Commit Graph

301 Commits

Author SHA1 Message Date
Nick Mathewson
2c8c58ab2f Another tweak for guard restrictions: don't let complete circs block
If a complete circuit C2 doesn't obey the restrictions of C1, then
C2 cannot block C1.

The patch here is a little big-ish, since we can no longer look
through all the complete circuits and all the waiting circuits on a
single pass: we have to find the best waiting circuit first.
2016-12-16 11:06:20 -05:00
Nick Mathewson
87f9b42179 Implement support for per-circuit guard restrictions.
This is an important thing I hadn't considered when writing prop271:
sometimes you have to restrict what guard you use for a particular
circuit.  Most frequently, that would be because you plan to use a
certain node as your exit, and so you can't choose that for your
guard.

This change means that the upgrade-waiting-circuits algorithm needs
a slight tweak too: circuit A cannot block circuit B from upgrading
if circuit B needs to follow a restriction that circuit A does not
follow.
2016-12-16 11:06:20 -05:00
Nick Mathewson
17c3faa2e3 guards_choose_dirguard(): replace one XXXX with another.
I had been asking myself, "hey, doesn't the new code need to look at
this "info" parameter? The old code did!"  But it turns out that the
old code hasn't, since 05f7336624.

So instead of "support this!" the comment now says "we can remove
this!"
2016-12-16 11:06:20 -05:00
Nick Mathewson
9d065ecc3d Fix a magic number in get_max_sample_size 2016-12-16 11:06:20 -05:00
Nick Mathewson
1e9cd5d2bb Note a couple of XXX-prop271s as spec deviations. 2016-12-16 11:06:19 -05:00
Nick Mathewson
f4e64c04f4 Remove some resolved "XXXX prop271" comments. 2016-12-16 11:06:19 -05:00
Nick Mathewson
80fa404625 Fix for small test networks: don't refuse to have any sampled guards.
Don't restrict the sample size if the network size is less than 20
guards.  Maybe we'll think of a better rule later on?
2016-12-16 11:06:19 -05:00
Nick Mathewson
eac8b3f758 Remove a few unused arguments. 2016-12-16 11:06:19 -05:00
Nick Mathewson
84bfa895d7 Change return value of entry_guard_succeeded to an enum.
George pointed out that (-1,0,1) for (never usable, maybe usable
later, usable right now) was a pretty rotten convention that made
the code harder to read.
2016-12-16 11:06:19 -05:00
Nick Mathewson
46619ec914 Note some large functions that could be split.
George Kadianakis pointed these out.
2016-12-16 11:06:19 -05:00
Nick Mathewson
3bcbbea350 More progress on bridge implementation with prop271 guards
Here we handle most (all?) of the remaining tasks, and fix some
bugs, in the prop271 bridge implementation.

  * We record bridge identities as we learn them.
  * We only call deprecated functions from bridges.c when the
    deprecated guard algorithm is in use.
  * We update any_bridge_descriptors_known() and
    num_bridges_usable() to work correctly with the new backend
    code. (Previously, they called into the guard selection logic.
  * We update bridge directory fetches to work with the new
    guard code.
  * We remove some erroneous assertions where we assumed that we'd
    never load a guard that wasn't for the current selection.

Also, we fix a couple of typos.
2016-12-16 11:06:18 -05:00
Nick Mathewson
82fa71610d Implement bridge backends for sampling, filtering guards.
Still missing is functionality for picking bridges when we don't
know a descriptor for them yet, and functionality for learning a
bridge ID.

Everything else remains (basically) the same. Neat!
2016-12-16 11:06:18 -05:00
Nick Mathewson
53f248f6c9 Add some needed accessors/inspectors for bridge/guard convergence 2016-12-16 11:06:18 -05:00
Nick Mathewson
1d52ac4d3f Lay down some infrastructure for bridges in the New Guard Order.
This includes:
  * making bridge_info_t exposed but opaque
  * allowing guards where we don't know an identity
  * making it possible to learn the identity of a guard
  * creating a guard that lacks a node_t
  * remembering a guard's address and port.
  * Looking up a guard by address and port.
  * Only enforcing the rule that we need a live consensus to update
    the "listed" status for guards when we are not using bridges.
2016-12-16 11:06:18 -05:00
Nick Mathewson
89f5f149df Remove guard_selection argument from status-reporting functions
This prevents us from mixing up multiple guard_selections
2016-12-16 11:06:18 -05:00
Nick Mathewson
6dcbc24a4e Add a backpointer from entry_guard_t to guard_selection_t
This is safe, because no entry_guard_t ever outlives its
guard_selection_t.

I want this because now that multiple guard selections can be active
during one tor session, we should make sure that any information we
register about guards is with respect to the selection that they came
from.
2016-12-16 11:06:18 -05:00
Nick Mathewson
404e9e5611 Have multiple guard contexts we can switch between.
Currently, this code doesn't actually have the contexts behave
differently, (except for the legacy context), but it does switch
back and forth between them nicely.
2016-12-16 11:06:18 -05:00
Nick Mathewson
c6d218c44b Unit tests for entry_guard_{pick_for_circuit,succeeded,failed} 2016-12-16 11:06:17 -05:00
Nick Mathewson
9493711077 Mark confirmed guards primary as appropriate.
If a guard becomes primary as a result of confirming it, consider
the circuit through that guard as a primary circuit.

Also, note open questions on behavior when confirming nonprimary guards
2016-12-16 11:06:17 -05:00
Nick Mathewson
d2af9826fd Turn #defines for prop271 into networkstatus params
Some of these will get torrc options to override them too; this
is just the mechanical conversion.

Also, add documentation for a couple of undocumented (but now used)
parameters.
2016-12-16 11:06:17 -05:00
Nick Mathewson
2ea5aa7182 Expire circuits that have been WAITING_FOR_BETTER_GUARD too long
(This is required by 3.9 in prop271, but is better done as a
separate function IMO)
2016-12-16 11:06:16 -05:00
Nick Mathewson
e56bc1e5de Move the 'dirty' flag for the guards to a global again
It makes more sense to have a single dirty flag, since we always
regenerate the whole state file when we save it.
2016-12-16 11:06:16 -05:00
Nick Mathewson
bce0f79252 Mark some more BUG lines as unreachable. 2016-12-16 11:06:16 -05:00
Nick Mathewson
a7bc73935b Test get_guard_selection_by_name 2016-12-16 11:06:15 -05:00
Nick Mathewson
526b0e2ce2 Avoid division-by-zero in pathbias_check_*_success_count 2016-12-16 11:06:15 -05:00
Nick Mathewson
ac67819396 Make sure primary-guards are up-to-date when we inspect them.
(Plus some magic to prevent and detect recursive invocation of
entry_guards_update_primary(), since that can cause some pretty
tricky misbehavior.)
2016-12-16 11:06:15 -05:00
Nick Mathewson
897626953b Rebuild the guard lists as appropriate on torrc change.
(Also, prepare to tie guard changes into the mark-all-old-circuits
logic.)
2016-12-16 11:06:15 -05:00
Nick Mathewson
6788418f28 Propagate Ed25519 identities downwards into more functions.
Actually set ed25519 identities on channels when we set a channel's
identity.
2016-12-08 16:47:58 -05:00
Nick Mathewson
a20c8a81d7 Migrate main data loop for set_bad_connections to use channel structures
This was the last user of our or_connections-by-ID map.  It also had
a tendency to be O(N) in cases that only had to be O(1).
2016-12-08 16:47:57 -05:00
Nick Mathewson
d98b9b6d65 Fix pathbias interactions with entry guards
entry_guard_get_by_id_digest() was always returning NULL, which was
causing "adventure" and "fun"
2016-11-30 14:44:43 -05:00
Nick Mathewson
783fa2f586 Make pathbias fields persistent for new guards 2016-11-30 14:44:43 -05:00
Nick Mathewson
858c8f5593 Make new prop271 entry guards persistent
To do this, it makes sense to treat legacy guards as a separate
guard_selection_t *, and handle them separately.  This also means we
add support here for having multiple guard selections.

Note that we don't persist pathbias information yet; that will take
some refactoring.
2016-11-30 14:44:43 -05:00
Nick Mathewson
dbbaa51518 Use the new guard notification/selection APIs throughout Tor
This patch doesn't cover every case; omitted cases are marked with
"XXXX prop271", as usual.  It leaves both the old interface and the
new interface for guard status notification, since they don't
actually work in the same way: the new API wants to be told when a
circuit has failed or succeeded, whereas the old API wants to know
when a channel has failed or succeeded.

I ran into some trouble with directory guard stuff, since when we
pick the directory guard, we don't actually have a circuit to
associate it with.  I solved that by allowing guard states to be
associated with directory connections, not just circuits.
2016-11-30 14:42:53 -05:00
Nick Mathewson
8e43398986 Function to cancel a guard state.
We'll want to use this if we allocate a guard state then decide,
"whoops, we don't want to use this."
2016-11-30 14:42:53 -05:00
Nick Mathewson
4689096ed1 No need to say success/failure when recording failure; remove returnval
(We can fail at succeeding, but there's no plausible way to fail at failing)
2016-11-30 14:42:53 -05:00
Nick Mathewson
af1918d289 New entry_guard_chan_failed function
To be called when an entire channel has failed: tell any/all
circuits pending for the guard of that channel that they have
failed.
2016-11-30 14:42:53 -05:00
Nick Mathewson
1fd0a547bb New function to tell the guard module "We're on the net!"
(Call it whenever we read a cell.)
2016-11-30 14:42:53 -05:00
Nick Mathewson
8dc6048c02 Add an (as yet) unused UseDeprecatedGuardAlgorithm_ option.
I expect we'll be ripping this out somewhere in 0.3.0, but let's
keep it around for a little while in case it turns out to be the
only way to avert disaster?
2016-11-30 14:42:53 -05:00
Nick Mathewson
36e9fbd752 Backend for upgrading 'waiting' circuits to 'complete'
When a nonprimary guard's circuit is complete, we don't call it
actually usable until we are pretty sure that every better guard
is indeed not going to give us a working circuit.
2016-11-30 14:42:52 -05:00
Nick Mathewson
dd6bdab3f6 Write the easy parts of the public entryguard interface.
Here we add a little bit of state to origin circuits, and set up
the necessary functions for the circuit code to call in order to
find guards, use guards, and decide when circuits can be used.

There's also an incomplete function for the hard part of the
circuit-maintenance code, where we figure out whether any waiting
guards are ready to become usable.

(This patch finally uses the handle.c code to make safe handles to
entry_guard_t objects, so that we are allowed to free an
entry_guard_t without checking whether any origin_circuit_t is
holding a reference to it.)
2016-11-30 14:42:52 -05:00
Nick Mathewson
7bf946965b Implement most of the prop271 data structure backends.
This code handles:
  * Maintaining the sampled set, the filtered set, and the
    usable_filtered set.
  * Maintaining the confirmed and primary guard lists.
  * Picking guards for circuits, and updating guard state when
    circuit state changes.

Additionally, I've done code structure movement: even more constants
and structures from entrynodes.c have become ENTRYNODES_PRIVATE
fields of entrynodes.h.

I've also included a bunch of documentation and a bunch of unit
tests.  Coverage on the new code is pretty high.

I've noted important things to resolve before this branch is done
with the /XXXX.*prop271/ regex.
2016-11-30 14:42:52 -05:00
Nick Mathewson
6a02f9f35a Add parameters for new (prop271) guard algorithm.
These are taken from the proposal, and defined there.  Some of them
should turn into consensus parameters.

Also, remove some dead code that was there to make compilation work,
and use ATTR_UNUSED like a normal person.
2016-11-30 14:42:52 -05:00
Nick Mathewson
3c12133038 Collect old guard algorithm parameters into one place 2016-11-30 14:42:52 -05:00
Nick Mathewson
c74542c51a Add accessors as needed to repair compilation
The previous commit, in moving a bunch of functions to bridges.c,
broke compilation because bridges.c required two entry points to
entrynodes.c it didn't have.
2016-11-30 14:42:52 -05:00
Nick Mathewson
8da24c99bd Split bridge functions into a new module.
This patch is just:
   * Code movement
   * Adding headers here and there as needed
   * Adding a bridges_free_all() with a call to it.

It breaks compilation, since the bridge code needed to make exactly
2 calls into entrynodes.c internals.  I'll fix those in the next
commit.
2016-11-30 14:42:52 -05:00
Nick Mathewson
dd6def5daf Initial code to parse/encode/sample prop271 guards
The encoding code is very straightforward.  The decoding code is a
bit tricky, but clean-ish.  The sampling code is untested and
probably needs more work.
2016-11-30 14:42:52 -05:00
Nick Mathewson
539eba0a4b Teach parse_iso_time about the spaceless variant.
(We previously added support for generating the spaceless
2016-11-14T19:58:12 variant, but not for actually parsing it.)
2016-11-30 14:42:52 -05:00
Nick Mathewson
df8256a931 Add the prop271 fields to entry_guard_t. Not used yet. 2016-11-30 14:42:52 -05:00
Nick Mathewson
043e9b0151 Whitespace fixes from previous mechanical search-and-replaces 2016-11-30 14:42:52 -05:00
Nick Mathewson
f66f9c82e9 Make entry_guard_t opaque to circpathbias.c
This was a relatively mechanical change.  First, I added an accessor
function for the pathbias-state field of a guard.  Then I did a
search-and-replace in circpathbias.c to replace "guard->pb." with
"pb->".  Finally, I made sure that "pb" was declared whenever it was
needed.
2016-11-30 14:42:52 -05:00
Nick Mathewson
62477906e9 Fix remaining case of circpathbias inspecting entryguard internals 2016-11-30 14:42:52 -05:00
Nick Mathewson
823357dbe4 Add an entry_guard_describe() function
This function helpfully removes all but one remaining use of
an entry_guard_t private field in pathbias.c
2016-11-30 14:42:52 -05:00
Nick Mathewson
be447bc770 Move path-bias fields into a separate structure
(Other than the field movement, the code changes here are just
search-and-replace)
2016-11-30 14:42:52 -05:00
Nick Mathewson
22f2f13f81 prop271: make entry_guard_t mostly-private
The entry_guard_t structure should really be opaque, so that we
can change its contents and have the rest of Tor not care.

This commit makes it "mostly opaque" -- circpathbias.c can still see
inside it.  (I'm making circpathbias.c exempt since it's the only
part of Tor outside of entrynodes.c that made serious use of
entry_guard_t internals.)
2016-11-30 14:42:52 -05:00
Nick Mathewson
b5e75ae7dd Add an ed25519 identity to extend_info 2016-11-10 09:43:27 -05:00
Nick Mathewson
12cf73c451 Merge remote-tracking branch 'andrea/ticket19858_v2'
Conflict in entrynodes.c: any_bridge_supports_microdescriptors was
removed in master, and modified in 19858_v2
2016-10-19 17:11:47 -04:00
Andrea Shepard
1c6f8841f4 Refactor to always allocate chosen_entry_guards in new guard_selection_new() function 2016-10-14 00:15:30 +00:00
Andrea Shepard
3b8a40f262 Use tor_memeq() instead of tor_memcmp() per code review 2016-10-13 23:48:49 +00:00
Andrea Shepard
fca605e763 Adjust comment per code review 2016-10-13 23:47:08 +00:00
Roger Dingledine
bfaded9143 Bridge-using clients now use their cached microdesc consensus
Clients that use bridges were ignoring their cached microdesc-flavor
consensus files, because they only thought they should use the microdesc
flavor once they had a known-working bridge that could offer microdescs,
and at first boot no bridges are known-working.

This bug caused bridge-using clients to download a new microdesc consensus
on each startup.

Fixes bug 20269; bugfix on 0.2.3.12-alpha.
2016-10-01 16:34:17 -04:00
Andrea Shepard
006c26f54f Abolish globals in entrynodes.c; relativize guard context to new guard_selection_t structure 2016-09-25 02:11:44 +00:00
Nick Mathewson
4757303873 Fix all -Wshadow warnings on Linux
This is a partial fix for 18902.
2016-07-28 06:58:44 -04:00
Nick Mathewson
b750a77e3f fix naked memcmps 2016-06-30 15:34:16 -04:00
Andrea Shepard
657eaee6ae Expose GETINFO download status statics for test suite and make things mockable 2016-06-29 05:55:42 +00:00
Andrea Shepard
c692900728 Add bridge descriptor download status queries to GETINFO 2016-06-29 05:55:42 +00:00
Nick Mathewson
703254a832 Merge remote-tracking branch 'public/bug15942_v2_alternative' 2016-06-23 09:01:24 -04:00
nikkolasg
568dc27a19 Make base16_decodes return number of decoded bytes
base16_decodes() now returns the number of decoded bytes. It's interface
changes from returning a "int" to a "ssize_t". Every callsite now checks the
returned value.

Fixes #14013

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-20 08:44:58 -04:00
Andrea Shepard
5cb27d8991 Use exponential backoffs for bridge descriptor downloads 2016-06-18 16:32:17 +00:00
Nick Mathewson
c274f825da Merge remote-tracking branch 'asn/bug17688' 2016-06-11 10:07:15 -04:00
George Kadianakis
36dd9538d9 Don't rely on consensus parameter to use a single guard. 2016-06-07 17:22:47 +03:00
Nick Mathewson
4f1a04ff9c Replace nearly all XXX0vv comments with smarter ones
So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we
had better revisit this comment and fix it!"

But we have a huge pile of such comments accumulated for a large
number of released versions!  Not cool.

So, here's what I tried to do:

  * 0.2.9 and 0.2.8 are retained, since those are not yet released.

  * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks
    quite important!"

  * The others, after one-by-one examination, are downgraded to
    plain old XXX.  Which doesn't mean they aren't a problem -- just
    that they cannot possibly be a release-blocking problem.
2016-05-30 16:18:16 -04:00
Nick Mathewson
c0568a89d9 Whitespace fixes 2016-03-26 09:54:31 -04:00
teor (Tim Wilson-Brown)
f2153f9716 Always allow OR connections to bridges on private addresses
Regardless of the setting of ExtendAllowPrivateAddresses.

This fixes a bug with pluggable transports that ignore the
(potentially private) address in their bridge line.

Fixes bug 18517; bugfix on 23b088907f in tor-0.2.8.1-alpha.
2016-03-24 10:13:58 -04:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00
teor (Tim Wilson-Brown)
c281c03654 If both IPv4 and IPv6 addresses could be used, choose one correctly
If there is a node, use node_ipv6_or/dir_preferred().
If there is no node, use fascist_firewall_prefer_ipv6_or/dirport().
2016-02-20 23:40:37 +11:00
Nick Mathewson
838d4dee12 make check-spaces 2016-02-11 12:50:55 -05:00
teor (Tim Wilson-Brown)
c213f277cd Make bridge clients prefer the configured bridge address
When ClientPreferIPv6ORPort is auto, bridges prefer the configured
bridge ORPort address. Otherwise, they use the value of the option.
Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto.

When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
2016-02-03 23:56:19 +11:00
teor (Tim Wilson-Brown)
c4cb4706c9 Merge branch 'feature17840-v11-squashed' into feature17840-v11-merged
Conflicts:
	src/or/directory.c
	src/test/test_routerlist.c

Fix minor conflicts.
2016-01-29 07:37:06 +11:00
teor (Tim Wilson-Brown)
4528f89316 Make entry_guard_set_status consistent with entry_is_live
Check fascist_firewall_allows_node in entry_guard_set_status and
return the same message as entry_is_live.
2016-01-29 07:15:53 +11:00
teor (Tim Wilson-Brown)
1648666203 Choose bridge addresses by IPv4/IPv6 preferences 2016-01-29 07:15:53 +11:00
teor (Tim Wilson-Brown)
2d33d192fc Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections.
ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections.

Refactor policy for IPv4/IPv6 preferences.

Fix a bug where node->ipv6_preferred could become stale if
ClientPreferIPv6ORPort was changed after the consensus was loaded.

Update documentation, existing code, add unit tests.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
c927b6cb1a Correct grammatical errors in tor comments
Avoid using gender for things that don't have it.

Avoid assigning a gender to tor users.
2016-01-26 13:46:54 +11:00
teor (Tim Wilson-Brown)
d3546aa92b Prop210: Add want_authority to directory_get_from_dirserver 2015-12-16 04:03:45 +11:00
Nick Mathewson
241e6b0937 Fix some conversion problems 2015-04-23 09:16:42 -04:00
David Goulet
3f41318472 Add crypto_rand_int_range() and use it
Incidently, this fixes a bug where the maximum value was never used when
only using crypto_rand_int(). For instance this example below in
rendservice.c never gets to INTRO_POINT_LIFETIME_MAX_SECONDS.

  int intro_point_lifetime_seconds =
    INTRO_POINT_LIFETIME_MIN_SECONDS +
    crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS -
                    INTRO_POINT_LIFETIME_MIN_SECONDS);

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 11:06:12 -04:00
Sebastian Hahn
86002a83d3 Bridges are always dirs
This check was accidentally deleted in 05f7336624.
2015-04-01 21:07:46 +02:00
Nick Mathewson
081b0c0f77 mark dirinfo_type as unused in populate_live_entry_guards 2015-04-01 14:20:01 -04:00
Nick Mathewson
05f7336624 Remove version checks for microdescriptor support
At this point, relays without microdescriptor support are no longer
allowed on the Tor network.
2015-03-24 09:25:35 -04:00
Nick Mathewson
0f31080d63 Stop checking for torrc state files generated by very old Tor versions
These haven't worked in so long that if you had a state file of this
kind, the guards in it would be so old that you wouldn't use them
anyway.
2015-03-24 09:24:12 -04:00
Nick Mathewson
6378bcf4b9 Fix an implicit-narrowing warning 2015-02-18 09:34:15 -05:00
Nick Mathewson
96211bcf71 Merge branch 'bug9321_rerebase'
Conflicts:
	src/or/dirvote.h
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-18 09:17:02 -05:00
George Kadianakis
14a3c17ce6 Calculate the guardfraction bandwidth of a guard. 2015-02-18 09:09:33 -05:00
George Kadianakis
f4a63f8eab Parse GuardFraction info from consensuses and votes.
Also introduce the UseGuardFraction torrc option which decides whether
clients should use guardfraction information found in the consensus.
2015-02-18 09:09:33 -05:00
David Goulet
b101f4e98c Control: getinfo entry-guards report down-since
If the guard unreachable_since variable was set, the status "up" was
reported which is wrong. This adds the "down" status followed by the
unreachable_since time value.

Fixes #14184

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-02-06 16:06:20 -05:00
Matthew Finkel
4cb59ceb8e Only retry connecting to configured bridges
After connectivity problems, only try connecting to bridges which
are currently configured; don't mark bridges which we previously
used but are no longer configured.  Fixes 14216.  Reported by
and fix provided by arma.
2015-01-31 09:46:18 +00:00
Nick Mathewson
79e12da861 Merge remote-tracking branch 'public/bug12485' 2015-01-18 13:49:30 -05:00
Nick Mathewson
33df3e37ff Allow two ISO times to appear in EntryGuardDownSince.
When I made time parsing more strict, I broke the
EntryGuardDownSince line, which relied on two concatenated ISO times
being parsed as a single time.

Fixes bug 14136. Bugfix on 7984fc1531. Bug not in any released
version of Tor.
2015-01-09 08:50:56 -05:00
Nick Mathewson
fb68f50761 Lower the delay before saving guard status to disk
"Maybe this time should be reduced, since we are considering
guard-related changes as quite important? It would be a pity to
settle on a guard node, then close the Tor client fast and lose that
information."

Closes 12485.
2015-01-07 10:39:44 -05:00
Nick Mathewson
da26bb646e Turn entry_guards_changed constants into symbolic constants 2015-01-07 10:37:33 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
Nick Mathewson
9619c395ac Merge remote-tracking branch 'andrea/ticket6456'
Somewhat tricky conflicts:
	src/or/config.c

Also, s/test_assert/tt_assert in test_config.c
2014-11-04 09:52:04 -05:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
teor
ff42222845 Improve DIRINFO flags' usage comments
Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in functions
which take them as arguments. Replace 0 with NO_DIRINFO in a function call
for clarity.

Seeks to prevent future issues like 13163.
2014-10-08 05:36:54 +11:00
Nick Mathewson
1a1e695800 Merge remote-tracking branch 'public/bug7733a' 2014-09-22 10:38:05 -04:00
Nick Mathewson
87f9c51f64 Avoid unsigned/sign compare warning from last patch. 2014-09-01 15:42:17 -04:00
Philip Van Hoof
60a3897ed9 Bounds check while looping over a fixed size table or array
(Edited to use existing ARRAY_LENGTH macro --nickm)
2014-09-01 15:40:47 -04:00
rl1987
8b539cc276 Unit testing entry_is_time_to_retry(). 2014-08-20 15:29:56 -04:00
rl1987
c731a1c68f Write comments for members of periods array. 2014-08-20 15:29:56 -04:00
rl1987
197d855009 Rewriting entry_is_time_to_retry() using table approach. 2014-08-20 15:29:55 -04:00
Andrea Shepard
b8b46e8ef8 Add some mocks needed to unit test ClientTransportPlugin/ServerTransportPlugin config line parsing 2014-07-25 21:41:03 -07:00
Roger Dingledine
bc9866e13f Merge branch 'maint-0.2.5' 2014-07-24 16:23:26 -04:00
Roger Dingledine
a4c641cce9 Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-24 16:23:08 -04:00
Roger Dingledine
9fc276a1c7 add a NumDirectoryGuards consensus param too 2014-07-24 16:19:47 -04:00
Roger Dingledine
56ee61b8ae Add and use a new NumEntryGuards consensus parameter.
When specified, it overrides our default of 3 entry guards.

(By default, it overrides the number of directory guards too.)

Implements ticket 12688.
2014-07-24 16:19:47 -04:00
Nick Mathewson
5690284559 Fix wide lines, make entry_is_live() non-inline 2014-07-16 16:52:16 +02:00
George Kadianakis
8bbb217964 Change the interface of entry_is_live() to take a bitmap. 2014-06-25 15:44:36 -04:00
George Kadianakis
46d41e6e9b Basic entry_is_live() unittest. 2014-06-25 15:39:00 -04:00
George Kadianakis
61629b4f6c Document choose_random_entry_impl() and populate_live_entry_guards(). 2014-06-15 19:03:38 -07:00
George Kadianakis
bf263a9b99 Make a few entrynodes.c functions testable. 2014-06-15 19:02:59 -07:00
George Kadianakis
71da44f159 Make populate_live_entry_guards() more smoothly testable. 2014-06-15 19:02:59 -07:00
George Kadianakis
c7b05a6aef Constify aggressively in populate_live_entry_guards(). 2014-06-15 19:02:59 -07:00
George Kadianakis
a59429f1e4 Fix the functionality of populate_live_entry_guards(). 2014-06-15 19:02:55 -07:00
George Kadianakis
427cc8a452 Move code from choose_random_entry_impl() to the new function.
This commit only _moves_ code.
2014-06-15 18:25:45 -07:00
George Kadianakis
e8c366e9ea Create skeleton for populate_live_entry_guards().
Now we are ready to move code from choose_random_entry_impl() to it.
2014-06-15 18:25:45 -07:00
George Kadianakis
f75c6ce981 choose_random_entry_impl(): Remove useless consider_exit_family.
The variable was useless since it was only toggled off in disabled code.

If the 'exit_family' smartlist is empty, we don't consider exit family
anyway.
2014-06-15 18:25:45 -07:00
George Kadianakis
115b3e7645 Remove a piece of disabled code in choose_random_entry_impl(). 2014-06-15 18:25:45 -07:00
Nick Mathewson
79c875ecdc Would-be fix for bug 7733: learn bridge ID from descriptor
If somebody has configured a client to use a bridge without setting
an identity digest (not recommended), learn the identity digest from
whatever bridge descriptor we have downloaded or have in our cache.
2014-05-14 14:34:01 -04:00
Nick Mathewson
1bbd3811c1 Merge remote-tracking branch 'public/bug10849_025'
Conflicts:
	src/or/config.c
2014-05-01 11:51:22 -04:00
Nick Mathewson
7b4b137dc9 Merge remote-tracking branch 'public/bug9229_025'
Conflicts:
	src/or/entrynodes.c
2014-04-23 11:00:49 -04:00
Nick Mathewson
6ab10a5466 Make num_bridges_usable work properly.
My first implementation was broken, since it returned "whether there
is one bridge" rather than "how many bridges."

Also, the implementation for the n_options_out feature in
choose_random_entry_impl was completely broken due to a missing *.
2014-04-08 15:51:40 -04:00
Nick Mathewson
cce06b649e Merge remote-tracking branch 'asn/bug11069_take2' 2014-03-11 11:04:47 -04:00
George Kadianakis
1c475eb018 Throw control port warning if we failed to connect to all our bridges. 2014-03-10 22:52:07 +00:00
Nick Mathewson
7aa2192048 Fix our check for the "first" bridge descriptor.
This is meant to be a better bug 9229 fix -- or at least, one more
in tune with the intent of the original code, which calls
router_retry_directory_downloads() only on the first bridge descriptor.
2014-03-10 15:11:21 -04:00
Nick Mathewson
db72479eea Update ns downloads when we receive a bridge descriptor
This prevents long stalls when we're starting with a state file but
with no bridge descriptors.  Fixes bug 9229.  I believe this bug has
been present since 0.2.0.3-alpha.
2014-03-10 15:01:27 -04:00
Nick Mathewson
f0b2dc83b6 Merge remote-tracking branch 'arma/ticket5528'
Conflicts:
	src/or/router.c
	src/test/test_dir.c
2014-03-05 12:44:40 -05:00
Nick Mathewson
ce450bddb7 Remove TunnelDirConns and PreferTunnelledDirConns
These options were added back in 0.1.2.5-alpha, but no longer make any
sense now that all directories support tunneled connections and
BEGIN_DIR cells.  These options were on by default; now they are
always-on.

This is a fix for 10849, where TunnelDirConns 0 would break hidden
services -- and that bug arrived, I think, in 0.2.0.10-alpha.
2014-02-11 11:10:55 -05:00
rl1987
e6590efaa7 Fix get_configured_bridge_by_addr_port_digest(.,.,NULL)
The old behavior was that NULL matched only bridges without known
identities; the correct behavior is that NULL should match all
bridges (assuming that their addr:port matches).
2013-12-09 11:22:22 -05:00
Nick Mathewson
761ee93c69 Add missing includes for circpathbias.h 2013-10-31 14:33:34 -04:00
Nick Mathewson
4b6f074df9 Merge remote-tracking branch 'public/bug5018'
Conflicts:
	src/or/entrynodes.c
2013-10-29 01:29:59 -04:00
David Fifield
e6e6c245c8 Simplify transport_is_needed.
By Roger at
https://trac.torproject.org/projects/tor/ticket/5018#comment:11.
2013-10-29 01:05:57 -04:00
George Kadianakis
6f33dffec1 Only launch transport proxies that provide useful transports. 2013-10-29 01:05:56 -04:00
Nick Mathewson
71bd100976 DROPGUARDS controller command
Implements ticket 9934; patch from "ra"
2013-10-21 13:02:25 -04:00
Roger Dingledine
a26a5794a3 Merge branch 'maint-0.2.4' 2013-10-12 10:48:30 -04:00
Roger Dingledine
8f9fb63cdb be willing to bootstrap from all three of our directory guards
Also fix a bug where if the guard we choose first doesn't answer, we
would try the second guard, but once we connected to the second guard
we would abandon it and retry the first one, slowing down bootstrapping.

The fix in both cases is to treat all our initially chosen guards as
acceptable to use.

Fixes bug 9946.
2013-10-12 10:42:27 -04:00
Roger Dingledine
0d8632e585 fix another confusing whitespace instance 2013-09-30 01:47:24 -04:00
Roger Dingledine
2cf41cc70d fix confusing whitespace 2013-09-30 01:41:48 -04:00
Nick Mathewson
775c491502 Separate mutable/const accessors for circuit_build_times
(These have proved invaluable for other global accessors.)
2013-08-22 10:15:56 -04:00
vagrant
4834641dce Make circ_times static and add accessor functions.
Change the global circ_times to a static variable and use
accessor functions throughout the code, instead of
accessing it directly.
2013-08-22 10:15:56 -04:00
Nick Mathewson
83a859e24c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-31 21:49:30 -04:00
Roger Dingledine
ff6bb13c02 NumDirectoryGuards now tracks NumEntryGuards by default
Now a user who changes only NumEntryGuards will get the behavior she
expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
2013-07-30 12:05:39 -04:00