Commit Graph

976 Commits

Author SHA1 Message Date
Nick Mathewson
6a08bcf530 Merge remote-tracking branch 'public/ticket16543' 2015-07-16 15:47:00 -04:00
Nick Mathewson
a65e835800 Add changes file for 8712; apply it to HSDir flag as well. 2015-07-14 14:03:30 -04:00
Peter Retzlaff
fa788a54f5 Vote for relays to be fast and stable even when they aren't currently active. 2015-07-14 13:59:29 -04:00
Nick Mathewson
2f8cf524ba Remove the HidServDirV2 and VoteOnHidServDirectoriesV2 options
(Mark them as obsolete)

Closes 16543.
2015-07-10 09:05:26 -04:00
Nick Mathewson
c0c0a6085e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-08 10:33:38 -04:00
David Goulet
6785f0b65a HSDir flag now requires the Stable flag
Fixes #8243
2015-06-08 10:28:35 -04:00
Nick Mathewson
1b52e95028 Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
525383c46d Checkpoint some work on voting on ed25519 identities
* Include ed25519 identities in votes
 * Include "no ed25519 identity" in votes
 * Include some commented-out code about identity voting.  (This
   will disappear.)
 * Include some functions for identity voting (These will disappear.)
 * Enforce uniqueness in ed25519 keys within a vote
2015-05-28 10:42:29 -04:00
Nick Mathewson
592a439107 Tie key-pinning logic into directory authority operation
With this patch:
  * Authorities load the key-pinning log at startup.
  * Authorities open a key-pinning log for writing at startup.
  * Authorities reject any router with an ed25519 key where they have
    previously seen that ed25519 key with a different RSA key, or vice
    versa.
  * Authorities warn about, but *do not* reject, RSA-only descriptors
    when the RSA key has previously gone along with an Ed25519 key.
    (We should make this a 'reject' too, but we can't do that until we're
    sure there's no legit reason to downgrade to 0.2.5.)
2015-05-28 10:41:49 -04:00
David Goulet
26c344a563 Revert "Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()"
Fixes #15850, part of #15801. Change file is added by this commit. The
original comment in the reverted commit is removed because right now we
*need* a DirPort until #15849 is implemented so no doubt nor confusion there
anymore.

This reverts commit 80bed1ac96.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-28 14:30:07 -04:00
Nick Mathewson
76d8c23ab4 Try to fix authdir_newdesc events
We were sending values that were truncated by the length of the
annotations.
2015-02-19 11:35:27 -05:00
Nick Mathewson
96211bcf71 Merge branch 'bug9321_rerebase'
Conflicts:
	src/or/dirvote.h
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-18 09:17:02 -05:00
George Kadianakis
33053d50a0 Final guardfraction preparations for upstream merge.
- Write a changes file.
- Change some logs to lesser severities.
2015-02-18 09:09:34 -05:00
George Kadianakis
7ddfb6aa2f Write guardfraction information to votes.
If a dirauth has guardfraction information about a guard, write it down
when serializing the routerstatus.
2015-02-18 09:09:33 -05:00
George Kadianakis
5ee48d47a7 Parse Guardfraction file and apply results to routerstatuses.
Parse the file just before voting and apply its information to the
provided vote_routerstatus_t. This follows the same logic as when
dirauths parse bwauth files.
2015-02-18 09:09:32 -05:00
Nick Mathewson
9bf6da1861 Merge remote-tracking branch 'public/feature_13822' 2015-02-17 12:34:13 -05:00
Nick Mathewson
0b3ae7d9e5 Maybe this will make coverity not care that this check is dead. CID 1268063 2015-02-16 15:44:18 -05:00
Nick Mathewson
4beb830953 Split ROUTER_REQUIRED_MIN_BANDWIDTH into RELAY_ and BRIDGE_ variants
Also raise those minima from 20 to 75 and 50 respectively.

Closes ticket 13822.
2015-02-07 08:33:23 -05:00
Nick Mathewson
daab405168 Bump the minimum relay version to 0.2.4.18-rc
Closes #13555
2015-02-04 13:27:56 -05:00
Nick Mathewson
55639bc67f Merge remote-tracking branch 'dgoulet/bug14202_026_v1' 2015-02-02 10:16:48 -05:00
Nick Mathewson
fac8d40886 Merge remote-tracking branch 'public/prop227_v2'
Conflicts:
	src/test/test_dir.c
2015-01-30 07:36:55 -05:00
Nick Mathewson
bd630a899a Correctly reject packages lines with empty entries 2015-01-29 14:09:57 -05:00
Nick Mathewson
f935ee2dae Define 'digesttype' correctly 2015-01-29 14:04:21 -05:00
David Goulet
80bed1ac96 Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()
Fixes #14202

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-29 12:55:19 -05:00
Nick Mathewson
c240eea0df more typo fixes from mcs and gk 2015-01-28 11:25:37 -05:00
Nick Mathewson
1e61b45251 Fixes on prop227 comments, based on comments by mcs on #10395 2015-01-27 16:31:48 -05:00
Nick Mathewson
2b8cebaac0 whitespace fix 2015-01-13 13:11:39 -05:00
Nick Mathewson
c83d838146 Implement proposal 227-vote-on-package-fingerprints.txt
This implementation includes tests and a little documentation.
2015-01-10 15:09:07 -05:00
teor
f9d57473e1 Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard
TestingDirAuthVoteHSDir ensures that authorities vote the HSDir flag
for the listed relays regardless of uptime or ORPort connectivity.
Respects the value of VoteOnHidServDirectoriesV2.

Partial fix for bug 14067.
2015-01-10 22:34:28 +11:00
Nick Mathewson
49dca8b1be Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-07 07:50:14 -05:00
Sebastian Hahn
2b9d48791d Enlarge the buffer for a line in a bw file 2015-01-07 12:44:16 +01:00
Nick Mathewson
cf2ac8e255 Merge remote-tracking branch 'public/feature11791' 2015-01-06 13:52:54 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
teor
2d199bdffe Fix grammar in comment on running_long_enough_to_decide_unreachable 2014-12-26 00:54:10 +11:00
teor
083c58f126 Fix TestingMinExitFlagThreshold 0
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.

This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
2014-12-24 06:13:32 +11:00
Nick Mathewson
734ba5cb0a Use smaller zlib objects when under memory pressure
We add a compression level argument to tor_zlib_new, and use it to
determine how much memory to allocate for the zlib object.  We use the
existing level by default, but shift to smaller levels for small
requests when we have been over 3/4 of our memory usage in the past
half-hour.

Closes ticket 11791.
2014-11-17 11:43:50 -05:00
rl1987
a6520ed537 Renaming ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN. 2014-11-11 20:56:40 +02:00
Nick Mathewson
bbd8d07167 Apply new calloc coccinelle patch 2014-11-02 11:56:02 -05:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
Nick Mathewson
d950e24332 Merge remote-tracking branch 'public/bug11243_squashed' 2014-10-13 14:32:43 -04:00
Nick Mathewson
a30594605e Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum.  This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)

This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest.  (This excludes RSA signature problems: RSA signatures
aren't included in the digest.  This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures.  But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)

We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.

Unit tests to follow in another patch.

Closes ticket #11243.
2014-10-13 14:30:02 -04:00
Nick Mathewson
cd678ae790 Remove is_router_version_good_for_possible_guard()
The versions which this function would keep from getting the guard
flag are already blocked by the minimum version check.

Closes 13152.
2014-10-09 15:12:36 -04:00
teor
27f30040f6 Add TestingDirAuthVoteExit option (like TestingDirAuthVoteGuard)
Add the TestingDirAuthVoteExit option, a list of nodes to vote Exit for,
regardless of their uptime, bandwidth, or exit policy.

TestingTorNetwork must be set for this option to have any effect.

Works around an issue where authorities would take up to 35 minutes to
give nodes the Exit flag in a test network, despite short consensus
intervals. Partially implements ticket 13161.
2014-10-01 17:44:21 +10:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
Nick Mathewson
1dc0d26b50 Clean up a clangalyzer warning in directory_remove_invalid
"At this point in the code, msg has been set to a string
constant. But the tor code checks that msg is not NULL, and the
redundant NULL check confuses the analyser[...] To avoid this
spurious warning, the patch initialises msg to NULL."

Patch from teor. another part of 13157.
2014-09-15 13:52:56 -04:00
George Kadianakis
01800ea1e4 Add unittests for finding the third quartile of a set. 2014-09-09 12:28:15 -04:00
Nick Mathewson
8e39395199 Merge remote-tracking branch 'asn/bug13064' 2014-09-09 12:26:16 -04:00
Sebastian Hahn
409a56281e Remove client-side bad directory logic
Implements the second half of #13060.
2014-09-09 11:54:20 -04:00
Sebastian Hahn
8099dee992 Remove dirauth support for the BadDirectory flag
Implements the first half of #13060. The second half will be to remove
client support, too.
2014-09-09 11:54:15 -04:00
Sebastian Hahn
607724c696 Remove support for naming directory authorities
This implements the meat of #12899. This commit should simply remove the
parts of Tor dirauths used to check whether a relay was supposed to be
named or not, it doesn't yet convert to a new mechanism for
reject/invalid/baddir/badexiting relays.
2014-09-09 11:50:21 -04:00