Commit Graph

19858 Commits

Author SHA1 Message Date
David Goulet
ff6c8cf861 sched: Downgrade warning log to info in KIST
Some platforms don't have good monotonic time support so don't warn when the
diff between the last run of the scheduler time and now is negative. The
scheduler recovers properly from this so no need to be noisy.

Fixes #23696

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-04 12:22:02 -05:00
Nick Mathewson
953a8f8510 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-01 12:13:40 -05:00
Nick Mathewson
5c03bb7c0c Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-01 12:13:40 -05:00
Nick Mathewson
3bca705c54 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-01 12:13:40 -05:00
Nick Mathewson
b86c9acac3 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-12-01 12:13:40 -05:00
Nick Mathewson
f97f301b5b Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-01 12:13:39 -05:00
Nick Mathewson
461e34bb3d Fix a clang compilation warning in rendservice.c
Fixes bug 24480; bugfix on 0.2.5.16.
2017-12-01 12:13:15 -05:00
Nick Mathewson
998a247123 bump to 0.3.2.6-alpha-dev 2017-12-01 09:34:31 -05:00
Nick Mathewson
a12dbbd882 bump to 0.3.1.9-dev 2017-12-01 09:34:20 -05:00
Nick Mathewson
1983068ba9 bump to 0.3.0.13-dev 2017-12-01 09:34:09 -05:00
Nick Mathewson
73869c99a0 bump to 0.2.9.14-dev 2017-12-01 09:34:00 -05:00
Nick Mathewson
8f858de819 bump to 0.2.8.17-dev 2017-12-01 09:33:51 -05:00
Nick Mathewson
162a087e5f bump to 0.2.5.16-dev 2017-12-01 09:33:41 -05:00
George Kadianakis
1c9f063486 Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-12-01 14:13:22 +02:00
George Kadianakis
210f0c24f0 Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-12-01 14:09:29 +02:00
George Kadianakis
6bd64e8212 Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-12-01 14:06:32 +02:00
George Kadianakis
8276a0ab85 Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-12-01 14:06:28 +02:00
Nick Mathewson
424ab08b5a bump to 0.3.2.6-alpha 2017-11-30 12:26:30 -05:00
Nick Mathewson
4ebd436541 version bump to 0.3.1.9 2017-11-30 12:25:48 -05:00
Nick Mathewson
f2ecdeb724 version bump to 0.3.0.13 2017-11-30 12:25:01 -05:00
Nick Mathewson
16c9cfd658 version bump to 0.2.9.14 2017-11-30 12:24:07 -05:00
Nick Mathewson
6ee4472544 version bump to 0.2.8.17 2017-11-30 12:22:32 -05:00
Nick Mathewson
6bda6777c1 bump to 0.2.5.16 2017-11-30 12:19:48 -05:00
Nick Mathewson
fd73a168ca Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-30 12:07:59 -05:00
Nick Mathewson
ee48eb1eb5 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-30 12:07:59 -05:00
Nick Mathewson
5fc0587c04 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-30 12:07:59 -05:00
Nick Mathewson
7e2b012b46 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-30 12:07:59 -05:00
Nick Mathewson
ba4a9cf0c0 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-30 12:07:59 -05:00
Nick Mathewson
d459c08b7d Merge branch 'trove-2017-012_030' into maint-0.3.0 2017-11-30 12:07:43 -05:00
Nick Mathewson
52d7af631c Merge branch 'trove-2017-010_029' into maint-0.2.9 2017-11-30 12:07:26 -05:00
Nick Mathewson
f49876d66e Merge branch 'trove-2017-012_025' into maint-0.2.5 2017-11-30 12:06:21 -05:00
Nick Mathewson
08ce39fb0f Merge branch 'trove-2017-011_025' into maint-0.2.5 2017-11-30 12:06:17 -05:00
Nick Mathewson
a6a0c7a4ec Merge branch 'trove-2017-009_025' into maint-0.2.5 2017-11-30 12:05:59 -05:00
Nick Mathewson
766d0a2d98 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-30 11:48:12 -05:00
Nick Mathewson
500f04a74e Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-30 11:48:12 -05:00
Nick Mathewson
072e194a15 Merge branch 'bug21394_029' into maint-0.2.9 2017-11-30 11:48:06 -05:00
Nick Mathewson
f0007f2b8d Merge branch 'bug24050_029_squashed' into maint-0.3.2 2017-11-29 12:05:49 -05:00
Nick Mathewson
eb1976202e Fix unit tests for 24050. 2017-11-29 12:05:36 -05:00
Nick Mathewson
9b44bb49b4 Merge branch 'bug24050_029_squashed' into maint-0.3.2 2017-11-29 12:02:07 -05:00
Nick Mathewson
a94c486102 Make the cache_ipv4_answers default become 0 again, for real.
Fortunately, use_cached_ipv4_answers was already 0, so we wouldn't
actually use this info, but it's best not to have it.

Fixes bug 24050; bugfix on 0.2.6.3-alpha
2017-11-29 12:01:45 -05:00
David Goulet
7bb269548d hs-v3: Bump hsdir_spread_store from 3 to 4
Per the analysis in
https://trac.torproject.org/projects/tor/ticket/23170#comment:17, this will
greatly improve service reachability.

Closes #24425

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-29 09:19:02 -05:00
David Goulet
6ab07419c8 Use local descriptor object to exclude self in path selection
TROVE-2017-12. Severity: Medium

When choosing a random node for a circuit, directly use our router
descriptor to exclude ourself instead of the one in the global
descriptor list. That list could be empty because tor could be
downloading them which could lead to not excluding ourself.

Closes #21534
2017-11-28 19:14:10 -05:00
David Goulet
91cee3c9e7 Guard: Don't pick ourselves as a possible Guard
TROVE-2017-12. Severity: Medium

Thankfully, tor will close any circuits that we try to extend to
ourselves so this is not problematic but annoying.

Part of #21534.
2017-11-28 19:12:56 -05:00
David Goulet
3030741b5d hs-v2: Remove any expiring intro from the retry list
TROVE-2017-13. Severity: High.

In the unlikely case that a hidden service could be missing intro circuit(s),
that it didn't have enough directory information to open new circuits and that
an intro point was about to expire, a use-after-free is possible because of
the intro point object being both in the retry list and expiring list at the
same time.

The intro object would get freed after the circuit failed to open and then
access a second time when cleaned up from the expiring list.

Fixes #24313
2017-11-28 18:41:29 -05:00
Nick Mathewson
1880a6a88e Avoid asking for passphrase on junky PEM input
Fixes bug 24246 and TROVE-2017-011.

This bug is so old, it's in Matej's code.  Seems to have been
introduced with e01522bbed.
2017-11-27 15:25:03 -05:00
Nick Mathewson
2c0487ecfb Handle NULL input to protover_compute_for_old_tor()
Fixes bug 24245; bugfix on 0.2.9.4-alpha. TROVE-2017-010.
2017-11-27 15:16:30 -05:00
Nick Mathewson
2834cc9c18 Fix length of replaycache-checked data.
This is a regression; we should have been checking only the
public-key encrypted portion.  Fixes bug 24244, TROVE-2017-009, and
CVE-2017-8819.
2017-11-27 15:12:19 -05:00
Nick Mathewson
ef54610442 Merge branch 'ticket23856_025_01' into maint-0.3.2 2017-11-27 10:02:03 -05:00
David Goulet
8be50ca3ea relay: Change bandwidth stats interval to 24 hours
Going from 4 hours to 24 hours in order to try reduce the efficiency of guard
discovery attacks.

Closes #23856

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-27 10:00:40 -05:00
Nick Mathewson
b1c4ab0bec Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-27 09:09:34 -05:00
Nick Mathewson
703ab95e9f Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-27 09:09:34 -05:00
Nick Mathewson
30b3229252 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-27 09:09:34 -05:00
Nick Mathewson
4bb287aa39 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-27 09:09:34 -05:00
Sebastian Hahn
25c90230be Add bastet's ipv6 address
Implements ticket 24394
2017-11-27 09:09:16 -05:00
Nick Mathewson
a7e777ab8e bump to 0.3.2.5-alpha-dev 2017-11-22 08:34:02 -05:00
Nick Mathewson
5da6120e88 bump version to 0.3.2.5-alpha 2017-11-21 12:54:11 -05:00
Nick Mathewson
ba94dc28e8 Merge branches 'bug24099_031' and 'bug24086_031' into maint-0.3.2 2017-11-21 12:37:46 -05:00
Nick Mathewson
ea13a47791 add an explanatory comment about the error codes 2017-11-21 12:36:32 -05:00
teor
d7833c9d27
Avoid crashing if we call num_usable_bridges() when bridges are not enabled
This applies the changes in 23524 to num_usable_bridges(), because it has
replaced any_bridge_descriptors_known().

The original changes file still applies.
2017-11-22 02:01:51 +11:00
teor
690f646bf8
Stop checking cached bridge descriptors for usable bridges
Stop checking for bridge descriptors when we actually want to know if
any bridges are usable. This avoids potential bootstrapping issues.
Fixes bug 24367; bugfix on 0.2.0.3-alpha.

Stop stalling when bridges are changed at runtime. Stop stalling when
old bridge descriptors are cached, but they are not in use.
Fixes bug 24367; bugfix on 23347 in 0.3.2.1-alpha.
2017-11-22 02:00:34 +11:00
Nick Mathewson
da82e0b579 Merge branch 'bug23817_031' into maint-0.3.2 2017-11-20 14:29:50 -05:00
George Kadianakis
69f93f806c Check number of usable guards when applying md restrictions.
We used to check whether we have enough filtered guards (guard set when
torrc is applied) but that's not good enough, since that might be bad in
some cases where many guards are not reachable (might cause overblocking
and hence reacahbility issues).

We now check if we have enough reachable filtered guards before applying
md restrictions which should prevent overblocking.
2017-11-20 14:28:56 -05:00
Nick Mathewson
846df5b3cd Merge remote-tracking branches 'public/ticket24315_029' and 'public/bug24198_029' into maint-0.3.2 2017-11-20 13:20:25 -05:00
Nick Mathewson
68c21860e3 Add another assertion to check for 24086 root causes
In cdm_diff_ht_set_status(), we shouldn't have been allowing the
status CDM_DIFF_PRESENT to be set if there wasn't actually a handle.
2017-11-20 11:06:31 -05:00
Nick Mathewson
3bb29dd707 Correctly handle partial success in consensus diff calculation.
Previously, if store_multiple() reported a partial success, we would
store all the handles it gave us as if they had succeeded.  But it's
possible for the diff to be only partially successful -- for
example, if LZMA failed but the other compressors succeeded.

Fixes bug 24086; bugfix on 0.3.1.1-alpha.
2017-11-20 11:04:37 -05:00
Nick Mathewson
c8ee12b2e8 Recover better from empty/invalid storagedir files
If we can't read a file because of an FS issue, we say "we can't
read that" and move on.  But if we can't read it because it's empty,
because it has no labels, or because its labels are misformatted, we
should remove it.

Fixes bug 24099; bugfix on 0.3.1.1-alpha.
2017-11-20 10:14:41 -05:00
Nick Mathewson
cabcb752d7 In storagedir, take more care with errno on empty or mislabeled file
Required for 24099 fix -- we won't be able to act based on errno
unless we can trust it.
2017-11-20 10:10:13 -05:00
Nick Mathewson
e0f7a2dbd4 Merge branch 'bug23681_029_01_squashed' into maint-0.3.2 2017-11-20 08:39:34 -05:00
David Goulet
981bb60575 circuit: Don't timeout opened C_INTRODUCING circuit
A circuit with purpose C_INTRODUCING means that its state is opened but the
INTRODUCE1 cell hasn't been sent yet. We shouldn't consider that circuit when
looking for timing out "building circuit". We have to wait on the rendezvous
circuit to be opened before sending that cell so the intro circuit needs to be
kept alive for at least that period of time.

This patch makes that the purpose C_INTRODUCING is ignored in the
circuit_expire_building() which means that we let the circuit idle timeout
take care of it if we end up never using it.

Fixes #23681

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 08:33:44 -05:00
Nick Mathewson
7358559524 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-18 11:02:42 -05:00
Nick Mathewson
2d849716df Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-18 11:02:08 -05:00
Nick Mathewson
53c3174ee4 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-18 11:01:43 -05:00
Nick Mathewson
d388f9d879 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-18 11:01:33 -05:00
Nick Mathewson
d45bf0c65c Add an extra check in test_entrynodes
This check makes it so we can reach "done" without setting "conn",
and so the "if (conn)" check will not be redundant, and so coverity
won't complain.  Fixes CID 1422205.  Not actually a bug.
2017-11-18 10:26:45 -05:00
Nick Mathewson
a5b8b55c1c Fix memory leak in unit test for bridge distribution config.
Also, check for the actual message, and fix some string confusion,
while we're at it.

Fixes bug 24345; bugfix on 0.3.2.3-alpha.
2017-11-18 10:22:14 -05:00
Nick Mathewson
3a5ca47d8f Fix a clang unitialized-var warning 2017-11-17 09:57:52 -05:00
George Kadianakis
7e52947d57 Intoduce unittest for skipping outdated dirservers. 2017-11-17 09:57:46 -05:00
Nick Mathewson
9fbc835f10 Fix a wide comment 2017-11-17 09:57:15 -05:00
Nick Mathewson
2cee26b164 Merge branch 'bug23817_031' into maint-0.3.2 2017-11-17 09:56:53 -05:00
Nick Mathewson
96b69942a5 Make should_set_md_dirserver_restriction() look at num filtered guards
This seems closer to what the code intended.
2017-11-17 09:52:41 -05:00
George Kadianakis
c400ffc2e8 Skip dirserver restrictions in small networks. 2017-11-17 09:52:41 -05:00
George Kadianakis
f61e3090fb Introduce new guard restriction and use it to skip outdated dirs. 2017-11-17 09:52:40 -05:00
George Kadianakis
7fc64f02a3 Introduce cache for outdated microdesc dirservers.
We gonna use this cache to avoid dirservers without outdated md info.
2017-11-17 09:52:40 -05:00
Matt Traudt
b98614f1af Only log about lost KIST support once 2017-11-17 09:25:47 -05:00
Nick Mathewson
85778dc92d Merge remote-tracking branch 'dgoulet/bug23861_032_01' into maint-0.3.2 2017-11-17 09:23:04 -05:00
Nick Mathewson
3a364309ac Merge branch 'bug24167_025' into maint-0.3.2 2017-11-17 08:35:52 -05:00
Nick Mathewson
0571015819 Merge branch 'ticket24097_032' into maint-0.3.2 2017-11-17 08:35:01 -05:00
Nick Mathewson
2d3904aba6 Check the libc version to decide whether to allow openat. 2017-11-16 14:06:38 -05:00
Nick Mathewson
d2d6a1b082 Make our seccomp2 sandbox handle Glibc 2.26
There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
2017-11-16 13:56:22 -05:00
Nick Mathewson
7461cd3067 Permit kill(pid, 0) in the seccomp2 sandbox.
We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
2017-11-16 12:44:47 -05:00
Nick Mathewson
95238eb917 Fix a traceback when closing a blocked connection "immediately".
When we close a connection via connection_close_immediately, we kill
its events immediately. But if it had been blocked on bandwidth
read/write, we could try to re-add its (nonexistent) events later
from connection_bucket_refill -- if we got to that callback before
we swept the marked connections.

Fixes bug 24167.  Fortunately, this hasn't been a crash bug since we
introduced connection_check_event in 0.2.9.10, and backported it.

This is a bugfix on commit 89d422914a, I believe, which
appeared in Tor 0.1.0.1-rc.
2017-11-16 12:05:56 -05:00
David Goulet
380a95116a relay: Avoid extra LOG_NOTICE for every new descriptor batch
Commit 56c5e282a7 suppressed that same log
statement in directory_info_has_arrived() for microdescriptors so do the same
for the descriptors. As the commit says, we already have the bootstrap
progress for this.

Fixes #23861

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-16 10:57:05 -05:00
Nick Mathewson
2a98fcb848 Downgrade evdns warnings about weird replies.
evdns is allowed to give us unrecognized object types; it is allowed
to give us non-IPv4 answer types, and it is (even) allowed to give
us empty answers without an error.

Closes ticket 24097.
2017-11-16 09:30:19 -05:00
Nick Mathewson
ef55a7a69a Tweak the message when we re-enable CBT.
Implements ticket 20963.
2017-11-15 14:42:59 -05:00
Nick Mathewson
ae8683621a Merge remote-tracking branch 'asn/bug23662_032' into maint-0.3.2 2017-11-15 14:25:20 -05:00
Nick Mathewson
6dc784bdb3 Merge remote-tracking branch 'dgoulet/bug24230_032_01' into maint-0.3.2 2017-11-14 14:45:07 -05:00
George Kadianakis
c4a56ed5c2 Silence a warning about failed descriptor uploads.
Due to #23662 this can happen under natural causes and does not disturb
the functionality of the service. This is a simple 0.3.2 fix for now,
and we plan to fix this properly in 0.3.3.
2017-11-14 17:16:33 +02:00
Nick Mathewson
9f2efd02a1 Minimal implementation of bridge-distribution-request
Just advertise the line when we're a bridge, using "any" if we're
published or "none" if we aren't.

This is done in lieu of a full backport of #18329.
2017-11-13 20:44:51 -05:00
Nick Mathewson
1d5e693b63 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-13 20:36:04 -05:00
Nick Mathewson
50fbede459 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 20:36:04 -05:00
Nick Mathewson
1b9bb2c847 Merge branch 'bug22895_027' into maint-0.2.9 2017-11-13 20:35:59 -05:00
Nick Mathewson
fea5c8a015 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 12:57:58 -05:00
Nick Mathewson
543fd89fb7 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-13 12:57:58 -05:00
Nick Mathewson
800797e7f3 Merge branch 'bug23291_028' into maint-0.2.8 2017-11-13 12:57:55 -05:00
Nick Mathewson
d0b75b5ade Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-13 12:27:36 -05:00
David Goulet
7df28ce299 hs-v3: Fix consensus param "hsdir-interval" name
The dir-spec.txt specifies it to be "hsdir_interval" (underscore).

Fixes #24262

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-13 11:48:56 -05:00
Nick Mathewson
3300a6e93a Merge remote-tracking branch 'arma/ticket23637' into maint-0.3.2 2017-11-13 11:20:20 -05:00
Nick Mathewson
16bdb9e365 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:18:02 -05:00
Nick Mathewson
91188540af Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-13 11:18:02 -05:00
Nick Mathewson
ab415ae950 Merge remote-tracking branch 'teor/bug23470-029' into maint-0.2.9 2017-11-13 11:17:58 -05:00
Nick Mathewson
9092e9019a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:15:50 -05:00
Nick Mathewson
666653758d Merge branch 'bug8185_025' into maint-0.2.9 2017-11-13 11:15:47 -05:00
Nick Mathewson
0fc2b7f82e Merge branch 'bug8185_031' into maint-0.3.1 2017-11-13 11:15:40 -05:00
Nick Mathewson
ece63105d9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:13:22 -05:00
Nick Mathewson
c928fb988a Merge branch 'ticket21953_029' into maint-0.2.9 2017-11-13 11:13:18 -05:00
Nick Mathewson
a7ca71cf6b Fix mock_crypto_pk_public_checksig__nocheck() to handle short RSA keys
This function -- a mock replacement used only for fuzzing -- would
have a buffer overflow if it got an RSA key whose modulus was under
20 bytes long.

Fortunately, Tor itself does not appear to have a bug here.

Fixes bug 24247; bugfix on 0.3.0.3-alpha when fuzzing was
introduced.  Found by OSS-Fuzz; this is OSS-Fuzz issue 4177.
2017-11-11 14:44:45 -05:00
Nick Mathewson
ef92511577 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-11 12:23:34 -05:00
Nick Mathewson
512dfa15ed Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-11 12:23:34 -05:00
Nick Mathewson
9666c620d5 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-11 12:23:33 -05:00
Nick Mathewson
c9b76a12f5 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-11 12:23:33 -05:00
Nick Mathewson
5348c8996f Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-11 12:23:33 -05:00
David Goulet
42ce6f78c8 control: Fix wrong Action on failure to upload an HS descriptor
On failure to upload, the HS_DESC event would report "UPLOAD_FAILED" as the
Action but it should have reported "FAILED" according to the spec.

Fixes #24230

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-10 15:31:31 -05:00
Karsten Loesing
6f8c32b7de Update geoip and geoip6 to the November 6 2017 database. 2017-11-10 10:14:09 +01:00
Nick Mathewson
aa1d90b40c Merge branch 'bug23985_029' into maint-0.3.2 2017-11-09 08:15:46 -05:00
Nick Mathewson
40c64f45f0 Re-remove AllowDotExit deprecation.
This was accidentally reintroduced in 5a46074e55.  It should be
harmless, though: the option is obsolete, so calling it deprecated
is redundant.
2017-11-09 07:58:27 -05:00
Nick Mathewson
c8859582a2 bump to 0.3.2.4-alpha-dev 2017-11-08 16:44:53 -05:00
David Goulet
fa70aabb62 dirauth: Recalculate voting schedule at first vote
Commit e67f4441eb introduced a safeguard against
using an uninitialized voting schedule object. However, the dirvote_act() code
was looking roughly at the same thing to know if it had to compute the timings
before voting with this condition:

  if (!voting_schedule.voting_starts) {
    ...
    dirvote_recalculate_timing(options, now);
  }

The sr_init() function is called very early and goes through the safeguard
thus the voting schedule is always initilized before the first vote.

That first vote is a crucial one because we need to have our voting schedule
aligned to the "now" time we are about to use for voting. Then, the schedule
is updated when we publish our consensus or/and when we set a new consensus.
From that point on, we only want to update the voting schedule through that
code flow.

This "created_on_demand" is indicating that the timings have been recalculated
on demand by another subsystem so if it is flagged, we know that we need to
ignore its values before voting.

Fixes #24186

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-08 14:46:49 -05:00
Nick Mathewson
0dc55fb247 Don't delay descriptor fetches when missing info needed for circuits
When we have fewer than 15 descriptors to fetch, we will delay the
fetch for a little while.  That's fine, if we can go ahead and build
circuits... but if not, it's a poor choice indeed.

Fixes bug 23985; bugfix on 0.1.1.11-alpha.

In 0.3.0.3-alpha, when we made primary guard descriptors necessary
for circuit building, this situation got worse.
2017-11-08 13:22:16 -05:00
Nick Mathewson
31a907881e downgrade severity for get_voting_schedule() 2017-11-08 11:50:57 -05:00
Nick Mathewson
02f05f2de2 Merge remote-tracking branch 'dgoulet/bug23751_032_01' into maint-0.3.2 2017-11-08 10:56:33 -05:00
Nick Mathewson
c74a817e83 Merge branch 'bug23318-redux_029' into maint-0.3.2 2017-11-08 10:47:22 -05:00
teor
6e4ebd41bb Stop calculating total twice in frac_nodes_with_descriptors()
Cleanup after 23318.
2017-11-08 10:45:18 -05:00
teor
4f944cc4cc Check arguments and initialise variables in compute_weighted_bandwidths()
Cleanup after 23318.
2017-11-08 10:45:18 -05:00
teor
fcaa4ab824 Actually log the total bandwidth in compute_weighted_bandwidths()
Fixes bug 24170; bugfix on 0.2.4.3-alpha.
2017-11-08 10:45:18 -05:00
teor
14b0bba06e Use node counts in networks with all zero-bandwidths
When calculating the fraction of nodes that have descriptors, and all
all nodes in the network have zero bandwidths, count the number of nodes
instead.

Fixes bug 23318; bugfix on 0.2.4.10-alpha.
2017-11-08 10:45:18 -05:00
Nick Mathewson
3c03e237ab Remove an erroneous 0.5 in compute_weighted_bandwidths()
Back in 0.2.4.3-alpha (e106812a77), when we switched from using
double to using uint64 for selecting by bandwidth, I got the math
wrong: I should have used llround(x), or (uint64_t)(x+0.5), but
instead I wrote llround(x+0.5).  That means we would always round
up, rather than rounding to the closest integer

Fixes bug 23318; bugfix on 0.2.4.3-alpha.
2017-11-08 10:45:18 -05:00
David Goulet
dcabf801e5 sched: Ignore closed channel after flushing cells
The flush cells process can close a channel if the connection write fails but
still return that it flushed at least one cell. This is due because the error
is not propagated up the call stack so there is no way of knowing if the flush
actually was successful or not.

Because this would require an important refactoring touching multiple
subsystems, this patch is a bandaid to avoid the KIST scheduler to handle
closed channel in its loop.

Bandaid on #23751.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-08 09:44:39 -05:00
Nick Mathewson
e5a83062ed Merge branch 'bug23816_029_squashed' into maint-0.3.2 2017-11-08 08:11:22 -05:00
Nick Mathewson
cb29687e93 Replace our random-exponential-delay algorithm.
This patch has implementations of the "decorrelated" and "full"
algorithms from https://www.awsarchitectureblog.com/2015/03/backoff.html
2017-11-08 07:56:16 -05:00
Nick Mathewson
3dc61a5d71 Revert "Remove an erroneous 0.5 in compute_weighted_bandwidths()"
This reverts commit 01e984870a.
2017-11-07 20:35:19 -05:00
Nick Mathewson
c58471325a Merge remote-tracking branch 'dgoulet/bug24161_032_01' into maint-0.3.2 2017-11-07 14:00:18 -05:00
Nick Mathewson
c7d1d1ad2e Bump to 0.3.2.4-alpha 2017-11-07 13:22:27 -05:00
David Goulet
e67f4441eb Add a safe guard to avoid using a zeroed voting schedule
dirvote_get_next_valid_after_time() is the only public function that uses the
voting schedule outside of the dirvote subsystem so if it is zeroed,
recalculate its timing if we can that is if a consensus exists.

Part of #24161

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-07 11:14:45 -05:00
David Goulet
8171d9f50f Recalculate voting schedule first when getting a new consensus
Because the HS and SR subsystems can use the voting schedule early (with the
changes in #23623 making the SR subsystem using the static voting schedule
object), we need to recalculate the schedule very early when setting the new
consensus.

Fixes #24161

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-07 11:08:12 -05:00
Nick Mathewson
9d848ca58a Merge remote-tracking branch 'asn/ticket23623_032_01' into maint-0.3.2 2017-11-07 09:58:42 -05:00
Nick Mathewson
7d767706ef Merge branch 'bug24150_032_squashed' into maint-0.3.2 2017-11-06 12:59:23 -05:00
Nick Mathewson
5240afa713 Fix a memory leak on decryption non-failure of v3 hsdesc
If it decrypts something that turns out to start with a NUL byte,
then decrypt_desc_layer() will return 0 to indicate the length of
its result.  But 0 also indicates an error, which causes the result
not to be freed by decrypt_desc_layer()'s callers.

Since we're trying to stabilize 0.3.2.x, I've opted for the simpler
possible fix here and made it so that an empty decrypted string will
also count as an error.

Fixes bug 24150 and OSS-Fuzz issue 3994.

The original bug was present but unreachable in 0.3.1.1-alpha. I'm
calling this a bugfix on 0.3.2.1-alpha since that's the first version
where you could actually try to decrypt these descriptors.
2017-11-06 12:59:11 -05:00
Nick Mathewson
bebdd91058 Fix a 32-bit formatting warning 2017-11-06 10:16:10 -05:00
Nick Mathewson
c80293706f Merge remote-tracking branch 'public/bug23318_029' into maint-0.3.2 2017-11-06 09:48:51 -05:00
Nick Mathewson
9f3d9c68ab Merge branch 'bug21394_029' into maint-0.3.2 2017-11-05 14:39:37 -05:00