| Commit message (Expand) | Author | Age |
|---|
| * | Merge remote branch 'hoganrobert/bug1859' into maint-0.2.2 | Nick Mathewson | 2010-10-21 |
| |\ |
|
| | * | Issues with router_get_by_nickname()•••https://trac.torproject.org/projects/tor/ticket/1859
There are two problems in this bug:
1. When an OP makes a .exit request specifying itself as the exit, and the exit
is not yet listed, Tor gets all the routerinfos needed for the circuit but
discovers in circuit_is_acceptable() that its own routerinfo is not in the
routerdigest list and cannot be used. Tor then gets locked in a cycle of
repeating these two steps. When gathering the routerinfos for a circuit,
specifically when the exit has been chosen by .exit notation, Tor needs to
apply the same rules it uses later on when deciding if it can build a
circuit with those routerinfos.
2. A different bug arises in the above situation when the Tor instance's
routerinfo *is* listed in the routerlist, it shares its nickname with a
number of other Tor nodes, and it does not have 'Named' rights to its
nickname.
So for example, if (i) there are five nodes named Bob in the network, (ii) I
am running one of them but am flagged as 'Unnamed' because someone else
claimed the 'Bob' nickname first, and (iii) I run my Tor as both client
and exit the following can happen to me:
- I go to www.evil.com
- I click on a link www.evil.com.bob.exit
- My request will exit through my own Tor node rather than the 'Named'
node Bob or any of the others.
- www.evil.com now knows I am actually browsing from the same computer
that is running my 'Bob' node
So to solve both issues we need to ensure:
- When fulfilling a .exit request we only choose a routerinfo if it exists in
the routerlist, even when that routerinfo is ours.
- When getting a router by nickname we only return our own router information
if it is not going to be used for building a circuit.
We ensure this by removing the special treatment afforded our own router in
router_get_by_nickname(). This means the function will only return the
routerinfo of our own router if it is in the routerlist built from authority
info and has a unique nickname or is bound to a non-unique nickname.
There are some uses of router_get_by_nickname() where we are looking for the
router by name because of a configuration directive, specifically local
declaration of NodeFamilies and EntryNodes and other routers' declaration of
MyFamily. In these cases it is not at first clear if we need to continue
returning our own routerinfo even if our router is not listed and/or has a
non-unique nickname with the Unnamed flag.
The patch treats each of these cases as follows:
Other Routers' Declaration of MyFamily
This happens in routerlist_add_family(). If another router declares our router
in its family and our router has the Unnamed flag or is not in the routerlist
yet, should we take advantage of the fact that we know our own routerinfo to
add us in anyway? This patch says 'no, treat our own router just like any
other'. This is a safe choice because it ensures our client has the same view
of the network as other clients. We also have no good way of knowing if our
router is Named or not independently of the authorities, so we have to rely on
them in this.
Local declaration of NodeFamilies
Again, we have no way of knowing if the declaration 'NodeFamilies
Bob,Alice,Ringo' refers to our router Bob or the Named router Bob, so we have
to defer to the authorities and treat our own router like any other.
Local declaration of NodeFamilies
Again, same as above. There's also no good reason we would want our client to
choose it's own router as an entry guard if it does not meet the requirements
expected of any other router on the network.
In order to reduce the possibility of error, the patch also replaces two
instances where we were using router_get_by_nickname() with calls to
router_get_by_hexdigest() where the identity digest of the router
is available.
| Robert Hogan | 2010-10-13 |
| * | | Note an XXX about potential overflow | Sebastian Hahn | 2010-09-30 |
| * | | Use an upper and lower bound for bridge weights•••When picking bridges (or other nodes without a consensus entry (and
thus no bandwidth weights)) we shouldn't just trust the node's
descriptor. So far we believed anything between 0 and 10MB/s, where 0
would mean that a node doesn't get any use from use unless it is our
only one, and 10MB/s would be a quite siginficant weight. To make this
situation better, we now believe weights in the range from 20kB/s to
100kB/s. This should allow new bridges to get use more quickly, and
means that it will be harder for bridges to see almost all our traffic.
| Sebastian Hahn | 2010-09-30 |
| * | | Actually notice when our last entrynode goes down•••Otherwise we'd never set have_minimum_dir_info to false, so the
"optimistic retry" would never trigger.
| Roger Dingledine | 2010-09-28 |
| * | | Merge branch 'bug1805' into maint-0.2.2 | Nick Mathewson | 2010-09-27 |
| |\ \
| |/
|/| |
|
| | * | Clean up some bug1805 comments based on arma's feedback | Nick Mathewson | 2010-09-27 |
| | * | Kill warn when picking bridges without bw weight•••Bridges and other relays not included in the consensus don't
necessarily have a non-zero bandwidth capacity. If all our
configured bridges had a zero bw capacity we would warn the
user. Change that.
| Sebastian Hahn | 2010-09-06 |
| * | | Rename has_completed_circuit to can_complete_circuit•••Also redocument it. Related to #1362.
| Nick Mathewson | 2010-09-22 |
| * | | Merge remote branch 'arma/bug1362' | Nick Mathewson | 2010-09-22 |
| |\ \ |
|
| | * | | log when we finish a circuit after being offline | Roger Dingledine | 2010-09-21 |
| * | | | Changes to bug1959_part1 on review from arma.•••Significant one: we want to say "not enough entry nodes descriptors, so we
can't build circuits" only when we have 0 descriptors.
| Nick Mathewson | 2010-09-22 |
| * | | | Make our min-info check also check for entry node presence•••Part of a fix for bug1959
| Nick Mathewson | 2010-09-21 |
| |/ / |
|
| * | | Add a simple integer-ceiling-division macro before we get it wrong | Nick Mathewson | 2010-09-14 |
| * | | Merge branch 'bug1899' | Nick Mathewson | 2010-09-14 |
| |\ \ |
|
| | * | | Extract the "do these routers have the same addr:orport" logic into a fn | Nick Mathewson | 2010-09-14 |
| * | | | Merge branch 'bug911' | Nick Mathewson | 2010-09-14 |
| |\| | |
|
| | * | | Move code for launching tests out of router_add_to_routerlist()•••router_add_to_routerlist() is supposed to be a nice minimal function
that only touches the routerlist structures, but it included a call to
dirserv_single_reachability_test().
We have a function that gets called _after_ adding descriptors
successfully: routerlist_descriptors_added. This patch moves the
responsibility for testing there.
Because the decision of whether to test or not depends on whether
there was an old routerinfo for this router or not, we have to first
detect whether we _will_ want to run the tests if the router is added.
We make this the job of
routers_update_status_from_consensus_networkstatus().
Finally, this patch makes the code notice if a router is going from
hibernating to non-hibernating, and if so causes a reachability test
to get launched.
| Nick Mathewson | 2010-08-18 |
| * | | | Merge remote branch 'sebastian/bug1776_v3' | Nick Mathewson | 2010-09-14 |
| |\ \ \ |
|
| | * | | | Allow clients to use relays as bridges | Sebastian Hahn | 2010-08-20 |
| | | |/
| |/| |
|
| * / | | Complicate the rules on WARN vs INFO in consensus verification•••It's normal when bootstrapping to have a lot of different certs
missing, so we don't want missing certs to make us warn... unless
the certs we're missing are ones that we've tried to fetch a couple
of times and failed at.
May fix bug 1145.
| Nick Mathewson | 2010-09-02 |
| |/ / |
|
| * / | Allow using regular relays as bridges | Sebastian Hahn | 2010-07-31 |
| |/ |
|
| * | Move the header for bandwidth_weight_rule_to_string into reasons.h | Sebastian Hahn | 2010-07-27 |
| * | Create routerparse.h | Sebastian Hahn | 2010-07-27 |
| * | Create rephist.h | Sebastian Hahn | 2010-07-27 |
| * | Create policies.h | Sebastian Hahn | 2010-07-27 |
| * | Create networkstatus.h | Sebastian Hahn | 2010-07-27 |
| * | Create main.h | Sebastian Hahn | 2010-07-27 |
| * | Create hibernate.h | Sebastian Hahn | 2010-07-27 |
| * | Create dirvote.h | Sebastian Hahn | 2010-07-27 |
| * | Create dirserv.h | Sebastian Hahn | 2010-07-27 |
| * | Create directory.h | Sebastian Hahn | 2010-07-27 |
| * | Create control.h | Sebastian Hahn | 2010-07-27 |
| * | Create connection.h | Sebastian Hahn | 2010-07-27 |
| * | Create config.h | Sebastian Hahn | 2010-07-27 |
| * | Create circuitbuild.h | Sebastian Hahn | 2010-07-27 |
| * | Create rendservice.h | Sebastian Hahn | 2010-07-27 |
| * | Create rendcommon.h | Sebastian Hahn | 2010-07-27 |
| * | Create routerlist.h | Sebastian Hahn | 2010-07-27 |
| * | Create router.h | Sebastian Hahn | 2010-07-27 |
| * | Create geoip.h | Sebastian Hahn | 2010-07-27 |
| * | Make directory mirrors report non-zero dirreq-v[23]-shares again. | Karsten Loesing | 2010-07-05 |
| * | immediate reachability check for new relays | Roger Dingledine | 2010-04-21 |
| * | more logging when tracking missing descriptors | Roger Dingledine | 2010-04-20 |
| * | fetch descriptors from the authority that told us about them | Roger Dingledine | 2010-04-20 |
| * | fetch unknown descriptors if we see them in a vote | Roger Dingledine | 2010-04-20 |
| * | minor cleanups | Roger Dingledine | 2010-04-20 |
| * | fix "Got a certificate for ?? that we already have"•••what's happening here is that we're fetching certs for obsolete
authorities -- probably legacy signers in this case. but try to
remain general in the log message.
| Roger Dingledine | 2010-04-19 |
| * | parameterize update_consensus_router_descriptor_downloads | Roger Dingledine | 2010-04-19 |
| * | Log bandwidth_weight_rule_t as a string, not an integer.•••I'm adding this because I can never remember what stuff like 'rule 3'
means. That's the one where if somebody goes limp or taps out, the
fight is over, right?
| Nick Mathewson | 2010-04-12 |