aboutsummaryrefslogtreecommitdiff
path: root/src/or/connection_edge.c
AgeCommit message (Collapse)Author
2012-07-17Change all SMARTLIST_FOREACH loops of >=10 lines to use BEGIN/ENDNick Mathewson
The SMARTLIST_FOREACH macro is more convenient than BEGIN/END when you have a nice short loop body, but using it for long bodies makes your preprocessor tell the compiler that all the code is on the same line. That causes grief, since compiler warnings and debugger lines will all refer to that one line. So, here's a new style rule: SMARTLIST_FOREACH blocks need to be short.
2012-06-27Fix GETINFO address-mappings/... with wildcarded addresses.Nick Mathewson
2012-06-19Fix a regression bug in AllowDotExitNick Mathewson
The code that detected the source of a remapped address checked that an address mapping's source was a given rewrite rule if addr_orig had no .exit, and addr did have a .exit after processing that rule. But addr_orig was formatted for logging: it was not the original address at all, but rather was the address escaped for logging and possibly replaced with "[scrubbed]". This new logic will correctly set ADDRMAPSRC_NONE in the case when the address starts life as a .exit address, so that AllowDotExit can work again. Fixes bug 6211; bugfix on 0.2.3.17-beta
2012-06-15Triage the XXX023 and XXX022 comments: postpone many.Nick Mathewson
2012-06-13Merge remote-tracking branch 'public/bug3940_redux'Nick Mathewson
2012-06-11fixup! An attempt at bug3940 and making AllowDotExit 0 work with MapAddressNick Mathewson
2012-06-05Fix "make check-spaces" issuesNick Mathewson
2012-06-04Update copyright dates to 2012; add a few missing copyright statementsNick Mathewson
2012-06-04Add about 60 more DOCDOC comments to 0.2.3Nick Mathewson
Also, try to resolve some doxygen issues. First, define a magic "This is doxygen!" macro so that we take the correct branch in various #if/#else/#endifs in order to get the right documentation. Second, add in a few grouping @{ and @} entries in order to get some variables and fields to get grouped together.
2012-06-04Resolve all currently pending DOCDOC items in masterNick Mathewson
2012-06-04Document the new exit_source_out argument to addressmap_rewriteNick Mathewson
2012-05-16In connection_ap_handshake_process_socks(), mark the socks request as ↵Fabian Keil
finished if a reply is send after a parse error Silences the log message: [warn] {BUG} _connection_mark_unattached_ap(): Bug: stream (marked at connection_edge.c:2224) sending two socks replies? after the client triggered the "Tor is not an HTTP Proxy" response. No additional socks reply was sent, though.
2012-05-16Merge remote-tracking branch 'public/bug2822'Nick Mathewson
2012-05-11An attempt at bug3940 and making AllowDotExit 0 work with MapAddressNick Mathewson
This time, I follow grarpamp's suggestion and move the check for .exit+AllowDotExit 0 to the top of connection_ap_rewrite_and_attach, before any rewriting occurs. This way, .exit addresses are forbidden as they arrive from a socks connection or a DNSPort request, and not otherwise. It _is_ a little more complicated than that, though. We need to treat any .exit addresses whose source is TrackHostExits as meaning that we can retry without that exit. We also need to treat any .exit address that comes from an AutomapHostsOnResolve operation as user-provided (and thus forbidden if AllowDotExits==0), so that transitioning from AllowDotExits==1 to AllowDotExits==0 will actually turn off automapped .exit addresses.
2012-05-01Add a missing ntohl to tell_controller_about_resolve_resultNick Mathewson
Fix for bug 5723; bugfix on 0.2.3.1-alpha (commit 22f723e4)
2012-04-24be willing to use nodes in excludeexitnodes as directory mirrorsRoger Dingledine
fixes bug 5623.
2012-03-28Reject SOCKS requests for "localhost" or ".local"Nick Mathewson
Sending them on is futile, since we will be told "127.0.0.1" and then think we've been lied to. Partial fix for 2822.
2012-03-28Rate-limit the warnings as a client when asked to connect a private addrNick Mathewson
Partial fix for ticket 2822.
2012-01-16Merge remote-tracking branch 'public/bug3325'Nick Mathewson
2012-01-16Convert instances of tor_malloc+tor_snprintf into tor_asprintfNick Mathewson
These were found by looking for tor_snprintf() instances that were preceeded closely by tor_malloc(), though I probably converted some more snprintfs as well. (In every case, make sure that the length variable (if any) is removed, renamed, or lowered, so that anything else that might have assumed a longer buffer doesn't exist.)
2012-01-16Convert instances of tor_snprintf+strdup into tor_asprintfNick Mathewson
These were found by looking for tor_snprintf() instances that were followed closely by tor_strdup(), though I probably converted some other snprintfs as well.
2012-01-11Move logging of bad hostnames into parse_extended_hostnameNick Mathewson
This fixes bug 3325, where a bad .exit would get logged as a bad .onion
2011-11-30Merge branch 'feature2553-v4-rebased'Nick Mathewson
2011-11-30Add ifdefs to disable assertion in connection_ap_handshake_send_beginRobert Ransom
2011-11-30Don't allow tor2web-mode Tors to connect to non-HS addressesRobert Ransom
The client's anonymity when accessing a non-HS address in tor2web-mode would be easily nuked by inserting an inline image with a .onion URL, so don't even pretend to access non-HS addresses through Tor.
2011-11-30Merge branch 'bug933_nm_rebased_v2'Nick Mathewson
Conflicts: src/test/test.c
2011-11-30Tweak addressmap_rewrite a little moreNick Mathewson
This resolves a loop warning on "MapAddress *.example.com example.com", makes the rewrite log messages correct, and fixes the behavior of "MapAddress *.a *.b" when just given "a" as an input.
2011-11-30Fix an issue in my mapaddress domains code spotted by armaNick Mathewson
MapAddress *.torproject.org torproject.org would have been interpreted as a map from a domain to itself, and would have cleared the mapping. Now we require not only a match of domains, but of wildcards.
2011-11-30Refactor addressmap_match_superdomains and representation of wildcardsNick Mathewson
In this new representation for wildcarded addresses, there are no longer any 'magic addresses': rather, "a.b c.d", "*.a.b c.d" and "*.a.b *.c.d" are all represented by a mapping from "a.b" to "c.d". we now distinguish them by setting bits in the addressmap_entry_t structure, where src_wildcard is set if the source address had a wildcard, and dst_wildcard is set if the target address had a wildcard. This lets the case where "*.a.b *.c.d" or "*.a.b c.d" remap the address "a.b" get handled trivially, and lets us simplify and improve the addressmap_match_superdomains implementation: we can now have it run in O(parts of address) rather than O(entries in addressmap).
2011-11-30Address nickm's comments at ↵Robert Hogan
https://trac.torproject.org/projects/tor/ticket/933#comment:8 1. Only allow '*.' in MapAddress expressions. Ignore '*ample.com' and '.example.com'. This has resulted in a slight refactoring of config_register_addressmaps. 2. Add some more detail to the man page entry for AddressMap. 3. Fix initialization of a pointer to NULL rather than 0. 4. Update the unit tests to cater for the changes in 1 and test more explicitly for recursive mapping.
2011-11-30Address nickm's comments at ↵Robert Hogan
https://trac.torproject.org/projects/tor/ticket/933#comment:4 1. Implement the following mapping rules: MapAddress a.b.c d.e.f # This is what we have now MapAddress .a.b.c d.e.f # Replaces any address ending with .a.b.c with d.e.f MapAddress .a.b.c .d.e.f # Replaces the .a.b.c at the end of any addr with .d.e.f (Note that 'a.b.c .d.e.f' is invalid, and will be rejected.) 2. Add tests for the new rules. 3. Allow proper wildcard annotation, i.e. '*.d.e' '.d.e' will still work. 4. Update addressmap_entry_t with an is_wildcard member.
2011-11-30bug933 - Match against super-domains in MapAddressRobert Hogan
Allow MapAddress to handle directives such as: MapAddress .torproject.org .torserver.exit MapAddress .org 1.1.1.1 Add tests for addressmap_rewrite.
2011-11-30Use correct address family where necessary for bridges on IPv6.Linus Nordberg
2011-10-19Merge remote-tracking branch 'origin/maint-0.2.2'Nick Mathewson
2011-10-19Fix crash when changing node restrictions with DNS lookup in progressNick Mathewson
Fixes bug 4259, bugfix on 0.2.2.25-alpha. Bugfix by "Tey'". Original message by submitter: Changing nodes restrictions using a controller while Tor is doing DNS resolution could makes Tor crashes (on WinXP at least). The problem can be repeated by trying to reach a non-existent domain using Tor: curl --socks4a 127.0.0.1:9050 inexistantdomain.ext .. and changing the ExitNodes parameter through the control port before Tor returns a DNS resolution error (of course, the following command won't work directly if the control port is password protected): echo SETCONF ExitNodes=TinyTurtle | nc -v 127.0.0.1 9051 Using a non-existent domain is needed to repeat the issue so that Tor takes a few seconds for resolving the domain (which allows us to change the configuration). Tor will crash while processing the configuration change. The bug is located in the addressmap_clear_excluded_trackexithosts method which iterates over the entries of the addresses map in order to check whether the changes made to the configuration will impact those entries. When a DNS resolving is in progress, the new_adress field of the associated entry will be set to NULL. The method doesn't expect this field to be NULL, hence the crash.
2011-10-11Stop using addr_port_lookup as an address splitting functionNick Mathewson
It's too risky to have a function where if you leave one parameter NULL, it splits up address:port strings, but if you set it, it does hostname resolution.
2011-10-11Change "reverse_lookup_name" functions to refer to "PTR_name"sNick Mathewson
Under the new convention, having a tor_addr.*lookup function that doesn't do hostname resolution is too close for comfort. I used this script here, and have made no other changes. s/tor_addr_parse_reverse_lookup_name/tor_addr_parse_PTR_name/g; s/tor_addr_to_reverse_lookup_name/tor_addr_to_PTR_name/g;
2011-10-11Fix names of functions that convert strings to addrsNick Mathewson
Now let's have "lookup" indicate that there can be a hostname resolution, and "parse" indicate that there wasn't. Previously, we had one "lookup" function that did resolution; four "parse" functions, half of which did resolution; and a "from_str()" function that didn't do resolution. That's confusing and error-prone! The code changes in this commit are exactly the result of this perl script, run under "perl -p -i.bak" : s/tor_addr_port_parse/tor_addr_port_lookup/g; s/parse_addr_port(?=[^_])/addr_port_lookup/g; s/tor_addr_from_str/tor_addr_parse/g; This patch leaves aton and pton alone: their naming convention and behavior is is determined by the sockets API. More renaming may be needed.
2011-10-03Fix compilation of 3335 and 3825 fixesNick Mathewson
In master, they ran into problems with the edge_conn/entry_conn split.
2011-10-03Merge remote-tracking branch 'rransom-tor/bug3335-v2'Nick Mathewson
Conflicts: src/or/connection_edge.c src/or/rendclient.c
2011-10-02Clear the timed_out flag when an HS connection attempt endsRobert Ransom
2011-09-24trivial whitespace changes, take twoRoger Dingledine
2011-09-24Trivial whitespace fixesNick Mathewson
2011-09-07Fix whitespace issues in patches merged today so farNick Mathewson
2011-09-07Merge remote-tracking branch 'public/split_entry_conn'Nick Mathewson
Conflicts: src/or/connection.c src/or/connection_edge.c src/or/connection_edge.h src/or/dnsserv.c Some of these were a little tricky, since they touched code that changed because of the prop171 fixes.
2011-09-06Merge remote-tracking branch 'origin/maint-0.2.2'Nick Mathewson
Conflicts: src/or/connection_edge.c Conflicted on a router->node transition; fix was easy.
2011-09-06Fix assertion in addressmap_clear_excluded_trackexithostsNick Mathewson
Fixes bug 3923; bugfix on 0.2.2.25-alpha; bugfix from 'laruldan' on trac.
2011-08-09Sticking a size_t into long generates a warn on winSebastian Hahn
2011-08-08Remove connection_edge_streams_are_compatibleRobert Ransom
It's dead code (not used anywhere by the current proposal 171 algorithm).
2011-08-08Fix handling of ISO_STREAMRobert Ransom
Now we track *which* stream with ISO_STREAM set is associated to a particular circuit, so that we won't think that stream is incompatible with its circuit and launch another one a second later, and we use that same field to mark circuits which have had an ISO_STREAM stream attached to them, so that we won't ever put a second stream on that circuit. Fixes bug 3695.