diff options
Diffstat (limited to 'src')
77 files changed, 432 insertions, 616 deletions
diff --git a/src/app/config/config.c b/src/app/config/config.c index e02bcf0387..6b07d58240 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -624,7 +624,6 @@ static const config_var_t option_vars_[] = { V(RejectPlaintextPorts, CSV, ""), V(RelayBandwidthBurst, MEMUNIT, "0"), V(RelayBandwidthRate, MEMUNIT, "0"), - V(RendPostPeriod, INTERVAL, "1 hour"), /* Used internally. */ V(RephistTrackTime, INTERVAL, "24 hours"), V_IMMUTABLE(RunAsDaemon, BOOL, "0"), V(ReducedExitPolicy, BOOL, "0"), @@ -2974,19 +2973,11 @@ config_ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg) return 0; } -/** Lowest allowable value for RendPostPeriod; if this is too low, hidden - * services can overload the directory system. */ -#define MIN_REND_POST_PERIOD (10*60) -#define MIN_REND_POST_PERIOD_TESTING (5) - /** Highest allowable value for CircuitsAvailableTimeout. * If this is too large, client connections will stay open for too long, * incurring extra padding overhead. */ #define MAX_CIRCS_AVAILABLE_TIME (24*60*60) -/** Highest allowable value for RendPostPeriod. */ -#define MAX_DIR_PERIOD ((7*24*60*60)/2) - /** Lowest allowable value for MaxCircuitDirtiness; if this is too low, Tor * will generate too many circuits and potentially overload the network. */ #define MIN_MAX_CIRCUIT_DIRTINESS 10 @@ -3546,21 +3537,6 @@ options_validate_cb(const void *old_options_, void *options_, char **msg) if (options_validate_relay_padding(old_options, options, msg) < 0) return -1; - const int min_rendpostperiod = - options->TestingTorNetwork ? - MIN_REND_POST_PERIOD_TESTING : MIN_REND_POST_PERIOD; - if (options->RendPostPeriod < min_rendpostperiod) { - log_warn(LD_CONFIG, "RendPostPeriod option is too short; " - "raising to %d seconds.", min_rendpostperiod); - options->RendPostPeriod = min_rendpostperiod; - } - - if (options->RendPostPeriod > MAX_DIR_PERIOD) { - log_warn(LD_CONFIG, "RendPostPeriod is too large; clipping to %ds.", - MAX_DIR_PERIOD); - options->RendPostPeriod = MAX_DIR_PERIOD; - } - /* Check the Single Onion Service options */ if (options_validate_single_onion(options, msg) < 0) return -1; @@ -7280,7 +7256,7 @@ getinfo_helper_config(control_connection_t *conn, } /* Check whether an address has already been set against the options - * depending on address family and destination type. Any exsting + * depending on address family and destination type. Any existing * value will lead to a fail, even if it is the same value. If not * set and not only validating, copy it into this location too. * Returns 0 on success or -1 if this address is already set. diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 290a2bb9b4..0811af1388 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -396,8 +396,6 @@ struct or_options_t { /** List of suffixes for <b>AutomapHostsOnResolve</b>. The special value * "." means "match everything." */ struct smartlist_t *AutomapHostsSuffixes; - int RendPostPeriod; /**< How often do we post each rendezvous service - * descriptor? Remember to publish them independently. */ int KeepalivePeriod; /**< How often do we send padding cells to keep * connections alive? */ int SocksTimeout; /**< How long do we let a socks connection wait diff --git a/src/app/config/resolve_addr.c b/src/app/config/resolve_addr.c index 09d4b800f6..130998b7c8 100644 --- a/src/app/config/resolve_addr.c +++ b/src/app/config/resolve_addr.c @@ -810,7 +810,7 @@ find_my_address(const or_options_t *options, int family, int warn_severity, * want to learn here if the address is considered to come from the * Internet basically. * - * @param addr The address to test if local and also test against our resovled + * @param addr The address to test if local and also test against our resolved * address. * * @return True iff address is considered local or else False. diff --git a/src/app/config/testnet.inc b/src/app/config/testnet.inc index 039454a0d0..2774a4c8ea 100644 --- a/src/app/config/testnet.inc +++ b/src/app/config/testnet.inc @@ -30,5 +30,4 @@ { "TestingDirConnectionMaxStall", "30 seconds" }, { "TestingEnableConnBwEvent", "1" }, { "TestingEnableCellStatsEvent", "1" }, -{ "RendPostPeriod", "2 minutes" }, { "___UsingTestNetworkDefaults", "1" }, diff --git a/src/config/include.am b/src/config/include.am index ee38934938..351f32f575 100644 --- a/src/config/include.am +++ b/src/config/include.am @@ -12,9 +12,3 @@ EXTRA_DIST+= \ conf_DATA = src/config/torrc.sample tordata_DATA = src/config/geoip src/config/geoip6 -# fallback_consensus - -# If we don't have it, fake it. -src_config_fallback-consensus: - touch src/config/fallback-consensus - diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in index edc30d043c..639d7c4d68 100644 --- a/src/config/torrc.sample.in +++ b/src/config/torrc.sample.in @@ -10,7 +10,7 @@ ## for more options you can use in this file. ## ## Tor will look for this file in various places based on your platform: -## https://www.torproject.org/docs/faq#torrc +## https://support.torproject.org/tbb/tbb-editing-torrc/ ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only @@ -78,7 +78,7 @@ ################ This section is just for relays ##################### # -## See https://www.torproject.org/docs/tor-doc-relay for details. +## See https://community.torproject.org/relay for details. ## Required: what port to advertise for incoming Tor connections. #ORPort 9001 @@ -166,7 +166,7 @@ ## key fingerprint of each Tor relay you control, even if they're on ## different networks. You declare it here so Tor clients can avoid ## using more than one of your relays in a single circuit. See -## https://www.torproject.org/docs/faq#MultipleRelays +## https://support.torproject.org/relay-operators/multiple-relays/ ## However, you should never include a bridge's fingerprint here, as it would ## break its concealability and potentially reveal its IP/TCP address. ## @@ -204,9 +204,9 @@ ## reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) ## the default exit policy. Leave commented to just use the default, which is ## described in the man page or at -## https://www.torproject.org/documentation.html +## https://support.torproject.org/relay-operators ## -## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses +## Look at https://support.torproject.org/abuse/exit-relay-expectations/ ## for issues you might encounter if you use the default exit policy. ## ## If certain IPs and ports are blocked externally, e.g. by your firewall, @@ -242,11 +242,11 @@ #BridgeDistribution none ## Configuration options can be imported from files or folders using the %include -## option with the value being a path. This path can have wildcards. Wildcards are -## expanded first, using lexical order. Then, for each matching file or folder, the following -## rules are followed: if the path is a file, the options from the file will be parsed as if -## they were written where the %include option is. If the path is a folder, all files on that -## folder will be parsed following lexical order. Files starting with a dot are ignored. Files +## option with the value being a path. This path can have wildcards. Wildcards are +## expanded first, using lexical order. Then, for each matching file or folder, the following +## rules are followed: if the path is a file, the options from the file will be parsed as if +## they were written where the %include option is. If the path is a folder, all files on that +## folder will be parsed following lexical order. Files starting with a dot are ignored. Files ## on subfolders are ignored. ## The %include option can be used recursively. #%include /etc/torrc.d/*.conf diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index cf25213cb1..7204b69e54 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -1284,6 +1284,17 @@ socket_failed_from_fd_exhaustion(void) warn_about_resource_exhaution(); } +/** + * A socket failed from TCP port exhaustion. + * + * Note down TCP port exhaustion and log a warning. */ +static inline void +socket_failed_from_tcp_port_exhaustion(void) +{ + rep_hist_note_tcp_exhaustion(); + warn_about_resource_exhaution(); +} + #ifdef HAVE_SYS_UN_H #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0 @@ -2222,13 +2233,6 @@ connection_connect_sockaddr,(connection_t *conn, tor_socket_strerror(errno)); } - /* - * We've got the socket open; give the OOS handler a chance to check - * against configured maximum socket number, but tell it no exhaustion - * failure. - */ - connection_check_oos(get_n_open_sockets(), 0); - /* From ip(7): Inform the kernel to not reserve an ephemeral port when using * bind(2) with a port number of 0. The port will later be automatically * chosen at connect(2) time, in a way that allows sharing a source port as @@ -2255,12 +2259,25 @@ connection_connect_sockaddr,(connection_t *conn, if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) { *socket_error = tor_socket_errno(s); - log_warn(LD_NET,"Error binding network socket: %s", - tor_socket_strerror(*socket_error)); + if (ERRNO_IS_EADDRINUSE(*socket_error)) { + socket_failed_from_tcp_port_exhaustion(); + connection_check_oos(get_n_open_sockets(), 1); + } else { + log_warn(LD_NET,"Error binding network socket: %s", + tor_socket_strerror(*socket_error)); + connection_check_oos(get_n_open_sockets(), 0); + } tor_close_socket(s); return -1; } + /* + * We've got the socket open and bound; give the OOS handler a chance to + * check against configured maximum socket number, but tell it no exhaustion + * failure. + */ + connection_check_oos(get_n_open_sockets(), 0); + tor_assert(options); if (options->ConstrainedSockets) set_constrained_socket_buffers(s, (int)options->ConstrainedSockSize); diff --git a/src/core/mainloop/cpuworker.c b/src/core/mainloop/cpuworker.c index 39d4899075..9ad8939e4d 100644 --- a/src/core/mainloop/cpuworker.c +++ b/src/core/mainloop/cpuworker.c @@ -129,7 +129,7 @@ cpu_init(void) always make sure we have at least two threads, so that there will be at least one thread of each kind. */ - const int n_threads = get_num_cpus(get_options()) + 1; + const int n_threads = MAX(get_num_cpus(get_options()), 2); threadpool = threadpool_new(n_threads, replyqueue, worker_state_new, diff --git a/src/core/mainloop/mainloop.c b/src/core/mainloop/mainloop.c index 526f8c37af..8e1b33e56e 100644 --- a/src/core/mainloop/mainloop.c +++ b/src/core/mainloop/mainloop.c @@ -274,16 +274,8 @@ connection_add_impl(connection_t *conn, int is_connecting) void connection_unregister_events(connection_t *conn) { - if (conn->read_event) { - if (event_del(conn->read_event)) - log_warn(LD_BUG, "Error removing read event for %d", (int)conn->s); - tor_free(conn->read_event); - } - if (conn->write_event) { - if (event_del(conn->write_event)) - log_warn(LD_BUG, "Error removing write event for %d", (int)conn->s); - tor_free(conn->write_event); - } + tor_event_free(conn->read_event); + tor_event_free(conn->write_event); if (conn->type == CONN_TYPE_AP_DNS_LISTENER) { dnsserv_close_listener(conn); } diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index 511df4112b..257d33f1ab 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -11,7 +11,7 @@ * constructing/sending create/extend cells, and so on). * * On the client side, this module handles launching circuits. Circuit - * launches are srtarted from circuit_establish_circuit(), called from + * launches are started from circuit_establish_circuit(), called from * circuit_launch_by_extend_info()). To choose the path the circuit will * take, onion_extend_cpath() calls into a maze of node selection functions. * diff --git a/src/core/or/circuitlist.c b/src/core/or/circuitlist.c index 50dc2ee338..cea3a2136f 100644 --- a/src/core/or/circuitlist.c +++ b/src/core/or/circuitlist.c @@ -2831,3 +2831,27 @@ assert_circuit_ok,(const circuit_t *c)) tor_assert(!or_circ || !or_circ->rend_splice); } } + +/** Return true iff the circuit queue for the given direction is full that is + * above the high watermark. */ +bool +circuit_is_queue_full(const circuit_t *circ, cell_direction_t direction) +{ + int queue_size; + + tor_assert(circ); + + /* Gather objects we need based on cell direction. */ + if (direction == CELL_DIRECTION_OUT) { + /* Outbound. */ + queue_size = circ->n_chan_cells.n; + } else { + /* Inbound. */ + queue_size = CONST_TO_OR_CIRCUIT(circ)->p_chan_cells.n; + } + + /* Then check if our cell queue has reached its high watermark as in its + * upper limit. This is so we avoid too much memory pressure by queuing a + * large amount of cells. */ + return queue_size >= cell_queue_highwatermark(); +} diff --git a/src/core/or/circuitlist.h b/src/core/or/circuitlist.h index 541a708de2..49ded11f12 100644 --- a/src/core/or/circuitlist.h +++ b/src/core/or/circuitlist.h @@ -247,6 +247,8 @@ MOCK_DECL(void, channel_note_destroy_not_pending, smartlist_t *circuit_find_circuits_to_upgrade_from_guard_wait(void); +bool circuit_is_queue_full(const circuit_t *circ, cell_direction_t direction); + /* Declare the handle helpers */ HANDLE_DECL(circuit, circuit_t, ) #define circuit_handle_free(h) \ diff --git a/src/core/or/circuitstats.c b/src/core/or/circuitstats.c index f55771c79e..7a6c2014bf 100644 --- a/src/core/or/circuitstats.c +++ b/src/core/or/circuitstats.c @@ -709,7 +709,7 @@ circuit_build_times_handle_completed_hop(origin_circuit_t *circ) * Switch their purpose and wait. */ if (circ->base_.purpose != CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT) { log_info(LD_CIRC, - "Deciding to timeout circuit %"PRIu32"\n", + "Deciding to timeout circuit %"PRIu32, (circ->global_identifier)); circuit_build_times_mark_circ_as_measurement_only(circ); } @@ -1018,6 +1018,18 @@ circuit_build_times_parse_state(circuit_build_times_t *cbt, return 0; } + /* We had a case where someone removed their TotalBuildTimes from the state + * files while having CircuitBuildAbandonedCount above 0 leading to a + * segfault (#40437). Simply bug on it and return an error so at least the + * user will learn that they broke the state file. */ + if (BUG(state->TotalBuildTimes <= 0 && + state->CircuitBuildAbandonedCount > 0)) { + log_warn(LD_GENERAL, "CircuitBuildAbandonedCount count is above 0 but " + "no TotalBuildTimes have been found. Unable to " + "parse broken state file"); + return -1; + } + /* build_time_t 0 means uninitialized */ loaded_times = tor_calloc(state->TotalBuildTimes, sizeof(build_time_t)); diff --git a/src/core/or/congestion_control_common.c b/src/core/or/congestion_control_common.c index f5b7740bed..b11edbad67 100644 --- a/src/core/or/congestion_control_common.c +++ b/src/core/or/congestion_control_common.c @@ -127,7 +127,7 @@ static uint8_t n_ewma_ss; static uint8_t bwe_sendme_min; /** - * Percentage of the current RTT to use when reseting the minimum RTT + * Percentage of the current RTT to use when resetting the minimum RTT * for a circuit. (RTT is reset when the cwnd hits cwnd_min). */ static uint8_t rtt_reset_pct; diff --git a/src/core/or/congestion_control_st.h b/src/core/or/congestion_control_st.h index 0cc4e43938..84d36868de 100644 --- a/src/core/or/congestion_control_st.h +++ b/src/core/or/congestion_control_st.h @@ -41,8 +41,8 @@ typedef enum { * Prop#324: TOR_NOLA - NOLA looks the BDP right in the eye and uses it * immediately as CWND. No slow start, no other congestion signals, no delay, * no bullshit. Like TOR_VEGAS, it also uses aggressive BDP estimates, to - * avoid out-competition. It seems a bit better throughput than Vegas, - * but its agressive BDP and rapid updates may lead to more queue latency. */ + * avoid out-competition. It seems a bit better throughput than Vegas, but + * its aggressive BDP and rapid updates may lead to more queue latency. */ CC_ALG_NOLA = 3, } cc_alg_t; diff --git a/src/core/or/congestion_control_vegas.c b/src/core/or/congestion_control_vegas.c index b82c685d51..f903624d23 100644 --- a/src/core/or/congestion_control_vegas.c +++ b/src/core/or/congestion_control_vegas.c @@ -467,7 +467,7 @@ congestion_control_vegas_process_sendme(congestion_control_t *cc, } else { uint64_t old_cwnd = cc->cwnd; - /* Congestion signal: Set cwnd to gamma threshhold */ + /* Congestion signal: Set cwnd to gamma threshold */ cc->cwnd = vegas_bdp(cc) + cc->vegas_params.gamma; /* Compute the percentage we experience a blocked csig vs RTT sig */ @@ -506,8 +506,8 @@ congestion_control_vegas_process_sendme(congestion_control_t *cc, uint64_t old_cwnd = cc->cwnd; uint64_t cwnd_diff; - /* If we are above the delta threshhold, drop cwnd down to the - * delta threshhold. */ + /* If we are above the delta threshold, drop cwnd down to the + * delta threshold. */ cc->cwnd = vegas_bdp(cc) + cc->vegas_params.delta - CWND_INC(cc); /* Account the amount we reduced the cwnd by for the gamma cutoff */ diff --git a/src/core/or/connection_st.h b/src/core/or/connection_st.h index d3a230daa0..87ab6af8d9 100644 --- a/src/core/or/connection_st.h +++ b/src/core/or/connection_st.h @@ -88,7 +88,7 @@ struct connection_t { * connection. */ unsigned int linked_conn_is_closed:1; /** True iff this connection was opened from a listener and thus we've - * recevied this connection. Else, it means we've initiated an outbound + * received this connection. Else, it means we've initiated an outbound * connection. */ unsigned int from_listener:1; diff --git a/src/core/or/dos.c b/src/core/or/dos.c index 5bf7d148d7..11a0edcc6a 100644 --- a/src/core/or/dos.c +++ b/src/core/or/dos.c @@ -558,7 +558,7 @@ conn_update_on_close(conn_client_stats_t *stats, const tor_addr_t *addr) { /* Extra super duper safety. Going below 0 means an underflow which could * lead to most likely a false positive. In theory, this should never happen - * but lets be extra safe. */ + * but let's be extra safe. */ if (BUG(stats->concurrent_count == 0)) { return; } @@ -673,7 +673,7 @@ dos_cc_new_create_cell(channel_t *chan) /* This is the detection. Assess at every CREATE cell if the client should * get marked as malicious. This should be kept as fast as possible. */ if (cc_has_exhausted_circuits(&entry->dos_stats)) { - /* If this is the first time we mark this entry, log it a info level. + /* If this is the first time we mark this entry, log it. * Under heavy DDoS, logging each time we mark would results in lots and * lots of logs. */ if (entry->dos_stats.cc_stats.marked_until_ts == 0) { diff --git a/src/core/or/or.h b/src/core/or/or.h index dc8f516f0a..c6d9864b53 100644 --- a/src/core/or/or.h +++ b/src/core/or/or.h @@ -436,10 +436,6 @@ typedef enum { #define LEGAL_NICKNAME_CHARACTERS \ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" -/** Name to use in client TLS certificates if no nickname is given. Once - * Tor 0.1.2.x is obsolete, we can remove this. */ -#define DEFAULT_CLIENT_NICKNAME "client" - /** Name chosen by routers that don't configure nicknames */ #define UNNAMED_ROUTER_NICKNAME "Unnamed" diff --git a/src/core/or/or_connection_st.h b/src/core/or/or_connection_st.h index aceed4d2c4..97dfe7a637 100644 --- a/src/core/or/or_connection_st.h +++ b/src/core/or/or_connection_st.h @@ -28,7 +28,7 @@ struct or_connection_t { /** This is the ClientHash value we expect to receive from the * client during the Extended ORPort authentication protocol. We - * compute it upon receiving the ClientNoce from the client, and we + * compute it upon receiving the ClientNonce from the client, and we * compare it with the actual ClientHash value sent by the * client. */ char *ext_or_auth_correct_client_hash; diff --git a/src/core/or/relay.c b/src/core/or/relay.c index 39a7b783ab..1d66fde4ba 100644 --- a/src/core/or/relay.c +++ b/src/core/or/relay.c @@ -3039,10 +3039,23 @@ channel_flush_from_first_active_circuit, (channel_t *chan, int max)) streams_blocked = circ->streams_blocked_on_p_chan; } - /* Circuitmux told us this was active, so it should have cells */ - if (/*BUG(*/ queue->n == 0 /*)*/) { - log_warn(LD_BUG, "Found a supposedly active circuit with no cells " - "to send. Trying to recover."); + /* Circuitmux told us this was active, so it should have cells. + * + * Note: In terms of logic and coherence, this should never happen but the + * cmux dragon is powerful. Reason is that when the OOM is triggered, when + * cleaning up circuits, we mark them for close and then clear their cell + * queues. And so, we can have a circuit considered active by the cmux + * dragon but without cells. The cmux subsystem is only notified of this + * when the circuit is freed which leaves a tiny window between close and + * free to end up here. + * + * We are accepting this as an "ok" race else the changes are likely non + * trivial to make the mark for close to set the num cells to 0 and change + * the free functions to detach the circuit conditionally without creating + * a chain effect of madness. + * + * The lesson here is arti will prevail and leave the cmux dragon alone. */ + if (queue->n == 0) { circuitmux_set_num_cells(cmux, circ, 0); if (! circ->marked_for_close) circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL); @@ -3137,7 +3150,7 @@ channel_flush_from_first_active_circuit, (channel_t *chan, int max)) /* Minimum value is the maximum circuit window size. * * This value is set to a lower bound we believe is reasonable with congestion - * control and basic network tunning parameters. + * control and basic network running parameters. * * SENDME cells makes it that we can control how many cells can be inflight on * a circuit from end to end. This logic makes it that on any circuit cell @@ -3170,7 +3183,7 @@ channel_flush_from_first_active_circuit, (channel_t *chan, int max)) #define RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT \ (50 * RELAY_CIRC_CELL_QUEUE_SIZE_MIN) -/* The maximum number of cell a circuit queue can contain. This is updated at +/* The maximum number of cells a circuit queue can contain. This is updated at * every new consensus and controlled by a parameter. */ static int32_t max_circuit_cell_queue_size = RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT; diff --git a/src/core/or/sendme.c b/src/core/or/sendme.c index 90f4dfcf05..4bb5c268b0 100644 --- a/src/core/or/sendme.c +++ b/src/core/or/sendme.c @@ -351,7 +351,7 @@ circuit_sendme_cell_is_next(int deliver_window, int sendme_inc) * * Because deliver_window starts at CIRCWINDOW_START and counts down, * to get the actual number of received cells for this check, we must - * first convert to receieved cells, or the modulus operator will fail. + * first convert to received cells, or the modulus operator will fail. */ tor_assert(deliver_window <= CIRCWINDOW_START); if (((CIRCWINDOW_START - (deliver_window - 1)) % sendme_inc) != 0) { diff --git a/src/ext/Makefile.nmake b/src/ext/Makefile.nmake deleted file mode 100644 index d02d03bf41..0000000000 --- a/src/ext/Makefile.nmake +++ /dev/null @@ -1,12 +0,0 @@ -all: csiphash.lib - -CFLAGS = /O2 /MT /I ..\win32 /I ..\..\..\build-alpha\include /I ..\common \ - /I ..\ext - -CSIPHASH_OBJECTS = csiphash.obj - -csiphash.lib: $(CSIPHASH_OBJECTS) - lib $(CSIPHASH_OBJECTS) $(CURVE25519_DONNA_OBJECTS) /out:csiphash.lib - -clean: - del *.obj *.lib diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index e7324487da..9abaf78624 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -1895,7 +1895,7 @@ make_guard_confirmed(guard_selection_t *gs, entry_guard_t *guard) guard->confirmed_idx = gs->next_confirmed_idx++; smartlist_add(gs->confirmed_entry_guards, guard); - /** The confirmation ordering might not be the sample ording. We need to + /** The confirmation ordering might not be the sample ordering. We need to * reorder */ smartlist_sort(gs->confirmed_entry_guards, compare_guards_by_sampled_idx); diff --git a/src/feature/control/getinfo_geoip.c b/src/feature/control/getinfo_geoip.c index be89c2c641..e2d277f256 100644 --- a/src/feature/control/getinfo_geoip.c +++ b/src/feature/control/getinfo_geoip.c @@ -44,10 +44,7 @@ getinfo_helper_geoip(control_connection_t *control_conn, *errmsg = "GeoIP data not loaded"; return -1; } - if (family == AF_INET) - c = geoip_get_country_by_ipv4(tor_addr_to_ipv4h(&addr)); - else /* AF_INET6 */ - c = geoip_get_country_by_ipv6(tor_addr_to_in6(&addr)); + c = geoip_get_country_by_addr(&addr); *answer = tor_strdup(geoip_get_country_name(c)); } return 0; diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index a43ed285ce..e2056c9cc7 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -86,11 +86,12 @@ CONF_VAR(AuthDirVoteGuard, ROUTERSET, 0, NULL) CONF_VAR(AuthDirVoteStableGuaranteeMinUptime, INTERVAL, 0, "30 days") /** If a relay's MTBF is at least this value, then it is always stable. See - * above. */ + * above. (Corresponds to about 7 days for current decay rates.) */ CONF_VAR(AuthDirVoteStableGuaranteeMTBF, INTERVAL, 0, "5 days") /** A relay with at least this much weighted time known can be considered - * familiar enough to be a guard. */ + * familiar enough to be a guard. (Corresponds to about 20 days for current + * decay rates.) */ CONF_VAR(AuthDirVoteGuardGuaranteeTimeKnown, INTERVAL, 0, "8 days") /** A relay with sufficient WFU is around enough to be a guard. */ diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index 1bb4fd7de1..b9f022bebd 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -390,7 +390,8 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, rsf = routerstatus_format_entry(&vrs->status, vrs->version, vrs->protocols, NS_V3_VOTE, - vrs); + vrs, + -1); if (rsf) smartlist_add(chunks, rsf); @@ -618,8 +619,8 @@ compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b) * the descriptor digests matched, so somebody is making SHA1 collisions. */ #define CMP_FIELD(utype, itype, field) do { \ - utype aval = (utype) (itype) a->status.field; \ - utype bval = (utype) (itype) b->status.field; \ + utype aval = (utype) (itype) a->field; \ + utype bval = (utype) (itype) b->field; \ utype u = bval - aval; \ itype r2 = (itype) u; \ if (r2 < 0) { \ @@ -638,8 +639,8 @@ compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b) CMP_EXACT))) { return r; } - CMP_FIELD(unsigned, int, ipv4_orport); - CMP_FIELD(unsigned, int, ipv4_dirport); + CMP_FIELD(unsigned, int, status.ipv4_orport); + CMP_FIELD(unsigned, int, status.ipv4_dirport); return 0; } @@ -692,10 +693,10 @@ compute_routerstatus_consensus(smartlist_t *votes, int consensus_method, } else { if (cur && (cur_n > most_n || (cur_n == most_n && - cur->status.published_on > most_published))) { + cur->published_on > most_published))) { most = cur; most_n = cur_n; - most_published = cur->status.published_on; + most_published = cur->published_on; } cur_n = 1; cur = rs; @@ -703,7 +704,7 @@ compute_routerstatus_consensus(smartlist_t *votes, int consensus_method, } SMARTLIST_FOREACH_END(rs); if (cur_n > most_n || - (cur && cur_n == most_n && cur->status.published_on > most_published)) { + (cur && cur_n == most_n && cur->published_on > most_published)) { most = cur; // most_n = cur_n; // unused after this point. // most_published = cur->status.published_on; // unused after this point. @@ -2047,7 +2048,6 @@ networkstatus_compute_consensus(smartlist_t *votes, memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest, DIGEST_LEN); tor_addr_copy(&rs_out.ipv4_addr, &rs->status.ipv4_addr); - rs_out.published_on = rs->status.published_on; rs_out.ipv4_dirport = rs->status.ipv4_dirport; rs_out.ipv4_orport = rs->status.ipv4_orport; tor_addr_copy(&rs_out.ipv6_addr, &alt_orport.addr); @@ -2055,6 +2055,21 @@ networkstatus_compute_consensus(smartlist_t *votes, rs_out.has_bandwidth = 0; rs_out.has_exitsummary = 0; + time_t published_on = rs->published_on; + + /* Starting with this consensus method, we no longer include a + meaningful published_on time for microdescriptor consensuses. This + makes their diffs smaller and more compressible. + + We need to keep including a meaningful published_on time for NS + consensuses, however, until 035 relays are all obsolete. (They use + it for a purpose similar to the current StaleDesc flag.) + */ + if (consensus_method >= MIN_METHOD_TO_SUPPRESS_MD_PUBLISHED && + flavor == FLAV_MICRODESC) { + published_on = -1; + } + if (chosen_name && !naming_conflict) { strlcpy(rs_out.nickname, chosen_name, sizeof(rs_out.nickname)); } else { @@ -2276,7 +2291,7 @@ networkstatus_compute_consensus(smartlist_t *votes, /* Okay!! Now we can write the descriptor... */ /* First line goes into "buf". */ buf = routerstatus_format_entry(&rs_out, NULL, NULL, - rs_format, NULL); + rs_format, NULL, published_on); if (buf) smartlist_add(chunks, buf); } @@ -4744,6 +4759,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, dirauth_set_routerstatus_from_routerinfo(rs, node, ri, now, list_bad_exits, list_middle_only); + vrs->published_on = ri->cache_info.published_on; if (ri->cache_info.signing_key_cert) { memcpy(vrs->ed25519_id, diff --git a/src/feature/dirauth/dirvote.h b/src/feature/dirauth/dirvote.h index 64aaec116e..ae8d43a6f0 100644 --- a/src/feature/dirauth/dirvote.h +++ b/src/feature/dirauth/dirvote.h @@ -53,7 +53,7 @@ #define MIN_SUPPORTED_CONSENSUS_METHOD 28 /** The highest consensus method that we currently support. */ -#define MAX_SUPPORTED_CONSENSUS_METHOD 32 +#define MAX_SUPPORTED_CONSENSUS_METHOD 33 /** * Lowest consensus method where microdescriptor lines are put in canonical @@ -74,6 +74,12 @@ */ #define MIN_METHOD_FOR_MIDDLEONLY 32 +/** + * Lowest consensus method for which we suppress the published time in + * microdescriptor consensuses. + */ +#define MIN_METHOD_TO_SUPPRESS_MD_PUBLISHED 33 + /** Default bandwidth to clip unmeasured bandwidths to using method >= * MIN_METHOD_TO_CLIP_UNMEASURED_BW. (This is not a consensus method; do not * get confused with the above macros.) */ diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c index f1d4f49c46..3cdace452f 100644 --- a/src/feature/dirauth/process_descs.c +++ b/src/feature/dirauth/process_descs.c @@ -110,7 +110,7 @@ add_rsa_fingerprint_to_dir(const char *fp, authdir_config_t *list, tor_strstrip(fingerprint, " "); if (base16_decode(d, DIGEST_LEN, fingerprint, strlen(fingerprint)) != DIGEST_LEN) { - log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"", + log_warn(LD_DIRSERV, "Couldn't decode fingerprint %s", escaped(fp)); tor_free(fingerprint); return -1; diff --git a/src/feature/dirclient/dirclient.c b/src/feature/dirclient/dirclient.c index 4e9c8e2f45..84eefdd90b 100644 --- a/src/feature/dirclient/dirclient.c +++ b/src/feature/dirclient/dirclient.c @@ -242,14 +242,21 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, * harmless, and we may as well err on the side of getting things uploaded. */ SMARTLIST_FOREACH_BEGIN(dirservers, dir_server_t *, ds) { - routerstatus_t *rs = &(ds->fake_status); + const routerstatus_t *rs = router_get_consensus_status_by_id(ds->digest); + if (!rs) { + /* prefer to use the address in the consensus, but fall back to + * the hard-coded trusted_dir_server address if we don't have a + * consensus or this digest isn't in our consensus. */ + rs = &ds->fake_status; + } + size_t upload_len = payload_len; if ((type & ds->type) == 0) continue; if (exclude_self && router_digest_is_me(ds->digest)) { - /* we don't upload to ourselves, but at least there's now at least + /* we don't upload to ourselves, but there's now at least * one authority of this type that has what we wanted to upload. */ found = 1; continue; @@ -276,10 +283,8 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, } if (purpose_needs_anonymity(dir_purpose, router_purpose, NULL)) { indirection = DIRIND_ANONYMOUS; - } else if (!reachable_addr_allows_dir_server(ds, - FIREWALL_DIR_CONNECTION, - 0)) { - if (reachable_addr_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0)) + } else if (!reachable_addr_allows_rs(rs, FIREWALL_DIR_CONNECTION, 0)) { + if (reachable_addr_allows_rs(rs, FIREWALL_OR_CONNECTION, 0)) indirection = DIRIND_ONEHOP; else indirection = DIRIND_ANONYMOUS; @@ -590,7 +595,13 @@ directory_get_from_all_authorities(uint8_t dir_purpose, continue; if (!(ds->type & V3_DIRINFO)) continue; - const routerstatus_t *rs = &ds->fake_status; + const routerstatus_t *rs = router_get_consensus_status_by_id(ds->digest); + if (!rs) { + /* prefer to use the address in the consensus, but fall back to + * the hard-coded trusted_dir_server address if we don't have a + * consensus or this digest isn't in our consensus. */ + rs = &ds->fake_status; + } directory_request_t *req = directory_request_new(dir_purpose); directory_request_set_routerstatus(req, rs); directory_request_set_router_purpose(req, router_purpose); diff --git a/src/feature/dirparse/ns_parse.c b/src/feature/dirparse/ns_parse.c index cd3e2731be..3e1f9a3bd3 100644 --- a/src/feature/dirparse/ns_parse.c +++ b/src/feature/dirparse/ns_parse.c @@ -371,14 +371,17 @@ routerstatus_parse_entry_from_string(memarea_t *area, } } + time_t published_on; if (tor_snprintf(timebuf, sizeof(timebuf), "%s %s", tok->args[3+offset], tok->args[4+offset]) < 0 || - parse_iso_time(timebuf, &rs->published_on)<0) { + parse_iso_time(timebuf, &published_on)<0) { log_warn(LD_DIR, "Error parsing time '%s %s' [%d %d]", tok->args[3+offset], tok->args[4+offset], offset, (int)flav); goto err; } + if (vote_rs) + vote_rs->published_on = published_on; if (tor_inet_aton(tok->args[5+offset], &in) == 0) { log_warn(LD_DIR, "Error parsing router address in network-status %s", diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c index cf8e377313..dcca1d7086 100644 --- a/src/feature/hs/hs_cache.c +++ b/src/feature/hs/hs_cache.c @@ -1081,7 +1081,7 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes) * * 1) Deallocate all entries from v3 cache that are older than K hours * 2.1) If the amount of remove bytes has been reached, stop. - * 2) Set K = K - RendPostPeriod and repeat process until K is < 0. + * 2) Set K = K - 1 hour and repeat process until K is < 0. * * This ends up being O(Kn). */ @@ -1104,8 +1104,9 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes) if (bytes_removed < min_remove_bytes) { /* We haven't remove enough bytes so clean v3 cache. */ bytes_removed += cache_clean_v3_as_dir(now, cutoff); - /* Decrement K by a post period to shorten the cutoff. */ - k -= get_options()->RendPostPeriod; + /* Decrement K by a post period to shorten the cutoff, Two minutes + * if we are a testing network, or one hour otherwise. */ + k -= get_options()->TestingTorNetwork ? 120 : 3600; } } while (bytes_removed < min_remove_bytes); diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index a50598d9f3..7cee3480d5 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -644,8 +644,8 @@ send_introduce1(origin_circuit_t *intro_circ, goto tran_err; } - /* Check if the rendevous circuit was setup WITHOUT congestion control but if - * it is enabled and the service supports it. This can happen, see + /* Check if the rendezvous circuit was setup WITHOUT congestion control, + * but if it is enabled and the service supports it. This can happen, see * setup_rendezvous_circ_congestion_control() and so close rendezvous circuit * so another one can be created. */ if (TO_CIRCUIT(rend_circ)->ccontrol == NULL && congestion_control_enabled() diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 1caa5ab64a..4e971233af 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -2419,7 +2419,7 @@ should_remove_intro_point(hs_service_intro_point_t *ip, time_t now) goto end; } - /* Pass this point, even though we might be over the retry limit, we check + /* Past this point, even though we might be over the retry limit, we check * if a circuit (established or pending) exists. In that case, we should not * remove it because it might simply be valid and opened at the previous * scheduled event for the last retry. */ diff --git a/src/feature/nodelist/fmt_routerstatus.c b/src/feature/nodelist/fmt_routerstatus.c index 8c02a302af..4be2ec2a18 100644 --- a/src/feature/nodelist/fmt_routerstatus.c +++ b/src/feature/nodelist/fmt_routerstatus.c @@ -26,6 +26,9 @@ /** Helper: write the router-status information in <b>rs</b> into a newly * allocated character buffer. Use the same format as in network-status * documents. If <b>version</b> is non-NULL, add a "v" line for the platform. + * If <b>declared_publish_time</b> is nonnegative, we declare it as the + * publication time. Otherwise we look for a publication time in <b>vrs</b>, + * and fall back to a default (not useful) publication time. * * Return 0 on success, -1 on failure. * @@ -38,12 +41,14 @@ * NS_V3_VOTE - Output a complete V3 NS vote. If <b>vrs</b> is present, * it contains additional information for the vote. * NS_CONTROL_PORT - Output a NS document for the control port. + * */ char * routerstatus_format_entry(const routerstatus_t *rs, const char *version, const char *protocols, routerstatus_format_type_t format, - const vote_routerstatus_t *vrs) + const vote_routerstatus_t *vrs, + time_t declared_publish_time) { char *summary; char *result = NULL; @@ -53,11 +58,18 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version, char digest64[BASE64_DIGEST_LEN+1]; smartlist_t *chunks = smartlist_new(); + if (declared_publish_time >= 0) { + format_iso_time(published, declared_publish_time); + } else if (vrs) { + format_iso_time(published, vrs->published_on); + } else { + strlcpy(published, "2038-01-01 00:00:00", sizeof(published)); + } + const char *ip_str = fmt_addr(&rs->ipv4_addr); if (ip_str[0] == '\0') goto err; - format_iso_time(published, rs->published_on); digest_to_base64(identity64, rs->identity_digest); digest_to_base64(digest64, rs->descriptor_digest); diff --git a/src/feature/nodelist/fmt_routerstatus.h b/src/feature/nodelist/fmt_routerstatus.h index 7482f373e1..740ea51dd9 100644 --- a/src/feature/nodelist/fmt_routerstatus.h +++ b/src/feature/nodelist/fmt_routerstatus.h @@ -35,6 +35,7 @@ char *routerstatus_format_entry( const char *version, const char *protocols, routerstatus_format_type_t format, - const vote_routerstatus_t *vrs); + const vote_routerstatus_t *vrs, + time_t declared_publish_time); #endif /* !defined(TOR_FMT_ROUTERSTATUS_H) */ diff --git a/src/feature/nodelist/microdesc.c b/src/feature/nodelist/microdesc.c index a95d535dc0..9e5f0bb9a4 100644 --- a/src/feature/nodelist/microdesc.c +++ b/src/feature/nodelist/microdesc.c @@ -626,7 +626,7 @@ microdesc_cache_clean(microdesc_cache_t *cache, time_t cutoff, int force) (*mdp)->digest, DIGEST256_LEN)) { rs_match = "Microdesc digest in RS matches"; } else { - rs_match = "Microdesc digest in RS does match"; + rs_match = "Microdesc digest in RS does not match"; } if (ns) { /* This should be impossible, but let's see! */ diff --git a/src/feature/nodelist/networkstatus.c b/src/feature/nodelist/networkstatus.c index af3bde83a5..b994cfabc4 100644 --- a/src/feature/nodelist/networkstatus.c +++ b/src/feature/nodelist/networkstatus.c @@ -1616,7 +1616,6 @@ routerstatus_has_visibly_changed(const routerstatus_t *a, a->is_hs_dir != b->is_hs_dir || a->is_staledesc != b->is_staledesc || a->has_bandwidth != b->has_bandwidth || - a->published_on != b->published_on || a->ipv6_orport != b->ipv6_orport || a->is_v2_dir != b->is_v2_dir || a->bandwidth_kb != b->bandwidth_kb || @@ -2372,7 +2371,7 @@ char * networkstatus_getinfo_helper_single(const routerstatus_t *rs) { return routerstatus_format_entry(rs, NULL, NULL, NS_CONTROL_PORT, - NULL); + NULL, -1); } /** @@ -2404,7 +2403,6 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->is_hs_dir = node->is_hs_dir; rs->is_named = rs->is_unnamed = 0; - rs->published_on = ri->cache_info.published_on; memcpy(rs->identity_digest, node->identity, DIGEST_LEN); memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest, DIGEST_LEN); @@ -2622,15 +2620,12 @@ networkstatus_parse_flavor_name(const char *flavname) int client_would_use_router(const routerstatus_t *rs, time_t now) { + (void) now; if (!rs->is_flagged_running) { /* If we had this router descriptor, we wouldn't even bother using it. * (Fetching and storing depends on by we_want_to_fetch_flavor().) */ return 0; } - if (rs->published_on + OLD_ROUTER_DESC_MAX_AGE < now) { - /* We'd drop it immediately for being too old. */ - return 0; - } if (!routerstatus_version_supports_extend2_cells(rs, 1)) { /* We'd ignore it because it doesn't support EXTEND2 cells. * If we don't know the version, download the descriptor so we can diff --git a/src/feature/nodelist/routerlist.c b/src/feature/nodelist/routerlist.c index c00f7ffb26..9f0f845126 100644 --- a/src/feature/nodelist/routerlist.c +++ b/src/feature/nodelist/routerlist.c @@ -1924,11 +1924,9 @@ routerlist_remove_old_routers(void) retain = digestset_new(n_max_retain); } - cutoff = now - OLD_ROUTER_DESC_MAX_AGE; /* Retain anything listed in the consensus. */ if (consensus) { SMARTLIST_FOREACH(consensus->routerstatus_list, routerstatus_t *, rs, - if (rs->published_on >= cutoff) digestset_add(retain, rs->descriptor_digest)); } @@ -2653,7 +2651,7 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote, digestmap_t *map = NULL; smartlist_t *no_longer_old = smartlist_new(); smartlist_t *downloadable = smartlist_new(); - routerstatus_t *source = NULL; + const routerstatus_t *source = NULL; int authdir = authdir_mode(options); int n_delayed=0, n_have=0, n_would_reject=0, n_wouldnt_use=0, n_inprogress=0, n_in_oldrouters=0; @@ -2669,10 +2667,17 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote, networkstatus_voter_info_t *voter = smartlist_get(consensus->voters, 0); tor_assert(voter); ds = trusteddirserver_get_by_v3_auth_digest(voter->identity_digest); - if (ds) - source = &(ds->fake_status); - else + if (ds) { + source = router_get_consensus_status_by_id(ds->digest); + if (!source) { + /* prefer to use the address in the consensus, but fall back to + * the hard-coded trusted_dir_server address if we don't have a + * consensus or this digest isn't in our consensus. */ + source = &ds->fake_status; + } + } else { log_warn(LD_DIR, "couldn't lookup source from vote?"); + } } map = digestmap_new(); @@ -2721,17 +2726,20 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote, continue; /* We would never use it ourself. */ } if (is_vote && source) { - char time_bufnew[ISO_TIME_LEN+1]; - char time_bufold[ISO_TIME_LEN+1]; + char old_digest_buf[HEX_DIGEST_LEN+1]; + const char *old_digest = "none"; const routerinfo_t *oldrouter; oldrouter = router_get_by_id_digest(rs->identity_digest); - format_iso_time(time_bufnew, rs->published_on); - if (oldrouter) - format_iso_time(time_bufold, oldrouter->cache_info.published_on); + if (oldrouter) { + base16_encode(old_digest_buf, sizeof(old_digest_buf), + oldrouter->cache_info.signed_descriptor_digest, + DIGEST_LEN); + old_digest = old_digest_buf; + } log_info(LD_DIR, "Learned about %s (%s vs %s) from %s's vote (%s)", routerstatus_describe(rs), - time_bufnew, - oldrouter ? time_bufold : "none", + hex_str(rs->descriptor_digest, DIGEST_LEN), + old_digest, source->nickname, oldrouter ? "known" : "unknown"); } smartlist_add(downloadable, rs->descriptor_digest); diff --git a/src/feature/nodelist/routerstatus_st.h b/src/feature/nodelist/routerstatus_st.h index 55b76de581..a36c80917c 100644 --- a/src/feature/nodelist/routerstatus_st.h +++ b/src/feature/nodelist/routerstatus_st.h @@ -21,7 +21,6 @@ struct routerstatus_t { * routerstatus_has_visibly_changed and the printing function * routerstatus_format_entry in NS_CONTROL_PORT mode. */ - time_t published_on; /**< When was this router published? */ char nickname[MAX_NICKNAME_LEN+1]; /**< The nickname this router says it * has. */ char identity_digest[DIGEST_LEN]; /**< Digest of the router's identity diff --git a/src/feature/nodelist/vote_routerstatus_st.h b/src/feature/nodelist/vote_routerstatus_st.h index 6b2f7b92a9..41d465db8f 100644 --- a/src/feature/nodelist/vote_routerstatus_st.h +++ b/src/feature/nodelist/vote_routerstatus_st.h @@ -18,6 +18,7 @@ struct vote_routerstatus_t { routerstatus_t status; /**< Underlying 'status' object for this router. * Flags are redundant. */ + time_t published_on; /**< When was this router published? */ /** How many known-flags are allowed in a vote? This is the width of * the flags field of vote_routerstatus_t */ #define MAX_KNOWN_FLAGS_IN_VOTE 64 diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c index a38bf5cf5a..7267ca06dd 100644 --- a/src/feature/relay/dns.c +++ b/src/feature/relay/dns.c @@ -768,11 +768,11 @@ dns_resolve_impl,(edge_connection_t *exitconn, int is_resolve, if (!is_reverse || !is_resolve) { if (!is_reverse) - log_info(LD_EXIT, "Bad .in-addr.arpa address \"%s\"; sending error.", + log_info(LD_EXIT, "Bad .in-addr.arpa address %s; sending error.", escaped_safe_str(exitconn->base_.address)); else if (!is_resolve) log_info(LD_EXIT, - "Attempt to connect to a .in-addr.arpa address \"%s\"; " + "Attempt to connect to a .in-addr.arpa address %s; " "sending error.", escaped_safe_str(exitconn->base_.address)); @@ -1459,7 +1459,7 @@ configure_libevent_options(void) * the query itself timed out in transit. */ SET("timeout:", get_consensus_param_exit_dns_timeout()); - /* This tells libevent to attemps up to X times a DNS query if the previous + /* This tells libevent to attempt up to X times a DNS query if the previous * one failed to complete within N second. We believe that this should be * enough to catch temporary hiccups on the first query. But after that, it * should signal us that it won't be able to resolve it. */ diff --git a/src/feature/relay/relay_config.c b/src/feature/relay/relay_config.c index 85ccfc18a7..aa9d48beac 100644 --- a/src/feature/relay/relay_config.c +++ b/src/feature/relay/relay_config.c @@ -33,6 +33,7 @@ #include "core/or/port_cfg_st.h" #include "feature/hibernate/hibernate.h" +#include "feature/hs/hs_service.h" #include "feature/nodelist/nickname.h" #include "feature/stats/geoip_stats.h" #include "feature/stats/predict_ports.h" @@ -942,7 +943,8 @@ options_validate_relay_accounting(const or_options_t *old_options, if (accounting_parse_options(options, 1)<0) REJECT("Failed to parse accounting options. See logs for details."); - if (options->AccountingMax) { + if (options->AccountingMax && + !hs_service_non_anonymous_mode_enabled(options)) { if (options->RendConfigLines && server_mode(options)) { log_warn(LD_CONFIG, "Using accounting with a hidden service and an " "ORPort is risky: your hidden service(s) and your public " @@ -1118,7 +1120,8 @@ options_validate_relay_mode(const or_options_t *old_options, if (BUG(!msg)) return -1; - if (server_mode(options) && options->RendConfigLines) + if (server_mode(options) && options->RendConfigLines && + !hs_service_non_anonymous_mode_enabled(options)) log_warn(LD_CONFIG, "Tor is currently configured as a relay and a hidden service. " "That's not very secure: you should probably run your hidden service " diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c index f4f9d40823..5a32283a7b 100644 --- a/src/feature/relay/relay_find_addr.c +++ b/src/feature/relay/relay_find_addr.c @@ -212,17 +212,19 @@ relay_addr_learn_from_dirauth(void) return; } const node_t *node = node_get_by_id(rs->identity_digest); - if (!node) { + extend_info_t *ei = NULL; + if (node) { + ei = extend_info_from_node(node, 1, false); + } + if (!node || !ei) { /* This can happen if we are still in the early starting stage where no * descriptors we actually fetched and thus we have the routerstatus_t * for the authority but not its descriptor which is needed to build a * circuit and thus learn our address. */ - log_info(LD_GENERAL, "Can't build a circuit to an authority. Unable to " - "learn for now our address from them."); - return; - } - extend_info_t *ei = extend_info_from_node(node, 1, false); - if (BUG(!ei)) { + log_info(LD_GENERAL, + "Trying to learn our IP address by connecting to an " + "authority, but can't build a circuit to one yet. Will try " + "again soon."); return; } diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c index bc98fd985c..dddc0b1de5 100644 --- a/src/feature/relay/router.c +++ b/src/feature/relay/router.c @@ -2554,8 +2554,6 @@ mark_my_descriptor_dirty_if_too_old(time_t now) rs = networkstatus_vote_find_entry(ns, server_identitykey_digest); if (rs == NULL) retry_fast_reason = "not listed in consensus"; - else if (rs->published_on < slow_cutoff) - retry_fast_reason = "version listed in consensus is quite old"; else if (rs->is_staledesc && ns->valid_after > desc_clean_since) retry_fast_reason = "listed as stale in consensus"; } diff --git a/src/feature/stats/rephist.c b/src/feature/stats/rephist.c index d1ccc5edf5..8f4f33151a 100644 --- a/src/feature/stats/rephist.c +++ b/src/feature/stats/rephist.c @@ -2292,7 +2292,7 @@ static overload_onionskin_assessment_t overload_onionskin_assessment; /** * We combine ntorv3 and ntor into the same stat, so we must - * use this function to covert the cell type to a stat index. + * use this function to convert the cell type to a stat index. */ static inline uint16_t onionskin_type_to_stat(uint16_t type) @@ -2315,7 +2315,7 @@ onionskin_type_to_stat(uint16_t type) * the stats are reset back to 0 and the assessment time period updated. * * This is called when a ntor handshake is _requested_ because we want to avoid - * to have an assymetric situation where requested counter is reset to 0 but + * to have an asymmetric situation where requested counter is reset to 0 but * then a drop happens leading to the drop counter being incremented while the * requested counter is 0. */ static void diff --git a/src/include.am b/src/include.am index 36d323e6eb..29a392a132 100644 --- a/src/include.am +++ b/src/include.am @@ -87,6 +87,5 @@ include src/app/include.am include src/test/include.am include src/tools/include.am -include src/win32/include.am include src/config/include.am include src/test/fuzz/include.am diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h index 0f56f338b5..c5eccdb015 100644 --- a/src/lib/crypt_ops/compat_openssl.h +++ b/src/lib/crypt_ops/compat_openssl.h @@ -20,32 +20,36 @@ * \brief compatibility definitions for working with different openssl forks **/ -#if !defined(LIBRESSL_VERSION_NUMBER) && \ - OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1) +#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1) #error "We require OpenSSL >= 1.0.1" #endif -#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \ - ! defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) /* We define this macro if we're trying to build with the majorly refactored * API in OpenSSL 1.1 */ #define OPENSSL_1_1_API #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */ -#ifndef OPENSSL_1_1_API -#define OpenSSL_version(v) SSLeay_version(v) -#define tor_OpenSSL_version_num() SSLeay() +/* LibreSSL claims to be OpenSSL 2.0 but lacks these OpenSSL 1.1 APIs */ +#if !defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) #define RAND_OpenSSL() RAND_SSLeay() #define STATE_IS_SW_SERVER_HELLO(st) \ (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \ ((st) == SSL3_ST_SW_SRVR_HELLO_B)) #define OSSL_HANDSHAKE_STATE int #define CONST_IF_OPENSSL_1_1_API -#else /* defined(OPENSSL_1_1_API) */ -#define tor_OpenSSL_version_num() OpenSSL_version_num() +#else #define STATE_IS_SW_SERVER_HELLO(st) \ ((st) == TLS_ST_SW_SRVR_HELLO) #define CONST_IF_OPENSSL_1_1_API const +#endif + +/* OpenSSL 1.1 and LibreSSL both have these APIs */ +#ifndef OPENSSL_1_1_API +#define OpenSSL_version(v) SSLeay_version(v) +#define tor_OpenSSL_version_num() SSLeay() +#else /* defined(OPENSSL_1_1_API) */ +#define tor_OpenSSL_version_num() OpenSSL_version_num() #endif /* !defined(OPENSSL_1_1_API) */ #endif /* defined(ENABLE_OPENSSL) */ diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h index c6f63ffa08..96a37721dd 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.h +++ b/src/lib/crypt_ops/crypto_openssl_mgt.h @@ -54,8 +54,7 @@ #define DISABLE_ENGINES #endif -#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \ - !defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require * setting up various callbacks. * diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c index a21c4a65cf..544d72e6ca 100644 --- a/src/lib/crypt_ops/crypto_rsa_openssl.c +++ b/src/lib/crypt_ops/crypto_rsa_openssl.c @@ -572,7 +572,9 @@ static bool rsa_private_key_too_long(RSA *rsa, int max_bits) { const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp; -#ifdef OPENSSL_1_1_API +#if defined(OPENSSL_1_1_API) && \ + (!defined(LIBRESSL_VERSION_NUMBER) || \ + LIBRESSL_VERSION_NUMBER >= OPENSSL_V_SERIES(3,5,0)) #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1) n = RSA_get0_n(rsa); @@ -591,7 +593,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits) if (RSA_bits(rsa) > max_bits) return true; -#else /* !defined(OPENSSL_1_1_API) */ +#else /* !defined(OPENSSL_1_1_API) && ... */ n = rsa->n; e = rsa->e; p = rsa->p; @@ -600,7 +602,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits) dmp1 = rsa->dmp1; dmq1 = rsa->dmq1; iqmp = rsa->iqmp; -#endif /* defined(OPENSSL_1_1_API) */ +#endif /* defined(OPENSSL_1_1_API) && ... */ if (n && BN_num_bits(n) > max_bits) return true; diff --git a/src/lib/dispatch/dispatch_cfg_st.h b/src/lib/dispatch/dispatch_cfg_st.h index 636f2e6df5..503d13e010 100644 --- a/src/lib/dispatch/dispatch_cfg_st.h +++ b/src/lib/dispatch/dispatch_cfg_st.h @@ -24,9 +24,9 @@ struct dispatch_cfg_t { struct smartlist_t *type_by_msg; /** A list of channel_id_t (cast to void*), indexed by msg_t. */ struct smartlist_t *chan_by_msg; - /** A list of dispatch_rcv_t, indexed by msg_type_id_t. */ + /** A list of dispatch_typefns_t, indexed by msg_type_id_t. */ struct smartlist_t *fns_by_type; - /** A list of dispatch_typefns_t, indexed by msg_t. */ + /** A list of dispatch_rcv_t, indexed by msg_t. */ struct smartlist_t *recv_by_msg; }; diff --git a/src/lib/geoip/geoip.c b/src/lib/geoip/geoip.c index 686040613d..f13354dbe1 100644 --- a/src/lib/geoip/geoip.c +++ b/src/lib/geoip/geoip.c @@ -387,7 +387,7 @@ geoip_load_file(sa_family_t family, const char *filename, int severity) * be less than geoip_get_n_countries(). To decode it, call * geoip_get_country_name(). */ -int +STATIC int geoip_get_country_by_ipv4(uint32_t ipaddr) { geoip_ipv4_entry_t *ent; @@ -403,7 +403,7 @@ geoip_get_country_by_ipv4(uint32_t ipaddr) * 0 for the 'unknown country'. The return value will always be less than * geoip_get_n_countries(). To decode it, call geoip_get_country_name(). */ -int +STATIC int geoip_get_country_by_ipv6(const struct in6_addr *addr) { geoip_ipv6_entry_t *ent; diff --git a/src/lib/geoip/geoip.h b/src/lib/geoip/geoip.h index 764ed1d5a5..e68573fd1a 100644 --- a/src/lib/geoip/geoip.h +++ b/src/lib/geoip/geoip.h @@ -21,14 +21,14 @@ #ifdef GEOIP_PRIVATE STATIC int geoip_parse_entry(const char *line, sa_family_t family); STATIC void clear_geoip_db(void); + +STATIC int geoip_get_country_by_ipv4(uint32_t ipaddr); +STATIC int geoip_get_country_by_ipv6(const struct in6_addr *addr); #endif /* defined(GEOIP_PRIVATE) */ struct in6_addr; struct tor_addr_t; -int geoip_get_country_by_ipv4(uint32_t ipaddr); -int geoip_get_country_by_ipv6(const struct in6_addr *addr); - /** A per-country GeoIP record. */ typedef struct geoip_country_t { /** A nul-terminated two-letter country-code. */ diff --git a/src/lib/malloc/malloc.h b/src/lib/malloc/malloc.h index cc031f843a..48a3ac32cf 100644 --- a/src/lib/malloc/malloc.h +++ b/src/lib/malloc/malloc.h @@ -11,6 +11,7 @@ #ifndef TOR_UTIL_MALLOC_H #define TOR_UTIL_MALLOC_H +#include <assert.h> #include <stddef.h> #include <stdlib.h> #include "lib/cc/compat_compiler.h" @@ -45,6 +46,9 @@ void tor_free_(void *mem); #ifdef __GNUC__ #define tor_free(p) STMT_BEGIN \ typeof(&(p)) tor_free__tmpvar = &(p); \ + _Static_assert(!__builtin_types_compatible_p(typeof(*tor_free__tmpvar), \ + struct event *), \ + "use tor_event_free for struct event *"); \ raw_free(*tor_free__tmpvar); \ *tor_free__tmpvar=NULL; \ STMT_END diff --git a/src/lib/osinfo/libc.c b/src/lib/osinfo/libc.c index f52dea41aa..1ca26ff707 100644 --- a/src/lib/osinfo/libc.c +++ b/src/lib/osinfo/libc.c @@ -31,6 +31,9 @@ const char * tor_libc_get_name(void) { +#if defined(__BSD_VISIBLE) || defined(__NETBSD_SOURCE) + return "BSD"; +#endif /* defined(__BSD_VISIBLE) || defined(__NETBSD_SOURCE) */ #ifdef __GLIBC__ return "Glibc"; #else /* !defined(__GLIBC__) */ @@ -43,6 +46,21 @@ tor_libc_get_name(void) const char * tor_libc_get_version_str(void) { +#if defined(__BSD_VISIBLE) || defined(__NETBSD_SOURCE) +#include <sys/param.h> +#ifdef __DragonFly_version + return STR(__DragonFly_version); +#endif +#ifdef __FreeBSD__ + return STR(__FreeBSD_version); +#endif +#ifdef __NetBSD_Version__ + return STR(__NetBSD_Version__); +#endif +#ifdef OpenBSD + return STR(OpenBSD); +#endif +#endif /* defined(__BSD_VISIBLE) || defined(__NETBSD_SOURCE) */ #ifdef CHECK_LIBC_VERSION const char *version = gnu_get_libc_version(); if (version == NULL) diff --git a/src/lib/process/process_win32.c b/src/lib/process/process_win32.c index dfcb17a480..6458f93752 100644 --- a/src/lib/process/process_win32.c +++ b/src/lib/process/process_win32.c @@ -888,7 +888,7 @@ process_win32_read_from_handle(process_win32_handle_t *handle, /* Check if we have been asked to read from a handle that have already told * us that we have reached the end of the file. */ - if (BUG(handle->reached_eof)) + if (handle->reached_eof) return 0; /* This cast should be safe since our buffer can be at maximum up to diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index 6800fa062b..a476e57fbc 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -141,10 +141,12 @@ static sandbox_cfg_t *filter_dynamic = NULL; * the high bits of the value might get masked out improperly. */ #define SCMP_CMP_MASKED(a,b,c) \ SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, ~(scmp_datum_t)(b), (c)) -/* For negative constants, the rule to add depends on the glibc version. */ -#define SCMP_CMP_NEG(a,op,b) (libc_negative_constant_needs_cast() ? \ - (SCMP_CMP((a), (op), (unsigned int)(b))) : \ - (SCMP_CMP_STR((a), (op), (b)))) +/* Negative constants aren't consistently sign extended or zero extended. + * Different compilers, libc, and architectures behave differently. For cases + * where the kernel ABI uses a 32 bit integer, this macro can be used to + * mask-compare only the lower 32 bits of the value. */ +#define SCMP_CMP_LOWER32_EQ(a,b) \ + SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, 0xFFFFFFFF, (unsigned int)(b)) /** Variable used for storing all syscall numbers that will be allowed with the * stage 1 general Tor sandbox. @@ -516,14 +518,6 @@ libc_uses_openat_for_opendir(void) (is_libc_at_least(2, 15) && !is_libc_at_least(2, 22)); } -/* Return true if we think we're running with a libc that needs to cast - * negative arguments like AT_FDCWD for seccomp rules. */ -static int -libc_negative_constant_needs_cast(void) -{ - return is_libc_at_least(2, 27); -} - /** Allow a single file to be opened. If <b>use_openat</b> is true, * we're using a libc that remaps all the opens into openats. */ static int @@ -531,7 +525,7 @@ allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file) { if (use_openat) { return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), - SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), + SCMP_CMP_LOWER32_EQ(0, AT_FDCWD), SCMP_CMP_STR(1, SCMP_CMP_EQ, file)); } else { return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), @@ -612,6 +606,32 @@ sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return 0; } +static int +sb_fchmodat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + int rc; + sandbox_cfg_t *elem = NULL; + + // for each dynamic parameter filters + for (elem = filter; elem != NULL; elem = elem->next) { + smp_param_t *param = elem->param; + + if (param != NULL && param->prot == 1 && param->syscall + == SCMP_SYS(fchmodat)) { + rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchmodat), + SCMP_CMP_LOWER32_EQ(0, AT_FDCWD), + SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value)); + if (rc != 0) { + log_err(LD_BUG,"(Sandbox) failed to add fchmodat syscall, received " + "libseccomp error %d", rc); + return rc; + } + } + } + + return 0; +} + #ifdef __i386__ static int sb_chown32(scmp_filter_ctx ctx, sandbox_cfg_t *filter) @@ -664,6 +684,32 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } #endif /* defined(__i386__) */ +static int +sb_fchownat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + int rc; + sandbox_cfg_t *elem = NULL; + + // for each dynamic parameter filters + for (elem = filter; elem != NULL; elem = elem->next) { + smp_param_t *param = elem->param; + + if (param != NULL && param->prot == 1 && param->syscall + == SCMP_SYS(fchownat)) { + rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchownat), + SCMP_CMP_LOWER32_EQ(0, AT_FDCWD), + SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value)); + if (rc != 0) { + log_err(LD_BUG,"(Sandbox) failed to add fchownat syscall, received " + "libseccomp error %d", rc); + return rc; + } + } + } + + return 0; +} + /** * Function responsible for setting up the rename syscall for * the seccomp filter sandbox. @@ -696,6 +742,39 @@ sb_rename(scmp_filter_ctx ctx, sandbox_cfg_t *filter) } /** + * Function responsible for setting up the renameat syscall for + * the seccomp filter sandbox. + */ +static int +sb_renameat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + int rc; + sandbox_cfg_t *elem = NULL; + + // for each dynamic parameter filters + for (elem = filter; elem != NULL; elem = elem->next) { + smp_param_t *param = elem->param; + + if (param != NULL && param->prot == 1 && + param->syscall == SCMP_SYS(renameat)) { + + rc = seccomp_rule_add_4(ctx, SCMP_ACT_ALLOW, SCMP_SYS(renameat), + SCMP_CMP_LOWER32_EQ(0, AT_FDCWD), + SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value), + SCMP_CMP_LOWER32_EQ(2, AT_FDCWD), + SCMP_CMP_STR(3, SCMP_CMP_EQ, param->value2)); + if (rc != 0) { + log_err(LD_BUG,"(Sandbox) failed to add renameat syscall, received " + "libseccomp error %d", rc); + return rc; + } + } + } + + return 0; +} + +/** * Function responsible for setting up the openat syscall for * the seccomp filter sandbox. */ @@ -712,7 +791,7 @@ sb_openat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) if (param != NULL && param->prot == 1 && param->syscall == SCMP_SYS(openat)) { rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), - SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), + SCMP_CMP_LOWER32_EQ(0, AT_FDCWD), SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value), SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY| O_CLOEXEC)); @@ -1323,7 +1402,9 @@ static sandbox_filter_func_t filter_func[] = { #else sb_chown, #endif + sb_fchownat, sb_chmod, + sb_fchmodat, sb_open, sb_openat, sb_opendir, @@ -1331,6 +1412,7 @@ static sandbox_filter_func_t filter_func[] = { sb_ptrace, #endif sb_rename, + sb_renameat, #ifdef __NR_fcntl64 sb_fcntl64, #endif @@ -1598,10 +1680,24 @@ new_element(int syscall, char *value) #ifdef __i386__ #define SCMP_chown SCMP_SYS(chown32) +#elif defined(__aarch64__) && defined(__LP64__) +#define SCMP_chown SCMP_SYS(fchownat) #else #define SCMP_chown SCMP_SYS(chown) #endif +#if defined(__aarch64__) && defined(__LP64__) +#define SCMP_chmod SCMP_SYS(fchmodat) +#else +#define SCMP_chmod SCMP_SYS(chmod) +#endif + +#if defined(__aarch64__) && defined(__LP64__) +#define SCMP_rename SCMP_SYS(renameat) +#else +#define SCMP_rename SCMP_SYS(rename) +#endif + #ifdef __NR_stat64 #define SCMP_stat SCMP_SYS(stat64) #else @@ -1639,7 +1735,7 @@ sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file) { sandbox_cfg_t *elem = NULL; - elem = new_element(SCMP_SYS(chmod), file); + elem = new_element(SCMP_chmod, file); elem->next = *cfg; *cfg = elem; @@ -1665,7 +1761,7 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2) { sandbox_cfg_t *elem = NULL; - elem = new_element2(SCMP_SYS(rename), file1, file2); + elem = new_element2(SCMP_rename, file1, file2); elem->next = *cfg; *cfg = elem; diff --git a/src/test/Makefile.nmake b/src/test/Makefile.nmake deleted file mode 100644 index ca6a84cf8a..0000000000 --- a/src/test/Makefile.nmake +++ /dev/null @@ -1,35 +0,0 @@ -all: test.exe bench.exe - -CFLAGS = /I ..\win32 /I ..\..\..\build-alpha\include /I ..\common /I ..\or \ - /I ..\ext - -LIBS = ..\..\..\build-alpha\lib\libevent.lib \ - ..\..\..\build-alpha\lib\libcrypto.lib \ - ..\..\..\build-alpha\lib\libssl.lib \ - ..\..\..\build-alpha\lib\libz.lib \ - ..\or\libtor.lib \ - ws2_32.lib advapi32.lib shell32.lib \ - crypt32.lib gdi32.lib user32.lib - -TEST_OBJECTS = test.obj test_addr.obj test_channel.obj test_channeltls.obj \ - test_consdiff.obj test_containers.obj \ - test_controller_events.obj test_crypto.obj test_data.obj test_dir.obj \ - test_checkdir.obj test_microdesc.obj test_pt.obj test_util.obj \ - test_config.obj test_connection.obj \ - test_cell_formats.obj test_relay.obj test_replay.obj \ - test_channelpadding.obj \ - test_circuitstats.obj \ - test_circuitpadding.obj \ - test_scheduler.obj test_introduce.obj test_hs.obj tinytest.obj - -tinytest.obj: ..\ext\tinytest.c - $(CC) $(CFLAGS) /D snprintf=_snprintf /c ..\ext\tinytest.c - -test.exe: $(TEST_OBJECTS) - $(CC) $(CFLAGS) $(LIBS) ..\common\*.lib $(TEST_OBJECTS) /Fe$@ - -bench.exe: bench.obj - $(CC) $(CFLAGS) bench.obj $(LIBS) ..\common\*.lib /Fe$@ - -clean: - del *.obj *.lib test.exe bench.exe diff --git a/src/test/conf_examples/large_1/expected b/src/test/conf_examples/large_1/expected index fcd19db3df..73e48cf0d3 100644 --- a/src/test/conf_examples/large_1/expected +++ b/src/test/conf_examples/large_1/expected @@ -126,7 +126,6 @@ ReachableORAddresses 128.0.0.0/8 RejectPlaintextPorts 23 RelayBandwidthBurst 10000 RelayBandwidthRate 1000 -RendPostPeriod 600 RephistTrackTime 600 SafeLogging 0 Schedulers Vanilla,KISTLite,Kist diff --git a/src/test/conf_examples/large_1/expected_no_dirauth b/src/test/conf_examples/large_1/expected_no_dirauth index 4a19bc546c..21f08d0a33 100644 --- a/src/test/conf_examples/large_1/expected_no_dirauth +++ b/src/test/conf_examples/large_1/expected_no_dirauth @@ -125,7 +125,6 @@ ReachableORAddresses 128.0.0.0/8 RejectPlaintextPorts 23 RelayBandwidthBurst 10000 RelayBandwidthRate 1000 -RendPostPeriod 600 RephistTrackTime 600 SafeLogging 0 Schedulers Vanilla,KISTLite,Kist diff --git a/src/test/conf_examples/large_1/torrc b/src/test/conf_examples/large_1/torrc index 3f5b1e179f..ebf4a3fb96 100644 --- a/src/test/conf_examples/large_1/torrc +++ b/src/test/conf_examples/large_1/torrc @@ -133,7 +133,6 @@ ReachableORAddresses 128.0.0.0/8 RejectPlaintextPorts 23 RelayBandwidthBurst 10000 RelayBandwidthRate 1000 -RendPostPeriod 10 minutes RephistTrackTime 10 minutes SafeLogging 0 SafeSocks 0 diff --git a/src/test/test_channelpadding.c b/src/test/test_channelpadding.c index 261e1f8a37..63c9a3b753 100644 --- a/src/test/test_channelpadding.c +++ b/src/test/test_channelpadding.c @@ -862,7 +862,7 @@ test_channelpadding_decide_to_pad_channel(void *arg) * 2. Channel that has not "sent a packet" before the timeout: * 2a. Not within 1.1s of the timeout. * + We should decide to pad later - * 2b. Within 1.1s of the timemout. + * 2b. Within 1.1s of the timeout. * + We should schedule padding * + We should get feedback that we wrote a cell * 2c. Within 0.1s of the timeout. diff --git a/src/test/test_config.c b/src/test/test_config.c index 3ebe095a6a..a53d0b8227 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -6435,7 +6435,7 @@ test_config_include_opened_file_list(void *data) tt_int_op(smartlist_len(opened_files), OP_EQ, 4); tt_int_op(smartlist_contains_string(opened_files, torrcd), OP_EQ, 1); tt_int_op(smartlist_contains_string(opened_files, subfolder), OP_EQ, 1); - // files inside subfolders are not opended, only the subfolder is opened + // files inside subfolders are not opened, only the subfolder is opened tt_int_op(smartlist_contains_string(opened_files, empty), OP_EQ, 1); tt_int_op(smartlist_contains_string(opened_files, file), OP_EQ, 1); // dot files are not opened as we ignore them when we get their name from diff --git a/src/test/test_connection.c b/src/test/test_connection.c index fbf9d6a5ab..ed94fe8aaa 100644 --- a/src/test/test_connection.c +++ b/src/test/test_connection.c @@ -22,6 +22,7 @@ #include "feature/dircommon/directory.h" #include "core/or/connection_or.h" #include "lib/net/resolve.h" +#include "lib/evloop/compat_libevent.h" #include "test/test_connection.h" #include "test/test_helpers.h" @@ -113,14 +114,8 @@ test_conn_get_basic_teardown(const struct testcase_t *tc, void *arg) /* We didn't call tor_libevent_initialize(), so event_base was NULL, * so we can't rely on connection_unregister_events() use of event_del(). */ - if (conn->linked_conn->read_event) { - tor_free(conn->linked_conn->read_event); - conn->linked_conn->read_event = NULL; - } - if (conn->linked_conn->write_event) { - tor_free(conn->linked_conn->write_event); - conn->linked_conn->write_event = NULL; - } + tor_event_free(conn->linked_conn->read_event); + tor_event_free(conn->linked_conn->write_event); if (!conn->linked_conn->marked_for_close) { connection_close_immediate(conn->linked_conn); @@ -142,14 +137,8 @@ test_conn_get_basic_teardown(const struct testcase_t *tc, void *arg) /* We didn't set the events up properly, so we can't use event_del() in * close_closeable_connections() > connection_free() * > connection_unregister_events() */ - if (conn->read_event) { - tor_free(conn->read_event); - conn->read_event = NULL; - } - if (conn->write_event) { - tor_free(conn->write_event); - conn->write_event = NULL; - } + tor_event_free(conn->read_event); + tor_event_free(conn->write_event); if (!conn->marked_for_close) { connection_close_immediate(conn); diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 186e09f236..248fd8ab5d 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -2971,7 +2971,7 @@ test_vrs_for_v3ns(vote_routerstatus_t *vrs, int voter, time_t now) (voter == 1)) { /* Check the first routerstatus. */ tt_str_op(vrs->version,OP_EQ, "0.1.2.14"); - tt_int_op(rs->published_on,OP_EQ, now-1500); + tt_int_op(vrs->published_on,OP_EQ, now-1500); tt_str_op(rs->nickname,OP_EQ, "router2"); tt_mem_op(rs->identity_digest,OP_EQ, "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3" @@ -2996,7 +2996,7 @@ test_vrs_for_v3ns(vote_routerstatus_t *vrs, int voter, time_t now) if (voter == 1) { /* Check the second routerstatus. */ tt_str_op(vrs->version,OP_EQ, "0.2.0.5"); - tt_int_op(rs->published_on,OP_EQ, now-1000); + tt_int_op(vrs->published_on,OP_EQ, now-1000); tt_str_op(rs->nickname,OP_EQ, "router1"); } tt_mem_op(rs->descriptor_digest,OP_EQ, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN); @@ -3057,6 +3057,7 @@ test_consensus_for_v3ns(networkstatus_t *con, time_t now) static void test_routerstatus_for_v3ns(routerstatus_t *rs, time_t now) { + (void)now; tor_addr_t addr_ipv6; tt_assert(rs); @@ -3093,7 +3094,6 @@ test_routerstatus_for_v3ns(routerstatus_t *rs, time_t now) DIGEST_LEN); tt_str_op(rs->nickname,OP_EQ, "router1"); tt_mem_op(rs->descriptor_digest,OP_EQ, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN); - tt_int_op(rs->published_on,OP_EQ, now-1000); tt_assert(tor_addr_eq_ipv4h(&rs->ipv4_addr, 0x99009901)); tt_int_op(rs->ipv4_orport,OP_EQ, 443); tt_int_op(rs->ipv4_dirport,OP_EQ, 0); @@ -3968,7 +3968,7 @@ gen_routerstatus_for_umbw(int idx, time_t now) vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; vrs->version = tor_strdup("0.1.2.14"); - rs->published_on = now-1500; + vrs->published_on = now-1500; strlcpy(rs->nickname, "router2", sizeof(rs->nickname)); memset(rs->identity_digest, 3, DIGEST_LEN); memset(rs->descriptor_digest, 78, DIGEST_LEN); @@ -3993,7 +3993,7 @@ gen_routerstatus_for_umbw(int idx, time_t now) vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; vrs->version = tor_strdup("0.2.0.5"); - rs->published_on = now-1000; + vrs->published_on = now-1000; strlcpy(rs->nickname, "router1", sizeof(rs->nickname)); memset(rs->identity_digest, 5, DIGEST_LEN); memset(rs->descriptor_digest, 77, DIGEST_LEN); @@ -4020,7 +4020,7 @@ gen_routerstatus_for_umbw(int idx, time_t now) vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; vrs->version = tor_strdup("0.1.0.3"); - rs->published_on = now-1000; + vrs->published_on = now-1000; strlcpy(rs->nickname, "router3", sizeof(rs->nickname)); memset(rs->identity_digest, 0x33, DIGEST_LEN); memset(rs->descriptor_digest, 79, DIGEST_LEN); @@ -4046,7 +4046,7 @@ gen_routerstatus_for_umbw(int idx, time_t now) vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; vrs->version = tor_strdup("0.1.6.3"); - rs->published_on = now-1000; + vrs->published_on = now-1000; strlcpy(rs->nickname, "router4", sizeof(rs->nickname)); memset(rs->identity_digest, 0x34, DIGEST_LEN); memset(rs->descriptor_digest, 47, DIGEST_LEN); @@ -4146,7 +4146,7 @@ test_vrs_for_umbw(vote_routerstatus_t *vrs, int voter, time_t now) * cutoff. */ tt_str_op(vrs->version,OP_EQ, "0.1.2.14"); - tt_int_op(rs->published_on,OP_EQ, now-1500); + tt_int_op(vrs->published_on,OP_EQ, now-1500); tt_str_op(rs->nickname,OP_EQ, "router2"); tt_mem_op(rs->identity_digest,OP_EQ, "\x3\x3\x3\x3\x3\x3\x3\x3\x3\x3" @@ -4170,7 +4170,7 @@ test_vrs_for_umbw(vote_routerstatus_t *vrs, int voter, time_t now) * cutoff. */ tt_str_op(vrs->version,OP_EQ, "0.2.0.5"); - tt_int_op(rs->published_on,OP_EQ, now-1000); + tt_int_op(vrs->published_on,OP_EQ, now-1000); tt_str_op(rs->nickname,OP_EQ, "router1"); tt_mem_op(rs->identity_digest,OP_EQ, "\x5\x5\x5\x5\x5\x5\x5\x5\x5\x5" @@ -4245,6 +4245,7 @@ test_consensus_for_umbw(networkstatus_t *con, time_t now) static void test_routerstatus_for_umbw(routerstatus_t *rs, time_t now) { + (void)now; tor_addr_t addr_ipv6; uint32_t max_unmeasured_bw_kb = (alternate_clip_bw > 0) ? alternate_clip_bw : DEFAULT_MAX_UNMEASURED_BW_KB; @@ -4285,7 +4286,6 @@ test_routerstatus_for_umbw(routerstatus_t *rs, time_t now) DIGEST_LEN); tt_str_op(rs->nickname,OP_EQ, "router1"); tt_mem_op(rs->descriptor_digest,OP_EQ, "MMMMMMMMMMMMMMMMMMMM", DIGEST_LEN); - tt_int_op(rs->published_on,OP_EQ, now-1000); tt_assert(tor_addr_eq_ipv4h(&rs->ipv4_addr, 0x99009901)); tt_int_op(rs->ipv4_orport,OP_EQ, 443); tt_int_op(rs->ipv4_dirport,OP_EQ, 0); @@ -4385,7 +4385,6 @@ test_dir_fmt_control_ns(void *arg) (void)arg; memset(&rs, 0, sizeof(rs)); - rs.published_on = 1364925198; strlcpy(rs.nickname, "TetsuoMilk", sizeof(rs.nickname)); memcpy(rs.identity_digest, "Stately, plump Buck ", DIGEST_LEN); memcpy(rs.descriptor_digest, "Mulligan came up fro", DIGEST_LEN); @@ -4403,7 +4402,7 @@ test_dir_fmt_control_ns(void *arg) tt_assert(s); tt_str_op(s, OP_EQ, "r TetsuoMilk U3RhdGVseSwgcGx1bXAgQnVjayA " - "TXVsbGlnYW4gY2FtZSB1cCBmcm8 2013-04-02 17:53:18 " + "TXVsbGlnYW4gY2FtZSB1cCBmcm8 2038-01-01 00:00:00 " "32.48.64.80 9001 9002\n" "s Exit Fast Running V2Dir\n" "w Bandwidth=1000\n"); diff --git a/src/test/test_dir_common.c b/src/test/test_dir_common.c index 201ea900ff..50ba32b562 100644 --- a/src/test/test_dir_common.c +++ b/src/test/test_dir_common.c @@ -93,7 +93,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now) vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; vrs->version = tor_strdup("0.1.2.14"); - rs->published_on = now-1500; + vrs->published_on = now-1500; strlcpy(rs->nickname, "router2", sizeof(rs->nickname)); memset(rs->identity_digest, TEST_DIR_ROUTER_ID_1, DIGEST_LEN); memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_1, DIGEST_LEN); @@ -111,7 +111,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now) vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; vrs->version = tor_strdup("0.2.0.5"); - rs->published_on = now-1000; + vrs->published_on = now-1000; strlcpy(rs->nickname, "router1", sizeof(rs->nickname)); memset(rs->identity_digest, TEST_DIR_ROUTER_ID_2, DIGEST_LEN); memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_2, DIGEST_LEN); @@ -130,7 +130,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now) vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; vrs->version = tor_strdup("0.1.0.3"); - rs->published_on = now-1000; + vrs->published_on = now-1000; strlcpy(rs->nickname, "router3", sizeof(rs->nickname)); memset(rs->identity_digest, TEST_DIR_ROUTER_ID_3, DIGEST_LEN); memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_3, DIGEST_LEN); @@ -147,7 +147,7 @@ dir_common_gen_routerstatus_for_v3ns(int idx, time_t now) vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; vrs->version = tor_strdup("0.1.6.3"); - rs->published_on = now-1000; + vrs->published_on = now-1000; strlcpy(rs->nickname, "router4", sizeof(rs->nickname)); memset(rs->identity_digest, TEST_DIR_ROUTER_ID_4, DIGEST_LEN); memset(rs->descriptor_digest, TEST_DIR_ROUTER_DD_4, DIGEST_LEN); diff --git a/src/test/test_dir_handle_get.c b/src/test/test_dir_handle_get.c index a7f9fa1d7b..5f93b04c96 100644 --- a/src/test/test_dir_handle_get.c +++ b/src/test/test_dir_handle_get.c @@ -2073,7 +2073,7 @@ test_dir_handle_get_status_vote_next_bandwidth_not_found(void* data) conn = new_dir_conn(); tt_int_op(0, OP_EQ, directory_handle_command_get(conn, - GET("/tor/status-vote/next/bandwdith"), NULL, 0)); + GET("/tor/status-vote/next/bandwidth"), NULL, 0)); fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE, NULL, NULL, 1, 0); diff --git a/src/test/test_hs_control.c b/src/test/test_hs_control.c index c32803b380..eaeba47b0c 100644 --- a/src/test/test_hs_control.c +++ b/src/test/test_hs_control.c @@ -628,7 +628,7 @@ test_hs_control_store_permanent_creds(void *arg) tor_free(args); tor_free(cp1); - /* Overwrite the credentials and check that they got overwrited. */ + /* Overwrite the credentials and check that they got overwritten. */ args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd " "x25519:UDRvZLvcJo0QRLvDfkpgbtsqbkhIUQZyeo2FNBrgS18= " "Flags=Permanent"); diff --git a/src/test/test_nodelist.c b/src/test/test_nodelist.c index 250db9a964..ecd29f5464 100644 --- a/src/test/test_nodelist.c +++ b/src/test/test_nodelist.c @@ -1273,7 +1273,6 @@ test_nodelist_routerstatus_has_visibly_changed(void *arg) memcpy(rs_orig.descriptor_digest, "abcdefghijklmnopqrst", 20); tor_addr_from_ipv4h(&rs_orig.ipv4_addr, 0x7f000001); rs_orig.ipv4_orport = 3; - rs_orig.published_on = time(NULL); rs_orig.has_bandwidth = 1; rs_orig.bandwidth_kb = 20; @@ -1284,9 +1283,9 @@ test_nodelist_routerstatus_has_visibly_changed(void *arg) tor_free(fmt); \ fmt_orig = routerstatus_format_entry(&rs_orig, NULL, NULL, \ NS_CONTROL_PORT, \ - NULL); \ + NULL, -1); \ fmt = routerstatus_format_entry(&rs, NULL, NULL, NS_CONTROL_PORT, \ - NULL); \ + NULL, -1); \ tt_assert(fmt_orig); \ tt_assert(fmt); \ STMT_END @@ -1322,9 +1321,6 @@ test_nodelist_routerstatus_has_visibly_changed(void *arg) strlcpy(rs.nickname, "fr1end1y", sizeof(rs.nickname)); ASSERT_CHANGED(); - rs.published_on += 3600; - ASSERT_CHANGED(); - rs.ipv4_orport = 55; ASSERT_CHANGED(); diff --git a/src/test/test_options.c b/src/test/test_options.c index 182e6dd572..6610e317a7 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -2006,43 +2006,6 @@ test_options_validate__testing(void *ignored) } static void -test_options_validate__hidserv(void *ignored) -{ - (void)ignored; - int ret; - char *msg; - setup_capture_of_logs(LOG_WARN); - - options_test_data_t *tdata = NULL; - - free_options_test_data(tdata); - tdata = get_options_test_data("RendPostPeriod 1\n" ); - mock_clean_saved_logs(); - ret = options_validate(NULL, tdata->opt, &msg); - tt_int_op(ret, OP_EQ, 0); - expect_log_msg("RendPostPeriod option is too short;" - " raising to 600 seconds.\n"); - tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 600); - tor_free(msg); - - free_options_test_data(tdata); - tdata = get_options_test_data("RendPostPeriod 302401\n" ); - mock_clean_saved_logs(); - ret = options_validate(NULL, tdata->opt, &msg); - tt_int_op(ret, OP_EQ, 0); - expect_log_msg("RendPostPeriod is too large; " - "clipping to 302400s.\n"); - tt_int_op(tdata->opt->RendPostPeriod, OP_EQ, 302400); - tor_free(msg); - - done: - teardown_capture_of_logs(); - policies_free_all(); - free_options_test_data(tdata); - tor_free(msg); -} - -static void test_options_validate__path_bias(void *ignored) { (void)ignored; @@ -4270,7 +4233,6 @@ struct testcase_t options_tests[] = { LOCAL_VALIDATE_TEST(safe_logging), LOCAL_VALIDATE_TEST(publish_server_descriptor), LOCAL_VALIDATE_TEST(testing), - LOCAL_VALIDATE_TEST(hidserv), LOCAL_VALIDATE_TEST(path_bias), LOCAL_VALIDATE_TEST(bandwidth), LOCAL_VALIDATE_TEST(circuits), diff --git a/src/test/test_periodic_event.c b/src/test/test_periodic_event.c index 6a9569ae89..58565f6af1 100644 --- a/src/test/test_periodic_event.c +++ b/src/test/test_periodic_event.c @@ -50,7 +50,7 @@ test_pe_initialize(void *arg) /* Initialize the events but the callback won't get called since we would * need to run the main loop and then wait for a second delaying the unit - * tests. Instead, we'll test the callback work indepedently elsewhere. */ + * tests. Instead, we'll test the callback work independently elsewhere. */ initialize_periodic_events(); periodic_events_connect_all(); set_network_participation(false); diff --git a/src/test/test_router.c b/src/test/test_router.c index 15cc93fbfc..47084bba01 100644 --- a/src/test/test_router.c +++ b/src/test/test_router.c @@ -282,7 +282,6 @@ test_router_mark_if_too_old(void *arg) mock_ns = &ns; mock_ns->valid_after = now-3600; mock_rs = &rs; - mock_rs->published_on = now - 10; // no reason to mark this time. desc_clean_since = now-10; @@ -302,25 +301,14 @@ test_router_mark_if_too_old(void *arg) tt_i64_op(desc_clean_since, OP_EQ, 0); tt_str_op(desc_dirty_reason, OP_EQ, "time for new descriptor"); - // Version in consensus published a long time ago? We won't mark it - // if it's been clean for only a short time. desc_clean_since = now - 10; desc_dirty_reason = NULL; - mock_rs->published_on = now - 3600 * 96; mark_my_descriptor_dirty_if_too_old(now); tt_i64_op(desc_clean_since, OP_EQ, now - 10); - // ... but if it's been clean a while, we mark. - desc_clean_since = now - 2 * 3600; - mark_my_descriptor_dirty_if_too_old(now); - tt_i64_op(desc_clean_since, OP_EQ, 0); - tt_str_op(desc_dirty_reason, OP_EQ, - "version listed in consensus is quite old"); - - // same deal if we're marked stale. + // Version in consensus marked as stale? We'll mark it. desc_clean_since = now - 2 * 3600; desc_dirty_reason = NULL; - mock_rs->published_on = now - 10; mock_rs->is_staledesc = 1; mark_my_descriptor_dirty_if_too_old(now); tt_i64_op(desc_clean_since, OP_EQ, 0); diff --git a/src/test/test_voting_flags.c b/src/test/test_voting_flags.c index 457b0fa796..a5b1248cc1 100644 --- a/src/test/test_voting_flags.c +++ b/src/test/test_voting_flags.c @@ -40,7 +40,6 @@ setup_cfg(flag_vote_test_cfg_t *c) memset(c->ri.cache_info.signed_descriptor_digest, 0xee, DIGEST_LEN); c->ri.cache_info.published_on = c->now - 100; - c->expected.published_on = c->now - 100; tor_addr_from_ipv4h(&c->ri.ipv4_addr, 0x7f010105); tor_addr_from_ipv4h(&c->expected.ipv4_addr, 0x7f010105); @@ -65,7 +64,6 @@ check_result(flag_vote_test_cfg_t *c) dirauth_set_routerstatus_from_routerinfo(&rs, &c->node, &c->ri, c->now, 0, 0); - tt_i64_op(rs.published_on, OP_EQ, c->expected.published_on); tt_str_op(rs.nickname, OP_EQ, c->expected.nickname); // identity_digest and descriptor_digest are not set here. @@ -144,13 +142,11 @@ test_voting_flags_staledesc(void *arg) time_t now = cfg->now; cfg->ri.cache_info.published_on = now - DESC_IS_STALE_INTERVAL + 10; - cfg->expected.published_on = now - DESC_IS_STALE_INTERVAL + 10; // no change in expectations for is_staledesc if (!check_result(cfg)) goto done; cfg->ri.cache_info.published_on = now - DESC_IS_STALE_INTERVAL - 10; - cfg->expected.published_on = now - DESC_IS_STALE_INTERVAL - 10; cfg->expected.is_staledesc = 1; if (!check_result(cfg)) goto done; diff --git a/src/test/testing_common.c b/src/test/testing_common.c index 2fd424c07e..88d04e6082 100644 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@ -244,14 +244,18 @@ void tinytest_postfork(void); void tinytest_prefork(void) { +#ifdef ENABLE_NSS free_pregenerated_keys(); +#endif subsystems_prefork(); } void tinytest_postfork(void) { subsystems_postfork(); +#ifdef ENABLE_NSS init_pregenerated_keys(); +#endif } static void diff --git a/src/tools/Makefile.nmake b/src/tools/Makefile.nmake deleted file mode 100644 index e223d9b135..0000000000 --- a/src/tools/Makefile.nmake +++ /dev/null @@ -1,22 +0,0 @@ -all: tor-resolve.exe tor-gencert.exe tor-print-ed-signing-cert.exe - -CFLAGS = /I ..\win32 /I ..\..\..\build-alpha\include /I ..\common /I ..\or - -LIBS = ..\..\..\build-alpha\lib\libevent.lib \ - ..\..\..\build-alpha\lib\libcrypto.lib \ - ..\..\..\build-alpha\lib\libssl.lib \ - ..\..\..\build-alpha\lib\libz.lib \ - ws2_32.lib advapi32.lib shell32.lib \ - crypt32.lib gdi32.lib user32.lib - -tor-gencert.exe: tor-gencert.obj - $(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-gencert.obj - -tor-resolve.exe: tor-resolve.obj - $(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-resolve.obj - -tor-print-ed-signing-cert.exe: tor-print-ed-signing-cert.obj - $(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-print-ed-signing-cert.obj - -clean: - del *.obj *.lib *.exe diff --git a/src/win32/include.am b/src/win32/include.am deleted file mode 100644 index dad59af3ae..0000000000 --- a/src/win32/include.am +++ /dev/null @@ -1,3 +0,0 @@ - -EXTRA_DIST+= src/win32/orconfig.h - diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h deleted file mode 100644 index f3f239bbf2..0000000000 --- a/src/win32/orconfig.h +++ /dev/null @@ -1,242 +0,0 @@ -/* orconfig.h for Windows -- This file is *not* generated by autoconf. - * Instead, it has to be hand-edited to keep Win32 happy. - */ - -/* Windows-only defines. */ -#define CONFDIR "" - -/* Define to 1 if you have the <arpa/inet.h> header file. */ -#undef HAVE_ARPA_INET_H - -/* Define to 1 if you have the <assert.h> header file. */ -#define HAVE_ASSERT_H - -/* Define to 1 if you have the <ctype.h> header file. */ -#define HAVE_CTYPE_H - -/* Define to 1 if you have the <errno.h> header file. */ -#define HAVE_ERRNO_H - -/* Define to 1 if you have the <fcntl.h> header file. */ -#define HAVE_FCNTL_H - -/* Define to 1 if you have the `ftime' function. */ -#define HAVE_FTIME - -/* Define to 1 if you have the `gettimeofday' function. */ -#undef HAVE_GETTIMEOFDAY - -/* Define to 1 if you have the <grp.h> header file. */ -#undef HAVE_GRP_H - -/* Define to 1 if you have the `inet_aton' function. */ -#undef HAVE_INET_ATON - -/* Define to 1 if you have the <inttypes.h> header file. */ -/* #define HAVE_INTTYPES_H */ - -/* Define to 1 if you have the <limits.h> header file. */ -#define HAVE_LIMITS_H - -/* Define to 1 if you have the <machine/limits.h> header file. */ -#undef HAVE_MACHINE_LIMITS_H - -/* Define to 1 if you have the <memory.h> header file. */ -#define HAVE_MEMORY_H - -/* Define to 1 if you have the <netdb.h> header file. */ -#undef HAVE_NETDB_H - -/* Define to 1 if you have the <netinet/in.h> header file. */ -#undef HAVE_NETINET_IN_H - -/* Define to 1 if you have the <poll.h> header file. */ -#undef HAVE_POLL_H - -/* Define to 1 if you have the <pwd.h> header file. */ -#undef HAVE_PWD_H - -/* Define to 1 if you have the <signal.h> header file. */ -#define HAVE_SIGNAL_H - -/* Define to 1 if you have the `socketpair' function. */ -#undef HAVE_SOCKETPAIR - -/* Define to 1 if you have the <stdint.h> header file. */ -#undef HAVE_STDINT_H - -/* Define to 1 if you have the <stdlib.h> header file. */ -#define HAVE_STDLIB_H - -/* Define to 1 if you have the <strings.h> header file. */ -#undef HAVE_STRINGS_H - -/* Define to 1 if you have the <string.h> header file. */ -#define HAVE_STRING_H - -/* Define to 1 if you have the `strlcat' function. */ -#undef HAVE_STRLCAT - -/* Define to 1 if you have the `strlcpy' function. */ -#undef HAVE_STRLCPY - -/* Define to 1 if you have the `strptime' function. */ -#undef HAVE_STRPTIME - -/* Define to 1 if your timeval has a tv_sec element. */ -#define HAVE_STRUCT_TIMEVAL_TV_SEC -/* Change to #undef if you're using BCC */ - -/* Define to 1 if you have the <sys/fcntl.h> header file. */ -#undef HAVE_SYS_FCNTL_H - -/* Define to 1 if you have the <sys/ioctl.h> header file. */ -#undef HAVE_SYS_IOCTL_H - -/* Define to 1 if you have the <sys/limits.h> header file. */ -#undef HAVE_SYS_LIMITS_H - -/* Define to 1 if you have the <sys/poll.h> header file. */ -#undef HAVE_SYS_POLL_H - -/* Define to 1 if you have the <sys/socket.h> header file. */ -#undef HAVE_SYS_SOCKET_H - -/* Define to 1 if you have the <sys/stat.h> header file. */ -#define HAVE_SYS_STAT_H - -/* Define to 1 if you have the <sys/time.h> header file. */ -#undef HAVE_SYS_TIME_H - -/* Define to 1 if you have the <sys/types.h> header file. */ -#define HAVE_SYS_TYPES_H - -/* Define to 1 if you have the <sys/utime.h> header file. */ -#define HAVE_SYS_UTIME_H - -/* Define to 1 if you have the <sys/wait.h> header file. */ -#undef HAVE_SYS_WAIT_H - -/* Define to 1 if you have the <time.h> header file. */ -#define HAVE_TIME_H - -/* Define to 1 if you have the `uname' function. */ -#undef HAVE_UNAME - -/* Define to 1 if you have the <unistd.h> header file. */ -#undef HAVE_UNISTD_H - -/* Define to 1 if you have the `_vscprintf' function. */ -#define HAVE__VSCPRINTF 1 - -/* Define to 1 iff NULL is represented by a 0 in memory. */ -#define NULL_REP_IS_ZERO_BYTES 1 - -/* Define to 1 iff memset(0) sets doubles to 0.0 */ -#define DOUBLE_0_REP_IS_ZERO_BYTES 1 - -/* Name of package */ -#define PACKAGE "tor" - -/* Define to the address where bug reports for this package should be sent. */ -#undef PACKAGE_BUGREPORT - -/* Define to the full name of this package. */ -#undef PACKAGE_NAME - -/* Define to the full name and version of this package. */ -#undef PACKAGE_STRING - -/* Define to the one symbol short name of this package. */ -#undef PACKAGE_TARNAME - -/* Define to the version of this package. */ -#undef PACKAGE_VERSION - -/* The size of a `char', as computed by sizeof. */ -#define SIZEOF_CHAR 1 - -/* The size of a `int', as computed by sizeof. */ -#define SIZEOF_INT 4 - -/* The size of a `int16_t', as computed by sizeof. */ -#undef SIZEOF_INT16_T - -/* The size of a `int32_t', as computed by sizeof. */ -#undef SIZEOF_INT32_T - -/* The size of a `int64_t', as computed by sizeof. */ -#undef SIZEOF_INT64_T - -/* The size of a `int8_t', as computed by sizeof. */ -#undef SIZEOF_INT8_T - -/* The size of a `long', as computed by sizeof. */ -#define SIZEOF_LONG 4 - -/* The size of a `long long', as computed by sizeof. */ -#undef SIZEOF_LONG_LONG - -/* The size of `pid_t', as computed by sizeof. */ -#define SIZEOF_PID_T 0 - -/* The size of a `short', as computed by sizeof. */ -#define SIZEOF_SHORT 2 - -/* The size of a `time_t', as computed by sizeof. */ -#define SIZEOF_TIME_T 4 - -/* The size of a `uint16_t', as computed by sizeof. */ -#undef SIZEOF_UINT16_T - -/* The size of a `uint32_t', as computed by sizeof. */ -#undef SIZEOF_UINT32_T - -/* The size of a `uint64_t', as computed by sizeof. */ -#undef SIZEOF_UINT64_T - -/* The size of a `uint8_t', as computed by sizeof. */ -#undef SIZEOF_UINT8_T - -/* The size of a `void *', as computed by sizeof. */ -#define SIZEOF_VOID_P 4 - -/* The size of a `__int64', as computed by sizeof. */ -#define SIZEOF___INT64 8 - -/* The sizeof a size_t, as computed by sizeof. */ -#define SIZEOF_SIZE_T 4 - -/* Define to 1 if you have the ANSI C header files. */ -#define STDC_HEADERS - -/* Define to 1 iff unaligned int access is allowed */ -#define UNALIGNED_INT_ACCESS_OK - -/* Define to 1 iff we represent negative integers with two's complement */ -#define USING_TWOS_COMPLEMENT - -/* Version number of package */ -#define VERSION "0.4.7.12-dev" - -#define HAVE_STRUCT_SOCKADDR_IN6 -#define HAVE_STRUCT_IN6_ADDR -#define RSHIFT_DOES_SIGN_EXTEND -#define FLEXIBLE_ARRAY_MEMBER 0 -#define SHARE_DATADIR "" -#define USE_CURVE25519_DONNA - -#define ENUM_VALS_ARE_SIGNED 1 - -#ifndef STDOUT_FILENO -#define STDOUT_FILENO 1 -#endif - -#ifndef STDERR_FILENO -#define STDERR_FILENO 2 -#endif - -#define WINVER 0x0501 -#define _WIN32_WINNT 0x0501 -#define WIN32_LEAN_AND_MEAN 1 - |