Move all struct-offset-manipulation macros into util.h, and use them consistently. Because there are days when "SUBTYPE_P(handle, subtype, _base)" is just easier to read and write than "(basetp*)(((handle) - STRUCT_OFFSET(subtype, _base))".
svn:r9592
Fix a longstanding dnsworker-related bug: when we decide to kill a DNS worker for having been in use too long, and we independently decide to close one of the exit connections waiting for that DNS worker (perhaps because we got an END relay cell), it was possible for us to try to double-free the connection. We were smart enough to detect this and assert, but not smart enough to fix this bug before now. This should resolve bug 390. Backport candidate.
svn:r9581
Node-picking fixes: Never warn when a down node is listed in a config option (bug 348); always warn when a node in a config option is unnamed. Also, when entrynodes is configured, then build the guard list as: (parts of EntryNodes that were guards before), (the rest of EntryNodes), (the rest of the old guards). This last point ensures that EntryNode users will get the EntryNodes they want with the minimum change to their guard list.
svn:r9574
Do not try to load advapi32.dll except when the user asks us to do something with NT services. When we _do_ try, always treat failure to load service functions as an exit-worthy error. Needs testing. (Fixes bug 389)
svn:r9571
Handle errors on opening cached-routers* more uniformly and sanely: log not-found errors at level INFO, and all other errors at level WARN. Needs testing on win32.
svn:r9569
Implement proposal 106: stop requiring clients to have certificates, and stop checking for nicknames in certificates. [See proposal 106 for rationale.] Also improve messages when checking TLS handshake, to re-resolve bug 382.
svn:r9568
Resolve some XXXX012 items:
- Remove PathlenCoinWeight: if we want it again, we can add it
back in.
- Ditto with RelayBandwidth*.
- Decide to leave in the "hey, you didn't set end_reason!" BUG log message,
but stop telling people to bug me personally.
- Postpone strengthening assert_connection_ok(): it's important, but
it's also a good way to introduce weird bugs.
- Move some expensive consistency checking from dns_free_all() into
assert_cache_ok().
svn:r9533
Fix several bugs in computing recommended versions. 1) refactor is-this-version-good handling and which-vesions-are-good handling to be in the same place. 2) a version is recommended if more than half of the versioning authorities like it, not >= half. 3) "NEW_IN_SERIES" should mean, "I don't know of an 0.1.1.x this recent, and there are some 0.1.2.x versions out", not "I don't know of an 0.1.1.x this recent, but I know some older ones." This should resolve bug 383.
svn:r9523
Set hibernate_end_time whenever we start hibernating. This fixes a problem where we would start hibernating upon startup (since it isn't time to wake up yet) but we would wind up setting the "stop hibernating" time not to the wakeup time, but to the end of the interval. Also, split hibernate_end_time from shutdown_time. Possible fix for bug 362.
svn:r9512
Report stream end events where a resolve succeeded or where we got a socks protocol error correctly, rather than calling both of them "INTERNAL". Turn ALREADY_SOCKS_REPLIED into a flag rather than a reason. This will help debug 367 part 2 a little.
svn:r9511
(Hopefully) final changes for 0.1.2.7-alpha: disable checking for whether the user account in question exists on --service install, since that seems to make windows go boom. We can figure out why later. Also, let the admin specify a password for the target user.
svn:r9506
Remove a now-bogus assert() from nt_service_command_line(), and change option handling. (Now that we no longer force a -f, it is possible to have no command-line options for Tor-as-service.)
svn:r9503
The --service install code can no longer default to adding an -f option for the appdata directory of the current user, since the target user probably will not be able to read it. Instead, warn the user if no explicit torrc filename is given.
svn:r9502
More win32 account flumdummery: when LocalService exists, you can't detect it via LookupAccountName. The only good test is to see whether we're on win2k or earlier.
Apparently, somebody wouldn't know where to draw the line between implementation and interface if you gave them tracing paper and a copy of Stevens.
svn:r9499
Fix bug 254, sort of: make the default NT service user NetworkService rather than NULL (system). Also, add a --user argument to --service install so that admins can override this default: this latter point should take care of most of my objections to NetworkService. I have no idea whether this even compiles.
svn:r9486
Add a REMAP state to stream events so that controllers can learn exactly when the target address for a stream has changed. May help Vidalia resolve confusions related to bug 375.
svn:r9484
Add documentation to src/common/*.h; improve documentation for SMARTLIST_FOREACH; remove never-used options and corresponding tests from tor_strpartition.
svn:r9483
Fix an XXXX012, and make circuits_pending_or_conns a static variable. In addition to cleaning up the code, this may also resolve Bug 386 if Roger has the right intuition there.
svn:r9482
Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were. Oops. Hey, kids! Fixing some of these could be your first Tor patch!
svn:r9477
Note a few questionable bits pointed out by RATS. (And no, RATS, I'm not about to stop having fixed-sized local buffers for you. I know how to use them, thankyouverymuch.)
svn:r9474
Fix a bug in our assertions related to removing recently-completed DNS lookup attempts on exit. It is okay to find a cache entry with the same name as a DONE entry, so long it is not the same struct as the DONE entry.
svn:r9467
Write the entry guards section of path-spec; note a possible bug in cirbuitbuild.c; add a const; defer work on torrc.complete to be part of a bigger config documentation reorg.
svn:r9465
Add a couple of fixes I turned up while writing regression tests for libevent: Allow DNS servers on ports other than 53, and handle TTLs correctly on reverse hostname lookups.
svn:r9458
directory tunnel without knowing a descriptor first. Still not
ready yet. As part of the change, now assume we can use a
create_fast cell if we don't know anything about a router.
svn:r9440
This one is a little tricky. Our BEGIN_DIR implementation has a
problem: the dirserv conns will decide they can flush all their data
immediately, since the edge_conns will read greedily.
For our 0.1.2 workaround, we track which or_conn a bridged dirserv
conn is attached to, and stop writing when its outbuf is too full, and
start writing again when the or_conn's outbuf empties out a little.
This requires a bit of pointer management. Let's hope it works.
svn:r9432
When logging TLS certificate and identity-related errors, scrub IP addresses for incoming connections, and distinguish between incoming and outgoing connections in log messages. Backport candidate.
svn:r9391
Remove redundant check for whether _connection_write_to_buf_impl is called with a zlib and a non-directory connection: TO_DIR_CONN will already assert if it gets a non-dir connection.
svn:r9390
Fix an XXXX012 in routerlist.c: when we do not have enough networkstatuses to launch router requests, do not launch router requests. Backport candidate.
svn:r9388
Implement SOCKS_BAD_HOSTNAME status event. Defer remaining status events. Clean up control-spec.txt a little, and fill in recommendations for events.
svn:r9374
aggressively. my vidalia bandwidth graph, when rate limiting
to 32kB/s, has the "write" line constantly at 32kB. I can't
imagine what's going on with the relay latency but it can't
be good.
svn:r9366
Apparently, the OpenBSD linker thinks it knows C better than I do, and gets to call me names for having strcat and strcpy and sprintf in my code--whether I use them safely or not. All right, OpenBSD. You win... this round.
svn:r9360
Tidy up ORCONN reason patch from Mike Perry. Changes: make some of the handling of TLS error codes less error prone. Enforce house style wrt spaces. Make it compile with --enable-gcc-warnings. Only set or_conn->tls_error in the case of an actual error. Add a changelog entry.
svn:r9355
handshake to finish. Previously we would let them sit around for
days, if the connecting application didn't close them either.
Also take this opportunity to refactor a duplicate bit of circuituse.c.
And change the semantics of SocksTimeout slightly, but I think it'll
be ok.
svn:r9350
Check addresses for rfc953-saneness at exit too, and give a PROTOCOL_WARN when they fail. Also provide a mechanism to override this, so blossom can have its @@##$$^.whatever.exit hostnames if it wants.
svn:r9336
Clear untrusted networkstatuses after 10 days too. (This is not a terribly awful bug, since we would only ever retain 16 of them, but it still might be nice to backport.) Resolves part A of bug 372.
svn:r9324
Implement a control status event for bad libevent version/method combos. Warn that libevent <1.1 with select() is needlessly slow. Reply to comment.
svn:r9284
Fix computation of total_exit_bandwidth; this will cause exits not to get recommended as guards if the total exit bandwidth if they constitute less than a third of total available bandwidth. There may be problems here with flapping; lets see if they occur in practice.
svn:r9281
Re-enable warning when we resolve an already resolved address. We only warn here now if the address is not a testing address. Also, refactor out a function to check whether an address is used for testing.
svn:r9280
Add (and specify) a BadDirectory flag to networkstatuses, so authorities can tell clients that some caches are broken. Also, implement an as-yet-unused function to estimate how many bytes will be sent on a directory connection.
svn:r9255
Close any directory connection on which we have received 10MB or more of data. This prevents a malicious directory cache from running us out of memory by spooling an infinite amount of data. (Not a terribly good attack, but hey, every one helps.)
svn:r9210
Count TLS bytes accurately: previously, we counted only the number of bytes read or transmitted via tls, not the number of extra bytes used to do so. This has been a lonstanding wart. The fix "Works for me".
svn:r9207
If we only have a single nameserver, raise the threshold to decide that the nameserver is dead. (Another fumbling attempt to do something about bug 326.)
svn:r9203
Fix bug 364: check for whether popular hostnames (curently google, yahoo, mit, and slashdot) are getting wildcarded. If they are, we are probably behind a DNS server that is useless: change our exit policy to reject *:*.
svn:r9199
Better handling of internal addresses wrt X-Your-Address-Is (never believe them; never provide them.) Also, report something useful for X-Your-Address-Is with one-hop tunneled connections.
svn:r9191
Patch from Edmanm, slightly modified. Original change list:
- Support running the Tor service with a torrc not in the
same directory as tor.exe (Bug #356) and default to using the torrc
located in the %appdata%\Tor\ of the user who installed the service
- Removed the supposedly misleading error message mentioned in Bug #294
- Fixed some CloseHandle()s that should've been CloseServiceHandle()s
- Fixed some nt_service_foo() return values to be consistent
- Resolved some nt_service_foo() DOCDOCs
- Fixed one trivial typo that I happened to randomly notice
Changes:
- Make more comments into "imperative" house style.
- Remove special handling for "-f"; only use --options.
- Quote all options.
- Clean up whitespace
svn:r9185
Track when we get 503s from directory servers. Do not use directory servers that have given us a 503 until either an hour has passed, or we are are out of non-busy servers.
svn:r9172
Add an orport option to dirserver lines so that clients can tell where to connect to open an encrypted tunnel to a dirserver even before they have its descriptor.
svn:r9171
Add a maintainer script and a new make target "make check-docs" to get a quick dump of which options are undocumented where, and which documentation refers to nonexistent options.
svn:r9160
schedule. Now the first connect attempt will wait a full 10
seconds before switching to a new circuit. Perhaps this will help
a lot. Based on observations from Mike Perry.
svn:r9159