Commit Graph

12151 Commits

Author SHA1 Message Date
Nick Mathewson
5d2b2b9ede Clear up a comment about when an assertion could fire
Resolves ticket 6164
2013-02-19 16:23:58 -05:00
Nick Mathewson
337e32f5b8 fix a wide line 2013-02-19 15:08:54 -05:00
Nick Mathewson
8ddf4e218e Merge branch 'bug8065_v2' 2013-02-19 15:02:22 -05:00
Nick Mathewson
3340d3279d Downgrade an assert to LD_BUG
This should prevent crashes on further recurrence of 8065, and help
diagnose such if they occur
2013-02-19 15:02:08 -05:00
Nick Mathewson
804be10b09 Fix a may-be-used-uninitialized warning. 2013-02-19 15:00:08 -05:00
Nick Mathewson
b0b0d6af63 Merge branch 'bug2286_unit_test_squashed' 2013-02-19 14:54:05 -05:00
Andrea Shepard
699c39dada Test alternate values of maxunmeasuredbw too 2013-02-19 14:53:31 -05:00
Andrea Shepard
f445aae2e3 Update unmeasured bandwidth clipping unit test per NickM's bugfix for the Unmeasured=1 issue 2013-02-19 11:06:24 -05:00
Nick Mathewson
6170bc5a93 Refactor storing of measured_bw versus Unmeasured=1.
This patch moves the measured_bw field and the has_measured_bw field
into vote_routerstatus_t, since only votes have 'Measured=XX' set on
their weight line.

I also added a new bw_is_unmeasured flag to routerstatus_t to
represent the Unmeasured=1 flag on a w line.  Previously, I was using
has_measured_bw for this, which was quite incorrect: has_measured_bw
means that the measured_bw field is set, and it's probably a mistake
to have it serve double duty as meaning that 'baandwidth' represents a
measured value.

While making this change,I also found a harmless but stupid bug in
dirserv_read_measured_bandwidths: It assumes that it's getting a
smartlist of routerstatus_t, when really it's getting a smartlist of
vote_routerstatus_t.  C's struct layout rules mean that we could never
actually get an error because of that, but it's still quite incorrect.
I fixed that, and in the process needed to add two more sorting and
searching helpers.

Finally, I made the Unmeasured=1 flag get parsed.  We don't use it for
anything yet, but someday we might.

This isn't complete yet -- the new 2286 unit test doesn't build.
2013-02-19 11:06:24 -05:00
Andrea Shepard
4c45b3d845 Add unit test for unmeasured bandwidth clipping in consensus 2013-02-19 11:06:24 -05:00
Andrea Shepard
f4d5ca9b5e Refactor v3_networkstatus test to allow reuse of test for measuredbw 2013-02-19 11:06:24 -05:00
Nick Mathewson
869826581d Note some annoyinc copy-and-paste code 2013-02-19 11:06:23 -05:00
Nick Mathewson
e73bbea262 Tweak consensus method 17 based on arma's comments
Instead of capping whenever a router has fewer than 3 measurements,
we cap whenever a router has fewer than 3 measurements *AND* there
are at least 3 authorities publishing measured bandwidths.

We also generate bandwidth lines with a new "Unmeasured=1" flag,
meaning that we didn't have enough observations for a node to use
measured bandwidth values in the authority's input, whether we capped
it or not.
2013-02-19 11:05:15 -05:00
Roger Dingledine
f2199763cf touchups on 78582760 2013-02-19 04:07:36 -05:00
Nick Mathewson
7858276066 Revise some comments in router.c
Avoid the phrase "legally valid" (as opposed to valid but not legal)?
And document what functions really do.

Fix for bug 6935.
2013-02-19 02:43:36 -05:00
Nick Mathewson
22804c0391 Check for CPUs more accurartely when ONLN != CONF.
There are two ways to use sysconf to ask about the number of
CPUs. When we're on a VM, we would sometimes get it wrong by asking
for the number of total CPUs (say, 64) when we should have been asking
for the number of CPUs online (say, 1 or 2).

Fix for bug 8002.
2013-02-19 02:34:36 -05:00
Nick Mathewson
59fc77e29b Fix a bug that roger found in the wide_circ_id code 2013-02-15 18:20:46 -05:00
Nick Mathewson
e6e929f5cf Merge remote-tracking branch 'public/bug8209' 2013-02-15 16:37:53 -05:00
Nick Mathewson
73182e3220 Merge remote-tracking branch 'public/bug8207' 2013-02-15 16:29:43 -05:00
Nick Mathewson
d6634001c9 Merge remote-tracking branch 'public/wide_circ_ids'
Conflicts:
	src/or/channel.h
	src/or/connection_or.c
	src/or/cpuworker.c
2013-02-15 16:23:43 -05:00
Nick Mathewson
5fcc5dfa77 make check-spaces 2013-02-15 16:02:57 -05:00
Nick Mathewson
0fa362cafa Merge remote-tracking branch 'public/feature4994-rebased' 2013-02-15 15:58:54 -05:00
Nick Mathewson
6c8b6e9e78 Fix unreachable use-before-assign in test_util_join_win_cmdline
Apparently there is a compiler that believes this is something to
warn about.
2013-02-15 15:57:47 -05:00
Nick Mathewson
b90f9ebbb2 Merge remote-tracking branch 'public/integers_donna' 2013-02-15 15:55:36 -05:00
Roger Dingledine
5d400b5f7f Authorities were adding downtime for every relay every restart
Stop marking every relay as having been down for one hour every
time we restart a directory authority. These artificial downtimes
were messing with our Stable and Guard flag calculations.

Fixes bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
2013-02-14 17:02:22 -05:00
Nick Mathewson
4beee0f69b Use torint.h in curve25519-donna*.c
This will get it building on systems that lack stdint.h
2013-02-14 15:34:38 -05:00
Nick Mathewson
41e0f7146a Merge remote-tracking branch 'arma/bug1992' 2013-02-14 14:55:49 -05:00
Nick Mathewson
1070a720ad Be more robust when excluding existing nodes as new dirguards
In addition to rejecting them post-hoc, avoid picking them in the
first place.  This makes us less likely to decide that we can't add
guards at all.
2013-02-14 12:06:59 -05:00
Nick Mathewson
91027218e2 Add some code to bluntly prevent duplicate guards from getting added
Apparently something in the directory guard code made it possible
for the same node to get added as a guard over and over when there
were no actual running guard nodes.
2013-02-14 11:48:47 -05:00
Nick Mathewson
d7089ff228 Restore the entry/dirguard distinction.
We shouldn't be calling choose_random_entry() for directory
conncetions; that's what choose_random_dirguard() is for.
2013-02-12 16:23:12 -05:00
Nick Mathewson
5e0ce4c578 oops; add a missing semicolon
(Cherry-picked from fc35ee4910)
2013-02-12 10:51:20 -05:00
Roger Dingledine
178599f026 get rid of the new caching notion in resolve_my_address()
and replace it with the good old-fashioned two functions approach
2013-02-12 04:25:42 -05:00
Roger Dingledine
b166e9edb9 simplify timing checks
now that both timers are on the same schedule, there's no point
tracking separate timers.
2013-02-11 22:07:19 -05:00
Roger Dingledine
5911fc0c17 Check for IP address change every minute, not 15 minutes
Relays used to check every 10 to 60 seconds, as an accidental side effect
of calling directory_fetches_from_authorities() when considering doing
a directory fetch. The fix for bug 1992 removes that side effect. At the
same time, bridge relays never had the side effect, leading to confused
bridge operators who tried crazy tricks to get their bridges to notice
IP address changes (see ticket 1913).

The new behavior is to reinstate an every-60-seconds check for both
public relays and bridge relays, now that the side effect is gone.
2013-02-11 21:57:32 -05:00
Roger Dingledine
17089302fd Stop trying to resolve our hostname so often
For example, we were doing a resolve every time we think about doing a
directory fetch. Now we reuse the cached answer in some cases.

Fixes bugs 1992 (bugfix on 0.2.0.20-rc) and 2410 (bugfix on
0.1.2.2-alpha).
2013-02-11 21:48:18 -05:00
Nick Mathewson
e5a987fbb8 Don't tor_close_socket(-1) in tor-resolve.
Bugfix on 96b1bd4fb8.  Not in any released Tor.
2013-02-11 17:32:58 -05:00
Roger Dingledine
cc896f7c84 Teach resolve_my_address() to return a cached answer
I didn't make any of the callers use this feature yet.
2013-02-11 17:09:10 -05:00
Nick Mathewson
99457ee776 Fix two more coverity-spotted leaks in master.
One is a probably-impossible leak if we fail to sign a consensus;
another occurs when we can't look up the user we're trying to chown
our sockets to.
2013-02-11 17:01:02 -05:00
Nick Mathewson
f3835bcb37 Avoid null-pointer deref in pathbias_is_new_circ_attempt
Coverity is worried about this (CID 980653).  It hasn't happened in
testing, but we might as well make sure it can't happen.
2013-02-11 16:59:21 -05:00
Nick Mathewson
719940df2b Fix a nigh-impossible overflow in cpuworker.c
When we compute the estimated microseconds we need to handle our
pending onionskins, we could (in principle) overflow a uint32_t if
we ever had 4 million pending onionskins before we had any data
about how onionskins take.  Nevertheless, let's compute it properly.

Fixes bug 8210; bugfix on 0.2.4.10. Found by coverity; this is CID
980651.
2013-02-11 16:46:38 -05:00
Nick Mathewson
9b2bb901d7 Fix a null-deref-on-fail in unit tests
If geoip_format_bridge_stats() returned NULL when it should have
returned a string, we would have tried to deref NULL, and died.  Not
a big deal in the unit tests, but still worth fixing.

Found by coverity; This is CID 743384.
2013-02-11 16:32:13 -05:00
Nick Mathewson
da6720e9fa Make _SC_OPEN_MAX actually get used when closing fds before exec.
Fixes bug 8209; bugfix on 0.2.3.1-alpha.
2013-02-11 16:27:35 -05:00
Nick Mathewson
fc35ee4910 oops; add a missing semicolon 2013-02-11 16:17:33 -05:00
Nick Mathewson
5f29bc71b3 Merge remote-tracking branch 'public/bug7816_023' 2013-02-11 16:14:17 -05:00
Nick Mathewson
afca9ab14e Fix another memory leak
This one occurs when changing configuration options. Found by
coverity.
2013-02-11 16:13:52 -05:00
Nick Mathewson
fd8ef8dc57 Merge remote-tracking branch 'public/bug8208' 2013-02-11 16:06:02 -05:00
Nick Mathewson
e3578d52e4 Check whether ei is non-NULL before altering it.
This fixes a crash bug if we fail to generate an extrainfo
descriptor.

Fixes bug 8208; bugfix on 0.2.3.16-alpha.
2013-02-11 16:05:03 -05:00
Nick Mathewson
43d2f99d54 Suppress a coverity false positive in connection_edge_package_raw_inbuf
Coverity is worried that we're checking entry_conn in some cases,
but not in the case where we set entry_conn->pending_optimistic_data.

This commit should calm it down (CID 718623).
2013-02-11 15:55:50 -05:00
Nick Mathewson
f12fafac5a Make hidden service authorization work again.
The refactoring in commit 471ab34032 wasn't complete enough: we
were checking the auth_len variable, but never actually setting it,
so it would never seem that authentication had been provided.

This commit also removes a bunch of unused variables from
rend_service_introduce, whose unusedness we hadn't noticed because
we were wiping them at the end of the function.

Fix for bug 8207; bugfix on 0.2.4.1-alpha.
2013-02-11 15:42:57 -05:00
Nick Mathewson
52263b0dda Fix even more dead code and resource leaks in the unit tests
Found by coverity
2013-02-11 15:20:20 -05:00
Nick Mathewson
96b1bd4fb8 Fix a very short-lived socket leak in tor-resolve
This shouldn't actually matter, since tor-resolve will return soon
after this function exits, but it's nice to be warning-free

Found by coverity, fixes CID 718633
2013-02-11 15:13:42 -05:00
Nick Mathewson
717946089b Resolve memory leaks in the unit tests and benchmarks (found by coverity)
These shouldn't really matter, but it's nice to be leak-free.
2013-02-11 14:57:10 -05:00
Nick Mathewson
b9432becbe Fix a copy-and-paste issue found by coverity
Fixes CID 980650; bugfix on 0.2.4.10-alpha.
2013-02-11 14:42:33 -05:00
Nick Mathewson
ffd6e557cb Speed up the curve25519 unit test by doing fewer iterations
This test was accounting for about 2/3 of our unit tests' runtime,
even on systems with a fast curve25519.  No test should take so long.
2013-02-11 13:55:42 -05:00
Nick Mathewson
01184f164f Merge remote-tracking branch 'public/bug8158' 2013-02-11 13:32:38 -05:00
Nick Mathewson
36e2eb6775 Avoid generating extra spaces when explaining how we guessed our address 2013-02-11 13:29:56 -05:00
Roger Dingledine
92ea0b86de Refactor resolve_my_address() so logs are more accurate / helpful
It returns the method by which we decided our public IP address
(explicitly configured, resolved from explicit hostname, guessed from
interfaces, learned by gethostname).

Now we can provide more helpful log messages when a relay guesses its IP
address incorrectly (e.g. due to unexpected lines in /etc/hosts). Resolves
ticket 2267.

While we're at it, stop sending a stray "(null)" in some cases for the
server status "EXTERNAL_ADDRESS" controller event. Resolves bug 8200.
2013-02-11 13:29:56 -05:00
Roger Dingledine
dfbb12cabf log the hostname that resolve_my_address() used to guess our IP 2013-02-11 13:29:56 -05:00
Nick Mathewson
2b4d4ccb3d Merge remote-tracking branch 'public/bug7801_v2' 2013-02-11 11:28:08 -05:00
Nick Mathewson
076654ce84 Replace magic constants for wide_circ_ids with inline function calls 2013-02-09 00:56:53 -05:00
Nick Mathewson
d86a45f991 Wrap more macro definitions in (parentheses)
To avoid surprises, good coding practice suggests parenthesizing every
macro definition -- or at the very least, all those involving an
expression.
2013-02-09 00:16:04 -05:00
Nick Mathewson
69ab7cd828 Improve comment at Andrea's request 2013-02-08 17:13:11 -05:00
Nick Mathewson
561e9becbd Merge remote-tracking branch 'public/signof_enum' 2013-02-08 16:48:50 -05:00
Nick Mathewson
029d2c6587 Unit test for tor_weak_random_range 2013-02-08 16:46:35 -05:00
Nick Mathewson
4bfd7806bf Add explicit check for !first_conn in ...resume_edge_reading_helper
This check isn't necessary (see comment on #7801), but it took at
least two smart people a little while to see why it wasn't necessary,
so let's have it in to make the code more readable.
2013-02-08 16:32:58 -05:00
Nick Mathewson
018fe7d11e Improve comment about our random stream choice algorithm 2013-02-08 16:31:46 -05:00
Nick Mathewson
8cdd8b8353 Fix numerous problems with Tor's weak RNG.
We need a weak RNG in a couple of places where the strong RNG is
both needless and too slow.  We had been using the weak RNG from our
platform's libc implementation, but that was problematic (because
many platforms have exceptionally horrible weak RNGs -- like, ones
that only return values between 0 and SHORT_MAX) and because we were
using it in a way that was wrong for LCG-based weak RNGs.  (We were
counting on the low bits of the LCG output to be as random as the
high ones, which isn't true.)

This patch adds a separate type for a weak RNG, adds an LCG
implementation for it, and uses that exclusively where we had been
using the platform weak RNG.
2013-02-08 16:28:05 -05:00
Nick Mathewson
c8f5f35d62 Add doxygen for bug8158 functions 2013-02-08 12:12:09 -05:00
Nick Mathewson
2403ef66ba Coalesce identical adjacent microdescriptor vote lines. 2013-02-08 12:09:46 -05:00
Nick Mathewson
194bd56c8a Refactor generating the m lines in a vote into its own function 2013-02-08 11:52:51 -05:00
Nick Mathewson
fd1c2a13e7 Merge remote-tracking branch 'karsten/geoip-manual-update' 2013-02-08 10:37:34 -05:00
Nick Mathewson
a24f29ec5d Merge remote-tracking branch 'origin/maint-0.2.3' 2013-02-08 10:36:51 -05:00
Nick Mathewson
b840b76b04 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-02-08 10:36:34 -05:00
Karsten Loesing
7f805b6048 Comment out now obsolete change in geoip-manual. 2013-02-08 14:42:07 +01:00
Karsten Loesing
adff7f944a Update to the February 2013 GeoIP database. 2013-02-08 14:39:25 +01:00
Nick Mathewson
3433216268 Merge remote-tracking branch 'public/easy_ratelim'
Conflicts:
	src/or/connection.c
2013-02-07 17:13:51 -05:00
Nick Mathewson
41200b4770 Have autoconf check whether enums are signed.
Fixes bug 7727; fix on 0.2.4.10-alpha.
2013-02-07 16:30:32 -05:00
Nick Mathewson
ba7d93db16 Merge remote-tracking branch 'public/bug7816_023'
Conflicts:
	src/common/util.c
2013-02-07 15:20:50 -05:00
Nick Mathewson
0061d42890 Merge remote-tracking branch 'public/bug7816_024' 2013-02-07 15:13:21 -05:00
Nick Mathewson
ad28397bbf Merge branch 'bug7902' 2013-02-07 15:04:11 -05:00
Nick Mathewson
522b312a51 whitespace fix 2013-02-07 14:31:51 -05:00
Nick Mathewson
12c6475c06 Merge branch 'ticket8161_squashed' 2013-02-07 14:31:04 -05:00
Mike Perry
eb15be3d45 Mention a trac ticket relevant to an XXX comment. 2013-02-07 14:30:58 -05:00
Mike Perry
bbd38f293f Better document an XXX comment about refactoring. 2013-02-07 14:30:58 -05:00
Mike Perry
b03553737c Separate the flags for logging use bias.
I think we want both sets of messages to appear independently to help us know
what needs tuning.
2013-02-07 14:30:58 -05:00
Nick Mathewson
0175209e6b Merge branch 'bug8121_squashed' 2013-02-07 14:09:17 -05:00
Nick Mathewson
266419d244 Tolerate curve25519 backends where the high bit of the pk isn't ignored
Right now, all our curve25519 backends ignore the high bit of the
public key. But possibly, others could treat the high bit of the
public key as encoding out-of-bounds values, or as something to be
preserved. This could be used to distinguish clients with different
backends, at the cost of killing a circuit.

As a workaround, let's just clear the high bit of each public key
indiscriminately before we use it. Fix for bug 8121, reported by
rransom. Bugfix on 0.2.4.8-alpha.
2013-02-07 14:09:01 -05:00
Nick Mathewson
1cd6744338 New consensus method: clip the maximum votable unmeasured bw
If we're deciding on a node's bandwidth based on "Bandwidth="
declarations, clip it to "20" or to the maxunmeasuredbw parameter,
if it's voted on.

This adds a new consensus method.

This is "part A" of bug 2286
2013-02-05 00:46:32 -05:00
Nick Mathewson
2dcad03eba Merge remote-tracking branch 'public/bug8151' 2013-02-05 00:33:04 -05:00
Mike Perry
a99ebaf4c7 Lower path use bias thresholds.
I noticed bad wifi networks can have low use success rates.
2013-02-04 16:57:09 -08:00
Roger Dingledine
2c73fe5f5e bump to 0.2.4.10-alpha-dev 2013-02-04 18:20:13 -05:00
Roger Dingledine
54f9a402c5 bump to 0.2.4.10-alpha 2013-02-04 17:11:00 -05:00
Nick Mathewson
cd4ad45ba3 Include a flag-thresholds line in each vote to describe flag cutoffs
Implements ticket 8151.
2013-02-04 13:44:05 -05:00
Nick Mathewson
12f2d986f3 Merge branch 'authdir_quick_fix' 2013-02-04 12:34:14 -05:00
Nick Mathewson
b1cb9ebb1c Merge branch 'bug8146_etc' 2013-02-04 12:34:09 -05:00
Nick Mathewson
2e9cd4b724 Quick fix on 5956 for authorities
Authorities don't set is_possible_guard on node_t, so they were
never deciding that they could build enough paths.  This is a quick
and dirty fix.

Bug not in any released version of Tor
2013-02-04 12:25:43 -05:00
Nick Mathewson
898f2d7c27 Merge branch 'bug8153' 2013-02-04 11:54:38 -05:00
Nick Mathewson
b64dc35b5c Reinstate some fixes/tweaks from 6e4a4002
These seem to have gotten conflicted out of existence while mike was
working on path bias stuff.

Thanks to sysrqb for collecting these in a handy patch.
2013-02-04 11:51:39 -05:00
Nick Mathewson
7cde094fd5 Fix a warning when building with --disable-curve25519
It appears that the code for 7291 gave an unused-value warning when
built with --disable-curve25519.
2013-02-04 11:34:23 -05:00
Nick Mathewson
5ea9a90d68 Fix compilation with --disable-curve25519 option
The fix is to move the two functions to format/parse base64
curve25519 public keys into a new "crypto_format.c" file.  I could
have put them in crypto.c, but that's a big file worth splitting
anyway.

Fixes bug 8153; bugfix on 0.2.4.8-alpha where I did the fix for 7869.
2013-02-04 11:32:55 -05:00
Nick Mathewson
4eff8b6530 When we mark a node as a sybil, mark it down and reset its uptime to 0
This prevents bug 8147, where such nodes would accrue points towards
Guard, Fast, HSDir, and so on.

Fixes bug 8147.
2013-02-04 11:11:54 -05:00
Nick Mathewson
61995d3e2c Ignore tiny bandwidths entirely when computing thresholds
Another bug 8145 fix.
2013-02-04 10:47:08 -05:00
Nick Mathewson
317d16de04 Increase the minimum value for the Fast flag to 4096.
Fix for 8145.
2013-02-04 10:41:25 -05:00
Nick Mathewson
8be7f69f8d Refactor should-count-towards-thresholds test into new function 2013-02-04 10:22:45 -05:00
Nick Mathewson
40c13240c0 When computing performance thresholds, ignore omitted-as-sybil nodes.
Fixes bug 8146.
2013-02-04 10:19:26 -05:00
Nick Mathewson
ddf2c36ab1 Whoops: evdns_log, not tor_log, in src/ext/eventdns.c 2013-02-04 10:07:02 -05:00
Roger Dingledine
bce5019eff generalize choose_random_entry()'s dirinfo parameter
Now we can specify to skip bridges that wouldn't be able to answer the
type of dir fetch we're launching.

It's still the responsibility of the rest of the code to prevent us from
launching a given dir fetch if we have no bridges that could handle it.
2013-02-02 08:19:27 -08:00
Roger Dingledine
a8297cdbd3 use microdescriptors if *any* of our bridges can handle them
Now as we move into a future where most bridges can handle microdescs
we will generally find ourselves using them, rather than holding back
just because one of our bridges doesn't use them.
2013-02-02 08:04:20 -08:00
Nick Mathewson
acb43c0735 Merge remote-tracking branch 'public/feature7706' 2013-02-01 17:24:08 -05:00
Nick Mathewson
c93f66b103 Merge remote-tracking branch 'public/bug7708_023_v3_squashed' 2013-02-01 17:11:46 -05:00
Nick Mathewson
690ea9e8cf Clarify documentation of connection_finished_flushing 2013-02-01 17:10:15 -05:00
Nick Mathewson
b442930789 Fix serious breakage in connection_handle_write_impl
When we first implemented TLS, we assumed in conneciton_handle_write
that a TOR_TLS_WANT_WRITE from flush_buf_tls meant that nothing had
been written. But when we moved our buffers to a ring buffer
implementation back in 0.1.0.5-rc (!), we broke that invariant: it's
possible that some bytes have been written but nothing.

That's bad.  It means that if we do a sequence of TLS writes that ends
with a WANTWRITE, we don't notice that we flushed any bytes, and we
don't (I think) decrement buckets.

Fixes bug 7708; bugfix on 0.1.0.5-rc
2013-02-01 17:10:15 -05:00
Nick Mathewson
996db755c2 Fix a couple of warnings on the 8081 branch. 2013-02-01 17:03:00 -05:00
Mike Perry
fed7f01377 Add EntryGuardPathUseBias to state file keyword list. 2013-02-01 17:01:26 -05:00
Mike Perry
b3e57b760e Increment an informational counter for use failed state.
This informational counter is probably now redundant, but might as well keep
it consistent I guess.
2013-02-01 17:01:26 -05:00
Mike Perry
da5817772d Rename and relocate the bw weight scale param getter.
It had nothing to do with circuit build times.
2013-02-01 17:01:22 -05:00
Mike Perry
6e4610de02 Fix a log typo found by sysrqb. 2013-02-01 17:01:22 -05:00
Mike Perry
95d272f5d8 Bounds-check path bias rate parameters.
The other remaining parameters don't really need range checks.
2013-02-01 17:01:22 -05:00
Mike Perry
bce6714f99 Refactor code that rolls back the use state
Also document it better.

Mention this refactoring in the comments for the path state machine.
2013-02-01 17:01:16 -05:00
Mike Perry
3a63e5ef42 Refactor and rename pathbias rate evaluation. 2013-02-01 17:01:12 -05:00
Mike Perry
dfcfb5d17d Refactor the scaling parameter fetching into a single function.
Also, deprecate the torrc options for the scaling values. It's unlikely anyone
but developers will ever tweak them, even if we provided a single ratio value.
2013-02-01 17:01:12 -05:00
Mike Perry
2b2c7f23f5 Mark entry guard state dirty everwhere the pathbias code touches it. 2013-02-01 17:01:12 -05:00
Mike Perry
6828a19670 Add a tristate to guard against unexpected circ purpose transitions 2013-02-01 17:01:12 -05:00
Mike Perry
173ed05d2f Clarify state transition and related pathbias comments 2013-02-01 17:01:12 -05:00
Nick Mathewson
ec90ed4f6d Merge branch 'rename_log_7599' 2013-02-01 16:23:26 -05:00
Roger Dingledine
fd49226385 Help us track bug 8093:
Improve the log message when "Bug/attack: unexpected sendme cell
from client" occurs.
2013-02-01 16:22:34 -05:00
Nick Mathewson
7301339e33 fix wide lines from tor_log rename 2013-02-01 16:19:02 -05:00
Nick Mathewson
1dd03fbc77 Fix a silly mistake in the tor_mathlog() documentation. Give it a unit test. 2013-02-01 16:09:16 -05:00
Nick Mathewson
b034d07acd Remove old wrapper code and defines for keeping log() and log(3) apart
This is the non-automated portion of bug 7599.
2013-02-01 15:49:51 -05:00
Nick Mathewson
a141430ec3 Rename log() to tor_log() for logging
This is meant to avoid conflict with the built-in log() function in
math.h.  It resolves ticket 7599.  First reported by dhill.

This was generated with the following perl script:

 #!/usr/bin/perl -w -i -p

 s/\blog\(LOG_(ERR|WARN|NOTICE|INFO|DEBUG)\s*,\s*/log_\L$1\(/g;

 s/\blog\(/tor_log\(/g;
2013-02-01 15:43:37 -05:00
Nick Mathewson
abb5519d93 typo in crypto_curve25519.c comment, spotted by rransom 2013-01-31 13:53:29 -05:00
Nick Mathewson
294ce2ea87 whitespace fix 2013-01-31 13:26:25 -05:00
Nick Mathewson
b35b4d5a9a Merge branch 'double-0-check' 2013-01-31 13:19:27 -05:00
Nick Mathewson
b0dd355891 Use %d, not %02d, for decimal percentages
Cosmetic tweak on 5956; not in any released tor.
2013-01-30 17:35:28 -05:00
Nick Mathewson
35daf6f602 Rename all of the macros in tor_queue.h to start with TOR_ 2013-01-30 12:58:49 -05:00
Nick Mathewson
29136bd7e4 Merge branch 'bug5956_squashed' 2013-01-30 11:59:51 -05:00
Nick Mathewson
02c320916e Parameterize FRAC_USABLE_NEEDED for fraction of circuits
Instead of hardcoding the minimum fraction of possible paths to 0.6, we
take it from the user, and failing that from the consensus, and
failing that we fall back to 0.6.
2013-01-30 11:58:17 -05:00
Nick Mathewson
813a0f8c40 Compute whether we're ready to build circuits based on fraction of paths
Previously we did this based on the fraction of descriptors we
had. But really, we should be going based on what fraction of paths
we're able to build based on weighted bandwidth, since otherwise a
directory guard or two could make us behave quite oddly.

Implementation for feature 5956
2013-01-30 11:58:17 -05:00
Nick Mathewson
bc52e0488b Add an optional out-arg to count_usable_descriptors
This way we get the usable nodes themselves, so we can feed them into
frac_nodes_with_descriptors
2013-01-30 11:58:17 -05:00
Nick Mathewson
fcf906ec73 Add a function to compute fraction of nodes (by weighted bw) with descriptors 2013-01-30 11:58:17 -05:00
Nick Mathewson
73d605b0f7 Detect platforms where memset(0) doesn't set doubles to 0.0.
This is allowed by the C statndard, which permits you to represent
doubles any way you like, but in practice we have some code that
assumes that memset() clears doubles in structs.  Noticed as part of
7802 review; see 8081 for more info.
2013-01-29 17:38:15 -05:00
Nick Mathewson
a0351311ae Fix unit test to not expect v2 directory request geoip info
When we implemented #5823 and removed v2 directory request info, we
never actually changed the unit tests not to expect it.

Fixes bug 8084; bug not in any released version of Tor.
2013-01-29 12:01:41 -05:00
Andrea Shepard
123daffb60 Merge branch 'bug7802' of ssh://git-rw.torproject.org/mikeperry/tor 2013-01-28 16:16:45 -08:00
Nick Mathewson
acd72d4e3e Correctly copy microdescs/extrinfos with internal NUL bytes
Fixes bug 8037; bugfix on 0.2.0.1-alpha; reported by cypherpunks.
2013-01-26 18:01:06 -05:00
Andrea Shepard
dfbd19df41 Merge branch 'time_based_onionqueue_v2' of ssh://git-rw.torproject.org/nickm/tor 2013-01-24 08:10:12 -08:00
Mike Perry
a78542f0c3 Bug 8024: Check for null/closed channel before probing. 2013-01-22 21:03:28 -08:00
Nick Mathewson
b415aba5fa Merge remote-tracking branch 'public/bug8012' 2013-01-22 14:54:30 +00:00
Nick Mathewson
dd77b652f2 More of b30d06255c for #6826: fix compat_libevent compilation
It looks like there was a compilation error for 6826 on some
platforms.  Removing even more now-uncallable code to handle detecting
libevent versions before 1.3e.

Fixes bug 8012; bug not in any released Tor.
2013-01-21 18:24:10 +00:00
Mike Perry
b810d322bf squash! Remove a source of error during path bias scaling
Improve debug logs and fix a state fencepost error.
2013-01-20 14:32:56 -08:00
Mike Perry
06a1d0b044 squash! Implement Path use bias accounting.
Make a debug log more informative.
2013-01-20 14:32:56 -08:00
Mike Perry
f858370233 Prevent early close of path bias testing circuits.
We need to let them live long enough to perform the test.
2013-01-20 14:32:56 -08:00
Mike Perry
fb711e6d77 squash! Remove a source of error during path bias scaling
Move a log message about scaling to after we scale
2013-01-20 14:32:27 -08:00
Nick Mathewson
c71b7db8f3 Merge remote-tracking branch 'karsten/bug5823' 2013-01-19 09:36:55 -05:00
Mike Perry
d80b881a52 Remove a source of error during path bias scaling
If any circuits were opened during a scaling event, we were scaling attempts
and successes by different amounts. This leads to rounding error.

The fix is to record how many circuits are in a state that hasn't been fully
counted yet, and subtract that before scaling, and add it back afterwords.
2013-01-18 21:23:33 -08:00
Mike Perry
a2db17a1aa Don't immediately count cannibalized circs as used.
Since they use RELAY_EARLY (which can be seen by all hops on the path),
it's not safe to say they actually count as a successful use.

There are also problems with trying to allow them to finish extending due to
the circuit purpose state machine logic. It is way less complicated (and
possibly more semantically coherent) to simply wait until we actually try to
do something with them before claiming we 'used' them.

Also, we shouldn't call timed out circuits 'used' either, for semantic
consistency.
2013-01-18 19:46:29 -08:00
Mike Perry
24b9b9f791 Roll back the path_state for circs if we detatch a stream.
An adversary could let the first stream request succeed (ie the resolve), but
then tag and timeout the remainder (via cell dropping), forcing them on new
circuits.

Rolling back the state will cause us to probe such circuits, which should lead
to probe failures in the event of such tagging due to either unrecognized
cells coming in while we wait for the probe, or the cipher state getting out
of sync in the case of dropped cells.
2013-01-18 19:46:28 -08:00
Mike Perry
e13e30221e Implement Path use bias accounting.
Path use bias measures how often we can actually succeed using the circuits we
actually try to use. It is a subset of path bias accounting, but it is
computed as a separate statistic because the rate of client circuit use may
vary depending on use case.
2013-01-18 19:46:21 -08:00
Nick Mathewson
42c4418bed Split smartlist_choose_node_by_bandwidth_weights
This is a minimal refactoring to expose the weighted bandwidth
calculations for each node so I can use them to see what fraction of
nodes, weighted by bandwidth, we have descriptors for.
2013-01-18 12:24:54 -05:00
Nick Mathewson
ff9bdbd56f When excluding nodes by country, exclude {??} and {A1} too
This is ticket 7706, reported by "bugcatcher."  The rationale here
is that if somebody says 'ExcludeNodes {tv}', then they probably
don't just want to block definitely Tuvaluan nodes: they also want
to block nodes that have unknown country, since for all they know
such nodes are also in Tuvalu.

This behavior is controlled by a new GeoIPExcludeUnknown autobool
option.  With the default (auto) setting, we exclude ?? and A1 if
any country is excluded.  If the option is 1, we add ?? and A1
unconditionally; if the option is 0, we never add them.

(Right now our geoip file doesn't actually seem to include A1: I'm
including it here in case it comes back.)

This feature only takes effect if you have a GeoIP file.  Otherwise
you'd be excluding every node.
2013-01-17 18:07:36 -05:00
Nick Mathewson
e0581a4b57 Replace base-{16,32,64} with base{16,32,64} in the code
Patch from onizuka generated with

 find ./ -type f -perm -u+rw -exec sed -ri 's/(Base)-(16|32|64)/\1\2/gi' {} \;

Fixes issue 6875 on Tor.
2013-01-17 16:08:28 -05:00
Nick Mathewson
213bd7760f For now, always use donna32 on msvc 2013-01-17 15:53:37 -05:00
Nick Mathewson
60a2aa8b00 Add ntor-related modules to the Makefiles.nmake 2013-01-17 15:53:36 -05:00
Nick Mathewson
1af89ce540 Fix an MSVC warning in onion.h prototypes 2013-01-17 14:42:37 -05:00
Nick Mathewson
ae58303d42 Even more code-removal for 6826
(Pull on a thread and the whole sweater unravels.)
2013-01-17 14:40:12 -05:00
Nick Mathewson
2386a98d46 Add a missing part of bug 7311's makefile.nmake tweaks
Fix by "ultramage".

This already has a changes entry.
2013-01-17 10:01:22 -05:00
Nick Mathewson
514d484597 Merge branch 'bug6826_squashed' 2013-01-17 09:23:07 -05:00
Nick Mathewson
b30d06255c Drop detection logic for pre-1.3 busted libevents
This won't actually break them any worse than they were broken before:
it just removes a set of warnings that nobody was actually seeing, I
hope.

Closes 6826
2013-01-17 09:22:57 -05:00
Nick Mathewson
d094a76cc8 Merge remote-tracking branch 'public/bug6302' 2013-01-17 09:20:24 -05:00
Karsten Loesing
da1e44ee51 Remove dirreq-v2-* lines from extra-info descriptors.
Implements the rest of #5823.
2013-01-17 10:46:34 +01:00
Jérémy Bobbio
aa01d0a183 Implement proposal 204: ignore subdomains in hidden service addresses
The implementation is pretty straightforward: parse_extended_hostname() is
modified to drop any leading components from an address like
'foo.aaaaaaaaaaaaaaaa.onion'.
2013-01-16 23:29:59 -05:00
Nick Mathewson
b998431a33 Merge branch '024_msvc_squashed'
Conflicts:
	src/or/or.h
	 srcwin32/orconfig.h
2013-01-16 22:32:12 -05:00
Nick Mathewson
b7cf7bd9ae Fix an instance of snprintf; don't use _snprintf directly 2013-01-16 22:29:39 -05:00
Nick Mathewson
5e06c4ee32 When building with MSVC, call every enum bitfield unsigned
Fixes bug 7305.
2013-01-16 22:29:39 -05:00
Nick Mathewson
739e83ca69 Add HAVE_EVENT_BASE_LOOPEXIT to win32/orconfig.h
Fix for bug 7308
2013-01-16 22:29:39 -05:00
Nick Mathewson
3b2abd8a40 Add more test modules for nmake makefiles 2013-01-16 22:29:39 -05:00
Nick Mathewson
aa8f30a487 Try to build tinytest.obj from the right sources 2013-01-16 22:29:39 -05:00
Nick Mathewson
ca3bc8973b use the /Fe flag with msvc
Fixes 7309
2013-01-16 22:29:39 -05:00
Nick Mathewson
9ddcd96149 Add missing targets to src/test/Makefile.nmake. Fix for 7316 2013-01-16 22:29:39 -05:00
Nick Mathewson
7008d43936 Add HAVE_EVENT2_DNS_H to MSVC orconfig.h
Fix for bug 7313
2013-01-16 22:29:39 -05:00
Nick Mathewson
0558efbd62 Fix a const warning under msvc 2013-01-16 22:29:38 -05:00
Nick Mathewson
ce2513abb8 Add clean target and test subdir to makefile.nmake 2013-01-16 22:29:38 -05:00
Nick Mathewson
fb497dfe9e Add missing objects to Makefile.nmake 2013-01-16 22:29:38 -05:00
Nick Mathewson
b7dd716195 Add missing includes and libs to makefile.nmake
Fixes bugs 7312 and 7310.
2013-01-16 22:29:38 -05:00
Nick Mathewson
0102aaeb6b Define SIZEOF_INTPTR_T when defining replacement intptr_t
Fixes bug 7669
2013-01-16 22:29:38 -05:00
Nick Mathewson
ca18768fb2 Aftermath of isin->contains renaming
Fix wide lines and comments, and add a changes file
2013-01-16 16:57:32 -05:00
Nick Mathewson
49e619c1cf Rename *_isin to *_contains
This is an automatically generated commit, from the following perl script,
run with the options "-w -i -p".

  s/smartlist_string_num_isin/smartlist_contains_int_as_string/g;
  s/smartlist_string_isin((?:_case)?)/smartlist_contains_string$1/g;
  s/smartlist_digest_isin/smartlist_contains_digest/g;
  s/smartlist_isin/smartlist_contains/g;
  s/digestset_isin/digestset_contains/g;
2013-01-16 16:57:11 -05:00
Nick Mathewson
e4821fa14d Remove two extrneous semicolons in dirserv.c
In 6fbdf635 we added a couple of statements like:
    if (test) {
       ...
    };

The extraneous semicolons there get flagged as worrisome empty
statements by the cparser library, so let's fix them.

Patch by Christian Grothoff; fixes bug 7115.
2013-01-16 16:49:39 -05:00
Nick Mathewson
2645de704b Definx HAVE_EVENT_BASE_LOOPEXITin msvc orconfig.h
Fixes bug 7308; bugfix on no released Tor, since we haven't actually built
right on MSVC in ages.
2013-01-16 16:32:38 -05:00
Nick Mathewson
9bd811b337 Refactor: Use SOCK_ERRNO to avoid some #ifdef _WIN32s
Fixes ticket 6302
2013-01-16 15:30:20 -05:00
Nick Mathewson
65e6e68981 Merge branch 'bug7972' 2013-01-16 13:56:10 -05:00
Nick Mathewson
50f527a2c9 Actually link against nacl when we want to use it
Fixes more of bug 7972
2013-01-16 13:07:52 -05:00
Nick Mathewson
e53e6caac5 Adjust control_reason when adjusting reason (related to 7902) 2013-01-16 12:52:19 -05:00
Nick Mathewson
08de029a17 Removee dirrec-v*-sharestatistics
These were unused and sometimes inaccurate. Resolves 5823.
2013-01-16 12:43:00 -05:00
Nick Mathewson
d1b5ae903f When we get an END cell before CONNECTED, don't report SOCKS success
Bug 7902; fix on 0.1.0.1-rc.
2013-01-16 12:09:49 -05:00
Nick Mathewson
5ed8ac4e57 Merge remote-tracking branch 'asn/bug7896' 2013-01-16 11:41:37 -05:00
Nick Mathewson
b987081941 Check for nacl headers in nacl/ subdir
Fix for bug 7972
2013-01-16 10:29:11 -05:00
Nick Mathewson
4da083db3b Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
Nick Mathewson
b5ce4f94c3 Forward-port fix for 7889 2013-01-15 16:33:53 -05:00
Nick Mathewson
938cb6a55e Merge remote-tracking branch 'origin/maint-0.2.3' 2013-01-15 16:30:26 -05:00
Nick Mathewson
ae15b55173 Merge branch 'bug7889_023' into maint-0.2.3 2013-01-15 16:30:07 -05:00
Nick Mathewson
c134bb5a8d Merge branch 'small_typo_fixes' 2013-01-15 16:01:38 -05:00
Nick Mathewson
0301a1df6c Bump to 0.2.4.9-alpha-dev 2013-01-15 16:01:02 -05:00
Roger Dingledine
6e4a4002c5 Clean up odds and ends 2013-01-15 15:40:17 -05:00
Roger Dingledine
23dd7c9012 bump to 0.2.4.9-alpha 2013-01-15 11:57:34 -05:00
Nick Mathewson
beca92c31b Fix handling of ntor handshakes received via CREATE cells
Fixes bug 7959; bugfix on 0.2.4.8-alpha.
2013-01-15 00:41:09 -05:00
Nick Mathewson
ebf30613ea Better log message to diagnose #7959 2013-01-15 00:25:07 -05:00
Nick Mathewson
85eb83052f Bump version to 0.2.4.8-alpha-dev 2013-01-15 00:24:19 -05:00
Roger Dingledine
26cffd3b86 bump to 0.2.4.8-alpha 2013-01-14 18:52:42 -05:00
Nick Mathewson
47122d1d25 Revert junk accidentally included with "start folding in the changes entries"
Looks like Roger's debugging code wanted to take a tour of the world
outside his sandbox.

This reverts part of commit 19d3720236.
2013-01-14 14:41:59 -05:00
Nick Mathewson
cb24852ec5 Merge remote-tracking branch 'origin/maint-0.2.3' 2013-01-14 14:24:53 -05:00
Nick Mathewson
1625cddf3a Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-01-14 14:24:19 -05:00
Nick Mathewson
4ccf09b1c2 Reject create/begin/etc cells with {circ,stream}ID 0.
Otherwise, it's possible to create streams or circuits with these
bogus IDs, leading to orphaned circuits or streams, or to ones that
can cause bandwidth DOS problems.

Fixes bug 7889; bugfix on all released Tors.
2013-01-14 14:02:13 -05:00
Roger Dingledine
19d3720236 start folding in the changes entries 2013-01-14 13:34:59 -05:00
Nick Mathewson
c9242f4fd4 Merge branch 'bug7869' 2013-01-14 12:32:00 -05:00
Nick Mathewson
d357b97b6d Merge remote-tracking branch 'mikeperry/bug7691-rebased' 2013-01-13 21:48:33 -05:00
Nick Mathewson
a5ee3834bf Handle EWOULDBLOCK as EAGAIN if they happen to be different.
Fixes bug 7935.  Reported by 'oftc_must_be_destroyed'.
2013-01-11 16:36:54 -08:00
George Kadianakis
50028e4d68 Mention name of the transport used when we learn the fpr of a bridge. 2013-01-09 15:52:35 +02:00
Mike Perry
d05ff310a5 Bug 7691 review fixes.
Also add in the random nonce generation.
2013-01-08 19:29:56 -08:00
Mike Perry
f60c25cd25 Bug 7341 code review fixes. 2013-01-08 18:12:38 -08:00
Mike Perry
15fdfc2993 Bug 7691: Send a probe cell down certain types of circs.
In general, if we tried to use a circ for a stream, but then decided to place
that stream on a different circuit, we need to probe the original circuit
before deciding it was a "success".

We also need to do the same for cannibalized circuits that go unused.
2013-01-08 17:28:08 -08:00
Mike Perry
3458d904f6 Fix bug 7341.
Fix cannibalize, rend circ and intro circ timeout handling.
2013-01-08 17:21:05 -08:00
Nick Mathewson
31d888c834 Make the = at the end of ntor-onion-key optional.
Makes bug 7869 more easily fixable if we ever choose to do so.
2013-01-05 22:53:32 -05:00
Karsten Loesing
32114d70ae Update to the January 2013 GeoIP database. 2013-01-05 08:18:26 +01:00
Nick Mathewson
677d18278e Better handling (I think) for onionskin timing w jumpy clocks
The fix: Instead of clipping huge/negative times, ignore them as
probably invalid.
2013-01-03 13:26:59 -05:00
Nick Mathewson
30e139389b Record and report the overhead of how we handle onionskins. 2013-01-03 13:20:20 -05:00
Nick Mathewson
b9fb01721a Use a TAILQ, not a singly-linked queue, for the onion queue.
This makes removing items from the middle of the queue into an O(1)
operation, which could prove important as we let onionqueues grow
longer.

Doing this actually makes the code slightly smaller, too.
2013-01-03 13:03:41 -05:00
Nick Mathewson
b0b3c14c11 Eliminate MaxOnionsPending; replace it with MaxOnionQueueDelay
The right way to set "MaxOnionsPending" was to adjust it until the
processing delay was appropriate.  So instead, let's measure how long
it takes to process onionskins (sampling them once we have a big
number), and then limit the queue based on its expected time to
finish.

This change is extra-necessary for ntor, since there is no longer a
reasonable way to set MaxOnionsPending without knowing what mix of
onionskins you'll get.

This patch also reserves 1/3 of the onionskin spots for ntor
handshakes, on the theory that TAP handshakes shouldn't be allowed to
starve their speedier cousins.  We can change this later if need be.

Resolves 7291.
2013-01-03 13:03:41 -05:00
Nick Mathewson
dffc8e359b Whoops; make that unit test actually pass :/ 2013-01-03 12:46:55 -05:00
Nick Mathewson
27ac306deb Add a unit test for the curve25519 keypair persistence functions 2013-01-03 12:38:44 -05:00
Nick Mathewson
b1bdecd703 Merge branch 'ntor-resquashed'
Conflicts:
	src/or/cpuworker.c
	src/or/or.h
	src/test/bench.c
2013-01-03 11:52:41 -05:00
Nick Mathewson
d3de0b91fb Check all crypto_rand return values for ntor. 2013-01-03 11:29:49 -05:00
Nick Mathewson
94cb7bd24d Complete all DOCDOC entries from the ntor branch 2013-01-03 11:29:48 -05:00
Nick Mathewson
5f219ddd02 Use safe_mem_is_zero for checking curve25519 output for 0-ness
This should make the intent more explicit.  Probably needless, though.
2013-01-03 11:29:48 -05:00
Nick Mathewson
f07a5125cb Implement a constant-time safe_mem_is_zero. 2013-01-03 11:29:48 -05:00
Nick Mathewson
c46ff3ec79 Add reference implementation for ntor, plus compatibility test
Before I started coding ntor in C, I did another one in Python.
Turns out, they interoperate just fine.
2013-01-03 11:29:48 -05:00
Nick Mathewson
839016ac79 ntor: Don't fail fast server-side on an unrecognized KEYID(B) 2013-01-03 11:29:48 -05:00
Nick Mathewson
463e9378df Update our copy of curve25519-donna-c64.
This now matches upstream at version 59a896970a1ad0a6cd7d0.
(Adam took my patches.)
2013-01-03 11:29:48 -05:00
Nick Mathewson
095c70b7af Use always_inline only with inline; otherwise GCC gripes 2013-01-03 11:29:47 -05:00
Nick Mathewson
d907fca29b Make libcurve25519_donna get built as a .a
This lets us give it compiler flags differing from the rest of
libor-crypto.a
2013-01-03 11:29:47 -05:00
Nick Mathewson
ef13bf4432 Fix an unused-variable warning 2013-01-03 11:29:47 -05:00
Nick Mathewson
b286373908 Enable the ntor handshake on the client side.
"works for me"
2013-01-03 11:29:47 -05:00
Nick Mathewson
ecf88b16b8 Enable handling of create2/extend2/created2/extended2 2013-01-03 11:29:47 -05:00
Nick Mathewson
5c68a1efaa Don't check create cells too much when we're relaying them
We want to sanity-check our own create cells carefully, and other
people's loosely.
2013-01-03 11:29:47 -05:00
Nick Mathewson
1ed4786dba Implement scheme to allow ntor requests/responses via older servers 2013-01-03 11:29:47 -05:00
Nick Mathewson
115e8fe9a5 Use created_cell_format where appropriate 2013-01-03 11:29:47 -05:00
Nick Mathewson
6c69b16c93 Use new wrappers for making,sending,processing create/extend cells 2013-01-03 11:29:47 -05:00
Nick Mathewson
2802ccaeb6 Teach cpuworker and others about create_cell_t and friends
The unit of work sent to a cpuworker is now a create_cell_t; its
response is now a created_cell_t.  Several of the things that call or
get called by this chain of logic now take create_cell_t or
created_cell_t too.

Since all cpuworkers are forked or spawned by Tor, they don't need a
stable wire protocol, so we can just send structs.  This saves us some
insanity, and helps p
2013-01-03 11:29:46 -05:00
Nick Mathewson
5d15d597a9 Code to parse and format CREATE{,2,_FAST} cells and their allies
As elsewhere, it makes sense when adding or extending a cell type to
actually make the code to parse it into a separate tested function.

This commit doesn't actually make anything use these new functions;
that's for a later commit.
2013-01-03 11:29:46 -05:00
Nick Mathewson
18c7d3f157 Rename handshake_digest to rend_circ_nonce
The handshake_digest field was never meaningfully a digest *of* the
handshake, but rather is a digest *from* the handshake that we exapted
to prevent replays of ESTABLISH_INTRO cells.  The ntor handshake will
generate it as more key material rather than taking it from any part
of the circuit handshake reply..
2013-01-03 11:29:46 -05:00
Nick Mathewson
f58d4dfcd6 Massive refactoring of the various handshake types
The three handshake types are now accessed from a unified interface;
their state is abstracted from the rest of the cpath state, and so on.
2013-01-03 11:29:46 -05:00
Nick Mathewson
5fa1c7484c Refactor the CREATE_FAST handshake code to match the others. 2013-01-03 11:29:02 -05:00
Nick Mathewson
f7e590df05 Split onion.[ch] into onion{,_fast,_tap}.[ch]
I'm going to want a generic "onionskin" type and set of wrappers, and
for that, it will be helpful to isolate the different circuit creation
handshakes.  Now the original handshake is in onion_tap.[ch], the
CREATE_FAST handshake is in onion_fast.[ch], and onion.[ch] now
handles the onion queue.

This commit does nothing but move code and adjust header files.
2013-01-02 14:11:14 -05:00
Nick Mathewson
5b3dd1610c Wrangle curve25519 onion keys: generate, store, load, publish, republish
Here we try to handle curve25519 onion keys from generating them,
loading and storing them, publishing them in our descriptors, putting
them in microdescriptors, and so on.

This commit is untested and probably buggy like whoa
2013-01-02 14:11:14 -05:00
Nick Mathewson
6c883bc638 Move curve25519 keypair type to src/common; give it functions
This patch moves curve25519_keypair_t from src/or/onion_ntor.h to
src/common/crypto_curve25519.h, and adds new functions to generate,
load, and store keypairs.
2013-01-02 14:11:13 -05:00
Nick Mathewson
25c05cb747 Refactor strong os-RNG into its own function
Previously, we only used the strong OS entropy source as part of
seeding OpenSSL's RNG.  But with curve25519, we'll have occasion to
want to generate some keys using extremely-good entopy, as well as the
means to do so.  So let's!

This patch refactors the OS-entropy wrapper into its own
crypto_strongest_rand() function, and makes our new
curve25519_secret_key_generate function try it as appropriate.
2013-01-02 14:11:13 -05:00
Nick Mathewson
4d36eafd74 curve25519-donna-c64: make endian-neutralness fns static 2013-01-02 14:11:13 -05:00
Nick Mathewson
cf4dd5fbcb Implementat the ntor handshake
The ntor handshake--described in proposal 216 and in a paper by
Goldberg, Stebila, and Ustaoglu--gets us much better performance than
our current approach.
2013-01-02 14:10:49 -05:00
Nick Mathewson
89ec584805 Add a wrapper around, and test and build support for, curve25519.
We want to use donna-c64 when we have a GCC with support for
64x64->uint128_t multiplying.  If not, we want to use libnacl if we
can, unless it's giving us the unsafe "ref" implementation.  And if
that isn't going to work, we'd like to use the
portable-and-safe-but-slow 32-bit "donna" implementation.

We might need more library searching for the correct libnacl,
especially once the next libnacl release is out -- it's likely to have
bunches of better curve25519 implementations.

I also define a set of curve25519 wrapper functions, though it really
shouldn't be necessary.

We should eventually make the -donna*.c files get build with
-fomit-frame-pointer, since that can make a difference.
2013-01-02 14:10:48 -05:00
Nick Mathewson
f06966023a curve25519-donna-c64: work on bigendian and alignment-happy systems
There was one place in curve25519-donna-c64 that was relying on
unaligned access and relying on little-endian values.  This patch
fixes that.

I've sent Adam a pull request.
2013-01-02 14:10:48 -05:00
Nick Mathewson
c85bb680cc Make curve25519-donna work with our compiler warnings. 2013-01-02 14:10:48 -05:00
Nick Mathewson
9c3c571c0c Add fallback implementations for curve25519: curve25519_donna
This is copied from Adam Langley's curve25519-donna package, as
of commit 09427c9cab32075c06c3487aa01628030e1c5ae7.
2013-01-02 14:10:48 -05:00
Nick Mathewson
cfab9f0755 Add a data-invariant linear-search map structure
I'm going to use this for looking op keys server-side for ntor.
2013-01-02 14:10:48 -05:00
Nick Mathewson
ee4182612f Avoid spurious local-port warnings
Our old warn_nonlocal_client_ports() would give a bogus warning for
every nonlocal port every time it parsed any ports at all.  So if it
parsed a nonlocal socksport, it would complain that it had a nonlocal
socksport...and then turn around and complain about the nonlocal
socksport again, calling it a nonlocal transport or nonlocal dnsport,
if it had any of those.

Fixes bug 7836; bugfix on 0.2.3.3-alpha.
2013-01-02 10:37:03 -05:00
Sebastian Hahn
11e8a445c3 Fix a couple of harmless clang3.2 warnings 2012-12-31 18:23:28 +01:00
Nick Mathewson
5e22cfe2b4 Fix a crash bug when running an node without IPv6-exit support.
Fixes bug 7814; bugfix on 0.2.4.7-alpha.
2012-12-29 01:22:34 -05:00
Nick Mathewson
f272ee6a20 Fix an impossible-in-normal-operation leaks in dirvote
Spotted by coverity; partial fix for 7816; bugfix on 0.2.0.5-alpha.
2012-12-28 23:04:44 -05:00
Nick Mathewson
ee1d8dc480 Fix a leak-on-error case in 0.2.4 spotted by coverity
This one hits if the snprintf() fails when we're writing our IPv6
exit policy. It's new in 0.2.4.7-alpha. Part of bug 7816.
2012-12-28 22:59:32 -05:00
Nick Mathewson
d3aabf4db1 Fix various small leaks on error cases
Spotted by coverity, bug 7816, bugfix on various versions.
2012-12-28 22:49:32 -05:00
Nick Mathewson
b509ead20d Avoid leaking headers received from SSL proxy
Fixes part of 7816. Spotted by coverity. Fix on 0.2.2.1-alpha.
2012-12-28 22:45:53 -05:00
Nick Mathewson
4b571d3ab3 Fix memory leak in safe-cookie authentication code
Coverity spotted this. Bug 7816. Fix on 0.2.3.13-alpha.
2012-12-28 22:38:42 -05:00
Nick Mathewson
a7334f5122 Use log_fn_ratelim in a few places. 2012-12-26 11:07:15 -05:00
Nick Mathewson
f269e0f9a5 Wrapper function for the common rate-limited-log pattern. 2012-12-26 11:07:11 -05:00
Nick Mathewson
127cb39ffc Rate-limit "No circuits are opened" message to once-per-hour
mr-4 reports on #7799 that he was seeing it several times per second,
which suggests that things had gone very wrong.

This isn't a real fix, but it should make Tor usable till we can
figure out the real issue.
2012-12-26 10:05:45 -05:00
Nick Mathewson
2e9be92cd7 Fix a possibly-unused-var warning. Thank you, GCC. 2012-12-25 23:37:41 -05:00
Nick Mathewson
01a09e8f86 Fix compilation warning: must not format u64 as long. 2012-12-25 23:34:38 -05:00
Nick Mathewson
8324824d8f Fix whitespace 2012-12-25 23:34:16 -05:00
Nick Mathewson
885e8d35c7 Merge remote-tracking branch 'mikeperry/209-path-bias-changes' 2012-12-25 23:30:28 -05:00
Nick Mathewson
0f9dfef9d6 Add configuration options for directory guards
In addition to all the other ways to make directory gurads not go,
you can now set UseEntryGuardsAsDirGuards to 0.
2012-12-25 23:14:43 -05:00
Nick Mathewson
0c4210fb65 Directory guard implementation.
Implements proposal 207; ticket 6526.
2012-12-25 23:14:43 -05:00
Nick Mathewson
1df7289000 Remember which of our guards are directory caches 2012-12-25 23:10:41 -05:00
Nick Mathewson
a7c6b4ab91 Split choosing a regular directory into its own fn 2012-12-25 23:10:41 -05:00
Nick Mathewson
68dae4cf35 One last fix for a warning on non-EC systems 2012-12-25 22:12:18 -05:00
Nick Mathewson
ddbe28919a Be more noncomittal about performance improvement of uint128 backend. 2012-12-25 21:08:42 -05:00
Nick Mathewson
25afecdbf9 Make ECDHE group configurable: 224 for public, 256 for bridges (default) 2012-12-25 20:22:46 -05:00
Nick Mathewson
c8b3bdb782 Inform the user if they're passing up a 10x ECDH speedup. 2012-12-25 20:14:07 -05:00
Nick Mathewson
2f8fd53750 Add benchmark for DH handshake and ECDH-P-224/56 handshake 2012-12-25 20:14:07 -05:00
Nick Mathewson
175b2678d7 Let servers choose better ciphersuites when clients support them
This implements the server-side of proposal 198 by detecting when
clients lack the magic list of ciphersuites that indicates that
they're lying faking some ciphers they don't really have.  When
clients lack this list, we can choose any cipher that we'd actually
like.  The newly allowed ciphersuites are, currently, "All ECDHE-RSA
ciphers that openssl supports, except for ECDHE-RSA-RC4".

The code to detect the cipher list relies on on (ab)use of
SSL_set_session_secret_cb.
2012-12-25 20:14:07 -05:00
Nick Mathewson
63208aa1e5 Remove the address argument from client cipher classification fns 2012-12-25 20:14:07 -05:00
Nick Mathewson
047d9e57b0 Cache the type of client cipher list we have in the tor_tls_t
We already use this classification for deciding whether (as a server)
to do a v2/v3 handshake, and we're about to start using it for
deciding whether we can use good ciphersuites too.
2012-12-25 20:14:07 -05:00
Nick Mathewson
2a26e1d45f prop198: Detect the list of ciphersuites we used to lie about having
This is less easy than you might think; we can't just look at the
client ciphers list, since openssl doesn't remember client ciphers if
it doesn't know about them.  So we have to keep a list of the "v2"
ciphers, with the ones we don't know about removed.
2012-12-25 20:14:07 -05:00
Nick Mathewson
bbaf4d9643 Configure SSL context to know about using P-256 for ECDHE. 2012-12-25 20:14:03 -05:00
Roger Dingledine
747d284088 bump to 0.2.4.7-alpha-dev 2012-12-25 02:52:53 -05:00
Roger Dingledine
d3c2254fda bump to 0.2.4.7-alpha 2012-12-24 04:04:04 -05:00
Nick Mathewson
8b5787ec0d When there are no dir_server_ts to choose, don't crash
It's important not to call choose_array_element_by_weight and then
pass its return value unchecked to smartlist_get : it is allowed to
return -1.

Fixes bug 7756; bugfix on 4e3d07a6 (not in any released Tor)
2012-12-18 21:32:53 -05:00
Mike Perry
406d59a9c9 Nick's Code review #3 part 2. 2012-12-18 14:16:01 -08:00
Mike Perry
b0fc18c37e Changes from Nick's code review 'part 1'
I think this is actually his third code review of this branch so far.
2012-12-18 13:26:36 -08:00
Nick Mathewson
7a99d26c79 Add packaged cell fullness to the heartbeat message.
This is an attempt to diagnose the severity of bug 7743.
2012-12-18 15:16:35 -05:00
Nick Mathewson
9b9cc6774f Merge branch 'ticket7570_7571'
Conflicts:
	src/or/routerlist.c
2012-12-17 15:49:09 -05:00
Nick Mathewson
4a07ea4a8c Drop the maximum attempts to get a virtual address to 1000.
This is good enough to give P_success >= 999,999,999/1,000,000,000 so
long as the address space is less than 97.95 full.  It'd be ridiculous
for that to happen for IPv6, and usome reasonable assumptions, it
would also be pretty silly for IPv4.
2012-12-17 14:51:31 -05:00
Nick Mathewson
4ded40b0ca Add missing doxygen for DNS and automap code 2012-12-17 14:51:31 -05:00
Nick Mathewson
8d080d0b01 Per-listener option to prefer IPv6 automaps when possible. 2012-12-17 14:51:30 -05:00
Nick Mathewson
de4cc126cb Build and test most of the machinery needed for IPv6 virtualaddrmaps
With an IPv6 virtual address map, we can basically hand out a new
IPv6 address for _every_ address we connect to.  That'll be cool, and
will let us maybe get around prop205 issues.

This uses some fancy logic to try to make the code paths in the ipv4
and the ipv6 case as close as possible, and moves to randomly
generated addresses so we don't need to maintain those stupid counters
that will collide if Tor restarts but apps don't.

Also has some XXXX items to fix to make this useful. More design
needed.
2012-12-17 14:51:29 -05:00
Nick Mathewson
963b3d1549 Refactor the code to check if an address is matched by automapsuffixes 2012-12-17 14:50:55 -05:00
Nick Mathewson
88d7312ff2 Fix another uninitialized var warning from GCC 2012-12-17 14:50:05 -05:00
Nick Mathewson
8969d9e0b6 Fixed an unused-variable warning 2012-12-17 14:50:05 -05:00
Nick Mathewson
8eb422e7bd Don't use the cache when changing an IP address because of an exit policy 2012-12-17 14:50:05 -05:00
Nick Mathewson
ac990aa44a Turn off by-default use of client-side DNS cacheing. 2012-12-17 14:50:04 -05:00
Nick Mathewson
7315a67646 Refactor port_cfg_t creation into a port_cfg_new() function
This function gives us a single place to set reasonable default flags
for port_cfg_t entries, to avoid bugs like the one where we weren't
setting ipv4_traffic_ok to 1 on SocksPorts initialized in an older
way.
2012-12-17 14:50:03 -05:00
Nick Mathewson
7536c40e96 Implement option to turn off DNS cache modification by a client port
(This is part 3 of making DNS cache use enabled/disabled on a
per-client port basis.  This implements the UseCacheIPv[46]DNS options)
2012-12-17 14:48:09 -05:00
Nick Mathewson
f33487668f Implement option to turn off DNS cache use on a client port
(This is part 2 of making DNS cache use enabled/disabled on a
per-client port basis.  This implements the CacheIPv[46]DNS options,
but not the UseCachedIPv[46] ones.)
2012-12-17 14:48:09 -05:00
Nick Mathewson
32219d8313 Oops: make the check for not adding ip->ip DNS maps correct 2012-12-17 14:48:09 -05:00
Nick Mathewson
d3e9e03cac Add options to turn DNS cache use on or off per client port.
(This is part 1 of making DNS cache use enabled/disabled on a
per-client port basis.  These options are shuffled around correctly,
but don't do anything yet.)
2012-12-17 14:48:08 -05:00
Nick Mathewson
44a9a47706 Oops; make DNSPort configuration take address family options 2012-12-17 14:48:08 -05:00
Nick Mathewson
3874e74b49 Avoid a 'may be used uninitialized' warning
Fixes bug 7746; bug not in any released version of Tor.
2012-12-17 11:14:12 -05:00
Nick Mathewson
b1ff8daeb5 Nuke uses of memcmp outside of unit tests
We want to be saying fast_mem{cmp,eq,neq} when we're doing a
comparison that's allowed to exit early, or tor_mem{cmp,eq,neq} when
we need a data-invariant timing.  Direct use of memcmp tends to imply
that we haven't thought about the issue.
2012-12-13 17:34:05 -05:00
Nick Mathewson
579808d4cd Merge remote-tracking branch 'origin/maint-0.2.3'
Conflicts:
	src/config/geoip
2012-12-13 12:52:44 -05:00
Nick Mathewson
52bf1556b1 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-12-13 12:51:28 -05:00
Nick Mathewson
6a468a1722 Fix two wide lines in config.c 2012-12-13 12:44:17 -05:00
Nick Mathewson
01ac961ca1 Merge branch 'fallback_dirsource_v3' 2012-12-13 12:42:29 -05:00
Karsten Loesing
6bdfa295b5 Add link explaining how the geoip file was created. 2012-12-13 08:45:25 +01:00
Karsten Loesing
c9a5d613a6 Update to the December 2012 GeoIP database. 2012-12-13 08:44:30 +01:00
Karsten Loesing
d2cfd52d2c Update to the November 2012 GeoIP database. 2012-12-13 08:44:20 +01:00
Mike Perry
ccaeef22e1 Tags on relay cells can result in certain reason codes.
Close the circuit (it's probably junk anyways), and make sure we don't probe
it/count it as a success.
2012-12-11 17:49:12 -08:00
Mike Perry
af9011f824 Woops, this log message triggers with the 2-hop bias commit. 2012-12-11 17:19:39 -08:00
Mike Perry
c1bc6a1124 Add a missing comment. 2012-12-10 00:36:10 -08:00
Mike Perry
d409c8a90d More log message and space fixups. 2012-12-10 00:28:07 -08:00
Mike Perry
aa16d59ee7 Clean up some XXX comments. 2012-12-09 23:50:05 -08:00
Mike Perry
4590993ff3 Space fixes. 2012-12-09 23:47:04 -08:00
Mike Perry
b75880d7b3 Fix a rather serious use-count state bug.
We need to use the success count or the use count depending on the consensus
parameter.
2012-12-09 20:56:48 -08:00
Mike Perry
2dbb62f1b5 Convert to doubles for all pathbias state.
Let's hope this solves the rounding error issue..
2012-12-09 20:53:22 -08:00
Mike Perry
ab1fce5c19 Also shorten circuit_successes to circ_successes.
For consistency and great justice.

Ok, mostly consistency.
2012-12-09 20:24:50 -08:00
Mike Perry
a90f165b83 Rename first_hop to circ_attempt.
Since we've generalized what we can count from (first or second hop), we
should generalize the variable and constant naming too.
2012-12-09 20:24:22 -08:00
Mike Perry
04866055e8 Change from first hop accounting to 2nd hop accounting
This has several advantages, including more resilience to ambient failure.

I still need to rename all the first_hop vars tho.. Saving that for a separate
commit.
2012-12-09 20:02:41 -08:00
Mike Perry
fbbf894d4d Add intro+rend cannibalize param.. 2012-12-09 20:02:08 -08:00
Mike Perry
930fbb2fec Flag cannibalized circs as used (non-ideal).
Also add some comments.
2012-12-09 19:18:04 -08:00
Mike Perry
686fc22259 Allow any valid 'end' cell to mean a circuit was used successfully.
Also improve some log messages.
2012-12-08 16:37:22 -08:00
Mike Perry
b599a6ed07 Sadly, we can't safely count client intro circ success 2012-12-08 14:16:29 -08:00
Mike Perry
5f733ccd73 Fix some hidden service edge cases. 2012-12-08 12:07:58 -08:00
Mike Perry
26fa47226c Refactor path use bias code into own function.
Also, improve and log some failure cases.
2012-12-07 17:47:23 -08:00
Mike Perry
c3b71a3fc9 Actually, both nacks and acks indicate a valid path 2012-12-07 15:50:31 -08:00
Mike Perry
dc86d7c35b Note more potential issues. 2012-12-07 15:28:38 -08:00
Mike Perry
ecaeb505fa Note a strange case for SOCKS streams. 2012-12-07 15:28:38 -08:00
Mike Perry
7a28862d56 Fix another crash bug. 2012-12-07 15:28:38 -08:00
Mike Perry
721f7e3751 Fix a crash bug and pass down a remote reason code.
Unexpected channel closures count as remote circ failures.
2012-12-07 15:28:38 -08:00
Mike Perry
9b40466072 Document that care needs to be taken with any_streams_attached. 2012-12-07 15:28:38 -08:00
Mike Perry
c3028edba6 Remove n_chan codepaths for determinining guard.
Cpath is apparently good enough.
2012-12-07 15:28:38 -08:00
Mike Perry
a630726884 Move a pathbias function that depends on entryguard_t. 2012-12-07 15:28:38 -08:00
Mike Perry
7f8cbe389d Fix a crash due to NULL circ->n_chan.
Is this redundant? Can we always rely on circ->cpath->extend_info
being present for origin circuits?
2012-12-07 15:28:38 -08:00
Mike Perry
428fbfc1d5 Prop209: Rend circuits weren't ever marked dirty. 2012-12-07 15:28:38 -08:00
Mike Perry
aa0e6e2c03 Prop 209: Add in hidserv path bias counts for usage. 2012-12-07 15:28:38 -08:00
Mike Perry
412ae099cb Prop 209: Add path bias counts for timeouts and other mechanisms.
Turns out there's more than one way to block a tagged circuit.

This seems to successfully handle all of the normal exit circuits. Hidden
services need additional tweaks, still.
2012-12-07 15:28:38 -08:00
Mike Perry
da5c398d79 Be explicit about units for timeout. 2012-12-07 15:28:37 -08:00
Mike Perry
ef1b830ef8 Fix an assert crash and an incorrectly placed return. 2012-12-07 15:28:37 -08:00
Mike Perry
bb548134cd Update with code review changes from Nick. 2012-12-07 15:28:37 -08:00
Mike Perry
192996690c Fix spaces. 2012-12-07 15:28:37 -08:00
Mike Perry
a54873648f Refactor pathbias functions to use pathbias_should_count. 2012-12-07 15:28:37 -08:00
Mike Perry
ab9c83c949 Update Path Bias log messages to match Proposal 209. 2012-12-07 15:28:37 -08:00
Mike Perry
9bf5582e73 Add log message checks for different rates.
May want to squash this forward or back..
2012-12-07 15:28:37 -08:00
Mike Perry
248fbc3619 Update pathbias parameters to match Proposal 209.
Needs manpage update and testing still..
2012-12-07 15:28:37 -08:00
Mike Perry
954f263ed5 Add the ability to count circuit timeouts for guards.
This is purely for informational reasons for debugging.
2012-12-07 15:28:36 -08:00
Nick Mathewson
c8056dcbbb Fix some wide lines 2012-12-07 14:14:20 -05:00
Nick Mathewson
3fa9151f26 Merge branch 'win64-7260'
Conflicts:
	src/or/dns.c
2012-12-07 14:12:17 -05:00
Nick Mathewson
cd4f56a37c Fix infinite loop in circuit_expire_bulding
Fixes bug 7663; bug introduced in 42e3c04a7a.  Not in any
released version of Tor.
2012-12-07 14:08:07 -05:00
Nick Mathewson
f366b0112e Merge remote-tracking branch 'karsten/task-6266' 2012-12-07 11:39:56 -05:00
Nick Mathewson
81fcebcd05 Merge branch 'bug7306' 2012-12-07 11:11:26 -05:00
Nick Mathewson
025dc19b63 Merge remote-tracking branch 'public/bug6887' 2012-12-07 11:02:27 -05:00
Mike Perry
42e3c04a7a Bug 3443: Don't count ORconn setup in circuit build time.
Also, add a hack Roger suggested where we're more patient if no circuits are
opened yet.
2012-12-07 10:34:09 -05:00
Nick Mathewson
f742b33d85 Drop FallbackNetworkstatusFile; it never worked. 2012-12-06 11:28:49 -05:00
Nick Mathewson
a8d491a8fd Add an option to weight down authorities when choosing a fallback 2012-12-06 11:28:49 -05:00
Nick Mathewson
06cd62266f Add a way to configure selection weights for dir_server_t 2012-12-06 11:28:49 -05:00
Nick Mathewson
4e3d07a68a When choosing among dirserver_ts, consider their weights 2012-12-06 11:28:49 -05:00
Nick Mathewson
90f6071d8d New FallbackDir option to add extra directories for bootstraping
This replaces the old FallbackConsensus notion, and should provide a
way -- assuming we pick reasonable nodes! -- to give clients
suggestions of placs to go to get their first consensus.
2012-12-06 11:28:49 -05:00
Nick Mathewson
46a62e3256 Refactor add_trusted_dir_server
Now creating a dir_server_t and adding it are separate functions, and
there are frontend functions for adding a trusted dirserver and a
fallback dirserver.
2012-12-06 11:28:48 -05:00
Nick Mathewson
705ee3b5d4 Rename trusted_dir_server_t to dir_server_t. Automatic renaming. 2012-12-06 11:27:20 -05:00
Nick Mathewson
ded70363a7 Rename DirServer to DirAuthority 2012-12-06 11:23:43 -05:00
Nick Mathewson
5c51b3f1f0 Start refactoring trusted_dir_servers into trusted and fallback lists
We use trusted_dir_server_t for two pieces of functionality: a list of
all directory authorities, and a list of initial places to look for
a directory.  With this patch we start to separate those two roles.

There is as of now no actual way to be a fallback directory without being
an authority.
2012-12-06 11:23:43 -05:00
Nick Mathewson
404e3dd481 Correct moribund logic about caching v2 networkstatuses 2012-12-06 11:15:01 -05:00
Nick Mathewson
194cc24792 Make output of router_get_trusted_dir_servers const 2012-12-06 11:15:01 -05:00
Nick Mathewson
b326e76144 Use FreeLibrary, not CloseHandle, for library in test_util.c
Fix for bug 7306. Bugfix on 0.2.2.17-alpha.
2012-12-06 10:59:02 -05:00
Karsten Loesing
c718921d34 Update to the December 2012 GeoIP database. 2012-12-06 11:29:47 +01:00
Nick Mathewson
014e69054d Add a unit test for the old KDF while we're at it 2012-12-06 01:54:09 -05:00
Nick Mathewson
6921d1fd25 Implement HKDF from RFC5869
This is a customizable extract-and-expand HMAC-KDF for deriving keys.
It derives from RFC5869, which derives its rationale from Krawczyk,
H., "Cryptographic Extraction and Key Derivation: The HKDF Scheme",
Proceedings of CRYPTO 2010, 2010, <http://eprint.iacr.org/2010/264>.

I'm also renaming the existing KDF, now that Tor has two of them.

This is the key derivation scheme specified in ntor.

There are also unit tests.
2012-12-06 01:54:09 -05:00
Nick Mathewson
4f60bca1c1 Add benchmark to test onionskin performance. 2012-12-06 01:54:09 -05:00
Nick Mathewson
3c3084e165 Add a crypto_dh_dup, for benchmark support 2012-12-06 01:54:09 -05:00
Nick Mathewson
bd93ff8dd7 Merge remote-tracking branch 'asn/bug7592_take2' 2012-12-04 21:47:45 -05:00
George Kadianakis
c01dfd5d7b Return connection_exit_connect() if payload creation failed.
Fixes bug #7592; bugfix on 882b389668.

The bug is not present in any released versions of Tor.
2012-12-05 04:32:11 +02:00
Roger Dingledine
e899d49e2f fix some typos 2012-12-03 13:33:43 -05:00
Nick Mathewson
190c1d4981 Merge branch 'bug7013_take2_squashed' 2012-11-27 22:18:16 -05:00
George Kadianakis
6f21d2e496 Introduce tor_addr_port_parse() and use it to parse ServerTransportListenAddr. 2012-11-27 22:18:08 -05:00
George Kadianakis
f88c303869 Add a torrc option to specify the bind address of managed proxies. 2012-11-27 22:18:08 -05:00
Karsten Loesing
35d09dd6ac Update to the November 2012 GeoIP database. 2012-11-27 21:26:52 -05:00
Karsten Loesing
2bf195d0ce Add script to fix "A1" entries in geoip file.
Fixes #6266.
2012-11-27 21:24:07 -05:00
Nick Mathewson
267c0e5aa1 Make sure that the error in ADDRMAP events is well-formed
"error=Unable to launch resolve request" is not a nice thing to tell
the controller.  Bugfix on 0.2.0.19-alpha (c11c48fc).
2012-11-23 11:36:44 -05:00
Nick Mathewson
06703f84df Minor documentation fix 2012-11-23 10:51:11 -05:00
Nick Mathewson
99669c69b3 Note limitation of parse_rfc_1123_time
RFC1123 suggests that we should handle two-year times, and a full
range of time zones, and other stuff too.  We don't.
2012-11-23 10:06:16 -05:00
Nick Mathewson
864e15cd1c In comments and logs, say "UTC" not "GMT"
Fix for #6113.

Note that the RFC1123 times we generate still all say 'GMT'.  I'm
going to suggest this is not worth changing.
2012-11-23 10:05:16 -05:00
Nick Mathewson
e6828ea634 Refer to RFC 4648 instead of the obsolete RFC 3548
Affects comments only. For ticket 6849.
2012-11-23 09:51:35 -05:00
Nick Mathewson
ea893a3c30 Merge branch 'bug7493_redux' 2012-11-18 18:46:57 -05:00
Nick Mathewson
bfe8d829c2 Initialize ipv{4,6}_traffic_ok in entry_connection_new
This one is necessary for sending BEGIN cells with sane flags when
self-testing a directory port.  All real entry connections were
getting their ipv{4,6}_traffic_ok flags set from their listeners, and
for begindir entry connections we didn't care, but for directory
self-testing, we had a problem.

Fixes at least one more case of 7493; if there are more lingering
cases of 7493, this might fix them too.

Bug not in any released version of Tor.
2012-11-18 17:15:41 -05:00
Roger Dingledine
06d367ea36 when counting available descs, say whether we're counting exits 2012-11-16 11:38:56 -05:00