diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/address.c | 2 | ||||
| -rw-r--r-- | src/common/util.c | 12 | ||||
| -rw-r--r-- | src/or/channel.c | 12 | ||||
| -rw-r--r-- | src/or/channel.h | 3 | ||||
| -rw-r--r-- | src/or/config.c | 1 | ||||
| -rw-r--r-- | src/or/connection_or.c | 33 | ||||
| -rw-r--r-- | src/or/directory.c | 2 | ||||
| -rw-r--r-- | src/or/or.h | 3 | ||||
| -rw-r--r-- | src/or/policies.h | 7 | ||||
| -rw-r--r-- | src/or/relay.c | 1 | ||||
| -rw-r--r-- | src/or/rendclient.c | 20 | ||||
| -rw-r--r-- | src/or/rendservice.c | 1 | ||||
| -rw-r--r-- | src/or/router.c | 2 | ||||
| -rw-r--r-- | src/test/test_util.c | 1 |
14 files changed, 70 insertions, 30 deletions
diff --git a/src/common/address.c b/src/common/address.c index 227b4fbae..14a7b6bc9 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -1187,6 +1187,8 @@ get_interface_addresses_raw(int severity) result = smartlist_new(); for (i = ifa; i; i = i->ifa_next) { tor_addr_t tmp; + if ((i->ifa_flags & (IFF_UP | IFF_RUNNING)) != (IFF_UP | IFF_RUNNING)) + continue; if (!i->ifa_addr) continue; if (i->ifa_addr->sa_family != AF_INET && diff --git a/src/common/util.c b/src/common/util.c index db160fdf0..ae385e1b9 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -3374,10 +3374,10 @@ format_hex_number_for_helper_exit_status(unsigned int x, char *buf, * <b>hex_errno</b>. Called between fork and _exit, so must be signal-handler * safe. * - * <b>hex_errno</b> must have at least HEX_ERRNO_SIZE bytes available. + * <b>hex_errno</b> must have at least HEX_ERRNO_SIZE+1 bytes available. * * The format of <b>hex_errno</b> is: "CHILD_STATE/ERRNO\n", left-padded - * with spaces. Note that there is no trailing \0. CHILD_STATE indicates where + * with spaces. CHILD_STATE indicates where * in the processs of starting the child process did the failure occur (see * CHILD_STATE_* macros for definition), and SAVED_ERRNO is the value of * errno when the failure occurred. @@ -3412,7 +3412,7 @@ format_helper_exit_status(unsigned char child_state, int saved_errno, * Count how many chars of space we have left, and keep a pointer into the * current point in the buffer. */ - left = HEX_ERRNO_SIZE; + left = HEX_ERRNO_SIZE+1; cur = hex_errno; /* Emit child_state */ @@ -3456,8 +3456,8 @@ format_helper_exit_status(unsigned char child_state, int saved_errno, left -= written; cur += written; - /* Check that we have enough space left for a newline */ - if (left <= 0) + /* Check that we have enough space left for a newline and a NUL */ + if (left <= 1) goto err; /* Emit the newline and NUL */ @@ -3712,7 +3712,7 @@ tor_spawn_background(const char *const filename, const char **argv, this is used for printing out the error message */ unsigned char child_state = CHILD_STATE_INIT; - char hex_errno[HEX_ERRNO_SIZE]; + char hex_errno[HEX_ERRNO_SIZE + 2]; /* + 1 should be sufficient actually */ static int max_fd = -1; diff --git a/src/or/channel.c b/src/or/channel.c index 602797d0d..1270eace7 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -743,6 +743,9 @@ channel_init(channel_t *chan) /* Timestamp it */ channel_timestamp_created(chan); + + /* It hasn't been open yet. */ + chan->has_been_open = 0; } /** @@ -1292,11 +1295,11 @@ channel_closed(channel_t *chan) if (chan->state == CHANNEL_STATE_CLOSED || chan->state == CHANNEL_STATE_ERROR) return; - if (chan->reason_for_closing == CHANNEL_CLOSE_FOR_ERROR) { - /* Inform any pending (not attached) circs that they should - * give up. */ + /* Inform any pending (not attached) circs that they should + * give up. */ + if (! chan->has_been_open) circuit_n_chan_done(chan, 0); - } + /* Now close all the attached circuits on it. */ circuit_unlink_all_from_channel(chan, END_CIRC_REASON_CHANNEL_CLOSED); @@ -1936,6 +1939,7 @@ channel_change_state(channel_t *chan, channel_state_t to_state) /* Tell circuits if we opened and stuff */ if (to_state == CHANNEL_STATE_OPEN) { channel_do_open_actions(chan); + chan->has_been_open = 1; /* Check for queued cells to process */ if (! TOR_SIMPLEQ_EMPTY(&chan->incoming_queue)) diff --git a/src/or/channel.h b/src/or/channel.h index 0933ec8d3..2dca81705 100644 --- a/src/or/channel.h +++ b/src/or/channel.h @@ -46,6 +46,9 @@ struct channel_s { /* Should we expect to see this channel in the channel lists? */ unsigned char registered:1; + /** has this channel ever been open? */ + unsigned int has_been_open:1; + /** Why did we close? */ enum { diff --git a/src/or/config.c b/src/or/config.c index 4e08f3c3a..18f1c2950 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -388,6 +388,7 @@ static config_var_t option_vars_[] = { V(SSLKeyLifetime, INTERVAL, "0"), OBSOLETE("StatusFetchPeriod"), V(StrictNodes, BOOL, "0"), + V(Support022HiddenServices, AUTOBOOL, "auto"), OBSOLETE("SysLog"), V(TestSocks, BOOL, "0"), OBSOLETE("TestVia"), diff --git a/src/or/connection_or.c b/src/or/connection_or.c index d5dd4470e..3d16e1453 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1160,6 +1160,16 @@ connection_or_connect(const tor_addr_t *_addr, uint16_t port, /** Mark orconn for close and transition the associated channel, if any, to * the closing state. + * + * It's safe to call this and connection_or_close_for_error() any time, and + * channel layer will treat it as a connection closing for reasons outside + * its control, like the remote end closing it. It can also be a local + * reason that's specific to connection_t/or_connection_t rather than + * the channel mechanism, such as expiration of old connections in + * run_connection_housekeeping(). If you want to close a channel_t + * from somewhere that logically works in terms of generic channels + * rather than connections, use channel_mark_for_close(); see also + * the comment on that function in channel.c. */ void @@ -2051,8 +2061,9 @@ connection_or_send_netinfo(or_connection_t *conn) memset(&cell, 0, sizeof(cell_t)); cell.command = CELL_NETINFO; - /* Timestamp. */ - set_uint32(cell.payload, htonl((uint32_t)now)); + /* Timestamp, if we're a relay. */ + if (public_server_mode(get_options()) || ! conn->is_outgoing) + set_uint32(cell.payload, htonl((uint32_t)now)); /* Their address. */ out = cell.payload + 4; @@ -2286,19 +2297,11 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, if (server) return V3_AUTH_FIXED_PART_LEN; // ptr-out - /* Time: 8 octets. */ - { - uint64_t now = time(NULL); - if ((time_t)now < 0) - return -1; - set_uint32(ptr, htonl((uint32_t)(now>>32))); - set_uint32(ptr+4, htonl((uint32_t)now)); - ptr += 8; - } - - /* Nonce: 16 octets. */ - crypto_rand((char*)ptr, 16); - ptr += 16; + /* 8 octets were reserved for the current time, but we're trying to get out + * of the habit of sending time around willynilly. Fortunately, nothing + * checks it. That's followed by 16 bytes of nonce. */ + crypto_rand((char*)ptr, 24); + ptr += 24; tor_assert(ptr - out == V3_AUTH_BODY_LEN); diff --git a/src/or/directory.c b/src/or/directory.c index b4381ac0d..3752367c4 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -2111,6 +2111,8 @@ connection_dir_client_reached_eof(dir_connection_t *conn) /* Mark remaining ones as failed. */ dir_microdesc_download_failed(which, status_code); } + control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS, + count_loading_descriptors_progress()); SMARTLIST_FOREACH(which, char *, cp, tor_free(cp)); smartlist_free(which); smartlist_free(mds); diff --git a/src/or/or.h b/src/or/or.h index 8c6c1e363..eff5a6d2b 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4099,6 +4099,9 @@ typedef struct { /** How long (seconds) do we keep a guard before picking a new one? */ int GuardLifetime; + + /** Should we send the timestamps that pre-023 hidden services want? */ + int Support022HiddenServices; } or_options_t; /** Persistent state for an onion router, as saved to disk. */ diff --git a/src/or/policies.h b/src/or/policies.h index c0e7a9efc..facbbb6b5 100644 --- a/src/or/policies.h +++ b/src/or/policies.h @@ -12,10 +12,11 @@ #ifndef TOR_POLICIES_H #define TOR_POLICIES_H -/* (length of "accept 255.255.255.255/255.255.255.255:65535-65535\n" plus a - * NUL.) +/* (length of + * "accept6 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]/128:65535-65535\n" + * plus a terminating NUL, rounded up to a nice number.) */ -#define POLICY_BUF_LEN 52 +#define POLICY_BUF_LEN 72 int firewall_is_fascist_or(void); int fascist_firewall_allows_address_or(const tor_addr_t *addr, uint16_t port); diff --git a/src/or/relay.c b/src/or/relay.c index 3138c5e8d..29dc36194 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1103,6 +1103,7 @@ connection_edge_process_relay_cell_not_open( control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS, 0); break; case DIR_PURPOSE_FETCH_SERVERDESC: + case DIR_PURPOSE_FETCH_MICRODESC: control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS, count_loading_descriptors_progress()); break; diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 7115bf208..bb4bd9bfd 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -16,6 +16,7 @@ #include "connection_edge.h" #include "directory.h" #include "main.h" +#include "networkstatus.h" #include "nodelist.h" #include "relay.h" #include "rendclient.h" @@ -127,6 +128,16 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ) return result; } +/** Return true iff we should send timestamps in our INTRODUCE1 cells */ +static int +rend_client_should_send_timestamp(void) +{ + if (get_options()->Support022HiddenServices >= 0) + return get_options()->Support022HiddenServices; + + return networkstatus_get_param(NULL, "Support022HiddenServices", 1, 0, 1); +} + /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell * down introcirc if possible. */ @@ -238,7 +249,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc, REND_DESC_COOKIE_LEN); v3_shift += 2+REND_DESC_COOKIE_LEN; } - set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL))); + if (rend_client_should_send_timestamp()) { + uint32_t now = (uint32_t)time(NULL); + now += 300; + now -= now % 600; + set_uint32(tmp+v3_shift+1, htonl(now)); + } else { + set_uint32(tmp+v3_shift+1, 0); + } v3_shift += 4; } /* if version 2 only write version number */ else if (entry->parsed->protocols & (1<<2)) { diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 00bca17d4..8a4a11e47 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -593,6 +593,7 @@ rend_service_update_descriptor(rend_service_t *service) d = service->desc = tor_malloc_zero(sizeof(rend_service_descriptor_t)); d->pk = crypto_pk_dup_key(service->private_key); d->timestamp = time(NULL); + d->timestamp -= d->timestamp % 3600; /* Round down to nearest hour */ d->intro_nodes = smartlist_new(); /* Support intro protocols 2 and 3. */ d->protocols = (1 << 2) + (1 << 3); diff --git a/src/or/router.c b/src/or/router.c index 6069da8f0..6efd85158 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -236,7 +236,7 @@ get_server_identity_key(void) int server_identity_key_is_set(void) { - return server_identitykey != NULL; + return server_mode(get_options()) && server_identitykey != NULL; } /** Set the current client identity key to <b>k</b>. diff --git a/src/test/test_util.c b/src/test/test_util.c index 6e1ee713d..65d9d2f87 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -2252,6 +2252,7 @@ test_util_exit_status(void *ptr) n = format_helper_exit_status(0xFF, -0x80000000, hex_errno); test_streq("FF/-80000000\n", hex_errno); test_eq(n, strlen(hex_errno)); + test_eq(n, HEX_ERRNO_SIZE); clear_hex_errno(hex_errno); n = format_helper_exit_status(0x7F, 0, hex_errno); |