Patch from croup: rewrite the logic of get_next_token() to do the right thing with input that ends at weird places, or aligns with block boundaries after mmap. should fix bug 455. Needs fuzzing.
svn:r10847
Tweaks on constrained socket buffers patch from coderman: Add a changelog; rename some variables; fix some long lines and whitespace; make ConstrainedSockSize a memunit; pass setsockopt a void.
svn:r10843
Fix a potential crash bug when we load many server descriptors at
once and some of them make others of them obsolete. Fixes bug
458. [Bugfix on 0.1.2.x]
svn:r10832
Patch from lodger: avoid roundoff-error-induced crash bugs when picking routers by bandwidth.
Also, remove listed backports for 0.1.2.x; that list is now in TODO.012
svn:r10812
When sending destroy cells from a circuit's origin, don't include
the reason for tearing down the circuit. The spec says we didn't,
and now we actually don't. Reported by lodger. [Bugfix on 0.1.2.x]
svn:r10790
Patch from Robert Hogan: Generate STREAM NEW events for dnsport requests and tunneled directory connections. Log when we are testing for hijacking.
svn:r10737
never choose any guards past it. This way we don't expand our
guard list unless we need to. [Bugfix in 0.1.2.x]
I'm not sure if this will solve all our problems, but it is at least
something.
svn:r10730
Fix solaris eventdns.c behavior. This time, I think I got it. We were redefining _FILE_OFFSET_BITS, and thereby calling fstat64() on a struct stat, or something like that.
svn:r10643
Fix the fix for bug 445: set umask properly. Also use open+fdopen rather than just umask+fopen, and create authority identity key with mode 400.
svn:r10485
Add some code to mitigate bug 393: Choose at random from multiple hidden service ports with the same virtport. This allows limited ad-hoc round-robining.
svn:r10398
Well, that was easier than I thought it would be. Tor is now a DNS proxy as well as a socks proxy. Probably some bugs remain, but since it A) has managed to resolve one address for me successfully, and B) will not affect anybody who leaves DNSPort unset, it feel like a good time to commit.
svn:r10317
backport candidate: Warn when using a version of libevent before 1.3b to run a server on osx or bsd: these versions of libevent interact badly with userspace threads.
svn:r10307
Partial backport candidate: We had a bug where we were downloading descriptors by descriptor digest, but trying to look them up by identity fingerprint when updating their failure count and next retry time. (Also use correct backoff logic for extrainfo code.) Needs testing, doubtless.
svn:r10210
Patch from shibz: implement a getinfo status/version/... so a controller can tell whether the current version is recommended, whether any versions are good, and how many authorities agree.
svn:r10162
If a directory server runs out of space in the connection table
as it's processing a begin_dir request, it will free the exit stream
but leave it attached to the circuit, leading to unpredictable
behavior. (Reported by seeess, fixes bug 425.)
svn:r10154
[Backport candidate] On windows, open cached-routers with the sharing mode "FILE_SHARE_READ so that other processes can read it while Tor is running. (Reported by Janbar).
svn:r10148
authorities should set. This will let future authorities choose
not to serve V2 directory information.
Also, go through and revamp all the authdir_mode stuff so it tries
to do the right thing if you're an auth but not a V1 or V2 auth.
svn:r10092
(Needs review.) Allow directory authorities to accept multiple router descriptors and extra info documents in a single POST. This will make implementing the client side of proposal 104 a lot simpler.
svn:r10069
Initial version of patch from Karsten Loesing: Add an HSAuthorityRecordStats option to track statistics of overall hidden service usage without logging information that would be useful to an attacker.
svn:r10067
Backport candidate: Add asserts to dirserv_remove_invalid, and fix a bug in dirserv_remove_invalid that could mess with pointers in a freed routerinfo right after it was freed.
svn:r10052
Initial version of code to stop using socket pairs for linked connections. Superficially, it seems to work, but it probably needs a lot more testing and attention.
svn:r9995
Track the number of connection_t separately from the number of open sockets. It is already possible to have connections that do not count: resolving conns, for one. Once we move from socketpairs to linked conns, and once we do dns proxying, there will be lots of such connections.
svn:r9994
Refactor router/directory parsing backend: use a separate token table for everything that we parse, and enforce the correct count of each item.
svn:r9965
More autoconf hacking: use same machinery to find zlib as for openssl and libevent. Have unified library finder include setup for --with variable. Start trying to suggest to the user what packages they should install if finding the library fails.
svn:r9945
A surprisingly simple patch to stop reading on edge connections when their circuits get too full, and start again when they empty out. This lets us remove the logic to block begin_dir conns when the corresponding or conns get full: it was already broken by cell queues anyway.
svn:r9905
Initial version of circuit-based cell queues. Instead of hammering or_conns with piles of cells, queue cells on their corresponding circuits, and append them to the or_conn as needed. This seems to work so far, but needs a bit more work. This will break the memory-use-limitation patch for begin_dir conns: the solution will be a fun but fiddly.
svn:r9904
directory information requested inside Tor connections (i.e. via
begin_dir cells). It only triggered when the same connection was
serving other data at the same time. Reported by seeess.
Backport candidate.
svn:r9841
behavior for getinfo addr-mappings/*. this is because
the code and spec have been mismatched since at least
0.1.1.x, so i would be surprised if nobody at all is
relying on the current behavior.
backport candidate.
backbackport candidate.
svn:r9823
uptime of at least 30 days, even if that's not the median uptime
in the network. Implements proposal 1xx, suggested by Kevin Bauer
and Damon McCoy.
svn:r9788
Remove support for v0 control protocol from 0.2.0.x trunk; send back error when we receive a v0 control message. (Leave "if(v1){...}"blocks indented for now so this patch is easier to read.) ((Finally, the linecount goes _down_ a little.))
svn:r9735
Make all LD_BUG log messsages get prefixed with "Bug: ". Remove manually-generated "Bug: "s from log-messages. (Apparently, we remembered to add them about 40% of the time.)
svn:r9733
nt_service_is_stopping should not load the NT service library calls: if they are not loaded, we cannot possibly be a service trying to shut own. Bug found by "norvid" on or-talk. Also, rename function to something slightly less error-prone.
svn:r9720
On mingw, use "%I64u" to printf/scanf 64-bit integers, instead of the usual GCC "%llu". This prevents a bug when saving 64-bit int configuration values on mingw; the high-order 32 bits would get truncated. If the value was then reloaded, disaster would occur. (Fixes bug 400 and maybe also bug 397.) Backport candidate.
svn:r9691
Fix a bug found by Udo van den Heuvel: avoid an assertion failure when a controller sets and clears EntryNodes before the next call to choose_random_entry(). Also make a function static.
svn:r9669
try to make aes encryption of cells about 30-40% faster where applicable. offer not available for all architectures or all versions of openssl.
svn:r9663
Fix connection_get_by_type_state_rendquery(): This has been bogus for most of 0.1.2.x. Thanks to Karsten Loesing for finding the bug; fixes bug 399.
svn:r9651
Make remap stream events have a souce; make them generated every time we get a successful connected or resolved cell. Also change reported stream target address to IP consistently when we get the IP from an exit node.
svn:r9624
Fix two XXXX012 issues in routerlist.c: a possible performance issue hasnt shown up on any profiles, so unflag it. Stop warning when we get a router descriptor that we asked for but no longer want: just drop it (if we are not a cache) or cache if (if we are).
svn:r9616
Another optimization suggested by Shark output: shave off >90% of uses of logv by cutting down on calls to log_debug when log actually debugging. This is showing up in some profiles bug not others, and might be as much as 2.5%.
svn:r9612
As a trivial optimization, remove a redundant call to router_have_minimum_dir_info. This might shave 2% on some systems by according to some profilers.
svn:r9610
Apply patch from coderman: have posix subthreads mask out signals. This could prevent some kinds of crashes when subthreads try to handle SIGPIPEs and die in the attempt. Backport candidate.
svn:r9603
Fix a longstanding dnsworker-related bug: when we decide to kill a DNS worker for having been in use too long, and we independently decide to close one of the exit connections waiting for that DNS worker (perhaps because we got an END relay cell), it was possible for us to try to double-free the connection. We were smart enough to detect this and assert, but not smart enough to fix this bug before now. This should resolve bug 390. Backport candidate.
svn:r9581
Node-picking fixes: Never warn when a down node is listed in a config option (bug 348); always warn when a node in a config option is unnamed. Also, when entrynodes is configured, then build the guard list as: (parts of EntryNodes that were guards before), (the rest of EntryNodes), (the rest of the old guards). This last point ensures that EntryNode users will get the EntryNodes they want with the minimum change to their guard list.
svn:r9574
Do not try to load advapi32.dll except when the user asks us to do something with NT services. When we _do_ try, always treat failure to load service functions as an exit-worthy error. Needs testing. (Fixes bug 389)
svn:r9571
Handle errors on opening cached-routers* more uniformly and sanely: log not-found errors at level INFO, and all other errors at level WARN. Needs testing on win32.
svn:r9569
Implement proposal 106: stop requiring clients to have certificates, and stop checking for nicknames in certificates. [See proposal 106 for rationale.] Also improve messages when checking TLS handshake, to re-resolve bug 382.
svn:r9568
Resolve some XXXX012 items:
- Remove PathlenCoinWeight: if we want it again, we can add it
back in.
- Ditto with RelayBandwidth*.
- Decide to leave in the "hey, you didn't set end_reason!" BUG log message,
but stop telling people to bug me personally.
- Postpone strengthening assert_connection_ok(): it's important, but
it's also a good way to introduce weird bugs.
- Move some expensive consistency checking from dns_free_all() into
assert_cache_ok().
svn:r9533
Fix several bugs in computing recommended versions. 1) refactor is-this-version-good handling and which-vesions-are-good handling to be in the same place. 2) a version is recommended if more than half of the versioning authorities like it, not >= half. 3) "NEW_IN_SERIES" should mean, "I don't know of an 0.1.1.x this recent, and there are some 0.1.2.x versions out", not "I don't know of an 0.1.1.x this recent, but I know some older ones." This should resolve bug 383.
svn:r9523
Set hibernate_end_time whenever we start hibernating. This fixes a problem where we would start hibernating upon startup (since it isn't time to wake up yet) but we would wind up setting the "stop hibernating" time not to the wakeup time, but to the end of the interval. Also, split hibernate_end_time from shutdown_time. Possible fix for bug 362.
svn:r9512
Report stream end events where a resolve succeeded or where we got a socks protocol error correctly, rather than calling both of them "INTERNAL". Turn ALREADY_SOCKS_REPLIED into a flag rather than a reason. This will help debug 367 part 2 a little.
svn:r9511
(Hopefully) final changes for 0.1.2.7-alpha: disable checking for whether the user account in question exists on --service install, since that seems to make windows go boom. We can figure out why later. Also, let the admin specify a password for the target user.
svn:r9506
The --service install code can no longer default to adding an -f option for the appdata directory of the current user, since the target user probably will not be able to read it. Instead, warn the user if no explicit torrc filename is given.
svn:r9502
Fix bug 254, sort of: make the default NT service user NetworkService rather than NULL (system). Also, add a --user argument to --service install so that admins can override this default: this latter point should take care of most of my objections to NetworkService. I have no idea whether this even compiles.
svn:r9486
Add a REMAP state to stream events so that controllers can learn exactly when the target address for a stream has changed. May help Vidalia resolve confusions related to bug 375.
svn:r9484
Fix an XXXX012, and make circuits_pending_or_conns a static variable. In addition to cleaning up the code, this may also resolve Bug 386 if Roger has the right intuition there.
svn:r9482
Add a couple of fixes I turned up while writing regression tests for libevent: Allow DNS servers on ports other than 53, and handle TTLs correctly on reverse hostname lookups.
svn:r9458
directory tunnel without knowing a descriptor first. Still not
ready yet. As part of the change, now assume we can use a
create_fast cell if we don't know anything about a router.
svn:r9440
This one is a little tricky. Our BEGIN_DIR implementation has a
problem: the dirserv conns will decide they can flush all their data
immediately, since the edge_conns will read greedily.
For our 0.1.2 workaround, we track which or_conn a bridged dirserv
conn is attached to, and stop writing when its outbuf is too full, and
start writing again when the or_conn's outbuf empties out a little.
This requires a bit of pointer management. Let's hope it works.
svn:r9432
When logging TLS certificate and identity-related errors, scrub IP addresses for incoming connections, and distinguish between incoming and outgoing connections in log messages. Backport candidate.
svn:r9391
Fix an XXXX012 in routerlist.c: when we do not have enough networkstatuses to launch router requests, do not launch router requests. Backport candidate.
svn:r9388
Implement SOCKS_BAD_HOSTNAME status event. Defer remaining status events. Clean up control-spec.txt a little, and fill in recommendations for events.
svn:r9374
Apparently, the OpenBSD linker thinks it knows C better than I do, and gets to call me names for having strcat and strcpy and sprintf in my code--whether I use them safely or not. All right, OpenBSD. You win... this round.
svn:r9360
Tidy up ORCONN reason patch from Mike Perry. Changes: make some of the handling of TLS error codes less error prone. Enforce house style wrt spaces. Make it compile with --enable-gcc-warnings. Only set or_conn->tls_error in the case of an actual error. Add a changelog entry.
svn:r9355
handshake to finish. Previously we would let them sit around for
days, if the connecting application didn't close them either.
Also take this opportunity to refactor a duplicate bit of circuituse.c.
And change the semantics of SocksTimeout slightly, but I think it'll
be ok.
svn:r9350
Check addresses for rfc953-saneness at exit too, and give a PROTOCOL_WARN when they fail. Also provide a mechanism to override this, so blossom can have its @@##$$^.whatever.exit hostnames if it wants.
svn:r9336
Clear untrusted networkstatuses after 10 days too. (This is not a terribly awful bug, since we would only ever retain 16 of them, but it still might be nice to backport.) Resolves part A of bug 372.
svn:r9324
Implement a control status event for bad libevent version/method combos. Warn that libevent <1.1 with select() is needlessly slow. Reply to comment.
svn:r9284
Fix computation of total_exit_bandwidth; this will cause exits not to get recommended as guards if the total exit bandwidth if they constitute less than a third of total available bandwidth. There may be problems here with flapping; lets see if they occur in practice.
svn:r9281
Re-enable warning when we resolve an already resolved address. We only warn here now if the address is not a testing address. Also, refactor out a function to check whether an address is used for testing.
svn:r9280
Add (and specify) a BadDirectory flag to networkstatuses, so authorities can tell clients that some caches are broken. Also, implement an as-yet-unused function to estimate how many bytes will be sent on a directory connection.
svn:r9255
Close any directory connection on which we have received 10MB or more of data. This prevents a malicious directory cache from running us out of memory by spooling an infinite amount of data. (Not a terribly good attack, but hey, every one helps.)
svn:r9210
Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so. This has been a lonstanding wart. The fix "Works for me".
svn:r9207