Commit Graph

10036 Commits

Author SHA1 Message Date
Robert Ransom
1eba4f0cc3 Make introduction points expire 2011-10-30 02:17:59 -07:00
Robert Ransom
00885652db Allow intro points to expire somewhat gracefully
The Right Way to expire an intro point is to establish a new one to
replace it, publish a new descriptor that doesn't list any expiring intro
points, and *then*, once our upload attempts for the new descriptor have
ended (whether in success or failure), close the expiring intro points.

Unfortunately, we can't find out when the new descriptor has actually been
uploaded, so we'll have to settle for a five-minute timer.

There should be no significant behaviour changes due to this commit (only
a log-message change or two), despite the rather massive overhaul, so this
commit doesn't include a changes/ file.  (The commit that teaches
intro_point_should_expire_now to return non-zero gets a changes/ file,
though.)
2011-10-30 02:17:10 -07:00
Robert Ransom
ae9a831294 Use SMARTLIST_FOREACH_BEGIN and _END, not a for loop 2011-10-30 02:17:07 -07:00
Robert Ransom
e46d56a9b4 Correct bogus comments
The behaviour of rend_services_introduce here is likely as bogus as the
comments were.
2011-10-30 02:17:06 -07:00
Robert Ransom
290b4dc3d6 Use a more meaningful variable name 2011-10-30 02:17:06 -07:00
Robert Ransom
68331cbd81 Determine whether an intro point was in the last HS desc in a sane way 2011-10-30 02:17:05 -07:00
Robert Ransom
3f6a2d3e2a Record which intro points were listed in the last HS desc 2011-10-30 02:17:05 -07:00
Robert Ransom
6f035cb2b4 Record the number of INTRODUCE2 cells each intro point has received 2011-10-30 02:17:04 -07:00
Robert Ransom
6b26999146 Correct a log message 2011-10-30 02:17:01 -07:00
Robert Ransom
c60148c7f5 Record the time at which each intro point was first published 2011-10-30 02:17:00 -07:00
Robert Ransom
6f220de7b9 Improve a comment 2011-10-30 02:17:00 -07:00
Robert Ransom
190aac0eab Allow different HSes to maintain different numbers of intro points 2011-10-30 02:16:59 -07:00
Roger Dingledine
eeb6588389 bridges send netinfo cells like clients on outgoing conns
fixes bug 4348
2011-10-29 21:43:23 -04:00
Sebastian Hahn
dfdb4fde1a Disable stats requiring geoip info if we have none
In other parts of the code we will otherwise attempt to collect these
statistics, and that will lead to crashes.
2011-10-29 11:20:02 +02:00
Nick Mathewson
4dd8d811d6 Merge branch 'bug4343' 2011-10-28 18:05:25 -04:00
Nick Mathewson
00a0de8508 Bump version to 0.2.3.6-alpha-dev 2011-10-28 18:05:17 -04:00
Nick Mathewson
212c3acd42 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/command.c
2011-10-28 18:02:57 -04:00
Nick Mathewson
cf8bffa359 Discard all cells on a marked connection
Fix for bug 4299
2011-10-28 17:04:15 -04:00
Nick Mathewson
2018f86e0c "Authetnicate" is not the usual spelling 2011-10-28 16:41:04 -04:00
Nick Mathewson
c2a098e980 Fix a double-free that would occur on an invalid cert in a CERTS cell
We would stash the certs in the handshake state before checking them
for validity... and then if they turned out to be invalid, we'd give
an error and free them.  Then, later, we'd free them again when we
tore down the connection.

Fixes bug 4343; fix on 0.2.3.6-alpha.
2011-10-28 16:38:56 -04:00
Nick Mathewson
7a8960cf1b Fix a memory-poisoning memset in tortls.c 2011-10-28 16:37:42 -04:00
Nick Mathewson
a2517fa77c Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-28 09:53:23 -04:00
Sebastian Hahn
f6b1dc2805 Fix typo, spotted by tmpname0901. Thanks! 2011-10-28 09:52:24 -04:00
Roger Dingledine
48bafb47ac bump maint-0.2.2 to 0.2.2.34-dev 2011-10-27 20:50:48 -04:00
Roger Dingledine
5d3095152e bump maint to 0.2.1.31 2011-10-27 20:01:58 -04:00
Roger Dingledine
1a160ae523 bump to 0.2.3.6-alpha 2011-10-26 20:33:23 -04:00
Sebastian Hahn
2dec6597af Merge branch 'maint-0.2.2_secfix' into master_secfix
Conflicts:
	src/common/tortls.c
	src/or/connection_or.c
	src/or/dirserv.c
	src/or/or.h
2011-10-27 00:38:45 +02:00
Robert Ransom
4684ced1b3 Add option to give guard flag to relays without the CVE-2011-2768 fix
This way, all of the DA operators can upgrade immediately, without nuking
every client's set of entry guards as soon as a majority of them upgrade.

Until enough guards have upgraded, a majority of dirauths should set this
config option so that there are still enough guards in the network. After
a few days pass, all dirauths should use the default.
2011-10-26 23:56:47 +02:00
Robert Ransom
00fffbc1a1 Don't give the Guard flag to relays without the CVE-2011-2768 fix 2011-10-26 23:42:39 +02:00
Robert Ransom
4d0f152aad Make tor_version_same_series non-static 2011-10-26 23:36:30 +02:00
Sebastian Hahn
df05e5ef4d Merge branch 'maint-0.2.1_secfix' into maint-0.2.2_secfix
Conflicts:
	src/or/connection_or.c
2011-10-26 23:30:27 +02:00
Robert Ransom
a74e7fd40f Reject create cells on outgoing OR connections from bridges 2011-10-26 23:21:14 +02:00
Robert Ransom
c05bb53508 Mark which OR connections are outgoing 2011-10-26 23:21:11 +02:00
Robert Ransom
af12c39d6d Don't use any OR connection which sent us a CREATE_FAST cell for an EXTEND
Fix suggested by Nick Mathewson.
2011-10-26 23:20:56 +02:00
Nick Mathewson
638fdedcf1 Don't send a certificate chain on outgoing TLS connections from non-relays 2011-10-26 23:20:56 +02:00
Nick Mathewson
a166f10414 Remove the -F option from tor-resolve.
It used to mean "Force": it would tell tor-resolve to ask tor to
resolve an address even if it ended with .onion.  But when
AutomapHostsOnResolve was added, automatically refusing to resolve
.onion hosts stopped making sense.  So in 0.2.1.16-rc (commit
298dc95dfd), we made tor-resolve happy to resolve anything.

The -F option stayed in, though, even though it didn't do anything.
Oddly, it never got documented.

Found while fixing GCC 4.6 "set, unused variable" warnings.
2011-10-26 17:13:04 -04:00
Roger Dingledine
a68867b150 manually backport a5232e0c4c 2011-10-26 17:11:52 -04:00
Roger Dingledine
cecc5b7aa1 stop asserting at boot
The patch for 3228 made us try to run init_keys() before we had loaded
our state file, resulting in an assert inside init_keys. We had moved
it too early in the function.

Now it's later in the function, but still above the accounting calls.
2011-10-26 22:09:44 +02:00
Nick Mathewson
55d9e4b8ba Reinit keys at the start of options_act().
Previously we did this nearer to the end (in the old_options &&
transition_affects_workers() block).  But other stuff cares about
keys being consistent with options... particularly anything which
tries to access a key, which can die in assert_identity_keys_ok().

Fixes bug 3228; bugfix on 0.2.2.18-alpha.

Conflicts:

	src/or/config.c
2011-10-26 22:09:44 +02:00
Robert Ransom
62c29a93ba Don't crash a bridge authority on SIGHUP if it's not in the consensus
Fixes bug 2572.
2011-10-26 22:09:44 +02:00
Sebastian Hahn
9082898944 Fix assert for relay/bridge state change
When we added support for separate client tls certs on bridges in
a2bb0bfdd5 we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.

Fixes bug 2433.

Conflicts:

	src/or/config.c
2011-10-26 22:09:44 +02:00
Nick Mathewson
b1632c3fb7 Fix memory leak in retry_all_listeners: Coverity CID 485 2011-10-26 13:22:20 -04:00
Nick Mathewson
097ed9998b Fix memory leak in options_act_reversible: fix Coverity CID 486,487 2011-10-26 13:22:13 -04:00
Nick Mathewson
e0a053be01 Do not tread vpadding cell as versions cell. Not in any released version. 2011-10-26 11:50:50 -04:00
George Kadianakis
9d53c00911 Fix a NULL pointer dereference in parse_server_transport_line(). 2011-10-26 11:21:11 -04:00
Nick Mathewson
beb9097bed Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-26 11:08:19 -04:00
Nick Mathewson
4a1a89be0c Merge remote-tracking branch 'public/cov_run224_022' into maint-0.2.2 2011-10-26 11:07:28 -04:00
Sebastian Hahn
34f12437d4 Fix a couple of pluggable transport bugs
Fix coverity complaints 490, 491 and 492. Especially the one in
parse_client_transport_line() could've been a remotely triggerable
segfault, I think.
2011-10-26 16:49:24 +02:00
Nick Mathewson
d0a91386e5 Don't crash when accountingmax is set in non-server Tors
We use a hash of the identity key to seed a prng to tell when an
accounting period should end.  But thanks to the bug998 changes,
clients no longer have server-identity keys to use as a long-term seed
in accounting calculations.  In any case, their identity keys (as used
in TLS) were never never fixed.  So we can just set the wakeup time
from a random seed instead there.  Still open is whether everybody
should be random.

This patch fixes bug 2235, which was introduced in 0.2.2.18-alpha.

Diagnosed with help from boboper on irc.
2011-10-26 14:20:47 +02:00
Sebastian Hahn
3a890b3b70 Properly refcount client_identity_key
In a2bb0bf we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.
2011-10-26 14:17:01 +02:00
Nick Mathewson
dc557e8164 Add some asserts to get_{tlsclient|server}_identity_key
We now require that:
  - Only actual servers should ever call get_server_identity_key
  - If you're being a client or bridge, the client and server keys should
    differ.
  - If you're being a public relay, the client and server keys
    should be the same.
2011-10-26 14:16:54 +02:00
Nick Mathewson
2a2301e411 Rename get_client_identity_key to get_tlsclient_identity_key 2011-10-26 14:16:34 +02:00
Robert Ransom
59e565e2a2 Maintain separate server and client identity keys when appropriate.
Fixes a bug described in ticket #988.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:16:20 +02:00
Nick Mathewson
299a78c5fe Make crypto_free_pk_env tolerate NULL arg in 0.2.1. Error-proofing against bug 988 backport 2011-10-26 14:14:05 +02:00
Robert Ransom
9976df9e56 Maintain separate server and client TLS contexts.
Fixes bug #988.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:13:55 +02:00
Robert Ransom
8781640111 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.

Conflicts:

	src/or/main.c
	src/or/router.c
2011-10-26 14:08:36 +02:00
Robert Ransom
07ab559a8e Add public_server_mode function. 2011-10-26 14:03:43 +02:00
George Kadianakis
e2b3527106 Also handle needless renegotiations in SSL_write().
SSL_read(), SSL_write() and SSL_do_handshake() can always progress the
SSL protocol instead of their normal operation, this means that we
must be checking for needless renegotiations after they return.

Introduce tor_tls_got_excess_renegotiations() which makes the
          tls->server_handshake_count > 2
check for us, and use it in tor_tls_read() and tor_tls_write().

Cases that should not be handled:

* SSL_do_handshake() is only called by tor_tls_renegotiate() which is a
  client-only function.

* The SSL_read() in tor_tls_shutdown() does not need to be handled,
  since SSL_shutdown() will be called if SSL_read() returns an error.
2011-10-26 13:36:30 +02:00
Nick Mathewson
c5a3664f27 Fix zlib macro brokenness on osx with zlib 1.2.4 and higher.
From the code:
   zlib 1.2.4 and 1.2.5 do some "clever" things with macros.  Instead of
   saying "(defined(FOO) ? FOO : 0)" they like to say "FOO-0", on the theory
   that nobody will care if the compile outputs a no-such-identifier warning.

   Sorry, but we like -Werror over here, so I guess we need to define these.
   I hope that zlib 1.2.6 doesn't break these too.

Possible fix for bug 1526.
2011-10-26 07:30:11 -04:00
George Kadianakis
340809dd22 Get rid of tor_tls_block_renegotiation().
Since we check for naughty renegotiations using
tor_tls_t.server_handshake_count we don't need that semi-broken
function (at least till there is a way to disable rfc5746
renegotiations too).
2011-10-26 13:16:14 +02:00
George Kadianakis
ecd239e3b5 Detect and deny excess renegotiations attempts.
Switch 'server_handshake_count' from a uint8_t to 2 unsigned int bits.
Since we won't ever be doing more than 3 handshakes, we don't need the
extra space.

Toggle tor_tls_t.got_renegotiate based on the server_handshake_count.
Also assert that when we've done two handshakes as a server (the initial
SSL handshake, and the renegotiation handshake) we've just
renegotiated.

Finally, in tor_tls_read() return an error if we see more than 2
handshakes.
2011-10-26 03:12:18 +02:00
George Kadianakis
4fd79f9def Detect renegotiation when it actually happens.
The renegotiation callback was called only when the first Application
Data arrived, instead of when the renegotiation took place.

This happened because SSL_read() returns -1 and sets the error to
SSL_ERROR_WANT_READ when a renegotiation happens instead of reading
data [0].

I also added a commented out aggressive assert that I won't enable yet
because I don't feel I understand SSL_ERROR_WANT_READ enough.

[0]: Look at documentation of SSL_read(), SSL_get_error() and
     SSL_CTX_set_mode() (SSL_MODE_AUTO_RETRY section).
2011-10-26 03:09:22 +02:00
George Kadianakis
69a821ea1c Refactor the SSL_set_info_callback() callbacks.
Introduce tor_tls_state_changed_callback(), which handles every SSL
state change.

The new function tor_tls_got_server_hello() is called every time we
send a ServerHello during a v2 handshake, and plays the role of the
previous tor_tls_server_info_callback() function.
2011-10-26 02:05:45 +02:00
Nick Mathewson
7ab0b5ff71 Avoid likely memory fragmentation from rep_hist_note_descs_served
When you're doing malloc(sizeof(int)), something may well have gone
wrong.

This technique is a bit abusive, but we're already relying on it
working correctly in geoip.c.
2011-10-25 17:53:26 -04:00
Sebastian Hahn
7fbc018433 Add percentiles to the desc stats reporting
To get a better idea what's going on on Tonga, add some code to report
how often the most and least frequently fetched descriptor was fetched,
as well as 25, 50, 75 percentile.

Also ensure we only count bridge descriptors here.
2011-10-25 16:47:27 +02:00
George Kadianakis
6b3c3b968f Rename tor_process_destroy() to tor_process_handle_destroy(). 2011-10-24 16:04:31 +02:00
George Kadianakis
47a5b8009b Improve general code quality.
- Add a tor_process_get_pid() function that returns the PID of a
  process_handle_t.
- Conform to make check-spaces.
- Add some more documentation.
- Improve some log messages.
2011-10-24 16:01:24 +02:00
George Kadianakis
572aa4ec44 Add PT_PROTO_FAILED_LAUNCH managed proxy state.
We used to try to terminate the managed proxy process even if it
failed while launching. We introduce a new managed proxy state, to
represent a *broken* and *not launched* proxy.
2011-10-24 15:59:11 +02:00
George Kadianakis
20be928fae Make set_managed_proxy_environment() work on Windows. 2011-10-24 15:56:28 +02:00
George Kadianakis
f12a40d860 Prepare util.[ch] to use the new process_handle_t API.
Also, create tor_process_destroy() which destroys a process_handle_t.
2011-10-24 15:55:53 +02:00
Sebastian Hahn
f885c60501 Don't initialize desc stats for non-bridgedirauth nodes
Also make sure that calling rep_hist_note_desc_served() while stats
aren't initialized just returns.

Bug spotted by SwissTorHelp. Thanks!
2011-10-24 14:54:22 +02:00
Roger Dingledine
2e295ae46e bump to 0.2.3.5-alpha-dev 2011-10-23 13:38:12 -04:00
Nick Mathewson
9d355bf479 Double-check that we really can get RSA keys from ID/Auth certs
Addresses issue 4287; issue not in any released Tor.
2011-10-23 13:31:09 -04:00
Nick Mathewson
87a93917c3 Fix a reference-leak in tor_tls_received_v3_certificate
We were calling SSL_get_peer_certificate but not X509_free.

This is a major part of bug4252; the bug has been in no released version.
2011-10-23 13:23:53 -04:00
Nick Mathewson
80cf342e47 Fix memory leak in prop176 code
This fixes part of bug4252.  Bug not in any released version.
2011-10-23 13:23:53 -04:00
Nick Mathewson
0c2a3601e8 Merge remote-tracking branch 'rransom-tor/bug3825c' 2011-10-23 12:55:10 -04:00
Sebastian Hahn
42b96a041d Check for jumping clock in *format_*stats functions
None of these were real bugs (yet), because the callers made sure
everything was fine. Make it more explicit. Suggested by Nick
2011-10-21 11:21:42 -04:00
Sebastian Hahn
03c06b629f Add new stats type: descriptor fetch stats
This is used for the bridge authority currently, to get a better
intuition on how many descriptors are actually fetched from it and how
many fetches happen in total.

Implements ticket 4200.
2011-10-21 11:21:42 -04:00
Sebastian Hahn
af02c4a9c3 remove code related to tracking descriptor serving times
This had broken due to bitrot - it doesn't know about microdescriptors
at all, and afaik hasn't generally been used in ages.
2011-10-21 06:02:47 +02:00
Nick Mathewson
29825f0bfd Merge remote-tracking branch 'rransom-tor/bug4091' 2011-10-20 14:26:54 -04:00
Robert Ransom
9df99bbb91 Check whether a client port is a Unix socket before using its IP addr
Bugfix on commit c1ac0695d5, not yet in any
release.  Fixes bug 4091; bug reported by SwissTorHelp.
2011-10-20 03:17:23 -07:00
Nick Mathewson
169c81844d Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-20 00:03:43 -04:00
Nick Mathewson
3cb79a0286 Merge remote-tracking branch 'rransom-tor/bug4251-022' into maint-0.2.2 2011-10-20 00:01:58 -04:00
Nick Mathewson
384e300cb4 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-19 23:16:08 -04:00
Nick Mathewson
5aa45ed6af Fix crash when changing node restrictions with DNS lookup in progress
Fixes bug 4259, bugfix on 0.2.2.25-alpha.  Bugfix by "Tey'".

Original message by submitter:

  Changing nodes restrictions using a controller while Tor is doing
  DNS resolution could makes Tor crashes (on WinXP at least). The
  problem can be repeated by trying to reach a non-existent domain
  using Tor:

    curl --socks4a 127.0.0.1:9050 inexistantdomain.ext

  .. and changing the ExitNodes parameter through the control port
  before Tor returns a DNS resolution error (of course, the following
  command won't work directly if the control port is password
  protected):

    echo SETCONF ExitNodes=TinyTurtle | nc -v 127.0.0.1 9051

  Using a non-existent domain is needed to repeat the issue so that
  Tor takes a few seconds for resolving the domain (which allows us to
  change the configuration). Tor will crash while processing the
  configuration change.

  The bug is located in the addressmap_clear_excluded_trackexithosts
  method which iterates over the entries of the addresses map in order
  to check whether the changes made to the configuration will impact
  those entries. When a DNS resolving is in progress, the new_adress
  field of the associated entry will be set to NULL. The method
  doesn't expect this field to be NULL, hence the crash.
2011-10-19 23:14:05 -04:00
Robert Ransom
739c21e97b Free rend_data and intro_key when extra intro circs become general-purpose 2011-10-18 07:08:02 -07:00
George Kadianakis
45307ff980 Port managed proxy launching code to the new subprocess API. 2011-10-17 22:46:44 +02:00
Roger Dingledine
0a083b0188 Merge branch 'maint-0.2.2' 2011-10-13 10:14:38 -04:00
Roger Dingledine
56180d169a Merge branch 'maint-0.2.1' into maint-0.2.2 2011-10-13 10:14:16 -04:00
Karsten Loesing
ee545cd4cb Update to the October 2011 GeoIP database. 2011-10-13 10:13:40 -04:00
Robert Ransom
b095be7f69 Check for intro circ timeouts properly
Previously, we would treat an intro circuit failure as a timeout iff the
circuit failed due to a mismatch in relay identity keys.  (Due to a bug
elsewhere, we only recognize relay identity-key mismatches on the first
hop, so this isn't as bad as it could have been.)

Bugfix on commit eaed37d14c, not yet in any
release.
2011-10-12 06:41:33 -07:00
Nick Mathewson
426f6bfda2 Stop using addr_port_lookup as an address splitting function
It's too risky to have a function where if you leave one parameter
NULL, it splits up address:port strings, but if you set it, it does
hostname resolution.
2011-10-11 12:02:19 -04:00
Nick Mathewson
491e20ae13 Change "reverse_lookup_name" functions to refer to "PTR_name"s
Under the new convention, having a tor_addr.*lookup function that
doesn't do hostname resolution is too close for comfort.

I used this script here, and have made no other changes.

  s/tor_addr_parse_reverse_lookup_name/tor_addr_parse_PTR_name/g;
  s/tor_addr_to_reverse_lookup_name/tor_addr_to_PTR_name/g;
2011-10-11 11:48:21 -04:00
Nick Mathewson
00b2b69add Fix names of functions that convert strings to addrs
Now let's have "lookup" indicate that there can be a hostname
resolution, and "parse" indicate that there wasn't.  Previously, we
had one "lookup" function that did resolution; four "parse" functions,
half of which did resolution; and a "from_str()" function that didn't
do resolution.  That's confusing and error-prone!

The code changes in this commit are exactly the result of this perl
script, run under "perl -p -i.bak" :

  s/tor_addr_port_parse/tor_addr_port_lookup/g;
  s/parse_addr_port(?=[^_])/addr_port_lookup/g;
  s/tor_addr_from_str/tor_addr_parse/g;

This patch leaves aton and pton alone: their naming convention and
behavior is is determined by the sockets API.

More renaming may be needed.
2011-10-11 11:30:12 -04:00
Nick Mathewson
69921837a7 Fix a bunch of whitespace errors 2011-10-11 11:30:01 -04:00
Nick Mathewson
8af0cfc10d Add some points to make it easy to turn off v3 support 2011-10-10 23:14:32 -04:00
Sebastian Hahn
35fe4825fc Quiet two notices, and spelling mistake cleanup 2011-10-10 23:14:31 -04:00
Sebastian Hahn
66200320ff Fix a few 64bit compiler warnings 2011-10-10 23:14:31 -04:00
Nick Mathewson
1bd65680bd Add more log statements for protocol/internal failures 2011-10-10 23:14:31 -04:00
Nick Mathewson
059d3d0613 Remove auth_challenge field from or_handshake_state_t
We didn't need to record this value; it was already recorded
implicitly while computing cell digests for later examination in the
authenticate cells.
2011-10-10 23:14:31 -04:00
Nick Mathewson
d79ff2ce94 spec conformance: allow only one cert of each type 2011-10-10 23:14:31 -04:00
Nick Mathewson
e56d7a3809 Give tor_cert_get_id_digests() fail-fast behavior
Right now we can take the digests only of an RSA key, and only expect to
take the digests of an RSA key.  The old tor_cert_get_id_digests() would
return a good set of digests for an RSA key, and an all-zero one for a
non-RSA key.  This behavior is too error-prone: it carries the risk that
we will someday check two non-RSA keys for equality and conclude that
they must be equal because they both have the same (zero) "digest".

Instead, let's have tor_cert_get_id_digests() return NULL for keys we
can't handle, and make its callers explicitly test for NULL.
2011-10-10 23:14:31 -04:00
Nick Mathewson
40f0d111c2 Fix some more issues wrt tor_cert_new found by asn 2011-10-10 23:14:30 -04:00
Nick Mathewson
ce102f7a59 Make more safe_str usage happen for new logs in command.c 2011-10-10 23:14:30 -04:00
Nick Mathewson
23664fb3b8 Set up network parameters on non-authenticated incoming connections
Also add some info log messages for the steps of the v3 handshake.

Now my test network bootstraps!
2011-10-10 23:14:30 -04:00
Nick Mathewson
7aadae606b Make sure we stop putting cells into our hash at the right time. 2011-10-10 23:14:30 -04:00
Nick Mathewson
41b250d7ea Bugfixes for authenticate handling and generation 2011-10-10 23:14:30 -04:00
Nick Mathewson
610cb0ecc4 Fix log message about what cells we are sending 2011-10-10 23:14:30 -04:00
Nick Mathewson
f726c67dd4 more verbose log for recording an odd cell 2011-10-10 23:14:30 -04:00
Nick Mathewson
40f343e176 Actually accept cells in SERVER_RENEGOTIATING 2011-10-10 23:14:29 -04:00
Nick Mathewson
6bfb31ff56 Generate certificates that enable v3 handshake 2011-10-10 23:14:29 -04:00
Nick Mathewson
7935c4bdfa Allow "finished flushing" during v3 handshake 2011-10-10 23:14:29 -04:00
Nick Mathewson
83bb9742b5 Hook up all of the prop176 code; allow v3 negotiations to actually work 2011-10-10 23:14:18 -04:00
Nick Mathewson
445f947890 Remove a no-longer-relevant comment 2011-10-10 23:14:17 -04:00
Nick Mathewson
9a77ebc794 Make tor_tls_cert_is_valid check key lengths 2011-10-10 23:14:17 -04:00
Nick Mathewson
3f22ec179c New functions to record digests of cells during v3 handshake
Also, free all of the new fields in or_handshake_state_t
2011-10-10 23:14:17 -04:00
Nick Mathewson
6c7f28454e Implement cert/auth cell reading 2011-10-10 23:14:17 -04:00
Nick Mathewson
81024f43ec Basic function to write authenticate cells
Also, tweak the cert cell code to send auth certs
2011-10-10 23:14:16 -04:00
Nick Mathewson
e48e47fa03 Function to return peer cert as tor_tls_cert 2011-10-10 23:14:16 -04:00
Nick Mathewson
a6fc5059cd Add AUTH keys as specified in proposal 176
Our keys and x.509 certs are proliferating here.  Previously we had:
   An ID cert (using the main ID key), self-signed
   A link cert (using a shorter-term link key), signed by the ID key

Once proposal 176 and 179 are done, we will also have:
   Optionally, a presentation cert (using the link key),
       signed by whomever.
   An authentication cert (using a shorter-term ID key), signed by
       the ID key.

These new keys are managed as part of the tls context infrastructure,
since you want to rotate them under exactly the same circumstances,
and since they need X509 certificates.
2011-10-10 23:14:16 -04:00
Nick Mathewson
0a4f562772 Functions to get a public RSA key from a cert 2011-10-10 23:14:16 -04:00
Nick Mathewson
92602345e0 Function to detect certificate types that signal v3 certificates 2011-10-10 23:14:10 -04:00
Nick Mathewson
8c9fdecfe9 Function to get digests of the certs and their keys 2011-10-10 23:14:10 -04:00
Nick Mathewson
f4c1fa2a04 More functions to manipulate certs received in cells 2011-10-10 23:14:10 -04:00
Nick Mathewson
c39688de6c Function to extract the TLSSECRETS field for v3 handshakes 2011-10-10 23:14:10 -04:00
Nick Mathewson
df78daa5da Functions to send cert and auth_challenge cells. 2011-10-10 23:14:10 -04:00
Nick Mathewson
1b0645acba Cell types and states for new OR handshake
Also, define all commands > 128 as variable-length when using
v3 or later link protocol.  Running into a var cell with an
unrecognized type is no longer a bug.
2011-10-10 23:14:09 -04:00
Nick Mathewson
fdbb9cdf74 Add a sha256 hmac function, with tests 2011-10-10 23:14:09 -04:00
Nick Mathewson
c0bbcf138f Turn X509 certificates into a first-class type and add some functions 2011-10-10 23:14:02 -04:00
Nick Mathewson
dcf69a9e12 New function to get all digests of a public key 2011-10-10 23:14:02 -04:00
Nick Mathewson
bc2d9357f5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-10 22:50:52 -04:00
Nick Mathewson
b5edc838f2 Merge remote-tracking branch 'sebastian/osxcompile' 2011-10-10 22:03:20 -04:00
Sebastian Hahn
b4bd836f46 Consider hibernation before dropping privs
Without this patch, Tor wasn't sure whether it would be hibernating or
not, so it postponed opening listeners until after the privs had been
dropped. This doesn't work so well for low ports. Bug was introduced in
the fix for bug 2003. Fixes bug 4217, reported by Zax and katmagic.
Thanks!
2011-10-11 02:42:12 +02:00
Sebastian Hahn
cce85c819b Fix a compile warning on OS X 10.6 and up 2011-10-11 02:25:00 +02:00
Nick Mathewson
6a673ad313 Add a missing comma in tor_check_port_forwarding
My fault; fix for bug 4213.
2011-10-10 11:42:05 -04:00
Robert Ransom
9648f034c0 Update documentation comment for rend_client_reextend_intro_circuit
One of its callers assumes a non-zero result indicates a permanent failure
(i.e. the current attempt to connect to this HS either has failed or is
 doomed).  The other caller only requires that this function's result
never equal -2.

Bug reported by Sebastian Hahn.
2011-10-10 05:33:53 -07:00
Robert Ransom
274b25de12 Don't launch a useless circuit in rend_client_reextend_intro_circuit
Fixes bug 4212.  Bug reported by katmagic and found by Sebastian.
2011-10-10 03:05:19 -07:00
Nick Mathewson
ca597efb22 Merge remote-tracking branch 'karsten/feature3951' into maint-0.2.2 2011-10-07 16:46:50 -04:00
Nick Mathewson
1ec22eac4b Merge remote-tracking branch 'public/bug2003_nm' 2011-10-07 16:43:45 -04:00
Nick Mathewson
8b0ee60fe7 reinstate a notice for the non-loopback socksport case
Thanks to prop171, it's no longer a crazy thing to do, but you should
make sure that you really meant it!
2011-10-07 16:34:21 -04:00
Nick Mathewson
b49fcc6cf2 Merge remote-tracking branch 'rransom-tor/bug4018' 2011-10-07 16:32:04 -04:00
Nick Mathewson
ed39621a9d Merge remote-tracking branch 'asn2/bug3656'
Conflicts:
	src/common/util.c
	src/common/util.h
	src/or/config.h
	src/or/main.c
	src/test/test_util.c
2011-10-07 16:05:13 -04:00
Nick Mathewson
98e5c63eb2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-07 12:20:08 -04:00
warms0x
6d027a3823 Avoid running DNS self-tests if we're operating as a bridge 2011-10-07 12:18:26 -04:00
George Kadianakis
1174bb95ce Revive our beautiful unit tests.
They broke when the PT_PROTO_INFANT proxy state was added.
2011-10-07 15:44:58 +02:00
George Kadianakis
3be9d76fa2 Make it compile on Windows™. 2011-10-07 15:44:44 +02:00
George Kadianakis
105cc42e96 Support multiple transports in a single transport line.
Support multiple comma-separated transpotrs in a single
{Client,Server}TransportPlugin line.
2011-10-07 14:13:41 +02:00
Nick Mathewson
246afc1b1b Make internal error check for unrecognized digest algorithm more robust
Fixes Coverity CID 479.
2011-10-06 14:13:09 -04:00
Nick Mathewson
2412e0e402 Check return of init_keys() ip_address_changed: fix Coverity CID 484 2011-10-06 14:13:09 -04:00
Karsten Loesing
9dfb884522 Turn on directory request statistics by default.
Change the default values for collecting directory request statistics and
inlcuding them in extra-info descriptors to 1.

Don't break if we are configured to collect directory request or entry
statistics and don't have a GeoIP database. Instead, print out a notice
and skip initializing the affected statistics code.

This is the cherry-picked 499661524b.
2011-10-05 08:03:31 +02:00
Nick Mathewson
2725a88d5e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-10-03 15:19:00 -04:00
Nick Mathewson
05f672c8c2 Fix compilation of 3335 and 3825 fixes
In master, they ran into problems with the edge_conn/entry_conn split.
2011-10-03 15:13:38 -04:00
Nick Mathewson
4aa4bce474 Merge remote-tracking branch 'rransom-tor/bug3335-v2'
Conflicts:
	src/or/connection_edge.c
	src/or/rendclient.c
2011-10-03 15:06:07 -04:00
Fabian Keil
13f0d22df0 Rephrase the log messages emitted if the TestSocks check is positive
Previously Tor would always claim to have been given a hostname
by the client, while actually only verifying that the client
is using SOCKS4A or SOCKS5 with hostnames. Both protocol versions
allow IP addresses, too, in which case the log messages were wrong.

Fixes #4094.
2011-10-03 12:56:46 -04:00
Robert Ransom
c5226bfe1c Remove an HS's last_hid_serv_requests entries when a conn. attempt ends 2011-10-02 16:19:36 -07:00
Robert Ransom
bcfc383dc9 Record the HS's address in last_hid_serv_request keys 2011-10-02 16:19:35 -07:00
Robert Ransom
e07307214e Fix comment typo 2011-10-02 16:19:23 -07:00
Robert Ransom
fbea8c8ef1 Detect and remove unreachable intro points 2011-10-02 12:49:35 -07:00
Robert Ransom
34a6b8b7e5 Clear the timed_out flag when an HS connection attempt ends 2011-10-02 12:49:35 -07:00
Robert Ransom
eaed37d14c Record intro point timeouts in rend_intro_point_t 2011-10-02 12:49:34 -07:00
Robert Ransom
6803c1c371 Refetch an HS's desc if we don't have a usable one
Previously, we wouldn't refetch an HS's descriptor unless we didn't
have one at all.  That was equivalent to refetching iff we didn't have
a usable one, but the next commit will make us keep some non-usable HS
descriptors around in our cache.

Code bugfix on the release that introduced the v2 HS directory system,
because rend_client_refetch_v2_renddesc's documentation comment should
have described what it actually did, not what its behaviour happened
to be equivalent to; no behaviour change in this commit.
2011-10-02 12:42:19 -07:00
Sebastian Hahn
103c861dfe Looks like Windows version 6.2 will be Windows 8
Thanks to funkstar for the report
2011-10-01 14:50:44 +02:00
Roger Dingledine
1fac96f4c6 bump to 0.2.3.5-alpha 2011-09-28 18:25:16 -04:00
Roger Dingledine
f6db0f128c refill our token buckets 10 times/sec, not 100
refilling often is good, but refilling often has unclear side effects
on a) cpu load, and b) making sure every cell, ever, is sent out one at
a time
2011-09-28 15:38:36 -04:00
Roger Dingledine
36829539d6 Merge branch 'maint-0.2.2' 2011-09-28 15:38:02 -04:00
Roger Dingledine
ff8aba7053 bridges should use create_fast cells for their own circuits
fixes bug 4124, as noticed in bug 4115
2011-09-28 15:35:27 -04:00
Roger Dingledine
4e88a3bc3e Merge branch 'maint-0.2.2' 2011-09-28 15:13:05 -04:00
Roger Dingledine
0b5d2646d5 bug 4115: make bridges use begindir for their dir fetches
removes another avenue for enumerating bridges.
2011-09-28 14:50:43 -04:00
Nick Mathewson
6201b8b361 Make sure the microdesc cache is loaded before setting a v3 md consensus
Otherwise, we can wind up munging our reference counts if we set it in
the middle of loading the nodes.  This happens because
nodelist_set_consensus() and microdesc_reload_cache() are both in the
business of adjusting microdescriptors' references.
2011-09-28 14:19:39 -04:00
Nick Mathewson
4a10845075 Add some debugging code to microdesc.[ch] 2011-09-28 14:13:49 -04:00
Nick Mathewson
a4b7525c3c Fix a crash bug in tor_assert(md->held_by_node)
The fix is to turn held_by_node into a reference count.

Fixes bug 4118; bugfix on 0.2.3.1-alpha.
2011-09-28 13:40:21 -04:00
Roger Dingledine
e98c9a1bf6 if we have enough usable guards, just pick one
we don't need to check whether we don't have enough guards right after
concluding that we do have enough.

slight efficiency fix suggested by an anonymous fellow on irc.
2011-09-27 17:35:31 -04:00
Roger Dingledine
88516f65c9 Merge branch 'maint-0.2.2' 2011-09-24 22:47:53 -04:00
Roger Dingledine
1c2e4d1336 trivial whitespace changes, take two 2011-09-24 22:46:21 -04:00
Nick Mathewson
c42a1886cc Trivial whitespace fixes 2011-09-24 22:15:59 -04:00
Tom Lowenthal
5835acc6f9 Ticket #4063 - change circuit build timeout log entries from NOTICE to INFO 2011-09-24 22:12:40 -04:00
George Kadianakis
e2703e3654 Improve wording in some comments and log messages. 2011-09-23 17:50:56 +02:00
Nick Mathewson
fee094afcd Fix issues in 3630 patch noted by Karsten 2011-09-22 15:07:35 -04:00
Nick Mathewson
41dfc4c19c Make bufferevents work with TokenBucketRefillInterval 2011-09-22 15:07:34 -04:00
Nick Mathewson
052b95e2f1 Refactor connection_bucket_refill(_helper) to avoid roundoff
We were doing "divide bandwidth by 1000, then multiply by msec", but
that would lose accuracy: instead of getting your full bandwidth,
you'd lose up to 999 bytes per sec.  (Not a big deal, but every byte
helps.)

Instead, do the multiply first, then the division.  This can easily
overflow a 32-bit value, so make sure to do it as a 64-bit operation.
2011-09-22 15:07:34 -04:00
Nick Mathewson
0721abbf1b Move around check for TokenBucketRefillInterval; disallow changes to it 2011-09-22 15:07:34 -04:00
Florian Tschorsch
6b1d8321ae New torrc option to allow bucket refill intervals of less than 1 sec
Implements bug3630.
2011-09-22 15:07:23 -04:00
Nick Mathewson
40288e1e66 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-09-20 10:25:56 -04:00
Mansour Moufid
1ba90ab655 Fix a potentially useless integer overflow check.
GCC 4.2 and maybe other compilers optimize away unsigned integer
overflow checks of the form (foo + bar < foo), for all bar.

Fix one such check in `src/common/OpenBSD_malloc_Linux.c'.
2011-09-20 09:52:44 -04:00
Karsten Loesing
679f617345 Update to the September 2011 GeoIP database. 2011-09-15 16:33:36 -04:00
Nick Mathewson
2394c74017 Log errno on listener socket creation failure.
This may help diagnose bug 4027.
2011-09-15 09:51:48 -04:00
Robert Ransom
c1ac0695d5 Fix a bogus warning 2011-09-14 00:05:03 -07:00
Roger Dingledine
6a799c10ee bump to 0.2.3.4-alpha-dev 2011-09-13 22:04:47 -04:00
Roger Dingledine
0b0f7d792c bump to 0.2.3.4-alpha 2011-09-13 19:59:06 -04:00
Roger Dingledine
1fcaeb6092 Merge branch 'maint-0.2.2' 2011-09-13 18:32:00 -04:00
Roger Dingledine
4a351b4b9e Merge branch 'maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/main.c
	src/or/router.c
2011-09-13 18:27:13 -04:00
Roger Dingledine
62ec584a30 Generate our ssl session certs with a plausible lifetime
Nobody but Tor uses certs on the wire with 2 hour lifetimes,
and it makes us stand out. Resolves ticket 4014.
2011-09-13 18:24:45 -04:00
Roger Dingledine
1e1cc43b57 Merge branch 'maint-0.2.2' 2011-09-12 05:54:55 -04:00
Karsten Loesing
d679ef623f Update to the September 2011 GeoIP database. 2011-09-12 11:43:51 +02:00
George Kadianakis
2e73f9b3ee Put some sense into our logging.
Transform our logging severities to something more sensible.
Remove sneaky printf()s.
2011-09-12 00:10:07 +02:00
George Kadianakis
d0416ce3ec Don't warn of stray Bridges if managed proxies are still unconfigured.
With managed proxies you would always get the error message:

"You have a Bridge line using the X pluggable transport, but there
doesn't seem to be a corresponding ClientTransportPlugin line."

because the check happened directly after parse_client_transport_line()
when managed proxies were not fully configured and their transports
were not registered.

The fix is to move the validation to run_scheduled_events() and make
sure that all managed proxies are configured first.
2011-09-11 23:51:29 +02:00
George Kadianakis
e8715b3041 Constification. 2011-09-11 23:35:00 +02:00
George Kadianakis
de7565f87f Make check-spaces happy. 2011-09-11 23:34:36 +02:00
George Kadianakis
c6811c57cb Enforce transport names being C identifiers.
Introduce string_is_C_identifier() and use it to enforce transport
names according to the 180 spec.
2011-09-11 23:34:11 +02:00
George Kadianakis
3136107421 Trivial fixes around the code.
* C90-fy.
* Remove ASN comments.
* Don't smartlist_clear() before smartlist_free().
* Plug a mem. leak.
2011-09-11 23:33:31 +02:00
Nick Mathewson
386966142e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-09-11 16:25:14 -04:00
George Kadianakis
9a42ec6857 Be more defensive in get_transport_bindaddr().
Make sure that lines in get_transport_bindaddr() begin with the name
of the transport and a space.
2011-09-11 21:33:02 +02:00
George Kadianakis
ebc232bb79 Fix bug in get_transport_in_state_by_name() when using strcmpstart().
We now split the state lines into smartlists and compare the token
properly. Not that efficient but it's surely correct.
2011-09-11 21:22:37 +02:00
George Kadianakis
2703e41d8b Improve how we access or_state_t.
* Use get_or_state()->VirtualOption instead of relying on
  config_find_option(), STRUCT_VAR_P and voodoo.
2011-09-11 20:57:01 +02:00
George Kadianakis
0dcf327248 Remove connection_uses_transport() since it was unused. 2011-09-11 20:33:27 +02:00
George Kadianakis
9bf34eb65b Allow interwined {Client,Server}TransportPlugin lines. 2011-09-11 20:30:08 +02:00
George Kadianakis
a002f0e7c0 Update the transports.c documentation based on the new data. 2011-09-11 20:29:52 +02:00
George Kadianakis
1e92b24889 Update transports.[ch] to support SIGHUPs. 2011-09-11 20:29:12 +02:00
George Kadianakis
fa514fb207 Prepare circuitbuild.[ch] and config.[ch] for SIGHUPs.
* Create mark/sweep functions for transports.
* Create a transport_resolve_conflicts() function that tries to
  resolve conflicts when registering transports.
2011-09-11 20:28:47 +02:00
George Kadianakis
782810a8bf Introduce tor_terminate_process() function. 2011-09-11 20:26:01 +02:00
Roger Dingledine
cca806c56c fix whitespace (two-space indent) 2011-09-11 01:33:04 -04:00
Robert Ransom
8ea6d29fe4 Demote 'INTRODUCE2 cell is too {old,new}' message to info level 2011-09-10 21:56:05 -04:00
Robert Ransom
b10735903b Demote HS 'replay detected' log message for DH public keys to info level 2011-09-10 21:56:05 -04:00
Robert Ransom
07a5cf285a Describe rend_service_descriptor_t more completely 2011-09-10 19:09:01 -04:00
Robert Ransom
aa900b17ca Describe rend_intro_point_t more completely 2011-09-10 19:05:53 -04:00
Fabian Keil
c6f6b567e0 Stop parse_client_port_config() from misinterpreting FooListenAddress and FooPort in legacy syntax
Previously the FooPort was ignored and the default used instead,
causing Tor to bind to the wrong port if FooPort and the default
port don't match or the CONN_TYPE_FOO_LISTENER has no default port.

Fixes #3936.
2011-09-10 17:48:37 -04:00
Fabian Keil
087e0569c3 Fix whitespace in parse_client_port_config() 2011-09-10 17:48:36 -04:00
Nick Mathewson
35f9be7d04 Merge remote-tracking branch 'rransom-tor/typo-fix-ohkah8Ah' 2011-09-10 17:45:27 -04:00
Robert Ransom
c621e52883 Fix log message typo. 2011-09-10 16:15:52 -04:00
George Kadianakis
c852760b80 Replaced some leftover assert()s with tor_assert()s. 2011-09-10 00:45:28 +02:00
Nick Mathewson
a41f1fc612 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	configure.in
	src/or/circuitbuild.c
2011-09-09 12:58:12 -04:00
Nick Mathewson
b0695c11eb Merge remote-tracking branch 'public/gcc-295-fix' into maint-0.2.2 2011-09-09 12:54:27 -04:00
Nick Mathewson
4467799f45 Merge remote-tracking branch 'public/enhance_replay_detection' into maint-0.2.2 2011-09-09 12:53:45 -04:00
Nick Mathewson
cb9226bcdb Check for replays in PK-encrypted part of intro cell, not just in the g^x value 2011-09-09 12:49:47 -04:00
Nick Mathewson
45eadf3955 All NT service configuration commands should make the process exit.
Fixes bug 3963; fix on 0.2.0.7-alpha.
2011-09-08 21:54:12 -04:00
Nick Mathewson
d3ff167e09 Fix whitespace issues in patches merged today so far 2011-09-07 20:26:58 -04:00
Nick Mathewson
9bdde89027 Make the unit tests pass again after the bug2003 fix 2011-09-07 17:48:21 -04:00
Jérémy Bobbio
58a0afe30f chown() sockets when User option is set
Fixes bug 3421
2011-09-07 15:49:01 -04:00
Nick Mathewson
5c53a0f867 fix a const warning 2011-09-07 15:06:01 -04:00
Nick Mathewson
3e3480d704 Report reason for generating descriptor in an HTTP header
Suggested by arma; based on 3327.
2011-09-07 15:03:28 -04:00
Nick Mathewson
ed463404e9 Clean up HTTP request header generation a little
Use a list of headers rather than trying to printf every header that
might exist.
2011-09-07 15:02:02 -04:00
Nick Mathewson
1f4b6944c0 Upload descriptors more often when recent desc is unlisted
Right now we only force a new descriptor upload every 18 hours.
This can make servers become unlisted if they upload a descriptor at
time T which the authorities reject as being "too similar" to one
they uploaded before. Nothing will actually make the server upload a
new descriptor later on, until another 18 hours have passed.

This patch changes the upload behavior so that the 18 hour interval
applies only when we're listed in a live consensus with a descriptor
published within the last 18 hours.  Otherwise--if we're not listed
in the live consensus, or if we're listed with a publication time
over 18 hours in the past--we upload a new descriptor every 90
minutes.

This is an attempted bugfix for #3327.  If we merge it, it should
obsolete #535.
2011-09-07 15:01:52 -04:00
Nick Mathewson
41eef6680e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/dirserv.c
	src/or/networkstatus.c

Conflicts were related to routerinfo->node shift.
2011-09-07 14:51:55 -04:00
Nick Mathewson
dfa6cde4d4 Merge remote-tracking branch 'public/bug2649_squashed' into maint-0.2.2 2011-09-07 14:43:06 -04:00
Nick Mathewson
d27874a4f2 Remove a now-needless test. 2011-09-07 14:18:32 -04:00
Nick Mathewson
0cb01f5c97 Merge remote-tracking branch 'public/split_entry_conn'
Conflicts:
	src/or/connection.c
	src/or/connection_edge.c
	src/or/connection_edge.h
	src/or/dnsserv.c

Some of these were a little tricky, since they touched code that
changed because of the prop171 fixes.
2011-09-07 14:13:57 -04:00
Robert Ransom
8aad677bb7 Die if tor_vasprintf fails in connection_printf_to_buf
tor_asprintf already asserts if it fails.
2011-09-07 12:14:58 -04:00
Nick Mathewson
947012e153 Merge remote-tracking branch 'public/bug3851' 2011-09-07 11:22:24 -04:00
Nick Mathewson
9ef2cd7776 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection_edge.c

Conflicted on a router->node transition; fix was easy.
2011-09-06 20:55:31 -04:00
Nick Mathewson
2bf0e7479b Fix assertion in addressmap_clear_excluded_trackexithosts
Fixes bug 3923; bugfix on 0.2.2.25-alpha; bugfix from 'laruldan' on trac.
2011-09-06 20:26:20 -04:00
Roger Dingledine
7ca16affb5 bump to 0.2.3.3-alpha-dev 2011-09-02 07:41:55 -04:00
Roger Dingledine
f68cd4a175 bump to 0.2.3.3-alpha 2011-09-02 06:23:28 -04:00
Steven Murdoch
f5df96c94f Handle test case where fgets() sees EOF on the last read
On some platforms, with non-blocking IO, on EOF you first
get EAGAIN, and then on the second read you get zero bytes
and EOF is set. However on others, the EOF flag is set as
soon as the last byte is read. This patch fixes the test
case in the latter scenario.
2011-09-01 18:17:54 +01:00
Sebastian Hahn
d10ae9c028 Don't update AccountingSoftLimitHitAt on startup
Add a "default" state which we use until we've decided whether we're
live or hibernating. This allows us to properly track whether we're
resuming a hibernation period or not. Fixes bug 2003.
2011-09-01 17:21:50 +02:00
Nick Mathewson
9f144144e3 Merge branch 'bug3888' 2011-09-01 10:45:34 -04:00
Steven Murdoch
cfa9ee5fe7 Fix double-closing a stdio stream
After a stream reached eof, we fclose it, but then
test_util_spawn_background_partial_read() reads from it again, which causes
an error and thus another fclose(). Some platforms are fine with this, others
(e.g. debian-sid-i386) trigger a double-free() error. The actual code used by
Tor (log_from_pipe() and tor_check_port_forwarding()) handle this case
correctly.
2011-09-01 14:15:54 +01:00
Sebastian Hahn
ebb5f8df36 Explicitly set bucket_cfg to NULL after we freed it
This should fix bug 3888.
2011-09-01 12:34:16 +02:00
Nick Mathewson
6a3e4a89a2 Tweaks on last process-launch patches 2011-08-31 22:14:38 -04:00
Steven Murdoch
5b8a20ed44 Make a version of tor_read_all_handle() for non-Windows platforms
Mainly used for testing reading from subprocesses. To be more generic
we now pass in a pointer to a process_handle_t rather than a Windows-
specific HANDLE.
2011-09-01 01:43:44 +01:00
Steven Murdoch
76fde28475 Fix off-by-one error when allocating memory in test_util_split_lines()
Triggered "failed OVER picket-fence magic-number check (err 27)" when
memory debugging using dmalloc is enabled (at 'low' or higher).
2011-08-31 23:40:29 +01:00
Nick Mathewson
a7c07605d0 Add a missing include to util.c to get waitpid() on Linux 2011-08-31 00:36:43 -04:00
Nick Mathewson
0ac4b0f99d Check for lround with autoconf; fall back to rint. 2011-08-30 22:22:15 -04:00
Sebastian Hahn
03760f6c6f Fix a compilation issue on older FreeBSDs 2011-08-30 20:45:49 -04:00
Nick Mathewson
393e4fb5b5 Use %f with printf-style formatting, not %lf
For printf, %f and %lf are synonymous, since floats are promoted to
doubles when passed as varargs.  It's only for scanf that we need to
say "%lf" for doubles and "%f" for floats.

Apparenly, some older compilers think it's naughty to say %lf and like
to spew warnings about it.

Found by grarpamp.
2011-08-30 20:44:42 -04:00
Nick Mathewson
561ab14a5e Switch a SMARTLIST_FOREACH in circuitbuild.c to BEGIN/END
It had some cpp stuff inside, and older GCCs don't like preprocessor
directives inside macro arguments.

Found by grarpamp.
2011-08-30 20:44:30 -04:00
Nick Mathewson
2778cdd671 Rename tor_join_cmdline to tor_join_win_cmdline; tweak doxygen 2011-08-30 16:00:08 -04:00
Nick Mathewson
4f585b9ee2 Merge remote-tracking branch 'sjmurdoch/bug2046' 2011-08-30 15:51:45 -04:00
Steven Murdoch
d1dd9991cd Document limitation of log_from_handle with partial reads 2011-08-30 15:02:28 +01:00
Steven Murdoch
da34360952 Factor out and re-write code for splitting lines from a handle
Now handles non-printable characters and will not output a spurious
new-line if given a partial line.
2011-08-30 14:55:51 +01:00
Sebastian Hahn
b51e21c5d0 Add a bufferevent note to startup log
This should help us easily spot if a tor was built with
--enable-bufferevent or not
2011-08-29 23:10:03 +02:00
Nick Mathewson
cdbfc2a0c2 Fix compilation on non-bufferevent systems after 3803 fix: oops. 2011-08-29 13:41:59 -04:00
Nick Mathewson
0de8afd8f5 Split out rephist parts of buckets_decrement
For bufferevents, we had all of connection_buckets_decrement() stubbed
out.  But that's not actually right!  The rephist_* parts were
essential for, inter alia, recording our own bandwidth.  This patch
splits out the rephist parts of connection_buckets_decrement() into their
own function, and makes the bufferevent code call that new function.

Fixes bug 3803, and probably 3824 and 3826 too.  Bugfix on 0.2.3.1-alpha.
2011-08-29 13:33:31 -04:00
Nick Mathewson
3b02a959b3 Make FetchUselessDescriptors fetch all desc types
Previously, if you were set up to use microdescriptors, and you
weren't a cache, you'd never fetch router descriptors (except for
bridges).  Now FetchUselessDescriptors causes descriptors and
mirodescs to get cached.  Also, FetchUselessDescriptors changes the
behavior of "UseMicrodescriptors auto" to be off, since there's no
point in saying "UseMicrodescriptors 1" when you have full descriptors
too.

Fix for bug 3851; bugfix on 0.2.3.1-alpha.
2011-08-29 11:18:06 -04:00
Steven Murdoch
bc97f41080 Refactor out command line formatting
Now correctly handles whitespace, quotes and backslashes. Passes all unit tests.
2011-08-29 14:37:38 +01:00
Steven Murdoch
93792b5aa6 Add a sanity check 2011-08-29 00:36:41 +01:00
Steven Murdoch
f1ff65dfad Replace two magic tristates with #define'd names
- process_handle_t.status
- return value of tor_get_exit_code()
2011-08-29 00:30:18 +01:00
Steven Murdoch
3f0a197aad Make signature of tor_spawn_background more conventional
Conventionally in Tor, structs are returned as pointers, so change
tor_spawn_background() to return the process handle in a pointer rather
than as return value.
2011-08-28 23:35:02 +01:00
George Kadianakis
c554a27a44 Clarify the heartbeat message a bit. 2011-08-27 18:45:54 +02:00
Nick Mathewson
81fe1934af Fix a bufferevent-related bug that killed tunneled dirserv conns
Because tunneled connections are implemented with buffervent_pair,
writing to them can cause an immediate flush.  This means that
added to them and then checking to see whether their outbuf is
empty is _not_ an adequate way to see whether you added anything.
This caused a problem in directory server connections, since they
would try spooling a little more data out, and then close the
connection if there was no queued data to send.

This fix should improve matters; it only closes the connection if
there is no more data to spool, and all of the spooling callbacks
are supposed to put the dirconn into dir_spool_none on completion.

This is bug 3814; Sebastian found it; bugfix on 0.2.3.1-alpha.
2011-08-26 16:10:17 -04:00
Nick Mathewson
dfcd3d9ce0 Set write low-watermarks on all bufferevents.
If we don't do this, then we never invoke the bufferevent write
callbacks until all the bufferevent's data is flushed.
2011-08-24 17:31:37 -04:00
Nick Mathewson
f186e16241 Add write watermarks to filtered bufferevents. 2011-08-24 17:31:37 -04:00
Nick Mathewson
59d0f750c9 Apply rate-limiting to the lowest bufferevent in the stack.
When we're doing filtering ssl bufferevents, we want the rate-limits
to apply to the lowest level of the bufferevent stack, so that we're
actually limiting bytes sent on the network. Otherwise, we'll read
from the network aggressively, and only limit stuff as we process it.
2011-08-24 17:31:32 -04:00
Steven Murdoch
1da5081ae0 Appease "make check-spaces" 2011-08-24 21:34:13 +01:00
Steven Murdoch
50b48c3ea7 Improve comments and fix one bug 2011-08-24 21:33:53 +01:00
Steven Murdoch
476807211c We don't need to find our own path, just tell Windows to search 2011-08-24 20:50:58 +01:00
Steven Murdoch
6304e088d0 Find test-child.exe by looking in same directory as test.exe 2011-08-24 19:56:38 +01:00
Nick Mathewson
ede9cd4f99 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-08-24 13:53:17 -04:00
Gisle Vanem
5939c09d35 lround() missing in MSVC
lround() is missing in MS Visual-C's <math.h>. Not available anywhere.
Here is an easy patch.
2011-08-24 13:52:44 -04:00
Steven Murdoch
2efafdfe14 Fix compilation errors under *nix 2011-08-23 01:09:24 +01:00
Steven Murdoch
50504fc4cb Fix test cases to handle MSYS style paths (/c/foo rather than c:/foo)
Also fix test case to expect 1 on successfully spawning a subprocess
2011-08-22 20:05:11 +01:00
Steven Murdoch
1ad986335a Tidy up subprocess code
- Better error handling
- Write description of functions
- Don't assume non-negative process return values
2011-08-22 19:43:38 +01:00
Steven Murdoch
f46f6aabb4 Fix some compiler warnings 2011-08-22 18:13:58 +01:00
Steven Murdoch
6443a756df Merge branch 'bug1983-port-tor-fw-helper-to-windows' into bug2046
Conflicts:
	configure.in
	src/tools/tor-fw-helper/Makefile.am
	src/tools/tor-fw-helper/tor-fw-helper-upnp.c
	src/tools/tor-fw-helper/tor-fw-helper.c
2011-08-22 17:53:17 +01:00
Steven Murdoch
850d8c9eb8 Correct reference to libiphlpapi from libiphlapi 2011-08-22 17:38:43 +01:00
Steven Murdoch
c5e74fc60d Appease "make check spaces" 2011-08-22 16:31:30 +01:00
Nick Mathewson
dd6a9a923d Disable run-time changes to DisableIOCP: They do not work 2011-08-19 17:07:54 -04:00
Nick Mathewson
269c0b4633 Only link ws2_32 and iphlapi on windows.
This is a tweak for the tor-fw-helper port to windows.
2011-08-19 13:20:15 -04:00
Steven Murdoch
2ad336f999 Link and build tor-fw-helper on Windows
- Update configure script to test for libminiupnpc along with the
  libws2_32 and libiphlpapi libraries required by libminiupnpc
- When building tor-fw-helper, link in libiphlpapi
- Link in libminiupnpc statically becasue I could not get the DLL
  to link properly
- Call WSAStartup before doing network operations
- Fix up a compiler warning about uninitialized backend_state

N.B. The changes to configure.in and Makefile.am will break on non-
Windows platforms.
2011-08-19 15:22:13 +01:00
Nick Mathewson
df96aed14f Remove warning about a loop parsing evbuffer socks
This behavior is normal when we want more data than the evbuffer
actually has for us.  We'll ask for (say) 7 bytes, get only 5
(because that's all there is), try to parse the 5 bytes, and get
told "no, I want 7".  One option would be to bail out early whenever
want_length is > buflen, but sometimes we use an over-large
want_length.  So instead, let's just remove the warning here: it's
not a bug after all.
2011-08-18 16:15:03 -04:00
Nick Mathewson
263d68aa82 Appease "make check-spaces" 2011-08-18 15:17:37 -04:00
Nick Mathewson
d3653063d3 Automatically use filtering bufferevents with IOCP. 2011-08-18 15:16:05 -04:00
Steven Murdoch
cc5b6d6cee Merge remote branch 'origin/master' into bug2046 2011-08-18 18:42:02 +01:00
Steven Murdoch
7d015c886a Complete logging of output from port forwarding helper 2011-08-18 18:41:23 +01:00
Nick Mathewson
52e36feda1 Call evthread_use_windows_threads when running with IOCP on windows 2011-08-17 14:44:16 -04:00
Nick Mathewson
d2cd67c83f Use evbuffer_copyout() in inspect_evbuffer(). 2011-08-17 13:09:05 -04:00
Nick Mathewson
06be6105e4 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
2011-08-17 12:00:44 -04:00
Nick Mathewson
d79d648edc Don't write ControlPorts to disk till after we setuid and make datadir
Fix for bug 3747; bugfix on 0.2.2.26-beta.
2011-08-17 11:22:16 -04:00
Nick Mathewson
14552a12b3 Merge branch 'bug3743' 2011-08-17 10:46:28 -04:00
Nick Mathewson
6650dc932a Remove a needless config_find_option 2011-08-17 10:46:22 -04:00
Sebastian Hahn
6a06f45b04 Actually pick a random port when "auto" is specified
ddc65e2b33 had broken this
2011-08-17 10:41:36 -04:00