger Dingledine
ce8266d52d fix typos/etc before i go nuts on #18809 2016-05-09 14:40:21 -04:00
John Brooks
162aa14eef Move rend client name checks to one function 2016-05-09 14:30:34 -04:00
teor (Tim Wilson-Brown)
c2817774c2
Allow directories in small networks to bootstrap
Skip DirPort checks when the consensus has no exits.

Resolves #19003, bugfix on #18050 in 0.2.8.1-alpha.
2016-05-09 14:29:07 -04:00
John Brooks
dcc11674db Add client auth for ADD_ONION services 2016-05-09 14:28:58 -04:00
John Brooks
d15354c73b Add client auth to rend_service_add_ephemeral 2016-05-09 14:28:08 -04:00
John Brooks
d5a23ce115 Move rend auth cookie en-/decoding to a function
Tor stores client authorization cookies in two slightly different forms.
The service's client_keys file has the standard base64-encoded cookie,
including two chars of padding. The hostname file and the client remove
the two padding chars, and store an auth type flag in the unused bits.

The distinction makes no sense. Refactor all decoding to use the same
function, which will accept either form, and use a helper function for
encoding the truncated format.
2016-05-09 14:28:08 -04:00
teor (Tim Wilson-Brown)
0c41ae1832
Add a comment to have_enough_path_info()
Comment only change
2016-05-09 14:26:13 -04:00
John Brooks
e7ff23beea Make rend_authorized_client_free public
This is needed by control.c.

Also, check whether client_name is set before doing memwipe.
2016-05-09 13:53:24 -04:00
John Brooks
896271d525 Use uint8_t for rend descriptor_cookie fields 2016-05-09 13:53:09 -04:00
teor (Tim Wilson-Brown)
c75bf388b5
Warn users when addresses in ports and descriptor are inconsistent
This mitigates bug 13953.
2016-05-07 10:22:02 -07:00
teor (Tim Wilson-Brown)
faec7956a9
Refactor duplicate code in config.c into port_binds_ipv4/6
No behavioural change

Preserves and documents behaviour when passed AF_UNSPEC.
2016-05-07 10:17:46 -07:00
teor (Tim Wilson-Brown)
35217f0f61
Fix two log messages that mistakenly log 0-based hop counts
(torspec says hop counts are 1-based.)

Closes ticket 18982, bugfix on 0275b6876 in tor 0.2.6.2-alpha
and 907db008a in tor 0.2.4.5-alpha.

Credit to Xiaofan Li for reporting this issue.
2016-05-07 21:03:31 +10:00
Nick Mathewson
641cdc345c Merge branch 'maint-0.2.8' 2016-05-05 08:25:27 -04:00
teor (Tim Wilson-Brown)
03fc4cf04c Refactor router_pick_directory_server_impl to use node functions
No behavioural change

This makes the use of the node explicit in the function, rather
than hiding the node lookup in fascist_firewall_allows_rs.
2016-05-05 08:24:17 -04:00
teor (Tim Wilson-Brown)
225448ad34 Comment-only change to clarify routerstatus_t IPv4 byte order 2016-05-05 08:24:17 -04:00
teor (Tim Wilson-Brown)
7ec273bd4a Rename skip_or and skip_dir to avoid confusion
Variable rename only
2016-05-05 08:24:17 -04:00
Nick Mathewson
68d913c49c Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8 2016-05-05 08:16:36 -04:00
teor (Tim Wilson-Brown)
9aa280cc0c Only choose directory DirPorts on relays 2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
88deb52d55 Make clients only select directories with reachable ORPorts
This makes sure clients will only select relays which support
begindir over ORPort.
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
833b5f71a7 Make clients always use begindir for directory requests
This improves client anonymity and avoids directory header tampering.
The extra load on the authorities should be offset by the fallback
directories feature.

This also simplifies the fixes to #18809.
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
2e5b35db81
Make directory node selection more reliable
Delete an unnecessary check for non-preferred IP versions.

Allows clients which can't reach any directories of their
preferred IP address version to get directory documents.

Patch on #17840 in 0.2.8.1-alpha.
2016-05-05 11:54:53 +10:00
Nick Mathewson
2da2718609 Merge branch 'maint-0.2.8' 2016-05-04 15:23:38 -04:00
Nick Mathewson
01e7f42a09 Merge branch 'bug18921_squashed' into maint-0.2.8 2016-05-04 15:23:26 -04:00
teor (Tim Wilson-Brown)
0cf90bac2a Choose the correct address for one-hop connections
After #17840 in 0.2.8.1-alpha, we incorrectly chose an IPv4
address for all DIRIND_ONEHOP directory connections,
even if the routerstatus didn't have an IPv4 address.

This likely affected bridge clients with IPv6 bridges.

Resolves #18921.
2016-05-04 15:23:14 -04:00
Nick Mathewson
e24c902272 Merge branch 'maint-0.2.8' 2016-05-04 14:47:13 -04:00
Nick Mathewson
31332a878d Merge branch 'bug18710_025' into maint-0.2.8 2016-05-04 14:47:04 -04:00
Scott Dial
0ca3f495c6 Fix dnsserv.c assertion when no supported questions are requested.
The problem is that "q" is always set on the first iteration even
if the question is not a supported question. This set of "q" is
not necessary, and will be handled after exiting the loop if there
if a supported q->type was found.

    [Changes file by nickm]

lease enter the commit message for your changes. Lines starting
2016-05-04 14:45:09 -04:00
Nick Mathewson
8340becd39 Merge branch 'maint-0.2.8' 2016-05-02 14:02:15 -04:00
s0rlxmh0
054d939853 (cherry-picked by nickm, with changes file from isis.) 2016-05-02 14:01:36 -04:00
Nick Mathewson
b2083cba9e Merge remote-tracking branch 'dgoulet/bug13239_029_01' 2016-05-02 13:55:00 -04:00
teor (Tim Wilson-Brown)
b6ba6afa37 Refactor DirPort & begindir descriptor checks
No actual behaviour changes
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
211e56ad87 Remove redundant descriptor checks for OR/Dir reachability
The ORPort and DirPort must be reachable, or we won't publish a
descriptor.
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
b51316c0e7 Refactor common code out of reachability checks
No actual changes in behavior
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
d3c60f2bd7 Avoid checking ORPort reachability when the network is disabled
This is consistent with existing DirPort reachability checks.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
75dd2a285b Descriptors depend on more config options now they list begindir support
Bugfix on #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
692828bea5 Decide to advertise begindir support like we decide to advertise DirPort
Decide to advertise begindir support in a similar way to how
we decide to advertise DirPort.

Fix up the associated descriptor-building unit tests.

Resolves #18616, bugfix on 0c8e042c30 in #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
Nick Mathewson
fb9c9e04f0 Merge branch 'maint-0.2.8' 2016-04-26 19:27:39 -04:00
teor (Tim Wilson-Brown)
1fd4340f82 April 2016 fallbacks for 0.2.8-rc 2016-04-26 19:26:22 -04:00
Nick Mathewson
4a44e2d6f1 Merge remote-tracking branch 'yawning-schwanenleid/feature18685' 2016-04-26 13:39:50 -04:00
Nick Mathewson
bff53aabce Remove redundant declarations of MIN
Apparently somewhere along the line we decided that MIN might be
missing.

But we already defined it (if it was missing) in compat.h, which
everybody includes.

Closes ticket 18889.
2016-04-25 15:28:58 -04:00
David Goulet
1e553b6c68 Increase number of preemptive internal circuits
When we connect to a hidden service as a client we may need three internal
circuits, one for the descriptor retrieval, introduction, and rendezvous.
Let's try to make sure we have them. Closes #13239.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-04-19 14:24:20 -04:00
Nick Mathewson
4f37919fa1 Change UseOptimisticData default to 1.
This lets us use optimistic data for downloading our initial
consensus.

Closes ticket 18815.
2016-04-18 13:55:23 -04:00
Nick Mathewson
12e26a6e76 Disambiguate: Avoid defining two static functions called chunk_free_unchecked 2016-04-15 12:20:14 -04:00
Nick Mathewson
0e354ad459 Merge branch 'assert_nonfatal_squashed' 2016-04-14 16:25:21 -04:00
Nick Mathewson
532820b11c Add a BUG macro for usage in if checks. 2016-04-14 16:25:06 -04:00
Nick Mathewson
a885271c08 Add new tor_assert_nonfatal*() macros.
Unlike tor_assert(), these macros don't abort the process.  They're
good for checking conditions we want to warn about, but which don't
warrant a full crash.

This commit also changes the default implementation for
tor_fragile_assert() to tor_assert_nonfatal_unreached_once().

Closes ticket 18613.
2016-04-14 16:24:28 -04:00
Roger Dingledine
525307c0ea fix typos/etc before i go nuts on #18809 2016-04-13 00:06:30 -04:00
Roger Dingledine
0aacc07036 encourage rejected relays to contact us
When the directory authorities refuse a bad relay's descriptor,
encourage the relay operator to contact us. Many relay operators
won't notice this line in their logs, but it's a win if even a
few learn why we don't like what their relay was doing.

Resolves ticket 18760.

I didn't specify a contact mechanism (e.g. an email address), because
every time we've done that in the past, a few years later we noticed
that the code was pointing people to an obsolete contact address.
2016-04-12 19:54:04 -04:00
Nick Mathewson
eafcd7b0fc Merge branch 'maint-0.2.8' 2016-04-12 13:02:37 -04:00
Nick Mathewson
591029253f Merge branch 'bug14334_squashed' 2016-04-07 10:59:55 -04:00
George Kadianakis
d5acb633ae Don't mark guards as unreachable if connection_connect() fails. 2016-04-07 10:59:46 -04:00
David Goulet
40827da3bf Turn TestingClientBootstrap* into non-testing options
This changes simply renames them by removing "Testing" in front of them and
they do not require TestingTorNetwork to be enabled anymore.

Fixes #18481

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-04-07 10:57:59 -04:00
Nick Mathewson
7532cd439b When we get a bad nickname, explain what a good one is.
Closes #18300; patch from "icanhasaccount".
2016-04-07 10:54:53 -04:00
Nick Mathewson
20d39e86af Merge branch 'maint-0.2.8' 2016-04-05 23:18:48 -04:00
Roger Dingledine
d037369e56 quiet debug logs from periodic_event_dispatch()
Stop blasting twelve lines per second from periodic_event_dispatch()
at loglevel debug.

Resolves ticket 18729; fix on 0.2.8.1-alpha.
2016-04-05 23:13:55 -04:00
teor (Tim Wilson-Brown)
5d2b1c784b Clarify comments on connection_t's address fields 2016-04-05 13:45:09 +10:00
Nick Mathewson
705d3b221e Merge branch 'incoming_queue_symbol_fix' 2016-04-01 14:16:49 -04:00
Nick Mathewson
4b3e6c4d43 Merge branch 'maint-0.2.8' 2016-04-01 08:18:03 -04:00
Nick Mathewson
fdb57db581 Merge branch 'bug18133_027' into maint-0.2.8 2016-04-01 08:17:56 -04:00
Nick Mathewson
4093f343ca fix indentation 2016-04-01 08:16:21 -04:00
Nick Mathewson
9e57ffa520 Merge branch 'maint-0.2.8' 2016-04-01 08:15:05 -04:00
Nick Mathewson
e247093e0e Merge remote-tracking branch 'karsten/task-18460-2' into maint-0.2.8 2016-04-01 08:10:58 -04:00
Yawning Angel
a19f4192da Issue a STATUS_SERVER event on meaningful hibernation state changes.
Implements feature #18685.
2016-03-30 20:19:11 +00:00
Nick Mathewson
beba70ec77 Don't declare "incoming_queue" in every file including channel.h
Found with my wacky symbol-usage-enforcer.
2016-03-29 13:55:14 -04:00
Andrea Shepard
0b45cab147 Merge branch 'bug18570_027' into maint-0.2.7 2016-03-29 15:01:36 +00:00
Roger Dingledine
1103d82492 fix typo in comment 2016-03-29 10:56:26 -04:00
Andrea Shepard
1218d731d1 Merge branch 'bug16248_027' into maint-0.2.7 2016-03-29 14:33:45 +00:00
Nick Mathewson
4e76b206b5 Merge remote-tracking branch 'arma/feature18624' 2016-03-29 08:06:21 -04:00
Nick Mathewson
90c24c0ced Merge branch 'maint-0.2.8' 2016-03-28 20:09:22 -04:00
Nick Mathewson
ba87f5bb25 Fix my dumb unreleased bug in 18673 2016-03-28 20:09:09 -04:00
Nick Mathewson
055a7a198a Rename tor_dup_addr to tor_addr_to_str_dup.
Patch from icanhasaccount; closes 18462.
2016-03-28 16:36:51 -04:00
Nick Mathewson
addd181721 Fix memory leak in TestingEnableCellStatsEvent
Only when we were actually flushing the cell stats to a controller
would we free them.  Thus, they could stay in RAM even after the
circuit was freed (eg if we didn't have any controllers).

Fixes bug 18673; bugfix on 0.2.5.1-alpha.
2016-03-28 11:12:15 -04:00
Nick Mathewson
68e663f777 Fix memory leaks that stopped chutney working with asan 2016-03-28 10:24:28 -04:00
Nick Mathewson
9604a5ba91 Fix memory-counting error in rephist.c. Bug 18651. (Now with actual patch) 2016-03-28 07:40:20 -04:00
Nick Mathewson
4895d8288c Do not treat "DOCDOC" as doxygen. 2016-03-26 10:11:45 -04:00
Nick Mathewson
c0568a89d9 Whitespace fixes 2016-03-26 09:54:31 -04:00
Nick Mathewson
dd572dac34 Fix all doxygen warnings (other than missing docs) 2016-03-26 09:53:12 -04:00
teor (Tim Wilson-Brown)
6057fb2f5b Clarify excess consensus connection cleanup by adding comments
Comment-only change
2016-03-26 08:16:33 -04:00
Karsten Loesing
b79d8590c9 Include IPv6 consensus downloads in dirreq stats.
Fixes #18460.
2016-03-25 20:56:29 +01:00
Roger Dingledine
8251fe5150 use a clearer argument for connection_ap_make_link()
that function calls it argument "want_onehop", so it makes more
sense to pass that boolean into it.
2016-03-24 19:57:39 -04:00
Roger Dingledine
98abd49f6f remove the extraneous dir_port variable
we already are using "port" to describe the place we're going to
ask to connect to.
2016-03-24 19:14:32 -04:00
Roger Dingledine
fbd79f38c2 remove a redundant check about whether dirport is 0 2016-03-24 19:14:31 -04:00
Roger Dingledine
f590a303db revert the or_connection and dir_connection flags
They incorrectly summarized what the function was planning to do,
leading to wrong behavior like making an http request to an orport,
or making a begindir request to a dirport.

This change backs out some of the changes made in commit e72cbf7a, and
most of the changes made in commit ba6509e9.

This patch resolves bug 18625. There more changes I want to make
after this one, for code clarity.
2016-03-24 19:14:21 -04:00
Roger Dingledine
c4208ef65f dir auths only give Guard if they're giving Stable
This change allows us to simplify path selection for clients, and it
should have minimal effect in practice since >99% of Guards already have
the Stable flag. Implements ticket 18624.
2016-03-24 15:00:01 -04:00
David Goulet
ba6509e9e1 Fix broken directory request to the DirPort
Commit e72cbf7a4 introduced a change to directory_initiate_command_rend()
that made tor use the ORPort when making a directory request to the DirPort.
The primary consequence was that a relay couldn't selftest its DirPort thus
failing to work and join the network properly.

The main issue was we were always considering an anonymized connection to be
an OR connection which is not true.

Fixes #18623

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-03-24 13:57:53 -04:00
Nick Mathewson
424af93ded Merge branch 'bug18517_squashed' 2016-03-24 10:14:05 -04:00
teor (Tim Wilson-Brown)
f2153f9716 Always allow OR connections to bridges on private addresses
Regardless of the setting of ExtendAllowPrivateAddresses.

This fixes a bug with pluggable transports that ignore the
(potentially private) address in their bridge line.

Fixes bug 18517; bugfix on 23b088907f in tor-0.2.8.1-alpha.
2016-03-24 10:13:58 -04:00
Nick Mathewson
54559e5845 Merge remote-tracking branch 'teor/bug18351' 2016-03-24 09:33:58 -04:00
Nick Mathewson
ea9472d085 Merge remote-tracking branch 'teor/bug18489' 2016-03-24 09:01:28 -04:00
teor (Tim Wilson-Brown)
b1569e39c8 Check if fallbacks support extrainfo descriptors before requesting them
When requesting extrainfo descriptors from a trusted directory
server, check whether it is an authority or a fallback directory
which supports extrainfo descriptors.

Fixes bug 18489; bugfix on 90f6071d8d in tor-0.2.4.7-alpha.

Reported by "atagar", patch by "teor".
2016-03-24 22:03:58 +11:00
teor (Tim Wilson-Brown)
eb5a262a15 Code indentation whitespace-only fix 2016-03-24 21:56:37 +11:00
teor (Tim Wilson-Brown)
355f78364a Clarify ReachableAddress log messages
Make it clearer that they are about outgoing connection attempts.
Specify the options involved where they were missing from one log
message.
Clarify a comment.
2016-03-24 20:59:49 +11:00
teor (Tim Wilson-Brown)
f2a344e397 Downgrade IP version warnings to avoid filling logs
Downgrade logs and backtraces about IP versions to
info-level. Only log backtraces once each time tor runs.

Assists in diagnosing bug 18351; bugfix on c3cc8e16e in
tor-0.2.8.1-alpha.

Reported by "sysrqb" and "Christian", patch by "teor".
2016-03-24 10:39:23 +11:00
Nick Mathewson
ca8423a703 Merge remote-tracking branch 'public/bug18253' 2016-03-22 10:08:50 -04:00
Roger Dingledine
580e549f75 remove extraneous breaks
commit edeba3d4 removed a switch, but left the "break" lines in
from that switch. fortunately the resulting behavior was not wrong,
since there was an outer switch that it was ok to break from.
2016-03-21 17:11:18 -04:00
Roger Dingledine
4861e24552 fix indentation after #18332 patches
no actual changes here -- but the new indenting makes it clear
that the fixes in #18332 were not as good as they should have been.
the next commit will deal with that.
2016-03-21 17:08:02 -04:00
Nick Mathewson
6a91cab79c Merge branch 'maint-0.2.7' 2016-03-21 13:26:04 -04:00
Nick Mathewson
2f2fba8a91 Use nth consistently in dircollate.h.
Documentation-only patch. Issue 17668.T6.
2016-03-21 13:24:09 -04:00
Nick Mathewson
b24f15a9a1 In routers_make_ed_keys_unique, break ties for published_on
This ensures that if we can't use published_on to decide an ed,rsa
mapping, we at least decide deterministically.

Resolves 17668.T3
2016-03-21 13:24:09 -04:00
Nick Mathewson
beef6ed451 Assert that dircollator is collated when we're reading its output.
Fix for 17668.S2.
2016-03-21 13:24:09 -04:00
Nick Mathewson
48f8229504 After we strip out duplicate entries from 'routers', don't use 'rl'.
We've got to make sure that every single subsequent calculation in
dirserv_generate_networkstatus_vote_obj() are based on the list of
routerinfo_t *after* we've removed possible duplicates, not before.
Fortunately, none of the functions that were taking a routerlist_t
as an argument were actually using any fields other than this list
of routers.

Resolves issue 18318.DG3.
2016-03-21 13:24:09 -04:00
Nick Mathewson
fa07c60c67 Fix another case of 17668: Add NoEdConsensus
I had a half-built mechanism to track, during the voting process,
whether the Ed25519 value (or lack thereof) reflected a true
consensus among the authorities.  But we never actually inserted this
field in the consensus.

The key idea here is that we first attempt to match up votes by pairs
of <Ed,RSA>, where <Ed> can be NULL if we're told that there is no
Ed key.  If this succeeds, then we can treat all those votes as 'a
consensus for Ed'.  And we can include all other votes with a
matching RSA key and no statement about Ed keys as being "also about
the same relay."

After that, we look for RSA keys we haven't actually found an entry
for yet, and see if there are enough votes for them, NOT considering
Ed keys.  If there are, we match them as before, but we treat them
as "not a consensus about ed".

When we include an entry in a consensus, if it does not reflect a
consensus about ed keys, then we include a new NoEdConsensus flag on
it.

This is all only for consensus method 22 or later.

Also see corresponding dir-spec patch.
2016-03-21 13:24:09 -04:00
Nick Mathewson
60ca3f358f Document has_ed25519_listing 2016-03-21 13:23:32 -04:00
Nick Mathewson
13a31e72db Never vote for an ed key twice.
When generating a vote, and we have two routerinfos with the same ed
key, omit the one published earlier.

This was supposed to have been solved by key pinning, but when I
made key pinning optional, I didn't realize that this would jump up
and bite us.  It is part of bug 18318, and the root cause of 17668.
2016-03-21 13:23:32 -04:00
Nick Mathewson
c20e34e189 Fix log message subjects in networkstatus_parse_vote_from_string()
Some of these messages called the thing being parsed a "vote" whether
it is a vote or a consensus.

Fixes bug 18368.
2016-03-21 13:23:32 -04:00
Nick Mathewson
6182e34628 Document dircollate.c (and remove an unused global) 2016-03-21 13:23:32 -04:00
Nick Mathewson
233180a9ab Merge remote-tracking branch 'public/bug18548' 2016-03-21 12:36:41 -04:00
Nick Mathewson
005a20ec85 Log a better message when OfflineMasterKey is set.
Fixes bug 18133; bugfix on 0.2.7.2-alpha.
2016-03-21 11:57:23 -04:00
Nick Mathewson
ddd30f966a Merge remote-tracking branch 'arma/ticket18332-try3' 2016-03-21 10:41:23 -04:00
Nick Mathewson
13eb120bea Merge remote-tracking branch 'special/bug18600' 2016-03-21 10:32:39 -04:00
Nick Mathewson
cb3f9bc2d4 Merge branch 'bug18570_027' 2016-03-21 10:20:16 -04:00
Andrea Shepard
bd87d37a86 Make sure channel_t queues its own copy of incoming cells 2016-03-21 10:14:47 -04:00
John Brooks
2c057c2833 Scrub service name in introduction circuit warning
Fixes bug 18600.
2016-03-21 19:23:28 +07:00
Roger Dingledine
e28448a23e Bridges now refuse "rendezvous2" publish attempts
Suggested during review of ticket 18332.
2016-03-16 16:46:14 -04:00
Nick Mathewson
368825ff45 Sandbox: Don't preseed getaddrinfo(gethostname()) in client mode.
If we're a server with no address configured, resolve_my_hostname
will need this.  But not otherwise.  And the preseeding itself can
consume a few seconds if like tails we have no resolvers.

Fixes bug 18548.
2016-03-15 11:19:59 -04:00
Nick Mathewson
b48f8a8114 Fix whitespace. 2016-03-15 09:21:29 -04:00
Nick Mathewson
c9899ee640 Merge remote-tracking branch 'weasel/bug18458' 2016-03-15 09:18:24 -04:00
Peter Palfrader
d8626d34e5 Fix log message: say RelaxDirModeCheck instead of StrictDirModes 2016-03-14 20:27:53 +01:00
Nick Mathewson
dd7c999617 Make unix sockets work with the linux seccomp2 sandbox again
I didn't want to grant blanket permissions for chmod() and chown(),
so here's what I had to do:
   * Grant open() on all parent directories of a unix socket
   * Write code to allow chmod() and chown() on a given file only.
   * Grant chmod() and chown() on the unix socket.
2016-03-14 14:07:02 -04:00
Nick Mathewson
0cdeac77e0 Don't chmod/chown unix sockets if their permissions are already ok
This is a part of a fix for 18253; bugfix on 0.2.8.1-alpha.

Alternatively, we could permit chmod/chown in the sandbox, but I
really don't like giving the sandbox permission to alter
permissions.
2016-03-14 13:40:44 -04:00
Nick Mathewson
a64be7eaa9 Merge remote-tracking branch 'public/bug16248_027' 2016-03-14 12:53:57 -04:00
Nick Mathewson
307b863556 Add comments to connection_check_event(). 2016-03-14 12:53:21 -04:00
David Goulet
d8b93b31a0 hs: Do not close desc fetch conn. if we can't pick an HSDir
Launching 7 descriptor fetches makes a connection to each HSDir that is 6
and the seventh one fails to pick an HSDir because they are all being used
already so it was killing all pending connections at once.

Fixes #15937

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-03-14 11:00:46 -04:00
Nick Mathewson
a86f78a9f2 Merge remote-tracking branch 'teor/bug17153' 2016-03-11 11:23:58 -05:00
Nick Mathewson
fe0d346a6d Merge remote-tracking branch 'teor/bug8976_01_028' 2016-03-11 11:11:38 -05:00
Nick Mathewson
91d7cf50c6 Change behavior on missing/present event to warn instead of asserting.
Add a changes file.
2016-03-11 10:50:36 -05:00
Roger Dingledine
edeba3d472 simplify rend_cache_store_status_t back to a boolean
it used to be a tri-state, but now it's just a bi-state, so we can
take out all the machinery like the enum.
2016-03-11 10:49:57 -05:00
Roger Dingledine
dc500c8cb4 rip out rend_id_is_in_interval()
it was used by hid_serv_responsible_for_desc_id(), which we no
longer use.
2016-03-11 10:46:21 -05:00
Roger Dingledine
5390296338 rip out hid_serv_acting_as_directory()
When we made HidServDirectoryV2 always 1, we removed the situation
where a relay could choose not to be an HSDir. Now simplify the
rest of the code to reflect this decision.

(We have to remove two apparently unrelated free() calls in the unit
tests, since they used to free stuff that we created as a side effect
of calling router_get_my_routerinfo(), and now we no longer call that.)
2016-03-11 10:45:03 -05:00
Roger Dingledine
e167910fce rip out hid_serv_responsible_for_desc_id()
This simplifies relay behavior, because the relay offers the hsdir
functionality independent of whether the directory authorities have
decided this relay is suitable for clients to use yet.

Implements ticket 18332.
2016-03-11 10:40:31 -05:00
Nick Mathewson
e79da62645 If we start/stop reading on a dnsserv connection, don't assert.
Fixes bug 16248. Patch from cypherpunks.  Bugfix on 0.2.0.1-alpha.
2016-03-11 10:33:19 -05:00
Nick Mathewson
ef31c8862f Add changes file for 18448; refactor
(I've made it so FreeBSD || FreeBSD_kernel is enough to ensure that
we think you might have ipfw, and so that the logic is all in one
place.)
2016-03-11 10:05:28 -05:00
Steven Chamberlain
db263442af enable and test transproxy on FreeBSD derivatives #18448
The transproxy feature is only enabled when __FreeBSD__ is defined, and
only regular FreeBSD does that.  Change this to __FreeBSD_kernel__ which
is defined on derivatives as well.

This enables the relevant options/validate__transproxy test on FreeBSD
derivatives.
2016-03-11 10:01:25 -05:00
Hassan Alsibyani
b1917a0614 moving hid_serv_get_responsible_directories and hid_serv_acting_as_directory from routerlist.c to rendcommon.c 2016-03-11 09:15:48 -05:00
teor (Tim Wilson-Brown)
b0ca80c23f Reject multicast rendezvous point addresses
Unless ExtendAllowPrivateAddresses is 1.
2016-03-04 18:21:13 +01:00
teor (Tim Wilson-Brown)
10330c1234 Remove an extraneous space in a log message 2016-03-01 19:08:02 +01:00
Peter Palfrader
1ef7df551d First RelaxDirModeCheck implementation 2016-03-01 17:08:14 +01:00
teor (Tim Wilson-Brown)
2120e14009 Allow internal IPv6 addresses in descriptors in private networks 2016-03-01 16:48:16 +01:00
Nick Mathewson
69fc025e95 Merge remote-tracking branch 'teor/fallbacks-201602-v2' 2016-02-28 15:51:22 +01:00
Nick Mathewson
88ad2f5fb2 Merge remote-tracking branch 'teor/bug18123' 2016-02-28 15:40:35 +01:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00
Nick Mathewson
fe6ca826df Make sure that every module in src/or has a brief description. 2016-02-27 18:08:24 +01:00
teor (Tim Wilson-Brown)
e2202146d1 Update default fallback directories for 0.2.8.2-alpha (Feb 2016)
Allow fallback directories which have been stable for 7 days
to work around #18050, which causes relays to submit descriptors
with 0 DirPorts when restarted. (Particularly during Tor version
upgrades.)

Ignore low fallback directory count in alpha builds.
Set the target count to 50.
2016-02-27 10:04:00 +01:00
teor (Tim Wilson-Brown)
8e103cb2d0 Set EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing attack 2016-02-26 10:53:57 +01:00
Nick Mathewson
7a782820e9 Make the sandbox work again with chutney.
Previously, we had a problem due to the check_private_dir() rewrite.

Bug not in any released Tor.
2016-02-24 16:01:24 -05:00
Nick Mathewson
73c433a48a Remove the freelist from memarea.c
This is in accordance with our usual policy against freelists,
now that working allocators are everywhere.

It should also make memarea.c's coverage higher.

I also doubt that this code ever helped performance.
2016-02-24 14:32:09 -05:00
Nick Mathewson
94c8f3605f Replace two instances of N_DIGEST_ALGORITHMS.
These should have been N_COMMON_DIGEST_ALGORITHMS.

Fixes bug 18380; bug not in any released Tor.
2016-02-23 12:42:10 -05:00
Nick Mathewson
d3af4f4e43 Merge remote-tracking branch 'arma/bug16825' 2016-02-23 10:45:39 -05:00
Nick Mathewson
e88686cb2c Merge remote-tracking branch 'teor/bug18348-v2' 2016-02-23 07:36:56 -05:00
Nick Mathewson
882e0fbd76 Merge branch 'bug17795' 2016-02-23 07:25:12 -05:00
Andrea Shepard
cda2381789 Appease make check-spaces 2016-02-23 05:07:29 +00:00
Nick Mathewson
bb431ad3df Add a missing free in parsing an :auto port
Fixes bug 18374; bugfix on 0.2.3.3-alpha.
2016-02-22 15:51:43 -05:00
Nick Mathewson
2240aa1269 Merge branch 'bug16023_028_01_squashed' 2016-02-22 13:17:58 -05:00
Nick Mathewson
60efce445b Enable ed25519 collator in voting.
Previously, I had left in some debugging code with /*XXX*/ after it,
which nobody noticed.  Live and learn!  Next time I will use /*XXX
DO NOT COMMIT*/ or something.

We need to define a new consensus method for this; consensus method
21 shouldn't actually be used.

Fixes bug 17702; bugfix on 0.2.7.2-alpha.
2016-02-22 10:07:42 -05:00
Roger Dingledine
e3eaee1d2c avoid redundant bootstrap events if the number of descs we just fetched is 0 2016-02-22 03:02:01 -05:00
Roger Dingledine
56c5e282a7 avoid extra LOG_NOTICE for every new microdesc batch
We already write out bootstrapping progress (see bug 9927) per new
microdesc batch. There's no need to do a full "I learned some more
directory information, but not enough to..." line each time too.
2016-02-22 02:55:42 -05:00
Roger Dingledine
43193ec888 refactor directory_info_has_arrived so we can quiet the logs
no actual behavior changes
2016-02-22 02:54:32 -05:00
Roger Dingledine
c6952f65ef new microdescs mean progress towards bootstrapping
Now, when a user who has set EntryNodes finishes bootstrapping, Tor
automatically repopulates the guard set based on this new directory
information. Fixes bug 16825; bugfix on 0.2.3.1-alpha.
2016-02-22 02:47:57 -05:00
Roger Dingledine
a9993a92fb fix two typos in comments 2016-02-22 02:34:50 -05:00
teor (Tim Wilson-Brown)
be16c16bda Downgrade directory preference warning to info level 2016-02-20 23:42:08 +11:00
teor (Tim Wilson-Brown)
c281c03654 If both IPv4 and IPv6 addresses could be used, choose one correctly
If there is a node, use node_ipv6_or/dir_preferred().
If there is no node, use fascist_firewall_prefer_ipv6_or/dirport().
2016-02-20 23:40:37 +11:00
teor (Tim Wilson-Brown)
4afb107278 Refactor IPV6_OR_LOOKUP into fascist_firewall_choose_address_rs
It's only used once now, so having it as a macro is unhelpful.
2016-02-20 23:30:23 +11:00
teor (Tim Wilson-Brown)
a4853f1bc1 Make some fascist_firewall_choose_address* functions static 2016-02-20 23:30:17 +11:00
teor (Tim Wilson-Brown)
a4eddfff66 Refactor fascist_firewall_allows_address without changing behaviour 2016-02-20 20:01:51 +11:00
teor (Tim Wilson-Brown)
25543387ed Ensure relays must use IPv4, and can use IPv6
A mistake in previous refactoring had relays using IPv4 and IPv6.
2016-02-20 19:28:51 +11:00
David Goulet
13a8571834 Add onion address to the HS_DESC UPLOADED event
Fixes #16023

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-02-17 15:30:46 -05:00
Nick Mathewson
5494938467 Set or_ap/dir_ap.port on the invalid addr case. Bug in no released Tor. CID 1353178 and 1353179. 2016-02-16 12:58:02 -05:00
Nick Mathewson
1f679d4ae1 Fix all doxygen warnings other than "X is not documented" 2016-02-11 22:06:44 -05:00
Nick Mathewson
838d4dee12 make check-spaces 2016-02-11 12:50:55 -05:00
Nick Mathewson
ba2be81fc3 Merge remote-tracking branch 'teor/feature17840-v11-merged-v2' 2016-02-11 12:20:20 -05:00
Nick Mathewson
cae59b913f Rename circuit_about_to_free_{terminal -> atexit} 2016-02-11 12:15:12 -05:00
Nick Mathewson
7f9ac4957c Split a long line 2016-02-11 12:13:02 -05:00
Nick Mathewson
bc7a5eeeda Merge remote-tracking branch 'weasel/bug18261' 2016-02-11 12:12:02 -05:00
Nick Mathewson
c0a6c34652 Merge remote-tracking branch 'teor/bug18208' 2016-02-10 16:32:05 -05:00
Nick Mathewson
162d2022e1 Merge branch 'bug17682_squashed' 2016-02-10 15:50:28 -05:00
Nick Mathewson
601b41084a Bulletproof the safe_timer_diff function
Originally it can overflow in some weird cases.  Now it should no longer
be able to do so.

Additionally, limit main's timers to 30 days rather than to 38 years;
we don't actually want any 38-year timers.

Closes bug 17682.
2016-02-10 15:49:11 -05:00
Nick Mathewson
a8d6989589 Whitespace fixes 2016-02-10 15:35:46 -05:00
Nick Mathewson
8a4bba06d2 Rename crypto_digest_all, and digests_t.
They are no longer "all" digests, but only the "common" digests.

Part of 17795.

This is an automated patch I made with a couple of perl one-liners:

  perl -i -pe 's/crypto_digest_all/crypto_common_digests/g;' src/*/*.[ch]
  perl -i -pe 's/\bdigests_t\b/common_digests_t/g;' src/*/*.[ch]
2016-02-10 15:28:19 -05:00
Andrea Shepard
ae0f858602 Properly detach circuits from cmuxes when calling circuit_free_all() on shutdown again 2016-02-10 05:35:03 +00:00
Andrea Shepard
3014bfb61b Appease make check-spaces 2016-02-10 02:20:59 +00:00
Nick Mathewson
92048a1b43 Add missing consts; my fault. 2016-02-08 08:34:18 -05:00
Nick Mathewson
9f6589d65a Merge branch 'decorated_ipv6_directory_send_command_squashed' 2016-02-08 08:33:28 -05:00
Malek
061586e36c decorated ipv6 address for directory send command 2016-02-08 08:33:18 -05:00
Nick Mathewson
d004f06830 fix wide lines, use more locals. 2016-02-08 08:31:31 -05:00
Harini Kannan
c30be5a82d Using router_get_my_routerinfo() 2016-02-07 16:07:35 -05:00
Peter Palfrader
42e131e9ac Fix a segfault during startup
If unix socket was configured as listener (such as a ControlSocket or a
SocksPort unix socket), and tor was started as root but not configured
to switch to another user, tor would segfault while trying to string
compare a NULL value.  Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch
by weasel.
2016-02-06 22:17:02 +01:00
Nick Mathewson
b645e2f2b0 Merge remote-tracking branch 'alec/dead_code_removal' 2016-02-06 15:08:49 -05:00
Alec Heifetz
6852868b4a Removed dead code in main.c 2016-02-06 14:41:31 -05:00
Hassan Alsibyani
edd93f9de8 changing output of crypto_cipher_crypt_inplace from int to void 2016-02-06 12:14:39 -05:00
teor (Tim Wilson-Brown)
c213f277cd Make bridge clients prefer the configured bridge address
When ClientPreferIPv6ORPort is auto, bridges prefer the configured
bridge ORPort address. Otherwise, they use the value of the option.
Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto.

When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
2016-02-03 23:56:19 +11:00
teor (Tim Wilson-Brown)
92b1c3b604 Update ExitPolicy when interface addresses change
Tor exit relays reject local interface addresses in their exit policy.

Make sure those policies are updated when interface addresses change.
2016-02-02 15:05:59 +11:00
teor (Tim Wilson-Brown)
c4cb4706c9 Merge branch 'feature17840-v11-squashed' into feature17840-v11-merged
Conflicts:
	src/or/directory.c
	src/test/test_routerlist.c

Fix minor conflicts.
2016-01-29 07:37:06 +11:00
teor (Tim Wilson-Brown)
73fc67bc89 Tor2Web: tell extend_info_from_node intro point connections are direct 2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
1401117ff2 Return NULL from extend_info_from_node if the node has no allowed address
Modify callers to correctly handle these new NULL returns:
* fix assert in onion_extend_cpath
* warn and discard circuit in circuit_get_open_circ_or_launch
* warn, discard circuit, and tell controller in handle_control_extendcircuit
2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
77a9de0d48 Automatically use IPv6 when ClientUseIPv4 is 0
Consequential changes to log messages:
  * it's no longer possible to disable both IPv4 and IPv6,
  * refactor common string out of remaining log messages
2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
3a00215c35 Minor whitespace-only fix 2016-01-29 07:16:05 +11:00
teor (Tim Wilson-Brown)
4db5a35e66 Consistently format addresses in node_get_address_string
Also, don't write to a buffer with length zero.
2016-01-29 07:16:05 +11:00
teor (Tim Wilson-Brown)
772577b547 Optimise reachability checks when iterating through relay lists
Skip address checks on servers.

Skip allowed-only address checks on non-bridge clients with IPv4.
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
e991d642ec Add firewall_is_fascist_dir()
Refactor common parts of firewall_is_fascist_or().
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
3b8216f215 Use fascist firewall and ClientUseIPv4 for bridge clients
Bridge clients ignore ClientUseIPv6, acting as if it is always 1.
This preserves existing behaviour.

Make ClientPreferIPv6OR/DirPort auto by default:
 * Bridge clients prefer IPv6 by default.
 * Other clients prefer IPv4 by default.
This preserves existing behaviour.
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
4528f89316 Make entry_guard_set_status consistent with entry_is_live
Check fascist_firewall_allows_node in entry_guard_set_status and
return the same message as entry_is_live.
2016-01-29 07:15:53 +11:00
teor (Tim Wilson-Brown)
1648666203 Choose bridge addresses by IPv4/IPv6 preferences 2016-01-29 07:15:53 +11:00
teor (Tim Wilson-Brown)
c3cc8e16e9 Log when IPv4/IPv6 restrictions or preferences weren't met 2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
e72cbf7a4e Choose directory servers by IPv4/IPv6 preferences
Add unit tests, refactor pick_directory functions.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
268608c0a0 Choose OR Entry Guards using IPv4/IPv6 preferences
Update unit tests.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
2d33d192fc Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections.
ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections.

Refactor policy for IPv4/IPv6 preferences.

Fix a bug where node->ipv6_preferred could become stale if
ClientPreferIPv6ORPort was changed after the consensus was loaded.

Update documentation, existing code, add unit tests.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
4460feaf28 Fix *_get_all_orports to use ipv6_orport
node_get_all_orports and router_get_all_orports incorrectly used or_port
with IPv6 addresses. They now use ipv6_orport.

Also refactor and remove duplicated code.
2016-01-29 07:13:56 +11:00
Nick Mathewson
39a86185c8 Correct further grammatical errors in tor comments
Avoid using a pronoun where it makes comments unclear.
Avoid using gender for things that don't have it.
Avoid assigning gender to people unnecessarily.
2016-01-27 08:51:28 -05:00
Nick Mathewson
42dea56363 Merge remote-tracking branch 'teor/bug18145' 2016-01-26 10:01:34 -05:00
teor (Tim Wilson-Brown)
4339fa5609 Replace "Alice" with "the client" in a hidden service log message 2016-01-26 13:49:16 +11:00
teor (Tim Wilson-Brown)
fb939ed82e Replace Alice/Bob with client/service in hidden service comments 2016-01-26 13:48:31 +11:00
teor (Tim Wilson-Brown)
7a4b4f0c3a Correct grammatical errors in tor log messages
Avoid using gender for things that don't have it.
2016-01-26 13:47:23 +11:00
teor (Tim Wilson-Brown)
c927b6cb1a Correct grammatical errors in tor comments
Avoid using gender for things that don't have it.

Avoid assigning a gender to tor users.
2016-01-26 13:46:54 +11:00
Nick Mathewson
0010b8064e Fix redundant-declaration warning 2016-01-22 09:53:42 -05:00
Nick Mathewson
cbed61d128 Merge remote-tracking branch 'twstrike/parse_port_config_tests' 2016-01-21 12:15:39 -05:00
Nick Mathewson
7b6d7aae09 Merge branch 'fallbacks-0281-squashed' 2016-01-18 20:16:05 -05:00
teor (Tim Wilson-Brown)
ab3c86479a Add default fallback directories for the 0.2.8 alpha releases
Allow fallback directories which have been stable for 30 days
to work around #18050, which causes relays to submit descriptors
with 0 DirPorts when restarted. (Particularly during Tor version
upgrades.)

Ignore low fallback directory count in alpha builds.
2016-01-18 20:15:59 -05:00
Nick Mathewson
0ace22ef6d Merge remote-tracking branch 'origin/maint-0.2.7' 2016-01-18 19:52:34 -05:00
Nick Mathewson
83dfcfbc4a Merge remote-tracking branch 'teor/bug18050' into maint-0.2.7 2016-01-18 19:51:57 -05:00
teor (Tim Wilson-Brown)
6094a886cf Check ORPort and DirPort reachability before publishing a relay descriptor
Otherwise, relays publish a descriptor with DirPort 0 when the DirPort
reachability test takes longer than the ORPort reachability test.

Closes bug #18050. Reported by "starlight", patch by "teor".
Bugfix on 0.1.0.1-rc, commit a1f1fa6ab on 27 Feb 2005.
2016-01-18 14:00:29 +11:00
Nick Mathewson
537214d10e Merge remote-tracking branch 'twstrike/directory-tests' 2016-01-15 11:08:22 -05:00
Fergus Dall
d748c193e1 Include square brackets and port number in calcs for max_dl_per_request 2016-01-13 18:05:52 +10:30
Fergus Dall
91077d3aca Update the limits in max_dl_per_request for IPv6 address length 2016-01-13 06:57:24 +10:30
Nick Mathewson
3074b8365f Add another safe_str_client to fix bug 17419 2016-01-12 10:42:01 -05:00
Nick Mathewson
95f5910810 Merge branch 'unixninja_ticket15989_squashed' 2016-01-08 15:52:22 -08:00
unixninja92
4f0e28977d Added AccountRule in and AccountingRule out options 2016-01-08 15:52:10 -08:00
cypherpunks
4c10a9c445 Simplify micro-revision dependency rules
The Automake variable OBJEXT is automatically adjusted to the correct
object file extension for the target platform.
2016-01-08 13:27:36 -08:00
Nick Mathewson
8d6aafbb4a Merge remote-tracking branch 'teor/comments-20151213' 2016-01-07 12:50:10 -08:00
Nick Mathewson
77bc95cb5e Merge remote-tracking branch 'public/17826_redux' 2016-01-07 09:52:09 -08:00
Nick Mathewson
55232e32c7 Merge branch 'maint-0.2.7' 2016-01-07 09:43:24 -08:00
Nick Mathewson
b34c5c6b8a Merge branch 'maint-0.2.6' into maint-0.2.7
Conflicts:
	src/or/config.c
2016-01-07 09:43:12 -08:00
Nick Mathewson
c7b0cd9c2f Merge branch 'maint-0.2.5' into maint-0.2.6 2016-01-07 09:41:36 -08:00
Nick Mathewson
9ca329581a Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2016-01-07 09:40:23 -08:00
teor (Tim Wilson-Brown)
11f63d26ac Update dannenberg's V3 authority identity fingerprint
This new identity key was changed on 18 November 2015.
2016-01-07 09:39:04 -08:00
George Tankersley
3bc45f2628 Add FallbackDir list to GETINFO config/defaults 2016-01-06 11:22:30 -08:00
teor (Tim Wilson-Brown)
ce5406b71a Fix a comment typo in main.c 2016-01-03 17:34:42 +11:00
teor (Tim Wilson-Brown)
3a24364a69 Fix typos in microdesc_t and node_t comments 2016-01-03 17:34:42 +11:00
Nick Mathewson
263f6d11fd Mark all object files built based on micro-revision.i as depending on it
Fixes make -j for some users; fixes bug 17826.

Bugfix on 0.2.5.1, when we started building testing versions of all
the object files.
2015-12-26 13:43:13 -05:00
Nick Mathewson
45f5e59751 Remove extra quotes from log message
Bug 17843; fix on ddc65e2b
2015-12-22 10:31:26 -05:00
Nick Mathewson
f2a5df252f whoops; really fix the 32-bit builds 2015-12-21 13:10:10 -05:00
Nick Mathewson
8ede8d411a Fix a couple of jenkins issues from 12538. 2015-12-21 12:32:20 -05:00
Nick Mathewson
62f97545e4 Merge remote-tracking branch 'public/bug12538_merged' 2015-12-21 07:30:32 -05:00
Nick Mathewson
7b0cbf22c0 Merge remote-tracking branch 'yawning/feature17783_take2' 2015-12-20 14:10:52 -05:00
Yawning Angel
687f9b3bd7 Add the SHA-3 hash functions to common/crypto.h.
* DIGEST_SHA3_[256,512] added as supported algorithms, which do
   exactly what is said on the tin.
 * test/bench now benchmarks all of the supported digest algorithms,
   so it's possible to see just how slow SHA-3 is, though the message
   sizes could probably use tweaking since this is very dependent on
   the message size vs the SHA-3 rate.
2015-12-19 22:44:05 +00:00
Nick Mathewson
c4fb7ad034 Merge branch 'feature12538_028_01_squashed' 2015-12-18 13:16:49 -05:00
David Goulet
ea6f88478c Use dir_server_mode() in find_dl_schedule()
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-12-18 13:14:10 -05:00
Nick Mathewson
0c8e042c30 Restore semantics of advertise vs serve on directory cacheing
When we are low on accounted bandwidth, we stop advertising that
we're a directory, but we will continue to answer directory
requests, just as before.
2015-12-18 13:14:10 -05:00
Nick Mathewson
54406f78b8 Change dataflow on generating 'dir-cache' flag.
Convention is that router_dump_router_to_string() should look at its
input "router", which should be generated by
router_build_fresh_descirptor().
2015-12-18 13:14:10 -05:00
Matthew Finkel
21654ca7bd Let make_consensus_method_list be used in tests 2015-12-18 13:14:10 -05:00
Matthew Finkel
fb80a748ea A router must be a dir cache before it may be HSDir
Fixes #15801
2015-12-18 13:14:09 -05:00
Matthew Finkel
3007de8efc {dis,en}abling DirCache is a semantic change 2015-12-18 13:14:09 -05:00
Matthew Finkel
d49ad438a8 Rebuild descriptor when DirCache is {dis,en}abled 2015-12-18 13:14:09 -05:00
Matthew Finkel
997f779a7f Add new DirCache configuration option
This will give relay operators the ability of disabling the caching of
directory data. In general, this should not be necessary, but on some
lower-resource systems it may beneficial.
2015-12-18 13:14:09 -05:00
Matthew Finkel
e0bd6cdef2 Add unit test for router_pick_directory_server_impl 2015-12-18 13:14:09 -05:00
Matthew Finkel
0a7d22a664 Client should check if dir server has open dir port or handles tunnelled requests
Final piece of prop 237. Closes 12538.
2015-12-18 13:14:09 -05:00
Nick Mathewson
4604b3ab19 Fix a null-pointer deref when writing geoip stats
Found by coverity; CID 1327892.
2015-12-18 10:00:44 -05:00
Nick Mathewson
f96d191cf3 Merge branch '17752_again' 2015-12-17 16:31:56 -05:00
Nick Mathewson
8585cc57f8 Merge branch 'maint-0.2.7' 2015-12-17 14:57:16 -05:00
Nick Mathewson
2cbaf39af4 Add some more ed25519 key files to the seccomp sandbox list
Fixes bug 17675; bugfix on 0.2.7.3-alpha.
2015-12-17 14:56:24 -05:00
Nick Mathewson
f1be33fc00 Another try at fixing 17752
I believe that the final SMARTLIST_DEL_CURRENT was sometimes
double-removing items that had already been removed by
connection_mark_unattached_ap or
connection_ap_handshake_attach_circuit().

The fix here is to prevent iteration over the list that other
functions might be modifying.
2015-12-17 12:30:13 -05:00
cypherpunks
9d5e47d2d7 Add missing parentheses 2015-12-17 08:34:27 -05:00
cypherpunks
fd399ec850 Remove Windows specific data type usage
The Tor code base already contains usage of setsockopt(2) with an int as
their option value without problems.
2015-12-17 08:34:27 -05:00
cypherpunks
2d2312d989 Conform to the type signature of setsockopt(2)
According to the POSIX standard the option value is a pointer to void
and the option length a socklen_t. The Windows implementation makes the
option value be a pointer to character and the option length an int.

Casting the option value to a pointer to void conforms to the POSIX
standard while the implicit cast to a pointer to character conforms to
the Windows implementation.

The casts of the option length to the socklen_t data type conforms to
the POSIX standard. The socklen_t data type is actually an alias of an
int so it also conforms to the Windows implementation.
2015-12-17 08:34:27 -05:00
Nick Mathewson
b9714e1366 Merge remote-tracking branch 'teor/fix-multi-dir' 2015-12-16 20:04:49 -05:00
teor (Tim Wilson-Brown)
1b70497948 Prop210: Fix directory fetch tests
Check that directory fetches behave as expected under Prop 210.
2015-12-17 11:40:49 +11:00
teor (Tim Wilson-Brown)
e7e61ec7ec Prop210: Check fallback directories and authorities work as expected
Also clarify comments.
2015-12-17 11:39:40 +11:00
teor (Tim Wilson-Brown)
9882a88b74 Prop210: Only clients benefit from multiple consensus downloads
Anything that's a server can afford to wait for a few minutes.
(Except for bridge relays, which act like clients.)
2015-12-17 11:38:24 +11:00
Nick Mathewson
e6be486aea More emergency-check code for un-removed pending entry conns
This might also be what #17752 needs.
2015-12-16 19:16:07 -05:00
Nick Mathewson
24fcb6adbb Add an edge_about_to_close() call to ap_about_to_close().
Fixes #17876
2015-12-16 18:52:34 -05:00
Nick Mathewson
613e0e1c1a Move pending-connection code into connection_ap_about_to_close
It is AP-specific, so that's where it belongs.  This shouldn't have
caused a bug, but due to #17876, we were never actually calling
connection_edge_about_to_close from connection_ap_about_to_close,
causing bug #17874 (aka bug #17752).
2015-12-16 18:49:23 -05:00
Matthew Finkel
1ceb7142a1 A relay now advertises "tunnelled-dir-server" in its descriptor
When a relay does not have an open directory port but it has an
orport configured and is accepting client connections then it can
now service tunnelled directory requests, too. This was already true
of relays with an dirport configured.

We also conditionally stop advertising this functionality if the
relay is nearing its bandwidth usage limit - same as how dirport
advertisement is determined.

Partial implementation of prop 237, ticket 12538
2015-12-16 16:16:01 +01:00
Matthew Finkel
467d0919d2 Authorities must set a router's V2Dir flag if it supports tunnelled reqs
Partial implementation of prop 237, ticket 12538
2015-12-16 16:15:41 +01:00
Nick Mathewson
9d17d10b36 tweak router_parse_addr_policy_item_from_string docs 2015-12-16 08:49:32 -05:00
Nick Mathewson
bb23ad3e47 Merge remote-tracking branch 'teor/feature17863' 2015-12-16 08:48:28 -05:00
Nick Mathewson
10e442ba93 Merge remote-tracking branch 'teor/feature17864' 2015-12-16 08:41:20 -05:00
Nick Mathewson
a03469aa85 More debugging code to try to track down #17659 2015-12-16 08:37:40 -05:00
Nick Mathewson
a4ca2ef1ff Add some assertions to try to catch #17752 2015-12-16 08:24:54 -05:00
teor (Tim Wilson-Brown)
978210d5a8 Wait for busy authorities/fallbacks rather than ignoring excluded nodes
Applies the 6c443e987d fix to router_pick_directory_server_impl.

6c443e987d applied to directory servers chosen from the consensus,
and was:
"Tweak the 9969 fix a little

If we have busy nodes and excluded nodes, then don't retry with the
excluded ones enabled. Instead, wait for the busy ones to be nonbusy."
2015-12-16 09:07:11 +11:00
teor (Tim Wilson-Brown)
e2e09a2dbe Warn when comparing against an AF_UNSPEC address in a policy
It produces unexpected results, and it's most likely a bug.
2015-12-16 08:51:59 +11:00
teor (Tim Wilson-Brown)
ce92335214 Add policy assume_action support for IPv6 addresses
These IPv6 addresses must be quoted, because : is the port separator,
and "acce" is a valid hex block.

Add unit tests for assumed actions in IPv6 policies.
2015-12-16 08:51:35 +11:00
teor (Tim Wilson-Brown)
cd0a5db5e9 Initialise malformed_list to 0 each time we parse a policy 2015-12-16 08:51:34 +11:00
Nick Mathewson
6ba8afe5f8 Merge remote-tracking branch 'teor/feature15775-fallback-v9-squashed' 2015-12-15 14:04:00 -05:00
teor
4c1c2a313d Add Fallback Directory Candidate Selection Script
"Tor has included a feature to fetch the initial consensus from nodes
 other than the authorities for a while now. We just haven't shipped a
 list of alternate locations for clients to go to yet.

 Reasons why we might want to ship tor with a list of additional places
 where clients can find the consensus is that it makes authority
 reachability and BW less important.

 We want them to have been around and using their current key, address,
 and port for a while now (120 days), and have been running, a guard,
 and a v2 directory mirror for most of that time."

Features:
* whitelist and blacklist for an opt-in/opt-out trial.
* excludes BadExits, tor versions that aren't recommended, and low
  consensus weight directory mirrors.
* reduces the weighting of Exits to avoid overloading them.
* places limits on the weight of any one fallback.
* includes an IPv6 address and orport for each FallbackDir, as
  implemented in #17327. (Tor won't bootstrap using IPv6 fallbacks
  until #17840 is merged.)
* generated output includes timestamps & Onionoo URL for traceability.
* unit test ensures that we successfully load all included default
  fallback directories.

Closes ticket #15775. Patch by "teor".
OnionOO script by "weasel", "teor", "gsathya", and "karsten".
2015-12-16 05:54:40 +11:00
Nick Mathewson
efc8b2dbbf clean whitespace 2015-12-15 13:22:41 -05:00
Nick Mathewson
aa4be914f0 Merge remote-tracking branch 'teor/feature17327-v4' 2015-12-15 13:19:18 -05:00
Nick Mathewson
aba39ea390 Merge branch 'feature8195_small_squashed' 2015-12-15 13:11:06 -05:00
Nick Mathewson
405a8d3fb4 Update KeepCapabilities based on comments from asn
* The option is now KeepBindCapabilities
* We now warn if the user specifically asked for KeepBindCapabilities
  and we can't deliver.
* The unit tests are willing to start.
* Fewer unused-variable warnings.
* More documentation, fewer misspellings.
2015-12-15 13:10:57 -05:00
Nick Mathewson
e8cc839e41 Add ability to keep the CAP_NET_BIND_SERVICE capability on Linux
This feature allows us to bind low ports when starting as root and
switching UIDs.

Based on code by David Goulet.

Implement feature 8195
2015-12-15 13:10:57 -05:00
Nick Mathewson
744958e0dd Fix a few compilation warnings and errors 2015-12-15 13:03:21 -05:00
Nick Mathewson
a7d44731d9 Merge remote-tracking branch 'teor/feature4483-v10-squashed' 2015-12-15 12:57:57 -05:00
teor (Tim Wilson-Brown)
d72af1085a Prop210: Add router_digest_is_fallback_dir
router_digest_is_fallback_dir returns 1 if the digest is in the
currently loaded list of fallback directories, and 0 otherwise.

This function is for future use.
2015-12-16 04:37:59 +11:00
teor (Tim Wilson-Brown)
2212530bf5 Prop210: Close excess connections once a consensus is downloading
Once tor is downloading a usable consensus, any other connection
attempts are not needed.

Choose a connection to keep, favouring:
* fallback directories over authorities,
* connections initiated earlier over later connections

Close all other connections downloading a consensus.
2015-12-16 04:37:59 +11:00
teor (Tim Wilson-Brown)
35bbf2e4a4 Prop210: Add schedules for simultaneous client consensus downloads
Prop210: Add attempt-based connection schedules

Existing tor schedules increment the schedule position on failure,
then retry the connection after the scheduled time.

To make multiple simultaneous connections, we need to increment the
schedule position when making each attempt, then retry a (potentially
simultaneous) connection after the scheduled time.

(Also change find_dl_schedule_and_len to find_dl_schedule, as it no
longer takes or returns len.)

Prop210: Add multiple simultaneous consensus downloads for clients

Make connections on TestingClientBootstrapConsensus*DownloadSchedule,
incrementing the schedule each time the client attempts to connect.

Check if the number of downloads is less than
TestingClientBootstrapConsensusMaxInProgressTries before trying any
more connections.
2015-12-16 04:37:49 +11:00
Nick Mathewson
54433993c7 Merge branch 'feature17576-UseDefaultFallbackDirs-v2-squashed' 2015-12-15 12:19:08 -05:00
teor (Tim Wilson-Brown)
080ae03ee4 Add UseDefaultFallbackDirs for hard-coded directory mirrors
UseDefaultFallbackDirs enables any hard-coded fallback
directory mirrors. Default is 1, set it to 0 to disable fallbacks.

Implements ticket 17576.
Patch by "teor".
2015-12-15 12:19:01 -05:00
teor (Tim Wilson-Brown)
d3546aa92b Prop210: Add want_authority to directory_get_from_dirserver 2015-12-16 04:03:45 +11:00
teor (Tim Wilson-Brown)
df0c135d62 Prop210: Refactor connection_get_* to produce lists and counts 2015-12-16 04:02:12 +11:00
cypherpunks
62c4d3880f Remove eventdns specific inline definition
The header includes compat.h which already defines inline.
2015-12-15 11:34:00 -05:00
cypherpunks
824a6a2a90 Replace usage of INLINE with inline
This patch was generated using;

  sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
2015-12-15 11:34:00 -05:00
Nick Mathewson
39b2f2d35e Merge branch 'maint-0.2.7' 2015-12-14 13:21:16 -05:00
cypherpunks
670affa792 Only setup environment variables for tests
Using the AM_TESTS_ENVIRONMENT variable ensures the environment
variables are only set during test execution and not during the
compilation phase.
2015-12-14 13:11:20 -05:00
teor (Tim Wilson-Brown)
60fc2b2539 Add IPv6 addresses & orports to the default directory authorities
Source: Globe entries for each authority.
2015-12-14 23:46:47 +11:00
teor (Tim Wilson-Brown)
1c2366ea43 Authorities on IPv6: minor fixes and unit tests
Update the code for IPv6 authorities and fallbacks for function
argument changes.

Update unit tests affected by the function argument changes in
the patch.

Add unit tests for authority and fallback:
 * adding via a function
 * line parsing
 * adding default authorities
(Adding default fallbacks is unit tested in #15775.)
2015-12-14 23:46:47 +11:00
Nick Mathewson
85003f4c80 Add a new ipv6=address:orport flag to DirAuthority and FallbackDir
Resolves # 6027
2015-12-14 23:43:50 +11:00
Nick Mathewson
a807bb781b Whitespace fix 2015-12-10 20:04:04 -05:00
Nick Mathewson
4b0e9fff27 Fix wide line; log why chmod failed. 2015-12-10 20:03:37 -05:00
Nick Mathewson
01334589f1 Simplify cpd_opts usage. 2015-12-10 20:02:22 -05:00
Jamie Nguyen
dcbfe46cd6 Defer creation of Unix socket until after setuid 2015-12-10 20:00:06 -05:00
Jamie Nguyen
ec4ef68271 Introduce DataDirectoryGroupReadable boolean 2015-12-10 20:00:06 -05:00
Arlo Breault
d68b7fd442 Refactor clock skew warning code to avoid duplication 2015-12-10 19:54:11 -05:00
cypherpunks
7e7188cb00 Assert when the TLS contexts fail to initialize 2015-12-10 08:50:40 -05:00
Nick Mathewson
6102efbee2 Merge remote-tracking branch 'teor/fix-exitpolicy-leak' 2015-12-09 16:25:17 -05:00
cypherpunks
91ab2ac5aa Assert that memory held by rephist is freed
The internal memory allocation and history object counters of the
reputation code can be used to verify the correctness of (part of) the
code. Using these counters revealed an issue where the memory allocation
counter is not decreased when the bandwidth arrays are freed.

A new function ensures the memory allocation counter is decreased when a
bandwidth array is freed.

This commit also removes an unnecessary cast which was found while
working on the code.
2015-12-09 11:31:17 -05:00
Nick Mathewson
b3eba8ef12 Merge branch 'refactor-effective-entry' 2015-12-09 11:05:41 -05:00
Nick Mathewson
580d788b3f Tweak policies_log_first_redundant_entry even more
* Use smartlist_foreach_begin/end instead of a plain for loop.
  * constify the pointers.
2015-12-09 11:04:57 -05:00
Nick Mathewson
db433b8dc3 Tweak policies_log_first_redundant_entry more.
* Since the variable is no longer modified, it should be called
     'policy' instead of 'dest'.  ("Dest" is short for
     "destination".)
   * Fixed the space issue that dgoulet found on the ticket.
   * Fixed the comment a little. (We use the imperative for function
     documentation.)
2015-12-09 11:02:15 -05:00
Nick Mathewson
caff665309 Merge remote-tracking branch 'teor/first-hop-no-private' 2015-12-09 10:47:59 -05:00
cypherpunks
c76059ec9b Assert that the directory server digest is given
This prevents a possible crash when memory is copied from a pointer to
NULL.
2015-12-09 10:22:26 -05:00
cypherpunks
fbdd32ebe9 Mention the expected length of the digests
Some functions that use digest maps did not mention that the digests are
expected to have DIGEST_LEN bytes. This lead to buffer over-reads in the
past.
2015-12-09 10:22:26 -05:00
David Goulet
4a7964b3bc Don't allow a rendezvous point to have a private address
When an HS process an INTRODUCE2 cell, we didn't validate if the IP address
of the rendezvous point was a local address. If it's the case, we end up
wasting resources by trying to extend to a local address which fails since
we do not allow that in circuit_extend().

This commit now rejects a rendezvous point that has a local address once
seen at the hidden service side unless ExtendAllowPrivateAddresses is set.

Fixes #8976

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-12-08 15:57:12 -05:00
Nick Mathewson
252149e8b4 Merge branch 'maint-0.2.7' 2015-12-08 10:23:56 -05:00
Nick Mathewson
c6a337557a Merge branch 'maint-0.2.6' into maint-0.2.7 2015-12-08 10:23:41 -05:00
Nick Mathewson
1adc2bf66f Merge branch 'maint-0.2.5' into maint-0.2.6 2015-12-08 10:20:21 -05:00
Nick Mathewson
c3d11b119d Merge branch 'maint-0.2.4' into maint-0.2.5 2015-12-08 10:20:14 -05:00
Arlo Breault
5138f5ca69 Ensure node is a guard candidate when picking a directory guard 2015-12-08 09:49:01 -05:00
Nick Mathewson
4328525770 Merge branch 'maint-0.2.4' into maint-0.2.5 2015-12-08 09:38:48 -05:00
Nick Mathewson
b0867fec96 Fix a compilation warning introduced by clang 3.6
There was a dead check when we made sure that an array member of a
struct was non-NULL.  Tor has been doing this check since at least
0.2.3, maybe earlier.

Fixes bug 17781.
2015-12-08 09:37:05 -05:00
cypherpunks
95c03b29de Fix memory leak by circuit marked for close list
This commit fixes a memory leak introduced by commit
8b4e5b7ee9.
2015-12-08 08:52:10 -05:00
Nick Mathewson
1321608786 Merge branch 'maint-0.2.7' 2015-12-08 08:45:09 -05:00
Nick Mathewson
e9bf584694 Format IPv6 policies correctly.
Previously we'd suppressed the mask-bits field in the output when
formatting a policy if it was >=32.  But that should be a >=128 if
we're talking about IPv6.

Since we didn't put these in descriptors, this bug affects only log
messages and controller outputs.

Fix for bug 16056.  The code in question was new in 0.2.0, but the
bug was introduced in 0.2.4 when we started supporting IPv6 exits.
2015-12-08 08:44:58 -05:00
Nick Mathewson
79fdfd5231 Merge remote-tracking branch 'teor/exitpolicy-multicast' 2015-12-07 10:23:30 -05:00
teor (Tim Wilson-Brown)
329aa59e43 Comment-only change to connection_get_by_type_addr_port_purpose
connection_get_by_type_addr_port_purpose also ignores connections
that are marked for close.
2015-12-07 16:13:07 +11:00
teor (Tim Wilson-Brown)
b7525c39bf Comment-only changes to connection_connect
port is in host order (addr is tor_addr_t, endianness is abstracted).

addr and port can be different to conn->addr and conn->port if
connecting via a proxy.
2015-12-07 16:10:37 +11:00
teor (Tim Wilson-Brown)
3461bcb10e Move a comment in router_get_my_descriptor to the correct line 2015-12-07 16:10:37 +11:00
teor (Tim Wilson-Brown)
fb3e862b86 Update comment: get_connection_array no longer takes "n" 2015-12-07 16:10:37 +11:00
teor (Tim Wilson-Brown)
021958934f Consistently ignore multicast in internal reject private exit policies
Consistently ignore multicast addresses when automatically
generating reject private exit policies.

Closes ticket 17763. Bug fix on 10a6390deb,
not in any released version of Tor. Patch by "teor".
2015-12-07 14:46:19 +11:00
teor (Tim Wilson-Brown)
bca4095b93 Make policies_log_first_redundant_entry take a const smartlist_t *
Also fixup code style.
2015-12-06 21:34:52 +11:00
teor (Tim Wilson-Brown)
ba5053b45d Refactor policies_parse_exit_policy_internal
Move logging of redundant policy entries in
policies_parse_exit_policy_internal into its own function.

Closes ticket 17608; patch from "juce".
2015-12-06 21:32:09 +11:00
teor (Tim Wilson-Brown)
bb32c29986 Initialise configured_addresses to a known value (NULL) 2015-12-06 20:24:45 +11:00
cypherpunks
16bec0dfd9 Fix a memory leak in the exit policy parsing code
This memory leak only occurs when the Tor instance is not an exit node.

Fixes code introduced in 10a6390deb.
2015-12-06 20:24:07 +11:00
Nick Mathewson
ee5337e904 Merge branch 'maint-0.2.7' 2015-11-30 22:03:00 -05:00
cypherpunks
be0891667e Fix undefined behavior caused by memory overlap
The tor_cert_get_checkable_sig function uses the signing key included in
the certificate (if available) when a separate public key is not given.

When the signature is valid, the tor_cert_checksig function copies the
public key from the checkable structure to the public key field of the
certificate signing key.

In situations where the separate public key is not given but the
certificate includes a signing key, the source and destination pointers
in the copy operation are equal and invoke undefined behavior.

Undefined behaviour is avoided by ensuring both pointers are different.
2015-11-30 22:02:22 -05:00
Nick Mathewson
0a701e5377 More fixes/debugging attempts for 17659 2015-11-27 12:54:57 -05:00
Nick Mathewson
a33e9f208a Add a stack trace for help debugging one part of 17659 2015-11-27 12:11:51 -05:00
Nick Mathewson
85a48d5e47 Merge branch 'fix-policies-memory-v2-squashed' 2015-11-27 11:54:52 -05:00
teor (Tim Wilson-Brown)
3f83ea84c7 Fix use-after-free of stack memory in getinfo_helper_policies 2015-11-27 11:54:47 -05:00
teor (Tim Wilson-Brown)
7a6ed3e65e Fix use-after-free of stack memory in policies_parse_exit_policy*
Change the function names & comments to make the copying explicit.
2015-11-27 11:54:47 -05:00
Nick Mathewson
5665775e8c Check magic number in connection_ap_attach_pending 2015-11-27 11:21:51 -05:00
Nick Mathewson
0c7bfb206e improve log messages to try to track down #17659 2015-11-26 12:44:12 -05:00
teor (Tim Wilson-Brown)
b0e6010861 Correctly free a smartlist in getinfo_helper_policies 2015-11-26 09:32:33 -05:00
Nick Mathewson
e5754c42d1 Merge branch 'bug17686_v2_027' 2015-11-25 22:33:49 -05:00
Nick Mathewson
ddcbe26474 Now that crypto_rand() cannot fail, it should return void. 2015-11-25 22:29:59 -05:00
Nick Mathewson
dedea28c2e Make crypto_seed_rng() and crypto_rand() less scary.
These functions must really never fail; so have crypto_rand() assert
that it's working okay, and have crypto_seed_rng() demand that
callers check its return value.  Also have crypto_seed_rng() check
RAND_status() before returning.
2015-11-25 22:29:59 -05:00
teor (Tim Wilson-Brown)
e14f9dd44f fixup! Add controller getinfo exit-policy/reject-private
Stop ignoring ExitPolicyRejectPrivate in getinfo
exit-policy/reject-private. Fix a memory leak.

Set ExitPolicyRejectPrivate in the unit tests, and make a mock
function declaration static.
2015-11-25 22:26:10 -05:00
Nick Mathewson
289b184e11 Merge branch 'bug17654_try1' 2015-11-25 12:25:44 -05:00
Nick Mathewson
fe8eb9b366 Merge remote-tracking branch 'public/decouple_dir_request_failed' 2015-11-25 09:21:25 -05:00
Nick Mathewson
dce708d11c Fix a logic error in connection_tls_continue_handshake().
(If we take the branch above this assertion, than we *didn't* have a
v1 handshake.  So if we don't take the branch, we did.  So if we
reach this assertion, we must be running as a server, since clients
no longer attempt v1 handshakes.)

Fix for bug 17654; bugfix on 9d019a7db7.

Bug not in any released Tor.
2015-11-25 09:17:44 -05:00
Nick Mathewson
45caeec9a0 Merge remote-tracking branch 'teor/comments-20151123' 2015-11-25 09:08:15 -05:00
Nick Mathewson
2079ec9ee6 Merge remote-tracking branch 'teor/feature8961-replaycache-sha256' 2015-11-25 08:55:18 -05:00
Nick Mathewson
be30c61ac1 Merge branch 'maint-0.2.7' 2015-11-25 08:53:46 -05:00
teor (Tim Wilson-Brown)
23b088907f Refuse to make direct connections to private OR addresses
Refuse connection requests to private OR addresses unless
ExtendAllowPrivateAddresses is set. Previously, tor would
connect, then refuse to send any cells to a private address.

Fixes bugs 17674 and 8976; bugfix on b7c172c9ec (28 Aug 2012)
Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
release.

Patch by "teor".
2015-11-25 03:11:15 +11:00
teor (Tim Wilson-Brown)
2e9779e5d8 Use SHA256 in the replaycache, rather than SHA1
This migrates away from SHA1, and provides further hash flooding
protection on top of the randomised siphash implementation.

Add unit tests to make sure that different inputs don't have the
same hash.
2015-11-24 09:08:53 +11:00
David Goulet
273b267fa2 Fix: use the right list in find_expiring_intro_point()
The wrong list was used when looking up expired intro points in a rend
service object causing what we think could be reachability issues and
triggering a BUG log.

Fixes #16702

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-11-23 09:02:54 -05:00
Roger Dingledine
6cdd024c94 fix two typos in comments 2015-11-23 07:40:13 -05:00
Nick Mathewson
cbc1b8a4f7 fix "make check-spaces" 2015-11-20 10:52:56 -05:00
Nick Mathewson
e3cf39cefd Fix compilation warnings 2015-11-20 10:51:19 -05:00
Nick Mathewson
35e886fe13 Merge branch 'getinfo-private-exitpolicy-v4-squashed' 2015-11-20 10:48:28 -05:00
teor (Tim Wilson-Brown)
10a6390deb Add controller getinfo exit-policy/reject-private
exit-policy/reject-private lists the reject rules added by
ExitPolicyRejectPrivate. This makes it easier for stem to
display exit policies.

Add unit tests for getinfo exit-policy/*.

Completes ticket #17183. Patch by "teor".
2015-11-20 10:48:19 -05:00
teor (Tim Wilson-Brown)
6913bdfcc5 Refactor router_dump_exit_policy_to_string
Split out policy_dump_to_string to use it in getinfo_helper_policies.
2015-11-20 10:39:37 +11:00
teor (Tim Wilson-Brown)
66fac9fbad Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relays
Modify policies_parse_exit_policy_reject_private so it also blocks
the addresses configured for OutboundBindAddressIPv4_ and
OutboundBindAddressIPv6_, and any publicly routable port addresses
on exit relays.

Add and update unit tests for these functions.
2015-11-20 10:39:13 +11:00
teor (Tim Wilson-Brown)
c73c5a293f Refactor policies_parse_exit_policy_internal
Move the code that rejects publicly routable exit relay addresses
to policies_parse_exit_policy_reject_private. Add
addr_policy_append_reject_addr_list and use it to reject interface
addresses.

This removes the duplicate reject checks on local_address and
ipv6_local_address, but duplicates will be removed by
exit_policy_remove_redundancies at the end of the function.

This also removes the info-level logging on rejected interface
addresses. Instead, log a debug-level message in
addr_policy_append_reject_addr.

This simplifies policies_parse_exit_policy_internal and prepares for
reporting these addresses over the control port in #17183.
2015-11-20 10:32:51 +11:00
Nick Mathewson
118bdc3a6d Merge remote-tracking branch 'public/decouple_conn_attach_2' 2015-11-19 10:44:31 -05:00
Yawning Angel
85bb71049a Fix a startup time assert caused by periodic events not being initialized.
Loading a on disk bridge descriptor causes a directory download to be
scheduled, which asserts due to the periodic events not being
initialized yet.

Fixes bug #17635, not in any released version of tor.
2015-11-18 11:31:05 +00:00
Nick Mathewson
8af5afedc9 windows already has a CALLBACK macro... 2015-11-17 10:00:41 -05:00
Nick Mathewson
dc0d2b5970 Don't relaunch dir requests recursively if connection_connect() returns -1
Closes ticket 17589.
2015-11-17 09:40:05 -05:00
Nick Mathewson
d3cb659541 Fix a server-side crash on DNS init 2015-11-17 09:37:50 -05:00
Nick Mathewson
70f337fdb2 Some unit tests now require that periodic events be initialized. 2015-11-17 09:26:50 -05:00
Nick Mathewson
58edf92678 Free pending_entry_connections on shutdown. 2015-11-17 09:06:47 -05:00
Nick Mathewson
84b3350c83 Be more conservative in scanning the list of pending streams
Now we only re-scan the list in the cases we did before: when we
have a new circuit that we should try attaching to, or when we have
added a new stream that we haven't tried to attach yet.

This is part of 17590.
2015-11-17 09:04:25 -05:00
Nick Mathewson
b1d56fc589 Decouple ..attach_circuit() from most of its callers.
Long ago we used to call connection_ap_handshake_attach_circuit()
only in a few places, since connection_ap_attach_pending() attaches
all the pending connections, and does so regularly.  But this turned
out to have a performance problem: it would introduce a delay to
launching or connecting a stream.

We couldn't just call connection_ap_attach_pending() every time we
make a new connection, since it walks the whole connection list.  So
we started calling connection_ap_attach_pending all over, instead!
But that's kind of ugly and messes up our callgraph.

So instead, we now have connection_ap_attach_pending() use a list
only of the pending connections, so we can call it much more
frequently.  We have a separate function to scan the whole
connection array to see if we missed adding anything, and log a
warning if so.

Closes ticket #17590
2015-11-17 08:53:34 -05:00
Nick Mathewson
b91bd27e6f Whoops; in this context the EV_TIMEOUT flag is needed 2015-11-17 08:53:16 -05:00
Nick Mathewson
c113d19b53 Merge branch 'bug3199_redux_3' 2015-11-17 08:27:42 -05:00
Nick Mathewson
661e5bdbfa Changes to 3199 branch based on feedback from special 2015-11-17 08:26:04 -05:00
Nick Mathewson
eb721ed2d9 Add documentation for periodic event api 2015-11-16 10:40:23 -05:00
teor (Tim Wilson-Brown)
d3b7546753 Add a missing "if" in the comment on warn_nonlocal_controller_ports
Also reflow all the lines of that comment so that they're under
the maximum width.
2015-11-16 16:27:11 +11:00
teor (Tim Wilson-Brown)
dd82550a5e Add missing " in AccountingMax comment in or.h 2015-11-16 12:34:53 +11:00
Nick Mathewson
dd00fd0a1f Change periodic.c to use libevent directly
Libevent's periodic timers aren't the right solution when the
timeout potentially changes every time.
2015-11-13 16:25:40 -05:00
Nick Mathewson
65a6489e5e fix whitespace; remove dead code 2015-11-13 16:24:45 -05:00
Nick Mathewson
2bf8fb5ee3 Fold all of the run-every-second stuff back into run_scheduled_events() 2015-11-13 16:24:45 -05:00
Nick Mathewson
9f31908a40 Turn all of run_scheduled_events() into a bunch of periodic events
This patch is designed to look good when you see it through 'diff -b':
it mostly leaves entries in the same order, and leaves the code unmodified.
2015-11-13 16:24:45 -05:00
Nick Mathewson
e8b459a2fa Connect periodic events to main 2015-11-13 16:24:44 -05:00
Kevin Butler
fbeff307f7 Infrastructure for replacing global periodic events in main.c
(This is from Kevin's bug3199 patch series; nick extracted it into
 a new file and changed the interface a little, then did some API
 tweaks on it.)
2015-11-13 16:24:44 -05:00
Nick Mathewson
7a940fac1c appease check-spaces 2015-11-13 13:46:47 -05:00
Nick Mathewson
d467227323 Merge remote-tracking branch 'public/ticket11150_client_only' 2015-11-13 09:58:16 -05:00
Nick Mathewson
f7ccc9b975 Merge branch 'decouple_circuit_mark_squashed' 2015-11-12 14:20:24 -05:00
Nick Mathewson
8b4e5b7ee9 Experimentally decouple the main body of circuit_mark_for_close 2015-11-12 14:20:16 -05:00
Nick Mathewson
d20a3d07e3 Merge branch 'karsten_bug13192_026_03_teor' 2015-11-12 11:40:58 -05:00
teor (Tim Wilson-Brown)
0d5a439292 Mark fallback directoriess as too busy after a 503 response
Mark fallback directory mirrors as "too busy" when they return
a 503 response. Previously, the code just marked authorities as busy.

Unless clients set their own fallback directories, they will never see
this bug. (There are no default fallbacks yet.)

Fixes bug 17572; bugfix on 5c51b3f1f0 released in 0.2.4.7-alpha.
Patch by "teor".
2015-11-10 09:47:48 +11:00
rl1987
a187c772af Seventh test case for dns_resolve_impl(). 2015-10-24 14:30:53 +03:00
rl1987
f53dcf6a35 Sixth test case for dns_resolve_impl. 2015-10-24 14:30:52 +03:00
rl1987
cc1bed9974 Add a fifth unit test. 2015-10-24 14:30:52 +03:00
rl1987
1096f7638e A second test case for dns_resolve_impl. 2015-10-24 14:30:50 +03:00
Nick Mathewson
52fd384a46 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 11:18:11 -04:00
Nick Mathewson
9c4a0aef0c Fix a memory leak in reading an expired ed signing key.
Closes 17403.
2015-10-21 11:16:28 -04:00
Nick Mathewson
35edd74e25 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:56:40 -04:00
Nick Mathewson
5d45a26f39 Whoops; infinite recursion 2015-10-21 10:56:27 -04:00
Nick Mathewson
d14b009b23 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:54:12 -04:00
Nick Mathewson
8b01849f3b Yet more memory leaks in the rendcache tests 2015-10-21 10:54:07 -04:00
Nick Mathewson
aa96abe66b Fix memory leak in rend_cache_failure_entry_free()
Bug 17402.
2015-10-21 10:52:57 -04:00
Nick Mathewson
a5e873ff29 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:28:16 -04:00
Nick Mathewson
03eb999d42 Fix an (unreachable) memory leak in rendcache.c
The 0.2.8 unit tests provoke this leak, though I don't think it can
happen IRL.
2015-10-21 10:27:19 -04:00
Nick Mathewson
46cd466dec Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:00:52 -04:00
Nick Mathewson
34b4da709d Fix a bunch more memory leaks in the tests. 2015-10-21 10:00:05 -04:00
Nick Mathewson
5b2070198a Fix a use-after-free in validate_intro_point_failure. Bug 17401. Found w valgrind 2015-10-21 09:59:19 -04:00
Nick Mathewson
a8a26ca30e Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-15 13:56:53 -04:00
Nick Mathewson
7e7683b254 Merge remote-tracking branch 'origin/maint-0.2.6' into maint-0.2.7 2015-10-15 13:56:41 -04:00
David Goulet
2ec5e24c58 Add hidserv-stats filname to our sandbox filter
Fixes #17354

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-10-15 13:42:34 -04:00
Nick Mathewson
9d019a7db7 tor_tls_finish_handshake is server-side only. 2015-10-07 10:32:54 -04:00
Nick Mathewson
6505d529a5 Remove client-side support for detecting v1 handshake
Fixes more of 11150
2015-10-07 10:13:39 -04:00
Nick Mathewson
bd1a137893 Remove the client-side code for the v1 and v2 tls handshakes.
(This is safe since super-old Tor servers are no longer allowed on
the network.)

Closes the client-side part of 11150.
2015-10-07 10:04:12 -04:00
Nick Mathewson
15bfdbeb9d fix check-spaces once more 2015-10-06 11:32:37 -04:00
Nick Mathewson
f179abdca9 Merge remote-tracking branch 'twstrike/rendcache_tests'
Conflicts:
        src/test/include.am
	src/test/rend_test_helpers.c
	src/test/rend_test_helpers.h
2015-10-06 11:32:06 -04:00
Ola Bini
f319231e6e
Divide the different parse_port_config groups into separate tests 2015-10-05 15:31:49 -05:00
Ola Bini
5cb7242012
Move CL_PORT definitions so they are accessible to the tests as well 2015-10-05 15:10:58 -05:00
Ola Bini
017047e7b2
Fix all spaces 2015-10-05 15:06:34 -05:00
Ola Bini
598cd4690c
Make compilation work under gcc-warnings 2015-10-05 14:56:57 -05:00
Ola Bini
70de8d4bf8
Fix spaces and other smaller issues 2015-10-05 14:31:10 -05:00
Roger Dingledine
c9cb5516ab fix easy typo 2015-10-04 12:28:25 -04:00
Nick Mathewson
21c201202e Merge remote-tracking branch 'twstrike/dir-handle-cmd-get' 2015-10-02 15:04:28 +02:00
Nick Mathewson
67182226f1 Merge remote-tracking branch 'teor/warn-when-time-goes-backwards' 2015-10-02 13:56:28 +02:00
Nick Mathewson
488e9a0502 Merge remote-tracking branch 'teor/routerset-parse-IPv6-literals'
(Minor conflicts)
2015-10-02 13:54:20 +02:00
Nick Mathewson
0b3190d4b7 Merge remote-tracking branch 'donncha/feature14846_4' 2015-10-02 13:40:26 +02:00
teor (Tim Wilson-Brown)
763cb393d3 fixup #17188: Add most likely reasons for clock going backwards
Add "You might have an empty clock battery or bad NTP server."
2015-10-01 09:58:15 +02:00
Nick Mathewson
71e4649f02 Disallow transitions on SyslogIdentityTag, since they do not work right 2015-09-30 18:34:15 +02:00
Peter Palfrader
1cf0d82280 Add SyslogIdentityTag
When logging to syslog, allow a tag to be added to the syslog identity
("Tor"), i.e. the string prepended to every log message.  The tag can be
configured by setting SyslogIdentityTag and defaults to none.  Setting
it to "foo" will cause logs to be tagged as "Tor-foo".  Closes: #17194.
2015-09-30 18:34:15 +02:00
teor (Tim Wilson-Brown)
cd279ca7f5 Warn when the system clock is set back in time
Warn when the state file was last written in the future.
Tor doesn't know that consensuses have expired if the clock is in the past.

Patch by "teor". Implements ticket #17188.
2015-09-30 13:33:56 +02:00
Marcin Cieślak
f75325c132 No spaces around = in variable assignment
BSD make takes spaces around = literally
and produces a "TESTING_TOR_BINARY "
variable with a trailing space, which leads
to test_keygen.sh failure.

Fixes 17154
2015-09-29 10:09:02 +02:00
Nick Mathewson
8d6bb3a559 Make our digest-mismatch warnings a touch better 2015-09-24 17:45:33 -04:00
Nick Mathewson
e62fe2f02d Put braces around reject-lines for IPv6 addrs
Fixes bug 17149; bug not in any released Tor.
2015-09-24 16:51:25 -04:00
Nick Mathewson
01733e2b15 New AuthDirPinKeys option to enable/disable keypinning enforcement
Implements ticket #17135.  We're going to need this one to avoid
chaos as everybody figures out how ed25519 keys work.
2015-09-23 11:22:26 -04:00
Nick Mathewson
efea1e904a Extract the add-or-replace-keypin logic into a new function
We're about to need to call it in another place too.
2015-09-23 11:07:17 -04:00
Nick Mathewson
c5e87e33c7 Allow conflicts to occur in keypinning journal
When we find a conflict in the keypinning journal, treat the new
entry as superseding all old entries that overlap either of its
keys.

Also add a (not-yet-used) configuration option to disable keypinning
enforcement.
2015-09-23 11:02:21 -04:00
Nick Mathewson
6b6a714732 Fix a memory leak in router_parse_addr_policy_item_from_string. CID 1324770 2015-09-22 09:55:05 -04:00
Nick Mathewson
df0b4f0342 Merge branch 'feature16769_squashed' 2015-09-22 09:26:30 -04:00
Nick Mathewson
1911f80fb5 Disable --master-key as not-yet-working for 0.2.7 2015-09-22 09:24:35 -04:00
Nick Mathewson
bca4211de5 Add a --master-key option
This lets the user override the default location for the master key
when used with --keygen

Part of 16769.
2015-09-22 09:24:35 -04:00
Nick Mathewson
d8f031aec2 Add a new --newpass option to add or remove secret key passphrases. 2015-09-22 09:24:35 -04:00
Nick Mathewson
e94ef30a2f Merge branch 'feature16944_v2' 2015-09-22 09:19:28 -04:00
teor (Tim Wilson-Brown)
a659a3fced Merge branch 'bug17027-reject-private-all-interfaces-v2' into bug16069-bug17027
src/test/test_policy.c:
Merged calls to policies_parse_exit_policy by adding additional arguments.
fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED.
Compacting logic test now produces previous list length of 4, corrected this.

src/config/torrc.sample.in:
src/config/torrc.minimal.in-staging:
Merged torrc modification dates in favour of latest.
2015-09-16 09:09:54 +10:00
teor (Tim Wilson-Brown)
fd85f2cd70 fixup Clarify ambiguous log message in router_add_exit_policy 2015-09-16 03:59:30 +10:00
teor (Tim Wilson-Brown)
ab6f93caa7 fixup Only set TAPMP_STAR_IPV6_ONLY if TAPMP_EXTENDED_STAR is set
Also fix a comment.
2015-09-16 03:58:06 +10:00
teor (Tim Wilson-Brown)
eb1759e63c Log an info-level message for each IP blocked by ExitPolicyRejectPrivate
Log an info-level message containing the reject line added to the
exit policy for each local IP address blocked by ExitPolicyRejectPrivate:
 - Published IPv4 and IPv6 addresses
 - Publicly routable IPv4 and IPv6 interface addresses
2015-09-16 02:58:34 +10:00
teor (Tim Wilson-Brown)
098b82c7b2 ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses
ExitPolicyRejectPrivate now rejects more local addresses by default:
 * the relay's published IPv6 address (if any), and
 * any publicly routable IPv4 or IPv6 addresses on any local interfaces.

This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.

Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-16 02:56:50 +10:00
Ola Bini
3b535869a4
Add tests for parse_port_config 2015-09-15 18:12:14 +02:00
Reinaldo de Souza Jr
4ff08bb581 Add tests for directory_handle_command_get 2015-09-15 11:08:50 -05:00
Reinaldo de Souza Jr
d5e860e3dc Add tests for src/or/directory.c 2015-09-15 11:08:25 -05:00
Ola Bini
ade5005853
Add tests for the rend cache 2015-09-15 16:21:50 +02:00
teor (Tim Wilson-Brown)
d3358a0a05 ExitPolicy accept6/reject6 produces IPv6 wildcard addresses only
In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.

To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.

Resolves bug #16069.

Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
36ad8d8fdc Warn about redundant torrc ExitPolicy lines due to accept/reject *:*
Tor now warns when ExitPolicy lines occur after accept/reject *:*
or variants. These lines are redundant, and were always ignored.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
e033d5e90b Ignore accept6/reject6 IPv4, warn about unexpected rule outcomes
When parsing torrc ExitPolicies, we now warn if:
  * an IPv4 address is used on an accept6 or reject6 line. The line is
    ignored, but the rest of the policy items in the list are used.
    (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.)
  * a "private" address alias is used on an accept6 or reject6 line.
    The line filters both IPv4 and IPv6 private addresses, disregarding
    the 6 in accept6/reject6.

When parsing torrc ExitPolicies, we now issue an info-level message:
  * when expanding an accept/reject * line to include both IPv4 and IPv6
    wildcard addresses.

In each instance, usage advice is provided to avoid the message.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:03 +10:00
teor (Tim Wilson-Brown)
c58b3726d6 Allow IPv6 literal addresses in routersets
routerset_parse now accepts IPv6 literal addresses.

Fix for ticket 17060. Patch by "teor".
Patch on 3ce6e2fba2 (24 Jul 2008), and related commits,
released in 0.2.1.3-alpha.
2015-09-14 20:01:36 +10:00
teor (Tim Wilson-Brown)
60312dc08b Update comments about ExitPolicy parsing
Fix incomplete and incorrect comments.

Comment changes only.
2015-09-14 11:12:28 +10:00
Nick Mathewson
a444b11323 Convince coverity that we do not have a particular memory leak 2015-09-13 14:44:46 -04:00
David Goulet
8b98172579 Add a rend cache failure info dup function
When validating a new descriptor against our rend cache failure, we were
added the failure entry to the new cache entry without duplicating. It was
then freed just after the validation ending up in a very bad memory state
that was making tor abort(). To fix this, a dup function has been added and
used just before adding the failure entry.

Fixes #17041

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-11 15:09:07 +02:00
Nick Mathewson
41891cbf93 Merge remote-tracking branch 'public/ed25519_hup_v2' 2015-09-10 10:37:13 -04:00
Yawning Angel
f6c446db47 Check NoKeepAliveIsolateSOCKSAuth in a better place.
No functional changes, but since NoKeepAliveIsolateSOCKSAuth isn't
part of isoflag, it should be checked where all other similar options
are, and bypass the (no-op) masking at the end.
2015-09-09 13:52:30 +00:00
Nick Mathewson
7ffc048f0a Make NoKeepAliveIsolateSOCKSAuth work as expected 2015-09-08 14:03:54 -04:00
Nick Mathewson
fcec1f3381 Merge branch 'feature15482_squashed' 2015-09-08 14:03:04 -04:00
Yawning Angel
54510d4d1a Add KeepAliveIsolateSOCKSAuth as a SOCKSPort option.
This controls the circuit dirtyness reset behavior added for Tor
Browser's user experience fix (#15482). Unlike previous iterations
of this patch, the tunable actually works, and is documented.
2015-09-08 14:02:08 -04:00
Donncha O'Cearbhaill
d47a4aec66 Separate lookup function for service rend cache
Performing lookups in both the client and service side descriptor
caches from the same rend_cache_lookup_entry() function increases the
risk of accidental API misuse.

I'm separating the lookup functions to keep the caches distinct.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
61ef356ab3 Rename rend_cache_service to rend_cache_local_service for clarity 2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
335d0b95d3 Clean old descriptors from the service-side rend cache
Parameterize the rend_cache_clean() function to allow it clean
old rendezvous descriptors from the service-side cache as well as
the client descriptor cache.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
ee1a4ce8b2 Require explict specification of cache type 2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
293410d138 Add replica number to HS_DESC CREATED event
Including the replica number in the HS_DESC CREATED event provides
more context to a control port client. The replica allows clients
to more easily identify each replicated descriptor from the
independantly output control events.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
0bd68bf986 Clean up service-side descriptor cache and fix potential double-free.
Entries in the service-side descriptor cache are now cleaned when
rend_cache_free_all() is called. The call to tor_free(intro_content)
in rend_cache_store_v2_desc_as_service() is moved to prevent a
potential double-free when a service has a descriptor with a newer
timestamp already in it's service-side descriptor cache.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
5dc2cbafef Specify descriptor cache type in rend_cache_lookup_entry()
Adds an Enum which represents the different types of rendezvous
descriptor caches. This argument is passed in each call to
rend_cache_lookup_entry() to specify lookup in the client-side or
service-side descriptor caches.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
580673cf94 Add GETINFO hs/service/desc/id/ control command
Adds a control command to fetch a local service descriptor from the
service descriptor cache. The local service descriptor cache is
referenced by the onion address of the service.

This control command is documented in the control spec.
2015-09-08 12:33:56 +02:00
Nick Mathewson
d70b1b4da1 Never ever try to load the secret key if offline_master is set
(Not even if we can't find the public key.)
2015-09-04 09:55:07 -04:00
Nick Mathewson
0ba4e0895a Add "OfflineMasterKey" option
When this is set, and Tor is running as a relay, it will not
generate or load its secret identity key.  You can manage the secret
identity key with --keygen.  Implements ticket 16944.
2015-09-04 09:55:07 -04:00
Nick Mathewson
e73206f681 Only return 0..255 from main().
I think this may fix some bugs with windows exit codes being screwy.
2015-09-03 11:38:00 -04:00
Nick Mathewson
eb71777bb2 Merge remote-tracking branch 'dgoulet/bug15963_026_01' 2015-09-02 16:00:07 -04:00
David Goulet
d6bfedb8e5 Don't vote HSDir if we aren't voting Fast
Fixes #15963

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 17:03:00 +02:00
Nick Mathewson
bc64a6b2b9 Fix crashes in tests 2015-09-02 11:02:00 -04:00
David Goulet
07b3028db7 Prohibit the use of one entry node with an HS
In a nutshell, since a circuit can not exit at its entry point, it's very
easy for an attacker to find the hidden service guard if only one EntryNodes
is specified since for that guard, the HS will refuse to build a rendezvous
circuit to it.

For now, the best solution is to stop tor to allow a single EntryNodes for
an hidden service.

Fixes #14917

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 10:47:20 -04:00
Nick Mathewson
f6bd8fbb80 Let recent relays run with the chutney sandbox.
Fixes 16965
2015-09-02 09:59:50 -04:00
Nick Mathewson
910e25358a Let bridge authorities run under the sandbox
(found thanks to teor's chutney haxx)
2015-09-02 09:59:22 -04:00
Nick Mathewson
f273295cad Merge remote-tracking branch 'dgoulet/bug15254_027_01' 2015-09-02 09:05:55 -04:00
Nick Mathewson
db5a9302c1 correct the doc for find_rp_for_intro.
Thanks to Roger for spotting this!
2015-09-02 08:51:24 -04:00
Nick Mathewson
4cff437a0a Remove remaining references to "nulterminate" in comments
Thanks to Roger for spotting this!
2015-09-02 08:50:26 -04:00
Nick Mathewson
7153cd5094 Include dns_structs.h in tarball 2015-09-02 08:45:12 -04:00
David Goulet
d40358d91e Enable hidden service statistics by default
HiddenServiceStatistics option is now set to "1" by default.

Fixes #15254

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 13:53:36 +02:00
Nick Mathewson
fc191df930 Remove the unused "nulterminate" option to buf_pullup()
I was going to add a test for this, but I realized that it had no
users.  So, removed.
2015-09-01 14:36:25 -04:00
Mike Perry
a16115d9cb Bug 15482: Don't abandon circuits that are still in use for browsing.
Only applies to connections with SOCKS auth set, so that non-web Tor
activity is not affected.

Simpler version of Nick's patch because the randomness worried me, and I'm not
otherwise sure why we want a max here.
2015-09-01 15:21:47 +00:00
Nick Mathewson
d891e2a9c5 missing semicolon 2015-09-01 09:55:20 -04:00
Nick Mathewson
f4ded2cdc9 Fix an always-false check with an assertion
In validate_recommended_package_line, at this point in the function,
n_entries is always >= 1.  Coverity doesn't like us checking it for
0.

CID 1268063.
2015-09-01 09:52:46 -04:00
Nick Mathewson
b977a570c4 Fix a false-positive in coverity scan with an assertion
CID 1301373
2015-09-01 09:50:33 -04:00
Nick Mathewson
f64ef65b9d Fix code for checking expired certificates on load
Fixes CID 1306915, which noticed that the check was dead.
2015-09-01 09:47:51 -04:00
Nick Mathewson
a55f257d6a Simplify API for find_rp_for_intro()
The function now unconditionally allocates a new extend_info_t.
This should convince coverity that we're not leaking memory.
(CID 1311875)
2015-09-01 09:30:48 -04:00
Sebastian Hahn
bbb73eaf31 properly delete current channel in channel_free_list
channel_unregister() removes channels from the current smartlist while
we're in a SMORTLIST_FOREACH loop. This only works by accident.
2015-09-01 15:10:10 +02:00
Nick Mathewson
e8675dc7fc Merge remote-tracking branch 'rl1987/test_dns_resolve_rebased' 2015-08-26 11:32:40 -04:00
Donncha O'Cearbhaill
1d205163e8 Generate service descriptors when PublishHidServDescriptors = 0
Removes a check to PublishHidServDescriptors in
rend_consider_services_upload(). This allows descriptors to be
generated and stored in the local cache when PublishHidServDescriptor = 0.

Keep the PublishHidServDescriptors option check in
rend_consider_descriptor_republication(). We will never need to republish
a descriptor if we are not publishing descriptors to the HSDirs.
2015-08-25 17:30:11 +02:00
Donncha O'Cearbhaill
e0b82e5968 Store service descriptors in the service descriptor cache
Service descriptors are now generated regardless of the the
PublishHidServDescriptors option. The generated descriptors are stored
in the service descriptor cache.

The PublishHidServDescriptors = 1 option now prevents descriptor
publication to the HSDirs rather than descriptor generation.
2015-08-25 17:30:11 +02:00
Donncha O'Cearbhaill
968cb95602 Preparatory indentation changes
Deindent a block of code inside the PublishHidServDescriptors option
check in upload_service_descriptor(). Stylistic commit to make the
subsequent reworking of this code cleaner.
2015-08-25 17:30:11 +02:00
Donncha O'Cearbhaill
af3be650e3 Add a HS_DESC CREATED control event
The HS_DESC CREATED event should be emmited when a new service descriptor
is generated for a local rendevous service. This event is documented
in the control spec.

This commit resolves ticket #16291.
2015-08-25 17:30:02 +02:00
Donncha O'Cearbhaill
1a75e6da00 Create a service-side descriptor cache
Adds a service descriptor cache which is indexed by service ID. This
descriptor cache is used to store service descriptors generated by a
local rendevous service.

The service-side cach can be queried by calling rend_cache_lookup_entry()
with the 'service' argument set to 1.
2015-08-25 16:44:31 +02:00
Donncha O'Cearbhaill
5eff39c846 Fix typo 2015-08-25 16:43:15 +02:00
Andreas Stieger
19df037e53 Log malformed hostnames in socks5 request respecting SafeLogging 2015-08-25 09:36:34 -04:00
rl1987
77a5ca901f Unit test dns_resolve(), dns_clip_ttl(), dns_get_expiry_ttl(). 2015-08-23 16:02:39 +03:00
Nick Mathewson
80a45835c4 Is this the syntax that will make freebsd make happy? 2015-08-21 12:03:05 -04:00
Nick Mathewson
3b6d2f9bf4 Merge branch 'workqueue_squashed' 2015-08-21 10:37:01 -04:00
Sebastian Hahn
5cf24ff3af Fix a bunch of check-spaces complaints 2015-08-21 10:36:53 -04:00
Sebastian Hahn
32220d38c0 Ensure worker threads actually exit when it is time
This includes a small refactoring to use a new enum (workqueue_reply_t)
for the return values instead of just ints.
2015-08-21 10:36:53 -04:00
Nick Mathewson
b58dfba76f Rename EVENT_SIGNAL -> EVENT_GOT_SIGNAL
This avoids a conflict with a macro decl from libevent 1.x.

Fixes bug 16867; bug not in any released Tor.
2015-08-20 18:42:20 -04:00
Nick Mathewson
037e8763a7 Reload Ed25519 keys on sighup.
Closes ticket 16790.
2015-08-19 13:37:21 -04:00
Nick Mathewson
428bb2d1c8 Merge branch 'ed25519_keygen_squashed' 2015-08-19 13:36:59 -04:00
Nick Mathewson
426ef9c8eb More log messages for keygen problems 2015-08-19 13:36:51 -04:00
Nick Mathewson
c88a8a7ca3 Explain better why we are about to load the master key. 2015-08-19 13:36:51 -04:00
Nick Mathewson
a1b5e8b30b Don' call failure to get keys a bug; it's possible now. 2015-08-19 13:36:50 -04:00
Nick Mathewson
76ec891572 When we infer the master key from the certificate, save it to disk. 2015-08-19 13:36:50 -04:00
Nick Mathewson
138b28dc35 Add test_keygen tests for all log outputs; improve keygen outputs. 2015-08-19 13:36:50 -04:00
Nick Mathewson
8f6f1544c9 Resolve failing test_keygen tests. 2015-08-19 13:36:50 -04:00
Nick Mathewson
f362e7a873 Checkpoint work on ed25519 keygen improvements.
Needs changes file, documentation, test integration, more tests.
2015-08-19 13:36:49 -04:00
Nick Mathewson
2f5202c636 Merge remote-tracking branch 'teor/feature14882-TestingDirAuthVoteIsStrict-v3' 2015-08-18 09:53:50 -04:00
Nick Mathewson
a7de5bd02e Merge remote-tracking branch 'arma/bug16844-logs' 2015-08-18 09:19:39 -04:00
Nick Mathewson
eafae7f677 Merge branch 'decouple_controller_events_squashed' 2015-08-18 08:56:31 -04:00
Nick Mathewson
9ec94f1d22 Use thread-local storage to block event_queue recursion. 2015-08-18 08:56:23 -04:00
Nick Mathewson
e2a6a7ec61 Multithreading support for event-queue code. 2015-08-18 08:56:23 -04:00
Nick Mathewson
81f3572467 Refactor initialization logic for control-event-queue
This puts the init logic in a separate function, which we will need
once we have locking.
2015-08-18 08:56:23 -04:00
Nick Mathewson
60c8fbf1ff Remove obsolete event_format_t
We used to use this when we had some controllers that would accept
long names and some that wouldn't.  But it's been obsolete for a
while, and it's time to strip it out of the code.
2015-08-18 08:56:23 -04:00
Nick Mathewson
bab221f113 Refactor our logic for sending events to controllers
Previously we'd put these strings right on the controllers'
outbufs. But this could cause some trouble, for these reasons:

  1) Calling the network stack directly here would make a huge portion
     of our networking code (from which so much of the rest of Tor is
     reachable) reachable from everything that potentially generated
     controller events.

  2) Since _some_ events (EVENT_ERR for instance) would cause us to
     call connection_flush(), every control_event_* function would
     appear to be able to reach even _more_ of the network stack in
     our cllgraph.

  3) Every time we generated an event, we'd have to walk the whole
     connection list, which isn't exactly fast.

This is an attempt to break down the "blob" described in
http://archives.seul.org/tor/dev/Mar-2015/msg00197.html -- the set of
functions from which nearly all the other functions in Tor are
reachable.

Closes ticket 16695.
2015-08-18 08:55:28 -04:00
Sebastian Hahn
fe4c0a187d Use tabs in src/or/include.am 2015-08-18 08:19:00 -04:00
Sebastian Hahn
63db8170ae Fix typo in double_digest_map type 2015-08-18 08:18:44 -04:00
teor
d1c94dcbea Refactor TestingDirAuthVote* into dirserv_set_routerstatus_testing
Make it easier to unit test TestingDirAuthVote{Exit,Guard,HSDir}
by refactoring the code which sets flags based on them into a
new function dirserv_set_routerstatus_testing.
2015-08-18 14:54:40 +10:00
teor
359faf5e4b New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags
"option to prevent guard,exit,hsdir flag assignment"

"A node will never receive the corresponding flag unless
that node is specified in the
TestingDirAuthVote{Exit,Guard,HSDir} list, regardless of
its uptime, bandwidth, exit policy, or DirPort".

Patch modified by "teor": VoteOnHidServDirectoriesV2
is now obsolete, so TestingDirAuthVoteHSDir always
votes on HSDirs.

Closes ticket 14882. Patch by "robgjansen".
Commit message and changes file by "teor"
with quotes from "robgjansen".
2015-08-18 14:51:57 +10:00
teor
0cb82013cc Fix TestingDirAuthVoteHSDir docs: HSDir flag needs DirPort
Fix an error in the manual page and comments for
TestingDirAuthVoteHSDir, which suggested that a
HSDir required "ORPort connectivity". While this is true,
it is in no way unique to the HSDir flag. Of all the flags,
only HSDirs need a DirPort configured in order for the
authorities to assign that particular flag.

Fixed as part of 14882. Patch by "teor".
Bugfix on 0.2.6.3 (f9d57473e1 on 10 January 2015).
2015-08-18 14:51:57 +10:00
Nick Mathewson
d07fe5dffe Merge remote-tracking branches 'public/decouple_lost_owner' and 'public/decouple_signals' 2015-08-17 16:24:45 -04:00
Roger Dingledine
b4732bd2ea Logs and debug info that I used for finding bug 16844 2015-08-17 14:34:50 -04:00
Nick Mathewson
573bd1f033 Merge remote-tracking branch 'public/decouple_retry_directory' 2015-08-17 13:50:19 -04:00
Nick Mathewson
2691b2bb06 Fix an assertion failure introduced in 20254907d7
Fixes bug 16829; bug not in any released Tor.
2015-08-17 09:51:50 -04:00
Nick Mathewson
fd16a2b56f Fix a stupid memory leak I introduced in 8afbc154. Bug not in any released Tor. 2015-08-17 09:42:35 -04:00
Isis Lovecruft
2e0a50abf4 Remove redundant tor_free() in command_process_create_cell().
* FIXES #16823: https://bugs.torproject.org/16823
   If an OP were to send a CREATE_FAST cell to an OR, and that
   CREATE_FAST cell had unparseable key material, then tor_free() would
   be called on the create cell twice.  This fix removes the second
   (conditional on the key material being bad) call to tor_free(), so
   that now the create cell is always freed once, regardless of the status of
   the key material.

   (This isn't actually a double-free bug, since tor_free() sets its
   input to NULL, and has no effect when called with input NULL.)
2015-08-17 09:26:07 -04:00
Nick Mathewson
a053451ddf Merge remote-tracking branch 'isis/fix/circuitlist-docstring-typo' 2015-08-17 09:25:23 -04:00
Nick Mathewson
34aefe6f38 Merge remote-tracking branch 'public/decouple_init_keys' 2015-08-14 08:40:51 -04:00
Nick Mathewson
216bde38e0 Fix some types on container fns 2015-08-13 22:14:14 -04:00
Nick Mathewson
e62518865b Decouple routerlist_retry_directory_downloads() from the blob
Instead of having it call update_all_descriptor_downloads and
update_networkstatus_downloads directly, we can have it cause them to
get rescheduled and called from run_scheduled_events.

Closes ticket 16789.
2015-08-13 09:45:30 -04:00
Nick Mathewson
c7c73f1178 Change lost_owning_controller() to call activate_signal().
Closes ticket 16788.
2015-08-13 09:17:41 -04:00
Nick Mathewson
3cc6d59521 Fix a windows compilation error 2015-08-12 13:16:08 -04:00
Nick Mathewson
9deb3c61fe Fix a memory leak when adding an ri with expired ed certs
Fixes bug 16539; bugfix on 0.2.7.2-alpha.
2015-08-12 12:27:45 -04:00
Nick Mathewson
f4f0b43268 Try to decouple process_signal() from anything not event-driven
This needs debugging; it currently breaks the stem tests.
2015-08-12 11:25:00 -04:00
Nick Mathewson
b65d53519a Decouple the backend for directory_all_unreachable to simplify our CFG
See ticket 16762.
2015-08-12 11:02:20 -04:00
Nick Mathewson
835e09e54b Split the client-only parts of init_keys() into a separate function
This should simplify the callgraph a little more.
2015-08-11 10:41:20 -04:00
Nick Mathewson
da04fed865 Merge branch 'bug16389_027_03_squashed' 2015-08-11 09:34:55 -04:00
David Goulet
7dce409802 Expire after 5 minutes rend cache failure entries
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
David Goulet
6e96723524 Add created timestamp to a rend cache failure entry
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
David Goulet
1070be8217 Use an enum for INTRO_POINT_FAILURE_*
Safer, wiser, stronger!

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
David Goulet
d06af95ba3 Purge client HS failure cache on NEWNYM
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
David Goulet
ab9a0e3407 Add rend failure cache
When fetching a descriptor, we know test every introduction points in it
against our rend failure cache to know if we keep it or not. For this to
work, now everytime an introduction points is discareded (ex: receiving a
NACK), we note it down in our introduction cache.

See rendcache.c for a detailed explanation of the cache's behavior.

Fixes #16389

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
Nick Mathewson
7ee7149389 Make HSDir depend on Running/Valid again.
When we removed Running/Valid checks from Fast and Stable in 8712, I
removed them from HSDir too, which apparently wasn't a good idea.

Reverts part of a65e835800.  Fixes bug 16524. Bugfix
on 0.2.7.2-alpha.
2015-08-11 08:42:19 -04:00
Nick Mathewson
8afbc154f7 Remove a 9-function strongly connected component of tor's callgraph.
microdesc_free_() called get_microdesc_cache(), which had the fun
side-effect of potentially reloading the whole cache from disk.
Replace it with a variant that doesn't.
2015-08-10 15:00:17 -04:00
Nick Mathewson
887d86b76d Merge remote-tracking branch 'public/decouple-write' 2015-08-06 12:58:18 -04:00
Nick Mathewson
e86c3b283a Merge remote-tracking branch 'public/bug16286' 2015-08-06 12:44:13 -04:00
Isis Lovecruft
7155ee849e
Fix misnamed parameter in or_circuit_new docstring.
* CHANGES `p_conn` to `p_chan` in `or_circuit_new()` docstring.
2015-08-06 06:05:07 +00:00
Nick Mathewson
347fe449fe Move formatting functions around.
The base64 and base32 functions used to be in crypto.c;
crypto_format.h had no header; some general-purpose functions were in
crypto_curve25519.c.

This patch makes a {crypto,util}_format.[ch], and puts more functions
there.  Small modules are beautiful!
2015-07-31 11:21:34 -04:00
Nick Mathewson
20254907d7 Improve log messages for problems about ed25519 keypinning
Fixes 16286; bugfix on 0.2.7.2-alpha.
2015-07-31 10:47:39 -04:00
David Goulet
8c83e8cec0 Add get_max_sockets() and remove dead code
The control port was using set_max_file_descriptors() with a limit set to 0
to query the number of maximum socket Tor can use. With the recent changes
to that function, a check was introduced to make sure a user can not set a
value below the amount we reserved for non socket.

This commit adds get_max_sockets() that returns the value of max_sockets so
we can stop using that "setter" function to get the current value.

Finally, the dead code is removed that is the code that checked for limit
equal to 0. From now on, set_max_file_descriptors() should never be used
with a limit set to 0 for a valid use case.

Fixes #16697

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-30 15:21:12 -04:00
Nick Mathewson
aadff62745 Do not autoflush control connections as their outbufs get big
Doing this is no longer necessary, and it leads to weird recursions in
our call graph.  Closes ticket 16480.
2015-07-30 13:31:27 -04:00
Nick Mathewson
aa22b9672c whitespace fix 2015-07-30 13:17:08 -04:00
Nick Mathewson
beac91cf08 Wrap windows-only C files in #ifdef _WIN32
This should make some scripts and IDEs happier.
2015-07-30 11:14:15 -04:00
cypherpunks
2d3f88f6b9 Remove casting of void pointers when handling signals. 2015-07-21 14:06:15 -04:00
Nick Mathewson
3d19eb71d2 Merge remote-tracking branch 'public/feature_16580' 2015-07-16 15:48:41 -04:00
Nick Mathewson
6a08bcf530 Merge remote-tracking branch 'public/ticket16543' 2015-07-16 15:47:00 -04:00
Nick Mathewson
2ba6542517 Merge remote-tracking branch 'sysrqb/bug15220_026_sysrqb' 2015-07-16 15:38:08 -04:00
Nick Mathewson
edaf681735 Break some wide lines 2015-07-16 11:11:21 -04:00
Nick Mathewson
b5cfcb2045 Fix most check-spaces issues 2015-07-16 11:10:14 -04:00
Nick Mathewson
8cb5070376 Use C99 variadic macros when not on GCC.
1) We already require C99.

2) This allows us to support MSVC again (thanks to Gisle Vanem for
   this part)

3) This change allows us to dump some rotten old compatibility code
   from log.c
2015-07-15 14:43:35 -04:00
Nick Mathewson
7bd5212ddc Merge branches 'feature_16582' and 'feature_16581' 2015-07-15 11:05:33 -04:00
Nick Mathewson
c4ab8f74da Don't allow INIT_ED_KEY_{NO_REPAIR,NEEDCERT} to be used together.
We haven't implemented NO_REPAIR for NEEDCERT, and we don't need it:
but it's safest to stop any attempt to use it that way.
2015-07-15 10:45:40 -04:00
Nick Mathewson
3c28d95ca7 Add more EINVAL errno setting on key read failures
Teor found these.  This is for part of #16582.
2015-07-15 10:35:29 -04:00
Nick Mathewson
a65e835800 Add changes file for 8712; apply it to HSDir flag as well. 2015-07-14 14:03:30 -04:00
Peter Retzlaff
fa788a54f5 Vote for relays to be fast and stable even when they aren't currently active. 2015-07-14 13:59:29 -04:00
Nick Mathewson
8596ccce01 Change the name for the keypinning file; delete the old one if found
This is a brute-force fix for #16580, wherein #16530 caused some
routers to do bad things with the old keypinning journal.
2015-07-14 11:33:35 -04:00
Nick Mathewson
3fcb74e98b Add more consistency checks in load_ed_keys
Make sure that signing certs are signed by the right identity key,
to prevent a recurrence of #16530.  Also make sure that the master
identity key we find on disk matches the one we have in RAM, if we
have one.

This is for #16581.
2015-07-14 11:27:49 -04:00
Nick Mathewson
1360326588 Do more consistency checks in ed_key_init_from_file()
When there is a signing key and the certificate lists a key, make
sure that the certificate lists the same signing key.

When there are public key and secret key stored in separate files,
make sure they match.

Use the right file name when we load an encrypted secret key and
then find a problem with it.

This is part of 16581.
2015-07-14 11:12:18 -04:00
Nick Mathewson
5e8edba3d8 If loading an ed25519 master key fails with errno != ENOENT, give up.
This implements feature 16582: if we get EMFILE or something when
loading our master key, we should not at that point attempt to
overwrite it.
2015-07-14 10:36:39 -04:00
Nick Mathewson
0a6997d78b Preserve errno when loading encrypted ed25519 keys. 2015-07-14 10:23:07 -04:00
John Brooks
e03eaa3c4a Remove empty rend_service_validate_intro_early function 2015-07-14 02:30:04 -04:00
John Brooks
cdc5debfde Rename ambiguous introduction point functions
Task #15824
2015-07-14 02:29:17 -04:00
Nick Mathewson
2f8cf524ba Remove the HidServDirV2 and VoteOnHidServDirectoriesV2 options
(Mark them as obsolete)

Closes 16543.
2015-07-10 09:05:26 -04:00
Nick Mathewson
327efe9190 Merge branch 'bug4862_027_04_squashed' 2015-07-09 12:05:14 -04:00
David Goulet
5fa280f7ad Fix comments in rendservice.c
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:12 -04:00
David Goulet
7657194d77 Count intro circuit and not only established ones
When cleaning up extra circuits that we've opened for performance reason, we
need to count all the introduction circuit and not only the established ones
else we can end up with too many introduction points.

This also adds the check for expiring nodes when serving an INTRODUCE cell
since it's possible old clients are still using them before we have time to
close them.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:12 -04:00
David Goulet
d67bf8b2f2 Upload descriptor when all intro points are ready
To upload a HS descriptor, this commits makes it that we wait for all
introduction point to be fully established.

Else, the HS ends up uploading a descriptor that may contain intro points
that are not yet "valid" meaning not yet established or proven to work. It
could also trigger three uploads for the *same* descriptor if every intro
points takes more than 30 seconds to establish because of desc_is_dirty
being set at each intro established.

To achieve that, n_intro_points_established varialbe is added to the
rend_service_t object that is incremented when we established introduction
point and decremented when we remove a valid intro point from our list.

The condition to upload a descriptor also changes to test if all intro
points are ready by making sure we have equal or more wanted intro points
that are ready.

The desc_id_dirty flag is kept to be able to still use the
RendInitialPostPeriod option.

This partially fixes #13483.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
David Goulet
1125a4876b Reuse intro points that failed but are still valid
There is a case where if the introduction circuit fails but the node is
still in the consensus, we clean up the intro point and choose an other one.
This commit fixes that by trying to reuse the existing intro point with a
maximum value of retry.

A retry_nodes list is added to rend_services_introduce() and when we remove
an invalid intro points that fits the use case mentionned before, we add the
node to the retry list instead of removing it. Then, we retry on them before
creating new ones.

This means that the requirement to remove an intro point changes from "if no
intro circuit" to "if no intro circuit then if no node OR we've reached our
maximum circuit creation count".

For now, the maximum retries is set to 3 which it completely arbitrary. It
should also at some point be tied to the work done on detecting if our
network is down or not.

Fixes #8239

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
David Goulet
7c7bb8b97e Refactor rend_services_introduce()
The reasoning for refactoring this function is that removing the
introduction point adaptative algorithm (#4862) ended up changing quite a
bit rend_services_introduce(). Also, to fix some open issues (#8239, #8864
and #13483), this work had to be done.

First, this removes time_expiring variable in an intro point object and
INTRO_POINT_EXPIRATION_GRACE_PERIOD trickery and use an expiring_nodes list
where intro nodes that should expire are moved to that list and cleaned up
only once the new descriptor is successfully uploaded. The previous scheme
was adding complexity and arbitrary timing to when we expire an intro point.
We keep the intro points until we are sure that the new descriptor is
uploaded and thus ready to be used by clients. For this,
rend_service_desc_has_uploaded() is added to notify the HS subsystem that
the descriptor has been successfully uploaded. The purpose of this function
is to cleanup the expiring nodes and circuits if any.

Secondly, this adds the remove_invalid_intro_points() function in order to
split up rend_services_introduce() a bit with an extra modification to it
that fixes #8864. We do NOT close the circuit nor delete the intro point if
the circuit is still alive but the node was removed from the consensus. Due
to possible information leak, we let the circuit and intro point object
expire instead.

Finally, the whole code flow is simplified and large amount of documentation
has been added to mostly explain the why of things in there.

Fixes #8864

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
Nick Mathewson
753797391f More tweaks for windows compilation. (ick) 2015-06-29 13:47:44 -04:00
Nick Mathewson
d9052c629b Remove checks for visual C 6. 2015-06-29 12:55:03 -04:00
David Goulet
adc04580f8 Add the torrc option HiddenServiceNumIntroductionPoints
This is a way to specify the amount of introduction points an hidden service
can have. Maximum value is 10 and the default is 3.

Fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
David Goulet
8dcbdf58a7 Remove intro points adaptative algorithm
Partially fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
Nick Mathewson
cc3a791d55 fix a windows unused var warning 2015-06-28 02:18:15 -04:00
Nick Mathewson
48f69685f5 Avoid a segfault when reading an encrypted key that isn't there
Patch from cypherpunks. Fixes bug 16449. Bug not in any released tor.
2015-06-27 14:14:13 -04:00
Nick Mathewson
3149bfc254 Merge branch 'bug16288_027_03_squashed' 2015-06-25 11:30:52 -04:00
David Goulet
699acd8d54 Validate the open file limit when creating a socket
Fixes #16288

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-25 11:30:47 -04:00
Nick Mathewson
bd73168307 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-25 11:14:53 -04:00
Nick Mathewson
1c1d71fe1a Merge remote-tracking branch 'public/bug16013_025' into maint-0.2.6 2015-06-25 11:14:44 -04:00
Nick Mathewson
68eaaed798 Avoid crashing on busy/NEWNYM+hidden service clients
When we ran out of intro points for a hidden service (which could
happen on a newnym), we would change the connection's state back to
"waiting for hidden service descriptor."  But this would make an
assertion fail if we went on to call circuit_get_open_circ_or_launch
again.

This fixes bug 16013; I believe the bug was introduced in
38be533c69, where we made it possible for
circuit_get_open_circ_or_launch() to change the connection's state.
2015-06-25 11:10:43 -04:00
Nick Mathewson
fce2a15ffb Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-25 10:41:15 -04:00
Nick Mathewson
03e3cf6a7a Merge remote-tracking branch 'public/bug16400_026' into maint-0.2.6 2015-06-25 10:40:58 -04:00
Nick Mathewson
e0b7598833 Repair breakage in early-error case of microdesc parsing
When I fixed #11243, I made it so we would take the digest of a
descriptor before tokenizing it, so we could desist from download
attempts if parsing failed.  But when I did that, I didn't remove an
assertion that the descriptor began with "onion-key".  Usually, this
was enforced by "find_start_of_next_microdescriptor", but when
find_start_of_next_microdescriptor returned NULL, the assertion was
triggered.

Fixes bug 16400.  Thanks to torkeln for reporting and
cypherpunks_backup for diagnosing and writing the first fix here.
2015-06-22 13:51:56 -04:00
Nick Mathewson
8b35d85088 Merge remote-tracking branch 'dgoulet/rendcache_027_01' 2015-06-19 09:10:03 -04:00
Nick Mathewson
1edaef2adf fix some memory leaks that coverity found 2015-06-19 09:03:34 -04:00
David Goulet
a7624de1aa Move cache objects and functions to rendcache.{c|h}
Every functions and objects that are used for hidden service descriptor
caches are moved to rendcache.{c|h}.

This commit does NOT change anything, just moving code around.

Fixes #16399

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-18 12:56:46 -04:00
David Goulet
33b1a33c33 Add rendcache.{c|h}
For now, rend_cache_entry_t has been moved from or.h to rendcache.h and
those files have been added to the build system.

In the next commit, these will contain hidden service descriptor cache ABI
and API for both client and directory side. The goal is to consolidate the
descriptor caches in one location to ease development, maintenance, review
and improve documentation for each cache behavior and algorithm.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-18 12:56:24 -04:00
Nick Mathewson
583a387c1e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-18 11:33:24 -04:00
Nick Mathewson
f18ee7fc72 Merge remote-tracking branch 'dgoulet/bug16381_026_01-revert' into maint-0.2.6 2015-06-18 11:30:01 -04:00
Nick Mathewson
c2c23d1443 Handle "keygen" if datadir does not yet exist 2015-06-17 13:51:45 -04:00
Nick Mathewson
d3b4214c6e Fix an unchecked-case warning on windows 2015-06-17 11:31:53 -04:00
Nick Mathewson
d68133c745 Merge branch '13642_offline_master_v2_squashed' 2015-06-17 10:12:37 -04:00
Nick Mathewson
b6eee531bb Support encrypted offline master keys with a new --keygen flag
When --keygen is provided, we prompt for a passphrase when we make a
new master key; if it is nonempty, we store the secret key in a new
crypto_pwbox.

Also, if --keygen is provided and there *is* an encrypted master key,
we load it and prompt for a passphrase unconditionally.

We make a new signing key unconditionally when --keygen is provided.
We never overwrite a master key.
2015-06-17 10:11:18 -04:00
David Goulet
a5b5d4bd2e Extend intro point to a 4th hop on cannibalization
Fixes #16260

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-17 09:32:26 -04:00
Nick Mathewson
43a98c7da6 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-17 09:19:11 -04:00
Nick Mathewson
c8cb55659a Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-06-17 09:18:45 -04:00
teor
75388f67c0 Correctly handle failed crypto_early_init
If crypto_early_init fails, a typo in a return value from tor_init
means that tor_main continues running, rather than returning
an error value.

Fixes bug 16360; bugfix on d3fb846d8c in 0.2.5.2-alpha,
introduced when implementing #4900.

Patch by "teor".
2015-06-17 09:18:32 -04:00
David Goulet
8acf5255c2 Revert "Do not replace a HS descriptor with a different replica of itself"
This reverts commit 9407040c59.

Small fix, "e->received" had to be removed since that variable doesn't exist
anymore.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-16 13:41:42 -04:00
teor
8092ae0c4e Document the consensus download interval used by hidden services
In the comments in update_consensus_networkstatus_fetch_time_impl
in networkstatus.c
2015-06-16 03:11:09 +10:00
Nick Mathewson
aab7d666cd Add a log message to try to track down #16013 2015-06-11 09:55:47 -04:00
Nick Mathewson
c0c0a6085e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-08 10:33:38 -04:00
David Goulet
6785f0b65a HSDir flag now requires the Stable flag
Fixes #8243
2015-06-08 10:28:35 -04:00
Nick Mathewson
2f67a6e8c9 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-04 15:02:47 -04:00
Yawning Angel
f2ff814582 Set session_group after the port's data structure has been populated.
Fixes #16247, patch by "jojelino".
2015-06-04 13:53:35 +00:00
Nick Mathewson
34edf17d88 Merge remote-tracking branch 'teor/bug16115-minor-fixes' 2015-06-02 14:51:13 -04:00
Nick Mathewson
e8386cce1c Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-02 14:29:37 -04:00
Peter Palfrader
a68e5323f8 Fix sandboxing to work when running as a relay
This includes correctly allowing renaming secret_id_key and allowing the
eventfd2 and futex syscalls.  Fixes bug 16244; bugfix on 0.2.6.1-alpha.
2015-06-02 14:20:01 -04:00
teor
6d8a2ff24f Check for NULL values in getinfo_helper_onions
Fix on 915c7438a7 in Tor 0.2.7.1-alpha.
2015-06-03 04:19:06 +10:00
teor
383a27afc5 Ensure signing_key is non-NULL before accessing one of its members
signing_key can be NULL in ed_key_init_from_file in routerkeys.c.
Discovered by clang 3.7 address sanitizer.

Fix on c03694938e, not in any released version of Tor.
2015-06-03 04:19:05 +10:00
teor
2b73dbf2a4 Always initialise return value in compute_desc_id in rendcommon.c
Fix on e6a581f126, released in 0.2.7.1-alpha.
2015-06-03 04:19:05 +10:00
Nick Mathewson
3d653dff5e Add a master-key-ed25519 line for convenience 2015-06-01 11:24:55 -04:00
Nick Mathewson
fcc01d7caf Fix a memory leak in routerkeys.c 2015-06-01 10:45:51 -04:00
Nick Mathewson
d31877c6bf Fix some memory leaks in ed25519 code and tests 2015-06-01 10:26:11 -04:00
Andrea Shepard
0e0b65db4f Appease make check-spaces 2015-06-01 12:59:14 +00:00
Sharif Olorin
90e07ab338 Fix return-type gcc warning
find_dl_schedule_and_len caused gcc to spit up with -Werror.

Signed-off-by: Sharif Olorin <sio@tesser.org>
2015-05-30 06:03:50 +00:00
Nick Mathewson
12a2321501 Another memory leak bytes the dust. 2015-05-29 16:17:54 -04:00
Nick Mathewson
a6e3db5f72 Attempt to fix keypinning on Windows
Not that I would countenance a directory authority on Windows, but
it would be nice if the unit tests passed.
2015-05-29 14:38:59 -04:00
Nick Mathewson
10dd50dfcb Fix a warning from the clangalyzer. 2015-05-29 14:08:51 -04:00
Nick Mathewson
5dce1829bf Avoid double-free on rend_add_service() failure
Rend_add_service() frees its argument on failure; no need to free again.

Fixes bug 16228, bugfix on 0.2.7.1-alpha

Found by coverity; this is CID 1301387.
2015-05-28 13:23:09 -04:00
Nick Mathewson
49c31877b6 Fix a bug in earlier torcert fix, fix another. 2015-05-28 13:14:30 -04:00
Nick Mathewson
3df6f8591d Memory leak in tor_cert_parse. CID gi1301381 2015-05-28 13:09:00 -04:00
Nick Mathewson
2c32b2848a Small leak in ed_key_init_from_file. CID 1301373 2015-05-28 12:52:34 -04:00
Nick Mathewson
5f15b0e1e2 Memory leak on error in connection_or_compute_auth_cell_body. CID 1301372 2015-05-28 12:51:20 -04:00
Nick Mathewson
b76815d110 fix memory leak on bad ns convote. CID 1301371. 2015-05-28 12:49:39 -04:00
Nick Mathewson
a85d58af62 Fix memory leak on failure to generate EI. CID 1301370. 2015-05-28 12:47:31 -04:00
Nick Mathewson
24a2bb08ab Fix null dereference on key setup error.
CID 1301369
2015-05-28 12:46:06 -04:00
Nick Mathewson
c03694938e Fix a bug when we fail to read a cert from a file.
Found by coverity -- CID 1301366.
2015-05-28 12:30:25 -04:00
Nick Mathewson
1b52e95028 Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
8f15423b76 Do not allocate our ed-link crosscert till after tls ctx
We need this to prevent some annoying chutney crash-at-starts
2015-05-28 10:47:47 -04:00
Nick Mathewson
3bee74c6d1 Generate weird certificates correctly
(Our link protocol assumes that the link cert certifies the TLS key,
and there is an RSA->Ed25519 crosscert)
2015-05-28 10:47:47 -04:00
Nick Mathewson
32f59d7337 Regenerate ed25519 keys when they will expire soon.
Also, have testing-level options to set the lifetimes and
expiration-tolerances of all key types, plus a non-testing-level
option to set the lifetime of any auto-generated signing key.
2015-05-28 10:44:09 -04:00
Nick Mathewson
57189acd6f # This is a combination of 2 commits.
# The first commit's message is:

Regenerate ed25519 keys when they will expire soon.

Also, have testing-level options to set the lifetimes and
expiration-tolerances of all key types, plus a non-testing-level
option to set the lifetime of any auto-generated signing key.

# The 2nd commit message will be skipped:

#	fixup! Regenerate ed25519 keys when they will expire soon.
2015-05-28 10:42:30 -04:00
Nick Mathewson
64450c5f77 Only load master ed25519 secret keys when we absolutely must. 2015-05-28 10:42:29 -04:00
Nick Mathewson
d4a6b1a420 Implement ed25519 identity collation for voting.
This is a new collator type that follows proposal 220 for deciding
which identities to include.  The rule is (approximately):

  If a <ed,rsa> identity is listed by more than half of authorities,
  include it.  And include all <rsa> votes about that node as
  matching.

  Otherwise, if an <*,rsa> or <rsa> identity is listed by more than
  half of the authorities, and no <ed,rsa> has been listed, include
  it.
2015-05-28 10:42:29 -04:00
Nick Mathewson
6c564e6c08 Refactor code that matches up routers with the same identity in votes
This makes 'routerstatus collation' into a first-class concept, so
we can change how that works for prop220.
2015-05-28 10:42:29 -04:00
Nick Mathewson
525383c46d Checkpoint some work on voting on ed25519 identities
* Include ed25519 identities in votes
 * Include "no ed25519 identity" in votes
 * Include some commented-out code about identity voting.  (This
   will disappear.)
 * Include some functions for identity voting (These will disappear.)
 * Enforce uniqueness in ed25519 keys within a vote
2015-05-28 10:42:29 -04:00
Nick Mathewson
0b819a2a7c Enforce more correspondence between ri and ei
In particular, they have to list the same ed25519 certificate, and
the SHA256 digest of the ei needs to match.
2015-05-28 10:42:29 -04:00
Nick Mathewson
79db24b3d5 Sign extrainfo documents with ed25519
Extrainfo documents are now ed-signed just as are router
descriptors, according to proposal 220.  This patch also includes
some more tests for successful/failing parsing, and fixes a crash
bug in ed25519 descriptor parsing.
2015-05-28 10:42:22 -04:00
Nick Mathewson
b29c1530c7 Refactor link handshake cell type implementations to use trunnel
Unit tests still pass.
2015-05-28 10:41:50 -04:00
Nick Mathewson
55bb7bbafd Tests for AUTHENTICATE cell functionality. 2015-05-28 10:41:50 -04:00
Nick Mathewson
b75361c5ed Start testing cell encoders/processers for the v3 handshake.
An earlier version of these tests was broken; now they're a nicer,
more robust, more black-box set of tests.  The key is to have each
test check a handshake message that is wrong in _one_ way.
2015-05-28 10:41:50 -04:00
Nick Mathewson
24b720a984 Include ed25519 keys in microdescriptors. 2015-05-28 10:41:49 -04:00
Nick Mathewson
006b7ce5ff Fix the position-check for ed25519 certs to work with annotations
When there are annotations on a router descriptor, the
ed25519-identity element won't be at position 0 or 1; it will be at
router+1 or router-1.

This patch also adds a missing smartlist function to search a list for
an item with a particular pointer.
2015-05-28 10:41:49 -04:00
Nick Mathewson
592a439107 Tie key-pinning logic into directory authority operation
With this patch:
  * Authorities load the key-pinning log at startup.
  * Authorities open a key-pinning log for writing at startup.
  * Authorities reject any router with an ed25519 key where they have
    previously seen that ed25519 key with a different RSA key, or vice
    versa.
  * Authorities warn about, but *do not* reject, RSA-only descriptors
    when the RSA key has previously gone along with an Ed25519 key.
    (We should make this a 'reject' too, but we can't do that until we're
    sure there's no legit reason to downgrade to 0.2.5.)
2015-05-28 10:41:49 -04:00
Nick Mathewson
eacbe03c71 Key-pinning back-end for directory authorities.
This module implements a key-pinning mechanism to ensure that it's
safe to use RSA keys as identitifers even as we migrate to Ed25519
keys.  It remembers, for every Ed25519 key we've seen, what the
associated Ed25519 key is.  This way, if we see a different Ed25519
key with that RSA key, we'll know that there's a mismatch.

We persist these entries to disk using a simple format, where each
line has a base64-encoded RSA SHA1 hash, then a base64-endoded
Ed25519 key.  Empty lines, misformed lines, and lines beginning with
a # are ignored. Lines beginning with @ are reserved for future
extensions.
2015-05-28 10:41:49 -04:00
Nick Mathewson
a2f317913f Implement proposal 228: cross-certification with onion keys
Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.
2015-05-28 10:41:43 -04:00
Nick Mathewson
efa21bb941 Implement proposal 228: cross-certification with onion keys
Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.
2015-05-28 10:40:57 -04:00
Nick Mathewson
fe5d2477aa Implement ed25519-signed descriptors
Now that we have ed25519 keys, we can sign descriptors with them
and check those signatures as documented in proposal 220.
2015-05-28 10:40:56 -04:00
Nick Mathewson
818e6f939d prop220: Implement certificates and key storage/creation
For prop220, we have a new ed25519 certificate type. This patch
implements the code to create, parse, and validate those, along with
code for routers to maintain their own sets of certificates and
keys.  (Some parts of master identity key encryption are done, but
the implementation of that isn't finished)
2015-05-28 10:40:56 -04:00
Yawning Angel
452cebc4a4 Remove support for OpenSSL without ECC.
As OpenSSL >= 1.0.0 is now required, ECDHE is now mandatory.  The group
has to be validated at runtime, because of RedHat lawyers (P224 support
is entirely missing in the OpenSSL RPM, but P256 is present and is the
default).

Resolves ticket #16140.
2015-05-21 17:07:30 +00:00
Nick Mathewson
eb7f4d0059 Merge remote-tracking branch 'yawning/bug16052a_027' 2015-05-21 10:48:52 -04:00
Nick Mathewson
ed02a409cf Merge branch 'bug16034_no_more_openssl_098_squashed'
Conflicts:
	src/test/testing_common.c
2015-05-20 15:33:22 -04:00
Nick Mathewson
f8f407d66a Now that OpenSSL 0.9.8 is dead, crypto_seed_rng() needs no args
It needed an argument before because it wasn't safe to call
RAND_poll() on openssl 0.9.8c if you had already opened more fds
than would fit in fd_set.
2015-05-20 15:27:36 -04:00
Yawning Angel
712bf06978 Add support for 'HiddenServiceMaxStream' to 'ADD_ONION'.
Done as a separate commit to ease backporting the tunables to 0.2.6.x.
2015-05-20 17:41:27 +00:00
Yawning Angel
db7bde08be Add "HiddenServiceMaxStreams" as a per-HS tunable.
When set, this limits the maximum number of simultaneous streams per
rendezvous circuit on the server side of a HS, with further RELAY_BEGIN
cells being silently ignored.

This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which
if set will cause offending rendezvous circuits to be torn down instead.

Addresses part of #16052.
2015-05-20 17:33:59 +00:00
Nick Mathewson
d5e4a63436 Fix some compilation warnings 2015-05-18 15:57:21 -04:00
Nick Mathewson
2308f917f9 Merge remote-tracking branch 'andrea/ticket15358_squashed_2' 2015-05-18 14:44:28 -04:00
Nick Mathewson
0d3b3a4a23 Merge remote-tracking branch 'special/bug16060' 2015-05-18 11:56:16 -04:00
Nick Mathewson
cc1943bf6e Merge remote-tracking branch 'dgoulet/bug16021_027_01' 2015-05-18 11:29:50 -04:00
cypherpunks
b54626fd11 Silence two make rules 2015-05-18 11:29:07 -04:00
Andrea Shepard
4cbc9c5313 Add GETINFO network-liveness to control protocol 2015-05-17 13:42:57 +00:00
Andrea Shepard
dce9e915c7 Implement EVENT_NETWORK_LIVENESS 2015-05-17 13:42:57 +00:00
John Brooks
6f9e90101e Fix crash on HUP with mixed ephemeral services
Ephemeral services will be listed in rend_services_list at the end of
rend_config_services, so it must check whether directory is non-NULL
before comparing.

This crash happens when reloading config on a tor with mixed configured
and ephemeral services.

Fixes bug #16060. Bugfix on 0.2.7.1-alpha.
2015-05-16 20:01:38 -06:00
David Goulet
a324d7e8e1 Test: add unit test for rend_data_t object and functions
Closes #16021

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 12:08:54 -04:00
David Goulet
2aaaf7b145 Fix: init HSDirs list in rend_data_service_create
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 11:09:02 -04:00
Nick Mathewson
d05d21c89a Merge branch 'bug15880_027_03' 2015-05-14 10:46:45 -04:00
David Goulet
c1ffeadff4 Add missing descriptor ID to HS_DESC control event
For FAILED and RECEIVED action of the HS_DESC event, we now sends back the
descriptor ID at the end like specified in the control-spec section 4.1.25.

Fixes #15881

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:46:38 -04:00
David Goulet
6346d73b8e Fix rend_config_services() indentation
Not sure what happened but whitespace gone wild! :)

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:27:04 -04:00
David Goulet
b6e7b57d9a Use safe_str_client() for service ID in log
Scrub the service ID in a warning log.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:26:57 -04:00
Nick Mathewson
d55db221e8 tor_tls_get_buffer_sizes() will not work on openssl 1.1. Patch from yawning 2015-05-13 12:12:53 -04:00
Nick Mathewson
614d9bc967 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-05-13 11:05:33 -04:00
Nick Mathewson
2b441e25bc comment patch from dgoulet that was in my inbox too long 2015-05-11 11:32:00 -04:00
Donncha O'Cearbhaill
4fc21e8dbc Fix segfault in HSPOST command introduce with feature #3523
Checking if node->rs->is_hs_dir when the router_status for the node does
not exist results in a segfault. This bug is not in any released Tor.
2015-05-08 10:16:44 +01:00
Nick Mathewson
e086db7952 Merge branch 'writing_tests' 2015-05-07 15:29:56 -04:00
Nick Mathewson
79e85313aa Write the outlines of a WritingTests.txt document
Also, add some sample tests to be examples.
2015-05-07 15:29:16 -04:00
David Goulet
b3832e0b7f Fix hs stats comments to be more accurate
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-06 18:05:16 +10:00
Nick Mathewson
b0ea36d779 Merge remote-tracking branch 'public/bug15821_025' 2015-05-05 15:06:57 -04:00
John Brooks
2b27ce52d2 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2015-05-05 15:05:32 -04:00
Nick Mathewson
f61088ce23 Fix a few more memory leaks; not in any released Tor 2015-05-05 11:08:05 -04:00
Nick Mathewson
e8db9d0c94 Merge branch 'feature3523_027' 2015-05-04 11:41:50 -04:00
Donncha O'Cearbhaill
841c4aa715 Add "+HSPOST" and related "HS_DESC" event flags to the controller.
"+HSPOST" and the related event changes allow the uploading of HS
descriptors via the control port, and more comprehensive event
monitoring of HS descriptor upload status.
2015-05-04 11:41:28 -04:00
Yawning Angel
d4729524d1 Make GETINFO hs/client/desc/id/<identifier> actually work (#14845).
Not in any released version of tor.
2015-05-02 11:45:46 +00:00
Nick Mathewson
e8814816c7 whitespace fixes 2015-04-30 13:38:39 -04:00
Nick Mathewson
e9308a8341 compilation fix: signed/unsigned comparison 2015-04-30 13:36:45 -04:00
David Goulet
a9b9f6d90f Update descriptor ID when it changes in rend_data
When we have a new descriptor ID for an onion address request, change it in
the rend_data_t object and purge the old one from the last hid serv request
cache.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-30 12:35:21 -04:00
David Goulet
d33327ec22 Use descriptor ID when purging last hid fetch cache
Stop using an onion address since it's not indexed with that anymore in the
last hid serv request cache. Instead use a base32 encoded descriptor ID
contained in the rend_data_t object.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-30 12:35:21 -04:00
David Goulet
9a364026d3 Use rend_data_client/service_create() in code
Every callsite that use to allocate a rend_data_t object now use the
rend_data_client/service_create() function.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-30 12:35:21 -04:00
David Goulet
e6a581f126 Add a create function for rend_data_t object
Ground works for fixing #15816. This adds the rend_data_create() function in
order to have a single place where we initialize that data structure.

Furthermore, an array of descriptor IDs is added (one per replica) so we can
keep a copy of the current id in the object. It will be used to purge the
last hid serv request cache using those descriptor IDs. When they change,
they will be replaced and the old ones will be purged from the cache.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-30 12:35:20 -04:00
Nick Mathewson
7286a27cfc Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-28 14:46:53 -04:00
David Goulet
26c344a563 Revert "Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()"
Fixes #15850, part of #15801. Change file is added by this commit. The
original comment in the reverted commit is removed because right now we
*need* a DirPort until #15849 is implemented so no doubt nor confusion there
anymore.

This reverts commit 80bed1ac96.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-28 14:30:07 -04:00
Yawning Angel
915c7438a7 Add "ADD_ONION"/"DEL_ONION" and "GETINFO onions/*" to the controller.
These commands allow for the creation and management of ephemeral
Onion ("Hidden") services that are either bound to the lifetime of
the originating control connection, or optionally the lifetime of
the tor instance.

Implements #6411.
2015-04-28 10:19:08 -04:00
Nick Mathewson
b64eb6c47c Make a return value explicitly ignored.
This might make coverity happy
2015-04-23 13:05:06 -04:00
Nick Mathewson
54000d7ad9 Merge remote-tracking branch 'dgoulet/bug14847_027_06' 2015-04-23 12:24:35 -04:00
Nick Mathewson
85eadb733f Merge remote-tracking branch 'teor/longest-policy-comment' 2015-04-23 11:05:24 -04:00
Nick Mathewson
c366e1fa32 Merge remote-tracking branch 'public/remove_old_libevent_autoconf_stuff' 2015-04-23 10:27:01 -04:00
teor
9a34caa4e7 Correct "longest possible policy" comment in router policy
The "longest possible policy" comment in
router_parse_addr_policy_item_from_string() used an example policy
that was actually shorter than the maximum length.

This comment was amended, and expanded to count the maximum number of
characters.

Comment change only.
2015-04-23 23:59:19 +10:00
Nick Mathewson
372aef8981 Merge remote-tracking branch 'public/bug15546' 2015-04-23 09:50:29 -04:00
Nick Mathewson
c3894473fe whitespace fixes 2015-04-23 09:36:43 -04:00
Nick Mathewson
af83a205b0 Merge remote-tracking branch 'andrea/ticket14840' 2015-04-23 09:34:00 -04:00
Nick Mathewson
f5fa6ac534 Avoid memory leak in error messages in control.c (not in any tor) 2015-04-23 09:26:39 -04:00
Nick Mathewson
43a8457b56 Merge remote-tracking branch 'dgoulet/bug14845_026_01' 2015-04-23 09:25:00 -04:00
Nick Mathewson
01d988d72f Merge remote-tracking branch 'teor/bug-15642-v3-fallback-unit-tests' 2015-04-23 09:22:16 -04:00
Nick Mathewson
f1204e0c02 Fix another signed/unsigned comparison bug 2015-04-23 09:21:44 -04:00
Nick Mathewson
241e6b0937 Fix some conversion problems 2015-04-23 09:16:42 -04:00
Nick Mathewson
647b7d37c2 Merge remote-tracking branch 'public/bug15745_027_03' 2015-04-23 09:10:35 -04:00
Nick Mathewson
3acee61422 Merge branch 'feature15652_squashed' 2015-04-23 09:09:33 -04:00
Yawning Angel
196499da73 Use a custom Base64 encoder with more control over the output format. 2015-04-23 09:06:58 -04:00
teor
d68bbb0a29 Unit tests for consider_adding_dir_servers() as modified in #15642
Unit tests for the 10 valid combinations of set/NULL config options
DirAuthorities, AlternateBridgeAuthority, AlternateDirAuthority,
and FallbackDir.

Add assertion in consider_adding_dir_servers() for checks in
validate_dir_servers():
"You cannot set both DirAuthority and Alternate*Authority."
2015-04-23 00:16:04 +10:00
teor
027f73f70e Disable default fallback directories when other directories are set
Only add the default fallback directories when the DirAuthorities,
AlternateDirAuthority, and FallbackDir directory config options
are set to their defaults.

The default fallback directory list is currently empty, this fix will
only change tor's behaviour when it has default fallback directories.

Fixes bug 15642; bugfix on 90f6071d8d in 0.2.4.7-alpha. Patch by "teor".
2015-04-23 00:16:04 +10:00
teor
9139aeadb8 Reachability should check ExtendAllowPrivateAddresses not TestingTorNetwork
When self-testing reachability, use ExtendAllowPrivateAddresses
to determine if local/private addresses imply reachability.

The previous fix used TestingTorNetwork, which implies
ExtendAllowPrivateAddresses, but this excluded rare configs where
ExtendAllowPrivateAddresses is set but TestingTorNetwork is not.

Fixes bug 15771; bugfix on 0.2.6.1-alpha, bug #13924.
Patch by "teor", issue discovered by CJ Ess.
2015-04-22 23:54:21 +10:00
David Goulet
6f5f38a0bc Add function to validate HS descriptor ID
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-22 09:28:20 -04:00
David Goulet
a4585405d6 Multiple fixes for the HSFETCH command
Ref:
https://trac.torproject.org/projects/tor/ticket/14847?replyto=31#comment:31

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:54 -04:00
David Goulet
917c3aac60 Use rend_valid_service_id() in the HSFETCH command
Also, fix a small typo in a comment.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:54 -04:00
David Goulet
3ec651c0a6 Control: make HSFETCH command use LongName
The "SERVER=" option now supports LongName described in the control-spec.txt

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:54 -04:00
David Goulet
b100ebee4e Control: add + and 650 OK to HS_DESC_CONTENT event
The HS_DESC_CONTENT event results in multiple line thus must be prefixed
with a "650+" and ending with "650 OK".

Reported-by: Damian Johnson <atagar@torproject.org>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:54 -04:00
David Goulet
28cf9f2186 Control: unbolt rend_data from HS desc event
The HS_DESC event was using rend_data_t from the dir connection to reply the
onion address and authentication type. With the new HSFETCH command, it's
now possible to fetch a descriptor only using the descriptor id thus
resulting in not having an onion address in any HS_DESC event.

This patch removes rend_query from the hs desc control functions and replace
it by an onion address string and an auth type.

On a successful fetch, the service id is taken from the fetched descriptor.
For that, an extra parameter is added to "store as a client" function that
contains the cache entry stored.

This will make the control event functions scale more easily over time if
other values not present in rend_data_t are needed since the rend_data from
the dir connection might not contained everything we need.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:54 -04:00
David Goulet
59f8dced11 Refactor HS descriptor fetch to support descriptor ID
Big refactor of the HS client descriptor fetch functionnality. This allows
to fetch an HS descriptor using only a descriptor ID. Furthermore, it's also
possible to provide a list of HSDir(s) now that are used instead of the
automatically choosen one.

The approach taken was to add a descriptor_id field to the rend_data_t
structure so it can be used, if available, by the HS client. The onion
address field however has priority over it that is if both are set, the
onion address is used to fetch the descriptor.

A new public function is introduced called rend_client_fetch_v2_desc(...)
that does NOT lookup the client cache before fetching and can take a list of
HSDirs as a parameter.

The HSFETCH control command now uses this new function thus making it work
and final.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:48 -04:00
David Goulet
7db58445fd Control: add HS_DESC_CONTENT event
As defined in section 4.1.26 in the control-spec.txt, this new event replies
the content of a successfully fetched HS descriptor. This also adds a unit
test for the controller event.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:15:02 -04:00
David Goulet
084be23697 Control: groud work for the HSFETCH command
This adds the command on the controller side that parses and validate
arguments but does nothing for now. The HS desriptor fetch must be
modularized a bit more before we can use the command.

See control-spec.txt section 3.26 for more information on this command.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:15:02 -04:00
David Goulet
e9782043c8 Remove onion address usage in lookup_last_hid_serv_request
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:15:02 -04:00
David Goulet
3f41318472 Add crypto_rand_int_range() and use it
Incidently, this fixes a bug where the maximum value was never used when
only using crypto_rand_int(). For instance this example below in
rendservice.c never gets to INTRO_POINT_LIFETIME_MAX_SECONDS.

  int intro_point_lifetime_seconds =
    INTRO_POINT_LIFETIME_MIN_SECONDS +
    crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS -
                    INTRO_POINT_LIFETIME_MIN_SECONDS);

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 11:06:12 -04:00
David Goulet
6f6881c432 Use a random count of INTRODUCE2 for IP rotation
An introduction point is currently rotated when the amount of INTRODUCE2
cells reached a fixed value of 16384. This makes it pretty easy for an
attacker to inflate that number and observe when the IP rotates which leaks
the popularity of the HS (amount of client that passed through the IP).

This commit makes it a random count between the current value of 16384 and
two times that.

Fixes #15745

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-20 17:38:31 -04:00
Andrea Shepard
bc8b9a28a4 Add default DirAuthority lines to output of getinfo_helper_config(config/defaults) if not already present 2015-04-17 22:40:08 +00:00
Andrea Shepard
42cee727fa Move list of default directory authorities to file scope 2015-04-17 06:33:17 +00:00
Nick Mathewson
06939551f4 code style fixes 2015-04-16 11:17:16 -04:00
Nick Mathewson
fabfa28c48 Fix missing-initializer warning 2015-04-16 11:16:20 -04:00
Nick Mathewson
f152081de1 Merge remote-tracking branch 'arma/ticket8766' 2015-04-16 11:15:29 -04:00
Nick Mathewson
cc10f13408 Fix indentation on a block 2015-04-15 11:10:54 -04:00
Nick Mathewson
1a7dea9191 Remove spurious warn 2015-04-15 11:10:48 -04:00
Nick Mathewson
b98cc79477 Merge remote-tracking branch 'sebastian/bug14784' 2015-04-15 11:10:37 -04:00
Nick Mathewson
d59c4063f3 Stop modifying const argument in handle_control_postdescriptor
Fixes 15546.
2015-04-15 10:47:50 -04:00
Nick Mathewson
c3e8b7f2da Fix another space issue 2015-04-15 10:38:12 -04:00
Nick Mathewson
8837cc266e Merge remote-tracking branch 'dgoulet/bug14391_026_v2' 2015-04-15 10:33:04 -04:00
cypherpunks
59e753a4a6 Make --hash-password imply --hush to prevent unnecessary noise. 2015-04-15 09:39:41 -04:00
Nick Mathewson
202bbfbaa4 Merge branch 'bug15604_squashed' 2015-04-07 15:15:54 -04:00
rl1987
fda2aa7703 Set ConnDirectionStatistics back to 0 if not running as relay. 2015-04-07 15:15:28 -04:00
Nick Mathewson
edde1a7844 Merge branch 'bug15541_squashed' 2015-04-07 14:09:55 -04:00
rl1987
6b0c443dde Update other entries in CMDLINE_ONLY_OPTIONS to use values from takes_argument_t. 2015-04-07 14:09:41 -04:00
rl1987
e89c200c47 Print the error message for --dump-config even if no arguments are given. 2015-04-07 14:09:41 -04:00
rl1987
ad54c197a9 Fix error message in do_dump_config(). 2015-04-06 21:01:43 +03:00
Yawning Angel
79544a6fc5 Fix the memory leak in warn_if_option_path_is_relative().
Fixes coverity defect CID 1293337, not in any released version of tor.
2015-04-06 17:53:01 +00:00
Nick Mathewson
a201a5396e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-06 09:26:28 -04:00
Nick Mathewson
0475552140 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-06 09:26:16 -04:00
Nick Mathewson
fe69a7e1d7 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-06 09:25:37 -04:00
Yawning Angel
dc3cb00080 Handle empty/zero length encoded intro points more gracefully.
In theory these should never the triggered as the only caller now
validates the parameters before this routine gets called.
2015-04-06 09:21:43 -04:00
Yawning Angel
7b5f558da4 Treat empty introduction points sections as missing.
Found by DonnchaC.
2015-04-06 09:20:46 -04:00
Yawning Angel
49ddd92c11 Validate the RSA key size received when parsing INTRODUCE2 cells.
Fixes bug 15600; reported by skruffy
2015-04-06 09:18:17 -04:00
Nick Mathewson
24352d0d70 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-03 09:47:57 -04:00
George Kadianakis
929a8f199b Decrease the amount of rend circ relaunches for hidden services. 2015-04-03 09:47:40 -04:00
George Kadianakis
8656cbcfc0 ... and if we do get multiple INTRODUCE1s on a circuit, kill the circuit
(Sending a nak would be pointless.)

See ticket 15515 for discussion.
2015-04-03 09:40:47 -04:00
Nick Mathewson
c1b36488e9 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-03 09:39:19 -04:00
Nick Mathewson
3781955f07 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-03 09:38:54 -04:00
Nick Mathewson
01e4bc80cd Merge branch 'bug15515_024' into maint-0.2.4 2015-04-03 09:36:59 -04:00
George Kadianakis
bcb839387e ... and if we do get multiple INTRODUCE1s on a circuit, kill the circuit
(Sending a nak would be pointless.)

See ticket 15515 for discussion.
2015-04-03 09:36:05 -04:00
George Kadianakis
8dba8a088d Block multiple introductions on the same intro circuit. 2015-04-03 09:35:47 -04:00
Sebastian Hahn
86002a83d3 Bridges are always dirs
This check was accidentally deleted in 05f7336624.
2015-04-01 21:07:46 +02:00
Nick Mathewson
081b0c0f77 mark dirinfo_type as unused in populate_live_entry_guards 2015-04-01 14:20:01 -04:00
Nick Mathewson
05fbbfe472 Merge remote-tracking branch 'public/remove_old_version_checks' 2015-04-01 14:02:02 -04:00
Nick Mathewson
d366c3354f Merge branch 'remove_digests' 2015-04-01 13:53:03 -04:00
Nick Mathewson
cd8f13b5cb Merge branch 'bug13736' 2015-04-01 13:46:50 -04:00
Nick Mathewson
8ba2d971b1 Remove needless call to crypto_set_tls_dh_prime() 2015-04-01 13:37:47 -04:00
Nick Mathewson
aa7b792250 Merge remote-tracking branch 'yawning/feature15435' 2015-04-01 13:34:14 -04:00
Nick Mathewson
34fa4ad637 Merge remote-tracking branch 'public/bug15515_025' 2015-04-01 12:59:19 -04:00
George Kadianakis
a7eae4ddc5 Block multiple introductions on the same intro circuit. 2015-04-01 12:58:52 -04:00
Nick Mathewson
13209eb6f3 Merge remote-tracking branch 'dgoulet/bug15296_027_01' 2015-04-01 12:50:36 -04:00
Nick Mathewson
c66dd17980 Drop support for --digests
This is a fair amount of maintainance burden, and doesn't help much
more than the git microversion.

Closes ticket 14742.
2015-04-01 09:54:20 -04:00
Nick Mathewson
02c3879f87 Merge remote-tracking branch 'teor/ticket15431-event-mask-tests' 2015-03-31 14:57:04 -04:00
Yawning Angel
fda61e030e Implement "TOR_PT_EXIT_ON_STDIN_CLOSE".
Background processes spawned by Tor now will have a valid stdin.
Pluggable transports can detect this behavior with the aformentioned
enviornment variable, and exit if stdin ever gets closed.
2015-03-26 12:55:12 +00:00
Nick Mathewson
e5e2644f23 clean up list of paths that cannot be relative 2015-03-25 09:16:04 -04:00
Nick Mathewson
9e80fc8171 Merge remote-tracking branch 'sebastian/coverage_builds' 2015-03-24 15:16:49 -04:00
Nick Mathewson
112c554fcf Merge branch 'bug14018' 2015-03-24 14:36:23 -04:00
rl1987
09c54655f1 Complain if relative paths are used in configuration
When we validate torrc options, print warning(s) when relative
path(s) been found.
2015-03-24 14:35:52 -04:00
Nick Mathewson
fec923d72b Check return values for tor_addr_parse(default) in config.c
In these cases, the address is always a constant "default", so
should always succeed.  But coverity can't tell that.

Fixes CID 1291645
2015-03-24 10:46:39 -04:00
Nick Mathewson
05f7336624 Remove version checks for microdescriptor support
At this point, relays without microdescriptor support are no longer
allowed on the Tor network.
2015-03-24 09:25:35 -04:00
Nick Mathewson
0f31080d63 Stop checking for torrc state files generated by very old Tor versions
These haven't worked in so long that if you had a state file of this
kind, the guards in it would be so old that you wouldn't use them
anyway.
2015-03-24 09:24:12 -04:00
teor
b41a5039f1 Compile-time check that control_event_t.event_mask is big enough
Add a compile-time check that the number of events doesn't exceed
the capacity of control_event_t.event_mask.
2015-03-22 14:25:42 +11:00
teor
99c10a95e4 Add unit tests for control_event_is_interesting()
Part of ticket 15431, checks for bugs similar to 13085.
2015-03-22 14:24:41 +11:00
Sebastian Hahn
1228dd293b Disable assertions during coverage builds
This removes roughly 5000 branches in my testing. We never want to
trigger assertions even during tests, so this is sane. Implements #15400.
2015-03-21 02:34:44 +01:00
Sebastian Hahn
348f2744cf Initialize two variables
This is a trivial change to get around two compiler warnings when
assertions are removed during coverage builds.
2015-03-21 02:00:17 +01:00
Nick Mathewson
54d6e5e71e Merge remote-tracking branch 'public/feature15053' 2015-03-18 14:27:00 -04:00
Nick Mathewson
d8263ac254 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-18 08:58:15 -04:00
David Goulet
c9534f7902 Remove extra newline at the end of HS descriptor
The rend-spec.txt document doesn't specify this extra newline. Furthermore,
this is the only descryptor type that contains one. Client and HSDir without
this patch still work perfectly since the HS descriptor parsing doesn't
expect a newline at the end.

Fixes #15296

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-03-16 09:04:51 -04:00
Nick Mathewson
a0f892f190 Simplify the loop. 2015-03-14 14:31:26 -04:00
Nick Mathewson
ddb1889eb8 Add comments for new functions 2015-03-14 14:28:29 -04:00
Nick Mathewson
92d04721a2 remove a needless "if (1)" that was there for indentation; fix indentation. 2015-03-14 14:28:29 -04:00
Nick Mathewson
b78803f9f5 Extract main part of main loop into a separate function
For 15176; Shadow would like this.

Based on a patch by Rob Jansen, but revised to have a minimal-sized diff.
2015-03-14 14:28:29 -04:00
cypherpunks
ce9bd4e04c Do not distribute common_sha1.i and or_sha1.i.
These files get generated automatically so there is need to include them in the
distribution.
2015-03-14 13:00:06 -04:00
cypherpunks
5176f6f103 Remove relative paths to header files.
The paths are already in the directory search path of the compiler therefore no
need to include them in the source code.
2015-03-14 13:00:05 -04:00
cypherpunks
7a86d53dee Clean up generated files.
Remove src/or/or_sha1.i and src/common/common_sha1.i on `make clean` and remove
the temporary micro-revision file when its no longer needed.

Additional changes;
- show a message when generating the micro-revision file.
- add the temporary micro revision file to the list of files to be removed on
  `make clean` just in case.
- fix indentation of the make rule to improve readability.
2015-03-14 13:00:04 -04:00
cypherpunks
17cbc4350f Use output variables instead of relative paths.
Fixes the following rules in out-of-tree builds;
- check-spaces
- check-docs
- check-logs
- Doxygen
- coverage-html

And cleans up additional directories;
- coverage_html
- doc/doxygen
2015-03-14 13:00:04 -04:00
Nick Mathewson
511ca9b91c Remove DynamicDHGroups as obsoleted by PluggableTransports or P256.
Closes ticket 13736.
2015-03-14 12:40:55 -04:00
Nick Mathewson
4247ce99e5 ug. test, _then_ commit, nick. 2015-03-14 12:14:32 -04:00
Nick Mathewson
f70f1d283e Do not printf success messages when we are --quieted or --hushed.
Fixes 14994. Calling this a bug on when --quiet and --hush began to have
their current behavior.
2015-03-14 12:12:53 -04:00
Nick Mathewson
3a68f2f54e const-ify the new failure vars, and one old one 2015-03-13 09:41:49 -04:00
Nick Mathewson
833b6d30be Merge remote-tracking branch 'sebastian/bug15211' 2015-03-13 09:39:04 -04:00
Matthew Finkel
61dcd926aa Flag when a controlsocket is configured as WorldWritable 2015-03-13 07:06:16 +00:00
Matthew Finkel
5ce5527823 Move to the next flag when we recognize Writable flags 2015-03-13 07:04:22 +00:00
Nick Mathewson
517e0f965b Remove workarounds for Libevent < 1.3.
This actually lets us dump a lot of old cruft that nobody had (I
hope!) tested in ages.

Closes 15248.
2015-03-12 16:59:05 -04:00
Sebastian Hahn
badc81de5b Don't init hs intro key as side effect of an assert 2015-03-12 18:59:46 +01:00
Sebastian Hahn
447769dd28 Don't init control authchallenge nonce as assert side effect
Fixes part of bug 15211.
2015-03-12 18:57:57 +01:00
Nick Mathewson
3ee2fca7ca Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 13:16:22 -04:00
Nick Mathewson
eb68ea20f8 Merge remote-tracking branch 'public/feature15212_026' into maint-0.2.6 2015-03-12 13:15:08 -04:00
Nick Mathewson
16b1b2199d Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 13:13:06 -04:00
Yawning Angel
b3281fc6d6 Initialize the extorport auth cookie before launching PTs.
PTs expect the auth cookie to be available immedieately after launch,
leading to a race condition when PTs opt to cache the extorport cookie
once immediately after startup.

Fixes #15240.
2015-03-12 13:12:56 -04:00
Nick Mathewson
9063f29160 Revert "Make TransProxyType ipfw work correctly"
This reverts commit 681802817d.

(I didn't mean to backport this, but somehow I had based my branch
for #15205 on it.)
2015-03-12 12:49:08 -04:00
Nick Mathewson
eecd410984 Merge remote-tracking branch 'public/bug15205_025' into maint-0.2.5 2015-03-12 12:27:25 -04:00
Nick Mathewson
b683b9af00 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 11:37:56 -04:00
Nick Mathewson
d4c1716263 add an explanatory comment 2015-03-12 11:28:18 -04:00
Nick Mathewson
648af0438d Also, add an assertion to assign_onionskin_to_cpuworker 2015-03-12 11:15:50 -04:00
Nick Mathewson
66c8180207 Fix crash bug when calling cpuworkers_rotate_keyinfo on a client.
Fixes bug 15245; bugfix on 0.2.6.3-alpha. Thanks to anonym for reporting!
2015-03-12 11:14:39 -04:00
Nick Mathewson
809517a863 Allow {World,Group}Writable on AF_UNIX {Socks,Control}Ports.
Closes ticket 15220
2015-03-11 13:31:33 -04:00
Nick Mathewson
d29a8ad564 Add link protocol version counts to the heartbeat message
Closes ticket 15212
2015-03-10 10:07:41 -04:00
Nick Mathewson
64bfc2930a Restore c89 in 0.2.5 2015-03-09 13:22:58 -04:00
Nick Mathewson
448bd22092 Merge remote-tracking branch 'public/bug14261_025' into maint-0.2.5 2015-03-09 13:17:20 -04:00
Nick Mathewson
62631904cb GETINFO bw-event-cache to get information on recent BW events
Closes 14128; useful to regain functionality lost because of 13988.
2015-03-09 13:13:56 -04:00
Nick Mathewson
e3408248b9 Merge remote-tracking branch 'public/bug13988_025' into maint-0.2.5 2015-03-09 13:12:54 -04:00
Nick Mathewson
ed7f2482e2 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-09 13:08:20 -04:00
Nick Mathewson
fb0de57ba2 Merge remote-tracking branch 'public/feature15006_026' into maint-0.2.6 2015-03-09 13:05:27 -04:00
Nick Mathewson
bd80ba9a9f Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-09 11:10:04 -04:00
Nick Mathewson
a7f75b2056 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-03-09 11:09:49 -04:00
Nick Mathewson
1a7419c3df Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-03-09 11:09:30 -04:00
Nick Mathewson
6704e18dd2 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-03-09 11:08:57 -04:00
Nick Mathewson
4ced3b59aa Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 15:19:43 +01:00
Nick Mathewson
de2c5ad815 Revert "Missing dependencies; fixes 15127."
This reverts commit 930ab95e1f.
2015-03-04 15:18:33 +01:00
Nick Mathewson
98822df3dc Make boostrap events include hostname ANDaddr AND digest 2015-03-04 14:23:59 +01:00
Nick Mathewson
6ae9769b29 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 12:29:25 +01:00
Nick Mathewson
a726cd76df Merge remote-tracking branch 'public/bug15064_025' into maint-0.2.6 2015-03-04 12:26:43 +01:00
Nick Mathewson
681802817d Make TransProxyType ipfw work correctly
Fixes bug 15064; bugfix on 0.2.5.4-alpha.
2015-03-04 12:25:52 +01:00
Nick Mathewson
6a8550fa3c Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 12:15:10 +01:00
Nick Mathewson
5ad47aafab Merge remote-tracking branch 'public/bug15127_025' into maint-0.2.6 2015-03-04 12:14:17 +01:00
Nick Mathewson
2d926d0147 only declare rv when it is used in destination_from_socket. Fixes 15151 2015-03-04 12:12:41 +01:00
Nick Mathewson
930ab95e1f Missing dependencies; fixes 15127. 2015-03-04 12:09:33 +01:00
Roger Dingledine
a1bdb6e42c fix typo in comment 2015-03-03 19:12:27 -05:00
Nick Mathewson
81a994ce77 Make the assert related to 15083 a tiny bit more tolerant 2015-03-03 22:25:26 +01:00
Nick Mathewson
71ee53fe9b Do not leave empty, invalid chunks in buffers during buf_pullup
This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha.

Patch from 'cypherpunks'
2015-03-03 22:21:41 +01:00
Nick Mathewson
79c69d18b7 Include a HOST item in BOOTSTRAP problem messages
Closes ticket 15006.
2015-02-27 11:28:30 -05:00
Nick Mathewson
0dde4d6fa2 Merge remote-tracking branch 'yawning/bug14922' 2015-02-25 08:56:34 -05:00
Nick Mathewson
2bcb596dcf Merge remote-tracking branch 'public/bug14129_024' into maint-0.2.4 2015-02-24 13:23:44 -05:00
Nick Mathewson
a9720b90f8 Fix whitespace from tor_x509_cert rename 2015-02-24 12:03:11 -05:00
Nick Mathewson
f253aef14f Mechanical rename: tor_cert_t -> tor_x509_cert_t 2015-02-24 12:03:10 -05:00
Nick Mathewson
783a44f9e9 Log less/better about systemd at startup
Report errors if the notification fails; report success only if it
succeeds; and if we are not notifying systemd because we aren't
running with systemd, don't log at notice.
2015-02-24 11:11:24 -05:00
Nick Mathewson
af60e7566e Update test_status.c to accommodate changes in heartbeat messages
Fixes #15012; bug not in any released Tor
2015-02-24 10:05:34 -05:00
Nick Mathewson
d74a78c58a Merge branch 'bug14950_logs_squashed' 2015-02-23 13:04:03 -05:00
Nick Mathewson
d221b507c9 Avoid logging natural-language reports that are redundant with bootstrapping 2015-02-23 13:03:56 -05:00
Nick Mathewson
10ae9b9bf5 Usually downgrade middle heartbeat messages when stuff is in-range 2015-02-23 13:03:56 -05:00
Nick Mathewson
f1fa85ea73 Fix running with the seccomp2 sandbox
We had a regression in 0.2.6.3-alpha when we stopped saying
IPPROTO_TCP to socket().  Fixes bug 14989, bugfix on 0.2.6.3-alpha.
2015-02-23 12:16:08 -05:00
cypherpunks
5246e8f992 Remove lingering mempool code 2015-02-23 11:19:31 -05:00
Nick Mathewson
8a9d86bf05 Merge remote-tracking branch 'public/bug11454_11457' 2015-02-20 01:08:12 -05:00
Nick Mathewson
03a4e97c76 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-02-20 01:05:21 -05:00
Nick Mathewson
1525eeeb49 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-02-20 01:04:49 -05:00
Nick Mathewson
76d8c23ab4 Try to fix authdir_newdesc events
We were sending values that were truncated by the length of the
annotations.
2015-02-19 11:35:27 -05:00
Nick Mathewson
b897e386da Merge branch 'bug12844_macros' 2015-02-19 09:41:36 -05:00
Nick Mathewson
557a0c83f3 Do not try to download an EI for which we don't have a matching SD.
This quiets some log messages for #13762, and adds a better INFO message
for the underlying confusion.
2015-02-19 09:40:36 -05:00
Nick Mathewson
86105a4009 Check ENABLE_TOR2WEB_MODE before any tor2webmode code 2015-02-19 09:09:25 -05:00
Roger Dingledine
64d5e0e417 stop warning each time we check minimum-dir-info
We already log whenever our state changes, e.g. whenever new directory
information arrives. This additional log_warn() will at best just add more
log messages, or worse, make the user wonder what she needs to fix.

(Changed after consultation with Yawning.)
2015-02-19 06:27:14 -05:00
Roger Dingledine
70f46f7ae6 don't update dir_info_status when we have minimum dir info
Nothing ever uses the string when we're in "have minimum dir info"
state. The flow of the function is "check for problems, if you see a
problem write an explanation to dir_info_status and set res to 0". If
you get to the end of the function without any problems, then res =
1 and we're all ready to start making circuits.

(Changed after consultation with Yawning.)
2015-02-19 06:15:25 -05:00
Roger Dingledine
0e4bdc4005 clean up comments and whitespace a bit 2015-02-18 19:27:02 -05:00
Nick Mathewson
b7b8b9ecf9 Downgrade new extrainfo_insert warnings on startup 2015-02-18 13:41:00 -05:00
Nick Mathewson
a767b66640 Merge branch 'bug13762_diagnostic_redux' 2015-02-18 13:29:12 -05:00
Nick Mathewson
d3f714deb8 Patch from cypherpunks to try to diagnose 8387. 2015-02-18 13:25:01 -05:00
Nick Mathewson
e65fe0a747 Improve log messages for diagnosing 13762 2015-02-18 13:05:15 -05:00
Yawning Angel
39a496eeb8 Actually free measured_guardfraction.
CID 1270894
2015-02-18 16:36:57 +00:00
Nick Mathewson
6378bcf4b9 Fix an implicit-narrowing warning 2015-02-18 09:34:15 -05:00
Nick Mathewson
9e6147a40c Merge remote-tracking branch 'yawning/bug14918' 2015-02-18 09:21:16 -05:00
Nick Mathewson
96211bcf71 Merge branch 'bug9321_rerebase'
Conflicts:
	src/or/dirvote.h
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-18 09:17:02 -05:00
George Kadianakis
5c34a53068 Don't exit if we can't find the GuardfractionFile when booting.
...just disable the feature in that case.
2015-02-18 09:09:34 -05:00
George Kadianakis
33053d50a0 Final guardfraction preparations for upstream merge.
- Write a changes file.
- Change some logs to lesser severities.
2015-02-18 09:09:34 -05:00
George Kadianakis
b941f109ac Calculate relay weighted bandwidth using guardfraction bandwidths.
Now use the guardfraction function to calculate individual relay
bandwidth weights.
2015-02-18 09:09:34 -05:00
George Kadianakis
f7a8b19184 Calculate total bandwidth weights using the guardfraction bandwidths.
Now use the function introduced in the previous commit, to calculate the
total bandwidth weights when making the consensus.
2015-02-18 09:09:33 -05:00
George Kadianakis
14a3c17ce6 Calculate the guardfraction bandwidth of a guard. 2015-02-18 09:09:33 -05:00
George Kadianakis
f4a63f8eab Parse GuardFraction info from consensuses and votes.
Also introduce the UseGuardFraction torrc option which decides whether
clients should use guardfraction information found in the consensus.
2015-02-18 09:09:33 -05:00
George Kadianakis
db805b9170 Write GuardFraction information to consensus.
If we've seen enough votes with guardfraction information, write down
the GuardFraction string in the consensus.
2015-02-18 09:09:33 -05:00
George Kadianakis
7ddfb6aa2f Write guardfraction information to votes.
If a dirauth has guardfraction information about a guard, write it down
when serializing the routerstatus.
2015-02-18 09:09:33 -05:00
George Kadianakis
5ee48d47a7 Parse Guardfraction file and apply results to routerstatuses.
Parse the file just before voting and apply its information to the
provided vote_routerstatus_t. This follows the same logic as when
dirauths parse bwauth files.
2015-02-18 09:09:32 -05:00
Yawning Angel
8571e86d27 Fix bootstrap directory information logging.
`dir_info_status` is used from main.c:directory_info_has_arrived() to
provide useful (INFO/NOTICE) level logging to users, and should always
be updated regardless of the rate limiting.
2015-02-18 13:58:13 +00:00
Yawning Angel
6fdb179d84 Fix compute_frac_paths_available, when ExitNodes is not set. 2015-02-18 12:51:07 +00:00
Yawning Angel
cbd26157c5 Remove tor_strclear(), and replace previous calls with memwipe(). 2015-02-17 18:53:33 +00:00
Nick Mathewson
d038430a14 Merge branch 'bug14918' 2015-02-17 12:49:29 -05:00
Nick Mathewson
9bf6da1861 Merge remote-tracking branch 'public/feature_13822' 2015-02-17 12:34:13 -05:00
Nick Mathewson
8eb3d81e6e Fix some issues with reporting exit-free networks
Fixes bug 14918.
2015-02-17 12:07:24 -05:00
George Kadianakis
6517219093 Control: command to lookup cached HS descriptor
This adds the key "hs/client/desc/id/<ADDR>" to the GETINFO command used to
lookup the given onion address in the client hs descriptor cache.

If found, prints it formatted as specified in section 1.3 of rend-spec.txt.

Fixes #14845

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-02-17 11:30:25 -05:00
Roger Dingledine
d6dbd55849 trivial whitespace fix 2015-02-17 06:01:33 -05:00
Nick Mathewson
0b3ae7d9e5 Maybe this will make coverity not care that this check is dead. CID 1268063 2015-02-16 15:44:18 -05:00
Nick Mathewson
2fe139473d No, coverity, this is not a memory leak. 1268065 2015-02-16 15:42:48 -05:00
Nick Mathewson
5d2a23397a Fix a few coverity "Use after NULL check" warnings
Also remove the unit test mocks that allowed get_options() to be
NULL; that's an invariant violation for get_options().
2015-02-16 15:40:15 -05:00
Sina Rabbani
8e61d38cf1 Faravahar's New IP Address as of 2/20/2015 2015-02-16 11:51:36 -05:00
Sebastian Hahn
0c11d8b2d2 Implement status/fresh-relay-descs command
The idea here is that a controller should be able to make Tor produce a
new relay descriptor on demand, without that descriptor actually being
uploaded to the dirauths (they would likely reject it anyway due to
freshness concerns).

Implements #14784.
2015-02-15 12:36:07 +01:00
Sebastian Hahn
8feaf3846d Refactor router_rebuild_descriptor
Allow building a router descriptor without storing it to global state.
This is in preparation of a patch to export the created descriptors via
the control port.
2015-02-15 12:33:20 +01:00
Sebastian Hahn
3bcdb26267 Call cpu_init if we change to being a relay
The issue is that we use the cpuworker system with relays only, so if we
start up as a client and transition to being a relay later, we'll be
sad.

This fixes bug 14901; not in any released version of Tor.
2015-02-15 11:49:19 +01:00
Nick Mathewson
b223b7c22d fix a compilation warning 2015-02-11 15:10:35 -05:00
Nick Mathewson
d7a1e83f50 Merge remote-tracking branch 'public/remove_freelist' 2015-02-11 15:09:01 -05:00
Nick Mathewson
caf28519d9 Merge branch 'bug12844'
Conflicts:
	src/or/circuituse.c
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-11 15:06:04 -05:00
Nick Mathewson
0899f51bc6 Additional paranoia: do not even build tor2web stuff if not using.
(That is, don't build it unless we're building for tor2web, or we
are building for tests.)
2015-02-11 14:54:16 -05:00
Nick Mathewson
6f331645c7 Remove mempools and buf freelists
They have been off-by-default since 0.2.5 and nobody has complained. :)

Also remove the buf_shrink() function, which hasn't done anything
since we first stopped using contiguous memory to store buffers.

Closes ticket 14848.
2015-02-11 09:03:50 -05:00
Nick Mathewson
0c81dfa848 Merge remote-tracking branch 'public/feature_13555' 2015-02-11 08:42:00 -05:00
Sebastian Hahn
9667b2b88a Add some comments to or_circuit_t.workqueue_entry
These were suggested by dgoulet, thanks!
2015-02-09 16:13:08 +01:00
Sebastian Hahn
7337510090 Avoid use-after-free of circ belonging to cancelled job
This fixes a bug where we decide to free the circuit because it isn't on
any workqueue anymore, and then the job finishes and the circuit gets
freed again.

Fixes bug #14815, not in any released version of Tor.
2015-02-09 16:12:47 +01:00
Roger Dingledine
56061976db Recover better when our clock jumps back many hours
like might happen for Tails or Whonix users who start with a very wrong
hardware clock, use Tor to discover a more accurate time, and then
fix their clock.

Resolves part of ticket 8766.

(There are still some timers in various places that aren't addressed yet.)
2015-02-09 01:05:31 -05:00
Roger Dingledine
1cb9064d7d shift all the static times into a struct
no actual behavior changes yet
2015-02-09 00:07:15 -05:00
Sebastian Hahn
37d16c3cc7 Reserve enough space for rend_service_port_config_t
In #14803, Damian noticed that his Tor sometimes segfaults. Roger noted
that his valgrind gave an invalid write of size one here. Whenever we
use FLEXIBLE_ARRAY_MEMBER, we have to make sure to actually malloc a
thing that's large enough.

Fixes bug #14803, not in any released version of Tor.
2015-02-09 04:48:16 +01:00
Nick Mathewson
8b82f6261e Search-and-replace to regain coding style in wake of 13822.
(all-caps should be reserved for global or module-global constants and
2015-02-07 08:33:36 -05:00
Nick Mathewson
4beb830953 Split ROUTER_REQUIRED_MIN_BANDWIDTH into RELAY_ and BRIDGE_ variants
Also raise those minima from 20 to 75 and 50 respectively.

Closes ticket 13822.
2015-02-07 08:33:23 -05:00
David Goulet
b101f4e98c Control: getinfo entry-guards report down-since
If the guard unreachable_since variable was set, the status "up" was
reported which is wrong. This adds the "down" status followed by the
unreachable_since time value.

Fixes #14184

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-02-06 16:06:20 -05:00
Nick Mathewson
e36faeec1d Merge remote-tracking branch 'sebastian/bug13993' 2015-02-06 15:42:53 -05:00
Sebastian Hahn
e0c3de40ad Fix check-spaces complaints 2015-02-06 21:36:40 +01:00
Sebastian Hahn
b3bc871214 Add unit test for #13290 2015-02-06 21:04:05 +01:00
Yawning Angel
16cf1679e7 Fix scheduler compilation on targets where char is unsigned.
Per discussion with nickm, the `dir` argument should be a int rather
than a signed char.

Fixes bug #14764.
2015-02-06 16:26:28 +00:00
Nick Mathewson
1799c2be09 Merge remote-tracking branch 'public/bug13796' 2015-02-05 22:53:15 -05:00
Nick Mathewson
2274221557 Fix a work-counting bug introduced by the workqueue merge
David Goulet finds that when he runs a busy relay for a while with the
latest version of the git code, the number of onionskins handled
slowly dwindles to zero, with total_pending_tasks wedged at its
maximum value.

I conjecture this is because the total_pending_tasks variable isn't
decremented when we successfully cancel a job.  Fixed that.

Fixes bug 14741; bugfix not on any released version of tor.
2015-02-05 12:17:08 -05:00
Nick Mathewson
daab405168 Bump the minimum relay version to 0.2.4.18-rc
Closes #13555
2015-02-04 13:27:56 -05:00
Nick Mathewson
a8835170d7 Use getsockname, not getsockopt, on TPROXY sockets 2015-02-04 10:09:54 -05:00
Nick Mathewson
5be48c5d4c Work around test_status.c weirdness
Ordinarily, get_options() can never return NULL, but with
test_status.c mocking, it can.  So test for that case.

The best fix here would be to pass the options value to a
bridge_server_mode() function.
2015-02-03 15:50:31 -05:00
Nick Mathewson
cdc49629c7 Merge branch 'bug6852'
Conflicts:
	src/or/status.c
2015-02-03 13:06:58 -05:00
Nick Mathewson
7f52dc4d03 Choose a more deliberate cutoff for clients in heartbeat 2015-02-03 13:02:22 -05:00
Nick Mathewson
d03e1da232 Merge remote-tracking branch 'public/bug9635_warnings_025'
Conflicts:
	src/test/test.c
2015-02-02 16:31:32 -05:00
Nick Mathewson
41ba4f5627 tweak based on comments from dgoulet 2015-02-02 14:42:33 -05:00
Nick Mathewson
03563f4723 Fix an unused-variable warning. 2015-02-02 13:35:44 -05:00
Nick Mathewson
79c7625e38 Merge branch 'feature13864_squashed' 2015-02-02 13:32:53 -05:00
rl1987
fe328d192e Allow reading torrc from stdin. 2015-02-02 13:31:56 -05:00
Nick Mathewson
f4b79bc420 Merge remote-tracking branch 'sysrqb/bug14216_bad_since' 2015-02-02 10:23:52 -05:00
Nick Mathewson
55639bc67f Merge remote-tracking branch 'dgoulet/bug14202_026_v1' 2015-02-02 10:16:48 -05:00
Matthew Finkel
4cb59ceb8e Only retry connecting to configured bridges
After connectivity problems, only try connecting to bridges which
are currently configured; don't mark bridges which we previously
used but are no longer configured.  Fixes 14216.  Reported by
and fix provided by arma.
2015-01-31 09:46:18 +00:00
Nick Mathewson
097286e476 Fix some unused-argument warnings 2015-01-30 14:47:56 -05:00
Nick Mathewson
bc9ade055e Fix an uninitialized-variable warning. 2015-01-30 14:46:18 -05:00
David Goulet
44e9dafb67 Fix: test -ENOENT after config_parse_unix_port()
Check for -ENOENT instead of ENOENT after the HS port is parsed.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-30 14:13:27 -05:00
Nick Mathewson
fac8d40886 Merge remote-tracking branch 'public/prop227_v2'
Conflicts:
	src/test/test_dir.c
2015-01-30 07:36:55 -05:00
Nick Mathewson
d1e52d9a2a Correctly handle OutboundBindAddress again.
ca5ba2956b broke this; bug not in any
released Tor.

Also fix a typo.

Fixes 14541 and 14527.  Reported by qbi.
2015-01-30 07:29:23 -05:00
Nick Mathewson
4c1a779539 Restrict unix: addresses to control and socks for now 2015-01-29 14:51:59 -05:00
Nick Mathewson
204374f7d9 Remove SocksSocket; it's now spelled differently thanks to 14451
Also, revise bug12585 changes file to mention new syntax
2015-01-29 14:46:20 -05:00
Nick Mathewson
b4a8fd8958 When there are no package lines, make consensus/packages say "".
Also, give a better error message when there is no consensus.
2015-01-29 14:14:59 -05:00
Nick Mathewson
bd630a899a Correctly reject packages lines with empty entries 2015-01-29 14:09:57 -05:00
Nick Mathewson
f935ee2dae Define 'digesttype' correctly 2015-01-29 14:04:21 -05:00
David Goulet
80bed1ac96 Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()
Fixes #14202

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-29 12:55:19 -05:00
David Goulet
ebc59092bc Make hidden service use the config unix prefix
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 18:01:53 -05:00
David Goulet
bf3fb55c47 Support unix: prefix in port configuration
It's now possible to use SocksPort or any other kind of port that can use a
Unix socket like so:

  SocksPort unix:/foo/bar/unix.sock

Fixes #14451

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 17:55:38 -05:00
Nick Mathewson
a3de2dfde6 Merge branch 'bug11485_026_v2_squashed' 2015-01-28 14:32:19 -05:00
David Goulet
fb523b543a fixup! Refactor the use of ifdef HAVE_SYS_UN_H
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 14:30:23 -05:00
Andrea Shepard
bce824a9ad Actually make connections to HSes on AF_UNIX sockets 2015-01-28 14:30:23 -05:00
Andrea Shepard
ca5ba2956b Support connection_exit_connect() to AF_UNIX sockets 2015-01-28 14:30:23 -05:00
Andrea Shepard
6564291601 Handle config options for AF_UNIX hidden services rendservice.c 2015-01-28 14:30:23 -05:00
Arthur Edelstein
cb714d896c Bug #8405: Report SOCKS username/password in CIRC status events
Introduces two new circuit status name-value parameters: SOCKS_USERNAME
and SOCKS_PASSWORD. Values are enclosing in quotes and unusual characters
are escaped.

Example:

    650 CIRC 5 EXTENDED [...] SOCKS_USERNAME="my_username" SOCKS_PASSWORD="my_password"
2015-01-28 12:02:15 -05:00
Nick Mathewson
32dad3b83b Add GETINFO consensus/{valid-{after,until},fresh-until} 2015-01-28 11:28:21 -05:00
Nick Mathewson
c240eea0df more typo fixes from mcs and gk 2015-01-28 11:25:37 -05:00
Nick Mathewson
20d0b1a04e Bump a client authorization message from debug to info.
A user wants this for 14015, and it seems fairly reasonable.
2015-01-28 09:42:28 -05:00
Nick Mathewson
9c4328c038 New GETINFO consensus/packages to expose package information from consensus 2015-01-27 16:40:32 -05:00
Nick Mathewson
1e61b45251 Fixes on prop227 comments, based on comments by mcs on #10395 2015-01-27 16:31:48 -05:00
David Goulet
91009dce97 Refactor rend_cache_lookup_entry() and how it's used
Here is why:

1) v0 descriptors are deprecated since 0.2.2.1 and not suppose to be alive
in the network anymore. This function should only serve v2 version for now
as the default.

2) It should return different error code depending on what's the actual
error is. Right now, there is no distinction between a cache entry not found
and an invalid query.

3) This function should NOT test if the intro points are usable or not. This
adds some load on a function that should be "O(1)" and do one job.
Furthermore, multiple callsites actually already test that doing twice the
job...

4) While adding control event, it would be useful to be able to lookup a
cache entry without having it checking the intro points. There are also
places in the code that do want to lookup the cache entry without doing
that.

Fixes #14391

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-27 12:04:40 -05:00
Andrea Shepard
03d6a31716 Groundwork for AF_UNIX hidden services in rendservice.c 2015-01-27 06:22:37 +00:00
Nick Mathewson
a598d0f575 Bail early in cpuworker_onion_handshake_replyfn if the circuit is marked 2015-01-26 10:19:07 -05:00
Nick Mathewson
034e2788f8 whitespace fixes 2015-01-23 11:18:28 -05:00
Nick Mathewson
6c443e987d Tweak the 9969 fix a little
If we have busy nodes and excluded nodes, then don't retry with the
excluded ones enabled.  Instead, wait for the busy ones to be nonbusy.
2015-01-23 09:37:08 -05:00
Nick Mathewson
5d4bb6f61f Merge remote-tracking branch 'public/ticket9969'
Conflicts:
	src/or/directory.c
	src/or/routerlist.c
	src/or/routerlist.h
	src/test/include.am
	src/test/test.c
2015-01-23 09:36:00 -05:00
Nick Mathewson
b677ccd3ab Merge remote-tracking branch 'public/ticket13762' 2015-01-23 08:55:31 -05:00
Nick Mathewson
23fc1691b6 Merge branch 'better_workqueue_v3_squashed' 2015-01-21 14:47:16 -05:00
David Goulet
84f5cb749d Fix: remove whitespace and update a comment in cpuworker.c
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-21 14:31:02 -05:00
Nick Mathewson
f0415c1600 Merge branch 'bug9819' 2015-01-21 13:00:26 -05:00
Nick Mathewson
523e920d53 fix a comment 2015-01-21 13:00:14 -05:00
Nick Mathewson
e7e33d4b04 Merge branch 'bug14084' 2015-01-20 14:07:37 -05:00
Nick Mathewson
9ddc1fb10c Merge remote-tracking branch 'dgoulet/bug14224_025_v1' 2015-01-20 14:02:07 -05:00
Nick Mathewson
da423532f7 Merge branch 'ticket14254_squashed' 2015-01-20 13:46:56 -05:00
Nick Mathewson
78c53eff85 Fix SocksSocket 0. That was easy! 2015-01-20 13:46:44 -05:00
Nick Mathewson
061682c829 Some days I just can't C. 2015-01-19 11:58:40 -05:00
Nick Mathewson
2e8b8c8698 Make check-spaces happier. 2015-01-19 11:56:03 -05:00
Nick Mathewson
a8dd930274 Replace a 4 with a 6; fix a bug that nobody noticed :/
Fixes 14280 bugfix on 1053af0b9c in 0.2.4.7-alpha.
2015-01-19 11:51:08 -05:00
Nick Mathewson
1053af0b9c Merge branch 'bug7555_v2_squashed'
Conflicts:
	src/or/connection_edge.c
2015-01-19 11:43:41 -05:00
Nick Mathewson
758d77130c Add a bunch of new comments to explain connection_ap_rewrite{,_and_attach}
Also, do a little light refactoring to move some variable declarations
around and make a few things const

Also fix an obnoxious bug on checking for the DONE stream end reason.
It's not a flag; it's a possible value or a variable that needs to be
masked.
2015-01-19 11:30:22 -05:00
David Goulet
b5525476f5 Fix: close intro circuit if no more intro points are usable
Once a NACK is received on the intro circuit, tor tries an other usable one
by extending the current circuit to it. If no more intro points are usable,
now close the circuit. Also, it's reason is changed before closing it so we
don't report again an intro point failure and trigger an extra HS fetch.

Fixes #14224

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-19 10:23:58 -05:00
David Goulet
b3c1152bae Fix: close intro circuit if no more intro points are usable
Once a NACK is received on the intro circuit, tor tries an other usable one
by extending the current circuit to it. If no more intro points are usable,
now close the circuit.

Fixes #14224

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-19 09:44:11 -05:00
Nick Mathewson
63765399eb Merge remote-tracking branch 'public/ticket13037'
Conflicts:
	src/or/config.c
2015-01-18 16:07:08 -05:00
Roger Dingledine
5aa55a1369 Remove the unused rend_cache_entry_t->received field.
(Patch from arma, commit message from nick.)

Closes #14222.
2015-01-18 15:53:06 -05:00
Nick Mathewson
fae72a8d0a Merge remote-tracking branch 'public/bug14219_025' 2015-01-18 15:41:13 -05:00
Roger Dingledine
9407040c59 Do not replace a HS descriptor with a different replica of itself
This fixes a bug where we'd fetch different replicas of the same
descriptor for a down hidden service over and over, until we got lucky
and fetched the same replica twice in a row.

Fixes bug 14219; bugfix on 0.2.0.10-alpha.

(Patch from Roger; commit message and changes file by Nick.)
2015-01-18 15:39:12 -05:00
Nick Mathewson
efdac2a68c Merge remote-tracking branch 'public/bug14261_025'
Conflicts:
	src/or/directory.c
2015-01-18 15:28:35 -05:00
Nick Mathewson
ceb6dee465 Increase limit for status vote download size by a factor of 5.
We've started to hit the limit here.  We introduced the limit in
0.1.2.5-alpha.  This fixes bug 14261, but we should have a smarter way
to not actually do the behavior this permits.  See #14267 for a ticket
about fixing that.
2015-01-18 15:25:29 -05:00
Nick Mathewson
54e4aaf52c Fix memory leak in connection_ap_handshake_rewrite_and_attach()
Spotted by asn.  #14259.  Bugfix on 368eb6a97 in 0.2.0.1-alpha.
2015-01-18 14:19:26 -05:00
Nick Mathewson
79e12da861 Merge remote-tracking branch 'public/bug12485' 2015-01-18 13:49:30 -05:00
Nick Mathewson
31838bd783 changes suggested by weasel 2015-01-16 11:46:20 -05:00
Nick Mathewson
485fdcf826 Unify parse_unix_socket_config and parse_port_config
This incidentally makes unix SocksSocket support all the same options
as SocksPort.

This patch breaks 'SocksSocket 0'; next will restore it.

Resolves 14254.
2015-01-16 11:35:48 -05:00
Nick Mathewson
bbad23bf37 No, client-side DNS cacheing should not be on by default. 2015-01-16 09:32:22 -05:00
Nick Mathewson
4b23b398a3 Merge branch 'bug8546_squashed'
Conflicts:
	src/or/connection.c
	src/or/or.h
	src/or/relay.c
2015-01-16 09:31:50 -05:00
Nick Mathewson
49bdfbabb4 Replace field-by-field copy with memcpy for entry_port_cfg 2015-01-16 09:23:03 -05:00
Nick Mathewson
13dac5e463 Move entry_port_cfg_t fields in entry_connection_t
Also rename some options for uniformity, and apply this script:

@@
entry_connection_t *conn;
@@
 conn->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:58 -05:00
Nick Mathewson
58d17add5e Combine entry_port_cfg_t fields in listener_connection_t
Also, revise the code using these options with this cocci script:

@@
listener_connection_t *conn;
@@
 conn->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:53 -05:00
Nick Mathewson
f444f2b1d3 Split client-specific and server-specific parts of port_cfg_t
Also, apply this cocci script to transform accesses. (Plus manual
migration for accesses inside smartlist_foreach loops.)

@@

port_cfg_t *cfgx;
@@
 cfgx->
+server_cfg.
\(
 no_advertise
\|
 no_listen
\|
 all_addrs
\|
 bind_ipv4_only
\|
 bind_ipv6_only
\)

@@

port_cfg_t *cfgx;
@@
 cfgx->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:49 -05:00
Nick Mathewson
3368b0c9f2 Add string for IP_NOW_REDUNDANT in circuit_end_reason_to_control_string
Closes 14207; bugfix on 0.2.6.2-alpha.
2015-01-15 11:53:20 -05:00
Nick Mathewson
a52e549124 Update workqueue implementation to use a single queue for the work
Previously I used one queue per worker; now I use one queue for
everyone.  The "broadcast" code is gone, replaced with an idempotent
'update' operation.
2015-01-15 11:05:22 -05:00
Roger Dingledine
660a35d97c fix typo 2015-01-15 11:03:13 -05:00
Andrea Shepard
f7bb60e202 Add comments in rendclient.c noting that certain functions involved in handling ended HS connection attempts must be idempotent 2015-01-15 15:19:31 +00:00
Nick Mathewson
3668a4126e Merge remote-tracking branch 'public/bug13397' 2015-01-14 14:15:29 -05:00
Nick Mathewson
1686f81ac2 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-14 13:30:10 -05:00
Nick Mathewson
fb5ebfb507 Avoid chan/circ linear lookups for requests
The solution I took is to not free a circuit with a pending
uncancellable work item, but rather to set its magic number to a
sentinel value.  When we get a work item, we check whether the circuit
has that magic sentinel, and if so, we free it rather than processing
the reply.
2015-01-14 11:31:12 -05:00
Nick Mathewson
6c9c54e7fa Remove if (1) indentation in cpuworker.c
To avoid having diffs turn out too big, I had replaced some unneeded
ifs and fors with if (1), so that the indentation would still work out
right.  Now I might as well clean those up.
2015-01-14 11:28:26 -05:00
Nick Mathewson
1e896214e7 Refactor cpuworker to use workqueue/threadpool code. 2015-01-14 11:23:34 -05:00
Nick Mathewson
518b0b3c5f Do not log a notice on every socks connection 2015-01-14 09:54:40 -05:00
George Kadianakis
220f419da1 New minimum uptime to become an HSDir is 96 hours. 2015-01-14 12:48:09 +00:00
Nick Mathewson
17c568b95c Fix new unused variable warning in connection_listener_new 2015-01-13 13:45:35 -05:00
Nick Mathewson
2b8cebaac0 whitespace fix 2015-01-13 13:11:39 -05:00
Nick Mathewson
d8b7dcca8d Merge remote-tracking branch 'andrea/ticket12585_v3' 2015-01-13 12:50:55 -05:00
Nick Mathewson
9d0fab9872 Allow MapAddress and Automap to work together
The trick here is to apply mapaddress first, and only then apply
automapping.  Otherwise, the automap checks don't get done.

Fix for bug 7555; bugfix on all versions of Tor supporting both
MapAddress and AutoMap.
2015-01-13 12:41:15 -05:00
Nick Mathewson
f2fb85f970 Remove needless strdup in addressmap_register_virtual_address()
Fixes bug 14195. Bugfix on 0.1.0.1-rc.
2015-01-13 12:24:42 -05:00
Nick Mathewson
05a80bb46c More unit tests for rewriting entry connection addresses 2015-01-13 11:08:33 -05:00
Nick Mathewson
2e1ed0815d Actually set *expires_out in addressmap_rewrite.
Fixes 14193; bugfix on 35d08e30d, which went into 0.2.3.17-beta.
2015-01-13 09:42:23 -05:00
Nick Mathewson
732c885b32 Fix a conversion warning on 32-bit clang 2015-01-12 22:33:10 -05:00
Nick Mathewson
bba995e666 Begin writing unit tests for rewrite code 2015-01-12 21:08:43 -05:00
Andrea Shepard
066acaf6b9 Explicitly chmod AF_UNIX sockets to 0600 when *GroupWritable isn't specified 2015-01-13 00:27:04 +00:00
Andrea Shepard
4316bb601a Remove no-longer-accurate comment from connection.c 2015-01-13 00:21:59 +00:00
Andrea Shepard
cb047f4078 Fix ipv4/ipv6 traffic bits on AF_UNIX socks listeners and remove hacky workarounds for brokenness 2015-01-13 00:18:17 +00:00
Andrea Shepard
f50068b17e Fix default list handling for parse_unix_socket_config(); avoid clearing whole pre-existing list 2015-01-12 22:12:18 +00:00
Nick Mathewson
2edfdc02a2 Merge remote-tracking branch 'teor/bug13111-empty-key-files-fn-empty' 2015-01-12 14:06:14 -05:00
Nick Mathewson
cacea9102a reindent cell_queues_check_size() 2015-01-12 13:59:50 -05:00
Nick Mathewson
c2e200cef8 Merge branch 'bug13806_squashed'
Conflicts:
	src/or/relay.c
2015-01-12 13:59:26 -05:00
Nick Mathewson
3033ba9f5e When OOM, free cached hidden service descriptors too. 2015-01-12 13:47:52 -05:00
Andrea Shepard
62f297fff0 Kill duplicated code in connection_listener_new() 2015-01-12 16:26:34 +00:00
Nick Mathewson
2d123efe7c Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-12 00:59:48 -05:00
Nick Mathewson
c9dd2d1a6a Merge remote-tracking branch 'public/bug14129_024' into maint-0.2.5 2015-01-12 00:59:29 -05:00
Nick Mathewson
e009c2da51 Fix unused-parameter warning in systemd_watchdog_callback 2015-01-11 11:19:51 -05:00
Tomasz Torcz
a8999acc3b fix and enable systemd watchdog
There were following problems:
  - configure.ac wrongly checked for defined HAVE_SYSTEMD; this
    wasn't working, so the watchdog code was not compiled in.
    Replace library search with explicit version check
  - sd_notify() watchdog call was unsetting NOTIFY_SOCKET from env;
    this means only first "watchdog ping" was delivered, each
    subsequent one did not have socket to be sent to and systemd
    was killing service
  - after those fixes, enable Watchdog in systemd unit with one
    minute intervals
2015-01-11 11:14:32 -05:00
Tomasz Torcz
2aa2d0a1c5 send more details about daemon status to supervisor
If running under systemd, send back information when reloading
configuration and gracefully shutting down.  This gives administator
more information about current Tor daemon state.
2015-01-11 11:14:14 -05:00
Tomasz Torcz
b17918726d send PID of the main daemon to supervisor
If running under systemd, notify the supervisor about current PID
of Tor daemon.  This makes systemd unit simpler and more robust:
it will do the right thing regardless of RunAsDaemon settings.
2015-01-11 11:14:08 -05:00
Nick Mathewson
180ecd6a2b Merge remote-tracking branch 'teor/nickm-bug13401' 2015-01-11 11:10:23 -05:00
Nick Mathewson
7b51667d63 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-11 11:05:31 -05:00
teor
b08cfc65a7 Don't crash on torrc Vi[rtualAddrNetworkIPv[4|6]] with no option value
Check for a missing option value in parse_virtual_addr_network
before asserting on the NULL in tor_addr_parse_mask_ports.
This avoids crashing on torrc lines like Vi[rtualAddrNetworkIPv[4|6]]
when no value follows the option.

Bugfix on 0.2.3 (de4cc126cb on 24 November 2012), fixes #14142.
2015-01-11 11:05:00 -05:00
Nick Mathewson
715fdfcb7b document rewrite_result_t and export for testing 2015-01-10 20:16:00 -05:00
Nick Mathewson
cd6a57e3d5 Move stream-closing out of rewrite code 2015-01-10 20:16:00 -05:00
Nick Mathewson
fc2831558c Split the rewrite part of rewrite-and-attach
I'd also like to split out the part that sends early socks responses.
2015-01-10 20:16:00 -05:00
Nick Mathewson
ddfdeb5659 More documentation for proposal 227 work 2015-01-10 15:44:32 -05:00
Nick Mathewson
c83d838146 Implement proposal 227-vote-on-package-fingerprints.txt
This implementation includes tests and a little documentation.
2015-01-10 15:09:07 -05:00
teor
ac2f90ed00 Speed up hidden service bootstrap by reducing the initial post delay
Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds,
but keep the default at 30 seconds.

Reduces the hidden service bootstrap to 25 seconds from around 45 seconds.
Change the default src/test/test-network.sh delay to 25 seconds.

Closes ticket 13401.
2015-01-10 22:34:29 +11:00
teor
f9d57473e1 Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard
TestingDirAuthVoteHSDir ensures that authorities vote the HSDir flag
for the listed relays regardless of uptime or ORPort connectivity.
Respects the value of VoteOnHidServDirectoriesV2.

Partial fix for bug 14067.
2015-01-10 22:34:28 +11:00
Nick Mathewson
e136606fe8 Smaller RendPostPeriod on test networks
This patch makes the minimum 5 seconds, and the default 2 minutes.

Closes 13401.
2015-01-10 22:34:28 +11:00
teor
f8ffb57bc4 Merge branch 'master' of https://git.torproject.org/tor into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/connection_edge.c
Merged in favour of origin.
2015-01-10 17:20:06 +11:00
teor
c200ab46b8 Merge branch 'bug14001-clang-warning' into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/router.c
Choose newer comment.
Merge changes to comment and function invocation.
2015-01-10 16:34:10 +11:00
Andrea Shepard
0729b2be53 Add support for a default list of paths and passing '0' to disable it to parse_unix_socket_config() 2015-01-09 20:49:54 +00:00
Nick Mathewson
69df16e376 Rewrite the logic for deciding when to drop old/superseded certificates
Fixes bug 11454, where we would keep around a superseded descriptor
if the descriptor replacing it wasn't at least a week later.  Bugfix
on 0.2.1.8-alpha.

Fixes bug 11457, where a certificate with a publication time in the
future could make us discard existing (and subsequent!) certificates
with correct publication times.  Bugfix on 0.2.0.3-alpha.
2015-01-09 10:28:59 -05:00
Nick Mathewson
33df3e37ff Allow two ISO times to appear in EntryGuardDownSince.
When I made time parsing more strict, I broke the
EntryGuardDownSince line, which relied on two concatenated ISO times
being parsed as a single time.

Fixes bug 14136. Bugfix on 7984fc1531. Bug not in any released
version of Tor.
2015-01-09 08:50:56 -05:00
Nick Mathewson
905287415b Avoid attempts to double-remove edge connections from the DNS resolver.
Also, avoid crashing when we attempt to double-remove an edge
connection from the DNS resolver: just log a bug warning instead.

Fixes bug 14129.  Bugfix on 0d20fee2fb, which was in 0.0.7rc1.

jowr found the bug.  cypherpunks wrote the fix.  I added the log
message and removed the assert.
2015-01-08 11:00:21 -05:00
Nick Mathewson
6f171003ce fix new mingw64 compilation warnings 2015-01-08 10:44:30 -05:00
Nick Mathewson
71f409606a Unconfuse coverity when it sees the systemd headers 2015-01-07 21:09:41 -05:00
Andrea Shepard
a3bcde3638 Downgrade open/close log message for SocksSocket 2015-01-07 22:57:51 +00:00
Andrea Shepard
2ca1c386b0 Bring sanity to connection_listener_new() 2015-01-07 22:51:24 +00:00
Andrea Shepard
48633c0766 Rename is_tcp in connection_listener_new(), since AF_UNIX means SOCK_STREAM no longer implies TCP 2015-01-07 19:45:59 +00:00
Andrea Shepard
c6451e4c9f Refactor check_location_for_unix_socket()/check_location_for_socks_unix_socket() to eliminate duplicated code 2015-01-07 19:17:04 +00:00
Nick Mathewson
f8baa40c01 GETINFO bw-event-cache to get information on recent BW events
Closes 14128; useful to regain functionality lost because of 13988.
2015-01-07 13:19:43 -05:00
Nick Mathewson
90db39448d Downgrade warnings about extrainfo incompatibility when reading cache
Fixes  13762.
2015-01-07 13:11:06 -05:00
Jacob Appelbaum
8d59ddf3cb Commit second draft of Jake's SOCKS5-over-AF_UNIX patch. See ticket #12585.
Signed-off-by: Andrea Shepard <andrea@torproject.org>
2015-01-07 17:42:57 +00:00
Nick Mathewson
1abd526c75 Merge remote-tracking branch 'public/bug12985_025' 2015-01-07 11:55:50 -05:00
Nick Mathewson
7dd852835c Merge remote-tracking branch 'public/bug13988_025' 2015-01-07 11:45:24 -05:00
Nick Mathewson
fb68f50761 Lower the delay before saving guard status to disk
"Maybe this time should be reduced, since we are considering
guard-related changes as quite important? It would be a pity to
settle on a guard node, then close the Tor client fast and lose that
information."

Closes 12485.
2015-01-07 10:39:44 -05:00
Nick Mathewson
da26bb646e Turn entry_guards_changed constants into symbolic constants 2015-01-07 10:37:33 -05:00
Nick Mathewson
b56c7614b6 When closing circs build through a new guard, only close local ones
If we decide not to use a new guard because we want to retry older
guards, only close the locally-originating circuits passing through
that guard. Previously we would close all the circuits.

Fixes bug 9819; bugfix on 0.2.1.1-alpha. Reported by "skruffy".
2015-01-07 10:27:22 -05:00
Nick Mathewson
79aaad952f appease "make check-spaces" 2015-01-07 10:09:09 -05:00
Nick Mathewson
cb54cd6745 Merge branch 'bug9286_v3_squashed' 2015-01-07 10:06:50 -05:00
Nick Mathewson
7984fc1531 Stop accepting milliseconds in various directory contexts
Have clients and authorities both have new behavior, since the
fix for bug 11243 has gone in.  But make clients still accept
accept old bogus HSDir descriptors, to avoid fingerprinting trickery.

Fixes bug 9286.
2015-01-07 10:05:55 -05:00
Nick Mathewson
49dca8b1be Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-07 07:50:14 -05:00
Sebastian Hahn
2b9d48791d Enlarge the buffer for a line in a bw file 2015-01-07 12:44:16 +01:00
Nick Mathewson
7c5a45575f Spelling -- readyness->readiness. 2015-01-06 17:10:27 -05:00
Nick Mathewson
6bb31cba12 New option "--disable-system-torrc" to not read torrc from etc
Implements 13037.
2015-01-06 17:07:40 -05:00
Nick Mathewson
14dedff0ab Drop assumption that get_torrc_fname() can't return NULL. 2015-01-06 17:06:55 -05:00
Nick Mathewson
9396005428 Remove a check for an ancient bad dirserver fingerprint 2015-01-06 16:28:11 -05:00
Nick Mathewson
ae9efa863e Merge remote-tracking branch 'public/bug13661_025' 2015-01-06 15:16:28 -05:00
Nick Mathewson
90b9e23bec Merge branch 'exitnode_10067_squashed'
Conflicts:
	src/or/or.h
2015-01-06 15:15:18 -05:00
Nick Mathewson
35efce1f3f Add an ExitRelay option to override ExitPolicy
If we're not a relay, we ignore it.

If it's set to 1, we obey ExitPolicy.

If it's set to 0, we force ExitPolicy to 'reject *:*'

And if it's set to auto, then we warn the user if they're running an
exit, and tell them how they can stop running an exit if they didn't
mean to do that.

Fixes ticket 10067
2015-01-06 14:31:20 -05:00
Nick Mathewson
3401c34151 Merge remote-tracking branch 'public/bug14116_025' 2015-01-06 14:28:02 -05:00
Nick Mathewson
a034863b45 Merge remote-tracking branch 'public/bug12509_025' 2015-01-06 14:15:08 -05:00
Nick Mathewson
cf2ac8e255 Merge remote-tracking branch 'public/feature11791' 2015-01-06 13:52:54 -05:00
Nick Mathewson
082bfd3b55 Merge remote-tracking branch 'tvdw/from-the-archive' 2015-01-06 13:44:13 -05:00
Tom van der Woerdt
5d322e6ef6 Whitespace fix 2015-01-06 19:41:29 +01:00
Tom van der Woerdt
4385211caf Minor IPv6-related memory leak fixes 2015-01-06 19:40:23 +01:00
Tom van der Woerdt
f5f80790d2 Minor documentation fixes 2015-01-06 19:39:52 +01:00
Nick Mathewson
d74f0cff92 make "make test-stem" run stem tests on tor
Closes ticket 14107.
2015-01-06 09:03:44 -05:00
Nick Mathewson
6d6643298d Don't crash on malformed EXTENDCIRCUIT.
Fixes 14116; bugfix on ac68704f in 0.2.2.9-alpha.
2015-01-06 08:49:57 -05:00
Nick Mathewson
276700131a Tolerate starting up with missing hidden service directory
Fixes bug 14106; bugfix on 0.2.6.2-alpha

Found by stem tests.
2015-01-05 11:39:38 -05:00
Nick Mathewson
b06b783fa0 Tolerate relative paths for torrc files with RunAsDaemon
We had a check to block these, but the patch we merged as a1c1fc72
broke this check by making them absolute on demand every time we
opened them.  That's not so great though. Instead, we should make them
absolute on startup, and not let them change after that.

Fixes bug 13397; bugfix on 0.2.3.11-alpha.
2015-01-04 19:34:38 -05:00
Nick Mathewson
8ef6cdc39f Prevent changes to other options from removing . from AutomapHostsSuffixes
This happened because we changed AutomapHostsSuffixes to replace "."
with "", since a suffix of "" means "match everything."  But our
option handling code for CSV options likes to remove empty entries
when it re-parses stuff.

Instead, let "." remain ".", and treat it specially when we're
checking for a match.

Fixes bug 12509; bugfix on 0.2.0.1-alpha.
2015-01-04 17:28:54 -05:00
Nick Mathewson
74cd57517c New option "HiddenServiceAllowUnknownPorts"
This allows hidden services to disable the anti-scanning feature
introduced in 0.2.6.2-alpha. With this option not set, a connection
to an unlisted port closes the circuit.  With this option set, only
a RELAY_DONE cell is sent.

Closes ticket #14084.
2015-01-03 12:34:52 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
Nick Mathewson
ac632a784c Coalesce v0 and v1 fields of rend_intro_cell_t
This saves a tiny bit of code, and makes a longstanding coverity
false positive go away.
2014-12-30 12:07:39 -05:00
Nick Mathewson
f2e4423bd2 Merge remote-tracking branch 'yawning/bug13315_fixup' 2014-12-30 11:46:56 -05:00
Yawning Angel
d87d4183ee Allow IPv4 and IPv6 addresses in SOCKS5 FQDN requests.
Supposedly there are a decent number of applications that "support"
IPv6 and SOCKS5 using the FQDN address type.  While said applications
should be using the IPv6 address type, allow the connection if
SafeSocks is not set.

Bug not in any released version.
2014-12-30 16:36:16 +00:00
Nick Mathewson
9765ae4447 Missing semicolon; my bad 2014-12-30 10:00:11 -05:00
Nick Mathewson
5b770ac7b7 Merge branch 'no-exit-bootstrap-squashed' 2014-12-30 09:06:47 -05:00
teor
2b8e1f9133 Fix Reachability self-tests in test networks
Stop assuming that private addresses are local when checking
reachability in a TestingTorNetwork. Instead, when testing, assume
all OR connections are remote. (This is necessary due to many test
scenarios running all nodes on localhost.)

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13924.
2014-12-30 09:06:00 -05:00
teor
c3a4201faa Add "internal" to some bootstrap statuses when no exits are available.
If the consensus does not contain Exits, Tor will only build internal
circuits. In this case, relevant statuses will contain the word "internal"
as indicated in the Tor control-spec.txt. When bootstrap completes,
Tor will be ready to handle an application requesting an internal
circuit to hidden services at ".onion" addresses.

If a future consensus contains Exits, exit circuits may become available.

Tor already notifies the user at "notice" level if they have no exits in
the consensus, and can therefor only build internal paths.

Consequential change from #13718.
2014-12-30 09:06:00 -05:00
teor
cb94f7534d Avoid building exit circuits from a consensus with no exits
Tor can now build circuits from a consensus with no exits.
But if it tries to build exit circuits, they fail and flood the logs.

The circuit types in the Exit Circuits list below will only be
built if the current consensus has exits. If it doesn't,
only the Internal Circuits will be built. (This can change
with each new consensus.)
Fixes bug #13814, causes fewer path failures due to #13817.

Exit Circuits:
    Predicted Exit Circuits
    User Traffic Circuits
    Most AP Streams
    Circuits Marked Exit
    Build Timeout Circuits (with exits)

Internal Circuits:
    Hidden Service Server Circuits
    Hidden Service Client Circuits
    Hidden Service AP Streams
    Hidden Service Intro Point Streams
    Circuits Marked Internal
    Build Timeout Circuits (with no exits)
    Other Circuits?
2014-12-30 09:06:00 -05:00
teor
55ad54e014 Allow tor to build circuits using a consensus with no exits
If the consensus has no exits (typical of a bootstrapping
test network), allow tor to build circuits once enough
descriptors have been downloaded.

When there are no exits, we always have "enough"
exit descriptors. (We treat the proportion of available
exit descriptors as 100%.)

This assists in bootstrapping a testing Tor network.

Fixes bug 13718.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
(But still useful for speeding up a bootstrap.)
2014-12-30 09:06:00 -05:00
teor
9b2d106e49 Check if there are exits in the consensus
Add router_have_consensus_path() which reports whether
the consensus has exit paths, internal paths, or whether it
just doesn't know.

Used by #13718 and #13814.
2014-12-30 09:06:00 -05:00
teor
d812baf54c Refactor count_usable_descriptors to use named enums for exit_only
count_usable_descriptors now uses named exit_only values:
  USABLE_DESCRIPTOR_ALL
  USABLE_DESCRIPTOR_EXIT_ONLY

Add debug logging code for descriptor counts.

This (hopefully) resolves nickm's request in bug 13718 to improve
argument readability in nodelist.c.
2014-12-30 09:06:00 -05:00
teor
22a1e9cac1 Avoid excluding guards from path building in minimal test networks
choose_good_entry_server() now excludes current entry
guards and their families, unless we're in a test network,
and excluding guards would exclude all nodes.

This typically occurs in incredibly small tor networks,
and those using TestingAuthVoteGuard *

This is an incomplete fix, but is no worse than the previous
behaviour, and only applies to minimal, testing tor networks
(so it's no less secure).

Discovered as part of #13718.
2014-12-30 09:06:00 -05:00
Nick Mathewson
e936b9b47d Merge remote-tracking branch 'dgoulet/bug13667_025_v4' 2014-12-30 08:34:48 -05:00
David Goulet
88901c3967 Fix: mitigate as much as we can HS port scanning
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.

This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.

Fixes #13667.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-29 16:29:09 -05:00
Nick Mathewson
e85f0c650c Merge branch 'resolvemyaddr_squashed' 2014-12-29 10:00:34 -05:00
rl1987
28217b969e Adding comprehensive test cases for resolve_my_address.
Also, improve comments on resolve_my_address to explain what it
actually does.
2014-12-29 09:59:47 -05:00
Nick Mathewson
38af3b983f Improve a notice message in dirvote.c. (Roger asked for this.) 2014-12-26 19:14:56 -05:00
teor
2d199bdffe Fix grammar in comment on running_long_enough_to_decide_unreachable 2014-12-26 00:54:10 +11:00
teor
5710b83d5d Fix a function name in a comment in config.c 2014-12-26 00:54:09 +11:00
teor
0275b68764 Fix log messages in channeltls.c
Add hop number in debug "Contemplating intermediate hop..."
Fix capitalisation on warn "Failed to choose an exit server"
2014-12-26 00:53:58 +11:00
Nick Mathewson
f9ba0b76cd Merge remote-tracking branch 'teor/bug13718-consensus-interval' 2014-12-23 14:25:37 -05:00
teor
8a8797f1e4 Fix If-Modified-Since in rapidly updating Tor networks
When V3AuthVotingInterval is low, decrease the delay on the
If-Modified-Since header passed to directory servers.
This allows us to obtain consensuses promptly when the consensus
interval is very short.

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13963.
2014-12-24 06:13:32 +11:00
teor
1ee41b3eef Allow consensus interval of 10 seconds when testing
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)

Fix code that assumes larger interval values.

This assists in quickly bootstrapping a testing
Tor network.

Fixes bugs 13718 & 13823.
2014-12-24 06:13:32 +11:00
teor
083c58f126 Fix TestingMinExitFlagThreshold 0
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.

This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
2014-12-24 06:13:32 +11:00
Nick Mathewson
d7776315df Merge remote-tracking branch 'public/bug13811_025' 2014-12-23 13:02:37 -05:00
Francisco Blas Izquierdo Riera (klondike)
c83f180116 Fix Matthews code to actually use tmp
Matthew's autoaddr code returned an undecorated address when trying to check
that the code didn't insert an undecorated one into the map.

This patch fixes this by actually storing the undecorated address in tmp
instead of buf as it was originally intended.

This patch is released under the same license as the original file as
long as the author iscredited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 12:55:48 -05:00
Nick Mathewson
6285d9bdcf Fix compilation on platforms without IP6T_SO_ORIGINAL_DST 2014-12-23 11:36:27 -05:00
Nick Mathewson
2f46e5e755 Adjust systemd watchdog support
Document why we divide it by two.

Check for > 0 instead of nonzero for success, since that's what the
manpage says.

Allow watchdog timers greater than 1 second.
2014-12-23 11:27:18 -05:00
Michael Scherer
29ac883606 Add support for systemd watchdog protocol
It work by notifying systemd on a regular basis. If
there is no notification, the daemon is restarted.
This requires a version newer than the 209 version
of systemd, as it is not supported before.
2014-12-23 11:22:42 -05:00
Michael Scherer
aabaed6f49 add support for systemd notification protocol
This permit for now to signal readiness in a cleaner way
to systemd.
2014-12-23 11:06:01 -05:00
Nick Mathewson
d151a069e9 tweak whitespace; log bad socket family if bug occurs 2014-12-23 10:53:40 -05:00
Francisco Blas Izquierdo Riera (klondike)
39e71d8fa5 Use the appropriate call to getsockopt for IPv6 sockets
The original call to getsockopt to know the original address on transparently
proxyed sockets using REDIRECT in iptables failed with IPv6 addresses because
it assumed all sockets used IPv4.

This patch fixes this by using the appropriate options and adding the headers
containing the needed definitions for these.

This patch is released under the same license as the original file as
long as the author iscredited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 10:51:33 -05:00
Nick Mathewson
03d2df62f6 Fix a bunch of memory leaks in the unit tests. Found with valgrind 2014-12-22 12:27:26 -05:00
Nick Mathewson
6830667d58 Increase bandwidth usage report interval to 4 hours. 2014-12-22 12:24:13 -05:00
Nick Mathewson
b94cb401d2 Coverity complained that we were not checking this return value 2014-12-22 11:13:11 -05:00
Nick Mathewson
1c05dfd0b6 Merge branch 'ticket7356_squashed' 2014-12-21 14:48:53 -05:00
rl1987
af1469b9a3 Fixing mistake in comment. 2014-12-21 14:48:39 -05:00
rl1987
f6cc4d35b0 Using channel state lookup macros in connection_or.c. 2014-12-21 14:48:39 -05:00
rl1987
fc7d5e598b Using CHANNEL_FINISHED macro in connection.c 2014-12-21 14:48:38 -05:00
rl1987
551221bad6 Using channel state lookup macros in circuitlist.c. 2014-12-21 14:48:38 -05:00
rl1987
7473160765 Using CHANNEL_IS_OPEN macro in circuitbuild.c 2014-12-21 14:48:38 -05:00
rl1987
5a7dd44d6e Using channel state lookup macros in circuitbias.c. 2014-12-21 14:48:38 -05:00
rl1987
668edc5132 Using channel state lookup macros in channeltls.c 2014-12-21 14:48:38 -05:00
rl1987
032d44226e Use channel state lookup macros in channel.c 2014-12-21 14:48:38 -05:00
rl1987
b884ae6d98 Using macros and inline function for quick lookup of channel state. 2014-12-21 14:48:38 -05:00
Nick Mathewson
647a90b9b3 Merge remote-tracking branch 'teor/bug14002-osx-transproxy-ipfw-pf' 2014-12-21 13:37:40 -05:00
teor
6fad395300 Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

Fixes bug 14001.
2014-12-21 13:35:03 -05:00
teor
d93516c445 Fix transparent proxy checks to allow OS X to use ipfw or pf
OS X uses ipfw (FreeBSD) or pf (OpenBSD). Update the transparent
proxy option checks to allow for both ipfw and pf on OS X.

Fixes bug 14002.
2014-12-20 22:28:58 +11:00
teor
6a9cae2e1d Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

A comment about an IPv6 address string incorrectly refers
to an IPv4 address format.

A log buffer is sized 10024 rather than 10240.

Fixes bug 14001.
2014-12-20 22:20:54 +11:00
Nick Mathewson
64787e99fa Merge branch 'asn-karsten-task-13192-5-squashed' 2014-12-19 10:35:47 -05:00
George Kadianakis
14e83e626b Add two hidden-service related statistics.
The two statistics are:
 1. number of RELAY cells observed on successfully established
    rendezvous circuits; and
 2. number of .onion addresses observed as hidden-service
    directory.

Both statistics are accumulated over 24 hours, obfuscated by rounding
up to the next multiple of a given number and adding random noise,
and written to local file stats/hidserv-stats.

Notably, no statistics will be gathered on clients or services, but
only on relays.
2014-12-19 10:35:25 -05:00
Nick Mathewson
eee248bc59 Merge remote-tracking branch 'dgoulet/bug13936_025_v2' 2014-12-19 09:38:46 -05:00
David Goulet
3d83907ab1 Fix: call circuit_has_opened() for rendezvous circuit
In circuit_get_open_circ_or_launch(), for a rendezvous circuit,
rend_client_rendcirc_has_opened() but circuit_has_opened() is preferred here
since it will call the right function for a specific circuit purpose.

Furthermore, a controller event is triggered where the former did not.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-17 16:06:53 -05:00
Nick Mathewson
f7e8bc2b4b fix a long line 2014-12-12 08:54:07 -05:00
Nick Mathewson
915c9a517e Merge remote-tracking branch 'meejah/ticket-13941-b' 2014-12-12 08:53:14 -05:00
Nick Mathewson
7c5d888977 Tweak 13942 fix 2014-12-12 08:49:52 -05:00
meejah
85bfad1875 Pre-check hidden-service-dir permissions/ownership
See ticket #13942 where Tor dies if you feed it a hidden service
directory with the wrong owner via SETCONF.
2014-12-11 18:46:56 -07:00
meejah
76753efd7b Fix 13941: make calling log_new_relay_greeting() optional.
Specifically, only if we're creating secret_id_key do we log the
greeting (and then only if the key is actually created).
2014-12-11 18:43:51 -07:00
Roger Dingledine
b73a7600af when somebody uploads too much, say who tried it 2014-12-10 01:10:44 -05:00
rl1987
9c239eccc9 Use END_CIRC_REASON_TORPROTOCOL instead of magic number. 2014-12-07 15:47:09 +02:00
Nick Mathewson
430f5852ac Fix a signed/unsigned comparison warning in scheduler_run 2014-11-28 09:18:17 -05:00
Nick Mathewson
0bfadbf4b9 Fix a memory leak in rend_services_introduce
This is CID 1256187 ; bug not in any released tor.
2014-11-27 23:24:03 -05:00
Nick Mathewson
e2641484a7 One more, appease "make check-spaces" 2014-11-27 22:57:04 -05:00
Nick Mathewson
b1e1b439b8 Fix some issues with the scheduler configuration options
1) Set them to the values that (according to Rob) avoided performance
   regressions.  This means that the scheduler won't get much exercise
   until we implement KIST or something like it.

2) Rename the options to end with a __, since I think they might be
   going away, and nobody should mess with them.

3) Use the correct types for the option variables. MEMUNIT needs to be a
   uint64_t; UINT needs to be (I know, I know!) an int.

4) Validate the values in options_validate(); do the switch in
   options_act(). This way, setting the option to an invalid value on
   a running Tor will get backed out.
2014-11-27 22:51:13 -05:00
Nick Mathewson
0e0dc7d787 Fix a 64-bit clang warning 2014-11-27 22:42:03 -05:00
Nick Mathewson
a28df3fb67 Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'
Conflicts:
	src/or/or.h
	src/test/Makefile.nmake
2014-11-27 22:39:46 -05:00
Nick Mathewson
3d2366c676 Merge remote-tracking branch 'public/bug13126'
Conflicts:
	src/or/or.h
2014-11-26 09:03:30 -05:00
Nick Mathewson
3a91a08e21 Merge branch 'feature9503_squashed' 2014-11-25 12:49:09 -05:00
rl1987
bf67a60b86 Sending response to SIGNAL HEARTBEAT controller command. 2014-11-25 12:48:41 -05:00
rl1987
8c135062e5 Adding 'SIGNAL HEARTBEAT' message that causes unscheduled heartbeat. 2014-11-25 12:48:41 -05:00
Nick Mathewson
6218f48950 Use consistent formatting for list of directory authorities
Based on a patch from grpamp on tor-dev.
2014-11-24 01:34:17 -05:00
Nick Mathewson
336c856e52 Make can_complete_circuits a static variable. 2014-11-20 12:03:46 -05:00
Nick Mathewson
f15cd22bb7 Don't build introduction circuits until we know we can build circuits
Patch from akwizgran.  Ticket 13447.
2014-11-20 11:51:36 -05:00
Nick Mathewson
126f220071 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-19 17:27:37 -05:00
Nick Mathewson
0872d8e3cf Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-11-19 17:26:42 -05:00
Micah Anderson
dca902ceba
Update longclaw dirauth IP to be a more stable location 2014-11-19 17:22:25 -05:00
Nick Mathewson
b3bd7a736c Remove Support022HiddenServices
This has been already disabled in the directory consensus for a while;
it didn't seem to break anything.

Finally closes #7803.
2014-11-17 11:52:10 -05:00
Nick Mathewson
734ba5cb0a Use smaller zlib objects when under memory pressure
We add a compression level argument to tor_zlib_new, and use it to
determine how much memory to allocate for the zlib object.  We use the
existing level by default, but shift to smaller levels for small
requests when we have been over 3/4 of our memory usage in the past
half-hour.

Closes ticket 11791.
2014-11-17 11:43:50 -05:00
rl1987
620e251dcc Rewriting comment for control_event_hs_descriptor_failed(). 2014-11-16 16:06:00 +02:00
rl1987
0db96d023b Adding REASON field to HS_DESC FAILED controller event. 2014-11-16 15:51:23 +02:00
Nick Mathewson
5c813f6ca1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-12 15:32:15 -05:00
Nick Mathewson
6c146f9c83 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-11-12 15:30:11 -05:00
Micah Anderson
b6e7b8c88c Remove turtles as a directory authority (#13296) 2014-11-12 15:25:52 -05:00
Micah Anderson
ad448c6405 Add longclaw as a directory authority (#13296) 2014-11-12 15:25:52 -05:00
Nick Mathewson
a3dafd3f58 Replace operators used as macro arguments with OP_XX macros
Part of fix for 13172
2014-11-12 13:28:07 -05:00
Nick Mathewson
d85270e13c Reenhappy make check-spaces 2014-11-12 13:15:10 -05:00
Nick Mathewson
81433e7432 Merge remote-tracking branch 'rl1987/bug13644' 2014-11-12 13:12:14 -05:00
Nick Mathewson
99e2a325f6 Merge remote-tracking branch 'rl1987/bug9812' 2014-11-12 10:27:12 -05:00
Nick Mathewson
a87c697fb1 Merge remote-tracking branch 'public/bug13698_024_v1' 2014-11-12 10:23:55 -05:00
rl1987
a6520ed537 Renaming ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN. 2014-11-11 20:56:40 +02:00
rl1987
f9d73eea9c Comment possible values of was_router_added_t. 2014-11-11 20:37:39 +02:00
David Goulet
34eb007d22 Fix: don't report timeout when closing parallel intro points
When closing parallel introduction points, the given reason (timeout)
was actually changed to "no reason" thus when the circuit purpose was
CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT, we were reporting an introduction
point failure and flagging it "unreachable". After three times, that
intro point gets removed from the rend cache object.

In the case of CIRCUIT_PURPOSE_C_INTRODUCING, the intro point was
flagged has "timed out" and thus not used until the connection to the HS
is closed where that flag gets reset.

This commit adds an internal circuit reason called
END_CIRC_REASON_IP_NOW_REDUNDANT which tells the closing circuit
mechanism to not report any intro point failure.

This has been observed while opening hundreds of connections to an HS on
different circuit for each connection. This fix makes this use case to
work like a charm.

Fixes #13698.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-11-10 15:02:54 -05:00
rl1987
7025f2dc59 Print a warning when extra info document is found incompatible with router descriptor. 2014-11-09 17:41:18 +02:00
teor
fd7e9e9030 Stop failing when key files are zero-length
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
2014-11-08 20:31:20 +11:00
David Goulet
151f5f90b8 Wrong format in log statement
Fixes bug 13701.
2014-11-07 11:44:41 -05:00
Nick Mathewson
4df419a4b1 Merge remote-tracking branch 'meejah/ticket-11291-extra-utests'
Conflicts:
	src/or/config.c
2014-11-05 14:11:47 -05:00
Nick Mathewson
fc62721b06 Fix version number parsing to allow 2- and 3-part versions.
Fixes bug 13661; bugfix on 0.0.8pre1.
2014-11-05 13:29:28 -05:00
Nick Mathewson
ce147d33f5 Fix a wide line I introduced 2014-11-04 09:56:46 -05:00
Nick Mathewson
9619c395ac Merge remote-tracking branch 'andrea/ticket6456'
Somewhat tricky conflicts:
	src/or/config.c

Also, s/test_assert/tt_assert in test_config.c
2014-11-04 09:52:04 -05:00
Nick Mathewson
60c86a3b79 Merge branch 'bug13315_squashed'
Conflicts:
	src/or/buffers.c
2014-11-04 00:48:25 -05:00
rl1987
51e2473618 Sending 'Not allowed' error message before closing the connection. 2014-11-04 00:37:24 -05:00
rl1987
0da4ddda4f Checking if FQDN is actually IPv6 address string and handling that case. 2014-11-04 00:37:24 -05:00
rl1987
2862b769de Validating SOCKS5 hostname more correctly. 2014-11-04 00:36:42 -05:00
Nick Mathewson
593909ea70 Merge remote-tracking branch 'public/bug13214_025_squashed' 2014-11-04 00:24:56 -05:00
Nick Mathewson
b10e5ac7b8 Check descriptor ID in addition to HS ID when saving a v2 hs descriptor
Fixes bug 13214; reported by 'special'.
2014-11-04 00:24:15 -05:00
David Goulet
71355e1db9 Add comments and rename intro_nodes list in rend_services_introduce()
(No changes file needed: this patch just adds comments and renames
variables. This is ticket 13646. message taken from the ticket. -Nick)
2014-11-04 00:19:31 -05:00
Nick Mathewson
415a841378 Remove smartlist_choose_node_by_bandwidth()
We were only using it when smartlist_choose_node_by_bandwidth_weights
failed.  But that function could only fail in the presence of
buggy/ancient authorities or in the absence of a consensus.  Either
way, it's better to use sensible defaults and a nicer algorithm.
2014-11-03 13:30:19 -05:00
Nick Mathewson
bbd8d07167 Apply new calloc coccinelle patch 2014-11-02 11:56:02 -05:00
Nick Mathewson
efd5001c3b Use digest256_len in networkstatus_copy_old_consensus_info()
Now, if a router ever changes its microdescriptor, but the new
microdescriptor SHA256 hash has the same 160-bit prefix as the old
one, we treat it as a new microdescriptor when deciding whether to
copy status information.

(This function also is used to compare SHA1 digests of router
descriptors, but don't worry: the descriptor_digest field either holds
a SHA256 hash, or a SHA1 hash padded with 0 bytes.)
2014-10-31 11:36:31 -04:00
Nick Mathewson
dc05b8549a Use digest256map for computing microdescriptor downloads 2014-10-31 11:32:32 -04:00
teor
13298d90a9 Silence spurious clang warnings
Silence clang warnings under --enable-expensive-hardening, including:
  + implicit truncation of 64 bit values to 32 bit;
  + const char assignment to self;
  + tautological compare; and
  + additional parentheses around equality tests. (gcc uses these to
    silence assignment, so clang warns when they're present in an
    equality test. But we need to use extra parentheses in macros to
    isolate them from other code).
2014-10-30 22:34:46 +11:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
rl1987
14d59fdc10 Updating message that warns about running out of sockets we can use. 2014-10-28 14:13:25 -04:00
rl1987
f1ebe6bda4 Fix smartlist_choose_node_by_bandwidth() so that it rejects ORs with BadExit flag. 2014-10-28 14:07:08 -04:00
Nick Mathewson
2c884fd8cc Merge remote-tracking branch 'rl1987/feature10427' 2014-10-28 14:03:40 -04:00
Nick Mathewson
0793ef862b Merge remote-tracking branch 'sebastian/bug13286' 2014-10-27 12:12:16 -04:00
Sebastian Hahn
909aa51b3f Remove configure option to disable curve25519
By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.
2014-10-27 14:41:19 +01:00
rl1987
36e771628e Congratulate relay operator when OR is first started
When Tor first generates identity keypair, emit a log message that
thanks for their participation and points to new Tor relay lifecycle
document.
2014-10-26 21:53:48 +02:00
Nick Mathewson
f5fc7e3306 Fix a crash bug introduced in 223d354e3.
Arma found this and commented on #11243.  Bug not in any released
version of Tor.
2014-10-26 14:09:03 -04:00
teor
c9d0967dd9 Fix minor typos, two line lengths, and a repeated include 2014-10-23 02:57:11 +11:00
Nick Mathewson
8e4daa7bb0 Merge remote-tracking branch 'public/ticket6938'
Conflicts:
	src/tools/tor-resolve.c
2014-10-22 10:14:03 -04:00
Nick Mathewson
e3d166b7a6 Merge remote-tracking branch 'teor/memwipe-more-keys' 2014-10-20 11:12:51 -04:00
Nick Mathewson
2d4c40ee5f Fix a use-after-free error in cleaned-up rouerlist code.
Bug not in any released tor.  This is CID 1248521
2014-10-20 09:04:53 -04:00
teor
2e1f5c1fc0 Memwipe more keys after tor has finished with them
Ensure we securely wipe keys from memory after
crypto_digest_get_digest and init_curve25519_keypair_from_file
have finished using them.

Fixes bug 13477.
2014-10-20 03:06:28 +11:00
Nick Mathewson
fc5cab4472 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-16 13:29:14 -04:00
Nick Mathewson
fb91d647ac Downgrade 'invalid result from curve25519 handshake: 4' warning
Also, refactor the way we handle failed handshakes so that this
warning doesn't propagate itself to "onion_skin_client_handshake
failed" and "circuit_finish_handshake failed" and
"connection_edge_process_relay_cell (at origin) failed."

Resolves warning from 9635.
2014-10-16 13:26:42 -04:00
Nick Mathewson
ab4b29625d Downgrade 'unexpected sendme cell from client' to PROTOCOL_WARN
Closes 8093.
2014-10-16 13:04:11 -04:00
Nick Mathewson
a5cc5ad08d Merge remote-tracking branch 'yawning/bug13314' 2014-10-16 09:12:13 -04:00
Nick Mathewson
d950e24332 Merge remote-tracking branch 'public/bug11243_squashed' 2014-10-13 14:32:43 -04:00
Nick Mathewson
9df61d7028 Add comments to can_dl_again usage 2014-10-13 14:31:11 -04:00
Nick Mathewson
500c406364 Note that parse-list functions may add duplicate 'invalid' entries. 2014-10-13 14:31:11 -04:00
Nick Mathewson
223d354e34 Bugfixes on bug11243 fix for the not-added cases and tests
1. The test that adds things to the cache needs to set the clock back so
    that the descriptors it adds are valid.

 2. We split ROUTER_NOT_NEW into ROUTER_TOO_OLD, so that we can
    distinguish "already had it" from "rejected because of old published
    date".

 3. We make extrainfo_insert() return a was_router_added_t, and we
    make its caller use it correctly.  This is probably redundant with
    the extrainfo_is_bogus flag.
2014-10-13 14:31:11 -04:00
Nick Mathewson
39795e117f Use symbolic constants for statuses in microdescs_add_to_cache.
Suggested by Andrea in her review of 11243.
2014-10-13 14:31:10 -04:00
Nick Mathewson
b8e2be5557 Don't reset the download failure status of any object marked as impossible 2014-10-13 14:30:02 -04:00
Nick Mathewson
3efeb711f1 Unit tests for 11243: loading ri, ei, mds from lists
These tests make sure that entries are actually marked
undownloadable as appropriate.
2014-10-13 14:30:02 -04:00
Nick Mathewson
a30594605e Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum.  This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)

This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest.  (This excludes RSA signature problems: RSA signatures
aren't included in the digest.  This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures.  But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)

We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.

Unit tests to follow in another patch.

Closes ticket #11243.
2014-10-13 14:30:02 -04:00
Nick Mathewson
032e3b733f Merge remote-tracking branch 'isis/bug12951_r1' 2014-10-13 13:22:10 -04:00
Nick Mathewson
cd678ae790 Remove is_router_version_good_for_possible_guard()
The versions which this function would keep from getting the guard
flag are already blocked by the minimum version check.

Closes 13152.
2014-10-09 15:12:36 -04:00
Nick Mathewson
e5f9f287ce Merge remote-tracking branch 'teor/bug-13163-AlternateAuthorities-type-handling-fixed' 2014-10-09 10:55:09 -04:00
teor
31bf8f2690 Bitwise check BRIDGE_DIRINFO
Bitwise check for the BRIDGE_DIRINFO flag, rather than checking for
equality.

Fixes a (potential) bug where directories offering BRIDGE_DIRINFO,
and some other flag (i.e. microdescriptors or extrainfo),
would be ignored when looking for bridge directories.

Final fix in series for bug 13163.
2014-10-08 05:37:15 +11:00
teor
ff42222845 Improve DIRINFO flags' usage comments
Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in functions
which take them as arguments. Replace 0 with NO_DIRINFO in a function call
for clarity.

Seeks to prevent future issues like 13163.
2014-10-08 05:36:54 +11:00
teor
c1dd43d823 Stop using default authorities with both Alternate Dir and Bridge Authority
Stop using the default authorities in networks which provide both
AlternateDirAuthority and AlternateBridgeAuthority.

This bug occurred due to an ambiguity around the use of NO_DIRINFO.
(Does it mean "any" or "none"?)

Partially fixes bug 13163.
2014-10-08 05:36:54 +11:00
Andrea Shepard
12b6c7df4a Make queue thresholds and flush size for global scheduler into config options 2014-10-07 09:53:57 -07:00
Yawning Angel
c8132aab92 Send back SOCKS5 errors for all of the address related failures.
Cases that now send errors:
 * Malformed IP address (SOCKS5_GENERAL_ERROR)
 * CONNECT/RESOLVE request with IP, when SafeSocks is set
   (SOCKS5_NOT_ALLOWED)
 * RESOLVE_PTR request with FQDN (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED)
 * Malformed FQDN (SOCKS5_GENERAL_ERROR)
 * Unknown address type (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED)

Fixes bug 13314.
2014-10-01 14:16:59 +00:00
teor
27f30040f6 Add TestingDirAuthVoteExit option (like TestingDirAuthVoteGuard)
Add the TestingDirAuthVoteExit option, a list of nodes to vote Exit for,
regardless of their uptime, bandwidth, or exit policy.

TestingTorNetwork must be set for this option to have any effect.

Works around an issue where authorities would take up to 35 minutes to
give nodes the Exit flag in a test network, despite short consensus
intervals. Partially implements ticket 13161.
2014-10-01 17:44:21 +10:00
Andrea Shepard
99d312c293 Make channel_flush_some_cells() mockable 2014-09-30 23:14:59 -07:00
Andrea Shepard
dc3af04ba8 Make scheduler_compare_channels() mockable 2014-09-30 23:14:58 -07:00
Andrea Shepard
f8ceb0f028 Make scheduler_run() mockable 2014-09-30 23:14:58 -07:00
Andrea Shepard
b7125961de Expose scheduler_compare_channels() to test suite 2014-09-30 23:14:58 -07:00
Andrea Shepard
c5f73e52e5 Make circuitmux_compare_muxes() and circuitmux_get_policy() mockable 2014-09-30 23:14:58 -07:00
Andrea Shepard
71a9ed6feb Make some scheduler.c static functions visible to the test suite 2014-09-30 23:14:57 -07:00
Andrea Shepard
9869254608 Make scheduler.c static globals visible to test suite 2014-09-30 23:14:25 -07:00
Andrea Shepard
a2de0a1034 Make buf_datalen() mockable 2014-09-30 23:14:25 -07:00
Andrea Shepard
3b080230e9 Make connection_or_connect() mockable 2014-09-30 23:14:24 -07:00
Andrea Shepard
3bc7108d2c Make is_local_addr() mockable 2014-09-30 23:14:24 -07:00
Andrea Shepard
452bce6c72 Make channel_dump_statistics() mockable 2014-09-30 23:14:23 -07:00
Andrea Shepard
5a24ff0563 What the hell was I on? 2014-09-30 23:14:23 -07:00
Andrea Shepard
9eea42f844 Make channel_flush_from_first_active_circuit() mockable 2014-09-30 23:14:02 -07:00
Andrea Shepard
5b7a58f7c4 Make circuitmux_num_cells() mockable 2014-09-30 23:14:02 -07:00
Andrea Shepard
ae3ed185e4 Let channel unit tests mess with global queue estimate 2014-09-30 23:14:01 -07:00
Andrea Shepard
bbb06b73cd Expose some channel cell queue stuff to the test suite 2014-09-30 23:09:15 -07:00
Andrea Shepard
2ee69bd5d7 Expose get_unique_circ_id_by_chan() to test suite 2014-09-30 23:09:14 -07:00
Andrea Shepard
ade60890d0 Make scheduler_channel_doesnt_want_writes() mockable 2014-09-30 23:09:14 -07:00
Andrea Shepard
fd57840a77 Make scheduler_channel_doesnt_want_writes() mockable 2014-09-30 22:54:10 -07:00
Andrea Shepard
85ee070852 Make scheduler_release_channel() mockable 2014-09-30 22:49:58 -07:00
Andrea Shepard
8907554cf3 Make channel_note_destroy_not_pending() mockable 2014-09-30 22:49:58 -07:00
Andrea Shepard
dabf4c33e2 Refactor channel_get_cell_queue_entry_size() to avoid an unreachable line for test coverage, and fix a nasty lurking memory bug in channel_flush_some_cells_from_outgoing_queue() 2014-09-30 22:49:58 -07:00
Andrea Shepard
ac1b627e85 Implement scheduler_touch_channel() 2014-09-30 22:49:58 -07:00
Andrea Shepard
ed1927d6bf Use a non-stupid data structure in the scheduler 2014-09-30 22:49:56 -07:00
Andrea Shepard
3530825c53 Eliminate some unnecessary smartlists in scheduler.c 2014-09-30 22:49:36 -07:00
Andrea Shepard
63bb9a795e Fix compiler warning 2014-09-30 22:49:36 -07:00
Andrea Shepard
55907da28d Sort the scheduler's channel list by cmux comparisons 2014-09-30 22:49:36 -07:00
Andrea Shepard
700d6e7525 Add inter-cmux comparison support to circuitmux_ewma.c 2014-09-30 22:49:35 -07:00
Andrea Shepard
9db596d2ef Add cmux support for inter-cmux comparisons 2014-09-30 22:49:35 -07:00
Andrea Shepard
1275002a46 Schedule according to a queue size heuristic 2014-09-30 22:49:35 -07:00
Andrea Shepard
4f567c8cc8 Let the new scheduler handle writes 2014-09-30 22:49:03 -07:00
Andrea Shepard
f314d9509c Fix return values from channel_flush_some_cells() to correctly count cells directly written by channel_flush_from_first_active_circuit() 2014-09-30 22:49:03 -07:00
Andrea Shepard
2fc3da3ff5 Implement global queue size query in channel.c 2014-09-30 22:49:03 -07:00
Andrea Shepard
8852a1794c Track total queue size per channel, with overhead estimates, and global queue total 2014-09-30 22:49:03 -07:00
Andrea Shepard
5e0a6d54d0 Add global cell/byte counters and per channel byte counters to channel.c 2014-09-30 22:49:02 -07:00
Andrea Shepard
f0533d8d22 Remove no-longer-used channel_tls_t functions 2014-09-30 22:49:02 -07:00
Andrea Shepard
b09f41424c Actually call channel_flush_some_cells() from the scheduler 2014-09-30 22:49:01 -07:00
Andrea Shepard
2efbab2aaf Provide generic mechanism for scheduler to query writeable cells on a channel 2014-09-30 22:48:26 -07:00
Nick Mathewson
472b62bfe4 Uglify scheduler init logic to avoid crash on startup.
Otherwise, when we authority try to do a self-test because of
init-keys, if that self-test can't be launched for whatever reason and
so we close the channel immediately, we crash.

Yes, this a silly way for initialization to work.
2014-09-30 22:48:26 -07:00
Nick Mathewson
85ee5b3095 Use event_active, not 0-length timeouts. It's idempotent, too. 2014-09-30 22:48:26 -07:00
Nick Mathewson
fc13184e44 Fix unused-arguments warnings 2014-09-30 22:48:26 -07:00
Nick Mathewson
08bea13c35 Temporarily disable scheduler_trigger as unused 2014-09-30 22:48:26 -07:00
Andrea Shepard
d438cf1ec9 Implement scheduler mechanism to track lists of channels wanting cells or writes; doesn't actually drive the cell flow from it yet 2014-09-30 22:48:24 -07:00
Nick Mathewson
b448ec195d Clear the cached address from resolve_my_address() when our IP changes
Closes 11582; patch from "ra".
2014-09-29 13:47:58 -04:00
Nick Mathewson
ac9b0a3110 Try to make max_dl_per_request a bit smarter 2014-09-29 10:56:38 -04:00
Nick Mathewson
2b1b1def46 Merge remote-tracking branch 'teor/circuitstats-pareto-avoid-div-zero' 2014-09-29 09:48:02 -04:00
Nick Mathewson
11ebbf5e88 Merge branch 'bug12971_take2_squashed' 2014-09-29 09:18:03 -04:00
Nick Mathewson
fcebc8da95 Rename socks5 error code setting function again
I'd prefer not to use the name "send" for any function that doesn't
really send things.
2014-09-29 09:17:29 -04:00
rl1987
c5ad890904 Respond with 'Command not supported' SOCKS5 reply message upon reception of unsupported request. 2014-09-29 09:14:42 -04:00
Nick Mathewson
5e8cc766e6 Merge branch 'ticket961_squashed' 2014-09-29 09:05:18 -04:00
Nick Mathewson
4903ab1caa Avoid frequent strcmp() calls for AccountingRule
Generally, we don't like to parse the same thing over and over; it's
best IMO to do it once at the start of the code.
2014-09-29 09:05:11 -04:00
Nick Mathewson
8527a29966 Add an "AccountingRule" feature to permit limiting bw usage by read+write
Patch from "chobe".  Closes ticket 961.
2014-09-29 09:05:11 -04:00
Nick Mathewson
dc019b0654 Merge remote-tracking branch 'yawning/bug13213' 2014-09-29 08:57:19 -04:00
Nick Mathewson
b45bfba2ce Whitespace fixes 2014-09-29 08:48:22 -04:00
teor
4d0ad34a92 Avoid division by zero in circuitstats pareto
In circuit_build_times_calculate_timeout() in circuitstats.c, avoid dividing
by zero in the pareto calculations.

If either the alpha or p parameters are 0, we would divide by zero, yielding
an infinite result; which would be clamped to INT32_MAX anyway. So rather
than dividing by zero, we just skip the offending calculation(s), and
use INT32_MAX for the result.

Division by zero traps under clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error.
2014-09-29 20:49:24 +10:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
Nick Mathewson
801f4d4384 Fix a double-free in failing case of handle_control_authenticate.
Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any
released version of Tor.  Found by Coverity; this is CID 1239290.

[Yes, I used this commit message before, in 58e813d0fc.
Turns out, that fix wasn't right, since I didn't look up a
screen. :P ]
2014-09-26 08:58:15 -04:00
Nick Mathewson
764e008092 Merge branch 'libscrypt_trunnel_squashed'
Conflicts:
	src/test/test_crypto.c
2014-09-25 12:03:41 -04:00
Nick Mathewson
e84e1c9745 More generic passphrase hashing code, including scrypt support
Uses libscrypt when found; otherwise, we don't have scrypt and we
only support openpgp rfc2440 s2k hashing, or pbkdf2.

Includes documentation and unit tests; coverage around 95%. Remaining
uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-25 11:58:13 -04:00
Yawning Angel
fa60a64088 Do not launch pluggable transport plugins when DisableNetwork is set.
When DisableNetwork is set, do not launch pluggable transport plugins,
and if any are running already, terminate the existing instances.
Resolves ticket 13213.
2014-09-24 09:39:15 +00:00
Roger Dingledine
ecab261641 two more typos 2014-09-23 18:30:02 -04:00
Nick Mathewson
6523eff9b3 Send long URLs when requesting ordinary server descriptors too. 2014-09-23 13:04:22 -04:00
Nick Mathewson
055ad9c5fb fixup! Send more descriptor requests per attempt when using tunneled connections
Limit the number of simultaneous connections to a single router for
server descriptors too.
2014-09-23 12:57:10 -04:00
Nick Mathewson
0fdfdae7e3 fixup! Refactor initiate_descriptor_downloads() to be safer
Calculate digest_len correctly.

Also, refactor setting of initial variables to look a little nicer.
2014-09-23 12:56:16 -04:00
Nick Mathewson
55b21b366c fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_*
Document n_busy_out, and set it correctly when we goto retry_without_exclude.
2014-09-23 12:47:39 -04:00
Nick Mathewson
02464694b2 fixup! Send more descriptor requests per attempt when using tunneled connections
Compilation fixes
2014-09-23 12:34:51 -04:00
Nick Mathewson
06bda50600 fixup! Download microdescriptors if you're a cache 2014-09-23 12:32:02 -04:00
Nick Mathewson
cae0e7b06b fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_*
Clean up comments on PDS_NO_EXISTING_*
2014-09-23 12:30:47 -04:00
Arlo Breault
5ed5ac185b Send more descriptor requests per attempt when using tunneled connections 2014-09-23 12:22:28 -04:00
Arlo Breault
21d5dbd474 Refactor initiate_descriptor_downloads() to be safer
(It's smarter to use asprintf and join than character pointers and a
long buffer.)
2014-09-23 12:21:08 -04:00
Arlo Breault
29f15a97ed Make router_pick_directory_server respect PDS_NO_EXISTING_* 2014-09-23 12:19:15 -04:00
Arlo Breault
f752093e16 Re-enable last resort attempt to get via tor.
This looks like a bug introduced in
af658b7828.
2014-09-23 12:15:10 -04:00
Arlo Breault
f591a4d94c Remove a needless if (1) 2014-09-23 12:14:41 -04:00
Arlo Breault
c00b397992 Split dirinfo_type_t computation into a new function 2014-09-23 12:12:57 -04:00
Arlo Breault
2e16856665 Fix a comment typo. 2014-09-23 12:11:06 -04:00
Roger Dingledine
1987157d0c + is not how we say concatenate 2014-09-22 20:09:03 -04:00
Nick Mathewson
bdd0c77643 Merge branch 'bug8197_squashed'
Conflicts:
	src/test/test_policy.c
2014-09-22 14:34:52 -04:00
rl1987
80622c0664 Writing comments for newly added functions. 2014-09-22 14:18:01 -04:00
rl1987
2e951f8dda Whitespace fixes 2014-09-22 14:18:00 -04:00
rl1987
c735b60e4c New API for policies_parse_exit_policy(). 2014-09-22 14:18:00 -04:00
George Kadianakis
d9968dd0ab Scrub from logs the name of the RP we picked. 2014-09-22 19:16:30 +01:00
Adrien BAK
8858194952 Remove config options that have been obsolete since 0.2.3 2014-09-22 10:55:01 -04:00
Nick Mathewson
6c6ea8c425 Merge remote-tracking branch 'arma/feature13211' 2014-09-22 10:49:10 -04:00
Nick Mathewson
d3382297fe Merge remote-tracking branch 'arma/feature13153' 2014-09-22 10:42:54 -04:00
Nick Mathewson
1a1e695800 Merge remote-tracking branch 'public/bug7733a' 2014-09-22 10:38:05 -04:00
Roger Dingledine
09183dc315 clients use optimistic data when reaching hidden services
Allow clients to use optimistic data when connecting to a hidden service,
which should cut out the initial round-trip for client-side programs
including Tor Browser.

(Now that Tor 0.2.2.x is obsolete, all hidden services should support
server-side optimistic data.)

See proposal 181 for details. Implements ticket 13211.
2014-09-21 20:02:12 -04:00
Roger Dingledine
530fac10aa Use optimistic data even if we don't know exitnode->rs
I think we should know the routerstatus for our exit relay, since
we built a circuit to it. So I think this is just a code simplication.
2014-09-21 19:12:20 -04:00
Roger Dingledine
bbfb1aca55 get rid of routerstatus->version_supports_optimistic_data
Clients are now willing to send optimistic circuit data (before they
receive a 'connected' cell) to relays of any version. We used to
only do it for relays running 0.2.3.1-alpha or later, but now all
relays are new enough.

Resolves ticket 13153.
2014-09-21 19:04:18 -04:00
Roger Dingledine
4c8b809b96 get rid of trivial redundant comment 2014-09-21 18:56:48 -04:00
Roger Dingledine
1b40ea036f Stop silently skipping invalid args to setevents
Return an error when the second or later arguments of the
"setevents" controller command are invalid events. Previously we
would return success while silently skipping invalid events.

Fixes bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
2014-09-21 16:05:24 -04:00
Roger Dingledine
e170205cd8 Merge branch 'maint-0.2.5' 2014-09-20 16:51:17 -04:00
Roger Dingledine
87576e826f Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-09-20 16:50:32 -04:00
Roger Dingledine
288b3ec603 Merge branch 'maint-0.2.3' into maint-0.2.4 2014-09-20 16:49:24 -04:00
Sebastian Hahn
0eec8e2aa5 gabelmoo's IPv4 address changed 2014-09-20 16:46:02 -04:00
Nick Mathewson
6d6e21a239 Merge branch 'bug4244b_squashed' 2014-09-18 15:31:08 -04:00
Roger Dingledine
905443f074 Clients no longer write "DirReqStatistics 0" in their saveconf output
Stop modifying the value of our DirReqStatistics torrc option just
because we're not a bridge or relay. This bug was causing Tor
Browser users to write "DirReqStatistics 0" in their torrc files
as if they had chosen to change the config.

Fixes bug 4244; bugfix on 0.2.3.1-alpha.
2014-09-18 15:29:14 -04:00
Nick Mathewson
58e813d0fc Fix a double-free in failing case of handle_control_authenticate.
Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any
released version of Tor.  Found by Coverity; this is CID 1239290.
2014-09-18 11:13:57 -04:00
Nick Mathewson
d14127eb7a Use the DL_SCHED_CONSENSUS schedule for consensuses.
Fixes bug 11679; bugfix on 0.2.2.6-alpha
2014-09-18 10:52:58 -04:00
Nick Mathewson
bb175dac96 Activate INSTRUMENT_DOWNLOADS under clang analyzer as well as coverity
Patch from teor; ticket 13177.
2014-09-18 10:23:33 -04:00
Nick Mathewson
feee445771 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-16 11:11:48 -04:00
Nick Mathewson
be0e26272b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-09-16 11:10:02 -04:00
Roger Dingledine
0c3b3650aa clients now send correct address for rendezvous point
Clients now send the correct address for their chosen rendezvous point
when trying to access a hidden service. They used to send the wrong
address, which would still work some of the time because they also
sent the identity digest of the rendezvous point, and if the hidden
service happened to try connecting to the rendezvous point from a relay
that already had a connection open to it, the relay would reuse that
connection. Now connections to hidden services should be more robust
and faster. Also, this bug meant that clients were leaking to the hidden
service whether they were on a little-endian (common) or big-endian (rare)
system, which for some users might have reduced their anonymity.

Fixes bug 13151; bugfix on 0.2.1.5-alpha.
2014-09-16 11:05:36 -04:00
Nick Mathewson
ef9a0d2048 Add script to detect and remove unCish malloc-then-cast pattern
Also, apply it.
2014-09-16 10:57:00 -04:00
Nick Mathewson
1dc0d26b50 Clean up a clangalyzer warning in directory_remove_invalid
"At this point in the code, msg has been set to a string
constant. But the tor code checks that msg is not NULL, and the
redundant NULL check confuses the analyser[...] To avoid this
spurious warning, the patch initialises msg to NULL."

Patch from teor. another part of 13157.
2014-09-15 13:52:56 -04:00
George Kadianakis
6c512d2f63 Fix a tor2web log message that referenced the wrong configure switch. 2014-09-15 16:07:48 +03:00
George Kadianakis
24a7726955 Implement Tor2webRendezvousPoints functionality. 2014-09-15 16:07:48 +03:00
George Kadianakis
3e7c5e9f44 Block circuit canibalization when Tor2webRendezvousPoints is active. 2014-09-15 16:07:48 +03:00
George Kadianakis
e02138eb65 Introduce the Tor2webRendezvousPoints torrc option. 2014-09-15 16:07:46 +03:00
Roger Dingledine
d6b2a1709d fix typo in comment 2014-09-13 17:10:04 -04:00
Nick Mathewson
6d66e9068b Whitespace cleanups in transports/test_pt 2014-09-11 14:36:51 -04:00
Nick Mathewson
2914d56ea4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-11 08:59:24 -04:00
Roger Dingledine
6215ebb266 Reduce log severity for unused ClientTransportPlugin lines
Tor Browser includes several ClientTransportPlugin lines in its
torrc-defaults file, leading every Tor Browser user who looks at her
logs to see these notices and wonder if they're dangerous.

Resolves bug 13124; bugfix on 0.2.5.3-alpha.
2014-09-11 08:02:37 -04:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
59f9a5c786 Avoid divide by zero and NaNs in scale_array_elements_to_u64
Patch from teor; part of 13104
2014-09-10 23:59:21 -04:00
Nick Mathewson
73ee161d8a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-10 23:48:59 -04:00
Nick Mathewson
3c2c6a6116 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
2014-09-10 23:48:11 -04:00
Nick Mathewson
e07206afea Merge remote-tracking branch 'yawning/bug_8402' 2014-09-10 23:41:55 -04:00
Nick Mathewson
93dfb12037 Remember log messages that happen before logs are configured
(And replay them once we know our first real logs.)

This is an implementation for issue 6938.  It solves the problem of
early log mesages not getting sent to log files, but not the issue of
early log messages not getting sent to controllers.
2014-09-10 23:34:43 -04:00
Nick Mathewson
a9b2e5eac6 Merge remote-tracking branch 'public/bug12908_025' into maint-0.2.5 2014-09-10 22:12:47 -04:00
Nick Mathewson
916d53d6ce Mark StrictE{ntry,xit}Nodes as obsolete. 2014-09-10 07:10:10 -04:00
Yawning Angel
cae44838fe Fix issues brought up in nickm's review.
* Update pt_get_proxy_uri() documentation.
 * proxy_supported is now unsigned.
 * Added a changes file.
2014-09-09 18:21:19 +00:00
George Kadianakis
01800ea1e4 Add unittests for finding the third quartile of a set. 2014-09-09 12:28:15 -04:00
Nick Mathewson
8e39395199 Merge remote-tracking branch 'asn/bug13064' 2014-09-09 12:26:16 -04:00
Sebastian Hahn
409a56281e Remove client-side bad directory logic
Implements the second half of #13060.
2014-09-09 11:54:20 -04:00
Sebastian Hahn
8099dee992 Remove dirauth support for the BadDirectory flag
Implements the first half of #13060. The second half will be to remove
client support, too.
2014-09-09 11:54:15 -04:00
Nick Mathewson
59f3cce0dc Merge branch 'bug12899_squashed' 2014-09-09 11:51:18 -04:00
Sebastian Hahn
607724c696 Remove support for naming directory authorities
This implements the meat of #12899. This commit should simply remove the
parts of Tor dirauths used to check whether a relay was supposed to be
named or not, it doesn't yet convert to a new mechanism for
reject/invalid/baddir/badexiting relays.
2014-09-09 11:50:21 -04:00
Nick Mathewson
4af88d68b4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 11:05:28 -04:00
Nick Mathewson
8eed82b3d4 Merge remote-tracking branch 'andrea/bug12160_025' into maint-0.2.5 2014-09-09 11:04:54 -04:00
Nick Mathewson
dd22ab519a Merge remote-tracking branch 'public/bug12700_024' into maint-0.2.5 2014-09-09 10:51:39 -04:00
Nick Mathewson
2997908228 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:27:41 -04:00
Nick Mathewson
8391c96091 Clean up the MVSC nmake files so they work again.
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
2014-09-09 10:27:05 -04:00
Nick Mathewson
ad0ae89b3c Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:22:42 -04:00
Nick Mathewson
a3c49ca79a Add more escaped() calls in directory.c
Patch from teor to fix 13071.
2014-09-09 10:22:01 -04:00
Nick Mathewson
2ecaa59bd7 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-08 15:16:45 -04:00
Nick Mathewson
d229025fef Expand the event_mask field in controller conns to 64 bits
Back in 078d6bcd, we added an event number 0x20, but we didn't make
the event_mask field big enough to compensate.

Patch by "teor". Fixes 13085; bugfix on 0.2.5.1-alpha.
2014-09-08 15:16:02 -04:00
George Kadianakis
0f50f5f373 Evaluate TestingDirAuthVoteGuard only after filling all rs elements. 2014-09-06 14:37:41 +03:00
Andrea Shepard
39a017809b Correctly update channel local mark when address of incoming connection changes after handshake; fixes bug #12160 2014-09-05 11:12:08 -07:00
Sebastian Hahn
8356721662 Fix add_fingerprint_to_dir() doc and signature
This function never returns non-null, but its usage doesn't reflect
that. Let's make it explicit. This will be mostly overridden by later
commits, so no changes file here.
2014-09-04 22:22:56 +02:00
Sebastian Hahn
10fe5bad9a Remove the AuthDirRejectUnlisted config option
This is in preparation for a big patch series removing the entire Naming
system from Tor. In its wake, the approved-routers file is being
deprecated, and a replacement option to allow only pre-approved routers
is not being implemented.
2014-09-04 06:25:38 +02:00
David Stainton
59e052b896 Remove HiddenServiceDirGroupReadable from or_options_t
...and also fix whitespace.
2014-09-03 17:22:15 +00:00
Nick Mathewson
ed8f020e20 Fix a couple of small memory leaks on failure cases.
[CID 1234702, 1234703]
2014-09-03 10:59:39 -04:00
Sebastian Hahn
962765a35d Don't list relays w/ bw estimate of 0 in the consensus
This implements a feature from bug 13000. Instead of starting a bwauth
run with this wrong idea about their bw, relays should do the self-test
and then get measured.
2014-09-02 18:55:01 -04:00
Sebastian Hahn
14abf1c3f1 Don't delay uploading a new desc if bw estimate was 0
When a tor relay starts up and has no historical information about its
bandwidth capability, it uploads a descriptor with a bw estimate of 0.
It then starts its bw selftest, but has to wait 20 minutes to upload the
next descriptor due to the MAX_BANDWIDTH_CHANGE_FREQ delay. This change
should mean that on average, relays start seeing meaningful traffic a
little quicker, since they will have a higher chance to appear in the
consensus with a nonzero bw.

Patch by Roger, changes file and comment by Sebastian.
2014-09-02 18:54:56 -04:00
David Stainton
6e4efb559d Fix white space 2014-09-02 18:08:57 +00:00
Nick Mathewson
00ffccd9a6 Another clang analyzer complaint wrt HT_GENERATE
We're calling mallocfn() and reallocfn() in the HT_GENERATE macro
with the result of a product.  But that makes any sane analyzer
worry about overflow.

This patch keeps HT_GENERATE having its old semantics, since we
aren't the only project using ht.h.  Instead, define a HT_GENERATE2
that takes a reallocarrayfn.
2014-09-02 12:48:34 -04:00
Nick Mathewson
e3c143f521 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
Nick Mathewson
87f9c51f64 Avoid unsigned/sign compare warning from last patch. 2014-09-01 15:42:17 -04:00
Philip Van Hoof
60a3897ed9 Bounds check while looping over a fixed size table or array
(Edited to use existing ARRAY_LENGTH macro --nickm)
2014-09-01 15:40:47 -04:00
meejah
7caf7e9f2a Make HiddenServiceDirGroupReadable per-hidden-service 2014-08-30 15:23:05 -06:00
David Stainton
227b65924b Clean up patch
Here I clean up anon's patch with a few of nickm's suggestions from comment 12:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12

I did not yet completely implement all his suggestions.
2014-08-30 15:23:05 -06:00
anonymous
c13db1f614 Ticket #11291: patch from "anon":
test-11291-group-redable-hsdirs-wtests-may8.patch
2014-08-30 15:23:05 -06:00
Nick Mathewson
f113a263de Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:45:56 -04:00
Nick Mathewson
41058dce95 Merge remote-tracking branch 'arma/bug12996b' into maint-0.2.5 2014-08-29 16:44:50 -04:00
Roger Dingledine
7a878c192f Downgrade "Unexpected onionskin length after decryption" warning
It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.

Resolves bug 12996; bugfix on 0.0.6rc1.
2014-08-29 16:38:54 -04:00
Nick Mathewson
d6fa8239c8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:13:04 -04:00
Nick Mathewson
4a6f5bb2dd Improve "Tried to establish rendezvous on non-OR or non-edge circuit"
Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.

Resolves ticket 12997.
2014-08-29 16:05:58 -04:00
dana koch
c887e20e6a Introduce full coverage tests for module routerset.c.
This is using the paradigm introduced for test_status.c.
2014-08-29 12:55:28 -04:00
Nick Mathewson
d8fe499e08 Revert "restore the sensible part of ac268a83408e1450544db2f23f364dfa3"
This reverts commit b82e166bec.

We don't need that part in 0.2.5, since 0.2.5 no longer supports
non-multithreaded builds.
2014-08-29 12:25:05 -04:00
Nick Mathewson
b0138cd055 Merge remote-tracking branch 'public/bug12985_024' into bug12984_025 2014-08-29 12:24:52 -04:00
Nick Mathewson
b82e166bec restore the sensible part of ac268a8340
We don't want to call event_del() postfork, if cpuworkers are
multiprocess.
2014-08-29 12:21:57 -04:00
Nick Mathewson
4144b4552b Always event_del() connection events before freeing them
Previously, we had done this only in the connection_free() case, but
when we called connection_free_() directly from
connections_free_all(), we didn't free the connections.
2014-08-29 11:33:05 -04:00
Nick Mathewson
9b2d8c4e20 Rename secret_to_key to secret_to_key_rfc2440 2014-08-28 11:20:31 -04:00
Nick Mathewson
cc3b04a8c1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-28 08:36:00 -04:00
Roger Dingledine
37a76d75dd Resume expanding abbreviations for command-line options
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).

Fixes bug 12948; bugfix on 0.2.5.1-alpha.
2014-08-28 08:33:43 -04:00
Nick Mathewson
fdb7fc70d0 Merge remote-tracking branch 'public/bug10163' 2014-08-26 09:44:16 -04:00
Isis Lovecruft
374b531dba
Add published line to @type bridge-network-status documents.
This modifies the format of the bridge networkstatus documents produced
by the BridgeAuth. The new format adds a `published` line to the header
of the file, before the `flag-thresholds` line. This is done once per
networkstatus file that is written. The timestamp in the `published`
line is the standard ISO 8601 format (with a space as the separator)
used throughout the rest of tor.

 * FIXES #12951 https://bugs.torproject.org/12951
2014-08-25 23:46:17 +00:00
Nick Mathewson
051dd9c409 Remove the assigned-but-unused chosen_named_idx local variable
It had been used in consensus method 1.  But now that 13 is the
minimum (see #10163), we don't need it around.

Found by sysrqb.
2014-08-25 11:26:08 -04:00
Nick Mathewson
991545acf1 Whitespace fixes 2014-08-24 13:32:39 -04:00
Nick Mathewson
7c1143e11f Terser ways to sandbox-allow related filenames
Using the *_array() functions here confused coverity, and was actually
a bit longer than we needed.  Now we just use macros for the repeated
bits, so that we can mention a file and a suffix-appended version in
one line.
2014-08-24 13:30:55 -04:00