Commit Graph

15141 Commits

Author SHA1 Message Date
Peter Palfrader
1ef7df551d First RelaxDirModeCheck implementation 2016-03-01 17:08:14 +01:00
teor (Tim Wilson-Brown)
2120e14009 Allow internal IPv6 addresses in descriptors in private networks 2016-03-01 16:48:16 +01:00
Nick Mathewson
69fc025e95 Merge remote-tracking branch 'teor/fallbacks-201602-v2' 2016-02-28 15:51:22 +01:00
Nick Mathewson
88ad2f5fb2 Merge remote-tracking branch 'teor/bug18123' 2016-02-28 15:40:35 +01:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00
Nick Mathewson
fe6ca826df Make sure that every module in src/or has a brief description. 2016-02-27 18:08:24 +01:00
teor (Tim Wilson-Brown)
e2202146d1 Update default fallback directories for 0.2.8.2-alpha (Feb 2016)
Allow fallback directories which have been stable for 7 days
to work around #18050, which causes relays to submit descriptors
with 0 DirPorts when restarted. (Particularly during Tor version
upgrades.)

Ignore low fallback directory count in alpha builds.
Set the target count to 50.
2016-02-27 10:04:00 +01:00
teor (Tim Wilson-Brown)
8e103cb2d0 Set EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing attack 2016-02-26 10:53:57 +01:00
Nick Mathewson
7a782820e9 Make the sandbox work again with chutney.
Previously, we had a problem due to the check_private_dir() rewrite.

Bug not in any released Tor.
2016-02-24 16:01:24 -05:00
Nick Mathewson
73c433a48a Remove the freelist from memarea.c
This is in accordance with our usual policy against freelists,
now that working allocators are everywhere.

It should also make memarea.c's coverage higher.

I also doubt that this code ever helped performance.
2016-02-24 14:32:09 -05:00
Nick Mathewson
94c8f3605f Replace two instances of N_DIGEST_ALGORITHMS.
These should have been N_COMMON_DIGEST_ALGORITHMS.

Fixes bug 18380; bug not in any released Tor.
2016-02-23 12:42:10 -05:00
Nick Mathewson
d3af4f4e43 Merge remote-tracking branch 'arma/bug16825' 2016-02-23 10:45:39 -05:00
Nick Mathewson
e88686cb2c Merge remote-tracking branch 'teor/bug18348-v2' 2016-02-23 07:36:56 -05:00
Nick Mathewson
882e0fbd76 Merge branch 'bug17795' 2016-02-23 07:25:12 -05:00
Andrea Shepard
cda2381789 Appease make check-spaces 2016-02-23 05:07:29 +00:00
Nick Mathewson
bb431ad3df Add a missing free in parsing an :auto port
Fixes bug 18374; bugfix on 0.2.3.3-alpha.
2016-02-22 15:51:43 -05:00
Nick Mathewson
2240aa1269 Merge branch 'bug16023_028_01_squashed' 2016-02-22 13:17:58 -05:00
Nick Mathewson
60efce445b Enable ed25519 collator in voting.
Previously, I had left in some debugging code with /*XXX*/ after it,
which nobody noticed.  Live and learn!  Next time I will use /*XXX
DO NOT COMMIT*/ or something.

We need to define a new consensus method for this; consensus method
21 shouldn't actually be used.

Fixes bug 17702; bugfix on 0.2.7.2-alpha.
2016-02-22 10:07:42 -05:00
Roger Dingledine
e3eaee1d2c avoid redundant bootstrap events if the number of descs we just fetched is 0 2016-02-22 03:02:01 -05:00
Roger Dingledine
56c5e282a7 avoid extra LOG_NOTICE for every new microdesc batch
We already write out bootstrapping progress (see bug 9927) per new
microdesc batch. There's no need to do a full "I learned some more
directory information, but not enough to..." line each time too.
2016-02-22 02:55:42 -05:00
Roger Dingledine
43193ec888 refactor directory_info_has_arrived so we can quiet the logs
no actual behavior changes
2016-02-22 02:54:32 -05:00
Roger Dingledine
c6952f65ef new microdescs mean progress towards bootstrapping
Now, when a user who has set EntryNodes finishes bootstrapping, Tor
automatically repopulates the guard set based on this new directory
information. Fixes bug 16825; bugfix on 0.2.3.1-alpha.
2016-02-22 02:47:57 -05:00
Roger Dingledine
a9993a92fb fix two typos in comments 2016-02-22 02:34:50 -05:00
teor (Tim Wilson-Brown)
be16c16bda Downgrade directory preference warning to info level 2016-02-20 23:42:08 +11:00
teor (Tim Wilson-Brown)
c281c03654 If both IPv4 and IPv6 addresses could be used, choose one correctly
If there is a node, use node_ipv6_or/dir_preferred().
If there is no node, use fascist_firewall_prefer_ipv6_or/dirport().
2016-02-20 23:40:37 +11:00
teor (Tim Wilson-Brown)
4afb107278 Refactor IPV6_OR_LOOKUP into fascist_firewall_choose_address_rs
It's only used once now, so having it as a macro is unhelpful.
2016-02-20 23:30:23 +11:00
teor (Tim Wilson-Brown)
a4853f1bc1 Make some fascist_firewall_choose_address* functions static 2016-02-20 23:30:17 +11:00
teor (Tim Wilson-Brown)
a4eddfff66 Refactor fascist_firewall_allows_address without changing behaviour 2016-02-20 20:01:51 +11:00
teor (Tim Wilson-Brown)
25543387ed Ensure relays must use IPv4, and can use IPv6
A mistake in previous refactoring had relays using IPv4 and IPv6.
2016-02-20 19:28:51 +11:00
David Goulet
13a8571834 Add onion address to the HS_DESC UPLOADED event
Fixes #16023

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-02-17 15:30:46 -05:00
Nick Mathewson
5494938467 Set or_ap/dir_ap.port on the invalid addr case. Bug in no released Tor. CID 1353178 and 1353179. 2016-02-16 12:58:02 -05:00
Nick Mathewson
1f679d4ae1 Fix all doxygen warnings other than "X is not documented" 2016-02-11 22:06:44 -05:00
Nick Mathewson
838d4dee12 make check-spaces 2016-02-11 12:50:55 -05:00
Nick Mathewson
ba2be81fc3 Merge remote-tracking branch 'teor/feature17840-v11-merged-v2' 2016-02-11 12:20:20 -05:00
Nick Mathewson
cae59b913f Rename circuit_about_to_free_{terminal -> atexit} 2016-02-11 12:15:12 -05:00
Nick Mathewson
7f9ac4957c Split a long line 2016-02-11 12:13:02 -05:00
Nick Mathewson
bc7a5eeeda Merge remote-tracking branch 'weasel/bug18261' 2016-02-11 12:12:02 -05:00
Nick Mathewson
c0a6c34652 Merge remote-tracking branch 'teor/bug18208' 2016-02-10 16:32:05 -05:00
Nick Mathewson
162d2022e1 Merge branch 'bug17682_squashed' 2016-02-10 15:50:28 -05:00
Nick Mathewson
601b41084a Bulletproof the safe_timer_diff function
Originally it can overflow in some weird cases.  Now it should no longer
be able to do so.

Additionally, limit main's timers to 30 days rather than to 38 years;
we don't actually want any 38-year timers.

Closes bug 17682.
2016-02-10 15:49:11 -05:00
Nick Mathewson
a8d6989589 Whitespace fixes 2016-02-10 15:35:46 -05:00
Nick Mathewson
8a4bba06d2 Rename crypto_digest_all, and digests_t.
They are no longer "all" digests, but only the "common" digests.

Part of 17795.

This is an automated patch I made with a couple of perl one-liners:

  perl -i -pe 's/crypto_digest_all/crypto_common_digests/g;' src/*/*.[ch]
  perl -i -pe 's/\bdigests_t\b/common_digests_t/g;' src/*/*.[ch]
2016-02-10 15:28:19 -05:00
Andrea Shepard
ae0f858602 Properly detach circuits from cmuxes when calling circuit_free_all() on shutdown again 2016-02-10 05:35:03 +00:00
Andrea Shepard
3014bfb61b Appease make check-spaces 2016-02-10 02:20:59 +00:00
Nick Mathewson
92048a1b43 Add missing consts; my fault. 2016-02-08 08:34:18 -05:00
Nick Mathewson
9f6589d65a Merge branch 'decorated_ipv6_directory_send_command_squashed' 2016-02-08 08:33:28 -05:00
Malek
061586e36c decorated ipv6 address for directory send command 2016-02-08 08:33:18 -05:00
Nick Mathewson
d004f06830 fix wide lines, use more locals. 2016-02-08 08:31:31 -05:00
Harini Kannan
c30be5a82d Using router_get_my_routerinfo() 2016-02-07 16:07:35 -05:00
Peter Palfrader
42e131e9ac Fix a segfault during startup
If unix socket was configured as listener (such as a ControlSocket or a
SocksPort unix socket), and tor was started as root but not configured
to switch to another user, tor would segfault while trying to string
compare a NULL value.  Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch
by weasel.
2016-02-06 22:17:02 +01:00
Nick Mathewson
b645e2f2b0 Merge remote-tracking branch 'alec/dead_code_removal' 2016-02-06 15:08:49 -05:00
Alec Heifetz
6852868b4a Removed dead code in main.c 2016-02-06 14:41:31 -05:00
Hassan Alsibyani
edd93f9de8 changing output of crypto_cipher_crypt_inplace from int to void 2016-02-06 12:14:39 -05:00
teor (Tim Wilson-Brown)
c213f277cd Make bridge clients prefer the configured bridge address
When ClientPreferIPv6ORPort is auto, bridges prefer the configured
bridge ORPort address. Otherwise, they use the value of the option.
Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto.

When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
2016-02-03 23:56:19 +11:00
teor (Tim Wilson-Brown)
92b1c3b604 Update ExitPolicy when interface addresses change
Tor exit relays reject local interface addresses in their exit policy.

Make sure those policies are updated when interface addresses change.
2016-02-02 15:05:59 +11:00
teor (Tim Wilson-Brown)
c4cb4706c9 Merge branch 'feature17840-v11-squashed' into feature17840-v11-merged
Conflicts:
	src/or/directory.c
	src/test/test_routerlist.c

Fix minor conflicts.
2016-01-29 07:37:06 +11:00
teor (Tim Wilson-Brown)
73fc67bc89 Tor2Web: tell extend_info_from_node intro point connections are direct 2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
1401117ff2 Return NULL from extend_info_from_node if the node has no allowed address
Modify callers to correctly handle these new NULL returns:
* fix assert in onion_extend_cpath
* warn and discard circuit in circuit_get_open_circ_or_launch
* warn, discard circuit, and tell controller in handle_control_extendcircuit
2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
77a9de0d48 Automatically use IPv6 when ClientUseIPv4 is 0
Consequential changes to log messages:
  * it's no longer possible to disable both IPv4 and IPv6,
  * refactor common string out of remaining log messages
2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
3a00215c35 Minor whitespace-only fix 2016-01-29 07:16:05 +11:00
teor (Tim Wilson-Brown)
4db5a35e66 Consistently format addresses in node_get_address_string
Also, don't write to a buffer with length zero.
2016-01-29 07:16:05 +11:00
teor (Tim Wilson-Brown)
772577b547 Optimise reachability checks when iterating through relay lists
Skip address checks on servers.

Skip allowed-only address checks on non-bridge clients with IPv4.
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
e991d642ec Add firewall_is_fascist_dir()
Refactor common parts of firewall_is_fascist_or().
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
3b8216f215 Use fascist firewall and ClientUseIPv4 for bridge clients
Bridge clients ignore ClientUseIPv6, acting as if it is always 1.
This preserves existing behaviour.

Make ClientPreferIPv6OR/DirPort auto by default:
 * Bridge clients prefer IPv6 by default.
 * Other clients prefer IPv4 by default.
This preserves existing behaviour.
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
4528f89316 Make entry_guard_set_status consistent with entry_is_live
Check fascist_firewall_allows_node in entry_guard_set_status and
return the same message as entry_is_live.
2016-01-29 07:15:53 +11:00
teor (Tim Wilson-Brown)
1648666203 Choose bridge addresses by IPv4/IPv6 preferences 2016-01-29 07:15:53 +11:00
teor (Tim Wilson-Brown)
c3cc8e16e9 Log when IPv4/IPv6 restrictions or preferences weren't met 2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
e72cbf7a4e Choose directory servers by IPv4/IPv6 preferences
Add unit tests, refactor pick_directory functions.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
268608c0a0 Choose OR Entry Guards using IPv4/IPv6 preferences
Update unit tests.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
2d33d192fc Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections.
ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections.

Refactor policy for IPv4/IPv6 preferences.

Fix a bug where node->ipv6_preferred could become stale if
ClientPreferIPv6ORPort was changed after the consensus was loaded.

Update documentation, existing code, add unit tests.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
4460feaf28 Fix *_get_all_orports to use ipv6_orport
node_get_all_orports and router_get_all_orports incorrectly used or_port
with IPv6 addresses. They now use ipv6_orport.

Also refactor and remove duplicated code.
2016-01-29 07:13:56 +11:00
Nick Mathewson
39a86185c8 Correct further grammatical errors in tor comments
Avoid using a pronoun where it makes comments unclear.
Avoid using gender for things that don't have it.
Avoid assigning gender to people unnecessarily.
2016-01-27 08:51:28 -05:00
Nick Mathewson
42dea56363 Merge remote-tracking branch 'teor/bug18145' 2016-01-26 10:01:34 -05:00
teor (Tim Wilson-Brown)
4339fa5609 Replace "Alice" with "the client" in a hidden service log message 2016-01-26 13:49:16 +11:00
teor (Tim Wilson-Brown)
fb939ed82e Replace Alice/Bob with client/service in hidden service comments 2016-01-26 13:48:31 +11:00
teor (Tim Wilson-Brown)
7a4b4f0c3a Correct grammatical errors in tor log messages
Avoid using gender for things that don't have it.
2016-01-26 13:47:23 +11:00
teor (Tim Wilson-Brown)
c927b6cb1a Correct grammatical errors in tor comments
Avoid using gender for things that don't have it.

Avoid assigning a gender to tor users.
2016-01-26 13:46:54 +11:00
Nick Mathewson
0010b8064e Fix redundant-declaration warning 2016-01-22 09:53:42 -05:00
Nick Mathewson
cbed61d128 Merge remote-tracking branch 'twstrike/parse_port_config_tests' 2016-01-21 12:15:39 -05:00
Nick Mathewson
7b6d7aae09 Merge branch 'fallbacks-0281-squashed' 2016-01-18 20:16:05 -05:00
teor (Tim Wilson-Brown)
ab3c86479a Add default fallback directories for the 0.2.8 alpha releases
Allow fallback directories which have been stable for 30 days
to work around #18050, which causes relays to submit descriptors
with 0 DirPorts when restarted. (Particularly during Tor version
upgrades.)

Ignore low fallback directory count in alpha builds.
2016-01-18 20:15:59 -05:00
Nick Mathewson
0ace22ef6d Merge remote-tracking branch 'origin/maint-0.2.7' 2016-01-18 19:52:34 -05:00
Nick Mathewson
83dfcfbc4a Merge remote-tracking branch 'teor/bug18050' into maint-0.2.7 2016-01-18 19:51:57 -05:00
teor (Tim Wilson-Brown)
6094a886cf Check ORPort and DirPort reachability before publishing a relay descriptor
Otherwise, relays publish a descriptor with DirPort 0 when the DirPort
reachability test takes longer than the ORPort reachability test.

Closes bug #18050. Reported by "starlight", patch by "teor".
Bugfix on 0.1.0.1-rc, commit a1f1fa6ab on 27 Feb 2005.
2016-01-18 14:00:29 +11:00
Nick Mathewson
537214d10e Merge remote-tracking branch 'twstrike/directory-tests' 2016-01-15 11:08:22 -05:00
Fergus Dall
d748c193e1 Include square brackets and port number in calcs for max_dl_per_request 2016-01-13 18:05:52 +10:30
Fergus Dall
91077d3aca Update the limits in max_dl_per_request for IPv6 address length 2016-01-13 06:57:24 +10:30
Nick Mathewson
3074b8365f Add another safe_str_client to fix bug 17419 2016-01-12 10:42:01 -05:00
Nick Mathewson
95f5910810 Merge branch 'unixninja_ticket15989_squashed' 2016-01-08 15:52:22 -08:00
unixninja92
4f0e28977d Added AccountRule in and AccountingRule out options 2016-01-08 15:52:10 -08:00
cypherpunks
4c10a9c445 Simplify micro-revision dependency rules
The Automake variable OBJEXT is automatically adjusted to the correct
object file extension for the target platform.
2016-01-08 13:27:36 -08:00
Nick Mathewson
8d6aafbb4a Merge remote-tracking branch 'teor/comments-20151213' 2016-01-07 12:50:10 -08:00
Nick Mathewson
77bc95cb5e Merge remote-tracking branch 'public/17826_redux' 2016-01-07 09:52:09 -08:00
Nick Mathewson
55232e32c7 Merge branch 'maint-0.2.7' 2016-01-07 09:43:24 -08:00
Nick Mathewson
b34c5c6b8a Merge branch 'maint-0.2.6' into maint-0.2.7
Conflicts:
	src/or/config.c
2016-01-07 09:43:12 -08:00
Nick Mathewson
c7b0cd9c2f Merge branch 'maint-0.2.5' into maint-0.2.6 2016-01-07 09:41:36 -08:00
Nick Mathewson
9ca329581a Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2016-01-07 09:40:23 -08:00
teor (Tim Wilson-Brown)
11f63d26ac Update dannenberg's V3 authority identity fingerprint
This new identity key was changed on 18 November 2015.
2016-01-07 09:39:04 -08:00
George Tankersley
3bc45f2628 Add FallbackDir list to GETINFO config/defaults 2016-01-06 11:22:30 -08:00
teor (Tim Wilson-Brown)
ce5406b71a Fix a comment typo in main.c 2016-01-03 17:34:42 +11:00
teor (Tim Wilson-Brown)
3a24364a69 Fix typos in microdesc_t and node_t comments 2016-01-03 17:34:42 +11:00
Nick Mathewson
263f6d11fd Mark all object files built based on micro-revision.i as depending on it
Fixes make -j for some users; fixes bug 17826.

Bugfix on 0.2.5.1, when we started building testing versions of all
the object files.
2015-12-26 13:43:13 -05:00
Nick Mathewson
45f5e59751 Remove extra quotes from log message
Bug 17843; fix on ddc65e2b
2015-12-22 10:31:26 -05:00
Nick Mathewson
f2a5df252f whoops; really fix the 32-bit builds 2015-12-21 13:10:10 -05:00
Nick Mathewson
8ede8d411a Fix a couple of jenkins issues from 12538. 2015-12-21 12:32:20 -05:00
Nick Mathewson
62f97545e4 Merge remote-tracking branch 'public/bug12538_merged' 2015-12-21 07:30:32 -05:00
Nick Mathewson
7b0cbf22c0 Merge remote-tracking branch 'yawning/feature17783_take2' 2015-12-20 14:10:52 -05:00
Yawning Angel
687f9b3bd7 Add the SHA-3 hash functions to common/crypto.h.
* DIGEST_SHA3_[256,512] added as supported algorithms, which do
   exactly what is said on the tin.
 * test/bench now benchmarks all of the supported digest algorithms,
   so it's possible to see just how slow SHA-3 is, though the message
   sizes could probably use tweaking since this is very dependent on
   the message size vs the SHA-3 rate.
2015-12-19 22:44:05 +00:00
Nick Mathewson
c4fb7ad034 Merge branch 'feature12538_028_01_squashed' 2015-12-18 13:16:49 -05:00
David Goulet
ea6f88478c Use dir_server_mode() in find_dl_schedule()
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-12-18 13:14:10 -05:00
Nick Mathewson
0c8e042c30 Restore semantics of advertise vs serve on directory cacheing
When we are low on accounted bandwidth, we stop advertising that
we're a directory, but we will continue to answer directory
requests, just as before.
2015-12-18 13:14:10 -05:00
Nick Mathewson
54406f78b8 Change dataflow on generating 'dir-cache' flag.
Convention is that router_dump_router_to_string() should look at its
input "router", which should be generated by
router_build_fresh_descirptor().
2015-12-18 13:14:10 -05:00
Matthew Finkel
21654ca7bd Let make_consensus_method_list be used in tests 2015-12-18 13:14:10 -05:00
Matthew Finkel
fb80a748ea A router must be a dir cache before it may be HSDir
Fixes #15801
2015-12-18 13:14:09 -05:00
Matthew Finkel
3007de8efc {dis,en}abling DirCache is a semantic change 2015-12-18 13:14:09 -05:00
Matthew Finkel
d49ad438a8 Rebuild descriptor when DirCache is {dis,en}abled 2015-12-18 13:14:09 -05:00
Matthew Finkel
997f779a7f Add new DirCache configuration option
This will give relay operators the ability of disabling the caching of
directory data. In general, this should not be necessary, but on some
lower-resource systems it may beneficial.
2015-12-18 13:14:09 -05:00
Matthew Finkel
e0bd6cdef2 Add unit test for router_pick_directory_server_impl 2015-12-18 13:14:09 -05:00
Matthew Finkel
0a7d22a664 Client should check if dir server has open dir port or handles tunnelled requests
Final piece of prop 237. Closes 12538.
2015-12-18 13:14:09 -05:00
Nick Mathewson
4604b3ab19 Fix a null-pointer deref when writing geoip stats
Found by coverity; CID 1327892.
2015-12-18 10:00:44 -05:00
Nick Mathewson
f96d191cf3 Merge branch '17752_again' 2015-12-17 16:31:56 -05:00
Nick Mathewson
8585cc57f8 Merge branch 'maint-0.2.7' 2015-12-17 14:57:16 -05:00
Nick Mathewson
2cbaf39af4 Add some more ed25519 key files to the seccomp sandbox list
Fixes bug 17675; bugfix on 0.2.7.3-alpha.
2015-12-17 14:56:24 -05:00
Nick Mathewson
f1be33fc00 Another try at fixing 17752
I believe that the final SMARTLIST_DEL_CURRENT was sometimes
double-removing items that had already been removed by
connection_mark_unattached_ap or
connection_ap_handshake_attach_circuit().

The fix here is to prevent iteration over the list that other
functions might be modifying.
2015-12-17 12:30:13 -05:00
cypherpunks
9d5e47d2d7 Add missing parentheses 2015-12-17 08:34:27 -05:00
cypherpunks
fd399ec850 Remove Windows specific data type usage
The Tor code base already contains usage of setsockopt(2) with an int as
their option value without problems.
2015-12-17 08:34:27 -05:00
cypherpunks
2d2312d989 Conform to the type signature of setsockopt(2)
According to the POSIX standard the option value is a pointer to void
and the option length a socklen_t. The Windows implementation makes the
option value be a pointer to character and the option length an int.

Casting the option value to a pointer to void conforms to the POSIX
standard while the implicit cast to a pointer to character conforms to
the Windows implementation.

The casts of the option length to the socklen_t data type conforms to
the POSIX standard. The socklen_t data type is actually an alias of an
int so it also conforms to the Windows implementation.
2015-12-17 08:34:27 -05:00
Nick Mathewson
b9714e1366 Merge remote-tracking branch 'teor/fix-multi-dir' 2015-12-16 20:04:49 -05:00
teor (Tim Wilson-Brown)
1b70497948 Prop210: Fix directory fetch tests
Check that directory fetches behave as expected under Prop 210.
2015-12-17 11:40:49 +11:00
teor (Tim Wilson-Brown)
e7e61ec7ec Prop210: Check fallback directories and authorities work as expected
Also clarify comments.
2015-12-17 11:39:40 +11:00
teor (Tim Wilson-Brown)
9882a88b74 Prop210: Only clients benefit from multiple consensus downloads
Anything that's a server can afford to wait for a few minutes.
(Except for bridge relays, which act like clients.)
2015-12-17 11:38:24 +11:00
Nick Mathewson
e6be486aea More emergency-check code for un-removed pending entry conns
This might also be what #17752 needs.
2015-12-16 19:16:07 -05:00
Nick Mathewson
24fcb6adbb Add an edge_about_to_close() call to ap_about_to_close().
Fixes #17876
2015-12-16 18:52:34 -05:00
Nick Mathewson
613e0e1c1a Move pending-connection code into connection_ap_about_to_close
It is AP-specific, so that's where it belongs.  This shouldn't have
caused a bug, but due to #17876, we were never actually calling
connection_edge_about_to_close from connection_ap_about_to_close,
causing bug #17874 (aka bug #17752).
2015-12-16 18:49:23 -05:00
Matthew Finkel
1ceb7142a1 A relay now advertises "tunnelled-dir-server" in its descriptor
When a relay does not have an open directory port but it has an
orport configured and is accepting client connections then it can
now service tunnelled directory requests, too. This was already true
of relays with an dirport configured.

We also conditionally stop advertising this functionality if the
relay is nearing its bandwidth usage limit - same as how dirport
advertisement is determined.

Partial implementation of prop 237, ticket 12538
2015-12-16 16:16:01 +01:00
Matthew Finkel
467d0919d2 Authorities must set a router's V2Dir flag if it supports tunnelled reqs
Partial implementation of prop 237, ticket 12538
2015-12-16 16:15:41 +01:00
Nick Mathewson
9d17d10b36 tweak router_parse_addr_policy_item_from_string docs 2015-12-16 08:49:32 -05:00
Nick Mathewson
bb23ad3e47 Merge remote-tracking branch 'teor/feature17863' 2015-12-16 08:48:28 -05:00
Nick Mathewson
10e442ba93 Merge remote-tracking branch 'teor/feature17864' 2015-12-16 08:41:20 -05:00
Nick Mathewson
a03469aa85 More debugging code to try to track down #17659 2015-12-16 08:37:40 -05:00
Nick Mathewson
a4ca2ef1ff Add some assertions to try to catch #17752 2015-12-16 08:24:54 -05:00
teor (Tim Wilson-Brown)
978210d5a8 Wait for busy authorities/fallbacks rather than ignoring excluded nodes
Applies the 6c443e987d fix to router_pick_directory_server_impl.

6c443e987d applied to directory servers chosen from the consensus,
and was:
"Tweak the 9969 fix a little

If we have busy nodes and excluded nodes, then don't retry with the
excluded ones enabled. Instead, wait for the busy ones to be nonbusy."
2015-12-16 09:07:11 +11:00
teor (Tim Wilson-Brown)
e2e09a2dbe Warn when comparing against an AF_UNSPEC address in a policy
It produces unexpected results, and it's most likely a bug.
2015-12-16 08:51:59 +11:00
teor (Tim Wilson-Brown)
ce92335214 Add policy assume_action support for IPv6 addresses
These IPv6 addresses must be quoted, because : is the port separator,
and "acce" is a valid hex block.

Add unit tests for assumed actions in IPv6 policies.
2015-12-16 08:51:35 +11:00
teor (Tim Wilson-Brown)
cd0a5db5e9 Initialise malformed_list to 0 each time we parse a policy 2015-12-16 08:51:34 +11:00
Nick Mathewson
6ba8afe5f8 Merge remote-tracking branch 'teor/feature15775-fallback-v9-squashed' 2015-12-15 14:04:00 -05:00
teor
4c1c2a313d Add Fallback Directory Candidate Selection Script
"Tor has included a feature to fetch the initial consensus from nodes
 other than the authorities for a while now. We just haven't shipped a
 list of alternate locations for clients to go to yet.

 Reasons why we might want to ship tor with a list of additional places
 where clients can find the consensus is that it makes authority
 reachability and BW less important.

 We want them to have been around and using their current key, address,
 and port for a while now (120 days), and have been running, a guard,
 and a v2 directory mirror for most of that time."

Features:
* whitelist and blacklist for an opt-in/opt-out trial.
* excludes BadExits, tor versions that aren't recommended, and low
  consensus weight directory mirrors.
* reduces the weighting of Exits to avoid overloading them.
* places limits on the weight of any one fallback.
* includes an IPv6 address and orport for each FallbackDir, as
  implemented in #17327. (Tor won't bootstrap using IPv6 fallbacks
  until #17840 is merged.)
* generated output includes timestamps & Onionoo URL for traceability.
* unit test ensures that we successfully load all included default
  fallback directories.

Closes ticket #15775. Patch by "teor".
OnionOO script by "weasel", "teor", "gsathya", and "karsten".
2015-12-16 05:54:40 +11:00
Nick Mathewson
efc8b2dbbf clean whitespace 2015-12-15 13:22:41 -05:00
Nick Mathewson
aa4be914f0 Merge remote-tracking branch 'teor/feature17327-v4' 2015-12-15 13:19:18 -05:00
Nick Mathewson
aba39ea390 Merge branch 'feature8195_small_squashed' 2015-12-15 13:11:06 -05:00
Nick Mathewson
405a8d3fb4 Update KeepCapabilities based on comments from asn
* The option is now KeepBindCapabilities
* We now warn if the user specifically asked for KeepBindCapabilities
  and we can't deliver.
* The unit tests are willing to start.
* Fewer unused-variable warnings.
* More documentation, fewer misspellings.
2015-12-15 13:10:57 -05:00
Nick Mathewson
e8cc839e41 Add ability to keep the CAP_NET_BIND_SERVICE capability on Linux
This feature allows us to bind low ports when starting as root and
switching UIDs.

Based on code by David Goulet.

Implement feature 8195
2015-12-15 13:10:57 -05:00
Nick Mathewson
744958e0dd Fix a few compilation warnings and errors 2015-12-15 13:03:21 -05:00
Nick Mathewson
a7d44731d9 Merge remote-tracking branch 'teor/feature4483-v10-squashed' 2015-12-15 12:57:57 -05:00
teor (Tim Wilson-Brown)
d72af1085a Prop210: Add router_digest_is_fallback_dir
router_digest_is_fallback_dir returns 1 if the digest is in the
currently loaded list of fallback directories, and 0 otherwise.

This function is for future use.
2015-12-16 04:37:59 +11:00
teor (Tim Wilson-Brown)
2212530bf5 Prop210: Close excess connections once a consensus is downloading
Once tor is downloading a usable consensus, any other connection
attempts are not needed.

Choose a connection to keep, favouring:
* fallback directories over authorities,
* connections initiated earlier over later connections

Close all other connections downloading a consensus.
2015-12-16 04:37:59 +11:00
teor (Tim Wilson-Brown)
35bbf2e4a4 Prop210: Add schedules for simultaneous client consensus downloads
Prop210: Add attempt-based connection schedules

Existing tor schedules increment the schedule position on failure,
then retry the connection after the scheduled time.

To make multiple simultaneous connections, we need to increment the
schedule position when making each attempt, then retry a (potentially
simultaneous) connection after the scheduled time.

(Also change find_dl_schedule_and_len to find_dl_schedule, as it no
longer takes or returns len.)

Prop210: Add multiple simultaneous consensus downloads for clients

Make connections on TestingClientBootstrapConsensus*DownloadSchedule,
incrementing the schedule each time the client attempts to connect.

Check if the number of downloads is less than
TestingClientBootstrapConsensusMaxInProgressTries before trying any
more connections.
2015-12-16 04:37:49 +11:00
Nick Mathewson
54433993c7 Merge branch 'feature17576-UseDefaultFallbackDirs-v2-squashed' 2015-12-15 12:19:08 -05:00
teor (Tim Wilson-Brown)
080ae03ee4 Add UseDefaultFallbackDirs for hard-coded directory mirrors
UseDefaultFallbackDirs enables any hard-coded fallback
directory mirrors. Default is 1, set it to 0 to disable fallbacks.

Implements ticket 17576.
Patch by "teor".
2015-12-15 12:19:01 -05:00
teor (Tim Wilson-Brown)
d3546aa92b Prop210: Add want_authority to directory_get_from_dirserver 2015-12-16 04:03:45 +11:00
teor (Tim Wilson-Brown)
df0c135d62 Prop210: Refactor connection_get_* to produce lists and counts 2015-12-16 04:02:12 +11:00
cypherpunks
62c4d3880f Remove eventdns specific inline definition
The header includes compat.h which already defines inline.
2015-12-15 11:34:00 -05:00
cypherpunks
824a6a2a90 Replace usage of INLINE with inline
This patch was generated using;

  sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
2015-12-15 11:34:00 -05:00
Nick Mathewson
39b2f2d35e Merge branch 'maint-0.2.7' 2015-12-14 13:21:16 -05:00
cypherpunks
670affa792 Only setup environment variables for tests
Using the AM_TESTS_ENVIRONMENT variable ensures the environment
variables are only set during test execution and not during the
compilation phase.
2015-12-14 13:11:20 -05:00
teor (Tim Wilson-Brown)
60fc2b2539 Add IPv6 addresses & orports to the default directory authorities
Source: Globe entries for each authority.
2015-12-14 23:46:47 +11:00
teor (Tim Wilson-Brown)
1c2366ea43 Authorities on IPv6: minor fixes and unit tests
Update the code for IPv6 authorities and fallbacks for function
argument changes.

Update unit tests affected by the function argument changes in
the patch.

Add unit tests for authority and fallback:
 * adding via a function
 * line parsing
 * adding default authorities
(Adding default fallbacks is unit tested in #15775.)
2015-12-14 23:46:47 +11:00
Nick Mathewson
85003f4c80 Add a new ipv6=address:orport flag to DirAuthority and FallbackDir
Resolves # 6027
2015-12-14 23:43:50 +11:00
Nick Mathewson
a807bb781b Whitespace fix 2015-12-10 20:04:04 -05:00
Nick Mathewson
4b0e9fff27 Fix wide line; log why chmod failed. 2015-12-10 20:03:37 -05:00
Nick Mathewson
01334589f1 Simplify cpd_opts usage. 2015-12-10 20:02:22 -05:00
Jamie Nguyen
dcbfe46cd6 Defer creation of Unix socket until after setuid 2015-12-10 20:00:06 -05:00
Jamie Nguyen
ec4ef68271 Introduce DataDirectoryGroupReadable boolean 2015-12-10 20:00:06 -05:00
Arlo Breault
d68b7fd442 Refactor clock skew warning code to avoid duplication 2015-12-10 19:54:11 -05:00
cypherpunks
7e7188cb00 Assert when the TLS contexts fail to initialize 2015-12-10 08:50:40 -05:00
Nick Mathewson
6102efbee2 Merge remote-tracking branch 'teor/fix-exitpolicy-leak' 2015-12-09 16:25:17 -05:00
cypherpunks
91ab2ac5aa Assert that memory held by rephist is freed
The internal memory allocation and history object counters of the
reputation code can be used to verify the correctness of (part of) the
code. Using these counters revealed an issue where the memory allocation
counter is not decreased when the bandwidth arrays are freed.

A new function ensures the memory allocation counter is decreased when a
bandwidth array is freed.

This commit also removes an unnecessary cast which was found while
working on the code.
2015-12-09 11:31:17 -05:00
Nick Mathewson
b3eba8ef12 Merge branch 'refactor-effective-entry' 2015-12-09 11:05:41 -05:00
Nick Mathewson
580d788b3f Tweak policies_log_first_redundant_entry even more
* Use smartlist_foreach_begin/end instead of a plain for loop.
  * constify the pointers.
2015-12-09 11:04:57 -05:00
Nick Mathewson
db433b8dc3 Tweak policies_log_first_redundant_entry more.
* Since the variable is no longer modified, it should be called
     'policy' instead of 'dest'.  ("Dest" is short for
     "destination".)
   * Fixed the space issue that dgoulet found on the ticket.
   * Fixed the comment a little. (We use the imperative for function
     documentation.)
2015-12-09 11:02:15 -05:00
Nick Mathewson
caff665309 Merge remote-tracking branch 'teor/first-hop-no-private' 2015-12-09 10:47:59 -05:00
cypherpunks
c76059ec9b Assert that the directory server digest is given
This prevents a possible crash when memory is copied from a pointer to
NULL.
2015-12-09 10:22:26 -05:00
cypherpunks
fbdd32ebe9 Mention the expected length of the digests
Some functions that use digest maps did not mention that the digests are
expected to have DIGEST_LEN bytes. This lead to buffer over-reads in the
past.
2015-12-09 10:22:26 -05:00
David Goulet
4a7964b3bc Don't allow a rendezvous point to have a private address
When an HS process an INTRODUCE2 cell, we didn't validate if the IP address
of the rendezvous point was a local address. If it's the case, we end up
wasting resources by trying to extend to a local address which fails since
we do not allow that in circuit_extend().

This commit now rejects a rendezvous point that has a local address once
seen at the hidden service side unless ExtendAllowPrivateAddresses is set.

Fixes #8976

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-12-08 15:57:12 -05:00
Nick Mathewson
252149e8b4 Merge branch 'maint-0.2.7' 2015-12-08 10:23:56 -05:00
Nick Mathewson
c6a337557a Merge branch 'maint-0.2.6' into maint-0.2.7 2015-12-08 10:23:41 -05:00
Nick Mathewson
1adc2bf66f Merge branch 'maint-0.2.5' into maint-0.2.6 2015-12-08 10:20:21 -05:00
Nick Mathewson
c3d11b119d Merge branch 'maint-0.2.4' into maint-0.2.5 2015-12-08 10:20:14 -05:00
Arlo Breault
5138f5ca69 Ensure node is a guard candidate when picking a directory guard 2015-12-08 09:49:01 -05:00
Nick Mathewson
4328525770 Merge branch 'maint-0.2.4' into maint-0.2.5 2015-12-08 09:38:48 -05:00
Nick Mathewson
b0867fec96 Fix a compilation warning introduced by clang 3.6
There was a dead check when we made sure that an array member of a
struct was non-NULL.  Tor has been doing this check since at least
0.2.3, maybe earlier.

Fixes bug 17781.
2015-12-08 09:37:05 -05:00
cypherpunks
95c03b29de Fix memory leak by circuit marked for close list
This commit fixes a memory leak introduced by commit
8b4e5b7ee9.
2015-12-08 08:52:10 -05:00
Nick Mathewson
1321608786 Merge branch 'maint-0.2.7' 2015-12-08 08:45:09 -05:00
Nick Mathewson
e9bf584694 Format IPv6 policies correctly.
Previously we'd suppressed the mask-bits field in the output when
formatting a policy if it was >=32.  But that should be a >=128 if
we're talking about IPv6.

Since we didn't put these in descriptors, this bug affects only log
messages and controller outputs.

Fix for bug 16056.  The code in question was new in 0.2.0, but the
bug was introduced in 0.2.4 when we started supporting IPv6 exits.
2015-12-08 08:44:58 -05:00
Nick Mathewson
79fdfd5231 Merge remote-tracking branch 'teor/exitpolicy-multicast' 2015-12-07 10:23:30 -05:00
teor (Tim Wilson-Brown)
329aa59e43 Comment-only change to connection_get_by_type_addr_port_purpose
connection_get_by_type_addr_port_purpose also ignores connections
that are marked for close.
2015-12-07 16:13:07 +11:00
teor (Tim Wilson-Brown)
b7525c39bf Comment-only changes to connection_connect
port is in host order (addr is tor_addr_t, endianness is abstracted).

addr and port can be different to conn->addr and conn->port if
connecting via a proxy.
2015-12-07 16:10:37 +11:00
teor (Tim Wilson-Brown)
3461bcb10e Move a comment in router_get_my_descriptor to the correct line 2015-12-07 16:10:37 +11:00
teor (Tim Wilson-Brown)
fb3e862b86 Update comment: get_connection_array no longer takes "n" 2015-12-07 16:10:37 +11:00
teor (Tim Wilson-Brown)
021958934f Consistently ignore multicast in internal reject private exit policies
Consistently ignore multicast addresses when automatically
generating reject private exit policies.

Closes ticket 17763. Bug fix on 10a6390deb,
not in any released version of Tor. Patch by "teor".
2015-12-07 14:46:19 +11:00
teor (Tim Wilson-Brown)
bca4095b93 Make policies_log_first_redundant_entry take a const smartlist_t *
Also fixup code style.
2015-12-06 21:34:52 +11:00
teor (Tim Wilson-Brown)
ba5053b45d Refactor policies_parse_exit_policy_internal
Move logging of redundant policy entries in
policies_parse_exit_policy_internal into its own function.

Closes ticket 17608; patch from "juce".
2015-12-06 21:32:09 +11:00
teor (Tim Wilson-Brown)
bb32c29986 Initialise configured_addresses to a known value (NULL) 2015-12-06 20:24:45 +11:00
cypherpunks
16bec0dfd9 Fix a memory leak in the exit policy parsing code
This memory leak only occurs when the Tor instance is not an exit node.

Fixes code introduced in 10a6390deb.
2015-12-06 20:24:07 +11:00
Nick Mathewson
ee5337e904 Merge branch 'maint-0.2.7' 2015-11-30 22:03:00 -05:00
cypherpunks
be0891667e Fix undefined behavior caused by memory overlap
The tor_cert_get_checkable_sig function uses the signing key included in
the certificate (if available) when a separate public key is not given.

When the signature is valid, the tor_cert_checksig function copies the
public key from the checkable structure to the public key field of the
certificate signing key.

In situations where the separate public key is not given but the
certificate includes a signing key, the source and destination pointers
in the copy operation are equal and invoke undefined behavior.

Undefined behaviour is avoided by ensuring both pointers are different.
2015-11-30 22:02:22 -05:00
Nick Mathewson
0a701e5377 More fixes/debugging attempts for 17659 2015-11-27 12:54:57 -05:00
Nick Mathewson
a33e9f208a Add a stack trace for help debugging one part of 17659 2015-11-27 12:11:51 -05:00
Nick Mathewson
85a48d5e47 Merge branch 'fix-policies-memory-v2-squashed' 2015-11-27 11:54:52 -05:00
teor (Tim Wilson-Brown)
3f83ea84c7 Fix use-after-free of stack memory in getinfo_helper_policies 2015-11-27 11:54:47 -05:00
teor (Tim Wilson-Brown)
7a6ed3e65e Fix use-after-free of stack memory in policies_parse_exit_policy*
Change the function names & comments to make the copying explicit.
2015-11-27 11:54:47 -05:00
Nick Mathewson
5665775e8c Check magic number in connection_ap_attach_pending 2015-11-27 11:21:51 -05:00
Nick Mathewson
0c7bfb206e improve log messages to try to track down #17659 2015-11-26 12:44:12 -05:00
teor (Tim Wilson-Brown)
b0e6010861 Correctly free a smartlist in getinfo_helper_policies 2015-11-26 09:32:33 -05:00
Nick Mathewson
e5754c42d1 Merge branch 'bug17686_v2_027' 2015-11-25 22:33:49 -05:00
Nick Mathewson
ddcbe26474 Now that crypto_rand() cannot fail, it should return void. 2015-11-25 22:29:59 -05:00
Nick Mathewson
dedea28c2e Make crypto_seed_rng() and crypto_rand() less scary.
These functions must really never fail; so have crypto_rand() assert
that it's working okay, and have crypto_seed_rng() demand that
callers check its return value.  Also have crypto_seed_rng() check
RAND_status() before returning.
2015-11-25 22:29:59 -05:00
teor (Tim Wilson-Brown)
e14f9dd44f fixup! Add controller getinfo exit-policy/reject-private
Stop ignoring ExitPolicyRejectPrivate in getinfo
exit-policy/reject-private. Fix a memory leak.

Set ExitPolicyRejectPrivate in the unit tests, and make a mock
function declaration static.
2015-11-25 22:26:10 -05:00
Nick Mathewson
289b184e11 Merge branch 'bug17654_try1' 2015-11-25 12:25:44 -05:00
Nick Mathewson
fe8eb9b366 Merge remote-tracking branch 'public/decouple_dir_request_failed' 2015-11-25 09:21:25 -05:00
Nick Mathewson
dce708d11c Fix a logic error in connection_tls_continue_handshake().
(If we take the branch above this assertion, than we *didn't* have a
v1 handshake.  So if we don't take the branch, we did.  So if we
reach this assertion, we must be running as a server, since clients
no longer attempt v1 handshakes.)

Fix for bug 17654; bugfix on 9d019a7db7.

Bug not in any released Tor.
2015-11-25 09:17:44 -05:00
Nick Mathewson
45caeec9a0 Merge remote-tracking branch 'teor/comments-20151123' 2015-11-25 09:08:15 -05:00
Nick Mathewson
2079ec9ee6 Merge remote-tracking branch 'teor/feature8961-replaycache-sha256' 2015-11-25 08:55:18 -05:00
Nick Mathewson
be30c61ac1 Merge branch 'maint-0.2.7' 2015-11-25 08:53:46 -05:00
teor (Tim Wilson-Brown)
23b088907f Refuse to make direct connections to private OR addresses
Refuse connection requests to private OR addresses unless
ExtendAllowPrivateAddresses is set. Previously, tor would
connect, then refuse to send any cells to a private address.

Fixes bugs 17674 and 8976; bugfix on b7c172c9ec (28 Aug 2012)
Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
release.

Patch by "teor".
2015-11-25 03:11:15 +11:00
teor (Tim Wilson-Brown)
2e9779e5d8 Use SHA256 in the replaycache, rather than SHA1
This migrates away from SHA1, and provides further hash flooding
protection on top of the randomised siphash implementation.

Add unit tests to make sure that different inputs don't have the
same hash.
2015-11-24 09:08:53 +11:00
David Goulet
273b267fa2 Fix: use the right list in find_expiring_intro_point()
The wrong list was used when looking up expired intro points in a rend
service object causing what we think could be reachability issues and
triggering a BUG log.

Fixes #16702

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-11-23 09:02:54 -05:00
Roger Dingledine
6cdd024c94 fix two typos in comments 2015-11-23 07:40:13 -05:00
Nick Mathewson
cbc1b8a4f7 fix "make check-spaces" 2015-11-20 10:52:56 -05:00
Nick Mathewson
e3cf39cefd Fix compilation warnings 2015-11-20 10:51:19 -05:00
Nick Mathewson
35e886fe13 Merge branch 'getinfo-private-exitpolicy-v4-squashed' 2015-11-20 10:48:28 -05:00
teor (Tim Wilson-Brown)
10a6390deb Add controller getinfo exit-policy/reject-private
exit-policy/reject-private lists the reject rules added by
ExitPolicyRejectPrivate. This makes it easier for stem to
display exit policies.

Add unit tests for getinfo exit-policy/*.

Completes ticket #17183. Patch by "teor".
2015-11-20 10:48:19 -05:00
teor (Tim Wilson-Brown)
6913bdfcc5 Refactor router_dump_exit_policy_to_string
Split out policy_dump_to_string to use it in getinfo_helper_policies.
2015-11-20 10:39:37 +11:00
teor (Tim Wilson-Brown)
66fac9fbad Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relays
Modify policies_parse_exit_policy_reject_private so it also blocks
the addresses configured for OutboundBindAddressIPv4_ and
OutboundBindAddressIPv6_, and any publicly routable port addresses
on exit relays.

Add and update unit tests for these functions.
2015-11-20 10:39:13 +11:00
teor (Tim Wilson-Brown)
c73c5a293f Refactor policies_parse_exit_policy_internal
Move the code that rejects publicly routable exit relay addresses
to policies_parse_exit_policy_reject_private. Add
addr_policy_append_reject_addr_list and use it to reject interface
addresses.

This removes the duplicate reject checks on local_address and
ipv6_local_address, but duplicates will be removed by
exit_policy_remove_redundancies at the end of the function.

This also removes the info-level logging on rejected interface
addresses. Instead, log a debug-level message in
addr_policy_append_reject_addr.

This simplifies policies_parse_exit_policy_internal and prepares for
reporting these addresses over the control port in #17183.
2015-11-20 10:32:51 +11:00
Nick Mathewson
118bdc3a6d Merge remote-tracking branch 'public/decouple_conn_attach_2' 2015-11-19 10:44:31 -05:00
Yawning Angel
85bb71049a Fix a startup time assert caused by periodic events not being initialized.
Loading a on disk bridge descriptor causes a directory download to be
scheduled, which asserts due to the periodic events not being
initialized yet.

Fixes bug #17635, not in any released version of tor.
2015-11-18 11:31:05 +00:00
Nick Mathewson
8af5afedc9 windows already has a CALLBACK macro... 2015-11-17 10:00:41 -05:00
Nick Mathewson
dc0d2b5970 Don't relaunch dir requests recursively if connection_connect() returns -1
Closes ticket 17589.
2015-11-17 09:40:05 -05:00
Nick Mathewson
d3cb659541 Fix a server-side crash on DNS init 2015-11-17 09:37:50 -05:00
Nick Mathewson
70f337fdb2 Some unit tests now require that periodic events be initialized. 2015-11-17 09:26:50 -05:00
Nick Mathewson
58edf92678 Free pending_entry_connections on shutdown. 2015-11-17 09:06:47 -05:00
Nick Mathewson
84b3350c83 Be more conservative in scanning the list of pending streams
Now we only re-scan the list in the cases we did before: when we
have a new circuit that we should try attaching to, or when we have
added a new stream that we haven't tried to attach yet.

This is part of 17590.
2015-11-17 09:04:25 -05:00
Nick Mathewson
b1d56fc589 Decouple ..attach_circuit() from most of its callers.
Long ago we used to call connection_ap_handshake_attach_circuit()
only in a few places, since connection_ap_attach_pending() attaches
all the pending connections, and does so regularly.  But this turned
out to have a performance problem: it would introduce a delay to
launching or connecting a stream.

We couldn't just call connection_ap_attach_pending() every time we
make a new connection, since it walks the whole connection list.  So
we started calling connection_ap_attach_pending all over, instead!
But that's kind of ugly and messes up our callgraph.

So instead, we now have connection_ap_attach_pending() use a list
only of the pending connections, so we can call it much more
frequently.  We have a separate function to scan the whole
connection array to see if we missed adding anything, and log a
warning if so.

Closes ticket #17590
2015-11-17 08:53:34 -05:00
Nick Mathewson
b91bd27e6f Whoops; in this context the EV_TIMEOUT flag is needed 2015-11-17 08:53:16 -05:00
Nick Mathewson
c113d19b53 Merge branch 'bug3199_redux_3' 2015-11-17 08:27:42 -05:00
Nick Mathewson
661e5bdbfa Changes to 3199 branch based on feedback from special 2015-11-17 08:26:04 -05:00
Nick Mathewson
eb721ed2d9 Add documentation for periodic event api 2015-11-16 10:40:23 -05:00
teor (Tim Wilson-Brown)
d3b7546753 Add a missing "if" in the comment on warn_nonlocal_controller_ports
Also reflow all the lines of that comment so that they're under
the maximum width.
2015-11-16 16:27:11 +11:00
teor (Tim Wilson-Brown)
dd82550a5e Add missing " in AccountingMax comment in or.h 2015-11-16 12:34:53 +11:00
Nick Mathewson
dd00fd0a1f Change periodic.c to use libevent directly
Libevent's periodic timers aren't the right solution when the
timeout potentially changes every time.
2015-11-13 16:25:40 -05:00
Nick Mathewson
65a6489e5e fix whitespace; remove dead code 2015-11-13 16:24:45 -05:00
Nick Mathewson
2bf8fb5ee3 Fold all of the run-every-second stuff back into run_scheduled_events() 2015-11-13 16:24:45 -05:00
Nick Mathewson
9f31908a40 Turn all of run_scheduled_events() into a bunch of periodic events
This patch is designed to look good when you see it through 'diff -b':
it mostly leaves entries in the same order, and leaves the code unmodified.
2015-11-13 16:24:45 -05:00
Nick Mathewson
e8b459a2fa Connect periodic events to main 2015-11-13 16:24:44 -05:00
Kevin Butler
fbeff307f7 Infrastructure for replacing global periodic events in main.c
(This is from Kevin's bug3199 patch series; nick extracted it into
 a new file and changed the interface a little, then did some API
 tweaks on it.)
2015-11-13 16:24:44 -05:00
Nick Mathewson
7a940fac1c appease check-spaces 2015-11-13 13:46:47 -05:00
Nick Mathewson
d467227323 Merge remote-tracking branch 'public/ticket11150_client_only' 2015-11-13 09:58:16 -05:00
Nick Mathewson
f7ccc9b975 Merge branch 'decouple_circuit_mark_squashed' 2015-11-12 14:20:24 -05:00
Nick Mathewson
8b4e5b7ee9 Experimentally decouple the main body of circuit_mark_for_close 2015-11-12 14:20:16 -05:00
Nick Mathewson
d20a3d07e3 Merge branch 'karsten_bug13192_026_03_teor' 2015-11-12 11:40:58 -05:00
teor (Tim Wilson-Brown)
0d5a439292 Mark fallback directoriess as too busy after a 503 response
Mark fallback directory mirrors as "too busy" when they return
a 503 response. Previously, the code just marked authorities as busy.

Unless clients set their own fallback directories, they will never see
this bug. (There are no default fallbacks yet.)

Fixes bug 17572; bugfix on 5c51b3f1f0 released in 0.2.4.7-alpha.
Patch by "teor".
2015-11-10 09:47:48 +11:00
rl1987
a187c772af Seventh test case for dns_resolve_impl(). 2015-10-24 14:30:53 +03:00
rl1987
f53dcf6a35 Sixth test case for dns_resolve_impl. 2015-10-24 14:30:52 +03:00
rl1987
cc1bed9974 Add a fifth unit test. 2015-10-24 14:30:52 +03:00
rl1987
1096f7638e A second test case for dns_resolve_impl. 2015-10-24 14:30:50 +03:00
Nick Mathewson
52fd384a46 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 11:18:11 -04:00
Nick Mathewson
9c4a0aef0c Fix a memory leak in reading an expired ed signing key.
Closes 17403.
2015-10-21 11:16:28 -04:00
Nick Mathewson
35edd74e25 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:56:40 -04:00
Nick Mathewson
5d45a26f39 Whoops; infinite recursion 2015-10-21 10:56:27 -04:00
Nick Mathewson
d14b009b23 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:54:12 -04:00
Nick Mathewson
8b01849f3b Yet more memory leaks in the rendcache tests 2015-10-21 10:54:07 -04:00
Nick Mathewson
aa96abe66b Fix memory leak in rend_cache_failure_entry_free()
Bug 17402.
2015-10-21 10:52:57 -04:00
Nick Mathewson
a5e873ff29 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:28:16 -04:00
Nick Mathewson
03eb999d42 Fix an (unreachable) memory leak in rendcache.c
The 0.2.8 unit tests provoke this leak, though I don't think it can
happen IRL.
2015-10-21 10:27:19 -04:00
Nick Mathewson
46cd466dec Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:00:52 -04:00
Nick Mathewson
34b4da709d Fix a bunch more memory leaks in the tests. 2015-10-21 10:00:05 -04:00
Nick Mathewson
5b2070198a Fix a use-after-free in validate_intro_point_failure. Bug 17401. Found w valgrind 2015-10-21 09:59:19 -04:00
Nick Mathewson
a8a26ca30e Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-15 13:56:53 -04:00
Nick Mathewson
7e7683b254 Merge remote-tracking branch 'origin/maint-0.2.6' into maint-0.2.7 2015-10-15 13:56:41 -04:00
David Goulet
2ec5e24c58 Add hidserv-stats filname to our sandbox filter
Fixes #17354

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-10-15 13:42:34 -04:00
Nick Mathewson
9d019a7db7 tor_tls_finish_handshake is server-side only. 2015-10-07 10:32:54 -04:00
Nick Mathewson
6505d529a5 Remove client-side support for detecting v1 handshake
Fixes more of 11150
2015-10-07 10:13:39 -04:00
Nick Mathewson
bd1a137893 Remove the client-side code for the v1 and v2 tls handshakes.
(This is safe since super-old Tor servers are no longer allowed on
the network.)

Closes the client-side part of 11150.
2015-10-07 10:04:12 -04:00
Nick Mathewson
15bfdbeb9d fix check-spaces once more 2015-10-06 11:32:37 -04:00
Nick Mathewson
f179abdca9 Merge remote-tracking branch 'twstrike/rendcache_tests'
Conflicts:
        src/test/include.am
	src/test/rend_test_helpers.c
	src/test/rend_test_helpers.h
2015-10-06 11:32:06 -04:00
Ola Bini
f319231e6e
Divide the different parse_port_config groups into separate tests 2015-10-05 15:31:49 -05:00
Ola Bini
5cb7242012
Move CL_PORT definitions so they are accessible to the tests as well 2015-10-05 15:10:58 -05:00
Ola Bini
017047e7b2
Fix all spaces 2015-10-05 15:06:34 -05:00
Ola Bini
598cd4690c
Make compilation work under gcc-warnings 2015-10-05 14:56:57 -05:00
Ola Bini
70de8d4bf8
Fix spaces and other smaller issues 2015-10-05 14:31:10 -05:00
Roger Dingledine
c9cb5516ab fix easy typo 2015-10-04 12:28:25 -04:00
Nick Mathewson
21c201202e Merge remote-tracking branch 'twstrike/dir-handle-cmd-get' 2015-10-02 15:04:28 +02:00
Nick Mathewson
67182226f1 Merge remote-tracking branch 'teor/warn-when-time-goes-backwards' 2015-10-02 13:56:28 +02:00
Nick Mathewson
488e9a0502 Merge remote-tracking branch 'teor/routerset-parse-IPv6-literals'
(Minor conflicts)
2015-10-02 13:54:20 +02:00
Nick Mathewson
0b3190d4b7 Merge remote-tracking branch 'donncha/feature14846_4' 2015-10-02 13:40:26 +02:00
teor (Tim Wilson-Brown)
763cb393d3 fixup #17188: Add most likely reasons for clock going backwards
Add "You might have an empty clock battery or bad NTP server."
2015-10-01 09:58:15 +02:00
Nick Mathewson
71e4649f02 Disallow transitions on SyslogIdentityTag, since they do not work right 2015-09-30 18:34:15 +02:00
Peter Palfrader
1cf0d82280 Add SyslogIdentityTag
When logging to syslog, allow a tag to be added to the syslog identity
("Tor"), i.e. the string prepended to every log message.  The tag can be
configured by setting SyslogIdentityTag and defaults to none.  Setting
it to "foo" will cause logs to be tagged as "Tor-foo".  Closes: #17194.
2015-09-30 18:34:15 +02:00
teor (Tim Wilson-Brown)
cd279ca7f5 Warn when the system clock is set back in time
Warn when the state file was last written in the future.
Tor doesn't know that consensuses have expired if the clock is in the past.

Patch by "teor". Implements ticket #17188.
2015-09-30 13:33:56 +02:00
Marcin Cieślak
f75325c132 No spaces around = in variable assignment
BSD make takes spaces around = literally
and produces a "TESTING_TOR_BINARY "
variable with a trailing space, which leads
to test_keygen.sh failure.

Fixes 17154
2015-09-29 10:09:02 +02:00
Nick Mathewson
8d6bb3a559 Make our digest-mismatch warnings a touch better 2015-09-24 17:45:33 -04:00
Nick Mathewson
e62fe2f02d Put braces around reject-lines for IPv6 addrs
Fixes bug 17149; bug not in any released Tor.
2015-09-24 16:51:25 -04:00
Nick Mathewson
01733e2b15 New AuthDirPinKeys option to enable/disable keypinning enforcement
Implements ticket #17135.  We're going to need this one to avoid
chaos as everybody figures out how ed25519 keys work.
2015-09-23 11:22:26 -04:00
Nick Mathewson
efea1e904a Extract the add-or-replace-keypin logic into a new function
We're about to need to call it in another place too.
2015-09-23 11:07:17 -04:00
Nick Mathewson
c5e87e33c7 Allow conflicts to occur in keypinning journal
When we find a conflict in the keypinning journal, treat the new
entry as superseding all old entries that overlap either of its
keys.

Also add a (not-yet-used) configuration option to disable keypinning
enforcement.
2015-09-23 11:02:21 -04:00
Nick Mathewson
6b6a714732 Fix a memory leak in router_parse_addr_policy_item_from_string. CID 1324770 2015-09-22 09:55:05 -04:00
Nick Mathewson
df0b4f0342 Merge branch 'feature16769_squashed' 2015-09-22 09:26:30 -04:00
Nick Mathewson
1911f80fb5 Disable --master-key as not-yet-working for 0.2.7 2015-09-22 09:24:35 -04:00
Nick Mathewson
bca4211de5 Add a --master-key option
This lets the user override the default location for the master key
when used with --keygen

Part of 16769.
2015-09-22 09:24:35 -04:00
Nick Mathewson
d8f031aec2 Add a new --newpass option to add or remove secret key passphrases. 2015-09-22 09:24:35 -04:00
Nick Mathewson
e94ef30a2f Merge branch 'feature16944_v2' 2015-09-22 09:19:28 -04:00
teor (Tim Wilson-Brown)
a659a3fced Merge branch 'bug17027-reject-private-all-interfaces-v2' into bug16069-bug17027
src/test/test_policy.c:
Merged calls to policies_parse_exit_policy by adding additional arguments.
fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED.
Compacting logic test now produces previous list length of 4, corrected this.

src/config/torrc.sample.in:
src/config/torrc.minimal.in-staging:
Merged torrc modification dates in favour of latest.
2015-09-16 09:09:54 +10:00
teor (Tim Wilson-Brown)
fd85f2cd70 fixup Clarify ambiguous log message in router_add_exit_policy 2015-09-16 03:59:30 +10:00
teor (Tim Wilson-Brown)
ab6f93caa7 fixup Only set TAPMP_STAR_IPV6_ONLY if TAPMP_EXTENDED_STAR is set
Also fix a comment.
2015-09-16 03:58:06 +10:00
teor (Tim Wilson-Brown)
eb1759e63c Log an info-level message for each IP blocked by ExitPolicyRejectPrivate
Log an info-level message containing the reject line added to the
exit policy for each local IP address blocked by ExitPolicyRejectPrivate:
 - Published IPv4 and IPv6 addresses
 - Publicly routable IPv4 and IPv6 interface addresses
2015-09-16 02:58:34 +10:00
teor (Tim Wilson-Brown)
098b82c7b2 ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses
ExitPolicyRejectPrivate now rejects more local addresses by default:
 * the relay's published IPv6 address (if any), and
 * any publicly routable IPv4 or IPv6 addresses on any local interfaces.

This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.

Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-16 02:56:50 +10:00
Ola Bini
3b535869a4
Add tests for parse_port_config 2015-09-15 18:12:14 +02:00
Reinaldo de Souza Jr
4ff08bb581 Add tests for directory_handle_command_get 2015-09-15 11:08:50 -05:00
Reinaldo de Souza Jr
d5e860e3dc Add tests for src/or/directory.c 2015-09-15 11:08:25 -05:00
Ola Bini
ade5005853
Add tests for the rend cache 2015-09-15 16:21:50 +02:00
teor (Tim Wilson-Brown)
d3358a0a05 ExitPolicy accept6/reject6 produces IPv6 wildcard addresses only
In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.

To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.

Resolves bug #16069.

Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
36ad8d8fdc Warn about redundant torrc ExitPolicy lines due to accept/reject *:*
Tor now warns when ExitPolicy lines occur after accept/reject *:*
or variants. These lines are redundant, and were always ignored.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
e033d5e90b Ignore accept6/reject6 IPv4, warn about unexpected rule outcomes
When parsing torrc ExitPolicies, we now warn if:
  * an IPv4 address is used on an accept6 or reject6 line. The line is
    ignored, but the rest of the policy items in the list are used.
    (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.)
  * a "private" address alias is used on an accept6 or reject6 line.
    The line filters both IPv4 and IPv6 private addresses, disregarding
    the 6 in accept6/reject6.

When parsing torrc ExitPolicies, we now issue an info-level message:
  * when expanding an accept/reject * line to include both IPv4 and IPv6
    wildcard addresses.

In each instance, usage advice is provided to avoid the message.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:03 +10:00
teor (Tim Wilson-Brown)
c58b3726d6 Allow IPv6 literal addresses in routersets
routerset_parse now accepts IPv6 literal addresses.

Fix for ticket 17060. Patch by "teor".
Patch on 3ce6e2fba2 (24 Jul 2008), and related commits,
released in 0.2.1.3-alpha.
2015-09-14 20:01:36 +10:00
teor (Tim Wilson-Brown)
60312dc08b Update comments about ExitPolicy parsing
Fix incomplete and incorrect comments.

Comment changes only.
2015-09-14 11:12:28 +10:00
Nick Mathewson
a444b11323 Convince coverity that we do not have a particular memory leak 2015-09-13 14:44:46 -04:00
David Goulet
8b98172579 Add a rend cache failure info dup function
When validating a new descriptor against our rend cache failure, we were
added the failure entry to the new cache entry without duplicating. It was
then freed just after the validation ending up in a very bad memory state
that was making tor abort(). To fix this, a dup function has been added and
used just before adding the failure entry.

Fixes #17041

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-11 15:09:07 +02:00
Nick Mathewson
41891cbf93 Merge remote-tracking branch 'public/ed25519_hup_v2' 2015-09-10 10:37:13 -04:00
Yawning Angel
f6c446db47 Check NoKeepAliveIsolateSOCKSAuth in a better place.
No functional changes, but since NoKeepAliveIsolateSOCKSAuth isn't
part of isoflag, it should be checked where all other similar options
are, and bypass the (no-op) masking at the end.
2015-09-09 13:52:30 +00:00
Nick Mathewson
7ffc048f0a Make NoKeepAliveIsolateSOCKSAuth work as expected 2015-09-08 14:03:54 -04:00
Nick Mathewson
fcec1f3381 Merge branch 'feature15482_squashed' 2015-09-08 14:03:04 -04:00
Yawning Angel
54510d4d1a Add KeepAliveIsolateSOCKSAuth as a SOCKSPort option.
This controls the circuit dirtyness reset behavior added for Tor
Browser's user experience fix (#15482). Unlike previous iterations
of this patch, the tunable actually works, and is documented.
2015-09-08 14:02:08 -04:00
Donncha O'Cearbhaill
d47a4aec66 Separate lookup function for service rend cache
Performing lookups in both the client and service side descriptor
caches from the same rend_cache_lookup_entry() function increases the
risk of accidental API misuse.

I'm separating the lookup functions to keep the caches distinct.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
61ef356ab3 Rename rend_cache_service to rend_cache_local_service for clarity 2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
335d0b95d3 Clean old descriptors from the service-side rend cache
Parameterize the rend_cache_clean() function to allow it clean
old rendezvous descriptors from the service-side cache as well as
the client descriptor cache.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
ee1a4ce8b2 Require explict specification of cache type 2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
293410d138 Add replica number to HS_DESC CREATED event
Including the replica number in the HS_DESC CREATED event provides
more context to a control port client. The replica allows clients
to more easily identify each replicated descriptor from the
independantly output control events.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
0bd68bf986 Clean up service-side descriptor cache and fix potential double-free.
Entries in the service-side descriptor cache are now cleaned when
rend_cache_free_all() is called. The call to tor_free(intro_content)
in rend_cache_store_v2_desc_as_service() is moved to prevent a
potential double-free when a service has a descriptor with a newer
timestamp already in it's service-side descriptor cache.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
5dc2cbafef Specify descriptor cache type in rend_cache_lookup_entry()
Adds an Enum which represents the different types of rendezvous
descriptor caches. This argument is passed in each call to
rend_cache_lookup_entry() to specify lookup in the client-side or
service-side descriptor caches.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
580673cf94 Add GETINFO hs/service/desc/id/ control command
Adds a control command to fetch a local service descriptor from the
service descriptor cache. The local service descriptor cache is
referenced by the onion address of the service.

This control command is documented in the control spec.
2015-09-08 12:33:56 +02:00
Nick Mathewson
d70b1b4da1 Never ever try to load the secret key if offline_master is set
(Not even if we can't find the public key.)
2015-09-04 09:55:07 -04:00
Nick Mathewson
0ba4e0895a Add "OfflineMasterKey" option
When this is set, and Tor is running as a relay, it will not
generate or load its secret identity key.  You can manage the secret
identity key with --keygen.  Implements ticket 16944.
2015-09-04 09:55:07 -04:00
Nick Mathewson
e73206f681 Only return 0..255 from main().
I think this may fix some bugs with windows exit codes being screwy.
2015-09-03 11:38:00 -04:00
Nick Mathewson
eb71777bb2 Merge remote-tracking branch 'dgoulet/bug15963_026_01' 2015-09-02 16:00:07 -04:00
David Goulet
d6bfedb8e5 Don't vote HSDir if we aren't voting Fast
Fixes #15963

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 17:03:00 +02:00
Nick Mathewson
bc64a6b2b9 Fix crashes in tests 2015-09-02 11:02:00 -04:00
David Goulet
07b3028db7 Prohibit the use of one entry node with an HS
In a nutshell, since a circuit can not exit at its entry point, it's very
easy for an attacker to find the hidden service guard if only one EntryNodes
is specified since for that guard, the HS will refuse to build a rendezvous
circuit to it.

For now, the best solution is to stop tor to allow a single EntryNodes for
an hidden service.

Fixes #14917

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 10:47:20 -04:00
Nick Mathewson
f6bd8fbb80 Let recent relays run with the chutney sandbox.
Fixes 16965
2015-09-02 09:59:50 -04:00
Nick Mathewson
910e25358a Let bridge authorities run under the sandbox
(found thanks to teor's chutney haxx)
2015-09-02 09:59:22 -04:00
Nick Mathewson
f273295cad Merge remote-tracking branch 'dgoulet/bug15254_027_01' 2015-09-02 09:05:55 -04:00
Nick Mathewson
db5a9302c1 correct the doc for find_rp_for_intro.
Thanks to Roger for spotting this!
2015-09-02 08:51:24 -04:00
Nick Mathewson
4cff437a0a Remove remaining references to "nulterminate" in comments
Thanks to Roger for spotting this!
2015-09-02 08:50:26 -04:00
Nick Mathewson
7153cd5094 Include dns_structs.h in tarball 2015-09-02 08:45:12 -04:00
David Goulet
d40358d91e Enable hidden service statistics by default
HiddenServiceStatistics option is now set to "1" by default.

Fixes #15254

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 13:53:36 +02:00
Nick Mathewson
fc191df930 Remove the unused "nulterminate" option to buf_pullup()
I was going to add a test for this, but I realized that it had no
users.  So, removed.
2015-09-01 14:36:25 -04:00
Mike Perry
a16115d9cb Bug 15482: Don't abandon circuits that are still in use for browsing.
Only applies to connections with SOCKS auth set, so that non-web Tor
activity is not affected.

Simpler version of Nick's patch because the randomness worried me, and I'm not
otherwise sure why we want a max here.
2015-09-01 15:21:47 +00:00
Nick Mathewson
d891e2a9c5 missing semicolon 2015-09-01 09:55:20 -04:00
Nick Mathewson
f4ded2cdc9 Fix an always-false check with an assertion
In validate_recommended_package_line, at this point in the function,
n_entries is always >= 1.  Coverity doesn't like us checking it for
0.

CID 1268063.
2015-09-01 09:52:46 -04:00
Nick Mathewson
b977a570c4 Fix a false-positive in coverity scan with an assertion
CID 1301373
2015-09-01 09:50:33 -04:00
Nick Mathewson
f64ef65b9d Fix code for checking expired certificates on load
Fixes CID 1306915, which noticed that the check was dead.
2015-09-01 09:47:51 -04:00
Nick Mathewson
a55f257d6a Simplify API for find_rp_for_intro()
The function now unconditionally allocates a new extend_info_t.
This should convince coverity that we're not leaking memory.
(CID 1311875)
2015-09-01 09:30:48 -04:00
Sebastian Hahn
bbb73eaf31 properly delete current channel in channel_free_list
channel_unregister() removes channels from the current smartlist while
we're in a SMORTLIST_FOREACH loop. This only works by accident.
2015-09-01 15:10:10 +02:00
Nick Mathewson
e8675dc7fc Merge remote-tracking branch 'rl1987/test_dns_resolve_rebased' 2015-08-26 11:32:40 -04:00
Donncha O'Cearbhaill
1d205163e8 Generate service descriptors when PublishHidServDescriptors = 0
Removes a check to PublishHidServDescriptors in
rend_consider_services_upload(). This allows descriptors to be
generated and stored in the local cache when PublishHidServDescriptor = 0.

Keep the PublishHidServDescriptors option check in
rend_consider_descriptor_republication(). We will never need to republish
a descriptor if we are not publishing descriptors to the HSDirs.
2015-08-25 17:30:11 +02:00
Donncha O'Cearbhaill
e0b82e5968 Store service descriptors in the service descriptor cache
Service descriptors are now generated regardless of the the
PublishHidServDescriptors option. The generated descriptors are stored
in the service descriptor cache.

The PublishHidServDescriptors = 1 option now prevents descriptor
publication to the HSDirs rather than descriptor generation.
2015-08-25 17:30:11 +02:00
Donncha O'Cearbhaill
968cb95602 Preparatory indentation changes
Deindent a block of code inside the PublishHidServDescriptors option
check in upload_service_descriptor(). Stylistic commit to make the
subsequent reworking of this code cleaner.
2015-08-25 17:30:11 +02:00
Donncha O'Cearbhaill
af3be650e3 Add a HS_DESC CREATED control event
The HS_DESC CREATED event should be emmited when a new service descriptor
is generated for a local rendevous service. This event is documented
in the control spec.

This commit resolves ticket #16291.
2015-08-25 17:30:02 +02:00
Donncha O'Cearbhaill
1a75e6da00 Create a service-side descriptor cache
Adds a service descriptor cache which is indexed by service ID. This
descriptor cache is used to store service descriptors generated by a
local rendevous service.

The service-side cach can be queried by calling rend_cache_lookup_entry()
with the 'service' argument set to 1.
2015-08-25 16:44:31 +02:00
Donncha O'Cearbhaill
5eff39c846 Fix typo 2015-08-25 16:43:15 +02:00
Andreas Stieger
19df037e53 Log malformed hostnames in socks5 request respecting SafeLogging 2015-08-25 09:36:34 -04:00
rl1987
77a5ca901f Unit test dns_resolve(), dns_clip_ttl(), dns_get_expiry_ttl(). 2015-08-23 16:02:39 +03:00
Nick Mathewson
80a45835c4 Is this the syntax that will make freebsd make happy? 2015-08-21 12:03:05 -04:00
Nick Mathewson
3b6d2f9bf4 Merge branch 'workqueue_squashed' 2015-08-21 10:37:01 -04:00
Sebastian Hahn
5cf24ff3af Fix a bunch of check-spaces complaints 2015-08-21 10:36:53 -04:00
Sebastian Hahn
32220d38c0 Ensure worker threads actually exit when it is time
This includes a small refactoring to use a new enum (workqueue_reply_t)
for the return values instead of just ints.
2015-08-21 10:36:53 -04:00
Nick Mathewson
b58dfba76f Rename EVENT_SIGNAL -> EVENT_GOT_SIGNAL
This avoids a conflict with a macro decl from libevent 1.x.

Fixes bug 16867; bug not in any released Tor.
2015-08-20 18:42:20 -04:00
Nick Mathewson
037e8763a7 Reload Ed25519 keys on sighup.
Closes ticket 16790.
2015-08-19 13:37:21 -04:00
Nick Mathewson
428bb2d1c8 Merge branch 'ed25519_keygen_squashed' 2015-08-19 13:36:59 -04:00
Nick Mathewson
426ef9c8eb More log messages for keygen problems 2015-08-19 13:36:51 -04:00
Nick Mathewson
c88a8a7ca3 Explain better why we are about to load the master key. 2015-08-19 13:36:51 -04:00
Nick Mathewson
a1b5e8b30b Don' call failure to get keys a bug; it's possible now. 2015-08-19 13:36:50 -04:00
Nick Mathewson
76ec891572 When we infer the master key from the certificate, save it to disk. 2015-08-19 13:36:50 -04:00
Nick Mathewson
138b28dc35 Add test_keygen tests for all log outputs; improve keygen outputs. 2015-08-19 13:36:50 -04:00
Nick Mathewson
8f6f1544c9 Resolve failing test_keygen tests. 2015-08-19 13:36:50 -04:00
Nick Mathewson
f362e7a873 Checkpoint work on ed25519 keygen improvements.
Needs changes file, documentation, test integration, more tests.
2015-08-19 13:36:49 -04:00
Nick Mathewson
2f5202c636 Merge remote-tracking branch 'teor/feature14882-TestingDirAuthVoteIsStrict-v3' 2015-08-18 09:53:50 -04:00
Nick Mathewson
a7de5bd02e Merge remote-tracking branch 'arma/bug16844-logs' 2015-08-18 09:19:39 -04:00
Nick Mathewson
eafae7f677 Merge branch 'decouple_controller_events_squashed' 2015-08-18 08:56:31 -04:00
Nick Mathewson
9ec94f1d22 Use thread-local storage to block event_queue recursion. 2015-08-18 08:56:23 -04:00
Nick Mathewson
e2a6a7ec61 Multithreading support for event-queue code. 2015-08-18 08:56:23 -04:00
Nick Mathewson
81f3572467 Refactor initialization logic for control-event-queue
This puts the init logic in a separate function, which we will need
once we have locking.
2015-08-18 08:56:23 -04:00
Nick Mathewson
60c8fbf1ff Remove obsolete event_format_t
We used to use this when we had some controllers that would accept
long names and some that wouldn't.  But it's been obsolete for a
while, and it's time to strip it out of the code.
2015-08-18 08:56:23 -04:00
Nick Mathewson
bab221f113 Refactor our logic for sending events to controllers
Previously we'd put these strings right on the controllers'
outbufs. But this could cause some trouble, for these reasons:

  1) Calling the network stack directly here would make a huge portion
     of our networking code (from which so much of the rest of Tor is
     reachable) reachable from everything that potentially generated
     controller events.

  2) Since _some_ events (EVENT_ERR for instance) would cause us to
     call connection_flush(), every control_event_* function would
     appear to be able to reach even _more_ of the network stack in
     our cllgraph.

  3) Every time we generated an event, we'd have to walk the whole
     connection list, which isn't exactly fast.

This is an attempt to break down the "blob" described in
http://archives.seul.org/tor/dev/Mar-2015/msg00197.html -- the set of
functions from which nearly all the other functions in Tor are
reachable.

Closes ticket 16695.
2015-08-18 08:55:28 -04:00
Sebastian Hahn
fe4c0a187d Use tabs in src/or/include.am 2015-08-18 08:19:00 -04:00
Sebastian Hahn
63db8170ae Fix typo in double_digest_map type 2015-08-18 08:18:44 -04:00
teor
d1c94dcbea Refactor TestingDirAuthVote* into dirserv_set_routerstatus_testing
Make it easier to unit test TestingDirAuthVote{Exit,Guard,HSDir}
by refactoring the code which sets flags based on them into a
new function dirserv_set_routerstatus_testing.
2015-08-18 14:54:40 +10:00
teor
359faf5e4b New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags
"option to prevent guard,exit,hsdir flag assignment"

"A node will never receive the corresponding flag unless
that node is specified in the
TestingDirAuthVote{Exit,Guard,HSDir} list, regardless of
its uptime, bandwidth, exit policy, or DirPort".

Patch modified by "teor": VoteOnHidServDirectoriesV2
is now obsolete, so TestingDirAuthVoteHSDir always
votes on HSDirs.

Closes ticket 14882. Patch by "robgjansen".
Commit message and changes file by "teor"
with quotes from "robgjansen".
2015-08-18 14:51:57 +10:00
teor
0cb82013cc Fix TestingDirAuthVoteHSDir docs: HSDir flag needs DirPort
Fix an error in the manual page and comments for
TestingDirAuthVoteHSDir, which suggested that a
HSDir required "ORPort connectivity". While this is true,
it is in no way unique to the HSDir flag. Of all the flags,
only HSDirs need a DirPort configured in order for the
authorities to assign that particular flag.

Fixed as part of 14882. Patch by "teor".
Bugfix on 0.2.6.3 (f9d57473e1 on 10 January 2015).
2015-08-18 14:51:57 +10:00
Nick Mathewson
d07fe5dffe Merge remote-tracking branches 'public/decouple_lost_owner' and 'public/decouple_signals' 2015-08-17 16:24:45 -04:00
Roger Dingledine
b4732bd2ea Logs and debug info that I used for finding bug 16844 2015-08-17 14:34:50 -04:00
Nick Mathewson
573bd1f033 Merge remote-tracking branch 'public/decouple_retry_directory' 2015-08-17 13:50:19 -04:00
Nick Mathewson
2691b2bb06 Fix an assertion failure introduced in 20254907d7
Fixes bug 16829; bug not in any released Tor.
2015-08-17 09:51:50 -04:00
Nick Mathewson
fd16a2b56f Fix a stupid memory leak I introduced in 8afbc154. Bug not in any released Tor. 2015-08-17 09:42:35 -04:00
Isis Lovecruft
2e0a50abf4 Remove redundant tor_free() in command_process_create_cell().
* FIXES #16823: https://bugs.torproject.org/16823
   If an OP were to send a CREATE_FAST cell to an OR, and that
   CREATE_FAST cell had unparseable key material, then tor_free() would
   be called on the create cell twice.  This fix removes the second
   (conditional on the key material being bad) call to tor_free(), so
   that now the create cell is always freed once, regardless of the status of
   the key material.

   (This isn't actually a double-free bug, since tor_free() sets its
   input to NULL, and has no effect when called with input NULL.)
2015-08-17 09:26:07 -04:00
Nick Mathewson
a053451ddf Merge remote-tracking branch 'isis/fix/circuitlist-docstring-typo' 2015-08-17 09:25:23 -04:00
Nick Mathewson
34aefe6f38 Merge remote-tracking branch 'public/decouple_init_keys' 2015-08-14 08:40:51 -04:00
Nick Mathewson
216bde38e0 Fix some types on container fns 2015-08-13 22:14:14 -04:00
Nick Mathewson
e62518865b Decouple routerlist_retry_directory_downloads() from the blob
Instead of having it call update_all_descriptor_downloads and
update_networkstatus_downloads directly, we can have it cause them to
get rescheduled and called from run_scheduled_events.

Closes ticket 16789.
2015-08-13 09:45:30 -04:00
Nick Mathewson
c7c73f1178 Change lost_owning_controller() to call activate_signal().
Closes ticket 16788.
2015-08-13 09:17:41 -04:00
Nick Mathewson
3cc6d59521 Fix a windows compilation error 2015-08-12 13:16:08 -04:00
Nick Mathewson
9deb3c61fe Fix a memory leak when adding an ri with expired ed certs
Fixes bug 16539; bugfix on 0.2.7.2-alpha.
2015-08-12 12:27:45 -04:00
Nick Mathewson
f4f0b43268 Try to decouple process_signal() from anything not event-driven
This needs debugging; it currently breaks the stem tests.
2015-08-12 11:25:00 -04:00
Nick Mathewson
b65d53519a Decouple the backend for directory_all_unreachable to simplify our CFG
See ticket 16762.
2015-08-12 11:02:20 -04:00
Nick Mathewson
835e09e54b Split the client-only parts of init_keys() into a separate function
This should simplify the callgraph a little more.
2015-08-11 10:41:20 -04:00
Nick Mathewson
da04fed865 Merge branch 'bug16389_027_03_squashed' 2015-08-11 09:34:55 -04:00
David Goulet
7dce409802 Expire after 5 minutes rend cache failure entries
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
David Goulet
6e96723524 Add created timestamp to a rend cache failure entry
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
David Goulet
1070be8217 Use an enum for INTRO_POINT_FAILURE_*
Safer, wiser, stronger!

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
David Goulet
d06af95ba3 Purge client HS failure cache on NEWNYM
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
David Goulet
ab9a0e3407 Add rend failure cache
When fetching a descriptor, we know test every introduction points in it
against our rend failure cache to know if we keep it or not. For this to
work, now everytime an introduction points is discareded (ex: receiving a
NACK), we note it down in our introduction cache.

See rendcache.c for a detailed explanation of the cache's behavior.

Fixes #16389

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11 09:34:41 -04:00
Nick Mathewson
7ee7149389 Make HSDir depend on Running/Valid again.
When we removed Running/Valid checks from Fast and Stable in 8712, I
removed them from HSDir too, which apparently wasn't a good idea.

Reverts part of a65e835800.  Fixes bug 16524. Bugfix
on 0.2.7.2-alpha.
2015-08-11 08:42:19 -04:00
Nick Mathewson
8afbc154f7 Remove a 9-function strongly connected component of tor's callgraph.
microdesc_free_() called get_microdesc_cache(), which had the fun
side-effect of potentially reloading the whole cache from disk.
Replace it with a variant that doesn't.
2015-08-10 15:00:17 -04:00
Nick Mathewson
887d86b76d Merge remote-tracking branch 'public/decouple-write' 2015-08-06 12:58:18 -04:00
Nick Mathewson
e86c3b283a Merge remote-tracking branch 'public/bug16286' 2015-08-06 12:44:13 -04:00
Isis Lovecruft
7155ee849e
Fix misnamed parameter in or_circuit_new docstring.
* CHANGES `p_conn` to `p_chan` in `or_circuit_new()` docstring.
2015-08-06 06:05:07 +00:00
Nick Mathewson
347fe449fe Move formatting functions around.
The base64 and base32 functions used to be in crypto.c;
crypto_format.h had no header; some general-purpose functions were in
crypto_curve25519.c.

This patch makes a {crypto,util}_format.[ch], and puts more functions
there.  Small modules are beautiful!
2015-07-31 11:21:34 -04:00
Nick Mathewson
20254907d7 Improve log messages for problems about ed25519 keypinning
Fixes 16286; bugfix on 0.2.7.2-alpha.
2015-07-31 10:47:39 -04:00
David Goulet
8c83e8cec0 Add get_max_sockets() and remove dead code
The control port was using set_max_file_descriptors() with a limit set to 0
to query the number of maximum socket Tor can use. With the recent changes
to that function, a check was introduced to make sure a user can not set a
value below the amount we reserved for non socket.

This commit adds get_max_sockets() that returns the value of max_sockets so
we can stop using that "setter" function to get the current value.

Finally, the dead code is removed that is the code that checked for limit
equal to 0. From now on, set_max_file_descriptors() should never be used
with a limit set to 0 for a valid use case.

Fixes #16697

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-30 15:21:12 -04:00
Nick Mathewson
aadff62745 Do not autoflush control connections as their outbufs get big
Doing this is no longer necessary, and it leads to weird recursions in
our call graph.  Closes ticket 16480.
2015-07-30 13:31:27 -04:00
Nick Mathewson
aa22b9672c whitespace fix 2015-07-30 13:17:08 -04:00
Nick Mathewson
beac91cf08 Wrap windows-only C files in #ifdef _WIN32
This should make some scripts and IDEs happier.
2015-07-30 11:14:15 -04:00
cypherpunks
2d3f88f6b9 Remove casting of void pointers when handling signals. 2015-07-21 14:06:15 -04:00
Nick Mathewson
3d19eb71d2 Merge remote-tracking branch 'public/feature_16580' 2015-07-16 15:48:41 -04:00
Nick Mathewson
6a08bcf530 Merge remote-tracking branch 'public/ticket16543' 2015-07-16 15:47:00 -04:00
Nick Mathewson
2ba6542517 Merge remote-tracking branch 'sysrqb/bug15220_026_sysrqb' 2015-07-16 15:38:08 -04:00
Nick Mathewson
edaf681735 Break some wide lines 2015-07-16 11:11:21 -04:00
Nick Mathewson
b5cfcb2045 Fix most check-spaces issues 2015-07-16 11:10:14 -04:00
Nick Mathewson
8cb5070376 Use C99 variadic macros when not on GCC.
1) We already require C99.

2) This allows us to support MSVC again (thanks to Gisle Vanem for
   this part)

3) This change allows us to dump some rotten old compatibility code
   from log.c
2015-07-15 14:43:35 -04:00
Nick Mathewson
7bd5212ddc Merge branches 'feature_16582' and 'feature_16581' 2015-07-15 11:05:33 -04:00
Nick Mathewson
c4ab8f74da Don't allow INIT_ED_KEY_{NO_REPAIR,NEEDCERT} to be used together.
We haven't implemented NO_REPAIR for NEEDCERT, and we don't need it:
but it's safest to stop any attempt to use it that way.
2015-07-15 10:45:40 -04:00
Nick Mathewson
3c28d95ca7 Add more EINVAL errno setting on key read failures
Teor found these.  This is for part of #16582.
2015-07-15 10:35:29 -04:00
Nick Mathewson
a65e835800 Add changes file for 8712; apply it to HSDir flag as well. 2015-07-14 14:03:30 -04:00
Peter Retzlaff
fa788a54f5 Vote for relays to be fast and stable even when they aren't currently active. 2015-07-14 13:59:29 -04:00
Nick Mathewson
8596ccce01 Change the name for the keypinning file; delete the old one if found
This is a brute-force fix for #16580, wherein #16530 caused some
routers to do bad things with the old keypinning journal.
2015-07-14 11:33:35 -04:00
Nick Mathewson
3fcb74e98b Add more consistency checks in load_ed_keys
Make sure that signing certs are signed by the right identity key,
to prevent a recurrence of #16530.  Also make sure that the master
identity key we find on disk matches the one we have in RAM, if we
have one.

This is for #16581.
2015-07-14 11:27:49 -04:00
Nick Mathewson
1360326588 Do more consistency checks in ed_key_init_from_file()
When there is a signing key and the certificate lists a key, make
sure that the certificate lists the same signing key.

When there are public key and secret key stored in separate files,
make sure they match.

Use the right file name when we load an encrypted secret key and
then find a problem with it.

This is part of 16581.
2015-07-14 11:12:18 -04:00
Nick Mathewson
5e8edba3d8 If loading an ed25519 master key fails with errno != ENOENT, give up.
This implements feature 16582: if we get EMFILE or something when
loading our master key, we should not at that point attempt to
overwrite it.
2015-07-14 10:36:39 -04:00
Nick Mathewson
0a6997d78b Preserve errno when loading encrypted ed25519 keys. 2015-07-14 10:23:07 -04:00
John Brooks
e03eaa3c4a Remove empty rend_service_validate_intro_early function 2015-07-14 02:30:04 -04:00
John Brooks
cdc5debfde Rename ambiguous introduction point functions
Task #15824
2015-07-14 02:29:17 -04:00
Nick Mathewson
2f8cf524ba Remove the HidServDirV2 and VoteOnHidServDirectoriesV2 options
(Mark them as obsolete)

Closes 16543.
2015-07-10 09:05:26 -04:00
Nick Mathewson
327efe9190 Merge branch 'bug4862_027_04_squashed' 2015-07-09 12:05:14 -04:00
David Goulet
5fa280f7ad Fix comments in rendservice.c
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:12 -04:00
David Goulet
7657194d77 Count intro circuit and not only established ones
When cleaning up extra circuits that we've opened for performance reason, we
need to count all the introduction circuit and not only the established ones
else we can end up with too many introduction points.

This also adds the check for expiring nodes when serving an INTRODUCE cell
since it's possible old clients are still using them before we have time to
close them.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:12 -04:00
David Goulet
d67bf8b2f2 Upload descriptor when all intro points are ready
To upload a HS descriptor, this commits makes it that we wait for all
introduction point to be fully established.

Else, the HS ends up uploading a descriptor that may contain intro points
that are not yet "valid" meaning not yet established or proven to work. It
could also trigger three uploads for the *same* descriptor if every intro
points takes more than 30 seconds to establish because of desc_is_dirty
being set at each intro established.

To achieve that, n_intro_points_established varialbe is added to the
rend_service_t object that is incremented when we established introduction
point and decremented when we remove a valid intro point from our list.

The condition to upload a descriptor also changes to test if all intro
points are ready by making sure we have equal or more wanted intro points
that are ready.

The desc_id_dirty flag is kept to be able to still use the
RendInitialPostPeriod option.

This partially fixes #13483.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
David Goulet
1125a4876b Reuse intro points that failed but are still valid
There is a case where if the introduction circuit fails but the node is
still in the consensus, we clean up the intro point and choose an other one.
This commit fixes that by trying to reuse the existing intro point with a
maximum value of retry.

A retry_nodes list is added to rend_services_introduce() and when we remove
an invalid intro points that fits the use case mentionned before, we add the
node to the retry list instead of removing it. Then, we retry on them before
creating new ones.

This means that the requirement to remove an intro point changes from "if no
intro circuit" to "if no intro circuit then if no node OR we've reached our
maximum circuit creation count".

For now, the maximum retries is set to 3 which it completely arbitrary. It
should also at some point be tied to the work done on detecting if our
network is down or not.

Fixes #8239

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
David Goulet
7c7bb8b97e Refactor rend_services_introduce()
The reasoning for refactoring this function is that removing the
introduction point adaptative algorithm (#4862) ended up changing quite a
bit rend_services_introduce(). Also, to fix some open issues (#8239, #8864
and #13483), this work had to be done.

First, this removes time_expiring variable in an intro point object and
INTRO_POINT_EXPIRATION_GRACE_PERIOD trickery and use an expiring_nodes list
where intro nodes that should expire are moved to that list and cleaned up
only once the new descriptor is successfully uploaded. The previous scheme
was adding complexity and arbitrary timing to when we expire an intro point.
We keep the intro points until we are sure that the new descriptor is
uploaded and thus ready to be used by clients. For this,
rend_service_desc_has_uploaded() is added to notify the HS subsystem that
the descriptor has been successfully uploaded. The purpose of this function
is to cleanup the expiring nodes and circuits if any.

Secondly, this adds the remove_invalid_intro_points() function in order to
split up rend_services_introduce() a bit with an extra modification to it
that fixes #8864. We do NOT close the circuit nor delete the intro point if
the circuit is still alive but the node was removed from the consensus. Due
to possible information leak, we let the circuit and intro point object
expire instead.

Finally, the whole code flow is simplified and large amount of documentation
has been added to mostly explain the why of things in there.

Fixes #8864

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09 12:02:11 -04:00
Nick Mathewson
753797391f More tweaks for windows compilation. (ick) 2015-06-29 13:47:44 -04:00
Nick Mathewson
d9052c629b Remove checks for visual C 6. 2015-06-29 12:55:03 -04:00
David Goulet
adc04580f8 Add the torrc option HiddenServiceNumIntroductionPoints
This is a way to specify the amount of introduction points an hidden service
can have. Maximum value is 10 and the default is 3.

Fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
David Goulet
8dcbdf58a7 Remove intro points adaptative algorithm
Partially fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
Nick Mathewson
cc3a791d55 fix a windows unused var warning 2015-06-28 02:18:15 -04:00
Nick Mathewson
48f69685f5 Avoid a segfault when reading an encrypted key that isn't there
Patch from cypherpunks. Fixes bug 16449. Bug not in any released tor.
2015-06-27 14:14:13 -04:00
Nick Mathewson
3149bfc254 Merge branch 'bug16288_027_03_squashed' 2015-06-25 11:30:52 -04:00
David Goulet
699acd8d54 Validate the open file limit when creating a socket
Fixes #16288

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-25 11:30:47 -04:00
Nick Mathewson
bd73168307 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-25 11:14:53 -04:00
Nick Mathewson
1c1d71fe1a Merge remote-tracking branch 'public/bug16013_025' into maint-0.2.6 2015-06-25 11:14:44 -04:00
Nick Mathewson
68eaaed798 Avoid crashing on busy/NEWNYM+hidden service clients
When we ran out of intro points for a hidden service (which could
happen on a newnym), we would change the connection's state back to
"waiting for hidden service descriptor."  But this would make an
assertion fail if we went on to call circuit_get_open_circ_or_launch
again.

This fixes bug 16013; I believe the bug was introduced in
38be533c69, where we made it possible for
circuit_get_open_circ_or_launch() to change the connection's state.
2015-06-25 11:10:43 -04:00
Nick Mathewson
fce2a15ffb Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-25 10:41:15 -04:00
Nick Mathewson
03e3cf6a7a Merge remote-tracking branch 'public/bug16400_026' into maint-0.2.6 2015-06-25 10:40:58 -04:00
Nick Mathewson
e0b7598833 Repair breakage in early-error case of microdesc parsing
When I fixed #11243, I made it so we would take the digest of a
descriptor before tokenizing it, so we could desist from download
attempts if parsing failed.  But when I did that, I didn't remove an
assertion that the descriptor began with "onion-key".  Usually, this
was enforced by "find_start_of_next_microdescriptor", but when
find_start_of_next_microdescriptor returned NULL, the assertion was
triggered.

Fixes bug 16400.  Thanks to torkeln for reporting and
cypherpunks_backup for diagnosing and writing the first fix here.
2015-06-22 13:51:56 -04:00
Nick Mathewson
8b35d85088 Merge remote-tracking branch 'dgoulet/rendcache_027_01' 2015-06-19 09:10:03 -04:00
Nick Mathewson
1edaef2adf fix some memory leaks that coverity found 2015-06-19 09:03:34 -04:00
David Goulet
a7624de1aa Move cache objects and functions to rendcache.{c|h}
Every functions and objects that are used for hidden service descriptor
caches are moved to rendcache.{c|h}.

This commit does NOT change anything, just moving code around.

Fixes #16399

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-18 12:56:46 -04:00
David Goulet
33b1a33c33 Add rendcache.{c|h}
For now, rend_cache_entry_t has been moved from or.h to rendcache.h and
those files have been added to the build system.

In the next commit, these will contain hidden service descriptor cache ABI
and API for both client and directory side. The goal is to consolidate the
descriptor caches in one location to ease development, maintenance, review
and improve documentation for each cache behavior and algorithm.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-18 12:56:24 -04:00
Nick Mathewson
583a387c1e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-18 11:33:24 -04:00
Nick Mathewson
f18ee7fc72 Merge remote-tracking branch 'dgoulet/bug16381_026_01-revert' into maint-0.2.6 2015-06-18 11:30:01 -04:00
Nick Mathewson
c2c23d1443 Handle "keygen" if datadir does not yet exist 2015-06-17 13:51:45 -04:00
Nick Mathewson
d3b4214c6e Fix an unchecked-case warning on windows 2015-06-17 11:31:53 -04:00
Nick Mathewson
d68133c745 Merge branch '13642_offline_master_v2_squashed' 2015-06-17 10:12:37 -04:00
Nick Mathewson
b6eee531bb Support encrypted offline master keys with a new --keygen flag
When --keygen is provided, we prompt for a passphrase when we make a
new master key; if it is nonempty, we store the secret key in a new
crypto_pwbox.

Also, if --keygen is provided and there *is* an encrypted master key,
we load it and prompt for a passphrase unconditionally.

We make a new signing key unconditionally when --keygen is provided.
We never overwrite a master key.
2015-06-17 10:11:18 -04:00
David Goulet
a5b5d4bd2e Extend intro point to a 4th hop on cannibalization
Fixes #16260

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-17 09:32:26 -04:00
Nick Mathewson
43a98c7da6 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-17 09:19:11 -04:00
Nick Mathewson
c8cb55659a Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-06-17 09:18:45 -04:00
teor
75388f67c0 Correctly handle failed crypto_early_init
If crypto_early_init fails, a typo in a return value from tor_init
means that tor_main continues running, rather than returning
an error value.

Fixes bug 16360; bugfix on d3fb846d8c in 0.2.5.2-alpha,
introduced when implementing #4900.

Patch by "teor".
2015-06-17 09:18:32 -04:00
David Goulet
8acf5255c2 Revert "Do not replace a HS descriptor with a different replica of itself"
This reverts commit 9407040c59.

Small fix, "e->received" had to be removed since that variable doesn't exist
anymore.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-16 13:41:42 -04:00
teor
8092ae0c4e Document the consensus download interval used by hidden services
In the comments in update_consensus_networkstatus_fetch_time_impl
in networkstatus.c
2015-06-16 03:11:09 +10:00
Nick Mathewson
aab7d666cd Add a log message to try to track down #16013 2015-06-11 09:55:47 -04:00
Nick Mathewson
c0c0a6085e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-08 10:33:38 -04:00
David Goulet
6785f0b65a HSDir flag now requires the Stable flag
Fixes #8243
2015-06-08 10:28:35 -04:00
Nick Mathewson
2f67a6e8c9 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-04 15:02:47 -04:00
Yawning Angel
f2ff814582 Set session_group after the port's data structure has been populated.
Fixes #16247, patch by "jojelino".
2015-06-04 13:53:35 +00:00
Nick Mathewson
34edf17d88 Merge remote-tracking branch 'teor/bug16115-minor-fixes' 2015-06-02 14:51:13 -04:00
Nick Mathewson
e8386cce1c Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-02 14:29:37 -04:00
Peter Palfrader
a68e5323f8 Fix sandboxing to work when running as a relay
This includes correctly allowing renaming secret_id_key and allowing the
eventfd2 and futex syscalls.  Fixes bug 16244; bugfix on 0.2.6.1-alpha.
2015-06-02 14:20:01 -04:00
teor
6d8a2ff24f Check for NULL values in getinfo_helper_onions
Fix on 915c7438a7 in Tor 0.2.7.1-alpha.
2015-06-03 04:19:06 +10:00
teor
383a27afc5 Ensure signing_key is non-NULL before accessing one of its members
signing_key can be NULL in ed_key_init_from_file in routerkeys.c.
Discovered by clang 3.7 address sanitizer.

Fix on c03694938e, not in any released version of Tor.
2015-06-03 04:19:05 +10:00
teor
2b73dbf2a4 Always initialise return value in compute_desc_id in rendcommon.c
Fix on e6a581f126, released in 0.2.7.1-alpha.
2015-06-03 04:19:05 +10:00
Nick Mathewson
3d653dff5e Add a master-key-ed25519 line for convenience 2015-06-01 11:24:55 -04:00
Nick Mathewson
fcc01d7caf Fix a memory leak in routerkeys.c 2015-06-01 10:45:51 -04:00
Nick Mathewson
d31877c6bf Fix some memory leaks in ed25519 code and tests 2015-06-01 10:26:11 -04:00
Andrea Shepard
0e0b65db4f Appease make check-spaces 2015-06-01 12:59:14 +00:00
Sharif Olorin
90e07ab338 Fix return-type gcc warning
find_dl_schedule_and_len caused gcc to spit up with -Werror.

Signed-off-by: Sharif Olorin <sio@tesser.org>
2015-05-30 06:03:50 +00:00
Nick Mathewson
12a2321501 Another memory leak bytes the dust. 2015-05-29 16:17:54 -04:00
Nick Mathewson
a6e3db5f72 Attempt to fix keypinning on Windows
Not that I would countenance a directory authority on Windows, but
it would be nice if the unit tests passed.
2015-05-29 14:38:59 -04:00
Nick Mathewson
10dd50dfcb Fix a warning from the clangalyzer. 2015-05-29 14:08:51 -04:00
Nick Mathewson
5dce1829bf Avoid double-free on rend_add_service() failure
Rend_add_service() frees its argument on failure; no need to free again.

Fixes bug 16228, bugfix on 0.2.7.1-alpha

Found by coverity; this is CID 1301387.
2015-05-28 13:23:09 -04:00
Nick Mathewson
49c31877b6 Fix a bug in earlier torcert fix, fix another. 2015-05-28 13:14:30 -04:00
Nick Mathewson
3df6f8591d Memory leak in tor_cert_parse. CID gi1301381 2015-05-28 13:09:00 -04:00
Nick Mathewson
2c32b2848a Small leak in ed_key_init_from_file. CID 1301373 2015-05-28 12:52:34 -04:00
Nick Mathewson
5f15b0e1e2 Memory leak on error in connection_or_compute_auth_cell_body. CID 1301372 2015-05-28 12:51:20 -04:00
Nick Mathewson
b76815d110 fix memory leak on bad ns convote. CID 1301371. 2015-05-28 12:49:39 -04:00
Nick Mathewson
a85d58af62 Fix memory leak on failure to generate EI. CID 1301370. 2015-05-28 12:47:31 -04:00
Nick Mathewson
24a2bb08ab Fix null dereference on key setup error.
CID 1301369
2015-05-28 12:46:06 -04:00
Nick Mathewson
c03694938e Fix a bug when we fail to read a cert from a file.
Found by coverity -- CID 1301366.
2015-05-28 12:30:25 -04:00
Nick Mathewson
1b52e95028 Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
8f15423b76 Do not allocate our ed-link crosscert till after tls ctx
We need this to prevent some annoying chutney crash-at-starts
2015-05-28 10:47:47 -04:00
Nick Mathewson
3bee74c6d1 Generate weird certificates correctly
(Our link protocol assumes that the link cert certifies the TLS key,
and there is an RSA->Ed25519 crosscert)
2015-05-28 10:47:47 -04:00
Nick Mathewson
32f59d7337 Regenerate ed25519 keys when they will expire soon.
Also, have testing-level options to set the lifetimes and
expiration-tolerances of all key types, plus a non-testing-level
option to set the lifetime of any auto-generated signing key.
2015-05-28 10:44:09 -04:00
Nick Mathewson
57189acd6f # This is a combination of 2 commits.
# The first commit's message is:

Regenerate ed25519 keys when they will expire soon.

Also, have testing-level options to set the lifetimes and
expiration-tolerances of all key types, plus a non-testing-level
option to set the lifetime of any auto-generated signing key.

# The 2nd commit message will be skipped:

#	fixup! Regenerate ed25519 keys when they will expire soon.
2015-05-28 10:42:30 -04:00
Nick Mathewson
64450c5f77 Only load master ed25519 secret keys when we absolutely must. 2015-05-28 10:42:29 -04:00
Nick Mathewson
d4a6b1a420 Implement ed25519 identity collation for voting.
This is a new collator type that follows proposal 220 for deciding
which identities to include.  The rule is (approximately):

  If a <ed,rsa> identity is listed by more than half of authorities,
  include it.  And include all <rsa> votes about that node as
  matching.

  Otherwise, if an <*,rsa> or <rsa> identity is listed by more than
  half of the authorities, and no <ed,rsa> has been listed, include
  it.
2015-05-28 10:42:29 -04:00
Nick Mathewson
6c564e6c08 Refactor code that matches up routers with the same identity in votes
This makes 'routerstatus collation' into a first-class concept, so
we can change how that works for prop220.
2015-05-28 10:42:29 -04:00
Nick Mathewson
525383c46d Checkpoint some work on voting on ed25519 identities
* Include ed25519 identities in votes
 * Include "no ed25519 identity" in votes
 * Include some commented-out code about identity voting.  (This
   will disappear.)
 * Include some functions for identity voting (These will disappear.)
 * Enforce uniqueness in ed25519 keys within a vote
2015-05-28 10:42:29 -04:00
Nick Mathewson
0b819a2a7c Enforce more correspondence between ri and ei
In particular, they have to list the same ed25519 certificate, and
the SHA256 digest of the ei needs to match.
2015-05-28 10:42:29 -04:00
Nick Mathewson
79db24b3d5 Sign extrainfo documents with ed25519
Extrainfo documents are now ed-signed just as are router
descriptors, according to proposal 220.  This patch also includes
some more tests for successful/failing parsing, and fixes a crash
bug in ed25519 descriptor parsing.
2015-05-28 10:42:22 -04:00
Nick Mathewson
b29c1530c7 Refactor link handshake cell type implementations to use trunnel
Unit tests still pass.
2015-05-28 10:41:50 -04:00
Nick Mathewson
55bb7bbafd Tests for AUTHENTICATE cell functionality. 2015-05-28 10:41:50 -04:00
Nick Mathewson
b75361c5ed Start testing cell encoders/processers for the v3 handshake.
An earlier version of these tests was broken; now they're a nicer,
more robust, more black-box set of tests.  The key is to have each
test check a handshake message that is wrong in _one_ way.
2015-05-28 10:41:50 -04:00
Nick Mathewson
24b720a984 Include ed25519 keys in microdescriptors. 2015-05-28 10:41:49 -04:00
Nick Mathewson
006b7ce5ff Fix the position-check for ed25519 certs to work with annotations
When there are annotations on a router descriptor, the
ed25519-identity element won't be at position 0 or 1; it will be at
router+1 or router-1.

This patch also adds a missing smartlist function to search a list for
an item with a particular pointer.
2015-05-28 10:41:49 -04:00
Nick Mathewson
592a439107 Tie key-pinning logic into directory authority operation
With this patch:
  * Authorities load the key-pinning log at startup.
  * Authorities open a key-pinning log for writing at startup.
  * Authorities reject any router with an ed25519 key where they have
    previously seen that ed25519 key with a different RSA key, or vice
    versa.
  * Authorities warn about, but *do not* reject, RSA-only descriptors
    when the RSA key has previously gone along with an Ed25519 key.
    (We should make this a 'reject' too, but we can't do that until we're
    sure there's no legit reason to downgrade to 0.2.5.)
2015-05-28 10:41:49 -04:00
Nick Mathewson
eacbe03c71 Key-pinning back-end for directory authorities.
This module implements a key-pinning mechanism to ensure that it's
safe to use RSA keys as identitifers even as we migrate to Ed25519
keys.  It remembers, for every Ed25519 key we've seen, what the
associated Ed25519 key is.  This way, if we see a different Ed25519
key with that RSA key, we'll know that there's a mismatch.

We persist these entries to disk using a simple format, where each
line has a base64-encoded RSA SHA1 hash, then a base64-endoded
Ed25519 key.  Empty lines, misformed lines, and lines beginning with
a # are ignored. Lines beginning with @ are reserved for future
extensions.
2015-05-28 10:41:49 -04:00
Nick Mathewson
a2f317913f Implement proposal 228: cross-certification with onion keys
Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.
2015-05-28 10:41:43 -04:00
Nick Mathewson
efa21bb941 Implement proposal 228: cross-certification with onion keys
Routers now use TAP and ntor onion keys to sign their identity keys,
and put these signatures in their descriptors.  That allows other
parties to be confident that the onion keys are indeed controlled by
the router that generated the descriptor.
2015-05-28 10:40:57 -04:00
Nick Mathewson
fe5d2477aa Implement ed25519-signed descriptors
Now that we have ed25519 keys, we can sign descriptors with them
and check those signatures as documented in proposal 220.
2015-05-28 10:40:56 -04:00
Nick Mathewson
818e6f939d prop220: Implement certificates and key storage/creation
For prop220, we have a new ed25519 certificate type. This patch
implements the code to create, parse, and validate those, along with
code for routers to maintain their own sets of certificates and
keys.  (Some parts of master identity key encryption are done, but
the implementation of that isn't finished)
2015-05-28 10:40:56 -04:00
Yawning Angel
452cebc4a4 Remove support for OpenSSL without ECC.
As OpenSSL >= 1.0.0 is now required, ECDHE is now mandatory.  The group
has to be validated at runtime, because of RedHat lawyers (P224 support
is entirely missing in the OpenSSL RPM, but P256 is present and is the
default).

Resolves ticket #16140.
2015-05-21 17:07:30 +00:00
Nick Mathewson
eb7f4d0059 Merge remote-tracking branch 'yawning/bug16052a_027' 2015-05-21 10:48:52 -04:00
Nick Mathewson
ed02a409cf Merge branch 'bug16034_no_more_openssl_098_squashed'
Conflicts:
	src/test/testing_common.c
2015-05-20 15:33:22 -04:00
Nick Mathewson
f8f407d66a Now that OpenSSL 0.9.8 is dead, crypto_seed_rng() needs no args
It needed an argument before because it wasn't safe to call
RAND_poll() on openssl 0.9.8c if you had already opened more fds
than would fit in fd_set.
2015-05-20 15:27:36 -04:00
Yawning Angel
712bf06978 Add support for 'HiddenServiceMaxStream' to 'ADD_ONION'.
Done as a separate commit to ease backporting the tunables to 0.2.6.x.
2015-05-20 17:41:27 +00:00
Yawning Angel
db7bde08be Add "HiddenServiceMaxStreams" as a per-HS tunable.
When set, this limits the maximum number of simultaneous streams per
rendezvous circuit on the server side of a HS, with further RELAY_BEGIN
cells being silently ignored.

This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which
if set will cause offending rendezvous circuits to be torn down instead.

Addresses part of #16052.
2015-05-20 17:33:59 +00:00
Nick Mathewson
d5e4a63436 Fix some compilation warnings 2015-05-18 15:57:21 -04:00
Nick Mathewson
2308f917f9 Merge remote-tracking branch 'andrea/ticket15358_squashed_2' 2015-05-18 14:44:28 -04:00
Nick Mathewson
0d3b3a4a23 Merge remote-tracking branch 'special/bug16060' 2015-05-18 11:56:16 -04:00
Nick Mathewson
cc1943bf6e Merge remote-tracking branch 'dgoulet/bug16021_027_01' 2015-05-18 11:29:50 -04:00
cypherpunks
b54626fd11 Silence two make rules 2015-05-18 11:29:07 -04:00
Andrea Shepard
4cbc9c5313 Add GETINFO network-liveness to control protocol 2015-05-17 13:42:57 +00:00
Andrea Shepard
dce9e915c7 Implement EVENT_NETWORK_LIVENESS 2015-05-17 13:42:57 +00:00
John Brooks
6f9e90101e Fix crash on HUP with mixed ephemeral services
Ephemeral services will be listed in rend_services_list at the end of
rend_config_services, so it must check whether directory is non-NULL
before comparing.

This crash happens when reloading config on a tor with mixed configured
and ephemeral services.

Fixes bug #16060. Bugfix on 0.2.7.1-alpha.
2015-05-16 20:01:38 -06:00
David Goulet
a324d7e8e1 Test: add unit test for rend_data_t object and functions
Closes #16021

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 12:08:54 -04:00
David Goulet
2aaaf7b145 Fix: init HSDirs list in rend_data_service_create
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 11:09:02 -04:00
Nick Mathewson
d05d21c89a Merge branch 'bug15880_027_03' 2015-05-14 10:46:45 -04:00
David Goulet
c1ffeadff4 Add missing descriptor ID to HS_DESC control event
For FAILED and RECEIVED action of the HS_DESC event, we now sends back the
descriptor ID at the end like specified in the control-spec section 4.1.25.

Fixes #15881

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:46:38 -04:00
David Goulet
6346d73b8e Fix rend_config_services() indentation
Not sure what happened but whitespace gone wild! :)

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:27:04 -04:00
David Goulet
b6e7b57d9a Use safe_str_client() for service ID in log
Scrub the service ID in a warning log.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:26:57 -04:00
Nick Mathewson
d55db221e8 tor_tls_get_buffer_sizes() will not work on openssl 1.1. Patch from yawning 2015-05-13 12:12:53 -04:00
Nick Mathewson
614d9bc967 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-05-13 11:05:33 -04:00
Nick Mathewson
2b441e25bc comment patch from dgoulet that was in my inbox too long 2015-05-11 11:32:00 -04:00
Donncha O'Cearbhaill
4fc21e8dbc Fix segfault in HSPOST command introduce with feature #3523
Checking if node->rs->is_hs_dir when the router_status for the node does
not exist results in a segfault. This bug is not in any released Tor.
2015-05-08 10:16:44 +01:00
Nick Mathewson
e086db7952 Merge branch 'writing_tests' 2015-05-07 15:29:56 -04:00
Nick Mathewson
79e85313aa Write the outlines of a WritingTests.txt document
Also, add some sample tests to be examples.
2015-05-07 15:29:16 -04:00
David Goulet
b3832e0b7f Fix hs stats comments to be more accurate
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-06 18:05:16 +10:00
Nick Mathewson
b0ea36d779 Merge remote-tracking branch 'public/bug15821_025' 2015-05-05 15:06:57 -04:00
John Brooks
2b27ce52d2 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2015-05-05 15:05:32 -04:00
Nick Mathewson
f61088ce23 Fix a few more memory leaks; not in any released Tor 2015-05-05 11:08:05 -04:00
Nick Mathewson
e8db9d0c94 Merge branch 'feature3523_027' 2015-05-04 11:41:50 -04:00
Donncha O'Cearbhaill
841c4aa715 Add "+HSPOST" and related "HS_DESC" event flags to the controller.
"+HSPOST" and the related event changes allow the uploading of HS
descriptors via the control port, and more comprehensive event
monitoring of HS descriptor upload status.
2015-05-04 11:41:28 -04:00
Yawning Angel
d4729524d1 Make GETINFO hs/client/desc/id/<identifier> actually work (#14845).
Not in any released version of tor.
2015-05-02 11:45:46 +00:00
Nick Mathewson
e8814816c7 whitespace fixes 2015-04-30 13:38:39 -04:00
Nick Mathewson
e9308a8341 compilation fix: signed/unsigned comparison 2015-04-30 13:36:45 -04:00
David Goulet
a9b9f6d90f Update descriptor ID when it changes in rend_data
When we have a new descriptor ID for an onion address request, change it in
the rend_data_t object and purge the old one from the last hid serv request
cache.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-30 12:35:21 -04:00
David Goulet
d33327ec22 Use descriptor ID when purging last hid fetch cache
Stop using an onion address since it's not indexed with that anymore in the
last hid serv request cache. Instead use a base32 encoded descriptor ID
contained in the rend_data_t object.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-30 12:35:21 -04:00
David Goulet
9a364026d3 Use rend_data_client/service_create() in code
Every callsite that use to allocate a rend_data_t object now use the
rend_data_client/service_create() function.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-30 12:35:21 -04:00
David Goulet
e6a581f126 Add a create function for rend_data_t object
Ground works for fixing #15816. This adds the rend_data_create() function in
order to have a single place where we initialize that data structure.

Furthermore, an array of descriptor IDs is added (one per replica) so we can
keep a copy of the current id in the object. It will be used to purge the
last hid serv request cache using those descriptor IDs. When they change,
they will be replaced and the old ones will be purged from the cache.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-30 12:35:20 -04:00
Nick Mathewson
7286a27cfc Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-28 14:46:53 -04:00
David Goulet
26c344a563 Revert "Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()"
Fixes #15850, part of #15801. Change file is added by this commit. The
original comment in the reverted commit is removed because right now we
*need* a DirPort until #15849 is implemented so no doubt nor confusion there
anymore.

This reverts commit 80bed1ac96.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-28 14:30:07 -04:00
Yawning Angel
915c7438a7 Add "ADD_ONION"/"DEL_ONION" and "GETINFO onions/*" to the controller.
These commands allow for the creation and management of ephemeral
Onion ("Hidden") services that are either bound to the lifetime of
the originating control connection, or optionally the lifetime of
the tor instance.

Implements #6411.
2015-04-28 10:19:08 -04:00
Nick Mathewson
b64eb6c47c Make a return value explicitly ignored.
This might make coverity happy
2015-04-23 13:05:06 -04:00
Nick Mathewson
54000d7ad9 Merge remote-tracking branch 'dgoulet/bug14847_027_06' 2015-04-23 12:24:35 -04:00
Nick Mathewson
85eadb733f Merge remote-tracking branch 'teor/longest-policy-comment' 2015-04-23 11:05:24 -04:00
Nick Mathewson
c366e1fa32 Merge remote-tracking branch 'public/remove_old_libevent_autoconf_stuff' 2015-04-23 10:27:01 -04:00
teor
9a34caa4e7 Correct "longest possible policy" comment in router policy
The "longest possible policy" comment in
router_parse_addr_policy_item_from_string() used an example policy
that was actually shorter than the maximum length.

This comment was amended, and expanded to count the maximum number of
characters.

Comment change only.
2015-04-23 23:59:19 +10:00
Nick Mathewson
372aef8981 Merge remote-tracking branch 'public/bug15546' 2015-04-23 09:50:29 -04:00
Nick Mathewson
c3894473fe whitespace fixes 2015-04-23 09:36:43 -04:00
Nick Mathewson
af83a205b0 Merge remote-tracking branch 'andrea/ticket14840' 2015-04-23 09:34:00 -04:00
Nick Mathewson
f5fa6ac534 Avoid memory leak in error messages in control.c (not in any tor) 2015-04-23 09:26:39 -04:00
Nick Mathewson
43a8457b56 Merge remote-tracking branch 'dgoulet/bug14845_026_01' 2015-04-23 09:25:00 -04:00
Nick Mathewson
01d988d72f Merge remote-tracking branch 'teor/bug-15642-v3-fallback-unit-tests' 2015-04-23 09:22:16 -04:00
Nick Mathewson
f1204e0c02 Fix another signed/unsigned comparison bug 2015-04-23 09:21:44 -04:00
Nick Mathewson
241e6b0937 Fix some conversion problems 2015-04-23 09:16:42 -04:00
Nick Mathewson
647b7d37c2 Merge remote-tracking branch 'public/bug15745_027_03' 2015-04-23 09:10:35 -04:00
Nick Mathewson
3acee61422 Merge branch 'feature15652_squashed' 2015-04-23 09:09:33 -04:00
Yawning Angel
196499da73 Use a custom Base64 encoder with more control over the output format. 2015-04-23 09:06:58 -04:00
teor
d68bbb0a29 Unit tests for consider_adding_dir_servers() as modified in #15642
Unit tests for the 10 valid combinations of set/NULL config options
DirAuthorities, AlternateBridgeAuthority, AlternateDirAuthority,
and FallbackDir.

Add assertion in consider_adding_dir_servers() for checks in
validate_dir_servers():
"You cannot set both DirAuthority and Alternate*Authority."
2015-04-23 00:16:04 +10:00
teor
027f73f70e Disable default fallback directories when other directories are set
Only add the default fallback directories when the DirAuthorities,
AlternateDirAuthority, and FallbackDir directory config options
are set to their defaults.

The default fallback directory list is currently empty, this fix will
only change tor's behaviour when it has default fallback directories.

Fixes bug 15642; bugfix on 90f6071d8d in 0.2.4.7-alpha. Patch by "teor".
2015-04-23 00:16:04 +10:00
teor
9139aeadb8 Reachability should check ExtendAllowPrivateAddresses not TestingTorNetwork
When self-testing reachability, use ExtendAllowPrivateAddresses
to determine if local/private addresses imply reachability.

The previous fix used TestingTorNetwork, which implies
ExtendAllowPrivateAddresses, but this excluded rare configs where
ExtendAllowPrivateAddresses is set but TestingTorNetwork is not.

Fixes bug 15771; bugfix on 0.2.6.1-alpha, bug #13924.
Patch by "teor", issue discovered by CJ Ess.
2015-04-22 23:54:21 +10:00
David Goulet
6f5f38a0bc Add function to validate HS descriptor ID
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-22 09:28:20 -04:00
David Goulet
a4585405d6 Multiple fixes for the HSFETCH command
Ref:
https://trac.torproject.org/projects/tor/ticket/14847?replyto=31#comment:31

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:54 -04:00
David Goulet
917c3aac60 Use rend_valid_service_id() in the HSFETCH command
Also, fix a small typo in a comment.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:54 -04:00
David Goulet
3ec651c0a6 Control: make HSFETCH command use LongName
The "SERVER=" option now supports LongName described in the control-spec.txt

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:54 -04:00
David Goulet
b100ebee4e Control: add + and 650 OK to HS_DESC_CONTENT event
The HS_DESC_CONTENT event results in multiple line thus must be prefixed
with a "650+" and ending with "650 OK".

Reported-by: Damian Johnson <atagar@torproject.org>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:54 -04:00
David Goulet
28cf9f2186 Control: unbolt rend_data from HS desc event
The HS_DESC event was using rend_data_t from the dir connection to reply the
onion address and authentication type. With the new HSFETCH command, it's
now possible to fetch a descriptor only using the descriptor id thus
resulting in not having an onion address in any HS_DESC event.

This patch removes rend_query from the hs desc control functions and replace
it by an onion address string and an auth type.

On a successful fetch, the service id is taken from the fetched descriptor.
For that, an extra parameter is added to "store as a client" function that
contains the cache entry stored.

This will make the control event functions scale more easily over time if
other values not present in rend_data_t are needed since the rend_data from
the dir connection might not contained everything we need.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:54 -04:00
David Goulet
59f8dced11 Refactor HS descriptor fetch to support descriptor ID
Big refactor of the HS client descriptor fetch functionnality. This allows
to fetch an HS descriptor using only a descriptor ID. Furthermore, it's also
possible to provide a list of HSDir(s) now that are used instead of the
automatically choosen one.

The approach taken was to add a descriptor_id field to the rend_data_t
structure so it can be used, if available, by the HS client. The onion
address field however has priority over it that is if both are set, the
onion address is used to fetch the descriptor.

A new public function is introduced called rend_client_fetch_v2_desc(...)
that does NOT lookup the client cache before fetching and can take a list of
HSDirs as a parameter.

The HSFETCH control command now uses this new function thus making it work
and final.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:22:48 -04:00
David Goulet
7db58445fd Control: add HS_DESC_CONTENT event
As defined in section 4.1.26 in the control-spec.txt, this new event replies
the content of a successfully fetched HS descriptor. This also adds a unit
test for the controller event.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:15:02 -04:00
David Goulet
084be23697 Control: groud work for the HSFETCH command
This adds the command on the controller side that parses and validate
arguments but does nothing for now. The HS desriptor fetch must be
modularized a bit more before we can use the command.

See control-spec.txt section 3.26 for more information on this command.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:15:02 -04:00
David Goulet
e9782043c8 Remove onion address usage in lookup_last_hid_serv_request
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 14:15:02 -04:00
David Goulet
3f41318472 Add crypto_rand_int_range() and use it
Incidently, this fixes a bug where the maximum value was never used when
only using crypto_rand_int(). For instance this example below in
rendservice.c never gets to INTRO_POINT_LIFETIME_MAX_SECONDS.

  int intro_point_lifetime_seconds =
    INTRO_POINT_LIFETIME_MIN_SECONDS +
    crypto_rand_int(INTRO_POINT_LIFETIME_MAX_SECONDS -
                    INTRO_POINT_LIFETIME_MIN_SECONDS);

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-21 11:06:12 -04:00
David Goulet
6f6881c432 Use a random count of INTRODUCE2 for IP rotation
An introduction point is currently rotated when the amount of INTRODUCE2
cells reached a fixed value of 16384. This makes it pretty easy for an
attacker to inflate that number and observe when the IP rotates which leaks
the popularity of the HS (amount of client that passed through the IP).

This commit makes it a random count between the current value of 16384 and
two times that.

Fixes #15745

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-20 17:38:31 -04:00
Andrea Shepard
bc8b9a28a4 Add default DirAuthority lines to output of getinfo_helper_config(config/defaults) if not already present 2015-04-17 22:40:08 +00:00
Andrea Shepard
42cee727fa Move list of default directory authorities to file scope 2015-04-17 06:33:17 +00:00
Nick Mathewson
06939551f4 code style fixes 2015-04-16 11:17:16 -04:00
Nick Mathewson
fabfa28c48 Fix missing-initializer warning 2015-04-16 11:16:20 -04:00
Nick Mathewson
f152081de1 Merge remote-tracking branch 'arma/ticket8766' 2015-04-16 11:15:29 -04:00
Nick Mathewson
cc10f13408 Fix indentation on a block 2015-04-15 11:10:54 -04:00
Nick Mathewson
1a7dea9191 Remove spurious warn 2015-04-15 11:10:48 -04:00
Nick Mathewson
b98cc79477 Merge remote-tracking branch 'sebastian/bug14784' 2015-04-15 11:10:37 -04:00
Nick Mathewson
d59c4063f3 Stop modifying const argument in handle_control_postdescriptor
Fixes 15546.
2015-04-15 10:47:50 -04:00
Nick Mathewson
c3e8b7f2da Fix another space issue 2015-04-15 10:38:12 -04:00
Nick Mathewson
8837cc266e Merge remote-tracking branch 'dgoulet/bug14391_026_v2' 2015-04-15 10:33:04 -04:00
cypherpunks
59e753a4a6 Make --hash-password imply --hush to prevent unnecessary noise. 2015-04-15 09:39:41 -04:00
Nick Mathewson
202bbfbaa4 Merge branch 'bug15604_squashed' 2015-04-07 15:15:54 -04:00
rl1987
fda2aa7703 Set ConnDirectionStatistics back to 0 if not running as relay. 2015-04-07 15:15:28 -04:00
Nick Mathewson
edde1a7844 Merge branch 'bug15541_squashed' 2015-04-07 14:09:55 -04:00
rl1987
6b0c443dde Update other entries in CMDLINE_ONLY_OPTIONS to use values from takes_argument_t. 2015-04-07 14:09:41 -04:00
rl1987
e89c200c47 Print the error message for --dump-config even if no arguments are given. 2015-04-07 14:09:41 -04:00
rl1987
ad54c197a9 Fix error message in do_dump_config(). 2015-04-06 21:01:43 +03:00
Yawning Angel
79544a6fc5 Fix the memory leak in warn_if_option_path_is_relative().
Fixes coverity defect CID 1293337, not in any released version of tor.
2015-04-06 17:53:01 +00:00
Nick Mathewson
a201a5396e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-06 09:26:28 -04:00
Nick Mathewson
0475552140 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-06 09:26:16 -04:00
Nick Mathewson
fe69a7e1d7 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-06 09:25:37 -04:00
Yawning Angel
dc3cb00080 Handle empty/zero length encoded intro points more gracefully.
In theory these should never the triggered as the only caller now
validates the parameters before this routine gets called.
2015-04-06 09:21:43 -04:00
Yawning Angel
7b5f558da4 Treat empty introduction points sections as missing.
Found by DonnchaC.
2015-04-06 09:20:46 -04:00
Yawning Angel
49ddd92c11 Validate the RSA key size received when parsing INTRODUCE2 cells.
Fixes bug 15600; reported by skruffy
2015-04-06 09:18:17 -04:00
Nick Mathewson
24352d0d70 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-03 09:47:57 -04:00
George Kadianakis
929a8f199b Decrease the amount of rend circ relaunches for hidden services. 2015-04-03 09:47:40 -04:00
George Kadianakis
8656cbcfc0 ... and if we do get multiple INTRODUCE1s on a circuit, kill the circuit
(Sending a nak would be pointless.)

See ticket 15515 for discussion.
2015-04-03 09:40:47 -04:00
Nick Mathewson
c1b36488e9 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-03 09:39:19 -04:00
Nick Mathewson
3781955f07 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-03 09:38:54 -04:00
Nick Mathewson
01e4bc80cd Merge branch 'bug15515_024' into maint-0.2.4 2015-04-03 09:36:59 -04:00
George Kadianakis
bcb839387e ... and if we do get multiple INTRODUCE1s on a circuit, kill the circuit
(Sending a nak would be pointless.)

See ticket 15515 for discussion.
2015-04-03 09:36:05 -04:00
George Kadianakis
8dba8a088d Block multiple introductions on the same intro circuit. 2015-04-03 09:35:47 -04:00
Sebastian Hahn
86002a83d3 Bridges are always dirs
This check was accidentally deleted in 05f7336624.
2015-04-01 21:07:46 +02:00
Nick Mathewson
081b0c0f77 mark dirinfo_type as unused in populate_live_entry_guards 2015-04-01 14:20:01 -04:00
Nick Mathewson
05fbbfe472 Merge remote-tracking branch 'public/remove_old_version_checks' 2015-04-01 14:02:02 -04:00
Nick Mathewson
d366c3354f Merge branch 'remove_digests' 2015-04-01 13:53:03 -04:00
Nick Mathewson
cd8f13b5cb Merge branch 'bug13736' 2015-04-01 13:46:50 -04:00
Nick Mathewson
8ba2d971b1 Remove needless call to crypto_set_tls_dh_prime() 2015-04-01 13:37:47 -04:00
Nick Mathewson
aa7b792250 Merge remote-tracking branch 'yawning/feature15435' 2015-04-01 13:34:14 -04:00
Nick Mathewson
34fa4ad637 Merge remote-tracking branch 'public/bug15515_025' 2015-04-01 12:59:19 -04:00
George Kadianakis
a7eae4ddc5 Block multiple introductions on the same intro circuit. 2015-04-01 12:58:52 -04:00
Nick Mathewson
13209eb6f3 Merge remote-tracking branch 'dgoulet/bug15296_027_01' 2015-04-01 12:50:36 -04:00
Nick Mathewson
c66dd17980 Drop support for --digests
This is a fair amount of maintainance burden, and doesn't help much
more than the git microversion.

Closes ticket 14742.
2015-04-01 09:54:20 -04:00
Nick Mathewson
02c3879f87 Merge remote-tracking branch 'teor/ticket15431-event-mask-tests' 2015-03-31 14:57:04 -04:00
Yawning Angel
fda61e030e Implement "TOR_PT_EXIT_ON_STDIN_CLOSE".
Background processes spawned by Tor now will have a valid stdin.
Pluggable transports can detect this behavior with the aformentioned
enviornment variable, and exit if stdin ever gets closed.
2015-03-26 12:55:12 +00:00
Nick Mathewson
e5e2644f23 clean up list of paths that cannot be relative 2015-03-25 09:16:04 -04:00
Nick Mathewson
9e80fc8171 Merge remote-tracking branch 'sebastian/coverage_builds' 2015-03-24 15:16:49 -04:00
Nick Mathewson
112c554fcf Merge branch 'bug14018' 2015-03-24 14:36:23 -04:00
rl1987
09c54655f1 Complain if relative paths are used in configuration
When we validate torrc options, print warning(s) when relative
path(s) been found.
2015-03-24 14:35:52 -04:00
Nick Mathewson
fec923d72b Check return values for tor_addr_parse(default) in config.c
In these cases, the address is always a constant "default", so
should always succeed.  But coverity can't tell that.

Fixes CID 1291645
2015-03-24 10:46:39 -04:00
Nick Mathewson
05f7336624 Remove version checks for microdescriptor support
At this point, relays without microdescriptor support are no longer
allowed on the Tor network.
2015-03-24 09:25:35 -04:00
Nick Mathewson
0f31080d63 Stop checking for torrc state files generated by very old Tor versions
These haven't worked in so long that if you had a state file of this
kind, the guards in it would be so old that you wouldn't use them
anyway.
2015-03-24 09:24:12 -04:00
teor
b41a5039f1 Compile-time check that control_event_t.event_mask is big enough
Add a compile-time check that the number of events doesn't exceed
the capacity of control_event_t.event_mask.
2015-03-22 14:25:42 +11:00
teor
99c10a95e4 Add unit tests for control_event_is_interesting()
Part of ticket 15431, checks for bugs similar to 13085.
2015-03-22 14:24:41 +11:00
Sebastian Hahn
1228dd293b Disable assertions during coverage builds
This removes roughly 5000 branches in my testing. We never want to
trigger assertions even during tests, so this is sane. Implements #15400.
2015-03-21 02:34:44 +01:00
Sebastian Hahn
348f2744cf Initialize two variables
This is a trivial change to get around two compiler warnings when
assertions are removed during coverage builds.
2015-03-21 02:00:17 +01:00
Nick Mathewson
54d6e5e71e Merge remote-tracking branch 'public/feature15053' 2015-03-18 14:27:00 -04:00
Nick Mathewson
d8263ac254 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-18 08:58:15 -04:00
David Goulet
c9534f7902 Remove extra newline at the end of HS descriptor
The rend-spec.txt document doesn't specify this extra newline. Furthermore,
this is the only descryptor type that contains one. Client and HSDir without
this patch still work perfectly since the HS descriptor parsing doesn't
expect a newline at the end.

Fixes #15296

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-03-16 09:04:51 -04:00
Nick Mathewson
a0f892f190 Simplify the loop. 2015-03-14 14:31:26 -04:00
Nick Mathewson
ddb1889eb8 Add comments for new functions 2015-03-14 14:28:29 -04:00
Nick Mathewson
92d04721a2 remove a needless "if (1)" that was there for indentation; fix indentation. 2015-03-14 14:28:29 -04:00
Nick Mathewson
b78803f9f5 Extract main part of main loop into a separate function
For 15176; Shadow would like this.

Based on a patch by Rob Jansen, but revised to have a minimal-sized diff.
2015-03-14 14:28:29 -04:00
cypherpunks
ce9bd4e04c Do not distribute common_sha1.i and or_sha1.i.
These files get generated automatically so there is need to include them in the
distribution.
2015-03-14 13:00:06 -04:00
cypherpunks
5176f6f103 Remove relative paths to header files.
The paths are already in the directory search path of the compiler therefore no
need to include them in the source code.
2015-03-14 13:00:05 -04:00
cypherpunks
7a86d53dee Clean up generated files.
Remove src/or/or_sha1.i and src/common/common_sha1.i on `make clean` and remove
the temporary micro-revision file when its no longer needed.

Additional changes;
- show a message when generating the micro-revision file.
- add the temporary micro revision file to the list of files to be removed on
  `make clean` just in case.
- fix indentation of the make rule to improve readability.
2015-03-14 13:00:04 -04:00
cypherpunks
17cbc4350f Use output variables instead of relative paths.
Fixes the following rules in out-of-tree builds;
- check-spaces
- check-docs
- check-logs
- Doxygen
- coverage-html

And cleans up additional directories;
- coverage_html
- doc/doxygen
2015-03-14 13:00:04 -04:00
Nick Mathewson
511ca9b91c Remove DynamicDHGroups as obsoleted by PluggableTransports or P256.
Closes ticket 13736.
2015-03-14 12:40:55 -04:00
Nick Mathewson
4247ce99e5 ug. test, _then_ commit, nick. 2015-03-14 12:14:32 -04:00
Nick Mathewson
f70f1d283e Do not printf success messages when we are --quieted or --hushed.
Fixes 14994. Calling this a bug on when --quiet and --hush began to have
their current behavior.
2015-03-14 12:12:53 -04:00
Nick Mathewson
3a68f2f54e const-ify the new failure vars, and one old one 2015-03-13 09:41:49 -04:00
Nick Mathewson
833b6d30be Merge remote-tracking branch 'sebastian/bug15211' 2015-03-13 09:39:04 -04:00
Matthew Finkel
61dcd926aa Flag when a controlsocket is configured as WorldWritable 2015-03-13 07:06:16 +00:00
Matthew Finkel
5ce5527823 Move to the next flag when we recognize Writable flags 2015-03-13 07:04:22 +00:00
Nick Mathewson
517e0f965b Remove workarounds for Libevent < 1.3.
This actually lets us dump a lot of old cruft that nobody had (I
hope!) tested in ages.

Closes 15248.
2015-03-12 16:59:05 -04:00
Sebastian Hahn
badc81de5b Don't init hs intro key as side effect of an assert 2015-03-12 18:59:46 +01:00
Sebastian Hahn
447769dd28 Don't init control authchallenge nonce as assert side effect
Fixes part of bug 15211.
2015-03-12 18:57:57 +01:00
Nick Mathewson
3ee2fca7ca Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 13:16:22 -04:00
Nick Mathewson
eb68ea20f8 Merge remote-tracking branch 'public/feature15212_026' into maint-0.2.6 2015-03-12 13:15:08 -04:00
Nick Mathewson
16b1b2199d Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 13:13:06 -04:00
Yawning Angel
b3281fc6d6 Initialize the extorport auth cookie before launching PTs.
PTs expect the auth cookie to be available immedieately after launch,
leading to a race condition when PTs opt to cache the extorport cookie
once immediately after startup.

Fixes #15240.
2015-03-12 13:12:56 -04:00
Nick Mathewson
9063f29160 Revert "Make TransProxyType ipfw work correctly"
This reverts commit 681802817d.

(I didn't mean to backport this, but somehow I had based my branch
for #15205 on it.)
2015-03-12 12:49:08 -04:00
Nick Mathewson
eecd410984 Merge remote-tracking branch 'public/bug15205_025' into maint-0.2.5 2015-03-12 12:27:25 -04:00
Nick Mathewson
b683b9af00 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 11:37:56 -04:00
Nick Mathewson
d4c1716263 add an explanatory comment 2015-03-12 11:28:18 -04:00
Nick Mathewson
648af0438d Also, add an assertion to assign_onionskin_to_cpuworker 2015-03-12 11:15:50 -04:00
Nick Mathewson
66c8180207 Fix crash bug when calling cpuworkers_rotate_keyinfo on a client.
Fixes bug 15245; bugfix on 0.2.6.3-alpha. Thanks to anonym for reporting!
2015-03-12 11:14:39 -04:00
Nick Mathewson
809517a863 Allow {World,Group}Writable on AF_UNIX {Socks,Control}Ports.
Closes ticket 15220
2015-03-11 13:31:33 -04:00
Nick Mathewson
d29a8ad564 Add link protocol version counts to the heartbeat message
Closes ticket 15212
2015-03-10 10:07:41 -04:00
Nick Mathewson
64bfc2930a Restore c89 in 0.2.5 2015-03-09 13:22:58 -04:00
Nick Mathewson
448bd22092 Merge remote-tracking branch 'public/bug14261_025' into maint-0.2.5 2015-03-09 13:17:20 -04:00
Nick Mathewson
62631904cb GETINFO bw-event-cache to get information on recent BW events
Closes 14128; useful to regain functionality lost because of 13988.
2015-03-09 13:13:56 -04:00
Nick Mathewson
e3408248b9 Merge remote-tracking branch 'public/bug13988_025' into maint-0.2.5 2015-03-09 13:12:54 -04:00
Nick Mathewson
ed7f2482e2 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-09 13:08:20 -04:00
Nick Mathewson
fb0de57ba2 Merge remote-tracking branch 'public/feature15006_026' into maint-0.2.6 2015-03-09 13:05:27 -04:00
Nick Mathewson
bd80ba9a9f Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-09 11:10:04 -04:00
Nick Mathewson
a7f75b2056 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-03-09 11:09:49 -04:00
Nick Mathewson
1a7419c3df Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-03-09 11:09:30 -04:00
Nick Mathewson
6704e18dd2 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-03-09 11:08:57 -04:00
Nick Mathewson
4ced3b59aa Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 15:19:43 +01:00
Nick Mathewson
de2c5ad815 Revert "Missing dependencies; fixes 15127."
This reverts commit 930ab95e1f.
2015-03-04 15:18:33 +01:00
Nick Mathewson
98822df3dc Make boostrap events include hostname ANDaddr AND digest 2015-03-04 14:23:59 +01:00
Nick Mathewson
6ae9769b29 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 12:29:25 +01:00
Nick Mathewson
a726cd76df Merge remote-tracking branch 'public/bug15064_025' into maint-0.2.6 2015-03-04 12:26:43 +01:00
Nick Mathewson
681802817d Make TransProxyType ipfw work correctly
Fixes bug 15064; bugfix on 0.2.5.4-alpha.
2015-03-04 12:25:52 +01:00
Nick Mathewson
6a8550fa3c Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 12:15:10 +01:00
Nick Mathewson
5ad47aafab Merge remote-tracking branch 'public/bug15127_025' into maint-0.2.6 2015-03-04 12:14:17 +01:00
Nick Mathewson
2d926d0147 only declare rv when it is used in destination_from_socket. Fixes 15151 2015-03-04 12:12:41 +01:00
Nick Mathewson
930ab95e1f Missing dependencies; fixes 15127. 2015-03-04 12:09:33 +01:00
Roger Dingledine
a1bdb6e42c fix typo in comment 2015-03-03 19:12:27 -05:00
Nick Mathewson
81a994ce77 Make the assert related to 15083 a tiny bit more tolerant 2015-03-03 22:25:26 +01:00
Nick Mathewson
71ee53fe9b Do not leave empty, invalid chunks in buffers during buf_pullup
This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha.

Patch from 'cypherpunks'
2015-03-03 22:21:41 +01:00
Nick Mathewson
79c69d18b7 Include a HOST item in BOOTSTRAP problem messages
Closes ticket 15006.
2015-02-27 11:28:30 -05:00
Nick Mathewson
0dde4d6fa2 Merge remote-tracking branch 'yawning/bug14922' 2015-02-25 08:56:34 -05:00
Nick Mathewson
2bcb596dcf Merge remote-tracking branch 'public/bug14129_024' into maint-0.2.4 2015-02-24 13:23:44 -05:00
Nick Mathewson
a9720b90f8 Fix whitespace from tor_x509_cert rename 2015-02-24 12:03:11 -05:00
Nick Mathewson
f253aef14f Mechanical rename: tor_cert_t -> tor_x509_cert_t 2015-02-24 12:03:10 -05:00
Nick Mathewson
783a44f9e9 Log less/better about systemd at startup
Report errors if the notification fails; report success only if it
succeeds; and if we are not notifying systemd because we aren't
running with systemd, don't log at notice.
2015-02-24 11:11:24 -05:00
Nick Mathewson
af60e7566e Update test_status.c to accommodate changes in heartbeat messages
Fixes #15012; bug not in any released Tor
2015-02-24 10:05:34 -05:00
Nick Mathewson
d74a78c58a Merge branch 'bug14950_logs_squashed' 2015-02-23 13:04:03 -05:00
Nick Mathewson
d221b507c9 Avoid logging natural-language reports that are redundant with bootstrapping 2015-02-23 13:03:56 -05:00
Nick Mathewson
10ae9b9bf5 Usually downgrade middle heartbeat messages when stuff is in-range 2015-02-23 13:03:56 -05:00
Nick Mathewson
f1fa85ea73 Fix running with the seccomp2 sandbox
We had a regression in 0.2.6.3-alpha when we stopped saying
IPPROTO_TCP to socket().  Fixes bug 14989, bugfix on 0.2.6.3-alpha.
2015-02-23 12:16:08 -05:00
cypherpunks
5246e8f992 Remove lingering mempool code 2015-02-23 11:19:31 -05:00
Nick Mathewson
8a9d86bf05 Merge remote-tracking branch 'public/bug11454_11457' 2015-02-20 01:08:12 -05:00
Nick Mathewson
03a4e97c76 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-02-20 01:05:21 -05:00
Nick Mathewson
1525eeeb49 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-02-20 01:04:49 -05:00
Nick Mathewson
76d8c23ab4 Try to fix authdir_newdesc events
We were sending values that were truncated by the length of the
annotations.
2015-02-19 11:35:27 -05:00
Nick Mathewson
b897e386da Merge branch 'bug12844_macros' 2015-02-19 09:41:36 -05:00
Nick Mathewson
557a0c83f3 Do not try to download an EI for which we don't have a matching SD.
This quiets some log messages for #13762, and adds a better INFO message
for the underlying confusion.
2015-02-19 09:40:36 -05:00
Nick Mathewson
86105a4009 Check ENABLE_TOR2WEB_MODE before any tor2webmode code 2015-02-19 09:09:25 -05:00
Roger Dingledine
64d5e0e417 stop warning each time we check minimum-dir-info
We already log whenever our state changes, e.g. whenever new directory
information arrives. This additional log_warn() will at best just add more
log messages, or worse, make the user wonder what she needs to fix.

(Changed after consultation with Yawning.)
2015-02-19 06:27:14 -05:00
Roger Dingledine
70f46f7ae6 don't update dir_info_status when we have minimum dir info
Nothing ever uses the string when we're in "have minimum dir info"
state. The flow of the function is "check for problems, if you see a
problem write an explanation to dir_info_status and set res to 0". If
you get to the end of the function without any problems, then res =
1 and we're all ready to start making circuits.

(Changed after consultation with Yawning.)
2015-02-19 06:15:25 -05:00
Roger Dingledine
0e4bdc4005 clean up comments and whitespace a bit 2015-02-18 19:27:02 -05:00
Nick Mathewson
b7b8b9ecf9 Downgrade new extrainfo_insert warnings on startup 2015-02-18 13:41:00 -05:00
Nick Mathewson
a767b66640 Merge branch 'bug13762_diagnostic_redux' 2015-02-18 13:29:12 -05:00
Nick Mathewson
d3f714deb8 Patch from cypherpunks to try to diagnose 8387. 2015-02-18 13:25:01 -05:00
Nick Mathewson
e65fe0a747 Improve log messages for diagnosing 13762 2015-02-18 13:05:15 -05:00
Yawning Angel
39a496eeb8 Actually free measured_guardfraction.
CID 1270894
2015-02-18 16:36:57 +00:00
Nick Mathewson
6378bcf4b9 Fix an implicit-narrowing warning 2015-02-18 09:34:15 -05:00
Nick Mathewson
9e6147a40c Merge remote-tracking branch 'yawning/bug14918' 2015-02-18 09:21:16 -05:00
Nick Mathewson
96211bcf71 Merge branch 'bug9321_rerebase'
Conflicts:
	src/or/dirvote.h
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-18 09:17:02 -05:00
George Kadianakis
5c34a53068 Don't exit if we can't find the GuardfractionFile when booting.
...just disable the feature in that case.
2015-02-18 09:09:34 -05:00
George Kadianakis
33053d50a0 Final guardfraction preparations for upstream merge.
- Write a changes file.
- Change some logs to lesser severities.
2015-02-18 09:09:34 -05:00
George Kadianakis
b941f109ac Calculate relay weighted bandwidth using guardfraction bandwidths.
Now use the guardfraction function to calculate individual relay
bandwidth weights.
2015-02-18 09:09:34 -05:00
George Kadianakis
f7a8b19184 Calculate total bandwidth weights using the guardfraction bandwidths.
Now use the function introduced in the previous commit, to calculate the
total bandwidth weights when making the consensus.
2015-02-18 09:09:33 -05:00
George Kadianakis
14a3c17ce6 Calculate the guardfraction bandwidth of a guard. 2015-02-18 09:09:33 -05:00
George Kadianakis
f4a63f8eab Parse GuardFraction info from consensuses and votes.
Also introduce the UseGuardFraction torrc option which decides whether
clients should use guardfraction information found in the consensus.
2015-02-18 09:09:33 -05:00
George Kadianakis
db805b9170 Write GuardFraction information to consensus.
If we've seen enough votes with guardfraction information, write down
the GuardFraction string in the consensus.
2015-02-18 09:09:33 -05:00
George Kadianakis
7ddfb6aa2f Write guardfraction information to votes.
If a dirauth has guardfraction information about a guard, write it down
when serializing the routerstatus.
2015-02-18 09:09:33 -05:00
George Kadianakis
5ee48d47a7 Parse Guardfraction file and apply results to routerstatuses.
Parse the file just before voting and apply its information to the
provided vote_routerstatus_t. This follows the same logic as when
dirauths parse bwauth files.
2015-02-18 09:09:32 -05:00
Yawning Angel
8571e86d27 Fix bootstrap directory information logging.
`dir_info_status` is used from main.c:directory_info_has_arrived() to
provide useful (INFO/NOTICE) level logging to users, and should always
be updated regardless of the rate limiting.
2015-02-18 13:58:13 +00:00
Yawning Angel
6fdb179d84 Fix compute_frac_paths_available, when ExitNodes is not set. 2015-02-18 12:51:07 +00:00
Yawning Angel
cbd26157c5 Remove tor_strclear(), and replace previous calls with memwipe(). 2015-02-17 18:53:33 +00:00
Nick Mathewson
d038430a14 Merge branch 'bug14918' 2015-02-17 12:49:29 -05:00
Nick Mathewson
9bf6da1861 Merge remote-tracking branch 'public/feature_13822' 2015-02-17 12:34:13 -05:00
Nick Mathewson
8eb3d81e6e Fix some issues with reporting exit-free networks
Fixes bug 14918.
2015-02-17 12:07:24 -05:00
George Kadianakis
6517219093 Control: command to lookup cached HS descriptor
This adds the key "hs/client/desc/id/<ADDR>" to the GETINFO command used to
lookup the given onion address in the client hs descriptor cache.

If found, prints it formatted as specified in section 1.3 of rend-spec.txt.

Fixes #14845

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-02-17 11:30:25 -05:00
Roger Dingledine
d6dbd55849 trivial whitespace fix 2015-02-17 06:01:33 -05:00
Nick Mathewson
0b3ae7d9e5 Maybe this will make coverity not care that this check is dead. CID 1268063 2015-02-16 15:44:18 -05:00
Nick Mathewson
2fe139473d No, coverity, this is not a memory leak. 1268065 2015-02-16 15:42:48 -05:00
Nick Mathewson
5d2a23397a Fix a few coverity "Use after NULL check" warnings
Also remove the unit test mocks that allowed get_options() to be
NULL; that's an invariant violation for get_options().
2015-02-16 15:40:15 -05:00
Sina Rabbani
8e61d38cf1 Faravahar's New IP Address as of 2/20/2015 2015-02-16 11:51:36 -05:00
Sebastian Hahn
0c11d8b2d2 Implement status/fresh-relay-descs command
The idea here is that a controller should be able to make Tor produce a
new relay descriptor on demand, without that descriptor actually being
uploaded to the dirauths (they would likely reject it anyway due to
freshness concerns).

Implements #14784.
2015-02-15 12:36:07 +01:00
Sebastian Hahn
8feaf3846d Refactor router_rebuild_descriptor
Allow building a router descriptor without storing it to global state.
This is in preparation of a patch to export the created descriptors via
the control port.
2015-02-15 12:33:20 +01:00
Sebastian Hahn
3bcdb26267 Call cpu_init if we change to being a relay
The issue is that we use the cpuworker system with relays only, so if we
start up as a client and transition to being a relay later, we'll be
sad.

This fixes bug 14901; not in any released version of Tor.
2015-02-15 11:49:19 +01:00
Nick Mathewson
b223b7c22d fix a compilation warning 2015-02-11 15:10:35 -05:00
Nick Mathewson
d7a1e83f50 Merge remote-tracking branch 'public/remove_freelist' 2015-02-11 15:09:01 -05:00
Nick Mathewson
caf28519d9 Merge branch 'bug12844'
Conflicts:
	src/or/circuituse.c
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-11 15:06:04 -05:00
Nick Mathewson
0899f51bc6 Additional paranoia: do not even build tor2web stuff if not using.
(That is, don't build it unless we're building for tor2web, or we
are building for tests.)
2015-02-11 14:54:16 -05:00
Nick Mathewson
6f331645c7 Remove mempools and buf freelists
They have been off-by-default since 0.2.5 and nobody has complained. :)

Also remove the buf_shrink() function, which hasn't done anything
since we first stopped using contiguous memory to store buffers.

Closes ticket 14848.
2015-02-11 09:03:50 -05:00
Nick Mathewson
0c81dfa848 Merge remote-tracking branch 'public/feature_13555' 2015-02-11 08:42:00 -05:00
Sebastian Hahn
9667b2b88a Add some comments to or_circuit_t.workqueue_entry
These were suggested by dgoulet, thanks!
2015-02-09 16:13:08 +01:00
Sebastian Hahn
7337510090 Avoid use-after-free of circ belonging to cancelled job
This fixes a bug where we decide to free the circuit because it isn't on
any workqueue anymore, and then the job finishes and the circuit gets
freed again.

Fixes bug #14815, not in any released version of Tor.
2015-02-09 16:12:47 +01:00
Roger Dingledine
56061976db Recover better when our clock jumps back many hours
like might happen for Tails or Whonix users who start with a very wrong
hardware clock, use Tor to discover a more accurate time, and then
fix their clock.

Resolves part of ticket 8766.

(There are still some timers in various places that aren't addressed yet.)
2015-02-09 01:05:31 -05:00
Roger Dingledine
1cb9064d7d shift all the static times into a struct
no actual behavior changes yet
2015-02-09 00:07:15 -05:00
Sebastian Hahn
37d16c3cc7 Reserve enough space for rend_service_port_config_t
In #14803, Damian noticed that his Tor sometimes segfaults. Roger noted
that his valgrind gave an invalid write of size one here. Whenever we
use FLEXIBLE_ARRAY_MEMBER, we have to make sure to actually malloc a
thing that's large enough.

Fixes bug #14803, not in any released version of Tor.
2015-02-09 04:48:16 +01:00
Nick Mathewson
8b82f6261e Search-and-replace to regain coding style in wake of 13822.
(all-caps should be reserved for global or module-global constants and
2015-02-07 08:33:36 -05:00
Nick Mathewson
4beb830953 Split ROUTER_REQUIRED_MIN_BANDWIDTH into RELAY_ and BRIDGE_ variants
Also raise those minima from 20 to 75 and 50 respectively.

Closes ticket 13822.
2015-02-07 08:33:23 -05:00
David Goulet
b101f4e98c Control: getinfo entry-guards report down-since
If the guard unreachable_since variable was set, the status "up" was
reported which is wrong. This adds the "down" status followed by the
unreachable_since time value.

Fixes #14184

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-02-06 16:06:20 -05:00
Nick Mathewson
e36faeec1d Merge remote-tracking branch 'sebastian/bug13993' 2015-02-06 15:42:53 -05:00
Sebastian Hahn
e0c3de40ad Fix check-spaces complaints 2015-02-06 21:36:40 +01:00
Sebastian Hahn
b3bc871214 Add unit test for #13290 2015-02-06 21:04:05 +01:00
Yawning Angel
16cf1679e7 Fix scheduler compilation on targets where char is unsigned.
Per discussion with nickm, the `dir` argument should be a int rather
than a signed char.

Fixes bug #14764.
2015-02-06 16:26:28 +00:00
Nick Mathewson
1799c2be09 Merge remote-tracking branch 'public/bug13796' 2015-02-05 22:53:15 -05:00
Nick Mathewson
2274221557 Fix a work-counting bug introduced by the workqueue merge
David Goulet finds that when he runs a busy relay for a while with the
latest version of the git code, the number of onionskins handled
slowly dwindles to zero, with total_pending_tasks wedged at its
maximum value.

I conjecture this is because the total_pending_tasks variable isn't
decremented when we successfully cancel a job.  Fixed that.

Fixes bug 14741; bugfix not on any released version of tor.
2015-02-05 12:17:08 -05:00
Nick Mathewson
daab405168 Bump the minimum relay version to 0.2.4.18-rc
Closes #13555
2015-02-04 13:27:56 -05:00
Nick Mathewson
a8835170d7 Use getsockname, not getsockopt, on TPROXY sockets 2015-02-04 10:09:54 -05:00
Nick Mathewson
5be48c5d4c Work around test_status.c weirdness
Ordinarily, get_options() can never return NULL, but with
test_status.c mocking, it can.  So test for that case.

The best fix here would be to pass the options value to a
bridge_server_mode() function.
2015-02-03 15:50:31 -05:00
Nick Mathewson
cdc49629c7 Merge branch 'bug6852'
Conflicts:
	src/or/status.c
2015-02-03 13:06:58 -05:00
Nick Mathewson
7f52dc4d03 Choose a more deliberate cutoff for clients in heartbeat 2015-02-03 13:02:22 -05:00
Nick Mathewson
d03e1da232 Merge remote-tracking branch 'public/bug9635_warnings_025'
Conflicts:
	src/test/test.c
2015-02-02 16:31:32 -05:00
Nick Mathewson
41ba4f5627 tweak based on comments from dgoulet 2015-02-02 14:42:33 -05:00
Nick Mathewson
03563f4723 Fix an unused-variable warning. 2015-02-02 13:35:44 -05:00
Nick Mathewson
79c7625e38 Merge branch 'feature13864_squashed' 2015-02-02 13:32:53 -05:00
rl1987
fe328d192e Allow reading torrc from stdin. 2015-02-02 13:31:56 -05:00
Nick Mathewson
f4b79bc420 Merge remote-tracking branch 'sysrqb/bug14216_bad_since' 2015-02-02 10:23:52 -05:00
Nick Mathewson
55639bc67f Merge remote-tracking branch 'dgoulet/bug14202_026_v1' 2015-02-02 10:16:48 -05:00
Matthew Finkel
4cb59ceb8e Only retry connecting to configured bridges
After connectivity problems, only try connecting to bridges which
are currently configured; don't mark bridges which we previously
used but are no longer configured.  Fixes 14216.  Reported by
and fix provided by arma.
2015-01-31 09:46:18 +00:00
Nick Mathewson
097286e476 Fix some unused-argument warnings 2015-01-30 14:47:56 -05:00
Nick Mathewson
bc9ade055e Fix an uninitialized-variable warning. 2015-01-30 14:46:18 -05:00
David Goulet
44e9dafb67 Fix: test -ENOENT after config_parse_unix_port()
Check for -ENOENT instead of ENOENT after the HS port is parsed.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-30 14:13:27 -05:00
Nick Mathewson
fac8d40886 Merge remote-tracking branch 'public/prop227_v2'
Conflicts:
	src/test/test_dir.c
2015-01-30 07:36:55 -05:00
Nick Mathewson
d1e52d9a2a Correctly handle OutboundBindAddress again.
ca5ba2956b broke this; bug not in any
released Tor.

Also fix a typo.

Fixes 14541 and 14527.  Reported by qbi.
2015-01-30 07:29:23 -05:00
Nick Mathewson
4c1a779539 Restrict unix: addresses to control and socks for now 2015-01-29 14:51:59 -05:00
Nick Mathewson
204374f7d9 Remove SocksSocket; it's now spelled differently thanks to 14451
Also, revise bug12585 changes file to mention new syntax
2015-01-29 14:46:20 -05:00
Nick Mathewson
b4a8fd8958 When there are no package lines, make consensus/packages say "".
Also, give a better error message when there is no consensus.
2015-01-29 14:14:59 -05:00
Nick Mathewson
bd630a899a Correctly reject packages lines with empty entries 2015-01-29 14:09:57 -05:00
Nick Mathewson
f935ee2dae Define 'digesttype' correctly 2015-01-29 14:04:21 -05:00
David Goulet
80bed1ac96 Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()
Fixes #14202

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-29 12:55:19 -05:00
David Goulet
ebc59092bc Make hidden service use the config unix prefix
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 18:01:53 -05:00
David Goulet
bf3fb55c47 Support unix: prefix in port configuration
It's now possible to use SocksPort or any other kind of port that can use a
Unix socket like so:

  SocksPort unix:/foo/bar/unix.sock

Fixes #14451

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 17:55:38 -05:00
Nick Mathewson
a3de2dfde6 Merge branch 'bug11485_026_v2_squashed' 2015-01-28 14:32:19 -05:00
David Goulet
fb523b543a fixup! Refactor the use of ifdef HAVE_SYS_UN_H
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 14:30:23 -05:00
Andrea Shepard
bce824a9ad Actually make connections to HSes on AF_UNIX sockets 2015-01-28 14:30:23 -05:00
Andrea Shepard
ca5ba2956b Support connection_exit_connect() to AF_UNIX sockets 2015-01-28 14:30:23 -05:00
Andrea Shepard
6564291601 Handle config options for AF_UNIX hidden services rendservice.c 2015-01-28 14:30:23 -05:00
Arthur Edelstein
cb714d896c Bug #8405: Report SOCKS username/password in CIRC status events
Introduces two new circuit status name-value parameters: SOCKS_USERNAME
and SOCKS_PASSWORD. Values are enclosing in quotes and unusual characters
are escaped.

Example:

    650 CIRC 5 EXTENDED [...] SOCKS_USERNAME="my_username" SOCKS_PASSWORD="my_password"
2015-01-28 12:02:15 -05:00
Nick Mathewson
32dad3b83b Add GETINFO consensus/{valid-{after,until},fresh-until} 2015-01-28 11:28:21 -05:00
Nick Mathewson
c240eea0df more typo fixes from mcs and gk 2015-01-28 11:25:37 -05:00
Nick Mathewson
20d0b1a04e Bump a client authorization message from debug to info.
A user wants this for 14015, and it seems fairly reasonable.
2015-01-28 09:42:28 -05:00
Nick Mathewson
9c4328c038 New GETINFO consensus/packages to expose package information from consensus 2015-01-27 16:40:32 -05:00
Nick Mathewson
1e61b45251 Fixes on prop227 comments, based on comments by mcs on #10395 2015-01-27 16:31:48 -05:00
David Goulet
91009dce97 Refactor rend_cache_lookup_entry() and how it's used
Here is why:

1) v0 descriptors are deprecated since 0.2.2.1 and not suppose to be alive
in the network anymore. This function should only serve v2 version for now
as the default.

2) It should return different error code depending on what's the actual
error is. Right now, there is no distinction between a cache entry not found
and an invalid query.

3) This function should NOT test if the intro points are usable or not. This
adds some load on a function that should be "O(1)" and do one job.
Furthermore, multiple callsites actually already test that doing twice the
job...

4) While adding control event, it would be useful to be able to lookup a
cache entry without having it checking the intro points. There are also
places in the code that do want to lookup the cache entry without doing
that.

Fixes #14391

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-27 12:04:40 -05:00
Andrea Shepard
03d6a31716 Groundwork for AF_UNIX hidden services in rendservice.c 2015-01-27 06:22:37 +00:00
Nick Mathewson
a598d0f575 Bail early in cpuworker_onion_handshake_replyfn if the circuit is marked 2015-01-26 10:19:07 -05:00
Nick Mathewson
034e2788f8 whitespace fixes 2015-01-23 11:18:28 -05:00
Nick Mathewson
6c443e987d Tweak the 9969 fix a little
If we have busy nodes and excluded nodes, then don't retry with the
excluded ones enabled.  Instead, wait for the busy ones to be nonbusy.
2015-01-23 09:37:08 -05:00
Nick Mathewson
5d4bb6f61f Merge remote-tracking branch 'public/ticket9969'
Conflicts:
	src/or/directory.c
	src/or/routerlist.c
	src/or/routerlist.h
	src/test/include.am
	src/test/test.c
2015-01-23 09:36:00 -05:00
Nick Mathewson
b677ccd3ab Merge remote-tracking branch 'public/ticket13762' 2015-01-23 08:55:31 -05:00
Nick Mathewson
23fc1691b6 Merge branch 'better_workqueue_v3_squashed' 2015-01-21 14:47:16 -05:00
David Goulet
84f5cb749d Fix: remove whitespace and update a comment in cpuworker.c
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-21 14:31:02 -05:00
Nick Mathewson
f0415c1600 Merge branch 'bug9819' 2015-01-21 13:00:26 -05:00
Nick Mathewson
523e920d53 fix a comment 2015-01-21 13:00:14 -05:00
Nick Mathewson
e7e33d4b04 Merge branch 'bug14084' 2015-01-20 14:07:37 -05:00
Nick Mathewson
9ddc1fb10c Merge remote-tracking branch 'dgoulet/bug14224_025_v1' 2015-01-20 14:02:07 -05:00
Nick Mathewson
da423532f7 Merge branch 'ticket14254_squashed' 2015-01-20 13:46:56 -05:00
Nick Mathewson
78c53eff85 Fix SocksSocket 0. That was easy! 2015-01-20 13:46:44 -05:00
Nick Mathewson
061682c829 Some days I just can't C. 2015-01-19 11:58:40 -05:00
Nick Mathewson
2e8b8c8698 Make check-spaces happier. 2015-01-19 11:56:03 -05:00
Nick Mathewson
a8dd930274 Replace a 4 with a 6; fix a bug that nobody noticed :/
Fixes 14280 bugfix on 1053af0b9c in 0.2.4.7-alpha.
2015-01-19 11:51:08 -05:00
Nick Mathewson
1053af0b9c Merge branch 'bug7555_v2_squashed'
Conflicts:
	src/or/connection_edge.c
2015-01-19 11:43:41 -05:00
Nick Mathewson
758d77130c Add a bunch of new comments to explain connection_ap_rewrite{,_and_attach}
Also, do a little light refactoring to move some variable declarations
around and make a few things const

Also fix an obnoxious bug on checking for the DONE stream end reason.
It's not a flag; it's a possible value or a variable that needs to be
masked.
2015-01-19 11:30:22 -05:00
David Goulet
b5525476f5 Fix: close intro circuit if no more intro points are usable
Once a NACK is received on the intro circuit, tor tries an other usable one
by extending the current circuit to it. If no more intro points are usable,
now close the circuit. Also, it's reason is changed before closing it so we
don't report again an intro point failure and trigger an extra HS fetch.

Fixes #14224

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-19 10:23:58 -05:00
David Goulet
b3c1152bae Fix: close intro circuit if no more intro points are usable
Once a NACK is received on the intro circuit, tor tries an other usable one
by extending the current circuit to it. If no more intro points are usable,
now close the circuit.

Fixes #14224

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-19 09:44:11 -05:00
Nick Mathewson
63765399eb Merge remote-tracking branch 'public/ticket13037'
Conflicts:
	src/or/config.c
2015-01-18 16:07:08 -05:00
Roger Dingledine
5aa55a1369 Remove the unused rend_cache_entry_t->received field.
(Patch from arma, commit message from nick.)

Closes #14222.
2015-01-18 15:53:06 -05:00
Nick Mathewson
fae72a8d0a Merge remote-tracking branch 'public/bug14219_025' 2015-01-18 15:41:13 -05:00
Roger Dingledine
9407040c59 Do not replace a HS descriptor with a different replica of itself
This fixes a bug where we'd fetch different replicas of the same
descriptor for a down hidden service over and over, until we got lucky
and fetched the same replica twice in a row.

Fixes bug 14219; bugfix on 0.2.0.10-alpha.

(Patch from Roger; commit message and changes file by Nick.)
2015-01-18 15:39:12 -05:00
Nick Mathewson
efdac2a68c Merge remote-tracking branch 'public/bug14261_025'
Conflicts:
	src/or/directory.c
2015-01-18 15:28:35 -05:00
Nick Mathewson
ceb6dee465 Increase limit for status vote download size by a factor of 5.
We've started to hit the limit here.  We introduced the limit in
0.1.2.5-alpha.  This fixes bug 14261, but we should have a smarter way
to not actually do the behavior this permits.  See #14267 for a ticket
about fixing that.
2015-01-18 15:25:29 -05:00
Nick Mathewson
54e4aaf52c Fix memory leak in connection_ap_handshake_rewrite_and_attach()
Spotted by asn.  #14259.  Bugfix on 368eb6a97 in 0.2.0.1-alpha.
2015-01-18 14:19:26 -05:00
Nick Mathewson
79e12da861 Merge remote-tracking branch 'public/bug12485' 2015-01-18 13:49:30 -05:00
Nick Mathewson
31838bd783 changes suggested by weasel 2015-01-16 11:46:20 -05:00
Nick Mathewson
485fdcf826 Unify parse_unix_socket_config and parse_port_config
This incidentally makes unix SocksSocket support all the same options
as SocksPort.

This patch breaks 'SocksSocket 0'; next will restore it.

Resolves 14254.
2015-01-16 11:35:48 -05:00
Nick Mathewson
bbad23bf37 No, client-side DNS cacheing should not be on by default. 2015-01-16 09:32:22 -05:00
Nick Mathewson
4b23b398a3 Merge branch 'bug8546_squashed'
Conflicts:
	src/or/connection.c
	src/or/or.h
	src/or/relay.c
2015-01-16 09:31:50 -05:00
Nick Mathewson
49bdfbabb4 Replace field-by-field copy with memcpy for entry_port_cfg 2015-01-16 09:23:03 -05:00
Nick Mathewson
13dac5e463 Move entry_port_cfg_t fields in entry_connection_t
Also rename some options for uniformity, and apply this script:

@@
entry_connection_t *conn;
@@
 conn->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:58 -05:00
Nick Mathewson
58d17add5e Combine entry_port_cfg_t fields in listener_connection_t
Also, revise the code using these options with this cocci script:

@@
listener_connection_t *conn;
@@
 conn->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:53 -05:00
Nick Mathewson
f444f2b1d3 Split client-specific and server-specific parts of port_cfg_t
Also, apply this cocci script to transform accesses. (Plus manual
migration for accesses inside smartlist_foreach loops.)

@@

port_cfg_t *cfgx;
@@
 cfgx->
+server_cfg.
\(
 no_advertise
\|
 no_listen
\|
 all_addrs
\|
 bind_ipv4_only
\|
 bind_ipv6_only
\)

@@

port_cfg_t *cfgx;
@@
 cfgx->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:49 -05:00
Nick Mathewson
3368b0c9f2 Add string for IP_NOW_REDUNDANT in circuit_end_reason_to_control_string
Closes 14207; bugfix on 0.2.6.2-alpha.
2015-01-15 11:53:20 -05:00
Nick Mathewson
a52e549124 Update workqueue implementation to use a single queue for the work
Previously I used one queue per worker; now I use one queue for
everyone.  The "broadcast" code is gone, replaced with an idempotent
'update' operation.
2015-01-15 11:05:22 -05:00
Roger Dingledine
660a35d97c fix typo 2015-01-15 11:03:13 -05:00
Andrea Shepard
f7bb60e202 Add comments in rendclient.c noting that certain functions involved in handling ended HS connection attempts must be idempotent 2015-01-15 15:19:31 +00:00
Nick Mathewson
3668a4126e Merge remote-tracking branch 'public/bug13397' 2015-01-14 14:15:29 -05:00
Nick Mathewson
1686f81ac2 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-14 13:30:10 -05:00
Nick Mathewson
fb5ebfb507 Avoid chan/circ linear lookups for requests
The solution I took is to not free a circuit with a pending
uncancellable work item, but rather to set its magic number to a
sentinel value.  When we get a work item, we check whether the circuit
has that magic sentinel, and if so, we free it rather than processing
the reply.
2015-01-14 11:31:12 -05:00
Nick Mathewson
6c9c54e7fa Remove if (1) indentation in cpuworker.c
To avoid having diffs turn out too big, I had replaced some unneeded
ifs and fors with if (1), so that the indentation would still work out
right.  Now I might as well clean those up.
2015-01-14 11:28:26 -05:00
Nick Mathewson
1e896214e7 Refactor cpuworker to use workqueue/threadpool code. 2015-01-14 11:23:34 -05:00
Nick Mathewson
518b0b3c5f Do not log a notice on every socks connection 2015-01-14 09:54:40 -05:00
George Kadianakis
220f419da1 New minimum uptime to become an HSDir is 96 hours. 2015-01-14 12:48:09 +00:00
Nick Mathewson
17c568b95c Fix new unused variable warning in connection_listener_new 2015-01-13 13:45:35 -05:00
Nick Mathewson
2b8cebaac0 whitespace fix 2015-01-13 13:11:39 -05:00
Nick Mathewson
d8b7dcca8d Merge remote-tracking branch 'andrea/ticket12585_v3' 2015-01-13 12:50:55 -05:00
Nick Mathewson
9d0fab9872 Allow MapAddress and Automap to work together
The trick here is to apply mapaddress first, and only then apply
automapping.  Otherwise, the automap checks don't get done.

Fix for bug 7555; bugfix on all versions of Tor supporting both
MapAddress and AutoMap.
2015-01-13 12:41:15 -05:00
Nick Mathewson
f2fb85f970 Remove needless strdup in addressmap_register_virtual_address()
Fixes bug 14195. Bugfix on 0.1.0.1-rc.
2015-01-13 12:24:42 -05:00
Nick Mathewson
05a80bb46c More unit tests for rewriting entry connection addresses 2015-01-13 11:08:33 -05:00
Nick Mathewson
2e1ed0815d Actually set *expires_out in addressmap_rewrite.
Fixes 14193; bugfix on 35d08e30d, which went into 0.2.3.17-beta.
2015-01-13 09:42:23 -05:00
Nick Mathewson
732c885b32 Fix a conversion warning on 32-bit clang 2015-01-12 22:33:10 -05:00
Nick Mathewson
bba995e666 Begin writing unit tests for rewrite code 2015-01-12 21:08:43 -05:00
Andrea Shepard
066acaf6b9 Explicitly chmod AF_UNIX sockets to 0600 when *GroupWritable isn't specified 2015-01-13 00:27:04 +00:00
Andrea Shepard
4316bb601a Remove no-longer-accurate comment from connection.c 2015-01-13 00:21:59 +00:00
Andrea Shepard
cb047f4078 Fix ipv4/ipv6 traffic bits on AF_UNIX socks listeners and remove hacky workarounds for brokenness 2015-01-13 00:18:17 +00:00
Andrea Shepard
f50068b17e Fix default list handling for parse_unix_socket_config(); avoid clearing whole pre-existing list 2015-01-12 22:12:18 +00:00
Nick Mathewson
2edfdc02a2 Merge remote-tracking branch 'teor/bug13111-empty-key-files-fn-empty' 2015-01-12 14:06:14 -05:00
Nick Mathewson
cacea9102a reindent cell_queues_check_size() 2015-01-12 13:59:50 -05:00
Nick Mathewson
c2e200cef8 Merge branch 'bug13806_squashed'
Conflicts:
	src/or/relay.c
2015-01-12 13:59:26 -05:00
Nick Mathewson
3033ba9f5e When OOM, free cached hidden service descriptors too. 2015-01-12 13:47:52 -05:00
Andrea Shepard
62f297fff0 Kill duplicated code in connection_listener_new() 2015-01-12 16:26:34 +00:00
Nick Mathewson
2d123efe7c Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-12 00:59:48 -05:00
Nick Mathewson
c9dd2d1a6a Merge remote-tracking branch 'public/bug14129_024' into maint-0.2.5 2015-01-12 00:59:29 -05:00
Nick Mathewson
e009c2da51 Fix unused-parameter warning in systemd_watchdog_callback 2015-01-11 11:19:51 -05:00
Tomasz Torcz
a8999acc3b fix and enable systemd watchdog
There were following problems:
  - configure.ac wrongly checked for defined HAVE_SYSTEMD; this
    wasn't working, so the watchdog code was not compiled in.
    Replace library search with explicit version check
  - sd_notify() watchdog call was unsetting NOTIFY_SOCKET from env;
    this means only first "watchdog ping" was delivered, each
    subsequent one did not have socket to be sent to and systemd
    was killing service
  - after those fixes, enable Watchdog in systemd unit with one
    minute intervals
2015-01-11 11:14:32 -05:00
Tomasz Torcz
2aa2d0a1c5 send more details about daemon status to supervisor
If running under systemd, send back information when reloading
configuration and gracefully shutting down.  This gives administator
more information about current Tor daemon state.
2015-01-11 11:14:14 -05:00
Tomasz Torcz
b17918726d send PID of the main daemon to supervisor
If running under systemd, notify the supervisor about current PID
of Tor daemon.  This makes systemd unit simpler and more robust:
it will do the right thing regardless of RunAsDaemon settings.
2015-01-11 11:14:08 -05:00
Nick Mathewson
180ecd6a2b Merge remote-tracking branch 'teor/nickm-bug13401' 2015-01-11 11:10:23 -05:00
Nick Mathewson
7b51667d63 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-11 11:05:31 -05:00
teor
b08cfc65a7 Don't crash on torrc Vi[rtualAddrNetworkIPv[4|6]] with no option value
Check for a missing option value in parse_virtual_addr_network
before asserting on the NULL in tor_addr_parse_mask_ports.
This avoids crashing on torrc lines like Vi[rtualAddrNetworkIPv[4|6]]
when no value follows the option.

Bugfix on 0.2.3 (de4cc126cb on 24 November 2012), fixes #14142.
2015-01-11 11:05:00 -05:00
Nick Mathewson
715fdfcb7b document rewrite_result_t and export for testing 2015-01-10 20:16:00 -05:00
Nick Mathewson
cd6a57e3d5 Move stream-closing out of rewrite code 2015-01-10 20:16:00 -05:00
Nick Mathewson
fc2831558c Split the rewrite part of rewrite-and-attach
I'd also like to split out the part that sends early socks responses.
2015-01-10 20:16:00 -05:00
Nick Mathewson
ddfdeb5659 More documentation for proposal 227 work 2015-01-10 15:44:32 -05:00
Nick Mathewson
c83d838146 Implement proposal 227-vote-on-package-fingerprints.txt
This implementation includes tests and a little documentation.
2015-01-10 15:09:07 -05:00
teor
ac2f90ed00 Speed up hidden service bootstrap by reducing the initial post delay
Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds,
but keep the default at 30 seconds.

Reduces the hidden service bootstrap to 25 seconds from around 45 seconds.
Change the default src/test/test-network.sh delay to 25 seconds.

Closes ticket 13401.
2015-01-10 22:34:29 +11:00
teor
f9d57473e1 Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard
TestingDirAuthVoteHSDir ensures that authorities vote the HSDir flag
for the listed relays regardless of uptime or ORPort connectivity.
Respects the value of VoteOnHidServDirectoriesV2.

Partial fix for bug 14067.
2015-01-10 22:34:28 +11:00
Nick Mathewson
e136606fe8 Smaller RendPostPeriod on test networks
This patch makes the minimum 5 seconds, and the default 2 minutes.

Closes 13401.
2015-01-10 22:34:28 +11:00
teor
f8ffb57bc4 Merge branch 'master' of https://git.torproject.org/tor into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/connection_edge.c
Merged in favour of origin.
2015-01-10 17:20:06 +11:00
teor
c200ab46b8 Merge branch 'bug14001-clang-warning' into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/router.c
Choose newer comment.
Merge changes to comment and function invocation.
2015-01-10 16:34:10 +11:00
Andrea Shepard
0729b2be53 Add support for a default list of paths and passing '0' to disable it to parse_unix_socket_config() 2015-01-09 20:49:54 +00:00
Nick Mathewson
69df16e376 Rewrite the logic for deciding when to drop old/superseded certificates
Fixes bug 11454, where we would keep around a superseded descriptor
if the descriptor replacing it wasn't at least a week later.  Bugfix
on 0.2.1.8-alpha.

Fixes bug 11457, where a certificate with a publication time in the
future could make us discard existing (and subsequent!) certificates
with correct publication times.  Bugfix on 0.2.0.3-alpha.
2015-01-09 10:28:59 -05:00
Nick Mathewson
33df3e37ff Allow two ISO times to appear in EntryGuardDownSince.
When I made time parsing more strict, I broke the
EntryGuardDownSince line, which relied on two concatenated ISO times
being parsed as a single time.

Fixes bug 14136. Bugfix on 7984fc1531. Bug not in any released
version of Tor.
2015-01-09 08:50:56 -05:00
Nick Mathewson
905287415b Avoid attempts to double-remove edge connections from the DNS resolver.
Also, avoid crashing when we attempt to double-remove an edge
connection from the DNS resolver: just log a bug warning instead.

Fixes bug 14129.  Bugfix on 0d20fee2fb, which was in 0.0.7rc1.

jowr found the bug.  cypherpunks wrote the fix.  I added the log
message and removed the assert.
2015-01-08 11:00:21 -05:00
Nick Mathewson
6f171003ce fix new mingw64 compilation warnings 2015-01-08 10:44:30 -05:00
Nick Mathewson
71f409606a Unconfuse coverity when it sees the systemd headers 2015-01-07 21:09:41 -05:00
Andrea Shepard
a3bcde3638 Downgrade open/close log message for SocksSocket 2015-01-07 22:57:51 +00:00
Andrea Shepard
2ca1c386b0 Bring sanity to connection_listener_new() 2015-01-07 22:51:24 +00:00
Andrea Shepard
48633c0766 Rename is_tcp in connection_listener_new(), since AF_UNIX means SOCK_STREAM no longer implies TCP 2015-01-07 19:45:59 +00:00
Andrea Shepard
c6451e4c9f Refactor check_location_for_unix_socket()/check_location_for_socks_unix_socket() to eliminate duplicated code 2015-01-07 19:17:04 +00:00
Nick Mathewson
f8baa40c01 GETINFO bw-event-cache to get information on recent BW events
Closes 14128; useful to regain functionality lost because of 13988.
2015-01-07 13:19:43 -05:00
Nick Mathewson
90db39448d Downgrade warnings about extrainfo incompatibility when reading cache
Fixes  13762.
2015-01-07 13:11:06 -05:00
Jacob Appelbaum
8d59ddf3cb Commit second draft of Jake's SOCKS5-over-AF_UNIX patch. See ticket #12585.
Signed-off-by: Andrea Shepard <andrea@torproject.org>
2015-01-07 17:42:57 +00:00
Nick Mathewson
1abd526c75 Merge remote-tracking branch 'public/bug12985_025' 2015-01-07 11:55:50 -05:00
Nick Mathewson
7dd852835c Merge remote-tracking branch 'public/bug13988_025' 2015-01-07 11:45:24 -05:00
Nick Mathewson
fb68f50761 Lower the delay before saving guard status to disk
"Maybe this time should be reduced, since we are considering
guard-related changes as quite important? It would be a pity to
settle on a guard node, then close the Tor client fast and lose that
information."

Closes 12485.
2015-01-07 10:39:44 -05:00
Nick Mathewson
da26bb646e Turn entry_guards_changed constants into symbolic constants 2015-01-07 10:37:33 -05:00
Nick Mathewson
b56c7614b6 When closing circs build through a new guard, only close local ones
If we decide not to use a new guard because we want to retry older
guards, only close the locally-originating circuits passing through
that guard. Previously we would close all the circuits.

Fixes bug 9819; bugfix on 0.2.1.1-alpha. Reported by "skruffy".
2015-01-07 10:27:22 -05:00
Nick Mathewson
79aaad952f appease "make check-spaces" 2015-01-07 10:09:09 -05:00
Nick Mathewson
cb54cd6745 Merge branch 'bug9286_v3_squashed' 2015-01-07 10:06:50 -05:00
Nick Mathewson
7984fc1531 Stop accepting milliseconds in various directory contexts
Have clients and authorities both have new behavior, since the
fix for bug 11243 has gone in.  But make clients still accept
accept old bogus HSDir descriptors, to avoid fingerprinting trickery.

Fixes bug 9286.
2015-01-07 10:05:55 -05:00
Nick Mathewson
49dca8b1be Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-07 07:50:14 -05:00
Sebastian Hahn
2b9d48791d Enlarge the buffer for a line in a bw file 2015-01-07 12:44:16 +01:00
Nick Mathewson
7c5a45575f Spelling -- readyness->readiness. 2015-01-06 17:10:27 -05:00
Nick Mathewson
6bb31cba12 New option "--disable-system-torrc" to not read torrc from etc
Implements 13037.
2015-01-06 17:07:40 -05:00
Nick Mathewson
14dedff0ab Drop assumption that get_torrc_fname() can't return NULL. 2015-01-06 17:06:55 -05:00
Nick Mathewson
9396005428 Remove a check for an ancient bad dirserver fingerprint 2015-01-06 16:28:11 -05:00
Nick Mathewson
ae9efa863e Merge remote-tracking branch 'public/bug13661_025' 2015-01-06 15:16:28 -05:00
Nick Mathewson
90b9e23bec Merge branch 'exitnode_10067_squashed'
Conflicts:
	src/or/or.h
2015-01-06 15:15:18 -05:00
Nick Mathewson
35efce1f3f Add an ExitRelay option to override ExitPolicy
If we're not a relay, we ignore it.

If it's set to 1, we obey ExitPolicy.

If it's set to 0, we force ExitPolicy to 'reject *:*'

And if it's set to auto, then we warn the user if they're running an
exit, and tell them how they can stop running an exit if they didn't
mean to do that.

Fixes ticket 10067
2015-01-06 14:31:20 -05:00
Nick Mathewson
3401c34151 Merge remote-tracking branch 'public/bug14116_025' 2015-01-06 14:28:02 -05:00
Nick Mathewson
a034863b45 Merge remote-tracking branch 'public/bug12509_025' 2015-01-06 14:15:08 -05:00
Nick Mathewson
cf2ac8e255 Merge remote-tracking branch 'public/feature11791' 2015-01-06 13:52:54 -05:00
Nick Mathewson
082bfd3b55 Merge remote-tracking branch 'tvdw/from-the-archive' 2015-01-06 13:44:13 -05:00
Tom van der Woerdt
5d322e6ef6 Whitespace fix 2015-01-06 19:41:29 +01:00
Tom van der Woerdt
4385211caf Minor IPv6-related memory leak fixes 2015-01-06 19:40:23 +01:00
Tom van der Woerdt
f5f80790d2 Minor documentation fixes 2015-01-06 19:39:52 +01:00
Nick Mathewson
d74f0cff92 make "make test-stem" run stem tests on tor
Closes ticket 14107.
2015-01-06 09:03:44 -05:00
Nick Mathewson
6d6643298d Don't crash on malformed EXTENDCIRCUIT.
Fixes 14116; bugfix on ac68704f in 0.2.2.9-alpha.
2015-01-06 08:49:57 -05:00
Nick Mathewson
276700131a Tolerate starting up with missing hidden service directory
Fixes bug 14106; bugfix on 0.2.6.2-alpha

Found by stem tests.
2015-01-05 11:39:38 -05:00
Nick Mathewson
b06b783fa0 Tolerate relative paths for torrc files with RunAsDaemon
We had a check to block these, but the patch we merged as a1c1fc72
broke this check by making them absolute on demand every time we
opened them.  That's not so great though. Instead, we should make them
absolute on startup, and not let them change after that.

Fixes bug 13397; bugfix on 0.2.3.11-alpha.
2015-01-04 19:34:38 -05:00
Nick Mathewson
8ef6cdc39f Prevent changes to other options from removing . from AutomapHostsSuffixes
This happened because we changed AutomapHostsSuffixes to replace "."
with "", since a suffix of "" means "match everything."  But our
option handling code for CSV options likes to remove empty entries
when it re-parses stuff.

Instead, let "." remain ".", and treat it specially when we're
checking for a match.

Fixes bug 12509; bugfix on 0.2.0.1-alpha.
2015-01-04 17:28:54 -05:00
Nick Mathewson
74cd57517c New option "HiddenServiceAllowUnknownPorts"
This allows hidden services to disable the anti-scanning feature
introduced in 0.2.6.2-alpha. With this option not set, a connection
to an unlisted port closes the circuit.  With this option set, only
a RELAY_DONE cell is sent.

Closes ticket #14084.
2015-01-03 12:34:52 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
Nick Mathewson
ac632a784c Coalesce v0 and v1 fields of rend_intro_cell_t
This saves a tiny bit of code, and makes a longstanding coverity
false positive go away.
2014-12-30 12:07:39 -05:00
Nick Mathewson
f2e4423bd2 Merge remote-tracking branch 'yawning/bug13315_fixup' 2014-12-30 11:46:56 -05:00
Yawning Angel
d87d4183ee Allow IPv4 and IPv6 addresses in SOCKS5 FQDN requests.
Supposedly there are a decent number of applications that "support"
IPv6 and SOCKS5 using the FQDN address type.  While said applications
should be using the IPv6 address type, allow the connection if
SafeSocks is not set.

Bug not in any released version.
2014-12-30 16:36:16 +00:00
Nick Mathewson
9765ae4447 Missing semicolon; my bad 2014-12-30 10:00:11 -05:00
Nick Mathewson
5b770ac7b7 Merge branch 'no-exit-bootstrap-squashed' 2014-12-30 09:06:47 -05:00
teor
2b8e1f9133 Fix Reachability self-tests in test networks
Stop assuming that private addresses are local when checking
reachability in a TestingTorNetwork. Instead, when testing, assume
all OR connections are remote. (This is necessary due to many test
scenarios running all nodes on localhost.)

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13924.
2014-12-30 09:06:00 -05:00
teor
c3a4201faa Add "internal" to some bootstrap statuses when no exits are available.
If the consensus does not contain Exits, Tor will only build internal
circuits. In this case, relevant statuses will contain the word "internal"
as indicated in the Tor control-spec.txt. When bootstrap completes,
Tor will be ready to handle an application requesting an internal
circuit to hidden services at ".onion" addresses.

If a future consensus contains Exits, exit circuits may become available.

Tor already notifies the user at "notice" level if they have no exits in
the consensus, and can therefor only build internal paths.

Consequential change from #13718.
2014-12-30 09:06:00 -05:00
teor
cb94f7534d Avoid building exit circuits from a consensus with no exits
Tor can now build circuits from a consensus with no exits.
But if it tries to build exit circuits, they fail and flood the logs.

The circuit types in the Exit Circuits list below will only be
built if the current consensus has exits. If it doesn't,
only the Internal Circuits will be built. (This can change
with each new consensus.)
Fixes bug #13814, causes fewer path failures due to #13817.

Exit Circuits:
    Predicted Exit Circuits
    User Traffic Circuits
    Most AP Streams
    Circuits Marked Exit
    Build Timeout Circuits (with exits)

Internal Circuits:
    Hidden Service Server Circuits
    Hidden Service Client Circuits
    Hidden Service AP Streams
    Hidden Service Intro Point Streams
    Circuits Marked Internal
    Build Timeout Circuits (with no exits)
    Other Circuits?
2014-12-30 09:06:00 -05:00
teor
55ad54e014 Allow tor to build circuits using a consensus with no exits
If the consensus has no exits (typical of a bootstrapping
test network), allow tor to build circuits once enough
descriptors have been downloaded.

When there are no exits, we always have "enough"
exit descriptors. (We treat the proportion of available
exit descriptors as 100%.)

This assists in bootstrapping a testing Tor network.

Fixes bug 13718.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
(But still useful for speeding up a bootstrap.)
2014-12-30 09:06:00 -05:00
teor
9b2d106e49 Check if there are exits in the consensus
Add router_have_consensus_path() which reports whether
the consensus has exit paths, internal paths, or whether it
just doesn't know.

Used by #13718 and #13814.
2014-12-30 09:06:00 -05:00
teor
d812baf54c Refactor count_usable_descriptors to use named enums for exit_only
count_usable_descriptors now uses named exit_only values:
  USABLE_DESCRIPTOR_ALL
  USABLE_DESCRIPTOR_EXIT_ONLY

Add debug logging code for descriptor counts.

This (hopefully) resolves nickm's request in bug 13718 to improve
argument readability in nodelist.c.
2014-12-30 09:06:00 -05:00
teor
22a1e9cac1 Avoid excluding guards from path building in minimal test networks
choose_good_entry_server() now excludes current entry
guards and their families, unless we're in a test network,
and excluding guards would exclude all nodes.

This typically occurs in incredibly small tor networks,
and those using TestingAuthVoteGuard *

This is an incomplete fix, but is no worse than the previous
behaviour, and only applies to minimal, testing tor networks
(so it's no less secure).

Discovered as part of #13718.
2014-12-30 09:06:00 -05:00
Nick Mathewson
e936b9b47d Merge remote-tracking branch 'dgoulet/bug13667_025_v4' 2014-12-30 08:34:48 -05:00
David Goulet
88901c3967 Fix: mitigate as much as we can HS port scanning
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.

This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.

Fixes #13667.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-29 16:29:09 -05:00
Nick Mathewson
e85f0c650c Merge branch 'resolvemyaddr_squashed' 2014-12-29 10:00:34 -05:00
rl1987
28217b969e Adding comprehensive test cases for resolve_my_address.
Also, improve comments on resolve_my_address to explain what it
actually does.
2014-12-29 09:59:47 -05:00
Nick Mathewson
38af3b983f Improve a notice message in dirvote.c. (Roger asked for this.) 2014-12-26 19:14:56 -05:00
teor
2d199bdffe Fix grammar in comment on running_long_enough_to_decide_unreachable 2014-12-26 00:54:10 +11:00
teor
5710b83d5d Fix a function name in a comment in config.c 2014-12-26 00:54:09 +11:00
teor
0275b68764 Fix log messages in channeltls.c
Add hop number in debug "Contemplating intermediate hop..."
Fix capitalisation on warn "Failed to choose an exit server"
2014-12-26 00:53:58 +11:00
Nick Mathewson
f9ba0b76cd Merge remote-tracking branch 'teor/bug13718-consensus-interval' 2014-12-23 14:25:37 -05:00
teor
8a8797f1e4 Fix If-Modified-Since in rapidly updating Tor networks
When V3AuthVotingInterval is low, decrease the delay on the
If-Modified-Since header passed to directory servers.
This allows us to obtain consensuses promptly when the consensus
interval is very short.

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13963.
2014-12-24 06:13:32 +11:00
teor
1ee41b3eef Allow consensus interval of 10 seconds when testing
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)

Fix code that assumes larger interval values.

This assists in quickly bootstrapping a testing
Tor network.

Fixes bugs 13718 & 13823.
2014-12-24 06:13:32 +11:00
teor
083c58f126 Fix TestingMinExitFlagThreshold 0
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.

This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
2014-12-24 06:13:32 +11:00
Nick Mathewson
d7776315df Merge remote-tracking branch 'public/bug13811_025' 2014-12-23 13:02:37 -05:00
Francisco Blas Izquierdo Riera (klondike)
c83f180116 Fix Matthews code to actually use tmp
Matthew's autoaddr code returned an undecorated address when trying to check
that the code didn't insert an undecorated one into the map.

This patch fixes this by actually storing the undecorated address in tmp
instead of buf as it was originally intended.

This patch is released under the same license as the original file as
long as the author iscredited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 12:55:48 -05:00
Nick Mathewson
6285d9bdcf Fix compilation on platforms without IP6T_SO_ORIGINAL_DST 2014-12-23 11:36:27 -05:00
Nick Mathewson
2f46e5e755 Adjust systemd watchdog support
Document why we divide it by two.

Check for > 0 instead of nonzero for success, since that's what the
manpage says.

Allow watchdog timers greater than 1 second.
2014-12-23 11:27:18 -05:00
Michael Scherer
29ac883606 Add support for systemd watchdog protocol
It work by notifying systemd on a regular basis. If
there is no notification, the daemon is restarted.
This requires a version newer than the 209 version
of systemd, as it is not supported before.
2014-12-23 11:22:42 -05:00
Michael Scherer
aabaed6f49 add support for systemd notification protocol
This permit for now to signal readiness in a cleaner way
to systemd.
2014-12-23 11:06:01 -05:00
Nick Mathewson
d151a069e9 tweak whitespace; log bad socket family if bug occurs 2014-12-23 10:53:40 -05:00
Francisco Blas Izquierdo Riera (klondike)
39e71d8fa5 Use the appropriate call to getsockopt for IPv6 sockets
The original call to getsockopt to know the original address on transparently
proxyed sockets using REDIRECT in iptables failed with IPv6 addresses because
it assumed all sockets used IPv4.

This patch fixes this by using the appropriate options and adding the headers
containing the needed definitions for these.

This patch is released under the same license as the original file as
long as the author iscredited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
2014-12-23 10:51:33 -05:00
Nick Mathewson
03d2df62f6 Fix a bunch of memory leaks in the unit tests. Found with valgrind 2014-12-22 12:27:26 -05:00
Nick Mathewson
6830667d58 Increase bandwidth usage report interval to 4 hours. 2014-12-22 12:24:13 -05:00
Nick Mathewson
b94cb401d2 Coverity complained that we were not checking this return value 2014-12-22 11:13:11 -05:00
Nick Mathewson
1c05dfd0b6 Merge branch 'ticket7356_squashed' 2014-12-21 14:48:53 -05:00
rl1987
af1469b9a3 Fixing mistake in comment. 2014-12-21 14:48:39 -05:00
rl1987
f6cc4d35b0 Using channel state lookup macros in connection_or.c. 2014-12-21 14:48:39 -05:00
rl1987
fc7d5e598b Using CHANNEL_FINISHED macro in connection.c 2014-12-21 14:48:38 -05:00
rl1987
551221bad6 Using channel state lookup macros in circuitlist.c. 2014-12-21 14:48:38 -05:00
rl1987
7473160765 Using CHANNEL_IS_OPEN macro in circuitbuild.c 2014-12-21 14:48:38 -05:00
rl1987
5a7dd44d6e Using channel state lookup macros in circuitbias.c. 2014-12-21 14:48:38 -05:00
rl1987
668edc5132 Using channel state lookup macros in channeltls.c 2014-12-21 14:48:38 -05:00
rl1987
032d44226e Use channel state lookup macros in channel.c 2014-12-21 14:48:38 -05:00
rl1987
b884ae6d98 Using macros and inline function for quick lookup of channel state. 2014-12-21 14:48:38 -05:00
Nick Mathewson
647a90b9b3 Merge remote-tracking branch 'teor/bug14002-osx-transproxy-ipfw-pf' 2014-12-21 13:37:40 -05:00
teor
6fad395300 Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

Fixes bug 14001.
2014-12-21 13:35:03 -05:00
teor
d93516c445 Fix transparent proxy checks to allow OS X to use ipfw or pf
OS X uses ipfw (FreeBSD) or pf (OpenBSD). Update the transparent
proxy option checks to allow for both ipfw and pf on OS X.

Fixes bug 14002.
2014-12-20 22:28:58 +11:00
teor
6a9cae2e1d Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

A comment about an IPv6 address string incorrectly refers
to an IPv4 address format.

A log buffer is sized 10024 rather than 10240.

Fixes bug 14001.
2014-12-20 22:20:54 +11:00
Nick Mathewson
64787e99fa Merge branch 'asn-karsten-task-13192-5-squashed' 2014-12-19 10:35:47 -05:00
George Kadianakis
14e83e626b Add two hidden-service related statistics.
The two statistics are:
 1. number of RELAY cells observed on successfully established
    rendezvous circuits; and
 2. number of .onion addresses observed as hidden-service
    directory.

Both statistics are accumulated over 24 hours, obfuscated by rounding
up to the next multiple of a given number and adding random noise,
and written to local file stats/hidserv-stats.

Notably, no statistics will be gathered on clients or services, but
only on relays.
2014-12-19 10:35:25 -05:00
Nick Mathewson
eee248bc59 Merge remote-tracking branch 'dgoulet/bug13936_025_v2' 2014-12-19 09:38:46 -05:00
David Goulet
3d83907ab1 Fix: call circuit_has_opened() for rendezvous circuit
In circuit_get_open_circ_or_launch(), for a rendezvous circuit,
rend_client_rendcirc_has_opened() but circuit_has_opened() is preferred here
since it will call the right function for a specific circuit purpose.

Furthermore, a controller event is triggered where the former did not.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-17 16:06:53 -05:00
Nick Mathewson
f7e8bc2b4b fix a long line 2014-12-12 08:54:07 -05:00
Nick Mathewson
915c9a517e Merge remote-tracking branch 'meejah/ticket-13941-b' 2014-12-12 08:53:14 -05:00
Nick Mathewson
7c5d888977 Tweak 13942 fix 2014-12-12 08:49:52 -05:00
meejah
85bfad1875 Pre-check hidden-service-dir permissions/ownership
See ticket #13942 where Tor dies if you feed it a hidden service
directory with the wrong owner via SETCONF.
2014-12-11 18:46:56 -07:00
meejah
76753efd7b Fix 13941: make calling log_new_relay_greeting() optional.
Specifically, only if we're creating secret_id_key do we log the
greeting (and then only if the key is actually created).
2014-12-11 18:43:51 -07:00
Roger Dingledine
b73a7600af when somebody uploads too much, say who tried it 2014-12-10 01:10:44 -05:00
rl1987
9c239eccc9 Use END_CIRC_REASON_TORPROTOCOL instead of magic number. 2014-12-07 15:47:09 +02:00
Nick Mathewson
430f5852ac Fix a signed/unsigned comparison warning in scheduler_run 2014-11-28 09:18:17 -05:00
Nick Mathewson
0bfadbf4b9 Fix a memory leak in rend_services_introduce
This is CID 1256187 ; bug not in any released tor.
2014-11-27 23:24:03 -05:00
Nick Mathewson
e2641484a7 One more, appease "make check-spaces" 2014-11-27 22:57:04 -05:00
Nick Mathewson
b1e1b439b8 Fix some issues with the scheduler configuration options
1) Set them to the values that (according to Rob) avoided performance
   regressions.  This means that the scheduler won't get much exercise
   until we implement KIST or something like it.

2) Rename the options to end with a __, since I think they might be
   going away, and nobody should mess with them.

3) Use the correct types for the option variables. MEMUNIT needs to be a
   uint64_t; UINT needs to be (I know, I know!) an int.

4) Validate the values in options_validate(); do the switch in
   options_act(). This way, setting the option to an invalid value on
   a running Tor will get backed out.
2014-11-27 22:51:13 -05:00
Nick Mathewson
0e0dc7d787 Fix a 64-bit clang warning 2014-11-27 22:42:03 -05:00
Nick Mathewson
a28df3fb67 Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'
Conflicts:
	src/or/or.h
	src/test/Makefile.nmake
2014-11-27 22:39:46 -05:00
Nick Mathewson
3d2366c676 Merge remote-tracking branch 'public/bug13126'
Conflicts:
	src/or/or.h
2014-11-26 09:03:30 -05:00
Nick Mathewson
3a91a08e21 Merge branch 'feature9503_squashed' 2014-11-25 12:49:09 -05:00
rl1987
bf67a60b86 Sending response to SIGNAL HEARTBEAT controller command. 2014-11-25 12:48:41 -05:00
rl1987
8c135062e5 Adding 'SIGNAL HEARTBEAT' message that causes unscheduled heartbeat. 2014-11-25 12:48:41 -05:00
Nick Mathewson
6218f48950 Use consistent formatting for list of directory authorities
Based on a patch from grpamp on tor-dev.
2014-11-24 01:34:17 -05:00
Nick Mathewson
336c856e52 Make can_complete_circuits a static variable. 2014-11-20 12:03:46 -05:00
Nick Mathewson
f15cd22bb7 Don't build introduction circuits until we know we can build circuits
Patch from akwizgran.  Ticket 13447.
2014-11-20 11:51:36 -05:00
Nick Mathewson
126f220071 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-19 17:27:37 -05:00
Nick Mathewson
0872d8e3cf Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-11-19 17:26:42 -05:00
Micah Anderson
dca902ceba
Update longclaw dirauth IP to be a more stable location 2014-11-19 17:22:25 -05:00
Nick Mathewson
b3bd7a736c Remove Support022HiddenServices
This has been already disabled in the directory consensus for a while;
it didn't seem to break anything.

Finally closes #7803.
2014-11-17 11:52:10 -05:00
Nick Mathewson
734ba5cb0a Use smaller zlib objects when under memory pressure
We add a compression level argument to tor_zlib_new, and use it to
determine how much memory to allocate for the zlib object.  We use the
existing level by default, but shift to smaller levels for small
requests when we have been over 3/4 of our memory usage in the past
half-hour.

Closes ticket 11791.
2014-11-17 11:43:50 -05:00
rl1987
620e251dcc Rewriting comment for control_event_hs_descriptor_failed(). 2014-11-16 16:06:00 +02:00
rl1987
0db96d023b Adding REASON field to HS_DESC FAILED controller event. 2014-11-16 15:51:23 +02:00
Nick Mathewson
5c813f6ca1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-12 15:32:15 -05:00
Nick Mathewson
6c146f9c83 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-11-12 15:30:11 -05:00
Micah Anderson
b6e7b8c88c Remove turtles as a directory authority (#13296) 2014-11-12 15:25:52 -05:00
Micah Anderson
ad448c6405 Add longclaw as a directory authority (#13296) 2014-11-12 15:25:52 -05:00
Nick Mathewson
a3dafd3f58 Replace operators used as macro arguments with OP_XX macros
Part of fix for 13172
2014-11-12 13:28:07 -05:00
Nick Mathewson
d85270e13c Reenhappy make check-spaces 2014-11-12 13:15:10 -05:00
Nick Mathewson
81433e7432 Merge remote-tracking branch 'rl1987/bug13644' 2014-11-12 13:12:14 -05:00
Nick Mathewson
99e2a325f6 Merge remote-tracking branch 'rl1987/bug9812' 2014-11-12 10:27:12 -05:00
Nick Mathewson
a87c697fb1 Merge remote-tracking branch 'public/bug13698_024_v1' 2014-11-12 10:23:55 -05:00
rl1987
a6520ed537 Renaming ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN. 2014-11-11 20:56:40 +02:00
rl1987
f9d73eea9c Comment possible values of was_router_added_t. 2014-11-11 20:37:39 +02:00
David Goulet
34eb007d22 Fix: don't report timeout when closing parallel intro points
When closing parallel introduction points, the given reason (timeout)
was actually changed to "no reason" thus when the circuit purpose was
CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT, we were reporting an introduction
point failure and flagging it "unreachable". After three times, that
intro point gets removed from the rend cache object.

In the case of CIRCUIT_PURPOSE_C_INTRODUCING, the intro point was
flagged has "timed out" and thus not used until the connection to the HS
is closed where that flag gets reset.

This commit adds an internal circuit reason called
END_CIRC_REASON_IP_NOW_REDUNDANT which tells the closing circuit
mechanism to not report any intro point failure.

This has been observed while opening hundreds of connections to an HS on
different circuit for each connection. This fix makes this use case to
work like a charm.

Fixes #13698.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-11-10 15:02:54 -05:00
rl1987
7025f2dc59 Print a warning when extra info document is found incompatible with router descriptor. 2014-11-09 17:41:18 +02:00
teor
fd7e9e9030 Stop failing when key files are zero-length
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
2014-11-08 20:31:20 +11:00
David Goulet
151f5f90b8 Wrong format in log statement
Fixes bug 13701.
2014-11-07 11:44:41 -05:00
Nick Mathewson
4df419a4b1 Merge remote-tracking branch 'meejah/ticket-11291-extra-utests'
Conflicts:
	src/or/config.c
2014-11-05 14:11:47 -05:00
Nick Mathewson
fc62721b06 Fix version number parsing to allow 2- and 3-part versions.
Fixes bug 13661; bugfix on 0.0.8pre1.
2014-11-05 13:29:28 -05:00
Nick Mathewson
ce147d33f5 Fix a wide line I introduced 2014-11-04 09:56:46 -05:00
Nick Mathewson
9619c395ac Merge remote-tracking branch 'andrea/ticket6456'
Somewhat tricky conflicts:
	src/or/config.c

Also, s/test_assert/tt_assert in test_config.c
2014-11-04 09:52:04 -05:00
Nick Mathewson
60c86a3b79 Merge branch 'bug13315_squashed'
Conflicts:
	src/or/buffers.c
2014-11-04 00:48:25 -05:00
rl1987
51e2473618 Sending 'Not allowed' error message before closing the connection. 2014-11-04 00:37:24 -05:00
rl1987
0da4ddda4f Checking if FQDN is actually IPv6 address string and handling that case. 2014-11-04 00:37:24 -05:00
rl1987
2862b769de Validating SOCKS5 hostname more correctly. 2014-11-04 00:36:42 -05:00
Nick Mathewson
593909ea70 Merge remote-tracking branch 'public/bug13214_025_squashed' 2014-11-04 00:24:56 -05:00
Nick Mathewson
b10e5ac7b8 Check descriptor ID in addition to HS ID when saving a v2 hs descriptor
Fixes bug 13214; reported by 'special'.
2014-11-04 00:24:15 -05:00
David Goulet
71355e1db9 Add comments and rename intro_nodes list in rend_services_introduce()
(No changes file needed: this patch just adds comments and renames
variables. This is ticket 13646. message taken from the ticket. -Nick)
2014-11-04 00:19:31 -05:00
Nick Mathewson
415a841378 Remove smartlist_choose_node_by_bandwidth()
We were only using it when smartlist_choose_node_by_bandwidth_weights
failed.  But that function could only fail in the presence of
buggy/ancient authorities or in the absence of a consensus.  Either
way, it's better to use sensible defaults and a nicer algorithm.
2014-11-03 13:30:19 -05:00
Nick Mathewson
bbd8d07167 Apply new calloc coccinelle patch 2014-11-02 11:56:02 -05:00
Nick Mathewson
efd5001c3b Use digest256_len in networkstatus_copy_old_consensus_info()
Now, if a router ever changes its microdescriptor, but the new
microdescriptor SHA256 hash has the same 160-bit prefix as the old
one, we treat it as a new microdescriptor when deciding whether to
copy status information.

(This function also is used to compare SHA1 digests of router
descriptors, but don't worry: the descriptor_digest field either holds
a SHA256 hash, or a SHA1 hash padded with 0 bytes.)
2014-10-31 11:36:31 -04:00
Nick Mathewson
dc05b8549a Use digest256map for computing microdescriptor downloads 2014-10-31 11:32:32 -04:00
teor
13298d90a9 Silence spurious clang warnings
Silence clang warnings under --enable-expensive-hardening, including:
  + implicit truncation of 64 bit values to 32 bit;
  + const char assignment to self;
  + tautological compare; and
  + additional parentheses around equality tests. (gcc uses these to
    silence assignment, so clang warns when they're present in an
    equality test. But we need to use extra parentheses in macros to
    isolate them from other code).
2014-10-30 22:34:46 +11:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
rl1987
14d59fdc10 Updating message that warns about running out of sockets we can use. 2014-10-28 14:13:25 -04:00
rl1987
f1ebe6bda4 Fix smartlist_choose_node_by_bandwidth() so that it rejects ORs with BadExit flag. 2014-10-28 14:07:08 -04:00
Nick Mathewson
2c884fd8cc Merge remote-tracking branch 'rl1987/feature10427' 2014-10-28 14:03:40 -04:00
Nick Mathewson
0793ef862b Merge remote-tracking branch 'sebastian/bug13286' 2014-10-27 12:12:16 -04:00
Sebastian Hahn
909aa51b3f Remove configure option to disable curve25519
By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.
2014-10-27 14:41:19 +01:00
rl1987
36e771628e Congratulate relay operator when OR is first started
When Tor first generates identity keypair, emit a log message that
thanks for their participation and points to new Tor relay lifecycle
document.
2014-10-26 21:53:48 +02:00
Nick Mathewson
f5fc7e3306 Fix a crash bug introduced in 223d354e3.
Arma found this and commented on #11243.  Bug not in any released
version of Tor.
2014-10-26 14:09:03 -04:00
teor
c9d0967dd9 Fix minor typos, two line lengths, and a repeated include 2014-10-23 02:57:11 +11:00
Nick Mathewson
8e4daa7bb0 Merge remote-tracking branch 'public/ticket6938'
Conflicts:
	src/tools/tor-resolve.c
2014-10-22 10:14:03 -04:00
Nick Mathewson
e3d166b7a6 Merge remote-tracking branch 'teor/memwipe-more-keys' 2014-10-20 11:12:51 -04:00
Nick Mathewson
2d4c40ee5f Fix a use-after-free error in cleaned-up rouerlist code.
Bug not in any released tor.  This is CID 1248521
2014-10-20 09:04:53 -04:00
teor
2e1f5c1fc0 Memwipe more keys after tor has finished with them
Ensure we securely wipe keys from memory after
crypto_digest_get_digest and init_curve25519_keypair_from_file
have finished using them.

Fixes bug 13477.
2014-10-20 03:06:28 +11:00
Nick Mathewson
fc5cab4472 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-16 13:29:14 -04:00
Nick Mathewson
fb91d647ac Downgrade 'invalid result from curve25519 handshake: 4' warning
Also, refactor the way we handle failed handshakes so that this
warning doesn't propagate itself to "onion_skin_client_handshake
failed" and "circuit_finish_handshake failed" and
"connection_edge_process_relay_cell (at origin) failed."

Resolves warning from 9635.
2014-10-16 13:26:42 -04:00
Nick Mathewson
ab4b29625d Downgrade 'unexpected sendme cell from client' to PROTOCOL_WARN
Closes 8093.
2014-10-16 13:04:11 -04:00
Nick Mathewson
a5cc5ad08d Merge remote-tracking branch 'yawning/bug13314' 2014-10-16 09:12:13 -04:00
Nick Mathewson
d950e24332 Merge remote-tracking branch 'public/bug11243_squashed' 2014-10-13 14:32:43 -04:00
Nick Mathewson
9df61d7028 Add comments to can_dl_again usage 2014-10-13 14:31:11 -04:00
Nick Mathewson
500c406364 Note that parse-list functions may add duplicate 'invalid' entries. 2014-10-13 14:31:11 -04:00
Nick Mathewson
223d354e34 Bugfixes on bug11243 fix for the not-added cases and tests
1. The test that adds things to the cache needs to set the clock back so
    that the descriptors it adds are valid.

 2. We split ROUTER_NOT_NEW into ROUTER_TOO_OLD, so that we can
    distinguish "already had it" from "rejected because of old published
    date".

 3. We make extrainfo_insert() return a was_router_added_t, and we
    make its caller use it correctly.  This is probably redundant with
    the extrainfo_is_bogus flag.
2014-10-13 14:31:11 -04:00
Nick Mathewson
39795e117f Use symbolic constants for statuses in microdescs_add_to_cache.
Suggested by Andrea in her review of 11243.
2014-10-13 14:31:10 -04:00
Nick Mathewson
b8e2be5557 Don't reset the download failure status of any object marked as impossible 2014-10-13 14:30:02 -04:00
Nick Mathewson
3efeb711f1 Unit tests for 11243: loading ri, ei, mds from lists
These tests make sure that entries are actually marked
undownloadable as appropriate.
2014-10-13 14:30:02 -04:00
Nick Mathewson
a30594605e Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum.  This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)

This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest.  (This excludes RSA signature problems: RSA signatures
aren't included in the digest.  This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures.  But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)

We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.

Unit tests to follow in another patch.

Closes ticket #11243.
2014-10-13 14:30:02 -04:00
Nick Mathewson
032e3b733f Merge remote-tracking branch 'isis/bug12951_r1' 2014-10-13 13:22:10 -04:00
Nick Mathewson
cd678ae790 Remove is_router_version_good_for_possible_guard()
The versions which this function would keep from getting the guard
flag are already blocked by the minimum version check.

Closes 13152.
2014-10-09 15:12:36 -04:00
Nick Mathewson
e5f9f287ce Merge remote-tracking branch 'teor/bug-13163-AlternateAuthorities-type-handling-fixed' 2014-10-09 10:55:09 -04:00
teor
31bf8f2690 Bitwise check BRIDGE_DIRINFO
Bitwise check for the BRIDGE_DIRINFO flag, rather than checking for
equality.

Fixes a (potential) bug where directories offering BRIDGE_DIRINFO,
and some other flag (i.e. microdescriptors or extrainfo),
would be ignored when looking for bridge directories.

Final fix in series for bug 13163.
2014-10-08 05:37:15 +11:00
teor
ff42222845 Improve DIRINFO flags' usage comments
Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in functions
which take them as arguments. Replace 0 with NO_DIRINFO in a function call
for clarity.

Seeks to prevent future issues like 13163.
2014-10-08 05:36:54 +11:00
teor
c1dd43d823 Stop using default authorities with both Alternate Dir and Bridge Authority
Stop using the default authorities in networks which provide both
AlternateDirAuthority and AlternateBridgeAuthority.

This bug occurred due to an ambiguity around the use of NO_DIRINFO.
(Does it mean "any" or "none"?)

Partially fixes bug 13163.
2014-10-08 05:36:54 +11:00
Andrea Shepard
12b6c7df4a Make queue thresholds and flush size for global scheduler into config options 2014-10-07 09:53:57 -07:00
Yawning Angel
c8132aab92 Send back SOCKS5 errors for all of the address related failures.
Cases that now send errors:
 * Malformed IP address (SOCKS5_GENERAL_ERROR)
 * CONNECT/RESOLVE request with IP, when SafeSocks is set
   (SOCKS5_NOT_ALLOWED)
 * RESOLVE_PTR request with FQDN (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED)
 * Malformed FQDN (SOCKS5_GENERAL_ERROR)
 * Unknown address type (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED)

Fixes bug 13314.
2014-10-01 14:16:59 +00:00
teor
27f30040f6 Add TestingDirAuthVoteExit option (like TestingDirAuthVoteGuard)
Add the TestingDirAuthVoteExit option, a list of nodes to vote Exit for,
regardless of their uptime, bandwidth, or exit policy.

TestingTorNetwork must be set for this option to have any effect.

Works around an issue where authorities would take up to 35 minutes to
give nodes the Exit flag in a test network, despite short consensus
intervals. Partially implements ticket 13161.
2014-10-01 17:44:21 +10:00
Andrea Shepard
99d312c293 Make channel_flush_some_cells() mockable 2014-09-30 23:14:59 -07:00
Andrea Shepard
dc3af04ba8 Make scheduler_compare_channels() mockable 2014-09-30 23:14:58 -07:00
Andrea Shepard
f8ceb0f028 Make scheduler_run() mockable 2014-09-30 23:14:58 -07:00
Andrea Shepard
b7125961de Expose scheduler_compare_channels() to test suite 2014-09-30 23:14:58 -07:00
Andrea Shepard
c5f73e52e5 Make circuitmux_compare_muxes() and circuitmux_get_policy() mockable 2014-09-30 23:14:58 -07:00
Andrea Shepard
71a9ed6feb Make some scheduler.c static functions visible to the test suite 2014-09-30 23:14:57 -07:00
Andrea Shepard
9869254608 Make scheduler.c static globals visible to test suite 2014-09-30 23:14:25 -07:00
Andrea Shepard
a2de0a1034 Make buf_datalen() mockable 2014-09-30 23:14:25 -07:00
Andrea Shepard
3b080230e9 Make connection_or_connect() mockable 2014-09-30 23:14:24 -07:00
Andrea Shepard
3bc7108d2c Make is_local_addr() mockable 2014-09-30 23:14:24 -07:00
Andrea Shepard
452bce6c72 Make channel_dump_statistics() mockable 2014-09-30 23:14:23 -07:00
Andrea Shepard
5a24ff0563 What the hell was I on? 2014-09-30 23:14:23 -07:00
Andrea Shepard
9eea42f844 Make channel_flush_from_first_active_circuit() mockable 2014-09-30 23:14:02 -07:00
Andrea Shepard
5b7a58f7c4 Make circuitmux_num_cells() mockable 2014-09-30 23:14:02 -07:00
Andrea Shepard
ae3ed185e4 Let channel unit tests mess with global queue estimate 2014-09-30 23:14:01 -07:00
Andrea Shepard
bbb06b73cd Expose some channel cell queue stuff to the test suite 2014-09-30 23:09:15 -07:00
Andrea Shepard
2ee69bd5d7 Expose get_unique_circ_id_by_chan() to test suite 2014-09-30 23:09:14 -07:00
Andrea Shepard
ade60890d0 Make scheduler_channel_doesnt_want_writes() mockable 2014-09-30 23:09:14 -07:00
Andrea Shepard
fd57840a77 Make scheduler_channel_doesnt_want_writes() mockable 2014-09-30 22:54:10 -07:00
Andrea Shepard
85ee070852 Make scheduler_release_channel() mockable 2014-09-30 22:49:58 -07:00
Andrea Shepard
8907554cf3 Make channel_note_destroy_not_pending() mockable 2014-09-30 22:49:58 -07:00
Andrea Shepard
dabf4c33e2 Refactor channel_get_cell_queue_entry_size() to avoid an unreachable line for test coverage, and fix a nasty lurking memory bug in channel_flush_some_cells_from_outgoing_queue() 2014-09-30 22:49:58 -07:00
Andrea Shepard
ac1b627e85 Implement scheduler_touch_channel() 2014-09-30 22:49:58 -07:00
Andrea Shepard
ed1927d6bf Use a non-stupid data structure in the scheduler 2014-09-30 22:49:56 -07:00
Andrea Shepard
3530825c53 Eliminate some unnecessary smartlists in scheduler.c 2014-09-30 22:49:36 -07:00
Andrea Shepard
63bb9a795e Fix compiler warning 2014-09-30 22:49:36 -07:00
Andrea Shepard
55907da28d Sort the scheduler's channel list by cmux comparisons 2014-09-30 22:49:36 -07:00
Andrea Shepard
700d6e7525 Add inter-cmux comparison support to circuitmux_ewma.c 2014-09-30 22:49:35 -07:00
Andrea Shepard
9db596d2ef Add cmux support for inter-cmux comparisons 2014-09-30 22:49:35 -07:00
Andrea Shepard
1275002a46 Schedule according to a queue size heuristic 2014-09-30 22:49:35 -07:00
Andrea Shepard
4f567c8cc8 Let the new scheduler handle writes 2014-09-30 22:49:03 -07:00
Andrea Shepard
f314d9509c Fix return values from channel_flush_some_cells() to correctly count cells directly written by channel_flush_from_first_active_circuit() 2014-09-30 22:49:03 -07:00
Andrea Shepard
2fc3da3ff5 Implement global queue size query in channel.c 2014-09-30 22:49:03 -07:00
Andrea Shepard
8852a1794c Track total queue size per channel, with overhead estimates, and global queue total 2014-09-30 22:49:03 -07:00
Andrea Shepard
5e0a6d54d0 Add global cell/byte counters and per channel byte counters to channel.c 2014-09-30 22:49:02 -07:00
Andrea Shepard
f0533d8d22 Remove no-longer-used channel_tls_t functions 2014-09-30 22:49:02 -07:00
Andrea Shepard
b09f41424c Actually call channel_flush_some_cells() from the scheduler 2014-09-30 22:49:01 -07:00
Andrea Shepard
2efbab2aaf Provide generic mechanism for scheduler to query writeable cells on a channel 2014-09-30 22:48:26 -07:00
Nick Mathewson
472b62bfe4 Uglify scheduler init logic to avoid crash on startup.
Otherwise, when we authority try to do a self-test because of
init-keys, if that self-test can't be launched for whatever reason and
so we close the channel immediately, we crash.

Yes, this a silly way for initialization to work.
2014-09-30 22:48:26 -07:00
Nick Mathewson
85ee5b3095 Use event_active, not 0-length timeouts. It's idempotent, too. 2014-09-30 22:48:26 -07:00
Nick Mathewson
fc13184e44 Fix unused-arguments warnings 2014-09-30 22:48:26 -07:00
Nick Mathewson
08bea13c35 Temporarily disable scheduler_trigger as unused 2014-09-30 22:48:26 -07:00
Andrea Shepard
d438cf1ec9 Implement scheduler mechanism to track lists of channels wanting cells or writes; doesn't actually drive the cell flow from it yet 2014-09-30 22:48:24 -07:00
Nick Mathewson
b448ec195d Clear the cached address from resolve_my_address() when our IP changes
Closes 11582; patch from "ra".
2014-09-29 13:47:58 -04:00
Nick Mathewson
ac9b0a3110 Try to make max_dl_per_request a bit smarter 2014-09-29 10:56:38 -04:00
Nick Mathewson
2b1b1def46 Merge remote-tracking branch 'teor/circuitstats-pareto-avoid-div-zero' 2014-09-29 09:48:02 -04:00
Nick Mathewson
11ebbf5e88 Merge branch 'bug12971_take2_squashed' 2014-09-29 09:18:03 -04:00
Nick Mathewson
fcebc8da95 Rename socks5 error code setting function again
I'd prefer not to use the name "send" for any function that doesn't
really send things.
2014-09-29 09:17:29 -04:00
rl1987
c5ad890904 Respond with 'Command not supported' SOCKS5 reply message upon reception of unsupported request. 2014-09-29 09:14:42 -04:00
Nick Mathewson
5e8cc766e6 Merge branch 'ticket961_squashed' 2014-09-29 09:05:18 -04:00
Nick Mathewson
4903ab1caa Avoid frequent strcmp() calls for AccountingRule
Generally, we don't like to parse the same thing over and over; it's
best IMO to do it once at the start of the code.
2014-09-29 09:05:11 -04:00
Nick Mathewson
8527a29966 Add an "AccountingRule" feature to permit limiting bw usage by read+write
Patch from "chobe".  Closes ticket 961.
2014-09-29 09:05:11 -04:00
Nick Mathewson
dc019b0654 Merge remote-tracking branch 'yawning/bug13213' 2014-09-29 08:57:19 -04:00
Nick Mathewson
b45bfba2ce Whitespace fixes 2014-09-29 08:48:22 -04:00
teor
4d0ad34a92 Avoid division by zero in circuitstats pareto
In circuit_build_times_calculate_timeout() in circuitstats.c, avoid dividing
by zero in the pareto calculations.

If either the alpha or p parameters are 0, we would divide by zero, yielding
an infinite result; which would be clamped to INT32_MAX anyway. So rather
than dividing by zero, we just skip the offending calculation(s), and
use INT32_MAX for the result.

Division by zero traps under clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error.
2014-09-29 20:49:24 +10:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
Nick Mathewson
801f4d4384 Fix a double-free in failing case of handle_control_authenticate.
Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any
released version of Tor.  Found by Coverity; this is CID 1239290.

[Yes, I used this commit message before, in 58e813d0fc.
Turns out, that fix wasn't right, since I didn't look up a
screen. :P ]
2014-09-26 08:58:15 -04:00
Nick Mathewson
764e008092 Merge branch 'libscrypt_trunnel_squashed'
Conflicts:
	src/test/test_crypto.c
2014-09-25 12:03:41 -04:00
Nick Mathewson
e84e1c9745 More generic passphrase hashing code, including scrypt support
Uses libscrypt when found; otherwise, we don't have scrypt and we
only support openpgp rfc2440 s2k hashing, or pbkdf2.

Includes documentation and unit tests; coverage around 95%. Remaining
uncovered code is sanity-checks that shouldn't be reachable fwict.
2014-09-25 11:58:13 -04:00
Yawning Angel
fa60a64088 Do not launch pluggable transport plugins when DisableNetwork is set.
When DisableNetwork is set, do not launch pluggable transport plugins,
and if any are running already, terminate the existing instances.
Resolves ticket 13213.
2014-09-24 09:39:15 +00:00
Roger Dingledine
ecab261641 two more typos 2014-09-23 18:30:02 -04:00
Nick Mathewson
6523eff9b3 Send long URLs when requesting ordinary server descriptors too. 2014-09-23 13:04:22 -04:00
Nick Mathewson
055ad9c5fb fixup! Send more descriptor requests per attempt when using tunneled connections
Limit the number of simultaneous connections to a single router for
server descriptors too.
2014-09-23 12:57:10 -04:00
Nick Mathewson
0fdfdae7e3 fixup! Refactor initiate_descriptor_downloads() to be safer
Calculate digest_len correctly.

Also, refactor setting of initial variables to look a little nicer.
2014-09-23 12:56:16 -04:00
Nick Mathewson
55b21b366c fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_*
Document n_busy_out, and set it correctly when we goto retry_without_exclude.
2014-09-23 12:47:39 -04:00
Nick Mathewson
02464694b2 fixup! Send more descriptor requests per attempt when using tunneled connections
Compilation fixes
2014-09-23 12:34:51 -04:00
Nick Mathewson
06bda50600 fixup! Download microdescriptors if you're a cache 2014-09-23 12:32:02 -04:00
Nick Mathewson
cae0e7b06b fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_*
Clean up comments on PDS_NO_EXISTING_*
2014-09-23 12:30:47 -04:00
Arlo Breault
5ed5ac185b Send more descriptor requests per attempt when using tunneled connections 2014-09-23 12:22:28 -04:00
Arlo Breault
21d5dbd474 Refactor initiate_descriptor_downloads() to be safer
(It's smarter to use asprintf and join than character pointers and a
long buffer.)
2014-09-23 12:21:08 -04:00
Arlo Breault
29f15a97ed Make router_pick_directory_server respect PDS_NO_EXISTING_* 2014-09-23 12:19:15 -04:00
Arlo Breault
f752093e16 Re-enable last resort attempt to get via tor.
This looks like a bug introduced in
af658b7828.
2014-09-23 12:15:10 -04:00
Arlo Breault
f591a4d94c Remove a needless if (1) 2014-09-23 12:14:41 -04:00
Arlo Breault
c00b397992 Split dirinfo_type_t computation into a new function 2014-09-23 12:12:57 -04:00
Arlo Breault
2e16856665 Fix a comment typo. 2014-09-23 12:11:06 -04:00
Roger Dingledine
1987157d0c + is not how we say concatenate 2014-09-22 20:09:03 -04:00
Nick Mathewson
bdd0c77643 Merge branch 'bug8197_squashed'
Conflicts:
	src/test/test_policy.c
2014-09-22 14:34:52 -04:00
rl1987
80622c0664 Writing comments for newly added functions. 2014-09-22 14:18:01 -04:00
rl1987
2e951f8dda Whitespace fixes 2014-09-22 14:18:00 -04:00
rl1987
c735b60e4c New API for policies_parse_exit_policy(). 2014-09-22 14:18:00 -04:00
George Kadianakis
d9968dd0ab Scrub from logs the name of the RP we picked. 2014-09-22 19:16:30 +01:00
Adrien BAK
8858194952 Remove config options that have been obsolete since 0.2.3 2014-09-22 10:55:01 -04:00
Nick Mathewson
6c6ea8c425 Merge remote-tracking branch 'arma/feature13211' 2014-09-22 10:49:10 -04:00
Nick Mathewson
d3382297fe Merge remote-tracking branch 'arma/feature13153' 2014-09-22 10:42:54 -04:00
Nick Mathewson
1a1e695800 Merge remote-tracking branch 'public/bug7733a' 2014-09-22 10:38:05 -04:00
Roger Dingledine
09183dc315 clients use optimistic data when reaching hidden services
Allow clients to use optimistic data when connecting to a hidden service,
which should cut out the initial round-trip for client-side programs
including Tor Browser.

(Now that Tor 0.2.2.x is obsolete, all hidden services should support
server-side optimistic data.)

See proposal 181 for details. Implements ticket 13211.
2014-09-21 20:02:12 -04:00
Roger Dingledine
530fac10aa Use optimistic data even if we don't know exitnode->rs
I think we should know the routerstatus for our exit relay, since
we built a circuit to it. So I think this is just a code simplication.
2014-09-21 19:12:20 -04:00
Roger Dingledine
bbfb1aca55 get rid of routerstatus->version_supports_optimistic_data
Clients are now willing to send optimistic circuit data (before they
receive a 'connected' cell) to relays of any version. We used to
only do it for relays running 0.2.3.1-alpha or later, but now all
relays are new enough.

Resolves ticket 13153.
2014-09-21 19:04:18 -04:00
Roger Dingledine
4c8b809b96 get rid of trivial redundant comment 2014-09-21 18:56:48 -04:00
Roger Dingledine
1b40ea036f Stop silently skipping invalid args to setevents
Return an error when the second or later arguments of the
"setevents" controller command are invalid events. Previously we
would return success while silently skipping invalid events.

Fixes bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
2014-09-21 16:05:24 -04:00
Roger Dingledine
e170205cd8 Merge branch 'maint-0.2.5' 2014-09-20 16:51:17 -04:00
Roger Dingledine
87576e826f Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-09-20 16:50:32 -04:00
Roger Dingledine
288b3ec603 Merge branch 'maint-0.2.3' into maint-0.2.4 2014-09-20 16:49:24 -04:00
Sebastian Hahn
0eec8e2aa5 gabelmoo's IPv4 address changed 2014-09-20 16:46:02 -04:00
Nick Mathewson
6d6e21a239 Merge branch 'bug4244b_squashed' 2014-09-18 15:31:08 -04:00
Roger Dingledine
905443f074 Clients no longer write "DirReqStatistics 0" in their saveconf output
Stop modifying the value of our DirReqStatistics torrc option just
because we're not a bridge or relay. This bug was causing Tor
Browser users to write "DirReqStatistics 0" in their torrc files
as if they had chosen to change the config.

Fixes bug 4244; bugfix on 0.2.3.1-alpha.
2014-09-18 15:29:14 -04:00
Nick Mathewson
58e813d0fc Fix a double-free in failing case of handle_control_authenticate.
Bugfix on ed8f020e205267e6270494634346ab68d830e1d8; bug not in any
released version of Tor.  Found by Coverity; this is CID 1239290.
2014-09-18 11:13:57 -04:00
Nick Mathewson
d14127eb7a Use the DL_SCHED_CONSENSUS schedule for consensuses.
Fixes bug 11679; bugfix on 0.2.2.6-alpha
2014-09-18 10:52:58 -04:00
Nick Mathewson
bb175dac96 Activate INSTRUMENT_DOWNLOADS under clang analyzer as well as coverity
Patch from teor; ticket 13177.
2014-09-18 10:23:33 -04:00
Nick Mathewson
feee445771 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-16 11:11:48 -04:00
Nick Mathewson
be0e26272b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-09-16 11:10:02 -04:00
Roger Dingledine
0c3b3650aa clients now send correct address for rendezvous point
Clients now send the correct address for their chosen rendezvous point
when trying to access a hidden service. They used to send the wrong
address, which would still work some of the time because they also
sent the identity digest of the rendezvous point, and if the hidden
service happened to try connecting to the rendezvous point from a relay
that already had a connection open to it, the relay would reuse that
connection. Now connections to hidden services should be more robust
and faster. Also, this bug meant that clients were leaking to the hidden
service whether they were on a little-endian (common) or big-endian (rare)
system, which for some users might have reduced their anonymity.

Fixes bug 13151; bugfix on 0.2.1.5-alpha.
2014-09-16 11:05:36 -04:00
Nick Mathewson
ef9a0d2048 Add script to detect and remove unCish malloc-then-cast pattern
Also, apply it.
2014-09-16 10:57:00 -04:00
Nick Mathewson
1dc0d26b50 Clean up a clangalyzer warning in directory_remove_invalid
"At this point in the code, msg has been set to a string
constant. But the tor code checks that msg is not NULL, and the
redundant NULL check confuses the analyser[...] To avoid this
spurious warning, the patch initialises msg to NULL."

Patch from teor. another part of 13157.
2014-09-15 13:52:56 -04:00
George Kadianakis
6c512d2f63 Fix a tor2web log message that referenced the wrong configure switch. 2014-09-15 16:07:48 +03:00
George Kadianakis
24a7726955 Implement Tor2webRendezvousPoints functionality. 2014-09-15 16:07:48 +03:00
George Kadianakis
3e7c5e9f44 Block circuit canibalization when Tor2webRendezvousPoints is active. 2014-09-15 16:07:48 +03:00
George Kadianakis
e02138eb65 Introduce the Tor2webRendezvousPoints torrc option. 2014-09-15 16:07:46 +03:00
Roger Dingledine
d6b2a1709d fix typo in comment 2014-09-13 17:10:04 -04:00
Nick Mathewson
6d66e9068b Whitespace cleanups in transports/test_pt 2014-09-11 14:36:51 -04:00
Nick Mathewson
2914d56ea4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-11 08:59:24 -04:00
Roger Dingledine
6215ebb266 Reduce log severity for unused ClientTransportPlugin lines
Tor Browser includes several ClientTransportPlugin lines in its
torrc-defaults file, leading every Tor Browser user who looks at her
logs to see these notices and wonder if they're dangerous.

Resolves bug 13124; bugfix on 0.2.5.3-alpha.
2014-09-11 08:02:37 -04:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
59f9a5c786 Avoid divide by zero and NaNs in scale_array_elements_to_u64
Patch from teor; part of 13104
2014-09-10 23:59:21 -04:00
Nick Mathewson
73ee161d8a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-10 23:48:59 -04:00
Nick Mathewson
3c2c6a6116 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
2014-09-10 23:48:11 -04:00
Nick Mathewson
e07206afea Merge remote-tracking branch 'yawning/bug_8402' 2014-09-10 23:41:55 -04:00
Nick Mathewson
93dfb12037 Remember log messages that happen before logs are configured
(And replay them once we know our first real logs.)

This is an implementation for issue 6938.  It solves the problem of
early log mesages not getting sent to log files, but not the issue of
early log messages not getting sent to controllers.
2014-09-10 23:34:43 -04:00
Nick Mathewson
a9b2e5eac6 Merge remote-tracking branch 'public/bug12908_025' into maint-0.2.5 2014-09-10 22:12:47 -04:00
Nick Mathewson
916d53d6ce Mark StrictE{ntry,xit}Nodes as obsolete. 2014-09-10 07:10:10 -04:00
Yawning Angel
cae44838fe Fix issues brought up in nickm's review.
* Update pt_get_proxy_uri() documentation.
 * proxy_supported is now unsigned.
 * Added a changes file.
2014-09-09 18:21:19 +00:00
George Kadianakis
01800ea1e4 Add unittests for finding the third quartile of a set. 2014-09-09 12:28:15 -04:00
Nick Mathewson
8e39395199 Merge remote-tracking branch 'asn/bug13064' 2014-09-09 12:26:16 -04:00
Sebastian Hahn
409a56281e Remove client-side bad directory logic
Implements the second half of #13060.
2014-09-09 11:54:20 -04:00
Sebastian Hahn
8099dee992 Remove dirauth support for the BadDirectory flag
Implements the first half of #13060. The second half will be to remove
client support, too.
2014-09-09 11:54:15 -04:00
Nick Mathewson
59f3cce0dc Merge branch 'bug12899_squashed' 2014-09-09 11:51:18 -04:00
Sebastian Hahn
607724c696 Remove support for naming directory authorities
This implements the meat of #12899. This commit should simply remove the
parts of Tor dirauths used to check whether a relay was supposed to be
named or not, it doesn't yet convert to a new mechanism for
reject/invalid/baddir/badexiting relays.
2014-09-09 11:50:21 -04:00
Nick Mathewson
4af88d68b4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 11:05:28 -04:00
Nick Mathewson
8eed82b3d4 Merge remote-tracking branch 'andrea/bug12160_025' into maint-0.2.5 2014-09-09 11:04:54 -04:00
Nick Mathewson
dd22ab519a Merge remote-tracking branch 'public/bug12700_024' into maint-0.2.5 2014-09-09 10:51:39 -04:00
Nick Mathewson
2997908228 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:27:41 -04:00
Nick Mathewson
8391c96091 Clean up the MVSC nmake files so they work again.
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
2014-09-09 10:27:05 -04:00
Nick Mathewson
ad0ae89b3c Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:22:42 -04:00
Nick Mathewson
a3c49ca79a Add more escaped() calls in directory.c
Patch from teor to fix 13071.
2014-09-09 10:22:01 -04:00
Nick Mathewson
2ecaa59bd7 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-08 15:16:45 -04:00
Nick Mathewson
d229025fef Expand the event_mask field in controller conns to 64 bits
Back in 078d6bcd, we added an event number 0x20, but we didn't make
the event_mask field big enough to compensate.

Patch by "teor". Fixes 13085; bugfix on 0.2.5.1-alpha.
2014-09-08 15:16:02 -04:00
George Kadianakis
0f50f5f373 Evaluate TestingDirAuthVoteGuard only after filling all rs elements. 2014-09-06 14:37:41 +03:00
Andrea Shepard
39a017809b Correctly update channel local mark when address of incoming connection changes after handshake; fixes bug #12160 2014-09-05 11:12:08 -07:00
Sebastian Hahn
8356721662 Fix add_fingerprint_to_dir() doc and signature
This function never returns non-null, but its usage doesn't reflect
that. Let's make it explicit. This will be mostly overridden by later
commits, so no changes file here.
2014-09-04 22:22:56 +02:00
Sebastian Hahn
10fe5bad9a Remove the AuthDirRejectUnlisted config option
This is in preparation for a big patch series removing the entire Naming
system from Tor. In its wake, the approved-routers file is being
deprecated, and a replacement option to allow only pre-approved routers
is not being implemented.
2014-09-04 06:25:38 +02:00
David Stainton
59e052b896 Remove HiddenServiceDirGroupReadable from or_options_t
...and also fix whitespace.
2014-09-03 17:22:15 +00:00
Nick Mathewson
ed8f020e20 Fix a couple of small memory leaks on failure cases.
[CID 1234702, 1234703]
2014-09-03 10:59:39 -04:00
Sebastian Hahn
962765a35d Don't list relays w/ bw estimate of 0 in the consensus
This implements a feature from bug 13000. Instead of starting a bwauth
run with this wrong idea about their bw, relays should do the self-test
and then get measured.
2014-09-02 18:55:01 -04:00
Sebastian Hahn
14abf1c3f1 Don't delay uploading a new desc if bw estimate was 0
When a tor relay starts up and has no historical information about its
bandwidth capability, it uploads a descriptor with a bw estimate of 0.
It then starts its bw selftest, but has to wait 20 minutes to upload the
next descriptor due to the MAX_BANDWIDTH_CHANGE_FREQ delay. This change
should mean that on average, relays start seeing meaningful traffic a
little quicker, since they will have a higher chance to appear in the
consensus with a nonzero bw.

Patch by Roger, changes file and comment by Sebastian.
2014-09-02 18:54:56 -04:00
David Stainton
6e4efb559d Fix white space 2014-09-02 18:08:57 +00:00
Nick Mathewson
00ffccd9a6 Another clang analyzer complaint wrt HT_GENERATE
We're calling mallocfn() and reallocfn() in the HT_GENERATE macro
with the result of a product.  But that makes any sane analyzer
worry about overflow.

This patch keeps HT_GENERATE having its old semantics, since we
aren't the only project using ht.h.  Instead, define a HT_GENERATE2
that takes a reallocarrayfn.
2014-09-02 12:48:34 -04:00
Nick Mathewson
e3c143f521 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
Nick Mathewson
87f9c51f64 Avoid unsigned/sign compare warning from last patch. 2014-09-01 15:42:17 -04:00
Philip Van Hoof
60a3897ed9 Bounds check while looping over a fixed size table or array
(Edited to use existing ARRAY_LENGTH macro --nickm)
2014-09-01 15:40:47 -04:00
meejah
7caf7e9f2a Make HiddenServiceDirGroupReadable per-hidden-service 2014-08-30 15:23:05 -06:00
David Stainton
227b65924b Clean up patch
Here I clean up anon's patch with a few of nickm's suggestions from comment 12:
https://trac.torproject.org/projects/tor/ticket/11291#comment:12

I did not yet completely implement all his suggestions.
2014-08-30 15:23:05 -06:00
anonymous
c13db1f614 Ticket #11291: patch from "anon":
test-11291-group-redable-hsdirs-wtests-may8.patch
2014-08-30 15:23:05 -06:00
Nick Mathewson
f113a263de Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:45:56 -04:00
Nick Mathewson
41058dce95 Merge remote-tracking branch 'arma/bug12996b' into maint-0.2.5 2014-08-29 16:44:50 -04:00
Roger Dingledine
7a878c192f Downgrade "Unexpected onionskin length after decryption" warning
It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.

Resolves bug 12996; bugfix on 0.0.6rc1.
2014-08-29 16:38:54 -04:00
Nick Mathewson
d6fa8239c8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:13:04 -04:00
Nick Mathewson
4a6f5bb2dd Improve "Tried to establish rendezvous on non-OR or non-edge circuit"
Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.

Resolves ticket 12997.
2014-08-29 16:05:58 -04:00
dana koch
c887e20e6a Introduce full coverage tests for module routerset.c.
This is using the paradigm introduced for test_status.c.
2014-08-29 12:55:28 -04:00
Nick Mathewson
d8fe499e08 Revert "restore the sensible part of ac268a83408e1450544db2f23f364dfa3"
This reverts commit b82e166bec.

We don't need that part in 0.2.5, since 0.2.5 no longer supports
non-multithreaded builds.
2014-08-29 12:25:05 -04:00
Nick Mathewson
b0138cd055 Merge remote-tracking branch 'public/bug12985_024' into bug12984_025 2014-08-29 12:24:52 -04:00
Nick Mathewson
b82e166bec restore the sensible part of ac268a8340
We don't want to call event_del() postfork, if cpuworkers are
multiprocess.
2014-08-29 12:21:57 -04:00
Nick Mathewson
4144b4552b Always event_del() connection events before freeing them
Previously, we had done this only in the connection_free() case, but
when we called connection_free_() directly from
connections_free_all(), we didn't free the connections.
2014-08-29 11:33:05 -04:00
Nick Mathewson
9b2d8c4e20 Rename secret_to_key to secret_to_key_rfc2440 2014-08-28 11:20:31 -04:00
Nick Mathewson
cc3b04a8c1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-28 08:36:00 -04:00
Roger Dingledine
37a76d75dd Resume expanding abbreviations for command-line options
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).

Fixes bug 12948; bugfix on 0.2.5.1-alpha.
2014-08-28 08:33:43 -04:00
Nick Mathewson
fdb7fc70d0 Merge remote-tracking branch 'public/bug10163' 2014-08-26 09:44:16 -04:00
Isis Lovecruft
374b531dba
Add published line to @type bridge-network-status documents.
This modifies the format of the bridge networkstatus documents produced
by the BridgeAuth. The new format adds a `published` line to the header
of the file, before the `flag-thresholds` line. This is done once per
networkstatus file that is written. The timestamp in the `published`
line is the standard ISO 8601 format (with a space as the separator)
used throughout the rest of tor.

 * FIXES #12951 https://bugs.torproject.org/12951
2014-08-25 23:46:17 +00:00
Nick Mathewson
051dd9c409 Remove the assigned-but-unused chosen_named_idx local variable
It had been used in consensus method 1.  But now that 13 is the
minimum (see #10163), we don't need it around.

Found by sysrqb.
2014-08-25 11:26:08 -04:00
Nick Mathewson
991545acf1 Whitespace fixes 2014-08-24 13:32:39 -04:00
Nick Mathewson
7c1143e11f Terser ways to sandbox-allow related filenames
Using the *_array() functions here confused coverity, and was actually
a bit longer than we needed.  Now we just use macros for the repeated
bits, so that we can mention a file and a suffix-appended version in
one line.
2014-08-24 13:30:55 -04:00
Nick Mathewson
59e114832e Merge branch 'bug11792_1_squashed'
Conflicts:
	src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
d6033843a4 When looking for conns to close, count the age of linked queued data
Specifically, count the age of the data queued in a linked directory
connection's buffers when counting a stream's age.
2014-08-24 13:04:45 -04:00
Nick Mathewson
68e430a6fb Kill non-tunneled directory connections when handling OOM.
Another part of 11792.
2014-08-24 13:04:38 -04:00
Nick Mathewson
8e55cafd67 Count zlib buffer memory towards OOM totals.
Part of 11792.

(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)
2014-08-24 13:04:27 -04:00
Nick Mathewson
d31bcc4b23 Tidy status handling in rendservice.c
We had some code to fix up the 'status' return value to -1 on error
if it wasn't set, but it was unreachable because our code was
correct.  Tweak this by initializing status to -1, and then only
setting it to 0 on success.  Also add a goto which was missing: its
absence was harmless.

[CID 718614, 718616]
2014-08-22 12:23:01 -04:00
Nick Mathewson
a66fff6381 Mark one use of networkstatus_check_document_signature as (void)
Also explain why we aren't checking its return value.

[CID 1198197]
2014-08-21 11:22:42 -04:00
Nick Mathewson
059e33de59 remove meaningless checks for chunks==NULL in dirserv stuff
Also, make it clearer that chunks cannot be NULL

[CID 1031750, 1031751]
2014-08-21 11:22:42 -04:00
Nick Mathewson
377b5c0510 Allow rend_service_intro_free to get called with NULL
(We allowed it previously, but produced an LD_BUG message when it
happened, which is not consistent

Also, remove inconsistent NULL checks before calling
rend_service_intro_free.

(Removing the check is for CID 718613)
2014-08-21 10:34:29 -04:00
Nick Mathewson
c9cac69ac6 Remove a dead check for errmsg in handle_control_authenticate
Coverity doesn't like doing NULL checks on things that can't be
NULL; I like checking things where the logic for their not being
NULL is nontrivial.  Let's compromise, and make it obvious that this
field can't be NULL.

[Coverity CID 202004]
2014-08-21 10:27:43 -04:00
Nick Mathewson
e6a05c1c54 Add a missing goto to an unusable branch and make the branch LD_BUG.
(It's LD_BUG to reach this point because the hashed password values
were tested earlier from options_validate)

[Coverity CID 1232091]
2014-08-21 10:21:17 -04:00
Nick Mathewson
2a0a5fe612 Explicitly cast when dividing ints then implicitly casting to double.
Coverity thinks that when we do "double x = int1/int2;", we probably
meant "double x = ((double)int1) / int2;".  In these cases, we
didn't.

[Coverity CID 1232089 and 1232090]
2014-08-21 10:19:26 -04:00
Nick Mathewson
916fba2243 Merge branch 'bug12205_take2_squashed' 2014-08-20 15:32:48 -04:00
rl1987
8b539cc276 Unit testing entry_is_time_to_retry(). 2014-08-20 15:29:56 -04:00
rl1987
c731a1c68f Write comments for members of periods array. 2014-08-20 15:29:56 -04:00
rl1987
197d855009 Rewriting entry_is_time_to_retry() using table approach. 2014-08-20 15:29:55 -04:00
Nick Mathewson
01a0ab02a3 Merge branch 'bug10116_squashed' 2014-08-20 14:52:24 -04:00
Nick Mathewson
7f5a440421 Don't allocate an extra smartlist in the OOM handler
Fixes issue 10116
2014-08-20 14:50:38 -04:00
Nick Mathewson
82d4b60b91 fix remaining compilation problems 2014-08-20 14:50:37 -04:00
Nick Mathewson
c57e8da4ea Merge remote-tracking branch 'public/bug12908_025' 2014-08-20 12:58:26 -04:00
Sathyanarayanan Gunasekaran
a3fe8b1166 Warn if Tor is a relay and a HS
Closes 12908; see #8742
2014-08-20 12:56:57 -04:00
Nick Mathewson
d0009cb8e8 Merge remote-tracking branch 'public/bug12728_024' 2014-08-20 12:44:15 -04:00
Nick Mathewson
764cebb4d9 Merge remote-tracking branch 'public/bug12700_024' 2014-08-20 09:00:41 -04:00
Nick Mathewson
ec59167cae When counting memory from closing a connection, count the dir conn too
Fix part of bug 11972
2014-08-18 15:21:50 -04:00
Nick Mathewson
1196ed7cc4 Fix relay_command_to_string(); solve 12700.
Two bugs here:
  1) We didn't add EXTEND2/EXTENDED2 to relay_command_to_string().

  2) relay_command_to_string() didn't log the value of unrecognized
     commands.

Both fixed here.
2014-08-18 13:21:40 -04:00
Nick Mathewson
2937de2180 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-18 10:20:37 -04:00
Nick Mathewson
b159ffb675 Fix windows warning introduced by 0808ed83f9
This will fix the warning
   "/src/or/config.c:6854:48: error: unused parameter 'group_readable'"
that I introduced while fixing 12864.

Bug not in any released version of Tor.
2014-08-18 10:19:05 -04:00
Nick Mathewson
d38aa5545f Remove implementation code for all pre-13 consensus methods.
Also remove a test for the way that we generated parameter votes
before consensus method 12.
2014-08-15 18:11:26 -04:00
Nick Mathewson
908bd4cee3 Remove support for generating consensuses with methods <= 9.
The last patch disabled these; this one removes the code to implement
them.
2014-08-15 18:05:53 -04:00
Nick Mathewson
df99ce2395 No longer advertise or negotiate any consensus method before 13.
Implements proposal 215; closes ticket 10163.

Why?  From proposal 215:

   Consensus method 1 is no longer viable for the Tor network.  It
   doesn't result in a microdescriptor consensus, and omits other
   fields that clients need in order to work well.  Consensus methods
   under 12 have security issues, since they let a single authority
   set a consensus parameter.
...
   For example, while Tor 0.2.4.x is under development, authorities
   should really not be running anything before Tor 0.2.3.x.  Tor
   0.2.3.x has supported consensus method 13 since 0.2.3.21-rc, so
   it's okay for 0.2.4.x to require 13 as the minimum method.  We even
   might go back to method 12, since the worst outcome of not using 13
   would be some warnings in client logs.  Consensus method 12 was a
   security improvement, so we don't want to roll back before that.
2014-08-15 17:57:37 -04:00
Nick Mathewson
1f35fd0017 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-15 17:41:13 -04:00
Nick Mathewson
664b2645fb Hand-fix a few global_circuit_list cases 2014-08-15 16:32:32 -04:00
Nick Mathewson
6969bd9a02 Autoconvert most circuit-list iterations to smartlist iterations
Breaks compilation.

Used this coccinelle script:

@@
identifier c;
typedef circuit_t;
iterator name TOR_LIST_FOREACH;
iterator name SMARTLIST_FOREACH_BEGIN;
statement S;
@@
- circuit_t *c;
   ...
- TOR_LIST_FOREACH(c, \(&global_circuitlist\|circuit_get_global_list()\), head)
+ SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, c)
  S
+ SMARTLIST_FOREACH_END(c);
2014-08-15 16:23:22 -04:00
George Kadianakis
112c984f92 Some documentation fixes for #12864. 2014-08-15 23:12:06 +03:00
Nick Mathewson
db2af2abb0 Start converting circuitlist to smartlist. 2014-08-15 15:58:00 -04:00
Nick Mathewson
0fc2d0edce Documentation fix for policy_summarize().
Spotted by "epilys"
2014-08-15 08:53:29 -04:00
Nick Mathewson
0808ed83f9 Restore functionality for CookieAuthFileGroupReadable.
When we merged the cookieauthfile creation logic in 33c3e60a37, we
accidentally took out this feature.  Fixes bug 12864, bugfix on
0.2.5.1-alpha.

Also adds an ExtORPortCookieAuthFileGroupReadable, since there's no
reason not to.
2014-08-15 08:30:44 -04:00
Nick Mathewson
c69e96680a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 23:15:44 -04:00
Nick Mathewson
d443658fad Merge remote-tracking branch 'public/bug12848_024' into maint-0.2.5
Conflicts:
	src/or/circuitbuild.c
2014-08-13 23:14:28 -04:00
Nick Mathewson
2bfd92d0d1 Apply coccinelle script to replace malloc(a*b)->calloc(a,b) 2014-08-13 10:39:56 -04:00
Nick Mathewson
0044d74b3c Fix another case of 12848 in circuit_handle_first_hop
I looked for other places where we set circ->n_chan early, and found
one in circuit_handle_first_hop() right before it calls
circuit_send_next_onion_skin(). If onion_skin_create() fails there,
then n_chan will still be set when circuit_send_next_onion_skin()
returns. We should probably fix that too.
2014-08-12 12:15:09 -04:00
Nick Mathewson
981e037fd3 Add an extra check in channel_send_destroy for circID==0
Prevents other cases of 12848.
2014-08-12 12:14:05 -04:00
Nick Mathewson
b32a8b024c Don't send DESTROY to circID 0 when circuit_deliver_create_cell fails
Cypherpunks found this and wrote this patch.

Fix for 12848; fix on (I think) d58d4c0d, which went into 0.0.8pre1
2014-08-12 12:12:02 -04:00
Nick Mathewson
bb68c731b8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-08 10:09:17 -04:00
Roger Dingledine
fcac4b4467 Build circuits more readily when DisableNetwork goes to 0
When Tor starts with DisabledNetwork set, it would correctly
conclude that it shouldn't try making circuits, but it would
mistakenly cache this conclusion and continue believing it even
when DisableNetwork is set to 0. Fixes the bug introduced by the
fix for bug 11200; bugfix on 0.2.5.4-alpha.
2014-08-06 18:30:14 -04:00
Roger Dingledine
0c869af7f8 fix three typos in comments 2014-08-06 02:20:51 -04:00
Nick Mathewson
04007448b9 Correctly remove extraneous space in router family lines
Fixes bug 12728; bugfix on 0.2.1.7-alpha when the SPLIT_IGNORE_SPACE
option was added.
2014-08-05 11:09:08 -04:00
Roger Dingledine
374611d9f6 and oh hey, repeat code :) 2014-08-03 15:45:07 -04:00
Roger Dingledine
52d5ef5aff fix typo 2014-08-03 15:43:21 -04:00
Andrea Shepard
2d4241d584 Merge and refactor redundant parse_client_transport_line() and parse_server_transport_line() functions 2014-07-31 12:50:34 -07:00
Andrea Shepard
4a5164fd86 Replace all calls to parse_client_transport_line() or parse_server_transport_line() with new parse_transport_line() stub 2014-07-28 19:32:23 -07:00
Roger Dingledine
6c4a26b8ca Merge branch 'maint-0.2.5' 2014-07-28 02:47:43 -04:00
Roger Dingledine
29a82b5a8b Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-28 02:47:15 -04:00
Roger Dingledine
68a2e4ca4b Warn and drop the circuit if we receive an inbound 'relay early' cell
Those used to be normal to receive on hidden service circuits due to bug
1038, but the buggy Tor versions are long gone from the network so we
can afford to resume watching for them. Resolves the rest of bug 1038;
bugfix on 0.2.1.19.
2014-07-28 02:44:05 -04:00
Arlo Breault
8f70d756fb Confusing log message when circuit can't be extended 2014-07-27 15:01:15 -04:00
Andrea Shepard
b8b46e8ef8 Add some mocks needed to unit test ClientTransportPlugin/ServerTransportPlugin config line parsing 2014-07-25 21:41:03 -07:00
Andrea Shepard
18c97ad8bc Expose parse_client_transport_line() and parse_server_transport_line() for the test suite 2014-07-25 17:49:47 -07:00
Nick Mathewson
d5558f0072 circuit_build_failed: distinguish "first hop chan failed", "CREATE failed"
Roger spotted this on tor-dev in his comments on proposal 221.

(Actually, detect DESTROY vs everything else, since arma likes
network timeout indicating failure but not overload indicating failure.)
2014-07-25 11:59:00 -04:00
Nick Mathewson
e001610c99 Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2014-07-25 11:59:00 -04:00
Roger Dingledine
bdc2cefd4e Merge branch 'maint-0.2.5' 2014-07-24 19:49:29 -04:00
Roger Dingledine
a3d8ffe010 fix typo that crept in to 0.2.4.4-alpha 2014-07-24 17:07:39 -04:00
Roger Dingledine
eb3e0e3da3 Merge branch 'maint-0.2.5' 2014-07-24 16:30:50 -04:00
Roger Dingledine
a57c07b210 Raise guard threshold to top 25% or 2000 kilounits
Authorities now assign the Guard flag to the fastest 25% of the
network (it used to be the fastest 50%). Also raise the consensus
weight that guarantees the Guard flag from 250 to 2000. For the
current network, this results in about 1100 guards, down from 2500.
This step paves the way for moving the number of entry guards
down to 1 (proposal 236) while still providing reasonable expected
performance for most users.

Implements ticket 12690.
2014-07-24 16:24:17 -04:00
Roger Dingledine
bc9866e13f Merge branch 'maint-0.2.5' 2014-07-24 16:23:26 -04:00
Roger Dingledine
a4c641cce9 Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-24 16:23:08 -04:00
Roger Dingledine
9fc276a1c7 add a NumDirectoryGuards consensus param too 2014-07-24 16:19:47 -04:00
Roger Dingledine
56ee61b8ae Add and use a new NumEntryGuards consensus parameter.
When specified, it overrides our default of 3 entry guards.

(By default, it overrides the number of directory guards too.)

Implements ticket 12688.
2014-07-24 16:19:47 -04:00
Nick Mathewson
e7e92fb2f9 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-21 14:01:00 -04:00
Nick Mathewson
486bd4fae7 Use safe_str in channel_dumpstats: improve 12184 diagnostic 2014-07-18 21:20:44 +02:00
Nick Mathewson
b408125288 Merge remote-tracking branch 'andrea/bug11302' 2014-07-16 16:58:41 +02:00
Nick Mathewson
5690284559 Fix wide lines, make entry_is_live() non-inline 2014-07-16 16:52:16 +02:00
Nick Mathewson
368ff2291b Merge remote-tracking branch 'asn/bug12202' 2014-07-16 16:49:07 +02:00
Nick Mathewson
f74a932e0b Merge remote-tracking branch 'sysrqb/bug12573' 2014-07-16 15:38:10 +02:00
Nick Mathewson
d8705ec720 Merge remote-tracking branch 'asn/bug12207_second_draft' 2014-07-16 15:33:00 +02:00
Arlo Breault
15e170e01b Add an option to overwrite logs
* Issue #5583
2014-07-16 12:16:49 +02:00
Nick Mathewson
4da4c4c63f Apply GeoIPExcludeUnknown before checking transitions
Otherwise, it always seems as though our Exclude* options have
changed, since we're comparing modified to unmodified values.

Patch from qwerty1. Fixes bug 9801. Bugfix on 0.2.4.10-alpha, where
GeoIPExcludeUnknown was introduced.
2014-07-16 11:14:59 +02:00
Nick Mathewson
7591ce64fb Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-16 11:01:20 +02:00
Anthony G. Basile
d504a4e36f src/or/connection.c: expose bucket_millis_empty for bufferevents test
Currently tor fails to build its test when enabled with bufferevents
because an #ifndef USE_BUFFEREVENTS hides bucket_millis_empty() and
friends.  This is fine if we don't run tests, but if we do, we need
these functions in src/or/libtor-testing.a when linking src/test/test.

This patch moves the functions outside the #ifndef and exposes them.

See downstream bug:

	https://bugs.gentoo.org/show_bug.cgi?id=510124
2014-07-16 10:37:00 +02:00
Nick Mathewson
5d2045ee8b diagnostic for 12184: Add a call to channel_dump_statistics 2014-07-16 10:34:39 +02:00
Nick Mathewson
32495ee309 Add another 8387 diagnostic
When we run into bug 8387 (if we run into it again), report when we
last called circuit_expire_old_circuits_clientside().  This will let
us know -- if my fix for 8387 doesn't work -- whether my diagnosis
was at least correct.

Suggested by Andrea.
2014-07-16 10:05:00 +02:00
Nick Mathewson
856114ab1c Merge remote-tracking branch 'public/bug8387_024' into maint-0.2.5 2014-07-16 10:01:56 +02:00
Nick Mathewson
ed3d7892c7 Fix a bug where streams would linger forever when we had no dirinfo
fixes bug 8387; fix on 0.1.1.11-alpha (code), or on 0.2.4.10-alpha (behavior).
2014-07-09 16:15:05 -04:00
George Kadianakis
b74442db94 Change interface of router_descriptor_is_too_old(). 2014-07-09 19:20:41 +03:00
Nick Mathewson
35791f4238 Remove executable bit from control.c, router.c
Fix for 12512.
2014-07-09 08:54:08 -04:00
Matthew Finkel
43bba9541a Only active relays should be given HSDir
We should only assign a relay the HSDir flag if it is currently
considered valid. We can accomplish this by only considering active
relays, and as a consequence of this we also exclude relays that are
currently hibernating. Fixes #12573
2014-07-09 00:48:00 +00:00
George Kadianakis
8bbb217964 Change the interface of entry_is_live() to take a bitmap. 2014-06-25 15:44:36 -04:00
George Kadianakis
46d41e6e9b Basic entry_is_live() unittest. 2014-06-25 15:39:00 -04:00
George Kadianakis
4245662b28 Functionify the descriptor age check so that we can NOP it in tests. 2014-06-24 14:19:07 -04:00
Arlo Breault
48d7fceee5 Update a comment and undef an identifier
* Trac #11452
2014-06-23 20:28:34 -04:00
Nick Mathewson
58f4200789 Thread support is now required
Long ago we supported systems where there was no support for
threads, or where the threading library was broken. We shouldn't
have do that any more: on every OS that matters, threads exist, and
the OS supports running threads across multiple CPUs.

This resolves tickets 9495 and 12439.  It's a prerequisite to making
our workqueue code work better, since sensible workqueue
implementations don't split across multiple processes.
2014-06-20 10:20:10 -04:00
Nick Mathewson
5b4ee475aa Remove code for Windows CE support
As far as I know, nobody has used this in ages.  It would be a
pretty big surprise if it had worked.

Closes ticket 11446.
2014-06-20 09:49:36 -04:00
Nick Mathewson
456184c2a0 Authorities also advertise caches-extra-info
(Whoops, thought I had committed this before)

Improvement to 11683 fix. Based on patch from Karsten.
2014-06-20 09:02:24 -04:00
Nick Mathewson
922be84ca3 Merge remote-tracking branch 'karsten/bug11683' 2014-06-19 10:42:19 -04:00
Nick Mathewson
dd362b52f3 whitespace fixes 2014-06-16 15:18:02 -04:00
George Kadianakis
61629b4f6c Document choose_random_entry_impl() and populate_live_entry_guards(). 2014-06-15 19:03:38 -07:00
George Kadianakis
bf263a9b99 Make a few entrynodes.c functions testable. 2014-06-15 19:02:59 -07:00
George Kadianakis
71da44f159 Make populate_live_entry_guards() more smoothly testable. 2014-06-15 19:02:59 -07:00
George Kadianakis
c7b05a6aef Constify aggressively in populate_live_entry_guards(). 2014-06-15 19:02:59 -07:00
George Kadianakis
a59429f1e4 Fix the functionality of populate_live_entry_guards(). 2014-06-15 19:02:55 -07:00
George Kadianakis
427cc8a452 Move code from choose_random_entry_impl() to the new function.
This commit only _moves_ code.
2014-06-15 18:25:45 -07:00
George Kadianakis
e8c366e9ea Create skeleton for populate_live_entry_guards().
Now we are ready to move code from choose_random_entry_impl() to it.
2014-06-15 18:25:45 -07:00
George Kadianakis
f75c6ce981 choose_random_entry_impl(): Remove useless consider_exit_family.
The variable was useless since it was only toggled off in disabled code.

If the 'exit_family' smartlist is empty, we don't consider exit family
anyway.
2014-06-15 18:25:45 -07:00
George Kadianakis
115b3e7645 Remove a piece of disabled code in choose_random_entry_impl(). 2014-06-15 18:25:45 -07:00
Nick Mathewson
a7cafb1ea9 Merge branch 'bug8746_v2_squashed'
Conflicts:
	src/common/include.am
2014-06-14 11:46:38 -04:00
Nick Mathewson
4ed03965a5 New waitpid-handler functions to run callbacks when a child exits.
Also, move 'procmon' into libor_event library, since it uses libevent.
2014-06-14 11:40:27 -04:00
Nick Mathewson
a58d94fb7c Merge branch 'bug12184_diagnostic_squashed' 2014-06-14 11:01:04 -04:00
Nick Mathewson
8f3e3279c1 Try to diagnose bug 12184
Check for consistency between the queued destroy cells and the marked
circuit IDs.  Check for consistency in the count of queued destroy
cells in several ways.  Check to see whether any of the marked circuit
IDs have somehow been marked longer than the channel has existed.
2014-06-14 11:00:44 -04:00
Nick Mathewson
cfca2a6037 Merge branch 'bug12191_squashed' 2014-06-13 08:40:59 -04:00
Nick Mathewson
f9f450d688 Also raise the check for 0 circuit ID in created cell.
And add a comment about why conditions that would cause us to drop a
cell should get checked before actions that would cause us to send a
destroy cell.

Spotted by 'cypherpunks'.

And note that these issues have been present since 0.0.8pre1 (commit
0da256ef), where we added a "shutting down" state, and started
responding to all create cells with DESTROY when shutting down.
2014-06-13 08:39:39 -04:00
Nick Mathewson
bbb1ffe535 sandbox: Permit stat() of DataDir/stats
This is a fix for another case of 12064 that alphawolf just spotted.

There's already an 0.2.5.5 changelog entry for this.
2014-06-13 08:36:43 -04:00
Nick Mathewson
02dafc270c whitespaces fixes 2014-06-11 12:00:14 -04:00
Nick Mathewson
3a2e25969f Merge remote-tracking branch 'public/ticket6799_024_v2_squashed'
Conflicts:
	src/or/channel.c
	src/or/circuitlist.c
	src/or/connection.c

Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
2014-06-11 11:57:56 -04:00
Nick Mathewson
6557e61295 Replace last_added_nonpadding with last_had_circuits
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits.  But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.

This is part of fixing 6799.

When applied to 0.2.5, it is also a fix for 12023.
2014-06-11 11:27:04 -04:00
Nick Mathewson
463f6628d3 Give each or_connection_t a slightly randomized idle_timeout
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.

Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.

Fix for ticket 6799.
2014-06-11 11:27:04 -04:00
Nick Mathewson
6f20dd7bfc Merge remote-tracking branch 'public/bug11970' 2014-06-11 11:01:52 -04:00
Nick Mathewson
e8dd34f165 Merge remote-tracking branch 'public/not_bug8093' 2014-06-11 09:24:16 -04:00
Nick Mathewson
af53e4bd1c Move circuit-id-in-use check for CREATE cells to before all other checks
This means that we never send a DESTROY cell in response to an attempt
to CREATE an existing circuit.  Fixes bug 12191.
2014-06-10 22:41:13 -04:00
Nick Mathewson
562299d57b Improved diagnostic log for bug 8387.
When we find a stranded one-hop circuit, log whether it is dirty,
log information about any streams on it, and log information about
connections they might be linked to.
2014-06-10 12:04:06 -04:00
Nick Mathewson
95d47a7481 Merge remote-tracking branch 'public/bug12169_relay_check' 2014-06-04 15:30:43 -04:00
Nick Mathewson
0073c5b517 Merge remote-tracking branch 'andrea/bug10616' 2014-06-04 15:12:45 -04:00
Nick Mathewson
b16321425f Bulletproof our 11246 fix a little, based on recommendation from andrea. 2014-06-04 12:27:42 -04:00
Nick Mathewson
e74c360156 Merge remote-tracking branch 'public/bug12195' 2014-06-04 12:16:03 -04:00
Nick Mathewson
84ed086d48 Fix ancient code that only checked circ_id, not circ_id and chan
This code mis-handled the case where a circuit got the same circuit
ID in both directions.  I found three instances of it in the
codebase, by grepping for [pn]_circ_id.

Because of the issue in command_process_relay_cell(), this would
have made roughly one circuit in a million completely nonfunctional.

Fixes bug 12195.
2014-06-03 18:19:08 -04:00
Andrea Shepard
2de0281879 Squelch spurious LD_BUG message in connection_ap_handshake_socks_reply() 2014-06-03 14:37:49 -07:00
Nick Mathewson
dd0745d066 Don't try to fetch bridge descriptors when DisableNetwork is set
Patch from Roger; changes file by me.

Fixes 10405; bugfix on 0.2.3.9-alpha, where DisableNetwork was
introduced.
2014-06-02 02:17:28 -04:00
Nick Mathewson
723894f114 Merge remote-tracking branch 'public/bug12170_024_v2' 2014-06-02 00:47:51 -04:00
Nick Mathewson
ad8977e394 Avoid needless router_dir_info_has_changed from router_set_status
On some profiles of Andrea's from #11332, I found that a great deal
of time can still be attributed to functions called from
update_router_have_minimum_dir_info().  This is making our
digestmap, tor_memeq, and siphash functions take a much bigger
portion of runtime than they really should.

If we're calling update_router_have_minimum_dir_info() too often,
that's because we're calling router_dir_info_changed() too often.
And it looks like most of the callers of router_dir_info_changed()
are coming as tail-calls from router_set_status() as invoked by
channel_do_open_actions().

But we don't need to call router_dir_info_changed() so much!  (I'm
not quite sure we need to call it from here at all, but...) Surely
we don't need to call it from router_set_status when the router's
status has not actually changed.

This patch makes us call router_dir_info_changed() from
router_set_status only when we are changing the router's status.

Fix for bug 12170.  This is leftover from our fix back in 273ee3e81
in 0.1.2.1-alpha, where we started caching the value of
update_router_have_minimum_dir_info().
2014-06-02 00:45:15 -04:00
Nick Mathewson
d9564d5285 Use uint32 !=, not tor_memneq, for relay cell integrity checking
tor_memeq has started to show up on profiles, and this is one of the
most frequent callers of that function, appearing as it does on every
cell handled for entry or exit.

59f9097d5c introduced tor_memneq here;
it went into Tor 0.2.1.31.  Fixes part of 12169.
2014-06-01 14:05:10 -04:00
Nick Mathewson
14842de9a7 sandbox: Allow DirPortFrontPage unconditionally if it's set
fixes 12114; bug not in any release.

Improves fix for 12028
2014-05-27 19:21:11 -04:00
Nick Mathewson
824bebd409 sandbox: Correct fix for hs part of 12064
Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor
2014-05-23 11:46:44 -04:00
Nick Mathewson
5de91d118d Merge branch 'bug11965_v2' 2014-05-23 11:23:00 -04:00
Nick Mathewson
802c063148 Postpone fetches based on should_delay_dir_fetch(), not DisableNetwork
Without this fix, when running with bridges, we would try fetching
directory info far too early, and have up to a 60 second delay if we
started with bridge descriptors available.

Fixes bug 11965. Fix on 0.2.3.6-alpha, arma thinks.
2014-05-23 11:22:35 -04:00
Nick Mathewson
cfd0ee514c sandbox: allow reading of hidden service configuration files.
fixes part of 12064
2014-05-22 20:39:10 -04:00
Nick Mathewson
85f49abfbe sandbox: refactor string-based option-unchanged tests to use a macro
There was too much code duplication in doing it the old way, and I
nearly made a copy-and-paste error in the last commit.
2014-05-22 20:00:22 -04:00
Nick Mathewson
ffc1fde01f sandbox: allow access to cookie files, approved-routers
fixes part of 12064
2014-05-22 19:56:56 -04:00
Michael Wolf
387f294d40 sandbox: allow access to various stats/*-stats files
Fix for 12064 part 1
2014-05-22 19:48:24 -04:00
Nick Mathewson
e425fc7804 sandbox: revamp sandbox_getaddrinfo cacheing
The old cache had problems:
     * It needed to be manually preloaded. (It didn't remember any
       address you didn't tell it to remember)
     * It was AF_INET only.
     * It looked at its cache even if the sandbox wasn't turned on.
     * It couldn't remember errors.
     * It had some memory management problems. (You can't use memcpy
       to copy an addrinfo safely; it has pointers in.)

This patch fixes those issues, and moves to a hash table.

Fixes bug 11970; bugfix on 0.2.5.1-alpha.
2014-05-22 17:39:36 -04:00
Nick Mathewson
1a73e17801 Merge remote-tracking branch 'andrea/bug11476' 2014-05-22 16:27:29 -04:00
Andrea Shepard
170e0df741 Eliminate #ifdef ENABLE_MEMPOOLS in packed_cell_new/free() 2014-05-21 10:53:25 -07:00
Yawning Angel
60ac9f1c90 Improve the log message when a transport doesn't support proxies.
Per feedback, explicltly note that the transport will be killed when it
does not acknowledge the configured outgoing proxy.
2014-05-21 08:14:39 +00:00
Yawning Angel
1210bdf146 Log the correct proxy type on failure.
get_proxy_addrport fills in proxy_type with the correct value, so there
is no point in logging something that's a "best guess" based off the
config.
2014-05-21 08:14:39 +00:00
Yawning Angel
cd56b1a86e Remove get_bridge_pt_addrport().
The code was not disambiguating ClientTransportPlugin configured and
not used, and ClientTransportPlugin configured, but in a failed state.

The right thing to do is to undo moving the get_transport_by_addrport()
call back into get_proxy_addrport(), and remove and explicit check for
using a Bridge since by the time the check is made, if a Bridge is
being used, it is PT/proxy-less.
2014-05-21 08:14:39 +00:00
Yawning Angel
41d2b4d3af Allow ClientTransportPlugins to use proxies
This change allows using Socks4Proxy, Socks5Proxy and HTTPSProxy with
ClientTransportPlugins via the TOR_PT_PROXY extension to the
pluggable transport specification.

This fixes bug #8402.
2014-05-21 08:14:38 +00:00
Nick Mathewson
2609b939d6 fix a wide line 2014-05-20 15:22:27 -04:00
Nick Mathewson
c21377e7bc sandbox: support logfile rotation
Fixes bug 12032; bugfix on 0.2.5.1-alpha
2014-05-20 15:21:48 -04:00
Nick Mathewson
268a117cdf sandbox: tolerate reloading with DirPortFrontPage set
Also, don't tolerate changing DirPortFrontPage.

Fixes bug 12028; bugfix on 0.2.5.1-alpha.
2014-05-20 14:58:28 -04:00
Nick Mathewson
465982012c sandbox: Disallow options which would make us call exec()
None of the things we might exec() can possibly run under the
sanbox, so rather than crash later, we have to refuse to accept the
configuration nice and early.

The longer-term solution is to have an exec() helper, but wow is
that risky.

fixes 12043; bugfix on 0.2.5.1-alpha
2014-05-20 12:21:31 -04:00
Nick Mathewson
f87071f49e sandbox: Permit access to stats/dirreq-stats
This prevents a crash when rotating logs with dirreq-stats enabled

fixes 12035; bugfix on 0.2.5.1-alpha.
2014-05-20 12:06:08 -04:00
Nick Mathewson
0b2b5b7606 Oops; permit rename with the correct filename 2014-05-20 12:03:27 -04:00
Nick Mathewson
ace9063fb4 Fix a sentence that I never 2014-05-20 11:58:18 -04:00
Nick Mathewson
f6d3006363 Sandbox: allow access to stats/bridge-stats
Fix for 12041; bugfix on 0.2.5.1-alpha.
2014-05-20 11:57:29 -04:00
Roger Dingledine
767b18ea8e note a comment that nickm didn't finish 2014-05-17 00:02:41 -04:00
Nick Mathewson
2d21a8f4d6 Merge remote-tracking branch 'public/bug11469_024' 2014-05-15 13:35:08 -04:00
Nick Mathewson
1badef5cec Use DirPort for uploading descriptors.
When we converted the horrible set of options that previously
controlled "use ORPort or DirPort? Anonymously or Non-anonymouly?" to
a single 'indirection' argument, we missed
directory_post_to_dirservers.

The problematic code was introduced in 5cbeb6080, which went into
0.2.4.3-alpha.  This is a fix for bug 11469.
2014-05-14 21:49:57 -04:00
Nick Mathewson
79c875ecdc Would-be fix for bug 7733: learn bridge ID from descriptor
If somebody has configured a client to use a bridge without setting
an identity digest (not recommended), learn the identity digest from
whatever bridge descriptor we have downloaded or have in our cache.
2014-05-14 14:34:01 -04:00
Nick Mathewson
9b4ac986cb Use tor_getpw{nam,uid} wrappers to fix bug 11946
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd).  The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.

To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.

(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox.  It's not desirable either.)
2014-05-14 13:53:14 -04:00
Nick Mathewson
e12af2adb0 Add a pair of wrapper functions: tor_getpwnam() and tor_getpwuid()
We'll use these to deal with being unable to access the user DB
after we install the sandbox, to fix bug 11946.
2014-05-14 13:50:43 -04:00
Andrea Shepard
39d4e67be8 Add --disable-mempools configure option 2014-05-12 18:23:34 -07:00
dana koch
d6e6c63baf Quench clang's complaints with -Wshorten-64-to-32 when time_t is not long.
On OpenBSD 5.4, time_t is a 32-bit integer. These instances contain
implicit treatment of long and time_t as comparable types, so explicitly
cast to time_t.
2014-05-11 23:36:00 -04:00
Nick Mathewson
4eb3018f94 Move structures into (private) part of buffers.h so we can inspect them while testing 2014-05-08 12:40:40 -04:00
Nick Mathewson
5b861ae53f Merge remote-tracking branch 'public/bug11648' 2014-05-08 12:01:23 -04:00
Nick Mathewson
411c622906 Merge commit 'bb9b4c37f8e7f5cf78918f382e90d8b11ff42551' into maint-0.2.4 2014-05-07 23:11:32 -04:00
Nick Mathewson
683b80bf81 Merge remote-tracking branch 'public/bug11737_diagnostic' 2014-05-07 22:52:44 -04:00
Nick Mathewson
0de2625675 Merge remote-tracking branch 'public/bug8387_diagnostic' 2014-05-07 22:15:24 -04:00
Nick Mathewson
48b9c6fcc6 Better log message for 8387 diagnostic 2014-05-07 22:13:29 -04:00
Nick Mathewson
6d39c8d156 Always finalize a zlib stream of server descriptors.
Possible fix for bug 11648.
2014-05-07 10:23:08 -04:00
Nick Mathewson
499e77663e Basic tests for get_unique_circ_id_by_chan. 2014-05-07 02:57:50 -04:00
Nick Mathewson
4a740451ac Merge remote-tracking branch 'public/bug11750' 2014-05-06 20:44:41 -04:00
Nick Mathewson
5cea500ce7 Merge branch 'bug11743_option_b' 2014-05-06 20:40:40 -04:00
Nick Mathewson
2fa601c797 Future-proof "id" lines against proposal 220. 2014-05-06 17:10:59 -04:00
Nick Mathewson
f077bb55ab fix a copy-paste comment mistake 2014-05-06 17:09:16 -04:00
Nick Mathewson
c7549cb4cd Merge remote-tracking branch 'karsten/bug11742' 2014-05-06 13:54:37 -04:00
Nick Mathewson
a06044a485 Check HT_REP_IS_BAD_() when giving a bug-7164 warning.
This may let us know if we're hitting 7164 because of an
hte_hash-corruption situation proposed by "cypherpunks" in bug
11737.
2014-05-06 13:03:24 -04:00
Nick Mathewson
0ad607d604 Faster chan_circid_entry_hash implementation
Since this is critical-path, let's tune the value we pass to
csiphash a little so it fits into one whole round.
2014-05-06 12:27:18 -04:00
Nick Mathewson
78301d99fe Fix compilation with DEBUG_DNS_CACHE
Reported by cypherpunks.

Fix for #11761; bugfix on 0.2.3.13-alpha where we made ht.h stop using
_identifiers.
2014-05-06 10:18:34 -04:00
Nick Mathewson
8127f4db30 Use siphash on channel/circuit-id map too
Fixes ticket 11750.
2014-05-05 12:13:58 -04:00
Nick Mathewson
4a621a50f5 Consensus method 18: Add a base64 ID digest to the microdesc
This is a stopgap measure to make sure that microdescriptors never
collide; see bug 11743.
2014-05-05 11:31:24 -04:00
Nick Mathewson
5d496963b4 Don't start sandbox except for CMD_RUN_TOR
This was crashing on --verify-config in the debian startup script, if you
had sandboxing enabled.  Fixes 11609; fix on 0.2.5.1-alpha.
2014-05-05 10:29:35 -04:00
Karsten Loesing
5e9bd1b5db Believe that v3 dirauths always serve extra infos.
Clients should always believe that v3 directory authorities serve
extra-info documents, regardless of whether their server descriptor
contains a "caches-extra-info" line or not.

Fixes part of #11683.
2014-05-05 15:31:52 +02:00
Karsten Loesing
1289474dbd Remove /tor/dbg-stability.txt URL.
The /tor/dbg-stability.txt URL was meant to help debug WFU and MTBF
calculations, but nobody was using it.

Fixes #11742.
2014-05-05 11:21:35 +02:00
Nick Mathewson
df03e9b737 have only one code path for #9635 logging 2014-05-01 12:40:33 -04:00
Nick Mathewson
7ad0cd209c Merge remote-tracking branch 'public/bug9635' 2014-05-01 12:39:39 -04:00
Nick Mathewson
a2b59dba71 Merge branch 'bug11654_squashed' 2014-05-01 12:34:59 -04:00
George Kadianakis
a787575b7f Fix a misuse of strlcpy() introduced by the #11156 patch. 2014-05-01 12:34:50 -04:00
Nick Mathewson
0e20825bf2 whitespace fix 2014-05-01 12:31:38 -04:00
Nick Mathewson
b51ce90777 Merge remote-tracking branch 'public/valgrind_tests' 2014-05-01 12:29:31 -04:00
Nick Mathewson
b6c8a14bf3 Merge remote-tracking branch 'public/bug4345a_024' 2014-05-01 12:13:07 -04:00
Nick Mathewson
1bbd3811c1 Merge remote-tracking branch 'public/bug10849_025'
Conflicts:
	src/or/config.c
2014-05-01 11:51:22 -04:00
Nick Mathewson
14bc6e8993 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/microdesc.c
2014-05-01 11:44:25 -04:00
Nick Mathewson
6a4f5d9b4d Downgrade bug 7164 warning to INFO
The 0.2.5.x warning is the one that might help us track this down; the
warnings in stable are just annoying users over and over and over.
2014-05-01 11:42:02 -04:00
Nick Mathewson
630b4af260 Merge remote-tracking branch 'andrea/bug11476' 2014-05-01 11:30:55 -04:00
Nick Mathewson
9511522bd4 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-30 20:26:55 -04:00
Nick Mathewson
efab3484e6 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-30 20:25:15 -04:00
Nick Mathewson
8828794dc2 Merge remote-tracking branch 'public/bug10849_023_bruteforce' into maint-0.2.3 2014-04-30 20:23:22 -04:00
Nick Mathewson
35699ef9f5 Drop the MaxMemInCellQueues lower limit down to 256 MB.
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.

This is a backport of 647248729f to 0.2.4.

Note that in 0.2.4, the option is called MaxMemInCellQueues.
2014-04-29 20:48:22 -04:00
Nick Mathewson
b0e078d5af Log info on ancient one-hop circuits in heartbeat
This is an attempt to diagnose 8387.
2014-04-29 14:02:12 -04:00
dana koch
88679aa53f Quench gcc's complaints about discarding constness in TO_ORIGIN_CIRCUIT.
This was previously satisfied by using a temporary variable, but there
are three other instances in circuitlist.c that gcc is now bothered by,
so now introduce a CONST_TO_ORIGIN_CIRCUIT that takes a const
circuit_t instead.
2014-04-29 13:18:12 -04:00
Nick Mathewson
0514bcd37c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-29 13:03:27 -04:00
Nick Mathewson
1d3ffc0ec9 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-29 13:02:18 -04:00
Nick Mathewson
65575b0755 Stop leaking memory in error cases of md parsing
When clearing a list of tokens, it's important to do token_clear()
on them first, or else any keys they contain will leak.  This didn't
leak memory on any of the successful microdescriptor parsing paths,
but it does leak on some failing paths when the failure happens
during tokenization.

Fixes bug 11618; bugfix on 0.2.2.6-alpha.
2014-04-29 13:00:00 -04:00
Nick Mathewson
212e982d9b Fix leaks in dir voting tests 2014-04-29 12:48:02 -04:00
Andrea Shepard
91ff10f6be Make --disable-buf-freelists build and pass unit tests 2014-04-29 02:18:34 -07:00
Nick Mathewson
1b7e297985 Fix capitalization of MaxMemInQueues
This won't affect anybody's configuration, but it makes it match what
we documented. Fixes part of 11634.
2014-04-28 12:25:52 -04:00
Nick Mathewson
4b519de5f9 Actually put ExtORPortCookieAuthFile into config.c
Fixes bug 11635; bugfix on 0.2.5.1-alpha.
2014-04-28 12:23:18 -04:00
Nick Mathewson
c7951731ed Fix memory leaks in test_circuit_timeout
Found with valgrind.
2014-04-26 00:10:04 -04:00
Nick Mathewson
f8248abbd6 Forbid TunneledDirConns 0 and PreferTunneledDirConns 0 if being a HS
Fixes bug 10849; bugfix on 0.2.1.1-alpha (I believe)
2014-04-25 14:24:41 -04:00
Nick Mathewson
d3c05a79f0 Merge branch 'scanbuild_fixes' 2014-04-25 01:24:39 -04:00
Nick Mathewson
95e617c828 whitespace fix 2014-04-24 12:34:23 -04:00
Nick Mathewson
5a9ac0df99 Merge remote-tracking branch 'public/bug11553_025' 2014-04-24 10:48:32 -04:00
Nick Mathewson
67aa3685e7 Merge branch 'bug11396_v2_squashed'
Conflicts:
	src/or/main.c
2014-04-24 10:31:38 -04:00
Nick Mathewson
e3af72647d Expose the real maxmeminqueues via a GETINFO
That is, GETINFO limits/max-mem-in-queues
2014-04-24 10:26:14 -04:00
Nick Mathewson
17ecd04fde Change the logic for the default for MaxMemInQueues
If we can't detect the physical memory, the new default is 8 GB on
64-bit architectures, and 1 GB on 32-bit architectures.

If we *can* detect the physical memory, the new default is
  CLAMP(256 MB, phys_mem * 0.75, MAX_DFLT)
where MAX_DFLT is 8 GB on 64-bit architectures and 2 GB on 32-bit
architectures.

You can still override the default by hand.  The logic here is simply
trying to choose a lower default value on systems with less than 12 GB
of physical RAM.
2014-04-24 10:26:14 -04:00
Nick Mathewson
aca05fc5c0 get_total_system_memory(): see how much RAM we have 2014-04-24 10:26:14 -04:00
Nick Mathewson
17ad309d33 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025
Conflicts:
	src/or/circuitbuild.c
2014-04-23 12:44:18 -04:00
Nick Mathewson
a770b74501 Improvements to #11553 fix based on review
Use a per-channel ratelim_t to control the rate at which we report
failures for each channel.

Explain why I picked N=32.

Never return a zero circID.

Thanks to Andrea and to cypherpunks.
2014-04-23 12:39:01 -04:00
Nick Mathewson
7a8cac14d5 Merge remote-tracking branch 'public/bug10268' 2014-04-23 11:11:08 -04:00
Nick Mathewson
66833311eb Merge remote-tracking branch 'public/bug11200' 2014-04-23 11:07:52 -04:00
Nick Mathewson
830492fbda Merge branch 'bug11156_issue2_squashed' 2014-04-23 11:05:54 -04:00
George Kadianakis
29c28d312c Slightly improve the documentation of src/or/transports.c
Make it clear that a SIGHUP is not the only action that can cause a
config re-read.
2014-04-23 11:05:45 -04:00
George Kadianakis
fa0c5da68b Rename the got_hup element of managed proxies.
Since we need to toggle that element in non-SIGHUP situations too where
the config was re-read (like in SETCONF or RESETCONF).
2014-04-23 11:05:45 -04:00
George Kadianakis
bf7cb6acf6 Don't halt bootstrap to figure out if we should restart PT proxies.
Instead, figure out if we should restart PT proxies _immediately_ after
we re-read the config file.
2014-04-23 11:05:45 -04:00
Nick Mathewson
9e44df2c98 Merge remote-tracking branch 'public/bug9229_024' into maint-0.2.4 2014-04-23 11:01:39 -04:00
Nick Mathewson
7b4b137dc9 Merge remote-tracking branch 'public/bug9229_025'
Conflicts:
	src/or/entrynodes.c
2014-04-23 11:00:49 -04:00
Nick Mathewson
78f555a248 scan-build: sizeof(ptr*) in a debugging log in ext_orport.c
Instead of taking the length of a buffer, we were taking the length of
a pointer, so that our debugging log would cover only the first
sizeof(void*) bytes of the client nonce.
2014-04-19 12:53:57 -04:00
Nick Mathewson
d4ad254917 scan-build: bulletproof last-chance errormsg generation in rendservice.c
If 'intro' is NULL in these functions, I'm pretty sure that the
error message must be set before we hit the end.  But scan-build
doesn't notice that, and is worried that we'll do a null-pointer
dereference in the last-chance errormsg generation.
2014-04-18 21:24:16 -04:00
Nick Mathewson
1b3bddd013 scan-build: Have clear_pending_onions walk the lists more obviously
As it stands, it relies on the fact that onion_queue_entry_remove
will magically remove each onionskin from the right list.  This
patch changes the logic to be more resilient to possible bugs in
onion_queue_entry_remove, and less confusing to static analysis tools.
2014-04-18 21:17:40 -04:00
Nick Mathewson
78bc814c04 scan-build: in cpuworker, initialize tv_start
scan-build doesn't realize that a request can't be timed at the end
unless it's timed at the start, and so it's not possible for us to
be subtracting start from end without start being set.
Nevertheless, let's not confuse it.
2014-04-18 21:12:45 -04:00
Nick Mathewson
895b6789e8 scan-build: get_proxy_addrport should always set its outputs
When get_proxy_addrport returned PROXY_NONE, it would leave
addr/port unset. This is inconsistent, and could (if we used the
function in a stupid way) lead to undefined behavior. Bugfix on
5b050a9b0, though I don't think it affects tor-as-it-is.
2014-04-18 20:41:40 -04:00
Nick Mathewson
7cd9520ba9 scan-build: when logging a path length, check build_state.
Throughout circuituse, when we log about a circuit, we log its
desired path length from build_state. scan-build is irrationally
concerned that build_state might be NULL.
2014-04-18 20:40:34 -04:00
Nick Mathewson
7106492571 scan-build: Be consistent with a needless check in circuitmux.c
In circuitmux_detach_all_circuits, we check whether an HT iterator
gives us NULL.  That should be impossible for an HT iterator.  But
our checking it has confused scan-build (justly) into thinking that
our later use of HT_NEXT_RMV might not be kosher.  I'm taking the
coward's route here and strengthening the check.  Bugfix on
fd31dd44. (Not a real bug though)
2014-04-18 20:35:59 -04:00
Nick Mathewson
0fd0f5f7a9 scan-build: Avoid crashing on BUG in circuit_get_by_rend_token_and_purpose
If we fail in circuit_get_by_rend_token_and_purpose because the
circuit has no rend_info, don't try to reference fiends from its
rend_info when logging an error.  Bugfix on 8b9a2cb68, which is
going into Tor 0.2.5.4-alpha.
2014-04-18 20:31:42 -04:00
Nick Mathewson
d1be2f5cf8 scan-build: circuit_cpath_support_ntor had a dead initialization
We were initializing cpath twice, which doesn't make sense.
2014-04-18 20:29:51 -04:00
Nick Mathewson
41a8930fa1 scan-build: check impossible null-pointer case in buffers.c
When maintaining buffer freelists, we don't skip more than there
are, so (*chp) can't be null to begin with.  scan-build has no way
to know that.
2014-04-18 20:28:46 -04:00
Nick Mathewson
0cca8dc35a Merge remote-tracking branch 'public/bug9963_v2_024' 2014-04-18 15:25:36 -04:00
Nick Mathewson
fd9961d220 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025 2014-04-18 13:23:44 -04:00
Nick Mathewson
985deaaaf7 Add a rate-limiter for the other circuitID exhaustion warning 2014-04-18 13:22:42 -04:00
Nick Mathewson
47a0c10728 Diagnostic warning to see if it's pending destroys causing 11553 2014-04-18 13:04:37 -04:00
Nick Mathewson
bd169aa9a5 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025
Conflicts:
	src/or/channel.h
2014-04-18 13:00:45 -04:00
Nick Mathewson
0d75344b0e Switch to random allocation on circuitIDs.
Fixes a possible root cause of 11553 by only making 64 attempts at
most to pick a circuitID.  Previously, we would test every possible
circuit ID until we found one or ran out.

This algorithm succeeds probabilistically. As the comment says:

  This potentially causes us to give up early if our circuit ID
  space is nearly full.  If we have N circuit IDs in use, then we
  will reject a new circuit with probability (N / max_range) ^
  MAX_CIRCID_ATTEMPTS.  This means that in practice, a few percent
  of our circuit ID capacity will go unused.

  The alternative here, though, is to do a linear search over the
  whole circuit ID space every time we extend a circuit, which is
  not so great either.

This makes new vs old clients distinguishable, so we should try to
batch it with other patches that do that, like 11438.
2014-04-18 12:58:58 -04:00
Nick Mathewson
bb9b4c37f8 Supply better and less frequent warnings on circID exhaustion
Fixes the surface behavior of #11553
2014-04-18 12:31:06 -04:00
Nick Mathewson
4367cbd71b Merge remote-tracking branch 'public/sandbox_fixes_rebased_2' 2014-04-16 23:45:55 -04:00
Nick Mathewson
c856193199 Merge remote-tracking branch 'andrea/bug11304' 2014-04-16 23:13:30 -04:00
Nick Mathewson
74ddd5f739 Merge remote-tracking branch 'andrea/bug11306' 2014-04-16 23:13:27 -04:00
Nick Mathewson
973661394a Merge branch '10267_plus_10896_rebased_twice' 2014-04-16 23:03:41 -04:00
Nick Mathewson
89e520e2a7 Call pf-divert openbsd-specific, not no-linux 2014-04-16 23:03:25 -04:00
Nick Mathewson
c00c45fee1 Fix OSX compilation. 2014-04-16 23:03:25 -04:00
Nick Mathewson
db8259c230 Whitespace, doc fixes 2014-04-16 23:03:25 -04:00
dana koch
f680d0fdd2 Educate tor on OpenBSD's use of divert-to rules with the pf firewall.
This means that tor can run without needing to communicate with ioctls
to the firewall, and therefore doesn't need to run with privileges to
open the /dev/pf device node.

A new TransProxyType is added for this purpose, "pf-divert"; if the user
specifies this TransProxyType in their torrc, then the pf device node is
never opened and the connection destination is determined with getsockname
(as per pf(4)). The default behaviour (ie., when TransProxyType is "default"
when using the pf firewall) is still to assume that pf is configured with
rdr-to rules.
2014-04-16 23:03:25 -04:00
Nick Mathewson
08ef8c0958 tor_addr_from_sockaddr() is applicable in ipfw code, so use it. 2014-04-16 23:03:25 -04:00
Nick Mathewson
3e4680f312 ipfw TransPort support on FreeBSD (10267)
This isn't on by default; to get it, you need to set "TransProxyType
ipfw".  (The original patch had automatic detection for whether
/dev/pf is present and openable, but that seems marginally fragile.)
2014-04-16 23:03:25 -04:00
Nick Mathewson
2ae47d3c3a Block certain option transitions while sandbox enabled 2014-04-16 22:03:18 -04:00
Nick Mathewson
c80a6bd9d5 Don't reload logs or rewrite pidfile while sandbox is active 2014-04-16 22:03:18 -04:00
Nick Mathewson
6194970765 Don't allow change to ConnLimit while sandbox is active 2014-04-16 22:03:18 -04:00
Nick Mathewson
18f7f49a8c Allow reloading torrc and writing to router-stability 2014-04-16 22:03:17 -04:00
Nick Mathewson
ce776cf270 Add a couple of missing renames so the server sandbox works again 2014-04-16 22:03:09 -04:00
Nick Mathewson
e6785ee16d Get Libevent's PRNG functioning under the linux sandbox
Libevent uses an arc4random implementation (I know, I know) to
generate DNS transaction IDs and capitalization.  But it liked to
initialize it either with opening /dev/urandom (which won't work
under the sandbox if it doesn't use the right pointer), or with
sysctl({CTL_KERN,KERN_RANDOM,RANDOM_UUIC}).  To make _that_ work, we
were permitting sysctl unconditionally.  That's not such a great
idea.

Instead, we try to initialize the libevent PRNG _before_ installing
the sandbox, and make sysctl always fail with EPERM under the
sandbox.
2014-04-16 22:03:09 -04:00
Nick Mathewson
156eefca45 Make sure everything using an interned string is preceded by a log
(It's nice to know what we were about to rename before we died from
renaming it.)
2014-04-16 22:03:09 -04:00
Nick Mathewson
71eaebd971 Drop 'fr' parameter from sandbox code.
Appearently, the majority of the filenames we pass to
sandbox_cfg_allow() functions are "freeable right after". So, consider
_all_ of them safe-to-steal, and add a tor_strdup() in the few cases
that aren't.

(Maybe buggy; revise when I can test.)
2014-04-16 22:03:08 -04:00
Nick Mathewson
e051e192a8 Remove nonsensical exec permission from sandbox code. 2014-04-16 22:03:08 -04:00
Nick Mathewson
cbfb8e703e Add 'rename' to the sandboxed syscalls
(If we don't restrict rename, there's not much point in restricting
open, since an attacker could always use rename to make us open
whatever they want.)
2014-04-16 22:03:08 -04:00
Nick Mathewson
ae9d6d73f5 Fix some initial sandbox issues.
Allow files that weren't in the list; Allow the _sysctl syscall;
allow accept4 with CLOEXEC and NONBLOCK.
2014-04-16 22:03:07 -04:00
Nick Mathewson
438a03ef7c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-16 15:37:19 -04:00
Nick Mathewson
3fc0f9efb8 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 14:57:14 -04:00
Nick Mathewson
ef3d7f2f97 remove note about dannenberg; it has upgraded. 2014-04-16 14:56:49 -04:00
Nick Mathewson
f050cf75b0 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 13:32:20 -04:00
Nick Mathewson
2ce0750d21 Update the authority signing key blacklist
Now it only has dannenberg
2014-04-16 13:31:40 -04:00
Andrea Shepard
65a0f895c7 Check for orconns and use connection_or_close_for_error() when appropriate in connection_handle_write_impl() 2014-04-15 23:03:16 -07:00
Andrea Shepard
6ee9138576 Call connection_or_close_for_error() properly if write_to_buf() ever fails on an orconn 2014-04-15 21:25:49 -07:00
Andrea Shepard
f36e93206a Avoid redundant calls to connection_mark_for_close() on listeners when setting DisableNetwork to 1 2014-04-15 20:35:31 -07:00
Andrea Shepard
a5544e589d Close orconns correctly through channels when setting DisableNetwork to 1 2014-04-15 20:19:39 -07:00
Nick Mathewson
03e0c7e366 Answer a question in a comment; fix a wide line. 2014-04-15 20:52:31 -04:00
dana koch
3ce3984772 Uplift status.c unit test coverage with new test cases and macros.
A new set of unit test cases are provided, as well as introducing
an alternative paradigm and macros to support it. Primarily, each test
case is given its own namespace, in order to isolate tests from each
other. We do this by in the usual fashion, by appending module and
submodule names to our symbols. New macros assist by reducing friction
for this and other tasks, like overriding a function in the global
namespace with one in the current namespace, or declaring integer
variables to assist tracking how many times a mock has been called.

A set of tests for a small-scale module has been included in this
commit, in order to highlight how the paradigm can be used. This
suite gives 100% coverage to status.c in test execution.
2014-04-15 15:00:34 -04:00
Nick Mathewson
9556668f5f Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-15 14:52:12 -04:00
Nick Mathewson
f3c20a28ab Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/circuituse.c
2014-04-15 14:51:19 -04:00
Nick Mathewson
b2106956e0 Don't send uninitialized stack to the controller and say it's a date.
Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha.
2014-04-14 21:51:30 -04:00
Nick Mathewson
bc4c966851 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-14 18:00:54 -04:00
Nick Mathewson
149931571a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/routerlist.h
2014-04-14 18:00:38 -04:00
Nick Mathewson
09ed8a5dbb Tweak changes file and comment dates. 2014-04-14 17:58:49 -04:00
Nick Mathewson
46cf63bb42 Fill in the list of blacklisted signing keys.
I used a list of certificate files from arma, and a little script,
both at 11464.
2014-04-14 17:57:39 -04:00
Nick Mathewson
50ad393924 Code to blacklist authority signing keys
(I need a list of actual signing keys to blacklist.)
2014-04-14 17:57:39 -04:00
Nick Mathewson
a790454368 Demote "we stalled too much while trying to write" message to INFO
Resolves ticket 5286.
2014-04-09 11:34:00 -04:00
Nick Mathewson
fa6b80d6e5 Merge remote-tracking branch 'public/bug10431' 2014-04-09 08:29:21 -04:00
Roger Dingledine
aacbf551c4 note a missing word 2014-04-09 01:01:52 -04:00
Nick Mathewson
6a0dc0e585 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-08 20:30:30 -04:00
Nick Mathewson
6ab10a5466 Make num_bridges_usable work properly.
My first implementation was broken, since it returned "whether there
is one bridge" rather than "how many bridges."

Also, the implementation for the n_options_out feature in
choose_random_entry_impl was completely broken due to a missing *.
2014-04-08 15:51:40 -04:00
Nick Mathewson
689863d0a9 Merge branch 'bug2454_025_squashed' 2014-04-08 15:37:15 -04:00
Matthew Finkel
2d5a7b1842 Check for new IP addr after circuit liveliness returns
When we successfully create a usable circuit after it previously
timed out for a certain amount of time, we should make sure that
our public IP address hasn't changed and update our descriptor.
2014-04-08 15:37:01 -04:00
Nick Mathewson
245f273aaf Merge branch 'bug7952_final'
Conflicts:
	src/test/include.am
	src/test/test.c
2014-04-08 13:55:02 -04:00
rl1987
51e13cd1ad Making entire exit policy available to Tor controller. 2014-04-08 13:50:02 -04:00
Nick Mathewson
3ac426afe8 Merge remote-tracking branch 'public/bug4241' 2014-04-08 12:41:03 -04:00
Nick Mathewson
fffc59b0e9 Merge remote-tracking branch 'public/bug9841_025' 2014-04-08 12:06:03 -04:00
Nick Mathewson
ab1a679eef Fix a small memory leak when resolving PTR addresses
Fixes bug 11437; bugfix on 0.2.4.7-alpha.

Found by coverity; this is CID 1198198.
2014-04-07 23:29:47 -04:00
Nick Mathewson
f0bce2dc35 Fix some harmless/untriggerable memory leaks found by coverity 2014-04-07 23:20:13 -04:00
Nick Mathewson
595303fd1e Merge remote-tracking branch 'public/bug10363_024_squashed' 2014-04-07 23:03:04 -04:00
Nick Mathewson
092ac26ea2 Fix undefined behavior with pointer addition in channeltls.c
In C, it's a bad idea to do this:

   char *cp = array;
   char *end = array + array_len;

   /* .... */

   if (cp + 3 >= end) { /* out of bounds */ }

because cp+3 might be more than one off the end of the array, and
you are only allowed to construct pointers to the array elements,
and to an element one past the end.  Instead you have to say

   if (cp - array + 3 >= array_len) { /* ... */ }

or something like that.

This patch fixes two of these: one in process_versions_cell
introduced in 0.2.0.10-alpha, and one in process_certs_cell
introduced in 0.2.3.6-alpha.  These are both tracked under bug
10363. "bobnomnom" found and reported both. See also 10313.

In our code, this is likely to be a problem as we used it only if we
get a nasty allocator that makes allocations end close to (void*)-1.
But it's best not to have to worry about such things at all, so
let's just fix all of these we can find.
2014-04-07 22:56:42 -04:00
Nick Mathewson
6d0991ea08 Give no answer, not NOTIMPL, for unsupported DNS query types
According to reports, most programs degrade somewhat gracefully on
getting no answer for an MX or a CERT for www.example.com, but many
flip out completely on a NOTIMPL error.

Also, treat a QTYPE_ALL query as just asking for an A record.

The real fix here is to implement proposal 219 or something like it.

Fixes bug 10268; bugfix on 0.2.0.1-alpha.

Based on a patch from "epoch".
2014-04-07 22:08:41 -04:00
Nick Mathewson
90341b4852 For missing transport, say "PT_MISSING" not "NO_ROUTE" 2014-04-07 13:44:22 -04:00
Nick Mathewson
754a50592c Forward-port bug9665 fix to work with our fix for 11069 2014-04-07 13:41:07 -04:00
Fábio J. Bertinatto
08ae53e400 Fix bug9665 2014-04-07 13:36:36 -04:00
Nick Mathewson
bc0882c868 Merge remote-tracking branch 'public/bug9650' 2014-04-05 14:53:48 -04:00
Nick Mathewson
2ff664ee20 Merge remote-tracking branch 'public/bug10801_024'
Conflicts:
	src/common/address.c
	src/or/config.c
2014-04-05 14:50:57 -04:00
Nick Mathewson
8f16a77d6a Protocol_Warn when a rendezvous cookie is used twice. 2014-04-04 12:17:16 -04:00
Nick Mathewson
1bb6e3b503 Merge remote-tracking branch 'public/bug9841_024_v2' into bug9841_025 2014-04-04 12:05:51 -04:00
Nick Mathewson
09dbcf3b82 Fix to 9841 fix: setting a token to NULL should clear it
Found by testing with chutney.  The old behavior was "fail an
assertion", which obviously isn't optimal.

Bugfix on 8b9a2cb68b290e550695124d7ef0511225b451d5; bug not in any
released version.
2014-04-04 12:01:49 -04:00
Nick Mathewson
d290e36576 Fix make_socket_reusable() on windows. Bug not in any released Tor 2014-04-02 21:11:45 -04:00
Nick Mathewson
24c4b56a39 Merge remote-tracking branch 'public/bug10081' 2014-04-02 15:45:20 -04:00
Nick Mathewson
da908a593f Unit tests for connection_edge_process_resolved_cell
Also rename a function to be more accurate (resolve->resolved)
2014-04-02 15:38:00 -04:00
Nick Mathewson
c230ff4ca9 Look at all of a RESOLVED cell; not just the first answer.
Also, stop accepting the old kind of RESOLVED cells with no TTL
fields; they haven't been sent since 0.1.1.6-alpha.

This patch won't work without the fix to #10468 -- it will break
DNSPorts unless they set the proper ipv4/6 flags on entry_connection_t.
2014-04-02 15:38:00 -04:00
Nick Mathewson
2f59d6e2d8 Drop MAX_REND_FAILURES to 8 2014-04-02 15:36:13 -04:00
Nick Mathewson
4fb3ae69a6 Extract code to handle RESOLVED cells
No other changes have been made; only code has been moved.
2014-04-01 23:30:41 -04:00
Nick Mathewson
17d5734df4 Merge remote-tracking branch 'public/bug11278' 2014-04-01 21:56:49 -04:00
Nick Mathewson
86f619d0d3 Merge remote-tracking branch 'public/bug10468_024' 2014-04-01 21:50:55 -04:00
Nick Mathewson
fc9e84062b Merge remote-tracking branch 'public/bug4645'
Conflicts:
	src/or/dirserv.c
2014-04-01 21:49:01 -04:00
Nick Mathewson
408bd98e79 Add one more missing heck on bug4645 fixes 2014-04-01 21:10:14 -04:00
Nick Mathewson
b4b91864bb Merge remote-tracking branch 'public/bug9870'
Conflicts:
	src/or/config.c
2014-04-01 20:48:15 -04:00
Nick Mathewson
c0441cca8b Merge branch 'bug8787_squashed' 2014-03-31 11:57:56 -04:00
Nick Mathewson
1a9b4bd28c Munmap the right pointers in routerlist_free() 2014-03-31 11:43:51 -04:00
Nick Mathewson
449b87791d NULL out all mappings after tor_munmap_file() 2014-03-31 11:42:49 -04:00
Andrea Shepard
abdf1878a3 Always check returns from unlink() 2014-03-31 11:27:08 -04:00
Andrea Shepard
df076eccfa Always check returns from tor_munmap_file() in microdesc.c 2014-03-31 11:27:08 -04:00
Andrea Shepard
947a6daa31 Always check returns from tor_munmap_file() in routerlist.c 2014-03-31 11:27:08 -04:00
Nick Mathewson
f82e499aa5 Merge remote-tracking branch 'public/bug11342' 2014-03-31 10:51:09 -04:00
Nick Mathewson
5e0cfba969 Fix a clang compilation warning
Subtracting two time_t values was yielding something that maybe
can't be fit in an int.

Bugfix on 0389d4aa; bug not in any released Tor.
2014-03-31 10:07:42 -04:00
Nick Mathewson
bfe783f167 Make dump_desc() use binary mode
Otherwise, it could mung the thing that came over the net on windows,
which would defeat the purpose of recording the unparseable thing.

Fixes bug 11342; bugfix on 0.2.2.1-alpha.
2014-03-27 23:53:03 -04:00
Nick Mathewson
9efd970dd9 Merge branch 'bug9658_refactor' 2014-03-27 23:00:28 -04:00
Nick Mathewson
6ad7f3417c Renamed "onionskins_completed" to "onionskins_assigned"
This improves the accuracy of the function/variable names.
2014-03-27 22:57:53 -04:00
Nick Mathewson
46a3914079 Respond to AAAA requests on DNSPort with AAAA automaps
Other DNS+IPv6 problems remain, but at least this fixes the
automapping.

Fixes bug 10468; bugfix on 0.2.4.7-alpha.
2014-03-27 17:41:43 -04:00
Nick Mathewson
753a246a14 check outputs from get_first_listener_addrport_string
Fix for 9650; bugfix for 0.2.3.16-alpha.
2014-03-27 17:12:01 -04:00
Nick Mathewson
b0bbe6b2f1 Report only the first bootstrap failure from an orconn
Otherwise, when we report "identity mismatch", we then later report
DONE when the connection gets closed.

Fixes bug 10431; bugfix on 0.2.1.1-alpha.
2014-03-27 15:58:43 -04:00
Nick Mathewson
24e0b1088a whitespace fix 2014-03-27 15:34:57 -04:00
Nick Mathewson
9c0a1adfa2 Don't do a DNS lookup on a bridge line address
Fixes bug 10801; bugfix on 07bf274d in 0.2.0.1-alpha.
2014-03-27 15:31:29 -04:00
Nick Mathewson
2721246f5d Merge branch 'bug7164_diagnose_harder_v2' 2014-03-27 14:26:21 -04:00
Nick Mathewson
0389d4aa56 More logs to try to diagnose bug 7164
This time, check in microdesc_cache_clean() to see what could be
going wrong with an attempt to clean a microdesc that's held by a node.
2014-03-27 14:23:19 -04:00
Nick Mathewson
de9de9e7dd Give specific warnings when client-side onionskin handshakes fail
Fix for bug9635.
2014-03-27 14:15:53 -04:00
Nick Mathewson
60abc4804f Don't warn when setsockopt(SO_REUSEABLE) on accept()ed socket says EINVAL
This should fix bug10081.  I believe this bug pertains to OSX
behavior, not any Tor behavior change.
2014-03-27 13:55:18 -04:00
Nick Mathewson
5b36f0d7e7 Log descriptor-download bootstrapping messages less verbosely
This is a fix for 9963.  I say this is a feature, but if it's a
bugfix, it's a bugfix on 0.2.4.18-rc.

Old behavior:

    Mar 27 11:02:19.000 [notice] Bootstrapped 50%: Loading relay descriptors.
    Mar 27 11:02:20.000 [notice] Bootstrapped 51%: Loading relay descriptors.
    Mar 27 11:02:20.000 [notice] Bootstrapped 52%: Loading relay descriptors.
    ... [Many lines omitted] ...
    Mar 27 11:02:29.000 [notice] Bootstrapped 78%: Loading relay descriptors.
    Mar 27 11:02:33.000 [notice] We now have enough directory information to build circuits.

New behavior:

    Mar 27 11:16:17.000 [notice] Bootstrapped 50%: Loading relay descriptors
    Mar 27 11:16:19.000 [notice] Bootstrapped 55%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 60%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 65%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 70%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 75%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] We now have enough directory information to build circuits.
2014-03-27 11:23:53 -04:00
Nick Mathewson
6da2544f20 Turn off testing code for #9683.
(This wasn't supposed to get committed turned-on.)
2014-03-26 10:31:56 -04:00
Nick Mathewson
07eb481492 Demote "Invalid length on ESTABLISH_RENDEZVOUS" to protocol_warn
Fixes bug 11279
2014-03-25 11:55:27 -04:00
Nick Mathewson
d5e11f21cc Fix warnings from doxygen
Most of these are simple.  The only nontrivial part is that our
pattern for using ENUM_BF was confusing doxygen by making declarations
that didn't look like declarations.
2014-03-25 11:27:43 -04:00
Nick Mathewson
852fd1819e Free placeholder circid/chan->circuit map entries on exit
In circuitlist_free_all, we free all the circuits, removing them from
the map as we go, but we weren't actually freeing the placeholder
entries that we use to indicate pending DESTROY cells.

Fix for bug 11278; bugfix on the 7912 code that was merged in
0.2.5.1-alpha
2014-03-25 10:14:26 -04:00
Roger Dingledine
85ef58e5ba quiet the debug message in circuit_build_times_disabled()
something recently made it get called once per second, which will clutter
up your debug log file.
2014-03-24 02:33:17 -04:00
Nick Mathewson
3ddbf2880f Merge remote-tracking branch 'public/bug11275_024' 2014-03-23 15:56:23 -04:00
Roger Dingledine
eff16e834b Stop leaking 'sig' at each call of router_append_dirobj_signature()
The refactoring in commit cb75519b (tor 0.2.4.13-alpha) introduced
this leak.
2014-03-23 15:53:51 -04:00
Roger Dingledine
ddaeb4deee Be more lenient in our fix for bug 11149
There are still quite a few 0.2.3.2x relays running for x<5, and while I
agree they should upgrade, I don't think cutting them out of the network
is a net win on either side.
2014-03-23 02:53:08 -04:00
Nick Mathewson
f560eeadc3 Remove the unused circuit_dump_by_chan().
Also remove its helper function.
2014-03-23 00:28:39 -04:00
Nick Mathewson
2cfc4453c2 Merge remote-tracking branch 'public/bug9683_rebased' 2014-03-23 00:20:05 -04:00
Nick Mathewson
f4e2c72bee Merge remote-tracking branch 'karsten/task-11070' 2014-03-23 00:18:48 -04:00
Nick Mathewson
f2c6c5e69c Merge branch 'ticket11149' 2014-03-23 00:18:11 -04:00
Andrea Shepard
3b31b45ddb Appease make check-spaces 2014-03-18 10:26:44 -07:00
Karsten Loesing
7450403410 Take out remaining V1 directory code. 2014-03-18 10:40:10 +01:00
Nick Mathewson
d769cab3e5 Defensive programming: null [pn]_chan,circ_id in circuit_mark_for_close_
Doing this as part of the patch for #9683 to prevent possible bugs
down the line
2014-03-14 11:58:34 -04:00
Nick Mathewson
1a74360c2d Test code for implementation of faster circuit_unlink_all_from_channel
This contains the obvious implementation using the circuitmux data
structure.  It also runs the old (slow) algorithm and compares
the results of the two to make sure that they're the same.

Needs review and testing.
2014-03-14 11:57:51 -04:00
Nick Mathewson
d01cf18ecb should_disable_dir_fetches() now returns 1 if DisableNetwork==1
This change prevents LD_BUG warnings and bootstrap failure messages
when we try to do directory fetches when starting with
DisableNetwork == 1, a consensus present, but no descriptors (or
insufficient descriptors) yet.

Fixes bug 11200 and bug 10405.  It's a bugfix on 0.2.3.9-alpha.
Thanks to mcs for walking me through the repro instructions!
2014-03-14 10:42:49 -04:00
Nick Mathewson
df836b45b0 Merge remote-tracking branch 'asn/bug5018_notice' 2014-03-12 11:10:51 -04:00
Nick Mathewson
9077118ee2 Remove the unused router_hex_digest_matches
When I removed some unused functions in 5bfa373eee, this became
unused as well.
2014-03-11 11:17:46 -04:00
Nick Mathewson
cce06b649e Merge remote-tracking branch 'asn/bug11069_take2' 2014-03-11 11:04:47 -04:00
George Kadianakis
1c475eb018 Throw control port warning if we failed to connect to all our bridges. 2014-03-10 22:52:07 +00:00
George Kadianakis
cc1bb19d56 Tone down the log message for when we don't need a PT proxy. 2014-03-10 22:05:31 +00:00
Nick Mathewson
7aa2192048 Fix our check for the "first" bridge descriptor.
This is meant to be a better bug 9229 fix -- or at least, one more
in tune with the intent of the original code, which calls
router_retry_directory_downloads() only on the first bridge descriptor.
2014-03-10 15:11:21 -04:00
Nick Mathewson
db72479eea Update ns downloads when we receive a bridge descriptor
This prevents long stalls when we're starting with a state file but
with no bridge descriptors.  Fixes bug 9229.  I believe this bug has
been present since 0.2.0.3-alpha.
2014-03-10 15:01:27 -04:00
Nick Mathewson
b8ceb464e5 Merge branch 'bug11156_squashed' 2014-03-10 14:08:38 -04:00
Nick Mathewson
0c04416c11 Merge branch 'bug11043_take2_squashed' 2014-03-10 14:08:29 -04:00
George Kadianakis
6606e676ee Don't do directory fetches before all PTs have been configured. 2014-03-10 14:07:56 -04:00
George Kadianakis
8c8e21e296 Improve the log message for when the Extended ORPort is not enabled. 2014-03-10 12:54:46 -04:00
Nick Mathewson
a50690e68f Merge remote-tracking branch 'origin/maint-0.2.4' 2014-03-06 11:52:22 -05:00
Nick Mathewson
4a2a1e572e Merge branch 'bug11108' 2014-03-06 10:22:40 -05:00
Nick Mathewson
cbf9e74236 Correct the URL in the "a relay on win95???" message
This is a fix for 9393; it's not a bugfix on any Tor version per se,
but rather on whatever Tor version was current when we reorganized the
wiki.
2014-03-06 09:57:42 -05:00
Nick Mathewson
a4b447604a Stop accepting 0.2.2 relay uploads for the consensus.
Resolves ticket 11149.
2014-03-06 09:38:35 -05:00
Nick Mathewson
663aba07e5 Fix whitespace errors, all of them mine. 2014-03-05 14:36:32 -05:00
Nick Mathewson
22ccfc6b5f Rename PredictedCircsRelevanceTime->PredictedPortsRelevanceTime
All circuits are predictive; it's the ports that are expiring here.
2014-03-05 14:35:07 -05:00
Nick Mathewson
103cebd924 Merge branch 'ticket9176_squashed'
Conflicts:
	doc/tor.1.txt
2014-03-05 14:32:05 -05:00
Nick Mathewson
25374d307d Fix wide lines. 2014-03-05 14:31:13 -05:00
Nick Mathewson
2c25bb413e Lower the maximum for PrecictedCircsRelevanceTime to one hour 2014-03-05 14:31:13 -05:00
unixninja92
4f03804b08 Fixed spacing. 2014-03-05 14:31:13 -05:00
unixninja92
5c310a4fa2 Added max value to PredictedCircsRelevanceTime. 2014-03-05 14:31:13 -05:00
unixninja92
898154f717 PredictedCircsRelevanceTime: limit how long we predict a port will be used
By default, after you've made a connection to port XYZ, we assume
you might still want to have an exit ready to connect to XYZ for one
hour. This patch lets you lower that interval.

Implements ticket 91
2014-03-05 14:29:54 -05:00
Nick Mathewson
f0b2dc83b6 Merge remote-tracking branch 'arma/ticket5528'
Conflicts:
	src/or/router.c
	src/test/test_dir.c
2014-03-05 12:44:40 -05:00
Nick Mathewson
496fe685fd Include v3 in documented 'protocols' in rend_service_descriptor_t
Also make it unsigned and document that it's for INTRODUCE cell versions.

Fixes 9099; bugfix on 0.2.1.5-alpha, which introduced the v3 protocol.
2014-03-04 12:03:18 -05:00
Nick Mathewson
ab225aaf28 Merge branch 'bug10169_025_v2'
Conflicts:
	src/test/test.c
2014-03-04 11:03:30 -05:00
Nick Mathewson
bb37544214 Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/common/compat_libevent.h
	src/or/relay.c
2014-03-04 11:00:02 -05:00
Nick Mathewson
46118d7d75 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	src/or/relay.c
2014-03-04 10:54:54 -05:00
Nick Mathewson
0db39eb89f ATTR_NORETURN is needed on lost_owning_controller now
This should fixes some "hey, that function could have
__attribute__((noreturn))" warnings  introduced by f96400d9.

Bug not in any released version of Tor.
2014-03-03 10:54:20 -05:00
Nick Mathewson
4050dfa320 Warn if ports are specified in {Socks,Dir}Policy
We have ignored any ports listed here since 80365b989 (0.0.7rc1),
but we didn't warn the user that we were ignoring them.  This patch
adds a warning if you put explicit ports in any of the options
{Socks,Dir}Policy or AuthDir{Reject,Invalid,BadDir,BadExit}.  It
also adjusts the manpage to say that ports are ignored.

Fixes ticket 11108.
2014-03-03 10:45:39 -05:00
Roger Dingledine
bd49653f8e trivial whitespace fixes 2014-03-03 06:53:08 -05:00
Nick Mathewson
0b7a66fac7 whitespace fix 2014-02-28 08:57:29 -05:00
Nick Mathewson
273f536d72 Merge branch 'bug10884_squashed' 2014-02-28 08:54:50 -05:00
Nick Mathewson
886d4be149 Unit tests for test_routerkeys_write_fingerprint 2014-02-28 08:53:14 -05:00
Nick Mathewson
25c0435aa5 Tighten router_write_fingerprint impl 2014-02-28 08:53:14 -05:00
Karsten Loesing
3ca5fe81e3 Write hashed bridge fingerprint to logs and to disk.
Implements #10884.
2014-02-28 08:53:13 -05:00
Nick Mathewson
043329eeb6 Merge remote-tracking branch 'karsten/task-5824' 2014-02-28 08:32:13 -05:00
Nick Mathewson
833d027778 Monotonize the OOM-killer data timers
In a couple of places, to implement the OOM-circuit-killer defense
against sniper attacks, we have counters to remember the age of
cells or data chunks.  These timers were based on wall clock time,
which can move backwards, thus giving roll-over results for our age
calculation.  This commit creates a low-budget monotonic time, based
on ratcheting gettimeofday(), so that even in the event of a time
rollback, we don't do anything _really_ stupid.

A future version of Tor should update this function to do something
even less stupid here, like employ clock_gettime() or its kin.
2014-02-26 09:51:30 -05:00
Nick Mathewson
bf1678603f Merge remote-tracking branch 'public/bug10449' 2014-02-25 16:09:15 -05:00
Nick Mathewson
c3800f631b Merge remote-tracking branch 'public/no_itime_queue' into maint-0.2.4 2014-02-25 15:58:53 -05:00
Nick Mathewson
d21b24b3b6 Merge remote-tracking branch 'public/feature9777_024_squashed' into maint-0.2.4 2014-02-24 13:05:25 -05:00
Nick Mathewson
1753975ece When not an exit node, don't test for DNS hijacking.
Back in 5e762e6a5c, non-exit servers
stopped launching DNS requests for users.  So there's no need for them
to see if their DNS answers are hijacked.

Patch from Matt Pagan.  I think this is a 965 fix.
2014-02-21 18:04:48 +00:00
Nick Mathewson
6eba3584b1 Merge remote-tracking branch 'public/bug10987_024' 2014-02-21 17:29:48 +00:00
Nick Mathewson
f3e8271652 Style tweaks on code, changes file for 10987 2014-02-21 17:27:35 +00:00
David Goulet
1532cff2ce Fix: send back correct IPv6 SOCKS5 connect reply
For a client using a SocksPort connection and IPv6, the connect reply
from tor daemon did not handle AF_INET6 thus sending back the wrong
payload to the client.

A changes file is provided and this fixes #10987

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-02-21 17:19:11 +00:00
Nick Mathewson
3dfed0806c Merge remote-tracking branch 'public/bug10722' 2014-02-16 12:13:12 -05:00
Nick Mathewson
b5d6e47002 Warning message when bug 10722 would trigger
If somebody's excludenodes settings are keeping their hidden service
connections from working, they should probably get notified about it.
2014-02-16 12:11:07 -05:00
Nick Mathewson
35423d397f Merge branch 'bug4900_siphash_v2' 2014-02-15 15:59:10 -05:00
Nick Mathewson
b3a6907493 Remove a bunch of functions that were never called. 2014-02-15 15:33:34 -05:00
Nick Mathewson
67749475f5 Merge remote-tracking branch 'public/bug10841' 2014-02-15 15:06:06 -05:00
Nick Mathewson
ac5ae794bd tristate->enum in rendcommon functions
When we have more than two return values, we should really be using
an enum rather than "-2 means this, -1 means that, 0 means this, and
1 or more means a number."
2014-02-14 23:23:53 -05:00
Karsten Loesing
c024ff8671 Remove another unused v0 hidserv function.
Noted by Nick on #10841.
2014-02-14 17:54:16 +01:00
Nick Mathewson
949c9ae26b Tweak sign of rend_token params for consistency 2014-02-13 15:24:09 -05:00
Nick Mathewson
ecf61e924d Merge remote-tracking branch 'public/bug9841_024_v2' into bug9841_025
Conflicts:
	src/or/circuitlist.c
2014-02-13 14:49:15 -05:00
Nick Mathewson
8b9a2cb68b Faster circuit_get_by_rend_token_and_purpose()
On busy servers, this function takes up something like 3-7% in
different profiles, and gets invoked every time we need to participate
as the midpoint in a hidden service.

So maybe walking through a linked list of all the circuits here wasn't
a good idea.
2014-02-13 14:44:43 -05:00
Nick Mathewson
c4bb3c8d44 Log only one message for dangerous log settings.
We log only one message, containing a complete list of what's
wrong.  We log the complete list whenever any of the possible things
that could have gotten wrong gets worse.

Fix for #9870. Bugfix on 10480dff01, which we merged in
0.2.5.1-alpha.
2014-02-12 15:32:50 -05:00
Nick Mathewson
79c234e0e3 On OOM, also log N circuits remaining 2014-02-12 13:09:02 -05:00
Nick Mathewson
c8d41da52d More unit tests for OOM handling.
This gets us up to no interesting untested new or changed lines for
the 10169 code.
2014-02-12 12:50:16 -05:00
Nick Mathewson
9a07ec751f Refactor OOM-handling functions for more testability
This patch splits out some of the functions in OOM handling so that
it's easier to check them without involving the rest of Tor or
requiring that the circuits be "wired up".
2014-02-12 12:48:20 -05:00
Nick Mathewson
f425cf8338 Start writing tests for 10169.
Now we cover more chunk allocation functions.
2014-02-12 12:47:49 -05:00
Nick Mathewson
eb6f433bdb Debugging code inbuffers.c for debugging chunk allocation.
Currently on; will disable later in this branch.
2014-02-12 12:46:17 -05:00
Nick Mathewson
87fb1e324c Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/or/circuitlist.c
2014-02-12 12:44:58 -05:00
Nick Mathewson
05d8111eed Merge remote-tracking branch 'public/bug10169_023' into bug10169_024 2014-02-12 12:39:15 -05:00
Nick Mathewson
fd28754dd3 Actually release buffer freelists when handling OOM conditions.
Otherwise freeing buffers won't help for a little while.
2014-02-12 12:38:20 -05:00
Nick Mathewson
7951591744 Fix bugs in bug10169 bugfix memory tracking
The chunk_grow() and chunk_copy() functions weren't adjusting the
memory totals properly.

Bugfix not on any released Tor version.
2014-02-12 12:37:41 -05:00
Nick Mathewson
d3fb846d8c Split crypto_global_init() into pre/post config
It's increasingly apparent that we want to make sure we initialize our
PRNG nice and early, or else OpenSSL will do it for us.  (OpenSSL
doesn't do _too_ bad a job, but it's nice to do it ourselves.)

We'll also need this for making sure we initialize the siphash key
before we do any hashes.
2014-02-12 12:04:07 -05:00
Nick Mathewson
0e97c8e23e Siphash-2-4 is now our hash in nearly all cases.
I've made an exception for cases where I'm sure that users can't
influence the inputs.  This is likely to cause a slowdown somewhere,
but it's safer to siphash everything and *then* look for cases to
optimize.

This patch doesn't actually get us any _benefit_ from siphash yet,
since we don't really randomize the key at any point.
2014-02-12 11:32:10 -05:00
Nick Mathewson
2c0088b8aa Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-12 09:17:11 -05:00
Nick Mathewson
d6e6eaba60 Fix windows compilation of e0c8031516
There is no WSAEPERM; we were implying that there was.This fixes a
bug in e0c8031516, which hadn't yet
appeared in any released Tor.
2014-02-12 09:16:22 -05:00
Karsten Loesing
74c2bff781 Remove remaining v0 hidden service descriptor code.
Fixes the rest of #10841 after #10881 already removed some hidden service
authority code.
2014-02-12 14:36:08 +01:00
Nick Mathewson
0ee449ca92 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-11 18:58:58 -05:00
Nick Mathewson
91d4bb0b00 Merge branch 'bug10777_netunreach_024' into maint-0.2.4 2014-02-11 18:57:55 -05:00
Nick Mathewson
8836c1ee2f Merge remote-tracking branch 'public/bug10777_nointernal_024' into maint-0.2.4 2014-02-11 18:55:26 -05:00
Nick Mathewson
10d4d3e2d5 Merge remote-tracking branch 'public/no_itime_queue_025' 2014-02-11 11:52:35 -05:00
Nick Mathewson
5e0cdc5ef2 Merge branch 'bug10881' 2014-02-11 11:42:06 -05:00
Nick Mathewson
ce450bddb7 Remove TunnelDirConns and PreferTunnelledDirConns
These options were added back in 0.1.2.5-alpha, but no longer make any
sense now that all directories support tunneled connections and
BEGIN_DIR cells.  These options were on by default; now they are
always-on.

This is a fix for 10849, where TunnelDirConns 0 would break hidden
services -- and that bug arrived, I think, in 0.2.0.10-alpha.
2014-02-11 11:10:55 -05:00
Nick Mathewson
cb065a55bd Merge remote-tracking branch 'karsten/one-dirauth' 2014-02-11 10:15:03 -05:00
Nick Mathewson
cb28fe486f Merge remote-tracking branch 'public/bug10722' 2014-02-11 10:08:58 -05:00
Nick Mathewson
c0483c7f85 Remove options for configuring HS authorities.
(There is no longer meaningfully any such thing as a HS authority,
since we stopped uploading or downloading v0 hs descriptors in
0.2.2.1-alpha.)

Implements #10881, and part of #10841.
2014-02-10 22:41:52 -05:00
Roger Dingledine
dd3f2f6332 fix trivial typo 2014-02-10 16:05:35 -05:00
Nick Mathewson
e0c8031516 make EACCES survivable too. 2014-02-10 15:06:10 -05:00
Nick Mathewson
5b55e0e181 Merge remote-tracking branch 'public/no_itime_queue'
The conflicts here were tricky, and required me to eliminate the
command-queue as well.  That wasn't so hard.

Conflicts:
	src/or/or.h
	src/or/relay.c
2014-02-10 15:04:23 -05:00
Nick Mathewson
3133cde3c1 Excise the insertion_time_elem_t logic
It's now redundant with the inserted_time field in packed_cell_t

Fixes bug 10870.
2014-02-10 13:55:27 -05:00
Nick Mathewson
a73b0da653 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-09 21:41:59 -05:00
Nick Mathewson
b15f75b632 Don't treat END_STREAM_REASON_INTERNAL as total circuit failure
It can happen because we sent something that got an ENETUNREACH
response.

Bugfix on 0.2.4.8-alpha; fixes a part of bug 10777.
2014-02-09 21:35:14 -05:00
Nick Mathewson
f5d32c08ba Call ENETUNREACH a case of NOROUTE, not a case of INTERNAL.
Found by cypherpunks; fix for a part of bug 10777; bugfix on 0.1.0.1-rc.
2014-02-09 21:30:23 -05:00
Andrea Shepard
c330d63ff7 Make sure orconn->chan gets nulled out when channels exit from channel_free_all() too 2014-02-08 14:05:51 -08:00
Karsten Loesing
ebe7e22045 Suppress warning in networks with only 1 dirauth. 2014-02-08 11:02:27 +01:00
Nick Mathewson
f1682a615f Merge remote-tracking branch 'houqp/hs_control_fix' 2014-02-07 12:22:56 -05:00
Nick Mathewson
040b478692 Remove a needless check in channel_tls_handle_incoming
This patch removes an "if (chan)" that occurred at a place where
chan was definitely non-NULL.  Having it there made some static
analysis tools conclude that we were up to shenanigans.

This resolves #9979.
2014-02-07 12:01:16 -05:00
Nick Mathewson
ef4eb823f3 Merge the circuit_{free,clear}_cpath functions
(Based on a suggestion by arma at #9777)
2014-02-07 10:50:06 -05:00
Nick Mathewson
babbd3ff08 Merge remote-tracking branch 'public/feature9777_024_squashed'
Conflicts:
	src/or/circuitbuild.c
2014-02-07 10:47:34 -05:00
Nick Mathewson
1068e50aec Discard circuit paths on which nobody supports ntor
Right now this accounts for about 1% of circuits over all, but if you
pick a guard that's running 0.2.3, it will be about 6% of the circuits
running through that guard.

Making sure that every circuit has at least one ntor link means that
we're getting plausibly good forward secrecy on every circuit.

This implements ticket 9777,
2014-02-07 10:45:34 -05:00
Nick Mathewson
372adfa09a Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-07 10:38:24 -05:00
Andrea Shepard
707c1e2e26 NULL out conns on tlschans when freeing in case channel_run_cleanup() is late; fixes bug 9602 2014-02-06 14:47:34 -08:00
Nick Mathewson
b4e8d8dc0e Merge remote-tracking branch 'public/bug9716_024' into maint-0.2.4 2014-02-06 16:29:08 -05:00
Nick Mathewson
075482ff80 Merge remote-tracking branch 'public/bug10543_024_v2' 2014-02-06 16:25:26 -05:00
Nick Mathewson
dffac251f1 Make the handling for usable-exit counting handle ExitNodes better
It's possible to set your ExitNodes to contains only exits that don't
have the Exit flag.  If you do that, we'll decide that 0 of your exits
are working.  Instead, in that case we should look at nodes which have
(or which might have) exit policies that don't reject everything.

Fix for bug 10543; bugfix on 0.2.4.10-alpha.
2014-02-06 16:24:08 -05:00
Qingping Hou
0fbe7f3188 remove node_describe_by_id() function
This function is not used anymore
2014-02-06 16:13:55 -05:00
Qingping Hou
bf66ff915a fix longname returned in HS_DESC control events
According to control spec, longname should not contain any spaces and is
consists only of identy_digest + nickname

added two functions:
* node_get_verbose_nickname_by_id()
* node_describe_longname_by_id()
2014-02-06 16:13:55 -05:00
Nick Mathewson
1b93e3c6d9 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	changes/bug10485
	src/or/rephist.c
	src/or/status.c
2014-02-06 13:27:04 -05:00
Nick Mathewson
655adbf667 Add a missing include 2014-02-06 13:25:36 -05:00
Nick Mathewson
edc6fa2570 Deliver circuit handshake counts as part of the heartbeat
Previously, they went out once an hour, unconditionally.

Fixes 10485; bugfix on 0.2.4.17-rc.
2014-02-06 13:03:01 -05:00
Nick Mathewson
dafed84dab Fixes for bug4645 fix. 2014-02-03 14:31:31 -05:00
rl1987
e82e772f2b Using proper functions to create tor_addr_t. 2014-02-03 14:20:24 -05:00
rl1987
3a4b24c3ab Removing is_internal_IP() function. Resolves ticket 4645. 2014-02-03 14:20:17 -05:00
Nick Mathewson
5991f9a156 TransProxyType replaces TransTPROXY option
I'm making this change now since ipfw will want its own option too,
and proliferating options here isn't sensible.

(See #10582 and #10267)
2014-02-03 13:56:19 -05:00
Karsten Loesing
00ec6e6af0 More fixes to rip out all of the v2 directory code.
(This was a squash commit, but I forgot to squash it. Sorry! --Nick)
2014-02-03 13:34:30 -05:00
rl1987
881c7c0f7d 10365: Close connections if the VERSIONS cell has an odd length.
Fixes issue 10365.
2014-02-03 13:14:27 -05:00
Nick Mathewson
f96400d9df bug10449: a dying owning controller makes Tor exit immediately
If you want a slow shutdown, send SIGNAL SHUTDOWN.

(Why not just have the default be SIGNAL QUIT?  Because this case
should only happen when an owning controller has crashed, and a
crashed controller won't be able to give the user any "tor is
shutting down" feedback, and so the user gets confused for a while.
See bug 10449 for more info)
2014-02-03 12:54:06 -05:00
Nick Mathewson
696b484d4d Defensive programming in control_event_hs_descriptor_*
It looks to me like these functions can never get called with NULL
arguments, but better safe than sorry.
2014-02-03 12:35:35 -05:00
Nick Mathewson
fee7f25ff8 Merge remote-tracking branch 'houqp/hs_control' 2014-02-03 12:28:42 -05:00
Nick Mathewson
c6c87fb6d1 Merge remote-tracking branch 'public/bug10758' 2014-02-03 11:05:29 -05:00
Nick Mathewson
fd8947afc2 Move the friendly warning about TPROXY and root to EPERM time
I'm doing this because:
   * User doesn't mean you're running as root, and running as root
     doesn't mean you've set User.
   * It's possible that the user has done some other
     capability-based hack to retain the necessary privileges.
2014-02-02 15:45:00 -05:00
Nick Mathewson
09ccc4c4a3 Add support for TPROXY via new TransTPRoxy option
Based on patch from "thomo" at #10582.
2014-01-31 12:59:35 -05:00
Qingping Hou
29c18f5b71 add hidden service descriptor async control event 2014-01-29 22:23:57 -05:00
Nick Mathewson
3193cbe2ba Rip out all of the v2 directory code.
The remaining vestige is that we continue to publish the V2dir flag,
and that, for the controller, we continue to emit v2 directory
formats when requested.
2014-01-29 15:17:05 -05:00
Nick Mathewson
bb21d14255 Apply StrictNodes to hidden service directories early
Previously, we would sometimes decide in directory_get_from_hs_dir()
to connect to an excluded node, and then later in
directory_initiate_command_routerstatus_rend() notice that it was
excluded and strictnodes was set, and catch it as a stopgap.

Additionally, this patch preferentially tries to fetch from
non-excluded nodes even when StrictNodes is off.

Fix for bug #10722. Bugfix on 0.2.0.10-alpha (the v2 hidserv directory
system was introduced in e136f00ca). Reported by "mr-4".
2014-01-24 12:56:10 -05:00
Nick Mathewson
9be105f94b whitespace fixes 2014-01-17 12:41:56 -05:00
Nick Mathewson
85b46d57bc Check spawn_func() return value
If we don't, we can wind up with a wedged cpuworker, and write to it
for ages and ages.

Found by skruffy.  This was a bug in 2dda97e8fd, a.k.a. svn
revision 402. It's been there since we have been using cpuworkers.
2014-01-17 12:04:53 -05:00
Nick Mathewson
5c45a333c3 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/or.h

The conflicts were all pretty trivial.
2014-01-03 10:53:22 -05:00
Nick Mathewson
9030360277 Add explicit check for 0-length extend2 cells
This is harmless in the Tor of today, but important for correctness.

Fixes bug 10536; bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
2014-01-03 10:43:09 -05:00
Nick Mathewson
573ee36eae Merge remote-tracking branch 'public/bug10485' 2013-12-24 11:42:35 -05:00
Nick Mathewson
2b8962bc64 Move onion-type stats message into heartbeat
Fix for 10485. Fix on 0.2.4.17-alpha.
2013-12-24 11:41:48 -05:00
Nick Mathewson
6276cca8ce Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-22 17:26:25 -05:00
Nick Mathewson
b9f6e40ecb Fix automapping to ipv6
Bugfix on 0.2.4.7-alpha; fixes bug 10465.
2013-12-22 17:19:22 -05:00
Nick Mathewson
bbc85b18ca Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-21 21:16:06 -05:00
Nick Mathewson
b5d13d11c9 Fix a logic error in circuit_stream_is_being_handled.
When I introduced the unusable_for_new_circuits flag in
62fb209d83, I had a spurious ! in the
circuit_stream_is_being_handled loop.  This made us decide that
non-unusable circuits (that is, usable ones) were the ones to avoid,
and caused it to launch a bunch of extra circuits.

Fixes bug 10456; bugfix on 0.2.4.12-alpha.
2013-12-21 10:15:09 -05:00
Karsten Loesing
b7d8a1e141 Report complete directory request statistics on bridges.
When we wrote the directory request statistics code in August 2009, we
thought that these statistics were only relevant for bridges, and that
bridges should not report them.  That's why we added a switch to discard
relevant observations made by bridges.  This code was first released in
0.2.2.1-alpha.

In May 2012 we learned that we didn't fully disable directory request
statistics on bridges.  Bridges did report directory request statistics,
but these statistics contained empty dirreq-v3-ips and dirreq-v3-reqs
lines.  But the remaining dirreq-* lines have always been non-empty.  (We
didn't notice for almost three years, because directory-request statistics
were disabled by default until 0.2.3.1-alpha, and all statistics have been
removed from bridge descriptors before publishing them on the metrics
website.)

Proposal 201, created in May 2012, suggests to add a new line called
bridge-v3-reqs that is similar to dirreq-v3-reqs, but that is published
only by bridges.  This proposal is still open as of December 2013.

Since October 2012 we're using dirreq-v3-resp (not -reqs) lines in
combination with bridge-ips lines to estimate bridge user numbers; see
task 8462.  This estimation method has superseded the older approach that
was only based on bridge-ips lines in November 2013.  Using dirreq-v3-resp
and bridge-ips lines is a workaround.  The cleaner approach would be to
use dirreq-v3-reqs instead.

This commit makes bridges report the same directory request statistics as
relays, including dirreq-v3-ips and dirreq-v3-reqs lines.  It makes
proposal 201 obsolete.
2013-12-18 18:02:10 +01:00
Karsten Loesing
90f0358e3e Disable (Cell,Entry,ExitPort)Statistics on bridges
In 0.2.3.8-alpha we attempted to "completely disable stats if we aren't
running as a relay", but instead disabled them only if we aren't running
as a server.

This commit leaves DirReqStatistics enabled on both relays and bridges,
and disables (Cell,Entry,ExitPort)Statistics on bridges.
2013-12-18 18:01:25 +01:00
Nick Mathewson
f12d3fe9aa Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-17 13:54:02 -05:00
Nick Mathewson
561d9880f8 Merge branch 'bug10423' into maint-0.2.4 2013-12-17 13:53:11 -05:00
Nick Mathewson
adfcc1da4a Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/microdesc.c

Conflict because one change was on line adjacent to line where
01206893 got fixed.
2013-12-17 13:18:00 -05:00
Nick Mathewson
3d5154550c Merge remote-tracking branch 'public/bug10409_023' into maint-0.2.4 2013-12-17 13:15:45 -05:00
Nick Mathewson
46b3b6208d Avoid double-free on failure to dump_descriptor() a cached md
This is a fix for 10423, which was introducd in caa0d15c in 0.2.4.13-alpha.

Spotted by bobnomnom.
2013-12-17 13:12:52 -05:00
Nick Mathewson
d8cfa2ef4e Avoid free()ing from an mmap on corrupted microdesc cache
The 'body' field of a microdesc_t holds a strdup()'d value if the
microdesc's saved_location field is SAVED_IN_JOURNAL or
SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the
microdesc is SAVED_IN_CACHE.  But we weren't setting that field
until a while after we parsed the microdescriptor, which left an
interval where microdesc_free() would try to free() the middle of
the mmap().

This patch also includes a regression test.

This is a fix for #10409; bugfix on 0.2.2.6-alpha.
2013-12-16 13:06:00 -05:00
rl1987
e6590efaa7 Fix get_configured_bridge_by_addr_port_digest(.,.,NULL)
The old behavior was that NULL matched only bridges without known
identities; the correct behavior is that NULL should match all
bridges (assuming that their addr:port matches).
2013-12-09 11:22:22 -05:00
Nick Mathewson
9c048d90b6 Merge remote-tracking branch 'public/bug10131_024' 2013-12-09 11:06:20 -05:00
Nick Mathewson
c56bb30044 Remove a check in channeltls.c that could never fail.
We were checking whether a 8-bit length field had overflowed a
503-byte buffer. Unless somebody has found a way to store "504" in a
single byte, it seems unlikely.

Fix for 10313 and 9980. Based on a pach by Jared L Wong. First found
by David Fifield with STACK.
2013-12-09 11:02:34 -05:00
Nick Mathewson
23dae51976 Only update view of micrdescriptor pos if pos is fetchable.
It's conceivable (but probably impossible given our code) that lseek
could return -1 on an error; when that happens, we don't want off to
become -1.

Fixes CID 1035124.
2013-11-22 12:38:58 -05:00
Nick Mathewson
647248729f Drop the MaxMemInQueues lower limit down to 256 MB.
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.
2013-11-20 12:13:30 -05:00
Nick Mathewson
e572ec856d Rename MaxMemInCellQueues to MaxMemInQueues 2013-11-20 12:12:23 -05:00
Nick Mathewson
a406f6d0f0 doxygen comments for 10169 code 2013-11-20 12:05:36 -05:00
Nick Mathewson
eabcab2b7c Count freed buffer bytes from buffers when oom-killing circuits.
Also, aggressively clear the buffers to try to make their bytes go
away fast rather than waiting for the close-marked-connection code
to get 'em.
2013-11-20 11:57:45 -05:00
Nick Mathewson
03da9be2f1 Merge remote-tracking branch 'sysrqb/bug9859_5' 2013-11-20 11:03:37 -05:00
Nick Mathewson
a7c9d64fd6 Merge branch 'finish_prop157' 2013-11-18 13:27:06 -05:00
Nick Mathewson
ec9d88e5a2 Tweak #10162 documentation a bit 2013-11-18 13:26:58 -05:00
Nick Mathewson
bd25bda7c0 Remove 'struct timeval now' that was shadowing 'struct timeval now'.
This was a mistake in the merge commit 7a2b30fe16. It
would have made the CellStatistics code give completely bogus
results. Bug not in any released Tor.
2013-11-18 11:20:35 -05:00
Nick Mathewson
fbc20294aa Merge branch 'backtrace_squashed'
Conflicts:
	src/common/sandbox.c
	src/common/sandbox.h
	src/common/util.c
	src/or/main.c
	src/test/include.am
	src/test/test.c
2013-11-18 11:00:16 -05:00
Nick Mathewson
0cf234317f Unit tests for new functions in log.c 2013-11-18 10:43:15 -05:00
Nick Mathewson
bd8ad674b9 Add a sighandler-safe logging mechanism
We had accidentially grown two fake ones: one for backtrace.c, and one
for sandbox.c.  Let's do this properly instead.

Now, when we configure logs, we keep track of fds that should get told
about bad stuff happening from signal handlers.  There's another entry
point for these that avoids using non-signal-handler-safe functions.
2013-11-18 10:43:15 -05:00
Nick Mathewson
063bea58bc Basic backtrace ability
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure.  By default, I log
them to DataDir/stack_dump and to stderr.
2013-11-18 10:43:14 -05:00
Nick Mathewson
91ec6f7269 Have the OOM handler also count the age the data in a stream buffer 2013-11-15 18:38:52 -05:00
Nick Mathewson
7a2b30fe16 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c

Conflict changes were easy; compilation fixes required were using
using TOR_SIMPLEQ_FIRST to get head of cell queue.
2013-11-15 15:35:00 -05:00
Nick Mathewson
59f50c80d4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/or.h
	src/or/relay.c

Conflicts were simple to resolve.  More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
2013-11-15 15:29:24 -05:00
Nick Mathewson
f6e07c158f Make the dir-key-crosscert element required
In proposal 157, we added a cross-certification element for
directory authority certificates. We implemented it in
0.2.1.9-alpha.  All Tor directory authorities now generate it.
Here, as planned, make it required, so that we can finally close
proposal 157.

The biggest change in the code is in the unit test data, where some
old hardcoded certs that we made long ago have become no longer
valid and now need to be replaced.
2013-11-14 09:37:41 -05:00
Nick Mathewson
fc5a881bd3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-11-10 12:24:12 -05:00
Nick Mathewson
8bfa596c15 Fix two more DirServer mentions in log 2013-11-10 12:23:56 -05:00
Nick Mathewson
56ac75b265 Fix a wide line 2013-11-10 12:22:34 -05:00
Nick Mathewson
532f70a807 Change documentation DirServer->DirAuthority
We renamed the option, but we didn't actually fix it in the log
messages or the docs.  This patch does that.

For #10124.  Patch by sqrt2.
2013-11-10 12:21:23 -05:00
rl1987
86cfc64d45 Implementing --allow-missing-torrc CLI option. 2013-11-07 14:26:05 -05:00
Nick Mathewson
1b8ceb83c9 Improved circuit queue out-of-memory handler
Previously, when we ran low on memory, we'd close whichever circuits
had the most queued cells. Now, we close those that have the
*oldest* queued cells, on the theory that those are most responsible
for us running low on memory, and that those are the least likely to
actually drain on their own if we wait a little longer.

Based on analysis from a forthcoming paper by Jansen, Tschorsch,
Johnson, and Scheuermann. Fixes bug 9093.
2013-11-07 12:15:30 -05:00
Nick Mathewson
12dc55f487 Merge branch 'prop221_squashed_024'
Conflicts:
	src/or/or.h
2013-11-01 10:28:01 -04:00
Nick Mathewson
5de88dda0a circuit_build_failed: distinguish "got DESTROY" case
Roger spotted this on tor-dev in his comments on proposal 221.

We etect DESTROY vs everything else, since arma likes network
timeout indicating failure but not overload indicating failure.
2013-11-01 10:04:48 -04:00
Nick Mathewson
0de71bf8eb Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2013-11-01 10:04:48 -04:00
Nick Mathewson
5cc155e02a Merge remote-tracking branch 'public/bug9645' into maint-0.2.4 2013-10-31 16:09:41 -04:00
Nick Mathewson
275ab61ad4 Appease make check-spaces 2013-10-31 14:45:20 -04:00
Nick Mathewson
9bcd93a364 Merge remote-tracking branch 'public/bug10063' 2013-10-31 14:43:20 -04:00
Nick Mathewson
761ee93c69 Add missing includes for circpathbias.h 2013-10-31 14:33:34 -04:00
Nick Mathewson
8f793c38fb Move other #9731 check to start of its functions
At arma's suggestion.  Looks like I missed this one.
2013-10-31 14:29:18 -04:00
Nick Mathewson
5cba0ddfc4 Make circpathbias and circuitbuild compile.
That was the tricky part
2013-10-31 14:28:49 -04:00
Nick Mathewson
b4ebf8421a Move pathbias functions into a new file.
Does not compile yet.  This is the "no code changed" diff.
2013-10-31 14:17:49 -04:00
Nick Mathewson
96f92f2062 Move #9731 checks to start of their functions
At arma's suggestion.
2013-10-31 14:10:23 -04:00
Nick Mathewson
702c0502cf Merge remote-tracking branch 'public/bug9731' 2013-10-31 14:09:18 -04:00
Nick Mathewson
db2c2a6909 Merge remote-tracking branch 'public/bug9731b' into maint-0.2.4 2013-10-31 14:08:28 -04:00
Nick Mathewson
f6fee77375 Add some clarity and checks to cell_queue_append_packed_copy
It's not cool to have "circ may be NULL if use_stats false, but
otherwise we crash" as an undocumented API constraint. :)
2013-10-30 23:03:20 -04:00
Nick Mathewson
83d9d72bf3 Merge remote-tracking branch 'karsten/morestats5' 2013-10-30 22:53:05 -04:00
George Kadianakis
9e0ed8136a Fix an always-true assert in PT code. 2013-10-29 22:49:37 +00:00
Nick Mathewson
4b6f074df9 Merge remote-tracking branch 'public/bug5018'
Conflicts:
	src/or/entrynodes.c
2013-10-29 01:29:59 -04:00
David Fifield
2235d65240 Document that unneeded transports are ignored.
Suggested by Roger in
https://trac.torproject.org/projects/tor/ticket/5018#comment:11.
2013-10-29 01:06:03 -04:00
David Fifield
e6e6c245c8 Simplify transport_is_needed.
By Roger at
https://trac.torproject.org/projects/tor/ticket/5018#comment:11.
2013-10-29 01:05:57 -04:00
George Kadianakis
6f33dffec1 Only launch transport proxies that provide useful transports. 2013-10-29 01:05:56 -04:00
Karsten Loesing
2e0fad542c Merge branch 'morestats4' into morestats5
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/connection.h
	src/or/control.c
	src/or/control.h
	src/or/or.h
	src/or/relay.c
	src/or/relay.h
	src/test/test.c
2013-10-28 12:09:42 +01:00
Karsten Loesing
e46de82c97 squash! Pass const uint64_t pointers, document array length.
Don't cast uint64_t * to const uint64_t * explicitly.  The cast is always
safe, so C does it for us.  Doing the cast explitictly can hide bugs if
the input is secretly the wrong type.

Suggested by Nick.
2013-10-28 10:48:18 +01:00
Nick Mathewson
7578606a22 Merge remote-tracking branch 'public/bug9934_nm' 2013-10-25 12:15:31 -04:00
Nick Mathewson
f249074e41 Merge remote-tracking branch 'Ryman/bug5605' 2013-10-25 12:03:42 -04:00
Nick Mathewson
4b8282e50c Log the origin address of controller connections
Resolves 9698; patch from "sigpipe".
2013-10-25 11:52:45 -04:00
Matthew Finkel
b36f93a671 A Bridge Authority should compute flag thresholds
As a bridge authority, before we create our networkstatus document, we
should compute the thresholds needed for the various status flags
assigned to each bridge based on the status of all other bridges. We
then add these thresholds to the networkstatus document for easy access.
Fixes for #1117 and #9859.
2013-10-21 17:49:33 +00:00
Nick Mathewson
71bd100976 DROPGUARDS controller command
Implements ticket 9934; patch from "ra"
2013-10-21 13:02:25 -04:00
Nick Mathewson
17d368281a Merge remote-tracking branch 'linus/bug9206_option' 2013-10-16 11:20:43 -04:00
Nick Mathewson
7f2415683a Merge remote-tracking branch 'asn/bug9651' 2013-10-14 11:43:33 -04:00
Roger Dingledine
a26a5794a3 Merge branch 'maint-0.2.4' 2013-10-12 10:48:30 -04:00
Roger Dingledine
8f9fb63cdb be willing to bootstrap from all three of our directory guards
Also fix a bug where if the guard we choose first doesn't answer, we
would try the second guard, but once we connected to the second guard
we would abandon it and retry the first one, slowing down bootstrapping.

The fix in both cases is to treat all our initially chosen guards as
acceptable to use.

Fixes bug 9946.
2013-10-12 10:42:27 -04:00
Nick Mathewson
0546edde66 Merge branch 'bug1376' 2013-10-11 12:51:15 -04:00
Nick Mathewson
6f9584b3fd Make --version, --help, etc incremement quiet level, never decrease it
Fixes other case of #9578
2013-10-11 12:32:59 -04:00
Roger Dingledine
f96a8d5fa3 Report bootstrapping progress correctly when downloading microdescs
We had updated our "do we have enough microdescs to begin building
circuits?" logic most recently in 0.2.4.10-alpha (see bug 5956), but we
left the bootstrap status event logic at "how far through getting 1/4
of them are we?"

Fixes bug 9958; bugfix on 0.2.2.36, which is where they diverged (see
bug 5343).
2013-10-10 21:39:21 -04:00
Nick Mathewson
43f95e38ab Merge remote-tracking branch 'sysrqb/bug9950' 2013-10-10 11:27:28 -04:00
Nick Mathewson
df4693fed5 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 11:24:16 -04:00
Nick Mathewson
2c7ed0406f Merge branch 'bug9644_024' into maint-0.2.4 2013-10-10 11:23:46 -04:00
Matthew Finkel
528e3bf892 Free the smartlist after parsing csv config option
Bugfix on 1293835440, which implemented
6752: Not in any released tor.
2013-10-09 23:16:57 +00:00
Nick Mathewson
66624ded39 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c
2013-10-08 13:38:47 -04:00
Nick Mathewson
50fc8fb5c5 Merge remote-tracking branch 'public/bug9927' into maint-0.2.4 2013-10-08 13:37:13 -04:00
Nick Mathewson
b571b966f2 Tweak a comment 2013-10-08 12:18:31 -04:00
Nick Mathewson
1060688d2a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-08 12:17:14 -04:00
Nick Mathewson
7e0f1fa52a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-08 12:16:42 -04:00
Nick Mathewson
5e0404265f Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-08 12:11:37 -04:00
Nick Mathewson
0c3c47565d Merge remote-tracking branch 'public/bug9596' into maint-0.2.4 2013-10-08 12:10:47 -04:00
Nick Mathewson
63234b1839 Merge branch 'bug9922' 2013-10-08 12:03:09 -04:00
Roger Dingledine
5f13ae4b03 don't lie about bootstrap progress when clients use bridges
we were listing 50% as soon as we got a bridge's relay descriptor,
even if we didn't have any consensus, certificates, etc yet.
2013-10-08 11:50:53 -04:00
Nick Mathewson
c8c2298015 Simply route length generation code.
The old code had logic to use a shorter path length if we didn't
have enough nodes. But we don't support 2-node networks anwyay.

Fix for #9926.  I'm not calling this a bugfix on any particular
version, since a 2-node network would fail to work for you for a lot
of other reasons too, and it's not clear to me when that began, or if
2-node networks would ever have worked.
2013-10-08 11:48:33 -04:00
Nick Mathewson
c7c24785ee Generate bootstrapping status messages for microdescs too
Fix for 9927.
2013-10-08 11:32:02 -04:00
Linus Nordberg
fab8fd2c18 Add TestingDirAuthVoteGuard option for specifying relays to vote Guard on.
Addresses ticket 9206.
2013-10-07 13:33:42 +02:00
Nick Mathewson
566645b5ed Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-02 22:40:01 -04:00
Nick Mathewson
557f332957 Fix a bug in our bug 9776 fix.
By calling circuit_n_chan_done() unconditionally on close, we were
closing pending connections that might not have been pending quite for
the connection we were closing.  Fix for bug 9880.

Thanks to skruffy for finding this and explaining it patiently until
we understood.
2013-10-02 22:20:18 -04:00
Roger Dingledine
a980d844cd what is logging "above" notice? 2013-10-01 08:55:57 -04:00
Roger Dingledine
0d8632e585 fix another confusing whitespace instance 2013-09-30 01:47:24 -04:00
Roger Dingledine
2cf41cc70d fix confusing whitespace 2013-09-30 01:41:48 -04:00
Roger Dingledine
1b6ea92a57 fix whitespace in log message 2013-09-29 06:15:00 -04:00
Roger Dingledine
c902b4981b fix two cases where we were printing unsigned int as %d 2013-09-29 06:13:59 -04:00
Nick Mathewson
759de9f756 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-24 10:47:26 -04:00
Andrea Shepard
938ee9b24d Always call circuit_n_chan_done(chan, 0) from channel_closed() 2013-09-24 10:42:12 -04:00
George Kadianakis
43b9b51389 Warn when the Extended ORPort should be on but it's not. 2013-09-24 12:30:25 +01:00
Nick Mathewson
5b1c257d9a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-23 01:48:30 -04:00
Nick Mathewson
116e6af7a7 Fix a compilation warning with older gcc 2013-09-23 01:47:52 -04:00
Nick Mathewson
c4031ee847 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-21 08:55:45 -04:00
Nick Mathewson
d1dbaf2473 Relays should send timestamp in NETINFO.
This avoids skew warnings as authorities test reachability.

Fix 9798; fix not on any released Tor.
2013-09-21 08:54:42 -04:00
Roger Dingledine
99703c9b31 Merge branch 'maint-0.2.4' 2013-09-21 02:21:15 -04:00
Roger Dingledine
4f036acd27 back out most of 1d0ba9a
this was causing directory authorities to send a time of 0 on all
connections they generated themselves, which means everybody reachability
test caused a time skew warning in the log for that relay.

(i didn't just revert, because the changes file has been modified by
other later commits.)
2013-09-21 02:11:51 -04:00
Nick Mathewson
6178aaea06 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-20 11:01:10 -04:00
Nick Mathewson
fd2954d06d Round down hidden service descriptor publication times to nearest hour
Implements part of proposal 222.  We can do this safely, since
REND_CACHE_MAX_SKEW is 24 hours.
2013-09-20 11:00:27 -04:00
Nick Mathewson
accadd8752 Remove the timestamp from AUTHENTICATE cells; replace with random bytes
This isn't actually much of an issue, since only relays send
AUTHENTICATE cells, but while we're removing timestamps, we might as
well do this too.

Part of proposal 222.  I didn't take the approach in the proposal of
using a time-based HMAC, since that was a bad-prng-mitigation hack
from SSL3, and in real life, if you don't have a good RNG, you're
hopeless as a Tor server.
2013-09-20 11:00:27 -04:00
Nick Mathewson
f8b44eedf7 Get ready to stop sending timestamps in INTRODUCE cells
For now, round down to the nearest 10 minutes.  Later, eliminate entirely by
setting a consensus parameter.

(This rounding is safe because, in 0.2.2, where the timestamp mattered,
REND_REPLAY_TIME_INTERVAL was a nice generous 60 minutes.)
2013-09-20 11:00:27 -04:00
Nick Mathewson
1d0ba9a61f Stop sending the current time in client NETINFO handshakes.
Implements part of proposal 222.
2013-09-20 11:00:27 -04:00
Nick Mathewson
ee01e41937 Fix compilation with libevent 1
a9910d89 added trickery to make us work with interned strings and
seccomp; it requires libevent 2.

Fix for 9785; bug not in any released tor.
2013-09-19 20:25:05 -04:00
Nick Mathewson
7dbf66713f When freeing a cert_list_t, avoid memory leak.
We were freeing these on exit, but when we added the dl_status_map
field to them in fddb814f, we forgot to arrange for it to be freed.

I've moved the cert_list_free() code into its own function, and added
an appropriate dsmap_free() call.

Fixes bug 9644; bugfix on 0.2.4.13-alpha.
2013-09-19 12:22:49 -04:00
Nick Mathewson
67bb1a44bd Merge remote-tracking branch 'public/bug9716_024' 2013-09-19 10:50:34 -04:00
Nick Mathewson
dece40fd77 Fix an assert when disabling ORPort with accounting disabled.
The problem was that the server_identity_key_is_set() function could
return true under conditions where we don't really have an identity
key -- specifically, where we used to have one, but we stopped being a
server.

This is a fix for 6979; bugfix on 0.2.2.18-alpha where we added that
assertion to get_server_identity_key().
2013-09-18 10:26:32 -04:00
Nick Mathewson
15b9a1ff10 Correctly re-process non-option cmdline args on sighup
Whenever we had an non-option commandline arguments *and*
option-bearing commandline arguments on the commandline, we would save
only the latter across invocations of options_init_from_torrc, but
take their existence as license not to re-parse the former.  Yuck!

Incidentally, this fix lets us throw away the backup_arg[gv] logic.

Fix for bug 9746; bugfix on d98dfb3746,
not in any released Tor.  Found by Damian. Thanks, Damian!
2013-09-16 13:07:45 -04:00
Nick Mathewson
c5532889a8 Don't apply read/write buckets to cpuworker connections
Fixes bug 9731
2013-09-13 13:39:18 -04:00
Nick Mathewson
9205552daa Don't apply read/write buckets to non-limited connections
Fixes bug 9731
2013-09-13 13:37:53 -04:00
Nick Mathewson
147a0f31bd Fix a windows compilation warning from 4647 branch 2013-09-13 13:10:17 -04:00
Nick Mathewson
ccbf1cfacd Whoops; make or_state_validate conform to validate_fn_t.
Bugfix on 1293835440, which implemented
6752: Not in any released tor.
2013-09-13 12:56:14 -04:00
Nick Mathewson
25a3ae922f Merge remote-tracking branch 'Ryman/bug6384'
Conflicts:
	src/or/config.c
	src/or/main.c
2013-09-13 12:55:53 -04:00
Nick Mathewson
e35c972851 Merge branch 'bug4647_squashed' 2013-09-13 12:36:55 -04:00
Nick Mathewson
aac4f30d23 Add a --dump-config option to help testing option parsing. 2013-09-13 12:36:40 -04:00
Nick Mathewson
7972af7073 Whoops; make options_validate conform to validate_fn_t.
This just goes to show: never cast a function pointer.  Found while
testing new command line parse logic.

Bugfix on 1293835440, which implemented
6752: Not in any released tor.
2013-09-13 12:36:40 -04:00
Nick Mathewson
a6cad4db70 Add '--digests' to "that which implies --hush."
And have these various commandline options imply "hush", not "quiet",
since we like to see warnings.
2013-09-13 12:36:40 -04:00
Nick Mathewson
75d795b1d7 Disallow --hash-password with no commandline arguments.
Fixes bug 9573.

Bugfix on 59453ac6e in 0.0.9pre5, which fixed a crash in a silly way.
2013-09-13 12:36:40 -04:00
Nick Mathewson
b523167f2f Make config_parse_commandline table-driven for its list of cmdline args 2013-09-13 12:36:40 -04:00
Nick Mathewson
a1096fe180 Use commandline parser for other options
These were previously allowed only in the initial position:
  --help, -h , --version, --digests, --list-torrc-options
2013-09-13 12:36:39 -04:00
Nick Mathewson
34ec954f8e Expose commandline parser so that we can use it for --quiet,etc.
Fix for bug 9578.
2013-09-13 12:36:39 -04:00
Cristian Toader
d98dfb3746 Patch for 4647 (rewrite command line parser) 2013-09-13 12:36:26 -04:00
Nick Mathewson
e0b2cd061b Merge remote-tracking branch 'ctoader/gsoc-cap-stage2'
Conflicts:
	src/common/sandbox.c
2013-09-13 12:31:41 -04:00
Karsten Loesing
b43a37bc5b Pass const uint64_t pointers, document array length.
Suggested by nickm.
2013-09-12 10:51:55 +02:00
Karsten Loesing
d5f0d792dd Pass around const struct timeval * instead of struct timeval.
Suggested by nickm.
2013-09-12 10:10:38 +02:00
Karsten Loesing
6553bdde8c Don't format cell stats for unattached circuits. 2013-09-12 09:21:13 +02:00
Nick Mathewson
a2754d418d Try using INT_MAX, not SOMAXCONN, to set listen() backlog.
Fall back to SOMAXCONN if INT_MAX doesn't work.

We'd like to do this because the actual maximum is overrideable by the
kernel, and the value in the header file might not be right at all.
All implementations I can find out about claim that this is supported.

Fix for 9716; bugfix on every Tor.
2013-09-11 13:30:45 -04:00
Nick Mathewson
4e00625bbe Build correctly with older libevents 2013-09-09 15:29:19 -04:00
Nick Mathewson
00fd0cc5f9 Basic compilation fixes. 2013-09-09 14:55:47 -04:00
Nick Mathewson
c7113e702b Merge remote-tracking branch 'public/bug9645' 2013-09-05 09:59:07 -04:00
Roger Dingledine
86907ea4db Merge branch 'maint-0.2.4' 2013-09-05 02:34:58 -04:00
Roger Dingledine
2c877d2da4 collect and log statistics about onionskins received/processed
we skip onionskins that came from non-relays, so we're less likely to
run into privacy troubles.

starts to implement ticket 9658.
2013-09-05 01:44:52 -04:00
Roger Dingledine
f51add6dbc Revert e443beff and solve it a different way
Now we explicitly check for overflow.

This approach seemed smarter than a cascade of "change int to unsigned
int and hope nothing breaks right before the release".

Nick, feel free to fix in a better way, maybe in master.
2013-09-05 01:41:07 -04:00
Roger Dingledine
e443beffeb don't let recently_chosen_ntors overflow
with commit c6f1668d we let it grow arbitrarily large.

it can still overflow, but the damage is very small now.
2013-09-05 01:27:46 -04:00
Roger Dingledine
6156887adf Merge branch 'maint-0.2.4'
Conflicts:
	src/test/test.c
2013-09-04 23:44:39 -04:00
Roger Dingledine
c6f1668db3 nickm wants us to prioritize tap in a currently-rare edge case 2013-09-04 23:21:46 -04:00
Roger Dingledine
a4400952ee Be more general in calculating expected onion queue processing time
Now we consider the TAP cells we'll process while draining the NTor
queue, and vice versa.
2013-09-04 23:21:45 -04:00
Roger Dingledine
a66791230f let the NumNTorsPerTAP consensus param override our queue choice 2013-09-04 23:21:45 -04:00
Roger Dingledine
7acc7c3dc6 do a lopsided round-robin between the onion queues
that way tap won't starve entirely, but we'll still handle ntor requests
quicker.
2013-09-04 23:21:45 -04:00
Roger Dingledine
16b5c609a4 check bounds on handshake_type more thoroughly 2013-09-04 23:21:45 -04:00
Roger Dingledine
9d2030e580 add info-level logs to help track onion queue sizes 2013-09-04 23:21:45 -04:00
Roger Dingledine
bb32bfa2f2 refactor and give it unit tests 2013-09-04 23:21:45 -04:00
Roger Dingledine
87a18514ef Separate cpuworker queues by handshake type
Now we prioritize ntor create cells over tap create cells.

Starts to address ticket 9574.
2013-09-04 23:21:45 -04:00
Nick Mathewson
d5e9573ed2 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/circuituse.c
2013-09-04 16:11:20 -04:00
Nick Mathewson
a60d21a85d Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/circuitbuild.c
2013-09-04 16:08:02 -04:00
Nick Mathewson
4f3dbb3c0a use !cbt_disabled in place of LearnCBT to avoid needless circs
This would make us do testing circuits "even when cbt is disabled by
consensus, or when we're a directory authority, or when we've failed
to write cbt history to our state file lately." (Roger's words.)

This is a fix for 9671 and an improvement in our fix for 5049.
The original misbehavior was in 0.2.2.14-alpha; the incomplete
fix was in 0.2.3.17-beta.
2013-09-04 15:54:05 -04:00
Nick Mathewson
264aa271a7 Fix bug 9645: don't forget an md just because we can't save it. 2013-09-03 14:25:01 -04:00
Nick Mathewson
5c9008e0b0 Fix some "ISO C90 forbids mixed declarations and code" warnings 2013-09-03 13:39:31 -04:00
Nick Mathewson
eb5f22eff2 Merge remote-tracking branch 'Ryman/bug4341' 2013-09-03 13:16:22 -04:00
Kevin Butler
db318dc77f Minor changes to adhere to codebase conventions. 2013-09-03 17:47:03 +01:00
Nick Mathewson
270b4f030a Handle HTTP minor versions greater than 9
(In practice they don't exist, but so long as we're making changes for
standards compliance...)

Also add several more unit tests for good and bad URL types.
2013-09-03 11:38:15 -04:00
Kevin Butler
5327605caa Tougher validation for parsing urls from HTTP headers. Fixes #2767. 2013-09-03 01:14:43 +01:00
Kevin Butler
b336e8c74e No longer writing control ports to file if updating reversible options fail. Fixes #5605. 2013-09-02 19:25:08 +01:00
Cristian Toader
fe6e2733ab added contingency message to test for sandbox_getaddrinfo 2013-09-02 12:16:02 +03:00
Cristian Toader
1ef0b2e1a3 changed how sb getaddrinfo works such that it supports storing multiple results 2013-09-02 11:44:04 +03:00
Kevin Butler
6e17fa6d7b Added --library-versions flag to print the compile time and runtime versions of libevent, openssl and zlib. Partially implements #6384. 2013-09-01 17:38:01 +01:00
Kevin Butler
1bdb391ed0 Added no_tempfile parameter to write_chunks_to_file to do non-atomic writes. Implements #1376. 2013-09-01 00:24:07 +01:00
Kevin Butler
bb69bf8882 Changed signature for check_nickname_list to remove warnings on free. 2013-08-31 05:14:48 +01:00
Kevin Butler
0513643317 MyFamily option will now fix fingerprints missing their leading instead of complaining. Should fix #4341. 2013-08-31 04:49:04 +01:00
Cristian Toader
d5f43b5254 _array filter functions now rely on final NULL parameter 2013-08-29 15:42:30 +03:00
Cristian Toader
b1f7105506 supporting /dev/urandom instead of /dev/random 2013-08-29 15:22:14 +03:00
Cristian Toader
148c6dc473 updated open syscall strings 2013-08-26 21:19:22 +03:00
Nick Mathewson
a5f6cb908c Increase POLICY_BUF_LEN to 72 to accomodate IPv6 exit policy items.
Fixes bug 9596; bugfix on 0.2.4.7-alpha.
2013-08-26 11:30:09 -04:00
Nick Mathewson
00bcc25d05 Cleanup whitespaces 2013-08-25 12:22:20 -04:00
Nick Mathewson
078d6bcda5 Basic unit test for EVENT_TRANSPORT_LAUNCHED 2013-08-25 11:29:03 -04:00
Nick Mathewson
69312c7a84 Widen event_mask_t to 64 bits 2013-08-25 10:46:53 -04:00
George Kadianakis
6dd462e8bc Implement the TRANSPORT_LAUNCHED control port event. 2013-08-25 10:37:03 -04:00
Nick Mathewson
2452302354 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-08-25 00:34:23 -04:00
Nick Mathewson
8611195a00 Merge remote-tracking branch 'public/bug9546_023_v2' into maint-0.2.3 2013-08-25 00:32:27 -04:00
Nick Mathewson
4107ddd003 Merge remote-tracking branch 'public/bug9546_v2' into maint-0.2.4 2013-08-25 00:31:51 -04:00
Nick Mathewson
1ee1c8fb4f Merge remote-tracking branch 'public/bug9366' into maint-0.2.4 2013-08-25 00:29:49 -04:00
Nick Mathewson
3727a978b8 Merge remote-tracking branch 'public/bug9543' into maint-0.2.4 2013-08-25 00:29:06 -04:00
Roger Dingledine
0fd8f5781b fix typos 2013-08-23 21:43:57 -04:00
Nick Mathewson
223c7da080 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-08-22 20:47:23 -04:00
Nick Mathewson
43f187ec2e Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-08-22 20:47:10 -04:00
Nick Mathewson
8920fc5457 Hide the contents of the circuit_build_times structure.
There were only two functions outside of circuitstats that actually
wanted to know what was inside this.  Making the structure itself
hidden should help isolation and prevent us from spaghettifying the
thing more.
2013-08-22 10:15:57 -04:00
Nick Mathewson
79cad08b4f Documentation for new cbt accessors 2013-08-22 10:15:56 -04:00
Nick Mathewson
775c491502 Separate mutable/const accessors for circuit_build_times
(These have proved invaluable for other global accessors.)
2013-08-22 10:15:56 -04:00
Nick Mathewson
e1c9b43b8e Rename get_circuit_nbuild_* to end with _ms 2013-08-22 10:15:56 -04:00
vagrant
4834641dce Make circ_times static and add accessor functions.
Change the global circ_times to a static variable and use
accessor functions throughout the code, instead of
accessing it directly.
2013-08-22 10:15:56 -04:00
Nick Mathewson
2530c84220 Replace return with continue in update_consensus_networkstatus_downloads
Fix for bug 9564; bugfix on 0.2.3.14-alpha.
2013-08-22 10:00:37 -04:00
Nick Mathewson
71ec90fdc8 Tweak/cleanup 5526 fix. 2013-08-21 13:41:53 -04:00
Peter Retzlaff
a337d4b7cb Print accounting information in heartbeat messages.
Implements ticket 5526.
2013-08-21 13:26:57 -04:00
Nick Mathewson
af7970b6bc Add a 30-day maximum on user-supplied MaxCircuitDirtiness
Fix for bug 9543.
2013-08-21 11:35:00 -04:00
Nick Mathewson
cbc53a2d52 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:29:19 -04:00
Nick Mathewson
940cef3367 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:28:58 -04:00
Nick Mathewson
0daa26a473 Send NETINFO on receiving a NETINFO if we have not yet sent one.
(Backport to Tor 0.2.3)

Relays previously, when initiating a connection, would only send a
NETINFO after sending an AUTHENTICATE.  But bridges, when receiving a
connection, would never send AUTH_CHALLENGE.  So relays wouldn't
AUTHENTICATE, and wouldn't NETINFO, and then bridges would be
surprised to be receiving CREATE cells on a non-open circuit.

Fixes bug 9546.
2013-08-21 11:28:57 -04:00
Cristian Toader
bc19ea100c make check-spaces fixes 2013-08-21 17:57:15 +03:00
Nick Mathewson
1bb4a4f9bd Send NETINFO on receiving a NETINFO if we have not yet sent one.
Relays previously, when initiating a connection, would only send a
NETINFO after sending an AUTHENTICATE.  But bridges, when receiving a
connection, would never send AUTH_CHALLENGE.  So relays wouldn't
AUTHENTICATE, and wouldn't NETINFO, and then bridges would be
surprised to be receiving CREATE cells on a non-open circuit.

Fixes bug 9546.
2013-08-20 14:52:56 -04:00
Cristian Toader
a9910d89f1 finalised fix on libevent open string issue 2013-08-19 11:41:46 +03:00
Nick Mathewson
a3ffa1f76e Rename circuit_get_global_list to remove trailing _ 2013-08-15 15:37:23 -04:00
Nick Mathewson
d4634d1b72 Merge remote-tracking branch 'majek/bug9108'
Conflicts:
	src/or/circuitlist.h
2013-08-15 15:36:04 -04:00
Nick Mathewson
74262f1571 Merge branch 'bug5040_4773_rebase_3' 2013-08-15 12:04:56 -04:00
George Kadianakis
794447d03d Fix some #5040 bugs found by Nick's tests.
- Set conn->address when we receive a USERADDR command.
- Set conn->state to a sane value when we transition from Extended
  ORPort to ORPort.
2013-08-15 12:03:38 -04:00
George Kadianakis
f549e4c36d Write some free_all functions to free the auth. cookies.
We started allocating space for them on the heap in the previous
commit.

Conflicts:
	src/or/ext_orport.h
2013-08-15 12:03:38 -04:00
George Kadianakis
33c3e60a37 Implement and use a generic auth. cookie initialization function.
Use the generic function for both the ControlPort cookie and the
ExtORPort cookie.

Also, place the global cookie variables in the heap so that we can
pass them around more easily as pointers.

Also also, fix the unit tests that broke by this change.

Conflicts:
	src/or/config.h
	src/or/ext_orport.c
2013-08-15 12:03:37 -04:00
George Kadianakis
13784d4753 Warn if the Extended ORPort listens on a public IP address. 2013-08-15 12:03:37 -04:00
George Kadianakis
bdeddecd29 Better documentation for ext_or_auth_correct_client_hash. 2013-08-15 12:03:37 -04:00
Nick Mathewson
28bb673584 White-box tests for the succeeding case of ext_or_port handshake.
(Okay, white-box plus mocking enough other functions so they don't
crash.)
2013-08-15 12:03:37 -04:00
Nick Mathewson
ba78a3c800 Make 0x01==SAFECOOKIE a macro, not a magic number 2013-08-15 12:03:37 -04:00
Nick Mathewson
d7358e8598 Expose/mock some functions to make ext_orport.c testing possible 2013-08-15 12:03:37 -04:00
Nick Mathewson
4526c3e0b6 Unit test for basic ext_or_cookie authentication backend 2013-08-15 12:03:37 -04:00
Nick Mathewson
b64351ed17 Split the cryptographic part of handle_client_auth_nonce into new fn 2013-08-15 12:03:36 -04:00
George Kadianakis
e1d1d7a8da Fix some ext_orport.c DOCDOCs. 2013-08-15 12:03:36 -04:00
Nick Mathewson
03e3881043 Tests for connection_write_ext_or_command. 2013-08-15 12:03:36 -04:00
Nick Mathewson
c342ea9879 Unit tests for ext_or_id_map. 2013-08-15 12:03:36 -04:00
Nick Mathewson
7da59721a9 Unit tests for fetch_ext_or_cmd 2013-08-15 12:03:36 -04:00
Nick Mathewson
9d8ffa91ce Add a clientmap_entry_free().
Remove a nedless strdup/free pair.
2013-08-15 12:03:36 -04:00
Nick Mathewson
34d02484c0 Fix hash functions for transport_name in client entry 2013-08-15 12:03:35 -04:00
Nick Mathewson
50136b6698 Use memdup_nulterm and check for NULs in handle_cmd_transport 2013-08-15 12:03:35 -04:00
Nick Mathewson
550af7be0a Fix a variety of issues in 4773
memwipe some stack-allocated stuff
Add DOCDOC comments for state machines
Use memdup_nulterm as appropriate
Check for NULs in useraddr
Add a macro so that <= AUTH_MAX has a meaning.
2013-08-15 12:03:35 -04:00
Nick Mathewson
6dd8ff0ad9 Break up <??> differently, and explain why 2013-08-15 12:03:35 -04:00
Nick Mathewson
e4a241af11 Add guards to ext_orport.h, rename get_file to get_file_name 2013-08-15 12:03:34 -04:00
Nick Mathewson
6568424410 Use only uintptr_t for the value of transport_count 2013-08-15 12:03:34 -04:00
George Kadianakis
6ad535e6dc If a single client connects with multiple transports, note all transports. 2013-08-15 12:03:34 -04:00
George Kadianakis
cb54e44587 Fix a number of issues with the #5040 code.
- Don't leak if a transport proxy sends us a TRANSPORT command more
  than once.

- Don't use smartlist_string_isin() in geoip_get_transport_history().
  (pointed out by Nick)

- Use the 'join' argument of smartlist_join_strings() instead of
  trying to write the separator on our own.
  (pointed out by Nick)

- Document 'ext_or_transport' a bit better.
  (pointed out by Nick)

- Be a bit more consistent with the types of the values of 'transport_counts'.
  (pointed out by Nick)
2013-08-15 12:03:34 -04:00
George Kadianakis
b2c7379aec Make check-spaces happy. 2013-08-15 12:03:34 -04:00
Cristian Toader
e2a7b484f4 partial libevent open fix 2013-08-14 23:03:38 +03:00
Cristian Toader
8a85a48b9d attempt to add stat64 filename filters; failed due to getaddrinfo.. 2013-08-12 21:14:43 +03:00
Nick Mathewson
4361795145 Merge remote-tracking branch 'asn/bug9363_take2' 2013-08-12 09:46:54 -04:00
Roger Dingledine
49fd76be05 Merge branch 'maint-0.2.4' 2013-08-10 18:30:20 -04:00
Nick Mathewson
d5cfbf96a2 Fix an uninitialized-read when parsing v3 introduction requests.
Fortunately, later checks mean that uninitialized data can't get sent
to the network by this bug.  Unfortunately, reading uninitialized heap
*can* (in some cases, with some allocators) cause a crash if you get
unlucky and go off the end of a page.

Found by asn.  Bugfix on 0.2.4.1-alpha.
2013-08-10 17:49:51 -04:00
Cristian Toader
44a4464cf6 fixed memory leak, added array filter support 2013-08-10 18:04:48 +03:00
Cristian Toader
89b39db003 updated filters to work with orport 2013-08-09 19:07:20 +03:00
Cristian Toader
b3a8c08a92 orport progress (not functional), nickm suggested fixes 2013-08-07 13:13:12 +03:00
George Kadianakis
0c4baa016f Also test that server transports get written to Tor's state. 2013-08-05 21:05:39 +03:00
Nick Mathewson
b9f9110ac7 Don't allow all ORPort values to be NoAdvertise
Fix for bug #9366
2013-08-05 12:14:48 -04:00
Cristian Toader
356b646976 added execve and multi-configuration support 2013-08-05 15:40:23 +03:00
Cristian Toader
d897690fc7 fixes suggested by nickm 2013-08-05 14:17:46 +03:00
Arlo Breault
506a01bda8 Use size_t for length in replaycache_add_test_and_elapsed()
For consistency with the rest of buffer lengths in Tor.

See #8960
2013-08-04 09:29:22 -04:00
Peter Retzlaff
ebd4ab1506 Prepare patch for ticket 5129 for merging.
- Preserve old eventdns code.
- Add function to close sockets cross-platform, without accounting.
- Add changes/ file.
2013-08-02 09:35:24 -04:00
Nick Mathewson
83a859e24c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-31 21:49:30 -04:00
Nick Mathewson
0a0f93d277 Merge remote-tracking branch 'arma/bug9354' into maint-0.2.4 2013-07-31 21:48:48 -04:00
George Kadianakis
5a5147dd2e Fix invalid-read when a managed proxy configuration fails. 2013-07-31 13:56:07 -04:00
Nick Mathewson
904a58d10f Merge branch 'bug9288_rebased'
Conflicts:
	src/test/test_pt.c
2013-07-31 13:51:15 -04:00
Nick Mathewson
22a074caa7 Update pt/configure_proxy until it stops segfaulting 2013-07-31 13:34:16 -04:00
George Kadianakis
99bb6d2937 Modifications to transports.c for the unit tests to work.
Both 'managed_proxy_list' and 'unconfigured_proxies_n' are global
src/or/transports.c variables that are not initialized properly when
unit tests are run.
2013-07-31 13:34:16 -04:00
George Kadianakis
aaf79eb4d3 Write unit tests for configure_proxy(). 2013-07-31 13:34:16 -04:00
George Kadianakis
6e40806025 Fix invalid-read when a managed proxy configuration fails. 2013-07-31 13:34:16 -04:00
Cristian Toader
871e5b35a8 small filter changes; openat as separate function 2013-07-30 19:25:56 +03:00
Roger Dingledine
ff6bb13c02 NumDirectoryGuards now tracks NumEntryGuards by default
Now a user who changes only NumEntryGuards will get the behavior she
expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
2013-07-30 12:05:39 -04:00
Cristian Toader
8022def6f0 added openat parameter filter 2013-07-29 16:30:39 +03:00
Cristian Toader
8f9d3da194 Investigated access4 syscall problem, small changes to filter. 2013-07-26 19:53:05 +03:00
Nick Mathewson
d5a5a6a253 Allow {,k,kilo,m,mega,g,giga,t,tera}bit{,s} in torrc
Patch from CharlieB for ticket #9214
2013-07-26 16:07:11 +02:00
Nick Mathewson
221a0159b8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-26 15:42:10 +02:00
Nick Mathewson
11f1b7d9df Avoid assertion failure on unexepcted address family in DNS reply.
Fixes bug 9337; bugfix on 0.2.4.7-alpha.
2013-07-26 15:33:46 +02:00
Cristian Toader
626a2b23de integrated context for dynamic filters 2013-07-25 14:08:02 +03:00
Cristian Toader
3dfe1c0639 initia stages of runtime dynamic filters 2013-07-25 13:25:20 +03:00
Nick Mathewson
5d4b5018be Fix bug9309, and n_noncanonical count/continue code
When we moved channel_matches_target_addr_for_extend() into a separate
function, its sense was inverted from what one might expect, and we
didn't have a ! in one place where we should have.

Found by skruffy.
2013-07-23 05:16:56 -07:00
Cristian Toader
c15d09293b added experimental support for open syscall path param 2013-07-23 14:01:53 +03:00
Nick Mathewson
1d2e8020b7 Fix bug9309, and n_noncanonical count/continue code
When we moved channel_matches_target_addr_for_extend() into a separate
function, its sense was inverted from what one might expect, and we
didn't have a ! in one place where we should have.

Found by skruffy.
2013-07-23 11:52:10 +02:00
Nick Mathewson
18845c5507 Initialize destroy_cell_queue.
Likely fix for the crash bug of #9296, which was introduced through a
combination of #7912 and #8586.  Bugfix not in any released Tor.
2013-07-19 09:49:35 -04:00
Nick Mathewson
e1d3b44495 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-18 23:17:57 -04:00
Nick Mathewson
17a960734a Merge remote-tracking branch 'public/bug9295_023' into maint-0.2.4 2013-07-18 23:17:05 -04:00
Nick Mathewson
5977435629 tmp 2013-07-18 23:08:36 -04:00
George Kadianakis
05306ad74f Write extra-info bridge-ip-transports lines. 2013-07-18 14:59:57 -04:00
George Kadianakis
e765d6ed84 Make a channel getter method to retrieve transport names. 2013-07-18 14:59:57 -04:00
George Kadianakis
0ec4e5a698 Add transport information to the GeoIP database. 2013-07-18 14:59:57 -04:00
George Kadianakis
210210f219 Make the Extended ORPort understand the TRANSPORT command. 2013-07-18 14:59:56 -04:00
George Kadianakis
895709db07 Fix logging severities and remove some trivial XXXs. 2013-07-18 14:59:56 -04:00
George Kadianakis
c46f1b810d More Extended ORPort code improvements.
* Change name of init_ext_or_auth_cookie_authentication().
* Add a small comment.
2013-07-18 14:59:56 -04:00
George Kadianakis
d8f74cc439 Move Extended ORPort code to its own module.
Move the code from the connection_or module to ext_orport.

This commit only moves code: it shouldn't modify anything.
2013-07-18 14:59:56 -04:00
George Kadianakis
2207525a69 Satisfy check-spaces. 2013-07-18 14:59:56 -04:00
George Kadianakis
e2e0d09dab Various Extended ORPort code improvements.
* Add documentation.
* Free ext_or_auth_correct_client_hash.
* Use VPORT(ExtORPort) instead of V(ExtORPOrt).
  See dfe03d36c8 for details.
2013-07-18 14:59:56 -04:00
George Kadianakis
85b7c73168 Move USERADDR handling to a dedicated function. 2013-07-18 14:59:56 -04:00
George Kadianakis
4a55e39997 Implement Extended ORPort authentication. 2013-07-18 14:59:56 -04:00
George Kadianakis
93b9f85d41 Prepare codebase for the implementation of Extended ORPort auth. 2013-07-18 14:59:56 -04:00
George Kadianakis
d303228eca Create the Extended ORPort authentication cookie file. 2013-07-18 14:59:55 -04:00
George Kadianakis
ba30d635c5 Document code and change the Extended ORPort command numbers. 2013-07-18 14:59:55 -04:00
Nick Mathewson
8bf0382b22 Skeleton ExtORPort implementation. Needs testing, documentation.
Does not implement TransportControlPort yet.
2013-07-18 14:59:55 -04:00
Nick Mathewson
f45e1fbd5b Start of a unit test for options_validate.
I added this so I could write a unit test for ServerTransportOptions,
but it incidentally exercises the succeed-on-defaults case of
options_validate too.
2013-07-18 14:40:12 -04:00
Nick Mathewson
1e78100b25 Add a test for n_cells_in_circuit_queues 2013-07-18 11:23:45 -04:00
Nick Mathewson
ae64197195 Unit tests for cell queues.
This removes some INLINE markers from functions that probably didn't
need them.
2013-07-18 11:23:45 -04:00
Nick Mathewson
1047e7dcb0 Use TOR_SIMPLEQ for packed_cell_t 2013-07-18 11:23:45 -04:00
Nick Mathewson
27ec1fafe4 Remove a redundant declaration 2013-07-18 08:56:02 -04:00
Nick Mathewson
d7ccb6a3b1 Merge branch 'bug8978_rebase_2'
Conflicts:
	src/test/test_pt.c
2013-07-18 08:48:20 -04:00
Nick Mathewson
b551988ef4 Merge branch 'bug8929_rebase_2' 2013-07-18 08:45:13 -04:00
Nick Mathewson
8a01a7c35b Improve test coverage of 8929 code 2013-07-18 08:45:03 -04:00
George Kadianakis
c71809d403 Insert the environment variable only if we have options to pass. 2013-07-18 08:45:03 -04:00
George Kadianakis
1ee3a0cf44 Place the options in the environment after processing them properly. 2013-07-18 08:45:03 -04:00
George Kadianakis
1a0cf08841 Rename tor_escape_str_for_socks_arg() to something more generic.
Since we are going to be using that function to also escape parameters
passed to transport proxies using environment variables.
2013-07-18 08:45:03 -04:00
George Kadianakis
ea72958f25 Pass characters to be escaped to tor_escape_str_for_socks_arg().
This is in preparation for using tor_escape_str_for_socks_arg() to
escape server-side pluggable transport parameters.
2013-07-18 08:45:02 -04:00
George Kadianakis
08d9807125 Write function that parses ServerTransportOptions torrc lines.
And use it to validate them.
2013-07-18 08:45:02 -04:00
Nick Mathewson
e02b6b99f2 Add a basic unit test for pt_get_extra_info_descriptor_string. 2013-07-18 08:43:53 -04:00
George Kadianakis
924946aaaf Write transport ARGS to extra-info descriptor. 2013-07-18 08:43:52 -04:00
George Kadianakis
8bb2ba13c1 Extract ARGS from SMETHOD line and attach them to transport. 2013-07-18 08:43:52 -04:00
Nick Mathewson
f797ac465f Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-16 14:49:41 -04:00
Nick Mathewson
c36bdbd535 Re-do a cast in order to make old buggy freebsd gcc happy
Fix for #9254.  Bugfix on 0.2.4.14-alpha.

This is not actually a bug in the Tor code.
2013-07-16 14:48:12 -04:00
Andrea Shepard
9b3a166b44 Eliminate an impossible case in replaycache_scrub_if_needed_internal() 2013-07-16 06:01:50 -07:00
Nick Mathewson
55f5caf096 Appease "make check-spaces" 2013-07-15 17:35:56 -04:00
Nick Mathewson
c0391bae75 Merge remote-tracking branch 'public/fancy_test_tricks'
Conflicts:
	src/common/include.am

Conflict was from adding testsupport.h near where sandbox.h had
already been added.
2013-07-15 12:02:18 -04:00
Peter Palfrader
2cb59be999 Fix two pre-coffee typos 2013-07-15 09:43:37 -04:00
Peter Palfrader
783c52b6df Reject relative control socket paths and emit a warning.
Previously we would accept relative paths, but only if they contained a
slash somewhere (not at the end).

Otherwise we would silently not work.  Closes: #9258.  Bugfix on
0.2.3.16-alpha.
2013-07-15 09:04:17 -04:00
Roger Dingledine
6848e29307 cosmetic cleanups 2013-07-14 02:49:34 -04:00
Nick Mathewson
aac732322a Merge remote-tracking branch 'public/gsoc-ctoader-cap-phase1-squashed' 2013-07-12 17:12:43 -04:00
Nick Mathewson
14d5e7f85e Remove a bogus semicolon spotted by Gisle Vanem 2013-07-11 15:53:35 -04:00
Cristian Toader
f9c1ba6493 Add a basic seccomp2 syscall filter on Linux
It's controlled by the new Sandbox argument.  Right now, it's rather
coarse-grained, it's Linux-only, and it may break some features.
2013-07-11 09:13:13 -04:00
Nick Mathewson
ec6c155f82 Add some basic unit tests for the circuit map data structure.
These show off the new mocking code by mocking the circuitmux code
so that we can test the circuit map code in isolation.
2013-07-10 15:26:34 -04:00
Nick Mathewson
17e9fc09c3 Coverage support: build with --enable-coverage to have tests run with gcov
If you pass the --enable-coverage flag on the command line, we build
our testing binaries with appropriate options eo enable coverage
testing.  We also build a "tor-cov" binary that has coverage enabled,
for integration tests.

On recent OSX versions, test coverage only works with clang, not gcc.
So we warn about that.

Also add a contrib/coverage script to actually run gcov with the
appropriate options to generate useful .gcov files.  (Thanks to
automake, the .o files will not have the names that gcov expects to
find.)

Also, remove generated gcda and gcno files on clean.
2013-07-10 15:22:16 -04:00
Nick Mathewson
a3e0a87d95 Completely refactor how FILENAME_PRIVATE works
We previously used FILENAME_PRIVATE identifiers mostly for
identifiers exposed only to the unit tests... but also for
identifiers exposed to the benchmarker, and sometimes for
identifiers exposed to a similar module, and occasionally for no
really good reason at all.

Now, we use FILENAME_PRIVATE identifiers for identifiers shared by
Tor and the unit tests.  They should be defined static when we
aren't building the unit test, and globally visible otherwise. (The
STATIC macro will keep us honest here.)

For identifiers used only by the unit tests and never by Tor at all,
on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS.

This is not the motivating use case for the split test/non-test
build system; it's just a test example to see how it works, and to
take a chance to clean up the code a little.
2013-07-10 15:20:10 -04:00
Nick Mathewson
f7d654b81e Start work on fancy compiler tricks to expose extra stuff to our tests
This is mainly a matter of automake trickery: we build each static
library in two versions now: one with the TOR_UNIT_TESTS macro
defined, and one without.  When TOR_UNIT_TESTS is defined, we can
enable mocking and expose more functions. When it's not defined, we
can lock the binary down more.

The alternatives would be to have alternate build modes: a "testing
configuration" for building the libraries with test support, and a
"production configuration" for building them without.  I don't favor
that approach, since I think it would mean more people runnning
binaries build for testing, or more people not running unit tests.
2013-07-10 15:20:09 -04:00
Nick Mathewson
fab99844fc Merge remote-tracking branch 'origin/maint-0.2.4' 2013-07-08 11:35:48 -04:00
Nick Mathewson
b34279d3ab Add a comment and a check for why flag indices will be <= 63 2013-07-08 11:35:06 -04:00
Nick Mathewson
15cd79f832 FIx undefined behavior in dirvote.c
Fix a bug in the voting algorithm that could yield incorrect results
 when a non-naming authority declared too many flags. Fixes bug 9200;
 bugfix on 0.2.0.3-alpha.

Found by coverity scan.
2013-07-03 12:01:37 -04:00
Nick Mathewson
0c3d676f9e Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-29 03:51:53 -04:00
Nick Mathewson
c955149271 Give a warning when bufferevents are enabled.
Ticket 9147.
2013-06-29 03:45:40 -04:00
Nick Mathewson
cde1a2ca05 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-24 12:55:29 -04:00
Nick Mathewson
ca6aacce16 Fix bug 9122: don't allow newdefaultoptions to be NULL
(This caused a crash that was reported as bug 9122, but the underlying
behavior has been wrong for a while.)

Fix on 0.2.3.9-alpha.
2013-06-24 12:53:37 -04:00
Marek Majkowski
10480dff01 Fix #5584 - raise awareness of safer logging - warn about potentially unsafe config options 2013-06-24 11:22:34 -04:00
Marek Majkowski
1555876d5f Fix #9108 - make global_circuitlist a doubly linked list 2013-06-20 16:56:54 +01:00
Marek Majkowski
d7538b57b4 Don't access global_circuitlist variable directly. Use a getter instead. 2013-06-20 16:40:05 +01:00
Nick Mathewson
f7986269c3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-18 14:47:15 -04:00
Nick Mathewson
7c4544e5a4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-06-18 14:45:29 -04:00
Nick Mathewson
60d633c73a Fix some problems with the bug9002 fix.
Fixes bug 9090; bug not in any released Tor.
2013-06-18 11:54:57 -04:00
Nick Mathewson
b5d1fded3d Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-18 10:25:30 -04:00
Nick Mathewson
efa342f5fa Tweak bug9063_redux patch: {n_p}_chan_cells, not {n,p}_conn_cells 2013-06-18 10:25:10 -04:00
Nick Mathewson
d3063da691 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/config.c
	src/or/relay.c
2013-06-18 10:23:03 -04:00
Nick Mathewson
c37fdc2eef Merge branch 'bug9063_redux_023_squashed' into maint-0.2.3 2013-06-18 10:16:47 -04:00
Nick Mathewson
2e1fe1fcf9 Implement a real OOM-killer for too-long circuit queues.
This implements "algorithm 1" from my discussion of bug #9072: on OOM,
find the circuits with the longest queues, and kill them.  It's also a
fix for #9063 -- without the side-effects of bug #9072.

The memory bounds aren't perfect here, and you need to be sure to
allow some slack for the rest of Tor's usage.

This isn't a perfect fix; the rest of the solutions I describe on
codeable.
2013-06-18 10:15:16 -04:00
Nick Mathewson
2974c83735 Merge remote-tracking branch 'public/bug9082' 2013-06-17 11:57:55 -04:00
Nick Mathewson
0748c06f7c Fix bug 9082: avoid leak when freeing destroy cell queues
In my #7912 fix, there wasn't any code to remove entries from the
(channel, circuit ID)->circuit map corresponding to queued but un-sent
DESTROYs.

Spotted by skruffy. Fixes bug 9082; bug not in any released Tor.
2013-06-17 11:30:56 -04:00
Nick Mathewson
dc516a5436 Limit hidden service descriptors to at most 10 guard nodes.
Fixes bug 9002; bugfix on 0.1.1.11-alpha (which introduced guard
nodes), or on 0.0.6pre1 (which introduced hidden services).
2013-06-16 20:24:48 -04:00
Andrea Shepard
469bd7a3cf Merge branch 'bug9072-024' into bug9072-025 2013-06-15 02:27:23 -07:00
Andrea Shepard
9e45d940d4 Merge branch 'bug9072-023' into bug9072-024 2013-06-15 02:20:19 -07:00
Andrea Shepard
2a95f31716 Disable middle relay queue overfill detection code due to possible guard discovery attack 2013-06-15 02:16:00 -07:00
Nick Mathewson
6f5a720d15 Merge branch 'circuit_queue_cap-0.2.5-squashed'
Conflicts:
	src/or/relay.c
2013-06-14 01:50:17 -04:00
Nick Mathewson
bd6bd1c9be Fix signed/unsigned comparison warning 2013-06-14 01:41:53 -04:00
Nick Mathewson
c974582291 Increase the limit so leaky pipe might work 2013-06-14 01:40:35 -04:00
Nick Mathewson
79cdf81ec1 Increase the limit so leaky pipe might work 2013-06-14 01:37:22 -04:00
Nick Mathewson
9e8c104ab8 Increase the limit so leaky pipe might work 2013-06-14 01:35:21 -04:00
Andrea Shepard
459aada4d0 Don't queue more cells as a middle relay than the spec allows to be in flight 2013-06-13 21:59:01 -07:00
Andrea Shepard
418c2845d0 Don't queue more cells as a middle relay than the spec allows to be in flight 2013-06-13 21:53:36 -07:00
Andrea Shepard
4cce58d3c2 Don't queue more cells as a middle relay than the spec allows to be in flight 2013-06-13 21:39:04 -07:00
Nick Mathewson
483385d2bd Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-13 21:59:27 -04:00
Nick Mathewson
73ca1cf8b7 Rename networkstatus_dl_interval() -> networkstatus_dl_check_interval() 2013-06-13 12:44:46 -04:00
Nick Mathewson
45424b2ca1 Merge remote-tracking branch 'linus/bug8532' 2013-06-13 12:42:49 -04:00
Nick Mathewson
caa0d15c49 If we write the annotation but not the microdescriptor, rewind.
This fixes bug 9047 (and some parts of 9031, 8922, 8883 that weren't
fixed in 8822).  Bugfix on 0.2.2.6-alpha.
2013-06-13 12:29:01 -04:00
Nick Mathewson
4b781e24fb Merge remote-tracking branch 'public/bug7912_squashed' 2013-06-13 10:31:02 -04:00
Nick Mathewson
e61df2ec65 Fix compile warnings wrt printf formating of int64_t 2013-06-13 10:30:34 -04:00
Andrea Shepard
16f9861b22 Add destroy balance tracking and logging to circuitmux 2013-06-13 10:14:36 -04:00
Nick Mathewson
43d53e6d86 Implementation of a fix for bug 7912
I added the code to pass a destroy cell to a queueing function rather
than writing it immediately, and the code to remember that we
shouldn't reuse the circuit id until the destroy is actually sent, and
the code to release the circuit id once the destroy has been sent...
and then I finished by hooking destroy_cell_queue into the rest of
Tor.
2013-06-13 10:14:00 -04:00
Nick Mathewson
801eea03ad Code to track on a circuit whether it has a "pending" delete cell
This will be used in a fix for bug7912.
2013-06-13 10:14:00 -04:00
Nick Mathewson
2949849143 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-13 09:43:53 -04:00
Nick Mathewson
25dddf7a8f Merge remote-tracking branch 'public/bug8822' into maint-0.2.4 2013-06-13 09:40:32 -04:00
Nick Mathewson
d7d6529898 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-12 20:55:53 -04:00
Nick Mathewson
75b7cc1785 Merge remote-tracking branch 'andrea/bug8639_v3' into maint-0.2.4 2013-06-12 20:55:35 -04:00
Nick Mathewson
e602c4031b Make all consumers of microdesc_t.body tolerate NULL
This is another fix to try to mitigate recurrences of 8031/8822.
2013-06-12 12:12:11 -04:00
Nick Mathewson
f455686b77 Unmap the microdescriptor cache before replacing it.
This is a reprise of the fix in bdff7e3299d78; 6905c1f6 reintroduced
that bug.  Briefly: windows doesn't seem to like deleting a mapped
file.  I tried adding the PROT_SHARED_DELETE flag to the createfile
all, but that didn't actually fix this issue.  Fortunately, the unit
test I added in 4f4fc63fea should
prevent us from making this particular screw-up again.

This patch also tries to limit the crash potential of a failure to
write by a little bit, although it could do a better job of retaining
microdescriptor bodies.

Fix for bug 8822, bugfix on 0.2.4.12-alpha.
2013-06-12 12:04:33 -04:00
Linus Nordberg
c132427db4 Hide consensus download interval, depending on TestingTorNetwork, in a macro. 2013-06-10 23:04:20 +02:00
Nick Mathewson
c300720bfa Merge remote-tracking branch 'origin/maint-0.2.4' 2013-06-10 12:28:30 -04:00
Nick Mathewson
607b29ae1a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-06-10 12:26:39 -04:00
Nick Mathewson
77a1935339 Fix (Open?)BSD fast-connect bug with optimistic data.
There's an assertion failure that can occur if a connection has
optimistic data waiting, and then the connect() call returns 0 on the
first attempt (rather than -1 and EINPROGRESS).  That latter behavior
from connect() appears to be an (Open?)BSDism when dealing with remote
addresses in some cases. (At least, I've only seen it reported with
the BSDs under libevent, even when the address was 127.0.0.1.  And
we've only seen this problem in Tor with OpenBSD.)

Fixes bug 9017; bugfix on 0.2.3.1-alpha, which first introduced
optimistic data. (Although you could also argue that the commented-out
connection_start_writing in 155c9b80 back in 2002 is the real source
of the issue.)
2013-06-10 12:14:49 -04:00
Linus Nordberg
4d54b9774d Add support for offsetting the voting interval in order to bootstrap faster.
A new option TestingV3AuthVotingStartOffset is added which offsets the
starting time of the voting interval. This is possible only when
TestingTorNetwork is set.

This patch makes run_scheduled_events() check for new consensus
downloads every second when TestingTorNetwork, instead of every
minute. This should be fine, see #8532 for reasoning.

This patch also brings MIN_VOTE_SECONDS and MIN_DIST_SECONDS down from
20 to 2 seconds, unconditionally. This makes sanity checking of
misconfiguration slightly less sane.

Addresses #8532.
2013-06-08 15:25:32 +02:00
Andrea Shepard
ce147a2a9a When launching a resolve request on behalf of an AF_UNIX control, omit the address field of the new entry connection. Fixes bug 8639. 2013-05-31 15:35:51 -07:00
Karsten Loesing
e39292f21d Test functions used for TB_EMPTY and CELL_STATS events. 2013-05-31 16:12:28 +02:00
Nick Mathewson
97d1caadfd Start correctly when not in testing mode.
You can't use != to compare arbitary members of or_options_t.

(Also, generate a better error message to say which Testing* option
was set.)

Fix for bug 8992. Bugfix on b0d4ca49. Bug not in any released Tor.
2013-05-28 16:13:06 -04:00
Nick Mathewson
d3125a3e40 Merge remote-tracking branch 'karsten/task-6752-3' 2013-05-28 10:59:35 -04:00
Karsten Loesing
b33b366a7f Tweak CIRC_BW event based on comments by nickm.
- Rename n_read and n_written in origin_circuit_t to make it clear that
  these are only used for CIRC_BW events.
- Extract new code in control_update_global_event_mask to new
  clear_circ_bw_fields function.
2013-05-25 19:51:38 +02:00
Karsten Loesing
ef67077fba Tweak TB_EMPTY event based on comments by nickm.
- Avoid control_event_refill_global function with 13 arguments and
  increase code reuse factor by moving more code from control.c to
  connection.c.
- Avoid an unsafe uint32_t -> int cast.
- Add TestingEnableTbEmptyEvent option.
- Prepare functions for testing.
- Rename a few functions and improve documentation.
2013-05-25 19:51:38 +02:00
Karsten Loesing
26b49f525d Tweak CELL_STATS event based on comments by nickm.
- Move cell_command_to_string from control.c to command.c.
- Use accessor for global_circuitlist instead of extern.
- Add a struct for cell statistics by command instead of six arrays.
- Split up control_event_circuit_cell_stats by using two helper functions.
- Add TestingEnableCellStatsEvent option.
- Prepare functions for testing.
- Rename a few variables and document a few things better.
2013-05-25 19:51:38 +02:00
Karsten Loesing
2f893624ab Tweak CONN_BW event based on comments by nickm.
- Rename read/write counters in connection_t to make it clear that these
  are only used for CONN_BW events.
- Add TestingEnableConnBwEvent option.
2013-05-25 19:51:38 +02:00
Karsten Loesing
a84fae7892 Tweak ORCONN event based on comments by nickm.
- Move new ID= parameter in ORCONN event to end.  Avoids possible trouble
  from controllers that parse parameters by position, even though they
  shouldn't.
2013-05-25 19:51:33 +02:00
Karsten Loesing
3795f6a78b Try harder to document default_options correctly. 2013-05-25 07:33:37 +02:00
Nick Mathewson
eef42d3863 Reformat 4282 fixes a little 2013-05-24 13:37:14 -04:00
Nick Mathewson
57e4324c42 Fix a logic error in 4282 fixes
check_or_create_data_subdir has succeeded when it returns 0, not
when it returns negative.
2013-05-24 13:36:15 -04:00
Peter Retzlaff
5b7eaa3765 Extract duplicate code in geoip and rephist.
Create new methods check_or_create_data_subdir() and
write_to_data_subdir() in config.c and use them throughout
rephist.c and geoip.c.
This should solve ticket #4282.
2013-05-24 13:12:18 -04:00
Nick Mathewson
b4b0063e48 Tweak fix for #8789 a bit; avoid double-close and add changes file 2013-05-24 12:23:21 -04:00
Arlo Breault
d25e77f2c3 Close socket at err target.
In connection_listener_new().
See #8789.
2013-05-24 12:05:57 -04:00
Karsten Loesing
b0d4ca4990 Tweak #6752 patch based on comments by nickm. 2013-05-24 10:28:31 +02:00
Nick Mathewson
f5820a1bf1 Restore 8093 log messages to WARN severity, but rate limit
See #8093 for discussion
2013-05-21 14:00:30 -04:00
Nick Mathewson
feeef00a6a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-21 13:46:28 -04:00
Nick Mathewson
30c06c187a Downgrade the unexpected sendme cell warnings for 0.2.4
See discussion on #8093
2013-05-21 13:45:21 -04:00
Nick Mathewson
cb488f9973 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-20 15:59:08 -04:00
Andrea Shepard
a2e72ac04a Copy-paste description of PathBias params from man page to or.h comment 2013-05-20 12:46:00 -07:00
Nick Mathewson
382dbe9819 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-17 14:54:19 -04:00
Nick Mathewson
bc56918e5a Fix bug 8846: better log message on IP version confusion 2013-05-17 14:50:45 -04:00
Karsten Loesing
2925e2fe78 Add new CIRC_BW event. 2013-05-16 14:18:13 +02:00
Karsten Loesing
dd5ce2157d Add new TB_EMPTY event.
Jointly authored with Rob Jansen <jansen@cs.umn.edu>.
2013-05-16 14:18:08 +02:00
Karsten Loesing
c386d2d6ce Add new CELL_STATS event.
Jointly authored with Rob Jansen <jansen@cs.umn.edu>.
2013-05-16 14:17:21 +02:00
Karsten Loesing
8d1f78c556 Add new CONN_BW event.
Jointly authored with Rob Jansen <jansen@cs.umn.edu>.
2013-05-16 13:48:35 +02:00
Karsten Loesing
e54d664f7b Add connection ID to ORCONN event.
Jointly authored with Rob Jansen <jansen@cs.umn.edu>.
2013-05-16 13:48:30 +02:00
Karsten Loesing
1293835440 Lower dir fetch retry schedules in testing networks.
Also lower maximum interval without directory requests, and raise
maximum download tries.

Implements #6752.
2013-05-16 12:08:48 +02:00
Nick Mathewson
69f66b960c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-15 10:44:17 -04:00
Roger Dingledine
0bfaf86612 Fix socks5 handshake for username/password auth
The fix for bug 8117 exposed this bug, and it turns out real-world
applications like Pidgin do care. Bugfix on 0.2.3.2-alpha; fixes bug 8879.
2013-05-15 03:34:37 -04:00
Arlo Breault
88a780d899 Check the return value of memchr().
For quality-of-implementation in munge_extrainfo_into_routerinfo().
See #8791
2013-05-14 12:23:17 -04:00
Andrea Shepard
50beb81d53 Merge branch 'maint-0.2.4' 2013-05-10 21:05:34 -07:00
Andrea Shepard
aaa3a085db Merge bug5595-v2-squashed into maint-0.2.4 2013-05-10 19:39:48 -07:00
Andrea Shepard
ac73ceb728 Rephrase comment in trusted_dirs_load_certs_from_string() to reflect 5595 fix 2013-05-09 10:55:07 -07:00
Andrea Shepard
17692b2fe2 Make warning in authority_cert_dl_failed() LD_BUG per NickM code review 2013-05-09 10:55:07 -07:00
Andrea Shepard
2824bf3445 Use tor_asprintf() and clean up string handling in authority_certs_fetch_missing() 2013-05-09 10:55:02 -07:00
Andrea Shepard
c0d96bae66 Clean up ugly constants in connection_dir_download_cert_failed(), and fix a broken one 2013-05-09 10:55:02 -07:00
Andrea Shepard
7b6ee54bdc Avoid duplicate downloads by (fp,sk) and by fp for authority certs when bootstrapping 2013-05-09 10:55:01 -07:00
Andrea Shepard
fddb814fea When downloading certificates, distinguish requesting by identity digest from requesting by ID digest, signing key pair; fixes bug 5595 2013-05-09 10:55:01 -07:00
Andrea Shepard
d5bd4a4763 Implement fp_pair_map_t 2013-05-09 10:54:55 -07:00
Nick Mathewson
82ab33c9a6 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-05-09 13:20:01 -04:00
Nick Mathewson
bae5dd6c8d Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-05-09 13:14:53 -04:00
Nick Mathewson
00e2310f12 Don't run off the end of the array-of-freelists
This is a fix for bug 8844, where eugenis correctly notes that there's
a sentinel value at the end of the list-of-freelists that's never
actually checked.  It's a bug since the first version of the chunked
buffer code back in 0.2.0.16-alpha.

This would probably be a crash bug if it ever happens, but nobody's
ever reported something like this, so I'm unsure whether it can occur.
It would require write_to_buf, write_to_buf_zlib, read_to_buf, or
read_to_buf_tls to get an input size of more than 32K.  Still, it's a
good idea to fix this kind of thing!
2013-05-09 13:10:48 -04:00
Andrea Shepard
9c58905a2b Merge branch 'maint-0.2.4' into master 2013-05-07 02:24:08 -07:00
Nick Mathewson
a1d7f7ea50 Use a clearer idiom for node identity in router_counts_toward_thresholds 2013-05-05 18:55:19 -04:00
Nick Mathewson
139d367f29 Fix 8833: crash bug from using NULL node->ri in dirserv.c
It appears that moria1 crashed because of one instance of this (the
one in router_counts_toward_thresholds).  The other instance I fixed
won't actually have broken anything, but I think it's more clear this
way.

Fixes bug 8833; bugfix on 0.2.4.12-alpha.
2013-05-05 18:52:53 -04:00
Nick Mathewson
ef83db4fe8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-24 22:16:07 -04:00
Nick Mathewson
f8bb0064d6 Merge remote-tracking branch 'public/bug6026' into maint-0.2.4 2013-04-24 22:15:47 -04:00
Nick Mathewson
68ea7d24d8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-24 22:05:41 -04:00
Mike Perry
ac22bf27d7 Increase the pathbias state file miscounting version check.
We now know the bug is present in 0.2.4.12-alpha too. It should be fixed in
0.2.4.13-alpha, though.
2013-04-24 22:03:03 -04:00
Mike Perry
2170f89a93 Bug 8235: Fix scaling adjustments.
We need to subtract both the current built circuits *and* the attempted
circuits from the attempt count during scaling, since *both* have already been
counted there.
2013-04-24 22:03:02 -04:00
Nick Mathewson
6defb10d72 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-18 22:45:12 -04:00
Nick Mathewson
b933360ee8 Add a boolean to flag-thresholds for "we have enough measured bandwidth"
Implements #8711.
2013-04-18 22:43:52 -04:00
Nick Mathewson
0124b10d28 Turn on ntor by default client-side
Implements #8561.
2013-04-18 22:35:15 -04:00
Nick Mathewson
ab3d5c0490 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-18 21:42:39 -04:00
Nick Mathewson
e35ca13528 Merge remote-tracking branch 'public/bug8716_023' into maint-0.2.4 2013-04-18 21:33:53 -04:00
Nick Mathewson
1b5320bfe3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-18 11:28:11 -04:00
Nick Mathewson
06efbbb47e Merge remote-tracking branch 'public/bug8719' into maint-0.2.4 2013-04-18 11:26:54 -04:00
Nick Mathewson
da30adcf0f Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/common/crypto.c
2013-04-18 11:16:05 -04:00
Nick Mathewson
8362f8854a Merge branch 'less_charbuf_rebased' into maint-0.2.4
Conflicts:
	src/or/dirserv.c
	src/or/dirserv.h
	src/test/test_dir.c
2013-04-18 11:13:36 -04:00
Nick Mathewson
992bbd02f9 Re-enable test for parsing and generating descriptor with exit policy
Looks like I turned this off in 6ac42f5e back in 2003 and never got
around to making it work again.  There has been no small amount of
code drift.
2013-04-18 11:04:58 -04:00
Nick Mathewson
0f83fcc5c2 Add a quick-and-dirty-test for generate_v2_networkstatus.
It sure is a good thing we can run each test in its own process, or
else the amount of setup I needed to do to make this thing work
would have broken all the other tests.

Test mocking would have made this easier to write too.
2013-04-18 11:04:58 -04:00
Nick Mathewson
6706a05b79 Remove the now-unused router_get_networkstatus_v3_hash 2013-04-18 11:04:57 -04:00
Nick Mathewson
c35ef8e6e9 Test improvement: include microdesc lines in our synthetic microdesc consensuses. 2013-04-18 11:04:57 -04:00
Nick Mathewson
e1128d905c Fix a couple of documentation issues. 2013-04-18 11:04:57 -04:00
Nick Mathewson
d2d5a7dabc Remove some now-needless length defines 2013-04-18 11:04:57 -04:00
Nick Mathewson
28ef450b24 Remove RS_ENTRY_LEN
Nothing uses it any longer now that we use smartlists of strings for
stuff that manipulates iles of formatted routerstatuses.
2013-04-18 11:04:57 -04:00
Nick Mathewson
cb75519bbf Refactor dirobj signature generation
Now we can compute the hash and signature of a dirobj before
concatenating the smartlist, and we don't need to play silly games
with sigbuf and realloc any more.
2013-04-18 11:04:57 -04:00
Nick Mathewson
fd93622cc8 Use chunks, not buffers, for router descriptors 2013-04-18 11:04:56 -04:00
Nick Mathewson
1186628fa9 Refactor v2 networkstatus generation to avoid buffer-style 2013-04-18 11:04:56 -04:00
Nick Mathewson
9246a7ca58 Refactor routerstatus_format_entry to avoid character-buffers 2013-04-18 11:04:56 -04:00
Nick Mathewson
cd1cdae0fa Fix some wide lines 2013-04-18 10:30:14 -04:00
Nick Mathewson
cd2b508f4e Don't leak a waiting-for-certs consensus when accepting it.
I believe this was introduced in 6bc071f765, which makes
this a fix on 0.2.0.10-alpha.  But my code archeology has not extended
to actually testing that theory.
2013-04-17 11:53:52 -04:00
Nick Mathewson
0a9c17a61a Fix memory leak when sending configuration-changed event
Fix for bug #8718; bugfix on 0.2.3.3-alpha.
2013-04-17 11:34:15 -04:00
Nick Mathewson
bb79373fe8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-17 10:50:58 -04:00
Nick Mathewson
b00a6211c5 Merge remote-tracking branch 'public/bug7143_v2' into maint-0.2.4 2013-04-17 10:49:59 -04:00
Nick Mathewson
bbc049a756 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-17 10:48:39 -04:00
Nick Mathewson
42731f69ef Merge branch 'bug8037_squashed' into maint-0.2.4 2013-04-17 10:45:45 -04:00
Nick Mathewson
0cf2c01dbd Reject most directory documents with an internal NUL.
(Specifically, we reject all the ones that aren't NUL-terminated,
since a NUL-terminated thing can't have a NUL in the middle.)

Another fix for #8037.
2013-04-17 10:45:27 -04:00
Nick Mathewson
d34d0b4dc5 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/dirserv.c
2013-04-14 21:57:56 -04:00
Nick Mathewson
a6545d6335 Merge branch 'bug8683_rebased' into maint-0.2.4 2013-04-14 21:48:44 -04:00
Nick Mathewson
f3ae628517 Remove a now-empty if body; invert the sense of its condition 2013-04-14 21:47:29 -04:00
Nick Mathewson
c4de828923 Remvoe total_bandwidth and total_exit_bandwidth as unused. 2013-04-14 21:47:29 -04:00
Nick Mathewson
52cadff0d6 Rename all fields which measure bw in kb to end with _kb 2013-04-14 21:45:05 -04:00
Nick Mathewson
49696786fb Fix some KB/B confusion in flag threshold minima. 2013-04-14 21:43:50 -04:00
Roger Dingledine
9a4e9b4a80 fix trivial typo 2013-04-12 04:27:10 -04:00
Nick Mathewson
63ab5f4849 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-12 01:14:32 -04:00
Nick Mathewson
97246a5b6d Merge remote-tracking branch 'public/bug5650_squashed' into maint-0.2.4 2013-04-12 01:13:22 -04:00
Nick Mathewson
39ac1db60e Avoid busy-looping on WANTREAD within connection_handle_write
Fix for bug 5650.  Also, if we get a WANTREAD while reading while
writing, make sure we're reading.
2013-04-12 01:11:31 -04:00
Nick Mathewson
265a7ebca6 Use credible_bandwidth uniformly in setting/using fast_bandwidth
We were using credible_bandwidth to build the fast_bandwidth
threshold, but comparing it to bandwidth_for_router.
2013-04-11 10:36:46 -04:00
Nick Mathewson
ec4ee3197f Use correct units for dirserv_get_{credible_bandwidth,bandwidth_for_router}
We were mixing bandwidth file entries (which are in kilobytes) with
router_get_advertised_bw() entries, which were in bytes.

Also, use router_get_advertised_bandwidth_capped() for credible_bandwidth.
2013-04-11 10:26:17 -04:00
Nick Mathewson
e54a5a4f3c Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-11 01:47:10 -04:00
Nick Mathewson
922ab0883d Merge remote-tracking branch 'public/bug8185_diagnostic' into maint-0.2.4 2013-04-11 01:46:28 -04:00
Nick Mathewson
1b026efc62 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-11 01:43:14 -04:00
Nick Mathewson
ee3cc44f27 Merge remote-tracking branch 'public/bug7302' into maint-0.2.4
Conflicts:
	src/or/status.c
2013-04-11 01:42:54 -04:00
Nick Mathewson
3dfd1ebf12 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-11 01:40:31 -04:00
Nick Mathewson
7f50af116f Merge remote-tracking branch 'public/bug8117_023' into maint-0.2.4
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/connection.c
2013-04-11 01:39:55 -04:00
Roger Dingledine
8e7226cf7f fix text in function comment
(now that we moved to libevent)
2013-04-11 01:11:25 -04:00
Nick Mathewson
25f9ecf4b2 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-05 16:58:26 -04:00
Desoxy
74f5e304e4 Controller: Add CACHED keyword to ADDRMAP events (#8596 part 2/2)
Add keyword CACHED="YES"/"NO" to ADDRMAP control events to indicate whether the
DNS response will be cached or not.
2013-04-03 18:50:51 +02:00
Desoxy
2c40138210 Controller: Always send ADDRMAP event after RESOLVE command (#8596 part 1/2)
Since 7536c40 only DNS results for real SOCKS requests are added to the cache,
but not DNS results for DNSPort queries or control connection RESOLVE queries.
Only cache additions would trigger ADDRMAP events on successful resolve.

Change it so that DNS results received after a RESOLVE command also generate
ADDRMAP events.
2013-04-03 18:50:27 +02:00
Nick Mathewson
b349f09b47 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-03 09:36:59 -04:00
Nick Mathewson
33b7083f26 Fix a wide line 2013-04-03 09:36:37 -04:00
Mike Perry
56e7dff7bd Add additional checks for Path Bias scaling.
Just in case more issues remain with scaling, it would be nice to pin-point
them as such.
2013-04-03 09:32:15 -04:00
Mike Perry
2b05a8c671 Clip invalid path bias counts at startup.
There was a bug in Tor prior to 0.2.4.10-alpha that allowed counts to
become invalid. Clipping the counts at startup allows us to rule out
log messages due to corruption from these prior Tor versions.
2013-04-03 09:32:15 -04:00
Nick Mathewson
a934376049 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-02 10:42:53 -04:00
Nick Mathewson
856d57531b Merge remote-tracking branch 'public/bug7707_diagnostic' into maint-0.2.4 2013-04-02 10:41:14 -04:00
Nick Mathewson
7ccaf3f1a4 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-04-02 10:37:00 -04:00
Nick Mathewson
2c155064aa Merge remote-tracking branch 'public/bug8427' into maint-0.2.4 2013-04-02 10:36:15 -04:00
Akshay Hebbar Y S
36acde6b4e Removed obsolete code related to cached-routers 2013-04-01 21:50:35 -04:00
Nick Mathewson
c1a2be9ffe Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-29 12:26:01 -04:00
Mike Perry
9117b14218 Bug #8196: Demote a path bias notice that can be caused by controllers.
We didn't see this in normal usage anyway.
2013-03-29 12:21:28 -04:00
Mike Perry
651e49713c Bug 8419: Apply the badexit fix from #2203 to validatio too
This was causing dirauths to emit flag weight validation warns if there
was a sufficiently large amount of badexit bandwidth to make a difference in
flag weight results.
2013-03-29 12:20:54 -04:00
Mike Perry
f6a2f088fd Bug 8477: Don't warn if fromerly GENERAL circuits still have streams.
This can happen in various cases of network failure.
2013-03-29 12:20:54 -04:00
Mike Perry
a7d6683629 Bug 8230: Mark circuits as opened before reachability testing.
Should silence two path bias Bug messages seen on relays at startup.
2013-03-29 12:20:54 -04:00
Nick Mathewson
c3cc79ec38 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-29 12:19:05 -04:00
Mike Perry
d39e6736fe Don't relax the timeout for already opened 1-hop circuits. 2013-03-29 12:17:05 -04:00
Mike Perry
66586da9bc Add detail to log messages related to bug 7799.
Note this does not solve bug 7799, it is only to help us diagnose it.
2013-03-29 12:17:04 -04:00
Nick Mathewson
097a08f6fe Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-28 09:33:58 -04:00
Karsten Loesing
1bce70a9e3 Make PathsNeededToBuildCircuits option work. 2013-03-28 09:32:19 -04:00
Nick Mathewson
eb9b282cc2 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-27 21:07:36 -04:00
Nick Mathewson
7f8098d2d0 Add some missing case values to please clang
It seems that some versions of clang that would prefer the
-Wswitch-enum compiler flag to warn about switch statements with
missing enum values, even if those switch statements have a
default.

Fixes bug 8598; bugfix on 0.2.4.10-alpha.
2013-03-27 21:04:08 -04:00
Mike Perry
87d50d0617 Clarify liveness log message and lower it to notice.
It could just be due to small clock jumps, after all.
2013-03-27 16:22:43 -07:00
Mike Perry
65c0489dd4 Bug 6572: Use timestamp_created for liveness sanity checks.
This should eliminate potential regressions caused by #7341.
2013-03-26 20:28:19 -07:00
Nick Mathewson
e62b8051ee Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-26 22:20:33 -04:00
Mike Perry
914bfe765d Bug 7065: Use $ for idhex instead of = 2013-03-26 18:49:41 -07:00
Nick Mathewson
2e1f23151c count DATA cells with stream ID 0 as delivered for SENDME purposes
Found while investigating 8093, but probably not the cause of it,
since this bug would result in us sending too few SENDMEs, not in us
receiving SENDMEs unexpectedly.

Bugfix on the fix for 7889, which has appeared in 0.2.4.10-alpha, but
not yet in any released 0.2.3.x version.
2013-03-22 14:57:58 -04:00
Nick Mathewson
967503c12c Implement a placeholder mechanism in the channel,id->circ map
We'll use this to help fix bug 7912, by providing a way to mark
that a circuit ID can't get reused while a DESTROY is queued but not sent.
2013-03-21 11:55:07 -04:00
Nick Mathewson
e9ffd9890f Remove check for whether bridge_line->digest is NULL
It can never be NULL, since it's an array in bridge_line_t.

Introduced in 266f8cddd8. Found by coverity; this is CID 992691. Bug
not in any released Tor.
2013-03-21 07:47:42 -04:00
Nick Mathewson
ea6d53e724 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-21 07:25:24 -04:00
Nick Mathewson
6196d0e83d The *default* guard lifetime is two months; the *min* is one
This caused an assertion failure when pruning guards.

Fixes bug #8553; bug not in any released Tor.
2013-03-21 07:22:59 -04:00
Nick Mathewson
fa3c237739 Per-SOCKSPort configuration for bug 8117 fix.
This might be necessary if the bug8117 fix confuses any applications.

Also add a changes file.
2013-03-20 16:17:06 -04:00
Nick Mathewson
a264c4feda Prefer SOCKS_USER_PASS over SOCKS_NO_AUTH 2013-03-20 15:37:47 -04:00
Nick Mathewson
7c2eabcf8e Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-20 14:47:49 -04:00
Nick Mathewson
3412054987 Merge remote-tracking branch 'public/bug8475_023' into maint-0.2.4 2013-03-20 14:47:13 -04:00
Nick Mathewson
a87f22ef64 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-20 14:26:22 -04:00
Andrea Shepard
5c5198e713 Set default minimum bandwidth for exit flag to zero for TestingTorNetwork 2013-03-20 11:16:41 -07:00
Andrea Shepard
8e29a7ae1d Fix an EOL@EOF in circuituse.c 2013-03-20 11:03:18 -07:00
Nick Mathewson
a660fe6fd5 Let testing networks override ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG
This adds a new option to fix bug 8508 which broke chutney
networks. The bug was introduced by 317d16de.
2013-03-20 13:34:57 -04:00
Nick Mathewson
63a42b38b1 Merge remote-tracking branch 'public/unsigned-time_t' 2013-03-20 10:53:07 -04:00
Nick Mathewson
80c987fbb4 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-20 10:34:31 -04:00
Nick Mathewson
5b0b51ca3f Merge remote-tracking branch 'public/bug6304_v3' into maint-0.2.4
Conflicts:
	src/or/circuitbuild.c
	src/or/config.c
2013-03-20 10:31:56 -04:00
Nick Mathewson
7d1ade251b Debugging log for bug 8185
If the bug recurs, log the filename and line number that triggered it
2013-03-19 17:00:40 -04:00
Nick Mathewson
96d39fd236 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 16:44:00 -04:00
Nick Mathewson
ca50fb4f81 Don't assert when writing a cell to a CLOSING connection.
Instead, drop the cell.

Fixes another case of bug 7350; bugfix on 0.2.4.4-alpha
2013-03-19 16:35:40 -04:00
Nick Mathewson
96e8e30ee3 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 16:17:42 -04:00
Nick Mathewson
323cb655be Merge remote-tracking branch 'public/bug7164_diagnostic' into maint-0.2.4 2013-03-19 16:16:48 -04:00
Nick Mathewson
c547502ecb Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 16:15:39 -04:00
Nick Mathewson
6f20a74d52 Merge branch 'bug8240_v2_squashed' into maint-0.2.4
Conflicts:
	doc/tor.1.txt
	src/or/circuitbuild.c
	src/or/config.c
	src/or/or.h
2013-03-19 16:15:27 -04:00
Nick Mathewson
18752bca5b Drop the minimum guard lifetime back down to one month
Mike believes that raising the default to 2 months with no way to lower
it may create horrible load-balancing issues.
2013-03-19 16:04:40 -04:00
Nick Mathewson
cf734a08f6 Add support for days of the week to intervals 2013-03-19 16:03:58 -04:00
Nick Mathewson
343f7aa059 Make the guard lifetime configurable and adjustable via the consensus
Fixes 8240.

(Don't actually increase the default guard lifetime. It seems likely to
break too many things if done precipitiously.)
2013-03-19 16:02:19 -04:00
Nick Mathewson
acbfc9c8cc Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 15:32:44 -04:00
Nick Mathewson
a7b46336eb Merge remote-tracking branch 'public/bug7950' into maint-0.2.4 2013-03-19 15:32:17 -04:00
Nick Mathewson
084c857704 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 14:19:19 -04:00
Nick Mathewson
de7e99f8bb Merge remote-tracking branch 'public/bug8031' into maint-0.2.4 2013-03-19 14:18:07 -04:00
Nick Mathewson
e6602f5991 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-19 14:16:46 -04:00
Nick Mathewson
c101ecc8dc Merge remote-tracking branch 'asn/bug3594_rebased_and_fixed'
Conflicts:
	src/common/util.c
	src/or/entrynodes.h
2013-03-19 13:25:45 -04:00
Nick Mathewson
4eaca17f2f Merge branch 'bug7582_v2' into maint-0.2.4 2013-03-19 12:29:29 -04:00
Nick Mathewson
73a35dc3c0 Free prepend_policy values in origin circuits 2013-03-19 12:29:08 -04:00
Nick Mathewson
6e94d2fb3a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 16:36:52 -04:00
Nick Mathewson
597cd893c5 Merge remote-tracking branch 'public/bug6174' into maint-0.2.4 2013-03-18 16:36:25 -04:00
Nick Mathewson
b0f7af1615 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 16:34:29 -04:00
Nick Mathewson
01407f9718 Merge remote-tracking branch 'public/bug8062' into maint-0.2.4 2013-03-18 16:33:47 -04:00
Nick Mathewson
899c2805b1 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:57:51 -04:00
Nick Mathewson
bd9901bef2 Handle TRUNCATE correctly if our next channel isn't done yet.
Patch from 'cypherpunks'. Fixes bug #7947. Bugfix on 0.0.7.1.
2013-03-18 15:55:55 -04:00
Nick Mathewson
d404b0200f Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:46:01 -04:00
Nick Mathewson
aa4fcc4f13 Merge remote-tracking branch 'public/bug6164' into maint-0.2.4 2013-03-18 15:45:49 -04:00
Nick Mathewson
5124bc251a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:39:21 -04:00
Nick Mathewson
ad8a27a393 Fix some wide lines 2013-03-18 15:39:11 -04:00
Nick Mathewson
67709398b6 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:18:56 -04:00
Nick Mathewson
5959d1c105 Merge remote-tracking branch 'andrea/bug8435' into maint-0.2.4 2013-03-18 15:17:11 -04:00
Nick Mathewson
41cff47c6a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 15:16:11 -04:00
Nick Mathewson
3f837d4826 Make stream events for RESOLVE lookups more consistent
Fixes 8203; patch by Desoxy
2013-03-18 15:13:59 -04:00
Andrea Shepard
0164f16f70 Improve comment for routers_with_measured_bw static var in dirserv.c 2013-03-18 12:04:41 -07:00
Andrea Shepard
e9bdb695e8 Improve comment on router_counts_toward_thresholds() 2013-03-18 11:58:30 -07:00
Andrea Shepard
d64e5969f4 Add dirserv_has_measured_bw() predicate wrapper for dirserv_query_measured_bw_cache() 2013-03-18 11:56:42 -07:00
Nick Mathewson
f15d9cf5db Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 14:50:36 -04:00
Nick Mathewson
26639b7798 Merge remote-tracking branch 'public/no_dup_guards' into maint-0.2.4 2013-03-18 14:50:01 -04:00
Nick Mathewson
1512747656 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 14:32:18 -04:00
Nick Mathewson
173efa1051 Merge remote-tracking branch 'public/bug8059' into maint-0.2.4 2013-03-18 14:31:50 -04:00
Nick Mathewson
a770e1cc22 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 14:30:28 -04:00
Nick Mathewson
63b67577d6 Check return values from fcntl and setsockopt
(Based on a patch from flupzor; bug #8206)
2013-03-18 14:28:38 -04:00
Nick Mathewson
3fa9c9b688 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 14:24:30 -04:00
Nick Mathewson
eb9420082d Check for 0.2.4.8, not 0.2.4.7, to determine EXTEND2 support
Fixes bug 8464; bugfix on b2863739 in 0.2.4.8-alpha
2013-03-18 14:23:19 -04:00
Andrea Shepard
f93f7e331b Ignore advertised bandwidths if we have enough measured bandwidths available 2013-03-18 11:15:21 -07:00
Nick Mathewson
f48daef299 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-15 12:38:55 -04:00
Nick Mathewson
8b4728ebd6 Merge remote-tracking branch 'public/bug8180_023_v2' into maint-0.2.4 2013-03-15 12:38:11 -04:00
Nick Mathewson
686aaa5c4c Upgrade the warn for EntryNodes without UseEntryGuards to an error
fixes bug 8180
2013-03-15 12:34:29 -04:00
Nick Mathewson
b163e801bc Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/routerlist.c
2013-03-15 12:20:17 -04:00
Nick Mathewson
0cf327dc78 Merge remote-tracking branch 'public/unused_stuff' into maint-0.2.4 2013-03-15 12:17:23 -04:00
Nick Mathewson
9be3389dc7 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-14 12:06:58 -04:00
Nick Mathewson
653b09e1ec Make circuit_purpose_to_string handle CIRCUIT_PURPOSE_PATH_BIAS_TESTING 2013-03-14 12:06:03 -04:00
Nick Mathewson
1b28f366b8 Apply ClientDNSRejectInternalAddresses to IPv6 in RESOLVED cells
Fixes bug 8475; bugfix on 0.2.0.7-alpha.
2013-03-14 11:19:08 -04:00
Nick Mathewson
adfc3de833 Log fname:lineno in log messages for #7164
This should help us track down #7164 at last.
2013-03-13 10:42:58 -04:00
Nick Mathewson
b9a8f8c17c Fix the warning about LearnCircuitBuildTimeout && !CircuitBuildTimeout
This is for bug 6304.

Add a changes file too
2013-03-13 09:17:43 -04:00
Nick Mathewson
7543fb61e3 Simplify the logic of circuit_build_times_get_initial_timeout. 2013-03-13 09:11:31 -04:00
Nick Mathewson
16f2e4aa8c Don't warn about not sending a socks reply if we get a write error
If we get a write error on a SOCKS connection, we can't send a
SOCKS reply, now can we?

This bug has been here since 36baf7219, where we added the "hey, I'm
closing an AP connection but I haven't finished the socks
handshake!" message.  It's bug 8427.
2013-03-12 17:36:09 -04:00
Nick Mathewson
2b22c0aeef On END_REASON_EXITPOLICY, mark circuit as unusable for that address.
Also, don't call the exit node 'reject *' unless our decision to pick
that node was based on a non-summarized version of that node's exit
policy.

rransom and arma came up with the ideas for this fix.

Fix for 7582; the summary-related part is a bugfix on 0.2.3.2-alpha.
2013-03-11 23:37:47 -04:00
Nick Mathewson
452cfaacfc Track TLS overhead: diagnostic for bug 7707 2013-03-11 22:06:07 -04:00
Nick Mathewson
805ecb8719 Make control_event_bootstrap_problem always INFO when hibernating
When we're hibernating, the main reqason we can't bootstrap will
always be that we're hibernating: reporting anything else at severity
WARN is pointless.

Fixes part of 7302.
2013-03-11 20:52:20 -04:00
Nick Mathewson
34f07ec862 When hibernating, don't heartbeat about problems.
Fixes part of 7302.
2013-03-11 20:50:02 -04:00
Nick Mathewson
07e26005a6 Treat a changed IPv6 ORPort like an IPv4 one in retry_all_listeners()
Fix for bug 6026
2013-03-11 17:20:43 -04:00
Nick Mathewson
012068935a Fix a bug in microdescs_add_to_cache when listed_at == -1
This bug affects hosts where time_t is unsigned, which AFAICT does
not include anything we currently support.  (It _does_ include
OpenVMS, about a month of BSD4.2's history[1], and a lot of the 1970s.)

There are probably more bugs when time_t is unsigned.  This one was

[1] http://mail-index.netbsd.org/tech-userlevel/1998/06/04/0000.html
2013-03-11 16:20:20 -04:00
Nick Mathewson
1eebb56691 Another possible diagnostic for 8031.
This time, I'm checking whether our calculated offset matches our
real offset, in each case, as we go along.  I don't think this is
the bug, but it can't hurt to check.
2013-03-11 14:53:41 -04:00
Nick Mathewson
6905c1f60d Check more error codes when writing microdescriptors.
Possible partial fix, or diagnosis tool, for bug 8031.
2013-03-11 14:51:18 -04:00
Nick Mathewson
d54ccbe9fd Use fds, not stdio, to manage microdescriptor files
This is part of an attempt to mitigate 8031.
2013-03-11 14:37:44 -04:00
Nick Mathewson
fca578d9b5 Increase link_proto field to 2 bytes
This should have been 2 bytes all along, since version numbers can
be 16 bits long.  This isn't a live bug, since the call to
is_or_protocol_version_known in channel_tls_process_versions_cell
will reject any version number not in the range 1..4.  Still, let's
fix this before we accidentally start supporting version 256.

Reported pseudonymously. Fixes bug 8062; bugfix on 0.2.0.10-alpha --
specifically, on commit 6fcda529, where during development I
increased the width of a version to 16 bits without changing the
type of link_proto.
2013-03-11 12:34:14 -04:00
Nick Mathewson
b9037521c6 Fix a framing bug when reading versions from a versions cell.
Our ++ should have been += 2.  This means that we'd accept version
numbers even when they started at an odd position.

This bug should be harmless in practice for so long as every version
number we allow begins with a 0 byte, but if we ever have a version
number starting with 1, 2, 3, or 4, there will be trouble here.

Fix for bug 8059, reported pseudonymously. Bugfix on 0.2.0.10-alpha
-- specifically, commit 6fcda529, where during development I
increased the width of a version to 16 bits without changing the
loop step.
2013-03-11 12:29:28 -04:00
Roger Dingledine
331e4dcb46 Merge branch 'maint-0.2.4' 2013-03-10 23:42:14 -04:00
Roger Dingledine
0196647970 start part-way through the ssl cert lifetime
also, snap the start time and end time to a day boundary, since most
certs in the wild seem to do this.
2013-03-10 23:38:18 -04:00
Roger Dingledine
edd6f02273 randomize SSLKeyLifetime by default
resolves ticket 8443.
2013-03-10 23:38:18 -04:00
Roger Dingledine
599aeef9bc parameterize SSLKeyLifetime
no actual changes in behavior yet
2013-03-10 23:38:18 -04:00
Nick Mathewson
aa3126b5b4 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-10 23:03:17 -04:00
Nick Mathewson
e270a066a6 Merge remote-tracking branch 'arma/bug6783_big_hammer' into maint-0.2.4 2013-03-10 23:01:58 -04:00
Nick Mathewson
e4c5001bad Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-10 23:00:13 -04:00
Benjamin Kerensa
8b4195f021 Fix typos in a few log messages 2013-03-10 22:59:19 -04:00
Roger Dingledine
f8960ea22b set DisableV2DirectoryInfo_ off by default
since it's only enableable by authorities, nobody else would be able
to start their tor
2013-03-10 20:40:15 -04:00
Nick Mathewson
926b3d77f1 Tweak bug6783 patch. 2013-03-10 20:31:58 -04:00
Nick Mathewson
e4614d30e5 Add a DisableV2DirectoryInfo_ option to 404 all v2 ns requests
I have no idea whether b0rken clients will DoS the network if the v2
authorities all turn this on or not.  It's experimental. See #6783 for
a description of how to test it more or less safely, and please be
careful!
2013-03-10 20:31:53 -04:00
Nick Mathewson
4235425fce Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-10 19:53:31 -04:00
Nick Mathewson
339df5df08 Fix 8447: use %u to format circid_t.
Now that circid_t is 4 bytes long, the default integer promotions will
leave it alone when sizeof(int) == 4, which will leave us formatting an
unsigned as an int.  That's technically undefined behavior.

Fixes bug 8447 on bfffc1f0fc.  Bug not
in any released Tor.
2013-03-10 19:52:06 -04:00
Nick Mathewson
d13b996d83 Fix to test for bug8444 / 6034 2013-03-09 19:56:43 -05:00
Andrea Shepard
8027ebb5fd Better comment for dirserv_query_measured_bw_cache() 2013-03-07 15:59:30 -08:00
Andrea Shepard
b522434834 Use DIGESTMAP_FOREACH_MODIFY in dirserv_expire_measured_bw_cache() for concision 2013-03-07 15:55:01 -08:00
Andrea Shepard
6e978ab829 Add unit test for dirserv measured bandwidth cache 2013-03-07 15:41:22 -08:00
Andrea Shepard
302d1dae6c Make sure expiry check in dirserv_expire_measured_bw_cache() works if time_t is unsigned 2013-03-07 05:10:54 -08:00
Andrea Shepard
c7947619df More constness in dirserv.c 2013-03-07 05:05:56 -08:00
Andrea Shepard
75eb79a6aa Make dirserv_cache_measured_bw() use a const measured_bw_line_t * 2013-03-07 03:42:14 -08:00
Andrea Shepard
0efe96cae8 Call dirserv_clear_measured_bw_cache() from dirserv_free_all() 2013-03-05 13:11:43 -08:00
Nick Mathewson
289653c392 Remove a few more unused functions. 2013-03-01 21:57:52 -05:00
Andrea Shepard
74c33945e3 Correctly set entry->is_dir_cache when adding an entry guard for the first time
(Second part of a bug8367 fix. -NM)
2013-03-01 10:17:07 -05:00
Nick Mathewson
ad49abe5a1 Fix bootstrapping with bridges by making is_dir_cache is set on them.
This fixes bug 8367, introduced in d7089ff228. Not in
any released Tor.
2013-03-01 10:17:07 -05:00
Andrea Shepard
8b26766a66 Correctly set entry->is_dir_cache when adding an entry guard for the first time
(Second part of a bug8367 fix. -NM)
2013-03-01 09:32:37 -05:00
Nick Mathewson
c0b1f05fe7 Fix bootstrapping with bridges by making is_dir_cache is set on them.
This fixes bug 8367, introduced in d7089ff228. Not in
any released Tor.
2013-03-01 09:32:17 -05:00
Andrea Shepard
b5a164bde4 Prefer measured bandwidths over advertised when computing things for votes on a dirauth 2013-02-27 19:43:50 -08:00
George Kadianakis
05f8fd2878 Add unique client counter to the heartbeat message. 2013-02-26 12:43:53 +02:00
Nick Mathewson
6879910334 Fix a comment in tor_main.c
We don't use subversion or src/*/makefile.am any longer
2013-02-25 03:24:53 -05:00
Nick Mathewson
5bfa373eee Remove some totally unused functions 2013-02-23 23:31:31 -05:00
Nick Mathewson
365e302f61 Remove a bunch of unused macro definitions 2013-02-23 23:05:25 -05:00
Nick Mathewson
9f044eac77 Refactor format_networkstatus_vote to avoid preallocating a buffer.
This saves a lot of "are we about to overrun the buffer?" checking,
and unmoots a bunch of "did we allocate enough" discussion.
2013-02-20 00:36:59 -05:00
Nick Mathewson
7bb51fdd89 Rename circuit_expire_all_dirty_circs
The new name is circuit_mark_all_dirty_circs_as_unusable.

This resolves an XXX024
2013-02-19 18:37:03 -05:00
Nick Mathewson
62fb209d83 Stop frobbing timestamp_dirty as our sole means to mark circuits unusable
In a number of places, we decrement timestamp_dirty by
MaxCircuitDirtiness in order to mark a stream as "unusable for any
new connections.

This pattern sucks for a few reasons:
  * It is nonobvious.
  * It is error-prone: decrementing 0 can be a bad choice indeed.
  * It really wants to have a function.

It can also introduce bugs if the system time jumps backwards, or if
MaxCircuitDirtiness is increased.

So in this patch, I add an unusable_for_new_conns flag to
origin_circuit_t, make it get checked everywhere it should (I looked
for things that tested timestamp_dirty), and add a new function to
frob it.

For now, the new function does still frob timestamp_dirty (after
checking for underflow and whatnot), in case I missed any cases that
should be checking unusable_for_new_conns.

Fixes bug 6174. We first used this pattern in 516ef41ac1,
which I think was in 0.0.2pre26 (but it could have been 0.0.2pre27).
2013-02-19 18:29:17 -05:00
Nick Mathewson
3dc52e6636 Add src/or/micro-revision.i to CLEANFILES in case anybody has one
Fix for 7143.
2013-02-19 17:53:38 -05:00
Nick Mathewson
1827be0bd6 Make a parse_config_line_from_str variant that gives error messages
Without this patch, there's no way to know what went wrong when we
fail to parse a torrc line entirely (that is, we can't turn it into
a K,V pair.)  This patch introduces a new function that yields an
error message on failure, so we can at least tell the user what to
look for in their nonfunctional torrc.

(Actually, it's the same function as before with a new name:
parse_config_line_from_str is now a wrapper macro that the unit
tests use.)

Fixes bug 7950; fix on 0.2.0.16-alpha (58de695f90) which first
introduced the possibility of a torrc value not parsing correctly.
2013-02-19 17:36:17 -05:00
Nick Mathewson
5d2b2b9ede Clear up a comment about when an assertion could fire
Resolves ticket 6164
2013-02-19 16:23:58 -05:00
Nick Mathewson
337e32f5b8 fix a wide line 2013-02-19 15:08:54 -05:00
Nick Mathewson
8ddf4e218e Merge branch 'bug8065_v2' 2013-02-19 15:02:22 -05:00
Nick Mathewson
3340d3279d Downgrade an assert to LD_BUG
This should prevent crashes on further recurrence of 8065, and help
diagnose such if they occur
2013-02-19 15:02:08 -05:00
Nick Mathewson
b0b0d6af63 Merge branch 'bug2286_unit_test_squashed' 2013-02-19 14:54:05 -05:00
Nick Mathewson
6170bc5a93 Refactor storing of measured_bw versus Unmeasured=1.
This patch moves the measured_bw field and the has_measured_bw field
into vote_routerstatus_t, since only votes have 'Measured=XX' set on
their weight line.

I also added a new bw_is_unmeasured flag to routerstatus_t to
represent the Unmeasured=1 flag on a w line.  Previously, I was using
has_measured_bw for this, which was quite incorrect: has_measured_bw
means that the measured_bw field is set, and it's probably a mistake
to have it serve double duty as meaning that 'baandwidth' represents a
measured value.

While making this change,I also found a harmless but stupid bug in
dirserv_read_measured_bandwidths: It assumes that it's getting a
smartlist of routerstatus_t, when really it's getting a smartlist of
vote_routerstatus_t.  C's struct layout rules mean that we could never
actually get an error because of that, but it's still quite incorrect.
I fixed that, and in the process needed to add two more sorting and
searching helpers.

Finally, I made the Unmeasured=1 flag get parsed.  We don't use it for
anything yet, but someday we might.

This isn't complete yet -- the new 2286 unit test doesn't build.
2013-02-19 11:06:24 -05:00
Andrea Shepard
4c45b3d845 Add unit test for unmeasured bandwidth clipping in consensus 2013-02-19 11:06:24 -05:00
Nick Mathewson
869826581d Note some annoyinc copy-and-paste code 2013-02-19 11:06:23 -05:00
Nick Mathewson
e73bbea262 Tweak consensus method 17 based on arma's comments
Instead of capping whenever a router has fewer than 3 measurements,
we cap whenever a router has fewer than 3 measurements *AND* there
are at least 3 authorities publishing measured bandwidths.

We also generate bandwidth lines with a new "Unmeasured=1" flag,
meaning that we didn't have enough observations for a node to use
measured bandwidth values in the authority's input, whether we capped
it or not.
2013-02-19 11:05:15 -05:00
Roger Dingledine
f2199763cf touchups on 78582760 2013-02-19 04:07:36 -05:00
Nick Mathewson
7858276066 Revise some comments in router.c
Avoid the phrase "legally valid" (as opposed to valid but not legal)?
And document what functions really do.

Fix for bug 6935.
2013-02-19 02:43:36 -05:00
Nick Mathewson
59fc77e29b Fix a bug that roger found in the wide_circ_id code 2013-02-15 18:20:46 -05:00
Nick Mathewson
73182e3220 Merge remote-tracking branch 'public/bug8207' 2013-02-15 16:29:43 -05:00
Nick Mathewson
d6634001c9 Merge remote-tracking branch 'public/wide_circ_ids'
Conflicts:
	src/or/channel.h
	src/or/connection_or.c
	src/or/cpuworker.c
2013-02-15 16:23:43 -05:00
Nick Mathewson
5fcc5dfa77 make check-spaces 2013-02-15 16:02:57 -05:00
Nick Mathewson
0fa362cafa Merge remote-tracking branch 'public/feature4994-rebased' 2013-02-15 15:58:54 -05:00
Roger Dingledine
5d400b5f7f Authorities were adding downtime for every relay every restart
Stop marking every relay as having been down for one hour every
time we restart a directory authority. These artificial downtimes
were messing with our Stable and Guard flag calculations.

Fixes bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
2013-02-14 17:02:22 -05:00
Nick Mathewson
41e0f7146a Merge remote-tracking branch 'arma/bug1992' 2013-02-14 14:55:49 -05:00
Nick Mathewson
1070a720ad Be more robust when excluding existing nodes as new dirguards
In addition to rejecting them post-hoc, avoid picking them in the
first place.  This makes us less likely to decide that we can't add
guards at all.
2013-02-14 12:06:59 -05:00
Nick Mathewson
91027218e2 Add some code to bluntly prevent duplicate guards from getting added
Apparently something in the directory guard code made it possible
for the same node to get added as a guard over and over when there
were no actual running guard nodes.
2013-02-14 11:48:47 -05:00
Nick Mathewson
d7089ff228 Restore the entry/dirguard distinction.
We shouldn't be calling choose_random_entry() for directory
conncetions; that's what choose_random_dirguard() is for.
2013-02-12 16:23:12 -05:00
Nick Mathewson
5e0ce4c578 oops; add a missing semicolon
(Cherry-picked from fc35ee4910)
2013-02-12 10:51:20 -05:00
Roger Dingledine
178599f026 get rid of the new caching notion in resolve_my_address()
and replace it with the good old-fashioned two functions approach
2013-02-12 04:25:42 -05:00
Roger Dingledine
b166e9edb9 simplify timing checks
now that both timers are on the same schedule, there's no point
tracking separate timers.
2013-02-11 22:07:19 -05:00
Roger Dingledine
5911fc0c17 Check for IP address change every minute, not 15 minutes
Relays used to check every 10 to 60 seconds, as an accidental side effect
of calling directory_fetches_from_authorities() when considering doing
a directory fetch. The fix for bug 1992 removes that side effect. At the
same time, bridge relays never had the side effect, leading to confused
bridge operators who tried crazy tricks to get their bridges to notice
IP address changes (see ticket 1913).

The new behavior is to reinstate an every-60-seconds check for both
public relays and bridge relays, now that the side effect is gone.
2013-02-11 21:57:32 -05:00
Roger Dingledine
17089302fd Stop trying to resolve our hostname so often
For example, we were doing a resolve every time we think about doing a
directory fetch. Now we reuse the cached answer in some cases.

Fixes bugs 1992 (bugfix on 0.2.0.20-rc) and 2410 (bugfix on
0.1.2.2-alpha).
2013-02-11 21:48:18 -05:00
Roger Dingledine
cc896f7c84 Teach resolve_my_address() to return a cached answer
I didn't make any of the callers use this feature yet.
2013-02-11 17:09:10 -05:00
Nick Mathewson
99457ee776 Fix two more coverity-spotted leaks in master.
One is a probably-impossible leak if we fail to sign a consensus;
another occurs when we can't look up the user we're trying to chown
our sockets to.
2013-02-11 17:01:02 -05:00
Nick Mathewson
f3835bcb37 Avoid null-pointer deref in pathbias_is_new_circ_attempt
Coverity is worried about this (CID 980653).  It hasn't happened in
testing, but we might as well make sure it can't happen.
2013-02-11 16:59:21 -05:00
Nick Mathewson
719940df2b Fix a nigh-impossible overflow in cpuworker.c
When we compute the estimated microseconds we need to handle our
pending onionskins, we could (in principle) overflow a uint32_t if
we ever had 4 million pending onionskins before we had any data
about how onionskins take.  Nevertheless, let's compute it properly.

Fixes bug 8210; bugfix on 0.2.4.10. Found by coverity; this is CID
980651.
2013-02-11 16:46:38 -05:00
Nick Mathewson
fc35ee4910 oops; add a missing semicolon 2013-02-11 16:17:33 -05:00
Nick Mathewson
5f29bc71b3 Merge remote-tracking branch 'public/bug7816_023' 2013-02-11 16:14:17 -05:00
Nick Mathewson
afca9ab14e Fix another memory leak
This one occurs when changing configuration options. Found by
coverity.
2013-02-11 16:13:52 -05:00
Nick Mathewson
fd8ef8dc57 Merge remote-tracking branch 'public/bug8208' 2013-02-11 16:06:02 -05:00
Nick Mathewson
e3578d52e4 Check whether ei is non-NULL before altering it.
This fixes a crash bug if we fail to generate an extrainfo
descriptor.

Fixes bug 8208; bugfix on 0.2.3.16-alpha.
2013-02-11 16:05:03 -05:00
Nick Mathewson
43d2f99d54 Suppress a coverity false positive in connection_edge_package_raw_inbuf
Coverity is worried that we're checking entry_conn in some cases,
but not in the case where we set entry_conn->pending_optimistic_data.

This commit should calm it down (CID 718623).
2013-02-11 15:55:50 -05:00
Nick Mathewson
f12fafac5a Make hidden service authorization work again.
The refactoring in commit 471ab34032 wasn't complete enough: we
were checking the auth_len variable, but never actually setting it,
so it would never seem that authentication had been provided.

This commit also removes a bunch of unused variables from
rend_service_introduce, whose unusedness we hadn't noticed because
we were wiping them at the end of the function.

Fix for bug 8207; bugfix on 0.2.4.1-alpha.
2013-02-11 15:42:57 -05:00
Nick Mathewson
b9432becbe Fix a copy-and-paste issue found by coverity
Fixes CID 980650; bugfix on 0.2.4.10-alpha.
2013-02-11 14:42:33 -05:00
Nick Mathewson
01184f164f Merge remote-tracking branch 'public/bug8158' 2013-02-11 13:32:38 -05:00
Nick Mathewson
36e2eb6775 Avoid generating extra spaces when explaining how we guessed our address 2013-02-11 13:29:56 -05:00
Roger Dingledine
92ea0b86de Refactor resolve_my_address() so logs are more accurate / helpful
It returns the method by which we decided our public IP address
(explicitly configured, resolved from explicit hostname, guessed from
interfaces, learned by gethostname).

Now we can provide more helpful log messages when a relay guesses its IP
address incorrectly (e.g. due to unexpected lines in /etc/hosts). Resolves
ticket 2267.

While we're at it, stop sending a stray "(null)" in some cases for the
server status "EXTERNAL_ADDRESS" controller event. Resolves bug 8200.
2013-02-11 13:29:56 -05:00
Roger Dingledine
dfbb12cabf log the hostname that resolve_my_address() used to guess our IP 2013-02-11 13:29:56 -05:00
George Kadianakis
266f8cddd8 Refactoring to make parse_bridge_line() unittestable.
- Make parse_bridge_line() return a struct.
- Make bridge_add_from_config() accept a struct.
- Make string_is_key_value() less hysterical.
2013-02-11 18:07:26 +00:00
Nick Mathewson
2b4d4ccb3d Merge remote-tracking branch 'public/bug7801_v2' 2013-02-11 11:28:08 -05:00
Roger Dingledine
74e6a47a80 stop setting, or using, router->address
resolves ticket 5528.
2013-02-09 22:07:22 -05:00
Roger Dingledine
002c860cae use me->addr when adding our address to our exit policy
(rather than me->address)
2013-02-09 21:17:44 -05:00
Roger Dingledine
e1ec03f819 use router->addr for log messages and controller events
(rather than router->address)
2013-02-09 21:10:07 -05:00
Roger Dingledine
ccaefd65a4 stop passing "address" around the directory_initiate_command* funcs
since it was always just the string version of "addr" anyway
2013-02-09 20:49:55 -05:00
Roger Dingledine
99185397de Stop checking if ri->address is an IP
since router_parse_entry_from_string() already checks whether
!tor_inet_aton(router->address, &in)

(And no need to print address, since router_describe does that.)
2013-02-09 20:49:11 -05:00
George Kadianakis
b5dceab175 Fix various issues pointed out by Nick and Andrea.
- Document the key=value format.
- Constify equal_sign_pos.
- Pass some strings that are about to be logged to escape().
- Update documentation and fix some bugs in tor_escape_str_for_socks_arg().
- Use string_is_key_value() in parse_bridge_line().
- Parenthesize a forgotten #define
- Add some more comments.
- Add some more unit test cases.
2013-02-09 18:46:10 +00:00
George Kadianakis
8f2e980159 Send SOCKS arguments when doing SOCKS5. 2013-02-09 16:30:16 +00:00
George Kadianakis
14b84858c0 Send SOCKS arguments when doing SOCKS4. 2013-02-09 16:30:16 +00:00
George Kadianakis
faf4f6c6d1 Validate SOCKS arguments. 2013-02-09 16:30:16 +00:00
George Kadianakis
757b03aacb Add support for parsing SOCKS arguments. 2013-02-09 16:30:16 +00:00
Nick Mathewson
076654ce84 Replace magic constants for wide_circ_ids with inline function calls 2013-02-09 00:56:53 -05:00
Nick Mathewson
d86a45f991 Wrap more macro definitions in (parentheses)
To avoid surprises, good coding practice suggests parenthesizing every
macro definition -- or at the very least, all those involving an
expression.
2013-02-09 00:16:04 -05:00
Nick Mathewson
4bfd7806bf Add explicit check for !first_conn in ...resume_edge_reading_helper
This check isn't necessary (see comment on #7801), but it took at
least two smart people a little while to see why it wasn't necessary,
so let's have it in to make the code more readable.
2013-02-08 16:32:58 -05:00
Nick Mathewson
018fe7d11e Improve comment about our random stream choice algorithm 2013-02-08 16:31:46 -05:00
Nick Mathewson
8cdd8b8353 Fix numerous problems with Tor's weak RNG.
We need a weak RNG in a couple of places where the strong RNG is
both needless and too slow.  We had been using the weak RNG from our
platform's libc implementation, but that was problematic (because
many platforms have exceptionally horrible weak RNGs -- like, ones
that only return values between 0 and SHORT_MAX) and because we were
using it in a way that was wrong for LCG-based weak RNGs.  (We were
counting on the low bits of the LCG output to be as random as the
high ones, which isn't true.)

This patch adds a separate type for a weak RNG, adds an LCG
implementation for it, and uses that exclusively where we had been
using the platform weak RNG.
2013-02-08 16:28:05 -05:00
Nick Mathewson
c8f5f35d62 Add doxygen for bug8158 functions 2013-02-08 12:12:09 -05:00
Nick Mathewson
2403ef66ba Coalesce identical adjacent microdescriptor vote lines. 2013-02-08 12:09:46 -05:00
Nick Mathewson
194bd56c8a Refactor generating the m lines in a vote into its own function 2013-02-08 11:52:51 -05:00
Nick Mathewson
3433216268 Merge remote-tracking branch 'public/easy_ratelim'
Conflicts:
	src/or/connection.c
2013-02-07 17:13:51 -05:00
Nick Mathewson
ba7d93db16 Merge remote-tracking branch 'public/bug7816_023'
Conflicts:
	src/common/util.c
2013-02-07 15:20:50 -05:00
Nick Mathewson
0061d42890 Merge remote-tracking branch 'public/bug7816_024' 2013-02-07 15:13:21 -05:00
Nick Mathewson
ad28397bbf Merge branch 'bug7902' 2013-02-07 15:04:11 -05:00
Nick Mathewson
12c6475c06 Merge branch 'ticket8161_squashed' 2013-02-07 14:31:04 -05:00
Mike Perry
eb15be3d45 Mention a trac ticket relevant to an XXX comment. 2013-02-07 14:30:58 -05:00
Mike Perry
bbd38f293f Better document an XXX comment about refactoring. 2013-02-07 14:30:58 -05:00
Mike Perry
b03553737c Separate the flags for logging use bias.
I think we want both sets of messages to appear independently to help us know
what needs tuning.
2013-02-07 14:30:58 -05:00
Nick Mathewson
1cd6744338 New consensus method: clip the maximum votable unmeasured bw
If we're deciding on a node's bandwidth based on "Bandwidth="
declarations, clip it to "20" or to the maxunmeasuredbw parameter,
if it's voted on.

This adds a new consensus method.

This is "part A" of bug 2286
2013-02-05 00:46:32 -05:00
Mike Perry
a99ebaf4c7 Lower path use bias thresholds.
I noticed bad wifi networks can have low use success rates.
2013-02-04 16:57:09 -08:00
Nick Mathewson
cd4ad45ba3 Include a flag-thresholds line in each vote to describe flag cutoffs
Implements ticket 8151.
2013-02-04 13:44:05 -05:00
Nick Mathewson
12f2d986f3 Merge branch 'authdir_quick_fix' 2013-02-04 12:34:14 -05:00
Nick Mathewson
b1cb9ebb1c Merge branch 'bug8146_etc' 2013-02-04 12:34:09 -05:00
Nick Mathewson
2e9cd4b724 Quick fix on 5956 for authorities
Authorities don't set is_possible_guard on node_t, so they were
never deciding that they could build enough paths.  This is a quick
and dirty fix.

Bug not in any released version of Tor
2013-02-04 12:25:43 -05:00
Nick Mathewson
898f2d7c27 Merge branch 'bug8153' 2013-02-04 11:54:38 -05:00
Nick Mathewson
b64dc35b5c Reinstate some fixes/tweaks from 6e4a4002
These seem to have gotten conflicted out of existence while mike was
working on path bias stuff.

Thanks to sysrqb for collecting these in a handy patch.
2013-02-04 11:51:39 -05:00
Nick Mathewson
7cde094fd5 Fix a warning when building with --disable-curve25519
It appears that the code for 7291 gave an unused-value warning when
built with --disable-curve25519.
2013-02-04 11:34:23 -05:00
Nick Mathewson
4eff8b6530 When we mark a node as a sybil, mark it down and reset its uptime to 0
This prevents bug 8147, where such nodes would accrue points towards
Guard, Fast, HSDir, and so on.

Fixes bug 8147.
2013-02-04 11:11:54 -05:00
Nick Mathewson
61995d3e2c Ignore tiny bandwidths entirely when computing thresholds
Another bug 8145 fix.
2013-02-04 10:47:08 -05:00
Nick Mathewson
317d16de04 Increase the minimum value for the Fast flag to 4096.
Fix for 8145.
2013-02-04 10:41:25 -05:00
Nick Mathewson
8be7f69f8d Refactor should-count-towards-thresholds test into new function 2013-02-04 10:22:45 -05:00
Nick Mathewson
40c13240c0 When computing performance thresholds, ignore omitted-as-sybil nodes.
Fixes bug 8146.
2013-02-04 10:19:26 -05:00
Roger Dingledine
bce5019eff generalize choose_random_entry()'s dirinfo parameter
Now we can specify to skip bridges that wouldn't be able to answer the
type of dir fetch we're launching.

It's still the responsibility of the rest of the code to prevent us from
launching a given dir fetch if we have no bridges that could handle it.
2013-02-02 08:19:27 -08:00
Roger Dingledine
a8297cdbd3 use microdescriptors if *any* of our bridges can handle them
Now as we move into a future where most bridges can handle microdescs
we will generally find ourselves using them, rather than holding back
just because one of our bridges doesn't use them.
2013-02-02 08:04:20 -08:00
Nick Mathewson
acb43c0735 Merge remote-tracking branch 'public/feature7706' 2013-02-01 17:24:08 -05:00
Nick Mathewson
c93f66b103 Merge remote-tracking branch 'public/bug7708_023_v3_squashed' 2013-02-01 17:11:46 -05:00
Nick Mathewson
690ea9e8cf Clarify documentation of connection_finished_flushing 2013-02-01 17:10:15 -05:00
Nick Mathewson
b442930789 Fix serious breakage in connection_handle_write_impl
When we first implemented TLS, we assumed in conneciton_handle_write
that a TOR_TLS_WANT_WRITE from flush_buf_tls meant that nothing had
been written. But when we moved our buffers to a ring buffer
implementation back in 0.1.0.5-rc (!), we broke that invariant: it's
possible that some bytes have been written but nothing.

That's bad.  It means that if we do a sequence of TLS writes that ends
with a WANTWRITE, we don't notice that we flushed any bytes, and we
don't (I think) decrement buckets.

Fixes bug 7708; bugfix on 0.1.0.5-rc
2013-02-01 17:10:15 -05:00
Nick Mathewson
996db755c2 Fix a couple of warnings on the 8081 branch. 2013-02-01 17:03:00 -05:00
Mike Perry
fed7f01377 Add EntryGuardPathUseBias to state file keyword list. 2013-02-01 17:01:26 -05:00
Mike Perry
b3e57b760e Increment an informational counter for use failed state.
This informational counter is probably now redundant, but might as well keep
it consistent I guess.
2013-02-01 17:01:26 -05:00
Mike Perry
da5817772d Rename and relocate the bw weight scale param getter.
It had nothing to do with circuit build times.
2013-02-01 17:01:22 -05:00
Mike Perry
6e4610de02 Fix a log typo found by sysrqb. 2013-02-01 17:01:22 -05:00
Mike Perry
95d272f5d8 Bounds-check path bias rate parameters.
The other remaining parameters don't really need range checks.
2013-02-01 17:01:22 -05:00
Mike Perry
bce6714f99 Refactor code that rolls back the use state
Also document it better.

Mention this refactoring in the comments for the path state machine.
2013-02-01 17:01:16 -05:00
Mike Perry
3a63e5ef42 Refactor and rename pathbias rate evaluation. 2013-02-01 17:01:12 -05:00
Mike Perry
dfcfb5d17d Refactor the scaling parameter fetching into a single function.
Also, deprecate the torrc options for the scaling values. It's unlikely anyone
but developers will ever tweak them, even if we provided a single ratio value.
2013-02-01 17:01:12 -05:00
Mike Perry
2b2c7f23f5 Mark entry guard state dirty everwhere the pathbias code touches it. 2013-02-01 17:01:12 -05:00
Mike Perry
6828a19670 Add a tristate to guard against unexpected circ purpose transitions 2013-02-01 17:01:12 -05:00
Mike Perry
173ed05d2f Clarify state transition and related pathbias comments 2013-02-01 17:01:12 -05:00
Nick Mathewson
ec90ed4f6d Merge branch 'rename_log_7599' 2013-02-01 16:23:26 -05:00
Roger Dingledine
fd49226385 Help us track bug 8093:
Improve the log message when "Bug/attack: unexpected sendme cell
from client" occurs.
2013-02-01 16:22:34 -05:00
Nick Mathewson
7301339e33 fix wide lines from tor_log rename 2013-02-01 16:19:02 -05:00
Nick Mathewson
a141430ec3 Rename log() to tor_log() for logging
This is meant to avoid conflict with the built-in log() function in
math.h.  It resolves ticket 7599.  First reported by dhill.

This was generated with the following perl script:

 #!/usr/bin/perl -w -i -p

 s/\blog\(LOG_(ERR|WARN|NOTICE|INFO|DEBUG)\s*,\s*/log_\L$1\(/g;

 s/\blog\(/tor_log\(/g;
2013-02-01 15:43:37 -05:00
Nick Mathewson
b0dd355891 Use %d, not %02d, for decimal percentages
Cosmetic tweak on 5956; not in any released tor.
2013-01-30 17:35:28 -05:00
Nick Mathewson
35daf6f602 Rename all of the macros in tor_queue.h to start with TOR_ 2013-01-30 12:58:49 -05:00
Nick Mathewson
29136bd7e4 Merge branch 'bug5956_squashed' 2013-01-30 11:59:51 -05:00
Nick Mathewson
02c320916e Parameterize FRAC_USABLE_NEEDED for fraction of circuits
Instead of hardcoding the minimum fraction of possible paths to 0.6, we
take it from the user, and failing that from the consensus, and
failing that we fall back to 0.6.
2013-01-30 11:58:17 -05:00
Nick Mathewson
813a0f8c40 Compute whether we're ready to build circuits based on fraction of paths
Previously we did this based on the fraction of descriptors we
had. But really, we should be going based on what fraction of paths
we're able to build based on weighted bandwidth, since otherwise a
directory guard or two could make us behave quite oddly.

Implementation for feature 5956
2013-01-30 11:58:17 -05:00
Nick Mathewson
bc52e0488b Add an optional out-arg to count_usable_descriptors
This way we get the usable nodes themselves, so we can feed them into
frac_nodes_with_descriptors
2013-01-30 11:58:17 -05:00
Nick Mathewson
fcf906ec73 Add a function to compute fraction of nodes (by weighted bw) with descriptors 2013-01-30 11:58:17 -05:00
Andrea Shepard
123daffb60 Merge branch 'bug7802' of ssh://git-rw.torproject.org/mikeperry/tor 2013-01-28 16:16:45 -08:00
Nick Mathewson
acd72d4e3e Correctly copy microdescs/extrinfos with internal NUL bytes
Fixes bug 8037; bugfix on 0.2.0.1-alpha; reported by cypherpunks.
2013-01-26 18:01:06 -05:00
Andrea Shepard
dfbd19df41 Merge branch 'time_based_onionqueue_v2' of ssh://git-rw.torproject.org/nickm/tor 2013-01-24 08:10:12 -08:00
Mike Perry
a78542f0c3 Bug 8024: Check for null/closed channel before probing. 2013-01-22 21:03:28 -08:00
Mike Perry
b810d322bf squash! Remove a source of error during path bias scaling
Improve debug logs and fix a state fencepost error.
2013-01-20 14:32:56 -08:00
Mike Perry
06a1d0b044 squash! Implement Path use bias accounting.
Make a debug log more informative.
2013-01-20 14:32:56 -08:00
Mike Perry
f858370233 Prevent early close of path bias testing circuits.
We need to let them live long enough to perform the test.
2013-01-20 14:32:56 -08:00
Mike Perry
fb711e6d77 squash! Remove a source of error during path bias scaling
Move a log message about scaling to after we scale
2013-01-20 14:32:27 -08:00
Nick Mathewson
c71b7db8f3 Merge remote-tracking branch 'karsten/bug5823' 2013-01-19 09:36:55 -05:00
Mike Perry
d80b881a52 Remove a source of error during path bias scaling
If any circuits were opened during a scaling event, we were scaling attempts
and successes by different amounts. This leads to rounding error.

The fix is to record how many circuits are in a state that hasn't been fully
counted yet, and subtract that before scaling, and add it back afterwords.
2013-01-18 21:23:33 -08:00
Mike Perry
a2db17a1aa Don't immediately count cannibalized circs as used.
Since they use RELAY_EARLY (which can be seen by all hops on the path),
it's not safe to say they actually count as a successful use.

There are also problems with trying to allow them to finish extending due to
the circuit purpose state machine logic. It is way less complicated (and
possibly more semantically coherent) to simply wait until we actually try to
do something with them before claiming we 'used' them.

Also, we shouldn't call timed out circuits 'used' either, for semantic
consistency.
2013-01-18 19:46:29 -08:00
Mike Perry
24b9b9f791 Roll back the path_state for circs if we detatch a stream.
An adversary could let the first stream request succeed (ie the resolve), but
then tag and timeout the remainder (via cell dropping), forcing them on new
circuits.

Rolling back the state will cause us to probe such circuits, which should lead
to probe failures in the event of such tagging due to either unrecognized
cells coming in while we wait for the probe, or the cipher state getting out
of sync in the case of dropped cells.
2013-01-18 19:46:28 -08:00
Mike Perry
e13e30221e Implement Path use bias accounting.
Path use bias measures how often we can actually succeed using the circuits we
actually try to use. It is a subset of path bias accounting, but it is
computed as a separate statistic because the rate of client circuit use may
vary depending on use case.
2013-01-18 19:46:21 -08:00
Nick Mathewson
42c4418bed Split smartlist_choose_node_by_bandwidth_weights
This is a minimal refactoring to expose the weighted bandwidth
calculations for each node so I can use them to see what fraction of
nodes, weighted by bandwidth, we have descriptors for.
2013-01-18 12:24:54 -05:00
Nick Mathewson
ff9bdbd56f When excluding nodes by country, exclude {??} and {A1} too
This is ticket 7706, reported by "bugcatcher."  The rationale here
is that if somebody says 'ExcludeNodes {tv}', then they probably
don't just want to block definitely Tuvaluan nodes: they also want
to block nodes that have unknown country, since for all they know
such nodes are also in Tuvalu.

This behavior is controlled by a new GeoIPExcludeUnknown autobool
option.  With the default (auto) setting, we exclude ?? and A1 if
any country is excluded.  If the option is 1, we add ?? and A1
unconditionally; if the option is 0, we never add them.

(Right now our geoip file doesn't actually seem to include A1: I'm
including it here in case it comes back.)

This feature only takes effect if you have a GeoIP file.  Otherwise
you'd be excluding every node.
2013-01-17 18:07:36 -05:00
Nick Mathewson
e0581a4b57 Replace base-{16,32,64} with base{16,32,64} in the code
Patch from onizuka generated with

 find ./ -type f -perm -u+rw -exec sed -ri 's/(Base)-(16|32|64)/\1\2/gi' {} \;

Fixes issue 6875 on Tor.
2013-01-17 16:08:28 -05:00
Nick Mathewson
60a2aa8b00 Add ntor-related modules to the Makefiles.nmake 2013-01-17 15:53:36 -05:00
Nick Mathewson
1af89ce540 Fix an MSVC warning in onion.h prototypes 2013-01-17 14:42:37 -05:00
Nick Mathewson
2386a98d46 Add a missing part of bug 7311's makefile.nmake tweaks
Fix by "ultramage".

This already has a changes entry.
2013-01-17 10:01:22 -05:00
Nick Mathewson
d094a76cc8 Merge remote-tracking branch 'public/bug6302' 2013-01-17 09:20:24 -05:00
Karsten Loesing
da1e44ee51 Remove dirreq-v2-* lines from extra-info descriptors.
Implements the rest of #5823.
2013-01-17 10:46:34 +01:00
Jérémy Bobbio
aa01d0a183 Implement proposal 204: ignore subdomains in hidden service addresses
The implementation is pretty straightforward: parse_extended_hostname() is
modified to drop any leading components from an address like
'foo.aaaaaaaaaaaaaaaa.onion'.
2013-01-16 23:29:59 -05:00
Nick Mathewson
b998431a33 Merge branch '024_msvc_squashed'
Conflicts:
	src/or/or.h
	 srcwin32/orconfig.h
2013-01-16 22:32:12 -05:00
Nick Mathewson
b7cf7bd9ae Fix an instance of snprintf; don't use _snprintf directly 2013-01-16 22:29:39 -05:00
Nick Mathewson
5e06c4ee32 When building with MSVC, call every enum bitfield unsigned
Fixes bug 7305.
2013-01-16 22:29:39 -05:00
Nick Mathewson
ca3bc8973b use the /Fe flag with msvc
Fixes 7309
2013-01-16 22:29:39 -05:00
Nick Mathewson
fb497dfe9e Add missing objects to Makefile.nmake 2013-01-16 22:29:38 -05:00
Nick Mathewson
b7dd716195 Add missing includes and libs to makefile.nmake
Fixes bugs 7312 and 7310.
2013-01-16 22:29:38 -05:00
Nick Mathewson
ca18768fb2 Aftermath of isin->contains renaming
Fix wide lines and comments, and add a changes file
2013-01-16 16:57:32 -05:00
Nick Mathewson
49e619c1cf Rename *_isin to *_contains
This is an automatically generated commit, from the following perl script,
run with the options "-w -i -p".

  s/smartlist_string_num_isin/smartlist_contains_int_as_string/g;
  s/smartlist_string_isin((?:_case)?)/smartlist_contains_string$1/g;
  s/smartlist_digest_isin/smartlist_contains_digest/g;
  s/smartlist_isin/smartlist_contains/g;
  s/digestset_isin/digestset_contains/g;
2013-01-16 16:57:11 -05:00
Nick Mathewson
e4821fa14d Remove two extrneous semicolons in dirserv.c
In 6fbdf635 we added a couple of statements like:
    if (test) {
       ...
    };

The extraneous semicolons there get flagged as worrisome empty
statements by the cparser library, so let's fix them.

Patch by Christian Grothoff; fixes bug 7115.
2013-01-16 16:49:39 -05:00
Nick Mathewson
9bd811b337 Refactor: Use SOCK_ERRNO to avoid some #ifdef _WIN32s
Fixes ticket 6302
2013-01-16 15:30:20 -05:00
Nick Mathewson
65e6e68981 Merge branch 'bug7972' 2013-01-16 13:56:10 -05:00
Nick Mathewson
50f527a2c9 Actually link against nacl when we want to use it
Fixes more of bug 7972
2013-01-16 13:07:52 -05:00
Nick Mathewson
e53e6caac5 Adjust control_reason when adjusting reason (related to 7902) 2013-01-16 12:52:19 -05:00
Nick Mathewson
08de029a17 Removee dirrec-v*-sharestatistics
These were unused and sometimes inaccurate. Resolves 5823.
2013-01-16 12:43:00 -05:00
Nick Mathewson
d1b5ae903f When we get an END cell before CONNECTED, don't report SOCKS success
Bug 7902; fix on 0.1.0.1-rc.
2013-01-16 12:09:49 -05:00
Nick Mathewson
5ed8ac4e57 Merge remote-tracking branch 'asn/bug7896' 2013-01-16 11:41:37 -05:00
Nick Mathewson
4da083db3b Update the copyright date to 201. 2013-01-16 01:54:56 -05:00
Nick Mathewson
b5ce4f94c3 Forward-port fix for 7889 2013-01-15 16:33:53 -05:00
Nick Mathewson
938cb6a55e Merge remote-tracking branch 'origin/maint-0.2.3' 2013-01-15 16:30:26 -05:00
Roger Dingledine
6e4a4002c5 Clean up odds and ends 2013-01-15 15:40:17 -05:00
Nick Mathewson
beca92c31b Fix handling of ntor handshakes received via CREATE cells
Fixes bug 7959; bugfix on 0.2.4.8-alpha.
2013-01-15 00:41:09 -05:00
Nick Mathewson
ebf30613ea Better log message to diagnose #7959 2013-01-15 00:25:07 -05:00
Nick Mathewson
47122d1d25 Revert junk accidentally included with "start folding in the changes entries"
Looks like Roger's debugging code wanted to take a tour of the world
outside his sandbox.

This reverts part of commit 19d3720236.
2013-01-14 14:41:59 -05:00
Nick Mathewson
4ccf09b1c2 Reject create/begin/etc cells with {circ,stream}ID 0.
Otherwise, it's possible to create streams or circuits with these
bogus IDs, leading to orphaned circuits or streams, or to ones that
can cause bandwidth DOS problems.

Fixes bug 7889; bugfix on all released Tors.
2013-01-14 14:02:13 -05:00
Roger Dingledine
19d3720236 start folding in the changes entries 2013-01-14 13:34:59 -05:00
Nick Mathewson
c9242f4fd4 Merge branch 'bug7869' 2013-01-14 12:32:00 -05:00
George Kadianakis
50028e4d68 Mention name of the transport used when we learn the fpr of a bridge. 2013-01-09 15:52:35 +02:00
Mike Perry
d05ff310a5 Bug 7691 review fixes.
Also add in the random nonce generation.
2013-01-08 19:29:56 -08:00
Mike Perry
f60c25cd25 Bug 7341 code review fixes. 2013-01-08 18:12:38 -08:00
Mike Perry
15fdfc2993 Bug 7691: Send a probe cell down certain types of circs.
In general, if we tried to use a circ for a stream, but then decided to place
that stream on a different circuit, we need to probe the original circuit
before deciding it was a "success".

We also need to do the same for cannibalized circuits that go unused.
2013-01-08 17:28:08 -08:00
Mike Perry
3458d904f6 Fix bug 7341.
Fix cannibalize, rend circ and intro circ timeout handling.
2013-01-08 17:21:05 -08:00
Nick Mathewson
31d888c834 Make the = at the end of ntor-onion-key optional.
Makes bug 7869 more easily fixable if we ever choose to do so.
2013-01-05 22:53:32 -05:00
Nick Mathewson
677d18278e Better handling (I think) for onionskin timing w jumpy clocks
The fix: Instead of clipping huge/negative times, ignore them as
probably invalid.
2013-01-03 13:26:59 -05:00
Nick Mathewson
30e139389b Record and report the overhead of how we handle onionskins. 2013-01-03 13:20:20 -05:00
Nick Mathewson
b9fb01721a Use a TAILQ, not a singly-linked queue, for the onion queue.
This makes removing items from the middle of the queue into an O(1)
operation, which could prove important as we let onionqueues grow
longer.

Doing this actually makes the code slightly smaller, too.
2013-01-03 13:03:41 -05:00
Nick Mathewson
b0b3c14c11 Eliminate MaxOnionsPending; replace it with MaxOnionQueueDelay
The right way to set "MaxOnionsPending" was to adjust it until the
processing delay was appropriate.  So instead, let's measure how long
it takes to process onionskins (sampling them once we have a big
number), and then limit the queue based on its expected time to
finish.

This change is extra-necessary for ntor, since there is no longer a
reasonable way to set MaxOnionsPending without knowing what mix of
onionskins you'll get.

This patch also reserves 1/3 of the onionskin spots for ntor
handshakes, on the theory that TAP handshakes shouldn't be allowed to
starve their speedier cousins.  We can change this later if need be.

Resolves 7291.
2013-01-03 13:03:41 -05:00
Nick Mathewson
b1bdecd703 Merge branch 'ntor-resquashed'
Conflicts:
	src/or/cpuworker.c
	src/or/or.h
	src/test/bench.c
2013-01-03 11:52:41 -05:00
Nick Mathewson
d3de0b91fb Check all crypto_rand return values for ntor. 2013-01-03 11:29:49 -05:00
Nick Mathewson
94cb7bd24d Complete all DOCDOC entries from the ntor branch 2013-01-03 11:29:48 -05:00
Nick Mathewson
5f219ddd02 Use safe_mem_is_zero for checking curve25519 output for 0-ness
This should make the intent more explicit.  Probably needless, though.
2013-01-03 11:29:48 -05:00
Nick Mathewson
c46ff3ec79 Add reference implementation for ntor, plus compatibility test
Before I started coding ntor in C, I did another one in Python.
Turns out, they interoperate just fine.
2013-01-03 11:29:48 -05:00
Nick Mathewson
839016ac79 ntor: Don't fail fast server-side on an unrecognized KEYID(B) 2013-01-03 11:29:48 -05:00
Nick Mathewson
d907fca29b Make libcurve25519_donna get built as a .a
This lets us give it compiler flags differing from the rest of
libor-crypto.a
2013-01-03 11:29:47 -05:00
Nick Mathewson
ef13bf4432 Fix an unused-variable warning 2013-01-03 11:29:47 -05:00
Nick Mathewson
b286373908 Enable the ntor handshake on the client side.
"works for me"
2013-01-03 11:29:47 -05:00
Nick Mathewson
ecf88b16b8 Enable handling of create2/extend2/created2/extended2 2013-01-03 11:29:47 -05:00
Nick Mathewson
5c68a1efaa Don't check create cells too much when we're relaying them
We want to sanity-check our own create cells carefully, and other
people's loosely.
2013-01-03 11:29:47 -05:00
Nick Mathewson
1ed4786dba Implement scheme to allow ntor requests/responses via older servers 2013-01-03 11:29:47 -05:00
Nick Mathewson
115e8fe9a5 Use created_cell_format where appropriate 2013-01-03 11:29:47 -05:00
Nick Mathewson
6c69b16c93 Use new wrappers for making,sending,processing create/extend cells 2013-01-03 11:29:47 -05:00
Nick Mathewson
2802ccaeb6 Teach cpuworker and others about create_cell_t and friends
The unit of work sent to a cpuworker is now a create_cell_t; its
response is now a created_cell_t.  Several of the things that call or
get called by this chain of logic now take create_cell_t or
created_cell_t too.

Since all cpuworkers are forked or spawned by Tor, they don't need a
stable wire protocol, so we can just send structs.  This saves us some
insanity, and helps p
2013-01-03 11:29:46 -05:00
Nick Mathewson
5d15d597a9 Code to parse and format CREATE{,2,_FAST} cells and their allies
As elsewhere, it makes sense when adding or extending a cell type to
actually make the code to parse it into a separate tested function.

This commit doesn't actually make anything use these new functions;
that's for a later commit.
2013-01-03 11:29:46 -05:00
Nick Mathewson
18c7d3f157 Rename handshake_digest to rend_circ_nonce
The handshake_digest field was never meaningfully a digest *of* the
handshake, but rather is a digest *from* the handshake that we exapted
to prevent replays of ESTABLISH_INTRO cells.  The ntor handshake will
generate it as more key material rather than taking it from any part
of the circuit handshake reply..
2013-01-03 11:29:46 -05:00
Nick Mathewson
f58d4dfcd6 Massive refactoring of the various handshake types
The three handshake types are now accessed from a unified interface;
their state is abstracted from the rest of the cpath state, and so on.
2013-01-03 11:29:46 -05:00
Nick Mathewson
5fa1c7484c Refactor the CREATE_FAST handshake code to match the others. 2013-01-03 11:29:02 -05:00
Nick Mathewson
f7e590df05 Split onion.[ch] into onion{,_fast,_tap}.[ch]
I'm going to want a generic "onionskin" type and set of wrappers, and
for that, it will be helpful to isolate the different circuit creation
handshakes.  Now the original handshake is in onion_tap.[ch], the
CREATE_FAST handshake is in onion_fast.[ch], and onion.[ch] now
handles the onion queue.

This commit does nothing but move code and adjust header files.
2013-01-02 14:11:14 -05:00
Nick Mathewson
5b3dd1610c Wrangle curve25519 onion keys: generate, store, load, publish, republish
Here we try to handle curve25519 onion keys from generating them,
loading and storing them, publishing them in our descriptors, putting
them in microdescriptors, and so on.

This commit is untested and probably buggy like whoa
2013-01-02 14:11:14 -05:00
Nick Mathewson
6c883bc638 Move curve25519 keypair type to src/common; give it functions
This patch moves curve25519_keypair_t from src/or/onion_ntor.h to
src/common/crypto_curve25519.h, and adds new functions to generate,
load, and store keypairs.
2013-01-02 14:11:13 -05:00
Nick Mathewson
cf4dd5fbcb Implementat the ntor handshake
The ntor handshake--described in proposal 216 and in a paper by
Goldberg, Stebila, and Ustaoglu--gets us much better performance than
our current approach.
2013-01-02 14:10:49 -05:00
Nick Mathewson
ee4182612f Avoid spurious local-port warnings
Our old warn_nonlocal_client_ports() would give a bogus warning for
every nonlocal port every time it parsed any ports at all.  So if it
parsed a nonlocal socksport, it would complain that it had a nonlocal
socksport...and then turn around and complain about the nonlocal
socksport again, calling it a nonlocal transport or nonlocal dnsport,
if it had any of those.

Fixes bug 7836; bugfix on 0.2.3.3-alpha.
2013-01-02 10:37:03 -05:00
Sebastian Hahn
11e8a445c3 Fix a couple of harmless clang3.2 warnings 2012-12-31 18:23:28 +01:00
Nick Mathewson
5e22cfe2b4 Fix a crash bug when running an node without IPv6-exit support.
Fixes bug 7814; bugfix on 0.2.4.7-alpha.
2012-12-29 01:22:34 -05:00
Nick Mathewson
f272ee6a20 Fix an impossible-in-normal-operation leaks in dirvote
Spotted by coverity; partial fix for 7816; bugfix on 0.2.0.5-alpha.
2012-12-28 23:04:44 -05:00
Nick Mathewson
ee1d8dc480 Fix a leak-on-error case in 0.2.4 spotted by coverity
This one hits if the snprintf() fails when we're writing our IPv6
exit policy. It's new in 0.2.4.7-alpha. Part of bug 7816.
2012-12-28 22:59:32 -05:00
Nick Mathewson
d3aabf4db1 Fix various small leaks on error cases
Spotted by coverity, bug 7816, bugfix on various versions.
2012-12-28 22:49:32 -05:00
Nick Mathewson
b509ead20d Avoid leaking headers received from SSL proxy
Fixes part of 7816. Spotted by coverity. Fix on 0.2.2.1-alpha.
2012-12-28 22:45:53 -05:00
Nick Mathewson
4b571d3ab3 Fix memory leak in safe-cookie authentication code
Coverity spotted this. Bug 7816. Fix on 0.2.3.13-alpha.
2012-12-28 22:38:42 -05:00
Nick Mathewson
a7334f5122 Use log_fn_ratelim in a few places. 2012-12-26 11:07:15 -05:00
Nick Mathewson
127cb39ffc Rate-limit "No circuits are opened" message to once-per-hour
mr-4 reports on #7799 that he was seeing it several times per second,
which suggests that things had gone very wrong.

This isn't a real fix, but it should make Tor usable till we can
figure out the real issue.
2012-12-26 10:05:45 -05:00
Nick Mathewson
2e9be92cd7 Fix a possibly-unused-var warning. Thank you, GCC. 2012-12-25 23:37:41 -05:00
Nick Mathewson
01a09e8f86 Fix compilation warning: must not format u64 as long. 2012-12-25 23:34:38 -05:00
Nick Mathewson
8324824d8f Fix whitespace 2012-12-25 23:34:16 -05:00
Nick Mathewson
885e8d35c7 Merge remote-tracking branch 'mikeperry/209-path-bias-changes' 2012-12-25 23:30:28 -05:00
Nick Mathewson
0f9dfef9d6 Add configuration options for directory guards
In addition to all the other ways to make directory gurads not go,
you can now set UseEntryGuardsAsDirGuards to 0.
2012-12-25 23:14:43 -05:00
Nick Mathewson
0c4210fb65 Directory guard implementation.
Implements proposal 207; ticket 6526.
2012-12-25 23:14:43 -05:00
Nick Mathewson
1df7289000 Remember which of our guards are directory caches 2012-12-25 23:10:41 -05:00
Nick Mathewson
a7c6b4ab91 Split choosing a regular directory into its own fn 2012-12-25 23:10:41 -05:00
Nick Mathewson
25afecdbf9 Make ECDHE group configurable: 224 for public, 256 for bridges (default) 2012-12-25 20:22:46 -05:00
Nick Mathewson
175b2678d7 Let servers choose better ciphersuites when clients support them
This implements the server-side of proposal 198 by detecting when
clients lack the magic list of ciphersuites that indicates that
they're lying faking some ciphers they don't really have.  When
clients lack this list, we can choose any cipher that we'd actually
like.  The newly allowed ciphersuites are, currently, "All ECDHE-RSA
ciphers that openssl supports, except for ECDHE-RSA-RC4".

The code to detect the cipher list relies on on (ab)use of
SSL_set_session_secret_cb.
2012-12-25 20:14:07 -05:00
Nick Mathewson
8b5787ec0d When there are no dir_server_ts to choose, don't crash
It's important not to call choose_array_element_by_weight and then
pass its return value unchecked to smartlist_get : it is allowed to
return -1.

Fixes bug 7756; bugfix on 4e3d07a6 (not in any released Tor)
2012-12-18 21:32:53 -05:00
Mike Perry
406d59a9c9 Nick's Code review #3 part 2. 2012-12-18 14:16:01 -08:00
Mike Perry
b0fc18c37e Changes from Nick's code review 'part 1'
I think this is actually his third code review of this branch so far.
2012-12-18 13:26:36 -08:00
Nick Mathewson
7a99d26c79 Add packaged cell fullness to the heartbeat message.
This is an attempt to diagnose the severity of bug 7743.
2012-12-18 15:16:35 -05:00
Nick Mathewson
9b9cc6774f Merge branch 'ticket7570_7571'
Conflicts:
	src/or/routerlist.c
2012-12-17 15:49:09 -05:00
Nick Mathewson
4a07ea4a8c Drop the maximum attempts to get a virtual address to 1000.
This is good enough to give P_success >= 999,999,999/1,000,000,000 so
long as the address space is less than 97.95 full.  It'd be ridiculous
for that to happen for IPv6, and usome reasonable assumptions, it
would also be pretty silly for IPv4.
2012-12-17 14:51:31 -05:00
Nick Mathewson
4ded40b0ca Add missing doxygen for DNS and automap code 2012-12-17 14:51:31 -05:00
Nick Mathewson
8d080d0b01 Per-listener option to prefer IPv6 automaps when possible. 2012-12-17 14:51:30 -05:00
Nick Mathewson
de4cc126cb Build and test most of the machinery needed for IPv6 virtualaddrmaps
With an IPv6 virtual address map, we can basically hand out a new
IPv6 address for _every_ address we connect to.  That'll be cool, and
will let us maybe get around prop205 issues.

This uses some fancy logic to try to make the code paths in the ipv4
and the ipv6 case as close as possible, and moves to randomly
generated addresses so we don't need to maintain those stupid counters
that will collide if Tor restarts but apps don't.

Also has some XXXX items to fix to make this useful. More design
needed.
2012-12-17 14:51:29 -05:00
Nick Mathewson
963b3d1549 Refactor the code to check if an address is matched by automapsuffixes 2012-12-17 14:50:55 -05:00
Nick Mathewson
88d7312ff2 Fix another uninitialized var warning from GCC 2012-12-17 14:50:05 -05:00
Nick Mathewson
8969d9e0b6 Fixed an unused-variable warning 2012-12-17 14:50:05 -05:00
Nick Mathewson
8eb422e7bd Don't use the cache when changing an IP address because of an exit policy 2012-12-17 14:50:05 -05:00
Nick Mathewson
ac990aa44a Turn off by-default use of client-side DNS cacheing. 2012-12-17 14:50:04 -05:00
Nick Mathewson
7315a67646 Refactor port_cfg_t creation into a port_cfg_new() function
This function gives us a single place to set reasonable default flags
for port_cfg_t entries, to avoid bugs like the one where we weren't
setting ipv4_traffic_ok to 1 on SocksPorts initialized in an older
way.
2012-12-17 14:50:03 -05:00
Nick Mathewson
7536c40e96 Implement option to turn off DNS cache modification by a client port
(This is part 3 of making DNS cache use enabled/disabled on a
per-client port basis.  This implements the UseCacheIPv[46]DNS options)
2012-12-17 14:48:09 -05:00
Nick Mathewson
f33487668f Implement option to turn off DNS cache use on a client port
(This is part 2 of making DNS cache use enabled/disabled on a
per-client port basis.  This implements the CacheIPv[46]DNS options,
but not the UseCachedIPv[46] ones.)
2012-12-17 14:48:09 -05:00
Nick Mathewson
32219d8313 Oops: make the check for not adding ip->ip DNS maps correct 2012-12-17 14:48:09 -05:00
Nick Mathewson
d3e9e03cac Add options to turn DNS cache use on or off per client port.
(This is part 1 of making DNS cache use enabled/disabled on a
per-client port basis.  These options are shuffled around correctly,
but don't do anything yet.)
2012-12-17 14:48:08 -05:00
Nick Mathewson
44a9a47706 Oops; make DNSPort configuration take address family options 2012-12-17 14:48:08 -05:00
Nick Mathewson
3874e74b49 Avoid a 'may be used uninitialized' warning
Fixes bug 7746; bug not in any released version of Tor.
2012-12-17 11:14:12 -05:00
Nick Mathewson
b1ff8daeb5 Nuke uses of memcmp outside of unit tests
We want to be saying fast_mem{cmp,eq,neq} when we're doing a
comparison that's allowed to exit early, or tor_mem{cmp,eq,neq} when
we need a data-invariant timing.  Direct use of memcmp tends to imply
that we haven't thought about the issue.
2012-12-13 17:34:05 -05:00
Nick Mathewson
6a468a1722 Fix two wide lines in config.c 2012-12-13 12:44:17 -05:00
Nick Mathewson
01ac961ca1 Merge branch 'fallback_dirsource_v3' 2012-12-13 12:42:29 -05:00
Mike Perry
ccaeef22e1 Tags on relay cells can result in certain reason codes.
Close the circuit (it's probably junk anyways), and make sure we don't probe
it/count it as a success.
2012-12-11 17:49:12 -08:00
Mike Perry
af9011f824 Woops, this log message triggers with the 2-hop bias commit. 2012-12-11 17:19:39 -08:00
Mike Perry
c1bc6a1124 Add a missing comment. 2012-12-10 00:36:10 -08:00
Mike Perry
d409c8a90d More log message and space fixups. 2012-12-10 00:28:07 -08:00
Mike Perry
aa16d59ee7 Clean up some XXX comments. 2012-12-09 23:50:05 -08:00
Mike Perry
4590993ff3 Space fixes. 2012-12-09 23:47:04 -08:00
Mike Perry
b75880d7b3 Fix a rather serious use-count state bug.
We need to use the success count or the use count depending on the consensus
parameter.
2012-12-09 20:56:48 -08:00
Mike Perry
2dbb62f1b5 Convert to doubles for all pathbias state.
Let's hope this solves the rounding error issue..
2012-12-09 20:53:22 -08:00
Mike Perry
ab1fce5c19 Also shorten circuit_successes to circ_successes.
For consistency and great justice.

Ok, mostly consistency.
2012-12-09 20:24:50 -08:00
Mike Perry
a90f165b83 Rename first_hop to circ_attempt.
Since we've generalized what we can count from (first or second hop), we
should generalize the variable and constant naming too.
2012-12-09 20:24:22 -08:00
Mike Perry
04866055e8 Change from first hop accounting to 2nd hop accounting
This has several advantages, including more resilience to ambient failure.

I still need to rename all the first_hop vars tho.. Saving that for a separate
commit.
2012-12-09 20:02:41 -08:00
Mike Perry
fbbf894d4d Add intro+rend cannibalize param.. 2012-12-09 20:02:08 -08:00
Mike Perry
930fbb2fec Flag cannibalized circs as used (non-ideal).
Also add some comments.
2012-12-09 19:18:04 -08:00
Mike Perry
686fc22259 Allow any valid 'end' cell to mean a circuit was used successfully.
Also improve some log messages.
2012-12-08 16:37:22 -08:00
Mike Perry
b599a6ed07 Sadly, we can't safely count client intro circ success 2012-12-08 14:16:29 -08:00
Mike Perry
5f733ccd73 Fix some hidden service edge cases. 2012-12-08 12:07:58 -08:00
Mike Perry
26fa47226c Refactor path use bias code into own function.
Also, improve and log some failure cases.
2012-12-07 17:47:23 -08:00
Mike Perry
c3b71a3fc9 Actually, both nacks and acks indicate a valid path 2012-12-07 15:50:31 -08:00
Mike Perry
dc86d7c35b Note more potential issues. 2012-12-07 15:28:38 -08:00
Mike Perry
ecaeb505fa Note a strange case for SOCKS streams. 2012-12-07 15:28:38 -08:00
Mike Perry
7a28862d56 Fix another crash bug. 2012-12-07 15:28:38 -08:00
Mike Perry
721f7e3751 Fix a crash bug and pass down a remote reason code.
Unexpected channel closures count as remote circ failures.
2012-12-07 15:28:38 -08:00
Mike Perry
9b40466072 Document that care needs to be taken with any_streams_attached. 2012-12-07 15:28:38 -08:00
Mike Perry
c3028edba6 Remove n_chan codepaths for determinining guard.
Cpath is apparently good enough.
2012-12-07 15:28:38 -08:00
Mike Perry
a630726884 Move a pathbias function that depends on entryguard_t. 2012-12-07 15:28:38 -08:00
Mike Perry
7f8cbe389d Fix a crash due to NULL circ->n_chan.
Is this redundant? Can we always rely on circ->cpath->extend_info
being present for origin circuits?
2012-12-07 15:28:38 -08:00
Mike Perry
428fbfc1d5 Prop209: Rend circuits weren't ever marked dirty. 2012-12-07 15:28:38 -08:00
Mike Perry
aa0e6e2c03 Prop 209: Add in hidserv path bias counts for usage. 2012-12-07 15:28:38 -08:00
Mike Perry
412ae099cb Prop 209: Add path bias counts for timeouts and other mechanisms.
Turns out there's more than one way to block a tagged circuit.

This seems to successfully handle all of the normal exit circuits. Hidden
services need additional tweaks, still.
2012-12-07 15:28:38 -08:00
Mike Perry
da5c398d79 Be explicit about units for timeout. 2012-12-07 15:28:37 -08:00
Mike Perry
ef1b830ef8 Fix an assert crash and an incorrectly placed return. 2012-12-07 15:28:37 -08:00
Mike Perry
bb548134cd Update with code review changes from Nick. 2012-12-07 15:28:37 -08:00
Mike Perry
192996690c Fix spaces. 2012-12-07 15:28:37 -08:00
Mike Perry
a54873648f Refactor pathbias functions to use pathbias_should_count. 2012-12-07 15:28:37 -08:00
Mike Perry
ab9c83c949 Update Path Bias log messages to match Proposal 209. 2012-12-07 15:28:37 -08:00
Mike Perry
9bf5582e73 Add log message checks for different rates.
May want to squash this forward or back..
2012-12-07 15:28:37 -08:00
Mike Perry
248fbc3619 Update pathbias parameters to match Proposal 209.
Needs manpage update and testing still..
2012-12-07 15:28:37 -08:00
Mike Perry
954f263ed5 Add the ability to count circuit timeouts for guards.
This is purely for informational reasons for debugging.
2012-12-07 15:28:36 -08:00
Nick Mathewson
c8056dcbbb Fix some wide lines 2012-12-07 14:14:20 -05:00
Nick Mathewson
3fa9151f26 Merge branch 'win64-7260'
Conflicts:
	src/or/dns.c
2012-12-07 14:12:17 -05:00
Nick Mathewson
cd4f56a37c Fix infinite loop in circuit_expire_bulding
Fixes bug 7663; bug introduced in 42e3c04a7a.  Not in any
released version of Tor.
2012-12-07 14:08:07 -05:00
Nick Mathewson
025dc19b63 Merge remote-tracking branch 'public/bug6887' 2012-12-07 11:02:27 -05:00
Mike Perry
42e3c04a7a Bug 3443: Don't count ORconn setup in circuit build time.
Also, add a hack Roger suggested where we're more patient if no circuits are
opened yet.
2012-12-07 10:34:09 -05:00
Nick Mathewson
f742b33d85 Drop FallbackNetworkstatusFile; it never worked. 2012-12-06 11:28:49 -05:00
Nick Mathewson
a8d491a8fd Add an option to weight down authorities when choosing a fallback 2012-12-06 11:28:49 -05:00
Nick Mathewson
06cd62266f Add a way to configure selection weights for dir_server_t 2012-12-06 11:28:49 -05:00
Nick Mathewson
4e3d07a68a When choosing among dirserver_ts, consider their weights 2012-12-06 11:28:49 -05:00
Nick Mathewson
90f6071d8d New FallbackDir option to add extra directories for bootstraping
This replaces the old FallbackConsensus notion, and should provide a
way -- assuming we pick reasonable nodes! -- to give clients
suggestions of placs to go to get their first consensus.
2012-12-06 11:28:49 -05:00
Nick Mathewson
46a62e3256 Refactor add_trusted_dir_server
Now creating a dir_server_t and adding it are separate functions, and
there are frontend functions for adding a trusted dirserver and a
fallback dirserver.
2012-12-06 11:28:48 -05:00
Nick Mathewson
705ee3b5d4 Rename trusted_dir_server_t to dir_server_t. Automatic renaming. 2012-12-06 11:27:20 -05:00
Nick Mathewson
ded70363a7 Rename DirServer to DirAuthority 2012-12-06 11:23:43 -05:00
Nick Mathewson
5c51b3f1f0 Start refactoring trusted_dir_servers into trusted and fallback lists
We use trusted_dir_server_t for two pieces of functionality: a list of
all directory authorities, and a list of initial places to look for
a directory.  With this patch we start to separate those two roles.

There is as of now no actual way to be a fallback directory without being
an authority.
2012-12-06 11:23:43 -05:00
Nick Mathewson
404e3dd481 Correct moribund logic about caching v2 networkstatuses 2012-12-06 11:15:01 -05:00
Nick Mathewson
194cc24792 Make output of router_get_trusted_dir_servers const 2012-12-06 11:15:01 -05:00
Nick Mathewson
6921d1fd25 Implement HKDF from RFC5869
This is a customizable extract-and-expand HMAC-KDF for deriving keys.
It derives from RFC5869, which derives its rationale from Krawczyk,
H., "Cryptographic Extraction and Key Derivation: The HKDF Scheme",
Proceedings of CRYPTO 2010, 2010, <http://eprint.iacr.org/2010/264>.

I'm also renaming the existing KDF, now that Tor has two of them.

This is the key derivation scheme specified in ntor.

There are also unit tests.
2012-12-06 01:54:09 -05:00
Nick Mathewson
bd93ff8dd7 Merge remote-tracking branch 'asn/bug7592_take2' 2012-12-04 21:47:45 -05:00
George Kadianakis
c01dfd5d7b Return connection_exit_connect() if payload creation failed.
Fixes bug #7592; bugfix on 882b389668.

The bug is not present in any released versions of Tor.
2012-12-05 04:32:11 +02:00
Roger Dingledine
e899d49e2f fix some typos 2012-12-03 13:33:43 -05:00
Nick Mathewson
190c1d4981 Merge branch 'bug7013_take2_squashed' 2012-11-27 22:18:16 -05:00
George Kadianakis
6f21d2e496 Introduce tor_addr_port_parse() and use it to parse ServerTransportListenAddr. 2012-11-27 22:18:08 -05:00
George Kadianakis
f88c303869 Add a torrc option to specify the bind address of managed proxies. 2012-11-27 22:18:08 -05:00
Nick Mathewson
267c0e5aa1 Make sure that the error in ADDRMAP events is well-formed
"error=Unable to launch resolve request" is not a nice thing to tell
the controller.  Bugfix on 0.2.0.19-alpha (c11c48fc).
2012-11-23 11:36:44 -05:00
Nick Mathewson
06703f84df Minor documentation fix 2012-11-23 10:51:11 -05:00
Nick Mathewson
864e15cd1c In comments and logs, say "UTC" not "GMT"
Fix for #6113.

Note that the RFC1123 times we generate still all say 'GMT'.  I'm
going to suggest this is not worth changing.
2012-11-23 10:05:16 -05:00
Nick Mathewson
ea893a3c30 Merge branch 'bug7493_redux' 2012-11-18 18:46:57 -05:00
Nick Mathewson
bfe8d829c2 Initialize ipv{4,6}_traffic_ok in entry_connection_new
This one is necessary for sending BEGIN cells with sane flags when
self-testing a directory port.  All real entry connections were
getting their ipv{4,6}_traffic_ok flags set from their listeners, and
for begindir entry connections we didn't care, but for directory
self-testing, we had a problem.

Fixes at least one more case of 7493; if there are more lingering
cases of 7493, this might fix them too.

Bug not in any released version of Tor.
2012-11-18 17:15:41 -05:00
Roger Dingledine
06d367ea36 when counting available descs, say whether we're counting exits 2012-11-16 11:38:56 -05:00
Nick Mathewson
ecb619d96b Give useful warning when both IPv4 and IPv6 are disabled on a socksport 2012-11-15 22:58:54 -05:00
Nick Mathewson
28cbe90839 Allow IPv4 traffic on default and old-style-config SocksPorts.
Looks like when i was writing the code to set the ipv4_traffic flag on
port_cfg_t, I missed some cases, such as the one where the port was
set from its default value.

Fix for 7493. Bug not in any released Tor.
2012-11-15 22:49:43 -05:00
Nick Mathewson
1e46952f36 Set IPv4/IPv6 flags correctly when being a SOCKS client 2012-11-15 13:00:19 -05:00
Nick Mathewson
a4fce0fee8 Remove some XXXX commens in dns.c
Previously, I was freaking out about passing an unspec address to
dns_found_answer() on an error, since I was using the address type to
determine whether the error was an error on an ipv4 address lookup or
on an ipv6 address lookup.  But now dns_found_answer() has a separate
orig_query_type argument to tell what kind of query it is, so there's
no need to freak out.
2012-11-15 12:17:36 -05:00
Nick Mathewson
12f997528d Fix up some comments in connection_edge.c 2012-11-15 12:17:30 -05:00
Nick Mathewson
e3ceac38d9 Add another missing function doc 2012-11-14 23:16:58 -05:00
Nick Mathewson
d643487cc2 Initial support for AAAA requests on DNSPort.
This is imperfect, since it sends back whatever we would send to
a socks RESOLVE request, when in reality we should send back whatever
was asked for.
2012-11-14 23:16:58 -05:00
Nick Mathewson
053f2cb7c8 Let tor-resolve generate PTR requests for IPv6 addresses 2012-11-14 23:16:57 -05:00
Nick Mathewson
50af1087c4 Accept reverse resolve requests for IPv6 addresses 2012-11-14 23:16:57 -05:00
Nick Mathewson
0f899518cf Make DNS resolve requests work for IPv6
* If there's an IPv4 and an IPv6 address, return both in the resolved
  cell.
* Treat all resolve requests as permitting IPv6, since by the spec they're
  allowed to, and by the code that won't break anything.
2012-11-14 23:16:57 -05:00
Nick Mathewson
bb2145b45b Fix a bug in policy_is_reject_star() that was making IPv4 exits break
IPv4-only exits have an implicit "reject [::]/0", which was making
policy_is_reject_star() return 1 for them, making us refuse to do
hostname lookups.

This fix chanes policy_is_reject_star() to ask about which family we meant.
2012-11-14 23:16:57 -05:00
Nick Mathewson
85e8d35fca Add some missing doxygen for ipv6 exit code 2012-11-14 23:16:57 -05:00
Nick Mathewson
882b389668 Actually send back correctly-formed IPv6 CONNECTED cells
We had some old code to send back connected cells for IPv6 addresses,
but it was wrong.  Fortunately, it was also unreachable.
2012-11-14 23:16:41 -05:00
Nick Mathewson
6b36142bcc Remove some unused defines in dns.c 2012-11-14 23:16:40 -05:00
Nick Mathewson
7197c9f14a Repair DNS NEXIST hijacking workaround
The code previously detected wildcarding and replaced wildcarded
answers with DNS_STATUS_FAILED_PERMANENT.  But that status variable
was no longer used!  Remove the status variable, and instead change
the value of 'result' in evdns_callback.

Thank goodness for compiler warnings. In this case,
unused-but-set-variable.

Thanks to Linus for finding this one.
2012-11-14 23:16:40 -05:00
Nick Mathewson
363cf02455 Implement a PreferIPv6 flag for SocksPorts 2012-11-14 23:16:40 -05:00
Nick Mathewson
c4830bfbe2 Define a wrapper for evdns_base_resolve_ipv6 for systems w/o libevent 2 2012-11-14 23:16:40 -05:00
Nick Mathewson
35ce42118f Make address_is_invalid_destination recognize ipv6 addrs as valid. 2012-11-14 23:16:40 -05:00
Nick Mathewson
1cc7736575 Actually generate microdescriptors with p6 lines. 2012-11-14 23:16:40 -05:00
Nick Mathewson
54ee7ff148 Remove a since-fixed XXX; improve a doxygen comment 2012-11-14 23:16:40 -05:00
Nick Mathewson
004f3f4e53 Actually advertise IPv6 exit policies.
I have a theory that my tests will work better if the code I'm testing
isn't disabled.
2012-11-14 23:16:40 -05:00
Nick Mathewson
2889bd2642 Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result.  As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit.  Once
we have answers or errors for both, we act accordingly.

This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.

Additionally, have a new interface for the argument passed to the
evdns_callback function.  Previously, it was just the original address
we were resolving.  But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.

The new convention is to have the first byte of that argument include
the query type.  I've refactored the code a bit to make that simpler.
2012-11-14 23:16:25 -05:00
Nick Mathewson
a58e17bcc3 Change signature of router_compare_to_my_exit_policy so dns can use it
Also, fix the function so it actually looks at our ipv6 exit policy.
2012-11-14 23:16:25 -05:00
Nick Mathewson
25cf286fb1 Whitespace cleanup 2012-11-14 23:16:24 -05:00
Nick Mathewson
0487c0d579 Reindent a block in dns.c 2012-11-14 23:16:24 -05:00
Nick Mathewson
807b781a3d Actually send BEGIN cell flags
This uses advertised IPv6 ports as an implicit version check.
2012-11-14 23:16:24 -05:00
Nick Mathewson
93591383a9 When asking for a specific address type, others aren't acceptable 2012-11-14 23:16:24 -05:00
Nick Mathewson
d276894772 I think it is correct to decorate these addresses. 2012-11-14 23:16:24 -05:00
Nick Mathewson
6e27282dab Better checking of exit policies for connections by hostname 2012-11-14 23:16:24 -05:00
Nick Mathewson
5ee1de65b0 Only send begin cell flags when we have some to send 2012-11-14 23:16:24 -05:00
Nick Mathewson
a62c03fe2c Never support IPv6 traffic on a SOCKS4 connection. 2012-11-14 23:16:24 -05:00
Nick Mathewson
cac5335195 Get the client side of receiving an IPv6 address to work
This makes it so we can handle getting an IPv6 in the 3 different
formats we specified it for in RESOLVED cells,
END_STREAM_REASON_EXITPOLICY cells, and CONNECTED cells.

We don't cache IPv6 addresses yet, since proposal 205 isn't
implemented.

There's a refactored function for parsing connected cells; it has unit
tests.
2012-11-14 23:16:23 -05:00
Nick Mathewson
93dc7dcf41 Reject IPv4 or IPv6 addresses from the user depending on SOCKS settings 2012-11-14 23:16:23 -05:00
Nick Mathewson
111321ed16 Rename ipv{4,6}_only to bind_ipv{4,6}_only
This is to avoid confusion with the ipv{4,6}_traffic flags.
2012-11-14 23:16:23 -05:00
Nick Mathewson
4bec25c3cd Add {No,}IPv{4,6}Traffic options to SOCKSPort
These options are for telling the SOCKSPort that it should allow or
not allow connections to IPv4/IPv6 addresses.

These aren't implemented yet; this is just the code to read the
options and get them into the entrey_connection_t.
2012-11-14 23:16:23 -05:00
Nick Mathewson
b7843ca554 Make DNS callback pass IPv6 answers to dns_answer_found
Also, count ipv6 timeouts vs others.  If we have too many ipv6
requests time out, then we could be degrading performance because of a
broken DNS server that ignores AAAA requests.  Other cases in which
we never learn an AAAA address aren't so bad, since they don't slow
A (ipv4) answers down very much.
2012-11-14 23:16:23 -05:00
Nick Mathewson
00633b9446 Make dns wildcarding checks work for ipv6 2012-11-14 23:16:22 -05:00
Nick Mathewson
9016d9e829 Add an IPv6Exit configuration option
Don't advertise an IPv6 exit policy, or accept IPv6 exit requests,
if IPv6Exit is not true.
2012-11-14 23:16:22 -05:00
Nick Mathewson
c3faa0ebd5 Simplest version of server-side IPv6 support (no dns)
This is a relatively simple set of changes: we mostly need to
remove a few "but not for IPv6" changes.  We also needed to tweak
the handling of DNS code to generate RESOLVED cells that could get
an IPv6 answer in return.
2012-11-14 23:16:22 -05:00
Nick Mathewson
c64ee7099f Record, send, and receive flags in BEGIN cells 2012-11-14 23:16:22 -05:00
Nick Mathewson
b35a0d1132 Add IPv6 support to compare_to_addr_to_node_policy 2012-11-14 23:16:22 -05:00
Nick Mathewson
04ea550141 Authorities put p6 lines into microdescriptors. 2012-11-14 23:16:22 -05:00
Nick Mathewson
c53adac122 Parse IPv6 policy summaries from router descriptors and microdescs 2012-11-14 23:16:22 -05:00
Nick Mathewson
a96c0affcb Better policy support for IPv6
Now, "accept *:80" means "accept all addresses on port 80", and not
just IPv4.  For just v4, say "accept *4:80"; for just v6 say "accept
*6:80".

We can parse these policies from torrc just fine, and we should be
successfully keeping them out of descriptors for now.

We also now include appropriate IPv6 addresses in "reject private:*"
2012-11-14 23:16:21 -05:00
Nick Mathewson
2eb7eafc9d Add a new family-specific syntax for tor_addr_parse_mask_ports
By default, "*" means "All IPv4 addresses" with
tor_addr_parse_mask_ports, so I won't break anything.  But if the new
EXTENDED_STAR flag is provided, then * means "any address", *4 means
"any IPv4 address" (that is, 0.0.0.0/0), and "*6" means "any IPv6
address" (that is, [::]/0).

This is going to let us have a syntax for specifying exit policies in
torrc that won't drive people mad.

Also, add a bunch of unit tests for tor_addr_parse_mask_ports to test
these new features, and to increase coverage.
2012-11-14 23:16:21 -05:00
Nick Mathewson
462ebb270a Refactor begin cell parsing into its own function, with tests.
Add 'flags' argument to begin cells, per proposal 208.
2012-11-14 23:16:21 -05:00
Nick Mathewson
ca8843df0a Refactor client_dns_set_{reverse_,}addressmap() to take a circ
We'd like these functions to be circuit-relative so that we can
implement a per-circuit DNS cache and per-circuit DNS cache rules for
proposal 205 or its successors.  I'm doing this now, as a part of the
IPv6 exits code, since there are about to be a few more instances
of code using this.
2012-11-14 23:16:21 -05:00
Nick Mathewson
7908ab2093 Move address map into its own file. 2012-11-14 23:16:20 -05:00
Andrea Shepard
2cb82c33bc Merge branch 'bug7267' of ssh://git-rw.torproject.org/user/andrea/tor 2012-11-13 18:54:24 -08:00
Andrea Shepard
3db3daa663 Add comment explaining different channel close functions 2012-11-13 18:50:37 -08:00
Nick Mathewson
02a43e5eb6 Merge remote-tracking branch 'public/bug7059' 2012-11-13 21:50:07 -05:00
Andrea Shepard
7ab3004223 Call channel_mark_for_close() properly in hibernate_go_dormant() 2012-11-13 13:45:00 -08:00
Roger Dingledine
a90affa84b Merge branch 'maint-0.2.3' 2012-11-12 23:49:37 -05:00
Roger Dingledine
88bb48e785 use a more logical operator
Fix a harmless bug when opting against publishing a relay descriptor
because DisableNetwork is set.

Fixes bug 7464; bugfix on 0.2.3.9-alpha.
2012-11-12 23:47:21 -05:00
Nick Mathewson
f473d83dea Possible fix for bug 7212
This is the simplest possible workaround: make it safe to call
circuit_cell_queue_clear() on a non-attached circuit, and make it
safe-but-a-LD_BUG-warning to call update_circuit_on_cmux() on a
non-attached circuit.

 LocalWords:  unstage src Untracked
2012-11-12 08:28:09 -05:00
Andrea Shepard
0523c8de7d Merge branch 'check_for_orconn_on_close_squashed' of ssh://git-rw.torproject.org/user/andrea/tor 2012-11-10 03:24:41 -08:00
Andrea Shepard
99e82cab30 Make everything in connection.c that uses connection_or_notify_error() also use connection_mark_and_close_internal() to avoid spurious warnings 2012-11-10 02:35:47 -08:00
Andrea Shepard
8124398835 Check for orconns in connection_mark_for_close and connection_mark_and_flush, and pass the call through channel_close_for_error with a warning to avoid asserts 2012-11-10 02:35:47 -08:00
Nick Mathewson
713736a6a7 Fix a memory leak in handling errors on CERTS cells. bug 7422 2012-11-08 23:01:39 -05:00
Nick Mathewson
e1c7d12b1d Turn some memset()s introduced in tor 0.2.4 into memwipe()s 2012-11-08 17:00:36 -05:00
Nick Mathewson
81deddb08c Merge remote-tracking branch 'origin/maint-0.2.3'
Conflicts:
	src/common/crypto.c
	src/or/rendservice.c
2012-11-08 16:48:04 -05:00
Nick Mathewson
49dd5ef3a3 Add and use and unlikely-to-be-eliminated memwipe()
Apparently some compilers like to eliminate memset() operations on
data that's about to go out-of-scope.  I've gone with the safest
possible replacement, which might be a bit slow.  I don't think this
is critical path in any way that will affect performance, but if it
is, we can work on that in 0.2.4.

Fixes bug 7352.
2012-11-08 16:44:50 -05:00
Andrea Shepard
9f3f5372b8 Merge branch 'bug7350' of ssh://git-rw.torproject.org/user/andrea/tor 2012-11-07 11:43:04 -08:00
Nick Mathewson
8e8c0674c4 Implement proposal-214 rules for CircID checking. 2012-11-06 21:33:53 -05:00
Nick Mathewson
1c0e87f6d8 Add a pointless 2-byte memset in cell_pack
There is probably no code that can write the 2 bytes at the end of the
packed_cell_t when the cell is only a 512-byte cell, but let's not get
overconfident there.
2012-11-06 21:24:05 -05:00
Nick Mathewson
bfffc1f0fc Allow a v4 link protocol for 4-byte circuit IDs.
Implements proposal 214.

Needs testing.
2012-11-06 21:23:46 -05:00
Andrea Shepard
80eb03ae0a Don't call channel_send_destroy() when closing a circuit on a closing channel 2012-11-06 17:58:59 -08:00
Andrea Shepard
688cea7248 Check for closing channel in channel_send_destroy() 2012-11-06 17:52:14 -08:00
Nick Mathewson
cd054ceada Merge branch 'bug7285' 2012-11-06 18:02:03 -05:00
George Kadianakis
a9f786758d Add warning message when a managed proxy dies during configuration. 2012-11-06 17:53:09 -05:00
Nick Mathewson
11c467f643 Fix a stupid logic-error in warnings about low ports.
Instead of warning about low ports that are advertised, we should have
been warning about low ports that we're listening on.  Bug 7285, fix
on 0.2.3.9-alpha.
2012-11-06 17:15:39 -05:00
Nick Mathewson
0e8be13b9f Allow an optional $ in GETINFO ns/id/<identity>
That's not where I'd want to put a $, but apparently the other
foo/id/<identity> things allow it, as does an arguably valid
interpretation of control-spec.txt.  So let's be consistent.

Fix for a piece of bug 7059.
2012-11-04 22:12:11 -05:00
Nick Mathewson
39a0a2c3ae Merge remote-tracking branch 'asn/bug7292' 2012-11-04 21:54:19 -05:00
Nick Mathewson
2b781613b0 Whitespace fixes 2012-11-04 21:52:28 -05:00
Nick Mathewson
98204729aa Clean up nonsensical calling convention for config_load_geoip_file_
(How many "load a file" functions do you typically see where the
function frees the filename argument?)
2012-11-04 21:51:02 -05:00
Nick Mathewson
626a8b60d7 Merge remote-tracking branch 'linus/bug5053-bug5055'
Conflicts:
	src/or/geoip.c
2012-11-04 21:44:31 -05:00
George Kadianakis
37f8a2263e Use LOG_WARN instead of LOG_PROTOCOL_WARN when parsing transport lines. 2012-11-02 23:48:53 +02:00
Nick Mathewson
1bfda600c3 Add a TOR_SOCKET_T_FORMAT construction for logging sockets.
We need this since win64 has a 64-bit SOCKET type.

Based on a patch from yayooo for 7260, forward-ported to 0.2.4.
2012-11-02 14:22:21 -04:00
Nick Mathewson
05194cce62 Avoid c99 designated initializers in circuitmux_ewma.c
We still want to build on compilers w/o c99 support, such as
(notoriously, shamefully) MSVC.

So I'm commenting out the designated initializers in
circuitmux_ewma.c.  The alternative would have been to use some kind
of macros to use designated initializers only when they're
supported, but that's error-prone, and can lead to code having
different meanings under different compilers.

Bug 7286; fix on 0.2.4.4-alpha; spotted by Gisle Vanem.
2012-11-02 13:14:39 -04:00
Linus Nordberg
ffddd4de2a Change some comments to reflect the multitude of GeoIP databases. 2012-10-31 16:38:07 +01:00
Nick Mathewson
9327a9f607 Fix whitespace 2012-10-31 11:27:13 -04:00
Linus Nordberg
e7e68b80a7 Don't memcmp struct in6_addr but rather its s6_addr member. 2012-10-31 15:52:56 +01:00
Linus Nordberg
6a241ff3ff Duplicate less code. 2012-10-31 13:58:55 +01:00
Andrea Shepard
be37125030 Merge branch 'bsd_queue' of ssh://git-rw.torproject.org/nickm/tor 2012-10-30 14:39:14 -07:00
Nick Mathewson
c442d85439 Fix a remotely triggerable assertion failure (CVE-2012-2250)
If we completed the handshake for the v2 link protocol but wound up
negotiating the wong protocol version, we'd become so confused about
what part of the handshake we were in that we'd promptly die with an
assertion.

This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha.
All servers running that version or later should really upgrade.

Bug and fix from "some guy from France."  I tweaked his code slightly
to make it log the IP of the offending node, and to forward-port it to
0.2.4.
2012-10-23 23:09:21 -04:00
Nick Mathewson
758428dd32 Fix a remotely triggerable assertion failure (CVE-2012-2250)
If we completed the handshake for the v2 link protocol but wound up
negotiating the wong protocol version, we'd become so confused about
what part of the handshake we were in that we'd promptly die with an
assertion.

This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha.
All servers running that version or later should really upgrade.

Bug and fix from "some guy from France."  I tweaked his code slightly
to make it log the IP of the offending node.
2012-10-23 22:58:38 -04:00
Roger Dingledine
4c06a804d9 Merge branch 'maint-0.2.3' 2012-10-23 17:26:07 -04:00
Roger Dingledine
2ecee3fce2 Let 0.2.3 clients exit to internal addresses if they want
Clients now consider the ClientRejectInternalAddresses config option
when using a microdescriptor consensus stanza to decide whether
an exit relay would allow exiting to an internal address. Fixes
bug 7190; bugfix on 0.2.3.1-alpha.
2012-10-23 17:18:01 -04:00
Roger Dingledine
e17fd57782 fix typo 2012-10-23 17:15:28 -04:00
Nick Mathewson
98c24670e7 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-23 16:28:34 -04:00
Nick Mathewson
85659d3964 Fix parse_short_policy (bug 7192.)
Our implementation of parse_short_policy was screwed up: it would
ignore the last character of every short policy.  Obviously, that's
broken.

This patch fixes the busted behavior, and adds a bunch of unit tests
to make sure the rest of that function is okay.

Fixes bug 7192; fix on 0.2.3.1-alpha.
2012-10-23 13:49:48 -04:00
Roger Dingledine
4c8b58f900 add a unit test to expose bug 7192 2012-10-22 17:09:43 -04:00
Nick Mathewson
848333c6d6 Fix more madness from the split_circuitbuild merge 2012-10-22 14:36:30 -04:00
Nick Mathewson
fa6a65756f Kill extraneous x from 907db008ab
Looks like clang doesn't complain about this kind of thing.

Spotted by Andrea.  Bug not in any released version.
2012-10-22 14:29:15 -04:00
Nick Mathewson
86258df65d Merge branch 'split_circuitbuild'
Conflicts:
	src/or/circuitbuild.c

There was a huge-looking conflict in circuitbuild.c, but the only
change that had been made to circuitbuild.c since I forked off the
split_circuitbuild branch was 17442560c4.  So I took the
split_circuitbuild version of the conflicting part, and manually
re-applied the change from 17442560c44e8093f9a..
2012-10-22 11:35:32 -04:00
Linus Nordberg
8c9b427425 Name variables more consistently. 2012-10-22 12:36:34 +02:00
Linus Nordberg
9d71d97e9d Document two functions. 2012-10-22 12:24:29 +02:00
Linus Nordberg
172aac62ed Rename C reserved identifiers missed before. 2012-10-20 20:56:59 +02:00
Linus Nordberg
cb51807236 Add "IPVersions" to control command "status/clients-seen". 2012-10-20 20:56:59 +02:00
Linus Nordberg
af175fa7e4 Duplicate less code. 2012-10-20 20:56:59 +02:00
Linus Nordberg
817ff962f8 Separate IPv4 and IPv6 geoip file loading.
Also add IPv6 geoip file digest to extra info.

Also also, add support for IPv6 addresses in control command
"ip-to-country".
2012-10-20 20:56:59 +02:00
Nick Mathewson
e8f547c181 Merge branch 'block_renegotiate_024' 2012-10-19 14:32:42 -04:00
Nick Mathewson
1cc06bd35e Merge branch 'block_renegotiate_023' into maint-0.2.3 2012-10-19 14:30:31 -04:00
Nick Mathewson
0dac0d8ad6 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-19 03:06:15 -04:00
Robert Ransom
d3bfdd6108 Don't serve or accept v2 HS descs over a DirPort
(changes file tweaked by nickm)
2012-10-19 02:56:25 -04:00
Andrea Shepard
981f25a73a Factor out common parts of channel_tls_connect() and channel_tls_handle_incoming(); fixes get_remote_addr problem with incoming connections for bug 7112 2012-10-18 21:53:50 -04:00
Nick Mathewson
3d8b73db55 Discard extraneous renegotiation attempts in the v3 link protocol
Failure to do so left us open to a remotely triggerable assertion
failure. Fixes CVE-2012-2249; bugfix on 0.2.3.6-alpha. Reported by
"some guy from France".

This patch is a forward-port to 0.2.4, to work with the new channel
logic.
2012-10-17 19:19:58 -04:00
Nick Mathewson
f357ef9dcc Discard extraneous renegotiation attempts in the v3 link protocol
Failure to do so left us open to a remotely triggerable assertion
failure. Fixes CVE-2012-2249; bugfix on 0.2.3.6-alpha. Reported by
"some guy from France".
2012-10-17 19:18:16 -04:00
Nick Mathewson
850c990144 Fix a bug in channel_dump_statistics
We were calling channel_get_actual_remote_descr() before we used the
output of a previous channel_get_canonical_remote_descr(), thus
invalidating its output.
2012-10-17 11:29:59 -04:00
Nick Mathewson
cb9d123764 Document lifespan of return values of the _remote_descr() funcs 2012-10-17 11:29:37 -04:00
Nick Mathewson
26946c659b Restore the 'address' value of tunneled connections
When we merged the channel code, we made the 'address' field of linked
directory connections created with begindir (and their associated edge
connections) contain an address:port string, when they should only
have contained the address part.

This patch also tweaks the interface to the get_descr method of
channels so that it takes a set of flags rather than a single flag.
2012-10-17 11:23:26 -04:00
Nick Mathewson
898bd1ae8f Fix for bug 7112 (spewing complaints from tor_addr_is_internal)
In 4768c0efe3 (not in any released
version of Tor), we removed a little block of code that set the addr
field of an exit connection used in making a tunneled directory
request.  Turns out that wasn't right.
2012-10-17 11:15:01 -04:00
Nick Mathewson
f633184af1 Document return value of channel_get_addr_if_possible 2012-10-17 11:12:59 -04:00
Linus Nordberg
e2313d8622 White space. 2012-10-17 14:01:02 +02:00
Andrea Shepard
35f573136d Use LD_PROTOCOL rather than LD_BUG to warn about bogus reason codes that originated remotely in circuit_end_reason_to_control_string() 2012-10-17 03:24:28 -07:00
Andrea Shepard
17442560c4 Fix mal-merge, don't | END_CIRC_REASON_CHANNEL_CLOSED into reason codes in circuit_truncated() 2012-10-17 03:23:35 -07:00
Linus Nordberg
74c6dafed6 Two changes lost in rebase resurrected. 2012-10-17 12:13:49 +02:00
Linus Nordberg
19ab7b1639 Rename reserved C identifiers. 2012-10-17 10:54:53 +02:00
Karsten Loesing
1f849f9181 Minor tweaks to nils' v4 vs v6 bridge usage code. 2012-10-17 10:54:53 +02:00
Karsten Loesing
c03e3d66a9 Minor tweaks and comments to nils' geoip v6 code. 2012-10-17 10:54:52 +02:00
nils
31e224173b Include statistics as to how many connections are IPv4 versus IPv6 2012-10-17 10:54:52 +02:00
nils
abb886014e Add GeoIP database for IPv6 addresses 2012-10-17 10:54:52 +02:00
nils
167363403b Rename address family specific IPv4 geoip functions in preparation for IPv6 support 2012-10-17 10:54:17 +02:00
Andrea Shepard
94a0309909 Merge branch 'bug7087_2' of ssh://git-rw.torproject.org/user/andrea/tor 2012-10-15 13:04:55 -07:00
Andrea Shepard
ac227cf587 Close and free channel_tls_listener correctly in channel_tls_free_all() 2012-10-15 12:22:20 -07:00
Nick Mathewson
907db008ab Move the circuit build timeout code into its own file. 2012-10-15 14:50:55 -04:00
Nick Mathewson
9e9edf71f7 Split code for entry guards and bridges into a new module. 2012-10-15 14:28:23 -04:00
Nick Mathewson
f38fb29502 whitesapce fix 2012-10-15 11:22:53 -04:00
Nick Mathewson
9f83142591 Merge remote-tracking branch 'public/bug1031' 2012-10-15 11:20:48 -04:00
Andrea Shepard
99057014ba Add debug logging to channel_listener_free()/channel_listener_force_free() 2012-10-15 07:56:35 -07:00
Nick Mathewson
469b847c70 Fix a long line 2012-10-15 10:55:52 -04:00
Markus Teich
5a959163d3 fixed differing returntype in definition and declaration of dirserv_add_extrainfo 2012-10-15 10:53:11 -04:00
Andrea Shepard
4da2864308 Merge branch 'bug7087' of git://git.torproject.org/user/andrea/tor 2012-10-15 07:22:33 -07:00
Andrea Shepard
3894ca1508 Add debug logging for channel_free() and channel_force_free() 2012-10-15 06:46:23 -07:00
Andrea Shepard
9ef286ec8f Correctly clear cmux policies and free cmux in channel_free() and channel_force_free() 2012-10-15 06:32:44 -07:00
Nick Mathewson
0d946e1773 Merge remote-tracking branch 'arma/bug7029' 2012-10-14 23:06:43 -04:00
Roger Dingledine
38b7947386 fix trivial typo 2012-10-13 18:34:24 -04:00
Nick Mathewson
2b10e99eb0 Try refactoring channel list to use HT_ and LIST_ stuff directly 2012-10-12 20:16:43 -04:00
Nick Mathewson
7c9954a02a Use SIMPLEQ, not smartlist_t, for channel cell queues.
This lets  us use fewer memory allocations, and avoid O(n^2) iterations
2012-10-12 17:58:01 -04:00
Nick Mathewson
56c0baa523 Rename all reserved C identifiers we defined
For everything we declare that starts with _, make it end with _ instead.

This is a machine-generated patch.  To make it, start by getting the
list of reserved identifiers using:

     git ls-tree -r --name-only HEAD | grep  '\.[ch]$' | \
       xargs ctags --c-kinds=defglmpstuvx -o - | grep '^_' | \
       cut -f 1 | sort| uniq

You might need gnu ctags.

Then pipe the output through this script:
==============================

use strict;

BEGIN { print "#!/usr/bin/perl -w -i -p\n\n"; }

chomp;

next if (
     /^__attribute__/ or
     /^__func__/ or
     /^_FILE_OFFSET_BITS/ or
     /^_FORTIFY_SOURCE/ or
     /^_GNU_SOURCE/ or
     /^_WIN32/ or
     /^_DARWIN_UNLIMITED/ or
     /^_FILE_OFFSET_BITS/ or
     /^_LARGEFILE64_SOURCE/ or
     /^_LFS64_LARGEFILE/ or
     /^__cdecl/ or
     /^__attribute__/ or
     /^__func__/ or
    /^_WIN32_WINNT/);

my $ident = $_;

my $better = $ident;
$better =~ s/^_//;

$better = "${better}_";

print "s/(?<![A-Za-z0-9_])$ident(?![A-Za-z0-9_])/$better/g;\n";
==============================

Then run the resulting script on all the files you want to change.
(That is, all the C except that in src/ext.)  The resulting script was:

==============================

s/(?<![A-Za-z0-9_])_address(?![A-Za-z0-9_])/address_/g;
s/(?<![A-Za-z0-9_])_aes_fill_buf(?![A-Za-z0-9_])/aes_fill_buf_/g;
s/(?<![A-Za-z0-9_])_AllowInvalid(?![A-Za-z0-9_])/AllowInvalid_/g;
s/(?<![A-Za-z0-9_])_AP_CONN_STATE_MAX(?![A-Za-z0-9_])/AP_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_AP_CONN_STATE_MIN(?![A-Za-z0-9_])/AP_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_assert_cache_ok(?![A-Za-z0-9_])/assert_cache_ok_/g;
s/(?<![A-Za-z0-9_])_A_UNKNOWN(?![A-Za-z0-9_])/A_UNKNOWN_/g;
s/(?<![A-Za-z0-9_])_base(?![A-Za-z0-9_])/base_/g;
s/(?<![A-Za-z0-9_])_BridgePassword_AuthDigest(?![A-Za-z0-9_])/BridgePassword_AuthDigest_/g;
s/(?<![A-Za-z0-9_])_buffer_stats_compare_entries(?![A-Za-z0-9_])/buffer_stats_compare_entries_/g;
s/(?<![A-Za-z0-9_])_chan_circid_entries_eq(?![A-Za-z0-9_])/chan_circid_entries_eq_/g;
s/(?<![A-Za-z0-9_])_chan_circid_entry_hash(?![A-Za-z0-9_])/chan_circid_entry_hash_/g;
s/(?<![A-Za-z0-9_])_check_no_tls_errors(?![A-Za-z0-9_])/check_no_tls_errors_/g;
s/(?<![A-Za-z0-9_])_c_hist_compare(?![A-Za-z0-9_])/c_hist_compare_/g;
s/(?<![A-Za-z0-9_])_circ(?![A-Za-z0-9_])/circ_/g;
s/(?<![A-Za-z0-9_])_circuit_get_global_list(?![A-Za-z0-9_])/circuit_get_global_list_/g;
s/(?<![A-Za-z0-9_])_circuit_mark_for_close(?![A-Za-z0-9_])/circuit_mark_for_close_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_C_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_C_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_MIN(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_OR_MAX(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_OR_MAX_/g;
s/(?<![A-Za-z0-9_])_CIRCUIT_PURPOSE_OR_MIN(?![A-Za-z0-9_])/CIRCUIT_PURPOSE_OR_MIN_/g;
s/(?<![A-Za-z0-9_])_cmp_int_strings(?![A-Za-z0-9_])/cmp_int_strings_/g;
s/(?<![A-Za-z0-9_])_compare_cached_resolves_by_expiry(?![A-Za-z0-9_])/compare_cached_resolves_by_expiry_/g;
s/(?<![A-Za-z0-9_])_compare_digests(?![A-Za-z0-9_])/compare_digests_/g;
s/(?<![A-Za-z0-9_])_compare_digests256(?![A-Za-z0-9_])/compare_digests256_/g;
s/(?<![A-Za-z0-9_])_compare_dir_src_ents_by_authority_id(?![A-Za-z0-9_])/compare_dir_src_ents_by_authority_id_/g;
s/(?<![A-Za-z0-9_])_compare_duration_idx(?![A-Za-z0-9_])/compare_duration_idx_/g;
s/(?<![A-Za-z0-9_])_compare_int(?![A-Za-z0-9_])/compare_int_/g;
s/(?<![A-Za-z0-9_])_compare_networkstatus_v2_published_on(?![A-Za-z0-9_])/compare_networkstatus_v2_published_on_/g;
s/(?<![A-Za-z0-9_])_compare_old_routers_by_identity(?![A-Za-z0-9_])/compare_old_routers_by_identity_/g;
s/(?<![A-Za-z0-9_])_compare_orports(?![A-Za-z0-9_])/compare_orports_/g;
s/(?<![A-Za-z0-9_])_compare_pairs(?![A-Za-z0-9_])/compare_pairs_/g;
s/(?<![A-Za-z0-9_])_compare_routerinfo_by_id_digest(?![A-Za-z0-9_])/compare_routerinfo_by_id_digest_/g;
s/(?<![A-Za-z0-9_])_compare_routerinfo_by_ip_and_bw(?![A-Za-z0-9_])/compare_routerinfo_by_ip_and_bw_/g;
s/(?<![A-Za-z0-9_])_compare_signed_descriptors_by_age(?![A-Za-z0-9_])/compare_signed_descriptors_by_age_/g;
s/(?<![A-Za-z0-9_])_compare_string_ptrs(?![A-Za-z0-9_])/compare_string_ptrs_/g;
s/(?<![A-Za-z0-9_])_compare_strings_for_pqueue(?![A-Za-z0-9_])/compare_strings_for_pqueue_/g;
s/(?<![A-Za-z0-9_])_compare_strs(?![A-Za-z0-9_])/compare_strs_/g;
s/(?<![A-Za-z0-9_])_compare_tor_version_str_ptr(?![A-Za-z0-9_])/compare_tor_version_str_ptr_/g;
s/(?<![A-Za-z0-9_])_compare_vote_rs(?![A-Za-z0-9_])/compare_vote_rs_/g;
s/(?<![A-Za-z0-9_])_compare_votes_by_authority_id(?![A-Za-z0-9_])/compare_votes_by_authority_id_/g;
s/(?<![A-Za-z0-9_])_compare_without_first_ch(?![A-Za-z0-9_])/compare_without_first_ch_/g;
s/(?<![A-Za-z0-9_])_connection_free(?![A-Za-z0-9_])/connection_free_/g;
s/(?<![A-Za-z0-9_])_connection_mark_and_flush(?![A-Za-z0-9_])/connection_mark_and_flush_/g;
s/(?<![A-Za-z0-9_])_connection_mark_for_close(?![A-Za-z0-9_])/connection_mark_for_close_/g;
s/(?<![A-Za-z0-9_])_connection_mark_unattached_ap(?![A-Za-z0-9_])/connection_mark_unattached_ap_/g;
s/(?<![A-Za-z0-9_])_connection_write_to_buf_impl(?![A-Za-z0-9_])/connection_write_to_buf_impl_/g;
s/(?<![A-Za-z0-9_])_ConnLimit(?![A-Za-z0-9_])/ConnLimit_/g;
s/(?<![A-Za-z0-9_])_CONN_TYPE_MAX(?![A-Za-z0-9_])/CONN_TYPE_MAX_/g;
s/(?<![A-Za-z0-9_])_CONN_TYPE_MIN(?![A-Za-z0-9_])/CONN_TYPE_MIN_/g;
s/(?<![A-Za-z0-9_])_CONTROL_CONN_STATE_MAX(?![A-Za-z0-9_])/CONTROL_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_CONTROL_CONN_STATE_MIN(?![A-Za-z0-9_])/CONTROL_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_CPUWORKER_STATE_MAX(?![A-Za-z0-9_])/CPUWORKER_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_CPUWORKER_STATE_MIN(?![A-Za-z0-9_])/CPUWORKER_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_crypto_dh_get_dh(?![A-Za-z0-9_])/crypto_dh_get_dh_/g;
s/(?<![A-Za-z0-9_])_crypto_global_initialized(?![A-Za-z0-9_])/crypto_global_initialized_/g;
s/(?<![A-Za-z0-9_])_crypto_new_pk_from_rsa(?![A-Za-z0-9_])/crypto_new_pk_from_rsa_/g;
s/(?<![A-Za-z0-9_])_crypto_pk_get_evp_pkey(?![A-Za-z0-9_])/crypto_pk_get_evp_pkey_/g;
s/(?<![A-Za-z0-9_])_crypto_pk_get_rsa(?![A-Za-z0-9_])/crypto_pk_get_rsa_/g;
s/(?<![A-Za-z0-9_])_DIR_CONN_STATE_MAX(?![A-Za-z0-9_])/DIR_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_DIR_CONN_STATE_MIN(?![A-Za-z0-9_])/DIR_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_DIR_PURPOSE_MAX(?![A-Za-z0-9_])/DIR_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_DIR_PURPOSE_MIN(?![A-Za-z0-9_])/DIR_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_dirreq_map_get(?![A-Za-z0-9_])/dirreq_map_get_/g;
s/(?<![A-Za-z0-9_])_dirreq_map_put(?![A-Za-z0-9_])/dirreq_map_put_/g;
s/(?<![A-Za-z0-9_])_dns_randfn(?![A-Za-z0-9_])/dns_randfn_/g;
s/(?<![A-Za-z0-9_])_dummy(?![A-Za-z0-9_])/dummy_/g;
s/(?<![A-Za-z0-9_])_edge(?![A-Za-z0-9_])/edge_/g;
s/(?<![A-Za-z0-9_])_END_CIRC_REASON_MAX(?![A-Za-z0-9_])/END_CIRC_REASON_MAX_/g;
s/(?<![A-Za-z0-9_])_END_CIRC_REASON_MIN(?![A-Za-z0-9_])/END_CIRC_REASON_MIN_/g;
s/(?<![A-Za-z0-9_])_EOF(?![A-Za-z0-9_])/EOF_/g;
s/(?<![A-Za-z0-9_])_ERR(?![A-Za-z0-9_])/ERR_/g;
s/(?<![A-Za-z0-9_])_escaped_val(?![A-Za-z0-9_])/escaped_val_/g;
s/(?<![A-Za-z0-9_])_evdns_log(?![A-Za-z0-9_])/evdns_log_/g;
s/(?<![A-Za-z0-9_])_evdns_nameserver_add_impl(?![A-Za-z0-9_])/evdns_nameserver_add_impl_/g;
s/(?<![A-Za-z0-9_])_EVENT_MAX(?![A-Za-z0-9_])/EVENT_MAX_/g;
s/(?<![A-Za-z0-9_])_EVENT_MIN(?![A-Za-z0-9_])/EVENT_MIN_/g;
s/(?<![A-Za-z0-9_])_ExcludeExitNodesUnion(?![A-Za-z0-9_])/ExcludeExitNodesUnion_/g;
s/(?<![A-Za-z0-9_])_EXIT_CONN_STATE_MAX(?![A-Za-z0-9_])/EXIT_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_EXIT_CONN_STATE_MIN(?![A-Za-z0-9_])/EXIT_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_EXIT_PURPOSE_MAX(?![A-Za-z0-9_])/EXIT_PURPOSE_MAX_/g;
s/(?<![A-Za-z0-9_])_EXIT_PURPOSE_MIN(?![A-Za-z0-9_])/EXIT_PURPOSE_MIN_/g;
s/(?<![A-Za-z0-9_])_extrainfo_free(?![A-Za-z0-9_])/extrainfo_free_/g;
s/(?<![A-Za-z0-9_])_find_by_keyword(?![A-Za-z0-9_])/find_by_keyword_/g;
s/(?<![A-Za-z0-9_])_free_cached_dir(?![A-Za-z0-9_])/free_cached_dir_/g;
s/(?<![A-Za-z0-9_])_free_cached_resolve(?![A-Za-z0-9_])/free_cached_resolve_/g;
s/(?<![A-Za-z0-9_])_free_duplicate_routerstatus_entry(?![A-Za-z0-9_])/free_duplicate_routerstatus_entry_/g;
s/(?<![A-Za-z0-9_])_free_link_history(?![A-Za-z0-9_])/free_link_history_/g;
s/(?<![A-Za-z0-9_])_geoip_compare_entries(?![A-Za-z0-9_])/geoip_compare_entries_/g;
s/(?<![A-Za-z0-9_])_geoip_compare_key_to_entry(?![A-Za-z0-9_])/geoip_compare_key_to_entry_/g;
s/(?<![A-Za-z0-9_])_hex_decode_digit(?![A-Za-z0-9_])/hex_decode_digit_/g;
s/(?<![A-Za-z0-9_])_idxplus1(?![A-Za-z0-9_])/idxplus1_/g;
s/(?<![A-Za-z0-9_])__libc_enable_secure(?![A-Za-z0-9_])/_libc_enable_secure_/g;
s/(?<![A-Za-z0-9_])_log_debug(?![A-Za-z0-9_])/log_debug_/g;
s/(?<![A-Za-z0-9_])_log_err(?![A-Za-z0-9_])/log_err_/g;
s/(?<![A-Za-z0-9_])_log_fn(?![A-Za-z0-9_])/log_fn_/g;
s/(?<![A-Za-z0-9_])_log_fn_function_name(?![A-Za-z0-9_])/log_fn_function_name_/g;
s/(?<![A-Za-z0-9_])_log_global_min_severity(?![A-Za-z0-9_])/log_global_min_severity_/g;
s/(?<![A-Za-z0-9_])_log_info(?![A-Za-z0-9_])/log_info_/g;
s/(?<![A-Za-z0-9_])_log_notice(?![A-Za-z0-9_])/log_notice_/g;
s/(?<![A-Za-z0-9_])_log_prefix(?![A-Za-z0-9_])/log_prefix_/g;
s/(?<![A-Za-z0-9_])_log_warn(?![A-Za-z0-9_])/log_warn_/g;
s/(?<![A-Za-z0-9_])_magic(?![A-Za-z0-9_])/magic_/g;
s/(?<![A-Za-z0-9_])_MALLOC_LOCK(?![A-Za-z0-9_])/MALLOC_LOCK_/g;
s/(?<![A-Za-z0-9_])_MALLOC_LOCK_INIT(?![A-Za-z0-9_])/MALLOC_LOCK_INIT_/g;
s/(?<![A-Za-z0-9_])_MALLOC_UNLOCK(?![A-Za-z0-9_])/MALLOC_UNLOCK_/g;
s/(?<![A-Za-z0-9_])_microdesc_eq(?![A-Za-z0-9_])/microdesc_eq_/g;
s/(?<![A-Za-z0-9_])_microdesc_hash(?![A-Za-z0-9_])/microdesc_hash_/g;
s/(?<![A-Za-z0-9_])_MIN_TOR_TLS_ERROR_VAL(?![A-Za-z0-9_])/MIN_TOR_TLS_ERROR_VAL_/g;
s/(?<![A-Za-z0-9_])_mm_free(?![A-Za-z0-9_])/mm_free_/g;
s/(?<![A-Za-z0-9_])_NIL(?![A-Za-z0-9_])/NIL_/g;
s/(?<![A-Za-z0-9_])_n_openssl_mutexes(?![A-Za-z0-9_])/n_openssl_mutexes_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_create_cb(?![A-Za-z0-9_])/openssl_dynlock_create_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_destroy_cb(?![A-Za-z0-9_])/openssl_dynlock_destroy_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_dynlock_lock_cb(?![A-Za-z0-9_])/openssl_dynlock_lock_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_locking_cb(?![A-Za-z0-9_])/openssl_locking_cb_/g;
s/(?<![A-Za-z0-9_])_openssl_mutexes(?![A-Za-z0-9_])/openssl_mutexes_/g;
s/(?<![A-Za-z0-9_])_option_abbrevs(?![A-Za-z0-9_])/option_abbrevs_/g;
s/(?<![A-Za-z0-9_])_option_vars(?![A-Za-z0-9_])/option_vars_/g;
s/(?<![A-Za-z0-9_])_OR_CONN_STATE_MAX(?![A-Za-z0-9_])/OR_CONN_STATE_MAX_/g;
s/(?<![A-Za-z0-9_])_OR_CONN_STATE_MIN(?![A-Za-z0-9_])/OR_CONN_STATE_MIN_/g;
s/(?<![A-Za-z0-9_])_OutboundBindAddressIPv4(?![A-Za-z0-9_])/OutboundBindAddressIPv4_/g;
s/(?<![A-Za-z0-9_])_OutboundBindAddressIPv6(?![A-Za-z0-9_])/OutboundBindAddressIPv6_/g;
s/(?<![A-Za-z0-9_])_PDS_PREFER_TUNNELED_DIR_CONNS(?![A-Za-z0-9_])/PDS_PREFER_TUNNELED_DIR_CONNS_/g;
s/(?<![A-Za-z0-9_])_port(?![A-Za-z0-9_])/port_/g;
s/(?<![A-Za-z0-9_])__progname(?![A-Za-z0-9_])/_progname_/g;
s/(?<![A-Za-z0-9_])_PublishServerDescriptor(?![A-Za-z0-9_])/PublishServerDescriptor_/g;
s/(?<![A-Za-z0-9_])_remove_old_client_helper(?![A-Za-z0-9_])/remove_old_client_helper_/g;
s/(?<![A-Za-z0-9_])_rend_cache_entry_free(?![A-Za-z0-9_])/rend_cache_entry_free_/g;
s/(?<![A-Za-z0-9_])_routerlist_find_elt(?![A-Za-z0-9_])/routerlist_find_elt_/g;
s/(?<![A-Za-z0-9_])_SafeLogging(?![A-Za-z0-9_])/SafeLogging_/g;
s/(?<![A-Za-z0-9_])_SHORT_FILE_(?![A-Za-z0-9_])/SHORT_FILE__/g;
s/(?<![A-Za-z0-9_])_state_abbrevs(?![A-Za-z0-9_])/state_abbrevs_/g;
s/(?<![A-Za-z0-9_])_state_vars(?![A-Za-z0-9_])/state_vars_/g;
s/(?<![A-Za-z0-9_])_t(?![A-Za-z0-9_])/t_/g;
s/(?<![A-Za-z0-9_])_t32(?![A-Za-z0-9_])/t32_/g;
s/(?<![A-Za-z0-9_])_test_op_ip6(?![A-Za-z0-9_])/test_op_ip6_/g;
s/(?<![A-Za-z0-9_])_thread1_name(?![A-Za-z0-9_])/thread1_name_/g;
s/(?<![A-Za-z0-9_])_thread2_name(?![A-Za-z0-9_])/thread2_name_/g;
s/(?<![A-Za-z0-9_])_thread_test_func(?![A-Za-z0-9_])/thread_test_func_/g;
s/(?<![A-Za-z0-9_])_thread_test_mutex(?![A-Za-z0-9_])/thread_test_mutex_/g;
s/(?<![A-Za-z0-9_])_thread_test_start1(?![A-Za-z0-9_])/thread_test_start1_/g;
s/(?<![A-Za-z0-9_])_thread_test_start2(?![A-Za-z0-9_])/thread_test_start2_/g;
s/(?<![A-Za-z0-9_])_thread_test_strmap(?![A-Za-z0-9_])/thread_test_strmap_/g;
s/(?<![A-Za-z0-9_])_tor_calloc(?![A-Za-z0-9_])/tor_calloc_/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_INTERNAL(?![A-Za-z0-9_])/TOR_CHANNEL_INTERNAL_/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_EWMA_C(?![A-Za-z0-9_])/TOR_CIRCUITMUX_EWMA_C_/g;
s/(?<![A-Za-z0-9_])_tor_free(?![A-Za-z0-9_])/tor_free_/g;
s/(?<![A-Za-z0-9_])_tor_malloc(?![A-Za-z0-9_])/tor_malloc_/g;
s/(?<![A-Za-z0-9_])_tor_malloc_zero(?![A-Za-z0-9_])/tor_malloc_zero_/g;
s/(?<![A-Za-z0-9_])_tor_memdup(?![A-Za-z0-9_])/tor_memdup_/g;
s/(?<![A-Za-z0-9_])_tor_realloc(?![A-Za-z0-9_])/tor_realloc_/g;
s/(?<![A-Za-z0-9_])_tor_strdup(?![A-Za-z0-9_])/tor_strdup_/g;
s/(?<![A-Za-z0-9_])_tor_strndup(?![A-Za-z0-9_])/tor_strndup_/g;
s/(?<![A-Za-z0-9_])_TOR_TLS_SYSCALL(?![A-Za-z0-9_])/TOR_TLS_SYSCALL_/g;
s/(?<![A-Za-z0-9_])_TOR_TLS_ZERORETURN(?![A-Za-z0-9_])/TOR_TLS_ZERORETURN_/g;
s/(?<![A-Za-z0-9_])__USE_ISOC99(?![A-Za-z0-9_])/_USE_ISOC99_/g;
s/(?<![A-Za-z0-9_])_UsingTestNetworkDefaults(?![A-Za-z0-9_])/UsingTestNetworkDefaults_/g;
s/(?<![A-Za-z0-9_])_val(?![A-Za-z0-9_])/val_/g;
s/(?<![A-Za-z0-9_])_void_for_alignment(?![A-Za-z0-9_])/void_for_alignment_/g;

==============================
2012-10-12 12:22:13 -04:00
Nick Mathewson
0cb921f3e9 Convert all include-guard macros to avoid reserved identifiers.
In C, we technically aren't supposed to define our own things that
start with an underscore.

This is a purely machine-generated commit.  First, I ran this script
on all the headers in src/{common,or,test,tools/*}/*.h :
==============================

use strict;

my %macros = ();
my %skipped = ();
FILE: for my $fn (@ARGV) {
    my $f = $fn;
    if ($fn !~ /^\.\//) {
	$f = "./$fn";
    }
    $skipped{$fn} = 0;
    open(F, $fn);
    while (<F>) {
	if (/^#ifndef ([A-Za-z0-9_]+)/) {
	    $macros{$fn} = $1;
	    next FILE;
	}
    }
}

print "#!/usr/bin/perl -w -i -p\n\n";
for my $fn (@ARGV) {
    if (! exists $macros{$fn}) {
	print "# No macro known for $fn!\n" if (!$skipped{$fn});
	next;
    }
    if ($macros{$fn} !~ /_H_?$/) {
	print "# Weird macro for $fn...\n";
    }
    my $goodmacro = uc $fn;
    $goodmacro =~ s#.*/##;
    $goodmacro =~ s#[\/\-\.]#_#g;
    print "s/(?<![A-Za-z0-9_])$macros{$fn}(?![A-Za-z0-9_])/TOR_${goodmacro}/g;\n"
}
==============================

It produced the following output, which I then re-ran on those same files:

==============================

s/(?<![A-Za-z0-9_])_TOR_ADDRESS_H(?![A-Za-z0-9_])/TOR_ADDRESS_H/g;
s/(?<![A-Za-z0-9_])_TOR_AES_H(?![A-Za-z0-9_])/TOR_AES_H/g;
s/(?<![A-Za-z0-9_])_TOR_COMPAT_H(?![A-Za-z0-9_])/TOR_COMPAT_H/g;
s/(?<![A-Za-z0-9_])_TOR_COMPAT_LIBEVENT_H(?![A-Za-z0-9_])/TOR_COMPAT_LIBEVENT_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONTAINER_H(?![A-Za-z0-9_])/TOR_CONTAINER_H/g;
s/(?<![A-Za-z0-9_])_TOR_CRYPTO_H(?![A-Za-z0-9_])/TOR_CRYPTO_H/g;
s/(?<![A-Za-z0-9_])TOR_DI_OPS_H(?![A-Za-z0-9_])/TOR_DI_OPS_H/g;
s/(?<![A-Za-z0-9_])_TOR_MEMAREA_H(?![A-Za-z0-9_])/TOR_MEMAREA_H/g;
s/(?<![A-Za-z0-9_])_TOR_MEMPOOL_H(?![A-Za-z0-9_])/TOR_MEMPOOL_H/g;
s/(?<![A-Za-z0-9_])TOR_PROCMON_H(?![A-Za-z0-9_])/TOR_PROCMON_H/g;
s/(?<![A-Za-z0-9_])_TOR_TORGZIP_H(?![A-Za-z0-9_])/TOR_TORGZIP_H/g;
s/(?<![A-Za-z0-9_])_TOR_TORINT_H(?![A-Za-z0-9_])/TOR_TORINT_H/g;
s/(?<![A-Za-z0-9_])_TOR_LOG_H(?![A-Za-z0-9_])/TOR_TORLOG_H/g;
s/(?<![A-Za-z0-9_])_TOR_TORTLS_H(?![A-Za-z0-9_])/TOR_TORTLS_H/g;
s/(?<![A-Za-z0-9_])_TOR_UTIL_H(?![A-Za-z0-9_])/TOR_UTIL_H/g;
s/(?<![A-Za-z0-9_])_TOR_BUFFERS_H(?![A-Za-z0-9_])/TOR_BUFFERS_H/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_H(?![A-Za-z0-9_])/TOR_CHANNEL_H/g;
s/(?<![A-Za-z0-9_])_TOR_CHANNEL_TLS_H(?![A-Za-z0-9_])/TOR_CHANNELTLS_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITBUILD_H(?![A-Za-z0-9_])/TOR_CIRCUITBUILD_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITLIST_H(?![A-Za-z0-9_])/TOR_CIRCUITLIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_EWMA_H(?![A-Za-z0-9_])/TOR_CIRCUITMUX_EWMA_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_H(?![A-Za-z0-9_])/TOR_CIRCUITMUX_H/g;
s/(?<![A-Za-z0-9_])_TOR_CIRCUITUSE_H(?![A-Za-z0-9_])/TOR_CIRCUITUSE_H/g;
s/(?<![A-Za-z0-9_])_TOR_COMMAND_H(?![A-Za-z0-9_])/TOR_COMMAND_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONFIG_H(?![A-Za-z0-9_])/TOR_CONFIG_H/g;
s/(?<![A-Za-z0-9_])TOR_CONFPARSE_H(?![A-Za-z0-9_])/TOR_CONFPARSE_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONNECTION_EDGE_H(?![A-Za-z0-9_])/TOR_CONNECTION_EDGE_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONNECTION_H(?![A-Za-z0-9_])/TOR_CONNECTION_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONNECTION_OR_H(?![A-Za-z0-9_])/TOR_CONNECTION_OR_H/g;
s/(?<![A-Za-z0-9_])_TOR_CONTROL_H(?![A-Za-z0-9_])/TOR_CONTROL_H/g;
s/(?<![A-Za-z0-9_])_TOR_CPUWORKER_H(?![A-Za-z0-9_])/TOR_CPUWORKER_H/g;
s/(?<![A-Za-z0-9_])_TOR_DIRECTORY_H(?![A-Za-z0-9_])/TOR_DIRECTORY_H/g;
s/(?<![A-Za-z0-9_])_TOR_DIRSERV_H(?![A-Za-z0-9_])/TOR_DIRSERV_H/g;
s/(?<![A-Za-z0-9_])_TOR_DIRVOTE_H(?![A-Za-z0-9_])/TOR_DIRVOTE_H/g;
s/(?<![A-Za-z0-9_])_TOR_DNS_H(?![A-Za-z0-9_])/TOR_DNS_H/g;
s/(?<![A-Za-z0-9_])_TOR_DNSSERV_H(?![A-Za-z0-9_])/TOR_DNSSERV_H/g;
s/(?<![A-Za-z0-9_])TOR_EVENTDNS_TOR_H(?![A-Za-z0-9_])/TOR_EVENTDNS_TOR_H/g;
s/(?<![A-Za-z0-9_])_TOR_GEOIP_H(?![A-Za-z0-9_])/TOR_GEOIP_H/g;
s/(?<![A-Za-z0-9_])_TOR_HIBERNATE_H(?![A-Za-z0-9_])/TOR_HIBERNATE_H/g;
s/(?<![A-Za-z0-9_])_TOR_MAIN_H(?![A-Za-z0-9_])/TOR_MAIN_H/g;
s/(?<![A-Za-z0-9_])_TOR_MICRODESC_H(?![A-Za-z0-9_])/TOR_MICRODESC_H/g;
s/(?<![A-Za-z0-9_])_TOR_NETWORKSTATUS_H(?![A-Za-z0-9_])/TOR_NETWORKSTATUS_H/g;
s/(?<![A-Za-z0-9_])_TOR_NODELIST_H(?![A-Za-z0-9_])/TOR_NODELIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_NTMAIN_H(?![A-Za-z0-9_])/TOR_NTMAIN_H/g;
s/(?<![A-Za-z0-9_])_TOR_ONION_H(?![A-Za-z0-9_])/TOR_ONION_H/g;
s/(?<![A-Za-z0-9_])_TOR_OR_H(?![A-Za-z0-9_])/TOR_OR_H/g;
s/(?<![A-Za-z0-9_])_TOR_POLICIES_H(?![A-Za-z0-9_])/TOR_POLICIES_H/g;
s/(?<![A-Za-z0-9_])_TOR_REASONS_H(?![A-Za-z0-9_])/TOR_REASONS_H/g;
s/(?<![A-Za-z0-9_])_TOR_RELAY_H(?![A-Za-z0-9_])/TOR_RELAY_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDCLIENT_H(?![A-Za-z0-9_])/TOR_RENDCLIENT_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDCOMMON_H(?![A-Za-z0-9_])/TOR_RENDCOMMON_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDMID_H(?![A-Za-z0-9_])/TOR_RENDMID_H/g;
s/(?<![A-Za-z0-9_])_TOR_RENDSERVICE_H(?![A-Za-z0-9_])/TOR_RENDSERVICE_H/g;
s/(?<![A-Za-z0-9_])_TOR_REPHIST_H(?![A-Za-z0-9_])/TOR_REPHIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_REPLAYCACHE_H(?![A-Za-z0-9_])/TOR_REPLAYCACHE_H/g;
s/(?<![A-Za-z0-9_])_TOR_ROUTER_H(?![A-Za-z0-9_])/TOR_ROUTER_H/g;
s/(?<![A-Za-z0-9_])_TOR_ROUTERLIST_H(?![A-Za-z0-9_])/TOR_ROUTERLIST_H/g;
s/(?<![A-Za-z0-9_])_TOR_ROUTERPARSE_H(?![A-Za-z0-9_])/TOR_ROUTERPARSE_H/g;
s/(?<![A-Za-z0-9_])TOR_ROUTERSET_H(?![A-Za-z0-9_])/TOR_ROUTERSET_H/g;
s/(?<![A-Za-z0-9_])TOR_STATEFILE_H(?![A-Za-z0-9_])/TOR_STATEFILE_H/g;
s/(?<![A-Za-z0-9_])_TOR_STATUS_H(?![A-Za-z0-9_])/TOR_STATUS_H/g;
s/(?<![A-Za-z0-9_])TOR_TRANSPORTS_H(?![A-Za-z0-9_])/TOR_TRANSPORTS_H/g;
s/(?<![A-Za-z0-9_])_TOR_TEST_H(?![A-Za-z0-9_])/TOR_TEST_H/g;
s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_H/g;
s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_NATPMP_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_NATPMP_H/g;
s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_UPNP_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_UPNP_H/g;
==============================
2012-10-12 12:13:10 -04:00
Nick Mathewson
0d9c336a87 Add guard macro for eventdns_tor.h 2012-10-12 12:08:53 -04:00
Andrea Shepard
9c605ecb7e Install correct incoming cell handlers on reachability testing channels
Fix for bug 7086.
2012-10-12 10:02:13 -04:00
Andrea Shepard
3a33b1fe3b Merge branch 'move_contrib_source' of git://git.torproject.org/nickm/tor 2012-10-11 15:55:26 -07:00
Nick Mathewson
63f542a5c2 Move all externally maintained source files into src/ext
The rationale for treating these files differently is that we should
be checking upstream for changes as applicable, and merging changes
upstream as warranted.
2012-10-11 17:22:03 -04:00
Nick Mathewson
a45760b53b Make very sure to handle cells in-order on channels.
Fix on code for 6465, not yet in any release.
2012-10-11 00:35:58 -04:00
Nick Mathewson
7ea904cbc0 Merge branch 'bug7011'
Conflicts:
	src/or/circuitbuild.c

The conflict was trivial, since no line of code actually changed in
both branches: There was a fmt_addr() that turned into fmt_addrport()
in bug7011, and a "if (!n_conn)" that turned into "if (!n_chan)" in
master.
2012-10-10 22:31:06 -04:00
David Fifield
8b3f3fb86e Use fmt_addrport in pt_get_extra_info_descriptor_string.
This patch is by asn.
https://trac.torproject.org/projects/tor/ticket/7011#comment:11
2012-10-10 22:25:30 -04:00
David Fifield
8419d18441 Use fmt_addrport where appropriate.
This is mostly a conversion from this pattern:
	log("... %s:%d ...", fmt_and_decorate_addr(&addr), port);
to this:
	log("... %s ...", fmt_addrport(&addr, port));

The output is the same in all cases.
2012-10-10 22:25:30 -04:00
David Fifield
4b0a039cb8 Use fmt_and_decorate_addr in extra-info "transport" lines.
Apparently BridgeDB is already expecting transport lines to be formatted
thus; see https://trac.torproject.org/projects/tor/ticket/7011#comment:12 ff.
It may be that there are no extant IPv6 pluggable transport bridges yet,
so this didn't cause a problem.
2012-10-10 22:25:29 -04:00
David Fifield
5cbf0f2106 Use fmt_and_decorate_addr in TransportProxy statefile entry.
state_transport_line_is_valid calls tor_addr_port_lookup, which expects
brackets around an IPv6 address. Without this, cached transport
addresses can't be parsed later:

[warn] state: Could not parse addrport.
[warn] state: State file seems to be broken.

See #7011.
2012-10-10 22:25:29 -04:00
David Fifield
41328c7009 Decorate addresses given to a HTTP CONNECT proxy.
This affects the Request-URI and the value of the Host header. RFC 2616
doesn't directly address the formatting of IPv6 addresses, but it
delegates some productions to RFC 2396 "Uniform Resource Identifiers
(URI): Generic Syntax," which is obsoleted by RFC 3986, which requires
square brackets for IPv6 addresses in both places.

I tested this with
	HTTPSProxy 127.0.0.1:8000
	Bridge <IPv6 bridge>
	UseBridges 1
and an Ncat HTTP proxy:
	ncat --proxy-type http -l 8000 -vvv

https://tools.ietf.org/html/rfc2616#section-3.2.1
https://tools.ietf.org/html/rfc2616#section-5.1.2
https://tools.ietf.org/html/rfc2616#section-14.23
https://tools.ietf.org/html/rfc3986#section-3.2.2
2012-10-10 22:25:29 -04:00
David Fifield
34c6ee7e9b Use fmt_and_decorate_addr in log messages. 2012-10-10 22:25:29 -04:00
Andrea Shepard
8b36d4cc2a Merge branch 'bug6816_squashed_nowarn' of git://git.torproject.org/nickm/tor 2012-10-10 18:53:38 -07:00
Nick Mathewson
bd28322d38 Remove variables; fix gcc 4.7 warnings
My GCC warns when variables are assigned to but never used.  There
were a few like that in the 6816/6465 branches.
2012-10-10 21:25:52 -04:00
Andrea Shepard
5543c5b202
Fix formatting in various places after 6465/6816 work 2012-10-10 00:48:36 -07:00
Andrea Shepard
217352c362 Make channel_flush_some_cells() compile cleanly on machines with ssize_t larger than int per sjumrdoch comment 2012-10-10 00:44:47 -07:00
Andrea Shepard
bec776480d Don't remove circuitmux hash table entries in circuitmux_detach_circuit() until after circuitmux_make_circuit_inactive() 2012-10-10 00:44:47 -07:00
Andrea Shepard
1bc9a040f7 Fix 'warning: circuit was already inactive' and assert in circuitmux_make_circuit_inactive() during circuitmux_detach_all_circuits() 2012-10-10 00:44:47 -07:00
Andrea Shepard
c9e48ded5d Bring summary comment block in circuitmux.c up to date 2012-10-10 00:44:47 -07:00
Andrea Shepard
49d534e524 New and improved circuitmux_detach_all_circuits(), now without the stupid 2012-10-10 00:44:47 -07:00
Andrea Shepard
c9607694c9 Correctly set magic numbers on ewma policy data/circuit data when allocating 2012-10-10 00:44:47 -07:00
Andrea Shepard
9d615cc5c0 Set circuitmux policy on existing active channels when ewma_enabled changes 2012-10-10 00:44:47 -07:00
Andrea Shepard
bb62281ba4 Set circuitmux policy on new channels in channeltls.c 2012-10-10 00:44:47 -07:00
Andrea Shepard
0c4f717b3e Implement cell_ewma_enabled() 2012-10-10 00:44:47 -07:00
Andrea Shepard
8afe41b481 Implement channel_set_cmux_policy_everywhere() 2012-10-10 00:44:46 -07:00
Andrea Shepard
13972aee78 Fix broken circuitmux_move_active_circ_to_tail(); don't assume n_chan is not NULL in circuitmux_detach_circuit() 2012-10-10 00:44:46 -07:00
Andrea Shepard
903cc8acd1 Allow n_chan to be NULL in circuitmux_find_map_entry(); it can be but with non-NULL p_chan when extending a circuit 2012-10-10 00:44:46 -07:00
Andrea Shepard
a0200c1f6e Use circuit_get_by_circid_channel_even_if_marked() and fix some asserts in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
1498a6e84a Fix some circuitmux-related asserts in relay.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
b28119e6a8 Fix detach when setting circuit ID to 0 bug in circuit_set_circid_chan_helper() and add circuit_get_by_circid_channel_even_if_marked() 2012-10-10 00:44:46 -07:00
Andrea Shepard
c097fb33fc Detach circuits from circuitmux early when freeing channel so they can find the channel by ID 2012-10-10 00:44:46 -07:00
Andrea Shepard
3d092ffbdd Handle closing circuits correctly with circuitmux_t 2012-10-10 00:44:46 -07:00
Andrea Shepard
6830c9c232 Add a bunch of paranoid-mode expensive asserts incircuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
7598e669e8 Adjust the circuitmux_t counter correctly in circuitmux_notify_xmit_cells() 2012-10-10 00:44:46 -07:00
Andrea Shepard
96a6eff8fe Fix circuitmux attach/detach logic in circuit_set_circid_chan_helper(); it's possible for id to be zero (not assigned yet) and shouldn't be attached then 2012-10-10 00:44:46 -07:00
Andrea Shepard
60ec46a2ec Update circuitmux-related TODOs in channeltls.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
2565710fd7 Fix comment on circuit_t.n_hop and remove circuitmux TODO in or.h 2012-10-10 00:44:46 -07:00
Andrea Shepard
bbb2c31d26 Move all EWMA code into circuitmux.c and implement circuitmux_policy_t methods using it 2012-10-10 00:44:46 -07:00
Andrea Shepard
0af2eab9a2 Add circuitmux.h, circuitmux_ewma.h includes now necessary in networkstatus.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
d194b8602a Remove cell_ewma_t from or.h and from circuit_t/or_circuit_t; all that goes to the new circuitmux_ewma.c now 2012-10-10 00:44:46 -07:00
Andrea Shepard
5f9d37e74e Add circuitmux.h, circuitmux_ewma.h includes now necessary in config.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
14fe0d5859 Remove EWMA code from relay.{c,h}; it goes to a circuitmux policy now 2012-10-10 00:44:46 -07:00
Andrea Shepard
b7d5784c54 Remove ewma setup code in init_circuit_base()/or_circuit_new() of circuitlist.c; it gets allocated when the circuit is attached to a circuitmux_t with that policy now 2012-10-10 00:44:46 -07:00
Andrea Shepard
e1de2f1437 Add upcasts for circuitmux_policy_data_t and circuitmux_policy_circ_data_t to circuitmux.h 2012-10-10 00:44:46 -07:00
Andrea Shepard
184560c4f6 Add initial circuitmux_ewma.{c,h} 2012-10-10 00:44:46 -07:00
Andrea Shepard
34591c61ef Implement circuitmux_assert_okay() and helper functions in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
4a14c6aa67 Implement circuitmux_get_first_active_circuit() in circuitmux.c; add pick_active_circuit() to circuitmux_policy_t in circuitmux.h 2012-10-10 00:44:46 -07:00
Andrea Shepard
c4e5e4727d Add comment for circuitmux_notify_xmit_cells() in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
741bc97b24 Add comment for circuitmux_move_active_circ_to_tail() in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
aff77eb1a9 Implement circuitmux_notify_xmit_cells() and circuitmux_move_active_circ_to_tail() helper in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
debef8f0cd Consistently allow policy alloc_cmux_data() and alloc_circ_data() functions to return NULL if the policy does not use this in circuitmux.c 2012-10-10 00:44:46 -07:00
Andrea Shepard
86d9d85dfc Implement circuitmux_clear_policy(), circuitmux_get_policy() and circuitmux_set_policy() in circuitmux.c 2012-10-10 00:44:45 -07:00
Andrea Shepard
eade7a37cd Add cmux policy notify_set_n_cells() and notify_xmit_cells() callbacks 2012-10-10 00:44:45 -07:00
Andrea Shepard
930e3d611a Allocate and free circuit-specific policy data in the right places 2012-10-10 00:44:45 -07:00
Andrea Shepard
851734d324 Implement circuitmux policy basic notifications mechanism 2012-10-10 00:44:45 -07:00
Andrea Shepard
35f5259df4 Eliminate linked list helper functions in relay.c which are no longer used 2012-10-10 00:44:45 -07:00
Andrea Shepard
38fa3b7e44 Implement circuitmux_make_circuit_inactive(), circuitmux_make_circuit_active() and linked list helper functions in circuitmux.c 2012-10-10 00:44:45 -07:00
Andrea Shepard
fd31dd440c Implement circuitmux_detach_all_circuits() in circuitmux.c 2012-10-10 00:43:18 -07:00
Andrea Shepard
9da04141e2 Implement circuitmux_is_circuit_active(), circuitmux_num_cells_for_circuit(), circuitmux_num_cells(), circuitmux_num_active_circuits() and circuitmux_num_circuits() in circuitmux.c 2012-10-10 00:43:18 -07:00
Andrea Shepard
a9deec3550 Implement circuitmux_clear_num_cells() and circuitmux_set_num_cells() in circuitmux.c, remove unneeded circuitmux_add_to_num_cells() from circuitmux.h 2012-10-10 00:43:18 -07:00
Andrea Shepard
8004448635 Handle n_mux/p_mux properly in circuitmux.c 2012-10-10 00:43:18 -07:00
Andrea Shepard
c3ebd0340c Implement circuitmux_detach_circuit() in circuitmux.c 2012-10-10 00:43:17 -07:00
Andrea Shepard
7e5c358d38 Implement circuitmux_attached_circuit_direction(), circuitmux_find_map_entry() and circuitmux_is_circuit_attached() in circuitmux.c 2012-10-10 00:41:55 -07:00
Andrea Shepard
3c41d7f414 Implement circuitmux_attach_circuit() in circuitmux.c 2012-10-10 00:41:49 -07:00
Andrea Shepard
e4a11b890e Implement circuitmux_alloc()/circuitmux_free() and chanid/circid->muxinfo hash table 2012-10-10 00:40:10 -07:00
Andrea Shepard
b208539b80 Use circuitmux_t in channels and when relaying cells 2012-10-10 00:40:06 -07:00
Andrea Shepard
c684076fc7 Add circuitmux.c, circuitmux.h 2012-10-10 00:39:11 -07:00
Andrea Shepard
bddfb9ffa8 Add magic number for type-checking channel casts 2012-10-09 23:19:53 -07:00
Andrea Shepard
f00b44ef8c Improve comments on channel_write_*() 2012-10-09 23:19:53 -07:00
Andrea Shepard
1c3362dcdc Use cell_queue_entry_new/free() functions in channel.c 2012-10-09 23:19:53 -07:00
Andrea Shepard
53454fad95 Set reason_for_closing when erroring out of channel_tls_connect() 2012-10-09 23:19:53 -07:00
Andrea Shepard
3f4b95b1a3 Split channel_t into channel_t and channel_listener_t; get rid of that big union 2012-10-09 23:19:53 -07:00
George Kadianakis
634d24c588 Don't call fmt_addr() twice in a parameter list. 2012-10-09 23:49:56 -04:00
George Kadianakis
721f99e495 Don't call fmt_addr() twice in a parameter list. 2012-10-09 23:46:04 -04:00
Andrea Shepard
6391f963fb
Conform to existing Doxygen style 2012-10-08 21:30:07 -07:00
Andrea Shepard
06a76d1db4
Refactor channel_write_cell()/channel_write_packed_cell()/channel_write_var_cell() to eliminate redundant code 2012-10-08 21:16:59 -07:00
Andrea Shepard
89a00ee63a
Use typedefs for function pointer return values and s/listener/listener_fn/ for distinctness 2012-10-08 20:49:19 -07:00
Andrea Shepard
ee4e88e4d9
s/cell_queue/incoming_queue/g in channel.c for consistency with outgoing_queue 2012-10-08 20:20:28 -07:00
Andrea Shepard
4686638743
Fix typo in comment 2012-10-08 20:15:09 -07:00
Andrea Shepard
d61e58e1ba
s/channel_request_close()/channel_mark_for_close()/g for consistency 2012-10-08 20:14:04 -07:00
Andrea Shepard
8a41dd20cb
Make channel_force_free() static 2012-10-08 20:10:13 -07:00
Andrea Shepard
123a08e4a3
Simplify channel_next_with_digest() in channel.c 2012-10-08 20:08:18 -07:00
Andrea Shepard
e877d02fdd
Eliminate unnecessary channel_set_cell_handler(), channel_set_var_cell_handler() in channel.c 2012-10-08 20:06:40 -07:00
Andrea Shepard
17356fe7fd
Eliminate unnecessary SMARTLIST_DEL_CURRENT() invocations in channel.c, channeltls.c 2012-10-08 20:02:42 -07:00
Andrea Shepard
bb92a2d7a8
Remove orphaned comment in channel_flush_some_cells_from_outgoing_queue() 2012-10-08 19:54:47 -07:00
Andrea Shepard
341928c807
Simplify channel_find_by_remote_digest() 2012-10-08 19:53:05 -07:00
Andrea Shepard
965c9de498
Abolish superfluous channel_find_by_remote_nickname() 2012-10-08 19:52:04 -07:00
Andrea Shepard
64e6f6687c
channel_free() should be a no-op 2012-10-08 19:50:41 -07:00
Andrea Shepard
e709fe320a Use U64_FORMAT/U64_PRINTF_ARG rather than %lu for channel_t 2012-10-08 19:48:06 -07:00
Andrea Shepard
71ba517e0c
Check return value from connection_or_connect() in channel_tls_connect()
It's possible for connection_or_connect() to fail and return NULL after it
sets tlschan->conn, so not checking leaves a channel hanging around in
CHANNEL_STATE_OPENING with a pointer to a freed or_connection_t forever.
2012-10-08 18:24:04 -07:00
Andrea Shepard
7138a4adac Keep better statistics about channels and dump them from dumpstats() on SIGUSR1 2012-10-08 03:06:09 -07:00
Andrea Shepard
a9a75ee59a Call channel_tls_free_all() and channel_free_all() from tor_free_all in main.c 2012-10-08 03:06:09 -07:00
Andrea Shepard
72251385b0 Call connection_or_close_normally() rather than using connection_mark_for_close()/connection_mark_and_flush() in run_connection_housekeeping() of main.c so that channels get sent to the CLOSING state correctly (avoids an assert otherwise) 2012-10-08 03:06:09 -07:00
Andrea Shepard
07f9e8fc7d Call channel_run_cleanup() in main.c, and include a comment explaining how closing or_connections related to channels 2012-10-08 03:06:09 -07:00
Andrea Shepard
cb62a0b69a Use channel_is_bad_for_new_circs(), connection_or_get_num_circs() in main.c 2012-10-08 03:06:09 -07:00
Andrea Shepard
9ad7ba9f22 Use connection_or_get_num_circuits() in control.c 2012-10-08 03:06:09 -07:00
Andrea Shepard
f0f87cb68a Convert rendmid.c to channel_t 2012-10-08 03:06:09 -07:00
Andrea Shepard
28f108bcce Use dirreq_id from channel_t when appropriate 2012-10-08 03:06:09 -07:00
Andrea Shepard
8b14db9628 Switch onion.c over to channel_t 2012-10-08 03:06:09 -07:00
Andrea Shepard
77dac97354 Use channel_t in cpuworker.c
Note: this is a squashed commit; see branch bug6465_rebased_v2 of user/andrea/tor.git for full history of the following 2 commits:

Use channel_t in cpuworker.c
Fix bug in channel_t usage in cpuworker.c that was killing relaying on channel_t-ized Tor.  The tags passed to the worker now have a channel ID, not a connection ID.
2012-10-08 03:06:09 -07:00
Andrea Shepard
6cce6241dd Query circuit count from associated channel of or_conn in control.c 2012-10-08 03:06:09 -07:00
Andrea Shepard
35924435d2 Make reachabiity test in dirserv.c use channel_t 2012-10-08 03:06:07 -07:00
Andrea Shepard
e136f7ccb4 Convert relay.c/relay.h to channel_t
Note: this is a squashed commit; see branch bug6465_rebased_v2 of user/andrea/tor.git for full history of the following 10 commits:

Convert relay.c/relay.h to channel_t
Updating the timestamp if n_flushed > 0 at the end of channel_flush_from_first_active_circuit() was redundant since channel_write_cell() et al. do it themselves.
Get rid of now-unnecessary time parameter in channel_flush_from_first_active_circuit()
Get rid of now-unnecessary time parameter in channel_flush_from_first_active_circuit() in connection_or.c
Add non-inlined external call for channeltls.c to free a packed_cell_t
Appease make check-spaces in relay.c
Replace channel_get_write_queue_len() with sufficient and easier to implement channel_has_queued_writes() in relay.c
Rename channel_touched_by_client() and client_used field for consistency with other timestamps in relay.c
Don't double-free packed cells in relay.c (channel_t Tor now bootstraps and works as a client)
Rearrange channel_t struct to use a union distinguishing listener from cell-bearing channels in relay.c
2012-10-08 03:05:26 -07:00
Andrea Shepard
4768c0efe3 Support channel_t in connection_edge.c 2012-10-08 03:05:00 -07:00
Andrea Shepard
519c971f6a Use channel_t in cmd.c 2012-10-08 03:05:00 -07:00
Andrea Shepard
32337502f1 Use channel_t rather than or_connection_t for circuits 2012-10-08 03:04:58 -07:00
Andrea Shepard
15303c32ec Initial channeltls.c/channeltls.h for bug 6465 2012-10-08 03:04:00 -07:00
Andrea Shepard
7f952da553 Fix make check-spaces in circuitbuild.c and router.h 2012-10-08 03:04:00 -07:00
Andrea Shepard
838743654c Add channel.c/channel.h for bug 6465
Note: this is a squashed commit; see branch bug6465_rebased_v2 of user/andrea/tor.git for full history of the following 90 commits:

Add channel.c/channel.h for bug 6465
Fix make check-spaces in new channel.c/channel.h
Make sure new channel.h is in nodist_HEADERS and Makefile.nmake is up to date too
Add channel_state_t and state utility functions
Add channel_change_state()
Better comments in channel.h
Add CHANNEL_STATE_LISTENING for channel_t
Fix wide line in channel.c
Add structures/prototypes for incoming cell handling
Implement channel_queue_cell() and channel_queue_var_cell()
Implement channel_process_cells()
Fix asserts in channel_queue_cell() and channel_queue_var_cell()
Add descriptive comments for channel_queue_cell() and channel_queue_var_cell()
Implement channel cell handler getters/setters
Queue outgoing writes when not in writeable state
Drain queues and test assertions when changing channel_t state
Add log_debug() messages for channel_t stuff
Add log_debug() messages for channel_t stuff
Add some channel_t metadata
Add time_t client_used to channel_t
Add channel_touched_by_client()
Declare a few channel_t metadata queries we'll have to implement later for use by circuitbuild.c
Add next_circ_id/circ_id_type to channel_t for use by circuitbuild.c
Count n_circuits in channel_t
Channel timestamp calls
Add create timestamp for channel.h
Declare some new metadata queries on channel_t
Add get_real_remote_descr() prototype
Move active_circuits stuff to channel_t, some other or.h and channel.h changes
Make channel_t refcounted and use global lists of active channels
Update channel_request_close() and channel_change_state() for channel_t registration mechanism
Handle closing channels sensibly
Add global_identifier for channels, channel_init() internal use function
Add timestamp_last_added_nonpadding to channel_t
Better comments in channel_init()
Correctly handle next_circ_id in channel_init()
Correctly handle next_circ_id in channel_init() and even compile this time
Appease make check-spaces
Update timestamps when writing cells to channel_t
Add channel_flush_some_cells() to call channel_flush_from_first_active_circuit()
Add registered channel lookup functions
Get rid of client_used in or_connection_t; it's in channel_t now
Get rid of circ_id_type in or_connection_t; implement channel_set_circ_id_type()
Eliminate is_bad_for_new_circs in or_connection_t; implement getter/setter for it in channel_t
Eliminate next_circ_id in or_connection_t in favor of channel_t
Handle packed cells in channel_t for relay.c
Add channel_identity_map and related functions
Handle add/remove from channel identity map on state transitions
Implement channel_is_local() and channel_mark_local()
Implement channel_is_client() and channel_mark_client()
Implement channel_is_outgoing() and channel_mark_outgoing()
Eliminate declaration for redundant channel_nonopen_was_started_here()
Add channel timestamps
Add channel timestamps, fix some make-check-spaces complaints
Remove redundant channel_was_started_here() function and initiated_remotely bit
Rename channel_get_remote_descr()/channel_get_real_remote_descr() to something clearer in channel.h
Replace channel_get_write_queue_len() with sufficient and easier to implement channel_has_queued_writes() in channel.h
Change return type of channel_is_bad_for_new_circs() to int for consistency
Implement channel_has_queued_writes()
Rename channel_touched_by_client() and client_used field for consistency with other timestamps in channel.{c,h}
Implement channel_get_actual_remote_descr() and channel_get_canonical_remote_descr() in channel.{c,h}
Implement channel_matches_extend_info() in channel.{c,h}
Implement channel_get_for_extend() and channel_is_better() in channel.{c,h}
Make channel_is_better() public in channel.{c,h}
Implement channel_matches_target_addr_for_extend() in channel.{c,h}
Implement channel_is_canonical_is_reliable() in channel.{c,h}
Demoronize get_remote_descr() method prototype - what the hell was I thinking there?
Timestamp channels in the right places in channel.c
Add missing tor_assert() in channel.c
Check if the lower layer accepted a cell in channel_write_cell() et al. of channel.c
Implement channel_flush_cells() in channel.c (w00t, it builds at last)
Call channel_timestamp_drained() at the right places in channel.c
Implement channel_run_cleanup()
Support optional channel_get_remote_addr() method and use it for GeoIP in channel_do_open_actions()
Get rid of channel refcounting; it'll be too complicated to handle it properly with all the pointers from circuits to channels, and closing from channel_run_cleanup() will work okay just like with connections
Doxygenate channel.c
Appease make check-spaces in channel.c
Fix superfluous semicolons in channel.c
Add/remove channels from identity digest map in all the right places in channel.c
The cell queues on channel_t must be empty when going to a CLOSED or ERROR state
Appease make check-spaces in channel.c
Add channel_clear/set_identity_digest() and some better logging to channel.{c,h}
Fix better logging to channel.c
Avoid SIGSEGV testing for queue emptiness in channel_flush_some_cells_from_outgoing_queue()
Remove TODO about checking cell queue in channel_free(); no need for it
Appease make check-spaces in channel.c
Add channel_free_all() and support functions
Check nullness of active_circuit_pqueue in channel_free()
Fix SMARTLIST_FOREACH_END usage in channel_process_cells()
Rearrange channel_t struct to use a union distinguishing listener from cell-bearing channels in channel.{c,h}
2012-10-08 03:03:58 -07:00
Roger Dingledine
016c21d871 Downgrade "Failed to hand off onionskin" messages
They're typically redundant with the "Your computer is too slow"
messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha.

(In retrospect, we should have fixed this bug back in ticket 1042.)
2012-10-05 13:35:13 -04:00
Nick Mathewson
be33c3f600 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-04 12:49:13 -04:00
Nick Mathewson
0a3dfd0423 Merge remote-tracking branch 'arma/bug7037' into maint-0.2.3 2012-10-04 12:46:33 -04:00
Nick Mathewson
91b18b12d9 Fix tabs in config.c 2012-10-04 10:34:46 -04:00
Nick Mathewson
03e4b5a9d7 Merge remote-tracking branch 'linus/bug6757' 2012-10-04 10:31:25 -04:00
Nick Mathewson
d9847165e0 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-10-04 10:05:55 -04:00
Roger Dingledine
10b43f4c46 pass the reason from the truncated cell to the controller
(rather than just always declaring that the reason is
END_CIRC_REASON_OR_CONN_CLOSED)

resolves bug 7039.
2012-10-03 23:56:34 -04:00
Roger Dingledine
e50fa0d6cb Refuse extra create cells with reason "resource limit"
In the past we had used reason "internal", which is more vague than
it needs to be. Resolves bug 7037.
2012-10-03 20:17:37 -04:00
Roger Dingledine
b1971d89c8 properly free the return values of rate_limit_log()
resolves bug 7022.
2012-10-03 13:15:27 -04:00
Roger Dingledine
05f6f8f26d actually use the rate-limiting string
previously we just allocated the string and then freed it.
2012-10-03 13:03:09 -04:00
Roger Dingledine
3d31771da9 Free some more still-in-use memory at exit 2012-10-03 12:46:09 -04:00
Roger Dingledine
65e85dba1b reformat; no actual changes 2012-10-02 21:03:01 -04:00
Roger Dingledine
0ca47825a7 and make the last commit compile 2012-10-02 20:50:57 -04:00
Nick Mathewson
78e8eb5f2d Fix compilation error left over from 1cbf45bed1. (Bug 7021) 2012-10-02 20:48:30 -04:00
Roger Dingledine
57b13ad5cc more consistently use [gs]et_uint8 2012-10-02 20:39:58 -04:00
Nick Mathewson
a80d8e09d3 The --version option should imply --quiet.
Patch from 'maker'.
2012-10-01 11:01:18 -04:00
Nick Mathewson
f128baf36c Add missing declaration so 6876 compiles 2012-09-28 12:03:37 -04:00
Nick Mathewson
5f494a363a Merge remote-tracking branch 'linus/enh6876_2' 2012-09-28 11:57:36 -04:00
Nick Mathewson
95d9f7e9cc Merge remote-tracking branch 'rransom/warn-about-hses-without-guards' 2012-09-25 12:39:00 -04:00
Roger Dingledine
dc014c9747 Merge branch 'maint-0.2.3' 2012-09-22 09:31:09 -04:00
Roger Dingledine
c88a4c51b4 add faravahar as our ninth v3 dir auth 2012-09-22 09:10:37 -04:00
Nick Mathewson
9d4c53534d Remove the testing_since* fields
They weren't actually used since 7a35dad00

Bug 5809
2012-09-21 22:05:09 -04:00
Nick Mathewson
b7fdb3a927 add changes file and whitespace fixes for bug 4020 2012-09-21 19:48:38 -04:00
Tom Fitzhenry
655782f302 Reinstate address in warning message when binding non-locally
bug4020

Signed-off-by: Tom Fitzhenry <tom@tom-fitzhenry.me.uk>
2012-09-21 19:44:49 -04:00
Linus Nordberg
613079fbc4 Don't leak msg when parse_virtual_addr_network() fails. 2012-09-20 17:15:15 +02:00
Linus Nordberg
1cbf45bed1 Make option OutboundBindAddress accept IPv6 addresses too.
Implements ticket 6786.
2012-09-20 17:09:25 +02:00
Linus Nordberg
ce553d4982 Have node_get_pref_orport() return an IPv6 OR port when UseBridges is set.
We used to never return an IPv6 address unless ClientUseIPv6 was
set. We should allow clients running with bridges use IPv6 OR ports
even without setting ClientUseIPv6. Configuring an IPv6 address in a
Bridge line should imply that.

Fixes th second part of #6757.
2012-09-19 17:18:06 +02:00
Linus Nordberg
9c5ba489d3 Set (and reset) node_t.ipv6_preferred for bridges based on Bridge lines.
We used to set it only when ClientPreferIPv6ORPort was set which seems
wrong.

Fixes one part of #6757.
2012-09-19 17:12:22 +02:00
Robert Ransom
38609f1354 Fix comment typo 2012-09-18 16:50:54 -04:00
Robert Ransom
130e899fbb Warn if HSes are configured on a client with UseEntryGuards disabled 2012-09-18 16:50:00 -04:00
Robert Ransom
d1c4cf2f5a Correct comment explaining why tor2web mode should disable entry guards 2012-09-18 16:38:01 -04:00
Mike Perry
acda1735fd Disable Guard usage for Tor2webMode.
Tor2webMode is fingerprintable by hidden services through repeated
usage of the same three guard nodes for its rend and intro points.
2012-09-18 16:21:35 -04:00
Nick Mathewson
704fd8bb02 Bump bug 6866 log messages back up to notice for 0.2.4 2012-09-18 16:21:24 -04:00
Nick Mathewson
920c76a2fc Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-18 16:20:01 -04:00
Nick Mathewson
aca325eb0c Whitespace fixes 2012-09-18 16:16:17 -04:00
Nick Mathewson
c35fad2bde Remove some deadcode for parsing v1 directories
Fixes bug 6887.  There are opportunities to remove more functions if
authorities can stop serving dummy v1 directory documents
2012-09-18 15:30:27 -04:00
Linus Nordberg
a989dbc3dc Print the correct address family in log printout.
Look at the address family of the preferred OR port rather than the
node.ipv6_preferred flag since the logic has changed with new
ClientUseIPv6 config option.

Fixes ticket 6884.
2012-09-18 14:41:14 +02:00
Mike Perry
4bfed4378d Bug 6866: Convert pathbias asserts into log messages.
Asserts were hit by Tor2Web mode.
2012-09-17 18:25:28 -07:00
Nick Mathewson
5dfec9f833 Merge remote-tracking branch 'linus/bug6880' 2012-09-17 16:05:09 -04:00
Linus Nordberg
bee1e46bd1 Don't do reachability testing over IPv6 unless AuthDirPublishIPv6 is set.
This affects both directory authorities and bridge authoritites.
2012-09-17 22:01:58 +02:00
Robert Ransom
62babcaf0a Implement and use crypto_pk_eq_keys 2012-09-17 11:02:53 -04:00
Nick Mathewson
32d9cea289 Merge remote-tracking branch 'public/bug6853' 2012-09-17 10:50:48 -04:00
Nick Mathewson
96d2a21683 Avoid sign-extending when computing rend auth type.
Right-shifting negative values has implementation-defined behavior.
On all the platforms we work on right now, the behavior is to
sign-extend the input.  That isn't what we wanted in

    auth_type_val = (descriptor_cookie_tmp[16] >> 4) + 1;

Fix for 6861; bugfix on 0.2.1.5-alpha; reported pseudonymously.

The broken behavior didn't actually hurt anything, I think, since the
only way to get sign-extension to happen would be to have the top bit
of descriptor_cookie_tmp[16] set, which would make the value of
descriptor_cookie_tmp[16] >> 4 somewhere between 0b11111111 and
0b11111000 (that is, between -1 and -8).  So auth_type_val would be
between -7 and 0.  And the immediate next line does:

    if (auth_type_val < 1 || auth_type_val > 2) {

So the incorrectly computed auth_type_val would be rejected as
invalid, just as a correctly computed auth_type_val would be.

Still, this stuff shouldn't sit around the codebase.
2012-09-17 10:28:14 -04:00
Nick Mathewson
414adb237b Parse votes with >31 flags correctly
We were doing (1<<p) to generate a flag at position p, but we should
have been doing (U64_LITERAL(1)<<p).

Fixes bug 6861; bugfix on 0.2.0.3-alpha; reported pseudonymously.
2012-09-17 10:24:52 -04:00
Nick Mathewson
c2c6d12a81 Move functions for seeing if we know enough nodes into nodelist 2012-09-14 10:20:01 -04:00
Nick Mathewson
725d3a32bd Remove router_get_by_{nickname,hexdigest} entirely 2012-09-14 10:20:00 -04:00
Nick Mathewson
5161a52c66 Remove the old disabled router_get_by_nickname implementation 2012-09-14 10:20:00 -04:00
Nick Mathewson
ba21ebc6d8 Move many of the node_ functions from routerlist to nodelist 2012-09-14 10:20:00 -04:00
Nick Mathewson
d995dc8bac Split the routerset code out of routerlist.c 2012-09-14 10:20:00 -04:00
Nick Mathewson
286e95f0a5 Merge branch 'bug6833' 2012-09-14 10:10:23 -04:00
Nick Mathewson
68caa834f4 document why we only allow 64 flags in votes 2012-09-14 10:10:16 -04:00
Nick Mathewson
e4ce8cd969 Fix compilation with older gccs
They don't like to have #preprocessor directives inside macro arguments.

Fixes #6842; fix on 0.2.4.2-alpha.

Found by grarpamp.
2012-09-14 10:06:00 -04:00
Nick Mathewson
7d11952bf4 Split the or_state_t portions of config.c into their own file 2012-09-13 12:20:26 -04:00
Nick Mathewson
2eb2536c0a Remove all remaining spurious or_options_t invocations in confparse.c 2012-09-13 12:20:25 -04:00
Nick Mathewson
7627b2c187 Split the generic config_fmt_t code into a new confparse.c file
This helps us split up one of our larger files, and sets the stage
for refactoring the configuration backend a little
2012-09-13 12:20:25 -04:00
Nick Mathewson
c8b98ba41c Reject votes (not consensuses) with >64 known-flags
Our flag voting code needs to handle unrecognized flags, so it stores
them in a 64-bit bitfield.  But we never actually checked for too many
flags, so we were potentially doing stuff like U64_LITERAL(1)<<flagnum
with flagnum >= 64.  That's undefined behavior.

Fix for bug 6833; bugfix on 0.2.0.1-alpha.
2012-09-13 11:45:05 -04:00
Nick Mathewson
582f2187a7 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-13 10:08:51 -04:00
Robert Ransom
0a6480cdd0 Avoid undefined behaviour when parsing HS protocol versions
Fixes bug 6827; bugfix on c58675ca72
(when the v2 HS desc parser was implemented).

Found by asn.
2012-09-13 07:48:21 -04:00
Nick Mathewson
a73dec16c5 Merge branch 'bug6815' 2012-09-12 16:28:59 -04:00
Nick Mathewson
19136f6f11 Fix a wide line 2012-09-12 16:28:46 -04:00
Nick Mathewson
35e19b9498 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-12 11:11:16 -04:00
Nick Mathewson
1f5a7917f5 Merge remote-tracking branch 'public/bug6341_a_v2' into maint-0.2.3 2012-09-12 11:10:59 -04:00
Nick Mathewson
5cbeb60805 Fix directory self-testing logic
When I removed version_supports_begindir, I accidentally removed the
mechanism we had been using to make a directory cache self-test its
directory port.  This caused bug 6815, which caused 6814 (both in
0.2.4.2-alpha).

To fix this bug, I'm replacing the "anonymized_connection" argument to
directory_initiate_command_* with an enumeration to say how indirectly
to connect to a directory server.  (I don't want to reinstate the
"version_supports_begindir" argument as "begindir_ok" or anything --
these functions already take too many arguments.)

For safety, I made sure that passing 0 and 1 for 'indirection' gives
the same result as you would have gotten before -- just in case I
missed any 0s or 1s.
2012-09-12 10:26:59 -04:00
Nick Mathewson
75c9ccd4f8 Merge remote-tracking branch 'public/bug6538'
Conflicts:
	configure.ac
2012-09-11 17:51:36 -04:00
Nick Mathewson
f8a665c87d Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-11 13:21:20 -04:00
Nick Mathewson
5833861f62 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/test/test_util.c
2012-09-11 13:20:15 -04:00
Nick Mathewson
973c18bf0e Fix assertion failure in tor_timegm.
Fixes bug 6811.
2012-09-11 13:13:07 -04:00
Roger Dingledine
d85b563dbb Merge branch 'maint-0.2.3' 2012-09-10 18:25:57 -04:00
Nick Mathewson
bf71866da0 Merge branch 'remove_old_ver_checks' 2012-09-10 15:37:13 -04:00
Nick Mathewson
4319f99828 Merge remote-tracking branch 'public/ticket6789' 2012-09-10 15:31:04 -04:00
Nick Mathewson
8731a4e148 Avoid segfault when reading state file from ancient tor
If s_values is null in rep_hist_load_bwhist_state_section, we would
call smartlist_len() on it, and die.

Fixes bug 6801.
2012-09-10 10:35:18 -04:00
Nick Mathewson
cb8f64cdc8 Fix tab introduced in f43946829c 2012-09-10 10:22:40 -04:00
Nick Mathewson
0ab7716b9e Merge remote-tracking branch 'linus/bug6797' 2012-09-10 10:19:57 -04:00
Nick Mathewson
20e0e7d9d1 Rename _UseFilteringSSLBufferevents to lose its _. Bug 3155 2012-09-10 10:09:19 -04:00
meejah
f43946829c Hide options beginning with "___" from GETINFO config/names 2012-09-10 09:51:31 -04:00
meejah
65838f4883 rename _UsingTestNetworkDefaults to start with triple-underscore 2012-09-10 09:50:24 -04:00
Roger Dingledine
e1e34ee4e4 raise bandwidthrate/bandwidthburst to a new "infinite"
addresses bug 6605.
2012-09-10 03:03:06 -04:00
Linus Nordberg
93ee62297f Don't follow the NULL pointer.
If dirvote_create_microdescriptor() returns NULL, don't use md.

Found by "f. tp.".

Fixes bug 6797.
2012-09-10 00:43:48 +02:00
Roger Dingledine
f6639d5676 finish backing out 5492de76 2012-09-09 16:51:34 -04:00
Roger Dingledine
67abdcd8d9 minor logging improvement 2012-09-09 15:54:59 -04:00
Nick Mathewson
e8b09c0d51 Remove one more check for an insanely old version 2012-09-07 23:23:49 -04:00
Nick Mathewson
7988596f66 Remove version_supports checks for versions before 0.2.2. 2012-09-07 23:21:18 -04:00
Nick Mathewson
26cee96911 Dirservers no longer accept tors released before December 2011.
Implements ticket 6789.
2012-09-07 11:15:23 -04:00
Nick Mathewson
3fe2161d28 Merge remote-tracking branch 'asn/bug6788' 2012-09-07 10:51:38 -04:00
George Kadianakis
14f4a5da45 Remove redundant declaration of find_transport_name_by_bridge_addrport(). 2012-09-07 17:44:53 +03:00
Roger Dingledine
9446efc0df a debugging log line that just helped me 2012-09-07 03:04:15 -04:00
Nick Mathewson
f4cf279eb5 Rename extend_info_alloc() --> _new()
Based on a patch from Linus, regenerated so as to not conflict with
Linus's 5535/6363 patches.
2012-09-06 11:38:32 -04:00
Linus Nordberg
09c84b50e7 Rename packed_cell_alloc() --> _new(). 2012-09-06 11:37:00 -04:00
Linus Nordberg
3327a0a61c Rename config_alloc() --> _new(). 2012-09-06 11:37:00 -04:00
Nick Mathewson
1ca9e2685f Merge branch 'quiet_lib_versions_squashed' 2012-09-06 11:32:09 -04:00
Nick Mathewson
e3a130a7eb Don't log about Libevent/OpenSSL initialization when all's well
OTOH, log the Libevent and OpenSSL versions on the first line when
we're starting Tor.
2012-09-06 11:31:22 -04:00
Nick Mathewson
ad1e8b45df Merge branch 'bug6778' 2012-09-06 11:05:16 -04:00
Nick Mathewson
30fe9080e7 Fix a dependency: micro-revision.i influences tor_main.o, not tor_main.c 2012-09-06 11:00:32 -04:00
Nick Mathewson
e9684405ac Merge remote-tracking branch 'asn/bug4567_rebased' 2012-09-06 10:12:28 -04:00
Nick Mathewson
deee0b67c3 Merge remote-tracking branch 'asn/bug6765' 2012-09-06 10:12:11 -04:00
Nick Mathewson
91fed2c703 Fix a build-warning when building out-of-tree
We were trying to incorporate all headers in common_sha1.i, not just
the src/common ones.

This is part of bug 6778; fix on 0.2.4.1-alpha
2012-09-06 09:56:48 -04:00
Roger Dingledine
00120544a4 fix punctuation in logs 2012-09-06 01:35:05 -04:00
Nick Mathewson
5d679caa32 Fix warning when implicitly casting strlen(microdesc) to int
Harmless unless we somehow generate a microdesc of more than INT_MAX
bytes.
2012-09-05 20:49:25 -04:00
George Kadianakis
8284c2bcba Use tor_malloc_zero() in var_cell_new().
This is just a precaution; we seem to be using var_cell_t.payload and
var_cell_t.payload_len correctly at the moment.
2012-09-06 01:22:32 +03:00
Roger Dingledine
b00b8272da make AuthDirHasIPv6Connectivity match the man page
we can turn it into an autobool later if we have some way for it
to make a decision.

(patch possibly got lost when nickm merged #6770; or maybe nickm meant
for it to be this way. i'm not sure.)
2012-09-05 18:17:41 -04:00
Nick Mathewson
f8c1ab7bbf Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-05 16:25:13 -04:00
Linus Nordberg
0770e4ccdb Whitespace fixes. 2012-09-05 19:40:15 +02:00
Nick Mathewson
9d9ca264ec Avoid segfault if EntryGuardPathBias precedes EntryGuard
Fix for bug 6774; bugfix on 0.2.3.17-beta.
2012-09-05 13:27:54 -04:00
George Kadianakis
4edc57caa5 Figure out ORPort and DirPort even when 'auto' is used.
Use router_get_advertised_{dir,or}_port() functions instead of
get_primary_{dir,or}_port().
2012-09-05 20:17:25 +03:00
Nick Mathewson
116c8409ba Merge remote-tracking branch 'linus/bug6770_3'
Conflicts:
	doc/tor.1.txt
	src/or/config.c
2012-09-05 11:35:26 -04:00
George Kadianakis
44fe717524 General tweaks and fixes for Nick's comments.
* Add changes/ files.
* Edit the tor-fw-helper manpage.
* Fix check-spaces.
* Add prototype for get_list_of_ports_to_forward().
* Fix tor_parse_long() TCP port range.
* Improve doc. of tor_check_port_forwarding().
* Check for overflows in tor_check_port_forwarding().
* Demote successful port forwarding to LOG_INFO.

Conflicts:
	src/common/address.c
	src/or/circuitbuild.c
2012-09-05 18:23:28 +03:00
George Kadianakis
443260ffd8 Tweak code and pump the tor-fw-helper version.
Conflicts:
	src/or/circuitbuild.h
2012-09-05 18:09:45 +03:00
George Kadianakis
da16c425ef Start passing ports to tor_check_port_forwarding().
Conflicts:
	src/or/transports.c
2012-09-05 18:08:18 +03:00
George Kadianakis
cd05f35d2c Refactor tor to support the new tor-fw-helper protocol.
Add handle_fw_helper_output(), a function responsible for parsing the
output of tor-fw-helper. Refactor tor_check_port_forwarding() and
run_scheduled_events() accordingly too.

We now issue warnings when we get control output from tor-fw-helper,
and we log the verbose output of tor-fw-helper in LOG_INFO.

Conflicts:
	src/common/util.c
2012-09-05 18:04:34 +03:00
George Kadianakis
64b2a64310 Use get_lines_from_handle() in configure_proxy(). 2012-09-05 18:02:27 +03:00
Linus Nordberg
f7c97cd40b Remove AuthDirPublishIPv6 and let AuthDirHasIPv6Connectivity fill its function.
See #4771 for rationale.

Note that this patch does not take suggested changes in #4470 into
account and keeps treating AuthDirHasIPv6Connectivity as an
AUTOBOOL. Thus, bug fixes for that are included here as well.

This is a fix on master, unreleased as of now.
2012-09-05 13:35:39 +02:00
Linus Nordberg
0e53742a85 Make AuthDirHasIPv6Connectivity a BOOL.
This is a fix of unreleased tor. It solves ticket #6770.
2012-09-05 12:47:01 +02:00
Roger Dingledine
67065c3c06 minor typos i found while constructing the changelog 2012-09-05 04:46:27 -04:00
Nick Mathewson
4d87919ba6 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-04 18:34:39 -04:00
Nick Mathewson
acfd487e7d Merge remote-tracking branch 'arma/bug6743' into maint-0.2.3 2012-09-04 18:33:56 -04:00
Nick Mathewson
d7a646edcf Merge branch 'bug5535_only_rebased' 2012-09-04 18:24:20 -04:00
Nick Mathewson
ec94d0307e Merge remote-tracking branch 'linus/bug6363_only-ln' 2012-09-04 18:23:18 -04:00
Linus Nordberg
d34c690e54 Allocate vote_microdesc_hash_t using tor_malloc_zero().
In case the struct grows in the future. Shouldn't be too expensive.
2012-09-04 20:19:41 +02:00
Linus Nordberg
8ef395d6a9 Whitespace. 2012-09-04 20:19:40 +02:00
Linus Nordberg
b337aa4c0e Remove spurious debug log printout. 2012-09-04 19:27:05 +02:00
Linus Nordberg
d827a5495a Take microdesc into account when deciding about preferred OR port. 2012-09-04 12:57:22 -04:00
Linus Nordberg
8b081231b5 Make node_ipv6_preferred() take microdescs into account.
Also, make node_get_prim_orport() indicate in its return value whether
a valid OR port was copied or not.

Maybe we should make it legal to pass ap_out==NULL?
2012-09-04 12:57:22 -04:00
Linus Nordberg
3746215350 Take microdesc IPv6 address into account when setting node->ipv6_preferred.
Also, do this only for clients, explicitly.

Also, give the flag a value every time we set consensus. We used to
touch it only when ClientPreferIPv6ORPort was set, which was wrong.
2012-09-04 12:57:21 -04:00
Linus Nordberg
0f45dbefed Use preferred OR for nodes with routerstatus and microdesc too.
extend_info_from_node() used to use the primary OR port (i.e. IPv4)
unless the node had routerinfo. Now that we have IPv6 addresses in
microdescs we may want to use them.

Note that this patch changes using r->cache_info.identity_digest into
using node->identity. I count on these being well synchronised, or
things would break in other ways. Right?
2012-09-04 12:57:21 -04:00
Linus Nordberg
7a8366a3eb Add IPv6 OR port to microdesc_t and populate it. 2012-09-04 12:57:21 -04:00
Linus Nordberg
e04e1a2e7d Clients connect to public relays over IPv6.
Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.

Use "preferred OR port" for all entry nodes, not only for bridges.

Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
configured in Bridge line and ClientPreferIPv6ORPort is set.

Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
descriptor and ClientPreferIPv6ORPort is set.

Filter "preferred OR port" through the ClientUseIPv6 config option. We
might want to move this test to where actual connection is being set
up once we have a fall back mechanism in place.

Have only non-servers pick an IPv6 address for the first hop: We
don't want relays to connect over IPv6 yet. (IPv6 has never been used
for second or third hops.)

Implements ticket 5535.
2012-09-04 12:57:21 -04:00
Linus Nordberg
d6ad00a01f Clear the ipv6_preferred flag like the others.
I'm not entirely sure that this is meningful but I'm pretty sure it's
not harmful. Seems like the logical thing to do.
2012-09-04 12:55:38 -04:00
Linus Nordberg
c76a332887 Fix a comment. 2012-09-04 12:51:08 -04:00
Linus Nordberg
585ef06978 Add tor_addr_port_new(). 2012-09-04 12:03:42 -04:00
Linus Nordberg
68901da5a1 Generate microdescriptors with "a" lines.
Generate and store all supported microdescriptor formats. Generate
votes with one "m" line for each format. Only "m" lines with version
info matching chosen consensus method will be voted upon.

An optimisation would be to combine "m" lines with identical hashes,
i.e. instead of "m 1,2,3 H1" and "m 4,5 H1", say "m 1,2,3,4,5 H1".
2012-09-04 11:56:34 -04:00
Linus Nordberg
156ffef249 Have directory authorities vote on IPv6 OR ports according to the spec
Define new new consensus method 14 adding "a" lines to vote and
consensus documents.

From proposal 186:

  As with other data in the vote derived from the descriptor, the
  consensus will include whichever set of "a" lines are given by the
  most authorities who voted for the descriptor digest that will be
  used for the router.

This patch implements this.
2012-09-04 11:52:22 -04:00
Nick Mathewson
05ded76cb6 Merge remote-tracking branch 'arma/bug6759' 2012-09-04 10:18:51 -04:00
Nick Mathewson
3da9a14f1c Merge remote-tracking branch 'arma/feature6758' 2012-09-04 10:16:15 -04:00
Nick Mathewson
978a2251f3 Merge remote-tracking branch 'arma/feature6760' 2012-09-04 10:14:55 -04:00
Roger Dingledine
0a2fcc55c5 resolve an XXX by agreeing with nickm 2012-09-03 22:15:04 -04:00
Roger Dingledine
81c6db3288 make "Launching %d requests for %d routers" message more useful
specifically, specify what sort of routers we're fetching.
2012-09-03 22:10:49 -04:00
Roger Dingledine
3ea37e5faa quiet "I learned some more directory information" on startup
Reserve it for when new directory information arrives in response to
a fetch.

Resolves ticket 6760.
2012-09-03 19:49:44 -04:00
Roger Dingledine
2131cc125b Don't log about reloading the microdescriptor cache at startup
Addresses bug 6759.
2012-09-03 18:50:27 -04:00
Roger Dingledine
e964f81143 omit the first heartbeat message (resolves ticket 6758) 2012-09-03 18:13:35 -04:00
Roger Dingledine
4bd90e20b9 fix whitespace and trivial typo 2012-09-03 02:09:39 -04:00
Roger Dingledine
eb3d079667 Make begindir_cutoff the same as general_cutoff
Allow one-hop directory fetching circuits the full "circuit build timeout"
period, rather than just half of it, before failing them and marking
the relay down. This fix should help reduce cases where clients declare
relays (or worse, bridges) unreachable because the TLS handshake takes
a few seconds to complete.

Fixes bug 6743 (one piece of bug 3443); bugfix on 0.2.2.2-alpha, where
we changed the timeout from a static 30 seconds.
2012-09-01 01:25:17 -04:00
Nick Mathewson
9982122f34 Use a time-invariant comparison in choose_array_element_by_weight 2012-08-28 12:42:25 -04:00
Nick Mathewson
5c3199cda7 In choose-by-bw, scale to better use the range of uint64
The smart part of this is based on an approach and a suggestion by
rransom. The unsmart part is my own fault.
2012-08-27 19:36:12 -04:00
Nick Mathewson
3363a0d26e Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:39:30 -04:00
Nick Mathewson
a7a4bbff47 Quiet "Set buildtimeout to low val" warnings: make them info
Fix for #6251
2012-08-27 16:37:09 -04:00
Nick Mathewson
f40378118c Merge remote-tracking branch 'mikeperry/bug6647' 2012-08-27 16:23:19 -04:00
Nick Mathewson
b252ffa7cb Downgrade path-bias warning messages to INFO for now.
We've had over two months to fix them, and didn't.  Now we need
0.2.3.x stable.  Yes, it would be cool to get this working in
0.2.3.x, but not at the expense of delaying every other feature that
_does_ work in 0.2.3.x.  We can do a real fix in 0.2.4.
2012-08-27 16:18:35 -04:00
Nick Mathewson
0c5a44ed0a Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:16:27 -04:00
Nick Mathewson
bffe0d3ccc Merge branch 'bug6710_023' into maint-0.2.3 2012-08-27 16:15:01 -04:00
Nick Mathewson
e232938ec8 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:09:29 -04:00
Nick Mathewson
443e4ae1ee Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/or/policies.c
2012-08-27 16:07:04 -04:00
Nick Mathewson
62d96284f7 Do not assert when comparing a null address/port against a policy
This can create a remote crash opportunity for/against directory
authorities.
2012-08-27 12:04:55 -04:00
Nick Mathewson
b7c172c9ec Disable extending to private/internal addresses by default
This is important, since otherwise an attacker can use timing info
to probe the internal network.

Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.

Fix for bug 6710; bugfix on all released versions of Tor.
2012-08-27 11:19:29 -04:00
Nick Mathewson
5898c09c3a Fix whitespace 2012-08-27 10:53:40 -04:00
Nick Mathewson
7795f42e4b Merge branch 'bug6524_nm' 2012-08-27 10:33:24 -04:00
Jim Meyering
90d1c85757 build: minimal adjustments to make out-of-tree build work 2012-08-27 10:00:22 -04:00
Nick Mathewson
b3b4f31936 Merge remote-tracking branch 'linus/bug6364' 2012-08-27 09:53:37 -04:00
Nick Mathewson
6f7dbd3d34 Merge remote-tracking branch 'linus/bug6362' 2012-08-27 09:50:22 -04:00
Nick Mathewson
6864a44a4a Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-24 12:51:50 -04:00
Nick Mathewson
ce4add498f Merge remote-tracking branch 'public/bug6472' into maint-0.2.3 2012-08-24 12:51:02 -04:00
Nick Mathewson
ca09ea0a8b Make node_assert_ok less duplicatey
This comes at the cost of making its failure message a little less
friendly, but since when do assertion failures count as
user-friendly?
2012-08-24 12:48:23 -04:00
Nick Mathewson
03ca9c63c8 Clarify docs on get_configured_bridge_by_*_digest 2012-08-24 12:31:09 -04:00
Mike Perry
e13abda470 Bug 6647: Use correct scale constant and prevent rounding error
We were effectively resetting our counts, and the rounding error
leads to incorrect log messages.
2012-08-23 20:28:29 -07:00
Mike Perry
4950618b13 Bug 6475: Demote pathbias log messages for 0.2.3.x
Also make a couple of them less scary.

We'll do a separate, additional commit on 0.2.4.x to bump them back
up again.
2012-08-23 20:28:25 -07:00
Mike Perry
880c71304b Disable path bias accounting if we have no guards.
This should eliminate a lot of notices for Directory Authorities and other
situations where circuits built without using guard nodes.
2012-08-23 19:47:08 -07:00
Linus Nordberg
3410a46ebc Move ipv6_preferred from routerinfo_t to node_t.
Move extend_info_from_router() from circuitbuild.c to router.c and
make it static.

Add get_configured_bridge_by_orports_digest() and have
get_configured_bridge_by_routerinfo() and
node_is_a_configured_bridge() use it. We now consider all OR ports of
a bridge when looking for it.

Move node_get_*_orport to nodelist.c.

Fix a cut'n'paste error in header of nodelist.h.

Add node_assert_ok().

Add router_get_all_orports(). It's duplicating code from
node_get_all_orports(). Worth fixing at the cost of complicating the
API slightly?
2012-08-23 22:13:12 +02:00
Nick Mathewson
6d703f8db5 Make the _sha1.i file generation quieter 2012-08-23 13:14:41 -04:00
Linus Nordberg
734b09080f Fetch IPv6 address from NETINFO "other OR's address" field.
The my_apparent_addr is still unused, apart from now being logged in
the "Got good NETINFO cell" info message.
2012-08-21 18:43:36 +02:00
Nick Mathewson
64676d0571 Merge branch 'bug6638' 2012-08-21 11:20:58 -04:00
Nick Mathewson
939d01f0ba Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-21 10:36:51 -04:00
Nick Mathewson
991a8acba2 Merge remote-tracking branch 'public/bug6404' into maint-0.2.3 2012-08-21 10:35:40 -04:00
Nick Mathewson
d517233e71 Merge remote-tracking branch 'linus/bug6621' 2012-08-21 10:21:53 -04:00
Nick Mathewson
778d90122c Avoid spurious warnings in rend_service_introduce
There was some code in the "err:" block that would always log a
warning, reporting an "unknown error" if we hadn't set err_msg.  But
there were also plenty of "goto err" blocks that did their own
logging, and never set err_msg at all.  Now we should only log when
we have an error message to log.

This fixes bug 6638, from no released Tor version.
2012-08-21 10:15:52 -04:00
Linus Nordberg
9216e2819b Send IPv6 address in NETINFO cells.
Closes #6364.
2012-08-20 17:01:18 +02:00
Linus Nordberg
5671586dc7 Make all relays, not only bridges, capable of advertising an IPv6 OR port.
Closes #6362.
2012-08-19 14:48:22 +02:00
Nick Mathewson
661bd3fe71 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 17:10:16 -04:00
Nick Mathewson
88859b2ff1 whitespace fix 2012-08-17 17:10:03 -04:00
Nick Mathewson
223e7cfabe When iterating over connections pending DNS, skip marked ones
Failure to do this would lead to double-free cases and similar,
especially when the exit's DNS was broken. See bug 6472 for full
details; this is a fix for 6472.

Anonymous patch from "cypherpunks" on trac.
2012-08-17 16:46:11 -04:00
Nick Mathewson
1c64f99a1a Merge remote-tracking branch 'public/bug5124' 2012-08-17 16:05:09 -04:00
Nick Mathewson
d9746bd468 Remove needless flush-on-write code.
Long ago, before we had cell queues, it was necessary to maybe call
connection_handle_write() from connectino_write_to_buf_impl() on OR
connections, so that we wouldn't get into a loop of reading infinite
amounts of data and queueing it all on an outbuf before bothering to
write any data.

If that doesn't sounds like what our code does now, you're right:
right now, we won't stick more than OR_CONN_HIGHWATER bytes of cells
on an outbuf, and we won't suck more than CELL_QUEUE_HIGHWATER_SIZE
cells off any edge connection. So, there's no more call for that
code.

Removing this code will simplify our data flow, and that should be
something we can all get behind.
2012-08-17 16:01:30 -04:00
Nick Mathewson
a9d56289ee Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 15:59:40 -04:00
Linus Nordberg
9ed87b37d0 Consider IPv6 OR ports when deciding whether a routerinfo change is cosmetic.
Closes #6423.
2012-08-17 15:59:13 -04:00
Nick Mathewson
eec86939d1 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 12:39:31 -04:00
Nick Mathewson
e9172e51fb Merge remote-tracking branch 'public/bug6244_part_c' into maint-0.2.3 2012-08-17 12:37:49 -04:00
Nick Mathewson
1728801bbc Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 12:34:52 -04:00
Nick Mathewson
676f71054f Merge remote-tracking branch 'public/bug6507' into maint-0.2.3 2012-08-17 12:33:17 -04:00
Nick Mathewson
a4669d8704 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 12:10:44 -04:00
Nick Mathewson
a74d4182f1 Whitespace and build fixes on 6475 patch 2012-08-17 12:10:31 -04:00
Nick Mathewson
3621f30ad4 Merge remote-tracking branch 'mikeperry/bug6475' into maint-0.2.3 2012-08-17 12:08:42 -04:00
Nick Mathewson
274e281741 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 11:54:05 -04:00
Nick Mathewson
f25e8d034b Merge remote-tracking branch 'public/bug6514' into maint-0.2.3 2012-08-17 11:53:06 -04:00
Linus Nordberg
b1c4b3ad0e Make authorities not set Running unless all advertised OR ports are reachable.
Resolves #6621.
2012-08-17 12:53:25 +02:00
Mike Perry
4e42a8a2f2 Address Nick's comments from code review.
Also promote log messages to notice and rate-limit them.
2012-08-16 16:29:19 -07:00
Mike Perry
ec6a7effb8 Bug 6475: Explicitly track our path bias state.
This is done to avoid spurious warns. Additional log lines are also
added to try to track down the codepaths where we are somehow overcounting
success counts.
2012-08-15 19:59:55 -07:00
Nick Mathewson
2ba52f4095 Fix wildcarded address mappings from the control port
Apparently, we weren't actually detecting wildcardedness when parsing
them: whoops!

bug 6244.  Bugfix on 0.2.3.9-alpha
2012-08-15 17:59:30 -04:00
Nick Mathewson
959f850056 Raise the part of torrc mapaddress handling that knows wildcards
This patch extracts the inner part of config_register_addressmaps --
the part that knows about detecting wildcard addresses addresses --
and makes it into a new function.  The new function is deliberately
not moved or reindented, so that the diff is smaller.

I need this to fix bug 6244.
2012-08-15 17:52:40 -04:00
Nick Mathewson
cdd882ee71 Check for stream_id, not conn, on extend cells.
Extend cells aren't allowed to have a stream_id, but we were only
blocking them when they had a stream_id that corresponded to a
connection.  As far as I can tell, this change is harmless: it will
make some kinds of broken clients not work any more, but afaik nobody
actually make a client that was broken in that way.

Found while hunting for other places where we made the same mistake
as in 6271.

Bugfix on d7f50337c1 back from May 2003, which introduced
telescoping circuit construction into 0.0.2pre8.
2012-08-15 13:16:41 -04:00
Nick Mathewson
a9eed33111 Fix memory leak in dirvote_create_microdescriptor
Found by George, who gets a cookie.
2012-08-14 03:07:17 -04:00
Nick Mathewson
f45cde05f9 Remove tor_malloc_roundup().
This function never actually did us any good, and it added a little
complexity.  See the changes file for more info.
2012-08-13 13:27:32 -04:00
Nick Mathewson
d993b04485 Reject attempts to say FooPort and FooPort 0 in the same cfg domain 2012-08-09 16:13:03 -04:00
Nick Mathewson
e1fb3b8d65 Fix spaces from last patch 2012-08-09 16:02:57 -04:00
Nick Mathewson
dfe03d36c8 Don't infer we have a FooPort from the presence of a FooPort line
Thanks to the changes we started making with SocksPort and friends
in 0.2.3.3-alpha, any of our code that did "if (options->Sockport)"
became wrong, since "SocksPort 0" would make that test true whereas
using the default SocksPort value would make it false.  (We didn't
actually do "if (options->SockPort)" but we did have tests for
TransPort.  When we moved DirPort, ORPort, and ControlPort over to
the same system in 0.2.3.9-alpha, the problem got worse, since our
code is littered with checks for DirPort and ORPort as booleans.

This code renames the current linelist-based FooPort options to
FooPort_lines, and adds new FooPort_set options which get set at
parse-and-validate time on the or_options_t.  FooPort_set is true
iff we will actually try to open a listener of the given type. (I
renamed the FooPort options rather than leave them alone so that
every previous user of a FooPort would need to get inspected, and so
that any new code that forgetfully uses FooPort will need fail to
compile.)

Fix for bug 6507.
2012-08-09 15:48:43 -04:00
Nick Mathewson
07df4dd52d Refactor the core of choosing by weights into a function
This eliminates duplicated code, and lets us test a hairy piece of
functionality.
2012-08-09 14:15:58 -04:00
Nick Mathewson
9bfb274abb Refactor smartlist_choose_node_by_bandwidth to be less horrible.
With this patch, I dump the old kludge of using magic negative
numbers to indicate unknown bandwidths.  I also compute each node's
weighted bandwidth exactly once, rather than computing it once in
a loop to compute the total weighted bandwidth and a second time in
a loop to find which one we picked.
2012-08-09 12:59:04 -04:00
Nick Mathewson
50aecc68ca Use a smarter fix for bug 1203.
Previously, we had incremented rand_bw so that when we later tested
"tmp >= rand_bw", we wouldn't have an off-by-one error.  But instead,
it makes more sense to leave rand_bw alone and test "tmp > rand_bw".

Note that this is still safe.  To take the example from the bug1203
writeup: Suppose that we have 3 nodes with bandwidth 1.  So the
bandwidth array is { 1, 1, 1 }, and the total bandwidth is 3.  We
choose rand_bw == 0, 1, or 2.  With the first iteration of the loop,
tmp is now 1; with the second, tmp is 2; with the third, tmp is 3.
Now that our check is tmp > rand_bw, we will set i in the first
iteration of the loop iff rand_bw == 0; in the second iteration of
the loop iff rand_bw == 1, and in the third iff rand_bw == 2.
That's what we want.

Incidentally, this change makes the bug 6538 fix more ironclad: once
rand_bw is set to UINT64_MAX, tmp > rand_bw is obviously false
regardless of the value of tmp.
2012-08-09 12:41:28 -04:00
Nick Mathewson
640a51684c Remove remaining timing-dependency in choosing nodes by bandwidth
The old approach, because of its "tmp >= rand_bw &&
!i_has_been_chosen" check, would run through the second part of the
loop slightly slower than the first part.  Now, we remove
i_has_been_chosen, and instead set rand_bw = UINT64_MAX, so that
every instance of the loop will do exactly the same amount of work
regardless of the initial value of rand_bw.

Fix for bug 6538.
2012-08-09 12:40:03 -04:00
Nick Mathewson
e106812a77 Change smartlist_choose_node_by_bandwidth to avoid double
This should make our preferred solution to #6538 easier to
implement, avoid a bunch of potential nastiness with excessive
int-vs-double math, and generally make the code there a little less
scary.

"But wait!" you say.  "Is it really safe to do this? Won't the
results come out differently?"

Yes, but not much.  We now round every weighted bandwidth to the
nearest byte before computing on it.  This will make every node that
had a fractional part of its weighted bandwidth before either
slighty more likely or slightly less likely.  Further, the rand_bw
value was only ever set with integer precision, so it can't
accurately sample routers with tiny fractional bandwidth values
anyway.  Finally, doing repeated double-vs-uint64 comparisons is
just plain sad; it will involve an implicit cast to double, which is
never a fun thing.
2012-08-09 12:21:37 -04:00
Stewart Smith
2e80ae895d fix circular dependency for generating code digests 2012-08-09 11:03:48 -04:00
Stewart Smith
7bb04f111a fix dependencies for some generated files 2012-08-09 11:03:47 -04:00
Stewart Smith
2a4a149624 Move to non-recursive make
This gives us a few benefits:
1) make -j clean all
   this will start working, as it should. It currently doesn't.
2) increased parallel build
   recursive make will max out at number of files in a directory,
   non-recursive make doesn't have such a limitation
3) Removal of duplicate information in make files,
   less error prone

I've also slightly updated how we call AM_INIT_AUTOMAKE, as the way
that was used was not only deprecated but will be *removed* in the next
major automake release (1.13).... so probably best that we can continue
to bulid tor without requiring old automake.
(see http://www.gnu.org/software/automake/manual/html_node/Public-Macros.html )

For more reasons  why, see resources such as:
http://miller.emu.id.au/pmiller/books/rmch/
2012-08-09 11:03:47 -04:00
Nick Mathewson
ca90aea5eb Temporarily make spurious sendmes warn louder at arma's suggestion. 2012-08-09 10:55:33 -04:00
Nick Mathewson
0b21170085 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-09 10:52:45 -04:00
Nick Mathewson
91b52a259a Merge remote-tracking branch 'public/bug6252_again' into maint-0.2.3 2012-08-09 10:50:11 -04:00
Nick Mathewson
aa584fd3a3 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-03 12:04:36 -04:00
Nick Mathewson
93be3a8822 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/or/routerlist.c
2012-08-03 12:04:11 -04:00
Robert Ransom
308f6dad20 Mitigate a side-channel leak of which relays Tor chooses for a circuit
Tor's and OpenSSL's current design guarantee that there are other leaks,
but this one is likely to be more easily exploitable, and is easy to fix.
2012-08-03 11:49:51 -04:00
Nick Mathewson
860c4fc811 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-03 11:46:03 -04:00
Robert Ransom
82c5e385cb Remove bogus comment claiming that an assertion is triggerable by consensus 2012-08-03 11:45:33 -04:00
Nick Mathewson
6c64681879 Fix a bunch of "implicit 64->32" warnings from introduce refactoring 2012-08-03 11:31:04 -04:00
Nick Mathewson
babf8e2a85 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-03 11:23:06 -04:00
Nick Mathewson
1040afb242 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-08-03 11:18:40 -04:00
Nick Mathewson
57e35ad3d9 Avoid possible segfault when handling networkstatus vote with bad flavor
Fix for 6530; fix on 0.2.2.6-alpha.
2012-08-03 10:53:00 -04:00
Matthew Finkel
b50eb14bbf Updated docs for new connections. 2012-08-02 16:15:23 -04:00
Nick Mathewson
65d8448209 Merge remote-tracking branch 'sysrqb/bug6518' 2012-08-02 15:45:10 -04:00
Matthew Finkel
a47e4343de Constify struct sockaddr *sa parameter for check
The values are only being checked, not modified.
2012-08-02 15:29:38 -04:00
Matthew Finkel
d91bbf376c Removed redundant check_sockaddr_family_match call 2012-08-02 15:13:34 -04:00
Nick Mathewson
2d6d5db2fe Defensive programming: clear rs_out between iterations.
I can't currently find a bug here, but there are a couple of
near-misses.  Addresses ticket 6514; reported pseudonymously on
IRC.
2012-08-01 17:25:34 -04:00
Nick Mathewson
c49975a2b8 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-31 17:20:36 -04:00
Nick Mathewson
62637fa224 Avoid hard (impossible?)-to-trigger double-free in dns_resolve()
Fixes 6480; fix on 0.2.0.1-alpha; based on pseudonymous patch.
2012-07-31 17:19:17 -04:00
Nick Mathewson
92f5eaa235 Whitespace tweaks 2012-07-31 17:08:13 -04:00
Andrea Shepard
048c128f93 Add replaycache.h to noinst_HEADERS in src/or/Makefile.am 2012-07-31 17:08:12 -04:00
Andrea Shepard
471ab34032 Refactor INTRODUCE2 parsing code in rend_service_introduce() 2012-07-31 17:08:12 -04:00
Andrea Shepard
36c968491f Use new replaycache_t structure for replay detection in rend_service_introduce() 2012-07-31 17:08:12 -04:00
Andrea Shepard
8f63ef10ad Implement replaycache_t for bug 6177, and unit tests for the preceding 2012-07-31 17:08:05 -04:00
Nick Mathewson
d3e1e458e1 Remove the upper limit on the size of MD we can generate. 2012-07-31 13:12:07 -04:00
Nick Mathewson
063138e001 Warn at parse time for routerstatus entry missing a microdesc consensus
In 0.2.3.18-rc, we started warning on this case while building a
list of missing microdescriptor digests.  That turned out to spam
the logs; instead let's warn at parse time.

Partial fix for bug 6404.
2012-07-31 11:01:57 -04:00
Nick Mathewson
7143d112a6 Don't include a router in an md consensus if we can't find a md for it.
The spec requires that every router in a microdesc consensus have an
m line; we weren't obeying that spec.

This creates a new consensus method (13) to allow voting to continue
to work right. Partial fix for bug 6404; fix on 0.2.2.6-alpha.
2012-07-31 10:54:14 -04:00
Nick Mathewson
2503cfad24 Allow microdescs to be up to 2k. Partial fix for 6404. 2012-07-31 10:48:35 -04:00
Nick Mathewson
5919e8e561 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-31 10:29:34 -04:00
Nick Mathewson
aed93f8ad9 Merge branch 'bug6490_v2' into maint-0.2.3 2012-07-31 10:28:43 -04:00
Nick Mathewson
2bd45213c9 Warn when accounting is used in a way likely to link hidden services
Fix for 6490.
2012-07-31 10:28:16 -04:00
Roger Dingledine
1049d315d7 Merge branch 'maint-0.2.3' 2012-07-31 05:10:23 -04:00
Roger Dingledine
1004489354 trivial grammar fix 2012-07-31 05:10:05 -04:00
Nick Mathewson
08e65ce04f Fix small memleak introduced in recent patch; fixe 6455. 2012-07-24 10:20:00 -04:00
Nick Mathewson
20b625a0fd Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-23 12:36:04 -04:00
Nick Mathewson
692005b38d Merge remote-tracking branch 'asn/bug6274_take3' into maint-0.2.3 2012-07-23 12:35:23 -04:00
Linus Nordberg
fff842a47c Add config option AuthDirPublishIPv6.
Test for config option AuthDirPublishIPv6 == 1 rather than for running
as a bridge authority when deciding whether to care or not about IPv6
OR ports in descriptors.

Implements enhancement #6406.
2012-07-19 17:51:15 -04:00
Nick Mathewson
6208106c18 Try to re-approximate the older semantics of nodelist_add_routerinfo 2012-07-19 17:51:15 -04:00
Linus Nordberg
dee4f068ee Don't shadow 'buf'. 2012-07-19 18:21:23 +02:00
Linus Nordberg
044da1bf0f Add configure option AuthDirHasIPv6Connectivity.
Implements enhancement 5974.
2012-07-19 18:21:22 +02:00
Linus Nordberg
cdef2b181a Rename routers_have_same_or_addr() to reflect the fact that it now checks both OR ports. 2012-07-19 18:21:22 +02:00
Linus Nordberg
7c80a4502c Include IPv6 OR ports in status documents only if we're a bridge authority. 2012-07-19 18:21:21 +02:00
Linus Nordberg
6d99c51f15 Don't put unreachable IPv6 OR port in routerstatus.
To have only reachable ports in "a" lines.
2012-07-19 18:21:21 +02:00
Linus Nordberg
dda177b19e Add "a" line to status document. 2012-07-19 18:21:21 +02:00
Linus Nordberg
4cce8ab742 Add last_reachable and testing_since for IPv6 OR port. 2012-07-19 18:21:20 +02:00
Linus Nordberg
c1ff07440e Don't assume that a node has routerinfo.
We can end up in dirserv_orconn_tls_done() with a node missing
routerinfo in at least two cases -- command_process_certs_cell() and
connection_or_check_valid_tls_handshake() -- and probably more.
2012-07-19 18:21:20 +02:00
Linus Nordberg
631ec5c4fe Move last_reachable and testing_since from routerinfo_t to node_t. 2012-07-19 18:21:20 +02:00
Nick Mathewson
24451e6f7d Avoid double-typedef of transport_t.
You can say "struct foo_t" as much as you want, but you'd better not
have "typedef struct foo_t foo_t" more than once.

Fix for bug 6416.  Bug not in any released version of Tor.
2012-07-19 09:06:11 -04:00
George Kadianakis
a1d060a68f Better handling of server managed proxies when Tor is not a relay. 2012-07-18 20:01:02 +02:00
Nick Mathewson
5ade278605 Check ewma_enabled before doing circ-has-become-inactive check
This avoids a possible crash bug in flush_from_first_active_circuit.

Fixes bug 6341; bugfix on 0.2.2.7-alpha.

Bug reported and fixed by a pseudonymous user on IRC.
2012-07-18 10:28:55 -04:00
Roger Dingledine
c1bd104111 Detect bug 6252 (unexpected sendme cell)
I only check on circuits, not streams, since bloating your stream
window past the initial circuit window can't help you much.

Also, I compare to CIRCWINDOW_START_MAX so we don't have surprising
races if we lower CIRCWINDOW_START for an experiment.
2012-07-18 10:23:04 -04:00
Nick Mathewson
f8c9cc713d Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-18 10:14:40 -04:00
Nick Mathewson
b355ddb20f Merge branch 'smartlist_shorten' into maint-0.2.3 2012-07-18 10:14:14 -04:00
Nick Mathewson
ec8bdc5da8 Merge remote-tracking branch 'asn/bug3589' 2012-07-17 12:05:08 -04:00
Nick Mathewson
f9478b7a79 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-17 12:03:10 -04:00
Nick Mathewson
4cac5df554 Improve message on spurious SOCKSListenAddress 2012-07-17 12:02:55 -04:00
Nick Mathewson
efdf6c7118 Fix the remaining instances of nexted SMARTLIST_FOREACH 2012-07-17 10:41:24 -04:00
Nick Mathewson
7faf115dff Change all SMARTLIST_FOREACH loops of >=10 lines to use BEGIN/END
The SMARTLIST_FOREACH macro is more convenient than BEGIN/END when
you have a nice short loop body, but using it for long bodies makes
your preprocessor tell the compiler that all the code is on the same
line.  That causes grief, since compiler warnings and debugger lines
will all refer to that one line.

So, here's a new style rule: SMARTLIST_FOREACH blocks need to be
short.
2012-07-17 10:34:08 -04:00
Nick Mathewson
0b6fb5ebcd Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-17 09:50:18 -04:00
Linus Nordberg
21c6c84853 Allow TestingTorNetwork when alternate dir and bridge authorities are set.
Allow TestingTorNetwork when AlternateDirAuthority and
AlternateBridgeAuthority is set even if DirServer is not.
2012-07-17 09:35:38 -04:00
Nick Mathewson
7ac8a4a037 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-16 11:50:53 -04:00
Nick Mathewson
93b7301755 Refer to the correct variable in a loop when parsing entry guard state
Fixes bug 6397 and coverity issue 709599. Bugfix on 0.2.3.17-beta.
2012-07-16 11:49:45 -04:00
George Kadianakis
8b9f4d75f2 Address Nick's comments.
- Add a changes/ file.
- Make it compile under --enable-gcc-warnings.
- Update the file-level documentation of src/or/transports.c.
- Only update descriptor if at least a managed proxy was configured.
- Add our external IP address to the extra-info descriptor instead of 0.0.0.0.
2012-07-12 15:28:43 +02:00
Roger Dingledine
1fee920999 Merge branch 'maint-0.2.3' 2012-07-06 08:59:26 -04:00
Roger Dingledine
27ec0248d2 Merge remote-tracking branch 'nickm/bug6271_part_a' into maint-0.2.3 2012-07-06 08:57:29 -04:00
Nick Mathewson
419f541aa7 Fix a bug handling SENDME cells on nonexistent streams.
This could result in bizarre window values. Report and patch
contributed pseudymously.  Fixes part of bug 6271. This bug was
introduced before the first Tor release, in svn commit r152.

(bug 6271, part a.)
2012-07-06 07:29:54 -04:00
Nick Mathewson
7e8d7a017e Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-05 05:08:54 -04:00
Nick Mathewson
e9b33ed1bf On windows, ENOBUFS starts with WSA. #6296. Fix on 0.2.18-rc 2012-07-05 05:01:00 -04:00
George Kadianakis
f8e49c5789 Change extra-info "method" to "transport". 2012-07-03 21:26:03 +03:00
George Kadianakis
ca4e986c1d Mark descriptor as dirty if all managed proxies are configured. 2012-07-03 21:26:03 +03:00
George Kadianakis
9dea3a03b9 Add pluggable transport info to extra-info descriptors. 2012-07-03 21:26:03 +03:00
George Kadianakis
4bafe24400 Constify some functions. 2012-07-03 21:26:03 +03:00
George Kadianakis
17caec3676 Make some transports.c functions static.
- Also reorder functions.
2012-07-03 21:26:03 +03:00
George Kadianakis
aecc728a5a Refactor mp->transports to use transport_t. 2012-07-03 21:26:03 +03:00
George Kadianakis
d11b772a6c Introduce a transport_t deep copy function. 2012-07-03 21:26:03 +03:00
George Kadianakis
6173d36340 Move transport-related functions from circuitbuild.c to transports.c.
Move 'transport_t' to transports.h, and all transport-related
functions that don't rely on 'bridge_list' to transports.c.
2012-07-03 21:26:03 +03:00
Roger Dingledine
46434ecf5b Merge branch 'maint-0.2.3' 2012-07-01 17:37:59 -04:00
Roger Dingledine
d13389b30e Revert "Detect bug 6252 (unexpected sendme cell)"
This reverts commit c32ec9c425.

It turns out the two sides of the circuit don't actually stay in sync,
so it is perfectly normal for the circuit window on the exit relay to
grow to 2000+. We should fix that bug and then reconsider this patch.
2012-07-01 17:36:35 -04:00
Roger Dingledine
6061cd584c Merge branch 'maint-0.2.3' 2012-07-01 05:32:37 -04:00
Roger Dingledine
c32ec9c425 Detect bug 6252 (unexpected sendme cell)
I only check on circuits, not streams, since bloating your stream
window past the initial circuit window can't help you much.

Also, I compare to CIRCWINDOW_START_MAX so we don't have surprising
races if we lower CIRCWINDOW_START for an experiment.
2012-07-01 05:27:08 -04:00
Nick Mathewson
6abdcdf116 Fix crash bug from 4a8eaad7 (Bug 6255)
We were doing a tor_strclear() on client_keys_str when it might not
even be set.

Fix for bug 6255; bug not in any release of Tor.  Thanks to katmagic
for finding this one!
2012-06-29 00:32:27 -04:00
Nick Mathewson
19a81ef020 Merge commit '81cd3d7ad641a8dbf' 2012-06-28 15:52:57 -04:00
Nick Mathewson
e13e9c40c8 Never emit the "opt" prefix in any directory stuff
Fix for bug 5124.
2012-06-28 15:47:07 -04:00
Brendan C
a6169800f8 Fix bug 3842: add a GETINFO signal/names
Also refactor SIGNAL so that it and signal/names use the same table.

(commit message by nickm)
2012-06-28 15:39:19 -04:00
meejah
12298901fd add new GETINFO config/defaults
returns the default values for every configuration item, similar
to GETINFO config/names; include a changes entry for it.

Fix for bug 4971
2012-06-28 15:15:51 -04:00
Roger Dingledine
dd7a27d17e fix grammar in comment 2012-06-28 13:43:01 -04:00
Nick Mathewson
96746e39f6 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-28 10:57:23 -04:00
Nick Mathewson
217862b317 Merge remote-tracking branch 'public/bug6244_part2' into maint-0.2.3 2012-06-28 10:49:32 -04:00
Nick Mathewson
d4a64fdc02 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-28 10:48:06 -04:00
Andrea Shepard
bdc8270280 Downgrade 'Got a certificate, but we already have it' log message from warning to info, except when we're a dirauth (fixes bug 5238) 2012-06-28 10:42:43 -04:00
Nick Mathewson
d4285f03df Extend tor_sscanf so it can replace sscanf in rephist.c
Fixes bug 4195 and Coverity CID 448
2012-06-28 09:54:05 -04:00
Nick Mathewson
28c42fe029 Fix GETINFO address-mappings/... with wildcarded addresses. 2012-06-27 23:55:01 -04:00
Nick Mathewson
e12eba55b2 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-27 23:45:59 -04:00
Nick Mathewson
23f2e37ff7 Allow wildcarded mapaddress targets in controller MAPADDRESS command 2012-06-27 23:38:04 -04:00
Nick Mathewson
4050800251 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-26 10:30:51 -04:00
Nick Mathewson
c4586f4df7 Downgrade message about md cache cleaning from notice to info
Fix for #6238
2012-06-26 10:30:11 -04:00
Nick Mathewson
7c9f6a994f Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-25 13:23:07 -04:00
George Kadianakis
53e4452f98 Don't do DNS lookups when parsing corrupted managed proxy messages.
The functions parse_{s,c}method_line() were using
tor_addr_port_lookup() which is capable of doing DNS lookups. DNS
lookups should not be necessary when parsing {C,S}METHOD lines.
2012-06-25 13:19:22 -04:00
Nick Mathewson
888d5d08fe Merge remote-tracking branch 'public/bug2385' 2012-06-25 12:05:36 -04:00
Nick Mathewson
a6688c574e Catch a few more K&R violations with make check-spaces
We now catch bare {s that should be on the previous line with a do,
while, if, or for, and elses that should share a line with their
preceding }.

That is,
    if (foo)
    {
and
    if (foo) {
      ...
    }
    else

are now detected.

We should think about maybe making Tor uncrustify-clean some day,
but configuring uncrustify is an exercise in bizarreness, and
reformatting huge gobs of Tor is always painful.
2012-06-23 15:54:01 -04:00
George Kadianakis
8c3a4a1d21 Improve log message issued when a managed proxy fails to launch. 2012-06-23 15:05:46 -04:00
Nick Mathewson
ebda15e4b5 Merge remote-tracking branch 'public/bug6211' into maint-0.2.3 2012-06-22 22:38:59 -04:00
Nick Mathewson
c239c57d3c Fix a regression bug in AllowDotExit
The code that detected the source of a remapped address checked that
an address mapping's source was a given rewrite rule if addr_orig had
no .exit, and addr did have a .exit after processing that rule.  But
addr_orig was formatted for logging: it was not the original address
at all, but rather was the address escaped for logging and possibly
replaced with "[scrubbed]".

This new logic will correctly set ADDRMAPSRC_NONE in the case when the
address starts life as a .exit address, so that AllowDotExit can work
again.

Fixes bug 6211; bugfix on 0.2.3.17-beta
2012-06-19 19:50:03 -04:00
Nick Mathewson
0600e8cab1 Disable warning for marked-but-reading in main.c
It turns out this can happen.  Even though there is no reason for
connections to be marked but reading, we leave them reading anyway,
so warning here is unwarranted.  Let's turn that back on once we do
something sensible and disable reading when we mark.  Bugfix for
6203 on Tor 0.2.3.17-beta.

Thanks to cypherpunks for pointing out the general stupidity of the
original code here.
2012-06-19 12:22:43 -04:00
Nick Mathewson
4a8eaad7ef Clear a couple more fields in rend_service_load_auth_keys 2012-06-18 13:13:53 -04:00
Nick Mathewson
b8d1e8e375 Refactor exit path in rend_service_load_auth_keys
Now it's an orthodox "goto err/done" exit path, and it isn't some
screwy thing where we stick err/done at the end of a loop and
duplicate our cleanup code.
2012-06-18 13:10:02 -04:00
Nick Mathewson
e5a61c5176 Fix indentation in rend_service_load_auth_keys 2012-06-18 13:01:33 -04:00
Nick Mathewson
be28d10622 Refactor rend_service_load_keys() into main portion and auth portion. 2012-06-18 12:59:29 -04:00
Nick Mathewson
53f5a38942 Fix indentation and whitespace in rend_service_load_keys 2012-06-18 12:45:55 -04:00
Nick Mathewson
b44693f32d Refactor rend_service_load_keys() into outer loop and loop contents 2012-06-18 12:43:20 -04:00
Nick Mathewson
e6782b355a Merge remote-tracking branch 'public/bug3311' 2012-06-18 12:07:39 -04:00
Nick Mathewson
4432fa40dd Merge remote-tracking branch 'andrea/bug6028' 2012-06-18 11:51:55 -04:00
Roger Dingledine
26855fe22c conn_type_to_string() on a listener already says it's a listener 2012-06-16 02:29:03 -04:00
Andrea Shepard
10130e5979 Appease make check-spaces 2012-06-15 21:48:15 -07:00
Andrea Shepard
b5280efc17 Clean up keys on stack in rend_parse_service_authorization() 2012-06-15 21:47:06 -07:00
Andrea Shepard
7f24b9b8c3 Clean up keys on stack in rend_client_refetch_v2_renddesc() 2012-06-15 21:39:28 -07:00
Andrea Shepard
a8bcbe7bf7 Clean up keys on stack in rend_client_send_introduction() 2012-06-15 21:25:25 -07:00
Andrea Shepard
ab2e007ffb In rend_service_load_keys(), clear extended descriptor cookie and buffer, clear temporary heap space for client key, and check if serializing client key fails 2012-06-15 21:17:02 -07:00
Andrea Shepard
276f95182c Clean keys on stack in rend_service_rendezvous_has_opened() 2012-06-15 20:54:45 -07:00
Andrea Shepard
88c5d3ca55 Clean keys on stack in rend_service_intro_has_opened() 2012-06-15 20:43:33 -07:00
Andrea Shepard
d43ba536df Clean up keys on stack in rend_service_introduce() 2012-06-15 20:19:02 -07:00
Andrea Shepard
9f55dfd915 Clean up keys on stack in rend_service_load_keys() 2012-06-15 19:54:54 -07:00
Roger Dingledine
c37b8023b7 fix the typo on the typo fix 2012-06-15 20:34:16 -04:00
Andrea Shepard
1f7f10e4f3 Always set *socket_error to something appropriate when returning -1 from connection_connect() 2012-06-15 16:53:32 -07:00
Roger Dingledine
ca525db02d fix typos from 783f705d 2012-06-15 17:08:25 -04:00
Nick Mathewson
eab75d2c36 Fix a typo found by Mike. 2012-06-15 16:12:04 -04:00
Nick Mathewson
bdfb399867 Merge remote-tracking branch 'public/xxx023' 2012-06-15 16:10:59 -04:00
Nick Mathewson
87409771c4 Clarify some messages about publishing hidden service descriptors
Fix for bug 3311.
2012-06-15 15:25:46 -04:00
Nick Mathewson
cc21e56ed4 Check the correct consensus before giving it to the client
Previously, a directory would check the latest NS consensus for
having the signatures the client wanted, and use that consensus's
valid_until time to set the HTTP lifetime.  With this patch, the
directory looks at NS consensus or the microdesc consensus,
depending on what the client asked for.
2012-06-15 15:07:54 -04:00
Nick Mathewson
32bf258881 Change a silent ignore-the-bug in microdesc.c to a LOG_INFO
I don't believe this bug occurs, but there was an XXX023 to make
sure it doesn't.
2012-06-15 15:07:54 -04:00
Nick Mathewson
e62104a7d2 Move tor_gettimeofday_cached() into compat_libevent 2012-06-15 15:07:53 -04:00
Nick Mathewson
1755f792ed Refactor GETINFO process/descriptor-limit
Previously it duplicated some getrlimit code and content from compat.c;
now it doesn't.
2012-06-15 15:07:53 -04:00
Nick Mathewson
783f705ddc Document that we are unlikely to underflow session group IDs. 2012-06-15 15:07:53 -04:00
Nick Mathewson
2491fff5a6 Triage the XXX023 and XXX022 comments: postpone many. 2012-06-15 15:07:52 -04:00
Nick Mathewson
879b1e1010 Merge remote-tracking branch 'public/bug5932' 2012-06-15 14:44:32 -04:00
Nick Mathewson
8030ec4f27 Downgrade log messages about cbt enabled/disabled. Bug 6169. 2012-06-15 09:57:18 -04:00
Roger Dingledine
a1caa96f9b another little step at making debugging 5458 easier 2012-06-15 03:58:47 -04:00
Roger Dingledine
5625812f9a tab-man returneth (this time using the name 'rob') 2012-06-15 03:28:18 -04:00
Mike Perry
daedae4115 Lower the default path bias notice rate to 40%.
I saw 72% on a test run with 26 circuits. 70% might be a little close to the
line. That, or min_circs is too low and we need to be more patient. We still
need to test/simulate more.
2012-06-14 21:20:10 -07:00
Mike Perry
61a5730392 For now, never disable any guards. 2012-06-14 13:20:01 -07:00
Mike Perry
8d59690033 Defend against entry node path bias attacks
The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.

If the failure rate exceeds a certain amount, a notice is emitted.

If it exceeds a greater amount, a warn is emitted and the guard is disabled.

These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
2012-06-14 13:19:56 -07:00
Nick Mathewson
4fdce6b091 Merge remote-tracking branch 'asn-mytor/bug5589_take2' 2012-06-14 13:05:16 -04:00
George Kadianakis
aa212b173c Remove validate_pluggable_transports_config(): redundant since 9d9b5ed0.
The warning message of validate_pluggable_transports_config() is
superseded by the changes in the warning message of
connection_or_connect() when the proxy credentials can't be found.
2012-06-14 18:01:22 +03:00
Nick Mathewson
e5beb82e04 Merge remote-tracking branch 'public/bug4663' 2012-06-13 17:01:53 -04:00
Nick Mathewson
5b0977df31 One more fix for bug 5049. 2012-06-13 16:45:13 -04:00
Andrea Shepard
d98590d3b7 Satisfy make check-spaces 2012-06-13 16:45:13 -04:00
Andrea Shepard
aa284561c8 Move cbt->liveness.timeouts_after_firsthop free code into its own function 2012-06-13 16:45:13 -04:00
Andrea Shepard
39a9178ba7 Early exit from circuit_build_times_set_timeout() if adaptive timeouts are disabled 2012-06-13 16:45:13 -04:00
Andrea Shepard
0c3c0b1ddd Don't poll to see if we need to build circuits for timeout data if LearnCircuitBuildTimeout is disabled 2012-06-13 16:45:12 -04:00
Andrea Shepard
a0f76289fd Use K&R style 2012-06-13 16:45:12 -04:00
Andrea Shepard
7df26de948 Unconditionally use config CircuitBuildTimeout if LearnCircuitBuildTimeout is disabled 2012-06-13 16:44:33 -04:00
Andrea Shepard
5177ab9e47 Don't track circuit timeout history unless we're actually using adaptive timeouts 2012-06-13 16:44:33 -04:00
Andrea Shepard
41a458ece1 Add debug logging to circuit_build_times_* of circuitbuild.c to trace queries of consensus parameters for bug 5049 2012-06-13 16:44:33 -04:00
Nick Mathewson
54ef039ba5 Merge branch 'bug5263_023' 2012-06-13 16:23:16 -04:00
Nick Mathewson
9282c88998 Add rate-limited log message to bug5263 fix
Initially I said, "I claim that we shouldn't be reading and marked;
let's see if I'm right."  But Rob finds that it does.
2012-06-13 16:21:06 -04:00
Rob G. Jansen
03b48352c6 Fix busy Libevent loops (infinite loops in Shadow)
There is a bug causing busy loops in Libevent and infinite loops in
the Shadow simulator. A connection that is marked for close, wants
to flush, is held open to flush, but is rate limited (the token
bucket is empty) triggers the bug.

This commit fixes the bug. Details are below.

This currently happens on read and write callbacks when the active
socket is marked for close. In this case, Tor doesn't actually try
to complete the read or write (it returns from those methods when
marked), but instead tries to clear the connection with
conn_close_if_marked(). Tor will not close a marked connection that
contains data: it must be flushed first. The bug occurs when this
flush operation on the marked connection can not occur because the
connection is rate-limited (its write token bucket is empty).

The fix is to detect when rate limiting is preventing a marked
connection from properly flushing. In this case, it should be
flagged as read/write_blocked_on_bandwidth and the read/write events
de-registered from Libevent. When the token bucket gets refilled, it
will check the associated read/write_blocked_on_bandwidth flag, and
add the read/write event back to Libevent, which will cause it to
fire. This time, it will be properly flushed and closed.

The reason that both read and write events are both de-registered
when the marked connection can not flush is because both result in
the same behavior. Both read/write events on marked connections will
never again do any actual reads/writes, and are only useful to
trigger the flush and close the connection. By setting the
associated read/write_blocked_on_bandwidth flag, we ensure that the
event will get added back to Libevent, properly flushed, and closed.

Why is this important? Every Shadow event occurs at a discrete time
instant. If Tor does not properly deregister Libevent events that
fire but result in Tor essentially doing nothing, Libevent will
repeatedly fire the event. In Shadow this means infinite loop,
outside of Shadow this means wasted CPU cycles.
2012-06-13 16:04:07 -04:00
Nick Mathewson
5a3d9636f5 Merge remote-tracking branch 'public/bug3940_redux' 2012-06-13 11:40:38 -04:00
Karsten Loesing
2133b6e5ba Fix integer overflow in cell stats spotted by atagar.
Fixes #5849.
2012-06-13 10:12:39 -04:00
Nick Mathewson
f4fccee4d2 Add a warning for using HTTPProxy with no other proxy.
From what I can tell, this configuration is usually a mistake, and
leads people to think that all their traffic is getting proxied when
in fact practically none of it is.  Resolves the issue behind "bug"
4663.
2012-06-12 15:21:41 -04:00
Nick Mathewson
ba9a12119c fixup! An attempt at bug3940 and making AllowDotExit 0 work with MapAddress 2012-06-11 21:50:52 -04:00
Nick Mathewson
c18b6ec3d4 Document ADDRMAPSRC_NONE. 2012-06-11 21:49:08 -04:00
Nick Mathewson
f0f70ba6f1 Merge branch 'bug5452' 2012-06-11 14:44:26 -04:00
Andrea Shepard
6b73fad709 Make RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT warning tell the user how to fix it. 2012-06-11 11:09:19 -07:00
Nick Mathewson
70910479e3 Merge remote-tracking branch 'public/bug5598'
Conflicts:
	doc/tor.1.txt

Conflict was on a formatting issue in the manpage.
2012-06-11 10:26:48 -04:00
Nick Mathewson
a6180b7f29 Merge branch 'bug6097' 2012-06-11 10:14:01 -04:00
Andrea Shepard
4fb2a14fae Warn if the user has set CircuitBuildTimeout stupidly low and turned off LearnCircuitBuildTimeout 2012-06-08 23:44:06 -07:00
Nick Mathewson
8be6058d8f changes file and whitespace fix for bug5235 patch 2012-06-08 14:33:16 -04:00
Andrea Shepard
554ec65ce7 Rate-limit 'Weighted bandwidth is 0.000000 ...' message; it can be produced in extreme quantities 2012-06-08 14:33:16 -04:00
Nick Mathewson
b0bab82790 Merge remote-tracking branch 'arma/bug3886'
Conflicts:
	src/or/dirserv.c
2012-06-07 13:30:55 -04:00
Nick Mathewson
f9fddba539 Downgrade an eventdns warning to PROTOCOL_WARN. 2012-06-07 13:03:39 -04:00
Nick Mathewson
1e5683b167 Be more careful calling wcstombs
The function is not guaranteed to NUL-terminate its output.  It
*is*, however, guaranteed not to generate more than two bytes per
multibyte character (plus terminating nul), so the general approach
I'm taking is to try to allocate enough space, AND to manually add a
NUL at the end of each buffer just in case I screwed up the "enough
space" thing.

Fixes bug 5909.
2012-06-07 11:09:38 -04:00
Nick Mathewson
99618a9641 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-06-07 09:46:14 -04:00
Robert Ransom
0dc47dfebf Send a CRLF at the end of a STATUS_* event, not in the middle of it
Fixes bug 6094; bugfix on commit 3a9351b57e.
2012-06-07 03:22:06 +00:00