- tor-commits - lists.torproject.org

[pytorctl/master] Merge remote branch 'atagar/bug2812'
by mikeperry＠torproject.org 17 Jun '11

17 Jun '11

commit cb62cf7c70982b83c2d480e55843e098d42ed697 Merge: 8554340 3c6a326 Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Fri Jun 17 16:10:45 2011 -0700 Merge remote branch 'atagar/bug2812' TorCtl.py | 130 ++++++++++++++++++++++++++++++++++++++++++------------------ TorUtil.py | 9 +++- 2 files changed, 98 insertions(+), 41 deletions(-)

1 0

[pytorctl/master] Add iterator support to get_consensus().
by mikeperry＠torproject.org 17 Jun '11

17 Jun '11

commit 5b73e36159cab89d76f481047f8524e8e9938ed5 Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Fri Jun 17 16:24:50 2011 -0700 Add iterator support to get_consensus(). Also rename getIterator to get_iterator. --- TorCtl.py | 23 +++++++++++++++++------ 1 files changed, 17 insertions(+), 6 deletions(-) diff --git a/TorCtl.py b/TorCtl.py index 2eddabc..b1387a0 100755 --- a/TorCtl.py +++ b/TorCtl.py @@ -1060,12 +1060,23 @@ class Connection: """ return self.sendAndRecv("RESETCONF %s\r\n"%(" ".join(keylist))) - def get_consensus(self): + def get_consensus(self, get_iterator=False): """Get the pristine Tor Consensus. Returns a list of - TorCtl.NetworkStatus instances.""" - return parse_ns_body(self.sendAndRecv("GETINFO dir/status-vote/current/consensus\r\n")[0][2]) + TorCtl.NetworkStatus instances. + + Be aware that by default this reads the whole consensus into memory at + once which can be fairly sizable (as of writing 3.5 MB), and even if + freed it may remain allocated to the interpretor: + http://effbot.org/pyfaq/why-doesnt-python-release-the-memory-when-i-delete-… + + To avoid this use the iterator instead. + """ + + nsData = self.sendAndRecv("GETINFO dir/status-vote/current/consensus\r\n")[0][2] + if get_iterator: return ns_body_iter(nsData) + else: return parse_ns_body(nsData) - def get_network_status(self, who="all", getIterator=False): + def get_network_status(self, who="all", get_iterator=False): """Get the entire network status list. Returns a list of TorCtl.NetworkStatus instances. @@ -1078,7 +1089,7 @@ class Connection: """ nsData = self.sendAndRecv("GETINFO ns/"+who+"\r\n")[0][2] - if getIterator: return ns_body_iter(nsData) + if get_iterator: return ns_body_iter(nsData) else: return parse_ns_body(nsData) def get_address_mappings(self, type="all"): @@ -1728,7 +1739,7 @@ class ConsensusTracker(EventHandler): if self.consensus_only: self._update_consensus(self.c.get_consensus()) else: - self._update_consensus(self.c.get_network_status(getIterator=True)) + self._update_consensus(self.c.get_network_status(get_iterator=True)) self._read_routers(self.ns_map.values()) def new_consensus_event(self, n):

1 0

[flashproxy/master] Be consistent about prefixing prompt indicators in README.
by dcf＠torproject.org 17 Jun '11

17 Jun '11

commit 4d2318d5b93d445d0d6e27bb4464ffe14336f0ce Author: David Fifield <david(a)bamsoftware.com> Date: Fri Jun 17 12:45:54 2011 -0700 Be consistent about prefixing prompt indicators in README. --- README | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README b/README index ef7e826..ef2cc65 100644 --- a/README +++ b/README @@ -39,12 +39,12 @@ Copy the resulting swfcat.swf file to a web server. === Connecting On the Tor relay, run - sudo ./crossdomaind.py + # ./crossdomaind.py In general, any computer that a proxy connects to needs to serve a crossdomain policy, but the connector and facilitator have it built in. On the facilitator, run - ./facilitator.py -r <relay-ip> + $ ./facilitator.py -r <relay-ip> The facilitator runs on port 9002 by default. In a browser somewhere, open swfcat.swf and pass it a parameters telling it @@ -58,7 +58,7 @@ coordinates connections using another server (which may be the same as the facilitator) and works when the client is behind a NAT. To connect with TCP, run - ./connector.py -f <facilitator-ip> + $ ./connector.py -f <facilitator-ip> (If you are running the facilitator locally, be sure to use an external IP address, not 127.0.0.1.) The connector informs the facilitator that it wants a connection, then listens on 0.0.0.0:9000 and 127.0.0.1:9001. @@ -66,7 +66,7 @@ The proxy will connect on port 9000 and the local Tor will connect on 9001. To connect with RTMFP, run - ./connector.py 127.0.0.1:9001 127.0.0.1:9002 + $ ./connector.py 127.0.0.1:9001 127.0.0.1:9002 and open in a browser http://www.example.com/swfcat.swf?client=1&facilitator=<facilitator-ip>:9002 In this case, it is swfcat running in client mode that registers with

1 0

[tor/master] Abandon rendezvous circuits on SIGNAL NEWNYM
by nickm＠torproject.org 17 Jun '11

17 Jun '11

commit 010b8dd4f6e8e3c3d2e44ff589ff61cbf64b952a Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Jun 9 19:56:40 2011 -0700 Abandon rendezvous circuits on SIGNAL NEWNYM --- changes/abandon-rend-circs-on-newnym | 8 ++++++++ src/or/circuituse.c | 3 ++- 2 files changed, 10 insertions(+), 1 deletions(-) diff --git a/changes/abandon-rend-circs-on-newnym b/changes/abandon-rend-circs-on-newnym new file mode 100644 index 0000000..67cb2dc --- /dev/null +++ b/changes/abandon-rend-circs-on-newnym @@ -0,0 +1,8 @@ + o Security fixes: + - Don't attach new streams to old rendezvous circuits after SIGNAL + NEWNYM. Previously, we would keep using an existing rendezvous + circuit if it remained open (i.e. if it were kept open by a + long-lived stream or if a new stream were attached to it before + Tor could notice that it was old and no longer in use and close + it). Bugfix on 0.1.1.15-rc; fixes bug 3375. + diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 41c1899..48fc198 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -59,7 +59,8 @@ circuit_is_acceptable(circuit_t *circ, edge_connection_t *conn, return 0; } - if (purpose == CIRCUIT_PURPOSE_C_GENERAL) + if (purpose == CIRCUIT_PURPOSE_C_GENERAL || + purpose == CIRCUIT_PURPOSE_C_REND_JOINED) if (circ->timestamp_dirty && circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now) return 0;

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
by nickm＠torproject.org 17 Jun '11

17 Jun '11

commit 85d4c290d79264d334baa9e5c8fdf3b06d0b3d79 Merge: 209229f 010b8dd Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jun 17 15:24:23 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 changes/abandon-rend-circs-on-newnym | 8 ++++++++ src/or/circuituse.c | 3 ++- 2 files changed, 10 insertions(+), 1 deletions(-)

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.2'
by nickm＠torproject.org 17 Jun '11

17 Jun '11

commit 42d6f3459053aaafbed2ab215e9e85ae5d594b5a Merge: 31b9b1a 85d4c29 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jun 17 15:25:18 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.2' changes/abandon-rend-circs-on-newnym | 8 ++++++++ src/or/circuituse.c | 3 ++- 2 files changed, 10 insertions(+), 1 deletions(-)

1 0

[tor/maint-0.2.2] Abandon rendezvous circuits on SIGNAL NEWNYM
by nickm＠torproject.org 17 Jun '11

17 Jun '11

commit 010b8dd4f6e8e3c3d2e44ff589ff61cbf64b952a Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Jun 9 19:56:40 2011 -0700 Abandon rendezvous circuits on SIGNAL NEWNYM --- changes/abandon-rend-circs-on-newnym | 8 ++++++++ src/or/circuituse.c | 3 ++- 2 files changed, 10 insertions(+), 1 deletions(-) diff --git a/changes/abandon-rend-circs-on-newnym b/changes/abandon-rend-circs-on-newnym new file mode 100644 index 0000000..67cb2dc --- /dev/null +++ b/changes/abandon-rend-circs-on-newnym @@ -0,0 +1,8 @@ + o Security fixes: + - Don't attach new streams to old rendezvous circuits after SIGNAL + NEWNYM. Previously, we would keep using an existing rendezvous + circuit if it remained open (i.e. if it were kept open by a + long-lived stream or if a new stream were attached to it before + Tor could notice that it was old and no longer in use and close + it). Bugfix on 0.1.1.15-rc; fixes bug 3375. + diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 41c1899..48fc198 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -59,7 +59,8 @@ circuit_is_acceptable(circuit_t *circ, edge_connection_t *conn, return 0; } - if (purpose == CIRCUIT_PURPOSE_C_GENERAL) + if (purpose == CIRCUIT_PURPOSE_C_GENERAL || + purpose == CIRCUIT_PURPOSE_C_REND_JOINED) if (circ->timestamp_dirty && circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now) return 0;

1 0

[tor/maint-0.2.2] Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
by nickm＠torproject.org 17 Jun '11

17 Jun '11

commit 85d4c290d79264d334baa9e5c8fdf3b06d0b3d79 Merge: 209229f 010b8dd Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jun 17 15:24:23 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 changes/abandon-rend-circs-on-newnym | 8 ++++++++ src/or/circuituse.c | 3 ++- 2 files changed, 10 insertions(+), 1 deletions(-)

1 0

[tor/maint-0.2.1] Abandon rendezvous circuits on SIGNAL NEWNYM
by nickm＠torproject.org 17 Jun '11

17 Jun '11

commit 010b8dd4f6e8e3c3d2e44ff589ff61cbf64b952a Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Thu Jun 9 19:56:40 2011 -0700 Abandon rendezvous circuits on SIGNAL NEWNYM --- changes/abandon-rend-circs-on-newnym | 8 ++++++++ src/or/circuituse.c | 3 ++- 2 files changed, 10 insertions(+), 1 deletions(-) diff --git a/changes/abandon-rend-circs-on-newnym b/changes/abandon-rend-circs-on-newnym new file mode 100644 index 0000000..67cb2dc --- /dev/null +++ b/changes/abandon-rend-circs-on-newnym @@ -0,0 +1,8 @@ + o Security fixes: + - Don't attach new streams to old rendezvous circuits after SIGNAL + NEWNYM. Previously, we would keep using an existing rendezvous + circuit if it remained open (i.e. if it were kept open by a + long-lived stream or if a new stream were attached to it before + Tor could notice that it was old and no longer in use and close + it). Bugfix on 0.1.1.15-rc; fixes bug 3375. + diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 41c1899..48fc198 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -59,7 +59,8 @@ circuit_is_acceptable(circuit_t *circ, edge_connection_t *conn, return 0; } - if (purpose == CIRCUIT_PURPOSE_C_GENERAL) + if (purpose == CIRCUIT_PURPOSE_C_GENERAL || + purpose == CIRCUIT_PURPOSE_C_REND_JOINED) if (circ->timestamp_dirty && circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now) return 0;

1 0

[tor/master] Correct some outdated comments
by nickm＠torproject.org 17 Jun '11

17 Jun '11

commit 39480c797851c8c70914153b403a282a02e7aebb Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Tue May 24 22:20:12 2011 -0700 Correct some outdated comments --- src/or/control.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index 0dad1b9..5d2d135 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -606,12 +606,12 @@ send_control_event_string(uint16_t event, event_format_t which, } SMARTLIST_FOREACH_END(conn); } -/** Helper for send_control1_event and send_control1_event_extended: +/** Helper for send_control_event and control_event_status: * Send an event to all v1 controllers that are listening for code * event. The event's body is created by the printf-style format in * format, and other arguments as provided. * - * Currently the length of the message is limited to 1024 (including the + * Currently the length of the message is limited to 10064 (including the * ending \\r\\n\\0). */ static void send_control_event_impl(uint16_t event, event_format_t which, @@ -644,7 +644,7 @@ send_control_event_impl(uint16_t event, event_format_t which, * event. The event's body is created by the printf-style format in * format, and other arguments as provided. * - * Currently the length of the message is limited to 1024 (including the + * Currently the length of the message is limited to 10064 (including the * ending \\n\\r\\0. */ static void send_control_event(uint16_t event, event_format_t which,

1 0