October 2013 - tor-commits - lists.torproject.org

[check/master] Only use descriptors from the past hour.
by arlo＠torproject.org 25 Oct '13

25 Oct '13

commit 2dfc37bcf51f1fbf634b768c873b9d1709f2230b Author: Arlo Breault <arlolra(a)gmail.com> Date: Fri Oct 25 16:30:40 2013 -0700 Only use descriptors from the past hour. Avoid repeats. --- Makefile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 46a1f29..27cfa5a 100644 --- a/Makefile +++ b/Makefile @@ -36,11 +36,7 @@ data/exit-policies: data/consensus data/exit-addresses data/cached-descriptors data/cached-descriptors: descriptors @echo "Concatenating data/descriptors/* into data/cached-descriptors" @rm -f data/cached-descriptors - @touch data/cached-descriptors - @for f in 0 1 2 3 4 5 6 7 8 9 a b c d e f; \ - do \ - cat data/descriptors/$$f* >> data/cached-descriptors; \ - done + find data/descriptors -type f -mmin -60 | xargs cat > data/cached-descriptors @echo "Done" descriptors: data/descriptors/

1 0

[tor/master] clarify that DisableNetwork closes connections too
by arma＠torproject.org 25 Oct '13

25 Oct '13

commit 49278cd68a0d84727ae1131e677bc3481b3e2fc7 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Oct 25 16:56:20 2013 -0400 clarify that DisableNetwork closes connections too --- doc/tor.1.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 215ea0c..ac33c59 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -211,7 +211,8 @@ GENERAL OPTIONS [[DisableNetwork]] **DisableNetwork** **0**|**1**:: When this option is set, we don't listen for or accept any connections - other than controller connections, and we don't make any outbound + other than controller connections, and we close (and don't reattempt) + any outbound connections. Controllers sometimes use this option to avoid using the network until Tor is fully configured. (Default: 0)

1 0

[torspec/master] Rename DUMP->DROP, add a warning
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit 7c6c7fc63264c57240e42ca2040dfc5b9fd82fed Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 25 12:45:02 2013 -0400 Rename DUMP->DROP, add a warning --- control-spec.txt | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/control-spec.txt b/control-spec.txt index 2826876..beb6593 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -1150,16 +1150,17 @@ [AUTHCHALLENGE was added in Tor FIXME.] -3.25. DUMPGUARDS +3.25. DROPGUARDS The syntax is: - "DUMPGUARDS" CRLF + "DROPGUARDS" CRLF - Tells the server to drop all guard nodes. + Tells the server to drop all guard nodes. Do not invoke this command + lightly; it can increase vulnerability to tracking attacks over time. Tor replies with "250 OK" on success. - [DUMPGUARDS was added in Tor FIXME.] + [DROPGUARDS was added in Tor 0.2.5.1-alpha.] 4. Replies

1 0

[tor/master] DROPGUARDS controller command
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit 71bd10097677cd035bd97a6c36b85d07fdbafb62 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Oct 21 13:02:25 2013 -0400 DROPGUARDS controller command Implements ticket 9934; patch from "ra" --- changes/bug9934 | 4 ++++ src/or/control.c | 27 +++++++++++++++++++++++++++ src/or/entrynodes.c | 19 +++++++++++++++++++ src/or/entrynodes.h | 2 ++ 4 files changed, 52 insertions(+) diff --git a/changes/bug9934 b/changes/bug9934 new file mode 100644 index 0000000..2a636db --- /dev/null +++ b/changes/bug9934 @@ -0,0 +1,4 @@ + o Minor features (controller): + - New DROPGUARDS command to forget all current entry guards. Not + recommended for ordinary use, since replacing guards too frequently + makes several attacks easier. Resolves ticket #9934; patch from "ra". diff --git a/src/or/control.c b/src/or/control.c index e97c18d..65c543a 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -3141,6 +3141,30 @@ handle_control_usefeature(control_connection_t *conn, return 0; } +/** Implementation for the DROPGUARDS command. */ +static int +handle_control_dropguards(control_connection_t *conn, + uint32_t len, + const char *body) +{ + smartlist_t *args; + (void) len; /* body is nul-terminated; it's safe to ignore the length */ + args = smartlist_new(); + smartlist_split_string(args, body, " ", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); + + if (smartlist_len(args)) { + connection_printf_to_buf(conn, "512 Too many arguments to DROPGUARDS\r\n"); + } else { + remove_all_entry_guards(); + send_control_done(conn); + } + + SMARTLIST_FOREACH(args, char *, cp, tor_free(cp)); + smartlist_free(args); + return 0; +} + /** Called when <b>conn</b> has no more bytes left on its outbuf. */ int connection_control_finished_flushing(control_connection_t *conn) @@ -3440,6 +3464,9 @@ connection_control_process_inbuf(control_connection_t *conn) } else if (!strcasecmp(conn->incoming_cmd, "AUTHCHALLENGE")) { if (handle_control_authchallenge(conn, cmd_data_len, args)) return -1; + } else if (!strcasecmp(conn->incoming_cmd, "DROPGUARDS")) { + if (handle_control_dropguards(conn, cmd_data_len, args)) + return -1; } else { connection_printf_to_buf(conn, "510 Unrecognized command \"%s\"\r\n", conn->incoming_cmd); diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index b97b2ea..59cc9a3 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -598,6 +598,25 @@ remove_dead_entry_guards(time_t now) return changed ? 1 : 0; } +/** Remove all currently listed entry guards. So new ones will be chosen. */ +void +remove_all_entry_guards(void) +{ + char dbuf[HEX_DIGEST_LEN+1]; + + while (smartlist_len(entry_guards)) { + entry_guard_t *entry = smartlist_get(entry_guards, 0); + base16_encode(dbuf, sizeof(dbuf), entry->identity, DIGEST_LEN); + log_info(LD_CIRC, "Entry guard '%s' (%s) has been dropped.", + entry->nickname, dbuf); + control_event_guard(entry->nickname, entry->identity, "DROPPED"); + entry_guard_free(entry); + smartlist_del(entry_guards, 0); + } + log_entry_guards(LOG_INFO); + entry_guards_changed(); +} + /** A new directory or router-status has arrived; update the down/listed * status of the entry guards. * diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 533f202..1f8cff7 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -77,6 +77,8 @@ int num_live_entry_guards(int for_directory); #endif +void remove_all_entry_guards(void); + void entry_guards_compute_status(const or_options_t *options, time_t now); int entry_guard_register_connect_status(const char *digest, int succeeded, int mark_relay_status, time_t now);

1 0

[tor/master] Merge remote-tracking branch 'public/bug9934_nm'
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit 7578606a2265466bc4546f0d08b9dbdf427e7c1c Merge: c95cc08 71bd100 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 25 12:15:31 2013 -0400 Merge remote-tracking branch 'public/bug9934_nm' changes/bug9934 | 4 ++++ src/or/control.c | 27 +++++++++++++++++++++++++++ src/or/entrynodes.c | 19 +++++++++++++++++++ src/or/entrynodes.h | 2 ++ 4 files changed, 52 insertions(+)

1 0

[torspec/master] add DUMPGUARDS command
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit 59048c31207d232307c197e17c7b1794b7280305 Author: r.a(a)posteo.net <r.a(a)posteo.net> Date: Wed Oct 9 00:55:12 2013 +0200 add DUMPGUARDS command --- control-spec.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/control-spec.txt b/control-spec.txt index 06b97d0..2826876 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -1150,6 +1150,17 @@ [AUTHCHALLENGE was added in Tor FIXME.] +3.25. DUMPGUARDS + + The syntax is: + "DUMPGUARDS" CRLF + + Tells the server to drop all guard nodes. + + Tor replies with "250 OK" on success. + + [DUMPGUARDS was added in Tor FIXME.] + 4. Replies Reply codes follow the same 3-character format as used by SMTP, with the

1 0

[tor/master] No longer writing control ports to file if updating reversible options fail. Fixes #5605.
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit b336e8c74ef996045694ec9c60054729def721c4 Author: Kevin Butler <haqkrs(a)gmail.com> Date: Mon Sep 2 19:25:08 2013 +0100 No longer writing control ports to file if updating reversible options fail. Fixes #5605. --- changes/bug5605 | 2 ++ src/or/config.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/changes/bug5605 b/changes/bug5605 new file mode 100644 index 0000000..ae66a6e --- /dev/null +++ b/changes/bug5605 @@ -0,0 +1,2 @@ +o Minor Bugfixes: + - No longer writing control ports to file if updating reversible options fail. Fixes #5605. \ No newline at end of file diff --git a/src/or/config.c b/src/or/config.c index 657bc60..cb3dc57 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1115,9 +1115,6 @@ options_act_reversible(const or_options_t *old_options, char **msg) /* No need to roll back, since you can't change the value. */ } - /* Write control ports to disk as appropriate */ - control_ports_write_to_file(); - if (directory_caches_v2_dir_info(options)) { char *fn = NULL; tor_asprintf(&fn, "%s"PATH_SEPARATOR"cached-status", @@ -1315,6 +1312,9 @@ options_act(const or_options_t *old_options) } } + /* Write control ports to disk as appropriate */ + control_ports_write_to_file(); + if (running_tor && !have_lockfile()) { if (try_locking(options, 1) < 0) return -1;

1 0

[tor/master] Merge remote-tracking branch 'Ryman/bug5605'
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit f249074e419a7f7fe6d0943516cc5d53a88ed435 Merge: 4b8282e b336e8c Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 25 12:03:42 2013 -0400 Merge remote-tracking branch 'Ryman/bug5605' changes/bug5605 | 2 ++ src/or/config.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-)

1 0

[tor/master] Tweak 5605 changes file
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit c95cc088c1188cfd887b849af1e2eb45131fd68e Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 25 12:07:15 2013 -0400 Tweak 5605 changes file --- changes/bug5605 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/changes/bug5605 b/changes/bug5605 index ae66a6e..2144d96 100644 --- a/changes/bug5605 +++ b/changes/bug5605 @@ -1,2 +1,5 @@ o Minor Bugfixes: - - No longer writing control ports to file if updating reversible options fail. Fixes #5605. \ No newline at end of file + - No longer writing control ports to file if updating reversible + options fail. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from + Ryman. +

1 0

[tor/master] Log the origin address of controller connections
by nickm＠torproject.org 25 Oct '13

25 Oct '13

commit 4b8282e50cce1c63afbf7f501de1312a6f283387 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Oct 25 11:52:02 2013 -0400 Log the origin address of controller connections Resolves 9698; patch from "sigpipe". --- changes/bug9698 | 3 +++ src/or/connection.c | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/changes/bug9698 b/changes/bug9698 new file mode 100644 index 0000000..ee5c4f6 --- /dev/null +++ b/changes/bug9698 @@ -0,0 +1,3 @@ + o Minor features: + - When receiving a new controller connection, log the origin address. + Resolves ticket 9698; patch from "sigpipe". diff --git a/src/or/connection.c b/src/or/connection.c index 8cf23ab..648fa32 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -334,7 +334,6 @@ control_connection_new(int socket_family) tor_malloc_zero(sizeof(control_connection_t)); connection_init(time(NULL), TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family); - log_notice(LD_CONTROL, "New control connection opened."); return control_conn; } @@ -1377,11 +1376,17 @@ connection_handle_listener_read(connection_t *conn, int new_type) TO_ENTRY_CONN(newconn)->socks_request->socks_prefer_no_auth = TO_LISTENER_CONN(conn)->socks_prefer_no_auth; } + if (new_type == CONN_TYPE_CONTROL) { + log_notice(LD_CONTROL, "New control connection opened from %s.", + fmt_and_decorate_addr(&addr)); + } } else if (conn->socket_family == AF_UNIX) { /* For now only control ports can be Unix domain sockets * and listeners at the same time */ tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER); + tor_assert(new_type == CONN_TYPE_CONTROL); + log_notice(LD_CONTROL, "New control connection opened."); newconn = connection_new(new_type, conn->socket_family); newconn->s = news;

1 0