summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Palfrader <peter@palfrader.org>2009-11-13 19:58:59 +0100
committerPeter Palfrader <peter@palfrader.org>2009-11-13 19:58:59 +0100
commit4db6e63c263591d3bea58c018446cecb321e2b64 (patch)
treeb55ba6e190fb9ad2584224f1a27310c3d0cd824b
parent58ccdfccefb467fe453ec65e1cea90a6e7f729af (diff)
parent751e9b2bb64f5c4f5af6e3c9105c85deae17943e (diff)
downloadtor-4db6e63c263591d3bea58c018446cecb321e2b64.tar.gz
tor-4db6e63c263591d3bea58c018446cecb321e2b64.zip
Merge branch 'debian-merge' into debian-0.2.1
* debian-merge: (37 commits) New upstream version bump to 0.2.1.20 Move moria1 and Tonga to alternate IP addresses. read the "circwindow" parameter from the consensus Code to parse and access network parameters. Revert "Teach connection_ap_can_use_exit about Exclude*Nodes" Work around a memory leak in openssl 0.9.8g (and maybe others) Teach connection_ap_can_use_exit about Exclude*Nodes make some bug 1090 warnings go away Fix a memory leak when parsing a ns Fix obscure 64-bit big-endian hidserv bug turns out the packaging changes aren't in 0.2.1.20 update changelog with bundle details Use an _actual_ fix for the byte-reverse warning. Use a simpler fix for the byte-reversing warning Fix compile warnings on Snow Leopard Add getinfo accepted-server-descriptor. Clean spec. Reduce log level for bug case that we now know really exists. Only send reachability status events on overall success/failure update the README instructions and OS X makefiles ...
-rw-r--r--ChangeLog108
-rw-r--r--ReleaseNotes31
-rw-r--r--configure.in2
-rwxr-xr-xcontrib/directory-archive/fetch-all2
-rwxr-xr-xcontrib/directory-archive/fetch-all-v31
-rwxr-xr-xcontrib/osx/uninstall_tor_bundle.sh2
-rw-r--r--contrib/polipo/Makefile.osx10
-rw-r--r--contrib/polipo/README2
-rw-r--r--contrib/tor-mingw.nsi.in3
-rw-r--r--debian/changelog6
-rw-r--r--doc/spec/control-spec.txt35
-rw-r--r--doc/tor-osx-dmg-creation.txt107
-rw-r--r--doc/tor.1.in9
-rw-r--r--src/common/address.c9
-rw-r--r--src/common/log.c22
-rw-r--r--src/common/torint.h4
-rw-r--r--src/common/tortls.c13
-rw-r--r--src/common/tortls.h4
-rw-r--r--src/common/util.c7
-rw-r--r--src/or/circuitbuild.c58
-rw-r--r--src/or/circuitlist.c15
-rw-r--r--src/or/circuituse.c5
-rw-r--r--src/or/command.c10
-rw-r--r--src/or/config.c32
-rw-r--r--src/or/control.c8
-rw-r--r--src/or/directory.c9
-rw-r--r--src/or/dirserv.c7
-rw-r--r--src/or/eventdns.c6
-rw-r--r--src/or/eventdns.h4
-rw-r--r--src/or/main.c17
-rw-r--r--src/or/networkstatus.c35
-rw-r--r--src/or/or.h21
-rw-r--r--src/or/relay.c4
-rw-r--r--src/or/rendclient.c15
-rw-r--r--src/or/rendservice.c7
-rw-r--r--src/or/router.c19
-rw-r--r--src/or/routerparse.c44
-rw-r--r--src/or/test.c2
-rw-r--r--src/tools/tor-gencert.c4
-rw-r--r--src/tools/tor-resolve.c4
-rw-r--r--src/win32/orconfig.h2
41 files changed, 526 insertions, 179 deletions
diff --git a/ChangeLog b/ChangeLog
index ed76e22f95..e8ec768408 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,74 @@
+Changes in version 0.2.1.20 - 2009-10-15
+ o Major bugfixes:
+ - Send circuit or stream sendme cells when our window has decreased
+ by 100 cells, not when it has decreased by 101 cells. Bug uncovered
+ by Karsten when testing the "reduce circuit window" performance
+ patch. Bugfix on the 54th commit on Tor -- from July 2002,
+ before the release of Tor 0.0.0. This is the new winner of the
+ oldest-bug prize.
+ - Fix a remotely triggerable memory leak when a consensus document
+ contains more than one signature from the same voter. Bugfix on
+ 0.2.0.3-alpha.
+ - Avoid segfault in rare cases when finishing an introduction circuit
+ as a client and finding out that we don't have an introduction key
+ for it. Fixes bug 1073. Reported by Aaron Swartz.
+
+ o Major features:
+ - Tor now reads the "circwindow" parameter out of the consensus,
+ and uses that value for its circuit package window rather than the
+ default of 1000 cells. Begins the implementation of proposal 168.
+
+ o New directory authorities:
+ - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
+ authority.
+ - Move moria1 and tonga to alternate IP addresses.
+
+ o Minor bugfixes:
+ - Fix a signed/unsigned compile warning in 0.2.1.19.
+ - Fix possible segmentation fault on directory authorities. Bugfix on
+ 0.2.1.14-rc.
+ - Fix an extremely rare infinite recursion bug that could occur if
+ we tried to log a message after shutting down the log subsystem.
+ Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
+ - Fix an obscure bug where hidden services on 64-bit big-endian
+ systems might mis-read the timestamp in v3 introduce cells, and
+ refuse to connect back to the client. Discovered by "rotor".
+ Bugfix on 0.2.1.6-alpha.
+ - We were triggering a CLOCK_SKEW controller status event whenever
+ we connect via the v2 connection protocol to any relay that has
+ a wrong clock. Instead, we should only inform the controller when
+ it's a trusted authority that claims our clock is wrong. Bugfix
+ on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
+ - We were telling the controller about CHECKING_REACHABILITY and
+ REACHABILITY_FAILED status events whenever we launch a testing
+ circuit or notice that one has failed. Instead, only tell the
+ controller when we want to inform the user of overall success or
+ overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
+ by SwissTorExit.
+ - Don't warn when we're using a circuit that ends with a node
+ excluded in ExcludeExitNodes, but the circuit is not used to access
+ the outside world. This should help fix bug 1090. Bugfix on
+ 0.2.1.6-alpha.
+ - Work around a small memory leak in some versions of OpenSSL that
+ stopped the memory used by the hostname TLS extension from being
+ freed.
+
+ o Minor features:
+ - Add a "getinfo status/accepted-server-descriptor" controller
+ command, which is the recommended way for controllers to learn
+ whether our server descriptor has been successfully received by at
+ least on directory authority. Un-recommend good-server-descriptor
+ getinfo and status events until we have a better design for them.
+
+
Changes in version 0.2.1.19 - 2009-07-28
+ Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
+ services on Tor 0.2.1.3-alpha through 0.2.1.18.
+
o Major bugfixes:
- - Make accessing hidden services on 0.2.1.x work right
- again. Bugfix on 0.2.1.3-alpha; workaround for bug 1038.
+ - Make accessing hidden services on 0.2.1.x work right again.
+ Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and
+ part of patch provided by "optimist".
o Minor features:
- When a relay/bridge is writing out its identity key fingerprint to
@@ -20,6 +87,12 @@ Changes in version 0.2.1.19 - 2009-07-28
Changes in version 0.2.1.18 - 2009-07-24
+ Tor 0.2.1.18 lays the foundations for performance improvements,
+ adds status events to help users diagnose bootstrap problems, adds
+ optional authentication/authorization for hidden services, fixes a
+ variety of potential anonymity problems, and includes a huge pile of
+ other features and bug fixes.
+
o Build fixes:
- Add LIBS=-lrt to Makefile.am so the Tor RPMs use a static libevent.
@@ -82,6 +155,37 @@ Changes in version 0.2.1.17-rc - 2009-07-07
further bugs for relays on dynamic IP addresses.
+Changes in version 0.2.0.35 - 2009-06-24
+ o Security fix:
+ - Avoid crashing in the presence of certain malformed descriptors.
+ Found by lark, and by automated fuzzing.
+ - Fix an edge case where a malicious exit relay could convince a
+ controller that the client's DNS question resolves to an internal IP
+ address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
+
+ o Major bugfixes:
+ - Finally fix the bug where dynamic-IP relays disappear when their
+ IP address changes: directory mirrors were mistakenly telling
+ them their old address if they asked via begin_dir, so they
+ never got an accurate answer about their new address, so they
+ just vanished after a day. For belt-and-suspenders, relays that
+ don't set Address in their config now avoid using begin_dir for
+ all direct connections. Should fix bugs 827, 883, and 900.
+ - Fix a timing-dependent, allocator-dependent, DNS-related crash bug
+ that would occur on some exit nodes when DNS failures and timeouts
+ occurred in certain patterns. Fix for bug 957.
+
+ o Minor bugfixes:
+ - When starting with a cache over a few days old, do not leak
+ memory for the obsolete router descriptors in it. Bugfix on
+ 0.2.0.33; fixes bug 672.
+ - Hidden service clients didn't use a cached service descriptor that
+ was older than 15 minutes, but wouldn't fetch a new one either,
+ because there was already one in the cache. Now, fetch a v2
+ descriptor unless the same descriptor was added to the cache within
+ the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
+
+
Changes in version 0.2.1.16-rc - 2009-06-20
Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes
a bunch of minor bugs.
diff --git a/ReleaseNotes b/ReleaseNotes
index f4e1a00cfb..bd2e3090a3 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,7 +3,38 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+Changes in version 0.2.1.19 - 2009-07-28
+ Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
+ services.
+
+ o Major bugfixes:
+ - Make accessing hidden services on 0.2.1.x work right again.
+ Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and
+ part of patch provided by "optimist".
+
+ o Minor features:
+ - When a relay/bridge is writing out its identity key fingerprint to
+ the "fingerprint" file and to its logs, write it without spaces. Now
+ it will look like the fingerprints in our bridges documentation,
+ and confuse fewer users.
+
+ o Minor bugfixes:
+ - Relays no longer publish a new server descriptor if they change
+ their MaxAdvertisedBandwidth config option but it doesn't end up
+ changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc;
+ fixes bug 1026. Patch from Sebastian.
+ - Avoid leaking memory every time we get a create cell but we have
+ so many already queued that we refuse it. Bugfix on 0.2.0.19-alpha;
+ fixes bug 1034. Reported by BarkerJr.
+
+
Changes in version 0.2.1.18 - 2009-07-24
+ Tor 0.2.1.18 lays the foundations for performance improvements,
+ adds status events to help users diagnose bootstrap problems, adds
+ optional authentication/authorization for hidden services, fixes a
+ variety of potential anonymity problems, and includes a huge pile of
+ other features and bug fixes.
+
o Major features (clients):
- Start sending "bootstrap phase" status events to the controller,
so it can keep the user informed of progress fetching directory
diff --git a/configure.in b/configure.in
index 5b30198f22..ce3b0a3be5 100644
--- a/configure.in
+++ b/configure.in
@@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_INIT
-AM_INIT_AUTOMAKE(tor, 0.2.1.19)
+AM_INIT_AUTOMAKE(tor, 0.2.1.20)
AM_CONFIG_HEADER(orconfig.h)
AC_CANONICAL_HOST
diff --git a/contrib/directory-archive/fetch-all b/contrib/directory-archive/fetch-all
index fabcbb8bc4..dfa5a1b3e5 100755
--- a/contrib/directory-archive/fetch-all
+++ b/contrib/directory-archive/fetch-all
@@ -30,8 +30,8 @@ DIRSERVERS=""
DIRSERVERS="$DIRSERVERS 86.59.21.38:80" # tor26
DIRSERVERS="$DIRSERVERS 128.31.0.34:9031" # moria1
DIRSERVERS="$DIRSERVERS 128.31.0.34:9032" # moria2
-#DIRSERVERS="$DIRSERVERS 140.247.60.64:80" # lefkada
DIRSERVERS="$DIRSERVERS 194.109.206.212:80" # dizum
+
DATEDIR=$(date "+%Y/%m/%d")
TIME=$(date "+%Y%m%d-%H%M%S")
diff --git a/contrib/directory-archive/fetch-all-v3 b/contrib/directory-archive/fetch-all-v3
index 02b3d5d9e8..a4746e02cf 100755
--- a/contrib/directory-archive/fetch-all-v3
+++ b/contrib/directory-archive/fetch-all-v3
@@ -35,6 +35,7 @@ DIRSERVERS="$DIRSERVERS 80.190.246.100:80" # gabelmoo
DIRSERVERS="$DIRSERVERS 194.109.206.212:80" # dizum
#DIRSERVERS="$DIRSERVERS 128.31.0.34:9032" # moria2
DIRSERVERS="$DIRSERVERS 213.73.91.31:80" # dannenberg
+DIRSERVERS="$DIRSERVERS 208.83.223.34:443" # urras
TIME=$(date "+%Y%m%d-%H%M%S")
. fetch-all-functions
diff --git a/contrib/osx/uninstall_tor_bundle.sh b/contrib/osx/uninstall_tor_bundle.sh
index 9089407edb..b7c439429e 100755
--- a/contrib/osx/uninstall_tor_bundle.sh
+++ b/contrib/osx/uninstall_tor_bundle.sh
@@ -134,7 +134,7 @@ fi
## clean up
echo ". Cleaning up"
rm -rf $TEMP_BOM_CONTENTS
-rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/
+rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/ /Library/Receipts/Privoxy.pkg /Library/Receipts/torbutton.pkg /Library/Receipts/Tor.pkg /Library/Receipts/Vidalia.pkg /Library/Receipts/TorStartup.pkg
echo ". Finished"
diff --git a/contrib/polipo/Makefile.osx b/contrib/polipo/Makefile.osx
index 8e748e2adb..55ed1c62f8 100644
--- a/contrib/polipo/Makefile.osx
+++ b/contrib/polipo/Makefile.osx
@@ -30,9 +30,13 @@ FILE_DEFINES = -DLOCAL_ROOT=\"$(LOCAL_ROOT)/\" \
DEFINES = $(FILE_DEFINES) $(PLATFORM_DEFINES)
-UNIVERSAL = -O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc
-LDFLAGS = -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk
-CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) $(UNIVERSAL)
+# Uncomment the UNIVERSAL, LDFLAGS, CFLAGS lines if you want universal binaries, otherwise
+# you'll produce a binary only for your architecture and version of OSX
+# UNIVERSAL = -O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc
+# LDFLAGS = -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk
+# CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) $(UNIVERSAL)
+# If you uncommented the above CFLAGS, remove this next one.
+CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES)
SRCS = util.c event.c io.c chunk.c atom.c object.c log.c diskcache.c main.c \
config.c local.c http.c client.c server.c auth.c tunnel.c \
diff --git a/contrib/polipo/README b/contrib/polipo/README
index 038e354413..e05ab0ceec 100644
--- a/contrib/polipo/README
+++ b/contrib/polipo/README
@@ -1,4 +1,6 @@
Copyright 2007-2008 Andrew Lewman
+Copyright 2009 The Tor Project
+
----------------
General Comments
----------------
diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in
index 053c142159..7644d24449 100644
--- a/contrib/tor-mingw.nsi.in
+++ b/contrib/tor-mingw.nsi.in
@@ -9,7 +9,7 @@
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.2.1.19"
+!define VERSION "0.2.1.20"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/"
!define LICENSE "LICENSE"
@@ -216,6 +216,7 @@ Function un.InstallFiles
Delete "$INSTDIR\tor.ico"
Delete "$SMSTARTUP\Tor.lnk"
Delete "$INSTDIR\Uninstall.exe"
+ Delete "$INSTDIR\geoip"
FunctionEnd
Function un.InstallDirectories
diff --git a/debian/changelog b/debian/changelog
index 00eae0f0ac..90afa018bb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+tor (0.2.1.20-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 13 Nov 2009 19:02:47 +0100
+
tor (0.2.1.19-1) unstable; urgency=low
* New upstream version.
diff --git a/doc/spec/control-spec.txt b/doc/spec/control-spec.txt
index 576c5dcd53..cf92e2b9e3 100644
--- a/doc/spec/control-spec.txt
+++ b/doc/spec/control-spec.txt
@@ -558,6 +558,7 @@ $Id$
"status/circuit-established"
"status/enough-dir-info"
"status/good-server-descriptor"
+ "status/accepted-server-descriptor"
"status/..."
These provide the current internal Tor values for various Tor
states. See Section 4.1.10 for explanations. (Only a few of the
@@ -1255,20 +1256,26 @@ $Id$
CLOCK_SKEW
SKEW="+" / "-" SECONDS
MIN_SKEW="+" / "-" SECONDS.
- SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT" / "CONSENSUS"
+ SOURCE="DIRSERV:" IP ":" Port /
+ "NETWORKSTATUS:" IP ":" Port /
+ "OR:" IP ":" Port /
+ "CONSENSUS"
If "SKEW" is present, it's an estimate of how far we are from the
time declared in the source. (In other words, if we're an hour in
the past, the value is -3600.) "MIN_SKEW" is present, it's a lower
bound. If the source is a DIRSERV, we got the current time from a
connection to a dirserver. If the source is a NETWORKSTATUS, we
decided we're skewed because we got a v2 networkstatus from far in
- the future. If the source is CONSENSUS, we decided we're skewed
- because we got a networkstatus consensus from the future.
+ the future. If the source is OR, the skew comes from a NETINFO
+ cell from a connection to another relay. If the source is
+ CONSENSUS, we decided we're skewed because we got a networkstatus
+ consensus from the future.
- {Controllers may want to warn the user if the skew is high, or if
- multiple skew messages appear at severity WARN. Controllers
- shouldn't blindly adjust the clock, since the more accurate source
- of skew info (DIRSERV) is currently unauthenticated.}
+ {Tor should send this message to controllers when it thinks the
+ skew is so high that it will interfere with proper Tor operation.
+ Controllers shouldn't blindly adjust the clock, since the more
+ accurate source of skew info (DIRSERV) is currently
+ unauthenticated.}
BAD_LIBEVENT
"METHOD=" libevent method
@@ -1482,18 +1489,22 @@ $Id$
We successfully uploaded our server descriptor to at least one
of the directory authorities, with no complaints.
- {This event could affect the controller's idea of server status, but
- the controller should not interrupt the user to tell them so.}
+ {Originally, the goal of this event was to declare "every authority
+ has accepted the descriptor, so there will be no complaints
+ about it." But since some authorities might be offline, it's
+ harder to get certainty than we had thought. As such, this event
+ is equivalent to ACCEPTED_SERVER_DESCRIPTOR below. Controllers
+ should just look at ACCEPTED_SERVER_DESCRIPTOR and should ignore
+ this event for now.}
NAMESERVER_STATUS
"NS=addr"
"STATUS=" "UP" / "DOWN"
"ERR=" message
One of our nameservers has changed status.
- // actually notice
- {This event could affect the controller's idea of server status, but
- the controller should not interrupt the user to tell them so.}
+ {This event could affect the controller's idea of server status, but
+ the controller should not interrupt the user to tell them so.}
NAMESERVER_ALL_DOWN
All of our nameservers have gone down.
diff --git a/doc/tor-osx-dmg-creation.txt b/doc/tor-osx-dmg-creation.txt
index 6728e24ae8..9a89e98759 100644
--- a/doc/tor-osx-dmg-creation.txt
+++ b/doc/tor-osx-dmg-creation.txt
@@ -1,31 +1,62 @@
## Instructions for building the official dmgs for OSX.
##
+## The loose table of contents:
+## Summary
+## Single Architecture Binaries for PPC or X86, not both.
+## Backwards compatible single-architecture binaries for OSX x86 10.4 from newer versions of OS X.
+## Universal Binaries for OSX PPC and X86
+## Each section is delineated by ###.
The following steps are the exact steps used to produce the "official"
OSX builds of tor.
-Summary:
+### Summary:
1) Compile and install a static version of the latest release of
libevent.
2) Acquire and install your preferred version of tor. Extract.
3) "make dist-osx"
4) You now have a dmg from which you can install Tor.
-## Universal Binaries for OSX PPC and X86
-## This method works in OSX 10.4 (Tiger) and newer OSX versions.
-## See far below if you don't care about cross compiling for PPC and X86.
-## The single architecture process starts with "###"
+### Single Architecture Binaries for PPC or X86, not both.
+### This method works in all versions of OSX 10.3 through 10.6
+
+## Compiling libevent ##
+
+1) Download the latest stable libevent from
+http://www.monkey.org/~provos/libevent/
+
+2) The first step of compiling libevent is to configure it as
+follows:
+ ./configure --enable-static --disable-shared
+
+3) Complete the "make" and "make install". You will need to be root,
+or sudo -s, to complete the "make install".
+
+## Compiling Tor ##
+
+4) Get your preferred version of the tor source from https://www.torproject.org. Extract the
+tarball.
+
+5) In the top level, this means /path/to/tor/, not tor/contrib/osx,
+do a configure with these parameters:
+ CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \
+ --bindir=/Library/Tor --sysconfdir=/Library
+
+6) In same top level dir, do a "make dist-osx". There now exists a
+.dmg file in the same directory. Install from this dmg.
+
+### Backwards compatible single-architecture binaries for OSX x86 10.4 from newer versions of OS X.
1) Install the latest XCode updates available from http://developer.apple.com.
-## Compiling libevent
+## Compiling libevent ##
2) Download latest stable libevent from
http://www.monkey.org/~provos/libevent/
3) The first step of compiling libevent is to configure it as
follows:
-CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc" \
+CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" \
LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
./configure --enable-static --disable-shared --disable-dependency-tracking
@@ -37,16 +68,14 @@ or sudo -s, to complete the "make install".
"file /usr/local/lib/libevent.a"
Your output should be:
-/usr/local/lib/libevent.a: Mach-O fat file with 2 architectures
/usr/local/lib/libevent.a (for architecture i386): current ar archive random library
-/usr/local/lib/libevent.a (for architecture ppc): current ar archive
6) Get your preferred version of the tor source from https://www.torproject.org/download.
Extract the tarball.
7) In the top level, this means /path/to/tor/, not tor/contrib/osx,
do a configure with these parameters:
-CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc" \
+CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" \
LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
CONFDIR=/Library/Tor \
./configure --prefix=/Library/Tor --bindir=/Library/Tor \
@@ -56,39 +85,61 @@ CONFDIR=/Library/Tor \
9) Confirm you have created a universal binary by issuing the follow command:
"file src/or/tor". Its output should be as follows:
-src/or/tor: Mach-O fat file with 2 architectures
src/or/tor (for architecture i386): Mach-O executable i386
-src/or/tor (for architecture ppc): Mach-O executable ppc
10) There should exist in the top-level directory a
Tor-$VERSION-universal-Bundle.dmg
-11) Congrats. You have a universal binary. You are now ready to install Tor.
+11) Congrats. You have a backwards-compatible binary. You are now ready to install Tor.
-### Single Architecture Binaries for PPC or X86, not both.
-### This method works in all versions of OSX 10.3 through 10.5
+### Universal Binaries for OSX PPC and X86
+### This method works in OSX 10.4 (Tiger) and newer OSX versions.
+
+1) Install the latest XCode updates available from http://developer.apple.com.
-### Compiling libevent
+## Compiling libevent ##
-1) Download the latest stable libevent from
+2) Download latest stable libevent from
http://www.monkey.org/~provos/libevent/
-2) The first step of compiling libevent is to configure it as
+3) The first step of compiling libevent is to configure it as
follows:
- ./configure --enable-static --disable-shared
+CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc" \
+LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
+./configure --enable-static --disable-shared --disable-dependency-tracking
-3) Complete the "make" and "make install". You will need to be root,
+4) Complete the "make" and "make install". You will need to be root,
or sudo -s, to complete the "make install".
-### Compiling Tor
+5) Check for a successful universal binary of libevent.a in, by default,
+/usr/local/lib by using the following command:
+ "file /usr/local/lib/libevent.a"
-4) Get your preferred version of the tor source from https://www.torproject.org. Extract the
-tarball.
+ Your output should be:
+/usr/local/lib/libevent.a: Mach-O fat file with 2 architectures
+/usr/local/lib/libevent.a (for architecture i386): current ar archive random library
+/usr/local/lib/libevent.a (for architecture ppc): current ar archive
-5) In the top level, this means /path/to/tor/, not tor/contrib/osx,
+6) Get your preferred version of the tor source from https://www.torproject.org/download.
+Extract the tarball.
+
+7) In the top level, this means /path/to/tor/, not tor/contrib/osx,
do a configure with these parameters:
- CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \
- --bindir=/Library/Tor --sysconfdir=/Library
+CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc" \
+LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
+CONFDIR=/Library/Tor \
+./configure --prefix=/Library/Tor --bindir=/Library/Tor \
+--sysconfdir=/Library --disable-dependency-tracking
-6) In same top level dir, do a "make dist-osx". There now exists a
-.dmg file in the same directory. Install from this dmg.
+8) "make dist-osx"
+
+9) Confirm you have created a universal binary by issuing the follow command:
+"file src/or/tor". Its output should be as follows:
+src/or/tor: Mach-O fat file with 2 architectures
+src/or/tor (for architecture i386): Mach-O executable i386
+src/or/tor (for architecture ppc): Mach-O executable ppc
+
+10) There should exist in the top-level directory a
+Tor-$VERSION-universal-Bundle.dmg
+
+11) Congrats. You have a universal binary. You are now ready to install Tor.
diff --git a/doc/tor.1.in b/doc/tor.1.in
index d85747958b..1a72ebd09f 100644
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -476,13 +476,15 @@ used when \fBFascistFirewall\fR is set. This option is deprecated; use
ReachableAddresses instead. (Default: 80, 443)
.LP
.TP
-\fBHidServAuth \fR\fIonion-address\fR \fIauth-cookie\fP \fIservice-name\fR
+\fBHidServAuth \fR\fIonion-address\fR \fIauth-cookie\fP [\fIservice-name\fR]
Client authorization for a hidden service. Valid onion addresses contain 16
characters in a-z2-7 plus ".onion", and valid auth cookies contain 22
characters in A-Za-z0-9+/. The service name is only used for internal
purposes, e.g., for Tor controllers. This option may be used multiple times
for different hidden services. If a hidden service uses authorization and
-this option is not set, the hidden service is not accessible.
+this option is not set, the hidden service is not accessible. Hidden
+services can be configured to require authorization using the
+\fBHiddenServiceAuthorizeClient\fR option.
.LP
.TP
\fBReachableAddresses \fR\fIADDR\fP[\fB/\fP\fIMASK\fP][:\fIPORT\fP]...\fP
@@ -1305,7 +1307,8 @@ listed here are authorized to access the hidden service. Valid client names
are 1 to 19 characters long and only use characters in A-Za-z0-9+-_
(no spaces). If this option is set, the hidden service is not accessible
for clients without authorization any more. Generated authorization data
-can be found in the hostname file.
+can be found in the hostname file. Clients need to put this authorization
+data in their configuration file using \fBHidServAuth\fR.
.LP
.TP
\fBRendPostPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
diff --git a/src/common/address.c b/src/common/address.c
index fac9d50e15..2fe013a2cd 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -373,10 +373,11 @@ tor_addr_parse_reverse_lookup_name(tor_addr_t *result, const char *address,
return -1; /* malformed. */
/* reverse the bytes */
- inaddr.s_addr = (((inaddr.s_addr & 0x000000fful) << 24)
- |((inaddr.s_addr & 0x0000ff00ul) << 8)
- |((inaddr.s_addr & 0x00ff0000ul) >> 8)
- |((inaddr.s_addr & 0xff000000ul) >> 24));
+ inaddr.s_addr = (uint32_t)
+ (((inaddr.s_addr & 0x000000ff) << 24)
+ |((inaddr.s_addr & 0x0000ff00) << 8)
+ |((inaddr.s_addr & 0x00ff0000) >> 8)
+ |((inaddr.s_addr & 0xff000000) >> 24));
if (result) {
tor_addr_from_in(result, &inaddr);
diff --git a/src/common/log.c b/src/common/log.c
index a7b0c12c4a..423a687a51 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -94,7 +94,8 @@ should_log_function_name(log_domain_mask_t domain, int severity)
}
/** A mutex to guard changes to logfiles and logging. */
-static tor_mutex_t *log_mutex = NULL;
+static tor_mutex_t log_mutex;
+static int log_mutex_initialized = 0;
/** Linked list of logfile_t. */
static logfile_t *logfiles = NULL;
@@ -105,9 +106,9 @@ static int syslog_count = 0;
#endif
#define LOCK_LOGS() STMT_BEGIN \
- tor_mutex_acquire(log_mutex); \
+ tor_mutex_acquire(&log_mutex); \
STMT_END
-#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(log_mutex); STMT_END
+#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(&log_mutex); STMT_END
/** What's the lowest log level anybody cares about? Checking this lets us
* bail out early from log_debug if we aren't debugging. */
@@ -148,8 +149,8 @@ _log_prefix(char *buf, size_t buf_len, int severity)
t = (time_t)now.tv_sec;
n = strftime(buf, buf_len, "%b %d %H:%M:%S", tor_localtime_r(&t, &tm));
- r = tor_snprintf(buf+n, buf_len-n, ".%.3ld [%s] ",
- (long)now.tv_usec / 1000, sev_to_string(severity));
+ r = tor_snprintf(buf+n, buf_len-n, ".%.3i [%s] ",
+ (int)now.tv_usec / 1000, sev_to_string(severity));
if (r<0)
return buf_len-1;
else
@@ -448,8 +449,9 @@ logs_free_all(void)
log_free(victim);
}
tor_free(appname);
- tor_mutex_free(log_mutex);
- log_mutex = NULL;
+
+ /* We _could_ destroy the log mutex here, but that would screw up any logs
+ * that happened between here and the end of execution. */
}
/** Remove and free the log entry <b>victim</b> from the linked-list
@@ -545,8 +547,10 @@ add_stream_log(const log_severity_list_t *severity,
void
init_logging(void)
{
- if (!log_mutex)
- log_mutex = tor_mutex_new();
+ if (!log_mutex_initialized) {
+ tor_mutex_init(&log_mutex);
+ log_mutex_initialized = 1;
+ }
}
/** Add a log handler to receive messages during startup (before the real
diff --git a/src/common/torint.h b/src/common/torint.h
index 1f7421174a..f8441859a9 100644
--- a/src/common/torint.h
+++ b/src/common/torint.h
@@ -119,6 +119,10 @@ typedef unsigned int uint32_t;
#endif
#endif
+#ifndef INT32_MIN
+#define INT32_MIN (-2147483647-1)
+#endif
+
#if (SIZEOF_LONG == 4)
#ifndef HAVE_INT32_T
typedef signed long int32_t;
diff --git a/src/common/tortls.c b/src/common/tortls.c
index f14eab18a5..c6b11e9a6e 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -829,6 +829,9 @@ tor_tls_new(int sock, int isServer)
if (!SSL_set_cipher_list(result->ssl,
isServer ? SERVER_CIPHER_LIST : CLIENT_CIPHER_LIST)) {
tls_log_errors(NULL, LOG_WARN, "setting ciphers");
+#ifdef SSL_set_tlsext_host_name
+ SSL_set_tlsext_host_name(result->ssl, NULL);
+#endif
SSL_free(result->ssl);
tor_free(result);
return NULL;
@@ -839,6 +842,9 @@ tor_tls_new(int sock, int isServer)
bio = BIO_new_socket(sock, BIO_NOCLOSE);
if (! bio) {
tls_log_errors(NULL, LOG_WARN, "opening BIO");
+#ifdef SSL_set_tlsext_host_name
+ SSL_set_tlsext_host_name(result->ssl, NULL);
+#endif
SSL_free(result->ssl);
tor_free(result);
return NULL;
@@ -919,6 +925,9 @@ tor_tls_free(tor_tls_t *tls)
if (!removed) {
log_warn(LD_BUG, "Freeing a TLS that was not in the ssl->tls map.");
}
+#ifdef SSL_set_tlsext_host_name
+ SSL_set_tlsext_host_name(tls->ssl, NULL);
+#endif
SSL_free(tls->ssl);
tls->ssl = NULL;
tls->negotiated_callback = NULL;
@@ -1443,8 +1452,8 @@ tor_tls_used_v1_handshake(tor_tls_t *tls)
* buffer and *<b>wbuf_bytes</b> to the amount actually used. */
void
tor_tls_get_buffer_sizes(tor_tls_t *tls,
- int *rbuf_capacity, int *rbuf_bytes,
- int *wbuf_capacity, int *wbuf_bytes)
+ size_t *rbuf_capacity, size_t *rbuf_bytes,
+ size_t *wbuf_capacity, size_t *wbuf_bytes)
{
if (tls->ssl->s3->rbuf.buf)
*rbuf_capacity = tls->ssl->s3->rbuf.len;
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 44e3b499ef..d00690911c 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -73,8 +73,8 @@ void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
size_t *n_read, size_t *n_written);
void tor_tls_get_buffer_sizes(tor_tls_t *tls,
- int *rbuf_capacity, int *rbuf_bytes,
- int *wbuf_capacity, int *wbuf_bytes);
+ size_t *rbuf_capacity, size_t *rbuf_bytes,
+ size_t *wbuf_capacity, size_t *wbuf_bytes);
int tor_tls_used_v1_handshake(tor_tls_t *tls);
diff --git a/src/common/util.c b/src/common/util.c
index 7b9e5eb562..9dcf9fba64 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1816,7 +1816,8 @@ write_chunks_to_file_impl(const char *fname, const smartlist_t *chunks,
int open_flags)
{
open_file_t *file = NULL;
- int fd, result;
+ int fd;
+ ssize_t result;
fd = start_writing_to_file(fname, open_flags, 0600, &file);
if (fd<0)
return -1;
@@ -1901,7 +1902,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
int fd; /* router file */
struct stat statbuf;
char *string;
- int r;
+ ssize_t r;
int bin = flags & RFTS_BIN;
tor_assert(filename);
@@ -1960,7 +1961,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
* match for size. */
int save_errno = errno;
log_warn(LD_FS,"Could read only %d of %ld bytes of file \"%s\".",
- r, (long)statbuf.st_size,filename);
+ (int)r, (long)statbuf.st_size,filename);
tor_free(string);
close(fd);
errno = save_errno;
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index d78981e09b..4b5ba62fa2 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -527,9 +527,16 @@ inform_testing_reachability(void)
routerinfo_t *me = router_get_my_routerinfo();
if (!me)
return 0;
- if (me->dir_port)
+ control_event_server_status(LOG_NOTICE,
+ "CHECKING_REACHABILITY ORADDRESS=%s:%d",
+ me->address, me->or_port);
+ if (me->dir_port) {
tor_snprintf(dirbuf, sizeof(dirbuf), " and DirPort %s:%d",
me->address, me->dir_port);
+ control_event_server_status(LOG_NOTICE,
+ "CHECKING_REACHABILITY DIRADDRESS=%s:%d",
+ me->address, me->dir_port);
+ }
log(LOG_NOTICE, LD_OR, "Now checking whether ORPort %s:%d%s %s reachable... "
"(this may take up to %d minutes -- look for log "
"messages indicating success)",
@@ -537,6 +544,7 @@ inform_testing_reachability(void)
me->dir_port ? dirbuf : "",
me->dir_port ? "are" : "is",
TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT/60);
+
return 1;
}
@@ -1436,13 +1444,16 @@ choose_good_exit_server(uint8_t purpose, routerlist_t *dir,
/** Log a warning if the user specified an exit for the circuit that
* has been excluded from use by ExcludeNodes or ExcludeExitNodes. */
static void
-warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
+warn_if_last_router_excluded(origin_circuit_t *circ, const extend_info_t *exit)
{
or_options_t *options = get_options();
routerset_t *rs = options->ExcludeNodes;
const char *description;
- int severity;
int domain = LD_CIRC;
+ uint8_t purpose = circ->_base.purpose;
+
+ if (circ->build_state->onehop_tunnel)
+ return;
switch (purpose)
{
@@ -1455,48 +1466,40 @@ warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
(int)purpose);
return;
case CIRCUIT_PURPOSE_C_GENERAL:
+ if (circ->build_state->is_internal)
+ return;
description = "Requested exit node";
rs = options->_ExcludeExitNodesUnion;
- severity = LOG_WARN;
break;
case CIRCUIT_PURPOSE_C_INTRODUCING:
case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
case CIRCUIT_PURPOSE_C_INTRODUCE_ACKED:
- description = "Introduction point for hidden service";
- severity = LOG_INFO;
- break;
+ case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
+ case CIRCUIT_PURPOSE_S_CONNECT_REND:
+ case CIRCUIT_PURPOSE_S_REND_JOINED:
+ case CIRCUIT_PURPOSE_TESTING:
+ return;
case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
case CIRCUIT_PURPOSE_C_REND_READY:
case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
case CIRCUIT_PURPOSE_C_REND_JOINED:
description = "Chosen rendezvous point";
- severity = LOG_WARN;
domain = LD_BUG;
break;
- case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
- description = "Chosen introduction point";
- severity = LOG_INFO;
- break;
- case CIRCUIT_PURPOSE_S_CONNECT_REND:
- case CIRCUIT_PURPOSE_S_REND_JOINED:
- description = "Client-selected rendezvous point";
- severity = LOG_INFO;
- break;
- case CIRCUIT_PURPOSE_TESTING:
- description = "Target for testing circuit";
- severity = LOG_INFO;
- break;
case CIRCUIT_PURPOSE_CONTROLLER:
rs = options->_ExcludeExitNodesUnion;
description = "Controller-selected circuit target";
- severity = LOG_WARN;
break;
}
- if (routerset_contains_extendinfo(rs, exit))
- log_fn(severity, domain, "%s '%s' is in ExcludeNodes%s. Using anyway.",
+ if (routerset_contains_extendinfo(rs, exit)) {
+ log_fn(LOG_WARN, domain, "%s '%s' is in ExcludeNodes%s. Using anyway "
+ "(circuit purpose %d).",
description,exit->nickname,
- rs==options->ExcludeNodes?"":" or ExcludeExitNodes.");
+ rs==options->ExcludeNodes?"":" or ExcludeExitNodes",
+ (int)purpose);
+ circuit_log_path(LOG_WARN, domain, circ);
+ }
return;
}
@@ -1521,7 +1524,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit)
}
if (exit) { /* the circuit-builder pre-requested one */
- warn_if_last_router_excluded(circ->_base.purpose, exit);
+ warn_if_last_router_excluded(circ, exit);
log_info(LD_CIRC,"Using requested exit node '%s'", exit->nickname);
exit = extend_info_dup(exit);
} else { /* we have to decide one */
@@ -1568,6 +1571,7 @@ int
circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit)
{
int err_reason = 0;
+ warn_if_last_router_excluded(circ, exit);
circuit_append_new_exit(circ, exit);
circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_BUILDING);
if ((err_reason = circuit_send_next_onion_skin(circ))<0) {
@@ -1825,7 +1829,7 @@ onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice)
hop->extend_info = extend_info_dup(choice);
- hop->package_window = CIRCWINDOW_START;
+ hop->package_window = circuit_initial_package_window();
hop->deliver_window = CIRCWINDOW_START;
return 0;
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 252eaf9f8e..5918bdd7ae 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -361,6 +361,19 @@ circuit_purpose_to_controller_string(uint8_t purpose)
}
}
+/** Pick a reasonable package_window to start out for our circuits.
+ * Originally this was hard-coded at 1000, but now the consensus votes
+ * on the answer. See proposal 168. */
+int32_t
+circuit_initial_package_window(void)
+{
+ int32_t num = networkstatus_get_param(NULL, "circwindow", CIRCWINDOW_START);
+ /* If the consensus tells us a negative number, we'd assert. */
+ if (num < 0)
+ num = CIRCWINDOW_START;
+ return num;
+}
+
/** Initialize the common elements in a circuit_t, and add it to the global
* list. */
static void
@@ -368,7 +381,7 @@ init_circuit_base(circuit_t *circ)
{
circ->timestamp_created = time(NULL);
- circ->package_window = CIRCWINDOW_START;
+ circ->package_window = circuit_initial_package_window();
circ->deliver_window = CIRCWINDOW_START;
circuit_add(circ);
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 6a54c34397..3acc0e9a74 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -724,17 +724,12 @@ circuit_testing_opened(origin_circuit_t *circ)
static void
circuit_testing_failed(origin_circuit_t *circ, int at_last_hop)
{
- routerinfo_t *me = router_get_my_routerinfo();
if (server_mode(get_options()) && check_whether_orport_reachable())
return;
- if (!me)
- return;
log_info(LD_GENERAL,
"Our testing circuit (to see if your ORPort is reachable) "
"has failed. I'll try again later.");
- control_event_server_status(LOG_WARN, "REACHABILITY_FAILED ORADDRESS=%s:%d",
- me->address, me->or_port);
/* These aren't used yet. */
(void)circ;
diff --git a/src/or/command.c b/src/or/command.c
index c36874be5c..67e463723f 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -575,7 +575,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
/* Consider all the other addresses; if any matches, this connection is
* "canonical." */
tor_addr_t addr;
- const char *next = decode_address_from_payload(&addr, cp, end-cp);
+ const char *next = decode_address_from_payload(&addr, cp, (int)(end-cp));
if (next == NULL) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Bad address in netinfo cell; closing connection.");
@@ -610,9 +610,11 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
conn->_base.address, (int)conn->_base.port,
apparent_skew>0 ? "ahead" : "behind", dbuf,
apparent_skew>0 ? "behind" : "ahead");
- control_event_general_status(LOG_WARN,
- "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
- apparent_skew, conn->_base.address, conn->_base.port);
+ if (severity == LOG_WARN) /* only tell the controller if an authority */
+ control_event_general_status(LOG_WARN,
+ "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
+ apparent_skew,
+ conn->_base.address, conn->_base.port);
}
/* XXX maybe act on my_apparent_addr, if the source is sufficiently
diff --git a/src/or/config.c b/src/or/config.c
index 3f45b1e5e2..4e2a1765dc 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -904,14 +904,14 @@ add_default_trusted_dir_authorities(authority_type_t type)
int i;
const char *dirservers[] = {
"moria1 v1 orport=9001 v3ident=E2A2AF570166665D738736D0DD58169CC61D8A8B "
- "128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
+ "128.31.0.39:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
"moria2 v1 orport=9002 128.31.0.34:9032 "
"719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
"tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
"86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
"dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
"194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
- "Tonga orport=443 bridge no-v2 82.94.251.206:80 "
+ "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
"4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
"ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
"216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
@@ -921,6 +921,8 @@ add_default_trusted_dir_authorities(authority_type_t type)
"dannenberg orport=443 no-v2 "
"v3ident=585769C78764D58426B8B52B6651A5A71137189A "
"213.73.91.31:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
+ "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
+ "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
NULL
};
for (i=0; dirservers[i]; i++) {
@@ -1224,26 +1226,29 @@ options_need_geoip_info(or_options_t *options, const char **reason_out)
/** Return the bandwidthrate that we are going to report to the authorities
* based on the config options. */
-int
+uint32_t
get_effective_bwrate(or_options_t *options)
{
- int bw = (int)options->BandwidthRate;
+ uint64_t bw = options->BandwidthRate;
if (bw > options->MaxAdvertisedBandwidth)
- bw = (int)options->MaxAdvertisedBandwidth;
+ bw = options->MaxAdvertisedBandwidth;
if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate)
- bw = (int)options->RelayBandwidthRate;
- return bw;
+ bw = options->RelayBandwidthRate;
+
+ /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
+ return (uint32_t)bw;
}
/** Return the bandwidthburst that we are going to report to the authorities
* based on the config options. */
-int
+uint32_t
get_effective_bwburst(or_options_t *options)
{
- int bw = (int)options->BandwidthBurst;
+ uint64_t bw = options->BandwidthBurst;
if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst)
- bw = (int)options->RelayBandwidthBurst;
- return bw;
+ bw = options->RelayBandwidthBurst;
+ /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
+ return (uint32_t)bw;
}
/** Fetch the active option list, and take actions based on it. All of the
@@ -2499,7 +2504,8 @@ is_local_addr(const tor_addr_t *addr)
* the same /24 as last_resolved_addr will be the same as checking whether
* it was on net 0, which is already done by is_internal_IP.
*/
- if ((last_resolved_addr & 0xffffff00ul) == (ip & 0xffffff00ul))
+ if ((last_resolved_addr & (uint32_t)0xffffff00ul)
+ == (ip & (uint32_t)0xffffff00ul))
return 1;
}
return 0;
@@ -4182,7 +4188,7 @@ options_init_from_string(const char *cf,
err:
config_free(&options_format, newoptions);
if (*msg) {
- int len = strlen(*msg)+256;
+ int len = (int)strlen(*msg)+256;
char *newmsg = tor_malloc(len);
tor_snprintf(newmsg, len, "Failed to parse/validate config: %s", *msg);
diff --git a/src/or/control.c b/src/or/control.c
index 90c99fd51a..5688b8e71f 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -1789,7 +1789,11 @@ getinfo_helper_events(control_connection_t *control_conn,
*answer = tor_strdup(has_completed_circuit ? "1" : "0");
} else if (!strcmp(question, "status/enough-dir-info")) {
*answer = tor_strdup(router_have_minimum_dir_info() ? "1" : "0");
- } else if (!strcmp(question, "status/good-server-descriptor")) {
+ } else if (!strcmp(question, "status/good-server-descriptor") ||
+ !strcmp(question, "status/accepted-server-descriptor")) {
+ /* They're equivalent for now, until we can figure out how to make
+ * good-server-descriptor be what we want. See comment in
+ * control-spec.txt. */
*answer = tor_strdup(directories_have_accepted_server_descriptor()
? "1" : "0");
} else if (!strcmp(question, "status/reachability-succeeded/or")) {
@@ -2597,7 +2601,7 @@ handle_control_resolve(control_connection_t *conn, uint32_t len,
int is_reverse = 0;
(void) len; /* body is nul-terminated; it's safe to ignore the length */
- if (!(conn->event_mask & (1L<<EVENT_ADDRMAP))) {
+ if (!(conn->event_mask & ((uint32_t)1L<<EVENT_ADDRMAP))) {
log_warn(LD_CONTROL, "Controller asked us to resolve an address, but "
"isn't listening for ADDRMAP events. It probably won't see "
"the answer.");
diff --git a/src/or/directory.c b/src/or/directory.c
index 4ab2633022..5b8637a39d 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -554,11 +554,6 @@ void
connection_dir_request_failed(dir_connection_t *conn)
{
if (directory_conn_is_self_reachability_test(conn)) {
- routerinfo_t *me = router_get_my_routerinfo();
- if (me)
- control_event_server_status(LOG_WARN,
- "REACHABILITY_FAILED DIRADDRESS=%s:%d",
- me->address, me->dir_port);
return; /* this was a test fetch. don't retry. */
}
if (entry_list_can_grow(get_options()))
@@ -877,7 +872,7 @@ static char *
directory_get_consensus_url(int supports_conditional_consensus)
{
char *url;
- int len;
+ size_t len;
if (supports_conditional_consensus) {
char *authority_id_list;
@@ -2347,7 +2342,7 @@ client_likes_consensus(networkstatus_t *v, const char *want_url)
need_at_least = smartlist_len(want_authorities)/2+1;
SMARTLIST_FOREACH(want_authorities, const char *, d, {
char want_digest[DIGEST_LEN];
- int want_len = strlen(d)/2;
+ size_t want_len = strlen(d)/2;
if (want_len > DIGEST_LEN)
want_len = DIGEST_LEN;
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index a64a01bb80..349e383ab5 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -652,8 +652,8 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
/** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
* the list of server descriptors. Set *<b>msg</b> to a message that should be
- * passed back to the origin of this descriptor. Use <b>source</b> to produce
- * better log messages.
+ * passed back to the origin of this descriptor, or NULL if there is no such
+ * message. Use <b>source</b> to produce better log messages.
*
* Return the status of the operation
*
@@ -667,6 +667,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
routerinfo_t *ri_old;
char *desc, *nickname;
size_t desclen = 0;
+ *msg = NULL;
/* If it's too big, refuse it now. Otherwise we'll cache it all over the
* network and it'll clog everything up. */
@@ -718,7 +719,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
log_info(LD_DIRSERV,
"Did not add descriptor from '%s' (source: %s): %s.",
- nickname, source, *msg);
+ nickname, source, *msg ? *msg : "(no message)");
} else {
smartlist_t *changed;
control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
diff --git a/src/or/eventdns.c b/src/or/eventdns.c
index 4ae17a40c3..a889e803ed 100644
--- a/src/or/eventdns.c
+++ b/src/or/eventdns.c
@@ -2385,7 +2385,7 @@ out1:
/* exported function */
int
-evdns_nameserver_add(unsigned long int address) {
+evdns_nameserver_add(uint32_t address) {
struct sockaddr_in sin;
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
@@ -2416,13 +2416,13 @@ evdns_nameserver_ip_add(const char *ip_as_string) {
cp = strchr(ip_as_string, ':');
if (*ip_as_string == '[') {
- int len;
+ size_t len;
if (!(cp = strchr(ip_as_string, ']'))) {
log(EVDNS_LOG_DEBUG, "Nameserver missing closing ]");
return 4;
}
len = cp-(ip_as_string + 1);
- if (len > (int)sizeof(buf)-1) {
+ if (len > sizeof(buf)-1) {
log(EVDNS_LOG_DEBUG, "[Nameserver] does not fit in buffer.");
return 4;
}
diff --git a/src/or/eventdns.h b/src/or/eventdns.h
index 734bacf2d2..bf3b64d08a 100644
--- a/src/or/eventdns.h
+++ b/src/or/eventdns.h
@@ -112,7 +112,7 @@
*
* API reference:
*
- * int evdns_nameserver_add(unsigned long int address)
+ * int evdns_nameserver_add(uint32_t address)
* Add a nameserver. The address should be an IP address in
* network byte order. The type of address is chosen so that
* it matches in_addr.s_addr.
@@ -258,7 +258,7 @@ typedef void (*evdns_callback_type) (int result, char type, int count, int ttl,
int evdns_init(void);
void evdns_shutdown(int fail_requests);
const char *evdns_err_to_string(int err);
-int evdns_nameserver_add(unsigned long int address);
+int evdns_nameserver_add(uint32_t address);
int evdns_count_nameservers(void);
int evdns_clear_nameservers_and_suspend(void);
int evdns_resume(void);
diff --git a/src/or/main.c b/src/or/main.c
index 60c42aaae3..ca09af0561 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -1185,17 +1185,26 @@ second_elapsed_callback(int fd, short event, void *args)
TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
/* every 20 minutes, check and complain if necessary */
routerinfo_t *me = router_get_my_routerinfo();
- if (me && !check_whether_orport_reachable())
+ if (me && !check_whether_orport_reachable()) {
log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that "
"its ORPort is reachable. Please check your firewalls, ports, "
"address, /etc/hosts file, etc.",
me->address, me->or_port);
- if (me && !check_whether_dirport_reachable())
+ control_event_server_status(LOG_WARN,
+ "REACHABILITY_FAILED ORADDRESS=%s:%d",
+ me->address, me->or_port);
+ }
+
+ if (me && !check_whether_dirport_reachable()) {
log_warn(LD_CONFIG,
"Your server (%s:%d) has not managed to confirm that its "
"DirPort is reachable. Please check your firewalls, ports, "
"address, /etc/hosts file, etc.",
me->address, me->dir_port);
+ control_event_server_status(LOG_WARN,
+ "REACHABILITY_FAILED DIRADDRESS=%s:%d",
+ me->address, me->dir_port);
+ }
}
/** If more than this many seconds have elapsed, probably the clock
@@ -1599,7 +1608,7 @@ dumpstats(int severity)
{
time_t now = time(NULL);
time_t elapsed;
- int rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
+ size_t rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
log(severity, LD_GENERAL, "Dumping stats:");
@@ -1635,7 +1644,7 @@ dumpstats(int severity)
log(severity, LD_GENERAL,
"Conn %d: %d/%d bytes used on OpenSSL read buffer; "
"%d/%d bytes used on write buffer.",
- i, rbuf_len, rbuf_cap, wbuf_len, wbuf_cap);
+ i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap);
}
}
}
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 573197a53f..f4a0761f7b 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -286,6 +286,10 @@ networkstatus_vote_free(networkstatus_t *ns)
SMARTLIST_FOREACH(ns->known_flags, char *, c, tor_free(c));
smartlist_free(ns->known_flags);
}
+ if (ns->net_params) {
+ SMARTLIST_FOREACH(ns->net_params, char *, c, tor_free(c));
+ smartlist_free(ns->net_params);
+ }
if (ns->supported_methods) {
SMARTLIST_FOREACH(ns->supported_methods, char *, c, tor_free(c));
smartlist_free(ns->supported_methods);
@@ -1884,6 +1888,37 @@ networkstatus_dump_bridge_status_to_file(time_t now)
tor_free(status);
}
+/** Return the value of a integer parameter from the networkstatus <b>ns</b>
+ * whose name is <b>param_name</b>. If <b>ns</b> is NULL, try loading the
+ * latest consensus ourselves. Return <b>default_val</b> if no latest
+ * consensus, or if it has no parameter called <b>param_name</b>. */
+int32_t
+networkstatus_get_param(networkstatus_t *ns, const char *param_name,
+ int32_t default_val)
+{
+ size_t name_len;
+
+ if (!ns) /* if they pass in null, go find it ourselves */
+ ns = networkstatus_get_latest_consensus();
+
+ if (!ns || !ns->net_params)
+ return default_val;
+
+ name_len = strlen(param_name);
+
+ SMARTLIST_FOREACH_BEGIN(ns->net_params, const char *, p) {
+ if (!strcmpstart(p, param_name) && p[name_len] == '=') {
+ int ok=0;
+ long v = tor_parse_long(p+name_len+1, 10, INT32_MIN, INT32_MAX, &ok,
+ NULL);
+ if (ok)
+ return (int32_t) v;
+ }
+ } SMARTLIST_FOREACH_END(p);
+
+ return default_val;
+}
+
/** If <b>question</b> is a string beginning with "ns/" in a format the
* control interface expects for a GETINFO question, set *<b>answer</b> to a
* newly-allocated string containing networkstatus lines for the appropriate
diff --git a/src/or/or.h b/src/or/or.h
index 1dcff28d6d..ae65127e36 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1655,6 +1655,10 @@ typedef struct networkstatus_t {
* not listed here, the voter has no opinion on what its value should be. */
smartlist_t *known_flags;
+ /** List of key=value strings for the parameters in this vote or
+ * consensus, sorted by key. */
+ smartlist_t *net_params;
+
/** List of networkstatus_voter_info_t. For a vote, only one element
* is included. For a consensus, one element is included for every voter
* whose vote contributed to the consensus. */
@@ -1849,9 +1853,9 @@ typedef struct crypt_path_t {
struct crypt_path_t *prev; /**< Link to previous crypt_path_t in the
* circuit. */
- int package_window; /**< How many bytes are we allowed to originate ending
+ int package_window; /**< How many cells are we allowed to originate ending
* at this step? */
- int deliver_window; /**< How many bytes are we willing to deliver originating
+ int deliver_window; /**< How many cells are we willing to deliver originating
* at this step? */
} crypt_path_t;
@@ -2785,6 +2789,7 @@ void circuit_set_n_circid_orconn(circuit_t *circ, circid_t id,
or_connection_t *conn);
void circuit_set_state(circuit_t *circ, uint8_t state);
void circuit_close_all_marked(void);
+int32_t circuit_initial_package_window(void);
origin_circuit_t *origin_circuit_new(void);
or_circuit_t *or_circuit_new(circid_t p_circ_id, or_connection_t *p_conn);
circuit_t *circuit_get_by_circid_orconn(circid_t circ_id,
@@ -2926,8 +2931,8 @@ int options_need_geoip_info(or_options_t *options, const char **reason_out);
int getinfo_helper_config(control_connection_t *conn,
const char *question, char **answer);
-int get_effective_bwrate(or_options_t *options);
-int get_effective_bwburst(or_options_t *options);
+uint32_t get_effective_bwrate(or_options_t *options);
+uint32_t get_effective_bwburst(or_options_t *options);
#ifdef CONFIG_PRIVATE
/* Used only by config.c and test.c */
@@ -3570,9 +3575,9 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
authority_cert_t *cert);
#ifdef DIRVOTE_PRIVATE
-char *
-format_networkstatus_vote(crypto_pk_env_t *private_key,
- networkstatus_t *v3_ns);
+char *format_networkstatus_vote(crypto_pk_env_t *private_key,
+ networkstatus_t *v3_ns);
+char *dirvote_compute_params(smartlist_t *votes);
#endif
/********************************* dns.c ***************************/
@@ -3787,6 +3792,8 @@ void signed_descs_update_status_from_consensus_networkstatus(
char *networkstatus_getinfo_helper_single(routerstatus_t *rs);
char *networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now);
void networkstatus_dump_bridge_status_to_file(time_t now);
+int32_t networkstatus_get_param(networkstatus_t *ns, const char *param_name,
+ int32_t default_val);
int getinfo_helper_networkstatus(control_connection_t *conn,
const char *question, char **answer);
void networkstatus_free_all(void);
diff --git a/src/or/relay.c b/src/or/relay.c
index 3419e3d190..b26c582b82 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1358,7 +1358,7 @@ connection_edge_consider_sending_sendme(edge_connection_t *conn)
return;
}
- while (conn->deliver_window < STREAMWINDOW_START - STREAMWINDOW_INCREMENT) {
+ while (conn->deliver_window <= STREAMWINDOW_START - STREAMWINDOW_INCREMENT) {
log_debug(conn->cpath_layer?LD_APP:LD_EXIT,
"Outbuf %d, Queuing stream sendme.",
(int)conn->_base.outbuf_flushlen);
@@ -1472,7 +1472,7 @@ circuit_consider_sending_sendme(circuit_t *circ, crypt_path_t *layer_hint)
{
// log_fn(LOG_INFO,"Considering: layer_hint is %s",
// layer_hint ? "defined" : "null");
- while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <
+ while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <=
CIRCWINDOW_START - CIRCWINDOW_INCREMENT) {
log_debug(LD_CIRC,"Queuing circuit sendme.");
if (layer_hint)
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index a5d7c1016e..47a8818a50 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -94,9 +94,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
}
});
if (!intro_key) {
+ /** XXX This case probably means that the intro point vanished while
+ * we were building a circuit to it. In the future, we should find
+ * out how that happened and whether we should kill the circuits to
+ * removed intro points immediately. See task 1073. */
+ int num_intro_points = smartlist_len(entry->parsed->intro_nodes);
if (rend_cache_lookup_entry(introcirc->rend_data->onion_address,
0, &entry) > 0) {
- log_warn(LD_BUG, "We have both a v0 and a v2 rend desc for this "
+ log_info(LD_REND, "We have both a v0 and a v2 rend desc for this "
"service. The v2 desc doesn't contain the introduction "
"point (and key) to send an INTRODUCE1/2 cell to this "
"introduction point. Assuming the introduction point "
@@ -107,9 +112,9 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
/* See flyspray task 1024. */
intro_key = entry->parsed->pk;
} else {
- log_warn(LD_BUG, "Internal error: could not find intro key; we "
+ log_info(LD_REND, "Internal error: could not find intro key; we "
"only have a v2 rend desc with %d intro points.",
- smartlist_len(entry->parsed->intro_nodes));
+ num_intro_points);
goto err;
}
}
@@ -146,7 +151,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
REND_DESC_COOKIE_LEN);
v3_shift += 2+REND_DESC_COOKIE_LEN;
}
- set_uint32(tmp+v3_shift+1, htonl(time(NULL)));
+ set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
v3_shift += 4;
} /* if version 2 only write version number */
else if (entry->parsed->protocols & (1<<2)) {
@@ -698,7 +703,7 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
/* set the windows to default. these are the windows
* that alice thinks bob has.
*/
- hop->package_window = CIRCWINDOW_START;
+ hop->package_window = circuit_initial_package_window();
hop->deliver_window = CIRCWINDOW_START;
onion_append_to_cpath(&circ->cpath, hop);
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 2fd041d33e..d2868b738d 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1011,13 +1011,12 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
}
/* Check timestamp. */
- memcpy((char*)&ts, buf+1+v3_shift, sizeof(uint32_t));
+ ts = ntohl(get_uint32(buf+1+v3_shift));
v3_shift += 4;
- ts = ntohl(ts);
if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
(now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
- (now - ts) < 0 ? "old" : "new");
+ (now - ts) < 0 ? "old" : "new");
return -1;
}
}
@@ -1557,7 +1556,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
/* set the windows to default. these are the windows
* that bob thinks alice has.
*/
- hop->package_window = CIRCWINDOW_START;
+ hop->package_window = circuit_initial_package_window();
hop->deliver_window = CIRCWINDOW_START;
onion_append_to_cpath(&circuit->cpath, hop);
diff --git a/src/or/router.c b/src/or/router.c
index 859a1e805a..fcfbe79112 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -544,7 +544,7 @@ init_keys(void)
/* Must be called after keys are initialized. */
mydesc = router_get_my_descriptor();
if (authdir_mode(options)) {
- const char *m;
+ const char *m = NULL;
routerinfo_t *ri;
/* We need to add our own fingerprint so it gets recognized. */
if (dirserv_add_own_fingerprint(options->Nickname, get_identity_key())) {
@@ -770,9 +770,6 @@ consider_testing_reachability(int test_or, int test_dir)
me->address, me->or_port);
circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me,
CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL);
- control_event_server_status(LOG_NOTICE,
- "CHECKING_REACHABILITY ORADDRESS=%s:%d",
- me->address, me->or_port);
}
tor_addr_from_ipv4h(&addr, me->addr);
@@ -788,10 +785,6 @@ consider_testing_reachability(int test_or, int test_dir)
DIR_PURPOSE_FETCH_SERVERDESC,
ROUTER_PURPOSE_GENERAL,
1, "authority.z", NULL, 0, 0);
-
- control_event_server_status(LOG_NOTICE,
- "CHECKING_REACHABILITY DIRADDRESS=%s:%d",
- me->address, me->dir_port);
}
}
@@ -807,8 +800,11 @@ router_orport_found_reachable(void)
" Publishing server descriptor." : "");
can_reach_or_port = 1;
mark_my_descriptor_dirty();
- if (!me)
+ if (!me) { /* should never happen */
+ log_warn(LD_BUG, "ORPort found reachable, but I have no routerinfo "
+ "yet. Failing to inform controller of success.");
return;
+ }
control_event_server_status(LOG_NOTICE,
"REACHABILITY_SUCCEEDED ORADDRESS=%s:%d",
me->address, me->or_port);
@@ -826,8 +822,11 @@ router_dirport_found_reachable(void)
can_reach_dir_port = 1;
if (!me || decide_to_advertise_dirport(get_options(), me->dir_port))
mark_my_descriptor_dirty();
- if (!me)
+ if (!me) { /* should never happen */
+ log_warn(LD_BUG, "DirPort found reachable, but I have no routerinfo "
+ "yet. Failing to inform controller of success.");
return;
+ }
control_event_server_status(LOG_NOTICE,
"REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d",
me->address, me->dir_port);
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 8021158e31..4e1d0cd592 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -77,6 +77,7 @@ typedef enum {
K_VOTING_DELAY,
K_KNOWN_FLAGS,
+ K_PARAMS,
K_VOTE_DIGEST,
K_CONSENSUS_DIGEST,
K_CONSENSUS_METHODS,
@@ -383,6 +384,7 @@ static token_rule_t networkstatus_token_table[] = {
T1("valid-until", K_VALID_UNTIL, CONCAT_ARGS, NO_OBJ ),
T1("voting-delay", K_VOTING_DELAY, GE(2), NO_OBJ ),
T1("known-flags", K_KNOWN_FLAGS, ARGS, NO_OBJ ),
+ T01("params", K_PARAMS, ARGS, NO_OBJ ),
T( "fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
CERTIFICATE_MEMBERS
@@ -420,6 +422,7 @@ static token_rule_t networkstatus_consensus_token_table[] = {
T01("client-versions", K_CLIENT_VERSIONS, CONCAT_ARGS, NO_OBJ ),
T01("server-versions", K_SERVER_VERSIONS, CONCAT_ARGS, NO_OBJ ),
T01("consensus-method", K_CONSENSUS_METHOD, EQ(1), NO_OBJ),
+ T01("params", K_PARAMS, ARGS, NO_OBJ ),
END_OF_TABLE
};
@@ -1917,8 +1920,9 @@ routerstatus_parse_entry_from_string(memarea_t *area,
for (i=0; i < tok->n_args; ++i) {
if (!strcmpstart(tok->args[i], "Bandwidth=")) {
int ok;
- rs->bandwidth = tor_parse_ulong(strchr(tok->args[i], '=')+1, 10,
- 0, UINT32_MAX, &ok, NULL);
+ rs->bandwidth = (uint32_t)tor_parse_ulong(strchr(tok->args[i], '=')+1,
+ 10, 0, UINT32_MAX,
+ &ok, NULL);
if (!ok) {
log_warn(LD_DIR, "Invalid Bandwidth %s", escaped(tok->args[i]));
goto err;
@@ -2309,6 +2313,34 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
goto err;
}
+ tok = find_opt_by_keyword(tokens, K_PARAMS);
+ if (tok) {
+ inorder = 1;
+ ns->net_params = smartlist_create();
+ for (i = 0; i < tok->n_args; ++i) {
+ int ok=0;
+ char *eq = strchr(tok->args[i], '=');
+ if (!eq) {
+ log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
+ goto err;
+ }
+ tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL);
+ if (!ok) {
+ log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
+ goto err;
+ }
+ if (i > 0 && strcmp(tok->args[i-1], tok->args[i]) >= 0) {
+ log_warn(LD_DIR, "%s >= %s", tok->args[i-1], tok->args[i]);
+ inorder = 0;
+ }
+ smartlist_add(ns->net_params, tor_strdup(tok->args[i]));
+ }
+ if (!inorder) {
+ log_warn(LD_DIR, "params not in order");
+ goto err;
+ }
+ }
+
ns->voters = smartlist_create();
SMARTLIST_FOREACH_BEGIN(tokens, directory_token_t *, _tok) {
@@ -2508,6 +2540,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
} else {
if (tok->object_size >= INT_MAX)
goto err;
+ /* We already parsed a vote from this voter. Use the first one. */
+ if (v->signature) {
+ log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus "
+ "that contains two votes from the same voter. Ignoring "
+ "the second vote.");
+ continue;
+ }
+
v->signature = tor_memdup(tok->object_body, tok->object_size);
v->signature_len = (int) tok->object_size;
}
diff --git a/src/or/test.c b/src/or/test.c
index 7b7411e2f8..e06dd5951f 100644
--- a/src/or/test.c
+++ b/src/or/test.c
@@ -410,7 +410,7 @@ test_crypto_dh(void)
char p2[DH_BYTES];
char s1[DH_BYTES];
char s2[DH_BYTES];
- int s1len, s2len;
+ ssize_t s1len, s2len;
test_eq(crypto_dh_get_bytes(dh1), DH_BYTES);
test_eq(crypto_dh_get_bytes(dh2), DH_BYTES);
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index 4971668c9f..c7d9282076 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -70,7 +70,7 @@ show_help(void)
static void
crypto_log_errors(int severity, const char *doing)
{
- unsigned int err;
+ unsigned long err;
const char *msg, *lib, *func;
while ((err = ERR_get_error()) != 0) {
msg = (const char*)ERR_reason_error_string(err);
@@ -94,7 +94,7 @@ load_passphrase(void)
{
char *cp;
char buf[1024]; /* "Ought to be enough for anybody." */
- int n = read_all(passphrase_fd, buf, sizeof(buf), 0);
+ ssize_t n = read_all(passphrase_fd, buf, sizeof(buf), 0);
if (n < 0) {
log_err(LD_GENERAL, "Couldn't read from passphrase fd: %s",
strerror(errno));
diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c
index fe4e882416..f12c3d8dd3 100644
--- a/src/tools/tor-resolve.c
+++ b/src/tools/tor-resolve.c
@@ -51,7 +51,7 @@ static void usage(void) ATTR_NORETURN;
/** Set *<b>out</b> to a newly allocated SOCKS4a resolve request with
* <b>username</b> and <b>hostname</b> as provided. Return the number
* of bytes in the request. */
-static int
+static ssize_t
build_socks_resolve_request(char **out,
const char *username,
const char *hostname,
@@ -184,7 +184,7 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
int s;
struct sockaddr_in socksaddr;
char *req = NULL;
- int len = 0;
+ ssize_t len = 0;
tor_assert(hostname);
tor_assert(result_addr);
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 03e615850f..dc049bfdc7 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -226,6 +226,6 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.2.1.19"
+#define VERSION "0.2.1.20"