7 files changed, 128 insertions, 15 deletions

diff --git a/changes/bug16651 b/changes/bug16651
new file mode 100644
index 0000000000..096daeaf70
--- /dev/null
+++ b/changes/bug16651
@@ -0,0 +1,5 @@
+  o Minor bugfixes (compilation):
+
+    - Fix search for libevent libraries on OpenBSD (and similar systems
+      which install libevent 1 and libevent 2 in parallel). Resolves
+      ticket 16651.  Patch from "rubiate".
diff --git a/changes/bug17551 b/changes/bug17551
new file mode 100644
index 0000000000..27e467979e
--- /dev/null
+++ b/changes/bug17551
@@ -0,0 +1,4 @@
+  o Minor bugfixes (compilation):
+    - When checking for net/pfvar.h, include netinet/in.h if possible.
+      This fixes transparent proxy detection on OpenBSD. Fixes bug
+      17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
diff --git a/changes/bug17589 b/changes/bug17589
new file mode 100644
index 0000000000..91103276df
--- /dev/null
+++ b/changes/bug17589
@@ -0,0 +1,7 @@
+  o Code simplificiation and refactoring:
+    - When a direct directory request fails immediately on launch,
+      instead of relaunching that request from inside the code that
+      launches it, instead mark the connection for teardown. This
+      change simplifies Tor's callback and prevents the directory-
+      request launching code from invoking itself recursively.
+      Closes ticket 17589.
\ No newline at end of file
diff --git a/configure.ac b/configure.ac
index 3bf2f471e0..82b933abc0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -501,9 +501,6 @@ AC_CHECK_MEMBERS([struct event.min_heap_idx], , ,
 AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h)
 
 LIBS="$save_LIBS"
-LDFLAGS="$save_LDFLAGS"
-CPPFLAGS="$save_CPPFLAGS"
-
 
 AM_CONDITIONAL(USE_EXTERNAL_EVDNS, test x$ac_cv_header_event2_dns_h = xyes)
 
@@ -514,9 +511,25 @@ if test "$enable_static_libevent" = "yes"; then
      TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS"
    fi
 else
-     TOR_LIBEVENT_LIBS="-levent"
+     if test x$ac_cv_header_event2_event_h = "xyes"; then
+       AC_SEARCH_LIBS(event_new, [event event_core])
+       AC_SEARCH_LIBS(evdns_base_new, [event event_extra])
+
+       if test $ac_cv_search_event_new != "none required"; then
+         TOR_LIBEVENT_LIBS="$ac_cv_search_event_new"
+       fi
+       if test $ac_cv_search_evdns_base_new != "none required"; then
+         TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS"
+       fi
+     else
+       TOR_LIBEVENT_LIBS="-levent"
+     fi
 fi
 
+LIBS="$save_LIBS"
+LDFLAGS="$save_LDFLAGS"
+CPPFLAGS="$save_CPPFLAGS"
+
 dnl This isn't the best test for Libevent 2.0.3-alpha.  Once it's released,
 dnl we can do much better.
 if test "$enable_bufferevents" = "yes" ; then
@@ -967,6 +980,9 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
 #endif
 #ifdef HAVE_NET_IF_H
 #include <net/if.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
 #endif])
 
 AC_CHECK_HEADERS(linux/if.h,[],[],
diff --git a/src/or/directory.c b/src/or/directory.c
index ffe4708fca..0a09e833cd 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -991,10 +991,7 @@ directory_initiate_command_rend(const tor_addr_t *_addr,
     switch (connection_connect(TO_CONN(conn), conn->base_.address, &addr,
                                dir_port, &socket_error)) {
       case -1:
-        connection_dir_request_failed(conn); /* retry if we want */
-        /* XXX we only pass 'conn' above, not 'resource', 'payload',
-         * etc. So in many situations it can't retry! -RD */
-        connection_free(TO_CONN(conn));
+        connection_mark_for_close(TO_CONN(conn));
         return;
       case 1:
         /* start flushing conn */
diff --git a/src/test/test.c b/src/test/test.c
index 0bc6292327..1c4c2921db 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -319,6 +319,11 @@ test_circuit_timeout(void *arg)
   int i, runs;
   double close_ms;
   (void)arg;
+  tor_libevent_cfg cfg;
+
+  memset(&cfg, 0, sizeof(cfg));
+
+  tor_libevent_initialize(&cfg);
   initialize_periodic_events();
 
   circuit_build_times_init(&initial);
@@ -1114,7 +1119,7 @@ static struct testcase_t test_array[] = {
   { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL },
   ENT(onion_queues),
   { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL },
-  ENT(circuit_timeout),
+  FORK(circuit_timeout),
   FORK(rend_fns),
   ENT(geoip),
   FORK(geoip_with_pt),
diff --git a/src/test/test_policy.c b/src/test/test_policy.c
index 52360f3c79..63672ea6cd 100644
--- a/src/test/test_policy.c
+++ b/src/test/test_policy.c
@@ -692,8 +692,44 @@ test_policies_reject_port_address(void *arg)
   UNMOCK(get_configured_ports);
 }
 
-#undef TEST_IPV4_ADDR
-#undef TEST_IPV6_ADDR
+smartlist_t *mock_ipv4_addrs = NULL;
+smartlist_t *mock_ipv6_addrs = NULL;
+
+/* mock get_interface_address6_list, returning a deep copy of the template
+ * address list ipv4_interface_address_list or ipv6_interface_address_list */
+static smartlist_t *
+mock_get_interface_address6_list(int severity,
+                            sa_family_t family,
+                            int include_internal)
+{
+  (void)severity;
+  (void)include_internal;
+  smartlist_t *clone_list = smartlist_new();
+  smartlist_t *template_list = NULL;
+
+  if (family == AF_INET) {
+    template_list = mock_ipv4_addrs;
+  } else if (family == AF_INET6) {
+    template_list = mock_ipv6_addrs;
+  } else {
+    return NULL;
+  }
+
+  tt_assert(template_list);
+
+  SMARTLIST_FOREACH_BEGIN(template_list, tor_addr_t *, src_addr) {
+    tor_addr_t *dest_addr = malloc(sizeof(tor_addr_t));
+    memset(dest_addr, 0, sizeof(*dest_addr));
+    tor_addr_copy_tight(dest_addr, src_addr);
+    smartlist_add(clone_list, dest_addr);
+  } SMARTLIST_FOREACH_END(src_addr);
+
+  return clone_list;
+
+ done:
+  free_interface_address6_list(clone_list);
+  return NULL;
+}
 
 /** Run unit tests for rejecting publicly routable interface addresses on this
  * exit relay using policies_parse_exit_policy_reject_private */
@@ -705,6 +741,7 @@ test_policies_reject_interface_address(void *arg)
     get_interface_address6_list(LOG_INFO, AF_INET, 0);
   smartlist_t *public_ipv6_addrs =
     get_interface_address6_list(LOG_INFO, AF_INET6, 0);
+  tor_addr_t ipv4_addr, ipv6_addr;
   (void)arg;
 
   /* test that no addresses are rejected when none are supplied/requested */
@@ -712,30 +749,72 @@ test_policies_reject_interface_address(void *arg)
   tt_assert(policy == NULL);
 
   /* test that only IPv4 interface addresses are rejected on an IPv4-only exit
+   * (and allow for duplicates)
    */
   policies_parse_exit_policy_reject_private(&policy, 0, NULL, 1, 0);
   if (policy) {
-    tt_assert(smartlist_len(policy) == smartlist_len(public_ipv4_addrs));
+    tt_assert(smartlist_len(policy) <= smartlist_len(public_ipv4_addrs));
     addr_policy_list_free(policy);
     policy = NULL;
   }
 
   /* test that IPv4 and IPv6 interface addresses are rejected on an IPv4/IPv6
-   * exit */
-  policies_parse_exit_policy_reject_private(&policy, 0, NULL, 1, 0);
+   * exit (and allow for duplicates) */
+  policies_parse_exit_policy_reject_private(&policy, 1, NULL, 1, 0);
   if (policy) {
-    tt_assert(smartlist_len(policy) == (smartlist_len(public_ipv4_addrs)
+    tt_assert(smartlist_len(policy) <= (smartlist_len(public_ipv4_addrs)
                                         + smartlist_len(public_ipv6_addrs)));
     addr_policy_list_free(policy);
     policy = NULL;
   }
 
+  /* Now do it all again, but mocked */
+  tor_addr_from_ipv4h(&ipv4_addr, TEST_IPV4_ADDR);
+  mock_ipv4_addrs = smartlist_new();
+  smartlist_add(mock_ipv4_addrs, (void *)&ipv4_addr);
+
+  tor_addr_parse(&ipv6_addr, TEST_IPV6_ADDR);
+  mock_ipv6_addrs = smartlist_new();
+  smartlist_add(mock_ipv6_addrs, (void *)&ipv6_addr);
+
+  MOCK(get_interface_address6_list, mock_get_interface_address6_list);
+
+  /* test that no addresses are rejected when none are supplied/requested */
+  policies_parse_exit_policy_reject_private(&policy, 0, NULL, 0, 0);
+  tt_assert(policy == NULL);
+
+  /* test that only IPv4 interface addresses are rejected on an IPv4-only exit
+   */
+  policies_parse_exit_policy_reject_private(&policy, 0, NULL, 1, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == smartlist_len(mock_ipv4_addrs));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
+  /* test that IPv4 and IPv6 interface addresses are rejected on an IPv4/IPv6
+   * exit */
+  policies_parse_exit_policy_reject_private(&policy, 1, NULL, 1, 0);
+  tt_assert(policy);
+  tt_assert(smartlist_len(policy) == (smartlist_len(mock_ipv4_addrs)
+                                      + smartlist_len(mock_ipv6_addrs)));
+  addr_policy_list_free(policy);
+  policy = NULL;
+
  done:
   addr_policy_list_free(policy);
   free_interface_address6_list(public_ipv4_addrs);
   free_interface_address6_list(public_ipv6_addrs);
+
+  UNMOCK(get_interface_address6_list);
+  /* we don't use free_interface_address6_list on these lists because their
+   * address pointers are stack-based */
+  smartlist_free(mock_ipv4_addrs);
+  smartlist_free(mock_ipv6_addrs);
 }
 
+#undef TEST_IPV4_ADDR
+#undef TEST_IPV6_ADDR
+
 static void
 test_dump_exit_policy_to_string(void *arg)
 {