tor-commits January 2017

tor-commits@lists.torproject.org

22 participants
1796 discussions

[onionoo/master] Prepare for 3.2-1.1.0 release.
by karsten＠torproject.org 27 Jan '17

27 Jan '17

commit 7326b6cfacb4cd5551806ecdfffdcf4361d58a32 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Fri Jan 27 10:16:59 2017 +0100 Prepare for 3.2-1.1.0 release. --- CERT | 35 +++++++++++++++++++---------------- CHANGELOG.md | 2 +- build.xml | 2 +- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/CERT b/CERT index eaeef50..6cc5a93 100644 --- a/CERT +++ b/CERT @@ -1,18 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDbTCCAlWgAwIBAgIEca8MxDANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJVUzELMAkGA1UE -CBMCTUExEjAQBgNVBAcTCUNhbWJyaWRnZTEdMBsGA1UEChMUVGhlIFRvciBQcm9qZWN0LCBJbmMx -GDAWBgNVBAMTD0thcnN0ZW4gTG9lc2luZzAeFw0xNjA1MzExODIwMjlaFw0xNjA4MjkxODIwMjla -MGcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTESMBAGA1UEBxMJQ2FtYnJpZGdlMR0wGwYDVQQK -ExRUaGUgVG9yIFByb2plY3QsIEluYzEYMBYGA1UEAxMPS2Fyc3RlbiBMb2VzaW5nMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJCqHFgEhyj8AI4w93YcyZEkKwn2Jw5t7bYcaLieP0wa -Ai2xrRFROo0eofjIllPlYTFtj9jLAZf+MQ1/Sdv7SLdlpasBCS0deTGlxuMzyMP9ztkkkAeibc+F -IXYPJArwGJiycnd+obW8b8KNrJQsnb0Se5Fdgo/PSu1rqMh/Mylv9vLqUzB4hbN4bg5+7THlTAOK -egYyR0NEPDzi327MAvzzle27kXV9yOCQr01zXW9NeWYed6JMXCZwaMN6nTVEFiwTfAyATfPncarf -gZ1kyAkQ6/Sw2bGMv8jHqB63Ka0/6GXHRbFgCeWU+c/1sfEMBD3ZurEjwSjWGl73E4GBswIDAQAB -oyEwHzAdBgNVHQ4EFgQUJbu6UT97IU4utjyc4zYUrLIgzvQwDQYJKoZIhvcNAQELBQADggEBAHOF -jMP0rNa+cKy8beEpU0VRZ1RNLb70BoFjXZvzgv92MGnojg509fYO3PgzXUZv5v50VenexZjeZ9to -iiqw5zDelg1maVSZwKrQVgFIwXnP4+okIcPMtFjSNiF9VyhRd8OE3U/kpIBdecMVIEhCIKOaF/nq -uBwilXAK7VwYN7hQgKbIODoX9Y3dr9QDvrILkFDEmOudmDRo+RePAKJum+/E0RuUYjOeXpFmzXOf -5LJ/Y4hMKuLfuxoWasHOV0IRx///CNgF1L287TCyjrYUbEjWwMtFQc0NRjedhcWUzwXLpbk2unxM -j6ElkADaczDG20ZGSgrFfU4MYb1RFeQu6yk= +MIIDaTCCAlGgAwIBAgIEYQnM/zANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJV +UzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxHTAbBgNVBAoTFFRoZSBU +b3IgUHJvamVjdCwgSW5jMRgwFgYDVQQDEw9LYXJzdGVuIExvZXNpbmcwHhcNMTcw +MTAyMTYzNTQ2WhcNMTcwNDAyMTYzNTQ2WjBlMQswCQYDVQQGEwJVUzELMAkGA1UE +CBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxHTAbBgNVBAoTFFRoZSBUb3IgUHJvamVj +dCwgSW5jMRgwFgYDVQQDEw9LYXJzdGVuIExvZXNpbmcwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQChXn+IUp+o6G+k4ffxk3TkxZb3iXfiG7byNsG63olU +6aTpAjDMeaT4ctUwxH4+56Sbcf/wB0vEFBbX8MyRd1eY02PKwMVJ6VBhjOQcIlrd +Qw+VAhKTcEIv4yiR0BWapQyR07pgmKirYVjN6s6ef8NJzUptpxLlaYJ3ZfQfc4aE +MXzScgaccwDFIWQ661lzLGCfeSxxa3Xy4wWsGwzNzLITYrrABcbg7yogLo2btNvD +oEwGL3/baQdhl0dra6biVCZr9ydn3Hg57S55pUU0rBY25id78zUO8xrfNHw54wwX +lOblGt75OOkahP/ZZSBxxoiknJ6y5VQV8y+noA4vigXFAgMBAAGjITAfMB0GA1Ud +DgQWBBSeh60M+/wMYyYhlxtuff2Hk9n7bzANBgkqhkiG9w0BAQsFAAOCAQEAi2K5 +o3UnRBLdk9zkBEDbqPWxq8eiiIacbSoorspVlv4vqNO2UsTLc2sA4zZpY1L7Mkc6 +y7pcd1jFc6e9Wzt0agoIU9i3pyqkUx11ktE8a8CiVjDOns05GHe1DsLYcSLG8aJR +2pNEFjZEndHTXGRKwxtTmHimsIIWiy8tYFkC7SkBQj+BnXBqzCbJPhRDpMdhyJmQ +CLUhTTgU30G32x3vOhddWHAH8UDsXNlBASQOFs+A/1Mx5DI5AXLtwjp/rweTWoBk +11SfkVS/mfMZNRGOA9DEfoRYHPT0Rn4URAQrBr73CKQaVVYyeuDOoEs69KRH2JSO +IRcgAfpjtg8cry/eiw== -----END CERTIFICATE----- diff --git a/CHANGELOG.md b/CHANGELOG.md index c7ef2da..bd30ca0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -# Changes in version 3.2-1.x.x - 2017-xx-xx +# Changes in version 3.2-1.1.0 - 2017-01-27 * Major changes - Fix a bug where we'd believe that we have first seen a bridge on diff --git a/build.xml b/build.xml index 5bfea72..323e776 100644 --- a/build.xml +++ b/build.xml @@ -10,7 +10,7 @@ <property name="implementation-title" value="Onionoo" /> <property name="onionoo.protocol.version" value="3.2"/> <property name="release.version" - value="${onionoo.protocol.version}-1.0.0-dev"/> + value="${onionoo.protocol.version}-1.1.0"/> <property name="descriptorversion" value="1.5.0"/> <property name="jetty.version" value="-8.1.16.v20140903" /> <property name="warfile"

1 0

[onionoo/master] Schedule next major version.
by karsten＠torproject.org 27 Jan '17

27 Jan '17

commit e9cc30cdbff2744120ea3a7ff10ee18ceb25399c Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Fri Jan 27 10:11:19 2017 +0100 Schedule next major version. --- src/main/java/org/torproject/onionoo/server/ResponseBuilder.java | 2 +- src/main/resources/web/protocol.html | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/torproject/onionoo/server/ResponseBuilder.java b/src/main/java/org/torproject/onionoo/server/ResponseBuilder.java index cd11645..e07868a 100644 --- a/src/main/java/org/torproject/onionoo/server/ResponseBuilder.java +++ b/src/main/java/org/torproject/onionoo/server/ResponseBuilder.java @@ -104,7 +104,7 @@ public class ResponseBuilder { private static final String PROTOCOL_VERSION = "3.2"; - private static final String NEXT_MAJOR_VERSION_SCHEDULED = null; + private static final String NEXT_MAJOR_VERSION_SCHEDULED = "2017-02-27"; private void writeRelays(List<SummaryDocument> relays, PrintWriter pw) { this.write(pw, "{\"version\":\"%s\",\n", PROTOCOL_VERSION); diff --git a/src/main/resources/web/protocol.html b/src/main/resources/web/protocol.html index adcdac4..3ff31cd 100644 --- a/src/main/resources/web/protocol.html +++ b/src/main/resources/web/protocol.html @@ -191,6 +191,10 @@ characters of a space-separated fingerprint on November 15, 2015.</li> <li><strong>3.2</strong>: Extended order parameter to "first_seen" and added response meta data fields "relays_skipped", "relays_truncated", "bridges_skipped", and "bridges_truncated" on January 27, 2017.</li> +<li><strong>4.0</strong>: (scheduled, but not deployed yet!): Extend +search parameter to not require leading or enclosing square brackets +around IPv6 addresses anymore, to be deployed by February 27, +2017.</li> </ul> </div>

1 0

[tor/master] Outbindbindaddress variants for Exit and OR.
by nickm＠torproject.org 27 Jan '17

27 Jan '17

commit 81c78ec7556b4071b4eb1f60c4867d6ba8cf4685 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jan 27 08:05:29 2017 -0500 Outbindbindaddress variants for Exit and OR. Allow separation of exit and relay traffic to different source IP addresses (Ticket #17975). Written by Michael Sonntag. --- changes/change_separate_exit_and_relay.txt | 2 + doc/tor.1.txt | 14 ++++ src/config/torrc.sample.in | 7 +- src/or/config.c | 108 ++++++++++++++++++----------- src/or/connection.c | 60 ++++++++++++---- src/or/or.h | 18 +++-- src/or/policies.c | 28 ++++---- src/test/test_policy.c | 8 ++- 8 files changed, 171 insertions(+), 74 deletions(-) diff --git a/changes/change_separate_exit_and_relay.txt b/changes/change_separate_exit_and_relay.txt new file mode 100644 index 0000000..28db1d2 --- /dev/null +++ b/changes/change_separate_exit_and_relay.txt @@ -0,0 +1,2 @@ +- Minor features: + - Allow separation of exit and relay traffic to different source IP addresses (Ticket #17975). Written by Michael Sonntag. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index da2a61f..de2e2b4 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -640,6 +640,20 @@ GENERAL OPTIONS This setting will be ignored for connections to the loopback addresses (127.0.0.0/8 and ::1). +[[OutboundBindAddressOR]] **OutboundBindAddressOR** __IP__:: + Make all outbound non-exit (=relay and other) connections originate from the IP + address specified. This option overrides **OutboundBindAddress** for the same + IP version. This option may be used twice, once with an IPv4 address and once + with an IPv6 address. This setting will be ignored for connections to the + loopback addresses (127.0.0.0/8 and ::1). + +[[OutboundBindAddressExit]] **OutboundBindAddressExit** __IP__:: + Make all outbound exit connections originate from the IP address specified. This + option overrides **OutboundBindAddress** for the same IP version. This option + may be used twice, once with an IPv4 address and once with an IPv6 address. This + setting will be ignored for connections to the loopback addresses (127.0.0.0/8 + and ::1). + [[PidFile]] **PidFile** __FILE__:: On startup, write our PID to FILE. On clean shutdown, remove FILE. Can not be changed while tor is running. diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in index 5328206..3777744 100644 --- a/src/config/torrc.sample.in +++ b/src/config/torrc.sample.in @@ -95,7 +95,12 @@ ## If you have multiple network interfaces, you can specify one for ## outgoing traffic to use. -# OutboundBindAddress 10.0.0.5 +## OutboundBindAddressExit will be used for all exit traffic, while +## OutboundBindAddressOR will be used for all other connections. +## If you do not wish to differentiate, use OutboundBindAddress to +## specify the same address for both in a single line. +#OutboundBindAddressExit 10.0.0.4 +#OutboundBindAddressOR 10.0.0.5 ## A handle for your relay, so people don't have to refer to it by key. ## Nicknames must be between 1 and 19 characters inclusive, and must diff --git a/src/or/config.c b/src/or/config.c index e5078ad..40a6573 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -411,6 +411,8 @@ static config_var_t option_vars_[] = { V(ORListenAddress, LINELIST, NULL), VPORT(ORPort), V(OutboundBindAddress, LINELIST, NULL), + V(OutboundBindAddressOR, LINELIST, NULL), + V(OutboundBindAddressExit, LINELIST, NULL), OBSOLETE("PathBiasDisableRate"), V(PathBiasCircThreshold, INT, "-1"), @@ -7917,60 +7919,84 @@ getinfo_helper_config(control_connection_t *conn, return 0; } -/** Parse outbound bind address option lines. If <b>validate_only</b> - * is not 0 update OutboundBindAddressIPv4_ and - * OutboundBindAddressIPv6_ in <b>options</b>. On failure, set - * <b>msg</b> (if provided) to a newly allocated string containing a - * description of the problem and return -1. */ +/* Check whether an address has already been set against the options + * depending on address family and destination type. Any exsting + * value will lead to a fail, even if it is the same value. If not + * set and not only validating, copy it into this location too. + * Returns 0 on success or -1 if this address is already set. + */ static int -parse_outbound_addresses(or_options_t *options, int validate_only, char **msg) +verify_and_store_outbound_address(sa_family_t family, tor_addr_t *addr, + outbound_addr_t type, or_options_t *options, int validate_only) { - const config_line_t *lines = options->OutboundBindAddress; - int found_v4 = 0, found_v6 = 0; - + if (type<0 || type>=OUTBOUND_ADDR_MAX + || (family!=AF_INET && family!=AF_INET6)) { + return -1; + } + int fam_index=0; + if (family==AF_INET6) { + fam_index=1; + } + tor_addr_t *dest=&options->OutboundBindAddresses[type][fam_index]; + if (!tor_addr_is_null(dest)) { + return -1; + } if (!validate_only) { - memset(&options->OutboundBindAddressIPv4_, 0, - sizeof(options->OutboundBindAddressIPv4_)); - memset(&options->OutboundBindAddressIPv6_, 0, - sizeof(options->OutboundBindAddressIPv6_)); + tor_addr_copy(dest, addr); } + return 0; +} + +/* Parse a list of address lines for a specific destination type. + * Will store them into the options if not validate_only. If a + * problem occurs, a suitable error message is store in msg. + * Returns 0 on success or -1 if any address is already set. + */ +static int +parse_outbound_address_lines(const config_line_t *lines, outbound_addr_t type, + or_options_t *options, int validate_only, char **msg) +{ + tor_addr_t addr; + sa_family_t family; while (lines) { - tor_addr_t addr, *dst_addr = NULL; - int af = tor_addr_parse(&addr, lines->value); - switch (af) { - case AF_INET: - if (found_v4) { - if (msg) - tor_asprintf(msg, "Multiple IPv4 outbound bind addresses " - "configured: %s", lines->value); - return -1; - } - found_v4 = 1; - dst_addr = &options->OutboundBindAddressIPv4_; - break; - case AF_INET6: - if (found_v6) { - if (msg) - tor_asprintf(msg, "Multiple IPv6 outbound bind addresses " - "configured: %s", lines->value); - return -1; - } - found_v6 = 1; - dst_addr = &options->OutboundBindAddressIPv6_; - break; - default: + family = tor_addr_parse(&addr, lines->value); + if (verify_and_store_outbound_address(family, &addr, type, + options, validate_only)) { if (msg) - tor_asprintf(msg, "Outbound bind address '%s' didn't parse.", - lines->value); + tor_asprintf(msg, "Multiple%s%s outbound bind addresses " + "configured: %s", + family==AF_INET?" IPv4":(family==AF_INET6?" IPv6":""), + type==OUTBOUND_ADDR_OR?" OR": + (type==OUTBOUND_ADDR_EXIT?" exit":""), lines->value); return -1; } - if (!validate_only) - tor_addr_copy(dst_addr, &addr); lines = lines->next; } return 0; } +/** Parse outbound bind address option lines. If <b>validate_only</b> + * is not 0 update OutboundBindAddresses in <b>options</b>. + * Only one address can be set for any of these values. + * On failure, set <b>msg</b> (if provided) to a newly allocated string + * containing a description of the problem and return -1. + */ +static int +parse_outbound_addresses(or_options_t *options, int validate_only, char **msg) +{ + if (!validate_only) { + memset(&options->OutboundBindAddresses, 0, + sizeof(options->OutboundBindAddresses)); + } + parse_outbound_address_lines(options->OutboundBindAddress, + OUTBOUND_ADDR_EXIT_AND_OR, options, validate_only, msg); + parse_outbound_address_lines(options->OutboundBindAddressOR, + OUTBOUND_ADDR_OR, options, validate_only, msg); + parse_outbound_address_lines(options->OutboundBindAddressExit, + OUTBOUND_ADDR_EXIT, options, validate_only, msg); + return 0; +} + /** Load one of the geoip files, <a>family</a> determining which * one. <a>default_fname</a> is used if on Windows and * <a>fname</a> equals "<default>". */ diff --git a/src/or/connection.c b/src/or/connection.c index 7e0ee45..4421534 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -134,6 +134,8 @@ static int connection_read_https_proxy_response(connection_t *conn); static void connection_send_socks5_connect(connection_t *conn); static const char *proxy_type_to_string(int proxy_type); static int get_proxy_type(void); +const tor_addr_t *conn_get_outbound_address(sa_family_t family, + const or_options_t *options, unsigned int conn_type); /** The last addresses that our network interface seemed to have been * binding to. We use this as one way to detect when our IP changes. @@ -1771,7 +1773,7 @@ connection_connect_sockaddr,(connection_t *conn, /* * We've got the socket open; give the OOS handler a chance to check - * against configuured maximum socket number, but tell it no exhaustion + * against configured maximum socket number, but tell it no exhaustion * failure. */ connection_check_oos(get_n_open_sockets(), 0); @@ -1890,6 +1892,47 @@ connection_connect_log_client_use_ip_version(const connection_t *conn) } } +/** Retrieve the outbound address depending on the protocol (IPv4 or IPv6) + * and the connection type (relay, exit, ...) + * Return a socket address or NULL in case nothing is configured. + **/ +const tor_addr_t * +conn_get_outbound_address(sa_family_t family, + const or_options_t *options, unsigned int conn_type) +{ + const tor_addr_t *ext_addr = NULL; + + int fam_index=0; + if (family==AF_INET6) { + fam_index=1; + } + // If an exit connection, use the exit address (if present) + if (conn_type == CONN_TYPE_EXIT) { + if (!tor_addr_is_null( + &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) { + ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT] + [fam_index]; + } else if (!tor_addr_is_null( + &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR] + [fam_index])) { + ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR] + [fam_index]; + } + } else { // All non-exit connections + if (!tor_addr_is_null( + &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) { + ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR] + [fam_index]; + } else if (!tor_addr_is_null( + &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR] + [fam_index])) { + ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR] + [fam_index]; + } + } + return ext_addr; +} + /** Take conn, make a nonblocking socket; try to connect to * addr:port (port arrives in *host order*). If fail, return -1 and if * applicable put your best guess about errno into *<b>socket_error</b>. @@ -1911,26 +1954,15 @@ connection_connect(connection_t *conn, const char *address, struct sockaddr *bind_addr = NULL; struct sockaddr *dest_addr; int dest_addr_len, bind_addr_len = 0; - const or_options_t *options = get_options(); - int protocol_family; /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort */ connection_connect_log_client_use_ip_version(conn); - if (tor_addr_family(addr) == AF_INET6) - protocol_family = PF_INET6; - else - protocol_family = PF_INET; - if (!tor_addr_is_loopback(addr)) { const tor_addr_t *ext_addr = NULL; - if (protocol_family == AF_INET && - !tor_addr_is_null(&options->OutboundBindAddressIPv4_)) - ext_addr = &options->OutboundBindAddressIPv4_; - else if (protocol_family == AF_INET6 && - !tor_addr_is_null(&options->OutboundBindAddressIPv6_)) - ext_addr = &options->OutboundBindAddressIPv6_; + ext_addr = conn_get_outbound_address(tor_addr_family(addr), get_options(), + conn->type); if (ext_addr) { memset(&bind_addr_ss, 0, sizeof(bind_addr_ss)); bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0, diff --git a/src/or/or.h b/src/or/or.h index 80ce704..18fff78 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3545,6 +3545,12 @@ typedef struct routerset_t routerset_t; * to pick its own port. */ #define CFG_AUTO_PORT 0xc4005e +/** Enumeration of outbound address configuration types: + * Exit-only, OR-only, or both */ +typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, + OUTBOUND_ADDR_EXIT_AND_OR, + OUTBOUND_ADDR_MAX} outbound_addr_t; + /** Configuration options for a Tor process. */ typedef struct { uint32_t magic_; @@ -3628,10 +3634,14 @@ typedef struct { config_line_t *ControlListenAddress; /** Local address to bind outbound sockets */ config_line_t *OutboundBindAddress; - /** IPv4 address derived from OutboundBindAddress. */ - tor_addr_t OutboundBindAddressIPv4_; - /** IPv6 address derived from OutboundBindAddress. */ - tor_addr_t OutboundBindAddressIPv6_; + /** Local address to bind outbound relay sockets */ + config_line_t *OutboundBindAddressOR; + /** Local address to bind outbound exit sockets */ + config_line_t *OutboundBindAddressExit; + /** Addresses derived from the various OutboundBindAddress lines. + * [][0] is IPv4, [][1] is IPv6 + */ + tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]; /** Directory server only: which versions of * Tor should we tell users to run? */ config_line_t *RecommendedVersions; diff --git a/src/or/policies.c b/src/or/policies.c index 84600f7..aea1b11 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -2019,10 +2019,10 @@ policies_copy_ipv4h_to_smartlist(smartlist_t *addr_list, uint32_t ipv4h_addr) } } -/** Helper function that adds copies of - * or_options->OutboundBindAddressIPv[4|6]_ to a smartlist as tor_addr_t *, as - * long as or_options is non-NULL, and the addresses are not - * tor_addr_is_null(), by passing them to policies_add_addr_to_smartlist. +/** Helper function that adds copies of or_options->OutboundBindAddresses + * to a smartlist as tor_addr_t *, as long as or_options is non-NULL, and + * the addresses are not tor_addr_is_null(), by passing them to + * policies_add_addr_to_smartlist. * * The caller is responsible for freeing all the tor_addr_t* in the smartlist. */ @@ -2031,10 +2031,14 @@ policies_copy_outbound_addresses_to_smartlist(smartlist_t *addr_list, const or_options_t *or_options) { if (or_options) { - policies_copy_addr_to_smartlist(addr_list, - &or_options->OutboundBindAddressIPv4_); - policies_copy_addr_to_smartlist(addr_list, - &or_options->OutboundBindAddressIPv6_); + for (int i=0;i<OUTBOUND_ADDR_MAX;i++) { + for (int j=0;j<2;j++) { + if (!tor_addr_is_null(&or_options->OutboundBindAddresses[i][j])) { + policies_copy_addr_to_smartlist(addr_list, + &or_options->OutboundBindAddresses[i][j]); + } + } + } } } @@ -2051,10 +2055,10 @@ policies_copy_outbound_addresses_to_smartlist(smartlist_t *addr_list, * - if ipv6_local_address is non-NULL, and not the null tor_addr_t, add it * to the list of configured addresses. * If <b>or_options->ExitPolicyRejectLocalInterfaces</b> is true: - * - if or_options->OutboundBindAddressIPv4_ is not the null tor_addr_t, add - * it to the list of configured addresses. - * - if or_options->OutboundBindAddressIPv6_ is not the null tor_addr_t, add - * it to the list of configured addresses. + * - if or_options->OutboundBindAddresses[][0] (=IPv4) is not the null + * tor_addr_t, add it to the list of configured addresses. + * - if or_options->OutboundBindAddresses[][1] (=IPv6) is not the null + * tor_addr_t, add it to the list of configured addresses. * * If <b>or_options->BridgeRelay</b> is false, append entries of default * Tor exit policy into <b>result</b> smartlist. diff --git a/src/test/test_policy.c b/src/test/test_policy.c index 4df40f6..71a3111 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -1083,8 +1083,12 @@ test_policies_getinfo_helper_policies(void *arg) append_exit_policy_string(&mock_my_routerinfo.exit_policy, "reject *6:*"); mock_options.IPv6Exit = 1; - tor_addr_from_ipv4h(&mock_options.OutboundBindAddressIPv4_, TEST_IPV4_ADDR); - tor_addr_parse(&mock_options.OutboundBindAddressIPv6_, TEST_IPV6_ADDR); + tor_addr_from_ipv4h( + &mock_options.OutboundBindAddresses[OUTBOUND_ADDR_EXIT][0], + TEST_IPV4_ADDR); + tor_addr_parse( + &mock_options.OutboundBindAddresses[OUTBOUND_ADDR_EXIT][1], + TEST_IPV6_ADDR); mock_options.ExitPolicyRejectPrivate = 1; mock_options.ExitPolicyRejectLocalInterfaces = 1;

1 0

[tor/master] Remove an impossible comparison.
by nickm＠torproject.org 27 Jan '17

27 Jan '17

commit 782c52658c1f0e2a0a49b4ba990b0b420dd129c1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jan 27 08:08:08 2017 -0500 Remove an impossible comparison. --- src/or/config.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index 40a6573..d0ca561 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -7929,8 +7929,7 @@ static int verify_and_store_outbound_address(sa_family_t family, tor_addr_t *addr, outbound_addr_t type, or_options_t *options, int validate_only) { - if (type<0 || type>=OUTBOUND_ADDR_MAX - || (family!=AF_INET && family!=AF_INET6)) { + if (type>=OUTBOUND_ADDR_MAX || (family!=AF_INET && family!=AF_INET6)) { return -1; } int fam_index=0;

1 0

[tor/master] Bulletproof conn_get_outbound_address() a little.
by nickm＠torproject.org 27 Jan '17

27 Jan '17

commit 795582169aa9a710739fbb7f3f651e337032df4a Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jan 27 08:12:14 2017 -0500 Bulletproof conn_get_outbound_address() a little. --- src/or/connection.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/or/connection.c b/src/or/connection.c index 4421534..1882760 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1902,10 +1902,18 @@ conn_get_outbound_address(sa_family_t family, { const tor_addr_t *ext_addr = NULL; - int fam_index=0; - if (family==AF_INET6) { - fam_index=1; + int fam_index; + switch (family) { + case AF_INET: + fam_index = 0; + break; + case AF_INET6: + fam_index = 1; + break; + default: + return NULL; } + // If an exit connection, use the exit address (if present) if (conn_type == CONN_TYPE_EXIT) { if (!tor_addr_is_null(

1 0

[tor/master] Merge branch 'feature17975'
by nickm＠torproject.org 27 Jan '17

27 Jan '17

commit 8bd3c1b74df450d2bf4d1069c975c8babe5b770e Merge: ad38204 7955821 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jan 27 08:13:37 2017 -0500 Merge branch 'feature17975' changes/change_separate_exit_and_relay.txt | 2 + doc/tor.1.txt | 14 ++++ src/config/torrc.sample.in | 7 +- src/or/config.c | 107 ++++++++++++++++++----------- src/or/connection.c | 68 ++++++++++++++---- src/or/or.h | 18 +++-- src/or/policies.c | 28 ++++---- src/test/test_policy.c | 8 ++- 8 files changed, 178 insertions(+), 74 deletions(-)

1 0

[atlas/master] Removes graphs that no longer have Onionoo data to back them (Fixes: #19553)
by irl＠torproject.org 27 Jan '17

27 Jan '17

commit 49562bf3eb21833381ae4dc0341f4cfc540bdbb2 Author: Iain R. Learmonth <irl(a)fsfe.org> Date: Thu Jan 26 22:54:18 2017 +0000 Removes graphs that no longer have Onionoo data to back them (Fixes: #19553) This removes the 3 days and 1 week bandwidth charts and also removes references to the 3 days clients chart as the Onionoo specification doesn't claim to provide this chart either. In the future we may attempt to produce these graphs from the data provided by Onionoo, but this will require more than simply putting the right data on the screen and I'd like to keep Atlas as thin a layer as possible on top of Onionoo. --- js/models/graph.js | 6 ------ js/views/details/main.js | 2 +- templates/details/bridge.html | 28 ---------------------------- templates/details/router.html | 28 ---------------------------- 4 files changed, 1 insertion(+), 63 deletions(-) diff --git a/js/models/graph.js b/js/models/graph.js index 36f9e49..d4368a4 100644 --- a/js/models/graph.js +++ b/js/models/graph.js @@ -87,13 +87,10 @@ define([ baseurl: 'https://onionoo.torproject.org', initialize: function() { this.set({ - bw_days: {write: [], read: []}, - bw_week: {write: [], read: []}, bw_month: {write: [], read: []}, bw_months: {write: [], read: []}, bw_year: {write: [], read: []}, bw_years: {write: [], read: []}, - clients_days: {average: []}, clients_week: {average: []}, clients_month: {average: []}, clients_months: {average: []}, @@ -111,8 +108,6 @@ define([ var success = options.success; // Clear the model this.set({ - bw_days: {write: [], read: []}, - bw_week: {write: [], read: []}, bw_month: {write: [], read: []}, bw_months: {write: [], read: []}, bw_year: {write: [], read: []}, @@ -185,7 +180,6 @@ define([ var success = options.success; // Clear the model this.set({ - clients_days: {average: []}, clients_week: {average: []}, clients_month: {average: []}, clients_months: {average: []}, diff --git a/js/views/details/main.js b/js/views/details/main.js index e958e6e..e73ac4a 100644 --- a/js/views/details/main.js +++ b/js/views/details/main.js @@ -192,7 +192,7 @@ define([ this.graph.lookup_bw(this.model.fingerprint, { success: function() { graph.parse_bw_data(graph.data); - graphs = ['bw_days', 'bw_week', 'bw_month', + graphs = ['bw_month', 'bw_months', 'bw_year', 'bw_years']; _.each(graphs, function(g) { var data = [graph.get(g).write, graph.get(g).read]; diff --git a/templates/details/bridge.html b/templates/details/bridge.html index 2cbd24a..33f606c 100644 --- a/templates/details/bridge.html +++ b/templates/details/bridge.html @@ -82,34 +82,6 @@ <div class="row"> <h2>Graphs <small>Pretty graphs</small></h2> <hr/> - <ul class="thumbnails"> - <li class="span8"> - <div class="thumbnail"> - <div id="bw_days" class="graph"> - <img src="img/no-data-available.png" alt=""> - </div> - <div class="caption"> - <h5>3 Days graph</h5> - <a id="save_bw_days" href="">Save Graph</a> - </div> - </div> - </li> - </ul> -</div><div class="row"> - <ul class="thumbnails"> - <li class="span8"> - <div class="thumbnail"> - - <div id="bw_week" class="graph"> - <img src="img/no-data-available.png" alt=""> - </div> - <div class="caption"> - <h5>1 Week graph</h5> - <a id="save_bw_week" href="">Save Graph</a> - </div> - </div> - </li> - </ul> </div> <div class="row"> diff --git a/templates/details/router.html b/templates/details/router.html index 505f8c1..7215b05 100644 --- a/templates/details/router.html +++ b/templates/details/router.html @@ -132,34 +132,6 @@ <div class="row"> <h2>Graphs <small>Pretty graphs</small></h2> <hr/> - <ul class="thumbnails"> - <li class="span8"> - <div class="thumbnail"> - <div id="bw_days" class="graph"> - <img src="img/no-data-available.png" alt=""> - </div> - <div class="caption"> - <h5>3 Days graph</h5> - <a id="save_bw_days" href="">Save Graph</a> - </div> - </div> - </li> - </ul> -</div><div class="row"> - <ul class="thumbnails"> - <li class="span8"> - <div class="thumbnail"> - - <div id="bw_week" class="graph"> - <img src="img/no-data-available.png" alt=""> - </div> - <div class="caption"> - <h5>1 Week graph</h5> - <a id="save_bw_week" href="">Save Graph</a> - </div> - </div> - </li> - </ul> </div> <div class="row">

1 0

[atlas/master] Adds alt attributes to images for country flags and relay flags (Fixes: #21291)
by irl＠torproject.org 27 Jan '17

27 Jan '17

commit 29d59a8f4579278a2f1383d76238559487ca4c91 Author: Iain R. Learmonth <irl(a)fsfe.org> Date: Tue Jan 24 23:01:45 2017 +0000 Adds alt attributes to images for country flags and relay flags (Fixes: #21291) In cases where there is no other text and the meaning is conveyed only in the icon, this adds alt text explaining the icon. In cases where the icon is next to text that explains the icon, the alt attribute is specified as an empty string as recommended by the HTML 5 specification. --- templates/details/bridge.html | 2 +- templates/details/router.html | 4 ++-- templates/search/do.html | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/details/bridge.html b/templates/details/bridge.html index 33f606c..99ffdd3 100644 --- a/templates/details/bridge.html +++ b/templates/details/bridge.html @@ -44,7 +44,7 @@ <dt><span class="tip" data-content="Flags that the directory authorities assigned to this bridge." data-original-title="Bridge flags">Flags</span></dt> <dd><% _.each(relay.get('flags'), function(flag) { %> - <img class="inline" src="img/flags/<%= flag[1] %>.png"> + <img class="inline" alt="" src="img/flags/<%= flag[1] %>.png"> <span class="inline"><%= flag[0] %></span> <% }); %> </dd> diff --git a/templates/details/router.html b/templates/details/router.html index 7215b05..d94f5cf 100644 --- a/templates/details/router.html +++ b/templates/details/router.html @@ -76,13 +76,13 @@ <dt><span class="tip" data-content="Flags that the directory authorities assigned to this relay." data-original-title="Relay flags">Flags</span></dt> <dd><% _.each(relay.get('flags'), function(flag) { %> - <img class="inline" src="img/flags/<%= flag[1] %>.png"> + <img class="inline" alt="" src="img/flags/<%= flag[1] %>.png"> <span class="inline"><%= flag[0] %></span> <% }); %> </dd> <dt><span class="tip" data-content="Country as found in a GeoIP database by resolving the relay's first onion-routing address." data-original-title="Country">Country</span></dt> - <dd><img class="inline country" title="<%= relay.get('countryname') %>" src="img/cc/<%= relay.get('country') %>.png"/> <%= relay.get('countryname') %></dd> + <dd><img class="inline country" title="<%= relay.get('countryname') %>" alt="" src="img/cc/<%= relay.get('country') %>.png"/> <%= relay.get('countryname') %></dd> <dt><span class="tip" data-content="Autonomous System Number" data-original-title="AS Number">AS Number</span></dt> <dd><%= _.escape(relay.get('as_no')) %></dd> diff --git a/templates/search/do.html b/templates/search/do.html index eac2abe..ebb2508 100644 --- a/templates/search/do.html +++ b/templates/search/do.html @@ -87,13 +87,13 @@ </td> <td> <% if ( relay.get('country')) { %> - <img class="inline country" title="<%= relay.get('countryname') %>" src="img/cc/<%= relay.get('country') %>.png"/> + <img class="inline country" title="<%= relay.get('countryname') %>" alt="<%= relay.get('countryname') %>" src="img/cc/<%= relay.get('country') %>.png"/> <% } %> </td> <td><%= relay.get('or_address') %></td> <td> <% _.each(relay.get('flags'), function(flag) { %> - <img class="inline flags" rel="tooltip" src="img/flags/<%= flag[1] %>.png" title="<%= flag[0] %>"/> + <img class="inline flags" rel="tooltip" src="img/flags/<%= flag[1] %>.png" alt="<%= flag[0] %>" title="<%= flag[0] %>"/> <% }); %> </td> <td><%= relay.get('or_port') %></td>

1 0

[tor-browser-bundle/master] Fix typo and copyright date python helper
by gk＠torproject.org 27 Jan '17

27 Jan '17

commit cad2bdae295d3d2e6bbcd63a195d758e265efd45 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Jan 27 11:43:19 2017 +0000 Fix typo and copyright date python helper --- gitian/build-helpers/pe_checksum_fix.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitian/build-helpers/pe_checksum_fix.py b/gitian/build-helpers/pe_checksum_fix.py index 101e77f..85d8fef 100755 --- a/gitian/build-helpers/pe_checksum_fix.py +++ b/gitian/build-helpers/pe_checksum_fix.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Copyright (c) 2015, The Tor Project, Inc. +# Copyright (c) 2015-2017, The Tor Project, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -37,7 +37,7 @@ SHA256 mismatch if one tries to check that the binary we offer is actually the the one we got from our reproducible builds. This small Python snippet does both things: It pads the .exe if necessary and it -recalculates the PE-file checksum. Details of the discussion can be foun in bug +recalculates the PE-file checksum. Details of the discussion can be found in bug 15339: https://bugs.torproject.org/15539. Thanks to a cypherpunk for this workaround idea.

1 0

[translation/tor-browser-manual] Update translations for tor-browser-manual
by translation＠torproject.org 27 Jan '17

27 Jan '17

commit 0cb2ecf8db58fd6fac497ea610d7d8ebb5f7c04a Author: Translation commit bot <translation(a)torproject.org> Date: Fri Jan 27 10:19:56 2017 +0000 Update translations for tor-browser-manual --- ru/ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/ru.po b/ru/ru.po index c874dd6..d392aa1 100644 --- a/ru/ru.po +++ b/ru/ru.po @@ -1,7 +1,7 @@ # Translators: # Misha Dyachuk <Wikia(a)scryptmail.com>, 2016 # Katya <kgolubina(a)gmail.com>, 2016 -# kosterinaleksey <kosterinaleksey(a)gmail.com>, 2016 +# Aleksey Kosterin <kosterinaleksey(a)gmail.com>, 2016 # Andrey <andrey(a)mailbox.org>, 2016 # Tor Project <support-team-private(a)lists.torproject.org>, 2016 # liquixis <liquixis(a)gmail.com>, 2016

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits January 2017