Merge branch 'maint-0.2.2' into release-0.2.2
This commit is contained in:
commit
d009160c73
|
@ -0,0 +1,6 @@
|
|||
o Major bugfixes:
|
||||
- Stop sending a CLOCK_SKEW controller status event whenever
|
||||
we fetch directory information from a relay that has a wrong clock.
|
||||
Instead, only inform the controller when it's a trusted authority
|
||||
that claims our clock is wrong. Bugfix on tor-0.1.2.6-alpha;
|
||||
fixes the other half of bug 1074.
|
|
@ -0,0 +1,4 @@
|
|||
o Minor features
|
||||
- Log less aggressively about circuit timeout changes, and improve some
|
||||
other circuit timeout messages. Resolves bug 2004.
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
o Minor features
|
||||
- Log a little more clearly about the times at which we're no longer
|
||||
accepting new connections. Resolves bug 2181.
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
o Minor bugfixes:
|
||||
- Clients should not weight BadExit nodes as Exits in their node
|
||||
selection. Similarly, directory authorities should not count
|
||||
BadExit bandwidth as Exit bandwidth when computing bandwidth-weights.
|
||||
Bugfix on 0.2.2.10-alpha; fixes bug 2203.
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
o Minor bugfixes
|
||||
- Avoid a double mark-for-free warning when failing to attach a
|
||||
transparent proxy connection. Fixes bug 2279. Bugfix on
|
||||
Tor 0.1.2.1 alpha.
|
||||
|
||||
o Minor features
|
||||
- Detect attempts at the client side to open connections to private
|
||||
IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with a randomly
|
||||
chosen exit node. Attempts to do so are always ill-defined, generally
|
||||
prevented by exit policies, and usually in error. This will also
|
||||
help to detect loops in transparent proxy configurations. You can
|
||||
disable this feature by setting "ClientRejectInternalAddresses 0"
|
||||
in your torrc.
|
||||
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
o Minor features
|
||||
- Enable Address Space Layout Randomization (ASLR) and Data Execution
|
||||
Prevention (DEP) by default on Windows to make it harder for
|
||||
attackers to exploit vulnerabilities. Patch from John Brooks.
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
o Minor bugfixes
|
||||
- Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378;
|
||||
found by "cypherpunks". This bug was introduced before the
|
||||
first Tor release, in svn commit r110.
|
||||
|
||||
o Minor code simplifications and refactorings
|
||||
- Always treat failure to allocate an RSA key as an unrecoverable
|
||||
allocation error.
|
|
@ -0,0 +1,6 @@
|
|||
o Major bugfixes
|
||||
- Ignore and warn about "PublishServerDescriptor hidserv" torrc
|
||||
options. The 'hidserv' argument never controlled publication
|
||||
of hidden service descriptors. Bugfix on 0.2.0.1-alpha.
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
o Minor bugfixes
|
||||
- Resolve a bug in verifying signatures of directory objects
|
||||
with digests longer than SHA1. Bugfix on 0.2.2.20-alpha;
|
||||
fixes bug 2409; found by "piebeer".
|
|
@ -0,0 +1,5 @@
|
|||
o Minor bugfixes:
|
||||
- Country codes aren't supported in EntryNodes until 0.2.3.x.
|
||||
Don't mention them in the manpage. Fixes bug 2450, issue
|
||||
spotted by keb and G-Lo.
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
o Major bugfixes:
|
||||
- If relays set RelayBandwidthBurst but not RelayBandwidthRate,
|
||||
Tor would ignore their RelayBandwidthBurst setting,
|
||||
potentially using more bandwidth than expected. Bugfix on
|
||||
0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update to the February 1 2011 Maxmind GeoLite Country database.
|
||||
|
14
configure.in
14
configure.in
|
@ -848,6 +848,20 @@ AC_SUBST(BINDIR)
|
|||
LOCALSTATEDIR=`eval echo $localstatedir`
|
||||
AC_SUBST(LOCALSTATEDIR)
|
||||
|
||||
if test "$bwin32" = true; then
|
||||
# Test if the linker supports the --nxcompat and --dynamicbase options
|
||||
# for Windows
|
||||
save_LDFLAGS="$LDFLAGS"
|
||||
LDFLAGS="-Wl,--nxcompat -Wl,--dynamicbase"
|
||||
AC_MSG_CHECKING([whether the linker supports DllCharacteristics])
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
|
||||
[AC_MSG_RESULT([yes])]
|
||||
[save_LDFLAGS="$save_LDFLAGS $LDFLAGS"],
|
||||
[AC_MSG_RESULT([no])]
|
||||
)
|
||||
LDFLAGS="$save_LDFLAGS"
|
||||
fi
|
||||
|
||||
# Set CFLAGS _after_ all the above checks, since our warnings are stricter
|
||||
# than autoconf's macros like.
|
||||
if test "$GCC" = yes; then
|
||||
|
|
|
@ -32,7 +32,7 @@ Tor Exit Router</p>
|
|||
Most likely you are accessing this website because you had some issue with
|
||||
the traffic coming from this IP. This router is part of the <a
|
||||
href="https://www.torproject.org/">Tor Anonymity Network</a>, which is
|
||||
dedicated to <a href="https://www.torproject.org/overview.html">providing
|
||||
dedicated to <a href="https://www.torproject.org/about/overview">providing
|
||||
privacy</a> to people who need it most: average computer users. This
|
||||
router IP should be generating no other traffic, unless it has been
|
||||
compromised.</p>
|
||||
|
@ -42,19 +42,19 @@ compromised.</p>
|
|||
and serve it locally -->
|
||||
|
||||
<p style="text-align:center">
|
||||
<a href="https://www.torproject.org/overview.html">
|
||||
<a href="https://www.torproject.org/about/overview">
|
||||
<img src="https://www.torproject.org/images/how_tor_works_thumb.png" alt="How Tor works" style="border-style:none"/>
|
||||
</a></p>
|
||||
|
||||
<p>
|
||||
Tor sees use by <a href="https://www.torproject.org/torusers.html">many
|
||||
Tor sees use by <a href="https://www.torproject.org/about/torusers">many
|
||||
important segments of the population</a>, including whistle blowers,
|
||||
journalists, Chinese dissidents skirting the Great Firewall and oppressive
|
||||
censorship, abuse victims, stalker targets, the US military, and law
|
||||
enforcement, just to name a few. While Tor is not designed for malicious
|
||||
computer users, it is true that they can use the network for malicious ends.
|
||||
In reality however, the actual amount of <a
|
||||
href="https://www.torproject.org/faq-abuse.html">abuse</a> is quite low. This
|
||||
href="https://www.torproject.org/docs/faq-abuse">abuse</a> is quite low. This
|
||||
is largely because criminals and hackers have significantly better access to
|
||||
privacy and anonymity than do the regular users whom they prey upon. Criminals
|
||||
can and do <a
|
||||
|
@ -108,15 +108,15 @@ equipment, in accordance with <a
|
|||
href="http://www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00000512----000-.html">DMCA
|
||||
"safe harbor" provisions</a>. In other words, you will have just as much luck
|
||||
sending a takedown notice to the Internet backbone providers. Please consult
|
||||
<a href="https://www.torproject.org/eff/tor-dmca-response.html">EFF's prepared
|
||||
<a href="https://www.torproject.org/eff/tor-dmca-response">EFF's prepared
|
||||
response</a> for more information on this matter.</p>
|
||||
|
||||
<p>For more information, please consult the following documentation:</p>
|
||||
|
||||
<ol>
|
||||
<li><a href="https://www.torproject.org/overview.html">Tor Overview</a></li>
|
||||
<li><a href="https://www.torproject.org/faq-abuse.html">Tor Abuse FAQ</a></li>
|
||||
<li><a href="https://www.torproject.org/eff/tor-legal-faq.html">Tor Legal FAQ</a></li>
|
||||
<li><a href="https://www.torproject.org/about/overview">Tor Overview</a></li>
|
||||
<li><a href="https://www.torproject.org/docs/faq-abuse">Tor Abuse FAQ</a></li>
|
||||
<li><a href="https://www.torproject.org/eff/tor-legal-faq">Tor Legal FAQ</a></li>
|
||||
</ol>
|
||||
|
||||
<p>
|
||||
|
@ -134,7 +134,7 @@ the Tor network if you so desire. The Tor project provides a <a
|
|||
href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">web service</a>
|
||||
to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a
|
||||
specified IP:port combination, and an official <a
|
||||
href="https://www.torproject.org/tordnsel/">DNSRBL</a> is also available to
|
||||
href="https://www.torproject.org/tordnsel/dist/">DNSRBL</a> is also available to
|
||||
determine if a given IP address is actually a Tor exit server. Please
|
||||
be considerate
|
||||
when using these options. It would be unfortunate to deny all Tor users access
|
||||
|
|
|
@ -1070,7 +1070,8 @@
|
|||
Reason = "MISC" / "RESOLVEFAILED" / "CONNECTREFUSED" /
|
||||
"EXITPOLICY" / "DESTROY" / "DONE" / "TIMEOUT" /
|
||||
"NOROUTE" / "HIBERNATING" / "INTERNAL"/ "RESOURCELIMIT" /
|
||||
"CONNRESET" / "TORPROTOCOL" / "NOTDIRECTORY" / "END"
|
||||
"CONNRESET" / "TORPROTOCOL" / "NOTDIRECTORY" / "END" /
|
||||
"PRIVATE_ADDR"
|
||||
|
||||
The "REASON" field is provided only for FAILED, CLOSED, and DETACHED
|
||||
events, and only if extended events are enabled (see 3.19). Clients MUST
|
||||
|
@ -1079,7 +1080,10 @@
|
|||
|
||||
END (We received a RELAY_END cell from the other side of this
|
||||
stream.)
|
||||
PRIVATE_ADDR (The client tried to connect to a private address like
|
||||
127.0.0.1 or 10.0.0.1 over Tor.)
|
||||
[XXXX document more. -NM]
|
||||
|
||||
|
||||
The "REMOTE_REASON" field is provided only when we receive a RELAY_END
|
||||
cell, and only if extended events are enabled. It contains the actual
|
||||
|
|
|
@ -1618,6 +1618,11 @@
|
|||
* If consensus-method 7 or later is in use, the params line is
|
||||
included in the output.
|
||||
|
||||
* If the consensus method is under 11, bad exits are considered as
|
||||
possible exits when computing bandwidth weights. Otherwise, if
|
||||
method 11 or later is in use, any router that is determined to get
|
||||
the BadExit flag doesn't count when we're calculating weights.
|
||||
|
||||
The signatures at the end of a consensus document are sorted in
|
||||
ascending order by identity digest.
|
||||
|
||||
|
|
|
@ -471,7 +471,7 @@ The following options are useful only for clients (that is, if
|
|||
list.
|
||||
|
||||
**EntryNodes** __node__,__node__,__...__::
|
||||
A list of identity fingerprints, nicknames, country codes and address
|
||||
A list of identity fingerprints, nicknames and address
|
||||
patterns of nodes to use for the first hop in normal circuits. These are
|
||||
treated only as preferences unless StrictNodes (see below) is also set.
|
||||
|
||||
|
@ -654,8 +654,9 @@ The following options are useful only for clients (that is, if
|
|||
can leak your location to attackers. (Default: 1)
|
||||
|
||||
**VirtualAddrNetwork** __Address__/__bits__::
|
||||
When a controller asks for a virtual (unused) address with the MAPADDRESS
|
||||
command, Tor picks an unassigned address from this range. (Default:
|
||||
When Tor needs to assign a virtual (unused) address because of a MAPADDRESS
|
||||
command from the controller or the AutomapHostsOnResolve feature, Tor
|
||||
picks an unassigned address from this range. (Default:
|
||||
127.192.0.0/10) +
|
||||
+
|
||||
When providing proxy server service to a network of computers using a tool
|
||||
|
@ -731,6 +732,12 @@ The following options are useful only for clients (that is, if
|
|||
192.168.0.1). This option prevents certain browser-based attacks; don't
|
||||
turn it off unless you know what you're doing. (Default: 1).
|
||||
|
||||
**ClientRejectInternalAddresses** **0**|**1**::
|
||||
If true, Tor does not try to fulfill requests to connect to an internal
|
||||
address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is
|
||||
specifically requested__ (for example, via a .exit hostname, or a
|
||||
controller request). (Default: 1).
|
||||
|
||||
**DownloadExtraInfo** **0**|**1**::
|
||||
If true, Tor downloads and caches "extra-info" documents. These documents
|
||||
contain information about servers other than the information in their
|
||||
|
@ -875,9 +882,9 @@ is non-zero):
|
|||
specified in ORPort. (Default: 0.0.0.0) This directive can be specified
|
||||
multiple times to bind to multiple addresses/ports.
|
||||
|
||||
**PublishServerDescriptor** **0**|**1**|**v1**|**v2**|**v3**|**bridge**|**hidserv**,**...**::
|
||||
**PublishServerDescriptor** **0**|**1**|**v1**|**v2**|**v3**|**bridge**,**...**::
|
||||
This option specifies which descriptors Tor will publish when acting as
|
||||
a relay or hidden service. You can
|
||||
a relay. You can
|
||||
choose multiple arguments, separated by commas.
|
||||
+
|
||||
If this option is set to 0, Tor will not publish its
|
||||
|
@ -885,7 +892,7 @@ is non-zero):
|
|||
out your server, or if you're using a Tor controller that handles directory
|
||||
publishing for you.) Otherwise, Tor will publish its descriptors of all
|
||||
type(s) specified. The default is "1",
|
||||
which means "if running as a server or a hidden service, publish the
|
||||
which means "if running as a server, publish the
|
||||
appropriate descriptors to the authorities".
|
||||
|
||||
**ShutdownWaitLength** __NUM__::
|
||||
|
@ -900,7 +907,9 @@ is non-zero):
|
|||
period, or receive more than that number in the period. For example, with
|
||||
AccountingMax set to 1 GB, a server could send 900 MB and receive 800 MB
|
||||
and continue running. It will only hibernate once one of the two reaches 1
|
||||
GB. When the number of bytes is exhausted, Tor will hibernate until some
|
||||
GB. When the number of bytes gets low, Tor will stop accepting new
|
||||
connections and circuits. When the number of bytes
|
||||
is exhausted, Tor will hibernate until some
|
||||
time in the next accounting period. To prevent all servers from waking at
|
||||
the same time, Tor will also wait until a random point in each period
|
||||
before waking up. If you have bandwidth cost issues, enabling hibernation
|
||||
|
@ -1060,7 +1069,8 @@ if DirPort is non-zero):
|
|||
|
||||
**HSAuthoritativeDir** **0**|**1**::
|
||||
When this option is set in addition to **AuthoritativeDirectory**, Tor also
|
||||
accepts and serves hidden service descriptors. (Default: 0)
|
||||
accepts and serves v0 hidden service descriptors,
|
||||
which are produced and used by Tor 0.2.1.x and older. (Default: 0)
|
||||
|
||||
**HidServDirectoryV2** **0**|**1**::
|
||||
When this option is set, Tor accepts and serves v2 hidden service
|
||||
|
@ -1267,6 +1277,7 @@ The following options are used for running a testing Tor network.
|
|||
AuthDirMaxServersPerAddr 0
|
||||
AuthDirMaxServersPerAuthAddr 0
|
||||
ClientDNSRejectInternalAddresses 0
|
||||
ClientRejectInternalAddresses 0
|
||||
ExitPolicyRejectPrivate 0
|
||||
V3AuthVotingInterval 5 minutes
|
||||
V3AuthVoteDelay 20 seconds
|
||||
|
|
|
@ -676,7 +676,10 @@ struct tor_lockfile_t {
|
|||
*
|
||||
* (Implementation note: because we need to fall back to fcntl on some
|
||||
* platforms, these locks are per-process, not per-thread. If you want
|
||||
* to do in-process locking, use tor_mutex_t like a normal person.)
|
||||
* to do in-process locking, use tor_mutex_t like a normal person.
|
||||
* On Windows, when <b>blocking</b> is true, the maximum time that
|
||||
* is actually waited is 10 seconds, after which NULL is returned
|
||||
* and <b>locked_out</b> is set to 1.)
|
||||
*/
|
||||
tor_lockfile_t *
|
||||
tor_lockfile_lock(const char *filename, int blocking, int *locked_out)
|
||||
|
@ -696,7 +699,7 @@ tor_lockfile_lock(const char *filename, int blocking, int *locked_out)
|
|||
#ifdef WIN32
|
||||
_lseek(fd, 0, SEEK_SET);
|
||||
if (_locking(fd, blocking ? _LK_LOCK : _LK_NBLCK, 1) < 0) {
|
||||
if (errno != EDEADLOCK)
|
||||
if (errno != EACCESS && errno != EDEADLOCK)
|
||||
log_warn(LD_FS,"Couldn't lock \"%s\": %s", filename, strerror(errno));
|
||||
else
|
||||
*locked_out = 1;
|
||||
|
|
|
@ -326,17 +326,6 @@ _crypto_new_pk_env_rsa(RSA *rsa)
|
|||
return env;
|
||||
}
|
||||
|
||||
/** used by tortls.c: wrap the RSA from an evp_pkey in a crypto_pk_env_t.
|
||||
* returns NULL if this isn't an RSA key. */
|
||||
crypto_pk_env_t *
|
||||
_crypto_new_pk_env_evp_pkey(EVP_PKEY *pkey)
|
||||
{
|
||||
RSA *rsa;
|
||||
if (!(rsa = EVP_PKEY_get1_RSA(pkey)))
|
||||
return NULL;
|
||||
return _crypto_new_pk_env_rsa(rsa);
|
||||
}
|
||||
|
||||
/** Helper, used by tor-checkkey.c and tor-gencert.c. Return the RSA from a
|
||||
* crypto_pk_env_t. */
|
||||
RSA *
|
||||
|
@ -390,7 +379,7 @@ crypto_new_pk_env(void)
|
|||
RSA *rsa;
|
||||
|
||||
rsa = RSA_new();
|
||||
if (!rsa) return NULL;
|
||||
tor_assert(rsa);
|
||||
return _crypto_new_pk_env_rsa(rsa);
|
||||
}
|
||||
|
||||
|
@ -535,6 +524,8 @@ crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
|
|||
|
||||
/* Create a read-only memory BIO, backed by the string 's' */
|
||||
b = BIO_new_mem_buf((char*)s, (int)len);
|
||||
if (!b)
|
||||
return -1;
|
||||
|
||||
if (env->key)
|
||||
RSA_free(env->key);
|
||||
|
@ -595,6 +586,8 @@ crypto_pk_write_key_to_string_impl(crypto_pk_env_t *env, char **dest,
|
|||
tor_assert(dest);
|
||||
|
||||
b = BIO_new(BIO_s_mem()); /* Create a memory BIO */
|
||||
if (!b)
|
||||
return -1;
|
||||
|
||||
/* Now you can treat b as if it were a file. Just use the
|
||||
* PEM_*_bio_* functions instead of the non-bio variants.
|
||||
|
@ -662,6 +655,8 @@ crypto_pk_read_public_key_from_string(crypto_pk_env_t *env, const char *src,
|
|||
tor_assert(len<INT_MAX);
|
||||
|
||||
b = BIO_new(BIO_s_mem()); /* Create a memory BIO */
|
||||
if (!b)
|
||||
return -1;
|
||||
|
||||
BIO_write(b, src, (int)len);
|
||||
|
||||
|
|
|
@ -249,7 +249,6 @@ struct evp_pkey_st;
|
|||
struct dh_st;
|
||||
struct rsa_st *_crypto_pk_env_get_rsa(crypto_pk_env_t *env);
|
||||
crypto_pk_env_t *_crypto_new_pk_env_rsa(struct rsa_st *rsa);
|
||||
crypto_pk_env_t *_crypto_new_pk_env_evp_pkey(struct evp_pkey_st *pkey);
|
||||
struct evp_pkey_st *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env,
|
||||
int private);
|
||||
struct dh_st *_crypto_dh_env_get_dh(crypto_dh_env_t *dh);
|
||||
|
|
|
@ -808,6 +808,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime)
|
|||
goto error;
|
||||
{
|
||||
crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS);
|
||||
tor_assert(dh);
|
||||
SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));
|
||||
crypto_dh_free(dh);
|
||||
}
|
||||
|
|
5232
src/config/geoip
5232
src/config/geoip
File diff suppressed because it is too large
Load Diff
|
@ -99,6 +99,15 @@ static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice);
|
|||
|
||||
static void entry_guards_changed(void);
|
||||
|
||||
/**
|
||||
* This function decides if CBT learning should be disabled. It returns
|
||||
* true if one or more of the following four conditions are met:
|
||||
*
|
||||
* 1. If the cbtdisabled consensus parameter is set.
|
||||
* 2. If the torrc option LearnCircuitBuildTimeout is false.
|
||||
* 3. If we are a directory authority
|
||||
* 4. If we fail to write circuit build time history to our state file.
|
||||
*/
|
||||
static int
|
||||
circuit_build_times_disabled(void)
|
||||
{
|
||||
|
@ -125,6 +134,13 @@ circuit_build_times_disabled(void)
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve and bounds-check the cbtmaxtimeouts consensus paramter.
|
||||
*
|
||||
* Effect: When this many timeouts happen in the last 'cbtrecentcount'
|
||||
* circuit attempts, the client should discard all of its history and
|
||||
* begin learning a fresh timeout value.
|
||||
*/
|
||||
static int32_t
|
||||
circuit_build_times_max_timeouts(void)
|
||||
{
|
||||
|
@ -134,6 +150,15 @@ circuit_build_times_max_timeouts(void)
|
|||
CBT_MAX_MAX_RECENT_TIMEOUT_COUNT);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve and bounds-check the cbtnummodes consensus paramter.
|
||||
*
|
||||
* Effect: This value governs how many modes to use in the weighted
|
||||
* average calculation of Pareto parameter Xm. A value of 3 introduces
|
||||
* some bias (2-5% of CDF) under ideal conditions, but allows for better
|
||||
* performance in the event that a client chooses guard nodes of radically
|
||||
* different performance characteristics.
|
||||
*/
|
||||
static int32_t
|
||||
circuit_build_times_default_num_xm_modes(void)
|
||||
{
|
||||
|
@ -144,6 +169,12 @@ circuit_build_times_default_num_xm_modes(void)
|
|||
return num;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve and bounds-check the cbtmincircs consensus paramter.
|
||||
*
|
||||
* Effect: This is the minimum number of circuits to build before
|
||||
* computing a timeout.
|
||||
*/
|
||||
static int32_t
|
||||
circuit_build_times_min_circs_to_observe(void)
|
||||
{
|
||||
|
@ -162,6 +193,12 @@ circuit_build_times_enough_to_compute(circuit_build_times_t *cbt)
|
|||
return cbt->total_build_times >= circuit_build_times_min_circs_to_observe();
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve and bounds-check the cbtquantile consensus paramter.
|
||||
*
|
||||
* Effect: This is the position on the quantile curve to use to set the
|
||||
* timeout value. It is a percent (10-99).
|
||||
*/
|
||||
double
|
||||
circuit_build_times_quantile_cutoff(void)
|
||||
{
|
||||
|
@ -181,6 +218,13 @@ circuit_build_times_get_bw_scale(networkstatus_t *ns)
|
|||
BW_MAX_WEIGHT_SCALE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve and bounds-check the cbtclosequantile consensus paramter.
|
||||
*
|
||||
* Effect: This is the position on the quantile curve to use to set the
|
||||
* timeout value to use to actually close circuits. It is a percent
|
||||
* (0-99).
|
||||
*/
|
||||
static double
|
||||
circuit_build_times_close_quantile(void)
|
||||
{
|
||||
|
@ -199,6 +243,13 @@ circuit_build_times_close_quantile(void)
|
|||
return param / 100.0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve and bounds-check the cbttestfreq consensus paramter.
|
||||
*
|
||||
* Effect: Describes how often in seconds to build a test circuit to
|
||||
* gather timeout values. Only applies if less than 'cbtmincircs'
|
||||
* have been recorded.
|
||||
*/
|
||||
static int32_t
|
||||
circuit_build_times_test_frequency(void)
|
||||
{
|
||||
|
@ -209,6 +260,13 @@ circuit_build_times_test_frequency(void)
|
|||
return num;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve and bounds-check the cbtmintimeout consensus paramter.
|
||||
*
|
||||
* Effect: This is the minimum allowed timeout value in milliseconds.
|
||||
* The minimum is to prevent rounding to 0 (we only check once
|
||||
* per second).
|
||||
*/
|
||||
static int32_t
|
||||
circuit_build_times_min_timeout(void)
|
||||
{
|
||||
|
@ -219,6 +277,12 @@ circuit_build_times_min_timeout(void)
|
|||
return num;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve and bounds-check the cbtinitialtimeout consensus paramter.
|
||||
*
|
||||
* Effect: This is the timeout value to use before computing a timeout,
|
||||
* in milliseconds.
|
||||
*/
|
||||
int32_t
|
||||
circuit_build_times_initial_timeout(void)
|
||||
{
|
||||
|
@ -235,6 +299,13 @@ circuit_build_times_initial_timeout(void)
|
|||
return param;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve and bounds-check the cbtrecentcount consensus paramter.
|
||||
*
|
||||
* Effect: This is the number of circuit build times to keep track of
|
||||
* for deciding if we hit cbtmaxtimeouts and need to reset our state
|
||||
* and learn a new timeout.
|
||||
*/
|
||||
static int32_t
|
||||
circuit_build_times_recent_circuit_count(networkstatus_t *ns)
|
||||
{
|
||||
|
@ -258,8 +329,9 @@ circuit_build_times_new_consensus_params(circuit_build_times_t *cbt,
|
|||
|
||||
if (num > 0 && num != cbt->liveness.num_recent_circs) {
|
||||
int8_t *recent_circs;
|
||||
log_notice(LD_CIRC, "Changing recent timeout size from %d to %d",
|
||||
cbt->liveness.num_recent_circs, num);
|
||||
log_notice(LD_CIRC, "The Tor Directory Consensus has changed how many "
|
||||
"circuits we must track to detect network failures from %d "
|
||||
"to %d.", cbt->liveness.num_recent_circs, num);
|
||||
|
||||
tor_assert(cbt->liveness.timeouts_after_firsthop);
|
||||
|
||||
|
@ -588,12 +660,14 @@ circuit_build_times_update_state(circuit_build_times_t *cbt,
|
|||
static void
|
||||
circuit_build_times_shuffle_and_store_array(circuit_build_times_t *cbt,
|
||||
build_time_t *raw_times,
|
||||
int num_times)
|
||||
uint32_t num_times)
|
||||
{
|
||||
int n = num_times;
|
||||
uint32_t n = num_times;
|
||||
if (num_times > CBT_NCIRCUITS_TO_OBSERVE) {
|
||||
log_notice(LD_CIRC, "Decreasing circuit_build_times size from %d to %d",
|
||||
num_times, CBT_NCIRCUITS_TO_OBSERVE);
|
||||
log_notice(LD_CIRC, "The number of circuit times that this Tor version "
|
||||
"uses to calculate build times is less than the number stored "
|
||||
"in your state file. Decreasing the circuit time history from "
|
||||
"%d to %d.", num_times, CBT_NCIRCUITS_TO_OBSERVE);
|
||||
}
|
||||
|
||||
/* This code can only be run on a compact array */
|
||||
|
@ -1074,7 +1148,7 @@ circuit_build_times_network_close(circuit_build_times_t *cbt,
|
|||
if (cbt->liveness.nonlive_timeouts == 1) {
|
||||
log_notice(LD_CIRC,
|
||||
"Tor has not observed any network activity for the past %d "
|
||||
"seconds. Disabling circuit build timeout code.",
|
||||
"seconds. Disabling circuit build timeout recording.",
|
||||
(int)(now - cbt->liveness.network_last_live));
|
||||
} else {
|
||||
log_info(LD_CIRC,
|
||||
|
@ -1158,7 +1232,7 @@ circuit_build_times_network_check_changed(circuit_build_times_t *cbt)
|
|||
control_event_buildtimeout_set(cbt, BUILDTIMEOUT_SET_EVENT_RESET);
|
||||
|
||||
log_notice(LD_CIRC,
|
||||
"Network connection speed appears to have changed. Resetting "
|
||||
"Your network connection speed appears to have changed. Resetting "
|
||||
"timeout to %lds after %d timeouts and %d buildtimes.",
|
||||
tor_lround(cbt->timeout_ms/1000), timeout_count,
|
||||
total_build_times);
|
||||
|
@ -1296,7 +1370,7 @@ circuit_build_times_set_timeout_worker(circuit_build_times_t *cbt)
|
|||
}
|
||||
|
||||
if (max_time < INT32_MAX/2 && cbt->close_ms > 2*max_time) {
|
||||
log_notice(LD_CIRC,
|
||||
log_info(LD_CIRC,
|
||||
"Circuit build measurement period of %dms is more than twice "
|
||||
"the maximum build time we have ever observed. Capping it to "
|
||||
"%dms.", (int)cbt->close_ms, 2*max_time);
|
||||
|
|
|
@ -195,6 +195,7 @@ static config_var_t _option_vars[] = {
|
|||
V(CircuitStreamTimeout, INTERVAL, "0"),
|
||||
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
|
||||
V(ClientDNSRejectInternalAddresses, BOOL,"1"),
|
||||
V(ClientRejectInternalAddresses, BOOL, "1"),
|
||||
V(ClientOnly, BOOL, "0"),
|
||||
V(ConsensusParams, STRING, NULL),
|
||||
V(ConnLimit, UINT, "1000"),
|
||||
|
@ -405,6 +406,7 @@ static config_var_t testing_tor_network_defaults[] = {
|
|||
V(AuthDirMaxServersPerAddr, UINT, "0"),
|
||||
V(AuthDirMaxServersPerAuthAddr,UINT, "0"),
|
||||
V(ClientDNSRejectInternalAddresses, BOOL,"0"),
|
||||
V(ClientRejectInternalAddresses, BOOL, "0"),
|
||||
V(ExitPolicyRejectPrivate, BOOL, "0"),
|
||||
V(V3AuthVotingInterval, INTERVAL, "5 minutes"),
|
||||
V(V3AuthVoteDelay, INTERVAL, "20 seconds"),
|
||||
|
@ -2839,7 +2841,9 @@ compute_publishserverdescriptor(or_options_t *options)
|
|||
else if (!strcasecmp(string, "bridge"))
|
||||
*auth |= BRIDGE_AUTHORITY;
|
||||
else if (!strcasecmp(string, "hidserv"))
|
||||
*auth |= HIDSERV_AUTHORITY;
|
||||
log_warn(LD_CONFIG,
|
||||
"PublishServerDescriptor hidserv is invalid. See "
|
||||
"PublishHidServDescriptors.");
|
||||
else if (!strcasecmp(string, "") || !strcmp(string, "0"))
|
||||
/* no authority */;
|
||||
else
|
||||
|
@ -3343,6 +3347,11 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||
"PerConnBWBurst", msg) < 0)
|
||||
return -1;
|
||||
|
||||
if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
|
||||
options->RelayBandwidthBurst = options->RelayBandwidthRate;
|
||||
if (options->RelayBandwidthBurst && !options->RelayBandwidthRate)
|
||||
options->RelayBandwidthRate = options->RelayBandwidthBurst;
|
||||
|
||||
if (server_mode(options)) {
|
||||
if (options->BandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
|
||||
tor_asprintf(msg,
|
||||
|
@ -3371,9 +3380,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||
}
|
||||
}
|
||||
|
||||
if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
|
||||
options->RelayBandwidthBurst = options->RelayBandwidthRate;
|
||||
|
||||
if (options->RelayBandwidthRate > options->RelayBandwidthBurst)
|
||||
REJECT("RelayBandwidthBurst must be at least equal "
|
||||
"to RelayBandwidthRate.");
|
||||
|
|
|
@ -1178,7 +1178,8 @@ connection_handle_listener_read(connection_t *conn, int new_type)
|
|||
}
|
||||
|
||||
if (connection_init_accepted_conn(newconn, conn->type) < 0) {
|
||||
connection_mark_for_close(newconn);
|
||||
if (! conn->marked_for_close)
|
||||
connection_mark_for_close(newconn);
|
||||
return 0;
|
||||
}
|
||||
return 0;
|
||||
|
@ -1204,9 +1205,11 @@ connection_init_accepted_conn(connection_t *conn, uint8_t listener_type)
|
|||
conn->state = AP_CONN_STATE_SOCKS_WAIT;
|
||||
break;
|
||||
case CONN_TYPE_AP_TRANS_LISTENER:
|
||||
TO_EDGE_CONN(conn)->is_transparent_ap = 1;
|
||||
conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
|
||||
return connection_ap_process_transparent(TO_EDGE_CONN(conn));
|
||||
case CONN_TYPE_AP_NATD_LISTENER:
|
||||
TO_EDGE_CONN(conn)->is_transparent_ap = 1;
|
||||
conn->state = AP_CONN_STATE_NATD_WAIT;
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -1659,6 +1659,28 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
|
|||
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
|
||||
return -1;
|
||||
}
|
||||
if (options->ClientRejectInternalAddresses &&
|
||||
!conn->use_begindir && !conn->chosen_exit_name && !circ) {
|
||||
tor_addr_t addr;
|
||||
if (tor_addr_from_str(&addr, socks->address) >= 0 &&
|
||||
tor_addr_is_internal(&addr, 0)) {
|
||||
/* If this is an explicit private address with no chosen exit node,
|
||||
* then we really don't want to try to connect to it. That's
|
||||
* probably an error. */
|
||||
if (conn->is_transparent_ap) {
|
||||
log_warn(LD_NET,
|
||||
"Rejecting request for anonymous connection to private "
|
||||
"address %s on a TransPort or NATDPort. Possible loop "
|
||||
"in your NAT rules?", safe_str_client(socks->address));
|
||||
} else {
|
||||
log_warn(LD_NET,
|
||||
"Rejecting SOCKS request for anonymous connection to "
|
||||
"private address %s", safe_str_client(socks->address));
|
||||
}
|
||||
connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {
|
||||
/* see if we can find a suitable enclave exit */
|
||||
|
|
|
@ -1527,9 +1527,10 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
|||
delta>0 ? "ahead" : "behind", dbuf,
|
||||
delta>0 ? "behind" : "ahead");
|
||||
skewed = 1; /* don't check the recommended-versions line */
|
||||
control_event_general_status(trusted ? LOG_WARN : LOG_NOTICE,
|
||||
"CLOCK_SKEW SKEW=%ld SOURCE=DIRSERV:%s:%d",
|
||||
delta, conn->_base.address, conn->_base.port);
|
||||
if (trusted)
|
||||
control_event_general_status(LOG_WARN,
|
||||
"CLOCK_SKEW SKEW=%ld SOURCE=DIRSERV:%s:%d",
|
||||
delta, conn->_base.address, conn->_base.port);
|
||||
} else {
|
||||
log_debug(LD_HTTP, "Time on received directory is within tolerance; "
|
||||
"we are %ld seconds skewed. (That's okay.)", delta);
|
||||
|
|
|
@ -50,7 +50,7 @@ static int dirvote_publish_consensus(void);
|
|||
static char *make_consensus_method_list(int low, int high, const char *sep);
|
||||
|
||||
/** The highest consensus method that we currently support. */
|
||||
#define MAX_SUPPORTED_CONSENSUS_METHOD 10
|
||||
#define MAX_SUPPORTED_CONSENSUS_METHOD 11
|
||||
|
||||
/** Lowest consensus method that contains a 'directory-footer' marker */
|
||||
#define MIN_METHOD_FOR_FOOTER 9
|
||||
|
@ -1693,7 +1693,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
|
|||
const char *chosen_name = NULL;
|
||||
int exitsummary_disagreement = 0;
|
||||
int is_named = 0, is_unnamed = 0, is_running = 0;
|
||||
int is_guard = 0, is_exit = 0;
|
||||
int is_guard = 0, is_exit = 0, is_bad_exit = 0;
|
||||
int naming_conflict = 0;
|
||||
int n_listing = 0;
|
||||
int i;
|
||||
|
@ -1819,6 +1819,8 @@ networkstatus_compute_consensus(smartlist_t *votes,
|
|||
is_guard = 1;
|
||||
else if (!strcmp(fl, "Running"))
|
||||
is_running = 1;
|
||||
else if (!strcmp(fl, "BadExit"))
|
||||
is_bad_exit = 1;
|
||||
}
|
||||
}
|
||||
});
|
||||
|
@ -1845,6 +1847,11 @@ networkstatus_compute_consensus(smartlist_t *votes,
|
|||
rs_out.bandwidth = median_uint32(bandwidths, num_bandwidths);
|
||||
}
|
||||
|
||||
/* Fix bug 2203: Do not count BadExit nodes as Exits for bw weights */
|
||||
if (consensus_method >= 11) {
|
||||
is_exit = is_exit && !is_bad_exit;
|
||||
}
|
||||
|
||||
if (consensus_method >= MIN_METHOD_FOR_BW_WEIGHTS) {
|
||||
if (rs_out.has_bandwidth) {
|
||||
T += rs_out.bandwidth;
|
||||
|
|
|
@ -783,7 +783,8 @@ hibernate_begin(hibernate_state_t new_state, time_t now)
|
|||
/* XXX upload rendezvous service descriptors with no intro points */
|
||||
|
||||
if (new_state == HIBERNATE_STATE_EXITING) {
|
||||
log_notice(LD_GENERAL,"Interrupt: will shut down in %d seconds. Interrupt "
|
||||
log_notice(LD_GENERAL,"Interrupt: we have stopped accepting new "
|
||||
"connections, and will shut down in %d seconds. Interrupt "
|
||||
"again to exit now.", options->ShutdownWaitLength);
|
||||
shutdown_time = time(NULL) + options->ShutdownWaitLength;
|
||||
} else { /* soft limit reached */
|
||||
|
@ -940,7 +941,8 @@ consider_hibernation(time_t now)
|
|||
if (hibernate_state == HIBERNATE_STATE_LIVE) {
|
||||
if (hibernate_soft_limit_reached()) {
|
||||
log_notice(LD_ACCT,
|
||||
"Bandwidth soft limit reached; commencing hibernation.");
|
||||
"Bandwidth soft limit reached; commencing hibernation. "
|
||||
"No new conncetions will be accepted");
|
||||
hibernate_begin(HIBERNATE_STATE_LOWBANDWIDTH, now);
|
||||
} else if (accounting_enabled && now < interval_wakeup_time) {
|
||||
format_local_iso_time(buf,interval_wakeup_time);
|
||||
|
|
|
@ -2194,6 +2194,19 @@ tor_main(int argc, char *argv[])
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef MS_WINDOWS
|
||||
/* Call SetProcessDEPPolicy to permanently enable DEP.
|
||||
The function will not resolve on earlier versions of Windows,
|
||||
and failure is not dangerous. */
|
||||
HMODULE hMod = GetModuleHandleA("Kernel32.dll");
|
||||
if (hMod) {
|
||||
typedef BOOL (WINAPI *PSETDEP)(DWORD);
|
||||
PSETDEP setdeppolicy = (PSETDEP)GetProcAddress(hMod,
|
||||
"SetProcessDEPPolicy");
|
||||
if (setdeppolicy) setdeppolicy(1); /* PROCESS_DEP_ENABLE */
|
||||
}
|
||||
#endif
|
||||
|
||||
update_approx_time(time(NULL));
|
||||
tor_threads_init();
|
||||
init_logging();
|
||||
|
|
|
@ -259,6 +259,10 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
|
|||
}
|
||||
|
||||
dh = crypto_dh_new(DH_TYPE_CIRCUIT);
|
||||
if (!dh) {
|
||||
log_warn(LD_BUG, "Couldn't allocate DH key");
|
||||
goto err;
|
||||
}
|
||||
if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
|
||||
log_info(LD_GENERAL, "crypto_dh_get_public failed.");
|
||||
goto err;
|
||||
|
|
11
src/or/or.h
11
src/or/or.h
|
@ -583,6 +583,9 @@ typedef enum {
|
|||
/** This is a connection on the NATD port, and the destination IP:Port was
|
||||
* either ill-formed or out-of-range. */
|
||||
#define END_STREAM_REASON_INVALID_NATD_DEST 261
|
||||
/** The target address is in a private network (like 127.0.0.1 or 10.0.0.1);
|
||||
* you don't want to do that over a randomly chosen exit */
|
||||
#define END_STREAM_REASON_PRIVATE_ADDR 262
|
||||
|
||||
/** Bitwise-and this value with endreason to mask out all flags. */
|
||||
#define END_STREAM_REASON_MASK 511
|
||||
|
@ -1170,6 +1173,10 @@ typedef struct edge_connection_t {
|
|||
* zero, abandon the associated mapaddress. */
|
||||
unsigned int chosen_exit_retries:3;
|
||||
|
||||
/** True iff this is an AP connection that came from a transparent or
|
||||
* NATd connection */
|
||||
unsigned int is_transparent_ap:1;
|
||||
|
||||
/** If this is a DNSPort connection, this field holds the pending DNS
|
||||
* request that we're going to try to answer. */
|
||||
struct evdns_server_request *dns_server_request;
|
||||
|
@ -2749,6 +2756,10 @@ typedef struct {
|
|||
* Helps avoid some cross-site attacks. */
|
||||
int ClientDNSRejectInternalAddresses;
|
||||
|
||||
/** If true, do not accept any requests to connect to internal addresses
|
||||
* over randomly chosen exits. */
|
||||
int ClientRejectInternalAddresses;
|
||||
|
||||
/** The length of time that we think a consensus should be fresh. */
|
||||
int V3AuthVotingInterval;
|
||||
/** The length of time we think it will take to distribute votes. */
|
||||
|
|
|
@ -40,6 +40,8 @@ stream_end_reason_to_control_string(int reason)
|
|||
case END_STREAM_REASON_NET_UNREACHABLE: return "NET_UNREACHABLE";
|
||||
case END_STREAM_REASON_SOCKSPROTOCOL: return "SOCKS_PROTOCOL";
|
||||
|
||||
case END_STREAM_REASON_PRIVATE_ADDR: return "PRIVATE_ADDR";
|
||||
|
||||
default: return NULL;
|
||||
}
|
||||
}
|
||||
|
@ -125,6 +127,9 @@ stream_end_reason_to_socks5_response(int reason)
|
|||
return SOCKS5_NET_UNREACHABLE;
|
||||
case END_STREAM_REASON_SOCKSPROTOCOL:
|
||||
return SOCKS5_GENERAL_ERROR;
|
||||
case END_STREAM_REASON_PRIVATE_ADDR:
|
||||
return SOCKS5_GENERAL_ERROR;
|
||||
|
||||
default:
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
||||
"Reason for ending (%d) not recognized; "
|
||||
|
|
|
@ -1722,7 +1722,7 @@ smartlist_choose_by_bandwidth_weights(smartlist_t *sl,
|
|||
double weight = 1;
|
||||
if (statuses) {
|
||||
routerstatus_t *status = smartlist_get(sl, i);
|
||||
is_exit = status->is_exit;
|
||||
is_exit = status->is_exit && !status->is_bad_exit;
|
||||
is_guard = status->is_possible_guard;
|
||||
is_dir = (status->dir_port != 0);
|
||||
if (!status->has_bandwidth) {
|
||||
|
@ -1742,7 +1742,7 @@ smartlist_choose_by_bandwidth_weights(smartlist_t *sl,
|
|||
routerinfo_t *router = smartlist_get(sl, i);
|
||||
rs = router_get_consensus_status_by_id(
|
||||
router->cache_info.identity_digest);
|
||||
is_exit = router->is_exit;
|
||||
is_exit = router->is_exit && !router->is_bad_exit;
|
||||
is_guard = router->is_possible_guard;
|
||||
is_dir = (router->dir_port != 0);
|
||||
if (rs && rs->has_bandwidth) {
|
||||
|
|
|
@ -1088,7 +1088,7 @@ check_signature_token(const char *digest,
|
|||
signed_digest = tor_malloc(keysize);
|
||||
if (crypto_pk_public_checksig(pkey, signed_digest, keysize,
|
||||
tok->object_body, tok->object_size)
|
||||
< DIGEST_LEN) {
|
||||
< digest_len) {
|
||||
log_warn(LD_DIR, "Error reading %s: invalid signature.", doctype);
|
||||
tor_free(signed_digest);
|
||||
return -1;
|
||||
|
|
Loading…
Reference in New Issue