Merge remote-tracking branch 'origin/maint-0.2.5' into release-0.2.5
This commit is contained in:
commit
8e7ee0e2c0
|
@ -0,0 +1,4 @@
|
|||
o Bugfixes
|
||||
- Correctly update the local mark on the controlling channel when changing
|
||||
the address of an or_connection_t after the handshake. Fixes bug #12160;
|
||||
bugfix on 0.2.4.4-alpha.
|
|
@ -0,0 +1,4 @@
|
|||
o Minor features:
|
||||
- Warn about attempts to run hidden services and relays in the
|
||||
same process: that's probably not a good idea. Closes ticket
|
||||
12908.
|
|
@ -0,0 +1,4 @@
|
|||
o Minor bugfixes (conformance):
|
||||
- In routerlist_assert_ok(), don't take the address of a routerinfo's
|
||||
cache_info member unless that routerinfo is non-NULL. Fixes bug
|
||||
13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
|
|
@ -0,0 +1,8 @@
|
|||
o Minor bugfixes:
|
||||
- Reduce the log severity of the "Pluggable transport proxy does
|
||||
not provide any needed transports and will not be launched."
|
||||
message, since Tor Browser includes several ClientTransportPlugin
|
||||
lines in its torrc-defaults file, leading every Tor Browser user
|
||||
who looks at her logs to see these notices and wonder if they're
|
||||
dangerous. Resolves bug 13124; bugfix on 0.2.5.3-alpha.
|
||||
|
|
@ -3759,6 +3759,23 @@ channel_mark_local(channel_t *chan)
|
|||
chan->is_local = 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Mark a channel as remote
|
||||
*
|
||||
* This internal-only function should be called by the lower layer if the
|
||||
* channel is not to a local address but has previously been marked local.
|
||||
* See channel_is_local() above or the description of the is_local bit in
|
||||
* channel.h
|
||||
*/
|
||||
|
||||
void
|
||||
channel_mark_remote(channel_t *chan)
|
||||
{
|
||||
tor_assert(chan);
|
||||
|
||||
chan->is_local = 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Test outgoing flag
|
||||
*
|
||||
|
|
|
@ -349,6 +349,7 @@ void channel_clear_remote_end(channel_t *chan);
|
|||
void channel_mark_local(channel_t *chan);
|
||||
void channel_mark_incoming(channel_t *chan);
|
||||
void channel_mark_outgoing(channel_t *chan);
|
||||
void channel_mark_remote(channel_t *chan);
|
||||
void channel_set_identity_digest(channel_t *chan,
|
||||
const char *identity_digest);
|
||||
void channel_set_remote_end(channel_t *chan,
|
||||
|
|
|
@ -156,7 +156,18 @@ channel_tls_connect(const tor_addr_t *addr, uint16_t port,
|
|||
tlschan,
|
||||
U64_PRINTF_ARG(chan->global_identifier));
|
||||
|
||||
if (is_local_addr(addr)) channel_mark_local(chan);
|
||||
if (is_local_addr(addr)) {
|
||||
log_debug(LD_CHANNEL,
|
||||
"Marking new outgoing channel " U64_FORMAT " at %p as local",
|
||||
U64_PRINTF_ARG(chan->global_identifier), chan);
|
||||
channel_mark_local(chan);
|
||||
} else {
|
||||
log_debug(LD_CHANNEL,
|
||||
"Marking new outgoing channel " U64_FORMAT " at %p as remote",
|
||||
U64_PRINTF_ARG(chan->global_identifier), chan);
|
||||
channel_mark_remote(chan);
|
||||
}
|
||||
|
||||
channel_mark_outgoing(chan);
|
||||
|
||||
/* Set up or_connection stuff */
|
||||
|
@ -286,7 +297,18 @@ channel_tls_handle_incoming(or_connection_t *orconn)
|
|||
tlschan->conn = orconn;
|
||||
orconn->chan = tlschan;
|
||||
|
||||
if (is_local_addr(&(TO_CONN(orconn)->addr))) channel_mark_local(chan);
|
||||
if (is_local_addr(&(TO_CONN(orconn)->addr))) {
|
||||
log_debug(LD_CHANNEL,
|
||||
"Marking new incoming channel " U64_FORMAT " at %p as local",
|
||||
U64_PRINTF_ARG(chan->global_identifier), chan);
|
||||
channel_mark_local(chan);
|
||||
} else {
|
||||
log_debug(LD_CHANNEL,
|
||||
"Marking new incoming channel " U64_FORMAT " at %p as remote",
|
||||
U64_PRINTF_ARG(chan->global_identifier), chan);
|
||||
channel_mark_remote(chan);
|
||||
}
|
||||
|
||||
channel_mark_incoming(chan);
|
||||
|
||||
/* Register it */
|
||||
|
@ -1208,6 +1230,44 @@ channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Update channel marks after connection_or.c has changed an address
|
||||
*
|
||||
* This is called from connection_or_init_conn_from_address() after the
|
||||
* connection's _base.addr or real_addr fields have potentially been changed
|
||||
* so we can recalculate the local mark. Notably, this happens when incoming
|
||||
* connections are reverse-proxied and we only learn the real address of the
|
||||
* remote router by looking it up in the consensus after we finish the
|
||||
* handshake and know an authenticated identity digest.
|
||||
*/
|
||||
|
||||
void
|
||||
channel_tls_update_marks(or_connection_t *conn)
|
||||
{
|
||||
channel_t *chan = NULL;
|
||||
|
||||
tor_assert(conn);
|
||||
tor_assert(conn->chan);
|
||||
|
||||
chan = TLS_CHAN_TO_BASE(conn->chan);
|
||||
|
||||
if (is_local_addr(&(TO_CONN(conn)->addr))) {
|
||||
if (!channel_is_local(chan)) {
|
||||
log_debug(LD_CHANNEL,
|
||||
"Marking channel " U64_FORMAT " at %p as local",
|
||||
U64_PRINTF_ARG(chan->global_identifier), chan);
|
||||
channel_mark_local(chan);
|
||||
}
|
||||
} else {
|
||||
if (channel_is_local(chan)) {
|
||||
log_debug(LD_CHANNEL,
|
||||
"Marking channel " U64_FORMAT " at %p as remote",
|
||||
U64_PRINTF_ARG(chan->global_identifier), chan);
|
||||
channel_mark_remote(chan);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if this cell type is allowed before the handshake is finished
|
||||
*
|
||||
|
|
|
@ -49,6 +49,7 @@ void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan,
|
|||
uint8_t state);
|
||||
void channel_tls_handle_var_cell(var_cell_t *var_cell,
|
||||
or_connection_t *conn);
|
||||
void channel_tls_update_marks(or_connection_t *conn);
|
||||
|
||||
/* Cleanup at shutdown */
|
||||
void channel_tls_free_all(void);
|
||||
|
|
|
@ -2564,6 +2564,13 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||
REJECT("Can't use a relative path to torrc when RunAsDaemon is set.");
|
||||
#endif
|
||||
|
||||
if (server_mode(options) && options->RendConfigLines)
|
||||
log_warn(LD_CONFIG,
|
||||
"Tor is currently configured as a relay and a hidden service. "
|
||||
"That's not very secure: you should probably run your hidden service "
|
||||
"in a separate Tor process, at least -- see "
|
||||
"https://trac.torproject.org/8742");
|
||||
|
||||
/* XXXX require that the only port not be DirPort? */
|
||||
/* XXXX require that at least one port be listened-upon. */
|
||||
if (n_ports == 0 && !options->RendConfigLines)
|
||||
|
@ -4820,8 +4827,8 @@ parse_client_transport_line(const or_options_t *options,
|
|||
|
||||
if (is_managed) { /* managed */
|
||||
if (!validate_only && is_useless_proxy) {
|
||||
log_notice(LD_GENERAL, "Pluggable transport proxy (%s) does not provide "
|
||||
"any needed transports and will not be launched.", line);
|
||||
log_info(LD_GENERAL, "Pluggable transport proxy (%s) does not provide "
|
||||
"any needed transports and will not be launched.", line);
|
||||
}
|
||||
|
||||
/* If we are not just validating, use the rest of the line as the
|
||||
|
|
|
@ -923,6 +923,15 @@ connection_or_init_conn_from_address(or_connection_t *conn,
|
|||
tor_free(conn->base_.address);
|
||||
conn->base_.address = tor_dup_addr(addr);
|
||||
}
|
||||
|
||||
/*
|
||||
* We have to tell channeltls.c to update the channel marks (local, in
|
||||
* particular), since we may have changed the address.
|
||||
*/
|
||||
|
||||
if (conn->chan) {
|
||||
channel_tls_update_marks(conn);
|
||||
}
|
||||
}
|
||||
|
||||
/** These just pass all the is_bad_for_new_circs manipulation on to
|
||||
|
|
|
@ -4938,7 +4938,7 @@ routerlist_assert_ok(const routerlist_t *rl)
|
|||
} SMARTLIST_FOREACH_END(r);
|
||||
SMARTLIST_FOREACH_BEGIN(rl->old_routers, signed_descriptor_t *, sd) {
|
||||
r2 = rimap_get(rl->identity_map, sd->identity_digest);
|
||||
tor_assert(sd != &(r2->cache_info));
|
||||
tor_assert(!r2 || sd != &(r2->cache_info));
|
||||
sd2 = sdmap_get(rl->desc_digest_map, sd->signed_descriptor_digest);
|
||||
tor_assert(sd == sd2);
|
||||
tor_assert(sd->routerlist_index == sd_sl_idx);
|
||||
|
|
Loading…
Reference in New Issue