Commit Graph

9736 Commits

Author SHA1 Message Date
Andrea Shepard
938ee9b24d Always call circuit_n_chan_done(chan, 0) from channel_closed() 2013-09-24 10:42:12 -04:00
Nick Mathewson
116e6af7a7 Fix a compilation warning with older gcc 2013-09-23 01:47:52 -04:00
Nick Mathewson
d1dbaf2473 Relays should send timestamp in NETINFO.
This avoids skew warnings as authorities test reachability.

Fix 9798; fix not on any released Tor.
2013-09-21 08:54:42 -04:00
Roger Dingledine
4f036acd27 back out most of 1d0ba9a
this was causing directory authorities to send a time of 0 on all
connections they generated themselves, which means everybody reachability
test caused a time skew warning in the log for that relay.

(i didn't just revert, because the changes file has been modified by
other later commits.)
2013-09-21 02:11:51 -04:00
Nick Mathewson
fd2954d06d Round down hidden service descriptor publication times to nearest hour
Implements part of proposal 222.  We can do this safely, since
REND_CACHE_MAX_SKEW is 24 hours.
2013-09-20 11:00:27 -04:00
Nick Mathewson
accadd8752 Remove the timestamp from AUTHENTICATE cells; replace with random bytes
This isn't actually much of an issue, since only relays send
AUTHENTICATE cells, but while we're removing timestamps, we might as
well do this too.

Part of proposal 222.  I didn't take the approach in the proposal of
using a time-based HMAC, since that was a bad-prng-mitigation hack
from SSL3, and in real life, if you don't have a good RNG, you're
hopeless as a Tor server.
2013-09-20 11:00:27 -04:00
Nick Mathewson
f8b44eedf7 Get ready to stop sending timestamps in INTRODUCE cells
For now, round down to the nearest 10 minutes.  Later, eliminate entirely by
setting a consensus parameter.

(This rounding is safe because, in 0.2.2, where the timestamp mattered,
REND_REPLAY_TIME_INTERVAL was a nice generous 60 minutes.)
2013-09-20 11:00:27 -04:00
Nick Mathewson
1d0ba9a61f Stop sending the current time in client NETINFO handshakes.
Implements part of proposal 222.
2013-09-20 11:00:27 -04:00
Roger Dingledine
2c877d2da4 collect and log statistics about onionskins received/processed
we skip onionskins that came from non-relays, so we're less likely to
run into privacy troubles.

starts to implement ticket 9658.
2013-09-05 01:44:52 -04:00
Roger Dingledine
f51add6dbc Revert e443beff and solve it a different way
Now we explicitly check for overflow.

This approach seemed smarter than a cascade of "change int to unsigned
int and hope nothing breaks right before the release".

Nick, feel free to fix in a better way, maybe in master.
2013-09-05 01:41:07 -04:00
Roger Dingledine
e443beffeb don't let recently_chosen_ntors overflow
with commit c6f1668d we let it grow arbitrarily large.

it can still overflow, but the damage is very small now.
2013-09-05 01:27:46 -04:00
Roger Dingledine
c6f1668db3 nickm wants us to prioritize tap in a currently-rare edge case 2013-09-04 23:21:46 -04:00
Roger Dingledine
a4400952ee Be more general in calculating expected onion queue processing time
Now we consider the TAP cells we'll process while draining the NTor
queue, and vice versa.
2013-09-04 23:21:45 -04:00
Roger Dingledine
a66791230f let the NumNTorsPerTAP consensus param override our queue choice 2013-09-04 23:21:45 -04:00
Roger Dingledine
7acc7c3dc6 do a lopsided round-robin between the onion queues
that way tap won't starve entirely, but we'll still handle ntor requests
quicker.
2013-09-04 23:21:45 -04:00
Roger Dingledine
16b5c609a4 check bounds on handshake_type more thoroughly 2013-09-04 23:21:45 -04:00
Roger Dingledine
9d2030e580 add info-level logs to help track onion queue sizes 2013-09-04 23:21:45 -04:00
Roger Dingledine
bb32bfa2f2 refactor and give it unit tests 2013-09-04 23:21:45 -04:00
Roger Dingledine
87a18514ef Separate cpuworker queues by handshake type
Now we prioritize ntor create cells over tap create cells.

Starts to address ticket 9574.
2013-09-04 23:21:45 -04:00
Nick Mathewson
a60d21a85d Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/circuitbuild.c
2013-09-04 16:08:02 -04:00
Nick Mathewson
4f3dbb3c0a use !cbt_disabled in place of LearnCBT to avoid needless circs
This would make us do testing circuits "even when cbt is disabled by
consensus, or when we're a directory authority, or when we've failed
to write cbt history to our state file lately." (Roger's words.)

This is a fix for 9671 and an improvement in our fix for 5049.
The original misbehavior was in 0.2.2.14-alpha; the incomplete
fix was in 0.2.3.17-beta.
2013-09-04 15:54:05 -04:00
Nick Mathewson
8611195a00 Merge remote-tracking branch 'public/bug9546_023_v2' into maint-0.2.3 2013-08-25 00:32:27 -04:00
Nick Mathewson
4107ddd003 Merge remote-tracking branch 'public/bug9546_v2' into maint-0.2.4 2013-08-25 00:31:51 -04:00
Nick Mathewson
1ee1c8fb4f Merge remote-tracking branch 'public/bug9366' into maint-0.2.4 2013-08-25 00:29:49 -04:00
Nick Mathewson
3727a978b8 Merge remote-tracking branch 'public/bug9543' into maint-0.2.4 2013-08-25 00:29:06 -04:00
Nick Mathewson
43f187ec2e Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-08-22 20:47:10 -04:00
Nick Mathewson
2530c84220 Replace return with continue in update_consensus_networkstatus_downloads
Fix for bug 9564; bugfix on 0.2.3.14-alpha.
2013-08-22 10:00:37 -04:00
Nick Mathewson
af7970b6bc Add a 30-day maximum on user-supplied MaxCircuitDirtiness
Fix for bug 9543.
2013-08-21 11:35:00 -04:00
Nick Mathewson
cbc53a2d52 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:29:19 -04:00
Nick Mathewson
940cef3367 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:28:58 -04:00
Nick Mathewson
0daa26a473 Send NETINFO on receiving a NETINFO if we have not yet sent one.
(Backport to Tor 0.2.3)

Relays previously, when initiating a connection, would only send a
NETINFO after sending an AUTHENTICATE.  But bridges, when receiving a
connection, would never send AUTH_CHALLENGE.  So relays wouldn't
AUTHENTICATE, and wouldn't NETINFO, and then bridges would be
surprised to be receiving CREATE cells on a non-open circuit.

Fixes bug 9546.
2013-08-21 11:28:57 -04:00
Nick Mathewson
1bb4a4f9bd Send NETINFO on receiving a NETINFO if we have not yet sent one.
Relays previously, when initiating a connection, would only send a
NETINFO after sending an AUTHENTICATE.  But bridges, when receiving a
connection, would never send AUTH_CHALLENGE.  So relays wouldn't
AUTHENTICATE, and wouldn't NETINFO, and then bridges would be
surprised to be receiving CREATE cells on a non-open circuit.

Fixes bug 9546.
2013-08-20 14:52:56 -04:00
Nick Mathewson
d5cfbf96a2 Fix an uninitialized-read when parsing v3 introduction requests.
Fortunately, later checks mean that uninitialized data can't get sent
to the network by this bug.  Unfortunately, reading uninitialized heap
*can* (in some cases, with some allocators) cause a crash if you get
unlucky and go off the end of a page.

Found by asn.  Bugfix on 0.2.4.1-alpha.
2013-08-10 17:49:51 -04:00
Nick Mathewson
b9f9110ac7 Don't allow all ORPort values to be NoAdvertise
Fix for bug #9366
2013-08-05 12:14:48 -04:00
Nick Mathewson
0a0f93d277 Merge remote-tracking branch 'arma/bug9354' into maint-0.2.4 2013-07-31 21:48:48 -04:00
George Kadianakis
5a5147dd2e Fix invalid-read when a managed proxy configuration fails. 2013-07-31 13:56:07 -04:00
Roger Dingledine
ff6bb13c02 NumDirectoryGuards now tracks NumEntryGuards by default
Now a user who changes only NumEntryGuards will get the behavior she
expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
2013-07-30 12:05:39 -04:00
Nick Mathewson
11f1b7d9df Avoid assertion failure on unexepcted address family in DNS reply.
Fixes bug 9337; bugfix on 0.2.4.7-alpha.
2013-07-26 15:33:46 +02:00
Nick Mathewson
1d2e8020b7 Fix bug9309, and n_noncanonical count/continue code
When we moved channel_matches_target_addr_for_extend() into a separate
function, its sense was inverted from what one might expect, and we
didn't have a ! in one place where we should have.

Found by skruffy.
2013-07-23 11:52:10 +02:00
Nick Mathewson
17a960734a Merge remote-tracking branch 'public/bug9295_023' into maint-0.2.4 2013-07-18 23:17:05 -04:00
Nick Mathewson
5977435629 tmp 2013-07-18 23:08:36 -04:00
Nick Mathewson
c36bdbd535 Re-do a cast in order to make old buggy freebsd gcc happy
Fix for #9254.  Bugfix on 0.2.4.14-alpha.

This is not actually a bug in the Tor code.
2013-07-16 14:48:12 -04:00
Nick Mathewson
b34279d3ab Add a comment and a check for why flag indices will be <= 63 2013-07-08 11:35:06 -04:00
Nick Mathewson
15cd79f832 FIx undefined behavior in dirvote.c
Fix a bug in the voting algorithm that could yield incorrect results
 when a non-naming authority declared too many flags. Fixes bug 9200;
 bugfix on 0.2.0.3-alpha.

Found by coverity scan.
2013-07-03 12:01:37 -04:00
Nick Mathewson
c955149271 Give a warning when bufferevents are enabled.
Ticket 9147.
2013-06-29 03:45:40 -04:00
Nick Mathewson
ca6aacce16 Fix bug 9122: don't allow newdefaultoptions to be NULL
(This caused a crash that was reported as bug 9122, but the underlying
behavior has been wrong for a while.)

Fix on 0.2.3.9-alpha.
2013-06-24 12:53:37 -04:00
Nick Mathewson
7c4544e5a4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-06-18 14:45:29 -04:00
Nick Mathewson
60d633c73a Fix some problems with the bug9002 fix.
Fixes bug 9090; bug not in any released Tor.
2013-06-18 11:54:57 -04:00
Nick Mathewson
efa342f5fa Tweak bug9063_redux patch: {n_p}_chan_cells, not {n,p}_conn_cells 2013-06-18 10:25:10 -04:00
Nick Mathewson
d3063da691 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/config.c
	src/or/relay.c
2013-06-18 10:23:03 -04:00