aboutsummaryrefslogtreecommitdiff
path: root/src/or/entrynodes.h
AgeCommit message (Collapse)Author
2017-06-29Merge branch 'maint-0.3.0' into maint-0.3.1Nick Mathewson
2017-06-29Merge branch 'trove-2017-006' into maint-0.3.0Nick Mathewson
2017-06-29Consider the exit family when applying guard restrictions.Nick Mathewson
When the new path selection logic went into place, I accidentally dropped the code that considered the _family_ of the exit node when deciding if the guard was usable, and we didn't catch that during code review. This patch makes the guard_restriction_t code consider the exit family as well, and adds some (hopefully redundant) checks for the case where we lack a node_t for a guard but we have a bridge_info_t for it. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-006 and CVE-2017-0377.
2017-05-22Set guard state on bridge descriptor fetches.George Kadianakis
We used to not set the guard state in launch_direct_bridge_descriptor_fetch(). So when a bridge descriptor fetch failed, the guard subsystem would never learn about the fail (and hence the guard's reachability state would not be updated).
2017-05-22Set guard state on bridge descriptor fetches.George Kadianakis
We used to not set the guard state in launch_direct_bridge_descriptor_fetch(). So when a bridge descriptor fetch failed, the guard subsystem would never learn about the fail (and hence the guard's reachability state would not be updated).
2017-03-15Run the copyright update script.Nick Mathewson
2017-01-31Don't build circuits till primary guards have descriptorsNick Mathewson
In addition to not wanting to build circuits until we can see most of the paths in the network, and in addition to not wanting to build circuits until we have a consensus ... we shouldn't build circuits till all of our (in-use) primary guards have descriptors that we can use for them. This is another bug 21242 fix.
2017-01-31Don't (usually) return any guards that are missing descriptors.Nick Mathewson
Actually, it's _fine_ to use a descriptorless guard for fetching directory info -- we just shouldn't use it when building circuits. Fortunately, we already have a "usage" flag that we can use here. Partial fix for bug 21242.
2017-01-30Remove a couple of stale comments from entrynodes.hNick Mathewson
2017-01-24Repair the (deprecated, ugly) DROPGUARDS controller function.Nick Mathewson
This actually is much easier to write now that guard_selection_t is first-class.
2017-01-18Remove argument from guards_choose_dirguardNick Mathewson
2017-01-18Remove GS_TYPE_LEGACYNick Mathewson
2017-01-18Remove the (no longer compiled) code for legacy guard selection.Nick Mathewson
Part of 20830.
2017-01-02Make GETINFO entry-guards work again with prop271Nick Mathewson
This is not a great solution, but it's as close to backward-compatible as possible. A better GETINFO API should expose more information.
2016-12-16Disable the legacy guard algorithm. Code isn't removed yet.Nick Mathewson
(Keeping the code around in case I broke Tor in some unexpected way.)
2016-12-16Make NumDirectoryGuards work with the new guard algorithm.Nick Mathewson
Now that we support NumEntryGuards, NumDirectoryGuards is pretty easy to put back in.
2016-12-16Make NumEntryGuards work as expected again.Nick Mathewson
Further, add a "guard-n-primary-guards-to-use" parameter, defaulting to 1, for NumEntryGuards to override.
2016-12-16Respect GuardLifetime in prop271 code.Nick Mathewson
It overrides both the GUARD_LIFETIME and the GUARD_CONFIRMED_MIN_LIFETIME options.
2016-12-16Add a separate, non-fractional, limit to the sampled guard set size.Nick Mathewson
Letting the maximum sample size grow proportionally to the number of guards defeats its purpose to a certain extent. Noted by asn during code review. Fixes bug 20920; bug not in any released (or merged) version of Tor.
2016-12-16Easy code fixes.George Kadianakis
- Correctly maintain the previous guard selection in choose_guard_selection(). - Print bridge identifier instead of nothing in entry_guard_describe()._
2016-12-16Trivial documentation improvements.George Kadianakis
2016-12-16Wrap all of the legacy guard code, and its users, in #ifdefsNick Mathewson
This will make it easier to see what we remove down the line.
2016-12-16prop271: Tests for the highlevel or_state_t encode/decode functionsNick Mathewson
2016-12-16Extract guard_selection_infer_type into its own function.Nick Mathewson
2016-12-16Implement support for per-circuit guard restrictions.Nick Mathewson
This is an important thing I hadn't considered when writing prop271: sometimes you have to restrict what guard you use for a particular circuit. Most frequently, that would be because you plan to use a certain node as your exit, and so you can't choose that for your guard. This change means that the upgrade-waiting-circuits algorithm needs a slight tweak too: circuit A cannot block circuit B from upgrading if circuit B needs to follow a restriction that circuit A does not follow.
2016-12-16Remove some resolved "XXXX prop271" comments.Nick Mathewson
2016-12-16Change return value of entry_guard_succeeded to an enum.Nick Mathewson
George pointed out that (-1,0,1) for (never usable, maybe usable later, usable right now) was a pretty rotten convention that made the code harder to read.
2016-12-16Add some needed accessors/inspectors for bridge/guard convergenceNick Mathewson
2016-12-16Lay down some infrastructure for bridges in the New Guard Order.Nick Mathewson
This includes: * making bridge_info_t exposed but opaque * allowing guards where we don't know an identity * making it possible to learn the identity of a guard * creating a guard that lacks a node_t * remembering a guard's address and port. * Looking up a guard by address and port. * Only enforcing the rule that we need a live consensus to update the "listed" status for guards when we are not using bridges.
2016-12-16Remove guard_selection argument from status-reporting functionsNick Mathewson
This prevents us from mixing up multiple guard_selections
2016-12-16Add a backpointer from entry_guard_t to guard_selection_tNick Mathewson
This is safe, because no entry_guard_t ever outlives its guard_selection_t. I want this because now that multiple guard selections can be active during one tor session, we should make sure that any information we register about guards is with respect to the selection that they came from.
2016-12-16Have multiple guard contexts we can switch between.Nick Mathewson
Currently, this code doesn't actually have the contexts behave differently, (except for the legacy context), but it does switch back and forth between them nicely.
2016-12-16Unit tests for entry_guard_{pick_for_circuit,succeeded,failed}Nick Mathewson
2016-12-16Turn #defines for prop271 into networkstatus paramsNick Mathewson
Some of these will get torrc options to override them too; this is just the mechanical conversion. Also, add documentation for a couple of undocumented (but now used) parameters.
2016-12-16Expire circuits that have been WAITING_FOR_BETTER_GUARD too longNick Mathewson
(This is required by 3.9 in prop271, but is better done as a separate function IMO)
2016-12-16Move the 'dirty' flag for the guards to a global againNick Mathewson
It makes more sense to have a single dirty flag, since we always regenerate the whole state file when we save it.
2016-12-16Test get_guard_selection_by_nameNick Mathewson
2016-12-16Make sure primary-guards are up-to-date when we inspect them.Nick Mathewson
(Plus some magic to prevent and detect recursive invocation of entry_guards_update_primary(), since that can cause some pretty tricky misbehavior.)
2016-12-16Rebuild the guard lists as appropriate on torrc change.Nick Mathewson
(Also, prepare to tie guard changes into the mark-all-old-circuits logic.)
2016-11-30Make new prop271 entry guards persistentNick Mathewson
To do this, it makes sense to treat legacy guards as a separate guard_selection_t *, and handle them separately. This also means we add support here for having multiple guard selections. Note that we don't persist pathbias information yet; that will take some refactoring.
2016-11-30Use the new guard notification/selection APIs throughout TorNick Mathewson
This patch doesn't cover every case; omitted cases are marked with "XXXX prop271", as usual. It leaves both the old interface and the new interface for guard status notification, since they don't actually work in the same way: the new API wants to be told when a circuit has failed or succeeded, whereas the old API wants to know when a channel has failed or succeeded. I ran into some trouble with directory guard stuff, since when we pick the directory guard, we don't actually have a circuit to associate it with. I solved that by allowing guard states to be associated with directory connections, not just circuits.
2016-11-30Function to cancel a guard state.Nick Mathewson
We'll want to use this if we allocate a guard state then decide, "whoops, we don't want to use this."
2016-11-30New function to tell the guard module "We're on the net!"Nick Mathewson
(Call it whenever we read a cell.)
2016-11-30Write the easy parts of the public entryguard interface.Nick Mathewson
Here we add a little bit of state to origin circuits, and set up the necessary functions for the circuit code to call in order to find guards, use guards, and decide when circuits can be used. There's also an incomplete function for the hard part of the circuit-maintenance code, where we figure out whether any waiting guards are ready to become usable. (This patch finally uses the handle.c code to make safe handles to entry_guard_t objects, so that we are allowed to free an entry_guard_t without checking whether any origin_circuit_t is holding a reference to it.)
2016-11-30Implement most of the prop271 data structure backends.Nick Mathewson
This code handles: * Maintaining the sampled set, the filtered set, and the usable_filtered set. * Maintaining the confirmed and primary guard lists. * Picking guards for circuits, and updating guard state when circuit state changes. Additionally, I've done code structure movement: even more constants and structures from entrynodes.c have become ENTRYNODES_PRIVATE fields of entrynodes.h. I've also included a bunch of documentation and a bunch of unit tests. Coverage on the new code is pretty high. I've noted important things to resolve before this branch is done with the /XXXX.*prop271/ regex.
2016-11-30Add accessors as needed to repair compilationNick Mathewson
The previous commit, in moving a bunch of functions to bridges.c, broke compilation because bridges.c required two entry points to entrynodes.c it didn't have.
2016-11-30Split bridge functions into a new module.Nick Mathewson
This patch is just: * Code movement * Adding headers here and there as needed * Adding a bridges_free_all() with a call to it. It breaks compilation, since the bridge code needed to make exactly 2 calls into entrynodes.c internals. I'll fix those in the next commit.
2016-11-30Initial code to parse/encode/sample prop271 guardsNick Mathewson
The encoding code is very straightforward. The decoding code is a bit tricky, but clean-ish. The sampling code is untested and probably needs more work.
2016-11-30Add the prop271 fields to entry_guard_t. Not used yet.Nick Mathewson
2016-11-30Make entry_guard_t opaque to circpathbias.cNick Mathewson
This was a relatively mechanical change. First, I added an accessor function for the pathbias-state field of a guard. Then I did a search-and-replace in circpathbias.c to replace "guard->pb." with "pb->". Finally, I made sure that "pb" was declared whenever it was needed.