| Commit message (Expand) | Author | Age |
|---|
| ... | |
| * | | | Merge remote-tracking branch 'public/bug3122_memcmp_022' into bug3122_memcmp_023•••Conflicts in various places, mainly node-related. Resolved them in
favor of HEAD, with copying of tor_mem* operations from bug3122_memcmp_022.
src/common/Makefile.am
src/or/circuitlist.c
src/or/connection_edge.c
src/or/directory.c
src/or/microdesc.c
src/or/networkstatus.c
src/or/router.c
src/or/routerlist.c
src/test/test_util.c
| Nick Mathewson | 2011-05-11 |
| |\| | |
|
| | * | | Re-apply the automated conversion to 0.2.2 to make handle any memcmps that sn... | Nick Mathewson | 2011-05-11 |
| | * | | Merge remote-tracking branch 'public/3122_memcmp_squashed' into bug3122_memcm...•••Conflicts throughout. All resolved in favor of taking HEAD and
adding tor_mem* or fast_mem* ops as appropriate.
src/common/Makefile.am
src/or/circuitbuild.c
src/or/directory.c
src/or/dirserv.c
src/or/dirvote.c
src/or/networkstatus.c
src/or/rendclient.c
src/or/rendservice.c
src/or/router.c
src/or/routerlist.c
src/or/routerparse.c
src/or/test.c
| Nick Mathewson | 2011-05-11 |
| | |\| |
|
| | | * | Hand-conversion and audit phase of memcmp transition•••Here I looked at the results of the automated conversion and cleaned
them up as follows:
If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
changed it to a fast_memcmp or fast_memeq.
Otherwise if there was a tor_memcmp that could turn into a
tor_memneq or tor_memeq, I converted it.
This wants close attention.
[*] I'm erring on the side of caution here, and leaving some things
as tor_memcmp that could in my opinion use the data-dependent
fast_memcmp variant.
| Nick Mathewson | 2011-05-11 |
| | | * | Automated conversion of memcmp to tor_memcmp/tor_mem[n]eq•••This commit is _exactly_ the result of
perl -i -pe 's/\bmemcmp\(/tor_memcmp\(/g' src/*/*.[ch]
perl -i -pe 's/\!\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*==\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*!=\s*tor_memcmp\(/tor_memneq\(/g' src/*/*.[ch]
git checkout src/common/di_ops.[ch]
git checkout src/or/test.c
git checkout src/common/test.h
| Nick Mathewson | 2011-05-11 |
| * | | | Merge remote-tracking branch 'origin/maint-0.2.2'•••Conflicts:
src/or/connection.c
| Nick Mathewson | 2011-05-09 |
| |\| | |
|
| | * | | Remove some dead code, found by clang | Sebastian Hahn | 2011-05-09 |
| * | | | Merge remote-tracking branch 'origin/maint-0.2.2'•••Conflicts:
src/common/address.c
src/common/compat_libevent.c
src/common/memarea.c
src/common/util.h
src/or/buffers.c
src/or/circuitbuild.c
src/or/circuituse.c
src/or/connection.c
src/or/directory.c
src/or/networkstatus.c
src/or/or.h
src/or/routerlist.c
| Nick Mathewson | 2011-04-07 |
| |\| | |
|
| | * | | Clarify some documentation and comments wrt resetting OR token buckets | Nick Mathewson | 2011-03-25 |
| * | | | Merge remote-tracking branch 'origin/maint-0.2.2'•••Trivial Conflicts in
src/common/crypto.c
src/or/main.h
src/or/or.h
| Nick Mathewson | 2011-03-16 |
| |\| | |
|
| | * | | Fix up all doxygen warnings other than "foo is not documented" | Nick Mathewson | 2011-03-16 |
| * | | | Merge remote branch 'origin/maint-0.2.2'•••Resolved trivial one-line conflicts.
Conflicts:
src/or/dirserv.c
src/or/rephist.c
| Nick Mathewson | 2011-03-08 |
| |\| | |
|
| | * | | Merge remote branch 'sebastian/bug1035' into maint-0.2.2 | Nick Mathewson | 2011-03-08 |
| | |\ \ |
|
| | | * | | Remove an incorrect comment in connection_or_check_valid_tls_handshake | Nick Mathewson | 2010-11-22 |
| * | | | | Merge branch 'maint-0.2.2' | Roger Dingledine | 2011-01-15 |
| |\| | | |
|
| | * | | | Sanity-check consensus param values•••We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.
One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.
This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
| Sebastian Hahn | 2011-01-15 |
| * | | | | Use autoconf's FLEXIBLE_ARRAY_MEMBER for unspecified-length arrays•••C99 allows a syntax for structures whose last element is of
unspecified length:
struct s {
int elt1;
...
char last_element[];
};
Recent (last-5-years) autoconf versions provide an
AC_C_FLEXIBLE_ARRAY_MEMBER test that defines FLEXIBLE_ARRAY_MEMBER
to either no tokens (if you have c99 flexible array support) or to 1
(if you don't). At that point you just use offsetof
[STRUCT_OFFSET() for us] to see where last_element begins, and
allocate your structures like:
struct s {
int elt1;
...
char last_element[FLEXIBLE_ARRAY_MEMBER];
};
tor_malloc(STRUCT_OFFSET(struct s, last_element) +
n_elements*sizeof(char));
The advantages are:
1) It's easier to see which structures and elements are of
unspecified length.
2) The compiler and related checking tools can also see which
structures and elements are of unspecified length, in case they
wants to try weird bounds-checking tricks or something.
3) The compiler can warn us if we do something dumb, like try
to stack-allocate a flexible-length structure.
| Nick Mathewson | 2011-01-06 |
| * | | | | Merge remote branch 'origin/maint-0.2.2' | Nick Mathewson | 2011-01-03 |
| |\| | | |
|
| | * | | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts:
src/common/test.h
src/or/test.c
| Nick Mathewson | 2011-01-03 |
| | |\ \ \
| | | |/
| | |/| |
|
| | | * | | Bump copyright statements to 2011 | Nick Mathewson | 2011-01-03 |
| * | | | | Merge branch 'maint-0.2.2' | Roger Dingledine | 2010-12-19 |
| |\| | | |
|
| | * | | | Merge remote branch fix_security_bug_021 into fix_security_bug_022•••Conflicts:
src/common/memarea.c
src/or/or.h
src/or/rendclient.c
| Nick Mathewson | 2010-12-15 |
| | |\| |
| | |/
| |/| |
|
| | | * | Make payloads into uint8_t.•••This will avoid some signed/unsigned assignment-related bugs.
| Nick Mathewson | 2010-12-15 |
| * | | | Do not invoke tls_renegotiated_cb for non-bufferevent connections too early.•••This is not the most beautiful fix for this problem, but it is the simplest.
Bugfix for 2205. Thanks to Sebastian and Mashael for finding the
bug, and boboper/cypherpunks for figuring out why it was happening
and how to fix it, and for writing a few fixes.
| Nick Mathewson | 2010-11-30 |
| * | | | Merge remote branch 'origin/maint-0.2.2'•••Conflicts:
src/or/config.c
src/or/cpuworker.c
| Nick Mathewson | 2010-11-15 |
| |\| | |
|
| | * | | Synx manpage and source wrt option capitalization•••We had a spelling discrepancy between the manpage and the source code
for some option. Resolve these in favor of the manpage, because it
makes more sense (for example, HTTP should be capitalized).
| Sebastian Hahn | 2010-11-10 |
| * | | | Add a testing-only option to use bufferevent_openssl as a filter•••We need filtering bufferevent_openssl so that we can wrap around
IOCP bufferevents on Windows. This patch adds a temporary option to
turn on filtering mode, so that we can test it out on non-IOCP
systems to make sure it hasn't got any surprising bugs.
It also fixes some allocation/teardown errors in using
bufferevent_openssl as a filter.
| Nick Mathewson | 2010-11-09 |
| * | | | Merge remote branch 'origin/maint-0.2.2'•••Conflicts:
src/common/tortls.c
| Nick Mathewson | 2010-10-21 |
| |\| | |
|
| | * | | Rename get_client_identity_key to get_tlsclient_identity_key | Nick Mathewson | 2010-10-21 |
| | * | | Maintain separate server and client identity keys when appropriate.•••Fixes a bug described in ticket #988.
| Robert Ransom | 2010-10-04 |
| * | | | Rename router_get_by_digest()•••We now call the function router_get_by_id_digest() to make clear that
we're talking about the identity digest here, not descriptor digest.
| Sebastian Hahn | 2010-10-14 |
| * | | | Merge branch 'nodes' | Nick Mathewson | 2010-10-13 |
| |\ \ \ |
|
| | * | | | Initial conversion to use node_t throughout our codebase.•••A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t. It should try to present a consistent interface to all
of them. There should be a node_t for a server whenever there is
* A routerinfo_t for it in the routerlist
* A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)
There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.
All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.
A node_t should hold all the *mutable* flags about a node. This
patch moves the is_foo flags from routerinfo_t into node_t. The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.
Some other highlights of this patch are:
* Looking up routerinfo and routerstatus by nickname is now
unified and based on the "look up a node by nickname" function.
This tries to look only at the values from current consensus,
and not get confused by the routerinfo_t->is_named flag, which
could get set for other weird reasons. This changes the
behavior of how authorities (when acting as clients) deal with
nodes that have been listed by nickname.
* I tried not to artificially increase the size of the diff here
by moving functions around. As a result, some functions that
now operate on nodes are now in the wrong file -- they should
get moved to nodelist.c once this refactoring settles down.
This moving should happen as part of a patch that moves
functions AND NOTHING ELSE.
* Some old code is now left around inside #if 0/1 blocks, and
should get removed once I've verified that I don't want it
sitting around to see how we used to do things.
There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the
implementation here, piece by piece.
I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest. Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
| Nick Mathewson | 2010-10-01 |
| | * | | | Try to make most routerinfo_t interfaces const | Nick Mathewson | 2010-10-01 |
| * | | | | Remember to re-install inbuf/outbuf callbacks on ssl bufferevents•••If we don't, we will (among other bad things) never update
lastread/lastwritten, and so flood the network with keepalives.
| Nick Mathewson | 2010-10-12 |
| * | | | | Actually call connection_tls_finish_handshake() with bufferevents•••First start of a fix for bug2001, but my test network still isn't
working: the client and the server send each other VERSIONS cells,
but never notice that they got them.
| Nick Mathewson | 2010-10-12 |
| * | | | | Log OpenSSL errors coming from bufferevent_openssl | Nick Mathewson | 2010-10-11 |
| |/ / / |
|
| * | | | Merge remote branch 'origin/maint-0.2.2' | Nick Mathewson | 2010-09-29 |
| |\| | |
|
| | * | | improve code comments, based on comments from nick | Roger Dingledine | 2010-09-28 |
| | * | | handle ugly edge case in retrying entrynodes•••Specifically, a circ attempt that we'd launched while the network was
down could timeout after we've marked our entrynodes up, marking them
back down again. The fix is to annotate as bad the OR conns that were
around before we did the retry, so if a circuit that's attached to them
times out we don't do anything about it.
| Roger Dingledine | 2010-09-28 |
| * | | | Make the bufferevent code use the renegotiation-reenabling hack | Nick Mathewson | 2010-09-27 |
| * | | | note that libevent does not have an an easy way to reset buckets atm | Nick Mathewson | 2010-09-27 |
| * | | | Convert bufferevents to use rate-limiting.•••This requires the latest Git version of Libevent as of 24 March 2010.
In the future, we'll just say it requires Libevent 2.0.5-alpha or
later.
Since Libevent doesn't yet support hierarchical rate limit groups,
there isn't yet support for tracking relayed-bytes separately when
using the bufferevent system. If a future version does add support
for hierarchical buckets, we can add that back in.
| Nick Mathewson | 2010-09-27 |
| * | | | Get SSL connections and linked connections working with bufferevents.•••Clients are now verified to work and build circuits correctly. There
are still a few warnings given here and there that I need to look into.
| Nick Mathewson | 2010-09-27 |
| * | | | Fix more remaining users of inbuf/outbuf to handle bufferevents instead. | Nick Mathewson | 2010-09-27 |
| * | | | Move the "stop writing when the buffer is empty" logic to cnnection_finished_... | Nick Mathewson | 2010-09-27 |
| * | | | Refactor users of buf_datalen to bufferevent-friendly version. | Nick Mathewson | 2010-09-27 |
| |/ / |
|
| * | | A start at a patch for bug 1943 (alignment issues) | Roger Dingledine | 2010-09-20 |
| * | | perconnbwrate and perconnbwburst consensus params | Roger Dingledine | 2010-09-16 |
| * | | Merge branch 'bug1184' | Nick Mathewson | 2010-09-15 |
| |\ \ |
|