Commit Graph

2412 Commits

Author SHA1 Message Date
Nick Mathewson
b658893590 Merge branch 'bug19960_2' 2016-12-07 15:23:14 -05:00
Nick Mathewson
53d4e89626 Netbsd doesn't have ipfw, only the regular pf transport stuff.
Attempted fix for 19960.

Also, fixes a typo.
2016-12-07 15:22:44 -05:00
Nick Mathewson
5efbd41daa Merge branch 'maint-0.2.9' 2016-12-01 09:50:17 -05:00
teor
f80a43d16f Stop ignoring hidden service key anonymity when first starting tor
Instead, refuse to start tor if any hidden service key has been used in
a different hidden service anonymity mode.

Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf.

The original single onion service poisoning code checked poisoning state
in options_validate, and poisoned in options_act. This was problematic,
because the global array of hidden services had not been populated in
options_validate (and there were ordrering issues with hidden service
directory creation).

This patch fixes this issue in rend_service_check_dir_and_add, which:
* creates the directory, or checks permissions on an existing directory, then
* checks the poisoning state of the directory, then
* poisons the directory.

When validating, only the permissions checks and the poisoning state checks
are perfomed (the directory is not modified).
2016-12-01 09:44:53 -05:00
Nick Mathewson
8dc6048c02 Add an (as yet) unused UseDeprecatedGuardAlgorithm_ option.
I expect we'll be ripping this out somewhere in 0.3.0, but let's
keep it around for a little while in case it turns out to be the
only way to avert disaster?
2016-11-30 14:42:53 -05:00
Nick Mathewson
8da24c99bd Split bridge functions into a new module.
This patch is just:
   * Code movement
   * Adding headers here and there as needed
   * Adding a bridges_free_all() with a call to it.

It breaks compilation, since the bridge code needed to make exactly
2 calls into entrynodes.c internals.  I'll fix those in the next
commit.
2016-11-30 14:42:52 -05:00
Nick Mathewson
1934bf75ef Merge branch 'maint-0.2.9' 2016-11-07 11:02:15 -05:00
Nick Mathewson
667ba776b1 Adjust download schedules per teor's #20534 recommendataions 2016-11-07 11:01:20 -05:00
overcaffeinated
265d5446fa Automated change to use smartlist_add_strdup
Use the following coccinelle script to change uses of
smartlist_add(sl, tor_strdup(str)) to
smartlist_add_strdup(sl, string) (coccinelle script from nickm
via bug 20048):

@@
expression a;
expression b;
@@
- smartlist_add
+ smartlist_add_strdup
   (a,
- tor_strdup(
   b
- )
  )
2016-10-27 10:26:06 +01:00
Nick Mathewson
3a232ef64a Module documentation for config.c and confparse.c 2016-10-24 10:16:46 -04:00
Nick Mathewson
df84536ac1 Add a logic-consistency test when parsing unix socket configs
Coverity couldn't tell that 'addrport' was always non-NULL at this
point in the function, so I'm adding an explicit check. This closes
CID 1374060.
2016-10-17 08:27:10 -04:00
Nick Mathewson
af70e43131 Merge remote-tracking branch 'public/spaces_in_unix_addrs' 2016-10-14 10:21:41 -04:00
Nick Mathewson
49d7feb8a0 Tweak patch for 18529.
- function doesn't need to be inline.

- rename function

- Make documentation more pedantically correct

- Remove needless "? 1 : 0."
2016-10-13 09:19:51 -04:00
Nick Mathewson
1fc3e29108 Remove duplicate code that checks for default authorities
Patch from ericho.

Fixes 18529. Simple refactoring.
2016-10-13 09:19:37 -04:00
Nick Mathewson
05aed5b635 Allow a unix: address to contain a C-style quoted string.
Feature 18753 -- all this to allow spaces.
2016-10-04 15:43:20 -04:00
Yawning Angel
847e001d28 Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.
The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
2016-09-30 18:43:31 +00:00
Nick Mathewson
f6d7b71719 Merge remote-tracking branch 'isis/bug20201' 2016-09-21 12:20:33 -04:00
Isis Lovecruft
f1d7b7b600
Update documentation for parse_bridge_line() in src/or/config.c.
* FIXES #20201: https://bugs.torproject.org/20201
2016-09-21 13:26:34 +00:00
Nick Mathewson
9f0cb5af15 Merge branch 'feature-17178-v7-squashed-v2' 2016-09-13 10:20:08 -04:00
teor
f311c9ffa2 Replace OnionService* with HiddenService* in option names
And make consequential line-length adjustments.
2016-09-13 10:13:57 -04:00
teor
365ca3ca0f Refactor Single Onion code to improve consistency
* Check consistency between the two single onion torrc options
* Use the more relevant option each time we check for single onion mode
* Clarify log messages
* Clarify comments
* Otherwise, no behaviour change
2016-09-13 10:13:57 -04:00
teor
41f96078c2 Refactor UseEntryNodes so the original configured value is preserved
Parse the value to UseEntryNodes_option, then set UseEntryNodes before
validating options.

This way, Authorities, Tor2web, and Single Onion Services don't write
spurious "UseEntryNodes 0" lines to their configs. Document the fact that
these tor configurations ignore UseEntryNodes in the manual page.

Also reorder options validation so we modify UseEntryNodes first, then
check its value against EntryNodes.

And silence a warning about disabled UseEntryNodes for hidden services
when we're actually in non-anonymous single onion service mode.
2016-09-13 10:13:56 -04:00
teor
4d9d2553ba Fix a typo in the LearnCircuitBuildTimeout disabled log message 2016-09-13 10:13:56 -04:00
teor
c43211fd6c When LearnCircuitBuildTimeout is disabled by other options, be quieter 2016-09-13 10:13:56 -04:00
teor (Tim Wilson-Brown)
b560f852f2 Implement Prop #260: Single Onion Services
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.

Implements proposal #260, completes ticket #17178. Patch by teor & asn.

squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services

Redesign single onion service poisoning.

When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.

Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.

Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.

Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
2016-09-13 10:10:54 -04:00
Nick Mathewson
e9b1d0619f Merge remote-tracking branch 'dgoulet/ticket18693_029_01' 2016-09-07 11:46:00 -04:00
teor (Tim Wilson-Brown)
16386a8cd1
Count unix sockets when counting client listeners
Users can't run an anonymous client and non-anonymous single
onion service at the same time. We need to know whether we have
any client ports or sockets open to do this check.

When determining whether a client port (SOCKS, Trans, NATD, DNS)
is set, count unix sockets when counting client listeners. This
has no user-visible behaviour change, because these options are
set once and never read in the current tor codebase.

Don't count sockets when setting ControlPort_set, that's what
ControlSocket is for. (This will be reviewed in #19665.)

Don't count sockets when counting server listeners, because the code
that uses these options expects to count externally-visible ports.
(And it would change the behaviour of Tor.)
2016-08-31 13:41:31 +10:00
Nick Mathewson
e3bf8854c8 We no longer need to tag UseNTorHandshake as deprecated, since it is obsolete 2016-08-29 15:03:55 -04:00
Nick Mathewson
bbaa7d09a0 Merge remote-tracking branch 'teor/reject-tap-v6' 2016-08-29 15:02:11 -04:00
Nick Mathewson
1dfa2213a4 Merge remote-tracking branch 'andrea/ticket18640_v3' 2016-08-25 14:29:06 -04:00
teor (Tim Wilson-Brown)
41cc1f612b Parse *Port flags NoDNSRequest, NoOnionTraffic & OnionTrafficOnly
OnionTrafficOnly is equivalent to NoDNSRequest, NoIPv4Traffic,
and NoIPv6Traffic.

Add unit tests for parsing and checking option validity.
Add documentation for each flag to the man page.

Add changes file for all of #18693.

Parsing only: the flags do not change client behaviour (yet!)
2016-08-24 14:40:53 -04:00
Nick Mathewson
10f8607125 make check-spaces fixes 2016-08-24 13:39:22 -04:00
Nick Mathewson
297635f806 Merge branch 'maint-0.2.8' 2016-08-24 10:03:19 -04:00
Nick Mathewson
d3a975ea05 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-08-24 10:02:52 -04:00
Isis Lovecruft
41ab23bed5 Replace Tonga with Bifroest.
* FIXES #19728: https://bugs.torproject.org/19728
 * CLOSES #19690: https://bugs.torproject.org/19690
2016-08-24 10:01:23 -04:00
teor (Tim Wilson-Brown)
10aa913acc
Client & HS ignore UseNTorHandshake, all non-HS handshakes use ntor
Rely on onion_populate_cpath to check that we're only using
TAP for the rare hidden service cases.

Check and log if handshakes only support TAP when they should support
ntor.
2016-08-24 11:02:00 +10:00
Nick Mathewson
bd45f7c668 Merge branch 'bug13953_squashed' 2016-08-23 09:22:04 -04:00
Andrea Shepard
31028af440 Add DisableOOSCheck option, on by default until we have better heuristics 2016-08-20 04:36:37 +00:00
Andrea Shepard
dbdac1dc27 s/connection_handle_oos/connection_check_oos/g per code review 2016-08-20 02:44:33 +00:00
Andrea Shepard
34d9d02150 Stub out connection_handle_oos() and call it from places we can change the socket count or thresholds 2016-08-20 01:43:46 +00:00
Andrea Shepard
1c0c0022d8 Compute thresholds for OOS from ConnLimit_ when setting options 2016-08-20 01:42:30 +00:00
Nick Mathewson
3c8baa77a1 Log a warning when Testing options are deprecated. 2016-08-19 20:21:04 -04:00
Nick Mathewson
05ad2db283 Add comments to explain when things were deprecated 2016-08-19 20:09:51 -04:00
Nick Mathewson
507f07de09 Merge remote-tracking branch 'public/deprecation_v2' 2016-08-19 19:58:51 -04:00
Nick Mathewson
be820f41a3 Fix quite a few slow memory leaks in config.c
This bug was introduced in 8bbbbaf87b when we added a separate
or_options_free() function but didn't start using it everywhere.

Fixes bug 19466.
2016-08-12 18:47:35 -04:00
Nick Mathewson
7f145b54af Merge remote-tracking branch 'public/Fix_19450' 2016-08-12 16:11:28 -04:00
Nick Mathewson
f5dcab8072 Add new warn_deprecated option to config_assign*().
Also, collapse all the config_assign*() options into a flags
argument, since having two boolean arguments was already confusing.
2016-08-03 12:52:26 -04:00
Nick Mathewson
f3314aa6e1 Deprecate some SocksPort sub-options. 2016-08-03 12:24:07 -04:00
Nick Mathewson
9b6ff4c882 Teach checkOptionDocs about deprecation.
In particular, teach it that deprecated options must exist.
2016-08-03 12:16:58 -04:00
Nick Mathewson
66e610da72 Mark a big pile of options as deprecated. 2016-08-03 12:08:57 -04:00
Nick Mathewson
e6220ccbf8 Add deprecation for configuration options that need to go away. 2016-08-03 11:43:19 -04:00
Nick Mathewson
88a7a02728 Bufferevent removal: remove more bufferevent-only options
(All this IOCP stuff was bufferevent-only.)
2016-08-02 13:33:08 -04:00
Nick Mathewson
9fe6fea1cc Fix a huge pile of -Wshadow warnings.
These appeared on some of the Jenkins platforms. Apparently some
GCCs care when you shadow globals, and some don't.
2016-07-28 10:22:10 -04:00
Nick Mathewson
a8676b1ede Merge branch 'bug18902_squashed' 2016-07-28 06:59:03 -04:00
Nick Mathewson
4757303873 Fix all -Wshadow warnings on Linux
This is a partial fix for 18902.
2016-07-28 06:58:44 -04:00
U+039b
c735220a0b
Remove bufferevents dead code
Signed-off-by: U+039b <*@0x39b.fr>
2016-07-14 18:46:37 +02:00
Nick Mathewson
466259eb50 Merge remote-tracking branch 'sebastian/libevent2' 2016-07-08 09:57:31 -04:00
Nick Mathewson
78196c8822 Merge remote-tracking branch 'teor/bug18456' 2016-07-05 19:10:08 -04:00
Nick Mathewson
f54ffa463a Merge branch 'maint-0.2.8' 2016-07-05 12:23:25 -04:00
Nick Mathewson
f4408747d3 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-07-05 12:23:14 -04:00
Nick Mathewson
6e96aadadb Merge branch 'maint-0.2.6' into maint-0.2.7 2016-07-05 12:22:47 -04:00
Nick Mathewson
c28ba994ec Merge branch 'maint-0.2.5' into maint-0.2.6 2016-07-05 12:21:25 -04:00
Nick Mathewson
9d3de77d4d Merge branch 'maint-0.2.4' into maint-0.2.5 2016-07-05 12:20:42 -04:00
Sebastian Hahn
265e40b481 Raise libevent dependency to 2.0.10-stable or newer
Only some very ancient distributions don't ship with Libevent 2 anymore,
even the oldest supported Ubuntu LTS version has it. This allows us to
get rid of a lot of compat code.
2016-07-04 12:40:09 +02:00
Sebastian Hahn
7ae34e722a
Remove urras as a default trusted directory authority
It had been a directory authority since 0.2.1.20.
2016-07-03 21:59:32 +02:00
Nick Mathewson
aaa3129043 Merge remote-tracking branch 'dgoulet/ticket16943_029_05-squashed'
Trivial Conflicts:
	src/or/or.h
	src/or/routerparse.c
2016-07-01 15:29:05 -04:00
David Goulet
ca6ceec112 prop250: Put commits and SRVs in votes/consensus
This commit adds the commit(s) line in the vote as well as the SR values. It
also has the mechanism to add the majority SRVs in the consensus.

Signed-off-by: George Kadianakis <desnacked@riseup.net>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 13:25:03 -04:00
teor (Tim Wilson-Brown)
514f0041d1
Avoid disclosing exit IP addresses in exit policies by default
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses
they knew about in their exit policy. But this may have disclosed
addresses that were otherwise unlisted.

Now, only advertised addresses are rejected by default by
ExitPolicyRejectPrivate. All known addresses are only rejected when
ExitPolicyRejectLocalInterfaces is explicitly set to 1.
2016-07-01 15:37:13 +10:00
Nick Mathewson
2713de2a47 Fix more naked strdup/malloc/free instances 2016-06-30 14:36:31 -04:00
Andrea Shepard
2a17b93cc4 Make options_get_datadir_fname2_suffix() mockable 2016-06-30 07:03:25 +00:00
Andrea Shepard
726dc9acf5 Remove old unparseable descriptor logging mechanism, add bump-to-head-of-queue for repeated unparseable descriptors, rename config variable 2016-06-30 07:03:24 +00:00
Andrea Shepard
1cde3e2776 Add multiple descriptor dump support for dump_desc() in routerparse.c; fixes bug 18322 2016-06-30 07:03:24 +00:00
nikkolasg
568dc27a19 Make base16_decodes return number of decoded bytes
base16_decodes() now returns the number of decoded bytes. It's interface
changes from returning a "int" to a "ssize_t". Every callsite now checks the
returned value.

Fixes #14013

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-20 08:44:58 -04:00
Nick Mathewson
d6b2af7a3a Merge branch 'bug19180_easy_squashed' 2016-06-11 10:15:40 -04:00
Nick Mathewson
53a3b39da1 Add -Wmissing-variable-declarations, with attendant fixes
This is a big-ish patch, but it's very straightforward.  Under this
clang warning, we're not actually allowed to have a global variable
without a previous extern declaration for it.  The cases where we
violated this rule fall into three roughly equal groups:
  * Stuff that should have been static.
  * Stuff that was global but where the extern was local to some
    other C file.
  * Stuff that was only global when built for the unit tests, that
    needed a conditional extern in the headers.

The first two were IMO genuine problems; the last is a wart of how
we build tests.
2016-06-11 10:11:54 -04:00
Nick Mathewson
9bbd6502f0 Use autoconf, not gcc version, to decide which warnings we have
This gives more accurate results under Clang, which can only help us
detect more warnings in more places.

Fixes bug 19216; bugfix on 0.2.0.1-alpha
2016-06-11 10:11:53 -04:00
Nick Mathewson
493499a339 Add -Wfloat-conversion for GCC >= 4.9
This caught quite a few minor issues in our unit tests and elsewhere
in our code.
2016-06-11 10:11:52 -04:00
Nick Mathewson
4f1a04ff9c Replace nearly all XXX0vv comments with smarter ones
So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we
had better revisit this comment and fix it!"

But we have a huge pile of such comments accumulated for a large
number of released versions!  Not cool.

So, here's what I tried to do:

  * 0.2.9 and 0.2.8 are retained, since those are not yet released.

  * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks
    quite important!"

  * The others, after one-by-one examination, are downgraded to
    plain old XXX.  Which doesn't mean they aren't a problem -- just
    that they cannot possibly be a release-blocking problem.
2016-05-30 16:18:16 -04:00
Nick Mathewson
6382cd93cb Merge branch 'maint-0.2.8' 2016-05-17 11:10:20 -04:00
teor (Tim Wilson-Brown)
c75bf388b5
Warn users when addresses in ports and descriptor are inconsistent
This mitigates bug 13953.
2016-05-07 10:22:02 -07:00
teor (Tim Wilson-Brown)
faec7956a9
Refactor duplicate code in config.c into port_binds_ipv4/6
No behavioural change

Preserves and documents behaviour when passed AF_UNSPEC.
2016-05-07 10:17:46 -07:00
teor (Tim Wilson-Brown)
75dd2a285b Descriptors depend on more config options now they list begindir support
Bugfix on #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
692828bea5 Decide to advertise begindir support like we decide to advertise DirPort
Decide to advertise begindir support in a similar way to how
we decide to advertise DirPort.

Fix up the associated descriptor-building unit tests.

Resolves #18616, bugfix on 0c8e042c30 in #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
Nick Mathewson
eafcd7b0fc Merge branch 'maint-0.2.8' 2016-04-12 13:02:37 -04:00
David Goulet
40827da3bf Turn TestingClientBootstrap* into non-testing options
This changes simply renames them by removing "Testing" in front of them and
they do not require TestingTorNetwork to be enabled anymore.

Fixes #18481

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-04-07 10:57:59 -04:00
Nick Mathewson
7532cd439b When we get a bad nickname, explain what a good one is.
Closes #18300; patch from "icanhasaccount".
2016-04-07 10:54:53 -04:00
Nick Mathewson
368825ff45 Sandbox: Don't preseed getaddrinfo(gethostname()) in client mode.
If we're a server with no address configured, resolve_my_hostname
will need this.  But not otherwise.  And the preseeding itself can
consume a few seconds if like tails we have no resolvers.

Fixes bug 18548.
2016-03-15 11:19:59 -04:00
Nick Mathewson
b48f8a8114 Fix whitespace. 2016-03-15 09:21:29 -04:00
Nick Mathewson
c9899ee640 Merge remote-tracking branch 'weasel/bug18458' 2016-03-15 09:18:24 -04:00
Peter Palfrader
d8626d34e5 Fix log message: say RelaxDirModeCheck instead of StrictDirModes 2016-03-14 20:27:53 +01:00
Nick Mathewson
ef31c8862f Add changes file for 18448; refactor
(I've made it so FreeBSD || FreeBSD_kernel is enough to ensure that
we think you might have ipfw, and so that the logic is all in one
place.)
2016-03-11 10:05:28 -05:00
Steven Chamberlain
db263442af enable and test transproxy on FreeBSD derivatives #18448
The transproxy feature is only enabled when __FreeBSD__ is defined, and
only regular FreeBSD does that.  Change this to __FreeBSD_kernel__ which
is defined on derivatives as well.

This enables the relevant options/validate__transproxy test on FreeBSD
derivatives.
2016-03-11 10:01:25 -05:00
Peter Palfrader
1ef7df551d First RelaxDirModeCheck implementation 2016-03-01 17:08:14 +01:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00
Nick Mathewson
bb431ad3df Add a missing free in parsing an :auto port
Fixes bug 18374; bugfix on 0.2.3.3-alpha.
2016-02-22 15:51:43 -05:00
Nick Mathewson
1f679d4ae1 Fix all doxygen warnings other than "X is not documented" 2016-02-11 22:06:44 -05:00
teor (Tim Wilson-Brown)
c4cb4706c9 Merge branch 'feature17840-v11-squashed' into feature17840-v11-merged
Conflicts:
	src/or/directory.c
	src/test/test_routerlist.c

Fix minor conflicts.
2016-01-29 07:37:06 +11:00
teor (Tim Wilson-Brown)
77a9de0d48 Automatically use IPv6 when ClientUseIPv4 is 0
Consequential changes to log messages:
  * it's no longer possible to disable both IPv4 and IPv6,
  * refactor common string out of remaining log messages
2016-01-29 07:16:32 +11:00
teor (Tim Wilson-Brown)
3b8216f215 Use fascist firewall and ClientUseIPv4 for bridge clients
Bridge clients ignore ClientUseIPv6, acting as if it is always 1.
This preserves existing behaviour.

Make ClientPreferIPv6OR/DirPort auto by default:
 * Bridge clients prefer IPv6 by default.
 * Other clients prefer IPv4 by default.
This preserves existing behaviour.
2016-01-29 07:16:04 +11:00
teor (Tim Wilson-Brown)
2d33d192fc Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections.
ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections.

Refactor policy for IPv4/IPv6 preferences.

Fix a bug where node->ipv6_preferred could become stale if
ClientPreferIPv6ORPort was changed after the consensus was loaded.

Update documentation, existing code, add unit tests.
2016-01-29 07:13:57 +11:00
teor (Tim Wilson-Brown)
c927b6cb1a Correct grammatical errors in tor comments
Avoid using gender for things that don't have it.

Avoid assigning a gender to tor users.
2016-01-26 13:46:54 +11:00
Nick Mathewson
cbed61d128 Merge remote-tracking branch 'twstrike/parse_port_config_tests' 2016-01-21 12:15:39 -05:00
Nick Mathewson
95f5910810 Merge branch 'unixninja_ticket15989_squashed' 2016-01-08 15:52:22 -08:00
unixninja92
4f0e28977d Added AccountRule in and AccountingRule out options 2016-01-08 15:52:10 -08:00
Nick Mathewson
55232e32c7 Merge branch 'maint-0.2.7' 2016-01-07 09:43:24 -08:00
Nick Mathewson
b34c5c6b8a Merge branch 'maint-0.2.6' into maint-0.2.7
Conflicts:
	src/or/config.c
2016-01-07 09:43:12 -08:00
Nick Mathewson
c7b0cd9c2f Merge branch 'maint-0.2.5' into maint-0.2.6 2016-01-07 09:41:36 -08:00
Nick Mathewson
9ca329581a Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2016-01-07 09:40:23 -08:00
teor (Tim Wilson-Brown)
11f63d26ac Update dannenberg's V3 authority identity fingerprint
This new identity key was changed on 18 November 2015.
2016-01-07 09:39:04 -08:00
George Tankersley
3bc45f2628 Add FallbackDir list to GETINFO config/defaults 2016-01-06 11:22:30 -08:00
Nick Mathewson
45f5e59751 Remove extra quotes from log message
Bug 17843; fix on ddc65e2b
2015-12-22 10:31:26 -05:00
Nick Mathewson
f2a5df252f whoops; really fix the 32-bit builds 2015-12-21 13:10:10 -05:00
Nick Mathewson
8ede8d411a Fix a couple of jenkins issues from 12538. 2015-12-21 12:32:20 -05:00
Matthew Finkel
d49ad438a8 Rebuild descriptor when DirCache is {dis,en}abled 2015-12-18 13:14:09 -05:00
Matthew Finkel
997f779a7f Add new DirCache configuration option
This will give relay operators the ability of disabling the caching of
directory data. In general, this should not be necessary, but on some
lower-resource systems it may beneficial.
2015-12-18 13:14:09 -05:00
Nick Mathewson
6ba8afe5f8 Merge remote-tracking branch 'teor/feature15775-fallback-v9-squashed' 2015-12-15 14:04:00 -05:00
teor
4c1c2a313d Add Fallback Directory Candidate Selection Script
"Tor has included a feature to fetch the initial consensus from nodes
 other than the authorities for a while now. We just haven't shipped a
 list of alternate locations for clients to go to yet.

 Reasons why we might want to ship tor with a list of additional places
 where clients can find the consensus is that it makes authority
 reachability and BW less important.

 We want them to have been around and using their current key, address,
 and port for a while now (120 days), and have been running, a guard,
 and a v2 directory mirror for most of that time."

Features:
* whitelist and blacklist for an opt-in/opt-out trial.
* excludes BadExits, tor versions that aren't recommended, and low
  consensus weight directory mirrors.
* reduces the weighting of Exits to avoid overloading them.
* places limits on the weight of any one fallback.
* includes an IPv6 address and orport for each FallbackDir, as
  implemented in #17327. (Tor won't bootstrap using IPv6 fallbacks
  until #17840 is merged.)
* generated output includes timestamps & Onionoo URL for traceability.
* unit test ensures that we successfully load all included default
  fallback directories.

Closes ticket #15775. Patch by "teor".
OnionOO script by "weasel", "teor", "gsathya", and "karsten".
2015-12-16 05:54:40 +11:00
Nick Mathewson
aa4be914f0 Merge remote-tracking branch 'teor/feature17327-v4' 2015-12-15 13:19:18 -05:00
Nick Mathewson
aba39ea390 Merge branch 'feature8195_small_squashed' 2015-12-15 13:11:06 -05:00
Nick Mathewson
405a8d3fb4 Update KeepCapabilities based on comments from asn
* The option is now KeepBindCapabilities
* We now warn if the user specifically asked for KeepBindCapabilities
  and we can't deliver.
* The unit tests are willing to start.
* Fewer unused-variable warnings.
* More documentation, fewer misspellings.
2015-12-15 13:10:57 -05:00
Nick Mathewson
e8cc839e41 Add ability to keep the CAP_NET_BIND_SERVICE capability on Linux
This feature allows us to bind low ports when starting as root and
switching UIDs.

Based on code by David Goulet.

Implement feature 8195
2015-12-15 13:10:57 -05:00
Nick Mathewson
a7d44731d9 Merge remote-tracking branch 'teor/feature4483-v10-squashed' 2015-12-15 12:57:57 -05:00
teor (Tim Wilson-Brown)
35bbf2e4a4 Prop210: Add schedules for simultaneous client consensus downloads
Prop210: Add attempt-based connection schedules

Existing tor schedules increment the schedule position on failure,
then retry the connection after the scheduled time.

To make multiple simultaneous connections, we need to increment the
schedule position when making each attempt, then retry a (potentially
simultaneous) connection after the scheduled time.

(Also change find_dl_schedule_and_len to find_dl_schedule, as it no
longer takes or returns len.)

Prop210: Add multiple simultaneous consensus downloads for clients

Make connections on TestingClientBootstrapConsensus*DownloadSchedule,
incrementing the schedule each time the client attempts to connect.

Check if the number of downloads is less than
TestingClientBootstrapConsensusMaxInProgressTries before trying any
more connections.
2015-12-16 04:37:49 +11:00
Nick Mathewson
54433993c7 Merge branch 'feature17576-UseDefaultFallbackDirs-v2-squashed' 2015-12-15 12:19:08 -05:00
teor (Tim Wilson-Brown)
080ae03ee4 Add UseDefaultFallbackDirs for hard-coded directory mirrors
UseDefaultFallbackDirs enables any hard-coded fallback
directory mirrors. Default is 1, set it to 0 to disable fallbacks.

Implements ticket 17576.
Patch by "teor".
2015-12-15 12:19:01 -05:00
teor (Tim Wilson-Brown)
60fc2b2539 Add IPv6 addresses & orports to the default directory authorities
Source: Globe entries for each authority.
2015-12-14 23:46:47 +11:00
teor (Tim Wilson-Brown)
1c2366ea43 Authorities on IPv6: minor fixes and unit tests
Update the code for IPv6 authorities and fallbacks for function
argument changes.

Update unit tests affected by the function argument changes in
the patch.

Add unit tests for authority and fallback:
 * adding via a function
 * line parsing
 * adding default authorities
(Adding default fallbacks is unit tested in #15775.)
2015-12-14 23:46:47 +11:00
Nick Mathewson
85003f4c80 Add a new ipv6=address:orport flag to DirAuthority and FallbackDir
Resolves # 6027
2015-12-14 23:43:50 +11:00
Nick Mathewson
4b0e9fff27 Fix wide line; log why chmod failed. 2015-12-10 20:03:37 -05:00
Nick Mathewson
01334589f1 Simplify cpd_opts usage. 2015-12-10 20:02:22 -05:00
Jamie Nguyen
ec4ef68271 Introduce DataDirectoryGroupReadable boolean 2015-12-10 20:00:06 -05:00
Nick Mathewson
e5754c42d1 Merge branch 'bug17686_v2_027' 2015-11-25 22:33:49 -05:00
Nick Mathewson
ddcbe26474 Now that crypto_rand() cannot fail, it should return void. 2015-11-25 22:29:59 -05:00
Nick Mathewson
45caeec9a0 Merge remote-tracking branch 'teor/comments-20151123' 2015-11-25 09:08:15 -05:00
teor (Tim Wilson-Brown)
66fac9fbad Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relays
Modify policies_parse_exit_policy_reject_private so it also blocks
the addresses configured for OutboundBindAddressIPv4_ and
OutboundBindAddressIPv6_, and any publicly routable port addresses
on exit relays.

Add and update unit tests for these functions.
2015-11-20 10:39:13 +11:00
teor (Tim Wilson-Brown)
d3b7546753 Add a missing "if" in the comment on warn_nonlocal_controller_ports
Also reflow all the lines of that comment so that they're under
the maximum width.
2015-11-16 16:27:11 +11:00
Ola Bini
f319231e6e
Divide the different parse_port_config groups into separate tests 2015-10-05 15:31:49 -05:00
Ola Bini
5cb7242012
Move CL_PORT definitions so they are accessible to the tests as well 2015-10-05 15:10:58 -05:00
Ola Bini
017047e7b2
Fix all spaces 2015-10-05 15:06:34 -05:00
Ola Bini
598cd4690c
Make compilation work under gcc-warnings 2015-10-05 14:56:57 -05:00
Nick Mathewson
21c201202e Merge remote-tracking branch 'twstrike/dir-handle-cmd-get' 2015-10-02 15:04:28 +02:00
Nick Mathewson
71e4649f02 Disallow transitions on SyslogIdentityTag, since they do not work right 2015-09-30 18:34:15 +02:00
Peter Palfrader
1cf0d82280 Add SyslogIdentityTag
When logging to syslog, allow a tag to be added to the syslog identity
("Tor"), i.e. the string prepended to every log message.  The tag can be
configured by setting SyslogIdentityTag and defaults to none.  Setting
it to "foo" will cause logs to be tagged as "Tor-foo".  Closes: #17194.
2015-09-30 18:34:15 +02:00
Nick Mathewson
c5e87e33c7 Allow conflicts to occur in keypinning journal
When we find a conflict in the keypinning journal, treat the new
entry as superseding all old entries that overlap either of its
keys.

Also add a (not-yet-used) configuration option to disable keypinning
enforcement.
2015-09-23 11:02:21 -04:00
Nick Mathewson
df0b4f0342 Merge branch 'feature16769_squashed' 2015-09-22 09:26:30 -04:00
Nick Mathewson
1911f80fb5 Disable --master-key as not-yet-working for 0.2.7 2015-09-22 09:24:35 -04:00
Nick Mathewson
bca4211de5 Add a --master-key option
This lets the user override the default location for the master key
when used with --keygen

Part of 16769.
2015-09-22 09:24:35 -04:00
Nick Mathewson
d8f031aec2 Add a new --newpass option to add or remove secret key passphrases. 2015-09-22 09:24:35 -04:00
Nick Mathewson
e94ef30a2f Merge branch 'feature16944_v2' 2015-09-22 09:19:28 -04:00
Ola Bini
3b535869a4
Add tests for parse_port_config 2015-09-15 18:12:14 +02:00
Reinaldo de Souza Jr
4ff08bb581 Add tests for directory_handle_command_get 2015-09-15 11:08:50 -05:00
Yawning Angel
f6c446db47 Check NoKeepAliveIsolateSOCKSAuth in a better place.
No functional changes, but since NoKeepAliveIsolateSOCKSAuth isn't
part of isoflag, it should be checked where all other similar options
are, and bypass the (no-op) masking at the end.
2015-09-09 13:52:30 +00:00
Nick Mathewson
7ffc048f0a Make NoKeepAliveIsolateSOCKSAuth work as expected 2015-09-08 14:03:54 -04:00
Nick Mathewson
fcec1f3381 Merge branch 'feature15482_squashed' 2015-09-08 14:03:04 -04:00
Yawning Angel
54510d4d1a Add KeepAliveIsolateSOCKSAuth as a SOCKSPort option.
This controls the circuit dirtyness reset behavior added for Tor
Browser's user experience fix (#15482). Unlike previous iterations
of this patch, the tunable actually works, and is documented.
2015-09-08 14:02:08 -04:00
Nick Mathewson
0ba4e0895a Add "OfflineMasterKey" option
When this is set, and Tor is running as a relay, it will not
generate or load its secret identity key.  You can manage the secret
identity key with --keygen.  Implements ticket 16944.
2015-09-04 09:55:07 -04:00
Nick Mathewson
bc64a6b2b9 Fix crashes in tests 2015-09-02 11:02:00 -04:00
David Goulet
07b3028db7 Prohibit the use of one entry node with an HS
In a nutshell, since a circuit can not exit at its entry point, it's very
easy for an attacker to find the hidden service guard if only one EntryNodes
is specified since for that guard, the HS will refuse to build a rendezvous
circuit to it.

For now, the best solution is to stop tor to allow a single EntryNodes for
an hidden service.

Fixes #14917

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 10:47:20 -04:00
David Goulet
d40358d91e Enable hidden service statistics by default
HiddenServiceStatistics option is now set to "1" by default.

Fixes #15254

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 13:53:36 +02:00
Nick Mathewson
428bb2d1c8 Merge branch 'ed25519_keygen_squashed' 2015-08-19 13:36:59 -04:00
Nick Mathewson
f362e7a873 Checkpoint work on ed25519 keygen improvements.
Needs changes file, documentation, test integration, more tests.
2015-08-19 13:36:49 -04:00
Nick Mathewson
2f5202c636 Merge remote-tracking branch 'teor/feature14882-TestingDirAuthVoteIsStrict-v3' 2015-08-18 09:53:50 -04:00
Nick Mathewson
eafae7f677 Merge branch 'decouple_controller_events_squashed' 2015-08-18 08:56:31 -04:00
Nick Mathewson
81f3572467 Refactor initialization logic for control-event-queue
This puts the init logic in a separate function, which we will need
once we have locking.
2015-08-18 08:56:23 -04:00
teor
359faf5e4b New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags
"option to prevent guard,exit,hsdir flag assignment"

"A node will never receive the corresponding flag unless
that node is specified in the
TestingDirAuthVote{Exit,Guard,HSDir} list, regardless of
its uptime, bandwidth, exit policy, or DirPort".

Patch modified by "teor": VoteOnHidServDirectoriesV2
is now obsolete, so TestingDirAuthVoteHSDir always
votes on HSDirs.

Closes ticket 14882. Patch by "robgjansen".
Commit message and changes file by "teor"
with quotes from "robgjansen".
2015-08-18 14:51:57 +10:00
Nick Mathewson
aa22b9672c whitespace fix 2015-07-30 13:17:08 -04:00
Nick Mathewson
6a08bcf530 Merge remote-tracking branch 'public/ticket16543' 2015-07-16 15:47:00 -04:00
Nick Mathewson
2ba6542517 Merge remote-tracking branch 'sysrqb/bug15220_026_sysrqb' 2015-07-16 15:38:08 -04:00
Nick Mathewson
b5cfcb2045 Fix most check-spaces issues 2015-07-16 11:10:14 -04:00
Nick Mathewson
8cb5070376 Use C99 variadic macros when not on GCC.
1) We already require C99.

2) This allows us to support MSVC again (thanks to Gisle Vanem for
   this part)

3) This change allows us to dump some rotten old compatibility code
   from log.c
2015-07-15 14:43:35 -04:00
Nick Mathewson
2f8cf524ba Remove the HidServDirV2 and VoteOnHidServDirectoriesV2 options
(Mark them as obsolete)

Closes 16543.
2015-07-10 09:05:26 -04:00
David Goulet
adc04580f8 Add the torrc option HiddenServiceNumIntroductionPoints
This is a way to specify the amount of introduction points an hidden service
can have. Maximum value is 10 and the default is 3.

Fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
Nick Mathewson
b6eee531bb Support encrypted offline master keys with a new --keygen flag
When --keygen is provided, we prompt for a passphrase when we make a
new master key; if it is nonempty, we store the secret key in a new
crypto_pwbox.

Also, if --keygen is provided and there *is* an encrypted master key,
we load it and prompt for a passphrase unconditionally.

We make a new signing key unconditionally when --keygen is provided.
We never overwrite a master key.
2015-06-17 10:11:18 -04:00
Nick Mathewson
1b52e95028 Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
3bee74c6d1 Generate weird certificates correctly
(Our link protocol assumes that the link cert certifies the TLS key,
and there is an RSA->Ed25519 crosscert)
2015-05-28 10:47:47 -04:00
Nick Mathewson
32f59d7337 Regenerate ed25519 keys when they will expire soon.
Also, have testing-level options to set the lifetimes and
expiration-tolerances of all key types, plus a non-testing-level
option to set the lifetime of any auto-generated signing key.
2015-05-28 10:44:09 -04:00
Nick Mathewson
57189acd6f # This is a combination of 2 commits.
# The first commit's message is:

Regenerate ed25519 keys when they will expire soon.

Also, have testing-level options to set the lifetimes and
expiration-tolerances of all key types, plus a non-testing-level
option to set the lifetime of any auto-generated signing key.

# The 2nd commit message will be skipped:

#	fixup! Regenerate ed25519 keys when they will expire soon.
2015-05-28 10:42:30 -04:00
Yawning Angel
452cebc4a4 Remove support for OpenSSL without ECC.
As OpenSSL >= 1.0.0 is now required, ECDHE is now mandatory.  The group
has to be validated at runtime, because of RedHat lawyers (P224 support
is entirely missing in the OpenSSL RPM, but P256 is present and is the
default).

Resolves ticket #16140.
2015-05-21 17:07:30 +00:00
Yawning Angel
db7bde08be Add "HiddenServiceMaxStreams" as a per-HS tunable.
When set, this limits the maximum number of simultaneous streams per
rendezvous circuit on the server side of a HS, with further RELAY_BEGIN
cells being silently ignored.

This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which
if set will cause offending rendezvous circuits to be torn down instead.

Addresses part of #16052.
2015-05-20 17:33:59 +00:00
Nick Mathewson
c366e1fa32 Merge remote-tracking branch 'public/remove_old_libevent_autoconf_stuff' 2015-04-23 10:27:01 -04:00
Nick Mathewson
af83a205b0 Merge remote-tracking branch 'andrea/ticket14840' 2015-04-23 09:34:00 -04:00
teor
d68bbb0a29 Unit tests for consider_adding_dir_servers() as modified in #15642
Unit tests for the 10 valid combinations of set/NULL config options
DirAuthorities, AlternateBridgeAuthority, AlternateDirAuthority,
and FallbackDir.

Add assertion in consider_adding_dir_servers() for checks in
validate_dir_servers():
"You cannot set both DirAuthority and Alternate*Authority."
2015-04-23 00:16:04 +10:00
teor
027f73f70e Disable default fallback directories when other directories are set
Only add the default fallback directories when the DirAuthorities,
AlternateDirAuthority, and FallbackDir directory config options
are set to their defaults.

The default fallback directory list is currently empty, this fix will
only change tor's behaviour when it has default fallback directories.

Fixes bug 15642; bugfix on 90f6071d8d in 0.2.4.7-alpha. Patch by "teor".
2015-04-23 00:16:04 +10:00
Andrea Shepard
bc8b9a28a4 Add default DirAuthority lines to output of getinfo_helper_config(config/defaults) if not already present 2015-04-17 22:40:08 +00:00
Andrea Shepard
42cee727fa Move list of default directory authorities to file scope 2015-04-17 06:33:17 +00:00
Nick Mathewson
202bbfbaa4 Merge branch 'bug15604_squashed' 2015-04-07 15:15:54 -04:00
rl1987
fda2aa7703 Set ConnDirectionStatistics back to 0 if not running as relay. 2015-04-07 15:15:28 -04:00
Nick Mathewson
edde1a7844 Merge branch 'bug15541_squashed' 2015-04-07 14:09:55 -04:00
rl1987
6b0c443dde Update other entries in CMDLINE_ONLY_OPTIONS to use values from takes_argument_t. 2015-04-07 14:09:41 -04:00
rl1987
e89c200c47 Print the error message for --dump-config even if no arguments are given. 2015-04-07 14:09:41 -04:00
Yawning Angel
79544a6fc5 Fix the memory leak in warn_if_option_path_is_relative().
Fixes coverity defect CID 1293337, not in any released version of tor.
2015-04-06 17:53:01 +00:00
Nick Mathewson
d366c3354f Merge branch 'remove_digests' 2015-04-01 13:53:03 -04:00
Nick Mathewson
cd8f13b5cb Merge branch 'bug13736' 2015-04-01 13:46:50 -04:00
Nick Mathewson
8ba2d971b1 Remove needless call to crypto_set_tls_dh_prime() 2015-04-01 13:37:47 -04:00
Nick Mathewson
c66dd17980 Drop support for --digests
This is a fair amount of maintainance burden, and doesn't help much
more than the git microversion.

Closes ticket 14742.
2015-04-01 09:54:20 -04:00
Nick Mathewson
e5e2644f23 clean up list of paths that cannot be relative 2015-03-25 09:16:04 -04:00
Nick Mathewson
112c554fcf Merge branch 'bug14018' 2015-03-24 14:36:23 -04:00
rl1987
09c54655f1 Complain if relative paths are used in configuration
When we validate torrc options, print warning(s) when relative
path(s) been found.
2015-03-24 14:35:52 -04:00
Nick Mathewson
fec923d72b Check return values for tor_addr_parse(default) in config.c
In these cases, the address is always a constant "default", so
should always succeed.  But coverity can't tell that.

Fixes CID 1291645
2015-03-24 10:46:39 -04:00
Nick Mathewson
511ca9b91c Remove DynamicDHGroups as obsoleted by PluggableTransports or P256.
Closes ticket 13736.
2015-03-14 12:40:55 -04:00
Matthew Finkel
61dcd926aa Flag when a controlsocket is configured as WorldWritable 2015-03-13 07:06:16 +00:00
Matthew Finkel
5ce5527823 Move to the next flag when we recognize Writable flags 2015-03-13 07:04:22 +00:00
Nick Mathewson
517e0f965b Remove workarounds for Libevent < 1.3.
This actually lets us dump a lot of old cruft that nobody had (I
hope!) tested in ages.

Closes 15248.
2015-03-12 16:59:05 -04:00
Yawning Angel
b3281fc6d6 Initialize the extorport auth cookie before launching PTs.
PTs expect the auth cookie to be available immedieately after launch,
leading to a race condition when PTs opt to cache the extorport cookie
once immediately after startup.

Fixes #15240.
2015-03-12 13:12:56 -04:00
Nick Mathewson
809517a863 Allow {World,Group}Writable on AF_UNIX {Socks,Control}Ports.
Closes ticket 15220
2015-03-11 13:31:33 -04:00
Nick Mathewson
03a4e97c76 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-02-20 01:05:21 -05:00
Nick Mathewson
1525eeeb49 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-02-20 01:04:49 -05:00
Nick Mathewson
86105a4009 Check ENABLE_TOR2WEB_MODE before any tor2webmode code 2015-02-19 09:09:25 -05:00
Nick Mathewson
96211bcf71 Merge branch 'bug9321_rerebase'
Conflicts:
	src/or/dirvote.h
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-18 09:17:02 -05:00
George Kadianakis
5c34a53068 Don't exit if we can't find the GuardfractionFile when booting.
...just disable the feature in that case.
2015-02-18 09:09:34 -05:00
George Kadianakis
f4a63f8eab Parse GuardFraction info from consensuses and votes.
Also introduce the UseGuardFraction torrc option which decides whether
clients should use guardfraction information found in the consensus.
2015-02-18 09:09:33 -05:00
George Kadianakis
5ee48d47a7 Parse Guardfraction file and apply results to routerstatuses.
Parse the file just before voting and apply its information to the
provided vote_routerstatus_t. This follows the same logic as when
dirauths parse bwauth files.
2015-02-18 09:09:32 -05:00
Nick Mathewson
9bf6da1861 Merge remote-tracking branch 'public/feature_13822' 2015-02-17 12:34:13 -05:00
Nick Mathewson
2fe139473d No, coverity, this is not a memory leak. 1268065 2015-02-16 15:42:48 -05:00
Sina Rabbani
8e61d38cf1 Faravahar's New IP Address as of 2/20/2015 2015-02-16 11:51:36 -05:00
Sebastian Hahn
3bcdb26267 Call cpu_init if we change to being a relay
The issue is that we use the cpuworker system with relays only, so if we
start up as a client and transition to being a relay later, we'll be
sad.

This fixes bug 14901; not in any released version of Tor.
2015-02-15 11:49:19 +01:00
Nick Mathewson
caf28519d9 Merge branch 'bug12844'
Conflicts:
	src/or/circuituse.c
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-11 15:06:04 -05:00
Nick Mathewson
8b82f6261e Search-and-replace to regain coding style in wake of 13822.
(all-caps should be reserved for global or module-global constants and
2015-02-07 08:33:36 -05:00
Nick Mathewson
4beb830953 Split ROUTER_REQUIRED_MIN_BANDWIDTH into RELAY_ and BRIDGE_ variants
Also raise those minima from 20 to 75 and 50 respectively.

Closes ticket 13822.
2015-02-07 08:33:23 -05:00
Nick Mathewson
03563f4723 Fix an unused-variable warning. 2015-02-02 13:35:44 -05:00
Nick Mathewson
79c7625e38 Merge branch 'feature13864_squashed' 2015-02-02 13:32:53 -05:00
rl1987
fe328d192e Allow reading torrc from stdin. 2015-02-02 13:31:56 -05:00
Nick Mathewson
fac8d40886 Merge remote-tracking branch 'public/prop227_v2'
Conflicts:
	src/test/test_dir.c
2015-01-30 07:36:55 -05:00
Nick Mathewson
d1e52d9a2a Correctly handle OutboundBindAddress again.
ca5ba2956b broke this; bug not in any
released Tor.

Also fix a typo.

Fixes 14541 and 14527.  Reported by qbi.
2015-01-30 07:29:23 -05:00
Nick Mathewson
4c1a779539 Restrict unix: addresses to control and socks for now 2015-01-29 14:51:59 -05:00
Nick Mathewson
204374f7d9 Remove SocksSocket; it's now spelled differently thanks to 14451
Also, revise bug12585 changes file to mention new syntax
2015-01-29 14:46:20 -05:00
David Goulet
bf3fb55c47 Support unix: prefix in port configuration
It's now possible to use SocksPort or any other kind of port that can use a
Unix socket like so:

  SocksPort unix:/foo/bar/unix.sock

Fixes #14451

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-28 17:55:38 -05:00
Nick Mathewson
034e2788f8 whitespace fixes 2015-01-23 11:18:28 -05:00
Nick Mathewson
23fc1691b6 Merge branch 'better_workqueue_v3_squashed' 2015-01-21 14:47:16 -05:00
Nick Mathewson
e7e33d4b04 Merge branch 'bug14084' 2015-01-20 14:07:37 -05:00
Nick Mathewson
da423532f7 Merge branch 'ticket14254_squashed' 2015-01-20 13:46:56 -05:00
Nick Mathewson
78c53eff85 Fix SocksSocket 0. That was easy! 2015-01-20 13:46:44 -05:00
Nick Mathewson
63765399eb Merge remote-tracking branch 'public/ticket13037'
Conflicts:
	src/or/config.c
2015-01-18 16:07:08 -05:00
Nick Mathewson
31838bd783 changes suggested by weasel 2015-01-16 11:46:20 -05:00
Nick Mathewson
485fdcf826 Unify parse_unix_socket_config and parse_port_config
This incidentally makes unix SocksSocket support all the same options
as SocksPort.

This patch breaks 'SocksSocket 0'; next will restore it.

Resolves 14254.
2015-01-16 11:35:48 -05:00
Nick Mathewson
bbad23bf37 No, client-side DNS cacheing should not be on by default. 2015-01-16 09:32:22 -05:00
Nick Mathewson
4b23b398a3 Merge branch 'bug8546_squashed'
Conflicts:
	src/or/connection.c
	src/or/or.h
	src/or/relay.c
2015-01-16 09:31:50 -05:00
Nick Mathewson
f444f2b1d3 Split client-specific and server-specific parts of port_cfg_t
Also, apply this cocci script to transform accesses. (Plus manual
migration for accesses inside smartlist_foreach loops.)

@@

port_cfg_t *cfgx;
@@
 cfgx->
+server_cfg.
\(
 no_advertise
\|
 no_listen
\|
 all_addrs
\|
 bind_ipv4_only
\|
 bind_ipv6_only
\)

@@

port_cfg_t *cfgx;
@@
 cfgx->
+entry_cfg.
\(
 isolation_flags
\|
 session_group
\|
 socks_prefer_no_auth
\|
 ipv4_traffic
\|
 ipv6_traffic
\|
 prefer_ipv6
\|
 cache_ipv4_answers
\|
 cache_ipv6_answers
\|
 use_cached_ipv4_answers
\|
 use_cached_ipv6_answers
\|
 prefer_ipv6_virtaddr
\)
2015-01-16 09:22:49 -05:00
Nick Mathewson
3668a4126e Merge remote-tracking branch 'public/bug13397' 2015-01-14 14:15:29 -05:00
Nick Mathewson
1e896214e7 Refactor cpuworker to use workqueue/threadpool code. 2015-01-14 11:23:34 -05:00
George Kadianakis
220f419da1 New minimum uptime to become an HSDir is 96 hours. 2015-01-14 12:48:09 +00:00
Nick Mathewson
d8b7dcca8d Merge remote-tracking branch 'andrea/ticket12585_v3' 2015-01-13 12:50:55 -05:00
Andrea Shepard
cb047f4078 Fix ipv4/ipv6 traffic bits on AF_UNIX socks listeners and remove hacky workarounds for brokenness 2015-01-13 00:18:17 +00:00
Andrea Shepard
f50068b17e Fix default list handling for parse_unix_socket_config(); avoid clearing whole pre-existing list 2015-01-12 22:12:18 +00:00
Nick Mathewson
2edfdc02a2 Merge remote-tracking branch 'teor/bug13111-empty-key-files-fn-empty' 2015-01-12 14:06:14 -05:00
Tomasz Torcz
b17918726d send PID of the main daemon to supervisor
If running under systemd, notify the supervisor about current PID
of Tor daemon.  This makes systemd unit simpler and more robust:
it will do the right thing regardless of RunAsDaemon settings.
2015-01-11 11:14:08 -05:00
Nick Mathewson
c83d838146 Implement proposal 227-vote-on-package-fingerprints.txt
This implementation includes tests and a little documentation.
2015-01-10 15:09:07 -05:00
teor
f9d57473e1 Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard
TestingDirAuthVoteHSDir ensures that authorities vote the HSDir flag
for the listed relays regardless of uptime or ORPort connectivity.
Respects the value of VoteOnHidServDirectoriesV2.

Partial fix for bug 14067.
2015-01-10 22:34:28 +11:00
Nick Mathewson
e136606fe8 Smaller RendPostPeriod on test networks
This patch makes the minimum 5 seconds, and the default 2 minutes.

Closes 13401.
2015-01-10 22:34:28 +11:00
teor
f8ffb57bc4 Merge branch 'master' of https://git.torproject.org/tor into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/connection_edge.c
Merged in favour of origin.
2015-01-10 17:20:06 +11:00
teor
c200ab46b8 Merge branch 'bug14001-clang-warning' into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/router.c
Choose newer comment.
Merge changes to comment and function invocation.
2015-01-10 16:34:10 +11:00
Andrea Shepard
0729b2be53 Add support for a default list of paths and passing '0' to disable it to parse_unix_socket_config() 2015-01-09 20:49:54 +00:00
Jacob Appelbaum
8d59ddf3cb Commit second draft of Jake's SOCKS5-over-AF_UNIX patch. See ticket #12585.
Signed-off-by: Andrea Shepard <andrea@torproject.org>
2015-01-07 17:42:57 +00:00
Nick Mathewson
6bb31cba12 New option "--disable-system-torrc" to not read torrc from etc
Implements 13037.
2015-01-06 17:07:40 -05:00
Nick Mathewson
14dedff0ab Drop assumption that get_torrc_fname() can't return NULL. 2015-01-06 17:06:55 -05:00
Nick Mathewson
9396005428 Remove a check for an ancient bad dirserver fingerprint 2015-01-06 16:28:11 -05:00
Nick Mathewson
90b9e23bec Merge branch 'exitnode_10067_squashed'
Conflicts:
	src/or/or.h
2015-01-06 15:15:18 -05:00
Nick Mathewson
35efce1f3f Add an ExitRelay option to override ExitPolicy
If we're not a relay, we ignore it.

If it's set to 1, we obey ExitPolicy.

If it's set to 0, we force ExitPolicy to 'reject *:*'

And if it's set to auto, then we warn the user if they're running an
exit, and tell them how they can stop running an exit if they didn't
mean to do that.

Fixes ticket 10067
2015-01-06 14:31:20 -05:00
Nick Mathewson
a034863b45 Merge remote-tracking branch 'public/bug12509_025' 2015-01-06 14:15:08 -05:00
Nick Mathewson
cf2ac8e255 Merge remote-tracking branch 'public/feature11791' 2015-01-06 13:52:54 -05:00
Nick Mathewson
b06b783fa0 Tolerate relative paths for torrc files with RunAsDaemon
We had a check to block these, but the patch we merged as a1c1fc72
broke this check by making them absolute on demand every time we
opened them.  That's not so great though. Instead, we should make them
absolute on startup, and not let them change after that.

Fixes bug 13397; bugfix on 0.2.3.11-alpha.
2015-01-04 19:34:38 -05:00
Nick Mathewson
8ef6cdc39f Prevent changes to other options from removing . from AutomapHostsSuffixes
This happened because we changed AutomapHostsSuffixes to replace "."
with "", since a suffix of "" means "match everything."  But our
option handling code for CSV options likes to remove empty entries
when it re-parses stuff.

Instead, let "." remain ".", and treat it specially when we're
checking for a match.

Fixes bug 12509; bugfix on 0.2.0.1-alpha.
2015-01-04 17:28:54 -05:00
Nick Mathewson
74cd57517c New option "HiddenServiceAllowUnknownPorts"
This allows hidden services to disable the anti-scanning feature
introduced in 0.2.6.2-alpha. With this option not set, a connection
to an unlisted port closes the circuit.  With this option set, only
a RELAY_DONE cell is sent.

Closes ticket #14084.
2015-01-03 12:34:52 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
Nick Mathewson
5b770ac7b7 Merge branch 'no-exit-bootstrap-squashed' 2014-12-30 09:06:47 -05:00
Nick Mathewson
e85f0c650c Merge branch 'resolvemyaddr_squashed' 2014-12-29 10:00:34 -05:00
rl1987
28217b969e Adding comprehensive test cases for resolve_my_address.
Also, improve comments on resolve_my_address to explain what it
actually does.
2014-12-29 09:59:47 -05:00
teor
5710b83d5d Fix a function name in a comment in config.c 2014-12-26 00:54:09 +11:00
Nick Mathewson
f9ba0b76cd Merge remote-tracking branch 'teor/bug13718-consensus-interval' 2014-12-23 14:25:37 -05:00
teor
1ee41b3eef Allow consensus interval of 10 seconds when testing
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)

Fix code that assumes larger interval values.

This assists in quickly bootstrapping a testing
Tor network.

Fixes bugs 13718 & 13823.
2014-12-24 06:13:32 +11:00
Nick Mathewson
647a90b9b3 Merge remote-tracking branch 'teor/bug14002-osx-transproxy-ipfw-pf' 2014-12-21 13:37:40 -05:00
teor
d93516c445 Fix transparent proxy checks to allow OS X to use ipfw or pf
OS X uses ipfw (FreeBSD) or pf (OpenBSD). Update the transparent
proxy option checks to allow for both ipfw and pf on OS X.

Fixes bug 14002.
2014-12-20 22:28:58 +11:00
George Kadianakis
14e83e626b Add two hidden-service related statistics.
The two statistics are:
 1. number of RELAY cells observed on successfully established
    rendezvous circuits; and
 2. number of .onion addresses observed as hidden-service
    directory.

Both statistics are accumulated over 24 hours, obfuscated by rounding
up to the next multiple of a given number and adding random noise,
and written to local file stats/hidserv-stats.

Notably, no statistics will be gathered on clients or services, but
only on relays.
2014-12-19 10:35:25 -05:00
Nick Mathewson
b1e1b439b8 Fix some issues with the scheduler configuration options
1) Set them to the values that (according to Rob) avoided performance
   regressions.  This means that the scheduler won't get much exercise
   until we implement KIST or something like it.

2) Rename the options to end with a __, since I think they might be
   going away, and nobody should mess with them.

3) Use the correct types for the option variables. MEMUNIT needs to be a
   uint64_t; UINT needs to be (I know, I know!) an int.

4) Validate the values in options_validate(); do the switch in
   options_act(). This way, setting the option to an invalid value on
   a running Tor will get backed out.
2014-11-27 22:51:13 -05:00
Nick Mathewson
a28df3fb67 Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'
Conflicts:
	src/or/or.h
	src/test/Makefile.nmake
2014-11-27 22:39:46 -05:00
Nick Mathewson
6218f48950 Use consistent formatting for list of directory authorities
Based on a patch from grpamp on tor-dev.
2014-11-24 01:34:17 -05:00
Nick Mathewson
336c856e52 Make can_complete_circuits a static variable. 2014-11-20 12:03:46 -05:00
Nick Mathewson
f15cd22bb7 Don't build introduction circuits until we know we can build circuits
Patch from akwizgran.  Ticket 13447.
2014-11-20 11:51:36 -05:00
Nick Mathewson
126f220071 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-19 17:27:37 -05:00
Nick Mathewson
0872d8e3cf Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-11-19 17:26:42 -05:00
Micah Anderson
dca902ceba
Update longclaw dirauth IP to be a more stable location 2014-11-19 17:22:25 -05:00
Nick Mathewson
b3bd7a736c Remove Support022HiddenServices
This has been already disabled in the directory consensus for a while;
it didn't seem to break anything.

Finally closes #7803.
2014-11-17 11:52:10 -05:00
Nick Mathewson
734ba5cb0a Use smaller zlib objects when under memory pressure
We add a compression level argument to tor_zlib_new, and use it to
determine how much memory to allocate for the zlib object.  We use the
existing level by default, but shift to smaller levels for small
requests when we have been over 3/4 of our memory usage in the past
half-hour.

Closes ticket 11791.
2014-11-17 11:43:50 -05:00
Nick Mathewson
5c813f6ca1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-12 15:32:15 -05:00
Nick Mathewson
6c146f9c83 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-11-12 15:30:11 -05:00
Micah Anderson
b6e7b8c88c Remove turtles as a directory authority (#13296) 2014-11-12 15:25:52 -05:00
Micah Anderson
ad448c6405 Add longclaw as a directory authority (#13296) 2014-11-12 15:25:52 -05:00
teor
fd7e9e9030 Stop failing when key files are zero-length
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
2014-11-08 20:31:20 +11:00
Nick Mathewson
4df419a4b1 Merge remote-tracking branch 'meejah/ticket-11291-extra-utests'
Conflicts:
	src/or/config.c
2014-11-05 14:11:47 -05:00
Nick Mathewson
ce147d33f5 Fix a wide line I introduced 2014-11-04 09:56:46 -05:00
Nick Mathewson
9619c395ac Merge remote-tracking branch 'andrea/ticket6456'
Somewhat tricky conflicts:
	src/or/config.c

Also, s/test_assert/tt_assert in test_config.c
2014-11-04 09:52:04 -05:00
Nick Mathewson
bbd8d07167 Apply new calloc coccinelle patch 2014-11-02 11:56:02 -05:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
Nick Mathewson
8e4daa7bb0 Merge remote-tracking branch 'public/ticket6938'
Conflicts:
	src/tools/tor-resolve.c
2014-10-22 10:14:03 -04:00
Nick Mathewson
e5f9f287ce Merge remote-tracking branch 'teor/bug-13163-AlternateAuthorities-type-handling-fixed' 2014-10-09 10:55:09 -04:00
teor
ff42222845 Improve DIRINFO flags' usage comments
Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in functions
which take them as arguments. Replace 0 with NO_DIRINFO in a function call
for clarity.

Seeks to prevent future issues like 13163.
2014-10-08 05:36:54 +11:00
teor
c1dd43d823 Stop using default authorities with both Alternate Dir and Bridge Authority
Stop using the default authorities in networks which provide both
AlternateDirAuthority and AlternateBridgeAuthority.

This bug occurred due to an ambiguity around the use of NO_DIRINFO.
(Does it mean "any" or "none"?)

Partially fixes bug 13163.
2014-10-08 05:36:54 +11:00
Andrea Shepard
12b6c7df4a Make queue thresholds and flush size for global scheduler into config options 2014-10-07 09:53:57 -07:00
teor
27f30040f6 Add TestingDirAuthVoteExit option (like TestingDirAuthVoteGuard)
Add the TestingDirAuthVoteExit option, a list of nodes to vote Exit for,
regardless of their uptime, bandwidth, or exit policy.

TestingTorNetwork must be set for this option to have any effect.

Works around an issue where authorities would take up to 35 minutes to
give nodes the Exit flag in a test network, despite short consensus
intervals. Partially implements ticket 13161.
2014-10-01 17:44:21 +10:00
Andrea Shepard
3bc7108d2c Make is_local_addr() mockable 2014-09-30 23:14:24 -07:00