Commit Graph

9866 Commits

Author SHA1 Message Date
Sebastian Hahn
9b0d3719ae Don't assert for listener connections 2011-07-20 19:42:11 +02:00
Nick Mathewson
e05ddf3e18 Check for port config before addr config in client port options
Otherwise, we'll fail, since "9050" looks like a perfectly fine address.
2011-07-20 13:40:09 -04:00
Nick Mathewson
6fa99ab32f Oops: we need to call parse_client_ports with validate_only==0 at least once 2011-07-20 13:35:02 -04:00
Nick Mathewson
1d7beea2ab Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-20 13:17:59 -04:00
Nick Mathewson
718252b253 Check return value in fmt_addr
Previously, if tor_addr_to_str() returned NULL, we would reuse the
last value returned by fmt_addr().  (This could happen if we were
erroneously asked to format an AF_UNSPEC address.)  Now instead we
return "???".
2011-07-20 13:17:48 -04:00
Nick Mathewson
2a6d12c7ad Fix a warning message. (Found by rransom) 2011-07-20 13:15:04 -04:00
Nick Mathewson
6b228726bc Initialize listener connection addr fields properly 2011-07-20 13:11:29 -04:00
Nick Mathewson
da83da9199 Add a missing break in a switch statement 2011-07-20 12:58:26 -04:00
Nick Mathewson
eaa1c05397 Merge branch 'optimistic-client'
The conflicts are with the proposal 171 circuit isolation code, and
they're all trivial: they're just a matter of both branches adding
some unrelated code in the same places.

Conflicts:
	src/or/circuituse.c
	src/or/connection.c
2011-07-20 09:50:53 -04:00
Nick Mathewson
9a7c16fb00 Unit test for generic_buffer_set_to_copy 2011-07-20 09:34:19 -04:00
Nick Mathewson
195bcb6150 Merge remote-tracking branch 'public/prop171_v2' 2011-07-19 20:43:28 -04:00
Nick Mathewson
553ae5dfb5 Fix spurious warning in bufferevent socks parsing
The problem was that we weren't initializing want_length to 0 before
calling parse_socks() the first time, so it looked like we were
risking an infinite loop when in fact we were safe.

Fixes 3615; bugfix on 0.2.3.2-alpha.
2011-07-19 20:40:15 -04:00
Nick Mathewson
1017322b59 Fix a compile warning in config.c reported by sebastian 2011-07-19 14:04:55 -04:00
Nick Mathewson
e8b9815711 Take a smarter approach to clearing isolation info
Back when I added this logic in 20c0581a79, the rule was that whenever
a circuit finished building, we cleared its isolation info. I did that
so that we would still use the circuit even if all the streams that
had previously led us to tentatively set its isolation info had closed.

But there were problems with that approach: We could pretty easily get
into a case where S1 had led us to launch C1 and S2 had led us to
launch C2, but when C1 finished, we cleared its isolation and attached
S2 first.  Since C2 was still marked in a way that made S1
unattachable to it, we'd then launch another circuit needlessly.

So instead, we try the following approach now: when a circuit is done
building, we try to attach streams to it.  If it remains unused after
we try attaching streams, then we clear its isolation info, and try
again to attach streams.

Thanks to Sebastian for helping me figure this out.
2011-07-19 13:51:43 -04:00
Nick Mathewson
c2d3da6303 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-19 12:59:10 -04:00
Robert Ransom
f021df5824 Specify text or binary mode in every start_writing_to_stdio_file call 2011-07-19 11:11:34 -04:00
Nick Mathewson
12dfb4f5d8 Use socks username/password information in stream isolation 2011-07-19 02:44:12 -04:00
Nick Mathewson
94f85f216a Turn streq_opt into a generic strcmp_opt. 2011-07-19 02:36:11 -04:00
Nick Mathewson
172f8acbe7 Stick controller-originated resolves in their own session group 2011-07-19 02:02:17 -04:00
Nick Mathewson
8314fa5e5c Implement sensible isolation for tunneled directory conns
One-hop dirconn streams all share a session group, and get the
ISO_SESSIONGRP flag: they may share circuits with each other and
nothing else.

Anonymized dirconn streams get a new internal-use-only ISO_STREAM
flag: they may not share circuits with anything, including each other.
2011-07-19 02:02:17 -04:00
Nick Mathewson
424063e3b2 Implement destaddr-based isolation
The new candidate rule, which arma suggested and I like, is that
the original address as received from the client connection or as
rewritten by the controller is the address that counts.
2011-07-19 02:02:11 -04:00
Nick Mathewson
aef30547dc Add an option to limit the number of non-open client circuits.
This is mainly meant as a way to keep clients from accidentally
DOSing themselves by (e.g.) enabling IsolateDestAddr or
IsolateDestPort on a port that they use for HTTP.
2011-07-19 01:58:45 -04:00
Nick Mathewson
20c0581a79 Launch sufficient circuits to satisfy pending isolated streams
Our old "do we need to launch a circuit for stream S" logic was,
more or less, that if we had a pending circuit that could handle S,
we didn't need to launch a new one.

But now that we have streams isolated from one another, we need
something stronger here: It's possible that some pending C can
handle either S1 or S2, but not both.

This patch reuses the existing isolation logic for a simple
solution: when we decide during circuit launching that some pending
C would satisfy stream S1, we "hypothetically" mark C as though S1
had been connected to it.  Now if S2 is incompatible with S1, it
won't be something that can attach to C, and so we'll launch a new
stream.

When the circuit becomes OPEN for the first time (with no streams
attached to it), we reset the circuit's isolation status.  I'm not
too sure about this part: I wanted some way to be sure that, if all
streams that would have used a circuit die before the circuit is
done, the circuit can still get used.  But I worry that this
approach could also lead to us launching too many circuits.  Careful
thought needed here.
2011-07-19 01:58:45 -04:00
Nick Mathewson
773bfaf91e Implement stream isolation
This is the meat of proposal 171: we change circuit_is_acceptable()
to require that the connection is compatible with every connection
that has been linked to the circuit; we update circuit_is_better to
prefer attaching streams to circuits in the way that decreases the
circuits' usefulness the least; and we update link_apconn_to_circ()
to do the appropriate bookkeeping.
2011-07-19 01:58:45 -04:00
Nick Mathewson
1d3c8c1f74 Add a new isolation type and field: "nym epoch"
The "nym epoch" of a stream is defined as the number of times that
NEWNYM had been called before the stream was opened.  All streams
are isolated by nym epoch.

This feature should be redundant with existing signewnym stuff, but
it provides a good belt-and-suspenders way for us to avoid ever
letting any circuit type bypass signewnym.
2011-07-19 01:58:45 -04:00
Nick Mathewson
461623e7f9 Const-ify a few functions 2011-07-19 01:58:44 -04:00
Nick Mathewson
ea0a9b16b9 (Unused) backend logic for stream isolation
This patch adds fields to track how streams should be isolated, and
ensures that those fields are set correctly.  It also adds fields to
track what streams can go on a circuit, and adds functions to see
whether a streams can go on a circuit and update the circuit
accordingly.  Those functions aren't yet called.
2011-07-19 01:58:44 -04:00
Nick Mathewson
d2205ca458 Refactor listener_connection_t into its own type.
This will allow us to add more fields to listener_connection_t
without bloating the other connection types.
2011-07-19 01:58:44 -04:00
Nick Mathewson
ddc65e2b33 Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.

Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t.  Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them.  Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.

We should do a related refactoring on other port types.  For
control ports, that'll be easy enough.  For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).

This implements tickets 3514 and 3515.
2011-07-19 01:58:43 -04:00
Nick Mathewson
2163e420b2 Merge remote-tracking branch 'public/bug3560' 2011-07-18 17:57:06 -04:00
Nick Mathewson
99348ce831 Bump version to 0.2.3.2-alpha-dev 2011-07-18 17:56:47 -04:00
Nick Mathewson
218e84b634 Remember optimistically sent data until we have gotten a CONNECTED
Since we can retry failed streams under some circumstances, we need
to be ready to send data queued on them.
2011-07-18 15:43:16 -04:00
Nick Mathewson
34a52534bb Add a generic_buffer_t to use the best buffer type we have on hand
Also add a quick function to copy all the data in a buffer.  (This
one could be done much better, but let's see if it matters.)
2011-07-18 15:36:20 -04:00
Nick Mathewson
1e441df2d0 Only use optimistic data with exits that support it
This adds a little code complexity: we need to remember for each
node whether it supports the right feature, and then check for each
connection whether it's exiting at such a node.  We store this in a
flag in the edge_connection_t, and set that flag at link time.
2011-07-18 13:56:22 -04:00
Roger Dingledine
8cdec1e156 bump to 0.2.3.2-alpha 2011-07-18 13:20:54 -04:00
Nick Mathewson
ba5d758104 Initial optimistic_client fixes
- Conform to make check-spaces
  - Build without warnings from passing size_t to %d
  - Use connection_get_inbuf_len(), not buf_datalen (otherwise bufferevents
    won't work).
  - Don't log that we're using this feature at warn.
2011-07-18 13:00:48 -04:00
Ian Goldberg
326d5c156d Implement the client side of optimistic data (proposal 174) 2011-07-18 12:56:45 -04:00
George Kadianakis
cfb473ed34 Changed a printf() to a log_debug(). 2011-07-18 17:08:55 +02:00
George Kadianakis
69271b2a38 Reuse get_string_from_pipe() in log_from_pipe(). 2011-07-18 17:06:16 +02:00
George Kadianakis
51cdd30c01 Let's be smarter while parsing {Client,Server}TransportPlugin lines. 2011-07-18 16:42:31 +02:00
George Kadianakis
14c5a24fe7 Replaced ST_* enum prefix for stream status with IO_STREAM_*. 2011-07-18 02:35:29 +02:00
George Kadianakis
a8f21f91cf Updated #includes etc. to use transports.[ch]. 2011-07-18 02:33:31 +02:00
George Kadianakis
d8c04c7ea5 Renamed pluggable_transports.[ch] to transports.[ch]. 2011-07-18 02:19:38 +02:00
Nick Mathewson
975150a13e Better messages when we're stalled because of microdescriptors
It's a little confusing for me to say "only X/Y descriptors" when
I have microdescriptors enabled.  So, let's fix that.
2011-07-15 19:38:27 -04:00
Nick Mathewson
b8943461c0 Fix bug in upload/download of hsdesc with microdescs
Previously we were using router_get_by_id(foo) to test "do we have a
descriptor that will let us make an anonymous circuit to foo".  But
that isn't right for microdescs: we should have been using node_t.

Fixes bug 3601; bugfix on 0.2.3.1-alpha.
2011-07-15 18:55:12 -04:00
Nick Mathewson
8157dcbdf8 Merge remote-tracking branch 'sebastian/compile_warning' 2011-07-15 17:54:49 -04:00
Nick Mathewson
2b660f9781 Fix a wide line. "Tradition!" 2011-07-15 17:53:13 -04:00
Sebastian Hahn
2d0b56a505 Fix a compile warning on OS X 10.6 2011-07-15 23:12:43 +02:00
Nick Mathewson
6aef89bda4 Remove compare_addr_to_node_policy
Instead, use compare_tor_addr_to_node_policy everywhere.

One advantage of this is that compare_tor_addr_to_node_policy can
better distinguish 0.0.0.0 from "unknown", which caused a nasty bug
with microdesc users.
2011-07-15 13:04:12 -04:00
Nick Mathewson
f40df02f3e Treat null address as "unknown", not "rejected" in md policy
Previously, we had an issue where we'd treat an unknown address as
0, which turned into "0.0.0.0", which looked like a rejected
address.  This meant in practice that as soon as we started doing
comparisons of unknown uint32 addresses to short policies, we'd get
'rejected' right away.  Because of the circumstances under which
this would be called, it would only happen when we had local DNS
cached entries and we were looking to launch new circuits.
2011-07-15 13:04:06 -04:00
Nick Mathewson
3380dc9cc0 Remove compare_addr_to_addr_policy
Nothing used it but the unit tests; everything else knows to use
compare_tor_addr_to_addr_policy instead.
2011-07-15 12:31:09 -04:00
Nick Mathewson
44cfa53873 Make WIN32_WINNT defines conditional
Requested by Gisle Vanem on tor-dev.  I'm not quite sure this is the
right solution, but it's probably harmless.
2011-07-15 10:03:59 -04:00
Nick Mathewson
852b131281 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/control.c
2011-07-14 17:22:23 -04:00
Nick Mathewson
866a2828bd Merge branch 'bug3577' into maint-0.2.2 2011-07-14 17:20:01 -04:00
Nick Mathewson
2e34416c6d Improve error msg on failed getinfo fingerprint 2011-07-14 17:19:52 -04:00
Nick Mathewson
642cff5bca Only download microdesc consensus from caches that support it
Bugfix on 0.2.3.1-alpha; found by arma; never got a bug number.
2011-07-14 14:19:18 -04:00
George Kadianakis
86b20e0d8a Reverting the accounting thing introduced in 5492de76 till I think how it should be done properly. 2011-07-14 04:24:10 +02:00
George Kadianakis
684aca7faf Changed a couple of 180 spec stuff according to #3578.
* Restored "proxy" in external ServerTransportPlugin lines.
* Changed the extended OR port and ORPort env. vars to addr:port.
2011-07-14 01:03:35 +02:00
George Kadianakis
ce419a78c5 Add some unit tests. 2011-07-13 19:06:14 +02:00
George Kadianakis
5492de76dd Put some last missing pieces together.
* Add some utility transport functions in circuitbuild.[ch] so that we
  can use them from pt.c.
* Make the accounting system consider traffic coming from proxies.
* Make sure that we only fetch bridge descriptors when all the
  transports are configured.
2011-07-13 19:06:07 +02:00
George Kadianakis
9ba2d0e439 Create the pluggable_transports.[ch] source files responsible for talking the 180 talk. 2011-07-13 19:00:28 +02:00
George Kadianakis
810a7a5fa0 Make some utility functions.
* Create a function that will get input from a stream, so that we can
  communicate with the managed proxy.
* Hackish change to tor_spawn_background() so that we can specify an
  environ for our spawn.
2011-07-13 18:59:52 +02:00
George Kadianakis
73a1e98cb9 Add support for managed {Client,Server}TransportPlugin parsing. 2011-07-13 18:58:11 +02:00
Nick Mathewson
5000e59b5f Change GETINFO fingerprint to look at server_mode, not my_descriptor
It's possible for us to be a server and have a fingerprint without
having yet generated a descriptor.

Fixes bug 3577; bugfix on 0.2.0.1-alpha
2011-07-13 12:45:18 -04:00
Nick Mathewson
e8bfe89365 Resolve a warning from the bug1666 branch 2011-07-13 12:13:12 -04:00
Nick Mathewson
1aab5b6b39 Merge remote-tracking branch 'public/bug1666'
Conflicts:
	doc/spec/socks-extensions.txt
	src/or/buffers.c
	src/or/config.c
	src/or/connection_edge.c
2011-07-13 12:12:16 -04:00
Nick Mathewson
9a6642f6f5 Avoid warning in broken_state_count_compare 2011-07-12 11:23:55 -04:00
Nick Mathewson
16c5a62a66 Add more error checks to socks parsing code
Suggested by Linus to avoid uninitialized reads or infinite loops if
it turns out our code is buggier than we had thought.
2011-07-12 10:51:31 -04:00
Nick Mathewson
597da4989e Merge branch 'bug2798' 2011-07-11 17:04:21 -04:00
Nick Mathewson
d82384658d Tweaks to bug2798 based on comments by arma 2011-07-11 17:02:03 -04:00
Nick Mathewson
b49e561f01 Turn on microdescriptors for clients 2011-07-11 16:54:43 -04:00
Nick Mathewson
b55e31aeb4 Merge remote-tracking branch 'rransom-tor/bug3427' 2011-07-11 16:32:58 -04:00
Nick Mathewson
42ff326afa Merge branch 'bug2616' 2011-07-11 16:22:12 -04:00
Nick Mathewson
2a594fcde9 Disable recording new broken conns when we have bootstrapped
Rationale: right now there seems to be no way for our bootstrap
status to dip under 100% once it has reached 100%.  Thus, recording
broken connections after that point is useless, and wastes memory.

If at some point in the future we allow our bootstrap level to go
backwards, then we should change this rule so that we disable
recording broken connection states _as long as_ the bootstrap status
is 100%.
2011-07-11 16:13:17 -04:00
Nick Mathewson
e253e9577f Clear broken connection map on successful bootstrap 2011-07-11 16:13:17 -04:00
Nick Mathewson
3f97c665aa Document feature3116 fns and improve output
- We were reporting the _bottom_ N failing states, not the top N.
- With bufferevents enabled, we logged all TLS states as being "in
  bufferevent", which isn't actually informative.
- When we had nothing to report, we reported nothing too loudly.
- Also, we needed documentation.
2011-07-11 16:13:17 -04:00
Nick Mathewson
b0de8560f6 Report the states of failed TLS connections from bootstrap_problem 2011-07-11 16:13:17 -04:00
Nick Mathewson
b25ca8af06 Limit the number of different handshake reasons to report
If connections failed in more than 10 different states, let's just
report the top ten states.
2011-07-11 16:13:17 -04:00
Nick Mathewson
734d9486f6 Record the states of failing OR connections
This code lets us record the state of any outgoing OR connection
that fails before it becomes open, so we can notice if they're all
dying in the same SSL state or the same OR handshake state.

More work is still needed:
  - We need documentation
  - We need to actually call the code that reports the failure when
    we realize that we're having a hard time connecting out or
    making circuits.
  - We need to periodically clear out all this data -- perhaps,
    whenever we build a circuit successfully?
  - We'll eventually want to expose it to controllers, perhaps.

Partial implementation of feature 3116.
2011-07-11 16:13:17 -04:00
Nick Mathewson
0fd8ce15c2 Make a function static
Now that connection_dir_about_to_close() is in directory.c, there's
no reason to expose connection_dir_request_failed().
2011-07-11 16:13:17 -04:00
Nick Mathewson
a2ad31a92b Split connection_about_to_close_connection into separate functions
This patch does NOTHING but:
  - move code
  - add declarations and includes as needed to make the new code
    work
  - declare the new functions.
2011-07-11 16:13:16 -04:00
Nick Mathewson
616d85fdd8 Fix compilation from 2841 branch 2011-07-11 15:59:03 -04:00
Nick Mathewson
e006aa5dfa Merge remote-tracking branch 'public/bug2841'
Conflicts:
	src/or/config.c
2011-07-11 15:57:12 -04:00
Linus Nordberg
4ce302c8e5 Fix cut'n'paste bug in comment. 2011-07-11 20:52:52 +02:00
Nick Mathewson
e158f8de4b Rename and tweak nodelist_add_node_family() to add node
It's very easy for nodelist_add_node_family(sl,node) to accidentally
add 'node', and kind of hard to make sure that it omits it.  Instead
of taking pains to leave 'node' out, let's instead make sure that we
always include it.

I also rename the function to nodelist_add_node_and_family, and
audit its users so that they don't add the node itself any longer,
since the function will take care of that for them.

Resolves bug 2616, which was not actually a bug.
2011-07-11 11:21:47 -04:00
Nick Mathewson
2797fd8f68 Revise code for adding EntryNodes to guards.
Previously, we'd just take all the nodes in EntryNodes, see which
ones were already in the guard list, and add the ones that weren't.
There were some problems there, though:

   * We'd add _every_ entry in EntryNodes, and add them in the order
     they appeared in the routerlist.  This wasn't a problem
     until we added the ability to give country-code or IP-range
     entries in the EntryNodes set, but now that we did, it is.

     (Fix: We now shuffle the entry nodes before adding them; only
     add up to 10*NumEntryGuards)

   * We didn't screen EntryNodes for the Guard flag.  That's okay
     if the user has specified two or three entry nodes manually,
     but if they have listed a whole subcontinent, we should
     restrict ourselves to the entries that are currently guards.

     (Fix: separate out the new guard from the new non-guard nodes,
     and add the Guards first.)

   * We'd prepend new EntryNodes _before_ the already configured
     EntryNodes.  This could lead to churn.

     (Fix: don't prepend these.)

This patch also pre-screens EntryNodes entries for
reachableaddresses/excludenodes, even though we check for that
later.  This is important now, since we cap the number of entries
we'll add.
2011-07-11 10:58:07 -04:00
Nick Mathewson
60832766ac Look at the right consensus in router_add_to_routerlist()
Just looking at the "latest" consensus could give us a microdesc
consensus, if microdescs were enabled. That would make us decide
that every routerdesc was unlisted in the latest consensus and drop
them all: Ouch.

Fixes bug 3113; bugfix on 0.2.3.1-alpha.
2011-07-11 10:02:24 -04:00
Nick Mathewson
3799ce7970 Merge branch 'bug2797' 2011-07-11 09:48:38 -04:00
Nick Mathewson
7dcd105be3 Remove a redundant condition in compare_addr_to_node_policy
A && A == A.

Found by frosty_un
2011-07-08 14:11:49 -04:00
Nick Mathewson
a4d339cf08 Make nodelist_purge avoid orphaned microdescs in rs-less nodes
We have an invariant that a node_t should have an md only if it has
a routerstatus.  nodelist_purge tried to preserve this by removing
all nodes without a routerstatus or a routerinfo.  But this left
nodes with a routerinfo and a microdesc untouched, even if they had
a routerstatus.

Bug found by frosty_un.
2011-07-07 15:28:45 -04:00
Roger Dingledine
aeb117f62c Merge branch 'maint-0.2.2' 2011-07-07 13:31:08 -04:00
Roger Dingledine
8e3830352f Merge branch 'maint-0.2.1' into maint-0.2.2 2011-07-07 13:29:02 -04:00
Roger Dingledine
51d6e95023 update to the july 2011 geoip db 2011-07-07 13:28:36 -04:00
Nick Mathewson
64c8e8edda Kill redundant checks around routerset_contains_*()
All of the routerset_contains*() functions return 0 if their
routerset_t argument is NULL.  Therefore, there's no point in
doing "if (ExcludeNodes && routerset_contains*(ExcludeNodes...))",
for example.

This patch fixes every instance of
         if (X && routerstatus_contains*(X,...))

Note that there are other patterns that _aren't_ redundant.  For
example, we *don't* want to change:
        if (EntryNodes && !routerstatus_contains(EntryNodes,...))

Fixes #2797.  No bug here; just needless code.
2011-07-07 11:52:13 -04:00
Nick Mathewson
174cbff8cf Merge remote-tracking branch 'public/bug3153'
Conflicts:
	src/or/nodelist.c
2011-07-07 11:14:04 -04:00
Nick Mathewson
6b670d6032 Merge branch 'bug3263' 2011-07-07 11:08:03 -04:00
Nick Mathewson
bc3c54a07f Have transitions in public_server_mode count as affects_descriptor
Previously, we'd get a new descriptor for free when
public_server_mode() changed, since it would count as
affects_workers, which would call init_keys(), which would make us
regenerate a new descriptor.  But now that we fixed bug 3263,
init_keys() is no longer necessarily a new descriptor, and so we
need to make sure that public_server_mode() counts as a descriptor
transition.
2011-07-07 11:05:06 -04:00
Nick Mathewson
31120ff692 Remove unused var in write_to_evbuffer_zlib 2011-07-07 11:00:51 -04:00
Nick Mathewson
57822cbbbe Avoid double-free in bufferevent read/write cbs
Fixes bug 3404; bugfix on 0.2.3.1-alpha.
2011-07-07 11:00:21 -04:00
Nick Mathewson
f883ec09b5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-07 09:56:01 -04:00
Sebastian Hahn
3ab09763ce Correctly send a SUCCEEDED event for rdns requests
The issue was that we overlooked the possibility of reverse DNS success
at the end of connection_ap_handshake_socks_resolved(). Issue discovered
by katmagic, thanks!
2011-07-07 05:38:38 +02:00
Roger Dingledine
ab8c0d4c9e Merge branch 'maint-0.2.2' 2011-07-06 00:49:11 -04:00
Roger Dingledine
4f74979173 appease check-spaces 2011-07-06 00:48:22 -04:00
Nick Mathewson
0be2934186 Merge remote-tracking branch 'rransom-tor/bug3465-023-v2' 2011-07-05 16:01:07 -04:00
Nick Mathewson
335ff915c7 Merge remote-tracking branch 'rransom-tor/bug3465-022' into maint-0.2.2 2011-07-05 15:52:11 -04:00
Nick Mathewson
6053e11ee6 Refactor the interfaces of transport/proxy lookup fns
Returning a tristate is needless here; we can just use the yielded
transport/proxy_type field to tell whether there's a proxy, and have
the return indicate success/failure.

Also, store the proxy_type in the or_connection_t rather than letting
it get out of sync if a configuration reload happens between launching
the or_connection and deciding what to say with it.
2011-07-03 00:13:41 -04:00
Nick Mathewson
7212538997 Future-proof and user-proof parse_bridge_line 2011-07-03 00:02:13 -04:00
Nick Mathewson
c0de533c56 Simplify parse_client_transport_line 2011-07-02 23:32:17 -04:00
Nick Mathewson
ded6bbf70a Style and grammar tweaks on 2841 branch 2011-07-02 23:26:37 -04:00
Nick Mathewson
c4b831e92d Small tweaks to 2841 code
- const-ify some transport_t pointers
    - Remove a vestigial argument to parse_bridge_line
    - Make it compile without warnings on my laptop with
      --enable-gcc-warnings
2011-07-02 23:12:32 -04:00
Nick Mathewson
e273890b10 Merge branch 'cov217_master' 2011-07-01 12:57:21 -04:00
Nick Mathewson
734e860d98 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-01 12:56:40 -04:00
Nick Mathewson
06f0c1aa6a Merge branch 'cov217_022_squashed' into maint-0.2.2 2011-07-01 12:56:14 -04:00
Nick Mathewson
bc91cb6e45 Use strlcpy when copying node IDs into measured_bw_line_t
We were using strncpy before, which isn't our style for stuff like
this.

This isn't a bug, though: before calling strncpy, we were checking
that strlen(src) was indeed == HEX_DIGEST_LEN, which is less than
sizeof(dst), so there was no way we could fail to NUL-terminate.
Still, strncpy(a,b,sizeof(a)) is an idiom that we ought to squash
everyplace.

Fixes CID #427.
2011-07-01 12:56:07 -04:00
Nick Mathewson
2ba19f9b4a Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-07-01 12:55:23 -04:00
Nick Mathewson
021cf3f052 Merge branches 'cov217_021' and 'cid_450' into maint-0.2.1 2011-07-01 12:54:51 -04:00
Nick Mathewson
959da6b7f2 Use strlcpy in create_unix_sockaddr()
Using strncpy meant that if listenaddress were ever >=
sizeof(sockaddr_un.sun_path), we would fail to nul-terminate
sun_path.  This isn't a big deal: we never read sun_path, and the
kernel is smart enough to reject the sockaddr_un if it isn't
nul-terminated.  Nonetheless, it's a dumb failure mode.  Instead, we
should reject addresses that don't fit in sockaddr_un.sun_path.

Coverity found this; it's CID 428.  Bugfix on 0.2.0.3-alpha.
2011-07-01 12:54:24 -04:00
Nick Mathewson
46297bc7bd Fix a rare memory leak in rend_cache_store
When we rejected a descriptor for not being the one we wanted, we
were letting the parsed descriptor go out of scope.

Found by Coverity; CID # 30.

Bugfix on 0.2.1.26.

(No changes file yet, since this is not in any 0.2.1.x release.)
2011-07-01 12:54:19 -04:00
Nick Mathewson
d25feadebb Fix insanely large stack_allocation in log_credential_status
I'm not one to insist on C's miserly stack limits, but allocating a
256K array on the stack is too much even for me.

Bugfix on 0.2.1.7-alpha.  Found by coverity.  Fixes CID # 450.
2011-07-01 12:38:05 -04:00
Nick Mathewson
0317dc2bb2 Check return value of crypto_global_init in test.c
This will let the unit tests fail in a less mystifying way if the
crypto subsystem is b0rken, and will also make Coverity happier.

CID # 429.
2011-07-01 11:56:09 -04:00
Nick Mathewson
eca982d3eb Defensive programming: don't crash with broken node_t
Every node_t has either a routerinfo_t or a routerstatus_t, so every
node_t *should* have a nickname.  Nonetheless, let's make sure in
hex_digest_nickname_matches().

Should quiet CID 434.
2011-07-01 11:43:34 -04:00
Nick Mathewson
1d18c2deb6 Don't shadow parameters with local variables
This is a little error-prone when the local has a different type
from the parameter, and is very error-prone with both have the same
type.  Let's not do this.

Fixes CID #437,438,439,440,441.
2011-07-01 11:33:07 -04:00
Nick Mathewson
a0ae80788c Replace 4 more sscanf()s with tor_sscanf()
For some inexplicable reason, Coverity departs from its usual
standards of avoiding false positives here, and warns about all
sscanf usage, even when the formatting strings are totally safe.

Addresses CID # 447, 446.
2011-07-01 11:26:30 -04:00
Nick Mathewson
da62af6f6b Replace a "const const" with a "const"
Looks like this squeaked in while I was doing a search-and-replace
to constify things.  Coverity CID 483.
2011-07-01 11:11:35 -04:00
Nick Mathewson
05c424f4b8 Refactor fetch_from_buf_socks() to be greedy
Previously, fetch_from_buf_socks() might return 0 if there was still
data on the buffer and a subsequent call to fetch_from_buf_socks()
would return 1.  This was making some of the socks5 unit tests
harder to write, and could potentially have caused misbehavior with
some overly verbose SOCKS implementations.  Now,
fetch_from_buf_socks() does as much processing as it can, and
returns 0 only if it really needs more data.  This brings it into
line with the evbuffer socks implementation.
2011-06-29 17:45:27 -04:00
Nick Mathewson
5d43a15720 Refactor socks unit tests into a suite of their own 2011-06-29 17:30:55 -04:00
Nick Mathewson
ee42fe8fbb Don't drain extra data when parsing socks auth methods
We added this back in 0649fa14 in 2006, to deal with the case where
the client unconditionally sent us authentication data.  Hopefully,
that's not needed any longer, since we now can actually parse
authentication data.
2011-06-29 17:29:33 -04:00
Nick Mathewson
2e6604f42e Record username/password data in socks_request_t
This change also requires us to add and use a pair of
allocator/deallocator functions for socks_request_t, instead of
using tor_malloc_zero/tor_free directly.
2011-06-29 13:08:46 -04:00
Nick Mathewson
204bce7e3c If we negotiate authentication, require it. 2011-06-29 12:16:09 -04:00
Nick Mathewson
aec396d9d0 Be more strict about when to accept socks auth message
In the code as it stood, we would accept any number of socks5
username/password authentication messages, regardless of whether we
had actually negotiated username/password authentication.  Instead,
we should only accept one, and only if we have really negotiated
username/password authentication.

This patch also makes some fields of socks_request_t into uint8_t,
for safety.
2011-06-29 12:12:58 -04:00
Nick Mathewson
9b3f48c074 Fix 'make check-spaces' 2011-06-29 11:47:35 -04:00
Nick Mathewson
1ed615ded7 Correct byte-counting in socks auth parsing code 2011-06-29 11:45:15 -04:00
George Kadianakis
36468ec44b Trivial code tweaks and documentation updates. 2011-06-28 05:43:40 +02:00
Robert Ransom
ca6efcf507 Make handle_control_setevents table-driven 2011-06-25 17:45:33 -07:00
Robert Ransom
c780bc4d0b Merge branch 'bug3465-022' into bug3465-023
* bug3465-022:
  Add BUILDTIMEOUT_SET to the result of GETINFO events/names
  Correct a comment
  Fix minor comment issues
2011-06-25 15:04:07 -07:00
Robert Ransom
93d52f6739 Add BUILDTIMEOUT_SET to the result of GETINFO events/names 2011-06-25 15:02:11 -07:00
Robert Ransom
53f87a89f0 Correct a comment 2011-06-24 15:18:22 -07:00
Nick Mathewson
0b536469ee Merge remote-tracking branch 'rransom-tor/bug3456' 2011-06-24 16:48:38 -04:00
Robert Ransom
76d0d62bd9 Correct terminology in comment 2011-06-24 11:28:52 -07:00
Robert Ransom
58f801fadf Store cpath_build_state_t flags in one-bit bitfields, not ints 2011-06-24 11:28:15 -07:00
Robert Ransom
cb1b20dbad Fix minor comment issues 2011-06-23 15:46:15 -07:00
Nick Mathewson
9919b01275 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-22 18:15:27 -04:00
George Kadianakis
1fe8bee656 Revised how we handle ClientTransportPlugin and Bridge lines.
Multiple Bridge lines can point to the same one ClientTransportPlugin
line, and we can have multiple ClientTransportPlugin lines in our
configuration file that don't match with a bridge. We also issue a
warning when we have a Bridge line with a pluggable transport but we
can't match it to a ClientTransportPlugin line.
2011-06-22 23:28:11 +02:00
Robert Ransom
2b5ebc7097 Improve documentation of smartlist_split_string 2011-06-22 14:09:43 -07:00
Robert Ransom
d7254bea11 Fix minor comment issues 2011-06-22 14:09:43 -07:00
Robert Ransom
8a55da57ed Fix comment typo 2011-06-22 13:42:28 -07:00
George Kadianakis
5a05deb574 Various small tweaks around config.c and or.h 2011-06-21 18:49:04 +02:00
George Kadianakis
298f170036 Tweaked connection{.c,.h,_or.c} based on nick's comments.
* Tweaked doxygen comments.
* Changed returns of get_proxy_addrport().
* Ran make check-spaces.
* Various small code tweaks.
2011-06-21 18:48:43 +02:00
George Kadianakis
392e947df5 Fixes on circuitbuild.[ch] based on nick's comments.
* Renamed transport_info_t to transport_t.
* Introduced transport_get_by_name().
* Killed match_bridges_with_transports().
  We currently *don't* detect whether any bridges miss their transports,
  of if any transports miss their bridges.
* Various code and aesthetic tweaks and English language changes.
2011-06-21 18:46:50 +02:00
Nick Mathewson
64a5a4177f Merge branch 'bug3367' 2011-06-21 11:32:52 -04:00
Nick Mathewson
4186b1362b Merge remote-tracking branch 'public/bug3264' 2011-06-21 10:28:25 -04:00
Nick Mathewson
e617a34d58 Add, use a bufferevent-safe connection_flush()
A couple of places in control.c were using connection_handle_write()
to flush important stuff (the response to a SIGNAL command, an
ERR-level status event) before Tor went down.  But
connection_handle_write() isn't meaningful for bufferevents, so we'd
crash.

This patch adds a new connection_flush() that works for all connection
backends, and makes control.c use that instead.

Fix for bug 3367; bugfix on 0.2.3.1-alpha.
2011-06-21 10:22:54 -04:00
Jacob Appelbaum
8b0d9452ca Fix tor-fw-helper-natpmp.c API usage
libnatpmp-20110618 changed the API that tor-fw-helper used and for a time
tor-fw-helper could not build against the newest libnatpmp. This patch brings
support for libnatpmp to tor-fw-helper.
2011-06-20 20:01:46 -04:00
Nick Mathewson
410e440a8d Log SSL state changes at LOG_DEBUG, LD_HANDSHAKE.
This can be slightly useful for debugging blocking events.

Addresses ticket 3116; based on loud_ssl_states branch.
2011-06-20 17:45:12 -04:00
Nick Mathewson
8653f31d8d Fix overwide line in config.c 2011-06-20 15:29:22 -04:00
Nick Mathewson
997499369e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-20 15:28:16 -04:00
Nick Mathewson
1040ccafb2 Fix overwide lines in util.c 2011-06-20 15:28:06 -04:00
intrigeri
8b265543eb Add port 6523 (Gobby) to LongLivedPorts. 2011-06-20 12:08:46 -04:00
Nick Mathewson
a046966baf Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/or.h
2011-06-19 21:00:15 -04:00
Robert Ransom
eeedc5c13c Put hashes of all tor source files into or_sha1.i 2011-06-18 00:54:04 -07:00
Nick Mathewson
3b41551b61 Revert "Add an "auto" option to UseBridges"
This reverts commit 507c1257a4.
2011-06-17 16:45:53 -04:00
Nick Mathewson
42d6f34590 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-17 15:25:18 -04:00
Nick Mathewson
85d4c290d7 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-06-17 15:24:23 -04:00
Robert Ransom
010b8dd4f6 Abandon rendezvous circuits on SIGNAL NEWNYM 2011-06-17 15:22:23 -04:00
Nick Mathewson
31b9b1a5bb Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-17 15:04:29 -04:00
Nick Mathewson
209229f100 Merge branch 'bug3407' into maint-0.2.2 2011-06-17 14:59:39 -04:00
Robert Ransom
227896e447 Make send_control_event_impl's behaviour sane 2011-06-17 13:57:25 -04:00
Robert Ransom
70785f87bb Fix comment typo 2011-06-17 13:57:25 -04:00
Robert Ransom
68cd0a9abe Make connection_printf_to_buf's behaviour sane 2011-06-17 13:57:25 -04:00
Roger Dingledine
64bfbcb918 log when we finish ssl handshake and move to renegotiation
debug-level since it will be quite common. logged at both client
and server side. this step should help us track what's going on
with people filtering tor connections by our ssl habits.
2011-06-17 03:31:59 -04:00
Nick Mathewson
a857f61e27 Merge remote-tracking branch 'rransom-tor/bug3332-v2' 2011-06-15 11:33:40 -04:00
Robert Ransom
44eafa9697 Assert that HS operations are not performed using single-hop circuits
(with fixes by Nick Mathewson to unbreak the build)
2011-06-14 21:32:49 -07:00
Nick Mathewson
875a551409 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-14 13:46:46 -04:00
Nick Mathewson
a25c0a5bf8 Merge remote-tracking branch 'public/bug3369' into maint-0.2.2 2011-06-14 13:46:10 -04:00
Nick Mathewson
19febed9e5 Merge remote-tracking branch 'rransom-tor/bug3349' 2011-06-14 13:39:26 -04:00
Nick Mathewson
47c8433a0c Make the get_options() return const
This lets us make a lot of other stuff const, allows the compiler to
generate (slightly) better code, and will make me get slightly fewer
patches from folks who stick mutable stuff into or_options_t.

const: because not every input is an output!
2011-06-14 13:17:06 -04:00
Nick Mathewson
22efe20309 Fix another check_private_dir instance in master 2011-06-14 12:28:16 -04:00
Nick Mathewson
8839b86085 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-14 12:25:33 -04:00
Jérémy Bobbio
54d7d31cba Make ControlSocketsGroupWritable work with User.
Original message from bug3393:

check_private_dir() to ensure that ControlSocketsGroupWritable is
safe to use. Unfortunately, check_private_dir() only checks against
the currently running user… which can be root until privileges are
dropped to the user and group configured by the User config option.

The attached patch fixes the issue by adding a new effective_user
argument to check_private_dir() and updating the callers. It might
not be the best way to fix the issue, but it did in my tests.

(Code by lunar; changelog by nickm)
2011-06-14 12:18:32 -04:00
George Kadianakis
93526cdf0b Fixes small bugs. 2011-06-14 16:00:55 +02:00
George Kadianakis
5b050a9b08 This commit is an attempt to beautify the previous commit.
It creates some helper functions that return the proxy type, proxy addr/port, etc.
2011-06-14 04:28:36 +02:00
George Kadianakis
abe03f4943 Our warning now is much more specific, mentioning proxy type/addr/port.
Not included in the previous commit, because the implementation is
ugly; I see no other way of doing this though.
2011-06-14 03:27:07 +02:00
George Kadianakis
a79bea40d8 We now warn the user if a proxy server is not up when we try to connect with it. 2011-06-14 02:51:59 +02:00
intrigeri
910472c514 client-side DNS proxy server: reply NOTIMPL to unsupported queries
Fix for bug 3369.
2011-06-13 13:37:45 -04:00
George Kadianakis
00ec4b2c00 Various trivial changes.
* Improved function documentation.
* Renamed find_bridge_transport_by_addrport() to
  find_transport_by_bridge_addrport().
* Sanitized log severities we use.
* Ran check-spaces.
2011-06-12 16:41:32 +02:00
George Kadianakis
29203b7f3f We can now connect using transports as well! 2011-06-12 00:14:11 +02:00
George Kadianakis
e09f302589 We can now match our transports with our bridges. 2011-06-11 23:20:39 +02:00
George Kadianakis
20c31c80fb ClientTransportPlugin parsing done. 2011-06-11 17:08:31 +02:00
Nick Mathewson
676608f9a6 Upgrade to the latest version of tinytest 2011-06-09 17:30:09 -04:00
Nick Mathewson
b2e7c356db Prefer tt_assert in unit tests, not tor_assert 2011-06-08 20:33:53 -04:00
Sebastian Hahn
8283767365 Fix a memleak in nodelist_assert_ok() 2011-06-08 21:38:42 +02:00
Sebastian Hahn
f303274490 Fix a rare memleak during stats writing
If rep_hist_buffer_stats_write() was called unitinitalized, we'd leak
memory.
2011-06-08 21:35:26 +02:00
Sebastian Hahn
680646e0de Don't use signed 1-bit bitfields
This was harmless, we never compared it to anything but itself or 0.
But Coverity complained, and it had a point.
2011-06-08 21:30:41 +02:00
Sebastian Hahn
9e56ac27da Comment out some obviously dead code.
Coverity warned about it, it's harmless to comment out.
2011-06-08 21:30:41 +02:00
Sebastian Hahn
e6fff7235e Remove a few dead assignments during router parsing 2011-06-08 21:30:40 +02:00
Sebastian Hahn
3033f8459b Remove a dead variable in the heartbeat code 2011-06-08 21:11:42 +02:00
Sebastian Hahn
ff75e8b02d Check some more return values in unit tests 2011-06-08 21:08:56 +02:00
Sebastian Hahn
db7dd3ee7a remove some dead code, found by coverity 2011-06-08 21:07:54 +02:00
Sebastian Hahn
3bf808c341 Fix a minor coverity-found bug in tests 2011-06-08 20:00:47 +02:00
Sebastian Hahn
da3256b5ae Update the uptime string to include an hours indicator
Before, it wasn't really obvious if one meant hours:minutes or
minutes:seconds etc.
2011-06-08 19:52:30 +02:00
Nick Mathewson
d696bd1bfc Fix crash bug (3361) when setting off-flavor networkstatus
When we set a networkstatus in the non-preferred flavor, we'd check
the time in the current_consensus.  But that might have been NULL,
which could produce a crash as seen in bug 3361.
2011-06-07 14:46:28 -04:00
Nick Mathewson
d25d08dc4d Merge remote-tracking branch 'asn2/bug3336' 2011-06-06 18:34:45 -04:00
Nick Mathewson
8cd5a3c186 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-06 16:20:22 -04:00
Nick Mathewson
9e3fc5f616 Merge branch 'bug3306_nm_squashed' into maint-0.2.2 2011-06-06 16:18:24 -04:00
Nick Mathewson
42e4e156d9 Detect insanely large circuit build state; don't give its length to rand_int 2011-06-06 16:18:06 -04:00
Nick Mathewson
5afab5ca19 Check maximum properly in crypto_rand_int()
George Kadianakis notes that if you give crypto_rand_int() a value
above INT_MAX, it can return a negative number, which is not what
the documentation would imply.

The simple solution is to assert that the input is in [1,INT_MAX+1].
If in the future we need a random-value function that can return
values up to UINT_MAX, we can add one.

Fixes bug 3306; bugfix on 0.2.2pre14.
2011-06-06 16:18:06 -04:00
George Kadianakis
9eab601f10 Add the heartbeat domain in log.c:domain_list[]
so that parse_log_domain() doesn't fail.
2011-06-05 21:27:53 +02:00
Roger Dingledine
96da10aace Merge branch 'maint-0.2.2' 2011-06-05 11:14:28 -04:00
Roger Dingledine
83e3975c8b Merge branch 'maint-0.2.1' into maint-0.2.2 2011-06-05 11:13:50 -04:00
Roger Dingledine
bf4b819aae move to the june 1 2011 maxmind geoip db 2011-06-05 11:12:28 -04:00
Robert Ransom
8a69cc0468 Report SIGNAL event to controllers when acting on delayed NEWNYM
Fixes bug 3349.
2011-06-05 05:43:27 -07:00
Robert Ransom
f45261cb29 Increase default required uptime for HSDirs to 25 hours 2011-06-03 12:17:53 -04:00
Robert Ransom
1546054d81 Add a VoteOnHidServDirectoriesV2 configuration option 2011-06-03 12:16:55 -04:00
Nick Mathewson
12f9c91c06 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 11:36:21 -04:00
Nick Mathewson
7aa20b20bf Merge branch 'bug3318c' into maint-0.2.2 2011-06-03 11:34:32 -04:00
Nick Mathewson
bbf2fee8ff Reject 128-byte keys that are not 1024-bit
When we added the check for key size, we required that the keys be
128 bytes.  But RSA_size (which defers to BN_num_bytes) will return
128 for keys of length 1017..1024.  This patch adds a new
crypto_pk_num_bits() that returns the actual number of significant
bits in the modulus, and uses that to enforce key sizes.

Also, credit the original bug3318 in the changes file.
2011-06-03 11:31:19 -04:00
Nick Mathewson
50e4c98a5a Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 11:18:03 -04:00
Nick Mathewson
14c0251d95 Use an autobool for UseBridges_ 2011-06-03 11:17:15 -04:00
Nick Mathewson
de069f5ea7 Merge remote-tracking branch 'rransom/bug2748-v2' into maint-0.2.2 2011-06-03 11:16:48 -04:00
Nick Mathewson
13ec1bf5c2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 10:47:35 -04:00
Nick Mathewson
507c1257a4 Add an "auto" option to UseBridges
UseBridges 1 now means "connect only to bridges; if you know no
bridges, don't make connections."  UseBridges auto means "Use bridges
if they are known, and we have no EntryNodes set, and we aren't a
server."  UseBridges 0 means "don't use bridges."
2011-06-02 15:11:21 -04:00
Nick Mathewson
587cc31140 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/rendclient.c
2011-06-02 15:07:08 -04:00
Nick Mathewson
80038b5453 Merge remote-tracking branch 'rransom-tor/bug3309' into maint-0.2.2 2011-06-02 15:06:04 -04:00
Nick Mathewson
6a320b9905 Merge remote-tracking branch 'origin/maint-0.2.2'
This merge was a bit nontrivial, since I had to write a new
node_is_a_configured_bridge to parallel router_is_a_configured_bridge.

Conflicts:
	src/or/circuitbuild.c
2011-06-02 13:05:00 -04:00
Nick Mathewson
0a4a3de3de Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/dirserv.c
2011-06-02 12:56:45 -04:00
Nick Mathewson
385c59798a Merge remote-tracking branch 'arma/bug3321' into maint-0.2.2 2011-06-02 12:55:56 -04:00
Sebastian Hahn
df42eb0a18 Fix unit test failure in dir/formats
options->DirPort is 0 in the unit tests, so
router_get_advertised_dir_port() would return 0 so we wouldn't pick a
dirport. This isn't what we want for the unit tests. Fixes bug
introduced in 95ac3ea594.
2011-06-02 13:44:33 +02:00
Robert Ransom
fc4158dad7 Add info-level log messages during HS-client-state purge
I hope these will never be useful, but having them and not needing them is
better than needing them and not having them.
2011-06-02 03:07:09 -07:00
Robert Ransom
d7af8a2f07 Refactor HS client state-clearing code into a separate function 2011-06-02 02:57:29 -07:00
Robert Ransom
b0e7925c02 Clear last_hid_serv_requests on SIGNAL NEWNYM
Fixes bug #3309.
2011-06-02 02:52:40 -07:00
Robert Ransom
a1d866edc9 Make last_hid_serv_requests functions less fragile
Previously, Tor would dereference a NULL pointer and crash if
lookup_last_hid_serv_request were called before the first call to
directory_clean_last_hid_serv_requests.  As far as I can tell, that's
currently impossible, but I want that undocumented invariant to go away
in case I^Wwe break it someday.
2011-06-02 02:52:40 -07:00
Robert Ransom
9ac2f63e0f Unbreak the build 2011-06-01 13:07:26 -04:00
Nick Mathewson
b73a662a26 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-01 11:11:31 -04:00
Gisle
1d8bcba067 Fix compile error in procmon.c
An elusive compile-error (MingW-gcc v4.50 on Win_XP); a missing
comma (!) and a typo ('err_msg' at line 277 changed to 'errmsg').
Aso changed the format for 'err_code' at line 293 into a "%ld" to suppress
a warning. How did this go unnoticed for ~1 month? Btw. This is my 1st ever
'git commit', so it better work.
2011-06-01 11:11:12 -04:00
Nick Mathewson
a610ebc3a6 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-01 11:08:28 -04:00
Nick Mathewson
0fd3ad75da Report wrong key sizes correctly
When we introduced NEED_KEY_1024 in routerparse.c back in
0.2.0.1-alpha, I forgot to add a *8 when logging the length of a
bad-length key.

Bugfix for 3318 on 0.2.0.1-alpha.
2011-06-01 11:07:17 -04:00
Roger Dingledine
7039c34519 fix a bridge edge case similar to 2511
If you had configured a bridge but then switched to a different bridge
via the controller, you would still be willing to use the old one.
2011-05-31 20:43:55 -04:00
Roger Dingledine
56771f392e stop asserting at boot
The patch for 3228 made us try to run init_keys() before we had loaded
our state file, resulting in an assert inside init_keys. We had moved
it too early in the function.

Now it's later in the function, but still above the accounting calls.
2011-05-30 23:50:37 -04:00
Nick Mathewson
d0e7c545ba Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 16:14:45 -04:00
Nick Mathewson
e035cea031 Merge branch 'bug3216_v2' into maint-0.2.2 2011-05-30 16:12:53 -04:00
Nick Mathewson
d274f539e5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 15:51:46 -04:00
Nick Mathewson
d35a555348 Merge branch 'bug3289' into maint-0.2.2 2011-05-30 15:50:35 -04:00
Sebastian Hahn
ca538290af Warn when two hs use the same directory
This simple implementation has a few issues, but it should do for
0.2.2.x. We will want to revisit this later and make it smarter.
2011-05-30 15:47:06 -04:00
Nick Mathewson
fa1d47293b Merge remote-tracking branch 'origin/maint-0.2.2'
The conflicts were mainly caused by the routerinfo->node transition.

Conflicts:
	src/or/circuitbuild.c
	src/or/command.c
	src/or/connection_edge.c
	src/or/directory.c
	src/or/dirserv.c
	src/or/relay.c
	src/or/rendservice.c
	src/or/routerlist.c
2011-05-30 15:41:46 -04:00
Roger Dingledine
f118dc80e0 minor cleanups while reviewing 3216 2011-05-30 15:31:06 -04:00
Nick Mathewson
7f0fb8e608 whitespace fixes 2011-05-30 15:21:06 -04:00
Nick Mathewson
7e67a24038 Merge branch 'bug3045' into maint-0.2.2
Conflicts:
	src/or/circuitbuild.c
2011-05-30 15:18:59 -04:00
Nick Mathewson
3c0d944b07 Improve comments and defensive programming for 3045
The comment fixes are trivial.  The defensive programming trick is to
tolerate receiving NULL inputs on the describe functions. That should
never actually happen, but it seems like the likeliest mistake for us
to make in the future.
2011-05-30 15:15:10 -04:00
Nick Mathewson
21de9d46e2 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/compat.c
	src/or/main.c
2011-05-30 14:58:26 -04:00
Nick Mathewson
da7c60dcf3 Merge remote-tracking branch 'public/bug3270' into maint-0.2.2 2011-05-30 14:49:49 -04:00
Nick Mathewson
5dc3c462dc Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 12:43:25 -04:00
Nick Mathewson
f08f0e9dde Reinit keys at the start of options_act().
Previously we did this nearer to the end (in the old_options &&
transition_affects_workers() block).  But other stuff cares about
keys being consistent with options... particularly anything which
tries to access a key, which can die in assert_identity_keys_ok().

Fixes bug 3228; bugfix on 0.2.2.18-alpha.
2011-05-30 12:41:46 -04:00
Nick Mathewson
4b57ec6e5e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/circuituse.c
2011-05-30 12:33:54 -04:00
Nick Mathewson
16cfca501f Merge branch 'bug1297a' into maint-0.2.2 2011-05-30 12:25:07 -04:00
Robert Ransom
8fc02a8e0c Use the normal four-hop CBT for client intro circuits
Fixes another part of bug 1297.
2011-05-30 12:24:51 -04:00
Robert Ransom
112d204fad Set timestamp_dirty on HS circuits as circuit_expire_building requires
Fixes part of #1297; bugfix on 48e0228f1e,
when circuit_expire_building was changed to assume that timestamp_dirty
was set when a circuit changed purpose to _C_REND_READY.  (It wasn't.)
2011-05-30 12:24:51 -04:00
Roger Dingledine
6917728637 Merge branch 'maint-0.2.2' 2011-05-29 19:11:07 -04:00
Roger Dingledine
5f182ea10e answer an XXX nickm asked in aa950e6c4 2011-05-29 18:52:37 -04:00
Nick Mathewson
285cf998bc Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/eventdns.c
2011-05-28 02:09:48 -04:00
Nick Mathewson
c319949550 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-05-28 02:08:39 -04:00
Nick Mathewson
ee72557d52 Merge branch 'bug2574' into maint-0.2.1 2011-05-28 02:07:48 -04:00
Nick Mathewson
8e09f7cf10 Fix a -Wunused-but-set-variable instance in master 2011-05-28 01:57:38 -04:00
Nick Mathewson
42b15a0aaa Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-28 01:55:34 -04:00
Robert Ransom
39480c7978 Correct some outdated comments 2011-05-24 22:20:12 -07:00
Nick Mathewson
0e1fad648d Don't try to build descriptors when router_get_advertised_or_port()==0
The previous attempt was incomplete: it told us not to publish a
descriptor, but didn't stop us from generating one.  Now we treat an
absent OR port the same as not knowing our address.  (This means
that when we _do_ get an OR port, we need to mark the descriptor
dirty.)

More attempt to fix bug3216.
2011-05-24 18:05:37 -04:00
Nick Mathewson
95ac3ea594 Don't build descriptors if ORPort auto is set and we have no OR listener
This situation can happen easily if you set 'ORPort auto' and
'AccountingMax'.  Doing so means that when you have no ORPort, you
won't be able to set an ORPort in a descriptor, so instead you would
just generate lots of invalid descriptors, freaking out all the time.

Possible fix for 3216; fix on 0.2.2.26-beta.
2011-05-24 21:12:23 +02:00
Nick Mathewson
be76850995 Work correctly if your nameserver is ::1
We had all the code in place to handle this right... except that we
were unconditionally opening a PF_INET socket instead of looking at
sa_family.  Ow.

Fixes bug 2574; not a bugfix on any particular version, since this
never worked before.
2011-05-23 17:42:38 -04:00
Nick Mathewson
a5232e0c4c Fix GCC 4.6's new -Wunused-but-set-variable warnings.
Most instances were dead code; for those, I removed the assignments.
Some were pieces of info we don't currently plan to use, but which
we might in the future.  For those, I added an explicit cast-to-void
to indicate that we know that the thing's unused.  Finally, one was
a case where we were testing the wrong variable in a unit test.
That one I fixed.

This resolves bug 3208.
2011-05-23 17:04:38 -04:00
Nick Mathewson
57810c333a Remove the -F option from tor-resolve.
It used to mean "Force": it would tell tor-resolve to ask tor to
resolve an address even if it ended with .onion.  But when
AutomapHostsOnResolve was added, automatically refusing to resolve
.onion hosts stopped making sense.  So in 0.2.1.16-rc (commit
298dc95dfd), we made tor-resolve happy to resolve anything.

The -F option stayed in, though, even though it didn't do anything.
Oddly, it never got documented.

Found while fixing GCC 4.6 "set, unused variable" warnings.
2011-05-23 16:59:41 -04:00
Nick Mathewson
6f200b61b7 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-23 02:16:25 -04:00
Robert Ransom
6cac100b13 Unbreak the build on libevent 1.x systems 2011-05-22 22:54:02 -07:00
Nick Mathewson
2527acb2dc Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/Makefile.am
	src/or/control.c
2011-05-23 01:23:53 -04:00
Nick Mathewson
b80a8bba19 Merge branch 'feature3049-v2' into maint-0.2.2
Conflicts:
	src/common/Makefile.am
2011-05-23 01:19:04 -04:00
Nick Mathewson
1e69c60dcc The first argument for a libevent callback should be evutil_socket_t 2011-05-23 01:12:00 -04:00
Nick Mathewson
93b699e1ea Appease make check-spaces wrt procmon.h 2011-05-23 01:10:49 -04:00
Nick Mathewson
cfeafe5e77 Use a 64-bit type to hold sockets on win64.
On win64, sockets are of type UINT_PTR; on win32 they're u_int;
elsewhere they're int.  The correct windows way to check a socket for
being set is to compare it with INVALID_SOCKET; elsewhere you see if
it is negative.

On Libevent 2, all callbacks take sockets as evutil_socket_t; we've
been passing them int.

This patch should fix compilation and correctness when built for
64-bit windows.  Fixes bug 3270.
2011-05-23 00:17:48 -04:00
Roger Dingledine
af0e8d834e don't mark our descriptor dirty if our onion key hasn't changed 2011-05-21 19:23:27 -04:00
Roger Dingledine
1ba1bdee4b naked constants are ugly 2011-05-21 18:55:23 -04:00
Roger Dingledine
6b54edef4f finish a comment nickm started in 8ebceeb3 2011-05-21 18:34:55 -04:00
Roger Dingledine
cb7fff193e Merge branch 'maint-0.2.2' 2011-05-21 18:14:16 -04:00
Roger Dingledine
0e8949a8fa remove some (confusing) dead code 2011-05-21 16:12:37 -04:00
Roger Dingledine
0235fe34d2 Merge branch 'bug1810' into maint-0.2.2 2011-05-21 16:09:55 -04:00
Sebastian Hahn
3ff7925a70 Don't recreate descriptor on sighup
We used to regenerate our descriptor whenever we'd get a sighup. This
was caused by a bug in options_transition_affects_workers() that would
return true even if the options were exactly the same. Down the call
path we'd call init_keys(), which made us make a new descriptor which
the authorities would reject, and the node would subsequently fall out
of the consensus.

This patch fixes only the first part of this bug:
options_transition_affects_workers() behaves correctly now. The second
part still wants a fix.
2011-05-21 16:08:21 -04:00
Roger Dingledine
a2851d3034 what's up with this trailing whitespace 2011-05-20 23:30:37 -04:00
Robert Ransom
7b34e3a965 Split out owning-controller-loss shutdown code into a function 2011-05-20 08:25:43 -07:00
Robert Ransom
bb860cedb2 Implement TAKEOWNERSHIP command 2011-05-20 08:25:43 -07:00
Robert Ransom
338a026610 Split control connection cleanup out of connection_free 2011-05-20 08:25:42 -07:00
Robert Ransom
86aeb152ca Fix comment typo 2011-05-20 08:25:42 -07:00
Robert Ransom
36afdebe1a Add an XXX 2011-05-20 08:25:42 -07:00
Robert Ransom
90f810801e Fix trailing asterisk in the output of "GETINFO info/names" 2011-05-20 08:25:42 -07:00
Robert Ransom
b3133d1cad Exit immediately if we can't monitor our owning controller process
tor_process_monitor_new can't currently return NULL, but if it ever can,
we want that to be an explicitly fatal error, without relying on the fact
that monitor_owning_controller_process's chain of caller will exit if it
fails.
2011-05-20 08:25:42 -07:00
Robert Ransom
0caa37db4d Fix some comments 2011-05-20 08:25:42 -07:00
Robert Ransom
4b266c6e72 Implement __OwningControllerProcess option
Implements part of feature 3049.
2011-05-20 08:25:42 -07:00
Roger Dingledine
0a4649e657 Merge branch 'maint-0.2.2' 2011-05-20 03:03:46 -04:00
Roger Dingledine
b8ffb00cf1 log the reason for publishing a new relay descriptor
now we have a better chance of hunting down the root cause of bug 1810.
2011-05-19 23:59:52 -04:00
Sebastian Hahn
c13fb7feb1 Fix a compile warning on OSX 10.6 2011-05-20 05:53:55 +02:00
Roger Dingledine
18f1b354ec Merge branch 'maint-0.2.2' 2011-05-17 21:15:24 -04:00
Roger Dingledine
073fed06c4 discard circuits when we change our bridge configuration
otherwise we might reuse circuits from the previous configuration,
which could be bad depending on the user's situation
2011-05-17 21:13:59 -04:00
Roger Dingledine
92081f3cdc Merge branch 'maint-0.2.2' 2011-05-17 20:50:18 -04:00
Roger Dingledine
07c5026efa refetch bridge descriptors in a timely fashion
When we configure a new bridge via the controller, don't wait up to ten
seconds before trying to fetch its descriptor. This wasn't so bad when
you listed your bridges in torrc, but it's dreadful if you configure
your bridges via vidalia.
2011-05-17 20:48:46 -04:00
Nick Mathewson
c240efab86 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-17 19:53:06 -04:00
Nick Mathewson
bc89ef0ca8 Merge branch 'bug2752' into maint-0.2.2 2011-05-17 19:51:53 -04:00
Nick Mathewson
e0e8424f1e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-17 19:47:48 -04:00
Nick Mathewson
21ed575826 Handle NULL argument to get_configured_bridge_by_addr_port_digest
Fixes bug 2313; bugfix on 0.2.2.26-beta.
2011-05-17 19:46:47 -04:00
Nick Mathewson
2e07925a52 Oops; that function got renamed. 2011-05-17 19:45:05 -04:00
Robert Ransom
480a75cbbd Check onion keys in microdescriptors, too 2011-05-17 19:39:00 -04:00
Michael Yakubovich
a3707a1052 Fix bug2752 : 48-char HTTPProxyAuthenticator limitation
Bumped the char maximum to 512 for HTTPProxyAuthenticator &
HTTPSProxyAuthenticator. Now stripping all '\n' after base64
encoding in alloc_http_authenticator.
2011-05-16 16:09:35 -04:00
Nick Mathewson
03ccce6d77 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-16 14:50:53 -04:00
Nick Mathewson
e908e3a332 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Fixed trivial conflict due to headers moving into their own .h files
from or.h.

Conflicts:
	src/or/or.h
2011-05-16 14:49:55 -04:00
Nick Mathewson
4a22046c86 squash! Add crypto_pk_check_key_public_exponent function
Rename crypto_pk_check_key_public_exponent to crypto_pk_public_exponent_ok:
it's nice to name predicates s.t. you can tell how to interpret true
and false.
2011-05-16 14:45:06 -04:00
Robert Ransom
987190c2bc Require that certain public keys have public exponent 65537 2011-05-16 14:28:46 -04:00
Robert Ransom
d2629f78a0 Add crypto_pk_check_key_public_exponent function 2011-05-16 14:07:34 -04:00
Robert Ransom
7571e9f1cb Check fetched rendezvous descriptors' service IDs 2011-05-16 14:07:24 -04:00
Nick Mathewson
e423447f53 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection.c
2011-05-16 11:12:22 -04:00
Nick Mathewson
919bf6ff3c Merge remote-tracking branch 'public/bug2850' into maint-0.2.2
Fixed a trivial conflict where this and the ControlSocketGroupWritable
code both added different functions to the same part of connection.c.

Conflicts:
	src/or/connection.c
2011-05-16 11:10:17 -04:00
Nick Mathewson
de8e0ef0bd Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 22:15:06 -04:00
Nick Mathewson
83fe07d3f2 Increase the length of the buffer in smartlist_string_num_isin().
This was harmless, since we only used this for checking for lists of
port values, but it's the principle of the thing.

Fixes 3175; bugfix on 0.1.0.1-rc
2011-05-15 22:13:53 -04:00
Nick Mathewson
b95dd03e5f Log descriptions of nodes, not just nicknames.
This patch introduces a few new functions in router.c to produce a
more helpful description of a node than its nickame, and then tweaks
nearly all log messages taking a nickname as an argument to call these
functions instead.

There are a few cases where I left the old log messages alone: in
these cases, the nickname was that of an authority (whose nicknames
are useful and unique), or the message already included an identity
and/or an address.  I might have missed a couple more too.

This is a fix for bug 3045.
2011-05-15 21:58:46 -04:00
Nick Mathewson
4ac8ff9c9f Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:22:44 -04:00
Nick Mathewson
f72e792be5 Make check_private_dir check for group ownership as appropriate 2011-05-15 20:20:30 -04:00
Nick Mathewson
287f6cb128 Fix up some comment issues spotted by rransom 2011-05-15 20:20:30 -04:00
Nick Mathewson
4b800408fa Check permissions on the directory holding a control socket 2011-05-15 20:20:29 -04:00
Nick Mathewson
5d147d8527 Add a new flag to check_private_dir to make it _not_ change permissions
We'll need this for checking permissions on the directories that hold
control sockets: if somebody says "ControlSocket ~/foo", it would be
pretty rude to do a chmod 700 on their homedir.
2011-05-15 20:20:29 -04:00
Nick Mathewson
3b6cbf2534 Add a function to pull off the final component of a path 2011-05-15 20:20:29 -04:00
Nick Mathewson
b147c01295 Make check_private_dir accept g+rx dirs if told to do so. 2011-05-15 20:20:29 -04:00
Sebastian Hahn
4198261291 Clean up the 2972 implementation a little 2011-05-15 20:20:28 -04:00
Jérémy Bobbio
d41ac64ad6 Add UnixSocketsGroupWritable config flag
When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel.  But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.

This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.

See <http://bugs.debian.org/552556> for more details.
2011-05-15 20:20:28 -04:00
Nick Mathewson
f2c1702182 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/circuitbuild.h
2011-05-15 20:17:17 -04:00
Nick Mathewson
2b9c5ee301 Preserve bridge download status across SETCONF, HUP
This code changes it so that we don't remove bridges immediately when
we start re-parsing our configuration.  Instead, we mark them all, and
remove all the marked ones after re-parsing our bridge lines.  As we
add a bridge, we see if it's already in the list.  If so, we just
unmark it.

This new behavior will lose the property we used to have that bridges
were in bridge_list in the same order in which they appeared in the
torrc.  I took a quick look through the code, and I'm pretty sure we
didn't actually depend on that anywhere.

This is for bug 3019; it's a fix on 0.2.0.3-alpha.
2011-05-15 20:13:44 -04:00
Nick Mathewson
aa8db013e4 Fixup whitespace issues from 3122 commit in 0.2.3 2011-05-15 20:13:12 -04:00
Nick Mathewson
68acfefbdb Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:12:20 -04:00
Nick Mathewson
bc44393eb5 Fixup whitespace issues from 3122 commit 2011-05-15 20:12:01 -04:00
Nick Mathewson
4c3853aca8 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/networkstatus.c
2011-05-15 20:09:10 -04:00
Nick Mathewson
00ff80e0ae Fixup whitespace issues from 3122 commit 2011-05-15 20:06:36 -04:00
Nick Mathewson
ced06a8009 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 19:56:40 -04:00
Nick Mathewson
d29c2eb921 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-05-15 19:56:27 -04:00
Nick Mathewson
10d670674a Another doc tweak on tor_memcmp: <b>b</b>, not <b>. 2011-05-15 19:56:05 -04:00
Roger Dingledine
b48f83ab8c minor tweaks to 4b19730c82 2011-05-15 19:20:42 -04:00
Nick Mathewson
1f7b9e61ce Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 12:18:39 -04:00
Nick Mathewson
69ff26b05c Merge branch 'bug3026' into maint-0.2.2 2011-05-15 12:18:23 -04:00
Nick Mathewson
37e3fb8af2 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection_edge.c
2011-05-15 11:44:51 -04:00
Nick Mathewson
f287100934 Replace a nasty add-malloc-snprintf with a nice clean asprintf 2011-05-15 11:41:49 -04:00
Nick Mathewson
a5d40c2d0f Merge branch 'bug1345' into maint-0.2.2 2011-05-15 11:40:14 -04:00
Nick Mathewson
2bb6bdc3f9 Better doc for consider_recording_trackexithost 2011-05-15 11:37:33 -04:00
Nick Mathewson
2fd9cfdc23 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/routerlist.c
2011-05-15 11:23:02 -04:00
Nick Mathewson
228b77f64e Merge branch 'bug2732-simpler' into maint-0.2.2 2011-05-15 11:17:54 -04:00
Nick Mathewson
1b512fb914 Rip out more of hid_serv_acting_as_directory
rransom notes correctly that now that we aren't checking our HSDir
flag, we have no actual reason to check whether we are listed in the
consensus at all when determining if we should act like a hidden
service directory.
2011-05-15 11:17:44 -04:00
Nick Mathewson
f11c269ed6 Merge remote-tracking branch 'asn-mytor/heartbeat' 2011-05-15 11:07:06 -04:00
George Kadianakis
ce3b553926 Fix bug3183 2011-05-15 03:13:52 +02:00
Nick Mathewson
da8297dbcb Handle transitions in Automap*, VirtualAddrNetwork correctly
Previously, if they changed in torrc during a SIGHUP, all was well,
since we would just clear all transient entries from the addrmap
thanks to bug 1345.  But if you changed them from the controller, Tor
would leave old mappings in place.

The VirtualAddrNetwork bug has been here since 0.1.1.19-rc; the
AutomapHosts* bug has been here since 0.2.0.1-alpha.
2011-05-13 16:59:31 -04:00
Nick Mathewson
a3ae591115 When TrackExitHosts changes, remove all no-longer-valid mappings
This bug couldn't happen when TrackExitHosts changed in torrc, since
the SIGHUP to reload the torrc would clear out all the transient
addressmap entries before.  But if you used SETCONF to change
TrackExitHosts, old entries would be left alone: that's a bug, and so
this is a bugfix on Tor 0.1.0.1-rc.
2011-05-13 16:28:50 -04:00
Nick Mathewson
ec81d17d0c Raise the TrackHostExits membership code into its own function 2011-05-13 16:22:10 -04:00
Nick Mathewson
09da83e1e8 Don't clear out transient addressmap entries on HUP
If you really want to purge the client DNS cache, the TrackHostExits
mappings, and the virtual address mappings, you should be using NEWNYM
instead.

Fixes bug 1345; bugfix on Tor 0.1.0.1-rc.

Note that this needs more work: now that we aren't nuking the
transient addressmap entries on HUP, we need to make sure that
configuration changes to VirtualAddressMap and TrackHostExits actually
have a reasonable effect.
2011-05-13 16:20:01 -04:00
Nick Mathewson
2253697a04 New smartlist function to see if two lists of strings are equal.
We'll use this to detect changes in CSV options.
2011-05-13 16:18:53 -04:00
Nick Mathewson
600744b4be Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/dirserv.c
	src/or/or.h
2011-05-13 10:48:07 -04:00
Nick Mathewson
7f654a6a6f Add a ControlPortFileGroupWritable option 2011-05-13 10:41:29 -04:00
Nick Mathewson
dad12188a6 Write automatically-chosen control ports to a file. 2011-05-13 10:41:28 -04:00
Nick Mathewson
c55c8f0d49 new GETINFO command to return list of listeners of a given type 2011-05-13 10:41:19 -04:00
Nick Mathewson
28cc7b0180 Add a new "tor_sockaddr_to_str()" function
It does what it says on the tin.  It turns out I'll want this in a couple
of places.
2011-05-13 10:41:18 -04:00
Nick Mathewson
3da661b242 Advertise correct DirPort/ORPort when configured with "auto"
We'll eventually want to do more work here to make sure that the ports
are stable over multiple invocations.  Otherwise, turning your node on
and off will get you a new DirPort/ORPort needlessly.
2011-05-13 10:41:18 -04:00
Nick Mathewson
6f5998fd73 Correct the signature for is_listening_on_low_port for "auto" ports 2011-05-13 10:41:18 -04:00
Nick Mathewson
61c06cbc66 Teach retry_listener about "auto" ports.
Otherwise, it will just immediately close any port declared with "auto"
on the grounds that it wasn't configured.  Now, it will allow "auto" to
match any port.

This means FWIW if you configure a socks port with SocksPort 9999
and then transition to SocksPort auto, the original socksport will
not get closed and reopened.  I'm considering this a feature.
2011-05-13 10:41:18 -04:00
Nick Mathewson
5fec8fe559 "(Socks|Control|etc)Port auto" now tells Tor to open an arbitrary port
This is the major part of the implementation for trac issue 3076.
2011-05-13 10:41:18 -04:00
Nick Mathewson
87c79cf017 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 19:41:59 -04:00
Nick Mathewson
e0d5a6e184 Downgrade the "we launched 10 circuits for this stream" message. (See bug 3080) 2011-05-12 19:41:08 -04:00
Nick Mathewson
af85017177 Merge remote-tracking branch 'public/bug3122_memcmp_023' 2011-05-12 19:27:18 -04:00
Nick Mathewson
59a6df8882 Merge remote-tracking branch 'public/bug3122_memcmp_022' into maint-0.2.2 2011-05-12 19:25:14 -04:00
Nick Mathewson
1f678277a1 Merge remote-tracking branch 'public/bug3122_memcmp_squashed' into maint-0.2.1 2011-05-12 19:20:40 -04:00
Nick Mathewson
696cd1cfe2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 18:51:33 -04:00
mikey99
42fcf059d2 Fixes ticket #2503
HTTPS error code 403 is now reported as:
"The https proxy refused to allow connection".
Used a switch statement for additional error codes to be explained
in the future.
2011-05-12 17:33:09 -04:00
Nick Mathewson
621e95a4f3 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 11:21:59 -04:00
Nick Mathewson
bdff7e3299 Unmap microdesc cache before replacing it.
If we do a replace-then-munmap, windows will never actually rewrite
the microdesc cache.

Found by wanoskarnet; bugfix on 0.2.2.6-alpha.
2011-05-12 11:19:52 -04:00
Nick Mathewson
4ba9f3e317 Track where microdescs are referenced to prevent free errs
On IRC, wanoskarnet notes that if we ever do microdesc_free() on a
microdesc that's in the nodelist, we're in trouble.  Also, we're in
trouble if we free one that's still in the microdesc_cache map.

This code adds a flag to microdesc_t to note where the microdesc is
referenced from, and checks those flags from microdesc_free().  I
don't believe we have any errors here now, but if we introduce some
later, let's log and recover from them rather than introducing
heisenbugs later on.

Addresses bug 3153.
2011-05-12 11:10:35 -04:00
Robert Ransom
c714a098ea Improve a documentation comment 2011-05-12 02:57:09 -07:00
Robert Ransom
cb9df5e53c Fix comment typo 2011-05-12 00:27:19 -07:00
Nick Mathewson
7779c63e93 Accept hs descriptors even if we don't see an HSDir for us
The old behavior contributed to unreliability when hidden services and
hsdirs had different consensus versions, and so had different opinions
about who should be cacheing hsdir info.

Bugfix on 0.2.0.10-alpha; based on discussions surrounding bug 2732.
2011-05-12 00:53:07 -04:00
Nick Mathewson
6b83b3ba2a bug 3026: do not upload our vote to ourself 2011-05-12 00:47:00 -04:00
Nick Mathewson
3968e8d14b Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 00:14:44 -04:00
Nick Mathewson
b47f574c1e Merge branch 'bug1352' into maint-0.2.2 2011-05-12 00:14:10 -04:00
Nick Mathewson
7649adbce6 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-11 22:55:29 -04:00
Nick Mathewson
8057b7363e Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-05-11 22:52:26 -04:00
Nick Mathewson
13847b8db6 Fix crash when read_file_to_string() fails in SAVECONF
The new behavior is to try to rename the old file if there is one there
that we can't read.  In all likelihood, that will fail too, but at least
we tried, and at least it won't crash.
2011-05-11 22:05:41 -04:00
Nick Mathewson
9e16a418f9 Hand-tune the new tor_memcmp instances in 0.2.3 2011-05-11 16:46:38 -04:00
Nick Mathewson
7267647bd7 Reapply the automated memcmp conversion to 0.2.3 to catch newly added memcmps 2011-05-11 16:41:14 -04:00
Nick Mathewson
9fba014e3f Merge remote-tracking branch 'public/bug3122_memcmp_022' into bug3122_memcmp_023
Conflicts in various places, mainly node-related.  Resolved them in
favor of HEAD, with copying of tor_mem* operations from bug3122_memcmp_022.

	src/common/Makefile.am
	src/or/circuitlist.c
	src/or/connection_edge.c
	src/or/directory.c
	src/or/microdesc.c
	src/or/networkstatus.c
	src/or/router.c
	src/or/routerlist.c
	src/test/test_util.c
2011-05-11 16:39:45 -04:00
Nick Mathewson
8fb38331c3 Hand-tune the new tor_memcmp instances in 0.2.2 2011-05-11 16:32:30 -04:00
Nick Mathewson
0cbcbc3412 Re-apply the automated conversion to 0.2.2 to make handle any memcmps that snuck in 2011-05-11 16:27:27 -04:00
Nick Mathewson
9964c314c6 fwd-port test_util_di_ops into tinytest format 2011-05-11 16:25:51 -04:00
Nick Mathewson
44ad734573 Merge remote-tracking branch 'public/3122_memcmp_squashed' into bug3122_memcmp_022
Conflicts throughout.  All resolved in favor of taking HEAD and
adding tor_mem* or fast_mem* ops as appropriate.

	src/common/Makefile.am
	src/or/circuitbuild.c
	src/or/directory.c
	src/or/dirserv.c
	src/or/dirvote.c
	src/or/networkstatus.c
	src/or/rendclient.c
	src/or/rendservice.c
	src/or/router.c
	src/or/routerlist.c
	src/or/routerparse.c
	src/or/test.c
2011-05-11 16:24:29 -04:00
Nick Mathewson
59f9097d5c Hand-conversion and audit phase of memcmp transition
Here I looked at the results of the automated conversion and cleaned
them up as follows:

   If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
   changed it to a fast_memcmp or fast_memeq.

   Otherwise if there was a tor_memcmp that could turn into a
   tor_memneq or tor_memeq, I converted it.

This wants close attention.

[*] I'm erring on the side of caution here, and leaving some things
as tor_memcmp that could in my opinion use the data-dependent
fast_memcmp variant.
2011-05-11 16:12:51 -04:00
Nick Mathewson
db7b2a33ee Automated conversion of memcmp to tor_memcmp/tor_mem[n]eq
This commit is _exactly_ the result of

perl -i -pe 's/\bmemcmp\(/tor_memcmp\(/g' src/*/*.[ch]
perl -i -pe 's/\!\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*==\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*!=\s*tor_memcmp\(/tor_memneq\(/g' src/*/*.[ch]
git checkout src/common/di_ops.[ch]
git checkout src/or/test.c
git checkout src/common/test.h
2011-05-11 16:12:51 -04:00
Nick Mathewson
1d703ed22b Add a "di_ops.h" include to util.h 2011-05-11 16:12:51 -04:00
Nick Mathewson
4b19730c82 Add a data-independent variant of memcmp and a d-i memeq function.
The tor_memcmp code is by Robert Ransom, and the tor_memeq code is
by me.  Both incorporate some ideas from DJB's stuff.
2011-05-11 16:12:33 -04:00
Roger Dingledine
6d5478a8a7 Merge branch 'maint-0.2.2' 2011-05-10 23:06:12 -04:00
Roger Dingledine
7206d784dc Merge branch 'maint-0.2.1' into maint-0.2.2 2011-05-10 23:05:51 -04:00
Roger Dingledine
e7b10e5ecf Update to the May 1 2011 Maxmind GeoLite Country database 2011-05-10 23:04:11 -04:00
Robert Ransom
b7452dcbcb Fix comment typo 2011-05-10 05:15:02 -07:00
Nick Mathewson
e6980faec4 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/directory.c
2011-05-09 13:39:51 -04:00
Nick Mathewson
09d7af7789 Merge remote-tracking branch 'public/bug3022_v2' into maint-0.2.2 2011-05-09 13:37:56 -04:00
Nick Mathewson
acd6a4856b Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection.c
2011-05-09 13:36:40 -04:00
Sebastian Hahn
9da4e25183 Remove some dead code, found by clang 2011-05-09 13:19:46 -04:00
Sebastian Hahn
d7d25558fa Remove a duplicated line, found by clang 2011-05-09 13:19:46 -04:00
Sebastian Hahn
1c668540fe Fix potential null pointer deref during dirvote
Found by using clang's analyzer.
2011-05-09 13:19:46 -04:00
Sebastian Hahn
1827e60976 Fix a potential null deref when rebuilding md cache
Issue discovered using clang's static analyzer
2011-05-09 13:19:45 -04:00
Sebastian Hahn
8ebb3ce6e2 CONN_LOG_PROTECT()'s first argument may not be 0
Make that explicit by adding an assert and removing a null-check. All of
its callers currently depend on the argument being non-null anyway.
Silences a few clang complaints.
2011-05-09 13:19:45 -04:00
Sebastian Hahn
80e57af50f Appease clang - and my tortured mind
This possible div by 0 warning from clang's analyzer was quite fun to
track down. Turns out the current behaviour is safe.
2011-05-09 13:19:45 -04:00
Sebastian Hahn
58a16a4d6f Add an assert to un-confuse clang's analyzer
The analyzer assumed that bootstrap_percent could be less than 0 when we
call control_event_bootstrap_problem(), which would mean we're calling
log_fn() with undefined values. The assert makes it clear this can't
happen.
2011-05-09 13:19:44 -04:00
Sebastian Hahn
532c13693e Fix a docstring 2011-05-09 13:19:44 -04:00
Sebastian Hahn
e36f9d1d9b Link to libevent_openssl statically when requested
When configure tor with --enable-bufferevents and
--enable-static-libevent, libevent_openssl would still be linked
dynamically. Fix this and refactor src/or/Makefile.am along the way.
2011-05-06 15:38:32 +02:00
Nick Mathewson
a740994c77 Fix check-spaces issues in master 2011-05-05 21:56:52 -04:00
Nick Mathewson
1065a5ef29 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-05 21:54:04 -04:00
Nick Mathewson
330116f034 Fix up some check-spaces issues 2011-05-05 21:53:46 -04:00
Nick Mathewson
85ddc76bf1 Make microdesc use off-by-default for now, since there are not enough caches 2011-05-05 20:54:14 -04:00
Nick Mathewson
9d4c32dd2f Now that 0.2.3.1-alpha is out, require it for microdesc fetches 2011-05-05 20:54:14 -04:00
Nick Mathewson
711100c597 Move dummy authority.z fetch out of update_router_descriptor_downloads
To make sure that a server learns if its IP has changed, the server
sometimes launches authority.z descriptor fetches from
update_router_descriptor_downloads.  That's nice, but we're moving
towards a situation where update_router_descriptor_downloads doesn't
always get called.  So this patch breaks the authority.z
check-and-fetch into a new function.

This function also renames last_routerdesc_download to a more
appropriate last_descriptor_download, and adds a new
update_all_descriptor_downloads() function.

(For now, this is unnecessary, since servers don't actually use
microdescriptors.  But that could change, or bridges could start
using microdescriptors, and then we'll be glad this is refactored
nicely.)
2011-05-05 20:54:13 -04:00
Nick Mathewson
4cc348e896 Code to make clients fetch and use microdescriptors for circuit building
To turn this on, set UseMicrodescriptors to "1" (or "auto" if you
want it on-if-you're-a-client).  It should go auto-by-default once
0.2.3.1-alpha is released.

Because of our node logic, directory caches will never use
microdescriptors when they have the right routerinfo available.
2011-05-05 20:54:12 -04:00
Nick Mathewson
3df22887a3 Replace _AUTHORITY enum values with _DIRINFO values (automted) 2011-05-05 20:54:12 -04:00
Nick Mathewson
6e58575767 Automated rename from authority_type_t to dirinfo_type_t
We were already overloading this type to mean "a directory that can
serve us X" in addition to "a directory that is an authority for X."
2011-05-05 20:54:11 -04:00
Nick Mathewson
ba1143e468 Add a new configuration type, "AUTOBOOL", to handle 1/0/auto types
We only have one of these now, but I'm about to add a few more.

Yes, I have already thought of the "Filenotfoundian logic" joke.
2011-05-05 20:54:11 -04:00
Nick Mathewson
08e6bd0ed1 Increment version to 0.2.3.1-alpha-dev 2011-05-05 15:15:20 -04:00
Nick Mathewson
5ed719fd6c Increment version to 0.2.3.1-alpha 2011-05-05 13:42:03 -04:00
Nick Mathewson
d8cb4f9f0c Use read_all() to read messages from spawn_background
Using read() is an invitation to get some of the data you want, not all.

Possible fix for bug 2462
2011-05-04 23:32:18 -04:00
Nick Mathewson
08efa70c41 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-04 23:29:56 -04:00
Nick Mathewson
9583a534ac Merge remote-tracking branch 'rransom/bug3106' into maint-0.2.2 2011-05-04 23:18:47 -04:00
Robert Ransom
66339f74b4 Handle crypto_pk_get_digest failures semi-sensibly
Fixes bug 3106.
2011-05-04 20:06:24 -07:00
Nick Mathewson
7de3a19497 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-04 20:33:38 -04:00
Nick Mathewson
ab1460f3ae Merge remote-tracking branch 'sebastian/win_warning' into maint-0.2.2 2011-05-04 20:33:16 -04:00
Sebastian Hahn
9a490bb53b Fix compile warning on windows 2011-05-05 02:22:46 +02:00
Nick Mathewson
aba7bb705a Set SO_REUSEADDR on all sockets, not just listeners
See bug 2850 for rationale: it appears that on some busy exits, the OS
decides that every single port is now unusable because they have been
all used too recently.
2011-05-03 22:22:20 -04:00
Nick Mathewson
fac99f01da Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-03 21:54:18 -04:00
Nick Mathewson
4126de6888 Fix circuit_list_path_impl(): internal circuits do not have an "exit". Trivial fix for 3079. 2011-05-03 21:53:59 -04:00
Nick Mathewson
599d1b62b4 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/main.c
	src/or/microdesc.c
2011-05-03 17:30:58 -04:00
Nick Mathewson
68ae5afa5a Change who calls microdesc_cache_rebuild().
Previously we ensured that it would get called periodically by doing
it from inside the code that added microdescriptors.  That won't work
though: it would interfere with our code that tried to read microdescs
from disk initially.  Instead, we should consider rebuilding the cache
periodically, and on startup.
2011-05-03 17:28:28 -04:00
Nick Mathewson
865d53be54 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/microdesc.c
2011-05-03 17:19:35 -04:00
Nick Mathewson
cb6c909664 Rebuild the microdesc cache when a sufficient number of bytes are dropped
Previously on 0.2.2, we'd never clean the cache.  Now that we can
clean it, we want to add a condition to rebuild it: that should happen
whenever we have dropped enough microdescriptors that we could save a
lot of space.

No changes file, since 0.2.3 doesn't need one and 0.2.2 already has some
changes files for the backport of the microdesc_clean_cahce() function.
2011-05-03 17:03:49 -04:00
Nick Mathewson
56fbd728c2 Backport microdesc_cache_clean to 0.2.2
Otherwise we have no way to keep authorities' microdesc caches in 0.2.2
from growing without bound.
2011-05-03 16:45:15 -04:00
Nick Mathewson
1f97e8322f Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/microdesc.c
2011-05-03 16:33:41 -04:00
Nick Mathewson
970715dd8f Fix a check for when to rebuild the microdesc cache. (Backport from 0.2.3. 2011-05-03 16:29:39 -04:00
Nick Mathewson
698fa0fc67 Add missing code to set cache->journal_len when reading microdesc journal
This could be one reason that authorities' journals would grow without
bound; related to bug 2230. Bugfix on 0.2.2.6-alpha.  Fix by
"cypherpunks".
2011-05-03 16:22:31 -04:00
Sebastian Hahn
47a2e5a9ce Don't choose exit nodes without desc available
n_supported[i] has a random value prior to initialization, so a node
that doesn't have routerinfo available can have a random priority.

Patch contributed by wanoskarnet from #tor. Thanks!
2011-04-30 22:03:51 +02:00
Nick Mathewson
c48d6da24c Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-29 11:15:11 -04:00
Nick Mathewson
dbd73b9689 Clean up a warning a bit 2011-04-29 11:14:53 -04:00
Nick Mathewson
4f7587a5ed Tweak the startup message to be more helpful
Instead of just saying "boogity boogity!" let's actually warn people
that they need to configure stuff right to be safe, and point them
at instructions for how to do that.

Resolves bug 2474.
2011-04-28 22:00:22 -04:00
Nick Mathewson
bcdffc0f80 Rate-limit v2 networkstatus download fail warnings
This fixes part of 1352.  We don't care deeply about these warnings,
since v2 networkstatuses aren't a big deal.
2011-04-28 21:25:24 -04:00
Nick Mathewson
50c6b55757 Rename connection_dir_download_networkstatus_failed: be clear that it means v2 2011-04-28 21:23:32 -04:00
Nick Mathewson
20d6ac3530 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 21:17:51 -04:00
Nick Mathewson
f0d9e2d650 Merge remote-tracking branch 'arma/bug3012' into maint-0.2.2 2011-04-28 21:15:14 -04:00
Roger Dingledine
66de6f7eb8 relays checkpoint their state file twice a day 2011-04-28 21:06:25 -04:00
Nick Mathewson
cd42ae7185 Only authorities should automatically download v2 networkstatus documents
Clients and relays haven't used them since early 0.2.0.x.  The only
remaining use by authorities learning about new relays ahead of scedule;
see proposal 147 for what we intend to do about that.

We're leaving in an option (FetchV2Networkstatus) to manually fetch v2
networkstatuses, because apparently dnsel and maybe bwauth want them.

This fixes bug 3022.
2011-04-28 21:06:07 -04:00
Nick Mathewson
b0a7e0d6ca Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 20:55:03 -04:00
Nick Mathewson
4010427b51 Merge remote-tracking branch 'arma/bug3039' into maint-0.2.2 2011-04-28 20:53:44 -04:00
Roger Dingledine
df3cf881d1 stop putting wacky values into state->lastwritten 2011-04-28 20:40:15 -04:00
Nick Mathewson
9d67d16c6a Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 20:38:50 -04:00
Nick Mathewson
5693fedb60 Clarify comment to say which version fixed 2722 2011-04-28 20:38:15 -04:00
Nick Mathewson
6b9aadd557 Merge remote-tracking branches 'rransom/bug2722' and 'rransom/bug2722b' into maint-0.2.2 2011-04-28 20:36:38 -04:00
Nick Mathewson
bb8689b864 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 20:05:48 -04:00
Nick Mathewson
c122897925 Merge remote-tracking branch 'sebastian/bug3020' into maint-0.2.2 2011-04-28 20:03:57 -04:00
Roger Dingledine
710227a77f fix a function comment 2011-04-28 19:19:04 -04:00
Sebastian Hahn
525d2700dd Correctly check elapsed time in last hibernation period
Fix bug 3020.
2011-04-29 01:18:32 +02:00
Nick Mathewson
f38ecd5ac0 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 18:14:50 -04:00
Nick Mathewson
6dfc0d5301 Avoid false positives from proxy_mode()
Previously it would erroneously return true if ListenAddr was set for
a client port, even if that port itself was 0.  This would give false
positives, which were not previously harmful... but which were about
to become.
2011-04-28 18:11:58 -04:00
Robert Ransom
b8708b5bd3 Fix bug 1930 2011-04-28 18:11:58 -04:00
Robert Ransom
ddd1b7be2d Ignore SIGNAL NEWNYM on relay-only Tor instances 2011-04-28 18:10:17 -04:00
Robert Ransom
df5c7fedbd Don't allow v0 HS auths to act as clients
A v0 HS authority stores v0 HS descriptors in the same descriptor
cache that its HS client functionality uses.  Thus, if the HS
authority operator clears its client HS descriptor cache, ALL v0
HS descriptors will be lost.  That would be bad.
2011-04-28 18:10:16 -04:00
Nick Mathewson
8b33928676 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 17:15:31 -04:00
John Brooks
2dc9546eef Correct the logic from f14754fbd for tor_gmtime_r 2011-04-28 17:13:45 -04:00
Nick Mathewson
51e551d383 Detect and handle NULL returns from (gm/local)time_r
These functions can return NULL for otherwise-valid values of
time_t.  Notably, the glibc gmtime manpage says it can return NULL
if the year if greater than INT_MAX, and the windows MSDN gmtime
page says it can return NULL for negative time_t values.

Also, our formatting code is not guaranteed to correctly handle
years after 9999 CE.

This patch tries to correct this by detecting NULL values from
gmtime/localtime_r, and trying to clip them to a reasonable end of
the scale.  If they are in the middle of the scale, we call it a
downright error.

Arguably, it's a bug to get out-of-bounds dates like this to begin
with.  But we've had bugs of this kind in the past, and warning when
we see a bug is much kinder than doing a NULL-pointer dereference.

Boboper found this one too.
2011-04-28 17:12:54 -04:00
Nick Mathewson
88638d40ca Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 16:05:59 -04:00
Nick Mathewson
3055acbdbe Merge remote-tracking branch 'sebastian/bug2497' into maint-0.2.2 2011-04-28 16:05:34 -04:00
Nick Mathewson
32918e954f Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/rendcommon.h
2011-04-28 15:57:27 -04:00
Robert Ransom
2c0258b69a Clean up merge of bug3k_021 2011-04-28 15:52:42 -04:00
Sebastian Hahn
4b13ebd5ab Merge branch 'bug3k_021' into bug3k_022
Conflicts:
	src/or/or.h
	src/or/rendclient.c
2011-04-28 19:00:34 +02:00
Sebastian Hahn
8a36f21251 Fix a failure case of connection_ap_handshake_attach_circuit()
tor_fragile_assert() might be a no-op, so we have to return something
here to indicate failure to the caller.
2011-04-28 18:14:50 +02:00
Robert Ransom
f1cf9bd74d Fix a bug introduced by purging rend_cache on NEWNYM
If the user sent a SIGNAL NEWNYM command after we fetched a rendezvous
descriptor, while we were building the introduction-point circuit, we
would give up entirely on trying to connect to the hidden service.

Original patch by rransom slightly edited to go into 0.2.1
2011-04-28 18:14:50 +02:00
Robert Ransom
2ad18ae736 Allow rend_client_send_introduction to fail transiently
i.e. without closing the AP connection.
2011-04-28 18:14:50 +02:00
Robert Ransom
440e48ddf2 Forget all rendezvous client state on SIGNAL NEWNYM 2011-04-28 18:14:50 +02:00
Nick Mathewson
26456d3354 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-27 22:14:54 -04:00
Nick Mathewson
0130e7c9d2 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/torint.h
2011-04-27 22:14:28 -04:00
Nick Mathewson
26c022ecbc Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-27 17:26:40 -04:00
Nick Mathewson
34510f9278 Fix clear_trackhostexits_mapping() to actually work as advertised
Previously, it would remove every trackhostexits-derived mapping
*from* xyz.<exitname>.exit; it was supposed to remove every
trackhostexits-derived mapping *to* xyz.<exitname>.exit.

Bugfix on 0.2.0.20-rc: fixes an XXX020 added while staring at bug-1090
issues.
2011-04-27 17:23:05 -04:00
Roger Dingledine
d4a61c76a1 Merge branch 'maint-0.2.2'
Conflicts:
	src/or/dirserv.h
2011-04-27 15:21:27 -04:00
Nick Mathewson
78c610eea9 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	doc/tor.1.txt
2011-04-27 15:20:01 -04:00
Roger Dingledine
cba1d29b7f make make check-spaces happier.
(still not happy.)
2011-04-27 15:18:34 -04:00
cypherpunks
247cbab6c8 Fix double-free bug in microdesc parser 2011-04-27 15:15:32 -04:00
Nick Mathewson
8b686d98c4 Merge maint-0.2.2 for the bug1090-part1-squashed branch
Resolved conflicts in:
	doc/tor.1.txt
	src/or/circuitbuild.c
	src/or/circuituse.c
	src/or/connection_edge.c
	src/or/connection_edge.h
	src/or/directory.c
	src/or/rendclient.c
	src/or/routerlist.c
	src/or/routerlist.h

These were mostly releated to the routerinfo_t->node_t conversion.
2011-04-27 14:36:30 -04:00
Roger Dingledine
0c40dda3ad explain an argument in a function comment 2011-04-27 13:43:11 -04:00
Nick Mathewson
748350ace1 Instead of checking whether we have unremoved intro points, check for usable ones 2011-04-27 00:01:41 -04:00
Roger Dingledine
b8b557dcb2 better user-facing warnings for unexpected last hops
these still aren't perfect, but we won't know how to correct them until
we start experiencing surprised users.
2011-04-27 00:01:41 -04:00
Roger Dingledine
f7a5bc16d6 warn if we launch too many circuits for a given stream 2011-04-27 00:01:41 -04:00
Roger Dingledine
f962dda8c1 revert most of ef81649d2f
Now we believe it to be the case that we never build a circuit for our
stream that has an unsuitable exit, so we'll never need to use such
a circuit. The risk is that we have some code that builds the circuit,
but now we refuse to use it, meaning we just build a bazillion circuits
and ignore them all.
2011-04-27 00:01:41 -04:00
Nick Mathewson
8ee92f28e0 Add a circuit_purpose_to_string() function, and use it
We had a circuit_purpose_to_controller_string() function, but it was
pretty coarse-grained and didn't try to be human-readable.
2011-04-27 00:01:35 -04:00
Sebastian Hahn
e03e90bf59 Fix a check-spaces complaint 2011-04-26 23:55:23 -04:00
Sebastian Hahn
92ec36a061 Explain the "using anyway" log message better
Also add a request to report any cases where we are not honoring
StrictNodes to the developers: These should now all be bugs.
2011-04-26 23:55:23 -04:00
Sebastian Hahn
8e2904e269 Fix a log msg 2011-04-26 23:55:22 -04:00
Nick Mathewson
79a3b3cd37 Check transition of circuit purpose from INTRO->GENERAL if nodes are constrained
This looked at first like another fun way around our node selection
logic: if we had introduction circuits, and we wound up building too
many, we would turn extras into general-purpose circuits.  But when we
did so, we wouldn't necessarily check whether the general-purpose
circuits conformed to our node constraints.  For example, the last
node could totally be in ExcludedExitNodes and we wouldn't have cared...

...except that the circuit should already be internal, so it won't get user
streams attached to it, so the transition should generally be allowed.
Add an assert to make sure we're right about this, and have it not
check whether ExitNodes is set, since that's irrelevant to internal
circuits.
2011-04-26 23:54:18 -04:00
Nick Mathewson
6afad6b691 When cannibalizing a circuit, make sure it has no ExcludeNodes on it
This could happen if StrictNodes was 0 and we were forced to pick an
excluded node as the last hop of the circuit.
2011-04-26 23:54:17 -04:00
Nick Mathewson
80adb3de50 When there is a transition in permitted nodes, apply it to trackexithosts map
IOW, if we were using TrackExitHosts, and we added an excluded node or
removed a node from exitnodes, we wouldn't actually remove the mapping
that points us at the new node.

Also, note with an XXX022 comment a place that I think we are looking
at the wrong string.
2011-04-26 23:54:17 -04:00
Nick Mathewson
128582cc1f Simplify calls to routerset_equal
The routerset_equal function explicitly handles NULL inputs, so
there's no need to check inputs for NULL before calling it.

Also fix a bug in routerset_equal where a non-NULL routerset with no
entries didn't get counted as equal to a NULL routerset.  This was
untriggerable, I think, but potentially annoying down the road.
2011-04-26 23:54:17 -04:00
Nick Mathewson
84f0e87c6a If we have chosen an exit that shares a family with all bridges, fail the circuit
We could probably do something smarter here, but the situation is
unusual enough that it's okay to just fail the circuit.
2011-04-26 23:54:17 -04:00
Nick Mathewson
b59a289365 Do not try to download descriptors for bridges in ExcludeNodes. 2011-04-26 23:54:16 -04:00