diff options
113 files changed, 6199 insertions, 5604 deletions
diff --git a/.gitignore b/.gitignore index 7e421d8b8e..d33b79736d 100644 --- a/.gitignore +++ b/.gitignore @@ -38,6 +38,7 @@ uptime-*.json /Makefile /Makefile.in /aclocal.m4 +/ar-lib /autom4te.cache /build-stamp /compile @@ -94,11 +95,6 @@ uptime-*.json /doc/tor.html /doc/tor.html.in /doc/tor.1.xml -/doc/tor-fw-helper.1 -/doc/tor-fw-helper.1.in -/doc/tor-fw-helper.html -/doc/tor-fw-helper.html.in -/doc/tor-fw-helper.1.xml /doc/tor-gencert.1 /doc/tor-gencert.1.in /doc/tor-gencert.html @@ -218,12 +214,6 @@ uptime-*.json /src/trunnel/libor-trunnel-testing.a /src/trunnel/libor-trunnel.a -# /src/tools/tor-fw-helper/ -/src/tools/tor-fw-helper/tor-fw-helper -/src/tools/tor-fw-helper/tor-fw-helper.exe -/src/tools/tor-fw-helper/Makefile -/src/tools/tor-fw-helper/Makefile.in - # /src/win32/ /src/win32/Makefile /src/win32/Makefile.in @@ -1,3 +1,274 @@ +Changes in version 0.3.0.2-alpha - 2017-01-23 + Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could + cause relays and clients to crash, even if they were not built with + the --enable-expensive-hardening option. This bug affects all 0.2.9.x + versions, and also affects 0.3.0.1-alpha: all relays running an affected + version should upgrade. + + Tor 0.3.0.2-alpha also improves how exit relays and clients handle DNS + time-to-live values, makes directory authorities enforce the 1-to-1 + mapping of relay RSA identity keys to ED25519 identity keys, fixes a + client-side onion service reachability bug, does better at selecting + the set of fallback directories, and more. + + o Major bugfixes (security, also in 0.2.9.9): + - Downgrade the "-ftrapv" option from "always on" to "only on when + --enable-expensive-hardening is provided." This hardening option, like + others, can turn survivable bugs into crashes--and having it on by + default made a (relatively harmless) integer overflow bug into a + denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on + 0.2.9.1-alpha. + + o Major features (security): + - Change the algorithm used to decide DNS TTLs on client and server + side, to better resist DNS-based correlation attacks like the + DefecTor attack of Greschbach, Pulls, Roberts, Winter, and + Feamster. Now relays only return one of two possible DNS TTL + values, and clients are willing to believe DNS TTL values up to 3 + hours long. Closes ticket 19769. + + o Major features (directory authority, security): + - The default for AuthDirPinKeys is now 1: directory authorities + will reject relays where the RSA identity key matches a previously + seen value, but the Ed25519 key has changed. Closes ticket 18319. + + o Major bugfixes (client, guard, crash): + - In circuit_get_global_origin_list(), return the actual list of + origin circuits. The previous version of this code returned the + list of all the circuits, and could have caused strange bugs, + including possible crashes. Fixes bug 21118; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (client, onion service, also in 0.2.9.9): + - Fix a client-side onion service reachability bug, where multiple + socks requests to an onion service (or a single slow request) + could cause us to mistakenly mark some of the service's + introduction points as failed, and we cache that failure so + eventually we run out and can't reach the service. Also resolves a + mysterious "Remote server sent bogus reason code 65021" log + warning. The bug was introduced in ticket 17218, where we tried to + remember the circuit end reason as a uint16_t, which mangled + negative values. Partially fixes bug 21056 and fixes bug 20307; + bugfix on 0.2.8.1-alpha. + + o Major bugfixes (DNS): + - Fix a bug that prevented exit nodes from caching DNS records for + more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha. + + o Minor features (controller): + - Add "GETINFO sr/current" and "GETINFO sr/previous" keys, to expose + shared-random values to the controller. Closes ticket 19925. + + o Minor features (entry guards): + - Add UseEntryGuards to TEST_OPTIONS_DEFAULT_VALUES in order to not + break regression tests. + - Require UseEntryGuards when UseBridges is set, in order to make + sure bridges aren't bypassed. Resolves ticket 20502. + + o Minor features (fallback directories): + - Select 200 fallback directories for each release. Closes + ticket 20881. + - Allow 3 fallback relays per operator, which is safe now that we + are choosing 200 fallback relays. Closes ticket 20912. + - Exclude relays affected by bug 20499 from the fallback list. + Exclude relays from the fallback list if they are running versions + known to be affected by bug 20499, or if in our tests they deliver + a stale consensus (i.e. one that expired more than 24 hours ago). + Closes ticket 20539. + - Reduce the minimum fallback bandwidth to 1 MByte/s. Part of + ticket 18828. + - Require fallback directories to have the same address and port for + 7 days (now that we have enough relays with this stability). + Relays whose OnionOO stability timer is reset on restart by bug + 18050 should upgrade to Tor 0.2.8.7 or later, which has a fix for + this issue. Closes ticket 20880; maintains short-term fix + in 0.2.8.2-alpha. + - Require fallbacks to have flags for 90% of the time (weighted + decaying average), rather than 95%. This allows at least 73% of + clients to bootstrap in the first 5 seconds without contacting an + authority. Part of ticket 18828. + - Annotate updateFallbackDirs.py with the bandwidth and consensus + weight for each candidate fallback. Closes ticket 20878. + - Make it easier to change the output sort order of fallbacks. + Closes ticket 20822. + - Display the relay fingerprint when downloading consensuses from + fallbacks. Closes ticket 20908. + + o Minor features (geoip, also in 0.2.9.9): + - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 + Country database. + + o Minor features (next-gen onion service directories): + - Remove the "EnableOnionServicesV3" consensus parameter that we + introduced in 0.3.0.1-alpha: relays are now always willing to act + as v3 onion service directories. Resolves ticket 19899. + + o Minor features (linting): + - Enhance the changes file linter to warn on Tor versions that are + prefixed with "tor-". Closes ticket 21096. + + o Minor features (logging): + - In several places, describe unset ed25519 keys as "<unset>", + rather than the scary "AAAAAAAA...AAA". Closes ticket 21037. + + o Minor bugfix (control protocol): + - The reply to a "GETINFO config/names" request via the control + protocol now spells the type "Dependent" correctly. This is a + breaking change in the control protocol. (The field seems to be + ignored by the most common known controllers.) Fixes bug 18146; + bugfix on 0.1.1.4-alpha. + + o Minor bugfixes (bug resilience): + - Fix an unreachable size_t overflow in base64_decode(). Fixes bug + 19222; bugfix on 0.2.0.9-alpha. Found by Guido Vranken; fixed by + Hans Jerry Illikainen. + + o Minor bugfixes (build): + - Replace obsolete Autoconf macros with their modern equivalent and + prevent similar issues in the future. Fixes bug 20990; bugfix + on 0.1.0.1-rc. + + o Minor bugfixes (client, guards): + - Fix bug where Tor would think that there are circuits waiting for + better guards even though those circuits have been freed. Fixes + bug 21142; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (config): + - Don't assert on startup when trying to get the options list and + LearnCircuitBuildTimeout is set to 0: we are currently parsing the + options so of course they aren't ready yet. Fixes bug 21062; + bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (controller): + - Make the GETINFO interface for inquiring about entry guards + support the new guards backend. Fixes bug 20823; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (dead code): + - Remove a redundant check for PidFile changes at runtime in + options_transition_allowed(): this check is already performed + regardless of whether the sandbox is active. Fixes bug 21123; + bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (documentation): + - Update the tor manual page to document every option that can not + be changed while tor is running. Fixes bug 21122. + + o Minor bugfixes (fallback directories): + - Stop failing when a relay has no uptime data in + updateFallbackDirs.py. Fixes bug 20945; bugfix on 0.2.8.1-alpha. + - Avoid checking fallback candidates' DirPorts if they are down in + OnionOO. When a relay operator has multiple relays, this + prioritizes relays that are up over relays that are down. Fixes + bug 20926; bugfix on 0.2.8.3-alpha. + - Stop failing when OUTPUT_COMMENTS is True in updateFallbackDirs.py. + Fixes bug 20877; bugfix on 0.2.8.3-alpha. + + o Minor bugfixes (guards, bootstrapping): + - When connecting to a directory guard during bootstrap, do not mark + the guard as successful until we receive a good-looking directory + response from it. Fixes bug 20974; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (onion services): + - Fix the config reload pruning of old vs new services so it + actually works when both ephemeral and non-ephemeral services are + configured. Fixes bug 21054; bugfix on 0.3.0.1-alpha. + - Allow the number of introduction points to be as low as 0, rather + than as low as 3. Fixes bug 21033; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (IPv6): + - Make IPv6-using clients try harder to find an IPv6 directory + server. Fixes bug 20999; bugfix on 0.2.8.2-alpha. + - When IPv6 addresses have not been downloaded yet (microdesc + consensus documents don't list relay IPv6 addresses), use hard- + coded addresses for authorities, fallbacks, and configured + bridges. Now IPv6-only clients can use microdescriptors. Fixes bug + 20996; bugfix on b167e82 from 19608 in 0.2.8.5-alpha. + + o Minor bugfixes (memory leaks): + - Fix a memory leak when configuring hidden services. Fixes bug + 20987; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (portability, also in 0.2.9.9): + - Avoid crashing when Tor is built using headers that contain + CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel + without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix + on 0.2.9.1-alpha. + - Fix Libevent detection on platforms without Libevent 1 headers + installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (relay): + - Honor DataDirectoryGroupReadable when tor is a relay. Previously, + initializing the keys would reset the DataDirectory to 0700 + instead of 0750 even if DataDirectoryGroupReadable was set to 1. + Fixes bug 19953; bugfix on 0.0.2pre16. Patch by "redfish". + + o Minor bugfixes (testing): + - Remove undefined behavior from the backtrace generator by removing + its signal handler. Fixes bug 21026; bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (unit tests): + - Allow the unit tests to pass even when DNS lookups of bogus + addresses do not fail as expected. Fixes bug 20862 and 20863; + bugfix on unit tests introduced in 0.2.8.1-alpha + through 0.2.9.4-alpha. + + o Code simplification and refactoring: + - Refactor code to manipulate global_origin_circuit_list into + separate functions. Closes ticket 20921. + + o Documentation (formatting): + - Clean up formatting of tor.1 man page and HTML doc, where <pre> + blocks were incorrectly appearing. Closes ticket 20885. + + o Documentation (man page): + - Clarify many options in tor.1 and add some min/max values for + HiddenService options. Closes ticket 21058. + + +Changes in version 0.2.9.9 - 2017-01-23 + Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could + cause relays and clients to crash, even if they were not built with + the --enable-expensive-hardening option. This bug affects all 0.2.9.x + versions, and also affects 0.3.0.1-alpha: all relays running an affected + version should upgrade. + + This release also resolves a client-side onion service reachability + bug, and resolves a pair of small portability issues. + + o Major bugfixes (security): + - Downgrade the "-ftrapv" option from "always on" to "only on when + --enable-expensive-hardening is provided." This hardening option, + like others, can turn survivable bugs into crashes -- and having + it on by default made a (relatively harmless) integer overflow bug + into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); + bugfix on 0.2.9.1-alpha. + + o Major bugfixes (client, onion service): + - Fix a client-side onion service reachability bug, where multiple + socks requests to an onion service (or a single slow request) + could cause us to mistakenly mark some of the service's + introduction points as failed, and we cache that failure so + eventually we run out and can't reach the service. Also resolves a + mysterious "Remote server sent bogus reason code 65021" log + warning. The bug was introduced in ticket 17218, where we tried to + remember the circuit end reason as a uint16_t, which mangled + negative values. Partially fixes bug 21056 and fixes bug 20307; + bugfix on 0.2.8.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (portability): + - Avoid crashing when Tor is built using headers that contain + CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel + without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix + on 0.2.9.1-alpha. + - Fix Libevent detection on platforms without Libevent 1 headers + installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha. + + Changes in version 0.3.0.1-alpha - 2016-12-19 Tor 0.3.0.1-alpha is the first alpha release in the 0.3.0 development series. It strengthens Tor's link and circuit handshakes by @@ -1854,7 +2125,7 @@ Changes in version 0.2.8.2-alpha - 2016-03-28 testing versions of the static libraries. Fixes bug 18490; bugfix on 0.2.7.1-alpha. - Avoid spurious failures from configure files related to calling - exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18625; bugfix on + exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18626; bugfix on 0.2.0.1-alpha. Patch from "cypherpunks". - Silence spurious clang-scan warnings in the ed25519_donna code by explicitly initializing some objects. Fixes bug 18384; bugfix on diff --git a/ReleaseNotes b/ReleaseNotes index 96c2235351..d6adbe5f9b 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,48 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.2.9.9 - 2017-01-23 + Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could + cause relays and clients to crash, even if they were not built with + the --enable-expensive-hardening option. This bug affects all 0.2.9.x + versions, and also affects 0.3.0.1-alpha: all relays running an affected + version should upgrade. + + This release also resolves a client-side onion service reachability + bug, and resolves a pair of small portability issues. + + o Major bugfixes (security): + - Downgrade the "-ftrapv" option from "always on" to "only on when + --enable-expensive-hardening is provided." This hardening option, + like others, can turn survivable bugs into crashes -- and having + it on by default made a (relatively harmless) integer overflow bug + into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); + bugfix on 0.2.9.1-alpha. + + o Major bugfixes (client, onion service): + - Fix a client-side onion service reachability bug, where multiple + socks requests to an onion service (or a single slow request) + could cause us to mistakenly mark some of the service's + introduction points as failed, and we cache that failure so + eventually we run out and can't reach the service. Also resolves a + mysterious "Remote server sent bogus reason code 65021" log + warning. The bug was introduced in ticket 17218, where we tried to + remember the circuit end reason as a uint16_t, which mangled + negative values. Partially fixes bug 21056 and fixes bug 20307; + bugfix on 0.2.8.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (portability): + - Avoid crashing when Tor is built using headers that contain + CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel + without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix + on 0.2.9.1-alpha. + - Fix Libevent detection on platforms without Libevent 1 headers + installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha. + Changes in version 0.2.8.12 - 2016-12-19 Tor 0.2.8.12 backports a fix for a medium-severity issue (bug 21018 @@ -1192,7 +1234,7 @@ Changes in version 0.2.8.6 - 2016-08-02 o Minor bugfixes (build): - Avoid spurious failures from configure files related to calling - exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18625; bugfix on + exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18626; bugfix on 0.2.0.1-alpha. Patch from "cypherpunks". - Do not link the unit tests against both the testing and non- testing versions of the static libraries. Fixes bug 18490; bugfix diff --git a/acinclude.m4 b/acinclude.m4 index ab12317139..193d3a7a08 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -51,12 +51,12 @@ AC_DEFUN([TOR_TRY_COMPILE_WITH_CFLAGS], [ AC_CACHE_CHECK([whether the compiler accepts $1], VAR, [ tor_saved_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -pedantic -Werror $1" - AC_TRY_COMPILE([], [return 0;], + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [AS_VAR_SET(VAR,yes)], [AS_VAR_SET(VAR,no)]) if test x$2 != x; then AS_VAR_PUSHDEF([can_link],[tor_can_link_$1]) - AC_TRY_LINK([], [return 0;], + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [AS_VAR_SET(can_link,yes)], [AS_VAR_SET(can_link,no)]) AS_VAR_POPDEF([can_link]) @@ -93,7 +93,7 @@ AC_DEFUN([TOR_CHECK_LDFLAGS], [ AC_RUN_IFELSE([AC_LANG_PROGRAM([#include <stdio.h>], [fputs("", stdout)])], [AS_VAR_SET(VAR,yes)], [AS_VAR_SET(VAR,no)], - [AC_TRY_LINK([], [return 0;], + [AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [AS_VAR_SET(VAR,yes)], [AS_VAR_SET(VAR,no)])]) CFLAGS="$tor_saved_CFLAGS" @@ -113,21 +113,21 @@ if test x$2 = xdevpkg; then h=" headers for" fi if test -f /etc/debian_version && test x"$tor_$1_$2_debian" != x; then - AC_WARN([On Debian, you can install$h $1 using "apt-get install $tor_$1_$2_debian"]) + AC_MSG_WARN([On Debian, you can install$h $1 using "apt-get install $tor_$1_$2_debian"]) if test x"$tor_$1_$2_debian" != x"$tor_$1_devpkg_debian"; then - AC_WARN([ You will probably need $tor_$1_devpkg_debian too.]) + AC_MSG_WARN([ You will probably need $tor_$1_devpkg_debian too.]) fi fi if test -f /etc/fedora-release && test x"$tor_$1_$2_redhat" != x; then - AC_WARN([On Fedora, you can install$h $1 using "dnf install $tor_$1_$2_redhat"]) + AC_MSG_WARN([On Fedora, you can install$h $1 using "dnf install $tor_$1_$2_redhat"]) if test x"$tor_$1_$2_redhat" != x"$tor_$1_devpkg_redhat"; then - AC_WARN([ You will probably need to install $tor_$1_devpkg_redhat too.]) + AC_MSG_WARN([ You will probably need to install $tor_$1_devpkg_redhat too.]) fi else if test -f /etc/redhat-release && test x"$tor_$1_$2_redhat" != x; then - AC_WARN([On most Redhat-based systems, you can get$h $1 by installing the $tor_$1_$2_redhat RPM package]) + AC_MSG_WARN([On most Redhat-based systems, you can get$h $1 by installing the $tor_$1_$2_redhat RPM package]) if test x"$tor_$1_$2_redhat" != x"$tor_$1_devpkg_redhat"; then - AC_WARN([ You will probably need to install $tor_$1_devpkg_redhat too.]) + AC_MSG_WARN([ You will probably need to install $tor_$1_devpkg_redhat too.]) fi fi fi @@ -245,7 +245,10 @@ if test "$cross_compiling" != yes; then LDFLAGS="$tor_tryextra $orig_LDFLAGS" fi AC_RUN_IFELSE([AC_LANG_PROGRAM([$5], [$6])], - [runnable=yes], [runnable=no]) + [runnable=yes], [runnable=no], + [AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], + [runnable=yes], + [runnable=no])]) if test "$runnable" = yes; then tor_cv_library_$1_linker_option=$tor_tryextra break diff --git a/autogen.sh b/autogen.sh index 8c43a9798a..276dd4047c 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,12 +1,12 @@ #!/bin/sh if [ -x "`which autoreconf 2>/dev/null`" ] ; then - opt="-if" + opt="-i -f -W all,error" for i in $@; do case "$i" in -v) - opt=$opt"v" + opt="${opt} -v" ;; esac done diff --git a/changes/bug20824 b/changes/bug20824 new file mode 100644 index 0000000000..0cd52054ed --- /dev/null +++ b/changes/bug20824 @@ -0,0 +1,3 @@ + o Minor bugfixes (controller): + - Restore the (deprecated) DROPGUARDS controller command. + Fixes bug 20824; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21134 b/changes/bug21134 new file mode 100644 index 0000000000..b851718372 --- /dev/null +++ b/changes/bug21134 @@ -0,0 +1,5 @@ + o Minor bugfixes (portability): + - Do not silently truncate content of files if they are larger + than SIZE_MAX bytes. This issue could occur on 32 bit systems + with large file support and files which are larger than 4 GB. + Fixes bug 21134; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug21280 b/changes/bug21280 new file mode 100644 index 0000000000..e9f0bc174c --- /dev/null +++ b/changes/bug21280 @@ -0,0 +1,5 @@ + o Minor bugfixes (tor-resolve): + - The tor-resolve command line tool now rejects hostnames over 255 + characters in length. Previously, it would silently truncate + them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. + Patch by "junglefowl". diff --git a/changes/change_separate_exit_and_relay.txt b/changes/change_separate_exit_and_relay.txt new file mode 100644 index 0000000000..28db1d20fe --- /dev/null +++ b/changes/change_separate_exit_and_relay.txt @@ -0,0 +1,2 @@ +- Minor features:
+ - Allow separation of exit and relay traffic to different source IP addresses (Ticket #17975). Written by Michael Sonntag.
diff --git a/changes/ciphers.inc b/changes/ciphers.inc new file mode 100644 index 0000000000..71208b196d --- /dev/null +++ b/changes/ciphers.inc @@ -0,0 +1,5 @@ + o Minor features (ciphersuite selection): + - Clients now advertise a list of ciphersuites closer to the ones + preferred by Firefox. Closes ticket #15426. + + diff --git a/changes/feature20956 b/changes/feature20956 new file mode 100644 index 0000000000..1ebddb1662 --- /dev/null +++ b/changes/feature20956 @@ -0,0 +1,6 @@ + o Minor features (configuration, controller): + - Each of the *Port options, such as SocksPort, ORPort, ControlPort, + and so on, now comes with a __*Port variant that will not be + saved to the torrc file by the controller's SAVECONF command. + This change allows TorBrowser to set up a single-use domain socket + for each time it launches Tor. Closes ticket 20956. diff --git a/changes/feature21269 b/changes/feature21269 new file mode 100644 index 0000000000..56d5dcc4de --- /dev/null +++ b/changes/feature21269 @@ -0,0 +1,3 @@ + o Minor Feature (client): + - Enable IPv6 traffic by default on the SocksPort. To disable this, a user + will have to specify "NoIPv6Traffic". Closes #21269. diff --git a/changes/server_cipher b/changes/server_cipher new file mode 100644 index 0000000000..b80c88a9cd --- /dev/null +++ b/changes/server_cipher @@ -0,0 +1,3 @@ + o Minor features (ciphersuite choices): + - Allow servers to accept a wider range of ciphersuites, including + chacha20-poly1305 and AES-CCM. Closes the other part of 15426. diff --git a/changes/ticket20174 b/changes/ticket20174 new file mode 100644 index 0000000000..b727fc137f --- /dev/null +++ b/changes/ticket20174 @@ -0,0 +1,4 @@ + o Minor feature (fallback scripts): + - Add a check_existing mode to updateFallbackDirs.py, which checks if + fallbacks in the hard-coded list are working. Closes ticket 20174. + Patch by haxxpop. diff --git a/configure.ac b/configure.ac index f6438066b1..3cddccc515 100644 --- a/configure.ac +++ b/configure.ac @@ -4,14 +4,14 @@ dnl Copyright (c) 2007-2015, The Tor Project, Inc. dnl See LICENSE for licensing information AC_PREREQ([2.63]) -AC_INIT([tor],[0.3.0.1-alpha-dev]) +AC_INIT([tor],[0.3.0.2-alpha-dev]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) # "foreign" means we don't follow GNU package layout standards # "1.11" means we require automake version 1.11 or newer # "subdir-objects" means put .o files in the same directory as the .c files -AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects]) +AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects -Wall -Werror]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) AC_CONFIG_HEADERS([orconfig.h]) @@ -176,11 +176,15 @@ AC_ARG_ENABLE(seccomp, AC_ARG_ENABLE(libscrypt, AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt])) -dnl check for the correct "ar" when cross-compiling -AN_MAKEVAR([AR], [AC_PROG_AR]) -AN_PROGRAM([ar], [AC_PROG_AR]) -AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [ar])]) -AC_PROG_AR +dnl check for the correct "ar" when cross-compiling. +dnl (AM_PROG_AR was new in automake 1.11.2, which we do not yet require, +dnl so kludge up a replacement for the case where it isn't there yet.) +m4_ifdef([AM_PROG_AR], + [AM_PROG_AR], + [AN_MAKEVAR([AR], [AC_PROG_AR]) + AN_PROGRAM([ar], [AC_PROG_AR]) + AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [:])]) + AC_PROG_AR]) dnl Check whether the above macro has settled for a simply named tool even dnl though we're cross compiling. We must do this before running AC_PROG_CC, @@ -200,23 +204,18 @@ AC_PROG_CC AC_PROG_CPP AC_PROG_MAKE_SET AC_PROG_RANLIB +AC_PROG_SED AC_ARG_VAR([PERL], [path to Perl binary]) AC_CHECK_PROGS([PERL], [perl]) AM_CONDITIONAL(USE_PERL, [test "x$ac_cv_prog_PERL" != "x"]) -dnl autoconf 2.59 appears not to support AC_PROG_SED -AC_CHECK_PROG([SED],[sed],[sed],[/bin/false]) - dnl check for asciidoc and a2x AC_PATH_PROG([ASCIIDOC], [asciidoc], none) AC_PATH_PROGS([A2X], [a2x a2x.py], none) AM_CONDITIONAL(USE_ASCIIDOC, test "x$asciidoc" = "xtrue") -AM_CONDITIONAL(USE_FW_HELPER, test "x$natpmp" = "xtrue" || test "x$upnp" = "xtrue") -AM_CONDITIONAL(NAT_PMP, test "x$natpmp" = "xtrue") -AM_CONDITIONAL(MINIUPNPC, test "x$upnp" = "xtrue") AM_PROG_CC_C_O AC_PROG_CC_C99 @@ -435,7 +434,7 @@ AC_CHECK_FUNCS( # checks. So we should only probe for those functions if we are sure that we # are not targetting OSX 10.11 or earlier. AC_MSG_CHECKING([for a pre-Sierra OSX build target]) -AC_TRY_COMPILE([ +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef __APPLE__ # include <AvailabilityMacros.h> # ifndef MAC_OS_X_VERSION_10_12 @@ -447,7 +446,7 @@ AC_TRY_COMPILE([ # endif # endif #endif -], [], +]], [[]])], [on_macos_pre_10_12=no ; AC_MSG_RESULT([no])], [on_macos_pre_10_12=yes; AC_MSG_RESULT([yes])]) @@ -516,12 +515,13 @@ TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $T #ifdef _WIN32 #include <winsock2.h> #endif -void *event_init(void);], +struct event_base; +struct event_base *event_base_new(void);], [ #ifdef _WIN32 {WSADATA d; WSAStartup(0x101,&d); } #endif -event_init(); +event_base_new(); ], [--with-libevent-dir], [/opt/libevent]) dnl Determine the incantation needed to link libevent. @@ -646,16 +646,16 @@ LIBS="$TOR_OPENSSL_LIBS $LIBS" LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS" CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS" -AC_TRY_COMPILE([ +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL #error "too old" #endif - ], [], + ]], [[]])], [ : ], - [ AC_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) + [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) -AC_TRY_COMPILE([ +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #include <openssl/evp.h> #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_ECDSA) @@ -664,9 +664,9 @@ AC_TRY_COMPILE([ #if !defined(NID_X9_62_prime256v1) || !defined(NID_secp224r1) #error "curves unavailable" #endif - ], [], + ]], [[]])], [ : ], - [ AC_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ]) + [ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ]) AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , , [#include <openssl/ssl.h> @@ -769,14 +769,15 @@ m4_ifdef([AS_VAR_IF],[ TOR_CHECK_CFLAGS(-fPIE) TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check") fi - TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true) TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true) - if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then - AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.]) - fi fi if test "x$enable_expensive_hardening" = "xyes"; then + TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true) + if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then + AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.]) + fi + if test "$tor_cv_cflags__ftrapv" != "yes"; then AC_MSG_ERROR([You requested expensive hardening, but the compiler does not seem to support -ftrapv.]) fi @@ -1472,9 +1473,9 @@ AC_CHECK_FUNC(gethostbyname_r, [ AC_MSG_CHECKING([how many arguments gethostbyname_r() wants]) OLD_CFLAGS=$CFLAGS CFLAGS="$CFLAGS $MY_CPPFLAGS $MY_THREAD_CPPFLAGS $MY_CFLAGS" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <netdb.h> - ], [[ + ]], [[ char *cp1, *cp2; struct hostent *h1, *h2; int i1, i2; @@ -1485,27 +1486,27 @@ AC_CHECK_FUNC(gethostbyname_r, [ [Define this if gethostbyname_r takes 6 arguments]) AC_MSG_RESULT(6) ], [ - AC_TRY_COMPILE([ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <netdb.h> - ], [ + ]], [[ char *cp1, *cp2; struct hostent *h1; int i1, i2; (void)gethostbyname_r(cp1,h1,cp2,i1,&i2); - ], [ + ]])], [ AC_DEFINE(HAVE_GETHOSTBYNAME_R) AC_DEFINE(HAVE_GETHOSTBYNAME_R_5_ARG, 1, [Define this if gethostbyname_r takes 5 arguments]) AC_MSG_RESULT(5) ], [ - AC_TRY_COMPILE([ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <netdb.h> - ], [ + ]], [[ char *cp1; struct hostent *h1; struct hostent_data hd; (void) gethostbyname_r(cp1,h1,&hd); - ], [ + ]])], [ AC_DEFINE(HAVE_GETHOSTBYNAME_R) AC_DEFINE(HAVE_GETHOSTBYNAME_R_3_ARG, 1, [Define this if gethostbyname_r takes 3 arguments]) @@ -1835,7 +1836,7 @@ if test "x$enable_gcc_warnings_advisory" != "xno"; then -Wstatic-float-init -Wstatic-in-inline -Wstatic-local-in-inline - -Wstrict-overflow=2 + -Wstrict-overflow=1 -Wstring-compare -Wstring-conversion -Wstrlcpy-strlcat-size @@ -1880,6 +1881,10 @@ if test "x$enable_gcc_warnings_advisory" != "xno"; then -Wzero-length-array ], [ TOR_CHECK_CFLAGS([warning_flag]) ]) +dnl We should re-enable this in some later version. Clang doesn't +dnl mind, but it causes trouble with GCC. +dnl -Wstrict-overflow=2 + dnl These seem to require annotations that we don't currently use, dnl and they give false positives in our pthreads wrappers. (Clang 4) dnl -Wthread-safety diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index 3dc6a0d3a5..c98aa780f1 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.3.0.1-alpha-dev" +!define VERSION "0.3.0.2-alpha-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/doc/HACKING/HelpfulTools.md b/doc/HACKING/HelpfulTools.md index a7f36e6c7e..67481ace43 100644 --- a/doc/HACKING/HelpfulTools.md +++ b/doc/HACKING/HelpfulTools.md @@ -142,6 +142,12 @@ run `make test-network`. We also have scripts to run integration tests using Stem. To try them, set `STEM_SOURCE_DIR` to your Stem source directory, and run `test-stem`. +Profiling Tor +------------- + +Ongoing notes about Tor profiling can be found at +https://pad.riseup.net/p/profiling-tor + Profiling Tor with oprofile --------------------------- @@ -168,6 +174,55 @@ Here are some basic instructions * `opreport -l that_dir/*` - Profit +Profiling Tor with perf +----------------------- + +This works with a running Tor, and requires root. + +1. Decide how long you want to profile for. Start with (say) 30 seconds. If that + works, try again with longer times. + +2. Find the PID of your running tor process. + +3. Run `perf record --call-graph dwarf -p <PID> sleep <SECONDS>` + + (You may need to do this as root.) + + You might need to add `-e cpu-clock` as an option to the perf record line + above, if you are on an older CPU without access to hardware profiling + events, or in a VM, or something. + +4. Now you have a perf.data file. Have a look at it with `perf report + --no-children --sort symbol,dso` or `perf report --no-children --sort + symbol,dso --stdio --header`. How does it look? + +5a. Once you have a nice big perf.data file, you can compress it, encrypt it, + and send it to your favorite Tor developers. + +5b. Or maybe you'd rather not send a nice big perf.data file. Who knows what's + in that!? It's kinda scary. To generate a less scary file, you can use `perf + report -g > <FILENAME>.out`. Then you can compress that and put it somewhere + public. + +Profiling Tor with gperftools aka Google-performance-tools +---------------------------------------------------------- + +This should work on nearly any unixy system. It doesn't seem to be compatible +with RunAsDaemon though. + +Beforehand, install google-perftools. + +1. You need to rebuild Tor, hack the linking steps to add `-lprofiler` to the + libs. You can do this by adding `LIBS=-lprofiler` when you call `./configure`. + +Now you can run Tor with profiling enabled, and use the pprof utility to look at +performance! See the gperftools manual for more info, but basically: + +2. Run `env CPUPROFILE=/tmp/profile src/or/tor -f <path/torrc>`. The profile file + is not written to until Tor finishes execuction. + +3. Run `pprof src/or/tor /tm/profile` to start the REPL. + Generating and analyzing a callgraph ------------------------------------ diff --git a/doc/include.am b/doc/include.am index 7164a4b2a0..0e8de231e1 100644 --- a/doc/include.am +++ b/doc/include.am @@ -12,17 +12,11 @@ # part of the source distribution, so that people without asciidoc can # just use the .1 and .html files. -base_mans = doc/tor doc/tor-gencert doc/tor-resolve doc/torify -all_mans = $(base_mans) -if USE_FW_HELPER -install_mans = $(all_mans) -else -install_mans = $(base_mans) -endif +all_mans = doc/tor doc/tor-gencert doc/tor-resolve doc/torify if USE_ASCIIDOC -nodist_man1_MANS = $(install_mans:=.1) -doc_DATA = $(install_mans:=.html) +nodist_man1_MANS = $(all_mans:=.1) +doc_DATA = $(all_mans:=.html) html_in = $(all_mans:=.html.in) man_in = $(all_mans:=.1.in) txt_in = $(all_mans:=.1.txt) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 36a67ffa23..de2e2b4a04 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -390,7 +390,8 @@ GENERAL OPTIONS file readable by the default GID. (Default: 0) [[DataDirectory]] **DataDirectory** __DIR__:: - Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor) + Store working data in DIR. Can not be changed while tor is running. + (Default: @LOCALSTATEDIR@/lib/tor) [[DataDirectoryGroupReadable]] **DataDirectoryGroupReadable** **0**|**1**:: If this option is set to 0, don't allow the filesystem group to read the @@ -464,7 +465,8 @@ GENERAL OPTIONS not supported. We believe that this feature works on modern Gnu/Linux distributions, and that it should work on *BSD systems (untested). This option requires that you start your Tor as root, and you should use the - **User** option to properly reduce Tor's privileges. (Default: 0) + **User** option to properly reduce Tor's privileges. + Can not be changed while tor is running. (Default: 0) [[DisableDebuggerAttachment]] **DisableDebuggerAttachment** **0**|**1**:: If set to 1, Tor will attempt to prevent basic debugging attachment attempts @@ -539,7 +541,20 @@ GENERAL OPTIONS [[Sandbox]] **Sandbox** **0**|**1**:: If set to 1, Tor will run securely through the use of a syscall sandbox. Otherwise the sandbox will be disabled. The option is currently an - experimental feature. (Default: 0) + experimental feature. Can not be changed while tor is running. + + When the Sandbox is 1, the following options can not be changed when tor + is running: + Address + ConnLimit + CookieAuthFile + DirPortFrontPage + ExtORPortCookieAuthFile + Logs + ServerDNSResolvConfFile + Tor must remain in client or server mode (some changes to ClientOnly and + ORPort are not allowed). + (Default: 0) [[Socks4Proxy]] **Socks4Proxy** __host__[:__port__]:: Tor will make all OR connections through the SOCKS 4 proxy at host:port @@ -625,9 +640,23 @@ GENERAL OPTIONS This setting will be ignored for connections to the loopback addresses (127.0.0.0/8 and ::1). +[[OutboundBindAddressOR]] **OutboundBindAddressOR** __IP__:: + Make all outbound non-exit (=relay and other) connections originate from the IP + address specified. This option overrides **OutboundBindAddress** for the same + IP version. This option may be used twice, once with an IPv4 address and once + with an IPv6 address. This setting will be ignored for connections to the + loopback addresses (127.0.0.0/8 and ::1). + +[[OutboundBindAddressExit]] **OutboundBindAddressExit** __IP__:: + Make all outbound exit connections originate from the IP address specified. This + option overrides **OutboundBindAddress** for the same IP version. This option + may be used twice, once with an IPv4 address and once with an IPv6 address. This + setting will be ignored for connections to the loopback addresses (127.0.0.0/8 + and ::1). + [[PidFile]] **PidFile** __FILE__:: On startup, write our PID to FILE. On clean shutdown, remove - FILE. + FILE. Can not be changed while tor is running. [[ProtocolWarnings]] **ProtocolWarnings** **0**|**1**:: If 1, Tor will log with severity \'warn' various cases of other parties not @@ -643,6 +672,7 @@ GENERAL OPTIONS [[RunAsDaemon]] **RunAsDaemon** **0**|**1**:: If 1, Tor forks and daemonizes to the background. This option has no effect on Windows; instead you should use the --service command-line option. + Can not be changed while tor is running. (Default: 0) [[LogTimeGranularity]] **LogTimeGranularity** __NUM__:: @@ -659,7 +689,8 @@ GENERAL OPTIONS [[SyslogIdentityTag]] **SyslogIdentityTag** __tag__:: When logging to syslog, adds a tag to the syslog identity such that - log entries are marked with "Tor-__tag__". (Default: none) + log entries are marked with "Tor-__tag__". Can not be changed while tor is + running. (Default: none) [[SafeLogging]] **SafeLogging** **0**|**1**|**relay**:: Tor can scrub potentially sensitive strings from log messages (e.g. @@ -674,6 +705,7 @@ GENERAL OPTIONS [[User]] **User** __Username__:: On startup, setuid to this user and setgid to their primary group. + Can not be changed while tor is running. [[KeepBindCapabilities]] **KeepBindCapabilities** **0**|**1**|**auto**:: On Linux, when we are started as root and we switch our identity using @@ -681,20 +713,23 @@ GENERAL OPTIONS try to retain our ability to bind to low ports. If this value is 1, we try to keep the capability; if it is 0 we do not; and if it is **auto**, we keep the capability only if we are configured to listen on a low port. + Can not be changed while tor is running. (Default: auto.) [[HardwareAccel]] **HardwareAccel** **0**|**1**:: If non-zero, try to use built-in (static) crypto hardware acceleration when - available. (Default: 0) + available. Can not be changed while tor is running. (Default: 0) [[AccelName]] **AccelName** __NAME__:: When using OpenSSL hardware crypto acceleration attempt to load the dynamic engine of this name. This must be used for any dynamic hardware engine. - Names can be verified with the openssl engine command. + Names can be verified with the openssl engine command. Can not be changed + while tor is running. [[AccelDir]] **AccelDir** __DIR__:: Specify this option if using dynamic hardware acceleration and the engine implementation library resides somewhere other than the OpenSSL default. + Can not be changed while tor is running. [[AvoidDiskWrites]] **AvoidDiskWrites** **0**|**1**:: If non-zero, try to write to disk less frequently than we would otherwise. @@ -825,7 +860,7 @@ The following options are useful only for clients (that is, if [[ExcludeExitNodes]] **ExcludeExitNodes** __node__,__node__,__...__:: A list of identity fingerprints, country codes, and address patterns of nodes to never use when picking an exit node---that is, a - node that delivers traffic for you outside the Tor network. Note that any + node that delivers traffic for you *outside* the Tor network. Note that any node listed in ExcludeNodes is automatically considered to be part of this list too. See the **ExcludeNodes** option for more information on how to specify @@ -842,7 +877,7 @@ The following options are useful only for clients (that is, if [[ExitNodes]] **ExitNodes** __node__,__node__,__...__:: A list of identity fingerprints, country codes, and address patterns of nodes to use as exit node---that is, a - node that delivers traffic for you outside the Tor network. See + node that delivers traffic for you *outside* the Tor network. See the **ExcludeNodes** option for more information on how to specify nodes. + + Note that if you list too few nodes here, or if you exclude too many exit @@ -850,7 +885,7 @@ The following options are useful only for clients (that is, if if none of the exits you list allows traffic on port 80 or 443, you won't be able to browse the web. + + - Note also that not every circuit is used to deliver traffic outside of + Note also that not every circuit is used to deliver traffic *outside* of the Tor network. It is normal to see non-exit circuits (such as those used to connect to hidden services, those that do directory fetches, those used for relay reachability self-tests, and so on) that end @@ -876,16 +911,16 @@ The following options are useful only for clients (that is, if the **ExcludeNodes** option for more information on how to specify nodes. [[StrictNodes]] **StrictNodes** **0**|**1**:: - If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a - requirement to follow for all the circuits you generate, even if doing so - will break functionality for you. If StrictNodes is set to 0, Tor will + If StrictNodes is set to 1, Tor will treat solely the ExcludeNodes option + as a requirement to follow for all the circuits you generate, even if + doing so will break functionality for you (StrictNodes applies to neither + ExcludeExitNodes nor to ExitNodes). If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the - side of avoiding unexpected errors. Specifically, StrictNodes 0 tells - Tor that it is okay to use an excluded node when it is *necessary* to - perform relay reachability self-tests, connect to - a hidden service, provide a hidden service to a client, fulfill a .exit - request, upload directory information, or download directory information. - (Default: 0) + side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor + that it is okay to use an excluded node when it is *necessary* to perform + relay reachability self-tests, connect to a hidden service, provide a + hidden service to a client, fulfill a .exit request, upload directory + information, or download directory information. (Default: 0) [[FascistFirewall]] **FascistFirewall** **0**|**1**:: If 1, Tor will only create outgoing connections to ORs running on ports @@ -1150,6 +1185,7 @@ The following options are useful only for clients (that is, if authentication" when IsolateSOCKSAuth is disabled, or when this option is set. +[[SocksPortFlagsMisc]]:: Flags are processed left to right. If flags conflict, the last flag on the line is used, and all earlier flags are ignored. No error is issued for conflicting flags. @@ -1180,7 +1216,8 @@ The following options are useful only for clients (that is, if NUM must be between 1 and 1000, inclusive. Note that the configured bandwidth limits are still expressed in bytes per second: this option only affects the frequency with which Tor checks to see whether - previously exhausted connections may read again. (Default: 100 msec) + previously exhausted connections may read again. + Can not be changed while tor is running. (Default: 100 msec) [[TrackHostExits]] **TrackHostExits** __host__,__.domain__,__...__:: For each value in the comma separated list, Tor will track recent @@ -1334,7 +1371,7 @@ The following options are useful only for clients (that is, if [[TransProxyType]] **TransProxyType** **default**|**TPROXY**|**ipfw**|**pf-divert**:: TransProxyType may only be enabled when there is transparent proxy listener - enabled. + enabled. + + Set this to "TPROXY" if you wish to be able to use the TPROXY Linux module to transparently proxy connections that are configured using the TransPort @@ -1342,19 +1379,19 @@ The following options are useful only for clients (that is, if for all addresses, even when the TransListenAddress is configured for an internal address. Detailed information on how to configure the TPROXY feature can be found in the Linux kernel source tree in the file - Documentation/networking/tproxy.txt. + Documentation/networking/tproxy.txt. + + - Set this option to "ipfw" to use the FreeBSD ipfw interface. + Set this option to "ipfw" to use the FreeBSD ipfw interface. + + On *BSD operating systems when using pf, set this to "pf-divert" to take advantage of +divert-to+ rules, which do not modify the packets like +rdr-to+ rules do. Detailed information on how to configure pf to use +divert-to+ rules can be found in the pf.conf(5) manual page. On OpenBSD, +divert-to+ is available to use on versions greater than or equal to - OpenBSD 4.4. + OpenBSD 4.4. + + Set this to "default", or leave it unconfigured, to use regular IPTables - on Linux, or to use pf +rdr-to+ rules on *BSD systems. + on Linux, or to use pf +rdr-to+ rules on *BSD systems. + + (Default: "default".) @@ -1462,11 +1499,11 @@ The following options are useful only for clients (that is, if (Example: Tor2webRendezvousPoints Fastyfasty, ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, \{cc}, 255.254.0.0/8) + + - This feature can only be used if Tor2webMode is also enabled. + This feature can only be used if Tor2webMode is also enabled. + + ExcludeNodes have higher priority than Tor2webRendezvousPoints, which means that nodes specified in ExcludeNodes will not be - picked as RPs. + picked as RPs. + + If no nodes in Tor2webRendezvousPoints are currently available for use, Tor will choose a random node when building HS circuits. @@ -1494,7 +1531,7 @@ The following options are useful only for clients (that is, if These options override the default behavior of Tor's (**currently experimental**) path bias detection algorithm. To try to find broken or misbehaving guard nodes, Tor looks for nodes where more than a certain - fraction of circuits through that guard fail to get built. + fraction of circuits through that guard fail to get built. + + The PathBiasCircThreshold option controls how many circuits we need to build through a guard before we make these checks. The PathBiasNoticeRate, @@ -1520,14 +1557,14 @@ The following options are useful only for clients (that is, if [[PathBiasScaleUseThreshold]] **PathBiasScaleUseThreshold** __NUM__:: Similar to the above options, these options override the default behavior - of Tor's (**currently experimental**) path use bias detection algorithm. + of Tor's (**currently experimental**) path use bias detection algorithm. + + Where as the path bias parameters govern thresholds for successfully building circuits, these four path use bias parameters govern thresholds only for circuit usage. Circuits which receive no stream usage are not counted by this detection algorithm. A used circuit is considered successful if it is capable of carrying streams or otherwise receiving - well-formed responses to RELAY cells. + well-formed responses to RELAY cells. + + By default, or if a negative value is provided for one of these options, Tor uses reasonable defaults from the networkstatus consensus document. @@ -1661,7 +1698,7 @@ is non-zero): Tells Tor whether to run as an exit relay. If Tor is running as a non-bridge server, and ExitRelay is set to 1, then Tor allows traffic to exit according to the ExitPolicy option (or the default ExitPolicy if - none is specified). + none is specified). + + If ExitRelay is set to 0, no traffic is allowed to exit, and the ExitPolicy option is ignored. + @@ -1739,6 +1776,7 @@ is non-zero): reject *:6881-6999 accept *:* +[[ExitPolicyDefault]]:: Since the default exit policy uses accept/reject *, it applies to both IPv4 and IPv6 addresses. @@ -1775,7 +1813,7 @@ is non-zero): that they are in the same \'family', Tor clients will not use them in the same circuit. (Each server only needs to list the other servers in its family; it doesn't need to list itself, but it won't hurt.) Do not list - any bridge relay as it would compromise its concealment. + any bridge relay as it would compromise its concealment. + + When listing a node, it's better to list it by fingerprint than by nickname: fingerprints are more reliable. @@ -1793,26 +1831,27 @@ is non-zero): Advertise this port to listen for connections from Tor clients and servers. This option is required to be a Tor server. Set it to "auto" to have Tor pick a port for you. Set it to 0 to not - run an ORPort at all. This option can occur more than once. (Default: 0) -+ + run an ORPort at all. This option can occur more than once. (Default: 0) + + + Tor recognizes these flags on each ORPort: - **NoAdvertise**:: + **NoAdvertise**;; By default, we bind to a port and tell our users about it. If NoAdvertise is specified, we don't advertise, but listen anyway. This can be useful if the port everybody will be connecting to (for example, one that's opened on our firewall) is somewhere else. - **NoListen**:: + **NoListen**;; By default, we bind to a port and tell our users about it. If NoListen is specified, we don't bind, but advertise anyway. This can be useful if something else (for example, a firewall's port forwarding configuration) is causing connections to reach us. - **IPv4Only**:: + **IPv4Only**;; If the address is absent, or resolves to both an IPv4 and an IPv6 address, only listen to the IPv4 address. - **IPv6Only**:: + **IPv6Only**;; If the address is absent, or resolves to both an IPv4 and an IPv6 address, only listen to the IPv6 address. -+ + +[[ORPortFlagsExclusive]]:: For obvious reasons, NoAdvertise and NoListen are mutually exclusive, and IPv4Only and IPv6Only are mutually exclusive. @@ -1820,8 +1859,8 @@ is non-zero): Bind to this IP address to listen for connections from Tor clients and servers. If you specify a port, bind to this port rather than the one specified in ORPort. (Default: 0.0.0.0) This directive can be specified - multiple times to bind to multiple addresses/ports. -+ + multiple times to bind to multiple addresses/ports. + + + This option is deprecated; you can get the same behavior with ORPort now that it supports NoAdvertise and explicit addresses. @@ -1840,7 +1879,7 @@ is non-zero): [[PublishServerDescriptor]] **PublishServerDescriptor** **0**|**1**|**v3**|**bridge**,**...**:: This option specifies which descriptors Tor will publish when acting as a relay. You can - choose multiple arguments, separated by commas. + choose multiple arguments, separated by commas. + + If this option is set to 0, Tor will not publish its descriptors to any directories. (This is useful if you're testing @@ -2095,16 +2134,16 @@ if DirPort is non-zero): If this option is nonzero, advertise the directory service on this port. Set it to "auto" to have Tor pick a port for you. This option can occur more than once, but only one advertised DirPort is supported: all - but one DirPort must have the **NoAdvertise** flag set. (Default: 0) -+ + but one DirPort must have the **NoAdvertise** flag set. (Default: 0) + + + The same flags are supported here as are supported by ORPort. [[DirListenAddress]] **DirListenAddress** __IP__[:__PORT__]:: Bind the directory service to this address. If you specify a port, bind to this port rather than the one specified in DirPort. (Default: 0.0.0.0) This directive can be specified multiple times to bind to multiple - addresses/ports. -+ + addresses/ports. + + + This option is deprecated; you can get the same behavior with DirPort now that it supports NoAdvertise and explicit addresses. @@ -2199,7 +2238,7 @@ on the public Tor network. [[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__:: Authoritative directories only. A set of address patterns for servers that will be listed as bad exits in any network status document this authority - publishes, if **AuthDirListBadExits** is set. + publishes, if **AuthDirListBadExits** is set. + + (The address pattern syntax here and in the options below is the same as for exit policies, except that you don't need to say @@ -2252,7 +2291,7 @@ on the public Tor network. publish a descriptor if any other relay has reserved its <Ed25519,RSA> identity keypair. In all cases, Tor records every keypair it accepts in a journal if it is new, or if it differs from the most recently - accepted pinning for one of the keys it contains. (Default: 0) + accepted pinning for one of the keys it contains. (Default: 1) [[AuthDirSharedRandomness]] **AuthDirSharedRandomness** **0**|**1**:: Authoritative directories only. Switch for the shared random protocol. @@ -2387,8 +2426,8 @@ The following options are used to configure a hidden service. [[HiddenServiceMaxStreams]] **HiddenServiceMaxStreams** __N__:: The maximum number of simultaneous streams (connections) per rendezvous - circuit. (Setting this to 0 will allow an unlimited number of simultanous - streams.) (Default: 0) + circuit. The maximum value allowed is 65535. (Setting this to 0 will allow + an unlimited number of simultanous streams.) (Default: 0) [[HiddenServiceMaxStreamsCloseCircuit]] **HiddenServiceMaxStreamsCloseCircuit** **0**|**1**:: If set to 1, then exceeding **HiddenServiceMaxStreams** will cause the @@ -2397,8 +2436,9 @@ The following options are used to configure a hidden service. [[RendPostPeriod]] **RendPostPeriod** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: Every time the specified period elapses, Tor uploads any rendezvous - service descriptors to the directory servers. This information is also - uploaded whenever it changes. (Default: 1 hour) + service descriptors to the directory servers. This information is also + uploaded whenever it changes. Minimum value allowed is 10 minutes and + maximum is 3.5 days. (Default: 1 hour) [[HiddenServiceDirGroupReadable]] **HiddenServiceDirGroupReadable** **0**|**1**:: If this option is set to 1, allow the filesystem group to read the @@ -2420,20 +2460,20 @@ The following options are used to configure a hidden service. Single Onion Service. One-hop circuits make Single Onion servers easily locatable, but clients remain location-anonymous. However, the fact that a client is accessing a Single Onion rather than a Hidden Service may be - statistically distinguishable. - + statistically distinguishable. + + + **WARNING:** Once a hidden service directory has been used by a tor instance in HiddenServiceSingleHopMode, it can **NEVER** be used again for a hidden service. It is best practice to create a new hidden service directory, key, and address for each new Single Onion Service and Hidden Service. It is not possible to run Single Onion Services and Hidden Services from the same tor instance: they should be run on different - servers with different IP addresses. - + servers with different IP addresses. + + + HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be set to 1. Since a Single Onion service is non-anonymous, you can not configure a SOCKSPort on a tor instance that is running in - **HiddenServiceSingleHopMode**. + **HiddenServiceSingleHopMode**. Can not be changed while tor is running. (Default: 0) [[HiddenServiceNonAnonymousMode]] **HiddenServiceNonAnonymousMode** **0**|**1**:: @@ -2441,8 +2481,8 @@ The following options are used to configure a hidden service. non-anonymous HiddenServiceSingleHopMode. Enables direct connections in the server-side hidden service protocol. If you are using this option, you need to disable all client-side services on your Tor instance, - including setting SOCKSPort to "0". - (Default: 0) + including setting SOCKSPort to "0". Can not be changed while tor is + running. (Default: 0) TESTING NETWORK OPTIONS ----------------------- @@ -2587,7 +2627,7 @@ The following options are used for running a testing Tor network. A list of identity fingerprints, country codes, and address patterns of nodes to vote Exit for regardless of their uptime, bandwidth, or exit policy. See the **ExcludeNodes** - option for more information on how to specify nodes. + option for more information on how to specify nodes. + + In order for this option to have any effect, **TestingTorNetwork** has to be set. See the **ExcludeNodes** option for more @@ -2596,7 +2636,7 @@ The following options are used for running a testing Tor network. [[TestingDirAuthVoteExitIsStrict]] **TestingDirAuthVoteExitIsStrict** **0**|**1** :: If True (1), a node will never receive the Exit flag unless it is specified in the **TestingDirAuthVoteExit** list, regardless of its uptime, bandwidth, - or exit policy. + or exit policy. + + In order for this option to have any effect, **TestingTorNetwork** has to be set. @@ -2605,14 +2645,14 @@ The following options are used for running a testing Tor network. A list of identity fingerprints and country codes and address patterns of nodes to vote Guard for regardless of their uptime and bandwidth. See the **ExcludeNodes** option for more - information on how to specify nodes. + information on how to specify nodes. + + In order for this option to have any effect, **TestingTorNetwork** has to be set. [[TestingDirAuthVoteGuardIsStrict]] **TestingDirAuthVoteGuardIsStrict** **0**|**1** :: If True (1), a node will never receive the Guard flag unless it is specified - in the **TestingDirAuthVoteGuard** list, regardless of its uptime and bandwidth. + in the **TestingDirAuthVoteGuard** list, regardless of its uptime and bandwidth. + + In order for this option to have any effect, **TestingTorNetwork** has to be set. @@ -2621,14 +2661,14 @@ The following options are used for running a testing Tor network. A list of identity fingerprints and country codes and address patterns of nodes to vote HSDir for regardless of their uptime and DirPort. See the **ExcludeNodes** option for more - information on how to specify nodes. + information on how to specify nodes. + + In order for this option to have any effect, **TestingTorNetwork** must be set. [[TestingDirAuthVoteHSDirIsStrict]] **TestingDirAuthVoteHSDirIsStrict** **0**|**1** :: If True (1), a node will never receive the HSDir flag unless it is specified - in the **TestingDirAuthVoteHSDir** list, regardless of its uptime and DirPort. + in the **TestingDirAuthVoteHSDir** list, regardless of its uptime and DirPort. + + In order for this option to have any effect, **TestingTorNetwork** has to be set. @@ -2672,6 +2712,19 @@ The following options are used for running a testing Tor network. we replace it and issue a new key? (Default: 3 hours for link and auth; 1 day for signing.) +NON-PERSISTENT OPTIONS +---------------------- + +These options are not saved to the torrc file by the "SAVECONF" controller +command. Other options of this type are documented in control-spec.txt, +section 5.4. End-users should mostly ignore them. + +[[UnderscorePorts]] **\_\_ControlPort**, **\_\_DirPort**, **\_\_DNSPort**, **\_\_ExtORPort**, **\_\_NATDPort**, **\_\_ORPort**, **\_\_SocksPort**, **\_\_TransPort**:: + These underscore-prefixed options are variants of the regular Port + options. They behave the same, except they are not saved to the + torrc file by the controller's SAVECONF command. + + SIGNALS ------- diff --git a/m4/ax_check_sign.m4 b/m4/ax_check_sign.m4 index 104b17014c..d67e114dba 100644 --- a/m4/ax_check_sign.m4 +++ b/m4/ax_check_sign.m4 @@ -41,8 +41,8 @@ AU_ALIAS([VL_CHECK_SIGN], [AX_CHECK_SIGN]) AC_DEFUN([AX_CHECK_SIGN], [ typename=`echo $1 | sed "s/@<:@^a-zA-Z0-9_@:>@/_/g"` AC_CACHE_CHECK([whether $1 is signed], ax_cv_decl_${typename}_signed, [ - AC_TRY_COMPILE([$4], - [ int foo @<:@ 1 - 2 * !((($1) -1) < 0) @:>@ ], + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$4]], + [[ int foo @<:@ 1 - 2 * !((($1) -1) < 0) @:>@ ]])], [ eval "ax_cv_decl_${typename}_signed=\"yes\"" ], [ eval "ax_cv_decl_${typename}_signed=\"no\"" ])]) symbolname=`echo $1 | sed "s/@<:@^a-zA-Z0-9_@:>@/_/g" | tr "a-z" "A-Z"` diff --git a/m4/pc_from_ucontext.m4 b/m4/pc_from_ucontext.m4 index 8a9dc459e6..9b66bf752c 100644 --- a/m4/pc_from_ucontext.m4 +++ b/m4/pc_from_ucontext.m4 @@ -79,29 +79,29 @@ AC_DEFUN([AC_PC_FROM_UCONTEXT], if ! $pc_field_found; then # Prefer sys/ucontext.h to ucontext.h, for OS X's sake. if test "x$ac_cv_header_cygwin_signal_h" = xyes; then - AC_TRY_COMPILE([#include <cygwin/signal.h>], - [ucontext_t u; return u.$pc_field == 0;], + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <cygwin/signal.h>]], + [[ucontext_t u; return u.$pc_field == 0;]])], AC_DEFINE_UNQUOTED(PC_FROM_UCONTEXT, $pc_field, How to access the PC from a struct ucontext) AC_MSG_RESULT([$pc_field]) pc_field_found=true) elif test "x$ac_cv_header_sys_ucontext_h" = xyes; then - AC_TRY_COMPILE([#include <sys/ucontext.h>], - [ucontext_t u; return u.$pc_field == 0;], + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/ucontext.h>]], + [[ucontext_t u; return u.$pc_field == 0;]])], AC_DEFINE_UNQUOTED(PC_FROM_UCONTEXT, $pc_field, How to access the PC from a struct ucontext) AC_MSG_RESULT([$pc_field]) pc_field_found=true) elif test "x$ac_cv_header_ucontext_h" = xyes; then - AC_TRY_COMPILE([#include <ucontext.h>], - [ucontext_t u; return u.$pc_field == 0;], + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <ucontext.h>]], + [[ucontext_t u; return u.$pc_field == 0;]])], AC_DEFINE_UNQUOTED(PC_FROM_UCONTEXT, $pc_field, How to access the PC from a struct ucontext) AC_MSG_RESULT([$pc_field]) pc_field_found=true) else # hope some standard header gives it to us - AC_TRY_COMPILE([], - [ucontext_t u; return u.$pc_field == 0;], + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], + [[ucontext_t u; return u.$pc_field == 0;]])], AC_DEFINE_UNQUOTED(PC_FROM_UCONTEXT, $pc_field, How to access the PC from a struct ucontext) AC_MSG_RESULT([$pc_field]) @@ -114,8 +114,8 @@ AC_DEFUN([AC_PC_FROM_UCONTEXT], pc_fields="$pc_fields sc_rip" # OpenBSD (x86_64) for pc_field in $pc_fields; do if ! $pc_field_found; then - AC_TRY_COMPILE([#include <signal.h>], - [ucontext_t u; return u.$pc_field == 0;], + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <signal.h>]], + [[ucontext_t u; return u.$pc_field == 0;]])], AC_DEFINE_UNQUOTED(PC_FROM_UCONTEXT, $pc_field, How to access the PC from a struct ucontext) AC_MSG_RESULT([$pc_field]) diff --git a/scripts/codegen/gen_server_ciphers.py b/scripts/codegen/gen_server_ciphers.py index 0dca8a6734..7470f8a025 100755 --- a/scripts/codegen/gen_server_ciphers.py +++ b/scripts/codegen/gen_server_ciphers.py @@ -13,13 +13,13 @@ import sys EPHEMERAL_INDICATORS = [ "_EDH_", "_DHE_", "_ECDHE_" ] BAD_STUFF = [ "_DES_40_", "MD5", "_RC4_", "_DES_64_", - "_SEED_", "_CAMELLIA_", "_NULL" ] + "_SEED_", "_CAMELLIA_", "_NULL", + "_CCM_8", "_DES_", ] # these never get #ifdeffed. MANDATORY = [ "TLS1_TXT_DHE_RSA_WITH_AES_256_SHA", "TLS1_TXT_DHE_RSA_WITH_AES_128_SHA", - "SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA", ] def find_ciphers(filename): @@ -48,15 +48,23 @@ def usable_cipher(ciph): # All fields we sort on, in order of priority. FIELDS = [ 'cipher', 'fwsec', 'mode', 'digest', 'bitlength' ] # Map from sorted fields to recognized value in descending order of goodness -FIELD_VALS = { 'cipher' : [ 'AES', 'DES'], +FIELD_VALS = { 'cipher' : [ 'AES', 'CHACHA20' ], 'fwsec' : [ 'ECDHE', 'DHE' ], - 'mode' : [ 'GCM', 'CBC' ], - 'digest' : [ 'SHA384', 'SHA256', 'SHA' ], + 'mode' : [ 'POLY1305', 'GCM', 'CCM', 'CBC', ], + 'digest' : [ 'n/a', 'SHA384', 'SHA256', 'SHA', ], 'bitlength' : [ '256', '128', '192' ], } class Ciphersuite(object): def __init__(self, name, fwsec, cipher, bitlength, mode, digest): + if fwsec == 'EDH': + fwsec = 'DHE' + + if mode in [ '_CBC3', '_CBC', '' ]: + mode = 'CBC' + elif mode == '_GCM': + mode = 'GCM' + self.name = name self.fwsec = fwsec self.cipher = cipher @@ -74,42 +82,50 @@ class Ciphersuite(object): def parse_cipher(ciph): m = re.match('(?:TLS1|SSL3)_TXT_(EDH|DHE|ECDHE)_RSA(?:_WITH)?_(AES|DES)_(256|128|192)(|_CBC|_CBC3|_GCM)_(SHA|SHA256|SHA384)$', ciph) - if not m: - print "/* Couldn't parse %s ! */"%ciph - return None + if m: + fwsec, cipher, bits, mode, digest = m.groups() + return Ciphersuite(ciph, fwsec, cipher, bits, mode, digest) - fwsec, cipher, bits, mode, digest = m.groups() - if fwsec == 'EDH': - fwsec = 'DHE' + m = re.match('(?:TLS1|SSL3)_TXT_(EDH|DHE|ECDHE)_RSA(?:_WITH)?_(AES|DES)_(256|128|192)_CCM', ciph) + if m: + fwsec, cipher, bits = m.groups() + return Ciphersuite(ciph, fwsec, cipher, bits, "CCM", "n/a") - if mode in [ '_CBC3', '_CBC', '' ]: - mode = 'CBC' - elif mode == '_GCM': - mode = 'GCM' + m = re.match('(?:TLS1|SSL3)_TXT_(EDH|DHE|ECDHE)_RSA(?:_WITH)?_CHACHA20_POLY1305', ciph) + if m: + fwsec, = m.groups() + return Ciphersuite(ciph, fwsec, "CHACHA20", "256", "POLY1305", "n/a") + + print "/* Couldn't parse %s ! */"%ciph + return None - return Ciphersuite(ciph, fwsec, cipher, bits, mode, digest) ALL_CIPHERS = [] for fname in sys.argv[1:]: - ALL_CIPHERS += (parse_cipher(c) - for c in find_ciphers(fname) - if usable_cipher(c) ) + for c in find_ciphers(fname): + if usable_cipher(c): + parsed = parse_cipher(c) + if parsed != None: + ALL_CIPHERS.append(parsed) ALL_CIPHERS.sort(key=Ciphersuite.sort_key) +indent = " "*7 + for c in ALL_CIPHERS: if c is ALL_CIPHERS[-1]: - colon = ';' + colon = '' else: colon = ' ":"' if c.name in MANDATORY: - print " /* Required */" - print ' %s%s'%(c.name,colon) + print "%s/* Required */"%indent + print '%s%s%s'%(indent,c.name,colon) else: print "#ifdef %s"%c.name - print ' %s%s'%(c.name,colon) + print '%s%s%s'%(indent,c.name,colon) print "#endif" +print '%s;'%indent diff --git a/scripts/codegen/get_mozilla_ciphers.py b/scripts/codegen/get_mozilla_ciphers.py index e673ec7dc6..b07746c2e2 100644..100755 --- a/scripts/codegen/get_mozilla_ciphers.py +++ b/scripts/codegen/get_mozilla_ciphers.py @@ -127,9 +127,9 @@ for k, v in enabled_ciphers.items(): #oSSLinclude = ('/usr/include/openssl/ssl3.h', '/usr/include/openssl/ssl.h', # '/usr/include/openssl/ssl2.h', '/usr/include/openssl/ssl23.h', # '/usr/include/openssl/tls1.h') -oSSLinclude = ('ssl/ssl3.h', 'ssl/ssl.h', - 'ssl/ssl2.h', 'ssl/ssl23.h', - 'ssl/tls1.h') +oSSLinclude = ['ssl3.h', 'ssl.h' + 'ssl2.h', 'ssl23.h', + 'tls1.h'] ##### # This reads the hex code for the ciphers that are used by firefox. @@ -155,9 +155,12 @@ for x in used_ciphers: openssl_macro_by_hex = {} all_openssl_macros = {} for fl in oSSLinclude: - fp = open(ossl(fl), 'r') + fname = ossl("include/openssl/"+fl) + if not os.path.exists(fname): + continue + fp = open(fname, 'r') for line in fp.readlines(): - m = re.match('#define\s+(\S+)\s+(\S+)', line) + m = re.match('# *define\s+(\S+)\s+(\S+)', line) if m: value,key = m.groups() if key.startswith('0x') and "_CK_" in value: diff --git a/scripts/maint/fallback.blacklist b/scripts/maint/fallback.blacklist index c9fd8a9236..974b304729 100644 --- a/scripts/maint/fallback.blacklist +++ b/scripts/maint/fallback.blacklist @@ -27,11 +27,6 @@ # https://lists.torproject.org/pipermail/tor-relays/2015-December/008384.html 80.82.215.199:80 orport=443 id=3BEFAB76461B6B99DCF34C285E933562F5712AE4 ipv6=[2001:4ba0:cafe:a18::1]:443 -# https://lists.torproject.org/pipermail/tor-relays/2016-January/008515.html -# later opt-out in -# https://lists.torproject.org/pipermail/tor-relays/2016-January/008521.html -5.9.158.75:80 orport=443 id=F1BE15429B3CE696D6807F4D4A58B1BFEC45C822 ipv6=[2a01:4f8:190:514a::2]:443 - # Email sent directly to teor, verified using relay contact info 5.34.183.168:80 orport=443 id=601C92108A568742A7A6D9473FE3A414F7149070 217.12.199.208:8080 orport=22 id=BCFB0933367D626715DA32A147F417194A5D48D6 @@ -132,7 +127,6 @@ 85.114.135.20:9030 orport=9001 id=ED8A9291A3139E34BBD35037B082081EC6C26C80 ipv6=[2001:4ba0:fff5:2d::8]:9001 148.251.128.156:9030 orport=9001 id=E382042E06A0A68AFC533E5AD5FB6867A12DF9FF ipv6=[2a01:4f8:210:238a::8]:9001 62.210.115.147:9030 orport=9001 id=7F1D94E2C36F8CC595C2AB00022A5AE38171D50B ipv6=[2001:bc8:3182:101::8]:9001 -212.47.250.24:9030 orport=9001 id=33DA0CAB7C27812EFF2E22C9705630A54D101FEB # Email sent directly to teor, verified using relay contact info 74.208.220.222:60000 orport=59999 id=4AA22235F0E9B3795A33930343CBB3EDAC60C5B0 @@ -227,3 +221,34 @@ id=9C8A123081EFBE022EF795630F447839DDFDDDEC # Fallback was on 0.2.8.2-alpha list, but opted-out before 0.2.8.6 37.187.1.149:9030 orport=9001 id=08DC0F3C6E3D9C527C1FC8745D35DD1B0DE1875D ipv6=[2001:41d0:a:195::1]:9001 + +# Email sent directly to teor, verified using relay contact info +195.154.15.227:9030 orport=9001 id=6C3E3AB2F5F03CD71B637D433BAD924A1ECC5796 + +# Fallback was on 0.2.8.6 list, but changed IPv4 before 0.2.9 +195.154.8.111:80 orport=443 id=FCB6695F8F2DC240E974510A4B3A0F2B12AB5B64 +# Same operator, not on 0.2.8.6 list, also changed IPv4 +51.255.235.246:80 orport=443 id=9B99C72B02AF8E3E5BE3596964F9CACD0090D132 + +# Fallback was on 0.2.8.6 list, but changed IPv4 before 0.2.9 +5.175.233.86:80 orport=443 id=5525D0429BFE5DC4F1B0E9DE47A4CFA169661E33 + +# Fallbacks were on 0.2.8.6 list, but went down before 0.2.9 +194.150.168.79:11112 orport=11111 id=29F1020B94BE25E6BE1AD13E93CE19D2131B487C +94.126.23.174:9030 orport=9001 id=6FC6F08270D565BE89B7C819DD8E2D487397C073 +195.191.233.221:80 orport=443 id=DE134FC8E5CC4EC8A5DE66934E70AC9D70267197 +176.31.180.157:143 orport=22 id=E781F4EC69671B3F1864AE2753E0890351506329 ipv6=[2001:41d0:8:eb9d::1]:22 + +# Fallback was on 0.2.8.6 list, but opted-out before 0.2.9 +144.76.73.140:9030 orport=9001 id=6A640018EABF3DA9BAD9321AA37C2C87BBE1F907 + +# https://lists.torproject.org/pipermail/tor-relays/2016-December/011114.html +# no dirport +86.107.110.34:0 orport=9001 id=A0E3D30A660DB70CA0B6D081BA54D094DED6F28D +94.242.59.147:80 orport=9001 id=674DCBB0D9C1C4C4DBFB4A9AE024AF59FE4E7F46 ipv6=[2a00:1838:35:42::b648]:9001 + +# Email sent directly to teor, verified using relay contact info +167.114.152.100:9030 orport=443 id=0EF5E5FFC5D1EABCBDA1AFF6F6D6325C5756B0B2 ipv6=[2607:5300:100:200::1608]:443 + +# Email sent directly to teor, verified using relay contact info +163.172.35.245:80 orport=443 id=B771AA877687F88E6F1CA5354756DF6C8A7B6B24 diff --git a/scripts/maint/fallback.whitelist b/scripts/maint/fallback.whitelist index c801e46b15..c993be97d3 100644 --- a/scripts/maint/fallback.whitelist +++ b/scripts/maint/fallback.whitelist @@ -50,17 +50,14 @@ 167.114.35.28:9030 orport=9001 id=E65D300F11E1DB12C534B0146BDAB6972F1A8A48 # https://lists.torproject.org/pipermail/tor-relays/2015-December/008374.html -170.130.1.7:9030 orport=9001 id=FA3415659444AE006E7E9E5375E82F29700CFDFD +104.243.35.196:9030 orport=9001 id=FA3415659444AE006E7E9E5375E82F29700CFDFD # https://lists.torproject.org/pipermail/tor-relays/2015-December/008378.html 144.76.14.145:110 orport=143 id=14419131033443AE6E21DA82B0D307F7CAE42BDB ipv6=[2a01:4f8:190:9490::dead]:443 # https://lists.torproject.org/pipermail/tor-relays/2015-December/008379.html # Email sent directly to teor, verified using relay contact info -91.121.84.137:4951 orport=4051 id=6DE61A6F72C1E5418A66BFED80DFB63E4C77668F - -# https://lists.torproject.org/pipermail/tor-relays/2015-December/008380.html -5.175.233.86:80 orport=443 id=5525D0429BFE5DC4F1B0E9DE47A4CFA169661E33 +91.121.84.137:4951 orport=4051 id=6DE61A6F72C1E5418A66BFED80DFB63E4C77668F ipv6=[2001:41d0:1:8989::1]:4051 # https://lists.torproject.org/pipermail/tor-relays/2015-December/008381.html # Sent additional email to teor with more relays @@ -99,17 +96,14 @@ 178.62.199.226:80 orport=443 id=CBEFF7BA4A4062045133C053F2D70524D8BBE5BE ipv6=[2a03:b0c0:2:d0::b7:5001]:443 # Emails sent directly to teor, verified using relay contact info -217.12.199.208:80 orport=443 id=DF3AED4322B1824BF5539AE54B2D1B38E080FF05 +217.12.199.208:80 orport=443 id=DF3AED4322B1824BF5539AE54B2D1B38E080FF05 ipv6=[2a02:27a8:0:2::7e]:443 # Email sent directly to teor, verified using relay contact info 94.23.204.175:9030 orport=9001 id=5665A3904C89E22E971305EE8C1997BCA4123C69 -# https://twitter.com/binarytenshi/status/717952514327453697 -94.126.23.174:9030 orport=9001 id=6FC6F08270D565BE89B7C819DD8E2D487397C073 - # Email sent directly to teor, verified using relay contact info -171.25.193.78:80 orport=443 id=A478E421F83194C114F41E94F95999672AED51FE ipv6=[2001:67c:289c:3::78]:443 171.25.193.77:80 orport=443 id=A10C4F666D27364036B562823E5830BC448E046A ipv6=[2001:67c:289c:3::77]:443 +171.25.193.78:80 orport=443 id=A478E421F83194C114F41E94F95999672AED51FE ipv6=[2001:67c:289c:3::78]:443 171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576 171.25.193.20:80 orport=443 id=DD8BD7307017407FCC36F8D04A688F74A0774C02 ipv6=[2001:67c:289c::20]:443 # OK, but same machine as 79861CF8522FC637EF046F7688F5289E49D94576 @@ -118,9 +112,9 @@ #171.25.193.25:80 orport=443 id=185663B7C12777F052B2C2D23D7A239D8DA88A0F ipv6=[2001:67c:289c::25]:443 # Email sent directly to teor, verified using relay contact info -212.47.229.2:9030 orport=9001 id=20462CBA5DA4C2D963567D17D0B7249718114A68 +212.47.229.2:9030 orport=9001 id=20462CBA5DA4C2D963567D17D0B7249718114A68 ipv6=[2001:bc8:4400:2100::f03]:9001 93.115.97.242:9030 orport=9001 id=B5212DB685A2A0FCFBAE425738E478D12361710D -46.28.109.231:9030 orport=9001 id=F70B7C5CD72D74C7F9F2DC84FA9D20D51BA13610 ipv6=[2a02:2b88:2:1::4205:42]:9001 +46.28.109.231:9030 orport=9001 id=F70B7C5CD72D74C7F9F2DC84FA9D20D51BA13610 ipv6=[2a02:2b88:2:1::4205:1]:9001 # Email sent directly to teor, verified using relay contact info 85.235.250.88:80 orport=443 id=72B2B12A3F60408BDBC98C6DF53988D3A0B3F0EE @@ -154,31 +148,19 @@ 178.16.208.59:80 orport=443 id=136F9299A5009A4E0E96494E723BDB556FB0A26B ipv6=[2a00:1c20:4089:1234:bff6:e1bb:1ce3:8dc6]:443 # Email sent directly to teor, verified using relay contact info -195.154.8.111:80 orport=443 id=FCB6695F8F2DC240E974510A4B3A0F2B12AB5B64 -51.255.235.246:80 orport=443 id=9B99C72B02AF8E3E5BE3596964F9CACD0090D132 5.39.76.158:80 orport=443 id=C41F60F8B00E7FEF5CCC5BC6BB514CA1B8AAB651 # Email sent directly to teor, verified using relay contact info -109.163.234.5:80 orport=443 id=5C84C35936B7100B949AC75764EEF1352550550B -109.163.234.7:80 orport=443 id=C46524E586E1B997329703D356C07EE12B28C722 -109.163.234.9:80 orport=443 id=5714542DCBEE1DD9864824723638FD44B2122CEA -77.247.181.162:80 orport=443 id=7BB160A8F54BD74F3DA5F2CE701E8772B841859D -109.163.234.4:80 orport=443 id=6B1E001929AF4DDBB747D02EC28340792B7724A6 -77.247.181.164:80 orport=443 id=10E13E340651D0EF66B4DEBF610B3C0981168107 -109.163.234.8:80 orport=443 id=20B0038D7A2FD73C696922551B8344CB0893D1F8 -77.247.181.166:80 orport=443 id=06E123865C590189B3181114F23F0F13A7BC0E69 -109.163.234.2:80 orport=443 id=B4F883DB3D478C7AE569C9F6CB766FD58650DC6A +109.163.234.2:80 orport=443 id=14F92FF956105932E9DEC5B82A7778A0B1BD9A52 +109.163.234.4:80 orport=443 id=4888770464F0E900EFEF1BA181EA873D13F7713C +109.163.234.5:80 orport=443 id=5EB8D862E70981B8690DEDEF546789E26AB2BD24 +109.163.234.7:80 orport=443 id=23038A7F2845EBA2234ECD6651BD4A7762F51B18 +109.163.234.8:80 orport=443 id=0818DAE0E2DDF795AEDEAC60B15E71901084F281 +109.163.234.9:80 orport=443 id=ABF7FBF389C9A747938B639B20E80620B460B2A9 62.102.148.67:80 orport=443 id=4A0C3E177AF684581EF780981AEAF51A98A6B5CF -109.163.234.5:80 orport=443 id=5C84C35936B7100B949AC75764EEF1352550550B -109.163.234.7:80 orport=443 id=C46524E586E1B997329703D356C07EE12B28C722 -109.163.234.9:80 orport=443 id=5714542DCBEE1DD9864824723638FD44B2122CEA 77.247.181.162:80 orport=443 id=7BB160A8F54BD74F3DA5F2CE701E8772B841859D -109.163.234.4:80 orport=443 id=6B1E001929AF4DDBB747D02EC28340792B7724A6 77.247.181.164:80 orport=443 id=10E13E340651D0EF66B4DEBF610B3C0981168107 -109.163.234.8:80 orport=443 id=20B0038D7A2FD73C696922551B8344CB0893D1F8 77.247.181.166:80 orport=443 id=06E123865C590189B3181114F23F0F13A7BC0E69 -109.163.234.2:80 orport=443 id=B4F883DB3D478C7AE569C9F6CB766FD58650DC6A -62.102.148.67:80 orport=443 id=4A0C3E177AF684581EF780981AEAF51A98A6B5CF # https://twitter.com/biotimylated/status/718994247500718080 212.47.252.149:9030 orport=9001 id=2CAC39BAA996791CEFAADC9D4754D65AF5EB77C0 @@ -215,9 +197,7 @@ # Email sent directly to teor, verified using relay contact info 86.59.119.88:80 orport=443 id=ACD889D86E02EDDAB1AFD81F598C0936238DC6D0 - -# Email sent directly to teor, verified using relay contact info -144.76.73.140:9030 orport=9001 id=6A640018EABF3DA9BAD9321AA37C2C87BBE1F907 +86.59.119.83:80 orport=443 id=FC9AC8EA0160D88BCCFDE066940D7DD9FA45495B # Email sent directly to teor, verified using relay contact info 193.11.164.243:9030 orport=9001 id=FFA72BD683BC2FCF988356E6BEC1E490F313FB07 ipv6=[2001:6b0:7:125::243]:9001 @@ -278,8 +258,8 @@ # Email sent directly to teor, verified using relay contact info 178.62.22.36:80 orport=443 id=A0766C0D3A667A3232C7D569DE94A28F9922FCB1 ipv6=[2a03:b0c0:1:d0::174:1]:9050 -188.166.23.127:80 orport=443 id=3771A8154DEA98D551607806C80A209CDAA74535 ipv6=[2a03:b0c0:2:d0::27b:7001]:9050 -198.199.64.217:80 orport=443 id=FAD306BAA59F6A02783F8606BDAA431F5FF7D1EA ipv6=[2604:a880:400:d0::1a9:b001]:9050 +188.166.23.127:80 orport=443 id=8672E8A01B4D3FA4C0BBE21C740D4506302EA487 ipv6=[2a03:b0c0:2:d0::27b:7001]:9050 +198.199.64.217:80 orport=443 id=B1D81825CFD7209BD1B4520B040EF5653C204A23 ipv6=[2604:a880:400:d0::1a9:b001]:9050 159.203.32.149:80 orport=443 id=55C7554AFCEC1062DCBAC93E67B2E03C6F330EFC ipv6=[2604:a880:cad:d0::105:f001]:9050 # Email sent directly to teor, verified using relay contact info @@ -301,9 +281,6 @@ 212.47.230.49:9030 orport=9001 id=3D6D0771E54056AEFC28BB1DE816951F11826E97 # Email sent directly to teor, verified using relay contact info -176.31.180.157:143 orport=22 id=E781F4EC69671B3F1864AE2753E0890351506329 ipv6=[2001:41d0:8:eb9d::1]:22 - -# Email sent directly to teor, verified using relay contact info 192.99.55.69:80 orport=443 id=0682DE15222A4A4A0D67DBA72A8132161992C023 192.99.59.140:80 orport=443 id=3C9148DA49F20654730FAC83FFF693A4D49D0244 51.254.215.13:80 orport=443 id=73C30C8ABDD6D9346C822966DE73B9F82CB6178A @@ -318,7 +295,7 @@ 151.80.42.103:9030 orport=9001 id=9007C1D8E4F03D506A4A011B907A9E8D04E3C605 ipv6=[2001:41d0:e:f67::114]:9001 # Email sent directly to teor, verified using relay contact info -5.39.92.199:80 orport=443 id=0BEA4A88D069753218EAAAD6D22EA87B9A1319D6 +5.39.92.199:80 orport=443 id=0BEA4A88D069753218EAAAD6D22EA87B9A1319D6 ipv6=[2001:41d0:8:b1c7::1]:443 # Email sent directly to teor, verified using relay contact info 176.31.159.231:80 orport=443 id=D5DBCC0B4F029F80C7B8D33F20CF7D97F0423BB1 @@ -332,10 +309,7 @@ 212.47.241.21:80 orport=443 id=892F941915F6A0C6E0958E52E0A9685C190CF45C # Email sent directly to teor, verified using relay contact info -195.191.233.221:80 orport=443 id=DE134FC8E5CC4EC8A5DE66934E70AC9D70267197 - -# Email sent directly to teor, verified using relay contact info -62.210.238.33:9030 orport=9001 id=FDF845FC159C0020E2BDDA120C30C5C5038F74B4 +212.129.38.254:9030 orport=9001 id=FDF845FC159C0020E2BDDA120C30C5C5038F74B4 # Email sent directly to teor, verified using relay contact info 37.157.195.87:8030 orport=443 id=12FD624EE73CEF37137C90D38B2406A66F68FAA2 @@ -405,12 +379,12 @@ 91.219.237.229:80 orport=443 id=1ECD73B936CB6E6B3CD647CC204F108D9DF2C9F7 # Email sent directly to teor, verified using relay contact info -# Suitable, check with operator before adding -#212.47.240.10:82 orport=443 id=2A4C448784F5A83AFE6C78DA357D5E31F7989DEB -212.47.240.10:81 orport=993 id=72527E3242CB15AADE28374AE0D35833FC083F60 +212.47.240.10:82 orport=443 id=2A4C448784F5A83AFE6C78DA357D5E31F7989DEB +# Ok, but on the same machine as 2A4C448784F5A83AFE6C78DA357D5E31F7989DEB +#212.47.240.10:81 orport=993 id=72527E3242CB15AADE28374AE0D35833FC083F60 163.172.131.88:80 orport=443 id=AD253B49E303C6AB1E048B014392AC569E8A7DAE ipv6=[2001:bc8:4400:2100::2:1009]:443 -# Suitable, check with operator before adding -#163.172.131.88:81 orport=993 id=D5F3FB17504744FB7ECEF46F4B1D155258A6D942 ipv6=D5F3FB17504744FB7ECEF46F4B1D155258A6D942 +# Ok, but on the same machine as AD253B49E303C6AB1E048B014392AC569E8A7DAE +#163.172.131.88:81 orport=993 id=D5F3FB17504744FB7ECEF46F4B1D155258A6D942 ipv6=[2001:bc8:4400:2100::2:1009]:993 # Email sent directly to teor, verified using relay contact info 46.101.151.222:80 orport=443 id=1DBAED235E3957DE1ABD25B4206BE71406FB61F8 @@ -444,9 +418,6 @@ 188.166.133.133:9030 orport=9001 id=774555642FDC1E1D4FDF2E0C31B7CA9501C5C9C7 ipv6=[2a03:b0c0:2:d0::5:f001]:9001 # Email sent directly to teor, verified using relay contact info -5.196.88.122:9030 orport=9001 id=0C2C599AFCB26F5CFC2C7592435924C1D63D9484 - -# Email sent directly to teor, verified using relay contact info 46.8.249.10:80 orport=443 id=31670150090A7C3513CB7914B9610E786391A95D # Email sent directly to teor, verified using relay contact info @@ -485,11 +456,10 @@ 5.9.146.203:80 orport=443 id=1F45542A24A61BF9408F1C05E0DCE4E29F2CBA11 # Email sent directly to teor, verified using relay contact info -167.114.152.100:9030 orport=443 id=0EF5E5FFC5D1EABCBDA1AFF6F6D6325C5756B0B2 ipv6=[2607:5300:100:200::1608]:443 - -# Email sent directly to teor, verified using relay contact info -192.99.168.102:80 orport=443 id=230A8B2A8BA861210D9B4BA97745AEC217A94207 -167.114.153.21:80 orport=443 id=0B85617241252517E8ECF2CFC7F4C1A32DCD153F +# Updated details from atlas based on ticket #20010 +163.172.176.167:80 orport=443 id=230A8B2A8BA861210D9B4BA97745AEC217A94207 +163.172.149.155:80 orport=443 id=0B85617241252517E8ECF2CFC7F4C1A32DCD153F +163.172.149.122:80 orport=443 id=A9406A006D6E7B5DA30F2C6D4E42A338B5E340B2 # Email sent directly to teor, verified using relay contact info 204.11.50.131:9030 orport=9001 id=185F2A57B0C4620582602761097D17DB81654F70 @@ -498,9 +468,6 @@ 151.236.222.217:44607 orport=9001 id=94D58704C2589C130C9C39ED148BD8EA468DBA54 # Email sent directly to teor, verified using relay contact info -194.150.168.79:11112 orport=11111 id=29F1020B94BE25E6BE1AD13E93CE19D2131B487C - -# Email sent directly to teor, verified using relay contact info 185.35.202.221:9030 orport=9001 id=C13B91384CDD52A871E3ECECE4EF74A7AC7DCB08 ipv6=[2a02:ed06::221]:9001 # Email sent directly to teor, verified using relay contact info @@ -513,7 +480,7 @@ 92.222.20.130:80 orport=443 id=0639612FF149AA19DF3BCEA147E5B8FED6F3C87C # Email sent directly to teor, verified using relay contact info -80.112.155.100:9030 orport=9001 id=1163378F239C36CA1BDC730AC50BF4F2976141F5 ipv6=[2001:470:7b02::38]:9001 +80.112.155.100:9030 orport=9001 id=53B000310984CD86AF47E5F3CD0BFF184E34B383 ipv6=[2001:470:7b02::38]:9001 # Email sent directly to teor, verified using relay contact info 83.212.99.68:80 orport=443 id=DDBB2A38252ADDA53E4492DDF982CA6CC6E10EC0 ipv6=[2001:648:2ffc:1225:a800:bff:fe3d:67b5]:443 @@ -522,7 +489,7 @@ 95.130.11.147:9030 orport=443 id=6B697F3FF04C26123466A5C0E5D1F8D91925967A # Email sent directly to teor, verified using relay contact info -176.31.191.26:9030 orport=9001 id=7350AB9ED7568F22745198359373C04AC783C37C +176.31.191.26:80 orport=443 id=7350AB9ED7568F22745198359373C04AC783C37C # Email sent directly to teor, verified using relay contact info 128.199.55.207:9030 orport=9001 id=BCEF908195805E03E92CCFE669C48738E556B9C5 ipv6=[2a03:b0c0:2:d0::158:3001]:9001 @@ -540,16 +507,17 @@ 80.240.139.111:80 orport=443 id=DD3BE7382C221F31723C7B294310EF9282B9111B # Email sent directly to teor, verified using relay contact info -185.97.32.18:9030 orport=9001 id=3BAB316CAAEC47E71905EB6C65584636D5689A8A +185.97.32.18:9030 orport=9001 id=04250C3835019B26AA6764E85D836088BE441088 # Email sent directly to teor, verified using relay contact info 149.56.45.200:9030 orport=9001 id=FE296180018833AF03A8EACD5894A614623D3F76 # Email sent directly to teor, verified using relay contact info -81.2.209.10:443 orport=80 id=B6904ADD4C0D10CDA7179E051962350A69A63243 +81.2.209.10:443 orport=80 id=B6904ADD4C0D10CDA7179E051962350A69A63243 ipv6=[2001:15e8:201:1::d10a]:80 # Email sent directly to teor, verified using relay contact info -195.154.164.243:80 orport=443 id=AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C ipv6=[2001:bc8:399f:f000::1]:993 +# IPv6 address unreliable +195.154.164.243:80 orport=443 id=AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C #ipv6=[2001:bc8:399f:f000::1]:993 138.201.26.2:80 orport=443 id=6D3A3ED5671E4E3F58D4951438B10AE552A5FA0F 81.7.16.182:80 orport=443 id=51E1CF613FD6F9F11FE24743C91D6F9981807D82 ipv6=[2a02:180:1:1::517:10b6]:993 134.119.36.135:80 orport=443 id=763C9556602BD6207771A7A3D958091D44C43228 ipv6=[2a00:1158:3::2a8]:993 @@ -563,7 +531,7 @@ 217.12.208.117:80 orport=443 id=E6E18151300F90C235D3809F90B31330737CEB43 ipv6=[2a00:1ca8:a7::1bb]:993 81.7.10.251:80 orport=443 id=8073670F8F852971298F8AF2C5B23AE012645901 ipv6=[2a02:180:1:1::517:afb]:993 46.36.39.50:80 orport=443 id=ED4B0DBA79AEF5521564FA0231455DCFDDE73BB6 ipv6=[2a02:25b0:aaaa:aaaa:8d49:b692:4852:0]:995 -91.194.90.103:80 orport=443 id=75C4495F4D80522CA6F6A3FB349F1B009563F4B7 ipv6=[2a02:c200:0:10:3:0:5449:1]:993 +91.194.90.103:80 orport=443 id=75C4495F4D80522CA6F6A3FB349F1B009563F4B7 ipv6=[2a02:c205:3000:5449::1]:993 163.172.25.118:80 orport=22 id=0CF8F3E6590F45D50B70F2F7DA6605ECA6CD408F 188.138.88.42:80 orport=443 id=70C55A114C0EF3DC5784A4FAEE64388434A3398F 81.7.13.84:80 orport=443 id=0C1E7DD9ED0676C788933F68A9985ED853CA5812 ipv6=[2a02:180:1:1::5b8f:538c]:993 @@ -587,11 +555,10 @@ 91.229.20.27:9030 orport=9001 id=9A0D54D3A6D2E0767596BF1515E6162A75B3293F # Email sent directly to teor, verified using relay contact info -# Awaiting confirmation of new ORPort from relay operator 80.127.137.19:80 orport=443 id=6EF897645B79B6CB35E853B32506375014DE3621 ipv6=[2001:981:47c1:1::6]:443 # Email sent directly to teor, verified using relay contact info -163.172.138.22:80 orport=443 id=8664DC892540F3C789DB37008236C096C871734D +163.172.138.22:80 orport=443 id=8664DC892540F3C789DB37008236C096C871734D ipv6=[2001:bc8:4400:2100::1:3]:443 # Email sent directly to teor, verified using relay contact info 97.74.237.196:9030 orport=9001 id=2F0F32AB1E5B943CA7D062C03F18960C86E70D94 @@ -603,7 +570,7 @@ 178.62.98.160:9030 orport=9001 id=8B92044763E880996A988831B15B2B0E5AD1544A # Email sent directly to teor, verified using relay contact info -195.154.15.227:9030 orport=9001 id=6C3E3AB2F5F03CD71B637D433BAD924A1ECC5796 +163.172.217.50:9030 orport=9001 id=02ECD99ECD596013A8134D46531560816ECC4BE6 # Email sent directly to teor, verified using relay contact info 185.100.86.100:80 orport=443 id=0E8C0C8315B66DB5F703804B3889A1DD66C67CE0 @@ -617,10 +584,11 @@ 178.62.86.96:9030 orport=9001 id=439D0447772CB107B886F7782DBC201FA26B92D1 ipv6=[2a03:b0c0:1:d0::3cf:7001]:9050 # Email sent directly to teor, verified using relay contact info -91.233.106.121:80 orport=443 id=896364B7996F5DFBA0E15D1A2E06D0B98B555DD6 +# Very low bandwidth, stale consensues, excluded to cut down on warnings +#91.233.106.121:80 orport=443 id=896364B7996F5DFBA0E15D1A2E06D0B98B555DD6 # Email sent directly to teor, verified using relay contact info -167.114.113.48:9030 orport=443 id=2EC0C66EA700C44670444280AABAB1EC78B722A0 +167.114.113.48:9030 orport=403 id=2EC0C66EA700C44670444280AABAB1EC78B722A0 # Email sent directly to teor, verified using relay contact info 79.120.16.42:9030 orport=9001 id=BD552C165E2ED2887D3F1CCE9CFF155DDA2D86E6 @@ -675,7 +643,7 @@ 46.4.111.124:9030 orport=9001 id=D9065F9E57899B3D272AA212317AF61A9B14D204 # Email sent directly to teor, verified using relay contact info -78.46.164.129:9030 orport=9001 id=52AEA31188331F421B2EDB494DB65CD181E5B257 +138.201.130.32:9030 orport=9001 id=52AEA31188331F421B2EDB494DB65CD181E5B257 # Email sent directly to teor, verified using relay contact info 185.100.85.61:80 orport=443 id=025B66CEBC070FCB0519D206CF0CF4965C20C96E @@ -684,11 +652,12 @@ 108.166.168.158:80 orport=443 id=CDAB3AE06A8C9C6BF817B3B0F1877A4B91465699 # Email sent directly to teor, verified using relay contact info -91.219.236.222:80 orport=443 id=EC413181CEB1C8EDC17608BBB177CD5FD8535E99 +91.219.236.222:80 orport=443 id=20704E7DD51501DC303FA51B738D7B7E61397CF6 # Email sent directly to teor, verified using relay contact info 185.14.185.240:9030 orport=443 id=D62FB817B0288085FAC38A6DC8B36DCD85B70260 192.34.63.137:9030 orport=443 id=ABCB4965F1FEE193602B50A365425105C889D3F8 +128.199.197.16:9030 orport=443 id=DEE5298B3BA18CDE651421CD2DCB34A4A69F224D # Email sent directly to teor, verified using relay contact info 185.13.38.75:9030 orport=9001 id=D2A1703758A0FBBA026988B92C2F88BAB59F9361 @@ -719,7 +688,7 @@ 166.70.207.2:9030 orport=9001 id=E3DB2E354B883B59E8DC56B3E7A353DDFD457812 # Emails sent directly to teor, verified using relay contact info -#69.162.139.9:9030 orport=9001 id=4791FC0692EAB60DF2BCCAFF940B95B74E7654F6 ipv6=[2607:f128:40:1212::45a2:8b09]:9001 +69.162.139.9:9030 orport=9001 id=4791FC0692EAB60DF2BCCAFF940B95B74E7654F6 ipv6=[2607:f128:40:1212::45a2:8b09]:9001 # Email sent directly to teor, verified using relay contact info 213.239.217.18:1338 orport=1337 id=C37BC191AC389179674578C3E6944E925FE186C2 ipv6=[2a01:4f8:a0:746a:101:1:1:1]:1337 @@ -749,7 +718,6 @@ # Email sent directly to teor, verified using relay contact info 163.172.35.249:80 orport=443 id=C08DE49658E5B3CFC6F2A952B453C4B608C9A16A 163.172.35.247:80 orport=443 id=71AB4726D830FAE776D74AEF790CF04D8E0151B4 -163.172.13.124:80 orport=443 id=B771AA877687F88E6F1CA5354756DF6C8A7B6B24 # Email sent directly to teor, verified using relay contact info 64.113.32.29:9030 orport=9001 id=30C19B81981F450C402306E2E7CFB6C3F79CB6B2 @@ -768,3 +736,95 @@ # Email sent directly to teor, verified using relay contact info 62.216.5.120:9030 orport=9001 id=D032D4D617140D6B828FC7C4334860E45E414FBE + +# Email sent directly to teor, verified using relay contact info +51.254.136.195:80 orport=443 id=7BB70F8585DFC27E75D692970C0EEB0F22983A63 + +# Email sent directly to teor, verified using relay contact info +163.172.13.165:9030 orport=9001 id=33DA0CAB7C27812EFF2E22C9705630A54D101FEB ipv6=[2001:bc8:38cb:201::8]:9001 + +# Email sent directly to teor, verified using relay contact info +5.196.88.122:9030 orport=9001 id=0C2C599AFCB26F5CFC2C7592435924C1D63D9484 ipv6=[2001:41d0:a:fb7a::1]:9001 + +# Email sent directly to teor, verified using relay contact info +5.9.158.75:80 orport=443 id=1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA ipv6=[2a01:4f8:190:514a::2]:443 + +# Email sent directly to teor, verified using relay contact info +46.101.169.151:9030 orport=9001 id=D760C5B436E42F93D77EF2D969157EEA14F9B39C ipv6=[2a03:b0c0:3:d0::74f:a001]:9001 + +# Email sent directly to teor, verified using relay contact info +199.249.223.81:80 orport=443 id=F7447E99EB5CBD4D5EB913EE0E35AC642B5C1EF3 +199.249.223.79:80 orport=443 id=D33292FEDE24DD40F2385283E55C87F85C0943B6 +199.249.223.78:80 orport=443 id=EC15DB62D9101481F364DE52EB8313C838BDDC29 +199.249.223.77:80 orport=443 id=CC4A3AE960E3617F49BF9887B79186C14CBA6813 +199.249.223.76:80 orport=443 id=43209F6D50C657A56FE79AF01CA69F9EF19BD338 +199.249.223.75:80 orport=443 id=60D3667F56AEC5C69CF7E8F557DB21DDF6C36060 +199.249.223.74:80 orport=443 id=5F4CD12099AF20FAF9ADFDCEC65316A376D0201C +199.249.223.73:80 orport=443 id=5649CB2158DA94FB747415F26628BEC07FA57616 +199.249.223.72:80 orport=443 id=B028707969D8ED84E6DEA597A884F78AAD471971 +199.249.223.71:80 orport=443 id=B6320E44A230302C7BF9319E67597A9B87882241 +199.249.223.60:80 orport=443 id=B7047FBDE9C53C39011CA84E5CB2A8E3543066D0 +199.249.223.61:80 orport=443 id=40E7D6CE5085E4CDDA31D51A29D1457EB53F12AD +199.249.223.62:80 orport=443 id=0077BCBA7244DB3E6A5ED2746E86170066684887 +199.249.223.63:80 orport=443 id=1DB25DF59DAA01B5BE3D3CEB8AFED115940EBE8B +199.249.223.64:80 orport=443 id=9F2856F6D2B89AD4EF6D5723FAB167DB5A53519A +199.249.223.65:80 orport=443 id=9D21F034C3BFF4E7737D08CF775DC1745706801F +199.249.223.66:80 orport=443 id=C5A53BCC174EF8FD0DCB223E4AA929FA557DEDB2 +199.249.223.67:80 orport=443 id=155D6F57425F16C0624D77777641E4EB1B47C6F0 +199.249.223.68:80 orport=443 id=DF20497E487A979995D851A5BCEC313DF7E5BC51 +199.249.223.69:80 orport=443 id=7FA8E7E44F1392A4E40FFC3B69DB3B00091B7FD3 + +# https://lists.torproject.org/pipermail/tor-relays/2016-December/011114.html +86.105.212.130:9030 orport=443 id=9C900A7F6F5DD034CFFD192DAEC9CCAA813DB022 + +# Email sent directly to teor, verified using relay contact info +178.33.183.251:80 orport=443 id=DD823AFB415380A802DCAEB9461AE637604107FB ipv6=[2001:41d0:2:a683::251]:443 + +# Email sent directly to teor, verified using relay contact info +#31.185.104.19:80 orport=443 id=9EAD5B2D3DBD96DBC80DCE423B0C345E920A758D +# OK, but on same machine as 9EAD5B2D3DBD96DBC80DCE423B0C345E920A758D +31.185.104.20:80 orport=443 id=ADB2C26629643DBB9F8FE0096E7D16F9414B4F8D +#31.185.104.21:80 orport=443 id=C2AAB088555850FC434E68943F551072042B85F1 +#31.185.104.22:80 orport=443 id=5BA3A52760A0EABF7E7C3ED3048A77328FF0F148 + +# Email sent directly to teor, verified using relay contact info +185.34.60.114:80 orport=443 id=7F7A695DF6F2B8640A70B6ADD01105BC2EBC5135 + +# Email sent directly to teor, verified using relay contact info +94.142.242.84:80 orport=443 id=AA0D167E03E298F9A8CD50F448B81FBD7FA80D56 ipv6=[2a02:898:24:84::1]:443 + +# Email sent directly to teor, verified using relay contact info +185.129.62.62:9030 orport=9001 id=ACDD9E85A05B127BA010466C13C8C47212E8A38F ipv6=[2a06:d380:0:3700::62]:9001 + +# Email sent directly to teor, verified using relay contact info +# The e84 part of the IPv6 address does not have a leading 0 in the consensus +81.30.158.213:9030 orport=9001 id=789EA6C9AE9ADDD8760903171CFA9AC5741B0C70 ipv6=[2001:4ba0:cafe:e84::1]:9001 + +# https://lists.torproject.org/pipermail/tor-relays/2016-December/011209.html +5.9.159.14:9030 orport=9001 id=0F100F60C7A63BED90216052324D29B08CFCF797 + +# Email sent directly to teor, verified using relay contact info +45.62.255.25:80 orport=443 id=3473ED788D9E63361D1572B7E82EC54338953D2A + +# Email sent directly to teor, verified using relay contact info +217.79.179.177:9030 orport=9001 id=3E53D3979DB07EFD736661C934A1DED14127B684 ipv6=[2001:4ba0:fff9:131:6c4f::90d3]:9001 + +# Email sent directly to teor, verified using relay contact info +212.47.244.38:8080 orport=443 id=E81EF60A73B3809F8964F73766B01BAA0A171E20 +163.172.157.213:8080 orport=443 id=4623A9EC53BFD83155929E56D6F7B55B5E718C24 +163.172.139.104:8080 orport=443 id=68F175CCABE727AA2D2309BCD8789499CEE36ED7 + +# Email sent directly to teor, verified using relay contact info +163.172.223.200:80 orport=443 id=998BF3ED7F70E33D1C307247B9626D9E7573C438 +195.154.122.54:80 orport=443 id=64E99CB34C595A02A3165484BD1215E7389322C6 + +# Email sent directly to teor, verified using relay contact info +185.100.86.128:9030 orport=9001 id=9B31F1F1C1554F9FFB3455911F82E818EF7C7883 +185.100.85.101:9030 orport=9001 id=4061C553CA88021B8302F0814365070AAE617270 +31.171.155.108:9030 orport=9001 id=D3E5EDDBE5159388704D6785BE51930AAFACEC6F + +# Email sent directly to teor, verified using relay contact info +89.163.247.43:9030 orport=9001 id=BC7ACFAC04854C77167C7D66B7E471314ED8C410 ipv6=[2001:4ba0:fff7:25::5]:9001 + +# Email sent directly to teor, verified using relay contact info +95.85.8.226:80 orport=443 id=1211AC1BBB8A1AF7CBA86BCE8689AA3146B86423 diff --git a/scripts/maint/lintChanges.py b/scripts/maint/lintChanges.py index b63a4eb3a1..bf06064fa8 100755 --- a/scripts/maint/lintChanges.py +++ b/scripts/maint/lintChanges.py @@ -7,7 +7,7 @@ import re import os -KNOWN_GROUPS=set([ +KNOWN_GROUPS = set([ "Minor bugfix", "Minor bugfixes", "Major bugfix", @@ -22,6 +22,7 @@ KNOWN_GROUPS=set([ "Code simplification and refactoring", "Removed features"]) + def lintfile(fname): have_warned = [] @@ -43,17 +44,15 @@ def lintfile(fname): if bugnum and bugnum not in contents: warn("bug number {} does not appear".format(bugnum)) - lines = contents.split("\n") - m = re.match(r'^[ ]{2}o ([^\(:]*)([^:]*):', contents) if not m: warn("header not in format expected") elif m.group(1).strip() not in KNOWN_GROUPS: - warn("Weird header: %r"%m.group(1)) - elif ( ("bugfix" in m.group(1) or "feature" in m.group(1)) and - ("Removed" not in m.group(1)) and - '(' not in m.group(2)): - warn("Missing subcategory on %s"%m.group(1)) + warn("Weird header: %r" % m.group(1)) + elif (("bugfix" in m.group(1) or "feature" in m.group(1)) and + ("Removed" not in m.group(1)) and + '(' not in m.group(2)): + warn("Missing subcategory on %s" % m.group(1)) if m: isBug = ("bug" in m.group(1).lower() or "fix" in m.group(1).lower()) @@ -76,6 +75,8 @@ def lintfile(fname): elif not re.search('[fF]ixes ([a-z ]*)bug (\d+); bugfix on ', contents): warn("bugfix incant is not semicoloned") + elif re.search('tor-([0-9]+)', contents): + warn("do not prefix versions with 'tor-'") if __name__ == '__main__': diff --git a/scripts/maint/updateFallbackDirs.py b/scripts/maint/updateFallbackDirs.py index 110ecda64c..117ac5cccb 100755 --- a/scripts/maint/updateFallbackDirs.py +++ b/scripts/maint/updateFallbackDirs.py @@ -1,6 +1,8 @@ #!/usr/bin/python -# Usage: scripts/maint/updateFallbackDirs.py > src/or/fallback_dirs.inc +# Usage: +# scripts/maint/updateFallbackDirs.py > src/or/fallback_dirs.inc +# scripts/maint/updateFallbackDirs.py check_existing > src/or/fallback_dirs.inc # # This script should be run from a stable, reliable network connection, # with no other network activity (and not over tor). @@ -37,16 +39,13 @@ import dateutil.parser # bson_lazy provides bson #from bson import json_util import copy +import re -from stem.descriptor.remote import DescriptorDownloader +from stem.descriptor import DocumentHandler +from stem.descriptor.remote import get_consensus import logging -# INFO tells you why each relay was included or excluded -# WARN tells you about potential misconfigurations and relay detail changes -logging.basicConfig(level=logging.WARNING) logging.root.name = '' -# INFO tells you about each consensus download attempt -logging.getLogger('stem').setLevel(logging.WARNING) HAVE_IPADDRESS = False try: @@ -80,7 +79,27 @@ PERFORM_IPV4_DIRPORT_CHECKS = False if OUTPUT_CANDIDATES else True # Don't check ~1000 candidates when OUTPUT_CANDIDATES is True PERFORM_IPV6_DIRPORT_CHECKS = False if OUTPUT_CANDIDATES else False -# Output fallback name, flags, and ContactInfo in a C comment? +# Must relays be running now? +MUST_BE_RUNNING_NOW = (PERFORM_IPV4_DIRPORT_CHECKS + or PERFORM_IPV6_DIRPORT_CHECKS) + +# Clients have been using microdesc consensuses by default for a while now +DOWNLOAD_MICRODESC_CONSENSUS = True + +# If a relay delivers an expired consensus, if it expired less than this many +# seconds ago, we still allow the relay. This should never be less than -90, +# as all directory mirrors should have downloaded a consensus 90 minutes +# before it expires. It should never be more than 24 hours, because clients +# reject consensuses that are older than REASONABLY_LIVE_TIME. +# For the consensus expiry check to be accurate, the machine running this +# script needs an accurate clock. +# We use 24 hours to compensate for #20909, where relays on 0.2.9.5-alpha and +# 0.3.0.0-alpha-dev and later deliver stale consensuses, but typically recover +# after ~12 hours. +# We should make this lower when #20909 is fixed, see #20942. +CONSENSUS_EXPIRY_TOLERANCE = 24*60*60 + +# Output fallback name, flags, bandwidth, and ContactInfo in a C comment? OUTPUT_COMMENTS = True if OUTPUT_CANDIDATES else False # Output matching ContactInfo in fallbacks list or the blacklist? @@ -88,6 +107,12 @@ OUTPUT_COMMENTS = True if OUTPUT_CANDIDATES else False CONTACT_COUNT = True if OUTPUT_CANDIDATES else False CONTACT_BLACKLIST_COUNT = True if OUTPUT_CANDIDATES else False +# How the list should be sorted: +# fingerprint: is useful for stable diffs of fallback lists +# measured_bandwidth: is useful when pruning the list based on bandwidth +# contact: is useful for contacting operators once the list has been pruned +OUTPUT_SORT_FIELD = 'contact' if OUTPUT_CANDIDATES else 'fingerprint' + ## OnionOO Settings ONIONOO = 'https://onionoo.torproject.org/' @@ -121,22 +146,28 @@ BLACKLIST_EXCLUDES_WHITELIST_ENTRIES = True WHITELIST_FILE_NAME = 'scripts/maint/fallback.whitelist' BLACKLIST_FILE_NAME = 'scripts/maint/fallback.blacklist' +FALLBACK_FILE_NAME = 'src/or/fallback_dirs.inc' # The number of bytes we'll read from a filter file before giving up MAX_LIST_FILE_SIZE = 1024 * 1024 ## Eligibility Settings -# Reduced due to a bug in tor where a relay submits a 0 DirPort when restarted -# This causes OnionOO to (correctly) reset its stability timer -# This issue will be fixed in 0.2.7.7 and 0.2.8.2 -# Until then, the CUTOFFs below ensure a decent level of stability. +# Require fallbacks to have the same address and port for a set amount of time +# +# There was a bug in Tor 0.2.8.1-alpha and earlier where a relay temporarily +# submits a 0 DirPort when restarted. +# This causes OnionOO to (correctly) reset its stability timer. +# Affected relays should upgrade to Tor 0.2.8.7 or later, which has a fix +# for this issue. ADDRESS_AND_PORT_STABLE_DAYS = 7 +# We ignore relays that have been down for more than this period +MAX_DOWNTIME_DAYS = 0 if MUST_BE_RUNNING_NOW else 7 # What time-weighted-fraction of these flags must FallbackDirs # Equal or Exceed? -CUTOFF_RUNNING = .95 -CUTOFF_V2DIR = .95 -CUTOFF_GUARD = .95 +CUTOFF_RUNNING = .90 +CUTOFF_V2DIR = .90 +CUTOFF_GUARD = .90 # What time-weighted-fraction of these flags must FallbackDirs # Equal or Fall Under? # .00 means no bad exits @@ -155,12 +186,19 @@ ONIONOO_SCALE_ONE = 999. _FB_POG = 0.2 FALLBACK_PROPORTION_OF_GUARDS = None if OUTPUT_CANDIDATES else _FB_POG -# We want exactly 100 fallbacks for the initial release -# This gives us scope to add extra fallbacks to the list as needed # Limit the number of fallbacks (eliminating lowest by advertised bandwidth) -MAX_FALLBACK_COUNT = None if OUTPUT_CANDIDATES else 100 -# Emit a C #error if the number of fallbacks is below -MIN_FALLBACK_COUNT = 100 +MAX_FALLBACK_COUNT = None if OUTPUT_CANDIDATES else 200 +# Emit a C #error if the number of fallbacks is less than expected +MIN_FALLBACK_COUNT = 0 if OUTPUT_CANDIDATES else MAX_FALLBACK_COUNT*0.75 + +# The maximum number of fallbacks on the same address, contact, or family +# With 200 fallbacks, this means each operator can see 1% of client bootstraps +# (The directory authorities used to see ~12% of client bootstraps each.) +MAX_FALLBACKS_PER_IP = 1 +MAX_FALLBACKS_PER_IPV4 = MAX_FALLBACKS_PER_IP +MAX_FALLBACKS_PER_IPV6 = MAX_FALLBACKS_PER_IP +MAX_FALLBACKS_PER_CONTACT = 3 +MAX_FALLBACKS_PER_FAMILY = 3 ## Fallback Bandwidth Requirements @@ -171,12 +209,12 @@ MIN_FALLBACK_COUNT = 100 EXIT_BANDWIDTH_FRACTION = 1.0 # If a single fallback's bandwidth is too low, it's pointless adding it -# We expect fallbacks to handle an extra 30 kilobytes per second of traffic +# We expect fallbacks to handle an extra 10 kilobytes per second of traffic # Make sure they can support a hundred times the expected extra load -# (Use 102.4 to make it come out nicely in MB/s) +# (Use 102.4 to make it come out nicely in MByte/s) # We convert this to a consensus weight before applying the filter, # because all the bandwidth amounts are specified by the relay -MIN_BANDWIDTH = 102.4 * 30.0 * 1024.0 +MIN_BANDWIDTH = 102.4 * 10.0 * 1024.0 # Clients will time out after 30 seconds trying to download a consensus # So allow fallback directories half that to deliver a consensus @@ -329,6 +367,15 @@ def read_from_file(file_name, max_len): ) return None +def parse_fallback_file(file_name): + file_data = read_from_file(file_name, MAX_LIST_FILE_SIZE) + file_data = cleanse_unprintable(file_data) + file_data = remove_bad_chars(file_data, '\n"\0') + file_data = re.sub('/\*.*?\*/', '', file_data) + file_data = file_data.replace(',', '\n') + file_data = file_data.replace(' weight=10', '') + return file_data + def load_possibly_compressed_response_json(response): if response.info().get('Content-Encoding') == 'gzip': buf = StringIO.StringIO( response.read() ) @@ -367,8 +414,8 @@ def onionoo_fetch(what, **kwargs): params = kwargs params['type'] = 'relay' #params['limit'] = 10 - params['first_seen_days'] = '%d-'%(ADDRESS_AND_PORT_STABLE_DAYS,) - params['last_seen_days'] = '-7' + params['first_seen_days'] = '%d-'%(ADDRESS_AND_PORT_STABLE_DAYS) + params['last_seen_days'] = '-%d'%(MAX_DOWNTIME_DAYS) params['flag'] = 'V2Dir' url = ONIONOO + what + '?' + urllib.urlencode(params) @@ -497,6 +544,8 @@ class Candidate(object): if (not 'effective_family' in details or details['effective_family'] is None): details['effective_family'] = [] + if not 'platform' in details: + details['platform'] = None details['last_changed_address_or_port'] = parse_ts( details['last_changed_address_or_port']) self._data = details @@ -511,6 +560,7 @@ class Candidate(object): self._compute_ipv6addr() if not self.has_ipv6(): logging.debug("Failed to get an ipv6 address for %s."%(self._fpr,)) + self._compute_version() def _stable_sort_or_addresses(self): # replace self._data['or_addresses'] with a stable ordering, @@ -623,6 +673,59 @@ class Candidate(object): self.ipv6orport = int(port) return + def _compute_version(self): + # parse the version out of the platform string + # The platform looks like: "Tor 0.2.7.6 on Linux" + self._data['version'] = None + if self._data['platform'] is None: + return + # be tolerant of weird whitespacing, use a whitespace split + tokens = self._data['platform'].split() + for token in tokens: + vnums = token.split('.') + # if it's at least a.b.c.d, with potentially an -alpha-dev, -alpha, -rc + if (len(vnums) >= 4 and vnums[0].isdigit() and vnums[1].isdigit() and + vnums[2].isdigit()): + self._data['version'] = token + return + + # From #20509 + # bug #20499 affects versions from 0.2.9.1-alpha-dev to 0.2.9.4-alpha-dev + # and version 0.3.0.0-alpha-dev + # Exhaustive lists are hard to get wrong + STALE_CONSENSUS_VERSIONS = ['0.2.9.1-alpha-dev', + '0.2.9.2-alpha', + '0.2.9.2-alpha-dev', + '0.2.9.3-alpha', + '0.2.9.3-alpha-dev', + '0.2.9.4-alpha', + '0.2.9.4-alpha-dev', + '0.3.0.0-alpha-dev' + ] + + def is_valid_version(self): + # call _compute_version before calling this + # is the version of the relay a version we want as a fallback? + # checks both recommended versions and bug #20499 / #20509 + # + # if the relay doesn't have a recommended version field, exclude the relay + if not self._data.has_key('recommended_version'): + log_excluded('%s not a candidate: no recommended_version field', + self._fpr) + return False + if not self._data['recommended_version']: + log_excluded('%s not a candidate: version not recommended', self._fpr) + return False + # if the relay doesn't have version field, exclude the relay + if not self._data.has_key('version'): + log_excluded('%s not a candidate: no version field', self._fpr) + return False + if self._data['version'] in Candidate.STALE_CONSENSUS_VERSIONS: + logging.warning('%s not a candidate: version delivers stale consensuses', + self._fpr) + return False + return True + @staticmethod def _extract_generic_history(history, which='unknown'): # given a tree like this: @@ -767,41 +870,42 @@ class Candidate(object): self._badexit = self._avg_generic_history(badexit) / ONIONOO_SCALE_ONE def is_candidate(self): - must_be_running_now = (PERFORM_IPV4_DIRPORT_CHECKS - or PERFORM_IPV6_DIRPORT_CHECKS) - if (must_be_running_now and not self.is_running()): - logging.info('%s not a candidate: not running now, unable to check ' + - 'DirPort consensus download', self._fpr) - return False - if (self._data['last_changed_address_or_port'] > - self.CUTOFF_ADDRESS_AND_PORT_STABLE): - logging.info('%s not a candidate: changed address/port recently (%s)', - self._fpr, self._data['last_changed_address_or_port']) - return False - if self._running < CUTOFF_RUNNING: - logging.info('%s not a candidate: running avg too low (%lf)', - self._fpr, self._running) - return False - if self._v2dir < CUTOFF_V2DIR: - logging.info('%s not a candidate: v2dir avg too low (%lf)', - self._fpr, self._v2dir) - return False - if self._badexit is not None and self._badexit > PERMITTED_BADEXIT: - logging.info('%s not a candidate: badexit avg too high (%lf)', - self._fpr, self._badexit) - return False - # if the relay doesn't report a version, also exclude the relay - if (not self._data.has_key('recommended_version') - or not self._data['recommended_version']): - logging.info('%s not a candidate: version not recommended', self._fpr) - return False - if self._guard < CUTOFF_GUARD: - logging.info('%s not a candidate: guard avg too low (%lf)', - self._fpr, self._guard) - return False - if (not self._data.has_key('consensus_weight') - or self._data['consensus_weight'] < 1): - logging.info('%s not a candidate: consensus weight invalid', self._fpr) + try: + if (MUST_BE_RUNNING_NOW and not self.is_running()): + log_excluded('%s not a candidate: not running now, unable to check ' + + 'DirPort consensus download', self._fpr) + return False + if (self._data['last_changed_address_or_port'] > + self.CUTOFF_ADDRESS_AND_PORT_STABLE): + log_excluded('%s not a candidate: changed address/port recently (%s)', + self._fpr, self._data['last_changed_address_or_port']) + return False + if self._running < CUTOFF_RUNNING: + log_excluded('%s not a candidate: running avg too low (%lf)', + self._fpr, self._running) + return False + if self._v2dir < CUTOFF_V2DIR: + log_excluded('%s not a candidate: v2dir avg too low (%lf)', + self._fpr, self._v2dir) + return False + if self._badexit is not None and self._badexit > PERMITTED_BADEXIT: + log_excluded('%s not a candidate: badexit avg too high (%lf)', + self._fpr, self._badexit) + return False + # this function logs a message depending on which check fails + if not self.is_valid_version(): + return False + if self._guard < CUTOFF_GUARD: + log_excluded('%s not a candidate: guard avg too low (%lf)', + self._fpr, self._guard) + return False + if (not self._data.has_key('consensus_weight') + or self._data['consensus_weight'] < 1): + log_excluded('%s not a candidate: consensus weight invalid', self._fpr) + return False + except BaseException as e: + logging.warning("Exception %s when checking if fallback is a candidate", + str(e)) return False return True @@ -878,26 +982,26 @@ class Candidate(object): for key in entry: value = entry[key] if key == 'id' and value == self._fpr: - logging.info('%s is in the blacklist: fingerprint matches', + log_excluded('%s is in the blacklist: fingerprint matches', self._fpr) return True if key == 'ipv4' and value == self.dirip: # if the dirport is present, check it too if entry.has_key('dirport'): if int(entry['dirport']) == self.dirport: - logging.info('%s is in the blacklist: IPv4 (%s) and ' + + log_excluded('%s is in the blacklist: IPv4 (%s) and ' + 'DirPort (%d) match', self._fpr, self.dirip, self.dirport) return True # if the orport is present, check it too elif entry.has_key('orport'): if int(entry['orport']) == self.orport: - logging.info('%s is in the blacklist: IPv4 (%s) and ' + + log_excluded('%s is in the blacklist: IPv4 (%s) and ' + 'ORPort (%d) match', self._fpr, self.dirip, self.orport) return True else: - logging.info('%s is in the blacklist: IPv4 (%s) matches, and ' + + log_excluded('%s is in the blacklist: IPv4 (%s) matches, and ' + 'entry has no DirPort or ORPort', self._fpr, self.dirip) return True @@ -911,19 +1015,19 @@ class Candidate(object): # if the dirport is present, check it too if entry.has_key('dirport'): if int(entry['dirport']) == self.dirport: - logging.info('%s is in the blacklist: IPv6 (%s) and ' + + log_excluded('%s is in the blacklist: IPv6 (%s) and ' + 'DirPort (%d) match', self._fpr, ipv6, self.dirport) return True # we've already checked the ORPort, it's part of entry['ipv6'] else: - logging.info('%s is in the blacklist: IPv6 (%s) matches, and' + + log_excluded('%s is in the blacklist: IPv6 (%s) matches, and' + 'entry has no DirPort', self._fpr, ipv6) return True elif (key == 'ipv6' or self.has_ipv6()): # only log if the fingerprint matches but the IPv6 doesn't if entry.has_key('id') and entry['id'] == self._fpr: - logging.info('%s skipping IPv6 blacklist comparison: relay ' + + log_excluded('%s skipping IPv6 blacklist comparison: relay ' + 'has%s IPv6%s, but entry has%s IPv6%s', self._fpr, '' if self.has_ipv6() else ' no', (' (' + ipv6 + ')') if self.has_ipv6() else '', @@ -1062,42 +1166,63 @@ class Candidate(object): return True return False - # report how long it takes to download a consensus from dirip:dirport + # log how long it takes to download a consensus from dirip:dirport + # returns True if the download failed, False if it succeeded within max_time @staticmethod - def fallback_consensus_download_speed(dirip, dirport, nickname, max_time): + def fallback_consensus_download_speed(dirip, dirport, nickname, fingerprint, + max_time): download_failed = False - downloader = DescriptorDownloader() - start = datetime.datetime.utcnow() # some directory mirrors respond to requests in ways that hang python # sockets, which is why we log this line here - logging.info('Initiating consensus download from %s (%s:%d).', nickname, - dirip, dirport) + logging.info('Initiating %sconsensus download from %s (%s:%d) %s.', + 'microdesc ' if DOWNLOAD_MICRODESC_CONSENSUS else '', + nickname, dirip, dirport, fingerprint) # there appears to be about 1 second of overhead when comparing stem's # internal trace time and the elapsed time calculated here TIMEOUT_SLOP = 1.0 + start = datetime.datetime.utcnow() try: - downloader.get_consensus(endpoints = [(dirip, dirport)], - timeout = (max_time + TIMEOUT_SLOP), - validate = True, - retries = 0, - fall_back_to_authority = False).run() + consensus = get_consensus( + endpoints = [(dirip, dirport)], + timeout = (max_time + TIMEOUT_SLOP), + validate = True, + retries = 0, + fall_back_to_authority = False, + document_handler = DocumentHandler.BARE_DOCUMENT, + microdescriptor = DOWNLOAD_MICRODESC_CONSENSUS + ).run()[0] + end = datetime.datetime.utcnow() + time_since_expiry = (end - consensus.valid_until).total_seconds() except Exception, stem_error: - logging.info('Unable to retrieve a consensus from %s: %s', nickname, + end = datetime.datetime.utcnow() + log_excluded('Unable to retrieve a consensus from %s: %s', nickname, stem_error) status = 'error: "%s"' % (stem_error) level = logging.WARNING download_failed = True - elapsed = (datetime.datetime.utcnow() - start).total_seconds() - if elapsed > max_time: + elapsed = (end - start).total_seconds() + if download_failed: + # keep the error failure status, and avoid using the variables + pass + elif elapsed > max_time: status = 'too slow' level = logging.WARNING download_failed = True + elif (time_since_expiry > 0): + status = 'outdated consensus, expired %ds ago'%(int(time_since_expiry)) + if time_since_expiry <= CONSENSUS_EXPIRY_TOLERANCE: + status += ', tolerating up to %ds'%(CONSENSUS_EXPIRY_TOLERANCE) + level = logging.INFO + else: + status += ', invalid' + level = logging.WARNING + download_failed = True else: status = 'ok' level = logging.DEBUG - logging.log(level, 'Consensus download: %0.1fs %s from %s (%s:%d), ' + + logging.log(level, 'Consensus download: %0.1fs %s from %s (%s:%d) %s, ' + 'max download time %0.1fs.', elapsed, status, nickname, - dirip, dirport, max_time) + dirip, dirport, fingerprint, max_time) return download_failed # does this fallback download the consensus fast enough? @@ -1109,12 +1234,14 @@ class Candidate(object): ipv4_failed = Candidate.fallback_consensus_download_speed(self.dirip, self.dirport, self._data['nickname'], + self._fpr, CONSENSUS_DOWNLOAD_SPEED_MAX) if self.has_ipv6() and PERFORM_IPV6_DIRPORT_CHECKS: # Clients assume the IPv6 DirPort is the same as the IPv4 DirPort ipv6_failed = Candidate.fallback_consensus_download_speed(self.ipv6addr, self.dirport, self._data['nickname'], + self._fpr, CONSENSUS_DOWNLOAD_SPEED_MAX) return ((not ipv4_failed) and (not ipv6_failed)) @@ -1151,6 +1278,7 @@ class Candidate(object): # /* # nickname # flags + # adjusted bandwidth, consensus weight # [contact] # [identical contact counts] # */ @@ -1162,6 +1290,13 @@ class Candidate(object): s += 'Flags: ' s += cleanse_c_multiline_comment(' '.join(sorted(self._data['flags']))) s += '\n' + # this is an adjusted bandwidth, see calculate_measured_bandwidth() + bandwidth = self._data['measured_bandwidth'] + weight = self._data['consensus_weight'] + s += 'Bandwidth: %.1f MByte/s, Consensus Weight: %d'%( + bandwidth/(1024.0*1024.0), + weight) + s += '\n' if self._data['contact'] is not None: s += cleanse_c_multiline_comment(self._data['contact']) if CONTACT_COUNT or CONTACT_BLACKLIST_COUNT: @@ -1183,6 +1318,7 @@ class Candidate(object): s += '\n' s += '*/' s += '\n' + return s # output the fallback info C string for this fallback # this is the text that would go after FallbackDir in a torrc @@ -1251,7 +1387,8 @@ class CandidateList(dict): d = fetch('details', fields=('fingerprint,nickname,contact,last_changed_address_or_port,' + 'consensus_weight,advertised_bandwidth,or_addresses,' + - 'dir_address,recommended_version,flags,effective_family')) + 'dir_address,recommended_version,flags,effective_family,' + + 'platform')) logging.debug('Loading details document done.') if not 'relays' in d: raise Exception("No relays found in document.") @@ -1297,13 +1434,12 @@ class CandidateList(dict): self.fallbacks.sort(key=lambda f: f._data['measured_bandwidth'], reverse=True) - # sort fallbacks by their fingerprint, lowest to highest - # this is useful for stable diffs of fallback lists - def sort_fallbacks_by_fingerprint(self): - self.fallbacks.sort(key=lambda f: f._fpr) + # sort fallbacks by the data field data_field, lowest to highest + def sort_fallbacks_by(self, data_field): + self.fallbacks.sort(key=lambda f: f._data[data_field]) @staticmethod - def load_relaylist(file_name): + def load_relaylist(file_obj): """ Read each line in the file, and parse it like a FallbackDir line: an IPv4 address and optional port: <IPv4 address>:<port> @@ -1318,8 +1454,9 @@ class CandidateList(dict): (of string -> string key/value pairs), and these dictionaries are placed in an array. comments start with # and are ignored """ + file_data = file_obj['data'] + file_name = file_obj['name'] relaylist = [] - file_data = read_from_file(file_name, MAX_LIST_FILE_SIZE) if file_data is None: return relaylist for line in file_data.split('\n'): @@ -1360,12 +1497,12 @@ class CandidateList(dict): return relaylist # apply the fallback whitelist and blacklist - def apply_filter_lists(self): + def apply_filter_lists(self, whitelist_obj, blacklist_obj): excluded_count = 0 logging.debug('Applying whitelist and blacklist.') # parse the whitelist and blacklist - whitelist = self.load_relaylist(WHITELIST_FILE_NAME) - blacklist = self.load_relaylist(BLACKLIST_FILE_NAME) + whitelist = self.load_relaylist(whitelist_obj) + blacklist = self.load_relaylist(blacklist_obj) filtered_fallbacks = [] for f in self.fallbacks: in_whitelist = f.is_in_whitelist(whitelist) @@ -1385,7 +1522,7 @@ class CandidateList(dict): elif in_blacklist: # exclude excluded_count += 1 - logging.info('Excluding %s: in blacklist.', f._fpr) + log_excluded('Excluding %s: in blacklist.', f._fpr) else: if INCLUDE_UNLISTED_ENTRIES: # include @@ -1393,7 +1530,7 @@ class CandidateList(dict): else: # exclude excluded_count += 1 - logging.info('Excluding %s: in neither blacklist nor whitelist.', + log_excluded('Excluding %s: in neither blacklist nor whitelist.', f._fpr) self.fallbacks = filtered_fallbacks return excluded_count @@ -1429,8 +1566,8 @@ class CandidateList(dict): # the bandwidth we log here is limited by the relay's consensus weight # as well as its adverttised bandwidth. See set_measured_bandwidth # for details - logging.info('%s not a candidate: bandwidth %.1fMB/s too low, must ' + - 'be at least %.1fMB/s', f._fpr, + log_excluded('%s not a candidate: bandwidth %.1fMByte/s too low, ' + + 'must be at least %.1fMByte/s', f._fpr, f._data['measured_bandwidth']/(1024.0*1024.0), MIN_BANDWIDTH/(1024.0*1024.0)) self.fallbacks = above_min_bw_fallbacks @@ -1470,49 +1607,85 @@ class CandidateList(dict): else: return None - # does exclusion_list contain attribute? + # return a new bag suitable for storing attributes + @staticmethod + def attribute_new(): + return dict() + + # get the count of attribute in attribute_bag + # if attribute is None or the empty string, return 0 + @staticmethod + def attribute_count(attribute, attribute_bag): + if attribute is None or attribute == '': + return 0 + if attribute not in attribute_bag: + return 0 + return attribute_bag[attribute] + + # does attribute_bag contain more than max_count instances of attribute? # if so, return False # if not, return True - # if attribute is None or the empty string, always return True + # if attribute is None or the empty string, or max_count is invalid, + # always return True @staticmethod - def allow(attribute, exclusion_list): - if attribute is None or attribute == '': + def attribute_allow(attribute, attribute_bag, max_count=1): + if attribute is None or attribute == '' or max_count <= 0: return True - elif attribute in exclusion_list: + elif CandidateList.attribute_count(attribute, attribute_bag) >= max_count: return False else: return True - # make sure there is only one fallback per IPv4 address, and per IPv6 address + # add attribute to attribute_bag, incrementing the count if it is already + # present + # if attribute is None or the empty string, or count is invalid, + # do nothing + @staticmethod + def attribute_add(attribute, attribute_bag, count=1): + if attribute is None or attribute == '' or count <= 0: + pass + attribute_bag.setdefault(attribute, 0) + attribute_bag[attribute] += count + + # make sure there are only MAX_FALLBACKS_PER_IP fallbacks per IPv4 address, + # and per IPv6 address # there is only one IPv4 address on each fallback: the IPv4 DirPort address # (we choose the IPv4 ORPort which is on the same IPv4 as the DirPort) # there is at most one IPv6 address on each fallback: the IPv6 ORPort address # we try to match the IPv4 ORPort, but will use any IPv6 address if needed - # (clients assume the IPv6 DirPort is the same as the IPv4 DirPort, but - # typically only use the IPv6 ORPort) + # (clients only use the IPv6 ORPort) # if there is no IPv6 address, only the IPv4 address is checked # return the number of candidates we excluded def limit_fallbacks_same_ip(self): ip_limit_fallbacks = [] - ip_list = [] + ip_list = CandidateList.attribute_new() for f in self.fallbacks: - if (CandidateList.allow(f.dirip, ip_list) - and CandidateList.allow(f.ipv6addr, ip_list)): + if (CandidateList.attribute_allow(f.dirip, ip_list, + MAX_FALLBACKS_PER_IPV4) + and CandidateList.attribute_allow(f.ipv6addr, ip_list, + MAX_FALLBACKS_PER_IPV6)): ip_limit_fallbacks.append(f) - ip_list.append(f.dirip) + CandidateList.attribute_add(f.dirip, ip_list) if f.has_ipv6(): - ip_list.append(f.ipv6addr) - elif not CandidateList.allow(f.dirip, ip_list): - logging.info('Eliminated %s: already have fallback on IPv4 %s'%( - f._fpr, f.dirip)) - elif f.has_ipv6() and not CandidateList.allow(f.ipv6addr, ip_list): - logging.info('Eliminated %s: already have fallback on IPv6 %s'%( - f._fpr, f.ipv6addr)) + CandidateList.attribute_add(f.ipv6addr, ip_list) + elif not CandidateList.attribute_allow(f.dirip, ip_list, + MAX_FALLBACKS_PER_IPV4): + log_excluded('Eliminated %s: already have %d fallback(s) on IPv4 %s' + %(f._fpr, CandidateList.attribute_count(f.dirip, ip_list), + f.dirip)) + elif (f.has_ipv6() and + not CandidateList.attribute_allow(f.ipv6addr, ip_list, + MAX_FALLBACKS_PER_IPV6)): + log_excluded('Eliminated %s: already have %d fallback(s) on IPv6 %s' + %(f._fpr, CandidateList.attribute_count(f.ipv6addr, + ip_list), + f.ipv6addr)) original_count = len(self.fallbacks) self.fallbacks = ip_limit_fallbacks return original_count - len(self.fallbacks) - # make sure there is only one fallback per ContactInfo + # make sure there are only MAX_FALLBACKS_PER_CONTACT fallbacks for each + # ContactInfo # if there is no ContactInfo, allow the fallback # this check can be gamed by providing no ContactInfo, or by setting the # ContactInfo to match another fallback @@ -1520,37 +1693,45 @@ class CandidateList(dict): # go down at similar times, its usefulness outweighs the risk def limit_fallbacks_same_contact(self): contact_limit_fallbacks = [] - contact_list = [] + contact_list = CandidateList.attribute_new() for f in self.fallbacks: - if CandidateList.allow(f._data['contact'], contact_list): + if CandidateList.attribute_allow(f._data['contact'], contact_list, + MAX_FALLBACKS_PER_CONTACT): contact_limit_fallbacks.append(f) - contact_list.append(f._data['contact']) + CandidateList.attribute_add(f._data['contact'], contact_list) else: - logging.info(('Eliminated %s: already have fallback on ' + - 'ContactInfo %s')%(f._fpr, f._data['contact'])) + log_excluded( + 'Eliminated %s: already have %d fallback(s) on ContactInfo %s' + %(f._fpr, CandidateList.attribute_count(f._data['contact'], + contact_list), + f._data['contact'])) original_count = len(self.fallbacks) self.fallbacks = contact_limit_fallbacks return original_count - len(self.fallbacks) - # make sure there is only one fallback per effective family + # make sure there are only MAX_FALLBACKS_PER_FAMILY fallbacks per effective + # family # if there is no family, allow the fallback - # this check can't be gamed, because we use effective family, which ensures - # mutual family declarations + # we use effective family, which ensures mutual family declarations + # but the check can be gamed by not declaring a family at all # if any indirect families exist, the result depends on the order in which # fallbacks are sorted in the list def limit_fallbacks_same_family(self): family_limit_fallbacks = [] - fingerprint_list = [] + fingerprint_list = CandidateList.attribute_new() for f in self.fallbacks: - if CandidateList.allow(f._fpr, fingerprint_list): + if CandidateList.attribute_allow(f._fpr, fingerprint_list, + MAX_FALLBACKS_PER_FAMILY): family_limit_fallbacks.append(f) - fingerprint_list.append(f._fpr) - fingerprint_list.extend(f._data['effective_family']) + CandidateList.attribute_add(f._fpr, fingerprint_list) + for family_fingerprint in f._data['effective_family']: + CandidateList.attribute_add(family_fingerprint, fingerprint_list) else: - # technically, we already have a fallback with this fallback in its - # effective family - logging.info('Eliminated %s: already have fallback in effective ' + - 'family'%(f._fpr)) + # we already have a fallback with this fallback in its effective + # family + log_excluded( + 'Eliminated %s: already have %d fallback(s) in effective family' + %(f._fpr, CandidateList.attribute_count(f._fpr, fingerprint_list))) original_count = len(self.fallbacks) self.fallbacks = family_limit_fallbacks return original_count - len(self.fallbacks) @@ -1878,8 +2059,8 @@ class CandidateList(dict): min_bw = min_fb._data['measured_bandwidth'] max_fb = self.fallback_max() max_bw = max_fb._data['measured_bandwidth'] - s += 'Bandwidth Range: %.1f - %.1f MB/s'%(min_bw/(1024.0*1024.0), - max_bw/(1024.0*1024.0)) + s += 'Bandwidth Range: %.1f - %.1f MByte/s'%(min_bw/(1024.0*1024.0), + max_bw/(1024.0*1024.0)) s += '\n' s += '*/' if fallback_count < MIN_FALLBACK_COUNT: @@ -1892,9 +2073,44 @@ class CandidateList(dict): s += 'or setting INCLUDE_UNLISTED_ENTRIES = True.' return s +def process_existing(): + logging.basicConfig(level=logging.INFO) + logging.getLogger('stem').setLevel(logging.INFO) + whitelist = {'data': parse_fallback_file(FALLBACK_FILE_NAME), + 'name': FALLBACK_FILE_NAME} + blacklist = {'data': read_from_file(BLACKLIST_FILE_NAME, MAX_LIST_FILE_SIZE), + 'name': BLACKLIST_FILE_NAME} + list_fallbacks(whitelist, blacklist) + +def process_default(): + logging.basicConfig(level=logging.WARNING) + logging.getLogger('stem').setLevel(logging.WARNING) + whitelist = {'data': read_from_file(WHITELIST_FILE_NAME, MAX_LIST_FILE_SIZE), + 'name': WHITELIST_FILE_NAME} + blacklist = {'data': read_from_file(BLACKLIST_FILE_NAME, MAX_LIST_FILE_SIZE), + 'name': BLACKLIST_FILE_NAME} + list_fallbacks(whitelist, blacklist) + ## Main Function +def main(): + if get_command() == 'check_existing': + process_existing() + else: + process_default() + +def get_command(): + if len(sys.argv) == 2: + return sys.argv[1] + else: + return None -def list_fallbacks(): +def log_excluded(msg, *args): + if get_command() == 'check_existing': + logging.warning(msg, *args) + else: + logging.info(msg, *args) + +def list_fallbacks(whitelist, blacklist): """ Fetches required onionoo documents and evaluates the fallback directory criteria for each of the relays """ @@ -1927,7 +2143,7 @@ def list_fallbacks(): # warning that the details have changed from those in the whitelist. # instead, there will be an info-level log during the eligibility check. initial_count = len(candidates.fallbacks) - excluded_count = candidates.apply_filter_lists() + excluded_count = candidates.apply_filter_lists(whitelist, blacklist) print candidates.summarise_filters(initial_count, excluded_count) eligible_count = len(candidates.fallbacks) @@ -1985,15 +2201,17 @@ def list_fallbacks(): for s in fetch_source_list(): print describe_fetch_source(s) + # sort the list differently depending on why we've created it: # if we're outputting the final fallback list, sort by fingerprint # this makes diffs much more stable - # otherwise, leave sorted by bandwidth, which allows operators to be - # contacted in priority order - if not OUTPUT_CANDIDATES: - candidates.sort_fallbacks_by_fingerprint() + # otherwise, if we're trying to find a bandwidth cutoff, or we want to + # contact operators in priority order, sort by bandwidth (not yet + # implemented) + # otherwise, if we're contacting operators, sort by contact + candidates.sort_fallbacks_by(OUTPUT_SORT_FIELD) for x in candidates.fallbacks: print x.fallbackdir_line(candidates.fallbacks, prefilter_fallbacks) if __name__ == "__main__": - list_fallbacks() + main() diff --git a/src/common/address.c b/src/common/address.c index c89e8797c6..2693239146 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -159,6 +159,8 @@ tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa, tor_assert(a); tor_assert(sa); + /* This memset is redundant; leaving it in to avoid any future accidents, + however. */ memset(a, 0, sizeof(*a)); if (sa->sa_family == AF_INET) { @@ -235,8 +237,8 @@ tor_addr_make_null(tor_addr_t *a, sa_family_t family) * * Return 0 on success, -1 on failure; 1 on transient failure. */ -int -tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr) +MOCK_IMPL(int, +tor_addr_lookup,(const char *name, uint16_t family, tor_addr_t *addr)) { /* Perhaps eventually this should be replaced by a tor_getaddrinfo or * something. diff --git a/src/common/address.h b/src/common/address.h index 41daf012e6..0dc6edae37 100644 --- a/src/common/address.h +++ b/src/common/address.h @@ -190,7 +190,8 @@ tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u) */ #define TOR_ADDR_BUF_LEN 48 -int tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr_out); +MOCK_DECL(int, tor_addr_lookup,(const char *name, uint16_t family, + tor_addr_t *addr_out)); char *tor_addr_to_str_dup(const tor_addr_t *addr) ATTR_MALLOC; /** Wrapper function of fmt_addr_impl(). It does not decorate IPv6 diff --git a/src/common/ciphers.inc b/src/common/ciphers.inc index ab4ac40724..a336e2dfa0 100644 --- a/src/common/ciphers.inc +++ b/src/common/ciphers.inc @@ -14,6 +14,26 @@ #else XCIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256) #endif +#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + CIPHER(0xcca9, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305) +#else + XCIPHER(0xcca9, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305) +#endif +#ifdef TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 + CIPHER(0xcca8, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305) +#else + XCIPHER(0xcca8, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305) +#endif +#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + CIPHER(0xc02c, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) +#else + XCIPHER(0xc02c, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) +#endif +#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + CIPHER(0xc030, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384) +#else + XCIPHER(0xc030, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384) +#endif #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) #else @@ -34,88 +54,28 @@ #else XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) #endif -#ifdef TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA - CIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) -#else - XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) -#endif -#ifdef TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA - CIPHER(0xc007, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA) -#else - XCIPHER(0xc007, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA) -#endif -#ifdef TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA - CIPHER(0xc011, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA) -#else - XCIPHER(0xc011, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA) -#endif #ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA CIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA) #else XCIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA) #endif -#ifdef TLS1_TXT_DHE_DSS_WITH_AES_128_SHA - CIPHER(0x0032, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA) -#else - XCIPHER(0x0032, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA) -#endif -#ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - CIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA) -#else - XCIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA) -#endif #ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) #else XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) #endif -#ifdef TLS1_TXT_DHE_DSS_WITH_AES_256_SHA - CIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) -#else - XCIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) -#endif -#ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - CIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA) -#else - XCIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA) -#endif -#ifdef SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA - CIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) -#else - XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) -#endif #ifdef TLS1_TXT_RSA_WITH_AES_128_SHA CIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA) #else XCIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA) #endif -#ifdef TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA - CIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA) -#else - XCIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA) -#endif #ifdef TLS1_TXT_RSA_WITH_AES_256_SHA CIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) #else XCIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) #endif -#ifdef TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA - CIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA) -#else - XCIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA) -#endif #ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) #else XCIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) #endif -#ifdef SSL3_TXT_RSA_RC4_128_SHA - CIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) -#else - XCIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) -#endif -#ifdef SSL3_TXT_RSA_RC4_128_MD5 - CIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) -#else - XCIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) -#endif diff --git a/src/common/compat.c b/src/common/compat.c index ebf05f59e1..0dbede6bed 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -258,6 +258,12 @@ tor_mmap_file(const char *filename) page_size = getpagesize(); size += (size%page_size) ? page_size-(size%page_size) : 0; + if (st.st_size > SSIZE_T_CEILING || (off_t)size < st.st_size) { + log_warn(LD_FS, "File \"%s\" is too large. Ignoring.",filename); + errno = EFBIG; + close(fd); + return NULL; + } if (!size) { /* Zero-length file. If we call mmap on it, it will succeed but * return NULL, and bad things will happen. So just fail. */ diff --git a/src/common/compat_time.c b/src/common/compat_time.c index 3493ea0c22..d044bbe1d7 100644 --- a/src/common/compat_time.c +++ b/src/common/compat_time.c @@ -324,10 +324,27 @@ monotime_diff_nsec(const monotime_t *start, /* end of "__APPLE__" */ #elif defined(HAVE_CLOCK_GETTIME) +#ifdef CLOCK_MONOTONIC_COARSE +/** + * Which clock should we use for coarse-grained monotonic time? By default + * this is CLOCK_MONOTONIC_COARSE, but it might not work -- for example, + * if we're compiled with newer Linux headers and then we try to run on + * an old Linux kernel. In that case, we will fall back to CLOCK_MONOTONIC. + */ +static int clock_monotonic_coarse = CLOCK_MONOTONIC_COARSE; +#endif + static void monotime_init_internal(void) { - /* no action needed. */ +#ifdef CLOCK_MONOTONIC_COARSE + struct timespec ts; + if (clock_gettime(CLOCK_MONOTONIC_COARSE, &ts) < 0) { + log_info(LD_GENERAL, "CLOCK_MONOTONIC_COARSE isn't working (%s); " + "falling back to CLOCK_MONOTONIC.", strerror(errno)); + clock_monotonic_coarse = CLOCK_MONOTONIC; + } +#endif } void @@ -355,7 +372,18 @@ monotime_coarse_get(monotime_coarse_t *out) return; } #endif - int r = clock_gettime(CLOCK_MONOTONIC_COARSE, &out->ts_); + int r = clock_gettime(clock_monotonic_coarse, &out->ts_); + if (PREDICT_UNLIKELY(r < 0) && + errno == EINVAL && + clock_monotonic_coarse == CLOCK_MONOTONIC_COARSE) { + /* We should have caught this at startup in monotime_init_internal! + */ + log_warn(LD_BUG, "Falling back to non-coarse monotonic time %s initial " + "system start?", monotime_initialized?"after":"without"); + clock_monotonic_coarse = CLOCK_MONOTONIC; + r = clock_gettime(clock_monotonic_coarse, &out->ts_); + } + tor_assert(r == 0); } #endif diff --git a/src/common/crypto.h b/src/common/crypto.h index 43328f5bce..42345f80e8 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -59,10 +59,12 @@ #define DIGEST256_LEN 32 /** Length of the output of our 64-bit optimized message digests (SHA512). */ #define DIGEST512_LEN 64 -/** Length of our symmetric cipher's keys. */ +/** Length of our symmetric cipher's keys of 128-bit. */ #define CIPHER_KEY_LEN 16 -/** Length of our symmetric cipher's IV. */ +/** Length of our symmetric cipher's IV of 128-bit. */ #define CIPHER_IV_LEN 16 +/** Length of our symmetric cipher's keys of 256-bit. */ +#define CIPHER256_KEY_LEN 32 /** Length of our public keys. */ #define PK_BYTES (1024/8) /** Length of our DH keys. */ diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c index fcbee3aba2..5f328e124c 100644 --- a/src/common/crypto_curve25519.c +++ b/src/common/crypto_curve25519.c @@ -80,7 +80,7 @@ curve25519_impl(uint8_t *output, const uint8_t *secret, /** * Helper function: Multiply the scalar "secret" by the Curve25519 * basepoint (X=9), and store the result in "output". Return 0 on - * success, -1 on false. + * success, -1 on failure. */ STATIC int curve25519_basepoint_impl(uint8_t *output, const uint8_t *secret) diff --git a/src/common/crypto_format.c b/src/common/crypto_format.c index 483013ee68..aa2a9d1fb0 100644 --- a/src/common/crypto_format.c +++ b/src/common/crypto_format.c @@ -161,16 +161,21 @@ curve25519_public_from_base64(curve25519_public_key_t *pkey, } } -/** For convenience: Convert <b>pkey</b> to a statically allocated base64 - * string and return it. Not threadsafe. Subsequent calls invalidate +/** For logging convenience: Convert <b>pkey</b> to a statically allocated + * base64 string and return it. Not threadsafe. Format not meant to be + * computer-readable; it may change in the future. Subsequent calls invalidate * previous returns. */ const char * ed25519_fmt(const ed25519_public_key_t *pkey) { static char formatted[ED25519_BASE64_LEN+1]; if (pkey) { - int r = ed25519_public_to_base64(formatted, pkey); - tor_assert(!r); + if (ed25519_public_key_is_zero(pkey)) { + strlcpy(formatted, "<unset>", sizeof(formatted)); + } else { + int r = ed25519_public_to_base64(formatted, pkey); + tor_assert(!r); + } } else { strlcpy(formatted, "<null>", sizeof(formatted)); } diff --git a/src/common/tortls.c b/src/common/tortls.c index 2efb3baa73..1fe91edf0e 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -585,6 +585,12 @@ static const char UNRESTRICTED_SERVER_CIPHER_LIST[] = #ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 ":" #endif +#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_CCM + TLS1_TXT_DHE_RSA_WITH_AES_256_CCM ":" +#endif +#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_CCM + TLS1_TXT_DHE_RSA_WITH_AES_128_CCM ":" +#endif #ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 ":" #endif @@ -594,8 +600,14 @@ static const char UNRESTRICTED_SERVER_CIPHER_LIST[] = /* Required */ TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":" /* Required */ - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA - ; + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":" +#ifdef TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 ":" +#endif +#ifdef TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 +#endif + ; /* Note: to set up your own private testing network with link crypto * disabled, set your Tors' cipher list to diff --git a/src/common/util.c b/src/common/util.c index 9d134c1bb2..824b4fbc67 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -187,8 +187,9 @@ tor_malloc_zero_(size_t size DMALLOC_PARAMS) * 0xfffe0001. */ #define SQRT_SIZE_MAX_P1 (((size_t)1) << (sizeof(size_t)*4)) -/** Return non-zero if and only if the product of the arguments is exact. */ -static inline int +/** Return non-zero if and only if the product of the arguments is exact, + * and cannot overflow. */ +int size_mul_check(const size_t x, const size_t y) { /* This first check is equivalent to @@ -202,15 +203,6 @@ size_mul_check(const size_t x, const size_t y) x <= SIZE_MAX / y); } -#ifdef TOR_UNIT_TESTS -/** Exposed for unit tests only */ -int -size_mul_check__(const size_t x, const size_t y) -{ - return size_mul_check(x,y); -} -#endif - /** Allocate a chunk of <b>nmemb</b>*<b>size</b> bytes of memory, fill * the memory with zero bytes, and return a pointer to the result. * Log and terminate the process on error. (Same as diff --git a/src/common/util.h b/src/common/util.h index 2b3e48ea8e..ff566151cb 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -553,9 +553,7 @@ STATIC int format_helper_exit_status(unsigned char child_state, #endif -#ifdef TOR_UNIT_TESTS -int size_mul_check__(const size_t x, const size_t y); -#endif +int size_mul_check(const size_t x, const size_t y); #define ARRAY_LENGTH(x) ((sizeof(x)) / sizeof(x[0])) diff --git a/src/common/util_format.c b/src/common/util_format.c index aef9db85c8..6e0a04586a 100644 --- a/src/common/util_format.c +++ b/src/common/util_format.c @@ -398,7 +398,7 @@ base64_decode(char *dest, size_t destlen, const char *src, size_t srclen) * Number of bytes required to hold all bits == (srclen*6)/8. * Yes, we want to round down: anything that hangs over the end of a * byte is padding. */ - if (destlen < (srclen*3)/4) + if (!size_mul_check(srclen, 3) || destlen < (srclen*3)/4) return -1; if (destlen > SIZE_T_CEILING) return -1; diff --git a/src/config/geoip b/src/config/geoip index 406fff09e7..68ae3759c1 100644 --- a/src/config/geoip +++ b/src/config/geoip @@ -1,4 +1,4 @@ -# Last updated based on December 7 2016 Maxmind GeoLite2 Country +# Last updated based on January 4 2017 Maxmind GeoLite2 Country # wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz # gunzip GeoLite2-Country.mmdb.gz # python mmdb-convert.py GeoLite2-Country.mmdb @@ -361,7 +361,7 @@ 86222616,86222847,JE 86222848,86226943,NL 86226944,86228991,SE -86228992,86231039,BE +86228992,86231039,GB 86231040,86233087,ES 86233088,86235135,RO 86235136,86237183,ES @@ -454,7 +454,9 @@ 86446680,86446683,ES 86446684,86446727,FR 86446728,86446731,DE -86446732,86446931,FR +86446732,86446767,FR +86446768,86446771,GB +86446772,86446931,FR 86446932,86446935,CZ 86446936,86447091,FR 86447092,86447103,ES @@ -464,7 +466,9 @@ 86447288,86447288,DE 86447289,86447335,FR 86447336,86447339,ES -86447340,86448559,FR +86447340,86447351,FR +86447352,86447355,GB +86447356,86448559,FR 86448560,86448575,GB 86448576,86448803,FR 86448804,86448807,FI @@ -499,7 +503,10 @@ 86450336,86450339,GB 86450340,86450775,FR 86450776,86450779,PL -86450780,86450863,FR +86450780,86450783,FR +86450784,86450815,DE +86450816,86450847,FR +86450848,86450863,ES 86450864,86450867,PT 86450868,86450875,FR 86450876,86450879,GB @@ -591,7 +598,9 @@ 86457456,86457456,DE 86457457,86457471,FR 86457472,86457519,ES -86457520,86457799,FR +86457520,86457703,FR +86457704,86457707,ES +86457708,86457799,FR 86457800,86457803,ES 86457804,86467207,FR 86467208,86467211,IE @@ -821,17 +830,17 @@ 87761408,87761663,CZ 87761664,87761919,RU 87761920,87762431,FR -87762432,87762943,CZ +87762432,87762943,UA 87762944,87763967,KZ -87763968,87766015,RU -87766016,87818239,CZ +87763968,87766527,RU +87766528,87818239,CZ 87818240,87883775,PL 87883776,87885823,IT 87885824,87889919,RU -87889920,87890431,IR -87890432,87890943,US +87889920,87890687,IR +87890688,87890943,US 87890944,87891199,NL -87891200,87891967,US +87891200,87891967,IR 87891968,87902207,DE 87902208,87904255,IR 87904256,87906303,DE @@ -934,9 +943,7 @@ 90516480,90516735,DE 90516736,90516991,RO 90516992,90517503,NL -90517504,90518527,RU -90518528,90519551,NL -90519552,90529791,RU +90517504,90529791,RU 90529792,90533119,NL 90533120,90533375,DE 90533376,90533631,NL @@ -1165,7 +1172,9 @@ 92734832,92734847,ES 92734848,92735103,FR 92735104,92735119,GB -92735120,92735615,FR +92735120,92735347,FR +92735348,92735351,GB +92735352,92735615,FR 92735616,92735616,DE 92735617,92735619,FR 92735620,92735623,ES @@ -1243,7 +1252,11 @@ 92748517,92748517,BE 92748518,92748543,FR 92748544,92748799,PT -92748800,92748983,FR +92748800,92748843,FR +92748844,92748847,GB +92748848,92748863,FR +92748864,92748879,ES +92748880,92748983,FR 92748984,92748991,GB 92748992,92748999,ES 92749000,92749007,PT @@ -1360,11 +1373,14 @@ 92784668,92784671,IE 92784672,92784895,FR 92784896,92784959,ES -92784960,92785363,FR +92784960,92785183,FR +92785184,92785199,ES +92785200,92785363,FR 92785364,92785367,PT 92785368,92785407,FR 92785408,92785439,ES -92785440,92785611,FR +92785440,92785455,DE +92785456,92785611,FR 92785612,92785615,ES 92785616,92785735,FR 92785736,92785739,DE @@ -1416,9 +1432,7 @@ 92794692,92794695,ES 92794696,92795631,FR 92795632,92795639,CZ -92795640,92796575,FR -92796576,92796579,GB -92796580,92796687,FR +92795640,92796687,FR 92796688,92796691,DE 92796692,92796879,FR 92796880,92796895,FI @@ -1432,7 +1446,9 @@ 93323264,93335551,CH 93335552,93339647,IL 93339648,93343743,RU -93343744,93347839,GB +93343744,93345791,GB +93345792,93346303,NL +93346304,93347839,GB 93347840,93356031,RU 93356032,93358079,IR 93358080,93360127,FR @@ -1762,7 +1778,11 @@ 96172800,96173055,GP 96173056,96174079,MF 96174080,96206847,HU -96206848,96305151,RU +96206848,96262143,RU +96262144,96262399,NL +96262400,96266239,RU +96266240,96266495,NL +96266496,96305151,RU 96305152,96321535,DE 96321536,96323583,RU 96323584,96323711,ZA @@ -1852,7 +1872,9 @@ 96763456,96763471,ES 96763472,96763551,FR 96763552,96763555,GB -96763556,96764239,FR +96763556,96763575,FR +96763576,96763579,ES +96763580,96764239,FR 96764240,96764255,DE 96764256,96764383,FR 96764384,96764399,FI @@ -1923,7 +1945,9 @@ 96778868,96778871,BE 96778872,96779007,FR 96779008,96779011,PT -96779012,96779167,FR +96779012,96779015,FR +96779016,96779023,ES +96779024,96779167,FR 96779168,96779199,PT 96779200,96779247,FR 96779248,96779255,CZ @@ -2414,7 +2438,9 @@ 225079808,225080319,PR 225080320,225443839,US 225443840,225705983,JP -225705984,234881023,US +225705984,226230271,US +226230272,226295807,KR +226295808,234881023,US 234881024,234883071,CN 234883072,234884095,JP 234884096,234885119,CN @@ -2464,7 +2490,7 @@ 241606656,241607679,IN 241607680,241608703,JP 241608704,241609727,PH -241609728,241610751,PK +241609728,241610751,US 241610752,241611775,JP 241611776,241612799,CN 241612800,241613823,HK @@ -3179,7 +3205,9 @@ 391872512,391888895,CA 391888896,391897087,US 391897088,391905279,CA -391905280,391938047,US +391905280,391937535,US +391937536,391937791,CA +391937792,391938047,IE 391938048,391946239,CA 391946240,391960639,US 391960640,391960647,RO @@ -3428,8 +3456,8 @@ 394264576,394264831,CA 394270720,394271231,NL 394296320,394296831,NL -394330112,394330367,US -394395648,394789119,US +394297344,394297599,US +394330112,394789119,US 394854400,394854655,CA 394919936,395051007,US 395051008,395051263,CA @@ -3625,9 +3653,7 @@ 400888576,400888831,GB 400888832,400895551,US 400895552,400895615,GB -400895616,400897535,US -400897536,400897791,GB -400897792,400911103,US +400895616,400911103,US 400911104,400911359,PA 400911360,400911583,AU 400911584,400911615,US @@ -3771,7 +3797,9 @@ 402260272,402260279,GB 402260280,402262455,US 402262456,402262463,FI -402262464,402266727,US +402262464,402265690,US +402265691,402265691,BD +402265692,402266727,US 402266728,402266735,NO 402266736,402279935,US 402279936,402280063,CA @@ -3791,7 +3819,8 @@ 402524264,402524271,FI 402524272,402550015,US 402550016,402550271,CA -402550272,402550783,GB +402550272,402550527,US +402550528,402550783,GB 402550784,402591663,US 402591664,402591671,AU 402591672,402593535,US @@ -4229,7 +4258,8 @@ 461101056,461102079,IN 461102080,461103103,ID 461103104,461104127,AU -461104128,461105151,HK +461104128,461104383,CN +461104384,461105151,HK 461105152,461106175,CN 461106176,461107199,JP 461107200,461108223,IN @@ -4463,7 +4493,8 @@ 521023488,521023743,NL 521023744,521023999,RO 521024000,521024511,BE -521024512,521026559,RO +521024512,521024767,TR +521024768,521026559,RO 521026560,521027583,ES 521027584,521027839,RO 521027840,521028607,GB @@ -4708,10 +4739,8 @@ 523182080,523190271,IR 523190272,523192319,FI 523192320,523194367,ES -523194368,523197183,DE -523197184,523197951,AE -523197952,523198207,DE -523198208,523198463,AE +523194368,523196415,DE +523196416,523198463,AE 523198464,523202559,CZ 523202560,523223039,RU 523223040,523225087,AM @@ -4840,9 +4869,8 @@ 529838080,529842175,UA 529842176,529843199,ES 529843200,529843711,RU -529843712,529845247,CZ -529845248,529846271,UZ -529846272,529847295,CZ +529843712,529846271,CZ +529846272,529847295,UZ 529847296,529848319,GB 529848320,529848575,NL 529848576,529848831,CZ @@ -4963,7 +4991,9 @@ 531430824,531430831,IT 531430832,531430847,GB 531430848,531430855,IT -531430856,531431423,GB +531430856,531430911,GB +531430912,531430919,IT +531430920,531431423,GB 531431424,531496959,RU 531496960,531628031,PL 531628032,531660799,TR @@ -5442,7 +5472,7 @@ 620703744,620704767,NZ 620704768,620705791,BD 620705792,620706815,HK -620706816,620707839,AU +620706816,620707839,US 620707840,620708863,IN 620708864,620709887,HK 620709888,620711935,AU @@ -5474,7 +5504,7 @@ 620743936,620744191,AU 620744192,620744703,HK 620744704,620745727,IN -620745728,620746751,AU +620745728,620746751,US 620746752,620747775,JP 620747776,620748799,PH 620748800,620751871,IN @@ -5734,7 +5764,9 @@ 623077858,623077861,NZ 623077862,623083519,CH 623083520,623116287,ES -623116288,623378431,KW +623116288,623191332,KW +623191333,623191333,SA +623191334,623378431,KW 623378432,623509503,OM 623509504,623575807,SA 623575808,623576063,RO @@ -5774,7 +5806,8 @@ 623812608,623820799,SE 623820800,623821823,NL 623821824,623822335,US -623822336,623822847,NL +623822336,623822591,NL +623822592,623822847,DE 623822848,623824895,GB 623824896,623826943,CZ 623826944,623837183,UA @@ -5853,9 +5886,7 @@ 624643232,624643235,DE 624643236,624643243,FR 624643244,624643247,ES -624643248,624643315,FR -624643316,624643319,IE -624643320,624643423,FR +624643248,624643423,FR 624643424,624643459,ES 624643460,624643999,FR 624644000,624644015,GB @@ -5921,8 +5952,7 @@ 624657616,624657631,GB 624657632,624657711,FR 624657712,624657715,ES -624657716,624657719,PT -624657720,624657831,FR +624657716,624657831,FR 624657832,624657839,ES 624657840,624657883,FR 624657884,624657887,ES @@ -5945,7 +5975,9 @@ 624659072,624659135,ES 624659136,624660103,FR 624660104,624660107,PT -624660108,624660607,FR +624660108,624660127,FR +624660128,624660131,IE +624660132,624660607,FR 624660608,624660639,IE 624660640,624660827,FR 624660828,624660839,ES @@ -6061,7 +6093,9 @@ 624670660,624670663,IE 624670664,624670915,FR 624670916,624670919,ES -624670920,624671287,FR +624670920,624670935,FR +624670936,624670939,GB +624670940,624671287,FR 624671288,624671291,ES 624671292,624671455,FR 624671456,624671471,ES @@ -6081,7 +6115,9 @@ 624673804,624673807,NL 624673808,624673903,FR 624673904,624673919,ES -624673920,624674411,FR +624673920,624673931,FR +624673932,624673935,GB +624673936,624674411,FR 624674412,624674415,ES 624674416,624674447,FR 624674448,624674451,GB @@ -6100,7 +6136,9 @@ 624675776,624675779,ES 624675780,624676003,FR 624676004,624676007,DE -624676008,624676071,FR +624676008,624676015,FR +624676016,624676019,GB +624676020,624676071,FR 624676072,624676075,ES 624676076,624676087,FR 624676088,624676091,DE @@ -6108,9 +6146,7 @@ 624676628,624676631,GB 624676632,624676715,FR 624676716,624676719,ES -624676720,624676923,FR -624676924,624676927,ES -624676928,624677463,FR +624676720,624677463,FR 624677464,624677467,ES 624677468,624677471,GB 624677472,624677583,FR @@ -6151,9 +6187,7 @@ 624681536,624681599,ES 624681600,624681807,FR 624681808,624681823,BE -624681824,624682059,FR -624682060,624682063,IE -624682064,624682263,FR +624681824,624682263,FR 624682264,624682267,ES 624682268,624682319,FR 624682320,624682323,ES @@ -6161,7 +6195,9 @@ 624682496,624682527,ES 624682528,624682623,FR 624682624,624682639,ES -624682640,624683015,FR +624682640,624683007,FR +624683008,624683011,GB +624683012,624683015,FR 624683016,624683023,ES 624683024,624683031,FR 624683032,624683039,GB @@ -6217,7 +6253,9 @@ 624686712,624686719,ES 624686720,624686783,FR 624686784,624686815,ES -624686816,624687343,FR +624686816,624686895,FR +624686896,624686911,IE +624686912,624687343,FR 624687344,624687346,CZ 624687347,624687347,ES 624687348,624687783,FR @@ -6408,7 +6446,8 @@ 628023296,628029439,RU 628029440,628031487,GB 628031488,628064255,MM -628064256,628097023,HU +628064256,628080639,PK +628080640,628097023,HU 628097024,628230143,RU 628230144,628232191,IT 628232192,628236287,RU @@ -6667,7 +6706,8 @@ 631037952,631038207,BG 631038208,631039999,RO 631040000,631043071,IR -631043072,631043839,RO +631043072,631043583,RO +631043584,631043839,TR 631043840,631044095,MD 631044096,631045119,IR 631045120,631046143,RO @@ -6840,7 +6880,9 @@ 635200168,635200175,IT 635200176,635200263,GB 635200264,635200271,IT -635200272,635200335,GB +635200272,635200319,GB +635200320,635200327,IT +635200328,635200335,GB 635200336,635200343,IT 635200344,635200431,GB 635200432,635200439,IT @@ -6929,7 +6971,9 @@ 635864832,635865087,ES 635865088,635865855,RU 635865856,635866111,US -635866112,635882495,RU +635866112,635871487,RU +635871488,635871743,UA +635871744,635882495,RU 635882496,635882751,GE 635882752,635893503,RU 635893504,635893759,AZ @@ -7207,9 +7251,9 @@ 644835072,644835327,CA 644835328,644836351,US 644836352,644837375,CA -644837376,644838336,US -644838337,644838337,CA -644838338,644838911,US +644837376,644838143,US +644838144,644838399,CA +644838400,644838911,US 644838912,644839679,CA 644839680,644840447,US 644840448,644841471,CA @@ -7267,7 +7311,9 @@ 645576999,645577215,CA 645577216,645612543,US 645612544,645613567,MX -645613568,645644351,US +645613568,645614591,US +645614592,645614847,MX +645614848,645644351,US 645644352,645644415,MX 645644416,645644927,US 645644928,645645055,MX @@ -7297,7 +7343,9 @@ 646194176,646194943,CA 646194944,646195199,US 646195200,646198783,CA -646198784,646254591,US +646198784,646199384,US +646199385,646199385,CA +646199386,646254591,US 646254592,646256639,CA 646256640,646262783,US 646262784,646264831,CA @@ -8951,7 +8999,8 @@ 736380928,736381951,IN 736381952,736382975,CN 736382976,736383999,TH -736384000,736385023,LA +736384000,736384767,LA +736384768,736385023,TH 736385024,736386047,HK 736386048,736388095,IN 736388096,736389119,CN @@ -9819,8 +9868,8 @@ 757125120,757125151,NL 757125152,757125215,US 757125216,757125247,NL -757125248,757125279,US -757125280,757125631,NL +757125248,757125407,US +757125408,757125631,NL 757125632,757131263,US 757131264,757133311,NL 757133312,757135359,AU @@ -10092,7 +10141,7 @@ 758982016,758982143,TV 758982144,758982271,US 758982272,758982399,KM -758982400,758982527,US +758982400,758982527,CD 758982528,758982655,ST 758982656,758982783,MV 758982784,758982911,AR @@ -10101,7 +10150,8 @@ 758983680,758983807,US 758983808,758983935,VA 758983936,758984063,ZW -758984064,758984703,US +758984064,758984191,SO +758984192,758984703,US 758984704,758988799,CA 758988800,758994943,US 758994944,758996991,IN @@ -10208,8 +10258,8 @@ 759791616,759824639,US 759824640,759824895,SA 759824896,759825151,CR -759825152,759825407,NO -759825408,759825663,BE +759825152,759825407,US +759825408,759825663,DE 759825664,759828735,US 759828736,759828863,GT 759828864,759828991,SV @@ -10254,10 +10304,12 @@ 759860736,759860991,US 759860992,759955455,CA 759955456,759963647,US -759963648,759965695,NL -759965696,759975935,US +759963648,759965759,NL +759965760,759975935,US 759975936,759977471,DE -759977472,759980031,US +759977472,759977983,US +759977984,759979007,DE +759979008,759980031,US 759980032,759984127,JP 759984128,759985151,AU 759985152,759988223,US @@ -10267,10 +10319,8 @@ 759996416,760004607,US 760004608,760006967,JP 760006968,760007039,US -760007040,760007103,JP -760007104,760007167,US -760007168,760011263,JP -760011264,760111103,US +760007040,760012799,JP +760012800,760111103,US 760111104,760119295,CA 760119296,760127487,US 760127488,760152063,CA @@ -10595,6 +10645,7 @@ 762816512,762824703,IN 762824704,762825727,SG 762825728,762826751,JP +762826752,762827775,US 762827776,762829823,VN 762829824,762830847,AU 762830848,762832895,IN @@ -10798,6 +10849,7 @@ 763194368,763196415,HK 763196416,763197439,IN 763197440,763199487,AU +763199488,763199743,DE 763200512,763201535,IN 763201536,763202559,CN 763202560,763207679,IN @@ -10925,14 +10977,26 @@ 768606208,768868351,GH 768868352,769130495,ZM 769130496,769392639,MA +769400832,769404927,ZA +769405440,769405951,CI +769405952,769406975,GN +769406976,769409023,ZA +769409024,769425407,SC 769425408,769458175,ZA 769458176,769459199,MU +769459200,769460223,CD +769460224,769461247,UG +769461248,769462271,ZA 769462272,769463295,MU 769463296,769464319,AO +769464320,769464575,GH +769464576,769464831,MW +769464832,769465087,ZA 769465088,769465343,EG 769465344,769466367,CI -769466368,769474559,ZA -769474560,769476607,SC +769466368,769474815,ZA +769474816,769475583,NG +769475584,769476607,ZA 769476608,769478655,UG 769478656,769507327,ZA 769507328,769509375,TZ @@ -10980,7 +11044,9 @@ 771316480,771316735,HK 771316736,771317759,CN 771317760,771318783,HK -771318784,771320063,SG +771318784,771319295,SG +771319296,771319551,BD +771319552,771320063,SG 771320064,771320319,TW 771320320,771320831,AU 771320832,771321855,IN @@ -11865,7 +11931,9 @@ 778667348,778667351,GB 778667352,778667499,FR 778667500,778667503,GB -778667504,778668391,FR +778667504,778667999,FR +778668000,778668003,GB +778668004,778668391,FR 778668392,778668395,FI 778668396,778668399,ES 778668400,778668479,FR @@ -11876,7 +11944,9 @@ 778668628,778668631,ES 778668632,778668719,FR 778668720,778668723,PT -778668724,778668863,FR +778668724,778668731,FR +778668732,778668735,GB +778668736,778668863,FR 778668864,778668895,DE 778668896,778669055,FR 778669056,778669087,ES @@ -12091,7 +12161,9 @@ 778696220,778696223,GB 778696224,778696271,FR 778696272,778696287,ES -778696288,778696495,FR +778696288,778696435,FR +778696436,778696439,GB +778696440,778696495,FR 778696496,778696499,ES 778696500,778696811,FR 778696812,778696815,DE @@ -12109,9 +12181,7 @@ 778697176,778697179,ES 778697180,778697279,FR 778697280,778697287,IE -778697288,778697343,FR -778697344,778697347,IE -778697348,778697435,FR +778697288,778697435,FR 778697436,778697439,GB 778697440,778697471,FR 778697472,778697479,CZ @@ -12206,7 +12276,8 @@ 781651968,781654015,PL 781654016,781656063,RU 781656064,781658111,RO -781658112,781662207,UA +781658112,781660159,UA +781660160,781662207,RU 781662208,781664255,SK 781664256,781666303,RU 781666304,781668351,PL @@ -12313,7 +12384,9 @@ 782745600,782761983,CZ 782761984,783024127,PL 783024128,783040511,RU -783040512,783048703,UA +783040512,783047423,UA +783047424,783047679,RU +783047680,783048703,UA 783048704,783056895,RU 783056896,783065087,UA 783065088,783073279,RU @@ -12452,7 +12525,9 @@ 784039936,784072703,PL 784072704,784105471,RU 784105472,784138239,HR -784138240,784155487,DE +784138240,784145617,DE +784145618,784145618,BE +784145619,784155487,DE 784155488,784155491,NL 784155492,784155495,BE 784155496,784155503,AT @@ -12726,7 +12801,8 @@ 787165184,787167231,RU 787167232,787169279,CH 787169280,787171327,RU -787171328,787173375,KG +787171328,787172863,KG +787172864,787173375,RU 787173376,787175423,KZ 787175424,787177471,SA 787177472,787179519,RS @@ -12817,10 +12893,19 @@ 787715328,787715583,YE 787715584,787715839,BH 787715840,787718143,NL -787718144,787741951,RU +787718144,787718399,RU +787718400,787720959,NL +787720960,787721471,RU +787721472,787722751,NL +787722752,787725311,RU +787725312,787726335,NL +787726336,787738623,RU +787738624,787739903,NL +787739904,787740159,RU +787740160,787741951,NL 787741952,787742207,BZ -787742208,787742719,RU -787742720,787750143,NL +787742208,787742463,RU +787742464,787750143,NL 787750144,787750159,BD 787750160,787750175,BT 787750176,787750191,BN @@ -13154,7 +13239,10 @@ 835715072,835977215,CN 835977216,836042751,JP 836042752,836046847,HK -836046848,836050943,SG +836046848,836048895,SG +836048896,836049919,HK +836049920,836050431,SG +836050432,836050943,HK 836050944,836059135,IN 836059136,836075519,VN 836075520,836501503,TW @@ -13193,7 +13281,9 @@ 839009024,839009279,HU 839009280,839016191,US 839016192,839016447,CA -839016448,839078911,US +839016448,839075839,US +839075840,839076863,DE +839076864,839078911,US 839078912,839079935,DE 839079936,839339607,US 839339610,839340031,US @@ -13341,9 +13431,15 @@ 872297824,872297855,ES 872297856,872299103,FR 872299104,872299135,PT -872299136,872300031,FR +872299136,872299239,FR +872299240,872299247,ES +872299248,872299967,FR +872299968,872299983,ES +872299984,872300031,FR 872300032,872300063,ES -872300064,872300543,FR +872300064,872300215,FR +872300216,872300223,BE +872300224,872300543,FR 872300544,872300559,GB 872300560,872300639,FR 872300640,872300671,PT @@ -13405,7 +13501,9 @@ 872323072,872323135,FR 872323136,872323199,ES 872323200,872323327,GB -872323328,872323551,FR +872323328,872323407,FR +872323408,872323423,FI +872323424,872323551,FR 872323552,872323583,GB 872323584,872323775,FR 872323776,872323839,ES @@ -13419,7 +13517,9 @@ 872326152,872326155,CZ 872326156,872326175,FR 872326176,872326207,PT -872326208,872327615,FR +872326208,872326271,FR +872326272,872326275,FI +872326276,872327615,FR 872327616,872327679,ES 872327680,872327807,FR 872327808,872327811,FI @@ -13491,12 +13591,16 @@ 872356416,872357423,FR 872357424,872357439,PT 872357440,872357503,ES -872357504,872363135,FR +872357504,872363071,FR +872363072,872363103,ES +872363104,872363135,FR 872363136,872363199,PL 872363200,872363871,FR 872363872,872363903,PT 872363904,872364863,FR -872364864,872364927,NL +872364864,872364898,NL +872364899,872364899,FR +872364900,872364927,NL 872364928,872365311,FR 872365312,872365319,PT 872365320,872374459,FR @@ -13533,7 +13637,9 @@ 872382144,872382207,ES 872382208,872382335,FR 872382336,872382463,GB -872382464,872383519,FR +872382464,872382779,FR +872382780,872382783,ES +872382784,872383519,FR 872383520,872383551,ES 872383552,872383583,GB 872383584,872383743,FR @@ -13580,7 +13686,9 @@ 872406816,872406847,FI 872406848,872406879,FR 872406880,872406911,ES -872406912,872408383,FR +872406912,872407167,FR +872407168,872407171,FI +872407172,872408383,FR 872408384,872408447,IE 872408448,872409215,FR 872409216,872409343,GB @@ -14600,7 +14708,9 @@ 1023315712,1023315967,AU 1023315968,1023317503,US 1023317504,1023317759,IN -1023317760,1023328255,US +1023317760,1023323429,US +1023323430,1023323430,CN +1023323431,1023328255,US 1023328256,1023344639,JP 1023344640,1023410175,CN 1023410176,1023672319,IN @@ -15040,7 +15150,9 @@ 1044676608,1044684799,RU 1044684800,1044685158,GG 1044685159,1044685159,JE -1044685160,1044692991,GG +1044685160,1044692422,GG +1044692423,1044692423,IM +1044692424,1044692991,GG 1044692992,1044697087,AT 1044697088,1044697343,DE 1044697344,1044697599,AT @@ -15275,7 +15387,9 @@ 1046498688,1046498695,DE 1046498696,1046498799,GB 1046498800,1046498807,DE -1046498808,1046502106,GB +1046498808,1046499255,GB +1046499256,1046499263,DE +1046499264,1046502106,GB 1046502107,1046502108,DE 1046502109,1046503095,GB 1046503096,1046503103,DE @@ -15413,8 +15527,13 @@ 1047461888,1047494655,DE 1047494656,1047527423,PL 1047527424,1047529471,GB -1047529472,1047535103,BE -1047535104,1047535359,US +1047529472,1047530495,NL +1047530496,1047531007,GB +1047531008,1047531263,RS +1047531264,1047533567,BE +1047533568,1047534847,DE +1047534848,1047535103,BE +1047535104,1047535359,GB 1047535360,1047535615,BE 1047535616,1047551999,DE 1047552000,1047560191,RU @@ -15671,7 +15790,9 @@ 1051125472,1051125479,BE 1051125480,1051131903,NL 1051131904,1051197439,CH -1051197440,1051213823,CZ +1051197440,1051198531,CZ +1051198532,1051198535,SK +1051198536,1051213823,CZ 1051213824,1051230207,SK 1051230208,1051238399,SE 1051238400,1051246591,GE @@ -17444,8 +17565,8 @@ 1077964032,1077967103,US 1077967104,1077967359,CA 1077967360,1077967615,US -1077967616,1077967871,GB -1077967872,1077977087,US +1077967616,1077968127,GB +1077968128,1077977087,US 1077977088,1077985279,CA 1077985280,1077993471,US 1077993472,1078001663,CA @@ -17556,8 +17677,8 @@ 1079320576,1079322831,CA 1079322832,1079322839,US 1079322840,1079328767,CA -1079328768,1079377919,US -1079377920,1079378943,CA +1079328768,1079378175,US +1079378176,1079378943,CA 1079378944,1079379199,US 1079379200,1079379455,CA 1079379456,1079383039,US @@ -17616,7 +17737,11 @@ 1079433216,1079435263,CR 1079435264,1079435775,CO 1079435776,1079436031,CA -1079436032,1079440191,US +1079436032,1079439359,US +1079439360,1079439391,CA +1079439392,1079439615,US +1079439616,1079439871,CA +1079439872,1079440191,US 1079440192,1079440207,CA 1079440208,1079459839,US 1079459840,1079508991,CA @@ -17966,7 +18091,9 @@ 1089462784,1089463039,CA 1089463040,1089463295,US 1089463296,1089464319,CA -1089464320,1089526783,US +1089464320,1089465855,US +1089465856,1089466367,GB +1089466368,1089526783,US 1089526784,1089527039,VE 1089527040,1089579519,US 1089579520,1089580031,VE @@ -18190,7 +18317,9 @@ 1096925184,1096941567,CA 1096941568,1097007103,US 1097007104,1097031679,JP -1097031680,1097076123,US +1097031680,1097039871,US +1097039872,1097056255,SE +1097056256,1097076123,US 1097076124,1097076127,DE 1097076128,1097727999,US 1097728000,1097736191,CA @@ -18514,8 +18643,7 @@ 1112530944,1112539135,CA 1112539136,1112869887,US 1112869888,1112870143,CA -1112870400,1112870911,US -1112871936,1112873983,US +1112870144,1112873983,US 1112873984,1112875007,CA 1112875008,1112875519,US 1112875520,1112875775,CA @@ -18550,7 +18678,9 @@ 1113661440,1113669631,US 1113669632,1113677823,CA 1113677824,1113681919,US -1113686016,1113718783,US +1113686016,1113696575,US +1113696576,1113696639,CA +1113696640,1113718783,US 1113718784,1113743359,DO 1113743360,1113854207,US 1113854208,1113854463,CA @@ -18773,24 +18903,7 @@ 1119109120,1119109887,CA 1119109888,1119110143,US 1119110144,1119111167,CA -1119111168,1119166723,US -1119166848,1119166855,US -1119166864,1119166871,HT -1119166952,1119166959,US -1119166976,1119167007,US -1119167072,1119167079,US -1119167080,1119167087,CA -1119167088,1119167095,US -1119167200,1119167215,US -1119167232,1119167495,US -1119167496,1119167503,CA -1119167512,1119167519,US -1119167536,1119167543,US -1119167552,1119167999,US -1119168024,1119168031,CA -1119168032,1119168047,US -1119168112,1119168119,US -1119168128,1119170559,US +1119111168,1119166463,US 1119171072,1119171327,US 1119171360,1119171383,US 1119171384,1119171391,CA @@ -18801,18 +18914,7 @@ 1119172200,1119172207,CA 1119172256,1119172263,US 1119172352,1119172863,US -1119172864,1119174015,MX -1119174024,1119174031,GT -1119174032,1119174039,MX -1119174048,1119174207,MX -1119174208,1119174271,GT -1119174272,1119174335,MX -1119174344,1119174351,GT -1119174352,1119174359,MX -1119174400,1119174407,GT -1119174408,1119174415,MX -1119174424,1119174527,MX -1119174536,1119174543,MX +1119172864,1119173631,MX 1119174656,1119199231,US 1119199232,1119207169,MN 1119207170,1119207170,US @@ -18836,9 +18938,7 @@ 1119502336,1119510527,CA 1119510528,1119558143,US 1119558144,1119558655,PR -1119558656,1119568383,US -1119568384,1119568639,GB -1119568640,1119570559,US +1119558656,1119570559,US 1119570560,1119570687,GB 1119570688,1119571967,US 1119571968,1119576063,CA @@ -19189,7 +19289,9 @@ 1137376356,1137376356,CA 1137376357,1137378815,US 1137378816,1137379071,UA -1137379072,1137426431,US +1137379072,1137385471,US +1137385472,1137387519,IL +1137387520,1137426431,US 1137426432,1137442815,PR 1137442816,1137491967,US 1137491968,1137508351,CA @@ -19266,7 +19368,9 @@ 1138375424,1138375679,AS 1138375680,1138419711,US 1138419712,1138419967,DE -1138419968,1138499583,US +1138419968,1138474239,US +1138474240,1138474751,CA +1138474752,1138499583,US 1138499584,1138503679,CA 1138503680,1138508575,US 1138508576,1138508591,IT @@ -19395,9 +19499,7 @@ 1157931008,1157935103,BS 1157935104,1157943295,US 1157943296,1157947391,CA -1157947392,1157984255,US -1157984256,1157984767,CA -1157984768,1158027263,US +1157947392,1158027263,US 1158027264,1158027519,CA 1158027520,1158028287,US 1158028288,1158028543,CA @@ -19614,7 +19716,11 @@ 1161834980,1161834980,BZ 1161834981,1161835058,US 1161835059,1161835059,BZ -1161835060,1161835230,US +1161835060,1161835109,US +1161835110,1161835110,BZ +1161835111,1161835226,US +1161835227,1161835227,BZ +1161835228,1161835230,US 1161835231,1161835231,PH 1161835232,1161837174,US 1161837175,1161837175,BZ @@ -19860,7 +19966,7 @@ 1168867328,1168875519,CA 1168875520,1168916479,US 1168916480,1168924671,HK -1168924672,1168932863,CA +1168924672,1168932863,IT 1168932864,1168936959,US 1168936960,1168949247,CA 1168949248,1168949503,US @@ -20024,7 +20130,7 @@ 1192296448,1192361983,CA 1192361984,1192427519,US 1192427520,1192460287,CA -1192464384,1192468479,US +1192460288,1192468479,US 1192468480,1192476671,CA 1192476672,1192488959,US 1192488960,1192493055,CA @@ -20272,7 +20378,11 @@ 1224201216,1224202239,NL 1224202240,1224210431,US 1224210432,1224212479,NL -1224212480,1224329215,US +1224212480,1224327167,US +1224327168,1224327295,NL +1224327296,1224327935,US +1224327936,1224327943,CA +1224327944,1224329215,US 1224329216,1224329471,CA 1224329472,1224331263,US 1224331264,1224333311,PR @@ -20361,9 +20471,7 @@ 1248936960,1248939007,CA 1248939008,1248946175,US 1248946176,1248947199,VG -1248947200,1248958463,US -1248958464,1248959487,CA -1248959488,1248964607,US +1248947200,1248964607,US 1248964608,1248966655,CA 1248966656,1248997375,US 1248997376,1248998399,ID @@ -20447,12 +20555,12 @@ 1249359872,1249361919,CA 1249361920,1249379327,US 1249379328,1249380351,CA -1249380352,1249383423,US +1249380352,1249384447,US 1249384448,1249386495,PR 1249386496,1249391615,US 1249391616,1249392639,CA 1249392640,1249396735,US -1249396736,1249397759,CA +1249396736,1249398783,CA 1249398784,1249409023,US 1249409024,1249410047,CA 1249410048,1249434623,US @@ -20907,7 +21015,9 @@ 1296262144,1296262383,IE 1296262384,1296262399,IN 1296262400,1296262655,US -1296262656,1296263679,IE +1296262656,1296263523,IE +1296263524,1296263527,CH +1296263528,1296263679,IE 1296263680,1296263935,US 1296263936,1296264263,IE 1296264264,1296264271,GB @@ -21039,7 +21149,8 @@ 1296769024,1296771071,TR 1296771072,1296773119,LT 1296773120,1296774143,FR -1296775168,1296779263,FR +1296774145,1296774287,FR +1296774912,1296779263,FR 1296779264,1296781311,CZ 1296781312,1296783359,DK 1296783360,1296785407,LB @@ -22262,7 +22373,21 @@ 1334316032,1334316159,NO 1334316160,1334345727,SE 1334345728,1334378495,RU -1334378496,1334411263,IT +1334378496,1334379263,IT +1334379264,1334379519,PL +1334379520,1334379971,IT +1334379972,1334379975,DE +1334379976,1334383001,IT +1334383002,1334383002,GB +1334383003,1334383103,IT +1334383104,1334383359,FR +1334383360,1334386895,IT +1334386896,1334386896,FR +1334386897,1334389823,IT +1334389824,1334389887,ES +1334389888,1334390015,IT +1334390016,1334390271,ES +1334390272,1334411263,IT 1334411264,1334444031,RU 1334444032,1334503935,SE 1334503936,1334504191,DK @@ -23066,9 +23191,15 @@ 1347559424,1347567615,RU 1347567616,1347567888,SC 1347567889,1347567889,NL -1347567890,1347569663,SC +1347567890,1347569125,SC +1347569126,1347569126,NL +1347569127,1347569314,SC +1347569315,1347569315,NL +1347569316,1347569663,SC 1347569664,1347570687,NL -1347570688,1347571711,SC +1347570688,1347571538,SC +1347571539,1347571539,NL +1347571540,1347571711,SC 1347571712,1347575807,RU 1347575808,1347579903,DK 1347579904,1347588095,GB @@ -23220,7 +23351,8 @@ 1348009984,1348014079,RU 1348014080,1348018175,DK 1348018176,1348026367,NO -1348026368,1348030463,DE +1348026368,1348028415,DE +1348028416,1348030463,LV 1348030464,1348034559,GB 1348034560,1348038655,AT 1348038656,1348042751,FR @@ -23229,7 +23361,9 @@ 1348055040,1348059135,LB 1348059136,1348063231,RU 1348063232,1348067327,CH -1348067328,1348071423,NL +1348067328,1348070399,NL +1348070400,1348070911,DE +1348070912,1348071423,NL 1348071424,1348075519,DE 1348075520,1348076287,LV 1348076288,1348076543,RU @@ -23491,6 +23625,8 @@ 1357318400,1357318655,FR 1357318912,1357319167,DE 1357319168,1357319171,PL +1357319172,1357319178,GB +1357319180,1357319187,GB 1357321024,1357321087,KE 1357321984,1357322239,GB 1357322240,1357322255,DE @@ -23558,7 +23694,7 @@ 1357375216,1357375223,ES 1357375224,1357375423,GB 1357375424,1357375487,IE -1357377536,1357378639,FR +1357377536,1357378647,FR 1357378816,1357379071,FR 1357381632,1357414399,NO 1357414400,1357447167,LV @@ -23669,9 +23805,7 @@ 1357985016,1357985023,IT 1357985024,1357985575,GB 1357985576,1357985583,IT -1357985584,1357985775,GB -1357985776,1357985783,IT -1357985784,1357985791,GB +1357985584,1357985791,GB 1357985792,1357987839,DE 1357987840,1357991935,GB 1357991936,1357996031,NO @@ -24250,9 +24384,9 @@ 1360986632,1360986635,US 1360986636,1360986755,GB 1360986756,1360986763,US -1360986764,1360989653,GB -1360989654,1360989654,FR -1360989655,1360989929,GB +1360986764,1360989439,GB +1360989440,1360989695,FR +1360989696,1360989929,GB 1360989930,1360989930,FR 1360989931,1360989935,GB 1360989936,1360989943,FR @@ -24378,7 +24512,6 @@ 1364885504,1364889599,GB 1364889600,1364893695,IR 1364893696,1364897791,CZ -1364897792,1364901887,SI 1364901888,1364905983,DE 1364905984,1364910079,RU 1364910080,1364914175,UA @@ -24586,7 +24719,9 @@ 1370302976,1370303487,NO 1370303488,1370312703,NL 1370312704,1370316799,CH -1370316800,1370324991,NL +1370316800,1370318847,NL +1370318848,1370320895,ES +1370320896,1370324991,NL 1370324992,1370357759,DE 1370357760,1370390527,IT 1370390528,1370423295,GB @@ -24617,14 +24752,18 @@ 1371734016,1371799551,RU 1371799552,1371865087,RO 1371865088,1371930623,FI -1371930624,1371996159,LV +1371930624,1371979007,LV +1371979008,1371979263,LT +1371979264,1371996159,LV 1371996160,1371996671,GB 1371996672,1371996927,GA 1371996928,1372000255,GB 1372000256,1372001279,UG 1372001280,1372012543,GB 1372012544,1372013567,ZM -1372013568,1372016127,GB +1372013568,1372014079,GB +1372014080,1372014335,NG +1372014336,1372016127,GB 1372016128,1372016383,GH 1372016384,1372017583,GB 1372017584,1372017599,CD @@ -25092,7 +25231,7 @@ 1386444800,1386445823,DK 1386445824,1386447871,GB 1386447872,1386448895,DK -1386448896,1386449151,GB +1386448896,1386449151,IL 1386449152,1386449343,NL 1386449344,1386449347,GB 1386449348,1386449359,NL @@ -25110,7 +25249,10 @@ 1386449404,1386449407,DE 1386449408,1386449663,GB 1386449664,1386449919,HK -1386449920,1386450943,IL +1386449920,1386449920,US +1386449921,1386450175,IL +1386450176,1386450431,US +1386450432,1386450943,IL 1386450944,1386455039,GB 1386455040,1386456063,DK 1386456064,1386457087,GB @@ -25448,7 +25590,7 @@ 1399848960,1400111103,FR 1400111104,1400373247,NL 1400373248,1400635391,IR -1400635392,1400768511,DE +1400700928,1400768511,DE 1400897536,1400963071,NL 1400963072,1401028607,DE 1401028608,1401094143,IL @@ -25485,7 +25627,6 @@ 1401470976,1401473023,NL 1401473024,1401475071,CZ 1401475072,1401477119,FR -1401477120,1401479167,BE 1401479168,1401481215,PL 1401481216,1401485311,RU 1401485312,1401487834,GB @@ -25603,8 +25744,7 @@ 1401923584,1401925631,GG 1401925632,1401927679,BG 1401927680,1401929727,NL -1401929728,1401931775,RU -1401931776,1401933823,UA +1401929728,1401933823,RU 1401933824,1401935871,DE 1401935872,1401937919,FI 1401937920,1401939967,GB @@ -25791,8 +25931,7 @@ 1404043264,1404051455,EE 1404051456,1404059647,HR 1404059648,1404076543,SE -1404076544,1404081663,LV -1404081664,1404084223,SE +1404076544,1404084223,LV 1404084224,1404099327,LT 1404099328,1404099583,SE 1404099584,1404103167,LT @@ -25803,8 +25942,8 @@ 1404125184,1404133375,HR 1404133376,1404141567,SE 1404141568,1404149759,LV -1404149760,1404157951,SE -1404157952,1404174335,LV +1404149760,1404151807,SE +1404151808,1404174335,LV 1404174336,1404182527,EE 1404182528,1404187519,SE 1404187520,1404187535,LV @@ -25876,8 +26015,7 @@ 1404788736,1404796927,LT 1404796928,1404801023,EE 1404801024,1404803071,SE -1404803072,1404804095,LV -1404804096,1404805119,SE +1404803072,1404805119,LV 1404805120,1404813311,AT 1404813312,1404815871,EE 1404815872,1404816383,LT @@ -26354,6 +26492,7 @@ 1411850240,1411858431,FR 1411858432,1411870719,DE 1411870720,1411870975,CH +1411871232,1411871487,GB 1411871744,1411871771,GB 1411871772,1411871775,FR 1411871776,1411872015,GB @@ -26485,7 +26624,9 @@ 1422400408,1422400415,IN 1422400416,1422402175,DE 1422402176,1422402239,IN -1422402240,1422406655,DE +1422402240,1422406487,DE +1422406488,1422406495,IN +1422406496,1422406655,DE 1422406656,1422406783,IN 1422406784,1422406911,DE 1422406912,1422407039,IN @@ -26567,7 +26708,9 @@ 1424608084,1424608087,FR 1424608088,1424608743,GB 1424608744,1424608751,ES -1424608752,1424610643,GB +1424608752,1424609543,GB +1424609544,1424609551,CH +1424609552,1424610643,GB 1424610644,1424610644,PL 1424610645,1424610992,GB 1424610993,1424610993,FR @@ -26843,7 +26986,9 @@ 1432092672,1432100863,RU 1432100864,1432109055,CZ 1432109056,1432117247,GB -1432125440,1432131583,NL +1432125440,1432130703,NL +1432130704,1432130711,GB +1432130712,1432131583,NL 1432131584,1432133631,US 1432133632,1432150015,GB 1432150016,1432158207,BA @@ -27093,18 +27238,20 @@ 1437073408,1437335551,FR 1437335552,1437597695,RU 1437597696,1438121983,DE -1438121984,1438127103,NL -1438127104,1438127359,GB +1438121984,1438126079,NL +1438126080,1438127359,CZ 1438127360,1438127615,SE 1438127616,1438127871,BE -1438127872,1438146559,NL +1438127872,1438130175,CZ +1438130176,1438138367,NL +1438138368,1438146559,FR 1438146560,1438154751,MT 1438154752,1438171135,DK 1438171136,1438173183,GB 1438173184,1438179327,IM 1438179328,1438181375,NL 1438181376,1438183423,SA -1438183424,1438184447,NL +1438183424,1438184447,PS 1438184448,1438185471,CH 1438185472,1438186495,DE 1438186496,1438187519,CH @@ -27363,10 +27510,8 @@ 1440213257,1440251903,DE 1440251904,1440284671,SK 1440284672,1440317439,FI -1440317440,1440320255,BG -1440320256,1440320511,DE -1440320512,1440322047,BG -1440322048,1440323071,DE +1440317440,1440322559,BG +1440322560,1440323071,DE 1440323072,1440325631,BG 1440325632,1440326655,DE 1440326656,1440328703,BG @@ -27656,7 +27801,9 @@ 1449816576,1449817855,GB 1449817856,1449818111,RO 1449818112,1449818367,DE -1449818368,1449820927,RO +1449818368,1449818623,RO +1449818624,1449819135,TR +1449819136,1449820927,RO 1449820928,1449821183,DE 1449821184,1449822719,RO 1449822720,1449823743,GB @@ -27760,7 +27907,9 @@ 1450311680,1450442751,FI 1450442752,1450704895,CH 1450704896,1451229183,RO -1451229184,1455423487,GB +1451229184,1451415166,GB +1451415167,1451415167,US +1451415168,1455423487,GB 1455423488,1456726527,FR 1456726528,1456726783,RE 1456726784,1459617791,FR @@ -27788,10 +27937,13 @@ 1466040320,1466073087,EE 1466073088,1466086016,FR 1466086017,1466086017,ES -1466086018,1466097663,FR -1466097664,1466099711,ES +1466086018,1466097919,FR +1466097920,1466099711,ES 1466099712,1466101759,PL -1466101760,1466103807,DE +1466101760,1466102271,FR +1466102272,1466102527,DE +1466102528,1466102783,FR +1466102784,1466103807,DE 1466103808,1466104575,GB 1466104576,1466104942,FR 1466104943,1466104943,BE @@ -27884,9 +28036,7 @@ 1467582464,1467584511,DE 1467584512,1467593727,BG 1467593728,1467597823,DE -1467597824,1467600895,BG -1467600896,1467601407,DE -1467601408,1467604991,BG +1467597824,1467604991,BG 1467604992,1467744255,DE 1467744256,1467777023,GB 1467777024,1467875327,ES @@ -28469,8 +28619,13 @@ 1489666048,1489674239,GB 1489674240,1489676287,NL 1489676288,1489688575,GB -1489688576,1489690111,IL -1489690112,1489690623,NL +1489688576,1489688831,IL +1489688832,1489689087,GB +1489689088,1489689343,IL +1489689344,1489689599,GB +1489689600,1489689855,IL +1489689856,1489690367,NL +1489690368,1489690623,IL 1489690624,1489692415,GB 1489692416,1489692422,AU 1489692423,1489692423,GB @@ -28524,9 +28679,7 @@ 1490328576,1490337791,GB 1490337792,1490354175,RU 1490354176,1490386943,SA -1490386944,1490391039,IT -1490391040,1490395135,CH -1490395136,1490403327,IT +1490386944,1490403327,CH 1490403328,1490419711,BG 1490419712,1490420735,DE 1490420736,1490421759,IR @@ -28679,8 +28832,15 @@ 1495160256,1495160263,GB 1495160320,1495160575,FR 1495162112,1495162367,DE +1495162496,1495162499,DE 1495162608,1495162623,GB -1495162624,1495164927,FR +1495162624,1495163399,FR +1495163400,1495163403,GB +1495163404,1495163407,FR +1495163408,1495163411,ES +1495163412,1495163415,IT +1495163416,1495164927,FR +1495165192,1495165195,NL 1495165408,1495165439,FR 1495165696,1495165951,ES 1495167488,1495167503,GB @@ -28690,6 +28850,7 @@ 1495168384,1495168415,FR 1495168640,1495168655,FR 1495169024,1495169279,FR +1495170128,1495170143,FR 1495170760,1495170763,DE 1495170816,1495171071,FR 1495171072,1495203839,NL @@ -29086,7 +29247,8 @@ 1495688704,1495689215,IR 1495689216,1495689727,RO 1495689728,1495690239,DE -1495690240,1495693311,RO +1495690240,1495691263,RO +1495691264,1495693311,DE 1495693312,1495695359,GB 1495695360,1495699455,RO 1495699456,1495700479,GB @@ -29220,7 +29382,8 @@ 1495866112,1495866879,GB 1495866880,1495867391,RO 1495867392,1495867903,IR -1495867904,1495869439,RO +1495867904,1495868415,DE +1495868416,1495869439,RO 1495869440,1495870463,IR 1495870464,1495871487,RO 1495871488,1495871743,ES @@ -29331,9 +29494,10 @@ 1496018944,1496019967,FR 1496019968,1496020735,RO 1496020736,1496020991,AU -1496020992,1496023039,RO +1496020992,1496023039,DE 1496023040,1496024063,MD -1496024064,1496027135,RO +1496024064,1496025087,TR +1496025088,1496027135,RO 1496027136,1496029183,IR 1496029184,1496032255,RO 1496032256,1496033279,KZ @@ -29410,7 +29574,8 @@ 1496142848,1496143871,CH 1496143872,1496144895,RO 1496144896,1496145151,US -1496145152,1496145663,RO +1496145152,1496145407,RO +1496145408,1496145663,TR 1496145664,1496145919,IT 1496145920,1496150015,RO 1496150016,1496152063,IR @@ -29468,7 +29633,9 @@ 1496238080,1496240127,IQ 1496240128,1496242175,RO 1496242176,1496243199,IR -1496243200,1496253439,RO +1496243200,1496248595,RO +1496248596,1496248596,MD +1496248597,1496253439,RO 1496253440,1496254463,ES 1496254464,1496260607,RO 1496260608,1496261119,IT @@ -29846,7 +30013,9 @@ 1505607680,1505615871,SE 1505615872,1505624063,SA 1505624064,1505632255,FI -1505632256,1505646847,CZ +1505632256,1505644799,CZ +1505644800,1505645055,PL +1505645056,1505646847,CZ 1505646848,1505647103,PL 1505647104,1505648639,CZ 1505648640,1505656831,LT @@ -30133,7 +30302,9 @@ 1509453824,1509457919,RU 1509457920,1509462015,NL 1509462016,1509466111,LI -1509466112,1509470207,SC +1509466112,1509469749,SC +1509469750,1509469750,NL +1509469751,1509470207,SC 1509470208,1509478399,RU 1509478400,1509482495,FR 1509482496,1509486591,RU @@ -30444,7 +30615,8 @@ 1518403584,1518436351,SE 1518436352,1518452735,NO 1518452736,1518460927,AT -1518460928,1518472191,SE +1518460928,1518469119,LV +1518469120,1518472191,SE 1518472192,1518475263,LT 1518475264,1518476287,SE 1518476288,1518476799,EE @@ -30476,7 +30648,8 @@ 1518727168,1518731263,SE 1518731264,1518780415,LT 1518780416,1518796799,HR -1518796800,1518927871,SE +1518796800,1518862335,LT +1518862336,1518927871,SE 1518927872,1518961663,LT 1518961664,1518962175,EE 1518962176,1518962687,LV @@ -30582,27 +30755,28 @@ 1532682240,1532690431,LV 1532690432,1532755967,FR 1532755968,1532756991,DE -1532756992,1532784639,BG +1532756992,1532774143,BG +1532774144,1532774399,CH +1532774400,1532784639,BG 1532784640,1532785151,TR 1532785152,1532787711,BG 1532787712,1532789759,DE -1532789760,1532791807,BG -1532791808,1532794879,DE -1532794880,1532795903,BG +1532789760,1532795903,BG 1532795904,1532796927,DE 1532796928,1532797951,BG 1532797952,1532798975,DE 1532798976,1532799999,BG 1532800000,1532801023,DE 1532801024,1532802047,BG -1532802048,1532805119,DE -1532805120,1532808191,BG -1532808192,1532811263,DE -1532811264,1532812031,BG +1532802048,1532803071,DE +1532803072,1532808191,BG +1532808192,1532809215,DE +1532809216,1532812031,BG 1532812032,1532812287,RO 1532812288,1532813311,DE 1532813312,1532816383,BG -1532816384,1532821503,DE +1532816384,1532817407,DE +1532817408,1532821503,BG 1532821504,1532887039,TR 1532887040,1532952575,PL 1532952576,1533018111,SE @@ -30707,14 +30881,20 @@ 1533761536,1533763583,NL 1533763584,1533768703,RU 1533768704,1533768959,GB -1533768960,1533771519,RU +1533768960,1533769727,RU +1533769728,1533770751,BZ +1533770752,1533771519,RU 1533771520,1533771775,GB 1533771776,1533804543,IR 1533804544,1533805567,RU 1533805568,1533807615,NL 1533807616,1533808639,US 1533808640,1533809663,SG -1533809664,1533818879,RU +1533809664,1533810687,GB +1533810688,1533811199,RU +1533811200,1533811711,GB +1533811712,1533812735,RU +1533812736,1533818879,GB 1533818880,1533819903,NL 1533819904,1533820927,RU 1533820928,1533825407,DE @@ -30755,9 +30935,7 @@ 1533929472,1533932799,GB 1533932800,1533933055,DE 1533933056,1534066687,GB -1534066688,1534300159,AT -1534300160,1534300415,DE -1534300416,1534328831,AT +1534066688,1534328831,AT 1534328832,1534459903,ES 1534459904,1534590975,AT 1534590976,1534656511,HU @@ -31012,7 +31190,9 @@ 1535562404,1535562407,GB 1535562408,1535562591,FR 1535562592,1535562623,FI -1535562624,1535562879,FR +1535562624,1535562699,FR +1535562700,1535562703,PT +1535562704,1535562879,FR 1535562880,1535563007,ES 1535563008,1535563371,FR 1535563372,1535563375,FI @@ -31960,7 +32140,7 @@ 1539774720,1539774975,PL 1539774976,1539775231,RU 1539775488,1539775743,UA -1539775744,1539775999,IL +1539775744,1539775999,NL 1539776256,1539776511,SK 1539776768,1539777023,UA 1539777024,1539777279,RU @@ -32124,7 +32304,7 @@ 1539825408,1539825919,RU 1539825920,1539826175,DE 1539826176,1539826431,AM -1539826432,1539826687,BE +1539826432,1539826687,NL 1539826688,1539826943,CH 1539826944,1539827199,RU 1539827200,1539827455,ES @@ -32208,9 +32388,9 @@ 1539902464,1539903487,LV 1539903488,1539904511,PL 1539904512,1539905535,CZ -1539905536,1539906047,UA -1539906048,1539906303,RU -1539906304,1539906559,UA +1539905536,1539905791,RU +1539905792,1539906047,UA +1539906048,1539906559,RU 1539908608,1539909631,UA 1539909632,1539910655,RU 1539910656,1539911679,PL @@ -32293,7 +32473,9 @@ 1540008960,1540011007,PL 1540011008,1540014079,RU 1540014080,1540015103,PL -1540015104,1540016193,RU +1540015104,1540016127,RU +1540016128,1540016135,DE +1540016136,1540016193,RU 1540016194,1540016194,NL 1540016195,1540016393,RU 1540016394,1540016394,IE @@ -32353,7 +32535,7 @@ 1540081664,1540082687,DE 1540082688,1540083711,NO 1540083712,1540084735,RU -1540084736,1540085759,NL +1540084736,1540085759,DE 1540085760,1540087807,PL 1540087808,1540092927,RU 1540092928,1540094975,PL @@ -33575,7 +33757,7 @@ 1540740096,1540740351,GB 1540740352,1540740607,SA 1540740608,1540740863,NL -1540740864,1540741119,RO +1540740864,1540741119,ES 1540741120,1540741375,GB 1540741632,1540742143,NL 1540742400,1540742655,DE @@ -36347,7 +36529,7 @@ 1542357504,1542357759,GB 1542357760,1542358015,FR 1542358016,1542358271,UA -1542358272,1542358527,CZ +1542358272,1542358527,RU 1542358528,1542359039,PL 1542359040,1542360319,RU 1542360320,1542360575,NL @@ -36544,7 +36726,6 @@ 1542462208,1542462463,GE 1542462464,1542463487,PL 1542463488,1542463743,FR -1542463744,1542463999,ES 1542464000,1542464255,DE 1542464256,1542464511,CZ 1542464512,1542464767,RU @@ -36761,7 +36942,6 @@ 1542691328,1542691839,PT 1542691840,1542692863,RU 1542692864,1542696959,IR -1542696960,1542701055,RU 1542701056,1542709247,UA 1542709248,1542717439,RU 1542717440,1542733823,UA @@ -37167,7 +37347,9 @@ 1547665408,1547669503,GB 1547669504,1547673599,AT 1547673600,1547677695,NL -1547677696,1547683839,RU +1547677696,1547682559,RU +1547682560,1547682815,NL +1547682816,1547683839,RU 1547683840,1547683967,PL 1547683968,1547684031,EE 1547684032,1547684095,LV @@ -37182,11 +37364,15 @@ 1548159236,1548159487,NL 1548159488,1548159999,GB 1548160000,1548160257,NL -1548160260,1548160607,NL +1548160260,1548160567,NL +1548160568,1548160575,DE +1548160576,1548160607,NL 1548160608,1548160639,GB 1548160640,1548161375,NL 1548161376,1548161407,GB -1548161408,1548162463,NL +1548161408,1548161727,NL +1548161728,1548161791,GB +1548161792,1548162463,NL 1548162464,1548162495,FR 1548162496,1548169215,NL 1548169216,1548171263,DE @@ -37306,7 +37492,9 @@ 1558083960,1558083963,CZ 1558083964,1558084208,FR 1558084209,1558084209,ES -1558084210,1558084655,FR +1558084210,1558084649,FR +1558084650,1558084650,IT +1558084651,1558084655,FR 1558084656,1558084659,BE 1558084660,1558085055,FR 1558085056,1558085071,GB @@ -37332,7 +37520,9 @@ 1558112096,1558112127,ES 1558112128,1558112191,FR 1558112192,1558112192,ES -1558112193,1558112207,FR +1558112193,1558112198,FR +1558112199,1558112199,ES +1558112200,1558112207,FR 1558112208,1558112208,ES 1558112209,1558112209,FR 1558112210,1558112211,ES @@ -37347,9 +37537,20 @@ 1558126592,1558128639,RU 1558128640,1558129663,LU 1558129664,1558130687,US -1558130688,1558141439,LU +1558130688,1558138879,LU +1558138880,1558139135,RU +1558139136,1558139391,NL +1558139392,1558139903,US +1558139904,1558140159,DE +1558140160,1558140415,RU +1558140416,1558140671,SG +1558140672,1558140927,RU +1558140928,1558141439,LU 1558141440,1558141695,CY -1558141696,1558147583,LU +1558141696,1558141951,RU +1558141952,1558144255,LU +1558144256,1558144767,RU +1558144768,1558147583,LU 1558147584,1558147839,RU 1558147840,1558148095,LU 1558148096,1558148351,SG @@ -37369,7 +37570,9 @@ 1558180024,1558180039,IT 1558180040,1558180071,NL 1558180072,1558180079,IT -1558180080,1558180287,NL +1558180080,1558180095,NL +1558180096,1558180111,IT +1558180112,1558180287,NL 1558180288,1558180367,IT 1558180368,1558180863,NL 1558180864,1558183935,IT @@ -37444,7 +37647,7 @@ 1559941888,1559943167,DE 1559943168,1559944191,LU 1559944192,1559945727,FR -1559945728,1559946751,LU +1559945728,1559946751,GB 1559946752,1559947519,DE 1559947520,1559949311,LU 1559949312,1559950335,DE @@ -37737,13 +37940,15 @@ 1567699968,1567702015,RO 1567702016,1567703039,TR 1567703040,1567705087,MD -1567705088,1567707135,BG +1567705088,1567705599,BG +1567705600,1567705855,MD +1567705856,1567707135,BG 1567707136,1567709183,MD 1567709184,1567709439,RO 1567709440,1567709695,IT 1567709696,1567710207,RO 1567710208,1567711231,MD -1567711232,1567711487,RO +1567711232,1567711487,TR 1567711488,1567711743,PL 1567711744,1567712511,RO 1567712512,1567712767,PL @@ -37753,7 +37958,9 @@ 1567715328,1567717375,MD 1567717376,1567719167,RO 1567719168,1567719423,GB -1567719424,1567721471,RO +1567719424,1567720191,RO +1567720192,1567720447,NO +1567720448,1567721471,RO 1567721472,1567723519,ES 1567723520,1567727359,RO 1567727360,1567727615,GB @@ -38180,7 +38387,9 @@ 1571704832,1571706879,GB 1571706880,1571708179,SC 1571708180,1571708180,NL -1571708181,1571708927,SC +1571708181,1571708338,SC +1571708339,1571708339,NL +1571708340,1571708927,SC 1571708928,1571709439,GB 1571709440,1571709567,DE 1571709568,1571709695,GB @@ -38216,7 +38425,8 @@ 1571748608,1571748863,GB 1571748864,1571749119,US 1571749120,1571749375,SG -1571749376,1571749887,GB +1571749376,1571749631,GB +1571749632,1571749887,SG 1571749888,1571758079,RU 1571758080,1571766271,IL 1571766272,1571786751,PL @@ -38253,8 +38463,7 @@ 1572035584,1572036607,GB 1572036608,1572039679,RU 1572039680,1572043263,GB -1572043264,1572043775,RU -1572043776,1572044799,GB +1572043264,1572044799,RU 1572044800,1572061183,IT 1572061184,1572077567,PL 1572077568,1572093951,RU @@ -39093,7 +39302,9 @@ 1586233344,1586241535,FR 1586241536,1586249727,SE 1586249728,1586257919,SI -1586257920,1586264063,SE +1586257920,1586261503,SE +1586261504,1586261759,RS +1586261760,1586264063,SE 1586264064,1586265087,LV 1586265088,1586266111,SE 1586266112,1586274303,RU @@ -39244,7 +39455,9 @@ 1588682752,1588684799,RO 1588684800,1588685055,TH 1588685056,1588685311,VG -1588685312,1588688383,RO +1588685312,1588686847,RO +1588686848,1588687103,NO +1588687104,1588688383,RO 1588688384,1588688639,GB 1588688640,1588689407,RO 1588689408,1588689663,GB @@ -39282,7 +39495,8 @@ 1589510144,1589542911,RU 1589542912,1589560319,BG 1589560320,1589561343,GI -1589561344,1589575679,BG +1589561344,1589563391,NL +1589563392,1589575679,BG 1589575680,1589608447,RU 1589608448,1589622783,SE 1589622784,1589641215,DK @@ -39610,7 +39824,9 @@ 1596873472,1596873727,RU 1596873728,1596873983,UZ 1596873984,1596874751,RU -1596874752,1596875775,UA +1596874752,1596875007,UA +1596875008,1596875263,RU +1596875264,1596875775,UA 1596875776,1596876799,UZ 1596876800,1596877311,RU 1596877312,1596877596,CZ @@ -39681,8 +39897,7 @@ 1596956160,1596956671,RU 1596956672,1596956927,CZ 1596956928,1596957183,RU -1596957184,1596957695,UA -1596957696,1596957951,RU +1596957184,1596957951,UA 1596957952,1596958207,CZ 1596958208,1596958463,RU 1596958464,1596958719,UA @@ -40133,9 +40348,7 @@ 1605099520,1605107711,RU 1605107712,1605108247,GB 1605108248,1605108255,IT -1605108256,1605108567,GB -1605108568,1605108575,IT -1605108576,1605108583,GB +1605108256,1605108583,GB 1605108584,1605108591,IT 1605108592,1605109079,GB 1605109080,1605109087,IT @@ -40165,9 +40378,7 @@ 1605111904,1605111911,IT 1605111912,1605111935,GB 1605111936,1605111943,IT -1605111944,1605112119,GB -1605112120,1605112127,IT -1605112128,1605113383,GB +1605111944,1605113383,GB 1605113384,1605113391,IT 1605113392,1605113407,GB 1605113408,1605113415,IT @@ -40573,7 +40784,7 @@ 1698004992,1698013183,IN 1698013184,1698021375,US 1698021376,1698029567,NZ -1698029568,1698037759,AU +1698029568,1698037759,PK 1698037760,1698103295,CN 1698103296,1698136063,KR 1698136064,1698160639,JP @@ -40699,8 +40910,7 @@ 1728153600,1728154623,SG 1728154624,1728155647,JP 1728155648,1728157695,MY -1728157696,1728157951,HK -1728157952,1728158463,MY +1728157696,1728158463,HK 1728158464,1728158719,NL 1728158720,1728159743,HK 1728159744,1728161791,TH @@ -40769,8 +40979,7 @@ 1728286720,1728287743,AU 1728287744,1728290815,CN 1728290816,1728291839,AU -1728291840,1728292607,US -1728292608,1728292863,SG +1728291840,1728292863,SG 1728292864,1728293887,PG 1728293888,1728294911,MY 1728294912,1728295935,TH @@ -41263,6 +41472,7 @@ 1728751616,1728751871,IN 1728751872,1728752639,ID 1728752640,1728753663,HK +1728753664,1728754687,PH 1728754688,1728755711,IN 1728755712,1728756735,ID 1728756736,1728757759,IN @@ -42579,7 +42789,13 @@ 1730017792,1730019327,PH 1730019328,1730020351,ID 1730020352,1730021375,HK -1730022400,1730023423,IN +1730022400,1730023169,IN +1730023170,1730023231,US +1730023232,1730023232,IN +1730023233,1730023296,US +1730023297,1730023297,IN +1730023298,1730023359,US +1730023360,1730023423,IN 1730023424,1730024447,HK 1730024448,1730025471,CN 1730025472,1730026495,HK @@ -42902,9 +43118,7 @@ 1730599936,1730604031,CN 1730604032,1730605055,NP 1730605056,1730607103,IN -1730608128,1730608639,CN -1730608640,1730608895,HK -1730608896,1730609151,CN +1730608128,1730609151,CN 1730609152,1730610687,IN 1730610688,1730610943,MY 1730610944,1730611199,SG @@ -42925,7 +43139,6 @@ 1730623488,1730624511,HK 1730624512,1730625535,AU 1730625536,1730626559,CN -1730626560,1730627583,HK 1730628608,1730629631,HK 1730629632,1730630655,PK 1730630656,1730631679,AU @@ -43047,7 +43260,6 @@ 1730801664,1730802687,JP 1730802688,1730803199,BD 1730803200,1730803711,ID -1730803712,1730804735,HK 1730804736,1730805759,JP 1730805760,1730806783,AF 1730807808,1730808831,CN @@ -43937,7 +44149,9 @@ 1731940352,1731942655,IN 1731942656,1731942911,JP 1731942912,1731943423,HK -1731943424,1731944447,KR +1731943424,1731944258,KR +1731944259,1731944259,CH +1731944260,1731944447,KR 1731944448,1731945471,IN 1731945472,1731946495,CN 1731946496,1731947519,IN @@ -43966,6 +44180,7 @@ 1731987456,1731987711,SG 1731987712,1731987967,ID 1731987968,1731988479,SG +1731988480,1731989503,US 1731989504,1731990527,VN 1731990528,1731990783,AU 1731990784,1731991039,IN @@ -44143,7 +44358,8 @@ 1732242432,1732243455,HK 1732243456,1732249599,CN 1732249600,1732250623,SG -1732250624,1732251135,MY +1732250624,1732250879,HK +1732250880,1732251135,MY 1732251136,1732251647,ID 1732251648,1732252671,SG 1732252672,1732253695,MM @@ -44287,9 +44503,8 @@ 1732504576,1732505599,IN 1732505600,1732506623,ID 1732506624,1732507647,IN -1732507648,1732507902,AU -1732507903,1732507903,PH -1732507904,1732508671,AU +1732507648,1732507648,PH +1732507649,1732508671,AU 1732508672,1732509695,CN 1732509696,1732510719,ID 1732510720,1732511743,BD @@ -44328,8 +44543,7 @@ 1732546560,1732547583,JP 1732547584,1732549631,KR 1732549632,1732550655,PH -1732550656,1732551679,AU -1732551680,1732552703,SG +1732550656,1732552703,AU 1732552704,1732554751,HK 1732554752,1732555263,IN 1732555264,1732555775,AU @@ -44541,7 +44755,7 @@ 1732800512,1732806655,CN 1732806656,1732808703,IN 1732808704,1732809727,CN -1732809728,1732809983,KR +1732809728,1732809983,US 1732809984,1732810751,CN 1732810752,1732811775,HK 1732811776,1732812799,IN @@ -44938,7 +45152,7 @@ 1733249024,1733249279,AU 1733249280,1733249791,IN 1733249792,1733250047,AU -1733250048,1733251071,GB +1733250048,1733251071,US 1733251072,1733253119,CN 1733253120,1733253631,AU 1733253632,1733254143,ID @@ -45029,6 +45243,127 @@ 1733345280,1733346303,CN 1733346304,1733347327,IN 1733347328,1733348351,CN +1733348352,1733349375,JP +1733349376,1733349631,NZ +1733349632,1733349887,AU +1733349888,1733350399,MN +1733350400,1733351423,CN +1733351424,1733352447,TH +1733352448,1733352959,HK +1733352960,1733353471,JP +1733353472,1733354495,BD +1733354496,1733355519,AU +1733355520,1733356543,CN +1733356544,1733358591,ID +1733358592,1733359615,AU +1733359616,1733360383,IN +1733360384,1733360639,AU +1733360640,1733361151,HK +1733361152,1733361663,AU +1733361664,1733362687,IN +1733362688,1733364735,CN +1733364736,1733365759,IN +1733365760,1733367807,CN +1733367808,1733371903,IN +1733371904,1733372927,AU +1733372928,1733374975,CN +1733374976,1733375743,AU +1733375744,1733377023,IN +1733377024,1733379071,ID +1733379072,1733380095,BD +1733380096,1733381119,JP +1733381120,1733381375,AU +1733381376,1733382143,IN +1733382144,1733384191,VN +1733384192,1733386239,IN +1733386240,1733387263,CN +1733387264,1733387775,ID +1733387776,1733388031,AU +1733388032,1733388287,IN +1733388288,1733388799,BD +1733388800,1733390591,IN +1733390592,1733391359,MM +1733391360,1733392383,IN +1733392384,1733393407,CN +1733393408,1733394431,AU +1733394432,1733395455,SG +1733395456,1733396479,ID +1733396480,1733396735,NP +1733396736,1733396991,IN +1733396992,1733397247,ID +1733397248,1733397503,IN +1733397504,1733399551,JP +1733399552,1733400575,CN +1733400576,1733402879,IN +1733402880,1733403135,AU +1733403136,1733403391,MY +1733403392,1733403647,SG +1733403648,1733405695,CN +1733405696,1733406719,BD +1733406720,1733407743,JP +1733407744,1733407999,TH +1733408000,1733408511,IN +1733408512,1733409279,CN +1733409280,1733409535,DE +1733409536,1733409791,CN +1733409792,1733411327,IN +1733411328,1733411839,ID +1733411840,1733412863,BD +1733412864,1733413887,CN +1733413888,1733414911,BD +1733414912,1733416959,IN +1733419008,1733420031,NZ +1733420032,1733420287,SG +1733420288,1733421055,IN +1733421056,1733422079,CN +1733422080,1733424127,IN +1733424128,1733424383,AU +1733424384,1733424639,IN +1733424640,1733424895,ID +1733424896,1733425151,HK +1733425152,1733425663,ID +1733425664,1733427199,IN +1733427200,1733428223,GB +1733428224,1733428735,HK +1733428736,1733429247,ID +1733429248,1733430271,BD +1733430272,1733431295,ID +1733431296,1733432319,HK +1733432320,1733437439,VN +1733437440,1733438975,IN +1733438976,1733439487,PH +1733439488,1733440511,IN +1733440512,1733441535,CN +1733441536,1733442559,LA +1733442560,1733443583,CN +1733443584,1733444095,GB +1733444096,1733444607,IN +1733444608,1733445631,CN +1733445632,1733448703,IN +1733448704,1733449727,CN +1733449728,1733450751,JP +1733450752,1733453823,IN +1733453824,1733454847,CN +1733454848,1733455871,AU +1733455872,1733456895,JP +1733456896,1733457919,PH +1733457920,1733458943,PK +1733458944,1733459199,AU +1733459200,1733459455,IN +1733459456,1733459967,ID +1733459968,1733460991,GB +1733460992,1733462015,VN +1733462016,1733463039,AU +1733463040,1733464063,HK +1733464064,1733466111,IN +1733466112,1733467135,AU +1733467136,1733469183,IN +1733469184,1733470207,ID +1733470208,1733471231,HK +1733471232,1733472255,BD +1733472256,1733473279,IN +1733473280,1733474303,ID +1733474304,1733476351,IN 1740636160,1740644351,CN 1740644352,1740645375,IN 1740645376,1740647423,HK @@ -45324,6 +45659,7 @@ 1741020160,1741022207,IN 1741022208,1741023231,CN 1741023232,1741025279,AU +1741025280,1741026303,IN 1741026304,1741027327,TH 1741027328,1741028351,BD 1741028352,1741028519,CN @@ -45360,7 +45696,7 @@ 1741051904,1741052927,PH 1741052928,1741053183,AU 1741053184,1741053439,ID -1741053440,1741055999,IN +1741053952,1741055999,IN 1741056000,1741056511,NZ 1741056512,1741057023,AU 1741057024,1741058047,JP @@ -45463,7 +45799,9 @@ 1741243392,1741245439,HK 1741245440,1741257727,CN 1741257728,1741258751,IN -1741258752,1741259775,JP +1741258752,1741259007,JP +1741259008,1741259263,HK +1741259264,1741259775,JP 1741259776,1741264895,IN 1741264896,1741303807,CN 1741303808,1741304831,HK @@ -45647,7 +45985,7 @@ 1741572608,1741573119,KR 1741573120,1741574143,JP 1741574144,1741575167,PH -1741575168,1741576191,PK +1741575168,1741576191,US 1741576192,1741577215,JP 1741577216,1741578239,HK 1741578240,1741578751,IN @@ -45792,7 +46130,7 @@ 1741756416,1741756927,AU 1741756928,1741757439,IN 1741757440,1741758463,HK -1741758464,1741759487,AU +1741758464,1741759487,US 1741759488,1741760511,IN 1741760512,1741761535,HK 1741761536,1741762559,AU @@ -45855,9 +46193,8 @@ 1741815808,1741816831,CN 1741816832,1741817855,PK 1741817856,1741818367,PH -1741818368,1741819135,AU -1741819136,1741819391,PK -1741819392,1741819903,AU +1741818368,1741818879,AU +1741818880,1741819903,US 1741819904,1741820927,BD 1741820928,1741821951,PH 1741821952,1741822975,AU @@ -46267,7 +46604,7 @@ 1742340096,1742341119,CN 1742341120,1742342143,HK 1742342144,1742346239,CN -1742346240,1742347263,SG +1742346240,1742347263,BD 1742347264,1742364671,CN 1742364672,1742365695,PH 1742365696,1742366719,IN @@ -46785,7 +47122,7 @@ 1743125504,1743126527,JP 1743126528,1743127551,CN 1743127552,1743128575,BD -1743128576,1743129599,JP +1743128576,1743129599,PH 1743129600,1743130623,HK 1743130624,1743131647,BD 1743131648,1743132671,IN @@ -46844,7 +47181,6 @@ 1743185920,1743186943,SG 1743186944,1743187967,CN 1743187968,1743188991,HK -1743188992,1743190015,JP 1743190016,1743191039,SG 1743191040,1743192063,AF 1743192064,1743195135,IN @@ -47437,7 +47773,9 @@ 1743897600,1743899647,AU 1743899648,1743900671,ID 1743900672,1743901695,JP -1743901696,1743902463,AU +1743901696,1743901951,AU +1743901952,1743902207,US +1743902208,1743902463,AU 1743902464,1743902719,US 1743902720,1743903743,AU 1743903744,1743904767,CN @@ -47551,7 +47889,7 @@ 1744018432,1744019455,MY 1744019456,1744020479,NZ 1744020480,1744021503,HK -1744021504,1744022527,TH +1744022016,1744022271,TH 1744022528,1744023551,SG 1744023552,1744023807,IN 1744023808,1744024319,ID @@ -47780,7 +48118,7 @@ 1744245760,1744247807,ID 1744247808,1744248831,IN 1744248832,1744249855,ID -1744249856,1744250367,HK +1744249856,1744250367,US 1744250368,1744250879,PH 1744250880,1744251903,ID 1744251904,1744252927,BD @@ -48123,7 +48461,8 @@ 1744602112,1744603135,HK 1744604160,1744607231,IN 1744607232,1744608255,AU -1744608256,1744609791,IN +1744608256,1744609279,IN +1744609536,1744609791,IN 1744609792,1744610047,HK 1744610048,1744610303,ID 1744610304,1744612351,IN @@ -48570,14 +48909,14 @@ 1749188608,1749196799,US 1749196800,1749204991,NL 1749204992,1749221375,US -1749221376,1749237759,NL -1749237760,1749327871,US +1749221376,1749229567,NL +1749229568,1749327871,US 1749327872,1749336063,NL 1749336064,1749340159,US 1749340160,1749344255,NL 1749344256,1749364735,US -1749364736,1749389311,NL -1749389312,1749397503,US +1749364736,1749381119,NL +1749381120,1749397503,US 1749397504,1749406719,NL 1749406720,1749413887,US 1749413888,1749422079,NL @@ -48772,8 +49111,8 @@ 1751834624,1751838719,NL 1751838720,1751879679,US 1751879680,1751883775,NL -1751883776,1751885311,US -1751885312,1751885823,NL +1751883776,1751884799,US +1751884800,1751885823,NL 1751885824,1751896063,US 1751896064,1751896831,NL 1751896832,1751897087,US @@ -48854,7 +49193,9 @@ 1752940544,1752946175,NL 1752946176,1752948735,US 1752948736,1752952831,NL -1752952832,1752982527,US +1752952832,1752971007,US +1752971008,1752971263,NL +1752971264,1752982527,US 1752982528,1753005055,NL 1753005056,1753006079,US 1753006080,1753014271,NL @@ -48862,7 +49203,9 @@ 1753022976,1753026047,NL 1753026048,1753026559,US 1753026560,1753042943,NL -1753042944,1753077247,US +1753042944,1753046015,US +1753046016,1753046271,NL +1753046272,1753077247,US 1753077248,1753077503,NL 1753077504,1753097727,US 1753097728,1753117183,NL @@ -48911,7 +49254,8 @@ 1753487680,1753487727,GB 1753487728,1753489407,US 1753489408,1753489663,GB -1753489664,1753490175,US +1753489664,1753489919,HK +1753489920,1753490175,US 1753490176,1753490431,AU 1753490432,1753490687,IL 1753490688,1753491455,US @@ -48920,7 +49264,9 @@ 1753494528,1753494783,IL 1753494784,1753497407,US 1753497408,1753497455,PH -1753497456,1753512703,US +1753497456,1753499391,US +1753499392,1753499647,PH +1753499648,1753512703,US 1753512704,1753512959,SG 1753512960,1753516543,US 1753516544,1753516799,ES @@ -48942,11 +49288,10 @@ 1753532416,1753532671,JP 1753532672,1753538815,US 1753538816,1753539071,PH -1753539072,1753539583,US +1753539072,1753539327,US +1753539328,1753539583,IE 1753539584,1753539839,CH -1753539840,1753547007,US -1753547008,1753547263,DE -1753547264,1753735167,US +1753539840,1753735167,US 1753735168,1753743359,IE 1753743360,1754136575,US 1754136576,1754169343,CA @@ -49115,7 +49460,9 @@ 1754869760,1754870783,CA 1754870784,1754871807,US 1754871808,1754872831,CA -1754872832,1754890239,US +1754872832,1754886143,US +1754886144,1754888191,IL +1754888192,1754890239,US 1754890240,1754892287,BB 1754892288,1754894335,CA 1754894336,1754899455,US @@ -49297,7 +49644,9 @@ 1757424640,1757425663,CA 1757425664,1757426687,US 1757426688,1757427711,CA -1757427712,1757443071,US +1757427712,1757432831,US +1757432832,1757433855,CA +1757433856,1757443071,US 1757443072,1757446143,CA 1757446144,1757447167,US 1757447168,1757447343,CA @@ -49346,7 +49695,11 @@ 1757957888,1757958143,US 1757958144,1757962239,CA 1757962240,1757966335,BB -1757966336,1758199807,US +1757966336,1757996287,US +1757996288,1757996543,GB +1757996544,1758002431,US +1758002432,1758002687,GB +1758002688,1758199807,US 1758199808,1758330879,CA 1758330880,1758412799,US 1758412800,1758413055,BG @@ -49544,15 +49897,14 @@ 1759526144,1759526399,CC 1759526400,1759526655,JE 1759526656,1759526911,FO -1759526912,1759535103,US +1759526912,1759528959,IL +1759528960,1759535103,US 1759535104,1759543295,CA 1759543296,1759547391,US 1759547392,1759548415,NL 1759548416,1759707735,US 1759707736,1759707743,NO -1759707744,1759709183,US -1759709184,1759709439,LT -1759709440,1759721831,US +1759707744,1759721831,US 1759721832,1759721839,NO 1759721840,1759727103,US 1759727104,1759727359,IN @@ -49598,12 +49950,14 @@ 1760475136,1760476159,GB 1760476160,1760477183,FR 1760477184,1760657407,US -1760657408,1760677887,CA -1760677888,1760690175,US +1760657408,1760673791,CA +1760673792,1760690175,US 1760690176,1760755711,CA 1760755712,1760776191,US 1760776192,1760784383,CA -1760784384,1760812543,US +1760784384,1760811007,US +1760811008,1760812031,NL +1760812032,1760812543,US 1760812544,1760813055,CA 1760813056,1760817151,US 1760817152,1760817407,MO @@ -49618,7 +49972,7 @@ 1760819456,1760819711,GB 1760819712,1760819967,MA 1760819968,1760820223,HK -1760820224,1760820479,JP +1760820224,1760820479,US 1760820480,1760820735,CA 1760820736,1760823295,US 1760823296,1760824319,PT @@ -49669,7 +50023,9 @@ 1761019648,1761019903,VE 1761019904,1761023231,US 1761023232,1761023487,JP -1761023488,1761043711,US +1761023488,1761038335,US +1761038336,1761039871,CA +1761039872,1761043711,US 1761043712,1761043967,PH 1761043968,1761044479,US 1761044480,1761044735,AU @@ -49736,7 +50092,7 @@ 1761259008,1761259031,PT 1761259032,1761259032,US 1761259033,1761259263,PT -1761259264,1761259519,FR +1761259264,1761259519,US 1761259520,1761259775,KH 1761259776,1761260031,AZ 1761260032,1761260287,ET @@ -49747,7 +50103,7 @@ 1761261312,1761261567,PR 1761261568,1761261823,VG 1761261824,1761262079,SG -1761262080,1761262335,IN +1761262080,1761262335,US 1761262336,1761262591,PK 1761262592,1761262847,US 1761262848,1761263103,RU @@ -49795,7 +50151,9 @@ 1761544192,1761546239,CA 1761546240,1761554431,US 1761554432,1761555455,CA -1761555456,1761581055,US +1761555456,1761556479,US +1761556480,1761558527,IL +1761558528,1761581055,US 1761581056,1761583103,CA 1761583104,1761587199,US 1761587200,1761588223,AI @@ -50008,7 +50366,8 @@ 1805000059,1805000059,CA 1805000060,1805010175,US 1805010176,1805010431,CA -1805010432,1805016063,US +1805010432,1805010687,KR +1805010688,1805016063,US 1805016064,1805016319,EE 1805016320,1805016575,RU 1805016576,1805016831,NZ @@ -50706,7 +51065,9 @@ 1835917856,1835917863,IT 1835917864,1835917919,GB 1835917920,1835917935,IT -1835917936,1835918439,GB +1835917936,1835917959,GB +1835917960,1835917967,IT +1835917968,1835918439,GB 1835918440,1835918447,IT 1835918448,1835918519,GB 1835918520,1835918527,IT @@ -50722,9 +51083,7 @@ 1835919512,1835919519,IT 1835919520,1835919751,GB 1835919752,1835919759,IT -1835919760,1835920839,GB -1835920840,1835920847,IT -1835920848,1835921079,GB +1835919760,1835921079,GB 1835921080,1835921087,IT 1835921088,1835921111,GB 1835921112,1835921127,IT @@ -50774,7 +51133,9 @@ 1835991040,1835999231,RU 1835999232,1836007423,IR 1836007424,1836015615,RU -1836015616,1836023807,AD +1836015616,1836017968,AD +1836017969,1836017969,ES +1836017970,1836023807,AD 1836023808,1836040191,RU 1836040192,1836048383,GB 1836048384,1836056575,RS @@ -51552,10 +51913,7 @@ 1844772864,1844838399,RS 1844838400,1844903935,GB 1844903936,1844969471,NO -1844969472,1844973567,EE -1844973568,1844994047,RU -1844994048,1845002239,EE -1845002240,1845006335,RU +1844969472,1845006335,RU 1845006336,1845010431,KZ 1845010432,1845022719,RU 1845022720,1845023743,KZ @@ -52040,7 +52398,9 @@ 1897170944,1897172991,ID 1897172992,1897175039,PH 1897175040,1897176063,JP -1897176064,1897177087,SG +1897176064,1897176319,SG +1897176320,1897176575,HK +1897176576,1897177087,SG 1897177088,1897201663,JP 1897201664,1897209855,KR 1897209856,1897213951,AU @@ -52072,8 +52432,8 @@ 1897736032,1897736223,CN 1897736224,1897736255,US 1897736256,1897736351,CN -1897736352,1897736383,HK -1897736384,1897737984,CN +1897736352,1897736415,HK +1897736416,1897737984,CN 1897737985,1897742335,US 1897742336,1897743575,SI 1897743576,1897743583,SG @@ -53140,6 +53500,7 @@ 1998520320,1998553087,TH 1998553088,1998561279,JP 1998561280,1998562559,IN +1998562688,1998562703,CN 1998562816,1998562863,IN 1998562864,1998562864,HK 1998562865,1998565375,IN @@ -54022,7 +54383,8 @@ 2080778240,2080780287,US 2080780288,2080780799,ID 2080780800,2080781311,MY -2080781312,2080784383,SG +2080781312,2080781823,JP +2080781824,2080784383,SG 2080784384,2080800767,CN 2080800768,2080817151,PH 2080817152,2080825343,NZ @@ -54344,7 +54706,8 @@ 2113863680,2113929215,AU 2113929216,2130706431,JP 2147483648,2147483903,NL -2147483904,2147485695,RO +2147483904,2147484671,RO +2147484672,2147485695,TR 2147485696,2147487743,DK 2147487744,2147489791,NO 2147489792,2147491839,RU @@ -54352,7 +54715,7 @@ 2147494912,2147495167,RO 2147495168,2147495423,DE 2147495424,2147496959,RO -2147496960,2147497215,DE +2147496960,2147497215,ES 2147497216,2147497471,RO 2147497472,2147498239,DE 2147498240,2147498495,RO @@ -56257,7 +56620,9 @@ 2303342460,2303342463,DE 2303342464,2303343039,FR 2303343040,2303343103,PT -2303343104,2303343487,FR +2303343104,2303343435,FR +2303343436,2303343439,GB +2303343440,2303343487,FR 2303343488,2303343615,IE 2303343616,2303343827,FR 2303343828,2303343831,DE @@ -56275,7 +56640,9 @@ 2303353216,2303353343,GB 2303353344,2303353783,FR 2303353784,2303353787,GB -2303353788,2303354639,FR +2303353788,2303354555,FR +2303354556,2303354559,FI +2303354560,2303354639,FR 2303354640,2303354643,GB 2303354644,2303361079,FR 2303361080,2303361087,GB @@ -56283,9 +56650,13 @@ 2303361536,2303361599,GB 2303361600,2303362063,FR 2303362064,2303362079,DE -2303362080,2303365279,FR +2303362080,2303362303,FR +2303362304,2303362559,DE +2303362560,2303365279,FR 2303365280,2303365295,GB -2303365296,2303374745,FR +2303365296,2303368579,FR +2303368580,2303368583,ES +2303368584,2303374745,FR 2303374746,2303374746,ES 2303374747,2303376807,FR 2303376808,2303376815,ES @@ -56295,13 +56666,15 @@ 2303382880,2303382895,ES 2303382896,2303383503,FR 2303383504,2303383519,GB -2303383520,2303384287,FR -2303384288,2303384303,GB -2303384304,2303384959,FR +2303383520,2303384959,FR 2303384960,2303384991,GB 2303384992,2303388415,FR 2303388416,2303388543,ES -2303388544,2303393791,FR +2303388544,2303392843,FR +2303392844,2303392847,FI +2303392848,2303393535,FR +2303393536,2303393567,PT +2303393568,2303393791,FR 2303393792,2303459327,US 2303459328,2303524863,AU 2303524864,2303852543,US @@ -56999,6 +57372,7 @@ 2331508736,2331574271,GB 2331574272,2331639807,FI 2331639808,2331770879,GB +2331770880,2331836415,AU 2331836416,2331901951,GB 2331901952,2331967487,US 2331967488,2331980799,BR @@ -57084,9 +57458,7 @@ 2334064640,2334916607,US 2334916608,2334982143,AU 2334982144,2335113215,US -2335113216,2335129599,NL -2335129600,2335145983,ES -2335145984,2335154175,NL +2335113216,2335154175,ES 2335154176,2335178751,DE 2335178752,2335244287,CA 2335244288,2335309823,US @@ -57102,7 +57474,9 @@ 2335928320,2335932415,IN 2335932416,2335940607,DE 2335940608,2335948799,GB -2335948800,2335952895,SG +2335948800,2335951266,SG +2335951267,2335951267,GB +2335951268,2335952895,SG 2335952896,2335954943,DE 2335954944,2335965183,SG 2335965184,2336010239,US @@ -57175,8 +57549,7 @@ 2342518784,2342584319,FR 2342584320,2342649855,US 2342649856,2342666239,SG -2342666240,2342674431,JP -2342674432,2342682623,US +2342666240,2342682623,JP 2342682624,2342699007,DE 2342699008,2342715391,GB 2342715392,2342780927,AU @@ -57392,12 +57765,10 @@ 2372218880,2372222207,FR 2372222208,2372222975,CH 2372222976,2372223487,NL -2372223488,2372224255,FR -2372224256,2372224511,US +2372223488,2372224511,FR 2372224512,2372225023,GB 2372225024,2372225791,US -2372225792,2372226047,NL -2372226048,2372226303,JP +2372225792,2372226303,NL 2372226304,2372226559,SG 2372226560,2372227583,SE 2372227584,2372228607,KR @@ -57674,7 +58045,9 @@ 2388393984,2389245951,CA 2389245952,2389311487,US 2389311488,2389639167,CA -2389639168,2389704703,US +2389639168,2389671935,US +2389671936,2389688319,CN +2389688320,2389704703,US 2389704704,2390818815,CA 2390818816,2390884351,US 2390884352,2390995455,CA @@ -57959,10 +58332,13 @@ 2416085760,2416086015,GB 2416086016,2416086271,SG 2416086272,2416087039,GB -2416087040,2416095231,NL +2416087040,2416091135,NL +2416091136,2416093183,ES +2416093184,2416095231,NL 2416095232,2416111615,US 2416111616,2416113663,IE -2416113664,2416115711,NL +2416113664,2416114687,ES +2416114688,2416115711,NL 2416115712,2416181247,US 2416181248,2416246783,FI 2416246784,2416312319,US @@ -58127,8 +58503,8 @@ 2419081216,2419082239,CN 2419082240,2419083263,HK 2419083264,2419085311,IN -2419085312,2419086079,MM -2419086080,2419086335,HK +2419085312,2419085823,MM +2419085824,2419086335,HK 2419086336,2419087359,BD 2419087360,2419088383,CN 2419088384,2419089407,KR @@ -58137,7 +58513,9 @@ 2419090176,2419090431,JP 2419090432,2419091455,KR 2419091456,2419091711,US -2419091712,2419092479,SG +2419091712,2419091967,SG +2419091968,2419092223,US +2419092224,2419092479,SG 2419092480,2419094527,BD 2419094528,2419095551,AU 2419095552,2419096575,PK @@ -58282,7 +58660,9 @@ 2432630784,2432696319,CN 2432696320,2433247231,NL 2433247232,2433247487,GB -2433247488,2433810431,NL +2433247488,2433646591,NL +2433646592,2433679359,DE +2433679360,2433810431,NL 2433810432,2433875967,GB 2433875968,2435055615,NL 2435055616,2435121151,GB @@ -58336,7 +58716,7 @@ 2449039360,2449041407,RO 2449041408,2449042431,ES 2449042432,2449042687,GB -2449042944,2449043199,GB +2449042944,2449043199,RO 2449043200,2449043455,FR 2449043456,2449043967,MD 2449043968,2449044223,GB @@ -58545,7 +58925,7 @@ 2457341952,2457342975,UZ 2457342976,2457343999,RU 2457344000,2457346047,UA -2457346048,2457348095,CZ +2457346048,2457348095,BY 2457348096,2457362175,RU 2457362176,2457362431,UA 2457362432,2457364479,GB @@ -58554,9 +58934,7 @@ 2457366016,2457366527,RU 2457366528,2457367551,GB 2457367552,2457370623,CZ -2457370624,2457374719,BY -2457374720,2457375743,CZ -2457375744,2457376767,RU +2457370624,2457376767,BY 2457376768,2457378815,DE 2457378816,2457379839,NL 2457379840,2457380095,CZ @@ -58815,7 +59193,10 @@ 2465988608,2466054143,US 2466054144,2466185215,SE 2466185216,2466189311,GB -2466189312,2466191359,ES +2466189312,2466189567,ES +2466189568,2466191103,NL +2466191104,2466191167,ES +2466191168,2466191359,NL 2466191360,2466193407,CZ 2466193408,2466199551,NL 2466199552,2466201599,AT @@ -58892,8 +59273,9 @@ 2471219200,2471219423,IL 2471219424,2471219439,US 2471219440,2471219455,CA -2471219456,2471219679,FR +2471219456,2471219690,FR 2471219691,2471219691,GB +2471219692,2471219711,FR 2471219712,2471223295,IL 2471223296,2471231487,US 2471231488,2471297023,AU @@ -59384,7 +59766,9 @@ 2503518081,2503518082,US 2503518083,2503525055,CA 2503525056,2503525119,US -2503525120,2503540735,CA +2503525120,2503530911,CA +2503530912,2503530943,US +2503530944,2503540735,CA 2503540736,2503671807,US 2503671808,2503737343,NL 2503737344,2503868415,US @@ -59668,7 +60052,9 @@ 2513078432,2513078463,PT 2513078464,2513078671,FR 2513078672,2513078687,IE -2513078688,2513078911,FR +2513078688,2513078887,FR +2513078888,2513078891,GB +2513078892,2513078911,FR 2513078912,2513079039,GB 2513079040,2513079250,FR 2513079251,2513079254,ES @@ -59676,7 +60062,9 @@ 2513079328,2513079343,IE 2513079344,2513080031,FR 2513080032,2513080063,IT -2513080064,2513081327,FR +2513080064,2513080395,FR +2513080396,2513080399,GB +2513080400,2513081327,FR 2513081328,2513081343,ES 2513081344,2513081935,FR 2513081936,2513081939,DE @@ -59699,7 +60087,15 @@ 2513104820,2513104823,PL 2513104824,2513106239,FR 2513106240,2513106303,IE -2513106304,2513107455,FR +2513106304,2513107079,FR +2513107080,2513107083,FI +2513107084,2513107087,ES +2513107088,2513107231,FR +2513107232,2513107263,GB +2513107264,2513107279,ES +2513107280,2513107311,FR +2513107312,2513107327,PT +2513107328,2513107455,FR 2513107456,2513107583,GB 2513107584,2513108991,FR 2513108992,2513502207,DE @@ -60141,6 +60537,7 @@ 2546039040,2547187711,US 2547187712,2547318783,GB 2547318784,2547515391,US +2547515392,2547523583,EE 2547523584,2547524607,DE 2547524608,2547525631,IR 2547525632,2547535871,GB @@ -60156,11 +60553,17 @@ 2548829974,2548829974,DE 2548829975,2548830035,AT 2548830036,2548830036,DE -2548830037,2548830975,AT +2548830037,2548830949,AT +2548830950,2548830950,IT +2548830951,2548830975,AT 2548830976,2548831231,GB 2548831232,2548831297,AT 2548831298,2548831298,HK -2548831299,2548831501,AT +2548831299,2548831383,AT +2548831384,2548831384,HK +2548831385,2548831404,AT +2548831405,2548831405,HK +2548831406,2548831501,AT 2548831502,2548831502,FR 2548831503,2548831505,AT 2548831506,2548831506,FR @@ -60172,7 +60575,11 @@ 2548831964,2548831964,US 2548831965,2548832017,AT 2548832018,2548832018,ES -2548832019,2548832767,AT +2548832019,2548832049,AT +2548832050,2548832050,ES +2548832051,2548832628,AT +2548832629,2548832629,PL +2548832630,2548832767,AT 2548832768,2548833279,CH 2548833280,2548833535,AT 2548833536,2548833791,NL @@ -60249,7 +60656,9 @@ 2549882384,2549882399,FI 2549882400,2549882879,SE 2549882880,2549884927,CH -2549884928,2549891071,DE +2549884928,2549886207,DE +2549886208,2549886463,CH +2549886464,2549891071,DE 2549891072,2549899263,RU 2549899264,2549901311,PS 2549901312,2549903359,RU @@ -60265,7 +60674,9 @@ 2550136832,2550202367,DO 2550202368,2553544703,US 2553544704,2553610239,IN -2553610240,2554211327,US +2553610240,2553806847,US +2553806848,2554068991,SG +2554068992,2554211327,US 2554211328,2554211383,CN 2554211388,2554211583,CN 2554211584,2554227967,US @@ -60612,20 +61023,26 @@ 2584753280,2584753407,DE 2584753408,2584753663,US 2584753664,2584753727,AE -2584753728,2584753919,ZA +2584753728,2584753791,ZA +2584753792,2584753919,DE 2584753920,2584754175,US -2584754176,2584754431,ZA +2584754176,2584754303,ZA +2584754304,2584754431,DE 2584754432,2584754687,US -2584754688,2584754943,ZA +2584754688,2584754751,ZA +2584754752,2584754943,DE 2584754944,2584755199,US 2584755200,2584755263,AR 2584755264,2584755279,DE -2584755280,2584755455,ZA +2584755280,2584755327,ZA +2584755328,2584755455,DE 2584755456,2584755711,US 2584755712,2584755775,AR -2584755776,2584755967,ZA +2584755776,2584755839,ZA +2584755840,2584755967,DE 2584755968,2584756223,GB -2584756224,2584756479,ZA +2584756224,2584756351,ZA +2584756352,2584756479,DE 2584756480,2584756735,US 2584756736,2584756991,ZA 2584756992,2584757247,US @@ -60674,7 +61091,9 @@ 2584767232,2584767487,TR 2584767488,2584768511,US 2584768512,2584770559,IL -2584770560,2584775423,US +2584770560,2584773631,US +2584773632,2584773887,GB +2584773888,2584775423,US 2584775424,2584775679,KE 2584775680,2584779775,US 2584779776,2584780031,NL @@ -60779,8 +61198,8 @@ 2586953728,2586953983,MX 2586953984,2586954239,PE 2586954240,2586956287,US -2586956288,2586956799,FR -2586956800,2586968127,US +2586956288,2586957311,FR +2586957312,2586968127,US 2586968128,2586968319,FR 2586968320,2587017215,US 2587017216,2587017471,IE @@ -61086,6 +61505,7 @@ 2592038912,2592043007,DZ 2592043008,2592047103,ZA 2592047104,2592079871,AO +2592079872,2593128447,EG 2596274176,2596339711,SC 2596339712,2597322751,ZA 2597322752,2598371327,US @@ -61587,7 +62007,9 @@ 2626945024,2627010559,IT 2627010560,2627076095,NZ 2627076096,2627141631,NL -2627141632,2627469311,US +2627141632,2627354706,US +2627354707,2627354707,HK +2627354708,2627403775,US 2627469312,2627731455,TZ 2627731456,2631925759,EG 2631925760,2632450047,ZA @@ -61774,8 +62196,8 @@ 2640411392,2640411647,NL 2640411648,2640412671,US 2640412672,2640423935,NL -2640423936,2640427007,ES -2640427008,2640445439,NL +2640423936,2640429055,ES +2640429056,2640445439,NL 2640445440,2640510975,US 2640510976,2640576511,FR 2640576512,2640642047,EC @@ -62318,7 +62740,10 @@ 2673803264,2673868799,FR 2673868800,2674130943,US 2674130944,2674139135,DE -2674139136,2674163711,NL +2674139136,2674145791,NL +2674145792,2674146303,GB +2674146304,2674147327,TR +2674147328,2674163711,NL 2674163712,2674164175,GB 2674164176,2674164191,FR 2674164192,2674171903,GB @@ -62340,9 +62765,18 @@ 2674917376,2675048447,US 2675048448,2675113983,GB 2675113984,2675245055,US -2675245056,2675286015,NZ +2675245056,2675255295,NZ +2675255296,2675257343,PH +2675257344,2675261439,US +2675261440,2675269631,NZ +2675269632,2675271679,PH +2675271680,2675286015,NZ 2675286016,2675294207,US -2675294208,2675302399,NZ +2675294208,2675296255,NL +2675296256,2675296767,NZ +2675296768,2675298303,NL +2675298304,2675301375,US +2675301376,2675302399,NZ 2675302400,2675310591,HK 2675310592,2675574239,US 2675574240,2675574271,IT @@ -62376,7 +62810,8 @@ 2675609488,2675609503,CN 2675609504,2675610191,US 2675610192,2675610207,IL -2675610208,2675611295,US +2675610208,2675610215,IT +2675610216,2675611295,US 2675611296,2675611359,IT 2675611360,2675612487,US 2675612488,2675612495,IT @@ -62694,7 +63129,9 @@ 2685427712,2685452287,JP 2685452288,2685454335,CN 2685454336,2685460479,JP -2685460480,2685463039,CN +2685460480,2685462580,CN +2685462581,2685462581,JP +2685462582,2685463039,CN 2685463040,2685463295,JP 2685463296,2685468671,CN 2685468672,2685599743,JP @@ -62823,9 +63260,7 @@ 2697630720,2697632767,CN 2697632768,2697633791,IN 2697633792,2697634815,KR -2697634816,2697635072,US -2697635073,2697635327,NZ -2697635328,2697635583,US +2697634816,2697635583,US 2697635584,2697635839,NZ 2697635840,2697636863,CN 2697636864,2697638911,KR @@ -62910,8 +63345,8 @@ 2701459456,2701524991,AT 2701524992,2701656063,US 2701656064,2701688831,RU -2701688832,2701721343,US -2701721344,2701721599,RU +2701688832,2701721087,US +2701721088,2701721599,RU 2701721600,2701787135,TR 2701787136,2701852671,CO 2701852672,2701918207,US @@ -62954,7 +63389,9 @@ 2704277504,2704343039,FR 2704343040,2704408575,US 2704408576,2704474111,AU -2704474112,2704484351,US +2704474112,2704478207,US +2704478208,2704478463,SG +2704478464,2704484351,US 2704484352,2704485375,AU 2704485376,2704539647,US 2704539648,2704605183,SE @@ -63013,35 +63450,35 @@ 2708865024,2708930559,JP 2708930560,2709127167,US 2709127168,2709192703,KR -2709192704,2709225471,ZA +2709192704,2709225471,ZM 2709225472,2709225727,ES -2709225728,2709225983,ZA +2709225728,2709225983,ZM 2709225984,2709226239,ES -2709226240,2709242111,ZA +2709226240,2709242111,ZM 2709242112,2709242367,US -2709242368,2709242623,ZA +2709242368,2709242623,ZM 2709242624,2709242879,US -2709242880,2709243135,ZA +2709242880,2709243135,ZM 2709243136,2709243391,US -2709243392,2709243647,ZA +2709243392,2709243647,ZM 2709243648,2709243903,US -2709243904,2709244159,ZA +2709243904,2709244159,ZM 2709244160,2709244415,US -2709244416,2709244671,ZA +2709244416,2709244671,ZM 2709244672,2709244927,US -2709244928,2709245183,ZA +2709244928,2709245183,ZM 2709245184,2709245439,US -2709245440,2709245695,ZA +2709245440,2709245695,ZM 2709245696,2709245951,US -2709245952,2709246207,ZA +2709245952,2709246207,ZM 2709246208,2709246463,US -2709246464,2709247231,ZA +2709246464,2709247231,ZM 2709247232,2709247487,MY -2709247488,2709247743,ZA +2709247488,2709247743,ZM 2709247744,2709247999,US -2709248000,2709248255,ZA +2709248000,2709248255,ZM 2709248256,2709248511,US -2709248512,2709258239,ZA +2709248512,2709258239,ZM 2709258240,2709389311,US 2709389312,2709454847,SG 2709454848,2709716991,US @@ -63133,11 +63570,11 @@ 2714412656,2714412671,VN 2714412672,2714413343,US 2714413344,2714413359,PH -2714413360,2714416375,US -2714416376,2714416383,IN -2714416384,2714417215,US +2714413360,2714417215,US 2714417216,2714417247,JP -2714417248,2714419743,US +2714417248,2714419079,US +2714419080,2714419087,MU +2714419088,2714419743,US 2714419744,2714419775,SG 2714419776,2714419871,US 2714419872,2714419903,SG @@ -63828,7 +64265,9 @@ 2746351616,2746417151,CR 2746417152,2746482687,CN 2746482688,2746548223,KR -2746548224,2747072511,US +2746548224,2746662911,US +2746662912,2746679295,CA +2746679296,2747072511,US 2747072512,2747138047,AU 2747138048,2747465727,US 2747465728,2748055551,ZA @@ -63990,7 +64429,9 @@ 2760120840,2760120843,PT 2760120844,2760121663,FR 2760121664,2760121727,ES -2760121728,2760129999,FR +2760121728,2760121827,FR +2760121828,2760121831,ES +2760121832,2760129999,FR 2760130000,2760130015,ES 2760130016,2760130399,FR 2760130400,2760130431,ES @@ -64035,7 +64476,9 @@ 2760150263,2760150263,PL 2760150264,2760150871,FR 2760150872,2760150872,DE -2760150873,2760151208,FR +2760150873,2760151039,FR +2760151040,2760151055,GB +2760151056,2760151208,FR 2760151209,2760151209,CZ 2760151210,2760151335,FR 2760151336,2760151339,GB @@ -64066,7 +64509,9 @@ 2760162682,2760162682,PL 2760162683,2760163135,FR 2760163136,2760163199,ES -2760163200,2760167583,FR +2760163200,2760166682,FR +2760166683,2760166683,DE +2760166684,2760167583,FR 2760167584,2760167599,ES 2760167600,2760167647,FR 2760167648,2760167679,GB @@ -64207,6 +64652,7 @@ 2769158144,2769223679,JP 2769289216,2769321983,LY 2769321984,2769338367,ZA +2769338368,2769340415,TZ 2769340416,2769342463,ZA 2769342464,2769346559,BF 2769346560,2769354751,ZA @@ -64526,7 +64972,8 @@ 2807587328,2807587583,QA 2807587584,2807587839,IN 2807587840,2807588095,AE -2807588096,2807588351,ES +2807588096,2807588223,US +2807588224,2807588351,ES 2807588352,2807588863,CN 2807588864,2807589119,JP 2807589120,2807589375,RO @@ -65251,7 +65698,9 @@ 2838299440,2838299455,US 2838299456,2838299695,NL 2838299696,2838299775,US -2838299776,2838300671,NL +2838299776,2838300367,NL +2838300368,2838300383,US +2838300384,2838300671,NL 2838300672,2838300927,US 2838300928,2838301119,NL 2838301120,2838301183,US @@ -65267,7 +65716,9 @@ 2838304448,2838304511,US 2838304512,2838304703,NL 2838304704,2838304767,US -2838304768,2838307055,NL +2838304768,2838305119,NL +2838305120,2838305151,US +2838305152,2838307055,NL 2838307056,2838307063,US 2838307064,2838307135,NL 2838307136,2838307167,US @@ -65301,7 +65752,9 @@ 2838317902,2838317903,US 2838317904,2838318511,NL 2838318512,2838318527,US -2838318528,2838319135,NL +2838318528,2838318655,NL +2838318656,2838318687,US +2838318688,2838319135,NL 2838319136,2838319167,US 2838319168,2838320191,NL 2838320192,2838320192,US @@ -65357,7 +65810,9 @@ 2838334336,2838334351,US 2838334352,2838337279,NL 2838337280,2838337295,US -2838337296,2838337759,NL +2838337296,2838337375,NL +2838337376,2838337407,US +2838337408,2838337759,NL 2838337760,2838337761,IN 2838337762,2838337763,US 2838337764,2838338271,NL @@ -65389,7 +65844,9 @@ 2838341952,2838341967,US 2838341968,2838343071,NL 2838343072,2838343103,US -2838343104,2838344451,NL +2838343104,2838343711,NL +2838343712,2838343743,US +2838343744,2838344451,NL 2838344452,2838344455,US 2838344456,2838344457,NL 2838344458,2838344459,US @@ -65405,9 +65862,7 @@ 2838345744,2838345751,US 2838345752,2838346015,NL 2838346016,2838346047,US -2838346048,2838346239,NL -2838346240,2838346271,US -2838346272,2838346559,NL +2838346048,2838346559,NL 2838346560,2838346591,US 2838346592,2838346623,NL 2838346624,2838346655,US @@ -65507,7 +65962,9 @@ 2838405184,2838405215,US 2838405216,2838405767,NL 2838405768,2838405775,US -2838405776,2838406087,NL +2838405776,2838405855,NL +2838405856,2838405887,US +2838405888,2838406087,NL 2838406088,2838406095,US 2838406096,2838406271,NL 2838406272,2838406279,US @@ -65537,7 +65994,13 @@ 2838413312,2838415359,US 2838415360,2838415391,NL 2838415392,2838415423,US -2838415424,2838429983,NL +2838415424,2838415655,NL +2838415656,2838415663,US +2838415664,2838415839,NL +2838415840,2838415871,US +2838415872,2838416479,NL +2838416480,2838416511,US +2838416512,2838429983,NL 2838429984,2838430015,US 2838430016,2838431039,NL 2838431040,2838431135,US @@ -65579,7 +66042,19 @@ 2838441536,2838441567,US 2838441568,2838441695,NL 2838441696,2838441711,US -2838441712,2838560767,NL +2838441712,2838442767,NL +2838442768,2838442783,US +2838442784,2838443135,NL +2838443136,2838443167,US +2838443168,2838443295,NL +2838443296,2838443303,US +2838443304,2838443679,NL +2838443680,2838443711,US +2838443712,2838444095,NL +2838444096,2838444159,US +2838444160,2838444223,NL +2838444224,2838444255,US +2838444256,2838560767,NL 2838560768,2838626303,CH 2838626304,2838626399,US 2838626400,2838626431,SA @@ -65599,13 +66074,17 @@ 2838632096,2838632127,DE 2838632128,2838633295,US 2838633296,2838633311,SA -2838633312,2838643407,US +2838633312,2838642719,US +2838642720,2838642723,AE +2838642724,2838643407,US 2838643408,2838643408,GB 2838643409,2838643487,US 2838643488,2838643519,HK 2838643520,2838643696,US 2838643697,2838643697,GB -2838643698,2838645839,US +2838643698,2838644943,US +2838644944,2838644951,AE +2838644952,2838645839,US 2838645840,2838645855,GB 2838645856,2838646207,US 2838646208,2838646239,GB @@ -65613,17 +66092,15 @@ 2838646736,2838646751,CN 2838646752,2838646863,US 2838646864,2838646879,CN -2838646880,2838649167,US -2838649168,2838649183,GB -2838649184,2838649391,US -2838649392,2838649399,GB -2838649400,2838650527,US +2838646880,2838647103,US +2838647104,2838647111,AE +2838647112,2838650527,US 2838650528,2838650559,GB 2838650560,2838653631,US 2838653632,2838653639,GB -2838653640,2838655527,US -2838655528,2838655535,GB -2838655536,2838658607,US +2838653640,2838657295,US +2838657296,2838657299,AE +2838657300,2838658607,US 2838658608,2838658623,NL 2838658624,2838659007,US 2838659008,2838659023,GB @@ -65641,9 +66118,9 @@ 2838664728,2838664735,ZA 2838664736,2838665759,US 2838665760,2838665791,JP -2838665792,2838667103,US -2838667104,2838667135,NL -2838667136,2838708223,US +2838665792,2838669519,US +2838669520,2838669535,NL +2838669536,2838708223,US 2838708224,2838724607,NO 2838724608,2838757375,US 2838757376,2838822911,CH @@ -65695,7 +66172,9 @@ 2838931668,2838931671,CZ 2838931672,2838933919,US 2838933920,2838933951,NL -2838933952,2838938991,US +2838933952,2838937733,US +2838937734,2838937735,IN +2838937736,2838938991,US 2838938992,2838939007,AU 2838939008,2838946735,US 2838946736,2838946751,CA @@ -65764,8 +66243,7 @@ 2848212992,2848215039,GB 2848215040,2848244735,US 2848244736,2848245759,GB -2848245760,2848276479,US -2848325632,2848522239,US +2848245760,2848522239,US 2848587776,2848653311,ZA 2848653312,2848980991,US 2848980992,2850029567,KR @@ -65979,7 +66457,9 @@ 2857335808,2857336831,MX 2857336832,2857340927,BR 2857340928,2857341951,DO -2857341952,2857350143,BR +2857341952,2857348351,BR +2857348352,2857348607,US +2857348608,2857350143,BR 2857350144,2857351167,AR 2857351168,2857363455,BR 2857363456,2857364479,CL @@ -65992,31 +66472,84 @@ 2857374720,2857375743,GT 2857375744,2857376767,AR 2857376768,2857377791,MX -2857377792,2857387007,BR +2857377792,2857388031,BR 2857388032,2857389055,CL -2857389056,2857390079,BR +2857389056,2857392127,BR 2857392128,2857393151,CR 2857393152,2857394175,CL -2857394176,2857399295,BR +2857394176,2857395199,CO +2857395200,2857397247,BR +2857397248,2857398271,AR +2857398272,2857399295,BR 2857399296,2857400319,AR -2857400320,2857402367,BR -2857403392,2857404415,BR +2857400320,2857404415,BR 2857404416,2857405439,AR 2857405440,2857406463,HN -2857406464,2857411583,BR +2857406464,2857412607,BR 2857412608,2857414655,AR 2857414656,2857420799,BR 2857420800,2857421823,AR -2857421824,2857437183,BR +2857421824,2857427967,BR +2857427968,2857428991,AR +2857428992,2857431039,BR +2857431040,2857432063,MX +2857432064,2857433087,BR +2857433088,2857434111,HT +2857434112,2857437183,BR 2857437184,2857438207,DO -2857440256,2857441279,BR +2857438208,2857441279,BR 2857441280,2857442303,CO 2857443328,2857444351,CR -2857444352,2857445375,BR -2857446400,2857447423,BR +2857444352,2857448447,BR 2857448448,2857449471,HN -2857451520,2857459711,BR +2857449472,2857466879,BR 2857466880,2857467903,HN +2857467904,2857470719,BR +2857470720,2857470975,AR +2857470976,2857471999,MX +2857472000,2857473023,VE +2857473024,2857485311,BR +2857485312,2857486335,HN +2857486336,2857489407,BR +2857489408,2857490431,AR +2857490432,2857493503,BR +2857493504,2857494527,AR +2857494528,2857496575,BR +2857496576,2857497599,PE +2857497600,2857499647,BR +2857499648,2857500671,CO +2857500672,2857501695,HN +2857501696,2857506815,BR +2857506816,2857507839,DO +2857507840,2857509887,BR +2857509888,2857510911,HN +2857510912,2857511423,CO +2857511424,2857511679,BR +2857511936,2857525247,BR +2857525248,2857526271,PE +2857526272,2857529343,BR +2857529344,2857530367,EC +2857533440,2857534463,CL +2857534464,2857537535,BR +2857537536,2857538559,PY +2857538560,2857539583,BR +2857540608,2857541631,EC +2857544704,2857545727,BR +2857546752,2857547775,BR +2857548800,2857549823,CL +2857549824,2857553919,BR +2857553920,2857554943,TT +2857555968,2857556991,TT +2857556992,2857558015,BR +2857558016,2857559039,CL +2857561088,2857562111,BR +2857563904,2857564159,PA +2857564160,2857565183,BR +2857567232,2857568255,AR +2857568256,2857569279,CR +2857572352,2857574399,BR +2857574400,2857575423,AR +2857575424,2857576447,BR 2857631744,2857633791,BR 2857633792,2857634815,TT 2857634816,2857643007,BR @@ -66167,6 +66700,8 @@ 2867728384,2867729407,PY 2867729408,2867730431,AR 2867730432,2867731455,CL +2867731456,2867732479,BR +2867732480,2867733503,CL 2867733504,2867734527,BR 2867734528,2867735551,AR 2867735552,2867740671,BR @@ -66184,13 +66719,14 @@ 2867776512,2867777535,AR 2867777536,2867780607,BR 2867780608,2867781631,MX +2867781888,2867782143,BR 2867782144,2867782655,CO 2867782656,2867784703,BR 2867784704,2867785727,CO 2867785728,2867787775,AR 2867787776,2867788799,BR 2867788800,2867789823,MX -2867789824,2867791871,BR +2867789824,2867792895,BR 2867792896,2867793919,HT 2867793920,2867796991,BR 2867796992,2867799039,AR @@ -66205,7 +66741,7 @@ 2867812352,2867813375,AR 2867813376,2867815423,BR 2867815424,2867816447,PE -2867816448,2867819519,BR +2867816448,2867820543,BR 2867820544,2867821567,BO 2867821568,2867822591,BR 2867822592,2867823615,AR @@ -66221,8 +66757,7 @@ 2867837952,2867838975,CL 2867838976,2867842047,BR 2867842048,2867843071,EC -2867843072,2867848191,BR -2867849216,2867850239,BR +2867843072,2867850239,BR 2867850240,2867851263,SV 2867851264,2867852287,BR 2867852288,2867853311,AR @@ -66413,8 +66948,7 @@ 2868829184,2868831231,BR 2868831232,2868832255,CO 2868832256,2868833279,PE -2868833280,2868834303,UY -2868834304,2868838399,BR +2868833280,2868838399,BR 2868838400,2868903935,BE 2868903936,2869035007,SG 2869035008,2869166079,JP @@ -66508,17 +67042,7 @@ 2882469888,2882535423,SG 2882535424,2883583999,CN 2883584000,2885681151,VN -2885681152,2886667007,US -2886667008,2886667136,DE -2886667137,2886667137,US -2886667138,2886667195,DE -2886667196,2886667196,US -2886667197,2886667240,DE -2886667241,2886667241,US -2886667242,2886667257,DE -2886667258,2886667258,US -2886667259,2886667263,DE -2886667264,2886729727,US +2885681152,2886729727,US 2887778304,2890137599,US 2890137600,2890138623,AU 2890138624,2890139647,TH @@ -66537,7 +67061,9 @@ 2890164224,2890165247,TH 2890165248,2890167295,US 2890167296,2890168319,AU -2890168320,2890956799,US +2890168320,2890174463,US +2890174464,2890174719,SG +2890174720,2890956799,US 2890956800,2890989567,AE 2890989568,2891017215,US 2891017216,2891017471,JP @@ -66566,20 +67092,23 @@ 2891807488,2891807743,US 2891807744,2891808767,CA 2891808768,2891841535,US -2891841536,2891842303,SE +2891841536,2891841791,SE +2891841792,2891842303,US 2891842304,2891843327,GB -2891843328,2891843839,SE -2891843840,2891844095,GB -2891844096,2891845119,FR -2891845120,2891846399,DE -2891846400,2891846911,CH -2891846912,2891847679,NL -2891847680,2891847935,SG -2891847936,2891848447,MY +2891843328,2891844095,US +2891844096,2891844351,FR +2891844352,2891845119,US +2891845120,2891845631,DE +2891845632,2891845887,US +2891845888,2891846399,DE +2891846400,2891846655,CH +2891846656,2891846911,US +2891846912,2891847167,NL +2891847168,2891848447,US 2891848448,2891848959,JP -2891848960,2891849471,BN -2891849472,2891849983,PH -2891849984,2891850495,TH +2891848960,2891849215,BN +2891849216,2891850239,US +2891850240,2891850495,TH 2891850496,2891850751,SG 2891850752,2891853567,US 2891853568,2891853823,SG @@ -66593,7 +67122,8 @@ 2891858432,2891858687,CA 2891858688,2891862527,US 2891862528,2891863039,KR -2891863040,2891863551,AU +2891863040,2891863295,FR +2891863296,2891863551,AU 2891863552,2891864063,JP 2891864064,2891864575,SG 2891864576,2891865087,US @@ -66603,7 +67133,9 @@ 2891865856,2891866111,US 2891866112,2891867647,AU 2891867648,2891867903,US -2891867904,2891868927,AU +2891867904,2891868159,AU +2891868160,2891868671,IT +2891868672,2891868927,AU 2891868928,2891869439,US 2891869440,2891869695,AT 2891869696,2891869951,US @@ -66643,8 +67175,8 @@ 2892068864,2892069887,CA 2892069888,2892070911,US 2892070912,2892103679,CA -2892103680,2892120831,US -2892120832,2892121087,CA +2892103680,2892120575,US +2892120576,2892121087,CA 2892121088,2892122367,US 2892122368,2892122623,CA 2892122624,2892140543,US @@ -66671,9 +67203,14 @@ 2892399104,2892399231,TG 2892399232,2892399615,US 2892399616,2892399743,FJ -2892399744,2892401023,US +2892399744,2892399871,US +2892399872,2892399999,CW +2892400000,2892401023,US 2892401024,2892401151,ER -2892401152,2892401919,US +2892401152,2892401279,NR +2892401280,2892401407,US +2892401408,2892401535,MR +2892401536,2892401919,US 2892401920,2892402047,MF 2892402048,2892402175,US 2892402176,2892402303,MP @@ -66736,20 +67273,19 @@ 2892994816,2892995327,GB 2892995328,2892995839,AU 2892995840,2892996095,GB -2892996096,2892996351,KW -2892996352,2892996607,US +2892996096,2892996607,US 2892996608,2892996863,CA 2892996864,2892997119,AU 2892997120,2892997375,CA 2892997376,2892997631,BG 2892997632,2892997887,AU 2892997888,2892998143,JP -2892998144,2892998655,GB +2892998144,2892998399,US +2892998400,2892998655,GB 2892998656,2892998911,HK 2892998912,2892999167,MX 2892999168,2892999423,CR -2892999424,2892999551,TW -2892999552,2892999935,US +2892999424,2892999935,US 2892999936,2893000191,IT 2893000192,2893000447,JP 2893000448,2893000959,HK @@ -66776,9 +67312,10 @@ 2893007104,2893007359,US 2893007360,2893007615,IE 2893007616,2893007871,DE -2893007872,2893009151,US -2893009152,2893009407,AM -2893009408,2893009663,US +2893007872,2893008639,GB +2893008640,2893008895,US +2893008896,2893009151,GB +2893009152,2893009663,US 2893009664,2893010175,GB 2893010176,2893010431,US 2893010432,2893010687,DE @@ -66795,7 +67332,18 @@ 2893015296,2893015551,BS 2893015552,2893016575,US 2893016576,2893016831,SE -2893016832,2893676543,US +2893016832,2893017343,CA +2893017344,2893017599,SG +2893017600,2893017855,DE +2893017856,2893018111,FR +2893018112,2893018623,BE +2893018624,2893019135,SE +2893019136,2893019647,AU +2893019648,2893019903,DE +2893019904,2893020159,SG +2893020160,2893020415,NL +2893020416,2893020671,AT +2893020672,2893676543,US 2893676544,2893807615,JP 2893807616,2894921727,US 2894921728,2895118335,GB @@ -66833,7 +67381,15 @@ 2899968000,2900099071,CA 2900099072,2901740455,US 2901740456,2901740463,CA -2901740464,2902405119,US +2901740464,2902200319,US +2902200320,2902204415,CN +2902204416,2902208511,US +2902208512,2902212607,CN +2902212608,2902228991,US +2902228992,2902245375,CN +2902245376,2902246143,US +2902246144,2902246399,CN +2902246400,2902405119,US 2902405120,2902405935,CA 2902405936,2902405951,US 2902405952,2902408191,CA @@ -66907,8 +67463,8 @@ 2915520512,2915520642,AU 2915520643,2915520643,US 2915520644,2915520671,AU -2915520672,2915520703,US -2915520704,2915521023,AU +2915520672,2915520735,US +2915520736,2915521023,AU 2915521024,2915521279,JP 2915521280,2915521535,PL 2915521536,2915526911,US @@ -66932,8 +67488,8 @@ 2915528928,2915528943,NL 2915528944,2915528959,US 2915528960,2915529023,NL -2915529024,2915529183,US -2915529184,2915529215,NL +2915529024,2915529151,US +2915529152,2915529215,NL 2915529216,2915795013,US 2915795014,2915795014,MX 2915795015,2915894575,US @@ -67506,7 +68062,9 @@ 2954824288,2954824319,ES 2954824320,2954824415,FR 2954824416,2954824431,GB -2954824432,2954824639,FR +2954824432,2954824511,FR +2954824512,2954824527,FI +2954824528,2954824639,FR 2954824640,2954824655,GB 2954824656,2954824687,FR 2954824688,2954824703,FI @@ -67789,7 +68347,9 @@ 2954855528,2954855535,ES 2954855536,2954855663,FR 2954855664,2954855679,PT -2954855680,2954855879,FR +2954855680,2954855807,FR +2954855808,2954855871,DE +2954855872,2954855879,FR 2954855880,2954855887,ES 2954855888,2954856179,FR 2954856180,2954856183,ES @@ -67863,7 +68423,9 @@ 2954870844,2954870847,ES 2954870848,2954870903,FR 2954870904,2954870907,ES -2954870908,2954871807,FR +2954870908,2954871679,FR +2954871680,2954871695,FI +2954871696,2954871807,FR 2954871808,2954871823,ES 2954871824,2954871955,FR 2954871956,2954871959,PT @@ -67933,7 +68495,9 @@ 2954877968,2954877983,PT 2954877984,2954878143,FR 2954878144,2954878207,ES -2954878208,2954878607,FR +2954878208,2954878471,FR +2954878472,2954878475,GB +2954878476,2954878607,FR 2954878608,2954878623,FI 2954878624,2954878695,FR 2954878696,2954878703,IE @@ -68057,8 +68621,6 @@ 2956607488,2956611583,PS 2956611584,2956613631,IT 2956613632,2956614911,GB -2956614912,2956615167,NL -2956615168,2956615423,FR 2956615680,2956623871,GB 2956623872,2956656639,GR 2956656640,2956722175,RU @@ -68395,7 +68957,8 @@ 2960351232,2960353279,UA 2960353280,2960369663,RU 2960369664,2960371711,IT -2960371712,2960383999,RU +2960371712,2960375807,US +2960375808,2960383999,RU 2960384000,2960388095,RO 2960388096,2960392191,PL 2960392192,2960400383,RU @@ -68428,7 +68991,9 @@ 2960506880,2960523263,RU 2960523264,2960525311,LT 2960525312,2960527359,RU -2960527360,2960531455,LT +2960527360,2960529407,LT +2960529408,2960530431,RU +2960530432,2960531455,LT 2960533504,2960537599,UA 2960537600,2960539647,RO 2960539648,2960543743,RU @@ -68660,9 +69225,7 @@ 2967446784,2967447039,DE 2967447040,2967451647,RO 2967451648,2967452671,KZ -2967452672,2967453183,RO -2967453184,2967453439,NL -2967453440,2967453695,RO +2967452672,2967453695,RO 2967468032,2967470079,US 2967470080,2967601151,SA 2967601152,2967633919,HU @@ -68729,7 +69292,11 @@ 2984939520,2984951807,BR 2984951808,2984968191,EC 2984968192,2985033727,BR -2985033728,2985951231,MX +2985033728,2985639935,MX +2985639936,2985644031,US +2985644032,2985799679,MX +2985799680,2985803775,US +2985803776,2985951231,MX 2985951232,2986082303,PY 2986082304,2986344447,CO 2986344448,2987393023,DE @@ -68963,7 +69530,9 @@ 2988444116,2988444119,IT 2988444120,2988444208,FR 2988444209,2988444209,FI -2988444210,2988444671,FR +2988444210,2988444231,FR +2988444232,2988444239,FI +2988444240,2988444671,FR 2988444672,2988444679,ES 2988444680,2988444719,FR 2988444720,2988444735,ES @@ -69018,7 +69587,9 @@ 2988459536,2988459539,ES 2988459540,2988459599,FR 2988459600,2988459603,GB -2988459604,2988459647,FR +2988459604,2988459619,FR +2988459620,2988459623,GB +2988459624,2988459647,FR 2988459648,2988459679,GB 2988459680,2988459687,FR 2988459688,2988459691,PL @@ -69085,7 +69656,9 @@ 2988464624,2988464627,ES 2988464628,2988464787,FR 2988464788,2988464791,ES -2988464792,2988465215,FR +2988464792,2988465191,FR +2988465192,2988465195,PL +2988465196,2988465215,FR 2988465216,2988465219,ES 2988465220,2988465551,FR 2988465552,2988465563,ES @@ -69125,7 +69698,9 @@ 2988480064,2988480095,ES 2988480096,2988480207,FR 2988480208,2988480223,ES -2988480224,2988480927,FR +2988480224,2988480799,FR +2988480800,2988480803,GB +2988480804,2988480927,FR 2988480928,2988480959,ES 2988480960,2988481059,FR 2988481060,2988481063,FI @@ -69170,7 +69745,9 @@ 2988483376,2988483379,GB 2988483380,2988483595,FR 2988483596,2988483599,FI -2988483600,2988484047,FR +2988483600,2988483967,FR +2988483968,2988483983,GB +2988483984,2988484047,FR 2988484048,2988484051,ES 2988484052,2988484127,FR 2988484128,2988484131,PT @@ -69299,9 +69876,13 @@ 2988500520,2988500523,ES 2988500524,2988500855,FR 2988500856,2988500859,ES -2988500860,2988501683,FR +2988500860,2988500939,FR +2988500940,2988500943,ES +2988500944,2988501683,FR 2988501684,2988501687,GB -2988501688,2988502051,FR +2988501688,2988502031,FR +2988502032,2988502035,IE +2988502036,2988502051,FR 2988502052,2988502055,PL 2988502056,2988502263,FR 2988502264,2988502267,ES @@ -69402,7 +69983,9 @@ 2988510248,2988510251,FI 2988510252,2988510311,FR 2988510312,2988510319,GB -2988510320,2988511747,FR +2988510320,2988511023,FR +2988511024,2988511027,GB +2988511028,2988511747,FR 2988511748,2988511751,GB 2988511752,2988511955,FR 2988511956,2988511959,ES @@ -69505,7 +70088,9 @@ 2988527188,2988527191,ES 2988527192,2988527487,FR 2988527488,2988527503,GB -2988527504,2988527591,FR +2988527504,2988527547,FR +2988527548,2988527551,IE +2988527552,2988527591,FR 2988527592,2988527595,IE 2988527596,2988527723,FR 2988527724,2988527727,ES @@ -69547,7 +70132,9 @@ 2988530400,2988530403,ES 2988530404,2988530423,FR 2988530424,2988530431,ES -2988530432,2988531023,FR +2988530432,2988530703,FR +2988530704,2988530719,PT +2988530720,2988531023,FR 2988531024,2988531027,ES 2988531028,2988531179,FR 2988531180,2988531183,GB @@ -69597,7 +70184,9 @@ 2988542272,2988542335,ES 2988542336,2988542339,FR 2988542340,2988542340,PT -2988542341,2988543179,FR +2988542341,2988542519,FR +2988542520,2988542523,GB +2988542524,2988543179,FR 2988543180,2988543183,ES 2988543184,2988543199,FR 2988543200,2988543203,GB @@ -69791,7 +70380,9 @@ 2988557540,2988557543,ES 2988557544,2988557631,FR 2988557632,2988557635,GB -2988557636,2988558731,FR +2988557636,2988558203,FR +2988558204,2988558207,DE +2988558208,2988558731,FR 2988558732,2988558735,PT 2988558736,2988558803,FR 2988558804,2988558807,ES @@ -69829,7 +70420,9 @@ 2988561684,2988561687,ES 2988561688,2988561763,FR 2988561764,2988561767,IT -2988561768,2988562495,FR +2988561768,2988561939,FR +2988561940,2988561943,FI +2988561944,2988562495,FR 2988562496,2988562527,FI 2988562528,2988562595,FR 2988562596,2988562599,GB @@ -71183,7 +71776,8 @@ 3025603104,3025603215,HK 3025603216,3025603231,CN 3025603232,3025603247,HK -3025603248,3025603327,IN +3025603248,3025603251,CN +3025603252,3025603327,IN 3025603328,3025603335,GU 3025603336,3025603583,IN 3025603584,3025603839,SG @@ -71264,8 +71858,8 @@ 3025625916,3025625919,IN 3025625920,3025625927,KR 3025625928,3025625935,IN -3025625936,3025625983,SG -3025625984,3025626111,IN +3025625936,3025626015,SG +3025626016,3025626111,IN 3025626112,3025626623,SG 3025626624,3025629439,IN 3025629440,3025629567,HK @@ -71327,7 +71921,9 @@ 3025639840,3025639871,HK 3025639872,3025639887,CN 3025639888,3025639903,HK -3025639904,3025639967,IN +3025639904,3025639943,IN +3025639944,3025639951,JP +3025639952,3025639967,IN 3025639968,3025639999,SG 3025640000,3025640191,IN 3025640192,3025640447,JP @@ -72218,9 +72814,7 @@ 3056772096,3056773119,JP 3056773120,3056774143,WS 3056774144,3056775167,JP -3056775168,3056778751,NO -3056778752,3056779007,AU -3056779008,3056779263,NO +3056775168,3056779263,NO 3056779264,3056791551,JP 3056791552,3056795647,ID 3056795648,3056861183,CN @@ -72805,8 +73399,7 @@ 3104010240,3104011263,PL 3104011264,3104012287,ES 3104012288,3104012799,BH -3104012800,3104013055,SA -3104013056,3104013311,BH +3104012800,3104013311,SA 3104013312,3104014335,IR 3104014336,3104015359,FR 3104015360,3104016383,SE @@ -73279,7 +73872,9 @@ 3104497664,3104498687,CH 3104498688,3104499119,NL 3104499120,3104499127,IT -3104499128,3104500735,NL +3104499128,3104499503,NL +3104499504,3104499511,IT +3104499512,3104500735,NL 3104500736,3104501759,CZ 3104501760,3104502783,LY 3104502784,3104503807,DE @@ -73610,8 +74205,7 @@ 3104835584,3104836607,RU 3104836608,3104837631,BA 3104837632,3104838655,DK -3104838656,3104839423,NL -3104839424,3104839679,GB +3104838656,3104839679,NL 3104839680,3104840703,IQ 3104840704,3104841727,UA 3104841728,3104843775,PL @@ -73997,7 +74591,6 @@ 3105224704,3105225727,IT 3105225728,3105226751,AM 3105226752,3105227775,RO -3105227776,3105228799,NL 3105228800,3105229823,PL 3105229824,3105230847,NL 3105230848,3105231871,UA @@ -74361,6 +74954,7 @@ 3105588224,3105589247,GB 3105589248,3105590271,ES 3105590272,3105591295,NL +3105591296,3105592319,GB 3105592320,3105593343,RU 3105593344,3105595391,DE 3105595392,3105596415,RU @@ -74694,7 +75288,9 @@ 3105932288,3105933311,SE 3105933312,3105933351,GB 3105933352,3105933359,IT -3105933360,3105933863,GB +3105933360,3105933847,GB +3105933848,3105933855,IT +3105933856,3105933863,GB 3105933864,3105933871,IT 3105933872,3105934215,GB 3105934216,3105934223,IT @@ -75073,7 +75669,7 @@ 3106280448,3106281471,FR 3106281472,3106282495,DK 3106282496,3106283519,LB -3106284544,3106285567,GB +3106283520,3106285567,GB 3106285568,3106286591,DE 3106286592,3106287615,GB 3106287616,3106289663,DE @@ -75248,6 +75844,7 @@ 3106449408,3106450431,AT 3106450432,3106451455,DE 3106451456,3106452479,AZ +3106452480,3106453503,NL 3106453504,3106454527,SE 3106454528,3106455551,ME 3106455552,3106456575,PS @@ -75260,10 +75857,7 @@ 3106462720,3106463743,IT 3106463744,3106464767,IR 3106464768,3106465791,PL -3106465792,3106466047,FR 3106466048,3106466303,NL -3106466304,3106466559,DE -3106466560,3106466815,RO 3106466816,3106467839,EE 3106467840,3106468863,IR 3106468864,3106470911,DE @@ -75349,6 +75943,7 @@ 3106532352,3106533375,BE 3106533376,3106534399,NO 3106534400,3106535423,ES +3106535424,3106536447,UA 3106536448,3106537471,IT 3106537472,3106538495,GB 3106538496,3106539519,SK @@ -75884,8 +76479,7 @@ 3107079168,3107080191,TR 3107080192,3107082239,FR 3107082240,3107083263,RU -3107083264,3107083267,LU -3107083268,3107084287,BE +3107083264,3107084287,LU 3107084288,3107085311,FI 3107085312,3107086335,NL 3107086336,3107087359,EE @@ -76028,9 +76622,7 @@ 3107220480,3107221503,GB 3107221504,3107222527,IT 3107222528,3107223551,IQ -3107223552,3107224063,AT -3107224064,3107224319,DE -3107224320,3107224575,AT +3107223552,3107224575,AT 3107224576,3107225599,FR 3107225600,3107226623,AZ 3107226624,3107227647,RU @@ -76094,7 +76686,6 @@ 3107291136,3107292159,NL 3107292160,3107293183,PL 3107293184,3107294207,FR -3107294208,3107295231,DE 3107295232,3107296255,PL 3107296256,3107297279,IT 3107297280,3107298303,PL @@ -76641,6 +77232,7 @@ 3107842048,3107843071,FI 3107843072,3107844095,SE 3107844096,3107845119,CY +3107845120,3107846143,RU 3107847168,3107848191,RU 3107848192,3107849215,IT 3107849216,3107850239,BE @@ -76793,8 +77385,7 @@ 3108001792,3108002815,GB 3108002816,3108003839,RO 3108003840,3108004863,DE -3108004864,3108005375,RU -3108005376,3108005887,GB +3108004864,3108005887,GB 3108005888,3108006911,LT 3108006912,3108007935,NL 3108007936,3108008959,DE @@ -76924,6 +77515,7 @@ 3108136960,3108137215,NL 3108137216,3108137471,LU 3108137472,3108137983,NL +3108137984,3108139007,RO 3108139008,3108141055,GB 3108141056,3108142079,PL 3108142080,3108143103,TR @@ -77359,7 +77951,8 @@ 3108592640,3108593663,NL 3108593664,3108594687,ES 3108594688,3108597759,CZ -3108597760,3108598271,IR +3108597760,3108598015,NL +3108598016,3108598271,IR 3108598272,3108598527,GB 3108598528,3108598783,IR 3108598784,3108600831,CH @@ -77454,7 +78047,8 @@ 3108711424,3108712447,RU 3108712448,3108713471,BG 3108713472,3108714495,RO -3108714496,3108715519,RS +3108714496,3108714751,XK +3108714752,3108715519,RS 3108715520,3108716543,GB 3108716544,3108717567,RU 3108717568,3108718591,FR @@ -77506,7 +78100,10 @@ 3108764672,3108765695,NL 3108765696,3108766719,FR 3108766720,3108767743,PT -3108767744,3108768767,CZ +3108767744,3108767999,CZ +3108768000,3108768255,SE +3108768256,3108768511,NL +3108768512,3108768767,CZ 3108768768,3108769791,UA 3108769792,3108770815,NL 3108770816,3108772863,FR @@ -77680,7 +78277,7 @@ 3108938752,3108940799,GB 3108940800,3108941823,SE 3108941824,3108942847,DE -3108942848,3108943871,FR +3108942848,3108943871,BE 3108943872,3108944895,DE 3108944896,3108945919,CH 3108945920,3108946943,GB @@ -77821,9 +78418,7 @@ 3109082112,3109083135,PL 3109083136,3109084159,SE 3109084160,3109085183,NL -3109085184,3109085439,AL -3109085440,3109085695,BG -3109085696,3109086207,AL +3109085184,3109086207,AL 3109086208,3109087231,RU 3109087232,3109088255,NL 3109088256,3109089279,LV @@ -77953,7 +78548,8 @@ 3109187584,3109188607,IT 3109188608,3109189631,SA 3109189632,3109190655,AT -3109190656,3109191679,NL +3109190656,3109190911,SE +3109190912,3109191679,NL 3109191680,3109192703,CH 3109192704,3109193727,IT 3109193728,3109194751,IR @@ -78036,7 +78632,8 @@ 3109280768,3109281791,IL 3109281792,3109282815,HU 3109282816,3109283839,DE -3109283840,3109284863,IE +3109283840,3109284095,PL +3109284096,3109284863,IE 3109284864,3109285887,FR 3109285888,3109286911,RU 3109286912,3109287935,TR @@ -78145,6 +78742,7 @@ 3109393408,3109394431,SI 3109394432,3109395455,AL 3109395456,3109396479,SE +3109396480,3109397503,RU 3109397504,3109398527,CZ 3109398528,3109399551,CH 3109399552,3109400575,BE @@ -78242,7 +78840,9 @@ 3109492736,3109493759,TR 3109493760,3109494783,IT 3109494784,3109495807,GB -3109495808,3109498879,AD +3109495808,3109497335,AD +3109497336,3109497336,ES +3109497337,3109498879,AD 3109498880,3109499903,RU 3109499904,3109500927,NO 3109500928,3109502975,GB @@ -78266,7 +78866,6 @@ 3109521408,3109522431,PL 3109522432,3109523455,CZ 3109523456,3109524479,PL -3109524480,3109525503,GB 3109525504,3109527551,NL 3109527552,3109528575,IL 3109528576,3109529599,SE @@ -78375,7 +78974,6 @@ 3109639168,3109640191,LB 3109640192,3109641215,IQ 3109641216,3109642239,NO -3109642240,3109643263,US 3109643264,3109643391,DE 3109643520,3109643775,RU 3109643776,3109644031,UA @@ -78410,10 +79008,10 @@ 3109673216,3109673439,NL 3109673451,3109673451,NO 3109673456,3109673471,NL -3109673472,3109673695,SG +3109673472,3109673695,GB 3109673704,3109673704,IN -3109673728,3109673951,HK -3109673968,3109673983,HK +3109673728,3109673951,AU +3109673968,3109673983,AU 3109673984,3109675007,FR 3109675008,3109677055,DE 3109677056,3109678079,BE @@ -79226,7 +79824,7 @@ 3110458368,3110459391,IT 3110459392,3110459903,IL 3110459904,3110460159,US -3110460160,3110460415,IL +3110460160,3110460415,IT 3110460416,3110461439,CZ 3110461440,3110462463,GB 3110462464,3110463487,IR @@ -79256,6 +79854,7 @@ 3110489088,3110490111,CZ 3110490112,3110491135,FR 3110491136,3110492159,GB +3110492160,3110493183,RO 3110493184,3110494207,DE 3110494208,3110495231,CZ 3110495232,3110496255,SE @@ -79283,7 +79882,9 @@ 3110518784,3110521855,GB 3110521856,3110523903,ES 3110523904,3110524927,SE -3110524928,3110525951,US +3110524928,3110525439,US +3110525440,3110525695,NL +3110525696,3110525951,DE 3110525952,3110526975,GB 3110526976,3110527999,DE 3110528000,3110529023,AT @@ -79421,14 +80022,14 @@ 3110663168,3110664191,LB 3110664192,3110665215,RU 3110665216,3110666239,LB -3110666240,3110667263,DK 3110667264,3110668287,RO 3110668288,3110669311,PL 3110669312,3110671359,ES 3110671360,3110672383,AT 3110672384,3110673407,ES 3110673408,3110674431,FR -3110674432,3110676479,RO +3110674432,3110675455,GB +3110675456,3110676479,RO 3110676480,3110677503,DE 3110677504,3110679551,RU 3110679552,3110680575,BE @@ -79462,6 +80063,7 @@ 3110709248,3110710271,RU 3110710272,3110711295,CY 3110711296,3110712319,IL +3110712320,3110713343,DK 3110713344,3110714367,IR 3110714368,3110715391,RO 3110715392,3110716415,NL @@ -79523,6 +80125,7 @@ 3110771712,3110772735,KZ 3110772736,3110773759,AT 3110773760,3110774783,DE +3110774784,3110775807,PL 3110775808,3110776831,RU 3110776832,3110777855,GB 3110777856,3110778879,SE @@ -79607,7 +80210,6 @@ 3110872064,3110873087,MD 3110873088,3110874111,IE 3110874112,3110875135,GB -3110875136,3110876159,PL 3110876160,3110878207,GB 3110878208,3110879231,CZ 3110879232,3110880255,LV @@ -79785,12 +80387,13 @@ 3111072768,3111074815,FR 3111074816,3111075839,DE 3111075840,3111076863,IR +3111076864,3111077887,DE 3111077888,3111078911,NL 3111078912,3111079935,IT 3111079936,3111080959,NL 3111080960,3111081983,RU 3111081984,3111083007,HU -3111083008,3111084031,UA +3111083008,3111084031,GB 3111084032,3111085055,CZ 3111085056,3111086079,RU 3111086080,3111087103,KZ @@ -80001,7 +80604,7 @@ 3111290880,3111291903,UA 3111291904,3111292927,NL 3111292928,3111293951,SI -3111293952,3111294975,GB +3111293952,3111294975,CY 3111294976,3111295999,US 3111296000,3111297023,NL 3111297024,3111298047,IE @@ -80215,6 +80818,7 @@ 3111507968,3111508991,IT 3111508992,3111510015,FI 3111510016,3111511039,LB +3111511040,3111512063,GR 3111512064,3111513087,RU 3111513088,3111514111,GB 3111514112,3111515135,UA @@ -80342,7 +80946,7 @@ 3111648768,3111649023,NL 3111649024,3111650559,GB 3111650560,3111650815,NL -3111650816,3111651071,SE +3111650816,3111651071,TR 3111651072,3111651327,GB 3111651328,3111652351,RO 3111652352,3111652863,GB @@ -80520,7 +81124,7 @@ 3111829504,3111830527,NL 3111830528,3111831551,NO 3111831552,3111832575,TR -3111832576,3111835647,GB +3111832576,3111836671,GB 3111836672,3111837695,RO 3111837696,3111838719,IT 3111838720,3111839743,AL @@ -80647,6 +81251,7 @@ 3111980032,3111981055,IL 3111981056,3111982079,RU 3111982080,3111983103,IR +3111983104,3111984127,UA 3111984128,3111985151,FI 3111985152,3111986175,TR 3111986176,3111987199,RU @@ -80790,7 +81395,7 @@ 3112097792,3112098815,TR 3112098816,3112099839,CH 3112099840,3112100863,GB -3112100864,3112102911,FR +3112100864,3112101887,FR 3112102912,3112103935,GB 3112103936,3112104959,DE 3112104960,3112105983,FR @@ -80960,7 +81565,6 @@ 3112276992,3112278015,LV 3112278016,3112279039,FI 3112279040,3112280063,NO -3112280064,3112281087,GB 3112281088,3112282111,FR 3112282112,3112283135,IR 3112283136,3112284159,AT @@ -81080,7 +81684,7 @@ 3112414208,3112415231,RU 3112415232,3112416255,AE 3112416256,3112417279,RU -3112417280,3112418303,ES +3112417280,3112419327,ES 3112419328,3112420351,FR 3112420352,3112421375,DE 3112421376,3112423423,GB @@ -81279,8 +81883,7 @@ 3112635264,3112635391,DE 3112635392,3112636415,BE 3112636416,3112637439,AT -3112637440,3112637951,CZ -3112637952,3112638463,SK +3112637440,3112638463,CZ 3112638464,3112639487,DE 3112639488,3112640511,IR 3112640512,3112641535,DE @@ -81579,9 +82182,7 @@ 3112946688,3112947711,DE 3112947712,3112948735,AT 3112948736,3112949759,RU -3112949760,3112950271,CZ -3112950272,3112950527,SK -3112950528,3112950783,CZ +3112949760,3112950783,CZ 3112950784,3112951807,JO 3112951808,3112952831,SK 3112952832,3112953855,IL @@ -81666,8 +82267,8 @@ 3113028608,3113029631,AE 3113029632,3113030655,ES 3113030656,3113031679,CH -3113031680,3113032191,RO -3113032192,3113032703,NL +3113031680,3113032447,RO +3113032448,3113032703,NL 3113032704,3113033727,SE 3113033728,3113034751,TR 3113034752,3113035775,IR @@ -81751,7 +82352,7 @@ 3113111552,3113112575,NO 3113112576,3113113599,GB 3113113600,3113114623,IT -3113114624,3113116671,IR +3113114624,3113115647,IR 3113116672,3113117695,NL 3113117696,3113118719,KW 3113118720,3113120767,DE @@ -82120,7 +82721,9 @@ 3113468928,3113469951,TR 3113469952,3113470975,ME 3113470976,3113471999,FR -3113472000,3113474047,GB +3113472000,3113473023,GB +3113473024,3113473279,FR +3113473280,3113474047,GB 3113474048,3113475071,DE 3113475072,3113479167,FR 3113479168,3113480191,SE @@ -82467,7 +83070,8 @@ 3113759744,3113760767,FR 3113760768,3113761791,BE 3113761792,3113762815,ES -3113762816,3113763839,SK +3113762816,3113763327,SK +3113763328,3113763839,US 3113763840,3113764863,VA 3113764864,3113765887,IE 3113766912,3113767935,RU @@ -82483,7 +83087,8 @@ 3113777152,3113778175,PL 3113778176,3113779199,TR 3113779200,3113780223,GB -3113780224,3113781247,RU +3113780224,3113780479,KZ +3113780480,3113781247,RU 3113781248,3113782271,BY 3113782272,3113783295,IT 3113783296,3113784319,TR @@ -82730,8 +83335,7 @@ 3114038272,3114039295,GB 3114039296,3114040319,CZ 3114040320,3114041343,DE -3114041344,3114041855,HU -3114041856,3114042367,SK +3114041344,3114042367,SK 3114042368,3114043391,IT 3114043392,3114045439,GB 3114045440,3114046463,AT @@ -82801,8 +83405,7 @@ 3114112000,3114113023,GB 3114113024,3114114047,ES 3114114048,3114115071,DE -3114115072,3114115839,SE -3114115840,3114116095,CA +3114115072,3114116095,SE 3114116096,3114117119,PL 3114117120,3114118143,SE 3114118144,3114119167,PL @@ -82874,7 +83477,8 @@ 3114173440,3114173679,DE 3114173680,3114173695,GB 3114173696,3114174463,DE -3114174464,3114175487,NL +3114174464,3114175231,NL +3114175232,3114175487,HU 3114175488,3114176511,IT 3114176512,3114177535,NL 3114177536,3114177775,DE @@ -82994,9 +83598,7 @@ 3114285056,3114286079,NL 3114286080,3114288127,UA 3114288128,3114289151,IS -3114289152,3114290175,BG -3114290176,3114291199,MD -3114291200,3114292223,BG +3114289152,3114292223,BG 3114292224,3114293247,DE 3114293248,3114294271,UA 3114294272,3114295295,RO @@ -83092,7 +83694,8 @@ 3114382336,3114383359,RU 3114383360,3114384383,ES 3114384384,3114385407,GB -3114385408,3114386431,IT +3114385408,3114386175,IT +3114386176,3114386431,DE 3114386432,3114387455,NL 3114387456,3114388479,US 3114388480,3114389503,HU @@ -83108,8 +83711,7 @@ 3114398720,3114399743,AT 3114399744,3114400767,GB 3114400768,3114401023,SK -3114401024,3114401279,CZ -3114401280,3114401791,SK +3114401024,3114401791,CZ 3114401792,3114402815,HU 3114402816,3114403839,CZ 3114403840,3114404863,NL @@ -83180,7 +83782,9 @@ 3114458112,3114459135,RO 3114459136,3114460159,GB 3114460160,3114461183,DK -3114461184,3114462207,NL +3114461184,3114461695,NL +3114461696,3114461951,RU +3114461952,3114462207,NL 3114462208,3114463231,GR 3114463232,3114464255,US 3114464256,3114465279,BE @@ -83321,8 +83925,7 @@ 3114600448,3114603519,DE 3114603520,3114604543,TR 3114604544,3114605567,BG -3114605568,3114606335,IR -3114606336,3114606591,GB +3114605568,3114606591,IR 3114606592,3114607615,FR 3114607616,3114608639,SK 3114608640,3114609663,IR @@ -83441,7 +84044,8 @@ 3114724352,3114725119,NL 3114725120,3114725375,US 3114725376,3114726399,RU -3114726400,3114727423,SE +3114726400,3114726407,NO +3114726408,3114727423,SE 3114727424,3114728447,BE 3114728448,3114729471,GB 3114729472,3114730495,RO @@ -83494,7 +84098,7 @@ 3114781696,3114782719,NL 3114782720,3114783743,CZ 3114783744,3114784767,PL -3114784768,3114785791,EE +3114784768,3114785791,RU 3114785792,3114786815,FR 3114786816,3114787839,RU 3114787840,3114788863,GB @@ -83761,7 +84365,9 @@ 3115067392,3115068415,DE 3115068416,3115069439,HU 3115069440,3115070463,NL -3115070464,3115072511,DE +3115070464,3115071487,DE +3115071488,3115071743,NL +3115071744,3115072511,DE 3115072512,3115073535,ES 3115073536,3115074559,DE 3115074560,3115075583,IR @@ -83788,7 +84394,8 @@ 3115095040,3115096063,DE 3115096064,3115097087,FR 3115097088,3115098111,LT -3115098112,3115100159,NL +3115098112,3115099647,NL +3115099648,3115100159,US 3115100160,3115101183,ES 3115101184,3115102207,GB 3115102208,3115103231,ES @@ -83910,7 +84517,8 @@ 3115225088,3115226111,UA 3115226112,3115227135,DE 3115227136,3115228159,PL -3115228160,3115229183,IL +3115228160,3115228671,AT +3115228672,3115229183,IL 3115229184,3115230207,EE 3115230208,3115231231,RU 3115231232,3115232255,CZ @@ -83978,7 +84586,7 @@ 3115292672,3115293695,GB 3115293696,3115294719,RU 3115294720,3115295743,GB -3115295744,3115296767,NL +3115295744,3115296767,PE 3115296768,3115297791,IE 3115297792,3115298815,RU 3115298816,3115299839,FI @@ -83989,7 +84597,8 @@ 3115303936,3115305983,NL 3115305984,3115306495,TR 3115306496,3115307007,BE -3115307008,3115308031,DE +3115307008,3115307519,DE +3115307520,3115308031,CA 3115308032,3115309055,IT 3115309056,3115310079,BE 3115310080,3115311103,CZ @@ -84064,10 +84673,7 @@ 3115385856,3115387903,SK 3115387904,3115388927,MK 3115388928,3115389951,AT -3115389952,3115390463,GB -3115390464,3115390719,RO -3115390720,3115390975,NL -3115390976,3115391999,GB +3115389952,3115391999,GB 3115392000,3115393023,AL 3115393024,3115395071,IT 3115395072,3115396095,ES @@ -84079,7 +84685,9 @@ 3115401216,3115402239,GB 3115402240,3115403263,NL 3115403264,3115404287,ES -3115404288,3115406335,GB +3115404288,3115405567,GB +3115405568,3115405823,DE +3115405824,3115406335,GB 3115406336,3115407359,DE 3115407360,3115408383,CY 3115408384,3115409407,MD @@ -84230,7 +84838,9 @@ 3115563008,3115564031,ES 3115564032,3115565055,RU 3115565056,3115566079,FR -3115566080,3115567103,RU +3115566080,3115566335,RU +3115566336,3115566591,CY +3115566592,3115567103,RU 3115567104,3115569151,NL 3115569152,3115570175,GB 3115570176,3115571199,UA @@ -84240,9 +84850,7 @@ 3115574272,3115575295,GB 3115575296,3115576319,ES 3115576320,3115577343,FI -3115577344,3115577567,IL -3115577568,3115577583,US -3115577584,3115577855,IL +3115577344,3115577855,IL 3115577856,3115578367,NL 3115578368,3115579391,GB 3115579392,3115580415,US @@ -84250,13 +84858,17 @@ 3115581440,3115582463,CZ 3115582464,3115583487,GB 3115583488,3115584511,NL -3115584512,3115585535,CZ +3115584512,3115584767,AT +3115584768,3115585023,US +3115585024,3115585535,CZ 3115585536,3115586559,RU 3115586560,3115587583,CH 3115587584,3115588607,DE 3115588608,3115589631,TR 3115589632,3115590655,GB -3115590656,3115591423,GR +3115590656,3115591167,GR +3115591168,3115591183,DE +3115591184,3115591423,GR 3115591424,3115591679,NL 3115591680,3115592703,CH 3115592704,3115593727,BE @@ -84269,6 +84881,236 @@ 3115599872,3115600895,HU 3115600896,3115601919,BE 3115601920,3115602943,JO +3115602944,3115603967,AE +3115603968,3115604991,HU +3115604992,3115606015,FR +3115606016,3115607039,NL +3115607040,3115608063,MD +3115608064,3115609087,NL +3115609088,3115610111,RU +3115610112,3115611135,PL +3115611136,3115612159,GB +3115612160,3115613183,IT +3115613184,3115614207,LT +3115614208,3115615231,IR +3115615232,3115616255,FR +3115616256,3115618303,SK +3115618304,3115619327,ES +3115619328,3115621375,NL +3115621376,3115622399,GB +3115622400,3115623423,RU +3115623424,3115624447,DE +3115624448,3115624703,GB +3115624704,3115625471,IM +3115625472,3115626495,NL +3115626496,3115627519,RU +3115627520,3115628543,IT +3115628544,3115629567,GB +3115629568,3115630591,RU +3115630592,3115631615,GB +3115631616,3115632639,NL +3115632640,3115633663,RU +3115633664,3115635711,PL +3115635712,3115636735,RU +3115636736,3115637759,GB +3115637760,3115638783,US +3115638784,3115639807,DE +3115639808,3115640831,RU +3115640832,3115641855,NO +3115641856,3115642879,RU +3115642880,3115643903,IE +3115643904,3115644927,FR +3115644928,3115645951,RU +3115645952,3115647999,SE +3115648000,3115649023,FR +3115649024,3115650047,NL +3115650048,3115651071,DE +3115651072,3115652095,UA +3115652096,3115653119,DK +3115653120,3115654143,DE +3115654144,3115655167,GR +3115655168,3115656191,ES +3115656192,3115657215,UA +3115657216,3115658239,MD +3115658240,3115659263,SE +3115659264,3115660287,MD +3115660288,3115661311,IQ +3115661312,3115662335,CZ +3115662336,3115663359,NO +3115663360,3115664383,SA +3115664384,3115665407,RS +3115665408,3115666431,NL +3115666432,3115667455,FR +3115667456,3115668479,NO +3115668480,3115669503,NL +3115669504,3115670527,SE +3115670528,3115671551,IT +3115671552,3115672575,SE +3115672576,3115673599,RO +3115673600,3115674623,DE +3115674624,3115675647,SY +3115675648,3115676671,DE +3115676672,3115677695,GB +3115677696,3115678719,DE +3115678720,3115679743,GB +3115679744,3115681791,NL +3115681792,3115682815,IT +3115682816,3115683839,NL +3115683840,3115684863,GB +3115684864,3115685887,BG +3115685888,3115687935,FR +3115687936,3115689983,UA +3115689984,3115691007,DE +3115691008,3115692031,IE +3115692032,3115693055,CZ +3115693056,3115694079,IR +3115694080,3115695103,CZ +3115695104,3115697151,DE +3115697152,3115698175,GB +3115698176,3115699199,RS +3115699200,3115700223,CH +3115700224,3115701247,TR +3115701248,3115702271,NL +3115702272,3115703295,SE +3115703296,3115704319,GR +3115704320,3115705343,DE +3115705344,3115706367,MD +3115706368,3115707391,NL +3115707392,3115708415,ES +3115708416,3115709439,RO +3115709440,3115710463,RU +3115710464,3115711487,GE +3115711488,3115714559,BG +3115714560,3115715583,GB +3115715584,3115717631,RU +3115717632,3115718655,UA +3115718656,3115719679,CH +3115719680,3115720703,GB +3115720704,3115722751,DE +3115722752,3115723775,FR +3115723776,3115724799,DE +3115724800,3115725311,GB +3115725312,3115725567,DE +3115725568,3115725823,CH +3115725824,3115726847,GB +3115726848,3115727871,NL +3115727872,3115728127,GB +3115728128,3115728383,US +3115728384,3115728639,GB +3115728640,3115728895,NL +3115728896,3115729919,FR +3115729920,3115730943,GB +3115730944,3115731967,IE +3115731968,3115732991,MD +3115732992,3115734015,DE +3115734016,3115735039,SE +3115735040,3115736063,GB +3115736064,3115737087,LV +3115737088,3115738111,PL +3115738112,3115739135,UA +3115739136,3115740159,NL +3115740160,3115741183,RU +3115741184,3115742207,LB +3115742208,3115743231,IT +3115743232,3115744255,AM +3115744256,3115745279,GB +3115745280,3115746303,RU +3115746304,3115747327,BE +3115747328,3115748351,JO +3115748352,3115749375,IT +3115749376,3115750399,GB +3115750400,3115751423,GE +3115751424,3115752447,ES +3115752448,3115753471,GB +3115753472,3115754495,RS +3115754496,3115755519,RU +3115755520,3115756543,FR +3115756544,3115757567,IT +3115757568,3115758591,AT +3115758592,3115759615,ES +3115759616,3115760639,DE +3115760640,3115761663,TR +3115761664,3115762687,MD +3115762688,3115763711,IT +3115763712,3115764735,GB +3115764736,3115765759,DK +3115765760,3115766783,IT +3115766784,3115767807,HU +3115767808,3115768831,KZ +3115768832,3115769855,IR +3115769856,3115770879,PL +3115770880,3115771903,GB +3115771904,3115772927,DE +3115772928,3115773951,TR +3115773952,3115774975,GB +3115776000,3115777023,IR +3115777024,3115779071,FR +3115779072,3115780095,IT +3115780096,3115781119,CZ +3115781120,3115782143,RU +3115782144,3115783167,ES +3115783168,3115784191,GB +3115784192,3115785215,DE +3115785216,3115786239,NL +3115786240,3115787263,MD +3115787264,3115788287,PL +3115788288,3115789311,DK +3115789312,3115790335,UA +3115790336,3115791359,RU +3115791360,3115792383,DE +3115792384,3115793407,SE +3115793408,3115795455,FR +3115795456,3115796479,IT +3115796480,3115797503,CZ +3115797504,3115798527,RU +3115798528,3115799551,MD +3115799552,3115801599,DE +3115801600,3115802623,LB +3115802624,3115802879,NL +3115802880,3115803135,RO +3115803136,3115803647,NL +3115803648,3115804671,GB +3115804672,3115804927,CH +3115804928,3115805183,IT +3115805184,3115805247,ES +3115805248,3115805695,GB +3115805696,3115806719,UA +3115806720,3115807743,NL +3115807744,3115808767,BE +3115808768,3115809791,BY +3115809792,3115810815,DE +3115810816,3115811839,IR +3115811840,3115812863,IL +3115812864,3115813887,MD +3115813888,3115814911,FR +3115814912,3115815935,SE +3115815936,3115816959,RS +3115816960,3115817983,SE +3115817984,3115819007,DE +3115819008,3115820031,RU +3115820032,3115822079,TR +3115822080,3115823103,RU +3115823104,3115825151,DE +3115825152,3115826175,GR +3115826176,3115828223,CH +3115828224,3115829247,RU +3115829248,3115830271,NL +3115830272,3115831295,DE +3115831296,3115832319,FR +3115832320,3115833343,GB +3115833344,3115834367,FR +3115834368,3115835391,ES +3115835392,3115836415,PL +3115836416,3115837439,FR +3115837440,3115838463,SK +3115838464,3115839487,PL +3115839488,3115840511,UZ +3115840512,3115841535,IE +3115841536,3115842559,MK +3115842560,3115843583,FR +3115843584,3115844607,ES +3115844608,3115845631,FR +3115845632,3115846655,PL 3117416448,3117417471,FR 3120562176,3120594943,CO 3120594944,3120599039,AR @@ -84535,11 +85377,33 @@ 3136986112,3140614143,BR 3140614144,3140616191,CR 3140616192,3145727999,BR -3145728000,3149135871,MX +3145728000,3147731455,MX +3147731456,3147731711,US +3147731712,3147734527,MX +3147734528,3147734783,US +3147734784,3147735039,MX +3147735040,3147735807,US +3147735808,3147739135,MX +3147739136,3147740159,US +3147740160,3147745279,MX +3147745280,3147746303,US +3147746304,3147747839,MX +3147747840,3147748351,US +3147748352,3147750399,MX +3147750400,3147751423,US +3147751424,3147751935,MX +3147751936,3147752447,US +3147752448,3147753471,MX +3147753472,3147753727,US +3147753728,3147756543,MX +3147756544,3147757055,US +3147757056,3149135871,MX 3149135872,3149398015,BR 3149398016,3149881343,MX 3149881344,3149889535,BR -3149889536,3154051071,MX +3149889536,3151514623,MX +3151514624,3151515647,US +3151515648,3154051071,MX 3154051072,3154116607,BR 3154116608,3154124799,RU 3154124800,3154126847,PL @@ -84586,9 +85450,12 @@ 3156803584,3156869119,TR 3156869120,3156901887,LU 3156901888,3156906239,NL -3156906240,3156910079,LU +3156906240,3156907007,LU +3156907008,3156908031,RU +3156908032,3156910079,LU 3156910080,3156912127,NL -3156912128,3156916223,LU +3156912128,3156914175,LU +3156914176,3156916223,RU 3156916224,3156917247,GB 3156917248,3156920319,LU 3156920320,3156921343,SG @@ -84939,9 +85806,7 @@ 3161948160,3161964543,RO 3161964544,3161980927,ES 3161980928,3161989119,SK -3161989120,3161989375,NL -3161989376,3161989631,TR -3161989632,3161990143,NL +3161989120,3161990143,NL 3161990144,3161991167,TR 3161991168,3161993215,NL 3161993216,3161997311,RU @@ -84992,7 +85857,8 @@ 3162324992,3162327039,IE 3162327040,3162329087,CH 3162329088,3162331135,IE -3162331136,3162332927,GB +3162331136,3162332671,GB +3162332672,3162332927,NL 3162332928,3162333183,DE 3162333184,3162341375,IT 3162341376,3162349567,PL @@ -85022,8 +85888,7 @@ 3162570752,3162603519,HR 3162603520,3162636287,GE 3162636288,3162669055,FR -3162669056,3162673151,EE -3162673152,3162676223,RU +3162669056,3162676223,RU 3162676224,3162677247,KZ 3162677248,3162679039,RU 3162679040,3162679295,KZ @@ -85034,8 +85899,8 @@ 3162682368,3162682879,MD 3162682880,3162683135,GB 3162683136,3162683391,ES -3162683392,3162693631,EE -3162693632,3162701567,RU +3162683392,3162685439,EE +3162685440,3162701567,RU 3162701568,3162701823,UZ 3162701824,3162734591,MD 3162734592,3162767359,RU @@ -85171,7 +86036,9 @@ 3164953024,3164953087,IE 3164953088,3164953583,FR 3164953584,3164953599,ES -3164953600,3164954507,FR +3164953600,3164954471,FR +3164954472,3164954479,IE +3164954480,3164954507,FR 3164954508,3164954511,ES 3164954512,3164958895,FR 3164958896,3164958911,PT @@ -85271,9 +86138,7 @@ 3164974336,3164974437,GB 3164974438,3164974438,IT 3164974439,3164974463,GB -3164974464,3164974527,FR -3164974528,3164974559,ES -3164974560,3164975199,FR +3164974464,3164975199,FR 3164975200,3164975215,ES 3164975216,3164975311,FR 3164975312,3164975327,ES @@ -85283,16 +86148,21 @@ 3164976144,3164976159,BE 3164976160,3164976231,FR 3164976232,3164976239,ES -3164976240,3164976815,FR -3164976816,3164976831,ES -3164976832,3164978079,FR +3164976240,3164977223,FR +3164977224,3164977231,PT +3164977232,3164977255,FR +3164977256,3164977263,PT +3164977264,3164977271,FI +3164977272,3164978079,FR 3164978080,3164978111,PT 3164978112,3164978623,FR 3164978624,3164978655,ES 3164978656,3164979151,FR 3164979152,3164979155,ES 3164979156,3164995583,FR -3164995584,3165032447,NL +3164995584,3165030399,NL +3165030400,3165031423,GB +3165031424,3165032447,NL 3165032448,3165036543,GB 3165036544,3165038591,DE 3165038592,3165040639,GB @@ -85816,11 +86686,31 @@ 3170828288,3170861055,RU 3170861056,3170893823,RS 3170893824,3179282431,BR -3179282432,3184116735,MX +3179282432,3182062591,MX +3182062592,3182063615,US +3182063616,3182215167,MX +3182215168,3182215423,US +3182215424,3182481407,MX +3182481408,3182482431,US +3182482432,3182482943,MX +3182482944,3182483455,US +3182483456,3182484479,MX +3182484480,3182485503,US +3182485504,3183853567,MX +3183853568,3183861759,US +3183861760,3183863807,MX +3183863808,3183864831,US +3183864832,3183865343,MX +3183865344,3183867903,US +3183867904,3184116735,MX 3184116736,3184123903,BR 3184123904,3184125951,MX 3184125952,3184127999,BR -3184128000,3187671039,MX +3184128000,3187414015,MX +3187414016,3187414527,US +3187414528,3187417087,MX +3187417088,3187421183,US +3187421184,3187671039,MX 3187671040,3187687423,CO 3187687424,3187695615,DO 3187695616,3187703807,AR @@ -87069,7 +87959,9 @@ 3210795008,3210796031,IL 3210796032,3210798847,US 3210798848,3210799103,ES -3210799104,3210802943,US +3210799104,3210802431,US +3210802432,3210802687,ES +3210802688,3210802943,US 3210802944,3210803039,CL 3210803040,3210803055,AU 3210803056,3210803071,CL @@ -87218,9 +88110,13 @@ 3211092992,3211093007,SK 3211093008,3211093503,DE 3211093504,3211093519,HR -3211093520,3211094015,DE +3211093520,3211093791,DE +3211093792,3211093807,IN +3211093808,3211094015,DE 3211094016,3211094031,CZ -3211094032,3211094143,DE +3211094032,3211094079,DE +3211094080,3211094095,GB +3211094096,3211094143,DE 3211094144,3211094271,US 3211094272,3211094527,DE 3211094528,3211094543,HR @@ -87627,7 +88523,9 @@ 3222868992,3222872319,US 3222872320,3222872575,CA 3222872576,3222874623,US -3222874880,3222876159,US +3222874880,3222875647,US +3222875648,3222875903,SG +3222875904,3222876159,US 3222876416,3222890751,US 3222890752,3222891007,CA 3222891008,3222936575,US @@ -87878,8 +88776,7 @@ 3223634944,3223635455,GB 3223635456,3223637247,SE 3223637248,3223637503,GB -3223637504,3223638015,SE -3223638016,3223638271,NL +3223637504,3223638271,SE 3223638272,3223638527,GB 3223638528,3223640831,SE 3223640832,3223641087,GB @@ -89132,8 +90029,8 @@ 3227545088,3227547647,ZA 3227547648,3227551743,MU 3227551744,3227552255,MF -3227552256,3227552767,ZA -3227552768,3227553791,MU +3227552256,3227552511,ZA +3227552512,3227553791,MU 3227553792,3227554047,ZA 3227554304,3227554559,ZA 3227554560,3227554815,MU @@ -89162,37 +90059,12 @@ 3227581696,3227582207,ZA 3227582208,3227638271,US 3227638272,3227638527,CA -3227638528,3227648255,US -3227648256,3227649023,FI -3227649024,3227649791,US -3227649792,3227650559,FI -3227650560,3227650815,US -3227650816,3227651071,FI -3227651072,3227653375,US -3227653376,3227654143,FI -3227654144,3227655935,US -3227655936,3227656703,FI -3227656704,3227656959,US -3227656960,3227657215,FI -3227657216,3227657471,US -3227657472,3227657983,FI -3227657984,3227658495,US -3227658496,3227659263,FI -3227659264,3227659775,US +3227638528,3227647999,US +3227648000,3227659775,FI 3227659776,3227660031,JP -3227660032,3227660287,FI -3227660288,3227660543,US +3227660032,3227660543,FI 3227660544,3227660799,EE -3227660800,3227661823,US -3227661824,3227662335,FI -3227662336,3227663615,US -3227663616,3227664127,FI -3227664128,3227664383,US -3227664384,3227672575,FI -3227672576,3227673087,US -3227673088,3227674111,FI -3227674112,3227674623,US -3227674624,3227678719,FI +3227660800,3227678719,FI 3227678720,3227680767,LU 3227680768,3227713535,FI 3227713536,3227720131,CA @@ -89366,7 +90238,9 @@ 3227775696,3227775707,BZ 3227775708,3227775731,CA 3227775732,3227775743,BZ -3227775744,3227775935,CA +3227775744,3227775856,CA +3227775857,3227775857,ES +3227775858,3227775935,CA 3227775936,3227775939,US 3227775940,3227775959,CA 3227775960,3227775963,US @@ -89534,8 +90408,7 @@ 3227931136,3227931391,US 3227931392,3227931647,AU 3227931648,3227931903,PE -3227931904,3227932159,US -3227932672,3227932927,US +3227931904,3227932927,US 3227932928,3227933183,DE 3227933184,3227933695,US 3227933696,3227933951,NZ @@ -90057,7 +90930,7 @@ 3229885440,3229886719,US 3229886720,3229886975,AU 3229886976,3229889791,US -3229889792,3229890047,PT +3229889792,3229890047,NL 3229890048,3229890303,US 3229890304,3229890559,PT 3229890560,3229891583,US @@ -91277,8 +92150,7 @@ 3233457408,3233457631,RO 3233457632,3233457647,US 3233457648,3233457663,RO -3233457664,3233458687,US -3233458688,3233458943,HU +3233457664,3233458943,US 3233458944,3233458959,BG 3233458960,3233458975,US 3233458976,3233459007,BG @@ -91761,7 +92633,8 @@ 3234822656,3234826751,US 3234826752,3234827007,CA 3234827008,3234827519,US -3234827520,3234828031,NL +3234827520,3234827775,GB +3234827776,3234828031,LU 3234828032,3234828287,NZ 3234828288,3234828799,US 3234828800,3234829055,CL @@ -92157,9 +93030,7 @@ 3237050112,3237050159,GB 3237050160,3237050175,US 3237050176,3237050303,GB -3237050304,3237051135,US -3237051136,3237051391,CA -3237051392,3237051903,US +3237050304,3237051903,US 3237051904,3237052159,TR 3237052160,3237052287,CA 3237052288,3237125295,US @@ -92208,7 +93079,7 @@ 3237328640,3237328895,CA 3237328896,3237329151,US 3237329152,3237329407,NZ -3237329664,3237330943,US +3237329408,3237330943,US 3237330944,3237331199,AU 3237331200,3237331967,US 3237331968,3237332223,AU @@ -92581,7 +93452,7 @@ 3237867776,3237868031,GB 3237868032,3237868159,HK 3237868160,3237868287,AU -3237868288,3237868543,DK +3237868288,3237868543,US 3237868544,3237868799,GB 3237868800,3237869311,US 3237869312,3237869439,KR @@ -94432,7 +95303,8 @@ 3244142592,3244143615,DE 3244143616,3244144639,FR 3244144640,3244146687,UA -3244146688,3244147711,RU +3244146688,3244146943,GB +3244146944,3244147711,RU 3244147712,3244149247,GB 3244149248,3244149503,US 3244149504,3244149759,GB @@ -94732,7 +95604,6 @@ 3244898048,3244898303,DE 3244898304,3244898559,IR 3244898560,3244898815,GI -3244898816,3244899071,RO 3244899072,3244899327,RU 3244899328,3244899583,BG 3244899584,3244899839,GB @@ -95450,9 +96321,7 @@ 3246825984,3246826239,US 3246826240,3246828066,CH 3246828068,3246915583,CH -3246915584,3246979608,PT -3246979609,3246979609,US -3246979610,3246979783,PT +3246915584,3246979783,PT 3246979784,3246979784,US 3246979785,3247046655,PT 3247046656,3247046911,AT @@ -95804,7 +96673,9 @@ 3248557056,3248558079,UA 3248558080,3248560127,NO 3248560896,3248561151,IN -3248561664,3248575487,NO +3248561664,3248562080,NO +3248562081,3248562081,DK +3248562082,3248575487,NO 3248575488,3248576511,CZ 3248576512,3248599039,NO 3248599040,3248603135,SE @@ -96362,7 +97233,7 @@ 3250413568,3250414079,UA 3250414080,3250414591,RO 3250414592,3250415103,SE -3250415104,3250415359,NL +3250415104,3250415359,GB 3250415360,3250415615,PL 3250415616,3250416127,FR 3250416128,3250417663,DE @@ -96579,7 +97450,7 @@ 3251156736,3251156991,UA 3251156992,3251157247,FR 3251157248,3251157503,BE -3251157504,3251158015,PL +3251157760,3251158015,PL 3251158016,3251158271,TR 3251158272,3251158527,RU 3251158528,3251158783,UA @@ -96854,8 +97725,8 @@ 3252196352,3252197119,LT 3252197120,3252197375,SE 3252197376,3252207615,HR -3252207616,3252219903,LT -3252219904,3252221183,SE +3252207616,3252220927,LT +3252220928,3252221183,SE 3252221184,3252222463,LT 3252222464,3252223487,SE 3252223488,3252223999,LT @@ -96864,8 +97735,7 @@ 3252232577,3252256767,SE 3252256768,3252273151,EE 3252273152,3252286463,HR -3252286464,3252287487,SE -3252287488,3252289535,LT +3252286464,3252289535,LT 3252289536,3252289791,BG 3252289792,3252291583,GR 3252291584,3252292607,DE @@ -97271,8 +98141,7 @@ 3253624832,3253625855,UA 3253625856,3253626879,IT 3253626880,3253627903,DE -3253627904,3253628671,RU -3253628672,3253628927,UA +3253627904,3253628927,UA 3253628928,3253629951,GR 3253629952,3253630975,UA 3253632000,3253633023,DE @@ -97625,15 +98494,43 @@ 3254266368,3254266623,RE 3254266624,3254277119,FR 3254277120,3254278143,YT -3254278144,3254488431,FR +3254278144,3254485879,FR +3254485880,3254485887,CI +3254485888,3254486527,FR +3254486528,3254486543,CH +3254486544,3254487039,FR +3254487040,3254487199,KM +3254487200,3254487263,FR +3254487264,3254487295,KM +3254487296,3254487419,CF +3254487420,3254487559,FR +3254487560,3254487803,CI +3254487804,3254488431,FR 3254488432,3254488447,MG -3254488448,3254489407,FR +3254488448,3254489087,FR +3254489088,3254489343,DZ +3254489344,3254489365,FR +3254489366,3254489367,MR +3254489368,3254489369,FR +3254489370,3254489370,MR +3254489371,3254489373,FR +3254489374,3254489375,MR +3254489376,3254489407,FR 3254489408,3254489439,MR -3254489440,3254489447,FR -3254489448,3254489455,MR -3254489456,3254489487,FR -3254489488,3254489503,MR -3254489504,3254491903,FR +3254489440,3254489443,FR +3254489444,3254489455,MR +3254489456,3254489463,FR +3254489464,3254489519,MR +3254489520,3254489535,FR +3254489536,3254489567,MR +3254489568,3254489599,FR +3254489600,3254489855,MR +3254489856,3254490111,TD +3254490112,3254490367,FR +3254490368,3254490623,CF +3254490624,3254491135,FR +3254491136,3254491391,DZ +3254491392,3254491903,FR 3254491904,3254492031,CM 3254492032,3254493183,FR 3254493184,3254493253,GP @@ -98091,7 +98988,7 @@ 3255374848,3255375359,CY 3255375360,3255375871,RO 3255375872,3255376383,PL -3255376384,3255376895,UA +3255376384,3255376895,RU 3255376896,3255377407,GB 3255377408,3255377919,KZ 3255377920,3255378431,GB @@ -98791,7 +99688,6 @@ 3258081280,3258081535,NL 3258081536,3258081791,BE 3258081792,3258082047,UA -3258082048,3258082303,NL 3258082304,3258082559,CZ 3258082560,3258082815,HU 3258082816,3258083071,NL @@ -99275,8 +100171,8 @@ 3260553984,3260554239,GB 3260554240,3260555263,CH 3260555264,3260563455,HU -3260563456,3260571647,GB -3260571648,3260575743,BE +3260563456,3260573695,GB +3260573696,3260575743,BE 3260575744,3260579839,GB 3260579840,3260580351,PL 3260580352,3260580863,HU @@ -100543,8 +101439,7 @@ 3262478857,3262478857,LI 3262478858,3262478862,DE 3262478863,3262478863,AT -3262478864,3262478864,NL -3262478865,3262478865,DE +3262478864,3262478865,DE 3262478866,3262478866,CH 3262478867,3262478867,GB 3262478868,3262478868,IT @@ -100596,8 +101491,8 @@ 3262478956,3262478956,DE 3262478957,3262478957,PT 3262478958,3262478958,SE -3262478959,3262478959,DE -3262478960,3262478961,NL +3262478959,3262478960,DE +3262478961,3262478961,NL 3262478962,3262478966,DE 3262478967,3262478967,NL 3262478968,3262478968,ES @@ -100622,7 +101517,7 @@ 3262478994,3262478997,DE 3262478998,3262478998,GB 3262478999,3262478999,AT -3262479000,3262479000,CH +3262479000,3262479000,DE 3262479001,3262479001,AT 3262479002,3262479002,DE 3262479003,3262479003,FR @@ -102104,8 +102999,8 @@ 3265607936,3265608191,CZ 3265608448,3265608703,SE 3265608704,3265608959,GB -3265608960,3265609215,RU -3265609216,3265609727,UA +3265608960,3265609471,RU +3265609472,3265609727,UA 3265609728,3265617919,NL 3265617920,3265626111,SI 3265626112,3265634303,JO @@ -102335,7 +103230,9 @@ 3267100672,3267166207,FI 3267166208,3267231743,GB 3267231744,3267297279,RU -3267297280,3267362815,CH +3267297280,3267357132,CH +3267357133,3267357133,US +3267357134,3267362815,CH 3267362816,3267368480,DK 3267368482,3267428351,DK 3267428352,3267493887,GB @@ -102799,7 +103696,7 @@ 3270973952,3270974463,FR 3270974464,3270974975,IT 3270974976,3270975487,NL -3270975488,3270975999,RU +3270975744,3270975999,RU 3270976000,3270976255,FR 3270976256,3270976511,UA 3270976512,3270976767,HU @@ -103005,7 +103902,7 @@ 3271744512,3271745023,AT 3271745024,3271745535,PL 3271745536,3271746047,GB -3271746048,3271746559,RU +3271746048,3271746559,RO 3271746560,3271747071,US 3271747072,3271747583,KZ 3271747584,3271748095,RU @@ -103044,7 +103941,8 @@ 3271812096,3271813119,ES 3271813120,3271814143,PL 3271814144,3271815167,UA -3271815168,3271817215,RU +3271815168,3271816191,RU +3271816192,3271817215,UA 3271817216,3271818239,DE 3271818240,3271819263,RU 3271819264,3271884799,DE @@ -103332,7 +104230,6 @@ 3272421888,3272422143,RU 3272422144,3272422399,GB 3272422400,3272422911,CH -3272422912,3272423423,SE 3272423424,3272423935,BE 3272423936,3272424447,FR 3272424448,3272424703,GB @@ -104798,7 +105695,9 @@ 3276014464,3276014479,FR 3276014480,3276014951,GB 3276014952,3276014959,ES -3276014960,3276018383,GB +3276014960,3276015055,GB +3276015056,3276015063,FR +3276015064,3276018383,GB 3276018384,3276018399,FR 3276018400,3276019711,GB 3276019712,3276020735,FR @@ -104917,7 +105816,9 @@ 3276234368,3276275711,DE 3276275712,3276283903,SK 3276283904,3276292095,GB -3276292096,3276300287,BE +3276292096,3276292479,BE +3276292480,3276292607,CH +3276292608,3276300287,BE 3276300288,3276304383,DE 3276304384,3276304639,BG 3276304640,3276305407,GB @@ -105442,9 +106343,7 @@ 3276889088,3276889215,IT 3276889216,3276890175,GB 3276890176,3276890191,US -3276890192,3276892159,GB -3276892160,3276893183,IT -3276893184,3276893695,GB +3276890192,3276893695,GB 3276893696,3276893951,IT 3276893952,3276897727,GB 3276897728,3276897791,BE @@ -105504,7 +106403,9 @@ 3276926208,3276931071,GB 3276931072,3276939263,KZ 3276939264,3276955647,DE -3276955648,3276963839,GB +3276955648,3276958719,GB +3276958720,3276959743,IL +3276959744,3276963839,GB 3276963840,3276964351,IL 3276964352,3276964863,RO 3276965376,3276966399,RU @@ -105512,7 +106413,7 @@ 3276966912,3276968959,RU 3276968960,3276969471,RO 3276969472,3276969983,UA -3276969984,3276970495,NL +3276969984,3276970495,DE 3276970496,3276971519,RU 3276971520,3276972031,DE 3276972032,3276980223,PL @@ -105526,7 +106427,7 @@ 3277160448,3277176831,NL 3277176832,3277177087,SI 3277177088,3277177343,GB -3277177600,3277178111,PL +3277177856,3277178111,PL 3277178368,3277178623,UA 3277178624,3277178879,PL 3277178880,3277179135,ES @@ -106627,12 +107528,11 @@ 3278942729,3278942730,BE 3278942731,3278942731,DE 3278942732,3278942732,ES -3278942733,3278942733,LU +3278942733,3278942733,DE 3278942734,3278942734,GB 3278942735,3278942735,DE 3278942736,3278942736,IT -3278942737,3278942737,GB -3278942738,3278942739,DE +3278942737,3278942739,DE 3278942740,3278942740,NL 3278942741,3278942741,GB 3278942742,3278942742,DE @@ -106655,9 +107555,7 @@ 3278942767,3278942767,FR 3278942768,3278942768,NO 3278942769,3278942769,GB -3278942770,3278942771,DE -3278942772,3278942772,BE -3278942773,3278942773,DE +3278942770,3278942773,DE 3278942774,3278942774,CH 3278942775,3278942775,FR 3278942776,3278942776,DE @@ -106666,8 +107564,7 @@ 3278942780,3278942784,DE 3278942785,3278942785,GR 3278942786,3278942786,SI -3278942787,3278942787,IT -3278942788,3278942789,DE +3278942787,3278942789,DE 3278942790,3278942790,ES 3278942791,3278942791,IT 3278942792,3278942792,US @@ -106693,8 +107590,7 @@ 3278942818,3278942818,DK 3278942819,3278942819,DE 3278942820,3278942820,IT -3278942821,3278942821,NL -3278942822,3278942824,DE +3278942821,3278942824,DE 3278942825,3278942825,NL 3278942826,3278942826,RU 3278942827,3278942827,FR @@ -106715,9 +107611,7 @@ 3278942852,3278942852,DE 3278942853,3278942853,ES 3278942854,3278942854,GB -3278942855,3278942855,DE -3278942856,3278942856,NO -3278942857,3278942857,DE +3278942855,3278942857,DE 3278942858,3278942858,IT 3278942859,3278942860,DE 3278942861,3278942861,FR @@ -106725,16 +107619,14 @@ 3278942864,3278942864,ES 3278942865,3278942865,GB 3278942866,3278942867,NL -3278942868,3278942868,DE -3278942869,3278942869,IT +3278942868,3278942869,DE 3278942870,3278942870,CH 3278942871,3278942871,IS -3278942872,3278942872,ES +3278942872,3278942872,DE 3278942873,3278942873,IT 3278942874,3278942875,DE 3278942876,3278942876,PL -3278942877,3278942877,DE -3278942878,3278942878,NL +3278942877,3278942878,DE 3278942879,3278942879,DK 3278942880,3278942881,DE 3278942882,3278942882,CH @@ -106755,9 +107647,7 @@ 3278942911,3278942911,IT 3278942912,3278942913,DE 3278942914,3278942914,CH -3278942915,3278942915,DE -3278942916,3278942916,CH -3278942917,3278942922,DE +3278942915,3278942922,DE 3278942923,3278942923,NL 3278942924,3278942924,DE 3278942925,3278942925,GB @@ -107195,8 +108085,7 @@ 3278943558,3278943558,AT 3278943559,3278943560,DE 3278943561,3278943561,FR -3278943562,3278943564,DE -3278943565,3278943565,GB +3278943562,3278943565,DE 3278943566,3278943566,BE 3278943567,3278943567,AE 3278943568,3278943568,NL @@ -107216,9 +108105,7 @@ 3278943584,3278943585,DE 3278943586,3278943586,NL 3278943587,3278943587,ES -3278943588,3278943588,DE -3278943589,3278943589,IT -3278943590,3278943590,DE +3278943588,3278943590,DE 3278943591,3278943591,NL 3278943592,3278943592,DE 3278943593,3278943593,PL @@ -107400,9 +108287,7 @@ 3278943832,3278943832,BE 3278943833,3278943833,DE 3278943834,3278943835,GB -3278943836,3278943836,DE -3278943837,3278943837,ES -3278943838,3278943838,DE +3278943836,3278943838,DE 3278943839,3278943839,IT 3278943840,3278943845,DE 3278943846,3278943846,GB @@ -107428,8 +108313,7 @@ 3278943872,3278943873,DE 3278943874,3278943874,CH 3278943875,3278943875,IL -3278943876,3278943881,DE -3278943882,3278943882,PL +3278943876,3278943882,DE 3278943883,3278943883,CH 3278943884,3278943884,DE 3278943885,3278943885,IT @@ -107464,8 +108348,7 @@ 3278943921,3278943923,DE 3278943924,3278943924,IT 3278943925,3278943926,ES -3278943927,3278943928,DE -3278943929,3278943929,PT +3278943927,3278943929,DE 3278943930,3278943930,IT 3278943931,3278943932,DE 3278943933,3278943933,ES @@ -107523,8 +108406,8 @@ 3278944016,3278944020,DE 3278944021,3278944021,IT 3278944022,3278944022,FR -3278944023,3278944023,AT -3278944024,3278944025,CH +3278944023,3278944024,DE +3278944025,3278944025,CH 3278944026,3278944026,DE 3278944027,3278944027,FR 3278944028,3278944028,DE @@ -107571,7 +108454,7 @@ 3278944081,3278944081,GB 3278944082,3278944082,IT 3278944083,3278944084,ES -3278944085,3278944085,PT +3278944085,3278944085,DE 3278944086,3278944086,NL 3278944087,3278944087,DE 3278944088,3278944088,IT @@ -107581,8 +108464,7 @@ 3278944092,3278944092,GR 3278944093,3278944094,DE 3278944095,3278944095,AT -3278944096,3278944096,GB -3278944097,3278944097,DE +3278944096,3278944097,DE 3278944098,3278944098,SE 3278944099,3278944099,GB 3278944100,3278944102,DE @@ -107618,8 +108500,7 @@ 3278944140,3278944140,PT 3278944141,3278944141,FR 3278944142,3278944142,GB -3278944143,3278944143,AT -3278944144,3278944144,DE +3278944143,3278944144,DE 3278944145,3278944145,SE 3278944146,3278944147,DE 3278944148,3278944148,ES @@ -107644,7 +108525,7 @@ 3278944178,3278944179,DE 3278944180,3278944180,GB 3278944181,3278944181,IT -3278944182,3278944182,FR +3278944182,3278944182,DE 3278944183,3278944184,ES 3278944185,3278944185,NL 3278944186,3278944192,DE @@ -107672,8 +108553,7 @@ 3278944218,3278944219,DE 3278944220,3278944220,GB 3278944221,3278944221,GR -3278944222,3278944222,IT -3278944223,3278944224,DE +3278944222,3278944224,DE 3278944225,3278944225,NL 3278944226,3278944226,RU 3278944227,3278944227,IT @@ -107693,7 +108573,7 @@ 3278944246,3278944246,NL 3278944247,3278944247,ES 3278944248,3278944248,NL -3278944249,3278944249,ES +3278944249,3278944249,DE 3278944250,3278944250,IT 3278944251,3278944251,AT 3278944252,3278944252,IT @@ -108808,7 +109688,8 @@ 3282501632,3282534399,GR 3282534400,3282538495,GB 3282538496,3282542591,PL -3282542592,3282550783,GB +3282542592,3282546687,US +3282546688,3282550783,GB 3282550784,3282554879,FR 3282554880,3282558975,DE 3282558976,3282563071,FR @@ -109825,8 +110706,7 @@ 3286658048,3286658303,DE 3286658304,3286658559,RU 3286658560,3286658815,NL -3286658816,3286659071,RU -3286659072,3286659327,UA +3286658816,3286659327,RU 3286659328,3286659583,PL 3286659584,3286659839,DE 3286659840,3286660095,UA @@ -110115,7 +110995,6 @@ 3287461376,3287461631,CH 3287461632,3287461887,AT 3287461888,3287462143,PL -3287462400,3287462655,BE 3287462656,3287462911,UA 3287462912,3287463167,FR 3287463168,3287463423,IT @@ -110153,7 +111032,7 @@ 3287554048,3287554559,RU 3287554560,3287555071,PL 3287555072,3287555583,GB -3287555584,3287556095,FR +3287555584,3287556095,US 3287556096,3287563007,TR 3287563008,3287563263,US 3287563264,3287564287,TR @@ -110996,13 +111875,29 @@ 3291555840,3291556095,GN 3291611136,3291611647,ZA 3291611648,3291611903,MU +3291611904,3291612159,ZA +3291612160,3291613183,NG 3291676672,3291742207,ZA 3291742208,3291742463,US 3291742464,3291742591,GB 3291742592,3291742719,IE 3291742720,3291750399,US 3291750400,3291750655,GB -3291750656,3291817471,US +3291750656,3291757311,US +3291757312,3291757567,GB +3291757568,3291758079,US +3291758080,3291758335,GB +3291758336,3291762175,US +3291762176,3291762431,GB +3291762432,3291763199,US +3291763200,3291763455,GB +3291763456,3291763711,US +3291763712,3291763967,GB +3291763968,3291813375,US +3291813376,3291813631,GB +3291813632,3291815423,US +3291815424,3291815679,GB +3291815680,3291817471,US 3291817472,3291817983,NL 3291817984,3291819263,US 3291819264,3291819775,NL @@ -111010,11 +111905,37 @@ 3291821056,3291821567,NL 3291821568,3291823103,US 3291823104,3291823359,DE -3291823360,3291906047,US +3291823360,3291824127,US +3291824128,3291824383,GB +3291824384,3291826175,US +3291826176,3291826431,CA +3291826432,3291827199,US +3291827200,3291827455,CA +3291827456,3291828223,US +3291828224,3291828479,GB +3291828480,3291878143,US +3291878144,3291878399,CA +3291878400,3291880703,US +3291880704,3291880959,CA +3291880960,3291883775,US +3291883776,3291884031,CA +3291884032,3291884543,US +3291884544,3291884799,CA +3291884800,3291886335,US +3291886336,3291886591,CA +3291886592,3291887359,US +3291887360,3291887615,FR +3291887616,3291888895,US +3291888896,3291889151,FR +3291889152,3291893759,US +3291893760,3291894015,CA +3291894016,3291906047,US 3291906048,3291907071,LK 3291907072,3291939063,US 3291939064,3291939064,GB -3291939065,3291971583,US +3291939065,3291943423,US +3291943424,3291943679,FR +3291943680,3291971583,US 3291971584,3291972607,JP 3291972608,3292004351,US 3292004352,3292004607,SC @@ -111855,7 +112776,34 @@ 3304529920,3304535295,US 3304535296,3304536063,SC 3304536064,3304538111,CA -3304538112,3304587263,SC +3304538112,3304539135,SC +3304539136,3304548351,US +3304548352,3304549375,SC +3304549376,3304562687,US +3304562688,3304563711,GB +3304563712,3304564735,NL +3304564736,3304565759,CH +3304565760,3304566783,ES +3304566784,3304567807,PT +3304567808,3304568831,PL +3304568832,3304569855,NO +3304569856,3304570879,NZ +3304570880,3304571903,LU +3304571904,3304572927,HU +3304572928,3304573951,HK +3304573952,3304574975,AU +3304574976,3304575999,AT +3304576000,3304577023,BE +3304577024,3304578047,LV +3304578048,3304579071,CZ +3304579072,3304580095,DK +3304580096,3304581119,DE +3304581120,3304582143,FR +3304582144,3304583167,AT +3304583168,3304584191,IN +3304584192,3304585215,RU +3304585216,3304586239,US +3304586240,3304587263,BR 3304587264,3304669183,ZA 3304669184,3304685567,TZ 3304685568,3304701951,ZA @@ -112796,9 +113744,7 @@ 3323660544,3323661311,US 3323661312,3323662335,CA 3323662336,3323674623,US -3323674624,3323677967,CA -3323677968,3323677983,IN -3323677984,3323678031,CA +3323674624,3323678031,CA 3323678032,3323678047,US 3323678048,3323678055,CA 3323678056,3323678059,MX @@ -112859,7 +113805,9 @@ 3323682656,3323682687,IE 3323682688,3323682751,CA 3323682752,3323682767,US -3323682768,3323682839,CA +3323682768,3323682771,CA +3323682772,3323682775,RO +3323682776,3323682839,CA 3323682840,3323682843,BD 3323682844,3323682947,CA 3323682948,3323682951,US @@ -112996,7 +113944,8 @@ 3323686440,3323686447,BR 3323686448,3323686599,CA 3323686600,3323686607,BR -3323686608,3323686631,CA +3323686608,3323686623,CA +3323686624,3323686631,NL 3323686632,3323686639,BR 3323686640,3323686655,US 3323686656,3323686683,CA @@ -113237,10 +114186,13 @@ 3324526592,3324579839,US 3324582912,3324583935,CA 3324583936,3324587775,CL -3324587776,3324633087,US +3324587776,3324601087,US +3324601088,3324601343,GB +3324601344,3324604671,US +3324604672,3324604927,GB +3324604928,3324633087,US 3324633088,3324634111,PE -3324634112,3324635135,AR -3324635136,3324635647,US +3324634112,3324635647,AR 3324635648,3324635903,HK 3324635904,3324636159,US 3324636160,3324637183,NZ @@ -113741,7 +114693,7 @@ 3324943168,3324943215,US 3324943216,3324943231,GB 3324943232,3324963535,US -3324963536,3324963543,GB +3324963536,3324963543,CA 3324963544,3324963567,US 3324963568,3324963575,GB 3324963576,3324963579,US @@ -113783,8 +114735,7 @@ 3325171712,3325190143,US 3325190144,3325191687,CA 3325191688,3325191695,US -3325191696,3325198363,CA -3325198364,3325198367,US +3325191696,3325198367,CA 3325198368,3325198375,MY 3325198376,3325198379,CA 3325198380,3325198383,US @@ -113926,8 +114877,8 @@ 3325201288,3325201367,CA 3325201368,3325201375,MY 3325201376,3325201391,CA -3325201392,3325201407,US -3325201408,3325201427,CA +3325201392,3325201415,US +3325201416,3325201427,CA 3325201428,3325201431,US 3325201432,3325201531,CA 3325201532,3325201535,US @@ -113977,7 +114928,9 @@ 3325205504,3325206428,CA 3325206429,3325206429,US 3325206430,3325206623,CA -3325206624,3325206627,RO +3325206624,3325206625,RO +3325206626,3325206626,CA +3325206627,3325206627,RO 3325206628,3325206639,CA 3325206640,3325206671,US 3325206672,3325206679,BR @@ -113997,7 +114950,9 @@ 3325206880,3325206911,BA 3325206912,3325206915,CA 3325206916,3325206919,US -3325206920,3325207055,CA +3325206920,3325206935,CA +3325206936,3325206943,HR +3325206944,3325207055,CA 3325207056,3325207059,GB 3325207060,3325207071,CA 3325207072,3325207103,MX @@ -114402,7 +115357,9 @@ 3325217248,3325217279,BA 3325217280,3325217307,CA 3325217308,3325217311,HK -3325217312,3325217651,CA +3325217312,3325217471,CA +3325217472,3325217503,IE +3325217504,3325217651,CA 3325217652,3325217655,AE 3325217656,3325217695,CA 3325217696,3325217699,US @@ -114435,23 +115392,19 @@ 3325218252,3325218255,PL 3325218256,3325218447,CA 3325218448,3325218455,AR -3325218456,3325218463,CA -3325218464,3325218479,ES +3325218456,3325218479,CA 3325218480,3325218483,BR 3325218484,3325218487,CA 3325218488,3325218491,US 3325218492,3325218519,CA 3325218520,3325218523,US -3325218524,3325218531,CA -3325218532,3325218535,US -3325218536,3325218559,CA +3325218524,3325218559,CA 3325218560,3325218567,US 3325218568,3325218583,CA 3325218584,3325218591,IN 3325218592,3325218615,CA 3325218616,3325218623,BR -3325218624,3325218655,CA -3325218656,3325218663,TR +3325218624,3325218663,CA 3325218664,3325218667,US 3325218668,3325218671,CA 3325218672,3325218687,IT @@ -114462,9 +115415,7 @@ 3325219084,3325219087,BZ 3325219088,3325219091,CA 3325219092,3325219095,VE -3325219096,3325219247,CA -3325219248,3325219263,US -3325219264,3325219407,CA +3325219096,3325219407,CA 3325219408,3325219411,FR 3325219412,3325219415,CA 3325219416,3325219419,US @@ -114916,7 +115867,9 @@ 3325230104,3325230111,US 3325230112,3325230123,CA 3325230124,3325230127,CL -3325230128,3325230167,CA +3325230128,3325230135,CA +3325230136,3325230143,FR +3325230144,3325230167,CA 3325230168,3325230171,PK 3325230172,3325230175,US 3325230176,3325230319,CA @@ -115457,9 +116410,7 @@ 3331647232,3331647487,CA 3331647488,3331649279,US 3331649280,3331649535,CA -3331649536,3331818495,US -3331818496,3331818751,MX -3331818752,3331840111,US +3331649536,3331840111,US 3331840112,3331840115,CA 3331840116,3331853823,US 3331854080,3331868161,US @@ -115954,9 +116905,7 @@ 3337963968,3337964031,IN 3337964032,3337964671,US 3337964672,3337964735,IN -3337964736,3337965055,US -3337965056,3337965311,HK -3337965312,3337969663,US +3337964736,3337969663,US 3337969664,3337973759,PR 3337973760,3337977855,CA 3337977856,3337980671,US @@ -116540,7 +117489,9 @@ 3340926816,3340926823,GB 3340926824,3340926959,US 3340926960,3340926967,IL -3340926968,3341082623,US +3340926968,3341057023,US +3341057024,3341058047,CA +3341058048,3341082623,US 3341082624,3341084671,CA 3341084672,3341180927,US 3341180928,3341182975,CA @@ -119578,7 +120529,9 @@ 3357606912,3357607167,AR 3357607168,3357613055,MX 3357613056,3357613311,AR -3357613312,3357618943,MX +3357613312,3357616895,MX +3357616896,3357617151,US +3357617152,3357618943,MX 3357618944,3357619199,SV 3357619200,3357623039,MX 3357623040,3357623295,AR @@ -119947,7 +120900,15 @@ 3360403456,3360405503,BR 3360405504,3360407551,HN 3360407552,3360423935,PA -3360423936,3360534527,MX +3360423936,3360514047,MX +3360514048,3360516351,US +3360516352,3360516607,MX +3360516608,3360516863,US +3360516864,3360517119,MX +3360517120,3360517631,US +3360517632,3360518143,MX +3360518144,3360520191,US +3360520192,3360534527,MX 3360534528,3360536575,BR 3360536576,3360537599,CL 3360537600,3360538623,EC @@ -120448,7 +121409,13 @@ 3382704128,3382706175,BR 3382706176,3382853631,MX 3382853632,3382870015,BR -3382870016,3383701503,MX +3382870016,3382985727,MX +3382985728,3382985983,US +3382985984,3383033855,MX +3383033856,3383038975,US +3383038976,3383039487,MX +3383039488,3383042047,US +3383042048,3383701503,MX 3383701504,3383705599,BR 3383705600,3383754751,MX 3383754752,3384147967,AR @@ -120760,7 +121727,9 @@ 3389366272,3389374463,AU 3389374464,3389378559,MN 3389378560,3389381631,CN -3389381632,3389382655,JP +3389381632,3389382143,JP +3389382144,3389382399,AQ +3389382400,3389382655,JP 3389382656,3389390847,TW 3389390848,3389391359,HK 3389391360,3389391615,VN @@ -121954,7 +122923,6 @@ 3392926720,3392927231,IN 3392927232,3392927743,AU 3392927744,3392927999,IN -3392928000,3392928255,HK 3392928256,3392928767,TW 3392928768,3392929279,VN 3392929280,3392929535,PK @@ -122151,7 +123119,9 @@ 3393620992,3393621247,JP 3393621248,3393622015,AU 3393622016,3393626111,PK -3393626112,3393630207,HK +3393626112,3393629523,HK +3393629524,3393629525,MO +3393629526,3393630207,HK 3393630208,3393634303,JP 3393634304,3393638399,CN 3393638400,3393650687,JP @@ -122852,9 +123822,7 @@ 3397738496,3397742591,MY 3397742592,3397746687,JP 3397746688,3397763071,TH -3397763072,3397767679,SG -3397767680,3397768191,PH -3397768192,3397771263,SG +3397763072,3397771263,SG 3397771264,3397779455,TW 3397779456,3397781503,ID 3397781504,3397783551,BD @@ -123228,9 +124196,7 @@ 3399995392,3399999487,KR 3399999488,3400000475,JP 3400000476,3400000479,US -3400000480,3400002303,JP -3400002304,3400002367,HK -3400002368,3400003583,JP +3400000480,3400003583,JP 3400003584,3400005631,AU 3400005632,3400006143,JP 3400006400,3400007679,JP @@ -123383,9 +124349,7 @@ 3400648816,3400648831,HK 3400648832,3400649943,JP 3400649944,3400649951,HK -3400649952,3400650143,JP -3400650144,3400650159,HK -3400650160,3400650409,JP +3400649952,3400650409,JP 3400650410,3400650410,AU 3400650411,3400650751,JP 3400650752,3400654847,AU @@ -125225,7 +126189,9 @@ 3411058688,3411062783,AU 3411062784,3411064831,HK 3411064832,3411065087,BD -3411065088,3411085311,HK +3411065088,3411065855,HK +3411065856,3411066879,BD +3411066880,3411085311,HK 3411085312,3411086335,KR 3411086336,3411087359,JP 3411087360,3411091455,CN @@ -126691,7 +127657,9 @@ 3423311872,3423313151,VI 3423313152,3423313407,US 3423313408,3423313919,VI -3423313920,3423366479,US +3423313920,3423329567,US +3423329568,3423329599,IL +3423329600,3423366479,US 3423366480,3423366495,IT 3423366496,3423371263,US 3423371264,3423375359,ZA @@ -126712,7 +127680,11 @@ 3423533056,3423535103,AI 3423535104,3423543295,US 3423543296,3423545343,CA -3423545344,3423571967,US +3423545344,3423552767,US +3423552768,3423553023,GB +3423553024,3423553279,US +3423553280,3423553535,GB +3423553536,3423571967,US 3423571968,3423574015,PR 3423574016,3423579135,US 3423579136,3423580159,CA @@ -127491,7 +128463,9 @@ 3438542848,3438608383,CA 3438608384,3438610125,US 3438610126,3438610126,DE -3438610127,3438610408,US +3438610127,3438610325,US +3438610326,3438610326,GB +3438610327,3438610408,US 3438610409,3438610410,GB 3438610411,3438611455,US 3438611456,3438611711,GB @@ -127673,9 +128647,7 @@ 3450093056,3450093311,CH 3450093312,3450217215,US 3450217216,3450217471,LC -3450217472,3450253567,US -3450253568,3450253823,AU -3450253824,3450254079,US +3450217472,3450254079,US 3450254080,3450254335,CA 3450254336,3450272511,US 3450272512,3450272767,MX @@ -127789,7 +128761,9 @@ 3452174336,3452436479,US 3452436480,3452502015,CA 3452502016,3452506111,HK -3452506112,3452658431,US +3452506112,3452516095,US +3452516096,3452516351,PL +3452516352,3452658431,US 3452658432,3452658687,HK 3452658688,3452678143,US 3452678400,3452715007,US @@ -128769,19 +129743,15 @@ 3464175360,3464180735,CA 3464180736,3464200703,US 3464200704,3464200959,AU -3464200960,3464201215,NZ -3464201216,3464201471,JP -3464201472,3464201727,GR -3464201728,3464201983,EG -3464201984,3464202495,CA -3464202496,3464202751,FR -3464202752,3464203007,IT +3464200960,3464202239,US +3464202240,3464202495,CA +3464202496,3464203007,US 3464203008,3464203263,SE 3464203264,3464203519,DE 3464203520,3464204799,US 3464204800,3464205311,NL 3464205312,3464205567,SE -3464205568,3464205823,VE +3464205568,3464205823,US 3464205824,3464205951,AF 3464205952,3464206079,UZ 3464206080,3464206207,TJ @@ -128824,9 +129794,23 @@ 3464426752,3464429311,US 3464429312,3464429567,CA 3464429568,3464548351,US -3464548352,3464548607,AG -3464548608,3464548863,LC -3464548864,3464549119,KN +3464548352,3464548671,AG +3464548672,3464548679,LC +3464548680,3464548687,AG +3464548688,3464548695,LC +3464548696,3464548703,AG +3464548704,3464548711,LC +3464548712,3464548751,AG +3464548752,3464548767,LC +3464548768,3464548783,AG +3464548784,3464548787,LC +3464548788,3464548807,AG +3464548808,3464548815,LC +3464548816,3464548831,AG +3464548832,3464548839,LC +3464548840,3464548847,AG +3464548848,3464548855,LC +3464548856,3464549119,AG 3464549120,3464549375,VG 3464549376,3464549439,AG 3464549440,3464549503,MS @@ -129209,7 +130193,8 @@ 3469989888,3469990399,CA 3469990400,3470131199,US 3470131200,3470135295,AG -3470135296,3470137343,LC +3470135296,3470136319,LC +3470136320,3470137343,AG 3470137344,3470139391,VG 3470139392,3470153727,US 3470153728,3470153983,IN @@ -129727,8 +130712,8 @@ 3482779648,3482910719,US 3482910720,3482927103,CA 3482927104,3483025407,US -3483025408,3483029503,DE -3483029504,3483435007,US +3483025408,3483033599,DE +3483033600,3483435007,US 3483435008,3483533311,CA 3483533312,3483631615,US 3483631616,3483697151,CA @@ -130128,7 +131113,9 @@ 3487862016,3487875071,BM 3487875072,3487891455,US 3487891456,3487907839,CA -3487907840,3487969791,US +3487907840,3487913471,US +3487913472,3487913983,CA +3487913984,3487969791,US 3487969792,3487970047,KW 3487970048,3488014335,US 3488014336,3488022527,CA @@ -130455,7 +131442,9 @@ 3494655744,3494655759,GB 3494655760,3494660095,US 3494660096,3494661119,CA -3494661120,3494668287,US +3494661120,3494664191,US +3494664192,3494665215,CA +3494665216,3494668287,US 3494668288,3494670335,CA 3494670336,3494712319,US 3494712320,3494712575,CA @@ -131075,17 +132064,7 @@ 3509166080,3509215231,US 3509215232,3509223423,CA 3509223424,3509239807,US -3509239808,3509242879,NL -3509242880,3509243135,US -3509243136,3509244159,NL -3509244160,3509244415,US -3509244416,3509245231,NL -3509245232,3509245239,US -3509245240,3509245279,NL -3509245280,3509245295,US -3509245296,3509249279,NL -3509249280,3509249535,US -3509249536,3509256191,NL +3509239808,3509256191,NL 3509256192,3509305599,US 3509305600,3509305615,GB 3509305616,3509346303,US @@ -131202,9 +132181,7 @@ 3509583616,3509583871,CA 3509583872,3509731327,US 3509731328,3509739519,CA -3509739520,3509827583,US -3509827584,3509827591,SG -3509827592,3509828095,US +3509739520,3509828095,US 3509828096,3509828159,CA 3509828160,3509846015,US 3509846016,3509977087,CA @@ -131694,9 +132671,7 @@ 3518062592,3518066687,CA 3518066688,3518075647,US 3518075648,3518075903,AU -3518075904,3518076079,US -3518076080,3518076087,AU -3518076088,3518076671,US +3518075904,3518076671,US 3518076672,3518076927,PA 3518076928,3518374719,US 3518374720,3518374783,IN @@ -132145,7 +133120,9 @@ 3524827552,3524827615,JP 3524827616,3524828127,SG 3524828128,3524828159,JP -3524828160,3524828927,SG +3524828160,3524828415,SG +3524828416,3524828671,JP +3524828672,3524828927,SG 3524828928,3524829183,JP 3524829184,3524829439,SG 3524829440,3524829695,JP @@ -132237,14 +133214,15 @@ 3527004160,3527008255,ID 3527008256,3527016447,KR 3527016448,3527249919,TW -3527249920,3527254015,CN +3527249920,3527250943,CN +3527250944,3527251455,TW +3527251456,3527254015,CN 3527254016,3527933951,TW 3527933952,3528392703,CN 3528392704,3528396799,JP 3528396800,3528400895,AU 3528400896,3528404991,JP 3528404992,3528407039,NZ -3528407040,3528409087,AU 3528409088,3528425471,CN 3528441856,3528445951,JP 3528445952,3528450047,ID @@ -132411,7 +133389,7 @@ 3556990976,3556999167,UA 3556999168,3557007359,RU 3557007360,3557015551,IT -3557015552,3557023743,DE +3557015552,3557023743,LV 3557023744,3557031935,BE 3557031936,3557040127,IT 3557040128,3557048319,NO @@ -132468,7 +133446,7 @@ 3557339164,3557339164,BE 3557343232,3557351423,DE 3557351424,3557356543,RU -3557356544,3557357311,UA +3557356544,3557357311,NL 3557357312,3557359615,RU 3557359616,3557359991,JE 3557359992,3557359999,GB @@ -132633,8 +133611,8 @@ 3558260736,3558268927,UA 3558268928,3558275839,GI 3558275840,3558276095,HK -3558276096,3558276351,GI -3558276352,3558276863,GB +3558276096,3558276607,GI +3558276608,3558276863,GB 3558276864,3558277119,GI 3558277120,3558285951,GB 3558285952,3558286079,DE @@ -133639,13 +134617,11 @@ 3560943076,3560943079,ES 3560943080,3560943110,DE 3560943111,3560943111,ES -3560943112,3560943113,DE -3560943114,3560943115,ES +3560943112,3560943114,DE +3560943115,3560943115,ES 3560943116,3560943116,DK 3560943117,3560943117,IL -3560943118,3560943118,DE -3560943119,3560943119,IT -3560943120,3560943121,DE +3560943118,3560943121,DE 3560943122,3560943122,ES 3560943123,3560943125,DE 3560943126,3560943126,FR @@ -133663,7 +134639,7 @@ 3560943143,3560943145,HU 3560943146,3560943149,DE 3560943150,3560943150,ES -3560943151,3560943151,IT +3560943151,3560943151,DE 3560943152,3560943152,HU 3560943153,3560943154,DE 3560943155,3560943155,FR @@ -133684,7 +134660,7 @@ 3560943173,3560943173,BE 3560943174,3560943176,DE 3560943177,3560943177,CH -3560943178,3560943178,IT +3560943178,3560943178,DE 3560943179,3560943179,PL 3560943180,3560943180,GB 3560943181,3560943181,DE @@ -133742,15 +134718,15 @@ 3560943255,3560943255,GB 3560943256,3560943256,DE 3560943257,3560943257,ES -3560943258,3560943258,FR -3560943259,3560943259,DE +3560943258,3560943259,DE 3560943260,3560943260,ES 3560943261,3560943261,IE 3560943262,3560943262,DE 3560943263,3560943263,IT 3560943264,3560943264,CZ 3560943265,3560943267,DE -3560943268,3560943269,IT +3560943268,3560943268,IT +3560943269,3560943269,DE 3560943270,3560943270,GB 3560943271,3560943271,IT 3560943272,3560943272,ES @@ -133766,11 +134742,8 @@ 3560943284,3560943286,DE 3560943287,3560943287,NL 3560943288,3560943290,FR -3560943291,3560943292,IT -3560943293,3560943293,DE -3560943294,3560943294,IT -3560943295,3560943295,DE -3560943296,3560943296,RU +3560943291,3560943291,IT +3560943292,3560943296,DE 3560943297,3560943297,ES 3560943298,3560943298,FR 3560943299,3560943299,GB @@ -133779,18 +134752,16 @@ 3560943302,3560943302,ES 3560943303,3560943303,IT 3560943304,3560943304,FR -3560943305,3560943309,DE -3560943310,3560943311,IT +3560943305,3560943310,DE +3560943311,3560943311,IT 3560943312,3560943312,PL 3560943313,3560943313,DE 3560943314,3560943314,ES 3560943315,3560943315,IT -3560943316,3560943316,GB +3560943316,3560943316,DE 3560943317,3560943317,IT 3560943318,3560943318,CH -3560943319,3560943320,DE -3560943321,3560943321,GB -3560943322,3560943322,DE +3560943319,3560943322,DE 3560943323,3560943323,NL 3560943324,3560943324,DE 3560943325,3560943325,CH @@ -133806,7 +134777,7 @@ 3560943342,3560943342,ES 3560943343,3560943343,FR 3560943344,3560943344,NL -3560943345,3560943345,CH +3560943345,3560943345,DE 3560943346,3560943346,IT 3560943347,3560943347,ES 3560943348,3560943348,FR @@ -133820,19 +134791,18 @@ 3560943358,3560943358,BE 3560943359,3560943361,DE 3560943362,3560943362,GB -3560943363,3560943365,DE -3560943366,3560943367,IT +3560943363,3560943366,DE +3560943367,3560943367,IT 3560943368,3560943368,DE 3560943369,3560943369,GR -3560943370,3560943370,DE -3560943371,3560943371,AT +3560943370,3560943371,DE 3560943372,3560943372,FR 3560943373,3560943375,DE 3560943376,3560943376,ES 3560943377,3560943377,GB 3560943378,3560943378,DE -3560943379,3560943380,ES -3560943381,3560943383,DE +3560943379,3560943379,ES +3560943380,3560943383,DE 3560943384,3560943384,FR 3560943385,3560943385,ES 3560943386,3560943386,CH @@ -133843,7 +134813,7 @@ 3560943395,3560943395,NL 3560943396,3560943397,DE 3560943398,3560943398,BE -3560943399,3560943399,CH +3560943399,3560943399,DE 3560943400,3560943400,IT 3560943401,3560943401,DE 3560943402,3560943402,NL @@ -133872,9 +134842,7 @@ 3560943427,3560943427,FR 3560943428,3560943428,NO 3560943429,3560943430,NL -3560943431,3560943433,DE -3560943434,3560943434,SE -3560943435,3560943435,DE +3560943431,3560943435,DE 3560943436,3560943436,FR 3560943437,3560943437,ES 3560943438,3560943438,FR @@ -133883,8 +134851,7 @@ 3560943441,3560943441,DE 3560943442,3560943442,ES 3560943443,3560943443,BE -3560943444,3560943444,CH -3560943445,3560943446,DE +3560943444,3560943446,DE 3560943447,3560943447,GB 3560943448,3560943450,DE 3560943451,3560943451,PL @@ -133907,7 +134874,7 @@ 3560943472,3560943472,BE 3560943473,3560943473,AT 3560943474,3560943474,CH -3560943475,3560943475,ES +3560943475,3560943475,DE 3560943476,3560943476,BE 3560943477,3560943477,DE 3560943478,3560943478,IT @@ -133924,25 +134891,19 @@ 3560943493,3560943493,FR 3560943494,3560943494,GB 3560943495,3560943495,IT -3560943496,3560943500,DE -3560943501,3560943501,ES -3560943502,3560943510,DE +3560943496,3560943510,DE 3560943511,3560943511,IT 3560943512,3560943512,DE 3560943513,3560943513,LU 3560943514,3560943515,ES -3560943516,3560943517,DE -3560943518,3560943518,LU -3560943519,3560943519,DE +3560943516,3560943519,DE 3560943520,3560943520,DK 3560943521,3560943521,DE 3560943522,3560943522,GB 3560943523,3560943524,DE 3560943525,3560943525,NL 3560943526,3560943526,IT -3560943527,3560943527,DE -3560943528,3560943528,FR -3560943529,3560943529,DE +3560943527,3560943529,DE 3560943530,3560943530,CH 3560943531,3560943532,DE 3560943533,3560943533,HU @@ -133963,8 +134924,7 @@ 3560943549,3560943549,DE 3560943550,3560943550,HU 3560943551,3560943551,FR -3560943552,3560943552,IT -3560943553,3560943553,DE +3560943552,3560943553,DE 3560943554,3560943554,IS 3560943555,3560943555,FR 3560943556,3560943556,DE @@ -133973,9 +134933,7 @@ 3560943559,3560943559,GB 3560943560,3560943562,IT 3560943563,3560943563,HU -3560943564,3560943564,DE -3560943565,3560943565,GB -3560943566,3560943566,DE +3560943564,3560943566,DE 3560943567,3560943567,FR 3560943568,3560943568,GB 3560943569,3560943570,FR @@ -133995,8 +134953,7 @@ 3560943586,3560943586,ES 3560943587,3560943587,DE 3560943588,3560943588,IT -3560943589,3560943589,NL -3560943590,3560943590,DE +3560943589,3560943590,DE 3560943591,3560943591,AT 3560943592,3560943592,SK 3560943593,3560943593,PL @@ -134004,7 +134961,8 @@ 3560943595,3560943596,ES 3560943597,3560943599,DE 3560943600,3560943600,AT -3560943601,3560943602,IT +3560943601,3560943601,DE +3560943602,3560943602,IT 3560943603,3560943603,DE 3560943604,3560943604,ES 3560943605,3560943605,GB @@ -134027,24 +134985,21 @@ 3560943629,3560943629,IT 3560943630,3560943630,DE 3560943631,3560943631,HU -3560943632,3560943632,CH +3560943632,3560943632,DE 3560943633,3560943633,ES 3560943634,3560943634,FR -3560943635,3560943635,ES -3560943636,3560943636,DE +3560943635,3560943636,DE 3560943637,3560943637,PL 3560943638,3560943638,DE 3560943639,3560943639,ES 3560943640,3560943640,FR -3560943641,3560943641,DE -3560943642,3560943643,IT +3560943641,3560943642,DE +3560943643,3560943643,IT 3560943644,3560943644,DE 3560943645,3560943645,GB 3560943646,3560943646,DE 3560943647,3560943647,ES -3560943648,3560943648,DE -3560943649,3560943649,NL -3560943650,3560943651,DE +3560943648,3560943651,DE 3560943652,3560943652,AT 3560943653,3560943653,DE 3560943654,3560943654,IT @@ -134076,8 +135031,7 @@ 3560943687,3560943687,PT 3560943688,3560943688,DE 3560943689,3560943689,PT -3560943690,3560943690,IT -3560943691,3560943691,DE +3560943690,3560943691,DE 3560943692,3560943692,SE 3560943693,3560943693,DE 3560943694,3560943694,FR @@ -134109,12 +135063,9 @@ 3560943729,3560943729,DE 3560943730,3560943730,NL 3560943731,3560943731,IT -3560943732,3560943732,DE -3560943733,3560943733,NO -3560943734,3560943736,DE +3560943732,3560943736,DE 3560943737,3560943737,GR -3560943738,3560943738,PT -3560943739,3560943740,DE +3560943738,3560943740,DE 3560943741,3560943741,FR 3560943742,3560943742,DE 3560943743,3560943743,PL @@ -134149,9 +135100,7 @@ 3560943781,3560943781,ES 3560943782,3560943782,DE 3560943783,3560943783,BE -3560943784,3560943786,DE -3560943787,3560943787,ES -3560943788,3560943788,DE +3560943784,3560943788,DE 3560943789,3560943789,IT 3560943790,3560943790,DE 3560943791,3560943791,IT @@ -134159,12 +135108,10 @@ 3560943794,3560943794,FR 3560943795,3560943795,DE 3560943796,3560943796,IT -3560943797,3560943797,DE -3560943798,3560943798,DK -3560943799,3560943800,DE +3560943797,3560943800,DE 3560943801,3560943801,FR 3560943802,3560943802,IT -3560943803,3560943803,HU +3560943803,3560943803,DE 3560943804,3560943804,ES 3560943805,3560943805,DE 3560943806,3560943806,ES @@ -134172,9 +135119,7 @@ 3560943811,3560943811,ES 3560943812,3560943812,IT 3560943813,3560943813,CH -3560943814,3560943814,DE -3560943815,3560943815,IT -3560943816,3560943816,DE +3560943814,3560943816,DE 3560943817,3560943817,FR 3560943818,3560943818,PT 3560943819,3560943819,DE @@ -134186,19 +135131,18 @@ 3560943828,3560943828,ES 3560943829,3560943829,NL 3560943830,3560943830,DE -3560943831,3560943833,FR +3560943831,3560943831,FR +3560943832,3560943832,DE +3560943833,3560943833,FR 3560943834,3560943836,DE 3560943837,3560943837,CH -3560943838,3560943838,DE -3560943839,3560943839,NO -3560943840,3560943840,DE +3560943838,3560943840,DE 3560943841,3560943841,GB 3560943842,3560943842,DE 3560943843,3560943843,GB 3560943844,3560943844,BE 3560943845,3560943845,CZ -3560943846,3560943846,LU -3560943847,3560943847,CZ +3560943846,3560943847,DE 3560943848,3560943848,FR 3560943849,3560943849,DE 3560943850,3560943850,NL @@ -134208,8 +135152,7 @@ 3560943860,3560943860,GB 3560943861,3560943865,DE 3560943866,3560943866,BE -3560943867,3560943867,ES -3560943868,3560943868,DE +3560943867,3560943868,DE 3560943869,3560943869,LU 3560943870,3560943871,DE 3560943872,3560943875,BR @@ -134882,7 +135825,8 @@ 3561316352,3561324543,RU 3561324544,3561325567,IT 3561325568,3561326591,CH -3561326592,3561332735,IT +3561326592,3561328639,IT +3561328640,3561332735,US 3561332736,3561340927,AT 3561340928,3561357311,GB 3561357312,3561365503,DK @@ -135063,7 +136007,7 @@ 3562414080,3562422271,DE 3562422272,3562430463,IR 3562430464,3562431231,UA -3562431232,3562431487,BZ +3562431232,3562431487,RU 3562431488,3562438655,UA 3562438656,3562463231,DE 3562463232,3562471423,UA @@ -136221,13 +137165,13 @@ 3572346880,3572348927,DK 3572348928,3572350975,RS 3572350976,3572355071,SE -3572355072,3572356095,DK +3572355072,3572356095,CH 3572356096,3572357119,GB 3572357120,3572358143,NL 3572358144,3572360191,GB 3572360192,3572361215,ES 3572361216,3572362239,LT -3572362240,3572363263,DK +3572362240,3572363263,ES 3572363264,3572364287,RS 3572364288,3572365311,DE 3572365312,3572366335,DK @@ -136382,13 +137326,17 @@ 3575648224,3575648255,PT 3575648256,3575652991,FR 3575652992,3575653119,GB -3575653120,3575653759,FR +3575653120,3575653711,FR +3575653712,3575653727,ES +3575653728,3575653759,FR 3575653760,3575653887,ES 3575653888,3575655039,FR 3575655040,3575655103,ES 3575655104,3575655615,FR 3575655616,3575655623,IE -3575655624,3575656287,FR +3575655624,3575655863,FR +3575655864,3575655867,ES +3575655868,3575656287,FR 3575656288,3575656319,PT 3575656320,3575657087,FR 3575657088,3575657215,ES @@ -136402,7 +137350,8 @@ 3575659168,3575659183,FI 3575659184,3575659863,FR 3575659864,3575659867,GB -3575659868,3575660159,FR +3575659868,3575660155,FR +3575660156,3575660159,GB 3575660160,3575660223,ES 3575660224,3575660351,FR 3575660352,3575660415,PT @@ -136899,13 +137848,11 @@ 3580039168,3580039199,NL 3580039200,3580039231,AT 3580039232,3580100607,ES -3580100608,3580102143,LV -3580102144,3580103167,SE -3580103168,3580108799,LV +3580100608,3580108799,LV 3580108800,3580112895,SE 3580112896,3580116991,LV -3580116992,3580131327,SE -3580131328,3580134399,LV +3580116992,3580129279,SE +3580129280,3580134399,LV 3580134400,3580135423,SE 3580135424,3580135935,EE 3580135936,3580136447,SE @@ -136931,7 +137878,9 @@ 3580215296,3580217343,EE 3580217344,3580219391,SE 3580219392,3580221951,LV -3580221952,3580231935,SE +3580221952,3580223487,SE +3580223488,3580231679,LV +3580231680,3580231935,SE 3580231936,3580232191,LV 3580232192,3580232447,SE 3580232448,3580233215,LT @@ -136946,10 +137895,8 @@ 3580244992,3580246015,LT 3580246016,3580248063,LV 3580248064,3580254207,EE -3580254208,3580255231,LV -3580255232,3580258303,SE -3580258304,3580258559,LV -3580258560,3580260351,SE +3580254208,3580259327,LV +3580259328,3580260351,SE 3580260352,3580265471,AT 3580265472,3580265727,SE 3580265728,3580268543,EE @@ -137090,7 +138037,9 @@ 3582287872,3582296063,DE 3582296064,3582304255,GB 3582304256,3582312447,UA -3582312448,3582313855,JE +3582312448,3582313551,JE +3582313552,3582313559,GB +3582313560,3582313855,JE 3582313856,3582313871,GB 3582313872,3582320639,JE 3582320640,3582328831,CH @@ -137160,9 +138109,7 @@ 3582861312,3582869503,RU 3582869504,3582877695,NO 3582877696,3582885887,AT -3582885888,3582892031,TR -3582892032,3582892543,US -3582892544,3582894079,TR +3582885888,3582894079,TR 3582894080,3582902271,CH 3582902272,3582910463,RU 3582910464,3582916607,SI @@ -137690,9 +138637,7 @@ 3586544268,3586544271,DK 3586544272,3586544383,DE 3586544384,3586544511,DK -3586544512,3586547711,DE -3586547712,3586547967,NL -3586547968,3586555903,DE +3586544512,3586555903,DE 3586555904,3586572287,IT 3586572288,3586585215,RS 3586585216,3586585223,XK @@ -138011,9 +138956,13 @@ 3589341184,3589373951,PL 3589373952,3589390335,DE 3589390336,3589423103,RU -3589423104,3589430591,GB +3589423104,3589425011,GB +3589425012,3589425015,PT +3589425016,3589430591,GB 3589430592,3589430655,ES -3589430656,3589433343,GB +3589430656,3589431311,GB +3589431312,3589431327,PT +3589431328,3589433343,GB 3589433344,3589435391,IE 3589435392,3589435759,GB 3589435760,3589435763,ES @@ -138103,7 +139052,14 @@ 3590009264,3590009279,DE 3590009280,3590012927,GB 3590012928,3590029311,BE -3590029312,3590045695,FR +3590029312,3590032159,FR +3590032160,3590032175,ES +3590032176,3590032191,GB +3590032192,3590032271,FR +3590032272,3590032295,PT +3590032296,3590032319,FR +3590032320,3590032351,ES +3590032352,3590045695,FR 3590045696,3590062079,RU 3590062080,3590078463,DE 3590078464,3590094847,RU @@ -138772,7 +139728,9 @@ 3634053120,3634061311,CL 3634061312,3634094079,US 3634094080,3634098175,SE -3634098176,3634286079,US +3634098176,3634257919,US +3634257920,3634262015,SE +3634262016,3634286079,US 3634286080,3634286335,CA 3634286336,3634288895,US 3634288896,3634289151,CA @@ -138807,9 +139765,13 @@ 3635142656,3635146751,CA 3635146752,3635159039,US 3635159040,3635163135,CA -3635163136,3635171071,US +3635163136,3635167743,US +3635167744,3635167999,GB +3635168000,3635171071,US 3635171072,3635171327,CA -3635171328,3635314687,US +3635171328,3635187967,US +3635187968,3635188223,CN +3635188224,3635314687,US 3635314688,3635322879,CA 3635322880,3635466239,US 3635466240,3635470335,CA @@ -138965,9 +139927,7 @@ 3636822016,3636854783,CA 3636854784,3636887551,US 3636887552,3636895743,CA -3636895744,3636909055,US -3636909056,3636909311,CA -3636909312,3636914175,US +3636895744,3636914175,US 3636914176,3636914431,CA 3636914432,3636918527,US 3636918528,3636918783,CA @@ -139112,7 +140072,6 @@ 3639692288,3639704573,US 3639704574,3639704574,GB 3639704575,3639730175,US -3639730176,3639734271,CA 3639734272,3639736575,US 3639736576,3639736831,HK 3639736832,3639737343,US @@ -139381,8 +140340,10 @@ 3642036224,3642040319,HU 3642040320,3642048511,BY 3642048512,3642048767,IL -3642048768,3642049023,DE -3642049024,3642056703,GB +3642048768,3642049535,GB +3642049536,3642049791,SE +3642049792,3642050047,FI +3642050048,3642056703,GB 3642056704,3642060799,RU 3642060800,3642064895,KE 3642064896,3642068991,IT @@ -139527,12 +140488,10 @@ 3642535936,3642540031,IS 3642540032,3642544127,SE 3642544128,3642552319,RU -3642552320,3642553935,UA -3642553936,3642553936,RU +3642552320,3642553855,UA +3642553856,3642553936,RU 3642553937,3642553937,US -3642553938,3642553951,RU -3642553952,3642554111,UA -3642554112,3642554367,RU +3642553938,3642554367,RU 3642554368,3642554623,LT 3642554624,3642554720,UA 3642554721,3642554721,LV @@ -139897,7 +140856,8 @@ 3645763627,3645763627,AT 3645763628,3645763629,DE 3645763630,3645763631,NL -3645763632,3645763633,GB +3645763632,3645763632,GB +3645763633,3645763633,DE 3645763634,3645763634,NL 3645763635,3645763635,DE 3645763636,3645763636,AT @@ -139918,23 +140878,16 @@ 3645763655,3645763660,DE 3645763661,3645763662,FR 3645763663,3645763663,HU -3645763664,3645763665,DE -3645763666,3645763666,NL -3645763667,3645763670,DE +3645763664,3645763670,DE 3645763671,3645763671,FR 3645763672,3645763672,DE 3645763673,3645763673,BE 3645763674,3645763676,DE 3645763677,3645763678,HU 3645763679,3645763679,IT -3645763680,3645763680,DE -3645763681,3645763681,CH -3645763682,3645763682,DE -3645763683,3645763683,NO +3645763680,3645763683,DE 3645763684,3645763684,CH -3645763685,3645763685,NL -3645763686,3645763686,DE -3645763687,3645763687,ES +3645763685,3645763687,DE 3645763688,3645763690,NL 3645763691,3645763691,CH 3645763692,3645763692,DE @@ -139966,7 +140919,8 @@ 3645763724,3645763726,IT 3645763727,3645763727,NL 3645763728,3645763728,GR -3645763729,3645763730,IT +3645763729,3645763729,DE +3645763730,3645763730,IT 3645763731,3645763732,DE 3645763733,3645763733,FR 3645763734,3645763734,DE @@ -139975,16 +140929,16 @@ 3645763737,3645763737,DE 3645763738,3645763738,CH 3645763739,3645763740,ES -3645763741,3645763742,DE -3645763743,3645763743,IT -3645763744,3645763746,DE -3645763747,3645763752,NL -3645763753,3645763753,ES +3645763741,3645763746,DE +3645763747,3645763750,NL +3645763751,3645763751,DE +3645763752,3645763752,NL +3645763753,3645763753,DE 3645763754,3645763755,NL -3645763756,3645763756,DE -3645763757,3645763757,BE +3645763756,3645763757,DE 3645763758,3645763758,FR -3645763759,3645763760,NL +3645763759,3645763759,DE +3645763760,3645763760,NL 3645763761,3645763761,SE 3645763762,3645763762,ES 3645763763,3645763763,DE @@ -139995,14 +140949,11 @@ 3645763769,3645763769,FR 3645763770,3645763770,NL 3645763771,3645763771,GB -3645763772,3645763772,CH -3645763773,3645763773,DE +3645763772,3645763773,DE 3645763774,3645763774,NL 3645763775,3645763775,DE 3645763776,3645763776,NL -3645763777,3645763781,DE -3645763782,3645763782,NL -3645763783,3645763783,DE +3645763777,3645763783,DE 3645763784,3645763784,NL 3645763785,3645763785,DE 3645763786,3645763786,CH @@ -140142,8 +141093,7 @@ 3645763974,3645763974,GB 3645763975,3645763975,AT 3645763976,3645763976,IT -3645763977,3645763977,DE -3645763978,3645763978,NL +3645763977,3645763978,DE 3645763979,3645763979,IT 3645763980,3645763981,DE 3645763982,3645763982,IT @@ -140158,21 +141108,20 @@ 3645763995,3645763995,ES 3645763996,3645764000,DE 3645764001,3645764001,IT -3645764002,3645764008,DE -3645764009,3645764010,FR +3645764002,3645764009,DE +3645764010,3645764010,FR 3645764011,3645764012,DE 3645764013,3645764013,HU 3645764014,3645764015,GB 3645764016,3645764016,IT 3645764017,3645764017,GB -3645764018,3645764018,DE -3645764019,3645764019,NL +3645764018,3645764019,DE 3645764020,3645764020,IT 3645764021,3645764021,DE 3645764022,3645764022,ES 3645764023,3645764023,FR -3645764024,3645764026,ES -3645764027,3645764028,DE +3645764024,3645764025,ES +3645764026,3645764028,DE 3645764029,3645764029,ES 3645764030,3645764030,DE 3645764031,3645764031,NL @@ -140188,8 +141137,7 @@ 3645764043,3645764043,DE 3645764044,3645764044,ES 3645764045,3645764045,AE -3645764046,3645764046,ES -3645764047,3645764048,DE +3645764046,3645764048,DE 3645764049,3645764049,ES 3645764050,3645764051,DE 3645764052,3645764052,FR @@ -140981,7 +141929,9 @@ 3649372160,3649437695,IT 3649437696,3649470463,GB 3649470464,3649471487,SG -3649471488,3649472511,HK +3649471488,3649471999,HK +3649472000,3649472007,GB +3649472008,3649472511,HK 3649472512,3649512191,GB 3649512192,3649512447,FR 3649512448,3649568767,GB @@ -141359,9 +142309,7 @@ 3652096000,3652100095,BG 3652100096,3652108287,RU 3652108288,3652116479,FR -3652116480,3652119807,TM -3652119808,3652120063,RU -3652120064,3652120575,TM +3652116480,3652120575,TM 3652120576,3652124671,GB 3652124672,3652128767,UA 3652128768,3652136959,RU diff --git a/src/config/geoip6 b/src/config/geoip6 index 1f1430e4c6..6c1168418c 100644 --- a/src/config/geoip6 +++ b/src/config/geoip6 @@ -1,4 +1,4 @@ -# Last updated based on December 7 2016 Maxmind GeoLite2 Country +# Last updated based on January 4 2017 Maxmind GeoLite2 Country # wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz # gunzip GeoLite2-Country.mmdb.gz # python mmdb-convert.py GeoLite2-Country.mmdb @@ -274,7 +274,9 @@ 2001:470:7147:8000::,2001:470:7147:ffff:ffff:ffff:ffff:ffff,RU 2001:470:7148::,2001:470:7170:ffff:ffff:ffff:ffff:ffff,US 2001:470:7171::,2001:470:7171:ffff:ffff:ffff:ffff:ffff,DE -2001:470:7172::,2001:470:7286:ffff:ffff:ffff:ffff:ffff,US +2001:470:7172::,2001:470:7271:ffff:ffff:ffff:ffff:ffff,US +2001:470:7272::,2001:470:7272:ffff:ffff:ffff:ffff:ffff,DE +2001:470:7273::,2001:470:7286:ffff:ffff:ffff:ffff:ffff,US 2001:470:7287::,2001:470:7287:ffff:ffff:ffff:ffff:ffff,PL 2001:470:7288::,2001:470:7309:ffff:ffff:ffff:ffff:ffff,US 2001:470:730a::,2001:470:730a:7fff:ffff:ffff:ffff:ffff,DE @@ -619,7 +621,6 @@ 2001:678:e4::,2001:678:e4:ffff:ffff:ffff:ffff:ffff,SE 2001:678:e8::,2001:678:e8:ffff:ffff:ffff:ffff:ffff,CZ 2001:678:ec::,2001:678:ec:ffff:ffff:ffff:ffff:ffff,RU -2001:678:f0::,2001:678:f0:ffff:ffff:ffff:ffff:ffff,SE 2001:678:f4::,2001:678:f4:ffff:ffff:ffff:ffff:ffff,RU 2001:678:f8::,2001:678:f8:ffff:ffff:ffff:ffff:ffff,DE 2001:678:fc::,2001:678:fc:ffff:ffff:ffff:ffff:ffff,LT @@ -745,6 +746,30 @@ 2001:678:2e0::,2001:678:2e0:ffff:ffff:ffff:ffff:ffff,DE 2001:678:2e4::,2001:678:2e4:ffff:ffff:ffff:ffff:ffff,NL 2001:678:2e8::,2001:678:2e8:ffff:ffff:ffff:ffff:ffff,RU +2001:678:2ec::,2001:678:2ec:ffff:ffff:ffff:ffff:ffff,RU +2001:678:2f0::,2001:678:2f0:ffff:ffff:ffff:ffff:ffff,RU +2001:678:2f4::,2001:678:2f4:ffff:ffff:ffff:ffff:ffff,IL +2001:678:2f8::,2001:678:2f8:ffff:ffff:ffff:ffff:ffff,DE +2001:678:2fc::,2001:678:2fc:ffff:ffff:ffff:ffff:ffff,GB +2001:678:300::,2001:678:303:ffff:ffff:ffff:ffff:ffff,DE +2001:678:310::,2001:678:310:ffff:ffff:ffff:ffff:ffff,CH +2001:678:314::,2001:678:314:ffff:ffff:ffff:ffff:ffff,RO +2001:678:318::,2001:678:318:ffff:ffff:ffff:ffff:ffff,UA +2001:678:31c::,2001:678:31c:ffff:ffff:ffff:ffff:ffff,UA +2001:678:320::,2001:678:320:ffff:ffff:ffff:ffff:ffff,CZ +2001:678:324::,2001:678:324:ffff:ffff:ffff:ffff:ffff,LV +2001:678:328::,2001:678:328:ffff:ffff:ffff:ffff:ffff,CH +2001:678:32c::,2001:678:32c:ffff:ffff:ffff:ffff:ffff,GB +2001:678:330::,2001:678:330:ffff:ffff:ffff:ffff:ffff,SE +2001:678:334::,2001:678:334:ffff:ffff:ffff:ffff:ffff,UA +2001:678:338::,2001:678:338:ffff:ffff:ffff:ffff:ffff,DE +2001:678:33c::,2001:678:33c:ffff:ffff:ffff:ffff:ffff,DK +2001:678:340::,2001:678:340:ffff:ffff:ffff:ffff:ffff,DE +2001:678:344::,2001:678:344:ffff:ffff:ffff:ffff:ffff,RU +2001:678:348::,2001:678:348:ffff:ffff:ffff:ffff:ffff,NL +2001:678:34c::,2001:678:34c:ffff:ffff:ffff:ffff:ffff,US +2001:678:350::,2001:678:350:ffff:ffff:ffff:ffff:ffff,RU +2001:678:354::,2001:678:354:ffff:ffff:ffff:ffff:ffff,RU 2001:67c::,2001:67c::ffff:ffff:ffff:ffff:ffff,IE 2001:67c:4::,2001:67c:4:ffff:ffff:ffff:ffff:ffff,DE 2001:67c:8::,2001:67c:8:ffff:ffff:ffff:ffff:ffff,CH @@ -1041,7 +1066,6 @@ 2001:67c:4a0::,2001:67c:4a0:ffff:ffff:ffff:ffff:ffff,DE 2001:67c:4a4::,2001:67c:4a4:ffff:ffff:ffff:ffff:ffff,SE 2001:67c:4a8::,2001:67c:4a8:ffff:ffff:ffff:ffff:ffff,SI -2001:67c:4ac::,2001:67c:4ac:ffff:ffff:ffff:ffff:ffff,PL 2001:67c:4b0::,2001:67c:4b0:ffff:ffff:ffff:ffff:ffff,RU 2001:67c:4b4::,2001:67c:4b4:ffff:ffff:ffff:ffff:ffff,RU 2001:67c:4b8::,2001:67c:4b8:ffff:ffff:ffff:ffff:ffff,CH @@ -1413,6 +1437,7 @@ 2001:67c:130c::,2001:67c:130c:ffff:ffff:ffff:ffff:ffff,SE 2001:67c:1310::,2001:67c:1310:ffff:ffff:ffff:ffff:ffff,GB 2001:67c:1314::,2001:67c:1314:ffff:ffff:ffff:ffff:ffff,CZ +2001:67c:1318::,2001:67c:1318:ffff:ffff:ffff:ffff:ffff,PL 2001:67c:131c::,2001:67c:131c:ffff:ffff:ffff:ffff:ffff,RU 2001:67c:1320::,2001:67c:1320:ffff:ffff:ffff:ffff:ffff,DE 2001:67c:1324::,2001:67c:1324:ffff:ffff:ffff:ffff:ffff,UA @@ -1743,6 +1768,7 @@ 2001:67c:196c::,2001:67c:196c:ffff:ffff:ffff:ffff:ffff,DE 2001:67c:1970::,2001:67c:1970:ffff:ffff:ffff:ffff:ffff,RU 2001:67c:1974::,2001:67c:1974:ffff:ffff:ffff:ffff:ffff,AT +2001:67c:1978::,2001:67c:1978:ffff:ffff:ffff:ffff:ffff,DE 2001:67c:197c::,2001:67c:197c:ffff:ffff:ffff:ffff:ffff,NO 2001:67c:1980::,2001:67c:1980:ffff:ffff:ffff:ffff:ffff,FR 2001:67c:1984::,2001:67c:1984:ffff:ffff:ffff:ffff:ffff,BG @@ -1804,7 +1830,6 @@ 2001:67c:1b7c::,2001:67c:1b7c:ffff:ffff:ffff:ffff:ffff,RU 2001:67c:1b80::,2001:67c:1b80:ffff:ffff:ffff:ffff:ffff,RU 2001:67c:1b84::,2001:67c:1b84:ffff:ffff:ffff:ffff:ffff,DE -2001:67c:1b88::,2001:67c:1b88:ffff:ffff:ffff:ffff:ffff,CZ 2001:67c:1b8c::,2001:67c:1b8c:ffff:ffff:ffff:ffff:ffff,PL 2001:67c:1b90::,2001:67c:1b90:ffff:ffff:ffff:ffff:ffff,PL 2001:67c:1b94::,2001:67c:1b94:ffff:ffff:ffff:ffff:ffff,UA @@ -2383,7 +2408,6 @@ 2001:67c:28f8::,2001:67c:28f8:ffff:ffff:ffff:ffff:ffff,LT 2001:67c:28fc::,2001:67c:28fc:ffff:ffff:ffff:ffff:ffff,NL 2001:67c:2900::,2001:67c:291f:ffff:ffff:ffff:ffff:ffff,NL -2001:67c:2980::,2001:67c:2980:ffff:ffff:ffff:ffff:ffff,NL 2001:67c:2984::,2001:67c:2984:ffff:ffff:ffff:ffff:ffff,CH 2001:67c:2988::,2001:67c:2989:ffff:ffff:ffff:ffff:ffff,TR 2001:67c:2990::,2001:67c:2990:ffff:ffff:ffff:ffff:ffff,GB @@ -2525,7 +2549,6 @@ 2001:67c:2bd0::,2001:67c:2bd0:ffff:ffff:ffff:ffff:ffff,SE 2001:67c:2bd4::,2001:67c:2bd4:ffff:ffff:ffff:ffff:ffff,SE 2001:67c:2bd8::,2001:67c:2bd8:ffff:ffff:ffff:ffff:ffff,SE -2001:67c:2bdc::,2001:67c:2bdc:ffff:ffff:ffff:ffff:ffff,PL 2001:67c:2be0::,2001:67c:2be0:ffff:ffff:ffff:ffff:ffff,PL 2001:67c:2be4::,2001:67c:2be4:ffff:ffff:ffff:ffff:ffff,PL 2001:67c:2bec::,2001:67c:2bec:ffff:ffff:ffff:ffff:ffff,PL @@ -3013,6 +3036,7 @@ 2001:7fa:10::,2001:7fa:10:ffff:ffff:ffff:ffff:ffff,CN 2001:7fa:11::,2001:7fa:11:ffff:ffff:ffff:ffff:ffff,AU 2001:7fc::,2001:7fc:1:ffff:ffff:ffff:ffff:ffff,DE +2001:7fc:3::,2001:7fc:3:ffff:ffff:ffff:ffff:ffff,SE 2001:7fe::,2001:7fe:ffff:ffff:ffff:ffff:ffff:ffff,SE 2001:808::,2001:80f:ffff:ffff:ffff:ffff:ffff:ffff,PL 2001:810::,2001:810:ffff:ffff:ffff:ffff:ffff:ffff,FR @@ -3858,7 +3882,7 @@ 2001:df1:a800::,2001:df1:a800:ffff:ffff:ffff:ffff:ffff,SG 2001:df1:aa00::,2001:df1:aa00:ffff:ffff:ffff:ffff:ffff,ID 2001:df1:ac00::,2001:df1:ac00:ffff:ffff:ffff:ffff:ffff,HK -2001:df1:ae00::,2001:df1:ae00:ffff:ffff:ffff:ffff:ffff,AU +2001:df1:ae00::,2001:df1:ae01:ffff:ffff:ffff:ffff:ffff,AU 2001:df1:b000::,2001:df1:b000:ffff:ffff:ffff:ffff:ffff,TH 2001:df1:b200::,2001:df1:b200:ffff:ffff:ffff:ffff:ffff,HK 2001:df1:b400::,2001:df1:b400:ffff:ffff:ffff:ffff:ffff,AU @@ -4328,7 +4352,6 @@ 2001:df5:7800::,2001:df5:7800:ffff:ffff:ffff:ffff:ffff,CN 2001:df5:7a00::,2001:df5:7a00:ffff:ffff:ffff:ffff:ffff,SG 2001:df5:7c00::,2001:df5:7c00:ffff:ffff:ffff:ffff:ffff,IN -2001:df5:7e00::,2001:df5:7e00:ffff:ffff:ffff:ffff:ffff,BD 2001:df5:8000::,2001:df5:8000:ffff:ffff:ffff:ffff:ffff,SG 2001:df5:8200::,2001:df5:8200:ffff:ffff:ffff:ffff:ffff,AU 2001:df5:8400::,2001:df5:8400:ffff:ffff:ffff:ffff:ffff,SG @@ -4454,6 +4477,7 @@ 2001:df6:8000::,2001:df6:8000:ffff:ffff:ffff:ffff:ffff,JP 2001:df6:8200::,2001:df6:8200:ffff:ffff:ffff:ffff:ffff,AU 2001:df6:8400::,2001:df6:8400:ffff:ffff:ffff:ffff:ffff,AU +2001:df6:8600::,2001:df6:8600:ffff:ffff:ffff:ffff:ffff,NZ 2001:df6:8800::,2001:df6:8800:ffff:ffff:ffff:ffff:ffff,AU 2001:df6:8a00::,2001:df6:8a00:ffff:ffff:ffff:ffff:ffff,ID 2001:df6:8c00::,2001:df6:8c00:ffff:ffff:ffff:ffff:ffff,TH @@ -4465,7 +4489,7 @@ 2001:df6:9800::,2001:df6:9800:ffff:ffff:ffff:ffff:ffff,AU 2001:df6:9a00::,2001:df6:9a00:ffff:ffff:ffff:ffff:ffff,TH 2001:df6:9c00::,2001:df6:9c00:ffff:ffff:ffff:ffff:ffff,TH -2001:df6:9e00::,2001:df6:9e00:ffff:ffff:ffff:ffff:ffff,IN +2001:df6:9e00::,2001:df6:9e01:ffff:ffff:ffff:ffff:ffff,IN 2001:df6:a000::,2001:df6:a000:ffff:ffff:ffff:ffff:ffff,JP 2001:df6:a200::,2001:df6:a200:ffff:ffff:ffff:ffff:ffff,BD 2001:df6:a400::,2001:df6:a400:ffff:ffff:ffff:ffff:ffff,SG @@ -4519,36 +4543,69 @@ 2001:df7:800::,2001:df7:800:ffff:ffff:ffff:ffff:ffff,IN 2001:df7:a00::,2001:df7:a00:ffff:ffff:ffff:ffff:ffff,ID 2001:df7:c00::,2001:df7:c00:ffff:ffff:ffff:ffff:ffff,TW +2001:df7:e00::,2001:df7:e00:ffff:ffff:ffff:ffff:ffff,NZ 2001:df7:1000::,2001:df7:1000:ffff:ffff:ffff:ffff:ffff,IN +2001:df7:1200::,2001:df7:1200:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:1400::,2001:df7:1400:ffff:ffff:ffff:ffff:ffff,AU +2001:df7:1600::,2001:df7:1600:ffff:ffff:ffff:ffff:ffff,HK +2001:df7:1a00::,2001:df7:1a00:ffff:ffff:ffff:ffff:ffff,ID 2001:df7:1c00::,2001:df7:1c00:ffff:ffff:ffff:ffff:ffff,ID +2001:df7:1e00::,2001:df7:1e00:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:2000::,2001:df7:2000:ffff:ffff:ffff:ffff:ffff,AU +2001:df7:2200::,2001:df7:2200:ffff:ffff:ffff:ffff:ffff,TH 2001:df7:2400::,2001:df7:2400:ffff:ffff:ffff:ffff:ffff,AU +2001:df7:2600::,2001:df7:2600:ffff:ffff:ffff:ffff:ffff,HK 2001:df7:2800::,2001:df7:2800:ffff:ffff:ffff:ffff:ffff,AU +2001:df7:2a00::,2001:df7:2a00:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:2c00::,2001:df7:2c00:ffff:ffff:ffff:ffff:ffff,IN +2001:df7:2e00::,2001:df7:2e00:ffff:ffff:ffff:ffff:ffff,IN 2001:df7:3000::,2001:df7:3001:ffff:ffff:ffff:ffff:ffff,NZ +2001:df7:3200::,2001:df7:3200:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:3400::,2001:df7:3400:ffff:ffff:ffff:ffff:ffff,ID +2001:df7:3600::,2001:df7:3600:ffff:ffff:ffff:ffff:ffff,ID 2001:df7:3800::,2001:df7:3800:ffff:ffff:ffff:ffff:ffff,AU +2001:df7:3a00::,2001:df7:3a00:ffff:ffff:ffff:ffff:ffff,BD 2001:df7:3c00::,2001:df7:3c00:ffff:ffff:ffff:ffff:ffff,ID +2001:df7:3e00::,2001:df7:3e00:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:4000::,2001:df7:4000:ffff:ffff:ffff:ffff:ffff,SG +2001:df7:4200::,2001:df7:4200:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:4400::,2001:df7:4400:ffff:ffff:ffff:ffff:ffff,IN +2001:df7:4600::,2001:df7:4600:ffff:ffff:ffff:ffff:ffff,IN 2001:df7:4800::,2001:df7:481f:ffff:ffff:ffff:ffff:ffff,JP +2001:df7:4a00::,2001:df7:4a00:ffff:ffff:ffff:ffff:ffff,IN 2001:df7:4c00::,2001:df7:4c00:ffff:ffff:ffff:ffff:ffff,IN +2001:df7:4e00::,2001:df7:4e00:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:5000::,2001:df7:5000:ffff:ffff:ffff:ffff:ffff,IN +2001:df7:5200::,2001:df7:5200:ffff:ffff:ffff:ffff:ffff,NP 2001:df7:5400::,2001:df7:5400:ffff:ffff:ffff:ffff:ffff,ID +2001:df7:5600::,2001:df7:5600:ffff:ffff:ffff:ffff:ffff,JP +2001:df7:5a00::,2001:df7:5a00:ffff:ffff:ffff:ffff:ffff,ID 2001:df7:5c00::,2001:df7:5c00:ffff:ffff:ffff:ffff:ffff,HK +2001:df7:5e00::,2001:df7:5e00:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:6000::,2001:df7:6000:ffff:ffff:ffff:ffff:ffff,IN +2001:df7:6200::,2001:df7:6200:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:6400::,2001:df7:6400:ffff:ffff:ffff:ffff:ffff,MY +2001:df7:6600::,2001:df7:6600:ffff:ffff:ffff:ffff:ffff,CN 2001:df7:6800::,2001:df7:6800:ffff:ffff:ffff:ffff:ffff,IN +2001:df7:6a00::,2001:df7:6a00:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:6c00::,2001:df7:6c00:ffff:ffff:ffff:ffff:ffff,ID +2001:df7:6e00::,2001:df7:6e00:ffff:ffff:ffff:ffff:ffff,IN 2001:df7:7000::,2001:df7:7000:ffff:ffff:ffff:ffff:ffff,HK +2001:df7:7200::,2001:df7:7200:ffff:ffff:ffff:ffff:ffff,ID 2001:df7:7400::,2001:df7:7400:ffff:ffff:ffff:ffff:ffff,ID +2001:df7:7600::,2001:df7:7600:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:7800::,2001:df7:7800:ffff:ffff:ffff:ffff:ffff,JP +2001:df7:7a00::,2001:df7:7a00:ffff:ffff:ffff:ffff:ffff,ID 2001:df7:7c00::,2001:df7:7c00:ffff:ffff:ffff:ffff:ffff,TH +2001:df7:7e00::,2001:df7:7e00:ffff:ffff:ffff:ffff:ffff,IN +2001:df7:8200::,2001:df7:8200:ffff:ffff:ffff:ffff:ffff,ID 2001:df7:8400::,2001:df7:8401:ffff:ffff:ffff:ffff:ffff,IN +2001:df7:8600::,2001:df7:8600:ffff:ffff:ffff:ffff:ffff,ID 2001:df7:8800::,2001:df7:8800:ffff:ffff:ffff:ffff:ffff,ID +2001:df7:8a00::,2001:df7:8a00:ffff:ffff:ffff:ffff:ffff,IN 2001:df7:8c00::,2001:df7:8c00:ffff:ffff:ffff:ffff:ffff,MM -2001:df7:9400::,2001:df7:9400:ffff:ffff:ffff:ffff:ffff,HK +2001:df7:8e00::,2001:df7:8e00:ffff:ffff:ffff:ffff:ffff,ID +2001:df7:9400::,2001:df7:9400:ffff:ffff:ffff:ffff:ffff,US 2001:df7:9800::,2001:df7:9800:ffff:ffff:ffff:ffff:ffff,NZ 2001:df7:9c00::,2001:df7:9c00:ffff:ffff:ffff:ffff:ffff,AU 2001:df7:a000::,2001:df7:a000:ffff:ffff:ffff:ffff:ffff,AU @@ -5130,7 +5187,9 @@ 2001:41d0:a:7e09::,2001:41d0:a:7e09:ffff:ffff:ffff:ffff,PT 2001:41d0:a:7e0a::,2001:41d0:129:9bff:ffff:ffff:ffff:ffff,FR 2001:41d0:129:9c00::,2001:41d0:129:9cff:ffff:ffff:ffff:ffff,NL -2001:41d0:129:9d00::,2001:41d0:ffff:ffff:ffff:ffff:ffff:ffff,FR +2001:41d0:129:9d00::,2001:41d0:1000:171a:ffff:ffff:ffff:ffff,FR +2001:41d0:1000:171b::,2001:41d0:1000:171b:ffff:ffff:ffff:ffff,DE +2001:41d0:1000:171c::,2001:41d0:ffff:ffff:ffff:ffff:ffff:ffff,FR 2001:41d8::,2001:41d8:ffff:ffff:ffff:ffff:ffff:ffff,CZ 2001:41e0::,2001:41e0:ffff:ffff:ffff:ffff:ffff:ffff,CH 2001:41e8::,2001:41e8:ffff:ffff:ffff:ffff:ffff:ffff,GB @@ -5334,6 +5393,11 @@ 2001:43f8:c40::,2001:43f8:c40:ffff:ffff:ffff:ffff:ffff,KE 2001:43f8:c50::,2001:43f8:c50:ffff:ffff:ffff:ffff:ffff,EG 2001:43f8:c60::,2001:43f8:c61:ffff:ffff:ffff:ffff:ffff,GN +2001:43f8:c70::,2001:43f8:c70:ffff:ffff:ffff:ffff:ffff,ZA +2001:43f8:c80::,2001:43f8:c80:ffff:ffff:ffff:ffff:ffff,ZA +2001:43f8:c90::,2001:43f8:c90:ffff:ffff:ffff:ffff:ffff,ZA +2001:43f8:ca0::,2001:43f8:ca0:ffff:ffff:ffff:ffff:ffff,CI +2001:43f8:cb0::,2001:43f8:cb0:ffff:ffff:ffff:ffff:ffff,KE 2001:43f8:e00::,2001:43f8:eff:ffff:ffff:ffff:ffff:ffff,MU 2001:4400::,2001:4403:ffff:ffff:ffff:ffff:ffff:ffff,NZ 2001:4408::,2001:4408:ffff:ffff:ffff:ffff:ffff:ffff,IN @@ -5659,7 +5723,6 @@ 2001:4d80::,2001:4d80:ffff:ffff:ffff:ffff:ffff:ffff,RO 2001:4d88::,2001:4d8f:ffff:ffff:ffff:ffff:ffff:ffff,DE 2001:4d98::,2001:4d98:ffff:ffff:ffff:ffff:ffff:ffff,CH -2001:4da0::,2001:4da7:ffff:ffff:ffff:ffff:ffff:ffff,CH 2001:4da8::,2001:4da8:ffff:ffff:ffff:ffff:ffff:ffff,NO 2001:4db0::,2001:4db0:ffff:ffff:ffff:ffff:ffff:ffff,GB 2001:4db8::,2001:4db8:ffff:ffff:ffff:ffff:ffff:ffff,SE @@ -5885,28 +5948,52 @@ 2400:5880::,2400:5880:ffff:ffff:ffff:ffff:ffff:ffff,MY 2400:58c0::,2400:58c0:ffff:ffff:ffff:ffff:ffff:ffff,IN 2400:5900::,2400:5900:ffff:ffff:ffff:ffff:ffff:ffff,NZ +2400:5940::,2400:5940:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:59c0::,2400:59c0:ffff:ffff:ffff:ffff:ffff:ffff,TH 2400:5a00::,2400:5a00:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:5a40::,2400:5a40:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:5a80::,2400:5a80:ffff:ffff:ffff:ffff:ffff:ffff,BD +2400:5ac0::,2400:5ac0:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:5b40::,2400:5b40:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:5b80::,2400:5b80:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:5bc0::,2400:5bc0:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:5c40::,2400:5c40:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:5c80::,2400:5c80:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:5cc0::,2400:5cc0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:5d00::,2400:5d00:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:5d40::,2400:5d40:ffff:ffff:ffff:ffff:ffff:ffff,BD 2400:5d80::,2400:5d80:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:5dc0::,2400:5dc0:ffff:ffff:ffff:ffff:ffff:ffff,AU 2400:5e00::,2400:5e00:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:5e40::,2400:5e40:ffff:ffff:ffff:ffff:ffff:ffff,HK 2400:5e80::,2400:5e80:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:5ec0::,2400:5ec0:ffff:ffff:ffff:ffff:ffff:ffff,ID 2400:5f00::,2400:5f00:ffff:ffff:ffff:ffff:ffff:ffff,PF +2400:5f40::,2400:5f40:ffff:ffff:ffff:ffff:ffff:ffff,MM 2400:5f80::,2400:5f80:ffff:ffff:ffff:ffff:ffff:ffff,HK +2400:5fc0::,2400:5fc0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6000::,2400:6000:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:6040::,2400:6040:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6080::,2400:6080:ffff:ffff:ffff:ffff:ffff:ffff,NZ +2400:60c0::,2400:60c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6100::,2400:6100:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:6140::,2400:6140:ffff:ffff:ffff:ffff:ffff:ffff,AU 2400:6180::,2400:6180:ff:ffff:ffff:ffff:ffff:ffff,SG 2400:6180:100::,2400:6180:100:7fff:ffff:ffff:ffff:ffff,IN 2400:6180:100:8000::,2400:6180:ffff:ffff:ffff:ffff:ffff:ffff,SG +2400:61c0::,2400:61c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6200::,2400:6200:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:6240::,2400:6240:ffff:ffff:ffff:ffff:ffff:ffff,ID 2400:6280::,2400:6280:ffff:ffff:ffff:ffff:ffff:ffff,TH +2400:62c0::,2400:62c0:ffff:ffff:ffff:ffff:ffff:ffff,MM 2400:6300::,2400:6300:ffff:ffff:ffff:ffff:ffff:ffff,IN +2400:6340::,2400:6340:ffff:ffff:ffff:ffff:ffff:ffff,MM 2400:6380::,2400:6380:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:63c0::,2400:63c0:ffff:ffff:ffff:ffff:ffff:ffff,IN 2400:6400::,2400:6400:ffff:ffff:ffff:ffff:ffff:ffff,TO +2400:6440::,2400:6440:ffff:ffff:ffff:ffff:ffff:ffff,MM 2400:6480::,2400:6480:ffff:ffff:ffff:ffff:ffff:ffff,IN +2400:64c0::,2400:64c0:ffff:ffff:ffff:ffff:ffff:ffff,ID 2400:6500::,2400:6500::70ff:ffff:ffff:ffff:ffff,SG 2400:6500:0:7100::,2400:6500::71ff:ffff:ffff:ffff:ffff,JP 2400:6500:0:7200::,2400:6500::72ff:ffff:ffff:ffff:ffff,AU @@ -5916,74 +6003,142 @@ 2400:6500:0:7600::,2400:6500:100:70ff:ffff:ffff:ffff:ffff,SG 2400:6500:100:7100::,2400:6500:100:71ff:ffff:ffff:ffff:ffff,CN 2400:6500:100:7200::,2400:6500:ffff:ffff:ffff:ffff:ffff:ffff,SG +2400:6540::,2400:6540:ffff:ffff:ffff:ffff:ffff:ffff,VN 2400:6580::,2400:6580:ffff:ffff:ffff:ffff:ffff:ffff,IN +2400:65c0::,2400:65c0:ffff:ffff:ffff:ffff:ffff:ffff,IN 2400:6600::,2400:6600:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:6640::,2400:6640:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6680::,2400:6680:ffff:ffff:ffff:ffff:ffff:ffff,SG +2400:66c0::,2400:66c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6700::,2400:6700:ffff:ffff:ffff:ffff:ffff:ffff,JP +2400:6740::,2400:6740:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6780::,2400:6780:ffff:ffff:ffff:ffff:ffff:ffff,SG +2400:67c0::,2400:67c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6800::,2400:6800:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:6840::,2400:6840:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6880::,2400:6880:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:68c0::,2400:68c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6900::,2400:6900:ffff:ffff:ffff:ffff:ffff:ffff,NZ +2400:6940::,2400:6940:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6980::,2400:6980:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:69c0::,2400:69c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6a00::,2400:6a00:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:6a40::,2400:6a40:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6a80::,2400:6a80:ffff:ffff:ffff:ffff:ffff:ffff,PH +2400:6ac0::,2400:6ac0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6b00::,2400:6b00:ffff:ffff:ffff:ffff:ffff:ffff,JP +2400:6b40::,2400:6b40:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6b80::,2400:6b80:ffff:ffff:ffff:ffff:ffff:ffff,IN +2400:6bc0::,2400:6bc0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6c00::,2400:6c00:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:6c40::,2400:6c40:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6c80::,2400:6c80:ffff:ffff:ffff:ffff:ffff:ffff,HK +2400:6cc0::,2400:6cc0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6d00::,2400:6d00:ffff:ffff:ffff:ffff:ffff:ffff,FJ +2400:6d40::,2400:6d40:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6d80::,2400:6d80:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:6dc0::,2400:6dc0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6e00::,2400:6e00:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:6e40::,2400:6e40:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6e80::,2400:6e80:ffff:ffff:ffff:ffff:ffff:ffff,MY +2400:6ec0::,2400:6ec0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6f00::,2400:6f00:ffff:ffff:ffff:ffff:ffff:ffff,JP +2400:6f40::,2400:6f40:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:6f80::,2400:6f80:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:6fc0::,2400:6fc0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7000::,2400:7000:ffff:ffff:ffff:ffff:ffff:ffff,TW +2400:7040::,2400:7040:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7080::,2400:7080:ffff:ffff:ffff:ffff:ffff:ffff,NP +2400:70c0::,2400:70c0:ffff:ffff:ffff:ffff:ffff:ffff,AU 2400:7100::,2400:7100:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:7140::,2400:7140:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7180::,2400:7180:ffff:ffff:ffff:ffff:ffff:ffff,NZ +2400:71c0::,2400:71c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7200::,2400:7200:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:7240::,2400:7240:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:72c0::,2400:72c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7300::,2400:7300:ffff:ffff:ffff:ffff:ffff:ffff,HK +2400:7340::,2400:7340:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7380::,2400:7380:ffff:ffff:ffff:ffff:ffff:ffff,NZ +2400:73c0::,2400:73c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7400::,2400:7400:ffff:ffff:ffff:ffff:ffff:ffff,MY +2400:7440::,2400:7440:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7480::,2400:7480:ffff:ffff:ffff:ffff:ffff:ffff,MN +2400:74c0::,2400:74c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7500::,2400:7500:ffff:ffff:ffff:ffff:ffff:ffff,ID +2400:7540::,2400:7540:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:75c0::,2400:75c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7600::,2400:7600:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:7640::,2400:7640:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7680::,2400:7680:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:76c0::,2400:76c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7700::,2400:7700:ffff:ffff:ffff:ffff:ffff:ffff,NZ +2400:7740::,2400:7740:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7780::,2400:7780:ffff:ffff:ffff:ffff:ffff:ffff,IN +2400:77c0::,2400:77c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7800::,2400:7800:ffff:ffff:ffff:ffff:ffff:ffff,JP +2400:7840::,2400:7840:ffff:ffff:ffff:ffff:ffff:ffff,SE 2400:7880::,2400:7880:ffff:ffff:ffff:ffff:ffff:ffff,NZ +2400:78c0::,2400:78c0:ffff:ffff:ffff:ffff:ffff:ffff,ID 2400:7900::,2400:7900:ffff:ffff:ffff:ffff:ffff:ffff,IN +2400:7940::,2400:7940:ffff:ffff:ffff:ffff:ffff:ffff,JP 2400:7980::,2400:7980:ffff:ffff:ffff:ffff:ffff:ffff,SG +2400:79c0::,2400:79c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7a00::,2400:7a00:ffff:ffff:ffff:ffff:ffff:ffff,HK +2400:7a40::,2400:7a40:ffff:ffff:ffff:ffff:ffff:ffff,AU 2400:7a80::,2400:7a80:ffff:ffff:ffff:ffff:ffff:ffff,HK +2400:7ac0::,2400:7ac0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7b00::,2400:7b00:ffff:ffff:ffff:ffff:ffff:ffff,JP +2400:7b40::,2400:7b40:ffff:ffff:ffff:ffff:ffff:ffff,BD 2400:7b80::,2400:7b83:ffff:ffff:ffff:ffff:ffff:ffff,TH +2400:7bc0::,2400:7bc0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:7c00::,2400:7c00:ffff:ffff:ffff:ffff:ffff:ffff,MY +2400:7c40::,2400:7c40:ffff:ffff:ffff:ffff:ffff:ffff,BD 2400:7c80::,2400:7c80:ffff:ffff:ffff:ffff:ffff:ffff,IN +2400:7cc0::,2400:7cc0:ffff:ffff:ffff:ffff:ffff:ffff,BD 2400:7d00::,2400:7d00:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:7d40::,2400:7d40:ffff:ffff:ffff:ffff:ffff:ffff,BD 2400:7d80::,2400:7d80:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:7dc0::,2400:7dc0:ffff:ffff:ffff:ffff:ffff:ffff,ID 2400:7e00::,2400:7e00:ffff:ffff:ffff:ffff:ffff:ffff,JP +2400:7e40::,2400:7e40:ffff:ffff:ffff:ffff:ffff:ffff,HK 2400:7e80::,2400:7e80:ffff:ffff:ffff:ffff:ffff:ffff,SG +2400:7ec0::,2400:7ec0:ffff:ffff:ffff:ffff:ffff:ffff,GB 2400:7f00::,2400:7f00:ffff:ffff:ffff:ffff:ffff:ffff,AU 2400:7f80::,2400:7f80:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:7fc0::,2400:7fc0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:8000::,2400:8000:ffff:ffff:ffff:ffff:ffff:ffff,ID +2400:8040::,2400:8040:ffff:ffff:ffff:ffff:ffff:ffff,JP 2400:8080::,2400:8080:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:80c0::,2400:80c0:ffff:ffff:ffff:ffff:ffff:ffff,IN 2400:8100::,2400:8100:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:8140::,2400:8140:ffff:ffff:ffff:ffff:ffff:ffff,ID 2400:8180::,2400:8180:ffff:ffff:ffff:ffff:ffff:ffff,IN +2400:81c0::,2400:81c0:ffff:ffff:ffff:ffff:ffff:ffff,LA 2400:8200::,2400:8200:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:8240::,2400:8240:ffff:ffff:ffff:ffff:ffff:ffff,SG 2400:8280::,2400:8280:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:82c0::,2400:82c0:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:8300::,2400:8300:ffff:ffff:ffff:ffff:ffff:ffff,JP +2400:8340::,2400:8340:ffff:ffff:ffff:ffff:ffff:ffff,AU 2400:8380::,2400:8380:ffff:ffff:ffff:ffff:ffff:ffff,AU +2400:83c0::,2400:83c0:ffff:ffff:ffff:ffff:ffff:ffff,GB 2400:8400::,2400:8400:ffff:ffff:ffff:ffff:ffff:ffff,JP +2400:8440::,2400:8440:ffff:ffff:ffff:ffff:ffff:ffff,AU 2400:8480::,2400:8480:ffff:ffff:ffff:ffff:ffff:ffff,MM +2400:84c0::,2400:84c0:ffff:ffff:ffff:ffff:ffff:ffff,HK 2400:8500::,2400:8500:24ff:ffff:ffff:ffff:ffff:ffff,JP 2400:8500:2500::,2400:8500:2500:7fff:ffff:ffff:ffff:ffff,US 2400:8500:2500:8000::,2400:8500:ffff:ffff:ffff:ffff:ffff:ffff,JP +2400:8540::,2400:8540:ffff:ffff:ffff:ffff:ffff:ffff,HK 2400:8580::,2400:8580:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:85c0::,2400:85c0:ffff:ffff:ffff:ffff:ffff:ffff,IN 2400:8600::,2400:8600:ffff:ffff:ffff:ffff:ffff:ffff,CN +2400:8640::,2400:8640:ffff:ffff:ffff:ffff:ffff:ffff,HK 2400:8680::,2400:8680:ffff:ffff:ffff:ffff:ffff:ffff,HK +2400:86c0::,2400:86c0:ffff:ffff:ffff:ffff:ffff:ffff,BD 2400:8700::,2400:8700:ffff:ffff:ffff:ffff:ffff:ffff,JP +2400:8740::,2400:8740:ffff:ffff:ffff:ffff:ffff:ffff,IN 2400:8780::,2400:8780:ffff:ffff:ffff:ffff:ffff:ffff,CN 2400:8800::,2400:8800:ffff:ffff:ffff:ffff:ffff:ffff,HK 2400:8880::,2400:8880:ffff:ffff:ffff:ffff:ffff:ffff,IN @@ -6262,6 +6417,7 @@ 2400:f080::,2400:f080:ffff:ffff:ffff:ffff:ffff:ffff,IN 2400:f100::,2400:f100:ffff:ffff:ffff:ffff:ffff:ffff,HK 2400:f180::,2400:f180:ffff:ffff:ffff:ffff:ffff:ffff,SG +2400:f200::,2400:f200:ffff:ffff:ffff:ffff:ffff:ffff,PH 2400:f280::,2400:f280:ffff:ffff:ffff:ffff:ffff:ffff,AU 2400:f300::,2400:f300:ffff:ffff:ffff:ffff:ffff:ffff,IN 2400:f380::,2400:f380:ffff:ffff:ffff:ffff:ffff:ffff,AU @@ -6353,8 +6509,7 @@ 2401:1e80::,2401:1e80:ffff:ffff:ffff:ffff:ffff:ffff,AU 2401:1f00::,2401:1f01:ffff:ffff:ffff:ffff:ffff:ffff,AU 2401:1f80::,2401:1f80:ffff:ffff:ffff:ffff:ffff:ffff,SG -2401:2000::,2401:2000:ffff:ffff:ffff:ffff:ffff:ffff,JP -2401:2001::,2401:2001:ffff:ffff:ffff:ffff:ffff:ffff,AU +2401:2000::,2401:2001:ffff:ffff:ffff:ffff:ffff:ffff,AU 2401:2080::,2401:2080:ffff:ffff:ffff:ffff:ffff:ffff,CN 2401:2100::,2401:2100:ffff:ffff:ffff:ffff:ffff:ffff,JP 2401:2200::,2401:2200:ffff:ffff:ffff:ffff:ffff:ffff,MY @@ -6596,7 +6751,6 @@ 2401:b100::,2401:b100:ffff:ffff:ffff:ffff:ffff:ffff,IN 2401:b180::,2401:b180:ffff:ffff:ffff:ffff:ffff:ffff,CN 2401:b200::,2401:b200:ffff:ffff:ffff:ffff:ffff:ffff,IN -2401:b280::,2401:b280:ffff:ffff:ffff:ffff:ffff:ffff,HK 2401:b300::,2401:b300:ffff:ffff:ffff:ffff:ffff:ffff,AU 2401:b380::,2401:b380:ffff:ffff:ffff:ffff:ffff:ffff,AU 2401:b400::,2401:b400:ffff:ffff:ffff:ffff:ffff:ffff,CN @@ -6647,7 +6801,9 @@ 2401:c900:1201:1cd::,2401:c900:12ff:ffff:ffff:ffff:ffff:ffff,US 2401:c900:1300::,2401:c900:1300:ffff:ffff:ffff:ffff:ffff,SG 2401:c900:1301::,2401:c900:1301:7fff:ffff:ffff:ffff:ffff,AU -2401:c900:1301:8000::,2401:c901:ffff:ffff:ffff:ffff:ffff:ffff,SG +2401:c900:1301:8000::,2401:c900:1601:11c:ffff:ffff:ffff:ffff,SG +2401:c900:1601:11d::,2401:c900:1601:11d:ffff:ffff:ffff:ffff,KR +2401:c900:1601:11e::,2401:c901:ffff:ffff:ffff:ffff:ffff:ffff,SG 2401:c980::,2401:c980:ffff:ffff:ffff:ffff:ffff:ffff,NZ 2401:ca00::,2401:ca00:ffff:ffff:ffff:ffff:ffff:ffff,CN 2401:ca80::,2401:ca80:ffff:ffff:ffff:ffff:ffff:ffff,CN @@ -6771,10 +6927,12 @@ 2401:fa00:11::,2401:fa00:11:7fff:ffff:ffff:ffff:ffff,AU 2401:fa00:11:8000::,2401:fa00:11:ffff:ffff:ffff:ffff:ffff,IN 2401:fa00:12::,2401:fa00:12:ffff:ffff:ffff:ffff:ffff,NZ -2401:fa00:13::,2401:fa00:13:7fff:ffff:ffff:ffff:ffff,HK -2401:fa00:13:8000::,2401:fa00:17:ffff:ffff:ffff:ffff:ffff,IN +2401:fa00:13::,2401:fa00:13:ffff:ffff:ffff:ffff:ffff,HK +2401:fa00:14::,2401:fa00:17:ffff:ffff:ffff:ffff:ffff,IN 2401:fa00:18::,2401:fa00:18:7fff:ffff:ffff:ffff:ffff,PH -2401:fa00:18:8000::,2401:fa00:1e:ffff:ffff:ffff:ffff:ffff,IN +2401:fa00:18:8000::,2401:fa00:1b:ffff:ffff:ffff:ffff:ffff,IN +2401:fa00:1c::,2401:fa00:1c:ffff:ffff:ffff:ffff:ffff,KR +2401:fa00:1d::,2401:fa00:1e:ffff:ffff:ffff:ffff:ffff,IN 2401:fa00:1f::,2401:fa00:1f:7fff:ffff:ffff:ffff:ffff,JP 2401:fa00:1f:8000::,2401:fa00:23:ffff:ffff:ffff:ffff:ffff,IN 2401:fa00:24::,2401:fa00:24:7fff:ffff:ffff:ffff:ffff,MY @@ -6790,7 +6948,9 @@ 2401:fa00:40::,2401:fa00:40:7fff:ffff:ffff:ffff:ffff,CN 2401:fa00:40:8000::,2401:fa00:40:ffff:ffff:ffff:ffff:ffff,IN 2401:fa00:41::,2401:fa00:41:7fff:ffff:ffff:ffff:ffff,CN -2401:fa00:41:8000::,2401:fa00:ffff:ffff:ffff:ffff:ffff:ffff,IN +2401:fa00:41:8000::,2401:fa00:f7:ffff:ffff:ffff:ffff:ffff,IN +2401:fa00:f8::,2401:fa00:f8:ffff:ffff:ffff:ffff:ffff,PH +2401:fa00:f9::,2401:fa00:ffff:ffff:ffff:ffff:ffff:ffff,IN 2401:fa80::,2401:fa80:ffff:ffff:ffff:ffff:ffff:ffff,CN 2401:fb00::,2401:fb00:ffff:ffff:ffff:ffff:ffff:ffff,IN 2401:fb80::,2401:fb80:ffff:ffff:ffff:ffff:ffff:ffff,CN @@ -8151,6 +8311,7 @@ 2404:a280::,2404:a280:ffff:ffff:ffff:ffff:ffff:ffff,IN 2404:a300::,2404:a300:ffff:ffff:ffff:ffff:ffff:ffff,TH 2404:a380::,2404:a380:ffff:ffff:ffff:ffff:ffff:ffff,AU +2404:a480::,2404:a480:ffff:ffff:ffff:ffff:ffff:ffff,US 2404:a500::,2404:a500:ffff:ffff:ffff:ffff:ffff:ffff,IN 2404:a580::,2404:a580:ffff:ffff:ffff:ffff:ffff:ffff,SG 2404:a600::,2404:a600:ffff:ffff:ffff:ffff:ffff:ffff,JP @@ -8796,7 +8957,6 @@ 2405:d400::,2405:d400:ffff:ffff:ffff:ffff:ffff:ffff,PH 2405:d480::,2405:d480:ffff:ffff:ffff:ffff:ffff:ffff,AU 2405:d580::,2405:d580:ffff:ffff:ffff:ffff:ffff:ffff,JP -2405:d600::,2405:d600:ffff:ffff:ffff:ffff:ffff:ffff,AU 2405:d680::,2405:d680:ffff:ffff:ffff:ffff:ffff:ffff,MY 2405:d700::,2405:d700:ffff:ffff:ffff:ffff:ffff:ffff,CN 2405:d780::,2405:d780:ffff:ffff:ffff:ffff:ffff:ffff,JP @@ -10040,6 +10200,14 @@ 2602:233::,2602:233:ffff:ffff:ffff:ffff:ffff:ffff,US 2602:240::,2602:25f:ffff:ffff:ffff:ffff:ffff:ffff,US 2602:300::,2602:3ff:ffff:ffff:ffff:ffff:ffff:ffff,US +2602:ff14::,2602:ff14:fff:ffff:ffff:ffff:ffff:ffff,US +2602:ff15::,2602:ff15:fff:ffff:ffff:ffff:ffff:ffff,US +2602:ff16::,2602:ff16:fff:ffff:ffff:ffff:ffff:ffff,US +2602:ff17::,2602:ff17:fff:ffff:ffff:ffff:ffff:ffff,US +2602:ff18::,2602:ff18:fff:ffff:ffff:ffff:ffff:ffff,US +2602:ff19::,2602:ff19:fff:ffff:ffff:ffff:ffff:ffff,US +2602:ff1a::,2602:ff1a:fff:ffff:ffff:ffff:ffff:ffff,US +2602:ff1b::,2602:ff1b:fff:ffff:ffff:ffff:ffff:ffff,US 2602:ff1c::,2602:ff1c:fff:ffff:ffff:ffff:ffff:ffff,US 2602:ff1d::,2602:ff1d:fff:ffff:ffff:ffff:ffff:ffff,US 2602:ff1e::,2602:ff1e:fff:ffff:ffff:ffff:ffff:ffff,US @@ -10434,15 +10602,26 @@ 2603:6000::,2603:60ff:ffff:ffff:ffff:ffff:ffff:ffff,US 2604::,2604::ffff:ffff:ffff:ffff:ffff:ffff,US 2604:10::,2604:10:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:50::,2604:50:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:90::,2604:90:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:100::,2604:100:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:140::,2604:140:ffff:ffff:ffff:ffff:ffff:ffff,BM 2604:180::,2604:180:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:1c0::,2604:1c0:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:200::,2604:200:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:240::,2604:240:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:280::,2604:280:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:2c0::,2604:2c0:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:300::,2604:300:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:340::,2604:340:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:380::,2604:380:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:3c0::,2604:3c0:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:400::,2604:400:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:440::,2604:440:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:480::,2604:480:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:4c0::,2604:4c0:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:500::,2604:500:ffff:ffff:ffff:ffff:ffff:ffff,US +2604:540::,2604:540:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:580::,2604:580:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:600::,2604:600:ffff:ffff:ffff:ffff:ffff:ffff,US 2604:680::,2604:680:ffff:ffff:ffff:ffff:ffff:ffff,US @@ -12426,20 +12605,35 @@ 2607:e000::,2607:e000:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:e080::,2607:e080:ffff:ffff:ffff:ffff:ffff:ffff,CA 2607:e100::,2607:e100:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:e180::,2607:e180:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:e200::,2607:e200:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:e280::,2607:e280:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:e300::,2607:e300:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:e380::,2607:e380:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:e400::,2607:e400:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:e480::,2607:e480:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:e500::,2607:e500:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:e580::,2607:e580:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:e600::,2607:e600:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:e680::,2607:e680:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:e700::,2607:e700:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:e780::,2607:e780:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:e800::,2607:e800:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:e880::,2607:e880:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:e900::,2607:e900:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:e980::,2607:e980:ffff:ffff:ffff:ffff:ffff:ffff,CA 2607:ea00::,2607:ea00:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:ea80::,2607:ea80:ffff:ffff:ffff:ffff:ffff:ffff,CA 2607:eb00::,2607:eb00:ffff:ffff:ffff:ffff:ffff:ffff,CA +2607:eb80::,2607:eb80:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:ec00::,2607:ec00:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:ec80::,2607:ec80:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:ed00::,2607:ed00:ffff:ffff:ffff:ffff:ffff:ffff,CA +2607:ed80::,2607:ed80:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:ee00::,2607:ee00:ffff:ffff:ffff:ffff:ffff:ffff,CA +2607:ee80::,2607:ee80:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:ef00::,2607:ef00:ffff:ffff:ffff:ffff:ffff:ffff,US +2607:ef80::,2607:ef80:ffff:ffff:ffff:ffff:ffff:ffff,CA 2607:f000::,2607:f000:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:f008::,2607:f008:ffff:ffff:ffff:ffff:ffff:ffff,US 2607:f010::,2607:f010:ffff:ffff:ffff:ffff:ffff:ffff,US @@ -13374,11 +13568,17 @@ 2620:e:c000::,2620:e:c000:ffff:ffff:ffff:ffff:ffff,US 2620:e:e000::,2620:e:e000:ffff:ffff:ffff:ffff:ffff,US 2620:f::,2620:f:f:ffff:ffff:ffff:ffff:ffff,US +2620:f:2000::,2620:f:2000:ffff:ffff:ffff:ffff:ffff,US 2620:f:4000::,2620:f:4000:ffff:ffff:ffff:ffff:ffff,US +2620:f:6000::,2620:f:6000:ffff:ffff:ffff:ffff:ffff,US 2620:f:8000::,2620:f:8000:ffff:ffff:ffff:ffff:ffff,US +2620:f:a000::,2620:f:a000:ffff:ffff:ffff:ffff:ffff,US 2620:f:c000::,2620:f:c000:ffff:ffff:ffff:ffff:ffff,US +2620:f:e000::,2620:f:e000:ffff:ffff:ffff:ffff:ffff,US 2620:10::,2620:10::ffff:ffff:ffff:ffff:ffff,US +2620:10:2000::,2620:10:2000:ffff:ffff:ffff:ffff:ffff,US 2620:10:4000::,2620:10:4000:ffff:ffff:ffff:ffff:ffff,US +2620:10:6000::,2620:10:6000:ffff:ffff:ffff:ffff:ffff,US 2620:10:8000::,2620:10:800f:ffff:ffff:ffff:ffff:ffff,CA 2620:10:c000::,2620:10:c000:ffff:ffff:ffff:ffff:ffff,US 2620:11::,2620:11:ff:ffff:ffff:ffff:ffff:ffff,US @@ -13764,7 +13964,7 @@ 2620:73::,2620:73::ffff:ffff:ffff:ffff:ffff,US 2620:73:8000::,2620:73:8000:ffff:ffff:ffff:ffff:ffff,US 2620:73:c000::,2620:73:c000:ffff:ffff:ffff:ffff:ffff,US -2620:74::,2620:74:1f:ffff:ffff:ffff:ffff:ffff,US +2620:74::,2620:74:ff:ffff:ffff:ffff:ffff:ffff,US 2620:74:40c0::,2620:74:40c0:ffff:ffff:ffff:ffff:ffff,US 2620:74:8080::,2620:74:8080:ffff:ffff:ffff:ffff:ffff,US 2620:74:c040::,2620:74:c040:ffff:ffff:ffff:ffff:ffff,US @@ -15022,6 +15222,16 @@ 2620:12c::,2620:12c:f:ffff:ffff:ffff:ffff:ffff,US 2620:12c:1000::,2620:12c:100f:ffff:ffff:ffff:ffff:ffff,US 2620:12c:2000::,2620:12c:20ff:ffff:ffff:ffff:ffff:ffff,US +2620:12c:3000::,2620:12c:300f:ffff:ffff:ffff:ffff:ffff,US +2620:12c:4000::,2620:12c:400f:ffff:ffff:ffff:ffff:ffff,US +2620:12c:5000::,2620:12c:50ff:ffff:ffff:ffff:ffff:ffff,US +2620:12c:6000::,2620:12c:600f:ffff:ffff:ffff:ffff:ffff,US +2620:12c:7000::,2620:12c:700f:ffff:ffff:ffff:ffff:ffff,US +2620:12c:8000::,2620:12c:80ff:ffff:ffff:ffff:ffff:ffff,US +2620:12c:9000::,2620:12c:900f:ffff:ffff:ffff:ffff:ffff,US +2620:12c:a000::,2620:12c:a00f:ffff:ffff:ffff:ffff:ffff,US +2620:12c:b000::,2620:12c:b0ff:ffff:ffff:ffff:ffff:ffff,US +2620:12c:c000::,2620:12c:c00f:ffff:ffff:ffff:ffff:ffff,US 2620:140::,2620:140:3ff:ffff:ffff:ffff:ffff:ffff,US 2620:141::,2620:141:fff:ffff:ffff:ffff:ffff:ffff,US 2620:143::,2620:143:7ff:ffff:ffff:ffff:ffff:ffff,US @@ -15194,7 +15404,7 @@ 2800:450::,2800:450:ffff:ffff:ffff:ffff:ffff:ffff,CR 2800:460::,2800:460:ffff:ffff:ffff:ffff:ffff:ffff,CL 2800:470::,2800:470:ffff:ffff:ffff:ffff:ffff:ffff,SX -2800:480::,2800:480:ffff:ffff:ffff:ffff:ffff:ffff,CO +2800:480::,2800:487:ffff:ffff:ffff:ffff:ffff:ffff,CO 2800:490::,2800:490:ffff:ffff:ffff:ffff:ffff:ffff,CO 2800:4b0::,2800:4b0:ffff:ffff:ffff:ffff:ffff:ffff,PE 2800:4c0::,2800:4c0:ffff:ffff:ffff:ffff:ffff:ffff,CL @@ -15407,6 +15617,7 @@ 2801:10:9000::,2801:10:9000:ffff:ffff:ffff:ffff:ffff,PY 2801:10:a000::,2801:10:a000:ffff:ffff:ffff:ffff:ffff,AR 2801:10:c000::,2801:10:c000:ffff:ffff:ffff:ffff:ffff,CO +2801:10:d000::,2801:10:d000:ffff:ffff:ffff:ffff:ffff,AR 2801:10:e000::,2801:10:e000:ffff:ffff:ffff:ffff:ffff,AR 2801:11::,2801:11::ffff:ffff:ffff:ffff:ffff,AR 2801:11:1000::,2801:11:1000:ffff:ffff:ffff:ffff:ffff,PY @@ -15450,6 +15661,7 @@ 2801:14:9000::,2801:14:9000:ffff:ffff:ffff:ffff:ffff,CL 2801:14:a000::,2801:14:a001:ffff:ffff:ffff:ffff:ffff,UY 2801:14:c000::,2801:14:c000:ffff:ffff:ffff:ffff:ffff,BO +2801:14:d000::,2801:14:d00f:ffff:ffff:ffff:ffff:ffff,PA 2801:14:e000::,2801:14:e000:ffff:ffff:ffff:ffff:ffff,PY 2801:15::,2801:15::ffff:ffff:ffff:ffff:ffff,EC 2801:15:1000::,2801:15:1000:ffff:ffff:ffff:ffff:ffff,SV @@ -15477,6 +15689,7 @@ 2801:17:1000::,2801:17:1000:ffff:ffff:ffff:ffff:ffff,HN 2801:17:2000::,2801:17:2000:ffff:ffff:ffff:ffff:ffff,PY 2801:17:4000::,2801:17:4000:ffff:ffff:ffff:ffff:ffff,CO +2801:17:5000::,2801:17:5000:ffff:ffff:ffff:ffff:ffff,HT 2801:17:6000::,2801:17:6000:ffff:ffff:ffff:ffff:ffff,AR 2801:17:8000::,2801:17:8000:ffff:ffff:ffff:ffff:ffff,CR 2801:17:9000::,2801:17:9000:ffff:ffff:ffff:ffff:ffff,PA @@ -15561,6 +15774,7 @@ 2801:1f:1000::,2801:1f:1000:ffff:ffff:ffff:ffff:ffff,HN 2801:1f:2000::,2801:1f:2000:ffff:ffff:ffff:ffff:ffff,CR 2801:1f:4000::,2801:1f:4000:ffff:ffff:ffff:ffff:ffff,CR +2801:1f:5000::,2801:1f:5000:ffff:ffff:ffff:ffff:ffff,CO 2801:1f:6000::,2801:1f:6000:ffff:ffff:ffff:ffff:ffff,AR 2801:1f:8000::,2801:1f:8000:ffff:ffff:ffff:ffff:ffff,AR 2801:1f:9000::,2801:1f:9000:ffff:ffff:ffff:ffff:ffff,AR @@ -15885,6 +16099,13 @@ 2801:80:1ad0::,2801:80:1ad1:ffff:ffff:ffff:ffff:ffff,BR 2801:80:1ae0::,2801:80:1ae0:ffff:ffff:ffff:ffff:ffff,BR 2801:80:1af0::,2801:80:1af0:ffff:ffff:ffff:ffff:ffff,BR +2801:80:1b00::,2801:80:1b00:ffff:ffff:ffff:ffff:ffff,BR +2801:80:1b10::,2801:80:1b10:ffff:ffff:ffff:ffff:ffff,BR +2801:80:1b20::,2801:80:1b20:ffff:ffff:ffff:ffff:ffff,BR +2801:80:1b30::,2801:80:1b30:ffff:ffff:ffff:ffff:ffff,BR +2801:80:1b40::,2801:80:1b40:ffff:ffff:ffff:ffff:ffff,BR +2801:80:1b50::,2801:80:1b50:ffff:ffff:ffff:ffff:ffff,BR +2801:80:1b60::,2801:80:1b60:ffff:ffff:ffff:ffff:ffff,BR 2801:82::,2801:82:ffff:ffff:ffff:ffff:ffff:ffff,BR 2801:84::,2801:84:ffff:ffff:ffff:ffff:ffff:ffff,BR 2801:86::,2801:86:ffff:ffff:ffff:ffff:ffff:ffff,BR @@ -15947,6 +16168,7 @@ 2801:130::,2801:130:fff:ffff:ffff:ffff:ffff:ffff,CO 2801:138::,2801:138:ff:ffff:ffff:ffff:ffff:ffff,PA 2801:140::,2801:140:ffff:ffff:ffff:ffff:ffff:ffff,AR +2801:144::,2801:144:3f:ffff:ffff:ffff:ffff:ffff,CO 2801:148::,2801:148:ff:ffff:ffff:ffff:ffff:ffff,AR 2801:150::,2801:150:ffff:ffff:ffff:ffff:ffff:ffff,PE 2801:158::,2801:158:fff:ffff:ffff:ffff:ffff:ffff,PA @@ -15982,6 +16204,7 @@ 2802:3:a000::,2802:3:ffff:ffff:ffff:ffff:ffff:ffff,CO 2802:8000::,2802:80ff:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803::,2803::ffff:ffff:ffff:ffff:ffff:ffff,AR +2803:40::,2803:40:ffff:ffff:ffff:ffff:ffff:ffff,PE 2803:80::,2803:80::ffff:ffff:ffff:ffff,BR 2803:80:0:1::,2803:80:fff:ffff:ffff:ffff:ffff:ffff,CL 2803:80:1000::,2803:80:1fff:ffff:ffff:ffff:ffff:ffff,BR @@ -15994,6 +16217,7 @@ 2803:200::,2803:200:ffff:ffff:ffff:ffff:ffff:ffff,PA 2803:240::,2803:240:ffff:ffff:ffff:ffff:ffff:ffff,CO 2803:280::,2803:280:ffff:ffff:ffff:ffff:ffff:ffff,AR +2803:2c0::,2803:2c0:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:300::,2803:300:ffff:ffff:ffff:ffff:ffff:ffff,DO 2803:340::,2803:340:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:380::,2803:380:ffff:ffff:ffff:ffff:ffff:ffff,CL @@ -16050,6 +16274,7 @@ 2803:1200::,2803:1200:ffff:ffff:ffff:ffff:ffff:ffff,CL 2803:1240::,2803:1240:ffff:ffff:ffff:ffff:ffff:ffff,CO 2803:1280::,2803:1280:ffff:ffff:ffff:ffff:ffff:ffff,PE +2803:12c0::,2803:12c0:ffff:ffff:ffff:ffff:ffff:ffff,DO 2803:1300::,2803:1300:ffff:ffff:ffff:ffff:ffff:ffff,CR 2803:1340::,2803:1340:ffff:ffff:ffff:ffff:ffff:ffff,CL 2803:1380::,2803:1380:ffff:ffff:ffff:ffff:ffff:ffff,HN @@ -16067,7 +16292,6 @@ 2803:1780::,2803:1780:ffff:ffff:ffff:ffff:ffff:ffff,CO 2803:1800::,2803:1800:ffff:ffff:ffff:ffff:ffff:ffff,CO 2803:1840::,2803:1840:ffff:ffff:ffff:ffff:ffff:ffff,CO -2803:1880::,2803:1880:ffff:ffff:ffff:ffff:ffff:ffff,PE 2803:18c0::,2803:18c0:ffff:ffff:ffff:ffff:ffff:ffff,SX 2803:1900::,2803:1900:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:1940::,2803:1940:ffff:ffff:ffff:ffff:ffff:ffff,AR @@ -16094,12 +16318,12 @@ 2803:2040::,2803:2040:ffff:ffff:ffff:ffff:ffff:ffff,CR 2803:2080::,2803:2080:ffff:ffff:ffff:ffff:ffff:ffff,HN 2803:20c0::,2803:20c0:ffff:ffff:ffff:ffff:ffff:ffff,AR -2803:2100::,2803:2100:ffff:ffff:ffff:ffff:ffff:ffff,PE 2803:2140::,2803:2140:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:2180::,2803:2180:ffff:ffff:ffff:ffff:ffff:ffff,CO 2803:2200::,2803:2200:ffff:ffff:ffff:ffff:ffff:ffff,EC 2803:2240::,2803:2240:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:2280::,2803:2280:ffff:ffff:ffff:ffff:ffff:ffff,BZ +2803:22c0::,2803:22c0:ffff:ffff:ffff:ffff:ffff:ffff,VE 2803:2300::,2803:2300:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:2340::,2803:2340:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:2380::,2803:2380:ffff:ffff:ffff:ffff:ffff:ffff,AR @@ -16203,6 +16427,7 @@ 2803:4200::,2803:4200:ffff:ffff:ffff:ffff:ffff:ffff,CL 2803:4240::,2803:4240:ffff:ffff:ffff:ffff:ffff:ffff,PY 2803:4280::,2803:4280:ffff:ffff:ffff:ffff:ffff:ffff,AR +2803:42c0::,2803:42c0:ffff:ffff:ffff:ffff:ffff:ffff,HN 2803:4300::,2803:4300:ffff:ffff:ffff:ffff:ffff:ffff,PA 2803:4340::,2803:4340:ffff:ffff:ffff:ffff:ffff:ffff,CO 2803:4380::,2803:4380:ffff:ffff:ffff:ffff:ffff:ffff,BO @@ -16304,6 +16529,7 @@ 2803:6200::,2803:6200:ffff:ffff:ffff:ffff:ffff:ffff,CL 2803:6240::,2803:6240:ffff:ffff:ffff:ffff:ffff:ffff,VE 2803:6280::,2803:6280:ffff:ffff:ffff:ffff:ffff:ffff,PA +2803:62c0::,2803:62c0:ffff:ffff:ffff:ffff:ffff:ffff,EC 2803:6300::,2803:6300:ffff:ffff:ffff:ffff:ffff:ffff,GT 2803:6340::,2803:6340:ffff:ffff:ffff:ffff:ffff:ffff,CR 2803:6380::,2803:6380:ffff:ffff:ffff:ffff:ffff:ffff,AR @@ -16407,6 +16633,7 @@ 2803:8200::,2803:8200:ffff:ffff:ffff:ffff:ffff:ffff,HN 2803:8240::,2803:8240:ffff:ffff:ffff:ffff:ffff:ffff,CL 2803:8280::,2803:8280:ffff:ffff:ffff:ffff:ffff:ffff,VE +2803:82c0::,2803:82c0:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:8300::,2803:8300:ffff:ffff:ffff:ffff:ffff:ffff,EC 2803:8340::,2803:8340:ffff:ffff:ffff:ffff:ffff:ffff,CO 2803:8380::,2803:8380:ffff:ffff:ffff:ffff:ffff:ffff,AR @@ -16509,6 +16736,7 @@ 2803:a200::,2803:a200:ffff:ffff:ffff:ffff:ffff:ffff,SR 2803:a240::,2803:a240:ffff:ffff:ffff:ffff:ffff:ffff,EC 2803:a280::,2803:a280:ffff:ffff:ffff:ffff:ffff:ffff,DO +2803:a2c0::,2803:a2c0:ffff:ffff:ffff:ffff:ffff:ffff,CL 2803:a340::,2803:a340:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:a380::,2803:a380:ffff:ffff:ffff:ffff:ffff:ffff,PA 2803:a400::,2803:a400:ffff:ffff:ffff:ffff:ffff:ffff,EC @@ -16610,6 +16838,7 @@ 2803:c200::,2803:c200:ffff:ffff:ffff:ffff:ffff:ffff,PE 2803:c240::,2803:c240:ffff:ffff:ffff:ffff:ffff:ffff,BZ 2803:c280::,2803:c280:ffff:ffff:ffff:ffff:ffff:ffff,EC +2803:c2c0::,2803:c2c0:ffff:ffff:ffff:ffff:ffff:ffff,EC 2803:c300::,2803:c300:ffff:ffff:ffff:ffff:ffff:ffff,GT 2803:c340::,2803:c340:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:c380::,2803:c380:ffff:ffff:ffff:ffff:ffff:ffff,HN @@ -16715,6 +16944,7 @@ 2803:e200::,2803:e200:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:e240::,2803:e240:ffff:ffff:ffff:ffff:ffff:ffff,PA 2803:e280::,2803:e280:ffff:ffff:ffff:ffff:ffff:ffff,AR +2803:e2c0::,2803:e2c0:ffff:ffff:ffff:ffff:ffff:ffff,CO 2803:e300::,2803:e300:ffff:ffff:ffff:ffff:ffff:ffff,CR 2803:e340::,2803:e340:ffff:ffff:ffff:ffff:ffff:ffff,GY 2803:e380::,2803:e380:ffff:ffff:ffff:ffff:ffff:ffff,HN @@ -16798,6 +17028,7 @@ 2803:fc00::,2803:fc00:ffff:ffff:ffff:ffff:ffff:ffff,PY 2803:fc40::,2803:fc40:ffff:ffff:ffff:ffff:ffff:ffff,AR 2803:fc80::,2803:fc80:ffff:ffff:ffff:ffff:ffff:ffff,AR +2803:fcc0::,2803:fcc0:ffff:ffff:ffff:ffff:ffff:ffff,CL 2803:fd00::,2803:fd00:ffff:ffff:ffff:ffff:ffff:ffff,CO 2803:fd40::,2803:fd40:ffff:ffff:ffff:ffff:ffff:ffff,SV 2803:fd80::,2803:fd80:ffff:ffff:ffff:ffff:ffff:ffff,CL @@ -17972,6 +18203,7 @@ 2804:1324::,2804:1324:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:1328::,2804:1328:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:132c::,2804:132c:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:1330::,2804:1330:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:1334::,2804:1334:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:1338::,2804:1338:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:133c::,2804:133c:ffff:ffff:ffff:ffff:ffff:ffff,BR @@ -18664,7 +18896,6 @@ 2804:1e10::,2804:1e10:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:1e14::,2804:1e14:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:1e18::,2804:1e18:ffff:ffff:ffff:ffff:ffff:ffff,BR -2804:1e1c::,2804:1e1c:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:1e20::,2804:1e20:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:1e24::,2804:1e24:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:1e28::,2804:1e28:ffff:ffff:ffff:ffff:ffff:ffff,BR @@ -20223,6 +20454,62 @@ 2804:3728::,2804:3728:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:372c::,2804:372c:ffff:ffff:ffff:ffff:ffff:ffff,BR 2804:3730::,2804:3730:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3734::,2804:3734:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3738::,2804:3738:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:373c::,2804:373c:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3740::,2804:3740:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3744::,2804:3744:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3748::,2804:3748:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:374c::,2804:374c:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3750::,2804:3750:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3754::,2804:3754:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3758::,2804:3758:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:375c::,2804:375c:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3760::,2804:3760:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3764::,2804:3764:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3768::,2804:3768:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:376c::,2804:376c:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3770::,2804:3770:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3774::,2804:3774:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3778::,2804:3778:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:377c::,2804:377c:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3780::,2804:3780:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3784::,2804:3784:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3788::,2804:3788:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:378c::,2804:378c:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3790::,2804:3790:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3794::,2804:3794:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3798::,2804:3798:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:379c::,2804:379c:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37a0::,2804:37a0:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37a4::,2804:37a4:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37a8::,2804:37a8:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37ac::,2804:37ac:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37b0::,2804:37b0:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37b4::,2804:37b4:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37b8::,2804:37b8:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37bc::,2804:37bc:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37c0::,2804:37c0:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37c4::,2804:37c4:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37c8::,2804:37c8:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37cc::,2804:37cc:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37d0::,2804:37d0:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37d4::,2804:37d4:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37d8::,2804:37d8:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37dc::,2804:37dc:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37e0::,2804:37e0:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37e4::,2804:37e4:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37e8::,2804:37e8:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37ec::,2804:37ec:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37f0::,2804:37f0:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37f4::,2804:37f4:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37f8::,2804:37f8:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:37fc::,2804:37fc:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3800::,2804:3800:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3804::,2804:3804:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3808::,2804:3808:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:380c::,2804:380c:ffff:ffff:ffff:ffff:ffff:ffff,BR +2804:3810::,2804:3810:ffff:ffff:ffff:ffff:ffff:ffff,BR 2806::,2806:f:ffff:ffff:ffff:ffff:ffff:ffff,MX 2806:200::,2806:216::ffff:ffff:ffff:ffff:ffff,MX 2806:217::,2806:220:ffff:ffff:ffff:ffff:ffff:ffff,MX @@ -20233,7 +20520,8 @@ 2806:250::,2806:250:ffff:ffff:ffff:ffff:ffff:ffff,MX 2806:260::,2806:260:ffff:ffff:ffff:ffff:ffff:ffff,MX 2806:270::,2806:270:ffff:ffff:ffff:ffff:ffff:ffff,MX -2806:280::,2806:286:ffff:ffff:ffff:ffff:ffff:ffff,MX +2806:280::,2806:287:ffff:ffff:ffff:ffff:ffff:ffff,MX +2806:289::,2806:289:ffff:ffff:ffff:ffff:ffff:ffff,MX 2806:290::,2806:290:ffff:ffff:ffff:ffff:ffff:ffff,MX 2806:2a0::,2806:2a0:ffff:ffff:ffff:ffff:ffff:ffff,MX 2806:2b0::,2806:2b0:ffff:ffff:ffff:ffff:ffff:ffff,MX @@ -20489,7 +20777,9 @@ 2a00:13b0::,2a00:13b0:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a00:13b8::,2a00:13b8:ffff:ffff:ffff:ffff:ffff:ffff,RO 2a00:13c0::,2a00:13c0:ffff:ffff:ffff:ffff:ffff:ffff,RU -2a00:13c8::,2a00:13c8:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a00:13c8::,2a00:13c8:2:ffff:ffff:ffff:ffff:ffff,DE +2a00:13c8:3::,2a00:13c8:3:ffff:ffff:ffff:ffff:ffff,CH +2a00:13c8:4::,2a00:13c8:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a00:13d0::,2a00:13d0:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a00:13d8::,2a00:13df:ffff:ffff:ffff:ffff:ffff:ffff,SI 2a00:13e0::,2a00:13e0:ffff:ffff:ffff:ffff:ffff:ffff,NO @@ -20520,7 +20810,7 @@ 2a00:1488::,2a00:1488:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a00:1490::,2a00:1490:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a00:1498::,2a00:1498:ffff:ffff:ffff:ffff:ffff:ffff,AT -2a00:14a0::,2a00:14a0:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a00:14a0::,2a00:14a7:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a00:14a8::,2a00:14a8:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a00:14b0::,2a00:14b7:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a00:14b8::,2a00:14b8:ffff:ffff:ffff:ffff:ffff:ffff,FI @@ -21111,7 +21401,6 @@ 2a00:5dc0::,2a00:5dc0:ffff:ffff:ffff:ffff:ffff:ffff,RO 2a00:5de0::,2a00:5de0:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a00:5e00::,2a00:5e00:ffff:ffff:ffff:ffff:ffff:ffff,DE -2a00:5e20::,2a00:5e20:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a00:5e40::,2a00:5e40:ffff:ffff:ffff:ffff:ffff:ffff,NO 2a00:5e60::,2a00:5e60:ffff:ffff:ffff:ffff:ffff:ffff,LB 2a00:5e80::,2a00:5e80:ffff:ffff:ffff:ffff:ffff:ffff,FR @@ -21191,7 +21480,6 @@ 2a00:67e0::,2a00:67e7:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a00:6800::,2a00:6800:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a00:6820::,2a00:6820:ffff:ffff:ffff:ffff:ffff:ffff,FR -2a00:6840::,2a00:6840:ffff:ffff:ffff:ffff:ffff:ffff,SI 2a00:6860::,2a00:6867:ffff:ffff:ffff:ffff:ffff:ffff,ES 2a00:6880::,2a00:6880:ffff:ffff:ffff:ffff:ffff:ffff,LT 2a00:68a0::,2a00:68a0:ffff:ffff:ffff:ffff:ffff:ffff,AE @@ -21327,7 +21615,6 @@ 2a00:7920::,2a00:7920:ffff:ffff:ffff:ffff:ffff:ffff,NO 2a00:7940::,2a00:7940:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a00:7960::,2a00:7960:ffff:ffff:ffff:ffff:ffff:ffff,NL -2a00:7980::,2a00:7980:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a00:79a0::,2a00:79a0:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a00:79c0::,2a00:79c0:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a00:79e0::,2a00:79e0::ffff:ffff:ffff:ffff:ffff,CH @@ -21347,7 +21634,9 @@ 2a00:79e0:23::,2a00:79e0:23:ffff:ffff:ffff:ffff:ffff,GB 2a00:79e0:24::,2a00:79e0:26:ffff:ffff:ffff:ffff:ffff,CH 2a00:79e0:27::,2a00:79e0:27:ffff:ffff:ffff:ffff:ffff,NL -2a00:79e0:28::,2a00:79e1:abb:ffff:ffff:ffff:ffff:ffff,CH +2a00:79e0:28::,2a00:79e0:ffe2:4ff:ffff:ffff:ffff:ffff,CH +2a00:79e0:ffe2:500::,2a00:79e0:ffe2:5ff:ffff:ffff:ffff:ffff,IE +2a00:79e0:ffe2:600::,2a00:79e1:abb:ffff:ffff:ffff:ffff:ffff,CH 2a00:79e1:abc::,2a00:79e1:abc:ff:ffff:ffff:ffff:ffff,GB 2a00:79e1:abc:100::,2a00:79e1:ffff:ffff:ffff:ffff:ffff:ffff,CH 2a00:7a00::,2a00:7a00:ffff:ffff:ffff:ffff:ffff:ffff,NO @@ -21408,7 +21697,7 @@ 2a00:8140::,2a00:8140:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a00:8160::,2a00:8160:ffff:ffff:ffff:ffff:ffff:ffff,FI 2a00:8180::,2a00:8180:ffff:ffff:ffff:ffff:ffff:ffff,DE -2a00:81a0::,2a00:81a0:ffff:ffff:ffff:ffff:ffff:ffff,CH +2a00:81a0::,2a00:81a7:ffff:ffff:ffff:ffff:ffff:ffff,CH 2a00:81c0::,2a00:81c0:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a00:81e0::,2a00:81e0:ffff:ffff:ffff:ffff:ffff:ffff,LV 2a00:8200::,2a00:8200:ffff:ffff:ffff:ffff:ffff:ffff,DK @@ -22384,8 +22673,8 @@ 2a00:fd00::,2a00:fd00:ffff:ffff:ffff:ffff:ffff:ffff,DK 2a00:fd20::,2a00:fd20:ffff:ffff:ffff:ffff:ffff:ffff,LB 2a00:fd40::,2a00:fd40:5:ffff:ffff:ffff:ffff:ffff,NL -2a00:fd40:6::,2a00:fd40:6:ffff:ffff:ffff:ffff:ffff,SK -2a00:fd40:7::,2a00:fd40:ffff:ffff:ffff:ffff:ffff:ffff,NL +2a00:fd40:6::,2a00:fd40:7:ffff:ffff:ffff:ffff:ffff,SK +2a00:fd40:8::,2a00:fd40:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a00:fd60::,2a00:fd60:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a00:fd80::,2a00:fd80:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a00:fda0::,2a00:fda0:ffff:ffff:ffff:ffff:ffff:ffff,DE @@ -22595,6 +22884,7 @@ 2a01:3d8::,2a01:3d8:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a01:3e0:402::,2a01:3e0:403:ffff:ffff:ffff:ffff:ffff,FR 2a01:3e0:501::,2a01:3e0:501:ffff:ffff:ffff:ffff:ffff,RU +2a01:3e0:502::,2a01:3e0:502:ffff:ffff:ffff:ffff:ffff,DE 2a01:3e0:801::,2a01:3e0:801:ffff:ffff:ffff:ffff:ffff,FR 2a01:3e0:d01::,2a01:3e0:d02:ffff:ffff:ffff:ffff:ffff,GB 2a01:3e0:1101::,2a01:3e0:1101:ffff:ffff:ffff:ffff:ffff,NL @@ -23392,7 +23682,6 @@ 2a01:8fc0::,2a01:8fc0:ffff:ffff:ffff:ffff:ffff:ffff,CZ 2a01:8fe0::,2a01:8fe0:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a01:9000::,2a01:9000:ffff:ffff:ffff:ffff:ffff:ffff,FR -2a01:9020::,2a01:9020:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a01:9040::,2a01:9040:ffff:ffff:ffff:ffff:ffff:ffff,SI 2a01:9060::,2a01:9060:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a01:9080::,2a01:9080:ffff:ffff:ffff:ffff:ffff:ffff,SE @@ -24311,7 +24600,7 @@ 2a02:1628::,2a02:1628:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a02:1630::,2a02:1630:ffff:ffff:ffff:ffff:ffff:ffff,IT 2a02:1638::,2a02:1638:ffff:ffff:ffff:ffff:ffff:ffff,CZ -2a02:1648::,2a02:1648:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a02:1648::,2a02:164f:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a02:1650::,2a02:1650:ffff:ffff:ffff:ffff:ffff:ffff,SA 2a02:1658::,2a02:1658:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a02:1660::,2a02:1660:ffff:ffff:ffff:ffff:ffff:ffff,NO @@ -24344,7 +24633,7 @@ 2a02:1740::,2a02:1740:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a02:1748::,2a02:1748:ffff:ffff:ffff:ffff:ffff:ffff,AT 2a02:1750::,2a02:1750:ffff:ffff:ffff:ffff:ffff:ffff,RU -2a02:1758::,2a02:1758:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a02:1758::,2a02:175f:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a02:1760::,2a02:1760:ffff:ffff:ffff:ffff:ffff:ffff,BE 2a02:1770::,2a02:1770:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a02:1778::,2a02:1778:ffff:ffff:ffff:ffff:ffff:ffff,PL @@ -24737,7 +25026,6 @@ 2a02:2bb0::,2a02:2bb0:ffff:ffff:ffff:ffff:ffff:ffff,IE 2a02:2bb8::,2a02:2bb8:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a02:2bc0::,2a02:2bc0:ffff:ffff:ffff:ffff:ffff:ffff,GB -2a02:2be0::,2a02:2be0:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a02:2c00::,2a02:2c07:ffff:ffff:ffff:ffff:ffff:ffff,NO 2a02:2c40::,2a02:2c40:ffff:ffff:ffff:ffff:ffff:ffff,BE 2a02:2c60::,2a02:2c60:ffff:ffff:ffff:ffff:ffff:ffff,DE @@ -24820,7 +25108,14 @@ 2a02:4720::,2a02:4720:ffff:ffff:ffff:ffff:ffff:ffff,IT 2a02:4740::,2a02:4740:ffff:ffff:ffff:ffff:ffff:ffff,IT 2a02:4760::,2a02:4760:ffff:ffff:ffff:ffff:ffff:ffff,RU -2a02:4780::,2a02:4780:ffff:ffff:ffff:ffff:ffff:ffff,LT +2a02:4780::,2a02:4780::ffff:ffff:ffff:ffff:ffff,LT +2a02:4780:1::,2a02:4780:1:ffff:ffff:ffff:ffff:ffff,US +2a02:4780:2::,2a02:4780:2:ffff:ffff:ffff:ffff:ffff,GB +2a02:4780:3::,2a02:4780:bac:ffff:ffff:ffff:ffff:ffff,LT +2a02:4780:bad::,2a02:4780:bad:ffff:ffff:ffff:ffff:ffff,US +2a02:4780:bae::,2a02:4780:deac:ffff:ffff:ffff:ffff:ffff,LT +2a02:4780:dead::,2a02:4780:dead:ffff:ffff:ffff:ffff:ffff,US +2a02:4780:deae::,2a02:4780:ffff:ffff:ffff:ffff:ffff:ffff,LT 2a02:47a0::,2a02:47a0:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a02:47c0::,2a02:47c0:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a02:47e0::,2a02:47e7:ffff:ffff:ffff:ffff:ffff:ffff,BE @@ -25676,7 +25971,6 @@ 2a03:ae0::,2a03:ae0:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a03:b00::,2a03:b00:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a03:b40::,2a03:b40:ffff:ffff:ffff:ffff:ffff:ffff,ES -2a03:b60::,2a03:b60:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a03:b80::,2a03:b80:ffff:ffff:ffff:ffff:ffff:ffff,FI 2a03:ba0::,2a03:ba7:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a03:bc0::,2a03:bc7:ffff:ffff:ffff:ffff:ffff:ffff,GB @@ -26077,7 +26371,7 @@ 2a03:3b60::,2a03:3b60:ffff:ffff:ffff:ffff:ffff:ffff,IR 2a03:3b80::,2a03:3b80:ffff:ffff:ffff:ffff:ffff:ffff,DK 2a03:3ba0::,2a03:3ba0:ffff:ffff:ffff:ffff:ffff:ffff,ES -2a03:3bc0::,2a03:3bc0:ffff:ffff:ffff:ffff:ffff:ffff,SE +2a03:3bc0::,2a03:3bc0:ffff:ffff:ffff:ffff:ffff:ffff,MT 2a03:3be0::,2a03:3be0:ffff:ffff:ffff:ffff:ffff:ffff,ES 2a03:3c00::,2a03:3c00:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a03:3c20::,2a03:3c20:ffff:ffff:ffff:ffff:ffff:ffff,FR @@ -26124,7 +26418,6 @@ 2a03:41c0::,2a03:41c0:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a03:41e0::,2a03:41e0:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a03:4200::,2a03:4200:ffff:ffff:ffff:ffff:ffff:ffff,GB -2a03:4220::,2a03:4220:ffff:ffff:ffff:ffff:ffff:ffff,CZ 2a03:4240::,2a03:4240:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a03:4260::,2a03:4260:ffff:ffff:ffff:ffff:ffff:ffff,CZ 2a03:4280::,2a03:4280:ffff:ffff:ffff:ffff:ffff:ffff,HR @@ -26376,7 +26669,6 @@ 2a03:5f20::,2a03:5f20:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a03:5f60::,2a03:5f60:ffff:ffff:ffff:ffff:ffff:ffff,HU 2a03:5f80::,2a03:5f80:ffff:ffff:ffff:ffff:ffff:ffff,RU -2a03:5fa0::,2a03:5fa0:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a03:5fc0::,2a03:5fc0:ffff:ffff:ffff:ffff:ffff:ffff,FI 2a03:5fe0::,2a03:5fe0:ffff:ffff:ffff:ffff:ffff:ffff,RS 2a03:6000::,2a03:6007:ffff:ffff:ffff:ffff:ffff:ffff,NL @@ -26445,7 +26737,7 @@ 2a03:67c0::,2a03:67c0:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a03:67e0::,2a03:67e0:ffff:ffff:ffff:ffff:ffff:ffff,LT 2a03:6800::,2a03:6800:ffff:ffff:ffff:ffff:ffff:ffff,IT -2a03:6820::,2a03:6820:ffff:ffff:ffff:ffff:ffff:ffff,NL +2a03:6820::,2a03:6820:ffff:ffff:ffff:ffff:ffff:ffff,LV 2a03:6840::,2a03:6840:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a03:6860::,2a03:6860:ffff:ffff:ffff:ffff:ffff:ffff,BE 2a03:6880::,2a03:6880:ffff:ffff:ffff:ffff:ffff:ffff,DE @@ -27154,7 +27446,7 @@ 2a03:c140::,2a03:c140:ffff:ffff:ffff:ffff:ffff:ffff,AE 2a03:c180::,2a03:c180:ffff:ffff:ffff:ffff:ffff:ffff,IT 2a03:c1c0::,2a03:c1c0:ffff:ffff:ffff:ffff:ffff:ffff,IT -2a03:c200::,2a03:c200:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a03:c200::,2a03:c207:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a03:c240::,2a03:c240:ffff:ffff:ffff:ffff:ffff:ffff,GE 2a03:c280::,2a03:c280:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a03:c2c0::,2a03:c2c0:ffff:ffff:ffff:ffff:ffff:ffff,FR @@ -27424,7 +27716,7 @@ 2a04:540::,2a04:547:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a04:580::,2a04:587:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a04:5c0::,2a04:5c3:ffff:ffff:ffff:ffff:ffff:ffff,RU -2a04:5e0::,2a04:5e3:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a04:5e0::,2a04:5e7:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a04:600::,2a04:607:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a04:640::,2a04:647:ffff:ffff:ffff:ffff:ffff:ffff,VA 2a04:680::,2a04:687:ffff:ffff:ffff:ffff:ffff:ffff,FI @@ -28267,7 +28559,6 @@ 2a04:d240::,2a04:d247:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a04:d280::,2a04:d287:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a04:d2c0::,2a04:d2c7:ffff:ffff:ffff:ffff:ffff:ffff,RU -2a04:d300::,2a04:d307:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a04:d340::,2a04:d347:ffff:ffff:ffff:ffff:ffff:ffff,NO 2a04:d380::,2a04:d387:ffff:ffff:ffff:ffff:ffff:ffff,AZ 2a04:d3c0::,2a04:d3c7:ffff:ffff:ffff:ffff:ffff:ffff,AT @@ -28310,7 +28601,6 @@ 2a04:dcc0::,2a04:dcc7:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a04:dd00::,2a04:dd07:ffff:ffff:ffff:ffff:ffff:ffff,AE 2a04:dd40::,2a04:dd47:ffff:ffff:ffff:ffff:ffff:ffff,SI -2a04:dd80::,2a04:dd87:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a04:ddc0::,2a04:ddc7:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a04:de00::,2a04:de07:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a04:de40::,2a04:de47:ffff:ffff:ffff:ffff:ffff:ffff,GB @@ -28861,7 +29151,6 @@ 2a05:6600::,2a05:6607:ffff:ffff:ffff:ffff:ffff:ffff,IR 2a05:6640::,2a05:6647:ffff:ffff:ffff:ffff:ffff:ffff,VA 2a05:6680::,2a05:6687:ffff:ffff:ffff:ffff:ffff:ffff,IT -2a05:66c0::,2a05:66c7:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a05:6700::,2a05:6707:ffff:ffff:ffff:ffff:ffff:ffff,RO 2a05:6740::,2a05:6747:ffff:ffff:ffff:ffff:ffff:ffff,AT 2a05:6780::,2a05:6787:ffff:ffff:ffff:ffff:ffff:ffff,RU @@ -29229,7 +29518,6 @@ 2a05:c340::,2a05:c347:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a05:c380::,2a05:c387:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a05:c3c0::,2a05:c3c7:ffff:ffff:ffff:ffff:ffff:ffff,PL -2a05:c400::,2a05:c407:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a05:c440::,2a05:c447:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a05:c480::,2a05:c487:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a05:c4c0::,2a05:c4c7:ffff:ffff:ffff:ffff:ffff:ffff,NL @@ -29313,7 +29601,6 @@ 2a05:d640::,2a05:d647:ffff:ffff:ffff:ffff:ffff:ffff,IQ 2a05:d680::,2a05:d687:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a05:d6c0::,2a05:d6c7:ffff:ffff:ffff:ffff:ffff:ffff,PL -2a05:d700::,2a05:d707:ffff:ffff:ffff:ffff:ffff:ffff,US 2a05:d740::,2a05:d747:ffff:ffff:ffff:ffff:ffff:ffff,IR 2a05:d780::,2a05:d787:ffff:ffff:ffff:ffff:ffff:ffff,UA 2a05:d7c0::,2a05:d7c7:ffff:ffff:ffff:ffff:ffff:ffff,SA @@ -29702,7 +29989,6 @@ 2a06:3380::,2a06:3387:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a06:33c0::,2a06:33c7:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a06:3400::,2a06:3407:ffff:ffff:ffff:ffff:ffff:ffff,GB -2a06:3440::,2a06:3447:ffff:ffff:ffff:ffff:ffff:ffff,DK 2a06:3480::,2a06:3487:ffff:ffff:ffff:ffff:ffff:ffff,LB 2a06:34c0::,2a06:34c7:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a06:3500::,2a06:3507:ffff:ffff:ffff:ffff:ffff:ffff,BE @@ -29785,7 +30071,6 @@ 2a06:4740::,2a06:4747:ffff:ffff:ffff:ffff:ffff:ffff,RO 2a06:47c0::,2a06:47c7:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a06:4840::,2a06:4847:ffff:ffff:ffff:ffff:ffff:ffff,IE -2a06:4880::,2a06:4887:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a06:48c0::,2a06:48c7:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a06:4900::,2a06:4907:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a06:4940::,2a06:4947:ffff:ffff:ffff:ffff:ffff:ffff,LU @@ -30314,7 +30599,6 @@ 2a06:c480::,2a06:c487:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a06:c4c0::,2a06:c4c7:ffff:ffff:ffff:ffff:ffff:ffff,AT 2a06:c500::,2a06:c507:ffff:ffff:ffff:ffff:ffff:ffff,AT -2a06:c540::,2a06:c547:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a06:c580::,2a06:c587:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a06:c5c0::,2a06:c5c7:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a06:c600::,2a06:c607:ffff:ffff:ffff:ffff:ffff:ffff,DE @@ -30376,7 +30660,6 @@ 2a06:d400::,2a06:d407:ffff:ffff:ffff:ffff:ffff:ffff,IR 2a06:d440::,2a06:d447:ffff:ffff:ffff:ffff:ffff:ffff,IT 2a06:d480::,2a06:d487:ffff:ffff:ffff:ffff:ffff:ffff,DK -2a06:d4c0::,2a06:d4c7:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a06:d500::,2a06:d507:ffff:ffff:ffff:ffff:ffff:ffff,AT 2a06:d540::,2a06:d547:ffff:ffff:ffff:ffff:ffff:ffff,CZ 2a06:d580::,2a06:d587:ffff:ffff:ffff:ffff:ffff:ffff,CH @@ -31653,7 +31936,7 @@ 2a0a:8605::,2a0a:8605::ffff:ffff:ffff:ffff:ffff,US 2a0a:8605:1::,2a0a:8605:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:8606::,2a0a:8606:ffff:ffff:ffff:ffff:ffff:ffff,FR -2a0a:8607::,2a0a:8607:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:8607::,2a0a:8607:ffff:ffff:ffff:ffff:ffff:ffff,US 2a0a:8680::,2a0a:8687:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:8700::,2a0a:8707:ffff:ffff:ffff:ffff:ffff:ffff,ES 2a0a:8780::,2a0a:8787:ffff:ffff:ffff:ffff:ffff:ffff,ES @@ -31669,7 +31952,9 @@ 2a0a:8c80::,2a0a:8c87:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a0a:8d00::,2a0a:8d07:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:8d80::,2a0a:8d87:ffff:ffff:ffff:ffff:ffff:ffff,RU -2a0a:8e00::,2a0a:8e07:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:8e00::,2a0a:8e01:1236:ffff:ffff:ffff:ffff:ffff,US +2a0a:8e01:1237::,2a0a:8e01:1237:ffff:ffff:ffff:ffff:ffff,CA +2a0a:8e01:1238::,2a0a:8e07:ffff:ffff:ffff:ffff:ffff:ffff,US 2a0a:8e80::,2a0a:8e87:ffff:ffff:ffff:ffff:ffff:ffff,IT 2a0a:8f00::,2a0a:8f00:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:8f80::,2a0a:8f87:ffff:ffff:ffff:ffff:ffff:ffff,RU @@ -31677,7 +31962,9 @@ 2a0a:9080::,2a0a:9087:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:9100::,2a0a:9107:ffff:ffff:ffff:ffff:ffff:ffff,LB 2a0a:9180::,2a0a:9180:ffff:ffff:ffff:ffff:ffff:ffff,DE -2a0a:9200::,2a0a:9207:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:9200::,2a0a:9204:ab6c:ffff:ffff:ffff:ffff:ffff,US +2a0a:9204:ab6d::,2a0a:9204:ab6d:ffff:ffff:ffff:ffff:ffff,CA +2a0a:9204:ab6e::,2a0a:9207:ffff:ffff:ffff:ffff:ffff:ffff,US 2a0a:9280::,2a0a:9287:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:9300::,2a0a:9307:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0a:9380::,2a0a:9387:ffff:ffff:ffff:ffff:ffff:ffff,ES @@ -31685,7 +31972,9 @@ 2a0a:9480::,2a0a:9480:ffff:ffff:ffff:ffff:ffff:ffff,IL 2a0a:9500::,2a0a:9507:ffff:ffff:ffff:ffff:ffff:ffff,FI 2a0a:9580::,2a0a:9587:ffff:ffff:ffff:ffff:ffff:ffff,GB -2a0a:9600::,2a0a:9607:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:9600::,2a0a:9603:49cd:ffff:ffff:ffff:ffff:ffff,US +2a0a:9603:49ce::,2a0a:9603:49ce:ffff:ffff:ffff:ffff:ffff,CA +2a0a:9603:49cf::,2a0a:9607:ffff:ffff:ffff:ffff:ffff:ffff,US 2a0a:9680::,2a0a:9687:ffff:ffff:ffff:ffff:ffff:ffff,CZ 2a0a:9700::,2a0a:9700:ffff:ffff:ffff:ffff:ffff:ffff,ES 2a0a:9780::,2a0a:9787:ffff:ffff:ffff:ffff:ffff:ffff,NL @@ -31693,7 +31982,9 @@ 2a0a:9880::,2a0a:9887:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:9900::,2a0a:9907:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:9980::,2a0a:9987:ffff:ffff:ffff:ffff:ffff:ffff,RU -2a0a:9a00::,2a0a:9a07:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:9a00::,2a0a:9a02:b3d1:ffff:ffff:ffff:ffff:ffff,US +2a0a:9a02:b3d2::,2a0a:9a02:b3d2:ffff:ffff:ffff:ffff:ffff,CA +2a0a:9a02:b3d3::,2a0a:9a07:ffff:ffff:ffff:ffff:ffff:ffff,US 2a0a:9a80::,2a0a:9a80:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:9b00::,2a0a:9b07:ffff:ffff:ffff:ffff:ffff:ffff,US 2a0a:9b80::,2a0a:9b80:ffff:ffff:ffff:ffff:ffff:ffff,NO @@ -31702,138 +31993,271 @@ 2a0a:9d00::,2a0a:9d00:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:9d80::,2a0a:9d87:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:9e00::,2a0a:9e07:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:9e80::,2a0a:9e87:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:9f00::,2a0a:9f07:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:9f80::,2a0a:9f87:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0a:a000::,2a0a:a000:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:a080::,2a0a:a087:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a0a:a100::,2a0a:a100:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:a180::,2a0a:a180:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0a:a200::,2a0a:a207:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:a280::,2a0a:a280:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:a300::,2a0a:a307:ffff:ffff:ffff:ffff:ffff:ffff,RO +2a0a:a380::,2a0a:a387:ffff:ffff:ffff:ffff:ffff:ffff,IT 2a0a:a400::,2a0a:a407:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a0a:a480::,2a0a:a487:ffff:ffff:ffff:ffff:ffff:ffff,IR 2a0a:a500::,2a0a:a507:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:a580::,2a0a:a587:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a0a:a600::,2a0a:a607:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:a680::,2a0a:a687:ffff:ffff:ffff:ffff:ffff:ffff,SK 2a0a:a700::,2a0a:a707:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:a780::,2a0a:a787:ffff:ffff:ffff:ffff:ffff:ffff,SK 2a0a:a800::,2a0a:a807:ffff:ffff:ffff:ffff:ffff:ffff,CZ +2a0a:a880::,2a0a:a887:ffff:ffff:ffff:ffff:ffff:ffff,ES 2a0a:a900::,2a0a:a900:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a0a:a980::,2a0a:a987:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:aa00::,2a0a:aa03:ffff:ffff:ffff:ffff:ffff:ffff,CY +2a0a:aa80::,2a0a:aa87:ffff:ffff:ffff:ffff:ffff:ffff,IM 2a0a:ab00::,2a0a:ab07:ffff:ffff:ffff:ffff:ffff:ffff,ES +2a0a:ab80::,2a0a:ab80:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0a:ac00::,2a0a:ac07:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:ac80::,2a0a:ac87:ffff:ffff:ffff:ffff:ffff:ffff,IT 2a0a:ad00::,2a0a:ad07:ffff:ffff:ffff:ffff:ffff:ffff,UA +2a0a:ad80::,2a0a:ad87:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:ae00::,2a0a:ae07:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:ae80::,2a0a:ae87:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0a:af00::,2a0a:af07:ffff:ffff:ffff:ffff:ffff:ffff,RU +2a0a:af80::,2a0a:af87:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:b000::,2a0a:b000:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:b080::,2a0a:b087:ffff:ffff:ffff:ffff:ffff:ffff,ES 2a0a:b100::,2a0a:b107:ffff:ffff:ffff:ffff:ffff:ffff,RU +2a0a:b180::,2a0a:b187:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a0a:b200::,2a0a:b207:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:b280::,2a0a:b287:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a0a:b300::,2a0a:b307:ffff:ffff:ffff:ffff:ffff:ffff,CZ +2a0a:b380::,2a0a:b387:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a0a:b400::,2a0a:b407:ffff:ffff:ffff:ffff:ffff:ffff,NL +2a0a:b480::,2a0a:b487:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:b500::,2a0a:b507:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:b580::,2a0a:b587:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a0a:b600::,2a0a:b607:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:b680::,2a0a:b687:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a0a:b700::,2a0a:b707:ffff:ffff:ffff:ffff:ffff:ffff,GE +2a0a:b780::,2a0a:b787:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a0a:b800::,2a0a:b807:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:b880::,2a0a:b887:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0a:b900::,2a0a:b907:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:b980::,2a0a:b980:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:ba00::,2a0a:ba07:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:ba80::,2a0a:ba87:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:bb00::,2a0a:bb07:ffff:ffff:ffff:ffff:ffff:ffff,LI +2a0a:bb80::,2a0a:bb87:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:bc00::,2a0a:bc07:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:bc80::,2a0a:bc87:ffff:ffff:ffff:ffff:ffff:ffff,UA 2a0a:bd00::,2a0a:bd00:ffff:ffff:ffff:ffff:ffff:ffff,TR +2a0a:bd80::,2a0a:bd80:ffff:ffff:ffff:ffff:ffff:ffff,DK 2a0a:be00::,2a0a:be07:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:be80::,2a0a:be87:ffff:ffff:ffff:ffff:ffff:ffff,TR 2a0a:bf00::,2a0a:bf07:ffff:ffff:ffff:ffff:ffff:ffff,ES +2a0a:bf80::,2a0a:bf87:ffff:ffff:ffff:ffff:ffff:ffff,UA 2a0a:c000::,2a0a:c007:ffff:ffff:ffff:ffff:ffff:ffff,ES +2a0a:c080::,2a0a:c087:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a0a:c100::,2a0a:c107:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a0a:c180::,2a0a:c187:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:c200::,2a0a:c207:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:c280::,2a0a:c287:ffff:ffff:ffff:ffff:ffff:ffff,CZ 2a0a:c300::,2a0a:c307:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:c380::,2a0a:c387:ffff:ffff:ffff:ffff:ffff:ffff,US 2a0a:c400::,2a0a:c407:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:c480::,2a0a:c487:ffff:ffff:ffff:ffff:ffff:ffff,SA 2a0a:c500::,2a0a:c507:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:c580::,2a0a:c587:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0a:c600::,2a0a:c607:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:c680::,2a0a:c687:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a0a:c700::,2a0a:c707:ffff:ffff:ffff:ffff:ffff:ffff,NL +2a0a:c780::,2a0a:c787:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0a:c800::,2a0a:c807:ffff:ffff:ffff:ffff:ffff:ffff,MD +2a0a:c880::,2a0a:c880:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a0a:c900::,2a0a:c907:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:c980::,2a0a:c987:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:ca00::,2a0a:ca00:ffff:ffff:ffff:ffff:ffff:ffff,FI +2a0a:ca80::,2a0a:ca87:ffff:ffff:ffff:ffff:ffff:ffff,TR 2a0a:cb00::,2a0a:cb07:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a0a:cb80::,2a0a:cb80:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:cc00::,2a0a:cc07:ffff:ffff:ffff:ffff:ffff:ffff,CZ +2a0a:cc80::,2a0a:cc87:ffff:ffff:ffff:ffff:ffff:ffff,NO 2a0a:cd00::,2a0a:cd00:ffff:ffff:ffff:ffff:ffff:ffff,RU +2a0a:cd80::,2a0a:cd87:ffff:ffff:ffff:ffff:ffff:ffff,NO 2a0a:ce00::,2a0a:ce07:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:ce80::,2a0a:ce87:ffff:ffff:ffff:ffff:ffff:ffff,UA 2a0a:cf00::,2a0a:cf07:ffff:ffff:ffff:ffff:ffff:ffff,IT +2a0a:cf80::,2a0a:cf87:ffff:ffff:ffff:ffff:ffff:ffff,UA 2a0a:d000::,2a0a:d007:ffff:ffff:ffff:ffff:ffff:ffff,CH +2a0a:d080::,2a0a:d087:ffff:ffff:ffff:ffff:ffff:ffff,CZ 2a0a:d100::,2a0a:d107:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a0a:d180::,2a0a:d187:ffff:ffff:ffff:ffff:ffff:ffff,GR 2a0a:d200::,2a0a:d207:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0a:d280::,2a0a:d287:ffff:ffff:ffff:ffff:ffff:ffff,CH 2a0a:d300::,2a0a:d307:ffff:ffff:ffff:ffff:ffff:ffff,IT +2a0a:d380::,2a0a:d387:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a0a:d400::,2a0a:d407:ffff:ffff:ffff:ffff:ffff:ffff,IR +2a0a:d480::,2a0a:d487:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:d500::,2a0a:d507:ffff:ffff:ffff:ffff:ffff:ffff,FO +2a0a:d580::,2a0a:d587:ffff:ffff:ffff:ffff:ffff:ffff,MD 2a0a:d600::,2a0a:d607:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:d680::,2a0a:d687:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:d700::,2a0a:d707:ffff:ffff:ffff:ffff:ffff:ffff,CZ +2a0a:d780::,2a0a:d787:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a0a:d800::,2a0a:d807:ffff:ffff:ffff:ffff:ffff:ffff,RU +2a0a:d880::,2a0a:d887:ffff:ffff:ffff:ffff:ffff:ffff,BG 2a0a:d900::,2a0a:d900:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:d980::,2a0a:d987:ffff:ffff:ffff:ffff:ffff:ffff,BG 2a0a:da00::,2a0a:da00:ffff:ffff:ffff:ffff:ffff:ffff,KW +2a0a:da80::,2a0a:da87:ffff:ffff:ffff:ffff:ffff:ffff,BG 2a0a:db00::,2a0a:db00:ffff:ffff:ffff:ffff:ffff:ffff,RU +2a0a:db80::,2a0a:db87:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:dc00::,2a0a:dc07:ffff:ffff:ffff:ffff:ffff:ffff,CH +2a0a:dc80::,2a0a:dc87:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:dd00::,2a0a:dd07:ffff:ffff:ffff:ffff:ffff:ffff,FI +2a0a:dd80::,2a0a:dd87:ffff:ffff:ffff:ffff:ffff:ffff,UA 2a0a:de00::,2a0a:de00:ffff:ffff:ffff:ffff:ffff:ffff,CH +2a0a:de80::,2a0a:de80:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0a:df00::,2a0a:df07:ffff:ffff:ffff:ffff:ffff:ffff,BE +2a0a:df80::,2a0a:df87:ffff:ffff:ffff:ffff:ffff:ffff,CH 2a0a:e000::,2a0a:e007:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:e080::,2a0a:e087:ffff:ffff:ffff:ffff:ffff:ffff,TR 2a0a:e100::,2a0a:e107:ffff:ffff:ffff:ffff:ffff:ffff,FI +2a0a:e180::,2a0a:e187:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a0a:e200::,2a0a:e207:ffff:ffff:ffff:ffff:ffff:ffff,IR +2a0a:e280::,2a0a:e287:ffff:ffff:ffff:ffff:ffff:ffff,GE 2a0a:e300::,2a0a:e303:ffff:ffff:ffff:ffff:ffff:ffff,HR +2a0a:e380::,2a0a:e387:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a0a:e400::,2a0a:e407:ffff:ffff:ffff:ffff:ffff:ffff,RO +2a0a:e480::,2a0a:e487:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:e500::,2a0a:e500:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:e580::,2a0a:e587:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a0a:e600::,2a0a:e600:ffff:ffff:ffff:ffff:ffff:ffff,IR +2a0a:e680::,2a0a:e687:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:e700::,2a0a:e700:ffff:ffff:ffff:ffff:ffff:ffff,DK +2a0a:e780::,2a0a:e787:ffff:ffff:ffff:ffff:ffff:ffff,IE 2a0a:e800::,2a0a:e800:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a0a:e880::,2a0a:e887:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:e900::,2a0a:e907:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:e980::,2a0a:e987:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a0a:ea00::,2a0a:ea00:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:ea80::,2a0a:ea87:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a0a:eb00::,2a0a:eb07:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:eb80::,2a0a:eb80:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0a:ec00::,2a0a:ec07:ffff:ffff:ffff:ffff:ffff:ffff,IT +2a0a:ec80::,2a0a:ec87:ffff:ffff:ffff:ffff:ffff:ffff,LB 2a0a:ed00::,2a0a:ed07:ffff:ffff:ffff:ffff:ffff:ffff,NO +2a0a:ed80::,2a0a:ed87:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:ee00::,2a0a:ee07:ffff:ffff:ffff:ffff:ffff:ffff,RO +2a0a:ee80::,2a0a:ee87:ffff:ffff:ffff:ffff:ffff:ffff,IT 2a0a:ef00::,2a0a:ef07:ffff:ffff:ffff:ffff:ffff:ffff,MD +2a0a:ef80::,2a0a:ef87:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:f000::,2a0a:f000:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:f080::,2a0a:f087:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a0a:f100::,2a0a:f100:ffff:ffff:ffff:ffff:ffff:ffff,LV +2a0a:f180::,2a0a:f187:ffff:ffff:ffff:ffff:ffff:ffff,ES 2a0a:f200::,2a0a:f207:ffff:ffff:ffff:ffff:ffff:ffff,UA +2a0a:f280::,2a0a:f287:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:f300::,2a0a:f307:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a0a:f380::,2a0a:f387:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0a:f400::,2a0a:f407:ffff:ffff:ffff:ffff:ffff:ffff,ES +2a0a:f480::,2a0a:f487:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:f500::,2a0a:f500:ffff:ffff:ffff:ffff:ffff:ffff,AT +2a0a:f580::,2a0a:f587:ffff:ffff:ffff:ffff:ffff:ffff,UA 2a0a:f600::,2a0a:f607:ffff:ffff:ffff:ffff:ffff:ffff,ES +2a0a:f680::,2a0a:f687:ffff:ffff:ffff:ffff:ffff:ffff,DK 2a0a:f700::,2a0a:f707:ffff:ffff:ffff:ffff:ffff:ffff,NL +2a0a:f780::,2a0a:f787:ffff:ffff:ffff:ffff:ffff:ffff,UA 2a0a:f800::,2a0a:f807:ffff:ffff:ffff:ffff:ffff:ffff,FI +2a0a:f880::,2a0a:f887:ffff:ffff:ffff:ffff:ffff:ffff,DK 2a0a:f900::,2a0a:f907:ffff:ffff:ffff:ffff:ffff:ffff,BE +2a0a:f980::,2a0a:f987:ffff:ffff:ffff:ffff:ffff:ffff,IT 2a0a:fa00::,2a0a:fa07:ffff:ffff:ffff:ffff:ffff:ffff,UA +2a0a:fa80::,2a0a:fa87:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a0a:fb00::,2a0a:fb00:ffff:ffff:ffff:ffff:ffff:ffff,CH +2a0a:fb80::,2a0a:fb87:ffff:ffff:ffff:ffff:ffff:ffff,TR 2a0a:fc00::,2a0a:fc07:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:fc80::,2a0a:fc80:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a0a:fd00::,2a0a:fd00:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:fd80::,2a0a:fd87:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0a:fe00::,2a0a:fe03:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0a:fe80::,2a0a:fe87:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a0a:ff00::,2a0a:ff00:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0a:ff80::,2a0a:ff80:ffff:ffff:ffff:ffff:ffff:ffff,CZ 2a0b::,2a0b:7:ffff:ffff:ffff:ffff:ffff:ffff,CZ +2a0b:80::,2a0b:87:ffff:ffff:ffff:ffff:ffff:ffff,CH 2a0b:100::,2a0b:107:ffff:ffff:ffff:ffff:ffff:ffff,NL +2a0b:180::,2a0b:187:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0b:200::,2a0b:207:ffff:ffff:ffff:ffff:ffff:ffff,UA -2a0b:300::,2a0b:307:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0b:280::,2a0b:287:ffff:ffff:ffff:ffff:ffff:ffff,MD +2a0b:300::,2a0b:307:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0b:380::,2a0b:387:ffff:ffff:ffff:ffff:ffff:ffff,DK 2a0b:400::,2a0b:407:ffff:ffff:ffff:ffff:ffff:ffff,IT +2a0b:480::,2a0b:487:ffff:ffff:ffff:ffff:ffff:ffff,UA 2a0b:500::,2a0b:507:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0b:580::,2a0b:580:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a0b:600::,2a0b:600:ffff:ffff:ffff:ffff:ffff:ffff,NO +2a0b:680::,2a0b:687:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a0b:700::,2a0b:707:ffff:ffff:ffff:ffff:ffff:ffff,IL +2a0b:780::,2a0b:787:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a0b:800::,2a0b:807:ffff:ffff:ffff:ffff:ffff:ffff,NO +2a0b:880::,2a0b:880:ffff:ffff:ffff:ffff:ffff:ffff,LU 2a0b:900::,2a0b:900:ffff:ffff:ffff:ffff:ffff:ffff,IR +2a0b:980::,2a0b:980:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a0b:a00::,2a0b:a07:ffff:ffff:ffff:ffff:ffff:ffff,ES +2a0b:a80::,2a0b:a87:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a0b:b00::,2a0b:b07:ffff:ffff:ffff:ffff:ffff:ffff,PL +2a0b:b80::,2a0b:b87:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0b:c00::,2a0b:c00:ffff:ffff:ffff:ffff:ffff:ffff,LT +2a0b:c80::,2a0b:c87:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0b:d00::,2a0b:d07:ffff:ffff:ffff:ffff:ffff:ffff,ES +2a0b:d80::,2a0b:d87:ffff:ffff:ffff:ffff:ffff:ffff,ES 2a0b:e00::,2a0b:e07:ffff:ffff:ffff:ffff:ffff:ffff,FI +2a0b:e80::,2a0b:e87:ffff:ffff:ffff:ffff:ffff:ffff,BE 2a0b:f00::,2a0b:f07:ffff:ffff:ffff:ffff:ffff:ffff,UA +2a0b:f80::,2a0b:f87:ffff:ffff:ffff:ffff:ffff:ffff,IR 2a0b:1000::,2a0b:1007:ffff:ffff:ffff:ffff:ffff:ffff,IR +2a0b:1080::,2a0b:1087:ffff:ffff:ffff:ffff:ffff:ffff,IL 2a0b:1100::,2a0b:1107:ffff:ffff:ffff:ffff:ffff:ffff,SK +2a0b:1180::,2a0b:1187:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a0b:1200::,2a0b:1207:ffff:ffff:ffff:ffff:ffff:ffff,CH +2a0b:1280::,2a0b:1287:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a0b:1300::,2a0b:1307:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0b:1380::,2a0b:1387:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a0b:1400::,2a0b:1407:ffff:ffff:ffff:ffff:ffff:ffff,RU +2a0b:1480::,2a0b:1480:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0b:1500::,2a0b:1507:ffff:ffff:ffff:ffff:ffff:ffff,TR +2a0b:1580::,2a0b:1587:ffff:ffff:ffff:ffff:ffff:ffff,RU 2a0b:1600::,2a0b:1607:ffff:ffff:ffff:ffff:ffff:ffff,UA +2a0b:1680::,2a0b:1680:ffff:ffff:ffff:ffff:ffff:ffff,TR 2a0b:1700::,2a0b:1707:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a0b:1780::,2a0b:1787:ffff:ffff:ffff:ffff:ffff:ffff,RO 2a0b:1800::,2a0b:1807:ffff:ffff:ffff:ffff:ffff:ffff,FR +2a0b:1880::,2a0b:1887:ffff:ffff:ffff:ffff:ffff:ffff,IQ 2a0b:1900::,2a0b:1907:ffff:ffff:ffff:ffff:ffff:ffff,US +2a0b:1980::,2a0b:1987:ffff:ffff:ffff:ffff:ffff:ffff,GR 2a0b:1a00::,2a0b:1a07:ffff:ffff:ffff:ffff:ffff:ffff,IT -2a0b:1b00::,2a0b:1b00:ffff:ffff:ffff:ffff:ffff:ffff,NL +2a0b:1a80::,2a0b:1a87:ffff:ffff:ffff:ffff:ffff:ffff,RU +2a0b:1b00::,2a0b:1b07:ffff:ffff:ffff:ffff:ffff:ffff,NL +2a0b:1b80::,2a0b:1b87:ffff:ffff:ffff:ffff:ffff:ffff,NL 2a0b:1c00::,2a0b:1c07:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0b:1c80::,2a0b:1c87:ffff:ffff:ffff:ffff:ffff:ffff,UZ 2a0b:1d00::,2a0b:1d07:ffff:ffff:ffff:ffff:ffff:ffff,IT +2a0b:1d80::,2a0b:1d80:ffff:ffff:ffff:ffff:ffff:ffff,CH 2a0b:1e00::,2a0b:1e07:ffff:ffff:ffff:ffff:ffff:ffff,HU +2a0b:1e80::,2a0b:1e87:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a0b:1f00::,2a0b:1f07:ffff:ffff:ffff:ffff:ffff:ffff,GB +2a0b:1f80::,2a0b:1f87:ffff:ffff:ffff:ffff:ffff:ffff,ES 2a0b:2000::,2a0b:2007:ffff:ffff:ffff:ffff:ffff:ffff,NL +2a0b:2080::,2a0b:2087:ffff:ffff:ffff:ffff:ffff:ffff,FR 2a0b:2100::,2a0b:2107:ffff:ffff:ffff:ffff:ffff:ffff,IT +2a0b:2180::,2a0b:2180:ffff:ffff:ffff:ffff:ffff:ffff,PL 2a0b:2200::,2a0b:2207:ffff:ffff:ffff:ffff:ffff:ffff,SE +2a0b:2280::,2a0b:2287:ffff:ffff:ffff:ffff:ffff:ffff,IE 2a0b:2300::,2a0b:2300:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0b:2400::,2a0b:2400:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0b:2500::,2a0b:2507:ffff:ffff:ffff:ffff:ffff:ffff,PL @@ -31876,7 +32300,7 @@ 2a0b:4a00::,2a0b:4a07:ffff:ffff:ffff:ffff:ffff:ffff,IR 2a0b:4b00::,2a0b:4b07:ffff:ffff:ffff:ffff:ffff:ffff,SE 2a0b:4c00::,2a0b:4c07:ffff:ffff:ffff:ffff:ffff:ffff,GB -2a0b:4d00::,2a0b:4d00:ffff:ffff:ffff:ffff:ffff:ffff,DE +2a0b:4d00::,2a0b:4d07:ffff:ffff:ffff:ffff:ffff:ffff,DE 2a0b:4e00::,2a0b:4e07:ffff:ffff:ffff:ffff:ffff:ffff,GB 2a0b:4f00::,2a0b:4f07:ffff:ffff:ffff:ffff:ffff:ffff,IE 2a0b:5000::,2a0b:5007:ffff:ffff:ffff:ffff:ffff:ffff,RO @@ -32114,6 +32538,9 @@ 2c0f:f3a8::,2c0f:f3a8:ffff:ffff:ffff:ffff:ffff:ffff,NG 2c0f:f3b0::,2c0f:f3b0:ffff:ffff:ffff:ffff:ffff:ffff,CI 2c0f:f3b8::,2c0f:f3b8:ffff:ffff:ffff:ffff:ffff:ffff,NG +2c0f:f3c0::,2c0f:f3c0:ffff:ffff:ffff:ffff:ffff:ffff,ZA +2c0f:f3c8::,2c0f:f3c8:ffff:ffff:ffff:ffff:ffff:ffff,ZA +2c0f:f3d0::,2c0f:f3d0:ffff:ffff:ffff:ffff:ffff:ffff,MZ 2c0f:f400::,2c0f:f400:ffff:ffff:ffff:ffff:ffff:ffff,ZA 2c0f:f408::,2c0f:f408:ffff:ffff:ffff:ffff:ffff:ffff,KE 2c0f:f410::,2c0f:f410:ffff:ffff:ffff:ffff:ffff:ffff,NG @@ -32221,7 +32648,7 @@ 2c0f:f748::,2c0f:f748:ffff:ffff:ffff:ffff:ffff:ffff,MU 2c0f:f750::,2c0f:f750:ffff:ffff:ffff:ffff:ffff:ffff,UG 2c0f:f758::,2c0f:f758:ffff:ffff:ffff:ffff:ffff:ffff,ZW -2c0f:f760::,2c0f:f760:ffff:ffff:ffff:ffff:ffff:ffff,ZA +2c0f:f760::,2c0f:f760:ffff:ffff:ffff:ffff:ffff:ffff,ZM 2c0f:f768::,2c0f:f768:ffff:ffff:ffff:ffff:ffff:ffff,NG 2c0f:f770::,2c0f:f770:ffff:ffff:ffff:ffff:ffff:ffff,BJ 2c0f:f778::,2c0f:f778:ffff:ffff:ffff:ffff:ffff:ffff,NA diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in index 5328206da9..37777443ac 100644 --- a/src/config/torrc.sample.in +++ b/src/config/torrc.sample.in @@ -95,7 +95,12 @@ ## If you have multiple network interfaces, you can specify one for ## outgoing traffic to use. -# OutboundBindAddress 10.0.0.5 +## OutboundBindAddressExit will be used for all exit traffic, while +## OutboundBindAddressOR will be used for all other connections. +## If you do not wish to differentiate, use OutboundBindAddress to +## specify the same address for both in a single line. +#OutboundBindAddressExit 10.0.0.4 +#OutboundBindAddressOR 10.0.0.5 ## A handle for your relay, so people don't have to refer to it by key. ## Nicknames must be between 1 and 19 characters inclusive, and must diff --git a/src/or/bridges.c b/src/or/bridges.c index 7d1acdfeaa..8b37f412ea 100644 --- a/src/or/bridges.c +++ b/src/or/bridges.c @@ -761,29 +761,13 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) fmt_and_decorate_addr(&bridge->addr), (int) bridge->port); } - if (get_options()->UseDeprecatedGuardAlgorithm) { -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - add_bridge_as_entry_guard(get_guard_selection_info(), node); -#else - tor_assert_nonfatal_unreached(); -#endif - } else { - entry_guard_learned_bridge_identity(&bridge->addrport_configured, - (const uint8_t*)ri->cache_info.identity_digest); - } + entry_guard_learned_bridge_identity(&bridge->addrport_configured, + (const uint8_t*)ri->cache_info.identity_digest); log_notice(LD_DIR, "new bridge descriptor '%s' (%s): %s", ri->nickname, from_cache ? "cached" : "fresh", router_describe(ri)); /* set entry->made_contact so if it goes down we don't drop it from * our entry node list */ - if (get_options()->UseDeprecatedGuardAlgorithm) { -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - entry_guard_register_connect_status(ri->cache_info.identity_digest, - 1, 0, now); -#else - tor_assert_nonfatal_unreached(); -#endif - } if (first) { routerlist_retry_directory_downloads(now); } diff --git a/src/or/channel.c b/src/or/channel.c index 2951a1d665..45f1602ab2 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -2318,121 +2318,120 @@ channel_flush_some_cells_from_outgoing_queue(channel_t *chan, free_q = 0; handed_off = 0; - if (1) { - /* Figure out how big it is for statistical purposes */ - cell_size = channel_get_cell_queue_entry_size(chan, q); - /* - * Okay, we have a good queue entry, try to give it to the lower - * layer. - */ - switch (q->type) { - case CELL_QUEUE_FIXED: - if (q->u.fixed.cell) { - if (chan->write_cell(chan, - q->u.fixed.cell)) { - ++flushed; - channel_timestamp_xmit(chan); - ++(chan->n_cells_xmitted); - chan->n_bytes_xmitted += cell_size; - free_q = 1; - handed_off = 1; - } - /* Else couldn't write it; leave it on the queue */ - } else { - /* This shouldn't happen */ - log_info(LD_CHANNEL, - "Saw broken cell queue entry of type CELL_QUEUE_FIXED " - "with no cell on channel %p " - "(global ID " U64_FORMAT ").", - chan, U64_PRINTF_ARG(chan->global_identifier)); - /* Throw it away */ - free_q = 1; - handed_off = 0; - } - break; - case CELL_QUEUE_PACKED: - if (q->u.packed.packed_cell) { - if (chan->write_packed_cell(chan, - q->u.packed.packed_cell)) { - ++flushed; - channel_timestamp_xmit(chan); - ++(chan->n_cells_xmitted); - chan->n_bytes_xmitted += cell_size; - free_q = 1; - handed_off = 1; - } - /* Else couldn't write it; leave it on the queue */ - } else { - /* This shouldn't happen */ - log_info(LD_CHANNEL, - "Saw broken cell queue entry of type CELL_QUEUE_PACKED " - "with no cell on channel %p " - "(global ID " U64_FORMAT ").", - chan, U64_PRINTF_ARG(chan->global_identifier)); - /* Throw it away */ - free_q = 1; - handed_off = 0; - } - break; - case CELL_QUEUE_VAR: - if (q->u.var.var_cell) { - if (chan->write_var_cell(chan, - q->u.var.var_cell)) { - ++flushed; - channel_timestamp_xmit(chan); - ++(chan->n_cells_xmitted); - chan->n_bytes_xmitted += cell_size; - free_q = 1; - handed_off = 1; - } - /* Else couldn't write it; leave it on the queue */ - } else { - /* This shouldn't happen */ - log_info(LD_CHANNEL, - "Saw broken cell queue entry of type CELL_QUEUE_VAR " - "with no cell on channel %p " - "(global ID " U64_FORMAT ").", - chan, U64_PRINTF_ARG(chan->global_identifier)); - /* Throw it away */ - free_q = 1; - handed_off = 0; - } - break; - default: - /* Unknown type, log and free it */ - log_info(LD_CHANNEL, - "Saw an unknown cell queue entry type %d on channel %p " - "(global ID " U64_FORMAT "; ignoring it." - " Someone should fix this.", - q->type, chan, U64_PRINTF_ARG(chan->global_identifier)); + /* Figure out how big it is for statistical purposes */ + cell_size = channel_get_cell_queue_entry_size(chan, q); + /* + * Okay, we have a good queue entry, try to give it to the lower + * layer. + */ + switch (q->type) { + case CELL_QUEUE_FIXED: + if (q->u.fixed.cell) { + if (chan->write_cell(chan, + q->u.fixed.cell)) { + ++flushed; + channel_timestamp_xmit(chan); + ++(chan->n_cells_xmitted); + chan->n_bytes_xmitted += cell_size; + free_q = 1; + handed_off = 1; + } + /* Else couldn't write it; leave it on the queue */ + } else { + /* This shouldn't happen */ + log_info(LD_CHANNEL, + "Saw broken cell queue entry of type CELL_QUEUE_FIXED " + "with no cell on channel %p " + "(global ID " U64_FORMAT ").", + chan, U64_PRINTF_ARG(chan->global_identifier)); + /* Throw it away */ + free_q = 1; + handed_off = 0; + } + break; + case CELL_QUEUE_PACKED: + if (q->u.packed.packed_cell) { + if (chan->write_packed_cell(chan, + q->u.packed.packed_cell)) { + ++flushed; + channel_timestamp_xmit(chan); + ++(chan->n_cells_xmitted); + chan->n_bytes_xmitted += cell_size; + free_q = 1; + handed_off = 1; + } + /* Else couldn't write it; leave it on the queue */ + } else { + /* This shouldn't happen */ + log_info(LD_CHANNEL, + "Saw broken cell queue entry of type CELL_QUEUE_PACKED " + "with no cell on channel %p " + "(global ID " U64_FORMAT ").", + chan, U64_PRINTF_ARG(chan->global_identifier)); + /* Throw it away */ + free_q = 1; + handed_off = 0; + } + break; + case CELL_QUEUE_VAR: + if (q->u.var.var_cell) { + if (chan->write_var_cell(chan, + q->u.var.var_cell)) { + ++flushed; + channel_timestamp_xmit(chan); + ++(chan->n_cells_xmitted); + chan->n_bytes_xmitted += cell_size; free_q = 1; - handed_off = 0; + handed_off = 1; + } + /* Else couldn't write it; leave it on the queue */ + } else { + /* This shouldn't happen */ + log_info(LD_CHANNEL, + "Saw broken cell queue entry of type CELL_QUEUE_VAR " + "with no cell on channel %p " + "(global ID " U64_FORMAT ").", + chan, U64_PRINTF_ARG(chan->global_identifier)); + /* Throw it away */ + free_q = 1; + handed_off = 0; } + break; + default: + /* Unknown type, log and free it */ + log_info(LD_CHANNEL, + "Saw an unknown cell queue entry type %d on channel %p " + "(global ID " U64_FORMAT "; ignoring it." + " Someone should fix this.", + q->type, chan, U64_PRINTF_ARG(chan->global_identifier)); + free_q = 1; + handed_off = 0; + } + /* + * if free_q is set, we used it and should remove the queue entry; + * we have to do the free down here so TOR_SIMPLEQ_REMOVE_HEAD isn't + * accessing freed memory + */ + if (free_q) { + TOR_SIMPLEQ_REMOVE_HEAD(&chan->outgoing_queue, next); /* - * if free_q is set, we used it and should remove the queue entry; - * we have to do the free down here so TOR_SIMPLEQ_REMOVE_HEAD isn't - * accessing freed memory + * ...and we handed a cell off to the lower layer, so we should + * update the counters. */ - if (free_q) { - TOR_SIMPLEQ_REMOVE_HEAD(&chan->outgoing_queue, next); - /* - * ...and we handed a cell off to the lower layer, so we should - * update the counters. - */ - ++n_channel_cells_passed_to_lower_layer; - --n_channel_cells_in_queues; - n_channel_bytes_passed_to_lower_layer += cell_size; - n_channel_bytes_in_queues -= cell_size; - channel_assert_counter_consistency(); - /* Update the channel's queue size too */ - chan->bytes_in_queue -= cell_size; - /* Finally, free q */ - cell_queue_entry_free(q, handed_off); - q = NULL; - } + ++n_channel_cells_passed_to_lower_layer; + --n_channel_cells_in_queues; + n_channel_bytes_passed_to_lower_layer += cell_size; + n_channel_bytes_in_queues -= cell_size; + channel_assert_counter_consistency(); + /* Update the channel's queue size too */ + chan->bytes_in_queue -= cell_size; + /* Finally, free q */ + cell_queue_entry_free(q, handed_off); + q = NULL; + } else { /* No cell removed from list, so we can't go on any further */ - else break; + break; } } } @@ -2578,19 +2577,6 @@ channel_do_open_actions(channel_t *chan) if (started_here) { circuit_build_times_network_is_live(get_circuit_build_times_mutable()); rep_hist_note_connect_succeeded(chan->identity_digest, now); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - // XXXX prop271 this call is no longer useful with the new algorithm. - if (entry_guard_register_connect_status( - chan->identity_digest, 1, 0, now) < 0) { - /* Close any circuits pending on this channel. We leave it in state - * 'open' though, because it didn't actually *fail* -- we just - * chose not to use it. */ - log_debug(LD_OR, - "New entry guard was reachable, but closing this " - "connection so we can retry the earlier entry guards."); - close_origin_circuits = 1; - } -#endif router_set_status(chan->identity_digest, 1); } else { /* only report it to the geoip module if it's not a known router */ diff --git a/src/or/circpathbias.c b/src/or/circpathbias.c index d86d70f1ff..cdcb6deae4 100644 --- a/src/or/circpathbias.c +++ b/src/or/circpathbias.c @@ -1279,10 +1279,6 @@ pathbias_measure_use_rate(entry_guard_t *guard) tor_lround(pb->timeouts), tor_lround(get_circuit_build_close_time_ms()/1000)); pb->path_bias_disabled = 1; -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - // XXXX - entry_guard_mark_bad(guard); -#endif return; } } else if (!pb->path_bias_use_extreme) { @@ -1388,10 +1384,6 @@ pathbias_measure_close_rate(entry_guard_t *guard) tor_lround(pb->timeouts), tor_lround(get_circuit_build_close_time_ms()/1000)); pb->path_bias_disabled = 1; -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - // XXXX - entry_guard_mark_bad(guard); -#endif return; } } else if (!pb->path_bias_extreme) { diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 55929c1666..f11c865ad0 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -967,10 +967,7 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) if (!hop) { /* done building the circuit. whew. */ guard_usable_t r; - if (get_options()->UseDeprecatedGuardAlgorithm) { - // The circuit is usable; we already marked the guard as okay. - r = GUARD_USABLE_NOW; - } else if (! circ->guard_state) { + if (! circ->guard_state) { if (circuit_get_cpath_len(circ) != 1 && circ->base_.purpose != CIRCUIT_PURPOSE_TESTING && get_options()->UseEntryGuards) { @@ -1017,7 +1014,7 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) "Assuming clock jump. Purpose %d (%s)", timediff, circ->base_.purpose, circuit_purpose_to_string(circ->base_.purpose)); - } else if (!circuit_build_times_disabled()) { + } else if (!circuit_build_times_disabled(get_options())) { /* Only count circuit times if the network is live */ if (circuit_build_times_network_check_live( get_circuit_build_times())) { @@ -2308,26 +2305,6 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state, * family. */ nodelist_add_node_and_family(excluded, node); } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - /* and exclude current entry guards and their families, - * unless we're in a test network, and excluding guards - * would exclude all nodes (i.e. we're in an incredibly small tor network, - * or we're using TestingAuthVoteGuard *). - * This is an incomplete fix, but is no worse than the previous behaviour, - * and only applies to minimal, testing tor networks - * (so it's no less secure) */ - if (options->UseEntryGuards - && (!options->TestingTorNetwork || - smartlist_len(nodelist_get_list()) > smartlist_len(get_entry_guards()) - )) { - SMARTLIST_FOREACH(get_entry_guards(), const entry_guard_t *, entry, - { - if ((node = entry_guard_find_node(entry))) { - nodelist_add_node_and_family(excluded, node); - } - }); - } -#endif if (state) { if (state->need_uptime) diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 5943e516ff..54a7db9dbf 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -509,6 +509,39 @@ circuit_count_pending_on_channel(channel_t *chan) return cnt; } +/** Remove <b>origin_circ</b> from the global list of origin circuits. + * Called when we are freeing a circuit. + */ +static void +circuit_remove_from_origin_circuit_list(origin_circuit_t *origin_circ) +{ + int origin_idx = origin_circ->global_origin_circuit_list_idx; + if (origin_idx < 0) + return; + origin_circuit_t *c2; + tor_assert(origin_idx <= smartlist_len(global_origin_circuit_list)); + c2 = smartlist_get(global_origin_circuit_list, origin_idx); + tor_assert(origin_circ == c2); + smartlist_del(global_origin_circuit_list, origin_idx); + if (origin_idx < smartlist_len(global_origin_circuit_list)) { + origin_circuit_t *replacement = + smartlist_get(global_origin_circuit_list, origin_idx); + replacement->global_origin_circuit_list_idx = origin_idx; + } + origin_circ->global_origin_circuit_list_idx = -1; +} + +/** Add <b>origin_circ</b> to the global list of origin circuits. Called + * when creating the circuit. */ +static void +circuit_add_to_origin_circuit_list(origin_circuit_t *origin_circ) +{ + tor_assert(origin_circ->global_origin_circuit_list_idx == -1); + smartlist_t *lst = circuit_get_global_origin_circuit_list(); + smartlist_add(lst, origin_circ); + origin_circ->global_origin_circuit_list_idx = smartlist_len(lst) - 1; +} + /** Detach from the global circuit list, and deallocate, all * circuits that have been marked for close. */ @@ -533,15 +566,7 @@ circuit_close_all_marked(void) /* Remove it from the origin circuit list, if appropriate. */ if (CIRCUIT_IS_ORIGIN(circ)) { - origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ); - int origin_idx = origin_circ->global_origin_circuit_list_idx; - smartlist_del(global_origin_circuit_list, origin_idx); - if (origin_idx < smartlist_len(global_origin_circuit_list)) { - origin_circuit_t *replacement = - smartlist_get(global_origin_circuit_list, origin_idx); - replacement->global_origin_circuit_list_idx = origin_idx; - } - origin_circ->global_origin_circuit_list_idx = -1; + circuit_remove_from_origin_circuit_list(TO_ORIGIN_CIRCUIT(circ)); } circuit_about_to_free(circ); @@ -566,7 +591,7 @@ circuit_get_global_origin_circuit_list(void) { if (NULL == global_origin_circuit_list) global_origin_circuit_list = smartlist_new(); - return global_circuitlist; + return global_origin_circuit_list; } /** Function to make circ-\>state human-readable */ @@ -811,11 +836,8 @@ origin_circuit_new(void) init_circuit_base(TO_CIRCUIT(circ)); /* Add to origin-list. */ - if (!global_origin_circuit_list) - global_origin_circuit_list = smartlist_new(); - smartlist_add(global_origin_circuit_list, circ); - circ->global_origin_circuit_list_idx = - smartlist_len(global_origin_circuit_list) - 1; + circ->global_origin_circuit_list_idx = -1; + circuit_add_to_origin_circuit_list(circ); circuit_build_times_update_last_circ(get_circuit_build_times_mutable()); @@ -875,16 +897,7 @@ circuit_free(circuit_t *circ) memlen = sizeof(origin_circuit_t); tor_assert(circ->magic == ORIGIN_CIRCUIT_MAGIC); - if (ocirc->global_origin_circuit_list_idx != -1) { - int idx = ocirc->global_origin_circuit_list_idx; - origin_circuit_t *c2 = smartlist_get(global_origin_circuit_list, idx); - tor_assert(c2 == ocirc); - smartlist_del(global_origin_circuit_list, idx); - if (idx < smartlist_len(global_origin_circuit_list)) { - c2 = smartlist_get(global_origin_circuit_list, idx); - c2->global_origin_circuit_list_idx = idx; - } - } + circuit_remove_from_origin_circuit_list(ocirc); if (ocirc->build_state) { extend_info_free(ocirc->build_state->chosen_exit); @@ -1440,6 +1453,41 @@ circuit_get_ready_rend_circ_by_rend_data(const rend_data_t *rend_data) return NULL; } +/** Return the first service introduction circuit originating from the global + * circuit list after <b>start</b> or at the start of the list if <b>start</b> + * is NULL. Return NULL if no circuit is found. + * + * A service introduction point circuit has a purpose of either + * CIRCUIT_PURPOSE_S_ESTABLISH_INTRO or CIRCUIT_PURPOSE_S_INTRO. This does not + * return a circuit marked for close and its state must be open. */ +origin_circuit_t * +circuit_get_next_service_intro_circ(origin_circuit_t *start) +{ + int idx = 0; + smartlist_t *lst = circuit_get_global_list(); + + if (start) { + idx = TO_CIRCUIT(start)->global_circuitlist_idx + 1; + } + + for ( ; idx < smartlist_len(lst); ++idx) { + circuit_t *circ = smartlist_get(lst, idx); + + /* Ignore a marked for close circuit or purpose not matching a service + * intro point or if the state is not open. */ + if (circ->marked_for_close || circ->state != CIRCUIT_STATE_OPEN || + (circ->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO && + circ->purpose != CIRCUIT_PURPOSE_S_INTRO)) { + continue; + } + /* The purposes we are looking for are only for origin circuits so the + * following is valid. */ + return TO_ORIGIN_CIRCUIT(circ); + } + /* Not found. */ + return NULL; +} + /** Return the first circuit originating here in global_circuitlist after * <b>start</b> whose purpose is <b>purpose</b>, and where <b>digest</b> (if * set) matches the private key digest of the rend data associated with the @@ -1810,6 +1858,9 @@ circuit_about_to_free(circuit_t *circ) if (circuits_pending_chans) smartlist_remove(circuits_pending_chans, circ); } + if (circuits_pending_other_guards) { + smartlist_remove(circuits_pending_other_guards, circ); + } if (CIRCUIT_IS_ORIGIN(circ)) { control_event_circuit_status(TO_ORIGIN_CIRCUIT(circ), (circ->state == CIRCUIT_STATE_OPEN || diff --git a/src/or/circuitlist.h b/src/or/circuitlist.h index d83801a7a8..6abee37dc4 100644 --- a/src/or/circuitlist.h +++ b/src/or/circuitlist.h @@ -47,6 +47,7 @@ origin_circuit_t *circuit_get_ready_rend_circ_by_rend_data( const rend_data_t *rend_data); origin_circuit_t *circuit_get_next_by_pk_and_purpose(origin_circuit_t *start, const uint8_t *digest, uint8_t purpose); +origin_circuit_t *circuit_get_next_service_intro_circ(origin_circuit_t *start); origin_circuit_t *circuit_find_to_cannibalize(uint8_t purpose, extend_info_t *info, int flags); void circuit_mark_all_unused_circs(void); diff --git a/src/or/circuitstats.c b/src/or/circuitstats.c index 6cb99e4175..48cb89dc37 100644 --- a/src/or/circuitstats.c +++ b/src/or/circuitstats.c @@ -105,12 +105,11 @@ get_circuit_build_timeout_ms(void) * 6. If we are configured in Single Onion mode */ int -circuit_build_times_disabled(void) +circuit_build_times_disabled(const or_options_t *options) { if (unit_tests) { return 0; } else { - const or_options_t *options = get_options(); int consensus_disabled = networkstatus_get_param(NULL, "cbtdisabled", 0, 0, 1); int config_disabled = !options->LearnCircuitBuildTimeout; @@ -417,7 +416,7 @@ circuit_build_times_new_consensus_params(circuit_build_times_t *cbt, * update if we aren't. */ - if (!circuit_build_times_disabled()) { + if (!circuit_build_times_disabled(get_options())) { num = circuit_build_times_recent_circuit_count(ns); if (num > 0) { @@ -493,14 +492,15 @@ static double circuit_build_times_get_initial_timeout(void) { double timeout; + const or_options_t *options = get_options(); /* * Check if we have LearnCircuitBuildTimeout, and if we don't, * always use CircuitBuildTimeout, no questions asked. */ - if (!unit_tests && get_options()->CircuitBuildTimeout) { - timeout = get_options()->CircuitBuildTimeout*1000; - if (!circuit_build_times_disabled() && + if (!unit_tests && options->CircuitBuildTimeout) { + timeout = options->CircuitBuildTimeout*1000; + if (!circuit_build_times_disabled(options) && timeout < circuit_build_times_min_timeout()) { log_warn(LD_CIRC, "Config CircuitBuildTimeout too low. Setting to %ds", circuit_build_times_min_timeout()/1000); @@ -542,7 +542,7 @@ circuit_build_times_init(circuit_build_times_t *cbt) * Check if we really are using adaptive timeouts, and don't keep * track of this stuff if not. */ - if (!circuit_build_times_disabled()) { + if (!circuit_build_times_disabled(get_options())) { cbt->liveness.num_recent_circs = circuit_build_times_recent_circuit_count(NULL); cbt->liveness.timeouts_after_firsthop = @@ -906,7 +906,7 @@ circuit_build_times_parse_state(circuit_build_times_t *cbt, int err = 0; circuit_build_times_init(cbt); - if (circuit_build_times_disabled()) { + if (circuit_build_times_disabled(get_options())) { return 0; } @@ -1507,7 +1507,7 @@ circuit_build_times_count_close(circuit_build_times_t *cbt, int did_onehop, time_t start_time) { - if (circuit_build_times_disabled()) { + if (circuit_build_times_disabled(get_options())) { cbt->close_ms = cbt->timeout_ms = circuit_build_times_get_initial_timeout(); return 0; @@ -1538,7 +1538,7 @@ void circuit_build_times_count_timeout(circuit_build_times_t *cbt, int did_onehop) { - if (circuit_build_times_disabled()) { + if (circuit_build_times_disabled(get_options())) { cbt->close_ms = cbt->timeout_ms = circuit_build_times_get_initial_timeout(); return; @@ -1612,7 +1612,7 @@ circuit_build_times_set_timeout(circuit_build_times_t *cbt) /* * Just return if we aren't using adaptive timeouts */ - if (circuit_build_times_disabled()) + if (circuit_build_times_disabled(get_options())) return; if (!circuit_build_times_set_timeout_worker(cbt)) diff --git a/src/or/circuitstats.h b/src/or/circuitstats.h index 72b160983f..23910276ae 100644 --- a/src/or/circuitstats.h +++ b/src/or/circuitstats.h @@ -17,7 +17,7 @@ circuit_build_times_t *get_circuit_build_times_mutable(void); double get_circuit_build_close_time_ms(void); double get_circuit_build_timeout_ms(void); -int circuit_build_times_disabled(void); +int circuit_build_times_disabled(const or_options_t *options); int circuit_build_times_enough_to_compute(const circuit_build_times_t *cbt); void circuit_build_times_update_state(const circuit_build_times_t *cbt, or_state_t *state); diff --git a/src/or/circuituse.c b/src/or/circuituse.c index ecd35af9dd..c2b450606b 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1140,7 +1140,7 @@ needs_circuits_for_build(int num) { if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN) { if (num < CBT_MAX_UNUSED_OPEN_CIRCUITS && - !circuit_build_times_disabled() && + !circuit_build_times_disabled(get_options()) && circuit_build_times_needs_circuits_now(get_circuit_build_times())) { return 1; } @@ -1400,7 +1400,7 @@ circuit_expire_old_circuits_clientside(void) cutoff = now; last_expired_clientside_circuits = now.tv_sec; - if (! circuit_build_times_disabled() && + if (! circuit_build_times_disabled(get_options()) && circuit_build_times_needs_circuits(get_circuit_build_times())) { /* Circuits should be shorter lived if we need more of them * for learning a good build timeout */ @@ -1732,10 +1732,6 @@ circuit_build_failed(origin_circuit_t *circ) /* New guard API: we failed. */ if (circ->guard_state) entry_guard_failed(&circ->guard_state); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - /* Old guard API: we failed. */ - entry_guard_register_connect_status(n_chan_id, 0, 1, time(NULL)); -#endif /* if there are any one-hop streams waiting on this circuit, fail * them now so they can retry elsewhere. */ connection_ap_fail_onehop(n_chan_id, circ->build_state); diff --git a/src/or/config.c b/src/or/config.c index 7f789c49f3..1ea8712379 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -183,8 +183,17 @@ static config_abbrev_t option_abbrevs_[] = { /** An entry for config_vars: "The option <b>name</b> is obsolete." */ #define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL } -#define VPORT(member,conftype,initvalue) \ - VAR(#member, conftype, member ## _lines, initvalue) +/** + * Macro to declare *Port options. Each one comes in three entries. + * For example, most users should use "SocksPort" to configure the + * socks port, but TorBrowser wants to use __SocksPort so that it + * isn't stored by SAVECONF. The SocksPortLines virtual option is + * used to query both options from the controller. + */ +#define VPORT(member) \ + VAR(#member "Lines", LINELIST_V, member ## _lines, NULL), \ + VAR(#member, LINELIST_S, member ## _lines, NULL), \ + VAR("__" #member, LINELIST_S, member ## _lines, NULL) /** Array of configuration options. Until we disallow nonstandard * abbreviations, order is significant, since the first matching option will @@ -212,7 +221,7 @@ static config_var_t option_vars_[] = { V(AuthDirInvalidCCs, CSV, ""), V(AuthDirFastGuarantee, MEMUNIT, "100 KB"), V(AuthDirGuardBWGuarantee, MEMUNIT, "2 MB"), - V(AuthDirPinKeys, BOOL, "0"), + V(AuthDirPinKeys, BOOL, "1"), V(AuthDirReject, LINELIST, NULL), V(AuthDirRejectCCs, CSV, ""), OBSOLETE("AuthDirRejectUnlisted"), @@ -253,7 +262,7 @@ static config_var_t option_vars_[] = { V(ConstrainedSockSize, MEMUNIT, "8192"), V(ContactInfo, STRING, NULL), V(ControlListenAddress, LINELIST, NULL), - VPORT(ControlPort, LINELIST, NULL), + VPORT(ControlPort), V(ControlPortFileGroupReadable,BOOL, "0"), V(ControlPortWriteToFile, FILENAME, NULL), V(ControlSocket, LINELIST, NULL), @@ -271,7 +280,7 @@ static config_var_t option_vars_[] = { V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"), V(DirListenAddress, LINELIST, NULL), V(DirPolicy, LINELIST, NULL), - VPORT(DirPort, LINELIST, NULL), + VPORT(DirPort), V(DirPortFrontPage, FILENAME, NULL), VAR("DirReqStatistics", BOOL, DirReqStatistics_option, "1"), VAR("DirAuthority", LINELIST, DirAuthorities, NULL), @@ -282,7 +291,7 @@ static config_var_t option_vars_[] = { OBSOLETE("DisableIOCP"), OBSOLETE("DisableV2DirectoryInfo_"), OBSOLETE("DynamicDHGroups"), - VPORT(DNSPort, LINELIST, NULL), + VPORT(DNSPort), V(DNSListenAddress, LINELIST, NULL), V(DownloadExtraInfo, BOOL, "0"), V(TestingEnableConnBwEvent, BOOL, "0"), @@ -302,15 +311,12 @@ static config_var_t option_vars_[] = { V(ExitPortStatistics, BOOL, "0"), V(ExtendAllowPrivateAddresses, BOOL, "0"), V(ExitRelay, AUTOBOOL, "auto"), - VPORT(ExtORPort, LINELIST, NULL), + VPORT(ExtORPort), V(ExtORPortCookieAuthFile, STRING, NULL), V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"), V(ExtraInfoStatistics, BOOL, "1"), V(ExtendByEd25519ID, AUTOBOOL, "auto"), V(FallbackDir, LINELIST, NULL), - /* XXXX prop271 -- this has an ugly name to remind us to remove it. */ - VAR("UseDeprecatedGuardAlgorithm_", BOOL, - UseDeprecatedGuardAlgorithm, "0"), V(UseDefaultFallbackDirs, BOOL, "1"), @@ -393,7 +399,7 @@ static config_var_t option_vars_[] = { V(NewCircuitPeriod, INTERVAL, "30 seconds"), OBSOLETE("NamingAuthoritativeDirectory"), V(NATDListenAddress, LINELIST, NULL), - VPORT(NATDPort, LINELIST, NULL), + VPORT(NATDPort), V(Nickname, STRING, NULL), V(PredictedPortsRelevanceTime, INTERVAL, "1 hour"), V(WarnUnsafeSocks, BOOL, "1"), @@ -403,8 +409,10 @@ static config_var_t option_vars_[] = { V(NumEntryGuards, UINT, "0"), V(OfflineMasterKey, BOOL, "0"), V(ORListenAddress, LINELIST, NULL), - VPORT(ORPort, LINELIST, NULL), + VPORT(ORPort), V(OutboundBindAddress, LINELIST, NULL), + V(OutboundBindAddressOR, LINELIST, NULL), + V(OutboundBindAddressExit, LINELIST, NULL), OBSOLETE("PathBiasDisableRate"), V(PathBiasCircThreshold, INT, "-1"), @@ -475,7 +483,7 @@ static config_var_t option_vars_[] = { V(ShutdownWaitLength, INTERVAL, "30 seconds"), V(SocksListenAddress, LINELIST, NULL), V(SocksPolicy, LINELIST, NULL), - VPORT(SocksPort, LINELIST, NULL), + VPORT(SocksPort), V(SocksTimeout, INTERVAL, "2 minutes"), V(SSLKeyLifetime, INTERVAL, "0"), OBSOLETE("StrictEntryNodes"), @@ -490,7 +498,7 @@ static config_var_t option_vars_[] = { V(TrackHostExits, CSV, NULL), V(TrackHostExitsExpire, INTERVAL, "30 minutes"), V(TransListenAddress, LINELIST, NULL), - VPORT(TransPort, LINELIST, NULL), + VPORT(TransPort), V(TransProxyType, STRING, "default"), OBSOLETE("TunnelDirConns"), V(UpdateBridgesFromAuthority, BOOL, "0"), @@ -1578,7 +1586,6 @@ options_transition_affects_guards(const or_options_t *old, return (old->UseEntryGuards != new->UseEntryGuards || - old->UseDeprecatedGuardAlgorithm != new->UseDeprecatedGuardAlgorithm || old->UseBridges != new->UseBridges || old->UseEntryGuards != new->UseEntryGuards || old->ClientUseIPv4 != new->ClientUseIPv4 || @@ -2097,15 +2104,6 @@ options_act(const or_options_t *old_options) !options->BridgeAuthoritativeDir) rep_hist_desc_stats_term(); - /* Check if we need to parse and add the EntryNodes config option. */ -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - if (options->EntryNodes && - (!old_options || - !routerset_equal(old_options->EntryNodes,options->EntryNodes) || - !routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes))) - entry_nodes_should_be_added(); -#endif - /* Since our options changed, we might need to regenerate and upload our * server descriptor. */ @@ -3009,13 +3007,6 @@ options_validate(or_options_t *old_options, or_options_t *options, warn_about_relative_paths(options); -#ifndef ENABLE_LEGACY_GUARD_ALGORITHM - if (options->UseDeprecatedGuardAlgorithm) { - log_warn(LD_CONFIG, "DeprecatedGuardAlgorithm not supported."); - return -1; - } -#endif - if (server_mode(options) && (!strcmpstart(uname, "Windows 95") || !strcmpstart(uname, "Windows 98") || @@ -3361,23 +3352,6 @@ options_validate(or_options_t *old_options, or_options_t *options, "of the Internet, so they must not set Reachable*Addresses " "or FascistFirewall or FirewallPorts or ClientUseIPv4 0."); - /* We check if Reachable*Addresses blocks all addresses in - * parse_reachable_addresses(). */ - -#define WARN_PLEASE_USE_IPV6_LOG_MSG \ - "ClientPreferIPv6%sPort 1 is ignored unless tor is using IPv6. " \ - "Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges." - - if (!fascist_firewall_use_ipv6(options) - && options->ClientPreferIPv6ORPort == 1) - log_warn(LD_CONFIG, WARN_PLEASE_USE_IPV6_LOG_MSG, "OR"); - - if (!fascist_firewall_use_ipv6(options) - && options->ClientPreferIPv6DirPort == 1) - log_warn(LD_CONFIG, WARN_PLEASE_USE_IPV6_LOG_MSG, "Dir"); - -#undef WARN_PLEASE_USE_IPV6_LOG_MSG - if (options->UseBridges && server_mode(options)) REJECT("Servers must be able to freely connect to the rest " @@ -3389,6 +3363,11 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->UseBridges && options->EntryNodes) REJECT("You cannot set both UseBridges and EntryNodes."); + /* If we have UseBridges as 1 and UseEntryGuards as 0, we end up bypassing + * the use of bridges */ + if (options->UseBridges && !options->UseEntryGuards) + REJECT("Setting UseBridges requires also setting UseEntryGuards."); + options->MaxMemInQueues = compute_real_max_mem_in_queues(options->MaxMemInQueues_raw, server_mode(options)); @@ -3557,7 +3536,7 @@ options_validate(or_options_t *old_options, or_options_t *options, int severity = LOG_NOTICE; /* Be a little quieter if we've deliberately disabled * LearnCircuitBuildTimeout. */ - if (circuit_build_times_disabled()) { + if (circuit_build_times_disabled(options)) { severity = LOG_INFO; } log_fn(severity, LD_CONFIG, "You disabled LearnCircuitBuildTimeout, but " @@ -4362,8 +4341,8 @@ compute_real_max_mem_in_queues(const uint64_t val, int log_guess) } /* If we have less than 300 MB suggest disabling dircache */ -#define DIRCACHE_MIN_MB_BANDWIDTH 300 -#define DIRCACHE_MIN_BANDWIDTH (DIRCACHE_MIN_MB_BANDWIDTH*ONE_MEGABYTE) +#define DIRCACHE_MIN_MEM_MB 300 +#define DIRCACHE_MIN_MEM_BYTES (DIRCACHE_MIN_MEM_MB*ONE_MEGABYTE) #define STRINGIFY(val) #val /** Create a warning message for emitting if we are a dircache but may not have @@ -4383,21 +4362,21 @@ have_enough_mem_for_dircache(const or_options_t *options, size_t total_mem, } } if (options->DirCache) { - if (total_mem < DIRCACHE_MIN_BANDWIDTH) { + if (total_mem < DIRCACHE_MIN_MEM_BYTES) { if (options->BridgeRelay) { *msg = tor_strdup("Running a Bridge with less than " - STRINGIFY(DIRCACHE_MIN_MB_BANDWIDTH) " MB of memory is " - "not recommended."); + STRINGIFY(DIRCACHE_MIN_MEM_MB) " MB of memory is not " + "recommended."); } else { *msg = tor_strdup("Being a directory cache (default) with less than " - STRINGIFY(DIRCACHE_MIN_MB_BANDWIDTH) " MB of memory is " - "not recommended and may consume most of the available " + STRINGIFY(DIRCACHE_MIN_MEM_MB) " MB of memory is not " + "recommended and may consume most of the available " "resources, consider disabling this functionality by " "setting the DirCache option to 0."); } } } else { - if (total_mem >= DIRCACHE_MIN_BANDWIDTH) { + if (total_mem >= DIRCACHE_MIN_MEM_BYTES) { *msg = tor_strdup("DirCache is disabled and we are configured as a " "relay. This may disqualify us from becoming a guard in the " "future."); @@ -4522,7 +4501,6 @@ options_transition_allowed(const or_options_t *old, } while (0) SB_NOCHANGE_STR(Address); - SB_NOCHANGE_STR(PidFile); SB_NOCHANGE_STR(ServerDNSResolvConfFile); SB_NOCHANGE_STR(DirPortFrontPage); SB_NOCHANGE_STR(CookieAuthFile); @@ -5313,35 +5291,35 @@ addressmap_register_auto(const char *from, const char *to, int from_wildcard = 0, to_wildcard = 0; *msg = "whoops, forgot the error message"; - if (1) { - if (!strcmp(to, "*") || !strcmp(from, "*")) { - *msg = "can't remap from or to *"; - return -1; - } - /* Detect asterisks in expressions of type: '*.example.com' */ - if (!strncmp(from,"*.",2)) { - from += 2; - from_wildcard = 1; - } - if (!strncmp(to,"*.",2)) { - to += 2; - to_wildcard = 1; - } - if (to_wildcard && !from_wildcard) { - *msg = "can only use wildcard (i.e. '*.') if 'from' address " - "uses wildcard also"; - return -1; - } + if (!strcmp(to, "*") || !strcmp(from, "*")) { + *msg = "can't remap from or to *"; + return -1; + } + /* Detect asterisks in expressions of type: '*.example.com' */ + if (!strncmp(from,"*.",2)) { + from += 2; + from_wildcard = 1; + } + if (!strncmp(to,"*.",2)) { + to += 2; + to_wildcard = 1; + } - if (address_is_invalid_destination(to, 1)) { - *msg = "destination is invalid"; - return -1; - } + if (to_wildcard && !from_wildcard) { + *msg = "can only use wildcard (i.e. '*.') if 'from' address " + "uses wildcard also"; + return -1; + } - addressmap_register(from, tor_strdup(to), expires, addrmap_source, - from_wildcard, to_wildcard); + if (address_is_invalid_destination(to, 1)) { + *msg = "destination is invalid"; + return -1; } + + addressmap_register(from, tor_strdup(to), expires, addrmap_source, + from_wildcard, to_wildcard); + return 0; } @@ -6268,6 +6246,7 @@ port_cfg_new(size_t namelen) tor_assert(namelen <= SIZE_T_CEILING - sizeof(port_cfg_t) - 1); port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t) + namelen + 1); cfg->entry_cfg.ipv4_traffic = 1; + cfg->entry_cfg.ipv6_traffic = 1; cfg->entry_cfg.dns_request = 1; cfg->entry_cfg.onion_traffic = 1; cfg->entry_cfg.cache_ipv4_answers = 1; @@ -6621,7 +6600,7 @@ parse_port_config(smartlist_t *out, /* This must be kept in sync with port_cfg_new's defaults */ int no_listen = 0, no_advertise = 0, all_addrs = 0, bind_ipv4_only = 0, bind_ipv6_only = 0, - ipv4_traffic = 1, ipv6_traffic = 0, prefer_ipv6 = 0, dns_request = 1, + ipv4_traffic = 1, ipv6_traffic = 1, prefer_ipv6 = 0, dns_request = 1, onion_traffic = 1, cache_ipv4 = 1, use_cached_ipv4 = 0, cache_ipv6 = 0, use_cached_ipv6 = 0, @@ -7859,7 +7838,7 @@ getinfo_helper_config(control_connection_t *conn, case CONFIG_TYPE_CSV: type = "CommaList"; break; case CONFIG_TYPE_CSV_INTERVAL: type = "TimeIntervalCommaList"; break; case CONFIG_TYPE_LINELIST: type = "LineList"; break; - case CONFIG_TYPE_LINELIST_S: type = "Dependant"; break; + case CONFIG_TYPE_LINELIST_S: type = "Dependent"; break; case CONFIG_TYPE_LINELIST_V: type = "Virtual"; break; default: case CONFIG_TYPE_OBSOLETE: @@ -7941,60 +7920,83 @@ getinfo_helper_config(control_connection_t *conn, return 0; } -/** Parse outbound bind address option lines. If <b>validate_only</b> - * is not 0 update OutboundBindAddressIPv4_ and - * OutboundBindAddressIPv6_ in <b>options</b>. On failure, set - * <b>msg</b> (if provided) to a newly allocated string containing a - * description of the problem and return -1. */ +/* Check whether an address has already been set against the options + * depending on address family and destination type. Any exsting + * value will lead to a fail, even if it is the same value. If not + * set and not only validating, copy it into this location too. + * Returns 0 on success or -1 if this address is already set. + */ static int -parse_outbound_addresses(or_options_t *options, int validate_only, char **msg) +verify_and_store_outbound_address(sa_family_t family, tor_addr_t *addr, + outbound_addr_t type, or_options_t *options, int validate_only) { - const config_line_t *lines = options->OutboundBindAddress; - int found_v4 = 0, found_v6 = 0; - + if (type>=OUTBOUND_ADDR_MAX || (family!=AF_INET && family!=AF_INET6)) { + return -1; + } + int fam_index=0; + if (family==AF_INET6) { + fam_index=1; + } + tor_addr_t *dest=&options->OutboundBindAddresses[type][fam_index]; + if (!tor_addr_is_null(dest)) { + return -1; + } if (!validate_only) { - memset(&options->OutboundBindAddressIPv4_, 0, - sizeof(options->OutboundBindAddressIPv4_)); - memset(&options->OutboundBindAddressIPv6_, 0, - sizeof(options->OutboundBindAddressIPv6_)); + tor_addr_copy(dest, addr); } + return 0; +} + +/* Parse a list of address lines for a specific destination type. + * Will store them into the options if not validate_only. If a + * problem occurs, a suitable error message is store in msg. + * Returns 0 on success or -1 if any address is already set. + */ +static int +parse_outbound_address_lines(const config_line_t *lines, outbound_addr_t type, + or_options_t *options, int validate_only, char **msg) +{ + tor_addr_t addr; + sa_family_t family; while (lines) { - tor_addr_t addr, *dst_addr = NULL; - int af = tor_addr_parse(&addr, lines->value); - switch (af) { - case AF_INET: - if (found_v4) { - if (msg) - tor_asprintf(msg, "Multiple IPv4 outbound bind addresses " - "configured: %s", lines->value); - return -1; - } - found_v4 = 1; - dst_addr = &options->OutboundBindAddressIPv4_; - break; - case AF_INET6: - if (found_v6) { - if (msg) - tor_asprintf(msg, "Multiple IPv6 outbound bind addresses " - "configured: %s", lines->value); - return -1; - } - found_v6 = 1; - dst_addr = &options->OutboundBindAddressIPv6_; - break; - default: + family = tor_addr_parse(&addr, lines->value); + if (verify_and_store_outbound_address(family, &addr, type, + options, validate_only)) { if (msg) - tor_asprintf(msg, "Outbound bind address '%s' didn't parse.", - lines->value); + tor_asprintf(msg, "Multiple%s%s outbound bind addresses " + "configured: %s", + family==AF_INET?" IPv4":(family==AF_INET6?" IPv6":""), + type==OUTBOUND_ADDR_OR?" OR": + (type==OUTBOUND_ADDR_EXIT?" exit":""), lines->value); return -1; } - if (!validate_only) - tor_addr_copy(dst_addr, &addr); lines = lines->next; } return 0; } +/** Parse outbound bind address option lines. If <b>validate_only</b> + * is not 0 update OutboundBindAddresses in <b>options</b>. + * Only one address can be set for any of these values. + * On failure, set <b>msg</b> (if provided) to a newly allocated string + * containing a description of the problem and return -1. + */ +static int +parse_outbound_addresses(or_options_t *options, int validate_only, char **msg) +{ + if (!validate_only) { + memset(&options->OutboundBindAddresses, 0, + sizeof(options->OutboundBindAddresses)); + } + parse_outbound_address_lines(options->OutboundBindAddress, + OUTBOUND_ADDR_EXIT_AND_OR, options, validate_only, msg); + parse_outbound_address_lines(options->OutboundBindAddressOR, + OUTBOUND_ADDR_OR, options, validate_only, msg); + parse_outbound_address_lines(options->OutboundBindAddressExit, + OUTBOUND_ADDR_EXIT, options, validate_only, msg); + return 0; +} + /** Load one of the geoip files, <a>family</a> determining which * one. <a>default_fname</a> is used if on Windows and * <a>fname</a> equals "<default>". */ diff --git a/src/or/confparse.c b/src/or/confparse.c index 1706fa85e2..92a66a4b5a 100644 --- a/src/or/confparse.c +++ b/src/or/confparse.c @@ -1159,6 +1159,11 @@ config_dump(const config_format_t *fmt, const void *default_options, config_get_assigned_option(fmt, options, fmt->vars[i].name, 1); for (; line; line = line->next) { + if (!strcmpstart(line->key, "__")) { + /* This check detects "hidden" variables inside LINELIST_V structures. + */ + continue; + } smartlist_add_asprintf(elements, "%s%s %s\n", comment_option ? "# " : "", line->key, line->value); diff --git a/src/or/connection.c b/src/or/connection.c index 5b22594969..188276026f 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -34,7 +34,7 @@ * they become able to read or write register the fact with the event main * loop by calling connection_watch_events(), connection_start_reading(), or * connection_start_writing(). When they no longer want to read or write, - * they call connection_stop_reading() or connection_start_writing(). + * they call connection_stop_reading() or connection_stop_writing(). * * To queue data to be written on a connection, call * connection_write_to_buf(). When data arrives, the @@ -134,6 +134,8 @@ static int connection_read_https_proxy_response(connection_t *conn); static void connection_send_socks5_connect(connection_t *conn); static const char *proxy_type_to_string(int proxy_type); static int get_proxy_type(void); +const tor_addr_t *conn_get_outbound_address(sa_family_t family, + const or_options_t *options, unsigned int conn_type); /** The last addresses that our network interface seemed to have been * binding to. We use this as one way to detect when our IP changes. @@ -1771,7 +1773,7 @@ connection_connect_sockaddr,(connection_t *conn, /* * We've got the socket open; give the OOS handler a chance to check - * against configuured maximum socket number, but tell it no exhaustion + * against configured maximum socket number, but tell it no exhaustion * failure. */ connection_check_oos(get_n_open_sockets(), 0); @@ -1890,6 +1892,55 @@ connection_connect_log_client_use_ip_version(const connection_t *conn) } } +/** Retrieve the outbound address depending on the protocol (IPv4 or IPv6) + * and the connection type (relay, exit, ...) + * Return a socket address or NULL in case nothing is configured. + **/ +const tor_addr_t * +conn_get_outbound_address(sa_family_t family, + const or_options_t *options, unsigned int conn_type) +{ + const tor_addr_t *ext_addr = NULL; + + int fam_index; + switch (family) { + case AF_INET: + fam_index = 0; + break; + case AF_INET6: + fam_index = 1; + break; + default: + return NULL; + } + + // If an exit connection, use the exit address (if present) + if (conn_type == CONN_TYPE_EXIT) { + if (!tor_addr_is_null( + &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) { + ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT] + [fam_index]; + } else if (!tor_addr_is_null( + &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR] + [fam_index])) { + ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR] + [fam_index]; + } + } else { // All non-exit connections + if (!tor_addr_is_null( + &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) { + ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR] + [fam_index]; + } else if (!tor_addr_is_null( + &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR] + [fam_index])) { + ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR] + [fam_index]; + } + } + return ext_addr; +} + /** Take conn, make a nonblocking socket; try to connect to * addr:port (port arrives in *host order*). If fail, return -1 and if * applicable put your best guess about errno into *<b>socket_error</b>. @@ -1911,26 +1962,15 @@ connection_connect(connection_t *conn, const char *address, struct sockaddr *bind_addr = NULL; struct sockaddr *dest_addr; int dest_addr_len, bind_addr_len = 0; - const or_options_t *options = get_options(); - int protocol_family; /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort */ connection_connect_log_client_use_ip_version(conn); - if (tor_addr_family(addr) == AF_INET6) - protocol_family = PF_INET6; - else - protocol_family = PF_INET; - if (!tor_addr_is_loopback(addr)) { const tor_addr_t *ext_addr = NULL; - if (protocol_family == AF_INET && - !tor_addr_is_null(&options->OutboundBindAddressIPv4_)) - ext_addr = &options->OutboundBindAddressIPv4_; - else if (protocol_family == AF_INET6 && - !tor_addr_is_null(&options->OutboundBindAddressIPv6_)) - ext_addr = &options->OutboundBindAddressIPv6_; + ext_addr = conn_get_outbound_address(tor_addr_family(addr), get_options(), + conn->type); if (ext_addr) { memset(&bind_addr_ss, 0, sizeof(bind_addr_ss)); bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0, diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 415f9e480b..82d5d3c5a2 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -329,6 +329,33 @@ relay_send_end_cell_from_edge(streamid_t stream_id, circuit_t *circ, payload, 1, cpath_layer); } +/* If the connection <b>conn</b> is attempting to connect to an external + * destination that is an hidden service and the reason is a connection + * refused or timeout, log it so the operator can take appropriate actions. + * The log statement is a rate limited warning. */ +static void +warn_if_hs_unreachable(const edge_connection_t *conn, uint8_t reason) +{ + tor_assert(conn); + + if (conn->base_.type == CONN_TYPE_EXIT && + connection_edge_is_rendezvous_stream(conn) && + (reason == END_STREAM_REASON_CONNECTREFUSED || + reason == END_STREAM_REASON_TIMEOUT)) { +#define WARN_FAILED_HS_CONNECTION 300 + static ratelim_t warn_limit = RATELIM_INIT(WARN_FAILED_HS_CONNECTION); + char *m; + if ((m = rate_limit_log(&warn_limit, approx_time()))) { + log_warn(LD_EDGE, "Onion service connection to %s failed (%s)", + (conn->base_.socket_family == AF_UNIX) ? + safe_str(conn->base_.address) : + safe_str(fmt_addrport(&conn->base_.addr, conn->base_.port)), + stream_end_reason_to_string(reason)); + tor_free(m); + } + } +} + /** Send a relay end cell from stream <b>conn</b> down conn's circuit, and * remember that we've done so. If this is not a client connection, set the * relay end cell's reason for closing as <b>reason</b>. @@ -386,6 +413,9 @@ connection_edge_end(edge_connection_t *conn, uint8_t reason) conn->base_.s); connection_edge_send_command(conn, RELAY_COMMAND_END, payload, payload_len); + /* We'll log warn if the connection was an hidden service and couldn't be + * made because the service wasn't available. */ + warn_if_hs_unreachable(conn, control_reason); } else { log_debug(LD_EDGE,"No circ to send end on conn " "(fd "TOR_SOCKET_T_FORMAT").", @@ -3521,7 +3551,7 @@ connection_exit_connect_dir(edge_connection_t *exitconn) * it is a general stream. */ int -connection_edge_is_rendezvous_stream(edge_connection_t *conn) +connection_edge_is_rendezvous_stream(const edge_connection_t *conn) { tor_assert(conn); if (conn->rend_data) diff --git a/src/or/connection_edge.h b/src/or/connection_edge.h index 5dfc8af901..61b5752aed 100644 --- a/src/or/connection_edge.h +++ b/src/or/connection_edge.h @@ -60,7 +60,7 @@ void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, int connection_exit_begin_conn(cell_t *cell, circuit_t *circ); int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ); void connection_exit_connect(edge_connection_t *conn); -int connection_edge_is_rendezvous_stream(edge_connection_t *conn); +int connection_edge_is_rendezvous_stream(const edge_connection_t *conn); int connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit); void connection_ap_expire_beginning(void); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index b3ae291831..cefe42c4db 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -718,11 +718,6 @@ connection_or_about_to_close(or_connection_t *or_conn) rep_hist_note_connect_failed(or_conn->identity_digest, now); /* Tell the new guard API about the channel failure */ entry_guard_chan_failed(TLS_CHAN_TO_BASE(or_conn->chan)); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - /* Tell the old guard API about the channel failure */ - entry_guard_register_connect_status(or_conn->identity_digest,0, - !options->HTTPSProxy, now); -#endif if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) { int reason = tls_error_to_orconn_end_reason(or_conn->tls_error); control_event_or_conn_status(or_conn, OR_CONN_EVENT_FAILED, @@ -1728,11 +1723,6 @@ connection_or_client_learned_peer_id(or_connection_t *conn, /* Tell the new guard API about the channel failure */ entry_guard_chan_failed(TLS_CHAN_TO_BASE(conn->chan)); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - /* Tell the old guard API about the channel failure */ - entry_guard_register_connect_status(conn->identity_digest, 0, 1, - time(NULL)); -#endif control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED, END_OR_CONN_REASON_OR_IDENTITY); if (!authdir_mode_tests_reachability(options)) diff --git a/src/or/control.c b/src/or/control.c index 248c780cce..857b7325ae 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -71,6 +71,7 @@ #include "router.h" #include "routerlist.h" #include "routerparse.h" +#include "shared_random.h" #ifndef _WIN32 #include <pwd.h> @@ -2870,6 +2871,26 @@ getinfo_helper_liveness(control_connection_t *control_conn, return 0; } +/** Implementation helper for GETINFO: answers queries about shared random + * value. */ +static int +getinfo_helper_sr(control_connection_t *control_conn, + const char *question, char **answer, + const char **errmsg) +{ + (void) control_conn; + (void) errmsg; + + if (!strcmp(question, "sr/current")) { + *answer = sr_get_current_for_control(); + } else if (!strcmp(question, "sr/previous")) { + *answer = sr_get_previous_for_control(); + } + /* Else statement here is unrecognized key so do nothing. */ + + return 0; +} + /** Callback function for GETINFO: on a given control connection, try to * answer the question <b>q</b> and store the newly-allocated answer in * *<b>a</b>. If an internal error occurs, return -1 and optionally set @@ -3062,6 +3083,8 @@ static const getinfo_item_t getinfo_items[] = { "Onion services owned by the current control connection."), ITEM("onions/detached", onions, "Onion services detached from the control connection."), + ITEM("sr/current", sr, "Get current shared random value."), + ITEM("sr/previous", sr, "Get previous shared random value."), { NULL, NULL, NULL, 0 } }; @@ -4041,17 +4064,20 @@ handle_control_dropguards(control_connection_t *conn, smartlist_split_string(args, body, " ", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM + static int have_warned = 0; + if (! have_warned) { + log_warn(LD_CONTROL, "DROPGUARDS is dangerous; make sure you understand " + "the risks before using it. It may be removed in a future " + "version of Tor."); + have_warned = 1; + } + if (smartlist_len(args)) { connection_printf_to_buf(conn, "512 Too many arguments to DROPGUARDS\r\n"); } else { remove_all_entry_guards(); send_control_done(conn); } -#else - // XXXX - connection_printf_to_buf(conn, "512 not supported\r\n"); -#endif SMARTLIST_FOREACH(args, char *, cp, tor_free(cp)); smartlist_free(args); diff --git a/src/or/directory.c b/src/or/directory.c index 012d440250..4c94fe4d19 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -469,7 +469,7 @@ directory_pick_generic_dirserver(dirinfo_type_t type, int pds_flags, log_warn(LD_BUG, "Called when we have UseBridges set."); if (should_use_directory_guards(options)) { - const node_t *node = guards_choose_dirguard(type, guard_state_out); + const node_t *node = guards_choose_dirguard(guard_state_out); if (node) rs = node->rs; } else { @@ -559,8 +559,7 @@ MOCK_IMPL(void, directory_get_from_dirserver, ( * sort of dir fetch we'll be doing, so it won't return a bridge * that can't answer our question. */ - const node_t *node = guards_choose_dirguard(type, - &guard_state); + const node_t *node = guards_choose_dirguard(&guard_state); if (node && node->ri) { /* every bridge has a routerinfo. */ routerinfo_t *ri = node->ri; @@ -1857,15 +1856,15 @@ body_is_plausible(const char *body, size_t len, int purpose) if (purpose == DIR_PURPOSE_FETCH_MICRODESC) { return (!strcmpstart(body,"onion-key")); } - if (1) { - if (!strcmpstart(body,"router") || - !strcmpstart(body,"network-status")) - return 1; - for (i=0;i<32;++i) { - if (!TOR_ISPRINT(body[i]) && !TOR_ISSPACE(body[i])) - return 0; - } + + if (!strcmpstart(body,"router") || + !strcmpstart(body,"network-status")) + return 1; + for (i=0;i<32;++i) { + if (!TOR_ISPRINT(body[i]) && !TOR_ISSPACE(body[i])) + return 0; } + return 1; } @@ -1967,6 +1966,21 @@ connection_dir_client_reached_eof(dir_connection_t *conn) escaped(reason), conn->base_.purpose); + if (conn->guard_state) { + /* we count the connection as successful once we can read from it. We do + * not, however, delay use of the circuit here, since it's just for a + * one-hop directory request. */ + /* XXXXprop271 note that this will not do the right thing for other + * waiting circuits that would be triggered by this circuit becoming + * complete/usable. But that's ok, I think. + */ + /* XXXXprop271 should we count this as only a partial success somehow? + */ + entry_guard_succeeded(&conn->guard_state); + circuit_guard_state_free(conn->guard_state); + conn->guard_state = NULL; + } + /* now check if it's got any hints for us about our IP address. */ if (conn->dirconn_direct) { char *guess = http_get_header(headers, X_ADDRESS_HEADER); @@ -2578,21 +2592,6 @@ connection_dir_process_inbuf(dir_connection_t *conn) tor_assert(conn); tor_assert(conn->base_.type == CONN_TYPE_DIR); - if (conn->guard_state) { - /* we count the connection as successful once we can read from it. We do - * not, however, delay use of the circuit here, since it's just for a - * one-hop directory request. */ - /* XXXXprop271 note that this will not do the right thing for other - * waiting circuits that would be triggered by this circuit becoming - * complete/usable. But that's ok, I think. - */ - /* XXXXprop271 should we count this as only a partial success somehow? - */ - entry_guard_succeeded(&conn->guard_state); - circuit_guard_state_free(conn->guard_state); - conn->guard_state = NULL; - } - /* Directory clients write, then read data until they receive EOF; * directory servers read data until they get an HTTP command, then * write their response (when it's finished flushing, they mark for @@ -3030,63 +3029,61 @@ handle_get_current_consensus(dir_connection_t *conn, smartlist_t *dir_fps = smartlist_new(); long lifetime = NETWORKSTATUS_CACHE_LIFETIME; - if (1) { - networkstatus_t *v; - time_t now = time(NULL); - const char *want_fps = NULL; - char *flavor = NULL; - int flav = FLAV_NS; - #define CONSENSUS_URL_PREFIX "/tor/status-vote/current/consensus/" - #define CONSENSUS_FLAVORED_PREFIX "/tor/status-vote/current/consensus-" - /* figure out the flavor if any, and who we wanted to sign the thing */ - if (!strcmpstart(url, CONSENSUS_FLAVORED_PREFIX)) { - const char *f, *cp; - f = url + strlen(CONSENSUS_FLAVORED_PREFIX); - cp = strchr(f, '/'); - if (cp) { - want_fps = cp+1; - flavor = tor_strndup(f, cp-f); - } else { - flavor = tor_strdup(f); - } - flav = networkstatus_parse_flavor_name(flavor); - if (flav < 0) - flav = FLAV_NS; + networkstatus_t *v; + time_t now = time(NULL); + const char *want_fps = NULL; + char *flavor = NULL; + int flav = FLAV_NS; +#define CONSENSUS_URL_PREFIX "/tor/status-vote/current/consensus/" +#define CONSENSUS_FLAVORED_PREFIX "/tor/status-vote/current/consensus-" + /* figure out the flavor if any, and who we wanted to sign the thing */ + if (!strcmpstart(url, CONSENSUS_FLAVORED_PREFIX)) { + const char *f, *cp; + f = url + strlen(CONSENSUS_FLAVORED_PREFIX); + cp = strchr(f, '/'); + if (cp) { + want_fps = cp+1; + flavor = tor_strndup(f, cp-f); } else { - if (!strcmpstart(url, CONSENSUS_URL_PREFIX)) - want_fps = url+strlen(CONSENSUS_URL_PREFIX); + flavor = tor_strdup(f); } + flav = networkstatus_parse_flavor_name(flavor); + if (flav < 0) + flav = FLAV_NS; + } else { + if (!strcmpstart(url, CONSENSUS_URL_PREFIX)) + want_fps = url+strlen(CONSENSUS_URL_PREFIX); + } - v = networkstatus_get_latest_consensus_by_flavor(flav); + v = networkstatus_get_latest_consensus_by_flavor(flav); - if (v && !networkstatus_consensus_reasonably_live(v, now)) { - write_http_status_line(conn, 404, "Consensus is too old"); - warn_consensus_is_too_old(v, flavor, now); - smartlist_free(dir_fps); - geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND); - tor_free(flavor); - goto done; - } + if (v && !networkstatus_consensus_reasonably_live(v, now)) { + write_http_status_line(conn, 404, "Consensus is too old"); + warn_consensus_is_too_old(v, flavor, now); + smartlist_free(dir_fps); + geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND); + tor_free(flavor); + goto done; + } - if (v && want_fps && - !client_likes_consensus(v, want_fps)) { - write_http_status_line(conn, 404, "Consensus not signed by sufficient " - "number of requested authorities"); - smartlist_free(dir_fps); - geoip_note_ns_response(GEOIP_REJECT_NOT_ENOUGH_SIGS); - tor_free(flavor); - goto done; - } + if (v && want_fps && + !client_likes_consensus(v, want_fps)) { + write_http_status_line(conn, 404, "Consensus not signed by sufficient " + "number of requested authorities"); + smartlist_free(dir_fps); + geoip_note_ns_response(GEOIP_REJECT_NOT_ENOUGH_SIGS); + tor_free(flavor); + goto done; + } - { - char *fp = tor_malloc_zero(DIGEST_LEN); - if (flavor) - strlcpy(fp, flavor, DIGEST_LEN); - tor_free(flavor); - smartlist_add(dir_fps, fp); - } - lifetime = (v && v->fresh_until > now) ? v->fresh_until - now : 0; + { + char *fp = tor_malloc_zero(DIGEST_LEN); + if (flavor) + strlcpy(fp, flavor, DIGEST_LEN); + tor_free(flavor); + smartlist_add(dir_fps, fp); } + lifetime = (v && v->fresh_until > now) ? v->fresh_until - now : 0; if (!smartlist_len(dir_fps)) { /* we failed to create/cache cp */ write_http_status_line(conn, 503, "Network status object unavailable"); @@ -3122,21 +3119,19 @@ handle_get_current_consensus(dir_connection_t *conn, goto done; } - if (1) { - tor_addr_t addr; - if (tor_addr_parse(&addr, (TO_CONN(conn))->address) >= 0) { - geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, - &addr, NULL, - time(NULL)); - geoip_note_ns_response(GEOIP_SUCCESS); - /* Note that a request for a network status has started, so that we - * can measure the download time later on. */ - if (conn->dirreq_id) - geoip_start_dirreq(conn->dirreq_id, dlen, DIRREQ_TUNNELED); - else - geoip_start_dirreq(TO_CONN(conn)->global_identifier, dlen, - DIRREQ_DIRECT); - } + tor_addr_t addr; + if (tor_addr_parse(&addr, (TO_CONN(conn))->address) >= 0) { + geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, + &addr, NULL, + time(NULL)); + geoip_note_ns_response(GEOIP_SUCCESS); + /* Note that a request for a network status has started, so that we + * can measure the download time later on. */ + if (conn->dirreq_id) + geoip_start_dirreq(conn->dirreq_id, dlen, DIRREQ_TUNNELED); + else + geoip_start_dirreq(TO_CONN(conn)->global_identifier, dlen, + DIRREQ_DIRECT); } write_http_response_header(conn, -1, compressed, @@ -3528,13 +3523,6 @@ handle_get_hs_descriptor_v3(dir_connection_t *conn, const char *pubkey_str = NULL; const char *url = args->url; - /* Don't serve v3 descriptors if next gen onion service is disabled. */ - if (!hs_v3_protocol_is_enabled()) { - /* 404 is used for an unrecognized URL so send back the same. */ - write_http_status_line(conn, 404, "Not found"); - goto done; - } - /* Reject unencrypted dir connections */ if (!connection_dir_is_encrypted(conn)) { write_http_status_line(conn, 404, "Not found"); @@ -3749,13 +3737,6 @@ directory_handle_command_post,(dir_connection_t *conn, const char *headers, * the prop224 be deployed and thus use. */ if (connection_dir_is_encrypted(conn) && !strcmpstart(url, "/tor/hs/")) { const char *msg = "HS descriptor stored successfully."; - /* Don't accept v3 and onward publish request if next gen onion service is - * disabled. */ - if (!hs_v3_protocol_is_enabled()) { - /* 404 is used for an unrecognized URL so send back the same. */ - write_http_status_line(conn, 404, "Not found"); - goto done; - } /* We most probably have a publish request for an HS descriptor. */ int code = handle_post_hs_descriptor(url, body); diff --git a/src/or/dns.c b/src/or/dns.c index 388104f8da..7651501ec3 100644 --- a/src/or/dns.c +++ b/src/or/dns.c @@ -243,29 +243,19 @@ has_dns_init_failed(void) } /** Helper: Given a TTL from a DNS response, determine what TTL to give the - * OP that asked us to resolve it. */ + * OP that asked us to resolve it, and how long to cache that record + * ourselves. */ uint32_t dns_clip_ttl(uint32_t ttl) { - if (ttl < MIN_DNS_TTL) - return MIN_DNS_TTL; - else if (ttl > MAX_DNS_TTL) - return MAX_DNS_TTL; - else - return ttl; -} - -/** Helper: Given a TTL from a DNS response, determine how long to hold it in - * our cache. */ -STATIC uint32_t -dns_get_expiry_ttl(uint32_t ttl) -{ - if (ttl < MIN_DNS_TTL) - return MIN_DNS_TTL; - else if (ttl > MAX_DNS_ENTRY_AGE) - return MAX_DNS_ENTRY_AGE; + /* This logic is a defense against "DefectTor" DNS-based traffic + * confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf . + * We only give two values: a "low" value and a "high" value. + */ + if (ttl < MIN_DNS_TTL_AT_EXIT) + return MIN_DNS_TTL_AT_EXIT; else - return ttl; + return MAX_DNS_TTL_AT_EXIT; } /** Helper: free storage held by an entry in the DNS cache. */ @@ -336,7 +326,7 @@ cached_resolve_add_answer(cached_resolve_t *resolve, resolve->result_ipv4.err_ipv4 = dns_result; resolve->res_status_ipv4 = RES_STATUS_DONE_ERR; } - + resolve->ttl_ipv4 = ttl; } else if (query_type == DNS_IPv6_AAAA) { if (resolve->res_status_ipv6 != RES_STATUS_INFLIGHT) return; @@ -351,6 +341,7 @@ cached_resolve_add_answer(cached_resolve_t *resolve, resolve->result_ipv6.err_ipv6 = dns_result; resolve->res_status_ipv6 = RES_STATUS_DONE_ERR; } + resolve->ttl_ipv6 = ttl; } } @@ -1317,7 +1308,7 @@ make_pending_resolve_cached(cached_resolve_t *resolve) resolve->ttl_hostname < ttl) ttl = resolve->ttl_hostname; - set_expiry(new_resolve, time(NULL) + dns_get_expiry_ttl(ttl)); + set_expiry(new_resolve, time(NULL) + dns_clip_ttl(ttl)); } assert_cache_ok(); diff --git a/src/or/dns.h b/src/or/dns.h index b14f7dd29c..951a2a3467 100644 --- a/src/or/dns.h +++ b/src/or/dns.h @@ -12,6 +12,18 @@ #ifndef TOR_DNS_H #define TOR_DNS_H +/** Lowest value for DNS ttl that a server will give. */ +#define MIN_DNS_TTL_AT_EXIT (5*60) +/** Highest value for DNS ttl that a server will give. */ +#define MAX_DNS_TTL_AT_EXIT (60*60) + +/** How long do we keep DNS cache entries before purging them (regardless of + * their TTL)? */ +#define MAX_DNS_ENTRY_AGE (3*60*60) +/** How long do we cache/tell clients to cache DNS records when no TTL is + * known? */ +#define DEFAULT_DNS_TTL (30*60) + int dns_init(void); int has_dns_init_failed(void); void dns_free_all(void); @@ -31,8 +43,6 @@ void dump_dns_mem_usage(int severity); #ifdef DNS_PRIVATE #include "dns_structs.h" -STATIC uint32_t dns_get_expiry_ttl(uint32_t ttl); - MOCK_DECL(STATIC int,dns_resolve_impl,(edge_connection_t *exitconn, int is_resolve,or_circuit_t *oncirc, char **hostname_out, int *made_connection_pending_out, cached_resolve_t **resolve_out)); diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 82601868ba..63b54f41f0 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -11,11 +11,6 @@ * Entry nodes can be guards (for general use) or bridges (for censorship * circumvention). * - * XXXX prop271 This module is in flux, since I'm currently in the middle of - * implementation proposal 271. The module documentation here will describe - * the new algorithm and data structures; the old ones should get removed as - * proposal 271 is completed. - * * In general, we use entry guards to prevent traffic-sampling attacks: * if we chose every circuit independently, an adversary controlling * some fraction of paths on the network would observe a sample of every @@ -151,13 +146,6 @@ static guard_selection_t *curr_guard_context = NULL; * and those changes need to be flushed to disk. */ static int entry_guards_dirty = 0; -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -static const node_t *choose_random_entry_impl(guard_selection_t *gs, - cpath_build_state_t *state, - int for_directory, - dirinfo_type_t dirtype, - int *n_options_out); -#endif static void entry_guard_set_filtered_flags(const or_options_t *options, guard_selection_t *gs, entry_guard_t *guard); @@ -206,9 +194,7 @@ guard_selection_infer_type(guard_selection_type_t type, const char *name) { if (type == GS_TYPE_INFER) { - if (!strcmp(name, "legacy")) - type = GS_TYPE_LEGACY; - else if (!strcmp(name, "bridges")) + if (!strcmp(name, "bridges")) type = GS_TYPE_BRIDGE; else if (!strcmp(name, "restricted")) type = GS_TYPE_RESTRICTED; @@ -232,9 +218,6 @@ guard_selection_new(const char *name, gs = tor_malloc_zero(sizeof(*gs)); gs->name = tor_strdup(name); gs->type = type; -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - gs->chosen_entry_guards = smartlist_new(); -#endif gs->sampled_entry_guards = smartlist_new(); gs->confirmed_entry_guards = smartlist_new(); gs->primary_entry_guards = smartlist_new(); @@ -304,35 +287,6 @@ get_guard_selection_info(void) return curr_guard_context; } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -/** Return the list of entry guards for a guard_selection_t, creating it - * if necessary. */ -const smartlist_t * -get_entry_guards_for_guard_selection(guard_selection_t *gs) -{ - tor_assert(gs != NULL); - tor_assert(gs->chosen_entry_guards != NULL); - - return gs->chosen_entry_guards; -} - -/** Return the list of entry guards for the default guard_selection_t, - * creating it if necessary. */ -const smartlist_t * -get_entry_guards(void) -{ - return get_entry_guards_for_guard_selection(get_guard_selection_info()); -} - -/** Helper: mark an entry guard as not usable. */ -void -entry_guard_mark_bad(entry_guard_t *guard) -{ - guard->bad_since = approx_time(); - entry_guards_changed(); -} -#endif - /** Return a statically allocated human-readable description of <b>guard</b> */ const char * @@ -585,10 +539,6 @@ choose_guard_selection(const or_options_t *options, { tor_assert(options); tor_assert(type_out); - if (options->UseDeprecatedGuardAlgorithm) { - *type_out = GS_TYPE_LEGACY; - return "legacy"; - } if (options->UseBridges) { *type_out = GS_TYPE_BRIDGE; @@ -2152,9 +2102,6 @@ entry_guard_pick_for_circuit(guard_selection_t *gs, guard_usable_t entry_guard_succeeded(circuit_guard_state_t **guard_state_p) { - if (get_options()->UseDeprecatedGuardAlgorithm) - return GUARD_USABLE_NOW; - if (BUG(*guard_state_p == NULL)) return GUARD_USABLE_NEVER; @@ -2182,8 +2129,6 @@ entry_guard_succeeded(circuit_guard_state_t **guard_state_p) void entry_guard_cancel(circuit_guard_state_t **guard_state_p) { - if (get_options()->UseDeprecatedGuardAlgorithm) - return; if (BUG(*guard_state_p == NULL)) return; entry_guard_t *guard = entry_guard_handle_get((*guard_state_p)->guard); @@ -2205,9 +2150,6 @@ entry_guard_cancel(circuit_guard_state_t **guard_state_p) void entry_guard_failed(circuit_guard_state_t **guard_state_p) { - if (get_options()->UseDeprecatedGuardAlgorithm) - return; - if (BUG(*guard_state_p == NULL)) return; @@ -2230,8 +2172,6 @@ entry_guard_chan_failed(channel_t *chan) { if (!chan) return; - if (get_options()->UseDeprecatedGuardAlgorithm) - return; smartlist_t *pending = smartlist_new(); circuit_get_all_pending_on_channel(pending, chan); @@ -2837,8 +2777,8 @@ entry_guard_parse_from_state(const char *s) } /** - * Replace the Guards entries in <b>state</b> with a list of all our - * non-legacy sampled guards. + * Replace the Guards entries in <b>state</b> with a list of all our sampled + * guards. */ static void entry_guards_update_guards_in_state(or_state_t *state) @@ -2849,8 +2789,6 @@ entry_guards_update_guards_in_state(or_state_t *state) config_line_t **nextline = &lines; SMARTLIST_FOREACH_BEGIN(guard_contexts, guard_selection_t *, gs) { - if (!strcmp(gs->name, "legacy")) - continue; /* This is encoded differently. */ SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { if (guard->is_persistent == 0) continue; @@ -2866,9 +2804,9 @@ entry_guards_update_guards_in_state(or_state_t *state) } /** - * Replace our non-legacy sampled guards from the Guards entries in - * <b>state</b>. Return 0 on success, -1 on failure. (If <b>set</b> is - * true, replace nothing -- only check whether replacing would work.) + * Replace our sampled guards from the Guards entries in <b>state</b>. Return 0 + * on success, -1 on failure. (If <b>set</b> is true, replace nothing -- only + * check whether replacing would work.) */ static int entry_guards_load_guards_from_state(or_state_t *state, int set) @@ -2883,8 +2821,6 @@ entry_guards_load_guards_from_state(or_state_t *state, int set) * let's be safe.) */ if (set) { SMARTLIST_FOREACH_BEGIN(guard_contexts, guard_selection_t *, gs) { - if (!strcmp(gs->name, "legacy")) - continue; guard_selection_free(gs); if (curr_guard_context == gs) curr_guard_context = NULL; @@ -2919,299 +2855,12 @@ entry_guards_load_guards_from_state(or_state_t *state, int set) if (set) { SMARTLIST_FOREACH_BEGIN(guard_contexts, guard_selection_t *, gs) { - if (!strcmp(gs->name, "legacy")) - continue; entry_guards_update_all(gs); } SMARTLIST_FOREACH_END(gs); } return n_errors ? -1 : 0; } -/* XXXXX ----------------------------------------------- */ -/* XXXXX prop271 ----- end of new-for-prop271 code ----- */ -/* XXXXX ----------------------------------------------- */ - -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -/** - * @name Constants for old (pre-prop271) guard selection algorithm. - */ - -/**@{*/ - -/* Default number of entry guards in the case where the NumEntryGuards - * consensus parameter is not set */ -#define DEFAULT_N_GUARDS 1 -/* Minimum and maximum number of entry guards (in case the NumEntryGuards - * consensus parameter is set). */ -#define MIN_N_GUARDS 1 -#define MAX_N_GUARDS 10 -/** Largest amount that we'll backdate chosen_on_date */ -#define CHOSEN_ON_DATE_SLOP (30*86400) -/** How long (in seconds) do we allow an entry guard to be nonfunctional, - * unlisted, excluded, or otherwise nonusable before we give up on it? */ -#define ENTRY_GUARD_REMOVE_AFTER (30*24*60*60) -/**}@*/ - -/** - * @name Networkstatus parameters for old (pre-prop271) guard selection - */ -/**@}*/ -/** Choose how many entry guards or directory guards we'll use. If - * <b>for_directory</b> is true, we return how many directory guards to - * use; else we return how many entry guards to use. */ -STATIC int -decide_num_guards(const or_options_t *options, int for_directory) -{ - if (for_directory) { - int answer; - if (options->NumDirectoryGuards != 0) - return options->NumDirectoryGuards; - answer = networkstatus_get_param(NULL, "NumDirectoryGuards", 0, 0, 10); - if (answer) /* non-zero means use the consensus value */ - return answer; - } - - if (options->NumEntryGuards) - return options->NumEntryGuards; - - /* Use the value from the consensus, or 3 if no guidance. */ - return networkstatus_get_param(NULL, "NumEntryGuards", DEFAULT_N_GUARDS, - MIN_N_GUARDS, MAX_N_GUARDS); -} - -/** Check whether the entry guard <b>e</b> is usable, given the directory - * authorities' opinion about the router (stored in <b>ri</b>) and the user's - * configuration (in <b>options</b>). Set <b>e</b>->bad_since - * accordingly. Return true iff the entry guard's status changes. - * - * If it's not usable, set *<b>reason</b> to a static string explaining why. - */ -static int -entry_guard_set_status(entry_guard_t *e, const node_t *node, - time_t now, const or_options_t *options, - const char **reason) -{ - char buf[HEX_DIGEST_LEN+1]; - int changed = 0; - - *reason = NULL; - - /* Do we want to mark this guard as bad? */ - if (!node) - *reason = "unlisted"; - else if (!node->is_running) - *reason = "down"; - else if (options->UseBridges && (!node->ri || - node->ri->purpose != ROUTER_PURPOSE_BRIDGE)) - *reason = "not a bridge"; - else if (options->UseBridges && !node_is_a_configured_bridge(node)) - *reason = "not a configured bridge"; - else if (!options->UseBridges && !node->is_possible_guard && - !routerset_contains_node(options->EntryNodes,node)) - *reason = "not recommended as a guard"; - else if (routerset_contains_node(options->ExcludeNodes, node)) - *reason = "excluded"; - /* We only care about OR connection connectivity for entry guards. */ - else if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0)) - *reason = "unreachable by config"; - else if (e->pb.path_bias_disabled) - *reason = "path-biased"; - - if (*reason && ! e->bad_since) { - /* Router is newly bad. */ - base16_encode(buf, sizeof(buf), e->identity, DIGEST_LEN); - log_info(LD_CIRC, "Entry guard %s (%s) is %s: marking as unusable.", - e->nickname, buf, *reason); - - e->bad_since = now; - control_event_guard(e->nickname, e->identity, "BAD"); - changed = 1; - } else if (!*reason && e->bad_since) { - /* There's nothing wrong with the router any more. */ - base16_encode(buf, sizeof(buf), e->identity, DIGEST_LEN); - log_info(LD_CIRC, "Entry guard %s (%s) is no longer unusable: " - "marking as ok.", e->nickname, buf); - - e->bad_since = 0; - control_event_guard(e->nickname, e->identity, "GOOD"); - changed = 1; - } - - if (node) { - int is_dir = node_is_dir(node); - if (options->UseBridges && node_is_a_configured_bridge(node)) - is_dir = 1; - if (e->is_dir_cache != is_dir) { - e->is_dir_cache = is_dir; - changed = 1; - } - } - - return changed; -} - -/** Return true iff enough time has passed since we last tried to connect - * to the unreachable guard <b>e</b> that we're willing to try again. */ -STATIC int -entry_is_time_to_retry(const entry_guard_t *e, time_t now) -{ - struct guard_retry_period_s { - time_t period_duration; - time_t interval_during_period; - }; - - struct guard_retry_period_s periods[] = { - { 6*60*60, 60*60 }, /* For first 6 hrs., retry hourly; */ - { 3*24*60*60, 4*60*60 }, /* Then retry every 4 hrs. until the - 3-day mark; */ - { 7*24*60*60, 18*60*60 }, /* After 3 days, retry every 18 hours until - 1 week mark. */ - { TIME_MAX, 36*60*60 } /* After 1 week, retry every 36 hours. */ - }; - - time_t ith_deadline_for_retry; - time_t unreachable_for; - unsigned i; - - if (e->last_attempted < e->unreachable_since) - return 1; - - unreachable_for = now - e->unreachable_since; - - for (i = 0; i < ARRAY_LENGTH(periods); i++) { - if (unreachable_for <= periods[i].period_duration) { - ith_deadline_for_retry = e->last_attempted + - periods[i].interval_during_period; - - return (now > ith_deadline_for_retry); - } - } - return 0; -} - -/** Return the node corresponding to <b>e</b>, if <b>e</b> is - * working well enough that we are willing to use it as an entry - * right now. (Else return NULL.) In particular, it must be - * - Listed as either up or never yet contacted; - * - Present in the routerlist; - * - Listed as 'stable' or 'fast' by the current dirserver consensus, - * if demanded by <b>need_uptime</b> or <b>need_capacity</b> - * (unless it's a configured EntryNode); - * - Allowed by our current ReachableORAddresses config option; and - * - Currently thought to be reachable by us (unless <b>assume_reachable</b> - * is true). - * - * If the answer is no, set *<b>msg</b> to an explanation of why. - * - * If need_descriptor is true, only return the node if we currently have - * a descriptor (routerinfo or microdesc) for it. - */ -STATIC const node_t * -entry_is_live(const entry_guard_t *e, entry_is_live_flags_t flags, - const char **msg) -{ - const node_t *node; - const or_options_t *options = get_options(); - int need_uptime = (flags & ENTRY_NEED_UPTIME) != 0; - int need_capacity = (flags & ENTRY_NEED_CAPACITY) != 0; - const int assume_reachable = (flags & ENTRY_ASSUME_REACHABLE) != 0; - const int need_descriptor = (flags & ENTRY_NEED_DESCRIPTOR) != 0; - - tor_assert(msg); - - if (e->pb.path_bias_disabled) { - *msg = "path-biased"; - return NULL; - } - if (e->bad_since) { - *msg = "bad"; - return NULL; - } - /* no good if it's unreachable, unless assume_unreachable or can_retry. */ - if (!assume_reachable && !e->can_retry && - e->unreachable_since && !entry_is_time_to_retry(e, time(NULL))) { - *msg = "unreachable"; - return NULL; - } - node = node_get_by_id(e->identity); - if (!node) { - *msg = "no node info"; - return NULL; - } - if (need_descriptor && !node_has_descriptor(node)) { - *msg = "no descriptor"; - return NULL; - } - if (get_options()->UseBridges) { - if (node_get_purpose(node) != ROUTER_PURPOSE_BRIDGE) { - *msg = "not a bridge"; - return NULL; - } - if (!node_is_a_configured_bridge(node)) { - *msg = "not a configured bridge"; - return NULL; - } - } else { /* !get_options()->UseBridges */ - if (node_get_purpose(node) != ROUTER_PURPOSE_GENERAL) { - *msg = "not general-purpose"; - return NULL; - } - } - if (routerset_contains_node(options->EntryNodes, node)) { - /* they asked for it, they get it */ - need_uptime = need_capacity = 0; - } - if (node_is_unreliable(node, need_uptime, need_capacity, 0)) { - *msg = "not fast/stable"; - return NULL; - } - if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0)) { - *msg = "unreachable by config"; - return NULL; - } - return node; -} - -/** Return the number of entry guards that we think are usable, in the - * context of the given guard_selection_t */ -int -num_live_entry_guards_for_guard_selection(guard_selection_t *gs, - int for_directory) -{ - int n = 0; - const char *msg; - - tor_assert(gs != NULL); - - /* Set the entry node attributes we are interested in. */ - entry_is_live_flags_t entry_flags = ENTRY_NEED_CAPACITY; - if (!for_directory) { - entry_flags |= ENTRY_NEED_DESCRIPTOR; - } - - if (!(gs->chosen_entry_guards)) { - return 0; - } - - SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, entry) { - if (for_directory && !entry->is_dir_cache) - continue; - if (entry_is_live(entry, entry_flags, &msg)) - ++n; - } SMARTLIST_FOREACH_END(entry); - return n; -} - -/** Return the number of entry guards that we think are usable, for the - * default guard selection */ -int -num_live_entry_guards(int for_directory) -{ - return num_live_entry_guards_for_guard_selection( - get_guard_selection_info(), for_directory); -} -#endif - /** If <b>digest</b> matches the identity of any node in the * entry_guards list for the provided guard selection state, return that node. Else return NULL. */ @@ -3225,12 +2874,6 @@ entry_guard_get_by_id_digest_for_guard_selection(guard_selection_t *gs, if (tor_memeq(digest, entry->identity, DIGEST_LEN)) return entry; ); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, entry, - if (tor_memeq(digest, entry->identity, DIGEST_LEN)) - return entry; - ); -#endif return NULL; } @@ -3253,234 +2896,6 @@ entry_guard_get_by_id_digest(const char *digest) get_guard_selection_info(), digest); } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -/** Dump a description of our list of entry guards in the given guard - * selection context to the log at level <b>severity</b>. */ -static void -log_entry_guards_for_guard_selection(guard_selection_t *gs, int severity) -{ - smartlist_t *elements = smartlist_new(); - char *s; - - /* - * TODO this should probably log more info about prop-271 state too - * when it's implemented. - */ - - tor_assert(gs != NULL); - - SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, e) - { - const char *msg = NULL; - if (entry_is_live(e, ENTRY_NEED_CAPACITY, &msg)) - smartlist_add_asprintf(elements, "%s [%s] (up %s)", - e->nickname, - hex_str(e->identity, DIGEST_LEN), - e->made_contact ? "made-contact" : "never-contacted"); - else - smartlist_add_asprintf(elements, "%s [%s] (%s, %s)", - e->nickname, - hex_str(e->identity, DIGEST_LEN), - msg, - e->made_contact ? "made-contact" : "never-contacted"); - } - SMARTLIST_FOREACH_END(e); - - s = smartlist_join_strings(elements, ",", 0, NULL); - SMARTLIST_FOREACH(elements, char*, cp, tor_free(cp)); - smartlist_free(elements); - log_fn(severity,LD_CIRC,"%s",s); - tor_free(s); -} - -/** Called when one or more guards that we would previously have used for some - * purpose are no longer in use because a higher-priority guard has become - * usable again. */ -static void -control_event_guard_deferred(void) -{ - /* XXXX We don't actually have a good way to figure out _how many_ entries - * are live for some purpose. We need an entry_is_even_slightly_live() - * function for this to work right. NumEntryGuards isn't reliable: if we - * need guards with weird properties, we can have more than that number - * live. - **/ -#if 0 - int n = 0; - const char *msg; - const or_options_t *options = get_options(); - if (!entry_guards) - return; - SMARTLIST_FOREACH(entry_guards, entry_guard_t *, entry, - { - if (entry_is_live(entry, 0, 1, 0, &msg)) { - if (n++ == options->NumEntryGuards) { - control_event_guard(entry->nickname, entry->identity, "DEFERRED"); - return; - } - } - }); -#endif -} - -/** Add a new (preferably stable and fast) router to our chosen_entry_guards - * list for the supplied guard selection. Return a pointer to the router if - * we succeed, or NULL if we can't find any more suitable entries. - * - * If <b>chosen</b> is defined, use that one, and if it's not - * already in our entry_guards list, put it at the *beginning*. - * Else, put the one we pick at the end of the list. */ -STATIC const node_t * -add_an_entry_guard(guard_selection_t *gs, - const node_t *chosen, int reset_status, int prepend, - int for_discovery, int for_directory) -{ - const node_t *node; - entry_guard_t *entry; - - tor_assert(gs != NULL); - tor_assert(gs->chosen_entry_guards != NULL); - - if (chosen) { - node = chosen; - entry = entry_guard_get_by_id_digest_for_guard_selection(gs, - node->identity); - if (entry) { - if (reset_status) { - entry->bad_since = 0; - entry->can_retry = 1; - } - entry->is_dir_cache = node_is_dir(node); - if (get_options()->UseBridges && node_is_a_configured_bridge(node)) - entry->is_dir_cache = 1; - - return NULL; - } - } else if (!for_directory) { - node = choose_good_entry_server(CIRCUIT_PURPOSE_C_GENERAL, NULL, NULL); - if (!node) - return NULL; - } else { - const routerstatus_t *rs; - rs = router_pick_directory_server(MICRODESC_DIRINFO|V3_DIRINFO, - PDS_FOR_GUARD); - if (!rs) - return NULL; - node = node_get_by_id(rs->identity_digest); - if (!node) - return NULL; - } - if (entry_guard_get_by_id_digest_for_guard_selection(gs, node->identity) - != NULL) { - log_info(LD_CIRC, "I was about to add a duplicate entry guard."); - /* This can happen if we choose a guard, then the node goes away, then - * comes back. */ - return NULL; - } - entry = tor_malloc_zero(sizeof(entry_guard_t)); - entry->is_persistent = 1; - log_info(LD_CIRC, "Chose %s as new entry guard.", - node_describe(node)); - strlcpy(entry->nickname, node_get_nickname(node), sizeof(entry->nickname)); - memcpy(entry->identity, node->identity, DIGEST_LEN); - entry->is_dir_cache = node_is_dir(node); - if (get_options()->UseBridges && node_is_a_configured_bridge(node)) - entry->is_dir_cache = 1; - - /* Choose expiry time smudged over the past month. The goal here - * is to a) spread out when Tor clients rotate their guards, so they - * don't all select them on the same day, and b) avoid leaving a - * precise timestamp in the state file about when we first picked - * this guard. For details, see the Jan 2010 or-dev thread. */ - time_t now = time(NULL); - entry->chosen_on_date = crypto_rand_time_range(now - 3600*24*30, now); - entry->chosen_by_version = tor_strdup(VERSION); - - /* Are we picking this guard because all of our current guards are - * down so we need another one (for_discovery is 1), or because we - * decided we need more variety in our guard list (for_discovery is 0)? - * - * Currently we hack this behavior into place by setting "made_contact" - * for guards of the latter variety, so we'll be willing to use any of - * them right off the bat. - */ - if (!for_discovery) - entry->made_contact = 1; - - if (prepend) - smartlist_insert(gs->chosen_entry_guards, 0, entry); - else - smartlist_add(gs->chosen_entry_guards, entry); - entry->in_selection = gs; - - control_event_guard(entry->nickname, entry->identity, "NEW"); - control_event_guard_deferred(); - log_entry_guards_for_guard_selection(gs, LOG_INFO); - - return node; -} - -/** Entry point for bridges.c to add a bridge as guard. - * - * XXXX prop271 refactor, bridge.*/ -void -add_bridge_as_entry_guard(guard_selection_t *gs, - const node_t *chosen) -{ - add_an_entry_guard(gs, chosen, 1, 1, 0, 0); -} - -/** - * Return the minimum lifetime of working entry guard, in seconds, - * as given in the consensus networkstatus. (Plus CHOSEN_ON_DATE_SLOP, - * so that we can do the chosen_on_date randomization while achieving the - * desired minimum lifetime.) - */ -static int32_t -guards_get_lifetime(void) -{ - const or_options_t *options = get_options(); -#define DFLT_GUARD_LIFETIME (86400 * 60) /* Two months. */ -#define MIN_GUARD_LIFETIME (86400 * 30) /* One months. */ -#define MAX_GUARD_LIFETIME (86400 * 1826) /* Five years. */ - - if (options->GuardLifetime >= 1) { - return CLAMP(MIN_GUARD_LIFETIME, - options->GuardLifetime, - MAX_GUARD_LIFETIME) + CHOSEN_ON_DATE_SLOP; - } - - return networkstatus_get_param(NULL, "GuardLifetime", - DFLT_GUARD_LIFETIME, - MIN_GUARD_LIFETIME, - MAX_GUARD_LIFETIME) + CHOSEN_ON_DATE_SLOP; -} - -/** If the use of entry guards is configured, choose more entry guards - * until we have enough in the list. */ -static void -pick_entry_guards(guard_selection_t *gs, - const or_options_t *options, - int for_directory) -{ - int changed = 0; - const int num_needed = decide_num_guards(options, for_directory); - - tor_assert(gs != NULL); - tor_assert(gs->chosen_entry_guards != NULL); - - while (num_live_entry_guards_for_guard_selection(gs, for_directory) - < num_needed) { - if (!add_an_entry_guard(gs, NULL, 0, 0, 0, for_directory)) - break; - changed = 1; - } - - if (changed) - entry_guards_changed_for_guard_selection(gs); -} -#endif - /** Release all storage held by <b>e</b>. */ STATIC void entry_guard_free(entry_guard_t *e) @@ -3488,9 +2903,6 @@ entry_guard_free(entry_guard_t *e) if (!e) return; entry_guard_handles_clear(e); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - tor_free(e->chosen_by_version); -#endif tor_free(e->sampled_by_version); tor_free(e->extra_state_fields); tor_free(e->selection_name); @@ -3498,487 +2910,6 @@ entry_guard_free(entry_guard_t *e) tor_free(e); } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -/** Remove from a guard selection context any entry guard which was selected - * by an unknown version of Tor, or which was selected by a version of Tor - * that's known to select entry guards badly, or which was selected more 2 - * months ago. */ -/* XXXX The "obsolete guards" and "chosen long ago guards" things should - * probably be different functions. */ -static int -remove_obsolete_entry_guards(guard_selection_t *gs, time_t now) -{ - int changed = 0, i; - int32_t guard_lifetime = guards_get_lifetime(); - - tor_assert(gs != NULL); - if (!(gs->chosen_entry_guards)) goto done; - - for (i = 0; i < smartlist_len(gs->chosen_entry_guards); ++i) { - entry_guard_t *entry = smartlist_get(gs->chosen_entry_guards, i); - const char *ver = entry->chosen_by_version; - const char *msg = NULL; - tor_version_t v; - int version_is_bad = 0, date_is_bad = 0; - if (!ver) { - msg = "does not say what version of Tor it was selected by"; - version_is_bad = 1; - } else if (tor_version_parse(ver, &v)) { - msg = "does not seem to be from any recognized version of Tor"; - version_is_bad = 1; - } - if (!version_is_bad && entry->chosen_on_date + guard_lifetime < now) { - /* It's been too long since the date listed in our state file. */ - msg = "was selected several months ago"; - date_is_bad = 1; - } - - if (version_is_bad || date_is_bad) { /* we need to drop it */ - char dbuf[HEX_DIGEST_LEN+1]; - tor_assert(msg); - base16_encode(dbuf, sizeof(dbuf), entry->identity, DIGEST_LEN); - log_fn(version_is_bad ? LOG_NOTICE : LOG_INFO, LD_CIRC, - "Entry guard '%s' (%s) %s. (Version=%s.) Replacing it.", - entry->nickname, dbuf, msg, ver?escaped(ver):"none"); - control_event_guard(entry->nickname, entry->identity, "DROPPED"); - entry_guard_free(entry); - smartlist_del_keeporder(gs->chosen_entry_guards, i--); - log_entry_guards_for_guard_selection(gs, LOG_INFO); - changed = 1; - } - } - - done: - return changed ? 1 : 0; -} - -/** Remove all entry guards from this guard selection context that have - * been down or unlisted for so long that we don't think they'll come up - * again. Return 1 if we removed any, or 0 if we did nothing. */ -static int -remove_dead_entry_guards(guard_selection_t *gs, time_t now) -{ - char dbuf[HEX_DIGEST_LEN+1]; - char tbuf[ISO_TIME_LEN+1]; - int i; - int changed = 0; - - tor_assert(gs != NULL); - if (!(gs->chosen_entry_guards)) goto done; - - for (i = 0; i < smartlist_len(gs->chosen_entry_guards); ) { - entry_guard_t *entry = smartlist_get(gs->chosen_entry_guards, i); - if (entry->bad_since && - ! entry->pb.path_bias_disabled && - entry->bad_since + ENTRY_GUARD_REMOVE_AFTER < now) { - - base16_encode(dbuf, sizeof(dbuf), entry->identity, DIGEST_LEN); - format_local_iso_time(tbuf, entry->bad_since); - log_info(LD_CIRC, "Entry guard '%s' (%s) has been down or unlisted " - "since %s local time; removing.", - entry->nickname, dbuf, tbuf); - control_event_guard(entry->nickname, entry->identity, "DROPPED"); - entry_guard_free(entry); - smartlist_del_keeporder(gs->chosen_entry_guards, i); - log_entry_guards_for_guard_selection(gs, LOG_INFO); - changed = 1; - } else - ++i; - } - - done: - return changed ? 1 : 0; -} - -/** Remove all currently listed entry guards for a given guard selection - * context */ -void -remove_all_entry_guards_for_guard_selection(guard_selection_t *gs) -{ - char dbuf[HEX_DIGEST_LEN+1]; - - tor_assert(gs != NULL); - - if (gs->chosen_entry_guards) { - while (smartlist_len(gs->chosen_entry_guards)) { - entry_guard_t *entry = smartlist_get(gs->chosen_entry_guards, 0); - base16_encode(dbuf, sizeof(dbuf), entry->identity, DIGEST_LEN); - log_info(LD_CIRC, "Entry guard '%s' (%s) has been dropped.", - entry->nickname, dbuf); - control_event_guard(entry->nickname, entry->identity, "DROPPED"); - entry_guard_free(entry); - smartlist_del(gs->chosen_entry_guards, 0); - } - } - - log_entry_guards_for_guard_selection(gs, LOG_INFO); - entry_guards_changed_for_guard_selection(gs); -} - -/** Remove all currently listed entry guards. So new ones will be chosen. */ -void -remove_all_entry_guards(void) -{ - // XXXX prop271 this function shouldn't exist, in the new order. - remove_all_entry_guards_for_guard_selection(get_guard_selection_info()); -} - -/** A new directory or router-status has arrived; update the down/listed - * status of the entry guards. - * - * An entry is 'down' if the directory lists it as nonrunning. - * An entry is 'unlisted' if the directory doesn't include it. - * - * Don't call this on startup; only on a fresh download. Otherwise we'll - * think that things are unlisted. - */ -void -entry_guards_compute_status_for_guard_selection(guard_selection_t *gs, - const or_options_t *options, - time_t now) -{ - int changed = 0; - digestmap_t *reasons; - - if ((!gs) || !(gs->chosen_entry_guards)) - return; - - if (!get_options()->UseDeprecatedGuardAlgorithm) - return; - - if (options->EntryNodes) /* reshuffle the entry guard list if needed */ - entry_nodes_should_be_added(); - - reasons = digestmap_new(); - SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, entry) - { - const node_t *r = node_get_by_id(entry->identity); - const char *reason = NULL; - if (entry_guard_set_status(entry, r, now, options, &reason)) - changed = 1; - - if (entry->bad_since) - tor_assert(reason); - if (reason) - digestmap_set(reasons, entry->identity, (char*)reason); - } - SMARTLIST_FOREACH_END(entry); - - if (remove_dead_entry_guards(gs, now)) - changed = 1; - if (remove_obsolete_entry_guards(gs, now)) - changed = 1; - - if (changed) { - SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, - entry) { - const char *reason = digestmap_get(reasons, entry->identity); - const char *live_msg = ""; - const node_t *r = entry_is_live(entry, ENTRY_NEED_CAPACITY, &live_msg); - log_info(LD_CIRC, "Summary: Entry %s [%s] is %s, %s%s%s, and %s%s.", - entry->nickname, - hex_str(entry->identity, DIGEST_LEN), - entry->unreachable_since ? "unreachable" : "reachable", - entry->bad_since ? "unusable" : "usable", - reason ? ", ": "", - reason ? reason : "", - r ? "live" : "not live / ", - r ? "" : live_msg); - } SMARTLIST_FOREACH_END(entry); - log_info(LD_CIRC, " (%d/%d entry guards are usable/new)", - num_live_entry_guards_for_guard_selection(gs, 0), - smartlist_len(gs->chosen_entry_guards)); - log_entry_guards_for_guard_selection(gs, LOG_INFO); - entry_guards_changed_for_guard_selection(gs); - } - - digestmap_free(reasons, NULL); -} - -/** A new directory or router-status has arrived; update the down/listed - * status of the entry guards. - * - * An entry is 'down' if the directory lists it as nonrunning. - * An entry is 'unlisted' if the directory doesn't include it. - * - * Don't call this on startup; only on a fresh download. Otherwise we'll - * think that things are unlisted. - */ -void -entry_guards_compute_status(const or_options_t *options, time_t now) -{ - entry_guards_compute_status_for_guard_selection(get_guard_selection_info(), - options, now); -} - -/** Called when a connection to an OR with the identity digest <b>digest</b> - * is established (<b>succeeded</b>==1) or has failed (<b>succeeded</b>==0). - * If the OR is an entry, change that entry's up/down status. - * Return 0 normally, or -1 if we want to tear down the new connection. - * - * If <b>mark_relay_status</b>, also call router_set_status() on this - * relay. - */ -/* XXX We could change succeeded and mark_relay_status into 'int flags'. - * Too many boolean arguments is a recipe for confusion. - */ -int -entry_guard_register_connect_status_for_guard_selection( - guard_selection_t *gs, const char *digest, int succeeded, - int mark_relay_status, time_t now) -{ - int changed = 0; - int refuse_conn = 0; - int first_contact = 0; - entry_guard_t *entry = NULL; - int idx = -1; - char buf[HEX_DIGEST_LEN+1]; - - if (!(gs) || !(gs->chosen_entry_guards)) { - return 0; - } - - if (! get_options()->UseDeprecatedGuardAlgorithm) { - return 0; - } - - SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, e) { - tor_assert(e); - if (tor_memeq(e->identity, digest, DIGEST_LEN)) { - entry = e; - idx = e_sl_idx; - break; - } - } SMARTLIST_FOREACH_END(e); - - if (!entry) - return 0; - - base16_encode(buf, sizeof(buf), entry->identity, DIGEST_LEN); - - if (succeeded) { - if (entry->unreachable_since) { - log_info(LD_CIRC, "Entry guard '%s' (%s) is now reachable again. Good.", - entry->nickname, buf); - entry->can_retry = 0; - entry->unreachable_since = 0; - entry->last_attempted = now; - control_event_guard(entry->nickname, entry->identity, "UP"); - changed = 1; - } - if (!entry->made_contact) { - entry->made_contact = 1; - first_contact = changed = 1; - } - } else { /* ! succeeded */ - if (!entry->made_contact) { - /* We've never connected to this one. */ - log_info(LD_CIRC, - "Connection to never-contacted entry guard '%s' (%s) failed. " - "Removing from the list. %d/%d entry guards usable/new.", - entry->nickname, buf, - num_live_entry_guards_for_guard_selection(gs, 0) - 1, - smartlist_len(gs->chosen_entry_guards)-1); - control_event_guard(entry->nickname, entry->identity, "DROPPED"); - entry_guard_free(entry); - smartlist_del_keeporder(gs->chosen_entry_guards, idx); - log_entry_guards_for_guard_selection(gs, LOG_INFO); - changed = 1; - } else if (!entry->unreachable_since) { - log_info(LD_CIRC, "Unable to connect to entry guard '%s' (%s). " - "Marking as unreachable.", entry->nickname, buf); - entry->unreachable_since = entry->last_attempted = now; - control_event_guard(entry->nickname, entry->identity, "DOWN"); - changed = 1; - entry->can_retry = 0; /* We gave it an early chance; no good. */ - } else { - char tbuf[ISO_TIME_LEN+1]; - format_iso_time(tbuf, entry->unreachable_since); - log_debug(LD_CIRC, "Failed to connect to unreachable entry guard " - "'%s' (%s). It has been unreachable since %s.", - entry->nickname, buf, tbuf); - entry->last_attempted = now; - entry->can_retry = 0; /* We gave it an early chance; no good. */ - } - } - - /* if the caller asked us to, also update the is_running flags for this - * relay */ - if (mark_relay_status) - router_set_status(digest, succeeded); - - if (first_contact) { - /* We've just added a new long-term entry guard. Perhaps the network just - * came back? We should give our earlier entries another try too, - * and close this connection so we don't use it before we've given - * the others a shot. */ - SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, e) { - if (e == entry) - break; - if (e->made_contact) { - const char *msg; - const node_t *r = entry_is_live(e, - ENTRY_NEED_CAPACITY | ENTRY_ASSUME_REACHABLE, - &msg); - if (r && e->unreachable_since) { - refuse_conn = 1; - e->can_retry = 1; - } - } - } SMARTLIST_FOREACH_END(e); - if (refuse_conn) { - log_info(LD_CIRC, - "Connected to new entry guard '%s' (%s). Marking earlier " - "entry guards up. %d/%d entry guards usable/new.", - entry->nickname, buf, - num_live_entry_guards_for_guard_selection(gs, 0), - smartlist_len(gs->chosen_entry_guards)); - log_entry_guards_for_guard_selection(gs, LOG_INFO); - changed = 1; - } - } - - if (changed) - entry_guards_changed_for_guard_selection(gs); - return refuse_conn ? -1 : 0; -} - -/** Called when a connection to an OR with the identity digest <b>digest</b> - * is established (<b>succeeded</b>==1) or has failed (<b>succeeded</b>==0). - * If the OR is an entry, change that entry's up/down status in the default - * guard selection context. - * Return 0 normally, or -1 if we want to tear down the new connection. - * - * If <b>mark_relay_status</b>, also call router_set_status() on this - * relay. - */ -int -entry_guard_register_connect_status(const char *digest, int succeeded, - int mark_relay_status, time_t now) -{ - return entry_guard_register_connect_status_for_guard_selection( - get_guard_selection_info(), digest, succeeded, mark_relay_status, now); -} - -/** Called when the value of EntryNodes changes in our configuration. */ -void -entry_nodes_should_be_added_for_guard_selection(guard_selection_t *gs) -{ - tor_assert(gs != NULL); - - log_info(LD_CIRC, "EntryNodes config option set. Putting configured " - "relays at the front of the entry guard list."); - gs->should_add_entry_nodes = 1; -} - -/** Called when the value of EntryNodes changes in our configuration. */ -void -entry_nodes_should_be_added(void) -{ - entry_nodes_should_be_added_for_guard_selection( - get_guard_selection_info()); -} - -/** Adjust the entry guards list so that it only contains entries from - * EntryNodes, adding new entries from EntryNodes to the list as needed. */ -STATIC void -entry_guards_set_from_config(guard_selection_t *gs, - const or_options_t *options) -{ - smartlist_t *entry_nodes, *worse_entry_nodes, *entry_fps; - smartlist_t *old_entry_guards_on_list, *old_entry_guards_not_on_list; - const int numentryguards = decide_num_guards(options, 0); - - tor_assert(gs != NULL); - tor_assert(gs->chosen_entry_guards != NULL); - - gs->should_add_entry_nodes = 0; - - if (!options->EntryNodes) { - /* It's possible that a controller set EntryNodes, thus making - * should_add_entry_nodes set, then cleared it again, all before the - * call to choose_random_entry() that triggered us. If so, just return. - */ - return; - } - - { - char *string = routerset_to_string(options->EntryNodes); - log_info(LD_CIRC,"Adding configured EntryNodes '%s'.", string); - tor_free(string); - } - - entry_nodes = smartlist_new(); - worse_entry_nodes = smartlist_new(); - entry_fps = smartlist_new(); - old_entry_guards_on_list = smartlist_new(); - old_entry_guards_not_on_list = smartlist_new(); - - /* Split entry guards into those on the list and those not. */ - - routerset_get_all_nodes(entry_nodes, options->EntryNodes, - options->ExcludeNodes, 0); - SMARTLIST_FOREACH(entry_nodes, const node_t *,node, - smartlist_add(entry_fps, (void*)node->identity)); - - SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, e, { - if (smartlist_contains_digest(entry_fps, e->identity)) - smartlist_add(old_entry_guards_on_list, e); - else - smartlist_add(old_entry_guards_not_on_list, e); - }); - - /* Remove all currently configured guard nodes, excluded nodes, unreachable - * nodes, or non-Guard nodes from entry_nodes. */ - SMARTLIST_FOREACH_BEGIN(entry_nodes, const node_t *, node) { - if (entry_guard_get_by_id_digest_for_guard_selection(gs, - node->identity)) { - SMARTLIST_DEL_CURRENT(entry_nodes, node); - continue; - } else if (routerset_contains_node(options->ExcludeNodes, node)) { - SMARTLIST_DEL_CURRENT(entry_nodes, node); - continue; - } else if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, - 0)) { - SMARTLIST_DEL_CURRENT(entry_nodes, node); - continue; - } else if (! node->is_possible_guard) { - smartlist_add(worse_entry_nodes, (node_t*)node); - SMARTLIST_DEL_CURRENT(entry_nodes, node); - } - } SMARTLIST_FOREACH_END(node); - - /* Now build the new entry_guards list. */ - smartlist_clear(gs->chosen_entry_guards); - /* First, the previously configured guards that are in EntryNodes. */ - smartlist_add_all(gs->chosen_entry_guards, old_entry_guards_on_list); - /* Next, scramble the rest of EntryNodes, putting the guards first. */ - smartlist_shuffle(entry_nodes); - smartlist_shuffle(worse_entry_nodes); - smartlist_add_all(entry_nodes, worse_entry_nodes); - - /* Next, the rest of EntryNodes */ - SMARTLIST_FOREACH_BEGIN(entry_nodes, const node_t *, node) { - add_an_entry_guard(gs, node, 0, 0, 1, 0); - if (smartlist_len(gs->chosen_entry_guards) > numentryguards * 10) - break; - } SMARTLIST_FOREACH_END(node); - log_notice(LD_GENERAL, "%d entries in guards", - smartlist_len(gs->chosen_entry_guards)); - /* Finally, free the remaining previously configured guards that are not in - * EntryNodes. */ - SMARTLIST_FOREACH(old_entry_guards_not_on_list, entry_guard_t *, e, - entry_guard_free(e)); - - smartlist_free(entry_nodes); - smartlist_free(worse_entry_nodes); - smartlist_free(entry_fps); - smartlist_free(old_entry_guards_on_list); - smartlist_free(old_entry_guards_not_on_list); - entry_guards_changed_for_guard_selection(gs); -} -#endif - /** Return 0 if we're fine adding arbitrary routers out of the * directory to our entry guard list, or return 1 if we have a * list already and we must stick to it. @@ -3994,35 +2925,6 @@ entry_list_is_constrained(const or_options_t *options) return 0; } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -/** Pick a live (up and listed) entry guard from entry_guards. If - * <b>state</b> is non-NULL, this is for a specific circuit -- - * make sure not to pick this circuit's exit or any node in the - * exit's family. If <b>state</b> is NULL, we're looking for a random - * guard (likely a bridge). If <b>dirinfo</b> is not NO_DIRINFO (zero), - * then only select from nodes that know how to answer directory questions - * of that type. */ -const node_t * -choose_random_entry(cpath_build_state_t *state) -{ - tor_assert(get_options()->UseDeprecatedGuardAlgorithm); - - return choose_random_entry_impl(get_guard_selection_info(), - state, 0, NO_DIRINFO, NULL); -} - -/** Pick a live (up and listed) directory guard from entry_guards for - * downloading information of type <b>type</b>. */ -const node_t * -choose_random_dirguard(dirinfo_type_t type) -{ - tor_assert(get_options()->UseDeprecatedGuardAlgorithm); - - return choose_random_entry_impl(get_guard_selection_info(), - NULL, 1, type, NULL); -} -#endif - /** Return the number of bridges that have descriptors that are marked with * purpose 'bridge' and are running. */ @@ -4031,249 +2933,24 @@ num_bridges_usable(void) { int n_options = 0; - if (get_options()->UseDeprecatedGuardAlgorithm) { -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - tor_assert(get_options()->UseBridges); - (void) choose_random_entry_impl(get_guard_selection_info(), - NULL, 0, 0, &n_options); -#else - tor_assert_nonfatal_unreached(); -#endif - } else { - /* XXXX prop271 Is this quite right? */ - tor_assert(get_options()->UseBridges); - guard_selection_t *gs = get_guard_selection_info(); - tor_assert(gs->type == GS_TYPE_BRIDGE); + /* XXXX prop271 Is this quite right? */ + tor_assert(get_options()->UseBridges); + guard_selection_t *gs = get_guard_selection_info(); + tor_assert(gs->type == GS_TYPE_BRIDGE); - SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { - if (guard->is_reachable == GUARD_REACHABLE_NO) - continue; - if (tor_digest_is_zero(guard->identity)) - continue; - const node_t *node = node_get_by_id(guard->identity); - if (node && node->ri) - ++n_options; - } SMARTLIST_FOREACH_END(guard); - } + SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { + if (guard->is_reachable == GUARD_REACHABLE_NO) + continue; + if (tor_digest_is_zero(guard->identity)) + continue; + const node_t *node = node_get_by_id(guard->identity); + if (node && node->ri) + ++n_options; + } SMARTLIST_FOREACH_END(guard); return n_options; } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -/** Filter <b>all_entry_guards</b> for usable entry guards and put them - * in <b>live_entry_guards</b>. We filter based on whether the node is - * currently alive, and on whether it satisfies the restrictions - * imposed by the other arguments of this function. - * - * We don't place more guards than NumEntryGuards in <b>live_entry_guards</b>. - * - * If <b>chosen_exit</b> is set, it contains the exit node of this - * circuit. Make sure to not use it or its family as an entry guard. - * - * If <b>need_uptime</b> is set, we are looking for a stable entry guard. - * if <b>need_capacity</b> is set, we are looking for a fast entry guard. - * - * The rest of the arguments are the same as in choose_random_entry_impl(). - * - * Return 1 if we should choose a guard right away. Return 0 if we - * should try to add more nodes to our list before deciding on a - * guard. - */ -STATIC int -populate_live_entry_guards(smartlist_t *live_entry_guards, - const smartlist_t *all_entry_guards, - const node_t *chosen_exit, - dirinfo_type_t dirinfo_type, - int for_directory, - int need_uptime, int need_capacity) -{ - const or_options_t *options = get_options(); - const node_t *node = NULL; - const int num_needed = decide_num_guards(options, for_directory); - smartlist_t *exit_family = smartlist_new(); - int retval = 0; - entry_is_live_flags_t entry_flags = 0; - - (void) dirinfo_type; - - { /* Set the flags we want our entry node to have */ - if (need_uptime) { - entry_flags |= ENTRY_NEED_UPTIME; - } - if (need_capacity) { - entry_flags |= ENTRY_NEED_CAPACITY; - } - if (!for_directory) { - entry_flags |= ENTRY_NEED_DESCRIPTOR; - } - } - - tor_assert(all_entry_guards); - - if (chosen_exit) { - nodelist_add_node_and_family(exit_family, chosen_exit); - } - - SMARTLIST_FOREACH_BEGIN(all_entry_guards, const entry_guard_t *, entry) { - const char *msg; - node = entry_is_live(entry, entry_flags, &msg); - if (!node) - continue; /* down, no point */ - if (for_directory) { - if (!entry->is_dir_cache) - continue; /* We need a directory and didn't get one. */ - } - if (node == chosen_exit) - continue; /* don't pick the same node for entry and exit */ - if (smartlist_contains(exit_family, node)) - continue; /* avoid relays that are family members of our exit */ - smartlist_add(live_entry_guards, (void*)node); - if (!entry->made_contact) { - /* Always start with the first not-yet-contacted entry - * guard. Otherwise we might add several new ones, pick - * the second new one, and now we've expanded our entry - * guard list without needing to. */ - retval = 1; - goto done; - } - if (smartlist_len(live_entry_guards) >= num_needed) { - retval = 1; - goto done; /* We picked enough entry guards. Done! */ - } - } SMARTLIST_FOREACH_END(entry); - - done: - smartlist_free(exit_family); - - return retval; -} - -/** Pick a node to be used as the entry guard of a circuit, relative to - * a supplied guard selection context. - * - * If <b>state</b> is set, it contains the information we know about - * the upcoming circuit. - * - * If <b>for_directory</b> is set, we are looking for a directory guard. - * - * <b>dirinfo_type</b> contains the kind of directory information we - * are looking for in our node, or NO_DIRINFO (zero) if we are not - * looking for any particular directory information (when set to - * NO_DIRINFO, the <b>dirinfo_type</b> filter is ignored). - * - * If <b>n_options_out</b> is set, we set it to the number of - * candidate guard nodes we had before picking a specific guard node. - * - * On success, return the node that should be used as the entry guard - * of the circuit. Return NULL if no such node could be found. - * - * Helper for choose_random{entry,dirguard}. -*/ -static const node_t * -choose_random_entry_impl(guard_selection_t *gs, - cpath_build_state_t *state, int for_directory, - dirinfo_type_t dirinfo_type, int *n_options_out) -{ - const or_options_t *options = get_options(); - smartlist_t *live_entry_guards = smartlist_new(); - const node_t *chosen_exit = - state?build_state_get_exit_node(state) : NULL; - const node_t *node = NULL; - int need_uptime = state ? state->need_uptime : 0; - int need_capacity = state ? state->need_capacity : 0; - int preferred_min = 0; - const int num_needed = decide_num_guards(options, for_directory); - int retval = 0; - - tor_assert(gs != NULL); - tor_assert(gs->chosen_entry_guards != NULL); - - if (n_options_out) - *n_options_out = 0; - - if (gs->should_add_entry_nodes) - entry_guards_set_from_config(gs, options); - - if (!entry_list_is_constrained(options) && - smartlist_len(gs->chosen_entry_guards) < num_needed) - pick_entry_guards(gs, options, for_directory); - - retry: - smartlist_clear(live_entry_guards); - - /* Populate the list of live entry guards so that we pick one of - them. */ - retval = populate_live_entry_guards(live_entry_guards, - gs->chosen_entry_guards, - chosen_exit, - dirinfo_type, - for_directory, - need_uptime, need_capacity); - - if (retval == 1) { /* We should choose a guard right now. */ - goto choose_and_finish; - } - - if (entry_list_is_constrained(options)) { - /* If we prefer the entry nodes we've got, and we have at least - * one choice, that's great. Use it. */ - preferred_min = 1; - } else { - /* Try to have at least 2 choices available. This way we don't - * get stuck with a single live-but-crummy entry and just keep - * using it. - * (We might get 2 live-but-crummy entry guards, but so be it.) */ - preferred_min = 2; - } - - if (smartlist_len(live_entry_guards) < preferred_min) { - if (!entry_list_is_constrained(options)) { - /* still no? try adding a new entry then */ - /* XXX if guard doesn't imply fast and stable, then we need - * to tell add_an_entry_guard below what we want, or it might - * be a long time til we get it. -RD */ - node = add_an_entry_guard(gs, NULL, 0, 0, 1, for_directory); - if (node) { - entry_guards_changed_for_guard_selection(gs); - /* XXX we start over here in case the new node we added shares - * a family with our exit node. There's a chance that we'll just - * load up on entry guards here, if the network we're using is - * one big family. Perhaps we should teach add_an_entry_guard() - * to understand nodes-to-avoid-if-possible? -RD */ - goto retry; - } - } - if (!node && need_uptime) { - need_uptime = 0; /* try without that requirement */ - goto retry; - } - if (!node && need_capacity) { - /* still no? last attempt, try without requiring capacity */ - need_capacity = 0; - goto retry; - } - - /* live_entry_guards may be empty below. Oh well, we tried. */ - } - - choose_and_finish: - if (entry_list_is_constrained(options)) { - /* We need to weight by bandwidth, because our bridges or entryguards - * were not already selected proportional to their bandwidth. */ - node = node_sl_choose_by_bandwidth(live_entry_guards, WEIGHT_FOR_GUARD); - } else { - /* We choose uniformly at random here, because choose_good_entry_server() - * already weights its choices by bandwidth, so we don't want to - * *double*-weight our guard selection. */ - node = smartlist_choose(live_entry_guards); - } - if (n_options_out) - *n_options_out = smartlist_len(live_entry_guards); - smartlist_free(live_entry_guards); - return node; -} -#endif - /** Check the pathbias use success count of <b>node</b> and disable it if it * goes over our thresholds. */ static void @@ -4320,262 +2997,6 @@ pathbias_check_close_success_count(entry_guard_t *node) } } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -/** Parse <b>state</b> and learn about the entry guards it describes. - * If <b>set</b> is true, and there are no errors, replace the guard - * list in the provided guard selection context with what we find. - * On success, return 0. On failure, alloc into *<b>msg</b> a string - * describing the error, and return -1. - */ -int -entry_guards_parse_state_for_guard_selection( - guard_selection_t *gs, - or_state_t *state, int set, char **msg) -{ - entry_guard_t *node = NULL; - smartlist_t *new_entry_guards = smartlist_new(); - config_line_t *line; - time_t now = time(NULL); - const char *state_version = state->TorVersion; - digestmap_t *added_by = digestmap_new(); - - tor_assert(gs != NULL); - - *msg = NULL; - for (line = state->EntryGuards; line; line = line->next) { - if (!strcasecmp(line->key, "EntryGuard")) { - smartlist_t *args = smartlist_new(); - node = tor_malloc_zero(sizeof(entry_guard_t)); - /* all entry guards on disk have been contacted */ - node->made_contact = 1; - node->is_persistent = 1; - smartlist_add(new_entry_guards, node); - smartlist_split_string(args, line->value, " ", - SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); - if (smartlist_len(args)<2) { - *msg = tor_strdup("Unable to parse entry nodes: " - "Too few arguments to EntryGuard"); - } else if (!is_legal_nickname(smartlist_get(args,0))) { - *msg = tor_strdup("Unable to parse entry nodes: " - "Bad nickname for EntryGuard"); - } else { - strlcpy(node->nickname, smartlist_get(args,0), MAX_NICKNAME_LEN+1); - if (base16_decode(node->identity, DIGEST_LEN, smartlist_get(args,1), - strlen(smartlist_get(args,1))) != DIGEST_LEN) { - *msg = tor_strdup("Unable to parse entry nodes: " - "Bad hex digest for EntryGuard"); - } - } - if (smartlist_len(args) >= 3) { - const char *is_cache = smartlist_get(args, 2); - if (!strcasecmp(is_cache, "DirCache")) { - node->is_dir_cache = 1; - } else if (!strcasecmp(is_cache, "NoDirCache")) { - node->is_dir_cache = 0; - } else { - log_warn(LD_CONFIG, "Bogus third argument to EntryGuard line: %s", - escaped(is_cache)); - } - } - SMARTLIST_FOREACH(args, char*, cp, tor_free(cp)); - smartlist_free(args); - if (*msg) - break; - } else if (!strcasecmp(line->key, "EntryGuardDownSince") || - !strcasecmp(line->key, "EntryGuardUnlistedSince")) { - time_t when; - time_t last_try = 0; - if (!node) { - *msg = tor_strdup("Unable to parse entry nodes: " - "EntryGuardDownSince/UnlistedSince without EntryGuard"); - break; - } - if (parse_iso_time_(line->value, &when, 0, 0)<0) { - *msg = tor_strdup("Unable to parse entry nodes: " - "Bad time in EntryGuardDownSince/UnlistedSince"); - break; - } - if (when > now) { - /* It's a bad idea to believe info in the future: you can wind - * up with timeouts that aren't allowed to happen for years. */ - continue; - } - if (strlen(line->value) >= ISO_TIME_LEN+ISO_TIME_LEN+1) { - /* ignore failure */ - (void) parse_iso_time(line->value+ISO_TIME_LEN+1, &last_try); - } - if (!strcasecmp(line->key, "EntryGuardDownSince")) { - node->unreachable_since = when; - node->last_attempted = last_try; - } else { - node->bad_since = when; - } - } else if (!strcasecmp(line->key, "EntryGuardAddedBy")) { - char d[DIGEST_LEN]; - /* format is digest version date */ - if (strlen(line->value) < HEX_DIGEST_LEN+1+1+1+ISO_TIME_LEN) { - log_warn(LD_BUG, "EntryGuardAddedBy line is not long enough."); - continue; - } - if (base16_decode(d, sizeof(d), - line->value, HEX_DIGEST_LEN) != sizeof(d) || - line->value[HEX_DIGEST_LEN] != ' ') { - log_warn(LD_BUG, "EntryGuardAddedBy line %s does not begin with " - "hex digest", escaped(line->value)); - continue; - } - digestmap_set(added_by, d, tor_strdup(line->value+HEX_DIGEST_LEN+1)); - } else if (!strcasecmp(line->key, "EntryGuardPathUseBias")) { - double use_cnt, success_cnt; - - if (!node) { - *msg = tor_strdup("Unable to parse entry nodes: " - "EntryGuardPathUseBias without EntryGuard"); - break; - } - - if (tor_sscanf(line->value, "%lf %lf", - &use_cnt, &success_cnt) != 2) { - log_info(LD_GENERAL, "Malformed path use bias line for node %s", - node->nickname); - continue; - } - - if (use_cnt < success_cnt) { - int severity = LOG_INFO; - /* If this state file was written by a Tor that would have - * already fixed it, then the overcounting bug is still there.. */ - if (tor_version_as_new_as(state_version, "0.2.4.13-alpha")) { - severity = LOG_NOTICE; - } - log_fn(severity, LD_BUG, - "State file contains unexpectedly high usage success " - "counts %lf/%lf for Guard %s ($%s)", - success_cnt, use_cnt, - node->nickname, hex_str(node->identity, DIGEST_LEN)); - success_cnt = use_cnt; - } - - node->pb.use_attempts = use_cnt; - node->pb.use_successes = success_cnt; - - log_info(LD_GENERAL, "Read %f/%f path use bias for node %s", - node->pb.use_successes, node->pb.use_attempts, node->nickname); - - pathbias_check_use_success_count(node); - - } else if (!strcasecmp(line->key, "EntryGuardPathBias")) { - double hop_cnt, success_cnt, timeouts, collapsed, successful_closed, - unusable; - - if (!node) { - *msg = tor_strdup("Unable to parse entry nodes: " - "EntryGuardPathBias without EntryGuard"); - break; - } - - /* First try 3 params, then 2. */ - /* In the long run: circuit_success ~= successful_circuit_close + - * collapsed_circuits + - * unusable_circuits */ - if (tor_sscanf(line->value, "%lf %lf %lf %lf %lf %lf", - &hop_cnt, &success_cnt, &successful_closed, - &collapsed, &unusable, &timeouts) != 6) { - int old_success, old_hops; - if (tor_sscanf(line->value, "%u %u", &old_success, &old_hops) != 2) { - continue; - } - log_info(LD_GENERAL, "Reading old-style EntryGuardPathBias %s", - escaped(line->value)); - - success_cnt = old_success; - successful_closed = old_success; - hop_cnt = old_hops; - timeouts = 0; - collapsed = 0; - unusable = 0; - } - - if (hop_cnt < success_cnt) { - int severity = LOG_INFO; - /* If this state file was written by a Tor that would have - * already fixed it, then the overcounting bug is still there.. */ - if (tor_version_as_new_as(state_version, "0.2.4.13-alpha")) { - severity = LOG_NOTICE; - } - log_fn(severity, LD_BUG, - "State file contains unexpectedly high success counts " - "%lf/%lf for Guard %s ($%s)", - success_cnt, hop_cnt, - node->nickname, hex_str(node->identity, DIGEST_LEN)); - success_cnt = hop_cnt; - } - - node->pb.circ_attempts = hop_cnt; - node->pb.circ_successes = success_cnt; - - node->pb.successful_circuits_closed = successful_closed; - node->pb.timeouts = timeouts; - node->pb.collapsed_circuits = collapsed; - node->pb.unusable_circuits = unusable; - - log_info(LD_GENERAL, "Read %f/%f path bias for node %s", - node->pb.circ_successes, node->pb.circ_attempts, - node->nickname); - - pathbias_check_close_success_count(node); - } else { - log_warn(LD_BUG, "Unexpected key %s", line->key); - } - } - - SMARTLIST_FOREACH_BEGIN(new_entry_guards, entry_guard_t *, e) { - char *sp; - char *val = digestmap_get(added_by, e->identity); - if (val && (sp = strchr(val, ' '))) { - time_t when; - *sp++ = '\0'; - if (parse_iso_time(sp, &when)<0) { - log_warn(LD_BUG, "Can't read time %s in EntryGuardAddedBy", sp); - } else { - e->chosen_by_version = tor_strdup(val); - e->chosen_on_date = when; - } - } else { - if (state_version) { - e->chosen_on_date = crypto_rand_time_range(now - 3600*24*30, now); - e->chosen_by_version = tor_strdup(state_version); - } - } - if (e->pb.path_bias_disabled && !e->bad_since) - e->bad_since = time(NULL); - } - SMARTLIST_FOREACH_END(e); - - if (*msg || !set) { - SMARTLIST_FOREACH(new_entry_guards, entry_guard_t *, e, - entry_guard_free(e)); - smartlist_free(new_entry_guards); - } else { /* !err && set */ - if (gs->chosen_entry_guards) { - SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, e, - entry_guard_free(e)); - smartlist_free(gs->chosen_entry_guards); - } - gs->chosen_entry_guards = new_entry_guards; - SMARTLIST_FOREACH(new_entry_guards, entry_guard_t *, e, - e->in_selection = gs); - - /* XXX hand new_entry_guards to this func, and move it up a - * few lines, so we don't have to re-dirty it */ - if (remove_obsolete_entry_guards(gs, now)) - entry_guards_dirty = 1; - } - digestmap_free(added_by, tor_free_); - return *msg ? -1 : 0; -} -#endif - /** Parse <b>state</b> and learn about the entry guards it describes. * If <b>set</b> is true, and there are no errors, replace the guard * list in the default guard selection context with what we find. @@ -4586,20 +3007,10 @@ int entry_guards_parse_state(or_state_t *state, int set, char **msg) { entry_guards_dirty = 0; - int r1 = entry_guards_load_guards_from_state(state, set); - -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - int r2 = entry_guards_parse_state_for_guard_selection( - get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 1), - state, set, msg); -#else - int r2 = 0; -#endif - entry_guards_dirty = 0; - if (r1 < 0 || r2 < 0) { + if (r1 < 0) { if (msg && *msg == NULL) { *msg = tor_strdup("parsing error"); //xxxx prop271 should we try harder? } @@ -4659,93 +3070,68 @@ entry_guards_update_state(or_state_t *state) { entry_guards_dirty = 0; - // Handles all non-legacy guard info. + // Handles all guard info. entry_guards_update_guards_in_state(state); entry_guards_dirty = 0; -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - config_line_t **next, *line; - - guard_selection_t *gs; - gs = get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 0); - if (!gs) - return; // nothign to save. - tor_assert(gs->chosen_entry_guards != NULL); - - config_free_lines(state->EntryGuards); - next = &state->EntryGuards; - *next = NULL; - SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, e) { - char dbuf[HEX_DIGEST_LEN+1]; - if (!e->made_contact) - continue; /* don't write this one to disk */ - *next = line = tor_malloc_zero(sizeof(config_line_t)); - line->key = tor_strdup("EntryGuard"); - base16_encode(dbuf, sizeof(dbuf), e->identity, DIGEST_LEN); - tor_asprintf(&line->value, "%s %s %sDirCache", e->nickname, dbuf, - e->is_dir_cache ? "" : "No"); - next = &(line->next); - if (e->unreachable_since) { - *next = line = tor_malloc_zero(sizeof(config_line_t)); - line->key = tor_strdup("EntryGuardDownSince"); - line->value = tor_malloc(ISO_TIME_LEN+1+ISO_TIME_LEN+1); - format_iso_time(line->value, e->unreachable_since); - if (e->last_attempted) { - line->value[ISO_TIME_LEN] = ' '; - format_iso_time(line->value+ISO_TIME_LEN+1, e->last_attempted); - } - next = &(line->next); - } - if (e->bad_since) { - *next = line = tor_malloc_zero(sizeof(config_line_t)); - line->key = tor_strdup("EntryGuardUnlistedSince"); - line->value = tor_malloc(ISO_TIME_LEN+1); - format_iso_time(line->value, e->bad_since); - next = &(line->next); - } - if (e->chosen_on_date && e->chosen_by_version && - !strchr(e->chosen_by_version, ' ')) { - char d[HEX_DIGEST_LEN+1]; - char t[ISO_TIME_LEN+1]; - *next = line = tor_malloc_zero(sizeof(config_line_t)); - line->key = tor_strdup("EntryGuardAddedBy"); - base16_encode(d, sizeof(d), e->identity, DIGEST_LEN); - format_iso_time(t, e->chosen_on_date); - tor_asprintf(&line->value, "%s %s %s", - d, e->chosen_by_version, t); - next = &(line->next); - } - if (e->pb.circ_attempts > 0) { - *next = line = tor_malloc_zero(sizeof(config_line_t)); - line->key = tor_strdup("EntryGuardPathBias"); - /* In the long run: circuit_success ~= successful_circuit_close + - * collapsed_circuits + - * unusable_circuits */ - tor_asprintf(&line->value, "%f %f %f %f %f %f", - e->pb.circ_attempts, e->pb.circ_successes, - pathbias_get_close_success_count(e), - e->pb.collapsed_circuits, - e->pb.unusable_circuits, e->pb.timeouts); - next = &(line->next); - } - if (e->pb.use_attempts > 0) { - *next = line = tor_malloc_zero(sizeof(config_line_t)); - line->key = tor_strdup("EntryGuardPathUseBias"); - - tor_asprintf(&line->value, "%f %f", - e->pb.use_attempts, - pathbias_get_use_success_count(e)); - next = &(line->next); - } - - } SMARTLIST_FOREACH_END(e); -#endif if (!get_options()->AvoidDiskWrites) or_state_mark_dirty(get_or_state(), 0); entry_guards_dirty = 0; } +/** + * Format a single entry guard in the format expected by the controller. + * Return a newly allocated string. + */ +STATIC char * +getinfo_helper_format_single_entry_guard(const entry_guard_t *e) +{ + const char *status = NULL; + time_t when = 0; + const node_t *node; + char tbuf[ISO_TIME_LEN+1]; + char nbuf[MAX_VERBOSE_NICKNAME_LEN+1]; + + /* This is going to be a bit tricky, since the status + * codes weren't really intended for prop271 guards. + * + * XXXX use a more appropriate format for exporting this information + */ + if (e->confirmed_idx < 0) { + status = "never-connected"; + } else if (! e->currently_listed) { + when = e->unlisted_since_date; + status = "unusable"; + } else if (! e->is_filtered_guard) { + status = "unusable"; + } else if (e->is_reachable == GUARD_REACHABLE_NO) { + when = e->failing_since; + status = "down"; + } else { + status = "up"; + } + + node = entry_guard_find_node(e); + if (node) { + node_get_verbose_nickname(node, nbuf); + } else { + nbuf[0] = '$'; + base16_encode(nbuf+1, sizeof(nbuf)-1, e->identity, DIGEST_LEN); + /* e->nickname field is not very reliable if we don't know about + * this router any longer; don't include it. */ + } + + char *result = NULL; + if (when) { + format_iso_time(tbuf, when); + tor_asprintf(&result, "%s %s %s\n", nbuf, status, tbuf); + } else { + tor_asprintf(&result, "%s %s\n", nbuf, status); + } + return result; +} + /** If <b>question</b> is the string "entry-guards", then dump * to *<b>answer</b> a newly allocated string describing all of * the nodes in the global entry_guards list. See control-spec.txt @@ -4763,63 +3149,25 @@ getinfo_helper_entry_guards(control_connection_t *conn, guard_selection_t *gs = get_guard_selection_info(); tor_assert(gs != NULL); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - tor_assert(gs->chosen_entry_guards != NULL); -#else - // XXXX - (void)question; - (void)answer; -#endif (void) conn; (void) errmsg; -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM if (!strcmp(question,"entry-guards") || !strcmp(question,"helper-nodes")) { + const smartlist_t *guards; + guards = gs->sampled_entry_guards; + smartlist_t *sl = smartlist_new(); - char tbuf[ISO_TIME_LEN+1]; - char nbuf[MAX_VERBOSE_NICKNAME_LEN+1]; - - SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, e) { - const char *status = NULL; - time_t when = 0; - const node_t *node; - - if (!e->made_contact) { - status = "never-connected"; - } else if (e->bad_since) { - when = e->bad_since; - status = "unusable"; - } else if (e->unreachable_since) { - when = e->unreachable_since; - status = "down"; - } else { - status = "up"; - } - - node = node_get_by_id(e->identity); - if (node) { - node_get_verbose_nickname(node, nbuf); - } else { - nbuf[0] = '$'; - base16_encode(nbuf+1, sizeof(nbuf)-1, e->identity, DIGEST_LEN); - /* e->nickname field is not very reliable if we don't know about - * this router any longer; don't include it. */ - } - - if (when) { - format_iso_time(tbuf, when); - smartlist_add_asprintf(sl, "%s %s %s\n", nbuf, status, tbuf); - } else { - smartlist_add_asprintf(sl, "%s %s\n", nbuf, status); - } + + SMARTLIST_FOREACH_BEGIN(guards, const entry_guard_t *, e) { + char *cp = getinfo_helper_format_single_entry_guard(e); + smartlist_add(sl, cp); } SMARTLIST_FOREACH_END(e); *answer = smartlist_join_strings(sl, "", 0, NULL); SMARTLIST_FOREACH(sl, char *, c, tor_free(c)); smartlist_free(sl); } -#endif return 0; } @@ -4858,107 +3206,6 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw, guardfraction_bw->non_guard_bw = orig_bandwidth - (int) guard_bw; } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -/** Returns true iff the node is used as a guard in the specified guard - * context */ -int -is_node_used_as_guard_for_guard_selection(guard_selection_t *gs, - const node_t *node) -{ - int res = 0; - - /* - * We used to have a using_as_guard flag in node_t, but it had to go away - * to allow for multiple guard selection contexts. Instead, search the - * guard list for a matching digest. - */ - - tor_assert(gs != NULL); - tor_assert(node != NULL); - - SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, e) { - if (tor_memeq(e->identity, node->identity, DIGEST_LEN)) { - res = 1; - break; - } - } SMARTLIST_FOREACH_END(e); - - return res; -} - -/** Returns true iff the node is used as a guard in the default guard - * context */ -MOCK_IMPL(int, -is_node_used_as_guard, (const node_t *node)) -{ - return is_node_used_as_guard_for_guard_selection( - get_guard_selection_info(), node); -} - -/** Return 1 if we have at least one descriptor for an entry guard - * (bridge or member of EntryNodes) and all descriptors we know are - * down. Else return 0. If <b>act</b> is 1, then mark the down guards - * up; else just observe and report. */ -static int -entries_retry_helper(const or_options_t *options, int act) -{ - const node_t *node; - int any_known = 0; - int any_running = 0; - int need_bridges = options->UseBridges != 0; - guard_selection_t *gs = get_guard_selection_info(); - - tor_assert(gs != NULL); - tor_assert(gs->chosen_entry_guards != NULL); - - SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, e) { - node = node_get_by_id(e->identity); - if (node && node_has_descriptor(node) && - node_is_bridge(node) == need_bridges && - (!need_bridges || (!e->bad_since && - node_is_a_configured_bridge(node)))) { - any_known = 1; - if (node->is_running) - any_running = 1; /* some entry is both known and running */ - else if (act) { - /* Mark all current connections to this OR as unhealthy, since - * otherwise there could be one that started 30 seconds - * ago, and in 30 seconds it will time out, causing us to mark - * the node down and undermine the retry attempt. We mark even - * the established conns, since if the network just came back - * we'll want to attach circuits to fresh conns. */ - channel_update_bad_for_new_circs(node->identity, 1); - - /* mark this entry node for retry */ - router_set_status(node->identity, 1); - e->can_retry = 1; - e->bad_since = 0; - } - } - } SMARTLIST_FOREACH_END(e); - log_debug(LD_DIR, "%d: any_known %d, any_running %d", - act, any_known, any_running); - return any_known && !any_running; -} - -/** Do we know any descriptors for our bridges / entrynodes, and are - * all the ones we have descriptors for down? */ -int -entries_known_but_down(const or_options_t *options) -{ - tor_assert(entry_list_is_constrained(options)); - return entries_retry_helper(options, 0); -} - -/** Mark all down known bridges / entrynodes up. */ -void -entries_retry_all(const or_options_t *options) -{ - tor_assert(entry_list_is_constrained(options)); - entries_retry_helper(options, 1); -} -#endif - /** Helper: Update the status of all entry guards, in whatever algorithm * is used. Return true if we should stop using all previously generated * circuits, by calling circuit_mark_all_unused_circs() and @@ -4973,16 +3220,8 @@ guards_update_all(void) tor_assert(curr_guard_context); - if (curr_guard_context->type == GS_TYPE_LEGACY) { -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - entry_guards_compute_status(get_options(), approx_time()); -#else - tor_assert_nonfatal_unreached(); -#endif - } else { - if (entry_guards_update_all(curr_guard_context)) - mark_circuits = 1; - } + if (entry_guards_update_all(curr_guard_context)) + mark_circuits = 1; return mark_circuits; } @@ -4993,66 +3232,75 @@ const node_t * guards_choose_guard(cpath_build_state_t *state, circuit_guard_state_t **guard_state_out) { - if (get_options()->UseDeprecatedGuardAlgorithm) { -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - return choose_random_entry(state); -#else - tor_assert_nonfatal_unreached(); - return NULL; -#endif - } else { - const node_t *r = NULL; - const uint8_t *exit_id = NULL; - entry_guard_restriction_t *rst = NULL; - // XXXX prop271 spec deviation -- use of restriction here. - if (state && (exit_id = build_state_get_exit_rsa_id(state))) { - /* We're building to a targeted exit node, so that node can't be - * chosen as our guard for this circuit. */ - rst = tor_malloc_zero(sizeof(entry_guard_restriction_t)); - memcpy(rst->exclude_id, exit_id, DIGEST_LEN); - } - if (entry_guard_pick_for_circuit(get_guard_selection_info(), - GUARD_USAGE_TRAFFIC, - rst, - &r, - guard_state_out) < 0) { - tor_assert(r == NULL); - } - return r; + const node_t *r = NULL; + const uint8_t *exit_id = NULL; + entry_guard_restriction_t *rst = NULL; + // XXXX prop271 spec deviation -- use of restriction here. + if (state && (exit_id = build_state_get_exit_rsa_id(state))) { + /* We're building to a targeted exit node, so that node can't be + * chosen as our guard for this circuit. */ + rst = tor_malloc_zero(sizeof(entry_guard_restriction_t)); + memcpy(rst->exclude_id, exit_id, DIGEST_LEN); + } + if (entry_guard_pick_for_circuit(get_guard_selection_info(), + GUARD_USAGE_TRAFFIC, + rst, + &r, + guard_state_out) < 0) { + tor_assert(r == NULL); } + return r; +} + +/** Remove all currently listed entry guards for a given guard selection + * context. This frees and replaces <b>gs</b>, so don't use <b>gs</b> + * after calling this function. */ +void +remove_all_entry_guards_for_guard_selection(guard_selection_t *gs) +{ + // This function shouldn't exist. XXXX + tor_assert(gs != NULL); + char *old_name = tor_strdup(gs->name); + guard_selection_type_t old_type = gs->type; + + SMARTLIST_FOREACH(gs->sampled_entry_guards, entry_guard_t *, entry, { + control_event_guard(entry->nickname, entry->identity, "DROPPED"); + }); + + if (gs == curr_guard_context) { + curr_guard_context = NULL; + } + + smartlist_remove(guard_contexts, gs); + guard_selection_free(gs); + + gs = get_guard_selection_by_name(old_name, old_type, 1); + entry_guards_changed_for_guard_selection(gs); + tor_free(old_name); +} + +/** Remove all currently listed entry guards. So new ones will be chosen. */ +void +remove_all_entry_guards(void) +{ + // XXXX prop271 this function shouldn't exist, in the new order. + // This function shouldn't exist. + remove_all_entry_guards_for_guard_selection(get_guard_selection_info()); } /** Helper: pick a directory guard, with whatever algorithm is used. */ const node_t * -guards_choose_dirguard(dirinfo_type_t info, - circuit_guard_state_t **guard_state_out) +guards_choose_dirguard(circuit_guard_state_t **guard_state_out) { - if (get_options()->UseDeprecatedGuardAlgorithm) { -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - return choose_random_dirguard(info); -#else - (void)info; - tor_assert_nonfatal_unreached(); - return NULL; -#endif - } else { - /* XXXX prop271 We don't need to look at the dirinfo_type_t here, - * apparently. If you look at the old implementation, and you follow info - * downwards through choose_random_dirguard(), into - * choose_random_entry_impl(), into populate_live_entry_guards()... you - * find out that it isn't even used, and hasn't been since 0.2.7.1-alpha, - * when we realized that every Tor on the network would support - * microdescriptors. -NM */ - const node_t *r = NULL; - if (entry_guard_pick_for_circuit(get_guard_selection_info(), - GUARD_USAGE_DIRGUARD, - NULL, - &r, - guard_state_out) < 0) { - tor_assert(r == NULL); - } - return r; + const node_t *r = NULL; + if (entry_guard_pick_for_circuit(get_guard_selection_info(), + GUARD_USAGE_DIRGUARD, + NULL, + &r, + guard_state_out) < 0) { + tor_assert(r == NULL); } + return r; } /** @@ -5065,15 +3313,6 @@ guards_retry_optimistic(const or_options_t *options) if (! entry_list_is_constrained(options)) return 0; -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - if (options->UseDeprecatedGuardAlgorithm) { - if (entries_known_but_down(options)) { - entries_retry_all(options); - return 1; - } - } -#endif - // XXXX prop271 -- is this correct? mark_primary_guards_maybe_reachable(get_guard_selection_info()); @@ -5088,15 +3327,6 @@ guard_selection_free(guard_selection_t *gs) tor_free(gs->name); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - if (gs->chosen_entry_guards) { - SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, e, - entry_guard_free(e)); - smartlist_free(gs->chosen_entry_guards); - gs->chosen_entry_guards = NULL; - } -#endif - if (gs->sampled_entry_guards) { SMARTLIST_FOREACH(gs->sampled_entry_guards, entry_guard_t *, e, entry_guard_free(e)); diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index db84d594c2..bd501d001f 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -28,11 +28,6 @@ typedef struct circuit_guard_state_t circuit_guard_state_t; private. */ typedef struct entry_guard_restriction_t entry_guard_restriction_t; -/* - XXXX Prop271 undefine this in order to disable all legacy guard functions. -*/ -// #define ENABLE_LEGACY_GUARD_ALGORITHM - /* Information about a guard's pathbias status. * These fields are used in circpathbias.c to try to detect entry * nodes that are failing circuits at a suspicious frequency. @@ -175,41 +170,11 @@ struct entry_guard_t { * we saw them in the state, even if we don't understand them. */ char *extra_state_fields; - /** Backpointer to the guard selection that this guard belongs to. */ + /** Backpointer to the guard selection that this guard belongs to. + * The entry_guard_t must never outlive its guard_selection. */ guard_selection_t *in_selection; /**@}*/ -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - /** - * @name legacy guard selection algorithm fields - * - * These are used and maintained by the legacy (pre-prop271) entry guard - * algorithm. Most of them we will remove as prop271 gets implemented. - * The rest we'll migrate over, if they are 100% semantically identical to - * their prop271 equivalents. XXXXprop271 - */ - /**@{*/ - time_t chosen_on_date; /**< Approximately when was this guard added? - * "0" if we don't know. */ - char *chosen_by_version; /**< What tor version added this guard? NULL - * if we don't know. */ - unsigned int made_contact : 1; /**< 0 if we have never connected to this - * router, 1 if we have. */ - unsigned int can_retry : 1; /**< Should we retry connecting to this entry, - * in spite of having it marked as unreachable?*/ - unsigned int is_dir_cache : 1; /**< Is this node a directory cache? */ - time_t bad_since; /**< 0 if this guard is currently usable, or the time at - * which it was observed to become (according to the - * directory or the user configuration) unusable. */ - time_t unreachable_since; /**< 0 if we can connect to this guard, or the - * time at which we first noticed we couldn't - * connect to it. */ - time_t last_attempted; /**< 0 if we can connect to this guard, or the time - * at which we last failed to connect to it. */ - - /**}@*/ -#endif - /** Path bias information for this guard. */ guard_pathbias_t pb; }; @@ -230,8 +195,6 @@ typedef enum guard_selection_type_t { /** Use the normal guard selection algorithm, taking our sample from the * set of filtered nodes. */ GS_TYPE_RESTRICTED, - /** Use the legacy (pre-prop271) guard selection algorithm and fields */ - GS_TYPE_LEGACY, } guard_selection_type_t; /** @@ -305,20 +268,6 @@ struct guard_selection_s { * confirmed_entry_guards receive? */ int next_confirmed_idx; -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - /** - * A list of our chosen entry guards, as entry_guard_t structures; this - * preserves the pre-Prop271 behavior. - */ - smartlist_t *chosen_entry_guards; - - /** - * When we try to choose an entry guard, should we parse and add - * config's EntryNodes first? This was formerly a global. This - * preserves the pre-Prop271 behavior. - */ - int should_add_entry_nodes; -#endif }; struct entry_guard_handle_t; @@ -366,8 +315,7 @@ struct circuit_guard_state_t { int guards_update_all(void); const node_t *guards_choose_guard(cpath_build_state_t *state, circuit_guard_state_t **guard_state_out); -const node_t *guards_choose_dirguard(dirinfo_type_t info, - circuit_guard_state_t **guard_state_out); +const node_t *guards_choose_dirguard(circuit_guard_state_t **guard_state_out); #if 1 /* XXXX NM I would prefer that all of this stuff be private to @@ -378,11 +326,6 @@ entry_guard_t *entry_guard_get_by_id_digest(const char *digest); void entry_guards_changed_for_guard_selection(guard_selection_t *gs); void entry_guards_changed(void); guard_selection_t * get_guard_selection_info(void); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -const smartlist_t *get_entry_guards_for_guard_selection( - guard_selection_t *gs); -const smartlist_t *get_entry_guards(void); -#endif int num_live_entry_guards_for_guard_selection( guard_selection_t *gs, int for_directory); @@ -390,9 +333,6 @@ int num_live_entry_guards(int for_directory); #endif const node_t *entry_guard_find_node(const entry_guard_t *guard); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -void entry_guard_mark_bad(entry_guard_t *guard); -#endif const char *entry_guard_get_rsa_id_digest(const entry_guard_t *guard); const char *entry_guard_describe(const entry_guard_t *guard); guard_pathbias_t *entry_guard_get_pathbias_state(entry_guard_t *guard); @@ -432,10 +372,6 @@ void entry_guards_note_internet_connectivity(guard_selection_t *gs); int update_guard_selection_choice(const or_options_t *options); /* Used by bridges.c only. */ -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -void add_bridge_as_entry_guard(guard_selection_t *gs, - const node_t *chosen); -#endif int num_bridges_usable(void); #ifdef ENTRYNODES_PRIVATE @@ -610,69 +546,17 @@ STATIC unsigned entry_guards_note_guard_success(guard_selection_t *gs, entry_guard_t *guard, unsigned old_state); STATIC int entry_guard_has_higher_priority(entry_guard_t *a, entry_guard_t *b); - -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -// ---------- XXXX this stuff is pre-prop271. - -STATIC const node_t *add_an_entry_guard(guard_selection_t *gs, - const node_t *chosen, - int reset_status, int prepend, - int for_discovery, int for_directory); -STATIC int populate_live_entry_guards(smartlist_t *live_entry_guards, - const smartlist_t *all_entry_guards, - const node_t *chosen_exit, - dirinfo_type_t dirinfo_type, - int for_directory, - int need_uptime, int need_capacity); -STATIC int decide_num_guards(const or_options_t *options, int for_directory); - -STATIC void entry_guards_set_from_config(guard_selection_t *gs, - const or_options_t *options); - -/** Flags to be passed to entry_is_live() to indicate what kind of - * entry nodes we are looking for. */ -typedef enum { - ENTRY_NEED_UPTIME = 1<<0, - ENTRY_NEED_CAPACITY = 1<<1, - ENTRY_ASSUME_REACHABLE = 1<<2, - ENTRY_NEED_DESCRIPTOR = 1<<3, -} entry_is_live_flags_t; - -STATIC const node_t *entry_is_live(const entry_guard_t *e, - entry_is_live_flags_t flags, - const char **msg); - -STATIC int entry_is_time_to_retry(const entry_guard_t *e, time_t now); +STATIC char *getinfo_helper_format_single_entry_guard(const entry_guard_t *e); #endif -#endif - -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM void remove_all_entry_guards_for_guard_selection(guard_selection_t *gs); void remove_all_entry_guards(void); -#endif struct bridge_info_t; void entry_guard_learned_bridge_identity(const tor_addr_port_t *addrport, const uint8_t *rsa_id_digest); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -void entry_guards_compute_status_for_guard_selection( - guard_selection_t *gs, const or_options_t *options, time_t now); -void entry_guards_compute_status(const or_options_t *options, time_t now); -int entry_guard_register_connect_status_for_guard_selection( - guard_selection_t *gs, const char *digest, int succeeded, - int mark_relay_status, time_t now); -int entry_guard_register_connect_status(const char *digest, int succeeded, - int mark_relay_status, time_t now); -void entry_nodes_should_be_added_for_guard_selection(guard_selection_t *gs); -void entry_nodes_should_be_added(void); -#endif int entry_list_is_constrained(const or_options_t *options); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -const node_t *choose_random_entry(cpath_build_state_t *state); -const node_t *choose_random_dirguard(dirinfo_type_t t); -#endif int guards_retry_optimistic(const or_options_t *options); int entry_guards_parse_state_for_guard_selection( guard_selection_t *gs, or_state_t *state, int set, char **msg); @@ -681,11 +565,6 @@ void entry_guards_update_state(or_state_t *state); int getinfo_helper_entry_guards(control_connection_t *conn, const char *question, char **answer, const char **errmsg); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -int is_node_used_as_guard_for_guard_selection(guard_selection_t *gs, - const node_t *node); -MOCK_DECL(int, is_node_used_as_guard, (const node_t *node)); -#endif int entries_known_but_down(const or_options_t *options); void entries_retry_all(const or_options_t *options); diff --git a/src/or/hs_cache.c b/src/or/hs_cache.c index b7ff979e5b..43cd8c3258 100644 --- a/src/or/hs_cache.c +++ b/src/or/hs_cache.c @@ -15,6 +15,7 @@ #include "config.h" #include "hs_common.h" #include "hs_descriptor.h" +#include "networkstatus.h" #include "rendcache.h" /* Directory descriptor cache. Map indexed by blinded key. */ @@ -86,7 +87,7 @@ cache_dir_desc_new(const char *desc) } /* The blinded pubkey is the indexed key. */ - dir_desc->key = dir_desc->plaintext_data->blinded_kp.pubkey.pubkey; + dir_desc->key = dir_desc->plaintext_data->blinded_pubkey.pubkey; dir_desc->created_ts = time(NULL); return dir_desc; @@ -366,6 +367,18 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes) return bytes_removed; } +/** + * Return the maximum size of an HS descriptor we are willing to accept as an + * HSDir. + */ +unsigned int +hs_cache_get_max_descriptor_size(void) +{ + return (unsigned) networkstatus_get_param(NULL, + "HSV3MaxDescriptorSize", + HS_DESC_MAX_LEN, 1, INT32_MAX); +} + /* Initialize the hidden service cache subsystem. */ void hs_cache_init(void) diff --git a/src/or/hs_cache.h b/src/or/hs_cache.h index 01abb8002f..ba95e73338 100644 --- a/src/or/hs_cache.h +++ b/src/or/hs_cache.h @@ -44,6 +44,8 @@ void hs_cache_free_all(void); void hs_cache_clean_as_dir(time_t now); size_t hs_cache_handle_oom(time_t now, size_t min_remove_bytes); +unsigned int hs_cache_get_max_descriptor_size(void); + /* Store and Lookup function. They are version agnostic that is depending on * the requested version of the descriptor, it will be re-routed to the * right function. */ diff --git a/src/or/hs_common.c b/src/or/hs_common.c index 7dd97e7c7c..de96946ab5 100644 --- a/src/or/hs_common.c +++ b/src/or/hs_common.c @@ -268,17 +268,3 @@ rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out) } } -/* Return true iff the Onion Services protocol version 3 is enabled. This only - * considers the consensus parameter. If the parameter is not found, the - * default is that it's enabled. */ -int -hs_v3_protocol_is_enabled(void) -{ - /* This consensus param controls if the the onion services version 3 is - * enabled or not which is the first version of the next generation - * (proposal 224). If this option is set to 0, the tor daemon won't support - * the protocol as either a relay, directory, service or client. By default, - * it's enabled if the parameter is not found. */ - return networkstatus_get_param(NULL, "EnableOnionServicesV3", 1, 0, 1); -} - diff --git a/src/or/hs_common.h b/src/or/hs_common.h index 8158d278df..e0ab510ea4 100644 --- a/src/or/hs_common.h +++ b/src/or/hs_common.h @@ -39,7 +39,5 @@ const char *rend_data_get_desc_id(const rend_data_t *rend_data, const uint8_t *rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out); -int hs_v3_protocol_is_enabled(void); - #endif /* TOR_HS_COMMON_H */ diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c index 37aa1d745e..f16a2fdc14 100644 --- a/src/or/hs_descriptor.c +++ b/src/or/hs_descriptor.c @@ -15,13 +15,14 @@ #include "ed25519_cert.h" /* Trunnel interface. */ #include "parsecommon.h" #include "rendcache.h" +#include "hs_cache.h" #include "torcert.h" /* tor_cert_encode_ed22519() */ /* Constant string value used for the descriptor format. */ #define str_hs_desc "hs-descriptor" #define str_desc_cert "descriptor-signing-key-cert" #define str_rev_counter "revision-counter" -#define str_encrypted "encrypted" +#define str_superencrypted "superencrypted" #define str_signature "signature" #define str_lifetime "descriptor-lifetime" /* Constant string value for the encrypted part of the descriptor. */ @@ -35,7 +36,7 @@ #define str_intro_point_start "\n" str_intro_point " " /* Constant string value for the construction to encrypt the encrypted data * section. */ -#define str_enc_hsdir_data "hsdir-encrypted-data" +#define str_enc_hsdir_data "hsdir-superencrypted-data" /* Prefix required to compute/verify HS desc signatures */ #define str_desc_sig_prefix "Tor onion service descriptor sig v3" @@ -56,7 +57,7 @@ static token_rule_t hs_desc_v3_token_table[] = { T1(str_lifetime, R3_DESC_LIFETIME, EQ(1), NO_OBJ), T1(str_desc_cert, R3_DESC_SIGNING_CERT, NO_ARGS, NEED_OBJ), T1(str_rev_counter, R3_REVISION_COUNTER, EQ(1), NO_OBJ), - T1(str_encrypted, R3_ENCRYPTED, NO_ARGS, NEED_OBJ), + T1(str_superencrypted, R3_SUPERENCRYPTED, NO_ARGS, NEED_OBJ), T1_END(str_signature, R3_SIGNATURE, EQ(1), NO_OBJ), END_OF_TABLE }; @@ -219,7 +220,7 @@ encode_link_specifiers(const smartlist_t *specs) /* Encode an introduction point encryption key and return a newly allocated * string with it. On failure, return NULL. */ static char * -encode_enc_key(const ed25519_keypair_t *sig_key, +encode_enc_key(const ed25519_public_key_t *sig_key, const hs_desc_intro_point_t *ip) { char *encoded = NULL; @@ -237,8 +238,7 @@ encode_enc_key(const ed25519_keypair_t *sig_key, uint8_t *cert_data = NULL; /* Create cross certification cert. */ - cert_len = tor_make_rsa_ed25519_crosscert(&sig_key->pubkey, - ip->enc_key.legacy, + cert_len = tor_make_rsa_ed25519_crosscert(sig_key, ip->enc_key.legacy, now + HS_DESC_CERT_LIFETIME, &cert_data); if (cert_len < 0) { @@ -282,7 +282,7 @@ encode_enc_key(const ed25519_keypair_t *sig_key, } tor_cert_t *cross_cert = tor_cert_create(&curve_kp, CERT_TYPE_CROSS_HS_IP_KEYS, - &sig_key->pubkey, now, + sig_key, now, HS_DESC_CERT_LIFETIME, CERT_FLAG_INCLUDE_SIGNING_KEY); memwipe(&curve_kp, 0, sizeof(curve_kp)); @@ -318,7 +318,7 @@ encode_enc_key(const ed25519_keypair_t *sig_key, /* Encode an introduction point object and return a newly allocated string * with it. On failure, return NULL. */ static char * -encode_intro_point(const ed25519_keypair_t *sig_key, +encode_intro_point(const ed25519_public_key_t *sig_key, const hs_desc_intro_point_t *ip) { char *encoded_ip = NULL; @@ -377,9 +377,9 @@ build_secret_input(const hs_descriptor_t *desc, uint8_t *dst, size_t dstlen) /* XXX use the destination length as the memcpy length */ /* Copy blinded public key. */ - memcpy(dst, desc->plaintext_data.blinded_kp.pubkey.pubkey, - sizeof(desc->plaintext_data.blinded_kp.pubkey.pubkey)); - offset += sizeof(desc->plaintext_data.blinded_kp.pubkey.pubkey); + memcpy(dst, desc->plaintext_data.blinded_pubkey.pubkey, + sizeof(desc->plaintext_data.blinded_pubkey.pubkey)); + offset += sizeof(desc->plaintext_data.blinded_pubkey.pubkey); /* Copy subcredential. */ memcpy(dst + offset, desc->subcredential, sizeof(desc->subcredential)); offset += sizeof(desc->subcredential); @@ -541,8 +541,9 @@ build_encrypted(const uint8_t *key, const uint8_t *iv, const char *plaintext, tor_assert(plaintext); tor_assert(encrypted_out); - /* This creates a cipher for AES128. It can't fail. */ - cipher = crypto_cipher_new_with_iv((const char *) key, (const char *) iv); + /* This creates a cipher for AES. It can't fail. */ + cipher = crypto_cipher_new_with_iv_and_bits(key, iv, + HS_DESC_ENCRYPTED_BIT_SIZE); /* This can't fail. */ encrypted_len = build_plaintext_padding(plaintext, plaintext_len, &padded_plaintext); @@ -573,7 +574,7 @@ encrypt_descriptor_data(const hs_descriptor_t *desc, const char *plaintext, size_t encrypted_len, final_blob_len, offset = 0; uint8_t *encrypted; uint8_t salt[HS_DESC_ENCRYPTED_SALT_LEN]; - uint8_t secret_key[CIPHER_KEY_LEN], secret_iv[CIPHER_IV_LEN]; + uint8_t secret_key[HS_DESC_ENCRYPTED_KEY_LEN], secret_iv[CIPHER_IV_LEN]; uint8_t mac_key[DIGEST256_LEN], mac[DIGEST256_LEN]; tor_assert(desc); @@ -665,7 +666,7 @@ encode_encrypted_data(const hs_descriptor_t *desc, /* Build the introduction point(s) section. */ SMARTLIST_FOREACH_BEGIN(desc->encrypted_data.intro_points, const hs_desc_intro_point_t *, ip) { - char *encoded_ip = encode_intro_point(&desc->plaintext_data.signing_kp, + char *encoded_ip = encode_intro_point(&desc->plaintext_data.signing_pubkey, ip); if (encoded_ip == NULL) { log_err(LD_BUG, "HS desc intro point is malformed."); @@ -710,7 +711,8 @@ encode_encrypted_data(const hs_descriptor_t *desc, * newly allocated string of the encoded descriptor. On error, -1 is returned * and encoded_out is untouched. */ static int -desc_encode_v3(const hs_descriptor_t *desc, char **encoded_out) +desc_encode_v3(const hs_descriptor_t *desc, + const ed25519_keypair_t *signing_kp, char **encoded_out) { int ret = -1; char *encoded_str = NULL; @@ -718,6 +720,7 @@ desc_encode_v3(const hs_descriptor_t *desc, char **encoded_out) smartlist_t *lines = smartlist_new(); tor_assert(desc); + tor_assert(signing_kp); tor_assert(encoded_out); tor_assert(desc->plaintext_data.version == 3); @@ -732,7 +735,7 @@ desc_encode_v3(const hs_descriptor_t *desc, char **encoded_out) goto err; } if (tor_cert_encode_ed22519(desc->plaintext_data.signing_key_cert, - &encoded_cert) < 0) { + &encoded_cert) < 0) { /* The function will print error logs. */ goto err; } @@ -750,7 +753,7 @@ desc_encode_v3(const hs_descriptor_t *desc, char **encoded_out) desc->plaintext_data.revision_counter); } - /* Build the encrypted data section. */ + /* Build the superencrypted data section. */ { char *enc_b64_blob=NULL; if (encode_encrypted_data(desc, &enc_b64_blob) < 0) { @@ -761,7 +764,7 @@ desc_encode_v3(const hs_descriptor_t *desc, char **encoded_out) "-----BEGIN MESSAGE-----\n" "%s" "-----END MESSAGE-----", - str_encrypted, enc_b64_blob); + str_superencrypted, enc_b64_blob); tor_free(enc_b64_blob); } @@ -775,8 +778,7 @@ desc_encode_v3(const hs_descriptor_t *desc, char **encoded_out) char ed_sig_b64[ED25519_SIG_BASE64_LEN + 1]; if (ed25519_sign_prefixed(&sig, (const uint8_t *) encoded_str, encoded_len, - str_desc_sig_prefix, - &desc->plaintext_data.signing_kp) < 0) { + str_desc_sig_prefix, signing_kp) < 0) { log_warn(LD_BUG, "Can't sign encoded HS descriptor!"); tor_free(encoded_str); goto err; @@ -1058,7 +1060,7 @@ static size_t desc_decrypt_data_v3(const hs_descriptor_t *desc, char **decrypted_out) { uint8_t *decrypted = NULL; - uint8_t secret_key[CIPHER_KEY_LEN], secret_iv[CIPHER_IV_LEN]; + uint8_t secret_key[HS_DESC_ENCRYPTED_KEY_LEN], secret_iv[CIPHER_IV_LEN]; uint8_t mac_key[DIGEST256_LEN], our_mac[DIGEST256_LEN]; const uint8_t *salt, *encrypted, *desc_mac; size_t encrypted_len, result_len = 0; @@ -1118,8 +1120,9 @@ desc_decrypt_data_v3(const hs_descriptor_t *desc, char **decrypted_out) /* Decrypt. Here we are assured that the encrypted length is valid for * decryption. */ crypto_cipher_t *cipher; - cipher = crypto_cipher_new_with_iv((const char *) secret_key, - (const char *) secret_iv); + + cipher = crypto_cipher_new_with_iv_and_bits(secret_key, secret_iv, + HS_DESC_ENCRYPTED_BIT_SIZE); /* Extra byte for the NUL terminated byte. */ decrypted = tor_malloc_zero(encrypted_len + 1); crypto_cipher_decrypt(cipher, (char *) decrypted, @@ -1365,7 +1368,8 @@ decode_intro_points(const hs_descriptor_t *desc, /* Return 1 iff the given base64 encoded signature in b64_sig from the encoded * descriptor in encoded_desc validates the descriptor content. */ STATIC int -desc_sig_is_valid(const char *b64_sig, const ed25519_keypair_t *signing_kp, +desc_sig_is_valid(const char *b64_sig, + const ed25519_public_key_t *signing_pubkey, const char *encoded_desc, size_t encoded_len) { int ret = 0; @@ -1373,7 +1377,7 @@ desc_sig_is_valid(const char *b64_sig, const ed25519_keypair_t *signing_kp, const char *sig_start; tor_assert(b64_sig); - tor_assert(signing_kp); + tor_assert(signing_pubkey); tor_assert(encoded_desc); /* Verifying nothing won't end well :). */ tor_assert(encoded_len > 0); @@ -1408,7 +1412,7 @@ desc_sig_is_valid(const char *b64_sig, const ed25519_keypair_t *signing_kp, (const uint8_t *) encoded_desc, sig_start - encoded_desc, str_desc_sig_prefix, - &signing_kp->pubkey) != 0) { + signing_pubkey) != 0) { log_warn(LD_REND, "Invalid signature on service descriptor"); goto err; } @@ -1474,10 +1478,10 @@ desc_decode_plaintext_v3(smartlist_t *tokens, goto err; } - /* Copy the public keys into signing_kp and blinded_kp */ - memcpy(&desc->signing_kp.pubkey, &desc->signing_key_cert->signed_key, + /* Copy the public keys into signing_pubkey and blinded_pubkey */ + memcpy(&desc->signing_pubkey, &desc->signing_key_cert->signed_key, sizeof(ed25519_public_key_t)); - memcpy(&desc->blinded_kp.pubkey, &desc->signing_key_cert->signing_key, + memcpy(&desc->blinded_pubkey, &desc->signing_key_cert->signing_key, sizeof(ed25519_public_key_t)); /* Extract revision counter value. */ @@ -1491,7 +1495,7 @@ desc_decode_plaintext_v3(smartlist_t *tokens, } /* Extract the encrypted data section. */ - tok = find_by_keyword(tokens, R3_ENCRYPTED); + tok = find_by_keyword(tokens, R3_SUPERENCRYPTED); tor_assert(tok->object_body); if (strcmp(tok->object_type, "MESSAGE") != 0) { log_warn(LD_REND, "Service descriptor encrypted data section is invalid"); @@ -1511,7 +1515,7 @@ desc_decode_plaintext_v3(smartlist_t *tokens, tok = find_by_keyword(tokens, R3_SIGNATURE); tor_assert(tok->n_args == 1); /* First arg here is the actual encoded signature. */ - if (!desc_sig_is_valid(tok->args[0], &desc->signing_kp, + if (!desc_sig_is_valid(tok->args[0], &desc->signing_pubkey, encoded_desc, encoded_len)) { goto err; } @@ -1700,8 +1704,9 @@ hs_desc_decode_plaintext(const char *encoded, tor_assert(encoded); tor_assert(plaintext); + /* Check that descriptor is within size limits. */ encoded_len = strlen(encoded); - if (encoded_len >= HS_DESC_MAX_LEN) { + if (encoded_len >= hs_cache_get_max_descriptor_size()) { log_warn(LD_REND, "Service descriptor is too big (%lu bytes)", (unsigned long) encoded_len); goto err; @@ -1806,41 +1811,46 @@ hs_desc_decode_descriptor(const char *encoded, return ret; } -/* Table of encode function version specific. The function are indexed by the +/* Table of encode function version specific. The functions are indexed by the * version number so v3 callback is at index 3 in the array. */ static int (*encode_handlers[])( const hs_descriptor_t *desc, + const ed25519_keypair_t *signing_kp, char **encoded_out) = { /* v0 */ NULL, /* v1 */ NULL, /* v2 */ NULL, desc_encode_v3, }; -/* Encode the given descriptor desc. On success, encoded_out points to a newly - * allocated NUL terminated string that contains the encoded descriptor as a - * string. +/* Encode the given descriptor desc including signing with the given key pair + * signing_kp. On success, encoded_out points to a newly allocated NUL + * terminated string that contains the encoded descriptor as a string. * * Return 0 on success and encoded_out is a valid pointer. On error, -1 is * returned and encoded_out is set to NULL. */ int -hs_desc_encode_descriptor(const hs_descriptor_t *desc, char **encoded_out) +hs_desc_encode_descriptor(const hs_descriptor_t *desc, + const ed25519_keypair_t *signing_kp, + char **encoded_out) { int ret = -1; + uint32_t version; tor_assert(desc); tor_assert(encoded_out); /* Make sure we support the version of the descriptor format. */ - if (!hs_desc_is_supported_version(desc->plaintext_data.version)) { + version = desc->plaintext_data.version; + if (!hs_desc_is_supported_version(version)) { goto err; } /* Extra precaution. Having no handler for the supported version should * never happened else we forgot to add it but we bumped the version. */ - tor_assert(ARRAY_LENGTH(encode_handlers) >= desc->plaintext_data.version); - tor_assert(encode_handlers[desc->plaintext_data.version]); + tor_assert(ARRAY_LENGTH(encode_handlers) >= version); + tor_assert(encode_handlers[version]); - ret = encode_handlers[desc->plaintext_data.version](desc, encoded_out); + ret = encode_handlers[version](desc, signing_kp, encoded_out); if (ret < 0) { goto err; } diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h index 083d353860..b520d24471 100644 --- a/src/or/hs_descriptor.h +++ b/src/or/hs_descriptor.h @@ -40,7 +40,7 @@ /* Length of the KDF output value which is the length of the secret key, * the secret IV and MAC key length which is the length of H() output. */ #define HS_DESC_ENCRYPTED_KDF_OUTPUT_LEN \ - CIPHER_KEY_LEN + CIPHER_IV_LEN + DIGEST256_LEN + CIPHER256_KEY_LEN + CIPHER_IV_LEN + DIGEST256_LEN /* We need to pad the plaintext version of the encrypted data section before * encryption and it has to be a multiple of this value. */ #define HS_DESC_PLAINTEXT_PADDING_MULTIPLE 128 @@ -54,12 +54,18 @@ HS_DESC_ENCRYPTED_SALT_LEN + \ HS_DESC_PLAINTEXT_PADDING_MULTIPLE + DIGEST256_LEN /* Maximum length in bytes of a full hidden service descriptor. */ -#define HS_DESC_MAX_LEN 32768 // XXX justify +#define HS_DESC_MAX_LEN 50000 /* 50kb max size */ /* The minimum amount of fields a descriptor should contain. The parsing of * the fields are version specific so the only required field, as a generic * view of a descriptor, is 1 that is the version field. */ #define HS_DESC_PLAINTEXT_MIN_FIELDS 1 +/* Key length for the descriptor symmetric encryption. As specified in the + * protocol, we use AES-256 for the encrypted section of the descriptor. The + * following is the length in bytes and the bit size. */ +#define HS_DESC_ENCRYPTED_KEY_LEN CIPHER256_KEY_LEN +#define HS_DESC_ENCRYPTED_BIT_SIZE (HS_DESC_ENCRYPTED_KEY_LEN * 8) + /* Type of authentication in the descriptor. */ typedef enum { HS_DESC_AUTH_PASSWORD = 1, @@ -148,13 +154,13 @@ typedef struct hs_desc_plaintext_data_t { * replica which is signed by the blinded public key for that replica. */ tor_cert_t *signing_key_cert; - /* Signing keypair which is used to sign the descriptor. Same public key + /* Signing public key which is used to sign the descriptor. Same public key * as in the signing key certificate. */ - ed25519_keypair_t signing_kp; + ed25519_public_key_t signing_pubkey; - /* Blinded keypair used for this descriptor derived from the master + /* Blinded public key used for this descriptor derived from the master * identity key and generated for a specific replica number. */ - ed25519_keypair_t blinded_kp; + ed25519_public_key_t blinded_pubkey; /* Revision counter is incremented at each upload, regardless of whether * the descriptor has changed. This avoids leaking whether the descriptor @@ -201,6 +207,7 @@ void hs_desc_plaintext_data_free(hs_desc_plaintext_data_t *desc); void hs_desc_encrypted_data_free(hs_desc_encrypted_data_t *desc); int hs_desc_encode_descriptor(const hs_descriptor_t *desc, + const ed25519_keypair_t *signing_kp, char **encoded_out); int hs_desc_decode_descriptor(const char *encoded, @@ -232,7 +239,7 @@ STATIC int encrypted_data_length_is_valid(size_t len); STATIC int cert_is_valid(tor_cert_t *cert, uint8_t type, const char *log_obj_type); STATIC int desc_sig_is_valid(const char *b64_sig, - const ed25519_keypair_t *signing_kp, + const ed25519_public_key_t *signing_pubkey, const char *encoded_desc, size_t encoded_len); STATIC void desc_intro_point_free(hs_desc_intro_point_t *ip); #endif /* HS_DESCRIPTOR_PRIVATE */ diff --git a/src/or/hs_intropoint.c b/src/or/hs_intropoint.c index bfc7ec3876..db4ba7982a 100644 --- a/src/or/hs_intropoint.c +++ b/src/or/hs_intropoint.c @@ -9,6 +9,7 @@ #define HS_INTROPOINT_PRIVATE #include "or.h" +#include "config.h" #include "circuitlist.h" #include "circuituse.h" #include "config.h" @@ -16,27 +17,52 @@ #include "rendmid.h" #include "rephist.h" -#include "hs/cell_establish_intro.h" +/* Trunnel */ +#include "ed25519_cert.h" #include "hs/cell_common.h" +#include "hs/cell_establish_intro.h" +#include "hs/cell_introduce1.h" + #include "hs_circuitmap.h" #include "hs_intropoint.h" #include "hs_common.h" -/** Extract the authentication key from an ESTABLISH_INTRO <b>cell</b> and - * place it in <b>auth_key_out</b>. */ +/** Extract the authentication key from an ESTABLISH_INTRO or INTRODUCE1 using + * the given <b>cell_type</b> from <b>cell</b> and place it in + * <b>auth_key_out</b>. */ STATIC void -get_auth_key_from_establish_intro_cell(ed25519_public_key_t *auth_key_out, - const hs_cell_establish_intro_t *cell) +get_auth_key_from_cell(ed25519_public_key_t *auth_key_out, + unsigned int cell_type, const void *cell) { + size_t auth_key_len; + const uint8_t *key_array; + tor_assert(auth_key_out); + tor_assert(cell); - const uint8_t *key_array = - hs_cell_establish_intro_getconstarray_auth_key(cell); + switch (cell_type) { + case RELAY_COMMAND_ESTABLISH_INTRO: + { + const hs_cell_establish_intro_t *c_cell = cell; + key_array = hs_cell_establish_intro_getconstarray_auth_key(c_cell); + auth_key_len = hs_cell_establish_intro_getlen_auth_key(c_cell); + break; + } + case RELAY_COMMAND_INTRODUCE1: + { + const hs_cell_introduce1_t *c_cell = cell; + key_array = hs_cell_introduce1_getconstarray_auth_key(cell); + auth_key_len = hs_cell_introduce1_getlen_auth_key(c_cell); + break; + } + default: + /* Getting here is really bad as it means we got a unknown cell type from + * this file where every call has an hardcoded value. */ + tor_assert(0); /* LCOV_EXCL_LINE */ + } tor_assert(key_array); - tor_assert(hs_cell_establish_intro_getlen_auth_key(cell) == - sizeof(auth_key_out->pubkey)); - - memcpy(auth_key_out->pubkey, key_array, cell->auth_key_len); + tor_assert(auth_key_len == sizeof(auth_key_out->pubkey)); + memcpy(auth_key_out->pubkey, key_array, auth_key_len); } /** We received an ESTABLISH_INTRO <b>cell</b>. Verify its signature and MAC, @@ -70,7 +96,11 @@ verify_establish_intro_cell(const hs_cell_establish_intro_t *cell, ed25519_signature_t sig_struct; const uint8_t *sig_array = hs_cell_establish_intro_getconstarray_sig(cell); - if (hs_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig)) { + /* Make sure the signature length is of the right size. For EXTRA safety, + * we check both the size of the array and the length which must be the + * same. Safety first!*/ + if (hs_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) || + hs_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "ESTABLISH_INTRO sig len is invalid"); return -1; @@ -79,11 +109,11 @@ verify_establish_intro_cell(const hs_cell_establish_intro_t *cell, memcpy(sig_struct.sig, sig_array, cell->sig_len); ed25519_public_key_t auth_key; - get_auth_key_from_establish_intro_cell(&auth_key, cell); + get_auth_key_from_cell(&auth_key, RELAY_COMMAND_ESTABLISH_INTRO, cell); const size_t sig_msg_len = cell->end_sig_fields - msg; int sig_mismatch = ed25519_checksig_prefixed(&sig_struct, - (uint8_t*) msg, sig_msg_len, + msg, sig_msg_len, ESTABLISH_INTRO_SIG_PREFIX, &auth_key); if (sig_mismatch) { @@ -154,7 +184,8 @@ handle_verified_establish_intro_cell(or_circuit_t *circ, { /* Get the auth key of this intro point */ ed25519_public_key_t auth_key; - get_auth_key_from_establish_intro_cell(&auth_key, parsed_cell); + get_auth_key_from_cell(&auth_key, RELAY_COMMAND_ESTABLISH_INTRO, + parsed_cell); /* Then notify the hidden service that the intro point is established by sending an INTRO_ESTABLISHED cell */ @@ -188,7 +219,7 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request, circ->p_circ_id); /* Check that the circuit is in shape to become an intro point */ - if (!hs_intro_circuit_is_suitable(circ)) { + if (!hs_intro_circuit_is_suitable_for_establish_intro(circ)) { goto err; } @@ -232,26 +263,38 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request, return retval; } -/* Return True if circuit is suitable for becoming an intro circuit. */ -int -hs_intro_circuit_is_suitable(const or_circuit_t *circ) +/* Return True if circuit is suitable for being an intro circuit. */ +static int +circuit_is_suitable_intro_point(const or_circuit_t *circ, + const char *log_cell_type_str) { + tor_assert(circ); + tor_assert(log_cell_type_str); + /* Basic circuit state sanity checks. */ if (circ->base_.purpose != CIRCUIT_PURPOSE_OR) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Rejecting ESTABLISH_INTRO on non-OR circuit."); + "Rejecting %s on non-OR circuit.", log_cell_type_str); return 0; } if (circ->base_.n_chan) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Rejecting ESTABLISH_INTRO on non-edge circuit."); + "Rejecting %s on non-edge circuit.", log_cell_type_str); return 0; } + /* Suitable. */ return 1; } +/* Return True if circuit is suitable for being service-side intro circuit. */ +int +hs_intro_circuit_is_suitable_for_establish_intro(const or_circuit_t *circ) +{ + return circuit_is_suitable_intro_point(circ, "ESTABLISH_INTRO"); +} + /* We just received an ESTABLISH_INTRO cell in <b>circ</b>. Figure out of it's * a legacy or a next gen cell, and pass it to the appropriate handler. */ int @@ -286,3 +329,267 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request, return -1; } +/* Send an INTRODUCE_ACK cell onto the circuit <b>circ</b> with the status + * value in <b>status</b>. Depending on the status, it can be ACK or a NACK. + * Return 0 on success else a negative value on error which will close the + * circuit. */ +static int +send_introduce_ack_cell(or_circuit_t *circ, hs_intro_ack_status_t status) +{ + int ret = -1; + uint8_t *encoded_cell = NULL; + ssize_t encoded_len, result_len; + hs_cell_introduce_ack_t *cell; + cell_extension_t *ext; + + tor_assert(circ); + + /* Setup the INTRODUCE_ACK cell. We have no extensions so the N_EXTENSIONS + * field is set to 0 by default with a new object. */ + cell = hs_cell_introduce_ack_new(); + ret = hs_cell_introduce_ack_set_status(cell, status); + /* We have no cell extensions in an INTRODUCE_ACK cell. */ + ext = cell_extension_new(); + cell_extension_set_num(ext, 0); + hs_cell_introduce_ack_set_extensions(cell, ext); + /* A wrong status is a very bad code flow error as this value is controlled + * by the code in this file and not an external input. This means we use a + * code that is not known by the trunnel ABI. */ + tor_assert(ret == 0); + /* Encode the payload. We should never fail to get the encoded length. */ + encoded_len = hs_cell_introduce_ack_encoded_len(cell); + tor_assert(encoded_len > 0); + encoded_cell = tor_malloc_zero(encoded_len); + result_len = hs_cell_introduce_ack_encode(encoded_cell, encoded_len, cell); + tor_assert(encoded_len == result_len); + + ret = relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ), + RELAY_COMMAND_INTRODUCE_ACK, + (char *) encoded_cell, encoded_len, + NULL); + /* On failure, the above function will close the circuit. */ + hs_cell_introduce_ack_free(cell); + tor_free(encoded_cell); + return ret; +} + +/* Validate a parsed INTRODUCE1 <b>cell</b>. Return 0 if valid or else a + * negative value for an invalid cell that should be NACKed. */ +STATIC int +validate_introduce1_parsed_cell(const hs_cell_introduce1_t *cell) +{ + size_t legacy_key_id_len; + const uint8_t *legacy_key_id; + + tor_assert(cell); + + /* This code path SHOULD NEVER be reached if the cell is a legacy type so + * safety net here. The legacy ID must be zeroes in this case. */ + legacy_key_id_len = hs_cell_introduce1_getlen_legacy_key_id(cell); + legacy_key_id = hs_cell_introduce1_getconstarray_legacy_key_id(cell); + if (BUG(!tor_mem_is_zero((char *) legacy_key_id, legacy_key_id_len))) { + goto invalid; + } + + /* The auth key of an INTRODUCE1 should be of type ed25519 thus leading to a + * known fixed length as well. */ + if (hs_cell_introduce1_get_auth_key_type(cell) != + HS_INTRO_AUTH_KEY_TYPE_ED25519) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Rejecting invalid INTRODUCE1 cell auth key type. " + "Responding with NACK."); + goto invalid; + } + if (hs_cell_introduce1_get_auth_key_len(cell) != ED25519_PUBKEY_LEN || + hs_cell_introduce1_getlen_auth_key(cell) != ED25519_PUBKEY_LEN) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Rejecting invalid INTRODUCE1 cell auth key length. " + "Responding with NACK."); + goto invalid; + } + if (hs_cell_introduce1_getlen_encrypted(cell) == 0) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Rejecting invalid INTRODUCE1 cell encrypted length. " + "Responding with NACK."); + goto invalid; + } + + return 0; + invalid: + return -1; +} + +/* We just received a non legacy INTRODUCE1 cell on <b>client_circ</b> with + * the payload in <b>request</b> of size <b>request_len</b>. Return 0 if + * everything went well, or -1 if an error occured. This function is in charge + * of sending back an INTRODUCE_ACK cell and will close client_circ on error. + */ +STATIC int +handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, + size_t request_len) +{ + int ret = -1; + or_circuit_t *service_circ; + hs_cell_introduce1_t *parsed_cell; + hs_intro_ack_status_t status = HS_INTRO_ACK_STATUS_SUCCESS; + + tor_assert(client_circ); + tor_assert(request); + + /* Parse cell. Note that we can only parse the non encrypted section for + * which we'll use the authentication key to find the service introduction + * circuit and relay the cell on it. */ + ssize_t cell_size = hs_cell_introduce1_parse(&parsed_cell, request, + request_len); + if (cell_size < 0) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Rejecting %s INTRODUCE1 cell. Responding with NACK.", + cell_size == -1 ? "invalid" : "truncated"); + /* Inform client that the INTRODUCE1 has a bad format. */ + status = HS_INTRO_ACK_STATUS_BAD_FORMAT; + goto send_ack; + } + + /* Once parsed validate the cell format. */ + if (validate_introduce1_parsed_cell(parsed_cell) < 0) { + /* Inform client that the INTRODUCE1 has bad format. */ + status = HS_INTRO_ACK_STATUS_BAD_FORMAT; + goto send_ack; + } + + /* Find introduction circuit through our circuit map. */ + { + ed25519_public_key_t auth_key; + get_auth_key_from_cell(&auth_key, RELAY_COMMAND_INTRODUCE1, parsed_cell); + service_circ = hs_circuitmap_get_intro_circ_v3(&auth_key); + if (service_circ == NULL) { + char b64_key[ED25519_BASE64_LEN + 1]; + ed25519_public_to_base64(b64_key, &auth_key); + log_info(LD_REND, "No intro circuit found for INTRODUCE1 cell " + "with auth key %s from circuit %" PRIu32 ". " + "Responding with NACK.", + safe_str(b64_key), client_circ->p_circ_id); + /* Inform the client that we don't know the requested service ID. */ + status = HS_INTRO_ACK_STATUS_UNKNOWN_ID; + goto send_ack; + } + } + + /* Relay the cell to the service on its intro circuit with an INTRODUCE2 + * cell which is the same exact payload. */ + if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(service_circ), + RELAY_COMMAND_INTRODUCE2, + (char *) request, request_len, NULL)) { + log_warn(LD_REND, "Unable to send INTRODUCE2 cell to the service."); + /* Inform the client that we can't relay the cell. */ + status = HS_INTRO_ACK_STATUS_CANT_RELAY; + goto send_ack; + } + + /* Success! Send an INTRODUCE_ACK success status onto the client circuit. */ + status = HS_INTRO_ACK_STATUS_SUCCESS; + ret = 0; + + send_ack: + /* Send INTRODUCE_ACK or INTRODUCE_NACK to client */ + if (send_introduce_ack_cell(client_circ, status) < 0) { + log_warn(LD_REND, "Unable to send an INTRODUCE ACK status %d to client.", + status); + /* Circuit has been closed on failure of transmission. */ + goto done; + } + if (status != HS_INTRO_ACK_STATUS_SUCCESS) { + /* We just sent a NACK that is a non success status code so close the + * circuit because it's not useful to keep it open. Remember, a client can + * only send one INTRODUCE1 cell on a circuit. */ + circuit_mark_for_close(TO_CIRCUIT(client_circ), END_CIRC_REASON_INTERNAL); + } + done: + hs_cell_introduce1_free(parsed_cell); + return ret; +} + +/* Identify if the encoded cell we just received is a legacy one or not. The + * <b>request</b> should be at least DIGEST_LEN bytes long. */ +STATIC int +introduce1_cell_is_legacy(const uint8_t *request) +{ + tor_assert(request); + + /* If the first 20 bytes of the cell (DIGEST_LEN) are NOT zeroes, it + * indicates a legacy cell (v2). */ + if (!tor_mem_is_zero((const char *) request, DIGEST_LEN)) { + /* Legacy cell. */ + return 1; + } + /* Not a legacy cell. */ + return 0; +} + +/* Return true iff the circuit <b>circ</b> is suitable for receiving an + * INTRODUCE1 cell. */ +STATIC int +circuit_is_suitable_for_introduce1(const or_circuit_t *circ) +{ + tor_assert(circ); + + /* Is this circuit an intro point circuit? */ + if (!circuit_is_suitable_intro_point(circ, "INTRODUCE1")) { + return 0; + } + + if (circ->already_received_introduce1) { + log_fn(LOG_PROTOCOL_WARN, LD_REND, + "Blocking multiple introductions on the same circuit. " + "Someone might be trying to attack a hidden service through " + "this relay."); + return 0; + } + + return 1; +} + +/* We just received an INTRODUCE1 cell on <b>circ</b>. Figure out which type + * it is and pass it to the appropriate handler. Return 0 on success else a + * negative value and the circuit is closed. */ +int +hs_intro_received_introduce1(or_circuit_t *circ, const uint8_t *request, + size_t request_len) +{ + int ret; + + tor_assert(circ); + tor_assert(request); + + /* A cell that can't hold a DIGEST_LEN is invalid as we need to check if + * it's a legacy cell or not using the first DIGEST_LEN bytes. */ + if (request_len < DIGEST_LEN) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Invalid INTRODUCE1 cell length."); + goto err; + } + + /* Make sure we have a circuit that can have an INTRODUCE1 cell on it. */ + if (!circuit_is_suitable_for_introduce1(circ)) { + /* We do not send a NACK because the circuit is not suitable for any kind + * of response or transmission as it's a violation of the protocol. */ + goto err; + } + /* Mark the circuit that we got this cell. None are allowed after this as a + * DoS mitigation since one circuit with one client can hammer a service. */ + circ->already_received_introduce1 = 1; + + /* We are sure here to have at least DIGEST_LEN bytes. */ + if (introduce1_cell_is_legacy(request)) { + /* Handle a legacy cell. */ + ret = rend_mid_introduce_legacy(circ, request, request_len); + } else { + /* Handle a non legacy cell. */ + ret = handle_introduce1(circ, request, request_len); + } + return ret; + + err: + circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL); + return -1; +} + diff --git a/src/or/hs_intropoint.h b/src/or/hs_intropoint.h index 46d8d6f7de..e6024a858f 100644 --- a/src/or/hs_intropoint.h +++ b/src/or/hs_intropoint.h @@ -16,25 +16,44 @@ enum hs_intro_auth_key_type { HS_INTRO_AUTH_KEY_TYPE_ED25519 = 0x02, }; +/* INTRODUCE_ACK status code. */ +typedef enum { + HS_INTRO_ACK_STATUS_SUCCESS = 0x0000, + HS_INTRO_ACK_STATUS_UNKNOWN_ID = 0x0001, + HS_INTRO_ACK_STATUS_BAD_FORMAT = 0x0002, + HS_INTRO_ACK_STATUS_CANT_RELAY = 0x0003, +} hs_intro_ack_status_t; + int hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request, size_t request_len); +int hs_intro_received_introduce1(or_circuit_t *circ, const uint8_t *request, + size_t request_len); MOCK_DECL(int, hs_intro_send_intro_established_cell,(or_circuit_t *circ)); /* also used by rendservice.c */ -int hs_intro_circuit_is_suitable(const or_circuit_t *circ); +int hs_intro_circuit_is_suitable_for_establish_intro(const or_circuit_t *circ); #ifdef HS_INTROPOINT_PRIVATE +#include "hs/cell_establish_intro.h" +#include "hs/cell_introduce1.h" + STATIC int verify_establish_intro_cell(const hs_cell_establish_intro_t *out, const uint8_t *circuit_key_material, size_t circuit_key_material_len); STATIC void -get_auth_key_from_establish_intro_cell(ed25519_public_key_t *auth_key_out, - const hs_cell_establish_intro_t *cell); +get_auth_key_from_cell(ed25519_public_key_t *auth_key_out, + unsigned int cell_type, const void *cell); + +STATIC int introduce1_cell_is_legacy(const uint8_t *request); +STATIC int handle_introduce1(or_circuit_t *client_circ, + const uint8_t *request, size_t request_len); +STATIC int validate_introduce1_parsed_cell(const hs_cell_introduce1_t *cell); +STATIC int circuit_is_suitable_for_introduce1(const or_circuit_t *circ); #endif /* HS_INTROPOINT_PRIVATE */ diff --git a/src/or/hs_service.c b/src/or/hs_service.c index 3b5a3e7853..7b12b63065 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -152,8 +152,9 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material, tor_assert(encoded_len > ED25519_SIG_LEN); if (ed25519_sign_prefixed(&sig, - (uint8_t*) cell_bytes_tmp, - encoded_len - ED25519_SIG_LEN, + cell_bytes_tmp, + encoded_len - + (ED25519_SIG_LEN + sizeof(cell->sig_len)), ESTABLISH_INTRO_SIG_PREFIX, &key_struct)) { log_warn(LD_BUG, "Unable to gen signature for ESTABLISH_INTRO cell."); diff --git a/src/or/main.c b/src/or/main.c index 0d4da65764..24b209ce8a 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -486,7 +486,7 @@ connection_check_event(connection_t *conn, struct event *ev) */ bad = ev != NULL; } else { - /* Everytyhing else should have an underlying socket, or a linked + /* Everything else should have an underlying socket, or a linked * connection (which is also tracked with a read_event/write_event pair). */ bad = ev == NULL; @@ -1656,8 +1656,7 @@ static int check_expired_networkstatus_callback(time_t now, const or_options_t *options) { (void)options; - /* 1f. Check whether our networkstatus has expired. - */ + /* Check whether our networkstatus has expired. */ networkstatus_t *ns = networkstatus_get_latest_consensus(); /*XXXX RD: This value needs to be the same as REASONABLY_LIVE_TIME in * networkstatus_get_reasonably_live_consensus(), but that value is way @@ -1769,7 +1768,7 @@ clean_caches_callback(time_t now, const or_options_t *options) /** * Periodic callback: Clean the cache of failed hidden service lookups - * frequently frequently. + * frequently. */ static int rend_cache_failure_clean_callback(time_t now, const or_options_t *options) diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 2bcedbfb0c..804af297ba 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -1126,6 +1126,9 @@ node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out) node_assert_ok(node); tor_assert(ap_out); + /* Check ri first, because rewrite_node_address_for_bridge() updates + * node->ri with the configured bridge address. */ + RETURN_IPV4_AP(node->ri, or_port, ap_out); RETURN_IPV4_AP(node->rs, or_port, ap_out); /* Microdescriptors only have an IPv6 address */ @@ -1156,9 +1159,11 @@ node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out) node_assert_ok(node); tor_assert(ap_out); - /* Prefer routerstatus over microdesc for consistency with the - * fascist_firewall_* functions. Also check if the address or port are valid, - * and try another alternative if they are not. */ + /* Check ri first, because rewrite_node_address_for_bridge() updates + * node->ri with the configured bridge address. + * Prefer rs over md for consistency with the fascist_firewall_* functions. + * Check if the address or port are valid, and try another alternative + * if they are not. */ if (node->ri && tor_addr_port_is_valid(&node->ri->ipv6_addr, node->ri->ipv6_orport, 0)) { @@ -1218,6 +1223,9 @@ node_get_prim_dirport(const node_t *node, tor_addr_port_t *ap_out) node_assert_ok(node); tor_assert(ap_out); + /* Check ri first, because rewrite_node_address_for_bridge() updates + * node->ri with the configured bridge address. */ + RETURN_IPV4_AP(node->ri, dir_port, ap_out); RETURN_IPV4_AP(node->rs, dir_port, ap_out); /* Microdescriptors only have an IPv6 address */ @@ -1250,8 +1258,11 @@ node_get_pref_ipv6_dirport(const node_t *node, tor_addr_port_t *ap_out) node_assert_ok(node); tor_assert(ap_out); - /* Check if the address or port are valid, and try another alternative if - * they are not. Note that microdescriptors have no dir_port. */ + /* Check ri first, because rewrite_node_address_for_bridge() updates + * node->ri with the configured bridge address. + * Prefer rs over md for consistency with the fascist_firewall_* functions. + * Check if the address or port are valid, and try another alternative + * if they are not. */ /* Assume IPv4 and IPv6 dirports are the same */ if (node->ri && tor_addr_port_is_valid(&node->ri->ipv6_addr, diff --git a/src/or/or.h b/src/or/or.h index 00031a8929..18fff78942 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -147,18 +147,6 @@ /** Maximum size of a single extrainfo document, as above. */ #define MAX_EXTRAINFO_UPLOAD_SIZE 50000 -/** How long do we keep DNS cache entries before purging them (regardless of - * their TTL)? */ -#define MAX_DNS_ENTRY_AGE (30*60) -/** How long do we cache/tell clients to cache DNS records when no TTL is - * known? */ -#define DEFAULT_DNS_TTL (30*60) -/** How long can a TTL be before we stop believing it? */ -#define MAX_DNS_TTL (3*60*60) -/** How small can a TTL be before we stop believing it? Provides rudimentary - * pinning. */ -#define MIN_DNS_TTL 60 - /** How often do we rotate onion keys? */ #define MIN_ONION_KEY_LIFETIME (7*24*60*60) /** How often do we rotate TLS contexts? */ @@ -1760,7 +1748,7 @@ typedef struct dir_connection_t { /** Which 'resource' did we ask the directory for? This is typically the part * of the URL string that defines, relative to the directory conn purpose, * what thing we want. For example, in router descriptor downloads by - * descriptor digest, it contains "d/", then one ore more +-separated + * descriptor digest, it contains "d/", then one or more +-separated * fingerprints. **/ char *requested_resource; @@ -3039,11 +3027,11 @@ typedef struct circuit_t { /** For what reason (See END_CIRC_REASON...) is this circuit being closed? * This field is set in circuit_mark_for_close and used later in * circuit_about_to_free. */ - uint16_t marked_for_close_reason; + int marked_for_close_reason; /** As marked_for_close_reason, but reflects the underlying reason for * closing this circuit. */ - uint16_t marked_for_close_orig_reason; + int marked_for_close_orig_reason; /** Unique ID for measuring tunneled network status requests. */ uint64_t dirreq_id; @@ -3557,6 +3545,12 @@ typedef struct routerset_t routerset_t; * to pick its own port. */ #define CFG_AUTO_PORT 0xc4005e +/** Enumeration of outbound address configuration types: + * Exit-only, OR-only, or both */ +typedef enum {OUTBOUND_ADDR_EXIT, OUTBOUND_ADDR_OR, + OUTBOUND_ADDR_EXIT_AND_OR, + OUTBOUND_ADDR_MAX} outbound_addr_t; + /** Configuration options for a Tor process. */ typedef struct { uint32_t magic_; @@ -3640,10 +3634,14 @@ typedef struct { config_line_t *ControlListenAddress; /** Local address to bind outbound sockets */ config_line_t *OutboundBindAddress; - /** IPv4 address derived from OutboundBindAddress. */ - tor_addr_t OutboundBindAddressIPv4_; - /** IPv6 address derived from OutboundBindAddress. */ - tor_addr_t OutboundBindAddressIPv6_; + /** Local address to bind outbound relay sockets */ + config_line_t *OutboundBindAddressOR; + /** Local address to bind outbound exit sockets */ + config_line_t *OutboundBindAddressExit; + /** Addresses derived from the various OutboundBindAddress lines. + * [][0] is IPv4, [][1] is IPv6 + */ + tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]; /** Directory server only: which versions of * Tor should we tell users to run? */ config_line_t *RecommendedVersions; @@ -4586,14 +4584,6 @@ typedef struct { * do we enforce Ed25519 identity match? */ /* NOTE: remove this option someday. */ int AuthDirTestEd25519LinkKeys; - - /** If 1, we use the old (pre-prop271) guard selection algorithm. - * - * XXXX prop271 This option is only here as a stopgap while we're - * XXXX tuning and debugging the new (post-prop271) algorithm. Eventually - * we should remove it entirely. - */ - int UseDeprecatedGuardAlgorithm; } or_options_t; /** Persistent state for an onion router, as saved to disk. */ @@ -5348,10 +5338,6 @@ typedef struct dir_server_t { */ #define PDS_NO_EXISTING_MICRODESC_FETCH (1<<4) -/** This node is to be chosen as a directory guard, so don't choose any - * node that's currently a guard. */ -#define PDS_FOR_GUARD (1<<5) - /** Possible ways to weight routers when choosing one randomly. See * routerlist_sl_choose_by_bandwidth() for more information.*/ typedef enum bandwidth_weight_rule_t { diff --git a/src/or/parsecommon.h b/src/or/parsecommon.h index 3019df63eb..15e9f7ae85 100644 --- a/src/or/parsecommon.h +++ b/src/or/parsecommon.h @@ -154,7 +154,7 @@ typedef enum { R3_DESC_LIFETIME, R3_DESC_SIGNING_CERT, R3_REVISION_COUNTER, - R3_ENCRYPTED, + R3_SUPERENCRYPTED, R3_SIGNATURE, R3_CREATE2_FORMATS, R3_AUTHENTICATION_REQUIRED, diff --git a/src/or/policies.c b/src/or/policies.c index f4c0cddbcc..aea1b11829 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -20,6 +20,7 @@ #include "or.h" #include "config.h" #include "dirserv.h" +#include "microdesc.h" #include "networkstatus.h" #include "nodelist.h" #include "policies.h" @@ -297,8 +298,8 @@ parse_reachable_addresses(void) } else if (fascist_firewall_use_ipv6(options) && (policy_is_reject_star(reachable_or_addr_policy, AF_INET6, 0) || policy_is_reject_star(reachable_dir_addr_policy, AF_INET6, 0))) { - log_warn(LD_CONFIG, "You have configured tor to use IPv6 " - "(ClientUseIPv6 1 or UseBridges 1), but " + log_warn(LD_CONFIG, "You have configured tor to use or prefer IPv6 " + "(or UseBridges 1), but " "ReachableAddresses, ReachableORAddresses, or " "ReachableDirAddresses reject all IPv6 addresses. " "Tor will not connect using IPv6."); @@ -316,10 +317,8 @@ firewall_is_fascist_impl(void) const or_options_t *options = get_options(); /* Assume every non-bridge relay has an IPv4 address. * Clients which use bridges may only know the IPv6 address of their - * bridge. */ - return (options->ClientUseIPv4 == 0 - || (!fascist_firewall_use_ipv6(options) - && options->UseBridges == 1)); + * bridge, but they will connect regardless of the ClientUseIPv6 setting. */ + return options->ClientUseIPv4 == 0; } /** Return true iff the firewall options, including ClientUseIPv4 0 and @@ -426,6 +425,9 @@ fascist_firewall_allows_address(const tor_addr_t *addr, } /** Is this client configured to use IPv6? + * Returns true if the client might use IPv6 for some of its connections + * (including dual-stack and IPv6-only clients), and false if it will never + * use IPv6 for any connections. * Use node_ipv6_or/dir_preferred() when checking a specific node and OR/Dir * port: it supports bridge client per-node IPv6 preferences. */ @@ -433,9 +435,11 @@ int fascist_firewall_use_ipv6(const or_options_t *options) { /* Clients use IPv6 if it's set, or they use bridges, or they don't use - * IPv4 */ - return (options->ClientUseIPv6 == 1 || options->UseBridges == 1 - || options->ClientUseIPv4 == 0); + * IPv4, or they prefer it. + * ClientPreferIPv6DirPort is deprecated, but check it anyway. */ + return (options->ClientUseIPv6 == 1 || options->ClientUseIPv4 == 0 || + options->ClientPreferIPv6ORPort == 1 || + options->ClientPreferIPv6DirPort == 1 || options->UseBridges == 1); } /** Do we prefer to connect to IPv6, ignoring ClientPreferIPv6ORPort and @@ -888,6 +892,33 @@ fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr, pref_ipv6, ap); } +/* The microdescriptor consensus has no IPv6 addresses in rs: they are in + * the microdescriptors. This means we can't rely on the node's IPv6 address + * until its microdescriptor is available (when using microdescs). + * But for bridges, rewrite_node_address_for_bridge() updates node->ri with + * the configured address, so we can trust bridge addresses. + * (Bridges could gain an IPv6 address if their microdescriptor arrives, but + * this will never be their preferred address: that is in the config.) + * Returns true if the node needs a microdescriptor for its IPv6 address, and + * false if the addresses in the node are already up-to-date. + */ +static int +node_awaiting_ipv6(const or_options_t* options, const node_t *node) +{ + tor_assert(node); + + /* There's no point waiting for an IPv6 address if we'd never use it */ + if (!fascist_firewall_use_ipv6(options)) { + return 0; + } + + /* We are waiting if we_use_microdescriptors_for_circuits() and we have no + * md. Bridges have a ri based on their config. They would never use the + * address from their md, so there's no need to wait for it. */ + return (!node->md && we_use_microdescriptors_for_circuits(options) && + !node->ri); +} + /** Like fascist_firewall_choose_address_base(), but takes <b>rs</b>. * Consults the corresponding node, then falls back to rs if node is NULL. * This should only happen when there's no valid consensus, and rs doesn't @@ -904,15 +935,15 @@ fascist_firewall_choose_address_rs(const routerstatus_t *rs, tor_assert(ap); + const or_options_t *options = get_options(); const node_t *node = node_get_by_id(rs->identity_digest); - if (node) { + if (node && !node_awaiting_ipv6(options, node)) { return fascist_firewall_choose_address_node(node, fw_connection, pref_only, ap); } else { /* There's no node-specific IPv6 preference, so use the generic IPv6 * preference instead. */ - const or_options_t *options = get_options(); int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION ? fascist_firewall_prefer_ipv6_orport(options) : fascist_firewall_prefer_ipv6_dirport(options)); @@ -946,6 +977,18 @@ fascist_firewall_choose_address_node(const node_t *node, node_assert_ok(node); + /* Calling fascist_firewall_choose_address_node() when the node is missing + * IPv6 information breaks IPv6-only clients. + * If the node is a hard-coded fallback directory or authority, call + * fascist_firewall_choose_address_rs() on the fake (hard-coded) routerstatus + * for the node. + * If it is not hard-coded, check that the node has a microdescriptor, full + * descriptor (routerinfo), or is one of our configured bridges before + * calling this function. */ + if (BUG(node_awaiting_ipv6(get_options(), node))) { + return 0; + } + const int pref_ipv6_node = (fw_connection == FIREWALL_OR_CONNECTION ? node_ipv6_or_preferred(node) : node_ipv6_dir_preferred(node)); @@ -1976,10 +2019,10 @@ policies_copy_ipv4h_to_smartlist(smartlist_t *addr_list, uint32_t ipv4h_addr) } } -/** Helper function that adds copies of - * or_options->OutboundBindAddressIPv[4|6]_ to a smartlist as tor_addr_t *, as - * long as or_options is non-NULL, and the addresses are not - * tor_addr_is_null(), by passing them to policies_add_addr_to_smartlist. +/** Helper function that adds copies of or_options->OutboundBindAddresses + * to a smartlist as tor_addr_t *, as long as or_options is non-NULL, and + * the addresses are not tor_addr_is_null(), by passing them to + * policies_add_addr_to_smartlist. * * The caller is responsible for freeing all the tor_addr_t* in the smartlist. */ @@ -1988,10 +2031,14 @@ policies_copy_outbound_addresses_to_smartlist(smartlist_t *addr_list, const or_options_t *or_options) { if (or_options) { - policies_copy_addr_to_smartlist(addr_list, - &or_options->OutboundBindAddressIPv4_); - policies_copy_addr_to_smartlist(addr_list, - &or_options->OutboundBindAddressIPv6_); + for (int i=0;i<OUTBOUND_ADDR_MAX;i++) { + for (int j=0;j<2;j++) { + if (!tor_addr_is_null(&or_options->OutboundBindAddresses[i][j])) { + policies_copy_addr_to_smartlist(addr_list, + &or_options->OutboundBindAddresses[i][j]); + } + } + } } } @@ -2008,10 +2055,10 @@ policies_copy_outbound_addresses_to_smartlist(smartlist_t *addr_list, * - if ipv6_local_address is non-NULL, and not the null tor_addr_t, add it * to the list of configured addresses. * If <b>or_options->ExitPolicyRejectLocalInterfaces</b> is true: - * - if or_options->OutboundBindAddressIPv4_ is not the null tor_addr_t, add - * it to the list of configured addresses. - * - if or_options->OutboundBindAddressIPv6_ is not the null tor_addr_t, add - * it to the list of configured addresses. + * - if or_options->OutboundBindAddresses[][0] (=IPv4) is not the null + * tor_addr_t, add it to the list of configured addresses. + * - if or_options->OutboundBindAddresses[][1] (=IPv6) is not the null + * tor_addr_t, add it to the list of configured addresses. * * If <b>or_options->BridgeRelay</b> is false, append entries of default * Tor exit policy into <b>result</b> smartlist. diff --git a/src/or/relay.c b/src/or/relay.c index 8d48239e47..2e76a8ec36 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -595,11 +595,11 @@ relay_command_to_string(uint8_t command) * If you can't send the cell, mark the circuit for close and return -1. Else * return 0. */ -int -relay_send_command_from_edge_(streamid_t stream_id, circuit_t *circ, - uint8_t relay_command, const char *payload, - size_t payload_len, crypt_path_t *cpath_layer, - const char *filename, int lineno) +MOCK_IMPL(int, +relay_send_command_from_edge_,(streamid_t stream_id, circuit_t *circ, + uint8_t relay_command, const char *payload, + size_t payload_len, crypt_path_t *cpath_layer, + const char *filename, int lineno)) { cell_t cell; relay_header_t rh; diff --git a/src/or/relay.h b/src/or/relay.h index e15551ca51..3acf3ee0e3 100644 --- a/src/or/relay.h +++ b/src/or/relay.h @@ -20,10 +20,13 @@ int circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, void relay_header_pack(uint8_t *dest, const relay_header_t *src); void relay_header_unpack(relay_header_t *dest, const uint8_t *src); -int relay_send_command_from_edge_(streamid_t stream_id, circuit_t *circ, +MOCK_DECL(int, +relay_send_command_from_edge_,(streamid_t stream_id, circuit_t *circ, uint8_t relay_command, const char *payload, size_t payload_len, crypt_path_t *cpath_layer, - const char *filename, int lineno); + const char *filename, int lineno)); +/* Indicates to relay_send_command_from_edge() that it is a control cell. */ +#define CONTROL_CELL_ID 0 #define relay_send_command_from_edge(stream_id, circ, relay_command, payload, \ payload_len, cpath_layer) \ relay_send_command_from_edge_((stream_id), (circ), (relay_command), \ diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index def51b7986..bc53762fb6 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -771,7 +771,7 @@ rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, break; case RELAY_COMMAND_INTRODUCE1: if (or_circ) - r = rend_mid_introduce(or_circ,payload,length); + r = hs_intro_received_introduce1(or_circ,payload,length); break; case RELAY_COMMAND_INTRODUCE2: if (origin_circ) diff --git a/src/or/rendmid.c b/src/or/rendmid.c index 3319a639b9..57c8cfac92 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -38,7 +38,7 @@ rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request, "Received a legacy ESTABLISH_INTRO request on circuit %u", (unsigned) circ->p_circ_id); - if (!hs_intro_circuit_is_suitable(circ)) { + if (!hs_intro_circuit_is_suitable_for_establish_intro(circ)) { reason = END_CIRC_REASON_TORPROTOCOL; goto err; } @@ -133,8 +133,8 @@ rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request, * INTRODUCE2 cell. */ int -rend_mid_introduce(or_circuit_t *circ, const uint8_t *request, - size_t request_len) +rend_mid_introduce_legacy(or_circuit_t *circ, const uint8_t *request, + size_t request_len) { or_circuit_t *intro_circ; char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; @@ -143,26 +143,10 @@ rend_mid_introduce(or_circuit_t *circ, const uint8_t *request, log_info(LD_REND, "Received an INTRODUCE1 request on circuit %u", (unsigned)circ->p_circ_id); - if (circ->base_.purpose != CIRCUIT_PURPOSE_OR || circ->base_.n_chan) { - log_warn(LD_PROTOCOL, - "Rejecting INTRODUCE1 on non-OR or non-edge circuit %u.", - (unsigned)circ->p_circ_id); - goto err; - } - - /* We have already done an introduction on this circuit but we just - received a request for another one. We block it since this might - be an attempt to DoS a hidden service (#15515). */ - if (circ->already_received_introduce1) { - log_fn(LOG_PROTOCOL_WARN, LD_REND, - "Blocking multiple introductions on the same circuit. " - "Someone might be trying to attack a hidden service through " - "this relay."); - circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL); - return -1; - } - - circ->already_received_introduce1 = 1; + /* At this point, we know that the circuit is valid for an INTRODUCE1 + * because the validation has been made before calling this function. */ + tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_OR); + tor_assert(!circ->base_.n_chan); /* We could change this to MAX_HEX_NICKNAME_LEN now that 0.0.9.x is * obsolete; however, there isn't much reason to do so, and we're going diff --git a/src/or/rendmid.h b/src/or/rendmid.h index 374f2b7d66..347d745853 100644 --- a/src/or/rendmid.h +++ b/src/or/rendmid.h @@ -14,8 +14,8 @@ int rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request, size_t request_len); -int rend_mid_introduce(or_circuit_t *circ, const uint8_t *request, - size_t request_len); +int rend_mid_introduce_legacy(or_circuit_t *circ, const uint8_t *request, + size_t request_len); int rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, size_t request_len); int rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 1713a84bbd..00f251588c 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -542,6 +542,95 @@ rend_service_check_dir_and_add(smartlist_t *service_list, return rend_add_service(s_list, service); } +/* If this is a reload and there were hidden services configured before, + * keep the introduction points that are still needed and close the + * other ones. */ +STATIC void +prune_services_on_reload(smartlist_t *old_service_list, + smartlist_t *new_service_list) +{ + origin_circuit_t *ocirc = NULL; + smartlist_t *surviving_services = NULL; + + tor_assert(old_service_list); + tor_assert(new_service_list); + + /* This contains all _existing_ services that survives the relaod that is + * that haven't been removed from the configuration. The difference between + * this list and the new service list is that the new list can possibly + * contain newly configured service that have no introduction points opened + * yet nor key material loaded or generated. */ + surviving_services = smartlist_new(); + + /* Preserve the existing ephemeral services. + * + * This is the ephemeral service equivalent of the "Copy introduction + * points to new services" block, except there's no copy required since + * the service structure isn't regenerated. + * + * After this is done, all ephemeral services will be: + * * Removed from old_service_list, so the equivalent non-ephemeral code + * will not attempt to preserve them. + * * Added to the new_service_list (that previously only had the + * services listed in the configuration). + * * Added to surviving_services, which is the list of services that + * will NOT have their intro point closed. + */ + SMARTLIST_FOREACH_BEGIN(old_service_list, rend_service_t *, old) { + if (rend_service_is_ephemeral(old)) { + SMARTLIST_DEL_CURRENT(old_service_list, old); + smartlist_add(surviving_services, old); + smartlist_add(new_service_list, old); + } + } SMARTLIST_FOREACH_END(old); + + /* Copy introduction points to new services. This is O(n^2), but it's only + * called on reconfigure, so it's ok performance wise. */ + SMARTLIST_FOREACH_BEGIN(new_service_list, rend_service_t *, new) { + SMARTLIST_FOREACH_BEGIN(old_service_list, rend_service_t *, old) { + /* Skip ephemeral services as we only want to copy introduction points + * from current services to newly configured one that already exists. + * The same directory means it's the same service. */ + if (rend_service_is_ephemeral(new) || rend_service_is_ephemeral(old) || + strcmp(old->directory, new->directory)) { + continue; + } + smartlist_add_all(new->intro_nodes, old->intro_nodes); + smartlist_clear(old->intro_nodes); + smartlist_add_all(new->expiring_nodes, old->expiring_nodes); + smartlist_clear(old->expiring_nodes); + /* This regular service will survive the closing IPs step after. */ + smartlist_add(surviving_services, old); + break; + } SMARTLIST_FOREACH_END(old); + } SMARTLIST_FOREACH_END(new); + + /* For every service introduction circuit we can find, see if we have a + * matching surviving configured service. If not, close the circuit. */ + while ((ocirc = circuit_get_next_service_intro_circ(ocirc))) { + int keep_it = 0; + tor_assert(ocirc->rend_data); + SMARTLIST_FOREACH_BEGIN(surviving_services, const rend_service_t *, s) { + if (rend_circuit_pk_digest_eq(ocirc, (uint8_t *) s->pk_digest)) { + /* Keep this circuit as we have a matching configured service. */ + keep_it = 1; + break; + } + } SMARTLIST_FOREACH_END(s); + if (keep_it) { + continue; + } + log_info(LD_REND, "Closing intro point %s for service %s.", + safe_str_client(extend_info_describe( + ocirc->build_state->chosen_exit)), + safe_str_client(rend_data_get_address(ocirc->rend_data))); + /* Reason is FINISHED because service has been removed and thus the + * circuit is considered old/uneeded. */ + circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED); + } + smartlist_free(surviving_services); +} + /** Set up rend_service_list, based on the values of HiddenServiceDir and * HiddenServicePort in <b>options</b>. Return 0 on success and -1 on * failure. (If <b>validate_only</b> is set, parse, warn and return as @@ -556,6 +645,7 @@ rend_config_services(const or_options_t *options, int validate_only) smartlist_t *old_service_list = NULL; smartlist_t *temp_service_list = NULL; int ok = 0; + int rv = -1; /* Use a temporary service list, so that we can check the new services' * consistency with each other */ @@ -568,7 +658,8 @@ rend_config_services(const or_options_t *options, int validate_only) * which is registered below the loop */ if (rend_service_check_dir_and_add(temp_service_list, options, service, validate_only) < 0) { - return -1; + service = NULL; + goto free_and_return; } service = tor_malloc_zero(sizeof(rend_service_t)); service->directory = tor_strdup(line->value); @@ -580,8 +671,7 @@ rend_config_services(const or_options_t *options, int validate_only) if (!service) { log_warn(LD_CONFIG, "%s with no preceding HiddenServiceDir directive", line->key); - rend_service_free(service); - return -1; + goto free_and_return; } if (!strcasecmp(line->key, "HiddenServicePort")) { char *err_msg = NULL; @@ -590,8 +680,7 @@ rend_config_services(const or_options_t *options, int validate_only) if (err_msg) log_warn(LD_CONFIG, "%s", err_msg); tor_free(err_msg); - rend_service_free(service); - return -1; + goto free_and_return; } tor_assert(!err_msg); smartlist_add(service->ports, portcfg); @@ -602,8 +691,7 @@ rend_config_services(const or_options_t *options, int validate_only) log_warn(LD_CONFIG, "HiddenServiceAllowUnknownPorts should be 0 or 1, not %s", line->value); - rend_service_free(service); - return -1; + goto free_and_return; } log_info(LD_CONFIG, "HiddenServiceAllowUnknownPorts=%d for %s", @@ -617,8 +705,7 @@ rend_config_services(const or_options_t *options, int validate_only) log_warn(LD_CONFIG, "HiddenServiceDirGroupReadable should be 0 or 1, not %s", line->value); - rend_service_free(service); - return -1; + goto free_and_return; } log_info(LD_CONFIG, "HiddenServiceDirGroupReadable=%d for %s", @@ -631,8 +718,7 @@ rend_config_services(const or_options_t *options, int validate_only) log_warn(LD_CONFIG, "HiddenServiceMaxStreams should be between 0 and %d, not %s", 65535, line->value); - rend_service_free(service); - return -1; + goto free_and_return; } log_info(LD_CONFIG, "HiddenServiceMaxStreams=%d for %s", @@ -646,8 +732,7 @@ rend_config_services(const or_options_t *options, int validate_only) "HiddenServiceMaxStreamsCloseCircuit should be 0 or 1, " "not %s", line->value); - rend_service_free(service); - return -1; + goto free_and_return; } log_info(LD_CONFIG, "HiddenServiceMaxStreamsCloseCircuit=%d for %s", @@ -656,16 +741,13 @@ rend_config_services(const or_options_t *options, int validate_only) } else if (!strcasecmp(line->key, "HiddenServiceNumIntroductionPoints")) { service->n_intro_points_wanted = (unsigned int) tor_parse_long(line->value, 10, - NUM_INTRO_POINTS_DEFAULT, - NUM_INTRO_POINTS_MAX, &ok, NULL); + 0, NUM_INTRO_POINTS_MAX, &ok, NULL); if (!ok) { log_warn(LD_CONFIG, "HiddenServiceNumIntroductionPoints " "should be between %d and %d, not %s", - NUM_INTRO_POINTS_DEFAULT, NUM_INTRO_POINTS_MAX, - line->value); - rend_service_free(service); - return -1; + 0, NUM_INTRO_POINTS_MAX, line->value); + goto free_and_return; } log_info(LD_CONFIG, "HiddenServiceNumIntroductionPoints=%d for %s", service->n_intro_points_wanted, @@ -680,8 +762,7 @@ rend_config_services(const or_options_t *options, int validate_only) if (service->auth_type != REND_NO_AUTH) { log_warn(LD_CONFIG, "Got multiple HiddenServiceAuthorizeClient " "lines for a single service."); - rend_service_free(service); - return -1; + goto free_and_return; } type_names_split = smartlist_new(); smartlist_split_string(type_names_split, line->value, " ", 0, 2); @@ -689,9 +770,7 @@ rend_config_services(const or_options_t *options, int validate_only) log_warn(LD_BUG, "HiddenServiceAuthorizeClient has no value. This " "should have been prevented when parsing the " "configuration."); - smartlist_free(type_names_split); - rend_service_free(service); - return -1; + goto free_and_return; } authname = smartlist_get(type_names_split, 0); if (!strcasecmp(authname, "basic")) { @@ -705,8 +784,7 @@ rend_config_services(const or_options_t *options, int validate_only) (char *) smartlist_get(type_names_split, 0)); SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp)); smartlist_free(type_names_split); - rend_service_free(service); - return -1; + goto free_and_return; } service->clients = smartlist_new(); if (smartlist_len(type_names_split) < 2) { @@ -743,8 +821,7 @@ rend_config_services(const or_options_t *options, int validate_only) client_name, REND_CLIENTNAME_MAX_LEN); SMARTLIST_FOREACH(clients, char *, cp, tor_free(cp)); smartlist_free(clients); - rend_service_free(service); - return -1; + goto free_and_return; } client = tor_malloc_zero(sizeof(rend_authorized_client_t)); client->client_name = tor_strdup(client_name); @@ -766,16 +843,14 @@ rend_config_services(const or_options_t *options, int validate_only) smartlist_len(service->clients), service->auth_type == REND_BASIC_AUTH ? 512 : 16, service->auth_type == REND_BASIC_AUTH ? "basic" : "stealth"); - rend_service_free(service); - return -1; + goto free_and_return; } } else { tor_assert(!strcasecmp(line->key, "HiddenServiceVersion")); if (strcmp(line->value, "2")) { log_warn(LD_CONFIG, "The only supported HiddenServiceVersion is 2."); - rend_service_free(service); - return -1; + goto free_and_return; } } } @@ -784,16 +859,15 @@ rend_config_services(const or_options_t *options, int validate_only) * within the loop. It is ok for this service to be NULL, it is ignored. */ if (rend_service_check_dir_and_add(temp_service_list, options, service, validate_only) < 0) { - return -1; + service = NULL; + goto free_and_return; } + service = NULL; /* Free the newly added services if validating */ if (validate_only) { - SMARTLIST_FOREACH(temp_service_list, rend_service_t *, ptr, - rend_service_free(ptr)); - smartlist_free(temp_service_list); - temp_service_list = NULL; - return 0; + rv = 0; + goto free_and_return; } /* Otherwise, use the newly added services as the new service list @@ -807,88 +881,21 @@ rend_config_services(const or_options_t *options, int validate_only) * keep the introduction points that are still needed and close the * other ones. */ if (old_service_list && !validate_only) { - smartlist_t *surviving_services = smartlist_new(); - - /* Preserve the existing ephemeral services. - * - * This is the ephemeral service equivalent of the "Copy introduction - * points to new services" block, except there's no copy required since - * the service structure isn't regenerated. - * - * After this is done, all ephemeral services will be: - * * Removed from old_service_list, so the equivalent non-ephemeral code - * will not attempt to preserve them. - * * Added to the new rend_service_list (that previously only had the - * services listed in the configuration). - * * Added to surviving_services, which is the list of services that - * will NOT have their intro point closed. - */ - SMARTLIST_FOREACH(old_service_list, rend_service_t *, old, { - if (rend_service_is_ephemeral(old)) { - SMARTLIST_DEL_CURRENT(old_service_list, old); - smartlist_add(surviving_services, old); - smartlist_add(rend_service_list, old); - } - }); - - /* Copy introduction points to new services. */ - /* XXXX This is O(n^2), but it's only called on reconfigure, so it's - * probably ok? */ - SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, new) { - SMARTLIST_FOREACH_BEGIN(old_service_list, rend_service_t *, old) { - if (BUG(rend_service_is_ephemeral(new)) || - BUG(rend_service_is_ephemeral(old))) { - continue; - } - if (BUG(!new->directory) || BUG(!old->directory) || - strcmp(old->directory, new->directory)) { - continue; - } - smartlist_add_all(new->intro_nodes, old->intro_nodes); - smartlist_clear(old->intro_nodes); - smartlist_add_all(new->expiring_nodes, old->expiring_nodes); - smartlist_clear(old->expiring_nodes); - smartlist_add(surviving_services, old); - break; - } SMARTLIST_FOREACH_END(old); - } SMARTLIST_FOREACH_END(new); - - /* Close introduction circuits of services we don't serve anymore. */ - /* XXXX it would be nicer if we had a nicer abstraction to use here, - * so we could just iterate over the list of services to close, but - * once again, this isn't critical-path code. */ - SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) { - if (!circ->marked_for_close && - circ->state == CIRCUIT_STATE_OPEN && - (circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO || - circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) { - origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ); - int keep_it = 0; - tor_assert(oc->rend_data); - SMARTLIST_FOREACH(surviving_services, rend_service_t *, ptr, { - if (rend_circuit_pk_digest_eq(oc, (uint8_t *) ptr->pk_digest)) { - keep_it = 1; - break; - } - }); - if (keep_it) - continue; - log_info(LD_REND, "Closing intro point %s for service %s.", - safe_str_client(extend_info_describe( - oc->build_state->chosen_exit)), - rend_data_get_address(oc->rend_data)); - circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED); - /* XXXX Is there another reason we should use here? */ - } - } - SMARTLIST_FOREACH_END(circ); - smartlist_free(surviving_services); - SMARTLIST_FOREACH(old_service_list, rend_service_t *, ptr, - rend_service_free(ptr)); + prune_services_on_reload(old_service_list, rend_service_list); + /* Every remaining service in the old list have been removed from the + * configuration so clean them up safely. */ + SMARTLIST_FOREACH(old_service_list, rend_service_t *, s, + rend_service_free(s)); smartlist_free(old_service_list); } return 0; + free_and_return: + rend_service_free(service); + SMARTLIST_FOREACH(temp_service_list, rend_service_t *, ptr, + rend_service_free(ptr)); + smartlist_free(temp_service_list); + return rv; } /** Add the ephemeral service <b>pk</b>/<b>ports</b> if possible, using diff --git a/src/or/rendservice.h b/src/or/rendservice.h index 4e6b9a2536..3bfac0bece 100644 --- a/src/or/rendservice.h +++ b/src/or/rendservice.h @@ -132,6 +132,9 @@ STATIC int rend_service_poison_new_single_onion_dir( STATIC ssize_t encode_establish_intro_cell_legacy(char *cell_body_out, crypto_pk_t *intro_key, char *rend_circ_nonce); +STATIC void prune_services_on_reload(smartlist_t *old_service_list, + smartlist_t *new_service_list); + #endif int num_rend_services(void); diff --git a/src/or/router.c b/src/or/router.c index 2d8208aa04..e4fa72a283 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -849,7 +849,12 @@ init_keys(void) if (init_keys_common() < 0) return -1; /* Make sure DataDirectory exists, and is private. */ - if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) { + cpd_check_t cpd_opts = CPD_CREATE; + if (options->DataDirectoryGroupReadable) + cpd_opts |= CPD_GROUP_READ; + if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) { + log_err(LD_OR, "Can't create/check datadirectory %s", + options->DataDirectory); return -1; } /* Check the key directory. */ diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 6cc75edfa3..6259e3f5a0 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -785,8 +785,11 @@ load_ed_keys(const or_options_t *options, time_t now) if (options->command == CMD_KEYGEN) flags |= INIT_ED_KEY_TRY_ENCRYPTED; - /* Check the key directory */ - if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) { + /* Check/Create the key directory */ + cpd_check_t cpd_opts = CPD_CREATE; + if (options->DataDirectoryGroupReadable) + cpd_opts |= CPD_GROUP_READ; + if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) { log_err(LD_OR, "Can't create/check datadirectory %s", options->DataDirectory); goto err; diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 78e7d02ebe..4735271069 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -949,7 +949,7 @@ authority_certs_fetch_resource_impl(const char *resource, /* If we've just downloaded a consensus from a bridge, re-use that * bridge */ - if (options->UseBridges && node && !get_via_tor) { + if (options->UseBridges && node && node->ri && !get_via_tor) { /* clients always make OR connections to bridges */ tor_addr_port_t or_ap; /* we are willing to use a non-preferred address if we need to */ @@ -1826,43 +1826,24 @@ router_is_already_dir_fetching(const tor_addr_port_t *ap, int serverdesc, return 0; } -/* Check if we already have a directory fetch from ds, for serverdesc - * (including extrainfo) or microdesc documents. - * If so, return 1, if not, return 0. - */ -static int -router_is_already_dir_fetching_ds(const dir_server_t *ds, - int serverdesc, - int microdesc) -{ - tor_addr_port_t ipv4_dir_ap, ipv6_dir_ap; - - /* Assume IPv6 DirPort is the same as IPv4 DirPort */ - tor_addr_from_ipv4h(&ipv4_dir_ap.addr, ds->addr); - ipv4_dir_ap.port = ds->dir_port; - tor_addr_copy(&ipv6_dir_ap.addr, &ds->ipv6_addr); - ipv6_dir_ap.port = ds->dir_port; - - return (router_is_already_dir_fetching(&ipv4_dir_ap, serverdesc, microdesc) - || router_is_already_dir_fetching(&ipv6_dir_ap, serverdesc, microdesc)); -} - -/* Check if we already have a directory fetch from rs, for serverdesc - * (including extrainfo) or microdesc documents. +/* Check if we already have a directory fetch from the ipv4 or ipv6 + * router, for serverdesc (including extrainfo) or microdesc documents. * If so, return 1, if not, return 0. */ static int -router_is_already_dir_fetching_rs(const routerstatus_t *rs, - int serverdesc, - int microdesc) +router_is_already_dir_fetching_(uint32_t ipv4_addr, + const tor_addr_t *ipv6_addr, + uint16_t dir_port, + int serverdesc, + int microdesc) { tor_addr_port_t ipv4_dir_ap, ipv6_dir_ap; /* Assume IPv6 DirPort is the same as IPv4 DirPort */ - tor_addr_from_ipv4h(&ipv4_dir_ap.addr, rs->addr); - ipv4_dir_ap.port = rs->dir_port; - tor_addr_copy(&ipv6_dir_ap.addr, &rs->ipv6_addr); - ipv6_dir_ap.port = rs->dir_port; + tor_addr_from_ipv4h(&ipv4_dir_ap.addr, ipv4_addr); + ipv4_dir_ap.port = dir_port; + tor_addr_copy(&ipv6_dir_ap.addr, ipv6_addr); + ipv6_dir_ap.port = dir_port; return (router_is_already_dir_fetching(&ipv4_dir_ap, serverdesc, microdesc) || router_is_already_dir_fetching(&ipv6_dir_ap, serverdesc, microdesc)); @@ -1954,6 +1935,21 @@ router_picked_poor_directory_log(const routerstatus_t *rs) } \ STMT_END +/* Common code used in the loop within router_pick_directory_server_impl and + * router_pick_trusteddirserver_impl. + * + * Check if the given <b>identity</b> supports extrainfo. If not, skip further + * checks. + */ +#define SKIP_MISSING_TRUSTED_EXTRAINFO(type, identity) \ + STMT_BEGIN \ + int is_trusted_extrainfo = router_digest_is_trusted_dir_type( \ + (identity), EXTRAINFO_DIRINFO); \ + if (((type) & EXTRAINFO_DIRINFO) && \ + !router_supports_extrainfo((identity), is_trusted_extrainfo)) \ + continue; \ + STMT_END + /* When iterating through the routerlist, can OR address/port preference * and reachability checks be skipped? */ @@ -2000,14 +1996,9 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, const int fascistfirewall = ! (flags & PDS_IGNORE_FASCISTFIREWALL); const int no_serverdesc_fetching =(flags & PDS_NO_EXISTING_SERVERDESC_FETCH); const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH); - const int for_guard = (flags & PDS_FOR_GUARD); int try_excluding = 1, n_excluded = 0, n_busy = 0; int try_ip_pref = 1; -#ifndef ENABLE_LEGACY_GUARD_ALGORITHM - tor_assert_nonfatal(! for_guard); -#endif - if (!consensus) return NULL; @@ -2026,7 +2017,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, /* Find all the running dirservers we know about. */ SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) { - int is_trusted, is_trusted_extrainfo; + int is_trusted; int is_overloaded; const routerstatus_t *status = node->rs; const country_t country = node->country; @@ -2037,22 +2028,9 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, continue; if (requireother && router_digest_is_me(node->identity)) continue; - is_trusted = router_digest_is_trusted_dir(node->identity); - is_trusted_extrainfo = router_digest_is_trusted_dir_type( - node->identity, EXTRAINFO_DIRINFO); - if ((type & EXTRAINFO_DIRINFO) && - !router_supports_extrainfo(node->identity, is_trusted_extrainfo)) - continue; -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - /* Don't make the same node a guard twice */ - if (for_guard && is_node_used_as_guard(node)) { - continue; - } -#endif - /* Ensure that a directory guard is actually a guard node. */ - if (for_guard && !node->is_possible_guard) { - continue; - } + + SKIP_MISSING_TRUSTED_EXTRAINFO(type, node->identity); + if (try_excluding && routerset_contains_routerstatus(options->ExcludeNodes, status, country)) { @@ -2060,14 +2038,17 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, continue; } - if (router_is_already_dir_fetching_rs(status, - no_serverdesc_fetching, - no_microdesc_fetching)) { + if (router_is_already_dir_fetching_(status->addr, + &status->ipv6_addr, + status->dir_port, + no_serverdesc_fetching, + no_microdesc_fetching)) { ++n_busy; continue; } is_overloaded = status->last_dir_503_at + DIR_503_TIMEOUT > now; + is_trusted = router_digest_is_trusted_dir(node->identity); /* Clients use IPv6 addresses if the server has one and the client * prefers IPv6. @@ -2199,11 +2180,9 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, if (!d->is_running) continue; if ((type & d->type) == 0) continue; - int is_trusted_extrainfo = router_digest_is_trusted_dir_type( - d->digest, EXTRAINFO_DIRINFO); - if ((type & EXTRAINFO_DIRINFO) && - !router_supports_extrainfo(d->digest, is_trusted_extrainfo)) - continue; + + SKIP_MISSING_TRUSTED_EXTRAINFO(type, d->digest); + if (requireother && me && router_digest_is_me(d->digest)) continue; if (try_excluding && @@ -2213,8 +2192,11 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, continue; } - if (router_is_already_dir_fetching_ds(d, no_serverdesc_fetching, - no_microdesc_fetching)) { + if (router_is_already_dir_fetching_(d->addr, + &d->ipv6_addr, + d->dir_port, + no_serverdesc_fetching, + no_microdesc_fetching)) { ++n_busy; continue; } diff --git a/src/or/shared_random.c b/src/or/shared_random.c index 0eb93382ca..f798a51a9f 100644 --- a/src/or/shared_random.c +++ b/src/or/shared_random.c @@ -502,6 +502,20 @@ get_vote_line_from_commit(const sr_commit_t *commit, sr_phase_t phase) return vote_line; } +/* Convert a given srv object to a string for the control port. This doesn't + * fail and the srv object MUST be valid. */ +static char * +srv_to_control_string(const sr_srv_t *srv) +{ + char *srv_str; + char srv_hash_encoded[SR_SRV_VALUE_BASE64_LEN + 1]; + tor_assert(srv); + + sr_srv_encode(srv_hash_encoded, sizeof(srv_hash_encoded), srv); + tor_asprintf(&srv_str, "%s", srv_hash_encoded); + return srv_str; +} + /* Return a heap allocated string that contains the given <b>srv</b> string * representation formatted for a networkstatus document using the * <b>key</b> as the start of the line. This doesn't return NULL. */ @@ -1348,6 +1362,38 @@ sr_save_and_cleanup(void) sr_cleanup(); } +/* Return the current SRV string representation for the control port. Return a + * newly allocated string on success containing the value else "" if not found + * or if we don't have a valid consensus yet. */ +char * +sr_get_current_for_control(void) +{ + char *srv_str; + const networkstatus_t *c = networkstatus_get_latest_consensus(); + if (c && c->sr_info.current_srv) { + srv_str = srv_to_control_string(c->sr_info.current_srv); + } else { + srv_str = tor_strdup(""); + } + return srv_str; +} + +/* Return the previous SRV string representation for the control port. Return + * a newly allocated string on success containing the value else "" if not + * found or if we don't have a valid consensus yet. */ +char * +sr_get_previous_for_control(void) +{ + char *srv_str; + const networkstatus_t *c = networkstatus_get_latest_consensus(); + if (c && c->sr_info.previous_srv) { + srv_str = srv_to_control_string(c->sr_info.previous_srv); + } else { + srv_str = tor_strdup(""); + } + return srv_str; +} + #ifdef TOR_UNIT_TESTS /* Set the global value of number of SRV agreements so the test can play diff --git a/src/or/shared_random.h b/src/or/shared_random.h index 9885934cc7..dbb8effeaa 100644 --- a/src/or/shared_random.h +++ b/src/or/shared_random.h @@ -129,6 +129,10 @@ const char *sr_commit_get_rsa_fpr(const sr_commit_t *commit) void sr_compute_srv(void); sr_commit_t *sr_generate_our_commit(time_t timestamp, const authority_cert_t *my_rsa_cert); + +char *sr_get_current_for_control(void); +char *sr_get_previous_for_control(void); + #ifdef SHARED_RANDOM_PRIVATE /* Encode */ diff --git a/src/or/transports.c b/src/or/transports.c index feeff6e66c..535393b1a1 100644 --- a/src/or/transports.c +++ b/src/or/transports.c @@ -480,7 +480,6 @@ proxy_needs_restart(const managed_proxy_t *mp) * preparations and then flag its state so that it will be relaunched * in the next tick. */ static void - proxy_prepare_for_restart(managed_proxy_t *mp) { transport_t *t_tmp = NULL; diff --git a/src/test/bench.c b/src/test/bench.c index 30984fda70..99bc686f30 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -120,7 +120,7 @@ bench_onion_TAP(void) uint64_t start, end; char os[TAP_ONIONSKIN_CHALLENGE_LEN]; char or[TAP_ONIONSKIN_REPLY_LEN]; - crypto_dh_t *dh_out; + crypto_dh_t *dh_out = NULL; key = crypto_pk_new(); key2 = crypto_pk_new(); @@ -175,6 +175,7 @@ bench_onion_TAP(void) NANOCOUNT(start, end, iters)/1e3); done: + crypto_dh_free(dh_out); crypto_pk_free(key); crypto_pk_free(key2); } diff --git a/src/test/test_bt_cl.c b/src/test/test_bt_cl.c index 95b4f48f11..709d599f52 100644 --- a/src/test/test_bt_cl.c +++ b/src/test/test_bt_cl.c @@ -19,14 +19,12 @@ static int crashtype = 0; #ifdef __GNUC__ #define NOINLINE __attribute__((noinline)) -#define NORETURN __attribute__((noreturn)) #endif int crash(int x) NOINLINE; int oh_what(int x) NOINLINE; int a_tangled_web(int x) NOINLINE; int we_weave(int x) NOINLINE; -static void abort_handler(int s) NORETURN; #ifdef HAVE_CFLAG_WNULL_DEREFERENCE DISABLE_GCC_WARNING(null-dereference) @@ -76,13 +74,6 @@ we_weave(int x) return a_tangled_web(x) + a_tangled_web(x+1); } -static void -abort_handler(int s) -{ - (void)s; - exit(0); -} - int main(int argc, char **argv) { @@ -120,8 +111,6 @@ main(int argc, char **argv) configure_backtrace_handler(NULL); - signal(SIGABRT, abort_handler); - printf("%d\n", we_weave(2)); clean_up_backtrace_handler(); diff --git a/src/test/test_cell_formats.c b/src/test/test_cell_formats.c index bbcff38d6d..22c34b6d6c 100644 --- a/src/test/test_cell_formats.c +++ b/src/test/test_cell_formats.c @@ -346,9 +346,9 @@ test_cfmt_connected_cells(void *arg) memset(&cell, 0, sizeof(cell)); tor_addr_parse(&addr, "30.40.50.60"); rh.length = connected_cell_format_payload(cell.payload+RELAY_HEADER_SIZE, - &addr, 128); + &addr, 1024); tt_int_op(rh.length, OP_EQ, 8); - test_memeq_hex(cell.payload+RELAY_HEADER_SIZE, "1e28323c" "00000080"); + test_memeq_hex(cell.payload+RELAY_HEADER_SIZE, "1e28323c" "00000e10"); /* Try parsing it. */ tor_addr_make_unspec(&addr); @@ -356,7 +356,7 @@ test_cfmt_connected_cells(void *arg) tt_int_op(r, OP_EQ, 0); tt_int_op(tor_addr_family(&addr), OP_EQ, AF_INET); tt_str_op(fmt_addr(&addr), OP_EQ, "30.40.50.60"); - tt_int_op(ttl, OP_EQ, 128); + tt_int_op(ttl, OP_EQ, 3600); /* not 1024, since we clipped to 3600 */ /* Try an IPv6 address */ memset(&rh, 0, sizeof(rh)); diff --git a/src/test/test_config.c b/src/test/test_config.c index a540bcc138..3b19cad036 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -46,6 +46,8 @@ #include "transports.h" #include "util.h" +#include "test_helpers.h" + static void test_config_addressmap(void *arg) { @@ -4127,6 +4129,7 @@ test_config_parse_port_config__ports__ports_given(void *data) config_free_lines(config_port_invalid); config_port_invalid = NULL; config_port_invalid = mock_config_line("SOCKSPort", "unix:/tmp/foo/bar NoIPv4Traffic " + "NoIPv6Traffic " "NoOnionTraffic"); ret = parse_port_config(NULL, config_port_invalid, NULL, "SOCKS", CONN_TYPE_AP_LISTENER, NULL, 0, @@ -4148,6 +4151,7 @@ test_config_parse_port_config__ports__ports_given(void *data) SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf)); smartlist_clear(slout); config_port_valid = mock_config_line("DNSPort", "127.0.0.1:80 " + "NoIPv6Traffic " "NoIPv4Traffic NoOnionTraffic"); ret = parse_port_config(slout, config_port_valid, NULL, "DNS", CONN_TYPE_AP_DNS_LISTENER, NULL, 0, @@ -4163,6 +4167,7 @@ test_config_parse_port_config__ports__ports_given(void *data) // Test failure if we have DNS but no ipv4 and no ipv6 config_free_lines(config_port_invalid); config_port_invalid = NULL; config_port_invalid = mock_config_line("SOCKSPort", + "NoIPv6Traffic " "unix:/tmp/foo/bar NoIPv4Traffic"); ret = parse_port_config(NULL, config_port_invalid, NULL, "SOCKS", CONN_TYPE_AP_LISTENER, NULL, 0, @@ -4175,6 +4180,7 @@ test_config_parse_port_config__ports__ports_given(void *data) SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf)); smartlist_clear(slout); config_port_valid = mock_config_line("SOCKSPort", "unix:/tmp/foo/bar " + "NoIPv6Traffic " "NoDNSRequest NoIPv4Traffic"); ret = parse_port_config(slout, config_port_valid, NULL, "SOCKS", CONN_TYPE_AP_LISTENER, NULL, 0, @@ -4196,6 +4202,7 @@ test_config_parse_port_config__ports__ports_given(void *data) SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf)); smartlist_clear(slout); config_port_valid = mock_config_line("SOCKSPort", "unix:\"/tmp/foo/ bar\" " + "NoIPv6Traffic " "NoDNSRequest NoIPv4Traffic"); ret = parse_port_config(slout, config_port_valid, NULL, "SOCKS", CONN_TYPE_AP_LISTENER, NULL, 0, @@ -4217,6 +4224,7 @@ test_config_parse_port_config__ports__ports_given(void *data) SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf)); smartlist_clear(slout); config_port_valid = mock_config_line("SOCKSPort", "unix:\"/tmp/foo/ bar " + "NoIPv6Traffic " "NoDNSRequest NoIPv4Traffic"); ret = parse_port_config(slout, config_port_valid, NULL, "SOCKS", CONN_TYPE_AP_LISTENER, NULL, 0, @@ -4228,6 +4236,7 @@ test_config_parse_port_config__ports__ports_given(void *data) SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf)); smartlist_clear(slout); config_port_valid = mock_config_line("SOCKSPort", "unix:\"\" " + "NoIPv6Traffic " "NoDNSRequest NoIPv4Traffic"); ret = parse_port_config(slout, config_port_valid, NULL, "SOCKS", CONN_TYPE_AP_LISTENER, NULL, 0, @@ -4602,7 +4611,7 @@ test_config_parse_port_config__ports__ports_given(void *data) tt_int_op(smartlist_len(slout), OP_EQ, 1); port_cfg = (port_cfg_t *)smartlist_get(slout, 0); tt_int_op(port_cfg->entry_cfg.ipv4_traffic, OP_EQ, 1); - tt_int_op(port_cfg->entry_cfg.ipv6_traffic, OP_EQ, 0); + tt_int_op(port_cfg->entry_cfg.ipv6_traffic, OP_EQ, 1); // Test failure for a SessionGroup argument with invalid value config_free_lines(config_port_invalid); config_port_invalid = NULL; @@ -4701,8 +4710,10 @@ test_config_parse_port_config__ports__ports_given(void *data) // Test failure when asked to parse an invalid address followed by auto config_free_lines(config_port_invalid); config_port_invalid = NULL; config_port_invalid = mock_config_line("DNSPort", "invalidstuff!!:auto"); + MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS", 0, "127.0.0.46", 0, 0); + UNMOCK(tor_addr_lookup); tt_int_op(ret, OP_EQ, -1); // Test success with parsing both an address and a real port diff --git a/src/test/test_controller.c b/src/test/test_controller.c index 4e65d76662..d9c0a1eaac 100644 --- a/src/test/test_controller.c +++ b/src/test/test_controller.c @@ -10,6 +10,7 @@ #include "rendservice.h" #include "routerlist.h" #include "test.h" +#include "test_helpers.h" static void test_add_onion_helper_keyarg(void *arg) @@ -186,8 +187,10 @@ test_rend_service_parse_port_config(void *arg) tor_free(err_msg); /* bogus IP address */ - cfg = rend_service_parse_port_config("100 1.2.3.4.5:9000", + MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); + cfg = rend_service_parse_port_config("100 foo!!.example.com:9000", " ", &err_msg); + UNMOCK(tor_addr_lookup); tt_assert(!cfg); tt_str_op(err_msg, OP_EQ, "Unparseable address in hidden service port " "configuration."); diff --git a/src/test/test_dns.c b/src/test/test_dns.c index 8346c0a33f..6a8e92cb47 100644 --- a/src/test/test_dns.c +++ b/src/test/test_dns.c @@ -16,30 +16,11 @@ NS(test_main)(void *arg) { (void)arg; - uint32_t ttl_mid = MIN_DNS_TTL / 2 + MAX_DNS_TTL / 2; + uint32_t ttl_mid = MIN_DNS_TTL_AT_EXIT / 2 + MAX_DNS_TTL_AT_EXIT / 2; - tt_int_op(dns_clip_ttl(MIN_DNS_TTL - 1),==,MIN_DNS_TTL); - tt_int_op(dns_clip_ttl(ttl_mid),==,ttl_mid); - tt_int_op(dns_clip_ttl(MAX_DNS_TTL + 1),==,MAX_DNS_TTL); - - done: - return; -} - -#undef NS_SUBMODULE - -#define NS_SUBMODULE expiry_ttl - -static void -NS(test_main)(void *arg) -{ - (void)arg; - - uint32_t ttl_mid = MIN_DNS_TTL / 2 + MAX_DNS_ENTRY_AGE / 2; - - tt_int_op(dns_get_expiry_ttl(MIN_DNS_TTL - 1),==,MIN_DNS_TTL); - tt_int_op(dns_get_expiry_ttl(ttl_mid),==,ttl_mid); - tt_int_op(dns_get_expiry_ttl(MAX_DNS_ENTRY_AGE + 1),==,MAX_DNS_ENTRY_AGE); + tt_int_op(dns_clip_ttl(MIN_DNS_TTL_AT_EXIT - 1),==,MIN_DNS_TTL_AT_EXIT); + tt_int_op(dns_clip_ttl(ttl_mid),==,MAX_DNS_TTL_AT_EXIT); + tt_int_op(dns_clip_ttl(MAX_DNS_TTL_AT_EXIT + 1),==,MAX_DNS_TTL_AT_EXIT); done: return; @@ -749,7 +730,6 @@ NS(test_main)(void *arg) struct testcase_t dns_tests[] = { TEST_CASE(clip_ttl), - TEST_CASE(expiry_ttl), TEST_CASE(resolve), TEST_CASE_ASPECT(resolve_impl, addr_is_ip_no_need_to_resolve), TEST_CASE_ASPECT(resolve_impl, non_exit), diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 32f8b6e0dd..bcb56e3a6b 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -45,41 +45,6 @@ get_or_state_replacement(void) return dummy_state; } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -/* Unittest cleanup function: Cleanup the fake network. */ -static int -fake_network_cleanup(const struct testcase_t *testcase, void *ptr) -{ - (void) testcase; - (void) ptr; - - routerlist_free_all(); - nodelist_free_all(); - entry_guards_free_all(); - or_state_free(dummy_state); - - return 1; /* NOP */ -} - -/* Unittest setup function: Setup a fake network. */ -static void * -fake_network_setup(const struct testcase_t *testcase) -{ - (void) testcase; - - /* Setup fake state */ - dummy_state = tor_malloc_zero(sizeof(or_state_t)); - MOCK(get_or_state, - get_or_state_replacement); - - /* Setup fake routerlist. */ - helper_setup_fake_routerlist(); - - /* Return anything but NULL (it's interpreted as test fail) */ - return dummy_state; -} -#endif - static networkstatus_t *dummy_consensus = NULL; static smartlist_t *big_fake_net_nodes = NULL; @@ -202,697 +167,6 @@ mock_get_options(void) return &mocked_options; } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -/** Test choose_random_entry() with none of our routers being guard nodes. */ -static void -test_choose_random_entry_no_guards(void *arg) -{ - const node_t *chosen_entry = NULL; - - (void) arg; - - MOCK(get_options, mock_get_options); - - /* Check that we get a guard if it passes preferred - * address settings */ - memset(&mocked_options, 0, sizeof(mocked_options)); - mocked_options.ClientUseIPv4 = 1; - mocked_options.ClientPreferIPv6ORPort = 0; - mocked_options.UseDeprecatedGuardAlgorithm = 1; - - /* Try to pick an entry even though none of our routers are guards. */ - chosen_entry = choose_random_entry(NULL); - - /* Unintuitively, we actually pick a random node as our entry, - because router_choose_random_node() relaxes its constraints if it - can't find a proper entry guard. */ - tt_assert(chosen_entry); - - /* And with the other IP version active */ - mocked_options.ClientUseIPv6 = 1; - chosen_entry = choose_random_entry(NULL); - tt_assert(chosen_entry); - - /* And with the preference on auto */ - mocked_options.ClientPreferIPv6ORPort = -1; - chosen_entry = choose_random_entry(NULL); - tt_assert(chosen_entry); - - /* Check that we don't get a guard if it doesn't pass mandatory address - * settings */ - memset(&mocked_options, 0, sizeof(mocked_options)); - mocked_options.ClientUseIPv4 = 0; - mocked_options.ClientPreferIPv6ORPort = 0; - mocked_options.UseDeprecatedGuardAlgorithm = 1; - - chosen_entry = choose_random_entry(NULL); - - /* If we don't allow IPv4 at all, we don't get a guard*/ - tt_assert(!chosen_entry); - - /* Check that we get a guard if it passes allowed but not preferred address - * settings */ - memset(&mocked_options, 0, sizeof(mocked_options)); - mocked_options.ClientUseIPv4 = 1; - mocked_options.ClientUseIPv6 = 1; - mocked_options.ClientPreferIPv6ORPort = 1; - mocked_options.UseDeprecatedGuardAlgorithm = 1; - - chosen_entry = choose_random_entry(NULL); - tt_assert(chosen_entry); - - /* Check that we get a guard if it passes preferred address settings when - * they're auto */ - memset(&mocked_options, 0, sizeof(mocked_options)); - mocked_options.ClientUseIPv4 = 1; - mocked_options.ClientPreferIPv6ORPort = -1; - mocked_options.UseDeprecatedGuardAlgorithm = 1; - - chosen_entry = choose_random_entry(NULL); - tt_assert(chosen_entry); - - /* And with IPv6 active */ - mocked_options.ClientUseIPv6 = 1; - - chosen_entry = choose_random_entry(NULL); - tt_assert(chosen_entry); - - done: - memset(&mocked_options, 0, sizeof(mocked_options)); - UNMOCK(get_options); -} - -/** Test choose_random_entry() with only one of our routers being a - guard node. */ -static void -test_choose_random_entry_one_possible_guard(void *arg) -{ - const node_t *chosen_entry = NULL; - node_t *the_guard = NULL; - smartlist_t *our_nodelist = NULL; - - (void) arg; - - MOCK(get_options, mock_get_options); - - /* Set one of the nodes to be a guard. */ - our_nodelist = nodelist_get_list(); - the_guard = smartlist_get(our_nodelist, 4); /* chosen by fair dice roll */ - the_guard->is_possible_guard = 1; - - /* Check that we get the guard if it passes preferred - * address settings */ - memset(&mocked_options, 0, sizeof(mocked_options)); - mocked_options.ClientUseIPv4 = 1; - mocked_options.ClientPreferIPv6ORPort = 0; - mocked_options.UseDeprecatedGuardAlgorithm = 1; - - /* Pick an entry. Make sure we pick the node we marked as guard. */ - chosen_entry = choose_random_entry(NULL); - tt_ptr_op(chosen_entry, OP_EQ, the_guard); - - /* And with the other IP version active */ - mocked_options.ClientUseIPv6 = 1; - chosen_entry = choose_random_entry(NULL); - tt_ptr_op(chosen_entry, OP_EQ, the_guard); - - /* And with the preference on auto */ - mocked_options.ClientPreferIPv6ORPort = -1; - chosen_entry = choose_random_entry(NULL); - tt_ptr_op(chosen_entry, OP_EQ, the_guard); - - /* Check that we don't get a guard if it doesn't pass mandatory address - * settings */ - memset(&mocked_options, 0, sizeof(mocked_options)); - mocked_options.ClientUseIPv4 = 0; - mocked_options.ClientPreferIPv6ORPort = 0; - mocked_options.UseDeprecatedGuardAlgorithm = 1; - - chosen_entry = choose_random_entry(NULL); - - /* If we don't allow IPv4 at all, we don't get a guard*/ - tt_assert(!chosen_entry); - - /* Check that we get a node if it passes allowed but not preferred - * address settings */ - memset(&mocked_options, 0, sizeof(mocked_options)); - mocked_options.ClientUseIPv4 = 1; - mocked_options.ClientUseIPv6 = 1; - mocked_options.ClientPreferIPv6ORPort = 1; - mocked_options.UseDeprecatedGuardAlgorithm = 1; - - chosen_entry = choose_random_entry(NULL); - - /* We disable the guard check and the preferred address check at the same - * time, so we can't be sure we get the guard */ - tt_assert(chosen_entry); - - /* Check that we get a node if it is allowed but not preferred when settings - * are auto */ - memset(&mocked_options, 0, sizeof(mocked_options)); - mocked_options.ClientUseIPv4 = 1; - mocked_options.ClientPreferIPv6ORPort = -1; - mocked_options.UseDeprecatedGuardAlgorithm = 1; - - chosen_entry = choose_random_entry(NULL); - - /* We disable the guard check and the preferred address check at the same - * time, so we can't be sure we get the guard */ - tt_assert(chosen_entry); - - /* and with IPv6 active */ - mocked_options.ClientUseIPv6 = 1; - - chosen_entry = choose_random_entry(NULL); - tt_assert(chosen_entry); - - done: - memset(&mocked_options, 0, sizeof(mocked_options)); - UNMOCK(get_options); -} - -/** Helper to conduct tests for populate_live_entry_guards(). - - This test adds some entry guards to our list, and then tests - populate_live_entry_guards() to mke sure it filters them correctly. - - <b>num_needed</b> is the number of guard nodes we support. It's - configurable to make sure we function properly with 1 or 3 guard - nodes configured. -*/ -static void -populate_live_entry_guards_test_helper(int num_needed) -{ - smartlist_t *our_nodelist = NULL; - smartlist_t *live_entry_guards = smartlist_new(); - guard_selection_t *gs = get_guard_selection_info(); - const smartlist_t *all_entry_guards = - get_entry_guards_for_guard_selection(gs); - or_options_t *options = get_options_mutable(); - int retval; - - /* Set NumEntryGuards to the provided number. */ - options->NumEntryGuards = num_needed; - tt_int_op(num_needed, OP_EQ, decide_num_guards(options, 0)); - - /* The global entry guards smartlist should be empty now. */ - tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 0); - - /* Walk the nodelist and add all nodes as entry guards. */ - our_nodelist = nodelist_get_list(); - tt_int_op(smartlist_len(our_nodelist), OP_EQ, HELPER_NUMBER_OF_DESCRIPTORS); - - SMARTLIST_FOREACH_BEGIN(our_nodelist, const node_t *, node) { - const node_t *node_tmp; - node_tmp = add_an_entry_guard(gs, node, 0, 1, 0, 0); - tt_assert(node_tmp); - } SMARTLIST_FOREACH_END(node); - - /* Make sure the nodes were added as entry guards. */ - tt_int_op(smartlist_len(all_entry_guards), OP_EQ, - HELPER_NUMBER_OF_DESCRIPTORS); - - /* Ensure that all the possible entry guards are enough to satisfy us. */ - tt_int_op(smartlist_len(all_entry_guards), OP_GE, num_needed); - - /* Walk the entry guard list for some sanity checking */ - SMARTLIST_FOREACH_BEGIN(all_entry_guards, const entry_guard_t *, entry) { - /* Since we called add_an_entry_guard() with 'for_discovery' being - False, all guards should have made_contact enabled. */ - tt_int_op(entry->made_contact, OP_EQ, 1); - - } SMARTLIST_FOREACH_END(entry); - - /* First, try to get some fast guards. This should fail. */ - retval = populate_live_entry_guards(live_entry_guards, - all_entry_guards, - NULL, - NO_DIRINFO, /* Don't care about DIRINFO*/ - 0, 0, - 1); /* We want fast guard! */ - tt_int_op(retval, OP_EQ, 0); - tt_int_op(smartlist_len(live_entry_guards), OP_EQ, 0); - - /* Now try to get some stable guards. This should fail too. */ - retval = populate_live_entry_guards(live_entry_guards, - all_entry_guards, - NULL, - NO_DIRINFO, - 0, - 1, /* We want stable guard! */ - 0); - tt_int_op(retval, OP_EQ, 0); - tt_int_op(smartlist_len(live_entry_guards), OP_EQ, 0); - - /* Now try to get any guard we can find. This should succeed. */ - retval = populate_live_entry_guards(live_entry_guards, - all_entry_guards, - NULL, - NO_DIRINFO, - 0, 0, 0); /* No restrictions! */ - - /* Since we had more than enough guards in 'all_entry_guards', we - should have added 'num_needed' of them to live_entry_guards. - 'retval' should be 1 since we now have enough live entry guards - to pick one. */ - tt_int_op(retval, OP_EQ, 1); - tt_int_op(smartlist_len(live_entry_guards), OP_EQ, num_needed); - - done: - smartlist_free(live_entry_guards); -} - -/* Test populate_live_entry_guards() for 1 guard node. */ -static void -test_populate_live_entry_guards_1guard(void *arg) -{ - (void) arg; - - populate_live_entry_guards_test_helper(1); -} - -/* Test populate_live_entry_guards() for 3 guard nodes. */ -static void -test_populate_live_entry_guards_3guards(void *arg) -{ - (void) arg; - - populate_live_entry_guards_test_helper(3); -} - -/** Append some EntryGuard lines to the Tor state at <b>state</b>. - - <b>entry_guard_lines</b> is a smartlist containing 2-tuple - smartlists that carry the key and values of the statefile. - As an example: - entry_guard_lines = - (("EntryGuard", "name 67E72FF33D7D41BF11C569646A0A7B4B188340DF DirCache"), - ("EntryGuardDownSince", "2014-06-07 16:02:46 2014-06-07 16:02:46")) -*/ -static void -state_insert_entry_guard_helper(or_state_t *state, - smartlist_t *entry_guard_lines) -{ - config_line_t **next, *line; - - next = &state->EntryGuards; - *next = NULL; - - /* Loop over all the state lines in the smartlist */ - SMARTLIST_FOREACH_BEGIN(entry_guard_lines, const smartlist_t *,state_lines) { - /* Get key and value for each line */ - const char *state_key = smartlist_get(state_lines, 0); - const char *state_value = smartlist_get(state_lines, 1); - - *next = line = tor_malloc_zero(sizeof(config_line_t)); - line->key = tor_strdup(state_key); - tor_asprintf(&line->value, "%s", state_value); - next = &(line->next); - } SMARTLIST_FOREACH_END(state_lines); -} - -/** Free memory occupied by <b>entry_guard_lines</b>. */ -static void -state_lines_free(smartlist_t *entry_guard_lines) -{ - SMARTLIST_FOREACH_BEGIN(entry_guard_lines, smartlist_t *, state_lines) { - char *state_key = smartlist_get(state_lines, 0); - char *state_value = smartlist_get(state_lines, 1); - - tor_free(state_key); - tor_free(state_value); - smartlist_free(state_lines); - } SMARTLIST_FOREACH_END(state_lines); - - smartlist_free(entry_guard_lines); -} - -/* Tests entry_guards_parse_state(). It creates a fake Tor state with - a saved entry guard and makes sure that Tor can parse it and - creates the right entry node out of it. -*/ -static void -test_entry_guards_parse_state_simple(void *arg) -{ - or_options_t *options = get_options_mutable(); - options->UseDeprecatedGuardAlgorithm = 1; - or_state_t *state = or_state_new(); - const smartlist_t *all_entry_guards = get_entry_guards(); - smartlist_t *entry_state_lines = smartlist_new(); - char *msg = NULL; - int retval; - - /* Details of our fake guard node */ - const char *nickname = "hagbard"; - const char *fpr = "B29D536DD1752D542E1FBB3C9CE4449D51298212"; - const char *tor_version = "0.2.5.3-alpha-dev"; - const char *added_at = get_yesterday_date_str(); - const char *unlisted_since = "2014-06-08 16:16:50"; - - (void) arg; - - /* The global entry guards smartlist should be empty now. */ - tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 0); - - { /* Prepare the state entry */ - - /* Prepare the smartlist to hold the key/value of each line */ - smartlist_t *state_line = smartlist_new(); - smartlist_add_asprintf(state_line, "EntryGuard"); - smartlist_add_asprintf(state_line, "%s %s %s", nickname, fpr, "DirCache"); - smartlist_add(entry_state_lines, state_line); - - state_line = smartlist_new(); - smartlist_add_asprintf(state_line, "EntryGuardAddedBy"); - smartlist_add_asprintf(state_line, "%s %s %s", fpr, tor_version, added_at); - smartlist_add(entry_state_lines, state_line); - - state_line = smartlist_new(); - smartlist_add_asprintf(state_line, "EntryGuardUnlistedSince"); - smartlist_add_asprintf(state_line, "%s", unlisted_since); - smartlist_add(entry_state_lines, state_line); - } - - /* Inject our lines in the state */ - state_insert_entry_guard_helper(state, entry_state_lines); - - /* Parse state */ - retval = entry_guards_parse_state(state, 1, &msg); - tt_int_op(retval, OP_GE, 0); - - /* Test that the guard was registered. - We need to re-get the entry guard list since its pointer was - overwritten in entry_guards_parse_state(). */ - all_entry_guards = get_entry_guards(); - tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 1); - - { /* Test the entry guard structure */ - char hex_digest[1024]; - char str_time[1024]; - - const entry_guard_t *e = smartlist_get(all_entry_guards, 0); - tt_str_op(e->nickname, OP_EQ, nickname); /* Verify nickname */ - - base16_encode(hex_digest, sizeof(hex_digest), - e->identity, DIGEST_LEN); - tt_str_op(hex_digest, OP_EQ, fpr); /* Verify fingerprint */ - - tt_assert(e->is_dir_cache); /* Verify dirness */ - - tt_str_op(e->chosen_by_version, OP_EQ, tor_version); /* Verify version */ - - tt_assert(e->made_contact); /* All saved guards have been contacted */ - - tt_assert(e->bad_since); /* Verify bad_since timestamp */ - format_iso_time(str_time, e->bad_since); - tt_str_op(str_time, OP_EQ, unlisted_since); - - /* The rest should be unset */ - tt_assert(!e->unreachable_since); - tt_assert(!e->can_retry); - tt_assert(!e->pb.path_bias_noticed); - tt_assert(!e->pb.path_bias_warned); - tt_assert(!e->pb.path_bias_extreme); - tt_assert(!e->pb.path_bias_disabled); - tt_assert(!e->pb.path_bias_use_noticed); - tt_assert(!e->pb.path_bias_use_extreme); - tt_assert(!e->last_attempted); - } - - done: - state_lines_free(entry_state_lines); - or_state_free(state); - tor_free(msg); -} - -/** Similar to test_entry_guards_parse_state_simple() but aims to test - the PathBias-related details of the entry guard. */ -static void -test_entry_guards_parse_state_pathbias(void *arg) -{ - or_options_t *options = get_options_mutable(); - options->UseDeprecatedGuardAlgorithm = 1; - or_state_t *state = or_state_new(); - const smartlist_t *all_entry_guards = get_entry_guards(); - char *msg = NULL; - int retval; - smartlist_t *entry_state_lines = smartlist_new(); - - /* Path bias details of the fake guard */ - const double circ_attempts = 9; - const double circ_successes = 8; - const double successful_closed = 4; - const double collapsed = 2; - const double unusable = 0; - const double timeouts = 1; - - (void) arg; - - /* The global entry guards smartlist should be empty now. */ - tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 0); - - { /* Prepare the state entry */ - - /* Prepare the smartlist to hold the key/value of each line */ - smartlist_t *state_line = smartlist_new(); - smartlist_add_asprintf(state_line, "EntryGuard"); - smartlist_add_asprintf(state_line, - "givethanks B29D536DD1752D542E1FBB3C9CE4449D51298212 NoDirCache"); - smartlist_add(entry_state_lines, state_line); - - state_line = smartlist_new(); - smartlist_add_asprintf(state_line, "EntryGuardAddedBy"); - smartlist_add_asprintf(state_line, - "B29D536DD1752D542E1FBB3C9CE4449D51298212 0.2.5.3-alpha-dev " - "%s", get_yesterday_date_str()); - smartlist_add(entry_state_lines, state_line); - - state_line = smartlist_new(); - smartlist_add_asprintf(state_line, "EntryGuardUnlistedSince"); - smartlist_add_asprintf(state_line, "2014-06-08 16:16:50"); - smartlist_add(entry_state_lines, state_line); - - state_line = smartlist_new(); - smartlist_add_asprintf(state_line, "EntryGuardPathBias"); - smartlist_add_asprintf(state_line, "%f %f %f %f %f %f", - circ_attempts, circ_successes, successful_closed, - collapsed, unusable, timeouts); - smartlist_add(entry_state_lines, state_line); - } - - /* Inject our lines in the state */ - state_insert_entry_guard_helper(state, entry_state_lines); - - /* Parse state */ - retval = entry_guards_parse_state(state, 1, &msg); - tt_int_op(retval, OP_GE, 0); - - /* Test that the guard was registered */ - all_entry_guards = get_entry_guards(); - tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 1); - - { /* Test the path bias of this guard */ - const entry_guard_t *e = smartlist_get(all_entry_guards, 0); - - tt_assert(!e->is_dir_cache); - tt_assert(!e->can_retry); - - /* XXX tt_double_op doesn't support equality. Cast to int for now. */ - tt_int_op((int)e->pb.circ_attempts, OP_EQ, (int)circ_attempts); - tt_int_op((int)e->pb.circ_successes, OP_EQ, (int)circ_successes); - tt_int_op((int)e->pb.successful_circuits_closed, OP_EQ, - (int)successful_closed); - tt_int_op((int)e->pb.timeouts, OP_EQ, (int)timeouts); - tt_int_op((int)e->pb.collapsed_circuits, OP_EQ, (int)collapsed); - tt_int_op((int)e->pb.unusable_circuits, OP_EQ, (int)unusable); - } - - done: - or_state_free(state); - state_lines_free(entry_state_lines); - tor_free(msg); -} - -/* Simple test of entry_guards_set_from_config() by specifying a - particular EntryNode and making sure it gets picked. */ -static void -test_entry_guards_set_from_config(void *arg) -{ - or_options_t *options = get_options_mutable(); - options->UseDeprecatedGuardAlgorithm = 1; - guard_selection_t *gs = get_guard_selection_info(); - const smartlist_t *all_entry_guards = - get_entry_guards_for_guard_selection(gs); - const char *entrynodes_str = "test003r"; - const node_t *chosen_entry = NULL; - int retval; - - (void) arg; - - /* Prase EntryNodes as a routerset. */ - options->EntryNodes = routerset_new(); - retval = routerset_parse(options->EntryNodes, - entrynodes_str, - "test_entrynodes"); - tt_int_op(retval, OP_GE, 0); - - /* Read nodes from EntryNodes */ - entry_guards_set_from_config(gs, options); - - /* Test that only one guard was added. */ - tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 1); - - /* Make sure it was the guard we specified. */ - chosen_entry = choose_random_entry(NULL); - tt_str_op(chosen_entry->ri->nickname, OP_EQ, entrynodes_str); - - done: - routerset_free(options->EntryNodes); -} - -static void -test_entry_is_time_to_retry(void *arg) -{ - entry_guard_t *test_guard; - time_t now; - int retval; - (void)arg; - - now = time(NULL); - - test_guard = tor_malloc_zero(sizeof(entry_guard_t)); - - test_guard->last_attempted = now - 10; - test_guard->unreachable_since = now - 1; - - retval = entry_is_time_to_retry(test_guard,now); - tt_int_op(retval,OP_EQ,1); - - test_guard->unreachable_since = now - (6*60*60 - 1); - test_guard->last_attempted = now - (60*60 + 1); - - retval = entry_is_time_to_retry(test_guard,now); - tt_int_op(retval,OP_EQ,1); - - test_guard->last_attempted = now - (60*60 - 1); - - retval = entry_is_time_to_retry(test_guard,now); - tt_int_op(retval,OP_EQ,0); - - test_guard->unreachable_since = now - (6*60*60 + 1); - test_guard->last_attempted = now - (4*60*60 + 1); - - retval = entry_is_time_to_retry(test_guard,now); - tt_int_op(retval,OP_EQ,1); - - test_guard->unreachable_since = now - (3*24*60*60 - 1); - test_guard->last_attempted = now - (4*60*60 + 1); - - retval = entry_is_time_to_retry(test_guard,now); - tt_int_op(retval,OP_EQ,1); - - test_guard->unreachable_since = now - (3*24*60*60 + 1); - test_guard->last_attempted = now - (18*60*60 + 1); - - retval = entry_is_time_to_retry(test_guard,now); - tt_int_op(retval,OP_EQ,1); - - test_guard->unreachable_since = now - (7*24*60*60 - 1); - test_guard->last_attempted = now - (18*60*60 + 1); - - retval = entry_is_time_to_retry(test_guard,now); - tt_int_op(retval,OP_EQ,1); - - test_guard->last_attempted = now - (18*60*60 - 1); - - retval = entry_is_time_to_retry(test_guard,now); - tt_int_op(retval,OP_EQ,0); - - test_guard->unreachable_since = now - (7*24*60*60 + 1); - test_guard->last_attempted = now - (36*60*60 + 1); - - retval = entry_is_time_to_retry(test_guard,now); - tt_int_op(retval,OP_EQ,1); - - test_guard->unreachable_since = now - (7*24*60*60 + 1); - test_guard->last_attempted = now - (36*60*60 + 1); - - retval = entry_is_time_to_retry(test_guard,now); - tt_int_op(retval,OP_EQ,1); - - done: - tor_free(test_guard); -} - -/** XXX Do some tests that entry_is_live() */ -static void -test_entry_is_live(void *arg) -{ - smartlist_t *our_nodelist = NULL; - guard_selection_t *gs = get_guard_selection_info(); - const smartlist_t *all_entry_guards = - get_entry_guards_for_guard_selection(gs); - const node_t *test_node = NULL; - const entry_guard_t *test_entry = NULL; - const char *msg; - int which_node; - - (void) arg; - - /* The global entry guards smartlist should be empty now. */ - tt_int_op(smartlist_len(all_entry_guards), OP_EQ, 0); - - /* Walk the nodelist and add all nodes as entry guards. */ - our_nodelist = nodelist_get_list(); - tt_int_op(smartlist_len(our_nodelist), OP_EQ, HELPER_NUMBER_OF_DESCRIPTORS); - - SMARTLIST_FOREACH_BEGIN(our_nodelist, const node_t *, node) { - const node_t *node_tmp; - node_tmp = add_an_entry_guard(gs, node, 0, 1, 0, 0); - tt_assert(node_tmp); - - tt_int_op(node->is_stable, OP_EQ, 0); - tt_int_op(node->is_fast, OP_EQ, 0); - } SMARTLIST_FOREACH_END(node); - - /* Make sure the nodes were added as entry guards. */ - tt_int_op(smartlist_len(all_entry_guards), OP_EQ, - HELPER_NUMBER_OF_DESCRIPTORS); - - /* Now get a random test entry that we will use for this unit test. */ - which_node = 3; /* (chosen by fair dice roll) */ - test_entry = smartlist_get(all_entry_guards, which_node); - - /* Let's do some entry_is_live() tests! */ - - /* Require the node to be stable, but it's not. Should fail. - Also enable 'assume_reachable' because why not. */ - test_node = entry_is_live(test_entry, - ENTRY_NEED_UPTIME | ENTRY_ASSUME_REACHABLE, - &msg); - tt_assert(!test_node); - - /* Require the node to be fast, but it's not. Should fail. */ - test_node = entry_is_live(test_entry, - ENTRY_NEED_CAPACITY | ENTRY_ASSUME_REACHABLE, - &msg); - tt_assert(!test_node); - - /* Don't impose any restrictions on the node. Should succeed. */ - test_node = entry_is_live(test_entry, 0, &msg); - tt_assert(test_node); - tt_ptr_op(test_node, OP_EQ, node_get_by_id(test_entry->identity)); - - /* Require descriptor for this node. It has one so it should succeed. */ - test_node = entry_is_live(test_entry, ENTRY_NEED_DESCRIPTOR, &msg); - tt_assert(test_node); - tt_ptr_op(test_node, OP_EQ, node_get_by_id(test_entry->identity)); - - done: - ; /* XXX */ -} -#endif - #define TEST_IPV4_ADDR "123.45.67.89" #define TEST_IPV6_ADDR "[1234:5678:90ab:cdef::]" @@ -1473,14 +747,6 @@ test_entry_guard_parse_from_state_broken(void *arg) gs_df = get_guard_selection_by_name("default", GS_TYPE_NORMAL, 0); tt_assert(gs_df != NULL); tt_int_op(smartlist_len(gs_df->sampled_entry_guards), OP_EQ, 1); - guard_selection_t *gs_legacy = - get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 0); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - tt_assert(gs_legacy != NULL); - tt_int_op(smartlist_len(gs_legacy->chosen_entry_guards), OP_EQ, 0); -#else - tt_assert(gs_legacy == NULL); -#endif done: config_free_lines(lines); @@ -1520,17 +786,6 @@ test_entry_guard_get_guard_selection_by_name(void *arg) tt_assert(gs3 != gs1); tt_assert(gs3 == get_guard_selection_info()); - or_options_t *options = get_options_mutable(); - options->UseDeprecatedGuardAlgorithm = 1; - update_guard_selection_choice(options); - guard_selection_t *gs4 = get_guard_selection_info(); - tt_assert(gs4 != gs3); - tt_assert(gs4 == get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 1)); - - options->UseDeprecatedGuardAlgorithm = 0; - update_guard_selection_choice(options); - tt_assert(gs3 == get_guard_selection_info()); - done: entry_guards_free_all(); } @@ -1555,14 +810,6 @@ test_entry_guard_choose_selection_initial(void *arg) tt_int_op(type, OP_EQ, GS_TYPE_BRIDGE); get_options_mutable()->UseBridges = 0; - /* If we're using legacy guards, we get the legacy selection */ - get_options_mutable()->UseDeprecatedGuardAlgorithm = 1; - name = choose_guard_selection(get_options(), - dummy_consensus, NULL, &type); - tt_str_op(name, OP_EQ, "legacy"); - tt_int_op(type, OP_EQ, GS_TYPE_LEGACY); - get_options_mutable()->UseDeprecatedGuardAlgorithm = 0; - /* If we discard >99% of our guards, though, we should be in the restricted * set. */ tt_assert(get_options_mutable()->EntryNodes == NULL); @@ -2947,6 +2194,35 @@ test_entry_guard_select_and_cancel(void *arg) circuit_guard_state_free(guard); } +static void +test_entry_guard_drop_guards(void *arg) +{ + (void) arg; + int r; + const node_t *node = NULL; + circuit_guard_state_t *guard; + guard_selection_t *gs = get_guard_selection_info(); + + // Pick a guard, to get things set up. + r = entry_guard_pick_for_circuit(gs, GUARD_USAGE_TRAFFIC, NULL, + &node, &guard); + tt_int_op(r, OP_EQ, 0); + tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_GE, + DFLT_MIN_FILTERED_SAMPLE_SIZE); + tt_ptr_op(gs, OP_EQ, get_guard_selection_info()); + + // Drop all the guards! (This is a bad idea....) + remove_all_entry_guards_for_guard_selection(gs); + gs = get_guard_selection_info(); + tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_EQ, 0); + tt_int_op(smartlist_len(gs->primary_entry_guards), OP_EQ, 0); + tt_int_op(smartlist_len(gs->confirmed_entry_guards), OP_EQ, 0); + + done: + circuit_guard_state_free(guard); + guard_selection_free(gs); +} + /* Unit test setup function: Create a fake network, and set everything up * for testing the upgrade-a-waiting-circuit code. */ typedef struct { @@ -3361,12 +2637,6 @@ test_enty_guard_should_expire_waiting(void *arg) tor_free(fake_state); } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -static const struct testcase_setup_t fake_network = { - fake_network_setup, fake_network_cleanup -}; -#endif - static const struct testcase_setup_t big_fake_network = { big_fake_network_setup, big_fake_network_cleanup }; @@ -3383,33 +2653,6 @@ static const struct testcase_setup_t upgrade_circuits = { (void*)(arg) } struct testcase_t entrynodes_tests[] = { -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - { "entry_is_time_to_retry", test_entry_is_time_to_retry, - TT_FORK, NULL, NULL }, - { "choose_random_entry_no_guards", test_choose_random_entry_no_guards, - TT_FORK, &fake_network, NULL }, - { "choose_random_entry_one_possible_guard", - test_choose_random_entry_one_possible_guard, - TT_FORK, &fake_network, NULL }, - { "populate_live_entry_guards_1guard", - test_populate_live_entry_guards_1guard, - TT_FORK, &fake_network, NULL }, - { "populate_live_entry_guards_3guards", - test_populate_live_entry_guards_3guards, - TT_FORK, &fake_network, NULL }, - { "entry_guards_parse_state_simple", - test_entry_guards_parse_state_simple, - TT_FORK, &fake_network, NULL }, - { "entry_guards_parse_state_pathbias", - test_entry_guards_parse_state_pathbias, - TT_FORK, &fake_network, NULL }, - { "entry_guards_set_from_config", - test_entry_guards_set_from_config, - TT_FORK, &fake_network, NULL }, - { "entry_is_live", - test_entry_is_live, - TT_FORK, &fake_network, NULL }, -#endif { "node_preferred_orport", test_node_preferred_orport, 0, NULL, NULL }, @@ -3453,6 +2696,7 @@ struct testcase_t entrynodes_tests[] = { BFN_TEST(select_for_circuit_highlevel_confirm_other), BFN_TEST(select_for_circuit_highlevel_primary_retry), BFN_TEST(select_and_cancel), + BFN_TEST(drop_guards), UPGRADE_TEST(upgrade_a_circuit, "c1-done c2-done"), UPGRADE_TEST(upgrade_blocked_by_live_primary_guards, "c1-done c2-done"), diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c index 132af39776..5b84366e6d 100644 --- a/src/test/test_helpers.c +++ b/src/test/test_helpers.c @@ -128,3 +128,18 @@ dummy_origin_circuit_new(int n_cells) return TO_CIRCUIT(circ); } +/** Mock-replacement. As tor_addr_lookup, but always fails on any + * address containing a !. This is necessary for running the unit tests + * on networks where DNS hijackers think it's helpful to give answers + * for things like 1.2.3.4.5 or "invalidstuff!!" + */ +int +mock_tor_addr_lookup__fail_on_bad_addrs(const char *name, + uint16_t family, tor_addr_t *out) +{ + if (name && strchr(name, '!')) { + return -1; + } + return tor_addr_lookup__real(name, family, out); +} + diff --git a/src/test/test_helpers.h b/src/test/test_helpers.h index ba93b100d5..c6d4d9c41f 100644 --- a/src/test/test_helpers.h +++ b/src/test/test_helpers.h @@ -17,6 +17,9 @@ void helper_setup_fake_routerlist(void); void connection_write_to_buf_mock(const char *string, size_t len, connection_t *conn, int zlib); +int mock_tor_addr_lookup__fail_on_bad_addrs(const char *name, + uint16_t family, tor_addr_t *out); + extern const char TEST_DESCRIPTORS[]; #endif diff --git a/src/test/test_hs.c b/src/test/test_hs.c index ac9788ceea..fbaabe91d8 100644 --- a/src/test/test_hs.c +++ b/src/test/test_hs.c @@ -787,6 +787,126 @@ test_single_onion_poisoning(void *arg) tor_free(mock_options->DataDirectory); } +static rend_service_t * +helper_create_rend_service(const char *path) +{ + rend_service_t *s = tor_malloc_zero(sizeof(rend_service_t)); + s->ports = smartlist_new(); + s->intro_nodes = smartlist_new(); + s->expiring_nodes = smartlist_new(); + if (path) { + s->directory = tor_strdup(path); + } + return s; +} + +static void +test_prune_services_on_reload(void *arg) +{ + smartlist_t *new = smartlist_new(), *old = smartlist_new(); + /* Non ephemeral service. */ + rend_service_t *s1 = helper_create_rend_service("SomePath"); + /* Create a non ephemeral service with the _same_ path as so we can test the + * transfer of introduction point between the same services on reload. */ + rend_service_t *s2 = helper_create_rend_service(s1->directory); + /* Ephemeral service (directory is NULL). */ + rend_service_t *e1 = helper_create_rend_service(NULL); + rend_service_t *e2 = helper_create_rend_service(NULL); + + (void) arg; + + { + /* Add both services to the old list. */ + smartlist_add(old, s1); + smartlist_add(old, e1); + /* Only put the non ephemeral in the new list. */ + smartlist_add(new, s1); + prune_services_on_reload(old, new); + /* We expect that the ephemeral one is in the new list but removed from + * the old one. */ + tt_int_op(smartlist_len(old), OP_EQ, 1); + tt_assert(smartlist_get(old, 0) == s1); + tt_int_op(smartlist_len(new), OP_EQ, 2); + tt_assert(smartlist_get(new, 0) == s1); + tt_assert(smartlist_get(new, 1) == e1); + /* Cleanup for next test. */ + smartlist_clear(new); + smartlist_clear(old); + } + + { + /* This test will make sure that only the ephemeral service is kept if the + * new list is empty. The old list should contain only the non ephemeral + * one. */ + smartlist_add(old, s1); + smartlist_add(old, e1); + prune_services_on_reload(old, new); + tt_int_op(smartlist_len(old), OP_EQ, 1); + tt_assert(smartlist_get(old, 0) == s1); + tt_int_op(smartlist_len(new), OP_EQ, 1); + tt_assert(smartlist_get(new, 0) == e1); + /* Cleanup for next test. */ + smartlist_clear(new); + smartlist_clear(old); + } + + { + /* This test makes sure that the new list stays the same even from the old + * list being completely different. */ + smartlist_add(new, s1); + smartlist_add(new, e1); + prune_services_on_reload(old, new); + tt_int_op(smartlist_len(old), OP_EQ, 0); + tt_int_op(smartlist_len(new), OP_EQ, 2); + tt_assert(smartlist_get(new, 0) == s1); + tt_assert(smartlist_get(new, 1) == e1); + /* Cleanup for next test. */ + smartlist_clear(new); + } + + { + rend_intro_point_t ip1; + /* This IP should be found in the s2 service after pruning. */ + smartlist_add(s1->intro_nodes, &ip1); + /* Setup our list. */ + smartlist_add(old, s1); + smartlist_add(new, s2); + prune_services_on_reload(old, new); + tt_int_op(smartlist_len(old), OP_EQ, 1); + /* Intro nodes have been moved to the s2 in theory so it must be empty. */ + tt_int_op(smartlist_len(s1->intro_nodes), OP_EQ, 0); + tt_int_op(smartlist_len(new), OP_EQ, 1); + rend_service_t *elem = smartlist_get(new, 0); + tt_assert(elem); + tt_assert(elem == s2); + tt_int_op(smartlist_len(elem->intro_nodes), OP_EQ, 1); + tt_assert(smartlist_get(elem->intro_nodes, 0) == &ip1); + smartlist_clear(s1->intro_nodes); + smartlist_clear(s2->intro_nodes); + /* Cleanup for next test. */ + smartlist_clear(new); + smartlist_clear(old); + } + + { + /* Test two ephemeral services. */ + smartlist_add(old, e1); + smartlist_add(old, e2); + prune_services_on_reload(old, new); + /* Check if they've all been transfered. */ + tt_int_op(smartlist_len(old), OP_EQ, 0); + tt_int_op(smartlist_len(new), OP_EQ, 2); + } + + done: + rend_service_free(s1); + rend_service_free(s2); + rend_service_free(e1); + rend_service_free(e2); + smartlist_free(new); + smartlist_free(old); +} + struct testcase_t hs_tests[] = { { "hs_rend_data", test_hs_rend_data, TT_FORK, NULL, NULL }, @@ -807,6 +927,9 @@ struct testcase_t hs_tests[] = { TT_FORK, &passthrough_setup, (void*)(CREATE_HS_DIR2) }, { "single_onion_poisoning_create_dir_both", test_single_onion_poisoning, TT_FORK, &passthrough_setup, (void*)(CREATE_HS_DIR1 | CREATE_HS_DIR2) }, + { "prune_services_on_reload", test_prune_services_on_reload, TT_FORK, + NULL, NULL }, + END_OF_TESTCASES }; diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c index e7deec2e22..64391a7c29 100644 --- a/src/test/test_hs_cache.c +++ b/src/test/test_hs_cache.c @@ -66,27 +66,27 @@ helper_build_intro_point(const ed25519_keypair_t *blinded_kp, /* Return a valid hs_descriptor_t object. */ static hs_descriptor_t * helper_build_hs_desc(uint64_t revision_counter, uint32_t lifetime, - ed25519_keypair_t *blinded_kp) + ed25519_public_key_t *signing_pubkey) { int ret; + ed25519_keypair_t blinded_kp; hs_descriptor_t *descp = NULL, *desc = tor_malloc_zero(sizeof(*desc)); desc->plaintext_data.version = HS_DESC_SUPPORTED_FORMAT_VERSION_MAX; - ret = ed25519_keypair_generate(&desc->plaintext_data.signing_kp, 0); + + /* Copy only the public key into the descriptor. */ + memcpy(&desc->plaintext_data.signing_pubkey, signing_pubkey, + sizeof(ed25519_public_key_t)); + + ret = ed25519_keypair_generate(&blinded_kp, 0); tt_int_op(ret, ==, 0); - if (blinded_kp) { - memcpy(&desc->plaintext_data.blinded_kp, blinded_kp, - sizeof(ed25519_keypair_t)); - } else { - ret = ed25519_keypair_generate(&desc->plaintext_data.blinded_kp, 0); - tt_int_op(ret, ==, 0); - } + /* Copy only the public key into the descriptor. */ + memcpy(&desc->plaintext_data.blinded_pubkey, &blinded_kp.pubkey, + sizeof(ed25519_public_key_t)); desc->plaintext_data.signing_key_cert = - tor_cert_create(&desc->plaintext_data.blinded_kp, - CERT_TYPE_SIGNING_HS_DESC, - &desc->plaintext_data.signing_kp.pubkey, time(NULL), - 3600, CERT_FLAG_INCLUDE_SIGNING_KEY); + tor_cert_create(&blinded_kp, CERT_TYPE_SIGNING_HS_DESC, signing_pubkey, + time(NULL), 3600, CERT_FLAG_INCLUDE_SIGNING_KEY); tt_assert(desc->plaintext_data.signing_key_cert); desc->plaintext_data.revision_counter = revision_counter; desc->plaintext_data.lifetime_sec = lifetime; @@ -98,8 +98,7 @@ helper_build_hs_desc(uint64_t revision_counter, uint32_t lifetime, desc->encrypted_data.intro_points = smartlist_new(); /* Add an intro point. */ smartlist_add(desc->encrypted_data.intro_points, - helper_build_intro_point(&desc->plaintext_data.blinded_kp, - "1.2.3.4")); + helper_build_intro_point(&blinded_kp, "1.2.3.4")); descp = desc; done: @@ -109,12 +108,11 @@ helper_build_hs_desc(uint64_t revision_counter, uint32_t lifetime, /* Static variable used to encoded the HSDir query. */ static char query_b64[256]; -/* Build an HSDir query using a ed25519 keypair. */ +/* Build an HSDir query using a ed25519 public key. */ static const char * helper_get_hsdir_query(const hs_descriptor_t *desc) { - ed25519_public_to_base64(query_b64, - &desc->plaintext_data.blinded_kp.pubkey); + ed25519_public_to_base64(query_b64, &desc->plaintext_data.blinded_pubkey); return query_b64; } @@ -132,17 +130,20 @@ test_directory(void *arg) { int ret; size_t oom_size; - char *desc1_str=NULL; + char *desc1_str = NULL; const char *desc_out; - hs_descriptor_t *desc1; + ed25519_keypair_t signing_kp1; + hs_descriptor_t *desc1 = NULL; (void) arg; init_test(); /* Generate a valid descriptor with normal values. */ - desc1 = helper_build_hs_desc(42, 3 * 60 * 60, NULL); + ret = ed25519_keypair_generate(&signing_kp1, 0); + tt_int_op(ret, ==, 0); + desc1 = helper_build_hs_desc(42, 3 * 60 * 60, &signing_kp1.pubkey); tt_assert(desc1); - ret = hs_desc_encode_descriptor(desc1, &desc1_str); + ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &desc1_str); tt_int_op(ret, OP_EQ, 0); /* Very first basic test, should be able to be stored, survive a @@ -170,10 +171,14 @@ test_directory(void *arg) /* Store two descriptors and remove the expiring one only. */ { - hs_descriptor_t *desc_zero_lifetime = helper_build_hs_desc(1, 0, NULL); + ed25519_keypair_t signing_kp_zero; + ret = ed25519_keypair_generate(&signing_kp_zero, 0); + tt_int_op(ret, ==, 0); + hs_descriptor_t *desc_zero_lifetime; + desc_zero_lifetime = helper_build_hs_desc(1, 0, &signing_kp_zero.pubkey); tt_assert(desc_zero_lifetime); char *desc_zero_lifetime_str; - ret = hs_desc_encode_descriptor(desc_zero_lifetime, + ret = hs_desc_encode_descriptor(desc_zero_lifetime, &signing_kp_zero, &desc_zero_lifetime_str); tt_int_op(ret, OP_EQ, 0); @@ -225,7 +230,7 @@ test_directory(void *arg) tt_int_op(ret, OP_EQ, 1); /* Bump revision counter. */ desc1->plaintext_data.revision_counter++; - ret = hs_desc_encode_descriptor(desc1, &new_desc_str); + ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &new_desc_str); tt_int_op(ret, OP_EQ, 0); ret = hs_cache_store_as_dir(new_desc_str); tt_int_op(ret, OP_EQ, 0); @@ -248,15 +253,18 @@ test_clean_as_dir(void *arg) char *desc1_str = NULL; time_t now = time(NULL); hs_descriptor_t *desc1 = NULL; + ed25519_keypair_t signing_kp1; (void) arg; init_test(); /* Generate a valid descriptor with values. */ - desc1 = helper_build_hs_desc(42, 3 * 60 * 60, NULL); + ret = ed25519_keypair_generate(&signing_kp1, 0); + tt_int_op(ret, ==, 0); + desc1 = helper_build_hs_desc(42, 3 * 60 * 60, &signing_kp1.pubkey); tt_assert(desc1); - ret = hs_desc_encode_descriptor(desc1, &desc1_str); + ret = hs_desc_encode_descriptor(desc1, &signing_kp1, &desc1_str); tt_int_op(ret, OP_EQ, 0); ret = hs_cache_store_as_dir(desc1_str); tt_int_op(ret, OP_EQ, 0); @@ -343,7 +351,7 @@ static void test_upload_and_download_hs_desc(void *arg) { int retval; - hs_descriptor_t *published_desc; + hs_descriptor_t *published_desc = NULL; char *published_desc_str = NULL; char *received_desc_str = NULL; @@ -355,9 +363,13 @@ test_upload_and_download_hs_desc(void *arg) /* Generate a valid descriptor with normal values. */ { - published_desc = helper_build_hs_desc(42, 3 * 60 * 60, NULL); + ed25519_keypair_t signing_kp; + retval = ed25519_keypair_generate(&signing_kp, 0); + tt_int_op(retval, ==, 0); + published_desc = helper_build_hs_desc(42, 3 * 60 * 60, &signing_kp.pubkey); tt_assert(published_desc); - retval = hs_desc_encode_descriptor(published_desc, &published_desc_str); + retval = hs_desc_encode_descriptor(published_desc, &signing_kp, + &published_desc_str); tt_int_op(retval, OP_EQ, 0); } @@ -370,7 +382,7 @@ test_upload_and_download_hs_desc(void *arg) /* Simulate a fetch of the previously published descriptor */ { const ed25519_public_key_t *blinded_key; - blinded_key = &published_desc->plaintext_data.blinded_kp.pubkey; + blinded_key = &published_desc->plaintext_data.blinded_pubkey; received_desc_str = helper_fetch_desc_from_hsdir(blinded_key); } @@ -391,7 +403,9 @@ test_hsdir_revision_counter_check(void *arg) { int retval; - hs_descriptor_t *published_desc; + ed25519_keypair_t signing_kp; + + hs_descriptor_t *published_desc = NULL; char *published_desc_str = NULL; char *received_desc_str = NULL; @@ -404,9 +418,13 @@ test_hsdir_revision_counter_check(void *arg) /* Generate a valid descriptor with normal values. */ { - published_desc = helper_build_hs_desc(1312, 3 * 60 * 60, NULL); + retval = ed25519_keypair_generate(&signing_kp, 0); + tt_int_op(retval, ==, 0); + published_desc = helper_build_hs_desc(1312, 3 * 60 * 60, + &signing_kp.pubkey); tt_assert(published_desc); - retval = hs_desc_encode_descriptor(published_desc, &published_desc_str); + retval = hs_desc_encode_descriptor(published_desc, &signing_kp, + &published_desc_str); tt_int_op(retval, OP_EQ, 0); } @@ -426,7 +444,7 @@ test_hsdir_revision_counter_check(void *arg) { const ed25519_public_key_t *blinded_key; - blinded_key = &published_desc->plaintext_data.blinded_kp.pubkey; + blinded_key = &published_desc->plaintext_data.blinded_pubkey; received_desc_str = helper_fetch_desc_from_hsdir(blinded_key); retval = hs_desc_decode_descriptor(received_desc_str,NULL, &received_desc); @@ -445,7 +463,8 @@ test_hsdir_revision_counter_check(void *arg) { published_desc->plaintext_data.revision_counter = 1313; tor_free(published_desc_str); - retval = hs_desc_encode_descriptor(published_desc, &published_desc_str); + retval = hs_desc_encode_descriptor(published_desc, &signing_kp, + &published_desc_str); tt_int_op(retval, OP_EQ, 0); retval = handle_post_hs_descriptor("/tor/hs/3/publish",published_desc_str); @@ -457,7 +476,7 @@ test_hsdir_revision_counter_check(void *arg) { const ed25519_public_key_t *blinded_key; - blinded_key = &published_desc->plaintext_data.blinded_kp.pubkey; + blinded_key = &published_desc->plaintext_data.blinded_pubkey; received_desc_str = helper_fetch_desc_from_hsdir(blinded_key); retval = hs_desc_decode_descriptor(received_desc_str,NULL, &received_desc); diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c index 3f588dfcaf..02a71aa473 100644 --- a/src/test/test_hs_descriptor.c +++ b/src/test/test_hs_descriptor.c @@ -77,24 +77,28 @@ helper_build_intro_point(const ed25519_keypair_t *blinded_kp, time_t now, /* Return a valid hs_descriptor_t object. If no_ip is set, no introduction * points are added. */ static hs_descriptor_t * -helper_build_hs_desc(unsigned int no_ip) +helper_build_hs_desc(unsigned int no_ip, ed25519_public_key_t *signing_pubkey) { int ret; time_t now = time(NULL); + ed25519_keypair_t blinded_kp; hs_descriptor_t *descp = NULL, *desc = tor_malloc_zero(sizeof(*desc)); desc->plaintext_data.version = HS_DESC_SUPPORTED_FORMAT_VERSION_MAX; - ret = ed25519_keypair_generate(&desc->plaintext_data.signing_kp, 0); - tt_int_op(ret, ==, 0); - ret = ed25519_keypair_generate(&desc->plaintext_data.blinded_kp, 0); + + /* Copy only the public key into the descriptor. */ + memcpy(&desc->plaintext_data.signing_pubkey, signing_pubkey, + sizeof(ed25519_public_key_t)); + + ret = ed25519_keypair_generate(&blinded_kp, 0); tt_int_op(ret, ==, 0); + /* Copy only the public key into the descriptor. */ + memcpy(&desc->plaintext_data.blinded_pubkey, &blinded_kp.pubkey, + sizeof(ed25519_public_key_t)); desc->plaintext_data.signing_key_cert = - tor_cert_create(&desc->plaintext_data.blinded_kp, - CERT_TYPE_SIGNING_HS_DESC, - &desc->plaintext_data.signing_kp.pubkey, now, - 3600, - CERT_FLAG_INCLUDE_SIGNING_KEY); + tor_cert_create(&blinded_kp, CERT_TYPE_SIGNING_HS_DESC, signing_pubkey, + now, 3600, CERT_FLAG_INCLUDE_SIGNING_KEY); tt_assert(desc->plaintext_data.signing_key_cert); desc->plaintext_data.revision_counter = 42; desc->plaintext_data.lifetime_sec = 3 * 60 * 60; @@ -108,17 +112,13 @@ helper_build_hs_desc(unsigned int no_ip) if (!no_ip) { /* Add four intro points. */ smartlist_add(desc->encrypted_data.intro_points, - helper_build_intro_point(&desc->plaintext_data.blinded_kp, now, - "1.2.3.4", 0)); + helper_build_intro_point(&blinded_kp, now, "1.2.3.4", 0)); smartlist_add(desc->encrypted_data.intro_points, - helper_build_intro_point(&desc->plaintext_data.blinded_kp, now, - "[2600::1]", 0)); + helper_build_intro_point(&blinded_kp, now, "[2600::1]", 0)); smartlist_add(desc->encrypted_data.intro_points, - helper_build_intro_point(&desc->plaintext_data.blinded_kp, now, - "3.2.1.4", 1)); + helper_build_intro_point(&blinded_kp, now, "3.2.1.4", 1)); smartlist_add(desc->encrypted_data.intro_points, - helper_build_intro_point(&desc->plaintext_data.blinded_kp, now, - "", 1)); + helper_build_intro_point(&blinded_kp, now, "", 1)); } descp = desc; @@ -138,11 +138,11 @@ helper_compare_hs_desc(const hs_descriptor_t *desc1, desc2->plaintext_data.lifetime_sec); tt_assert(tor_cert_eq(desc1->plaintext_data.signing_key_cert, desc2->plaintext_data.signing_key_cert)); - tt_mem_op(desc1->plaintext_data.signing_kp.pubkey.pubkey, OP_EQ, - desc2->plaintext_data.signing_kp.pubkey.pubkey, + tt_mem_op(desc1->plaintext_data.signing_pubkey.pubkey, OP_EQ, + desc2->plaintext_data.signing_pubkey.pubkey, ED25519_PUBKEY_LEN); - tt_mem_op(desc1->plaintext_data.blinded_kp.pubkey.pubkey, OP_EQ, - desc2->plaintext_data.blinded_kp.pubkey.pubkey, + tt_mem_op(desc1->plaintext_data.blinded_pubkey.pubkey, OP_EQ, + desc2->plaintext_data.blinded_pubkey.pubkey, ED25519_PUBKEY_LEN); tt_u64_op(desc1->plaintext_data.revision_counter, ==, desc2->plaintext_data.revision_counter); @@ -481,11 +481,15 @@ test_encode_descriptor(void *arg) { int ret; char *encoded = NULL; - hs_descriptor_t *desc = helper_build_hs_desc(0); + ed25519_keypair_t signing_kp; + hs_descriptor_t *desc = NULL; (void) arg; - ret = hs_desc_encode_descriptor(desc, &encoded); + ret = ed25519_keypair_generate(&signing_kp, 0); + tt_int_op(ret, ==, 0); + desc = helper_build_hs_desc(0, &signing_kp.pubkey); + ret = hs_desc_encode_descriptor(desc, &signing_kp, &encoded); tt_int_op(ret, ==, 0); tt_assert(encoded); @@ -499,17 +503,22 @@ test_decode_descriptor(void *arg) { int ret; char *encoded = NULL; - hs_descriptor_t *desc = helper_build_hs_desc(0); + ed25519_keypair_t signing_kp; + hs_descriptor_t *desc = NULL; hs_descriptor_t *decoded = NULL; hs_descriptor_t *desc_no_ip = NULL; (void) arg; + ret = ed25519_keypair_generate(&signing_kp, 0); + tt_int_op(ret, ==, 0); + desc = helper_build_hs_desc(0, &signing_kp.pubkey); + /* Give some bad stuff to the decoding function. */ ret = hs_desc_decode_descriptor("hladfjlkjadf", NULL, &decoded); tt_int_op(ret, OP_EQ, -1); - ret = hs_desc_encode_descriptor(desc, &encoded); + ret = hs_desc_encode_descriptor(desc, &signing_kp, &encoded); tt_int_op(ret, ==, 0); tt_assert(encoded); @@ -521,10 +530,13 @@ test_decode_descriptor(void *arg) /* Decode a descriptor with _no_ introduction points. */ { - desc_no_ip = helper_build_hs_desc(1); + ed25519_keypair_t signing_kp_no_ip; + ret = ed25519_keypair_generate(&signing_kp_no_ip, 0); + tt_int_op(ret, ==, 0); + desc_no_ip = helper_build_hs_desc(1, &signing_kp_no_ip.pubkey); tt_assert(desc_no_ip); tor_free(encoded); - ret = hs_desc_encode_descriptor(desc_no_ip, &encoded); + ret = hs_desc_encode_descriptor(desc_no_ip, &signing_kp_no_ip, &encoded); tt_int_op(ret, ==, 0); tt_assert(encoded); hs_descriptor_free(decoded); @@ -599,6 +611,7 @@ test_decode_intro_point(void *arg) char *encoded_ip = NULL; size_t len_out; hs_desc_intro_point_t *ip = NULL; + ed25519_keypair_t signing_kp; hs_descriptor_t *desc = NULL; (void) arg; @@ -647,7 +660,9 @@ test_decode_intro_point(void *arg) /* Start by testing the "decode all intro points" function. */ { char *line; - desc = helper_build_hs_desc(0); + ret = ed25519_keypair_generate(&signing_kp, 0); + tt_int_op(ret, ==, 0); + desc = helper_build_hs_desc(0, &signing_kp.pubkey); tt_assert(desc); /* Only try to decode an incomplete introduction point section. */ tor_asprintf(&line, "\n%s", intro_point); @@ -674,7 +689,10 @@ test_decode_intro_point(void *arg) /* Try to decode a junk string. */ { hs_descriptor_free(desc); - desc = helper_build_hs_desc(0); + desc = NULL; + ret = ed25519_keypair_generate(&signing_kp, 0); + tt_int_op(ret, ==, 0); + desc = helper_build_hs_desc(0, &signing_kp.pubkey); const char *junk = "this is not a descriptor"; ip = decode_introduction_point(desc, junk); tt_assert(!ip); @@ -977,10 +995,10 @@ test_desc_signature(void *arg) tt_int_op(ret, ==, 0); /* Build the descriptor that should be valid. */ tor_asprintf(&desc, "%ssignature %s\n", data, sig_b64); - ret = desc_sig_is_valid(sig_b64, &kp, desc, strlen(desc)); + ret = desc_sig_is_valid(sig_b64, &kp.pubkey, desc, strlen(desc)); tt_int_op(ret, ==, 1); /* Junk signature. */ - ret = desc_sig_is_valid("JUNK", &kp, desc, strlen(desc)); + ret = desc_sig_is_valid("JUNK", &kp.pubkey, desc, strlen(desc)); tt_int_op(ret, ==, 0); done: diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c index 608988ba9a..770fff42d2 100644 --- a/src/test/test_hs_intropoint.c +++ b/src/test/test_hs_intropoint.c @@ -12,19 +12,26 @@ #define CIRCUITLIST_PRIVATE #include "test.h" +#include "log_test_helpers.h" #include "crypto.h" +#include "log_test_helpers.h" #include "or.h" #include "ht.h" +/* Trunnel. */ #include "hs/cell_establish_intro.h" +#include "hs/cell_introduce1.h" +#include "hs/cell_common.h" #include "hs_service.h" +#include "hs_common.h" #include "hs_circuitmap.h" #include "hs_intropoint.h" #include "circuitlist.h" #include "circuituse.h" #include "rendservice.h" +#include "relay.h" /* Mock function to avoid networking in unittests */ static int @@ -34,6 +41,81 @@ mock_send_intro_established_cell(or_circuit_t *circ) return 0; } +static int +mock_relay_send_command_from_edge(streamid_t stream_id, circuit_t *circ, + uint8_t relay_command, const char *payload, + size_t payload_len, + crypt_path_t *cpath_layer, + const char *filename, int lineno) +{ + (void) stream_id; + (void) circ; + (void) relay_command; + (void) payload; + (void) payload_len; + (void) cpath_layer; + (void) filename; + (void) lineno; + return 0; +} + +static or_circuit_t * +helper_create_intro_circuit(void) +{ + or_circuit_t *circ = or_circuit_new(0, NULL); + tt_assert(circ); + circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR); + done: + return circ; +} + +static hs_cell_introduce1_t * +helper_create_introduce1_cell(void) +{ + hs_cell_introduce1_t *cell = NULL; + ed25519_keypair_t auth_key_kp; + + /* Generate the auth_key of the cell. */ + if (ed25519_keypair_generate(&auth_key_kp, 0) < 0) { + goto err; + } + + cell = hs_cell_introduce1_new(); + tt_assert(cell); + + /* Set the auth key. */ + { + size_t auth_key_len = sizeof(auth_key_kp.pubkey); + hs_cell_introduce1_set_auth_key_type(cell, + HS_INTRO_AUTH_KEY_TYPE_ED25519); + hs_cell_introduce1_set_auth_key_len(cell, auth_key_len); + hs_cell_introduce1_setlen_auth_key(cell, auth_key_len); + uint8_t *auth_key_ptr = hs_cell_introduce1_getarray_auth_key(cell); + memcpy(auth_key_ptr, auth_key_kp.pubkey.pubkey, auth_key_len); + } + + /* Set the cell extentions to none. */ + { + cell_extension_t *ext = cell_extension_new(); + cell_extension_set_num(ext, 0); + hs_cell_introduce1_set_extensions(cell, ext); + } + + /* Set the encrypted section to some data. */ + { + size_t enc_len = 128; + hs_cell_introduce1_setlen_encrypted(cell, enc_len); + uint8_t *enc_ptr = hs_cell_introduce1_getarray_encrypted(cell); + memset(enc_ptr, 'a', enc_len); + } + + return cell; + err: + done: + hs_cell_introduce1_free(cell); + return NULL; +} + /* Try sending an ESTABLISH_INTRO cell on a circuit that is already an intro * point. Should fail. */ static void @@ -143,6 +225,163 @@ test_establish_intro_wrong_keytype2(void *arg) circuit_free(TO_CIRCUIT(intro_circ)); } +/* Send a legit ESTABLISH_INTRO cell but with a wrong MAC. Should fail. */ +static void +test_establish_intro_wrong_mac(void *arg) +{ + int retval; + hs_cell_establish_intro_t *establish_intro_cell = NULL; + or_circuit_t *intro_circ = or_circuit_new(0,NULL);; + uint8_t cell_body[RELAY_PAYLOAD_SIZE]; + ssize_t cell_len = 0; + uint8_t circuit_key_material[DIGEST_LEN] = {0}; + + (void)arg; + + /* Get the auth key of the intro point */ + crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material)); + helper_prepare_circ_for_intro(intro_circ, circuit_key_material); + + /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we + attempt to parse it. */ + establish_intro_cell = generate_establish_intro_cell(circuit_key_material, + sizeof(circuit_key_material)); + tt_assert(establish_intro_cell); + /* Mangle one byte of the MAC. */ + uint8_t *handshake_ptr = + hs_cell_establish_intro_getarray_handshake_mac(establish_intro_cell); + handshake_ptr[TRUNNEL_SHA3_256_LEN - 1]++; + /* We need to resign the payload with that change. */ + { + ed25519_signature_t sig; + ed25519_keypair_t key_struct; + /* New keypair for the signature since we don't have access to the private + * key material generated earlier when creating the cell. */ + retval = ed25519_keypair_generate(&key_struct, 0); + tt_int_op(retval, OP_EQ, 0); + uint8_t *auth_key_ptr = + hs_cell_establish_intro_getarray_auth_key(establish_intro_cell); + memcpy(auth_key_ptr, key_struct.pubkey.pubkey, ED25519_PUBKEY_LEN); + /* Encode payload so we can sign it. */ + cell_len = get_establish_intro_payload(cell_body, sizeof(cell_body), + establish_intro_cell); + tt_int_op(cell_len, >, 0); + + retval = ed25519_sign_prefixed(&sig, cell_body, + cell_len - + (ED25519_SIG_LEN + + sizeof(establish_intro_cell->sig_len)), + ESTABLISH_INTRO_SIG_PREFIX, &key_struct); + tt_int_op(retval, OP_EQ, 0); + /* And write the signature to the cell */ + uint8_t *sig_ptr = + hs_cell_establish_intro_getarray_sig(establish_intro_cell); + memcpy(sig_ptr, sig.sig, establish_intro_cell->sig_len); + /* Re-encode with the new signature. */ + cell_len = get_establish_intro_payload(cell_body, sizeof(cell_body), + establish_intro_cell); + } + + /* Receive the cell. Should fail because our MAC is wrong. */ + setup_full_capture_of_logs(LOG_INFO); + retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len); + expect_log_msg_containing("ESTABLISH_INTRO handshake_auth not as expected"); + teardown_capture_of_logs(); + tt_int_op(retval, ==, -1); + + done: + hs_cell_establish_intro_free(establish_intro_cell); + circuit_free(TO_CIRCUIT(intro_circ)); +} + +/* Send a legit ESTABLISH_INTRO cell but with a wrong auth key length. Should + * fail. */ +static void +test_establish_intro_wrong_auth_key_len(void *arg) +{ + int retval; + hs_cell_establish_intro_t *establish_intro_cell = NULL; + or_circuit_t *intro_circ = or_circuit_new(0,NULL);; + uint8_t cell_body[RELAY_PAYLOAD_SIZE]; + ssize_t cell_len = 0; + size_t bad_auth_key_len = ED25519_PUBKEY_LEN - 1; + uint8_t circuit_key_material[DIGEST_LEN] = {0}; + + (void)arg; + + /* Get the auth key of the intro point */ + crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material)); + helper_prepare_circ_for_intro(intro_circ, circuit_key_material); + + /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we + attempt to parse it. */ + establish_intro_cell = generate_establish_intro_cell(circuit_key_material, + sizeof(circuit_key_material)); + tt_assert(establish_intro_cell); + /* Mangle the auth key length. */ + hs_cell_establish_intro_set_auth_key_len(establish_intro_cell, + bad_auth_key_len); + hs_cell_establish_intro_setlen_auth_key(establish_intro_cell, + bad_auth_key_len); + cell_len = get_establish_intro_payload(cell_body, sizeof(cell_body), + establish_intro_cell); + tt_int_op(cell_len, >, 0); + + /* Receive the cell. Should fail. */ + setup_full_capture_of_logs(LOG_INFO); + retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len); + expect_log_msg_containing("ESTABLISH_INTRO auth key length is invalid"); + teardown_capture_of_logs(); + tt_int_op(retval, ==, -1); + + done: + hs_cell_establish_intro_free(establish_intro_cell); + circuit_free(TO_CIRCUIT(intro_circ)); +} + +/* Send a legit ESTABLISH_INTRO cell but with a wrong sig length. Should + * fail. */ +static void +test_establish_intro_wrong_sig_len(void *arg) +{ + int retval; + hs_cell_establish_intro_t *establish_intro_cell = NULL; + or_circuit_t *intro_circ = or_circuit_new(0,NULL);; + uint8_t cell_body[RELAY_PAYLOAD_SIZE]; + ssize_t cell_len = 0; + size_t bad_sig_len = ED25519_SIG_LEN - 1; + uint8_t circuit_key_material[DIGEST_LEN] = {0}; + + (void)arg; + + /* Get the auth key of the intro point */ + crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material)); + helper_prepare_circ_for_intro(intro_circ, circuit_key_material); + + /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we + attempt to parse it. */ + establish_intro_cell = generate_establish_intro_cell(circuit_key_material, + sizeof(circuit_key_material)); + tt_assert(establish_intro_cell); + /* Mangle the signature length. */ + hs_cell_establish_intro_set_sig_len(establish_intro_cell, bad_sig_len); + hs_cell_establish_intro_setlen_sig(establish_intro_cell, bad_sig_len); + cell_len = get_establish_intro_payload(cell_body, sizeof(cell_body), + establish_intro_cell); + tt_int_op(cell_len, >, 0); + + /* Receive the cell. Should fail. */ + setup_full_capture_of_logs(LOG_INFO); + retval = hs_intro_received_establish_intro(intro_circ, cell_body, cell_len); + expect_log_msg_containing("ESTABLISH_INTRO sig len is invalid"); + teardown_capture_of_logs(); + tt_int_op(retval, ==, -1); + + done: + hs_cell_establish_intro_free(establish_intro_cell); + circuit_free(TO_CIRCUIT(intro_circ)); +} + /* Send a legit ESTABLISH_INTRO cell but slightly change the signature. Should * fail. */ static void @@ -294,7 +533,8 @@ test_intro_point_registration(void *arg) the_hs_circuitmap = get_hs_circuitmap(); tt_assert(the_hs_circuitmap); tt_int_op(1, ==, HT_SIZE(the_hs_circuitmap)); - get_auth_key_from_establish_intro_cell(&auth_key, establish_intro_cell); + get_auth_key_from_cell(&auth_key, RELAY_COMMAND_ESTABLISH_INTRO, + establish_intro_cell); returned_intro_circ = hs_circuitmap_get_intro_circ_v3(&auth_key); tt_ptr_op(intro_circ, ==, returned_intro_circ); } @@ -340,6 +580,246 @@ test_intro_point_registration(void *arg) UNMOCK(hs_intro_send_intro_established_cell); } +static void +test_introduce1_suitable_circuit(void *arg) +{ + int ret; + or_circuit_t *circ = NULL; + + (void) arg; + + /* Valid suitable circuit. */ + { + circ = or_circuit_new(0, NULL); + circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR); + ret = circuit_is_suitable_for_introduce1(circ); + circuit_free(TO_CIRCUIT(circ)); + tt_int_op(ret, OP_EQ, 1); + } + + /* Test if the circuit purpose safeguard works correctly. */ + { + circ = or_circuit_new(0, NULL); + circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT); + ret = circuit_is_suitable_for_introduce1(circ); + circuit_free(TO_CIRCUIT(circ)); + tt_int_op(ret, OP_EQ, 0); + } + + /* Test the non-edge circuit safeguard works correctly. */ + { + circ = or_circuit_new(0, NULL); + circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR); + /* Bogus pointer, the check is against NULL on n_chan. */ + circ->base_.n_chan = (channel_t *) circ; + ret = circuit_is_suitable_for_introduce1(circ); + circuit_free(TO_CIRCUIT(circ)); + tt_int_op(ret, OP_EQ, 0); + } + + /* Mangle the circuit a bit more so see if our only one INTRODUCE1 cell + * limit works correctly. */ + { + circ = or_circuit_new(0, NULL); + circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR); + circ->already_received_introduce1 = 1; + ret = circuit_is_suitable_for_introduce1(circ); + circuit_free(TO_CIRCUIT(circ)); + tt_int_op(ret, OP_EQ, 0); + } + + done: + ; +} + +static void +test_introduce1_is_legacy(void *arg) +{ + int ret; + uint8_t request[256]; + + (void) arg; + + /* For a cell to be considered legacy, according to the specification, the + * first 20 bytes MUST BE non-zero else it's a v3 cell. */ + memset(request, 'a', DIGEST_LEN); + memset(request + DIGEST_LEN, 0, sizeof(request) - DIGEST_LEN); + ret = introduce1_cell_is_legacy(request); + tt_int_op(ret, OP_EQ, 1); + + /* This is a NON legacy cell. */ + memset(request, 0, DIGEST_LEN); + memset(request + DIGEST_LEN, 'a', sizeof(request) - DIGEST_LEN); + ret = introduce1_cell_is_legacy(request); + tt_int_op(ret, OP_EQ, 0); + + done: + ; +} + +static void +test_introduce1_validation(void *arg) +{ + int ret; + hs_cell_introduce1_t *cell = NULL; + + (void) arg; + + /* Create our decoy cell that we'll modify as we go to test the validation + * function of that parsed cell. */ + cell = helper_create_introduce1_cell(); + + /* It should NOT be a legacy cell which will trigger a BUG(). */ + memset(cell->legacy_key_id, 'a', sizeof(cell->legacy_key_id)); + tor_capture_bugs_(1); + ret = validate_introduce1_parsed_cell(cell); + tor_end_capture_bugs_(); + tt_int_op(ret, OP_EQ, -1); + /* Reset legacy ID and make sure it's correct. */ + memset(cell->legacy_key_id, 0, sizeof(cell->legacy_key_id)); + ret = validate_introduce1_parsed_cell(cell); + tt_int_op(ret, OP_EQ, 0); + + /* Non existing auth key type. */ + cell->auth_key_type = 42; + ret = validate_introduce1_parsed_cell(cell); + tt_int_op(ret, OP_EQ, -1); + /* Reset is to correct value and make sure it's correct. */ + cell->auth_key_type = HS_INTRO_AUTH_KEY_TYPE_ED25519; + ret = validate_introduce1_parsed_cell(cell); + tt_int_op(ret, OP_EQ, 0); + + /* Really bad key length. */ + cell->auth_key_len = 0; + ret = validate_introduce1_parsed_cell(cell); + tt_int_op(ret, OP_EQ, -1); + cell->auth_key_len = UINT16_MAX; + ret = validate_introduce1_parsed_cell(cell); + tt_int_op(ret, OP_EQ, -1); + /* Correct size, let's try that. */ + cell->auth_key_len = sizeof(ed25519_public_key_t); + ret = validate_introduce1_parsed_cell(cell); + tt_int_op(ret, OP_EQ, 0); + /* Set an invalid size of the auth key buffer. */ + hs_cell_introduce1_setlen_auth_key(cell, 3); + ret = validate_introduce1_parsed_cell(cell); + tt_int_op(ret, OP_EQ, -1); + /* Reset auth key buffer and make sure it works. */ + hs_cell_introduce1_setlen_auth_key(cell, sizeof(ed25519_public_key_t)); + ret = validate_introduce1_parsed_cell(cell); + tt_int_op(ret, OP_EQ, 0); + + /* Empty encrypted section. */ + hs_cell_introduce1_setlen_encrypted(cell, 0); + ret = validate_introduce1_parsed_cell(cell); + tt_int_op(ret, OP_EQ, -1); + /* Reset it to some non zero bytes and validate. */ + hs_cell_introduce1_setlen_encrypted(cell, 1); + ret = validate_introduce1_parsed_cell(cell); + tt_int_op(ret, OP_EQ, 0); + + done: + hs_cell_introduce1_free(cell); +} + +static void +test_received_introduce1_handling(void *arg) +{ + int ret; + uint8_t *request = NULL, buf[128]; + hs_cell_introduce1_t *cell = NULL; + or_circuit_t *circ = NULL; + + (void) arg; + + MOCK(relay_send_command_from_edge_, mock_relay_send_command_from_edge); + + hs_circuitmap_init(); + + /* Too small request length. An INTRODUCE1 expect at the very least a + * DIGEST_LEN size. */ + { + circ = helper_create_intro_circuit(); + ret = hs_intro_received_introduce1(circ, buf, DIGEST_LEN - 1); + tt_int_op(ret, OP_EQ, -1); + circuit_free(TO_CIRCUIT(circ)); + } + + /* We have a unit test only for the suitability of a circuit to receive an + * INTRODUCE1 cell so from now on we'll only test the handling of a cell. */ + + /* Bad request. */ + { + circ = helper_create_intro_circuit(); + uint8_t test[2]; /* Too small request. */ + ret = handle_introduce1(circ, test, sizeof(test)); + tor_free(circ->p_chan); + circuit_free(TO_CIRCUIT(circ)); + tt_int_op(ret, OP_EQ, -1); + } + + /* Valid case. */ + { + cell = helper_create_introduce1_cell(); + ssize_t request_len = hs_cell_introduce1_encoded_len(cell); + tt_size_op(request_len, OP_GT, 0); + request = tor_malloc_zero(request_len); + ssize_t encoded_len = + hs_cell_introduce1_encode(request, request_len, cell); + tt_size_op(encoded_len, OP_GT, 0); + + circ = helper_create_intro_circuit(); + or_circuit_t *service_circ = helper_create_intro_circuit(); + circuit_change_purpose(TO_CIRCUIT(service_circ), + CIRCUIT_PURPOSE_INTRO_POINT); + /* Register the circuit in the map for the auth key of the cell. */ + ed25519_public_key_t auth_key; + const uint8_t *cell_auth_key = + hs_cell_introduce1_getconstarray_auth_key(cell); + memcpy(auth_key.pubkey, cell_auth_key, ED25519_PUBKEY_LEN); + hs_circuitmap_register_intro_circ_v3(service_circ, &auth_key); + ret = hs_intro_received_introduce1(circ, request, request_len); + circuit_free(TO_CIRCUIT(circ)); + circuit_free(TO_CIRCUIT(service_circ)); + tt_int_op(ret, OP_EQ, 0); + } + + /* Valid legacy cell. */ + { + tor_free(request); + hs_cell_introduce1_free(cell); + cell = helper_create_introduce1_cell(); + uint8_t *legacy_key_id = hs_cell_introduce1_getarray_legacy_key_id(cell); + memset(legacy_key_id, 'a', DIGEST_LEN); + /* Add an arbitrary amount of data for the payload of a v2 cell. */ + size_t request_len = hs_cell_introduce1_encoded_len(cell) + 256; + tt_size_op(request_len, OP_GT, 0); + request = tor_malloc_zero(request_len + 256); + ssize_t encoded_len = + hs_cell_introduce1_encode(request, request_len, cell); + tt_size_op(encoded_len, OP_GT, 0); + + circ = helper_create_intro_circuit(); + or_circuit_t *service_circ = helper_create_intro_circuit(); + circuit_change_purpose(TO_CIRCUIT(service_circ), + CIRCUIT_PURPOSE_INTRO_POINT); + /* Register the circuit in the map for the auth key of the cell. */ + uint8_t token[REND_TOKEN_LEN]; + memcpy(token, legacy_key_id, sizeof(token)); + hs_circuitmap_register_intro_circ_v2(service_circ, token); + ret = hs_intro_received_introduce1(circ, request, request_len); + circuit_free(TO_CIRCUIT(circ)); + circuit_free(TO_CIRCUIT(service_circ)); + tt_int_op(ret, OP_EQ, 0); + } + + done: + hs_cell_introduce1_free(cell); + tor_free(request); + hs_circuitmap_free_all(); + UNMOCK(relay_send_command_from_edge_); +} + struct testcase_t hs_intropoint_tests[] = { { "intro_point_registration", test_intro_point_registration, TT_FORK, NULL, NULL }, @@ -356,6 +836,27 @@ struct testcase_t hs_intropoint_tests[] = { { "receive_establish_intro_wrong_sig", test_establish_intro_wrong_sig, TT_FORK, NULL, NULL }, + { "receive_establish_intro_wrong_sig_len", + test_establish_intro_wrong_sig_len, TT_FORK, NULL, NULL }, + + { "receive_establish_intro_wrong_auth_key_len", + test_establish_intro_wrong_auth_key_len, TT_FORK, NULL, NULL }, + + { "receive_establish_intro_wrong_mac", + test_establish_intro_wrong_mac, TT_FORK, NULL, NULL }, + + { "introduce1_suitable_circuit", + test_introduce1_suitable_circuit, TT_FORK, NULL, NULL }, + + { "introduce1_is_legacy", + test_introduce1_is_legacy, TT_FORK, NULL, NULL }, + + { "introduce1_validation", + test_introduce1_validation, TT_FORK, NULL, NULL }, + + { "received_introduce1_handling", + test_received_introduce1_handling, TT_FORK, NULL, NULL }, + END_OF_TESTCASES }; diff --git a/src/test/test_options.c b/src/test/test_options.c index e85e11805b..41c015bdd4 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -18,6 +18,7 @@ #include "sandbox.h" #include "memarea.h" #include "policies.h" +#include "test_helpers.h" #define NS_MODULE test_options @@ -332,7 +333,8 @@ fixed_get_uname(void) "VirtualAddrNetworkIPv4 127.192.0.0/10\n" \ "VirtualAddrNetworkIPv6 [FE80::]/10\n" \ "SchedulerHighWaterMark__ 42\n" \ - "SchedulerLowWaterMark__ 10\n" + "SchedulerLowWaterMark__ 10\n" \ + "UseEntryGuards 1\n" typedef struct { or_options_t *old_opt; @@ -650,16 +652,18 @@ test_options_validate__authdir(void *ignored) setup_capture_of_logs(LOG_INFO); options_test_data_t *tdata = get_options_test_data( "AuthoritativeDirectory 1\n" - "Address this.should.not_exist.example.org"); + "Address this.should.not!exist!.example.org"); sandbox_disable_getaddrinfo_cache(); + MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); + UNMOCK(tor_addr_lookup); tt_int_op(ret, OP_EQ, -1); tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for" " details."); expect_log_msg("Could not resolve local Address " - "'this.should.not_exist.example.org'. Failing.\n"); + "'this.should.not!exist!.example.org'. Failing.\n"); tor_free(msg); free_options_test_data(tdata); @@ -1794,14 +1798,6 @@ test_options_validate__reachable_addresses(void *ignored) /* Test IPv4-only clients setting IPv6 preferences */ -#define WARN_PLEASE_USE_IPV6_OR_LOG_MSG \ - "ClientPreferIPv6ORPort 1 is ignored unless tor is using IPv6. " \ - "Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges.\n" - -#define WARN_PLEASE_USE_IPV6_DIR_LOG_MSG \ - "ClientPreferIPv6DirPort 1 is ignored unless tor is using IPv6. " \ - "Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges.\n" - free_options_test_data(tdata); tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES "ClientUseIPv4 1\n" @@ -1811,7 +1807,6 @@ test_options_validate__reachable_addresses(void *ignored) ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); tt_int_op(ret, OP_EQ, 0); - expect_log_msg(WARN_PLEASE_USE_IPV6_OR_LOG_MSG); tor_free(msg); free_options_test_data(tdata); @@ -1823,7 +1818,6 @@ test_options_validate__reachable_addresses(void *ignored) ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); tt_int_op(ret, OP_EQ, 0); - expect_log_msg(WARN_PLEASE_USE_IPV6_DIR_LOG_MSG); tor_free(msg); /* Now test an IPv4/IPv6 client setting IPv6 preferences */ @@ -1945,6 +1939,19 @@ test_options_validate__use_bridges(void *ignored) tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES "UseBridges 1\n" "Bridge 10.0.0.1\n" + "UseEntryGuards 0\n" + ); + + ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); + tt_int_op(ret, OP_EQ, -1); + tt_str_op(msg, OP_EQ, + "Setting UseBridges requires also setting UseEntryGuards."); + tor_free(msg); + + free_options_test_data(tdata); + tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES + "UseBridges 1\n" + "Bridge 10.0.0.1\n" "Bridge !!!\n" ); @@ -3037,6 +3044,7 @@ test_options_validate__proxy(void *ignored) options_test_data_t *tdata = NULL; sandbox_disable_getaddrinfo_cache(); setup_capture_of_logs(LOG_WARN); + MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); free_options_test_data(tdata); tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES @@ -3057,6 +3065,7 @@ test_options_validate__proxy(void *ignored) tor_free(msg); free_options_test_data(tdata); + tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES "HttpProxy not_so_valid!\n" ); @@ -3357,6 +3366,7 @@ test_options_validate__proxy(void *ignored) policies_free_all(); // sandbox_free_getaddrinfo_cache(); tor_free(msg); + UNMOCK(tor_addr_lookup); } static void diff --git a/src/test/test_policy.c b/src/test/test_policy.c index 4df40f618e..71a31118a1 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -1083,8 +1083,12 @@ test_policies_getinfo_helper_policies(void *arg) append_exit_policy_string(&mock_my_routerinfo.exit_policy, "reject *6:*"); mock_options.IPv6Exit = 1; - tor_addr_from_ipv4h(&mock_options.OutboundBindAddressIPv4_, TEST_IPV4_ADDR); - tor_addr_parse(&mock_options.OutboundBindAddressIPv6_, TEST_IPV6_ADDR); + tor_addr_from_ipv4h( + &mock_options.OutboundBindAddresses[OUTBOUND_ADDR_EXIT][0], + TEST_IPV4_ADDR); + tor_addr_parse( + &mock_options.OutboundBindAddresses[OUTBOUND_ADDR_EXIT][1], + TEST_IPV6_ADDR); mock_options.ExitPolicyRejectPrivate = 1; mock_options.ExitPolicyRejectLocalInterfaces = 1; diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c index 73e8d1047c..78f1cf16b7 100644 --- a/src/test/test_routerlist.c +++ b/src/test/test_routerlist.c @@ -204,55 +204,6 @@ mock_usable_consensus_flavor(void) return mock_usable_consensus_flavor_value; } -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM -static smartlist_t *mock_is_guard_list = NULL; - -static int -mock_is_node_used_as_guard(const node_t *n) -{ - if (mock_is_guard_list) { - SMARTLIST_FOREACH_BEGIN(mock_is_guard_list, node_t *, e) { - if (e == n) return 1; - } SMARTLIST_FOREACH_END(e); - } - - return 0; -} - -static void -mark_node_used_as_guard(node_t *n) -{ - if (!n) return; - - if (!mock_is_guard_list) { - mock_is_guard_list = smartlist_new(); - } - - if (!mock_is_node_used_as_guard(n)) { - smartlist_add(mock_is_guard_list, n); - } -} - -static void -mark_node_unused_as_guard(node_t *n) -{ - if (!n) return; - - if (!mock_is_guard_list) return; - - smartlist_remove(mock_is_guard_list, n); -} - -static void -clear_mock_guard_list(void) -{ - if (mock_is_guard_list) { - smartlist_free(mock_is_guard_list); - mock_is_guard_list = NULL; - } -} -#endif - static void test_router_pick_directory_server_impl(void *arg) { @@ -273,9 +224,6 @@ test_router_pick_directory_server_impl(void *arg) (void)arg; MOCK(usable_consensus_flavor, mock_usable_consensus_flavor); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - MOCK(is_node_used_as_guard, mock_is_node_used_as_guard); -#endif /* With no consensus, we must be bootstrapping, regardless of time or flavor */ @@ -388,34 +336,6 @@ test_router_pick_directory_server_impl(void *arg) node_router1->is_valid = 1; node_router3->is_valid = 1; -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - flags |= PDS_FOR_GUARD; - mark_node_used_as_guard(node_router1); - mark_node_used_as_guard(node_router2); - mark_node_used_as_guard(node_router3); - rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL); - tt_assert(rs == NULL); - mark_node_unused_as_guard(node_router1); - rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL); - tt_assert(rs != NULL); - tt_assert(tor_memeq(rs->identity_digest, router1_id, DIGEST_LEN)); - rs = NULL; - mark_node_unused_as_guard(node_router2); - mark_node_unused_as_guard(node_router3); -#endif - - /* One not valid, one guard. This should leave one remaining */ -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - node_router1->is_valid = 0; - mark_node_used_as_guard(node_router2); - rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL); - tt_assert(rs != NULL); - tt_assert(tor_memeq(rs->identity_digest, router3_id, DIGEST_LEN)); - rs = NULL; - node_router1->is_valid = 1; - mark_node_unused_as_guard(node_router2); -#endif - /* Manipulate overloaded */ node_router2->rs->last_dir_503_at = now; @@ -477,10 +397,6 @@ test_router_pick_directory_server_impl(void *arg) done: UNMOCK(usable_consensus_flavor); -#ifdef ENABLE_LEGACY_GUARD_ALGORITHM - UNMOCK(is_node_used_as_guard); - clear_mock_guard_list(); -#endif if (router1_id) tor_free(router1_id); diff --git a/src/test/test_util.c b/src/test/test_util.c index 86e3fea91a..fafb84f4fe 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -5479,26 +5479,26 @@ test_util_calloc_check(void *arg) { (void) arg; /* Easy cases that are good. */ - tt_assert(size_mul_check__(0,0)); - tt_assert(size_mul_check__(0,100)); - tt_assert(size_mul_check__(100,0)); - tt_assert(size_mul_check__(100,100)); + tt_assert(size_mul_check(0,0)); + tt_assert(size_mul_check(0,100)); + tt_assert(size_mul_check(100,0)); + tt_assert(size_mul_check(100,100)); /* Harder cases that are still good. */ - tt_assert(size_mul_check__(SIZE_MAX, 1)); - tt_assert(size_mul_check__(1, SIZE_MAX)); - tt_assert(size_mul_check__(SIZE_MAX / 10, 9)); - tt_assert(size_mul_check__(11, SIZE_MAX / 12)); + tt_assert(size_mul_check(SIZE_MAX, 1)); + tt_assert(size_mul_check(1, SIZE_MAX)); + tt_assert(size_mul_check(SIZE_MAX / 10, 9)); + tt_assert(size_mul_check(11, SIZE_MAX / 12)); const size_t sqrt_size_max_p1 = ((size_t)1) << (sizeof(size_t) * 4); - tt_assert(size_mul_check__(sqrt_size_max_p1, sqrt_size_max_p1 - 1)); + tt_assert(size_mul_check(sqrt_size_max_p1, sqrt_size_max_p1 - 1)); /* Cases that overflow */ - tt_assert(! size_mul_check__(SIZE_MAX, 2)); - tt_assert(! size_mul_check__(2, SIZE_MAX)); - tt_assert(! size_mul_check__(SIZE_MAX / 10, 11)); - tt_assert(! size_mul_check__(11, SIZE_MAX / 10)); - tt_assert(! size_mul_check__(SIZE_MAX / 8, 9)); - tt_assert(! size_mul_check__(sqrt_size_max_p1, sqrt_size_max_p1)); + tt_assert(! size_mul_check(SIZE_MAX, 2)); + tt_assert(! size_mul_check(2, SIZE_MAX)); + tt_assert(! size_mul_check(SIZE_MAX / 10, 11)); + tt_assert(! size_mul_check(11, SIZE_MAX / 10)); + tt_assert(! size_mul_check(SIZE_MAX / 8, 9)); + tt_assert(! size_mul_check(sqrt_size_max_p1, sqrt_size_max_p1)); done: ; diff --git a/src/test/test_util_format.c b/src/test/test_util_format.c index 1d58ba2bf8..21a6923c6d 100644 --- a/src/test/test_util_format.c +++ b/src/test/test_util_format.c @@ -202,6 +202,9 @@ test_util_format_base64_decode(void *ignored) res = base64_decode(dst, SIZE_T_CEILING+1, src, 10); tt_int_op(res, OP_EQ, -1); + res = base64_decode(dst, 1, real_src, SIZE_MAX/3+1); + tt_int_op(res, OP_EQ, -1); + const char *s = "T3BhIG11bmRv"; res = base64_decode(dst, 9, s, strlen(s)); tt_int_op(res, OP_EQ, 9); diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c index 29f85c4d17..6ac866d3c0 100644 --- a/src/tools/tor-resolve.c +++ b/src/tools/tor-resolve.c @@ -80,6 +80,10 @@ build_socks_resolve_request(char **out, } ipv6 = reverse && tor_addr_family(&addr) == AF_INET6; addrlen = reverse ? (ipv6 ? 16 : 4) : 1 + strlen(hostname); + if (addrlen > UINT8_MAX) { + log_err(LD_GENERAL, "Hostname is too long!"); + return -1; + } len = 6 + addrlen; *out = tor_malloc(len); (*out)[0] = 5; /* SOCKS version 5 */ diff --git a/src/trunnel/hs/cell_establish_intro.c b/src/trunnel/hs/cell_establish_intro.c index 02094fe2bf..633bd7c214 100644 --- a/src/trunnel/hs/cell_establish_intro.c +++ b/src/trunnel/hs/cell_establish_intro.c @@ -231,6 +231,11 @@ hs_cell_establish_intro_getconstarray_handshake_mac(const hs_cell_establish_intr { return (const uint8_t *)hs_cell_establish_intro_getarray_handshake_mac((hs_cell_establish_intro_t*)inp); } +const uint8_t * +hs_cell_establish_intro_get_end_sig_fields(const hs_cell_establish_intro_t *inp) +{ + return inp->end_sig_fields; +} uint16_t hs_cell_establish_intro_get_sig_len(const hs_cell_establish_intro_t *inp) { @@ -242,11 +247,6 @@ hs_cell_establish_intro_set_sig_len(hs_cell_establish_intro_t *inp, uint16_t val inp->sig_len = val; return 0; } -const uint8_t * -hs_cell_establish_intro_get_end_sig_fields(const hs_cell_establish_intro_t *inp) -{ - return inp->end_sig_fields; -} size_t hs_cell_establish_intro_getlen_sig(const hs_cell_establish_intro_t *inp) { @@ -518,12 +518,12 @@ hs_cell_establish_intro_parse_into(hs_cell_establish_intro_t *obj, const uint8_t CHECK_REMAINING(TRUNNEL_SHA3_256_LEN, truncated); memcpy(obj->handshake_mac, ptr, TRUNNEL_SHA3_256_LEN); remaining -= TRUNNEL_SHA3_256_LEN; ptr += TRUNNEL_SHA3_256_LEN; + obj->end_sig_fields = ptr; /* Parse u16 sig_len */ CHECK_REMAINING(2, truncated); obj->sig_len = trunnel_ntohs(trunnel_get_uint16(ptr)); remaining -= 2; ptr += 2; - obj->end_sig_fields = ptr; /* Parse u8 sig[sig_len] */ CHECK_REMAINING(obj->sig_len, truncated); diff --git a/src/trunnel/hs/cell_establish_intro.h b/src/trunnel/hs/cell_establish_intro.h index a9166f10d8..725d47cd85 100644 --- a/src/trunnel/hs/cell_establish_intro.h +++ b/src/trunnel/hs/cell_establish_intro.h @@ -19,8 +19,8 @@ struct hs_cell_establish_intro_st { struct cell_extension_st *extensions; const uint8_t *end_mac_fields; uint8_t handshake_mac[TRUNNEL_SHA3_256_LEN]; - uint16_t sig_len; const uint8_t *end_sig_fields; + uint16_t sig_len; TRUNNEL_DYNARRAY_HEAD(, uint8_t) sig; uint8_t trunnel_error_code_; }; @@ -170,6 +170,9 @@ uint8_t * hs_cell_establish_intro_getarray_handshake_mac(hs_cell_establish_intro * a const pointer */ const uint8_t * hs_cell_establish_intro_getconstarray_handshake_mac(const hs_cell_establish_intro_t *inp); +/** Return the position for end_sig_fields when we parsed this object + */ +const uint8_t * hs_cell_establish_intro_get_end_sig_fields(const hs_cell_establish_intro_t *inp); /** Return the value of the sig_len field of the * hs_cell_establish_intro_t in 'inp' */ @@ -179,9 +182,6 @@ uint16_t hs_cell_establish_intro_get_sig_len(const hs_cell_establish_intro_t *in * return -1 and set the error code on 'inp' on failure. */ int hs_cell_establish_intro_set_sig_len(hs_cell_establish_intro_t *inp, uint16_t val); -/** Return the position for end_sig_fields when we parsed this object - */ -const uint8_t * hs_cell_establish_intro_get_end_sig_fields(const hs_cell_establish_intro_t *inp); /** Return the length of the dynamic array holding the sig field of * the hs_cell_establish_intro_t in 'inp'. */ diff --git a/src/trunnel/hs/cell_establish_intro.trunnel b/src/trunnel/hs/cell_establish_intro.trunnel index 4f9e8f7e08..33a133bf67 100644 --- a/src/trunnel/hs/cell_establish_intro.trunnel +++ b/src/trunnel/hs/cell_establish_intro.trunnel @@ -26,9 +26,9 @@ struct hs_cell_establish_intro { u8 handshake_mac[TRUNNEL_SHA3_256_LEN]; /* Signature */ - u16 sig_len; /* Indicate the end of the handshake authentication data. */ @ptr end_sig_fields; + u16 sig_len; u8 sig[sig_len]; }; diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 208f627647..e111d96227 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -218,7 +218,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.3.0.1-alpha-dev" +#define VERSION "0.3.0.2-alpha-dev" |