diff options
author | Nick Mathewson <nickm@torproject.org> | 2014-09-11 09:08:50 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2014-09-11 09:08:50 -0400 |
commit | 8e7ee0e2c0cff0fc28479ebe6eca60cfb0f4f980 (patch) | |
tree | 1823a8f2db0d49ac02df15c9dc105c00aa26e105 | |
parent | 351f245e2ad5c37dc8ebb4f03fcffe1018651e7e (diff) | |
parent | 6215ebb26676e3fa5d18ddce114f273d9a5dee2a (diff) | |
download | tor-8e7ee0e2c0cff0fc28479ebe6eca60cfb0f4f980.tar.gz tor-8e7ee0e2c0cff0fc28479ebe6eca60cfb0f4f980.zip |
Merge remote-tracking branch 'origin/maint-0.2.5' into release-0.2.5
-rw-r--r-- | changes/bug12160 | 4 | ||||
-rw-r--r-- | changes/bug12908 | 4 | ||||
-rw-r--r-- | changes/bug13096 | 4 | ||||
-rw-r--r-- | changes/bug13124 | 8 | ||||
-rw-r--r-- | src/or/channel.c | 17 | ||||
-rw-r--r-- | src/or/channel.h | 1 | ||||
-rw-r--r-- | src/or/channeltls.c | 64 | ||||
-rw-r--r-- | src/or/channeltls.h | 1 | ||||
-rw-r--r-- | src/or/config.c | 11 | ||||
-rw-r--r-- | src/or/connection_or.c | 9 | ||||
-rw-r--r-- | src/or/routerlist.c | 2 |
11 files changed, 120 insertions, 5 deletions
diff --git a/changes/bug12160 b/changes/bug12160 new file mode 100644 index 0000000000..2a7ace3410 --- /dev/null +++ b/changes/bug12160 @@ -0,0 +1,4 @@ + o Bugfixes + - Correctly update the local mark on the controlling channel when changing + the address of an or_connection_t after the handshake. Fixes bug #12160; + bugfix on 0.2.4.4-alpha. diff --git a/changes/bug12908 b/changes/bug12908 new file mode 100644 index 0000000000..bd6784cbd2 --- /dev/null +++ b/changes/bug12908 @@ -0,0 +1,4 @@ + o Minor features: + - Warn about attempts to run hidden services and relays in the + same process: that's probably not a good idea. Closes ticket + 12908. diff --git a/changes/bug13096 b/changes/bug13096 new file mode 100644 index 0000000000..521faaf143 --- /dev/null +++ b/changes/bug13096 @@ -0,0 +1,4 @@ + o Minor bugfixes (conformance): + - In routerlist_assert_ok(), don't take the address of a routerinfo's + cache_info member unless that routerinfo is non-NULL. Fixes bug + 13096; bugfix on 0.1.1.9-alpha. Patch by "teor". diff --git a/changes/bug13124 b/changes/bug13124 new file mode 100644 index 0000000000..be7df70347 --- /dev/null +++ b/changes/bug13124 @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Reduce the log severity of the "Pluggable transport proxy does + not provide any needed transports and will not be launched." + message, since Tor Browser includes several ClientTransportPlugin + lines in its torrc-defaults file, leading every Tor Browser user + who looks at her logs to see these notices and wonder if they're + dangerous. Resolves bug 13124; bugfix on 0.2.5.3-alpha. + diff --git a/src/or/channel.c b/src/or/channel.c index ffd68493d0..b2b670e4fb 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -3760,6 +3760,23 @@ channel_mark_local(channel_t *chan) } /** + * Mark a channel as remote + * + * This internal-only function should be called by the lower layer if the + * channel is not to a local address but has previously been marked local. + * See channel_is_local() above or the description of the is_local bit in + * channel.h + */ + +void +channel_mark_remote(channel_t *chan) +{ + tor_assert(chan); + + chan->is_local = 0; +} + +/** * Test outgoing flag * * This function gets the outgoing flag; this is the inverse of the incoming diff --git a/src/or/channel.h b/src/or/channel.h index 3e164c6892..148199235a 100644 --- a/src/or/channel.h +++ b/src/or/channel.h @@ -349,6 +349,7 @@ void channel_clear_remote_end(channel_t *chan); void channel_mark_local(channel_t *chan); void channel_mark_incoming(channel_t *chan); void channel_mark_outgoing(channel_t *chan); +void channel_mark_remote(channel_t *chan); void channel_set_identity_digest(channel_t *chan, const char *identity_digest); void channel_set_remote_end(channel_t *chan, diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 632bc328b7..245e33583b 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -156,7 +156,18 @@ channel_tls_connect(const tor_addr_t *addr, uint16_t port, tlschan, U64_PRINTF_ARG(chan->global_identifier)); - if (is_local_addr(addr)) channel_mark_local(chan); + if (is_local_addr(addr)) { + log_debug(LD_CHANNEL, + "Marking new outgoing channel " U64_FORMAT " at %p as local", + U64_PRINTF_ARG(chan->global_identifier), chan); + channel_mark_local(chan); + } else { + log_debug(LD_CHANNEL, + "Marking new outgoing channel " U64_FORMAT " at %p as remote", + U64_PRINTF_ARG(chan->global_identifier), chan); + channel_mark_remote(chan); + } + channel_mark_outgoing(chan); /* Set up or_connection stuff */ @@ -286,7 +297,18 @@ channel_tls_handle_incoming(or_connection_t *orconn) tlschan->conn = orconn; orconn->chan = tlschan; - if (is_local_addr(&(TO_CONN(orconn)->addr))) channel_mark_local(chan); + if (is_local_addr(&(TO_CONN(orconn)->addr))) { + log_debug(LD_CHANNEL, + "Marking new incoming channel " U64_FORMAT " at %p as local", + U64_PRINTF_ARG(chan->global_identifier), chan); + channel_mark_local(chan); + } else { + log_debug(LD_CHANNEL, + "Marking new incoming channel " U64_FORMAT " at %p as remote", + U64_PRINTF_ARG(chan->global_identifier), chan); + channel_mark_remote(chan); + } + channel_mark_incoming(chan); /* Register it */ @@ -1209,6 +1231,44 @@ channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn) } /** + * Update channel marks after connection_or.c has changed an address + * + * This is called from connection_or_init_conn_from_address() after the + * connection's _base.addr or real_addr fields have potentially been changed + * so we can recalculate the local mark. Notably, this happens when incoming + * connections are reverse-proxied and we only learn the real address of the + * remote router by looking it up in the consensus after we finish the + * handshake and know an authenticated identity digest. + */ + +void +channel_tls_update_marks(or_connection_t *conn) +{ + channel_t *chan = NULL; + + tor_assert(conn); + tor_assert(conn->chan); + + chan = TLS_CHAN_TO_BASE(conn->chan); + + if (is_local_addr(&(TO_CONN(conn)->addr))) { + if (!channel_is_local(chan)) { + log_debug(LD_CHANNEL, + "Marking channel " U64_FORMAT " at %p as local", + U64_PRINTF_ARG(chan->global_identifier), chan); + channel_mark_local(chan); + } + } else { + if (channel_is_local(chan)) { + log_debug(LD_CHANNEL, + "Marking channel " U64_FORMAT " at %p as remote", + U64_PRINTF_ARG(chan->global_identifier), chan); + channel_mark_remote(chan); + } + } +} + +/** * Check if this cell type is allowed before the handshake is finished * * Return true if <b>command</b> is a cell command that's allowed to start a diff --git a/src/or/channeltls.h b/src/or/channeltls.h index b4a7e2beac..c872a09d79 100644 --- a/src/or/channeltls.h +++ b/src/or/channeltls.h @@ -49,6 +49,7 @@ void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan, uint8_t state); void channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn); +void channel_tls_update_marks(or_connection_t *conn); /* Cleanup at shutdown */ void channel_tls_free_all(void); diff --git a/src/or/config.c b/src/or/config.c index 921503b4b9..31a3586256 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2564,6 +2564,13 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("Can't use a relative path to torrc when RunAsDaemon is set."); #endif + if (server_mode(options) && options->RendConfigLines) + log_warn(LD_CONFIG, + "Tor is currently configured as a relay and a hidden service. " + "That's not very secure: you should probably run your hidden service " + "in a separate Tor process, at least -- see " + "https://trac.torproject.org/8742"); + /* XXXX require that the only port not be DirPort? */ /* XXXX require that at least one port be listened-upon. */ if (n_ports == 0 && !options->RendConfigLines) @@ -4820,8 +4827,8 @@ parse_client_transport_line(const or_options_t *options, if (is_managed) { /* managed */ if (!validate_only && is_useless_proxy) { - log_notice(LD_GENERAL, "Pluggable transport proxy (%s) does not provide " - "any needed transports and will not be launched.", line); + log_info(LD_GENERAL, "Pluggable transport proxy (%s) does not provide " + "any needed transports and will not be launched.", line); } /* If we are not just validating, use the rest of the line as the diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 16f87349fc..c372270b4c 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -923,6 +923,15 @@ connection_or_init_conn_from_address(or_connection_t *conn, tor_free(conn->base_.address); conn->base_.address = tor_dup_addr(addr); } + + /* + * We have to tell channeltls.c to update the channel marks (local, in + * particular), since we may have changed the address. + */ + + if (conn->chan) { + channel_tls_update_marks(conn); + } } /** These just pass all the is_bad_for_new_circs manipulation on to diff --git a/src/or/routerlist.c b/src/or/routerlist.c index b5e924522e..32cbe19379 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -4938,7 +4938,7 @@ routerlist_assert_ok(const routerlist_t *rl) } SMARTLIST_FOREACH_END(r); SMARTLIST_FOREACH_BEGIN(rl->old_routers, signed_descriptor_t *, sd) { r2 = rimap_get(rl->identity_map, sd->identity_digest); - tor_assert(sd != &(r2->cache_info)); + tor_assert(!r2 || sd != &(r2->cache_info)); sd2 = sdmap_get(rl->desc_digest_map, sd->signed_descriptor_digest); tor_assert(sd == sd2); tor_assert(sd->routerlist_index == sd_sl_idx); |