Compare commits
243 Commits
master
...
maint-0.1.
Author | SHA1 | Date |
---|---|---|
Nick Mathewson | 8608e6823e | |
Nick Mathewson | 571974d02a | |
Nick Mathewson | a0404dad39 | |
Nick Mathewson | 3403739969 | |
Peter Palfrader | 6573da7f00 | |
Peter Palfrader | a2164245c0 | |
Roger Dingledine | 2bed102003 | |
Roger Dingledine | b306920af1 | |
Nick Mathewson | 5cbc887573 | |
Nick Mathewson | 69198d0156 | |
Nick Mathewson | 564028a07d | |
Nick Mathewson | c9c7f3c892 | |
Roger Dingledine | 2d7f7a6456 | |
Roger Dingledine | c047d647e3 | |
Roger Dingledine | f1b581bfac | |
Nick Mathewson | 352824d95f | |
Roger Dingledine | a1e8cf5ccb | |
Nick Mathewson | 839a8a8014 | |
Roger Dingledine | 27227679b4 | |
Nick Mathewson | c3bd8d144c | |
Roger Dingledine | 259d2f7207 | |
Peter Palfrader | 54d2258feb | |
Peter Palfrader | 6a7a064498 | |
Nick Mathewson | 76ca012a3b | |
Nick Mathewson | 2a9ba2e257 | |
Roger Dingledine | 1ae9d27387 | |
Peter Palfrader | 23c72821e7 | |
Roger Dingledine | fe4a6cd08e | |
Nick Mathewson | 31473ee286 | |
Nick Mathewson | b7494ce8e9 | |
Nick Mathewson | 6d9816d9e9 | |
Andrew Lewman | bf6ef1bf00 | |
Andrew Lewman | 24551dfc73 | |
Andrew Lewman | 86bee1e461 | |
Andrew Lewman | 136c7482aa | |
Nick Mathewson | a0eb902277 | |
Nick Mathewson | 75299426d0 | |
Nick Mathewson | ad7837d925 | |
Roger Dingledine | 83ac50c2b2 | |
Roger Dingledine | b5e04c92a9 | |
Andrew Lewman | b2362c352c | |
Nick Mathewson | 77da84b70c | |
Nick Mathewson | c52cacb1a2 | |
Nick Mathewson | 349e55e6cb | |
Nick Mathewson | 5fe06d0f02 | |
Nick Mathewson | 8e5cb98b8f | |
Nick Mathewson | 9a3597c418 | |
Roger Dingledine | 1acfe321f8 | |
Roger Dingledine | 47f011cac8 | |
Roger Dingledine | 9df8eec60e | |
Roger Dingledine | d9ad41767b | |
Peter Palfrader | 6a8180657c | |
Roger Dingledine | 12e6d8c7f2 | |
Roger Dingledine | 036c72bd21 | |
Roger Dingledine | 281c749648 | |
Nick Mathewson | 75e2026626 | |
Nick Mathewson | fad1656a7f | |
Nick Mathewson | 897f64c95d | |
Nick Mathewson | f7eb647cfb | |
Andrew Lewman | 21f26ab0cf | |
Andrew Lewman | c6d931e2eb | |
Andrew Lewman | 39ab0161e5 | |
Andrew Lewman | 0be7df0932 | |
Andrew Lewman | 443bb2c771 | |
Andrew Lewman | a6bf7e8c4c | |
Andrew Lewman | 7bf9217a3b | |
Andrew Lewman | 04bb9d1ddf | |
Roger Dingledine | 105ac3a1da | |
Nick Mathewson | 3e8a1707e9 | |
Roger Dingledine | 1137f40010 | |
Peter Palfrader | 266b66ef8a | |
Roger Dingledine | 9efb93165c | |
Nick Mathewson | 022b087148 | |
Nick Mathewson | b3c6fd7fc6 | |
Andrew Lewman | d3a6276031 | |
Andrew Lewman | b545fb5f7e | |
Nick Mathewson | 427eb4649b | |
Nick Mathewson | a58ba03b85 | |
Peter Palfrader | b031d6c139 | |
Roger Dingledine | 586c943ee7 | |
Roger Dingledine | ec186e77d5 | |
Andrew Lewman | 75992364c9 | |
Andrew Lewman | d628b63285 | |
Andrew Lewman | 291dc2eeed | |
Nick Mathewson | 2e11f7d9dd | |
Nick Mathewson | 05053561b9 | |
Nick Mathewson | 3cb69a9ce4 | |
Nick Mathewson | dd44c068c5 | |
Nick Mathewson | 172773cf55 | |
Roger Dingledine | 8bf32223d7 | |
Roger Dingledine | 8b35202b47 | |
Roger Dingledine | 9b2802c4be | |
Roger Dingledine | d84aa94cba | |
Nick Mathewson | 2d4f755072 | |
Nick Mathewson | 3ae157b8dc | |
Roger Dingledine | 60c9b17774 | |
Andrew Lewman | 02e6165664 | |
Andrew Lewman | 08371520d2 | |
Roger Dingledine | b0b1665765 | |
Andrew Lewman | 39027356ec | |
Andrew Lewman | 40675e9eff | |
Andrew Lewman | f24cfdd75d | |
Nick Mathewson | 2cd6a240bd | |
Nick Mathewson | 3115905506 | |
Nick Mathewson | 383c8deced | |
Nick Mathewson | dcbae324ec | |
Roger Dingledine | d2b76f34e6 | |
Nick Mathewson | 396ebc075a | |
Roger Dingledine | 2ee02e848e | |
Andrew Lewman | 1a4cbf7e1d | |
Roger Dingledine | dd8c157810 | |
Nick Mathewson | b228d62898 | |
Nick Mathewson | ff7e0e8971 | |
Nick Mathewson | ddd44cb602 | |
Nick Mathewson | 5c2cea6563 | |
Peter Palfrader | 571fc28fc3 | |
Roger Dingledine | b597d0ee10 | |
Roger Dingledine | e852f30350 | |
Nick Mathewson | 2308e8b924 | |
Roger Dingledine | 7d9051940a | |
Roger Dingledine | 26bdb03d28 | |
Roger Dingledine | ee9cc158ba | |
Roger Dingledine | a5b347e9f4 | |
Roger Dingledine | 2fb3f9beba | |
Roger Dingledine | 0153b6b20e | |
Andrew Lewman | 07d9dc945b | |
Roger Dingledine | c054f75dfa | |
Roger Dingledine | c0ea203c0c | |
Nick Mathewson | 19015885a0 | |
Roger Dingledine | 87f4dc04b8 | |
Roger Dingledine | 521b065368 | |
Nick Mathewson | 278b75619a | |
Nick Mathewson | 00581b58e9 | |
Nick Mathewson | 6c4c4ea0e1 | |
Nick Mathewson | ebb8a62ad4 | |
Roger Dingledine | d0ecd468eb | |
Nick Mathewson | 5da1f97670 | |
Nick Mathewson | 0690f1fd7e | |
Nick Mathewson | 2268d29e94 | |
Nick Mathewson | 2b00470094 | |
Roger Dingledine | bc0692a5d9 | |
Peter Palfrader | c79aed0ec5 | |
Peter Palfrader | aacc56bdf2 | |
Roger Dingledine | 474894b85d | |
Roger Dingledine | 0247ed481b | |
Nick Mathewson | b80048a65e | |
Peter Palfrader | 0305f49258 | |
Nick Mathewson | 5d91b10da9 | |
Nick Mathewson | 669101378b | |
Roger Dingledine | 45819cac72 | |
Roger Dingledine | 56b099015e | |
Nick Mathewson | e5641fa52b | |
Roger Dingledine | 2648a6266c | |
Nick Mathewson | eb576f0a18 | |
Nick Mathewson | 1953de9dd1 | |
Roger Dingledine | 800a0924da | |
Roger Dingledine | 0e34c68fd4 | |
Roger Dingledine | 17759c320e | |
Roger Dingledine | e459ba56aa | |
Roger Dingledine | d39b7fdbe2 | |
Roger Dingledine | c222971b5a | |
Nick Mathewson | d9cee67479 | |
Nick Mathewson | cce7548d0c | |
Nick Mathewson | afd0f2d13b | |
Nick Mathewson | d52051da48 | |
Nick Mathewson | c09f015b55 | |
Nick Mathewson | 588a007b8a | |
Nick Mathewson | d6f01a37c6 | |
Nick Mathewson | f59e1694d3 | |
Nick Mathewson | fef206a7d1 | |
Nick Mathewson | 25e312e1a3 | |
Nick Mathewson | cd61565ad3 | |
Nick Mathewson | 984342dfb5 | |
Nick Mathewson | 657bae5f53 | |
Nick Mathewson | 5de93f2670 | |
Nick Mathewson | 12a873acce | |
Nick Mathewson | b1ab445c60 | |
Peter Palfrader | f64a5b71e0 | |
Peter Palfrader | 0bea370d3c | |
Nick Mathewson | f647ff501f | |
Nick Mathewson | 39d52ec93a | |
Nick Mathewson | 49b1ea5e5b | |
Nick Mathewson | 7bd9c2de24 | |
Nick Mathewson | 2bb833b43d | |
Roger Dingledine | cd6d3e5f86 | |
Nick Mathewson | 3419e7446e | |
Nick Mathewson | 20773596d3 | |
Roger Dingledine | 9204034cf0 | |
Peter Palfrader | 8e1f802584 | |
Roger Dingledine | a895df1e62 | |
Roger Dingledine | de4263b450 | |
Roger Dingledine | f93226e3dc | |
Roger Dingledine | 6243cb2b71 | |
Roger Dingledine | 6ae73ad808 | |
Nick Mathewson | a6d2f877f5 | |
Roger Dingledine | 5dcac14bab | |
Nick Mathewson | fa64904306 | |
Roger Dingledine | 5616baa52a | |
Roger Dingledine | 35e14d1426 | |
Nick Mathewson | 8cf3fd98ec | |
Nick Mathewson | 1837b5670f | |
Roger Dingledine | 993c497325 | |
Roger Dingledine | 0868a4004b | |
Nick Mathewson | 9091d0c49a | |
Roger Dingledine | dc76c31c79 | |
Roger Dingledine | f597b73dc0 | |
Roger Dingledine | 2ded13ecdc | |
Roger Dingledine | 3597eaab79 | |
Nick Mathewson | 4fce4886bc | |
Nick Mathewson | 1d5beb0df9 | |
Nick Mathewson | 49b8638801 | |
Roger Dingledine | f294708f7f | |
Peter Palfrader | f8cccdbe50 | |
Peter Palfrader | 225ea3dba3 | |
Peter Palfrader | 47675391d9 | |
Peter Palfrader | c553066d9e | |
Roger Dingledine | 6f44c3250e | |
Roger Dingledine | e35659f66b | |
Roger Dingledine | 1fa6c65abe | |
Andrew Lewman | 4007d93d94 | |
Peter Palfrader | 9289e35d81 | |
Peter Palfrader | dec649d564 | |
Andrew Lewman | fb60822f5c | |
Roger Dingledine | 2290eb92b6 | |
Andrew Lewman | 11fa67a5b8 | |
Roger Dingledine | 30cb4ecbac | |
Andrew Lewman | 89f8089482 | |
Peter Palfrader | ec479e9db1 | |
Roger Dingledine | 378e33a8da | |
Roger Dingledine | f47cf63f8a | |
Roger Dingledine | b55c768d84 | |
Roger Dingledine | 4104f0a014 | |
Roger Dingledine | 55aa184ac5 | |
Roger Dingledine | 574f234dc7 | |
Roger Dingledine | 9027b7acf9 | |
Peter Palfrader | 09fcc77606 | |
Andrew Lewman | e52790aa8f | |
Roger Dingledine | 0066174afa | |
Roger Dingledine | 350bfb641d | |
Peter Palfrader | fbf610e679 | |
Peter Palfrader | c05abaee94 | |
Roger Dingledine | 197e4f8e5a | |
Nick Mathewson | 1a4d934054 |
|
@ -0,0 +1,132 @@
|
|||
# Global ignores
|
||||
\#*\#
|
||||
.#*
|
||||
*.orig
|
||||
*.rej
|
||||
# gcov stuff
|
||||
*.gcno
|
||||
*.gcov
|
||||
*.gcda
|
||||
# latex stuff
|
||||
*.aux
|
||||
*.dvi
|
||||
*.blg
|
||||
*.bbl
|
||||
*.log
|
||||
# Autotools stuff
|
||||
.deps
|
||||
# Stuff made by our makefiles
|
||||
*.bak
|
||||
|
||||
# /
|
||||
/Makefile
|
||||
/Makefile.in
|
||||
/aclocal.m4
|
||||
/autom4te.cache
|
||||
/build-stamp
|
||||
/configure
|
||||
/Doxyfile
|
||||
/orconfig.h
|
||||
/orconfig.h.in
|
||||
/config.cache
|
||||
/config.log
|
||||
/config.status
|
||||
/config.guess
|
||||
/config.sub
|
||||
/conftest*
|
||||
/patch-stamp
|
||||
/stamp-h
|
||||
/stamp-h.in
|
||||
/stamp-h1
|
||||
/tor.sh
|
||||
/tor.spec
|
||||
/depcomp
|
||||
/install-sh
|
||||
/missing
|
||||
/mkinstalldirs
|
||||
/Tor*Bundle.dmg
|
||||
/tor-*-win32.exe
|
||||
|
||||
# /contrib/
|
||||
/contrib/Makefile
|
||||
/contrib/Makefile.in
|
||||
/contrib/tor.sh
|
||||
/contrib/torctl
|
||||
/contrib/torify
|
||||
/contrib/*.pyc
|
||||
/contrib/*.pyo
|
||||
/contrib/tor.logrotate
|
||||
/contrib/tor.wxs
|
||||
|
||||
# /contrib/osx/
|
||||
/contrib/osx/Makefile
|
||||
/contrib/osx/Makefile.in
|
||||
/contrib/osx/TorBundleDesc.plist
|
||||
/contrib/osx/TorBundleInfo.plist
|
||||
/contrib/osx/TorDesc.plist
|
||||
/contrib/osx/TorInfo.plist
|
||||
/contrib/osx/TorStartupDesc.plist
|
||||
/contrib/osx/net.freehaven.tor.plist
|
||||
|
||||
# /contrib/suse/
|
||||
/contrib/suse/tor.sh
|
||||
/contrib/suse/Makefile.in
|
||||
/contrib/suse/Makefile
|
||||
|
||||
# /debian/
|
||||
/debian/files
|
||||
/debian/patched
|
||||
/debian/tor
|
||||
/debian/tor.postinst.debhelper
|
||||
/debian/tor.postrm.debhelper
|
||||
/debian/tor.prerm.debhelper
|
||||
/debian/tor.substvars
|
||||
|
||||
# /doc/
|
||||
/doc/Makefile
|
||||
/doc/Makefile.in
|
||||
/doc/tor.1
|
||||
/doc/doxygen
|
||||
|
||||
# /doc/design-paper/
|
||||
/doc/design-paper/Makefile
|
||||
/doc/design-paper/Makefile.in
|
||||
|
||||
# /doc/spec/
|
||||
/doc/spec/Makefile
|
||||
/doc/spec/Makefile.in
|
||||
|
||||
# /src/
|
||||
/src/Makefile
|
||||
/src/Makefile.in
|
||||
|
||||
# /src/common/
|
||||
/src/common/Makefile
|
||||
/src/common/Makefile.in
|
||||
/src/common/libor.a
|
||||
/src/common/libor-crypto.a
|
||||
|
||||
# /src/config/
|
||||
/src/config/Makefile
|
||||
/src/config/Makefile.in
|
||||
/src/config/sample-server-torrc
|
||||
/src/config/torrc
|
||||
/src/config/torrc.sample
|
||||
|
||||
# /src/or/
|
||||
/src/or/Makefile
|
||||
/src/or/Makefile.in
|
||||
/src/or/micro-revision.*
|
||||
/src/or/tor
|
||||
/src/or/test
|
||||
|
||||
# /src/tools/
|
||||
/src/tools/tor-checkkey
|
||||
/src/tools/tor-resolve
|
||||
/src/tools/tor-gencert
|
||||
/src/tools/Makefile
|
||||
/src/tools/Makefile.in
|
||||
|
||||
# /src/win32/
|
||||
/src/win32/Makefile
|
||||
/src/win32/Makefile.in
|
8
AUTHORS
8
AUTHORS
|
@ -1,3 +1,11 @@
|
|||
This file lists the authors for Tor,
|
||||
a free software project to provide anonymity on the Internet.
|
||||
|
||||
For more information about Tor, see http://www.torproject.org/.
|
||||
|
||||
If you got this file as a part of a larger bundle,
|
||||
there are probably other authors that you should be aware of.
|
||||
|
||||
|
||||
Main authors:
|
||||
-------------
|
||||
|
|
393
ChangeLog
393
ChangeLog
|
@ -1,10 +1,389 @@
|
|||
Changes in version 0.1.2.10-rc - 2007-03-??
|
||||
Changes in version 0.1.2.20 - 2008-??-??
|
||||
o Directory authority changes:
|
||||
- Take lefkada out of the list of v2 directory authorities, since
|
||||
it has been down for months.
|
||||
|
||||
o Major bugfixes:
|
||||
- Patch from "Andrew S. Lists" to catch when we contact a directory
|
||||
mirror at IP address X and he says we look like we're coming from
|
||||
IP address X. Bugfix on 0.1.2.x.
|
||||
- Allow a closing-down linked directory connection to have its
|
||||
blocked_on_or_conn field set. This prevents a rare assertion error
|
||||
that could occur when an OR connection carrying tunneled directory
|
||||
requests closed before the requests were complete. Fixes bug 406.
|
||||
- If we only ever used Tor for hidden service lookups or posts, we
|
||||
would stop building circuits and start refusing connections after
|
||||
24 hours, since we falsely believed that Tor was dormant. Reported
|
||||
by nwf.
|
||||
- Ensure that two circuits can never exist on the same connection
|
||||
with the same circuit ID, even if one is marked for close. This
|
||||
is conceivably a bugfix for bug 779; fixes a bug on 0.1.0.4-rc.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Stop recommending that every server operator send mail to tor-ops.
|
||||
Resolves bug 597.
|
||||
- Fix a few memory leaks that could in theory happen under bizarre error
|
||||
conditions.
|
||||
- We were leaking a file descriptor if Tor started with a zero-length
|
||||
cached-descriptors file. Patch by freddy77.
|
||||
- Detect size overflow in zlib code.
|
||||
- Fix a pointer error that kept us from reporting nameserver errors.
|
||||
- On Windows, correctly detect errors when listing the contents of a
|
||||
directory. Fix from lodger.
|
||||
- Fix a dumb bug that was preventing us from knowing that we should
|
||||
preemptively build circuits to handle expected directory requests.
|
||||
Fixes bug 660.
|
||||
- When opening /dev/null in finish_daemonize(), do not pass the
|
||||
O_CREAT flag. Fortify was complaining, and correctly so. Fixes
|
||||
bug 742; fix from Michael Scherer. Bugfix on 0.0.2pre19.
|
||||
|
||||
o Minor testing features:
|
||||
- Add disabled-by-default code to log the relative probability of routing
|
||||
a v2 directory request through all known routers. This is quite handy
|
||||
for estimating what fraction of the total v2-directory-protocol-using
|
||||
network a directory server has seen.
|
||||
|
||||
|
||||
Changes in version 0.1.2.19 - 2008-01-17
|
||||
Tor 0.1.2.19 fixes a huge memory leak on exit relays, makes the default
|
||||
exit policy a little bit more conservative so it's safer to run an
|
||||
exit relay on a home system, and fixes a variety of smaller issues.
|
||||
|
||||
o Security fixes:
|
||||
- Exit policies now reject connections that are addressed to a
|
||||
relay's public (external) IP address too, unless
|
||||
ExitPolicyRejectPrivate is turned off. We do this because too
|
||||
many relays are running nearby to services that trust them based
|
||||
on network address.
|
||||
|
||||
o Major bugfixes:
|
||||
- When the clock jumps forward a lot, do not allow the bandwidth
|
||||
buckets to become negative. Fixes bug 544.
|
||||
- Fix a memory leak on exit relays; we were leaking a cached_resolve_t
|
||||
on every successful resolve. Reported by Mike Perry.
|
||||
- Purge old entries from the "rephist" database and the hidden
|
||||
service descriptor database even when DirPort is zero.
|
||||
- Stop thinking that 0.1.2.x directory servers can handle "begin_dir"
|
||||
requests. Should ease bugs 406 and 419 where 0.1.2.x relays are
|
||||
crashing or mis-answering these requests.
|
||||
- When we decide to send a 503 response to a request for servers, do
|
||||
not then also send the server descriptors: this defeats the whole
|
||||
purpose. Fixes bug 539.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Changing the ExitPolicyRejectPrivate setting should cause us to
|
||||
rebuild our server descriptor.
|
||||
- Fix handling of hex nicknames when answering controller requests for
|
||||
networkstatus by name, or when deciding whether to warn about
|
||||
unknown routers in a config option. (Patch from mwenge.)
|
||||
- Fix a couple of hard-to-trigger autoconf problems that could result
|
||||
in really weird results on platforms whose sys/types.h files define
|
||||
nonstandard integer types.
|
||||
- Don't try to create the datadir when running --verify-config or
|
||||
--hash-password. Resolves bug 540.
|
||||
- If we were having problems getting a particular descriptor from the
|
||||
directory caches, and then we learned about a new descriptor for
|
||||
that router, we weren't resetting our failure count. Reported
|
||||
by lodger.
|
||||
- Although we fixed bug 539 (where servers would send HTTP status 503
|
||||
responses _and_ send a body too), there are still servers out there
|
||||
that haven't upgraded. Therefore, make clients parse such bodies
|
||||
when they receive them.
|
||||
- Run correctly on systems where rlim_t is larger than unsigned long.
|
||||
This includes some 64-bit systems.
|
||||
- Run correctly on platforms (like some versions of OS X 10.5) where
|
||||
the real limit for number of open files is OPEN_FILES, not rlim_max
|
||||
from getrlimit(RLIMIT_NOFILES).
|
||||
- Avoid a spurious free on base64 failure.
|
||||
- Avoid segfaults on certain complex invocations of
|
||||
router_get_by_hexdigest().
|
||||
- Fix rare bug on REDIRECTSTREAM control command when called with no
|
||||
port set: it could erroneously report an error when none had
|
||||
happened.
|
||||
|
||||
|
||||
Changes in version 0.1.2.18 - 2007-10-28
|
||||
Tor 0.1.2.18 fixes many problems including crash bugs, problems with
|
||||
hidden service introduction that were causing huge delays, and a big
|
||||
bug that was causing some servers to disappear from the network status
|
||||
lists for a few hours each day.
|
||||
|
||||
o Major bugfixes (crashes):
|
||||
- If a connection is shut down abruptly because of something that
|
||||
happened inside connection_flushed_some(), do not call
|
||||
connection_finished_flushing(). Should fix bug 451:
|
||||
"connection_stop_writing: Assertion conn->write_event failed"
|
||||
Bugfix on 0.1.2.7-alpha.
|
||||
- Fix possible segfaults in functions called from
|
||||
rend_process_relay_cell().
|
||||
|
||||
o Major bugfixes (hidden services):
|
||||
- Hidden services were choosing introduction points uniquely by
|
||||
hexdigest, but when constructing the hidden service descriptor
|
||||
they merely wrote the (potentially ambiguous) nickname.
|
||||
- Clients now use the v2 intro format for hidden service
|
||||
connections: they specify their chosen rendezvous point by identity
|
||||
digest rather than by (potentially ambiguous) nickname. These
|
||||
changes could speed up hidden service connections dramatically.
|
||||
|
||||
o Major bugfixes (other):
|
||||
- Stop publishing a new server descriptor just because we get a
|
||||
HUP signal. This led (in a roundabout way) to some servers getting
|
||||
dropped from the networkstatus lists for a few hours each day.
|
||||
- When looking for a circuit to cannibalize, consider family as well
|
||||
as identity. Fixes bug 438. Bugfix on 0.1.0.x (which introduced
|
||||
circuit cannibalization).
|
||||
- When a router wasn't listed in a new networkstatus, we were leaving
|
||||
the flags for that router alone -- meaning it remained Named,
|
||||
Running, etc -- even though absence from the networkstatus means
|
||||
that it shouldn't be considered to exist at all anymore. Now we
|
||||
clear all the flags for routers that fall out of the networkstatus
|
||||
consensus. Fixes bug 529.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Don't try to access (or alter) the state file when running
|
||||
--list-fingerprint or --verify-config or --hash-password. Resolves
|
||||
bug 499.
|
||||
- When generating information telling us how to extend to a given
|
||||
router, do not try to include the nickname if it is
|
||||
absent. Resolves bug 467.
|
||||
- Fix a user-triggerable segfault in expand_filename(). (There isn't
|
||||
a way to trigger this remotely.)
|
||||
- When sending a status event to the controller telling it that an
|
||||
OR address is readable, set the port correctly. (Previously we
|
||||
were reporting the dir port.)
|
||||
- Fix a minor memory leak whenever a controller sends the PROTOCOLINFO
|
||||
command. Bugfix on 0.1.2.17.
|
||||
- When loading bandwidth history, do not believe any information in
|
||||
the future. Fixes bug 434.
|
||||
- When loading entry guard information, do not believe any information
|
||||
in the future.
|
||||
- When we have our clock set far in the future and generate an
|
||||
onion key, then re-set our clock to be correct, we should not stop
|
||||
the onion key from getting rotated.
|
||||
- On some platforms, accept() can return a broken address. Detect
|
||||
this more quietly, and deal accordingly. Fixes bug 483.
|
||||
- It's not actually an error to find a non-pending entry in the DNS
|
||||
cache when canceling a pending resolve. Don't log unless stuff
|
||||
is fishy. Resolves bug 463.
|
||||
- Don't reset trusted dir server list when we set a configuration
|
||||
option. Patch from Robert Hogan.
|
||||
|
||||
|
||||
Changes in version 0.1.2.17 - 2007-08-30
|
||||
o Major bugfixes (security):
|
||||
- We removed support for the old (v0) control protocol. It has been
|
||||
deprecated since Tor 0.1.1.1-alpha, and keeping it secure has
|
||||
become more of a headache than it's worth.
|
||||
|
||||
o Major bugfixes (load balancing):
|
||||
- When choosing nodes for non-guard positions, weight guards
|
||||
proportionally less, since they already have enough load. Patch
|
||||
from Mike Perry.
|
||||
- Raise the "max believable bandwidth" from 1.5MB/s to 10MB/s. This
|
||||
will allow fast Tor servers to get more attention.
|
||||
- When we're upgrading from an old Tor version, forget our current
|
||||
guards and pick new ones according to the new weightings. These
|
||||
three load balancing patches could raise effective network capacity
|
||||
by a factor of four. Thanks to Mike Perry for measurements.
|
||||
|
||||
o Major bugfixes (stream expiration):
|
||||
- Expire not-yet-successful application streams in all cases if
|
||||
they've been around longer than SocksTimeout. Right now there are
|
||||
some cases where the stream will live forever, demanding a new
|
||||
circuit every 15 seconds. Fixes bug 454; reported by lodger.
|
||||
|
||||
o Minor features (controller):
|
||||
- Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it
|
||||
is valid before any authentication has been received. It tells
|
||||
a controller what kind of authentication is expected, and what
|
||||
protocol is spoken. Implements proposal 119.
|
||||
|
||||
o Minor bugfixes (performance):
|
||||
- Save on most routerlist_assert_ok() calls in routerlist.c, thus
|
||||
greatly speeding up loading cached-routers from disk on startup.
|
||||
- Disable sentinel-based debugging for buffer code: we squashed all
|
||||
the bugs that this was supposed to detect a long time ago, and now
|
||||
its only effect is to change our buffer sizes from nice powers of
|
||||
two (which platform mallocs tend to like) to values slightly over
|
||||
powers of two (which make some platform mallocs sad).
|
||||
|
||||
o Minor bugfixes (misc):
|
||||
- If exit bandwidth ever exceeds one third of total bandwidth, then
|
||||
use the correct formula to weight exit nodes when choosing paths.
|
||||
Based on patch from Mike Perry.
|
||||
- Choose perfectly fairly among routers when choosing by bandwidth and
|
||||
weighting by fraction of bandwidth provided by exits. Previously, we
|
||||
would choose with only approximate fairness, and correct ourselves
|
||||
if we ran off the end of the list.
|
||||
- If we require CookieAuthentication but we fail to write the
|
||||
cookie file, we would warn but not exit, and end up in a state
|
||||
where no controller could authenticate. Now we exit.
|
||||
- If we require CookieAuthentication, stop generating a new cookie
|
||||
every time we change any piece of our config.
|
||||
- Refuse to start with certain directory authority keys, and
|
||||
encourage people using them to stop.
|
||||
- Terminate multi-line control events properly. Original patch
|
||||
from tup.
|
||||
- Fix a minor memory leak when we fail to find enough suitable
|
||||
servers to choose a circuit.
|
||||
- Stop leaking part of the descriptor when we run into a particularly
|
||||
unparseable piece of it.
|
||||
|
||||
|
||||
Changes in version 0.1.2.16 - 2007-08-01
|
||||
o Major security fixes:
|
||||
- Close immediately after missing authentication on control port;
|
||||
do not allow multiple authentication attempts.
|
||||
|
||||
|
||||
Changes in version 0.1.2.15 - 2007-07-17
|
||||
o Major bugfixes (compilation):
|
||||
- Fix compile on FreeBSD/NetBSD/OpenBSD. Oops.
|
||||
|
||||
o Major bugfixes (crashes):
|
||||
- Try even harder not to dereference the first character after
|
||||
an mmap(). Reported by lodger.
|
||||
- Fix a crash bug in directory authorities when we re-number the
|
||||
routerlist while inserting a new router.
|
||||
- When the cached-routers file is an even multiple of the page size,
|
||||
don't run off the end and crash. (Fixes bug 455; based on idea
|
||||
from croup.)
|
||||
- Fix eventdns.c behavior on Solaris: It is critical to include
|
||||
orconfig.h _before_ sys/types.h, so that we can get the expected
|
||||
definition of _FILE_OFFSET_BITS.
|
||||
|
||||
o Major bugfixes (security):
|
||||
- Fix a possible buffer overrun when using BSD natd support. Bug
|
||||
found by croup.
|
||||
- When sending destroy cells from a circuit's origin, don't include
|
||||
the reason for tearing down the circuit. The spec says we didn't,
|
||||
and now we actually don't. Reported by lodger.
|
||||
- Keep streamids from different exits on a circuit separate. This
|
||||
bug may have allowed other routers on a given circuit to inject
|
||||
cells into streams. Reported by lodger; fixes bug 446.
|
||||
- If there's a never-before-connected-to guard node in our list,
|
||||
never choose any guards past it. This way we don't expand our
|
||||
guard list unless we need to.
|
||||
|
||||
o Minor bugfixes (guard nodes):
|
||||
- Weight guard selection by bandwidth, so that low-bandwidth nodes
|
||||
don't get overused as guards.
|
||||
|
||||
o Minor bugfixes (directory):
|
||||
- Correctly count the number of authorities that recommend each
|
||||
version. Previously, we were under-counting by 1.
|
||||
- Fix a potential crash bug when we load many server descriptors at
|
||||
once and some of them make others of them obsolete. Fixes bug 458.
|
||||
|
||||
o Minor bugfixes (hidden services):
|
||||
- Stop tearing down the whole circuit when the user asks for a
|
||||
connection to a port that the hidden service didn't configure.
|
||||
Resolves bug 444.
|
||||
|
||||
o Minor bugfixes (misc):
|
||||
- On Windows, we were preventing other processes from reading
|
||||
cached-routers while Tor was running. Reported by janbar.
|
||||
- Fix a possible (but very unlikely) bug in picking routers by
|
||||
bandwidth. Add a log message to confirm that it is in fact
|
||||
unlikely. Patch from lodger.
|
||||
- Backport a couple of memory leak fixes.
|
||||
- Backport miscellaneous cosmetic bugfixes.
|
||||
|
||||
|
||||
Changes in version 0.1.2.14 - 2007-05-25
|
||||
o Directory authority changes:
|
||||
- Two directory authorities (moria1 and moria2) just moved to new
|
||||
IP addresses. This change will particularly affect those who serve
|
||||
or use hidden services.
|
||||
|
||||
o Major bugfixes (crashes):
|
||||
- If a directory server runs out of space in the connection table
|
||||
as it's processing a begin_dir request, it will free the exit stream
|
||||
but leave it attached to the circuit, leading to unpredictable
|
||||
behavior. (Reported by seeess, fixes bug 425.)
|
||||
- Fix a bug in dirserv_remove_invalid() that would cause authorities
|
||||
to corrupt memory under some really unlikely scenarios.
|
||||
- Tighten router parsing rules. (Bugs reported by Benedikt Boss.)
|
||||
- Avoid segfaults when reading from mmaped descriptor file. (Reported
|
||||
by lodger.)
|
||||
|
||||
o Major bugfixes (security):
|
||||
- When choosing an entry guard for a circuit, avoid using guards
|
||||
that are in the same family as the chosen exit -- not just guards
|
||||
that are exactly the chosen exit. (Reported by lodger.)
|
||||
|
||||
o Major bugfixes (resource management):
|
||||
- If a directory authority is down, skip it when deciding where to get
|
||||
networkstatus objects or descriptors. Otherwise we keep asking
|
||||
every 10 seconds forever. Fixes bug 384.
|
||||
- Count it as a failure if we fetch a valid network-status but we
|
||||
don't want to keep it. Otherwise we'll keep fetching it and keep
|
||||
not wanting to keep it. Fixes part of bug 422.
|
||||
- If all of our dirservers have given us bad or no networkstatuses
|
||||
lately, then stop hammering them once per minute even when we
|
||||
think they're failed. Fixes another part of bug 422.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Actually set the purpose correctly for descriptors inserted with
|
||||
purpose=controller.
|
||||
- When we have k non-v2 authorities in our DirServer config,
|
||||
we ignored the last k authorities in the list when updating our
|
||||
network-statuses.
|
||||
- Correctly back-off from requesting router descriptors that we are
|
||||
having a hard time downloading.
|
||||
- Read resolv.conf files correctly on platforms where read() returns
|
||||
partial results on small file reads.
|
||||
- Don't rebuild the entire router store every time we get 32K of
|
||||
routers: rebuild it when the journal gets very large, or when
|
||||
the gaps in the store get very large.
|
||||
|
||||
o Minor features:
|
||||
- When routers publish SVN revisions in their router descriptors,
|
||||
authorities now include those versions correctly in networkstatus
|
||||
documents.
|
||||
- Warn when using a version of libevent before 1.3b to run a server on
|
||||
OSX or BSD: these versions interact badly with userspace threads.
|
||||
|
||||
|
||||
Changes in version 0.1.2.13 - 2007-04-24
|
||||
o Minor fixes:
|
||||
- Fix a memory leak when we ask for "all" networkstatuses and we
|
||||
get one we don't recognize.
|
||||
- Add more asserts to hunt down bug 417.
|
||||
- Disable kqueue on OS X 10.3 and earlier, to fix bug 371.
|
||||
|
||||
|
||||
Changes in version 0.1.2.12-rc - 2007-03-16
|
||||
o Major bugfixes:
|
||||
- Fix an infinite loop introduced in 0.1.2.7-alpha when we serve
|
||||
directory information requested inside Tor connections (i.e. via
|
||||
begin_dir cells). It only triggered when the same connection was
|
||||
serving other data at the same time. Reported by seeess.
|
||||
|
||||
o Minor bugfixes:
|
||||
- When creating a circuit via the controller, send a 'launched'
|
||||
event when we're done, so we follow the spec better.
|
||||
|
||||
|
||||
Changes in version 0.1.2.11-rc - 2007-03-15
|
||||
o Minor bugfixes (controller), reported by daejees:
|
||||
- Correct the control spec to match how the code actually responds
|
||||
to 'getinfo addr-mappings/*'.
|
||||
- The control spec described a GUARDS event, but the code
|
||||
implemented a GUARD event. Standardize on GUARD, but let people
|
||||
ask for GUARDS too.
|
||||
|
||||
|
||||
Changes in version 0.1.2.10-rc - 2007-03-07
|
||||
o Major bugfixes (Windows):
|
||||
- Do not load the NT services library functions (which may not exist)
|
||||
just to detect if we're a service trying to shut down.
|
||||
just to detect if we're a service trying to shut down. Now we run
|
||||
on Win98 and friends again.
|
||||
|
||||
o Minor bugfixes (other):
|
||||
- Clarify a couple of log messages.
|
||||
- Fix a misleading socks5 error number.
|
||||
|
||||
|
||||
Changes in version 0.1.2.9-rc - 2007-03-02
|
||||
|
@ -25,9 +404,8 @@ Changes in version 0.1.2.9-rc - 2007-03-02
|
|||
time.
|
||||
|
||||
o Minor bugfixes (directory authorities):
|
||||
- Stop calling servers that have been hibernating for a long time
|
||||
"stable". Also, stop letting hibernating or obsolete servers affect
|
||||
uptime and bandwidth cutoffs.
|
||||
- Stop letting hibernating or obsolete servers affect uptime and
|
||||
bandwidth cutoffs.
|
||||
- Stop listing hibernating servers in the v1 directory.
|
||||
|
||||
o Minor bugfixes (hidden services):
|
||||
|
@ -388,7 +766,7 @@ Changes in version 0.1.2.5-alpha - 2007-01-06
|
|||
|
||||
o Minor features (directory):
|
||||
- Authorities now specify server versions in networkstatus. This adds
|
||||
about 2% to the side of compressed networkstatus docs, and allows
|
||||
about 2% to the size of compressed networkstatus docs, and allows
|
||||
clients to tell which servers support BEGIN_DIR and which don't.
|
||||
The implementation is forward-compatible with a proposed future
|
||||
protocol version scheme not tied to Tor versions.
|
||||
|
@ -862,9 +1240,6 @@ Changes in version 0.1.1.24 - 2006-09-29
|
|||
This should improve client CPU usage by 25-50%.
|
||||
- Don't crash if, after a server has been running for a while,
|
||||
it can't resolve its hostname.
|
||||
- When a client asks us to resolve (not connect to) an address,
|
||||
and we have a cached answer, give them the cached answer.
|
||||
Previously, we would give them no answer at all.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Allow Tor to start when RunAsDaemon is set but no logs are set.
|
||||
|
|
2
INSTALL
2
INSTALL
|
@ -1,6 +1,6 @@
|
|||
|
||||
Most users should simply follow the directions at
|
||||
http://tor.eff.org/docs/tor-doc-unix
|
||||
https://www.torproject.org/docs/tor-doc-unix
|
||||
|
||||
If you got the source from cvs, run "./autogen.sh", which will run the
|
||||
various auto* programs and then run ./configure for you. From there,
|
||||
|
|
11
LICENSE
11
LICENSE
|
@ -1,3 +1,14 @@
|
|||
This file contains the license for Tor,
|
||||
a free software project to provide anonymity on the Internet.
|
||||
|
||||
It also lists the licenses for other components used by Tor.
|
||||
|
||||
For more information about Tor, see http://www.torproject.org/.
|
||||
|
||||
If you got this file as a part of a larger bundle,
|
||||
there may be other license terms that you should be aware of.
|
||||
|
||||
|
||||
===============================================================================
|
||||
Tor is distributed under this license:
|
||||
|
||||
|
|
2
README
2
README
|
@ -1,4 +1,4 @@
|
|||
|
||||
Tor is an implementation of Onion Routing. You can read more
|
||||
at http://tor.eff.org/
|
||||
at https://www.torproject.org/
|
||||
|
||||
|
|
866
ReleaseNotes
866
ReleaseNotes
|
@ -3,6 +3,872 @@ This document summarizes new features and bugfixes in each stable release
|
|||
of Tor. If you want to see more detailed descriptions of the changes in
|
||||
each development snapshot, see the ChangeLog file.
|
||||
|
||||
Changes in version 0.1.2.19 - 2008-01-17
|
||||
Tor 0.1.2.19 fixes a huge memory leak on exit relays, makes the default
|
||||
exit policy a little bit more conservative so it's safer to run an
|
||||
exit relay on a home system, and fixes a variety of smaller issues.
|
||||
|
||||
o Security fixes:
|
||||
- Exit policies now reject connections that are addressed to a
|
||||
relay's public (external) IP address too, unless
|
||||
ExitPolicyRejectPrivate is turned off. We do this because too
|
||||
many relays are running nearby to services that trust them based
|
||||
on network address.
|
||||
|
||||
o Major bugfixes:
|
||||
- When the clock jumps forward a lot, do not allow the bandwidth
|
||||
buckets to become negative. Fixes bug 544.
|
||||
- Fix a memory leak on exit relays; we were leaking a cached_resolve_t
|
||||
on every successful resolve. Reported by Mike Perry.
|
||||
- Purge old entries from the "rephist" database and the hidden
|
||||
service descriptor database even when DirPort is zero.
|
||||
- Stop thinking that 0.1.2.x directory servers can handle "begin_dir"
|
||||
requests. Should ease bugs 406 and 419 where 0.1.2.x relays are
|
||||
crashing or mis-answering these requests.
|
||||
- When we decide to send a 503 response to a request for servers, do
|
||||
not then also send the server descriptors: this defeats the whole
|
||||
purpose. Fixes bug 539.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Changing the ExitPolicyRejectPrivate setting should cause us to
|
||||
rebuild our server descriptor.
|
||||
- Fix handling of hex nicknames when answering controller requests for
|
||||
networkstatus by name, or when deciding whether to warn about
|
||||
unknown routers in a config option. (Patch from mwenge.)
|
||||
- Fix a couple of hard-to-trigger autoconf problems that could result
|
||||
in really weird results on platforms whose sys/types.h files define
|
||||
nonstandard integer types.
|
||||
- Don't try to create the datadir when running --verify-config or
|
||||
--hash-password. Resolves bug 540.
|
||||
- If we were having problems getting a particular descriptor from the
|
||||
directory caches, and then we learned about a new descriptor for
|
||||
that router, we weren't resetting our failure count. Reported
|
||||
by lodger.
|
||||
- Although we fixed bug 539 (where servers would send HTTP status 503
|
||||
responses _and_ send a body too), there are still servers out there
|
||||
that haven't upgraded. Therefore, make clients parse such bodies
|
||||
when they receive them.
|
||||
- Run correctly on systems where rlim_t is larger than unsigned long.
|
||||
This includes some 64-bit systems.
|
||||
- Run correctly on platforms (like some versions of OS X 10.5) where
|
||||
the real limit for number of open files is OPEN_FILES, not rlim_max
|
||||
from getrlimit(RLIMIT_NOFILES).
|
||||
- Avoid a spurious free on base64 failure.
|
||||
- Avoid segfaults on certain complex invocations of
|
||||
router_get_by_hexdigest().
|
||||
- Fix rare bug on REDIRECTSTREAM control command when called with no
|
||||
port set: it could erroneously report an error when none had
|
||||
happened.
|
||||
|
||||
|
||||
Changes in version 0.1.2.18 - 2007-10-28
|
||||
Tor 0.1.2.18 fixes many problems including crash bugs, problems with
|
||||
hidden service introduction that were causing huge delays, and a big
|
||||
bug that was causing some servers to disappear from the network status
|
||||
lists for a few hours each day.
|
||||
|
||||
o Major bugfixes (crashes):
|
||||
- If a connection is shut down abruptly because of something that
|
||||
happened inside connection_flushed_some(), do not call
|
||||
connection_finished_flushing(). Should fix bug 451:
|
||||
"connection_stop_writing: Assertion conn->write_event failed"
|
||||
Bugfix on 0.1.2.7-alpha.
|
||||
- Fix possible segfaults in functions called from
|
||||
rend_process_relay_cell().
|
||||
|
||||
o Major bugfixes (hidden services):
|
||||
- Hidden services were choosing introduction points uniquely by
|
||||
hexdigest, but when constructing the hidden service descriptor
|
||||
they merely wrote the (potentially ambiguous) nickname.
|
||||
- Clients now use the v2 intro format for hidden service
|
||||
connections: they specify their chosen rendezvous point by identity
|
||||
digest rather than by (potentially ambiguous) nickname. These
|
||||
changes could speed up hidden service connections dramatically.
|
||||
|
||||
o Major bugfixes (other):
|
||||
- Stop publishing a new server descriptor just because we get a
|
||||
HUP signal. This led (in a roundabout way) to some servers getting
|
||||
dropped from the networkstatus lists for a few hours each day.
|
||||
- When looking for a circuit to cannibalize, consider family as well
|
||||
as identity. Fixes bug 438. Bugfix on 0.1.0.x (which introduced
|
||||
circuit cannibalization).
|
||||
- When a router wasn't listed in a new networkstatus, we were leaving
|
||||
the flags for that router alone -- meaning it remained Named,
|
||||
Running, etc -- even though absence from the networkstatus means
|
||||
that it shouldn't be considered to exist at all anymore. Now we
|
||||
clear all the flags for routers that fall out of the networkstatus
|
||||
consensus. Fixes bug 529.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Don't try to access (or alter) the state file when running
|
||||
--list-fingerprint or --verify-config or --hash-password. Resolves
|
||||
bug 499.
|
||||
- When generating information telling us how to extend to a given
|
||||
router, do not try to include the nickname if it is
|
||||
absent. Resolves bug 467.
|
||||
- Fix a user-triggerable segfault in expand_filename(). (There isn't
|
||||
a way to trigger this remotely.)
|
||||
- When sending a status event to the controller telling it that an
|
||||
OR address is readable, set the port correctly. (Previously we
|
||||
were reporting the dir port.)
|
||||
- Fix a minor memory leak whenever a controller sends the PROTOCOLINFO
|
||||
command. Bugfix on 0.1.2.17.
|
||||
- When loading bandwidth history, do not believe any information in
|
||||
the future. Fixes bug 434.
|
||||
- When loading entry guard information, do not believe any information
|
||||
in the future.
|
||||
- When we have our clock set far in the future and generate an
|
||||
onion key, then re-set our clock to be correct, we should not stop
|
||||
the onion key from getting rotated.
|
||||
- On some platforms, accept() can return a broken address. Detect
|
||||
this more quietly, and deal accordingly. Fixes bug 483.
|
||||
- It's not actually an error to find a non-pending entry in the DNS
|
||||
cache when canceling a pending resolve. Don't log unless stuff
|
||||
is fishy. Resolves bug 463.
|
||||
- Don't reset trusted dir server list when we set a configuration
|
||||
option. Patch from Robert Hogan.
|
||||
|
||||
|
||||
Changes in version 0.1.2.17 - 2007-08-30
|
||||
o Major bugfixes (security):
|
||||
- We removed support for the old (v0) control protocol. It has been
|
||||
deprecated since Tor 0.1.1.1-alpha, and keeping it secure has
|
||||
become more of a headache than it's worth.
|
||||
|
||||
o Major bugfixes (load balancing):
|
||||
- When choosing nodes for non-guard positions, weight guards
|
||||
proportionally less, since they already have enough load. Patch
|
||||
from Mike Perry.
|
||||
- Raise the "max believable bandwidth" from 1.5MB/s to 10MB/s. This
|
||||
will allow fast Tor servers to get more attention.
|
||||
- When we're upgrading from an old Tor version, forget our current
|
||||
guards and pick new ones according to the new weightings. These
|
||||
three load balancing patches could raise effective network capacity
|
||||
by a factor of four. Thanks to Mike Perry for measurements.
|
||||
|
||||
o Major bugfixes (stream expiration):
|
||||
- Expire not-yet-successful application streams in all cases if
|
||||
they've been around longer than SocksTimeout. Right now there are
|
||||
some cases where the stream will live forever, demanding a new
|
||||
circuit every 15 seconds. Fixes bug 454; reported by lodger.
|
||||
|
||||
o Minor features (controller):
|
||||
- Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it
|
||||
is valid before any authentication has been received. It tells
|
||||
a controller what kind of authentication is expected, and what
|
||||
protocol is spoken. Implements proposal 119.
|
||||
|
||||
o Minor bugfixes (performance):
|
||||
- Save on most routerlist_assert_ok() calls in routerlist.c, thus
|
||||
greatly speeding up loading cached-routers from disk on startup.
|
||||
- Disable sentinel-based debugging for buffer code: we squashed all
|
||||
the bugs that this was supposed to detect a long time ago, and now
|
||||
its only effect is to change our buffer sizes from nice powers of
|
||||
two (which platform mallocs tend to like) to values slightly over
|
||||
powers of two (which make some platform mallocs sad).
|
||||
|
||||
o Minor bugfixes (misc):
|
||||
- If exit bandwidth ever exceeds one third of total bandwidth, then
|
||||
use the correct formula to weight exit nodes when choosing paths.
|
||||
Based on patch from Mike Perry.
|
||||
- Choose perfectly fairly among routers when choosing by bandwidth and
|
||||
weighting by fraction of bandwidth provided by exits. Previously, we
|
||||
would choose with only approximate fairness, and correct ourselves
|
||||
if we ran off the end of the list.
|
||||
- If we require CookieAuthentication but we fail to write the
|
||||
cookie file, we would warn but not exit, and end up in a state
|
||||
where no controller could authenticate. Now we exit.
|
||||
- If we require CookieAuthentication, stop generating a new cookie
|
||||
every time we change any piece of our config.
|
||||
- Refuse to start with certain directory authority keys, and
|
||||
encourage people using them to stop.
|
||||
- Terminate multi-line control events properly. Original patch
|
||||
from tup.
|
||||
- Fix a minor memory leak when we fail to find enough suitable
|
||||
servers to choose a circuit.
|
||||
- Stop leaking part of the descriptor when we run into a particularly
|
||||
unparseable piece of it.
|
||||
|
||||
|
||||
Changes in version 0.1.2.16 - 2007-08-01
|
||||
o Major security fixes:
|
||||
- Close immediately after missing authentication on control port;
|
||||
do not allow multiple authentication attempts.
|
||||
|
||||
|
||||
Changes in version 0.1.2.15 - 2007-07-17
|
||||
o Major bugfixes (compilation):
|
||||
- Fix compile on FreeBSD/NetBSD/OpenBSD. Oops.
|
||||
|
||||
o Major bugfixes (crashes):
|
||||
- Try even harder not to dereference the first character after
|
||||
an mmap(). Reported by lodger.
|
||||
- Fix a crash bug in directory authorities when we re-number the
|
||||
routerlist while inserting a new router.
|
||||
- When the cached-routers file is an even multiple of the page size,
|
||||
don't run off the end and crash. (Fixes bug 455; based on idea
|
||||
from croup.)
|
||||
- Fix eventdns.c behavior on Solaris: It is critical to include
|
||||
orconfig.h _before_ sys/types.h, so that we can get the expected
|
||||
definition of _FILE_OFFSET_BITS.
|
||||
|
||||
o Major bugfixes (security):
|
||||
- Fix a possible buffer overrun when using BSD natd support. Bug
|
||||
found by croup.
|
||||
- When sending destroy cells from a circuit's origin, don't include
|
||||
the reason for tearing down the circuit. The spec says we didn't,
|
||||
and now we actually don't. Reported by lodger.
|
||||
- Keep streamids from different exits on a circuit separate. This
|
||||
bug may have allowed other routers on a given circuit to inject
|
||||
cells into streams. Reported by lodger; fixes bug 446.
|
||||
- If there's a never-before-connected-to guard node in our list,
|
||||
never choose any guards past it. This way we don't expand our
|
||||
guard list unless we need to.
|
||||
|
||||
o Minor bugfixes (guard nodes):
|
||||
- Weight guard selection by bandwidth, so that low-bandwidth nodes
|
||||
don't get overused as guards.
|
||||
|
||||
o Minor bugfixes (directory):
|
||||
- Correctly count the number of authorities that recommend each
|
||||
version. Previously, we were under-counting by 1.
|
||||
- Fix a potential crash bug when we load many server descriptors at
|
||||
once and some of them make others of them obsolete. Fixes bug 458.
|
||||
|
||||
o Minor bugfixes (hidden services):
|
||||
- Stop tearing down the whole circuit when the user asks for a
|
||||
connection to a port that the hidden service didn't configure.
|
||||
Resolves bug 444.
|
||||
|
||||
o Minor bugfixes (misc):
|
||||
- On Windows, we were preventing other processes from reading
|
||||
cached-routers while Tor was running. Reported by janbar.
|
||||
- Fix a possible (but very unlikely) bug in picking routers by
|
||||
bandwidth. Add a log message to confirm that it is in fact
|
||||
unlikely. Patch from lodger.
|
||||
- Backport a couple of memory leak fixes.
|
||||
- Backport miscellaneous cosmetic bugfixes.
|
||||
|
||||
|
||||
Changes in version 0.1.2.14 - 2007-05-25
|
||||
o Directory authority changes:
|
||||
- Two directory authorities (moria1 and moria2) just moved to new
|
||||
IP addresses. This change will particularly affect those who serve
|
||||
or use hidden services.
|
||||
|
||||
o Major bugfixes (crashes):
|
||||
- If a directory server runs out of space in the connection table
|
||||
as it's processing a begin_dir request, it will free the exit stream
|
||||
but leave it attached to the circuit, leading to unpredictable
|
||||
behavior. (Reported by seeess, fixes bug 425.)
|
||||
- Fix a bug in dirserv_remove_invalid() that would cause authorities
|
||||
to corrupt memory under some really unlikely scenarios.
|
||||
- Tighten router parsing rules. (Bugs reported by Benedikt Boss.)
|
||||
- Avoid segfaults when reading from mmaped descriptor file. (Reported
|
||||
by lodger.)
|
||||
|
||||
o Major bugfixes (security):
|
||||
- When choosing an entry guard for a circuit, avoid using guards
|
||||
that are in the same family as the chosen exit -- not just guards
|
||||
that are exactly the chosen exit. (Reported by lodger.)
|
||||
|
||||
o Major bugfixes (resource management):
|
||||
- If a directory authority is down, skip it when deciding where to get
|
||||
networkstatus objects or descriptors. Otherwise we keep asking
|
||||
every 10 seconds forever. Fixes bug 384.
|
||||
- Count it as a failure if we fetch a valid network-status but we
|
||||
don't want to keep it. Otherwise we'll keep fetching it and keep
|
||||
not wanting to keep it. Fixes part of bug 422.
|
||||
- If all of our dirservers have given us bad or no networkstatuses
|
||||
lately, then stop hammering them once per minute even when we
|
||||
think they're failed. Fixes another part of bug 422.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Actually set the purpose correctly for descriptors inserted with
|
||||
purpose=controller.
|
||||
- When we have k non-v2 authorities in our DirServer config,
|
||||
we ignored the last k authorities in the list when updating our
|
||||
network-statuses.
|
||||
- Correctly back-off from requesting router descriptors that we are
|
||||
having a hard time downloading.
|
||||
- Read resolv.conf files correctly on platforms where read() returns
|
||||
partial results on small file reads.
|
||||
- Don't rebuild the entire router store every time we get 32K of
|
||||
routers: rebuild it when the journal gets very large, or when
|
||||
the gaps in the store get very large.
|
||||
|
||||
o Minor features:
|
||||
- When routers publish SVN revisions in their router descriptors,
|
||||
authorities now include those versions correctly in networkstatus
|
||||
documents.
|
||||
- Warn when using a version of libevent before 1.3b to run a server on
|
||||
OSX or BSD: these versions interact badly with userspace threads.
|
||||
|
||||
|
||||
Changes in version 0.1.2.13 - 2007-04-24
|
||||
|
||||
Tor 0.1.2.13 is released in memory of Rob Levin (1955-2006), aka lilo
|
||||
of the Freenode IRC network, remembering his patience and vision for
|
||||
free speech on the Internet.
|
||||
|
||||
o Major features, client performance:
|
||||
- Weight directory requests by advertised bandwidth. Now we can
|
||||
let servers enable write limiting but still allow most clients to
|
||||
succeed at their directory requests. (We still ignore weights when
|
||||
choosing a directory authority; I hope this is a feature.)
|
||||
- Stop overloading exit nodes -- avoid choosing them for entry or
|
||||
middle hops when the total bandwidth available from non-exit nodes
|
||||
is much higher than the total bandwidth available from exit nodes.
|
||||
- Rather than waiting a fixed amount of time between retrying
|
||||
application connections, we wait only 10 seconds for the first,
|
||||
10 seconds for the second, and 15 seconds for each retry after
|
||||
that. Hopefully this will improve the expected user experience.
|
||||
- Sometimes we didn't bother sending a RELAY_END cell when an attempt
|
||||
to open a stream fails; now we do in more cases. This should
|
||||
make clients able to find a good exit faster in some cases, since
|
||||
unhandleable requests will now get an error rather than timing out.
|
||||
|
||||
o Major features, client functionality:
|
||||
- Implement BEGIN_DIR cells, so we can connect to a directory
|
||||
server via TLS to do encrypted directory requests rather than
|
||||
plaintext. Enable via the TunnelDirConns and PreferTunneledDirConns
|
||||
config options if you like. For now, this feature only works if
|
||||
you already have a descriptor for the destination dirserver.
|
||||
- Add support for transparent application connections: this basically
|
||||
bundles the functionality of trans-proxy-tor into the Tor
|
||||
mainline. Now hosts with compliant pf/netfilter implementations
|
||||
can redirect TCP connections straight to Tor without diverting
|
||||
through SOCKS. (Based on patch from tup.)
|
||||
- Add support for using natd; this allows FreeBSDs earlier than
|
||||
5.1.2 to have ipfw send connections through Tor without using
|
||||
SOCKS. (Patch from Zajcev Evgeny with tweaks from tup.)
|
||||
|
||||
o Major features, servers:
|
||||
- Setting up a dyndns name for your server is now optional: servers
|
||||
with no hostname or IP address will learn their IP address by
|
||||
asking the directory authorities. This code only kicks in when you
|
||||
would normally have exited with a "no address" error. Nothing's
|
||||
authenticated, so use with care.
|
||||
- Directory servers now spool server descriptors, v1 directories,
|
||||
and v2 networkstatus objects to buffers as needed rather than en
|
||||
masse. They also mmap the cached-routers files. These steps save
|
||||
lots of memory.
|
||||
- Stop requiring clients to have well-formed certificates, and stop
|
||||
checking nicknames in certificates. (Clients have certificates so
|
||||
that they can look like Tor servers, but in the future we might want
|
||||
to allow them to look like regular TLS clients instead. Nicknames
|
||||
in certificates serve no purpose other than making our protocol
|
||||
easier to recognize on the wire.) Implements proposal 106.
|
||||
|
||||
o Improvements on DNS support:
|
||||
- Add "eventdns" asynchronous dns library originally based on code
|
||||
from Adam Langley. Now we can discard the old rickety dnsworker
|
||||
concept, and support a wider variety of DNS functions. Allows
|
||||
multithreaded builds on NetBSD and OpenBSD again.
|
||||
- Add server-side support for "reverse" DNS lookups (using PTR
|
||||
records so clients can determine the canonical hostname for a given
|
||||
IPv4 address). Only supported by servers using eventdns; servers
|
||||
now announce in their descriptors if they don't support eventdns.
|
||||
- Workaround for name servers (like Earthlink's) that hijack failing
|
||||
DNS requests and replace the no-such-server answer with a "helpful"
|
||||
redirect to an advertising-driven search portal. Also work around
|
||||
DNS hijackers who "helpfully" decline to hijack known-invalid
|
||||
RFC2606 addresses. Config option "ServerDNSDetectHijacking 0"
|
||||
lets you turn it off.
|
||||
- Servers now check for the case when common DNS requests are going to
|
||||
wildcarded addresses (i.e. all getting the same answer), and change
|
||||
their exit policy to reject *:* if it's happening.
|
||||
- When asked to resolve a hostname, don't use non-exit servers unless
|
||||
requested to do so. This allows servers with broken DNS to be
|
||||
useful to the network.
|
||||
- Start passing "ipv4" hints to getaddrinfo(), so servers don't do
|
||||
useless IPv6 DNS resolves.
|
||||
- Specify and implement client-side SOCKS5 interface for reverse DNS
|
||||
lookups (see doc/socks-extensions.txt). Also cache them.
|
||||
- When we change nameservers or IP addresses, reset and re-launch
|
||||
our tests for DNS hijacking.
|
||||
|
||||
o Improvements on reachability testing:
|
||||
- Servers send out a burst of long-range padding cells once they've
|
||||
established that they're reachable. Spread them over 4 circuits,
|
||||
so hopefully a few will be fast. This exercises bandwidth and
|
||||
bootstraps them into the directory more quickly.
|
||||
- When we find our DirPort to be reachable, publish a new descriptor
|
||||
so we'll tell the world (reported by pnx).
|
||||
- Directory authorities now only decide that routers are reachable
|
||||
if their identity keys are as expected.
|
||||
- Do DirPort reachability tests less often, since a single test
|
||||
chews through many circuits before giving up.
|
||||
- Avoid some false positives during reachability testing: don't try
|
||||
to test via a server that's on the same /24 network as us.
|
||||
- Start publishing one minute or so after we find our ORPort
|
||||
to be reachable. This will help reduce the number of descriptors
|
||||
we have for ourselves floating around, since it's quite likely
|
||||
other things (e.g. DirPort) will change during that minute too.
|
||||
- Routers no longer try to rebuild long-term connections to directory
|
||||
authorities, and directory authorities no longer try to rebuild
|
||||
long-term connections to all servers. We still don't hang up
|
||||
connections in these two cases though -- we need to look at it
|
||||
more carefully to avoid flapping, and we likely need to wait til
|
||||
0.1.1.x is obsolete.
|
||||
|
||||
o Improvements on rate limiting:
|
||||
- Enable write limiting as well as read limiting. Now we sacrifice
|
||||
capacity if we're pushing out lots of directory traffic, rather
|
||||
than overrunning the user's intended bandwidth limits.
|
||||
- Include TLS overhead when counting bandwidth usage; previously, we
|
||||
would count only the bytes sent over TLS, but not the bytes used
|
||||
to send them.
|
||||
- Servers decline directory requests much more aggressively when
|
||||
they're low on bandwidth. Otherwise they end up queueing more and
|
||||
more directory responses, which can't be good for latency.
|
||||
- But never refuse directory requests from local addresses.
|
||||
- Be willing to read or write on local connections (e.g. controller
|
||||
connections) even when the global rate limiting buckets are empty.
|
||||
- Flush local controller connection buffers periodically as we're
|
||||
writing to them, so we avoid queueing 4+ megabytes of data before
|
||||
trying to flush.
|
||||
- Revise and clean up the torrc.sample that we ship with; add
|
||||
a section for BandwidthRate and BandwidthBurst.
|
||||
|
||||
o Major features, NT services:
|
||||
- Install as NT_AUTHORITY\LocalService rather than as SYSTEM; add a
|
||||
command-line flag so that admins can override the default by saying
|
||||
"tor --service install --user "SomeUser"". This will not affect
|
||||
existing installed services. Also, warn the user that the service
|
||||
will look for its configuration file in the service user's
|
||||
%appdata% directory. (We can't do the "hardwire the user's appdata
|
||||
directory" trick any more, since we may not have read access to that
|
||||
directory.)
|
||||
- Support running the Tor service with a torrc not in the same
|
||||
directory as tor.exe and default to using the torrc located in
|
||||
the %appdata%\Tor\ of the user who installed the service. Patch
|
||||
from Matt Edman.
|
||||
- Add an --ignore-missing-torrc command-line option so that we can
|
||||
get the "use sensible defaults if the configuration file doesn't
|
||||
exist" behavior even when specifying a torrc location on the
|
||||
command line.
|
||||
- When stopping an NT service, wait up to 10 sec for it to actually
|
||||
stop. (Patch from Matt Edman; resolves bug 295.)
|
||||
|
||||
o Directory authority improvements:
|
||||
- Stop letting hibernating or obsolete servers affect uptime and
|
||||
bandwidth cutoffs.
|
||||
- Stop listing hibernating servers in the v1 directory.
|
||||
- Authorities no longer recommend exits as guards if this would shift
|
||||
too much load to the exit nodes.
|
||||
- Authorities now specify server versions in networkstatus. This adds
|
||||
about 2% to the size of compressed networkstatus docs, and allows
|
||||
clients to tell which servers support BEGIN_DIR and which don't.
|
||||
The implementation is forward-compatible with a proposed future
|
||||
protocol version scheme not tied to Tor versions.
|
||||
- DirServer configuration lines now have an orport= option so
|
||||
clients can open encrypted tunnels to the authorities without
|
||||
having downloaded their descriptors yet. Enabled for moria1,
|
||||
moria2, tor26, and lefkada now in the default configuration.
|
||||
- Add a BadDirectory flag to network status docs so that authorities
|
||||
can (eventually) tell clients about caches they believe to be
|
||||
broken. Not used yet.
|
||||
- Allow authorities to list nodes as bad exits in their
|
||||
approved-routers file by fingerprint or by address. If most
|
||||
authorities set a BadExit flag for a server, clients don't think
|
||||
of it as a general-purpose exit. Clients only consider authorities
|
||||
that advertise themselves as listing bad exits.
|
||||
- Patch from Steve Hildrey: Generate network status correctly on
|
||||
non-versioning dirservers.
|
||||
- Have directory authorities allow larger amounts of drift in uptime
|
||||
without replacing the server descriptor: previously, a server that
|
||||
restarted every 30 minutes could have 48 "interesting" descriptors
|
||||
per day.
|
||||
- Reserve the nickname "Unnamed" for routers that can't pick
|
||||
a hostname: any router can call itself Unnamed; directory
|
||||
authorities will never allocate Unnamed to any particular router;
|
||||
clients won't believe that any router is the canonical Unnamed.
|
||||
|
||||
o Directory mirrors and clients:
|
||||
- Discard any v1 directory info that's over 1 month old (for
|
||||
directories) or over 1 week old (for running-routers lists).
|
||||
- Clients track responses with status 503 from dirservers. After a
|
||||
dirserver has given us a 503, we try not to use it until an hour has
|
||||
gone by, or until we have no dirservers that haven't given us a 503.
|
||||
- When we get a 503 from a directory, and we're not a server, we no
|
||||
longer count the failure against the total number of failures
|
||||
allowed for the object we're trying to download.
|
||||
- Prepare for servers to publish descriptors less often: never
|
||||
discard a descriptor simply for being too old until either it is
|
||||
recommended by no authorities, or until we get a better one for
|
||||
the same router. Make caches consider retaining old recommended
|
||||
routers for even longer.
|
||||
- Directory servers now provide 'Pragma: no-cache' and 'Expires'
|
||||
headers for content, so that we can work better in the presence of
|
||||
caching HTTP proxies.
|
||||
- Stop fetching descriptors if you're not a dir mirror and you
|
||||
haven't tried to establish any circuits lately. (This currently
|
||||
causes some dangerous behavior, because when you start up again
|
||||
you'll use your ancient server descriptors.)
|
||||
|
||||
o Major fixes, crashes:
|
||||
- Stop crashing when the controller asks us to resetconf more than
|
||||
one config option at once. (Vidalia 0.0.11 does this.)
|
||||
- Fix a longstanding obscure crash bug that could occur when we run
|
||||
out of DNS worker processes, if we're not using eventdns. (Resolves
|
||||
bug 390.)
|
||||
- Fix an assert that could trigger if a controller quickly set then
|
||||
cleared EntryNodes. (Bug found by Udo van den Heuvel.)
|
||||
- Avoid crash when telling controller about stream-status and a
|
||||
stream is detached.
|
||||
- Avoid sending junk to controllers or segfaulting when a controller
|
||||
uses EVENT_NEW_DESC with verbose nicknames.
|
||||
- Stop triggering asserts if the controller tries to extend hidden
|
||||
service circuits (reported by mwenge).
|
||||
- If we start a server with ClientOnly 1, then set ClientOnly to 0
|
||||
and hup, stop triggering an assert based on an empty onion_key.
|
||||
- Mask out all signals in sub-threads; only the libevent signal
|
||||
handler should be processing them. This should prevent some crashes
|
||||
on some machines using pthreads. (Patch from coderman.)
|
||||
- Disable kqueue on OS X 10.3 and earlier, to fix bug 371.
|
||||
|
||||
o Major fixes, anonymity/security:
|
||||
- Automatically avoid picking more than one node from the same
|
||||
/16 network when constructing a circuit. Add an
|
||||
"EnforceDistinctSubnets" option to let people disable it if they
|
||||
want to operate private test networks on a single subnet.
|
||||
- When generating bandwidth history, round down to the nearest
|
||||
1k. When storing accounting data, round up to the nearest 1k.
|
||||
- When we're running as a server, remember when we last rotated onion
|
||||
keys, so that we will rotate keys once they're a week old even if
|
||||
we never stay up for a week ourselves.
|
||||
- If a client asked for a server by name, and there's a named server
|
||||
in our network-status but we don't have its descriptor yet, we
|
||||
could return an unnamed server instead.
|
||||
- Reject (most) attempts to use Tor circuits with length one. (If
|
||||
many people start using Tor as a one-hop proxy, exit nodes become
|
||||
a more attractive target for compromise.)
|
||||
- Just because your DirPort is open doesn't mean people should be
|
||||
able to remotely teach you about hidden service descriptors. Now
|
||||
only accept rendezvous posts if you've got HSAuthoritativeDir set.
|
||||
- Fix a potential race condition in the rpm installer. Found by
|
||||
Stefan Nordhausen.
|
||||
- Do not log IPs with TLS failures for incoming TLS
|
||||
connections. (Fixes bug 382.)
|
||||
|
||||
o Major fixes, other:
|
||||
- If our system clock jumps back in time, don't publish a negative
|
||||
uptime in the descriptor.
|
||||
- When we start during an accounting interval before it's time to wake
|
||||
up, remember to wake up at the correct time. (May fix bug 342.)
|
||||
- Previously, we would cache up to 16 old networkstatus documents
|
||||
indefinitely, if they came from nontrusted authorities. Now we
|
||||
discard them if they are more than 10 days old.
|
||||
- When we have a state file we cannot parse, tell the user and
|
||||
move it aside. Now we avoid situations where the user starts
|
||||
Tor in 1904, Tor writes a state file with that timestamp in it,
|
||||
the user fixes her clock, and Tor refuses to start.
|
||||
- Publish a new descriptor after we hup/reload. This is important
|
||||
if our config has changed such that we'll want to start advertising
|
||||
our DirPort now, etc.
|
||||
- If we are using an exit enclave and we can't connect, e.g. because
|
||||
its webserver is misconfigured to not listen on localhost, then
|
||||
back off and try connecting from somewhere else before we fail.
|
||||
|
||||
o New config options or behaviors:
|
||||
- When EntryNodes are configured, rebuild the guard list to contain,
|
||||
in order: the EntryNodes that were guards before; the rest of the
|
||||
EntryNodes; the nodes that were guards before.
|
||||
- Do not warn when individual nodes in the configuration's EntryNodes,
|
||||
ExitNodes, etc are down: warn only when all possible nodes
|
||||
are down. (Fixes bug 348.)
|
||||
- Put a lower-bound on MaxAdvertisedBandwidth.
|
||||
- Start using the state file to store bandwidth accounting data:
|
||||
the bw_accounting file is now obsolete. We'll keep generating it
|
||||
for a while for people who are still using 0.1.2.4-alpha.
|
||||
- Try to batch changes to the state file so that we do as few
|
||||
disk writes as possible while still storing important things in
|
||||
a timely fashion.
|
||||
- The state file and the bw_accounting file get saved less often when
|
||||
the AvoidDiskWrites config option is set.
|
||||
- Make PIDFile work on Windows.
|
||||
- Add internal descriptions for a bunch of configuration options:
|
||||
accessible via controller interface and in comments in saved
|
||||
options files.
|
||||
- Reject *:563 (NNTPS) in the default exit policy. We already reject
|
||||
NNTP by default, so this seems like a sensible addition.
|
||||
- Clients now reject hostnames with invalid characters. This should
|
||||
avoid some inadvertent info leaks. Add an option
|
||||
AllowNonRFC953Hostnames to disable this behavior, in case somebody
|
||||
is running a private network with hosts called @, !, and #.
|
||||
- Check for addresses with invalid characters at the exit as well,
|
||||
and warn less verbosely when they fail. You can override this by
|
||||
setting ServerDNSAllowNonRFC953Addresses to 1.
|
||||
- Remove some options that have been deprecated since at least
|
||||
0.1.0.x: AccountingMaxKB, LogFile, DebugLogFile, LogLevel, and
|
||||
SysLog. Use AccountingMax instead of AccountingMaxKB, and use Log
|
||||
to set log options. Mark PathlenCoinWeight as obsolete.
|
||||
- Stop accepting certain malformed ports in configured exit policies.
|
||||
- When the user uses bad syntax in the Log config line, stop
|
||||
suggesting other bad syntax as a replacement.
|
||||
- Add new config option "ResolvConf" to let the server operator
|
||||
choose an alternate resolve.conf file when using eventdns.
|
||||
- If one of our entry guards is on the ExcludeNodes list, or the
|
||||
directory authorities don't think it's a good guard, treat it as
|
||||
if it were unlisted: stop using it as a guard, and throw it off
|
||||
the guards list if it stays that way for a long time.
|
||||
- Allow directory authorities to be marked separately as authorities
|
||||
for the v1 directory protocol, the v2 directory protocol, and
|
||||
as hidden service directories, to make it easier to retire old
|
||||
authorities. V1 authorities should set "HSAuthoritativeDir 1"
|
||||
to continue being hidden service authorities too.
|
||||
- Remove 8888 as a LongLivedPort, and add 6697 (IRCS).
|
||||
- Make TrackExitHosts case-insensitive, and fix the behavior of
|
||||
".suffix" TrackExitHosts items to avoid matching in the middle of
|
||||
an address.
|
||||
- New DirPort behavior: if you have your dirport set, you download
|
||||
descriptors aggressively like a directory mirror, whether or not
|
||||
your ORPort is set.
|
||||
|
||||
o Docs:
|
||||
- Create a new file ReleaseNotes which was the old ChangeLog. The
|
||||
new ChangeLog file now includes the notes for all development
|
||||
versions too.
|
||||
- Add a new address-spec.txt document to describe our special-case
|
||||
addresses: .exit, .onion, and .noconnnect.
|
||||
- Fork the v1 directory protocol into its own spec document,
|
||||
and mark dir-spec.txt as the currently correct (v2) spec.
|
||||
|
||||
o Packaging, porting, and contrib
|
||||
- "tor --verify-config" now exits with -1(255) or 0 depending on
|
||||
whether the config options are bad or good.
|
||||
- The Debian package now uses --verify-config when (re)starting,
|
||||
to distinguish configuration errors from other errors.
|
||||
- Adapt a patch from goodell to let the contrib/exitlist script
|
||||
take arguments rather than require direct editing.
|
||||
- Prevent the contrib/exitlist script from printing the same
|
||||
result more than once.
|
||||
- Add support to tor-resolve tool for reverse lookups and SOCKS5.
|
||||
- In the hidden service example in torrc.sample, stop recommending
|
||||
esoteric and discouraged hidden service options.
|
||||
- Patch from Michael Mohr to contrib/cross.sh, so it checks more
|
||||
values before failing, and always enables eventdns.
|
||||
- Try to detect Windows correctly when cross-compiling.
|
||||
- Libevent-1.2 exports, but does not define in its headers, strlcpy.
|
||||
Try to fix this in configure.in by checking for most functions
|
||||
before we check for libevent.
|
||||
- Update RPMs to require libevent 1.2.
|
||||
- Experimentally re-enable kqueue on OSX when using libevent 1.1b
|
||||
or later. Log when we are doing this, so we can diagnose it when
|
||||
it fails. (Also, recommend libevent 1.1b for kqueue and
|
||||
win32 methods; deprecate libevent 1.0b harder; make libevent
|
||||
recommendation system saner.)
|
||||
- Build with recent (1.3+) libevents on platforms that do not
|
||||
define the nonstandard types "u_int8_t" and friends.
|
||||
- Remove architecture from OS X builds. The official builds are
|
||||
now universal binaries.
|
||||
- Run correctly on OS X platforms with case-sensitive filesystems.
|
||||
- Correctly set maximum connection limit on Cygwin. (This time
|
||||
for sure!)
|
||||
- Start compiling on MinGW on Windows (patches from Mike Chiussi
|
||||
and many others).
|
||||
- Start compiling on MSVC6 on Windows (patches from Frediano Ziglio).
|
||||
- Finally fix the openssl warnings from newer gccs that believe that
|
||||
ignoring a return value is okay, but casting a return value and
|
||||
then ignoring it is a sign of madness.
|
||||
- On architectures where sizeof(int)>4, still clamp declarable
|
||||
bandwidth to INT32_MAX.
|
||||
|
||||
o Minor features, controller:
|
||||
- Warn the user when an application uses the obsolete binary v0
|
||||
control protocol. We're planning to remove support for it during
|
||||
the next development series, so it's good to give people some
|
||||
advance warning.
|
||||
- Add STREAM_BW events to report per-entry-stream bandwidth
|
||||
use. (Patch from Robert Hogan.)
|
||||
- Rate-limit SIGNEWNYM signals in response to controllers that
|
||||
impolitely generate them for every single stream. (Patch from
|
||||
mwenge; closes bug 394.)
|
||||
- Add a REMAP status to stream events to note that a stream's
|
||||
address has changed because of a cached address or a MapAddress
|
||||
directive.
|
||||
- Make REMAP stream events have a SOURCE (cache or exit), and
|
||||
make them generated in every case where we get a successful
|
||||
connected or resolved cell.
|
||||
- Track reasons for OR connection failure; make these reasons
|
||||
available via the controller interface. (Patch from Mike Perry.)
|
||||
- Add a SOCKS_BAD_HOSTNAME client status event so controllers
|
||||
can learn when clients are sending malformed hostnames to Tor.
|
||||
- Specify and implement some of the controller status events.
|
||||
- Have GETINFO dir/status/* work on hosts with DirPort disabled.
|
||||
- Reimplement GETINFO so that info/names stays in sync with the
|
||||
actual keys.
|
||||
- Implement "GETINFO fingerprint".
|
||||
- Implement "SETEVENTS GUARD" so controllers can get updates on
|
||||
entry guard status as it changes.
|
||||
- Make all connections to addresses of the form ".noconnect"
|
||||
immediately get closed. This lets application/controller combos
|
||||
successfully test whether they're talking to the same Tor by
|
||||
watching for STREAM events.
|
||||
- Add a REASON field to CIRC events; for backward compatibility, this
|
||||
field is sent only to controllers that have enabled the extended
|
||||
event format. Also, add additional reason codes to explain why
|
||||
a given circuit has been destroyed or truncated. (Patches from
|
||||
Mike Perry)
|
||||
- Add a REMOTE_REASON field to extended CIRC events to tell the
|
||||
controller why a remote OR told us to close a circuit.
|
||||
- Stream events also now have REASON and REMOTE_REASON fields,
|
||||
working much like those for circuit events.
|
||||
- There's now a GETINFO ns/... field so that controllers can ask Tor
|
||||
about the current status of a router.
|
||||
- A new event type "NS" to inform a controller when our opinion of
|
||||
a router's status has changed.
|
||||
- Add a GETINFO events/names and GETINFO features/names so controllers
|
||||
can tell which events and features are supported.
|
||||
- A new CLEARDNSCACHE signal to allow controllers to clear the
|
||||
client-side DNS cache without expiring circuits.
|
||||
- Fix CIRC controller events so that controllers can learn the
|
||||
identity digests of non-Named servers used in circuit paths.
|
||||
- Let controllers ask for more useful identifiers for servers. Instead
|
||||
of learning identity digests for un-Named servers and nicknames
|
||||
for Named servers, the new identifiers include digest, nickname,
|
||||
and indication of Named status. Off by default; see control-spec.txt
|
||||
for more information.
|
||||
- Add a "getinfo address" controller command so it can display Tor's
|
||||
best guess to the user.
|
||||
- New controller event to alert the controller when our server
|
||||
descriptor has changed.
|
||||
- Give more meaningful errors on controller authentication failure.
|
||||
- Export the default exit policy via the control port, so controllers
|
||||
don't need to guess what it is / will be later.
|
||||
|
||||
o Minor bugfixes, controller:
|
||||
- When creating a circuit via the controller, send a 'launched'
|
||||
event when we're done, so we follow the spec better.
|
||||
- Correct the control spec to match how the code actually responds
|
||||
to 'getinfo addr-mappings/*'. Reported by daejees.
|
||||
- The control spec described a GUARDS event, but the code
|
||||
implemented a GUARD event. Standardize on GUARD, but let people
|
||||
ask for GUARDS too. Reported by daejees.
|
||||
- Give the controller END_STREAM_REASON_DESTROY events _before_ we
|
||||
clear the corresponding on_circuit variable, and remember later
|
||||
that we don't need to send a redundant CLOSED event. (Resolves part
|
||||
3 of bug 367.)
|
||||
- Report events where a resolve succeeded or where we got a socks
|
||||
protocol error correctly, rather than calling both of them
|
||||
"INTERNAL".
|
||||
- Change reported stream target addresses to IP consistently when
|
||||
we finally get the IP from an exit node.
|
||||
- Send log messages to the controller even if they happen to be very
|
||||
long.
|
||||
- Flush ERR-level controller status events just like we currently
|
||||
flush ERR-level log events, so that a Tor shutdown doesn't prevent
|
||||
the controller from learning about current events.
|
||||
- Report the circuit number correctly in STREAM CLOSED events. Bug
|
||||
reported by Mike Perry.
|
||||
- Do not report bizarre values for results of accounting GETINFOs
|
||||
when the last second's write or read exceeds the allotted bandwidth.
|
||||
- Report "unrecognized key" rather than an empty string when the
|
||||
controller tries to fetch a networkstatus that doesn't exist.
|
||||
- When the controller does a "GETINFO network-status", tell it
|
||||
about even those routers whose descriptors are very old, and use
|
||||
long nicknames where appropriate.
|
||||
- Fix handling of verbose nicknames with ORCONN controller events:
|
||||
make them show up exactly when requested, rather than exactly when
|
||||
not requested.
|
||||
- Controller signals now work on non-Unix platforms that don't define
|
||||
SIGUSR1 and SIGUSR2 the way we expect.
|
||||
- Respond to SIGNAL command before we execute the signal, in case
|
||||
the signal shuts us down. Suggested by Karsten Loesing.
|
||||
- Handle reporting OR_CONN_EVENT_NEW events to the controller.
|
||||
|
||||
o Minor features, code performance:
|
||||
- Major performance improvement on inserting descriptors: change
|
||||
algorithm from O(n^2) to O(n).
|
||||
- Do not rotate onion key immediately after setting it for the first
|
||||
time.
|
||||
- Call router_have_min_dir_info half as often. (This is showing up in
|
||||
some profiles, but not others.)
|
||||
- When using GCC, make log_debug never get called at all, and its
|
||||
arguments never get evaluated, when no debug logs are configured.
|
||||
(This is showing up in some profiles, but not others.)
|
||||
- Statistics dumped by -USR2 now include a breakdown of public key
|
||||
operations, for profiling.
|
||||
- Make the common memory allocation path faster on machines where
|
||||
malloc(0) returns a pointer.
|
||||
- Split circuit_t into origin_circuit_t and or_circuit_t, and
|
||||
split connection_t into edge, or, dir, control, and base structs.
|
||||
These will save quite a bit of memory on busy servers, and they'll
|
||||
also help us track down bugs in the code and bugs in the spec.
|
||||
- Use OpenSSL's AES implementation on platforms where it's faster.
|
||||
This could save us as much as 10% CPU usage.
|
||||
|
||||
o Minor features, descriptors and descriptor handling:
|
||||
- Avoid duplicate entries on MyFamily line in server descriptor.
|
||||
- When Tor receives a router descriptor that it asked for, but
|
||||
no longer wants (because it has received fresh networkstatuses
|
||||
in the meantime), do not warn the user. Cache the descriptor if
|
||||
we're a cache; drop it if we aren't.
|
||||
- Servers no longer ever list themselves in their "family" line,
|
||||
even if configured to do so. This makes it easier to configure
|
||||
family lists conveniently.
|
||||
|
||||
o Minor fixes, confusing/misleading log messages:
|
||||
- Display correct results when reporting which versions are
|
||||
recommended, and how recommended they are. (Resolves bug 383.)
|
||||
- Inform the server operator when we decide not to advertise a
|
||||
DirPort due to AccountingMax enabled or a low BandwidthRate.
|
||||
- Only include function names in log messages for info/debug messages.
|
||||
For notice/warn/err, the content of the message should be clear on
|
||||
its own, and printing the function name only confuses users.
|
||||
- Remove even more protocol-related warnings from Tor server logs,
|
||||
such as bad TLS handshakes and malformed begin cells.
|
||||
- Fix bug 314: Tor clients issued "unsafe socks" warnings even
|
||||
when the IP address is mapped through MapAddress to a hostname.
|
||||
- Fix misleading log messages: an entry guard that is "unlisted",
|
||||
as well as not known to be "down" (because we've never heard
|
||||
of it), is not therefore "up".
|
||||
|
||||
o Minor fixes, old/obsolete behavior:
|
||||
- Start assuming we can use a create_fast cell if we don't know
|
||||
what version a router is running.
|
||||
- We no longer look for identity and onion keys in "identity.key" and
|
||||
"onion.key" -- these were replaced by secret_id_key and
|
||||
secret_onion_key in 0.0.8pre1.
|
||||
- We no longer require unrecognized directory entries to be
|
||||
preceded by "opt".
|
||||
- Drop compatibility with obsolete Tors that permit create cells
|
||||
to have the wrong circ_id_type.
|
||||
- Remove code to special-case "-cvs" ending, since it has not
|
||||
actually mattered since 0.0.9.
|
||||
- Don't re-write the fingerprint file every restart, unless it has
|
||||
changed.
|
||||
|
||||
o Minor fixes, misc client-side behavior:
|
||||
- Always remove expired routers and networkstatus docs before checking
|
||||
whether we have enough information to build circuits. (Fixes
|
||||
bug 373.)
|
||||
- When computing clock skew from directory HTTP headers, consider what
|
||||
time it was when we finished asking for the directory, not what
|
||||
time it is now.
|
||||
- Make our socks5 handling more robust to broken socks clients:
|
||||
throw out everything waiting on the buffer in between socks
|
||||
handshake phases, since they can't possibly (so the theory
|
||||
goes) have predicted what we plan to respond to them.
|
||||
- Expire socks connections if they spend too long waiting for the
|
||||
handshake to finish. Previously we would let them sit around for
|
||||
days, if the connecting application didn't close them either.
|
||||
- And if the socks handshake hasn't started, don't send a
|
||||
"DNS resolve socks failed" handshake reply; just close it.
|
||||
- If the user asks to use invalid exit nodes, be willing to use
|
||||
unstable ones.
|
||||
- Track unreachable entry guards correctly: don't conflate
|
||||
'unreachable by us right now' with 'listed as down by the directory
|
||||
authorities'. With the old code, if a guard was unreachable by us
|
||||
but listed as running, it would clog our guard list forever.
|
||||
- Behave correctly in case we ever have a network with more than
|
||||
2GB/s total advertised capacity.
|
||||
- Claim a commonname of Tor, rather than TOR, in TLS handshakes.
|
||||
- Fix a memory leak when we ask for "all" networkstatuses and we
|
||||
get one we don't recognize.
|
||||
|
||||
|
||||
Changes in version 0.1.1.26 - 2006-12-14
|
||||
o Security bugfixes:
|
||||
- Stop sending the HttpProxyAuthenticator string to directory
|
||||
|
|
36
configure.in
36
configure.in
|
@ -4,7 +4,7 @@ dnl Copyright (c) 2004-2007, Roger Dingledine, Nick Mathewson
|
|||
dnl See LICENSE for licensing information
|
||||
|
||||
AC_INIT
|
||||
AM_INIT_AUTOMAKE(tor, 0.1.2.9-rc-dev)
|
||||
AM_INIT_AUTOMAKE(tor, 0.1.2.19-dev)
|
||||
AM_CONFIG_HEADER(orconfig.h)
|
||||
|
||||
AC_CANONICAL_HOST
|
||||
|
@ -51,7 +51,15 @@ if test x$enable_threads = x; then
|
|||
AC_MSG_NOTICE([You are running OpenBSD or NetBSD; I am assuming that
|
||||
getaddrinfo is not threadsafe here, so I will disable threads.])
|
||||
enable_threads="no"
|
||||
fi ;;
|
||||
else
|
||||
# This was an inadvertant default up through 0.1.2.14; in 0.2.0.x,
|
||||
# it's getting some testing, but for now, best leave threads off
|
||||
# unless the user urns them on.
|
||||
AC_MSG_NOTICE([You are running OpenBSD or NetBSD; Tor 0.1.2.x hasn't
|
||||
been tested with threads on these platforms, so I'm turning them off. You
|
||||
can enable threads by passing --enable-threads to the configure script.])
|
||||
enable_threads="no"
|
||||
fi ;;
|
||||
*-*-solaris* )
|
||||
# Don't try multithreading on solaris -- cpuworkers seem to lock.
|
||||
AC_MSG_NOTICE([You are running Solaris; Sometimes threading makes
|
||||
|
@ -76,6 +84,7 @@ AC_ARG_ENABLE(gcc-warnings,
|
|||
AC_HELP_STRING(--enable-gcc-warnings, enable verbose warnings))
|
||||
|
||||
AC_PROG_CC
|
||||
AC_PROG_CPP
|
||||
AC_PROG_MAKE_SET
|
||||
AC_PROG_RANLIB
|
||||
|
||||
|
@ -196,7 +205,10 @@ fi
|
|||
dnl ------------------------------------------------------
|
||||
dnl Where do you live, libevent? And how do we call you?
|
||||
|
||||
dnl This is a disgusting hack so we safely include recent libevent headers.
|
||||
dnl This needs to happen before the below disgusting hack.
|
||||
AC_CHECK_HEADERS(sys/types.h)
|
||||
|
||||
dnl This is a disgusting hack so we safely include older libevent headers.
|
||||
AC_CHECK_TYPE(u_int64_t, unsigned long long)
|
||||
AC_CHECK_TYPE(u_int32_t, unsigned long)
|
||||
AC_CHECK_TYPE(u_int16_t, unsigned short)
|
||||
|
@ -260,7 +272,7 @@ LIBS="$LIBS -levent -lws2_32"
|
|||
else
|
||||
LIBS="$LIBS -levent"
|
||||
fi
|
||||
if test $tor_cv_libevent_dir != "(system)"; then
|
||||
if test "$tor_cv_libevent_dir" != "(system)"; then
|
||||
if test -d "$tor_cv_libevent_dir/lib" ; then
|
||||
LDFLAGS="-L$tor_cv_libevent_dir/lib $LDFLAGS"
|
||||
le_libdir="$tor_cv_libevent_dir/lib"
|
||||
|
@ -457,7 +469,7 @@ AC_SYS_LARGEFILE
|
|||
|
||||
dnl The warning message here is no longer strictly accurate.
|
||||
|
||||
AC_CHECK_HEADERS(unistd.h string.h signal.h ctype.h sys/stat.h sys/types.h fcntl.h sys/fcntl.h sys/time.h errno.h assert.h time.h, , AC_MSG_WARN(some headers were not found, compilation may fail))
|
||||
AC_CHECK_HEADERS(unistd.h string.h signal.h ctype.h sys/stat.h fcntl.h sys/fcntl.h sys/time.h errno.h assert.h time.h, , AC_MSG_WARN(some headers were not found, compilation may fail))
|
||||
|
||||
AC_CHECK_HEADERS(netdb.h sys/ioctl.h sys/socket.h arpa/inet.h netinet/in.h pwd.h grp.h)
|
||||
|
||||
|
@ -478,7 +490,7 @@ AC_CHECK_HEADERS(zlib.h, , AC_MSG_ERROR(Zlib header (zlib.h) not found. Tor requ
|
|||
|
||||
dnl These headers are not essential
|
||||
|
||||
AC_CHECK_HEADERS(stdint.h sys/types.h inttypes.h sys/param.h sys/wait.h limits.h sys/limits.h netinet/in.h arpa/inet.h machine/limits.h syslog.h sys/time.h sys/resource.h inttypes.h utime.h sys/utime.h sys/mman.h netintet/in.h netinet/in6.h)
|
||||
AC_CHECK_HEADERS(stdint.h sys/types.h inttypes.h sys/param.h sys/wait.h limits.h sys/limits.h netinet/in.h arpa/inet.h machine/limits.h syslog.h sys/time.h sys/resource.h inttypes.h utime.h sys/utime.h sys/mman.h netintet/in.h netinet/in6.h sys/syslimits.h)
|
||||
|
||||
AC_CHECK_HEADERS(net/if.h, [net_if_found=1], [net_if_found=0],
|
||||
[#ifdef HAVE_SYS_TYPES_H
|
||||
|
@ -577,6 +589,18 @@ AC_CHECK_TYPES([struct in6_addr, struct sockaddr_storage], , ,
|
|||
#include <sys/socket.h>
|
||||
#endif])
|
||||
|
||||
AC_CHECK_TYPES([rlim_t], , ,
|
||||
[#ifdef HAVE_SYS_TYPES_H
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_TIME_H
|
||||
#include <sys/time.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_RESOURCE_H
|
||||
#include <sys/resource.h>
|
||||
#endif
|
||||
])
|
||||
|
||||
if test -z "$CROSS_COMPILE"; then
|
||||
AC_CACHE_CHECK([whether time_t is signed], tor_cv_time_t_signed, [
|
||||
AC_TRY_RUN([
|
||||
|
|
|
@ -8,5 +8,5 @@ EXTRA_DIST = PrivoxyConfDesc.plist PrivoxyConfInfo.plist \
|
|||
TorInfo.plist.in TorStartupDesc.plist.in TorStartupInfo.plist \
|
||||
package.sh privoxy.config TorPostflight addsysuser \
|
||||
Tor_Uninstaller.applescript uninstall_tor_bundle.sh \
|
||||
package_list.txt tor_logo.gif \
|
||||
TorPreFlight
|
||||
TorbuttonInfo.plist TorbuttonDesc.plist \
|
||||
package_list.txt tor_logo.gif TorPreFlight
|
||||
|
|
|
@ -16,7 +16,29 @@ TORPID=/var/run/Tor.pid
|
|||
TORUSER=_tor
|
||||
TORGROUP=daemon
|
||||
TORCMD=$TORDIR/tor
|
||||
TORLOG=/var/log/tor/tor.log
|
||||
TORLOG=/var/log/tor.log
|
||||
|
||||
## Determine OSX Version
|
||||
# map version to name
|
||||
if [ -x /usr/bin/sw_vers ]; then
|
||||
# This is poor, yet functional. We don't care about the 3rd number in
|
||||
# the OS version
|
||||
OSVER=`/usr/bin/sw_vers | grep ProductVersion | cut -f2 | cut -d"." -f1,2`
|
||||
case "$OSVER" in
|
||||
"10.5") OS="leopard" ARCH="universal";;
|
||||
"10.4") OS="tiger" ARCH="universal";;
|
||||
"10.3") OS="panther" ARCH="ppc";;
|
||||
"10.2") OS="jaguar" ARCH="ppc";;
|
||||
"10.1") OS="puma" ARCH="ppc";;
|
||||
"10.0") OS="cheetah" ARCH="ppc";;
|
||||
esac
|
||||
else
|
||||
OS="unknown"
|
||||
fi
|
||||
|
||||
if [ $ARCH != "universal" ]; then
|
||||
export EVENT_NOKQUEUE=1
|
||||
fi
|
||||
|
||||
##
|
||||
# Tor Service
|
||||
|
|
|
@ -5,9 +5,9 @@
|
|||
<key>IFPkgDescriptionDeleteWarning</key>
|
||||
<string></string>
|
||||
<key>IFPkgDescriptionDescription</key>
|
||||
<string>Bundled package of Tor @VERSION@ and Privoxy.</string>
|
||||
<string>Bundled package of Tor @VERSION@, Privoxy 3.0.6, and Torbutton.</string>
|
||||
<key>IFPkgDescriptionTitle</key>
|
||||
<string>Tor - Privoxy Bundle</string>
|
||||
<string>Tor - Privoxy - Torbutton Bundle</string>
|
||||
<key>IFPkgDescriptionVersion</key>
|
||||
<string>@VERSION@</string>
|
||||
</dict>
|
||||
|
|
|
@ -38,6 +38,12 @@
|
|||
<key>IFPkgFlagPackageSelection</key>
|
||||
<string>selected</string>
|
||||
</dict>
|
||||
<dict>
|
||||
<key>IFPkgFlagPackageLocation</key>
|
||||
<string>torbutton.pkg</string>
|
||||
<key>IFPkgFlagPackageSelection</key>
|
||||
<string>selected</string>
|
||||
</dict>
|
||||
</array>
|
||||
<key>IFPkgFormatVersion</key>
|
||||
<real>0.10000000149011612</real>
|
||||
|
|
|
@ -1,23 +1,38 @@
|
|||
{\rtf1\mac\ansicpg10000\cocoartf102
|
||||
{\fonttbl\f0\fswiss\fcharset77 Helvetica;\f1\fswiss\fcharset77 Helvetica-Bold;}
|
||||
{\rtf1\mac\ansicpg10000\cocoartf824\cocoasubrtf420
|
||||
{\fonttbl\f0\fswiss\fcharset77 Helvetica;\f1\fswiss\fcharset77 Helvetica-Oblique;\f2\fswiss\fcharset77 Helvetica-Bold;
|
||||
}
|
||||
{\colortbl;\red255\green255\blue255;}
|
||||
\paperw11900\paperh16840\margl1440\margr1440\vieww9000\viewh9000\viewkind0
|
||||
\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\ql\qnatural
|
||||
|
||||
\f0\fs24 \cf0 Welcome to Tor - Privoxy Bundle installer.\
|
||||
This will install Tor and privoxy in your computer.\
|
||||
\f0\fs24 \cf0 Welcome to Tor - Privoxy - Torbutton Bundle installer.\
|
||||
This will install Tor, Privoxy, and Torbutton in your computer.\
|
||||
\
|
||||
|
||||
\f1\b Tor and Privoxy are separate products.\
|
||||
\f1\i Tor, Privoxy, and Torbutton are separate products.\
|
||||
They are packaged together for your convenience.
|
||||
\f2\i0\b \
|
||||
|
||||
\f0\b0 \
|
||||
\
|
||||
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural
|
||||
\cf0 Tor is a system for using the Internet anonymously, and allowing\
|
||||
|
||||
\f2\b \cf0 Tor
|
||||
\f0\b0 is a system for using the Internet anonymously, and allowing\
|
||||
others to do so.\
|
||||
\
|
||||
For more information, please visit http://tor.eff.org/\
|
||||
For more information, please visit https://www.torproject.org/\
|
||||
\
|
||||
Privoxy stands between your web browser and Tor to make your web surfing experience safer.\
|
||||
|
||||
\f2\b Privoxy
|
||||
\f0\b0 stands between your web browser and Tor to make your web surfing experience safer.\
|
||||
\
|
||||
For more information, please visit http://www.privoxy.org/}
|
||||
For more information, please visit http://www.privoxy.org/\
|
||||
\
|
||||
\pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural\pardirnatural
|
||||
|
||||
\f2\b \cf0 Torbutton
|
||||
\f0\b0 is a 1-click way for Firefox users to enable or disable the browser's use of Tor.
|
||||
\f1\i Torbutton will not install if you do not have Firefox installed.
|
||||
\f0\i0 \
|
||||
\
|
||||
For more information, please visit https://torbutton.torproject.org/}
|
||||
|
|
|
@ -1,4 +1,37 @@
|
|||
#!/bin/sh
|
||||
# ====================================================================
|
||||
# TorPostFlight is distributed under this license
|
||||
#
|
||||
# Copyright (c) 2006 Andrew Lewman
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following disclaimer
|
||||
# in the documentation and/or other materials provided with the
|
||||
# distribution.
|
||||
#
|
||||
# * Neither the names of the copyright owners nor the names of its
|
||||
# contributors may be used to endorse or promote products derived from
|
||||
# this software without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
# ======================================================================
|
||||
|
||||
# TorPostflight gets invoked after any install or upgrade.
|
||||
|
||||
|
@ -12,7 +45,8 @@ TORUSER=_tor
|
|||
TORGROUP=daemon
|
||||
TARGET=$2/Library/Tor
|
||||
TORDIR=$TARGET/var/lib/tor
|
||||
LOGDIR=$TARGET/var/log/tor
|
||||
LOGFILE=/var/log/tor.log
|
||||
TORBUTTON_VERSION="1.0.4.01-fx+tb"
|
||||
|
||||
# Check defaults for TARGET
|
||||
if [ "$TARGET" == "//Library/Tor" ]; then
|
||||
|
@ -26,16 +60,17 @@ $ADDSYSUSER $TORUSER "Tor System user" $TORDIR
|
|||
if [ ! -d $TORDIR ]; then
|
||||
mkdir -p $TORDIR
|
||||
fi
|
||||
if [ ! -d $LOGDIR ]; then
|
||||
mkdir -p $LOGDIR
|
||||
fi
|
||||
# Check its permissions.
|
||||
chown $TORUSER $TORDIR
|
||||
chgrp daemon $TORDIR
|
||||
chmod 700 $TORDIR
|
||||
chown $TORUSER $LOGDIR
|
||||
chgrp daemon $LOGDIR
|
||||
chmod 700 $LOGDIR
|
||||
|
||||
if [ ! -f $LOGFILE ]; then
|
||||
touch $LOGFILE
|
||||
chown $TORUSER $LOGFILE
|
||||
chgrp daemon $LOGFILE
|
||||
chmod 660 $LOGFILE
|
||||
fi
|
||||
|
||||
# Create the configuration file only if there wasn't one already.
|
||||
if [ ! -f $TARGET/torrc ]; then
|
||||
|
@ -54,14 +89,8 @@ ln -sf $TARGET/tor .
|
|||
ln -sf $TARGET/tor-resolve .
|
||||
|
||||
cd /usr/share/man/man1
|
||||
MAN1=$TARGET/man/man1
|
||||
ln -sf $MAN1/*.1 .
|
||||
|
||||
if [ ! -e /var/log/tor -o -L /var/log/tor ]; then
|
||||
cd /var/log
|
||||
rm -f tor
|
||||
ln -sf $LOGDIR tor
|
||||
fi
|
||||
MAN1=$TARGET/share/man/man1
|
||||
#ln -sf $MAN1/*.1 .
|
||||
|
||||
if [ -d /Library/StartupItems/Privoxy ]; then
|
||||
find /Library/StartupItems/Privoxy -print0 | xargs -0 chown root:wheel
|
||||
|
@ -75,26 +104,35 @@ fi
|
|||
# Copy Uninstaller
|
||||
if [ -f $PACKAGE_PATH/Contents/Resources/Tor_Uninstaller.applescript ]; then
|
||||
cp $PACKAGE_PATH/Contents/Resources/Tor_Uninstaller.applescript $TARGET/Tor_Uninstaller.applescript
|
||||
chmod 755 $TARGET/Tor_Uninstaller.applescript
|
||||
chmod 550 $TARGET/Tor_Uninstaller.applescript
|
||||
fi
|
||||
|
||||
if [ -f $PACKAGE_PATH/Contents/Resources/uninstall_tor_bundle.sh ]; then
|
||||
cp $PACKAGE_PATH/Contents/Resources/uninstall_tor_bundle.sh $TARGET/uninstall_tor_bundle.sh
|
||||
chmod 755 $TARGET/uninstall_tor_bundle.sh
|
||||
chmod 550 $TARGET/uninstall_tor_bundle.sh
|
||||
fi
|
||||
|
||||
if [ -f $PACKAGE_PATH/Contents/Resources/package_list.txt ]; then
|
||||
cp $PACKAGE_PATH/Contents/Resources/package_list.txt $TARGET/package_list.txt
|
||||
fi
|
||||
|
||||
# If the pre-install script did it's thing, it should have saved the
|
||||
# config and server keys; put these back and clean up
|
||||
if [ -f /tmp/TorSavedMe.tar.gz ]; then
|
||||
tar zxf /tmp/TorSavedMe.tar.gz -C /
|
||||
rm /tmp/TorSavedMe.tar.gz
|
||||
fi
|
||||
|
||||
if [ -d /Library/StartupItems/Tor ]; then
|
||||
rm -f /Library/StartupItems/Tor/Tor.loc
|
||||
echo "$TARGET" > /Library/StartupItems/Tor/Tor.loc
|
||||
fi
|
||||
|
||||
if [ -f /Applications/Firefox.app/Contents/MacOS/firefox ]; then
|
||||
if [ -f $TARGET/torbutton-$TORBUTTON_VERSION.xpi ]; then
|
||||
/Applications/Firefox.app/Contents/MacOS/firefox -install-global-extension $TARGET/torbutton-$TORBUTTON_VERSION.xpi
|
||||
# The following is a kludge to get around the fact that the installer
|
||||
# runs as root. This means the Torbutton extension will install with
|
||||
# root permissions; thereby making uninstalling Torbutton from inside
|
||||
# Firefox impossible. The user will be caught in an endless loop of
|
||||
# uninstall -> automatic re-installation of Torbutton. The OSX
|
||||
# installer doesn't tell you the owner of Firefox, therefore we have to
|
||||
# parse it.
|
||||
USR=`ls -alrt /Applications/Firefox.app/Contents/MacOS/extensions/ | tail -1 | awk '{print $3}'`
|
||||
GRP=`ls -alrt /Applications/Firefox.app/Contents/MacOS/extensions/ | tail -1 | awk '{print $4}'`
|
||||
chown -R $USR:$GRP /Applications/Firefox.app/Contents/MacOS/extensions/
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -1,4 +1,40 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# ===================================================================
|
||||
#
|
||||
# TorPreFlight is distributed under this license:
|
||||
#
|
||||
# Copyright (c) 2006 Andrew Lewman
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following disclaimer
|
||||
# in the documentation and/or other materials provided with the
|
||||
# distribution.
|
||||
#
|
||||
# * Neither the names of the copyright owners nor the names of its
|
||||
# contributors may be used to endorse or promote products derived from
|
||||
# this software without specific prior written permission.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
#===============================================================================
|
||||
|
||||
# TorPreFlight is invoked before the install begins
|
||||
|
||||
# Figure out where Tor is installed
|
||||
|
@ -16,14 +52,8 @@ fi
|
|||
|
||||
# Backup all of Tor, just in case
|
||||
if [ -d $TORPATH ]; then
|
||||
tar zcf /tmp/TorSavedMe.tar.gz $TORPATH/var/lib/tor $TORPATH/torrc $PRIVOXYPATH/config $PRIVOXYPATH/user.action
|
||||
cp $TORPATH/torrc $TORPATH/torrc.installer-saved
|
||||
cp $PRIVOXYPATH/config $PRIVOXYPATH/config.installer-saved
|
||||
cp $PRIVOXYPATH/user.action $PRIVOXYPATH/user.action.installer-saved
|
||||
fi
|
||||
|
||||
# Remove Tor and everything to do with it
|
||||
if [ -f $TORPATH/uninstall_tor_bundle.sh ]; then
|
||||
$TORPATH/uninstall_tor_bundle.sh
|
||||
else
|
||||
$PACKAGE_PATH/Contents/Resources/uninstall_tor_bundle.sh
|
||||
fi
|
||||
|
||||
# This is complete, we have a fresh system on which to install Tor
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>IFPkgDescriptionTitle</key>
|
||||
<string>Torbutton Extension for Firefox</string>
|
||||
<key>IFPkgDescriptionVersion</key>
|
||||
<string>0.1</string>
|
||||
</dict>
|
||||
</plist>
|
|
@ -0,0 +1,22 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>CFBundleIdentifier</key>
|
||||
<string>Torbutton Extension for Firefox</string>
|
||||
<key>CFBundleGetInfoString</key>
|
||||
<string>Torbutton configuration for Tor</string>
|
||||
<key>CFBundleName</key>
|
||||
<string>Torbutton configuration for Tor</string>
|
||||
<key>CFBundleSortVersionString</key>
|
||||
<string>0.1</string>
|
||||
<key>IFPkgFlagAuthorizationAction</key>
|
||||
<string>RootAuthorization</string>
|
||||
<key>IFPkgFlagRestartAction</key>
|
||||
<string>RecommendedRestart</string>
|
||||
<key>IFPkgFlagFollowLinks</key>
|
||||
<true/>
|
||||
<key>IFPkgFlagIsRequired</key>
|
||||
<false/>
|
||||
</dict>
|
||||
</plist>
|
|
@ -3,43 +3,81 @@
|
|||
# Original adduser 05 Feb 2002 by Jon L. Gardner
|
||||
#
|
||||
# Modified for Tor installer by Nick Mathewson
|
||||
# 2007-06-12 Modified for leopard by Andrew Lewman
|
||||
# Copyright (c) 2007 Andrew Lewman
|
||||
#
|
||||
|
||||
|
||||
ROOTPROP=/
|
||||
|
||||
if [ "`whoami`" != "root" ]; then
|
||||
echo "You must be root to execute this script."
|
||||
exit
|
||||
echo "You must be root to execute this script."
|
||||
exit
|
||||
fi
|
||||
if [ "x$3" = "x" ]; then
|
||||
echo 'Usage: addsysuser <username> "<full name>" <homedir>'
|
||||
exit 0
|
||||
echo 'Usage: addsysuser <username> "<full name>" <homedir>'
|
||||
exit 0
|
||||
fi
|
||||
|
||||
username=$1
|
||||
realname=$2
|
||||
homedir=$3
|
||||
# GID 20 is "staff" which is the default. Change it if you want.
|
||||
gid=`niutil -readprop $ROOTPROP /groups/daemon gid`
|
||||
if [ "x`niutil -list $ROOTPROP /users|cut -f2 -d' '|grep $username`" != "x" ]; then
|
||||
echo The account $username already exists.
|
||||
exit 0
|
||||
|
||||
if [ -x /usr/bin/dscl ]; then
|
||||
# Determine the gid of the daemon group
|
||||
gid=`dscl . -read /groups/daemon gid`
|
||||
if [ "x`dscl . -list /users|cut -f2 -d' '|grep $username`" != "x" ]; then
|
||||
echo The account $username already exists.
|
||||
exit 0
|
||||
fi
|
||||
if [ -x /usr/bin/nidump ]; then
|
||||
uiddef=`nidump passwd / | cut -d: -f3 | sort -n | grep -v '^[56789]..' |grep -v '^....$' | tail -n 1`
|
||||
else
|
||||
_tmp=/tmp/_dsexport_tmp.txt.$$
|
||||
rm -f $_tmp
|
||||
dsexport $_tmp '/Local/Default' 'dsRecTypeStandard:Users' > /dev/null 2>&1
|
||||
uiddef=`cat $_tmp | sed 's/\\\://g' | cut -d: -f6 | grep '^[0-9]' | sort -n | grep -v '^[56789]..' | grep -v '^....$' | tail -n 1`
|
||||
rm -f $_tmp
|
||||
fi
|
||||
uiddef=`echo $uiddef + 1 | bc`
|
||||
dscl . -create /users/$username uid $uiddef
|
||||
# home is the local path to the home directory
|
||||
home=/Users/$username
|
||||
echo Creating account for $username...
|
||||
dscl . -create /users/$username
|
||||
dscl . -create /users/$username _writers_tim_passwd $username
|
||||
dscl . -create /users/$username realname $realname
|
||||
dscl . -create /users/$username _writers_passwd $username
|
||||
dscl . -create /users/$username gid $gid
|
||||
dscl . -create /users/$username home $homedir
|
||||
dscl . -create /users/$username name $username
|
||||
dscl . -create /users/$username passwd '*'
|
||||
dscl . -create /users/$username shell /dev/null
|
||||
else
|
||||
# Determine the gid of the daemon group
|
||||
gid=`niutil -readprop $ROOTPROP /groups/daemon gid`
|
||||
if [ "x`niutil -list $ROOTPROP /users|cut -f2 -d' '|grep $username`" != "x" ]; then
|
||||
echo The account $username already exists.
|
||||
exit 0
|
||||
fi
|
||||
# home is the local path to the home directory
|
||||
home=/Users/$username
|
||||
# defhome is what goes into NetInfo
|
||||
defhome="/Network/Servers/MyServer/Users"
|
||||
#echo "Determining next available system uid (please be patient)..."
|
||||
# Uids over 500 are for system users.
|
||||
uiddef=`nidump passwd / | cut -d: -f3 | sort -n | grep -v '^[56789]..' |grep -v '^....$' | tail -n 1`
|
||||
uiddef=`echo $uiddef + 1 |bc`
|
||||
echo Creating account for $username...
|
||||
niutil -create $ROOTPROP /users/$username
|
||||
niutil -createprop $ROOTPROP /users/$username _writers_tim_passwd $username
|
||||
niutil -createprop $ROOTPROP /users/$username realname $realname
|
||||
niutil -createprop $ROOTPROP /users/$username _writers_passwd $username
|
||||
niutil -createprop $ROOTPROP /users/$username uid $uiddef
|
||||
#niutil -createprop $ROOTPROP /users/$username home_loc "<home_dir><url>afp://afp.server.com/Users/</url><path>$username</path></home_dir>"
|
||||
niutil -createprop $ROOTPROP /users/$username gid $gid
|
||||
niutil -createprop $ROOTPROP /users/$username home $homedir
|
||||
niutil -createprop $ROOTPROP /users/$username name $username
|
||||
niutil -createprop $ROOTPROP /users/$username passwd '*'
|
||||
niutil -createprop $ROOTPROP /users/$username shell /dev/null
|
||||
fi
|
||||
# home is the local path to the home directory
|
||||
home=/Users/$username
|
||||
# defhome is what goes into NetInfo
|
||||
defhome="/Network/Servers/MyServer/Users"
|
||||
#echo "Determining next available system uid (please be patient)..."
|
||||
# Uids over 500 are for system users.
|
||||
uiddef=`nidump passwd / | cut -d: -f3 | sort -n | grep -v '^[56789]..' |grep -v '^....$' | tail -n 1`
|
||||
uiddef=`echo $uiddef + 1 |bc`
|
||||
echo Creating account for $username...
|
||||
niutil -create $ROOTPROP /users/$username
|
||||
niutil -createprop $ROOTPROP /users/$username _writers_tim_passwd $username
|
||||
niutil -createprop $ROOTPROP /users/$username realname $realname
|
||||
niutil -createprop $ROOTPROP /users/$username _writers_passwd $username
|
||||
niutil -createprop $ROOTPROP /users/$username uid $uiddef
|
||||
#niutil -createprop $ROOTPROP /users/$username home_loc "<home_dir><url>afp://afp.server.com/Users/</url><path>$username</path></home_dir>"
|
||||
niutil -createprop $ROOTPROP /users/$username gid $gid
|
||||
niutil -createprop $ROOTPROP /users/$username home $homedir
|
||||
niutil -createprop $ROOTPROP /users/$username name $username
|
||||
niutil -createprop $ROOTPROP /users/$username passwd '*'
|
||||
niutil -createprop $ROOTPROP /users/$username shell /dev/null
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
#!/bin/sh
|
||||
# $Id$
|
||||
# Copyright 2004-2005 Nick Mathewson.
|
||||
# Copyright 2005-2008 Andrew Lewman
|
||||
# See LICENSE in Tor distribution for licensing information.
|
||||
|
||||
# This script builds a Macintosh OS X metapackage containing 4 packages:
|
||||
|
@ -8,6 +9,7 @@
|
|||
# - One for Privoxy.
|
||||
# - One for a tor-specific privoxy configuration script.
|
||||
# - One for Startup scripts for Tor.
|
||||
# - One for Torbutton, an extension for FireFox
|
||||
#
|
||||
# This script expects to be run from the toplevel makefile, with VERSION
|
||||
# set to the latest Tor version, and Tor already built.
|
||||
|
@ -20,6 +22,11 @@
|
|||
# privoxy lives somewhere else.
|
||||
PRIVOXY_PKG_ZIP=~/tmp/privoxyosx_setup_3.0.6.zip
|
||||
|
||||
# Where have we put the xpi and license for Torbutton? Edit this if your
|
||||
# torbutton and torbutton license live somewhere else.
|
||||
TORBUTTON_PATH=~/tmp/torbutton-1.0.4.01-fx+tb.xpi
|
||||
TORBUTTON_LIC_PATH=~/tmp/LICENSE
|
||||
|
||||
###
|
||||
# Helpful info on OS X packaging:
|
||||
# http://developer.apple.com/documentation/DeveloperTools/Conceptual/SoftwareDistribution/index.html
|
||||
|
@ -66,11 +73,13 @@ for subdir in tor_packageroot tor_resources \
|
|||
torstartup_packageroot \
|
||||
privoxyconf_packageroot \
|
||||
torbundle_resources \
|
||||
torbutton_packageroot \
|
||||
output; do
|
||||
mkdir $BUILD_DIR/$subdir
|
||||
done
|
||||
|
||||
### Make Tor package.
|
||||
|
||||
make install DESTDIR=$BUILD_DIR/tor_packageroot
|
||||
#mv $BUILD_DIR/tor_packageroot/Library/Tor/torrc.sample $BUILD_DIR/tor_packageroot/Library/Tor/torrc
|
||||
cp contrib/osx/ReadMe.rtf $BUILD_DIR/tor_resources
|
||||
|
@ -104,7 +113,15 @@ cp AUTHORS $DOC/AUTHORS.txt
|
|||
groff doc/tor.1.in -T ps -m man | pstopdf -i -o $DOC/tor-reference.pdf
|
||||
groff doc/tor-resolve.1 -T ps -m man | pstopdf -i -o $DOC/tor-resolve.pdf
|
||||
mkdir $DOC/Advanced
|
||||
cp doc/tor-spec.txt doc/rend-spec.txt doc/control-spec.txt doc/socks-extensions.txt doc/version-spec.txt $DOC/Advanced
|
||||
cp doc/spec/tor-spec.txt \
|
||||
doc/spec/rend-spec.txt \
|
||||
doc/spec/control-spec.txt \
|
||||
doc/spec/socks-extensions.txt \
|
||||
doc/spec/version-spec.txt \
|
||||
doc/spec/address-spec.txt \
|
||||
doc/spec/path-spec.txt \
|
||||
$DOC/Advanced
|
||||
|
||||
cp doc/HACKING $DOC/Advanced/HACKING.txt
|
||||
cp ChangeLog $DOC/Advanced/ChangeLog.txt
|
||||
|
||||
|
@ -131,16 +148,31 @@ $PACKAGEMAKER -build \
|
|||
|
||||
### Make Startup Script package
|
||||
|
||||
mkdir -p $BUILD_DIR/torstartup_packageroot/Library/StartupItems/Tor
|
||||
cp contrib/osx/Tor contrib/osx/StartupParameters.plist \
|
||||
mkdir -p $BUILD_DIR/torstartup_packageroot/Library/StartupItems/Tor
|
||||
cp contrib/osx/Tor contrib/osx/StartupParameters.plist \
|
||||
$BUILD_DIR/torstartup_packageroot/Library/StartupItems/Tor
|
||||
|
||||
find $BUILD_DIR/torstartup_packageroot -print0 | sudo xargs -0 chown root:wheel
|
||||
$PACKAGEMAKER -build \
|
||||
-p $BUILD_DIR/output/torstartup.pkg \
|
||||
-f $BUILD_DIR/torstartup_packageroot \
|
||||
-i contrib/osx/TorStartupInfo.plist \
|
||||
-d contrib/osx/TorStartupDesc.plist
|
||||
find $BUILD_DIR/torstartup_packageroot -print0 | sudo xargs -0 chown root:wheel
|
||||
|
||||
$PACKAGEMAKER -build \
|
||||
-p $BUILD_DIR/output/torstartup.pkg \
|
||||
-f $BUILD_DIR/torstartup_packageroot \
|
||||
-i contrib/osx/TorStartupInfo.plist \
|
||||
-d contrib/osx/TorStartupDesc.plist
|
||||
|
||||
### Make Torbutton Installation package
|
||||
|
||||
mkdir -p $BUILD_DIR/torbutton_packageroot/Library/Torbutton
|
||||
cp $TORBUTTON_PATH $BUILD_DIR/torbutton_packageroot/Library/Torbutton/
|
||||
cp $TORBUTTON_LIC_PATH $BUILD_DIR/torbutton_packageroot/Library/Torbutton/Torbutton-LICENSE.txt
|
||||
|
||||
find $BUILD_DIR/torbutton_packageroot -print0 | sudo xargs -0 chown root:wheel
|
||||
|
||||
$PACKAGEMAKER -build \
|
||||
-p $BUILD_DIR/output/torbutton.pkg \
|
||||
-f $BUILD_DIR/torbutton_packageroot \
|
||||
-i contrib/osx/TorbuttonInfo.plist \
|
||||
-d contrib/osx/TorbuttonDesc.plist
|
||||
|
||||
### Assemble the metapackage. Packagemaker won't buld metapackages from
|
||||
# the command line, so we need to do it by hand.
|
||||
|
@ -167,6 +199,7 @@ cp $PRIVOXY_RESDIR/License.html $BUILD_DIR/output/Privoxy\ License.html
|
|||
cp $PRIVOXY_RESDIR/ReadMe.txt $BUILD_DIR/output/Privoxy\ ReadMe.txt
|
||||
cp contrib/osx/ReadMe.rtf $BUILD_DIR/output/Tor\ ReadMe.rtf
|
||||
cp LICENSE $BUILD_DIR/output/Tor\ License.txt
|
||||
cp $TORBUTTON_LIC_PATH $BUILD_DIR/output/Torbutton_LICENSE.txt
|
||||
|
||||
### Package it all into a DMG
|
||||
|
||||
|
|
|
@ -3,3 +3,4 @@ Privoxy
|
|||
torstartup
|
||||
privoxyconf
|
||||
Vidalia
|
||||
torbutton
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
# Sample Configuration File for Privoxy v3.0.x
|
||||
#
|
||||
# Copyright (C) 2001-2004 Privoxy Developers http://privoxy.org
|
||||
# Sample Configuration File for Privoxy v3.0.6
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
# Copyright (C) 2001-2006 Privoxy Developers http://privoxy.org
|
||||
#
|
||||
####################################################################
|
||||
# #
|
||||
# Table of Contents #
|
||||
|
@ -11,8 +11,8 @@
|
|||
# I. INTRODUCTION #
|
||||
# II. FORMAT OF THE CONFIGURATION FILE #
|
||||
# #
|
||||
# 1. CONFIGURATION AND LOG FILE LOCATIONS #
|
||||
# 2. LOCAL SET-UP DOCUMENTATION #
|
||||
# 1. LOCAL SET-UP DOCUMENTATION #
|
||||
# 2. CONFIGURATION AND LOG FILE LOCATIONS #
|
||||
# 3. DEBUGGING #
|
||||
# 4. ACCESS CONTROL AND SECURITY #
|
||||
# 5. FORWARDING #
|
||||
|
@ -25,8 +25,8 @@
|
|||
# ===============
|
||||
#
|
||||
# This file holds the Privoxy configuration. If you modify this file,
|
||||
# you will need to send a couple of requests to the proxy before any
|
||||
# changes take effect.
|
||||
# you will need to send a couple of requests (of any kind) to the
|
||||
# proxy before any changes take effect.
|
||||
#
|
||||
# When starting Privoxy on Unix systems, give the name of this file as
|
||||
# an argument. On Windows systems, Privoxy will look for this file
|
||||
|
@ -62,7 +62,169 @@
|
|||
#
|
||||
|
||||
#
|
||||
# 1. CONFIGURATION AND LOG FILE LOCATIONS
|
||||
# 1. LOCAL SET-UP DOCUMENTATION
|
||||
# =============================
|
||||
#
|
||||
# If you intend to operate Privoxy for more users than just yourself,
|
||||
# it might be a good idea to let them know how to reach you, what
|
||||
# you block and why you do that, your policies, etc.
|
||||
#
|
||||
|
||||
#
|
||||
# 1.1. user-manual
|
||||
# ================
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# Location of the Privoxy User Manual.
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
# A fully qualified URI
|
||||
#
|
||||
# Default value:
|
||||
#
|
||||
# Unset
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# http://www.privoxy.org/version/user-manual/ will be used,
|
||||
# where version is the Privoxy version.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# The User Manual URI is the single best source of information on
|
||||
# Privoxy, and is used for help links from some of the internal
|
||||
# CGI pages. The manual itself is normally packaged with the
|
||||
# binary distributions, so you probably want to set this to
|
||||
# a locally installed copy. For multi-user setups, you could
|
||||
# provide a copy on a local webserver for all your users and use
|
||||
# the corresponding URL here.
|
||||
#
|
||||
# Examples:
|
||||
#
|
||||
# The best all purpose solution is simply to put the full local
|
||||
# PATH to where the User Manual is located:
|
||||
#
|
||||
# user-manual /usr/share/doc/privoxy/user-manual
|
||||
#
|
||||
# The User Manual is then available to anyone with
|
||||
# access to the proxy, by following the built-in URL:
|
||||
# http://config.privoxy.org/user-manual/ (or the shortcut:
|
||||
# http://p.p/user-manual/).
|
||||
#
|
||||
# If the documentation is not on the local system, it can be
|
||||
# accessed from a remote server, as:
|
||||
#
|
||||
# user-manual http://example.com/privoxy/user-manual/
|
||||
#
|
||||
# WARNING!!!
|
||||
#
|
||||
# If set, this option should be the first option in the config
|
||||
# file, because it is used while the config file is being read.
|
||||
#
|
||||
#user-manual http://www.privoxy.org/user-manual/
|
||||
|
||||
#
|
||||
# 1.2. trust-info-url
|
||||
# ===================
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# A URL to be displayed in the error page that users will see if
|
||||
# access to an untrusted page is denied.
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
# URL
|
||||
#
|
||||
# Default value:
|
||||
#
|
||||
# Two example URL are provided
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# No links are displayed on the "untrusted" error page.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# The value of this option only matters if the experimental trust
|
||||
# mechanism has been activated. (See trustfile above.)
|
||||
#
|
||||
# If you use the trust mechanism, it is a good idea to write
|
||||
# up some on-line documentation about your trust policy and to
|
||||
# specify the URL(s) here. Use multiple times for multiple URLs.
|
||||
#
|
||||
# The URL(s) should be added to the trustfile as well, so users
|
||||
# don't end up locked out from the information on why they were
|
||||
# locked out in the first place!
|
||||
#
|
||||
trust-info-url http://www.example.com/why_we_block.html
|
||||
trust-info-url http://www.example.com/what_we_allow.html
|
||||
|
||||
#
|
||||
# 1.3. admin-address
|
||||
# ==================
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# An email address to reach the proxy administrator.
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
# Email address
|
||||
#
|
||||
# Default value:
|
||||
#
|
||||
# Unset
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# No email address is displayed on error pages and the CGI user
|
||||
# interface.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# If both admin-address and proxy-info-url are unset, the whole
|
||||
# "Local Privoxy Support" box on all generated pages will not
|
||||
# be shown.
|
||||
#
|
||||
#admin-address privoxy-admin@example.com
|
||||
|
||||
#
|
||||
# 1.4. proxy-info-url
|
||||
# ===================
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# A URL to documentation about the local Privoxy setup,
|
||||
# configuration or policies.
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
# URL
|
||||
#
|
||||
# Default value:
|
||||
#
|
||||
# Unset
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# No link to local documentation is displayed on error pages and
|
||||
# the CGI user interface.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# If both admin-address and proxy-info-url are unset, the whole
|
||||
# "Local Privoxy Support" box on all generated pages will not
|
||||
# be shown.
|
||||
#
|
||||
# This URL shouldn't be blocked ;-)
|
||||
#
|
||||
#proxy-info-url http://www.example.com/proxy-service.html
|
||||
|
||||
#
|
||||
# 2. CONFIGURATION AND LOG FILE LOCATIONS
|
||||
# =======================================
|
||||
#
|
||||
# Privoxy can (and normally does) use a number of other files for
|
||||
|
@ -75,7 +237,7 @@
|
|||
#
|
||||
|
||||
#
|
||||
# 1.1. confdir
|
||||
# 2.1. confdir
|
||||
# ============
|
||||
#
|
||||
# Specifies:
|
||||
|
@ -107,7 +269,7 @@
|
|||
confdir .
|
||||
|
||||
#
|
||||
# 1.2. logdir
|
||||
# 2.2. logdir
|
||||
# ===========
|
||||
#
|
||||
# Specifies:
|
||||
|
@ -134,7 +296,7 @@ confdir .
|
|||
logdir .
|
||||
|
||||
#
|
||||
# 1.3. actionsfile
|
||||
# 2.3. actionsfile
|
||||
# ================
|
||||
#
|
||||
# Specifies:
|
||||
|
@ -177,12 +339,12 @@ actionsfile default # Main actions file
|
|||
actionsfile user # User customizations
|
||||
|
||||
#
|
||||
# 1.4. filterfile
|
||||
# 2.4. filterfile
|
||||
# ===============
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# The filter file to use
|
||||
# The filter file(s) to use
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
|
@ -199,24 +361,30 @@ actionsfile user # User customizations
|
|||
#
|
||||
# Notes:
|
||||
#
|
||||
# The filter file contains content modification rules that use
|
||||
# regular expressions. These rules permit powerful changes on the
|
||||
# content of Web pages, e.g., you could disable your favorite
|
||||
# JavaScript annoyances, re-write the actual displayed text,
|
||||
# or just have some fun replacing "Microsoft" with "MicroSuck"
|
||||
# wherever it appears on a Web page.
|
||||
# Multiple filterfile lines are permitted.
|
||||
#
|
||||
# The filter files contain content modification rules that use
|
||||
# regular expressions. These rules permit powerful changes on
|
||||
# the content of Web pages, and optionally the headers as well,
|
||||
# e.g., you could disable your favorite JavaScript annoyances,
|
||||
# re-write the actual displayed text, or just have some fun
|
||||
# playing buzzword bingo with web pages.
|
||||
#
|
||||
# The +filter{name} actions rely on the relevant filter (name)
|
||||
# to be defined in the filter file!
|
||||
# to be defined in a filter file!
|
||||
#
|
||||
# A pre-defined filter file called default.filter that contains
|
||||
# a bunch of handy filters for common problems is included in the
|
||||
# A pre-defined filter file called default.filter that contains a
|
||||
# number of useful filters for common problems is included in the
|
||||
# distribution. See the section on the filter action for a list.
|
||||
#
|
||||
# It is recommended to place any locally adapted filters into a
|
||||
# separate file, such as user.filter.
|
||||
#
|
||||
filterfile default.filter
|
||||
#filterfile user.filter # User customizations
|
||||
|
||||
#
|
||||
# 1.5. logfile
|
||||
# 2.5. logfile
|
||||
# ============
|
||||
#
|
||||
# Specifies:
|
||||
|
@ -237,8 +405,6 @@ filterfile default.filter
|
|||
#
|
||||
# Notes:
|
||||
#
|
||||
# The windows version will additionally log to the console.
|
||||
#
|
||||
# The logfile is where all logging and error messages are
|
||||
# written. The level of detail and number of messages are set with
|
||||
# the debug option (see below). The logfile can be useful for
|
||||
|
@ -259,10 +425,10 @@ filterfile default.filter
|
|||
# Any log files must be writable by whatever user Privoxy is
|
||||
# being run as (default on UNIX, user id is "privoxy").
|
||||
#
|
||||
#logfile logfile
|
||||
#logfile privoxy.log
|
||||
|
||||
#
|
||||
# 1.6. jarfile
|
||||
# 2.6. jarfile
|
||||
# ============
|
||||
#
|
||||
# Specifies:
|
||||
|
@ -275,20 +441,24 @@ filterfile default.filter
|
|||
#
|
||||
# Default value:
|
||||
#
|
||||
# jarfile (Unix) or privoxy.jar (Windows)
|
||||
# Unset (commented out). When activated: jarfile (Unix) or
|
||||
# privoxy.jar (Windows)
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# Intercepted cookies are not stored at all.
|
||||
# Intercepted cookies are not stored in a dedicated log file.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# The jarfile may grow to ridiculous sizes over time.
|
||||
#
|
||||
#jarfile jarfile
|
||||
# If debug 8 (show header parsing) is enabled, cookies are written
|
||||
# to the logfile with the rest of the headers.
|
||||
#
|
||||
#jarfile jar.log
|
||||
|
||||
#
|
||||
# 1.7. trustfile
|
||||
# 2.7. trustfile
|
||||
# ==============
|
||||
#
|
||||
# Specifies:
|
||||
|
@ -341,169 +511,6 @@ filterfile default.filter
|
|||
#
|
||||
#trustfile trust
|
||||
|
||||
#
|
||||
# 2. LOCAL SET-UP DOCUMENTATION
|
||||
# =============================
|
||||
#
|
||||
# If you intend to operate Privoxy for more users than just yourself,
|
||||
# it might be a good idea to let them know how to reach you, what
|
||||
# you block and why you do that, your policies, etc.
|
||||
#
|
||||
|
||||
#
|
||||
# 2.1. user-manual
|
||||
# ================
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# Location of the Privoxy User Manual.
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
# A fully qualified URI
|
||||
#
|
||||
# Default value:
|
||||
#
|
||||
# Unset
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# http://www.privoxy.org/version/user-manual/ will be used,
|
||||
# where version is the Privoxy version.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# The User Manual URI is used for help links from some of the
|
||||
# internal CGI pages. The manual itself is normally packaged
|
||||
# with the binary distributions, so you probably want to set this
|
||||
# to a locally installed copy. For multi-user setups, you could
|
||||
# provide a copy on a local webserver for all your users and use
|
||||
# the corresponding URL here.
|
||||
#
|
||||
# Examples:
|
||||
#
|
||||
# Unix, in local filesystem:
|
||||
#
|
||||
# user-manual file:///usr/share/doc/privoxy-3.0.1/user-manual/index.html
|
||||
#
|
||||
# Windows, in local filesystem, must use forward slash notation,
|
||||
# and %20 to denote spaces in path names:
|
||||
#
|
||||
# user-manual file:///c:/some%20dir/privoxy/user-manual/index.html
|
||||
#
|
||||
# Windows, UNC notation (forward slashes required again):
|
||||
#
|
||||
# user-manual file://///some-server/some-path/privoxy/user-manual/index.html
|
||||
#
|
||||
# Any platform, on local webserver (called "local-webserver"):
|
||||
#
|
||||
# user-manual http://local-webserver/privoxy-user-manual/
|
||||
#
|
||||
# WARNING!!!
|
||||
#
|
||||
# If set, this option should be the first option in the config
|
||||
# file, because it is used while the config file is being read.
|
||||
#
|
||||
#user-manual http://www.privoxy.org/user-manual/
|
||||
|
||||
#
|
||||
# 2.2. trust-info-url
|
||||
# ===================
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# A URL to be displayed in the error page that users will see if
|
||||
# access to an untrusted page is denied.
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
# URL
|
||||
#
|
||||
# Default value:
|
||||
#
|
||||
# Two example URL are provided
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# No links are displayed on the "untrusted" error page.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# The value of this option only matters if the experimental trust
|
||||
# mechanism has been activated. (See trustfile above.)
|
||||
#
|
||||
# If you use the trust mechanism, it is a good idea to write
|
||||
# up some on-line documentation about your trust policy and to
|
||||
# specify the URL(s) here. Use multiple times for multiple URLs.
|
||||
#
|
||||
# The URL(s) should be added to the trustfile as well, so users
|
||||
# don't end up locked out from the information on why they were
|
||||
# locked out in the first place!
|
||||
#
|
||||
trust-info-url http://www.example.com/why_we_block.html
|
||||
trust-info-url http://www.example.com/what_we_allow.html
|
||||
|
||||
#
|
||||
# 2.3. admin-address
|
||||
# ==================
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# An email address to reach the proxy administrator.
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
# Email address
|
||||
#
|
||||
# Default value:
|
||||
#
|
||||
# Unset
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# No email address is displayed on error pages and the CGI user
|
||||
# interface.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# If both admin-address and proxy-info-url are unset, the whole
|
||||
# "Local Privoxy Support" box on all generated pages will not
|
||||
# be shown.
|
||||
#
|
||||
#admin-address privoxy-admin@example.com
|
||||
|
||||
#
|
||||
# 2.4. proxy-info-url
|
||||
# ===================
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# A URL to documentation about the local Privoxy setup,
|
||||
# configuration or policies.
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
# URL
|
||||
#
|
||||
# Default value:
|
||||
#
|
||||
# Unset
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# No link to local documentation is displayed on error pages and
|
||||
# the CGI user interface.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# If both admin-address and proxy-info-url are unset, the whole
|
||||
# "Local Privoxy Support" box on all generated pages will not
|
||||
# be shown.
|
||||
#
|
||||
# This URL shouldn't be blocked ;-)
|
||||
#
|
||||
#proxy-info-url http://www.example.com/proxy-service.html
|
||||
|
||||
#
|
||||
# 3. DEBUGGING
|
||||
# ============
|
||||
|
@ -728,10 +735,45 @@ toggle 1
|
|||
# Note that you must have compiled Privoxy with support for this
|
||||
# feature, otherwise this option has no effect.
|
||||
#
|
||||
enable-remote-toggle 1
|
||||
enable-remote-toggle 0
|
||||
|
||||
#
|
||||
# 4.4. enable-edit-actions
|
||||
# 4.4. enable-remote-http-toggle
|
||||
# ==============================
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# Whether or not Privoxy recognizes special HTTP headers to change
|
||||
# its behaviour.
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
# 0 or 1
|
||||
#
|
||||
# Default value:
|
||||
#
|
||||
# 1
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# Privoxy ignores special HTTP headers.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# When toggled on, the client can change Privoxy's behaviour by
|
||||
# setting special HTTP headers. Currently the only supported
|
||||
# special header is "X-Filter: No", to disable filtering for
|
||||
# the ongoing request, even if it is enabled in one of the
|
||||
# action files.
|
||||
#
|
||||
# If you are using Privoxy in a multi-user environment or with
|
||||
# untrustworthy clients and want to enforce filtering, you will
|
||||
# have to disable this option, otherwise you can ignore it.
|
||||
#
|
||||
enable-remote-http-toggle 0
|
||||
|
||||
#
|
||||
# 4.5. enable-edit-actions
|
||||
# ========================
|
||||
#
|
||||
# Specifies:
|
||||
|
@ -761,10 +803,10 @@ enable-remote-toggle 1
|
|||
# Note that you must have compiled Privoxy with support for this
|
||||
# feature, otherwise this option has no effect.
|
||||
#
|
||||
enable-edit-actions 1
|
||||
enable-edit-actions 0
|
||||
|
||||
#
|
||||
# 4.5. ACLs: permit-access and deny-access
|
||||
# 4.6. ACLs: permit-access and deny-access
|
||||
# ========================================
|
||||
#
|
||||
# Specifies:
|
||||
|
@ -836,7 +878,7 @@ enable-edit-actions 1
|
|||
# Allow any host on the same class C subnet as www.privoxy.org
|
||||
# access to nothing but www.example.com:
|
||||
#
|
||||
# permit-access www.privoxy.org/24 www.example.com/32
|
||||
# permit-access www.privoxy.org/24 www.example.com/32
|
||||
#
|
||||
# Allow access from any host on the 26-bit subnet 192.168.45.64
|
||||
# to anywhere, with the exception that 192.168.45.73 may not
|
||||
|
@ -847,7 +889,7 @@ enable-edit-actions 1
|
|||
#
|
||||
|
||||
#
|
||||
# 4.6. buffer-limit
|
||||
# 4.7. buffer-limit
|
||||
# =================
|
||||
#
|
||||
# Specifies:
|
||||
|
@ -889,11 +931,10 @@ buffer-limit 4096
|
|||
# This feature allows routing of HTTP requests through a chain
|
||||
# of multiple proxies. It can be used to better protect privacy
|
||||
# and confidentiality when accessing specific domains by routing
|
||||
# requests to those domains through an anonymous public proxy (see
|
||||
# e.g. http://www.multiproxy.org/anon_list.htm) Or to use a caching
|
||||
# proxy to speed up browsing. Or chaining to a parent proxy may be
|
||||
# necessary because the machine that Privoxy runs on has no direct
|
||||
# Internet access.
|
||||
# requests to those domains through an anonymous public proxy.
|
||||
# Or to use a caching proxy to speed up browsing. Or chaining to
|
||||
# a parent proxy may be necessary because the machine that Privoxy
|
||||
# runs on has no direct Internet access.
|
||||
#
|
||||
# Also specified here are SOCKS proxies. Privoxy supports the SOCKS
|
||||
# 4 and SOCKS 4A protocols.
|
||||
|
@ -1006,8 +1047,73 @@ buffer-limit 4096
|
|||
#
|
||||
# forward-socks4 / socks-gw.example.com:1080 .
|
||||
#
|
||||
# To chain Privoxy and Tor, both running on the same system,
|
||||
# you should use the rule:
|
||||
#
|
||||
forward-socks4a / 127.0.0.1:9050 .
|
||||
|
||||
#
|
||||
# The public Tor network can't be used to reach your local network,
|
||||
# therefore it's a good idea to make some exceptions:
|
||||
#
|
||||
# forward 192.168.*.*/ .
|
||||
# forward 10.*.*.*/ .
|
||||
# forward 127.*.*.*/ .
|
||||
#
|
||||
# Unencrypted connections to systems in these address ranges will
|
||||
# be as (un)secure as the local network is, but the alternative is
|
||||
# that you can't reach the network at all.
|
||||
#
|
||||
# If you also want to be able to reach servers in your local
|
||||
# network by using their names, you will need additional
|
||||
# exceptions that look like this:
|
||||
#
|
||||
# forward localhost/ .
|
||||
#
|
||||
|
||||
#
|
||||
# 5.3. forwarded-connect-retries
|
||||
# ==============================
|
||||
#
|
||||
# Specifies:
|
||||
#
|
||||
# How often Privoxy retries if a forwarded connection request
|
||||
# fails.
|
||||
#
|
||||
# Type of value:
|
||||
#
|
||||
# Number of retries.
|
||||
#
|
||||
# Default value:
|
||||
#
|
||||
# 0
|
||||
#
|
||||
# Effect if unset:
|
||||
#
|
||||
# Forwarded connections are treated like direct connections and
|
||||
# no retry attempts are made.
|
||||
#
|
||||
# Notes:
|
||||
#
|
||||
# forwarded-connect-retries is mainly interesting for socks4a
|
||||
# connections, where Privoxy can't detect why the connections
|
||||
# failed. The connection might have failed because of a DNS timeout
|
||||
# in which case a retry makes sense, but it might also have failed
|
||||
# because the server doesn't exist or isn't reachable. In this
|
||||
# case the retry will just delay the appearance of Privoxy's
|
||||
# error message.
|
||||
#
|
||||
# Only use this option, if you are getting many forwarding related
|
||||
# error messages, that go away when you try again manually. Start
|
||||
# with a small value and check Privoxy's logfile from time to time,
|
||||
# to see how many retries are usually needed.
|
||||
#
|
||||
# Examples:
|
||||
#
|
||||
# forwarded-connect-retries 1
|
||||
#
|
||||
forwarded-connect-retries 0
|
||||
|
||||
#
|
||||
# 6. WINDOWS GUI OPTIONS
|
||||
# ======================
|
||||
|
@ -1024,7 +1130,7 @@ forward-socks4a / 127.0.0.1:9050 .
|
|||
# If "log-messages" is set to 1, Privoxy will log messages to the
|
||||
# console window:
|
||||
#
|
||||
#log-messages 1
|
||||
log-messages 0
|
||||
|
||||
# If "log-buffer-size" is set to 1, the size of the log buffer,
|
||||
# i.e. the amount of memory used for the log messages displayed in
|
||||
|
|
|
@ -33,11 +33,9 @@
|
|||
## (ie "Tor", "torstartup", ...) the list should be new-line-delimited.
|
||||
PACKAGE_LIST_SRC=./package_list.txt
|
||||
|
||||
|
||||
### this is the name of the user created in the install process of Tor
|
||||
TOR_USER=_tor
|
||||
|
||||
|
||||
### these should be constant across all osX installs (so leave them be)
|
||||
STARTUP_ITEMS_DIR=/Library/StartupItems
|
||||
PKG_RCPT_BASE_DIR=/Library/Receipts
|
||||
|
@ -45,7 +43,6 @@ BOM_INTERMEDIATE_DIR=Contents/Resources
|
|||
INFO_INTERMEDIATE_DIR=$BOM_INTERMEDIATE_DIR/English.lproj
|
||||
TEMP_BOM_CONTENTS=/tmp/tor_uninst_scratch
|
||||
|
||||
|
||||
### make sure the script is being run as root, barf if not
|
||||
if [ "`whoami`" != "root" ]; then
|
||||
echo "Must be root to run the uninstall script."
|
||||
|
@ -128,13 +125,16 @@ done < $PACKAGE_LIST_SRC
|
|||
|
||||
## nuke the user created by the install process.
|
||||
echo ". Removing created user $TOR_USER"
|
||||
niutil -destroy . /users/$TOR_USER
|
||||
|
||||
if [ -x /usr/bin/dscl ]; then
|
||||
dscl . -delete /users/$TOR_USER
|
||||
else
|
||||
niutil -destroy . /users/$TOR_USER
|
||||
fi
|
||||
|
||||
## clean up
|
||||
echo ". Cleaning up"
|
||||
rm -rf $TEMP_BOM_CONTENTS
|
||||
rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/
|
||||
rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/
|
||||
|
||||
echo ". Finished"
|
||||
|
||||
|
|
|
@ -1,5 +1,39 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# ===============================================================================
|
||||
# package_nsis-ming.sh is distributed under this license:
|
||||
|
||||
# Copyright (c) 2006-2008 Andrew Lewman
|
||||
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following disclaimer
|
||||
# in the documentation and/or other materials provided with the
|
||||
# distribution.
|
||||
|
||||
# * Neither the names of the copyright owners nor the names of its
|
||||
# contributors may be used to endorse or promote products derived from
|
||||
# this software without specific prior written permission.
|
||||
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
# ===============================================================================
|
||||
|
||||
# Script to package a Tor installer on win32. This script assumes that
|
||||
# you have already built Tor, that you are running msys/mingw, and that
|
||||
# you know what you are doing.
|
||||
|
@ -21,8 +55,6 @@ mkdir win_tmp/tmp
|
|||
|
||||
cp src/or/tor.exe win_tmp/bin/
|
||||
cp src/tools/tor-resolve.exe win_tmp/bin/
|
||||
cp /usr/local/ssl/lib/libcrypto.a win_tmp/bin/
|
||||
cp /usr/local/ssl/lib/libssl.a win_tmp/bin/
|
||||
cp contrib/tor.ico win_tmp/bin/
|
||||
|
||||
# YOU must copy torbutton xpi into the contrib dir
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (c) 2006-2007 Andrew Lewman
|
||||
#
|
||||
# tor The Onion Router
|
||||
#
|
||||
# Startup/shutdown script for tor. This is a wrapper around torctl;
|
||||
|
@ -16,11 +18,12 @@
|
|||
|
||||
### BEGIN INIT INFO
|
||||
# Provides: tor
|
||||
# Required-Start: $network
|
||||
# Required-Stop: $network
|
||||
# Required-Start: $remote_fs $network
|
||||
# Required-Stop: $remote_fs $network
|
||||
# Default-Start: 3 5
|
||||
# Default-Stop: 0 1 2 6
|
||||
# Description: Start the tor daemon
|
||||
# Short-Description: Start the tor daemon
|
||||
# Description: Start the tor daemon: the anon-proxy server
|
||||
### END INIT INFO
|
||||
|
||||
. /etc/rc.status
|
||||
|
|
|
@ -1,23 +1,26 @@
|
|||
;tor.nsi - A basic win32 installer for Tor
|
||||
; Originally written by J Doe.
|
||||
; See LICENSE for licensing information
|
||||
; Modified by Steve Topletz
|
||||
; See the Tor LICENSE for licensing information
|
||||
;-----------------------------------------
|
||||
;
|
||||
!include "MUI.nsh"
|
||||
!include "LogicLib.nsh"
|
||||
!include "FileFunc.nsh"
|
||||
!insertmacro GetParameters
|
||||
|
||||
!define VERSION "0.1.2.9-rc-dev"
|
||||
!define VERSION "0.1.2.19-dev"
|
||||
!define INSTALLER "tor-${VERSION}-win32.exe"
|
||||
!define WEBSITE "http://tor.eff.org/"
|
||||
|
||||
!define WEBSITE "https://www.torproject.org/"
|
||||
!define LICENSE "LICENSE"
|
||||
;BIN is where it expects to find tor.exe, tor-resolve.exe, libcrypto.a and libssl.a
|
||||
!define BIN "..\bin"
|
||||
!define BIN "..\bin" ;BIN is where it expects to find tor.exe, tor-resolve.exe
|
||||
|
||||
SetCompressor lzma
|
||||
|
||||
SetCompressor /SOLID LZMA ;Tighter compression
|
||||
RequestExecutionLevel user ;Updated for Vista compatibility
|
||||
OutFile ${INSTALLER}
|
||||
InstallDir $PROGRAMFILES\Tor
|
||||
SetOverWrite ifnewer
|
||||
|
||||
Name "Tor"
|
||||
Caption "Tor ${VERSION} Setup"
|
||||
BrandingText "The Onion Router"
|
||||
|
@ -25,19 +28,18 @@ CRCCheck on
|
|||
XPStyle on
|
||||
VIProductVersion "${VERSION}"
|
||||
VIAddVersionKey "ProductName" "The Onion Router: Tor"
|
||||
VIAddVersionKey "Comments" "http://tor.eff.org"
|
||||
VIAddVersionKey "Comments" "${WEBSITE}"
|
||||
VIAddVersionKey "LegalTrademarks" "Three line BSD"
|
||||
VIAddVersionKey "LegalCopyright" "©2004-2007, Roger Dingledine, Nick Mathewson"
|
||||
VIAddVersionKey "FileDescription" "Tor is an implementation of Onion Routing. You can read more at http://tor.eff.org/"
|
||||
VIAddVersionKey "LegalCopyright" "©2004-2008, Roger Dingledine, Nick Mathewson"
|
||||
VIAddVersionKey "FileDescription" "Tor is an implementation of Onion Routing. You can read more at ${WEBSITE}"
|
||||
VIAddVersionKey "FileVersion" "${VERSION}"
|
||||
|
||||
!define MUI_WELCOMEPAGE_TITLE "Welcome to the Tor ${VERSION} Setup Wizard"
|
||||
!define MUI_WELCOMEPAGE_TITLE "Welcome to the Tor Setup Wizard"
|
||||
!define MUI_WELCOMEPAGE_TEXT "This wizard will guide you through the installation of Tor ${VERSION}.\r\n\r\nIf you have previously installed Tor and it is currently running, please exit Tor first before continuing this installation.\r\n\r\n$_CLICK"
|
||||
!define MUI_ABORTWARNING
|
||||
!define MUI_ICON "${NSISDIR}\Contrib\Graphics\Icons\win-install.ico"
|
||||
!define MUI_UNICON "${NSISDIR}\Contrib\Graphics\Icons\win-uninstall.ico"
|
||||
!define MUI_HEADERIMAGE_BITMAP "${NSISDIR}\Contrib\Graphics\Header\win.bmp"
|
||||
!define MUI_HEADERIMAGE
|
||||
!define MUI_FINISHPAGE_RUN "$INSTDIR\tor.exe"
|
||||
!define MUI_FINISHPAGE_LINK "Visit the Tor website for the latest updates."
|
||||
!define MUI_FINISHPAGE_LINK_LOCATION ${WEBSITE}
|
||||
|
@ -56,8 +58,12 @@ VIAddVersionKey "FileVersion" "${VERSION}"
|
|||
!insertmacro MUI_UNPAGE_FINISH
|
||||
!insertmacro MUI_LANGUAGE "English"
|
||||
|
||||
Var configdir
|
||||
Var configfile
|
||||
Var CONFIGDIR
|
||||
Var CONFIGFILE
|
||||
|
||||
Function .onInit
|
||||
Call ParseCmdLine
|
||||
FunctionEnd
|
||||
|
||||
;Sections
|
||||
;--------
|
||||
|
@ -65,95 +71,48 @@ Var configfile
|
|||
Section "Tor" Tor
|
||||
;Files that have to be installed for tor to run and that the user
|
||||
;cannot choose not to install
|
||||
SectionIn RO
|
||||
SetOutPath $INSTDIR
|
||||
File "${BIN}\tor.exe"
|
||||
File "${BIN}\tor-resolve.exe"
|
||||
File "${BIN}\tor.ico"
|
||||
WriteIniStr "$INSTDIR\Tor Website.url" "InternetShortcut" "URL" ${WEBSITE}
|
||||
SectionIn RO
|
||||
SetOutPath $INSTDIR
|
||||
Call ExtractBinaries
|
||||
Call ExtractIcon
|
||||
WriteINIStr "$INSTDIR\Tor Website.url" "InternetShortcut" "URL" ${WEBSITE}
|
||||
|
||||
StrCpy $configfile "torrc"
|
||||
StrCpy $configdir $APPDATA\Tor
|
||||
StrCpy $CONFIGFILE "torrc"
|
||||
StrCpy $CONFIGDIR $APPDATA\Tor
|
||||
; ;If $APPDATA isn't valid here (Early win95 releases with no updated
|
||||
; ; shfolder.dll) then we put it in the program directory instead.
|
||||
; StrCmp $APPDATA "" "" +2
|
||||
; StrCpy $configdir $INSTDIR
|
||||
SetOutPath $configdir
|
||||
;If there's already a torrc config file, ask if they want to
|
||||
;overwrite it with the new one.
|
||||
IfFileExists "$configdir\torrc" "" endiftorrc
|
||||
MessageBox MB_ICONQUESTION|MB_YESNO "You already have a Tor config file.$\r$\nDo you want to overwrite it with the default sample config file?" IDNO yesreplace
|
||||
Delete $configdir\torrc
|
||||
Goto endiftorrc
|
||||
yesreplace:
|
||||
StrCpy $configfile "torrc.sample"
|
||||
endiftorrc:
|
||||
File /oname=$configfile "..\src\config\torrc.sample"
|
||||
SectionEnd
|
||||
|
||||
Section "OpenSSL 0.9.8d" OpenSSL
|
||||
SetOutPath $INSTDIR
|
||||
File "${BIN}\libcrypto.a"
|
||||
File "${BIN}\libssl.a"
|
||||
; StrCpy $CONFIGDIR $INSTDIR
|
||||
SetOutPath $CONFIGDIR
|
||||
;If there's already a torrc config file, ask if they want to
|
||||
;overwrite it with the new one.
|
||||
${If} ${FileExists} "$CONFIGDIR\torrc"
|
||||
MessageBox MB_ICONQUESTION|MB_YESNO "You already have a Tor config file.$\r$\nDo you want to overwrite it with the default sample config file?" IDYES Yes IDNO No
|
||||
Yes:
|
||||
Delete $CONFIGDIR\torrc
|
||||
Goto Next
|
||||
No:
|
||||
StrCpy $CONFIGFILE "torrc.sample"
|
||||
Next:
|
||||
${EndIf}
|
||||
File /oname=$CONFIGFILE "..\src\config\torrc.sample"
|
||||
SectionEnd
|
||||
|
||||
Section "Documents" Docs
|
||||
SetOutPath "$INSTDIR\Documents"
|
||||
;File "doc\FAQ"
|
||||
File "..\doc\HACKING"
|
||||
File "..\doc\spec\address-spec.txt"
|
||||
File "..\doc\spec\control-spec.txt"
|
||||
File "..\doc\spec\control-spec-v0.txt"
|
||||
File "..\doc\spec\dir-spec.txt"
|
||||
File "..\doc\spec\dir-spec-v1.txt"
|
||||
File "..\doc\spec\path-spec.txt"
|
||||
File "..\doc\spec\rend-spec.txt"
|
||||
File "..\doc\spec\socks-extensions.txt"
|
||||
File "..\doc\spec\tor-spec.txt"
|
||||
File "..\doc\spec\version-spec.txt"
|
||||
;
|
||||
; WEBSITE-FILES-HERE
|
||||
;
|
||||
File "..\doc\tor-resolve.html"
|
||||
File "..\doc\tor-reference.html"
|
||||
;
|
||||
File "..\doc\design-paper\tor-design.pdf"
|
||||
;
|
||||
File "..\README"
|
||||
File "..\AUTHORS"
|
||||
File "..\ChangeLog"
|
||||
File "..\LICENSE"
|
||||
Call ExtractDocuments
|
||||
SectionEnd
|
||||
|
||||
;Section "TorButton for FireFox" Torbutton
|
||||
; SetOutPath $INSTDIR
|
||||
; File "${BIN}\torbutton-1.0.4-fx+tb.xpi"
|
||||
;
|
||||
; ReadRegStr $1 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe" "Path"
|
||||
; StrCmp $1 "" +2 0 ; if Path is empty or null, then skip to an error, otherwise proceed
|
||||
; Exec '"$1firefox.exe" -install-global-extension "$INSTDIR\torbutton-1.0.4-fx+tb.xpi"'
|
||||
; DetailPrint "Torbutton installed"
|
||||
; Goto +2
|
||||
; MessageBox MB_OK|MB_ICONSTOP "FireFox wasn't found on your system. Not installing Torbutton."
|
||||
; DetailPrint "Firefox NOT found."
|
||||
;SectionEnd
|
||||
|
||||
SubSection /e "Shortcuts" Shortcuts
|
||||
|
||||
Section "Start Menu" StartMenu
|
||||
SetOutPath $INSTDIR
|
||||
IfFileExists "$SMPROGRAMS\Tor\*.*" "" +2
|
||||
RMDir /r "$SMPROGRAMS\Tor"
|
||||
CreateDirectory "$SMPROGRAMS\Tor"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Tor.lnk" "$INSTDIR\tor.exe" "" "$INSTDIR\tor.ico"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Torrc.lnk" "Notepad.exe" "$configdir\torrc"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Tor Website.lnk" "$INSTDIR\Tor Website.url"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Uninstall.lnk" "$INSTDIR\Uninstall.exe"
|
||||
IfFileExists "$INSTDIR\Documents\*.*" "" endifdocs
|
||||
CreateDirectory "$SMPROGRAMS\Tor\Documents"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Documents\Tor Manual.lnk" "$INSTDIR\Documents\tor-reference.html"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Documents\Tor Documentation.lnk" "$INSTDIR\Documents"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Documents\Tor Specification.lnk" "$INSTDIR\Documents\tor-spec.txt"
|
||||
SetOutPath $INSTDIR
|
||||
${If} ${FileExists} "$SMPROGRAMS\Tor\*.*"
|
||||
RMDir /r "$SMPROGRAMS\Tor"
|
||||
${EndIf}
|
||||
Call CreateTorLinks
|
||||
${If} ${FileExists} "$INSTDIR\Documents\*.*"
|
||||
Call CreateDocLinks
|
||||
${EndIf}
|
||||
endifdocs:
|
||||
SectionEnd
|
||||
|
||||
|
@ -170,24 +129,7 @@ SectionEnd
|
|||
SubSectionEnd
|
||||
|
||||
Section "Uninstall"
|
||||
Delete "$DESKTOP\Tor.lnk"
|
||||
Delete "$INSTDIR\libcrypto.a"
|
||||
Delete "$INSTDIR\libssl.a"
|
||||
Delete "$INSTDIR\tor.exe"
|
||||
Delete "$INSTDIR\tor-resolve.exe"
|
||||
Delete "$INSTDIR\Tor Website.url"
|
||||
Delete "$INSTDIR\torrc"
|
||||
Delete "$INSTDIR\torrc.sample"
|
||||
Delete "$INSTDIR\tor.ico"
|
||||
StrCmp $configdir $INSTDIR +2 ""
|
||||
RMDir /r $configdir
|
||||
Delete "$INSTDIR\Uninstall.exe"
|
||||
RMDir /r "$INSTDIR\Documents"
|
||||
RMDir $INSTDIR
|
||||
RMDir /r "$SMPROGRAMS\Tor"
|
||||
RMDir /r "$APPDATA\Tor"
|
||||
Delete "$SMSTARTUP\Tor.lnk"
|
||||
DeleteRegKey HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tor"
|
||||
Call un.InstallPackage
|
||||
SectionEnd
|
||||
|
||||
Section -End
|
||||
|
@ -199,12 +141,125 @@ Section -End
|
|||
SectionEnd
|
||||
|
||||
!insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${Tor} "The core executable and config files needed for Tor to run."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${OpenSSL} "OpenSSL libraries required by Tor."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${Docs} "Documentation about Tor."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${ShortCuts} "Shortcuts to easily start Tor"
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Tor and it's documentation from the Start Menu"
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${Desktop} "A shortcut to start Tor from the desktop"
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${Startup} "Launches Tor automatically at startup in a minimized window"
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${Tor} "The core executable and config files needed for Tor to run."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${Docs} "Documentation about Tor."
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${ShortCuts} "Shortcuts to easily start Tor"
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${StartMenu} "Shortcuts to access Tor and it's documentation from the Start Menu"
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${Desktop} "A shortcut to start Tor from the desktop"
|
||||
!insertmacro MUI_DESCRIPTION_TEXT ${Startup} "Launches Tor automatically at startup in a minimized window"
|
||||
!insertmacro MUI_FUNCTION_DESCRIPTION_END
|
||||
|
||||
;####################Functions#########################
|
||||
|
||||
Function ExtractBinaries
|
||||
File "${BIN}\tor.exe"
|
||||
File "${BIN}\tor-resolve.exe"
|
||||
FunctionEnd
|
||||
|
||||
Function ExtractIcon
|
||||
File "${BIN}\tor.ico"
|
||||
FunctionEnd
|
||||
|
||||
Function ExtractSpecs
|
||||
;File "doc\FAQ"
|
||||
File "..\doc\HACKING"
|
||||
File "..\doc\spec\address-spec.txt"
|
||||
File "..\doc\spec\control-spec.txt"
|
||||
File "..\doc\spec\control-spec-v0.txt"
|
||||
File "..\doc\spec\dir-spec.txt"
|
||||
File "..\doc\spec\dir-spec-v1.txt"
|
||||
File "..\doc\spec\path-spec.txt"
|
||||
File "..\doc\spec\rend-spec.txt"
|
||||
File "..\doc\spec\socks-extensions.txt"
|
||||
File "..\doc\spec\tor-spec.txt"
|
||||
File "..\doc\spec\version-spec.txt"
|
||||
FunctionEnd
|
||||
|
||||
Function ExtractHTML
|
||||
File "..\doc\tor-resolve.html"
|
||||
File "..\doc\tor-reference.html"
|
||||
FunctionEnd
|
||||
|
||||
Function ExtractDesignDocs
|
||||
File "..\doc\design-paper\tor-design.pdf"
|
||||
FunctionEnd
|
||||
|
||||
Function ExtractReleaseDocs
|
||||
File "..\README"
|
||||
File "..\AUTHORS"
|
||||
File "..\ChangeLog"
|
||||
File "..\LICENSE"
|
||||
FunctionEnd
|
||||
|
||||
Function ExtractDocuments
|
||||
SetOutPath "$INSTDIR\Documents"
|
||||
Call ExtractSpecs
|
||||
Call ExtractHTML
|
||||
Call ExtractDesignDocs
|
||||
Call ExtractReleaseDocs
|
||||
FunctionEnd
|
||||
|
||||
Function un.InstallFiles
|
||||
Delete "$DESKTOP\Tor.lnk"
|
||||
Delete "$INSTDIR\tor.exe"
|
||||
Delete "$INSTDIR\tor-resolve.exe"
|
||||
Delete "$INSTDIR\Tor Website.url"
|
||||
Delete "$INSTDIR\torrc"
|
||||
Delete "$INSTDIR\torrc.sample"
|
||||
Delete "$INSTDIR\tor.ico"
|
||||
Delete "$SMSTARTUP\Tor.lnk"
|
||||
Delete "$INSTDIR\Uninstall.exe"
|
||||
FunctionEnd
|
||||
|
||||
Function un.InstallDirectories
|
||||
${If} $CONFIGDIR == $INSTDIR
|
||||
RMDir /r $CONFIGDIR
|
||||
${EndIf}
|
||||
RMDir /r "$INSTDIR\Documents"
|
||||
RMDir $INSTDIR
|
||||
RMDir /r "$SMPROGRAMS\Tor"
|
||||
RMDir /r "$APPDATA\Tor"
|
||||
FunctionEnd
|
||||
|
||||
Function un.WriteRegistry
|
||||
DeleteRegKey HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tor"
|
||||
FunctionEnd
|
||||
|
||||
Function un.InstallPackage
|
||||
Call un.InstallFiles
|
||||
Call un.InstallDirectories
|
||||
Call un.WriteRegistry
|
||||
FunctionEnd
|
||||
|
||||
Function CreateTorLinks
|
||||
CreateDirectory "$SMPROGRAMS\Tor"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Tor.lnk" "$INSTDIR\tor.exe" "" "$INSTDIR\tor.ico"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Torrc.lnk" "Notepad.exe" "$CONFIGDIR\torrc"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Tor Website.lnk" "$INSTDIR\Tor Website.url"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Uninstall.lnk" "$INSTDIR\Uninstall.exe"
|
||||
FunctionEnd
|
||||
|
||||
Function CreateDocLinks
|
||||
CreateDirectory "$SMPROGRAMS\Tor\Documents"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Documents\Tor Manual.lnk" "$INSTDIR\Documents\tor-reference.html"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Documents\Tor Documentation.lnk" "$INSTDIR\Documents"
|
||||
CreateShortCut "$SMPROGRAMS\Tor\Documents\Tor Specification.lnk" "$INSTDIR\Documents\tor-spec.txt"
|
||||
FunctionEnd
|
||||
|
||||
Function ParseCmdLine
|
||||
${GetParameters} $1
|
||||
${If} $1 == "-x" ;Extract All Files
|
||||
StrCpy $INSTDIR $EXEDIR
|
||||
Call ExtractBinaries
|
||||
Call ExtractDocuments
|
||||
Quit
|
||||
${ElseIf} $1 == "-b" ;Extract Binaries Only
|
||||
StrCpy $INSTDIR $EXEDIR
|
||||
Call ExtractBinaries
|
||||
Quit
|
||||
${ElseIf} $1 != ""
|
||||
MessageBox MB_OK|MB_TOPMOST `${Installer} [-x|-b]$\r$\n$\r$\n -x Extract all files$\r$\n -b Extract binary files only`
|
||||
Quit
|
||||
${EndIf}
|
||||
FunctionEnd
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
|
||||
!define VERSION "0.1.2.3-alpha-dev"
|
||||
!define INSTALLER "tor-${VERSION}-win32.exe"
|
||||
!define WEBSITE "http://tor.eff.org/"
|
||||
!define WEBSITE "https://www.torproject.org/"
|
||||
|
||||
!define LICENSE "..\LICENSE"
|
||||
;BIN is where it expects to find tor.exe, tor_resolve.exe, libeay32.dll and
|
||||
|
|
|
@ -1,6 +1,102 @@
|
|||
tor (0.1.2.19-3) unstable; urgency=critical
|
||||
|
||||
* It's 2008. Now is the time to add copyright statements for 2007.
|
||||
* Work around fig2dev failing to build the images on all archs -
|
||||
backport from 0.2.0.22-rc-1 (re #457568).
|
||||
* backport from 0.2.0.26-rc-1: Conflict with old libssls.
|
||||
* backport from 0.2.0.26-rc-1: On upgrading from versions prior to,
|
||||
including, 0.1.2.19-2 if we are a server (we have a /var/lib/tor/keys
|
||||
directory)
|
||||
- move /var/lib/tor/keys/secret_onion_key out of the way.
|
||||
- move /var/lib/tor/keys/secret_onion_key.old out of the way.
|
||||
- move /var/lib/tor/keys/secret_id_key out of the way if it was
|
||||
created on or after 2006-09-17, which is the day the bad
|
||||
libssl was uploaded to Debian unstable.
|
||||
* backport from 0.2.0.26-rc-1: Add a NEWS file explaining this change.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Wed, 14 May 2008 15:05:47 +0200
|
||||
|
||||
tor (0.1.2.19-2) unstable; urgency=low
|
||||
|
||||
* Backport from 0.2.0.18-alpha + 1: We now use the shipped images
|
||||
on mipsel and sparc (in addition to s390) because fig2dev segfaults
|
||||
on those archs (re #457568).
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Sat, 2 Feb 2008 15:14:23 +0100
|
||||
|
||||
tor (0.1.2.19-1) unstable; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Thu, 17 Jan 2008 20:57:42 +0100
|
||||
|
||||
tor (0.1.2.18-1) unstable; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Mon, 29 Oct 2007 20:36:38 +0100
|
||||
|
||||
tor (0.1.2.17-1) unstable; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Fri, 31 Aug 2007 03:14:33 +0200
|
||||
|
||||
tor (0.1.2.16-1) unstable; urgency=high
|
||||
|
||||
* New upstream version.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Thu, 2 Aug 2007 06:43:09 +0200
|
||||
|
||||
tor (0.1.2.15-1) unstable; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
* Change build-depends from tetex to texlive suite.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Thu, 19 Jul 2007 22:33:43 +0200
|
||||
|
||||
tor (0.1.2.14-1) unstable; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Fri, 25 May 2007 21:49:20 +0200
|
||||
|
||||
tor (0.1.2.13-3) unstable; urgency=low
|
||||
|
||||
* Always give a shell (/bin/sh) when we use su(1) in our init script
|
||||
(closes: #421465).
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Sun, 6 May 2007 14:44:11 +0200
|
||||
|
||||
tor (0.1.2.13-2) unstable; urgency=low
|
||||
|
||||
* In options_init_from_torrc()'s error path only config_free() options
|
||||
if they already have been initialized (closes: #421235).
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Fri, 27 Apr 2007 13:06:37 +0200
|
||||
|
||||
tor (0.1.2.13-1) unstable; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Tue, 24 Apr 2007 21:21:10 +0200
|
||||
|
||||
tor (0.1.2.12-rc-1) experimental; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Sat, 17 Mar 2007 11:35:31 +0100
|
||||
|
||||
tor (0.1.2.10-rc-1) experimental; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
* Change recommends on privoxy to privoxy | polipo (>= 1) (closes: #413728).
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Fri, 9 Mar 2007 10:57:40 +0100
|
||||
|
||||
tor (0.1.2.8-beta-1) experimental; urgency=low
|
||||
|
||||
* upstream version.
|
||||
* New upstream version.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Mon, 26 Feb 2007 11:50:49 +0100
|
||||
|
||||
|
|
|
@ -2,13 +2,14 @@ Source: tor
|
|||
Section: comm
|
||||
Priority: optional
|
||||
Maintainer: Peter Palfrader <weasel@debian.org>
|
||||
Build-Depends: debhelper (>= 4.1.65), libssl-dev, dpatch, zlib1g-dev, libevent-dev (>= 1.1), tetex-bin, tetex-extra, transfig, gs, binutils (>= 2.14.90.0.7)
|
||||
Build-Depends: debhelper (>= 4.1.65), libssl-dev, dpatch, zlib1g-dev, libevent-dev (>= 1.1), texlive-base-bin, texlive-latex-base, texlive-fonts-recommended, transfig, gs, binutils (>= 2.14.90.0.7)
|
||||
Standards-Version: 3.7.2
|
||||
|
||||
Package: tor
|
||||
Architecture: any
|
||||
Depends: ${shlibs:Depends}, adduser, tsocks
|
||||
Recommends: privoxy, socat
|
||||
Conflicts: libssl0.9.8 (<< 0.9.8g-9)
|
||||
Recommends: privoxy | polipo (>= 1), socat
|
||||
Suggests: mixmaster, mixminion, anon-proxy
|
||||
Description: anonymizing overlay network for TCP
|
||||
Tor is a connection-based low-latency anonymous communication system which
|
||||
|
|
|
@ -9,14 +9,16 @@ Upstream Authors: Roger Dingledine <arma@freehaven.net>
|
|||
Copyright (c) 2001 Matej Pfajfar
|
||||
Copyright (c) 2001-2004, Roger Dingledine
|
||||
Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
|
||||
Copyright (c) 2007-2008, The Tor Project, Inc.
|
||||
strlcat, strlcpy: Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
ht.h: Copyright (c) 2002, Christopher Clark, 2006 Nick Mathewson
|
||||
Modifications for Debian: Copyright (c) 2004, 2005, 2006 Peter Palfrader
|
||||
Modifications for Debian: Copyright (c) 2004, 2005, 2006, 2007, 2008 Peter Palfrader
|
||||
|
||||
Tor is distributed under this license:
|
||||
===============================================================================
|
||||
Copyright (c) 2001-2004, Roger Dingledine
|
||||
Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
|
||||
Copyright (c) 2007-2008, The Tor Project, Inc.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
|
|
|
@ -23,9 +23,9 @@ esac
|
|||
exit 0
|
||||
|
||||
@DPATCH@
|
||||
diff -urNad tor~/src/or/config.c tor/src/or/config.c
|
||||
--- tor~/src/or/config.c 2006-07-23 19:31:29.000000000 +0200
|
||||
+++ tor/src/or/config.c 2006-07-24 05:13:19.924871985 +0200
|
||||
diff -urNad tor-debian~/src/or/config.c tor-debian/src/or/config.c
|
||||
--- tor-debian~/src/or/config.c 2007-03-06 21:52:33.000000000 +0100
|
||||
+++ tor-debian/src/or/config.c 2007-04-27 13:05:42.420147495 +0200
|
||||
@@ -12,6 +12,7 @@
|
||||
**/
|
||||
|
||||
|
@ -34,8 +34,8 @@ diff -urNad tor~/src/or/config.c tor/src/or/config.c
|
|||
#ifdef MS_WINDOWS
|
||||
#include <shlobj.h>
|
||||
#endif
|
||||
@@ -396,6 +397,10 @@
|
||||
static void check_libevent_version(const char *m, const char *v, int server);
|
||||
@@ -592,6 +593,10 @@
|
||||
static void check_libevent_version(const char *m, int server);
|
||||
#endif
|
||||
|
||||
+static int debian_running_as_debiantor();
|
||||
|
@ -44,8 +44,8 @@ diff -urNad tor~/src/or/config.c tor/src/or/config.c
|
|||
+
|
||||
/*static*/ or_options_t *options_new(void);
|
||||
|
||||
#define OR_OPTIONS_MAGIC 9090909
|
||||
@@ -2663,7 +2668,7 @@
|
||||
/** Magic value for or_options_t. */
|
||||
@@ -2982,7 +2987,7 @@
|
||||
int
|
||||
options_init_from_torrc(int argc, char **argv)
|
||||
{
|
||||
|
@ -54,7 +54,7 @@ diff -urNad tor~/src/or/config.c tor/src/or/config.c
|
|||
config_line_t *cl;
|
||||
char *cf=NULL, *fname=NULL, *errmsg=NULL;
|
||||
int i, retval;
|
||||
@@ -2671,6 +2676,9 @@
|
||||
@@ -2991,6 +2996,9 @@
|
||||
static char **backup_argv;
|
||||
static int backup_argc;
|
||||
|
||||
|
@ -64,7 +64,17 @@ diff -urNad tor~/src/or/config.c tor/src/or/config.c
|
|||
if (argv) { /* first time we're called. save commandline args */
|
||||
backup_argv = argv;
|
||||
backup_argc = argc;
|
||||
@@ -3948,3 +3956,52 @@
|
||||
@@ -3120,7 +3128,8 @@
|
||||
err:
|
||||
tor_free(fname);
|
||||
torrc_fname = NULL;
|
||||
- config_free(&options_format, newoptions);
|
||||
+ if (newoptions)
|
||||
+ config_free(&options_format, newoptions);
|
||||
if (errmsg) {
|
||||
log(LOG_WARN,LD_CONFIG,"Failed to parse/validate config: %s", errmsg);
|
||||
tor_free(errmsg);
|
||||
@@ -4306,3 +4315,52 @@
|
||||
puts(routerparse_c_id);
|
||||
}
|
||||
|
||||
|
@ -79,7 +89,7 @@ diff -urNad tor~/src/or/config.c tor/src/or/config.c
|
|||
+ uid = getuid();
|
||||
+ pw = getpwuid(uid);
|
||||
+ if (!pw) {
|
||||
+ log(LOG_WARN, LD_GENERAL, "Could not get passwd information for %d.", uid);
|
||||
+ log(LOG_WARN, LD_GENERAL, "Could not get passwd information for uid %d.", uid);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ assert(pw->pw_name);
|
||||
|
|
|
@ -92,7 +92,7 @@ build-stamp: config.status
|
|||
@echo
|
||||
|
||||
# XXX
|
||||
# So, gs-gpl on s390 is broken (#321435) and fails to properly build
|
||||
# So, gs-gpl on s390 is broken (#457568) and fails to properly build
|
||||
# .pdf files from .fig files using fig2dev. Therefore we ship them
|
||||
# until this bug is fixed.
|
||||
#
|
||||
|
@ -100,15 +100,15 @@ build-stamp: config.status
|
|||
#
|
||||
# the hexdumps were built using something like
|
||||
# perl -e 'while (<>) { print unpack ("H*", $_); }' interaction.pdf | fold > hexdump-interaction.pdf
|
||||
if [ "$(DEB_BUILD_GNU_TYPE)" = "s390-linux-gnu" ]; then \
|
||||
cd doc/design-paper; \
|
||||
#
|
||||
# And it fails on a bunch of other archs too.
|
||||
cd doc/design-paper; \
|
||||
fig2dev -L pdf cell-struct.fig cell-struct.pdf || \
|
||||
( echo "** Using shipped pdf file because fig2dev failed"; \
|
||||
perl -e 'while (<>) { chomp; print pack ("H*", $$_); }' ../../debian/hexdump-cell-struct.pdf > cell-struct.pdf ); \
|
||||
fig2dev -L pdf interaction.fig interaction.pdf || \
|
||||
( echo "** Using shipped pdf file because fig2dev failed"; \
|
||||
perl -e 'while (<>) { chomp; print pack ("H*", $$_); }' ../../debian/hexdump-interaction.pdf > interaction.pdf ); \
|
||||
fi
|
||||
# XXX ends
|
||||
|
||||
make -C doc/design-paper tor-design.ps tor-design.pdf
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
tor (0.2.0.26-rc-1) experimental; urgency=critical
|
||||
|
||||
* weak cryptographic keys
|
||||
|
||||
It has been discovered that the random number generator in Debian's
|
||||
openssl package is predictable. This is caused by an incorrect
|
||||
Debian-specific change to the openssl package (CVE-2008-0166). As a
|
||||
result, cryptographic key material may be guessable.
|
||||
|
||||
See Debian Security Advisory number 1571 (DSA-1571) for more information:
|
||||
http://lists.debian.org/debian-security-announce/2008/msg00152.html
|
||||
|
||||
If you run a Tor server using this package please see
|
||||
/var/lib/tor/keys/moved-away-by-tor-package/README.REALLY
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Tue, 13 May 2008 12:49:05 +0200
|
|
@ -90,9 +90,9 @@ case "$1" in
|
|||
fi
|
||||
|
||||
echo "Starting $DESC: $NAME..."
|
||||
if ! su -c "$DAEMON --verify-config" debian-tor > /dev/null; then
|
||||
if ! su -s /bin/sh -c "$DAEMON --verify-config" debian-tor > /dev/null; then
|
||||
echo "ABORTED: Tor configuration invalid:" >&2
|
||||
su -c "$DAEMON --verify-config" debian-tor >&2
|
||||
su -s /bin/sh -c "$DAEMON --verify-config" debian-tor >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
@ -131,9 +131,9 @@ case "$1" in
|
|||
exit 0
|
||||
fi
|
||||
|
||||
if ! su -c "$DAEMON --verify-config" debian-tor > /dev/null; then
|
||||
if ! su -s /bin/sh -c "$DAEMON --verify-config" debian-tor > /dev/null; then
|
||||
echo "ABORTED: Tor configuration invalid:" >&2
|
||||
su -c "$DAEMON --verify-config" debian-tor >&2
|
||||
su -s /bin/sh -c "$DAEMON --verify-config" debian-tor >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
@ -148,9 +148,9 @@ case "$1" in
|
|||
fi
|
||||
;;
|
||||
restart)
|
||||
if ! su -c "$DAEMON --verify-config" debian-tor > /dev/null; then
|
||||
if ! su -s /bin/sh -c "$DAEMON --verify-config" debian-tor > /dev/null; then
|
||||
echo "Restarting Tor ABORTED: Tor configuration invalid:" >&2
|
||||
su -c "$DAEMON --verify-config" debian-tor >&2
|
||||
su -s /bin/sh -c "$DAEMON --verify-config" debian-tor >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
|
@ -61,6 +61,68 @@ else
|
|||
fi
|
||||
fi
|
||||
|
||||
|
||||
move_away_keys=0
|
||||
|
||||
if [ "$1" = "configure" ] &&
|
||||
[ -e /var/lib/tor/keys ] &&
|
||||
[ ! -z "$2" ]; then
|
||||
if dpkg --compare-versions "$2" lt 0.1.2.19-2; then
|
||||
move_away_keys=1
|
||||
fi
|
||||
fi
|
||||
if [ "$move_away_keys" = "1" ]; then
|
||||
echo "Retiring possibly compromised keys. See /usr/share/doc/tor/NEWS.Debian.gz"
|
||||
echo "and /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY for"
|
||||
echo "further information."
|
||||
if ! [ -d /var/lib/tor/keys/moved-away-by-tor-package ]; then
|
||||
mkdir /var/lib/tor/keys/moved-away-by-tor-package
|
||||
cat > /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY << EOF
|
||||
It has been discovered that the random number generator in Debian's
|
||||
openssl package is predictable. This is caused by an incorrect
|
||||
Debian-specific change to the openssl package (CVE-2008-0166). As a
|
||||
result, cryptographic key material may be guessable.
|
||||
|
||||
See Debian Security Advisory number 1571 (DSA-1571) for more information:
|
||||
http://lists.debian.org/debian-security-announce/2008/msg00152.html
|
||||
|
||||
The Debian package for Tor has moved away the onion keys upon package
|
||||
upgrade, and it will have moved away your identity key if it was created
|
||||
in the affected timeframe. There is no sure way to automatically tell
|
||||
if your key was created with an affected openssl library, so this move
|
||||
is done unconditionally.
|
||||
|
||||
If you have restarted Tor since this change (and the package probably
|
||||
did that for you already unless you configured your system differently)
|
||||
then the Tor daemon already created new keys for itself and in all
|
||||
likelyhood is already working just fine with new keys.
|
||||
|
||||
If you are absolutely certain that your identity key was created with
|
||||
a non-affected version of openssl and for some reason you have to retain
|
||||
the old identity, then you can move back the copy of secret_id_key to
|
||||
/var/lib/tor/keys. Do not move back the onion keys, they were created
|
||||
only recently since they are temporary keys with a lifetime of only a few
|
||||
days anyway.
|
||||
|
||||
Sincerely,
|
||||
Peter Palfrader, Tue, 13 May 2008 13:32:23 +0200
|
||||
EOF
|
||||
fi
|
||||
for f in secret_onion_key secret_onion_key.old; do
|
||||
if [ -e /var/lib/tor/keys/"$f" ]; then
|
||||
mv -v /var/lib/tor/keys/"$f" /var/lib/tor/keys/moved-away-by-tor-package/"$f"
|
||||
fi
|
||||
done
|
||||
if [ -e /var/lib/tor/keys/secret_id_key ]; then
|
||||
id_mtime=`/usr/bin/stat -c %Y /var/lib/tor/keys/secret_id_key`
|
||||
sept=`date -d '2006-09-10' +%s`
|
||||
if [ "$id_mtime" -gt "$sept" ] ; then
|
||||
mv -v /var/lib/tor/keys/secret_id_key /var/lib/tor/keys/moved-away-by-tor-package/secret_id_key
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
(Remember to include both the revision number _AND_ an abbreviated
|
||||
description of the patch.)
|
||||
|
||||
Backport items for 0.1.2:
|
||||
o r11166: Don't believe future dates from the state file.
|
||||
o r11828+: Detect bad sa_family from accept().
|
||||
o r11882: Avoid crash-bug 451.
|
||||
o r11886: Consider family as well as identity when cannibalizing circuits.
|
||||
- backport the osx privoxy.config changes
|
||||
X no need to backport the windows privoxy.config changes because they're
|
||||
not in SVN??
|
||||
o r12339: rlim_t may be wider than unsigned long.
|
||||
o r12341: Work if the real open-file limit is OPEN_FILES.
|
||||
o r12459: Exit policies reject public IP address too
|
||||
X r13532: Drop tor_strpartition().
|
||||
|
||||
Backport for 0.1.2.x once better tested:
|
||||
D r11287: Reject address mappings to internal addresses. (??)
|
||||
(this will break some existing test-network configurations, yes?)
|
||||
o r11499, r11500, r11501: hidserv hexdigests rather than nicknames
|
||||
o r11829: Don't warn when cancel_pending_resolve() finds a cached failure.
|
||||
o r11915: just because you hup, don't publish a near-duplicate descriptor
|
||||
d r11994: Call routerlist_remove_old_routers() less. This will be a
|
||||
tricky backport.
|
||||
X r12153 and r12154: Give better warnings when we fail to mmap a descriptor
|
||||
store that we just wrote.
|
||||
X r12945: better cross-compilation support in configure.in
|
||||
X r12946: iPhone support; requires r12945.
|
||||
X r13647: Make "trackhostexits ." work
|
||||
- Document that trackhostexits . doesn't work in 0.1.2.x
|
||||
- r13406: fix bandwidth bucket calculations
|
||||
- r13372: Don't use ourselves as intro point, rend point, or final hop
|
||||
for internal circuits.
|
||||
- r13643: reset timeout when flushing final bytes from a connection.
|
||||
- r13655: avoid flush on connection closed because of bug.
|
|
@ -199,13 +199,13 @@
|
|||
@Misc{tor-spec,
|
||||
author = {Roger Dingledine and Nick Mathewson},
|
||||
title = {Tor Protocol Specifications},
|
||||
note = {\url{http://tor.eff.org/svn/trunk/doc/tor-spec.txt}},
|
||||
note = {\url{https://www.torproject.org/svn/trunk/doc/tor-spec.txt}},
|
||||
}
|
||||
|
||||
@Misc{incentives-txt,
|
||||
author = {Roger Dingledine and Nick Mathewson},
|
||||
title = {Tor Incentives Design Brainstorms},
|
||||
note = {\url{http://tor.eff.org/svn/trunk/doc/incentives.txt}},
|
||||
note = {\url{https://www.torproject.org/svn/trunk/doc/incentives.txt}},
|
||||
}
|
||||
|
||||
@InProceedings{BM:mixencrypt,
|
||||
|
@ -1134,7 +1134,7 @@
|
|||
booktitle = {Proceedings of the 13th USENIX Security Symposium},
|
||||
year = {2004},
|
||||
month = {August},
|
||||
note = {\url{http://tor.eff.org/tor-design.pdf}}
|
||||
note = {\url{https://www.torproject.org/tor-design.pdf}}
|
||||
}
|
||||
|
||||
@inproceedings{flow-correlation04,
|
||||
|
|
|
@ -194,7 +194,7 @@ $Id$
|
|||
EventCode = "CIRC" / "STREAM" / "ORCONN" / "BW" / "DEBUG" /
|
||||
"INFO" / "NOTICE" / "WARN" / "ERR" / "NEWDESC" / "ADDRMAP" /
|
||||
"AUTHDIR_NEWDESCS" / "DESCCHANGED" / "STATUS_GENERAL" /
|
||||
"STATUS_CLIENT" / "STATUS_SERVER" / "GUARDS" / "NS" / "STREAM_BW"
|
||||
"STATUS_CLIENT" / "STATUS_SERVER" / "GUARD" / "NS" / "STREAM_BW"
|
||||
|
||||
Any events *not* listed in the SETEVENTS line are turned off; thus, sending
|
||||
SETEVENTS with an empty body turns off all event reporting.
|
||||
|
@ -299,8 +299,8 @@ $Id$
|
|||
address.
|
||||
|
||||
Example:
|
||||
C: MAPADDRESS 0.0.0.0=tor.eff.org 1.2.3.4=tor.freehaven.net
|
||||
S: 250-127.192.10.10=tor.eff.org
|
||||
C: MAPADDRESS 0.0.0.0=torproject.org 1.2.3.4=tor.freehaven.net
|
||||
S: 250-127.192.10.10=torproject.org
|
||||
S: 250 1.2.3.4=tor.freehaven.net
|
||||
|
||||
{Note: This feature is designed to be used to help Tor-ify applications
|
||||
|
@ -378,8 +378,8 @@ $Id$
|
|||
"addr-mappings/all"
|
||||
"addr-mappings/config"
|
||||
"addr-mappings/cache"
|
||||
"addr-mappings/control" -- a space-separated list of address
|
||||
mappings, each in the form of "from-address=to-address".
|
||||
"addr-mappings/control" -- a \r\n-separated list of address
|
||||
mappings, each in the form of "from-address to-address".
|
||||
The 'config' key returns those address mappings set in the
|
||||
configuration; the 'cache' key returns the mappings in the
|
||||
client-side DNS cache; the 'control' key returns the mappings set
|
||||
|
@ -1263,7 +1263,7 @@ $Id$
|
|||
4.1.11. Our set of guard nodes has changed
|
||||
|
||||
Syntax:
|
||||
"650" SP "GUARDS" SP Type SP Name SP Status ... CRLF
|
||||
"650" SP "GUARD" SP Type SP Name SP Status ... CRLF
|
||||
Type = "ENTRY"
|
||||
Name = The (possibly verbose) nickname of the guard affected.
|
||||
Status = "NEW" | "UP" | "DOWN" | "BAD" | "GOOD" | "DROPPED"
|
||||
|
|
|
@ -642,9 +642,10 @@ $Id$
|
|||
When choosing which documents to download, clients treat their list of
|
||||
directory authorities as a circular ring, and begin with the authority
|
||||
appearing immediately after the authority for their most recently
|
||||
retrieved network-status document. If this attempt fails, the client
|
||||
retries at other caches several times, before moving on to the next
|
||||
network-status document in sequence.
|
||||
retrieved network-status document. If this attempt fails (either it
|
||||
fails to download at all, or the one it gets is not as good as the
|
||||
one it has), the client retries at other caches several times, before
|
||||
moving on to the next network-status document in sequence.
|
||||
|
||||
Clients discard all network-status documents over 24 hours old.
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ $Id$
|
|||
|
||||
0. Overview and preliminaries
|
||||
|
||||
Read http://tor.eff.org/doc/design-paper/tor-design.html#sec:rendezvous
|
||||
Read https://www.torproject.org/doc/design-paper/tor-design.html#sec:rendezvous
|
||||
before you read this specification. It will make more sense.
|
||||
|
||||
Rendezvous points provide location-hidden services (server
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
<p>
|
||||
This document is obsolete. See the new <a
|
||||
href="http://tor.eff.org/documentation.html">Tor documentation</a> page.
|
||||
href="https://www.torproject.org/documentation.html">Tor documentation</a> page.
|
||||
</p>
|
||||
|
||||
</body>
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
<p>
|
||||
This document is obsolete. See the new <a
|
||||
href="http://tor.eff.org/documentation.html">Tor documentation</a> page.
|
||||
href="https://www.torproject.org/documentation.html">Tor documentation</a> page.
|
||||
</p>
|
||||
|
||||
</body>
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
<p>
|
||||
This document is obsolete. See the new <a
|
||||
href="http://tor.eff.org/documentation.html">Tor documentation</a> page.
|
||||
href="https://www.torproject.org/documentation.html">Tor documentation</a> page.
|
||||
</p>
|
||||
|
||||
</body>
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
<p>
|
||||
This document is obsolete. See the new <a
|
||||
href="http://tor.eff.org/documentation.html">Tor documentation</a> page.
|
||||
href="https://www.torproject.org/documentation.html">Tor documentation</a> page.
|
||||
</p>
|
||||
|
||||
</body>
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
<p>
|
||||
This document is obsolete. See the new <a
|
||||
href="http://tor.eff.org/documentation.html">Tor documentation</a> page.
|
||||
href="https://www.torproject.org/documentation.html">Tor documentation</a> page.
|
||||
</p>
|
||||
|
||||
</body>
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
<p>
|
||||
This document is obsolete. See the new <a
|
||||
href="http://tor.eff.org/documentation.html">Tor documentation</a> page.
|
||||
href="https://www.torproject.org/documentation.html">Tor documentation</a> page.
|
||||
</p>
|
||||
|
||||
</body>
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
##
|
||||
|
||||
The following steps are the exact steps used to produce the "official"
|
||||
OSX builds of tor
|
||||
OSX builds of tor.
|
||||
|
||||
Summary:
|
||||
1) Compile and install a static version of the latest release of
|
||||
|
@ -10,53 +10,21 @@ libevent.
|
|||
2) Acquire privoxyosx_setup_3.0.6.zip.
|
||||
http://downloads.sourceforge.net/ijbswa/privoxyosx_setup_3.0.6.zip?modtime=1164104652&big_mirror=0
|
||||
Remember where you put this file.
|
||||
3) Acquire and install your preferred version of tor via "make
|
||||
dist-osx"
|
||||
|
||||
Details:
|
||||
### Compiling libevent
|
||||
|
||||
1) Download the latest libevent from
|
||||
http://www.monkey.org/~provos/libevent/
|
||||
|
||||
2) The first step of compiling libevent is to configure it as
|
||||
follows:
|
||||
./configure --enable-static --disable-shared
|
||||
|
||||
3) Complete the "make" and "make install". You will need to be root,
|
||||
or sudo -s, to complete the "make install".
|
||||
|
||||
4) If you have previouslly installed libevent, go rm the old libevent.so*
|
||||
files so the linker doesn't get suckered into using them.
|
||||
|
||||
|
||||
### Acquiring privoxy
|
||||
|
||||
1) Download osx privoxy source from
|
||||
http://downloads.sourceforge.net/ijbswa/privoxyosx_setup_3.0.6.zip?modtime=1164104652&big_mirror=0
|
||||
|
||||
2) Edit /path/to/tor/contrib/osx/package.sh and confirm
|
||||
PRIVOXY_PKG_ZIP= is set to the correct path to find the
|
||||
file privoxyosx_setup_3.0.6.zip
|
||||
|
||||
|
||||
## Compiling Tor
|
||||
|
||||
1) Get your preferred version of the tor source from tor.eff.org.
|
||||
|
||||
2) In the top level, this means /path/to/tor/, not tor/contrib/osx,
|
||||
do a configure with these parameters:
|
||||
CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \
|
||||
--bindir=/Library/Tor --sysconfdir=/Library \
|
||||
--enable-static --disable-shared
|
||||
|
||||
3) In same top level dir, do a "make dist-osx". There now exists a
|
||||
.dmg file in the same directory. Install from this dmg.
|
||||
|
||||
3) Acquire torbutton xpi and license file.
|
||||
4) Acquire and install your preferred version of tor. Extract.
|
||||
5) Update some variables in contrib/osx/package.sh
|
||||
6) "make dist-osx"
|
||||
7) You now have a dmg from which you can install Tor, Privoxy, and the
|
||||
Torbutton extension for Firefox.
|
||||
|
||||
## Universal Binaries for OSX PPC and X86
|
||||
## This method works in OSX 10.4 (Tiger) and 10.5 (Leopard) only.
|
||||
## See far below if you don't care about cross compiling for PPC and X86.
|
||||
## The single architecture process starts with "###"
|
||||
|
||||
1) Install XCode 2.4 updates available from http://developer.apple.com.
|
||||
1) Install XCode 2.4.1 updates available from http://developer.apple.com.
|
||||
|
||||
## Compiling libevent
|
||||
|
||||
2) Download latest libevent from
|
||||
http://www.monkey.org/~provos/libevent/
|
||||
|
@ -75,30 +43,109 @@ by default, in /usr/local/lib/.
|
|||
|
||||
5) Check for a successful universal binary of libevent.a in, by default,
|
||||
/usr/local/lib by using the following command:
|
||||
file /usr/local/lib/libevent.a
|
||||
"file /usr/local/lib/libevent.a"
|
||||
|
||||
Your output should be:
|
||||
/usr/local/lib/libevent.a: Mach-O fat file with 2 architectures
|
||||
/usr/local/lib/libevent.a (for architecture i386): current ar archive random library
|
||||
/usr/local/lib/libevent.a (for architecture ppc): current ar archive
|
||||
|
||||
6) Get your preferred version of the tor source from tor.eff.org.
|
||||
## Acquiring privoxy
|
||||
|
||||
7) In the top level, this means /path/to/tor/, not tor/contrib/osx,
|
||||
6) Download osx privoxy source from
|
||||
http://downloads.sourceforge.net/ijbswa/privoxyosx_setup_3.0.6.zip?modtime=1164104652&big_mirror=0
|
||||
|
||||
7) Place the privoxyosx_setup_3.0.6.zip in a location of your choice.
|
||||
Remember this location.
|
||||
|
||||
8) Get your preferred version of Torbutton from https://torbutton.torproject.org.
|
||||
Place into a location of your choosing, remember this location.
|
||||
|
||||
9) Get the torbutton LICENSE file from https://torbutton.torproject.org.
|
||||
Place into a location of your choosing, remember this location.
|
||||
|
||||
10) Get your preferred version of the tor source from https://www.torproject.org/download.
|
||||
Extract the tarball.
|
||||
|
||||
11) Update three variables in contrib/osx/package.sh:
|
||||
PRIVOXY_PKG_ZIP=~/tmp/privoxyosx_setup_3.0.6.zip
|
||||
TORBUTTON_PATH=~/tmp/torbutton-1.1.9.1-alpha.xpi
|
||||
TORBUTTON_LIC_PATH=~/tmp/LICENSE
|
||||
|
||||
Make sure the paths are correct. The build will fail if they are not.
|
||||
|
||||
12) In the top level, this means /path/to/tor/, not tor/contrib/osx,
|
||||
do a configure with these parameters:
|
||||
CFLAGS="-O -g -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc" \
|
||||
LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
|
||||
CONFDIR=/Library/Tor \
|
||||
./configure --prefix=/Library/Tor --bindir=/Library/Tor \
|
||||
--sysconfdir=/Library --enable-static --disable-shared \
|
||||
--disable-dependency-tracking
|
||||
--sysconfdir=/Library --disable-dependency-tracking
|
||||
|
||||
8) "make dist-osx"
|
||||
13) "make dist-osx"
|
||||
|
||||
9) Confirm you have created a universal binary by issuing the follow command:
|
||||
file src/or/tor
|
||||
14) Confirm you have created a universal binary by issuing the follow command:
|
||||
"file src/or/tor". Its output should be as follows:
|
||||
src/or/tor: Mach-O fat file with 2 architectures
|
||||
src/or/tor (for architecture i386): Mach-O executable i386
|
||||
src/or/tor (for architecture ppc): Mach-O executable ppc
|
||||
|
||||
Congrats. You have a universal binary.
|
||||
15) There should exist in the top-level directory a
|
||||
Tor-$VERSION-universal-$OS-Bundle.dmg
|
||||
|
||||
16) Congrats. You have a universal binary. You are now ready to install Tor,
|
||||
Privoxy, and the Torbutton extension for Firefox.
|
||||
|
||||
|
||||
### Single Architecture Binaries for PPC or X86, not both.
|
||||
### This method works in all versions of OSX 10.1 through 10.5
|
||||
|
||||
### Compiling libevent
|
||||
|
||||
1) Download the latest libevent from
|
||||
http://www.monkey.org/~provos/libevent/
|
||||
|
||||
2) The first step of compiling libevent is to configure it as
|
||||
follows:
|
||||
./configure --enable-static --disable-shared
|
||||
|
||||
3) Complete the "make" and "make install". You will need to be root,
|
||||
or sudo -s, to complete the "make install".
|
||||
|
||||
4) If you have previouslly installed libevent, go rm the old libevent.so*
|
||||
files so the linker doesn't get suckered into using them.
|
||||
|
||||
### Acquiring privoxy
|
||||
|
||||
1) Download osx privoxy source from
|
||||
http://downloads.sourceforge.net/ijbswa/privoxyosx_setup_3.0.6.zip?modtime=1164104652&big_mirror=0
|
||||
|
||||
2) Place the privoxyosx_setup_3.0.6.zip in a location of your choice.
|
||||
Remember this location.
|
||||
|
||||
### Compiling Tor
|
||||
|
||||
1) Get your preferred version of Torbutton from
|
||||
https://torbutton.torproject.org.
|
||||
Place into a location of your choosing, remember this location.
|
||||
|
||||
2) Get the torbutton LICENSE file from https://torbutton.torproject.org.
|
||||
Place into a location of your choosing, remember this location.
|
||||
|
||||
3) Get your preferred version of the tor source from https://www.torproject.org. Extract the
|
||||
tarball.
|
||||
|
||||
4) Update three variables in contrib/osx/package.sh:
|
||||
PRIVOXY_PKG_ZIP=~/tmp/privoxyosx_setup_3.0.6.zip
|
||||
TORBUTTON_PATH=~/tmp/torbutton-1.1.9.1-alpha.xpi
|
||||
TORBUTTON_LIC_PATH=~/tmp/LICENSE
|
||||
|
||||
Make sure the paths are correct. The build will fail if they are not.
|
||||
|
||||
5) In the top level, this means /path/to/tor/, not tor/contrib/osx,
|
||||
do a configure with these parameters:
|
||||
CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \
|
||||
--bindir=/Library/Tor --sysconfdir=/Library
|
||||
|
||||
6) In same top level dir, do a "make dist-osx". There now exists a
|
||||
.dmg file in the same directory. Install from this dmg.
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
<p>
|
||||
This document is obsolete. See the new <a
|
||||
href="http://tor.eff.org/documentation.html">Tor documentation</a> page.
|
||||
href="https://www.torproject.org/documentation.html">Tor documentation</a> page.
|
||||
</p>
|
||||
|
||||
</body>
|
||||
|
|
|
@ -5,7 +5,7 @@ Stage One: Download and Install MinGW.
|
|||
---------------------------------------
|
||||
|
||||
Download mingw:
|
||||
http://prdownloads.sf.net/mingw/MinGW-5.0.3.exe?download
|
||||
http://prdownloads.sf.net/mingw/MinGW-5.1.3.exe?download
|
||||
|
||||
Download msys:
|
||||
http://prdownloads.sf.net/mingw/MSYS-1.0.10.exe?download
|
||||
|
@ -13,7 +13,13 @@ http://prdownloads.sf.net/mingw/MSYS-1.0.10.exe?download
|
|||
Download the mingw developer tool kit:
|
||||
http://prdownloads.sf.net/mingw/msysDTK-1.0.1.exe?download
|
||||
|
||||
Install mingw, msys and mingw-dtk.
|
||||
Download the mingw autoconf-2.59 update:
|
||||
http://prdownloads.sf.net/mingw/msys-autoconf-2.59.tar.bz2?download
|
||||
|
||||
Install mingw, msys and mingw-dtk. Extract msys-autoconf-2.59.tar.bz2 into
|
||||
your mingw install location. For example, if you installed mingw into
|
||||
/c/mingw/1.0/ you want to extract msys-autoconf-2.59.tar.bz2 into this
|
||||
directory.
|
||||
|
||||
Create a directory called "tor-mingw".
|
||||
|
||||
|
@ -21,22 +27,22 @@ Stage Two: Download, extract, compile openssl
|
|||
----------------------------------------------
|
||||
|
||||
Download openssl:
|
||||
http://www.openssl.org/source/openssl-0.9.8d.tar.gz
|
||||
http://www.openssl.org/source/openssl-0.9.8g.tar.gz
|
||||
|
||||
Extract openssl:
|
||||
Copy the openssl tarball into the "tor-mingw" directory.
|
||||
Type "cd tor-mingw/"
|
||||
Type "tar zxf openssl-0.9.8d.tar.gz"
|
||||
Type "tar zxf openssl-0.9.8g.tar.gz"
|
||||
|
||||
Make openssl libraries:
|
||||
Type "cd tor-mingw/openssl-0.9.8d/"
|
||||
Type "./Configure mingw"
|
||||
Type "cd tor-mingw/openssl-0.9.8g/"
|
||||
Type "./Configure -no-idea -no-rc5 -no-mdc2 mingw"
|
||||
Edit Makefile and remove the "test:" and "tests:" sections.
|
||||
Type "rm -rf ./test"
|
||||
Type "cd crypto/"
|
||||
Type "find ./ -name "*.h" -exec cp {} ../include/openssl/ \;"
|
||||
Type "cd ../ssl/"
|
||||
Type "find ./ -name "*.h" -exec cp {} ../include/openssl/ \;
|
||||
Type "find ./ -name "*.h" -exec cp {} ../include/openssl/ \;"
|
||||
Type "cd .."
|
||||
Type "cp *.h include/openssl/"
|
||||
# The next steps can take up to 30 minutes to complete.
|
||||
|
@ -77,39 +83,45 @@ Type "make -f win32/Makefile.gcc"
|
|||
Done.
|
||||
|
||||
|
||||
Stage Four: Download, extract, and patch libevent-1.1b.
|
||||
Stage Four: Download, extract, and compile libevent-1.3e
|
||||
------------------------------------------------------
|
||||
|
||||
Download libevent-1.3a:
|
||||
Download the libevent 1.3e release:
|
||||
http://www.monkey.org/~provos/libevent/
|
||||
|
||||
Copy the libevent tarball into the "tor-mingw" directory.
|
||||
Type "cd tor-mingw"
|
||||
|
||||
Extract libevent:
|
||||
Type "tar zxf libevent-1.3a.tar.gz"
|
||||
Extract libevent.
|
||||
|
||||
Type "./configure --enable-static --disable-shared"
|
||||
--------------------libevent 1.3a only---------------------------------------
|
||||
You need to manually edit the Makefile and remove all references to "sample".
|
||||
libevent 1.3a won't compile in mingw currently due to issues in event_test.c.
|
||||
Removing the "sample" directory and all references to it in Makefile create a
|
||||
completely valid libevent library.
|
||||
-----------------------------------------------------------------------------
|
||||
Type "make"
|
||||
Type "make install"
|
||||
|
||||
Stage Five: Build Tor
|
||||
----------------------
|
||||
|
||||
Download the current Tor alpha release from http://tor.eff.org/download.html.
|
||||
Download the current Tor alpha release from https://www.torproject.org/download.html.
|
||||
Copy the Tor tarball into the "tor-mingw" directory.
|
||||
Extract Tor:
|
||||
Type "tar zxf latest-tor-alpha.tar.gz"
|
||||
|
||||
cd tor-<version>
|
||||
Type "./configure --enable-static --disable-shared"
|
||||
Type "./configure"
|
||||
Type "make"
|
||||
|
||||
You now have a tor.exe in src/or/. This is Tor.
|
||||
You now have a tor_resolve.exe in src/tools/.
|
||||
You now have a tor-resolve.exe in src/tools/.
|
||||
|
||||
Stage Six: Build the installer
|
||||
-------------------------------
|
||||
|
||||
Install the latest NSIS:
|
||||
http://nsis.sourceforge.net/Download
|
||||
|
||||
Run the package script in contrib:
|
||||
From the Tor build directory above, run:
|
||||
"./contrib/package_nsis-mingw.sh"
|
||||
|
||||
The resulting Tor installer executable is in ./win_tmp/.
|
||||
|
||||
|
|
22
doc/tor.1.in
22
doc/tor.1.in
|
@ -417,13 +417,6 @@ but never attach a new stream to a circuit that is too old.
|
|||
(Default: 10 minutes)
|
||||
.LP
|
||||
.TP
|
||||
\fBNodeFamily \fR\fInickname\fR,\fInickname\fR,\fI...\fP
|
||||
The named Tor servers constitute a "family" of similar or co-administered
|
||||
servers, so never use any two of them in the same circuit. Defining a
|
||||
NodeFamily is only needed when a server doesn't list the family itself
|
||||
(with MyFamily). This option can be used multiple times.
|
||||
.LP
|
||||
.TP
|
||||
\fBEnforceDistinctSubnets \fR\fB0\fR|\fB1\fR\fP
|
||||
If 1, Tor will not put two servers whose IP addresses are "too
|
||||
close" on the same circuit. Currently, two addresses are
|
||||
|
@ -545,7 +538,7 @@ resolved. This helps trap accidental attempts to resolve URLs and so on.
|
|||
(Default: 0)
|
||||
.LP
|
||||
.TP
|
||||
\fBFastFirstHopPK \fR\fB0\fR|fB1\fR\fP
|
||||
\fBFastFirstHopPK \fR\fB0\fR|\fB1\fR\fP
|
||||
When this option is enabled and we aren't running as a server, Tor
|
||||
skips the public key step for the first hop of creating circuits. This is
|
||||
safe since we have already used TLS to authenticate the server and to
|
||||
|
@ -628,11 +621,13 @@ To specify all internal and link-local networks (including 0.0.0.0/8,
|
|||
169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, and
|
||||
172.16.0.0/12), you can use the "private" alias instead of an address.
|
||||
These addresses are rejected by default (at the beginning of your
|
||||
exit policy) unless you set the ExitPolicyRejectPrivate config option
|
||||
exit policy), along with your public IP address, unless you set the
|
||||
ExitPolicyRejectPrivate config option
|
||||
to 0. For example, once you've done that, you could allow HTTP to
|
||||
127.0.0.1 and block all other connections to internal networks with
|
||||
"accept
|
||||
127.0.0.1:80,reject private:*". See RFC 1918 and RFC 3330 for more
|
||||
"accept 127.0.0.1:80,reject private:*", though that may also allow
|
||||
connections to your own computer that are addressed to its public
|
||||
(external) IP address. See RFC 1918 and RFC 3330 for more
|
||||
details about internal and reserved IP address space.
|
||||
|
||||
This directive can be specified multiple times so you don't have to put
|
||||
|
@ -662,7 +657,8 @@ either a reject *:* or an accept *:*. Otherwise, you're _augmenting_
|
|||
.LP
|
||||
.TP
|
||||
\fBExitPolicyRejectPrivate \fR\fB0\fR|\fB1\fR\fP
|
||||
Reject all private (local) networks at the beginning of your exit
|
||||
Reject all private (local) networks, along with your own public IP
|
||||
address, at the beginning of your exit
|
||||
policy. See above entry on ExitPolicy. (Default: 1)
|
||||
.LP
|
||||
.TP
|
||||
|
@ -1090,7 +1086,7 @@ The private key for this hidden service.
|
|||
.BR tsocks (1),
|
||||
.BR torify (1)
|
||||
|
||||
.BR http://tor.eff.org/
|
||||
.BR https://www.torproject.org/
|
||||
|
||||
.SH BUGS
|
||||
Plenty, probably. Tor is still in development. Please report them.
|
||||
|
|
|
@ -94,6 +94,9 @@ const char compat_c_id[] =
|
|||
#ifdef HAVE_SYS_MMAN_H
|
||||
#include <sys/mman.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_SYSLIMITS_H
|
||||
#include <sys/syslimits.h>
|
||||
#endif
|
||||
|
||||
#ifdef USE_BSOCKETS
|
||||
#include <bsocket.h>
|
||||
|
@ -155,19 +158,18 @@ tor_mmap_file(const char *filename)
|
|||
/* Zero-length file. If we call mmap on it, it will succeed but
|
||||
* return NULL, and bad things will happen. So just fail. */
|
||||
log_info(LD_FS,"File \"%s\" is empty. Ignoring.",filename);
|
||||
close(fd);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
string = mmap(0, size, PROT_READ, MAP_PRIVATE, fd, 0);
|
||||
close(fd);
|
||||
if (string == MAP_FAILED) {
|
||||
close(fd);
|
||||
log_warn(LD_FS,"Could not mmap file \"%s\": %s", filename,
|
||||
strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
close(fd);
|
||||
|
||||
res = tor_malloc_zero(sizeof(tor_mmap_impl_t));
|
||||
res->base.data = string;
|
||||
res->base.size = filesize;
|
||||
|
@ -199,8 +201,8 @@ tor_mmap_file(const char *filename)
|
|||
res->mmap_handle = NULL;
|
||||
|
||||
res->file_handle = CreateFile(filename,
|
||||
GENERIC_READ,
|
||||
0, NULL,
|
||||
GENERIC_READ, FILE_SHARE_READ,
|
||||
NULL,
|
||||
OPEN_EXISTING,
|
||||
FILE_ATTRIBUTE_NORMAL,
|
||||
0);
|
||||
|
@ -606,6 +608,10 @@ tor_socketpair(int family, int type, int protocol, int fd[2])
|
|||
|
||||
#define ULIMIT_BUFFER 32 /* keep 32 extra fd's beyond _ConnLimit */
|
||||
|
||||
#if defined(HAVE_GETRLIMIT) && !defined(HAVE_RLIM_T)
|
||||
typedef unsigned long rlim_t;
|
||||
#endif
|
||||
|
||||
/** Learn the maximum allowed number of file descriptors. (Some systems
|
||||
* have a low soft limit.
|
||||
*
|
||||
|
@ -627,7 +633,7 @@ set_max_file_descriptors(unsigned long limit, unsigned long cap)
|
|||
}
|
||||
#else
|
||||
struct rlimit rlim;
|
||||
unsigned long most;
|
||||
rlim_t most;
|
||||
tor_assert(limit > 0);
|
||||
tor_assert(cap > 0);
|
||||
|
||||
|
@ -642,16 +648,40 @@ set_max_file_descriptors(unsigned long limit, unsigned long cap)
|
|||
limit, (unsigned long)rlim.rlim_max);
|
||||
return -1;
|
||||
}
|
||||
most = (rlim.rlim_max > cap) ? cap : (unsigned) rlim.rlim_max;
|
||||
most = (rlim.rlim_max > (rlim_t)cap) ? (rlim_t)cap : rlim.rlim_max;
|
||||
if (most > rlim.rlim_cur) {
|
||||
log_info(LD_NET,"Raising max file descriptors from %lu to %lu.",
|
||||
(unsigned long)rlim.rlim_cur, most);
|
||||
(unsigned long)rlim.rlim_cur, (unsigned long)most);
|
||||
}
|
||||
rlim.rlim_cur = most;
|
||||
if (setrlimit(RLIMIT_NOFILE, &rlim) != 0) {
|
||||
log_warn(LD_CONFIG, "Could not set maximum number of file descriptors: %s",
|
||||
strerror(errno));
|
||||
return -1;
|
||||
int bad = 1;
|
||||
#ifdef OPEN_MAX
|
||||
if (errno == EINVAL && OPEN_MAX < rlim.rlim_cur) {
|
||||
/* On some platforms, OPEN_MAX is the real limit, and getrlimit() is
|
||||
* full of nasty lies. I'm looking at you, OSX 10.5.... */
|
||||
rlim.rlim_cur = OPEN_MAX;
|
||||
if (setrlimit(RLIMIT_NOFILE, &rlim) == 0) {
|
||||
if (rlim.rlim_cur < limit) {
|
||||
log_warn(LD_CONFIG, "We are limited to %lu file descriptors by "
|
||||
"OPEN_MAX, and ConnLimit is %lu. Changing ConnLimit; sorry.",
|
||||
(unsigned long)OPEN_MAX, limit);
|
||||
} else {
|
||||
log_info(LD_CONFIG, "Dropped connection limit to OPEN_MAX (%lu); "
|
||||
"Apparently, %lu was too high and rlimit lied to us.",
|
||||
(unsigned long)OPEN_MAX, (unsigned long)most);
|
||||
}
|
||||
most = rlim.rlim_cur;
|
||||
bad = 0;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
if (bad) {
|
||||
log_warn(LD_CONFIG,
|
||||
"Couldn't set maximum number of file descriptors: %s",
|
||||
strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
/* leave some overhead for logs, etc, */
|
||||
limit = most;
|
||||
|
|
|
@ -154,6 +154,14 @@ int tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
|
|||
const void *tor_memmem(const void *haystack, size_t hlen, const void *needle,
|
||||
size_t nlen) ATTR_PURE ATTR_NONNULL((1,3));
|
||||
|
||||
static const void *tor_memstr(const void *haystack, size_t hlen,
|
||||
const char *needle) ATTR_PURE ATTR_NONNULL((1,3));
|
||||
static INLINE const void *
|
||||
tor_memstr(const void *haystack, size_t hlen, const char *needle)
|
||||
{
|
||||
return tor_memmem(haystack, hlen, needle, strlen(needle));
|
||||
}
|
||||
|
||||
#define TOR_ISALPHA(c) isalpha((int)(unsigned char)(c))
|
||||
#define TOR_ISALNUM(c) isalnum((int)(unsigned char)(c))
|
||||
#define TOR_ISSPACE(c) isspace((int)(unsigned char)(c))
|
||||
|
|
|
@ -65,6 +65,8 @@ smartlist_set_capacity(smartlist_t *sl, int n)
|
|||
{
|
||||
if (n < sl->num_used)
|
||||
n = sl->num_used;
|
||||
if (n < 1)
|
||||
n = 1;
|
||||
if (sl->capacity != n) {
|
||||
sl->capacity = n;
|
||||
sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity);
|
||||
|
|
|
@ -70,7 +70,7 @@ tor_gzip_compress(char **out, size_t *out_len,
|
|||
compress_method_t method)
|
||||
{
|
||||
struct z_stream_s *stream = NULL;
|
||||
size_t out_size;
|
||||
size_t out_size, old_size;
|
||||
off_t offset;
|
||||
|
||||
tor_assert(out);
|
||||
|
@ -118,7 +118,12 @@ tor_gzip_compress(char **out, size_t *out_len,
|
|||
break;
|
||||
case Z_BUF_ERROR:
|
||||
offset = stream->next_out - ((unsigned char*)*out);
|
||||
old_size = out_size;
|
||||
out_size *= 2;
|
||||
if (out_size < old_size) {
|
||||
log_warn(LD_GENERAL, "Size overflow in compression.");
|
||||
goto err;
|
||||
}
|
||||
*out = tor_realloc(*out, out_size);
|
||||
stream->next_out = (unsigned char*)(*out + offset);
|
||||
if (out_size - offset > UINT_MAX) {
|
||||
|
@ -173,7 +178,7 @@ tor_gzip_uncompress(char **out, size_t *out_len,
|
|||
int protocol_warn_level)
|
||||
{
|
||||
struct z_stream_s *stream = NULL;
|
||||
size_t out_size;
|
||||
size_t out_size, old_size;
|
||||
off_t offset;
|
||||
int r;
|
||||
|
||||
|
@ -240,7 +245,12 @@ tor_gzip_uncompress(char **out, size_t *out_len,
|
|||
goto err;
|
||||
}
|
||||
offset = stream->next_out - (unsigned char*)*out;
|
||||
old_size = out_size;
|
||||
out_size *= 2;
|
||||
if (out_size < old_size) {
|
||||
log_warn(LD_GENERAL, "Size overflow in compression.");
|
||||
goto err;
|
||||
}
|
||||
*out = tor_realloc(*out, out_size);
|
||||
stream->next_out = (unsigned char*)(*out + offset);
|
||||
if (out_size - offset > UINT_MAX) {
|
||||
|
|
|
@ -292,9 +292,9 @@ typedef uint32_t uintptr_t;
|
|||
|
||||
#ifndef SIZE_T_MAX
|
||||
#if (SIZEOF_SIZE_T == 4)
|
||||
#define SIZE_T_MAX 0xfffffffful
|
||||
#define SIZE_T_MAX UINT32_MAX
|
||||
#elif (SIZEOF_SIZE_T == 8)
|
||||
#define SIZE_T_MAX 0xfffffffffffffffful
|
||||
#define SIZE_T_MAX UINT64_MAX
|
||||
#else
|
||||
#error "Can't define SIZE_T_MAX"
|
||||
#endif
|
||||
|
|
|
@ -418,6 +418,36 @@ eat_whitespace(const char *s)
|
|||
}
|
||||
}
|
||||
|
||||
/** Return a pointer to the first char of s before <b>eos</b> that is not
|
||||
* whitespace and not a comment, or to the terminating NUL or eos if no such
|
||||
* character exists.
|
||||
*/
|
||||
const char *
|
||||
eat_whitespace_eos(const char *s, const char *eos)
|
||||
{
|
||||
tor_assert(s);
|
||||
tor_assert(eos && s <= eos);
|
||||
|
||||
while (s < eos) {
|
||||
switch (*s) {
|
||||
case '\0':
|
||||
default:
|
||||
return s;
|
||||
case ' ':
|
||||
case '\t':
|
||||
case '\n':
|
||||
case '\r':
|
||||
++s;
|
||||
break;
|
||||
case '#':
|
||||
++s;
|
||||
while (s < eos && *s && *s != '\n')
|
||||
++s;
|
||||
}
|
||||
}
|
||||
return s;
|
||||
}
|
||||
|
||||
/** Return a pointer to the first char of s that is not a space or a tab,
|
||||
* or to the terminating NUL if no such character exists. */
|
||||
const char *
|
||||
|
@ -1525,7 +1555,7 @@ expand_filename(const char *filename)
|
|||
return NULL;
|
||||
}
|
||||
home = tor_strdup(home);
|
||||
rest = strlen(filename)>=2?(filename+2):NULL;
|
||||
rest = strlen(filename)>=2?(filename+2):"";
|
||||
} else {
|
||||
#ifdef HAVE_PWD_H
|
||||
char *username, *slash;
|
||||
|
@ -1540,7 +1570,7 @@ expand_filename(const char *filename)
|
|||
return NULL;
|
||||
}
|
||||
tor_free(username);
|
||||
rest = slash ? (slash+1) : NULL;
|
||||
rest = slash ? (slash+1) : "";
|
||||
#else
|
||||
log_warn(LD_CONFIG, "Couldn't expend homedir on system without pwd.h");
|
||||
return tor_strdup(filename);
|
||||
|
@ -1555,7 +1585,7 @@ expand_filename(const char *filename)
|
|||
* Round up to 16 in case we can't do math. */
|
||||
len = strlen(home)+strlen(rest)+16;
|
||||
result = tor_malloc(len);
|
||||
tor_snprintf(result,len,"%s/%s",home,rest?rest:"");
|
||||
tor_snprintf(result,len,"%s/%s",home,rest);
|
||||
tor_free(home);
|
||||
return result;
|
||||
} else {
|
||||
|
@ -1577,7 +1607,7 @@ tor_listdir(const char *dirname)
|
|||
size_t pattern_len = strlen(dirname)+16;
|
||||
pattern = tor_malloc(pattern_len);
|
||||
tor_snprintf(pattern, pattern_len, "%s\\*", dirname);
|
||||
if (!(handle = FindFirstFile(pattern, &findData))) {
|
||||
if (INVALID_HANDLE_VALUE == (handle = FindFirstFile(pattern, &findData))) {
|
||||
tor_free(pattern);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -2040,8 +2070,7 @@ finish_daemon(const char *desired_cwd)
|
|||
exit(1);
|
||||
}
|
||||
|
||||
nullfd = open("/dev/null",
|
||||
O_CREAT | O_RDWR | O_APPEND);
|
||||
nullfd = open("/dev/null", O_RDWR | O_APPEND);
|
||||
if (nullfd < 0) {
|
||||
log_err(LD_GENERAL,"/dev/null can't be opened. Exiting.");
|
||||
exit(1);
|
||||
|
|
|
@ -158,6 +158,7 @@ uint64_t tor_parse_uint64(const char *s, int base, uint64_t min,
|
|||
uint64_t max, int *ok, char **next);
|
||||
const char *hex_str(const char *from, size_t fromlen) ATTR_NONNULL((1));
|
||||
const char *eat_whitespace(const char *s) ATTR_PURE;
|
||||
const char *eat_whitespace_eos(const char *s, const char *eos) ATTR_PURE;
|
||||
const char *eat_whitespace_no_nl(const char *s) ATTR_PURE;
|
||||
const char *find_whitespace(const char *s) ATTR_PURE;
|
||||
int tor_mem_is_zero(const char *mem, size_t len) ATTR_PURE;
|
||||
|
|
|
@ -15,7 +15,7 @@ const char buffers_c_id[] =
|
|||
|
||||
#include "or.h"
|
||||
|
||||
#define SENTINELS
|
||||
#undef SENTINELS
|
||||
#undef CHECK_AFTER_RESIZE
|
||||
#undef PARANOIA
|
||||
#undef NOINLINE
|
||||
|
@ -1228,54 +1228,20 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
|
|||
}
|
||||
}
|
||||
|
||||
/** If there is a complete version 0 control message waiting on buf, then store
|
||||
* its contents into *<b>type_out</b>, store its body's length into
|
||||
* *<b>len_out</b>, allocate and store a string for its body into
|
||||
* *<b>body_out</b>, and return 1. (body_out will always be NUL-terminated,
|
||||
* even if the control message body doesn't end with NUL.)
|
||||
*
|
||||
* If there is not a complete control message waiting, return 0.
|
||||
*
|
||||
* Return -1 on error; return -2 on "seems to be control protocol v1."
|
||||
*/
|
||||
/** Return 1 iff buf looks more like it has an (obsolete) v0 controller
|
||||
* command on it than any valid v1 controller command. */
|
||||
int
|
||||
fetch_from_buf_control0(buf_t *buf, uint32_t *len_out, uint16_t *type_out,
|
||||
char **body_out, int check_for_v1)
|
||||
peek_buf_has_control0_command(buf_t *buf)
|
||||
{
|
||||
uint32_t msglen;
|
||||
uint16_t type;
|
||||
char tmp[4];
|
||||
|
||||
tor_assert(buf);
|
||||
tor_assert(len_out);
|
||||
tor_assert(type_out);
|
||||
tor_assert(body_out);
|
||||
|
||||
*len_out = 0;
|
||||
*body_out = NULL;
|
||||
|
||||
if (buf->datalen < 4)
|
||||
return 0;
|
||||
|
||||
peek_from_buf(tmp, 4, buf);
|
||||
|
||||
msglen = ntohs(get_uint16(tmp));
|
||||
type = ntohs(get_uint16(tmp+2));
|
||||
if (type > 255 && check_for_v1)
|
||||
return -2;
|
||||
|
||||
if (buf->datalen < 4 + (unsigned)msglen)
|
||||
return 0;
|
||||
|
||||
*len_out = msglen;
|
||||
*type_out = type;
|
||||
buf_remove_from_front(buf, 4);
|
||||
if (msglen) {
|
||||
*body_out = tor_malloc(msglen+1);
|
||||
fetch_from_buf(*body_out, msglen, buf);
|
||||
(*body_out)[msglen] = '\0';
|
||||
if (buf->datalen >= 4) {
|
||||
char header[4];
|
||||
uint16_t cmd;
|
||||
peek_from_buf(header, sizeof(header), buf);
|
||||
cmd = ntohs(get_uint16(header+2));
|
||||
if (cmd <= 0x14)
|
||||
return 1; /* This is definitely not a v1 control command. */
|
||||
}
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** Helper: return a pointer to the first instance of <b>c</b> in the
|
||||
|
|
|
@ -94,7 +94,7 @@ get_unique_circ_id_by_conn(or_connection_t *conn)
|
|||
return 0;
|
||||
}
|
||||
test_circ_id |= high_bit;
|
||||
} while (circuit_get_by_circid_orconn(test_circ_id, conn));
|
||||
} while (circuit_id_in_use_on_orconn(test_circ_id, conn));
|
||||
return test_circ_id;
|
||||
}
|
||||
|
||||
|
@ -1246,14 +1246,14 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime,
|
|||
smartlist_subtract(sl,excludedexits);
|
||||
if (options->StrictExitNodes || smartlist_overlap(sl,preferredexits))
|
||||
smartlist_intersect(sl,preferredexits);
|
||||
router = routerlist_sl_choose_by_bandwidth(sl, 1);
|
||||
router = routerlist_sl_choose_by_bandwidth(sl, 1, 0);
|
||||
} else {
|
||||
/* Either there are no pending connections, or no routers even seem to
|
||||
* possibly support any of them. Choose a router at random that satisfies
|
||||
* at least one predicted exit port. */
|
||||
|
||||
int try;
|
||||
smartlist_t *needed_ports = circuit_get_unhandled_ports(time(NULL));
|
||||
smartlist_t *needed_ports;
|
||||
|
||||
if (best_support == -1) {
|
||||
if (need_uptime || need_capacity) {
|
||||
|
@ -1271,6 +1271,7 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime,
|
|||
log_notice(LD_CIRC, "All routers are down or won't exit -- choosing a "
|
||||
"doomed exit at random.");
|
||||
}
|
||||
needed_ports = circuit_get_unhandled_ports(time(NULL));
|
||||
for (try = 0; try < 2; try++) {
|
||||
/* try once to pick only from routers that satisfy a needed port,
|
||||
* then if there are none, pick from any that support exiting. */
|
||||
|
@ -1289,7 +1290,7 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime,
|
|||
smartlist_intersect(sl,preferredexits);
|
||||
/* XXX sometimes the above results in null, when the requested
|
||||
* exit node is down. we should pick it anyway. */
|
||||
router = routerlist_sl_choose_by_bandwidth(sl, 1);
|
||||
router = routerlist_sl_choose_by_bandwidth(sl, 1, 0);
|
||||
if (router)
|
||||
break;
|
||||
}
|
||||
|
@ -1722,9 +1723,11 @@ extend_info_from_router(routerinfo_t *r)
|
|||
extend_info_t *info;
|
||||
tor_assert(r);
|
||||
info = tor_malloc_zero(sizeof(extend_info_t));
|
||||
strlcpy(info->nickname, r->nickname, sizeof(info->nickname));
|
||||
if (r->nickname)
|
||||
strlcpy(info->nickname, r->nickname, sizeof(info->nickname));
|
||||
memcpy(info->identity_digest, r->cache_info.identity_digest, DIGEST_LEN);
|
||||
info->onion_key = crypto_pk_dup_key(r->onion_pkey);
|
||||
if (r->onion_pkey)
|
||||
info->onion_key = crypto_pk_dup_key(r->onion_pkey);
|
||||
info->addr = r->addr;
|
||||
info->port = r->or_port;
|
||||
return info;
|
||||
|
@ -1738,7 +1741,8 @@ extend_info_from_routerstatus(routerstatus_t *s)
|
|||
extend_info_t *info;
|
||||
tor_assert(s);
|
||||
info = tor_malloc_zero(sizeof(extend_info_t));
|
||||
strlcpy(info->nickname, s->nickname, sizeof(info->nickname));
|
||||
if (s->nickname)
|
||||
strlcpy(info->nickname, s->nickname, sizeof(info->nickname));
|
||||
memcpy(info->identity_digest, s->identity_digest, DIGEST_LEN);
|
||||
info->onion_key = NULL; /* routerstatus doesn't know this */
|
||||
info->addr = s->addr;
|
||||
|
@ -2255,10 +2259,8 @@ static void
|
|||
entry_guards_prepend_from_config(void)
|
||||
{
|
||||
or_options_t *options = get_options();
|
||||
smartlist_t *entry_routers = smartlist_create();
|
||||
smartlist_t *old_entry_guards_on_list = smartlist_create();
|
||||
smartlist_t *old_entry_guards_not_on_list = smartlist_create();
|
||||
smartlist_t *entry_fps = smartlist_create();
|
||||
smartlist_t *entry_routers, *entry_fps;
|
||||
smartlist_t *old_entry_guards_on_list, *old_entry_guards_not_on_list;
|
||||
tor_assert(entry_guards);
|
||||
|
||||
should_add_entry_nodes = 0;
|
||||
|
@ -2274,6 +2276,11 @@ entry_guards_prepend_from_config(void)
|
|||
log_info(LD_CIRC,"Adding configured EntryNodes '%s'.",
|
||||
options->EntryNodes);
|
||||
|
||||
entry_routers = smartlist_create();
|
||||
entry_fps = smartlist_create();
|
||||
old_entry_guards_on_list = smartlist_create();
|
||||
old_entry_guards_not_on_list = smartlist_create();
|
||||
|
||||
/* Split entry guards into those on the list and those not. */
|
||||
add_nickname_list_to_smartlist(entry_routers, options->EntryNodes, 0);
|
||||
SMARTLIST_FOREACH(entry_routers, routerinfo_t *, ri,
|
||||
|
@ -2322,11 +2329,17 @@ choose_random_entry(cpath_build_state_t *state)
|
|||
{
|
||||
or_options_t *options = get_options();
|
||||
smartlist_t *live_entry_guards = smartlist_create();
|
||||
smartlist_t *exit_family = smartlist_create();
|
||||
routerinfo_t *chosen_exit = build_state_get_exit_router(state);
|
||||
routerinfo_t *r = NULL;
|
||||
int need_uptime = state->need_uptime;
|
||||
int need_capacity = state->need_capacity;
|
||||
|
||||
if (chosen_exit) {
|
||||
smartlist_add(exit_family, chosen_exit);
|
||||
routerlist_add_family(exit_family, chosen_exit);
|
||||
}
|
||||
|
||||
if (!entry_guards)
|
||||
entry_guards = smartlist_create();
|
||||
|
||||
|
@ -2343,8 +2356,15 @@ choose_random_entry(cpath_build_state_t *state)
|
|||
SMARTLIST_FOREACH(entry_guards, entry_guard_t *, entry,
|
||||
{
|
||||
r = entry_is_live(entry, need_uptime, need_capacity, 0);
|
||||
if (r && r != chosen_exit) {
|
||||
if (r && !smartlist_isin(exit_family, r)) {
|
||||
smartlist_add(live_entry_guards, r);
|
||||
if (!entry->made_contact) {
|
||||
/* Always start with the first not-yet-contacted entry
|
||||
* guard. Otherwise we might add several new ones, pick
|
||||
* the second new one, and now we've expanded our entry
|
||||
* guard list without needing to. */
|
||||
goto choose_and_finish;
|
||||
}
|
||||
if (smartlist_len(live_entry_guards) >= options->NumEntryGuards)
|
||||
break; /* we have enough */
|
||||
}
|
||||
|
@ -2378,8 +2398,10 @@ choose_random_entry(cpath_build_state_t *state)
|
|||
/* live_entry_guards will be empty below. Oh well, we tried. */
|
||||
}
|
||||
|
||||
choose_and_finish:
|
||||
r = smartlist_choose(live_entry_guards);
|
||||
smartlist_free(live_entry_guards);
|
||||
smartlist_free(exit_family);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -2395,6 +2417,7 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
|
|||
entry_guard_t *node = NULL;
|
||||
smartlist_t *new_entry_guards = smartlist_create();
|
||||
config_line_t *line;
|
||||
time_t now = time(NULL);
|
||||
|
||||
*msg = NULL;
|
||||
for (line = state->EntryGuards; line; line = line->next) {
|
||||
|
@ -2437,6 +2460,11 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
|
|||
"Bad time in EntryGuardDownSince/UnlistedSince");
|
||||
break;
|
||||
}
|
||||
if (when > now) {
|
||||
/* It's a bad idea to believe info in the future: you can wind
|
||||
* up with timeouts that aren't allowed to happen for years. */
|
||||
continue;
|
||||
}
|
||||
if (strlen(line->value) >= ISO_TIME_LEN+ISO_TIME_LEN+1) {
|
||||
/* ignore failure */
|
||||
parse_iso_time(line->value+ISO_TIME_LEN+1, &last_try);
|
||||
|
|
|
@ -615,6 +615,14 @@ circuit_get_by_circid_orconn(uint16_t circ_id, or_connection_t *conn)
|
|||
return circ;
|
||||
}
|
||||
|
||||
/** Return true iff the circuit ID <b>circ_id</b> is currently used by a
|
||||
* circuit, marked or not, on <b>conn</b>. */
|
||||
int
|
||||
circuit_id_in_use_on_orconn(uint16_t circ_id, or_connection_t *conn)
|
||||
{
|
||||
return circuit_get_by_circid_orconn_impl(circ_id, conn) != NULL;
|
||||
}
|
||||
|
||||
/** Return the circuit that a given edge connection is using. */
|
||||
circuit_t *
|
||||
circuit_get_by_edge_conn(edge_connection_t *conn)
|
||||
|
@ -779,10 +787,16 @@ circuit_find_to_cannibalize(uint8_t purpose, extend_info_t *info,
|
|||
if (info) {
|
||||
/* need to make sure we don't duplicate hops */
|
||||
crypt_path_t *hop = circ->cpath;
|
||||
routerinfo_t *ri1 = router_get_by_digest(info->identity_digest);
|
||||
do {
|
||||
routerinfo_t *ri2;
|
||||
if (!memcmp(hop->extend_info->identity_digest,
|
||||
info->identity_digest, DIGEST_LEN))
|
||||
goto next;
|
||||
if (ri1 &&
|
||||
(ri2 = router_get_by_digest(hop->extend_info->identity_digest))
|
||||
&& routers_in_same_family(ri1, ri2))
|
||||
goto next;
|
||||
hop=hop->next;
|
||||
} while (hop!=circ->cpath);
|
||||
}
|
||||
|
@ -884,9 +898,9 @@ _circuit_mark_for_close(circuit_t *circ, int reason, int line,
|
|||
file, line, circ->purpose);
|
||||
}
|
||||
reason = END_CIRC_REASON_NONE;
|
||||
} else if (CIRCUIT_IS_ORIGIN(circ) && reason < _END_CIRC_REASON_MIN) {
|
||||
/* We don't send reasons when closing circuits at the origin, but we want
|
||||
* to track them anyway so we can give them to the controller. */
|
||||
}
|
||||
if (CIRCUIT_IS_ORIGIN(circ)) {
|
||||
/* We don't send reasons when closing circuits at the origin. */
|
||||
reason = END_CIRC_REASON_NONE;
|
||||
}
|
||||
|
||||
|
@ -1050,10 +1064,15 @@ assert_circuit_ok(const circuit_t *c)
|
|||
tor_assert(c->purpose >= _CIRCUIT_PURPOSE_MIN &&
|
||||
c->purpose <= _CIRCUIT_PURPOSE_MAX);
|
||||
|
||||
if (CIRCUIT_IS_ORIGIN(c))
|
||||
origin_circ = TO_ORIGIN_CIRCUIT((circuit_t*)c);
|
||||
else
|
||||
or_circ = TO_OR_CIRCUIT((circuit_t*)c);
|
||||
{
|
||||
/* Having a separate variable for this pleases GCC 4.2 in ways I hope I
|
||||
* never understand. -NM. */
|
||||
circuit_t *nonconst_circ = (circuit_t*) c;
|
||||
if (CIRCUIT_IS_ORIGIN(c))
|
||||
origin_circ = TO_ORIGIN_CIRCUIT(nonconst_circ);
|
||||
else
|
||||
or_circ = TO_OR_CIRCUIT(nonconst_circ);
|
||||
}
|
||||
|
||||
if (c->n_conn) {
|
||||
tor_assert(!memcmp(c->n_conn->identity_digest, c->n_conn_id_digest,
|
||||
|
|
|
@ -94,7 +94,6 @@ circuit_is_acceptable(circuit_t *circ, edge_connection_t *conn,
|
|||
} else {
|
||||
if (conn->socks_request->command == SOCKS_COMMAND_CONNECT_DIR) {
|
||||
/* don't use three-hop circuits -- that could hurt our anonymity. */
|
||||
log_debug(LD_CIRC,"Skipping multi-hop circuit for CONNECT_DIR.");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
@ -1215,6 +1214,16 @@ connection_ap_handshake_attach_circuit(edge_connection_t *conn)
|
|||
|
||||
conn_age = time(NULL) - conn->_base.timestamp_created;
|
||||
|
||||
if (conn_age >= get_options()->SocksTimeout) {
|
||||
int severity = (!conn->_base.addr && !conn->_base.port) ?
|
||||
LOG_INFO : LOG_NOTICE;
|
||||
log_fn(severity, LD_APP,
|
||||
"Tried for %d seconds to get a connection to %s:%d. Giving up.",
|
||||
conn_age, safe_str(conn->socks_request->address),
|
||||
conn->socks_request->port);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!connection_edge_is_rendezvous_stream(conn)) { /* we're a general conn */
|
||||
origin_circuit_t *circ=NULL;
|
||||
|
||||
|
|
|
@ -196,7 +196,7 @@ command_process_create_cell(cell_t *cell, or_connection_t *conn)
|
|||
return;
|
||||
}
|
||||
|
||||
if (circuit_get_by_circid_orconn(cell->circ_id, conn)) {
|
||||
if (circuit_id_in_use_on_orconn(cell->circ_id, conn)) {
|
||||
routerinfo_t *router = router_get_by_digest(conn->identity_digest);
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
||||
"Received CREATE cell (circID %d) for known circ. "
|
||||
|
|
|
@ -441,7 +441,7 @@ static config_var_description_t options_description[] = {
|
|||
"and servers." },
|
||||
{ "ORListenAddress", "Bind to this address to listen for connections from "
|
||||
"clients and servers, instead of the default 0.0.0.0:ORPort." },
|
||||
{ "PublishServerDescriptors", "Set to 0 in order to keep the server from "
|
||||
{ "PublishServerDescriptor", "Set to 0 in order to keep the server from "
|
||||
"uploading info to the directory authorities." },
|
||||
/*{ "RedirectExit", "When an outgoing connection tries to connect to a "
|
||||
*"given address, redirect it to another address instead." },
|
||||
|
@ -584,7 +584,7 @@ typedef enum {
|
|||
/* Note: we compare these, so it's important that "old" precede everything,
|
||||
* and that "other" come last. */
|
||||
LE_OLD=0, LE_10C, LE_10D, LE_10E, LE_11, LE_11A, LE_11B, LE_12, LE_12A,
|
||||
LE_13, LE_13A,
|
||||
LE_13, LE_13A, LE_13B,
|
||||
LE_OTHER
|
||||
} le_version_t;
|
||||
static le_version_t decode_libevent_version(void);
|
||||
|
@ -732,15 +732,12 @@ add_default_trusted_dirservers(void)
|
|||
{
|
||||
int i;
|
||||
const char *dirservers[] = {
|
||||
/* eventually we should mark moria1 as "v1only" */
|
||||
"moria1 v1 orport=9001 18.244.0.188:9031 "
|
||||
"moria1 v1 orport=9001 128.31.0.34:9031 "
|
||||
"FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
|
||||
"moria2 v1 orport=443 18.244.0.114:80 "
|
||||
"moria2 v1 orport=9002 128.31.0.34:9032 "
|
||||
"719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
|
||||
"tor26 v1 orport=443 86.59.21.38:80 "
|
||||
"847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
|
||||
"lefkada orport=443 140.247.60.64:80 "
|
||||
"38D4 F5FC F7B1 0232 28B8 95EA 56ED E7D5 CCDC AF32",
|
||||
"dizum 194.109.206.212:80 "
|
||||
"7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
|
||||
NULL
|
||||
|
@ -789,7 +786,8 @@ options_act_reversible(or_options_t *old_options, char **msg)
|
|||
}
|
||||
|
||||
/* Ensure data directory is private; create if possible. */
|
||||
if (check_private_dir(options->DataDirectory, CPD_CREATE)<0) {
|
||||
if (check_private_dir(options->DataDirectory,
|
||||
options->command == CMD_RUN_TOR ? CPD_CREATE : CPD_CHECK)<0) {
|
||||
char buf[1024];
|
||||
int tmp = tor_snprintf(buf, sizeof(buf),
|
||||
"Couldn't access/create private data directory \"%s\"",
|
||||
|
@ -885,8 +883,8 @@ options_act(or_options_t *old_options)
|
|||
int running_tor = options->command == CMD_RUN_TOR;
|
||||
char *msg;
|
||||
|
||||
clear_trusted_dir_servers();
|
||||
if (options->DirServers) {
|
||||
clear_trusted_dir_servers();
|
||||
for (cl = options->DirServers; cl; cl = cl->next) {
|
||||
if (parse_dir_server_line(cl->value, 0)<0) {
|
||||
log_err(LD_BUG,
|
||||
|
@ -895,7 +893,8 @@ options_act(or_options_t *old_options)
|
|||
}
|
||||
}
|
||||
} else {
|
||||
add_default_trusted_dirservers();
|
||||
if (!smartlist_len(router_get_trusted_dir_servers()))
|
||||
add_default_trusted_dirservers();
|
||||
}
|
||||
|
||||
if (running_tor && rend_config_services(options, 0)<0) {
|
||||
|
@ -917,16 +916,16 @@ options_act(or_options_t *old_options)
|
|||
tor_free(fn);
|
||||
}
|
||||
|
||||
/* Load state */
|
||||
if (! global_state)
|
||||
if (or_state_load())
|
||||
return -1;
|
||||
|
||||
/* Bail out at this point if we're not going to be a client or server:
|
||||
* we want to not fork, and to log stuff to stderr. */
|
||||
if (options->command != CMD_RUN_TOR)
|
||||
return 0;
|
||||
|
||||
/* Load state */
|
||||
if (! global_state)
|
||||
if (or_state_load())
|
||||
return -1;
|
||||
|
||||
{
|
||||
smartlist_t *sl = smartlist_create();
|
||||
char *errmsg = NULL;
|
||||
|
@ -934,6 +933,8 @@ options_act(or_options_t *old_options)
|
|||
if (parse_redirect_line(sl, cl, &errmsg)<0) {
|
||||
log_warn(LD_CONFIG, "%s", errmsg);
|
||||
tor_free(errmsg);
|
||||
SMARTLIST_FOREACH(sl, exit_redirect_t *, er, tor_free(er));
|
||||
smartlist_free(sl);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
@ -958,7 +959,10 @@ options_act(or_options_t *old_options)
|
|||
/* Update address policies. */
|
||||
policies_parse_from_options(options);
|
||||
|
||||
init_cookie_authentication(options->CookieAuthentication);
|
||||
if (init_cookie_authentication(options->CookieAuthentication) < 0) {
|
||||
log_warn(LD_CONFIG,"Error creating cookie authentication file");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* reload keys as needed for rendezvous services. */
|
||||
if (rend_service_load_keys()<0) {
|
||||
|
@ -1803,6 +1807,7 @@ list_torrc_options(void)
|
|||
smartlist_clear(lines);
|
||||
}
|
||||
}
|
||||
smartlist_free(lines);
|
||||
}
|
||||
|
||||
/** Last value actually set by resolve_my_address. */
|
||||
|
@ -2734,6 +2739,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||
return -1;
|
||||
if (check_nickname_list(options->MyFamily, "MyFamily", msg))
|
||||
return -1;
|
||||
|
||||
if (options->NodeFamilies)
|
||||
COMPLAIN("NodeFamily config option is broken in this version of Tor.");
|
||||
for (cl = options->NodeFamilies; cl; cl = cl->next) {
|
||||
if (check_nickname_list(cl->value, "NodeFamily", msg))
|
||||
return -1;
|
||||
|
@ -2869,6 +2877,8 @@ options_transition_affects_descriptor(or_options_t *old_options,
|
|||
!opt_streq(old_options->Nickname,new_options->Nickname) ||
|
||||
!opt_streq(old_options->Address,new_options->Address) ||
|
||||
!config_lines_eq(old_options->ExitPolicy,new_options->ExitPolicy) ||
|
||||
old_options->ExitPolicyRejectPrivate !=
|
||||
new_options->ExitPolicyRejectPrivate ||
|
||||
old_options->ORPort != new_options->ORPort ||
|
||||
old_options->DirPort != new_options->DirPort ||
|
||||
old_options->ClientOnly != new_options->ClientOnly ||
|
||||
|
@ -3464,6 +3474,13 @@ parse_dir_server_line(const char *line, int validate_only)
|
|||
log_warn(LD_CONFIG, "Key digest for DirServer is wrong length.");
|
||||
goto err;
|
||||
}
|
||||
if (!strcmp(fingerprint, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) {
|
||||
/* a known bad fingerprint. refuse to use it. */
|
||||
log_warn(LD_CONFIG, "Dangerous dirserver line. To correct, erase your "
|
||||
"torrc file (%s), or reinstall Tor and use the default torrc.",
|
||||
get_torrc_fname());
|
||||
goto err;
|
||||
}
|
||||
if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
|
||||
log_warn(LD_CONFIG, "Unable to decode DirServer key digest.");
|
||||
goto err;
|
||||
|
@ -3829,6 +3846,7 @@ static const struct {
|
|||
{ "1.2a", LE_12A },
|
||||
{ "1.3", LE_13 },
|
||||
{ "1.3a", LE_13A },
|
||||
{ "1.3b", LE_13B },
|
||||
{ NULL, LE_OTHER }
|
||||
};
|
||||
|
||||
|
@ -3855,10 +3873,11 @@ decode_libevent_version(void)
|
|||
static void
|
||||
check_libevent_version(const char *m, int server)
|
||||
{
|
||||
int buggy = 0, iffy = 0, slow = 0;
|
||||
int buggy = 0, iffy = 0, slow = 0, thread_unsafe = 0;
|
||||
le_version_t version;
|
||||
const char *v = event_get_version();
|
||||
const char *badness = NULL;
|
||||
const char *sad_os = "";
|
||||
|
||||
version = decode_libevent_version();
|
||||
|
||||
|
@ -3891,7 +3910,26 @@ check_libevent_version(const char *m, int server)
|
|||
buggy = 1;
|
||||
}
|
||||
|
||||
if (buggy) {
|
||||
/* Libevent versions before 1.3b do very badly on operating systems with
|
||||
* user-space threading implementations. */
|
||||
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__)
|
||||
if (server && version < LE_13B) {
|
||||
thread_unsafe = 1;
|
||||
sad_os = "BSD variants";
|
||||
}
|
||||
#elif defined(__APPLE__) || defined(__darwin__)
|
||||
if (server && version < LE_13B) {
|
||||
thread_unsafe = 1;
|
||||
sad_os = "Mac OS X";
|
||||
}
|
||||
#endif
|
||||
|
||||
if (thread_unsafe) {
|
||||
log(LOG_WARN, LD_GENERAL,
|
||||
"Libevent version %s often crashes when running a Tor server with %s. "
|
||||
"Please use the latest version of libevent (1.3b or later)",v,sad_os);
|
||||
badness = "BROKEN";
|
||||
} else if (buggy) {
|
||||
log(LOG_WARN, LD_GENERAL,
|
||||
"There are known bugs in using %s with libevent %s. "
|
||||
"Please use the latest version of libevent.", m, v);
|
||||
|
@ -3908,9 +3946,6 @@ check_libevent_version(const char *m, int server)
|
|||
v,m);
|
||||
badness = "SLOW";
|
||||
}
|
||||
/* XXXX012 if libevent 1.3b comes out before 0.1.2.x, and it works,
|
||||
* recomment an upgrade to everybody on BSD or OSX or anywhere with
|
||||
* that flavor of pthreads. */
|
||||
if (badness) {
|
||||
control_event_general_status(LOG_WARN,
|
||||
"BAD_LIBEVENT VERSION=%s METHOD=%s BADNESS=%s RECOVERED=NO",
|
||||
|
@ -3963,16 +3998,18 @@ or_state_validate(or_state_t *old_state, or_state_t *state,
|
|||
if (entry_guards_parse_state(state, 0, msg)<0) {
|
||||
return -1;
|
||||
}
|
||||
if (state->TorVersion) {
|
||||
if (state->EntryGuards && state->TorVersion) {
|
||||
tor_version_t v;
|
||||
if (tor_version_parse(state->TorVersion, &v)) {
|
||||
log_warn(LD_GENERAL, "Can't parse Tor version '%s' from your state "
|
||||
"file. Proceeding anyway.", state->TorVersion);
|
||||
} else { /* take action based on v */
|
||||
if (tor_version_as_new_as(state->TorVersion, "0.1.1.10-alpha") &&
|
||||
!tor_version_as_new_as(state->TorVersion, "0.1.1.16-rc-cvs")) {
|
||||
log_notice(LD_CONFIG, "Detected state file from buggy version '%s'. "
|
||||
"Enabling workaround to choose working entry guards.",
|
||||
if ((tor_version_as_new_as(state->TorVersion, "0.1.1.10-alpha") &&
|
||||
!tor_version_as_new_as(state->TorVersion, "0.1.2.17")) ||
|
||||
(tor_version_as_new_as(state->TorVersion, "0.2.0.0-alpha") &&
|
||||
!tor_version_as_new_as(state->TorVersion, "0.2.0.6-alpha"))) {
|
||||
log_notice(LD_CONFIG, "Detected state file from old version '%s'. "
|
||||
"Choosing new entry guards for you.",
|
||||
state->TorVersion);
|
||||
config_free_lines(state->EntryGuards);
|
||||
state->EntryGuards = NULL;
|
||||
|
|
|
@ -132,10 +132,7 @@ conn_state_to_string(int type, int state)
|
|||
break;
|
||||
case CONN_TYPE_CONTROL:
|
||||
switch (state) {
|
||||
case CONTROL_CONN_STATE_OPEN_V0: return "open (protocol v0)";
|
||||
case CONTROL_CONN_STATE_OPEN_V1: return "open (protocol v1)";
|
||||
case CONTROL_CONN_STATE_NEEDAUTH_V0:
|
||||
return "waiting for authentication (protocol unknown)";
|
||||
case CONTROL_CONN_STATE_NEEDAUTH_V1:
|
||||
return "waiting for authentication (protocol v1)";
|
||||
}
|
||||
|
@ -404,7 +401,7 @@ connection_about_to_close_connection(connection_t *conn)
|
|||
edge_connection_t *edge_conn;
|
||||
time_t now = time(NULL);
|
||||
|
||||
assert(conn->marked_for_close);
|
||||
tor_assert(conn->marked_for_close);
|
||||
|
||||
if (CONN_IS_EDGE(conn)) {
|
||||
if (!conn->edge_has_sent_end) {
|
||||
|
@ -739,7 +736,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
|
|||
struct sockaddr_in remote;
|
||||
char addrbuf[256];
|
||||
/* length of the remote address. Must be whatever accept() needs. */
|
||||
socklen_t remotelen = 256;
|
||||
socklen_t remotelen = sizeof(addrbuf);
|
||||
char tmpbuf[INET_NTOA_BUF_LEN];
|
||||
tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
|
||||
memset(addrbuf, 0, sizeof(addrbuf));
|
||||
|
@ -765,6 +762,16 @@ connection_handle_listener_read(connection_t *conn, int new_type)
|
|||
news,conn->s);
|
||||
|
||||
set_socket_nonblocking(news);
|
||||
if (((struct sockaddr*)addrbuf)->sa_family != AF_INET) {
|
||||
log_info(LD_BUG, "A listener connection returned a socket with a "
|
||||
"mismatched family. %s for addr_family %d gave us a socket "
|
||||
"with address family %d. Dropping.",
|
||||
conn_type_to_string(conn->type),
|
||||
(int)AF_INET,
|
||||
(int)((struct sockaddr*)addrbuf)->sa_family);
|
||||
tor_close_socket(news);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (check_sockaddr_in((struct sockaddr*)addrbuf, remotelen, LOG_INFO)<0) {
|
||||
log_info(LD_NET,
|
||||
|
@ -860,7 +867,7 @@ connection_init_accepted_conn(connection_t *conn, uint8_t listener_type)
|
|||
conn->state = DIR_CONN_STATE_SERVER_COMMAND_WAIT;
|
||||
break;
|
||||
case CONN_TYPE_CONTROL:
|
||||
conn->state = CONTROL_CONN_STATE_NEEDAUTH_V0;
|
||||
conn->state = CONTROL_CONN_STATE_NEEDAUTH_V1;
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
|
@ -1321,15 +1328,19 @@ connection_bucket_refill(int seconds_elapsed)
|
|||
|
||||
/* refill the global buckets */
|
||||
if (global_read_bucket < (int)options->BandwidthBurst) {
|
||||
int initial_read_bucket = global_read_bucket;
|
||||
global_read_bucket += (int)options->BandwidthRate*seconds_elapsed;
|
||||
if (global_read_bucket > (int)options->BandwidthBurst)
|
||||
if (global_read_bucket > (int)options->BandwidthBurst ||
|
||||
global_read_bucket < initial_read_bucket)
|
||||
global_read_bucket = (int)options->BandwidthBurst;
|
||||
log(LOG_DEBUG, LD_NET,"global_read_bucket now %d.", global_read_bucket);
|
||||
}
|
||||
if (global_write_bucket < (int)options->BandwidthBurst) {
|
||||
int initial_write_bucket = global_write_bucket;
|
||||
global_write_bucket_empty_last_second = global_write_bucket == 0;
|
||||
global_write_bucket += (int)options->BandwidthRate*seconds_elapsed;
|
||||
if (global_write_bucket > (int)options->BandwidthBurst)
|
||||
if (global_write_bucket > (int)options->BandwidthBurst ||
|
||||
global_write_bucket < initial_write_bucket)
|
||||
global_write_bucket = (int)options->BandwidthBurst;
|
||||
log(LOG_DEBUG, LD_NET,"global_write_bucket now %d.", global_write_bucket);
|
||||
}
|
||||
|
@ -1342,8 +1353,10 @@ connection_bucket_refill(int seconds_elapsed)
|
|||
if (connection_speaks_cells(conn)) {
|
||||
or_connection_t *or_conn = TO_OR_CONN(conn);
|
||||
if (connection_read_bucket_should_increase(or_conn)) {
|
||||
int initial_read_bucket = or_conn->read_bucket;
|
||||
or_conn->read_bucket += or_conn->bandwidthrate*seconds_elapsed;
|
||||
if (or_conn->read_bucket > or_conn->bandwidthburst)
|
||||
if (or_conn->read_bucket > or_conn->bandwidthburst ||
|
||||
or_conn->read_bucket < initial_read_bucket)
|
||||
or_conn->read_bucket = or_conn->bandwidthburst;
|
||||
//log_fn(LOG_DEBUG,"Receiver bucket %d now %d.", i,
|
||||
// conn->read_bucket);
|
||||
|
@ -2121,8 +2134,7 @@ connection_state_is_open(connection_t *conn)
|
|||
(conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
|
||||
(conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
|
||||
(conn->type == CONN_TYPE_CONTROL &&
|
||||
(conn->state == CONTROL_CONN_STATE_OPEN_V0 ||
|
||||
conn->state == CONTROL_CONN_STATE_OPEN_V1)))
|
||||
conn->state == CONTROL_CONN_STATE_OPEN_V1))
|
||||
return 1;
|
||||
|
||||
return 0;
|
||||
|
@ -2283,6 +2295,9 @@ connection_finished_flushing(connection_t *conn)
|
|||
{
|
||||
tor_assert(conn);
|
||||
|
||||
if (conn->s < 0 || !conn->write_event)
|
||||
return 0;
|
||||
|
||||
// log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
|
||||
|
||||
switch (conn->type) {
|
||||
|
@ -2388,7 +2403,8 @@ assert_connection_ok(connection_t *conn, time_t now)
|
|||
if (conn->outbuf_flushlen > 0) {
|
||||
tor_assert(connection_is_writing(conn) || conn->wants_to_write ||
|
||||
(conn->type == CONN_TYPE_DIR &&
|
||||
TO_DIR_CONN(conn)->is_blocked_on_or_conn));
|
||||
(conn->marked_for_close ||
|
||||
TO_DIR_CONN(conn)->is_blocked_on_or_conn)));
|
||||
}
|
||||
|
||||
if (conn->hold_open_until_flushed)
|
||||
|
|
|
@ -29,7 +29,8 @@ static smartlist_t *redirect_exit_list = NULL;
|
|||
|
||||
static int connection_ap_handshake_process_socks(edge_connection_t *conn);
|
||||
static int connection_ap_process_natd(edge_connection_t *conn);
|
||||
static int connection_exit_connect_dir(edge_connection_t *exit_conn);
|
||||
static int connection_exit_connect_dir(edge_connection_t *exit_conn,
|
||||
or_circuit_t *circ);
|
||||
static int hostname_is_noconnect_address(const char *address);
|
||||
|
||||
/** An AP stream has failed/finished. If it hasn't already sent back
|
||||
|
@ -1389,6 +1390,11 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
|
|||
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Help predict this next time. We're not sure if it will need
|
||||
* a stable circuit yet, but we know we'll need *something*. */
|
||||
rep_hist_note_used_internal(time(NULL), 0, 1);
|
||||
|
||||
if (r==0) {
|
||||
conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT;
|
||||
log_info(LD_REND, "Unknown descriptor %s. Fetching.",
|
||||
|
@ -1684,10 +1690,14 @@ connection_ap_process_natd(edge_connection_t *conn)
|
|||
}
|
||||
|
||||
daddr = tbuf = &tmp_buf[0] + 6; /* after end of "[DEST " */
|
||||
while (*tbuf != '\0' && *tbuf != ' ')
|
||||
tbuf++;
|
||||
*tbuf = '\0';
|
||||
tbuf++;
|
||||
if (!(tbuf = strchr(tbuf, ' '))) {
|
||||
log_warn(LD_APP,"Natd handshake was ill-formed; closing. The client "
|
||||
"said: %s",
|
||||
escaped(tmp_buf));
|
||||
connection_mark_unattached_ap(conn, END_STREAM_REASON_INVALID_NATD_DEST);
|
||||
return -1;
|
||||
}
|
||||
*tbuf++ = '\0';
|
||||
|
||||
/* pretend that a socks handshake completed so we don't try to
|
||||
* send a socks reply down a natd conn */
|
||||
|
@ -2203,8 +2213,6 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
|
|||
relay_send_command_from_edge(rh.stream_id, circ, RELAY_COMMAND_END,
|
||||
end_payload, 1, NULL);
|
||||
connection_free(TO_CONN(n_stream));
|
||||
/* knock the whole thing down, somebody screwed up */
|
||||
circuit_mark_for_close(circ, END_CIRC_REASON_CONNECTFAILED);
|
||||
tor_free(address);
|
||||
return 0;
|
||||
}
|
||||
|
@ -2239,10 +2247,8 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
|
|||
if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
|
||||
if (or_circ && or_circ->p_conn && or_circ->p_conn->_base.addr)
|
||||
n_stream->_base.addr = or_circ->p_conn->_base.addr;
|
||||
n_stream->next_stream = TO_OR_CIRCUIT(circ)->n_streams;
|
||||
n_stream->on_circuit = circ;
|
||||
TO_OR_CIRCUIT(circ)->n_streams = n_stream;
|
||||
return connection_exit_connect_dir(n_stream);
|
||||
return connection_exit_connect_dir(n_stream, TO_OR_CIRCUIT(circ));
|
||||
}
|
||||
|
||||
/* send it off to the gethostbyname farm */
|
||||
|
@ -2424,7 +2430,8 @@ connection_exit_connect(edge_connection_t *edge_conn)
|
|||
* as appropriate.
|
||||
*/
|
||||
static int
|
||||
connection_exit_connect_dir(edge_connection_t *exit_conn)
|
||||
connection_exit_connect_dir(edge_connection_t *exit_conn,
|
||||
or_circuit_t *circ)
|
||||
{
|
||||
int fd[2];
|
||||
int err;
|
||||
|
@ -2470,6 +2477,9 @@ connection_exit_connect_dir(edge_connection_t *exit_conn)
|
|||
return 0;
|
||||
}
|
||||
|
||||
exit_conn->next_stream = circ->n_streams;
|
||||
circ->n_streams = exit_conn;
|
||||
|
||||
if (connection_add(TO_CONN(dir_conn))<0) {
|
||||
connection_edge_end(exit_conn, END_STREAM_REASON_RESOURCELIMIT,
|
||||
exit_conn->cpath_layer);
|
||||
|
|
1048
src/or/control.c
1048
src/or/control.c
File diff suppressed because it is too large
Load Diff
|
@ -455,6 +455,10 @@ directory_initiate_command(const char *address, uint32_t addr,
|
|||
* populate it and add it at the right state
|
||||
* socketpair and hook up both sides
|
||||
*/
|
||||
|
||||
if (private_connection)
|
||||
rep_hist_note_used_port(conn->_base.port, time(NULL));
|
||||
|
||||
conn->dirconn_direct = 0;
|
||||
conn->_base.s =
|
||||
connection_ap_make_bridge(conn->_base.address, conn->_base.port,
|
||||
|
@ -900,7 +904,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
|||
if (conn->dirconn_direct) {
|
||||
char *guess = http_get_header(headers, X_ADDRESS_HEADER);
|
||||
if (guess) {
|
||||
router_new_address_suggestion(guess);
|
||||
router_new_address_suggestion(guess, conn);
|
||||
tor_free(guess);
|
||||
}
|
||||
}
|
||||
|
@ -932,7 +936,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
|||
}
|
||||
(void) skewed; /* skewed isn't used yet. */
|
||||
|
||||
if (status_code == 503) {
|
||||
if (status_code == 503 && body_len < 16) {
|
||||
local_routerstatus_t *rs;
|
||||
trusted_dir_server_t *ds;
|
||||
time_t now = time(NULL);
|
||||
|
@ -947,6 +951,12 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
|||
|
||||
tor_free(body); tor_free(headers); tor_free(reason);
|
||||
return -1;
|
||||
} else if (status_code == 503) {
|
||||
/* XXXX022 Remove this once every server with bug 539 is obsolete. */
|
||||
log_info(LD_DIR, "Server at '%s:%d' sent us a 503 response, but included "
|
||||
"a body anyway. We'll pretend it gave us a 200.",
|
||||
conn->_base.address, conn->_base.port);
|
||||
status_code = 200;
|
||||
}
|
||||
|
||||
plausible = body_is_plausible(body, body_len, conn->_base.purpose);
|
||||
|
@ -1158,7 +1168,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
|||
if (which || (conn->requested_resource &&
|
||||
!strcmpstart(conn->requested_resource, "all"))) {
|
||||
/* as we learn from them, we remove them from 'which' */
|
||||
router_load_routers_from_string(body, SAVED_NOWHERE, which);
|
||||
router_load_routers_from_string(body, body_len, SAVED_NOWHERE, which);
|
||||
directory_info_has_arrived(time(NULL), 0);
|
||||
}
|
||||
if (which) { /* mark remaining ones as failed */
|
||||
|
@ -1361,7 +1371,7 @@ write_http_status_line(dir_connection_t *conn, int status,
|
|||
{
|
||||
char buf[256];
|
||||
if (tor_snprintf(buf, sizeof(buf), "HTTP/1.0 %d %s\r\n\r\n",
|
||||
status, reason_phrase) < 0) {
|
||||
status, reason_phrase ? reason_phrase : "OK") < 0) {
|
||||
log_warn(LD_BUG,"Bug: status line too long.");
|
||||
return;
|
||||
}
|
||||
|
@ -1730,6 +1740,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
|
|||
"Client asked for server descriptors, but we've been "
|
||||
"writing too many bytes lately. Sending 503 Dir busy.");
|
||||
write_http_status_line(conn, 503, "Directory busy, try again later");
|
||||
conn->dir_spool_src = DIR_SPOOL_NONE;
|
||||
return 0;
|
||||
}
|
||||
write_http_response_header(conn, -1,
|
||||
|
@ -1853,7 +1864,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
|
|||
log_debug(LD_DIRSERV,"rewritten url as '%s'.", url);
|
||||
|
||||
if (!strcmp(url,"/tor/")) { /* server descriptor post */
|
||||
const char *msg;
|
||||
const char *msg = NULL;
|
||||
int r = dirserv_add_descriptor(body, &msg);
|
||||
tor_assert(msg);
|
||||
if (r > 0)
|
||||
|
@ -2015,14 +2026,21 @@ dir_networkstatus_download_failed(smartlist_t *failed, int status_code)
|
|||
static void
|
||||
dir_routerdesc_download_failed(smartlist_t *failed, int status_code)
|
||||
{
|
||||
char digest[DIGEST_LEN];
|
||||
local_routerstatus_t *rs;
|
||||
time_t now = time(NULL);
|
||||
int server = server_mode(get_options()) && get_options()->DirPort;
|
||||
smartlist_t *routerstatuses, *digests = smartlist_create();
|
||||
|
||||
SMARTLIST_FOREACH(failed, const char *, cp,
|
||||
{
|
||||
base16_decode(digest, DIGEST_LEN, cp, strlen(cp));
|
||||
rs = router_get_combined_status_by_digest(digest);
|
||||
char *d = tor_malloc(DIGEST_LEN);
|
||||
base16_decode(d, DIGEST_LEN, cp, strlen(cp));
|
||||
smartlist_add(digests, d);
|
||||
});
|
||||
routerstatuses = router_get_combined_status_by_descriptor_digests(digests);
|
||||
SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
|
||||
smartlist_free(digests);
|
||||
|
||||
SMARTLIST_FOREACH(routerstatuses, local_routerstatus_t *, rs, {
|
||||
if (!rs || rs->n_download_failures >= MAX_ROUTERDESC_DOWNLOAD_FAILURES)
|
||||
continue;
|
||||
if (status_code != 503 || server)
|
||||
|
@ -2050,17 +2068,19 @@ dir_routerdesc_download_failed(smartlist_t *failed, int status_code)
|
|||
}
|
||||
}
|
||||
if (rs->next_attempt_at == 0)
|
||||
log_debug(LD_DIR, "%s failed %d time(s); I'll try again immediately.",
|
||||
cp, (int)rs->n_download_failures);
|
||||
log_debug(LD_DIR, "dl failed %d time(s); I'll try again immediately.",
|
||||
(int)rs->n_download_failures);
|
||||
else if (rs->next_attempt_at < TIME_MAX)
|
||||
log_debug(LD_DIR, "%s failed %d time(s); I'll try again in %d seconds.",
|
||||
cp, (int)rs->n_download_failures,
|
||||
log_debug(LD_DIR, "dl failed %d time(s); I'll try again in %d seconds.",
|
||||
(int)rs->n_download_failures,
|
||||
(int)(rs->next_attempt_at-now));
|
||||
else
|
||||
log_debug(LD_DIR, "%s failed %d time(s); Giving up for a while.",
|
||||
cp, (int)rs->n_download_failures);
|
||||
log_debug(LD_DIR, "dl failed %d time(s); Giving up for a while.",
|
||||
(int)rs->n_download_failures);
|
||||
});
|
||||
|
||||
smartlist_free(routerstatuses);
|
||||
|
||||
/* No need to relaunch descriptor downloads here: we already do it
|
||||
* every 10 seconds (DESCRIPTOR_RETRY_INTERVAL) in main.c. */
|
||||
}
|
||||
|
|
|
@ -610,6 +610,7 @@ directory_remove_invalid(void)
|
|||
ent->nickname, msg?msg:"");
|
||||
routerlist_remove(rl, ent, i--, 0);
|
||||
changed = 1;
|
||||
continue;
|
||||
}
|
||||
if (bool_neq((r & FP_NAMED), ent->is_named)) {
|
||||
log_info(LD_DIRSERV,
|
||||
|
@ -1678,6 +1679,8 @@ generate_v2_networkstatus(void)
|
|||
outp += strlen(outp);
|
||||
if (ri->platform && !strcmpstart(ri->platform, "Tor ")) {
|
||||
const char *eos = find_whitespace(ri->platform+4);
|
||||
if (eos && !strcmpstart(eos, " (r"))
|
||||
eos = find_whitespace(eos+1);
|
||||
if (eos) {
|
||||
char *platform = tor_strndup(ri->platform, eos-(ri->platform));
|
||||
if (tor_snprintf(outp, endp-outp,
|
||||
|
@ -2048,12 +2051,20 @@ connection_dirserv_unlink_from_bridge(dir_connection_t *dir_conn)
|
|||
or_conn = connection_dirserv_get_target_or_conn(dir_conn);
|
||||
if (or_conn) {
|
||||
/* XXXX Really, this is only necessary if dir_conn->is_blocked_on_or_conn.
|
||||
* But for now, let's leave it in, so the assert can catch */
|
||||
* But for now, let's leave it in, so the assert can catch problems. */
|
||||
connection_dirserv_remove_from_blocked_list(or_conn, dir_conn);
|
||||
}
|
||||
dir_conn->is_blocked_on_or_conn = 0; /* Probably redundant. */
|
||||
edge_conn->bridge_for_conn = NULL;
|
||||
dir_conn->bridge_conn = NULL;
|
||||
if (edge_conn) {
|
||||
edge_conn->bridge_for_conn = NULL;
|
||||
if (!edge_conn->_base.marked_for_close) {
|
||||
TO_CONN(edge_conn)->edge_has_sent_end = 1;
|
||||
connection_mark_for_close(TO_CONN(edge_conn));
|
||||
}
|
||||
}
|
||||
if (!dir_conn->_base.marked_for_close)
|
||||
connection_mark_for_close(TO_CONN(dir_conn));
|
||||
}
|
||||
|
||||
/** Stop writing on a bridged dir_conn, and remember that it's blocked because
|
||||
|
@ -2081,8 +2092,8 @@ connection_dirserv_stop_blocking_all_on_or_conn(or_connection_t *or_conn)
|
|||
{
|
||||
dir_connection_t *dir_conn, *next;
|
||||
|
||||
while (or_conn->blocked_dir_connections) {
|
||||
dir_conn = or_conn->blocked_dir_connections;
|
||||
dir_conn = or_conn->blocked_dir_connections;
|
||||
while (dir_conn) {
|
||||
next = dir_conn->next_blocked_on_same_or_conn;
|
||||
|
||||
dir_conn->is_blocked_on_or_conn = 0;
|
||||
|
|
31
src/or/dns.c
31
src/or/dns.c
|
@ -185,7 +185,7 @@ evdns_log_cb(int warn, const char *msg)
|
|||
}
|
||||
if (!strcmpstart(msg, "Nameserver ") && (cp=strstr(msg, " has failed: "))) {
|
||||
char *ns = tor_strndup(msg+11, cp-(msg+11));
|
||||
const char *err = strchr(cp, ':'+2);
|
||||
const char *err = strchr(cp, ':')+2;
|
||||
/* Don't warn about a single failed nameserver; we'll warn with 'all
|
||||
* nameservers have failed' if we're completely out of nameservers;
|
||||
* otherwise, the situation is tolerable. */
|
||||
|
@ -409,15 +409,15 @@ purge_expired_resolves(time_t now)
|
|||
removed ? removed->address : "NULL", (void*)remove);
|
||||
}
|
||||
tor_assert(removed == resolve);
|
||||
if (resolve->is_reverse)
|
||||
tor_free(resolve->result.hostname);
|
||||
resolve->magic = 0xF0BBF0BB;
|
||||
tor_free(resolve);
|
||||
} else {
|
||||
/* This should be in state DONE. Make sure it's not in the cache. */
|
||||
cached_resolve_t *tmp = HT_FIND(cache_map, &cache_root, resolve);
|
||||
tor_assert(tmp != resolve);
|
||||
}
|
||||
if (resolve->is_reverse)
|
||||
tor_free(resolve->result.hostname);
|
||||
resolve->magic = 0xF0BBF0BB;
|
||||
tor_free(resolve);
|
||||
}
|
||||
|
||||
assert_cache_ok();
|
||||
|
@ -839,9 +839,19 @@ dns_cancel_pending_resolve(const char *address)
|
|||
strlcpy(search.address, address, sizeof(search.address));
|
||||
|
||||
resolve = HT_FIND(cache_map, &cache_root, &search);
|
||||
if (!resolve || resolve->state != CACHE_STATE_PENDING) {
|
||||
log_notice(LD_BUG,"Address %s is not pending. Dropping.",
|
||||
if (!resolve)
|
||||
return;
|
||||
|
||||
if (resolve->state != CACHE_STATE_PENDING) {
|
||||
/* We can get into this state if we never actually created the pending
|
||||
* resolve, due to finding an earlier cached error or something. Just
|
||||
* ignore it. */
|
||||
if (resolve->pending_connections) {
|
||||
log_warn(LD_BUG,
|
||||
"Address %s is not pending but has pending connections!",
|
||||
escaped_safe_str(address));
|
||||
tor_fragile_assert();
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -1519,6 +1529,7 @@ configure_nameservers(int force)
|
|||
or_options_t *options;
|
||||
const char *conf_fname;
|
||||
struct stat st;
|
||||
int r;
|
||||
options = get_options();
|
||||
conf_fname = options->ServerDNSResolvConfFile;
|
||||
#ifndef MS_WINDOWS
|
||||
|
@ -1543,9 +1554,9 @@ configure_nameservers(int force)
|
|||
evdns_clear_nameservers_and_suspend();
|
||||
}
|
||||
log_info(LD_EXIT, "Parsing resolver configuration in '%s'", conf_fname);
|
||||
if (evdns_resolv_conf_parse(DNS_OPTIONS_ALL, conf_fname)) {
|
||||
log_warn(LD_EXIT, "Unable to parse '%s', or no nameservers in '%s'",
|
||||
conf_fname, conf_fname);
|
||||
if ((r = evdns_resolv_conf_parse(DNS_OPTIONS_ALL, conf_fname))) {
|
||||
log_warn(LD_EXIT, "Unable to parse '%s', or no nameservers in '%s' (%d)",
|
||||
conf_fname, conf_fname, r);
|
||||
return -1;
|
||||
}
|
||||
if (evdns_count_nameservers() == 0) {
|
||||
|
|
|
@ -32,10 +32,9 @@
|
|||
* Version: 0.1b
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
#include "eventdns_tor.h"
|
||||
#include <sys/types.h>
|
||||
//#define NDEBUG
|
||||
#include "../common/torint.h"
|
||||
|
||||
#ifndef DNS_USE_CPU_CLOCK_FOR_ID
|
||||
#ifndef DNS_USE_GETTIMEOFDAY_FOR_ID
|
||||
|
@ -2683,7 +2682,7 @@ resolv_conf_parse_line(char *const start, int flags) {
|
|||
int
|
||||
evdns_resolv_conf_parse(int flags, const char *const filename) {
|
||||
struct stat st;
|
||||
int fd;
|
||||
int fd, n, r;
|
||||
u8 *resolv;
|
||||
char *start;
|
||||
int err = 0;
|
||||
|
@ -2707,10 +2706,15 @@ evdns_resolv_conf_parse(int flags, const char *const filename) {
|
|||
resolv = (u8 *) malloc((size_t)st.st_size + 1);
|
||||
if (!resolv) { err = 4; goto out1; }
|
||||
|
||||
if (read(fd, resolv, (size_t)st.st_size) != st.st_size) {
|
||||
err = 5; goto out2;
|
||||
n = 0;
|
||||
while ((r = read(fd, resolv+n, (size_t)st.st_size-n)) > 0) {
|
||||
n += r;
|
||||
if (n == st.st_size)
|
||||
break;
|
||||
assert(n < st.st_size);
|
||||
}
|
||||
resolv[st.st_size] = 0; // we malloced an extra byte
|
||||
if (r < 0) { err = 5; goto out2; }
|
||||
resolv[n] = 0; // we malloced an extra byte; this should be fine.
|
||||
|
||||
start = (char *) resolv;
|
||||
for (;;) {
|
||||
|
|
|
@ -747,6 +747,8 @@ run_scheduled_events(time_t now)
|
|||
static time_t time_to_try_getting_descriptors = 0;
|
||||
static time_t time_to_reset_descriptor_failures = 0;
|
||||
static time_t time_to_add_entropy = 0;
|
||||
#define CLEAN_CACHES_INTERVAL (30*60)
|
||||
static time_t time_to_clean_caches = 0;
|
||||
or_options_t *options = get_options();
|
||||
int i;
|
||||
int have_dir_info;
|
||||
|
@ -854,12 +856,14 @@ run_scheduled_events(time_t now)
|
|||
/** How often do we (as a cache) fetch a new V1 runningrouters document? */
|
||||
#define V1_RUNNINGROUTERS_FETCH_PERIOD (30*60)
|
||||
time_to_fetch_running_routers = now + V1_RUNNINGROUTERS_FETCH_PERIOD;
|
||||
}
|
||||
|
||||
/* Also, take this chance to remove old information from rephist
|
||||
* and the rend cache. */
|
||||
/* Remove old information from rephist and the rend cache. */
|
||||
if (time_to_clean_caches < now) {
|
||||
rep_history_clean(now - options->RephistTrackTime);
|
||||
rend_cache_clean();
|
||||
}
|
||||
time_to_clean_caches = now + CLEAN_CACHES_INTERVAL;
|
||||
}
|
||||
|
||||
/* 2b. Once per minute, regenerate and upload the descriptor if the old
|
||||
* one is inaccurate. */
|
||||
|
@ -1133,7 +1137,7 @@ dns_servers_relaunch_checks(void)
|
|||
}
|
||||
|
||||
/** Called when we get a SIGHUP: reload configuration files and keys,
|
||||
* retry all connections, re-upload all descriptors, and so on. */
|
||||
* retry all connections, and so on. */
|
||||
static int
|
||||
do_hup(void)
|
||||
{
|
||||
|
@ -1178,7 +1182,6 @@ do_hup(void)
|
|||
|
||||
if (server_mode(options)) {
|
||||
// const char *descriptor;
|
||||
mark_my_descriptor_dirty();
|
||||
/* Restart cpuworker and dnsworker processes, so they get up-to-date
|
||||
* configuration options. */
|
||||
cpuworkers_rotate();
|
||||
|
@ -1354,7 +1357,7 @@ signal_callback(int fd, short events, void *arg)
|
|||
switch (sig)
|
||||
{
|
||||
case SIGTERM:
|
||||
log_err(LD_GENERAL,"Catching signal TERM, exiting cleanly.");
|
||||
log_notice(LD_GENERAL,"Catching signal TERM, exiting cleanly.");
|
||||
tor_cleanup();
|
||||
exit(0);
|
||||
break;
|
||||
|
@ -1926,8 +1929,8 @@ nt_service_control(DWORD request)
|
|||
switch (request) {
|
||||
case SERVICE_CONTROL_STOP:
|
||||
case SERVICE_CONTROL_SHUTDOWN:
|
||||
log_err(LD_GENERAL,
|
||||
"Got stop/shutdown request; shutting down cleanly.");
|
||||
log_notice(LD_GENERAL,
|
||||
"Got stop/shutdown request; shutting down cleanly.");
|
||||
service_status.dwCurrentState = SERVICE_STOP_PENDING;
|
||||
event_loopexit(&exit_now);
|
||||
return;
|
||||
|
|
|
@ -335,14 +335,14 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
|
|||
len = crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN,
|
||||
key_material, 20+key_out_len);
|
||||
if (len < 0)
|
||||
return -1;
|
||||
goto err;
|
||||
|
||||
if (memcmp(key_material, handshake_reply+DH_KEY_LEN, 20)) {
|
||||
/* H(K) does *not* match. Something fishy. */
|
||||
tor_free(key_material);
|
||||
log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on onion handshake. "
|
||||
"Bug or attack.");
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* use the rest of the key material for our shared keys, digests, etc */
|
||||
|
@ -356,6 +356,9 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
|
|||
|
||||
tor_free(key_material);
|
||||
return 0;
|
||||
err:
|
||||
tor_free(key_material);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/** Implement the server side of the CREATE_FAST abbreviated handshake. The
|
||||
|
@ -428,6 +431,7 @@ fast_client_handshake(const char *handshake_state, /* DIGEST_LEN bytes */
|
|||
/* H(K) does *not* match. Something fishy. */
|
||||
log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on fast handshake. "
|
||||
"Bug or attack.");
|
||||
tor_free(out);
|
||||
return -1;
|
||||
}
|
||||
memcpy(key_out, out+DIGEST_LEN, key_out_len);
|
||||
|
|
33
src/or/or.h
33
src/or/or.h
|
@ -341,17 +341,11 @@ typedef enum {
|
|||
#define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER)
|
||||
|
||||
#define _CONTROL_CONN_STATE_MIN 1
|
||||
/** State for a control connection: Authenticated and accepting v0 commands. */
|
||||
#define CONTROL_CONN_STATE_OPEN_V0 1
|
||||
/** State for a control connection: Authenticated and accepting v1 commands. */
|
||||
#define CONTROL_CONN_STATE_OPEN_V1 2
|
||||
/** State for a control connection: Waiting for authentication; either
|
||||
* speaking v0 commands or waiting for evidence that it's a v1
|
||||
* connection. */
|
||||
#define CONTROL_CONN_STATE_NEEDAUTH_V0 3
|
||||
/** State for a control connection: Waiting for authentication; speaking
|
||||
* protocol v1. */
|
||||
#define CONTROL_CONN_STATE_NEEDAUTH_V1 4
|
||||
#define CONTROL_CONN_STATE_NEEDAUTH_V1 3
|
||||
#define _CONTROL_CONN_STATE_MAX 4
|
||||
|
||||
#define _DIR_PURPOSE_MIN 1
|
||||
|
@ -942,6 +936,9 @@ typedef struct control_connection_t {
|
|||
* events as appropriate. */
|
||||
unsigned int use_extended_events:1;
|
||||
|
||||
/** True if we have sent a protocolinfo reply on this connection. */
|
||||
unsigned int have_sent_protocolinfo:1;
|
||||
|
||||
uint32_t incoming_cmd_len;
|
||||
uint32_t incoming_cmd_cur_len;
|
||||
char *incoming_cmd;
|
||||
|
@ -1929,8 +1926,7 @@ int fetch_from_buf_http(buf_t *buf,
|
|||
int force_complete);
|
||||
int fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
|
||||
int log_sockstype, int safe_socks);
|
||||
int fetch_from_buf_control0(buf_t *buf, uint32_t *len_out, uint16_t *type_out,
|
||||
char **body_out, int check_for_v1);
|
||||
int peek_buf_has_control0_command(buf_t *buf);
|
||||
int fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len);
|
||||
int fetch_from_buf_line_lf(buf_t *buf, char *data_out, size_t *data_len);
|
||||
|
||||
|
@ -2001,6 +1997,7 @@ origin_circuit_t *origin_circuit_new(void);
|
|||
or_circuit_t *or_circuit_new(uint16_t p_circ_id, or_connection_t *p_conn);
|
||||
circuit_t *circuit_get_by_circid_orconn(uint16_t circ_id,
|
||||
or_connection_t *conn);
|
||||
int circuit_id_in_use_on_orconn(uint16_t circ_id, or_connection_t *conn);
|
||||
circuit_t *circuit_get_by_edge_conn(edge_connection_t *conn);
|
||||
void circuit_unlink_all_from_or_conn(or_connection_t *conn, int reason);
|
||||
origin_circuit_t *circuit_get_by_global_id(uint32_t id);
|
||||
|
@ -2604,9 +2601,8 @@ void policies_parse_from_options(or_options_t *options);
|
|||
int cmp_addr_policies(addr_policy_t *a, addr_policy_t *b);
|
||||
addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr,
|
||||
uint16_t port, addr_policy_t *policy);
|
||||
int policies_parse_exit_policy(config_line_t *cfg,
|
||||
addr_policy_t **dest,
|
||||
int rejectprivate);
|
||||
int policies_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest,
|
||||
int rejectprivate, const char *local_address);
|
||||
int exit_policy_is_general_exit(addr_policy_t *policy);
|
||||
int policy_is_reject_star(addr_policy_t *policy);
|
||||
int getinfo_helper_policies(control_connection_t *conn,
|
||||
|
@ -2826,7 +2822,8 @@ void mark_my_descriptor_dirty_if_older_than(time_t when);
|
|||
void mark_my_descriptor_dirty(void);
|
||||
void check_descriptor_bandwidth_changed(time_t now);
|
||||
void check_descriptor_ipaddress_changed(time_t now);
|
||||
void router_new_address_suggestion(const char *suggestion);
|
||||
void router_new_address_suggestion(const char *suggestion,
|
||||
const dir_connection_t *conn);
|
||||
int router_compare_to_my_exit_policy(edge_connection_t *conn);
|
||||
routerinfo_t *router_get_my_routerinfo(void);
|
||||
const char *router_get_my_descriptor(void);
|
||||
|
@ -2895,6 +2892,7 @@ routerstatus_t *router_pick_trusteddirserver(authority_type_t type,
|
|||
trusted_dir_server_t *router_get_trusteddirserver_by_digest(
|
||||
const char *digest);
|
||||
void routerlist_add_family(smartlist_t *sl, routerinfo_t *router);
|
||||
int routers_in_same_family(routerinfo_t *r1, routerinfo_t *r2);
|
||||
void add_nickname_list_to_smartlist(smartlist_t *sl, const char *list,
|
||||
int must_be_running);
|
||||
int router_nickname_is_in_list(routerinfo_t *router, const char *list);
|
||||
|
@ -2907,7 +2905,8 @@ routerinfo_t *router_find_exact_exit_enclave(const char *address,
|
|||
int router_is_unreliable(routerinfo_t *router, int need_uptime,
|
||||
int need_capacity, int need_guard);
|
||||
uint32_t router_get_advertised_bandwidth(routerinfo_t *router);
|
||||
routerinfo_t *routerlist_sl_choose_by_bandwidth(smartlist_t *sl, int for_exit);
|
||||
routerinfo_t *routerlist_sl_choose_by_bandwidth(smartlist_t *sl, int for_exit,
|
||||
int for_guard);
|
||||
routerstatus_t *routerstatus_sl_choose_by_bandwidth(smartlist_t *sl);
|
||||
|
||||
routerinfo_t *router_choose_random_node(const char *preferred,
|
||||
|
@ -2943,7 +2942,7 @@ int router_add_to_routerlist(routerinfo_t *router, const char **msg,
|
|||
int from_cache, int from_fetch);
|
||||
int router_load_single_router(const char *s, uint8_t purpose,
|
||||
const char **msg);
|
||||
void router_load_routers_from_string(const char *s,
|
||||
void router_load_routers_from_string(const char *s, size_t len,
|
||||
saved_location_t saved_location,
|
||||
smartlist_t *requested_fingerprints);
|
||||
typedef enum {
|
||||
|
@ -2966,6 +2965,9 @@ void clear_trusted_dir_servers(void);
|
|||
int any_trusted_dir_is_v1_authority(void);
|
||||
networkstatus_t *networkstatus_get_by_digest(const char *digest);
|
||||
local_routerstatus_t *router_get_combined_status_by_digest(const char *digest);
|
||||
smartlist_t *router_get_combined_status_by_descriptor_digests(
|
||||
smartlist_t *digests);
|
||||
|
||||
routerstatus_t *routerstatus_get_by_hexdigest(const char *hexdigest);
|
||||
void update_networkstatus_downloads(time_t now);
|
||||
void update_router_descriptor_downloads(time_t now);
|
||||
|
@ -3021,6 +3023,7 @@ int router_append_dirobj_signature(char *buf, size_t buf_len,
|
|||
const char *digest,
|
||||
crypto_pk_env_t *private_key);
|
||||
int router_parse_list_from_string(const char **s,
|
||||
const char *eos,
|
||||
smartlist_t *dest,
|
||||
saved_location_t saved_location);
|
||||
int router_parse_routerlist_from_directory(const char *s,
|
||||
|
|
|
@ -232,7 +232,7 @@ validate_addr_policies(or_options_t *options, char **msg)
|
|||
*msg = NULL;
|
||||
|
||||
if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
|
||||
options->ExitPolicyRejectPrivate))
|
||||
options->ExitPolicyRejectPrivate, NULL))
|
||||
REJECT("Error in ExitPolicy entry.");
|
||||
|
||||
/* The rest of these calls *append* to addr_policy. So don't actually
|
||||
|
@ -554,10 +554,16 @@ exit_policy_remove_redundancies(addr_policy_t **dest)
|
|||
*/
|
||||
int
|
||||
policies_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest,
|
||||
int rejectprivate)
|
||||
int rejectprivate, const char *local_address)
|
||||
{
|
||||
if (rejectprivate)
|
||||
if (rejectprivate) {
|
||||
append_exit_policy_string(dest, "reject private:*");
|
||||
if (local_address) {
|
||||
char buf[POLICY_BUF_LEN];
|
||||
tor_snprintf(buf, sizeof(buf), "reject %s:*", local_address);
|
||||
append_exit_policy_string(dest, buf);
|
||||
}
|
||||
}
|
||||
if (parse_addr_policy(cfg, dest, -1))
|
||||
return -1;
|
||||
append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
|
||||
|
|
|
@ -17,7 +17,8 @@ const char relay_c_id[] =
|
|||
static int relay_crypt(circuit_t *circ, cell_t *cell, int cell_direction,
|
||||
crypt_path_t **layer_hint, char *recognized);
|
||||
static edge_connection_t *relay_lookup_conn(circuit_t *circ, cell_t *cell,
|
||||
int cell_direction);
|
||||
int cell_direction,
|
||||
crypt_path_t *layer_hint);
|
||||
|
||||
static int
|
||||
connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
|
||||
|
@ -162,7 +163,8 @@ circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, int cell_direction)
|
|||
}
|
||||
|
||||
if (recognized) {
|
||||
edge_connection_t *conn = relay_lookup_conn(circ, cell, cell_direction);
|
||||
edge_connection_t *conn = relay_lookup_conn(circ, cell, cell_direction,
|
||||
layer_hint);
|
||||
if (cell_direction == CELL_DIRECTION_OUT) {
|
||||
++stats_n_relay_cells_delivered;
|
||||
log_debug(LD_OR,"Sending away from origin.");
|
||||
|
@ -372,7 +374,8 @@ circuit_package_relay_cell(cell_t *cell, circuit_t *circ,
|
|||
* attached to circ, return that conn, else return NULL.
|
||||
*/
|
||||
static edge_connection_t *
|
||||
relay_lookup_conn(circuit_t *circ, cell_t *cell, int cell_direction)
|
||||
relay_lookup_conn(circuit_t *circ, cell_t *cell, int cell_direction,
|
||||
crypt_path_t *layer_hint)
|
||||
{
|
||||
edge_connection_t *tmpconn;
|
||||
relay_header_t rh;
|
||||
|
@ -390,7 +393,8 @@ relay_lookup_conn(circuit_t *circ, cell_t *cell, int cell_direction)
|
|||
for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
|
||||
tmpconn=tmpconn->next_stream) {
|
||||
if (rh.stream_id == tmpconn->stream_id &&
|
||||
!tmpconn->_base.marked_for_close) {
|
||||
!tmpconn->_base.marked_for_close &&
|
||||
tmpconn->cpath_layer == layer_hint) {
|
||||
log_debug(LD_APP,"found conn for stream %d.", rh.stream_id);
|
||||
return tmpconn;
|
||||
}
|
||||
|
|
|
@ -468,7 +468,7 @@ rend_client_desc_here(const char *query)
|
|||
} else { /* 404, or fetch didn't get that far */
|
||||
log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
|
||||
"unavailable (try again later).", safe_str(query));
|
||||
connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
|
||||
connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -146,7 +146,7 @@ rend_parse_service_descriptor(const char *str, size_t len)
|
|||
result->protocols = ntohs(get_uint16(cp));
|
||||
cp += 2;
|
||||
} else {
|
||||
result->protocols = 1;
|
||||
result->protocols = 1<<2; /* always use intro format 2 */
|
||||
}
|
||||
if (end-cp < 2) goto truncated;
|
||||
result->n_intro_points = ntohs(get_uint16(cp));
|
||||
|
@ -436,7 +436,7 @@ rend_process_relay_cell(circuit_t *circ, int command, size_t length,
|
|||
{
|
||||
or_circuit_t *or_circ = NULL;
|
||||
origin_circuit_t *origin_circ = NULL;
|
||||
int r;
|
||||
int r=0;
|
||||
if (CIRCUIT_IS_ORIGIN(circ))
|
||||
origin_circ = TO_ORIGIN_CIRCUIT(circ);
|
||||
else
|
||||
|
@ -444,31 +444,40 @@ rend_process_relay_cell(circuit_t *circ, int command, size_t length,
|
|||
|
||||
switch (command) {
|
||||
case RELAY_COMMAND_ESTABLISH_INTRO:
|
||||
r = rend_mid_establish_intro(or_circ,payload,length);
|
||||
if (or_circ)
|
||||
r = rend_mid_establish_intro(or_circ,payload,length);
|
||||
break;
|
||||
case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
|
||||
r = rend_mid_establish_rendezvous(or_circ,payload,length);
|
||||
if (or_circ)
|
||||
r = rend_mid_establish_rendezvous(or_circ,payload,length);
|
||||
break;
|
||||
case RELAY_COMMAND_INTRODUCE1:
|
||||
r = rend_mid_introduce(or_circ,payload,length);
|
||||
if (or_circ)
|
||||
r = rend_mid_introduce(or_circ,payload,length);
|
||||
break;
|
||||
case RELAY_COMMAND_INTRODUCE2:
|
||||
r = rend_service_introduce(origin_circ,payload,length);
|
||||
if (origin_circ)
|
||||
r = rend_service_introduce(origin_circ,payload,length);
|
||||
break;
|
||||
case RELAY_COMMAND_INTRODUCE_ACK:
|
||||
r = rend_client_introduction_acked(origin_circ,payload,length);
|
||||
if (origin_circ)
|
||||
r = rend_client_introduction_acked(origin_circ,payload,length);
|
||||
break;
|
||||
case RELAY_COMMAND_RENDEZVOUS1:
|
||||
r = rend_mid_rendezvous(or_circ,payload,length);
|
||||
if (or_circ)
|
||||
r = rend_mid_rendezvous(or_circ,payload,length);
|
||||
break;
|
||||
case RELAY_COMMAND_RENDEZVOUS2:
|
||||
r = rend_client_receive_rendezvous(origin_circ,payload,length);
|
||||
if (origin_circ)
|
||||
r = rend_client_receive_rendezvous(origin_circ,payload,length);
|
||||
break;
|
||||
case RELAY_COMMAND_INTRO_ESTABLISHED:
|
||||
r = rend_service_intro_established(origin_circ,payload,length);
|
||||
if (origin_circ)
|
||||
r = rend_service_intro_established(origin_circ,payload,length);
|
||||
break;
|
||||
case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
|
||||
r = rend_client_rendezvous_acked(origin_circ,payload,length);
|
||||
if (origin_circ)
|
||||
r = rend_client_rendezvous_acked(origin_circ,payload,length);
|
||||
break;
|
||||
default:
|
||||
tor_assert(0);
|
||||
|
|
|
@ -254,6 +254,7 @@ rend_config_services(or_options_t *options, int validate_only)
|
|||
log_warn(LD_CONFIG,
|
||||
"Got multiple HiddenServiceNodes lines for a single "
|
||||
"service.");
|
||||
rend_service_free(service);
|
||||
return -1;
|
||||
}
|
||||
service->intro_prefer_nodes = tor_strdup(line->value);
|
||||
|
@ -263,6 +264,7 @@ rend_config_services(or_options_t *options, int validate_only)
|
|||
log_warn(LD_CONFIG,
|
||||
"Got multiple HiddenServiceExcludedNodes lines for "
|
||||
"a single service.");
|
||||
rend_service_free(service);
|
||||
return -1;
|
||||
}
|
||||
service->intro_exclude_nodes = tor_strdup(line->value);
|
||||
|
@ -303,16 +305,17 @@ rend_service_update_descriptor(rend_service_t *service)
|
|||
d->intro_point_extend_info = tor_malloc_zero(sizeof(extend_info_t*)*n);
|
||||
d->protocols = (1<<2) | (1<<0); /* We support protocol 2 and protocol 0. */
|
||||
for (i=0; i < n; ++i) {
|
||||
router = router_get_by_nickname(smartlist_get(service->intro_nodes, i),1);
|
||||
const char *name = smartlist_get(service->intro_nodes, i);
|
||||
router = router_get_by_nickname(name, 1);
|
||||
if (!router) {
|
||||
log_info(LD_REND,"Router '%s' not found for intro point %d. Skipping.",
|
||||
safe_str((char*)smartlist_get(service->intro_nodes, i)), i);
|
||||
safe_str(name), i);
|
||||
continue;
|
||||
}
|
||||
circ = find_intro_circuit(router, service->pk_digest);
|
||||
if (circ && circ->_base.purpose == CIRCUIT_PURPOSE_S_INTRO) {
|
||||
/* We have an entirely established intro circuit. */
|
||||
d->intro_points[d->n_intro_points] = tor_strdup(router->nickname);
|
||||
d->intro_points[d->n_intro_points] = tor_strdup(name);
|
||||
d->intro_point_extend_info[d->n_intro_points] =
|
||||
extend_info_from_router(router);
|
||||
d->n_intro_points++;
|
||||
|
@ -552,7 +555,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
|
|||
if (len != REND_COOKIE_LEN+DH_KEY_LEN) {
|
||||
log_warn(LD_PROTOCOL, "Bad length %u for INTRODUCE2 cell.", (int)len);
|
||||
reason = END_CIRC_REASON_TORPROTOCOL;
|
||||
return -1;
|
||||
goto err;
|
||||
}
|
||||
|
||||
r_cookie = ptr;
|
||||
|
|
|
@ -719,6 +719,8 @@ rep_hist_load_state(or_state_t *state, char **err)
|
|||
if (s_values && s_begins >= now - NUM_SECS_BW_SUM_INTERVAL*NUM_TOTALS) {
|
||||
start = s_begins - s_interval*(smartlist_len(s_values));
|
||||
|
||||
if (start > now)
|
||||
continue;
|
||||
b->cur_obs_time = start;
|
||||
b->next_period = start + NUM_SECS_BW_SUM_INTERVAL;
|
||||
SMARTLIST_FOREACH(s_values, char *, cp, {
|
||||
|
@ -727,8 +729,10 @@ rep_hist_load_state(or_state_t *state, char **err)
|
|||
all_ok=0;
|
||||
log_notice(LD_GENERAL, "Could not parse '%s' into a number.'", cp);
|
||||
}
|
||||
add_obs(b, start, v);
|
||||
start += NUM_SECS_BW_SUM_INTERVAL;
|
||||
if (start < now) {
|
||||
add_obs(b, start, v);
|
||||
start += NUM_SECS_BW_SUM_INTERVAL;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
@ -239,7 +239,7 @@ init_keys(void)
|
|||
char digest[20];
|
||||
char *cp;
|
||||
or_options_t *options = get_options();
|
||||
or_state_t *state = get_or_state();
|
||||
time_t now = time(NULL);
|
||||
|
||||
if (!key_lock)
|
||||
key_lock = tor_mutex_new();
|
||||
|
@ -249,8 +249,10 @@ init_keys(void)
|
|||
if (!server_mode(options)) {
|
||||
if (!(prkey = crypto_new_pk_env()))
|
||||
return -1;
|
||||
if (crypto_pk_generate_key(prkey))
|
||||
if (crypto_pk_generate_key(prkey)) {
|
||||
crypto_free_pk_env(prkey);
|
||||
return -1;
|
||||
}
|
||||
set_identity_key(prkey);
|
||||
/* Create a TLS context; default the client nickname to "client". */
|
||||
if (tor_tls_context_new(get_identity_key(),
|
||||
|
@ -284,15 +286,24 @@ init_keys(void)
|
|||
prkey = init_key_from_file(keydir);
|
||||
if (!prkey) return -1;
|
||||
set_onion_key(prkey);
|
||||
if (state->LastRotatedOnionKey > 100) { /* allow for some parsing slop. */
|
||||
onionkey_set_at = state->LastRotatedOnionKey;
|
||||
} else {
|
||||
/* We have no LastRotatedOnionKey set; either we just created the key
|
||||
* or it's a holdover from 0.1.2.4-alpha-dev or earlier. In either case,
|
||||
* start the clock ticking now so that we will eventually rotate it even
|
||||
* if we don't stay up for a full MIN_ONION_KEY_LIFETIME. */
|
||||
state->LastRotatedOnionKey = onionkey_set_at = time(NULL);
|
||||
or_state_mark_dirty(state, options->AvoidDiskWrites ? time(NULL)+3600 : 0);
|
||||
|
||||
if (options->command == CMD_RUN_TOR) {
|
||||
/* Only mess with the state file if we're actually running Tor */
|
||||
or_state_t *state = get_or_state();
|
||||
if (state->LastRotatedOnionKey > 100 && state->LastRotatedOnionKey < now) {
|
||||
/* We allow for some parsing slop, but we don't want to risk accepting
|
||||
* valus in the distant future. If we did, we might never rotate the
|
||||
* onion key. */
|
||||
onionkey_set_at = state->LastRotatedOnionKey;
|
||||
} else {
|
||||
/* We have no LastRotatedOnionKey set; either we just created the key
|
||||
* or it's a holdover from 0.1.2.4-alpha-dev or earlier. In either case,
|
||||
* start the clock ticking now so that we will eventually rotate it even
|
||||
* if we don't stay up for a full MIN_ONION_KEY_LIFETIME. */
|
||||
state->LastRotatedOnionKey = onionkey_set_at = now;
|
||||
or_state_mark_dirty(state,
|
||||
options->AvoidDiskWrites ? now+3600 : 0);
|
||||
}
|
||||
}
|
||||
|
||||
tor_snprintf(keydir,sizeof(keydir),"%s/keys/secret_onion_key.old",datadir);
|
||||
|
@ -529,7 +540,7 @@ router_orport_found_reachable(void)
|
|||
return;
|
||||
control_event_server_status(LOG_NOTICE,
|
||||
"REACHABILITY_SUCCEEDED ORADDRESS=%s:%d",
|
||||
me->address, me->dir_port);
|
||||
me->address, me->or_port);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -886,7 +897,7 @@ router_rebuild_descriptor(int force)
|
|||
}
|
||||
|
||||
policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
|
||||
options->ExitPolicyRejectPrivate);
|
||||
options->ExitPolicyRejectPrivate, ri->address);
|
||||
|
||||
if (desc_routerinfo) { /* inherit values */
|
||||
ri->is_valid = desc_routerinfo->is_valid;
|
||||
|
@ -949,9 +960,9 @@ router_rebuild_descriptor(int force)
|
|||
}
|
||||
ri->cache_info.signed_descriptor_len =
|
||||
strlen(ri->cache_info.signed_descriptor_body);
|
||||
crypto_digest(ri->cache_info.signed_descriptor_digest,
|
||||
ri->cache_info.signed_descriptor_body,
|
||||
ri->cache_info.signed_descriptor_len);
|
||||
|
||||
router_get_router_hash(ri->cache_info.signed_descriptor_body,
|
||||
ri->cache_info.signed_descriptor_digest);
|
||||
|
||||
if (desc_routerinfo)
|
||||
routerinfo_free(desc_routerinfo);
|
||||
|
@ -1066,7 +1077,8 @@ static uint32_t last_guessed_ip = 0;
|
|||
* If this address is different from the one we think we are now, and
|
||||
* if our computer doesn't actually know its IP address, then switch. */
|
||||
void
|
||||
router_new_address_suggestion(const char *suggestion)
|
||||
router_new_address_suggestion(const char *suggestion,
|
||||
const dir_connection_t *conn)
|
||||
{
|
||||
uint32_t addr, cur = 0;
|
||||
struct in_addr in;
|
||||
|
@ -1096,6 +1108,13 @@ router_new_address_suggestion(const char *suggestion)
|
|||
/* Don't believe anybody who says our IP is, say, 127.0.0.1. */
|
||||
return;
|
||||
}
|
||||
if (addr == conn->_base.addr) {
|
||||
/* Don't believe anybody who says our IP is their IP. */
|
||||
log_debug(LD_DIR, "A directory server told us our IP address is %s, "
|
||||
"but he's just reporting his own IP address. Ignoring.",
|
||||
suggestion);
|
||||
return;
|
||||
}
|
||||
|
||||
/* Okay. We can't resolve our own address, and X-Your-Address-Is is giving
|
||||
* us an answer different from what we had the last time we managed to
|
||||
|
|
|
@ -15,6 +15,10 @@ const char routerlist_c_id[] =
|
|||
|
||||
#include "or.h"
|
||||
|
||||
// #define DEBUG_ROUTERLIST
|
||||
|
||||
// #define DUMP_DIR_WEIGHTS
|
||||
|
||||
/****************************************************************************/
|
||||
|
||||
/* static function prototypes */
|
||||
|
@ -99,6 +103,10 @@ static int have_warned_about_old_version = 0;
|
|||
* listed by the authorities */
|
||||
static int have_warned_about_new_version = 0;
|
||||
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
static int log_dir_weights = 0;
|
||||
#endif
|
||||
|
||||
/** Return the number of v2 directory authorities */
|
||||
static INLINE int
|
||||
get_n_v2_authorities(void)
|
||||
|
@ -241,7 +249,6 @@ _compare_routers_by_age(const void **_a, const void **_b)
|
|||
static int
|
||||
router_rebuild_store(int force)
|
||||
{
|
||||
size_t len = 0;
|
||||
or_options_t *options;
|
||||
size_t fname_len;
|
||||
smartlist_t *chunk_list = NULL;
|
||||
|
@ -337,13 +344,15 @@ router_rebuild_store(int force)
|
|||
write_str_to_file(fname, "", 1);
|
||||
|
||||
r = 0;
|
||||
router_store_len = len;
|
||||
tor_assert(offset >= 0);
|
||||
router_store_len = (size_t) offset;
|
||||
router_journal_len = 0;
|
||||
router_bytes_dropped = 0;
|
||||
done:
|
||||
smartlist_free(old_routers);
|
||||
smartlist_free(routers);
|
||||
tor_free(fname);
|
||||
tor_free(fname_tmp);
|
||||
SMARTLIST_FOREACH(chunk_list, sized_chunk_t *, c, tor_free(c));
|
||||
smartlist_free(chunk_list);
|
||||
return r;
|
||||
|
@ -373,6 +382,7 @@ router_reload_router_list(void)
|
|||
if (routerlist->mmap_descriptors) {
|
||||
router_store_len = routerlist->mmap_descriptors->size;
|
||||
router_load_routers_from_string(routerlist->mmap_descriptors->data,
|
||||
routerlist->mmap_descriptors->size,
|
||||
SAVED_IN_CACHE, NULL);
|
||||
}
|
||||
|
||||
|
@ -381,7 +391,7 @@ router_reload_router_list(void)
|
|||
if (file_status(fname) == FN_FILE)
|
||||
contents = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, NULL);
|
||||
if (contents) {
|
||||
router_load_routers_from_string(contents,
|
||||
router_load_routers_from_string(contents, strlen(contents),
|
||||
SAVED_IN_JOURNAL, NULL);
|
||||
tor_free(contents);
|
||||
}
|
||||
|
@ -573,20 +583,56 @@ router_pick_directory_server_impl(int requireother, int fascistfirewall,
|
|||
});
|
||||
|
||||
if (smartlist_len(tunnel)) {
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
if (log_dir_weights)
|
||||
log_notice(LD_DIR, "Picking from tunnel-supporting dirs");
|
||||
#endif
|
||||
result = routerstatus_sl_choose_by_bandwidth(tunnel);
|
||||
} else if (smartlist_len(overloaded_tunnel)) {
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
if (log_dir_weights)
|
||||
log_notice(LD_DIR, "Picking from overloaded tunnel-supporting dirs");
|
||||
#endif
|
||||
result = routerstatus_sl_choose_by_bandwidth(overloaded_tunnel);
|
||||
} else if (smartlist_len(trusted_tunnel)) {
|
||||
/* FFFF We don't distinguish between trusteds and overloaded trusteds
|
||||
* yet. Maybe one day we should. */
|
||||
/* FFFF We also don't load balance over authorities yet. I think this
|
||||
* is a feature, but it could easily be a bug. -RD */
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
if (log_dir_weights) {
|
||||
int n = smartlist_len(trusted_tunnel);
|
||||
double d = n ? 100.0/n : 0.0;
|
||||
log_notice(LD_DIR, "Picking from trusted tunnel-supporting dirs.");
|
||||
SMARTLIST_FOREACH(trusted_tunnel, routerstatus_t *, rs,
|
||||
log_notice(LD_DIR, " [%05.2lf] %s %s", d,
|
||||
hex_str(rs->identity_digest, DIGEST_LEN), rs->nickname));
|
||||
}
|
||||
#endif
|
||||
result = smartlist_choose(trusted_tunnel);
|
||||
} else if (smartlist_len(direct)) {
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
if (log_dir_weights)
|
||||
log_notice(LD_DIR, "Picking from direct dir connections");
|
||||
#endif
|
||||
result = routerstatus_sl_choose_by_bandwidth(direct);
|
||||
} else if (smartlist_len(overloaded_direct)) {
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
if (log_dir_weights)
|
||||
log_notice(LD_DIR, "Picking from overloaded direct dir connections");
|
||||
#endif
|
||||
result = routerstatus_sl_choose_by_bandwidth(overloaded_direct);
|
||||
} else {
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
if (log_dir_weights) {
|
||||
int n = smartlist_len(trusted_tunnel);
|
||||
double d = n ? 100.0/n : 0.0;
|
||||
log_notice(LD_DIR, "Picking from trusted direct dir connections");
|
||||
SMARTLIST_FOREACH(trusted_tunnel, routerstatus_t *, rs,
|
||||
log_notice(LD_DIR, " [%05.2lf] %s %s", d,
|
||||
hex_str(rs->identity_digest, DIGEST_LEN), rs->nickname));
|
||||
}
|
||||
#endif
|
||||
result = smartlist_choose(trusted_direct);
|
||||
}
|
||||
smartlist_free(direct);
|
||||
|
@ -615,14 +661,14 @@ router_pick_trusteddirserver_impl(authority_type_t type,
|
|||
routerstatus_t *result;
|
||||
time_t now = time(NULL);
|
||||
|
||||
if (!trusted_dir_servers)
|
||||
return NULL;
|
||||
|
||||
direct = smartlist_create();
|
||||
tunnel = smartlist_create();
|
||||
overloaded_direct = smartlist_create();
|
||||
overloaded_tunnel = smartlist_create();
|
||||
|
||||
if (!trusted_dir_servers)
|
||||
return NULL;
|
||||
|
||||
SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, d,
|
||||
{
|
||||
int is_overloaded =
|
||||
|
@ -761,6 +807,47 @@ routerlist_add_family(smartlist_t *sl, routerinfo_t *router)
|
|||
}
|
||||
}
|
||||
|
||||
/** Return true iff r is named by some nickname in <b>lst</b>. */
|
||||
static INLINE int
|
||||
router_in_nickname_smartlist(smartlist_t *lst, routerinfo_t *r)
|
||||
{
|
||||
if (!lst) return 0;
|
||||
SMARTLIST_FOREACH(lst, const char *, name,
|
||||
if (router_nickname_matches(r, name))
|
||||
return 1;);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** Return true iff router1 and router2 have the same /16 network. */
|
||||
static INLINE int
|
||||
routers_in_same_network_family(routerinfo_t *r1, routerinfo_t *r2)
|
||||
{
|
||||
return (r1->addr & 0xffff0000) == (r2->addr & 0xffff0000);
|
||||
}
|
||||
|
||||
/** Return true iff r1 and r2 are in the same family, but not the same
|
||||
* router. */
|
||||
int
|
||||
routers_in_same_family(routerinfo_t *r1, routerinfo_t *r2)
|
||||
{
|
||||
or_options_t *options = get_options();
|
||||
config_line_t *cl;
|
||||
|
||||
if (options->EnforceDistinctSubnets && routers_in_same_network_family(r1,r2))
|
||||
return 1;
|
||||
|
||||
if (router_in_nickname_smartlist(r1->declared_family, r2) &&
|
||||
router_in_nickname_smartlist(r2->declared_family, r1))
|
||||
return 1;
|
||||
|
||||
for (cl = options->NodeFamilies; cl; cl = cl->next) {
|
||||
if (router_nickname_is_in_list(r1, cl->value) &&
|
||||
router_nickname_is_in_list(r2, cl->value))
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** Given a (possibly NULL) comma-and-whitespace separated list of nicknames,
|
||||
* see which nicknames in <b>list</b> name routers in our routerlist, and add
|
||||
* the routerinfos for those routers to <b>sl</b>. If <b>must_be_running</b>,
|
||||
|
@ -931,7 +1018,7 @@ router_get_advertised_bandwidth(routerinfo_t *router)
|
|||
|
||||
/** Do not weight any declared bandwidth more than this much when picking
|
||||
* routers by bandwidth. */
|
||||
#define MAX_BELIEVABLE_BANDWIDTH 1500000 /* 1.5 MB/sec */
|
||||
#define MAX_BELIEVABLE_BANDWIDTH 10000000 /* 10 MB/sec */
|
||||
|
||||
/** Helper function:
|
||||
* choose a random element of smartlist <b>sl</b>, weighted by
|
||||
|
@ -941,27 +1028,35 @@ router_get_advertised_bandwidth(routerinfo_t *router)
|
|||
* routerinfo_t's. Otherwise it's a list of routerstatus_t's.
|
||||
*
|
||||
* If <b>for_exit</b>, we're picking an exit node: consider all nodes'
|
||||
* bandwidth equally regardless of their Exit status. If not <b>for_exit</b>,
|
||||
* bandwidth equally regardless of their Exit status, since there may be
|
||||
* some in the list because they exit to obscure ports. If not <b>for_exit</b>,
|
||||
* we're picking a non-exit node: weight exit-node's bandwidth downwards
|
||||
* depending on the smallness of the fraction of Exit-to-total bandwidth.
|
||||
*
|
||||
* If <b>for_guard</b>, we're picking a guard node: consider all guard's
|
||||
* bandwidth equally. Otherwise, weight guards proportionally less.
|
||||
*/
|
||||
static void *
|
||||
smartlist_choose_by_bandwidth(smartlist_t *sl, int for_exit, int statuses)
|
||||
smartlist_choose_by_bandwidth(smartlist_t *sl, int for_exit, int for_guard,
|
||||
int statuses)
|
||||
{
|
||||
int i;
|
||||
routerinfo_t *router;
|
||||
routerstatus_t *status;
|
||||
routerstatus_t *status=NULL;
|
||||
int32_t *bandwidths;
|
||||
int is_exit;
|
||||
int is_guard;
|
||||
uint64_t total_nonexit_bw = 0, total_exit_bw = 0, total_bw = 0;
|
||||
uint64_t total_nonguard_bw = 0, total_guard_bw = 0;
|
||||
uint64_t rand_bw, tmp;
|
||||
double exit_weight;
|
||||
double guard_weight;
|
||||
int n_unknown = 0;
|
||||
|
||||
/* First count the total bandwidth weight, and make a list
|
||||
* of each value. <0 means "unknown; no routerinfo." We use the
|
||||
* bits of negative values to remember whether the router was fast (-x)&1
|
||||
* and whether it was an exit (-x)&2. Yes, it's a hack. */
|
||||
* and whether it was an exit (-x)&2 or guard (-x)&4. Yes, it's a hack. */
|
||||
bandwidths = tor_malloc(sizeof(int32_t)*smartlist_len(sl));
|
||||
|
||||
/* Iterate over all the routerinfo_t or routerstatus_t, and */
|
||||
|
@ -975,16 +1070,19 @@ smartlist_choose_by_bandwidth(smartlist_t *sl, int for_exit, int statuses)
|
|||
status = smartlist_get(sl, i);
|
||||
router = router_get_by_digest(status->identity_digest);
|
||||
is_exit = status->is_exit;
|
||||
is_guard = status->is_possible_guard;
|
||||
if (router) {
|
||||
this_bw = router_get_advertised_bandwidth(router);
|
||||
} else { /* guess */
|
||||
is_known = 0;
|
||||
flags = status->is_fast ? 1 : 0;
|
||||
flags |= is_exit ? 2 : 0;
|
||||
flags |= is_guard ? 4 : 0;
|
||||
}
|
||||
} else {
|
||||
router = smartlist_get(sl, i);
|
||||
is_exit = router->is_exit;
|
||||
is_guard = router->is_possible_guard;
|
||||
this_bw = router_get_advertised_bandwidth(router);
|
||||
}
|
||||
/* if they claim something huge, don't believe it */
|
||||
|
@ -992,6 +1090,10 @@ smartlist_choose_by_bandwidth(smartlist_t *sl, int for_exit, int statuses)
|
|||
this_bw = MAX_BELIEVABLE_BANDWIDTH;
|
||||
if (is_known) {
|
||||
bandwidths[i] = (int32_t) this_bw; // safe since MAX_BELIEVABLE<INT32_MAX
|
||||
if (is_guard)
|
||||
total_guard_bw += this_bw;
|
||||
else
|
||||
total_nonguard_bw += this_bw;
|
||||
if (is_exit)
|
||||
total_exit_bw += this_bw;
|
||||
else
|
||||
|
@ -1020,11 +1122,16 @@ smartlist_choose_by_bandwidth(smartlist_t *sl, int for_exit, int statuses)
|
|||
if (bw>=0)
|
||||
continue;
|
||||
is_exit = ((-bw)&2);
|
||||
is_guard = ((-bw)&4);
|
||||
bandwidths[i] = ((-bw)&1) ? avg_fast : avg_slow;
|
||||
if (is_exit)
|
||||
total_exit_bw += bandwidths[i];
|
||||
else
|
||||
total_nonexit_bw += bandwidths[i];
|
||||
if (is_guard)
|
||||
total_guard_bw += bandwidths[i];
|
||||
else
|
||||
total_nonguard_bw += bandwidths[i];
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1034,25 +1141,53 @@ smartlist_choose_by_bandwidth(smartlist_t *sl, int for_exit, int statuses)
|
|||
return smartlist_choose(sl);
|
||||
}
|
||||
|
||||
/* Figure out how to weight exits. */
|
||||
if (for_exit) {
|
||||
/* If we're choosing an exit node, exit bandwidth counts fully. */
|
||||
exit_weight = 1.0;
|
||||
total_bw = total_exit_bw + total_nonexit_bw;
|
||||
} else if (total_exit_bw < total_nonexit_bw / 2) {
|
||||
/* If we're choosing a relay and exits are greatly outnumbered, ignore
|
||||
* them. */
|
||||
exit_weight = 0.0;
|
||||
total_bw = total_nonexit_bw;
|
||||
} else {
|
||||
/* If we're choosing a relay and exits aren't outnumbered use the formula
|
||||
* from path-spec. */
|
||||
uint64_t leftover = (total_exit_bw - total_nonexit_bw / 2);
|
||||
exit_weight = U64_TO_DBL(leftover) /
|
||||
U64_TO_DBL(leftover + total_nonexit_bw);
|
||||
total_bw = total_nonexit_bw +
|
||||
DBL_TO_U64(exit_weight * U64_TO_DBL(total_exit_bw));
|
||||
/* Figure out how to weight exits and guards. */
|
||||
{
|
||||
double all_bw = U64_TO_DBL(total_exit_bw+total_nonexit_bw);
|
||||
double exit_bw = U64_TO_DBL(total_exit_bw);
|
||||
double guard_bw = U64_TO_DBL(total_guard_bw);
|
||||
/*
|
||||
* For detailed derivation of this formula, see
|
||||
* http://archives.seul.org/or/dev/Jul-2007/msg00056.html
|
||||
*/
|
||||
if (for_exit)
|
||||
exit_weight = 1.0;
|
||||
else
|
||||
exit_weight = 1.0 - all_bw/(3.0*exit_bw);
|
||||
|
||||
if (for_guard)
|
||||
guard_weight = 1.0;
|
||||
else
|
||||
guard_weight = 1.0 - all_bw/(3.0*guard_bw);
|
||||
|
||||
if (exit_weight <= 0.0)
|
||||
exit_weight = 0.0;
|
||||
|
||||
if (guard_weight <= 0.0)
|
||||
guard_weight = 0.0;
|
||||
|
||||
total_bw = 0;
|
||||
for (i=0; i < smartlist_len(sl); i++) {
|
||||
if (statuses) {
|
||||
status = smartlist_get(sl, i);
|
||||
is_exit = status->is_exit;
|
||||
is_guard = status->is_possible_guard;
|
||||
} else {
|
||||
router = smartlist_get(sl, i);
|
||||
is_exit = router->is_exit;
|
||||
is_guard = router->is_possible_guard;
|
||||
}
|
||||
if (is_exit && is_guard)
|
||||
total_bw += ((uint64_t)(bandwidths[i] * exit_weight * guard_weight));
|
||||
else if (is_guard)
|
||||
total_bw += ((uint64_t)(bandwidths[i] * guard_weight));
|
||||
else if (is_exit)
|
||||
total_bw += ((uint64_t)(bandwidths[i] * exit_weight));
|
||||
else
|
||||
total_bw += bandwidths[i];
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
log_debug(LD_CIRC, "Total bw = "U64_FORMAT", total exit bw = "U64_FORMAT
|
||||
", total nonexit bw = "U64_FORMAT", exit weight = %lf "
|
||||
|
@ -1067,20 +1202,51 @@ smartlist_choose_by_bandwidth(smartlist_t *sl, int for_exit, int statuses)
|
|||
/* Last, count through sl until we get to the element we picked */
|
||||
tmp = 0;
|
||||
for (i=0; i < smartlist_len(sl); i++) {
|
||||
uint64_t this_bw;
|
||||
if (statuses) {
|
||||
status = smartlist_get(sl, i);
|
||||
is_exit = status->is_exit;
|
||||
is_guard = status->is_possible_guard;
|
||||
} else {
|
||||
router = smartlist_get(sl, i);
|
||||
is_exit = router->is_exit;
|
||||
is_guard = router->is_possible_guard;
|
||||
}
|
||||
if (is_exit)
|
||||
tmp += ((uint64_t)(bandwidths[i] * exit_weight));
|
||||
|
||||
/* Weights can be 0 if not counting guards/exits */
|
||||
if (is_exit && is_guard)
|
||||
this_bw = ((uint64_t)(bandwidths[i] * exit_weight * guard_weight));
|
||||
else if (is_guard)
|
||||
this_bw = ((uint64_t)(bandwidths[i] * guard_weight));
|
||||
else if (is_exit)
|
||||
this_bw = ((uint64_t)(bandwidths[i] * exit_weight));
|
||||
else
|
||||
tmp += bandwidths[i];
|
||||
this_bw = bandwidths[i];
|
||||
tmp += this_bw;
|
||||
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
if (log_dir_weights && statuses) {
|
||||
routerstatus_t *rs = smartlist_get(sl, i);
|
||||
double pct = 100.0 * (U64_TO_DBL(this_bw)/U64_TO_DBL(total_bw));
|
||||
log_notice(LD_DIR, " [%05.2lf] %s %s", pct,
|
||||
hex_str(rs->identity_digest, DIGEST_LEN), rs->nickname);
|
||||
} else
|
||||
#endif
|
||||
|
||||
if (tmp >= rand_bw)
|
||||
break;
|
||||
}
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
if (log_dir_weights)
|
||||
return NULL;
|
||||
#endif
|
||||
|
||||
if (i == smartlist_len(sl)) {
|
||||
/* This is possible due to round-off error. */
|
||||
--i;
|
||||
log_warn(LD_BUG, "Round-off error in computing bandwidth had an effect on "
|
||||
" which router we chose. Please tell the developers.");
|
||||
}
|
||||
tor_free(bandwidths);
|
||||
return smartlist_get(sl, i);
|
||||
}
|
||||
|
@ -1089,18 +1255,19 @@ smartlist_choose_by_bandwidth(smartlist_t *sl, int for_exit, int statuses)
|
|||
* the advertised bandwidth of each router.
|
||||
*/
|
||||
routerinfo_t *
|
||||
routerlist_sl_choose_by_bandwidth(smartlist_t *sl, int for_exit)
|
||||
routerlist_sl_choose_by_bandwidth(smartlist_t *sl, int for_exit, int for_guard)
|
||||
{
|
||||
return smartlist_choose_by_bandwidth(sl, for_exit, 0);
|
||||
return smartlist_choose_by_bandwidth(sl, for_exit, for_guard, 0);
|
||||
}
|
||||
|
||||
/** Choose a random element of status list <b>sl</b>, weighted by
|
||||
* the advertised bandwidth of each status.
|
||||
* the advertised bandwidth of each status. Avoid putting load on
|
||||
* exits and guards.
|
||||
*/
|
||||
routerstatus_t *
|
||||
routerstatus_sl_choose_by_bandwidth(smartlist_t *sl)
|
||||
{
|
||||
return smartlist_choose_by_bandwidth(sl, 1, 1);
|
||||
return smartlist_choose_by_bandwidth(sl, 0, 0, 1);
|
||||
}
|
||||
|
||||
/** Return a random running router from the routerlist. If any node
|
||||
|
@ -1156,8 +1323,9 @@ router_choose_random_node(const char *preferred,
|
|||
if (excludedsmartlist)
|
||||
smartlist_subtract(sl,excludedsmartlist);
|
||||
|
||||
if (need_capacity)
|
||||
choice = routerlist_sl_choose_by_bandwidth(sl, weight_for_exit);
|
||||
if (need_capacity || need_guard)
|
||||
choice = routerlist_sl_choose_by_bandwidth(sl, weight_for_exit,
|
||||
need_guard);
|
||||
else
|
||||
choice = smartlist_choose(sl);
|
||||
|
||||
|
@ -1384,7 +1552,7 @@ router_get_by_hexdigest(const char *hexdigest)
|
|||
|
||||
ri = router_get_by_digest(digest);
|
||||
|
||||
if (len > HEX_DIGEST_LEN) {
|
||||
if (ri && len > HEX_DIGEST_LEN) {
|
||||
if (hexdigest[HEX_DIGEST_LEN] == '=') {
|
||||
if (strcasecmp(ri->nickname, hexdigest+HEX_DIGEST_LEN+1) ||
|
||||
!ri->is_named)
|
||||
|
@ -1592,13 +1760,21 @@ _routerlist_find_elt(smartlist_t *sl, void *ri, int idx)
|
|||
static void
|
||||
routerlist_insert(routerlist_t *rl, routerinfo_t *ri)
|
||||
{
|
||||
{
|
||||
/* XXXX remove this code once bug 404 is fixed. */
|
||||
routerinfo_t *ri_generated = router_get_my_routerinfo();
|
||||
tor_assert(ri_generated != ri);
|
||||
}
|
||||
|
||||
digestmap_set(rl->identity_map, ri->cache_info.identity_digest, ri);
|
||||
digestmap_set(rl->desc_digest_map, ri->cache_info.signed_descriptor_digest,
|
||||
&(ri->cache_info));
|
||||
smartlist_add(rl->routers, ri);
|
||||
ri->routerlist_index = smartlist_len(rl->routers) - 1;
|
||||
router_dir_info_changed();
|
||||
// routerlist_assert_ok(rl);
|
||||
#ifdef DEBUG_ROUTERLIST
|
||||
routerlist_assert_ok(rl);
|
||||
#endif
|
||||
}
|
||||
|
||||
/** If we're a directory cache and routerlist <b>rl</b> doesn't have
|
||||
|
@ -1607,6 +1783,11 @@ routerlist_insert(routerlist_t *rl, routerinfo_t *ri)
|
|||
static void
|
||||
routerlist_insert_old(routerlist_t *rl, routerinfo_t *ri)
|
||||
{
|
||||
{
|
||||
/* XXXX remove this code once bug 404 is fixed. */
|
||||
routerinfo_t *ri_generated = router_get_my_routerinfo();
|
||||
tor_assert(ri_generated != ri);
|
||||
}
|
||||
if (get_options()->DirPort &&
|
||||
!digestmap_get(rl->desc_digest_map,
|
||||
ri->cache_info.signed_descriptor_digest)) {
|
||||
|
@ -1616,7 +1797,9 @@ routerlist_insert_old(routerlist_t *rl, routerinfo_t *ri)
|
|||
} else {
|
||||
routerinfo_free(ri);
|
||||
}
|
||||
// routerlist_assert_ok(rl);
|
||||
#ifdef DEBUG_ROUTERLIST
|
||||
routerlist_assert_ok(rl);
|
||||
#endif
|
||||
}
|
||||
|
||||
/** Remove an item <b>ri</b> from the routerlist <b>rl</b>, updating indices
|
||||
|
@ -1647,15 +1830,18 @@ routerlist_remove(routerlist_t *rl, routerinfo_t *ri, int idx, int make_old)
|
|||
smartlist_add(rl->old_routers, sd);
|
||||
digestmap_set(rl->desc_digest_map, sd->signed_descriptor_digest, sd);
|
||||
} else {
|
||||
ri_tmp = digestmap_remove(rl->desc_digest_map,
|
||||
signed_descriptor_t *sd_tmp = digestmap_remove(rl->desc_digest_map,
|
||||
ri->cache_info.signed_descriptor_digest);
|
||||
tor_assert(ri_tmp == ri);
|
||||
tor_assert(sd_tmp == &ri->cache_info);
|
||||
router_bytes_dropped += ri->cache_info.signed_descriptor_len;
|
||||
routerinfo_free(ri);
|
||||
}
|
||||
// routerlist_assert_ok(rl);
|
||||
#ifdef DEBUG_ROUTERLIST
|
||||
routerlist_assert_ok(rl);
|
||||
#endif
|
||||
}
|
||||
|
||||
/** DOCDOC */
|
||||
static void
|
||||
routerlist_remove_old(routerlist_t *rl, signed_descriptor_t *sd, int idx)
|
||||
{
|
||||
|
@ -1669,7 +1855,9 @@ routerlist_remove_old(routerlist_t *rl, signed_descriptor_t *sd, int idx)
|
|||
tor_assert(sd_tmp == sd);
|
||||
router_bytes_dropped += sd->signed_descriptor_len;
|
||||
signed_descriptor_free(sd);
|
||||
// routerlist_assert_ok(rl);
|
||||
#ifdef DEBUG_ROUTERLIST
|
||||
routerlist_assert_ok(rl);
|
||||
#endif
|
||||
}
|
||||
|
||||
/** Remove <b>ri_old</b> from the routerlist <b>rl</b>, and replace it with
|
||||
|
@ -1679,10 +1867,19 @@ routerlist_remove_old(routerlist_t *rl, signed_descriptor_t *sd, int idx)
|
|||
* index as ri_old, if possible. ri is freed as appropriate. */
|
||||
static void
|
||||
routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old,
|
||||
routerinfo_t *ri_new, int idx, int make_old)
|
||||
routerinfo_t *ri_new)
|
||||
{
|
||||
int idx;
|
||||
{
|
||||
/* XXXX remove this code once bug 404 is fixed. */
|
||||
routerinfo_t *ri_generated = router_get_my_routerinfo();
|
||||
tor_assert(ri_generated != ri_new);
|
||||
}
|
||||
tor_assert(ri_old != ri_new);
|
||||
idx = _routerlist_find_elt(rl->routers, ri_old, idx);
|
||||
idx = ri_old->routerlist_index;
|
||||
tor_assert(0 <= idx && idx < smartlist_len(rl->routers));
|
||||
tor_assert(smartlist_get(rl->routers, idx) == ri_old);
|
||||
|
||||
router_dir_info_changed();
|
||||
if (idx >= 0) {
|
||||
smartlist_set(rl->routers, idx, ri_new);
|
||||
|
@ -1702,7 +1899,7 @@ routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old,
|
|||
digestmap_set(rl->desc_digest_map,
|
||||
ri_new->cache_info.signed_descriptor_digest, &(ri_new->cache_info));
|
||||
|
||||
if (make_old && get_options()->DirPort) {
|
||||
if (get_options()->DirPort) {
|
||||
signed_descriptor_t *sd = signed_descriptor_from_routerinfo(ri_old);
|
||||
smartlist_add(rl->old_routers, sd);
|
||||
digestmap_set(rl->desc_digest_map, sd->signed_descriptor_digest, sd);
|
||||
|
@ -1714,9 +1911,12 @@ routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old,
|
|||
digestmap_remove(rl->desc_digest_map,
|
||||
ri_old->cache_info.signed_descriptor_digest);
|
||||
}
|
||||
router_bytes_dropped += ri_old->cache_info.signed_descriptor_len;
|
||||
routerinfo_free(ri_old);
|
||||
}
|
||||
// routerlist_assert_ok(rl);
|
||||
#ifdef DEBUG_ROUTERLIST
|
||||
routerlist_assert_ok(rl);
|
||||
#endif
|
||||
}
|
||||
|
||||
/** Free all memory held by the routerlist module. */
|
||||
|
@ -1879,6 +2079,11 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
|
|||
int authdir = get_options()->AuthoritativeDir;
|
||||
int authdir_believes_valid = 0;
|
||||
routerinfo_t *old_router;
|
||||
/* router_have_minimum_dir_info() has side effects, so do it before we
|
||||
* start the real work */
|
||||
int authdir_may_warn_about_unreachable_server =
|
||||
authdir && !from_cache && !from_fetch &&
|
||||
router_have_minimum_dir_info();
|
||||
|
||||
tor_assert(msg);
|
||||
|
||||
|
@ -1946,9 +2151,6 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
|
|||
old_router = digestmap_get(routerlist->identity_map,
|
||||
router->cache_info.identity_digest);
|
||||
if (old_router) {
|
||||
int pos = old_router->routerlist_index;
|
||||
tor_assert(smartlist_get(routerlist->routers, pos) == old_router);
|
||||
|
||||
if (router->cache_info.published_on <=
|
||||
old_router->cache_info.published_on) {
|
||||
/* Same key, but old */
|
||||
|
@ -1974,10 +2176,8 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
|
|||
router->num_unreachable_notifications =
|
||||
old_router->num_unreachable_notifications;
|
||||
}
|
||||
if (authdir && !from_cache && !from_fetch &&
|
||||
router_have_minimum_dir_info() &&
|
||||
dirserv_thinks_router_is_blatantly_unreachable(router,
|
||||
time(NULL))) {
|
||||
if (authdir_may_warn_about_unreachable_server &&
|
||||
dirserv_thinks_router_is_blatantly_unreachable(router, time(NULL))) {
|
||||
if (router->num_unreachable_notifications >= 3) {
|
||||
unreachable = 1;
|
||||
log_notice(LD_DIR, "Notifying server '%s' that it's unreachable. "
|
||||
|
@ -1992,7 +2192,7 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
|
|||
router->num_unreachable_notifications++;
|
||||
}
|
||||
}
|
||||
routerlist_replace(routerlist, old_router, router, pos, 1);
|
||||
routerlist_replace(routerlist, old_router, router);
|
||||
if (!from_cache) {
|
||||
router_append_to_journal(&router->cache_info);
|
||||
}
|
||||
|
@ -2146,6 +2346,8 @@ routerlist_remove_old_routers(void)
|
|||
if (!routerlist || !networkstatus_list)
|
||||
return;
|
||||
|
||||
routerlist_assert_ok(routerlist);
|
||||
|
||||
retain = digestmap_new();
|
||||
cutoff = now - OLD_ROUTER_DESC_MAX_AGE;
|
||||
/* Build a list of all the descriptors that _anybody_ recommends. */
|
||||
|
@ -2185,6 +2387,8 @@ routerlist_remove_old_routers(void)
|
|||
}
|
||||
}
|
||||
|
||||
routerlist_assert_ok(routerlist);
|
||||
|
||||
/* Remove far-too-old members of routerlist->old_routers. */
|
||||
cutoff = now - OLD_ROUTER_DESC_MAX_AGE;
|
||||
for (i = 0; i < smartlist_len(routerlist->old_routers); ++i) {
|
||||
|
@ -2196,6 +2400,8 @@ routerlist_remove_old_routers(void)
|
|||
}
|
||||
}
|
||||
|
||||
routerlist_assert_ok(routerlist);
|
||||
|
||||
/* Now we might have to look at routerlist->old_routers for extraneous
|
||||
* members. (We'd keep all the members if we could, but we need to save
|
||||
* space.) First, check whether we have too many router descriptors, total.
|
||||
|
@ -2294,7 +2500,8 @@ router_load_single_router(const char *s, uint8_t purpose, const char **msg)
|
|||
* fingerprint from the list.
|
||||
*/
|
||||
void
|
||||
router_load_routers_from_string(const char *s, saved_location_t saved_location,
|
||||
router_load_routers_from_string(const char *s, size_t len,
|
||||
saved_location_t saved_location,
|
||||
smartlist_t *requested_fingerprints)
|
||||
{
|
||||
smartlist_t *routers = smartlist_create(), *changed = smartlist_create();
|
||||
|
@ -2302,7 +2509,7 @@ router_load_routers_from_string(const char *s, saved_location_t saved_location,
|
|||
const char *msg;
|
||||
int from_cache = (saved_location != SAVED_NOWHERE);
|
||||
|
||||
router_parse_list_from_string(&s, routers, saved_location);
|
||||
router_parse_list_from_string(&s, s+len, routers, saved_location);
|
||||
|
||||
routers_update_status_from_networkstatus(routers, !from_cache);
|
||||
|
||||
|
@ -2328,13 +2535,13 @@ router_load_routers_from_string(const char *s, saved_location_t saved_location,
|
|||
}
|
||||
}
|
||||
|
||||
if (router_add_to_routerlist(ri, &msg, from_cache, !from_cache) >= 0)
|
||||
if (router_add_to_routerlist(ri, &msg, from_cache, !from_cache) >= 0) {
|
||||
smartlist_add(changed, ri);
|
||||
control_event_descriptors_changed(changed);
|
||||
smartlist_clear(changed);
|
||||
}
|
||||
});
|
||||
|
||||
if (smartlist_len(changed))
|
||||
control_event_descriptors_changed(changed);
|
||||
|
||||
routerlist_assert_ok(routerlist);
|
||||
router_rebuild_store(0);
|
||||
|
||||
|
@ -2483,9 +2690,9 @@ router_set_networkstatus(const char *s, time_t arrived_at,
|
|||
if (smartlist_string_isin(requested_fingerprints, fp)) {
|
||||
smartlist_string_remove(requested_fingerprints, fp);
|
||||
} else {
|
||||
char *requested =
|
||||
smartlist_join_strings(requested_fingerprints," ",0,NULL);
|
||||
if (source != NS_FROM_DIR_ALL) {
|
||||
char *requested =
|
||||
smartlist_join_strings(requested_fingerprints," ",0,NULL);
|
||||
log_warn(LD_DIR,
|
||||
"We received a network status with a fingerprint (%s) that we "
|
||||
"never requested. (We asked for: %s.) Dropping.",
|
||||
|
@ -2510,9 +2717,6 @@ router_set_networkstatus(const char *s, time_t arrived_at,
|
|||
return 0;
|
||||
}
|
||||
|
||||
if (source != NS_FROM_CACHE && trusted_dir)
|
||||
trusted_dir->n_networkstatus_failures = 0;
|
||||
|
||||
found = 0;
|
||||
for (i=0; i < smartlist_len(networkstatus_list); ++i) {
|
||||
networkstatus_t *old_ns = smartlist_get(networkstatus_list, i);
|
||||
|
@ -2522,6 +2726,7 @@ router_set_networkstatus(const char *s, time_t arrived_at,
|
|||
ns->networkstatus_digest, DIGEST_LEN)) {
|
||||
/* Same one we had before. */
|
||||
networkstatus_free(ns);
|
||||
tor_assert(trusted_dir);
|
||||
log_info(LD_DIR,
|
||||
"Not replacing network-status from %s (published %s); "
|
||||
"we already have it.",
|
||||
|
@ -2536,16 +2741,19 @@ router_set_networkstatus(const char *s, time_t arrived_at,
|
|||
}
|
||||
old_ns->received_on = arrived_at;
|
||||
}
|
||||
++trusted_dir->n_networkstatus_failures;
|
||||
return 0;
|
||||
} else if (old_ns->published_on >= ns->published_on) {
|
||||
char old_published[ISO_TIME_LEN+1];
|
||||
format_iso_time(old_published, old_ns->published_on);
|
||||
tor_assert(trusted_dir);
|
||||
log_info(LD_DIR,
|
||||
"Not replacing network-status from %s (published %s);"
|
||||
" we have a newer one (published %s) for this authority.",
|
||||
trusted_dir->description, published,
|
||||
old_published);
|
||||
networkstatus_free(ns);
|
||||
++trusted_dir->n_networkstatus_failures;
|
||||
return 0;
|
||||
} else {
|
||||
networkstatus_free(old_ns);
|
||||
|
@ -2556,6 +2764,9 @@ router_set_networkstatus(const char *s, time_t arrived_at,
|
|||
}
|
||||
}
|
||||
|
||||
if (source != NS_FROM_CACHE && trusted_dir)
|
||||
trusted_dir->n_networkstatus_failures = 0;
|
||||
|
||||
if (!found)
|
||||
smartlist_add(networkstatus_list, ns);
|
||||
|
||||
|
@ -2651,6 +2862,31 @@ router_get_combined_status_by_digest(const char *digest)
|
|||
_compare_digest_to_routerstatus_entry);
|
||||
}
|
||||
|
||||
/** Return a newly allocated list of the local_routerstatus_t for all routers
|
||||
* where we believe that the digest of their current descriptor is some digest
|
||||
* listed in <b>digests</b>. */
|
||||
smartlist_t *
|
||||
router_get_combined_status_by_descriptor_digests(smartlist_t *digests)
|
||||
{
|
||||
digestmap_t *map;
|
||||
smartlist_t *result;
|
||||
|
||||
if (!routerstatus_list)
|
||||
return NULL;
|
||||
|
||||
map = digestmap_new();
|
||||
result = smartlist_create();
|
||||
SMARTLIST_FOREACH(digests, const char *, d, digestmap_set(map, d, (void*)1));
|
||||
|
||||
SMARTLIST_FOREACH(routerstatus_list, local_routerstatus_t *, lrs, {
|
||||
if (digestmap_get(map, lrs->status.descriptor_digest))
|
||||
smartlist_add(result, lrs);
|
||||
});
|
||||
|
||||
digestmap_free(map, NULL);
|
||||
return result;
|
||||
}
|
||||
|
||||
/** Given a nickname (possibly verbose, possibly a hexadecimal digest), return
|
||||
* the corresponding local_routerstatus_t, or NULL if none exists. Warn the
|
||||
* user if <b>warn_if_unnamed</b> is set, and they have specified a router by
|
||||
|
@ -2667,11 +2903,11 @@ router_get_combined_status_by_nickname(const char *nickname,
|
|||
return NULL;
|
||||
|
||||
if (nickname[0] == '$') {
|
||||
if (base16_decode(digest, DIGEST_LEN, nickname+1, strlen(nickname))<0)
|
||||
if (base16_decode(digest, DIGEST_LEN, nickname+1, strlen(nickname+1))<0)
|
||||
return NULL;
|
||||
return router_get_combined_status_by_digest(digest);
|
||||
} else if (strlen(nickname) == HEX_DIGEST_LEN &&
|
||||
(base16_decode(digest, DIGEST_LEN, nickname+1, strlen(nickname))==0)) {
|
||||
(base16_decode(digest, DIGEST_LEN, nickname, strlen(nickname))==0)) {
|
||||
return router_get_combined_status_by_digest(digest);
|
||||
}
|
||||
|
||||
|
@ -2708,8 +2944,10 @@ router_get_combined_status_by_nickname(const char *nickname,
|
|||
base16_encode(fp, sizeof(fp),
|
||||
best->status.identity_digest, DIGEST_LEN);
|
||||
log_warn(LD_CONFIG,
|
||||
"To look up a status, you specified a server \"%s\" by name, but the "
|
||||
"directory authorities do not have a binding for this nickname. "
|
||||
"When looking up a status, you specified a server \"%s\" by name, "
|
||||
"but the directory authorities do not have any key registered for "
|
||||
"this nickname -- so it could be used by any server, "
|
||||
"not just the one you meant. "
|
||||
"To make sure you get the same server in the future, refer to "
|
||||
"it by key, as \"$%s\".", nickname, fp);
|
||||
best->name_lookup_warned = 1;
|
||||
|
@ -2896,20 +3134,24 @@ update_networkstatus_client_downloads(time_t now)
|
|||
/* If no networkstatus was found, choose a dirserver at random as "most
|
||||
* recent". */
|
||||
if (most_recent_idx<0)
|
||||
most_recent_idx = crypto_rand_int(n_dirservers);
|
||||
most_recent_idx = crypto_rand_int(smartlist_len(trusted_dir_servers));
|
||||
|
||||
if (fetch_latest) {
|
||||
int i;
|
||||
int n_failed = 0;
|
||||
for (i = most_recent_idx + 1; 1; ++i) {
|
||||
trusted_dir_server_t *ds;
|
||||
if (i >= n_dirservers)
|
||||
if (i >= smartlist_len(trusted_dir_servers))
|
||||
i = 0;
|
||||
ds = smartlist_get(trusted_dir_servers, i);
|
||||
if (! ds->is_v2_authority)
|
||||
continue;
|
||||
if (n_failed < n_dirservers &&
|
||||
ds->n_networkstatus_failures > NETWORKSTATUS_N_ALLOWABLE_FAILURES) {
|
||||
if (n_failed >= n_dirservers) {
|
||||
log_info(LD_DIR, "All authorities have failed. Not trying any.");
|
||||
smartlist_free(missing);
|
||||
return;
|
||||
}
|
||||
if (ds->n_networkstatus_failures > NETWORKSTATUS_N_ALLOWABLE_FAILURES) {
|
||||
++n_failed;
|
||||
continue;
|
||||
}
|
||||
|
@ -3174,7 +3416,7 @@ compute_recommended_versions(time_t now, int client,
|
|||
} else {
|
||||
if (n_seen > n_versioning/2 && current)
|
||||
smartlist_add(recommended, current);
|
||||
n_seen = 0;
|
||||
n_seen = 1;
|
||||
current = cp;
|
||||
}
|
||||
});
|
||||
|
@ -3257,9 +3499,7 @@ routers_update_all_from_networkstatus(void)
|
|||
have_warned_about_invalid_status = 1;
|
||||
} else if (n_naming && !n_named) {
|
||||
log_info(LD_GENERAL, "0/%d name-binding directory authorities "
|
||||
"recognize your nickname. Please consider sending your "
|
||||
"nickname and identity fingerprint to the tor-ops.",
|
||||
n_naming);
|
||||
"recognize your nickname.", n_naming);
|
||||
have_warned_about_invalid_status = 1;
|
||||
}
|
||||
}
|
||||
|
@ -3375,6 +3615,16 @@ networkstatus_list_update_recent(time_t now)
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
static void
|
||||
dump_dir_weights(void)
|
||||
{
|
||||
log_dir_weights = 1;
|
||||
router_pick_directory_server_impl(0, 0, 0, 1);
|
||||
log_dir_weights = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
/** Helper for routerstatus_list_update_from_networkstatus: remember how many
|
||||
* authorities recommend a given descriptor digest. */
|
||||
typedef struct {
|
||||
|
@ -3626,7 +3876,7 @@ routerstatus_list_update_from_networkstatus(time_t now)
|
|||
memcpy(&rs_out->status, most_recent, sizeof(routerstatus_t));
|
||||
/* Copy status info about this router, if we had any before. */
|
||||
if ((rs_old = router_get_combined_status_by_digest(lowest))) {
|
||||
if (!memcmp(rs_out->status.descriptor_digest,
|
||||
if (!memcmp(rs_old->status.descriptor_digest,
|
||||
most_recent->descriptor_digest, DIGEST_LEN)) {
|
||||
rs_out->n_download_failures = rs_old->n_download_failures;
|
||||
rs_out->next_attempt_at = rs_old->next_attempt_at;
|
||||
|
@ -3685,6 +3935,10 @@ routerstatus_list_update_from_networkstatus(time_t now)
|
|||
|
||||
control_event_networkstatus_changed(changed_list);
|
||||
smartlist_free(changed_list);
|
||||
|
||||
#ifdef DUMP_DIR_WEIGHTS
|
||||
dump_dir_weights();
|
||||
#endif
|
||||
}
|
||||
|
||||
/** Given a list <b>routers</b> of routerinfo_t *, update each routers's
|
||||
|
@ -3710,8 +3964,19 @@ routers_update_status_from_networkstatus(smartlist_t *routers,
|
|||
rs = router_get_combined_status_by_digest(digest);
|
||||
ds = router_get_trusteddirserver_by_digest(digest);
|
||||
|
||||
if (!rs)
|
||||
if (!rs) {
|
||||
if (!namingdir)
|
||||
router->is_named = 0;
|
||||
if (!authdir) {
|
||||
if (router->purpose == ROUTER_PURPOSE_GENERAL) {
|
||||
router->is_valid = router->is_running =
|
||||
router->is_fast = router->is_stable =
|
||||
router->is_possible_guard = router->is_exit =
|
||||
router->is_bad_exit = 0;
|
||||
}
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!namingdir)
|
||||
router->is_named = rs->status.is_named;
|
||||
|
@ -4042,6 +4307,7 @@ update_router_descriptor_cache_downloads(time_t now)
|
|||
n_download = 0;
|
||||
SMARTLIST_FOREACH(networkstatus_list, networkstatus_t *, ns,
|
||||
{
|
||||
trusted_dir_server_t *ds;
|
||||
smartlist_t *dl;
|
||||
dl = downloadable[ns_sl_idx] = smartlist_create();
|
||||
download_from[ns_sl_idx] = smartlist_create();
|
||||
|
@ -4055,6 +4321,13 @@ update_router_descriptor_cache_downloads(time_t now)
|
|||
* we take this clause out. -RD */
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Don't try dirservers that we think are down -- we might have
|
||||
* just tried them and just marked them as down. */
|
||||
ds = router_get_trusteddirserver_by_digest(ns->identity_digest);
|
||||
if (ds && !ds->is_running)
|
||||
continue;
|
||||
|
||||
SMARTLIST_FOREACH(ns->entries, routerstatus_t * , rs,
|
||||
{
|
||||
if (!rs->need_to_mirror)
|
||||
|
@ -4473,11 +4746,16 @@ routerlist_assert_ok(routerlist_t *rl)
|
|||
digestmap_iter_t *iter;
|
||||
routerinfo_t *r2;
|
||||
signed_descriptor_t *sd2;
|
||||
if (!routerlist)
|
||||
if (!rl)
|
||||
return;
|
||||
SMARTLIST_FOREACH(rl->routers, routerinfo_t *, r,
|
||||
{
|
||||
r2 = digestmap_get(rl->identity_map, r->cache_info.identity_digest);
|
||||
if (r != r2) {
|
||||
log_err(LD_BUG,
|
||||
"fatal error: router at %p did not match router at %p. [%d]",
|
||||
r, r2, r_sl_idx);
|
||||
}
|
||||
tor_assert(r == r2);
|
||||
sd2 = digestmap_get(rl->desc_digest_map,
|
||||
r->cache_info.signed_descriptor_digest);
|
||||
|
|
|
@ -163,6 +163,8 @@ static void token_free(directory_token_t *tok);
|
|||
static smartlist_t *find_all_exitpolicy(smartlist_t *s);
|
||||
static directory_token_t *find_first_by_keyword(smartlist_t *s,
|
||||
directory_keyword keyword);
|
||||
static directory_token_t *find_last_by_keyword(smartlist_t *s,
|
||||
directory_keyword keyword);
|
||||
static int tokenize_string(const char *start, const char *end,
|
||||
smartlist_t *out, where_syntax where);
|
||||
static directory_token_t *get_next_token(const char **s, where_syntax where);
|
||||
|
@ -238,7 +240,6 @@ router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
|
|||
i = strlen(buf);
|
||||
if (base64_encode(buf+i, buf_len-i, signature, 128) < 0) {
|
||||
log_warn(LD_BUG,"couldn't base64-encode signature");
|
||||
tor_free(buf);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -532,6 +533,7 @@ find_dir_signing_key(const char *str)
|
|||
}
|
||||
if (tok->tp != K_DIR_SIGNING_KEY) {
|
||||
log_warn(LD_DIR, "Dir-signing-key token did not parse as expected");
|
||||
token_free(tok);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -540,6 +542,7 @@ find_dir_signing_key(const char *str)
|
|||
tok->key = NULL; /* steal reference. */
|
||||
} else {
|
||||
log_warn(LD_DIR, "Dir-signing-key token contained no key");
|
||||
token_free(tok);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -641,32 +644,46 @@ check_directory_signature(const char *digest,
|
|||
* Returns 0 on success and -1 on failure.
|
||||
*/
|
||||
int
|
||||
router_parse_list_from_string(const char **s, smartlist_t *dest,
|
||||
router_parse_list_from_string(const char **s, const char *eos,
|
||||
smartlist_t *dest,
|
||||
saved_location_t saved_location)
|
||||
{
|
||||
routerinfo_t *router;
|
||||
const char *end, *cp, *start;
|
||||
char *buf;
|
||||
size_t buf_len;
|
||||
|
||||
tor_assert(s);
|
||||
tor_assert(*s);
|
||||
tor_assert(dest);
|
||||
|
||||
start = *s;
|
||||
if (!eos)
|
||||
eos = *s + strlen(*s);
|
||||
|
||||
while (1) {
|
||||
*s = eat_whitespace(*s);
|
||||
*s = eat_whitespace_eos(*s, eos);
|
||||
if (eos - *s < 32) /* not long enough to hold a descriptor. */
|
||||
break;
|
||||
|
||||
/* Don't start parsing the rest of *s unless it contains a router. */
|
||||
if (strcmpstart(*s, "router ")!=0)
|
||||
break;
|
||||
if ((end = strstr(*s+1, "\nrouter "))) {
|
||||
if ((end = tor_memstr(*s+1, eos-(*s+1), "\nrouter "))) {
|
||||
cp = end;
|
||||
end++;
|
||||
} else if ((end = strstr(*s+1, "\ndirectory-signature"))) {
|
||||
} else if ((end = tor_memstr(*s+1, eos-(*s+1), "\ndirectory-signature"))) {
|
||||
cp = end;
|
||||
end++;
|
||||
} else {
|
||||
cp = end = *s+strlen(*s);
|
||||
cp = end = eos;
|
||||
}
|
||||
|
||||
/* Start by backing up a character. If we were at eos, we'll now point
|
||||
* to a valid character. If we were at a \nrouter or \ndirectory-signature,
|
||||
* we'll back up to before the \n. */
|
||||
--cp;
|
||||
|
||||
while (cp > *s && (!*cp || TOR_ISSPACE(*cp)))
|
||||
--cp;
|
||||
/* cp now points to the last non-space character in this descriptor. */
|
||||
|
@ -676,14 +693,23 @@ router_parse_list_from_string(const char **s, smartlist_t *dest,
|
|||
/* cp now points to the first \n before the last non-blank line in this
|
||||
* descriptor */
|
||||
|
||||
if (eos - cp < 25) /* not long enough to hold an "end signature" */
|
||||
break;
|
||||
|
||||
if (strcmpstart(cp, "\n-----END SIGNATURE-----\n")) {
|
||||
log_info(LD_DIR, "Ignoring truncated router descriptor.");
|
||||
*s = end;
|
||||
continue;
|
||||
}
|
||||
|
||||
router = router_parse_entry_from_string(*s, end,
|
||||
/* router_parse_entry_from_string isn't necessarily safe if the string
|
||||
* is non-NUL-terminated. This fix is a workaround for the stable
|
||||
* series only; */
|
||||
buf_len = end-*s;
|
||||
buf = tor_strndup(*s, buf_len); /* nul-terminates the copy. */
|
||||
router = router_parse_entry_from_string(buf, buf+buf_len,
|
||||
saved_location != SAVED_IN_CACHE);
|
||||
tor_free(buf);
|
||||
|
||||
if (!router) {
|
||||
log_warn(LD_DIR, "Error reading router; skipping");
|
||||
|
@ -754,7 +780,7 @@ router_parse_entry_from_string(const char *s, const char *end,
|
|||
|
||||
if (router_get_router_hash(s, digest) < 0) {
|
||||
log_warn(LD_DIR, "Couldn't compute router hash.");
|
||||
return NULL;
|
||||
goto err;
|
||||
}
|
||||
tokens = smartlist_create();
|
||||
if (tokenize_string(s,end,tokens,RTR)) {
|
||||
|
@ -938,7 +964,12 @@ router_parse_entry_from_string(const char *s, const char *end,
|
|||
log_warn(LD_DIR, "Missing router signature");
|
||||
goto err;
|
||||
}
|
||||
if (strcmp(tok->object_type, "SIGNATURE") || tok->object_size != 128) {
|
||||
if (tok != find_last_by_keyword(tokens, K_ROUTER_SIGNATURE)) {
|
||||
log_warn(LD_DIR, "Multiple signatures on one router. Ignoring.");
|
||||
goto err;
|
||||
}
|
||||
if (!tok->object_type ||
|
||||
strcmp(tok->object_type, "SIGNATURE") || tok->object_size != 128) {
|
||||
log_warn(LD_DIR, "Bad object type or length on router signature");
|
||||
goto err;
|
||||
}
|
||||
|
@ -1103,7 +1134,7 @@ routerstatus_parse_entry_from_string(const char **s, smartlist_t *tokens)
|
|||
rs->version_supports_begindir = 1;
|
||||
} else {
|
||||
rs->version_supports_begindir =
|
||||
tor_version_as_new_as(tok->args[0], "0.1.2.2-alpha");
|
||||
tor_version_as_new_as(tok->args[0], "0.2.0.1-alpha");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1252,6 +1283,7 @@ networkstatus_parse_from_string(const char *s)
|
|||
if (!(tok = find_first_by_keyword(tokens, K_CLIENT_VERSIONS)) ||
|
||||
tok->n_args<1) {
|
||||
log_warn(LD_DIR, "Missing client-versions");
|
||||
goto err;
|
||||
}
|
||||
ns->client_versions = tok->args[0];
|
||||
tok->args[0] = NULL;
|
||||
|
@ -1637,7 +1669,7 @@ get_next_token(const char **s, where_syntax where)
|
|||
}
|
||||
*s = eat_whitespace(*s);
|
||||
if (strcmpstart(*s, "-----BEGIN ")) {
|
||||
goto done_tokenizing;
|
||||
goto check_obj;
|
||||
}
|
||||
obstart = *s;
|
||||
*s += 11; /* length of "-----BEGIN ". */
|
||||
|
@ -1673,6 +1705,7 @@ get_next_token(const char **s, where_syntax where)
|
|||
}
|
||||
*s += i+6;
|
||||
}
|
||||
check_obj:
|
||||
switch (o_syn)
|
||||
{
|
||||
case NO_OBJ:
|
||||
|
@ -1716,6 +1749,7 @@ tokenize_string(const char *start, const char *end, smartlist_t *out,
|
|||
tok = get_next_token(s, where);
|
||||
if (tok->tp == _ERR) {
|
||||
log_warn(LD_DIR, "parse error: %s", tok->error);
|
||||
token_free(tok);
|
||||
return -1;
|
||||
}
|
||||
smartlist_add(out, tok);
|
||||
|
@ -1735,6 +1769,17 @@ find_first_by_keyword(smartlist_t *s, directory_keyword keyword)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
/** Find the last token in <b>s</b> whose keyword is <b>keyword</b>; return
|
||||
* NULL if no such keyword is found.
|
||||
*/
|
||||
static directory_token_t *
|
||||
find_last_by_keyword(smartlist_t *s, directory_keyword keyword)
|
||||
{
|
||||
directory_token_t *last = NULL;
|
||||
SMARTLIST_FOREACH(s, directory_token_t *, t, if (t->tp == keyword) last = t);
|
||||
return last;
|
||||
}
|
||||
|
||||
/** Return a newly allocated smartlist of all accept or reject tokens in
|
||||
* <b>s</b>.
|
||||
*/
|
||||
|
|
|
@ -1753,7 +1753,7 @@ test_policies(void)
|
|||
compare_addr_to_addr_policy(0xc0a80102, 2, policy));
|
||||
|
||||
policy2 = NULL;
|
||||
test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1));
|
||||
test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL));
|
||||
test_assert(policy2);
|
||||
|
||||
test_assert(!exit_policy_is_general_exit(policy));
|
||||
|
@ -1773,7 +1773,7 @@ test_policies(void)
|
|||
line.key = (char*)"foo";
|
||||
line.value = (char*)"accept *:80,reject private:*,reject *:*";
|
||||
line.next = NULL;
|
||||
test_assert(0 == policies_parse_exit_policy(&line, &policy, 0));
|
||||
test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL));
|
||||
test_assert(policy);
|
||||
test_streq(policy->string, "accept *:80");
|
||||
test_streq(policy->next->string, "reject *:*");
|
||||
|
@ -1815,7 +1815,7 @@ test_rend_fns(void)
|
|||
test_assert(!crypto_pk_cmp_keys(d1->pk, d2->pk));
|
||||
test_eq(d2->timestamp, now);
|
||||
test_eq(d2->version, 0);
|
||||
test_eq(d2->protocols, 1);
|
||||
test_eq(d2->protocols, 4);
|
||||
test_eq(d2->n_intro_points, 3);
|
||||
test_streq(d2->intro_points[0], "tom");
|
||||
test_streq(d2->intro_points[1], "crow");
|
||||
|
|
|
@ -227,6 +227,6 @@
|
|||
#define USING_TWOS_COMPLEMENT
|
||||
|
||||
/* Version number of package */
|
||||
#define VERSION "0.1.2.9-rc-dev"
|
||||
#define VERSION "0.1.2.19-dev"
|
||||
|
||||
|
||||
|
|
16
tor.spec.in
16
tor.spec.in
|
@ -117,19 +117,19 @@ Version: %{version}
|
|||
Release: %{release}
|
||||
|
||||
Summary: Anonymizing overlay network for TCP (The onion router)
|
||||
URL: http://tor.eff.org/
|
||||
URL: https://www.torproject.org/
|
||||
Group: System Environment/Daemons
|
||||
|
||||
License: BSD-like
|
||||
Vendor: R. Dingledine <arma@seul.org>
|
||||
Packager: Andrew Lewman <phobos@interloper.org>
|
||||
Packager: Andrew Lewman <phobos@rootme.org>
|
||||
|
||||
%if %{is_suse}
|
||||
Requires: openssl >= 0.9.6
|
||||
BuildRequires: openssl-devel >= 0.9.6, rpm >= 4.0, zlib-devel
|
||||
%else
|
||||
Requires: openssl >= 0.9.6, libevent >= 1.2
|
||||
BuildRequires: openssl-devel >= 0.9.6, libevent-devel >= 1.2
|
||||
Requires: openssl >= 0.9.6
|
||||
BuildRequires: openssl-devel >= 0.9.6, libevent-devel >= 1.1a
|
||||
%endif
|
||||
%if %{is_fc}
|
||||
BuildRequires: rpm-build >= 4.0
|
||||
|
@ -137,7 +137,7 @@ BuildRequires: rpm-build >= 4.0
|
|||
Requires(pre): /usr/bin/id, /bin/date, /bin/sh
|
||||
Requires(pre): %{_sbindir}/useradd, %{_sbindir}/groupadd
|
||||
|
||||
Source0: http://tor.eff.org/dist/%{name}-%{native_version}.tar.gz
|
||||
Source0: https://www.torproject.org/dist/%{name}-%{native_version}.tar.gz
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
|
||||
|
@ -191,7 +191,7 @@ for high-stakes anonymity.
|
|||
%__install -p -m 755 contrib/torctl ${RPM_BUILD_ROOT}%{_bindir}
|
||||
|
||||
# Set up config file; "sample" file implements a basic user node.
|
||||
%__install -p -m 644 ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/torrc.sample ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/torrc
|
||||
%__install -p -m 644 src/config/torrc.sample ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/torrc.sample
|
||||
|
||||
# Install the logrotate control file.
|
||||
%__mkdir_p -m 755 ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d
|
||||
|
@ -297,6 +297,10 @@ exit 0
|
|||
|
||||
%changelog
|
||||
|
||||
* Wed Oct 17 2007 Andrew Lewman <phobos@rootme.org>
|
||||
- Remove tor_gencert as this feature isn't backported yet.
|
||||
- Confirm all we really need is libevent 1.1a at a minimum
|
||||
|
||||
* Tue Feb 27 2007 Andrew Lewman <phobos@rootme.org>
|
||||
- Fix a potential race condition in how we determine the running state of tor. Found by Stefan Nordhausen.
|
||||
- see OR-CVS for details
|
||||
|
|
Loading…
Reference in New Issue