Commit Graph

634 Commits

Author SHA1 Message Date
Nick Mathewson
4a7f979b54 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-19 12:41:01 -04:00
Nick Mathewson
5cc322e547 Standardize our printf code on %d, not %i. 2011-04-19 12:40:29 -04:00
Nick Mathewson
9eeb902d12 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-19 12:37:18 -04:00
Nick Mathewson
f52cfbfc00 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-19 12:31:55 -04:00
Nick Mathewson
0e554f93d6 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-04-19 12:31:42 -04:00
Nick Mathewson
48bdc2f729 Correct HS descriptor length check
Fixes bug 2948.
2011-04-18 13:53:13 -07:00
Robert Ransom
130db1bdeb Merge branch 'bug2750-v3' into bug2948 2011-04-18 13:36:19 -07:00
Robert Ransom
adc31001c2 Add an XXX 2011-04-18 13:25:48 -07:00
Robert Ransom
bfebc942ea Correct the warning emitted when rejecting an oversized HS desc 2011-04-18 13:17:40 -07:00
Nick Mathewson
67d88a7d60 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/address.c
	src/common/compat_libevent.c
	src/common/memarea.c
	src/common/util.h
	src/or/buffers.c
	src/or/circuitbuild.c
	src/or/circuituse.c
	src/or/connection.c
	src/or/directory.c
	src/or/networkstatus.c
	src/or/or.h
	src/or/routerlist.c
2011-04-07 12:17:20 -04:00
Nick Mathewson
05887f10ff Triage the XXX022 and XXX021 comments remaining in the code
Remove some, postpone others, leave some alone.  Now the only
remaining XXX022s are ones that seem important to fix or investigate.
2011-03-25 18:32:27 -04:00
Nick Mathewson
84f27eb051 Merge remote branch 'origin/maint-0.2.2' 2011-03-15 14:50:42 -04:00
Robert Ransom
98abe1420d Fix a log message typo 2011-03-15 09:48:26 -07:00
Nick Mathewson
176e8a0a2a Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/routerparse.c
2011-03-06 13:46:11 -05:00
Nick Mathewson
35fcec3880 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-03-06 13:42:28 -05:00
Nick Mathewson
2ce132e335 Oops, here's the *REAL* fix for the ipv6 issue
We need to _REJECT_ descriptors with accept6/reject6 lines.  If we
let them onto the network , other un-upgraded tors will crash.
2011-03-06 13:41:55 -05:00
Nick Mathewson
3da0837b0b Revert "Disallow reject6 and accept6 lines in descriptors"
This reverts commit b3918b3bbb.
2011-03-06 13:26:38 -05:00
Nick Mathewson
07b8b439c4 Merge remote branch 'origin/maint-0.2.2' 2011-03-06 13:23:02 -05:00
Sebastian Hahn
9f614507b6 Merge branch 'maint-0.2.1' into maint-0.2.2 2011-03-06 18:25:44 +01:00
Sebastian Hahn
b3918b3bbb Disallow reject6 and accept6 lines in descriptors
This fixes a remotely triggerable assert on directory authorities, who
don't handle descriptors with ipv6 contents well yet. We will want to
revert this once we're ready to handle ipv6.

Issue raised by lorth on #tor, who wasn't able to use Tor anymore.
Analyzed with help from Christian Fromme. Fix suggested by arma. Bugfix
on 0.2.1.3-alpha.
2011-03-06 18:20:28 +01:00
Nick Mathewson
a880429a76 Merge remote branch 'origin/maint-0.2.2' 2011-01-26 11:08:02 -05:00
Nick Mathewson
71862ed763 Fix bug in verifying directory signatures with short digests
If we got a signed digest that was shorter than the required digest
length, but longer than 20 bytes, we would accept it as long
enough.... and then immediately fail when we want to check it.

Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.
2011-01-25 17:15:22 -05:00
Nick Mathewson
f6a25a995e Merge remote branch 'origin/maint-0.2.2' 2011-01-19 13:26:23 -05:00
Nick Mathewson
a793f1f6f2 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-01-19 13:25:38 -05:00
Nick Mathewson
c8f94eed12 Oops; actually add the code to the last patch. :/ 2011-01-19 13:25:17 -05:00
Roger Dingledine
4ff97e3775 Merge branch 'maint-0.2.2' 2011-01-15 22:39:15 -05:00
Sebastian Hahn
026e7987ad Sanity-check consensus param values
We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.

One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.

This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
2011-01-15 19:42:17 +01:00
Nick Mathewson
1758ef51de Merge remote branch 'origin/maint-0.2.2' 2011-01-15 13:26:02 -05:00
Nick Mathewson
1393985768 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/routerparse.c
	src/or/test.c
2011-01-15 13:25:13 -05:00
Nick Mathewson
b97b0efec8 Merge branch 'bug2352_obsize' into maint-0.2.1 2011-01-15 13:15:06 -05:00
Nick Mathewson
1b8f2ef550 Merge remote branch 'origin/maint-0.2.2' 2011-01-15 12:03:44 -05:00
Nick Mathewson
ed87738ede Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/config.c
	src/or/networkstatus.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/or/test.c
2011-01-15 12:02:55 -05:00
Nick Mathewson
115782bdbe Fix a heap overflow found by debuger, and make it harder to make that mistake again
Our public key functions assumed that they were always writing into a
large enough buffer.  In one case, they weren't.

(Incorporates fixes from sebastian)
2011-01-15 11:49:25 -05:00
Nick Mathewson
1f3b442023 catch another overlong malloc possibility. found by cypherpunks 2011-01-15 10:42:11 -05:00
Nick Mathewson
373a1bc40e Impose maximum sizes on parsed objects
An object, you'll recall, is something between -----BEGIN----- and
-----END----- tags in a directory document.  Some of our code, as
doorss has noted in bug 2352, could assert if one of these ever
overflowed SIZE_T_CEILING but not INT_MAX.  As a solution, I'm setting
a maximum size on a single object such that neither of these limits
will ever be hit.  I'm also fixing the INT_MAX checks, just to be sure.
2011-01-10 12:12:11 -05:00
Nick Mathewson
729f404efe Add logic in routerparse to not read overlong private keys
I am not at all sure that it is possible to trigger a bug here,
but better safe than sorry.
2011-01-10 12:07:34 -05:00
Nick Mathewson
989db9aed1 fix whitespace issues 2011-01-03 11:57:42 -05:00
Nick Mathewson
8730884ebe Merge remote branch 'origin/maint-0.2.2' 2011-01-03 11:53:28 -05:00
Nick Mathewson
f1de329e78 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/test.h
	src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50 Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
Nick Mathewson
d4e660ff68 Merge remote branch 'origin/maint-0.2.2' 2010-11-10 16:07:04 -05:00
Nick Mathewson
a4bf5b51e9 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-11-10 16:06:43 -05:00
Nick Mathewson
2a50dd9359 Enforce multiplicity rules when parsing annotations.
We would never actually enforce multiplicity rules when parsing
annotations, since the counts array never got entries added to it for
annotations in the token list that got added by earlier calls to
tokenize_string.

Found by piebeer.
2010-11-10 16:02:02 -05:00
Nick Mathewson
089137f011 Fix a bug where seting allow_annotations==0 only ignores annotations, but does not block them 2010-11-10 16:02:02 -05:00
Nick Mathewson
1bb9734e3a Implement policies for nodes (and for microdescriptors too) 2010-10-01 18:14:28 -04:00
Nick Mathewson
45f1e4d5ee Rename routerstatus_t.is_running to is_flagged_running
This was the only flag in routerstatus_t that we would previously
change in a routerstatus_t in a consensus. We no longer have reason
to do so -- and probably never did -- as you can now confirm more
easily than you could have done by grepping for is_running before
this patch.

The name change is to emphasize that the routerstatus_t is_running
flag is only there to tell you whether the consensus says it's
running, not whether it *you* think it's running.
2010-10-01 18:14:27 -04:00
Nick Mathewson
26e897420e Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t.  It should try to present a consistent interface to all
of them.  There should be a node_t for a server whenever there is
  * A routerinfo_t for it in the routerlist
  * A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)

There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.

All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.

A node_t should hold all the *mutable* flags about a node.  This
patch moves the is_foo flags from routerinfo_t into node_t.  The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.

Some other highlights of this patch are:

  * Looking up routerinfo and routerstatus by nickname is now
    unified and based on the "look up a node by nickname" function.
    This tries to look only at the values from current consensus,
    and not get confused by the routerinfo_t->is_named flag, which
    could get set for other weird reasons.  This changes the
    behavior of how authorities (when acting as clients) deal with
    nodes that have been listed by nickname.

  * I tried not to artificially increase the size of the diff here
    by moving functions around.  As a result, some functions that
    now operate on nodes are now in the wrong file -- they should
    get moved to nodelist.c once this refactoring settles down.
    This moving should happen as part of a patch that moves
    functions AND NOTHING ELSE.

  * Some old code is now left around inside #if 0/1 blocks, and
    should get removed once I've verified that I don't want it
    sitting around to see how we used to do things.

There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()."  I'll work on filling in the
implementation here, piece by piece.

I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest.  Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-10-01 18:14:27 -04:00
Nick Mathewson
f3e8bc391a Remove the has_old_dnsworkers flag. 2010-09-28 23:37:45 -04:00
Nick Mathewson
9f5b752e4f Actually parse the m lines from a microdesc consensus 2010-09-27 18:04:44 -04:00
Sebastian Hahn
05072723cb Create routerparse.h 2010-07-27 10:00:46 +02:00
Sebastian Hahn
df9d42cef5 Create rephist.h 2010-07-27 10:00:46 +02:00
Sebastian Hahn
7bd8dee463 Create policies.h 2010-07-27 10:00:45 +02:00
Sebastian Hahn
69fcbbaa89 Create networkstatus.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
86d6bfe448 Create microdesc.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
85f7d54418 Create dirvote.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
7d4c027fb0 Create dirserv.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
c4f8f1316e Create config.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
31e81439e1 Create rendcommon.h 2010-07-27 07:56:25 +02:00
Sebastian Hahn
cbee969f40 Create routerlist.h 2010-07-27 07:56:25 +02:00
Sebastian Hahn
c53b6cc831 Create router.h 2010-07-27 07:56:25 +02:00
Nick Mathewson
9caecc1e48 Merge branch 'fix_routerparse_bug' 2010-02-28 13:48:05 -05:00
Nick Mathewson
b006e3279f Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	src/common/test.h
	src/or/test.c
2010-02-27 17:16:31 -05:00
Nick Mathewson
c3e63483b2 Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
Nick Mathewson
27a8a56e6c Fix a consensus-extension bug found by outofwords
When the bandwidth-weights branch added the "directory-footer"
token, and began parsing the directory footer at the first
occurrence of "directory-footer", it made it possible to fool the
parsing algorithm into accepting unsigned data at the end of a
consensus or vote.  This patch fixes that bug by treating the footer
as starting with the first "directory-footer" or the first
"directory-signature", whichever comes first.
2010-02-27 17:07:05 -05:00
Nick Mathewson
1c25077b1c fix some wide lines in routerparse.c 2010-02-27 16:33:22 -05:00
Nick Mathewson
937b5cdd41 Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	src/or/routerparse.c
2010-02-27 15:34:02 -05:00
Sebastian Hahn
b67657bd95 Properly handle non-terminated strings
Treat strings returned from signed_descriptor_get_body_impl() as not
NUL-terminated. Since the length of the strings is available, this is
not a big problem.

Discovered by rieo.
2010-02-27 02:13:22 +01:00
Sebastian Hahn
1c39dbd53a Don't segfault when checking the consensus 2010-02-26 08:01:40 +01:00
Nick Mathewson
1e1d471002 Don't believe unauthenticated info in a consensus.
Don't allow anything but directory-signature tokens in a consensus after
the first directory-signature token.  Fixes bug in bandwidth-weights branch.
Found by "outofwords."
2010-02-26 01:02:20 -05:00
Nick Mathewson
eb10d441b6 Fix 64-bit printf issues in consensus-bw-weights5-merge.
For my 64-bit Linux system running with GCC 4.4.3-fc12-whatever, you
can't do 'printf("%lld", (int64_t)x);' Instead you need to tell the
compiler 'printf("%lld", (long long int)x);' or else it doesn't
believe the types match.  This is why we added U64_PRINTF_ARG; it
looks like we needed an I64_PRINTF_ARG too.
2010-02-25 16:22:40 -05:00
Mike Perry
87a0430a74 Clearly mark directory footer so we parse the new weight line. 2010-02-22 16:52:11 -08:00
Mike Perry
df1ef2f0f0 Add parsing+verification for bw weight values. 2010-02-22 16:52:11 -08:00
Sebastian Hahn
5aa9610dd6 network-status-version must come first in a vote/consensus
Spec conformance issue: The code didn't force the network-status-version
token to be the first token in a v3 vote or consensus.

Problem discovered by Parakeep.
2010-02-22 09:16:26 +01:00
Karsten Loesing
f80672d747 Remove duplicate words and a duplicate newline. 2009-12-18 12:55:05 +01:00
Nick Mathewson
0c1b3070cf Now that FOO_free(NULL) always works, remove checks before calling it. 2009-12-12 02:07:59 -05:00
Sebastian Hahn
3807db001d *_free functions now accept NULL
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.

This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
2009-12-12 03:29:44 +01:00
Nick Mathewson
200c39b66c Document the microdescriptor code better. 2009-10-18 18:46:12 -04:00
Nick Mathewson
a19981725d Parse detached signatures and microdesc networkstatuses correctly. 2009-10-15 15:17:13 -04:00
Nick Mathewson
5576a3a094 Parse detached signature documents with multiple flavors and algorithms. 2009-10-15 15:17:13 -04:00
Nick Mathewson
3b2fc659a8 Refactor consensus signature storage for multiple digests and flavors.
This patch introduces a new type called document_signature_t to represent the
signature of a consensus document.  Now, each consensus document can have up
to one document signature per voter per digest algorithm.  Also, each
detached-signatures document can have up to one signature per <voter,
algorithm, flavor>.
2009-10-15 15:17:13 -04:00
Nick Mathewson
e1ddee8bbe Code to generate, store, and parse microdescriptors and consensuses.
The consensus documents are not signed properly, not served, and not
exchanged yet.
2009-10-15 15:17:13 -04:00
Nick Mathewson
a7ba02f3f1 Add ability to parse one or more m line from a vote. 2009-10-15 15:17:13 -04:00
Nick Mathewson
c5f7f04aff Allow signed data to include other hashes later.
Previously, we insisted that a valid signature must be a signature of
the expected digest.  Now we accept anything that starts with the
expected digest.  This lets us include another digest later.
2009-10-15 15:17:12 -04:00
Nick Mathewson
15f4e9600c Signature-checking code can handle longer digests. 2009-10-15 15:17:12 -04:00
Nick Mathewson
8b2f6b27fd Make signature-generation code handle different key and digest lengths. 2009-10-15 15:17:12 -04:00
Nick Mathewson
83c3f118db Code to parse and access network parameters.
Partial backport of 381766ce4b.
Partial backport of 56c6d78520.
2009-10-14 16:15:41 -04:00
Roger Dingledine
9eb5edc093 Merge commit 'sebastian/specconformance' 2009-09-16 20:37:43 -04:00
Nick Mathewson
ed7283d283 Merge commit 'origin/maint-0.2.1'
Resolved conflicts in:
	src/or/circuitbuild.c
2009-09-15 19:37:26 -04:00
Nick Mathewson
381766ce4b Implement proposal 167: Authorities vote on network parameters.
This code adds a new field to vote on: "params".  It consists of a list of
sorted key=int pairs.  The output is computed as the median of all the
integers for any key on which anybody voted.

Improved with input from Roger.
2009-09-14 23:21:53 -04:00
Sebastian Hahn
b792afa919 Fix a memory leak when parsing a ns
Adding the same vote to a networkstatus consensus leads to a memory leak
on the client side. Fix that by only using the first vote from any given
voter, and ignoring the others.

Problem found by Rotor, who also helped writing the patch. Thanks!
2009-09-14 22:25:08 +02:00
Sebastian Hahn
c1a6fb42ac Fix a spec conformance issue when parsing a ns vote
A vote may only contain exactly one signature. Make sure we reject
votes that violate this.

Problem found by Rotor, who also helped writing the patch. Thanks!
2009-09-14 22:06:21 +02:00
Sebastian Hahn
0a71d1c6a7 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 22:16:46 +02:00
Nick Mathewson
1cda6f3e75 Merge commit 'origin/maint-0.2.1' 2009-09-01 15:59:40 -04:00
Sebastian Hahn
aea9cf1011 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 18:36:27 +02:00
Karsten Loesing
889c07f1fc When Tor fails to parse a descriptor of any kind, dump it to disk. 2009-08-26 20:15:47 -04:00
Nick Mathewson
1d9b8a1e16 Merge commit 'karsten/proposal-166-impl-master' 2009-08-26 11:36:40 -04:00
Nick Mathewson
daa0326aaa Add the first 8 bytes of the git commit digest to our versions.
Note that unlike subversion revision numbers, it isn't meaningful to
compare these for anything but equality.  We define a sort-order anyway,
in case one of these accidentally slips into a recommended-versions
list.
2009-08-21 12:31:13 -04:00
Karsten Loesing
9179bcb923 Include contents of *-stats files in descriptor. 2009-08-17 13:30:10 +02:00
Mike Perry
6fbdf635fa Implement measured bw parsing + unit tests. 2009-08-06 11:48:03 -07:00
Nick Mathewson
ec7e054668 Spell-check Tor. 2009-05-27 17:55:51 -04:00
Karsten Loesing
9b32e8c141 Update copyright to 2009. 2009-05-04 11:28:27 -04:00
Nick Mathewson
d50501e5ed Fix a few crash bugs related to malormed descriptors. Lark found one; fuzzing found the rest.
svn:r19250
2009-04-09 19:58:16 +00:00
Roger Dingledine
28d97f8262 uh, and commit the patch too.
svn:r18423
2009-02-09 03:13:14 +00:00
Nick Mathewson
261f49fe26 Fix a possible cause of bug 915 when parsing multiple votes one of which was bad. Bugfix on 0.2.0.8-alpha.
svn:r18354
2009-01-31 18:27:38 +00:00
Nick Mathewson
a33452c401 Fix up (I hope) most ot the things that coverity suddenly claimed were REVERSE_INULL. This is what we get for bragging about being down to 0 issues.
svn:r18096
2009-01-13 14:43:51 +00:00
Nick Mathewson
c4b8fef362 Remove svn $Id$s from our source, and remove tor --version --version.
The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed.  They were not actually useful for
telling the version of Tor files in the wild.

svn:r17867
2009-01-04 00:35:51 +00:00
Nick Mathewson
76a2e11f91 Downgrade the last xxx021 in routerparse. The duplicate code stands for now.
svn:r17817
2008-12-29 19:57:04 +00:00
Nick Mathewson
a332805a55 Extact parse-the-token-arguments to its own function, and change it to a single-pass algorithm. This simplifies the parsing code and speeds it up a little.
svn:r17812
2008-12-29 16:54:56 +00:00
Nick Mathewson
fa6e72dc4b Remove a call to find_whitespace_eos that didn't actually do anything.
svn:r17811
2008-12-29 16:54:51 +00:00
Nick Mathewson
870fd18b8f Refactor some exit-policy-related functions that showed up in oprofile.
Specifically, split compare_tor_addr_to_addr_policy() from a loop with a bunch
of complicated ifs inside into some ifs, each with a simple loop.  Rearrange
router_find_exact_exit_enclave() to run a little faster.  Bizarrely,
router_policy_rejects_all() shows up on oprofile, so precalculate it per
routerinfo.

svn:r17802
2008-12-29 01:47:28 +00:00
Nick Mathewson
558e9899e4 Document most undocumented variables.
svn:r17754
2008-12-23 17:56:31 +00:00
Nick Mathewson
b68379b13b Add DOCDOC entries for undocumented static and global variables.
svn:r17739
2008-12-22 19:00:05 +00:00
Nick Mathewson
1e5f457461 Fix most DOCDOCs remaining and/or added by redox.
svn:r17734
2008-12-22 17:53:04 +00:00
Nick Mathewson
1725c0c8a5 Add DOCDOC comments for all undocumented functions. Add missing *s to other comments so that they will get recognized as doxygen.
svn:r17729
2008-12-22 14:56:28 +00:00
Nick Mathewson
f43bcdc063 Use ctags and a python script to find identifiers that are never used anywhere, and remove the ones that we really want gone.
svn:r17651
2008-12-17 17:20:42 +00:00
Nick Mathewson
69ce955484 Add cross-certification to authority key certificates. Partial implementation of proposal 157.
svn:r17610
2008-12-12 18:31:39 +00:00
Nick Mathewson
04ec7d1f98 Now that tor_assert is no longer using a broken force-to-boolean formulation, we can tor_assert a bitfield without a gcc compile error.
svn:r17598
2008-12-11 20:28:50 +00:00
Nick Mathewson
bb02f919f1 Refactor find_first_by_keyword into one variant that can return NULL and one that can't.
This makes it easier for us to avoid errors where we we forgot to list a keyword as mandatory, and easier for Coverity to detect cases like this too.

svn:r17595
2008-12-11 19:40:58 +00:00
Nick Mathewson
e06442b648 Add a couple of sanity-checks for return values that coverity thinks we ought to have. CIDs 337, 335.
svn:r17485
2008-12-05 01:35:49 +00:00
Nick Mathewson
a26188cee9 fix bug 880: find the end of an authority cert by looking for the first ----END SIGNATURE----- after the first dir-key-certification, not for the first ----END SIGNATURE. Harmless bug, but it made us non-spec-compliant.
svn:r17470
2008-12-03 03:42:19 +00:00
Nick Mathewson
3ebd1ebeca The chunk_size field in memarea_t was never actually set. Remove the whole thing.
svn:r17195
2008-11-05 20:34:22 +00:00
Nick Mathewson
73c6cb8353 Fix unit test failure related to intro point parsing.
svn:r17188
2008-11-03 16:36:15 +00:00
Nick Mathewson
e147e867be Proposal 152 implementation from Josh Albrecht, with tweaks.
svn:r16983
2008-09-26 18:58:45 +00:00
Nick Mathewson
8bbbbaf87b Add country-code support to configured node lists to implement the ever-popular "no exits in Monaco" feature (ExcludeExitNodes {MC}). Also allow country codes and IP ranges in ExitNodes. (EntryNodes needs more work.) Based on code by Robert Hogan. Needs more testing.
svn:r16966
2008-09-25 20:21:35 +00:00
Roger Dingledine
cc8b2247bf make r16598 compile on 64-bit too
svn:r16604
2008-08-20 05:15:08 +00:00
Nick Mathewson
24f1d29be1 Apply proposal 121 patch 3, with minor tweaks and a few comments.
svn:r16598
2008-08-19 15:41:28 +00:00
Peter Palfrader
e27b448c57 Do not split stored exit policy summary into type(accept/reject) and portlist. At least not just yet
svn:r16553
2008-08-14 23:01:21 +00:00
Peter Palfrader
41730a893c Rename a field so weasel likes it better
svn:r16552
2008-08-14 23:01:09 +00:00
Peter Palfrader
ceae7ed960 Add bw to consensus
svn:r16551
2008-08-14 23:00:57 +00:00
Peter Palfrader
82f8050ac4 Parse policies and weight (bw) into routerstatuses
svn:r16550
2008-08-14 23:00:44 +00:00
Peter Palfrader
b246c4de9b asserting(s) is better than segfaulting if it turns out to be NULL later
svn:r16538
2008-08-14 12:37:14 +00:00
Nick Mathewson
60a0ae198d Patch cleanups from karsten
svn:r16479
2008-08-09 15:13:28 +00:00
Nick Mathewson
22259a0877 The first of Karsten's proposal 121 patches: configure and maintain client authorization data. Tweaked a bit: see comments on or-dev.
svn:r16475
2008-08-08 14:36:11 +00:00
Nick Mathewson
960a0f0a99 r17641@31-33-44: nickm | 2008-08-05 16:07:53 -0400
Initial conversion of uint32_t addr to tor_addr_t addr in connection_t and related types.  Most of the Tor wire formats using these new types are in, but the code to generate and use it is not.  This is a big patch.  Let me know what it breaks for you.


svn:r16435
2008-08-05 20:08:19 +00:00
Nick Mathewson
3ce6e2fba2 r17346@aud-055: nickm | 2008-07-24 15:37:19 +0200
Make generic address manipulation functions work better.  Switch address policy code to use tor_addr_t, so it can handle IPv6.  That is a good place to start.


svn:r16178
2008-07-24 13:44:04 +00:00
Nick Mathewson
dff1ef7d06 r17337@aud-055: nickm | 2008-07-24 10:17:43 +0200
Refactor the is_vote field of networkstatus_t to add a third possibility ("opinion") in addition to vote and opinion.  First part of implementing proposal 147.


svn:r16166
2008-07-24 09:22:27 +00:00
Nick Mathewson
787c66b70f r16917@tombo: nickm | 2008-07-11 12:55:26 -0400
Remove token enum constant in routerparse.c that we do not actually use.


svn:r15841
2008-07-11 17:08:05 +00:00
Nick Mathewson
f3f6ecef48 r19690@catbus: nickm | 2008-05-11 22:13:31 -0400
Implement a proposal to let a directory authority migrate its identity key without ceasing to sign consensuses.


svn:r14584
2008-05-12 02:14:01 +00:00
Peter Palfrader
ca43044600 I bet I screwed up while merging in the changes from the feature branch into my git-svn repository. Undo r14451
svn:r14452
2008-04-24 15:43:25 +00:00
Peter Palfrader
016e67f941 Merge conditional consensus downloading
svn:r14451
2008-04-24 15:39:14 +00:00
Peter Palfrader
901ee58c53 Enable conditional consensus downloading starting with 0.2.1.1-alpha servers
svn:r14449
2008-04-24 15:39:08 +00:00
Peter Palfrader
788404dacf and the client part of the consensus-by-authority-fpr proposal (ifdef'ed out)
svn:r14446
2008-04-24 15:38:57 +00:00
Nick Mathewson
944bd3dbed r19074@catbus: nickm | 2008-03-26 17:08:32 -0400
Start new address policies with refcount of 1, not 2.  Backport candidate once tested more.


svn:r14204
2008-03-26 21:08:39 +00:00
Nick Mathewson
e8cc756c13 r19072@catbus: nickm | 2008-03-26 13:50:24 -0400
Add code to debug memory area size.  Use results of this code to set a couple of area sizes more sanely.


svn:r14201
2008-03-26 17:50:27 +00:00
Nick Mathewson
762d82cf74 r19062@catbus: nickm | 2008-03-26 12:56:25 -0400
Fix whitespace


svn:r14197
2008-03-26 16:56:37 +00:00
Nick Mathewson
3af9e099f7 r19061@catbus: nickm | 2008-03-26 12:53:18 -0400
Now that every thing in routerparse.c is switched over to use memareas, there is no need to keep the heap-allocated token code.


svn:r14196
2008-03-26 16:56:34 +00:00
Nick Mathewson
6edab8569a r19060@catbus: nickm | 2008-03-26 12:44:19 -0400
Make v2 hidden service descriptors use the new area allocation logic.  This works for me, but Karsten should definitely have a look at it.


svn:r14195
2008-03-26 16:56:31 +00:00
Nick Mathewson
e4ebe3409e r19049@catbus: nickm | 2008-03-26 12:33:25 -0400
Add new stacklike, free-all-at-once memory allocation strategy.  Use it when parsing directory information.  This helps parsing speed, and may well help fragmentation some too.  hidden-service-related stuff still uses the old tokenizing strategies.


svn:r14194
2008-03-26 16:33:33 +00:00
Nick Mathewson
ba915e4211 r18913@catbus: nickm | 2008-03-18 10:30:39 -0400
16, not 64.


svn:r14094
2008-03-18 14:30:46 +00:00
Roger Dingledine
31d185a23b point out another bug for nick. and if it's *not* a bug, that's
stunning and i want to know why. :)


svn:r14088
2008-03-18 03:08:48 +00:00
Nick Mathewson
e17e6371d1 r18896@catbus: nickm | 2008-03-17 16:10:54 -0400
Fix bug in earlier bugfix.  Note stupidness of allowing NULL policies at all.  Disallow empty exit policies in router descriptors.


svn:r14082
2008-03-17 20:10:57 +00:00
Nick Mathewson
e7db789e82 r14399@tombo: nickm | 2008-02-22 14:09:38 -0500
More 64-to-32 fixes. Partial backport candidate. still not done.


svn:r13680
2008-02-22 19:09:45 +00:00
Nick Mathewson
cefe0a1959 r18255@catbus: nickm | 2008-02-20 11:44:55 -0500
Add asserts and refactor some comparisons in order to fix some veracode-identified issues. Note a bug in buffers.c


svn:r13618
2008-02-20 16:57:39 +00:00
Nick Mathewson
260c37c14c r18236@catbus: nickm | 2008-02-19 18:55:21 -0500
Explain why I am right and veracode is wrong in routerparse.c line 1141.  Using math!


svn:r13602
2008-02-19 23:57:06 +00:00
Nick Mathewson
42c4670e27 r18230@catbus: nickm | 2008-02-19 18:29:43 -0500
Add a few asserts to catch possible errors found by veracode.


svn:r13598
2008-02-19 23:29:45 +00:00
Nick Mathewson
842a33ff20 Update some copyright notices: it is now 2008.
svn:r13412
2008-02-07 05:31:47 +00:00
Roger Dingledine
bbcf406d9f If the networkstatus consensus lists no recommended versions, don't
complain to the user and demand that they upgrade to one of "".


svn:r13401
2008-02-06 12:45:04 +00:00
Nick Mathewson
ec6c131da6 r17936@catbus: nickm | 2008-02-06 00:31:11 -0500
Fix/downgrade some more XXX020s.


svn:r13397
2008-02-06 05:31:21 +00:00
Nick Mathewson
368f62c79d r17933@catbus: nickm | 2008-02-05 19:54:28 -0500
Stamp out a bunch of atoi users; make more tor_parse_long() users check their outputs.


svn:r13395
2008-02-06 00:54:47 +00:00
Nick Mathewson
c8a689c9e8 r17909@catbus: nickm | 2008-02-05 14:48:22 -0500
As planned, rename networkstatus_vote_t to networkstatus_t, now that v3 networkstatuses are working and standard and v2 networkstatuses are obsolete.


svn:r13383
2008-02-05 21:39:29 +00:00
Nick Mathewson
68cf666d04 Fix bug 571: associate certificates with keys, not dirservers, so that we can have certificates for dirservers we do not recognize.
svn:r13304
2008-01-26 23:18:30 +00:00
Peter Palfrader
12bd40931b Fix a warning
svn:r13243
2008-01-23 09:05:40 +00:00
Nick Mathewson
4a3b7496f0 r17639@catbus: nickm | 2008-01-15 19:09:21 -0500
Fix some hard to trigger but nonetheless real memory leaks spotted by an anonymous contributor.  Needs review.  Partial backport candidate.


svn:r13147
2008-01-16 05:27:19 +00:00
Nick Mathewson
89dfec02d8 r17614@catbus: nickm | 2008-01-14 13:55:25 -0500
Add a missing "goto err" when parsing v2 ns docs


svn:r13133
2008-01-14 19:00:33 +00:00
Nick Mathewson
e49229caf8 r17610@catbus: nickm | 2008-01-14 13:20:49 -0500
Fix a bogus free() call on a base64 failure in router_append_dirobj_signature().


svn:r13129
2008-01-14 19:00:19 +00:00
Roger Dingledine
2ac1e36248 minor cleanups
svn:r13095
2008-01-10 17:54:24 +00:00
Nick Mathewson
04263648c4 r17554@catbus: nickm | 2008-01-10 12:48:29 -0500
Do not send bridge descriptors over unencrypted connections.


svn:r13094
2008-01-10 17:48:40 +00:00
Nick Mathewson
11fff225fa r15779@tombo: nickm | 2008-01-01 23:43:24 -0500
Use reference-counting to avoid allocating a zillion little addr_policy_t objects. (This is an old patch that had been sitting on my hard drive for a while.)


svn:r13017
2008-01-02 04:43:44 +00:00
Roger Dingledine
3f4080d15d tiny tweaks on r12900
svn:r12901
2007-12-21 09:33:11 +00:00
Roger Dingledine
90fcfade4e revert r12841 and r12842, and commit karsten's "patch 13"
svn:r12900
2007-12-21 09:28:22 +00:00
Roger Dingledine
f0e7c4f0da Only Tors that want to mirror the v2 directory info should
create the "cached-status" directory in their datadir. All Tors
used to create it. Bugfix on 0.1.2.x.

Bridge relays with DirPort set to 0 no longer cache v1 or v2
directory information; there's no point. Bugfix on trunk.


svn:r12887
2007-12-20 06:47:59 +00:00
Roger Dingledine
07c7f9e9e7 When we were reading router descriptors from cache, we were ignoring
the annotations -- including reading in bridge-purpose descriptors
as general-purpose descriptors.


svn:r12867
2007-12-19 03:11:02 +00:00
Roger Dingledine
e70d9a7f4d fix another mem leak, and point out another for karsten
svn:r12841
2007-12-16 20:46:23 +00:00
Roger Dingledine
98a56a386d our unit tests leak memory like a sieve.
fix two actual memory leaks found while cleaning up a bit.


svn:r12829
2007-12-16 08:20:10 +00:00
Roger Dingledine
1d8a8063b9 clean up copyrights, and assign 2007 copyrights to The Tor Project, Inc
svn:r12786
2007-12-12 21:09:01 +00:00
Roger Dingledine
ce2cf88ebf Stop thinking that 0.1.2.x directory servers can handle "begin_dir"
requests. Should ease bugs 406 and 419 where 0.1.2.x relays are
crashing or mis-answering these requests.


svn:r12658
2007-12-03 22:31:59 +00:00
Roger Dingledine
f8df8d791e start to refactor dirserver_mode()
svn:r12621
2007-12-01 04:58:53 +00:00
Nick Mathewson
f061994487 r16881@catbus: nickm | 2007-11-30 15:07:42 -0500
Do not keep a string representation of every single addr_policy_t lying around.  This might save a few hundred K.


svn:r12617
2007-11-30 20:09:09 +00:00
Roger Dingledine
8ac5f24c33 easy tweaks on r12607
svn:r12608
2007-11-29 15:30:32 +00:00
Roger Dingledine
aaf35cccf7 karsten's second refactoring patch
svn:r12607
2007-11-29 15:25:04 +00:00
Roger Dingledine
466abecef4 Our new v2 hidden service descriptor format allows descriptors
that have no introduction points. But Tor crashed when we tried
to build a descriptor with no intro points (and it would have
crashed if we had tried to parse one). Bugfix on 0.2.0.x; patch
by Karsten Loesing.


svn:r12579
2007-11-27 21:06:34 +00:00
Nick Mathewson
bed01a9003 r16525@catbus: nickm | 2007-11-07 12:10:01 -0500
Clean up log messages from bug 543 fix, and make old_routers also keep track of their indices.  This will probably crash some until all the bugs are fixed.


svn:r12412
2007-11-07 17:11:23 +00:00
Roger Dingledine
d4e339ed87 Nov 03 11:15:13.103 [info] connection_dir_client_reached_eof(): Received consensus directory (size 330543) from server '86.59.21.38:80'
Nov 03 11:15:13.129 [info] networkstatus_set_current_consensus(): Got a consensus we already have
Nov 03 11:15:13.129 [warn] Unable to load consensus directory dowloaded from server '86.59.21.38:80'


svn:r12359
2007-11-03 15:55:15 +00:00
Nick Mathewson
3a6287615b r16367@catbus: nickm | 2007-11-02 13:13:15 -0400
Space fixes.


svn:r12345
2007-11-02 17:16:34 +00:00
Nick Mathewson
832ef9562f r14623@tombo: nickm | 2007-11-01 22:25:18 -0400
More tweaks from karsten, with some cleanup and commentary.


svn:r12319
2007-11-02 02:25:28 +00:00
Nick Mathewson
779b615bc2 r16300@catbus: nickm | 2007-10-31 15:36:41 -0400
Next patch from Karsten:  rename some macros, tunnel dir connections, generate (and upload) multiple descriptors as appropriate.


svn:r12299
2007-10-31 20:48:06 +00:00
Nick Mathewson
e136f00ca8 r16262@catbus: nickm | 2007-10-29 13:21:35 -0400
Patch from Karsten: Code to act as (and use) v2 hidden service directories.


svn:r12272
2007-10-29 19:10:42 +00:00
Nick Mathewson
d94a978b32 r16237@catbus: nickm | 2007-10-28 15:45:25 -0400
Tidy v2 hidden service descriptor format code: fix memory leaks, fix reference problems, note magic numbers, note questions, remove redundant checks, remove a possible stack smashing bug when encoding a descriptor with no protocols supported.


svn:r12255
2007-10-28 19:48:16 +00:00
Nick Mathewson
c58675ca72 r16236@catbus: nickm | 2007-10-28 14:36:30 -0400
Patch from Karsten Loesing: encode and parse v2 rendezvous descriptors.


svn:r12254
2007-10-28 19:48:14 +00:00
Nick Mathewson
73c1cfe80b r16154@catbus: nickm | 2007-10-25 10:29:47 -0400
Fix more memory leaks, with help from dmalloc.


svn:r12188
2007-10-25 14:31:15 +00:00
Roger Dingledine
f37185bf0b Stop leaking memory every time we parse a v3 certificate. Bugfix
on 0.2.0.1-alpha.


svn:r12185
2007-10-25 13:18:37 +00:00
Nick Mathewson
f06ac50d45 r16034@catbus: nickm | 2007-10-22 12:30:38 -0400
Move an XXX020 to the logical place.


svn:r12104
2007-10-22 16:32:08 +00:00
Nick Mathewson
b0a18d1bfa r15967@catbus: nickm | 2007-10-19 14:14:47 -0400
Change meaning of "freefn" argument to smartlist_uniq so that we can remove duplicates from a list without freeing them.


svn:r12053
2007-10-19 18:56:28 +00:00
Nick Mathewson
7bb202fd19 r15965@catbus: nickm | 2007-10-19 13:32:11 -0400
Client-side implementation for proposal 122.


svn:r12051
2007-10-19 18:56:24 +00:00
Nick Mathewson
106e01db3d r15956@catbus: nickm | 2007-10-19 11:18:14 -0400
Encode address in certificates.  Also, make it possible to create certs reusing an old key.


svn:r12046
2007-10-19 16:28:10 +00:00
Nick Mathewson
29dfdac923 r15939@catbus: nickm | 2007-10-18 22:14:15 -0400
Remember the valid-until time of the most recent consensus that listed
 a router, and (if we are a cache) never delete the routerdesc until
 that conensus is expired.  This is way easier than retaining multiple
 consensuses.  (Of course, the info isn't retained across restarts,
 but that only affects a few caches at a time.) 
 


svn:r12041
2007-10-19 02:15:47 +00:00
Nick Mathewson
3ad6dc0e2e r15806@catbus: nickm | 2007-10-15 19:14:57 -0400
Implement v3 networkstatus client code.  Remove v2 networkstatus client code, except as needed for caches to fetch and serve v2 networkstatues and the routers they list.


svn:r11957
2007-10-15 23:15:24 +00:00
Nick Mathewson
ff2820c1ba r14892@Kushana: nickm | 2007-10-11 14:00:33 -0400
Fix a bunch of XXX020s: treat some 403s as INFO severity; remove some dead code; share the retry path for consensus routerdescs that are also listed in the v2 networkstatus; check even more aspects of votes when parsing them.


svn:r11871
2007-10-11 18:01:12 +00:00
Roger Dingledine
8e8d2defe3 bugfix on r11480:
Stop calling tor_strlower() on uninitialized memory in some cases.


svn:r11858
2007-10-10 23:44:10 +00:00
Nick Mathewson
8b71a76dd3 r15598@catbus: nickm | 2007-10-09 16:37:35 -0400
Turn all "Is DirPort nonzero? Because if it is, we must be a directory" logic into calls to dirserver_mode().


svn:r11817
2007-10-09 20:44:47 +00:00