Remember the valid-until time of the most recent consensus that listed
a router, and (if we are a cache) never delete the routerdesc until
that conensus is expired. This is way easier than retaining multiple
consensuses. (Of course, the info isn't retained across restarts,
but that only affects a few caches at a time.)
svn:r12041
Implement v3 networkstatus client code. Remove v2 networkstatus client code, except as needed for caches to fetch and serve v2 networkstatues and the routers they list.
svn:r11957
Fix a bunch of XXX020s: treat some 403s as INFO severity; remove some dead code; share the retry path for consensus routerdescs that are also listed in the v2 networkstatus; check even more aspects of votes when parsing them.
svn:r11871
Add a bunch of function documentation; clean up a little code; fix some XXXXs; tag the nonsensical EXTRAINFO_PURPOSE_GENERAL as nonsesnse; note another bit of "do not cache special routers" code to nuke.
svn:r11761
Use descriptor annotations to record the source, download t time, and purpose of every descriptor we add to the store. The remaining to-do item is to stop setting do_not_cache on bridges.
svn:r11680
More annotated-store work: handle annotations in lists correctly. Add ability to prepend annotations to a routerdesc (and to every rtouredesc in a list), while verifying that the routerdesc is not already annotated.
svn:r11665
Backend for descriptor annotations: parse annotations as keywords; only allow them to appear in the cache; do not serve them as part of the descriptor if we are a dirserver. Still need mechanism to set annotations. Still need to rename cache file.
svn:r11654
Get rid of a needless malloc() when parsing address policies. Original patch from "Some guy on #tor", via arma. Altered to have a sufficiently large buffer, and not use the buffer so much, and to save a strlcpy.
svn:r11480
Another patch from croup: drop support for address masks that do not correspond to bit prefixes. Nobody has used this for a while, and we have given warnings for a long time.
svn:r10881
We had accidentally labelled 0.1.2.x directory servers as not
suitable for begin_dir requests, and had labelled no directory
servers as suitable for uploading extra-info documents. [Bugfix
on 0.2.0.1-alpha]
svn:r10853
Patch from croup: rewrite the logic of get_next_token() to do the right thing with input that ends at weird places, or aligns with block boundaries after mmap. should fix bug 455. Needs fuzzing.
svn:r10847
Sun CC likes to give warnings for the do { } while(0) construction for making statement-like macros. Define STMT_BEGIN/STMT_END macros that do the right thing, and use them everywhere.
svn:r10645
Make all the digestmaps inside routerlist_t use the new typechecking wrappers, so we can catch any more bugs like the one fixed by 10561. This turned up a bug in routerlist_remove: we were extracting a routerinfo_t from desc_digest_map. Fix that too, though it was probably harmless, since we were only doing a pointer comparison with it.
svn:r10563
Refactor v3 vote generation code into "build a networkstatus_vote_t" and "format a networkstatus_vote_t". This should make testing possible.
svn:r10533
Adapt code to parse v3 networkstatus votes so it can also parse a consensus. Make networkstatus_vote_t the catch-all type for votes and conensuses. Correct/clarify the second argument to directory-signature.
svn:r10491
First draft of code to generate votes. needs testing. does not yet upload or serve votes. Shares most of its code with the old generate_v2_networkstatus.
svn:r10295
More v3 directory code: have authorities load certificates; have everybody store certificates to disk and load them; provide a way to configure v3 authorities.
svn:r10293
Partial backport candidate: do not rely on finding a \0 after an mmaped() router/extrainfo file. Also, set journal length correctly when starting up.
svn:r10248
Cleanup, lock-down, and refactor bits of routerparse.c: use a single unified function to check all signatures. Fix all DOCDOCs. Remove some old dead debugging code. Enforce some parsing rules better.
svn:r10192
authorities should set. This will let future authorities choose
not to serve V2 directory information.
Also, go through and revamp all the authdir_mode stuff so it tries
to do the right thing if you're an auth but not a V1 or V2 auth.
svn:r10092
Now that the directory parser checks for missing items, the rest of the code can just assert that they are there, rather than checking a second time.
svn:r9966
Refactor router/directory parsing backend: use a separate token table for everything that we parse, and enforce the correct count of each item.
svn:r9965
Initial code to parse extra-info documents as described in proposal 104. This is making me realize that the parsing code in routerparse.c is a little daft.
svn:r9963
Make all LD_BUG log messsages get prefixed with "Bug: ". Remove manually-generated "Bug: "s from log-messages. (Apparently, we remembered to add them about 40% of the time.)
svn:r9733
Fix several bugs in computing recommended versions. 1) refactor is-this-version-good handling and which-vesions-are-good handling to be in the same place. 2) a version is recommended if more than half of the versioning authorities like it, not >= half. 3) "NEW_IN_SERIES" should mean, "I don't know of an 0.1.1.x this recent, and there are some 0.1.2.x versions out", not "I don't know of an 0.1.1.x this recent, but I know some older ones." This should resolve bug 383.
svn:r9523
Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were. Oops. Hey, kids! Fixing some of these could be your first Tor patch!
svn:r9477
Add (and specify) a BadDirectory flag to networkstatuses, so authorities can tell clients that some caches are broken. Also, implement an as-yet-unused function to estimate how many bytes will be sent on a directory connection.
svn:r9255
New socks command CONNECT_DIR. New config option TunnelDirConns that
builds a circ ending at the directory server and delivers a BEGIN_DIR
cell if it's running 0.1.2.2-alpha or later. We still need to make
one-hop circs when appropriate, while making other conns avoid them.
svn:r9098
Try to compile with fewer warnings on irix64's MIPSpro compiler /
environment, which apparently believes that:
- off_t can be bigger than size_t.
- only mean kids assign things they do not subsequently inspect.
I don't try to fix the "error" that makes it say:
cc-3970 cc: WARNING File = main.c, Line = 1277
conversion from pointer to same-sized integral type (potential portability
problem)
uintptr_t sig = (uintptr_t)arg;
Because really, what can you do about a compiler that claims to be c99
but doesn't understand that void* x = NULL; uintptr_t y = (uintptr_t) x;
is safe?
svn:r8948
Add some temporary code to count how many *distinct* router digests we verify. (I have a sneaking suspicion that the numbers look way way high.)
svn:r8890
Change to BadExit logic: Let authorities set an "I list bad exits" flag. Consider an exit bad if it is listed as bad by more than half of *those* authorities. This gives us a better migration path.
svn:r8756
Add client support for a 'BadExit' flag, so authorities can say "Server X is a poor choise for your nytimes.com connections, as it seems to direct them to HoorayForMao.com or (more likely) WouldYouLikeToBuyTheseFineEncyclopedias.com"
svn:r8690
The otherwise regrettable MIPSpro C compiler warns about values set but never used, and about mixing enums and ints; these are good warnings, and so should be fixed. This removes some dead code and some potential bugs. Thanks to pnx.
svn:r8664
Reserve the nickname "Unnamed" for routers that can't pick a hostname; any
router can call itself Unnamed; directory servers will never allocate Unnamed
to any particular router; clients won't believe that any router is the
canonical Unnamed.
svn:r8529
Fix bug 327 (part 2): Cast char to unsigned char before passing to toupper/tolower. (Follow the same idiom as with isupper and friends, in case we run into the same problem on SGI or whereever it was.)
svn:r8310
connecting and for resolving). Now we tolerate applications
that don't follow the RFCs. But continue to block malformed
names at the socks side.
svn:r6193
we screwed up the formatting in wild and unpredictable ways.
fix it before it becomes convention to format logs in wild and
unpredictable ways.
still need to do src/common/ someday.
svn:r5551
Only caches need to get running-routers; nobody needs to parse, store,
or use it. Same for the router-status line in the directories. Add
many #if 0's that can get removed once I'm convinced they don't
contain anything I'm forgetting.
Start all newly-parsed routers as non-running and non-valid; update
them from the list of network statuses.
Update all routers when a new networkstatus comes in.
After 3 tries for a networkstatus, clients give up until they're told
to try again.
"Let's get those missles ready to **DESTROY THE UNIVERSE**!"
-TMBG
svn:r5063
connection.c:
- Add some more connection accessor functions to make directory
download redundancy checking work.
directory.c, or.h, router.c, routerlist.c:
- Start on logic to note when networkstatus downloads fail.
dirserv.c, routerlist.c, routerparse.c:
- Start maintaining an is_named field in routerstatus_t. Don't
actually look at it yet.
dirserv.c, routerlist.c:
- Remove expired networkstatus objects.
or.h:
- Make some booleans into bitfields
- Add prototypes
routerlist.c:
- Sort networkstatus list by publication time
- Function to remove old (older than 10 days) networkstatus objects.
- Function to set a list of routerinfo_ts' status info from the
current set of networkstatus objects.
- Function to tell which routerinfos we need to download based no the
current set of networkstatus objects.
- Do not launch a networkstatus download if a redundant one is in progress.
routerparse.c:
- Keep router entries in networkstatus sorted by digest.
svn:r5012
- Distinguish v1 authorities (all currently trusted directories) from
v2 authorities (all trusted directories).
- Add configuration option for which dirs are v1 authories.
- Add configuration option for whether to be a v1 authority.
- Make trusted dirserver selection functions take options to
choose which functionality we need.
- Remove option when getting directory cache to see whether they
support running-routers; they all do now. Replace it with one
to see whether caches support v2 stuff.
- Parse, cache, and serve network-status objects properly.
- Serve compressed groups of router descriptors. The compression logic
here could be more memory-efficient.
-
svn:r4911
Probably very buggy, since I can't actually run an authdir.
Features
- Generate and publish new network-status format
- Code to cache and re-serve network-status objects generated by others.
- Publish individual descriptors (by fingerprint, by "all", and by
"tell me yours.") [Still needs compression logic]
- Publish client and server recommended versions seprately.
- Add digest of descriptor to routerinfo_t, so we can track them better, and
length, so we can server them more easily.
Cleanups
- Unify code to sign directory-like things
- Make resolve_my_address() able to tell you which name it wound up resolving.
- Unify code to store and serve directory-like things so it all uses
cached_dir_t.
- Unify code to set the value of cached_dir_t objects.
svn:r4835
Tor server, and only list them as running if they've been found to
be reachable.
Dirservers also log trouble servers, but only start complaining loudly
after they've been up for an hour, to reduce false positives. We still
need to do something about the fact that it is quite loud when there
are many trouble servers.
svn:r4829
it if it's not.
(this also fixes some potential security problems with people providing
hostnames as their address and then preferentially resolving them and
partitioning users.)
svn:r4790
- Mapaddress
- Postdescriptor
- GetInfo on descriptors
Required changes elsewhere:
- Keep the most recent running_routers_t in the routerlist_t. That way we
can learn about new routers and remember whether we were last told that
they were up or down. Also enables more simplifications.
- Keep the signed descriptor inside routerinfo_t. This makes
descriptor_entry_t in dirservers.c unneeded.
- Rename AddressMap (the verb) to MapAddress. Keep AddressMap as a noun.
- Check addresses for plausibility before mapping them.
svn:r3696
clock, then don't bother checking recommended-versions: it will
just make us sad.
as a side effect, people running obsolete versions and whose
clocks are wildly skewed will not be auto-shut-down. but they
will still get warns about their clock skew.
svn:r3459
directories on disk. Make authdirservers cache *their own*
directories instead of the ones they download. This gives better
liveness, and marginally better resistance to broken authdirservers.
Authdirservers don't cache running-routers at all: r-r isn't stored to
disk, so there's no point right now.
svn:r2893
they weren't writing anything into their datadirectory, so
when they stop and start, they would know nothing until they
fetched a directory from another authdirserver.
svn:r2891
Now we can try setting an option but back out if it fails to parse, or
if it's disallowed (e.g. changing RunAsDaemon from 1 to 0).
Use parse_line_from_str rather than parse_line_from_file.
svn:r2692
maintain it.
Have clients default to the nickname "client" in their certificates.
Give a less frightening warning on obsolete (pre-0.0.8) routerinfo_t's.
svn:r2568
files have really old descriptors for the authdirservers, so we're
asking them in the new format because they're too old.
now we actually compare the version to a cutoff version, and act
appropriately.
also take this chance to use only >=0.0.8 servers for dns resolves,
because of the recent bugs. we'll bump to >=0.0.9pre1 once there are
some servers running that.
svn:r2380
o and/or while avoiding unreliable nodes, depending on goals
o 'fascistfirewall' option to pick dirservers on port 80 and ORs on
port 443.
o if a begin failed due to exit policy, but we believe the IP should have been allowed, switch that router to exitpolicy reject *:* until we get our next directory.
svn:r2231
you know you might want to get it verified
also, moved that whole block below the check-signature logic, so
we don't execute it if the directory is a fake.
(the recommended-versions logic is still executed before the signature
is checked; we should fix that.)
svn:r2131
introduce an authdir_mode() macro to match the others.
don't initialize uptime to the number of seconds since 1970.
non-authoritative dirservers don't cache their directory on disk.
make only authdirservers use clique_mode.
only read approved-routers file if you're an authdirserver.
even authdirservers fetch a new directory in do_hup.
retry_all_connections() is now called retry_all_listeners().
router_parse_list_from_string() correctly reports the router number
it's working on.
only call dirserv_add_own_fingerprint() and
dirserv_add_descriptor() on startup if we're an authdirserver.
if AuthDir and !ORPort then fail.
if AuthDir and ClientOnly then fail.
svn:r2061
More docs and (way more!) testing needed.
Done:
- Authdirservers down directories from others.
- Generate and use running-routers lists
- Cache directories; store across reboots.
- Refactor directory parsing a bit; note potential trouble spots.
svn:r1985
