July 2011 - tor-commits - lists.torproject.org

[tor/release-0.2.2] Fix a rare memory leak in rend_cache_store
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit 46297bc7bd86826fa79195f36059ce408ef45b6c Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 11:52:39 2011 -0400 Fix a rare memory leak in rend_cache_store When we rejected a descriptor for not being the one we wanted, we were letting the parsed descriptor go out of scope. Found by Coverity; CID # 30. Bugfix on 0.2.1.26. (No changes file yet, since this is not in any 0.2.1.x release.) --- src/or/rendcommon.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index 8727a70..e0c101e 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1077,6 +1077,7 @@ rend_cache_store(const char *desc, size_t desc_len, int published, log_warn(LD_REND, "Received service descriptor for service ID %s; " "expected descriptor for service ID %s.", query, safe_str(service_id)); + rend_service_descriptor_free(parsed); return -2; } now = time(NULL);

1 0

[tor/release-0.2.2] Use strlcpy in create_unix_sockaddr()
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit 959da6b7f2b5ed63426fd12a9046ac06033f6db1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jul 1 12:06:54 2011 -0400 Use strlcpy in create_unix_sockaddr() Using strncpy meant that if listenaddress were ever >= sizeof(sockaddr_un.sun_path), we would fail to nul-terminate sun_path. This isn't a big deal: we never read sun_path, and the kernel is smart enough to reject the sockaddr_un if it isn't nul-terminated. Nonetheless, it's a dumb failure mode. Instead, we should reject addresses that don't fit in sockaddr_un.sun_path. Coverity found this; it's CID 428. Bugfix on 0.2.0.3-alpha. --- changes/cid_428 | 5 +++++ src/or/connection.c | 8 +++++++- 2 files changed, 12 insertions(+), 1 deletions(-) diff --git a/changes/cid_428 b/changes/cid_428 new file mode 100644 index 0000000..cb0fc8c --- /dev/null +++ b/changes/cid_428 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Always NUL-terminate the sun_path field of a sockaddr_un before + passing it to the kernel. (Not a security issue: kernels are + smart enough to reject bad sockaddr_uns.) Found by Coverity; CID + # 428. Bugfix on Tor 0.2.0.3-alpha. diff --git a/src/or/connection.c b/src/or/connection.c index 4869a24..2897fe1 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -804,7 +804,13 @@ create_unix_sockaddr(const char *listenaddress, char **readable_address, sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un)); sockaddr->sun_family = AF_UNIX; - strncpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path)); + if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path)) + >= sizeof(sockaddr->sun_path)) { + log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.", + escaped(listenaddress)); + tor_free(sockaddr); + return NULL; + } if (readable_address) *readable_address = tor_strdup(listenaddress);

1 0

[tor/release-0.2.2] Improve documentation of smartlist_split_string
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit 2b5ebc70973b1c0dd62201908632733c0953a4ec Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Wed Jun 22 13:47:32 2011 -0700 Improve documentation of smartlist_split_string --- src/common/container.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/common/container.c b/src/common/container.c index da44b7f..1515c38 100644 --- a/src/common/container.c +++ b/src/common/container.c @@ -338,7 +338,8 @@ smartlist_insert(smartlist_t *sl, int idx, void *val) /** * Split a string str along all occurrences of sep, - * adding the split strings, in order, to sl. + * appending the (newly allocated) split strings, in order, to + * sl. Return the number of strings added to sl. * * If flags&SPLIT_SKIP_SPACE is true, remove initial and * trailing space from each entry. @@ -347,7 +348,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val) * If flags&SPLIT_STRIP_SPACE is true, strip spaces from each * split string. * - * If max>0, divide the string into no more than max pieces. If + * If max\>0, divide the string into no more than max pieces. If * sep is NULL, split on any sequence of horizontal space. */ int

1 0

[tor/release-0.2.2] Fix minor comment issues
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit d7254bea11a0fc2685cc2ea24fb57d2ab3945b2f Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Sun Jun 19 01:28:40 2011 -0700 Fix minor comment issues --- src/common/compat.c | 2 +- src/or/connection.c | 6 +++--- src/or/or.h | 6 +++--- src/test/Makefile.am | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/common/compat.c b/src/common/compat.c index 9377959..c983925 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -415,7 +415,7 @@ tor_vasprintf(char **strp, const char *fmt, va_list args) * * This function is not timing-safe. * - * Requires that nlen be greater than zero. + * Requires that nlen be greater than zero. */ const void * tor_memmem(const void *_haystack, size_t hlen, diff --git a/src/or/connection.c b/src/or/connection.c index a9e3a74..b2412a2 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -2751,15 +2751,15 @@ connection_outbuf_too_full(connection_t *conn) return (conn->outbuf_flushlen > 10*CELL_PAYLOAD_SIZE); } -/** Try to flush more bytes onto conn-\>s. +/** Try to flush more bytes onto conn-\>s. * * This function gets called either from conn_write() in main.c * when poll() has declared that conn wants to write, or below * from connection_write_to_buf() when an entire TLS record is ready. * - * Update conn-\>timestamp_lastwritten to now, and call flush_buf + * Update conn-\>timestamp_lastwritten to now, and call flush_buf * or flush_buf_tls appropriately. If it succeeds and there are no more - * more bytes on conn->outbuf, then call connection_finished_flushing + * more bytes on conn-\>outbuf, then call connection_finished_flushing * on it too. * * If force, then write as many bytes as possible, ignoring bandwidth diff --git a/src/or/or.h b/src/or/or.h index 97fecd1..1909887 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2318,14 +2318,14 @@ typedef struct or_circuit_t { cell_ewma_t p_cell_ewma; } or_circuit_t; -/** Convert a circuit subtype to a circuit_t.*/ +/** Convert a circuit subtype to a circuit_t. */ #define TO_CIRCUIT(x) (&((x)->_base)) -/** Convert a circuit_t* to a pointer to the enclosing or_circuit_t. Asserts +/** Convert a circuit_t* to a pointer to the enclosing or_circuit_t. Assert * if the cast is impossible. */ static or_circuit_t *TO_OR_CIRCUIT(circuit_t *); /** Convert a circuit_t* to a pointer to the enclosing origin_circuit_t. - * Asserts if the cast is impossible. */ + * Assert if the cast is impossible. */ static origin_circuit_t *TO_ORIGIN_CIRCUIT(circuit_t *); static INLINE or_circuit_t *TO_OR_CIRCUIT(circuit_t *x) diff --git a/src/test/Makefile.am b/src/test/Makefile.am index 546fa2f..904719d 100644 --- a/src/test/Makefile.am +++ b/src/test/Makefile.am @@ -8,7 +8,7 @@ AM_CPPFLAGS = -DSHARE_DATADIR="\"$(datadir)\"" \ -I"$(top_srcdir)/src/or" # -L flags need to go in LDFLAGS. -l flags need to go in LDADD. -# This seems to matter nowhere but on windows, but I assure you that it +# This seems to matter nowhere but on Windows, but I assure you that it # matters a lot there, and is quite hard to debug if you forget to do it. test_SOURCES = \

1 0

[tor/release-0.2.2] Fix comment typo
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit 8a55da57ed17dfb9cefe3193cbda53a15547630e Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Sun Jun 19 01:25:51 2011 -0700 Fix comment typo --- src/test/tinytest_demo.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/test/tinytest_demo.c b/src/test/tinytest_demo.c index bd33cc3..4d2f588 100644 --- a/src/test/tinytest_demo.c +++ b/src/test/tinytest_demo.c @@ -39,7 +39,7 @@ /* ============================================================ */ /* First, let's see if strcmp is working. (All your test cases should be - * functions declared to take a single void * as) an argument. */ + * functions declared to take a single void * as an argument.) */ void test_strcmp(void *data) {

1 0

[tor/release-0.2.2] explain that the ./publish should happen soon after the scp
by arma＠torproject.org 06 Jul '11

06 Jul '11

commit b181985a8f98c0ba15230912f059e1fcf7c626f1 Author: Roger Dingledine <arma(a)torproject.org> Date: Tue Jun 21 00:37:18 2011 -0400 explain that the ./publish should happen soon after the scp otherwise you scp a tarball up but only one version of the website has it. --- doc/HACKING | 22 +++++++++++++--------- 1 files changed, 13 insertions(+), 9 deletions(-) diff --git a/doc/HACKING b/doc/HACKING index 7ff9c5f..feeb05d 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -456,7 +456,6 @@ interesting and understandable. 2.7) Run it through fmt to make it pretty. - 3) Compose a short release blurb to highlight the user-facing changes. Insert said release blurb into the ChangeLog stanza. If it's a stable release, add it to the ReleaseNotes file too. If we're adding @@ -472,15 +471,19 @@ or somebody to try building it on Windows. 6) Get at least two of weasel/arma/karsten to put the new version number in their approved versions list. -7) Sign and push the tarball to the website in the dist/ directory. Sign -and push the git tag. - (That's either "git tag -u <keyid> tor-0.2.x.y-status", then - "git push origin tag tor-0.2.x.y-status". To sign the - tarball, "gpg -ba <the_tarball>". Put the files in - /srv/www-master.torproject.org/htdocs/dist/ on vescum.) +7) Sign the tarball, then sign and push the git tag: + gpg -ba <the_tarball> + git tag -u <keyid> tor-0.2.x.y-status + git push origin tag tor-0.2.x.y-status + +8) scp the tarball and its sig to the website in the dist/ directory +(i.e. /srv/www-master.torproject.org/htdocs/dist/ on vescum). Edit +include/versions.wmi to note the new version. From your website checkout, +run ./publish to build and publish the website. -8) Edit include/versions.wmi to note the new version. From your website -checkout, run ./publish to build and publish the website. +Try not to delay too much between scp'ing the tarball and running +./publish -- the website has multiple A records and your scp only sent +it to one of them. 9) Email Erinn and weasel (cc'ing tor-assistants) that a new tarball is up. This step should probably change to mailing more packagers. @@ -498,3 +501,4 @@ changelog to tor-talk or tor-announce. (We might be moving to faster announcements, but don't announce until the website is at least updated.) +

1 0

[arm/master] Torrc generation from the wizard input
by atagar＠torproject.org 05 Jul '11

05 Jul '11

commit b888d3657c85beed4c63d1db4e3df06f4ffeef3d Author: Damian Johnson <atagar(a)torproject.org> Date: Mon Jul 4 22:45:19 2011 -0700 Torrc generation from the wizard input This is most of the functionality needed to generate a torrc from the relay setup wizard's input (minus a few special-case fields like the exit policy and burst rate). This is done via a template that's filled in by the wizard results. The templating language just contains the simple set of control structures (if, if not, or) needed for this. --- src/cli/wizard.py | 43 +++++++++++++++- src/resources/torrcTemplate.txt | 77 ++++++++++++++++++++++++++++ src/util/torConfig.py | 106 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 224 insertions(+), 2 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index 8239487..03cfb48 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -3,13 +3,18 @@ Provides user prompts for setting up a new relay. This autogenerates a torrc that's used by arm to run its own tor instance. """ +import os +import sys import functools import curses import cli.popups import cli.controller -from util import connections, enum, uiTools +from util import connections, enum, log, torConfig, uiTools + +# template used to generate the torrc +TORRC_TEMPLATE = "resources/torrcTemplate.txt" # basic configuration types we can run as RelayType = enum.Enum("RELAY", "EXIT", "BRIDGE", "CLIENT") @@ -249,7 +254,10 @@ def showWizard(): selection = promptConfigOptions(relayType, config) if selection == BACK: relayType = None - elif selection == NEXT: break # TODO: implement next screen + elif selection == NEXT: + generatedTorrc = getTorrc(relayType, config) + log.log(log.NOTICE, "Resulting torrc:\n%s" % generatedTorrc) + break # TODO: implement next screen # redraws screen to clear away the dialog we just showed cli.controller.getController().requestRedraw(True) @@ -407,6 +415,37 @@ def promptConfigOptions(relayType, config): finally: cli.popups.finalize() +def getTorrc(relayType, config): + """ + Provides the torrc generated for the given options. + """ + + pathPrefix = os.path.dirname(sys.argv[0]) + if pathPrefix and not pathPrefix.endswith("/"): + pathPrefix = pathPrefix + "/" + + templateFile = open("%s%s" % (pathPrefix, TORRC_TEMPLATE), "r") + template = templateFile.readlines() + templateFile.close() + + # generates the options the template expects + templateOptions = {} + + for key, value in config.items(): + if isinstance(value, ConfigOption): + value = value.getValue() + + templateOptions[key.upper()] = value + + #templateOptions = dict([(key.upper(), config[key].getValue()) for key in config]) + templateOptions[relayType.upper()] = True + templateOptions["LOW_PORTS"] = config[Options.LOWPORTS] + #templateOptions["BURST"] = config[Options.BANDWIDTH] * 2 # TODO: implement + templateOptions["NOTICE_PATH"] = "/path/to/.arm/exit-notice.html" # TODO: actually prepend the right prefix + templateOptions["EXIT_POLICY"] = "" # TODO: fill in configured policy + + return torConfig.renderTorrc(template, templateOptions) + def _splitStr(msg, width): """ Splits a string into substrings of a given length. diff --git a/src/resources/torrcTemplate.txt b/src/resources/torrcTemplate.txt new file mode 100644 index 0000000..bb4dccd --- /dev/null +++ b/src/resources/torrcTemplate.txt @@ -0,0 +1,77 @@ +# This is a tor configuration made by arm. To change the configuration by hand +# edit this file then either... +# - tell arm to reset tor by pressing 'x' +# - run 'pkill -sighup tor' +# - restart tor +# +# Descriptions of all of these configuraiton attibutes (and many more) are +# available in the tor man page. +[NEWLINE] +ControlPort 9052 # port controllers can connect to +CookieAuthentication 1 # method for controller authentication + +[IF RELAY | EXIT | BRIDGE] + RunAsDaemon 1 # runs as a background process +[END IF] +[NEWLINE] + +[IF RELAY | EXIT | BRIDGE] + [IF LOWPORTS] + ORPort 443 # port used for relaying traffic + [ELSE] + ORPort 9001 # port used for relaying traffic + [END IF] + + [IF RELAY | EXIT] + [IF LOWPORTS] + DirPort 80 # port used for mirroring directory information + [ELSE] + DirPort 9030 # port used for mirroring directory information + [END IF] + + Nickname [NICKNAME] # name for this relay + ContactInfo [CONTACT] # contact information in case there's an issue + [END IF] + + [IF BRIDGE] + BridgeRelay 1 # makes us a bridge rather than a public relay + + [IF DISTRIBUTE] + # TODO: drop this? + PublishServerDescriptor bridge # publishes to users looking for bridges + [ELSE] + PublishServerDescriptor 0 # keeps our bridge descriptor private + [END IF] + [END IF] + + RelayBandwidthRate [BANDWIDTH] # limit for the bandwidth we'll use to relay + RelayBandwidthBurst [BURST] # maximum rate when relaying bursts of traffic + AccountingMax [LIMIT] # maximum amount of traffic we'll relay per month + + [IF NOT CLIENT] + SocksPort 0 # prevents tor from being used as a client + [END IF] + + [IF PORTFORWARD] + PortForwarding 1 # negotiates UPnP and NAT-PMP if needed + [END IF] + + [IF RELAY | BRIDGE] + ExitPolicy reject *:* # prevents us from connecting to non-relays + [ELSE] + [IF NOTICE] + DirPortFrontPage [NOTICE_PATH] # disclaimer saying that this is an exit + [END IF] + + [EXIT_POLICY] + [END IF] +[ELSE] + ClientOnly 1 # prevents us from ever being used as a relay + MaxCircuitDirtiness [REUSE] # duration that circuits can be reused + + [IF BRIDGED] + UseBridges 1 # uses the following bridges to connect + [BRIDGES] + [END IF] +[END IF] + diff --git a/src/util/torConfig.py b/src/util/torConfig.py index a63eddb..e5f1cb2 100644 --- a/src/util/torConfig.py +++ b/src/util/torConfig.py @@ -845,3 +845,109 @@ def _testConfigDescriptions(): print "\"%s\"" % description if i != len(sortedOptions) - 1: print "-" * 80 +def renderTorrc(template, options, commentIndent = 30): + """ + Uses the given template to generate a nicely formatted torrc with the given + options. The tempating language this recognizes is a simple one, recognizing + the following options: + [IF <option>] # if <option> maps to true or a non-empty string + [IF NOT <option>] # logical inverse + [IF <opt1> | <opt2>] # logical or of the options + [ELSE] # if the prior conditional evaluated to false + [END IF] # ends the control block + + [<option>] # inputs the option value, omitting the line if it maps + # to a boolean or empty string + [NEWLINE] # empty line, otherwise templating white space is ignored + + Arguments: + template - torrc template lines used to generate the results + options - mapping of keywords to their given values, with values + being booleans or strings (possibly multi-line) + commentIndent - minimum column that comments align on + """ + + results = [] + templateIter = iter(template) + commentLineFormat = "%%-%is%%s" % commentIndent + + try: + while True: + line = templateIter.next().strip() + + if line.startswith("[IF ") and line.endswith("]"): + # checks if any of the conditional options are true or a non-empty string + evaluatesTrue = False + for cond in line[4:-1].split("|"): + isInverse = False + if cond.startswith("NOT "): + isInverse = True + cond = cond[4:] + + if isInverse != bool(options.get(cond.strip())): + evaluatesTrue = True + break + + if evaluatesTrue: + continue + else: + # skips lines until we come to an else or the end of the block + depth = 0 + + while depth != -1: + line = templateIter.next().strip() + + if line.startswith("[IF ") and line.endswith("]"): depth += 1 + elif line == "[END IF]": depth -= 1 + elif depth == 0 and line == "[ELSE]": depth -= 1 + elif line == "[ELSE]": + # an else block we aren't using - skip to the end of it + depth = 0 + + while depth != -1: + line = templateIter.next().strip() + + if line.startswith("[IF "): depth += 1 + elif line == "[END IF]": depth -= 1 + elif line == "[NEWLINE]": + # explicit newline + results.append("") + elif line.startswith("#"): + # comment only + results.append(line) + elif line.startswith("[") and line.endswith("]"): + # completely dynamic entry + optValue = options.get(line[1:-1]) + if optValue: results.append(optValue) + else: + # torrc option line + option, arg, comment = "", "", "" + parsedLine = line + + if "#" in parsedLine: + parsedLine, comment = parsedLine.split("#", 1) + parsedLine = parsedLine.strip() + comment = "# %s" % comment.strip() + + # parses the argument from the option + if " " in parsedLine: + option, arg = parsedLine.split(" ", 1) + option = option.strip() + else: + log.log(log.INFO, "torrc template option lacks an argument: '%s'" % line) + continue + + # inputs dynamic arguments + if arg.startswith("[") and arg.endswith("]"): + arg = options.get(arg[1:-1]) + + # skips argument if it's false or an empty string + if not arg: continue + + torrcEntry = "%s %s" % (option, arg) + if comment: results.append(commentLineFormat % (torrcEntry + " ", comment)) + else: results.append(torrcEntry) + except StopIteration: pass + + return "\n".join(results) +

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.2'
by nickm＠torproject.org 05 Jul '11

05 Jul '11

commit 7295ad18d5c7ca67f6eee6d71823fc071103b795 Merge: 0be2934 335ff91 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jul 5 16:01:12 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.2'

1 0

[tor/master] Correct a comment
by nickm＠torproject.org 05 Jul '11

05 Jul '11

commit 53f87a89f00d075bdc81c2c468e844f3132ef953 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Fri Jun 24 15:12:45 2011 -0700 Correct a comment --- src/or/circuitlist.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 8534c38..e9cc9eb 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -866,7 +866,7 @@ circuit_unlink_all_from_or_conn(or_connection_t *conn, int reason) } /** Return a circ such that: - * - circ-\>rend_data-\>query is equal to rend_query, and + * - circ-\>rend_data-\>onion_address is equal to rend_query, and * - circ-\>purpose is equal to purpose. * * Return NULL if no such circuit exists.

1 0

[tor/master] Fix minor comment issues
by nickm＠torproject.org 05 Jul '11

05 Jul '11

commit cb1b20dbad2ee346a814b30d5dc72a3dc93069e5 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Jun 23 15:10:11 2011 -0700 Fix minor comment issues --- src/or/circuitbuild.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 6d7e711..1140f33 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1501,7 +1501,7 @@ get_unique_circ_id_by_conn(or_connection_t *conn) } /** If verbose is false, allocate and return a comma-separated list of - * the currently built elements of circuit_t. If verbose is true, also + * the currently built elements of circ. If verbose is true, also * list information about link status in a more verbose format using spaces. * If verbose_names is false, give nicknames for Named routers and hex * digests for others; if verbose_names is true, use $DIGEST=Name style @@ -1590,7 +1590,7 @@ circuit_list_path_impl(origin_circuit_t *circ, int verbose, int verbose_names) } /** If verbose is false, allocate and return a comma-separated - * list of the currently built elements of circuit_t. If + * list of the currently built elements of circ. If * verbose is true, also list information about link status in * a more verbose format using spaces. */ @@ -1601,7 +1601,7 @@ circuit_list_path(origin_circuit_t *circ, int verbose) } /** Allocate and return a comma-separated list of the currently built elements - * of circuit_t, giving each as a verbose nickname. + * of circ, giving each as a verbose nickname. */ char * circuit_list_path_for_controller(origin_circuit_t *circ) @@ -1610,7 +1610,7 @@ circuit_list_path_for_controller(origin_circuit_t *circ) } /** Log, at severity severity, the nicknames of each router in - * circ's cpath. Also log the length of the cpath, and the intended + * circ's cpath. Also log the length of the cpath, and the intended * exit point. */ void @@ -1622,7 +1622,7 @@ circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ) } /** Tell the rep(utation)hist(ory) module about the status of the links - * in circ. Hops that have become OPEN are marked as successfully + * in circ. Hops that have become OPEN are marked as successfully * extended; the _first_ hop that isn't open (if any) is marked as * unable to extend. */

1 0