Commit Graph

1176 Commits

Author SHA1 Message Date
Nick Mathewson
d718c717a6 Merge branch 'maint-0.2.8' 2016-05-19 08:25:12 -04:00
Roger Dingledine
c98fbd4169 remove some more unused code 2016-05-09 14:42:09 -04:00
Nick Mathewson
532820b11c Add a BUG macro for usage in if checks. 2016-04-14 16:25:06 -04:00
Nick Mathewson
055a7a198a Rename tor_dup_addr to tor_addr_to_str_dup.
Patch from icanhasaccount; closes 18462.
2016-03-28 16:36:51 -04:00
Nick Mathewson
54559e5845 Merge remote-tracking branch 'teor/bug18351' 2016-03-24 09:33:58 -04:00
teor (Tim Wilson-Brown)
355f78364a Clarify ReachableAddress log messages
Make it clearer that they are about outgoing connection attempts.
Specify the options involved where they were missing from one log
message.
Clarify a comment.
2016-03-24 20:59:49 +11:00
teor (Tim Wilson-Brown)
f2a344e397 Downgrade IP version warnings to avoid filling logs
Downgrade logs and backtraces about IP versions to
info-level. Only log backtraces once each time tor runs.

Assists in diagnosing bug 18351; bugfix on c3cc8e16e in
tor-0.2.8.1-alpha.

Reported by "sysrqb" and "Christian", patch by "teor".
2016-03-24 10:39:23 +11:00
Nick Mathewson
ca8423a703 Merge remote-tracking branch 'public/bug18253' 2016-03-22 10:08:50 -04:00
Nick Mathewson
dd7c999617 Make unix sockets work with the linux seccomp2 sandbox again
I didn't want to grant blanket permissions for chmod() and chown(),
so here's what I had to do:
   * Grant open() on all parent directories of a unix socket
   * Write code to allow chmod() and chown() on a given file only.
   * Grant chmod() and chown() on the unix socket.
2016-03-14 14:07:02 -04:00
Nick Mathewson
0cdeac77e0 Don't chmod/chown unix sockets if their permissions are already ok
This is a part of a fix for 18253; bugfix on 0.2.8.1-alpha.

Alternatively, we could permit chmod/chown in the sandbox, but I
really don't like giving the sandbox permission to alter
permissions.
2016-03-14 13:40:44 -04:00
Peter Palfrader
1ef7df551d First RelaxDirModeCheck implementation 2016-03-01 17:08:14 +01:00
Nick Mathewson
88ad2f5fb2 Merge remote-tracking branch 'teor/bug18123' 2016-02-28 15:40:35 +01:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00
teor (Tim Wilson-Brown)
8e103cb2d0 Set EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing attack 2016-02-26 10:53:57 +01:00
teor (Tim Wilson-Brown)
c281c03654 If both IPv4 and IPv6 addresses could be used, choose one correctly
If there is a node, use node_ipv6_or/dir_preferred().
If there is no node, use fascist_firewall_prefer_ipv6_or/dirport().
2016-02-20 23:40:37 +11:00
Nick Mathewson
ba2be81fc3 Merge remote-tracking branch 'teor/feature17840-v11-merged-v2' 2016-02-11 12:20:20 -05:00
Nick Mathewson
7f9ac4957c Split a long line 2016-02-11 12:13:02 -05:00
Nick Mathewson
bc7a5eeeda Merge remote-tracking branch 'weasel/bug18261' 2016-02-11 12:12:02 -05:00
Harini Kannan
c30be5a82d Using router_get_my_routerinfo() 2016-02-07 16:07:35 -05:00
Peter Palfrader
42e131e9ac Fix a segfault during startup
If unix socket was configured as listener (such as a ControlSocket or a
SocksPort unix socket), and tor was started as root but not configured
to switch to another user, tor would segfault while trying to string
compare a NULL value.  Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch
by weasel.
2016-02-06 22:17:02 +01:00
teor (Tim Wilson-Brown)
c4cb4706c9 Merge branch 'feature17840-v11-squashed' into feature17840-v11-merged
Conflicts:
	src/or/directory.c
	src/test/test_routerlist.c

Fix minor conflicts.
2016-01-29 07:37:06 +11:00
teor (Tim Wilson-Brown)
3a00215c35 Minor whitespace-only fix 2016-01-29 07:16:05 +11:00
teor (Tim Wilson-Brown)
3b8216f215 Use fascist firewall and ClientUseIPv4 for bridge clients
Bridge clients ignore ClientUseIPv6, acting as if it is always 1.
This preserves existing behaviour.

Make ClientPreferIPv6OR/DirPort auto by default:
 * Bridge clients prefer IPv6 by default.
 * Other clients prefer IPv4 by default.
This preserves existing behaviour.
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
c3cc8e16e9 Log when IPv4/IPv6 restrictions or preferences weren't met 2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
e72cbf7a4e Choose directory servers by IPv4/IPv6 preferences
Add unit tests, refactor pick_directory functions.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
2d33d192fc Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections.
ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections.

Refactor policy for IPv4/IPv6 preferences.

Fix a bug where node->ipv6_preferred could become stale if
ClientPreferIPv6ORPort was changed after the consensus was loaded.

Update documentation, existing code, add unit tests.
2016-01-29 07:13:57 +11:00
Nick Mathewson
39a86185c8 Correct further grammatical errors in tor comments
Avoid using a pronoun where it makes comments unclear.
Avoid using gender for things that don't have it.
Avoid assigning gender to people unnecessarily.
2016-01-27 08:51:28 -05:00
teor (Tim Wilson-Brown)
c927b6cb1a Correct grammatical errors in tor comments
Avoid using gender for things that don't have it.

Avoid assigning a gender to tor users.
2016-01-26 13:46:54 +11:00
cypherpunks
9d5e47d2d7 Add missing parentheses 2015-12-17 08:34:27 -05:00
cypherpunks
fd399ec850 Remove Windows specific data type usage
The Tor code base already contains usage of setsockopt(2) with an int as
their option value without problems.
2015-12-17 08:34:27 -05:00
cypherpunks
2d2312d989 Conform to the type signature of setsockopt(2)
According to the POSIX standard the option value is a pointer to void
and the option length a socklen_t. The Windows implementation makes the
option value be a pointer to character and the option length an int.

Casting the option value to a pointer to void conforms to the POSIX
standard while the implicit cast to a pointer to character conforms to
the Windows implementation.

The casts of the option length to the socklen_t data type conforms to
the POSIX standard. The socklen_t data type is actually an alias of an
int so it also conforms to the Windows implementation.
2015-12-17 08:34:27 -05:00
Nick Mathewson
e6be486aea More emergency-check code for un-removed pending entry conns
This might also be what #17752 needs.
2015-12-16 19:16:07 -05:00
Nick Mathewson
efc8b2dbbf clean whitespace 2015-12-15 13:22:41 -05:00
teor (Tim Wilson-Brown)
df0c135d62 Prop210: Refactor connection_get_* to produce lists and counts 2015-12-16 04:02:12 +11:00
Nick Mathewson
a807bb781b Whitespace fix 2015-12-10 20:04:04 -05:00
Jamie Nguyen
dcbfe46cd6 Defer creation of Unix socket until after setuid 2015-12-10 20:00:06 -05:00
Arlo Breault
d68b7fd442 Refactor clock skew warning code to avoid duplication 2015-12-10 19:54:11 -05:00
teor (Tim Wilson-Brown)
329aa59e43 Comment-only change to connection_get_by_type_addr_port_purpose
connection_get_by_type_addr_port_purpose also ignores connections
that are marked for close.
2015-12-07 16:13:07 +11:00
teor (Tim Wilson-Brown)
b7525c39bf Comment-only changes to connection_connect
port is in host order (addr is tor_addr_t, endianness is abstracted).

addr and port can be different to conn->addr and conn->port if
connecting via a proxy.
2015-12-07 16:10:37 +11:00
Nick Mathewson
0a701e5377 More fixes/debugging attempts for 17659 2015-11-27 12:54:57 -05:00
rl1987
77a5ca901f Unit test dns_resolve(), dns_clip_ttl(), dns_get_expiry_ttl(). 2015-08-23 16:02:39 +03:00
Nick Mathewson
aadff62745 Do not autoflush control connections as their outbufs get big
Doing this is no longer necessary, and it leads to weird recursions in
our call graph.  Closes ticket 16480.
2015-07-30 13:31:27 -04:00
Nick Mathewson
2ba6542517 Merge remote-tracking branch 'sysrqb/bug15220_026_sysrqb' 2015-07-16 15:38:08 -04:00
Nick Mathewson
cc3a791d55 fix a windows unused var warning 2015-06-28 02:18:15 -04:00
David Goulet
699acd8d54 Validate the open file limit when creating a socket
Fixes #16288

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-25 11:30:47 -04:00
Nick Mathewson
2f67a6e8c9 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-04 15:02:47 -04:00
Yawning Angel
f2ff814582 Set session_group after the port's data structure has been populated.
Fixes #16247, patch by "jojelino".
2015-06-04 13:53:35 +00:00
Yawning Angel
915c7438a7 Add "ADD_ONION"/"DEL_ONION" and "GETINFO onions/*" to the controller.
These commands allow for the creation and management of ephemeral
Onion ("Hidden") services that are either bound to the lifetime of
the originating control connection, or optionally the lifetime of
the tor instance.

Implements #6411.
2015-04-28 10:19:08 -04:00
Yawning Angel
196499da73 Use a custom Base64 encoder with more control over the output format. 2015-04-23 09:06:58 -04:00
Sebastian Hahn
348f2744cf Initialize two variables
This is a trivial change to get around two compiler warnings when
assertions are removed during coverage builds.
2015-03-21 02:00:17 +01:00
Nick Mathewson
809517a863 Allow {World,Group}Writable on AF_UNIX {Socks,Control}Ports.
Closes ticket 15220
2015-03-11 13:31:33 -04:00
Roger Dingledine
a1bdb6e42c fix typo in comment 2015-03-03 19:12:27 -05:00
Nick Mathewson
f1fa85ea73 Fix running with the seccomp2 sandbox
We had a regression in 0.2.6.3-alpha when we stopped saying
IPPROTO_TCP to socket().  Fixes bug 14989, bugfix on 0.2.6.3-alpha.
2015-02-23 12:16:08 -05:00
Sebastian Hahn
e0c3de40ad Fix check-spaces complaints 2015-02-06 21:36:40 +01:00
Nick Mathewson
d1e52d9a2a Correctly handle OutboundBindAddress again.
ca5ba2956b broke this; bug not in any
released Tor.

Also fix a typo.

Fixes 14541 and 14527.  Reported by qbi.
2015-01-30 07:29:23 -05:00
Nick Mathewson
4c1a779539 Restrict unix: addresses to control and socks for now 2015-01-29 14:51:59 -05:00
Nick Mathewson
204374f7d9 Remove SocksSocket; it's now spelled differently thanks to 14451
Also, revise bug12585 changes file to mention new syntax
2015-01-29 14:46:20 -05:00
Andrea Shepard
ca5ba2956b Support connection_exit_connect() to AF_UNIX sockets 2015-01-28 14:30:23 -05:00
Nick Mathewson
23fc1691b6 Merge branch 'better_workqueue_v3_squashed' 2015-01-21 14:47:16 -05:00
Nick Mathewson
4b23b398a3 Merge branch 'bug8546_squashed'
Conflicts:
	src/or/connection.c
	src/or/or.h
	src/or/relay.c
2015-01-16 09:31:50 -05:00
Nick Mathewson
49bdfbabb4 Replace field-by-field copy with memcpy for entry_port_cfg 2015-01-16 09:23:03 -05:00
Nick Mathewson
13dac5e463 Move entry_port_cfg_t fields in entry_connection_t
Also rename some options for uniformity, and apply this script:

@@
entry_connection_t *conn;
@@
 conn->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:58 -05:00
Nick Mathewson
58d17add5e Combine entry_port_cfg_t fields in listener_connection_t
Also, revise the code using these options with this cocci script:

@@
listener_connection_t *conn;
@@
 conn->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:53 -05:00
Nick Mathewson
f444f2b1d3 Split client-specific and server-specific parts of port_cfg_t
Also, apply this cocci script to transform accesses. (Plus manual
migration for accesses inside smartlist_foreach loops.)

@@

port_cfg_t *cfgx;
@@
 cfgx->
+server_cfg.
\(
 no_advertise
\|
 no_listen
\|
 all_addrs
\|
 bind_ipv4_only
\|
 bind_ipv6_only
\)

@@

port_cfg_t *cfgx;
@@
 cfgx->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:49 -05:00
Nick Mathewson
1e896214e7 Refactor cpuworker to use workqueue/threadpool code. 2015-01-14 11:23:34 -05:00
Nick Mathewson
518b0b3c5f Do not log a notice on every socks connection 2015-01-14 09:54:40 -05:00
Nick Mathewson
17c568b95c Fix new unused variable warning in connection_listener_new 2015-01-13 13:45:35 -05:00
Andrea Shepard
066acaf6b9 Explicitly chmod AF_UNIX sockets to 0600 when *GroupWritable isn't specified 2015-01-13 00:27:04 +00:00
Andrea Shepard
4316bb601a Remove no-longer-accurate comment from connection.c 2015-01-13 00:21:59 +00:00
Andrea Shepard
62f297fff0 Kill duplicated code in connection_listener_new() 2015-01-12 16:26:34 +00:00
Andrea Shepard
a3bcde3638 Downgrade open/close log message for SocksSocket 2015-01-07 22:57:51 +00:00
Andrea Shepard
2ca1c386b0 Bring sanity to connection_listener_new() 2015-01-07 22:51:24 +00:00
Andrea Shepard
48633c0766 Rename is_tcp in connection_listener_new(), since AF_UNIX means SOCK_STREAM no longer implies TCP 2015-01-07 19:45:59 +00:00
Andrea Shepard
c6451e4c9f Refactor check_location_for_unix_socket()/check_location_for_socks_unix_socket() to eliminate duplicated code 2015-01-07 19:17:04 +00:00
Jacob Appelbaum
8d59ddf3cb Commit second draft of Jake's SOCKS5-over-AF_UNIX patch. See ticket #12585.
Signed-off-by: Andrea Shepard <andrea@torproject.org>
2015-01-07 17:42:57 +00:00
Nick Mathewson
1abd526c75 Merge remote-tracking branch 'public/bug12985_025' 2015-01-07 11:55:50 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
Nick Mathewson
1c05dfd0b6 Merge branch 'ticket7356_squashed' 2014-12-21 14:48:53 -05:00
rl1987
fc7d5e598b Using CHANNEL_FINISHED macro in connection.c 2014-12-21 14:48:38 -05:00
Nick Mathewson
a28df3fb67 Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'
Conflicts:
	src/or/or.h
	src/test/Makefile.nmake
2014-11-27 22:39:46 -05:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
rl1987
14d59fdc10 Updating message that warns about running out of sockets we can use. 2014-10-28 14:13:25 -04:00
Andrea Shepard
8852a1794c Track total queue size per channel, with overhead estimates, and global queue total 2014-09-30 22:49:03 -07:00
Nick Mathewson
b448ec195d Clear the cached address from resolve_my_address() when our IP changes
Closes 11582; patch from "ra".
2014-09-29 13:47:58 -04:00
Nick Mathewson
e07206afea Merge remote-tracking branch 'yawning/bug_8402' 2014-09-10 23:41:55 -04:00
Nick Mathewson
e3c143f521 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
Nick Mathewson
d8fe499e08 Revert "restore the sensible part of ac268a83408e1450544db2f23f364dfa3"
This reverts commit b82e166bec.

We don't need that part in 0.2.5, since 0.2.5 no longer supports
non-multithreaded builds.
2014-08-29 12:25:05 -04:00
Nick Mathewson
b0138cd055 Merge remote-tracking branch 'public/bug12985_024' into bug12984_025 2014-08-29 12:24:52 -04:00
Nick Mathewson
b82e166bec restore the sensible part of ac268a8340
We don't want to call event_del() postfork, if cpuworkers are
multiprocess.
2014-08-29 12:21:57 -04:00
Nick Mathewson
4144b4552b Always event_del() connection events before freeing them
Previously, we had done this only in the connection_free() case, but
when we called connection_free_() directly from
connections_free_all(), we didn't free the connections.
2014-08-29 11:33:05 -04:00
Nick Mathewson
b408125288 Merge remote-tracking branch 'andrea/bug11302' 2014-07-16 16:58:41 +02:00
Anthony G. Basile
d504a4e36f src/or/connection.c: expose bucket_millis_empty for bufferevents test
Currently tor fails to build its test when enabled with bufferevents
because an #ifndef USE_BUFFEREVENTS hides bucket_millis_empty() and
friends.  This is fine if we don't run tests, but if we do, we need
these functions in src/or/libtor-testing.a when linking src/test/test.

This patch moves the functions outside the #ifndef and exposes them.

See downstream bug:

	https://bugs.gentoo.org/show_bug.cgi?id=510124
2014-07-16 10:37:00 +02:00
Nick Mathewson
3a2e25969f Merge remote-tracking branch 'public/ticket6799_024_v2_squashed'
Conflicts:
	src/or/channel.c
	src/or/circuitlist.c
	src/or/connection.c

Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
2014-06-11 11:57:56 -04:00
Nick Mathewson
6557e61295 Replace last_added_nonpadding with last_had_circuits
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits.  But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.

This is part of fixing 6799.

When applied to 0.2.5, it is also a fix for 12023.
2014-06-11 11:27:04 -04:00
Nick Mathewson
463f6628d3 Give each or_connection_t a slightly randomized idle_timeout
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.

Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.

Fix for ticket 6799.
2014-06-11 11:27:04 -04:00
Yawning Angel
1210bdf146 Log the correct proxy type on failure.
get_proxy_addrport fills in proxy_type with the correct value, so there
is no point in logging something that's a "best guess" based off the
config.
2014-05-21 08:14:39 +00:00
Yawning Angel
cd56b1a86e Remove get_bridge_pt_addrport().
The code was not disambiguating ClientTransportPlugin configured and
not used, and ClientTransportPlugin configured, but in a failed state.

The right thing to do is to undo moving the get_transport_by_addrport()
call back into get_proxy_addrport(), and remove and explicit check for
using a Bridge since by the time the check is made, if a Bridge is
being used, it is PT/proxy-less.
2014-05-21 08:14:39 +00:00
Yawning Angel
41d2b4d3af Allow ClientTransportPlugins to use proxies
This change allows using Socks4Proxy, Socks5Proxy and HTTPSProxy with
ClientTransportPlugins via the TOR_PT_PROXY extension to the
pluggable transport specification.

This fixes bug #8402.
2014-05-21 08:14:38 +00:00
Nick Mathewson
9b4ac986cb Use tor_getpw{nam,uid} wrappers to fix bug 11946
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd).  The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.

To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.

(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox.  It's not desirable either.)
2014-05-14 13:53:14 -04:00