April 2011 - tor-commits - lists.torproject.org

[tor/release-0.2.2] make formal a constraint that's been true a while now
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 9f47cfc21a8fa91b98a48291c316121135fa3f17 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 05:39:26 2011 -0500 make formal a constraint that's been true a while now --- src/or/config.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index bd904dc..404e648 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -3189,6 +3189,12 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("Servers must be able to freely connect to the rest " "of the Internet, so they must not set UseBridges."); + /* If both of these are set, we'll end up with funny behavior where we + * demand enough entrynodes be up and running else we won't build + * circuits, yet we never actually use them. */ + if (options->UseBridges && options->EntryNodes) + REJECT("You cannot set both UseBridges and EntryNodes."); + options->_AllowInvalid = 0; if (options->AllowInvalidNodes) { SMARTLIST_FOREACH(options->AllowInvalidNodes, const char *, cp, {

1 0

[tor/release-0.2.2] note another case where strictnodes is considered for exits
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit bcea155ce0999d19b596a24edd359d1fc0dbe380 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 04:36:24 2011 -0500 note another case where strictnodes is considered for exits --- src/or/connection_edge.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 72e2c8a..fff42be 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2969,6 +2969,8 @@ connection_edge_is_rendezvous_stream(edge_connection_t *conn) * * If excluded_means_no is 1 and Exclude*Nodes is set and excludes * this relay, return 0. + * XXX022-1090 This StrictNodes business needs more work, a la bug 1090. See + * also git commit ef81649d. */ int connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit,

1 0

[tor/release-0.2.2] If EntryNodes and ExcludeNodes overlap, obey ExcludeNodes.
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit ad3da535366aeb9b7441f4881899758bc7475168 Author: Roger Dingledine <arma(a)torproject.org> Date: Sat Oct 17 18:54:20 2009 -0400 If EntryNodes and ExcludeNodes overlap, obey ExcludeNodes. --- src/or/circuitbuild.c | 6 ++++-- src/or/config.c | 3 ++- src/or/or.h | 4 ++-- src/or/routerlist.c | 13 ++++++++----- src/or/routerlist.h | 1 + 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 2d4d5c0..ebbda21 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2938,6 +2938,7 @@ warn_if_last_router_excluded(origin_circuit_t *circ, const extend_info_t *exit) description,exit->nickname, rs==options->ExcludeNodes?"":" or ExcludeExitNodes", (int)purpose); + /* XXX022-1090 "using anyway" is freaking people out -RD */ circuit_log_path(LOG_WARN, domain, circ); } @@ -3979,7 +3980,8 @@ entry_guards_prepend_from_config(or_options_t *options) * Perhaps we should do this calculation once whenever the list of routers * changes or the entrynodes setting changes. */ - routerset_get_all_routers(entry_routers, options->EntryNodes, 0); + routerset_get_all_routers(entry_routers, options->EntryNodes, + options->ExcludeNodes, 0); SMARTLIST_FOREACH(entry_routers, routerinfo_t *, ri, smartlist_add(entry_fps,ri->cache_info.identity_digest)); SMARTLIST_FOREACH(entry_guards, entry_guard_t *, e, { @@ -4155,7 +4157,7 @@ choose_random_entry(cpath_build_state_t *state) goto retry; } if (!r && entry_list_is_constrained(options) && consider_exit_family) { - /* still no? if we're using bridges or have strictentrynodes + /* still no? if we're using bridges or have StrictNodes * set, and our chosen exit is in the same family as all our * bridges/entry guards, then be flexible about families. */ consider_exit_family = 0; diff --git a/src/or/config.c b/src/or/config.c index 9675c73..bd904dc 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1412,7 +1412,8 @@ options_act(or_options_t *old_options) /* Check if we need to parse and add the EntryNodes config option. */ if (options->EntryNodes && (!old_options || - (!routerset_equal(old_options->EntryNodes,options->EntryNodes)))) + !routerset_equal(old_options->EntryNodes,options->EntryNodes) || + !routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes))) entry_nodes_should_be_added(); /* Since our options changed, we might need to regenerate and upload our diff --git a/src/or/or.h b/src/or/or.h index 06e6d7f..50a1223 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2387,7 +2387,7 @@ typedef struct { * ORs not to consider as exits. */ /** Union of ExcludeNodes and ExcludeExitNodes */ - struct routerset_t *_ExcludeExitNodesUnion; + routerset_t *_ExcludeExitNodesUnion; int DisableAllSwap; /**< Boolean: Attempt to call mlockall() on our * process for all current and future memory. */ @@ -3487,7 +3487,7 @@ typedef struct trusted_dir_server_t { #define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX -/* Flags for pick_directory_server and pick_trusteddirserver. */ +/* Flags for pick_directory_server() and pick_trusteddirserver(). */ /** Flag to indicate that we should not automatically be willing to use * ourself to answer a directory request. * Passed to router_pick_directory_server (et al).*/ diff --git a/src/or/routerlist.c b/src/or/routerlist.c index c02654f..5d9ab8c 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -5516,10 +5516,11 @@ routerset_contains_routerstatus(const routerset_t *set, routerstatus_t *rs) } /** Add every known routerinfo_t that is a member of routerset to - * out. If running_only, only add the running ones. */ + * out, but never add any that are part of excludeset. + * If running_only, only add the running ones. */ void routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset, - int running_only) + const routerset_t *excludeset, int running_only) { tor_assert(out); if (!routerset || !routerset->list) @@ -5529,12 +5530,13 @@ routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset, if (routerset_is_list(routerset)) { /* No routers are specified by type; all are given by name or digest. - * we can do a lookup in O(len(list)). */ + * we can do a lookup in O(len(routerset)). */ SMARTLIST_FOREACH(routerset->list, const char *, name, { routerinfo_t *router = router_get_by_nickname(name, 1); if (router) { if (!running_only || router->is_running) - smartlist_add(out, router); + if (!routerset_contains_router(excludeset, router)) + smartlist_add(out, router); } }); } else { @@ -5544,7 +5546,8 @@ routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset, SMARTLIST_FOREACH(rl->routers, routerinfo_t *, router, { if (running_only && !router->is_running) continue; - if (routerset_contains_router(routerset, router)) + if (routerset_contains_router(routerset, router) && + !routerset_contains_router(excludeset, router)) smartlist_add(out, router); }); } diff --git a/src/or/routerlist.h b/src/or/routerlist.h index ca42811..cd0eb95 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -173,6 +173,7 @@ int routerset_contains_routerstatus(const routerset_t *set, int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei); void routerset_get_all_routers(smartlist_t *out, const routerset_t *routerset, + const routerset_t *excludeset, int running_only); void routersets_get_disjunction(smartlist_t *target, const smartlist_t *source, const routerset_t *include,

1 0

[tor/release-0.2.2] Expose a new process_signal(uintptr_t), not signal_callback()
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit f810a1afe990788cd8f944a515a493902df84ed1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 26 15:20:08 2011 -0400 Expose a new process_signal(uintptr_t), not signal_callback() This is a tweak to the bug2917 fix. Basically, if we want to simulate a signal arriving in the controller, we shouldn't have to pretend that we're Libevent, or depend on how Tor sets up its Libevent callbacks. --- src/or/control.c | 3 ++- src/or/main.c | 10 +++++++++- src/or/main.h | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index bb1c330..9f7739a 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1222,7 +1222,8 @@ handle_control_signal(control_connection_t *conn, uint32_t len, /* Flush the "done" first if the signal might make us shut down. */ if (sig == SIGTERM || sig == SIGINT) connection_handle_write(TO_CONN(conn), 1); - signal_callback(0,0,(void*)(uintptr_t)sig); + + process_signal(sig); return 0; } diff --git a/src/or/main.c b/src/or/main.c index 5e4d88c..1699568 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1578,12 +1578,20 @@ do_main_loop(void) /** Libevent callback: invoked when we get a signal. */ -void +static void signal_callback(int fd, short events, void *arg) { uintptr_t sig = (uintptr_t)arg; (void)fd; (void)events; + + process_signal(sig); +} + +/** Do the work of acting on a signal received in sig */ +void +process_signal(uintptr_t sig) +{ switch (sig) { case SIGTERM: diff --git a/src/or/main.h b/src/or/main.h index 626bf1c..0551f7a 100644 --- a/src/or/main.h +++ b/src/or/main.h @@ -47,7 +47,7 @@ void ip_address_changed(int at_interface); void dns_servers_relaunch_checks(void); void handle_signals(int is_parent); -void signal_callback(int fd, short events, void *arg); +void process_signal(uintptr_t sig); int try_locking(or_options_t *options, int err_if_locked); int have_lockfile(void);

1 0

[tor/release-0.2.2] handle excludenodes for dir fetch/post
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 4906188b622872899f76cf01167cfef3e09cbffd Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 03:09:24 2011 -0500 handle excludenodes for dir fetch/post If we're picking a random directory node, never pick an excluded one. But if we've chosen a specific one (or all), allow it unless strictnodes is set (in which case warn so the user knows it's their fault). When warning that we won't connect to a strictly excluded node, log what it was we were trying to do at that node. When ExcludeNodes is set but StrictNodes is not set, we only use non-excluded nodes if we can, but fall back to using excluded nodes if none of those nodes is usable. --- src/or/directory.c | 31 +++++++++++++++++++++++++++++-- src/or/routerlist.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 2 deletions(-) diff --git a/src/or/directory.c b/src/or/directory.c index 8f33a60..0c095fe 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -253,10 +253,13 @@ directories_have_accepted_server_descriptor(void) } /** Start a connection to every suitable directory authority, using - * connection purpose 'purpose' and uploading the payload 'payload' - * (length 'payload_len'). dir_purpose should be one of + * connection purpose dir_purpose and uploading payload + * (of length payload_len). The dir_purpose should be one of * 'DIR_PURPOSE_UPLOAD_DIR' or 'DIR_PURPOSE_UPLOAD_RENDDESC'. * + * router_purpose describes the type of descriptor we're + * publishing, if we're publishing a descriptor -- e.g. general or bridge. + * * type specifies what sort of dir authorities (V1, V2, * HIDSERV, BRIDGE) we should upload to. * @@ -272,6 +275,7 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, const char *payload, size_t payload_len, size_t extrainfo_len) { + or_options_t *options = get_options(); int post_via_tor; smartlist_t *dirservers = router_get_trusted_dir_servers(); int found = 0; @@ -287,6 +291,16 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, if ((type & ds->type) == 0) continue; + if (options->ExcludeNodes && options->StrictNodes && + routerset_contains_routerstatus(options->ExcludeNodes, rs)) { + log_warn(LD_DIR, "Wanted to contact authority '%s' for %s, but " + "it's in our ExcludedNodes list and StrictNodes is set. " + "Skipping.", + ds->nickname, + dir_conn_purpose_to_string(dir_purpose)); + continue; + } + found = 1; /* at least one authority of this type was listed */ if (dir_purpose == DIR_PURPOSE_UPLOAD_DIR) ds->has_accepted_serverdesc = 0; @@ -496,12 +510,14 @@ directory_initiate_command_routerstatus_rend(routerstatus_t *status, time_t if_modified_since, const rend_data_t *rend_query) { + or_options_t *options = get_options(); routerinfo_t *router; char address_buf[INET_NTOA_BUF_LEN+1]; struct in_addr in; const char *address; tor_addr_t addr; router = router_get_by_digest(status->identity_digest); + if (!router && anonymized_connection) { log_info(LD_DIR, "Not sending anonymized request to directory '%s'; we " "don't have its router descriptor.", status->nickname); @@ -514,6 +530,17 @@ directory_initiate_command_routerstatus_rend(routerstatus_t *status, address = address_buf; } tor_addr_from_ipv4h(&addr, status->addr); + + if (options->ExcludeNodes && options->StrictNodes && + routerset_contains_routerstatus(options->ExcludeNodes, status)) { + log_warn(LD_DIR, "Wanted to contact directory mirror '%s' for %s, but " + "it's in our ExcludedNodes list and StrictNodes is set. " + "Skipping. This choice might make your Tor not work.", + status->nickname, + dir_conn_purpose_to_string(dir_purpose)); + return; + } + directory_initiate_command_rend(address, &addr, status->or_port, status->dir_port, status->version_supports_conditional_consensus, diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 5d9ab8c..29e2e96 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1070,6 +1070,7 @@ router_pick_trusteddirserver(authority_type_t type, int flags) static routerstatus_t * router_pick_directory_server_impl(authority_type_t type, int flags) { + or_options_t *options = get_options(); routerstatus_t *result; smartlist_t *direct, *tunnel; smartlist_t *trusted_direct, *trusted_tunnel; @@ -1079,10 +1080,13 @@ router_pick_directory_server_impl(authority_type_t type, int flags) int requireother = ! (flags & PDS_ALLOW_SELF); int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL); int prefer_tunnel = (flags & _PDS_PREFER_TUNNELED_DIR_CONNS); + int try_excluding = 1, n_excluded = 0; if (!consensus) return NULL; + retry_without_exclude: + direct = smartlist_create(); tunnel = smartlist_create(); trusted_direct = smartlist_create(); @@ -1114,6 +1118,11 @@ router_pick_directory_server_impl(authority_type_t type, int flags) if ((type & EXTRAINFO_CACHE) && !router_supports_extrainfo(status->identity_digest, 0)) continue; + if (try_excluding && options->ExcludeNodes && + routerset_contains_routerstatus(options->ExcludeNodes, status)) { + ++n_excluded; + continue; + } /* XXXX IP6 proposal 118 */ tor_addr_from_ipv4h(&addr, status->addr); @@ -1155,6 +1164,15 @@ router_pick_directory_server_impl(authority_type_t type, int flags) smartlist_free(trusted_tunnel); smartlist_free(overloaded_direct); smartlist_free(overloaded_tunnel); + + if (result == NULL && try_excluding && !options->StrictNodes && n_excluded) { + /* If we got no result, and we are excluding nodes, and StrictNodes is + * not set, try again without excluding nodes. */ + try_excluding = 0; + n_excluded = 0; + goto retry_without_exclude; + } + return result; } @@ -1165,6 +1183,7 @@ static routerstatus_t * router_pick_trusteddirserver_impl(authority_type_t type, int flags, int *n_busy_out) { + or_options_t *options = get_options(); smartlist_t *direct, *tunnel; smartlist_t *overloaded_direct, *overloaded_tunnel; routerinfo_t *me = router_get_my_routerinfo(); @@ -1175,10 +1194,13 @@ router_pick_trusteddirserver_impl(authority_type_t type, int flags, const int prefer_tunnel = (flags & _PDS_PREFER_TUNNELED_DIR_CONNS); const int no_serverdesc_fetching =(flags & PDS_NO_EXISTING_SERVERDESC_FETCH); int n_busy = 0; + int try_excluding = 1, n_excluded = 0; if (!trusted_dir_servers) return NULL; + retry_without_exclude: + direct = smartlist_create(); tunnel = smartlist_create(); overloaded_direct = smartlist_create(); @@ -1197,6 +1219,12 @@ router_pick_trusteddirserver_impl(authority_type_t type, int flags, continue; if (requireother && me && router_digest_is_me(d->digest)) continue; + if (try_excluding && options->ExcludeNodes && + routerset_contains_routerstatus(options->ExcludeNodes, + &d->fake_status)) { + ++n_excluded; + continue; + } /* XXXX IP6 proposal 118 */ tor_addr_from_ipv4h(&addr, d->addr); @@ -1243,6 +1271,15 @@ router_pick_trusteddirserver_impl(authority_type_t type, int flags, smartlist_free(tunnel); smartlist_free(overloaded_direct); smartlist_free(overloaded_tunnel); + + if (result == NULL && try_excluding && !options->StrictNodes && n_excluded) { + /* If we got no result, and we are excluding nodes, and StrictNodes is + * not set, try again without excluding nodes. */ + try_excluding = 0; + n_excluded = 0; + goto retry_without_exclude; + } + return result; }

1 0

[tor/release-0.2.2] don't exit enclave to excluded relays
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 719b5b87dee4910bb3e2d29db6e2012416f60d3d Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 03:57:01 2011 -0500 don't exit enclave to excluded relays --- src/or/routerlist.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 29e2e96..523596d 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1538,6 +1538,8 @@ routerlist_find_my_routerinfo(void) /** Find a router that's up, that has this IP address, and * that allows exit to this address:port, or return NULL if there * isn't a good one. + * Don't exit enclave to excluded relays -- it wouldn't actually + * hurt anything, but this way there are fewer confused users. */ routerinfo_t * router_find_exact_exit_enclave(const char *address, uint16_t port) @@ -1545,6 +1547,7 @@ router_find_exact_exit_enclave(const char *address, uint16_t port) uint32_t addr; struct in_addr in; tor_addr_t a; + or_options_t *options = get_options(); if (!tor_inet_aton(address, &in)) return NULL; /* it's not an IP already */ @@ -1557,7 +1560,8 @@ router_find_exact_exit_enclave(const char *address, uint16_t port) if (router->addr == addr && router->is_running && compare_tor_addr_to_addr_policy(&a, port, router->exit_policy) == - ADDR_POLICY_ACCEPTED) + ADDR_POLICY_ACCEPTED && + !routerset_contains_router(options->_ExcludeExitNodesUnion, router)) return router; }); return NULL;

1 0

[tor/release-0.2.2] refuse excluded hidserv nodes if strictnodes
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 82178a81f6748c9b26bdc8a5da36dd34b689281b Author: Roger Dingledine <arma(a)torproject.org> Date: Sat Oct 17 18:52:18 2009 -0400 refuse excluded hidserv nodes if strictnodes Make hidden services more flaky for people who set both ExcludeNodes and StrictNodes. Not recommended, especially for hidden service operators. --- src/or/rendclient.c | 56 +++++++++++++++++++++++++++++++++++++++++++++---- src/or/rendservice.c | 14 +++++++++++- 2 files changed, 64 insertions(+), 6 deletions(-) diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 8ac909f..90304c3 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -22,6 +22,9 @@ #include "rephist.h" #include "routerlist.h" +static extend_info_t *rend_client_get_random_intro_impl( + const rend_data_t *rend_query, const int strict); + /** Called when we've established a circuit to an introduction point: * send the introduction request. */ void @@ -739,10 +742,31 @@ rend_client_desc_trynow(const char *query) extend_info_t * rend_client_get_random_intro(const rend_data_t *rend_query) { + extend_info_t *result; + /* See if we can get a node that complies with ExcludeNodes */ + if ((result = rend_client_get_random_intro_impl(rend_query, 1))) + return result; + /* If not, and StrictNodes is not set, see if we can return any old node + */ + if (!get_options()->StrictNodes) + return rend_client_get_random_intro_impl(rend_query, 0); + return NULL; +} + +/** As rend_client_get_random_intro, except assume that StrictNodes is set + * iff strict is true. + */ +static extend_info_t * +rend_client_get_random_intro_impl(const rend_data_t *rend_query, + const int strict) +{ int i; rend_cache_entry_t *entry; rend_intro_point_t *intro; routerinfo_t *router; + or_options_t *options = get_options(); + smartlist_t *usable_nodes; + int n_excluded = 0; if (rend_cache_lookup_entry(rend_query->onion_address, -1, &entry) < 1) { log_warn(LD_REND, @@ -750,13 +774,26 @@ rend_client_get_random_intro(const rend_data_t *rend_query) safe_str_client(rend_query->onion_address)); return NULL; } + /* We'll keep a separate list of the usable nodes. If this becomes empty, + * no nodes are usable. */ + usable_nodes = smartlist_create(); + smartlist_add_all(usable_nodes, entry->parsed->intro_nodes); again: - if (smartlist_len(entry->parsed->intro_nodes) == 0) + if (smartlist_len(usable_nodes) == 0) { + if (n_excluded && get_options()->StrictNodes) { + /* We only want to warn if StrictNodes is really set. Otherwise + * we're just about to retry anyways. + */ + log_warn(LD_REND, "All introduction points for hidden service are " + "at excluded relays, and StrictNodes is set. Skipping."); + } + smartlist_free(usable_nodes); return NULL; + } - i = crypto_rand_int(smartlist_len(entry->parsed->intro_nodes)); - intro = smartlist_get(entry->parsed->intro_nodes, i); + i = crypto_rand_int(smartlist_len(usable_nodes)); + intro = smartlist_get(usable_nodes, i); /* Do we need to look up the router or is the extend info complete? */ if (!intro->extend_info->onion_key) { if (tor_digest_is_zero(intro->extend_info->identity_digest)) @@ -766,13 +803,22 @@ rend_client_get_random_intro(const rend_data_t *rend_query) if (!router) { log_info(LD_REND, "Unknown router with nickname '%s'; trying another.", intro->extend_info->nickname); - rend_intro_point_free(intro); - smartlist_del(entry->parsed->intro_nodes, i); + smartlist_del(usable_nodes, i); goto again; } extend_info_free(intro->extend_info); intro->extend_info = extend_info_from_router(router); } + /* Check if we should refuse to talk to this router. */ + if (options->ExcludeNodes && strict && + routerset_contains_extendinfo(options->ExcludeNodes, + intro->extend_info)) { + n_excluded++; + smartlist_del(usable_nodes, i); + goto again; + } + + smartlist_free(usable_nodes); return extend_info_dup(intro->extend_info); } diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 4503982..88f1ba3 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -848,6 +848,7 @@ clean_accepted_intros(rend_service_t *service, time_t now) /** Respond to an INTRODUCE2 cell by launching a circuit to the chosen * rendezvous point. */ + /* XXX022 this function sure could use some organizing. -RD */ int rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, size_t request_len) @@ -875,6 +876,8 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, time_t now = time(NULL); char diffie_hellman_hash[DIGEST_LEN]; time_t *access_time; + or_options_t *options = get_options(); + tor_assert(circuit->rend_data); base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, @@ -1047,6 +1050,15 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, goto err; } + /* Check if we'd refuse to talk to this router */ + if (options->ExcludeNodes && options->StrictNodes && + routerset_contains_extendinfo(options->ExcludeNodes, extend_info)) { + log_warn(LD_REND, "Client asked to rendezvous at a relay that we " + "exclude, and StrictNodes is set. Refusing service."); + reason = END_CIRC_REASON_INTERNAL; /* XXX might leak why we refused */ + goto err; + } + r_cookie = ptr; base16_encode(hexcookie,9,r_cookie,4); @@ -1394,7 +1406,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit) /** Called when we get an INTRO_ESTABLISHED cell; mark the circuit as a * live introduction point, and note that the service descriptor is - * now out-of-date.*/ + * now out-of-date. */ int rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request,

1 0

[tor/release-0.2.2] slight tweak on circuit_conforms_to_options
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 7e2e8074d52f9ace76d98a62d67a4bf781f06c3b Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Mar 11 03:22:53 2011 -0500 slight tweak on circuit_conforms_to_options this function really needs to get a total rewrite (or die) For now, use #if 0 to disable it. --- src/or/circuituse.c | 23 ++++++++++++----------- src/or/circuituse.h | 2 ++ 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/or/circuituse.c b/src/or/circuituse.c index cdf49e3..7b20f7f 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -242,33 +242,34 @@ circuit_get_best(edge_connection_t *conn, int must_be_open, uint8_t purpose, return best ? TO_ORIGIN_CIRCUIT(best) : NULL; } +#if 0 /** Check whether, according to the policies in options, the * circuit circ makes sense. */ -/* XXXX currently only checks Exclude{Exit}Nodes. It should check more. */ +/* XXXX currently only checks Exclude{Exit}Nodes; it should check more. + * Also, it doesn't have the right definition of an exit circuit. Also, + * it's never called. */ int circuit_conforms_to_options(const origin_circuit_t *circ, const or_options_t *options) { const crypt_path_t *cpath, *cpath_next = NULL; - for (cpath = circ->cpath; cpath && cpath_next != circ->cpath; - cpath = cpath_next) { + /* first check if it includes any excluded nodes */ + for (cpath = circ->cpath; cpath_next != circ->cpath; cpath = cpath_next) { cpath_next = cpath->next; - if (routerset_contains_extendinfo(options->ExcludeNodes, cpath->extend_info)) return 0; + } - if (cpath->next == circ->cpath) { - /* This is apparently the exit node. */ + /* then consider the final hop */ + if (routerset_contains_extendinfo(options->ExcludeExitNodes, + circ->cpath->prev->extend_info)) + return 0; - if (routerset_contains_extendinfo(options->ExcludeExitNodes, - cpath->extend_info)) - return 0; - } - } return 1; } +#endif /** Close all circuits that start at us, aren't open, and were born * at least CircuitBuildTimeout seconds ago. diff --git a/src/or/circuituse.h b/src/or/circuituse.h index a121099..9f393ab 100644 --- a/src/or/circuituse.h +++ b/src/or/circuituse.h @@ -16,8 +16,10 @@ void circuit_expire_building(void); void circuit_remove_handled_ports(smartlist_t *needed_ports); int circuit_stream_is_being_handled(edge_connection_t *conn, uint16_t port, int min); +#if 0 int circuit_conforms_to_options(const origin_circuit_t *circ, const or_options_t *options); +#endif void circuit_build_needed_circs(time_t now); void circuit_detach_stream(circuit_t *circ, edge_connection_t *conn);

1 0

[tor/release-0.2.2] Downgrade notice to info when downloading a cert.
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit bb6d45af1fc738b9f71e798cde6c7564172b6e04 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 26 12:46:07 2011 -0400 Downgrade notice to info when downloading a cert. --- changes/bug2899 | 4 ++++ src/or/routerlist.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/changes/bug2899 b/changes/bug2899 new file mode 100644 index 0000000..6af86d0 --- /dev/null +++ b/changes/bug2899 @@ -0,0 +1,4 @@ + - Minor bugfixes: + o Downgrade "no current certificates known for authority" message from + Notice to Info. Bugfix on 0.2.0.10-alpha; fixes bug 2899. + diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 4deff53..c02654f 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -531,8 +531,8 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now) if (!found && download_status_is_ready(&cl->dl_status, now,MAX_CERT_DL_FAILURES) && !digestmap_get(pending, ds->v3_identity_digest)) { - log_notice(LD_DIR, "No current certificate known for authority %s; " - "launching request.", ds->nickname); + log_info(LD_DIR, "No current certificate known for authority %s; " + "launching request.", ds->nickname); smartlist_add(missing_digests, ds->v3_identity_digest); } } SMARTLIST_FOREACH_END(ds);

1 0

[tor/release-0.2.2] fix some comments before they create conflicts
by arma＠torproject.org 27 Apr '11

27 Apr '11

commit 9d673dcd206289bceb8f5ff527e63336ef0a50b9 Author: Roger Dingledine <arma(a)torproject.org> Date: Tue Apr 26 11:28:49 2011 -0400 fix some comments before they create conflicts --- src/or/rephist.c | 44 +++++++++++++++++++++++--------------------- 1 files changed, 23 insertions(+), 21 deletions(-) diff --git a/src/or/rephist.c b/src/or/rephist.c index 524cd1d..5703e3e 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -992,10 +992,10 @@ find_next_with(smartlist_t *sl, int i, const char *prefix) return -1; } -/** How many bad times has parse_possibly_bad_iso_time parsed? */ +/** How many bad times has parse_possibly_bad_iso_time() parsed? */ static int n_bogus_times = 0; /** Parse the ISO-formatted time in s into *time_out, but - * rounds any pre-1970 date to Jan 1, 1970. */ + * round any pre-1970 date to Jan 1, 1970. */ static int parse_possibly_bad_iso_time(const char *s, time_t *time_out) { @@ -1288,7 +1288,7 @@ commit_max(bw_array_t *b) b->total_in_period = 0; } -/** Shift the current observation time of 'b' forward by one second. */ +/** Shift the current observation time of b forward by one second. */ static INLINE void advance_obs(bw_array_t *b) { @@ -1318,16 +1318,16 @@ advance_obs(bw_array_t *b) static INLINE void add_obs(bw_array_t *b, time_t when, uint64_t n) { - /* Don't record data in the past. */ - if (when<b->cur_obs_time) - return; + if (when < b->cur_obs_time) + return; /* Don't record data in the past. */ + /* If we're currently adding observations for an earlier second than * 'when', advance b->cur_obs_time and b->cur_obs_idx by an - * appropriate number of seconds, and do all the other housekeeping */ - while (when>b->cur_obs_time) { + * appropriate number of seconds, and do all the other housekeeping. */ + while (when > b->cur_obs_time) { /* Doing this one second at a time is potentially inefficient, if we start with a state file that is very old. Fortunately, it doesn't seem to - show up in profiles, so we can just ignore it for now. */ + show up in profiles, so we can just ignore it for now. */ advance_obs(b); } @@ -1375,7 +1375,7 @@ bw_arrays_init(void) dir_write_array = bw_array_new(); } -/** We read num_bytes more bytes in second when. +/** Remember that we read num_bytes bytes in second when. * * Add num_bytes to the current running total for when. * @@ -1396,7 +1396,7 @@ rep_hist_note_bytes_written(size_t num_bytes, time_t when) add_obs(write_array, when, num_bytes); } -/** We wrote num_bytes more bytes in second when. +/** Remember that we wrote num_bytes bytes in second when. * (like rep_hist_note_bytes_written() above) */ void @@ -1406,8 +1406,8 @@ rep_hist_note_bytes_read(size_t num_bytes, time_t when) add_obs(read_array, when, num_bytes); } -/** We wrote num_bytes more directory bytes in second when. - * (like rep_hist_note_bytes_written() above) +/** Remember that we wrote num_bytes directory bytes in second + * when. (like rep_hist_note_bytes_written() above) */ void rep_hist_note_dir_bytes_written(size_t num_bytes, time_t when) @@ -1415,8 +1415,8 @@ rep_hist_note_dir_bytes_written(size_t num_bytes, time_t when) add_obs(dir_write_array, when, num_bytes); } -/** We read num_bytes more directory bytes in second when. - * (like rep_hist_note_bytes_written() above) +/** Remember that we read num_bytes directory bytes in second + * when. (like rep_hist_note_bytes_written() above) */ void rep_hist_note_dir_bytes_read(size_t num_bytes, time_t when) @@ -1511,7 +1511,8 @@ rep_hist_fill_bandwidth_history(char *buf, size_t len, const bw_array_t *b) } /** Allocate and return lines for representing this server's bandwidth - * history in its descriptor. + * history in its descriptor. We publish these lines in our extra-info + * descriptor. */ char * rep_hist_get_bandwidth_lines(void) @@ -1559,7 +1560,7 @@ rep_hist_get_bandwidth_lines(void) } /** Write a single bw_array_t into the Values, Ends, Interval, and Maximum - * entries of an or_state_t. */ + * entries of an or_state_t. Done before writing out a new state file. */ static void rep_hist_update_bwhist_state_section(or_state_t *state, const bw_array_t *b, @@ -1619,7 +1620,8 @@ rep_hist_update_bwhist_state_section(or_state_t *state, smartlist_add(*s_maxima, cp); } -/** Update state with the newest bandwidth history. */ +/** Update state with the newest bandwidth history. Done before + * writing out a new state file. */ void rep_hist_update_state(or_state_t *state) { @@ -1643,7 +1645,7 @@ rep_hist_update_state(or_state_t *state) } /** Load a single bw_array_t from its Values, Ends, Maxima, and Interval - * entries in an or_state_t. */ + * entries in an or_state_t. Done while reading the state file. */ static int rep_hist_load_bwhist_state_section(bw_array_t *b, const smartlist_t *s_values, @@ -1718,7 +1720,7 @@ rep_hist_load_bwhist_state_section(bw_array_t *b, return retval; } -/** Set bandwidth history from our saved state. */ +/** Set bandwidth history from the state file we just loaded. */ int rep_hist_load_state(or_state_t *state, char **err) { @@ -1766,7 +1768,7 @@ static smartlist_t *predicted_ports_times=NULL; static void add_predicted_port(time_t now, uint16_t port) { - /* XXXX we could just use uintptr_t here, I think. */ + /* XXXX we could just use uintptr_t here, I think. -NM */ uint16_t *tmp_port = tor_malloc(sizeof(uint16_t)); time_t *tmp_time = tor_malloc(sizeof(time_t)); *tmp_port = port;

1 0