Commit Graph

17299 Commits

Author SHA1 Message Date
Nick Mathewson
116e6af7a7 Fix a compilation warning with older gcc 2013-09-23 01:47:52 -04:00
Nick Mathewson
d1dbaf2473 Relays should send timestamp in NETINFO.
This avoids skew warnings as authorities test reachability.

Fix 9798; fix not on any released Tor.
2013-09-21 08:54:42 -04:00
Roger Dingledine
4f036acd27 back out most of 1d0ba9a
this was causing directory authorities to send a time of 0 on all
connections they generated themselves, which means everybody reachability
test caused a time skew warning in the log for that relay.

(i didn't just revert, because the changes file has been modified by
other later commits.)
2013-09-21 02:11:51 -04:00
Nick Mathewson
07bb171856 Merge branch 'no_client_timestamps_024_v2' into maint-0.2.4 2013-09-20 11:00:43 -04:00
Nick Mathewson
39bb59d363 Avoid error by not saying which intro cell type I mean 2013-09-20 11:00:27 -04:00
Nick Mathewson
fd2954d06d Round down hidden service descriptor publication times to nearest hour
Implements part of proposal 222.  We can do this safely, since
REND_CACHE_MAX_SKEW is 24 hours.
2013-09-20 11:00:27 -04:00
Nick Mathewson
accadd8752 Remove the timestamp from AUTHENTICATE cells; replace with random bytes
This isn't actually much of an issue, since only relays send
AUTHENTICATE cells, but while we're removing timestamps, we might as
well do this too.

Part of proposal 222.  I didn't take the approach in the proposal of
using a time-based HMAC, since that was a bad-prng-mitigation hack
from SSL3, and in real life, if you don't have a good RNG, you're
hopeless as a Tor server.
2013-09-20 11:00:27 -04:00
Nick Mathewson
f8b44eedf7 Get ready to stop sending timestamps in INTRODUCE cells
For now, round down to the nearest 10 minutes.  Later, eliminate entirely by
setting a consensus parameter.

(This rounding is safe because, in 0.2.2, where the timestamp mattered,
REND_REPLAY_TIME_INTERVAL was a nice generous 60 minutes.)
2013-09-20 11:00:27 -04:00
Nick Mathewson
1d0ba9a61f Stop sending the current time in client NETINFO handshakes.
Implements part of proposal 222.
2013-09-20 11:00:27 -04:00
Nick Mathewson
7dbf66713f When freeing a cert_list_t, avoid memory leak.
We were freeing these on exit, but when we added the dl_status_map
field to them in fddb814f, we forgot to arrange for it to be freed.

I've moved the cert_list_free() code into its own function, and added
an appropriate dsmap_free() call.

Fixes bug 9644; bugfix on 0.2.4.13-alpha.
2013-09-19 12:22:49 -04:00
Nick Mathewson
0c807cf3e4 Document that disabledebuggerattachment prevents cores 2013-09-19 12:14:07 -04:00
Nick Mathewson
dece40fd77 Fix an assert when disabling ORPort with accounting disabled.
The problem was that the server_identity_key_is_set() function could
return true under conditions where we don't really have an identity
key -- specifically, where we used to have one, but we stopped being a
server.

This is a fix for 6979; bugfix on 0.2.2.18-alpha where we added that
assertion to get_server_identity_key().
2013-09-18 10:26:32 -04:00
Nick Mathewson
ace95c525c Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-09-16 12:47:05 -04:00
Nick Mathewson
b46353b793 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-09-16 12:46:50 -04:00
Nick Mathewson
c5532889a8 Don't apply read/write buckets to cpuworker connections
Fixes bug 9731
2013-09-13 13:39:18 -04:00
Nick Mathewson
a2754d418d Try using INT_MAX, not SOMAXCONN, to set listen() backlog.
Fall back to SOMAXCONN if INT_MAX doesn't work.

We'd like to do this because the actual maximum is overrideable by the
kernel, and the value in the header file might not be right at all.
All implementations I can find out about claim that this is supported.

Fix for 9716; bugfix on every Tor.
2013-09-11 13:30:45 -04:00
Karsten Loesing
13d192c1d8 Update to the September 2013 GeoIP database. 2013-09-10 15:00:06 +02:00
Roger Dingledine
2c877d2da4 collect and log statistics about onionskins received/processed
we skip onionskins that came from non-relays, so we're less likely to
run into privacy troubles.

starts to implement ticket 9658.
2013-09-05 01:44:52 -04:00
Roger Dingledine
f51add6dbc Revert e443beff and solve it a different way
Now we explicitly check for overflow.

This approach seemed smarter than a cascade of "change int to unsigned
int and hope nothing breaks right before the release".

Nick, feel free to fix in a better way, maybe in master.
2013-09-05 01:41:07 -04:00
Roger Dingledine
e443beffeb don't let recently_chosen_ntors overflow
with commit c6f1668d we let it grow arbitrarily large.

it can still overflow, but the damage is very small now.
2013-09-05 01:27:46 -04:00
Roger Dingledine
c6f1668db3 nickm wants us to prioritize tap in a currently-rare edge case 2013-09-04 23:21:46 -04:00
Roger Dingledine
71e0ca02b5 add a changes entry for ticket 9574 2013-09-04 23:21:46 -04:00
Roger Dingledine
a4400952ee Be more general in calculating expected onion queue processing time
Now we consider the TAP cells we'll process while draining the NTor
queue, and vice versa.
2013-09-04 23:21:45 -04:00
Roger Dingledine
a66791230f let the NumNTorsPerTAP consensus param override our queue choice 2013-09-04 23:21:45 -04:00
Roger Dingledine
7acc7c3dc6 do a lopsided round-robin between the onion queues
that way tap won't starve entirely, but we'll still handle ntor requests
quicker.
2013-09-04 23:21:45 -04:00
Roger Dingledine
16b5c609a4 check bounds on handshake_type more thoroughly 2013-09-04 23:21:45 -04:00
Roger Dingledine
9d2030e580 add info-level logs to help track onion queue sizes 2013-09-04 23:21:45 -04:00
Roger Dingledine
bb32bfa2f2 refactor and give it unit tests 2013-09-04 23:21:45 -04:00
Roger Dingledine
87a18514ef Separate cpuworker queues by handshake type
Now we prioritize ntor create cells over tap create cells.

Starts to address ticket 9574.
2013-09-04 23:21:45 -04:00
Nick Mathewson
a60d21a85d Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/circuitbuild.c
2013-09-04 16:08:02 -04:00
Nick Mathewson
3cebc5e73c Merge branch 'bug9671_023' into maint-0.2.3 2013-09-04 16:04:47 -04:00
Nick Mathewson
4f3dbb3c0a use !cbt_disabled in place of LearnCBT to avoid needless circs
This would make us do testing circuits "even when cbt is disabled by
consensus, or when we're a directory authority, or when we've failed
to write cbt history to our state file lately." (Roger's words.)

This is a fix for 9671 and an improvement in our fix for 5049.
The original misbehavior was in 0.2.2.14-alpha; the incomplete
fix was in 0.2.3.17-beta.
2013-09-04 15:54:05 -04:00
Nick Mathewson
a8e76de4d9 Merge branch 'bug9400_024_squashed' into maint-0.2.4 2013-09-03 15:38:54 -04:00
Nick Mathewson
d819663b66 Avoid a double-close on one failing case of the socketpair replacement code
Fix for bug 9400, spotted by coverity. Bug introduced in revision 2cb4f7a4
(subversion revision r389).
2013-09-03 15:38:25 -04:00
Nick Mathewson
264aa271a7 Fix bug 9645: don't forget an md just because we can't save it. 2013-09-03 14:25:01 -04:00
Nick Mathewson
a5f6cb908c Increase POLICY_BUF_LEN to 72 to accomodate IPv6 exit policy items.
Fixes bug 9596; bugfix on 0.2.4.7-alpha.
2013-08-26 11:30:09 -04:00
Nick Mathewson
a5610cfa64 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
(Using "ours" strategy to avoid taking 9546 fix in 0.2.3; we just
merged our own into 0.2.4)
2013-08-25 00:33:10 -04:00
Nick Mathewson
8611195a00 Merge remote-tracking branch 'public/bug9546_023_v2' into maint-0.2.3 2013-08-25 00:32:27 -04:00
Nick Mathewson
4107ddd003 Merge remote-tracking branch 'public/bug9546_v2' into maint-0.2.4 2013-08-25 00:31:51 -04:00
Nick Mathewson
1ee1c8fb4f Merge remote-tracking branch 'public/bug9366' into maint-0.2.4 2013-08-25 00:29:49 -04:00
Nick Mathewson
3727a978b8 Merge remote-tracking branch 'public/bug9543' into maint-0.2.4 2013-08-25 00:29:06 -04:00
Nick Mathewson
43f187ec2e Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-08-22 20:47:10 -04:00
Nick Mathewson
8bf2892f51 Merge remote-tracking branch 'public/bug9564' into maint-0.2.3 2013-08-22 20:46:40 -04:00
Nick Mathewson
2530c84220 Replace return with continue in update_consensus_networkstatus_downloads
Fix for bug 9564; bugfix on 0.2.3.14-alpha.
2013-08-22 10:00:37 -04:00
Nick Mathewson
af7970b6bc Add a 30-day maximum on user-supplied MaxCircuitDirtiness
Fix for bug 9543.
2013-08-21 11:35:00 -04:00
Nick Mathewson
cbc53a2d52 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:29:19 -04:00
Nick Mathewson
940cef3367 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:28:58 -04:00
Nick Mathewson
0daa26a473 Send NETINFO on receiving a NETINFO if we have not yet sent one.
(Backport to Tor 0.2.3)

Relays previously, when initiating a connection, would only send a
NETINFO after sending an AUTHENTICATE.  But bridges, when receiving a
connection, would never send AUTH_CHALLENGE.  So relays wouldn't
AUTHENTICATE, and wouldn't NETINFO, and then bridges would be
surprised to be receiving CREATE cells on a non-open circuit.

Fixes bug 9546.
2013-08-21 11:28:57 -04:00
Nick Mathewson
1bb4a4f9bd Send NETINFO on receiving a NETINFO if we have not yet sent one.
Relays previously, when initiating a connection, would only send a
NETINFO after sending an AUTHENTICATE.  But bridges, when receiving a
connection, would never send AUTH_CHALLENGE.  So relays wouldn't
AUTHENTICATE, and wouldn't NETINFO, and then bridges would be
surprised to be receiving CREATE cells on a non-open circuit.

Fixes bug 9546.
2013-08-20 14:52:56 -04:00
Nick Mathewson
edaea773e5 Document the correct loglevel for the heartbeat message 2013-08-16 21:59:41 -04:00