Commit Graph

3076 Commits

Author SHA1 Message Date
Karsten Loesing
62714068d9 Update geoip6 to the March 3 2015 database. 2015-03-09 21:11:52 +01:00
Karsten Loesing
beda8d2934 Update geoip to the March 3 2015 database. 2015-03-09 21:09:44 +01:00
Nick Mathewson
24c031b1a2 Don't use checked strl{cat,cpy} on OSX.
There is a bug in the overlap-checking in strlcat that can crash Tor
servers.  Fixes bug 15205; this is an OSX bug, not a Tor bug.
2015-03-09 15:09:49 -04:00
Nick Mathewson
448bd22092 Merge remote-tracking branch 'public/bug14261_025' into maint-0.2.5 2015-03-09 13:17:20 -04:00
Nick Mathewson
62631904cb GETINFO bw-event-cache to get information on recent BW events
Closes 14128; useful to regain functionality lost because of 13988.
2015-03-09 13:13:56 -04:00
Nick Mathewson
e3408248b9 Merge remote-tracking branch 'public/bug13988_025' into maint-0.2.5 2015-03-09 13:12:54 -04:00
Nick Mathewson
410ce4cb49 Merge remote-tracking branch 'public/bug15088_025' into maint-0.2.5 2015-03-09 13:09:50 -04:00
Nick Mathewson
1a7419c3df Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-03-09 11:09:30 -04:00
Nick Mathewson
6704e18dd2 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-03-09 11:08:57 -04:00
Nick Mathewson
addffcc14d Adjust changes header 2015-03-09 11:07:50 -04:00
Nick Mathewson
681802817d Make TransProxyType ipfw work correctly
Fixes bug 15064; bugfix on 0.2.5.4-alpha.
2015-03-04 12:25:52 +01:00
Nick Mathewson
d5b2cbea10 Add wait4 to the seccomp2 sandbox allowable syscall list
fixes bug 15088. patch from sanic.
2015-03-04 12:18:10 +01:00
Nick Mathewson
81a994ce77 Make the assert related to 15083 a tiny bit more tolerant 2015-03-03 22:25:26 +01:00
Nick Mathewson
71ee53fe9b Do not leave empty, invalid chunks in buffers during buf_pullup
This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha.

Patch from 'cypherpunks'
2015-03-03 22:21:41 +01:00
Nick Mathewson
2bcb596dcf Merge remote-tracking branch 'public/bug14129_024' into maint-0.2.4 2015-02-24 13:23:44 -05:00
Nick Mathewson
1525eeeb49 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-02-20 01:04:49 -05:00
Sina Rabbani
8e61d38cf1 Faravahar's New IP Address as of 2/20/2015 2015-02-16 11:51:36 -05:00
Nick Mathewson
7cbdec578b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-01-23 08:52:55 -05:00
Nick Mathewson
df4c484021 Merge remote-tracking branch 'karsten/geoip6-jan2015' into maint-0.2.4 2015-01-23 08:52:35 -05:00
Nick Mathewson
dbd5a9a8f9 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-01-23 08:52:20 -05:00
Karsten Loesing
a9ce0cd659 Update geoip6 to the January 7 2015 database. 2015-01-22 09:58:29 +01:00
Karsten Loesing
c3f8f5ab0e Update geoip to the January 7 2015 database. 2015-01-22 09:56:54 +01:00
Nick Mathewson
ceb6dee465 Increase limit for status vote download size by a factor of 5.
We've started to hit the limit here.  We introduced the limit in
0.1.2.5-alpha.  This fixes bug 14261, but we should have a smarter way
to not actually do the behavior this permits.  See #14267 for a ticket
about fixing that.
2015-01-18 15:25:29 -05:00
Nick Mathewson
746bb55851 Ignore warning for redundant decl in openssl/srtp.h
Backports some commits from tor master.
2015-01-15 12:38:08 -05:00
Nick Mathewson
f2fb85f970 Remove needless strdup in addressmap_register_virtual_address()
Fixes bug 14195. Bugfix on 0.1.0.1-rc.
2015-01-13 12:24:42 -05:00
Nick Mathewson
c9dd2d1a6a Merge remote-tracking branch 'public/bug14129_024' into maint-0.2.5 2015-01-12 00:59:29 -05:00
teor
b08cfc65a7 Don't crash on torrc Vi[rtualAddrNetworkIPv[4|6]] with no option value
Check for a missing option value in parse_virtual_addr_network
before asserting on the NULL in tor_addr_parse_mask_ports.
This avoids crashing on torrc lines like Vi[rtualAddrNetworkIPv[4|6]]
when no value follows the option.

Bugfix on 0.2.3 (de4cc126cb on 24 November 2012), fixes #14142.
2015-01-11 11:05:00 -05:00
Nick Mathewson
905287415b Avoid attempts to double-remove edge connections from the DNS resolver.
Also, avoid crashing when we attempt to double-remove an edge
connection from the DNS resolver: just log a bug warning instead.

Fixes bug 14129.  Bugfix on 0d20fee2fb, which was in 0.0.7rc1.

jowr found the bug.  cypherpunks wrote the fix.  I added the log
message and removed the assert.
2015-01-08 11:00:21 -05:00
Sebastian Hahn
2b9d48791d Enlarge the buffer for a line in a bw file 2015-01-07 12:44:16 +01:00
Nick Mathewson
184a2dbbdd whoops; missing changes file for 14013 2014-12-23 10:55:25 -05:00
Nick Mathewson
6830667d58 Increase bandwidth usage report interval to 4 hours. 2014-12-22 12:24:13 -05:00
Nick Mathewson
5b55778c86 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-11-24 09:19:06 -05:00
Nick Mathewson
137982f955 Merge remote-tracking branch 'karsten/geoip6-nov2014' into maint-0.2.4 2014-11-24 09:18:36 -05:00
Nick Mathewson
8d5f1e6961 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-11-24 09:18:21 -05:00
Karsten Loesing
5441c733e0 Update geoip6 to the November 15 2014 database. 2014-11-24 14:23:18 +01:00
Karsten Loesing
8611c6bccd Update geoip to the November 15 2014 database. 2014-11-24 14:21:31 +01:00
Nick Mathewson
6c146f9c83 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-11-12 15:30:11 -05:00
Sebastian Hahn
0493db4adb Add changes file for #13926 2014-11-12 15:25:52 -05:00
Nick Mathewson
fd8f21e730 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-10-19 15:40:07 -04:00
Nick Mathewson
403c6ae78e Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-10-19 15:39:48 -04:00
Nick Mathewson
c1dd598df8 Note that our #13426 fix is also a #13471 fix.
See also http://marc.info/?l=openssl-dev&m=141357408522028&w=2
2014-10-19 15:38:44 -04:00
Nick Mathewson
ab4b29625d Downgrade 'unexpected sendme cell from client' to PROTOCOL_WARN
Closes 8093.
2014-10-16 13:04:11 -04:00
Nick Mathewson
22b9caf0ae Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-10-16 09:08:52 -04:00
Nick Mathewson
943fd4a252 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-10-16 09:08:32 -04:00
Nick Mathewson
c1c83eb376 Merge branch 'no_sslv3_023' into maint-0.2.3 2014-10-16 09:08:09 -04:00
Nick Mathewson
af73d3e4d8 Disable SSLv3 unconditionally. Closes ticket 13426.
The POODLE attack doesn't affect Tor, but there's no reason to tempt
fate: SSLv3 isn't going to get any better.
2014-10-15 11:50:05 -04:00
Nick Mathewson
d315b8e8bc Merge remote-tracking branch 'public/bug13325_024' into maint-0.2.5 2014-10-03 19:57:41 -04:00
Nick Mathewson
d1fa0163e5 Run correctly on OpenBSD systems without SSL_METHOD.get_cipher_by_char
Also, make sure we will compile correctly on systems where they
finally rip it out.

Fixes issue #13325.  Caused by this openbsd commit:

   ​http://marc.info/?l=openbsd-cvs&m=140768179627976&w=2

Reported by Fredzupy.
2014-10-03 12:15:09 -04:00
Nick Mathewson
09951bea7f Don't use the getaddrinfo sandbox cache from tor-resolve
Fixes bug 13295; bugfix on 0.2.5.3-alpha.

The alternative here is to call crypto_global_init() from tor-resolve,
but let's avoid linking openssl into tor-resolve for as long as we
can.
2014-09-29 12:57:07 -04:00
Roger Dingledine
87576e826f Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-09-20 16:50:32 -04:00
Roger Dingledine
288b3ec603 Merge branch 'maint-0.2.3' into maint-0.2.4 2014-09-20 16:49:24 -04:00
Sebastian Hahn
0eec8e2aa5 gabelmoo's IPv4 address changed 2014-09-20 16:46:02 -04:00
Nick Mathewson
be0e26272b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-09-16 11:10:02 -04:00
Roger Dingledine
0c3b3650aa clients now send correct address for rendezvous point
Clients now send the correct address for their chosen rendezvous point
when trying to access a hidden service. They used to send the wrong
address, which would still work some of the time because they also
sent the identity digest of the rendezvous point, and if the hidden
service happened to try connecting to the rendezvous point from a relay
that already had a connection open to it, the relay would reuse that
connection. Now connections to hidden services should be more robust
and faster. Also, this bug meant that clients were leaking to the hidden
service whether they were on a little-endian (common) or big-endian (rare)
system, which for some users might have reduced their anonymity.

Fixes bug 13151; bugfix on 0.2.1.5-alpha.
2014-09-16 11:05:36 -04:00
Roger Dingledine
6215ebb266 Reduce log severity for unused ClientTransportPlugin lines
Tor Browser includes several ClientTransportPlugin lines in its
torrc-defaults file, leading every Tor Browser user who looks at her
logs to see these notices and wonder if they're dangerous.

Resolves bug 13124; bugfix on 0.2.5.3-alpha.
2014-09-11 08:02:37 -04:00
Nick Mathewson
3c2c6a6116 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
2014-09-10 23:48:11 -04:00
Nick Mathewson
a9b2e5eac6 Merge remote-tracking branch 'public/bug12908_025' into maint-0.2.5 2014-09-10 22:12:47 -04:00
Nick Mathewson
8eed82b3d4 Merge remote-tracking branch 'andrea/bug12160_025' into maint-0.2.5 2014-09-09 11:04:54 -04:00
Nick Mathewson
dd22ab519a Merge remote-tracking branch 'public/bug12700_024' into maint-0.2.5 2014-09-09 10:51:39 -04:00
Nick Mathewson
8391c96091 Clean up the MVSC nmake files so they work again.
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
2014-09-09 10:27:05 -04:00
Nick Mathewson
a3c49ca79a Add more escaped() calls in directory.c
Patch from teor to fix 13071.
2014-09-09 10:22:01 -04:00
Nick Mathewson
d229025fef Expand the event_mask field in controller conns to 64 bits
Back in 078d6bcd, we added an event number 0x20, but we didn't make
the event_mask field big enough to compensate.

Patch by "teor". Fixes 13085; bugfix on 0.2.5.1-alpha.
2014-09-08 15:16:02 -04:00
Andrea Shepard
39a017809b Correctly update channel local mark when address of incoming connection changes after handshake; fixes bug #12160 2014-09-05 11:12:08 -07:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
rl1987
8139db3725 Adding changes file. 2014-09-01 16:22:52 -04:00
Nick Mathewson
41058dce95 Merge remote-tracking branch 'arma/bug12996b' into maint-0.2.5 2014-08-29 16:44:50 -04:00
Roger Dingledine
7a878c192f Downgrade "Unexpected onionskin length after decryption" warning
It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.

Resolves bug 12996; bugfix on 0.0.6rc1.
2014-08-29 16:38:54 -04:00
Nick Mathewson
4a6f5bb2dd Improve "Tried to establish rendezvous on non-OR or non-edge circuit"
Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.

Resolves ticket 12997.
2014-08-29 16:05:58 -04:00
Roger Dingledine
37a76d75dd Resume expanding abbreviations for command-line options
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).

Fixes bug 12948; bugfix on 0.2.5.1-alpha.
2014-08-28 08:33:43 -04:00
Sathyanarayanan Gunasekaran
a3fe8b1166 Warn if Tor is a relay and a HS
Closes 12908; see #8742
2014-08-20 12:56:57 -04:00
Nick Mathewson
1196ed7cc4 Fix relay_command_to_string(); solve 12700.
Two bugs here:
  1) We didn't add EXTEND2/EXTENDED2 to relay_command_to_string().

  2) relay_command_to_string() didn't log the value of unrecognized
     commands.

Both fixed here.
2014-08-18 13:21:40 -04:00
Nick Mathewson
0808ed83f9 Restore functionality for CookieAuthFileGroupReadable.
When we merged the cookieauthfile creation logic in 33c3e60a37, we
accidentally took out this feature.  Fixes bug 12864, bugfix on
0.2.5.1-alpha.

Also adds an ExtORPortCookieAuthFileGroupReadable, since there's no
reason not to.
2014-08-15 08:30:44 -04:00
Nick Mathewson
d443658fad Merge remote-tracking branch 'public/bug12848_024' into maint-0.2.5
Conflicts:
	src/or/circuitbuild.c
2014-08-13 23:14:28 -04:00
Nick Mathewson
789c8d8573 Apply an MSVC compilation fix from Gisle Vanem
This fixes a double-define introduced in 28538069b2
2014-08-13 15:11:00 -04:00
Nick Mathewson
fa7ce6d3be Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-08-13 12:52:40 -04:00
Nick Mathewson
b45f0f8fb9 Merge remote-tracking branch 'karsten/geoip6-aug2014' into maint-0.2.4 2014-08-13 12:51:38 -04:00
Nick Mathewson
244ca67e47 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-08-13 12:51:27 -04:00
Karsten Loesing
6235b4769d Update geoip6 to the August 7 2014 database. 2014-08-13 16:16:11 +02:00
Karsten Loesing
b98e3f9936 Update geoip to the August 7 2014 database. 2014-08-13 16:08:33 +02:00
Nick Mathewson
b32a8b024c Don't send DESTROY to circID 0 when circuit_deliver_create_cell fails
Cypherpunks found this and wrote this patch.

Fix for 12848; fix on (I think) d58d4c0d, which went into 0.0.8pre1
2014-08-12 12:12:02 -04:00
Nick Mathewson
4056c61608 Fix some URLs in the README
patch from mttp; fixes 12830
2014-08-09 15:57:44 -04:00
Roger Dingledine
fcac4b4467 Build circuits more readily when DisableNetwork goes to 0
When Tor starts with DisabledNetwork set, it would correctly
conclude that it shouldn't try making circuits, but it would
mistakenly cache this conclusion and continue believing it even
when DisableNetwork is set to 0. Fixes the bug introduced by the
fix for bug 11200; bugfix on 0.2.5.4-alpha.
2014-08-06 18:30:14 -04:00
Nick Mathewson
74a8555d2b Merge remote-tracking branch 'intrigeri/bug12731-systemd-no-run-as-daemon' into maint-0.2.5
Conflicts:
	contrib/dist/tor.service.in
2014-07-30 14:00:21 -04:00
Nick Mathewson
88590ed3a6 Merge remote-tracking branch 'intrigeri/bug12730-systemd-verify-config' into maint-0.2.5 2014-07-30 13:59:39 -04:00
intrigeri
0a70579784 Verify configuration file via ExecStartPre in the systemd unit file (#12730). 2014-07-30 16:56:55 +00:00
intrigeri
8b470ee4b5 Explicitly disable RunAsDaemon in the systemd unit file (#12731).
Our current systemd unit uses "Type = simple", so systemd does not expect tor to
fork. If the user has "RunAsDaemon 1" in their torrc, then things won't work as
expected. This is e.g. the case on Debian (and derivatives), since there we pass
"--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" (that contains
"RunAsDaemon 1") by default.

The only solution I could find is to explicitly pass "--RunAsDaemon 0" when
starting tor from the systemd unit file, which this commit does.
2014-07-30 16:54:07 +00:00
Roger Dingledine
29a82b5a8b Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-28 02:47:15 -04:00
Roger Dingledine
68a2e4ca4b Warn and drop the circuit if we receive an inbound 'relay early' cell
Those used to be normal to receive on hidden service circuits due to bug
1038, but the buggy Tor versions are long gone from the network so we
can afford to resume watching for them. Resolves the rest of bug 1038;
bugfix on 0.2.1.19.
2014-07-28 02:44:05 -04:00
Roger Dingledine
8882dcfc59 add a changes file for bug 12718 2014-07-27 15:41:30 -04:00
Roger Dingledine
2126feaabc get rid of already-merged prop221 changes file 2014-07-25 12:22:05 -04:00
Roger Dingledine
b350ac0860 Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/or.h
2014-07-25 12:15:47 -04:00
Nick Mathewson
e001610c99 Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2014-07-25 11:59:00 -04:00
Roger Dingledine
472696e8e5 get rid of already-merged bug12227 changes file 2014-07-24 19:49:01 -04:00
Roger Dingledine
1ed77ff724 Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-24 19:48:37 -04:00
Nick Mathewson
1b551823de Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-07-24 19:45:38 -04:00
Roger Dingledine
a57c07b210 Raise guard threshold to top 25% or 2000 kilounits
Authorities now assign the Guard flag to the fastest 25% of the
network (it used to be the fastest 50%). Also raise the consensus
weight that guarantees the Guard flag from 250 to 2000. For the
current network, this results in about 1100 guards, down from 2500.
This step paves the way for moving the number of entry guards
down to 1 (proposal 236) while still providing reasonable expected
performance for most users.

Implements ticket 12690.
2014-07-24 16:24:17 -04:00
Roger Dingledine
a4c641cce9 Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-24 16:23:08 -04:00
Roger Dingledine
9fc276a1c7 add a NumDirectoryGuards consensus param too 2014-07-24 16:19:47 -04:00
Roger Dingledine
56ee61b8ae Add and use a new NumEntryGuards consensus parameter.
When specified, it overrides our default of 3 entry guards.

(By default, it overrides the number of directory guards too.)

Implements ticket 12688.
2014-07-24 16:19:47 -04:00
Nick Mathewson
5c200d9be2 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-07-23 21:28:42 -04:00
Nick Mathewson
303d7f55d9 Merge branch 'curve25519-donna32' into maint-0.2.4 2014-07-23 21:28:18 -04:00
Nick Mathewson
ad0cf550b7 Put the bug number and correct credits in the changes file for the new curve25519-donna32 2014-07-23 21:25:53 -04:00
Nick Mathewson
e0aa88d106 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-07-21 14:30:09 -04:00
Nick Mathewson
75501dbe4a Merge remote-tracking branch 'karsten/geoip6-jul2014' into maint-0.2.4 2014-07-21 14:29:43 -04:00
Nick Mathewson
015f710f72 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-07-21 14:29:30 -04:00
Nick Mathewson
fa8bb25f64 update changes entry with info for 11578 patch 2014-07-21 14:00:10 -04:00
Karsten Loesing
6345dfa1fe Update geoip6 to the July 10 2014 database. 2014-07-18 16:31:25 +02:00
Karsten Loesing
6d5efbef22 Update geoip to the July 10 2014 database. 2014-07-18 16:28:50 +02:00
Nick Mathewson
f6a776d915 Merge remote-tracking branch 'public/bug12602_024' into maint-0.2.5 2014-07-17 11:32:16 +02:00
Nick Mathewson
66798dfdc0 Fix compilation with no-compression OpenSSL builds and forks
Found because LibreSSL has OPENSSL_NO_COMP always-on, but this
conflicts with the way that _we_ turn off compression.  Patch from
dhill, who attributes it to "OpenBSD".  Fixes bug 12602; bugfix on
0.2.1.1-alpha, which introduced this turn-compression-off code.
2014-07-17 11:25:56 +02:00
Nick Mathewson
9e46855538 changes file for 12474, 12438. 2014-07-16 11:00:49 +02:00
Nick Mathewson
5d2045ee8b diagnostic for 12184: Add a call to channel_dump_statistics 2014-07-16 10:34:39 +02:00
Nick Mathewson
856114ab1c Merge remote-tracking branch 'public/bug8387_024' into maint-0.2.5 2014-07-16 10:01:56 +02:00
Nick Mathewson
8cc0860592 Update to latest curve25519-donna32 2014-07-15 15:42:20 +02:00
Nick Mathewson
ed3d7892c7 Fix a bug where streams would linger forever when we had no dirinfo
fixes bug 8387; fix on 0.1.1.11-alpha (code), or on 0.2.4.10-alpha (behavior).
2014-07-09 16:15:05 -04:00
Nick Mathewson
2050846312 Bring remaining 0.2.5.5-alpha entries into changelog 2014-06-16 15:00:35 -04:00
Nick Mathewson
2f4fcfc8d1 manpage: Move more authority-only options into the authority section
I don't know whether we missed these or misclassified them when we
first made the "DIRECTORY AUTHORITY SERVER OPTIONS" section, but they
really belong there.
2014-06-16 11:15:47 -04:00
Nick Mathewson
a7cafb1ea9 Merge branch 'bug8746_v2_squashed'
Conflicts:
	src/common/include.am
2014-06-14 11:46:38 -04:00
Nick Mathewson
e07d328457 changes file for 8746 2014-06-14 11:40:28 -04:00
Nick Mathewson
a58d94fb7c Merge branch 'bug12184_diagnostic_squashed' 2014-06-14 11:01:04 -04:00
Nick Mathewson
8f3e3279c1 Try to diagnose bug 12184
Check for consistency between the queued destroy cells and the marked
circuit IDs.  Check for consistency in the count of queued destroy
cells in several ways.  Check to see whether any of the marked circuit
IDs have somehow been marked longer than the channel has existed.
2014-06-14 11:00:44 -04:00
Nick Mathewson
cfca2a6037 Merge branch 'bug12191_squashed' 2014-06-13 08:40:59 -04:00
Nick Mathewson
f9f450d688 Also raise the check for 0 circuit ID in created cell.
And add a comment about why conditions that would cause us to drop a
cell should get checked before actions that would cause us to send a
destroy cell.

Spotted by 'cypherpunks'.

And note that these issues have been present since 0.0.8pre1 (commit
0da256ef), where we added a "shutting down" state, and started
responding to all create cells with DESTROY when shutting down.
2014-06-13 08:39:39 -04:00
Nick Mathewson
3a2e25969f Merge remote-tracking branch 'public/ticket6799_024_v2_squashed'
Conflicts:
	src/or/channel.c
	src/or/circuitlist.c
	src/or/connection.c

Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
2014-06-11 11:57:56 -04:00
Nick Mathewson
bbb8f12ee4 Tweak changes entry for 6799 2014-06-11 11:52:58 -04:00
Nick Mathewson
6557e61295 Replace last_added_nonpadding with last_had_circuits
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits.  But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.

This is part of fixing 6799.

When applied to 0.2.5, it is also a fix for 12023.
2014-06-11 11:27:04 -04:00
Nick Mathewson
463f6628d3 Give each or_connection_t a slightly randomized idle_timeout
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.

Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.

Fix for ticket 6799.
2014-06-11 11:27:04 -04:00
Nick Mathewson
6f20dd7bfc Merge remote-tracking branch 'public/bug11970' 2014-06-11 11:01:52 -04:00
Nick Mathewson
e8dd34f165 Merge remote-tracking branch 'public/not_bug8093' 2014-06-11 09:24:16 -04:00
Nick Mathewson
a5036d20ce Merge remote-tracking branch 'public/more_bug8387_diagnosis' 2014-06-11 09:22:46 -04:00
Nick Mathewson
af53e4bd1c Move circuit-id-in-use check for CREATE cells to before all other checks
This means that we never send a DESTROY cell in response to an attempt
to CREATE an existing circuit.  Fixes bug 12191.
2014-06-10 22:41:13 -04:00
Nick Mathewson
173a1afc58 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-06-10 21:09:27 -04:00
Nick Mathewson
f5ce580bab Fix changes file for geoip 2014-06-10 21:08:44 -04:00
Karsten Loesing
40579cb6a5 Update geoip6 to the June 4 2014 database. 2014-06-10 21:32:24 +02:00
Nick Mathewson
562299d57b Improved diagnostic log for bug 8387.
When we find a stranded one-hop circuit, log whether it is dirty,
log information about any streams on it, and log information about
connections they might be linked to.
2014-06-10 12:04:06 -04:00
Nick Mathewson
55c7a559df Merge remote-tracking branch 'public/bug12227_024' 2014-06-10 11:17:39 -04:00
Nick Mathewson
cca6198c77 Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-06-10 11:11:47 -04:00
Nick Mathewson
95d47a7481 Merge remote-tracking branch 'public/bug12169_relay_check' 2014-06-04 15:30:43 -04:00
Nick Mathewson
0073c5b517 Merge remote-tracking branch 'andrea/bug10616' 2014-06-04 15:12:45 -04:00
Nick Mathewson
7581014a86 put the right trac ticket number in changes file 2014-06-04 12:28:15 -04:00
Nick Mathewson
e74c360156 Merge remote-tracking branch 'public/bug12195' 2014-06-04 12:16:03 -04:00
Nick Mathewson
84ed086d48 Fix ancient code that only checked circ_id, not circ_id and chan
This code mis-handled the case where a circuit got the same circuit
ID in both directions.  I found three instances of it in the
codebase, by grepping for [pn]_circ_id.

Because of the issue in command_process_relay_cell(), this would
have made roughly one circuit in a million completely nonfunctional.

Fixes bug 12195.
2014-06-03 18:19:08 -04:00
Andrea Shepard
9815029a2f Add changes file for bug10616 2014-06-03 14:41:51 -07:00
Roger Dingledine
ea44287657 fix #10405's changes file 2014-06-02 02:32:59 -04:00
Nick Mathewson
dd0745d066 Don't try to fetch bridge descriptors when DisableNetwork is set
Patch from Roger; changes file by me.

Fixes 10405; bugfix on 0.2.3.9-alpha, where DisableNetwork was
introduced.
2014-06-02 02:17:28 -04:00
Nick Mathewson
723894f114 Merge remote-tracking branch 'public/bug12170_024_v2' 2014-06-02 00:47:51 -04:00
Nick Mathewson
ad8977e394 Avoid needless router_dir_info_has_changed from router_set_status
On some profiles of Andrea's from #11332, I found that a great deal
of time can still be attributed to functions called from
update_router_have_minimum_dir_info().  This is making our
digestmap, tor_memeq, and siphash functions take a much bigger
portion of runtime than they really should.

If we're calling update_router_have_minimum_dir_info() too often,
that's because we're calling router_dir_info_changed() too often.
And it looks like most of the callers of router_dir_info_changed()
are coming as tail-calls from router_set_status() as invoked by
channel_do_open_actions().

But we don't need to call router_dir_info_changed() so much!  (I'm
not quite sure we need to call it from here at all, but...) Surely
we don't need to call it from router_set_status when the router's
status has not actually changed.

This patch makes us call router_dir_info_changed() from
router_set_status only when we are changing the router's status.

Fix for bug 12170.  This is leftover from our fix back in 273ee3e81
in 0.1.2.1-alpha, where we started caching the value of
update_router_have_minimum_dir_info().
2014-06-02 00:45:15 -04:00
Nick Mathewson
d9564d5285 Use uint32 !=, not tor_memneq, for relay cell integrity checking
tor_memeq has started to show up on profiles, and this is one of the
most frequent callers of that function, appearing as it does on every
cell handled for entry or exit.

59f9097d5c introduced tor_memneq here;
it went into Tor 0.2.1.31.  Fixes part of 12169.
2014-06-01 14:05:10 -04:00
Nick Mathewson
413a442f57 Start on the 0.2.5.5-alpha changelog.
I've copied the entries from changes/, labeled the ones that also
appeared in 0.2.4.22, sorted them lightly with a python script
(added to maint), and combined sections with the same name.

I didn't combine sections without a description (e.g. "Minor
bugfixes:"), since we'll probably add a description to those.
2014-05-29 11:21:23 -04:00
Nick Mathewson
a6688f9cbb sandbox: allow enough setsockopt to make ConstrainedSockets work
fixes bug 12139; bugfix on 0.2.5.1-alpha
2014-05-29 11:04:32 -04:00