Commit Graph

24278 Commits

Author SHA1 Message Date
Nick Mathewson
ec5fe41209 Avoid a double-mark bug when makring a pending circuit as "too old"
Fixes bug 20059; bugfix on 0.1.0.1-rc.
2017-03-15 11:05:37 -04:00
Nick Mathewson
92813941b5 #21720: Update "directory server options" preamble in manpage 2017-03-14 11:25:54 -04:00
Nick Mathewson
e2cd600da6 Merge remote-tracking branch 'public/bug21682_030' into maint-0.3.0 2017-03-13 16:22:40 -04:00
George Kadianakis
6cab0f8ad7 Fix failing bridges+ipv6-min integration test.
The bridges+ipv6-min integration test has a client with bridges:
    Bridge 127.0.0.1:5003
    Bridge [::1]:5003
which got stuck in guard_selection_have_enough_dir_info_to_build_circuits()
because it couldn't find the descriptor of both bridges.

Specifically, the guard_has_descriptor() function could not find the
node_t of the [::1] bridge, because the [::1] bridge had no identity
digest assigned to it.

After further examination, it seems that during fetching the descriptor
for our bridges, we used the CERTS cell to fill the identity digest of
127.0.0.1:5003 properly. However, when we received a CERTS cell from
[::1]:5003 we actually ignored its identity digest because the
learned_router_identity() function was using
get_configured_bridge_by_addr_port_digest() which was returning the
127.0.0.1 bridge instead of the [::1] bridge (because it prioritizes
digest matching over addrport matching).

The fix replaces get_configured_bridge_by_addr_port_digest() with the
recent get_configured_bridge_by_exact_addr_port_digest() function. It
also relaxes the constraints of the
get_configured_bridge_by_exact_addr_port_digest() function by making it
return bridges whose identity digest is not yet known.

By using the _exact_() function, learned_router_identity() actually
fills in the identity digest of the [::1] bridge, which then allows
guard_has_descriptor() to find the right node_t and verify that the
descriptor is there.

FWIW, in the bridges+ipv6-min test both 127.0.0.1 and [::1] bridges
correspond to the same node_t, which I guess makes sense given that it's
actually the same underlying bridge.
2017-03-09 09:19:19 -05:00
George Kadianakis
41324b5ae1 Revert "Restore correct behavior of 0.3.0.4-rc with bridges+ipv6-min"
This reverts commit 5298ab5917.
2017-03-09 09:19:12 -05:00
Nick Mathewson
ded2c8c689 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-03-08 10:12:27 -05:00
Nick Mathewson
d642ceb8df Merge branch 'maint-0.2.8' into maint-0.2.9 2017-03-08 10:12:06 -05:00
Nick Mathewson
2cfecec9c7 Merge branch 'maint-0.2.7-redux' into maint-0.2.8 2017-03-08 10:11:23 -05:00
Nick Mathewson
25c28bc2d9 Merge branch 'maint-0.2.6' into maint-0.2.7-redux 2017-03-08 10:11:05 -05:00
Nick Mathewson
ecc73c3c03 Merge branch 'maint-0.2.5' into maint-0.2.6 2017-03-08 10:10:44 -05:00
Nick Mathewson
933a1e7997 Merge branch 'maint-0.2.4' into maint-0.2.5 2017-03-08 10:10:29 -05:00
Nick Mathewson
27058bd8cb Fix a memory leak in config_get_assigned_option()
This was introducd in 4d83999213 in 0.3.0.3-alpha.  This is bug
21682.
2017-03-08 10:06:48 -05:00
Karsten Loesing
4488c319dd Update geoip and geoip6 to the March 7 2017 database. 2017-03-08 09:41:35 +01:00
Nick Mathewson
552bc39c32 Merge branch 'bug21594_030_squashed' into maint-0.3.0 2017-03-07 08:05:16 -05:00
teor
93ede051c2 Remove delay in hidden service introduction point checks
Make hidden services with 8 to 10 introduction points check for failed
circuits immediately after startup. Previously, they would wait for 5
minutes before performing their first checks.

Fixes bug 21594; bugfix on commit 190aac0eab in Tor 0.2.3.9-alpha.
Reported by alecmuffett.
2017-03-07 08:04:57 -05:00
Nick Mathewson
85cf6dcba3 Stop declining to download microdescs with future published times.
This change is the only one necessary to allow future versions of
the microdescriptor consensus to replace every 'published' date with
e.g. 2038-01-01 00:00:00; this will save 50-75% in compressed
microdescriptor diff size, which is quite significant.

This commit is a minimal change for 0.2.9; future series will
reduce the use of the 'published' date even more.

Implements part of ticket 21642; implements part of proposal 275.
2017-03-06 15:37:01 -05:00
Nick Mathewson
333d5d0f2a Merge remote-tracking branch 'teor/bug21576_029_v2' into maint-0.3.0 2017-03-04 20:23:38 -05:00
teor
e0486c9371
Make hidden services always check for failed intro point connections
Previously, they would stop checking when they exceeded their intro point
creation limit.

Fixes bug 21596; bugfix on commit d67bf8b2f2 in Tor 0.2.7.2-alpha.
Reported by alecmuffett.
2017-03-02 15:34:45 +11:00
teor
4b5cdb2c30
Fix a crash when a connection tries to open just after it has been unlinked
Fixes bug 21576; bugfix on Tor 0.2.9.3-alpha.
Reported by alecmuffett.
2017-03-02 11:10:30 +11:00
Nick Mathewson
528dcd113c Bump to 0.3.0.4-rc-dev 2017-03-01 15:38:36 -05:00
Nick Mathewson
5298ab5917 Restore correct behavior of 0.3.0.4-rc with bridges+ipv6-min
In that chutney test, the bridge client is configured to connect to
the same bridge at 127.0.0.1:5003 _and_ at [::1]:5003, with no
change in transports.

That meant, I think, that the descriptor is only assigned to the
first bridge when it arrives, and never the second.
2017-03-01 15:02:16 -05:00
George Kadianakis
18a98206ed Improve descriptor checks in the new guard algorithm.
- Make sure we check at least two guards for descriptor before making
  circuits. We typically use the first primary guard for circuits, but
  it can also happen that we use the second primary guard (e.g. if we
  pick our first primary guard as an exit), so we should make sure we
  have descriptors for both of them.

- Remove BUG() from the guard_has_descriptor() check since we now know
  that this can happen in rare but legitimate situations as well, and we
  should just move to the next guard in that case.
2017-03-01 08:46:53 -05:00
Nick Mathewson
5ff31ff5b3 Merge branch 'maint-0.2.9' into maint-0.3.0
"Ours" merge to avoid version bump
2017-03-01 08:19:23 -05:00
Nick Mathewson
75492598b2 Bump to 0.2.9.10-dev 2017-03-01 08:18:54 -05:00
teor
f2ca22f940
Remove the space before the interpreter name in test-network.sh
Apparently some unixes don't like this.
Part of #21581.
2017-03-01 12:28:16 +11:00
teor
a3bec9aa5a
Remove a spurious test-network-all warning that triggers when sh is not bash
Part of 21581.
2017-03-01 11:54:31 +11:00
teor
004ec8dc58
Restore support for test-network.sh on BSD and other systems without bash
(But use bash if it's available.)
This is a workaround until we remove bash-specific code in 19699.

Fixes bug 21581; bugfix on 21562, not in any released version of tor.
2017-03-01 11:40:54 +11:00
Nick Mathewson
58908b6540 bump version to 0.3.0.4-rc 2017-02-28 10:40:08 -05:00
Nick Mathewson
4128a8cabd Merge branch 'maint-0.2.9' into maint-0.3.0
This is an "ours" merge to avoid a version bump.
2017-02-28 10:39:29 -05:00
Nick Mathewson
b049a5b398 bump version to 0.2.9.10 2017-02-28 10:38:55 -05:00
Nick Mathewson
3e07a54928 Merge branch 'maint-0.2.8' into maint-0.2.9
This is an "ours" merge to avoid taking a version bump
2017-02-28 10:38:31 -05:00
Nick Mathewson
f93bcab60e Merge branch 'maint-0.2.7-redux' into maint-0.2.8
This is an "ours" merge to avoid taking a version bump, and to
avoid replaying the post-0.2.7.6 history of "maint-0.2.7-redux" onto maint-0.2.8, which already included the relevant changes.
2017-02-28 10:37:25 -05:00
Nick Mathewson
f2a657c22b bump version to 0.2.8.13 2017-02-28 10:34:33 -05:00
Nick Mathewson
b5526bef38 Bump version to 0.2.7.7 2017-02-28 10:27:20 -05:00
Nick Mathewson
1174b50cab Merge branch 'maint-0.2.6' into maint-0.2.7-redux
"ours" merge to avoid version bumps
2017-02-28 10:26:45 -05:00
Nick Mathewson
57e778f882 bump to 0.2.6.11 2017-02-28 10:26:24 -05:00
Nick Mathewson
ccdf0b319c Merge branch 'maint-0.2.5' into maint-0.2.6
"ours" merge to avoid version bumps
2017-02-28 10:25:51 -05:00
Nick Mathewson
884b3717a9 Bump version to 0.2.5.13 2017-02-28 10:23:20 -05:00
Nick Mathewson
b2b604ecb4 Merge branch 'maint-0.2.4' into maint-0.2.5
"ours" merge to avoid bumping version
2017-02-28 10:22:36 -05:00
Nick Mathewson
4bab288a82 Bump to 0.2.4.28 2017-02-28 10:20:46 -05:00
Nick Mathewson
3a60214f32 Merge remote-tracking branch 'public/bug21007_case2_030' into maint-0.3.0 2017-02-28 08:28:46 -05:00
Nick Mathewson
16f337e763 Merge branch 'bug21027_v2_squashed' into maint-0.3.0 2017-02-28 08:16:43 -05:00
Nick Mathewson
1582adabbb Change approach to preventing duplicate guards.
Previously I'd made a bad assumption in the implementation of
prop271 in 0.3.0.1-alpha: I'd assumed that there couldn't be two
guards with the same identity.  That's true for non-bridges, but in
the bridge case, we allow two bridges to have the same ID if they
have different addr:port combinations -- in order to have the same
bridge ID running multiple PTs.

Fortunately, this assumption wasn't deeply ingrained: we stop
enforcing the "one guard per ID" rule in the bridge case, and
instead enforce "one guard per <id,addr,port>".

We also needed to tweak our implementation of
get_bridge_info_for_guard, since it made the same incorrect
assumption.

Fixes bug 21027; bugfix on 0.3.0.1-alpha.
2017-02-28 08:16:33 -05:00
Nick Mathewson
eef8bd4d3c Merge remote-tracking branch 'teor/feature21570-030' into maint-0.3.0 2017-02-27 11:36:39 -05:00
Nick Mathewson
c51919b0da Merge branch 'bug21369_check_029_squashed' into maint-0.3.0 2017-02-27 11:25:34 -05:00
Nick Mathewson
6747c62386 Merge branch 'bug21420_029_squashed' into maint-0.3.0 2017-02-27 11:20:39 -05:00
Nick Mathewson
f6e5a658df Revise the logic for picking the start time for link certs
Since 0.2.4.11-alpha (in 0196647970) we've tried to randomize
the start time to up to some time in the past.  But unfortunately we
allowed the start time to be in the future as well, which isn't
really legit.

The new behavior lets the start time be be up to
MAX(cert_lifetime-2days, 0) in the past, but never in the future.

Fixes bug 21420; bugfix on 0.2.4.11-alpha.
2017-02-27 11:19:54 -05:00
Nick Mathewson
2b3518b81f Merge remote-tracking branch 'teor/bug20711' into maint-0.3.0 2017-02-27 11:00:02 -05:00
teor
73879aa5b6
Use bash in src/test/test-network.sh
This ensures we reliably call chutney's newer tools/test-network.sh when
available.

Fixes bug 21562; bugfix on tor-0.2.9.1-alpha.
2017-02-28 02:13:56 +11:00
teor
1ebcd22e80
Reserve a test-network.sh exit status of 2 for unknown arguments
Part of 21570.
2017-02-28 02:02:32 +11:00