Commit Graph

18494 Commits

Author SHA1 Message Date
Nick Mathewson
c6c87fb6d1 Merge remote-tracking branch 'public/bug10758' 2014-02-03 11:05:29 -05:00
Nick Mathewson
3502b10229 changelog for 10793 2014-02-03 10:48:15 -05:00
Florent Daigniere
9d6e805d28 Some anti-forensics paranoia...
sed -i 's/BN_free/BN_clear_free/g'
2014-02-03 10:44:19 -05:00
Nick Mathewson
cac5949697 Merge branch 'feature_10582' 2014-02-02 15:48:27 -05:00
Nick Mathewson
25f0eb4512 Add a sandbox rule to allow IP_TRANSPARENT 2014-02-02 15:47:48 -05:00
Nick Mathewson
fd8947afc2 Move the friendly warning about TPROXY and root to EPERM time
I'm doing this because:
   * User doesn't mean you're running as root, and running as root
     doesn't mean you've set User.
   * It's possible that the user has done some other
     capability-based hack to retain the necessary privileges.
2014-02-02 15:45:00 -05:00
Nick Mathewson
09ccc4c4a3 Add support for TPROXY via new TransTPRoxy option
Based on patch from "thomo" at #10582.
2014-01-31 12:59:35 -05:00
Qingping Hou
ebd99314cf add test case for node_describe_by_id 2014-01-29 22:47:05 -05:00
Qingping Hou
0b0d4b4ebc add test case for hidden service async events 2014-01-29 22:43:11 -05:00
Qingping Hou
29c18f5b71 add hidden service descriptor async control event 2014-01-29 22:23:57 -05:00
Qingping Hou
3b38fd87e8 add change log for hs_desc async event 2014-01-29 21:04:18 -05:00
Nick Mathewson
3193cbe2ba Rip out all of the v2 directory code.
The remaining vestige is that we continue to publish the V2dir flag,
and that, for the controller, we continue to emit v2 directory
formats when requested.
2014-01-29 15:17:05 -05:00
Roger Dingledine
4fe253ef40 sort the changes entries that nick added
also replace them with the versions of the changelog stanzas from
release-0.2.4, for consistency
2014-01-26 19:48:57 -05:00
Nick Mathewson
bb21d14255 Apply StrictNodes to hidden service directories early
Previously, we would sometimes decide in directory_get_from_hs_dir()
to connect to an excluded node, and then later in
directory_initiate_command_routerstatus_rend() notice that it was
excluded and strictnodes was set, and catch it as a stopgap.

Additionally, this patch preferentially tries to fetch from
non-excluded nodes even when StrictNodes is off.

Fix for bug #10722. Bugfix on 0.2.0.10-alpha (the v2 hidserv directory
system was introduced in e136f00ca). Reported by "mr-4".
2014-01-24 12:56:10 -05:00
Nick Mathewson
6a6bc9da53 Document more coverage tricks in doc/HACKING 2014-01-21 16:44:48 -05:00
Nick Mathewson
01c7d06b91 Add some more options to the findMoreChanges.pl kludge-script 2014-01-20 15:47:54 -05:00
Nick Mathewson
3e0967191d Note a missing number. 2014-01-20 15:45:49 -05:00
Nick Mathewson
17466ce10e Incorporate changes from 0.2.4.20 into 0.2.5.2 changelog-in-progress 2014-01-20 15:44:31 -05:00
Nick Mathewson
694562815f Move all merged-in-0.2.4.18-rc items into 0.2.5.2-alpha changelog section. 2014-01-20 15:41:06 -05:00
Nick Mathewson
9be105f94b whitespace fixes 2014-01-17 12:41:56 -05:00
Nick Mathewson
85b46d57bc Check spawn_func() return value
If we don't, we can wind up with a wedged cpuworker, and write to it
for ages and ages.

Found by skruffy.  This was a bug in 2dda97e8fd, a.k.a. svn
revision 402. It's been there since we have been using cpuworkers.
2014-01-17 12:04:53 -05:00
Nick Mathewson
8a49fac9e0 Coverate in util.c: test that tor_parse_* rejects negative base. 2014-01-17 11:58:09 -05:00
Nick Mathewson
ab0fdbb618 Add an --accel switch to run unit tests with crypto acceleration 2014-01-17 11:58:09 -05:00
Nick Mathewson
682c2252a5 Fix some seccomp2 issues
Fix for #10563.  This is a compatibility issue with libseccomp-2.1.
I guess you could call it a bugfix on 0.2.5.1?
2014-01-06 04:27:58 -05:00
Nick Mathewson
5c45a333c3 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/or.h

The conflicts were all pretty trivial.
2014-01-03 10:53:22 -05:00
Nick Mathewson
9030360277 Add explicit check for 0-length extend2 cells
This is harmless in the Tor of today, but important for correctness.

Fixes bug 10536; bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
2014-01-03 10:43:09 -05:00
Nick Mathewson
573ee36eae Merge remote-tracking branch 'public/bug10485' 2013-12-24 11:42:35 -05:00
Nick Mathewson
2b8962bc64 Move onion-type stats message into heartbeat
Fix for 10485. Fix on 0.2.4.17-alpha.
2013-12-24 11:41:48 -05:00
Nick Mathewson
3121a6d0c8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-23 19:01:29 -05:00
Nick Mathewson
3511549651 Clarify DirPort multiplicity
Fix for #10470 as suggested by arma
2013-12-23 19:00:46 -05:00
Roger Dingledine
107b347eb3 and forward-port those lines too 2013-12-22 18:37:49 -05:00
Nick Mathewson
6276cca8ce Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-22 17:26:25 -05:00
Nick Mathewson
59a162f7d2 Merge branch 'bug10465' into maint-0.2.4 2013-12-22 17:20:22 -05:00
Nick Mathewson
b9f6e40ecb Fix automapping to ipv6
Bugfix on 0.2.4.7-alpha; fixes bug 10465.
2013-12-22 17:19:22 -05:00
Roger Dingledine
1cc3bb3fa3 forward-port recent changelogs and release notes 2013-12-22 04:30:06 -05:00
Nick Mathewson
bbc85b18ca Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-21 21:16:06 -05:00
Nick Mathewson
2c956f0c99 Merge branch 'bug10456' into maint-0.2.4 2013-12-21 21:15:39 -05:00
Nick Mathewson
b5d13d11c9 Fix a logic error in circuit_stream_is_being_handled.
When I introduced the unusable_for_new_circuits flag in
62fb209d83, I had a spurious ! in the
circuit_stream_is_being_handled loop.  This made us decide that
non-unusable circuits (that is, usable ones) were the ones to avoid,
and caused it to launch a bunch of extra circuits.

Fixes bug 10456; bugfix on 0.2.4.12-alpha.
2013-12-21 10:15:09 -05:00
Nick Mathewson
b98c5884fc Merge remote-tracking branch 'linus/bug10324' 2013-12-20 11:40:21 -05:00
Nick Mathewson
85284c33d1 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/common/crypto.c
2013-12-18 22:04:21 -05:00
Nick Mathewson
dabdc339fe Merge branch 'bug10402_redux_024' into maint-0.2.4 2013-12-18 21:55:06 -05:00
Karsten Loesing
b7d8a1e141 Report complete directory request statistics on bridges.
When we wrote the directory request statistics code in August 2009, we
thought that these statistics were only relevant for bridges, and that
bridges should not report them.  That's why we added a switch to discard
relevant observations made by bridges.  This code was first released in
0.2.2.1-alpha.

In May 2012 we learned that we didn't fully disable directory request
statistics on bridges.  Bridges did report directory request statistics,
but these statistics contained empty dirreq-v3-ips and dirreq-v3-reqs
lines.  But the remaining dirreq-* lines have always been non-empty.  (We
didn't notice for almost three years, because directory-request statistics
were disabled by default until 0.2.3.1-alpha, and all statistics have been
removed from bridge descriptors before publishing them on the metrics
website.)

Proposal 201, created in May 2012, suggests to add a new line called
bridge-v3-reqs that is similar to dirreq-v3-reqs, but that is published
only by bridges.  This proposal is still open as of December 2013.

Since October 2012 we're using dirreq-v3-resp (not -reqs) lines in
combination with bridge-ips lines to estimate bridge user numbers; see
task 8462.  This estimation method has superseded the older approach that
was only based on bridge-ips lines in November 2013.  Using dirreq-v3-resp
and bridge-ips lines is a workaround.  The cleaner approach would be to
use dirreq-v3-reqs instead.

This commit makes bridges report the same directory request statistics as
relays, including dirreq-v3-ips and dirreq-v3-reqs lines.  It makes
proposal 201 obsolete.
2013-12-18 18:02:10 +01:00
Karsten Loesing
90f0358e3e Disable (Cell,Entry,ExitPort)Statistics on bridges
In 0.2.3.8-alpha we attempted to "completely disable stats if we aren't
running as a relay", but instead disabled them only if we aren't running
as a server.

This commit leaves DirReqStatistics enabled on both relays and bridges,
and disables (Cell,Entry,ExitPort)Statistics on bridges.
2013-12-18 18:01:25 +01:00
Nick Mathewson
7b87003957 Never allow OpenSSL engines to replace the RAND_SSLeay method
This fixes bug 10402, where the rdrand engine would use the rdrand
instruction, not as an additional entropy source, but as a replacement
for the entire userspace PRNG.  That's obviously stupid: even if you
don't think that RDRAND is a likely security risk, the right response
to an alleged new alleged entropy source is never to throw away all
previously used entropy sources.

Thanks to coderman and rl1987 for diagnosing and tracking this down.
2013-12-18 11:53:07 -05:00
Nick Mathewson
f12d3fe9aa Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-17 13:54:02 -05:00
Nick Mathewson
561d9880f8 Merge branch 'bug10423' into maint-0.2.4 2013-12-17 13:53:11 -05:00
Nick Mathewson
adfcc1da4a Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/microdesc.c

Conflict because one change was on line adjacent to line where
01206893 got fixed.
2013-12-17 13:18:00 -05:00
Nick Mathewson
3d5154550c Merge remote-tracking branch 'public/bug10409_023' into maint-0.2.4 2013-12-17 13:15:45 -05:00
Nick Mathewson
46b3b6208d Avoid double-free on failure to dump_descriptor() a cached md
This is a fix for 10423, which was introducd in caa0d15c in 0.2.4.13-alpha.

Spotted by bobnomnom.
2013-12-17 13:12:52 -05:00
Nick Mathewson
d8cfa2ef4e Avoid free()ing from an mmap on corrupted microdesc cache
The 'body' field of a microdesc_t holds a strdup()'d value if the
microdesc's saved_location field is SAVED_IN_JOURNAL or
SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the
microdesc is SAVED_IN_CACHE.  But we weren't setting that field
until a while after we parsed the microdescriptor, which left an
interval where microdesc_free() would try to free() the middle of
the mmap().

This patch also includes a regression test.

This is a fix for #10409; bugfix on 0.2.2.6-alpha.
2013-12-16 13:06:00 -05:00