March 2011 - tor-commits - lists.torproject.org

[metrics-tasks/master] Check in Thematic Mapping API prototype.
by karsten＠torproject.org 15 Mar '11

15 Mar '11

commit b76dd60885767c8246b732861f41af5489680d04 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Tue Mar 15 16:43:22 2011 +0100 Check in Thematic Mapping API prototype. --- task-2762/README | 19 ++ task-2762/css/stylesheet-ltr.css | 522 ++++++++++++++++++++++++++++++++++++++ task-2762/images/favicon.ico | Bin 0 -> 1150 bytes task-2762/images/top-left.png | Bin 0 -> 11137 bytes task-2762/images/top-middle.png | Bin 0 -> 240 bytes task-2762/images/top-right.png | Bin 0 -> 607 bytes task-2762/index.html | 93 +++++++ 7 files changed, 634 insertions(+), 0 deletions(-) diff --git a/task-2762/README b/task-2762/README new file mode 100644 index 0000000..fccd988 --- /dev/null +++ b/task-2762/README @@ -0,0 +1,19 @@ +Thematic Mapping API prototype for Tor metrics data +--------------------------------------------------- + + - Download the Thematic Mapping API JavaScript code from + http://thematicmapping.org/ and place it in this directory. In + particular, you'll need tmapi-0.1.js and worldborders.js. + + - Create your own Google Spreadsheet and replace the link + "https://spreadsheets.google.com/tq?key=0AujpbDQoBXkX..." in index.html + with a link to your spreadsheet. Feel free to use the existing link, + but note that you cannot change the data in it. + + - Register your domain at Google for using the Google Earth Plug-In on + your website. If you don't, the plugin won't load on your website, but + it will tell you where to register. + + - Make your website available via thttpd, Apache, or the web server of + your choice. + diff --git a/task-2762/css/stylesheet-ltr.css b/task-2762/css/stylesheet-ltr.css new file mode 100644 index 0000000..20a6b7f --- /dev/null +++ b/task-2762/css/stylesheet-ltr.css @@ -0,0 +1,522 @@ +body { + background-color: white; + margin-top: 0px; + font-family: Arial, Helvetica, sans-serif; + font-size: 1em; + font-style: normal; + color: #000000; + padding-top: 0px; +} + +/* images */ + +img { + border: 0; +} + + +li { + margin: .2em .2em .2em 1em; +} + +/* this centers the page */ + +.center { + text-align: center; + background-color: white; + margin: 0px auto 0 auto; + width: 85%; +} + +.center table { + margin-left: auto; + margin-right: auto; + text-align: left; +} + +/* for the shadow box */ + +table.shadowbox { + width: 788px; + border-collapse: collapse; + padding: 0; + margin-bottom: 2em; +} + +table.shadowbox td { + margin: 0; + padding: 0; +} + +/* spacer */ + +td.spacer { + width: 110px; +} + +div.banner { + text-align: center; + height: 79px; + margin-bottom: 10px; + width:100%; +} + +table.table-banner { + margin: 0 auto 0 auto; + background-image: url("images/tor_mast.gif"); + background-repeat: no-repeat; +} + +div.bottom { + font-size: 0.8em; + margin-top: 0.5cm; + margin-left: 1em; + margin-right: 1em; + text-align: center; +} + +/* the sidebars */ + +div.sidebar { + -moz-border-radius: 5px; + -khtml-border-radius: 5px; + background-color: #e5e5e5; + float: right; + margin: 0 0 10px 10px; + /* border: 2px solid #666; */ + padding: 10px; + width: 150px; + text-align: center; +} + +div.sidebar-left { + -moz-border-radius: 5px; + -khtml-border-radius: 5px; + background-color: #e5e5e5; + float: right; + margin: 0 0 5px 5px; + /* border: 2px solid #666; */ + padding: 5px; + width: 275px; + text-align: left; +} + +/* The main column (left text) */ + +div.main-column { + padding: 15px 0 10px 10px; + text-indent: 0pt; + font-size: 1em; + direction: ltr; + text-align: left; +} + +/* formatting styles */ + +h1 { + font-size: 1.6em; + margin-bottom: 0.5em; +} + +h2 { + font-size: 1.4em; + margin-bottom: 0em; + font-weight: bold; + margin-top: 0; +} + +h3 { + font-size: 1.2em; + margin-bottom: 0em; + font-weight: bold; + margin-top: 0; +} + +h4 { + font-size: 1.1em; + margin-bottom: 0em; + font-weight: bold; + margin-top: 0; +} + +h5 { + font-size: 1.0em; + margin-bottom: 0em; + font-weight: bold; + margin-top: 0; +} + +p { + margin-top: 0; + margin-bottom: 1em; +} + +a:link { + color: blue; + font-size: 1em; +} + +a:visited { + color: purple; + font-size: 1em; +} + +a.anchor:link { + font-size: 1em; + color: black; + font-weight: bold; + text-decoration: none; +} + +a.anchor:visited { + font-size: 1em; + color: black; + font-weight: bold; + text-decoration: none; +} + +a.anchor { + font-size: 1em; + color: black; + font-weight: bold; + text-decoration: none; +} + +td { + vertical-align: top; +} + +a.smalllink { + font-size: 0.8em; +} + +/* the banner */ + +table.banner { + width: 100%; + height: 79px; + margin-left: auto; + margin-right: auto; +} + +td.banner-left { + /* This is done with an <img> in the HTML so it can be clickable + background-image: url("/images/top-left.png"); + background-repeat: no-repeat; */ + width: 193px; +} + +td.banner-middle { + background-color: #00802B; + background-image: url("/images/top-middle.png"); + background-repeat: repeat-x; + vertical-align: bottom; + padding-bottom: 10px; + color: white; + font-weight: bold; + font-size: 1.2em; +} + +td.banner-middle a, td.banner-middle a:visited { + margin-right: 5px; + color: white; + font-weight: bold; + font-size: 1em; +} + +td.banner-middle a:hover { + color: #FF7F00; + font-weight: bold; + font-size: 1em; +} + +td.banner-right { + background-image: url("/images/top-right.png"); + background-repeat: no-repeat; + width: 15px; + background-position: right; + padding-top: 8px; +} + +.banner-middle a.current { + text-decoration: none; + color: #FF7F00; + font-weight: bold; + font-size: 1em; + width: auto; + left: -50px; +} + +.donatebutton { + width: auto; + text-align: center; +} + +.donatebutton a { + -moz-border-radius: 5px; + -khtml-border-radius: 5px; + margin: 10px 0 0 0; + font-weight: bold; + display: block; + padding: 6px; + background-color: #00802B; + border-top: 1px solid #00A838; + border-left: 1px solid #00A838; + border-bottom: 1px solid #00591E; + border-right: 1px solid #00591E; + color: #FFFFFF; +} + +.donatebutton a:hover { + color: orange; +} + +.donatebutton a:active { + color: orange; +} + +.downloadbutton { + width: auto; + text-align: center; +} + +.downloadbutton a { + -moz-border-radius: 5px; + -khtml-border-radius: 5px; + margin: 10px 0 0 0; + font-weight: bold; + display: block; + padding: 6px; + background-color: orange; + color: #FFFFFF; +} + +.downloadbutton a:hover { + color: green; +} + +.donatebutton a:active { + color: green; +} + +/* these styles are for the menu on the gui contest pages */ + +.guileft { + width: 25%; + float: left; + padding: 0; + margin: 0; +} + +.guimenu { + border: 1px solid #AAA6AB; + background-color: #E2DFE3; + margin: 0 15px 15px 0; + padding: 0; +} + +.guimenuinner a { + display: block; + text-decoration: none; + padding: 2px 0px 0px 12px; + margin: 0 0 0 0px; + color: #333333; +} + +.guimenuinner a:visited { + color: #333333; +} + +.guimenuinner a:hover { + background-image: url(gui/img/arrow.png); + background-repeat: no-repeat; + background-position: left; + color: #EF8012; +} + +.guimenuinner a.on { + background-image: url(gui/img/arrow.png); + background-repeat: no-repeat; + background-position: left; + color: #EF8012; +} + + +.guimenu h1 { + width: 85%; + font-size: 16px; + margin: 0 0 8px 0; + padding: 0; + border-bottom: 1px solid #AAA6AB; +} + +.curveleft { + background-image: url(gui/img/corner-topleft.png); + background-repeat: no-repeat; + background-position: top left; + margin: -1px; +} + +.curveright { + background-image: url(gui/img/corner-topright.png); + background-repeat: no-repeat; + background-position: top right; +} + +.guimenuinner { + + padding: 0 10px 0 10px; +} + + +.curvebottomleft { + background-image: url(gui/img/corner-bottomleft.png); + background-repeat: no-repeat; + background-position: bottom left; + margin: -1px; +} + +.curvebottomright { + background-image: url(gui/img/corner-bottomright.png); + background-repeat: no-repeat; + background-position: bottom right; +} + +table.mirrors { + margin: 0 auto; + border-width: 3px; + border-color: gray; + border-style: ridge; + border-collapse: collapse; +} +table.mirrors th { + border: 1px solid gray; + background-color: #DDDDDD; +} +table.mirrors td { + border: 1px solid gray; + padding: 4px; +} + +acronym { + border-bottom: none; +} + +dt { + font-weight: bolder; + font-style: italic; +} + +.nb { + -moz-border-radius: 5px; + -khtml-border-radius: 5px; + background-color:#EEEEFF; + border:1px solid #000000; + color:black; + font-size:10pt; + font-weight:bold; + margin:10px 0; + padding:15px 20px; + text-align:justify; +} + +.warning { + -moz-border-radius: 5px; + -khtml-border-radius: 5px; + background-color:#FFFFFF; + background-image:url(images/distros/warning.png); + background-position:15px center; + background-repeat:no-repeat; + border:2px solid #FF0000; + color:#1A1A1A; + font-size:10pt; + font-weight:bold; + margin:10px 0; + padding:15px 20px 15px 67px; + text-align:justify; +} + +hr { + background-color:#002200; + color:#666666; + font-size:1px; + height:1px; + line-height:0; + margin:15px 0 5px; +} + +.underline { + border-bottom:1px solid #000022; + margin:10px 0 20px; + padding:5px 0; +} + +div#graphmenu { + float:left; + margin-top:20px; + width:100%; + padding:5px; +} + +#graphmenu div.formrow { + clear:both; +} + +#graphmenu .formrow p { + float:left; +} + +#graphmenu .formrow label { + float:left; + width:100px; + margin:0px 5px 0px 0px; + text-align:right; +} + +#graphmenu .formrow label.graphname { + float:left; + width:100px; + margin:0px; + text-align:right; +} + +#graphmenu .formrow label.startend { + width:50px; + margin:0px 10px 0px 0px; + text-align:right; +} + +#graphmenu .formrow input { + float:left;width:100px; +} + +#graphmenu .formrow input.submit { + width:100px; + margin:0px 0px 0px 10px; +} + +#graphmenu .break { + clear:both; +} + +#graphmenu .note { + float:left; + font-size:.8em; + font-style:italic; +} + +#graphmenu div#torperfopts { + float:left; +} + +#graphmenu div#gettoropts { + float:left; +} + +#graphmenu div#regularopts { + float:left; +} + +.error { + color:red; +} diff --git a/task-2762/images/favicon.ico b/task-2762/images/favicon.ico new file mode 100644 index 0000000..48060b1 Binary files /dev/null and b/task-2762/images/favicon.ico differ diff --git a/task-2762/images/top-left.png b/task-2762/images/top-left.png new file mode 100644 index 0000000..9927355 Binary files /dev/null and b/task-2762/images/top-left.png differ diff --git a/task-2762/images/top-middle.png b/task-2762/images/top-middle.png new file mode 100644 index 0000000..1035dc5 Binary files /dev/null and b/task-2762/images/top-middle.png differ diff --git a/task-2762/images/top-right.png b/task-2762/images/top-right.png new file mode 100644 index 0000000..54623ef Binary files /dev/null and b/task-2762/images/top-right.png differ diff --git a/task-2762/index.html b/task-2762/index.html new file mode 100644 index 0000000..014abf2 --- /dev/null +++ b/task-2762/index.html @@ -0,0 +1,93 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html> +<head> + <title>Tor Daily Users Thematic Mapping API Prototype</title> + <script src="http://www.google.com/jsapi?key=ABQIAAAAgej9iuh3YJNjEPuctrZMehRNZJOGGZ5AJFY…"></script> + <script src="tmapi-0.1.js"></script> + <script src="worldborders.js"></script> + <link href="/css/stylesheet-ltr.css" type="text/css" rel="stylesheet"> + <link href="/images/favicon.ico" type="image/x-icon" rel="shortcut icon"> +</head> +<body onload="init()"> + <div class="center"> + <table class="banner" border="0" cellpadding="0" cellspacing="0" summary=""> + +<tr> + <td class="banner-left"> + <img src="/images/top-left.png" width="193" height="79"> + </td> + <td class="banner-middle"></td> + <td class="banner-right"></td> +</tr> +</table> + + <div class="main-column"> + <h2>Tor Daily Users Thematic Mapping API Prototype</h2> + <br> + + <p>This website is a prototype of the + <a href="http://thematicmapping.org/">Thematic Mapping API</a> + to display daily Tor users.</p> + + <div id='map_container' style='height: 800px; width: 800px;'> + <div id='map' style='height: 100%;'></div> + </div> + <script type="text/javascript"> + google.load("visualization", "1"); + google.load("earth", "1"); + + var earth = null; + + function init() { + google.earth.createInstance("map", initCallback, failureCallback); + } + + function initCallback(object) { + earth = object; + earth.getWindow().setVisibility(true); + + // Load statistics from Google Spreadsheet. + var query = new google.visualization.Query('https://spreadsheets.google.com/tq?key=0AujpbDQoBXkXdHdrUHhDZTE4cTllWUwtTjd…'); + // Send the query with a callback function. + query.send(handleQueryResponse); + + // Called when the query response is returned. + function handleQueryResponse(response) { + + var data = response.getDataTable(); + + var map = new TME.Map.Kml.GoogleViz(); + + var options = { + type: 'prism', + title: 'Daily Tor users on March 9, 2011', + maxHeight: 2000000, + colorType: 'scale', + classification: 'equal', + geometry: worldBorders + }; + + var kml = map.draw(data, options); + + var kmlObject = earth.parseKml(kml); + earth.getFeatures().appendChild(kmlObject); + + var lookAt = earth.getView().copyAsLookAt(earth.ALTITUDE_RELATIVE_TO_GROUND); + lookAt.setLatitude(35); + lookAt.setLongitude(-25); + lookAt.setRange(12000000); + earth.getView().setAbstractView(lookAt); + } + } + + function failureCallback(object) { + } + + </script> + + </div> + </div> +</body> +</html> +

1 0

[metrics-tasks/master] Add an example analysis and fix a minor bug.
by karsten＠torproject.org 15 Mar '11

15 Mar '11

commit 22700d31144c1b8f5c3cc954634f4db9ceffec30 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Tue Mar 15 14:49:20 2011 +0100 Add an example analysis and fix a minor bug. --- task-2680/ProcessSanitizedBridges.java | 2 +- task-2680/README | 138 +++++++++++++++++++++++++++----- task-2680/analysis.R | 50 ++++++++++++ 3 files changed, 169 insertions(+), 21 deletions(-) diff --git a/task-2680/ProcessSanitizedBridges.java b/task-2680/ProcessSanitizedBridges.java index 1f0e00e..c3ab6c8 100644 --- a/task-2680/ProcessSanitizedBridges.java +++ b/task-2680/ProcessSanitizedBridges.java @@ -84,7 +84,7 @@ public class ProcessSanitizedBridges { String fingerprint = Hex.encodeHexString(Base64.decodeBase64( parts[2] + "=")); String descriptor = Hex.encodeHexString(Base64.decodeBase64( - parts[2] + "=")); + parts[3] + "=")); String published = parts[4] + " " + parts[5]; String address = parts[6]; String orPort = parts[7]; diff --git a/task-2680/README b/task-2680/README index 65d8b85..69aec70 100644 --- a/task-2680/README +++ b/task-2680/README @@ -1,3 +1,22 @@ +Presenting bridge usage data so that researchers can focus on the math +====================================================================== + + "Right now the process of learning how to parse bridge consensus files, + bridge descriptor files, match up which descriptors go with which + consensus line, which bridges were Running when, etc is too + burdensome -- researchers who want to analyze bridge reachability are + giving up before they even get to the part they tried to sign up for." + (from arma's description of this ticket in Trac) + +This ticket contains the code to process the data tarballs from the +metrics website and convert them to a format that is more useful for +researchers. This README also contains instructions for working with the +new data formats. + + +1 Processing data tarballs from metrics.tpo +-------------------------------------------- + This ticket contains Java and R code to a) process bridge and relay data to convert them to a format that is more @@ -6,13 +25,9 @@ This ticket contains Java and R code to This README has a separate section for each Java or R code snippet. -The Java applications produce four output formats containing bridge -descriptors, bridge status lines, bridge pool assignments, and hashed -relay identities. The data formats are described below. - --------------------------------------------------------------------------- -ProcessSanitizedBridges.java +1.1 ProcessSanitizedBridges.java +--------------------------------- - Download sanitized bridge descriptors from the metrics website, e.g., https://metrics.torproject.org/data/bridge-descriptors-2011-01.tar.bz2, @@ -31,9 +46,9 @@ ProcessSanitizedBridges.java - Once the Java application is done, you'll find the two files statuses.csv and descriptors.csv in this directory. --------------------------------------------------------------------------- -ProcessSanitizedAssignments.java +1.2 ProcessSanitizedAssignments.java +------------------------------------- - Download sanitized bridge pool assignments from the metrics website, e.g., https://metrics.torproject.org/data/bridge-pool-assignments-2011-01.tar.bz2 @@ -48,9 +63,9 @@ ProcessSanitizedAssignments.java - Once the Java application is done, you'll find a file assignments.csv in this directory. --------------------------------------------------------------------------- -ProcessRelayConsensuses.java +1.3 ProcessRelayConsensuses.java +--------------------------------- - Download v3 relay consensuses from the metrics website, e.g., https://metrics.torproject.org/data/consensuses-2011-01.tar.bz2, and @@ -69,16 +84,24 @@ ProcessRelayConsensuses.java - Once the Java application is done, you'll find a file relays.csv in this directory. --------------------------------------------------------------------------- -verify.R +1.4 verify.R +------------- - Run the R verification script like this: $ R --slave -f verify.R --------------------------------------------------------------------------- -descriptors.csv +2 New data formats +------------------- + +The Java applications produce four output formats containing bridge +descriptors, bridge status lines, bridge pool assignments, and hashed +relay identities. The data formats are described below. + + +2.1 descriptors.csv +-------------------- The descriptors.csv file contains one line for each bridge descriptor that a bridge has published. This descriptor consists of fields coming from @@ -115,9 +138,9 @@ Bridges running early 0.2.2.x versions published faulty stats and are therefore removed from descriptors.csv. Bridges running 0.2.2.x or higher (except the faulty 0.2.2.x versions) collect stats in 24-hour intervals. --------------------------------------------------------------------------- -statuses.csv +2.2 statuses.csv +----------------- The statuses.csv file contains one line for every bridge that is referenced in a bridge network status. Note that if a bridge is running @@ -145,9 +168,16 @@ The columns in statuses.csv are: - valid: TRUE if bridge has the Valid flag, FALSE otherwise - v2dir: TRUE if bridge has the V2Dir flag, FALSE otherwise --------------------------------------------------------------------------- +Note that there is no tight relation between statuses.csv and +descriptors.csv when it comes to bridge usage statistics (even though +one can link them via the bridge's server descriptor identifier). A +bridge is free to write anything in its extra-info descriptor, including a +few days old bridge statistics. That is in no way related to the bridge +authority thinking that a bridge is running at a later time. + -assignments.csv +2.3 assignments.csv +-------------------- The assignments.csv file contains one line for every running bridge and the rings, subrings, and buckets that BridgeDB assigned it to. @@ -162,9 +192,9 @@ The columns in assignments.csv are: - flag: Flag subring - bucket: File bucket, only for distributor "unallocated" --------------------------------------------------------------------------- -relays.csv +2.4 relays.csv +--------------- The relays.csv file contains SHA-1 hashes of identity fingerprints of normal relays. If a bridge uses the same identity key that it also used @@ -177,3 +207,71 @@ The columns in relays.csv are: - consensus: ISO-formatted consensus publication time - fingerprint: Hex-formatted SHA-1 hash of identity fingerprint + +3 Working with the new data formats +------------------------------------ + +The new data formats are plain CSV files that can be processed by many +statistics tools, including R. For some analyses it may be sufficient to +evaluate a single CSV file and be done. But most analyses would require +combining two or more of the CSV files. + +See analysis.R for an example analysis. Run it like this: + + $ R --slave -f analysis.R + +Below is the output in case you don't have R installed but want to know +what kind of results to expect: + +Reading descriptors.csv. +Read 97394 rows from descriptors.csv. +28429 of these rows have bridge stats. +Here are the first 10 rows, sorted by fingerprint and bridge stats +interval end, and only displaying German and French users: + fingerprint bridgestatsend de fr +45933 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-02 11:32:47 0 0 +21782 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-02 11:33:53 0 0 +18869 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-02 11:53:07 0 0 +5182 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-02 19:23:52 0 0 +48686 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-03 09:38:20 0 0 +33774 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-03 19:30:08 0 0 +67666 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-03 22:11:47 0 0 +31329 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-06 09:14:07 0 0 +31668 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-07 11:23:26 0 0 +16943 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-08 11:49:26 0 0 +Reading relays.csv +Read 1606208 rows from relays.csv. +Filtering out bridges that have been seen as relays. +26425 descriptors remain. Again, here are the first 10 rows, sorted by +fingerprint and bridge stats interval end, and only displaying German +and French users: + fingerprint bridgestatsend de fr +45933 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-02 11:32:47 0 0 +21782 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-02 11:33:53 0 0 +18869 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-02 11:53:07 0 0 +5182 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-02 19:23:52 0 0 +48686 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-03 09:38:20 0 0 +33774 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-03 19:30:08 0 0 +67666 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-03 22:11:47 0 0 +31329 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-06 09:14:07 0 0 +31668 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-07 11:23:26 0 0 +16943 0008b101e9dcbcfa11ba638b86d71afdef54a4b5 2011-01-08 11:49:26 0 0 +Reading assignments.csv +Read 778561 rows from assignments.csv. +Filtering out bridges that have not been distributed via email. +14684 descriptors remain. Again, Here are the first 10 rows, sorted by +fingerprint and bridge stats interval end, and only displaying German +and French users: + fingerprint bridgestatsend de fr +66036 003817328def77002ff276a9af54bc4326a86d1c 2011-01-01 05:53:12 32 8 +61891 003817328def77002ff276a9af54bc4326a86d1c 2011-01-01 11:46:58 32 8 +54391 003817328def77002ff276a9af54bc4326a86d1c 2011-01-02 03:32:30 40 8 +73165 003817328def77002ff276a9af54bc4326a86d1c 2011-01-02 21:33:14 48 8 +82707 003817328def77002ff276a9af54bc4326a86d1c 2011-01-03 03:47:23 48 8 +5300 003817328def77002ff276a9af54bc4326a86d1c 2011-01-03 21:48:10 32 8 +23940 003817328def77002ff276a9af54bc4326a86d1c 2011-01-04 15:48:56 32 8 +2706 003817328def77002ff276a9af54bc4326a86d1c 2011-01-05 09:49:39 40 8 +17273 003817328def77002ff276a9af54bc4326a86d1c 2011-01-06 03:50:23 24 8 +72380 003817328def77002ff276a9af54bc4326a86d1c 2011-01-06 21:51:09 24 8 +Terminating. + diff --git a/task-2680/analysis.R b/task-2680/analysis.R new file mode 100644 index 0000000..fbe3199 --- /dev/null +++ b/task-2680/analysis.R @@ -0,0 +1,50 @@ +# Read descriptors.csv. +cat("Reading descriptors.csv.\n") +data <- read.csv("descriptors.csv", stringsAsFactors = FALSE) +cat("Read", length(data$fingerprint), "rows from descriptors.csv.\n") + +# We're interested in bridge stats. Let's filter out all descriptors that +# don't have any bridge stats. +data <- data[!is.na(data$bridgestatsend), ] +cat(length(data$fingerprint), "of these rows have bridge stats.\n") + +# Sort data first by bridge fingeprint, then by bridge stats interval end. +data <- data[order(data$fingerprint, data$bridgestatsend), ] +cat("Here are the first 10 rows, sorted by fingerprint and bridge", + "stats\ninterval end, and only displaying German and French users:\n") +data[1:10, c("fingerprint", "bridgestatsend", "de", "fr")] + +# Looks good, but we should exclude all bridges that have been seen as +# relays, or they will skew our results. Read relays.csv. +cat("Reading relays.csv\n") +relays <- read.csv("relays.csv", stringsAsFactors = FALSE) +cat("Read", length(relays$fingerprint), "rows from relays.csv.\n") + +# Filter out all descriptors of bridges that have been seen as relays. +cat("Filtering out bridges that have been seen as relays.\n") +data <- data[!data$fingerprint %in% relays$fingerprint, ] +cat(length(data$fingerprint), "descriptors remain. Again, here are the", + "first 10 rows, sorted by\nfingerprint and bridge stats interval", + "end, and only displaying German\nand French users:\n") +data[1:10, c("fingerprint", "bridgestatsend", "de", "fr")] + +# And finally, we only want to know bridge statistics of the bridges that +# were distributed via email. Read assignments.csv. +cat("Reading assignments.csv\n") +assignments <- read.csv("assignments.csv", stringsAsFactors = FALSE) +cat("Read", length(assignments$fingerprint), "rows from", + "assignments.csv.\n") + +# Filter out all descriptors of bridges that were not assigned to the +# email distributor. +cat("Filtering out bridges that have not been distributed via email.\n") +data <- data[!data$fingerprint %in% + assignments[assignments$type == 'email', "fingerprint"], ] +cat(length(data$fingerprint), "descriptors remain. Again, Here are the", + "first 10 rows, sorted by\nfingerprint and bridge stats interval", + "end, and only displaying German\nand French users:\n") +data[1:10, c("fingerprint", "bridgestatsend", "de", "fr")] + +# That's it. +cat("Terminating.\n") +

1 0

[torspec/master] fix typos, point out one of nickm's sentences that
by arma＠torproject.org 15 Mar '11

15 Mar '11

commit 0b9b650e4bbe08bdc23583e5c17441fe1bdd1433 Author: Roger Dingledine <arma(a)torproject.org> Date: Tue Mar 15 03:15:14 2011 -0400 fix typos, point out one of nickm's sentences that --- proposals/ideas/xxx-ipv6-plan.txt | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/proposals/ideas/xxx-ipv6-plan.txt b/proposals/ideas/xxx-ipv6-plan.txt index 73a21f1..c59dcd4 100644 --- a/proposals/ideas/xxx-ipv6-plan.txt +++ b/proposals/ideas/xxx-ipv6-plan.txt @@ -7,7 +7,7 @@ Status: Draft Overview: This document outlines what we'll have to do to make Tor fully - support IPv6. It refers to other proposals, current and as-yes + support IPv6. It refers to other proposals, current and as-yet unwritten. It suggests a few incremental steps, each of which on its own should make Tor more useful in the brave new IPv6 future of tomorrow. @@ -48,7 +48,7 @@ Designs that we will need to do: For IPv6-only clients, we'll need to specify that routers can have multiple addresses and ORPorts, and allow secondary addresses/ports - that. There is an old proposal (118) to try to allow multiple + that[...? XXX]. There is an old proposal (118) to try to allow multiple ORPorts per router. It's been accepted; it needs to be checked for correctness, updated to track other changes in more recent Tor versions, and updated to work with the new microdescriptor designs. @@ -61,7 +61,7 @@ Designs that we will need to do: from one /24 to another takes a little effort for most clients. The directory authorities assume that blacklisting an IP is an okay response to a bad router at that address. These and other places - will needed instead more appropriate notions of "closeness" and + will instead need more appropriate notions of "closeness" and "similarity". We'll want to consider geographic and political boundaries rather than @@ -84,15 +84,15 @@ Designs that we will need to do: Tor routers. For these, we'll need to consider network topology issues: having nodes that can't connect to all the other nodes will weaken one of our basic assumptions for path generation, so - we'll need to make sure to do the analysis enough to tell that this + we'll need to make sure to do the analysis enough to tell whether this is safe. Ready, fire, aim: An alternative methodology At least one volunteer is currently working on IPv6 issues in Tor. If his efforts go well, it might be that our first design drafts - for some of these open topics arrive concurrently (or even in the - form of!) with alpha code to implement them. If so, we need to + for some of these open topics arrive concurrently with (or even in + the form of!) alpha code to implement them. If so, we need to follow a variant of the design process, extracting design from code to evaluate it (rather than designing then coding). Probably, based on design review, some changes to code would be necessary.

1 0

r24356: {website} use the new rtl in the arabic overview page (website/trunk/about/ar)
by Roger Dingledine 14 Mar '11

14 Mar '11

Author: arma Date: 2011-03-14 22:25:22 +0000 (Mon, 14 Mar 2011) New Revision: 24356 Modified: website/trunk/about/ar/overview.wml Log: use the new rtl in the arabic overview page Modified: website/trunk/about/ar/overview.wml =================================================================== --- website/trunk/about/ar/overview.wml 2011-03-14 22:23:53 UTC (rev 24355) +++ website/trunk/about/ar/overview.wml 2011-03-14 22:25:22 UTC (rev 24356) @@ -6,7 +6,7 @@ ## translation metadata # Revision: $Revision: 24254 $ # Translation-Priority: 2-medium -#include "head.wmi" TITLE="Tor Project: Overview" CHARSET="UTF-8" +#include "head.wmi" TITLE="Tor Project: Overview" CHARSET="UTF-8" STYLESHEET="css/master-rtl.css" <div id="content" class="clearfix"> <div id="breadcrumbs"> <a href="<page index>">الصفحة الرئيسية »</a> <a href="<page

1 0

r24355: {} New rtl css files from AhmadSherif I added a master-rtl too. (website/trunk/css)
by Roger Dingledine 14 Mar '11

14 Mar '11

Author: arma Date: 2011-03-14 22:23:53 +0000 (Mon, 14 Mar 2011) New Revision: 24355 Added: website/trunk/css/layout-rtl.css website/trunk/css/master-rtl.css website/trunk/css/typography-rtl.css Log: New rtl css files from AhmadSherif I added a master-rtl too. Added: website/trunk/css/layout-rtl.css =================================================================== --- website/trunk/css/layout-rtl.css (rev 0) +++ website/trunk/css/layout-rtl.css 2011-03-14 22:23:53 UTC (rev 24355) @@ -0,0 +1,267 @@ +html { direction: rtl; } + +.left { float: right; } +.right { float: left; } + +h1#logo { + float: right; +} + +h1#logo a, +h1#logo a:visited { + background-position: right top; +} + +#nav { + float: left; +} + +#nav ul { + float: left; +} + +#nav ul li { + float: right; +} + +#calltoaction { + float: left; +} + +#calltoaction ul { + float: left; +} + +#calltoaction ul li { + float: right; + margin-right: 10px; +} + +#calltoaction ul li a:link, +#calltoaction ul li a:visited{ + border-right: 1px solid #6ab334; + border-left: 1px solid #5a952b; + float: right; +} + +#banner { + background-position: right top; +} + +#download a:link, +#download a:visited { + background-position: right top; + float: right; + padding: 35px 80px 0 0; +} + +#download a .download-tor { + background-position: left center; + padding-left: 25px; +} + +#banner ul { + background-position: right top; + float: left; + margin: 0 0 0 15px; + padding: 10px 30px 10px 10px; +} + +#breadcrumbs { padding: 0 5px 10px 0; } + +#home #maincol { + float: right; + margin-left: 20px; +} + +#maincol { + float: left; +} + +#maincol-left { + float: right; +} + +.subcol { + float: right; +} + +#content .first { + margin-left: 20px; +} + +#home #sidecol { + float: left; +} + +#sidecol { + float: right; + margin: 0 0 0 20px; +} + +#sidecol-right { + float: left; + margin: 0 20px 0 0; +} + +.user img, .project-icon { + float: right; + margin: 3px 0 0 10px; +} + +.img-shadow { + float:right; + background-position: bottom left !important; + background-position: bottom left; + margin: 10px 10px 10px 0 !important; + margin: 10px 5px 10px 0; +} + +.img-shadow .infoblock, +.img-shadow .important-infoblock, +.img-shadow .custom-infoblock, +.img-shadow #sidenav, +.img-shadow .sidenav-sub { + margin: -6px -6px 6px 6px; +} + +#sidenav ul li.dropdown a:link, +#sidenav ul li.dropdown a:visited { background-position: right center; } +#sidenav ul li.dropdown a.active { background-position: right center; } + +.sidenav-sub ul li.dropdown a:link, +.sidenav-sub ul li.dropdown a:visited { + background-position: right top; +} + +#sidenav ul li a:link, +#sidenav ul li a:visited { + padding: 8px 26px 8px 15px; +} + +#sidenav ul li ul li a:link, +#sidenav ul li ul li a:visited { + padding-right: 37px; +} + +.sidenav-sub ul li a:link, +.sidenav-sub ul li a:visited { + display: block; + padding: 0 26px 10px 15px; +} + +#sidenav ul li.active { + background-position: right center; +} + +#sidenav ul li ul li ul li a:link, +#sidenav ul li ul li ul li a:visited { + padding-right: 48px; +} + +table td img, +table tr img { + float: right; + margin-left: 10px; +} + +.icon { + float: right; + margin-left: 15px; +} + +.calendar { + background-position: right top; + float: right; + margin-left: 10px; +} + +.fauxhead { + background-position: left top; +} + +.meta { + float: left; +} + +.windows, +.mac, +.linux, +.android { padding: 5px 20px 5px 0; } + +.windows { background-position: right center; } +.mac { background-position: right center; } +.linux { background-position: right center; } +.android { background-position: right center; } + +.title { + background-position: left top; + padding: 10px 10px 0 25px; + float: right; +} + +.title a:link, +.title a:visited { + background-position: right top; +} + +.paypal { + float: right; +} +.paypal span { padding-left: 20px; } + +.warning { + background-position: right center; +} +.warning p { padding-right: 40px; } + +.focus .icon { + float: right; + margin-left: 10px; +} + +input, select { + margin: 0 0 10px 3px; +} + +.donate-btn { + background-position: right top; +} + +.signup { + border-right: 1px solid #6ab334; + border-left: 1px solid #5a952b; +} + +select#lang { + float: right; + margin-left: 3px; +} +.go { + border-right: 1px solid #6ab334; + border-left: 1px solid #5a952b; + +} + +.onion { + float: right; + padding-left: 20px; +} + +#footer .about { + padding-left: 30px; + border-left: 1px solid #ddd; + float: right; +} + +#footer .newsletter { + padding: 0 30px 15px 0; + margin-right: 308px; +} + +#footer .col { + float: right; + margin-right: 20px; +} + +#footer .first { margin-right: 30px; } Added: website/trunk/css/master-rtl.css =================================================================== --- website/trunk/css/master-rtl.css (rev 0) +++ website/trunk/css/master-rtl.css 2011-03-14 22:23:53 UTC (rev 24355) @@ -0,0 +1,6 @@ +@charset "UTF-8"; +@import "reset.css"; +@import "layout.css"; +@import "layout-rtl.css"; +@import "typography.css"; +@import "typography-rtl.css"; Added: website/trunk/css/typography-rtl.css =================================================================== --- website/trunk/css/typography-rtl.css (rev 0) +++ website/trunk/css/typography-rtl.css 2011-03-14 22:23:53 UTC (rev 24355) @@ -0,0 +1,68 @@ +#sidenav h2, +.sidenav-sub h2 { padding: 10px 10px 0 0; } +h2.bulb { + background-position: right top; + padding: 0 25px 0 0; +} + +ol, ul { + padding-right: 40px; +} + +#nav ul li a:link, +#nav ul li a:visited { + float: right; +} +#nav ul li a:hover, +#nav ul li a.active { background-position: right top;} + +h1.headline { + float: right; +} + +p.desc { + float: right; +} + +#banner .incorrect a:link, +#banner .incorrect a:visited { + text-align: left; + float: right; + padding-left: 45px; +} + +#sidenav ul { + padding-right: 0; +} + +.sidenav-sub ul { + padding-right: 0; +} + +table h2, +#home-our-projects h2, +#home-announcements h2 { + background-position: right top; + padding-right: 10px; +} + +.continue a:link, +.continue a:visited { + float: left; +} + +.fakeol { + float: right; +} + +.instructions { + float: right; +} + +#footer ul { + padding-right: 0; +} + +#projects th { + text-align: right; +}

1 0

[tor/release-0.2.2] fold in changes files so far
by arma＠torproject.org 14 Mar '11

14 Mar '11

commit 704a27b029ac94e26e6e3695a292294c4d4905da Author: Roger Dingledine <arma(a)torproject.org> Date: Mon Mar 14 17:28:38 2011 -0400 fold in changes files so far --- ChangeLog | 41 +++++++++++++++++++++++++++++++++++++++++ changes/bug1172 | 9 --------- changes/bug2510 | 8 -------- changes/bug2511 | 6 ------ changes/bug2573 | 3 --- changes/bug2716 | 5 ----- changes/hsdir_assignment | 8 -------- 7 files changed, 41 insertions(+), 39 deletions(-) diff --git a/ChangeLog b/ChangeLog index bfa634c..c920dc4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,44 @@ +Changes in version 0.2.2.24-alpha - 2011-0?-?? + o Major bugfixes: + - Directory authorities now use data collected from their own + uptime observations when choosing whether to assign the HSDir flag + to relays, instead of trusting the uptime value the relay reports in + its descriptor. This change helps prevent an attack where a small + set of nodes with frequently-changing identity keys can blackhole + a hidden service. (Only authorities need upgrade; others will be + fine once they do.) Bugfix on 0.2.0.10-alpha; fixes bug 2709. + - Fix a bug where bridge users who configure the non-canonical + address of a bridge automatically switch to its canonical + address. If a bridge listens at more than one address, it should be + able to advertise those addresses independently and any non-blocked + addresses should continue to work. Bugfix on Tor 0.2.0.x. Fixes + bug 2510. + - If you configured Tor to use bridge A, and then quit and + configured Tor to use bridge B instead, it would happily continue + to use bridge A if it's still reachable. While this behavior is + a feature if your goal is connectivity, in some scenarios it's a + dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511. + + o Minor bugfixes: + - When we restart our relay, we might get a successful connection + from the outside before we've started our reachability tests, + triggering a warning: "ORPort found reachable, but I have no + routerinfo yet. Failing to inform controller of success." This + bug was harmless unless Tor is running under a controller + like Vidalia, in which case the controller would never get a + REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha; + fixes bug 1172. + - When a relay has failed several reachability tests, directory + authorities are more accurate at recording when it became + unreachable, so we can in turn provide more accuracy at assigning + Stable, Guard, HSDir, etc flags. Bugfix on 0.2.0.6-alpha. Resolves + bug 2716. + + o Packaging fixes: + - Create the /var/run/tor directory on startup on OpenSUSE if it is + not already created. Patch from Andreas Stieger. Fixes bug 2573. + + Changes in version 0.2.2.23-alpha - 2011-03-08 Tor 0.2.2.23-alpha lets relays record their bandwidth history so when they restart they don't lose their bandwidth capacity estimate. This diff --git a/changes/bug1172 b/changes/bug1172 deleted file mode 100644 index 3abd743..0000000 --- a/changes/bug1172 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes: - - When we restart our relay, we might get a successful connection - from the outside before we've started our reachability tests, - triggering a warning: "ORPort found reachable, but I have no - routerinfo yet. Failing to inform controller of success." This - bug was harmless unless Tor is running under a controller - like Vidalia, in which case the controller would never get a - REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha; - fixes bug 1172. diff --git a/changes/bug2510 b/changes/bug2510 deleted file mode 100644 index 2c3f613..0000000 --- a/changes/bug2510 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes: - - Fix a bug where bridge users who configure the non-canonical - address of a bridge automatically switch to its canonical - address. If a bridge listens at more than one address, it should be - able to advertise those addresses independently and any non-blocked - addresses should continue to work. Bugfix on Tor 0.2.0.x. Fixes - bug 2510. - diff --git a/changes/bug2511 b/changes/bug2511 deleted file mode 100644 index a27696a..0000000 --- a/changes/bug2511 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - If you configured Tor to use bridge A, and then quit and - configured Tor to use bridge B instead, it would happily continue - to use bridge A if it's still reachable. While this behavior is - a feature if your goal is connectivity, in some scenarios it's a - dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511. diff --git a/changes/bug2573 b/changes/bug2573 deleted file mode 100644 index 7a2a802..0000000 --- a/changes/bug2573 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor packaging issues - - Create the /var/run/tor directory on startup on OpenSUSE if it is - not already created. Patch from Andreas Stieger. Fixes bug 2573. diff --git a/changes/bug2716 b/changes/bug2716 deleted file mode 100644 index 4663ed3..0000000 --- a/changes/bug2716 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - When a relay has failed several reachability tests, be more accurate - at recording when it became unreachable, so we can in turn provide - more accuracy at assigning Stable, Guard, HSDir, etc flags. Bugfix - on 0.2.0.6-alpha. Resolves bug 2716. diff --git a/changes/hsdir_assignment b/changes/hsdir_assignment deleted file mode 100644 index 5c04b9b..0000000 --- a/changes/hsdir_assignment +++ /dev/null @@ -1,8 +0,0 @@ - o Security fixes: - - Directory authorities now use data collected from rephist when - choosing whether to assign the HSDir flag to relays, instead of - trusting the uptime value the relay reports in its descriptor. - This helps prevent an attack where a small set of nodes with - frequently-changing identity keys can blackhole a hidden service. - (Only authorities need upgrade; others will be fine once they do.) - Bugfix on 0.2.0.10-alpha; fixes bug 2709.

1 0

[tor/master] clarify log messages based on suggestion from arma
by nickm＠torproject.org 14 Mar '11

14 Mar '11

commit f038b45b09edc992c16d14c31da73b90ba3460e2 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 14 17:23:28 2011 -0400 clarify log messages based on suggestion from arma --- src/or/circuitbuild.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index dbbb9de..015dfb4 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -4717,7 +4717,8 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node) ri->address = tor_dup_ip(ri->addr); ri->or_port = bridge->port; log_info(LD_DIR, - "Adjusted bridge '%s' to match configured address %s:%d.", + "Adjusted bridge routerinfo for '%s' to match configured " + "address %s:%d.", ri->nickname, ri->address, ri->or_port); } } @@ -4732,7 +4733,8 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node) rs->addr = tor_addr_to_ipv4h(&bridge->addr); rs->or_port = bridge->port; log_info(LD_DIR, - "Adjusted bridge '%s' to match configured address %s:%d.", + "Adjusted bridge routerstatus for '%s' to match " + "configured address %s:%d.", rs->nickname, fmt_addr(&bridge->addr), rs->or_port); } }

1 0

[tor/master] Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
by nickm＠torproject.org 14 Mar '11

14 Mar '11

commit b97d9abd0940037b249a1ee56724dbfed904263b Merge: 0588330 1a9d19e Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 14 17:04:53 2011 -0400 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 changes/bug1172 | 9 +++++++++ src/or/router.c | 20 +++++--------------- 2 files changed, 14 insertions(+), 15 deletions(-) diff --combined src/or/router.c index 4c5eb7a,ba7be3d..c15b9b2 --- a/src/or/router.c +++ b/src/or/router.c @@@ -7,24 -7,6 +7,24 @@@ #define ROUTER_PRIVATE #include "or.h" +#include "circuitlist.h" +#include "circuituse.h" +#include "config.h" +#include "connection.h" +#include "control.h" +#include "directory.h" +#include "dirserv.h" +#include "dns.h" +#include "geoip.h" +#include "hibernate.h" +#include "main.h" +#include "networkstatus.h" +#include "policies.h" +#include "relay.h" +#include "rephist.h" +#include "router.h" +#include "routerlist.h" +#include "routerparse.h" /** * \file router.c @@@ -49,15 -31,11 +49,15 @@@ static crypto_pk_env_t *onionkey=NULL /** Previous private onionskin decryption key: used to decode CREATE cells * generated by clients that have an older version of our descriptor. */ static crypto_pk_env_t *lastonionkey=NULL; -/** Private "identity key": used to sign directory info and TLS +/** Private server "identity key": used to sign directory info and TLS * certificates. Never changes. */ -static crypto_pk_env_t *identitykey=NULL; -/** Digest of identitykey. */ -static char identitykey_digest[DIGEST_LEN]; +static crypto_pk_env_t *server_identitykey=NULL; +/** Digest of server_identitykey. */ +static char server_identitykey_digest[DIGEST_LEN]; +/** Private client "identity key": used to sign bridges' and clients' + * outbound TLS certificates. Regenerated on startup and on IP address + * change. */ +static crypto_pk_env_t *client_identitykey=NULL; /** Signing key used for v3 directory material; only set for authorities. */ static crypto_pk_env_t *authority_signing_key = NULL; /** Key certificate to authenticate v3 directory material; only set for @@@ -83,7 -61,8 +83,7 @@@ static voi set_onion_key(crypto_pk_env_t *k) { tor_mutex_acquire(key_lock); - if (onionkey) - crypto_free_pk_env(onionkey); + crypto_free_pk_env(onionkey); onionkey = k; onionkey_set_at = time(NULL); tor_mutex_release(key_lock); @@@ -127,78 -106,32 +127,78 @@@ get_onion_key_set_at(void return onionkey_set_at; } -/** Set the current identity key to k. +/** Set the current server identity key to <b>k</b>. */ void -set_identity_key(crypto_pk_env_t *k) +set_server_identity_key(crypto_pk_env_t *k) { - if (identitykey) - crypto_free_pk_env(identitykey); - identitykey = k; - crypto_pk_get_digest(identitykey, identitykey_digest); + crypto_free_pk_env(server_identitykey); + server_identitykey = k; + crypto_pk_get_digest(server_identitykey, server_identitykey_digest); } -/** Returns the current identity key; requires that the identity key has been - * set. +/** Make sure that we have set up our identity keys to match or not match as + * appropriate, and die with an assertion if we have not. */ +static void +assert_identity_keys_ok(void) +{ + tor_assert(client_identitykey); + if (public_server_mode(get_options())) { + /* assert that we have set the client and server keys to be equal */ + tor_assert(server_identitykey); + tor_assert(0==crypto_pk_cmp_keys(client_identitykey, server_identitykey)); + } else { + /* assert that we have set the client and server keys to be unequal */ + if (server_identitykey) + tor_assert(0!=crypto_pk_cmp_keys(client_identitykey, + server_identitykey)); + } +} + +/** Returns the current server identity key; requires that the key has + * been set, and that we are running as a Tor server. */ crypto_pk_env_t * -get_identity_key(void) +get_server_identity_key(void) { - tor_assert(identitykey); - return identitykey; + tor_assert(server_identitykey); + tor_assert(server_mode(get_options())); + assert_identity_keys_ok(); + return server_identitykey; } -/** Return true iff the identity key has been set. */ +/** Return true iff the server identity key has been set. */ int -identity_key_is_set(void) +server_identity_key_is_set(void) { - return identitykey != NULL; + return server_identitykey != NULL; +} + +/** Set the current client identity key to <b>k</b>. + */ +void +set_client_identity_key(crypto_pk_env_t *k) +{ + crypto_free_pk_env(client_identitykey); + client_identitykey = k; +} + +/** Returns the current client identity key for use on outgoing TLS + * connections; requires that the key has been set. + */ +crypto_pk_env_t * +get_tlsclient_identity_key(void) +{ + tor_assert(client_identitykey); + assert_identity_keys_ok(); + return client_identitykey; +} + +/** Return true iff the client identity key has been set. */ +int +client_identity_key_is_set(void) +{ + return client_identitykey != NULL; } /** Return the key certificate for this v3 (voting) authority, or NULL @@@ -268,7 -201,8 +268,7 @@@ rotate_onion_key(void } log_info(LD_GENERAL, "Rotating onion key"); tor_mutex_acquire(key_lock); - if (lastonionkey) - crypto_free_pk_env(lastonionkey); + crypto_free_pk_env(lastonionkey); lastonionkey = onionkey; onionkey = prkey; now = time(NULL); @@@ -397,9 -331,10 +397,9 @@@ load_authority_keyset(int legacy, crypt goto done; } - if (*key_out) - crypto_free_pk_env(*key_out); - if (*cert_out) - authority_cert_free(*cert_out); + crypto_free_pk_env(*key_out); + authority_cert_free(*cert_out); + *key_out = signing_key; *cert_out = parsed; r = 0; @@@ -409,8 -344,10 +409,8 @@@ done: tor_free(fname); tor_free(cert); - if (signing_key) - crypto_free_pk_env(signing_key); - if (parsed) - authority_cert_free(parsed); + crypto_free_pk_env(signing_key); + authority_cert_free(parsed); return r; } @@@ -505,9 -442,7 +505,9 @@@ init_keys(void key_lock = tor_mutex_new(); /* There are a couple of paths that put us here before */ - if (crypto_global_init(get_options()->HardwareAccel)) { + if (crypto_global_init(get_options()->HardwareAccel, + get_options()->AccelName, + get_options()->AccelDir)) { log_err(LD_BUG, "Unable to initialize OpenSSL. Exiting."); return -1; } @@@ -521,12 -456,9 +521,12 @@@ crypto_free_pk_env(prkey); return -1; } - set_identity_key(prkey); - /* Create a TLS context; default the client nickname to "client". */ - if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) { + set_client_identity_key(prkey); + /* Create a TLS context. */ + if (tor_tls_context_init(0, + get_tlsclient_identity_key(), + NULL, + MAX_SSL_KEY_LIFETIME) < 0) { log_err(LD_GENERAL,"Error creating TLS context for Tor client."); return -1; } @@@ -561,28 -493,13 +561,28 @@@ } } - /* 1. Read identity key. Make it if none is found. */ + /* 1b. Read identity key. Make it if none is found. */ keydir = get_datadir_fname2("keys", "secret_id_key"); log_info(LD_GENERAL,"Reading/making identity key \"%s\"...",keydir); prkey = init_key_from_file(keydir, 1, LOG_ERR); tor_free(keydir); if (!prkey) return -1; - set_identity_key(prkey); + set_server_identity_key(prkey); + + /* 1c. If we are configured as a bridge, generate a client key; + * otherwise, set the server identity key as our client identity + * key. */ + if (public_server_mode(options)) { + set_client_identity_key(crypto_pk_dup_key(prkey)); /* set above */ + } else { + if (!(prkey = crypto_new_pk_env())) + return -1; + if (crypto_pk_generate_key(prkey)) { + crypto_free_pk_env(prkey); + return -1; + } + set_client_identity_key(prkey); + } /* 2. Read onion key. Make it if none is found. */ keydir = get_datadir_fname2("keys", "secret_onion_key"); @@@ -619,22 -536,18 +619,22 @@@ tor_free(keydir); /* 3. Initialize link key and TLS context. */ - if (tor_tls_context_new(get_identity_key(), MAX_SSL_KEY_LIFETIME) < 0) { + if (tor_tls_context_init(public_server_mode(options), + get_tlsclient_identity_key(), + get_server_identity_key(), + MAX_SSL_KEY_LIFETIME) < 0) { log_err(LD_GENERAL,"Error initializing TLS context"); return -1; } /* 4. Build our router descriptor. */ /* Must be called after keys are initialized. */ mydesc = router_get_my_descriptor(); - if (authdir_mode(options)) { + if (authdir_mode_handles_descs(options, ROUTER_PURPOSE_GENERAL)) { const char *m = NULL; routerinfo_t *ri; /* We need to add our own fingerprint so it gets recognized. */ - if (dirserv_add_own_fingerprint(options->Nickname, get_identity_key())) { + if (dirserv_add_own_fingerprint(options->Nickname, + get_server_identity_key())) { log_err(LD_GENERAL,"Error adding own fingerprint to approved set"); return -1; } @@@ -655,8 -568,7 +655,8 @@@ /* 5. Dump fingerprint to 'fingerprint' */ keydir = get_datadir_fname("fingerprint"); log_info(LD_GENERAL,"Dumping fingerprint to \"%s\"...",keydir); - if (crypto_pk_get_fingerprint(get_identity_key(), fingerprint, 0)<0) { + if (crypto_pk_get_fingerprint(get_server_identity_key(), + fingerprint, 0) < 0) { log_err(LD_GENERAL,"Error computing fingerprint"); tor_free(keydir); return -1; @@@ -694,7 -606,7 +694,7 @@@ return -1; } /* 6b. [authdirserver only] add own key to approved directories. */ - crypto_pk_get_digest(get_identity_key(), digest); + crypto_pk_get_digest(get_server_identity_key(), digest); type = ((options->V1AuthoritativeDir ? V1_AUTHORITY : NO_AUTHORITY) | (options->V2AuthoritativeDir ? V2_AUTHORITY : NO_AUTHORITY) | (options->V3AuthoritativeDir ? V3_AUTHORITY : NO_AUTHORITY) | @@@ -881,19 -793,14 +881,14 @@@ consider_testing_reachability(int test_ void router_orport_found_reachable(void) { - if (!can_reach_or_port) { - routerinfo_t *me = router_get_my_routerinfo(); + routerinfo_t *me = router_get_my_routerinfo(); + if (!can_reach_or_port && me) { log_notice(LD_OR,"Self-testing indicates your ORPort is reachable from " "the outside. Excellent.%s", get_options()->_PublishServerDescriptor != NO_AUTHORITY ? " Publishing server descriptor." : ""); can_reach_or_port = 1; mark_my_descriptor_dirty(); - if (!me) { /* should never happen */ - log_warn(LD_BUG, "ORPort found reachable, but I have no routerinfo " - "yet. Failing to inform controller of success."); - return; - } control_event_server_status(LOG_NOTICE, "REACHABILITY_SUCCEEDED ORADDRESS=%s:%d", me->address, me->or_port); @@@ -904,18 -811,13 +899,13 @@@ void router_dirport_found_reachable(void) { - if (!can_reach_dir_port) { - routerinfo_t *me = router_get_my_routerinfo(); + routerinfo_t *me = router_get_my_routerinfo(); + if (!can_reach_dir_port && me) { log_notice(LD_DIRSERV,"Self-testing indicates your DirPort is reachable " "from the outside. Excellent."); can_reach_dir_port = 1; - if (!me || decide_to_advertise_dirport(get_options(), me->dir_port)) + if (decide_to_advertise_dirport(get_options(), me->dir_port)) mark_my_descriptor_dirty(); - if (!me) { /* should never happen */ - log_warn(LD_BUG, "DirPort found reachable, but I have no routerinfo " - "yet. Failing to inform controller of success."); - return; - } control_event_server_status(LOG_NOTICE, "REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d", me->address, me->dir_port); @@@ -1050,28 -952,6 +1040,28 @@@ server_mode(or_options_t *options return (options->ORPort != 0 || options->ORListenAddress); } +/** Return true iff we are trying to be a non-bridge server. + */ +int +public_server_mode(or_options_t *options) +{ + if (!server_mode(options)) return 0; + return (!options->BridgeRelay); +} + +/** Return true iff the combination of options in <b>options</b> and parameters + * in the consensus mean that we don't want to allow exits from circuits + * we got from addresses not known to be servers. */ +int +should_refuse_unknown_exits(or_options_t *options) +{ + if (options->RefuseUnknownExits_ != -1) { + return options->RefuseUnknownExits_; + } else { + return networkstatus_get_param(NULL, "refuseunknownexits", 1, 0, 1); + } +} + /** Remember if we've advertised ourselves to the dirservers. */ static int server_is_advertised=0; @@@ -1099,7 -979,7 +1089,7 @@@ proxy_mode(or_options_t *options { return (options->SocksPort != 0 || options->SocksListenAddress || options->TransPort != 0 || options->TransListenAddress || - options->NatdPort != 0 || options->NatdListenAddress || + options->NATDPort != 0 || options->NATDListenAddress || options->DNSPort != 0 || options->DNSListenAddress); } @@@ -1234,24 -1114,12 +1224,24 @@@ router_compare_to_my_exit_policy(edge_c desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED; } +/** Return true iff my exit policy is reject *:*. Return -1 if we don't + * have a descriptor */ +int +router_my_exit_policy_is_reject_star(void) +{ + if (!router_get_my_routerinfo()) /* make sure desc_routerinfo exists */ + return -1; + + return desc_routerinfo->policy_is_reject_star; +} + /** Return true iff I'm a server and <b>digest</b> is equal to - * my identity digest. */ + * my server identity key digest. */ int router_digest_is_me(const char *digest) { - return identitykey && !memcmp(identitykey_digest, digest, DIGEST_LEN); + return (server_identitykey && + !memcmp(server_identitykey_digest, digest, DIGEST_LEN)); } /** Return true iff I'm a server and <b>digest</b> is equal to @@@ -1341,8 -1209,6 +1331,8 @@@ static int router_guess_address_from_di int router_pick_published_address(or_options_t *options, uint32_t *addr) { + char buf[INET_NTOA_BUF_LEN]; + struct in_addr a; if (resolve_my_address(LOG_INFO, options, addr, NULL) < 0) { log_info(LD_CONFIG, "Could not determine our address locally. " "Checking if directory headers provide any hints."); @@@ -1352,9 -1218,6 +1342,9 @@@ return -1; } } + a.s_addr = htonl(*addr); + tor_inet_ntoa(&a, buf, sizeof(buf)); + log_info(LD_CONFIG,"Success: chose address '%s'.", buf); return 0; } @@@ -1377,7 -1240,7 +1367,7 @@@ router_rebuild_descriptor(int force if (router_pick_published_address(options, &addr) < 0) { /* Stop trying to rebuild our descriptor every second. We'll - * learn that it's time to try again when server_has_changed_ip() + * learn that it's time to try again when ip_address_changed() * marks it dirty. */ desc_clean_since = time(NULL); return -1; @@@ -1393,7 -1256,7 +1383,7 @@@ ri->cache_info.published_on = time(NULL); ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from * main thread */ - ri->identity_pkey = crypto_pk_dup_key(get_identity_key()); + ri->identity_pkey = crypto_pk_dup_key(get_server_identity_key()); if (crypto_pk_get_digest(ri->identity_pkey, ri->cache_info.identity_digest)<0) { routerinfo_free(ri); @@@ -1410,16 -1273,9 +1400,16 @@@ ri->bandwidthcapacity = hibernating ? 0 : rep_hist_bandwidth_assess(); - policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy, - options->ExitPolicyRejectPrivate, - ri->address); + if (dns_seems_to_be_broken() || has_dns_init_failed()) { + /* DNS is screwed up; don't claim to be an exit. */ + policies_exit_policy_append_reject_star(&ri->exit_policy); + } else { + policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy, + options->ExitPolicyRejectPrivate, + ri->address, !options->BridgeRelay); + } + ri->policy_is_reject_star = + policy_is_reject_star(ri->exit_policy); if (desc_routerinfo) { /* inherit values */ ri->is_valid = desc_routerinfo->is_valid; @@@ -1490,30 -1346,26 +1480,30 @@@ ei->cache_info.published_on = ri->cache_info.published_on; memcpy(ei->cache_info.identity_digest, ri->cache_info.identity_digest, DIGEST_LEN); - ei->cache_info.signed_descriptor_body = tor_malloc(8192); - if (extrainfo_dump_to_string(ei->cache_info.signed_descriptor_body, 8192, - ei, get_identity_key()) < 0) { + if (extrainfo_dump_to_string(&ei->cache_info.signed_descriptor_body, + ei, get_server_identity_key()) < 0) { log_warn(LD_BUG, "Couldn't generate extra-info descriptor."); - routerinfo_free(ri); extrainfo_free(ei); - return -1; + ei = NULL; + } else { + ei->cache_info.signed_descriptor_len = + strlen(ei->cache_info.signed_descriptor_body); + router_get_extrainfo_hash(ei->cache_info.signed_descriptor_body, + ei->cache_info.signed_descriptor_digest); } - ei->cache_info.signed_descriptor_len = - strlen(ei->cache_info.signed_descriptor_body); - router_get_extrainfo_hash(ei->cache_info.signed_descriptor_body, - ei->cache_info.signed_descriptor_digest); /* Now finish the router descriptor. */ - memcpy(ri->cache_info.extra_info_digest, - ei->cache_info.signed_descriptor_digest, - DIGEST_LEN); + if (ei) { + memcpy(ri->cache_info.extra_info_digest, + ei->cache_info.signed_descriptor_digest, + DIGEST_LEN); + } else { + /* ri was allocated with tor_malloc_zero, so there is no need to + * zero ri->cache_info.extra_info_digest here. */ + } ri->cache_info.signed_descriptor_body = tor_malloc(8192); if (router_dump_router_to_string(ri->cache_info.signed_descriptor_body, 8192, - ri, get_identity_key())<0) { + ri, get_server_identity_key()) < 0) { log_warn(LD_BUG, "Couldn't generate router descriptor."); routerinfo_free(ri); extrainfo_free(ei); @@@ -1528,7 -1380,7 +1518,7 @@@ /* Let bridges serve their own descriptors unencrypted, so they can * pass reachability testing. (If they want to be harder to notice, * they can always leave the DirPort off). */ - if (!options->BridgeRelay) + if (ei && !options->BridgeRelay) ei->cache_info.send_unencrypted = 1; router_get_router_hash(ri->cache_info.signed_descriptor_body, @@@ -1537,13 -1389,13 +1527,13 @@@ routerinfo_set_country(ri); - tor_assert(! routerinfo_incompatible_with_extrainfo(ri, ei, NULL, NULL)); + if (ei) { + tor_assert(! routerinfo_incompatible_with_extrainfo(ri, ei, NULL, NULL)); + } - if (desc_routerinfo) - routerinfo_free(desc_routerinfo); + routerinfo_free(desc_routerinfo); desc_routerinfo = ri; - if (desc_extrainfo) - extrainfo_free(desc_extrainfo); + extrainfo_free(desc_extrainfo); desc_extrainfo = ei; desc_clean_since = time(NULL); @@@ -1724,6 -1576,8 +1714,6 @@@ router_guess_address_from_dir_headers(u return -1; } -extern const char tor_svn_revision[]; /* from tor_main.c */ - /** Set <b>platform</b> (max length <b>len</b>) to a NUL-terminated short * string describing the version of Tor and the operating system we're * currently running on. @@@ -1754,7 -1608,6 +1744,7 @@@ router_dump_router_to_string(char *s, s char digest[DIGEST_LEN]; char published[ISO_TIME_LEN+1]; char fingerprint[FINGERPRINT_LEN+1]; + int has_extra_info_digest; char extra_info_digest[HEX_DIGEST_LEN+1]; size_t onion_pkeylen, identity_pkeylen; size_t written; @@@ -1783,7 -1636,7 +1773,7 @@@ return -1; } - /* PEM-encode the identity key key */ + /* PEM-encode the identity key */ if (crypto_pk_write_public_key_to_string(router->identity_pkey, &identity_pkey,&identity_pkeylen)<0) { log_warn(LD_BUG,"write identity_pkey to string failed!"); @@@ -1805,13 -1658,8 +1795,13 @@@ family_line = tor_strdup(""); } - base16_encode(extra_info_digest, sizeof(extra_info_digest), - router->cache_info.extra_info_digest, DIGEST_LEN); + has_extra_info_digest = + ! tor_digest_is_zero(router->cache_info.extra_info_digest); + + if (has_extra_info_digest) { + base16_encode(extra_info_digest, sizeof(extra_info_digest), + router->cache_info.extra_info_digest, DIGEST_LEN); + } /* Generate the easy portion of the router descriptor. */ result = tor_snprintf(s, maxlen, @@@ -1822,7 -1670,7 +1812,7 @@@ "opt fingerprint %s\n" "uptime %ld\n" "bandwidth %d %d %d\n" - "opt extra-info-digest %s\n%s" + "%s%s%s%s" "onion-key\n%s" "signing-key\n%s" "%s%s%s%s", @@@ -1837,9 -1685,7 +1827,9 @@@ (int) router->bandwidthrate, (int) router->bandwidthburst, (int) router->bandwidthcapacity, - extra_info_digest, + has_extra_info_digest ? "opt extra-info-digest " : "", + has_extra_info_digest ? extra_info_digest : "", + has_extra_info_digest ? "\n" : "", options->DownloadExtraInfo ? "opt caches-extra-info\n" : "", onion_pkey, identity_pkey, family_line, @@@ -1871,7 -1717,9 +1861,7 @@@ } /* Write the exit policy to the end of 's'. */ - if (dns_seems_to_be_broken() || has_dns_init_failed() || - !router->exit_policy || !smartlist_len(router->exit_policy)) { - /* DNS is screwed up; don't claim to be an exit. */ + if (!router->exit_policy || !smartlist_len(router->exit_policy)) { strlcat(s+written, "reject *:*\n", maxlen-written); written += strlen("reject *:*\n"); tmpe = NULL; @@@ -1894,8 -1742,7 +1884,8 @@@ } } - if (written+256 > maxlen) { /* Not enough room for signature. */ + if (written + DIROBJ_MAX_SIG_LEN > maxlen) { + /* Not enough room for signature. */ log_warn(LD_BUG,"not enough room left in descriptor for signature!"); return -1; } @@@ -1910,7 -1757,7 +1900,7 @@@ note_crypto_pk_op(SIGN_RTR); if (router_append_dirobj_signature(s+written,maxlen-written, - digest,ident_key)<0) { + digest,DIGEST_LEN,ident_key)<0) { log_warn(LD_BUG, "Couldn't sign router descriptor"); return -1; } @@@ -1945,62 -1792,11 +1935,62 @@@ return (int)written+1; } -/** Write the contents of <b>extrainfo</b> to the <b>maxlen</b>-byte string - * <b>s</b>, signing them with <b>ident_key</b>. Return 0 on success, - * negative on failure. */ +/** Load the contents of <b>filename</b>, find the last line starting with + * <b>end_line</b>, ensure that its timestamp is not more than 25 hours in + * the past or more than 1 hour in the future with respect to <b>now</b>, + * and write the file contents starting with that line to *<b>out</b>. + * Return 1 for success, 0 if the file does not exist, or -1 if the file + * does not contain a line matching these criteria or other failure. */ +static int +load_stats_file(const char *filename, const char *end_line, time_t now, + char **out) +{ + int r = -1; + char *fname = get_datadir_fname(filename); + char *contents, *start = NULL, *tmp, timestr[ISO_TIME_LEN+1]; + time_t written; + switch (file_status(fname)) { + case FN_FILE: + /* X022 Find an alternative to reading the whole file to memory. */ + if ((contents = read_file_to_str(fname, 0, NULL))) { + tmp = strstr(contents, end_line); + /* Find last block starting with end_line */ + while (tmp) { + start = tmp; + tmp = strstr(tmp + 1, end_line); + } + if (!start) + goto notfound; + if (strlen(start) < strlen(end_line) + 1 + sizeof(timestr)) + goto notfound; + strlcpy(timestr, start + 1 + strlen(end_line), sizeof(timestr)); + if (parse_iso_time(timestr, &written) < 0) + goto notfound; + if (written < now - (25*60*60) || written > now + (1*60*60)) + goto notfound; + *out = tor_strdup(start); + r = 1; + } + notfound: + tor_free(contents); + break; + case FN_NOENT: + r = 0; + break; + case FN_ERROR: + case FN_DIR: + default: + break; + } + tor_free(fname); + return r; +} + +/** Write the contents of <b>extrainfo</b> and aggregated statistics to + * *<b>s_out</b>, signing them with <b>ident_key</b>. Return 0 on + * success, negative on failure. */ int -extrainfo_dump_to_string(char *s, size_t maxlen, extrainfo_t *extrainfo, +extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo, crypto_pk_env_t *ident_key) { or_options_t *options = get_options(); @@@ -2009,128 -1805,87 +1999,128 @@@ char digest[DIGEST_LEN]; char *bandwidth_usage; int result; - size_t len; + static int write_stats_to_extrainfo = 1; + char sig[DIROBJ_MAX_SIG_LEN+1]; + char *s, *pre, *contents, *cp, *s_dup = NULL; + time_t now = time(NULL); + smartlist_t *chunks = smartlist_create(); + extrainfo_t *ei_tmp = NULL; base16_encode(identity, sizeof(identity), extrainfo->cache_info.identity_digest, DIGEST_LEN); format_iso_time(published, extrainfo->cache_info.published_on); - bandwidth_usage = rep_hist_get_bandwidth_lines(1); + bandwidth_usage = rep_hist_get_bandwidth_lines(); - result = tor_snprintf(s, maxlen, - "extra-info %s %s\n" - "published %s\n%s", - extrainfo->nickname, identity, - published, bandwidth_usage); + tor_asprintf(&pre, "extra-info %s %s\npublished %s\n%s", + extrainfo->nickname, identity, + published, bandwidth_usage); tor_free(bandwidth_usage); - if (result<0) - return -1; + smartlist_add(chunks, pre); + + if (options->ExtraInfoStatistics && write_stats_to_extrainfo) { + log_info(LD_GENERAL, "Adding stats to extra-info descriptor."); + if (options->DirReqStatistics && + load_stats_file("stats"PATH_SEPARATOR"dirreq-stats", + "dirreq-stats-end", now, &contents) > 0) { + smartlist_add(chunks, contents); + } + if (options->EntryStatistics && + load_stats_file("stats"PATH_SEPARATOR"entry-stats", + "entry-stats-end", now, &contents) > 0) { + smartlist_add(chunks, contents); + } + if (options->CellStatistics && + load_stats_file("stats"PATH_SEPARATOR"buffer-stats", + "cell-stats-end", now, &contents) > 0) { + smartlist_add(chunks, contents); + } + if (options->ExitPortStatistics && + load_stats_file("stats"PATH_SEPARATOR"exit-stats", + "exit-stats-end", now, &contents) > 0) { + smartlist_add(chunks, contents); + } + } - if (should_record_bridge_info(options)) { - char *geoip_summary = extrainfo_get_client_geoip_summary(time(NULL)); - if (geoip_summary) { - char geoip_start[ISO_TIME_LEN+1]; - format_iso_time(geoip_start, geoip_get_history_start()); - result = tor_snprintf(s+strlen(s), maxlen-strlen(s), - "geoip-start-time %s\n" - "geoip-client-origins %s\n", - geoip_start, geoip_summary); - control_event_clients_seen(geoip_start, geoip_summary); - tor_free(geoip_summary); - if (result<0) - return -1; + if (should_record_bridge_info(options) && write_stats_to_extrainfo) { + const char *bridge_stats = geoip_get_bridge_stats_extrainfo(now); + if (bridge_stats) { + smartlist_add(chunks, tor_strdup(bridge_stats)); } } - len = strlen(s); - strlcat(s+len, "router-signature\n", maxlen-len); - len += strlen(s+len); - if (router_get_extrainfo_hash(s, digest)<0) - return -1; - if (router_append_dirobj_signature(s+len, maxlen-len, digest, ident_key)<0) - return -1; + smartlist_add(chunks, tor_strdup("router-signature\n")); + s = smartlist_join_strings(chunks, "", 0, NULL); + + while (strlen(s) > MAX_EXTRAINFO_UPLOAD_SIZE - DIROBJ_MAX_SIG_LEN) { + /* So long as there are at least two chunks (one for the initial + * extra-info line and one for the router-signature), we can keep removing + * things. */ + if (smartlist_len(chunks) > 2) { + /* We remove the next-to-last element (remember, len-1 is the last + element), since we need to keep the router-signature element. */ + int idx = smartlist_len(chunks) - 2; + char *e = smartlist_get(chunks, idx); + smartlist_del_keeporder(chunks, idx); + log_warn(LD_GENERAL, "We just generated an extra-info descriptor " + "with statistics that exceeds the 50 KB " + "upload limit. Removing last added " + "statistics."); + tor_free(e); + tor_free(s); + s = smartlist_join_strings(chunks, "", 0, NULL); + } else { + log_warn(LD_BUG, "We just generated an extra-info descriptors that " + "exceeds the 50 KB upload limit."); + goto err; + } + } -#ifdef DEBUG_ROUTER_DUMP_ROUTER_TO_STRING - { - char *cp, *s_dup; - extrainfo_t *ei_tmp; - cp = s_dup = tor_strdup(s); - ei_tmp = extrainfo_parse_entry_from_string(cp, NULL, 1, NULL); - if (!ei_tmp) { - log_err(LD_BUG, - "We just generated an extrainfo descriptor we can't parse."); - log_err(LD_BUG, "Descriptor was: <<%s>>", s); - tor_free(s_dup); - return -1; + memset(sig, 0, sizeof(sig)); + if (router_get_extrainfo_hash(s, digest) < 0 || + router_append_dirobj_signature(sig, sizeof(sig), digest, DIGEST_LEN, + ident_key) < 0) { + log_warn(LD_BUG, "Could not append signature to extra-info " + "descriptor."); + goto err; + } + smartlist_add(chunks, tor_strdup(sig)); + tor_free(s); + s = smartlist_join_strings(chunks, "", 0, NULL); + + cp = s_dup = tor_strdup(s); + ei_tmp = extrainfo_parse_entry_from_string(cp, NULL, 1, NULL); + if (!ei_tmp) { + if (write_stats_to_extrainfo) { + log_warn(LD_GENERAL, "We just generated an extra-info descriptor " + "with statistics that we can't parse. Not " + "adding statistics to this or any future " + "extra-info descriptors."); + write_stats_to_extrainfo = 0; + result = extrainfo_dump_to_string(s_out, extrainfo, ident_key); + goto done; + } else { + log_warn(LD_BUG, "We just generated an extrainfo descriptor we " + "can't parse."); + goto err; } - tor_free(s_dup); - extrainfo_free(ei_tmp); } -#endif - return (int)strlen(s)+1; -} + *s_out = s; + s = NULL; /* prevent free */ + result = 0; + goto done; -/** Wrapper function for geoip_get_client_history(). It first discards - * any items in the client history that are too old -- it dumps anything - * more than 48 hours old, but it only considers whether to dump at most - * once per 48 hours, so we aren't too precise to an observer (see also - * r14780). - */ -char * -extrainfo_get_client_geoip_summary(time_t now) -{ - static time_t last_purged_at = 0; - int geoip_purge_interval = 48*60*60; -#ifdef ENABLE_GEOIP_STATS - if (get_options()->DirRecordUsageByCountry) - geoip_purge_interval = get_options()->DirRecordUsageRetainIPs; -#endif - if (now > last_purged_at+geoip_purge_interval) { - geoip_remove_old_clients(now-geoip_purge_interval); - last_purged_at = now; - } - return geoip_get_client_history(now, GEOIP_CLIENT_CONNECT); + err: + result = -1; + + done: + tor_free(s); + SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp)); + smartlist_free(chunks); + tor_free(s_dup); + extrainfo_free(ei_tmp); + + return result; } /** Return true iff <b>s</b> is a legally valid server nickname. */ @@@ -2257,17 -2012,26 +2247,17 @@@ router_purpose_from_string(const char * void router_free_all(void) { - if (onionkey) - crypto_free_pk_env(onionkey); - if (lastonionkey) - crypto_free_pk_env(lastonionkey); - if (identitykey) - crypto_free_pk_env(identitykey); - if (key_lock) - tor_mutex_free(key_lock); - if (desc_routerinfo) - routerinfo_free(desc_routerinfo); - if (desc_extrainfo) - extrainfo_free(desc_extrainfo); - if (authority_signing_key) - crypto_free_pk_env(authority_signing_key); - if (authority_key_certificate) - authority_cert_free(authority_key_certificate); - if (legacy_signing_key) - crypto_free_pk_env(legacy_signing_key); - if (legacy_key_certificate) - authority_cert_free(legacy_key_certificate); + crypto_free_pk_env(onionkey); + crypto_free_pk_env(lastonionkey); + crypto_free_pk_env(server_identitykey); + crypto_free_pk_env(client_identitykey); + tor_mutex_free(key_lock); + routerinfo_free(desc_routerinfo); + extrainfo_free(desc_extrainfo); + crypto_free_pk_env(authority_signing_key); + authority_cert_free(authority_key_certificate); + crypto_free_pk_env(legacy_signing_key); + authority_cert_free(legacy_key_certificate); if (warned_nonexistent_family) { SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));

1 0

[tor/master] Merge remote branch 'origin/maint-0.2.2'
by nickm＠torproject.org 14 Mar '11

14 Mar '11

commit ebf6786ab3597ec96ef2c026d7dc32c26fbc84e4 Merge: 50c9d31 b97d9ab Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 14 17:22:38 2011 -0400 Merge remote branch 'origin/maint-0.2.2' Fixed conflict: router_get_my_routerinfo now returns const Conflicts: src/or/router.c changes/bug1172 | 9 +++++++++ src/or/router.c | 20 +++++--------------- 2 files changed, 14 insertions(+), 15 deletions(-) diff --combined src/or/router.c index 3f1a0a0,c15b9b2..eb4d6b5 --- a/src/or/router.c +++ b/src/or/router.c @@@ -7,7 -7,6 +7,7 @@@ #define ROUTER_PRIVATE #include "or.h" +#include "circuitbuild.h" #include "circuitlist.h" #include "circuituse.h" #include "config.h" @@@ -20,7 -19,6 +20,7 @@@ #include "hibernate.h" #include "main.h" #include "networkstatus.h" +#include "nodelist.h" #include "policies.h" #include "relay.h" #include "rephist.h" @@@ -152,8 -150,8 +152,8 @@@ assert_identity_keys_ok(void } else { /* assert that we have set the client and server keys to be unequal */ if (server_identitykey) - tor_assert(0!=crypto_pk_cmp_keys(client_identitykey, - server_identitykey)); + tor_assert(0!=crypto_pk_cmp_keys(client_identitykey, + server_identitykey)); } } @@@ -849,21 -847,18 +849,21 @@@ decide_to_advertise_dirport(or_options_ void consider_testing_reachability(int test_or, int test_dir) { - routerinfo_t *me = router_get_my_routerinfo(); + const routerinfo_t *me = router_get_my_routerinfo(); int orport_reachable = check_whether_orport_reachable(); tor_addr_t addr; if (!me) return; if (test_or && (!orport_reachable || !circuit_enough_testing_circs())) { + extend_info_t *ei; log_info(LD_CIRC, "Testing %s of my ORPort: %s:%d.", !orport_reachable ? "reachability" : "bandwidth", me->address, me->or_port); - circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me, - CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL); + ei = extend_info_from_router(me); + circuit_launch_by_extend_info(CIRCUIT_PURPOSE_TESTING, ei, + CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL); + extend_info_free(ei); } tor_addr_from_ipv4h(&addr, me->addr); @@@ -886,19 -881,14 +886,14 @@@ void router_orport_found_reachable(void) { - if (!can_reach_or_port) { - const routerinfo_t *me = router_get_my_routerinfo(); - routerinfo_t *me = router_get_my_routerinfo(); ++ const routerinfo_t *me = router_get_my_routerinfo(); + if (!can_reach_or_port && me) { log_notice(LD_OR,"Self-testing indicates your ORPort is reachable from " "the outside. Excellent.%s", get_options()->_PublishServerDescriptor != NO_AUTHORITY ? " Publishing server descriptor." : ""); can_reach_or_port = 1; mark_my_descriptor_dirty(); - if (!me) { /* should never happen */ - log_warn(LD_BUG, "ORPort found reachable, but I have no routerinfo " - "yet. Failing to inform controller of success."); - return; - } control_event_server_status(LOG_NOTICE, "REACHABILITY_SUCCEEDED ORADDRESS=%s:%d", me->address, me->or_port); @@@ -909,18 -899,13 +904,13 @@@ void router_dirport_found_reachable(void) { - if (!can_reach_dir_port) { - const routerinfo_t *me = router_get_my_routerinfo(); - routerinfo_t *me = router_get_my_routerinfo(); ++ const routerinfo_t *me = router_get_my_routerinfo(); + if (!can_reach_dir_port && me) { log_notice(LD_DIRSERV,"Self-testing indicates your DirPort is reachable " "from the outside. Excellent."); can_reach_dir_port = 1; - if (!me || decide_to_advertise_dirport(get_options(), me->dir_port)) + if (decide_to_advertise_dirport(get_options(), me->dir_port)) mark_my_descriptor_dirty(); - if (!me) { /* should never happen */ - log_warn(LD_BUG, "DirPort found reachable, but I have no routerinfo " - "yet. Failing to inform controller of success."); - return; - } control_event_server_status(LOG_NOTICE, "REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d", me->address, me->dir_port); @@@ -1181,7 -1166,7 +1171,7 @@@ static int desc_needs_upload = 0 void router_upload_dir_desc_to_dirservers(int force) { - routerinfo_t *ri; + const routerinfo_t *ri; extrainfo_t *ei; char *msg; size_t desc_len, extra_len = 0, total_len; @@@ -1275,7 -1260,7 +1265,7 @@@ router_extrainfo_digest_is_me(const cha /** A wrapper around router_digest_is_me(). */ int -router_is_me(routerinfo_t *router) +router_is_me(const routerinfo_t *router) { return router_digest_is_me(router->cache_info.identity_digest); } @@@ -1294,7 -1279,7 +1284,7 @@@ router_fingerprint_is_me(const char *fp /** Return a routerinfo for this OR, rebuilding a fresh one if * necessary. Return NULL on error, or if called on an OP. */ -routerinfo_t * +const routerinfo_t * router_get_my_routerinfo(void) { if (!server_mode(get_options())) @@@ -1346,6 -1331,8 +1336,6 @@@ static int router_guess_address_from_di int router_pick_published_address(or_options_t *options, uint32_t *addr) { - char buf[INET_NTOA_BUF_LEN]; - struct in_addr a; if (resolve_my_address(LOG_INFO, options, addr, NULL) < 0) { log_info(LD_CONFIG, "Could not determine our address locally. " "Checking if directory headers provide any hints."); @@@ -1355,7 -1342,9 +1345,7 @@@ return -1; } } - a.s_addr = htonl(*addr); - tor_inet_ntoa(&a, buf, sizeof(buf)); - log_info(LD_CONFIG,"Success: chose address '%s'.", buf); + log_info(LD_CONFIG,"Success: chose address '%s'.", fmt_addr32(*addr)); return 0; } @@@ -1422,12 -1411,13 +1412,12 @@@ router_rebuild_descriptor(int force ri->policy_is_reject_star = policy_is_reject_star(ri->exit_policy); - if (desc_routerinfo) { /* inherit values */ - ri->is_valid = desc_routerinfo->is_valid; - ri->is_running = desc_routerinfo->is_running; - ri->is_named = desc_routerinfo->is_named; - } +#if 0 + /* XXXX NM NM I belive this is safe to remove */ if (authdir_mode(options)) ri->is_valid = ri->is_named = 1; /* believe in yourself */ +#endif + if (options->MyFamily) { smartlist_t *family; if (!warned_nonexistent_family) @@@ -1436,12 -1426,13 +1426,12 @@@ ri->declared_family = smartlist_create(); smartlist_split_string(family, options->MyFamily, ",", SPLIT_SKIP_SPACE|SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); - SMARTLIST_FOREACH(family, char *, name, - { - routerinfo_t *member; + SMARTLIST_FOREACH_BEGIN(family, char *, name) { + const node_t *member; if (!strcasecmp(name, options->Nickname)) - member = ri; + goto skip; /* Don't list ourself, that's redundant */ else - member = router_get_by_nickname(name, 1); + member = node_get_by_nickname(name, 1); if (!member) { int is_legal = is_legal_nickname_or_hexdigest(name); if (!smartlist_string_isin(warned_nonexistent_family, name) && @@@ -1461,21 -1452,19 +1451,21 @@@ smartlist_add(ri->declared_family, name); name = NULL; } - } else if (router_is_me(member)) { + } else if (router_digest_is_me(member->identity)) { /* Don't list ourself in our own family; that's redundant */ + /* XXX shouldn't be possible */ } else { char *fp = tor_malloc(HEX_DIGEST_LEN+2); fp[0] = '$'; base16_encode(fp+1,HEX_DIGEST_LEN+1, - member->cache_info.identity_digest, DIGEST_LEN); + member->identity, DIGEST_LEN); smartlist_add(ri->declared_family, fp); if (smartlist_string_isin(warned_nonexistent_family, name)) smartlist_string_remove(warned_nonexistent_family, name); } + skip: tor_free(name); - }); + } SMARTLIST_FOREACH_END(name); /* remove duplicates from the list */ smartlist_sort_strings(ri->declared_family); @@@ -1536,6 -1525,8 +1526,6 @@@ strlen(ri->cache_info.signed_descriptor_body), ri->cache_info.signed_descriptor_digest); - routerinfo_set_country(ri); - if (ei) { tor_assert(! routerinfo_incompatible_with_extrainfo(ri, ei, NULL, NULL)); } @@@ -2026,12 -2017,6 +2016,12 @@@ extrainfo_dump_to_string(char **s_out, tor_free(bandwidth_usage); smartlist_add(chunks, pre); + if (geoip_is_loaded()) { + char *chunk=NULL; + tor_asprintf(&chunk, "geoip-db-digest %s\n", geoip_db_digest()); + smartlist_add(chunks, chunk); + } + if (options->ExtraInfoStatistics && write_stats_to_extrainfo) { log_info(LD_GENERAL, "Adding stats to extra-info descriptor."); if (options->DirReqStatistics && @@@ -2054,11 -2039,6 +2044,11 @@@ "exit-stats-end", now, &contents) > 0) { smartlist_add(chunks, contents); } + if (options->ConnDirectionStatistics && + load_stats_file("stats"PATH_SEPARATOR"conn-stats", + "conn-bi-direct", now, &contents) > 0) { + smartlist_add(chunks, contents); + } } if (should_record_bridge_info(options) && write_stats_to_extrainfo) { @@@ -2197,15 -2177,10 +2187,15 @@@ is_legal_hexdigest(const char *s void router_get_verbose_nickname(char *buf, const routerinfo_t *router) { + const char *good_digest = networkstatus_get_router_digest_by_nickname( + router->nickname); + int is_named = good_digest && !memcmp(good_digest, + router->cache_info.identity_digest, + DIGEST_LEN); buf[0] = '$'; base16_encode(buf+1, HEX_DIGEST_LEN+1, router->cache_info.identity_digest, DIGEST_LEN); - buf[1+HEX_DIGEST_LEN] = router->is_named ? '=' : '~'; + buf[1+HEX_DIGEST_LEN] = is_named ? '=' : '~'; strlcpy(buf+1+HEX_DIGEST_LEN+1, router->nickname, MAX_NICKNAME_LEN+1); }

1 0

[tor/master] we're not reachable if we don't have a routerinfo yet
by nickm＠torproject.org 14 Mar '11

14 Mar '11

commit 1a9d19e9728c21ffa37f2b751df8e8e97c1835d3 Author: Roger Dingledine <arma(a)torproject.org> Date: Sun Mar 13 15:47:59 2011 -0400 we're not reachable if we don't have a routerinfo yet --- changes/bug1172 | 9 +++++++++ src/or/router.c | 20 +++++--------------- 2 files changed, 14 insertions(+), 15 deletions(-) diff --git a/changes/bug1172 b/changes/bug1172 new file mode 100644 index 0000000..3abd743 --- /dev/null +++ b/changes/bug1172 @@ -0,0 +1,9 @@ + o Minor bugfixes: + - When we restart our relay, we might get a successful connection + from the outside before we've started our reachability tests, + triggering a warning: "ORPort found reachable, but I have no + routerinfo yet. Failing to inform controller of success." This + bug was harmless unless Tor is running under a controller + like Vidalia, in which case the controller would never get a + REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha; + fixes bug 1172. diff --git a/src/or/router.c b/src/or/router.c index 75f592d..ba7be3d 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -793,19 +793,14 @@ consider_testing_reachability(int test_or, int test_dir) void router_orport_found_reachable(void) { - if (!can_reach_or_port) { - routerinfo_t *me = router_get_my_routerinfo(); + routerinfo_t *me = router_get_my_routerinfo(); + if (!can_reach_or_port && me) { log_notice(LD_OR,"Self-testing indicates your ORPort is reachable from " "the outside. Excellent.%s", get_options()->_PublishServerDescriptor != NO_AUTHORITY ? " Publishing server descriptor." : ""); can_reach_or_port = 1; mark_my_descriptor_dirty(); - if (!me) { /* should never happen */ - log_warn(LD_BUG, "ORPort found reachable, but I have no routerinfo " - "yet. Failing to inform controller of success."); - return; - } control_event_server_status(LOG_NOTICE, "REACHABILITY_SUCCEEDED ORADDRESS=%s:%d", me->address, me->or_port); @@ -816,18 +811,13 @@ router_orport_found_reachable(void) void router_dirport_found_reachable(void) { - if (!can_reach_dir_port) { - routerinfo_t *me = router_get_my_routerinfo(); + routerinfo_t *me = router_get_my_routerinfo(); + if (!can_reach_dir_port && me) { log_notice(LD_DIRSERV,"Self-testing indicates your DirPort is reachable " "from the outside. Excellent."); can_reach_dir_port = 1; - if (!me || decide_to_advertise_dirport(get_options(), me->dir_port)) + if (decide_to_advertise_dirport(get_options(), me->dir_port)) mark_my_descriptor_dirty(); - if (!me) { /* should never happen */ - log_warn(LD_BUG, "DirPort found reachable, but I have no routerinfo " - "yet. Failing to inform controller of success."); - return; - } control_event_server_status(LOG_NOTICE, "REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d", me->address, me->dir_port);

1 0