April 2011 - tor-commits - lists.torproject.org

[tor/release-0.2.2] note another case where strictnodes is considered for exits
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit bcea155ce0999d19b596a24edd359d1fc0dbe380 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 04:36:24 2011 -0500 note another case where strictnodes is considered for exits --- src/or/connection_edge.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 72e2c8a..fff42be 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2969,6 +2969,8 @@ connection_edge_is_rendezvous_stream(edge_connection_t *conn) * * If excluded_means_no is 1 and Exclude*Nodes is set and excludes * this relay, return 0. + * XXX022-1090 This StrictNodes business needs more work, a la bug 1090. See + * also git commit ef81649d. */ int connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit,

1 0

[tor/release-0.2.2] If we're excluded, and StrictNodes is set, do not do self-tests.
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit ca74badbe95be77bd990c9c4f9c1b26052d4159e Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 14:14:45 2011 -0400 If we're excluded, and StrictNodes is set, do not do self-tests. --- src/or/router.c | 22 ++++++++++++++++++++-- 1 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/or/router.c b/src/or/router.c index 6993e1e..64cb079 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -850,14 +850,33 @@ consider_testing_reachability(int test_or, int test_dir) routerinfo_t *me = router_get_my_routerinfo(); int orport_reachable = check_whether_orport_reachable(); tor_addr_t addr; + or_options_t *options = get_options(); if (!me) return; + if (routerset_contains_router(options->ExcludeNodes, me) && + options->StrictNodes) { + /* If we've excluded ourself, and StrictNodes is set, we can't test + * ourself. */ + if (test_or || test_dir) { +#define SELF_EXCLUDED_WARN_INTERVAL 3600 + static ratelim_t warning_limit=RATELIM_INIT(SELF_EXCLUDED_WARN_INTERVAL); + char *msg; + if ((msg = rate_limit_log(&warning_limit, approx_time()))) { + log_warn(LD_CIRC, "Can't peform self-tests for this relay: we have " + "listed ourself in ExcludeNodes, and StrictNodes is set. " + "We will cannot learn whether we are usable, and will not " + "be able to advertise ourself.%s", msg); + tor_free(msg); + } + } + return; + } + if (test_or && (!orport_reachable || !circuit_enough_testing_circs())) { log_info(LD_CIRC, "Testing %s of my ORPort: %s:%d.", !orport_reachable ? "reachability" : "bandwidth", me->address, me->or_port); - /* XXX022-1090 If we ExcludeNodes ourself, should this fail? -RD */ circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me, CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL); } @@ -868,7 +887,6 @@ consider_testing_reachability(int test_or, int test_dir) CONN_TYPE_DIR, &addr, me->dir_port, DIR_PURPOSE_FETCH_SERVERDESC)) { /* ask myself, via tor, for my server descriptor. */ - /* XXX022-1090 If we ExcludeNodes ourself, should this fail? -RD */ directory_initiate_command(me->address, &addr, me->or_port, me->dir_port, 0, /* does not matter */

1 0

[tor/release-0.2.2] Note that circuit purpose changing can violate ExcludeNodes
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit db2fd28308fb019e59280219cf95f09f5208092f Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Mar 28 16:44:40 2011 -0400 Note that circuit purpose changing can violate ExcludeNodes --- src/or/rendservice.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 88f1ba3..5b85394 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1352,6 +1352,9 @@ rend_service_intro_has_opened(origin_circuit_t *circuit) log_info(LD_CIRC|LD_REND, "We have just finished an introduction " "circuit, but we already have enough. Redefining purpose to " "general."); + /* XXX022-1090: This can wind up violating ExcludeNodes/ + * ExitNodes/ExcludeExitNodes restrictions. + */ TO_CIRCUIT(circuit)->purpose = CIRCUIT_PURPOSE_C_GENERAL; circuit_has_opened(circuit); return;

1 0

[tor/release-0.2.2] make formal a constraint that's been true a while now
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 9f47cfc21a8fa91b98a48291c316121135fa3f17 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 05:39:26 2011 -0500 make formal a constraint that's been true a while now --- src/or/config.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index bd904dc..404e648 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -3189,6 +3189,12 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("Servers must be able to freely connect to the rest " "of the Internet, so they must not set UseBridges."); + /* If both of these are set, we'll end up with funny behavior where we + * demand enough entrynodes be up and running else we won't build + * circuits, yet we never actually use them. */ + if (options->UseBridges && options->EntryNodes) + REJECT("You cannot set both UseBridges and EntryNodes."); + options->_AllowInvalid = 0; if (options->AllowInvalidNodes) { SMARTLIST_FOREACH(options->AllowInvalidNodes, const char *, cp, {

1 0

[tor/release-0.2.2] the new entrynodes behavior is always strict
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 5d12495d982d076b74ca2c0c88b78b00d2810e71 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 04:21:25 2011 -0500 the new entrynodes behavior is always strict --- src/or/circuitbuild.c | 36 +++++++++++------------------------- 1 files changed, 11 insertions(+), 25 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index ebbda21..86406cb 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -4006,14 +4006,10 @@ entry_guards_prepend_from_config(or_options_t *options) SMARTLIST_FOREACH(entry_routers, routerinfo_t *, ri, { add_an_entry_guard(ri, 0); }); - /* Finally, the remaining previously configured guards that are not in - * EntryNodes, unless we're strict in which case we drop them */ - if (options->StrictNodes) { - SMARTLIST_FOREACH(old_entry_guards_not_on_list, entry_guard_t *, e, - entry_guard_free(e)); - } else { - smartlist_add_all(entry_guards, old_entry_guards_not_on_list); - } + /* Finally, free the remaining previously configured guards that are not in + * EntryNodes. */ + SMARTLIST_FOREACH(old_entry_guards_not_on_list, entry_guard_t *, e, + entry_guard_free(e)); smartlist_free(entry_routers); smartlist_free(entry_fps); @@ -4024,7 +4020,7 @@ entry_guards_prepend_from_config(or_options_t *options) /** Return 0 if we're fine adding arbitrary routers out of the * directory to our entry guard list, or return 1 if we have a - * list already and we'd prefer to stick to it. + * list already and we must stick to it. */ int entry_list_is_constrained(or_options_t *options) @@ -4036,18 +4032,6 @@ entry_list_is_constrained(or_options_t *options) return 0; } -/* Are we dead set against changing our entry guard list, or would we - * change it if it means keeping Tor usable? */ -static int -entry_list_is_totally_static(or_options_t *options) -{ - if (options->EntryNodes && options->StrictNodes) - return 1; - if (options->UseBridges) - return 1; - return 0; -} - /** Pick a live (up and listed) entry guard from entry_guards. If * state is non-NULL, this is for a specific circuit -- * make sure not to pick this circuit's exit or any node in the @@ -4092,6 +4076,7 @@ choose_random_entry(cpath_build_state_t *state) continue; /* don't pick the same node for entry and exit */ if (consider_exit_family && smartlist_isin(exit_family, r)) continue; /* avoid relays that are family members of our exit */ +#if 0 /* since EntryNodes is always strict now, this clause is moot */ if (options->EntryNodes && !routerset_contains_router(options->EntryNodes, r)) { /* We've come to the end of our preferred entry nodes. */ @@ -4106,6 +4091,7 @@ choose_random_entry(cpath_build_state_t *state) "No relays from EntryNodes available. Using others."); } } +#endif smartlist_add(live_entry_guards, r); if (!entry->made_contact) { /* Always start with the first not-yet-contacted entry @@ -4131,7 +4117,7 @@ choose_random_entry(cpath_build_state_t *state) } if (smartlist_len(live_entry_guards) < preferred_min) { - if (!entry_list_is_totally_static(options)) { + if (!entry_list_is_constrained(options)) { /* still no? try adding a new entry then */ /* XXX if guard doesn't imply fast and stable, then we need * to tell add_an_entry_guard below what we want, or it might @@ -4157,9 +4143,9 @@ choose_random_entry(cpath_build_state_t *state) goto retry; } if (!r && entry_list_is_constrained(options) && consider_exit_family) { - /* still no? if we're using bridges or have StrictNodes - * set, and our chosen exit is in the same family as all our - * bridges/entry guards, then be flexible about families. */ + /* still no? if we're using bridges, + * and our chosen exit is in the same family as all our + * bridges, then be flexible about families. */ consider_exit_family = 0; goto retry; }

1 0

[tor/release-0.2.2] handle excludenodes for dir fetch/post
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 4906188b622872899f76cf01167cfef3e09cbffd Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 03:09:24 2011 -0500 handle excludenodes for dir fetch/post If we're picking a random directory node, never pick an excluded one. But if we've chosen a specific one (or all), allow it unless strictnodes is set (in which case warn so the user knows it's their fault). When warning that we won't connect to a strictly excluded node, log what it was we were trying to do at that node. When ExcludeNodes is set but StrictNodes is not set, we only use non-excluded nodes if we can, but fall back to using excluded nodes if none of those nodes is usable. --- src/or/directory.c | 31 +++++++++++++++++++++++++++++-- src/or/routerlist.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 2 deletions(-) diff --git a/src/or/directory.c b/src/or/directory.c index 8f33a60..0c095fe 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -253,10 +253,13 @@ directories_have_accepted_server_descriptor(void) } /** Start a connection to every suitable directory authority, using - * connection purpose 'purpose' and uploading the payload 'payload' - * (length 'payload_len'). dir_purpose should be one of + * connection purpose dir_purpose and uploading payload + * (of length payload_len). The dir_purpose should be one of * 'DIR_PURPOSE_UPLOAD_DIR' or 'DIR_PURPOSE_UPLOAD_RENDDESC'. * + * router_purpose describes the type of descriptor we're + * publishing, if we're publishing a descriptor -- e.g. general or bridge. + * * type specifies what sort of dir authorities (V1, V2, * HIDSERV, BRIDGE) we should upload to. * @@ -272,6 +275,7 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, const char *payload, size_t payload_len, size_t extrainfo_len) { + or_options_t *options = get_options(); int post_via_tor; smartlist_t *dirservers = router_get_trusted_dir_servers(); int found = 0; @@ -287,6 +291,16 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, if ((type & ds->type) == 0) continue; + if (options->ExcludeNodes && options->StrictNodes && + routerset_contains_routerstatus(options->ExcludeNodes, rs)) { + log_warn(LD_DIR, "Wanted to contact authority '%s' for %s, but " + "it's in our ExcludedNodes list and StrictNodes is set. " + "Skipping.", + ds->nickname, + dir_conn_purpose_to_string(dir_purpose)); + continue; + } + found = 1; /* at least one authority of this type was listed */ if (dir_purpose == DIR_PURPOSE_UPLOAD_DIR) ds->has_accepted_serverdesc = 0; @@ -496,12 +510,14 @@ directory_initiate_command_routerstatus_rend(routerstatus_t *status, time_t if_modified_since, const rend_data_t *rend_query) { + or_options_t *options = get_options(); routerinfo_t *router; char address_buf[INET_NTOA_BUF_LEN+1]; struct in_addr in; const char *address; tor_addr_t addr; router = router_get_by_digest(status->identity_digest); + if (!router && anonymized_connection) { log_info(LD_DIR, "Not sending anonymized request to directory '%s'; we " "don't have its router descriptor.", status->nickname); @@ -514,6 +530,17 @@ directory_initiate_command_routerstatus_rend(routerstatus_t *status, address = address_buf; } tor_addr_from_ipv4h(&addr, status->addr); + + if (options->ExcludeNodes && options->StrictNodes && + routerset_contains_routerstatus(options->ExcludeNodes, status)) { + log_warn(LD_DIR, "Wanted to contact directory mirror '%s' for %s, but " + "it's in our ExcludedNodes list and StrictNodes is set. " + "Skipping. This choice might make your Tor not work.", + status->nickname, + dir_conn_purpose_to_string(dir_purpose)); + return; + } + directory_initiate_command_rend(address, &addr, status->or_port, status->dir_port, status->version_supports_conditional_consensus, diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 5d9ab8c..29e2e96 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1070,6 +1070,7 @@ router_pick_trusteddirserver(authority_type_t type, int flags) static routerstatus_t * router_pick_directory_server_impl(authority_type_t type, int flags) { + or_options_t *options = get_options(); routerstatus_t *result; smartlist_t *direct, *tunnel; smartlist_t *trusted_direct, *trusted_tunnel; @@ -1079,10 +1080,13 @@ router_pick_directory_server_impl(authority_type_t type, int flags) int requireother = ! (flags & PDS_ALLOW_SELF); int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL); int prefer_tunnel = (flags & _PDS_PREFER_TUNNELED_DIR_CONNS); + int try_excluding = 1, n_excluded = 0; if (!consensus) return NULL; + retry_without_exclude: + direct = smartlist_create(); tunnel = smartlist_create(); trusted_direct = smartlist_create(); @@ -1114,6 +1118,11 @@ router_pick_directory_server_impl(authority_type_t type, int flags) if ((type & EXTRAINFO_CACHE) && !router_supports_extrainfo(status->identity_digest, 0)) continue; + if (try_excluding && options->ExcludeNodes && + routerset_contains_routerstatus(options->ExcludeNodes, status)) { + ++n_excluded; + continue; + } /* XXXX IP6 proposal 118 */ tor_addr_from_ipv4h(&addr, status->addr); @@ -1155,6 +1164,15 @@ router_pick_directory_server_impl(authority_type_t type, int flags) smartlist_free(trusted_tunnel); smartlist_free(overloaded_direct); smartlist_free(overloaded_tunnel); + + if (result == NULL && try_excluding && !options->StrictNodes && n_excluded) { + /* If we got no result, and we are excluding nodes, and StrictNodes is + * not set, try again without excluding nodes. */ + try_excluding = 0; + n_excluded = 0; + goto retry_without_exclude; + } + return result; } @@ -1165,6 +1183,7 @@ static routerstatus_t * router_pick_trusteddirserver_impl(authority_type_t type, int flags, int *n_busy_out) { + or_options_t *options = get_options(); smartlist_t *direct, *tunnel; smartlist_t *overloaded_direct, *overloaded_tunnel; routerinfo_t *me = router_get_my_routerinfo(); @@ -1175,10 +1194,13 @@ router_pick_trusteddirserver_impl(authority_type_t type, int flags, const int prefer_tunnel = (flags & _PDS_PREFER_TUNNELED_DIR_CONNS); const int no_serverdesc_fetching =(flags & PDS_NO_EXISTING_SERVERDESC_FETCH); int n_busy = 0; + int try_excluding = 1, n_excluded = 0; if (!trusted_dir_servers) return NULL; + retry_without_exclude: + direct = smartlist_create(); tunnel = smartlist_create(); overloaded_direct = smartlist_create(); @@ -1197,6 +1219,12 @@ router_pick_trusteddirserver_impl(authority_type_t type, int flags, continue; if (requireother && me && router_digest_is_me(d->digest)) continue; + if (try_excluding && options->ExcludeNodes && + routerset_contains_routerstatus(options->ExcludeNodes, + &d->fake_status)) { + ++n_excluded; + continue; + } /* XXXX IP6 proposal 118 */ tor_addr_from_ipv4h(&addr, d->addr); @@ -1243,6 +1271,15 @@ router_pick_trusteddirserver_impl(authority_type_t type, int flags, smartlist_free(tunnel); smartlist_free(overloaded_direct); smartlist_free(overloaded_tunnel); + + if (result == NULL && try_excluding && !options->StrictNodes && n_excluded) { + /* If we got no result, and we are excluding nodes, and StrictNodes is + * not set, try again without excluding nodes. */ + try_excluding = 0; + n_excluded = 0; + goto retry_without_exclude; + } + return result; }

1 0

[tor/release-0.2.2] refuse excluded hidserv nodes if strictnodes
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 82178a81f6748c9b26bdc8a5da36dd34b689281b Author: Roger Dingledine <arma(a)torproject.org> Date: Sat Oct 17 18:52:18 2009 -0400 refuse excluded hidserv nodes if strictnodes Make hidden services more flaky for people who set both ExcludeNodes and StrictNodes. Not recommended, especially for hidden service operators. --- src/or/rendclient.c | 56 +++++++++++++++++++++++++++++++++++++++++++++---- src/or/rendservice.c | 14 +++++++++++- 2 files changed, 64 insertions(+), 6 deletions(-) diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 8ac909f..90304c3 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -22,6 +22,9 @@ #include "rephist.h" #include "routerlist.h" +static extend_info_t *rend_client_get_random_intro_impl( + const rend_data_t *rend_query, const int strict); + /** Called when we've established a circuit to an introduction point: * send the introduction request. */ void @@ -739,10 +742,31 @@ rend_client_desc_trynow(const char *query) extend_info_t * rend_client_get_random_intro(const rend_data_t *rend_query) { + extend_info_t *result; + /* See if we can get a node that complies with ExcludeNodes */ + if ((result = rend_client_get_random_intro_impl(rend_query, 1))) + return result; + /* If not, and StrictNodes is not set, see if we can return any old node + */ + if (!get_options()->StrictNodes) + return rend_client_get_random_intro_impl(rend_query, 0); + return NULL; +} + +/** As rend_client_get_random_intro, except assume that StrictNodes is set + * iff strict is true. + */ +static extend_info_t * +rend_client_get_random_intro_impl(const rend_data_t *rend_query, + const int strict) +{ int i; rend_cache_entry_t *entry; rend_intro_point_t *intro; routerinfo_t *router; + or_options_t *options = get_options(); + smartlist_t *usable_nodes; + int n_excluded = 0; if (rend_cache_lookup_entry(rend_query->onion_address, -1, &entry) < 1) { log_warn(LD_REND, @@ -750,13 +774,26 @@ rend_client_get_random_intro(const rend_data_t *rend_query) safe_str_client(rend_query->onion_address)); return NULL; } + /* We'll keep a separate list of the usable nodes. If this becomes empty, + * no nodes are usable. */ + usable_nodes = smartlist_create(); + smartlist_add_all(usable_nodes, entry->parsed->intro_nodes); again: - if (smartlist_len(entry->parsed->intro_nodes) == 0) + if (smartlist_len(usable_nodes) == 0) { + if (n_excluded && get_options()->StrictNodes) { + /* We only want to warn if StrictNodes is really set. Otherwise + * we're just about to retry anyways. + */ + log_warn(LD_REND, "All introduction points for hidden service are " + "at excluded relays, and StrictNodes is set. Skipping."); + } + smartlist_free(usable_nodes); return NULL; + } - i = crypto_rand_int(smartlist_len(entry->parsed->intro_nodes)); - intro = smartlist_get(entry->parsed->intro_nodes, i); + i = crypto_rand_int(smartlist_len(usable_nodes)); + intro = smartlist_get(usable_nodes, i); /* Do we need to look up the router or is the extend info complete? */ if (!intro->extend_info->onion_key) { if (tor_digest_is_zero(intro->extend_info->identity_digest)) @@ -766,13 +803,22 @@ rend_client_get_random_intro(const rend_data_t *rend_query) if (!router) { log_info(LD_REND, "Unknown router with nickname '%s'; trying another.", intro->extend_info->nickname); - rend_intro_point_free(intro); - smartlist_del(entry->parsed->intro_nodes, i); + smartlist_del(usable_nodes, i); goto again; } extend_info_free(intro->extend_info); intro->extend_info = extend_info_from_router(router); } + /* Check if we should refuse to talk to this router. */ + if (options->ExcludeNodes && strict && + routerset_contains_extendinfo(options->ExcludeNodes, + intro->extend_info)) { + n_excluded++; + smartlist_del(usable_nodes, i); + goto again; + } + + smartlist_free(usable_nodes); return extend_info_dup(intro->extend_info); } diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 4503982..88f1ba3 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -848,6 +848,7 @@ clean_accepted_intros(rend_service_t *service, time_t now) /** Respond to an INTRODUCE2 cell by launching a circuit to the chosen * rendezvous point. */ + /* XXX022 this function sure could use some organizing. -RD */ int rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, size_t request_len) @@ -875,6 +876,8 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, time_t now = time(NULL); char diffie_hellman_hash[DIGEST_LEN]; time_t *access_time; + or_options_t *options = get_options(); + tor_assert(circuit->rend_data); base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, @@ -1047,6 +1050,15 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, goto err; } + /* Check if we'd refuse to talk to this router */ + if (options->ExcludeNodes && options->StrictNodes && + routerset_contains_extendinfo(options->ExcludeNodes, extend_info)) { + log_warn(LD_REND, "Client asked to rendezvous at a relay that we " + "exclude, and StrictNodes is set. Refusing service."); + reason = END_CIRC_REASON_INTERNAL; /* XXX might leak why we refused */ + goto err; + } + r_cookie = ptr; base16_encode(hexcookie,9,r_cookie,4); @@ -1394,7 +1406,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit) /** Called when we get an INTRO_ESTABLISHED cell; mark the circuit as a * live introduction point, and note that the service descriptor is - * now out-of-date.*/ + * now out-of-date. */ int rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request,

1 0

[tor/release-0.2.2] If EntryNodes and ExcludeNodes overlap, obey ExcludeNodes.
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit ad3da535366aeb9b7441f4881899758bc7475168 Author: Roger Dingledine <arma(a)torproject.org> Date: Sat Oct 17 18:54:20 2009 -0400 If EntryNodes and ExcludeNodes overlap, obey ExcludeNodes. --- src/or/circuitbuild.c | 6 ++++-- src/or/config.c | 3 ++- src/or/or.h | 4 ++-- src/or/routerlist.c | 13 ++++++++----- src/or/routerlist.h | 1 + 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 2d4d5c0..ebbda21 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2938,6 +2938,7 @@ warn_if_last_router_excluded(origin_circuit_t *circ, const extend_info_t *exit) description,exit->nickname, rs==options->ExcludeNodes?"":" or ExcludeExitNodes", (int)purpose); + /* XXX022-1090 "using anyway" is freaking people out -RD */ circuit_log_path(LOG_WARN, domain, circ); } @@ -3979,7 +3980,8 @@ entry_guards_prepend_from_config(or_options_t *options) * Perhaps we should do this calculation once whenever the list of routers * changes or the entrynodes setting changes. */ - routerset_get_all_routers(entry_routers, options->EntryNodes, 0); + routerset_get_all_routers(entry_routers, options->EntryNodes, + options->ExcludeNodes, 0); SMARTLIST_FOREACH(entry_routers, routerinfo_t *, ri, smartlist_add(entry_fps,ri->cache_info.identity_digest)); SMARTLIST_FOREACH(entry_guards, entry_guard_t *, e, { @@ -4155,7 +4157,7 @@ choose_random_entry(cpath_build_state_t *state) goto retry; } if (!r && entry_list_is_constrained(options) && consider_exit_family) { - /* still no? if we're using bridges or have strictentrynodes + /* still no? if we're using bridges or have StrictNodes * set, and our chosen exit is in the same family as all our * bridges/entry guards, then be flexible about families. */ consider_exit_family = 0; diff --git a/src/or/config.c b/src/or/config.c index 9675c73..bd904dc 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1412,7 +1412,8 @@ options_act(or_options_t *old_options) /* Check if we need to parse and add the EntryNodes config option. */ if (options->EntryNodes && (!old_options || - (!routerset_equal(old_options->EntryNodes,options->EntryNodes)))) + !routerset_equal(old_options->EntryNodes,options->EntryNodes) || + !routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes))) entry_nodes_should_be_added(); /* Since our options changed, we might need to regenerate and upload our diff --git a/src/or/or.h b/src/or/or.h index 06e6d7f..50a1223 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2387,7 +2387,7 @@ typedef struct { * ORs not to consider as exits. */ /** Union of ExcludeNodes and ExcludeExitNodes */ - struct routerset_t *_ExcludeExitNodesUnion; + routerset_t *_ExcludeExitNodesUnion; int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our * process for all current and future memory. */ @@ -3487,7 +3487,7 @@ typedef struct trusted_dir_server_t { #define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX -/* Flags for pick_directory_server and pick_trusteddirserver. */ +/* Flags for pick_directory_server() and pick_trusteddirserver(). */ /** Flag to indicate that we should not automatically be willing to use * ourself to answer a directory request. * Passed to router_pick_directory_server (et al).*/ diff --git a/src/or/routerlist.c b/src/or/routerlist.c index c02654f..5d9ab8c 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -5516,10 +5516,11 @@ routerset_contains_routerstatus(const routerset_t *set, routerstatus_t *rs) } /** Add every known routerinfo_t that is a member of routerset to - * out. If running_only, only add the running ones. */ + * out, but never add any that are part of excludeset. + * If running_only, only add the running ones. */ void routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset, - int running_only) + const routerset_t *excludeset, int running_only) { tor_assert(out); if (!routerset || !routerset->list) @@ -5529,12 +5530,13 @@ routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset, if (routerset_is_list(routerset)) { /* No routers are specified by type; all are given by name or digest. - * we can do a lookup in O(len(list)). */ + * we can do a lookup in O(len(routerset)). */ SMARTLIST_FOREACH(routerset->list, const char *, name, { routerinfo_t *router = router_get_by_nickname(name, 1); if (router) { if (!running_only || router->is_running) - smartlist_add(out, router); + if (!routerset_contains_router(excludeset, router)) + smartlist_add(out, router); } }); } else { @@ -5544,7 +5546,8 @@ routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset, SMARTLIST_FOREACH(rl->routers, routerinfo_t *, router, { if (running_only && !router->is_running) continue; - if (routerset_contains_router(routerset, router)) + if (routerset_contains_router(routerset, router) && + !routerset_contains_router(excludeset, router)) smartlist_add(out, router); }); } diff --git a/src/or/routerlist.h b/src/or/routerlist.h index ca42811..cd0eb95 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -173,6 +173,7 @@ int routerset_contains_routerstatus(const routerset_t *set, int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei); void routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset, + const routerset_t *excludeset, int running_only); void routersets_get_disjunction(smartlist_t *target, const smartlist_t *source, const routerset_t *include,

1 0

[tor/release-0.2.2] Make the Log configuration option expand ~
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 91aa6f08bcf0acbdfa038aaffe73e327ddd87c67 Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Fri Apr 22 16:06:52 2011 +0200 Make the Log configuration option expand ~ --- changes/bug2971 | 6 ++++++ src/or/config.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletions(-) diff --git a/changes/bug2971 b/changes/bug2971 new file mode 100644 index 0000000..8b71ce0 --- /dev/null +++ b/changes/bug2971 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Be more consistent in our treatment of file system paths. ~ should + get expanded to the user's home directory in the Log config option. + Bugfix on 0.2.0.1-alpha, which introduced the feature for the -f and + --DataDirectory options. + diff --git a/src/or/config.c b/src/or/config.c index 5000f5d..3770301 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -4382,11 +4382,13 @@ options_init_logs(or_options_t *options, int validate_only) if (smartlist_len(elts) == 2 && !strcasecmp(smartlist_get(elts,0), "file")) { if (!validate_only) { - if (add_file_log(severity, smartlist_get(elts, 1)) < 0) { + char *fname = expand_filename(smartlist_get(elts, 1)); + if (add_file_log(severity, fname) < 0) { log_warn(LD_CONFIG, "Couldn't open file for 'Log %s': %s", opt->value, strerror(errno)); ok = 0; } + tor_free(fname); } goto cleanup; }

1 0

[tor/release-0.2.2] Merge remote-tracking branch 'sebastian/bug2917' into maint-0.2.2
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit a7a906603e0c7e3c8519a948b5adf43bfecf6f66 Merge: b75d1da 5114e3e Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 26 15:17:03 2011 -0400 Merge remote-tracking branch 'sebastian/bug2917' into maint-0.2.2 changes/bug2917 | 4 ++++ src/or/control.c | 3 ++- src/or/main.c | 43 +------------------------------------------ src/or/main.h | 2 +- src/or/or.h | 2 +- 5 files changed, 9 insertions(+), 45 deletions(-)

1 0