Commit Graph

6883 Commits

Author SHA1 Message Date
Sebastian Hahn
98d1314c7e Create cpuworker.h 2010-07-27 07:58:15 +02:00
Sebastian Hahn
0bfa34e1f6 Create control.h 2010-07-27 07:58:15 +02:00
Sebastian Hahn
0d33120c26 Create connection_or.h 2010-07-27 07:58:15 +02:00
Sebastian Hahn
78b6a4650b Create connection_edge.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
2a74101f7a Create connection.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
c4f8f1316e Create config.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
3074d5a221 Create command.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
01c7b60a80 Create circuituse.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
174a88dd79 Create circuitlist.h 2010-07-27 07:58:13 +02:00
Sebastian Hahn
21155204c6 Create circuitbuild.h 2010-07-27 07:58:13 +02:00
Sebastian Hahn
34dfce0d82 Create buffers.h 2010-07-27 07:56:26 +02:00
Sebastian Hahn
85a1d635d5 Create rendservice.h 2010-07-27 07:56:26 +02:00
Sebastian Hahn
7caa8351b8 Create rendclient.h 2010-07-27 07:56:26 +02:00
Sebastian Hahn
31e81439e1 Create rendcommon.h 2010-07-27 07:56:25 +02:00
Sebastian Hahn
cbee969f40 Create routerlist.h 2010-07-27 07:56:25 +02:00
Sebastian Hahn
c53b6cc831 Create router.h 2010-07-27 07:56:25 +02:00
Sebastian Hahn
ff4030f621 Create geoip.h 2010-07-27 07:56:25 +02:00
Sebastian Hahn
e69dc22f4e Split headers for dnsserv.c functions out of or.h
The next series of commits begins addressing the issue that we're
currently including the complete or.h file in all of our source files.
To change that, we're splitting function definitions into new header
files (one header file per source file).
2010-07-27 07:56:25 +02:00
Roger Dingledine
1d6656fcb3 mike needs DEFAULT_ROUTE_LEN in other files 2010-07-21 09:30:26 -04:00
Roger Dingledine
b178c81de3 whitespace fix 2010-07-21 09:24:14 -04:00
Roger Dingledine
66d5ce266e naked constants are bad 2010-07-20 08:07:44 -04:00
Nick Mathewson
d461799f0b Fix getinfo_helper_networkstatus to return 0 on question-not-known
It erroneously returned -1 instead, which made it say "Internal error"
rather than "Unrecognized key."
2010-07-18 17:13:25 +02:00
Nick Mathewson
0b4b51314f Make the controller act more usefully when GETINFO fails
Right now it says "552 internal error" because there's no way for
getinfo_helper_*() countries to specify an error message.  This
patch changes the getinfo_helper_*() interface, and makes most of the
getinfo helpers give useful error messages in response to failures.

This should prevent recurrences of bug 1699, where a missing GeoIPFile
line in the torrc made GETINFO ip-to-county/* fail in a "not obvious
how to fix" way.
2010-07-18 17:05:58 +02:00
Mike Perry
9d5d0f040f Alter how guard flags are chosen.
V3 authorities no longer decide not to vote on Guard+Exit. The bandwidth
weights should take care of this now.

Also, lower the max threshold for WFU to 0.98, to allow more nodes to become
guards.
2010-07-14 20:49:19 -07:00
Roger Dingledine
54cdac97f1 print right controller purpose string for measure-timeout circs 2010-07-14 21:06:49 -04:00
Roger Dingledine
c6f5792404 No dirport should mean no hsdir flag (bug 1693) 2010-07-14 13:20:57 -04:00
Nick Mathewson
14bc4dcc22 Rename log.h to torlog.h
This should make us conflict less with system files named "log.h".
Yes, we shouldn't have been conflicting with those anyway, but some
people's compilers act very oddly.

The actual change was done with one "git mv", by editing
Makefile.am, and running
   find . -name '*.[ch]' | xargs perl -i -pe 'if (/^#include.*\Wlog.h/) {s/log.h/torlog.h/; }'
2010-07-09 22:05:38 -04:00
Mike Perry
a9edb0b4f6 More gracefully handle corrupt state files.
Save a backup if we get odd circuitbuildtimes and other state info.

In the case of circuit build times, we no longer assert, and reset our state.
2010-07-06 12:11:22 -07:00
Mike Perry
7bbdf71a82 Fix unittest failure in bug 1660.
We now record large times as abandoned, to prevent a filter step from
happening and skewing our results.

Also, issue a warn for a rare case that can happen for funky values of Xm or
too many abandoned circuits. Can happen (very rarely) during unit tests, but
should not be possble during live operation, due to network liveness filters
and discard logic.
2010-07-06 12:11:13 -07:00
Karsten Loesing
6bb8747ffb Make directory mirrors report non-zero dirreq-v[23]-shares again. 2010-07-05 10:45:24 +02:00
Nick Mathewson
741ab2a47a Fix bugs with assuming time_t can be implicitly cast to long
Many friendly operating systems have 64-bit times, and it's not nice
to pass them to an %ld format.

It's also extremely not-nice to write a time to the log as an
integer.  Most people think it's 2010 June 29 23:57 UTC+epsilon, not
1277855805+epsilon.
2010-06-29 19:55:10 -04:00
Nick Mathewson
485cab869d Merge remote branch 'public/rand_double2' 2010-06-29 18:57:59 -04:00
Nick Mathewson
bea55766af Merge remote branch 'mikeperry/cbt-bugfixes3' 2010-06-29 18:57:50 -04:00
Roger Dingledine
1def582217 Group in torrc is obsolete, so stop checking it 2010-06-27 02:31:00 -04:00
Nick Mathewson
b111a7cd9c Make cbt_generate_sample use crypto_rand_double()
Possible workaround for bug 1139, if anybody cares.
2010-06-25 21:33:22 -04:00
Nick Mathewson
ad2d8ac073 Use Libevent 2.0's periodic timers where available.
These timers behave better with non-monotonic clocks than our old
ones, and also try harder to make once-per-second events get called
one second apart, rather than one-plus-epsilon seconds apart.

This fixes bug 943 for everybody using Libevent 2.0 or later.
2010-06-25 15:31:46 -04:00
Kat Magic
e2b117eb80 Remove the extra space that is sent in certain STREAM messages from the controller. (closes #1583) 2010-06-22 20:49:29 -04:00
Mike Perry
5dbf99d9ff Mention the purpose field for leaked circuits. 2010-06-16 18:13:27 -07:00
Mike Perry
2abe1ceccf Add CLOSE_MS and CLOSE_RATE keywords to buildtimeout event. 2010-06-15 20:04:49 -07:00
Mike Perry
82922ea45a Be more proactive about closing unused circuits.
We need to ensure that we close timeout measurement circuits. While
we're at it, we should close really old circuits of certain types that
aren't in use, and log really old circuits of other types.
2010-06-15 20:04:46 -07:00
Mike Perry
c6c8fbf852 Split the circuit timeout and close codepaths.
We need to record different statistics at point of timeout, vs the point
of forcible closing.

Also, give some better names to constants and state file variables
to indicate they are not dealing with timeouts, but abandoned circuits.
2010-06-15 20:04:42 -07:00
Mike Perry
f528a6e62b Fix initialization and reset issues with close_ms.
Also clean up some log messages.
2010-06-15 16:41:24 -07:00
Nick Mathewson
7be7f15198 Answer question from Roger. 2010-06-14 18:32:44 -04:00
Roger Dingledine
9f31a0098d a line that's been sitting in my sandbox for months 2010-06-14 18:25:37 -04:00
Nick Mathewson
945633476a Merge commit 'sebastian/hostnamewarn' 2010-06-11 13:21:31 -04:00
Nick Mathewson
be1c4672c4 Merge commit 'origin/maint-0.2.1' 2010-06-11 13:20:20 -04:00
Karsten Loesing
6c49b6bb77 Add maatuska as eighth v3 directory authority. 2010-06-11 19:10:55 +02:00
Sebastian Hahn
f7b40f45b7 Don't crash when reading cached*consensus files on startup
Fixes bug 1352
2010-06-10 16:18:26 +02:00
Mike Perry
c96206090e Keep circuits open until the greater of 95th CDF percentile or 60s.
This is done to provide better data to our right-censored Pareto model.

We do this by simply marking them with a new purpose.
2010-06-09 00:22:39 -07:00
Mike Perry
f897154b26 Make the Xm mode selection a consensus parameter. 2010-06-09 00:22:39 -07:00
Mike Perry
38770dd6a5 Add timeout count state variable. 2010-06-09 00:22:34 -07:00
Mike Perry
848d9f8b43 Remove synthetic timeout code in favor of better Pareto model. 2010-06-09 00:22:17 -07:00
Mike Perry
dc880924b7 Arma hates (\d+). Remove mine and some others. 2010-06-09 00:22:17 -07:00
Mike Perry
d76ebb79aa Improve log message about large timeouts and fix some typos. 2010-06-09 00:22:13 -07:00
Sebastian Hahn
10fdb9ee0a Add option to not warn when getting an IP instead of hostname 2010-06-07 12:44:25 +02:00
Sebastian Hahn
faf51fa52a Don't cannibalize one-hop circuits
In rare cases, we could cannibalize a one-hop circuit, ending up
with a two-hop circuit. This circuit would not be actually used,
but we should prevent its creation in the first place.

Thanks to outofwords and swissknife for helping to analyse this.
2010-06-04 21:04:08 +02:00
Roger Dingledine
7e300cbba3 Let bridge users use the non-primary address of a multi-homed bridge 2010-06-03 20:29:29 -04:00
valerino
076063ca90 moved wince related includes and defs to compat.h where possible, removed unused/redundant wince includes 2010-05-24 11:46:54 -04:00
valerino
8d31141ccb Port Tor to work on Windows CE
Most of the changes here are switches to use APIs available on Windows
CE.  The most pervasive change is that Windows CE only provides the
wide-character ("FooW") variants of most of the windows function, and
doesn't support the older ASCII verions at all.

This patch will require use of the wcecompat library to get working
versions of the posix-style fd-based file IO functions.

[commit message by nickm]
2010-05-24 11:46:45 -04:00
valerino
ddf250119d Log the correct address when purging a mismatchd DNS cache address 2010-05-20 22:51:47 -04:00
valerino
afe58cfa89 Don't use "try" as an identifier
C allows try, but some windows CE headers like to redefine 'try' to be
a reserved word.
2010-05-20 22:50:37 -04:00
Nick Mathewson
d8a1e2dabb Make rotate_request_period use BEGIN/END versions of FOREACH
This appeases some versions of MSVC, which don't like it when you
have preprocessor commands inside a set of macro arguments.
2010-05-17 12:20:52 -04:00
Mike Perry
d9be6f3845 Fix CBT unit tests. 2010-05-12 15:31:22 -07:00
Nick Mathewson
03dc1c786a Clarify 'marking connection as too old' messages
Back when we changed the idea of a connection being "too old" for new
circuits into the connection being "bad" for new circuits, we didn't
actually change the info messages.  This led to telling the user that
we were labelling connections as "too old" for being worse than
connections that were actually older than them.

Found by Scott on or-talk.
2010-05-12 14:15:39 -04:00
Mike Perry
a5ac96b58d Fix comments from Sebastian + Nick's code review.
Check for overflow in one place, and be consistent about type usage.
2010-05-10 19:56:27 -07:00
Mike Perry
29e0d70814 Bug 1296: Add option+logic to disable CBT learning.
There are now four ways that CBT can be disabled:

1. Network-wide, with the cbtdisabled consensus param.
2. Via config, with "LearnCircuitBuildTimeout 0"
3. Via config, with "AuthoritativeDirectory 1"
4. Via a state file write failure.
2010-05-10 13:11:48 -07:00
Mike Perry
0a6191cf70 Bug 1357: Store the suspended timeout value to resume.
This prevents a spurious warning where we have a timeout just after
deciding our network came back online.
2010-05-10 13:11:47 -07:00
Mike Perry
728e946efd Bug 1245: Ignore negative and large timeouts.
This should prevent some asserts and storage of incorrect build times
for the cases where Tor is suspended during a circuit construction, or
just after completing a circuit. The idea is that if the circuit
build time is much greater than we would have cut it off at, we probably
had a suspend event along this codepath, and we should discard the
value.
2010-05-10 13:11:46 -07:00
Mike Perry
e40e35507e Bump timeout calculation message to notice when timeout changes. 2010-05-10 13:01:25 -07:00
Mike Perry
eecdd94dec Add consensus parameter for max synthetic quantile.
In case we decide that the timeout rate is now too high due to our
change of the max synthetic quantile value, this consensus parameter
will allow us to restore it to the previous value.
2010-05-10 13:00:34 -07:00
Mike Perry
835ab53102 Add a TIMEOUT_RATE keyword to buildtimeout event. 2010-05-10 12:59:05 -07:00
Mike Perry
3bbc3e2137 Bug 1335: Implement filtering step to remove+prevent high timeouts.
This is for the other issue we saw in Bug 1335. A large number of high
timeouts were causing the timeout calculation to slowly drift upwards,
especially in conditions of load. This fix repeatedly regenerates all of
our synthetic timeouts whenever the timeout changes, to try to prevent
drift.

It also lowers the timeout cap to help for some cases of Bug 1245, where
some timeout values were so large that we ended up allocating a ton of
scratch memory to count the histogram bins.

The downside is that lowering this cap is affecting our timeout rate.
Unfortunately, the buildtimeout quantile is now higher than the actual
completion rate by what appears to be about 7-10%, which probably
represents the skew in the distribution due to lowering this synthetic
cap.
2010-05-10 12:58:10 -07:00
Mike Perry
cc2a48f1be Bug 1335: Alter Xm calculation to be weighted avg of top N=3 modes.
In my state files, I was seeing several peaks, probably due to different
guards having different latency. This change is meant to better capture
this behavior and generate more reasonable timeouts when it happens. It
is improving the timeout values for my collection of state files.
2010-05-10 12:46:49 -07:00
Roger Dingledine
e7bd97493c Merge branch 'maint-0.2.1' 2010-04-23 20:26:23 -04:00
Roger Dingledine
67b38d5068 close idle tls conns early 2010-04-23 20:23:00 -04:00
Roger Dingledine
b3019c6d2b Merge branch 'maint-0.2.1' 2010-04-23 19:46:29 -04:00
Roger Dingledine
b264192083 finally get rid of "clique mode" 2010-04-23 19:39:42 -04:00
Roger Dingledine
cb31978adb close idle dir-fetch circs early 2010-04-23 18:35:11 -04:00
Roger Dingledine
573e1d40b3 finally get rid of "clique mode" 2010-04-21 21:35:18 -04:00
Roger Dingledine
6952b445cc stop authority reachability check on startup 2010-04-21 04:27:56 -04:00
Roger Dingledine
4f307e0382 immediate reachability check for new relays 2010-04-21 03:12:14 -04:00
Roger Dingledine
92a6ae2b8d more logging when tracking missing descriptors 2010-04-20 18:02:23 -04:00
Roger Dingledine
eaf5487d95 fetch descriptors from the authority that told us about them 2010-04-20 03:20:31 -04:00
Roger Dingledine
2e692bd8c9 fetch unknown descriptors if we see them in a vote 2010-04-20 03:03:33 -04:00
Roger Dingledine
77babb832a minor cleanups 2010-04-20 02:48:35 -04:00
Nick Mathewson
f2c30e97cc Switch geoip_get_request_history to asprintf; fix bug 1365 2010-04-20 01:09:40 -04:00
Roger Dingledine
de4a49adc2 fix "Got a certificate for ?? that we already have"
what's happening here is that we're fetching certs for obsolete
authorities -- probably legacy signers in this case. but try to
remain general in the log message.
2010-04-19 18:35:57 -04:00
Nick Mathewson
e3cd535c7c Move the declaration of bandwidth_rate_rule_to_string
It's natural for the definition of bandwidth_rule_t to be with the functions
that actually care about its values.  Unfortunately, this means declaring
bandwidth_rate_rule_to_string() out of sequence.  Someday we'll just rename
reasons.c to strings.c, and put it at the end of or.h, and this will all be
better.
2010-04-19 16:39:29 -04:00
Roger Dingledine
c9573cf50b parameterize update_consensus_router_descriptor_downloads 2010-04-19 04:40:45 -04:00
Roger Dingledine
c29977ce00 simplify a path in networkstatus 2010-04-15 10:13:35 -04:00
Sebastian Hahn
71fb687ddd Add --enable-static-zlib option
Works like the --enable-static-openssl/libevent options. Requires
--with-zlib-dir to be set. Note that other dependencies might still
pull in a dynamicly linked zlib, if you don't link them in statically
too.
2010-04-14 19:28:21 +02:00
Nick Mathewson
fe57aab283 Merge branch 'correct_halflife' 2010-04-13 13:37:33 -04:00
Nick Mathewson
96a0edf373 Rename CircPriorityHalflifeMsec to CircuitPriorityHalflifeMsec
Everything that accepted the 'Circ' name handled it wrong, so even now
that we fixed the handling of the parameter, we wouldn't be able to
set it without making all the 0.2.2.7..0.2.2.10 relays act wonky.
This patch makes Tors accept the 'Circuit' name instead, so we can
turn on circuit priorities without confusing the versions that treated
the 'Circ' name as occasion to act weird.
2010-04-13 13:29:30 -04:00
Peter Palfrader
5e679acc72 testsuite: Prevent the main thread from starving the worker threads 2010-04-12 18:15:20 -04:00
Peter Palfrader
a02923122e testsuite: Only free the main mutex when and if all the worker threads are done 2010-04-12 18:15:17 -04:00
Nick Mathewson
311aca5a34 Log bandwidth_weight_rule_t as a string, not an integer.
I'm adding this because I can never remember what stuff like 'rule 3'
means.  That's the one where if somebody goes limp or taps out, the
fight is over, right?
2010-04-12 18:12:49 -04:00
Nick Mathewson
d888a8210f Fix a bug in reading CircPriorityHalflife from consensus
When you mean (a=b(c,d)) >= 0, you had better not say (a=b(c,d)>=0).
We did the latter, and so whenever CircPriorityHalflife was in the
consensus, it was treated as having a value of 1 msec (that is,
boolean true).
2010-04-12 15:38:54 -04:00
Roger Dingledine
8aec982f91 Merge branch 'maint-0.2.1'
Conflicts:

	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-04-03 22:05:02 -04:00
Roger Dingledine
0324d3b0ec fetch relay descriptors from v3 authorities 2010-04-03 21:53:29 -04:00
Sebastian Hahn
80d9737e70 Fix a segfault when a client is hup'd.
We need to make sure we have an event_base in dns.c before we call
anything that wants one. Make sure we always have one in dns_reset()
when we're a client. Fixes bug 1341.
2010-04-03 12:31:59 +02:00
Nick Mathewson
927425150b Merge branch 'asprintf' 2010-04-02 12:30:46 -04:00
Sebastian Hahn
cae769d646 Segfault less during consensus generation without params
If no authority votes on any params, Tor authorities segfault when
trying to make a new consensus from the votes. Let's change that.
2010-03-29 22:25:37 +02:00
Roger Dingledine
fe3380609e In the glorious future, all relays cache dir info.
Now if you're a published relay and you set RefuseUnknownExits, even
if your dirport is off, you'll fetch dir info from the authorities,
fetch it early, and cache it.

In the future, RefuseUnknownExits (or something like it) will be on
by default.
2010-03-16 04:02:18 -04:00
Roger Dingledine
1108358e96 let people test the RefuseUnknownExits idea 2010-03-10 22:43:23 -05:00
Roger Dingledine
625963d92a commit my annotations while i was hunting down the host order bug 2010-03-05 16:04:01 -05:00
Nick Mathewson
eb2e56ad3c Merge commit 'origin/maint-0.2.1'
Conflicts:
	src/or/config.c
	src/or/test.c
2010-03-04 18:44:31 -05:00
Nick Mathewson
3ff092391b Apply Roger's bug 1269 fix.
From http://archives.seul.org/tor/relays/Mar-2010/msg00006.html :

   As I understand it, the bug should show up on relays that don't set
   Address to an IP address (so they need to resolve their Address
   line or their hostname to guess their IP address), and their
   hostname or Address line fails to resolve -- at that point they'll
   pick a random 4 bytes out of memory and call that their address. At
   the same time, relays that *do* successfully resolve their address
   will ignore the result, and only come up with a useful address if
   their interface address happens to be a public IP address.
2010-03-04 18:37:40 -05:00
Nick Mathewson
b3ec39af8f Merge remote branch 'mikeperry/bwweight-smartlistfix' 2010-03-04 00:13:23 -05:00
Mike Perry
2b5e1d3636 Woops, forgot the second warn.
Also, differentiate the two log messages.
2010-03-03 21:02:01 -08:00
Mike Perry
97eec84f4b Demote warn to info, since it can happen.
I still feel like we should investigate this case. It seems odd.
2010-03-03 17:35:06 -08:00
Nick Mathewson
404af59ed5 Backport fix for time-goes-forward test. Fix bug 1267 2010-03-02 10:40:21 -05:00
Nick Mathewson
47e919424d Tweak users of snprintf to use asprintf where appropriate 2010-02-28 21:46:50 -05:00
Nick Mathewson
9caecc1e48 Merge branch 'fix_routerparse_bug' 2010-02-28 13:48:05 -05:00
Nick Mathewson
da220157a9 Update copyright dates for files not in maint-0.2.1 2010-02-27 17:19:00 -05:00
Nick Mathewson
b006e3279f Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	src/common/test.h
	src/or/test.c
2010-02-27 17:16:31 -05:00
Nick Mathewson
c3e63483b2 Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
Nick Mathewson
27a8a56e6c Fix a consensus-extension bug found by outofwords
When the bandwidth-weights branch added the "directory-footer"
token, and began parsing the directory footer at the first
occurrence of "directory-footer", it made it possible to fool the
parsing algorithm into accepting unsigned data at the end of a
consensus or vote.  This patch fixes that bug by treating the footer
as starting with the first "directory-footer" or the first
"directory-signature", whichever comes first.
2010-02-27 17:07:05 -05:00
Nick Mathewson
1c25077b1c fix some wide lines in routerparse.c 2010-02-27 16:33:22 -05:00
Nick Mathewson
937b5cdd41 Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	src/or/routerparse.c
2010-02-27 15:34:02 -05:00
Sebastian Hahn
b67657bd95 Properly handle non-terminated strings
Treat strings returned from signed_descriptor_get_body_impl() as not
NUL-terminated. Since the length of the strings is available, this is
not a big problem.

Discovered by rieo.
2010-02-27 02:13:22 +01:00
Mike Perry
03d6995d0e Check for empty smartlists and no bandwidth during node selection. 2010-02-26 16:17:09 -08:00
Sebastian Hahn
1c39dbd53a Don't segfault when checking the consensus 2010-02-26 08:01:40 +01:00
Nick Mathewson
1e1d471002 Don't believe unauthenticated info in a consensus.
Don't allow anything but directory-signature tokens in a consensus after
the first directory-signature token.  Fixes bug in bandwidth-weights branch.
Found by "outofwords."
2010-02-26 01:02:20 -05:00
Sebastian Hahn
86828e2004 Proper NULL checking in circuit_list_path_impl()
Another dereference-then-NULL-check sequence. No reports of this bug
triggered in the wild. Fixes bugreport 1256.

Thanks to ekir for discovering and reporting this bug.
2010-02-26 05:53:26 +01:00
Sebastian Hahn
f36c36f4a8 Proper NULL checking for hsdesc publication
Fix a dereference-then-NULL-check sequence. This bug wasn't triggered
in the wild, but we should fix it anyways in case it ever happens.
Also make sure users get a note about this being a bug when they
see it in their log.

Thanks to ekir for discovering and reporting this bug.
2010-02-26 05:49:34 +01:00
Nick Mathewson
512cebadad For integers, if !(E<G), then we can infer that E>=G.
This means that "if (E<G) {abc} else if (E>=G) {def}" can be replaced with
"if (E<G) {abc} else {def}"

Doing the second test explicitly made my mingw gcc nervous that we might
never be initializing casename.
2010-02-25 17:00:14 -05:00
Nick Mathewson
eb10d441b6 Fix 64-bit printf issues in consensus-bw-weights5-merge.
For my 64-bit Linux system running with GCC 4.4.3-fc12-whatever, you
can't do 'printf("%lld", (int64_t)x);' Instead you need to tell the
compiler 'printf("%lld", (long long int)x);' or else it doesn't
believe the types match.  This is why we added U64_PRINTF_ARG; it
looks like we needed an I64_PRINTF_ARG too.
2010-02-25 16:22:40 -05:00
Nick Mathewson
2ab3389ed6 Merge remote branch 'mikeperry/consensus-bw-weights5-merge'
Conflicts:
	ChangeLog
2010-02-25 16:22:29 -05:00
Nick Mathewson
6fa8dacb97 Add a tor_asprintf() function, and use it in a couple of places.
asprintf() is a GNU extension that some BSDs have picked up: it does a printf
into a newly allocated chunk of RAM.

Our tor_asprintf() differs from standard asprintf() in that:
  - Like our other malloc functions, it asserts on OOM.
  - It works on windows.
  - It always sets its return-field.
2010-02-25 16:09:10 -05:00
Mike Perry
215930a7de Check snprintf return values in format_networkstatus_vote.
Maybe this is what parakeep was complaining about? Really wish he
would stick around more. Playing these guessing games is not fun :(
2010-02-25 11:59:35 -08:00
Mike Perry
50d6960332 Cast our weights down to ints from int64.
They are capped to be between 0 and weight_scale (10000) by the code
just before the snprintf.
2010-02-25 11:42:45 -08:00
Sebastian Hahn
2917c0596c Restrict PerConnBWRate|Burst to INT32_MAX, update manpage
All other bandwidthrate settings are restricted to INT32_MAX, but
this check was forgotten for PerConnBWRate and PerConnBWBurst. Also
update the manpage to reflect the fact that specifying a bandwidth
in terabytes does not make sense, because that value will be too
large.
2010-02-25 12:33:15 +01:00
Mike Perry
0da26162a3 Make unit tests work.
Still not sure why they generate an empty consensus document..
Too much frobbing going on there.
2010-02-24 11:17:31 -08:00
Sebastian Hahn
c8f154e173 Proper NULL checking for hsdesc publication
Fix a dereference-then-NULL-check sequence. This bug wasn't triggered
in the wild, but we should fix it anyways in case it ever happens.
Also make sure users get a note about this being a bug when they
see it in their log.

Thanks to ekir for discovering and reporting this bug.
2010-02-23 17:09:02 +01:00
Sebastian Hahn
7681e355ed Fix another coverity-spotted memleak 2010-02-23 15:05:39 +01:00
Mike Perry
b3fde4d309 Add consensus method #defines. 2010-02-22 18:43:13 -08:00
Mike Perry
f4d6315afa Remove misc unnecessary newlines found by new check. 2010-02-22 16:52:11 -08:00
Mike Perry
245be159af Always weight routers by bandwidth.
Also always predict that we need a high capacity circuit or internal
circuit.
2010-02-22 16:52:11 -08:00
Mike Perry
87a0430a74 Clearly mark directory footer so we parse the new weight line. 2010-02-22 16:52:11 -08:00
Mike Perry
931e073a4f Implement bw weighting selection algorithm. 2010-02-22 16:52:11 -08:00
Mike Perry
df1ef2f0f0 Add parsing+verification for bw weight values. 2010-02-22 16:52:11 -08:00
Mike Perry
f9d40649fe Perform calculation of consensus bandwidth weights.
Also add bwweightscale consensus param. Use it as our
fixed-point calculation width.
2010-02-22 16:52:11 -08:00
Nick Mathewson
295e6557a9 Merge remote branch 'sebastian/coverity' 2010-02-22 12:46:43 -05:00
Nick Mathewson
d35b8dc582 Make expand_filename into a tor_strdup() alias on windows.
On Windows, we don't have a notion of ~ meaning "our homedir", so we
were deliberately using an #ifdef to avoid calling expand_filename()
in multiple places.  This is silly: The right place to turn a function
into a no-op on a single platform is in the function itself, not in
every single call-site.
2010-02-22 12:42:31 -05:00
Sebastian Hahn
1dfbec482c Remove some redundant code in options_save_current()
get_torrc_fname() does the same thing we did in this code, so let's
replace it.
2010-02-22 12:21:58 +01:00
Sebastian Hahn
b65ad83ebe Break early on unknown extendcircuit purpose
Don't continue handling EXTENDCIRCUIT messages when we get an
unknown purpose.
2010-02-22 10:57:11 +01:00
Sebastian Hahn
dcf85eb158 Fix a memory leak, found by coverity 2010-02-22 10:56:54 +01:00
Sebastian Hahn
e391a497ec Remove some redundand code in control.c
Found by coverity
2010-02-22 10:41:46 +01:00
Sebastian Hahn
5aa9610dd6 network-status-version must come first in a vote/consensus
Spec conformance issue: The code didn't force the network-status-version
token to be the first token in a v3 vote or consensus.

Problem discovered by Parakeep.
2010-02-22 09:16:26 +01:00
Nick Mathewson
0eb03bc6dd Merge remote branch 'public/cbt-status'
Conflicts:
	ChangeLog
2010-02-20 18:35:19 -05:00
Nick Mathewson
391f75d792 Merge remote branch 'sebastian/bug1143' 2010-02-19 16:58:24 -05:00
Sebastian Hahn
408a828b1f Make the DNSPort option work with libevent 2.x
We need to use evdns_add_server_port_with_base() when configuring
our DNS listener, because libevent segfaults otherwise. Add a macro
in compat_libevent.h to pick the correct implementation depending
on the libevent version.

Fixes bug 1143, found by SwissTorExit
2010-02-19 22:36:53 +01:00
Nick Mathewson
061ffbd7d5 Future-proof the control protocol by ignoring unrecognized keyword args 2010-02-18 12:49:48 -05:00
Nick Mathewson
2d95e02914 Make more arguments in control.c properly case-insensitive. 2010-02-18 12:49:26 -05:00
Mike Perry
2b95d1c0ee Describe the recent timeouts reallocation behavior. 2010-02-18 09:08:32 -08:00
Mike Perry
2258125e1a Move CBT params into consensus. 2010-02-18 09:08:31 -08:00
Mike Perry
f459388c29 Add an event for a case where we drop guards.
Also add a comment about an odd CBT timeout edgecase.
2010-02-18 09:08:31 -08:00
Mike Perry
ac68704f07 Allow "EXTENDCIRCUIT 0" to omit a path. 2010-02-18 09:08:31 -08:00
Mike Perry
8512e33773 Add BUILDTIMEOUT_SET event for CBT stress testing. 2010-02-18 09:08:31 -08:00
Nick Mathewson
715f104eeb Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-02-18 12:01:56 -05:00
Nick Mathewson
4e082ec84b Build correctly with Libevent 2.0.4-alpha and later 2010-02-15 16:47:47 -05:00
Roger Dingledine
3e6a37e61e new dannenberg address; make moria2's demise official. 2010-02-12 14:31:08 -05:00
Sebastian Hahn
fe18275563 Add Windows version detection for Vista and 7
Vista is Windows 6.0, and 7 is Windows 6.1. Fixes bug 1097.

Also fix a coding style violation.
2010-02-10 08:40:44 +01:00
Nick Mathewson
a6a1b8b815 Merge remote branch 'origin/maint-0.2.1' 2010-02-09 12:58:25 -05:00
Nick Mathewson
a4065cd832 Merge remote branch 'sebastian/bug925' 2010-02-09 12:50:54 -05:00
Nick Mathewson
6dd71d314d Merge remote branch 'sebastian/bug1238' 2010-02-09 12:50:45 -05:00
Nick Mathewson
c0d682686a Make tor_addr_copy() conform to memcpy requirements
The src and dest of a memcpy() call aren't supposed to overlap,
but we were sometimes calling tor_addr_copy() as a no-op.

Also, tor_addr_assign was a redundant copy of tor_addr_copy(); this patch
removes it.
2010-02-09 12:32:10 -05:00
Sebastian Hahn
253fd21ae1 Fix a whitespace violation 2010-02-09 09:10:07 +01:00
Sebastian Hahn
1e49c908f7 Speed up the execution of exit_policy_is_general_exit_helper()
It isn't necessary to walk through all possible subnets when the policy
we're looking at doesn't touch that subnet.
2010-02-09 09:10:07 +01:00
Sebastian Hahn
20422cde2b 0/8 doesn't count as a /8 subnet towards an Exit flag 2010-02-08 16:46:22 +01:00
Sebastian Hahn
b2b99a70c0 Don't spam controllers with TOO_MANY_CONNECTIONS events
We implemented ratelimiting for warnings going into the logfile, but didn't
rate-limit controller events. Now both log warnings and controller events
are rate-limited.
2010-02-08 16:45:36 +01:00
Sebastian Hahn
a168cd2a54 Don't use gethostbyname() in resolve_my_address()
Tor has tor_lookup_hostname(), which prefers ipv4 addresses automatically.
Bug 1244 occured because gethostbyname() returned an ipv6 address, which
Tor cannot handle currently. Fixes bug 1244; bugfix on 0.0.2pre25.
Reported by Mike Mestnik.
2010-02-08 15:49:54 +01:00
Nick Mathewson
080e8f50f8 Merge commit 'origin/maint-0.2.1' 2010-02-07 22:34:08 -05:00
Sebastian Hahn
dfee173289 lookup_last_hid_serv_request() could overflow and leak memory
The problem was that we didn't allocate enough memory on 32-bit
platforms with 64-bit time_t. The memory leak occured every time
we fetched a hidden service descriptor we've fetched before.
2010-02-07 06:37:35 +01:00
Sebastian Hahn
25ec240cc3 Call exit_policy_is_general_exit less
When calculating the is_exit flag for a routerinfo_t, we don't need
to call exit_policy_is_general_exit() if router_exit_policy_rejects_all()
tells us it definitely is an exit. This check is much cheaper than
running exit_policy_is_general_exit().
2010-02-04 00:06:56 +01:00
Nick Mathewson
7d5d4f9f03 When we've disabled .exit hostnames, actually reject them.
Previously we were treating them as decent hostnames and sending them
to the exit, which is completely wrong.
2010-02-03 15:59:15 -05:00
Nick Mathewson
ba0c9e5d03 Trivial doc fix for exit_policy_is_general_exit_helper
The original comment said what it did if there was at least one /8 that
allowed access to the port, but not what it did otherwise.
2010-02-03 00:12:31 -05:00
Sebastian Hahn
03bd98b3b1 Don't assign Exit flag incorrectly
exit_policy_is_general_exit() assumed that there are no redundancies
in the passed policy, in the sense that we actively combine entries
in the policy to really get rid of any redundancy. Since we cannot
do that without massively rewriting the policy lines the relay
operators set, fix exit_policy_is_general_exit().

Fixes bug 1238, discovered by Martin Kowalczyk.
2010-02-03 05:44:00 +01:00
Sebastian Hahn
02889bae21 Fix comments for getinfo_helper_t
rieo pointed out something isn't right here
2010-01-27 22:12:43 +01:00
Karsten Loesing
7e65871ccc Fix a memory corruption bug while collecting bridge stats
We accidentally freed the internal buffer for bridge stats when we
were writing the bridge stats file or honoring a control port
request for said data. Change the interfaces for
geoip_get_bridge_stats* to prevent these problems, and remove the
offending free/add a tor_strdup.

Fixes bug 1208.
2010-01-26 11:55:43 +01:00
Nick Mathewson
2d3f21e9ee Merge commit 'sebastian/quiet' 2010-01-25 14:39:20 -05:00
Nick Mathewson
2590d733f4 Try to untangle the logic in server_port_flush
It's a bit confusing to have a loop where another function,
confusingly named "*_free", is responsible for advancing the loop
variable (or rather, for altering a structure so that the next time
the loop variable's initializer is evaluated it evaluates to something
different.)

Not only has this confused people: it's also confused coverity scan.
Let's fix that.
2010-01-25 14:09:58 -05:00
Sebastian Hahn
7e89cc31ab Be quieter about failing to decode authority digests
This was freaking out some relay operators without good reason, as
it is nothing the relay operator can do anything about anyways.

Quieting this warning suggested by rieo.
2010-01-25 18:05:20 +01:00
Nick Mathewson
a93cabd9ab Since dump_microdescriptor() can return -1; make its type ssize_t 2010-01-24 16:24:47 -05:00
Peter Palfrader
256861023e Handle errors reported by fwrite() in dump_microdescriptor()
Does not deal with error handling in dump_microdescriptor's callers.
2010-01-24 15:05:20 -05:00
Nick Mathewson
0552deb613 Merge commit 'origin/maint-0.2.1'
Resolved conflicts in:
	configure.in
	src/or/Makefile.am
	src/tools/Makefile.am
2010-01-24 15:03:45 -05:00
Nick Mathewson
b6038f4ac6 Add --enable-static-(openssl|libevent) options
These options only work when using --with-(openssl|libevent)-dir to
explicitly pick a libevent or openssl location.
2010-01-24 14:34:47 -05:00
Nick Mathewson
3b4b6009a0 Merge remote branch 'origin/maint-0.2.1' 2010-01-23 20:46:57 -05:00
Nick Mathewson
aec4aea190 Fix two rare leaks spotted by rieo. 2010-01-23 20:46:38 -05:00
Nick Mathewson
d4354b506b Don't use OutboundBindAddress to connect to localhost
The OutboundBindAddress option is useful for making sure that all of
your outbond connections use a given interface.  But when connecting
to 127.0.0.1 (or ::1 even) it's important to actually have the
connection come _from_ localhost, since lots of programs running on
localhost use the source address to authenticate that the connection
is really coming from the same host.

Our old code always bound to OutboundBindAddress, whether connecting
to localhost or not.  This would potentially break DNS servers on
localhost, and socks proxies on localhost.  This patch changes the
behavior so that we only look at OutboundBindAddress when connecting
to a non-loopback address.
2010-01-20 13:09:10 -05:00
Roger Dingledine
8d84b4bfa1 Merge branch 'maint-0.2.1'
Conflicts:

	ChangeLog
2010-01-19 17:54:41 -05:00
Roger Dingledine
1fc94bfd0e spread guard rotation out throughout the month 2010-01-19 17:52:52 -05:00
Roger Dingledine
0642ab2428 weight guard choice by bandwidth; discard old guards 2010-01-19 17:30:52 -05:00
Roger Dingledine
37ca182c7e Merge branch 'maint-0.2.1' into master
Conflicts:

	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-01-19 14:51:39 -05:00
Roger Dingledine
708f47ecc9 downgrade a warning
this case can now legitimately happen, if you have a cached v2 status
from moria1, and you run with the new list of dirservers that's missing
the old moria1. it's nothing to worry about; the file will die off in
a month or two.
2010-01-19 14:25:15 -05:00
Roger Dingledine
adae600715 rotate keys for moria1 and gabelmoo 2010-01-19 14:12:39 -05:00
Sebastian Hahn
c32e8c292e Log a notice when we get a new control connection 2010-01-18 19:14:36 -05:00
Roger Dingledine
79eaeef1cd stop bridge authorities from leaking their bridge list 2010-01-17 19:41:22 -05:00
Roger Dingledine
b9f1bd3c4e whitespace fixes 2010-01-15 15:58:35 -05:00
Roger Dingledine
f1d74f611d fix an impossible-to-actually-trigger overflow in descriptor generation 2010-01-15 15:56:54 -05:00
Roger Dingledine
0450813227 resolve path weighting edge case; fixes bug 1203 2010-01-15 15:56:54 -05:00
Roger Dingledine
50e8210943 trivial cleanups 2010-01-15 15:56:54 -05:00
Roger Dingledine
f22c063067 remove redundant validate_addr_policies() checks 2010-01-15 15:56:53 -05:00
Roger Dingledine
fd5eb23c29 don't warn if stats/bridge-stats is missing
if we try to read it to publish stats and it's not there,
that means there are no stats to publish.

reported by swisstorexit.
2010-01-15 15:56:53 -05:00
Roger Dingledine
8cba62cc2a don't div by 0 during path selection 2010-01-02 13:13:30 -05:00
Roger Dingledine
485fa5c425 when loading bridge stats, mkdir $datadir/stats first 2010-01-02 09:28:19 -05:00
Roger Dingledine
4d71d43772 add config options to override.
somebody should add man page entries.
2009-12-29 23:13:03 -05:00
Roger Dingledine
f255272f45 add separate per-conn write limiting 2009-12-29 22:25:02 -05:00
Sebastian Hahn
9a07f30b90 Authorities now support conditional consensuses
Mark them this way in add_trusted_dir_server
2009-12-25 16:35:47 +01:00
Sebastian Hahn
51c00dbdec Remove some old, commented out code 2009-12-25 16:35:47 +01:00
Sebastian Hahn
9f1618b518 Remove online config descriptions.
They weren't in sync with reality nor manpage, and only useful to a human
who could simply have checked the manpage.
2009-12-25 16:35:47 +01:00
Sebastian Hahn
03da1af9ca Fix a typo 2009-12-25 16:33:56 +01:00
Roger Dingledine
2ef988c065 New consensus params "bwconnrate" and "bwconnburst"
...to let us
rate-limit client connections as they enter the network. It's
controlled in the consensus so we can turn it on and off for
experiments. It's starting out off. Based on proposal 163.
2009-12-23 04:56:24 -05:00
Roger Dingledine
7d832cc988 make the os x tiger compiler shut up
it's wrong, but that's our problem not its problem
2009-12-21 04:58:03 -05:00
Roger Dingledine
937607056b a changelog and doc fixes for the strictnodes work 2009-12-21 04:38:49 -05:00
Roger Dingledine
22e07b4ead fix compile 2009-12-21 03:52:34 -05:00
Roger Dingledine
2138b05f17 Use nodes in ExitNodes even if they're not fast/stable 2009-12-21 03:52:33 -05:00
Roger Dingledine
cc73bc3853 Use nodes in EntryNodes even if they're not fast/stable 2009-12-21 03:52:33 -05:00
Roger Dingledine
7346804ec6 instrument entry_is_live to tell why our guard isn't live 2009-12-21 03:52:33 -05:00
Roger Dingledine
ef81649d2f Be more willing to use an unsuitable circuit for exit.
Specifically, there are two cases: a) are we willing to start a new
circuit at a node not in your ExitNodes config option, and b) are we
willing to make use of a circuit that's already established but has an
unsuitable exit.

Now we discard all your circuits when you set ExitNodes, so the only
way you could end up with an exit circuit that ends at an unsuitable
place is if we explicitly ran out of exit nodes, StrictNodes was 0,
and we built this circuit to solve a stream that needs solving.

Fixes bug in dc322931, which would ignore the just-built circuit because
it has an unsuitable exit.
2009-12-21 03:52:32 -05:00
Roger Dingledine
c75a2eea60 Abandon circs if the user changes Exclude*Nodes
If ExcludeNodes or ExcludeExitNodes changes on a config reload,
mark and discard all our origin circuits.
2009-12-21 03:52:32 -05:00
Roger Dingledine
f2c51cb998 comments and cleanups, no actual changes 2009-12-21 03:52:32 -05:00
Roger Dingledine
1a65bdd232 Make EntryNodes config option much more aggressive.
Before it would prepend your requested entrynodes to your list of guard
nodes, but feel free to use others after that. Now it chooses only
from your EntryNodes if any of those are available, and only falls back
to others if a) they're all down and b) StrictNodes is not set.

Also, now we refresh your entry guards from EntryNode at each consensus
fetch (rather than just at startup and then they slowly rot as the
network changes).

The goal here is to make users less likely to set StrictNodes, since
it's doing closer to what they expect it should be doing.
2009-12-21 03:52:31 -05:00
Roger Dingledine
580066f2f6 Switch to a StrictNodes config option.
This is step one of handling ExcludedNodes better. This first
step is just to make EntryNodes and ExitNodes do what they did
before.
2009-12-21 03:52:31 -05:00
Roger Dingledine
5fee54a50f fix some typos 2009-12-19 05:12:00 -05:00
Nick Mathewson
05a2473b7f Merge branch 'ewma' 2009-12-18 22:33:02 -05:00
Nick Mathewson
7edae58984 Merge commit 'karsten/fix-bridge-stats-master-4' 2009-12-18 14:16:41 -05:00
Karsten Loesing
3a5a728d4a Permit an empty "bridge-ips" line when parsing bridge stats. 2009-12-18 13:29:51 +01:00
Karsten Loesing
f80672d747 Remove duplicate words and a duplicate newline. 2009-12-18 12:55:05 +01:00
Nick Mathewson
235f1e1a96 Refactor out the 'find string at start of any line' logic.
We do this in too many places throughout the code; it's time to start
clamping down.

Also, refactor Karsten's patch to use strchr-then-strndup, rather than
malloc-then-strlcpy-then-strchr-then-clear.
2009-12-17 18:29:37 -05:00
Karsten Loesing
498c293afe Make changes to latest bridge-stats fixes as suggested by Nick. 2009-12-17 11:20:31 +01:00
Karsten Loesing
e1e5c1b3ab Fix bridge statistics.
Fix statistics on client numbers by country as seen by bridges that were
broken in 0.2.2.1-alpha. Also switch to reporting full 24-hour intervals
instead of variable 12-to-48-hour intervals.
2009-12-17 09:22:55 +01:00
Karsten Loesing
d38268a8c7 Remove v0 hidden service statistics code.
The HSAuthorityRecordStats option was used to track statistics of overall
hidden service usage on the version 0 hidden service authorities. With the
version 2 hidden service directories being deployed and version 0
descriptors being phased out, these statistics are not as useful anymore.

Goodbye, you fine piece of software; my first major code contribution to
Tor.
2009-12-17 09:15:06 +01:00
Nick Mathewson
62c2a5a883 Merge commit 'karsten/fix-cell-stats'
Conflicts:
	ChangeLog
2009-12-16 21:59:25 -05:00
Nick Mathewson
350181529e Merge branch 'safelogging2'
Conflicts:
	ChangeLog
2009-12-15 17:26:09 -05:00
Nick Mathewson
fcbd65b45c Refactor the safe_str_*() API to make more sense.
The new rule is: safe_str_X() means "this string is a piece of X
information; make it safe to log."  safe_str() on its own means
"this string is a piece of who-knows-what; make it safe to log".
2009-12-15 17:25:34 -05:00
Nick Mathewson
3b896195cb Stop using lround in or.h, and check for bad values of RECENT_CIRCUITS 2009-12-15 17:11:27 -05:00
Nick Mathewson
d42c689b8e Merge commit 'sebastian/coverity' 2009-12-15 14:50:49 -05:00
Nick Mathewson
5db4b96089 Merge branch 'mathlog' 2009-12-15 14:42:09 -05:00
Nick Mathewson
e56747f9cf Refactor a bit so that it is safe to include math.h, and mostly not needed. 2009-12-15 14:40:49 -05:00
Nick Mathewson
60b01c6d5e Change interface for configuring cell ewma algorithm.
The rule is now: take the value from the CircuitPriorityHalflife
config option if it is set.  If it zero, disable the cell_ewma
algorithm.  If it is set, use it to calculate the scaling factor.
If it is not set, look for a CircPriorityHalflifeMsec parameter in the
consensus networkstatus.  If *that* is zero, then disable the cell_ewma
algorithm; if it is set, use it to calculate the scaling factor.
If it is not set at all, disable the algorithm.
2009-12-15 13:58:24 -05:00
Nick Mathewson
296381eda0 Merge commit 'sebastian/ewma2' into ewma
Conflicts:
	src/or/relay.c
2009-12-15 13:23:27 -05:00
Nick Mathewson
1292a9ddfe Fix various comment typos in ewma patch; found by arma. 2009-12-15 13:20:22 -05:00
Sebastian Hahn
d384f5e1ed Fix compile warning on Panther.
Apparently Panther doesn't like comparing ints and enums
2009-12-14 10:07:20 +01:00
Sebastian Hahn
182c583497 Remove some dead code found by coverity, cid 404
In connection_dir_client_reached_eof, we make sure that we either
return when we get an http status code of 503 or handle the problem
and set it to 200. Later we check if the status code is 503. Remove
that check.
2009-12-14 09:53:31 +01:00
Sebastian Hahn
27b7746c51 Fix Snow Leopard compile and a codestyle violation
When calculating the current tick, cap (tv_sec / EWMA_TICK_LEN) to an unsigned int.
2009-12-14 05:17:45 +01:00
Nick Mathewson
06e8370c33 Optimize cell-ewma circuit priority algorithm.
There are two big changes here:
  - We store active circuits in a priority queue for each or_conn,
    rather than doing a linear search over all the active circuits
    before we send each cell.
  - Rather than multiplying every circuit's cell-ewma by a decay
    factor every time we send a cell (thus normalizing the value of a
    current cell to 1.0 and a past cell to alpha^t), we instead
    only scale down the cell-ewma every tick (ten seconds atm),
    normalizing so that a cell sent at the start of the tick has
    value 1.0).
2009-12-13 21:05:53 -05:00
Roger Dingledine
f7d99b62a3 New controller command "getinfo config-text"
It returns the contents that Tor would write if you send it a SAVECONF
command, so the controller can write the file to disk itself.
2009-12-13 19:21:06 -05:00
Nick Mathewson
c43fee131d Adjust EWMA patch to conform to whitespace style. 2009-12-12 19:06:38 -05:00
Can Tang
d3be00e0f4 Favor quiet circuits when choosing which order to relay cells in.
Each circuit is ranked in terms of how many cells from it have been
relayed recently, using a time-weighted average.

This patch has been tested this on a private Tor network on PlanetLab,
and gotten improvements of 12-35% in time it takes to fetch a small
web page while there's a simultaneous large data transfer going on
simultaneously.

[Commit msg by nickm based on mail from Ian Goldberg.]
2009-12-12 19:06:38 -05:00
Nick Mathewson
c210db0d41 Enhance pqueue so we can remove items from the middle.
This changes the pqueue API by requiring an additional int in every
structure that we store in a pqueue to hold the index of that structure
within the heap.
2009-12-12 19:06:38 -05:00
Nick Mathewson
9e6225ae16 Merge commit 'sebastian/coverity' 2009-12-12 02:10:19 -05:00
Nick Mathewson
0c1b3070cf Now that FOO_free(NULL) always works, remove checks before calling it. 2009-12-12 02:07:59 -05:00
Nick Mathewson
79f72d0ef6 Make rend_cache_entry_free() typecheck when possible. 2009-12-12 01:31:35 -05:00
Nick Mathewson
a8190b09a3 Cache the parsed value of SafeLogging as an enum. 2009-12-12 01:12:47 -05:00
Sebastian Hahn
3807db001d *_free functions now accept NULL
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.

This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
2009-12-12 03:29:44 +01:00
Sebastian Hahn
f258647433 Allow SafeLogging to exclude client related information 2009-12-12 02:26:11 +01:00
Karsten Loesing
16fbb2f745 Minor fix to buffer stats.
Do not segfault when writing buffer stats when we haven't observed a
single circuit to report about.  This is a minor bug that would only show
up in testing environments with no traffic and with reduced stats
intervals.
2009-12-03 10:51:51 +01:00
Roger Dingledine
cee9a28d1e Merge commit 'origin/maint-0.2.1' 2009-11-23 10:16:38 -05:00
Roger Dingledine
a89f51c936 fix race condition that can cause crashes at client or exit relay
Avoid crashing if the client is trying to upload many bytes and the
circuit gets torn down at the same time, or if the flip side
happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
2009-11-23 10:13:50 -05:00
Roger Dingledine
403f99eaa4 add a minimum for CircuitStreamTimeout, plus a man page
plus some other unrelated touchups that have been sitting in my
sandbox
2009-11-22 07:15:30 -05:00
Roger Dingledine
7f3f88bed3 New config option "CircuitStreamTimeout"
New config option "CircuitStreamTimeout" to override our internal
timeout schedule for how many seconds until we detach a stream from
a circuit and try a new circuit. If your network is particularly
slow, you might want to set this to a number like 60.
2009-11-21 23:36:36 -05:00
Roger Dingledine
fdd58f3bd5 If somebody tries to overflow my dirport, don't log his IP by default.
aka Fix an instance where a Tor directory mirror might accidentally
log the IP address of a misbehaving Tor client. Bugfix on
0.1.0.1-rc.
2009-11-21 23:09:24 -05:00
Roger Dingledine
4f8b36a1e2 clobber connections with different number than we clobber circuits 2009-11-21 23:02:10 -05:00
Roger Dingledine
7b6b931ccc stop assuming that our downcasts have a struct offset of 0
shouldn't actually change anything, but who knows.
2009-11-21 22:59:18 -05:00
Nick Mathewson
9be682942c Not everybody likes debugging printfs as much as I 2009-11-18 11:26:44 -05:00
Nick Mathewson
e722ffa605 Do not report a partially-successful detached signature add as failed.
Also, regenerate the detached-signature document whenever any signatures are
successfully added.
2009-11-17 14:24:59 -05:00
Roger Dingledine
2ebd22152e only complain when rejecting a descriptor if it has contact info 2009-11-17 07:39:15 -05:00
Roger Dingledine
22f674fcb8 Fix a memory leak on directory authorities during voting
Fix a memory leak on directory authorities during voting that was
introduced in 0.2.2.1-alpha. Found via valgrind.
2009-11-12 01:31:26 -05:00
Nick Mathewson
0a58567ce3 Merge commit 'origin/maint-0.2.1'
Conflicts:
	src/common/tortls.c
2009-11-06 15:24:52 -05:00
Nick Mathewson
ce0a89e262 Make Tor work with OpenSSL 0.9.8l
To fix a major security problem related to incorrect use of
SSL/TLS renegotiation, OpenSSL has turned off renegotiation by
default.  We are not affected by this security problem, however,
since we do renegotiation right.  (Specifically, we never treat a
renegotiated credential as authenticating previous communication.)
Nevertheless, OpenSSL's new behavior requires us to explicitly
turn renegotiation back on in order to get our protocol working
again.

Amusingly, this is not so simple as "set the flag when you create
the SSL object" , since calling connect or accept seems to clear
the flags.

For belt-and-suspenders purposes, we clear the flag once the Tor
handshake is done.  There's no way to exploit a second handshake
either, but we might as well not allow it.
2009-11-05 18:13:08 -05:00
Nick Mathewson
eb1faf8a0a Fix a URL in a log message. 2009-11-04 11:39:10 -05:00
Sebastian Hahn
f1b7295b27 Disallow command line keywords with more than two dashes as prefix.
This might help fix cid 422, where coverity fails to notice that
argv strings are null-escaped.
2009-10-27 17:50:24 +01:00
Sebastian Hahn
b0e8c33617 Make it more obvious for coverity that cid 404 is not dead code 2009-10-27 14:19:32 +01:00
Jacob Appelbaum
2aac39a779 Implement DisableAllSwap to avoid putting secret info in page files.
This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.

Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
2009-10-27 04:28:40 -04:00
Karsten Loesing
56c2385157 Fix bug 1113.
Bridges do not use the default exit policy, but reject *:* by default.
2009-10-27 01:03:41 -07:00
Roger Dingledine
8c34e79263 Merge commit 'karsten/log-1092' 2009-10-27 02:26:58 -04:00
Karsten Loesing
c8b27a8e9e Improve log statement when publishing v2 hs desc. 2009-10-26 23:09:10 -07:00
Karsten Loesing
19ddee5582 Fix bug 1042.
If your relay can't keep up with the number of incoming create cells, it
would log one warning per failure into your logs. Limit warnings to 1 per
minute.
2009-10-26 22:49:43 -07:00
Nick Mathewson
54973a45a6 Fix an apparently bogus check; fortunately, it seems to be untriggered. 2009-10-26 23:14:53 -04:00
Nick Mathewson
311315e077 Fix an accidentally removed free in 385853a282, and repair a check. 2009-10-26 23:13:29 -04:00
Roger Dingledine
ad525685f6 Merge commit 'karsten/fix-1066-3' 2009-10-26 22:45:12 -04:00
Nick Mathewson
385853a282 Fix/annotate deadcode for CID 402,403 2009-10-26 22:40:41 -04:00
Nick Mathewson
caa141617f Fix dead code found by Coverity (CID 419).
This was left over from an early draft of the microdescriptor code; it
began to populate the signatures array of a networkstatus vote, even
though there's no actual need to do that for a vote.
2009-10-26 22:40:41 -04:00
Nick Mathewson
5e4d53d535 Remove checks for array existence. (CID 410..415)
In C, the code "char x[10]; if (x) {...}" always takes the true branch of
the if statement.  Coverity notices this now.

In some cases, we were testing arrays to make sure that an operation
we wanted to do would suceed.  Those cases are now always-true.

In some cases, we were testing arrays to see if something was _set_.
Those caes are now tests for strlen(s), or tests for
!tor_mem_is_zero(d,len).
2009-10-26 22:40:41 -04:00
Nick Mathewson
a457cd91fa Clarification to suppress Coverity CID 405.
Every or conn has an outbuf, but coverity has no way of knowing that.
Add an assert to ease its conscience.
2009-10-26 22:40:40 -04:00
Nick Mathewson
8519d36633 Merge commit 'origin/maint-0.2.1' 2009-10-26 22:40:24 -04:00
Karsten Loesing
4256a96461 Fix bug 1066.
If all authorities restart at once right before a consensus vote, nobody
will vote about "Running", and clients will get a consensus with no usable
relays. Instead, authorities refuse to build a consensus if this happens.
2009-10-26 19:27:54 -07:00
Nick Mathewson
5c73da7faa Fix two memory leaks found by Coverity (CIDs 417-418)
The first happens on an error case when a controller wants an
impossible directory object.  The second happens when we can't write
our fingerprint file.
2009-10-26 22:12:40 -04:00
Nick Mathewson
8bada1ef67 Add missing break statements for Coverity CIDs #406,407.
The code for these was super-wrong, but will only break things when we
reset an option on a platform where sizeof(time_t) is different from
sizeof(int).
2009-10-26 21:35:26 -04:00
Nick Mathewson
071521e02f Merge commit 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
2009-10-26 20:15:03 -04:00
Nick Mathewson
56048637a5 Only send the if_modified_since header for a v3 consensus.
Spotted by xmux; bugfix on 0.2.0.10-alpha.
(Bug introduced by 20b10859)
2009-10-26 20:14:11 -04:00
Karsten Loesing
d2b4b49ff0 Reduce log level for someone else sending us weak DH keys.
See task 1114. The most plausible explanation for someone sending us weak
DH keys is that they experiment with their Tor code or implement a new Tor
client. Usually, we don't care about such events, especially not on warn
level. If we really care about someone not following the Tor protocol, we
can set ProtocolWarnings to 1.
2009-10-25 23:47:05 -07:00
Roger Dingledine
fa23430496 clean up the XXX comments around bug 1038 2009-10-26 01:32:27 -04:00
Nick Mathewson
afc76a4e71 Fix two bugs found by Coverity scan.
One was a simple buffer overrun; the other was a high-speed pointer
collision.  Both were introduced by my microdescs branch.
2009-10-19 23:19:42 -04:00
Nick Mathewson
f629687053 Merge branch 'microdesc' 2009-10-19 00:45:47 -04:00
Nick Mathewson
465d4e1cd1 Document some formerly undocumented functions. 2009-10-19 00:30:52 -04:00
Sebastian Hahn
740806c453 Fix compile with warnings problems on Snow Leopard 2009-10-19 01:30:46 +02:00
Nick Mathewson
bb22d8fc45 Add functions to serve microdescs and flavored consensuses. 2009-10-18 18:46:12 -04:00
Nick Mathewson
200c39b66c Document the microdescriptor code better. 2009-10-18 18:46:12 -04:00