summaryrefslogtreecommitdiff
path: root/src/or
AgeCommit message (Collapse)Author
2015-08-11Purge client HS failure cache on NEWNYMDavid Goulet
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-08-11Add rend failure cacheDavid Goulet
When fetching a descriptor, we know test every introduction points in it against our rend failure cache to know if we keep it or not. For this to work, now everytime an introduction points is discareded (ex: receiving a NACK), we note it down in our introduction cache. See rendcache.c for a detailed explanation of the cache's behavior. Fixes #16389 Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-31Move formatting functions around.Nick Mathewson
The base64 and base32 functions used to be in crypto.c; crypto_format.h had no header; some general-purpose functions were in crypto_curve25519.c. This patch makes a {crypto,util}_format.[ch], and puts more functions there. Small modules are beautiful!
2015-07-30Add get_max_sockets() and remove dead codeDavid Goulet
The control port was using set_max_file_descriptors() with a limit set to 0 to query the number of maximum socket Tor can use. With the recent changes to that function, a check was introduced to make sure a user can not set a value below the amount we reserved for non socket. This commit adds get_max_sockets() that returns the value of max_sockets so we can stop using that "setter" function to get the current value. Finally, the dead code is removed that is the code that checked for limit equal to 0. From now on, set_max_file_descriptors() should never be used with a limit set to 0 for a valid use case. Fixes #16697 Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-30whitespace fixNick Mathewson
2015-07-30Wrap windows-only C files in #ifdef _WIN32Nick Mathewson
This should make some scripts and IDEs happier.
2015-07-21Remove casting of void pointers when handling signals.cypherpunks
2015-07-16Merge remote-tracking branch 'public/feature_16580'Nick Mathewson
2015-07-16Merge remote-tracking branch 'public/ticket16543'Nick Mathewson
2015-07-16Merge remote-tracking branch 'sysrqb/bug15220_026_sysrqb'Nick Mathewson
2015-07-16Break some wide linesNick Mathewson
2015-07-16Fix most check-spaces issuesNick Mathewson
2015-07-15Use C99 variadic macros when not on GCC.Nick Mathewson
1) We already require C99. 2) This allows us to support MSVC again (thanks to Gisle Vanem for this part) 3) This change allows us to dump some rotten old compatibility code from log.c
2015-07-15Merge branches 'feature_16582' and 'feature_16581'Nick Mathewson
2015-07-15Don't allow INIT_ED_KEY_{NO_REPAIR,NEEDCERT} to be used together.Nick Mathewson
We haven't implemented NO_REPAIR for NEEDCERT, and we don't need it: but it's safest to stop any attempt to use it that way.
2015-07-15Add more EINVAL errno setting on key read failuresNick Mathewson
Teor found these. This is for part of #16582.
2015-07-14Add changes file for 8712; apply it to HSDir flag as well.Nick Mathewson
2015-07-14Vote for relays to be fast and stable even when they aren't currently active.Peter Retzlaff
2015-07-14Change the name for the keypinning file; delete the old one if foundNick Mathewson
This is a brute-force fix for #16580, wherein #16530 caused some routers to do bad things with the old keypinning journal.
2015-07-14Add more consistency checks in load_ed_keysNick Mathewson
Make sure that signing certs are signed by the right identity key, to prevent a recurrence of #16530. Also make sure that the master identity key we find on disk matches the one we have in RAM, if we have one. This is for #16581.
2015-07-14Do more consistency checks in ed_key_init_from_file()Nick Mathewson
When there is a signing key and the certificate lists a key, make sure that the certificate lists the same signing key. When there are public key and secret key stored in separate files, make sure they match. Use the right file name when we load an encrypted secret key and then find a problem with it. This is part of 16581.
2015-07-14If loading an ed25519 master key fails with errno != ENOENT, give up.Nick Mathewson
This implements feature 16582: if we get EMFILE or something when loading our master key, we should not at that point attempt to overwrite it.
2015-07-14Preserve errno when loading encrypted ed25519 keys.Nick Mathewson
2015-07-14Remove empty rend_service_validate_intro_early functionJohn Brooks
2015-07-14Rename ambiguous introduction point functionsJohn Brooks
Task #15824
2015-07-10Remove the HidServDirV2 and VoteOnHidServDirectoriesV2 optionsNick Mathewson
(Mark them as obsolete) Closes 16543.
2015-07-09Merge branch 'bug4862_027_04_squashed'Nick Mathewson
2015-07-09Fix comments in rendservice.cDavid Goulet
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09Count intro circuit and not only established onesDavid Goulet
When cleaning up extra circuits that we've opened for performance reason, we need to count all the introduction circuit and not only the established ones else we can end up with too many introduction points. This also adds the check for expiring nodes when serving an INTRODUCE cell since it's possible old clients are still using them before we have time to close them. Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09Upload descriptor when all intro points are readyDavid Goulet
To upload a HS descriptor, this commits makes it that we wait for all introduction point to be fully established. Else, the HS ends up uploading a descriptor that may contain intro points that are not yet "valid" meaning not yet established or proven to work. It could also trigger three uploads for the *same* descriptor if every intro points takes more than 30 seconds to establish because of desc_is_dirty being set at each intro established. To achieve that, n_intro_points_established varialbe is added to the rend_service_t object that is incremented when we established introduction point and decremented when we remove a valid intro point from our list. The condition to upload a descriptor also changes to test if all intro points are ready by making sure we have equal or more wanted intro points that are ready. The desc_id_dirty flag is kept to be able to still use the RendInitialPostPeriod option. This partially fixes #13483. Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09Reuse intro points that failed but are still validDavid Goulet
There is a case where if the introduction circuit fails but the node is still in the consensus, we clean up the intro point and choose an other one. This commit fixes that by trying to reuse the existing intro point with a maximum value of retry. A retry_nodes list is added to rend_services_introduce() and when we remove an invalid intro points that fits the use case mentionned before, we add the node to the retry list instead of removing it. Then, we retry on them before creating new ones. This means that the requirement to remove an intro point changes from "if no intro circuit" to "if no intro circuit then if no node OR we've reached our maximum circuit creation count". For now, the maximum retries is set to 3 which it completely arbitrary. It should also at some point be tied to the work done on detecting if our network is down or not. Fixes #8239 Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-07-09Refactor rend_services_introduce()David Goulet
The reasoning for refactoring this function is that removing the introduction point adaptative algorithm (#4862) ended up changing quite a bit rend_services_introduce(). Also, to fix some open issues (#8239, #8864 and #13483), this work had to be done. First, this removes time_expiring variable in an intro point object and INTRO_POINT_EXPIRATION_GRACE_PERIOD trickery and use an expiring_nodes list where intro nodes that should expire are moved to that list and cleaned up only once the new descriptor is successfully uploaded. The previous scheme was adding complexity and arbitrary timing to when we expire an intro point. We keep the intro points until we are sure that the new descriptor is uploaded and thus ready to be used by clients. For this, rend_service_desc_has_uploaded() is added to notify the HS subsystem that the descriptor has been successfully uploaded. The purpose of this function is to cleanup the expiring nodes and circuits if any. Secondly, this adds the remove_invalid_intro_points() function in order to split up rend_services_introduce() a bit with an extra modification to it that fixes #8864. We do NOT close the circuit nor delete the intro point if the circuit is still alive but the node was removed from the consensus. Due to possible information leak, we let the circuit and intro point object expire instead. Finally, the whole code flow is simplified and large amount of documentation has been added to mostly explain the why of things in there. Fixes #8864 Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29More tweaks for windows compilation. (ick)Nick Mathewson
2015-06-29Remove checks for visual C 6.Nick Mathewson
2015-06-29Add the torrc option HiddenServiceNumIntroductionPointsDavid Goulet
This is a way to specify the amount of introduction points an hidden service can have. Maximum value is 10 and the default is 3. Fixes #4862 Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29Remove intro points adaptative algorithmDavid Goulet
Partially fixes #4862 Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-28fix a windows unused var warningNick Mathewson
2015-06-27Avoid a segfault when reading an encrypted key that isn't thereNick Mathewson
Patch from cypherpunks. Fixes bug 16449. Bug not in any released tor.
2015-06-25Merge branch 'bug16288_027_03_squashed'Nick Mathewson
2015-06-25Validate the open file limit when creating a socketDavid Goulet
Fixes #16288 Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-25Merge remote-tracking branch 'origin/maint-0.2.6'Nick Mathewson
2015-06-25Merge remote-tracking branch 'public/bug16013_025' into maint-0.2.6Nick Mathewson
2015-06-25Avoid crashing on busy/NEWNYM+hidden service clientsNick Mathewson
When we ran out of intro points for a hidden service (which could happen on a newnym), we would change the connection's state back to "waiting for hidden service descriptor." But this would make an assertion fail if we went on to call circuit_get_open_circ_or_launch again. This fixes bug 16013; I believe the bug was introduced in 38be533c69417aacf28cedec1c3bae808ce29f4, where we made it possible for circuit_get_open_circ_or_launch() to change the connection's state.
2015-06-25Merge remote-tracking branch 'origin/maint-0.2.6'Nick Mathewson
2015-06-25Merge remote-tracking branch 'public/bug16400_026' into maint-0.2.6Nick Mathewson
2015-06-22Repair breakage in early-error case of microdesc parsingNick Mathewson
When I fixed #11243, I made it so we would take the digest of a descriptor before tokenizing it, so we could desist from download attempts if parsing failed. But when I did that, I didn't remove an assertion that the descriptor began with "onion-key". Usually, this was enforced by "find_start_of_next_microdescriptor", but when find_start_of_next_microdescriptor returned NULL, the assertion was triggered. Fixes bug 16400. Thanks to torkeln for reporting and cypherpunks_backup for diagnosing and writing the first fix here.
2015-06-19Merge remote-tracking branch 'dgoulet/rendcache_027_01'Nick Mathewson
2015-06-19fix some memory leaks that coverity foundNick Mathewson
2015-06-18Move cache objects and functions to rendcache.{c|h}David Goulet
Every functions and objects that are used for hidden service descriptor caches are moved to rendcache.{c|h}. This commit does NOT change anything, just moving code around. Fixes #16399 Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-18Add rendcache.{c|h}David Goulet
For now, rend_cache_entry_t has been moved from or.h to rendcache.h and those files have been added to the build system. In the next commit, these will contain hidden service descriptor cache ABI and API for both client and directory side. The goal is to consolidate the descriptor caches in one location to ease development, maintenance, review and improve documentation for each cache behavior and algorithm. Signed-off-by: David Goulet <dgoulet@ev0ke.net>