Commit Graph

9740 Commits

Author SHA1 Message Date
Nick Mathewson
b442930789 Fix serious breakage in connection_handle_write_impl
When we first implemented TLS, we assumed in conneciton_handle_write
that a TOR_TLS_WANT_WRITE from flush_buf_tls meant that nothing had
been written. But when we moved our buffers to a ring buffer
implementation back in 0.1.0.5-rc (!), we broke that invariant: it's
possible that some bytes have been written but nothing.

That's bad.  It means that if we do a sequence of TLS writes that ends
with a WANTWRITE, we don't notice that we flushed any bytes, and we
don't (I think) decrement buckets.

Fixes bug 7708; bugfix on 0.1.0.5-rc
2013-02-01 17:10:15 -05:00
Nick Mathewson
996db755c2 Fix a couple of warnings on the 8081 branch. 2013-02-01 17:03:00 -05:00
Mike Perry
fed7f01377 Add EntryGuardPathUseBias to state file keyword list. 2013-02-01 17:01:26 -05:00
Mike Perry
b3e57b760e Increment an informational counter for use failed state.
This informational counter is probably now redundant, but might as well keep
it consistent I guess.
2013-02-01 17:01:26 -05:00
Mike Perry
da5817772d Rename and relocate the bw weight scale param getter.
It had nothing to do with circuit build times.
2013-02-01 17:01:22 -05:00
Mike Perry
6e4610de02 Fix a log typo found by sysrqb. 2013-02-01 17:01:22 -05:00
Mike Perry
95d272f5d8 Bounds-check path bias rate parameters.
The other remaining parameters don't really need range checks.
2013-02-01 17:01:22 -05:00
Mike Perry
bce6714f99 Refactor code that rolls back the use state
Also document it better.

Mention this refactoring in the comments for the path state machine.
2013-02-01 17:01:16 -05:00
Mike Perry
3a63e5ef42 Refactor and rename pathbias rate evaluation. 2013-02-01 17:01:12 -05:00
Mike Perry
dfcfb5d17d Refactor the scaling parameter fetching into a single function.
Also, deprecate the torrc options for the scaling values. It's unlikely anyone
but developers will ever tweak them, even if we provided a single ratio value.
2013-02-01 17:01:12 -05:00
Mike Perry
2b2c7f23f5 Mark entry guard state dirty everwhere the pathbias code touches it. 2013-02-01 17:01:12 -05:00
Mike Perry
6828a19670 Add a tristate to guard against unexpected circ purpose transitions 2013-02-01 17:01:12 -05:00
Mike Perry
173ed05d2f Clarify state transition and related pathbias comments 2013-02-01 17:01:12 -05:00
Nick Mathewson
ec90ed4f6d Merge branch 'rename_log_7599' 2013-02-01 16:23:26 -05:00
Roger Dingledine
fd49226385 Help us track bug 8093:
Improve the log message when "Bug/attack: unexpected sendme cell
from client" occurs.
2013-02-01 16:22:34 -05:00
Nick Mathewson
7301339e33 fix wide lines from tor_log rename 2013-02-01 16:19:02 -05:00
Nick Mathewson
a141430ec3 Rename log() to tor_log() for logging
This is meant to avoid conflict with the built-in log() function in
math.h.  It resolves ticket 7599.  First reported by dhill.

This was generated with the following perl script:

 #!/usr/bin/perl -w -i -p

 s/\blog\(LOG_(ERR|WARN|NOTICE|INFO|DEBUG)\s*,\s*/log_\L$1\(/g;

 s/\blog\(/tor_log\(/g;
2013-02-01 15:43:37 -05:00
Nick Mathewson
b0dd355891 Use %d, not %02d, for decimal percentages
Cosmetic tweak on 5956; not in any released tor.
2013-01-30 17:35:28 -05:00
Nick Mathewson
35daf6f602 Rename all of the macros in tor_queue.h to start with TOR_ 2013-01-30 12:58:49 -05:00
Nick Mathewson
29136bd7e4 Merge branch 'bug5956_squashed' 2013-01-30 11:59:51 -05:00
Nick Mathewson
02c320916e Parameterize FRAC_USABLE_NEEDED for fraction of circuits
Instead of hardcoding the minimum fraction of possible paths to 0.6, we
take it from the user, and failing that from the consensus, and
failing that we fall back to 0.6.
2013-01-30 11:58:17 -05:00
Nick Mathewson
813a0f8c40 Compute whether we're ready to build circuits based on fraction of paths
Previously we did this based on the fraction of descriptors we
had. But really, we should be going based on what fraction of paths
we're able to build based on weighted bandwidth, since otherwise a
directory guard or two could make us behave quite oddly.

Implementation for feature 5956
2013-01-30 11:58:17 -05:00
Nick Mathewson
bc52e0488b Add an optional out-arg to count_usable_descriptors
This way we get the usable nodes themselves, so we can feed them into
frac_nodes_with_descriptors
2013-01-30 11:58:17 -05:00
Nick Mathewson
fcf906ec73 Add a function to compute fraction of nodes (by weighted bw) with descriptors 2013-01-30 11:58:17 -05:00
Andrea Shepard
123daffb60 Merge branch 'bug7802' of ssh://git-rw.torproject.org/mikeperry/tor 2013-01-28 16:16:45 -08:00
Nick Mathewson
acd72d4e3e Correctly copy microdescs/extrinfos with internal NUL bytes
Fixes bug 8037; bugfix on 0.2.0.1-alpha; reported by cypherpunks.
2013-01-26 18:01:06 -05:00
Andrea Shepard
dfbd19df41 Merge branch 'time_based_onionqueue_v2' of ssh://git-rw.torproject.org/nickm/tor 2013-01-24 08:10:12 -08:00
Mike Perry
a78542f0c3 Bug 8024: Check for null/closed channel before probing. 2013-01-22 21:03:28 -08:00
Mike Perry
b810d322bf squash! Remove a source of error during path bias scaling
Improve debug logs and fix a state fencepost error.
2013-01-20 14:32:56 -08:00
Mike Perry
06a1d0b044 squash! Implement Path use bias accounting.
Make a debug log more informative.
2013-01-20 14:32:56 -08:00
Mike Perry
f858370233 Prevent early close of path bias testing circuits.
We need to let them live long enough to perform the test.
2013-01-20 14:32:56 -08:00
Mike Perry
fb711e6d77 squash! Remove a source of error during path bias scaling
Move a log message about scaling to after we scale
2013-01-20 14:32:27 -08:00
Nick Mathewson
c71b7db8f3 Merge remote-tracking branch 'karsten/bug5823' 2013-01-19 09:36:55 -05:00
Mike Perry
d80b881a52 Remove a source of error during path bias scaling
If any circuits were opened during a scaling event, we were scaling attempts
and successes by different amounts. This leads to rounding error.

The fix is to record how many circuits are in a state that hasn't been fully
counted yet, and subtract that before scaling, and add it back afterwords.
2013-01-18 21:23:33 -08:00
Mike Perry
a2db17a1aa Don't immediately count cannibalized circs as used.
Since they use RELAY_EARLY (which can be seen by all hops on the path),
it's not safe to say they actually count as a successful use.

There are also problems with trying to allow them to finish extending due to
the circuit purpose state machine logic. It is way less complicated (and
possibly more semantically coherent) to simply wait until we actually try to
do something with them before claiming we 'used' them.

Also, we shouldn't call timed out circuits 'used' either, for semantic
consistency.
2013-01-18 19:46:29 -08:00
Mike Perry
24b9b9f791 Roll back the path_state for circs if we detatch a stream.
An adversary could let the first stream request succeed (ie the resolve), but
then tag and timeout the remainder (via cell dropping), forcing them on new
circuits.

Rolling back the state will cause us to probe such circuits, which should lead
to probe failures in the event of such tagging due to either unrecognized
cells coming in while we wait for the probe, or the cipher state getting out
of sync in the case of dropped cells.
2013-01-18 19:46:28 -08:00
Mike Perry
e13e30221e Implement Path use bias accounting.
Path use bias measures how often we can actually succeed using the circuits we
actually try to use. It is a subset of path bias accounting, but it is
computed as a separate statistic because the rate of client circuit use may
vary depending on use case.
2013-01-18 19:46:21 -08:00
Nick Mathewson
42c4418bed Split smartlist_choose_node_by_bandwidth_weights
This is a minimal refactoring to expose the weighted bandwidth
calculations for each node so I can use them to see what fraction of
nodes, weighted by bandwidth, we have descriptors for.
2013-01-18 12:24:54 -05:00
Nick Mathewson
ff9bdbd56f When excluding nodes by country, exclude {??} and {A1} too
This is ticket 7706, reported by "bugcatcher."  The rationale here
is that if somebody says 'ExcludeNodes {tv}', then they probably
don't just want to block definitely Tuvaluan nodes: they also want
to block nodes that have unknown country, since for all they know
such nodes are also in Tuvalu.

This behavior is controlled by a new GeoIPExcludeUnknown autobool
option.  With the default (auto) setting, we exclude ?? and A1 if
any country is excluded.  If the option is 1, we add ?? and A1
unconditionally; if the option is 0, we never add them.

(Right now our geoip file doesn't actually seem to include A1: I'm
including it here in case it comes back.)

This feature only takes effect if you have a GeoIP file.  Otherwise
you'd be excluding every node.
2013-01-17 18:07:36 -05:00
Nick Mathewson
e0581a4b57 Replace base-{16,32,64} with base{16,32,64} in the code
Patch from onizuka generated with

 find ./ -type f -perm -u+rw -exec sed -ri 's/(Base)-(16|32|64)/\1\2/gi' {} \;

Fixes issue 6875 on Tor.
2013-01-17 16:08:28 -05:00
Nick Mathewson
60a2aa8b00 Add ntor-related modules to the Makefiles.nmake 2013-01-17 15:53:36 -05:00
Nick Mathewson
1af89ce540 Fix an MSVC warning in onion.h prototypes 2013-01-17 14:42:37 -05:00
Nick Mathewson
2386a98d46 Add a missing part of bug 7311's makefile.nmake tweaks
Fix by "ultramage".

This already has a changes entry.
2013-01-17 10:01:22 -05:00
Nick Mathewson
d094a76cc8 Merge remote-tracking branch 'public/bug6302' 2013-01-17 09:20:24 -05:00
Karsten Loesing
da1e44ee51 Remove dirreq-v2-* lines from extra-info descriptors.
Implements the rest of #5823.
2013-01-17 10:46:34 +01:00
Jérémy Bobbio
aa01d0a183 Implement proposal 204: ignore subdomains in hidden service addresses
The implementation is pretty straightforward: parse_extended_hostname() is
modified to drop any leading components from an address like
'foo.aaaaaaaaaaaaaaaa.onion'.
2013-01-16 23:29:59 -05:00
Nick Mathewson
b998431a33 Merge branch '024_msvc_squashed'
Conflicts:
	src/or/or.h
	 srcwin32/orconfig.h
2013-01-16 22:32:12 -05:00
Nick Mathewson
b7cf7bd9ae Fix an instance of snprintf; don't use _snprintf directly 2013-01-16 22:29:39 -05:00
Nick Mathewson
5e06c4ee32 When building with MSVC, call every enum bitfield unsigned
Fixes bug 7305.
2013-01-16 22:29:39 -05:00
Nick Mathewson
ca3bc8973b use the /Fe flag with msvc
Fixes 7309
2013-01-16 22:29:39 -05:00
Nick Mathewson
fb497dfe9e Add missing objects to Makefile.nmake 2013-01-16 22:29:38 -05:00
Nick Mathewson
b7dd716195 Add missing includes and libs to makefile.nmake
Fixes bugs 7312 and 7310.
2013-01-16 22:29:38 -05:00
Nick Mathewson
ca18768fb2 Aftermath of isin->contains renaming
Fix wide lines and comments, and add a changes file
2013-01-16 16:57:32 -05:00
Nick Mathewson
49e619c1cf Rename *_isin to *_contains
This is an automatically generated commit, from the following perl script,
run with the options "-w -i -p".

  s/smartlist_string_num_isin/smartlist_contains_int_as_string/g;
  s/smartlist_string_isin((?:_case)?)/smartlist_contains_string$1/g;
  s/smartlist_digest_isin/smartlist_contains_digest/g;
  s/smartlist_isin/smartlist_contains/g;
  s/digestset_isin/digestset_contains/g;
2013-01-16 16:57:11 -05:00
Nick Mathewson
e4821fa14d Remove two extrneous semicolons in dirserv.c
In 6fbdf635 we added a couple of statements like:
    if (test) {
       ...
    };

The extraneous semicolons there get flagged as worrisome empty
statements by the cparser library, so let's fix them.

Patch by Christian Grothoff; fixes bug 7115.
2013-01-16 16:49:39 -05:00
Nick Mathewson
9bd811b337 Refactor: Use SOCK_ERRNO to avoid some #ifdef _WIN32s
Fixes ticket 6302
2013-01-16 15:30:20 -05:00
Nick Mathewson
65e6e68981 Merge branch 'bug7972' 2013-01-16 13:56:10 -05:00
Nick Mathewson
50f527a2c9 Actually link against nacl when we want to use it
Fixes more of bug 7972
2013-01-16 13:07:52 -05:00
Nick Mathewson
e53e6caac5 Adjust control_reason when adjusting reason (related to 7902) 2013-01-16 12:52:19 -05:00
Nick Mathewson
08de029a17 Removee dirrec-v*-sharestatistics
These were unused and sometimes inaccurate. Resolves 5823.
2013-01-16 12:43:00 -05:00
Nick Mathewson
d1b5ae903f When we get an END cell before CONNECTED, don't report SOCKS success
Bug 7902; fix on 0.1.0.1-rc.
2013-01-16 12:09:49 -05:00
Nick Mathewson
5ed8ac4e57 Merge remote-tracking branch 'asn/bug7896' 2013-01-16 11:41:37 -05:00
Nick Mathewson
4da083db3b Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
Nick Mathewson
b5ce4f94c3 Forward-port fix for 7889 2013-01-15 16:33:53 -05:00
Nick Mathewson
938cb6a55e Merge remote-tracking branch 'origin/maint-0.2.3' 2013-01-15 16:30:26 -05:00
Roger Dingledine
6e4a4002c5 Clean up odds and ends 2013-01-15 15:40:17 -05:00
Nick Mathewson
beca92c31b Fix handling of ntor handshakes received via CREATE cells
Fixes bug 7959; bugfix on 0.2.4.8-alpha.
2013-01-15 00:41:09 -05:00
Nick Mathewson
ebf30613ea Better log message to diagnose #7959 2013-01-15 00:25:07 -05:00
Nick Mathewson
47122d1d25 Revert junk accidentally included with "start folding in the changes entries"
Looks like Roger's debugging code wanted to take a tour of the world
outside his sandbox.

This reverts part of commit 19d3720236.
2013-01-14 14:41:59 -05:00
Nick Mathewson
4ccf09b1c2 Reject create/begin/etc cells with {circ,stream}ID 0.
Otherwise, it's possible to create streams or circuits with these
bogus IDs, leading to orphaned circuits or streams, or to ones that
can cause bandwidth DOS problems.

Fixes bug 7889; bugfix on all released Tors.
2013-01-14 14:02:13 -05:00
Roger Dingledine
19d3720236 start folding in the changes entries 2013-01-14 13:34:59 -05:00
Nick Mathewson
c9242f4fd4 Merge branch 'bug7869' 2013-01-14 12:32:00 -05:00
George Kadianakis
50028e4d68 Mention name of the transport used when we learn the fpr of a bridge. 2013-01-09 15:52:35 +02:00
Mike Perry
d05ff310a5 Bug 7691 review fixes.
Also add in the random nonce generation.
2013-01-08 19:29:56 -08:00
Mike Perry
f60c25cd25 Bug 7341 code review fixes. 2013-01-08 18:12:38 -08:00
Mike Perry
15fdfc2993 Bug 7691: Send a probe cell down certain types of circs.
In general, if we tried to use a circ for a stream, but then decided to place
that stream on a different circuit, we need to probe the original circuit
before deciding it was a "success".

We also need to do the same for cannibalized circuits that go unused.
2013-01-08 17:28:08 -08:00
Mike Perry
3458d904f6 Fix bug 7341.
Fix cannibalize, rend circ and intro circ timeout handling.
2013-01-08 17:21:05 -08:00
Nick Mathewson
31d888c834 Make the = at the end of ntor-onion-key optional.
Makes bug 7869 more easily fixable if we ever choose to do so.
2013-01-05 22:53:32 -05:00
Nick Mathewson
677d18278e Better handling (I think) for onionskin timing w jumpy clocks
The fix: Instead of clipping huge/negative times, ignore them as
probably invalid.
2013-01-03 13:26:59 -05:00
Nick Mathewson
30e139389b Record and report the overhead of how we handle onionskins. 2013-01-03 13:20:20 -05:00
Nick Mathewson
b9fb01721a Use a TAILQ, not a singly-linked queue, for the onion queue.
This makes removing items from the middle of the queue into an O(1)
operation, which could prove important as we let onionqueues grow
longer.

Doing this actually makes the code slightly smaller, too.
2013-01-03 13:03:41 -05:00
Nick Mathewson
b0b3c14c11 Eliminate MaxOnionsPending; replace it with MaxOnionQueueDelay
The right way to set "MaxOnionsPending" was to adjust it until the
processing delay was appropriate.  So instead, let's measure how long
it takes to process onionskins (sampling them once we have a big
number), and then limit the queue based on its expected time to
finish.

This change is extra-necessary for ntor, since there is no longer a
reasonable way to set MaxOnionsPending without knowing what mix of
onionskins you'll get.

This patch also reserves 1/3 of the onionskin spots for ntor
handshakes, on the theory that TAP handshakes shouldn't be allowed to
starve their speedier cousins.  We can change this later if need be.

Resolves 7291.
2013-01-03 13:03:41 -05:00
Nick Mathewson
b1bdecd703 Merge branch 'ntor-resquashed'
Conflicts:
	src/or/cpuworker.c
	src/or/or.h
	src/test/bench.c
2013-01-03 11:52:41 -05:00
Nick Mathewson
d3de0b91fb Check all crypto_rand return values for ntor. 2013-01-03 11:29:49 -05:00
Nick Mathewson
94cb7bd24d Complete all DOCDOC entries from the ntor branch 2013-01-03 11:29:48 -05:00
Nick Mathewson
5f219ddd02 Use safe_mem_is_zero for checking curve25519 output for 0-ness
This should make the intent more explicit.  Probably needless, though.
2013-01-03 11:29:48 -05:00
Nick Mathewson
c46ff3ec79 Add reference implementation for ntor, plus compatibility test
Before I started coding ntor in C, I did another one in Python.
Turns out, they interoperate just fine.
2013-01-03 11:29:48 -05:00
Nick Mathewson
839016ac79 ntor: Don't fail fast server-side on an unrecognized KEYID(B) 2013-01-03 11:29:48 -05:00
Nick Mathewson
d907fca29b Make libcurve25519_donna get built as a .a
This lets us give it compiler flags differing from the rest of
libor-crypto.a
2013-01-03 11:29:47 -05:00
Nick Mathewson
ef13bf4432 Fix an unused-variable warning 2013-01-03 11:29:47 -05:00
Nick Mathewson
b286373908 Enable the ntor handshake on the client side.
"works for me"
2013-01-03 11:29:47 -05:00
Nick Mathewson
ecf88b16b8 Enable handling of create2/extend2/created2/extended2 2013-01-03 11:29:47 -05:00
Nick Mathewson
5c68a1efaa Don't check create cells too much when we're relaying them
We want to sanity-check our own create cells carefully, and other
people's loosely.
2013-01-03 11:29:47 -05:00
Nick Mathewson
1ed4786dba Implement scheme to allow ntor requests/responses via older servers 2013-01-03 11:29:47 -05:00
Nick Mathewson
115e8fe9a5 Use created_cell_format where appropriate 2013-01-03 11:29:47 -05:00
Nick Mathewson
6c69b16c93 Use new wrappers for making,sending,processing create/extend cells 2013-01-03 11:29:47 -05:00
Nick Mathewson
2802ccaeb6 Teach cpuworker and others about create_cell_t and friends
The unit of work sent to a cpuworker is now a create_cell_t; its
response is now a created_cell_t.  Several of the things that call or
get called by this chain of logic now take create_cell_t or
created_cell_t too.

Since all cpuworkers are forked or spawned by Tor, they don't need a
stable wire protocol, so we can just send structs.  This saves us some
insanity, and helps p
2013-01-03 11:29:46 -05:00
Nick Mathewson
5d15d597a9 Code to parse and format CREATE{,2,_FAST} cells and their allies
As elsewhere, it makes sense when adding or extending a cell type to
actually make the code to parse it into a separate tested function.

This commit doesn't actually make anything use these new functions;
that's for a later commit.
2013-01-03 11:29:46 -05:00
Nick Mathewson
18c7d3f157 Rename handshake_digest to rend_circ_nonce
The handshake_digest field was never meaningfully a digest *of* the
handshake, but rather is a digest *from* the handshake that we exapted
to prevent replays of ESTABLISH_INTRO cells.  The ntor handshake will
generate it as more key material rather than taking it from any part
of the circuit handshake reply..
2013-01-03 11:29:46 -05:00
Nick Mathewson
f58d4dfcd6 Massive refactoring of the various handshake types
The three handshake types are now accessed from a unified interface;
their state is abstracted from the rest of the cpath state, and so on.
2013-01-03 11:29:46 -05:00
Nick Mathewson
5fa1c7484c Refactor the CREATE_FAST handshake code to match the others. 2013-01-03 11:29:02 -05:00
Nick Mathewson
f7e590df05 Split onion.[ch] into onion{,_fast,_tap}.[ch]
I'm going to want a generic "onionskin" type and set of wrappers, and
for that, it will be helpful to isolate the different circuit creation
handshakes.  Now the original handshake is in onion_tap.[ch], the
CREATE_FAST handshake is in onion_fast.[ch], and onion.[ch] now
handles the onion queue.

This commit does nothing but move code and adjust header files.
2013-01-02 14:11:14 -05:00
Nick Mathewson
5b3dd1610c Wrangle curve25519 onion keys: generate, store, load, publish, republish
Here we try to handle curve25519 onion keys from generating them,
loading and storing them, publishing them in our descriptors, putting
them in microdescriptors, and so on.

This commit is untested and probably buggy like whoa
2013-01-02 14:11:14 -05:00
Nick Mathewson
6c883bc638 Move curve25519 keypair type to src/common; give it functions
This patch moves curve25519_keypair_t from src/or/onion_ntor.h to
src/common/crypto_curve25519.h, and adds new functions to generate,
load, and store keypairs.
2013-01-02 14:11:13 -05:00
Nick Mathewson
cf4dd5fbcb Implementat the ntor handshake
The ntor handshake--described in proposal 216 and in a paper by
Goldberg, Stebila, and Ustaoglu--gets us much better performance than
our current approach.
2013-01-02 14:10:49 -05:00
Nick Mathewson
ee4182612f Avoid spurious local-port warnings
Our old warn_nonlocal_client_ports() would give a bogus warning for
every nonlocal port every time it parsed any ports at all.  So if it
parsed a nonlocal socksport, it would complain that it had a nonlocal
socksport...and then turn around and complain about the nonlocal
socksport again, calling it a nonlocal transport or nonlocal dnsport,
if it had any of those.

Fixes bug 7836; bugfix on 0.2.3.3-alpha.
2013-01-02 10:37:03 -05:00
Sebastian Hahn
11e8a445c3 Fix a couple of harmless clang3.2 warnings 2012-12-31 18:23:28 +01:00
Nick Mathewson
5e22cfe2b4 Fix a crash bug when running an node without IPv6-exit support.
Fixes bug 7814; bugfix on 0.2.4.7-alpha.
2012-12-29 01:22:34 -05:00
Nick Mathewson
f272ee6a20 Fix an impossible-in-normal-operation leaks in dirvote
Spotted by coverity; partial fix for 7816; bugfix on 0.2.0.5-alpha.
2012-12-28 23:04:44 -05:00
Nick Mathewson
ee1d8dc480 Fix a leak-on-error case in 0.2.4 spotted by coverity
This one hits if the snprintf() fails when we're writing our IPv6
exit policy. It's new in 0.2.4.7-alpha. Part of bug 7816.
2012-12-28 22:59:32 -05:00
Nick Mathewson
d3aabf4db1 Fix various small leaks on error cases
Spotted by coverity, bug 7816, bugfix on various versions.
2012-12-28 22:49:32 -05:00
Nick Mathewson
b509ead20d Avoid leaking headers received from SSL proxy
Fixes part of 7816. Spotted by coverity. Fix on 0.2.2.1-alpha.
2012-12-28 22:45:53 -05:00
Nick Mathewson
4b571d3ab3 Fix memory leak in safe-cookie authentication code
Coverity spotted this. Bug 7816. Fix on 0.2.3.13-alpha.
2012-12-28 22:38:42 -05:00
Nick Mathewson
a7334f5122 Use log_fn_ratelim in a few places. 2012-12-26 11:07:15 -05:00
Nick Mathewson
127cb39ffc Rate-limit "No circuits are opened" message to once-per-hour
mr-4 reports on #7799 that he was seeing it several times per second,
which suggests that things had gone very wrong.

This isn't a real fix, but it should make Tor usable till we can
figure out the real issue.
2012-12-26 10:05:45 -05:00
Nick Mathewson
2e9be92cd7 Fix a possibly-unused-var warning. Thank you, GCC. 2012-12-25 23:37:41 -05:00
Nick Mathewson
01a09e8f86 Fix compilation warning: must not format u64 as long. 2012-12-25 23:34:38 -05:00
Nick Mathewson
8324824d8f Fix whitespace 2012-12-25 23:34:16 -05:00
Nick Mathewson
885e8d35c7 Merge remote-tracking branch 'mikeperry/209-path-bias-changes' 2012-12-25 23:30:28 -05:00
Nick Mathewson
0f9dfef9d6 Add configuration options for directory guards
In addition to all the other ways to make directory gurads not go,
you can now set UseEntryGuardsAsDirGuards to 0.
2012-12-25 23:14:43 -05:00
Nick Mathewson
0c4210fb65 Directory guard implementation.
Implements proposal 207; ticket 6526.
2012-12-25 23:14:43 -05:00
Nick Mathewson
1df7289000 Remember which of our guards are directory caches 2012-12-25 23:10:41 -05:00
Nick Mathewson
a7c6b4ab91 Split choosing a regular directory into its own fn 2012-12-25 23:10:41 -05:00
Nick Mathewson
25afecdbf9 Make ECDHE group configurable: 224 for public, 256 for bridges (default) 2012-12-25 20:22:46 -05:00
Nick Mathewson
175b2678d7 Let servers choose better ciphersuites when clients support them
This implements the server-side of proposal 198 by detecting when
clients lack the magic list of ciphersuites that indicates that
they're lying faking some ciphers they don't really have.  When
clients lack this list, we can choose any cipher that we'd actually
like.  The newly allowed ciphersuites are, currently, "All ECDHE-RSA
ciphers that openssl supports, except for ECDHE-RSA-RC4".

The code to detect the cipher list relies on on (ab)use of
SSL_set_session_secret_cb.
2012-12-25 20:14:07 -05:00
Nick Mathewson
8b5787ec0d When there are no dir_server_ts to choose, don't crash
It's important not to call choose_array_element_by_weight and then
pass its return value unchecked to smartlist_get : it is allowed to
return -1.

Fixes bug 7756; bugfix on 4e3d07a6 (not in any released Tor)
2012-12-18 21:32:53 -05:00
Mike Perry
406d59a9c9 Nick's Code review #3 part 2. 2012-12-18 14:16:01 -08:00
Mike Perry
b0fc18c37e Changes from Nick's code review 'part 1'
I think this is actually his third code review of this branch so far.
2012-12-18 13:26:36 -08:00
Nick Mathewson
7a99d26c79 Add packaged cell fullness to the heartbeat message.
This is an attempt to diagnose the severity of bug 7743.
2012-12-18 15:16:35 -05:00
Nick Mathewson
9b9cc6774f Merge branch 'ticket7570_7571'
Conflicts:
	src/or/routerlist.c
2012-12-17 15:49:09 -05:00
Nick Mathewson
4a07ea4a8c Drop the maximum attempts to get a virtual address to 1000.
This is good enough to give P_success >= 999,999,999/1,000,000,000 so
long as the address space is less than 97.95 full.  It'd be ridiculous
for that to happen for IPv6, and usome reasonable assumptions, it
would also be pretty silly for IPv4.
2012-12-17 14:51:31 -05:00
Nick Mathewson
4ded40b0ca Add missing doxygen for DNS and automap code 2012-12-17 14:51:31 -05:00
Nick Mathewson
8d080d0b01 Per-listener option to prefer IPv6 automaps when possible. 2012-12-17 14:51:30 -05:00
Nick Mathewson
de4cc126cb Build and test most of the machinery needed for IPv6 virtualaddrmaps
With an IPv6 virtual address map, we can basically hand out a new
IPv6 address for _every_ address we connect to.  That'll be cool, and
will let us maybe get around prop205 issues.

This uses some fancy logic to try to make the code paths in the ipv4
and the ipv6 case as close as possible, and moves to randomly
generated addresses so we don't need to maintain those stupid counters
that will collide if Tor restarts but apps don't.

Also has some XXXX items to fix to make this useful. More design
needed.
2012-12-17 14:51:29 -05:00
Nick Mathewson
963b3d1549 Refactor the code to check if an address is matched by automapsuffixes 2012-12-17 14:50:55 -05:00
Nick Mathewson
88d7312ff2 Fix another uninitialized var warning from GCC 2012-12-17 14:50:05 -05:00
Nick Mathewson
8969d9e0b6 Fixed an unused-variable warning 2012-12-17 14:50:05 -05:00
Nick Mathewson
8eb422e7bd Don't use the cache when changing an IP address because of an exit policy 2012-12-17 14:50:05 -05:00
Nick Mathewson
ac990aa44a Turn off by-default use of client-side DNS cacheing. 2012-12-17 14:50:04 -05:00
Nick Mathewson
7315a67646 Refactor port_cfg_t creation into a port_cfg_new() function
This function gives us a single place to set reasonable default flags
for port_cfg_t entries, to avoid bugs like the one where we weren't
setting ipv4_traffic_ok to 1 on SocksPorts initialized in an older
way.
2012-12-17 14:50:03 -05:00
Nick Mathewson
7536c40e96 Implement option to turn off DNS cache modification by a client port
(This is part 3 of making DNS cache use enabled/disabled on a
per-client port basis.  This implements the UseCacheIPv[46]DNS options)
2012-12-17 14:48:09 -05:00
Nick Mathewson
f33487668f Implement option to turn off DNS cache use on a client port
(This is part 2 of making DNS cache use enabled/disabled on a
per-client port basis.  This implements the CacheIPv[46]DNS options,
but not the UseCachedIPv[46] ones.)
2012-12-17 14:48:09 -05:00
Nick Mathewson
32219d8313 Oops: make the check for not adding ip->ip DNS maps correct 2012-12-17 14:48:09 -05:00
Nick Mathewson
d3e9e03cac Add options to turn DNS cache use on or off per client port.
(This is part 1 of making DNS cache use enabled/disabled on a
per-client port basis.  These options are shuffled around correctly,
but don't do anything yet.)
2012-12-17 14:48:08 -05:00
Nick Mathewson
44a9a47706 Oops; make DNSPort configuration take address family options 2012-12-17 14:48:08 -05:00
Nick Mathewson
3874e74b49 Avoid a 'may be used uninitialized' warning
Fixes bug 7746; bug not in any released version of Tor.
2012-12-17 11:14:12 -05:00
Nick Mathewson
b1ff8daeb5 Nuke uses of memcmp outside of unit tests
We want to be saying fast_mem{cmp,eq,neq} when we're doing a
comparison that's allowed to exit early, or tor_mem{cmp,eq,neq} when
we need a data-invariant timing.  Direct use of memcmp tends to imply
that we haven't thought about the issue.
2012-12-13 17:34:05 -05:00
Nick Mathewson
6a468a1722 Fix two wide lines in config.c 2012-12-13 12:44:17 -05:00
Nick Mathewson
01ac961ca1 Merge branch 'fallback_dirsource_v3' 2012-12-13 12:42:29 -05:00
Mike Perry
ccaeef22e1 Tags on relay cells can result in certain reason codes.
Close the circuit (it's probably junk anyways), and make sure we don't probe
it/count it as a success.
2012-12-11 17:49:12 -08:00
Mike Perry
af9011f824 Woops, this log message triggers with the 2-hop bias commit. 2012-12-11 17:19:39 -08:00
Mike Perry
c1bc6a1124 Add a missing comment. 2012-12-10 00:36:10 -08:00
Mike Perry
d409c8a90d More log message and space fixups. 2012-12-10 00:28:07 -08:00
Mike Perry
aa16d59ee7 Clean up some XXX comments. 2012-12-09 23:50:05 -08:00
Mike Perry
4590993ff3 Space fixes. 2012-12-09 23:47:04 -08:00
Mike Perry
b75880d7b3 Fix a rather serious use-count state bug.
We need to use the success count or the use count depending on the consensus
parameter.
2012-12-09 20:56:48 -08:00
Mike Perry
2dbb62f1b5 Convert to doubles for all pathbias state.
Let's hope this solves the rounding error issue..
2012-12-09 20:53:22 -08:00
Mike Perry
ab1fce5c19 Also shorten circuit_successes to circ_successes.
For consistency and great justice.

Ok, mostly consistency.
2012-12-09 20:24:50 -08:00
Mike Perry
a90f165b83 Rename first_hop to circ_attempt.
Since we've generalized what we can count from (first or second hop), we
should generalize the variable and constant naming too.
2012-12-09 20:24:22 -08:00
Mike Perry
04866055e8 Change from first hop accounting to 2nd hop accounting
This has several advantages, including more resilience to ambient failure.

I still need to rename all the first_hop vars tho.. Saving that for a separate
commit.
2012-12-09 20:02:41 -08:00
Mike Perry
fbbf894d4d Add intro+rend cannibalize param.. 2012-12-09 20:02:08 -08:00
Mike Perry
930fbb2fec Flag cannibalized circs as used (non-ideal).
Also add some comments.
2012-12-09 19:18:04 -08:00
Mike Perry
686fc22259 Allow any valid 'end' cell to mean a circuit was used successfully.
Also improve some log messages.
2012-12-08 16:37:22 -08:00
Mike Perry
b599a6ed07 Sadly, we can't safely count client intro circ success 2012-12-08 14:16:29 -08:00
Mike Perry
5f733ccd73 Fix some hidden service edge cases. 2012-12-08 12:07:58 -08:00
Mike Perry
26fa47226c Refactor path use bias code into own function.
Also, improve and log some failure cases.
2012-12-07 17:47:23 -08:00
Mike Perry
c3b71a3fc9 Actually, both nacks and acks indicate a valid path 2012-12-07 15:50:31 -08:00
Mike Perry
dc86d7c35b Note more potential issues. 2012-12-07 15:28:38 -08:00
Mike Perry
ecaeb505fa Note a strange case for SOCKS streams. 2012-12-07 15:28:38 -08:00
Mike Perry
7a28862d56 Fix another crash bug. 2012-12-07 15:28:38 -08:00
Mike Perry
721f7e3751 Fix a crash bug and pass down a remote reason code.
Unexpected channel closures count as remote circ failures.
2012-12-07 15:28:38 -08:00
Mike Perry
9b40466072 Document that care needs to be taken with any_streams_attached. 2012-12-07 15:28:38 -08:00
Mike Perry
c3028edba6 Remove n_chan codepaths for determinining guard.
Cpath is apparently good enough.
2012-12-07 15:28:38 -08:00
Mike Perry
a630726884 Move a pathbias function that depends on entryguard_t. 2012-12-07 15:28:38 -08:00
Mike Perry
7f8cbe389d Fix a crash due to NULL circ->n_chan.
Is this redundant? Can we always rely on circ->cpath->extend_info
being present for origin circuits?
2012-12-07 15:28:38 -08:00
Mike Perry
428fbfc1d5 Prop209: Rend circuits weren't ever marked dirty. 2012-12-07 15:28:38 -08:00
Mike Perry
aa0e6e2c03 Prop 209: Add in hidserv path bias counts for usage. 2012-12-07 15:28:38 -08:00
Mike Perry
412ae099cb Prop 209: Add path bias counts for timeouts and other mechanisms.
Turns out there's more than one way to block a tagged circuit.

This seems to successfully handle all of the normal exit circuits. Hidden
services need additional tweaks, still.
2012-12-07 15:28:38 -08:00
Mike Perry
da5c398d79 Be explicit about units for timeout. 2012-12-07 15:28:37 -08:00
Mike Perry
ef1b830ef8 Fix an assert crash and an incorrectly placed return. 2012-12-07 15:28:37 -08:00
Mike Perry
bb548134cd Update with code review changes from Nick. 2012-12-07 15:28:37 -08:00
Mike Perry
192996690c Fix spaces. 2012-12-07 15:28:37 -08:00
Mike Perry
a54873648f Refactor pathbias functions to use pathbias_should_count. 2012-12-07 15:28:37 -08:00
Mike Perry
ab9c83c949 Update Path Bias log messages to match Proposal 209. 2012-12-07 15:28:37 -08:00
Mike Perry
9bf5582e73 Add log message checks for different rates.
May want to squash this forward or back..
2012-12-07 15:28:37 -08:00
Mike Perry
248fbc3619 Update pathbias parameters to match Proposal 209.
Needs manpage update and testing still..
2012-12-07 15:28:37 -08:00
Mike Perry
954f263ed5 Add the ability to count circuit timeouts for guards.
This is purely for informational reasons for debugging.
2012-12-07 15:28:36 -08:00
Nick Mathewson
c8056dcbbb Fix some wide lines 2012-12-07 14:14:20 -05:00
Nick Mathewson
3fa9151f26 Merge branch 'win64-7260'
Conflicts:
	src/or/dns.c
2012-12-07 14:12:17 -05:00
Nick Mathewson
cd4f56a37c Fix infinite loop in circuit_expire_bulding
Fixes bug 7663; bug introduced in 42e3c04a7a.  Not in any
released version of Tor.
2012-12-07 14:08:07 -05:00
Nick Mathewson
025dc19b63 Merge remote-tracking branch 'public/bug6887' 2012-12-07 11:02:27 -05:00
Mike Perry
42e3c04a7a Bug 3443: Don't count ORconn setup in circuit build time.
Also, add a hack Roger suggested where we're more patient if no circuits are
opened yet.
2012-12-07 10:34:09 -05:00
Nick Mathewson
f742b33d85 Drop FallbackNetworkstatusFile; it never worked. 2012-12-06 11:28:49 -05:00
Nick Mathewson
a8d491a8fd Add an option to weight down authorities when choosing a fallback 2012-12-06 11:28:49 -05:00
Nick Mathewson
06cd62266f Add a way to configure selection weights for dir_server_t 2012-12-06 11:28:49 -05:00
Nick Mathewson
4e3d07a68a When choosing among dirserver_ts, consider their weights 2012-12-06 11:28:49 -05:00
Nick Mathewson
90f6071d8d New FallbackDir option to add extra directories for bootstraping
This replaces the old FallbackConsensus notion, and should provide a
way -- assuming we pick reasonable nodes! -- to give clients
suggestions of placs to go to get their first consensus.
2012-12-06 11:28:49 -05:00
Nick Mathewson
46a62e3256 Refactor add_trusted_dir_server
Now creating a dir_server_t and adding it are separate functions, and
there are frontend functions for adding a trusted dirserver and a
fallback dirserver.
2012-12-06 11:28:48 -05:00
Nick Mathewson
705ee3b5d4 Rename trusted_dir_server_t to dir_server_t. Automatic renaming. 2012-12-06 11:27:20 -05:00
Nick Mathewson
ded70363a7 Rename DirServer to DirAuthority 2012-12-06 11:23:43 -05:00
Nick Mathewson
5c51b3f1f0 Start refactoring trusted_dir_servers into trusted and fallback lists
We use trusted_dir_server_t for two pieces of functionality: a list of
all directory authorities, and a list of initial places to look for
a directory.  With this patch we start to separate those two roles.

There is as of now no actual way to be a fallback directory without being
an authority.
2012-12-06 11:23:43 -05:00
Nick Mathewson
404e3dd481 Correct moribund logic about caching v2 networkstatuses 2012-12-06 11:15:01 -05:00
Nick Mathewson
194cc24792 Make output of router_get_trusted_dir_servers const 2012-12-06 11:15:01 -05:00
Nick Mathewson
6921d1fd25 Implement HKDF from RFC5869
This is a customizable extract-and-expand HMAC-KDF for deriving keys.
It derives from RFC5869, which derives its rationale from Krawczyk,
H., "Cryptographic Extraction and Key Derivation: The HKDF Scheme",
Proceedings of CRYPTO 2010, 2010, <http://eprint.iacr.org/2010/264>.

I'm also renaming the existing KDF, now that Tor has two of them.

This is the key derivation scheme specified in ntor.

There are also unit tests.
2012-12-06 01:54:09 -05:00
Nick Mathewson
bd93ff8dd7 Merge remote-tracking branch 'asn/bug7592_take2' 2012-12-04 21:47:45 -05:00
George Kadianakis
c01dfd5d7b Return connection_exit_connect() if payload creation failed.
Fixes bug #7592; bugfix on 882b389668.

The bug is not present in any released versions of Tor.
2012-12-05 04:32:11 +02:00
Roger Dingledine
e899d49e2f fix some typos 2012-12-03 13:33:43 -05:00
Nick Mathewson
190c1d4981 Merge branch 'bug7013_take2_squashed' 2012-11-27 22:18:16 -05:00
George Kadianakis
6f21d2e496 Introduce tor_addr_port_parse() and use it to parse ServerTransportListenAddr. 2012-11-27 22:18:08 -05:00
George Kadianakis
f88c303869 Add a torrc option to specify the bind address of managed proxies. 2012-11-27 22:18:08 -05:00
Nick Mathewson
267c0e5aa1 Make sure that the error in ADDRMAP events is well-formed
"error=Unable to launch resolve request" is not a nice thing to tell
the controller.  Bugfix on 0.2.0.19-alpha (c11c48fc).
2012-11-23 11:36:44 -05:00
Nick Mathewson
06703f84df Minor documentation fix 2012-11-23 10:51:11 -05:00
Nick Mathewson
864e15cd1c In comments and logs, say "UTC" not "GMT"
Fix for #6113.

Note that the RFC1123 times we generate still all say 'GMT'.  I'm
going to suggest this is not worth changing.
2012-11-23 10:05:16 -05:00
Nick Mathewson
ea893a3c30 Merge branch 'bug7493_redux' 2012-11-18 18:46:57 -05:00
Nick Mathewson
bfe8d829c2 Initialize ipv{4,6}_traffic_ok in entry_connection_new
This one is necessary for sending BEGIN cells with sane flags when
self-testing a directory port.  All real entry connections were
getting their ipv{4,6}_traffic_ok flags set from their listeners, and
for begindir entry connections we didn't care, but for directory
self-testing, we had a problem.

Fixes at least one more case of 7493; if there are more lingering
cases of 7493, this might fix them too.

Bug not in any released version of Tor.
2012-11-18 17:15:41 -05:00
Roger Dingledine
06d367ea36 when counting available descs, say whether we're counting exits 2012-11-16 11:38:56 -05:00
Nick Mathewson
ecb619d96b Give useful warning when both IPv4 and IPv6 are disabled on a socksport 2012-11-15 22:58:54 -05:00
Nick Mathewson
28cbe90839 Allow IPv4 traffic on default and old-style-config SocksPorts.
Looks like when i was writing the code to set the ipv4_traffic flag on
port_cfg_t, I missed some cases, such as the one where the port was
set from its default value.

Fix for 7493. Bug not in any released Tor.
2012-11-15 22:49:43 -05:00
Nick Mathewson
1e46952f36 Set IPv4/IPv6 flags correctly when being a SOCKS client 2012-11-15 13:00:19 -05:00
Nick Mathewson
a4fce0fee8 Remove some XXXX commens in dns.c
Previously, I was freaking out about passing an unspec address to
dns_found_answer() on an error, since I was using the address type to
determine whether the error was an error on an ipv4 address lookup or
on an ipv6 address lookup.  But now dns_found_answer() has a separate
orig_query_type argument to tell what kind of query it is, so there's
no need to freak out.
2012-11-15 12:17:36 -05:00
Nick Mathewson
12f997528d Fix up some comments in connection_edge.c 2012-11-15 12:17:30 -05:00
Nick Mathewson
e3ceac38d9 Add another missing function doc 2012-11-14 23:16:58 -05:00
Nick Mathewson
d643487cc2 Initial support for AAAA requests on DNSPort.
This is imperfect, since it sends back whatever we would send to
a socks RESOLVE request, when in reality we should send back whatever
was asked for.
2012-11-14 23:16:58 -05:00
Nick Mathewson
053f2cb7c8 Let tor-resolve generate PTR requests for IPv6 addresses 2012-11-14 23:16:57 -05:00
Nick Mathewson
50af1087c4 Accept reverse resolve requests for IPv6 addresses 2012-11-14 23:16:57 -05:00
Nick Mathewson
0f899518cf Make DNS resolve requests work for IPv6
* If there's an IPv4 and an IPv6 address, return both in the resolved
  cell.
* Treat all resolve requests as permitting IPv6, since by the spec they're
  allowed to, and by the code that won't break anything.
2012-11-14 23:16:57 -05:00
Nick Mathewson
bb2145b45b Fix a bug in policy_is_reject_star() that was making IPv4 exits break
IPv4-only exits have an implicit "reject [::]/0", which was making
policy_is_reject_star() return 1 for them, making us refuse to do
hostname lookups.

This fix chanes policy_is_reject_star() to ask about which family we meant.
2012-11-14 23:16:57 -05:00
Nick Mathewson
85e8d35fca Add some missing doxygen for ipv6 exit code 2012-11-14 23:16:57 -05:00
Nick Mathewson
882b389668 Actually send back correctly-formed IPv6 CONNECTED cells
We had some old code to send back connected cells for IPv6 addresses,
but it was wrong.  Fortunately, it was also unreachable.
2012-11-14 23:16:41 -05:00
Nick Mathewson
6b36142bcc Remove some unused defines in dns.c 2012-11-14 23:16:40 -05:00
Nick Mathewson
7197c9f14a Repair DNS NEXIST hijacking workaround
The code previously detected wildcarding and replaced wildcarded
answers with DNS_STATUS_FAILED_PERMANENT.  But that status variable
was no longer used!  Remove the status variable, and instead change
the value of 'result' in evdns_callback.

Thank goodness for compiler warnings. In this case,
unused-but-set-variable.

Thanks to Linus for finding this one.
2012-11-14 23:16:40 -05:00
Nick Mathewson
363cf02455 Implement a PreferIPv6 flag for SocksPorts 2012-11-14 23:16:40 -05:00
Nick Mathewson
c4830bfbe2 Define a wrapper for evdns_base_resolve_ipv6 for systems w/o libevent 2 2012-11-14 23:16:40 -05:00
Nick Mathewson
35ce42118f Make address_is_invalid_destination recognize ipv6 addrs as valid. 2012-11-14 23:16:40 -05:00
Nick Mathewson
1cc7736575 Actually generate microdescriptors with p6 lines. 2012-11-14 23:16:40 -05:00
Nick Mathewson
54ee7ff148 Remove a since-fixed XXX; improve a doxygen comment 2012-11-14 23:16:40 -05:00
Nick Mathewson
004f3f4e53 Actually advertise IPv6 exit policies.
I have a theory that my tests will work better if the code I'm testing
isn't disabled.
2012-11-14 23:16:40 -05:00
Nick Mathewson
2889bd2642 Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result.  As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit.  Once
we have answers or errors for both, we act accordingly.

This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.

Additionally, have a new interface for the argument passed to the
evdns_callback function.  Previously, it was just the original address
we were resolving.  But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.

The new convention is to have the first byte of that argument include
the query type.  I've refactored the code a bit to make that simpler.
2012-11-14 23:16:25 -05:00
Nick Mathewson
a58e17bcc3 Change signature of router_compare_to_my_exit_policy so dns can use it
Also, fix the function so it actually looks at our ipv6 exit policy.
2012-11-14 23:16:25 -05:00
Nick Mathewson
25cf286fb1 Whitespace cleanup 2012-11-14 23:16:24 -05:00
Nick Mathewson
0487c0d579 Reindent a block in dns.c 2012-11-14 23:16:24 -05:00
Nick Mathewson
807b781a3d Actually send BEGIN cell flags
This uses advertised IPv6 ports as an implicit version check.
2012-11-14 23:16:24 -05:00
Nick Mathewson
93591383a9 When asking for a specific address type, others aren't acceptable 2012-11-14 23:16:24 -05:00
Nick Mathewson
d276894772 I think it is correct to decorate these addresses. 2012-11-14 23:16:24 -05:00
Nick Mathewson
6e27282dab Better checking of exit policies for connections by hostname 2012-11-14 23:16:24 -05:00
Nick Mathewson
5ee1de65b0 Only send begin cell flags when we have some to send 2012-11-14 23:16:24 -05:00
Nick Mathewson
a62c03fe2c Never support IPv6 traffic on a SOCKS4 connection. 2012-11-14 23:16:24 -05:00
Nick Mathewson
cac5335195 Get the client side of receiving an IPv6 address to work
This makes it so we can handle getting an IPv6 in the 3 different
formats we specified it for in RESOLVED cells,
END_STREAM_REASON_EXITPOLICY cells, and CONNECTED cells.

We don't cache IPv6 addresses yet, since proposal 205 isn't
implemented.

There's a refactored function for parsing connected cells; it has unit
tests.
2012-11-14 23:16:23 -05:00
Nick Mathewson
93dc7dcf41 Reject IPv4 or IPv6 addresses from the user depending on SOCKS settings 2012-11-14 23:16:23 -05:00
Nick Mathewson
111321ed16 Rename ipv{4,6}_only to bind_ipv{4,6}_only
This is to avoid confusion with the ipv{4,6}_traffic flags.
2012-11-14 23:16:23 -05:00
Nick Mathewson
4bec25c3cd Add {No,}IPv{4,6}Traffic options to SOCKSPort
These options are for telling the SOCKSPort that it should allow or
not allow connections to IPv4/IPv6 addresses.

These aren't implemented yet; this is just the code to read the
options and get them into the entrey_connection_t.
2012-11-14 23:16:23 -05:00
Nick Mathewson
b7843ca554 Make DNS callback pass IPv6 answers to dns_answer_found
Also, count ipv6 timeouts vs others.  If we have too many ipv6
requests time out, then we could be degrading performance because of a
broken DNS server that ignores AAAA requests.  Other cases in which
we never learn an AAAA address aren't so bad, since they don't slow
A (ipv4) answers down very much.
2012-11-14 23:16:23 -05:00
Nick Mathewson
00633b9446 Make dns wildcarding checks work for ipv6 2012-11-14 23:16:22 -05:00
Nick Mathewson
9016d9e829 Add an IPv6Exit configuration option
Don't advertise an IPv6 exit policy, or accept IPv6 exit requests,
if IPv6Exit is not true.
2012-11-14 23:16:22 -05:00
Nick Mathewson
c3faa0ebd5 Simplest version of server-side IPv6 support (no dns)
This is a relatively simple set of changes: we mostly need to
remove a few "but not for IPv6" changes.  We also needed to tweak
the handling of DNS code to generate RESOLVED cells that could get
an IPv6 answer in return.
2012-11-14 23:16:22 -05:00
Nick Mathewson
c64ee7099f Record, send, and receive flags in BEGIN cells 2012-11-14 23:16:22 -05:00
Nick Mathewson
b35a0d1132 Add IPv6 support to compare_to_addr_to_node_policy 2012-11-14 23:16:22 -05:00
Nick Mathewson
04ea550141 Authorities put p6 lines into microdescriptors. 2012-11-14 23:16:22 -05:00
Nick Mathewson
c53adac122 Parse IPv6 policy summaries from router descriptors and microdescs 2012-11-14 23:16:22 -05:00
Nick Mathewson
a96c0affcb Better policy support for IPv6
Now, "accept *:80" means "accept all addresses on port 80", and not
just IPv4.  For just v4, say "accept *4:80"; for just v6 say "accept
*6:80".

We can parse these policies from torrc just fine, and we should be
successfully keeping them out of descriptors for now.

We also now include appropriate IPv6 addresses in "reject private:*"
2012-11-14 23:16:21 -05:00
Nick Mathewson
2eb7eafc9d Add a new family-specific syntax for tor_addr_parse_mask_ports
By default, "*" means "All IPv4 addresses" with
tor_addr_parse_mask_ports, so I won't break anything.  But if the new
EXTENDED_STAR flag is provided, then * means "any address", *4 means
"any IPv4 address" (that is, 0.0.0.0/0), and "*6" means "any IPv6
address" (that is, [::]/0).

This is going to let us have a syntax for specifying exit policies in
torrc that won't drive people mad.

Also, add a bunch of unit tests for tor_addr_parse_mask_ports to test
these new features, and to increase coverage.
2012-11-14 23:16:21 -05:00
Nick Mathewson
462ebb270a Refactor begin cell parsing into its own function, with tests.
Add 'flags' argument to begin cells, per proposal 208.
2012-11-14 23:16:21 -05:00
Nick Mathewson
ca8843df0a Refactor client_dns_set_{reverse_,}addressmap() to take a circ
We'd like these functions to be circuit-relative so that we can
implement a per-circuit DNS cache and per-circuit DNS cache rules for
proposal 205 or its successors.  I'm doing this now, as a part of the
IPv6 exits code, since there are about to be a few more instances
of code using this.
2012-11-14 23:16:21 -05:00
Nick Mathewson
7908ab2093 Move address map into its own file. 2012-11-14 23:16:20 -05:00
Andrea Shepard
2cb82c33bc Merge branch 'bug7267' of ssh://git-rw.torproject.org/user/andrea/tor 2012-11-13 18:54:24 -08:00
Andrea Shepard
3db3daa663 Add comment explaining different channel close functions 2012-11-13 18:50:37 -08:00
Nick Mathewson
02a43e5eb6 Merge remote-tracking branch 'public/bug7059' 2012-11-13 21:50:07 -05:00
Andrea Shepard
7ab3004223 Call channel_mark_for_close() properly in hibernate_go_dormant() 2012-11-13 13:45:00 -08:00
Roger Dingledine
a90affa84b Merge branch 'maint-0.2.3' 2012-11-12 23:49:37 -05:00
Roger Dingledine
88bb48e785 use a more logical operator
Fix a harmless bug when opting against publishing a relay descriptor
because DisableNetwork is set.

Fixes bug 7464; bugfix on 0.2.3.9-alpha.
2012-11-12 23:47:21 -05:00
Nick Mathewson
f473d83dea Possible fix for bug 7212
This is the simplest possible workaround: make it safe to call
circuit_cell_queue_clear() on a non-attached circuit, and make it
safe-but-a-LD_BUG-warning to call update_circuit_on_cmux() on a
non-attached circuit.

 LocalWords:  unstage src Untracked
2012-11-12 08:28:09 -05:00
Andrea Shepard
0523c8de7d Merge branch 'check_for_orconn_on_close_squashed' of ssh://git-rw.torproject.org/user/andrea/tor 2012-11-10 03:24:41 -08:00
Andrea Shepard
99e82cab30 Make everything in connection.c that uses connection_or_notify_error() also use connection_mark_and_close_internal() to avoid spurious warnings 2012-11-10 02:35:47 -08:00
Andrea Shepard
8124398835 Check for orconns in connection_mark_for_close and connection_mark_and_flush, and pass the call through channel_close_for_error with a warning to avoid asserts 2012-11-10 02:35:47 -08:00
Nick Mathewson
713736a6a7 Fix a memory leak in handling errors on CERTS cells. bug 7422 2012-11-08 23:01:39 -05:00
Nick Mathewson
e1c7d12b1d Turn some memset()s introduced in tor 0.2.4 into memwipe()s 2012-11-08 17:00:36 -05:00
Nick Mathewson
81deddb08c Merge remote-tracking branch 'origin/maint-0.2.3'
Conflicts:
	src/common/crypto.c
	src/or/rendservice.c
2012-11-08 16:48:04 -05:00
Nick Mathewson
49dd5ef3a3 Add and use and unlikely-to-be-eliminated memwipe()
Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope.  I've gone with the safest
possible replacement, which might be a bit slow.  I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.

Fixes bug 7352.
2012-11-08 16:44:50 -05:00
Andrea Shepard
9f3f5372b8 Merge branch 'bug7350' of ssh://git-rw.torproject.org/user/andrea/tor 2012-11-07 11:43:04 -08:00
Nick Mathewson
8e8c0674c4 Implement proposal-214 rules for CircID checking. 2012-11-06 21:33:53 -05:00
Nick Mathewson
1c0e87f6d8 Add a pointless 2-byte memset in cell_pack
There is probably no code that can write the 2 bytes at the end of the
packed_cell_t when the cell is only a 512-byte cell, but let's not get
overconfident there.
2012-11-06 21:24:05 -05:00
Nick Mathewson
bfffc1f0fc Allow a v4 link protocol for 4-byte circuit IDs.
Implements proposal 214.

Needs testing.
2012-11-06 21:23:46 -05:00
Andrea Shepard
80eb03ae0a Don't call channel_send_destroy() when closing a circuit on a closing channel 2012-11-06 17:58:59 -08:00
Andrea Shepard
688cea7248 Check for closing channel in channel_send_destroy() 2012-11-06 17:52:14 -08:00
Nick Mathewson
cd054ceada Merge branch 'bug7285' 2012-11-06 18:02:03 -05:00
George Kadianakis
a9f786758d Add warning message when a managed proxy dies during configuration. 2012-11-06 17:53:09 -05:00
Nick Mathewson
11c467f643 Fix a stupid logic-error in warnings about low ports.
Instead of warning about low ports that are advertised, we should have
been warning about low ports that we're listening on.  Bug 7285, fix
on 0.2.3.9-alpha.
2012-11-06 17:15:39 -05:00
Nick Mathewson
0e8be13b9f Allow an optional $ in GETINFO ns/id/<identity>
That's not where I'd want to put a $, but apparently the other
foo/id/<identity> things allow it, as does an arguably valid
interpretation of control-spec.txt.  So let's be consistent.

Fix for a piece of bug 7059.
2012-11-04 22:12:11 -05:00
Nick Mathewson
39a0a2c3ae Merge remote-tracking branch 'asn/bug7292' 2012-11-04 21:54:19 -05:00
Nick Mathewson
2b781613b0 Whitespace fixes 2012-11-04 21:52:28 -05:00
Nick Mathewson
98204729aa Clean up nonsensical calling convention for config_load_geoip_file_
(How many "load a file" functions do you typically see where the
function frees the filename argument?)
2012-11-04 21:51:02 -05:00
Nick Mathewson
626a8b60d7 Merge remote-tracking branch 'linus/bug5053-bug5055'
Conflicts:
	src/or/geoip.c
2012-11-04 21:44:31 -05:00
George Kadianakis
37f8a2263e Use LOG_WARN instead of LOG_PROTOCOL_WARN when parsing transport lines. 2012-11-02 23:48:53 +02:00
Nick Mathewson
1bfda600c3 Add a TOR_SOCKET_T_FORMAT construction for logging sockets.
We need this since win64 has a 64-bit SOCKET type.

Based on a patch from yayooo for 7260, forward-ported to 0.2.4.
2012-11-02 14:22:21 -04:00
Nick Mathewson
05194cce62 Avoid c99 designated initializers in circuitmux_ewma.c
We still want to build on compilers w/o c99 support, such as
(notoriously, shamefully) MSVC.

So I'm commenting out the designated initializers in
circuitmux_ewma.c.  The alternative would have been to use some kind
of macros to use designated initializers only when they're
supported, but that's error-prone, and can lead to code having
different meanings under different compilers.

Bug 7286; fix on 0.2.4.4-alpha; spotted by Gisle Vanem.
2012-11-02 13:14:39 -04:00
Linus Nordberg
ffddd4de2a Change some comments to reflect the multitude of GeoIP databases. 2012-10-31 16:38:07 +01:00
Nick Mathewson
9327a9f607 Fix whitespace 2012-10-31 11:27:13 -04:00
Linus Nordberg
e7e68b80a7 Don't memcmp struct in6_addr but rather its s6_addr member. 2012-10-31 15:52:56 +01:00
Linus Nordberg
6a241ff3ff Duplicate less code. 2012-10-31 13:58:55 +01:00
Andrea Shepard
be37125030 Merge branch 'bsd_queue' of ssh://git-rw.torproject.org/nickm/tor 2012-10-30 14:39:14 -07:00
Nick Mathewson
c442d85439 Fix a remotely triggerable assertion failure (CVE-2012-2250)
If we completed the handshake for the v2 link protocol but wound up
negotiating the wong protocol version, we'd become so confused about
what part of the handshake we were in that we'd promptly die with an
assertion.

This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha.
All servers running that version or later should really upgrade.

Bug and fix from "some guy from France."  I tweaked his code slightly
to make it log the IP of the offending node, and to forward-port it to
0.2.4.
2012-10-23 23:09:21 -04:00
Nick Mathewson
758428dd32 Fix a remotely triggerable assertion failure (CVE-2012-2250)
If we completed the handshake for the v2 link protocol but wound up
negotiating the wong protocol version, we'd become so confused about
what part of the handshake we were in that we'd promptly die with an
assertion.

This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha.
All servers running that version or later should really upgrade.

Bug and fix from "some guy from France."  I tweaked his code slightly
to make it log the IP of the offending node.
2012-10-23 22:58:38 -04:00
Roger Dingledine
4c06a804d9 Merge branch 'maint-0.2.3' 2012-10-23 17:26:07 -04:00
Roger Dingledine
2ecee3fce2 Let 0.2.3 clients exit to internal addresses if they want
Clients now consider the ClientRejectInternalAddresses config option
when using a microdescriptor consensus stanza to decide whether
an exit relay would allow exiting to an internal address. Fixes
bug 7190; bugfix on 0.2.3.1-alpha.
2012-10-23 17:18:01 -04:00
Roger Dingledine
e17fd57782 fix typo 2012-10-23 17:15:28 -04:00
Nick Mathewson
98c24670e7 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-23 16:28:34 -04:00
Nick Mathewson
85659d3964 Fix parse_short_policy (bug 7192.)
Our implementation of parse_short_policy was screwed up: it would
ignore the last character of every short policy.  Obviously, that's
broken.

This patch fixes the busted behavior, and adds a bunch of unit tests
to make sure the rest of that function is okay.

Fixes bug 7192; fix on 0.2.3.1-alpha.
2012-10-23 13:49:48 -04:00
Roger Dingledine
4c8b58f900 add a unit test to expose bug 7192 2012-10-22 17:09:43 -04:00
Nick Mathewson
848333c6d6 Fix more madness from the split_circuitbuild merge 2012-10-22 14:36:30 -04:00
Nick Mathewson
fa6a65756f Kill extraneous x from 907db008ab
Looks like clang doesn't complain about this kind of thing.

Spotted by Andrea.  Bug not in any released version.
2012-10-22 14:29:15 -04:00
Nick Mathewson
86258df65d Merge branch 'split_circuitbuild'
Conflicts:
	src/or/circuitbuild.c

There was a huge-looking conflict in circuitbuild.c, but the only
change that had been made to circuitbuild.c since I forked off the
split_circuitbuild branch was 17442560c4.  So I took the
split_circuitbuild version of the conflicting part, and manually
re-applied the change from 17442560c44e8093f9a..
2012-10-22 11:35:32 -04:00
Linus Nordberg
8c9b427425 Name variables more consistently. 2012-10-22 12:36:34 +02:00
Linus Nordberg
9d71d97e9d Document two functions. 2012-10-22 12:24:29 +02:00
Linus Nordberg
172aac62ed Rename C reserved identifiers missed before. 2012-10-20 20:56:59 +02:00
Linus Nordberg
cb51807236 Add "IPVersions" to control command "status/clients-seen". 2012-10-20 20:56:59 +02:00
Linus Nordberg
af175fa7e4 Duplicate less code. 2012-10-20 20:56:59 +02:00
Linus Nordberg
817ff962f8 Separate IPv4 and IPv6 geoip file loading.
Also add IPv6 geoip file digest to extra info.

Also also, add support for IPv6 addresses in control command
"ip-to-country".
2012-10-20 20:56:59 +02:00
Nick Mathewson
e8f547c181 Merge branch 'block_renegotiate_024' 2012-10-19 14:32:42 -04:00
Nick Mathewson
1cc06bd35e Merge branch 'block_renegotiate_023' into maint-0.2.3 2012-10-19 14:30:31 -04:00
Nick Mathewson
0dac0d8ad6 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-19 03:06:15 -04:00
Robert Ransom
d3bfdd6108 Don't serve or accept v2 HS descs over a DirPort
(changes file tweaked by nickm)
2012-10-19 02:56:25 -04:00
Andrea Shepard
981f25a73a Factor out common parts of channel_tls_connect() and channel_tls_handle_incoming(); fixes get_remote_addr problem with incoming connections for bug 7112 2012-10-18 21:53:50 -04:00
Nick Mathewson
3d8b73db55 Discard extraneous renegotiation attempts in the v3 link protocol
Failure to do so left us open to a remotely triggerable assertion
failure. Fixes CVE-2012-2249; bugfix on 0.2.3.6-alpha. Reported by
"some guy from France".

This patch is a forward-port to 0.2.4, to work with the new channel
logic.
2012-10-17 19:19:58 -04:00
Nick Mathewson
f357ef9dcc Discard extraneous renegotiation attempts in the v3 link protocol
Failure to do so left us open to a remotely triggerable assertion
failure. Fixes CVE-2012-2249; bugfix on 0.2.3.6-alpha. Reported by
"some guy from France".
2012-10-17 19:18:16 -04:00
Nick Mathewson
850c990144 Fix a bug in channel_dump_statistics
We were calling channel_get_actual_remote_descr() before we used the
output of a previous channel_get_canonical_remote_descr(), thus
invalidating its output.
2012-10-17 11:29:59 -04:00
Nick Mathewson
cb9d123764 Document lifespan of return values of the _remote_descr() funcs 2012-10-17 11:29:37 -04:00
Nick Mathewson
26946c659b Restore the 'address' value of tunneled connections
When we merged the channel code, we made the 'address' field of linked
directory connections created with begindir (and their associated edge
connections) contain an address:port string, when they should only
have contained the address part.

This patch also tweaks the interface to the get_descr method of
channels so that it takes a set of flags rather than a single flag.
2012-10-17 11:23:26 -04:00
Nick Mathewson
898bd1ae8f Fix for bug 7112 (spewing complaints from tor_addr_is_internal)
In 4768c0efe3 (not in any released
version of Tor), we removed a little block of code that set the addr
field of an exit connection used in making a tunneled directory
request.  Turns out that wasn't right.
2012-10-17 11:15:01 -04:00
Nick Mathewson
f633184af1 Document return value of channel_get_addr_if_possible 2012-10-17 11:12:59 -04:00
Linus Nordberg
e2313d8622 White space. 2012-10-17 14:01:02 +02:00
Andrea Shepard
35f573136d Use LD_PROTOCOL rather than LD_BUG to warn about bogus reason codes that originated remotely in circuit_end_reason_to_control_string() 2012-10-17 03:24:28 -07:00
Andrea Shepard
17442560c4 Fix mal-merge, don't | END_CIRC_REASON_CHANNEL_CLOSED into reason codes in circuit_truncated() 2012-10-17 03:23:35 -07:00
Linus Nordberg
74c6dafed6 Two changes lost in rebase resurrected. 2012-10-17 12:13:49 +02:00
Linus Nordberg
19ab7b1639 Rename reserved C identifiers. 2012-10-17 10:54:53 +02:00
Karsten Loesing
1f849f9181 Minor tweaks to nils' v4 vs v6 bridge usage code. 2012-10-17 10:54:53 +02:00
Karsten Loesing
c03e3d66a9 Minor tweaks and comments to nils' geoip v6 code. 2012-10-17 10:54:52 +02:00
nils
31e224173b Include statistics as to how many connections are IPv4 versus IPv6 2012-10-17 10:54:52 +02:00
nils
abb886014e Add GeoIP database for IPv6 addresses 2012-10-17 10:54:52 +02:00
nils
167363403b Rename address family specific IPv4 geoip functions in preparation for IPv6 support 2012-10-17 10:54:17 +02:00
Andrea Shepard
94a0309909 Merge branch 'bug7087_2' of ssh://git-rw.torproject.org/user/andrea/tor 2012-10-15 13:04:55 -07:00
Andrea Shepard
ac227cf587 Close and free channel_tls_listener correctly in channel_tls_free_all() 2012-10-15 12:22:20 -07:00
Nick Mathewson
907db008ab Move the circuit build timeout code into its own file. 2012-10-15 14:50:55 -04:00
Nick Mathewson
9e9edf71f7 Split code for entry guards and bridges into a new module. 2012-10-15 14:28:23 -04:00
Nick Mathewson
f38fb29502 whitesapce fix 2012-10-15 11:22:53 -04:00
Nick Mathewson
9f83142591 Merge remote-tracking branch 'public/bug1031' 2012-10-15 11:20:48 -04:00
Andrea Shepard
99057014ba Add debug logging to channel_listener_free()/channel_listener_force_free() 2012-10-15 07:56:35 -07:00
Nick Mathewson
469b847c70 Fix a long line 2012-10-15 10:55:52 -04:00
Markus Teich
5a959163d3 fixed differing returntype in definition and declaration of dirserv_add_extrainfo 2012-10-15 10:53:11 -04:00
Andrea Shepard
4da2864308 Merge branch 'bug7087' of git://git.torproject.org/user/andrea/tor 2012-10-15 07:22:33 -07:00
Andrea Shepard
3894ca1508 Add debug logging for channel_free() and channel_force_free() 2012-10-15 06:46:23 -07:00