Commit Graph

16736 Commits

Author SHA1 Message Date
Nick Mathewson
4757303873 Fix all -Wshadow warnings on Linux
This is a partial fix for 18902.
2016-07-28 06:58:44 -04:00
Nick Mathewson
f0488551e7 Merge branch 'bug19639_squashed' 2016-07-26 19:31:15 -04:00
teor (Tim Wilson-Brown)
64bf6b70a8 Check that extend_info_from_router is never called on a client 2016-07-26 19:31:05 -04:00
Nick Mathewson
9de9f2d48b Merge branch 'feature19116_squashed' 2016-07-26 19:21:04 -04:00
teor (Tim Wilson-Brown)
bf2f7c265c We fixed #15937, update a comment 2016-07-26 19:20:53 -04:00
teor (Tim Wilson-Brown)
64b5140256 Call chutney's test-network.sh when it is available
Also mark the parts of tor's test-network.sh that can be deleted
once everyone has updated to chutney's test-network.sh.
2016-07-26 19:20:53 -04:00
teor (Tim Wilson-Brown)
bb4506da6f Add a dry run mode to test-network.sh 2016-07-26 19:20:53 -04:00
Nick Mathewson
d70fac15ff Merge remote-tracking branch 'teor/bug19702' 2016-07-26 19:12:23 -04:00
Nick Mathewson
d97fca16d0 Fix an integer overflow related to monotonic time on windows.
To maintain precision, to get nanoseconds, we were multiplying our
tick count by a billion, then dividing by ticks-per-second.  But
that apparently isn't such a great idea, since ticks-per-second is
sometimes a billion on its own, so our intermediate result was
giving us attoseconds.

When you're counting in attoseconds, you can only fit about 9
seconds into an int64_t, which is not so great for our purposes.

Instead, we now simplify the 1000000000/1000000000 fraction before
we start messing with nanoseconds.  This has potential to mess us
up if some future MS version declares that performance counters will
use 1,000,000,007 units per second, but let's burn that bridge when
we come to it.
2016-07-26 11:23:58 -04:00
Nick Mathewson
09c25697d7 Add a function to simplify a fraction.
Apparently remembering euclid's algorithm does pay off sooner or later.
2016-07-26 11:23:34 -04:00
Nick Mathewson
90ca446048 Remove windows debugging prints: it was an integer overflow hitting ftrapv 2016-07-26 11:07:53 -04:00
Nick Mathewson
019b7ddb9f fix identifier mistake :( 2016-07-26 10:44:51 -04:00
Nick Mathewson
160d2c6aab Redux^3: Temporarily add windows verbosity to track down jenkins failures 2016-07-26 10:36:44 -04:00
Nick Mathewson
0cef69713c Redux^2: Temporarily add windows verbosity to track down jenkins failures 2016-07-26 10:04:40 -04:00
Nick Mathewson
fb7f90c181 Tweaks on 19435 fix:
* Raise limit: 16k isn't all that high.
   * Don't log when limit exceded; log later on.
   * Say "over" when we log more than we say we log.
   * Add target version to changes file
2016-07-26 09:59:48 -04:00
Ivan Markin
77459b97aa Fix integer overflow in the rate-limiter (#19435). 2016-07-26 09:49:40 -04:00
Nick Mathewson
264fb7eb82 debugging: print ticks-per-second on windows. is it 0? 2016-07-26 09:44:41 -04:00
Nick Mathewson
e77c23e455 Redux: Temporarily add windows verbosity to track down jenkins failures 2016-07-26 09:24:53 -04:00
Nick Mathewson
1033713c9c Temporarily add some windows verbosity to track down unit test failure on jenkins. 2016-07-26 08:56:55 -04:00
Nick Mathewson
3f9c036821 Try a little harder to work around mingw clock_gettime weirdness 2016-07-26 08:22:37 -04:00
Roger Dingledine
81cc31d3fa three typo fixes i found in my sandbox 2016-07-25 20:17:35 -04:00
Peter Palfrader
518c8fe0ec Also ship compat_time.h in release tarballs. Fixes bug #19746 2016-07-25 09:07:29 +02:00
Nick Mathewson
53f9f71985 ug no, the RIGHT fix. 2016-07-21 15:29:56 +02:00
Nick Mathewson
9c210d0e81 Avoid infinite stack explosion in windows monotime.
[init calls get calls init calls get calls init.... ]
2016-07-21 15:26:05 +02:00
Nick Mathewson
1d0775684d Once more, 32-bit fixes on monotime mocking 2016-07-21 14:32:15 +02:00
Nick Mathewson
9c87869dde Merge branch 'maint-0.2.8' 2016-07-21 14:15:19 +02:00
Nick Mathewson
f1973e70a4 Coverity hates it when we do "E1 ? E2 : E2".
It says, 'Incorrect expression (IDENTICAL_BRANCHES)'

Fix for CID 1364127. Not in any released Tor.
2016-07-21 14:14:33 +02:00
Nick Mathewson
22314f9050 loony mingwcross bug: insist we dont have clock_gettime. 2016-07-21 14:09:00 +02:00
Nick Mathewson
852cff043b fix monotime test mocking on 32-bit systems 2016-07-21 14:05:29 +02:00
Nick Mathewson
61ce6dcb40 Make monotime test mocking work with oom tests. 2016-07-21 07:02:34 -04:00
Nick Mathewson
50463524a9 Use new mock functions in buffer/time_tracking test 2016-07-21 07:02:33 -04:00
Nick Mathewson
2d26b1a549 Actually make monotonic time functions mockable.
This is different from making the functions mockable, since
monotime_t is opaque and so providing mocks for the functions is
really hard.
2016-07-21 07:02:33 -04:00
Nick Mathewson
72a1f0180d Revert "Make the monotonic{_coarse,}_get() functions mockable."
This reverts commit 2999f0b33f.
2016-07-21 10:30:21 +02:00
Nick Mathewson
2999f0b33f Make the monotonic{_coarse,}_get() functions mockable. 2016-07-21 10:25:23 +02:00
Nick Mathewson
a31078a581 Merge branch 'maint-0.2.8' 2016-07-19 12:34:37 +02:00
Nick Mathewson
4d5b252f0f Merge branch 'maint-0.2.7' into maint-0.2.8 2016-07-19 12:34:27 +02:00
Nick Mathewson
4d70ed7be0 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-07-19 12:32:14 +02:00
Nick Mathewson
210928f66a Merge branch 'maint-0.2.5' into maint-0.2.6 2016-07-19 12:31:54 +02:00
Nick Mathewson
d95c2809b3 Merge branch 'maint-0.2.4' into maint-0.2.5 2016-07-19 12:31:20 +02:00
Nick Mathewson
558f7d3701 Merge branch 'monotonic_v2_squashed' 2016-07-19 11:42:26 +02:00
Nick Mathewson
1e3cf1cc83 Be sure to call monotime_init() at startup. 2016-07-19 11:40:47 +02:00
Nick Mathewson
6ba415d400 Make sure initialized_at is initialized before use. 2016-07-19 11:40:47 +02:00
Nick Mathewson
abcb8ce25d Unit tests for monotonic time 2016-07-19 11:40:47 +02:00
Nick Mathewson
2a217ef723 Expose monotonic time ratchet functions for testing. 2016-07-19 11:40:47 +02:00
Nick Mathewson
7bc4ca7de9 Remove tor_gettimeofday_cached_monotonic as broken and unneeded 2016-07-19 11:40:47 +02:00
Nick Mathewson
c7558c906a Use coarse monotonic timer instead of cached monotonized libevent time. 2016-07-19 11:40:46 +02:00
Nick Mathewson
6a2002fc09 convert timers.c to use real monotonic time. 2016-07-19 11:40:46 +02:00
Nick Mathewson
dc6f5d1dc1 Basic portable monotonic timer implementation
This code uses QueryPerformanceCounter() [**] on Windows,
mach_absolute_time() on OSX, clock_gettime() where available, and
gettimeofday() [*] elsewhere.

Timer types are stored in an opaque OS-specific format; the only
supported operation is to compute the difference between two timers.

[*] As you know, gettimeofday() isn't monotonic, so we include
a simple ratchet function to ensure that it only moves forward.

[**] As you may not know, QueryPerformanceCounter() isn't actually
always as monotonic as you might like it to be, so we ratchet that
one too.

We also include a "coarse monotonic timer" for cases where we don't
actually need high-resolution time.  This is GetTickCount{,64}() on
Windows, clock_gettime(CLOCK_MONOTONIC_COARSE) on Linux, and falls
back to regular monotonic time elsewhere.
2016-07-19 11:40:46 +02:00
Karsten Loesing
79939c6f11 Update geoip and geoip6 to the July 6 2016 database. 2016-07-18 08:40:22 +02:00
teor (Tim Wilson-Brown)
d8cd994ef6
Allow clients to retry HSDirs much faster in test networks 2016-07-18 13:25:15 +10:00
teor (Tim Wilson-Brown)
6afd5506e9
Rewrite test-network.sh so out-of-tree and $PATH binaries work 2016-07-18 12:15:49 +10:00
Andrea Shepard
94c27d4e8f Keep make check-spaces happy 2016-07-17 23:22:29 +00:00
Nick Mathewson
c138c9a2be Merge branch 'maint-0.2.8' 2016-07-17 13:55:04 -04:00
Nick Mathewson
fbae15a856 Merge remote-tracking branch 'weasel/bug19660' into maint-0.2.8 2016-07-17 13:54:40 -04:00
Nick Mathewson
bec4e41f4b Fix warnings in test_util_formats.
Storing 255 into a char gives a warning when char is signed.

Fixes bug 19682; bugfix on 0.2.8.1-alpha, where these tests were added.
2016-07-17 13:51:45 -04:00
teor (Tim Wilson-Brown)
579a80d4ae
Clients avoid choosing nodes that can't do ntor
If we know a node's version, and it can't do ntor, consider it not running.
If we have a node's descriptor, and it doesn't have a valid ntor key,
consider it not running.

Refactor these checks so they're consistent between authorities and clients.
2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
a76d528bec
Clients no longer download descriptors for relays without ntor 2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
24e8bb2d83
Relays make sure their own descriptor has an ntor key 2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
33da2abd05
Authorities reject descriptors without ntor keys
Before, they checked for version 0.2.4.18-rc or later, but this
would not catch relays without version lines, or buggy or malicious
relays missing an ntor key.
2016-07-15 09:55:49 +10:00
U+039b
c735220a0b
Remove bufferevents dead code
Signed-off-by: U+039b <*@0x39b.fr>
2016-07-14 18:46:37 +02:00
Nick Mathewson
9932544297 Merge branch 'maint-0.2.8' 2016-07-13 09:19:35 -04:00
Nick Mathewson
bb731ca665 Merge remote-tracking branch 'Jigsaw52/seccomp-fix-18397' into maint-0.2.8 2016-07-13 09:16:59 -04:00
Peter Palfrader
36b06be738 Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing whitelist
If we did not find a non-private IPaddress by iterating over interfaces,
we would try to get one via
get_interface_address6_via_udp_socket_hack().  This opens a datagram
socket with IPPROTO_UDP.  Previously all our datagram sockets (via
libevent) used IPPROTO_IP, so we did not have that in the sandboxing
whitelist.  Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing
whitelist.  Fixes bug 19660.
2016-07-11 09:37:01 +02:00
Daniel Pinto
20e89453fd Adds missing syscalls to seccomp filter.
Fixes #18397 which prevented tor starting with Sandbox 1.
2016-07-09 00:36:37 +01:00
Nick Mathewson
aa971c5924 Move our "what time is it now" compat functions into a new module
I'm not moving our "format and parse the time" functions, since
those have been pretty volatile over the last couple of years.
2016-07-08 10:38:59 -04:00
Nick Mathewson
466259eb50 Merge remote-tracking branch 'sebastian/libevent2' 2016-07-08 09:57:31 -04:00
Nick Mathewson
a931d157fd Bump maint-0.2.8 to 0.2.8.5-rc-dev 2016-07-07 12:43:52 -04:00
Nick Mathewson
acba4cc954 test coverage on onion_fast: 0%->100% 2016-07-06 13:43:12 -04:00
Nick Mathewson
08cc0ef832 Capture the LOG_ERR messages in our tests that had logged errors.
(It's confusing for the test to write an expected error to stdout,
and then tell the user "OK".)
2016-07-06 13:01:08 -04:00
Nick Mathewson
96d32f02f2 When saving mocked log messages, always create the list.
Otherwise, our code needs to check "list && smarlist_len(list)..."
2016-07-06 12:59:43 -04:00
Nick Mathewson
ae22c249c3 Improve test coverage a little on onion*.c 2016-07-06 12:37:52 -04:00
Nick Mathewson
9c1d8cdd8d Merge branch 'maint-0.2.8' 2016-07-06 10:17:22 -04:00
Nick Mathewson
3252550fc5 Fix sign in test-timers 2016-07-06 10:07:02 -04:00
teor (Tim Wilson-Brown)
b167e82f62
When checking if a routerstatus is reachable, don't check the node
This fixes #19608, allowing IPv6-only clients to use
microdescriptors, while preserving the ability of bridge clients
to have some IPv4 bridges and some IPv6 bridges.

Fix on c281c036 in 0.2.8.2-alpha.
2016-07-06 14:46:22 +10:00
Nick Mathewson
78196c8822 Merge remote-tracking branch 'teor/bug18456' 2016-07-05 19:10:08 -04:00
David Goulet
245c10de07 Test: fix shared random test checking bad errno
The test was checking for EISDIR which is a Linux-ism making other OSes
unhappy. Instead of checking for a negative specific errno value, just make
sure it's negative indicating an error. We don't need more for this test.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-05 14:00:06 -04:00
Nick Mathewson
1135405c8c Fix a variable-shadowing bug in check_private_dir
We introduded a shadowed variable, thereby causing a log message to
be wrong. Fixes 19578. I believe the bug was introduced by
54d7d31cba in 0.2.2.29-beta.
2016-07-05 13:43:58 -04:00
Nick Mathewson
5a047cdc5f Fix shared-random test 2016-07-05 13:31:18 -04:00
Nick Mathewson
8f44d2822e Update version to 0.2.8.5-rc. This is not yet a release. 2016-07-05 13:05:36 -04:00
Nick Mathewson
5c97b42cac Merge branch 'maint-0.2.8' 2016-07-05 12:52:30 -04:00
Nick Mathewson
e99cc8740f Repair unit test that assumed we have 9 dirauths. 2016-07-05 12:52:19 -04:00
Nick Mathewson
8cae4abbac Merge branch 'maint-0.2.8' 2016-07-05 12:43:17 -04:00
Nick Mathewson
8d25ab6347 Merge remote-tracking branch 'weasel/bug19557' into maint-0.2.8 2016-07-05 12:40:25 -04:00
Nick Mathewson
74cbbda86e Merge remote-tracking branch 'weasel/bug19556' into maint-0.2.8 2016-07-05 12:39:40 -04:00
Nick Mathewson
f54ffa463a Merge branch 'maint-0.2.8' 2016-07-05 12:23:25 -04:00
Nick Mathewson
f4408747d3 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-07-05 12:23:14 -04:00
Nick Mathewson
6e96aadadb Merge branch 'maint-0.2.6' into maint-0.2.7 2016-07-05 12:22:47 -04:00
Nick Mathewson
c28ba994ec Merge branch 'maint-0.2.5' into maint-0.2.6 2016-07-05 12:21:25 -04:00
Nick Mathewson
9d3de77d4d Merge branch 'maint-0.2.4' into maint-0.2.5 2016-07-05 12:20:42 -04:00
Nick Mathewson
e11cc95717 Merge remote-tracking branch 'asn/bug19555' 2016-07-05 12:17:21 -04:00
Nick Mathewson
87758dbebc Merge remote-tracking branch 'dgoulet/bug19567_029_01' 2016-07-05 12:14:04 -04:00
Nick Mathewson
e889da1d7f Merge remote-tracking branch 'asn/bug19551' 2016-07-05 12:12:09 -04:00
Nick Mathewson
8ba4ba0a74 Grammar.
I grepped and hand-inspected the "it's" instances, to see if any
were supposed to be possessive.  While doing that, I found a
"the the", so I grepped to see if there were any more.
2016-07-05 12:10:12 -04:00
Sebastian Hahn
e7b70b69ec Remove src/or/eventdns_tor.h based on cypherpunk's review 2016-07-04 21:39:43 +02:00
David Goulet
267e16ea61 sr: add the base16 RSA identity digest to commit
Keep the base16 representation of the RSA identity digest in the commit object
so we can use it without using hex_str() or dynamically encoding it everytime
we need it. It's used extensively in the logs for instance.

Fixes #19561

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 12:05:48 -04:00
David Goulet
cc34929abc sr: Fix comment in shared_random.h
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 11:44:10 -04:00
David Goulet
7d04638a60 test: Fix shared random buffer overrun
Encoded commit has an extra byte at the end for the NUL terminated byte and
the test was overrunning the payload buffer by one byte.

Found by Coverity issue 1362984.

Fixes #19567

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 11:40:06 -04:00
David Goulet
c6de05d529 sr: Remove useless code in disk_state_update()
This patch also updates a comment in the same function for accuracy.

Found by Coverity issue 1362985. Partily fixes #19567.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 11:33:41 -04:00
George Kadianakis
34bd333529 prop250: Fix voting_schedule_t memleak in sr_state_update(). 2016-07-04 17:42:25 +03:00
George Kadianakis
f03c74c631 prop250: Plug TorVersion memleak in disk_state_reset(). 2016-07-04 17:42:25 +03:00
Sebastian Hahn
bd1a85cc91 Address review comments from cypherpunks 2016-07-04 16:34:40 +02:00
Sebastian Hahn
265e40b481 Raise libevent dependency to 2.0.10-stable or newer
Only some very ancient distributions don't ship with Libevent 2 anymore,
even the oldest supported Ubuntu LTS version has it. This allows us to
get rid of a lot of compat code.
2016-07-04 12:40:09 +02:00
Sebastian Hahn
ec6ea66240 Remove two wrong comments 2016-07-04 12:26:14 +02:00
Sebastian Hahn
7ae34e722a
Remove urras as a default trusted directory authority
It had been a directory authority since 0.2.1.20.
2016-07-03 21:59:32 +02:00
Peter Palfrader
55d380f3df sandboxing: allow writing to stats/hidserv-stats
Our sandboxing code would not allow us to write to stats/hidserv-stats,
causing tor to abort while trying to write stats.  This was previously
masked by bug#19556.
2016-07-03 18:05:43 +02:00
Peter Palfrader
2c4e78d95b sandboxing: allow open() of stats dir
When sandboxing is enabled, we could not write any stats to disk.
check_or_create_data_subdir("stats"), which prepares the private stats
directory, calls check_private_dir(), which also opens and not just stats() the
directory.  Therefore, we need to also allow open() for the stats dir in our
sandboxing setup.
2016-07-03 17:47:45 +02:00
Sebastian Hahn
0d6f3d647d Remove HAVE_EVENT_H from winconfig
This was accidentally left in in f25e2167f5.
2016-07-03 04:34:38 +02:00
Sebastian Hahn
19054ab18a Remove HAVE_EVENT_* defines from winconfig
They were accidentally left sitting around in 517e0f965.
2016-07-03 04:32:54 +02:00
George Kadianakis
43d317f99c Fix edge case fail of shared random unittest.
The test_state_update() test would fail if you run it between 23:30 and
00:00UTC in the following line because n_protocol_runs was 2:

  tt_u64_op(state->n_protocol_runs, ==, 1);

The problem is that when you launch the test at 23:30UTC (reveal phase),
sr_state_update() gets called from sr_state_init() and it will prepare
the state for the voting round at 00:00UTC (commit phase). Since we
transition from reveal to commit phase, this would trigger a phase
transition and increment the n_protocol_runs counter.

The solution is to initialize the n_protocol_runs to 0 explicitly in the
beginning of the test, as we do for n_reveal_rounds, n_commit_rounds etc.
2016-07-02 02:49:59 +03:00
Andrea Shepard
be78e9ff37 Keep make check-spaces happy 2016-07-01 21:52:32 +00:00
Nick Mathewson
aa05dea5ff Windows open() returns eacces when eisdir would be sane 2016-07-01 16:23:06 -04:00
Nick Mathewson
1597c42384 Fix i386 conversion warnings 2016-07-01 15:53:01 -04:00
Nick Mathewson
3566ff05fd Fix a -Wmissing-variable-declarations warning 2016-07-01 15:30:12 -04:00
Nick Mathewson
aaa3129043 Merge remote-tracking branch 'dgoulet/ticket16943_029_05-squashed'
Trivial Conflicts:
	src/or/or.h
	src/or/routerparse.c
2016-07-01 15:29:05 -04:00
David Goulet
36e201dffc prop250: Add a DEL state action and return const SRVs
The *get* state query functions for the SRVs now only return const pointers
and the DEL action needs to be used to delete the SRVs from the state.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
David Goulet
4a1904c126 prop250: Use the new dirvote_get_intermediate_param_value for AuthDirNumSRVAgreements
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
Nick Mathewson
6927467bef Refactor parameter computation and add a helper function
This patch makes us retain the intermediate list of K=V entries for
the duration of computing our vote, and lets us use that list with
a new function in order to look up parameters before the consensus
is published.

We can't actually use this function yet because of #19011: our
existing code to do this doesn't actually work, and we'll need a new
consensus method to start using it.

Closes ticket #19012.
2016-07-01 14:01:42 -04:00
David Goulet
09ecbdd8ee prop250: Fix format string encoding in log statement
Commit and reveal length macro changed from int to unsigned long int
(size_t) because of the sizeof().

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
David Goulet
e62f3133bb prop250: Change reveal_num to uint64_t and version to uint32_t
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
George Kadianakis
899d2b890b prop250: Don't use {0} to init static struct -- causes warning on clang.
See ticket #19132 for the clang/llvm warning.

Since voting_schedule is a global static struct, it will be initialized
to zero even without explicitly initializing it with {0}.

This is what the C spec says:

	If an object that has automatic storage duration is not initialized
	explicitly, its value is indeterminate. If an object that has static
	storage duration is not initialized explicitly, then:

	— if it has pointer type, it is initialized to a null pointer;
	— if it has arithmetic type, it is initialized to (positive or unsigned) zero;
	— if it is an aggregate, every member is initialized (recursively) according to these rules;
	— if it is a union, the first named member is initialized (recursively) according to these rules.
2016-07-01 14:01:41 -04:00
George Kadianakis
ebbff31740 prop250: Silence a logging message.
LOG_NOTICE is a bit too much for that one.
2016-07-01 14:01:41 -04:00
George Kadianakis
f6f4668b1d prop250: Don't reject votes containing commits of unknown dirauths.
Instead just ignore those commits.

Squash this commit with 33b2ade.
2016-07-01 14:01:41 -04:00
David Goulet
5fe9a50c31 prop250: Pass the dst length to sr_srv_encode()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
d43646e191 prop250: Fix unit tests about the RSA fingerprint check
Code has been changed so every RSA fingerprint for a commit in our state is
validated before being used. This fixes the unit tests by mocking one of the
key function and updating the hardcoded state string.

Also, fix a time parsing overflow on platforms with 32bit time_t

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
cd858d78a7 prop250: Sort commits in lexicographical order in votes
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
63ca307127 prop250: Improve log messages
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
George Kadianakis
edea044147 prop250: Sort smartlist before you get most frequent SRV.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
545b77e2f8 prop250: Only trust known authority when computing SRV
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
0f27d92e4c prop250: Add version to Commit line in vote and state
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
8ac88f6f97 prop250: Add a valid flag to sr_commit_t
We assert on it using the ASSERT_COMMIT_VALID() macro in critical places
where we use them expecting a commit to be valid.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
056b6186ad prop250: Use RSA identity digest instead of fingerprint
The prop250 code used the RSA identity key fingerprint to index commit in a
digestmap instead of using the digest.

To behavior change except the fact that we are actually using digestmap
correctly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
c0cec2ffd3 prop250: change time_t to uint64_t
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-07-01 14:01:41 -04:00
David Goulet
39be8af709 prop250: Add unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
727d419a9d prop250: Initialize the SR subsystem and us it!
This commit makes it that tor now uses the shared random protocol by
initializing the subsystem.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
0c26a6db7e prop250: Parse votes and consensus
One of the last piece that parses the votes and consensus in order to update
our state and make decision for the SR values.

We need to inform the SR subsystem when we set the current consensus because
this can be called when loaded from file or downloaded from other authorities
or computed.

The voting schedule is used for the SR timings since we are bound to the
voting system.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
ca6ceec112 prop250: Put commits and SRVs in votes/consensus
This commit adds the commit(s) line in the vote as well as the SR values. It
also has the mechanism to add the majority SRVs in the consensus.

Signed-off-by: George Kadianakis <desnacked@riseup.net>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 13:25:03 -04:00
David Goulet
5b183328fd prop250: Add commit and SR values generation code
This adds the logic of commit and SR values generation. Furthermore, the
concept of a protocol run is added that is commit is generated at the right
time as well as SR values which are also rotated before a new protocol run.

Signed-off-by: George Kadianakis <desnacked@riseup.net>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 13:23:27 -04:00
Nick Mathewson
738a8c655a Add an extra check to test_dir to try to debug windows jenkins issue 2016-07-01 10:10:55 -04:00
Nick Mathewson
ac9784f7f5 Fix a missing break; in dump_desc_init()
Found by coverity scan; this is CID 1362983
2016-07-01 10:02:22 -04:00
Nick Mathewson
0531d5155e Merge remote-tracking branch 'teor/bug19530-v2' 2016-07-01 10:00:37 -04:00
Nick Mathewson
903ec20c0b Merge branch 'maint-0.2.8' 2016-07-01 09:54:08 -04:00
teor (Tim Wilson-Brown)
514f0041d1
Avoid disclosing exit IP addresses in exit policies by default
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses
they knew about in their exit policy. But this may have disclosed
addresses that were otherwise unlisted.

Now, only advertised addresses are rejected by default by
ExitPolicyRejectPrivate. All known addresses are only rejected when
ExitPolicyRejectLocalInterfaces is explicitly set to 1.
2016-07-01 15:37:13 +10:00
teor (Tim Wilson-Brown)
744077dd15
When tor can't find a directory, log less 2016-07-01 14:26:00 +10:00
teor (Tim Wilson-Brown)
516c02b178
Make authority_certs_fetch_missing support bridge hints
This also fixes an issue where bridge clients may have found a
routerstatus for a directory mirror, and connected to it directly.
2016-07-01 14:01:25 +10:00
teor (Tim Wilson-Brown)
f90bfaae8d
Refactor duplicate code in authority_certs_fetch_missing 2016-07-01 14:00:25 +10:00
teor (Tim Wilson-Brown)
d3ca6fe475
Call purpose_needs_anonymity in authority_certs_fetch_missing 2016-07-01 14:00:20 +10:00
teor (Tim Wilson-Brown)
b4dcf56768
Hex-encode raw digest before printing in authority_certs_fetch_missing 2016-07-01 14:00:07 +10:00
teor (Tim Wilson-Brown)
596ccbf839
Refactor authority_certs_fetch_missing to call get_options once 2016-07-01 09:35:27 +10:00
Nick Mathewson
64ee7bcd0c Make sure that our tests expect the windows path separator as needed 2016-06-30 18:26:44 -04:00
Nick Mathewson
69e22e294b Set binary mode when checking malformed descriptor. 2016-06-30 18:23:58 -04:00
Nick Mathewson
889cfac676 One more tt_u64_op 2016-06-30 16:46:53 -04:00
Nick Mathewson
591078c76d use tt_u64_op for comparing len_descs_dumped 2016-06-30 15:34:36 -04:00
Nick Mathewson
b750a77e3f fix naked memcmps 2016-06-30 15:34:16 -04:00
Nick Mathewson
2713de2a47 Fix more naked strdup/malloc/free instances 2016-06-30 14:36:31 -04:00
Nick Mathewson
9a92f58219 Avoid naked strdups in test_dir.c 2016-06-30 14:30:28 -04:00
Nick Mathewson
7a7bd1f9ea Fix a memory leak in test_dir_populate_dump_desc_fifo 2016-06-30 14:30:26 -04:00
Nick Mathewson
c3b720fb26 Try to fix warnings when size_t is smaller than st.st_size. 2016-06-30 14:20:04 -04:00
Nick Mathewson
b5beb2afa6 fix a syntax warning 2016-06-30 14:19:55 -04:00
Nick Mathewson
ded7e8093c Fix three -Wtautological-constant-out-of-range-compare warnings. 2016-06-30 14:08:28 -04:00
Nick Mathewson
3627718348 Fix -Wextra-semi warning 2016-06-30 13:50:16 -04:00
Nick Mathewson
6d2f006bf4 Fix a 32-bit compilation failure 2016-06-30 13:47:45 -04:00
Nick Mathewson
8917c4f19f A little more specificity in documentation for getinfo download/ stuff
Also, a const.
2016-06-30 13:42:38 -04:00
Nick Mathewson
cb54390e0f Merge remote-tracking branch 'andrea/ticket19323_squashed' 2016-06-30 11:44:58 -04:00
Nick Mathewson
c6846d7bf0 Merge remote-tracking branch 'andrea/bug18322_v3_squashed' 2016-06-30 11:18:00 -04:00
Nick Mathewson
a31f55b16b Merge remote-tracking branch 'teor/bug19483-fix-v2' 2016-06-30 11:04:13 -04:00
Andrea Shepard
13a16e0011 Also check if the sandbox is configured as well as if it's active; sandbox_init() runs rather late in the startup process 2016-06-30 09:37:23 +00:00
Andrea Shepard
34d9dabed1 Do sandbox_is_active() check before reconstructing dump_desc() FIFO on startup too 2016-06-30 07:45:55 +00:00
Andrea Shepard
9580b99dab Add unit test for dump_desc_populate_fifo_from_directory() 2016-06-30 07:03:26 +00:00
Andrea Shepard
f99c9df02b Make things mockable for dump_desc_populate_fifo_from_directory() unit test 2016-06-30 07:03:26 +00:00
Andrea Shepard
42f089473a Unit test for dump_desc_populate_one_file() 2016-06-30 07:03:26 +00:00
Andrea Shepard
2154160a24 Add support for mocking functions declared with attributes without causing gcc warnings 2016-06-30 07:03:26 +00:00
Andrea Shepard
421cf21b3c Reload unparseable descriptor dump FIFO state from on-disk dumped descriptors at startup 2016-06-30 07:03:26 +00:00
Andrea Shepard
38cced90ef Move unparseable descriptor dumps into subdirectory of DataDir 2016-06-30 07:03:25 +00:00
Andrea Shepard
dc37546cff Add sandbox_is_active() check to dump_desc() 2016-06-30 07:03:25 +00:00
Andrea Shepard
603f483092 Use uint64_t for total length of dumped descriptors, nad be careful about overflows in the loop in dump_desc_fifo_add_and_clean() 2016-06-30 07:03:25 +00:00
Andrea Shepard
824ee581b0 Add dir/dump_unparseable_descriptors unit test 2016-06-30 07:03:25 +00:00
Andrea Shepard
2a17b93cc4 Make options_get_datadir_fname2_suffix() mockable 2016-06-30 07:03:25 +00:00
Andrea Shepard
35fc5879fb Expose a few more dump_desc()-related things to the test suite 2016-06-30 07:03:25 +00:00
Andrea Shepard
4e4a760491 Add extern support for file-scope variables in testsupport.h 2016-06-30 07:03:25 +00:00
Andrea Shepard
17ed2fed68 Expose dump_desc() to the test suite and make things it calls mockable 2016-06-30 07:03:24 +00:00
Andrea Shepard
726dc9acf5 Remove old unparseable descriptor logging mechanism, add bump-to-head-of-queue for repeated unparseable descriptors, rename config variable 2016-06-30 07:03:24 +00:00
Andrea Shepard
1cde3e2776 Add multiple descriptor dump support for dump_desc() in routerparse.c; fixes bug 18322 2016-06-30 07:03:24 +00:00
Roger Dingledine
4dc7b3ca28 fix typo 2016-06-29 22:56:56 -04:00
teor (Tim Wilson-Brown)
69535f1284
Add tv_udiff and tv_mdiff unit tests with negative values 2016-06-30 09:29:18 +10:00
teor (Tim Wilson-Brown)
aae14f8346
Fix bug19483: avoid range checks when they are always true
Some compilers are smart enough to work out that comparisons to
LONG_MAX are a no-op on L64.
2016-06-30 09:29:14 +10:00
Nick Mathewson
7602b0b31f Merge remote-tracking branch 'weasel/bug19503' 2016-06-29 16:10:10 -04:00
teor (Tim Wilson-Brown)
d36a0c4d22
Add more unit tests for tv_udiff and tv_mdiff 2016-06-29 17:23:42 +10:00
teor (Tim Wilson-Brown)
4234ca3bf2
Improve overflow checks in tv_udiff and tv_mdiff
Validate that tv_usec inputs to tv_udiff and tv_mdiff are in range.

Do internal calculations in tv_udiff and tv_mdiff in 64-bit,
which makes the function less prone to integer overflow,
particularly on platforms where long and time_t are 32-bit,
but tv_sec is 64-bit, like some BSD configurations.

Check every addition and subtraction that could overflow.
2016-06-29 17:23:24 +10:00
Andrea Shepard
ad0ce8716d Unit tests for GETINFO download/desc and download/bridge cases 2016-06-29 06:55:57 +00:00
Andrea Shepard
45724beac4 Unit test for GETINFO download/cert case 2016-06-29 05:58:22 +00:00
Andrea Shepard
becf510ef2 Unit test for GETINFO download/networkstatus case 2016-06-29 05:56:21 +00:00
Andrea Shepard
657eaee6ae Expose GETINFO download status statics for test suite and make things mockable 2016-06-29 05:55:42 +00:00
Andrea Shepard
c692900728 Add bridge descriptor download status queries to GETINFO 2016-06-29 05:55:42 +00:00
Andrea Shepard
8798ca4be2 Add router descriptor download status queries to GETINFO 2016-06-29 05:55:42 +00:00
Andrea Shepard
18c6e13993 Expose authority certificate download statuses on the control port 2016-06-29 05:55:42 +00:00
teor (Tim Wilson-Brown)
2e51608a8b
Fix an integer overflow bug in the tv_mdiff range check
The temporary second used for rounding can cause overflow,
depending on the order the compiler performs the operations.
2016-06-29 12:53:50 +10:00
Nick Mathewson
f42dbc4e26 Merge branch 'maint-0.2.8' 2016-06-28 19:15:43 -04:00
Nick Mathewson
2c9354fc10 Merge branch 'bug19071-extra-squashed' into maint-0.2.8 2016-06-28 19:15:20 -04:00
teor (Tim Wilson-Brown)
26146dbe9e Comment-out fallbacks in a way the stem fallback parser understands
If we manually remove fallbacks in C by adding '/*' and '*/' on separate
lines, stem still parses them as being present, because it only looks at
the start of a line.

Add a comment to this effect in the generated source code.
2016-06-28 19:15:08 -04:00
Nick Mathewson
d793a988cd Merge branch 'maint-0.2.8' 2016-06-28 11:22:48 -04:00
Nick Mathewson
bc9a0f82b3 whitespace fixes 2016-06-28 11:14:42 -04:00
Nick Mathewson
f87aa4555d Merge remote-tracking branch 'teor/bug18812' into maint-0.2.8 2016-06-28 11:12:51 -04:00
teor (Tim Wilson-Brown)
608c12baaf
Resolve bug18812 by logging fallback key changes at info level 2016-06-28 14:18:16 +10:00
teor (Tim Wilson-Brown)
812fd416ef
Make it clear that fallbacks include authorities
Comment-only change
2016-06-28 14:14:04 +10:00
teor (Tim Wilson-Brown)
14b1c7a66e
Refactor connection_or_client_learned_peer_id for bug18812
No behavioural change.
Also clarify some comments.
2016-06-28 14:12:18 +10:00
Nick Mathewson
4e2a7cd3ae Add missing braces around conditional. 2016-06-27 13:19:49 -04:00
Nick Mathewson
14169a3d70 Remove an always-true condition: all ints are <= INT_MAX 2016-06-27 13:18:54 -04:00
Nick Mathewson
2197bfcc6a Merge branch 'maint-0.2.8' 2016-06-27 13:17:42 -04:00
Andrea Shepard
8cf9fe5ba6 Expose consensus download statuses on the control port 2016-06-27 16:38:37 +00:00
Peter Palfrader
54c3066c72 Fix a typo in the getting passphrase prompt for the ed25519 identity key 2016-06-25 13:33:35 +02:00
Yawning Angel
0116eae59a Bug19499: Fix GCC warnings when building against bleeding edge OpenSSL.
The previous version of the new accessors didn't specify const but it
was changed in master.
2016-06-24 22:20:41 +00:00
Nick Mathewson
703254a832 Merge remote-tracking branch 'public/bug15942_v2_alternative' 2016-06-23 09:01:24 -04:00
teor (Tim Wilson-Brown)
828e2e1a2e
Remove a fallback that changed DirPort
The operator has confirmed that the DirPort change is perament.
The relay will be reconsidered as a fallback in 0.2.9.
2016-06-23 10:38:03 +10:00
Nick Mathewson
61dac57aa3 Merge branch 'maint-0.2.8' 2016-06-22 08:20:11 -04:00
teor (Tim Wilson-Brown)
69635e41c8
Remove and blacklist 3 fallbacks which disappeared
Blacklist them in case they appear again.
2016-06-22 12:18:10 +10:00
teor (Tim Wilson-Brown)
b15cecd4f8
Remove 2 fallbacks: one lost guard, the other had bad uptime
Leave these fallbacks in the whitelist, they may improve before 0.2.9.
2016-06-22 12:18:06 +10:00
teor (Tim Wilson-Brown)
7e9532b9be
Remove and blacklist 4 fallbacks which are unsuitable
Remove a fallback that changed its fingerprint after it was listed
This happened after to a software update:
https://lists.torproject.org/pipermail/tor-relays/2016-June/009473.html

Remove a fallback that changed IPv4 address

Remove two fallbacks that were slow to deliver consensuses,
we can't guarantee they'll be fast in future.

Blacklist all these fallbacks until operators confirm they're stable.
2016-06-22 12:16:57 +10:00
Nick Mathewson
cb8557f7c9 Merge branch 'maint-0.2.8' 2016-06-21 09:00:40 -04:00
Ivan Markin
b432efb838 Remove useless message about nonexistent onion services after uploading a descriptor 2016-06-21 09:00:22 -04:00
Nick Mathewson
dd9cebf109 Merge branch 'maint-0.2.8' 2016-06-21 08:54:49 -04:00
George Kadianakis
f038e9cb00 Fix bug when disabling heartbeats.
Callbacks can't return 0.
2016-06-21 08:54:30 -04:00
David Goulet
b3b4ffce2e prop250: Add memory and disk state in new files
This commit introduces two new files with their header.

"shared_random.c" contains basic functions to initialize the state and allow
commit decoding for the disk state to be able to parse them from disk.

"shared_random_state.c" contains everything that has to do with the state
for both our memory and disk. Lots of helper functions as well as a
mechanism to query the state in a synchronized way.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-06-20 15:26:58 -04:00
David Goulet
9744a40f7a Add tor_htonll/ntohll functions
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-06-20 15:26:58 -04:00
David Goulet
49e8f47505 util: zero target buffer of base*_encode/decode
Make sure to memset(0) the destination buffer so we don't leave any
uninitialized data.

Fixes #19462

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-20 13:47:19 -04:00
Nick Mathewson
2f75b34dce Patch from dgoulet: fix a base16 problem that manifested w stem 2016-06-20 13:37:45 -04:00
Nick Mathewson
5fbd195918 Coverage hack for test_switch_id.sh
This hack provides a way to make sure we can see coverage from
test-switch-id.  If you set OVERRIDE_GCDA_PERMISSIONS_HACK, we
temporarily make the .gcda files mode 0666 before we run the
test scripts, and then we set them to 0644 again afterwards.

That's necessary because the test_switch_id.sh script does a
setuid() to 'nobody' part way through, and drops the ability to
change its mind back.
2016-06-20 11:15:47 -04:00
Nick Mathewson
603cb712ef Small coverage improvements on compat.c 2016-06-20 11:03:13 -04:00
Nick Mathewson
ba28da8de5 compat.c coverage: simplify under-tested alloc_getcwd.
Yes, HURD lacks PATH_MAX.  But we already limited the maximum buffer
to 4096, so why not just use that?
2016-06-20 10:47:31 -04:00
Nick Mathewson
2b74e13a7c More coverage in backtrace.c 2016-06-20 10:31:36 -04:00
Nick Mathewson
c1f0ec3058 Merge remote-tracking branch 'dgoulet/bug19465_029_01' 2016-06-20 10:20:41 -04:00
Nick Mathewson
ba88d78127 Fix unit test crash on 32-bit. 2016-06-20 10:20:03 -04:00
Nick Mathewson
a09ec22a9b Simpler implementation of random exponential backoff.
Consumes more entropy, but is easier to read.
2016-06-20 10:10:02 -04:00
David Goulet
85edef27eb test: Increase offset to rendcache descriptor time
Slow system can sometime take more than 10 seconds to reach the test
callsite resulting in the unit test failing when using time in the future or
in the past.

Fixes #19465

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-20 09:53:11 -04:00
Nick Mathewson
6cedd49323 Merge branch 'bug14013_029_01_squashed' 2016-06-20 08:48:09 -04:00
nikkolasg
568dc27a19 Make base16_decodes return number of decoded bytes
base16_decodes() now returns the number of decoded bytes. It's interface
changes from returning a "int" to a "ssize_t". Every callsite now checks the
returned value.

Fixes #14013

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-20 08:44:58 -04:00
Nick Mathewson
1160ac1283 Changes file for 19063; use the BUG macro 2016-06-19 12:38:15 -04:00
U+039b
58e6a6aaeb Fix #19063: Add check in utility macro 2016-06-19 12:34:49 -04:00
Nick Mathewson
81cfd5c9a1 Merge branch 'zlib_coverage_squashed' 2016-06-19 12:20:38 -04:00
Nick Mathewson
d937b86699 Unindent block 2016-06-19 12:20:24 -04:00
Nick Mathewson
5a725dab0a Mark some torgzip lines as unreachable/untestable. 2016-06-19 12:20:24 -04:00
Nick Mathewson
358fc026d9 Remove a ridiculous realloc call from torgzip.c
realloc()ing a thing in order to try to save memory on it just
doesn't make sense with today's allocators.  Instead, let's use the
fact that whenever we decompress something, either it isn't too big,
or we chop it up, or we reallocate it.
2016-06-19 12:20:24 -04:00
Nick Mathewson
808015316a Remove support for zlib <= 1.1
zlib 1.2 came out in 2003; earlier versions should be dead by now.

Our workaround code was only preventing us from using the gzip
encoding (if we decide to do so), and having some dead code linger
around in torgzip.c
2016-06-19 12:20:24 -04:00
Nick Mathewson
b421648da2 Merge remote-tracking branch 'public/thread_coverage' 2016-06-19 12:15:55 -04:00
Andrea Shepard
5a4ed29f01 Better comments on exponential-backoff related members of download_status_t 2016-06-18 19:05:46 +00:00
Andrea Shepard
1f1df4ab74 Move exponential-random backoff computation out of download_status_schedule_get_delay() into separate function, per code review 2016-06-18 18:23:55 +00:00
Andrea Shepard
1dfbfd319e Better comment for download_status_schedule_get_delay() per code review 2016-06-18 17:11:32 +00:00
Andrea Shepard
6370c4ee87 Use exponential backoff for router descriptor downloads from consensuses 2016-06-18 16:32:17 +00:00
Andrea Shepard
5cb27d8991 Use exponential backoffs for bridge descriptor downloads 2016-06-18 16:32:17 +00:00
Andrea Shepard
36d45a9f64 Use exponential backoffs for certificate downloads 2016-06-18 16:32:17 +00:00
Andrea Shepard
5104e5645f Use exponential backoffs for consensus downloads 2016-06-18 16:32:16 +00:00