Commit Graph

5450 Commits

Author SHA1 Message Date
teor (Tim Wilson-Brown)
da968e558e Fix various issues with fallback directory data handling
* support maximum history age in _avg_generic_history()
* fix division-by-zero trap in _avg_generic_history()
* skip missing (i.e. null/None) intervals in _avg_generic_history()
* Python timedelta.total_seconds() function not available in 2.6;
  replace with equivalent expression
* set DEBUG logging level to make relay exclusion reasons visible
* move CUTOFF_GUARD test to end in order to expose more exclusion
  reasons

Patch by "starlight", merge modifications by "teor".
2016-01-12 10:10:05 -05:00
Fergus Dall
9e5a6f0293 Stop log_heartbeat test from failing in timezones with non-integer offsets
Instead of comparing the end of the time string against a constant,
compare it to the output of format_local_iso_time when given the
correct input.
2016-01-12 22:01:46 +10:30
teor (Tim Wilson-Brown)
bc2bed8979 Don't reduce the weight of exits selected as fallback directories
When selecting exits as fallback directories, don't reduce
their weights.

Closes ticket #17888.
2016-01-12 13:56:45 +11:00
teor (Tim Wilson-Brown)
430181fad2 Allow fallback directory selection to use day-old data
Allow cached or outdated Onionoo data to be used to choose
fallback directories, as long as it's less than a day old.

Modify last modified date checks in preparation for Onionoo change
2016-01-12 13:51:25 +11:00
Nick Mathewson
d10ea49588 Merge remote-tracking branch 'rl1987/feature17950' 2016-01-11 08:54:51 -05:00
Nick Mathewson
8fc27ac042 Give 18024 a bug number. 2016-01-08 15:55:49 -08:00
Nick Mathewson
95f5910810 Merge branch 'unixninja_ticket15989_squashed' 2016-01-08 15:52:22 -08:00
unixninja92
4f0e28977d Added AccountRule in and AccountingRule out options 2016-01-08 15:52:10 -08:00
Nick Mathewson
5b5abd8c03 Merge commit '110765f5564a588c5f019d32b5e6f66cc7806c41' 2016-01-08 15:08:28 -08:00
Nick Mathewson
a1019b82c1 Merge remote-tracking branch 'public/feature16794_more' 2016-01-08 14:54:51 -08:00
rl1987
fb373a9ef6 On win32, use SecureZeroMemory() to securely wipe buffers.
{Also tweak the comments. -nickm)
2016-01-07 14:25:31 -08:00
Nick Mathewson
3783046f3b Use memset_s or explicit_bzero when available. 2016-01-07 12:53:24 -08:00
Nick Mathewson
77bc95cb5e Merge remote-tracking branch 'public/17826_redux' 2016-01-07 09:52:09 -08:00
Nick Mathewson
55232e32c7 Merge branch 'maint-0.2.7' 2016-01-07 09:43:24 -08:00
Nick Mathewson
b34c5c6b8a Merge branch 'maint-0.2.6' into maint-0.2.7
Conflicts:
	src/or/config.c
2016-01-07 09:43:12 -08:00
Nick Mathewson
c7b0cd9c2f Merge branch 'maint-0.2.5' into maint-0.2.6 2016-01-07 09:41:36 -08:00
Nick Mathewson
9ca329581a Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2016-01-07 09:40:23 -08:00
teor (Tim Wilson-Brown)
11f63d26ac Update dannenberg's V3 authority identity fingerprint
This new identity key was changed on 18 November 2015.
2016-01-07 09:39:04 -08:00
Nick Mathewson
5ba7b1a74d Merge remote-tracking branch 'gtank/feature16774-squashed' 2016-01-07 09:20:03 -08:00
Nick Mathewson
37b0d27a34 Merge branch 'maint-0.2.7' 2016-01-07 09:14:31 -08:00
Nick Mathewson
d9b11d05e8 Merge branch 'maint-0.2.6' into maint-0.2.7 2016-01-07 09:14:15 -08:00
Nick Mathewson
400df18688 Merge branch 'maint-0.2.5' into maint-0.2.6 2016-01-07 09:14:05 -08:00
Nick Mathewson
ae223138fb Merge branch 'maint-0.2.4' into maint-0.2.5 2016-01-07 09:13:54 -08:00
Karsten Loesing
1496056c12 Update geoip and geoip6 to the January 5 2016 database. 2016-01-07 11:10:37 +01:00
George Tankersley
3bc45f2628 Add FallbackDir list to GETINFO config/defaults 2016-01-06 11:22:30 -08:00
rl1987
110765f556 Use get_interface6_via_udp_socket_hack() properly in _list().
When _list() is called with AF_UNSPEC family and fails to enumerate
network interfaces using platform specific API, have it call
_hack() twice to find out IPv4 and/or IPv6 address of a machine Tor
instance is running on. This is correct way to handle this case
because _hack() can only be called with AF_INET and AF_INET6 and
does not support any other address family.
2016-01-06 14:47:35 +01:00
rl1987
44497e9ebc Add family argument to get_interface_addresses_raw (and subfunctions). 2016-01-03 15:35:45 +01:00
Nick Mathewson
cdbb04be10 change credit by request 2015-12-30 09:16:11 -05:00
Nick Mathewson
603110aa1d Merge branch 'feature17796_squashed' 2015-12-29 09:48:39 -05:00
Nick Mathewson
488cdee5e7 When allocating a crypto_digest_t, allocate no more bytes than needed
Previously we would allocate as many bytes as we'd need for a
keccak--even when we were only calculating SHA1.

Closes ticket 17796.
2015-12-29 09:47:04 -05:00
Nick Mathewson
bc2cd0ff2b Use timingsafe_memcmp() where available.
See ticket 17944; patch from "logan".
2015-12-29 09:43:01 -05:00
Nick Mathewson
263f6d11fd Mark all object files built based on micro-revision.i as depending on it
Fixes make -j for some users; fixes bug 17826.

Bugfix on 0.2.5.1, when we started building testing versions of all
the object files.
2015-12-26 13:43:13 -05:00
Nick Mathewson
6365859825 Disable the dynlock functions we were giving openssl.
OpenSSL doesn't use them, and fwict they were never called. If some
version of openssl *does* start using them, we should test them before
we turn them back on.

See ticket 17926
2015-12-23 09:58:36 -05:00
Nick Mathewson
b18f533cf0 Always test both ed25519 backends.
Part of #16794
2015-12-23 09:16:26 -05:00
Nick Mathewson
9a901aaa01 changes file correction 2015-12-23 07:24:59 -05:00
Nick Mathewson
2b9b694410 Remove config.log from CLEANFILES
Fixes bug 17924; bugfix on 0.2.4.1-alpha.

In ddf5020ea8, we added config.log to CLEANFILES in doc/Makefile.am
so that distcheck would be happy about the presence of doc/config.log.
But when we moved to nonrecursie makefiles in 2a4a149624, we
accidentally left that filename unchanged, so that it referred to
config.log instead.

Patch from cypherpunks.
2015-12-22 20:46:15 -05:00
Nick Mathewson
ff3e90070f Merge branch 'maint-0.2.7' 2015-12-22 20:38:33 -05:00
Nick Mathewson
d0c209c51d Remove extraneous #endif in configure.ac
This will fix the detection of struct in6_addr.s6_addr32 and others

Found and fixed by cypherpunks; bug 17923; bugfix on f948caad7b
2015-12-22 20:37:02 -05:00
Nick Mathewson
b9596b8fdf document minimum heartbeatperiod; bug 15638. 2015-12-22 11:10:37 -05:00
Nick Mathewson
45f5e59751 Remove extra quotes from log message
Bug 17843; fix on ddc65e2b
2015-12-22 10:31:26 -05:00
Nick Mathewson
c4fb7ad034 Merge branch 'feature12538_028_01_squashed' 2015-12-18 13:16:49 -05:00
Matthew Finkel
0a7d22a664 Client should check if dir server has open dir port or handles tunnelled requests
Final piece of prop 237. Closes 12538.
2015-12-18 13:14:09 -05:00
Nick Mathewson
05f02f65c4 changes file for 17893 2015-12-18 13:12:42 -05:00
Nick Mathewson
511105af9c changes file for 17892 2015-12-18 13:10:13 -05:00
Nick Mathewson
8585cc57f8 Merge branch 'maint-0.2.7' 2015-12-17 14:57:16 -05:00
Nick Mathewson
2cbaf39af4 Add some more ed25519 key files to the seccomp sandbox list
Fixes bug 17675; bugfix on 0.2.7.3-alpha.
2015-12-17 14:56:24 -05:00
Nick Mathewson
24fcb6adbb Add an edge_about_to_close() call to ap_about_to_close().
Fixes #17876
2015-12-16 18:52:34 -05:00
Nick Mathewson
3317cd3a1f Merge branch 'maint-0.2.7' 2015-12-16 09:24:40 -05:00
Nick Mathewson
33b5bfb948 Don't call pthread_condattr_setclock() unless it exists
Fixes bug 17819; bugfix on 0.2.6.3-alpha (specifically, d684dbb0).
2015-12-16 09:23:44 -05:00
Nick Mathewson
bb23ad3e47 Merge remote-tracking branch 'teor/feature17863' 2015-12-16 08:48:28 -05:00
teor (Tim Wilson-Brown)
978210d5a8 Wait for busy authorities/fallbacks rather than ignoring excluded nodes
Applies the 6c443e987d fix to router_pick_directory_server_impl.

6c443e987d applied to directory servers chosen from the consensus,
and was:
"Tweak the 9969 fix a little

If we have busy nodes and excluded nodes, then don't retry with the
excluded ones enabled. Instead, wait for the busy ones to be nonbusy."
2015-12-16 09:07:11 +11:00
teor (Tim Wilson-Brown)
e2e09a2dbe Warn when comparing against an AF_UNSPEC address in a policy
It produces unexpected results, and it's most likely a bug.
2015-12-16 08:51:59 +11:00
Nick Mathewson
6ba8afe5f8 Merge remote-tracking branch 'teor/feature15775-fallback-v9-squashed' 2015-12-15 14:04:00 -05:00
teor
4c1c2a313d Add Fallback Directory Candidate Selection Script
"Tor has included a feature to fetch the initial consensus from nodes
 other than the authorities for a while now. We just haven't shipped a
 list of alternate locations for clients to go to yet.

 Reasons why we might want to ship tor with a list of additional places
 where clients can find the consensus is that it makes authority
 reachability and BW less important.

 We want them to have been around and using their current key, address,
 and port for a while now (120 days), and have been running, a guard,
 and a v2 directory mirror for most of that time."

Features:
* whitelist and blacklist for an opt-in/opt-out trial.
* excludes BadExits, tor versions that aren't recommended, and low
  consensus weight directory mirrors.
* reduces the weighting of Exits to avoid overloading them.
* places limits on the weight of any one fallback.
* includes an IPv6 address and orport for each FallbackDir, as
  implemented in #17327. (Tor won't bootstrap using IPv6 fallbacks
  until #17840 is merged.)
* generated output includes timestamps & Onionoo URL for traceability.
* unit test ensures that we successfully load all included default
  fallback directories.

Closes ticket #15775. Patch by "teor".
OnionOO script by "weasel", "teor", "gsathya", and "karsten".
2015-12-16 05:54:40 +11:00
Nick Mathewson
aa4be914f0 Merge remote-tracking branch 'teor/feature17327-v4' 2015-12-15 13:19:18 -05:00
Nick Mathewson
aba39ea390 Merge branch 'feature8195_small_squashed' 2015-12-15 13:11:06 -05:00
Nick Mathewson
405a8d3fb4 Update KeepCapabilities based on comments from asn
* The option is now KeepBindCapabilities
* We now warn if the user specifically asked for KeepBindCapabilities
  and we can't deliver.
* The unit tests are willing to start.
* Fewer unused-variable warnings.
* More documentation, fewer misspellings.
2015-12-15 13:10:57 -05:00
Nick Mathewson
e8cc839e41 Add ability to keep the CAP_NET_BIND_SERVICE capability on Linux
This feature allows us to bind low ports when starting as root and
switching UIDs.

Based on code by David Goulet.

Implement feature 8195
2015-12-15 13:10:57 -05:00
Nick Mathewson
a7d44731d9 Merge remote-tracking branch 'teor/feature4483-v10-squashed' 2015-12-15 12:57:57 -05:00
teor (Tim Wilson-Brown)
35bbf2e4a4 Prop210: Add schedules for simultaneous client consensus downloads
Prop210: Add attempt-based connection schedules

Existing tor schedules increment the schedule position on failure,
then retry the connection after the scheduled time.

To make multiple simultaneous connections, we need to increment the
schedule position when making each attempt, then retry a (potentially
simultaneous) connection after the scheduled time.

(Also change find_dl_schedule_and_len to find_dl_schedule, as it no
longer takes or returns len.)

Prop210: Add multiple simultaneous consensus downloads for clients

Make connections on TestingClientBootstrapConsensus*DownloadSchedule,
incrementing the schedule each time the client attempts to connect.

Check if the number of downloads is less than
TestingClientBootstrapConsensusMaxInProgressTries before trying any
more connections.
2015-12-16 04:37:49 +11:00
Nick Mathewson
54433993c7 Merge branch 'feature17576-UseDefaultFallbackDirs-v2-squashed' 2015-12-15 12:19:08 -05:00
teor (Tim Wilson-Brown)
080ae03ee4 Add UseDefaultFallbackDirs for hard-coded directory mirrors
UseDefaultFallbackDirs enables any hard-coded fallback
directory mirrors. Default is 1, set it to 0 to disable fallbacks.

Implements ticket 17576.
Patch by "teor".
2015-12-15 12:19:01 -05:00
Nick Mathewson
fec5aa75f4 Merge branch 'maint-0.2.7' 2015-12-15 11:55:46 -05:00
cypherpunks
07cca627ea Fix backtrace compilation on FreeBSD
On FreeBSD backtrace(3) uses size_t instead of int (as glibc does). This
causes integer precision loss errors when we used int to store its
results.

The issue is fixed by using size_t to store the results of backtrace(3).

The manual page of glibc does not mention that backtrace(3) returns
negative values. Therefore, no unsigned integer wrapping occurs when its
result is stored in an unsigned data type.
2015-12-15 11:52:00 -05:00
cypherpunks
b463773fc3 Add changes file for 17804 2015-12-15 11:34:00 -05:00
Nick Mathewson
39b2f2d35e Merge branch 'maint-0.2.7' 2015-12-14 13:21:16 -05:00
cypherpunks
ff843ed39f Add changes file for 17818 2015-12-14 13:11:20 -05:00
teor (Tim Wilson-Brown)
1c2366ea43 Authorities on IPv6: minor fixes and unit tests
Update the code for IPv6 authorities and fallbacks for function
argument changes.

Update unit tests affected by the function argument changes in
the patch.

Add unit tests for authority and fallback:
 * adding via a function
 * line parsing
 * adding default authorities
(Adding default fallbacks is unit tested in #15775.)
2015-12-14 23:46:47 +11:00
Nick Mathewson
85003f4c80 Add a new ipv6=address:orport flag to DirAuthority and FallbackDir
Resolves # 6027
2015-12-14 23:43:50 +11:00
Jamie Nguyen
dcbfe46cd6 Defer creation of Unix socket until after setuid 2015-12-10 20:00:06 -05:00
Jamie Nguyen
ec4ef68271 Introduce DataDirectoryGroupReadable boolean 2015-12-10 20:00:06 -05:00
Jamie Nguyen
08c7ceb5df Permit filesystem group to be root 2015-12-10 20:00:06 -05:00
Nick Mathewson
81c06b132f Remove already-merged changes files. 2015-12-10 10:00:56 -05:00
Nick Mathewson
7186e2a943 Merge remote-tracking branch 'public/feature17694_strongest_027' 2015-12-10 09:02:10 -05:00
cypherpunks
7e7188cb00 Assert when the TLS contexts fail to initialize 2015-12-10 08:50:40 -05:00
Roger Dingledine
9236e50415 fold in the changes entries 2015-12-10 08:14:58 -05:00
Roger Dingledine
b2a53e8ca9 Merge branch 'maint-0.2.7' into release-0.2.7 2015-12-10 04:12:10 -05:00
cypherpunks
91ab2ac5aa Assert that memory held by rephist is freed
The internal memory allocation and history object counters of the
reputation code can be used to verify the correctness of (part of) the
code. Using these counters revealed an issue where the memory allocation
counter is not decreased when the bandwidth arrays are freed.

A new function ensures the memory allocation counter is decreased when a
bandwidth array is freed.

This commit also removes an unnecessary cast which was found while
working on the code.
2015-12-09 11:31:17 -05:00
Nick Mathewson
b3eba8ef12 Merge branch 'refactor-effective-entry' 2015-12-09 11:05:41 -05:00
Nick Mathewson
caff665309 Merge remote-tracking branch 'teor/first-hop-no-private' 2015-12-09 10:47:59 -05:00
Nick Mathewson
d6a3b1f019 changes file for bug17791 2015-12-09 10:38:13 -05:00
cypherpunks
3dcb7320cf Add changes file for 17776 2015-12-09 10:22:26 -05:00
Nick Mathewson
7f074e08d8 Merge branch 'feature13696_squashed' 2015-12-08 12:35:26 -05:00
Yawning Angel
353c71516e Add support for getrandom() and getentropy() when available
Implements feature #13696.
2015-12-08 12:34:53 -05:00
Nick Mathewson
2259de0de7 Always hash crypto_strongest_rand() along with some prng
(before using it for anything besides feeding the PRNG)

Part of #17694
2015-12-08 10:54:42 -05:00
Nick Mathewson
252149e8b4 Merge branch 'maint-0.2.7' 2015-12-08 10:23:56 -05:00
Nick Mathewson
c6a337557a Merge branch 'maint-0.2.6' into maint-0.2.7 2015-12-08 10:23:41 -05:00
Nick Mathewson
1adc2bf66f Merge branch 'maint-0.2.5' into maint-0.2.6 2015-12-08 10:20:21 -05:00
Nick Mathewson
c3d11b119d Merge branch 'maint-0.2.4' into maint-0.2.5 2015-12-08 10:20:14 -05:00
Arlo Breault
5138f5ca69 Ensure node is a guard candidate when picking a directory guard 2015-12-08 09:49:01 -05:00
Nick Mathewson
b585cf3ca3 Merge branch 'maint-0.2.7' 2015-12-08 09:44:01 -05:00
Nick Mathewson
eeb9751ead Merge branch 'maint-0.2.6' into maint-0.2.7 2015-12-08 09:43:42 -05:00
Nick Mathewson
b53ff86067 Merge branch 'maint-0.2.5' into maint-0.2.6 2015-12-08 09:43:25 -05:00
Nick Mathewson
4328525770 Merge branch 'maint-0.2.4' into maint-0.2.5 2015-12-08 09:38:48 -05:00
Nick Mathewson
b0867fec96 Fix a compilation warning introduced by clang 3.6
There was a dead check when we made sure that an array member of a
struct was non-NULL.  Tor has been doing this check since at least
0.2.3, maybe earlier.

Fixes bug 17781.
2015-12-08 09:37:05 -05:00
Nick Mathewson
1321608786 Merge branch 'maint-0.2.7' 2015-12-08 08:45:09 -05:00
Nick Mathewson
e9bf584694 Format IPv6 policies correctly.
Previously we'd suppressed the mask-bits field in the output when
formatting a policy if it was >=32.  But that should be a >=128 if
we're talking about IPv6.

Since we didn't put these in descriptors, this bug affects only log
messages and controller outputs.

Fix for bug 16056.  The code in question was new in 0.2.0, but the
bug was introduced in 0.2.4 when we started supporting IPv6 exits.
2015-12-08 08:44:58 -05:00
cypherpunks
d6adb26a49 Add changes file for 17778 2015-12-08 08:28:27 -05:00
Nick Mathewson
79fdfd5231 Merge remote-tracking branch 'teor/exitpolicy-multicast' 2015-12-07 10:23:30 -05:00
Nick Mathewson
0ec6757091 Merge branch 'maint-0.2.7' 2015-12-07 10:11:54 -05:00
Nick Mathewson
9c66afe772 Merge branch 'maint-0.2.6' into maint-0.2.7 2015-12-07 10:11:21 -05:00
Nick Mathewson
089ee13534 Merge branch 'maint-0.2.5' into maint-0.2.6 2015-12-07 10:10:44 -05:00
Nick Mathewson
e8e89fd7a1 Merge branch 'maint-0.2.4' into maint-0.2.5 2015-12-07 10:10:21 -05:00
teor (Tim Wilson-Brown)
021958934f Consistently ignore multicast in internal reject private exit policies
Consistently ignore multicast addresses when automatically
generating reject private exit policies.

Closes ticket 17763. Bug fix on 10a6390deb,
not in any released version of Tor. Patch by "teor".
2015-12-07 14:46:19 +11:00
teor (Tim Wilson-Brown)
ba5053b45d Refactor policies_parse_exit_policy_internal
Move logging of redundant policy entries in
policies_parse_exit_policy_internal into its own function.

Closes ticket 17608; patch from "juce".
2015-12-06 21:32:09 +11:00
Karsten Loesing
dbb919cf94 Update geoip and geoip6 to the December 1 2015 database. 2015-12-05 17:02:59 +01:00
Nick Mathewson
ee5337e904 Merge branch 'maint-0.2.7' 2015-11-30 22:03:00 -05:00
cypherpunks
e408aa3b24 Add changes file for 17722 2015-11-30 22:02:50 -05:00
teor (Tim Wilson-Brown)
7ff18cc1b6 Avoid relying on malloc internals in test_rend_cache_purge.
Closes ticket 17724. Bug fix on ade5005853 and 5e9f2384cf,
not in any released version of Tor. Patch by "teor".
2015-12-01 10:50:14 +11:00
teor (Tim Wilson-Brown)
fc264975b1 Unit test the full length of SHA256 and SHA512 digests
Bugfix on a tor version before the refactoring in git commit
cea1225199 (23 Sep 2009). Patch by "teor".
2015-11-27 02:25:31 +11:00
Nick Mathewson
09e0ae0588 Merge remote-tracking branch 'teor/rand-failure-modes-v2' 2015-11-26 10:05:38 -05:00
teor (Tim Wilson-Brown)
155fa2dbdb Add unit tests that check for common RNG failure modes
Check that crypto_rand doesn't return all zeroes, identical values,
or incrementing values (OpenSSL's rand_predictable feature).
2015-11-26 21:27:05 +11:00
Nick Mathewson
e5754c42d1 Merge branch 'bug17686_v2_027' 2015-11-25 22:33:49 -05:00
Nick Mathewson
943369f927 Add a changes file for bug 17686 2015-11-25 22:29:59 -05:00
teor (Tim Wilson-Brown)
b1b8f7982e Check the return value of HMAC in crypto.c and assert on error
Fixes bug #17658; bugfix on commit in fdbb9cdf74 (11 Oct 2011)
in tor version 0.2.3.5-alpha-dev.
2015-11-26 10:46:36 +11:00
Nick Mathewson
5dff4ae0ad Attempt to make openbsd compilation happier with libevent2 installed
Fix for bug 16651; patch from "rubiate".
2015-11-25 09:43:12 -05:00
Nick Mathewson
62aad9c0b6 Merge branch 'maint-0.2.7' 2015-11-25 09:28:44 -05:00
Nick Mathewson
232ccc18c4 Include netinet/in.h (if detected) in check for net/pfvar.h
Patch from rubiate; fixes bug 17551.
2015-11-25 09:27:52 -05:00
Nick Mathewson
fe8eb9b366 Merge remote-tracking branch 'public/decouple_dir_request_failed' 2015-11-25 09:21:25 -05:00
Nick Mathewson
7194d3d957 Tweak gtank's sha512 patch a little 2015-11-25 09:04:17 -05:00
Nick Mathewson
74e5385da7 Merge remote-tracking branch 'gtank/feature17663' 2015-11-25 09:00:01 -05:00
Nick Mathewson
2079ec9ee6 Merge remote-tracking branch 'teor/feature8961-replaycache-sha256' 2015-11-25 08:55:18 -05:00
Nick Mathewson
be30c61ac1 Merge branch 'maint-0.2.7' 2015-11-25 08:53:46 -05:00
teor (Tim Wilson-Brown)
45f2e7ec04 fixup! Refuse to make direct connections to private OR addresses
Add changes file.
2015-11-25 07:55:39 +11:00
George Tankersley
1a7f6df688 add changes for feature17663 2015-11-24 02:24:22 +00:00
teor (Tim Wilson-Brown)
2e9779e5d8 Use SHA256 in the replaycache, rather than SHA1
This migrates away from SHA1, and provides further hash flooding
protection on top of the randomised siphash implementation.

Add unit tests to make sure that different inputs don't have the
same hash.
2015-11-24 09:08:53 +11:00
David Goulet
273b267fa2 Fix: use the right list in find_expiring_intro_point()
The wrong list was used when looking up expired intro points in a rend
service object causing what we think could be reachability issues and
triggering a BUG log.

Fixes #16702

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-11-23 09:02:54 -05:00
Nick Mathewson
35e886fe13 Merge branch 'getinfo-private-exitpolicy-v4-squashed' 2015-11-20 10:48:28 -05:00
teor (Tim Wilson-Brown)
10a6390deb Add controller getinfo exit-policy/reject-private
exit-policy/reject-private lists the reject rules added by
ExitPolicyRejectPrivate. This makes it easier for stem to
display exit policies.

Add unit tests for getinfo exit-policy/*.

Completes ticket #17183. Patch by "teor".
2015-11-20 10:48:19 -05:00
teor (Tim Wilson-Brown)
10dd592d74 Add changes file for ExitPolicyRejectPrivate outbound and port 2015-11-20 10:39:37 +11:00
Nick Mathewson
5f4cd245ec Merge remote-tracking branch 'teor/bug17638-ipv6-ersatz-socketpair' 2015-11-19 10:48:40 -05:00
Nick Mathewson
118bdc3a6d Merge remote-tracking branch 'public/decouple_conn_attach_2' 2015-11-19 10:44:31 -05:00
teor (Tim Wilson-Brown)
53ec840bdf Make tor_ersatz_socketpair work on IPv6-only systems
(But it won't work on some systems without IPv4/IPv6 localhost
(some BSD jails) by design, to avoid creating sockets on routable
IP addresses. However, those systems likely have the AF_UNIX socketpair,
which tor prefers.)

Fixes bug #17638; bugfix on a very early tor version,
earlier than 22dba27d8d (23 Nov 2004) / svn:r2943.

Patch by "teor".
2015-11-19 19:08:22 +11:00
teor (Tim Wilson-Brown)
86eba14ac5 Fix unit tests on systems without IPv4 or localhost addresses
Make unit tests pass on IPv6-only systems, and systems without
localhost addresses (like some FreeBSD jails).

Fixes:
* get_if_addrs_ifaddrs: systems without localhost
* get_if_addrs_ioctl: only works on IPv4 systems
* socket: check IPv4 and IPv6, skip on EPROTONOSUPPORT
* socketpair_ersatz: uses IPv4, skip on EPROTONOSUPPORT

Fixes bug #17632; bugfix on unit tests in 0.2.7.3-rc.
c464a36772 was a partial fix for this issue in #17255;
it was released in unit tests in 0.2.7.4-rc.

Patch by "teor".
2015-11-18 23:25:21 +11:00
Nick Mathewson
dc0d2b5970 Don't relaunch dir requests recursively if connection_connect() returns -1
Closes ticket 17589.
2015-11-17 09:40:05 -05:00
Nick Mathewson
b1d56fc589 Decouple ..attach_circuit() from most of its callers.
Long ago we used to call connection_ap_handshake_attach_circuit()
only in a few places, since connection_ap_attach_pending() attaches
all the pending connections, and does so regularly.  But this turned
out to have a performance problem: it would introduce a delay to
launching or connecting a stream.

We couldn't just call connection_ap_attach_pending() every time we
make a new connection, since it walks the whole connection list.  So
we started calling connection_ap_attach_pending all over, instead!
But that's kind of ugly and messes up our callgraph.

So instead, we now have connection_ap_attach_pending() use a list
only of the pending connections, so we can call it much more
frequently.  We have a separate function to scan the whole
connection array to see if we missed adding anything, and log a
warning if so.

Closes ticket #17590
2015-11-17 08:53:34 -05:00
Nick Mathewson
d467227323 Merge remote-tracking branch 'public/ticket11150_client_only' 2015-11-13 09:58:16 -05:00
Nick Mathewson
accb726db6 Remove a little duplicated code in TAP key expansion
patch from pfrankw; closes 17587.
2015-11-13 09:46:32 -05:00
Nick Mathewson
7bdbcdaed8 Merge commit '7b859fd8c558c9cf08add79db87fb1cb76537535' 2015-11-13 08:42:20 -05:00
Nick Mathewson
f7ccc9b975 Merge branch 'decouple_circuit_mark_squashed' 2015-11-12 14:20:24 -05:00
Nick Mathewson
8b4e5b7ee9 Experimentally decouple the main body of circuit_mark_for_close 2015-11-12 14:20:16 -05:00
Nick Mathewson
d20a3d07e3 Merge branch 'karsten_bug13192_026_03_teor' 2015-11-12 11:40:58 -05:00
Nick Mathewson
0a3eed5f20 Merge branch 'bug17549' 2015-11-10 10:40:31 -05:00
teor (Tim Wilson-Brown)
0d5a439292 Mark fallback directoriess as too busy after a 503 response
Mark fallback directory mirrors as "too busy" when they return
a 503 response. Previously, the code just marked authorities as busy.

Unless clients set their own fallback directories, they will never see
this bug. (There are no default fallbacks yet.)

Fixes bug 17572; bugfix on 5c51b3f1f0 released in 0.2.4.7-alpha.
Patch by "teor".
2015-11-10 09:47:48 +11:00
Yawning Angel
3e3ec750cd Fix compilation with OpenSSL 1.1.0-dev.
OpenSSL changed the API:
 * 5998e29035
 * b0700d2c8d
2015-11-06 19:02:56 +00:00
Yawning Angel
b71f6d6a47 Fix SipHash-2-4 performance for non multiple of 8 buffers.
Code cribbed from Andrew Moon's Public Domain SipHash-2-4
implementation (which IMO is also cleaner).

Fixes bug 17544.
2015-11-05 18:21:43 +00:00
Nick Mathewson
faba114a34 remove changes files that have been used in existing changelogs 2015-10-31 14:44:34 -04:00
Nick Mathewson
c1c1c4d057 Refer to the actual minima and the preferred minimum 2015-10-30 10:57:47 -04:00
Nick Mathewson
1385ab0605 Merge remote-tracking branch 'rl1987/ticket16831_part2_rebased' 2015-10-30 09:59:11 -04:00
rl1987
3c08b76fc4 Mention torspec URL in the manpage. 2015-10-30 09:25:39 -04:00
rl1987
6d8952fae0 Adding changes file. 2015-10-24 14:30:53 +03:00
Nick Mathewson
89a9d8c8d7 More 0274-rc changelog updating 2015-10-21 13:37:06 -04:00
Nick Mathewson
cd8a62a60c Merge branch 'maint-0.2.7' into release-0.2.7 2015-10-21 13:35:04 -04:00
Nick Mathewson
7b859fd8c5 Note that you can use a unix domain socket for hsport 2015-10-21 12:22:05 -04:00
Nick Mathewson
895a98dbaf Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 11:53:00 -04:00
Nick Mathewson
b809c265e7 Merge remote-tracking branch 'public/bug17404_024' into maint-0.2.7 2015-10-21 11:51:03 -04:00
Nick Mathewson
35bf07b8d6 Check for len < 4 in dn_indicates_v3_cert
Without this check, we potentially look up to 3 characters before
the start of a malloc'd segment, which could provoke a crash under
certain (weird afaik) circumstances.

Fixes 17404; bugfix on 0.2.6.3-alpha.
2015-10-21 11:44:43 -04:00
Nick Mathewson
52fd384a46 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 11:18:11 -04:00
Nick Mathewson
9c4a0aef0c Fix a memory leak in reading an expired ed signing key.
Closes 17403.
2015-10-21 11:16:28 -04:00
Nick Mathewson
cc3ce68548 Fold new entries into ChangeLog for 0.2.7.4-rc 2015-10-21 11:09:16 -04:00
Nick Mathewson
d14b009b23 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:54:12 -04:00
Nick Mathewson
aa96abe66b Fix memory leak in rend_cache_failure_entry_free()
Bug 17402.
2015-10-21 10:52:57 -04:00
Nick Mathewson
46cd466dec Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 10:00:52 -04:00
Nick Mathewson
5b2070198a Fix a use-after-free in validate_intro_point_failure. Bug 17401. Found w valgrind 2015-10-21 09:59:19 -04:00
Nick Mathewson
2461ea1faa Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-21 08:17:34 -04:00
Nick Mathewson
542cc8a5ff Fix a memory leak; bug 17398. 2015-10-21 08:17:07 -04:00
Nick Mathewson
be26c88757 Merge commit '551af4f97d37c7b4cff7a8557c1a1a647487b4cb' 2015-10-19 11:20:26 -04:00
Nick Mathewson
551af4f97d tweak some changes files 2015-10-19 11:12:43 -04:00
Nick Mathewson
a8a26ca30e Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-15 13:56:53 -04:00
Nick Mathewson
7e7683b254 Merge remote-tracking branch 'origin/maint-0.2.6' into maint-0.2.7 2015-10-15 13:56:41 -04:00
David Goulet
2ec5e24c58 Add hidserv-stats filname to our sandbox filter
Fixes #17354

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-10-15 13:42:34 -04:00
Nick Mathewson
a5ed8b1667 Fix compilation of sandbox.[ch] under musl-libc
Patch from jamestk; fix on 0.2.5.1-alpha. Fixes 17347.
2015-10-15 10:37:41 -04:00
Nick Mathewson
fa4a81518a Merge branch 'bug17347' 2015-10-15 10:36:29 -04:00
Nick Mathewson
50148dc45d Fix compilation of sandbox.[ch] under musl-libc
Patch from jamestk; fix on 0.2.5.1-alpha. Fixes 17347.
2015-10-15 10:35:45 -04:00
Nick Mathewson
4da2f89f95 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-09 10:18:42 -04:00
Nick Mathewson
7c3f210e70 Merge remote-tracking branch 'origin/maint-0.2.6' into maint-0.2.7 2015-10-09 10:14:59 -04:00
Nick Mathewson
552136668c Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-10-09 10:14:46 -04:00
Nick Mathewson
3569cffe14 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-10-09 10:12:59 -04:00
Karsten Loesing
62b02a1941 Update geoip and geoip6 to the October 9 2015 database. 2015-10-09 15:27:55 +02:00
Nick Mathewson
cd14405a43 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-07 15:21:23 -04:00
teor (Tim Wilson-Brown)
c464a36772 Make get_ifaddrs tests more tolerant of unusual network configs
* Don't assume that every test box has an IPv4 address
* Don't assume that every test box has a non-local address

Resolves issue #17255 released in unit tests in 0.2.7.3-rc.
2015-10-07 15:20:31 -04:00
Nick Mathewson
2247102657 credit tvdw 2015-10-07 10:25:00 -04:00
Nick Mathewson
bd1a137893 Remove the client-side code for the v1 and v2 tls handshakes.
(This is safe since super-old Tor servers are no longer allowed on
the network.)

Closes the client-side part of 11150.
2015-10-07 10:04:12 -04:00
Nick Mathewson
4e34ef87a4 changes file for 17078 2015-10-07 09:34:49 -04:00
Nick Mathewson
aaa27b995c changes file for #16563 2015-10-06 11:02:55 -04:00
Nick Mathewson
bfd9dccdb8 Merge remote-tracking branch 'origin/maint-0.2.7' 2015-10-06 09:06:57 -04:00
Nick Mathewson
1eb838b303 Work around openssl declaring x509_get_not{Before,After} as functions
Now that x509_get_not{Before,After} are functions in OpenSSL 1.1
(not yet releasesd), we need to define a variant that takes a const
pointer to X509 and returns a const pointer to ASN1_time.

Part of 17237. I'm not convinced this is an openssl bug or a tor
bug. It might be just one of those things.
2015-10-06 09:04:37 -04:00
Nick Mathewson
f7ce93d979 Fix 17251: avoid integer overflow in test_crypto_slow 2015-10-06 08:58:03 -04:00
Nick Mathewson
92c436ccbc Fix warnings. 2015-10-02 15:12:04 +02:00
Nick Mathewson
7bd2247483 changes file for 17082 2015-10-02 14:35:16 +02:00
Nick Mathewson
67182226f1 Merge remote-tracking branch 'teor/warn-when-time-goes-backwards' 2015-10-02 13:56:28 +02:00
Nick Mathewson
488e9a0502 Merge remote-tracking branch 'teor/routerset-parse-IPv6-literals'
(Minor conflicts)
2015-10-02 13:54:20 +02:00
Nick Mathewson
0b3190d4b7 Merge remote-tracking branch 'donncha/feature14846_4' 2015-10-02 13:40:26 +02:00
Nick Mathewson
3b09322c9b Merge remote-tracking branch 'sebastian/bug17026' 2015-10-02 13:15:36 +02:00
Nick Mathewson
ac8c5ec67a Clean up compat_libevent tests 2015-10-02 13:13:58 +02:00
Peter Palfrader
1cf0d82280 Add SyslogIdentityTag
When logging to syslog, allow a tag to be added to the syslog identity
("Tor"), i.e. the string prepended to every log message.  The tag can be
configured by setting SyslogIdentityTag and defaults to none.  Setting
it to "foo" will cause logs to be tagged as "Tor-foo".  Closes: #17194.
2015-09-30 18:34:15 +02:00
teor (Tim Wilson-Brown)
cd279ca7f5 Warn when the system clock is set back in time
Warn when the state file was last written in the future.
Tor doesn't know that consensuses have expired if the clock is in the past.

Patch by "teor". Implements ticket #17188.
2015-09-30 13:33:56 +02:00
Nick Mathewson
87dee5c651 Socks->SOCKS in torrcs. Fixes 15609 2015-09-29 10:20:31 +02:00
teor (Tim Wilson-Brown)
7fa102b487 Add checks and unit tests for get_interface_address* failure
Ensure that either a valid address is returned in address pointers,
or that the address data is zeroed on error.

Ensure that free_interface_address6_list handles NULL lists.

Add unit tests for get_interface_address* failure cases.

Fixes bug #17173.
Patch by fk/teor, not in any released version of tor.
2015-09-29 10:17:05 +02:00
Nick Mathewson
216a9f7aec Changes file for bug17154 2015-09-29 10:10:52 +02:00
Nick Mathewson
546d70dc7c Add changes file for bug17151 2015-09-29 10:08:02 +02:00
Nick Mathewson
2a902ae525 fold 17148 into changelog 2015-09-24 15:31:50 -04:00
Nick Mathewson
eb2188168e Stop trying to generate test scripts via autoconf substitution.
Use environment variables instead. This repairs 'make distcheck',
which was running into trouble when it tried to chmod the generated
scripts.

Fixes 17148.
2015-09-24 15:07:39 -04:00
Nick Mathewson
458ccd38dd fold 17135 into changelog 2015-09-24 11:56:00 -04:00
Nick Mathewson
a395d1aa46 Merge branch 'underpinning_squashed' 2015-09-24 11:29:14 -04:00
Nick Mathewson
51d18aeb42 changes file and manpage entry for AuthDirPinKeys 2015-09-24 11:29:05 -04:00
Nick Mathewson
2d139f77d7 Fold new entries into changelog 2015-09-24 11:00:30 -04:00
Nick Mathewson
09e272eb1e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-09-24 10:06:36 -04:00
Nick Mathewson
fb5a858a35 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-09-24 10:06:15 -04:00
Nick Mathewson
809217e6f3 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-09-24 10:06:00 -04:00
Karsten Loesing
8b3e0b7729 Update geoip and geoip6 to the September 3 2015 database. 2015-09-24 15:08:15 +02:00
Nick Mathewson
df0b4f0342 Merge branch 'feature16769_squashed' 2015-09-22 09:26:30 -04:00
Nick Mathewson
8234fa0053 Remove --master-key form the changes file 2015-09-22 09:24:35 -04:00
Nick Mathewson
bca4211de5 Add a --master-key option
This lets the user override the default location for the master key
when used with --keygen

Part of 16769.
2015-09-22 09:24:35 -04:00
Nick Mathewson
d8f031aec2 Add a new --newpass option to add or remove secret key passphrases. 2015-09-22 09:24:35 -04:00
Nick Mathewson
e94ef30a2f Merge branch 'feature16944_v2' 2015-09-22 09:19:28 -04:00
Nick Mathewson
99f94feb6a Merge branch 'bug17109_v2_squashed' 2015-09-22 08:36:39 -04:00
Sebastian Hahn
ae98dd255b Check that openssl has ECC support during configure
This allows builds on machines with a crippled openssl to fail early
during configure. Bugfix on 0.2.7.1-alpha, which introduced the
requirement for ECC support. Fixes bug 17109.
2015-09-22 08:36:28 -04:00
teor (Tim Wilson-Brown)
249e82c906 Update docs with advice for separate IPv4 and IPv6 exit policies
Advise users how to configure separate IPv4 and IPv6 exit
policies in the manpage and sample torrcs.

Related to fixes in ticket #16069 and #17027. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-22 11:41:16 +10:00
Nick Mathewson
d27534eeb5 fold new entries into changelog for 0.2.7.3 2015-09-21 13:58:20 -04:00
Nick Mathewson
c84f3c9177 Merge remote-tracking branch 'public/bug17047' 2015-09-16 08:46:13 -04:00
teor (Tim Wilson-Brown)
a659a3fced Merge branch 'bug17027-reject-private-all-interfaces-v2' into bug16069-bug17027
src/test/test_policy.c:
Merged calls to policies_parse_exit_policy by adding additional arguments.
fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED.
Compacting logic test now produces previous list length of 4, corrected this.

src/config/torrc.sample.in:
src/config/torrc.minimal.in-staging:
Merged torrc modification dates in favour of latest.
2015-09-16 09:09:54 +10:00
teor (Tim Wilson-Brown)
098b82c7b2 ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses
ExitPolicyRejectPrivate now rejects more local addresses by default:
 * the relay's published IPv6 address (if any), and
 * any publicly routable IPv4 or IPv6 addresses on any local interfaces.

This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.

Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-16 02:56:50 +10:00
teor (Tim Wilson-Brown)
d3358a0a05 ExitPolicy accept6/reject6 produces IPv6 wildcard addresses only
In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.

To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.

Resolves bug #16069.

Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
36ad8d8fdc Warn about redundant torrc ExitPolicy lines due to accept/reject *:*
Tor now warns when ExitPolicy lines occur after accept/reject *:*
or variants. These lines are redundant, and were always ignored.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
e033d5e90b Ignore accept6/reject6 IPv4, warn about unexpected rule outcomes
When parsing torrc ExitPolicies, we now warn if:
  * an IPv4 address is used on an accept6 or reject6 line. The line is
    ignored, but the rest of the policy items in the list are used.
    (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.)
  * a "private" address alias is used on an accept6 or reject6 line.
    The line filters both IPv4 and IPv6 private addresses, disregarding
    the 6 in accept6/reject6.

When parsing torrc ExitPolicies, we now issue an info-level message:
  * when expanding an accept/reject * line to include both IPv4 and IPv6
    wildcard addresses.

In each instance, usage advice is provided to avoid the message.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:03 +10:00
teor (Tim Wilson-Brown)
31eb486c46 Add get_interface_address[6]_list for a list of interface IP addresses
Add get_interface_address[6]_list by refactoring
get_interface_address6. Add unit tests for new and existing functions.

Preparation for ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-15 17:04:18 +10:00
teor (Tim Wilson-Brown)
c58b3726d6 Allow IPv6 literal addresses in routersets
routerset_parse now accepts IPv6 literal addresses.

Fix for ticket 17060. Patch by "teor".
Patch on 3ce6e2fba2 (24 Jul 2008), and related commits,
released in 0.2.1.3-alpha.
2015-09-14 20:01:36 +10:00
Nick Mathewson
902517a7c0 Use SSL_get_client_ciphers() on openssl 1.1+, not SSL_get_ciphers...
(which isn't correct.)

Fixes bug 17047; bugfix on 0.2.7.2-alpha, introduced by the merge in
0030765e04, apparently.
2015-09-13 11:51:51 -04:00
Nick Mathewson
41891cbf93 Merge remote-tracking branch 'public/ed25519_hup_v2' 2015-09-10 10:37:13 -04:00
Nick Mathewson
2f8c0584bf Fold changes files into changelog 2015-09-09 09:44:31 -04:00
Nick Mathewson
638e5f976b Fix warnings from lintChanges 2015-09-09 09:35:05 -04:00
Sebastian Hahn
46e22762fa Keep unused smartlist storage zeroed
Helps catch bugs with our smartlist usage and shouldn't be too
expensive. If it shows up in profiles we can re-investigate.
2015-09-09 15:23:25 +02:00
Nick Mathewson
98be93d6d7 changes file for 16953 2015-09-08 14:44:34 -04:00
Nick Mathewson
fcec1f3381 Merge branch 'feature15482_squashed' 2015-09-08 14:03:04 -04:00
Yawning Angel
54510d4d1a Add KeepAliveIsolateSOCKSAuth as a SOCKSPort option.
This controls the circuit dirtyness reset behavior added for Tor
Browser's user experience fix (#15482). Unlike previous iterations
of this patch, the tunable actually works, and is documented.
2015-09-08 14:02:08 -04:00
Nick Mathewson
280672bdbc Handle negative inputs to crypto_random_time_range().
(These inputs are possible when Shadow starts the world at time_t 0,
and breaks our assumption that Tor didn't exist in the 1970s.)

Fixes regression introduced in 241e6b09. Fixes #16980.
2015-09-08 10:22:01 -04:00
Donncha O'Cearbhaill
08b1738a18 Add changelog entry for feature #14846 2015-09-08 12:34:05 +02:00
Nick Mathewson
0ba4e0895a Add "OfflineMasterKey" option
When this is set, and Tor is running as a relay, it will not
generate or load its secret identity key.  You can manage the secret
identity key with --keygen.  Implements ticket 16944.
2015-09-04 09:55:07 -04:00
Nick Mathewson
aa430c7225 Now normalize_exit has a bug number. 2015-09-03 15:10:57 -04:00
Nick Mathewson
e73206f681 Only return 0..255 from main().
I think this may fix some bugs with windows exit codes being screwy.
2015-09-03 11:38:00 -04:00
Nick Mathewson
eb71777bb2 Merge remote-tracking branch 'dgoulet/bug15963_026_01' 2015-09-02 16:00:07 -04:00
David Goulet
d6bfedb8e5 Don't vote HSDir if we aren't voting Fast
Fixes #15963

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 17:03:00 +02:00
David Goulet
07b3028db7 Prohibit the use of one entry node with an HS
In a nutshell, since a circuit can not exit at its entry point, it's very
easy for an attacker to find the hidden service guard if only one EntryNodes
is specified since for that guard, the HS will refuse to build a rendezvous
circuit to it.

For now, the best solution is to stop tor to allow a single EntryNodes for
an hidden service.

Fixes #14917

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 10:47:20 -04:00
Nick Mathewson
f6bd8fbb80 Let recent relays run with the chutney sandbox.
Fixes 16965
2015-09-02 09:59:50 -04:00
Nick Mathewson
910e25358a Let bridge authorities run under the sandbox
(found thanks to teor's chutney haxx)
2015-09-02 09:59:22 -04:00
Nick Mathewson
fe4273fdc1 Merge remote-tracking branch 'teor/autodetect-chutney-path' 2015-09-02 09:17:24 -04:00
Nick Mathewson
569368e5a9 Merge remote-tracking branch 'teor/master' 2015-09-02 09:15:16 -04:00
David Goulet
d40358d91e Enable hidden service statistics by default
HiddenServiceStatistics option is now set to "1" by default.

Fixes #15254

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 13:53:36 +02:00
Nick Mathewson
fc191df930 Remove the unused "nulterminate" option to buf_pullup()
I was going to add a test for this, but I realized that it had no
users.  So, removed.
2015-09-01 14:36:25 -04:00
teor (Tim Wilson-Brown)
5cde98e882 Test bridges and hidden services in make test-network
Make "bridges+hs" the default test network. This tests almost all
tor functionality during make test-network, while allowing tests
to succeed on non-IPv6 systems.

Requires chutney commit 396da92 in test-network-bridges-hs.

Closes tickets 16945 (tor), 16946 (chutney) . Patches by "teor".
2015-09-02 00:52:30 +10:00
Nick Mathewson
0e60c52c6c Merge branch 'ticket16901' 2015-09-01 10:42:47 -04:00
Nick Mathewson
2c5fec15f7 Merge remote-tracking branch 'sebastian/channel_free_list' 2015-09-01 09:19:00 -04:00
Sebastian Hahn
6034e21331 Include doc/TUNING in our release tarballs 2015-09-01 09:15:11 -04:00
Sebastian Hahn
bbb73eaf31 properly delete current channel in channel_free_list
channel_unregister() removes channels from the current smartlist while
we're in a SMORTLIST_FOREACH loop. This only works by accident.
2015-09-01 15:10:10 +02:00
Nick Mathewson
b79e90f6ba Fail in configure when openssl is too old. #16901. 2015-09-01 09:02:12 -04:00
rl1987
54565ca804 Remove -F from tor-resolve(1) usage message. 2015-08-30 21:57:24 +03:00
teor (Tim Wilson-Brown)
d9948dfc9d Autodetect CHUTNEY_PATH if chutney is next to tor
If the chutney and tor sources are side-by-side in the same
parent directory, autodetect the chutney path.

Closes ticket 16903. Patch by "teor".
2015-08-27 10:31:35 +10:00
Nick Mathewson
e8675dc7fc Merge remote-tracking branch 'rl1987/test_dns_resolve_rebased' 2015-08-26 11:32:40 -04:00
Nick Mathewson
2afbe0ae28 Expand changes file 2015-08-25 09:37:52 -04:00
Andreas Stieger
19df037e53 Log malformed hostnames in socks5 request respecting SafeLogging 2015-08-25 09:36:34 -04:00
rl1987
99a03b2389 Adding changes file. 2015-08-23 16:06:41 +03:00
Sebastian Hahn
32220d38c0 Ensure worker threads actually exit when it is time
This includes a small refactoring to use a new enum (workqueue_reply_t)
for the return values instead of just ints.
2015-08-21 10:36:53 -04:00
Nick Mathewson
037e8763a7 Reload Ed25519 keys on sighup.
Closes ticket 16790.
2015-08-19 13:37:21 -04:00
Nick Mathewson
428bb2d1c8 Merge branch 'ed25519_keygen_squashed' 2015-08-19 13:36:59 -04:00
Nick Mathewson
8589c47049 changes file for ed25519_keygen branch 2015-08-19 13:36:51 -04:00
Nick Mathewson
2f5202c636 Merge remote-tracking branch 'teor/feature14882-TestingDirAuthVoteIsStrict-v3' 2015-08-18 09:53:50 -04:00
Nick Mathewson
eafae7f677 Merge branch 'decouple_controller_events_squashed' 2015-08-18 08:56:31 -04:00
Nick Mathewson
bab221f113 Refactor our logic for sending events to controllers
Previously we'd put these strings right on the controllers'
outbufs. But this could cause some trouble, for these reasons:

  1) Calling the network stack directly here would make a huge portion
     of our networking code (from which so much of the rest of Tor is
     reachable) reachable from everything that potentially generated
     controller events.

  2) Since _some_ events (EVENT_ERR for instance) would cause us to
     call connection_flush(), every control_event_* function would
     appear to be able to reach even _more_ of the network stack in
     our cllgraph.

  3) Every time we generated an event, we'd have to walk the whole
     connection list, which isn't exactly fast.

This is an attempt to break down the "blob" described in
http://archives.seul.org/tor/dev/Mar-2015/msg00197.html -- the set of
functions from which nearly all the other functions in Tor are
reachable.

Closes ticket 16695.
2015-08-18 08:55:28 -04:00
teor
359faf5e4b New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags
"option to prevent guard,exit,hsdir flag assignment"

"A node will never receive the corresponding flag unless
that node is specified in the
TestingDirAuthVote{Exit,Guard,HSDir} list, regardless of
its uptime, bandwidth, exit policy, or DirPort".

Patch modified by "teor": VoteOnHidServDirectoriesV2
is now obsolete, so TestingDirAuthVoteHSDir always
votes on HSDirs.

Closes ticket 14882. Patch by "robgjansen".
Commit message and changes file by "teor"
with quotes from "robgjansen".
2015-08-18 14:51:57 +10:00
Nick Mathewson
d07fe5dffe Merge remote-tracking branches 'public/decouple_lost_owner' and 'public/decouple_signals' 2015-08-17 16:24:45 -04:00
Nick Mathewson
7efdf5cb49 Merge remote-tracking branch 'yawning/feature16535' 2015-08-17 14:53:46 -04:00
Yawning Angel
a77616f605 Enable ed25519-donna's SSE2 code when possible for 32 bit x86.
This probably requires the user to manually set CFLAGS, but should
result in a net gain on 32 bit x86. Enabling SSE2 support would be
possible on x86_64, but will result in slower performance.

Implements feature #16535.
2015-08-17 18:41:41 +00:00
Nick Mathewson
f724b2e5aa Merge remote-tracking branch 'public/bug16741_026' 2015-08-17 14:40:27 -04:00
Nick Mathewson
5fe18bcf54 Merge remote-tracking branch 'yawning/feature16533' 2015-08-17 14:16:20 -04:00
Nick Mathewson
573bd1f033 Merge remote-tracking branch 'public/decouple_retry_directory' 2015-08-17 13:50:19 -04:00
Nick Mathewson
98b2a3b3d5 Increase AccountingMax example value to 40 GB.
(Change not made in torrc.minimal.in; only in torrc.sample and
torrc.minimal.in-staging)

Closes ticket 16742.
2015-08-14 09:54:29 -04:00
Nick Mathewson
34aefe6f38 Merge remote-tracking branch 'public/decouple_init_keys' 2015-08-14 08:40:51 -04:00
Nick Mathewson
e62518865b Decouple routerlist_retry_directory_downloads() from the blob
Instead of having it call update_all_descriptor_downloads and
update_networkstatus_downloads directly, we can have it cause them to
get rescheduled and called from run_scheduled_events.

Closes ticket 16789.
2015-08-13 09:45:30 -04:00
Nick Mathewson
c7c73f1178 Change lost_owning_controller() to call activate_signal().
Closes ticket 16788.
2015-08-13 09:17:41 -04:00
David Goulet
0b3fe6272e Add changes file for #16389
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-13 15:09:35 +02:00
Nick Mathewson
6b26962966 Merge branch 'bug16539' 2015-08-12 13:35:53 -04:00
Nick Mathewson
2088b3b8e2 whoops; add a stale changes file 2015-08-12 12:31:03 -04:00
Nick Mathewson
9deb3c61fe Fix a memory leak when adding an ri with expired ed certs
Fixes bug 16539; bugfix on 0.2.7.2-alpha.
2015-08-12 12:27:45 -04:00
Yawning Angel
78fad380cd Use ed25519-donna's batch verification support when applicable.
The code was always in our Ed25519 wrappers, so enable it when using
the ed25519-donna backend, and deal with the mocking related
crypto_rand silliness.

Implements feature 16533.
2015-08-12 16:01:28 +00:00
Nick Mathewson
b65d53519a Decouple the backend for directory_all_unreachable to simplify our CFG
See ticket 16762.
2015-08-12 11:02:20 -04:00
Nick Mathewson
835e09e54b Split the client-only parts of init_keys() into a separate function
This should simplify the callgraph a little more.
2015-08-11 10:41:20 -04:00
Nick Mathewson
7ee7149389 Make HSDir depend on Running/Valid again.
When we removed Running/Valid checks from Fast and Stable in 8712, I
removed them from HSDir too, which apparently wasn't a good idea.

Reverts part of a65e835800.  Fixes bug 16524. Bugfix
on 0.2.7.2-alpha.
2015-08-11 08:42:19 -04:00
Nick Mathewson
8afbc154f7 Remove a 9-function strongly connected component of tor's callgraph.
microdesc_free_() called get_microdesc_cache(), which had the fun
side-effect of potentially reloading the whole cache from disk.
Replace it with a variant that doesn't.
2015-08-10 15:00:17 -04:00
Nick Mathewson
8c92ffab22 Merge remote-tracking branch 'dgoulet/bug16274_027_02' 2015-08-10 11:49:04 -04:00
Nick Mathewson
720a9ccb2f Check for EINTR correctly on windows
(even though these are nonblocking calls and EINTR shouldn't be possible).

Also, log what error we're seing if drain_fn fails.
2015-08-07 09:12:33 -04:00
Nick Mathewson
887d86b76d Merge remote-tracking branch 'public/decouple-write' 2015-08-06 12:58:18 -04:00
Nick Mathewson
e86c3b283a Merge remote-tracking branch 'public/bug16286' 2015-08-06 12:44:13 -04:00
David Goulet
79798a2363 Set the open file limit to the current value before changing it
If setrlimit() failed, max_out wasn't set in set_max_file_descriptors()
ending in a state where we don't use ULIMIT_BUFFER for things like tor
private key files.

Also fix the set_max_file_descriptors() documentation.

Fixes #16274

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-05 13:17:33 -04:00
Nick Mathewson
1d63ecbed0 Let's try to get test_workqueue working on windows 2015-08-05 10:34:46 -04:00
Nick Mathewson
9e07dfa34b Merge remote-tracking branch 'public/bug13338' 2015-08-04 14:00:58 -04:00
cypherpunks
b3ea3c8e2f Switch order of unblocking threads and releasing the mutex.
According to POSIX, the mutex must be locked by the thread calling the signal
functions to ensure predictable scheduling behavior.

Found the issue using Helgrind which gave the warning `dubious: associated lock
is not held by any thread`.
2015-08-04 13:35:02 -04:00
Nick Mathewson
62e6513b48 When building with coverage, run chutney with coverage
Previously, this required me to do stuff like
  'cp src/or/tor-cov src/or/tor' ,
which is pretty embarrassing.
2015-08-03 13:23:58 -04:00
Nick Mathewson
6de49f4d9a Improved targets for "run all the tests, no, all of them." 2015-08-03 13:03:58 -04:00
Nick Mathewson
20254907d7 Improve log messages for problems about ed25519 keypinning
Fixes 16286; bugfix on 0.2.7.2-alpha.
2015-07-31 10:47:39 -04:00
David Goulet
8c83e8cec0 Add get_max_sockets() and remove dead code
The control port was using set_max_file_descriptors() with a limit set to 0
to query the number of maximum socket Tor can use. With the recent changes
to that function, a check was introduced to make sure a user can not set a
value below the amount we reserved for non socket.

This commit adds get_max_sockets() that returns the value of max_sockets so
we can stop using that "setter" function to get the current value.

Finally, the dead code is removed that is the code that checked for limit
equal to 0. From now on, set_max_file_descriptors() should never be used
with a limit set to 0 for a valid use case.

Fixes #16697

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-30 15:21:12 -04:00
Nick Mathewson
aadff62745 Do not autoflush control connections as their outbufs get big
Doing this is no longer necessary, and it leads to weird recursions in
our call graph.  Closes ticket 16480.
2015-07-30 13:31:27 -04:00
Nick Mathewson
2369f81403 changes file for callgraph scripts 2015-07-30 12:35:52 -04:00
Nick Mathewson
beac91cf08 Wrap windows-only C files in #ifdef _WIN32
This should make some scripts and IDEs happier.
2015-07-30 11:14:15 -04:00
Nick Mathewson
7b7cb0d779 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-07-29 10:48:29 -04:00
Nick Mathewson
9d86f6665a Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-07-29 10:48:13 -04:00
Nick Mathewson
01bb260f31 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-07-29 10:47:07 -04:00
Nick Mathewson
8b1f88eded Merge remote-tracking branch 'teor/feature14175-chutney-performance-v2' 2015-07-29 10:36:23 -04:00
Karsten Loesing
7004d67430 Update geoip and geoip6 to the July 8 2015 database. 2015-07-29 15:49:04 +02:00
Nick Mathewson
36c0ae6f78 Fold final entries into changelog 2015-07-27 10:53:09 -04:00
Yawning Angel
da6aa7bfa5 Allow a single trailing . when validating FQDNs from SOCKS.
URI syntax (and DNS syntax) allows for a single trailing `.` to
explicitly distinguish between a relative and absolute
(fully-qualified) domain name. While this is redundant in that RFC 1928
DOMAINNAME addresses are *always* fully-qualified, certain clients
blindly pass the trailing `.` along in the request.

Fixes bug 16674; bugfix on 0.2.6.2-alpha.
2015-07-27 12:58:40 +00:00
Nick Mathewson
382c27d8a9 Merge branch 'ticket2325_squashed' 2015-07-22 12:24:21 -04:00
Nick Mathewson
6e1eaa936a changes file for bug16631 2015-07-21 13:59:25 -04:00
Nick Mathewson
7521c3ee91 Document the torrc format as thoroughly as possible
Closes ticket 2325
2015-07-20 12:05:44 -04:00
Nick Mathewson
0a329a7a05 Merge remote-tracking branch 'public/bug16162_026' 2015-07-20 11:01:58 -04:00
Nick Mathewson
6632a731fd Use a more recommended syntax for the systemd unit file
closes 16162.
2015-07-20 11:01:34 -04:00
Nick Mathewson
60a52ed83d Add the remaining changes items to ChangeLog for 0.2.7.2-alpha 2015-07-16 16:06:25 -04:00
Nick Mathewson
515de3ac19 Make all changes files work with lintChanges 2015-07-16 16:04:56 -04:00
Nick Mathewson
579a73c9bc Start changelog sections that are straight copies from 0.2.6 2015-07-16 15:55:54 -04:00
Nick Mathewson
6a08bcf530 Merge remote-tracking branch 'public/ticket16543' 2015-07-16 15:47:00 -04:00
Nick Mathewson
2ba6542517 Merge remote-tracking branch 'sysrqb/bug15220_026_sysrqb' 2015-07-16 15:38:08 -04:00
Nick Mathewson
8cb5070376 Use C99 variadic macros when not on GCC.
1) We already require C99.

2) This allows us to support MSVC again (thanks to Gisle Vanem for
   this part)

3) This change allows us to dump some rotten old compatibility code
   from log.c
2015-07-15 14:43:35 -04:00
Nick Mathewson
d2cb923320 Remove tor-fw-helper code
It did a good idea, but the code-quality of libupnpc and libnatpnp
is so dodgy that I'm not really comfortable including them alongside
Tor proper.  Instead, we'll recommend that people do the pure-go
reimplementation instead.  Closes ticket 13338.
2015-07-14 14:48:22 -04:00
Nick Mathewson
a65e835800 Add changes file for 8712; apply it to HSDir flag as well. 2015-07-14 14:03:30 -04:00
Nick Mathewson
2f8cf524ba Remove the HidServDirV2 and VoteOnHidServDirectoriesV2 options
(Mark them as obsolete)

Closes 16543.
2015-07-10 09:05:26 -04:00
Nick Mathewson
0ca98c1ee5 Merge branch 'libscrypt_eq_openssl_squashed' 2015-07-09 16:31:42 -04:00
rl1987
a13d0fd342 Adding changes file for 16189. 2015-07-09 16:31:22 -04:00
Nick Mathewson
a6a0759e3a Merge remote-tracking branch 'yawning/feature16467_9663' 2015-07-09 12:53:55 -04:00
Nick Mathewson
327efe9190 Merge branch 'bug4862_027_04_squashed' 2015-07-09 12:05:14 -04:00
teor
57c61f39a0 Always use the sandbox in tor_open_cloexec
Use the sandbox in tor_open_cloexec, whether or not O_CLOEXEC is defined.
Patch by "teor". Fix on 0.2.3.1-alpha.
2015-07-08 02:17:31 +10:00
Yawning Angel
840e68d917 Integrate and enable ed25519-donna.
The runtime sanity checking is slightly different from the optimized
basepoint stuff in that it uses a given implementation's self tests if
available, and checks if signing/verification works with a test vector
from the IETF EdDSA draft.

The unit tests include a new testcase that will fuzz donna against ref0,
including the blinding and curve25519 key conversion routines.  If this
is something that should be done at runtime (No?), the code can be
stolen from there.

Note: Integrating batch verification is not done yet.
2015-07-06 10:11:10 +00:00
Yawning Angel
f079c27761 Integrate the accelerated Curve25519 scalar basemult.
Integration work scavanged from nickm's `ticket8897_9663_v2` branch,
with minor modifications.  Tor will still sanity check the output but
now also attempts to catch extreme breakage by spot checking the
optimized implementation vs known values from the NaCl documentation.

Implements feature 9663.
2015-07-06 09:57:23 +00:00
teor
128d4a6896 Add chutney performance testing support to src/test/test-network.sh
The following arguments change how chutney verifies the network:
--bytes n             sends n bytes per test connection (10 KBytes)
--connections n       makes n test connections per client (1)
--hs-multi-client 1   makes each client connect to each HS (0)
Requires the corresponding chutney performance testing changes.
Note: using --connections 7 or greater on a HS will trigger #15937.
Patch by "teor".
2015-07-06 16:59:15 +10:00
Nick Mathewson
19440b9e58 Make test_workqueue.c faster, and on-by-default.
Instead of having a 30-second timer be the only way to end the test,
add a 2 second shutdown timer when the test is actually about to be over.
2015-07-03 14:38:14 -04:00
cypherpunks
65a1e27bc4 Use the configured Python executable to run test-stem-full. 2015-07-02 09:51:28 -04:00
Nick Mathewson
d9052c629b Remove checks for visual C 6. 2015-06-29 12:55:03 -04:00
Nick Mathewson
66c73abe03 Move windows header macros into orconfig.h
This should prevent duplicated code, and lower the likelihood of
accidentally making them inconsistent.
2015-06-29 12:47:55 -04:00
David Goulet
adc04580f8 Add the torrc option HiddenServiceNumIntroductionPoints
This is a way to specify the amount of introduction points an hidden service
can have. Maximum value is 10 and the default is 3.

Fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
Nick Mathewson
80fb1ef8ba Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-25 11:46:16 -04:00
Nick Mathewson
418b6f8197 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-06-25 11:43:17 -04:00
Nick Mathewson
fd082c394b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-06-25 11:43:04 -04:00
Nick Mathewson
fde4199e1c Merge remote-tracking branch 'karsten/geoip6-jun2015' into maint-0.2.4 2015-06-25 11:42:47 -04:00
Nick Mathewson
cb8c5c023f Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-06-25 11:42:31 -04:00
Nick Mathewson
3149bfc254 Merge branch 'bug16288_027_03_squashed' 2015-06-25 11:30:52 -04:00
David Goulet
699acd8d54 Validate the open file limit when creating a socket
Fixes #16288

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-25 11:30:47 -04:00
Nick Mathewson
bd73168307 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-25 11:14:53 -04:00
Nick Mathewson
1c1d71fe1a Merge remote-tracking branch 'public/bug16013_025' into maint-0.2.6 2015-06-25 11:14:44 -04:00
Nick Mathewson
68eaaed798 Avoid crashing on busy/NEWNYM+hidden service clients
When we ran out of intro points for a hidden service (which could
happen on a newnym), we would change the connection's state back to
"waiting for hidden service descriptor."  But this would make an
assertion fail if we went on to call circuit_get_open_circ_or_launch
again.

This fixes bug 16013; I believe the bug was introduced in
38be533c69, where we made it possible for
circuit_get_open_circ_or_launch() to change the connection's state.
2015-06-25 11:10:43 -04:00
Nick Mathewson
fce2a15ffb Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-25 10:41:15 -04:00
Nick Mathewson
03e3cf6a7a Merge remote-tracking branch 'public/bug16400_026' into maint-0.2.6 2015-06-25 10:40:58 -04:00
Yawning Angel
3f336966a2 Work around nytimes.com's broken hostnames in our SOCKS checks.
RFC 952 is approximately 30 years old, and people are failing to comply,
by serving A records with '_' as part of the hostname.  Since relaxing
the check is a QOL improvement for our userbase, relax the check to
allow such abominations as destinations, especially since there are
likely to be other similarly misconfigured domains out there.
2015-06-24 13:52:29 +00:00
Nick Mathewson
e0b7598833 Repair breakage in early-error case of microdesc parsing
When I fixed #11243, I made it so we would take the digest of a
descriptor before tokenizing it, so we could desist from download
attempts if parsing failed.  But when I did that, I didn't remove an
assertion that the descriptor began with "onion-key".  Usually, this
was enforced by "find_start_of_next_microdescriptor", but when
find_start_of_next_microdescriptor returned NULL, the assertion was
triggered.

Fixes bug 16400.  Thanks to torkeln for reporting and
cypherpunks_backup for diagnosing and writing the first fix here.
2015-06-22 13:51:56 -04:00
Nick Mathewson
583a387c1e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-18 11:33:24 -04:00
Nick Mathewson
f18ee7fc72 Merge remote-tracking branch 'dgoulet/bug16381_026_01-revert' into maint-0.2.6 2015-06-18 11:30:01 -04:00
Nick Mathewson
be32777aa5 changes file for 13642 2015-06-17 10:51:39 -04:00
David Goulet
a5b5d4bd2e Extend intro point to a 4th hop on cannibalization
Fixes #16260

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-17 09:32:26 -04:00
Nick Mathewson
43a98c7da6 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-17 09:19:11 -04:00
Nick Mathewson
c8cb55659a Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-06-17 09:18:45 -04:00
teor
75388f67c0 Correctly handle failed crypto_early_init
If crypto_early_init fails, a typo in a return value from tor_init
means that tor_main continues running, rather than returning
an error value.

Fixes bug 16360; bugfix on d3fb846d8c in 0.2.5.2-alpha,
introduced when implementing #4900.

Patch by "teor".
2015-06-17 09:18:32 -04:00
David Goulet
8acf5255c2 Revert "Do not replace a HS descriptor with a different replica of itself"
This reverts commit 9407040c59.

Small fix, "e->received" had to be removed since that variable doesn't exist
anymore.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-16 13:41:42 -04:00
Nick Mathewson
130a9c0ac8 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-15 10:19:46 -04:00
Nick Mathewson
59fa0c2d99 Fix another seccomp2 issue
Allow pipe() and pipe2() syscalls; we need these when eventfd2()
support is missing. Fixes bug 16363; bugfix on 0.2.6.3-alpha.  Patch
from "teor".
2015-06-15 10:13:11 -04:00
Karsten Loesing
08e14e1448 Update geoip6 to the June 3 2015 database. 2015-06-09 16:28:48 +02:00
Karsten Loesing
e5907e94c2 Update geoip to the June 3 2015 database. 2015-06-09 16:26:10 +02:00
Nick Mathewson
64bdf040f0 Merge remote-tracking branch 'teor/feature15817-clang-sanitizers' 2015-06-08 10:57:25 -04:00
Nick Mathewson
c0c0a6085e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-08 10:33:38 -04:00
David Goulet
6785f0b65a HSDir flag now requires the Stable flag
Fixes #8243
2015-06-08 10:28:35 -04:00
teor
bc0a9843e5 Add instructions for clang sanitizers, static analyzer, and coverity
Document use of coverity, clang static analyzer, and clang dynamic
undefined behavior and address sanitizers in doc/HACKING.

Add clang dynamic sanitizer blacklist in
contrib/clang/sanitizer_blacklist.txt to exempt known undefined
behavior. Include detailed usage instructions in this blacklist file.

Patch by "teor".
2015-06-06 04:04:23 +10:00
Nick Mathewson
2f67a6e8c9 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-04 15:02:47 -04:00
Yawning Angel
f2ff814582 Set session_group after the port's data structure has been populated.
Fixes #16247, patch by "jojelino".
2015-06-04 13:53:35 +00:00
Nick Mathewson
34edf17d88 Merge remote-tracking branch 'teor/bug16115-minor-fixes' 2015-06-02 14:51:13 -04:00
Nick Mathewson
e8386cce1c Merge remote-tracking branch 'origin/maint-0.2.6' 2015-06-02 14:29:37 -04:00
Peter Palfrader
a68e5323f8 Fix sandboxing to work when running as a relay
This includes correctly allowing renaming secret_id_key and allowing the
eventfd2 and futex syscalls.  Fixes bug 16244; bugfix on 0.2.6.1-alpha.
2015-06-02 14:20:01 -04:00
teor
6d8a2ff24f Check for NULL values in getinfo_helper_onions
Fix on 915c7438a7 in Tor 0.2.7.1-alpha.
2015-06-03 04:19:06 +10:00
teor
383a27afc5 Ensure signing_key is non-NULL before accessing one of its members
signing_key can be NULL in ed_key_init_from_file in routerkeys.c.
Discovered by clang 3.7 address sanitizer.

Fix on c03694938e, not in any released version of Tor.
2015-06-03 04:19:05 +10:00
teor
e0477de0e2 Remove undefined directive-in-macro in test_util_writepid
clang 3.7 complains that using a preprocessor directive inside
a macro invocation in test_util_writepid in test_util.c is undefined.

Fix on 79e85313aa on 0.2.7.1-alpha.
2015-06-03 04:19:05 +10:00
teor
2b73dbf2a4 Always initialise return value in compute_desc_id in rendcommon.c
Fix on e6a581f126, released in 0.2.7.1-alpha.
2015-06-03 04:19:05 +10:00
teor
b3f79da0d5 Silence unused variable warnings in find_cipher_by_id
Unused variable warnings were still generated under some versions of OpenSSL.
Instead, make sure all variables are used under all versions.

Fix on 496df21c89, not in any released version of tor.
2015-06-03 04:19:05 +10:00
teor
b1094fdec5 Fix an incorrect comment on spawn_func
spawn_func calls pthread_create on unix, not fork

Fix on existing code split out of compat.c into
compat_pthreads.c in c2f0d52b7f
2015-06-03 04:18:43 +10:00
Nick Mathewson
b66f4cfc9d Merge remote-tracking branch 'origin/maint-0.2.6' 2015-05-28 14:06:01 -04:00
Nick Mathewson
97330ced0c Fix sandbox use with systemd. bug 16212. 2015-05-28 14:05:46 -04:00
Nick Mathewson
5dce1829bf Avoid double-free on rend_add_service() failure
Rend_add_service() frees its argument on failure; no need to free again.

Fixes bug 16228, bugfix on 0.2.7.1-alpha

Found by coverity; this is CID 1301387.
2015-05-28 13:23:09 -04:00
Nick Mathewson
4a9f41e1ec Bug 12498 needs a changes file. 2015-05-28 11:40:20 -04:00
Nick Mathewson
8ca3773f68 Fix unit tests on MSVC2013.
Patch from "NewEraCracker."  Fixes bug16030; bugfix on 0.2.6.2-alpha.
2015-05-26 10:34:07 -04:00
Nick Mathewson
115dd554c5 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-05-26 09:41:30 -04:00
Nick Mathewson
08e8c21b1f Fix --enable-systemd builds on systems with libsystemd but not systemd
Fixes bug 16164; bugfix on 0.2.6.3-alpha. Patch from Peter Palfrader.
2015-05-26 09:39:53 -04:00
Nick Mathewson
45a90573e6 Merge remote-tracking branch 'yawning/ticket16140' 2015-05-21 13:20:24 -04:00
Nick Mathewson
9fee289d24 Revert the broken part of 548b4be
Fixes 16152.
2015-05-21 13:18:51 -04:00
Yawning Angel
452cebc4a4 Remove support for OpenSSL without ECC.
As OpenSSL >= 1.0.0 is now required, ECDHE is now mandatory.  The group
has to be validated at runtime, because of RedHat lawyers (P224 support
is entirely missing in the OpenSSL RPM, but P256 is present and is the
default).

Resolves ticket #16140.
2015-05-21 17:07:30 +00:00
Nick Mathewson
eb7f4d0059 Merge remote-tracking branch 'yawning/bug16052a_027' 2015-05-21 10:48:52 -04:00
Nick Mathewson
ed02a409cf Merge branch 'bug16034_no_more_openssl_098_squashed'
Conflicts:
	src/test/testing_common.c
2015-05-20 15:33:22 -04:00
Nick Mathewson
971f0f8e18 Remove code to support OpenSSL 0.9.8 2015-05-20 15:27:36 -04:00
Yawning Angel
db7bde08be Add "HiddenServiceMaxStreams" as a per-HS tunable.
When set, this limits the maximum number of simultaneous streams per
rendezvous circuit on the server side of a HS, with further RELAY_BEGIN
cells being silently ignored.

This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which
if set will cause offending rendezvous circuits to be torn down instead.

Addresses part of #16052.
2015-05-20 17:33:59 +00:00
Nick Mathewson
2308f917f9 Merge remote-tracking branch 'andrea/ticket15358_squashed_2' 2015-05-18 14:44:28 -04:00
Andrea Shepard
79f7721a7e Changes file for ticket 15358 2015-05-17 13:58:05 +00:00
John Brooks
6f9e90101e Fix crash on HUP with mixed ephemeral services
Ephemeral services will be listed in rend_services_list at the end of
rend_config_services, so it must check whether directory is non-NULL
before comparing.

This crash happens when reloading config on a tor with mixed configured
and ephemeral services.

Fixes bug #16060. Bugfix on 0.2.7.1-alpha.
2015-05-16 20:01:38 -06:00
David Goulet
c1ffeadff4 Add missing descriptor ID to HS_DESC control event
For FAILED and RECEIVED action of the HS_DESC event, we now sends back the
descriptor ID at the end like specified in the control-spec section 4.1.25.

Fixes #15881

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-05-14 10:46:38 -04:00
Nick Mathewson
614d9bc967 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-05-13 11:05:33 -04:00
Nick Mathewson
df76da0f3b Add a .dummy file in the changes directory to stop git from removing it 2015-05-11 11:41:48 -04:00
Nick Mathewson
d417870b27 Tweak changelog more. 2015-05-11 09:42:41 -04:00
Karsten Loesing
dad5eb7e1f Tweak teor's and dgoulet's #13192 patches.
- Rewrite changes file.
 - Avoid float comparison with == and use <= instead.
 - Add teor's tor_llround(trunc(...)) back to silence clang warnings.
 - Replace tt_assert() with tt_i64_op() and friends.
 - Fix whitespace and a comment.
2015-05-06 18:05:16 +10:00
teor
09cac24373 Handle edge cases in the round_*_to_next_multiple_of functions
Consistently check for overflow in round_*_to_next_multiple_of.

Check all round_*_to_next_multiple_of functions with expected values.
Check all round_*_to_next_multiple_of functions with maximal values.

Related to HS stats in #13192.
2015-05-06 18:05:15 +10:00
teor
6d54bdbdcf Handle edge cases in laplace functions
Avoid division by zero.
Avoid taking the log of zero.
Silence clang type conversion warnings using round and trunc.
The existing values returned by the laplace functions do not change.

Add tests for laplace edge cases.
These changes pass the existing unit tests without modification.

Related to HS stats in #13192.
2015-05-06 18:05:15 +10:00
Nick Mathewson
b0ea36d779 Merge remote-tracking branch 'public/bug15821_025' 2015-05-05 15:06:57 -04:00
John Brooks
2b27ce52d2 Fix out-of-bounds read in INTRODUCE2 client auth
The length of auth_data from an INTRODUCE2 cell is checked when the
auth_type is recognized (1 or 2), but not for any other non-zero
auth_type. Later, auth_data is assumed to have at least
REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds
read.

Fixed by checking auth_len before comparing the descriptor cookie
against known clients.

Fixes #15823; bugfix on 0.2.1.6-alpha.
2015-05-05 15:05:32 -04:00
Nick Mathewson
caaaea2ac9 Re-sort and flow the changelog. Add new entry 2015-05-05 11:26:17 -04:00
Donncha O'Cearbhaill
841c4aa715 Add "+HSPOST" and related "HS_DESC" event flags to the controller.
"+HSPOST" and the related event changes allow the uploading of HS
descriptors via the control port, and more comprehensive event
monitoring of HS descriptor upload status.
2015-05-04 11:41:28 -04:00
Nick Mathewson
ef7ef4abb4 Move changes entries into changelog for 0.2.7.1-alpha 2015-04-30 15:29:56 -04:00
Nick Mathewson
174598f3ef Make lintChanges happy 2015-04-30 15:11:19 -04:00
Nick Mathewson
1640944948 remove changes files for already-moved things 2015-04-30 15:04:41 -04:00
Nick Mathewson
7286a27cfc Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-28 14:46:53 -04:00
David Goulet
26c344a563 Revert "Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()"
Fixes #15850, part of #15801. Change file is added by this commit. The
original comment in the reverted commit is removed because right now we
*need* a DirPort until #15849 is implemented so no doubt nor confusion there
anymore.

This reverts commit 80bed1ac96.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-28 14:30:07 -04:00
Nick Mathewson
24f170a11f Merge branch 'feature6411_v4' 2015-04-28 10:19:16 -04:00
Yawning Angel
915c7438a7 Add "ADD_ONION"/"DEL_ONION" and "GETINFO onions/*" to the controller.
These commands allow for the creation and management of ephemeral
Onion ("Hidden") services that are either bound to the lifetime of
the originating control connection, or optionally the lifetime of
the tor instance.

Implements #6411.
2015-04-28 10:19:08 -04:00
Nick Mathewson
028cac97c1 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-27 14:18:31 -04:00
Nick Mathewson
0ac748353a Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-27 14:18:16 -04:00
Nick Mathewson
6c7720ed49 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-27 14:16:55 -04:00
Nick Mathewson
efae1bcef6 Merge remote-tracking branch 'karsten/geoip6-apr2015' into maint-0.2.4 2015-04-27 14:15:58 -04:00
Nick Mathewson
609cdec112 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-04-27 14:15:44 -04:00
Karsten Loesing
b5f6495876 Update geoip6 to the April 8 2015 database. 2015-04-24 17:51:36 +02:00
Karsten Loesing
bcc0a48cfe Update geoip to the April 8 2015 database. 2015-04-24 17:49:45 +02:00
Nick Mathewson
01fa3566d5 changes for 14847 2015-04-23 12:27:27 -04:00
Nick Mathewson
c366e1fa32 Merge remote-tracking branch 'public/remove_old_libevent_autoconf_stuff' 2015-04-23 10:27:01 -04:00
cypherpunks
d54b17f479 Add changes file for 15344. 2015-04-23 10:00:00 -04:00
Nick Mathewson
372aef8981 Merge remote-tracking branch 'public/bug15546' 2015-04-23 09:50:29 -04:00
Nick Mathewson
af83a205b0 Merge remote-tracking branch 'andrea/ticket14840' 2015-04-23 09:34:00 -04:00
Nick Mathewson
d48df89d19 changes file for 14845 2015-04-23 09:27:59 -04:00
Nick Mathewson
01d988d72f Merge remote-tracking branch 'teor/bug-15642-v3-fallback-unit-tests' 2015-04-23 09:22:16 -04:00
Nick Mathewson
647b7d37c2 Merge remote-tracking branch 'public/bug15745_027_03' 2015-04-23 09:10:35 -04:00
Nick Mathewson
3acee61422 Merge branch 'feature15652_squashed' 2015-04-23 09:09:33 -04:00
Yawning Angel
196499da73 Use a custom Base64 encoder with more control over the output format. 2015-04-23 09:06:58 -04:00
Nick Mathewson
8a951ed158 Merge remote-tracking branch 'teor/bug-15771-reachability' 2015-04-23 09:04:53 -04:00
teor
d68bbb0a29 Unit tests for consider_adding_dir_servers() as modified in #15642
Unit tests for the 10 valid combinations of set/NULL config options
DirAuthorities, AlternateBridgeAuthority, AlternateDirAuthority,
and FallbackDir.

Add assertion in consider_adding_dir_servers() for checks in
validate_dir_servers():
"You cannot set both DirAuthority and Alternate*Authority."
2015-04-23 00:16:04 +10:00
teor
027f73f70e Disable default fallback directories when other directories are set
Only add the default fallback directories when the DirAuthorities,
AlternateDirAuthority, and FallbackDir directory config options
are set to their defaults.

The default fallback directory list is currently empty, this fix will
only change tor's behaviour when it has default fallback directories.

Fixes bug 15642; bugfix on 90f6071d8d in 0.2.4.7-alpha. Patch by "teor".
2015-04-23 00:16:04 +10:00
teor
9139aeadb8 Reachability should check ExtendAllowPrivateAddresses not TestingTorNetwork
When self-testing reachability, use ExtendAllowPrivateAddresses
to determine if local/private addresses imply reachability.

The previous fix used TestingTorNetwork, which implies
ExtendAllowPrivateAddresses, but this excluded rare configs where
ExtendAllowPrivateAddresses is set but TestingTorNetwork is not.

Fixes bug 15771; bugfix on 0.2.6.1-alpha, bug #13924.
Patch by "teor", issue discovered by CJ Ess.
2015-04-22 23:54:21 +10:00
Yawning Angel
9a9ab455a3 Use correct severity in the get_if_addrs tests. 2015-04-21 16:42:07 +00:00
David Goulet
6f6881c432 Use a random count of INTRODUCE2 for IP rotation
An introduction point is currently rotated when the amount of INTRODUCE2
cells reached a fixed value of 16384. This makes it pretty easy for an
attacker to inflate that number and observe when the IP rotates which leaks
the popularity of the HS (amount of client that passed through the IP).

This commit makes it a random count between the current value of 16384 and
two times that.

Fixes #15745

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-04-20 17:38:31 -04:00
Andrea Shepard
6c8a186c03 Changes file for ticket 14840 2015-04-17 22:41:50 +00:00
Nick Mathewson
f152081de1 Merge remote-tracking branch 'arma/ticket8766' 2015-04-16 11:15:29 -04:00
Nick Mathewson
b98cc79477 Merge remote-tracking branch 'sebastian/bug14784' 2015-04-15 11:10:37 -04:00
Nick Mathewson
d59c4063f3 Stop modifying const argument in handle_control_postdescriptor
Fixes 15546.
2015-04-15 10:47:50 -04:00
Nick Mathewson
7e1fa9d63e changes file for 14391 2015-04-15 10:34:19 -04:00
Nick Mathewson
7e6437babc chagnes file for 15542 2015-04-15 09:40:27 -04:00
cypherpunks
59e753a4a6 Make --hash-password imply --hush to prevent unnecessary noise. 2015-04-15 09:39:41 -04:00
Yawning Angel
ba2485f7df Remove USE_OPENSSL_BASE64 and the associated code.
The alternative has been available since 2007, there's no way to
actually enable the ifdef, and it breaks on well formed but not OpenSSL
style inputs.
2015-04-10 09:12:47 +00:00
Nick Mathewson
f9327848ba Collect badness values in ntor_ref.py; don't just clobber.
Fixes bug 15591; patch from joelanders
2015-04-09 11:57:55 -04:00
Nick Mathewson
202bbfbaa4 Merge branch 'bug15604_squashed' 2015-04-07 15:15:54 -04:00
rl1987
fda2aa7703 Set ConnDirectionStatistics back to 0 if not running as relay. 2015-04-07 15:15:28 -04:00
Nick Mathewson
edde1a7844 Merge branch 'bug15541_squashed' 2015-04-07 14:09:55 -04:00
rl1987
e89c200c47 Print the error message for --dump-config even if no arguments are given. 2015-04-07 14:09:41 -04:00
rl1987
636495257b Improve descriptions of statistics-related torrc options. 2015-04-07 14:04:03 -04:00
Nick Mathewson
a201a5396e Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-06 09:26:28 -04:00
Nick Mathewson
0475552140 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-06 09:26:16 -04:00
Nick Mathewson
fe69a7e1d7 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-06 09:25:37 -04:00
Nick Mathewson
7451b4cafe Changes file for bug15601 2015-04-06 09:24:16 -04:00
Yawning Angel
49ddd92c11 Validate the RSA key size received when parsing INTRODUCE2 cells.
Fixes bug 15600; reported by skruffy
2015-04-06 09:18:17 -04:00
Nick Mathewson
24352d0d70 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-04-03 09:47:57 -04:00
George Kadianakis
929a8f199b Decrease the amount of rend circ relaunches for hidden services. 2015-04-03 09:47:40 -04:00
Nick Mathewson
c1b36488e9 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-04-03 09:39:19 -04:00
Nick Mathewson
3781955f07 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-04-03 09:38:54 -04:00
Nick Mathewson
01e4bc80cd Merge branch 'bug15515_024' into maint-0.2.4 2015-04-03 09:36:59 -04:00
George Kadianakis
8dba8a088d Block multiple introductions on the same intro circuit. 2015-04-03 09:35:47 -04:00
Nick Mathewson
05fbbfe472 Merge remote-tracking branch 'public/remove_old_version_checks' 2015-04-01 14:02:02 -04:00
Nick Mathewson
d366c3354f Merge branch 'remove_digests' 2015-04-01 13:53:03 -04:00
Nick Mathewson
cd8f13b5cb Merge branch 'bug13736' 2015-04-01 13:46:50 -04:00
Nick Mathewson
aa7b792250 Merge remote-tracking branch 'yawning/feature15435' 2015-04-01 13:34:14 -04:00
Nick Mathewson
34fa4ad637 Merge remote-tracking branch 'public/bug15515_025' 2015-04-01 12:59:19 -04:00
George Kadianakis
a7eae4ddc5 Block multiple introductions on the same intro circuit. 2015-04-01 12:58:52 -04:00
Nick Mathewson
fec3091129 add changes file for 15296. 2015-04-01 12:52:00 -04:00
Nick Mathewson
0ddd8f06a9 Merge remote-tracking branch 'yawning/feature15471' 2015-04-01 12:47:16 -04:00
Nick Mathewson
c66dd17980 Drop support for --digests
This is a fair amount of maintainance burden, and doesn't help much
more than the git microversion.

Closes ticket 14742.
2015-04-01 09:54:20 -04:00
Nick Mathewson
02c3879f87 Merge remote-tracking branch 'teor/ticket15431-event-mask-tests' 2015-03-31 14:57:04 -04:00
Nick Mathewson
30e933b136 Merge branch 'ticket14710_squashed' 2015-03-31 14:37:09 -04:00
rl1987
b49ffb2a21 Changes file for 14710. 2015-03-31 14:37:03 -04:00
Yawning Angel
fa81508eb2 Use prctl() to have the kernel SIGTERM background processes on exit.
This uses a Linux-ism to attempt to always clean up background processes
if possible.  Note that it is not a catch-all, in that executables with
suid/sgid or elevated capabilities will have the prctl() attribute
stripped as part of the execve().

Resolves ticket 15471.
2015-03-26 14:56:14 +00:00
Yawning Angel
fda61e030e Implement "TOR_PT_EXIT_ON_STDIN_CLOSE".
Background processes spawned by Tor now will have a valid stdin.
Pluggable transports can detect this behavior with the aformentioned
enviornment variable, and exit if stdin ever gets closed.
2015-03-26 12:55:12 +00:00
Nick Mathewson
dde4ffeb97 Merge remote-tracking branch 'dgoulet/bug15377_027_01' 2015-03-24 16:27:27 -04:00
Nick Mathewson
9e80fc8171 Merge remote-tracking branch 'sebastian/coverage_builds' 2015-03-24 15:16:49 -04:00
Nick Mathewson
25c3ff4500 Merge remote-tracking branch 'public/bug15269' 2015-03-24 14:59:09 -04:00
Nick Mathewson
112c554fcf Merge branch 'bug14018' 2015-03-24 14:36:23 -04:00
rl1987
09c54655f1 Complain if relative paths are used in configuration
When we validate torrc options, print warning(s) when relative
path(s) been found.
2015-03-24 14:35:52 -04:00
Nick Mathewson
60d147fb9e Remove changes files for patches in 0.2.6.6 or earlier. 2015-03-24 09:38:46 -04:00
Nick Mathewson
05f7336624 Remove version checks for microdescriptor support
At this point, relays without microdescriptor support are no longer
allowed on the Tor network.
2015-03-24 09:25:35 -04:00
Nick Mathewson
0f31080d63 Stop checking for torrc state files generated by very old Tor versions
These haven't worked in so long that if you had a state file of this
kind, the guards in it would be so old that you wouldn't use them
anyway.
2015-03-24 09:24:12 -04:00
Nick Mathewson
190ed66b06 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-23 09:25:35 -04:00
Nick Mathewson
c113544a94 Merge remote-tracking branch 'public/bug15436_025' into maint-0.2.6 2015-03-23 09:25:15 -04:00
Yawning Angel
732f522a42 Fix unaligned access in SipHash-2-4.
The compiler is allowed to assume that a "uint64_t *" is aligned
correctly, and will inline a version of memcpy that acts as such.

Use "uint8_t *", so the compiler does the right thing.
2015-03-23 09:20:02 -04:00
teor
b41a5039f1 Compile-time check that control_event_t.event_mask is big enough
Add a compile-time check that the number of events doesn't exceed
the capacity of control_event_t.event_mask.
2015-03-22 14:25:42 +11:00
teor
99c10a95e4 Add unit tests for control_event_is_interesting()
Part of ticket 15431, checks for bugs similar to 13085.
2015-03-22 14:24:41 +11:00
Sebastian Hahn
1228dd293b Disable assertions during coverage builds
This removes roughly 5000 branches in my testing. We never want to
trigger assertions even during tests, so this is sane. Implements #15400.
2015-03-21 02:34:44 +01:00
Nick Mathewson
e82e600d6e Here is a test for memwipe.
It invokes undefined behavior, I'm afraid, since there's no other
c-legal way to test whether memwipe() works when we're not allowed to
look at it.

Closes ticket 15377.
2015-03-19 18:47:24 -04:00
Nick Mathewson
54d6e5e71e Merge remote-tracking branch 'public/feature15053' 2015-03-18 14:27:00 -04:00
Nick Mathewson
d8263ac254 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-18 08:58:15 -04:00
Nick Mathewson
efba2922ea changes file for 15024 2015-03-15 08:26:43 -04:00
Nick Mathewson
b78803f9f5 Extract main part of main loop into a separate function
For 15176; Shadow would like this.

Based on a patch by Rob Jansen, but revised to have a minimal-sized diff.
2015-03-14 14:28:29 -04:00
Nick Mathewson
7bed9dc73a Avoid double-parens in log_fn() messages on clang.
On clang (and elsewhere?) __PRETTY_FUNCTION__ includes parenthesized
argument lists.  This is clever, but it makes our old "%s(): " format
look funny.

This is a fix on 0957ffeb, aka svn:r288.  Fixes bug 15269.
2015-03-14 14:12:03 -04:00
Nick Mathewson
feca329031 Log version when LD_BUG is logged.
Closes ticket 15026.
2015-03-14 13:50:23 -04:00
cypherpunks
e656a88fad Add changes file for 15053. 2015-03-14 13:00:05 -04:00
Nick Mathewson
511ca9b91c Remove DynamicDHGroups as obsoleted by PluggableTransports or P256.
Closes ticket 13736.
2015-03-14 12:40:55 -04:00
Nick Mathewson
f70f1d283e Do not printf success messages when we are --quieted or --hushed.
Fixes 14994. Calling this a bug on when --quiet and --hush began to have
their current behavior.
2015-03-14 12:12:53 -04:00
Nick Mathewson
833b6d30be Merge remote-tracking branch 'sebastian/bug15211' 2015-03-13 09:39:04 -04:00
Nick Mathewson
517e0f965b Remove workarounds for Libevent < 1.3.
This actually lets us dump a lot of old cruft that nobody had (I
hope!) tested in ages.

Closes 15248.
2015-03-12 16:59:05 -04:00
Sebastian Hahn
badc81de5b Don't init hs intro key as side effect of an assert 2015-03-12 18:59:46 +01:00
Sebastian Hahn
447769dd28 Don't init control authchallenge nonce as assert side effect
Fixes part of bug 15211.
2015-03-12 18:57:57 +01:00
Nick Mathewson
3ee2fca7ca Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 13:16:22 -04:00
Nick Mathewson
eb68ea20f8 Merge remote-tracking branch 'public/feature15212_026' into maint-0.2.6 2015-03-12 13:15:08 -04:00
Nick Mathewson
16b1b2199d Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 13:13:06 -04:00
Yawning Angel
b3281fc6d6 Initialize the extorport auth cookie before launching PTs.
PTs expect the auth cookie to be available immedieately after launch,
leading to a race condition when PTs opt to cache the extorport cookie
once immediately after startup.

Fixes #15240.
2015-03-12 13:12:56 -04:00
Sebastian Hahn
68e9f364a0 don't init threads as side effect of assertion
Fixes part of bug 15211.
2015-03-12 17:52:37 +01:00
Nick Mathewson
9063f29160 Revert "Make TransProxyType ipfw work correctly"
This reverts commit 681802817d.

(I didn't mean to backport this, but somehow I had based my branch
for #15205 on it.)
2015-03-12 12:49:08 -04:00
Nick Mathewson
eecd410984 Merge remote-tracking branch 'public/bug15205_025' into maint-0.2.5 2015-03-12 12:27:25 -04:00
Nick Mathewson
b683b9af00 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 11:37:56 -04:00
Nick Mathewson
66c8180207 Fix crash bug when calling cpuworkers_rotate_keyinfo on a client.
Fixes bug 15245; bugfix on 0.2.6.3-alpha. Thanks to anonym for reporting!
2015-03-12 11:14:39 -04:00
Nick Mathewson
2bfdfc849b Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-12 10:06:10 -04:00
Nick Mathewson
192ed94410 Use PTHREAD_CREATE_DETACHED macro instead of 1: fix Solaris crash
When calling pthread_attr_setdetachstate, we were using 1 as the
argument. But the pthreads documentation says that you have to say
PTHREAD_CREATE_DETACH, which on Solaris is apparently 0x40.  Calling
pthread_attr_setdetachstate with 1 crashes on Solaris with FLTBOUNDS.

(Because we're so late in the release cycle, I made the code define
PTHREAD_CREATE_DETACHED if it doesn't exist, so we aren't likely to
break any other platforms.)

This bug was introduced when we made threading mandatory in
0.2.6.1-alpha; previously, we had force-disabled threading on
Solaris.  See #9495 discussion.
2015-03-12 10:03:02 -04:00
Nick Mathewson
809517a863 Allow {World,Group}Writable on AF_UNIX {Socks,Control}Ports.
Closes ticket 15220
2015-03-11 13:31:33 -04:00
Nick Mathewson
d29a8ad564 Add link protocol version counts to the heartbeat message
Closes ticket 15212
2015-03-10 10:07:41 -04:00
Nick Mathewson
28b4ab784d Remove one changes files from master (0.2.7) that already got merged into changelogs for 0.2.6.4-rc 2015-03-10 08:46:21 -04:00
Nick Mathewson
bd00c152bb Remove the changes files from master (0.2.7) that already got merged into changelogs for 0.2.6.4-rc or earlier. 2015-03-10 08:45:26 -04:00
Nick Mathewson
e732ec295d Merge commit 'origin/maint-0.2.6^' 2015-03-10 08:36:53 -04:00
Nick Mathewson
1af67d7f72 Merge remote-tracking branch 'public/bug15205_025' into maint-0.2.6 2015-03-09 19:47:12 -04:00
Nick Mathewson
59f4c41087 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-09 16:25:41 -04:00
Nick Mathewson
7c9be64e1a Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-03-09 16:25:11 -04:00
Nick Mathewson
306f2f0eff Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-03-09 16:24:44 -04:00
Nick Mathewson
220e9be095 Merge remote-tracking branch 'karsten/geoip6-mar2015' into maint-0.2.4 2015-03-09 16:24:07 -04:00
Nick Mathewson
5588e677bd Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-03-09 16:23:55 -04:00
Karsten Loesing
62714068d9 Update geoip6 to the March 3 2015 database. 2015-03-09 21:11:52 +01:00
Karsten Loesing
beda8d2934 Update geoip to the March 3 2015 database. 2015-03-09 21:09:44 +01:00
Nick Mathewson
24c031b1a2 Don't use checked strl{cat,cpy} on OSX.
There is a bug in the overlap-checking in strlcat that can crash Tor
servers.  Fixes bug 15205; this is an OSX bug, not a Tor bug.
2015-03-09 15:09:49 -04:00
Nick Mathewson
e3b6373003 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-09 13:50:05 -04:00
Nick Mathewson
c066f2d30b We actually merged this one a while ago. 2015-03-09 13:49:55 -04:00
Nick Mathewson
4af742fe97 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-09 13:24:26 -04:00
Nick Mathewson
8450f6e9a0 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-03-09 13:21:20 -04:00
Nick Mathewson
448bd22092 Merge remote-tracking branch 'public/bug14261_025' into maint-0.2.5 2015-03-09 13:17:20 -04:00
Nick Mathewson
62631904cb GETINFO bw-event-cache to get information on recent BW events
Closes 14128; useful to regain functionality lost because of 13988.
2015-03-09 13:13:56 -04:00
Nick Mathewson
e3408248b9 Merge remote-tracking branch 'public/bug13988_025' into maint-0.2.5 2015-03-09 13:12:54 -04:00
Nick Mathewson
410ce4cb49 Merge remote-tracking branch 'public/bug15088_025' into maint-0.2.5 2015-03-09 13:09:50 -04:00
Nick Mathewson
ed7f2482e2 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-09 13:08:20 -04:00
Nick Mathewson
fb0de57ba2 Merge remote-tracking branch 'public/feature15006_026' into maint-0.2.6 2015-03-09 13:05:27 -04:00
Nick Mathewson
0ec135b696 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-09 11:14:03 -04:00
Nick Mathewson
42d877f084 Changes file for 15188 2015-03-09 11:13:57 -04:00
Nick Mathewson
bd80ba9a9f Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-09 11:10:04 -04:00
Nick Mathewson
a7f75b2056 Merge remote-tracking branch 'origin/maint-0.2.5' into maint-0.2.6 2015-03-09 11:09:49 -04:00
Nick Mathewson
1a7419c3df Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-03-09 11:09:30 -04:00
Nick Mathewson
6704e18dd2 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-03-09 11:08:57 -04:00
Nick Mathewson
addffcc14d Adjust changes header 2015-03-09 11:07:50 -04:00
cypherpunks
034f51dd02 Be exact about the number of spaces in the header.
Also fixes changes files that warn on this.
2015-03-09 09:00:40 -04:00
cypherpunks
9dc90a5b7b Add check-changes rule for checking formatting of changes files.
Additional fixes to make the change work;
- fix Python 2 vs 3 issues
- fix some PEP 8 warnings
- handle paths with numbers correctly
- mention the make rule in doc/HACKING.
2015-03-09 09:00:12 -04:00
Nick Mathewson
4ced3b59aa Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 15:19:43 +01:00
Nick Mathewson
de2c5ad815 Revert "Missing dependencies; fixes 15127."
This reverts commit 930ab95e1f.
2015-03-04 15:18:33 +01:00
Nick Mathewson
6ae9769b29 Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 12:29:25 +01:00
Nick Mathewson
a726cd76df Merge remote-tracking branch 'public/bug15064_025' into maint-0.2.6 2015-03-04 12:26:43 +01:00
Nick Mathewson
681802817d Make TransProxyType ipfw work correctly
Fixes bug 15064; bugfix on 0.2.5.4-alpha.
2015-03-04 12:25:52 +01:00
Nick Mathewson
55e1fe874d Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 12:20:01 +01:00
Nick Mathewson
c5c4ea2db0 Merge remote-tracking branch 'public/bug15088_025' into maint-0.2.6 2015-03-04 12:19:28 +01:00
Nick Mathewson
d5b2cbea10 Add wait4 to the seccomp2 sandbox allowable syscall list
fixes bug 15088. patch from sanic.
2015-03-04 12:18:10 +01:00
Nick Mathewson
6a8550fa3c Merge remote-tracking branch 'origin/maint-0.2.6' 2015-03-04 12:15:10 +01:00
Nick Mathewson
5ad47aafab Merge remote-tracking branch 'public/bug15127_025' into maint-0.2.6 2015-03-04 12:14:17 +01:00
Nick Mathewson
2d926d0147 only declare rv when it is used in destination_from_socket. Fixes 15151 2015-03-04 12:12:41 +01:00
Nick Mathewson
930ab95e1f Missing dependencies; fixes 15127. 2015-03-04 12:09:33 +01:00
Nick Mathewson
81a994ce77 Make the assert related to 15083 a tiny bit more tolerant 2015-03-03 22:25:26 +01:00
Nick Mathewson
71ee53fe9b Do not leave empty, invalid chunks in buffers during buf_pullup
This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha.

Patch from 'cypherpunks'
2015-03-03 22:21:41 +01:00
Nick Mathewson
79c69d18b7 Include a HOST item in BOOTSTRAP problem messages
Closes ticket 15006.
2015-02-27 11:28:30 -05:00
Nick Mathewson
0f2f8fd68a changes file for 15037 2015-02-26 15:24:43 -05:00
Nick Mathewson
d7fcaca3fc Have zero_length_keys.sh use an empty torrc file.
Fixes 15033; bugfix on 0.2.6.3-alpha.
2015-02-26 15:22:37 -05:00
Nick Mathewson
3e30d4df7f Have zero_length_keys.sh use an empty torrc file.
Fixes 15033; bugfix on 0.2.6.3-alpha.
2015-02-26 15:21:31 -05:00
Nick Mathewson
1b913777c7 Merge remote-tracking branch 'atagar/trac14806' 2015-02-25 09:30:29 -05:00
Nick Mathewson
cf55070e2c Standardize on calling them "server descriptors".
Part of 14987
2015-02-25 09:22:25 -05:00
Nick Mathewson
320a68026e changes file for 14922 2015-02-25 08:57:13 -05:00
Nick Mathewson
2bcb596dcf Merge remote-tracking branch 'public/bug14129_024' into maint-0.2.4 2015-02-24 13:23:44 -05:00
Nick Mathewson
fec73c876b Add sections to changes files; please lintchanges 2015-02-24 11:51:59 -05:00
Nick Mathewson
d5aee5e9a5 changes file for ticket 14950 2015-02-24 11:11:17 -05:00
Nick Mathewson
098cbcbb9e Merge branch 'bug14989' 2015-02-23 13:03:07 -05:00
Nick Mathewson
21ac0cd2af Let AF_UNIX connections through the sandbox
Fixes bug 15003; bugfix on 0.2.6.3-alpha.
2015-02-23 12:35:20 -05:00
Nick Mathewson
f1fa85ea73 Fix running with the seccomp2 sandbox
We had a regression in 0.2.6.3-alpha when we stopped saying
IPPROTO_TCP to socket().  Fixes bug 14989, bugfix on 0.2.6.3-alpha.
2015-02-23 12:16:08 -05:00
Nick Mathewson
7a1a0a4cd7 Merge remote-tracking branch 'public/bug14988_025' 2015-02-23 11:33:07 -05:00
Nick Mathewson
aeb38bbdce add another unused-var marker in backtrace.c for 14988 2015-02-23 11:32:04 -05:00
Nick Mathewson
cf7aa7b926 changes file for 5246e8f992 2015-02-23 11:24:13 -05:00
rl1987
385558c32f Fix endianness issues in test_config_resolve_my_address().
Since resolve_my_address() yields IP address in host order there is
no need to use byteorder functions for conversion.
2015-02-23 09:57:17 -05:00
Nick Mathewson
8a9d86bf05 Merge remote-tracking branch 'public/bug11454_11457' 2015-02-20 01:08:12 -05:00
Nick Mathewson
03a4e97c76 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-02-20 01:05:21 -05:00
Nick Mathewson
1525eeeb49 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-02-20 01:04:49 -05:00
Nick Mathewson
7b03e9a8c7 fold one more entry into the changelog 2015-02-19 11:36:27 -05:00
Nick Mathewson
76d8c23ab4 Try to fix authdir_newdesc events
We were sending values that were truncated by the length of the
annotations.
2015-02-19 11:35:27 -05:00
Nick Mathewson
0cdc321ae9 Merge changes into changelog 2015-02-19 09:56:38 -05:00
Nick Mathewson
4fde9cdf86 appease lintchanges 2015-02-19 09:55:18 -05:00
Nick Mathewson
b897e386da Merge branch 'bug12844_macros' 2015-02-19 09:41:36 -05:00
Nick Mathewson
557a0c83f3 Do not try to download an EI for which we don't have a matching SD.
This quiets some log messages for #13762, and adds a better INFO message
for the underlying confusion.
2015-02-19 09:40:36 -05:00
Nick Mathewson
86105a4009 Check ENABLE_TOR2WEB_MODE before any tor2webmode code 2015-02-19 09:09:25 -05:00
Nick Mathewson
c2312f4f5f merge new items into 0.2.6.3-alpha changelog 2015-02-18 13:32:11 -05:00
Nick Mathewson
9e6147a40c Merge remote-tracking branch 'yawning/bug14918' 2015-02-18 09:21:16 -05:00
Nick Mathewson
96211bcf71 Merge branch 'bug9321_rerebase'
Conflicts:
	src/or/dirvote.h
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-18 09:17:02 -05:00
George Kadianakis
33053d50a0 Final guardfraction preparations for upstream merge.
- Write a changes file.
- Change some logs to lesser severities.
2015-02-18 09:09:34 -05:00
Yawning Angel
8571e86d27 Fix bootstrap directory information logging.
`dir_info_status` is used from main.c:directory_info_has_arrived() to
provide useful (INFO/NOTICE) level logging to users, and should always
be updated regardless of the rate limiting.
2015-02-18 13:58:13 +00:00
Yawning Angel
6fdb179d84 Fix compute_frac_paths_available, when ExitNodes is not set. 2015-02-18 12:51:07 +00:00
Nick Mathewson
d038430a14 Merge branch 'bug14918' 2015-02-17 12:49:29 -05:00
Nick Mathewson
9bf6da1861 Merge remote-tracking branch 'public/feature_13822' 2015-02-17 12:34:13 -05:00
Nick Mathewson
8eb3d81e6e Fix some issues with reporting exit-free networks
Fixes bug 14918.
2015-02-17 12:07:24 -05:00
Nick Mathewson
8539191fd8 Fold new entries into 0.2.6.3 changelog 2015-02-17 10:17:46 -05:00
Nick Mathewson
b89854ee17 Fix warnings from lintChanges.py 2015-02-17 10:10:43 -05:00
Sina Rabbani
8e61d38cf1 Faravahar's New IP Address as of 2/20/2015 2015-02-16 11:51:36 -05:00
Sebastian Hahn
0c11d8b2d2 Implement status/fresh-relay-descs command
The idea here is that a controller should be able to make Tor produce a
new relay descriptor on demand, without that descriptor actually being
uploaded to the dirauths (they would likely reject it anyway due to
freshness concerns).

Implements #14784.
2015-02-15 12:36:07 +01:00
Nick Mathewson
99e915dbfe Merge remote-tracking branch 'public/bug14759' 2015-02-11 15:15:24 -05:00
Nick Mathewson
d7a1e83f50 Merge remote-tracking branch 'public/remove_freelist' 2015-02-11 15:09:01 -05:00
Nick Mathewson
caf28519d9 Merge branch 'bug12844'
Conflicts:
	src/or/circuituse.c
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-11 15:06:04 -05:00
Nick Mathewson
f5f6d13e4c Fix crash on glibc __libc_message()
__libc_message() tries to open /dev/tty with O_RDWR, but the sandbox
catches that and calls it a crash.  Instead, I'm making the sandbox
setenv LIBC_FATAL_STDERR_, so that glibc uses stderr instead.

Fix for 14759, bugfix on 0.2.5.1-alpha
2015-02-11 09:46:29 -05:00
Nick Mathewson
6f331645c7 Remove mempools and buf freelists
They have been off-by-default since 0.2.5 and nobody has complained. :)

Also remove the buf_shrink() function, which hasn't done anything
since we first stopped using contiguous memory to store buffers.

Closes ticket 14848.
2015-02-11 09:03:50 -05:00
Nick Mathewson
0c81dfa848 Merge remote-tracking branch 'public/feature_13555' 2015-02-11 08:42:00 -05:00
Nick Mathewson
37c9c268c8 Merge remote-tracking branch 'sebastian/bug14819' 2015-02-11 08:40:48 -05:00
Nick Mathewson
5c820def99 Merge remote-tracking branch 'sysrqb/bug14802_025' 2015-02-09 22:39:55 -08:00
Sebastian Hahn
353d2fe7e1 Re-remove the --disable-threads configure option 2015-02-09 10:36:59 +01:00
Roger Dingledine
56061976db Recover better when our clock jumps back many hours
like might happen for Tails or Whonix users who start with a very wrong
hardware clock, use Tor to discover a more accurate time, and then
fix their clock.

Resolves part of ticket 8766.

(There are still some timers in various places that aren't addressed yet.)
2015-02-09 01:05:31 -05:00
Damian Johnson
44abbf5ab6 Dropping test_cmdline_args.py
Before a couple weeks ago didn't know Tor had these tests, interesting! Stem
already has tests for spawning tor processes but lacked any with this targeted
focus on its arguments.

I've added our own counterpart for these tests. Many are direct copies but
there were others I improved a little...

  https://trac.torproject.org/projects/tor/ticket/14109
  https://gitweb.torproject.org/stem.git/commit/?id=137d193a026638f066e817e3396cebbbb6ace012

Now that Tor uses Stem to supplement its tests no reason for these to live
separately. Tested by simply building tor and confirming test_cmdline_args.py
is no longer in the generated Makefile.
2015-02-08 21:34:36 -08:00
Matthew Finkel
9ae321db66 Return 0 when detecting the amount of memory fails
Fixes bug 14802;  bugfix on 0.2.5.4-alpha.
2015-02-09 02:06:18 +00:00
Nick Mathewson
4beb830953 Split ROUTER_REQUIRED_MIN_BANDWIDTH into RELAY_ and BRIDGE_ variants
Also raise those minima from 20 to 75 and 50 respectively.

Closes ticket 13822.
2015-02-07 08:33:23 -05:00
David Goulet
b101f4e98c Control: getinfo entry-guards report down-since
If the guard unreachable_since variable was set, the status "up" was
reported which is wrong. This adds the "down" status followed by the
unreachable_since time value.

Fixes #14184

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-02-06 16:06:20 -05:00
Sebastian Hahn
6d8b614729 Avoid logging startup messages twice 2015-02-06 21:34:21 +01:00
Yawning Angel
16cf1679e7 Fix scheduler compilation on targets where char is unsigned.
Per discussion with nickm, the `dir` argument should be a int rather
than a signed char.

Fixes bug #14764.
2015-02-06 16:26:28 +00:00
Nick Mathewson
4785cd3617 changes file for 13796 2015-02-05 22:54:34 -05:00
Nick Mathewson
f8ecdd7031 Start working on an 0.2.3 changelog
This is just sorting the entries and lightly editing a couple of
problems I found.
2015-02-05 14:01:56 -05:00
Nick Mathewson
377584abbd Merge remote-tracking branch 'yawning/bug14740' 2015-02-05 10:59:44 -05:00
Yawning Angel
b330bdec8e Add a string representation for LD_SCHED, and a extra sanity check.
This both fixes the problem, and ensures that forgetting to update
domain_list in the future will trigger the bug codepath instead of
a NULL pointer deref.
2015-02-05 15:46:27 +00:00
Nick Mathewson
5a0c94f0a9 improve changes files more 2015-02-05 10:06:16 -05:00
Nick Mathewson
ea0881029f 14554 doesn't need a changes file: the bug wasn't in a release 2015-02-05 10:04:41 -05:00
Nick Mathewson
daab405168 Bump the minimum relay version to 0.2.4.18-rc
Closes #13555
2015-02-04 13:27:56 -05:00
Nick Mathewson
cdc49629c7 Merge branch 'bug6852'
Conflicts:
	src/or/status.c
2015-02-03 13:06:58 -05:00
Nick Mathewson
d03e1da232 Merge remote-tracking branch 'public/bug9635_warnings_025'
Conflicts:
	src/test/test.c
2015-02-02 16:31:32 -05:00
Nick Mathewson
79c7625e38 Merge branch 'feature13864_squashed' 2015-02-02 13:32:53 -05:00
rl1987
313e2a7dab Changes file for 13865. 2015-02-02 13:31:56 -05:00
Nick Mathewson
69deab8b2a Merge remote-tracking branch 'public/bug13319' 2015-02-02 10:25:25 -05:00
Nick Mathewson
f4b79bc420 Merge remote-tracking branch 'sysrqb/bug14216_bad_since' 2015-02-02 10:23:52 -05:00
Nick Mathewson
55639bc67f Merge remote-tracking branch 'dgoulet/bug14202_026_v1' 2015-02-02 10:16:48 -05:00
Nick Mathewson
e78b7e2776 Merge remote-tracking branch 'public/14188_part1' 2015-02-02 10:15:26 -05:00
Matthew Finkel
4cb59ceb8e Only retry connecting to configured bridges
After connectivity problems, only try connecting to bridges which
are currently configured; don't mark bridges which we previously
used but are no longer configured.  Fixes 14216.  Reported by
and fix provided by arma.
2015-01-31 09:46:18 +00:00
David Goulet
51f793e37e Fix possible infinite loop on pipe/sock_drain()
If the returned value of read/recv is 0 (meaning EOF), we'll end up in an
infinite loop (active wait) until something is written on the pipe which is
not really what we want here especially because those functions are called
from the main thread.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-30 15:05:18 -05:00
Nick Mathewson
fac8d40886 Merge remote-tracking branch 'public/prop227_v2'
Conflicts:
	src/test/test_dir.c
2015-01-30 07:36:55 -05:00
Nick Mathewson
a87ea9b1c6 Merge branch 'bug14451_026_v1' 2015-01-29 15:16:15 -05:00
Nick Mathewson
4c5133e42d changes file for 14451 2015-01-29 15:12:14 -05:00
Nick Mathewson
5faa017b86 Merge remote-tracking branch 'public/ticket11737' 2015-01-29 15:09:55 -05:00
Nick Mathewson
204374f7d9 Remove SocksSocket; it's now spelled differently thanks to 14451
Also, revise bug12585 changes file to mention new syntax
2015-01-29 14:46:20 -05:00
David Goulet
80bed1ac96 Remove obsolete workaround in dirserv_thinks_router_is_hs_dir()
Fixes #14202

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-29 12:55:19 -05:00
Nick Mathewson
a3de2dfde6 Merge branch 'bug11485_026_v2_squashed' 2015-01-28 14:32:19 -05:00
Andrea Shepard
603708d747 Changes file for ticket #11485 2015-01-28 14:30:23 -05:00
Nick Mathewson
b63bf09255 changes file for 8405 2015-01-28 12:06:28 -05:00
Nick Mathewson
f75ca04520 Tweak tor-resolve docs and logs
Resolves 14325
2015-01-28 10:11:08 -05:00
Nick Mathewson
e9caa8645e Try to work around changes in openssl 1.1.0
Prefer not to use a couple of deprecated functions; include more
headers in tortls.c

This is part of  ticket 14188.
2015-01-28 10:00:58 -05:00
Nick Mathewson
20d0b1a04e Bump a client authorization message from debug to info.
A user wants this for 14015, and it seems fairly reasonable.
2015-01-28 09:42:28 -05:00
Nick Mathewson
e00503fe57 Merge branch 'doc13702_squashed' 2015-01-27 12:42:12 -05:00
rl1987
d7ac4d9130 Adding section on OpenBSD to doc/TUNING 2015-01-27 12:41:12 -05:00
Nick Mathewson
525a2ce6e3 changes file for bug14350 2015-01-26 10:06:36 -05:00
Nick Mathewson
7322de15dc Split the slow unit tests into their own binary
This can run in parallel with the faster ones and the other tests.
2015-01-23 11:15:53 -05:00
Nick Mathewson
420037dcef Merge branch 'if_addr_refactoring_squashed'
Conflicts:
	src/test/include.am
	src/test/test.c
2015-01-23 10:13:37 -05:00
rl1987
3966145dff Refactor code that looks up addresses from interfaces
Now the code has separate implementation and examination functions,
uses smartlists sanely, and has relatively decent test coverage.
2015-01-23 10:07:17 -05:00
Nick Mathewson
0b12143346 changes file for 9969 2015-01-23 10:02:49 -05:00
Nick Mathewson
bd22ad12bd fix warnings from lintChanges 2015-01-23 09:09:00 -05:00
Nick Mathewson
b677ccd3ab Merge remote-tracking branch 'public/ticket13762' 2015-01-23 08:55:31 -05:00
Nick Mathewson
d8517fe843 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-23 08:53:21 -05:00
Nick Mathewson
7cbdec578b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2015-01-23 08:52:55 -05:00
Nick Mathewson
df4c484021 Merge remote-tracking branch 'karsten/geoip6-jan2015' into maint-0.2.4 2015-01-23 08:52:35 -05:00
Nick Mathewson
dbd5a9a8f9 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2015-01-23 08:52:20 -05:00
Karsten Loesing
a9ce0cd659 Update geoip6 to the January 7 2015 database. 2015-01-22 09:58:29 +01:00
Karsten Loesing
c3f8f5ab0e Update geoip to the January 7 2015 database. 2015-01-22 09:56:54 +01:00
Nick Mathewson
23fc1691b6 Merge branch 'better_workqueue_v3_squashed' 2015-01-21 14:47:16 -05:00
Nick Mathewson
f0415c1600 Merge branch 'bug9819' 2015-01-21 13:00:26 -05:00
Nick Mathewson
e7e33d4b04 Merge branch 'bug14084' 2015-01-20 14:07:37 -05:00
Nick Mathewson
9ddc1fb10c Merge remote-tracking branch 'dgoulet/bug14224_025_v1' 2015-01-20 14:02:07 -05:00
Nick Mathewson
a8dd930274 Replace a 4 with a 6; fix a bug that nobody noticed :/
Fixes 14280 bugfix on 1053af0b9c in 0.2.4.7-alpha.
2015-01-19 11:51:08 -05:00
Nick Mathewson
1053af0b9c Merge branch 'bug7555_v2_squashed'
Conflicts:
	src/or/connection_edge.c
2015-01-19 11:43:41 -05:00
David Goulet
b5525476f5 Fix: close intro circuit if no more intro points are usable
Once a NACK is received on the intro circuit, tor tries an other usable one
by extending the current circuit to it. If no more intro points are usable,
now close the circuit. Also, it's reason is changed before closing it so we
don't report again an intro point failure and trigger an extra HS fetch.

Fixes #14224

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-01-19 10:23:58 -05:00
Nick Mathewson
63765399eb Merge remote-tracking branch 'public/ticket13037'
Conflicts:
	src/or/config.c
2015-01-18 16:07:08 -05:00
Nick Mathewson
fae72a8d0a Merge remote-tracking branch 'public/bug14219_025' 2015-01-18 15:41:13 -05:00
Roger Dingledine
9407040c59 Do not replace a HS descriptor with a different replica of itself
This fixes a bug where we'd fetch different replicas of the same
descriptor for a down hidden service over and over, until we got lucky
and fetched the same replica twice in a row.

Fixes bug 14219; bugfix on 0.2.0.10-alpha.

(Patch from Roger; commit message and changes file by Nick.)
2015-01-18 15:39:12 -05:00
Nick Mathewson
efdac2a68c Merge remote-tracking branch 'public/bug14261_025'
Conflicts:
	src/or/directory.c
2015-01-18 15:28:35 -05:00
Nick Mathewson
ceb6dee465 Increase limit for status vote download size by a factor of 5.
We've started to hit the limit here.  We introduced the limit in
0.1.2.5-alpha.  This fixes bug 14261, but we should have a smarter way
to not actually do the behavior this permits.  See #14267 for a ticket
about fixing that.
2015-01-18 15:25:29 -05:00
Nick Mathewson
54e4aaf52c Fix memory leak in connection_ap_handshake_rewrite_and_attach()
Spotted by asn.  #14259.  Bugfix on 368eb6a97 in 0.2.0.1-alpha.
2015-01-18 14:19:26 -05:00
Nick Mathewson
79e12da861 Merge remote-tracking branch 'public/bug12485' 2015-01-18 13:49:30 -05:00
Nick Mathewson
ffa4ed8d3d changes file for 9396005428 2015-01-16 11:47:49 -05:00
Nick Mathewson
4b23b398a3 Merge branch 'bug8546_squashed'
Conflicts:
	src/or/connection.c
	src/or/or.h
	src/or/relay.c
2015-01-16 09:31:50 -05:00
Nick Mathewson
15dd690605 changes file for bug 8546 2015-01-16 09:23:03 -05:00
Nick Mathewson
d807c7c872 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-15 12:38:43 -05:00
Nick Mathewson
746bb55851 Ignore warning for redundant decl in openssl/srtp.h
Backports some commits from tor master.
2015-01-15 12:38:08 -05:00
Nick Mathewson
3368b0c9f2 Add string for IP_NOW_REDUNDANT in circuit_end_reason_to_control_string
Closes 14207; bugfix on 0.2.6.2-alpha.
2015-01-15 11:53:20 -05:00
Nick Mathewson
88e36eaf0e Fix the checkdir/perms test when umask==077
Fixes 14215; bugfix on 0.2.6.2-alpha.  Reported by "cypherpunks".
2015-01-15 10:24:27 -05:00
George Kadianakis
45bc5a0743 Restrict sample values of the Laplace distribution to int64_t.
This helps avoid undefined behavior from casting big double values to
int64_t. Fixes #14090.
2015-01-15 14:43:58 +00:00
Nick Mathewson
3668a4126e Merge remote-tracking branch 'public/bug13397' 2015-01-14 14:15:29 -05:00
Nick Mathewson
1686f81ac2 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-14 13:30:10 -05:00
Nick Mathewson
1e896214e7 Refactor cpuworker to use workqueue/threadpool code. 2015-01-14 11:23:34 -05:00
George Kadianakis
220f419da1 New minimum uptime to become an HSDir is 96 hours. 2015-01-14 12:48:09 +00:00
Nick Mathewson
8d1fa0c87d update bug12585 changes file 2015-01-13 13:13:19 -05:00
Nick Mathewson
d8b7dcca8d Merge remote-tracking branch 'andrea/ticket12585_v3' 2015-01-13 12:50:55 -05:00
Nick Mathewson
9d0fab9872 Allow MapAddress and Automap to work together
The trick here is to apply mapaddress first, and only then apply
automapping.  Otherwise, the automap checks don't get done.

Fix for bug 7555; bugfix on all versions of Tor supporting both
MapAddress and AutoMap.
2015-01-13 12:41:15 -05:00
Nick Mathewson
f2fb85f970 Remove needless strdup in addressmap_register_virtual_address()
Fixes bug 14195. Bugfix on 0.1.0.1-rc.
2015-01-13 12:24:42 -05:00
Nick Mathewson
2e1ed0815d Actually set *expires_out in addressmap_rewrite.
Fixes 14193; bugfix on 35d08e30d, which went into 0.2.3.17-beta.
2015-01-13 09:42:23 -05:00
Nick Mathewson
2edfdc02a2 Merge remote-tracking branch 'teor/bug13111-empty-key-files-fn-empty' 2015-01-12 14:06:14 -05:00
Nick Mathewson
c2e200cef8 Merge branch 'bug13806_squashed'
Conflicts:
	src/or/relay.c
2015-01-12 13:59:26 -05:00
Nick Mathewson
3033ba9f5e When OOM, free cached hidden service descriptors too. 2015-01-12 13:47:52 -05:00
Nick Mathewson
2d123efe7c Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-12 00:59:48 -05:00
Nick Mathewson
c9dd2d1a6a Merge remote-tracking branch 'public/bug14129_024' into maint-0.2.5 2015-01-12 00:59:29 -05:00
Nick Mathewson
3f39daa663 changes file for bug13805 2015-01-11 11:27:33 -05:00
Nick Mathewson
8db15960d1 changes file for 14141 2015-01-11 11:19:12 -05:00
Nick Mathewson
180ecd6a2b Merge remote-tracking branch 'teor/nickm-bug13401' 2015-01-11 11:10:23 -05:00
Nick Mathewson
7b51667d63 Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-11 11:05:31 -05:00
teor
b08cfc65a7 Don't crash on torrc Vi[rtualAddrNetworkIPv[4|6]] with no option value
Check for a missing option value in parse_virtual_addr_network
before asserting on the NULL in tor_addr_parse_mask_ports.
This avoids crashing on torrc lines like Vi[rtualAddrNetworkIPv[4|6]]
when no value follows the option.

Bugfix on 0.2.3 (de4cc126cb on 24 November 2012), fixes #14142.
2015-01-11 11:05:00 -05:00
Nick Mathewson
c83d838146 Implement proposal 227-vote-on-package-fingerprints.txt
This implementation includes tests and a little documentation.
2015-01-10 15:09:07 -05:00
teor
ac2f90ed00 Speed up hidden service bootstrap by reducing the initial post delay
Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds,
but keep the default at 30 seconds.

Reduces the hidden service bootstrap to 25 seconds from around 45 seconds.
Change the default src/test/test-network.sh delay to 25 seconds.

Closes ticket 13401.
2015-01-10 22:34:29 +11:00
teor
f9d57473e1 Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard
TestingDirAuthVoteHSDir ensures that authorities vote the HSDir flag
for the listed relays regardless of uptime or ORPort connectivity.
Respects the value of VoteOnHidServDirectoriesV2.

Partial fix for bug 14067.
2015-01-10 22:34:28 +11:00
Nick Mathewson
e136606fe8 Smaller RendPostPeriod on test networks
This patch makes the minimum 5 seconds, and the default 2 minutes.

Closes 13401.
2015-01-10 22:34:28 +11:00
teor
f8ffb57bc4 Merge branch 'master' of https://git.torproject.org/tor into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/connection_edge.c
Merged in favour of origin.
2015-01-10 17:20:06 +11:00
teor
debd7862bb Test that tor correctly handles zero-length keys
Check that tor generates new keys, and overwrites the empty key files.
Test that tor generates new keys when keys are missing (existing
behaviour).
Test that tor does not overwrite key files that already contain data
(existing behaviour).

Tests fixes to bug 13111.
2015-01-10 17:14:29 +11:00
teor
c200ab46b8 Merge branch 'bug14001-clang-warning' into bug13111-empty-key-files-fn-empty
Conflicts:
  src/or/router.c
Choose newer comment.
Merge changes to comment and function invocation.
2015-01-10 16:34:10 +11:00
Nick Mathewson
69df16e376 Rewrite the logic for deciding when to drop old/superseded certificates
Fixes bug 11454, where we would keep around a superseded descriptor
if the descriptor replacing it wasn't at least a week later.  Bugfix
on 0.2.1.8-alpha.

Fixes bug 11457, where a certificate with a publication time in the
future could make us discard existing (and subsequent!) certificates
with correct publication times.  Bugfix on 0.2.0.3-alpha.
2015-01-09 10:28:59 -05:00
Nick Mathewson
905287415b Avoid attempts to double-remove edge connections from the DNS resolver.
Also, avoid crashing when we attempt to double-remove an edge
connection from the DNS resolver: just log a bug warning instead.

Fixes bug 14129.  Bugfix on 0d20fee2fb, which was in 0.0.7rc1.

jowr found the bug.  cypherpunks wrote the fix.  I added the log
message and removed the assert.
2015-01-08 11:00:21 -05:00
Nick Mathewson
f8baa40c01 GETINFO bw-event-cache to get information on recent BW events
Closes 14128; useful to regain functionality lost because of 13988.
2015-01-07 13:19:43 -05:00
Nick Mathewson
90db39448d Downgrade warnings about extrainfo incompatibility when reading cache
Fixes  13762.
2015-01-07 13:11:06 -05:00
Jacob Appelbaum
8d59ddf3cb Commit second draft of Jake's SOCKS5-over-AF_UNIX patch. See ticket #12585.
Signed-off-by: Andrea Shepard <andrea@torproject.org>
2015-01-07 17:42:57 +00:00
Nick Mathewson
1abd526c75 Merge remote-tracking branch 'public/bug12985_025' 2015-01-07 11:55:50 -05:00
Nick Mathewson
139a1c64a0 Merge remote-tracking branch 'public/bug12985_024' into bug12985_025 2015-01-07 11:54:33 -05:00
Nick Mathewson
e9463b04e7 Clarify why bug12985 is a thing 2015-01-07 11:52:24 -05:00
Nick Mathewson
7dd852835c Merge remote-tracking branch 'public/bug13988_025' 2015-01-07 11:45:24 -05:00
Nick Mathewson
fb68f50761 Lower the delay before saving guard status to disk
"Maybe this time should be reduced, since we are considering
guard-related changes as quite important? It would be a pity to
settle on a guard node, then close the Tor client fast and lose that
information."

Closes 12485.
2015-01-07 10:39:44 -05:00
Nick Mathewson
b56c7614b6 When closing circs build through a new guard, only close local ones
If we decide not to use a new guard because we want to retry older
guards, only close the locally-originating circuits passing through
that guard. Previously we would close all the circuits.

Fixes bug 9819; bugfix on 0.2.1.1-alpha. Reported by "skruffy".
2015-01-07 10:27:22 -05:00
Nick Mathewson
cb54cd6745 Merge branch 'bug9286_v3_squashed' 2015-01-07 10:06:50 -05:00
Nick Mathewson
7984fc1531 Stop accepting milliseconds in various directory contexts
Have clients and authorities both have new behavior, since the
fix for bug 11243 has gone in.  But make clients still accept
accept old bogus HSDir descriptors, to avoid fingerprinting trickery.

Fixes bug 9286.
2015-01-07 10:05:55 -05:00
Nick Mathewson
49dca8b1be Merge remote-tracking branch 'origin/maint-0.2.5' 2015-01-07 07:50:14 -05:00
Sebastian Hahn
2b9d48791d Enlarge the buffer for a line in a bw file 2015-01-07 12:44:16 +01:00
Nick Mathewson
6bb31cba12 New option "--disable-system-torrc" to not read torrc from etc
Implements 13037.
2015-01-06 17:07:40 -05:00
Nick Mathewson
ae9efa863e Merge remote-tracking branch 'public/bug13661_025' 2015-01-06 15:16:28 -05:00
Nick Mathewson
90b9e23bec Merge branch 'exitnode_10067_squashed'
Conflicts:
	src/or/or.h
2015-01-06 15:15:18 -05:00
Nick Mathewson
d87143f319 changes file for 10067 2015-01-06 14:31:20 -05:00
Nick Mathewson
3401c34151 Merge remote-tracking branch 'public/bug14116_025' 2015-01-06 14:28:02 -05:00
Nick Mathewson
a034863b45 Merge remote-tracking branch 'public/bug12509_025' 2015-01-06 14:15:08 -05:00
Nick Mathewson
fcc78e5f8a Use package-config output for -lsystemd correctly
In systemd 209, they deprecated -lsystemd-daemon in favor of
-lsystemd.  So we'd better actually look at the pkg-config output,
or we'll get warnings on newer distributions.

For some as-yet-unknown-to-me reason, setting CFLAGS so early makes
it so -O2 -g doesn't get added to it later.  So, adding it myself
later.  Perhaps a better fix here can be found.

Fixes 14072; bugfix on 0.2.6.2-alpha.  Based on a patch from h.venev
2015-01-06 14:07:13 -05:00
Nick Mathewson
cf2ac8e255 Merge remote-tracking branch 'public/feature11791' 2015-01-06 13:52:54 -05:00
Nick Mathewson
6f7a8f84d9 changes file for 4385211caf 2015-01-06 13:45:57 -05:00
Nick Mathewson
f4221a809a Make test_cmdline_args.py work on Windows
Patch from Gisle Vanem on tor-dev ml
2015-01-06 13:26:52 -05:00
Nick Mathewson
d74f0cff92 make "make test-stem" run stem tests on tor
Closes ticket 14107.
2015-01-06 09:03:44 -05:00
Nick Mathewson
6d6643298d Don't crash on malformed EXTENDCIRCUIT.
Fixes 14116; bugfix on ac68704f in 0.2.2.9-alpha.
2015-01-06 08:49:57 -05:00
Nick Mathewson
276700131a Tolerate starting up with missing hidden service directory
Fixes bug 14106; bugfix on 0.2.6.2-alpha

Found by stem tests.
2015-01-05 11:39:38 -05:00
Nick Mathewson
b06b783fa0 Tolerate relative paths for torrc files with RunAsDaemon
We had a check to block these, but the patch we merged as a1c1fc72
broke this check by making them absolute on demand every time we
opened them.  That's not so great though. Instead, we should make them
absolute on startup, and not let them change after that.

Fixes bug 13397; bugfix on 0.2.3.11-alpha.
2015-01-04 19:34:38 -05:00
Nick Mathewson
8ef6cdc39f Prevent changes to other options from removing . from AutomapHostsSuffixes
This happened because we changed AutomapHostsSuffixes to replace "."
with "", since a suffix of "" means "match everything."  But our
option handling code for CSV options likes to remove empty entries
when it re-parses stuff.

Instead, let "." remain ".", and treat it specially when we're
checking for a match.

Fixes bug 12509; bugfix on 0.2.0.1-alpha.
2015-01-04 17:28:54 -05:00
Nick Mathewson
74cd57517c New option "HiddenServiceAllowUnknownPorts"
This allows hidden services to disable the anti-scanning feature
introduced in 0.2.6.2-alpha. With this option not set, a connection
to an unlisted port closes the circuit.  With this option set, only
a RELAY_DONE cell is sent.

Closes ticket #14084.
2015-01-03 12:34:52 -05:00
Nick Mathewson
03e9aa0941 Fold more things into the 0.2.6.2-alpha changelog 2014-12-30 09:53:13 -05:00
Nick Mathewson
b32e10253c Lintchanges some more. 2014-12-30 09:39:12 -05:00
Nick Mathewson
5b770ac7b7 Merge branch 'no-exit-bootstrap-squashed' 2014-12-30 09:06:47 -05:00
teor
2b8e1f9133 Fix Reachability self-tests in test networks
Stop assuming that private addresses are local when checking
reachability in a TestingTorNetwork. Instead, when testing, assume
all OR connections are remote. (This is necessary due to many test
scenarios running all nodes on localhost.)

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13924.
2014-12-30 09:06:00 -05:00
teor
c3a4201faa Add "internal" to some bootstrap statuses when no exits are available.
If the consensus does not contain Exits, Tor will only build internal
circuits. In this case, relevant statuses will contain the word "internal"
as indicated in the Tor control-spec.txt. When bootstrap completes,
Tor will be ready to handle an application requesting an internal
circuit to hidden services at ".onion" addresses.

If a future consensus contains Exits, exit circuits may become available.

Tor already notifies the user at "notice" level if they have no exits in
the consensus, and can therefor only build internal paths.

Consequential change from #13718.
2014-12-30 09:06:00 -05:00
teor
cb94f7534d Avoid building exit circuits from a consensus with no exits
Tor can now build circuits from a consensus with no exits.
But if it tries to build exit circuits, they fail and flood the logs.

The circuit types in the Exit Circuits list below will only be
built if the current consensus has exits. If it doesn't,
only the Internal Circuits will be built. (This can change
with each new consensus.)
Fixes bug #13814, causes fewer path failures due to #13817.

Exit Circuits:
    Predicted Exit Circuits
    User Traffic Circuits
    Most AP Streams
    Circuits Marked Exit
    Build Timeout Circuits (with exits)

Internal Circuits:
    Hidden Service Server Circuits
    Hidden Service Client Circuits
    Hidden Service AP Streams
    Hidden Service Intro Point Streams
    Circuits Marked Internal
    Build Timeout Circuits (with no exits)
    Other Circuits?
2014-12-30 09:06:00 -05:00
teor
55ad54e014 Allow tor to build circuits using a consensus with no exits
If the consensus has no exits (typical of a bootstrapping
test network), allow tor to build circuits once enough
descriptors have been downloaded.

When there are no exits, we always have "enough"
exit descriptors. (We treat the proportion of available
exit descriptors as 100%.)

This assists in bootstrapping a testing Tor network.

Fixes bug 13718.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
(But still useful for speeding up a bootstrap.)
2014-12-30 09:06:00 -05:00
teor
9b2d106e49 Check if there are exits in the consensus
Add router_have_consensus_path() which reports whether
the consensus has exit paths, internal paths, or whether it
just doesn't know.

Used by #13718 and #13814.
2014-12-30 09:06:00 -05:00
teor
d812baf54c Refactor count_usable_descriptors to use named enums for exit_only
count_usable_descriptors now uses named exit_only values:
  USABLE_DESCRIPTOR_ALL
  USABLE_DESCRIPTOR_EXIT_ONLY

Add debug logging code for descriptor counts.

This (hopefully) resolves nickm's request in bug 13718 to improve
argument readability in nodelist.c.
2014-12-30 09:06:00 -05:00
teor
22a1e9cac1 Avoid excluding guards from path building in minimal test networks
choose_good_entry_server() now excludes current entry
guards and their families, unless we're in a test network,
and excluding guards would exclude all nodes.

This typically occurs in incredibly small tor networks,
and those using TestingAuthVoteGuard *

This is an incomplete fix, but is no worse than the previous
behaviour, and only applies to minimal, testing tor networks
(so it's no less secure).

Discovered as part of #13718.
2014-12-30 09:06:00 -05:00
Nick Mathewson
dc1aaa5b96 Make lintChanges happier 2014-12-30 08:54:01 -05:00
Nick Mathewson
e936b9b47d Merge remote-tracking branch 'dgoulet/bug13667_025_v4' 2014-12-30 08:34:48 -05:00
David Goulet
88901c3967 Fix: mitigate as much as we can HS port scanning
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.

This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.

Fixes #13667.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-29 16:29:09 -05:00
Nick Mathewson
d7ecdd645a Wipe all of the target space in tor_addr_{to,from}_sockaddr()
Otherwise we risk a subsequent memdup or memcpy copying
uninitialized RAM into some other place that might eventually expose
it.  Let's make sure that doesn't happen.

Closes ticket 14041
2014-12-29 10:06:12 -05:00
Nick Mathewson
e85f0c650c Merge branch 'resolvemyaddr_squashed' 2014-12-29 10:00:34 -05:00
Nick Mathewson
de432d5565 changes file for resolvemyaddr tests 2014-12-29 10:00:22 -05:00
Nick Mathewson
4d6a971ba9 Tweak 13913 fix: clarify that the behavior is not promised
Also, it's->its.  The apostrophe is used if and only if it's a
contraction for "it is".
2014-12-29 08:41:30 -05:00
Nick Mathewson
fd5d9d04b3 Merge remote-tracking branch 'rl1987/ticket13913' 2014-12-29 08:39:13 -05:00
Nick Mathewson
f9ba0b76cd Merge remote-tracking branch 'teor/bug13718-consensus-interval' 2014-12-23 14:25:37 -05:00
teor
8a8797f1e4 Fix If-Modified-Since in rapidly updating Tor networks
When V3AuthVotingInterval is low, decrease the delay on the
If-Modified-Since header passed to directory servers.
This allows us to obtain consensuses promptly when the consensus
interval is very short.

This assists in bootstrapping a testing Tor network.

Fixes bugs 13718 & 13963.
2014-12-24 06:13:32 +11:00
teor
1ee41b3eef Allow consensus interval of 10 seconds when testing
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)

Fix code that assumes larger interval values.

This assists in quickly bootstrapping a testing
Tor network.

Fixes bugs 13718 & 13823.
2014-12-24 06:13:32 +11:00
teor
083c58f126 Fix TestingMinExitFlagThreshold 0
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.

This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
2014-12-24 06:13:32 +11:00
Nick Mathewson
d7776315df Merge remote-tracking branch 'public/bug13811_025' 2014-12-23 13:02:37 -05:00
Nick Mathewson
c10ff26265 Changes file for 13811 2014-12-23 13:00:21 -05:00
Nick Mathewson
7e1289b3ec changes file for ticket11016 2014-12-23 11:32:10 -05:00
Nick Mathewson
c6ac752353 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-12-23 11:00:02 -05:00
Nick Mathewson
dfebefe68f changs file for 13808 2014-12-23 10:59:48 -05:00
Nick Mathewson
184a2dbbdd whoops; missing changes file for 14013 2014-12-23 10:55:25 -05:00
Nick Mathewson
6830667d58 Increase bandwidth usage report interval to 4 hours. 2014-12-22 12:24:13 -05:00
Nick Mathewson
f645564778 Start on a changelog for 0.2.6.2-alpha 2014-12-22 10:02:18 -05:00
Nick Mathewson
845d92295f have lintchanges check header format. 2014-12-22 10:00:34 -05:00
Nick Mathewson
441a481bb8 Resolve issues in changes files 2014-12-22 09:49:33 -05:00
Nick Mathewson
1c05dfd0b6 Merge branch 'ticket7356_squashed' 2014-12-21 14:48:53 -05:00
rl1987
ed0b46e711 Changes file for 7356 2014-12-21 14:48:39 -05:00
Nick Mathewson
647a90b9b3 Merge remote-tracking branch 'teor/bug14002-osx-transproxy-ipfw-pf' 2014-12-21 13:37:40 -05:00
teor
6fad395300 Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

Fixes bug 14001.
2014-12-21 13:35:03 -05:00
rl1987
f785723e0b Document the case of HiddenServiceDir being defined as relative path. 2014-12-21 19:05:10 +02:00
teor
d93516c445 Fix transparent proxy checks to allow OS X to use ipfw or pf
OS X uses ipfw (FreeBSD) or pf (OpenBSD). Update the transparent
proxy option checks to allow for both ipfw and pf on OS X.

Fixes bug 14002.
2014-12-20 22:28:58 +11:00
teor
6a9cae2e1d Fix clang warning, IPv6 address comment, buffer size typo
The address of an array in the middle of a structure will
always be non-NULL. clang recognises this and complains.
Disable the tautologous and redundant check to silence
this warning.

A comment about an IPv6 address string incorrectly refers
to an IPv4 address format.

A log buffer is sized 10024 rather than 10240.

Fixes bug 14001.
2014-12-20 22:20:54 +11:00
Nick Mathewson
64787e99fa Merge branch 'asn-karsten-task-13192-5-squashed' 2014-12-19 10:35:47 -05:00
George Kadianakis
13a6fb9a2a HS stats: Add changes file and improve man page. 2014-12-19 10:35:34 -05:00
Nick Mathewson
eee248bc59 Merge remote-tracking branch 'dgoulet/bug13936_025_v2' 2014-12-19 09:38:46 -05:00
David Goulet
3d83907ab1 Fix: call circuit_has_opened() for rendezvous circuit
In circuit_get_open_circ_or_launch(), for a rendezvous circuit,
rend_client_rendcirc_has_opened() but circuit_has_opened() is preferred here
since it will call the right function for a specific circuit purpose.

Furthermore, a controller event is triggered where the former did not.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-17 16:06:53 -05:00
Nick Mathewson
7d5916c0a7 Reference bug number in changes file 2014-12-12 08:53:42 -05:00
Nick Mathewson
915c9a517e Merge remote-tracking branch 'meejah/ticket-13941-b' 2014-12-12 08:53:14 -05:00
Nick Mathewson
7c5d888977 Tweak 13942 fix 2014-12-12 08:49:52 -05:00
meejah
85bfad1875 Pre-check hidden-service-dir permissions/ownership
See ticket #13942 where Tor dies if you feed it a hidden service
directory with the wrong owner via SETCONF.
2014-12-11 18:46:56 -07:00
meejah
76753efd7b Fix 13941: make calling log_new_relay_greeting() optional.
Specifically, only if we're creating secret_id_key do we log the
greeting (and then only if the key is actually created).
2014-12-11 18:43:51 -07:00
rl1987
9c239eccc9 Use END_CIRC_REASON_TORPROTOCOL instead of magic number. 2014-12-07 15:47:09 +02:00
Nick Mathewson
95ead31349 Tweak global_scheduler changes file 2014-11-27 23:05:21 -05:00
Nick Mathewson
a28df3fb67 Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'
Conflicts:
	src/or/or.h
	src/test/Makefile.nmake
2014-11-27 22:39:46 -05:00
Nick Mathewson
3d2366c676 Merge remote-tracking branch 'public/bug13126'
Conflicts:
	src/or/or.h
2014-11-26 09:03:30 -05:00
Nick Mathewson
3a91a08e21 Merge branch 'feature9503_squashed' 2014-11-25 12:49:09 -05:00
rl1987
8c135062e5 Adding 'SIGNAL HEARTBEAT' message that causes unscheduled heartbeat. 2014-11-25 12:48:41 -05:00
Nick Mathewson
b4ead16d57 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-24 09:19:22 -05:00
Nick Mathewson
5b55778c86 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-11-24 09:19:06 -05:00
Nick Mathewson
137982f955 Merge remote-tracking branch 'karsten/geoip6-nov2014' into maint-0.2.4 2014-11-24 09:18:36 -05:00
Nick Mathewson
8d5f1e6961 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-11-24 09:18:21 -05:00
Karsten Loesing
5441c733e0 Update geoip6 to the November 15 2014 database. 2014-11-24 14:23:18 +01:00
Karsten Loesing
8611c6bccd Update geoip to the November 15 2014 database. 2014-11-24 14:21:31 +01:00
Nick Mathewson
336c856e52 Make can_complete_circuits a static variable. 2014-11-20 12:03:46 -05:00
Nick Mathewson
f15cd22bb7 Don't build introduction circuits until we know we can build circuits
Patch from akwizgran.  Ticket 13447.
2014-11-20 11:51:36 -05:00
Nick Mathewson
b3bd7a736c Remove Support022HiddenServices
This has been already disabled in the directory consensus for a while;
it didn't seem to break anything.

Finally closes #7803.
2014-11-17 11:52:10 -05:00
Nick Mathewson
734ba5cb0a Use smaller zlib objects when under memory pressure
We add a compression level argument to tor_zlib_new, and use it to
determine how much memory to allocate for the zlib object.  We use the
existing level by default, but shift to smaller levels for small
requests when we have been over 3/4 of our memory usage in the past
half-hour.

Closes ticket 11791.
2014-11-17 11:43:50 -05:00
rl1987
a68b90fc7a Changes file for 13212. 2014-11-16 16:12:08 +02:00
Nick Mathewson
5c813f6ca1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-11-12 15:32:15 -05:00
Nick Mathewson
6c146f9c83 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-11-12 15:30:11 -05:00
Sebastian Hahn
0493db4adb Add changes file for #13926 2014-11-12 15:25:52 -05:00
Nick Mathewson
9b11dc3617 Merge remote-tracking branch 'public/bug7484'
Conflicts:
	src/test/test_addr.c
2014-11-12 13:44:57 -05:00
Nick Mathewson
2170171d84 Merge branch 'ticket13172' 2014-11-12 13:25:17 -05:00
Nick Mathewson
81433e7432 Merge remote-tracking branch 'rl1987/bug13644' 2014-11-12 13:12:14 -05:00
Nick Mathewson
ccc54d545e tweak 9812 changes file 2014-11-12 10:28:33 -05:00
Nick Mathewson
99e2a325f6 Merge remote-tracking branch 'rl1987/bug9812' 2014-11-12 10:27:12 -05:00
Nick Mathewson
a87c697fb1 Merge remote-tracking branch 'public/bug13698_024_v1' 2014-11-12 10:23:55 -05:00
Nick Mathewson
5e4174f3b4 Revise changes file 2014-11-12 10:23:24 -05:00
rl1987
032560fc75 Adding changes file for 13644. 2014-11-11 21:01:30 +02:00
David Goulet
34eb007d22 Fix: don't report timeout when closing parallel intro points
When closing parallel introduction points, the given reason (timeout)
was actually changed to "no reason" thus when the circuit purpose was
CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT, we were reporting an introduction
point failure and flagging it "unreachable". After three times, that
intro point gets removed from the rend cache object.

In the case of CIRCUIT_PURPOSE_C_INTRODUCING, the intro point was
flagged has "timed out" and thus not used until the connection to the HS
is closed where that flag gets reset.

This commit adds an internal circuit reason called
END_CIRC_REASON_IP_NOW_REDUNDANT which tells the closing circuit
mechanism to not report any intro point failure.

This has been observed while opening hundreds of connections to an HS on
different circuit for each connection. This fix makes this use case to
work like a charm.

Fixes #13698.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-11-10 15:02:54 -05:00
Nick Mathewson
26e7e519dc Document networkstatus-bridges
Closes 13713; patch from 'tom'
2014-11-10 09:03:11 -05:00
rl1987
e395783f23 Adding changes file for 9812. 2014-11-09 17:55:35 +02:00
rl1987
7f7df97579 Fixing typo in manpage. 2014-11-09 16:34:34 +02:00
teor
fd7e9e9030 Stop failing when key files are zero-length
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
2014-11-08 20:31:20 +11:00
teor
ce7fd6e160 Stop crashing when a NULL filename is passed to file_status()
Stop crashing when a NULL filename is passed to file_status(),
instead, return FN_ERROR.
Also return FN_ERROR when a zero-length filename is passed to file_status().
Fixed as part of bug 13111.
2014-11-08 20:26:53 +11:00
David Goulet
151f5f90b8 Wrong format in log statement
Fixes bug 13701.
2014-11-07 11:44:41 -05:00
Nick Mathewson
6344345140 Add correctness assertions for hashtable iteration
This is meant to prevent memory corruption bugs from doing
unspeakable infinite-loop-like things to the hashtables.  Addresses
ticket 11737.  We should disable these if they turn out to be
expensive.
2014-11-06 13:57:17 -05:00
Nick Mathewson
00f5909876 Define macros meaning <,>,==,!=,<=,>=
This lets us avoid putting operators directly in macro arguments,
and thus will help us unconfuse coccinelle.

For ticket 13172.
2014-11-06 11:21:13 -05:00
Nick Mathewson
68af1e7e9b Throw identify-node-by-nickname down the memory hole
Authorities are no longer voting on Named, so specifying nodes by
nickname isn't a clever thing to do.  (Not that it ever was!)  So
remove the documentation that suggests that you should do it.

Additionally, add proper cross-references to our __node__ lists, and
explain about the optional $ before identity digests.

Also, the oxford comma: endorsed by Steven Pinker, my spouse, and my
11th grade English teacher.

Closes 13381.
2014-11-06 11:10:58 -05:00
Nick Mathewson
1dcc492295 chgrp the testing tempdir to ourself to clear the sticky bit
Closes 13678.  Doesn't actually matter for older tors.
2014-11-05 14:28:34 -05:00
Nick Mathewson
8f645befba 11291: Fix warnings, add changes file, rename 'mask'. 2014-11-05 14:12:18 -05:00
Nick Mathewson
fc62721b06 Fix version number parsing to allow 2- and 3-part versions.
Fixes bug 13661; bugfix on 0.0.8pre1.
2014-11-05 13:29:28 -05:00
Nick Mathewson
3d8cb10732 Changes file for Andrea's work on 6456 2014-11-04 09:59:25 -05:00
Nick Mathewson
60c86a3b79 Merge branch 'bug13315_squashed'
Conflicts:
	src/or/buffers.c
2014-11-04 00:48:25 -05:00
rl1987
fc9591da72 Adding changes file for 13315. 2014-11-04 00:37:24 -05:00
Nick Mathewson
593909ea70 Merge remote-tracking branch 'public/bug13214_025_squashed' 2014-11-04 00:24:56 -05:00
Nick Mathewson
b10e5ac7b8 Check descriptor ID in addition to HS ID when saving a v2 hs descriptor
Fixes bug 13214; reported by 'special'.
2014-11-04 00:24:15 -05:00
Nick Mathewson
415a841378 Remove smartlist_choose_node_by_bandwidth()
We were only using it when smartlist_choose_node_by_bandwidth_weights
failed.  But that function could only fail in the presence of
buggy/ancient authorities or in the absence of a consensus.  Either
way, it's better to use sensible defaults and a nicer algorithm.
2014-11-03 13:30:19 -05:00
Nick Mathewson
5bcf952261 Check more thoroughly for unlogged OpenSSL errors 2014-11-02 13:04:44 -05:00
Nick Mathewson
efd5001c3b Use digest256_len in networkstatus_copy_old_consensus_info()
Now, if a router ever changes its microdescriptor, but the new
microdescriptor SHA256 hash has the same 160-bit prefix as the old
one, we treat it as a new microdescriptor when deciding whether to
copy status information.

(This function also is used to compare SHA1 digests of router
descriptors, but don't worry: the descriptor_digest field either holds
a SHA256 hash, or a SHA1 hash padded with 0 bytes.)
2014-10-31 11:36:31 -04:00
Nick Mathewson
dc05b8549a Use digest256map for computing microdescriptor downloads 2014-10-31 11:32:32 -04:00
Nick Mathewson
542b470164 Refactor {str,digest}map into a common implementation; add digest256map
Needed for #13399.
2014-10-31 10:54:12 -04:00
teor
13298d90a9 Silence spurious clang warnings
Silence clang warnings under --enable-expensive-hardening, including:
  + implicit truncation of 64 bit values to 32 bit;
  + const char assignment to self;
  + tautological compare; and
  + additional parentheses around equality tests. (gcc uses these to
    silence assignment, so clang warns when they're present in an
    equality test. But we need to use extra parentheses in macros to
    isolate them from other code).
2014-10-30 22:34:46 +11:00
Nick Mathewson
5ef96d3209 Add in a few more changes entries for 0.2.6.1-alpha
(Also resort and rewrap)
2014-10-29 09:06:55 -04:00
rl1987
fd83bc1d41 Adding changes file for 9708. 2014-10-28 14:13:30 -04:00
rl1987
f1ebe6bda4 Fix smartlist_choose_node_by_bandwidth() so that it rejects ORs with BadExit flag. 2014-10-28 14:07:08 -04:00
Nick Mathewson
2c884fd8cc Merge remote-tracking branch 'rl1987/feature10427' 2014-10-28 14:03:40 -04:00
Nick Mathewson
0793ef862b Merge remote-tracking branch 'sebastian/bug13286' 2014-10-27 12:12:16 -04:00
Nick Mathewson
682c154cc4 Start on an 0.2.6.1-alpha changelog
I concatenated the remaining changes/* files, removed them, made the
headings more uniform, then told format_changelog.py to sort,
collate, and wrap them.
2014-10-27 11:27:52 -04:00
Nick Mathewson
a477d7c666 Remove changes files that have already been merged in release-0.2.5
(This means that changes/* is now "everything that changed since
0.2.5.10".)
2014-10-27 11:09:41 -04:00
Sebastian Hahn
909aa51b3f Remove configure option to disable curve25519
By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.
2014-10-27 14:41:19 +01:00
rl1987
36e771628e Congratulate relay operator when OR is first started
When Tor first generates identity keypair, emit a log message that
thanks for their participation and points to new Tor relay lifecycle
document.
2014-10-26 21:53:48 +02:00
Nick Mathewson
67fdfcf27c Fix a changes typo spotted by wfn 2014-10-22 11:02:56 -04:00
Nick Mathewson
653221e807 Merge remote-tracking branch 'public/bug11824_v2' 2014-10-22 11:01:50 -04:00
Nick Mathewson
8e4daa7bb0 Merge remote-tracking branch 'public/ticket6938'
Conflicts:
	src/tools/tor-resolve.c
2014-10-22 10:14:03 -04:00
Nick Mathewson
3826a88fc0 Merge remote-tracking branch 'teor/bug13476-improve-time-handling' 2014-10-21 13:14:27 -04:00
Nick Mathewson
e3d166b7a6 Merge remote-tracking branch 'teor/memwipe-more-keys' 2014-10-20 11:12:51 -04:00
Nick Mathewson
291cd50939 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-19 15:40:25 -04:00
Nick Mathewson
fd8f21e730 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-10-19 15:40:07 -04:00
Nick Mathewson
403c6ae78e Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-10-19 15:39:48 -04:00
Nick Mathewson
c1dd598df8 Note that our #13426 fix is also a #13471 fix.
See also http://marc.info/?l=openssl-dev&m=141357408522028&w=2
2014-10-19 15:38:44 -04:00
teor
2e1f5c1fc0 Memwipe more keys after tor has finished with them
Ensure we securely wipe keys from memory after
crypto_digest_get_digest and init_curve25519_keypair_from_file
have finished using them.

Fixes bug 13477.
2014-10-20 03:06:28 +11:00
teor
879b39e1a8 Further unit test tor_timegm and parse_rfc1123_time
Add unit tests for tor_timegm signed overflow,
tor_timegm and parse_rfc1123_time validity checks,
and correct_tm year clamping.
Unit tests (visible) fixes in bug 13476.
2014-10-20 02:52:21 +11:00
teor
d7b13543e2 Clamp (some) years supplied by the system to 1 CE
Clamp year values returned by system localtime(_r) and
gmtime(_r) to year 1. This ensures tor can read any
values it might write out.

Fixes bug 13476.
2014-10-20 02:47:31 +11:00
teor
238b8eaa60 Improve date validation in HTTP headers
Check all date/time values passed to tor_timegm
and parse_rfc1123_time for validity, taking leap
years into account.
Improves HTTP header validation.

Avoid unlikely signed integer overflow in tor_timegm
on systems with 32-bit time_t.
Fixes bug 13476.
2014-10-20 02:40:27 +11:00
teor
dd556fb1e6 Use correct day of year in correct_tm()
Set the correct day of year value in correct_tm() when the
system's localtime(_r) or gmtime(_r) functions fail to set struct tm.

Fixes bug 13476.
2014-10-20 02:32:05 +11:00
Nick Mathewson
fc5cab4472 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-16 13:29:14 -04:00
Nick Mathewson
fb91d647ac Downgrade 'invalid result from curve25519 handshake: 4' warning
Also, refactor the way we handle failed handshakes so that this
warning doesn't propagate itself to "onion_skin_client_handshake
failed" and "circuit_finish_handshake failed" and
"connection_edge_process_relay_cell (at origin) failed."

Resolves warning from 9635.
2014-10-16 13:26:42 -04:00
Nick Mathewson
ab4b29625d Downgrade 'unexpected sendme cell from client' to PROTOCOL_WARN
Closes 8093.
2014-10-16 13:04:11 -04:00
Nick Mathewson
a5cc5ad08d Merge remote-tracking branch 'yawning/bug13314' 2014-10-16 09:12:13 -04:00
Nick Mathewson
33b399a7b2 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-16 09:09:20 -04:00
Nick Mathewson
22b9caf0ae Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-10-16 09:08:52 -04:00
Nick Mathewson
943fd4a252 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-10-16 09:08:32 -04:00
Nick Mathewson
c1c83eb376 Merge branch 'no_sslv3_023' into maint-0.2.3 2014-10-16 09:08:09 -04:00
Nick Mathewson
af73d3e4d8 Disable SSLv3 unconditionally. Closes ticket 13426.
The POODLE attack doesn't affect Tor, but there's no reason to tempt
fate: SSLv3 isn't going to get any better.
2014-10-15 11:50:05 -04:00
Nick Mathewson
d950e24332 Merge remote-tracking branch 'public/bug11243_squashed' 2014-10-13 14:32:43 -04:00
Nick Mathewson
a30594605e Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum.  This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)

This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest.  (This excludes RSA signature problems: RSA signatures
aren't included in the digest.  This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures.  But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)

We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.

Unit tests to follow in another patch.

Closes ticket #11243.
2014-10-13 14:30:02 -04:00
teor
f51418aabc Avoid overflow in format_time_interval, create unit tests
Fix an instance of integer overflow in format_time_interval() when
taking the absolute value of the supplied signed interval value.
Fixes bug 13393.

Create unit tests for format_time_interval().
2014-10-12 20:50:10 +11:00
Nick Mathewson
cd678ae790 Remove is_router_version_good_for_possible_guard()
The versions which this function would keep from getting the guard
flag are already blocked by the minimum version check.

Closes 13152.
2014-10-09 15:12:36 -04:00
Nick Mathewson
90bce702ba Merge remote-tracking branch 'public/bug10816' 2014-10-09 10:57:19 -04:00
Nick Mathewson
e5f9f287ce Merge remote-tracking branch 'teor/bug-13163-AlternateAuthorities-type-handling-fixed' 2014-10-09 10:55:09 -04:00
Nick Mathewson
cc5571e1f1 Merge remote-tracking branches 'teor/issue-13161-test-network' and 'teor/issue-13161-TestingDirAuthVoteExit' 2014-10-08 15:46:29 -04:00
Nick Mathewson
40375fbce5 Merge remote-tracking branch 'teor/test-network-hang-on-make-j2' 2014-10-08 15:42:20 -04:00
teor
31bf8f2690 Bitwise check BRIDGE_DIRINFO
Bitwise check for the BRIDGE_DIRINFO flag, rather than checking for
equality.

Fixes a (potential) bug where directories offering BRIDGE_DIRINFO,
and some other flag (i.e. microdescriptors or extrainfo),
would be ignored when looking for bridge directories.

Final fix in series for bug 13163.
2014-10-08 05:37:15 +11:00
teor
ff42222845 Improve DIRINFO flags' usage comments
Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in functions
which take them as arguments. Replace 0 with NO_DIRINFO in a function call
for clarity.

Seeks to prevent future issues like 13163.
2014-10-08 05:36:54 +11:00
teor
c1dd43d823 Stop using default authorities with both Alternate Dir and Bridge Authority
Stop using the default authorities in networks which provide both
AlternateDirAuthority and AlternateBridgeAuthority.

This bug occurred due to an ambiguity around the use of NO_DIRINFO.
(Does it mean "any" or "none"?)

Partially fixes bug 13163.
2014-10-08 05:36:54 +11:00
teor
9a2d4b6647 Stop an apparent test-network hang when used with make -j2
If (GNU) Make 3.81 is running processes in parallel using -j2 (or more),
it waits until all descendent processes have exited before it returns to
the shell.

When a command like "make -j2 test-network" is run, this means that
test-network.sh apparently hangs until it either make is forcibly
terminated, or all the chutney-launched tor processes have exited.

A workaround is to use make without -j, or make -j1 if there is an
existing alias to "make -jn" in the shell.

We resolve this bug in tor by using "chutney stop" after "chutney verify"
in test-network.sh.
2014-10-04 13:18:56 +10:00
Nick Mathewson
bbffd0a018 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-10-03 19:58:25 -04:00
Nick Mathewson
d315b8e8bc Merge remote-tracking branch 'public/bug13325_024' into maint-0.2.5 2014-10-03 19:57:41 -04:00
Nick Mathewson
d1fa0163e5 Run correctly on OpenBSD systems without SSL_METHOD.get_cipher_by_char
Also, make sure we will compile correctly on systems where they
finally rip it out.

Fixes issue #13325.  Caused by this openbsd commit:

   ​http://marc.info/?l=openbsd-cvs&m=140768179627976&w=2

Reported by Fredzupy.
2014-10-03 12:15:09 -04:00
Yawning Angel
c8132aab92 Send back SOCKS5 errors for all of the address related failures.
Cases that now send errors:
 * Malformed IP address (SOCKS5_GENERAL_ERROR)
 * CONNECT/RESOLVE request with IP, when SafeSocks is set
   (SOCKS5_NOT_ALLOWED)
 * RESOLVE_PTR request with FQDN (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED)
 * Malformed FQDN (SOCKS5_GENERAL_ERROR)
 * Unknown address type (SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED)

Fixes bug 13314.
2014-10-01 14:16:59 +00:00
teor
bae7334390 Add test-network delay option
Add a --delay option to test-network.sh, which configures the delay before
the chutney network tests for data transmission. The default remains at
18 seconds if the argument isn't specified.

Apparently we should be using bootstrap status for this (eventually).

Partially implements ticket 13161.
2014-10-01 18:05:04 +10:00
teor
7c0215f8ca test-network.sh: Use "/bin/echo -n" rather than builtin echo
The default shell on OS X is bash, which has a builtin echo. When called
in "sh" mode, this echo does not accept "-n". This patch uses "/bin/echo -n"
instead.

Partially fixes issue 13161.
2014-10-01 17:56:53 +10:00
teor
27f30040f6 Add TestingDirAuthVoteExit option (like TestingDirAuthVoteGuard)
Add the TestingDirAuthVoteExit option, a list of nodes to vote Exit for,
regardless of their uptime, bandwidth, or exit policy.

TestingTorNetwork must be set for this option to have any effect.

Works around an issue where authorities would take up to 35 minutes to
give nodes the Exit flag in a test network, despite short consensus
intervals. Partially implements ticket 13161.
2014-10-01 17:44:21 +10:00
Andrea Shepard
52cfaa84b7 Add changes file for global scheduler/cmux refactor 2014-09-30 22:49:58 -07:00
Nick Mathewson
b448ec195d Clear the cached address from resolve_my_address() when our IP changes
Closes 11582; patch from "ra".
2014-09-29 13:47:58 -04:00
Nick Mathewson
2e607ff519 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-29 13:02:50 -04:00
Nick Mathewson
09951bea7f Don't use the getaddrinfo sandbox cache from tor-resolve
Fixes bug 13295; bugfix on 0.2.5.3-alpha.

The alternative here is to call crypto_global_init() from tor-resolve,
but let's avoid linking openssl into tor-resolve for as long as we
can.
2014-09-29 12:57:07 -04:00
Nick Mathewson
18f2bfb8c3 Note when 13290 was introduced. 2014-09-29 09:50:27 -04:00
Nick Mathewson
2b1b1def46 Merge remote-tracking branch 'teor/circuitstats-pareto-avoid-div-zero' 2014-09-29 09:48:02 -04:00
Nick Mathewson
ba7b6246b7 Note when 13291 was introduced. 2014-09-29 09:40:33 -04:00
teor
b827a08284 Stop spawn test failures due to a race condition with SIGCHLD on process exit
When a spawned process forks, fails, then exits very quickly, (this
typically occurs when exec fails), there is a race condition between the
SIGCHLD handler updating the process_handle's fields, and checking the
process status in those fields. The update can occur before or after the
spawn tests check the process status.

We check whether the process is running or not running (rather than just
checking if it is running) to avoid this issue.
2014-09-29 09:37:53 -04:00
Nick Mathewson
11ebbf5e88 Merge branch 'bug12971_take2_squashed' 2014-09-29 09:18:03 -04:00
rl1987
c5ad890904 Respond with 'Command not supported' SOCKS5 reply message upon reception of unsupported request. 2014-09-29 09:14:42 -04:00
Nick Mathewson
5e8cc766e6 Merge branch 'ticket961_squashed' 2014-09-29 09:05:18 -04:00
Nick Mathewson
f15e5aedbc Changes file for ticket 961 2014-09-29 09:05:11 -04:00
Nick Mathewson
dc019b0654 Merge remote-tracking branch 'yawning/bug13213' 2014-09-29 08:57:19 -04:00
Nick Mathewson
56f92ca02d Merge remote-tracking branch 'rl1987/bug13228' 2014-09-29 08:55:17 -04:00
teor
4d0ad34a92 Avoid division by zero in circuitstats pareto
In circuit_build_times_calculate_timeout() in circuitstats.c, avoid dividing
by zero in the pareto calculations.

If either the alpha or p parameters are 0, we would divide by zero, yielding
an infinite result; which would be clamped to INT32_MAX anyway. So rather
than dividing by zero, we just skip the offending calculation(s), and
use INT32_MAX for the result.

Division by zero traps under clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error.
2014-09-29 20:49:24 +10:00
teor
ffd92e8ef8 Stop test & bench build failures with --disable-curve25519
Ensure test & bench code that references curve25519 is disabled by the
appropriate macros. tor now builds with and without --disable-curve25519.
2014-09-29 12:19:04 +10:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
rl1987
f20c72f456 Improving error message. 2014-09-28 18:09:25 +03:00
Nick Mathewson
7f5103ec59 Require two c99 features (midblock decls, designated initializers)
c99 lets us do neat stuff like:

    {
      int j, k;
      foo(&j, &k);
      int z = j + k;
    }

and also
    struct point { int x; int y; };
    struct point pt = { .x=5, .y=5 };

This commit makes the configure scripts check to make sure your
compiler implements them.  It also disables our longstanding warning
about midblock declarations.

Closes ticket 13233.
2014-09-25 11:20:04 -04:00
Yawning Angel
fa60a64088 Do not launch pluggable transport plugins when DisableNetwork is set.
When DisableNetwork is set, do not launch pluggable transport plugins,
and if any are running already, terminate the existing instances.
Resolves ticket 13213.
2014-09-24 09:39:15 +00:00
Nick Mathewson
e6150c7fc0 Merge remote-tracking branch 'public/bug12693_025' 2014-09-22 14:45:38 -04:00
Nick Mathewson
bdd0c77643 Merge branch 'bug8197_squashed'
Conflicts:
	src/test/test_policy.c
2014-09-22 14:34:52 -04:00
rl1987
45fc0612d3 Adding changes file for 8197. 2014-09-22 14:18:01 -04:00
Nick Mathewson
c8d927bad4 changes file for 12884 2014-09-22 10:55:53 -04:00
Nick Mathewson
6c6ea8c425 Merge remote-tracking branch 'arma/feature13211' 2014-09-22 10:49:10 -04:00
Nick Mathewson
d3382297fe Merge remote-tracking branch 'arma/feature13153' 2014-09-22 10:42:54 -04:00
Nick Mathewson
01b23a6d49 changes file for 7733 2014-09-22 10:39:51 -04:00
Nick Mathewson
bc758e4a5e Merge remote-tracking branch 'intrigeri/bug13196-systemd-writable-run-directory' 2014-09-22 10:31:24 -04:00
Roger Dingledine
09183dc315 clients use optimistic data when reaching hidden services
Allow clients to use optimistic data when connecting to a hidden service,
which should cut out the initial round-trip for client-side programs
including Tor Browser.

(Now that Tor 0.2.2.x is obsolete, all hidden services should support
server-side optimistic data.)

See proposal 181 for details. Implements ticket 13211.
2014-09-21 20:02:12 -04:00
Roger Dingledine
bbfb1aca55 get rid of routerstatus->version_supports_optimistic_data
Clients are now willing to send optimistic circuit data (before they
receive a 'connected' cell) to relays of any version. We used to
only do it for relays running 0.2.3.1-alpha or later, but now all
relays are new enough.

Resolves ticket 13153.
2014-09-21 19:04:18 -04:00
Roger Dingledine
1b40ea036f Stop silently skipping invalid args to setevents
Return an error when the second or later arguments of the
"setevents" controller command are invalid events. Previously we
would return success while silently skipping invalid events.

Fixes bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
2014-09-21 16:05:24 -04:00
Roger Dingledine
e170205cd8 Merge branch 'maint-0.2.5' 2014-09-20 16:51:17 -04:00
Roger Dingledine
87576e826f Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-09-20 16:50:32 -04:00
Roger Dingledine
288b3ec603 Merge branch 'maint-0.2.3' into maint-0.2.4 2014-09-20 16:49:24 -04:00
Sebastian Hahn
0eec8e2aa5 gabelmoo's IPv4 address changed 2014-09-20 16:46:02 -04:00
intrigeri
2f47ab247a Add changes file for #13196.
Note that this will likely need to be folded with the changes file for #12751,
as this change is a mere fixup on top of the changes introduced for #12751.
2014-09-19 16:10:39 +00:00
Nick Mathewson
6d6e21a239 Merge branch 'bug4244b_squashed' 2014-09-18 15:31:08 -04:00
Roger Dingledine
905443f074 Clients no longer write "DirReqStatistics 0" in their saveconf output
Stop modifying the value of our DirReqStatistics torrc option just
because we're not a bridge or relay. This bug was causing Tor
Browser users to write "DirReqStatistics 0" in their torrc files
as if they had chosen to change the config.

Fixes bug 4244; bugfix on 0.2.3.1-alpha.
2014-09-18 15:29:14 -04:00
Nick Mathewson
d14127eb7a Use the DL_SCHED_CONSENSUS schedule for consensuses.
Fixes bug 11679; bugfix on 0.2.2.6-alpha
2014-09-18 10:52:58 -04:00
Nick Mathewson
35156ffcc3 Merge remote-tracking branch 'public/ticket_13119_v3' 2014-09-17 10:27:40 -04:00
Nick Mathewson
feee445771 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-16 11:11:48 -04:00
Nick Mathewson
be0e26272b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-09-16 11:10:02 -04:00
Roger Dingledine
0c3b3650aa clients now send correct address for rendezvous point
Clients now send the correct address for their chosen rendezvous point
when trying to access a hidden service. They used to send the wrong
address, which would still work some of the time because they also
sent the identity digest of the rendezvous point, and if the hidden
service happened to try connecting to the rendezvous point from a relay
that already had a connection open to it, the relay would reuse that
connection. Now connections to hidden services should be more robust
and faster. Also, this bug meant that clients were leaking to the hidden
service whether they were on a little-endian (common) or big-endian (rare)
system, which for some users might have reduced their anonymity.

Fixes bug 13151; bugfix on 0.2.1.5-alpha.
2014-09-16 11:05:36 -04:00
Nick Mathewson
c72a94ea1c Add a changes file for 13119 2014-09-15 21:39:12 -04:00
George Kadianakis
a77e44d8c0 Add changes file for Tor2webRendezvousPoints. 2014-09-15 16:07:48 +03:00
Nick Mathewson
2914d56ea4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-11 08:59:24 -04:00
Roger Dingledine
6215ebb266 Reduce log severity for unused ClientTransportPlugin lines
Tor Browser includes several ClientTransportPlugin lines in its
torrc-defaults file, leading every Tor Browser user who looks at her
logs to see these notices and wonder if they're dangerous.

Resolves bug 13124; bugfix on 0.2.5.3-alpha.
2014-09-11 08:02:37 -04:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
9e595a95a8 Add a changes file for bug 13104 2014-09-11 00:05:56 -04:00
Nick Mathewson
73ee161d8a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-10 23:48:59 -04:00
Nick Mathewson
3c2c6a6116 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
2014-09-10 23:48:11 -04:00
Nick Mathewson
e07206afea Merge remote-tracking branch 'yawning/bug_8402' 2014-09-10 23:41:55 -04:00
Nick Mathewson
5474d8ae05 Merge remote-tracking branch 'public/torrc_minimal' 2014-09-10 23:36:27 -04:00
Nick Mathewson
93dfb12037 Remember log messages that happen before logs are configured
(And replay them once we know our first real logs.)

This is an implementation for issue 6938.  It solves the problem of
early log mesages not getting sent to log files, but not the issue of
early log messages not getting sent to controllers.
2014-09-10 23:34:43 -04:00
Nick Mathewson
a9b2e5eac6 Merge remote-tracking branch 'public/bug12908_025' into maint-0.2.5 2014-09-10 22:12:47 -04:00
Nick Mathewson
916d53d6ce Mark StrictE{ntry,xit}Nodes as obsolete. 2014-09-10 07:10:10 -04:00
Yawning Angel
cae44838fe Fix issues brought up in nickm's review.
* Update pt_get_proxy_uri() documentation.
 * proxy_supported is now unsigned.
 * Added a changes file.
2014-09-09 18:21:19 +00:00
Nick Mathewson
8e39395199 Merge remote-tracking branch 'asn/bug13064' 2014-09-09 12:26:16 -04:00
Nick Mathewson
1eea7a68ed Use S?SIZE_MAX, not S?SIZE_T_MAX
This fixes bug 13102 (not on any released Tor) where using the
standard SSIZE_MAX name broke mingw64, and we didn't realize.

I did this with
   perl -i -pe 's/SIZE_T_MAX/SIZE_MAX/' src/*/*.[ch] src/*/*/*.[ch]
2014-09-09 12:08:03 -04:00
Sebastian Hahn
409a56281e Remove client-side bad directory logic
Implements the second half of #13060.
2014-09-09 11:54:20 -04:00
Sebastian Hahn
8099dee992 Remove dirauth support for the BadDirectory flag
Implements the first half of #13060. The second half will be to remove
client support, too.
2014-09-09 11:54:15 -04:00
Nick Mathewson
59f3cce0dc Merge branch 'bug12899_squashed' 2014-09-09 11:51:18 -04:00
Sebastian Hahn
607724c696 Remove support for naming directory authorities
This implements the meat of #12899. This commit should simply remove the
parts of Tor dirauths used to check whether a relay was supposed to be
named or not, it doesn't yet convert to a new mechanism for
reject/invalid/baddir/badexiting relays.
2014-09-09 11:50:21 -04:00
Nick Mathewson
4af88d68b4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 11:05:28 -04:00
Nick Mathewson
8eed82b3d4 Merge remote-tracking branch 'andrea/bug12160_025' into maint-0.2.5 2014-09-09 11:04:54 -04:00
Nick Mathewson
dd22ab519a Merge remote-tracking branch 'public/bug12700_024' into maint-0.2.5 2014-09-09 10:51:39 -04:00
Nick Mathewson
2997908228 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:27:41 -04:00
Nick Mathewson
8391c96091 Clean up the MVSC nmake files so they work again.
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
2014-09-09 10:27:05 -04:00
Nick Mathewson
ad0ae89b3c Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:22:42 -04:00
Nick Mathewson
a3c49ca79a Add more escaped() calls in directory.c
Patch from teor to fix 13071.
2014-09-09 10:22:01 -04:00
Nick Mathewson
2ecaa59bd7 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-08 15:16:45 -04:00
Nick Mathewson
d229025fef Expand the event_mask field in controller conns to 64 bits
Back in 078d6bcd, we added an event number 0x20, but we didn't make
the event_mask field big enough to compensate.

Patch by "teor". Fixes 13085; bugfix on 0.2.5.1-alpha.
2014-09-08 15:16:02 -04:00
George Kadianakis
0f50f5f373 Evaluate TestingDirAuthVoteGuard only after filling all rs elements. 2014-09-06 14:37:41 +03:00
Andrea Shepard
39a017809b Correctly update channel local mark when address of incoming connection changes after handshake; fixes bug #12160 2014-09-05 11:12:08 -07:00
Sebastian Hahn
10fe5bad9a Remove the AuthDirRejectUnlisted config option
This is in preparation for a big patch series removing the entire Naming
system from Tor. In its wake, the approved-routers file is being
deprecated, and a replacement option to allow only pre-approved routers
is not being implemented.
2014-09-04 06:25:38 +02:00
Nick Mathewson
7573e66b99 Treat Z_BUF_ERROR as TOR_ZLIB_BUF_FULL when finalizing a zlib buffer
Otherwise, when we're out of input *and* finalizing, we might report
TOR_ZLIB_OK erroneously and not finalize the buffer.

(I don't believe this can happen in practice, with our code today:
write_to_buf_zlib ensures that we are never trying to write into a
completely empty buffer, and zlib says "Z_OK" if you give it even
one byte to write into.)

Fixes bug 11824; bugfix on 0.1.1.23 (06e09cdd47).
2014-09-03 13:42:46 -04:00
Nick Mathewson
54348201f7 Merge remote-tracking branch 'intrigeri/bug12939-systemd-no-new-privileges'
Conflicts:
	contrib/dist/tor.service.in
2014-09-03 13:29:43 -04:00
Nick Mathewson
f58cdb3be7 Merge remote-tracking branch 'intrigeri/bug12751-systemd-filesystem-sandbox' 2014-09-03 13:28:46 -04:00
Nick Mathewson
8a79b56ac6 Divide torrc.sample into torrc.sample and torrc.minimal
torrc.minimal is now the one that should change as infrequently as
possible.  To schedule an change to go into it eventually, make your
change to torrc.minimal.in-sample.

torrc.sample is now the volatile one: we can change it to our hearts'
content.

Closes ticket #11144
2014-09-02 19:14:30 -04:00
Sebastian Hahn
962765a35d Don't list relays w/ bw estimate of 0 in the consensus
This implements a feature from bug 13000. Instead of starting a bwauth
run with this wrong idea about their bw, relays should do the self-test
and then get measured.
2014-09-02 18:55:01 -04:00
Sebastian Hahn
14abf1c3f1 Don't delay uploading a new desc if bw estimate was 0
When a tor relay starts up and has no historical information about its
bandwidth capability, it uploads a descriptor with a bw estimate of 0.
It then starts its bw selftest, but has to wait 20 minutes to upload the
next descriptor due to the MAX_BANDWIDTH_CHANGE_FREQ delay. This change
should mean that on average, relays start seeing meaningful traffic a
little quicker, since they will have a higher chance to appear in the
consensus with a nonzero bw.

Patch by Roger, changes file and comment by Sebastian.
2014-09-02 18:54:56 -04:00
Nick Mathewson
e3c143f521 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
Nick Mathewson
67c0ad5426 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-01 16:23:34 -04:00
rl1987
8139db3725 Adding changes file. 2014-09-01 16:22:52 -04:00
Nick Mathewson
f113a263de Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:45:56 -04:00
Nick Mathewson
41058dce95 Merge remote-tracking branch 'arma/bug12996b' into maint-0.2.5 2014-08-29 16:44:50 -04:00
Roger Dingledine
7a878c192f Downgrade "Unexpected onionskin length after decryption" warning
It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.

Resolves bug 12996; bugfix on 0.0.6rc1.
2014-08-29 16:38:54 -04:00
Nick Mathewson
d6fa8239c8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:13:04 -04:00
Nick Mathewson
4a6f5bb2dd Improve "Tried to establish rendezvous on non-OR or non-edge circuit"
Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.

Resolves ticket 12997.
2014-08-29 16:05:58 -04:00
Nick Mathewson
42350968a9 Drop check for NTE_BAD_KEYSET error
Any error when acquiring the CryptoAPI context should get treated as
bad.  Also, this one can't happen for the arguments we're giving.
Fixes bug 10816; bugfix on 0.0.2pre26.
2014-08-29 13:24:29 -04:00
Nick Mathewson
b0138cd055 Merge remote-tracking branch 'public/bug12985_024' into bug12984_025 2014-08-29 12:24:52 -04:00
Nick Mathewson
4144b4552b Always event_del() connection events before freeing them
Previously, we had done this only in the connection_free() case, but
when we called connection_free_() directly from
connections_free_all(), we didn't free the connections.
2014-08-29 11:33:05 -04:00
Nick Mathewson
cc3b04a8c1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-28 08:36:00 -04:00
Roger Dingledine
37a76d75dd Resume expanding abbreviations for command-line options
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).

Fixes bug 12948; bugfix on 0.2.5.1-alpha.
2014-08-28 08:33:43 -04:00
Nick Mathewson
9f9b19ed7b Initialize crash handler in unit tests
This way, we don't get locking failures when we hit an assertion in
the unit tests.  Also, we might find out about unit test bugs from
folks who can't do gdb.
2014-08-27 20:03:00 -04:00
intrigeri
9f0161f73d Add changes file for #12751. 2014-08-27 03:33:05 +00:00
intrigeri
a8dd279fa5 Add changes file for #12939. 2014-08-27 03:32:20 +00:00
Nick Mathewson
fdb7fc70d0 Merge remote-tracking branch 'public/bug10163' 2014-08-26 09:44:16 -04:00
Nick Mathewson
59e114832e Merge branch 'bug11792_1_squashed'
Conflicts:
	src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
68e430a6fb Kill non-tunneled directory connections when handling OOM.
Another part of 11792.
2014-08-24 13:04:38 -04:00
Nick Mathewson
8e55cafd67 Count zlib buffer memory towards OOM totals.
Part of 11792.

(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)
2014-08-24 13:04:27 -04:00
Nick Mathewson
446e481c90 Check for duplicate arguments to tor-gencert
Found by coverity, which noticed that if you said
  tor-gencert -i identity1 -i identity2
we would leak "identity1".

[CID 1198201, 1198202, 1198203]
2014-08-21 11:22:42 -04:00
Nick Mathewson
916fba2243 Merge branch 'bug12205_take2_squashed' 2014-08-20 15:32:48 -04:00
rl1987
197d855009 Rewriting entry_is_time_to_retry() using table approach. 2014-08-20 15:29:55 -04:00
Nick Mathewson
01a0ab02a3 Merge branch 'bug10116_squashed' 2014-08-20 14:52:24 -04:00
Nick Mathewson
7f5a440421 Don't allocate an extra smartlist in the OOM handler
Fixes issue 10116
2014-08-20 14:50:38 -04:00
Nick Mathewson
a32913d5aa Allow named pipes for our log files.
Closes ticket 12061. Based on a patch from "carlo von lynX" on tor-dev at
  https://lists.torproject.org/pipermail/tor-dev/2014-April/006705.html
2014-08-20 13:45:16 -04:00
Nick Mathewson
fb762f6db0 Merge remote-tracking branch 'public/bug11787' 2014-08-20 13:34:02 -04:00
Nick Mathewson
c3f04f3daa Changes file for bug 11787 2014-08-20 13:33:49 -04:00
Nick Mathewson
c57e8da4ea Merge remote-tracking branch 'public/bug12908_025' 2014-08-20 12:58:26 -04:00
Sathyanarayanan Gunasekaran
a3fe8b1166 Warn if Tor is a relay and a HS
Closes 12908; see #8742
2014-08-20 12:56:57 -04:00
Nick Mathewson
d0009cb8e8 Merge remote-tracking branch 'public/bug12728_024' 2014-08-20 12:44:15 -04:00
Nick Mathewson
764cebb4d9 Merge remote-tracking branch 'public/bug12700_024' 2014-08-20 09:00:41 -04:00
Nick Mathewson
ec59167cae When counting memory from closing a connection, count the dir conn too
Fix part of bug 11972
2014-08-18 15:21:50 -04:00
Nick Mathewson
1196ed7cc4 Fix relay_command_to_string(); solve 12700.
Two bugs here:
  1) We didn't add EXTEND2/EXTENDED2 to relay_command_to_string().

  2) relay_command_to_string() didn't log the value of unrecognized
     commands.

Both fixed here.
2014-08-18 13:21:40 -04:00
Nick Mathewson
6a8d2e21b8 changes file for bug 10163 / proposal 215. 2014-08-15 18:15:57 -04:00
Nick Mathewson
1f35fd0017 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-15 17:41:13 -04:00
Nick Mathewson
ff4ba9f8a0 Missing changes file for 3f683aadcd
Looks like I forgot to commit this.
2014-08-15 10:06:27 -04:00
Nick Mathewson
0808ed83f9 Restore functionality for CookieAuthFileGroupReadable.
When we merged the cookieauthfile creation logic in 33c3e60a37, we
accidentally took out this feature.  Fixes bug 12864, bugfix on
0.2.5.1-alpha.

Also adds an ExtORPortCookieAuthFileGroupReadable, since there's no
reason not to.
2014-08-15 08:30:44 -04:00
Nick Mathewson
c69e96680a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 23:15:44 -04:00
Nick Mathewson
d443658fad Merge remote-tracking branch 'public/bug12848_024' into maint-0.2.5
Conflicts:
	src/or/circuitbuild.c
2014-08-13 23:14:28 -04:00
Nick Mathewson
283730ad1c Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 15:11:52 -04:00
Nick Mathewson
789c8d8573 Apply an MSVC compilation fix from Gisle Vanem
This fixes a double-define introduced in 28538069b2
2014-08-13 15:11:00 -04:00
Nick Mathewson
9114346d32 Merge remote-tracking branch 'public/use_calloc' 2014-08-13 15:01:04 -04:00
Nick Mathewson
938deecc87 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-13 12:52:57 -04:00
Nick Mathewson
fa7ce6d3be Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-08-13 12:52:40 -04:00
Nick Mathewson
b45f0f8fb9 Merge remote-tracking branch 'karsten/geoip6-aug2014' into maint-0.2.4 2014-08-13 12:51:38 -04:00
Nick Mathewson
244ca67e47 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-08-13 12:51:27 -04:00
Nick Mathewson
883dc335e9 Fix configure script build with autoconf < 2.63
We added some AS_VAR_IF-based checks to detect whether we have
managed to compile (but not link) with stack-protector.  On autoconf
before 2.63, we don't have AS_VAR_IF, so we just have to let the
user get a compile error rather than a helpful "find libssp" error.

Fixes bug 12693; bugfix on 0.2.5.2-alpha (commit 21ac292820)
2014-08-13 12:01:58 -04:00
Nick Mathewson
4410f6fb83 Add changes file for bug12855 2014-08-13 10:39:56 -04:00
Karsten Loesing
6235b4769d Update geoip6 to the August 7 2014 database. 2014-08-13 16:16:11 +02:00
Karsten Loesing
b98e3f9936 Update geoip to the August 7 2014 database. 2014-08-13 16:08:33 +02:00
Nick Mathewson
b32a8b024c Don't send DESTROY to circID 0 when circuit_deliver_create_cell fails
Cypherpunks found this and wrote this patch.

Fix for 12848; fix on (I think) d58d4c0d, which went into 0.0.8pre1
2014-08-12 12:12:02 -04:00
Nick Mathewson
4056c61608 Fix some URLs in the README
patch from mttp; fixes 12830
2014-08-09 15:57:44 -04:00
Nick Mathewson
bb68c731b8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-08 10:09:17 -04:00
Roger Dingledine
fcac4b4467 Build circuits more readily when DisableNetwork goes to 0
When Tor starts with DisabledNetwork set, it would correctly
conclude that it shouldn't try making circuits, but it would
mistakenly cache this conclusion and continue believing it even
when DisableNetwork is set to 0. Fixes the bug introduced by the
fix for bug 11200; bugfix on 0.2.5.4-alpha.
2014-08-06 18:30:14 -04:00
Nick Mathewson
04007448b9 Correctly remove extraneous space in router family lines
Fixes bug 12728; bugfix on 0.2.1.7-alpha when the SPLIT_IGNORE_SPACE
option was added.
2014-08-05 11:09:08 -04:00
Nick Mathewson
0edb9b0492 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-30 14:18:11 -04:00
Nick Mathewson
74a8555d2b Merge remote-tracking branch 'intrigeri/bug12731-systemd-no-run-as-daemon' into maint-0.2.5
Conflicts:
	contrib/dist/tor.service.in
2014-07-30 14:00:21 -04:00
Nick Mathewson
88590ed3a6 Merge remote-tracking branch 'intrigeri/bug12730-systemd-verify-config' into maint-0.2.5 2014-07-30 13:59:39 -04:00
intrigeri
0a70579784 Verify configuration file via ExecStartPre in the systemd unit file (#12730). 2014-07-30 16:56:55 +00:00
intrigeri
8b470ee4b5 Explicitly disable RunAsDaemon in the systemd unit file (#12731).
Our current systemd unit uses "Type = simple", so systemd does not expect tor to
fork. If the user has "RunAsDaemon 1" in their torrc, then things won't work as
expected. This is e.g. the case on Debian (and derivatives), since there we pass
"--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" (that contains
"RunAsDaemon 1") by default.

The only solution I could find is to explicitly pass "--RunAsDaemon 0" when
starting tor from the systemd unit file, which this commit does.
2014-07-30 16:54:07 +00:00
Roger Dingledine
6c4a26b8ca Merge branch 'maint-0.2.5' 2014-07-28 02:47:43 -04:00
Roger Dingledine
29a82b5a8b Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-28 02:47:15 -04:00
Roger Dingledine
68a2e4ca4b Warn and drop the circuit if we receive an inbound 'relay early' cell
Those used to be normal to receive on hidden service circuits due to bug
1038, but the buggy Tor versions are long gone from the network so we
can afford to resume watching for them. Resolves the rest of bug 1038;
bugfix on 0.2.1.19.
2014-07-28 02:44:05 -04:00
Roger Dingledine
8882dcfc59 add a changes file for bug 12718 2014-07-27 15:41:30 -04:00
Roger Dingledine
2126feaabc get rid of already-merged prop221 changes file 2014-07-25 12:22:05 -04:00
Roger Dingledine
b350ac0860 Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/or.h
2014-07-25 12:15:47 -04:00
Nick Mathewson
e001610c99 Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2014-07-25 11:59:00 -04:00
Roger Dingledine
472696e8e5 get rid of already-merged bug12227 changes file 2014-07-24 19:49:01 -04:00
Roger Dingledine
1ed77ff724 Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-24 19:48:37 -04:00
Nick Mathewson
1b551823de Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-07-24 19:45:38 -04:00
Roger Dingledine
eb3e0e3da3 Merge branch 'maint-0.2.5' 2014-07-24 16:30:50 -04:00
Roger Dingledine
a57c07b210 Raise guard threshold to top 25% or 2000 kilounits
Authorities now assign the Guard flag to the fastest 25% of the
network (it used to be the fastest 50%). Also raise the consensus
weight that guarantees the Guard flag from 250 to 2000. For the
current network, this results in about 1100 guards, down from 2500.
This step paves the way for moving the number of entry guards
down to 1 (proposal 236) while still providing reasonable expected
performance for most users.

Implements ticket 12690.
2014-07-24 16:24:17 -04:00
Roger Dingledine
bc9866e13f Merge branch 'maint-0.2.5' 2014-07-24 16:23:26 -04:00
Roger Dingledine
a4c641cce9 Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-24 16:23:08 -04:00
Roger Dingledine
9fc276a1c7 add a NumDirectoryGuards consensus param too 2014-07-24 16:19:47 -04:00
Roger Dingledine
56ee61b8ae Add and use a new NumEntryGuards consensus parameter.
When specified, it overrides our default of 3 entry guards.

(By default, it overrides the number of directory guards too.)

Implements ticket 12688.
2014-07-24 16:19:47 -04:00
Nick Mathewson
dfe80c966d Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-23 21:28:58 -04:00
Nick Mathewson
5c200d9be2 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-07-23 21:28:42 -04:00
Nick Mathewson
303d7f55d9 Merge branch 'curve25519-donna32' into maint-0.2.4 2014-07-23 21:28:18 -04:00
Nick Mathewson
ad0cf550b7 Put the bug number and correct credits in the changes file for the new curve25519-donna32 2014-07-23 21:25:53 -04:00
Nick Mathewson
641c1584f7 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-21 14:30:27 -04:00
Nick Mathewson
e0aa88d106 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-07-21 14:30:09 -04:00
Nick Mathewson
75501dbe4a Merge remote-tracking branch 'karsten/geoip6-jul2014' into maint-0.2.4 2014-07-21 14:29:43 -04:00
Nick Mathewson
015f710f72 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-07-21 14:29:30 -04:00
Nick Mathewson
e7e92fb2f9 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-21 14:01:00 -04:00
Nick Mathewson
fa8bb25f64 update changes entry with info for 11578 patch 2014-07-21 14:00:10 -04:00
Karsten Loesing
6345dfa1fe Update geoip6 to the July 10 2014 database. 2014-07-18 16:31:25 +02:00
Karsten Loesing
6d5efbef22 Update geoip to the July 10 2014 database. 2014-07-18 16:28:50 +02:00
Nick Mathewson
a36cd51b59 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-17 11:34:33 +02:00
Nick Mathewson
f6a776d915 Merge remote-tracking branch 'public/bug12602_024' into maint-0.2.5 2014-07-17 11:32:16 +02:00
Nick Mathewson
66798dfdc0 Fix compilation with no-compression OpenSSL builds and forks
Found because LibreSSL has OPENSSL_NO_COMP always-on, but this
conflicts with the way that _we_ turn off compression.  Patch from
dhill, who attributes it to "OpenBSD".  Fixes bug 12602; bugfix on
0.2.1.1-alpha, which introduced this turn-compression-off code.
2014-07-17 11:25:56 +02:00
Nick Mathewson
b408125288 Merge remote-tracking branch 'andrea/bug11302' 2014-07-16 16:58:41 +02:00
Nick Mathewson
0ef5d4d633 Add a changes file for bug12202 2014-07-16 16:54:42 +02:00
Nick Mathewson
f74a932e0b Merge remote-tracking branch 'sysrqb/bug12573' 2014-07-16 15:38:10 +02:00
Nick Mathewson
e669e910f4 changes file for 12207 2014-07-16 15:33:47 +02:00
Arlo Breault
15e170e01b Add an option to overwrite logs
* Issue #5583
2014-07-16 12:16:49 +02:00
Nick Mathewson
98541f2892 Tweak coverage-html target
- Don't try to rm -rf the directory before we start: somebody might
   have set it to ~, which would be quite sad.

 - Always quote the directory name

 - Use 'make reset-gcov' before running tests.

 - Use 'make check', not ./src/test/test
2014-07-16 06:04:55 -04:00
Nick Mathewson
4da4c4c63f Apply GeoIPExcludeUnknown before checking transitions
Otherwise, it always seems as though our Exclude* options have
changed, since we're comparing modified to unmodified values.

Patch from qwerty1. Fixes bug 9801. Bugfix on 0.2.4.10-alpha, where
GeoIPExcludeUnknown was introduced.
2014-07-16 11:14:59 +02:00
Nick Mathewson
7591ce64fb Merge remote-tracking branch 'origin/maint-0.2.5' 2014-07-16 11:01:20 +02:00
Nick Mathewson
9e46855538 changes file for 12474, 12438. 2014-07-16 11:00:49 +02:00
Nick Mathewson
5d2045ee8b diagnostic for 12184: Add a call to channel_dump_statistics 2014-07-16 10:34:39 +02:00
Nick Mathewson
856114ab1c Merge remote-tracking branch 'public/bug8387_024' into maint-0.2.5 2014-07-16 10:01:56 +02:00
Nick Mathewson
7bc7188fc9 add changes file for 12503 2014-07-16 09:52:37 +02:00
Nick Mathewson
8cc0860592 Update to latest curve25519-donna32 2014-07-15 15:42:20 +02:00
Nick Mathewson
ed3d7892c7 Fix a bug where streams would linger forever when we had no dirinfo
fixes bug 8387; fix on 0.1.1.11-alpha (code), or on 0.2.4.10-alpha (behavior).
2014-07-09 16:15:05 -04:00
Matthew Finkel
43bba9541a Only active relays should be given HSDir
We should only assign a relay the HSDir flag if it is currently
considered valid. We can accomplish this by only considering active
relays, and as a consequence of this we also exclude relays that are
currently hibernating. Fixes #12573
2014-07-09 00:48:00 +00:00
Nick Mathewson
58f4200789 Thread support is now required
Long ago we supported systems where there was no support for
threads, or where the threading library was broken. We shouldn't
have do that any more: on every OS that matters, threads exist, and
the OS supports running threads across multiple CPUs.

This resolves tickets 9495 and 12439.  It's a prerequisite to making
our workqueue code work better, since sensible workqueue
implementations don't split across multiple processes.
2014-06-20 10:20:10 -04:00
Nick Mathewson
5b4ee475aa Remove code for Windows CE support
As far as I know, nobody has used this in ages.  It would be a
pretty big surprise if it had worked.

Closes ticket 11446.
2014-06-20 09:49:36 -04:00
Nick Mathewson
456184c2a0 Authorities also advertise caches-extra-info
(Whoops, thought I had committed this before)

Improvement to 11683 fix. Based on patch from Karsten.
2014-06-20 09:02:24 -04:00
Nick Mathewson
922be84ca3 Merge remote-tracking branch 'karsten/bug11683' 2014-06-19 10:42:19 -04:00
Nick Mathewson
2050846312 Bring remaining 0.2.5.5-alpha entries into changelog 2014-06-16 15:00:35 -04:00
Nick Mathewson
2f4fcfc8d1 manpage: Move more authority-only options into the authority section
I don't know whether we missed these or misclassified them when we
first made the "DIRECTORY AUTHORITY SERVER OPTIONS" section, but they
really belong there.
2014-06-16 11:15:47 -04:00
Nick Mathewson
a7cafb1ea9 Merge branch 'bug8746_v2_squashed'
Conflicts:
	src/common/include.am
2014-06-14 11:46:38 -04:00
Nick Mathewson
e07d328457 changes file for 8746 2014-06-14 11:40:28 -04:00
Nick Mathewson
a58d94fb7c Merge branch 'bug12184_diagnostic_squashed' 2014-06-14 11:01:04 -04:00
Nick Mathewson
8f3e3279c1 Try to diagnose bug 12184
Check for consistency between the queued destroy cells and the marked
circuit IDs.  Check for consistency in the count of queued destroy
cells in several ways.  Check to see whether any of the marked circuit
IDs have somehow been marked longer than the channel has existed.
2014-06-14 11:00:44 -04:00
Nick Mathewson
cfca2a6037 Merge branch 'bug12191_squashed' 2014-06-13 08:40:59 -04:00
Nick Mathewson
f9f450d688 Also raise the check for 0 circuit ID in created cell.
And add a comment about why conditions that would cause us to drop a
cell should get checked before actions that would cause us to send a
destroy cell.

Spotted by 'cypherpunks'.

And note that these issues have been present since 0.0.8pre1 (commit
0da256ef), where we added a "shutting down" state, and started
responding to all create cells with DESTROY when shutting down.
2014-06-13 08:39:39 -04:00
Nick Mathewson
3a2e25969f Merge remote-tracking branch 'public/ticket6799_024_v2_squashed'
Conflicts:
	src/or/channel.c
	src/or/circuitlist.c
	src/or/connection.c

Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
2014-06-11 11:57:56 -04:00
Nick Mathewson
bbb8f12ee4 Tweak changes entry for 6799 2014-06-11 11:52:58 -04:00
Nick Mathewson
6557e61295 Replace last_added_nonpadding with last_had_circuits
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits.  But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.

This is part of fixing 6799.

When applied to 0.2.5, it is also a fix for 12023.
2014-06-11 11:27:04 -04:00
Nick Mathewson
463f6628d3 Give each or_connection_t a slightly randomized idle_timeout
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.

Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.

Fix for ticket 6799.
2014-06-11 11:27:04 -04:00
Nick Mathewson
6f20dd7bfc Merge remote-tracking branch 'public/bug11970' 2014-06-11 11:01:52 -04:00
Nick Mathewson
e8dd34f165 Merge remote-tracking branch 'public/not_bug8093' 2014-06-11 09:24:16 -04:00
Nick Mathewson
a5036d20ce Merge remote-tracking branch 'public/more_bug8387_diagnosis' 2014-06-11 09:22:46 -04:00
Nick Mathewson
af53e4bd1c Move circuit-id-in-use check for CREATE cells to before all other checks
This means that we never send a DESTROY cell in response to an attempt
to CREATE an existing circuit.  Fixes bug 12191.
2014-06-10 22:41:13 -04:00
Nick Mathewson
173a1afc58 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-06-10 21:09:27 -04:00
Nick Mathewson
f5ce580bab Fix changes file for geoip 2014-06-10 21:08:44 -04:00
Karsten Loesing
40579cb6a5 Update geoip6 to the June 4 2014 database. 2014-06-10 21:32:24 +02:00
Nick Mathewson
562299d57b Improved diagnostic log for bug 8387.
When we find a stranded one-hop circuit, log whether it is dirty,
log information about any streams on it, and log information about
connections they might be linked to.
2014-06-10 12:04:06 -04:00
Nick Mathewson
55c7a559df Merge remote-tracking branch 'public/bug12227_024' 2014-06-10 11:17:39 -04:00
Nick Mathewson
cca6198c77 Avoid illegal read off end of an array in prune_v2_cipher_list
This function is supposed to construct a list of all the ciphers in
the "v2 link protocol cipher list" that are supported by Tor's
openssl.  It does this by invoking ssl23_get_cipher_by_char on each
two-byte ciphersuite ID to see which ones give a match.  But when
ssl23_get_cipher_by_char cannot find a match for a two-byte SSL3/TLS
ciphersuite ID, it checks to see whether it has a match for a
three-byte SSL2 ciphersuite ID.  This was causing a read off the end
of the 'cipherid' array.

This was probably harmless in practice, but we shouldn't be having
any uninitialized reads.

(Using ssl23_get_cipher_by_char in this way is a kludge, but then
again the entire existence of the v2 link protocol is kind of a
kludge.  Once Tor 0.2.2 clients are all gone, we can drop this code
entirely.)

Found by starlight. Fix on 0.2.4.8-alpha. Fixes bug 12227.
2014-06-10 11:11:47 -04:00
Nick Mathewson
95d47a7481 Merge remote-tracking branch 'public/bug12169_relay_check' 2014-06-04 15:30:43 -04:00
Nick Mathewson
0073c5b517 Merge remote-tracking branch 'andrea/bug10616' 2014-06-04 15:12:45 -04:00
Nick Mathewson
7581014a86 put the right trac ticket number in changes file 2014-06-04 12:28:15 -04:00
Nick Mathewson
e74c360156 Merge remote-tracking branch 'public/bug12195' 2014-06-04 12:16:03 -04:00
Nick Mathewson
84ed086d48 Fix ancient code that only checked circ_id, not circ_id and chan
This code mis-handled the case where a circuit got the same circuit
ID in both directions.  I found three instances of it in the
codebase, by grepping for [pn]_circ_id.

Because of the issue in command_process_relay_cell(), this would
have made roughly one circuit in a million completely nonfunctional.

Fixes bug 12195.
2014-06-03 18:19:08 -04:00
Andrea Shepard
9815029a2f Add changes file for bug10616 2014-06-03 14:41:51 -07:00
Roger Dingledine
ea44287657 fix #10405's changes file 2014-06-02 02:32:59 -04:00
Nick Mathewson
dd0745d066 Don't try to fetch bridge descriptors when DisableNetwork is set
Patch from Roger; changes file by me.

Fixes 10405; bugfix on 0.2.3.9-alpha, where DisableNetwork was
introduced.
2014-06-02 02:17:28 -04:00
Nick Mathewson
723894f114 Merge remote-tracking branch 'public/bug12170_024_v2' 2014-06-02 00:47:51 -04:00
Nick Mathewson
ad8977e394 Avoid needless router_dir_info_has_changed from router_set_status
On some profiles of Andrea's from #11332, I found that a great deal
of time can still be attributed to functions called from
update_router_have_minimum_dir_info().  This is making our
digestmap, tor_memeq, and siphash functions take a much bigger
portion of runtime than they really should.

If we're calling update_router_have_minimum_dir_info() too often,
that's because we're calling router_dir_info_changed() too often.
And it looks like most of the callers of router_dir_info_changed()
are coming as tail-calls from router_set_status() as invoked by
channel_do_open_actions().

But we don't need to call router_dir_info_changed() so much!  (I'm
not quite sure we need to call it from here at all, but...) Surely
we don't need to call it from router_set_status when the router's
status has not actually changed.

This patch makes us call router_dir_info_changed() from
router_set_status only when we are changing the router's status.

Fix for bug 12170.  This is leftover from our fix back in 273ee3e81
in 0.1.2.1-alpha, where we started caching the value of
update_router_have_minimum_dir_info().
2014-06-02 00:45:15 -04:00
Nick Mathewson
d9564d5285 Use uint32 !=, not tor_memneq, for relay cell integrity checking
tor_memeq has started to show up on profiles, and this is one of the
most frequent callers of that function, appearing as it does on every
cell handled for entry or exit.

59f9097d5c introduced tor_memneq here;
it went into Tor 0.2.1.31.  Fixes part of 12169.
2014-06-01 14:05:10 -04:00
Nick Mathewson
413a442f57 Start on the 0.2.5.5-alpha changelog.
I've copied the entries from changes/, labeled the ones that also
appeared in 0.2.4.22, sorted them lightly with a python script
(added to maint), and combined sections with the same name.

I didn't combine sections without a description (e.g. "Minor
bugfixes:"), since we'll probably add a description to those.
2014-05-29 11:21:23 -04:00
Nick Mathewson
a6688f9cbb sandbox: allow enough setsockopt to make ConstrainedSockets work
fixes bug 12139; bugfix on 0.2.5.1-alpha
2014-05-29 11:04:32 -04:00
Nick Mathewson
a056ffabbb sandbox: permit listen(2)
Fix for 12115; bugfix on 0.2.5.1-alpha
2014-05-27 19:28:12 -04:00
Nick Mathewson
b0c1c70011 Make sandbox.c compile on arm
This is a minimal set of changes for compilation; I need a more
recent kernel to test this stuff.
2014-05-27 17:34:52 -04:00
Nick Mathewson
5de91d118d Merge branch 'bug11965_v2' 2014-05-23 11:23:00 -04:00
Nick Mathewson
802c063148 Postpone fetches based on should_delay_dir_fetch(), not DisableNetwork
Without this fix, when running with bridges, we would try fetching
directory info far too early, and have up to a 60 second delay if we
started with bridge descriptors available.

Fixes bug 11965. Fix on 0.2.3.6-alpha, arma thinks.
2014-05-23 11:22:35 -04:00
Nick Mathewson
cfd0ee514c sandbox: allow reading of hidden service configuration files.
fixes part of 12064
2014-05-22 20:39:10 -04:00
Nick Mathewson
1356ef1176 changes file for 12064_part1 2014-05-22 19:49:59 -04:00
Nick Mathewson
c8af95d336 Documentation fix: DataDir/status/* -> DataDir/stats/*
Our documentation had the name of this directory wrong.
2014-05-22 19:45:45 -04:00
Nick Mathewson
e425fc7804 sandbox: revamp sandbox_getaddrinfo cacheing
The old cache had problems:
     * It needed to be manually preloaded. (It didn't remember any
       address you didn't tell it to remember)
     * It was AF_INET only.
     * It looked at its cache even if the sandbox wasn't turned on.
     * It couldn't remember errors.
     * It had some memory management problems. (You can't use memcpy
       to copy an addrinfo safely; it has pointers in.)

This patch fixes those issues, and moves to a hash table.

Fixes bug 11970; bugfix on 0.2.5.1-alpha.
2014-05-22 17:39:36 -04:00
Nick Mathewson
1a73e17801 Merge remote-tracking branch 'andrea/bug11476' 2014-05-22 16:27:29 -04:00
Nick Mathewson
fef65fa643 sandbox: permit gettid, sched_getaffinity
These are needed under some circumstances if we are running with
expensive-hardening and sandbox at the same time.

fixes 11477, bugfix on 0.2.5.4-alpha (where we introduced
expensive-hardening)
2014-05-20 15:49:01 -04:00
Nick Mathewson
c21377e7bc sandbox: support logfile rotation
Fixes bug 12032; bugfix on 0.2.5.1-alpha
2014-05-20 15:21:48 -04:00
Nick Mathewson
268a117cdf sandbox: tolerate reloading with DirPortFrontPage set
Also, don't tolerate changing DirPortFrontPage.

Fixes bug 12028; bugfix on 0.2.5.1-alpha.
2014-05-20 14:58:28 -04:00
Nick Mathewson
465982012c sandbox: Disallow options which would make us call exec()
None of the things we might exec() can possibly run under the
sanbox, so rather than crash later, we have to refuse to accept the
configuration nice and early.

The longer-term solution is to have an exec() helper, but wow is
that risky.

fixes 12043; bugfix on 0.2.5.1-alpha
2014-05-20 12:21:31 -04:00
Nick Mathewson
f87071f49e sandbox: Permit access to stats/dirreq-stats
This prevents a crash when rotating logs with dirreq-stats enabled

fixes 12035; bugfix on 0.2.5.1-alpha.
2014-05-20 12:06:08 -04:00
Nick Mathewson
f6d3006363 Sandbox: allow access to stats/bridge-stats
Fix for 12041; bugfix on 0.2.5.1-alpha.
2014-05-20 11:57:29 -04:00
Andrea Shepard
b3edd04065 Add changes file for bug11476 2014-05-16 08:56:42 -07:00
Nick Mathewson
2d21a8f4d6 Merge remote-tracking branch 'public/bug11469_024' 2014-05-15 13:35:08 -04:00
Nick Mathewson
1badef5cec Use DirPort for uploading descriptors.
When we converted the horrible set of options that previously
controlled "use ORPort or DirPort? Anonymously or Non-anonymouly?" to
a single 'indirection' argument, we missed
directory_post_to_dirservers.

The problematic code was introduced in 5cbeb6080, which went into
0.2.4.3-alpha.  This is a fix for bug 11469.
2014-05-14 21:49:57 -04:00
Nick Mathewson
9b4ac986cb Use tor_getpw{nam,uid} wrappers to fix bug 11946
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd).  The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.

To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.

(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox.  It's not desirable either.)
2014-05-14 13:53:14 -04:00
Nick Mathewson
585582fc8c Merge branch 'bug9781_v2' 2014-05-12 13:35:22 -04:00
Nick Mathewson
b5e142cb1b Log an error reply from tor-fw-helper correctly.
Fix for bug 9781; bugfix on cd05f35d2c in 0.2.4.2-alpha.
2014-05-12 13:35:01 -04:00
Nick Mathewson
75e850efe6 changes file for gisle vanem's MSVC fix 2014-05-12 11:49:17 -04:00
dana koch
d6e6c63baf Quench clang's complaints with -Wshorten-64-to-32 when time_t is not long.
On OpenBSD 5.4, time_t is a 32-bit integer. These instances contain
implicit treatment of long and time_t as comparable types, so explicitly
cast to time_t.
2014-05-11 23:36:00 -04:00
Nick Mathewson
5b861ae53f Merge remote-tracking branch 'public/bug11648' 2014-05-08 12:01:23 -04:00
Nick Mathewson
c86b709a07 changes file for 11648 2014-05-08 12:01:12 -04:00
Nick Mathewson
a32d7e1910 Return success when get_total_system_memory() succeeds.
Fixes bug 11805; bugfix on 0.2.5.4-alpha.
2014-05-08 00:32:22 -04:00
Nick Mathewson
411c622906 Merge commit 'bb9b4c37f8e7f5cf78918f382e90d8b11ff42551' into maint-0.2.4 2014-05-07 23:11:32 -04:00
Nick Mathewson
0ad8133a7e Merge remote-tracking branch 'public/ticket11528_024' into maint-0.2.4 2014-05-07 23:04:59 -04:00
Nick Mathewson
882893c8c3 Merge remote-tracking branch 'public/bug11513_024' into maint-0.2.4 2014-05-07 23:04:48 -04:00
Nick Mathewson
894c8b2266 Merge remote-tracking branch 'public/update_ciphers_ff28' into maint-0.2.4 2014-05-07 23:04:22 -04:00
Nick Mathewson
683b80bf81 Merge remote-tracking branch 'public/bug11737_diagnostic' 2014-05-07 22:52:44 -04:00
Nick Mathewson
c948bdaa28 Improve bug11743 message a bit. 2014-05-07 22:23:19 -04:00
Nick Mathewson
0de2625675 Merge remote-tracking branch 'public/bug8387_diagnostic' 2014-05-07 22:15:24 -04:00
Nick Mathewson
4a740451ac Merge remote-tracking branch 'public/bug11750' 2014-05-06 20:44:41 -04:00
Nick Mathewson
5cea500ce7 Merge branch 'bug11743_option_b' 2014-05-06 20:40:40 -04:00
Nick Mathewson
ea570fa13c changes file for bug11743 2014-05-06 16:28:34 -04:00
Nick Mathewson
c7549cb4cd Merge remote-tracking branch 'karsten/bug11742' 2014-05-06 13:54:37 -04:00
Nick Mathewson
a06044a485 Check HT_REP_IS_BAD_() when giving a bug-7164 warning.
This may let us know if we're hitting 7164 because of an
hte_hash-corruption situation proposed by "cypherpunks" in bug
11737.
2014-05-06 13:03:24 -04:00
Nick Mathewson
78301d99fe Fix compilation with DEBUG_DNS_CACHE
Reported by cypherpunks.

Fix for #11761; bugfix on 0.2.3.13-alpha where we made ht.h stop using
_identifiers.
2014-05-06 10:18:34 -04:00
Nick Mathewson
8127f4db30 Use siphash on channel/circuit-id map too
Fixes ticket 11750.
2014-05-05 12:13:58 -04:00
Nick Mathewson
388478561d Fix cross-compiling when 128-bit math compiles but won't link
Apparently, there exist cross-compiling environments for arm7 where
you can compile a 64x64->128 multiply, but not link it.

Fixes bug 11729; bugfix on 0.2.4.8-alpha. Patch from 'conradev'.
2014-05-05 11:44:02 -04:00
Nick Mathewson
5d496963b4 Don't start sandbox except for CMD_RUN_TOR
This was crashing on --verify-config in the debian startup script, if you
had sandboxing enabled.  Fixes 11609; fix on 0.2.5.1-alpha.
2014-05-05 10:29:35 -04:00
Karsten Loesing
5e9bd1b5db Believe that v3 dirauths always serve extra infos.
Clients should always believe that v3 directory authorities serve
extra-info documents, regardless of whether their server descriptor
contains a "caches-extra-info" line or not.

Fixes part of #11683.
2014-05-05 15:31:52 +02:00
Karsten Loesing
1289474dbd Remove /tor/dbg-stability.txt URL.
The /tor/dbg-stability.txt URL was meant to help debug WFU and MTBF
calculations, but nobody was using it.

Fixes #11742.
2014-05-05 11:21:35 +02:00
Nick Mathewson
7ad0cd209c Merge remote-tracking branch 'public/bug9635' 2014-05-01 12:39:39 -04:00
Nick Mathewson
c472ac4fb8 Merge remote-tracking branch 'public/bug11233_diagnose' 2014-05-01 12:37:16 -04:00
Nick Mathewson
a2b59dba71 Merge branch 'bug11654_squashed' 2014-05-01 12:34:59 -04:00
George Kadianakis
a787575b7f Fix a misuse of strlcpy() introduced by the #11156 patch. 2014-05-01 12:34:50 -04:00
Nick Mathewson
b51ce90777 Merge remote-tracking branch 'public/valgrind_tests' 2014-05-01 12:29:31 -04:00
Nick Mathewson
b6c8a14bf3 Merge remote-tracking branch 'public/bug4345a_024' 2014-05-01 12:13:07 -04:00
Nick Mathewson
1bbd3811c1 Merge remote-tracking branch 'public/bug10849_025'
Conflicts:
	src/or/config.c
2014-05-01 11:51:22 -04:00
Nick Mathewson
14bc6e8993 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/microdesc.c
2014-05-01 11:44:25 -04:00
Nick Mathewson
6a4f5d9b4d Downgrade bug 7164 warning to INFO
The 0.2.5.x warning is the one that might help us track this down; the
warnings in stable are just annoying users over and over and over.
2014-05-01 11:42:02 -04:00
Nick Mathewson
01e2aae12a Changes file for bug 11623 (fix was in 91ff10f6be) 2014-05-01 11:33:17 -04:00
Nick Mathewson
9511522bd4 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-30 20:26:55 -04:00
Nick Mathewson
efab3484e6 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-30 20:25:15 -04:00
Nick Mathewson
8828794dc2 Merge remote-tracking branch 'public/bug10849_023_bruteforce' into maint-0.2.3 2014-04-30 20:23:22 -04:00
Nick Mathewson
f43fee8f8f Merge remote-tracking branch 'public/bug11628' 2014-04-30 17:21:15 -04:00
Nick Mathewson
35699ef9f5 Drop the MaxMemInCellQueues lower limit down to 256 MB.
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.

This is a backport of 647248729f to 0.2.4.

Note that in 0.2.4, the option is called MaxMemInCellQueues.
2014-04-29 20:48:22 -04:00
Nick Mathewson
545e2119f2 Merge remote-tracking branch 'public/bug11605_024' 2014-04-29 14:33:39 -04:00
Nick Mathewson
b0e078d5af Log info on ancient one-hop circuits in heartbeat
This is an attempt to diagnose 8387.
2014-04-29 14:02:12 -04:00
Nick Mathewson
acc7623420 changes file for last patch 2014-04-29 13:23:54 -04:00
Nick Mathewson
cae6388053 Put tor.service in the right place, and autoconfify it
This closes 8368.
2014-04-29 13:17:30 -04:00
Jamie Nguyen
a42e81eea1 Add contrib/tor.service for use with systemd 2014-04-29 13:17:29 -04:00
Nick Mathewson
0514bcd37c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-29 13:03:27 -04:00
Nick Mathewson
1d3ffc0ec9 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-29 13:02:18 -04:00
Nick Mathewson
65575b0755 Stop leaking memory in error cases of md parsing
When clearing a list of tokens, it's important to do token_clear()
on them first, or else any keys they contain will leak.  This didn't
leak memory on any of the successful microdescriptor parsing paths,
but it does leak on some failing paths when the failure happens
during tokenization.

Fixes bug 11618; bugfix on 0.2.2.6-alpha.
2014-04-29 13:00:00 -04:00
Nick Mathewson
3866792cd0 Changes file for valgrind fixes 2014-04-29 12:53:19 -04:00
Nick Mathewson
c0a73c8bf3 Changes file for bug 11632. 2014-04-29 11:58:43 -04:00
Nick Mathewson
cdc64f020c Merge remote-tracking branch 'public/bug11608' 2014-04-28 15:52:57 -04:00
Nick Mathewson
6e8ae50938 changes file for 11634 documentation fixes 2014-04-28 12:40:23 -04:00
Nick Mathewson
4b519de5f9 Actually put ExtORPortCookieAuthFile into config.c
Fixes bug 11635; bugfix on 0.2.5.1-alpha.
2014-04-28 12:23:18 -04:00
Nick Mathewson
703ad69587 Deal with the aftermath of sorting contrib
This basically amounts to grepping for every file that mentioned
contrib and adjusting its references to refer to the right place.
2014-04-28 11:59:55 -04:00
Nick Mathewson
904dd436b5 New --disable-seccomp option to turn off support for seccomp.
Fixes 11628.
2014-04-28 11:11:50 -04:00
Nick Mathewson
f4be34f70d Make the python test scripts work on python3
The python scripts invoked by 'make check' didn't work on python3
before.  That was a problem on systems where 'python' is python3.

Fixes bug 11608; bugfix on 0.2.5.2-alpha.
2014-04-27 22:54:24 -04:00
Nick Mathewson
f8248abbd6 Forbid TunneledDirConns 0 and PreferTunneledDirConns 0 if being a HS
Fixes bug 10849; bugfix on 0.2.1.1-alpha (I believe)
2014-04-25 14:24:41 -04:00
Nick Mathewson
f0a57bd363 Make compilation of tor_memdup_nulterm() with dmalloc
Fixes bug 11605; bugfix on 0.2.4.10-alpha.
2014-04-25 13:52:07 -04:00
Nick Mathewson
67703aa49e Integrate another entry to the changelog; twiddle changelog more
Work on style, add some sentences to blurb, explain that 10468 is more
general than had been described, etc etc
2014-04-25 11:13:25 -04:00
Nick Mathewson
d3c05a79f0 Merge branch 'scanbuild_fixes' 2014-04-25 01:24:39 -04:00
Nick Mathewson
5470795b83 Changes file for scan-build fixes (#8793) 2014-04-25 01:18:16 -04:00
Nick Mathewson
2bea2facdc More changes files get added to the changelog 2014-04-24 12:55:05 -04:00
Nick Mathewson
5a9ac0df99 Merge remote-tracking branch 'public/bug11553_025' 2014-04-24 10:48:32 -04:00
Nick Mathewson
67aa3685e7 Merge branch 'bug11396_v2_squashed'
Conflicts:
	src/or/main.c
2014-04-24 10:31:38 -04:00
Nick Mathewson
e3af72647d Expose the real maxmeminqueues via a GETINFO
That is, GETINFO limits/max-mem-in-queues
2014-04-24 10:26:14 -04:00
Nick Mathewson
17ecd04fde Change the logic for the default for MaxMemInQueues
If we can't detect the physical memory, the new default is 8 GB on
64-bit architectures, and 1 GB on 32-bit architectures.

If we *can* detect the physical memory, the new default is
  CLAMP(256 MB, phys_mem * 0.75, MAX_DFLT)
where MAX_DFLT is 8 GB on 64-bit architectures and 2 GB on 32-bit
architectures.

You can still override the default by hand.  The logic here is simply
trying to choose a lower default value on systems with less than 12 GB
of physical RAM.
2014-04-24 10:26:14 -04:00
Nick Mathewson
aa1ad30fc9 copy all the changes files into the changelog again. still unedited 2014-04-23 14:59:38 -04:00
Nick Mathewson
7a8cac14d5 Merge remote-tracking branch 'public/bug10268' 2014-04-23 11:11:08 -04:00
Nick Mathewson
66833311eb Merge remote-tracking branch 'public/bug11200' 2014-04-23 11:07:52 -04:00
Nick Mathewson
830492fbda Merge branch 'bug11156_issue2_squashed' 2014-04-23 11:05:54 -04:00
George Kadianakis
bf7cb6acf6 Don't halt bootstrap to figure out if we should restart PT proxies.
Instead, figure out if we should restart PT proxies _immediately_ after
we re-read the config file.
2014-04-23 11:05:45 -04:00
Nick Mathewson
9e44df2c98 Merge remote-tracking branch 'public/bug9229_024' into maint-0.2.4 2014-04-23 11:01:39 -04:00
Nick Mathewson
7b4b137dc9 Merge remote-tracking branch 'public/bug9229_025'
Conflicts:
	src/or/entrynodes.c
2014-04-23 11:00:49 -04:00
Nick Mathewson
0cca8dc35a Merge remote-tracking branch 'public/bug9963_v2_024' 2014-04-18 15:25:36 -04:00
Nick Mathewson
b8fe8ee748 Improved message when running sandbox on Linux without libseccomp
Previously we said "Sandbox is not implemented on this platform" on
Linux boxes without libseccomp.  Now we say that you need to build
Tor built with libseccomp. Fixes bug 11543; bugfix on 0.2.5.1-alpha.
2014-04-18 14:54:27 -04:00
Nick Mathewson
bd169aa9a5 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025
Conflicts:
	src/or/channel.h
2014-04-18 13:00:45 -04:00
Nick Mathewson
0d75344b0e Switch to random allocation on circuitIDs.
Fixes a possible root cause of 11553 by only making 64 attempts at
most to pick a circuitID.  Previously, we would test every possible
circuit ID until we found one or ran out.

This algorithm succeeds probabilistically. As the comment says:

  This potentially causes us to give up early if our circuit ID
  space is nearly full.  If we have N circuit IDs in use, then we
  will reject a new circuit with probability (N / max_range) ^
  MAX_CIRCID_ATTEMPTS.  This means that in practice, a few percent
  of our circuit ID capacity will go unused.

  The alternative here, though, is to do a linear search over the
  whole circuit ID space every time we extend a circuit, which is
  not so great either.

This makes new vs old clients distinguishable, so we should try to
batch it with other patches that do that, like 11438.
2014-04-18 12:58:58 -04:00
Nick Mathewson
bb9b4c37f8 Supply better and less frequent warnings on circID exhaustion
Fixes the surface behavior of #11553
2014-04-18 12:31:06 -04:00
Nick Mathewson
eb896d5e6f Merge remote-tracking branch 'public/ticket11528_024' 2014-04-17 12:17:14 -04:00
Nick Mathewson
0b319de60f Elevate server TLS cipher preferences over client
The server cipher list is (thanks to #11513) chosen systematically to
put the best choices for Tor first.  The client cipher list is chosen
to resemble a browser.  So let's set SSL_OP_CIPHER_SERVER_PREFERENCE
to have the servers pick according to their own preference order.
2014-04-17 10:33:04 -04:00
Nick Mathewson
ab83a27450 Merge more changes files (verbatim) into the changelog 2014-04-17 00:13:11 -04:00
Nick Mathewson
4367cbd71b Merge remote-tracking branch 'public/sandbox_fixes_rebased_2' 2014-04-16 23:45:55 -04:00
Nick Mathewson
250b84b8a8 Attribute 13304 and 13306 to 0.2.4.4-alpha. 2014-04-16 23:14:56 -04:00
Nick Mathewson
c856193199 Merge remote-tracking branch 'andrea/bug11304' 2014-04-16 23:13:30 -04:00
Nick Mathewson
74ddd5f739 Merge remote-tracking branch 'andrea/bug11306' 2014-04-16 23:13:27 -04:00
Nick Mathewson
10174b00e7 Merge remote-tracking branch 'public/bug11477' 2014-04-16 23:06:39 -04:00
Nick Mathewson
973661394a Merge branch '10267_plus_10896_rebased_twice' 2014-04-16 23:03:41 -04:00
Nick Mathewson
f9719b0781 Changes file for 10896 2014-04-16 23:03:25 -04:00
Nick Mathewson
3e4680f312 ipfw TransPort support on FreeBSD (10267)
This isn't on by default; to get it, you need to set "TransProxyType
ipfw".  (The original patch had automatic detection for whether
/dev/pf is present and openable, but that seems marginally fragile.)
2014-04-16 23:03:25 -04:00
Nick Mathewson
506c890440 add a changes file for the sandbox fixes series 2014-04-16 22:45:27 -04:00
Andrea Shepard
65a0f895c7 Check for orconns and use connection_or_close_for_error() when appropriate in connection_handle_write_impl() 2014-04-15 23:03:16 -07:00
Andrea Shepard
6ee9138576 Call connection_or_close_for_error() properly if write_to_buf() ever fails on an orconn 2014-04-15 21:25:49 -07:00
Andrea Shepard
a5544e589d Close orconns correctly through channels when setting DisableNetwork to 1 2014-04-15 20:19:39 -07:00
Nick Mathewson
125c8e5468 Merge remote-tracking branch 'public/bug11465' 2014-04-15 20:55:28 -04:00
Nick Mathewson
1e9053974b add changes file for 11507 2014-04-15 15:03:49 -04:00
Nick Mathewson
2704441e7f Merge remote-tracking branch 'public/bug11513_024' 2014-04-15 14:54:25 -04:00
Nick Mathewson
9556668f5f Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-15 14:52:12 -04:00
Nick Mathewson
f3c20a28ab Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/circuituse.c
2014-04-15 14:51:19 -04:00
Nick Mathewson
b2106956e0 Don't send uninitialized stack to the controller and say it's a date.
Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha.
2014-04-14 21:51:30 -04:00
Nick Mathewson
bc4c966851 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-14 18:00:54 -04:00
Nick Mathewson
149931571a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/routerlist.h
2014-04-14 18:00:38 -04:00
Nick Mathewson
09ed8a5dbb Tweak changes file and comment dates. 2014-04-14 17:58:49 -04:00
Nick Mathewson
50ad393924 Code to blacklist authority signing keys
(I need a list of actual signing keys to blacklist.)
2014-04-14 17:57:39 -04:00
Nick Mathewson
64f62881d8 New --enable-expensive-hardening option
It turns on -fsanitize=address and -fsanitize=ubsan if they work.

Most relays won't want this. Some clients may.  Ticket 11477.
2014-04-14 17:10:34 -04:00
Nick Mathewson
bd3db82906 New sort order for server choice of ciphersuites.
Back in 175b2678, we allowed servers to recognize clients who are
telling them the truth about their ciphersuites, and select the best
cipher from on that list. This implemented the server side of proposal
198.

In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes
and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had.
In #11513, I found a couple more.

Rather than try to hand-edit this list, I wrote a short python script
to generate our ciphersuite preferences from the openssl headers.

The new rules are:
  * Require forward secrecy.
  * Require RSA (since our servers only configure RSA keys)
  * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA,
    and NULL.)
  * No export ciphersuites.

Then:
  * Prefer AES to 3DES.
  * If both suites have the same cipher, prefer ECDHE to DHE.
  * If both suites have the same DHE group type, prefer GCM to CBC.
  * If both suites have the same cipher mode, prefer SHA384 to SHA256
    to SHA1.
  * If both suites have the same digest, prefer AES256 to AES128.
2014-04-14 14:16:49 -04:00
Nick Mathewson
bd83d0ed18 changes file for 11465 2014-04-10 15:51:18 -04:00
Nick Mathewson
a790454368 Demote "we stalled too much while trying to write" message to INFO
Resolves ticket 5286.
2014-04-09 11:34:00 -04:00
Nick Mathewson
fa6b80d6e5 Merge remote-tracking branch 'public/bug10431' 2014-04-09 08:29:21 -04:00
Nick Mathewson
88179bd9b6 Merge remote-tracking branch 'public/update_ciphers_ff28' 2014-04-08 20:43:21 -04:00
Nick Mathewson
53676e71b5 Start work on the changelog for 0.2.5.4-alpha
This commit does nothing other than pull the changes/* files into
ChangeLog, sorted by declared type.  I haven't comined any entries or
vetted anything yet.
2014-04-08 20:34:23 -04:00
Nick Mathewson
6a0dc0e585 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-08 20:30:30 -04:00
Nick Mathewson
08ced4a7bf Merge remote-tracking branch 'public/bug11426' 2014-04-08 16:46:34 -04:00
Nick Mathewson
689863d0a9 Merge branch 'bug2454_025_squashed' 2014-04-08 15:37:15 -04:00
Matthew Finkel
2d5a7b1842 Check for new IP addr after circuit liveliness returns
When we successfully create a usable circuit after it previously
timed out for a certain amount of time, we should make sure that
our public IP address hasn't changed and update our descriptor.
2014-04-08 15:37:01 -04:00
Nick Mathewson
245f273aaf Merge branch 'bug7952_final'
Conflicts:
	src/test/include.am
	src/test/test.c
2014-04-08 13:55:02 -04:00
rl1987
51e13cd1ad Making entire exit policy available to Tor controller. 2014-04-08 13:50:02 -04:00
Nick Mathewson
3ac426afe8 Merge remote-tracking branch 'public/bug4241' 2014-04-08 12:41:03 -04:00
Nick Mathewson
fffc59b0e9 Merge remote-tracking branch 'public/bug9841_025' 2014-04-08 12:06:03 -04:00
Nick Mathewson
4231729176 Update ciphers.inc to match ff28
The major changes are to re-order some ciphers, to drop the ECDH suites
(note: *not* ECDHE: ECDHE is still there), to kill off some made-up
stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop
some of the DSS suites... *and* to enable the ECDHE+GCM ciphersuites.

This change is autogenerated by get_mozilla_ciphers.py from
Firefox 28 and OpenSSL 1.0.1g.

Resolves ticket 11438.
2014-04-08 11:42:07 -04:00
Nick Mathewson
ab1a679eef Fix a small memory leak when resolving PTR addresses
Fixes bug 11437; bugfix on 0.2.4.7-alpha.

Found by coverity; this is CID 1198198.
2014-04-07 23:29:47 -04:00
Nick Mathewson
f0bce2dc35 Fix some harmless/untriggerable memory leaks found by coverity 2014-04-07 23:20:13 -04:00
Nick Mathewson
595303fd1e Merge remote-tracking branch 'public/bug10363_024_squashed' 2014-04-07 23:03:04 -04:00
Nick Mathewson
6d9c332757 Another 10363 instance -- this one in the eventdns.c code 2014-04-07 22:56:42 -04:00
Nick Mathewson
9dd115d6b5 Another 10363 instance: this one in tor_memmem fallback code 2014-04-07 22:56:42 -04:00
Nick Mathewson
092ac26ea2 Fix undefined behavior with pointer addition in channeltls.c
In C, it's a bad idea to do this:

   char *cp = array;
   char *end = array + array_len;

   /* .... */

   if (cp + 3 >= end) { /* out of bounds */ }

because cp+3 might be more than one off the end of the array, and
you are only allowed to construct pointers to the array elements,
and to an element one past the end.  Instead you have to say

   if (cp - array + 3 >= array_len) { /* ... */ }

or something like that.

This patch fixes two of these: one in process_versions_cell
introduced in 0.2.0.10-alpha, and one in process_certs_cell
introduced in 0.2.3.6-alpha.  These are both tracked under bug
10363. "bobnomnom" found and reported both. See also 10313.

In our code, this is likely to be a problem as we used it only if we
get a nasty allocator that makes allocations end close to (void*)-1.
But it's best not to have to worry about such things at all, so
let's just fix all of these we can find.
2014-04-07 22:56:42 -04:00
Nick Mathewson
74195db6b6 Changes file for bug9665 2014-04-07 22:19:56 -04:00
Nick Mathewson
6d0991ea08 Give no answer, not NOTIMPL, for unsupported DNS query types
According to reports, most programs degrade somewhat gracefully on
getting no answer for an MX or a CERT for www.example.com, but many
flip out completely on a NOTIMPL error.

Also, treat a QTYPE_ALL query as just asking for an A record.

The real fix here is to implement proposal 219 or something like it.

Fixes bug 10268; bugfix on 0.2.0.1-alpha.

Based on a patch from "epoch".
2014-04-07 22:08:41 -04:00
Nick Mathewson
9ccedbece0 Make csiphash use the proper endian-converter on solaris
fixes bug 11426; bugfix on 0.2.5.3-alpha, where csiphash was
introduced.
2014-04-07 13:07:14 -04:00
Nick Mathewson
bc0882c868 Merge remote-tracking branch 'public/bug9650' 2014-04-05 14:53:48 -04:00
Nick Mathewson
2ff664ee20 Merge remote-tracking branch 'public/bug10801_024'
Conflicts:
	src/common/address.c
	src/or/config.c
2014-04-05 14:50:57 -04:00
Nick Mathewson
24c4b56a39 Merge remote-tracking branch 'public/bug10081' 2014-04-02 15:45:20 -04:00
Nick Mathewson
2f59d6e2d8 Drop MAX_REND_FAILURES to 8 2014-04-02 15:36:13 -04:00
Nick Mathewson
17d5734df4 Merge remote-tracking branch 'public/bug11278' 2014-04-01 21:56:49 -04:00
Nick Mathewson
86f619d0d3 Merge remote-tracking branch 'public/bug10468_024' 2014-04-01 21:50:55 -04:00
Nick Mathewson
fc9e84062b Merge remote-tracking branch 'public/bug4645'
Conflicts:
	src/or/dirserv.c
2014-04-01 21:49:01 -04:00
Nick Mathewson
dfc32177d9 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-01 21:00:30 -04:00
Nick Mathewson
a68e6ea9c0 Fix documentation of torrc search order
We are searching @CONFDIR@ before $HOME, but the documentation
implied otherwise.

I screwed this up in f5e86bcd6c, when I
first documented the $HOME/.torrc possibility.

Fix for bug 9213; bugfix on 0.2.3.18-rc.
2014-04-01 20:56:03 -04:00
Nick Mathewson
b4b91864bb Merge remote-tracking branch 'public/bug9870'
Conflicts:
	src/or/config.c
2014-04-01 20:48:15 -04:00
Nick Mathewson
6bef082d0a Merge remote-tracking branch 'public/bug11232' 2014-04-01 09:39:48 -04:00
Nick Mathewson
c0441cca8b Merge branch 'bug8787_squashed' 2014-03-31 11:57:56 -04:00
Nick Mathewson
3118af2d5f changes file for bug8787 2014-03-31 11:57:40 -04:00
Nick Mathewson
4ebad0d947 Merge remote-tracking branch 'public/build_torrify_manpage_again' 2014-03-31 10:52:09 -04:00
Nick Mathewson
f82e499aa5 Merge remote-tracking branch 'public/bug11342' 2014-03-31 10:51:09 -04:00
Nick Mathewson
bfe783f167 Make dump_desc() use binary mode
Otherwise, it could mung the thing that came over the net on windows,
which would defeat the purpose of recording the unparseable thing.

Fixes bug 11342; bugfix on 0.2.2.1-alpha.
2014-03-27 23:53:03 -04:00
Nick Mathewson
234dfb0c65 Better log message when writing a CR in text mode on windows
Help to diagnose #11233
2014-03-27 23:48:17 -04:00
Nick Mathewson
46a3914079 Respond to AAAA requests on DNSPort with AAAA automaps
Other DNS+IPv6 problems remain, but at least this fixes the
automapping.

Fixes bug 10468; bugfix on 0.2.4.7-alpha.
2014-03-27 17:41:43 -04:00
Nick Mathewson
753a246a14 check outputs from get_first_listener_addrport_string
Fix for 9650; bugfix for 0.2.3.16-alpha.
2014-03-27 17:12:01 -04:00
Nick Mathewson
b0bbe6b2f1 Report only the first bootstrap failure from an orconn
Otherwise, when we report "identity mismatch", we then later report
DONE when the connection gets closed.

Fixes bug 10431; bugfix on 0.2.1.1-alpha.
2014-03-27 15:58:43 -04:00
Nick Mathewson
9c0a1adfa2 Don't do a DNS lookup on a bridge line address
Fixes bug 10801; bugfix on 07bf274d in 0.2.0.1-alpha.
2014-03-27 15:31:29 -04:00
Nick Mathewson
2721246f5d Merge branch 'bug7164_diagnose_harder_v2' 2014-03-27 14:26:21 -04:00
Nick Mathewson
0389d4aa56 More logs to try to diagnose bug 7164
This time, check in microdesc_cache_clean() to see what could be
going wrong with an attempt to clean a microdesc that's held by a node.
2014-03-27 14:23:19 -04:00
Nick Mathewson
de9de9e7dd Give specific warnings when client-side onionskin handshakes fail
Fix for bug9635.
2014-03-27 14:15:53 -04:00
Nick Mathewson
60abc4804f Don't warn when setsockopt(SO_REUSEABLE) on accept()ed socket says EINVAL
This should fix bug10081.  I believe this bug pertains to OSX
behavior, not any Tor behavior change.
2014-03-27 13:55:18 -04:00
Nick Mathewson
5b36f0d7e7 Log descriptor-download bootstrapping messages less verbosely
This is a fix for 9963.  I say this is a feature, but if it's a
bugfix, it's a bugfix on 0.2.4.18-rc.

Old behavior:

    Mar 27 11:02:19.000 [notice] Bootstrapped 50%: Loading relay descriptors.
    Mar 27 11:02:20.000 [notice] Bootstrapped 51%: Loading relay descriptors.
    Mar 27 11:02:20.000 [notice] Bootstrapped 52%: Loading relay descriptors.
    ... [Many lines omitted] ...
    Mar 27 11:02:29.000 [notice] Bootstrapped 78%: Loading relay descriptors.
    Mar 27 11:02:33.000 [notice] We now have enough directory information to build circuits.

New behavior:

    Mar 27 11:16:17.000 [notice] Bootstrapped 50%: Loading relay descriptors
    Mar 27 11:16:19.000 [notice] Bootstrapped 55%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 60%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 65%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 70%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] Bootstrapped 75%: Loading relay descriptors
    Mar 27 11:16:21.000 [notice] We now have enough directory information to build circuits.
2014-03-27 11:23:53 -04:00
Nick Mathewson
cd15172444 Fix version number in changes/bug11296 2014-03-26 14:10:07 -04:00
Nick Mathewson
91f6a422cc Fix build of torify.1
The build was broken by changes in f8c45339f7, but we didn't
notice, since that commit also made torify.1 only get built when
tor-fw-helper was turned on.

Fixes bug 11321; bugfix on Tor 0.2.5.1-alpha.
2014-03-26 12:12:54 -04:00
Nick Mathewson
0b43c499b2 Merge remote-tracking branch 'public/bug11296' 2014-03-26 11:46:51 -04:00
Nick Mathewson
07eb481492 Demote "Invalid length on ESTABLISH_RENDEZVOUS" to protocol_warn
Fixes bug 11279
2014-03-25 11:55:27 -04:00
Nick Mathewson
d5e11f21cc Fix warnings from doxygen
Most of these are simple.  The only nontrivial part is that our
pattern for using ENUM_BF was confusing doxygen by making declarations
that didn't look like declarations.
2014-03-25 11:27:43 -04:00
Nick Mathewson
e83eddd113 Add missing -Isrc/ext to tor-fw-helper/include.am
We need this now that tor-fw-helper will pull in siphash.h

Fixes bug 11296; bugfix on 0.2.5.4-alpha where siphash.h was introduced.
2014-03-25 10:21:07 -04:00
Nick Mathewson
852fd1819e Free placeholder circid/chan->circuit map entries on exit
In circuitlist_free_all, we free all the circuits, removing them from
the map as we go, but we weren't actually freeing the placeholder
entries that we use to indicate pending DESTROY cells.

Fix for bug 11278; bugfix on the 7912 code that was merged in
0.2.5.1-alpha
2014-03-25 10:14:26 -04:00
Nick Mathewson
1a7794e475 Merge remote-tracking branch 'public/bug11061_024' 2014-03-25 10:02:22 -04:00
Nick Mathewson
5e9672904c Fix SOCKSPort documentation layout
In the end this required a slightly nasty hack using a dummy anchor as
an option heading in order to make the "Other recognized __flags__"
line indent properly.

Fixes bug 11061; Bugfix on 61d740ed.
2014-03-25 10:01:08 -04:00
Nick Mathewson
a6afebd8de Changes file for bug 11276.
The crypto_early_init() function could only be called at most twice,
and both of those were during startup.  AFAICT leaking the first set
of locks was the only non-idempotent thing.
2014-03-23 15:59:51 -04:00
Nick Mathewson
3ddbf2880f Merge remote-tracking branch 'public/bug11275_024' 2014-03-23 15:56:23 -04:00
Nick Mathewson
b00f10b9fd changes file for bug 11275 2014-03-23 15:55:13 -04:00
Roger Dingledine
ddaeb4deee Be more lenient in our fix for bug 11149
There are still quite a few 0.2.3.2x relays running for x<5, and while I
agree they should upgrade, I don't think cutting them out of the network
is a net win on either side.
2014-03-23 02:53:08 -04:00
Nick Mathewson
f560eeadc3 Remove the unused circuit_dump_by_chan().
Also remove its helper function.
2014-03-23 00:28:39 -04:00
Nick Mathewson
f4e2c72bee Merge remote-tracking branch 'karsten/task-11070' 2014-03-23 00:18:48 -04:00
Nick Mathewson
f2c6c5e69c Merge branch 'ticket11149' 2014-03-23 00:18:11 -04:00
Nick Mathewson
a83abcf5ee Fix unittest compilation with --disable-curve25519
This is a fix for 9700, which we already fixed in 0.2.5.x, but which
got left in 0.2.4.x.

This is a partial backport of a0a855d586
2014-03-20 13:53:32 -04:00
Nick Mathewson
452aa18680 Merge remaining changes/* items into ChangeLog
(Not taking bug11235 since it's a whitespace fix)
2014-03-19 20:28:10 -04:00
Andrea Shepard
6c161d1812 Add changes file for bug #11235 2014-03-18 10:28:25 -07:00
Nick Mathewson
61090bb64f changes file for bug11232 2014-03-18 10:59:51 -04:00
Karsten Loesing
7450403410 Take out remaining V1 directory code. 2014-03-18 10:40:10 +01:00
Nick Mathewson
d01cf18ecb should_disable_dir_fetches() now returns 1 if DisableNetwork==1
This change prevents LD_BUG warnings and bootstrap failure messages
when we try to do directory fetches when starting with
DisableNetwork == 1, a consensus present, but no descriptors (or
insufficient descriptors) yet.

Fixes bug 11200 and bug 10405.  It's a bugfix on 0.2.3.9-alpha.
Thanks to mcs for walking me through the repro instructions!
2014-03-14 10:42:49 -04:00
Nick Mathewson
cd9d08a5e1 Sort the 0.2.5.3-alpha changelog entries a little better.
Still haven't edited any.

Also, remove all the changes/* entries that got merged back in
6b5ef3889d.
2014-03-13 11:34:51 -04:00
Nick Mathewson
9991c5f001 Clarify ClientOnly documentation
The option is unneeded, not meaningless, so explain what it does.

Patch from Matt Pagan; fixes 9059.
2014-03-13 10:35:52 -04:00
Nick Mathewson
b1ec216fbc bugfix-on for 5018_notice 2014-03-12 11:11:26 -04:00
Nick Mathewson
df836b45b0 Merge remote-tracking branch 'asn/bug5018_notice' 2014-03-12 11:10:51 -04:00
Nick Mathewson
cce06b649e Merge remote-tracking branch 'asn/bug11069_take2' 2014-03-11 11:04:47 -04:00
George Kadianakis
1c475eb018 Throw control port warning if we failed to connect to all our bridges. 2014-03-10 22:52:07 +00:00
George Kadianakis
cc1bb19d56 Tone down the log message for when we don't need a PT proxy. 2014-03-10 22:05:31 +00:00
Nick Mathewson
7aa2192048 Fix our check for the "first" bridge descriptor.
This is meant to be a better bug 9229 fix -- or at least, one more
in tune with the intent of the original code, which calls
router_retry_directory_downloads() only on the first bridge descriptor.
2014-03-10 15:11:21 -04:00
Nick Mathewson
db72479eea Update ns downloads when we receive a bridge descriptor
This prevents long stalls when we're starting with a state file but
with no bridge descriptors.  Fixes bug 9229.  I believe this bug has
been present since 0.2.0.3-alpha.
2014-03-10 15:01:27 -04:00
Nick Mathewson
b8ceb464e5 Merge branch 'bug11156_squashed' 2014-03-10 14:08:38 -04:00
Nick Mathewson
0c04416c11 Merge branch 'bug11043_take2_squashed' 2014-03-10 14:08:29 -04:00
George Kadianakis
6606e676ee Don't do directory fetches before all PTs have been configured. 2014-03-10 14:07:56 -04:00
George Kadianakis
8c8e21e296 Improve the log message for when the Extended ORPort is not enabled. 2014-03-10 12:54:46 -04:00
Nick Mathewson
1365ff5b9a Upgrade to the latest version of tinytest.
This brings us to tinytest commit 709a36ba63ff16d8.

The only big change tor-side is that we don't need our own test_mem_op
operation any longer.
2014-03-06 18:06:08 -05:00
Nick Mathewson
065097b81b tinytest tt_{mem,str}_op now handle NULLs better
Now a NULL argument to either makes it fail, not crash.

Fies bug 9004; bugfix on 0.2.2.4-alpha.
2014-03-06 12:12:13 -05:00
Nick Mathewson
a50690e68f Merge remote-tracking branch 'origin/maint-0.2.4' 2014-03-06 11:52:22 -05:00
Nick Mathewson
4a2a1e572e Merge branch 'bug11108' 2014-03-06 10:22:40 -05:00
Nick Mathewson
cbf9e74236 Correct the URL in the "a relay on win95???" message
This is a fix for 9393; it's not a bugfix on any Tor version per se,
but rather on whatever Tor version was current when we reorganized the
wiki.
2014-03-06 09:57:42 -05:00
Nick Mathewson
a4b447604a Stop accepting 0.2.2 relay uploads for the consensus.
Resolves ticket 11149.
2014-03-06 09:38:35 -05:00
Nick Mathewson
22ccfc6b5f Rename PredictedCircsRelevanceTime->PredictedPortsRelevanceTime
All circuits are predictive; it's the ports that are expiring here.
2014-03-05 14:35:07 -05:00
Nick Mathewson
103cebd924 Merge branch 'ticket9176_squashed'
Conflicts:
	doc/tor.1.txt
2014-03-05 14:32:05 -05:00
unixninja92
898154f717 PredictedCircsRelevanceTime: limit how long we predict a port will be used
By default, after you've made a connection to port XYZ, we assume
you might still want to have an exit ready to connect to XYZ for one
hour. This patch lets you lower that interval.

Implements ticket 91
2014-03-05 14:29:54 -05:00
Nick Mathewson
f0b2dc83b6 Merge remote-tracking branch 'arma/ticket5528'
Conflicts:
	src/or/router.c
	src/test/test_dir.c
2014-03-05 12:44:40 -05:00
Nick Mathewson
1295490862 Merge remote-tracking branch 'public/bug8788' 2014-03-05 12:17:31 -05:00
Nick Mathewson
27d231ca13 Document alternate bandwidth/memory unit spellings 2014-03-04 12:12:36 -05:00
Nick Mathewson
496fe685fd Include v3 in documented 'protocols' in rend_service_descriptor_t
Also make it unsigned and document that it's for INTRODUCE cell versions.

Fixes 9099; bugfix on 0.2.1.5-alpha, which introduced the v3 protocol.
2014-03-04 12:03:18 -05:00
Nick Mathewson
ab225aaf28 Merge branch 'bug10169_025_v2'
Conflicts:
	src/test/test.c
2014-03-04 11:03:30 -05:00
Nick Mathewson
4050dfa320 Warn if ports are specified in {Socks,Dir}Policy
We have ignored any ports listed here since 80365b989 (0.0.7rc1),
but we didn't warn the user that we were ignoring them.  This patch
adds a warning if you put explicit ports in any of the options
{Socks,Dir}Policy or AuthDir{Reject,Invalid,BadDir,BadExit}.  It
also adjusts the manpage to say that ports are ignored.

Fixes ticket 11108.
2014-03-03 10:45:39 -05:00
Nick Mathewson
1afa52349c tweak changes file. 2014-03-03 09:56:17 -05:00
Lunar
3a425ac3a8 Fix max client name length in HiddenServiceAuthorizeClient description
REND_CLIENTNAME_MAX_LEN is set to 16, not 19.
2014-03-03 09:53:38 -05:00
Nick Mathewson
273f536d72 Merge branch 'bug10884_squashed' 2014-02-28 08:54:50 -05:00
Karsten Loesing
3ca5fe81e3 Write hashed bridge fingerprint to logs and to disk.
Implements #10884.
2014-02-28 08:53:13 -05:00
Nick Mathewson
043329eeb6 Merge remote-tracking branch 'karsten/task-5824' 2014-02-28 08:32:13 -05:00
Nick Mathewson
bf1678603f Merge remote-tracking branch 'public/bug10449' 2014-02-25 16:09:15 -05:00
Nick Mathewson
c3800f631b Merge remote-tracking branch 'public/no_itime_queue' into maint-0.2.4 2014-02-25 15:58:53 -05:00
Nick Mathewson
92da2e27a2 Merge remote-tracking branch 'public/bug11048' 2014-02-25 10:23:09 -05:00
Nick Mathewson
23a5921e9a Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-25 10:04:10 -05:00
Nick Mathewson
d7950eda2b Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-02-25 10:02:14 -05:00
Karsten Loesing
2658e70d16 Fix geoip by falling back to registered countries.
See 1d2179bc90 in master for details.

"""
Fall back to registered country if necessary.

When extracting geoip and geoip6 files from MaxMind's GeoLite2 Country
database, we only look at country->iso_code which is the two-character ISO
3166-1 country code of the country where MaxMind believes the end user is
located.

But if MaxMind thinks a range belongs to anonymous proxies, they don't put
anything there.  Hence, we omit those ranges and resolve them all to '??'.
That's not what we want.

What we should do is first try country->iso_code, and if there's no such
key, try registered_country->iso_code which is the country in which the
ISP has registered the IP address.

In short: let's fill all A1 entries with what ARIN et. al think.
"""
2014-02-25 13:28:34 +01:00
Nick Mathewson
0efa2821c7 Merge branch 'bug11047' 2014-02-24 13:06:55 -05:00
Nick Mathewson
d21b24b3b6 Merge remote-tracking branch 'public/feature9777_024_squashed' into maint-0.2.4 2014-02-24 13:05:25 -05:00
Nick Mathewson
a3ab31f5dc Threadproof our log_backtrace implementation
It's possible for two threads to hit assertion failures at the same
time.  If that happens, let's keep them from stomping on the same
cb_buf field.

Fixes bug 11048; bugfix on 0.2.5.2-alpha. Reported by "cypherpunks".
2014-02-24 12:15:32 -05:00
Nick Mathewson
68ed4878ca pass our compiler -fasynchronous-unwind-tables by default
This should make more platforms (in particular, ones with compilers
where -fomit-frame-pointer is on by default but table generation
isn't) support backtrace generation.  Thanks to cypherpunks for this
one.

Fixes bug 11047; bugfix on 0.2.5.2-alpha.
2014-02-24 11:45:03 -05:00
Nick Mathewson
1753975ece When not an exit node, don't test for DNS hijacking.
Back in 5e762e6a5c, non-exit servers
stopped launching DNS requests for users.  So there's no need for them
to see if their DNS answers are hijacked.

Patch from Matt Pagan.  I think this is a 965 fix.
2014-02-21 18:04:48 +00:00
Nick Mathewson
6eba3584b1 Merge remote-tracking branch 'public/bug10987_024' 2014-02-21 17:29:48 +00:00
Nick Mathewson
f3e8271652 Style tweaks on code, changes file for 10987 2014-02-21 17:27:35 +00:00
David Goulet
1532cff2ce Fix: send back correct IPv6 SOCKS5 connect reply
For a client using a SocksPort connection and IPv6, the connect reply
from tor daemon did not handle AF_INET6 thus sending back the wrong
payload to the client.

A changes file is provided and this fixes #10987

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-02-21 17:19:11 +00:00
Nick Mathewson
8d5215c6a0 Changes file for b063ebbc60
This bugfix didn't get a trac ticket because the internet in this
room is an exercise in futility.
2014-02-20 11:55:38 +00:00
Nick Mathewson
bafae045ba Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-17 23:06:34 +00:00
Nick Mathewson
9f38cd9350 add changes file for bug 10929 2014-02-17 23:06:18 +00:00
Nick Mathewson
3899cde2cb changes file for 10928 2014-02-17 23:00:55 +00:00
Nick Mathewson
3dfed0806c Merge remote-tracking branch 'public/bug10722' 2014-02-16 12:13:12 -05:00
Nick Mathewson
b5d6e47002 Warning message when bug 10722 would trigger
If somebody's excludenodes settings are keeping their hidden service
connections from working, they should probably get notified about it.
2014-02-16 12:11:07 -05:00
Nick Mathewson
35423d397f Merge branch 'bug4900_siphash_v2' 2014-02-15 15:59:10 -05:00
Nick Mathewson
67749475f5 Merge remote-tracking branch 'public/bug10841' 2014-02-15 15:06:06 -05:00
Nick Mathewson
c64b549621 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-15 00:07:15 -05:00
Nick Mathewson
bc58bfda70 Merge remote-tracking branch 'karsten/geoip6-feb2014' into maint-0.2.4 2014-02-15 00:06:40 -05:00
Nick Mathewson
260b3b1a19 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-02-15 00:06:25 -05:00
Nick Mathewson
405d055465 Merge remote-tracking branch 'karsten/geoip-feb2014' into maint-0.2.3 2014-02-15 00:06:01 -05:00
Nick Mathewson
339a47e80b Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-15 00:03:29 -05:00
Nick Mathewson
e4bc757cde changes file for bug 10904 2014-02-14 23:51:14 -05:00
Nick Mathewson
ecf61e924d Merge remote-tracking branch 'public/bug9841_024_v2' into bug9841_025
Conflicts:
	src/or/circuitlist.c
2014-02-13 14:49:15 -05:00
Nick Mathewson
8b9a2cb68b Faster circuit_get_by_rend_token_and_purpose()
On busy servers, this function takes up something like 3-7% in
different profiles, and gets invoked every time we need to participate
as the midpoint in a hidden service.

So maybe walking through a linked list of all the circuits here wasn't
a good idea.
2014-02-13 14:44:43 -05:00
Karsten Loesing
f6f691df73 Update geoip6 to the February 2014 GeoIP database. 2014-02-13 19:04:51 +01:00
Roger Dingledine
8028d8fded fold in the changes files to the new 0.2.5.2-alpha changelog 2014-02-13 02:46:26 -05:00
Nick Mathewson
ecd16edafe Disallow "*/maskbits" as an address pattern.
Fixes bug 7484. We've had this bug back in a8eaa79e03 in
0.0.2pre14, when we first started allowing address masks.
2014-02-12 16:00:26 -05:00
Nick Mathewson
c4bb3c8d44 Log only one message for dangerous log settings.
We log only one message, containing a complete list of what's
wrong.  We log the complete list whenever any of the possible things
that could have gotten wrong gets worse.

Fix for #9870. Bugfix on 10480dff01, which we merged in
0.2.5.1-alpha.
2014-02-12 15:32:50 -05:00
Nick Mathewson
24add404ac eventdns.c: survive broken resolv.conf files
If you had a resolv.conf file with a nameserver line containing no
nameserver IP, we would crash.  That's not terrible, but it's not
desirable.

Fixes bug 8788; bugfix on 0.1.1.23.  Libevent already has this fix.
2014-02-12 15:11:31 -05:00
Nick Mathewson
87fb1e324c Merge remote-tracking branch 'public/bug10169_024' into bug10169_025_v2
Conflicts:
	src/or/circuitlist.c
2014-02-12 12:44:58 -05:00
Nick Mathewson
10d1b0b33e Changes file for feature4900 2014-02-12 12:20:29 -05:00
Karsten Loesing
74c2bff781 Remove remaining v0 hidden service descriptor code.
Fixes the rest of #10841 after #10881 already removed some hidden service
authority code.
2014-02-12 14:36:08 +01:00
Roger Dingledine
7c39bf0e44 go through and rewrite the changes files to be more user-facing 2014-02-12 03:59:59 -05:00
Nick Mathewson
0ee449ca92 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-11 18:58:58 -05:00
Nick Mathewson
91d4bb0b00 Merge branch 'bug10777_netunreach_024' into maint-0.2.4 2014-02-11 18:57:55 -05:00
Nick Mathewson
0844a262a2 update changes file 2014-02-11 18:57:38 -05:00
Nick Mathewson
10d4d3e2d5 Merge remote-tracking branch 'public/no_itime_queue_025' 2014-02-11 11:52:35 -05:00
Nick Mathewson
5e0cdc5ef2 Merge branch 'bug10881' 2014-02-11 11:42:06 -05:00
Nick Mathewson
ce450bddb7 Remove TunnelDirConns and PreferTunnelledDirConns
These options were added back in 0.1.2.5-alpha, but no longer make any
sense now that all directories support tunneled connections and
BEGIN_DIR cells.  These options were on by default; now they are
always-on.

This is a fix for 10849, where TunnelDirConns 0 would break hidden
services -- and that bug arrived, I think, in 0.2.0.10-alpha.
2014-02-11 11:10:55 -05:00
Nick Mathewson
cb065a55bd Merge remote-tracking branch 'karsten/one-dirauth' 2014-02-11 10:15:03 -05:00
Nick Mathewson
cb28fe486f Merge remote-tracking branch 'public/bug10722' 2014-02-11 10:08:58 -05:00
Karsten Loesing
aae4ebf63f Add changes file for ticket 10842.
This is a bugfix on 0.2.2.26-beta, because 6b83b3b made directory
authorities remove themselves from the list of directory authorities to
upload to, but didn't suppress the warning in case they're the only
directory authority in the network.
2014-02-11 08:51:28 +01:00
Nick Mathewson
c0483c7f85 Remove options for configuring HS authorities.
(There is no longer meaningfully any such thing as a HS authority,
since we stopped uploading or downloading v0 hs descriptors in
0.2.2.1-alpha.)

Implements #10881, and part of #10841.
2014-02-10 22:41:52 -05:00
Nick Mathewson
5b55e0e181 Merge remote-tracking branch 'public/no_itime_queue'
The conflicts here were tricky, and required me to eliminate the
command-queue as well.  That wasn't so hard.

Conflicts:
	src/or/or.h
	src/or/relay.c
2014-02-10 15:04:23 -05:00
Nick Mathewson
3133cde3c1 Excise the insertion_time_elem_t logic
It's now redundant with the inserted_time field in packed_cell_t

Fixes bug 10870.
2014-02-10 13:55:27 -05:00
Nick Mathewson
b15f75b632 Don't treat END_STREAM_REASON_INTERNAL as total circuit failure
It can happen because we sent something that got an ENETUNREACH
response.

Bugfix on 0.2.4.8-alpha; fixes a part of bug 10777.
2014-02-09 21:35:14 -05:00
Nick Mathewson
f5d32c08ba Call ENETUNREACH a case of NOROUTE, not a case of INTERNAL.
Found by cypherpunks; fix for a part of bug 10777; bugfix on 0.1.0.1-rc.
2014-02-09 21:30:23 -05:00
Karsten Loesing
26dd328891 Update to the February 2014 GeoIP database. 2014-02-08 12:09:37 +01:00
Nick Mathewson
a0577aacb4 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-07 17:41:41 -05:00
Nick Mathewson
9bb34aa897 Survive fedora's openssl in our benchmarks
Apparently fedora currently has ECDH but not P224. This isn't a huge
deal, since we no longer use OpenSSL's P224 ever (see #9780 and
72c1e5acfe). But we shouldn't have segfaulting benchmarks really.

Fixes bug 10835; bugfix on 0.2.4.8-alpha.
2014-02-07 17:36:11 -05:00
Nick Mathewson
1ebdaf5788 More hacking around spawn_func issues
This time, we use a pthread_attr to make sure that if pthread_create
succeeds, the thread is successfully detached.

This probably isn't the big thing going on with 4345, since it'd be
a bit weird for pthread_detach to be failing.  But it's worth
getting it right.
2014-02-07 13:13:15 -05:00
Nick Mathewson
babbd3ff08 Merge remote-tracking branch 'public/feature9777_024_squashed'
Conflicts:
	src/or/circuitbuild.c
2014-02-07 10:47:34 -05:00
Nick Mathewson
1068e50aec Discard circuit paths on which nobody supports ntor
Right now this accounts for about 1% of circuits over all, but if you
pick a guard that's running 0.2.3, it will be about 6% of the circuits
running through that guard.

Making sure that every circuit has at least one ntor link means that
we're getting plausibly good forward secrecy on every circuit.

This implements ticket 9777,
2014-02-07 10:45:34 -05:00
Nick Mathewson
372adfa09a Merge remote-tracking branch 'origin/maint-0.2.4' 2014-02-07 10:38:24 -05:00
Nick Mathewson
a7e946596d Attribute bug 9602 to a version. 2014-02-07 10:38:00 -05:00
Andrea Shepard
707c1e2e26 NULL out conns on tlschans when freeing in case channel_run_cleanup() is late; fixes bug 9602 2014-02-06 14:47:34 -08:00
Nick Mathewson
b4e8d8dc0e Merge remote-tracking branch 'public/bug9716_024' into maint-0.2.4 2014-02-06 16:29:08 -05:00
Nick Mathewson
075482ff80 Merge remote-tracking branch 'public/bug10543_024_v2' 2014-02-06 16:25:26 -05:00
Nick Mathewson
dffac251f1 Make the handling for usable-exit counting handle ExitNodes better
It's possible to set your ExitNodes to contains only exits that don't
have the Exit flag.  If you do that, we'll decide that 0 of your exits
are working.  Instead, in that case we should look at nodes which have
(or which might have) exit policies that don't reject everything.

Fix for bug 10543; bugfix on 0.2.4.10-alpha.
2014-02-06 16:24:08 -05:00
Nick Mathewson
9e2de8cecc changelog for 10793 2014-02-06 16:09:12 -05:00
Nick Mathewson
1b93e3c6d9 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	changes/bug10485
	src/or/rephist.c
	src/or/status.c
2014-02-06 13:27:04 -05:00
Nick Mathewson
edc6fa2570 Deliver circuit handshake counts as part of the heartbeat
Previously, they went out once an hour, unconditionally.

Fixes 10485; bugfix on 0.2.4.17-rc.
2014-02-06 13:03:01 -05:00
Nick Mathewson
34740a17ea Rename sun to s_un in test_addr.c
Apparently the compiler on solaris 9 didn't like "sun" as an identifier.

Fix for bug 10565; bugfix on 0.2.5.1-alpha.
2014-02-06 12:36:33 -05:00
rl1987
3a4b24c3ab Removing is_internal_IP() function. Resolves ticket 4645. 2014-02-03 14:20:17 -05:00
Nick Mathewson
5991f9a156 TransProxyType replaces TransTPROXY option
I'm making this change now since ipfw will want its own option too,
and proliferating options here isn't sensible.

(See #10582 and #10267)
2014-02-03 13:56:19 -05:00
rl1987
881c7c0f7d 10365: Close connections if the VERSIONS cell has an odd length.
Fixes issue 10365.
2014-02-03 13:14:27 -05:00
Nick Mathewson
f96400d9df bug10449: a dying owning controller makes Tor exit immediately
If you want a slow shutdown, send SIGNAL SHUTDOWN.

(Why not just have the default be SIGNAL QUIT?  Because this case
should only happen when an owning controller has crashed, and a
crashed controller won't be able to give the user any "tor is
shutting down" feedback, and so the user gets confused for a while.
See bug 10449 for more info)
2014-02-03 12:54:06 -05:00
Nick Mathewson
fee7f25ff8 Merge remote-tracking branch 'houqp/hs_control' 2014-02-03 12:28:42 -05:00
Nick Mathewson
c6c87fb6d1 Merge remote-tracking branch 'public/bug10758' 2014-02-03 11:05:29 -05:00
Nick Mathewson
3502b10229 changelog for 10793 2014-02-03 10:48:15 -05:00
Nick Mathewson
09ccc4c4a3 Add support for TPROXY via new TransTPRoxy option
Based on patch from "thomo" at #10582.
2014-01-31 12:59:35 -05:00
Qingping Hou
3b38fd87e8 add change log for hs_desc async event 2014-01-29 21:04:18 -05:00
Nick Mathewson
3193cbe2ba Rip out all of the v2 directory code.
The remaining vestige is that we continue to publish the V2dir flag,
and that, for the controller, we continue to emit v2 directory
formats when requested.
2014-01-29 15:17:05 -05:00
Nick Mathewson
bb21d14255 Apply StrictNodes to hidden service directories early
Previously, we would sometimes decide in directory_get_from_hs_dir()
to connect to an excluded node, and then later in
directory_initiate_command_routerstatus_rend() notice that it was
excluded and strictnodes was set, and catch it as a stopgap.

Additionally, this patch preferentially tries to fetch from
non-excluded nodes even when StrictNodes is off.

Fix for bug #10722. Bugfix on 0.2.0.10-alpha (the v2 hidserv directory
system was introduced in e136f00ca). Reported by "mr-4".
2014-01-24 12:56:10 -05:00
Nick Mathewson
17466ce10e Incorporate changes from 0.2.4.20 into 0.2.5.2 changelog-in-progress 2014-01-20 15:44:31 -05:00
Nick Mathewson
694562815f Move all merged-in-0.2.4.18-rc items into 0.2.5.2-alpha changelog section. 2014-01-20 15:41:06 -05:00
Nick Mathewson
85b46d57bc Check spawn_func() return value
If we don't, we can wind up with a wedged cpuworker, and write to it
for ages and ages.

Found by skruffy.  This was a bug in 2dda97e8fd, a.k.a. svn
revision 402. It's been there since we have been using cpuworkers.
2014-01-17 12:04:53 -05:00
Nick Mathewson
682c2252a5 Fix some seccomp2 issues
Fix for #10563.  This is a compatibility issue with libseccomp-2.1.
I guess you could call it a bugfix on 0.2.5.1?
2014-01-06 04:27:58 -05:00
Nick Mathewson
5c45a333c3 Merge remote-tracking branch 'public/bug10169_023' into bug10169_024
Conflicts:
	doc/tor.1.txt
	src/or/config.c
	src/or/or.h

The conflicts were all pretty trivial.
2014-01-03 10:53:22 -05:00
Nick Mathewson
9030360277 Add explicit check for 0-length extend2 cells
This is harmless in the Tor of today, but important for correctness.

Fixes bug 10536; bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
2014-01-03 10:43:09 -05:00
Nick Mathewson
573ee36eae Merge remote-tracking branch 'public/bug10485' 2013-12-24 11:42:35 -05:00
Nick Mathewson
2b8962bc64 Move onion-type stats message into heartbeat
Fix for 10485. Fix on 0.2.4.17-alpha.
2013-12-24 11:41:48 -05:00
Nick Mathewson
3121a6d0c8 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-23 19:01:29 -05:00
Nick Mathewson
3511549651 Clarify DirPort multiplicity
Fix for #10470 as suggested by arma
2013-12-23 19:00:46 -05:00
Nick Mathewson
6276cca8ce Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-22 17:26:25 -05:00
Nick Mathewson
b9f6e40ecb Fix automapping to ipv6
Bugfix on 0.2.4.7-alpha; fixes bug 10465.
2013-12-22 17:19:22 -05:00
Nick Mathewson
bbc85b18ca Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-21 21:16:06 -05:00
Nick Mathewson
b5d13d11c9 Fix a logic error in circuit_stream_is_being_handled.
When I introduced the unusable_for_new_circuits flag in
62fb209d83, I had a spurious ! in the
circuit_stream_is_being_handled loop.  This made us decide that
non-unusable circuits (that is, usable ones) were the ones to avoid,
and caused it to launch a bunch of extra circuits.

Fixes bug 10456; bugfix on 0.2.4.12-alpha.
2013-12-21 10:15:09 -05:00
Nick Mathewson
b98c5884fc Merge remote-tracking branch 'linus/bug10324' 2013-12-20 11:40:21 -05:00
Nick Mathewson
85284c33d1 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/common/crypto.c
2013-12-18 22:04:21 -05:00
Karsten Loesing
b7d8a1e141 Report complete directory request statistics on bridges.
When we wrote the directory request statistics code in August 2009, we
thought that these statistics were only relevant for bridges, and that
bridges should not report them.  That's why we added a switch to discard
relevant observations made by bridges.  This code was first released in
0.2.2.1-alpha.

In May 2012 we learned that we didn't fully disable directory request
statistics on bridges.  Bridges did report directory request statistics,
but these statistics contained empty dirreq-v3-ips and dirreq-v3-reqs
lines.  But the remaining dirreq-* lines have always been non-empty.  (We
didn't notice for almost three years, because directory-request statistics
were disabled by default until 0.2.3.1-alpha, and all statistics have been
removed from bridge descriptors before publishing them on the metrics
website.)

Proposal 201, created in May 2012, suggests to add a new line called
bridge-v3-reqs that is similar to dirreq-v3-reqs, but that is published
only by bridges.  This proposal is still open as of December 2013.

Since October 2012 we're using dirreq-v3-resp (not -reqs) lines in
combination with bridge-ips lines to estimate bridge user numbers; see
task 8462.  This estimation method has superseded the older approach that
was only based on bridge-ips lines in November 2013.  Using dirreq-v3-resp
and bridge-ips lines is a workaround.  The cleaner approach would be to
use dirreq-v3-reqs instead.

This commit makes bridges report the same directory request statistics as
relays, including dirreq-v3-ips and dirreq-v3-reqs lines.  It makes
proposal 201 obsolete.
2013-12-18 18:02:10 +01:00
Karsten Loesing
90f0358e3e Disable (Cell,Entry,ExitPort)Statistics on bridges
In 0.2.3.8-alpha we attempted to "completely disable stats if we aren't
running as a relay", but instead disabled them only if we aren't running
as a server.

This commit leaves DirReqStatistics enabled on both relays and bridges,
and disables (Cell,Entry,ExitPort)Statistics on bridges.
2013-12-18 18:01:25 +01:00
Nick Mathewson
7b87003957 Never allow OpenSSL engines to replace the RAND_SSLeay method
This fixes bug 10402, where the rdrand engine would use the rdrand
instruction, not as an additional entropy source, but as a replacement
for the entire userspace PRNG.  That's obviously stupid: even if you
don't think that RDRAND is a likely security risk, the right response
to an alleged new alleged entropy source is never to throw away all
previously used entropy sources.

Thanks to coderman and rl1987 for diagnosing and tracking this down.
2013-12-18 11:53:07 -05:00
Nick Mathewson
f12d3fe9aa Merge remote-tracking branch 'origin/maint-0.2.4' 2013-12-17 13:54:02 -05:00
Nick Mathewson
561d9880f8 Merge branch 'bug10423' into maint-0.2.4 2013-12-17 13:53:11 -05:00
Nick Mathewson
adfcc1da4a Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/microdesc.c

Conflict because one change was on line adjacent to line where
01206893 got fixed.
2013-12-17 13:18:00 -05:00
Nick Mathewson
3d5154550c Merge remote-tracking branch 'public/bug10409_023' into maint-0.2.4 2013-12-17 13:15:45 -05:00
Nick Mathewson
46b3b6208d Avoid double-free on failure to dump_descriptor() a cached md
This is a fix for 10423, which was introducd in caa0d15c in 0.2.4.13-alpha.

Spotted by bobnomnom.
2013-12-17 13:12:52 -05:00
Nick Mathewson
d8cfa2ef4e Avoid free()ing from an mmap on corrupted microdesc cache
The 'body' field of a microdesc_t holds a strdup()'d value if the
microdesc's saved_location field is SAVED_IN_JOURNAL or
SAVED_NOWHERE, and holds a pointer to the middle of an mmap if the
microdesc is SAVED_IN_CACHE.  But we weren't setting that field
until a while after we parsed the microdescriptor, which left an
interval where microdesc_free() would try to free() the middle of
the mmap().

This patch also includes a regression test.

This is a fix for #10409; bugfix on 0.2.2.6-alpha.
2013-12-16 13:06:00 -05:00
Linus Nordberg
129f26e959 Make tor-gencert create 2048 bit signing keys. 2013-12-12 17:39:22 +01:00
rl1987
e6590efaa7 Fix get_configured_bridge_by_addr_port_digest(.,.,NULL)
The old behavior was that NULL matched only bridges without known
identities; the correct behavior is that NULL should match all
bridges (assuming that their addr:port matches).
2013-12-09 11:22:22 -05:00
Nick Mathewson
9c048d90b6 Merge remote-tracking branch 'public/bug10131_024' 2013-12-09 11:06:20 -05:00
Nick Mathewson
c56bb30044 Remove a check in channeltls.c that could never fail.
We were checking whether a 8-bit length field had overflowed a
503-byte buffer. Unless somebody has found a way to store "504" in a
single byte, it seems unlikely.

Fix for 10313 and 9980. Based on a pach by Jared L Wong. First found
by David Fifield with STACK.
2013-12-09 11:02:34 -05:00
David Fifield
b600495441 Set CREATE_NO_WINDOW in tor_spawn_background.
This flag prevents the creation of a console window popup on Windows. We
need it for pluggable transport executables--otherwise you get blank
console windows when you launch the 3.x browser bundle with transports
enabled.

http://msdn.microsoft.com/en-us/library/ms684863.aspx#CREATE_NO_WINDOW

The browser bundles that used Vidalia used to set this flag when
launching tor itself; it was apparently inherited by the pluggable
transports launched by tor. In the 3.x bundles, tor is launched by some
JavaScript code, which doesn't have the ability to set CREATE_NO_WINDOW.
tor itself is now being compiled with the -mwindows option, so that it
is a GUI application, not a console application, and doesn't show a
console window in any case. This workaround doesn't work for pluggable
transports, because they need to be able to write control messages to
stdout.

https://trac.torproject.org/projects/tor/ticket/9444#comment:30
2013-12-05 12:30:11 -05:00
Nick Mathewson
2d9adcd204 Restore ability to build with V2_HANDSHAKE_SERVER
Fixes bug 4677; bugfix on 0.2.3.2-alpha. Fix by "piet".
2013-11-25 10:51:00 -05:00
Nick Mathewson
647248729f Drop the MaxMemInQueues lower limit down to 256 MB.
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.
2013-11-20 12:13:30 -05:00
Nick Mathewson
03ff21b018 Changess file for #10169 2013-11-20 12:08:03 -05:00
Nick Mathewson
03da9be2f1 Merge remote-tracking branch 'sysrqb/bug9859_5' 2013-11-20 11:03:37 -05:00
Nick Mathewson
a7c9d64fd6 Merge branch 'finish_prop157' 2013-11-18 13:27:06 -05:00
Nick Mathewson
ec9d88e5a2 Tweak #10162 documentation a bit 2013-11-18 13:26:58 -05:00
Nick Mathewson
d0f9a2b846 Whoops; changes files belong in changes. 2013-11-18 12:49:12 -05:00
Nick Mathewson
84458b79a7 Log more OpenSSL engine statuses at startup.
Fixes ticket 10043; patch from Joshua Datko.
2013-11-18 11:12:24 -05:00
Nick Mathewson
fbc20294aa Merge branch 'backtrace_squashed'
Conflicts:
	src/common/sandbox.c
	src/common/sandbox.h
	src/common/util.c
	src/or/main.c
	src/test/include.am
	src/test/test.c
2013-11-18 11:00:16 -05:00
Nick Mathewson
c81f64ab44 Improve backtrace changes file 2013-11-18 10:48:14 -05:00
Nick Mathewson
063bea58bc Basic backtrace ability
On platforms with the backtrace/backtrace_symbols_fd interface, Tor
can now dump stack traces on assertion failure.  By default, I log
them to DataDir/stack_dump and to stderr.
2013-11-18 10:43:14 -05:00
Nick Mathewson
7a2b30fe16 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c

Conflict changes were easy; compilation fixes required were using
using TOR_SIMPLEQ_FIRST to get head of cell queue.
2013-11-15 15:35:00 -05:00
Nick Mathewson
59f50c80d4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/or.h
	src/or/relay.c

Conflicts were simple to resolve.  More fixes were needed for
compilation, including: reinstating the tv_to_msec function, and renaming
*_conn_cells to *_chan_cells.
2013-11-15 15:29:24 -05:00
Nick Mathewson
f6e07c158f Make the dir-key-crosscert element required
In proposal 157, we added a cross-certification element for
directory authority certificates. We implemented it in
0.2.1.9-alpha.  All Tor directory authorities now generate it.
Here, as planned, make it required, so that we can finally close
proposal 157.

The biggest change in the code is in the unit test data, where some
old hardcoded certs that we made long ago have become no longer
valid and now need to be replaced.
2013-11-14 09:37:41 -05:00
Nick Mathewson
ff08b9b231 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-11-11 10:50:05 -05:00
Nick Mathewson
a82b18f216 missing changes file for #10124 2013-11-11 10:49:44 -05:00
Nick Mathewson
940d286a74 Documentation and tests for 10060 2013-11-07 14:42:58 -05:00
rl1987
86cfc64d45 Implementing --allow-missing-torrc CLI option. 2013-11-07 14:26:05 -05:00
Nick Mathewson
1b8ceb83c9 Improved circuit queue out-of-memory handler
Previously, when we ran low on memory, we'd close whichever circuits
had the most queued cells. Now, we close those that have the
*oldest* queued cells, on the theory that those are most responsible
for us running low on memory, and that those are the least likely to
actually drain on their own if we wait a little longer.

Based on analysis from a forthcoming paper by Jansen, Tschorsch,
Johnson, and Scheuermann. Fixes bug 9093.
2013-11-07 12:15:30 -05:00
Nick Mathewson
12dc55f487 Merge branch 'prop221_squashed_024'
Conflicts:
	src/or/or.h
2013-11-01 10:28:01 -04:00
Nick Mathewson
0de71bf8eb Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2013-11-01 10:04:48 -04:00
Nick Mathewson
5cc155e02a Merge remote-tracking branch 'public/bug9645' into maint-0.2.4 2013-10-31 16:09:41 -04:00
Nick Mathewson
702c0502cf Merge remote-tracking branch 'public/bug9731' 2013-10-31 14:09:18 -04:00
Nick Mathewson
db2c2a6909 Merge remote-tracking branch 'public/bug9731b' into maint-0.2.4 2013-10-31 14:08:28 -04:00
Nick Mathewson
61029d6926 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-31 14:03:01 -04:00
Nick Mathewson
1b312f7b55 Merge remote-tracking branch 'public/bug9780_024_v2' into maint-0.2.4 2013-10-31 14:02:28 -04:00
Nick Mathewson
0e8ee795d9 Merge remote-tracking branch 'public/bug6055_v2_024' into maint-0.2.4 2013-10-31 13:14:39 -04:00
Karsten Loesing
d4af57a2c6 Add changelog entry for merged #7359. 2013-10-31 09:21:13 +01:00
George Kadianakis
9e0ed8136a Fix an always-true assert in PT code. 2013-10-29 22:49:37 +00:00
Nick Mathewson
4b6f074df9 Merge remote-tracking branch 'public/bug5018'
Conflicts:
	src/or/entrynodes.c
2013-10-29 01:29:59 -04:00
George Kadianakis
6f33dffec1 Only launch transport proxies that provide useful transports. 2013-10-29 01:05:56 -04:00
Nick Mathewson
7578606a22 Merge remote-tracking branch 'public/bug9934_nm' 2013-10-25 12:15:31 -04:00
Nick Mathewson
c95cc088c1 Tweak 5605 changes file 2013-10-25 12:07:15 -04:00
Nick Mathewson
f249074e41 Merge remote-tracking branch 'Ryman/bug5605' 2013-10-25 12:03:42 -04:00
Nick Mathewson
4b8282e50c Log the origin address of controller connections
Resolves 9698; patch from "sigpipe".
2013-10-25 11:52:45 -04:00
Matthew Finkel
b36f93a671 A Bridge Authority should compute flag thresholds
As a bridge authority, before we create our networkstatus document, we
should compute the thresholds needed for the various status flags
assigned to each bridge based on the status of all other bridges. We
then add these thresholds to the networkstatus document for easy access.
Fixes for #1117 and #9859.
2013-10-21 17:49:33 +00:00
Nick Mathewson
b7a17de454 Better detection for certain broken cross-compiling situations.
Fixes bug 9869; patch from Benedikt Gollatz.
2013-10-21 13:30:38 -04:00
Nick Mathewson
21ac292820 Give a better warning when stack protection breaks linking.
Fix for 9948; patch from Benedikt Gollatz.
2013-10-21 13:07:47 -04:00
Nick Mathewson
71bd100976 DROPGUARDS controller command
Implements ticket 9934; patch from "ra"
2013-10-21 13:02:25 -04:00
Nick Mathewson
17d368281a Merge remote-tracking branch 'linus/bug9206_option' 2013-10-16 11:20:43 -04:00
Nick Mathewson
1129362bd7 changes file for bug9651 2013-10-14 11:44:20 -04:00
Roger Dingledine
a26a5794a3 Merge branch 'maint-0.2.4' 2013-10-12 10:48:30 -04:00
Roger Dingledine
8f9fb63cdb be willing to bootstrap from all three of our directory guards
Also fix a bug where if the guard we choose first doesn't answer, we
would try the second guard, but once we connected to the second guard
we would abandon it and retry the first one, slowing down bootstrapping.

The fix in both cases is to treat all our initially chosen guards as
acceptable to use.

Fixes bug 9946.
2013-10-12 10:42:27 -04:00
Nick Mathewson
187398318e When python is available, run the commandline unit tests from "make check" 2013-10-11 13:07:14 -04:00
Nick Mathewson
0546edde66 Merge branch 'bug1376' 2013-10-11 12:51:15 -04:00
Nick Mathewson
7ef9ecf6b3 Fix some whitespace; tighten the tests. 2013-10-11 12:51:07 -04:00
Nick Mathewson
6f9584b3fd Make --version, --help, etc incremement quiet level, never decrease it
Fixes other case of #9578
2013-10-11 12:32:59 -04:00
Nick Mathewson
64293135df Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-11 11:17:18 -04:00
Nick Mathewson
7ef2939e5a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-11 11:16:59 -04:00
Nick Mathewson
82d8944928 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2013-10-11 11:16:45 -04:00
Karsten Loesing
3b0265198f Update to the October 2013 GeoIP database. 2013-10-11 13:36:30 +02:00
Roger Dingledine
f96a8d5fa3 Report bootstrapping progress correctly when downloading microdescs
We had updated our "do we have enough microdescs to begin building
circuits?" logic most recently in 0.2.4.10-alpha (see bug 5956), but we
left the bootstrap status event logic at "how far through getting 1/4
of them are we?"

Fixes bug 9958; bugfix on 0.2.2.36, which is where they diverged (see
bug 5343).
2013-10-10 21:39:21 -04:00
Nick Mathewson
df4693fed5 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 11:24:16 -04:00
Nick Mathewson
2c7ed0406f Merge branch 'bug9644_024' into maint-0.2.4 2013-10-10 11:23:46 -04:00
Nick Mathewson
97285bc465 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 10:55:58 -04:00
Nick Mathewson
1137817319 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-10 10:55:24 -04:00
Nick Mathewson
6eb7f2f889 Merge remote-tracking branch 'public/bug9928' into maint-0.2.3 2013-10-10 10:53:27 -04:00
Nick Mathewson
882fb8383d Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-09 09:45:21 -04:00
Nick Mathewson
270dcc9131 Changes file for 9854 2013-10-09 09:43:54 -04:00
Nick Mathewson
9de456a303 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-08 16:47:49 -04:00
Nick Mathewson
b8abadedd3 When examining interfaces to find an address, discard non-up ones.
Patch from "hantwister" on trac. Fixes bug #9904; bugfix on
0.2.3.11-alpha.
2013-10-08 16:46:29 -04:00
Nick Mathewson
72c1e5acfe Switch ECDHE group default logic for bridge/relay TLS
According to the manpage, bridges use P256 for conformity and relays
use P224 for speed. But skruffy points out that we've gotten it
backwards in the code.

In this patch, we make the default P256 for everybody.

Fixes bug 9780; bugfix on 0.2.4.8-alpha.
2013-10-08 16:32:07 -04:00
Nick Mathewson
fa1034cd99 Changes file for 9866 2013-10-08 16:06:36 -04:00
Nick Mathewson
66624ded39 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/relay.c
2013-10-08 13:38:47 -04:00
Nick Mathewson
50fc8fb5c5 Merge remote-tracking branch 'public/bug9927' into maint-0.2.4 2013-10-08 13:37:13 -04:00
Nick Mathewson
1060688d2a Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-08 12:17:14 -04:00
Nick Mathewson
7e0f1fa52a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-10-08 12:16:42 -04:00
Nick Mathewson
5e0404265f Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-08 12:11:37 -04:00
Nick Mathewson
0c3c47565d Merge remote-tracking branch 'public/bug9596' into maint-0.2.4 2013-10-08 12:10:47 -04:00
Nick Mathewson
bfe56e05b0 Give credit to bug reporter for 9928 2013-10-08 12:06:06 -04:00
Nick Mathewson
63234b1839 Merge branch 'bug9922' 2013-10-08 12:03:09 -04:00
Nick Mathewson
b2a050cb2a Finish changelog message for 9922. 2013-10-08 12:02:34 -04:00
Roger Dingledine
5f13ae4b03 don't lie about bootstrap progress when clients use bridges
we were listing 50% as soon as we got a bridge's relay descriptor,
even if we didn't have any consensus, certificates, etc yet.
2013-10-08 11:50:53 -04:00
Nick Mathewson
c8c2298015 Simply route length generation code.
The old code had logic to use a shorter path length if we didn't
have enough nodes. But we don't support 2-node networks anwyay.

Fix for #9926.  I'm not calling this a bugfix on any particular
version, since a 2-node network would fail to work for you for a lot
of other reasons too, and it's not clear to me when that began, or if
2-node networks would ever have worked.
2013-10-08 11:48:33 -04:00
Nick Mathewson
c7c24785ee Generate bootstrapping status messages for microdescs too
Fix for 9927.
2013-10-08 11:32:02 -04:00
Nick Mathewson
17bcfb2604 Raise buffer size, fix checks for format_exit_helper_status.
This is probably not an exploitable bug, since you would need to have
errno be a large negative value in the unix pluggable-transport launcher
case.  Still, best avoided.

Fixes bug 9928; bugfix on 0.2.3.18-rc.
2013-10-08 11:13:21 -04:00
Nick Mathewson
245ecfff36 Changes file for 9866 2013-10-07 11:32:06 -04:00
Linus Nordberg
fab8fd2c18 Add TestingDirAuthVoteGuard option for specifying relays to vote Guard on.
Addresses ticket 9206.
2013-10-07 13:33:42 +02:00
Nick Mathewson
566645b5ed Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-02 22:40:01 -04:00
Nick Mathewson
557f332957 Fix a bug in our bug 9776 fix.
By calling circuit_n_chan_done() unconditionally on close, we were
closing pending connections that might not have been pending quite for
the connection we were closing.  Fix for bug 9880.

Thanks to skruffy for finding this and explaining it patiently until
we understood.
2013-10-02 22:20:18 -04:00
Roger Dingledine
299e8c0292 first draft of an 0.2.5.1-alpha changelog 2013-10-01 20:41:46 -04:00
Roger Dingledine
4e610f721b blow away three more changes files that got into 0.2.4 2013-10-01 15:10:13 -04:00
Roger Dingledine
b484711a51 remove changes files that are already merged in release-0.2.4 2013-10-01 07:35:48 -04:00
Nick Mathewson
09e850dc36 Changes file for 5505 2013-09-29 13:59:17 -04:00
Nick Mathewson
090bff2dca Merge remote-tracking branch 'public/bug6055_v2_024' 2013-09-25 14:35:18 -04:00
Nick Mathewson
ad763a336c Re-enable TLS 1.[12] when building with OpenSSL >= 1.0.1e
To fix #6033, we disabled TLS 1.1 and 1.2.  Eventually, OpenSSL fixed
the bug behind #6033.

I've considered alternate implementations that do more testing to see
if there's secretly an OpenSSL 1.0.1c or something that secretly has a
backport of the OpenSSL 1.0.1e fix, and decided against it on the
grounds of complexity.
2013-09-25 14:34:24 -04:00
Nick Mathewson
759de9f756 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-24 10:47:26 -04:00
Andrea Shepard
938ee9b24d Always call circuit_n_chan_done(chan, 0) from channel_closed() 2013-09-24 10:42:12 -04:00
Nick Mathewson
6178aaea06 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-09-20 11:01:10 -04:00
Nick Mathewson
39bb59d363 Avoid error by not saying which intro cell type I mean 2013-09-20 11:00:27 -04:00
Nick Mathewson
fd2954d06d Round down hidden service descriptor publication times to nearest hour
Implements part of proposal 222.  We can do this safely, since
REND_CACHE_MAX_SKEW is 24 hours.
2013-09-20 11:00:27 -04:00
Nick Mathewson
accadd8752 Remove the timestamp from AUTHENTICATE cells; replace with random bytes
This isn't actually much of an issue, since only relays send
AUTHENTICATE cells, but while we're removing timestamps, we might as
well do this too.

Part of proposal 222.  I didn't take the approach in the proposal of
using a time-based HMAC, since that was a bad-prng-mitigation hack
from SSL3, and in real life, if you don't have a good RNG, you're
hopeless as a Tor server.
2013-09-20 11:00:27 -04:00