[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit aaa7768c3f982d65b94516e5381c2d919ec22243 Author: Translation commit botDate: Thu May 5 15:45:42 2016 + Update translations for tails-misc --- de.po | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/de.po b/de.po index e3749bd..0273344 100644 --- a/de.po +++ b/de.po @@ -9,7 +9,7 @@ # trantor , 2014 # DoKnGH26" 21 , 2015 # D P, 2015 -# Ettore Atalan , 2014-2015 +# Ettore Atalan , 2014-2016 # gerhard , 2013 # konstibae, 2015 # Larson März , 2013 @@ -29,8 +29,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2016-04-25 14:02+0200\n" -"PO-Revision-Date: 2016-04-26 09:06+\n" -"Last-Translator: carolyn \n" +"PO-Revision-Date: 2016-05-05 15:19+\n" +"Last-Translator: Ettore Atalan \n" "Language-Team: German (http://www.transifex.com/otf/torproject/language/de/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -263,7 +263,7 @@ msgid "" "If you already migrated your emails to Icedove, you should delete" " all your Claws Mail data to remove this warning." -msgstr "" +msgstr "Wenn Sie Ihre E-Mails bereits auf Icedove migriert haben, sollten Sie Ihre kompletten Claws Mail-Daten löschen, um diese Warnung zu entfernen." #: config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71 msgid "Restart" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed
commit c0a1284dc5d0e777fed31197fb2b6af4b733a60e Author: Translation commit botDate: Thu May 5 15:45:45 2016 + Update translations for tails-misc_completed --- de.po | 23 +++ 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/de.po b/de.po index 991ab90..0273344 100644 --- a/de.po +++ b/de.po @@ -9,7 +9,7 @@ # trantor , 2014 # DoKnGH26" 21 , 2015 # D P, 2015 -# Ettore Atalan , 2014-2015 +# Ettore Atalan , 2014-2016 # gerhard , 2013 # konstibae, 2015 # Larson März , 2013 @@ -28,9 +28,9 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2016-03-17 15:03+0100\n" -"PO-Revision-Date: 2016-03-21 16:27+\n" -"Last-Translator: Christian Spaan \n" +"POT-Creation-Date: 2016-04-25 14:02+0200\n" +"PO-Revision-Date: 2016-05-05 15:19+\n" +"Last-Translator: Ettore Atalan \n" "Language-Team: German (http://www.transifex.com/otf/torproject/language/de/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -79,13 +79,13 @@ msgid "Do you want to start Electrum anyway?" msgstr "Wollen Sie Electrum trotzdem starten?" #: config/chroot_local-includes/usr/local/bin/electrum:23 -#: config/chroot_local-includes/usr/local/bin/icedove:23 +#: config/chroot_local-includes/usr/local/bin/icedove:30 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:41 msgid "_Launch" msgstr "_Start" #: config/chroot_local-includes/usr/local/bin/electrum:24 -#: config/chroot_local-includes/usr/local/bin/icedove:24 +#: config/chroot_local-includes/usr/local/bin/icedove:31 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:42 msgid "_Exit" msgstr "_Beenden" @@ -247,17 +247,24 @@ msgstr "Ausgabe von GnuPG:" msgid "Other messages provided by GnuPG:" msgstr "Andere Nachrichten von GnuPG:" -#: config/chroot_local-includes/usr/local/bin/icedove:19 +#: config/chroot_local-includes/usr/local/bin/icedove:20 msgid "The Claws Mail persistence feature is activated." msgstr "Die Persistenzfunktion von Claws Mail ist aktiviert." -#: config/chroot_local-includes/usr/local/bin/icedove:21 +#: config/chroot_local-includes/usr/local/bin/icedove:22 msgid "" "If you have emails saved in Claws Mail, you should migrate" " your data before starting Icedove." msgstr "Falls Sie gespeicherte E-Mails in Claws Mail haben, sollten Sie noch vor dem Start von Icedove Ihre Daten migrieren." +#: config/chroot_local-includes/usr/local/bin/icedove:27 +msgid "" +"If you already migrated your emails to Icedove, you should delete" +" all your Claws Mail data to remove this warning." +msgstr "Wenn Sie Ihre E-Mails bereits auf Icedove migriert haben, sollten Sie Ihre kompletten Claws Mail-Daten löschen, um diese Warnung zu entfernen." + #: config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71 msgid "Restart" msgstr "Neustart" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit 7e476c6cad08fb69ff8e662957b5a6e86ba0ceac Author: Translation commit botDate: Thu May 5 15:15:44 2016 + Update translations for tails-misc --- hu.po | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hu.po b/hu.po index 480cb8b..5665a36 100644 --- a/hu.po +++ b/hu.po @@ -4,6 +4,7 @@ # # Translators: # benewfy , 2015-2016 +# Falu, 2016 # Blackywantscookies , 2014 # Blackywantscookies , 2014 # iskr , 2013 @@ -15,8 +16,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2016-04-25 14:02+0200\n" -"PO-Revision-Date: 2016-04-26 09:06+\n" -"Last-Translator: carolyn \n" +"PO-Revision-Date: 2016-05-05 15:14+\n" +"Last-Translator: Falu\n" "Language-Team: Hungarian (http://www.transifex.com/otf/torproject/language/hu/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -249,7 +250,7 @@ msgid "" "If you already migrated your emails to Icedove, you should delete" " all your Claws Mail data to remove this warning." -msgstr "" +msgstr "Ha a levelezés migrálása Icedove-ra már megtörtént, akkor minden Claws Mail adatod törlése után ez a figyelmeztetés nem fog megjelenni." #: config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71 msgid "Restart" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed
commit 7236a4465f4686270612283f4bd2641b94918912 Author: Translation commit botDate: Thu May 5 15:15:47 2016 + Update translations for tails-misc_completed --- hu.po | 22 +++--- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/hu.po b/hu.po index c59415c..5665a36 100644 --- a/hu.po +++ b/hu.po @@ -4,6 +4,7 @@ # # Translators: # benewfy , 2015-2016 +# Falu, 2016 # Blackywantscookies , 2014 # Blackywantscookies , 2014 # iskr , 2013 @@ -14,9 +15,9 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2016-03-17 15:03+0100\n" -"PO-Revision-Date: 2016-03-21 16:27+\n" -"Last-Translator: Robert Zsolt \n" +"POT-Creation-Date: 2016-04-25 14:02+0200\n" +"PO-Revision-Date: 2016-05-05 15:14+\n" +"Last-Translator: Falu\n" "Language-Team: Hungarian (http://www.transifex.com/otf/torproject/language/hu/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -65,13 +66,13 @@ msgid "Do you want to start Electrum anyway?" msgstr "Mindenképp el szeretné indÃtani az Electum-ot?" #: config/chroot_local-includes/usr/local/bin/electrum:23 -#: config/chroot_local-includes/usr/local/bin/icedove:23 +#: config/chroot_local-includes/usr/local/bin/icedove:30 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:41 msgid "_Launch" msgstr "_IndÃtás" #: config/chroot_local-includes/usr/local/bin/electrum:24 -#: config/chroot_local-includes/usr/local/bin/icedove:24 +#: config/chroot_local-includes/usr/local/bin/icedove:31 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:42 msgid "_Exit" msgstr "_Kilépés" @@ -233,17 +234,24 @@ msgstr "GnuPG kimenet:" msgid "Other messages provided by GnuPG:" msgstr "Egyéb üzenetek a GnuPG-tÅl:" -#: config/chroot_local-includes/usr/local/bin/icedove:19 +#: config/chroot_local-includes/usr/local/bin/icedove:20 msgid "The Claws Mail persistence feature is activated." msgstr "A Claws Mail perzisztencia aktiválva." -#: config/chroot_local-includes/usr/local/bin/icedove:21 +#: config/chroot_local-includes/usr/local/bin/icedove:22 msgid "" "If you have emails saved in Claws Mail, you should migrate" " your data before starting Icedove." msgstr "Ha vannak elmentett emailjei a Claws Mail-ben, akkor másolja át az adatait az Icedove indÃtása elÅtt." +#: config/chroot_local-includes/usr/local/bin/icedove:27 +msgid "" +"If you already migrated your emails to Icedove, you should delete" +" all your Claws Mail data to remove this warning." +msgstr "Ha a levelezés migrálása Icedove-ra már megtörtént, akkor minden Claws Mail adatod törlése után ez a figyelmeztetés nem fog megjelenni." + #: config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71 msgid "Restart" msgstr "ÃjraindÃtás" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Make clients always use begindir for directory requests
commit 833b5f71a72394c02ef633ba0f78d7011fef6181 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 15:37:59 2016 +1000 Make clients always use begindir for directory requests This improves client anonymity and avoids directory header tampering. The extra load on the authorities should be offset by the fallback directories feature. This also simplifies the fixes to #18809. --- changes/feature18483 | 4 src/or/directory.c | 61 +--- src/or/directory.h | 6 -- 3 files changed, 61 insertions(+), 10 deletions(-) diff --git a/changes/feature18483 b/changes/feature18483 new file mode 100644 index 000..b3c42e6 --- /dev/null +++ b/changes/feature18483 @@ -0,0 +1,4 @@ + o Minor features (clients): +- Make clients, onion services, and bridge relays always + use an encrypted begindir connection for directory requests. + Resolves #18483. Patch by "teor". diff --git a/src/or/directory.c b/src/or/directory.c index ca3b3e3..a03283e 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -964,6 +964,16 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status) update_certificate_downloads(time(NULL)); } +/* Should this tor instance only use begindir for all its directory requests? + */ +int +directory_must_use_begindir(const or_options_t *options) +{ + /* Clients, onion services, and bridges must use begindir, + * relays and authorities do not have to */ + return !public_server_mode(options); +} + /** Evaluate the situation and decide if we should use an encrypted * "begindir-style" connection for this directory request. * 1) If or_port is 0, or it's a direct conn and or_port is firewalled @@ -971,23 +981,48 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status) * 2) If we prefer to avoid begindir conns, and we're not fetching or *publishing a bridge relay descriptor, no. * 3) Else yes. + * If returning 0, return in *reason why we can't use begindir. + * reason must not be NULL. */ static int directory_command_should_use_begindir(const or_options_t *options, const tor_addr_t *addr, int or_port, uint8_t router_purpose, - dir_indirection_t indirection) + dir_indirection_t indirection, + const char **reason) { (void) router_purpose; - if (!or_port) + tor_assert(reason); + *reason = NULL; + + /* Reasons why we can't possibly use begindir */ + if (!or_port) { +*reason = "directory with unknown ORPort"; return 0; /* We don't know an ORPort -- no chance. */ - if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT) + } + if (indirection == DIRIND_DIRECT_CONN || + indirection == DIRIND_ANON_DIRPORT) { +*reason = "DirPort connection"; return 0; - if (indirection == DIRIND_ONEHOP) + } + if (indirection == DIRIND_ONEHOP) { +/* We're firewalled and want a direct OR connection */ if (!fascist_firewall_allows_address_addr(addr, or_port, - FIREWALL_OR_CONNECTION, 0, 0) || -directory_fetches_from_authorities(options)) - return 0; /* We're firewalled or are acting like a relay -- also no. */ + FIREWALL_OR_CONNECTION, 0, 0)) { + *reason = "ORPort not reachable"; + return 0; +} + } + /* Reasons why we want to avoid using begindir */ + if (indirection == DIRIND_ONEHOP) { +if (!directory_must_use_begindir(options)) { + *reason = "in relay mode"; + return 0; +} + } + /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS + */ + *reason = "(using begindir)"; return 1; } @@ -1070,11 +1105,13 @@ directory_initiate_command_rend(const tor_addr_port_t *or_addr_port, dir_connection_t *conn; const or_options_t *options = get_options(); int socket_error = 0; + const char *begindir_reason = NULL; /* Should the connection be to a relay's OR port (and inside that we will * send our directory request)? */ const int use_begindir = directory_command_should_use_begindir(options, _addr_port->addr, or_addr_port->port, - router_purpose, indirection); + router_purpose, indirection, + _reason); /* Will the connection go via a three-hop Tor circuit? Note that this * is separate from whether it will use_begindir. */ const int anonymized_connection = dirind_is_anon(indirection); @@ -1100,6 +1137,14 @@ directory_initiate_command_rend(const tor_addr_port_t *or_addr_port, (void)is_sensitive_dir_purpose; #endif + /* use encrypted begindir connections for everything except relays + * this
[tor-commits] [tor/release-0.2.8] Report success when not terminating an already terminated process.
commit c7b9e0b8ed7076525da185e25c2142b18b4d43e3 Author: Nick MathewsonDate: Wed May 4 15:10:36 2016 -0400 Report success when not terminating an already terminated process. Also, document the actual behavior and return values of tor_terminate_process. Fixes bug18686; bugfix on 0.2.3.9-alpha. --- changes/bug18686 | 5 + src/common/util.c | 11 --- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/changes/bug18686 b/changes/bug18686 new file mode 100644 index 000..23547d2 --- /dev/null +++ b/changes/bug18686 @@ -0,0 +1,5 @@ + o Minor bugfixes (pluggable transports): +- Avoid reporting a spurious error when we decide that we don't + need to terminate a pluggable transport because it has already + exited. Fixes bug 18686; bugfix on 0.2.5.5-alpha. + diff --git a/src/common/util.c b/src/common/util.c index 04cc6b1..65af8a6 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -3626,8 +3626,13 @@ format_helper_exit_status(unsigned char child_state, int saved_errno, /* Maximum number of file descriptors, if we cannot get it via sysconf() */ #define DEFAULT_MAX_FD 256 -/** Terminate the process of process_handle. - * Code borrowed from Python's os.kill. */ +/** Terminate the process of process_handle, if that process has not + * already exited. + * + * Return 0 if we succeeded in terminating the process (or if the process + * already exited), and -1 if we tried to kill the process but failed. + * + * Based on code originally borrowed from Python's os.kill. */ int tor_terminate_process(process_handle_t *process_handle) { @@ -3647,7 +3652,7 @@ tor_terminate_process(process_handle_t *process_handle) } #endif - return -1; + return 0; /* We didn't need to kill the process, so report success */ } /** Return the Process ID of process_handle. */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Refactor router_pick_directory_server_impl to use node functions
commit 03fc4cf04caf240fa4e285c3b483c60587456e9b Author: teor (Tim Wilson-Brown)Date: Sat Apr 30 11:00:50 2016 +1000 Refactor router_pick_directory_server_impl to use node functions No behavioural change This makes the use of the node explicit in the function, rather than hiding the node lookup in fascist_firewall_allows_rs. --- src/or/routerlist.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 13739a7..1c275a6 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1740,13 +1740,13 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, * we try routers that only have one address both times.) */ if (!fascistfirewall || skip_or_fw || -fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION, - try_ip_pref)) +fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, + try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); else if (!must_have_or && (skip_dir_fw || - fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, -try_ip_pref))) + fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION, + try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); } SMARTLIST_FOREACH_END(node); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8
commit 68d913c49c7aff441fc6671406aee5137f36f620 Merge: 2e5b35d 9aa280c Author: Nick MathewsonDate: Thu May 5 08:16:36 2016 -0400 Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8 changes/feature18483 | 4 src/or/directory.c | 67 src/or/directory.h | 6 +++-- src/or/routerlist.c | 10 4 files changed, 71 insertions(+), 16 deletions(-) diff --cc src/or/routerlist.c index 2167ae2,6a293b7..97512d7 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@@ -1743,11 -1746,13 +1744,11 @@@ router_pick_directory_server_impl(dirin try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); - else if (skip_dir || + else if (!must_have_or && (skip_dir || fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); -else if (!tor_addr_is_null(>ipv6_addr)) - ++n_not_preferred; } SMARTLIST_FOREACH_END(node); if (smartlist_len(tunnel)) { @@@ -1888,10 -1894,12 +1890,10 @@@ router_pick_trusteddirserver_impl(cons fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); - else if (skip_dir || + else if (!must_have_or && (skip_dir || fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + try_ip_pref))) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); - else if (!tor_addr_is_null(>ipv6_addr)) -++n_not_preferred; } SMARTLIST_FOREACH_END(d); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Choose the correct address for one-hop connections
commit 0cf90bac2a7136e0abb9fed160f70c543ad8b88a Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 16:03:23 2016 +1000 Choose the correct address for one-hop connections After #17840 in 0.2.8.1-alpha, we incorrectly chose an IPv4 address for all DIRIND_ONEHOP directory connections, even if the routerstatus didn't have an IPv4 address. This likely affected bridge clients with IPv6 bridges. Resolves #18921. --- changes/bug18921 | 4 src/or/directory.c | 30 +++--- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/changes/bug18921 b/changes/bug18921 new file mode 100644 index 000..934a604 --- /dev/null +++ b/changes/bug18921 @@ -0,0 +1,4 @@ + o Major bugfixes (IPv6 bridges): +- Fix directory address selection for IPv6 bridges. + Resolves #18921, bugfix on #17840 in 0.2.8.1-alpha. + Patch by "teor". diff --git a/src/or/directory.c b/src/or/directory.c index ab9f738..ca3b3e3 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -630,7 +630,6 @@ directory_choose_address_routerstatus(const routerstatus_t *status, tor_assert(use_or_ap != NULL); tor_assert(use_dir_ap != NULL); - const int anonymized_connection = dirind_is_anon(indirection); int have_or = 0, have_dir = 0; /* We expect status to have at least one reachable address if we're @@ -652,13 +651,16 @@ directory_choose_address_routerstatus(const routerstatus_t *status, tor_addr_make_null(_dir_ap->addr, AF_UNSPEC); use_dir_ap->port = 0; - if (anonymized_connection) { -/* Use the primary (IPv4) OR address if we're making an indirect - * connection. */ -tor_addr_from_ipv4h(_or_ap->addr, status->addr); -use_or_ap->port = status->or_port; -have_or = 1; - } else { + /* ORPort connections */ + if (indirection == DIRIND_ANONYMOUS) { +if (status->addr) { + /* Since we're going to build a 3-hop circuit and ask the 2nd relay + * to extend to this address, always use the primary (IPv4) OR address */ + tor_addr_from_ipv4h(_or_ap->addr, status->addr); + use_or_ap->port = status->or_port; + have_or = 1; +} + } else if (indirection == DIRIND_ONEHOP) { /* We use an IPv6 address if we have one and we prefer it. * Use the preferred address and port if they are reachable, otherwise, * use the alternate address and port (if any). @@ -668,9 +670,15 @@ directory_choose_address_routerstatus(const routerstatus_t *status, use_or_ap); } - have_dir = fascist_firewall_choose_address_rs(status, -FIREWALL_DIR_CONNECTION, 0, -use_dir_ap); + /* DirPort connections + * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort */ + if (indirection == DIRIND_DIRECT_CONN || + indirection == DIRIND_ANON_DIRPORT || + indirection == DIRIND_ONEHOP) { +have_dir = fascist_firewall_choose_address_rs(status, + FIREWALL_DIR_CONNECTION, 0, + use_dir_ap); + } /* We rejected all addresses in the relay's status. This means we can't * connect to it. */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Comment-only change to clarify routerstatus_t IPv4 byte order
commit 225448ad34a75b6eea9ab17e306e67578ce86760 Author: teor (Tim Wilson-Brown)Date: Fri Apr 29 11:03:59 2016 +1000 Comment-only change to clarify routerstatus_t IPv4 byte order --- src/or/or.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/or.h b/src/or/or.h index 592f295..6694bb4 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2215,7 +2215,7 @@ typedef struct routerstatus_t { /** Digest of the router's most recent descriptor or microdescriptor. * If it's a descriptor, we only use the first DIGEST_LEN bytes. */ char descriptor_digest[DIGEST256_LEN]; - uint32_t addr; /**< IPv4 address for this router. */ + uint32_t addr; /**< IPv4 address for this router, in host order. */ uint16_t or_port; /**< OR port for this router. */ uint16_t dir_port; /**< Directory port for this router. */ tor_addr_t ipv6_addr; /**< IPv6 address for this router. */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Rename skip_or and skip_dir to avoid confusion
commit 7ec273bd4a3c82d9bddc9aef373b4f99396198c9 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 15:44:31 2016 +1000 Rename skip_or and skip_dir to avoid confusion Variable rename only --- src/or/routerlist.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 97512d7..13739a7 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1685,8 +1685,8 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, overloaded_direct = smartlist_new(); overloaded_tunnel = smartlist_new(); - const int skip_or = router_skip_or_reachability(options, try_ip_pref); - const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref); + const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref); const int must_have_or = directory_must_use_begindir(options); /* Find all the running dirservers we know about. */ @@ -1739,12 +1739,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, * address for each router (if any). (To ensure correct load-balancing * we try routers that only have one address both times.) */ -if (!fascistfirewall || skip_or || +if (!fascistfirewall || skip_or_fw || fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); -else if (!must_have_or && (skip_dir || +else if (!must_have_or && (skip_dir_fw || fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : @@ -1848,8 +1848,8 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, overloaded_direct = smartlist_new(); overloaded_tunnel = smartlist_new(); - const int skip_or = router_skip_or_reachability(options, try_ip_pref); - const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref); + const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref); const int must_have_or = directory_must_use_begindir(options); SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d) @@ -1886,11 +1886,11 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, * address for each router (if any). (To ensure correct load-balancing * we try routers that only have one address both times.) */ - if (!fascistfirewall || skip_or || + if (!fascistfirewall || skip_or_fw || fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); - else if (!must_have_or && (skip_dir || + else if (!must_have_or && (skip_dir_fw || fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, try_ip_pref))) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Merge branch 'bug18686_025' into maint-0.2.8
commit b8e8910d60e41844ce4ab37d9306cb8e8b5aec91 Merge: 31332a8 c7b9e0b Author: Nick MathewsonDate: Wed May 4 15:12:11 2016 -0400 Merge branch 'bug18686_025' into maint-0.2.8 changes/bug18686 | 5 + src/common/util.c | 11 --- 2 files changed, 13 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Merge branch 'bug18921_squashed' into maint-0.2.8
commit 01e7f42a09108e71cede46d4a038c4b1253a3d42 Merge: 6027429 0cf90ba Author: Nick MathewsonDate: Wed May 4 15:23:26 2016 -0400 Merge branch 'bug18921_squashed' into maint-0.2.8 changes/bug18921 | 4 src/or/directory.c | 30 +++--- 2 files changed, 23 insertions(+), 11 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Fix keccak-tiny portability on `exotic` platforms.
commit 8f292f1c33b033f36e17969f206c9332c0241e9a Author: Yawning AngelDate: Mon May 2 10:24:35 2016 + Fix keccak-tiny portability on `exotic` platforms. * SHA-3/SHAKE use little endian for certain things, so byteswap as needed. * The code was written under the assumption that unaligned access to quadwords is allowed, which isn't true particularly on non-Intel. --- changes/bug18943 | 6 +++ src/ext/keccak-tiny/keccak-tiny-unrolled.c | 72 +- 2 files changed, 57 insertions(+), 21 deletions(-) diff --git a/changes/bug18943 b/changes/bug18943 new file mode 100644 index 000..53569f0 --- /dev/null +++ b/changes/bug18943 @@ -0,0 +1,6 @@ + o Major bugfixes (crypto, portability): +- The SHA3 and SHAKE routines now produce the correct output on + Big Endian systems, unbreaking the unit tests. No code calls + either algorithm family yet, so this is primarily a build fix. + Closes ticket 18943. + diff --git a/src/ext/keccak-tiny/keccak-tiny-unrolled.c b/src/ext/keccak-tiny/keccak-tiny-unrolled.c index 4b4f51c..d1342c3 100644 --- a/src/ext/keccak-tiny/keccak-tiny-unrolled.c +++ b/src/ext/keccak-tiny/keccak-tiny-unrolled.c @@ -11,6 +11,29 @@ #include #include "crypto.h" +/ Endianness conversion helpers / + +static inline uint64_t +loadu64le(const unsigned char *x) { + uint64_t r = 0; + size_t i; + + for (i = 0; i < 8; ++i) { +r |= (uint64_t)x[i] << 8 * i; + } + return r; +} + +static inline void +storeu64le(uint8_t *x, uint64_t u) { + size_t i; + + for(i=0; i<8; ++i) { +x[i] = u; +u >>= 8; + } +} + / The Keccak-f[1600] permutation / /*** Constants. ***/ @@ -80,24 +103,26 @@ static inline void keccakf(void* state) { /*** Some helper macros. ***/ -#define _(S) do { S } while (0) -#define FOR(i, ST, L, S) \ - _(for (size_t i = 0; i < L; i += ST) { S; }) -#define mkapply_ds(NAME, S) \ - static inline void NAME(uint8_t* dst, \ - const uint8_t* src,\ - size_t len) { \ -FOR(i, 1, len, S); \ - } -#define mkapply_sd(NAME, S) \ - static inline void NAME(const uint8_t* src,\ - uint8_t* dst, \ - size_t len) { \ -FOR(i, 1, len, S); \ +// `xorin` modified to handle Big Endian systems, `buf` being unaligned on +// systems that care about such things. Assumes that len is a multiple of 8, +// which is always true for the rates we use, and the modified finalize. +static inline void +xorin8(uint8_t *dst, const uint8_t *src, size_t len) { + uint64_t* a = (uint64_t*)dst; // Always aligned. + for (size_t i = 0; i < len; i += 8) { +a[i/8] ^= loadu64le(src + i); } +} -mkapply_ds(xorin, dst[i] ^= src[i]) // xorin -mkapply_sd(setout, dst[i] = src[i]) // setout +// `setout` likewise modified to handle Big Endian systems. Assumes that len +// is a multiple of 8, which is true for every rate we use. +static inline void +setout8(const uint8_t *src, uint8_t *dst, size_t len) { + const uint64_t *si = (const uint64_t*)src; // Always aligned. + for (size_t i = 0; i < len; i+= 8) { +storeu64le(dst+i, si[i/8]); + } +} #define P keccakf #define Plen KECCAK_MAX_RATE @@ -118,7 +143,7 @@ static inline void keccak_absorb_blocks(keccak_state *s, const uint8_t *buf, size_t nr_blocks) { size_t blen = nr_blocks * s->rate; - foldP(buf, blen, xorin); + foldP(buf, blen, xorin8); } static int @@ -161,10 +186,14 @@ static void keccak_finalize(keccak_state *s) { // Xor in the DS and pad frame. - s->a[s->offset] ^= s->delim; - s->a[s->rate - 1] ^= 0x80; + s->block[s->offset++] = s->delim; // DS. + for (size_t i = s->offset; i < s->rate; i++) { +s->block[i] = 0; + } + s->block[s->rate - 1] |= 0x80; // Pad frame. + // Xor in the last block. - xorin(s->a, s->block, s->offset); + xorin8(s->a, s->block, s->rate); memwipe(s->block, 0, sizeof(s->block)); s->finalized = 1; @@ -176,7 +205,7 @@ keccak_squeeze_blocks(keccak_state *s, uint8_t *out, size_t nr_blocks) { for (size_t n = 0; n < nr_blocks; n++) { keccakf(s->a); -setout(s->a, out, s->rate); +setout8(s->a, out, s->rate); out += s->rate; } } @@ -321,6 +350,7 @@ static inline int hash(uint8_t* out, size_t outlen, int ret = 0; keccak_state s; + keccak_cleanse(); switch (delim) { case KECCAK_DELIM_DIGEST: ___ tor-commits mailing list tor-commits@lists.torproject.org
[tor-commits] [tor/release-0.2.8] Only choose directory DirPorts on relays
commit 9aa280cc0c105bc282c3c1c0dee385387251ab12 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 16:07:47 2016 +1000 Only choose directory DirPorts on relays --- src/or/directory.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/or/directory.c b/src/or/directory.c index a03283e..8dc018a 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -630,6 +630,7 @@ directory_choose_address_routerstatus(const routerstatus_t *status, tor_assert(use_or_ap != NULL); tor_assert(use_dir_ap != NULL); + const or_options_t *options = get_options(); int have_or = 0, have_dir = 0; /* We expect status to have at least one reachable address if we're @@ -671,10 +672,11 @@ directory_choose_address_routerstatus(const routerstatus_t *status, } /* DirPort connections - * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort */ + * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */ if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT || - indirection == DIRIND_ONEHOP) { + (indirection == DIRIND_ONEHOP + && !directory_must_use_begindir(options))) { have_dir = fascist_firewall_choose_address_rs(status, FIREWALL_DIR_CONNECTION, 0, use_dir_ap); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Make directory node selection more reliable
commit 2e5b35db81e867e782086e3d714fcc7882c9c171 Author: teor (Tim Wilson-Brown)Date: Thu May 5 11:51:37 2016 +1000 Make directory node selection more reliable Delete an unnecessary check for non-preferred IP versions. Allows clients which can't reach any directories of their preferred IP address version to get directory documents. Patch on #17840 in 0.2.8.1-alpha. --- changes/bug18929| 5 + src/or/routerlist.c | 12 +++- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/changes/bug18929 b/changes/bug18929 new file mode 100644 index 000..f79baca --- /dev/null +++ b/changes/bug18929 @@ -0,0 +1,5 @@ + o Minor bugfixes (IPv6): +- Make directory node selection more reliable, mainly for + IPv6-only clients and clients with few reachable addresses. + Resolves #18929, bugfix on #17840 in 0.2.8.1-alpha. + Patch by "teor". diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 3c9023e..2167ae2 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1597,11 +1597,10 @@ router_picked_poor_directory_log(const routerstatus_t *rs) STMT_BEGIN \ if (result == NULL && try_ip_pref && options->ClientUseIPv4 \ && fascist_firewall_use_ipv6(options) && !server_mode(options)\ -&& n_not_preferred && !n_busy) { \ +&& !n_busy) { \ n_excluded = 0; \ n_busy = 0; \ try_ip_pref = 0;\ - n_not_preferred = 0;\ goto retry_label; \ } \ STMT_END\ @@ -1620,7 +1619,6 @@ router_picked_poor_directory_log(const routerstatus_t *rs) n_excluded = 0; \ n_busy = 0; \ try_ip_pref = 1;\ - n_not_preferred = 0;\ goto retry_label; \ } \ STMT_END @@ -1673,7 +1671,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH); const int for_guard = (flags & PDS_FOR_GUARD); int try_excluding = 1, n_excluded = 0, n_busy = 0; - int try_ip_pref = 1, n_not_preferred = 0; + int try_ip_pref = 1; if (!consensus) return NULL; @@ -1750,8 +1748,6 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, try_ip_pref)) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); -else if (!tor_addr_is_null(>ipv6_addr)) - ++n_not_preferred; } SMARTLIST_FOREACH_END(node); if (smartlist_len(tunnel)) { @@ -1839,7 +1835,7 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, smartlist_t *pick_from; int n_busy = 0; int try_excluding = 1, n_excluded = 0; - int try_ip_pref = 1, n_not_preferred = 0; + int try_ip_pref = 1; if (!sourcelist) return NULL; @@ -1896,8 +1892,6 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); - else if (!tor_addr_is_null(>ipv6_addr)) -++n_not_preferred; } SMARTLIST_FOREACH_END(d); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Merge branch 'bug18710_025' into maint-0.2.8
commit 31332a878db0d8f8d53fe4e535ec9ae812675315 Merge: 8f292f1 0ca3f49 Author: Nick MathewsonDate: Wed May 4 14:47:04 2016 -0400 Merge branch 'bug18710_025' into maint-0.2.8 changes/bug18710 | 6 ++ src/or/dnsserv.c | 4 +--- 2 files changed, 7 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Make clients only select directories with reachable ORPorts
commit 88deb52d559fbec17be4a634137ac4b6c207ce06 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 15:40:04 2016 +1000 Make clients only select directories with reachable ORPorts This makes sure clients will only select relays which support begindir over ORPort. --- src/or/routerlist.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 3c9023e..6a293b7 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1689,6 +1689,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, const int skip_or = router_skip_or_reachability(options, try_ip_pref); const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int must_have_or = directory_must_use_begindir(options); /* Find all the running dirservers we know about. */ SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) { @@ -1745,9 +1746,9 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); -else if (skip_dir || +else if (!must_have_or && (skip_dir || fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, -try_ip_pref)) +try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); else if (!tor_addr_is_null(>ipv6_addr)) @@ -1853,6 +1854,7 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, const int skip_or = router_skip_or_reachability(options, try_ip_pref); const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int must_have_or = directory_must_use_begindir(options); SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d) { @@ -1892,9 +1894,9 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); - else if (skip_dir || + else if (!must_have_or && (skip_dir || fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + try_ip_pref))) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); else if (!tor_addr_is_null(>ipv6_addr)) ++n_not_preferred; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Merge branch 'doc18312' into maint-0.2.8
commit 60274296c3e012bb0ca5ad3214e2b8aa0fe19e82 Merge: b8e8910 92615f6 Author: Nick MathewsonDate: Wed May 4 15:13:07 2016 -0400 Merge branch 'doc18312' into maint-0.2.8 changes/bug18312 | 4 doc/tor.1.txt| 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Fix dnsserv.c assertion when no supported questions are requested.
commit 0ca3f495c6fad074606ab75942b64738ed61926a Author: Scott DialDate: Wed May 4 14:45:09 2016 -0400 Fix dnsserv.c assertion when no supported questions are requested. The problem is that "q" is always set on the first iteration even if the question is not a supported question. This set of "q" is not necessary, and will be handled after exiting the loop if there if a supported q->type was found. [Changes file by nickm] lease enter the commit message for your changes. Lines starting --- changes/bug18710 | 6 ++ src/or/dnsserv.c | 4 +--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/changes/bug18710 b/changes/bug18710 new file mode 100644 index 000..2693955 --- /dev/null +++ b/changes/bug18710 @@ -0,0 +1,6 @@ + o Major bugfixes (DNS proxy): +- Stop a crash that could occur when a client running with DNSPort + received a query with multiple address types, where the first + address type was not supported. Found and fixed by Scott Dial. + Fixes bug 18710; bugfix on 0.2.5.4-alpha. + diff --git a/src/or/dnsserv.c b/src/or/dnsserv.c index ecd45be..9b0368d 100644 --- a/src/or/dnsserv.c +++ b/src/or/dnsserv.c @@ -87,8 +87,6 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) for (i = 0; i < req->nquestions; ++i) { if (req->questions[i]->dns_question_class != EVDNS_CLASS_INET) continue; -if (! q) - q = req->questions[i]; switch (req->questions[i]->type) { case EVDNS_TYPE_A: case EVDNS_TYPE_: @@ -96,7 +94,7 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) /* We always pick the first one of these questions, if there is one. */ if (! supported_q) - supported_q = q; + supported_q = req->questions[i]; break; default: break; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] Do not recommend use of nicknames in MapAddress manpage
commit 92615f608c2fd1b5da29068498c5fe473105e88f Author: Nick MathewsonDate: Tue Apr 26 20:30:59 2016 -0400 Do not recommend use of nicknames in MapAddress manpage --- changes/bug18312 | 4 doc/tor.1.txt| 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/changes/bug18312 b/changes/bug18312 new file mode 100644 index 000..7dcb326 --- /dev/null +++ b/changes/bug18312 @@ -0,0 +1,4 @@ + o Documentation: +- Stop recommending use of nicknames to identify relays in our + MapAddress documentation. Closes ticket 18312. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 262a36e..787223d 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -961,12 +961,12 @@ The following options are useful only for clients (that is, if When a request for address arrives to Tor, it will transform to newaddress before processing it. For example, if you always want connections to www.example.com to exit via __torserver__ (where __torserver__ is the -nickname of the server), use "MapAddress www.example.com +fingerprint of the server), use "MapAddress www.example.com www.example.com.torserver.exit". If the value is prefixed with a "\*.", matches an entire domain. For example, if you always want connections to example.com and any if its subdomains to exit via -__torserver__ (where __torserver__ is the nickname of the server), use +__torserver__ (where __torserver__ is the fingerprint of the server), use "MapAddress \*.example.com \*.example.com.torserver.exit". (Note the leading "*." in each part of the directive.) You can also redirect all subdomains of a domain to a single address. For example, "MapAddress ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.2.8] (cherry-picked by nickm, with changes file from isis.)
commit 054d9398531b148d8b41c382da36c83c0381e09e Author: s0rlxmh0Date: Mon May 2 14:01:36 2016 -0400 (cherry-picked by nickm, with changes file from isis.) --- changes/bug18920 | 5 + src/or/control.c | 5 + 2 files changed, 10 insertions(+) diff --git a/changes/bug18920 b/changes/bug18920 new file mode 100644 index 000..1babfd6 --- /dev/null +++ b/changes/bug18920 @@ -0,0 +1,5 @@ + o Minor bugfixes (controller, microdescriptors): +- Make GETINFO dir/status-vote/current/consensus conform to the control + specification by returning "551 Could not open cached consensus..." + when not caching consensuses. + Fixes bug 18920; bugfix on 0.2.2.6-alpha. diff --git a/src/or/control.c b/src/or/control.c index 655b4dd..e06d7d2 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2011,6 +2011,11 @@ getinfo_helper_dir(control_connection_t *control_conn, char *filename = get_datadir_fname("cached-consensus"); *answer = read_file_to_str(filename, RFTS_IGNORE_MISSING, NULL); tor_free(filename); + if (!*answer) { /* generate an error */ +*errmsg = "Could not open cached consensus. " + "Make sure FetchUselessDescriptors is set to 1."; +return -1; + } } } else if (!strcmp(question, "network-status")) { /* v1 */ routerlist_t *routerlist = router_get_routerlist(); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup_completed] Update translations for tails-persistence-setup_completed
commit fcabf93af4c8371186ca1043e937343eaa31751c Author: Translation commit botDate: Thu May 5 12:45:26 2016 + Update translations for tails-persistence-setup_completed --- sv/sv.po | 19 ++- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/sv/sv.po b/sv/sv.po index 6121504..c0e31b4 100644 --- a/sv/sv.po +++ b/sv/sv.po @@ -3,7 +3,8 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: -# Anders Nilsson , 2015 +# Anders Nilsson , 2016 +# Anders Nilsson , 2015 # Filip Nyquist , 2015 # Michael Cavén, 2014 # phst , 2014 @@ -14,9 +15,9 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" -"POT-Creation-Date: 2016-01-25 17:34+0100\n" -"PO-Revision-Date: 2016-03-21 16:32+\n" -"Last-Translator: carolyn \n" +"POT-Creation-Date: 2016-04-24 16:40+0200\n" +"PO-Revision-Date: 2016-05-05 12:18+\n" +"Last-Translator: Anders Nilsson \n" "Language-Team: Swedish (http://www.transifex.com/otf/torproject/language/sv/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -121,10 +122,18 @@ msgid "Lists downloaded by APT" msgstr "Listor hämtade av APT" #: ../lib/Tails/Persistence/Configuration/Presets.pm:168 +msgid "Mumble server" +msgstr "Mumble-server" + +#: ../lib/Tails/Persistence/Configuration/Presets.pm:170 +msgid "Mumble server configuration and its Tor Hidden Service address" +msgstr "Mumble-serverkonfiguration och dess Tor Hidden Service-adress" + +#: ../lib/Tails/Persistence/Configuration/Presets.pm:178 msgid "Dotfiles" msgstr "Punktfiler" -#: ../lib/Tails/Persistence/Configuration/Presets.pm:170 +#: ../lib/Tails/Persistence/Configuration/Presets.pm:180 msgid "" "Symlink into $HOME every file or directory found in the `dotfiles' directory" msgstr "Länka in i $HOME varje fil och katalog som finns i `dotfiles' katalogen" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-network-settings] Update translations for tor-launcher-network-settings
commit f85c03faee9f5fe260b1d4697e25bb9a52588e08 Author: Translation commit botDate: Thu May 5 12:45:43 2016 + Update translations for tor-launcher-network-settings --- sv/network-settings.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sv/network-settings.dtd b/sv/network-settings.dtd index 5c398b3..aab93e0 100644 --- a/sv/network-settings.dtd +++ b/sv/network-settings.dtd @@ -65,7 +65,7 @@ - + https://bridges.torproject.org;> ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed
commit c10d03be5b63a7da445f88937553fb1d74471057 Author: Translation commit botDate: Thu May 5 12:45:52 2016 + Update translations for tails-misc_completed --- sv.po | 24 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/sv.po b/sv.po index 8734e18..fba8b46 100644 --- a/sv.po +++ b/sv.po @@ -3,7 +3,8 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: -# Anders Nilsson , 2015 +# Anders Nilsson , 2016 +# Anders Nilsson , 2015 # Emil Johansson , 2015 # Filip Nyquist , 2015 # Gabor Sebastiani, 2014 @@ -18,9 +19,9 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2016-03-17 15:03+0100\n" -"PO-Revision-Date: 2016-03-21 16:27+\n" -"Last-Translator: pilino1234 \n" +"POT-Creation-Date: 2016-04-25 14:02+0200\n" +"PO-Revision-Date: 2016-05-05 12:15+\n" +"Last-Translator: Anders Nilsson \n" "Language-Team: Swedish (http://www.transifex.com/otf/torproject/language/sv/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -69,13 +70,13 @@ msgid "Do you want to start Electrum anyway?" msgstr "Vill du starta Electrum ändå?" #: config/chroot_local-includes/usr/local/bin/electrum:23 -#: config/chroot_local-includes/usr/local/bin/icedove:23 +#: config/chroot_local-includes/usr/local/bin/icedove:30 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:41 msgid "_Launch" msgstr "_Starta" #: config/chroot_local-includes/usr/local/bin/electrum:24 -#: config/chroot_local-includes/usr/local/bin/icedove:24 +#: config/chroot_local-includes/usr/local/bin/icedove:31 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:42 msgid "_Exit" msgstr "_Avsluta" @@ -237,17 +238,24 @@ msgstr "Utmatning från GnuPG:" msgid "Other messages provided by GnuPG:" msgstr "Andra meddelanden givna av GnuPG:" -#: config/chroot_local-includes/usr/local/bin/icedove:19 +#: config/chroot_local-includes/usr/local/bin/icedove:20 msgid "The Claws Mail persistence feature is activated." msgstr "Claws Mail persistens funktionen är aktiverad." -#: config/chroot_local-includes/usr/local/bin/icedove:21 +#: config/chroot_local-includes/usr/local/bin/icedove:22 msgid "" "If you have emails saved in Claws Mail, you should migrate" " your data before starting Icedove." msgstr "Om du har sparat e-postmeddelanden i Claws Mail borde du migrera din data innan du startar Icedove." +#: config/chroot_local-includes/usr/local/bin/icedove:27 +msgid "" +"If you already migrated your emails to Icedove, you should delete" +" all your Claws Mail data to remove this warning." +msgstr "Om du redan har flyttat din e-post till Icedove, borde du radera all din Claws Mail-data för att ta bort den här varningen." + #: config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71 msgid "Restart" msgstr "Starta om" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-network-settings_completed] Update translations for tor-launcher-network-settings_completed
commit add148fc2cf7226c0cb5ea9cc8db2ca316c08ec5 Author: Translation commit botDate: Thu May 5 12:45:46 2016 + Update translations for tor-launcher-network-settings_completed --- sv/network-settings.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sv/network-settings.dtd b/sv/network-settings.dtd index 31b3ac3..aab93e0 100644 --- a/sv/network-settings.dtd +++ b/sv/network-settings.dtd @@ -65,7 +65,7 @@ - + https://bridges.torproject.org;> ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit 449a5a51d766d1ce68743eb775f8fcefd6bb77d5 Author: Translation commit botDate: Thu May 5 12:45:49 2016 + Update translations for tails-misc --- sv.po | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/sv.po b/sv.po index a9c2aef..fba8b46 100644 --- a/sv.po +++ b/sv.po @@ -3,7 +3,8 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: -# Anders Nilsson , 2015 +# Anders Nilsson , 2016 +# Anders Nilsson , 2015 # Emil Johansson , 2015 # Filip Nyquist , 2015 # Gabor Sebastiani, 2014 @@ -19,8 +20,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2016-04-25 14:02+0200\n" -"PO-Revision-Date: 2016-04-26 09:06+\n" -"Last-Translator: carolyn \n" +"PO-Revision-Date: 2016-05-05 12:15+\n" +"Last-Translator: Anders Nilsson \n" "Language-Team: Swedish (http://www.transifex.com/otf/torproject/language/sv/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -253,7 +254,7 @@ msgid "" "If you already migrated your emails to Icedove, you should delete" " all your Claws Mail data to remove this warning." -msgstr "" +msgstr "Om du redan har flyttat din e-post till Icedove, borde du radera all din Claws Mail-data för att ta bort den här varningen." #: config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-hel...@tails.boum.org/extension.js:71 msgid "Restart" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup
commit 2bace857df8e8d576fc2e102a78368cd51c4eca3 Author: Translation commit botDate: Thu May 5 12:45:23 2016 + Update translations for tails-persistence-setup --- sv/sv.po | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/sv/sv.po b/sv/sv.po index 38bffc6..c0e31b4 100644 --- a/sv/sv.po +++ b/sv/sv.po @@ -3,7 +3,8 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: -# Anders Nilsson , 2015 +# Anders Nilsson , 2016 +# Anders Nilsson , 2015 # Filip Nyquist , 2015 # Michael Cavén, 2014 # phst , 2014 @@ -15,8 +16,8 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2016-04-24 16:40+0200\n" -"PO-Revision-Date: 2016-04-25 08:33+\n" -"Last-Translator: carolyn \n" +"PO-Revision-Date: 2016-05-05 12:18+\n" +"Last-Translator: Anders Nilsson \n" "Language-Team: Swedish (http://www.transifex.com/otf/torproject/language/sv/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -122,11 +123,11 @@ msgstr "Listor hämtade av APT" #: ../lib/Tails/Persistence/Configuration/Presets.pm:168 msgid "Mumble server" -msgstr "" +msgstr "Mumble-server" #: ../lib/Tails/Persistence/Configuration/Presets.pm:170 msgid "Mumble server configuration and its Tor Hidden Service address" -msgstr "" +msgstr "Mumble-serverkonfiguration och dess Tor Hidden Service-adress" #: ../lib/Tails/Persistence/Configuration/Presets.pm:178 msgid "Dotfiles" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.8] Comment-only change to clarify routerstatus_t IPv4 byte order
commit 225448ad34a75b6eea9ab17e306e67578ce86760 Author: teor (Tim Wilson-Brown)Date: Fri Apr 29 11:03:59 2016 +1000 Comment-only change to clarify routerstatus_t IPv4 byte order --- src/or/or.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/or.h b/src/or/or.h index 592f295..6694bb4 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2215,7 +2215,7 @@ typedef struct routerstatus_t { /** Digest of the router's most recent descriptor or microdescriptor. * If it's a descriptor, we only use the first DIGEST_LEN bytes. */ char descriptor_digest[DIGEST256_LEN]; - uint32_t addr; /**< IPv4 address for this router. */ + uint32_t addr; /**< IPv4 address for this router, in host order. */ uint16_t or_port; /**< OR port for this router. */ uint16_t dir_port; /**< Directory port for this router. */ tor_addr_t ipv6_addr; /**< IPv6 address for this router. */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make clients always use begindir for directory requests
commit 833b5f71a72394c02ef633ba0f78d7011fef6181 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 15:37:59 2016 +1000 Make clients always use begindir for directory requests This improves client anonymity and avoids directory header tampering. The extra load on the authorities should be offset by the fallback directories feature. This also simplifies the fixes to #18809. --- changes/feature18483 | 4 src/or/directory.c | 61 +--- src/or/directory.h | 6 -- 3 files changed, 61 insertions(+), 10 deletions(-) diff --git a/changes/feature18483 b/changes/feature18483 new file mode 100644 index 000..b3c42e6 --- /dev/null +++ b/changes/feature18483 @@ -0,0 +1,4 @@ + o Minor features (clients): +- Make clients, onion services, and bridge relays always + use an encrypted begindir connection for directory requests. + Resolves #18483. Patch by "teor". diff --git a/src/or/directory.c b/src/or/directory.c index ca3b3e3..a03283e 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -964,6 +964,16 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status) update_certificate_downloads(time(NULL)); } +/* Should this tor instance only use begindir for all its directory requests? + */ +int +directory_must_use_begindir(const or_options_t *options) +{ + /* Clients, onion services, and bridges must use begindir, + * relays and authorities do not have to */ + return !public_server_mode(options); +} + /** Evaluate the situation and decide if we should use an encrypted * "begindir-style" connection for this directory request. * 1) If or_port is 0, or it's a direct conn and or_port is firewalled @@ -971,23 +981,48 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status) * 2) If we prefer to avoid begindir conns, and we're not fetching or *publishing a bridge relay descriptor, no. * 3) Else yes. + * If returning 0, return in *reason why we can't use begindir. + * reason must not be NULL. */ static int directory_command_should_use_begindir(const or_options_t *options, const tor_addr_t *addr, int or_port, uint8_t router_purpose, - dir_indirection_t indirection) + dir_indirection_t indirection, + const char **reason) { (void) router_purpose; - if (!or_port) + tor_assert(reason); + *reason = NULL; + + /* Reasons why we can't possibly use begindir */ + if (!or_port) { +*reason = "directory with unknown ORPort"; return 0; /* We don't know an ORPort -- no chance. */ - if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT) + } + if (indirection == DIRIND_DIRECT_CONN || + indirection == DIRIND_ANON_DIRPORT) { +*reason = "DirPort connection"; return 0; - if (indirection == DIRIND_ONEHOP) + } + if (indirection == DIRIND_ONEHOP) { +/* We're firewalled and want a direct OR connection */ if (!fascist_firewall_allows_address_addr(addr, or_port, - FIREWALL_OR_CONNECTION, 0, 0) || -directory_fetches_from_authorities(options)) - return 0; /* We're firewalled or are acting like a relay -- also no. */ + FIREWALL_OR_CONNECTION, 0, 0)) { + *reason = "ORPort not reachable"; + return 0; +} + } + /* Reasons why we want to avoid using begindir */ + if (indirection == DIRIND_ONEHOP) { +if (!directory_must_use_begindir(options)) { + *reason = "in relay mode"; + return 0; +} + } + /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS + */ + *reason = "(using begindir)"; return 1; } @@ -1070,11 +1105,13 @@ directory_initiate_command_rend(const tor_addr_port_t *or_addr_port, dir_connection_t *conn; const or_options_t *options = get_options(); int socket_error = 0; + const char *begindir_reason = NULL; /* Should the connection be to a relay's OR port (and inside that we will * send our directory request)? */ const int use_begindir = directory_command_should_use_begindir(options, _addr_port->addr, or_addr_port->port, - router_purpose, indirection); + router_purpose, indirection, + _reason); /* Will the connection go via a three-hop Tor circuit? Note that this * is separate from whether it will use_begindir. */ const int anonymized_connection = dirind_is_anon(indirection); @@ -1100,6 +1137,14 @@ directory_initiate_command_rend(const tor_addr_port_t *or_addr_port, (void)is_sensitive_dir_purpose; #endif + /* use encrypted begindir connections for everything except relays + * this
[tor-commits] [tor/master] Merge branch 'maint-0.2.8'
commit 641cdc345c7a0e8123cee9a7b3864b63ba389afa Merge: 2da2718 03fc4cf Author: Nick MathewsonDate: Thu May 5 08:25:27 2016 -0400 Merge branch 'maint-0.2.8' changes/bug18929 | 5 changes/feature18483 | 4 src/or/directory.c | 67 src/or/directory.h | 6 +++-- src/or/or.h | 2 +- src/or/routerlist.c | 40 ++- 6 files changed, 89 insertions(+), 35 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.8] Refactor router_pick_directory_server_impl to use node functions
commit 03fc4cf04caf240fa4e285c3b483c60587456e9b Author: teor (Tim Wilson-Brown)Date: Sat Apr 30 11:00:50 2016 +1000 Refactor router_pick_directory_server_impl to use node functions No behavioural change This makes the use of the node explicit in the function, rather than hiding the node lookup in fascist_firewall_allows_rs. --- src/or/routerlist.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 13739a7..1c275a6 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1740,13 +1740,13 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, * we try routers that only have one address both times.) */ if (!fascistfirewall || skip_or_fw || -fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION, - try_ip_pref)) +fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, + try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); else if (!must_have_or && (skip_dir_fw || - fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, -try_ip_pref))) + fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION, + try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); } SMARTLIST_FOREACH_END(node); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Refactor router_pick_directory_server_impl to use node functions
commit 03fc4cf04caf240fa4e285c3b483c60587456e9b Author: teor (Tim Wilson-Brown)Date: Sat Apr 30 11:00:50 2016 +1000 Refactor router_pick_directory_server_impl to use node functions No behavioural change This makes the use of the node explicit in the function, rather than hiding the node lookup in fascist_firewall_allows_rs. --- src/or/routerlist.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 13739a7..1c275a6 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1740,13 +1740,13 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, * we try routers that only have one address both times.) */ if (!fascistfirewall || skip_or_fw || -fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION, - try_ip_pref)) +fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, + try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); else if (!must_have_or && (skip_dir_fw || - fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, -try_ip_pref))) + fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION, + try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); } SMARTLIST_FOREACH_END(node); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Rename skip_or and skip_dir to avoid confusion
commit 7ec273bd4a3c82d9bddc9aef373b4f99396198c9 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 15:44:31 2016 +1000 Rename skip_or and skip_dir to avoid confusion Variable rename only --- src/or/routerlist.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 97512d7..13739a7 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1685,8 +1685,8 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, overloaded_direct = smartlist_new(); overloaded_tunnel = smartlist_new(); - const int skip_or = router_skip_or_reachability(options, try_ip_pref); - const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref); + const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref); const int must_have_or = directory_must_use_begindir(options); /* Find all the running dirservers we know about. */ @@ -1739,12 +1739,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, * address for each router (if any). (To ensure correct load-balancing * we try routers that only have one address both times.) */ -if (!fascistfirewall || skip_or || +if (!fascistfirewall || skip_or_fw || fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); -else if (!must_have_or && (skip_dir || +else if (!must_have_or && (skip_dir_fw || fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : @@ -1848,8 +1848,8 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, overloaded_direct = smartlist_new(); overloaded_tunnel = smartlist_new(); - const int skip_or = router_skip_or_reachability(options, try_ip_pref); - const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref); + const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref); const int must_have_or = directory_must_use_begindir(options); SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d) @@ -1886,11 +1886,11 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, * address for each router (if any). (To ensure correct load-balancing * we try routers that only have one address both times.) */ - if (!fascistfirewall || skip_or || + if (!fascistfirewall || skip_or_fw || fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); - else if (!must_have_or && (skip_dir || + else if (!must_have_or && (skip_dir_fw || fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, try_ip_pref))) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Comment-only change to clarify routerstatus_t IPv4 byte order
commit 225448ad34a75b6eea9ab17e306e67578ce86760 Author: teor (Tim Wilson-Brown)Date: Fri Apr 29 11:03:59 2016 +1000 Comment-only change to clarify routerstatus_t IPv4 byte order --- src/or/or.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/or.h b/src/or/or.h index 592f295..6694bb4 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2215,7 +2215,7 @@ typedef struct routerstatus_t { /** Digest of the router's most recent descriptor or microdescriptor. * If it's a descriptor, we only use the first DIGEST_LEN bytes. */ char descriptor_digest[DIGEST256_LEN]; - uint32_t addr; /**< IPv4 address for this router. */ + uint32_t addr; /**< IPv4 address for this router, in host order. */ uint16_t or_port; /**< OR port for this router. */ uint16_t dir_port; /**< Directory port for this router. */ tor_addr_t ipv6_addr; /**< IPv6 address for this router. */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make clients only select directories with reachable ORPorts
commit 88deb52d559fbec17be4a634137ac4b6c207ce06 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 15:40:04 2016 +1000 Make clients only select directories with reachable ORPorts This makes sure clients will only select relays which support begindir over ORPort. --- src/or/routerlist.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 3c9023e..6a293b7 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1689,6 +1689,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, const int skip_or = router_skip_or_reachability(options, try_ip_pref); const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int must_have_or = directory_must_use_begindir(options); /* Find all the running dirservers we know about. */ SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) { @@ -1745,9 +1746,9 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); -else if (skip_dir || +else if (!must_have_or && (skip_dir || fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, -try_ip_pref)) +try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); else if (!tor_addr_is_null(>ipv6_addr)) @@ -1853,6 +1854,7 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, const int skip_or = router_skip_or_reachability(options, try_ip_pref); const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int must_have_or = directory_must_use_begindir(options); SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d) { @@ -1892,9 +1894,9 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); - else if (skip_dir || + else if (!must_have_or && (skip_dir || fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + try_ip_pref))) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); else if (!tor_addr_is_null(>ipv6_addr)) ++n_not_preferred; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make directory node selection more reliable
commit 2e5b35db81e867e782086e3d714fcc7882c9c171 Author: teor (Tim Wilson-Brown)Date: Thu May 5 11:51:37 2016 +1000 Make directory node selection more reliable Delete an unnecessary check for non-preferred IP versions. Allows clients which can't reach any directories of their preferred IP address version to get directory documents. Patch on #17840 in 0.2.8.1-alpha. --- changes/bug18929| 5 + src/or/routerlist.c | 12 +++- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/changes/bug18929 b/changes/bug18929 new file mode 100644 index 000..f79baca --- /dev/null +++ b/changes/bug18929 @@ -0,0 +1,5 @@ + o Minor bugfixes (IPv6): +- Make directory node selection more reliable, mainly for + IPv6-only clients and clients with few reachable addresses. + Resolves #18929, bugfix on #17840 in 0.2.8.1-alpha. + Patch by "teor". diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 3c9023e..2167ae2 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1597,11 +1597,10 @@ router_picked_poor_directory_log(const routerstatus_t *rs) STMT_BEGIN \ if (result == NULL && try_ip_pref && options->ClientUseIPv4 \ && fascist_firewall_use_ipv6(options) && !server_mode(options)\ -&& n_not_preferred && !n_busy) { \ +&& !n_busy) { \ n_excluded = 0; \ n_busy = 0; \ try_ip_pref = 0;\ - n_not_preferred = 0;\ goto retry_label; \ } \ STMT_END\ @@ -1620,7 +1619,6 @@ router_picked_poor_directory_log(const routerstatus_t *rs) n_excluded = 0; \ n_busy = 0; \ try_ip_pref = 1;\ - n_not_preferred = 0;\ goto retry_label; \ } \ STMT_END @@ -1673,7 +1671,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH); const int for_guard = (flags & PDS_FOR_GUARD); int try_excluding = 1, n_excluded = 0, n_busy = 0; - int try_ip_pref = 1, n_not_preferred = 0; + int try_ip_pref = 1; if (!consensus) return NULL; @@ -1750,8 +1748,6 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, try_ip_pref)) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); -else if (!tor_addr_is_null(>ipv6_addr)) - ++n_not_preferred; } SMARTLIST_FOREACH_END(node); if (smartlist_len(tunnel)) { @@ -1839,7 +1835,7 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, smartlist_t *pick_from; int n_busy = 0; int try_excluding = 1, n_excluded = 0; - int try_ip_pref = 1, n_not_preferred = 0; + int try_ip_pref = 1; if (!sourcelist) return NULL; @@ -1896,8 +1892,6 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); - else if (!tor_addr_is_null(>ipv6_addr)) -++n_not_preferred; } SMARTLIST_FOREACH_END(d); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Only choose directory DirPorts on relays
commit 9aa280cc0c105bc282c3c1c0dee385387251ab12 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 16:07:47 2016 +1000 Only choose directory DirPorts on relays --- src/or/directory.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/or/directory.c b/src/or/directory.c index a03283e..8dc018a 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -630,6 +630,7 @@ directory_choose_address_routerstatus(const routerstatus_t *status, tor_assert(use_or_ap != NULL); tor_assert(use_dir_ap != NULL); + const or_options_t *options = get_options(); int have_or = 0, have_dir = 0; /* We expect status to have at least one reachable address if we're @@ -671,10 +672,11 @@ directory_choose_address_routerstatus(const routerstatus_t *status, } /* DirPort connections - * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort */ + * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */ if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT || - indirection == DIRIND_ONEHOP) { + (indirection == DIRIND_ONEHOP + && !directory_must_use_begindir(options))) { have_dir = fascist_firewall_choose_address_rs(status, FIREWALL_DIR_CONNECTION, 0, use_dir_ap); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8
commit 68d913c49c7aff441fc6671406aee5137f36f620 Merge: 2e5b35d 9aa280c Author: Nick MathewsonDate: Thu May 5 08:16:36 2016 -0400 Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8 changes/feature18483 | 4 src/or/directory.c | 67 src/or/directory.h | 6 +++-- src/or/routerlist.c | 10 4 files changed, 71 insertions(+), 16 deletions(-) diff --cc src/or/routerlist.c index 2167ae2,6a293b7..97512d7 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@@ -1743,11 -1746,13 +1744,11 @@@ router_pick_directory_server_impl(dirin try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); - else if (skip_dir || + else if (!must_have_or && (skip_dir || fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); -else if (!tor_addr_is_null(>ipv6_addr)) - ++n_not_preferred; } SMARTLIST_FOREACH_END(node); if (smartlist_len(tunnel)) { @@@ -1888,10 -1894,12 +1890,10 @@@ router_pick_trusteddirserver_impl(cons fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); - else if (skip_dir || + else if (!must_have_or && (skip_dir || fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + try_ip_pref))) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); - else if (!tor_addr_is_null(>ipv6_addr)) -++n_not_preferred; } SMARTLIST_FOREACH_END(d); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.8] Make clients only select directories with reachable ORPorts
commit 88deb52d559fbec17be4a634137ac4b6c207ce06 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 15:40:04 2016 +1000 Make clients only select directories with reachable ORPorts This makes sure clients will only select relays which support begindir over ORPort. --- src/or/routerlist.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 3c9023e..6a293b7 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1689,6 +1689,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, const int skip_or = router_skip_or_reachability(options, try_ip_pref); const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int must_have_or = directory_must_use_begindir(options); /* Find all the running dirservers we know about. */ SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) { @@ -1745,9 +1746,9 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); -else if (skip_dir || +else if (!must_have_or && (skip_dir || fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, -try_ip_pref)) +try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); else if (!tor_addr_is_null(>ipv6_addr)) @@ -1853,6 +1854,7 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, const int skip_or = router_skip_or_reachability(options, try_ip_pref); const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int must_have_or = directory_must_use_begindir(options); SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d) { @@ -1892,9 +1894,9 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); - else if (skip_dir || + else if (!must_have_or && (skip_dir || fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + try_ip_pref))) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); else if (!tor_addr_is_null(>ipv6_addr)) ++n_not_preferred; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.8] Make clients always use begindir for directory requests
commit 833b5f71a72394c02ef633ba0f78d7011fef6181 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 15:37:59 2016 +1000 Make clients always use begindir for directory requests This improves client anonymity and avoids directory header tampering. The extra load on the authorities should be offset by the fallback directories feature. This also simplifies the fixes to #18809. --- changes/feature18483 | 4 src/or/directory.c | 61 +--- src/or/directory.h | 6 -- 3 files changed, 61 insertions(+), 10 deletions(-) diff --git a/changes/feature18483 b/changes/feature18483 new file mode 100644 index 000..b3c42e6 --- /dev/null +++ b/changes/feature18483 @@ -0,0 +1,4 @@ + o Minor features (clients): +- Make clients, onion services, and bridge relays always + use an encrypted begindir connection for directory requests. + Resolves #18483. Patch by "teor". diff --git a/src/or/directory.c b/src/or/directory.c index ca3b3e3..a03283e 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -964,6 +964,16 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status) update_certificate_downloads(time(NULL)); } +/* Should this tor instance only use begindir for all its directory requests? + */ +int +directory_must_use_begindir(const or_options_t *options) +{ + /* Clients, onion services, and bridges must use begindir, + * relays and authorities do not have to */ + return !public_server_mode(options); +} + /** Evaluate the situation and decide if we should use an encrypted * "begindir-style" connection for this directory request. * 1) If or_port is 0, or it's a direct conn and or_port is firewalled @@ -971,23 +981,48 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status) * 2) If we prefer to avoid begindir conns, and we're not fetching or *publishing a bridge relay descriptor, no. * 3) Else yes. + * If returning 0, return in *reason why we can't use begindir. + * reason must not be NULL. */ static int directory_command_should_use_begindir(const or_options_t *options, const tor_addr_t *addr, int or_port, uint8_t router_purpose, - dir_indirection_t indirection) + dir_indirection_t indirection, + const char **reason) { (void) router_purpose; - if (!or_port) + tor_assert(reason); + *reason = NULL; + + /* Reasons why we can't possibly use begindir */ + if (!or_port) { +*reason = "directory with unknown ORPort"; return 0; /* We don't know an ORPort -- no chance. */ - if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT) + } + if (indirection == DIRIND_DIRECT_CONN || + indirection == DIRIND_ANON_DIRPORT) { +*reason = "DirPort connection"; return 0; - if (indirection == DIRIND_ONEHOP) + } + if (indirection == DIRIND_ONEHOP) { +/* We're firewalled and want a direct OR connection */ if (!fascist_firewall_allows_address_addr(addr, or_port, - FIREWALL_OR_CONNECTION, 0, 0) || -directory_fetches_from_authorities(options)) - return 0; /* We're firewalled or are acting like a relay -- also no. */ + FIREWALL_OR_CONNECTION, 0, 0)) { + *reason = "ORPort not reachable"; + return 0; +} + } + /* Reasons why we want to avoid using begindir */ + if (indirection == DIRIND_ONEHOP) { +if (!directory_must_use_begindir(options)) { + *reason = "in relay mode"; + return 0; +} + } + /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS + */ + *reason = "(using begindir)"; return 1; } @@ -1070,11 +1105,13 @@ directory_initiate_command_rend(const tor_addr_port_t *or_addr_port, dir_connection_t *conn; const or_options_t *options = get_options(); int socket_error = 0; + const char *begindir_reason = NULL; /* Should the connection be to a relay's OR port (and inside that we will * send our directory request)? */ const int use_begindir = directory_command_should_use_begindir(options, _addr_port->addr, or_addr_port->port, - router_purpose, indirection); + router_purpose, indirection, + _reason); /* Will the connection go via a three-hop Tor circuit? Note that this * is separate from whether it will use_begindir. */ const int anonymized_connection = dirind_is_anon(indirection); @@ -1100,6 +1137,14 @@ directory_initiate_command_rend(const tor_addr_port_t *or_addr_port, (void)is_sensitive_dir_purpose; #endif + /* use encrypted begindir connections for everything except relays + * this
[tor-commits] [tor/maint-0.2.8] Rename skip_or and skip_dir to avoid confusion
commit 7ec273bd4a3c82d9bddc9aef373b4f99396198c9 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 15:44:31 2016 +1000 Rename skip_or and skip_dir to avoid confusion Variable rename only --- src/or/routerlist.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 97512d7..13739a7 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1685,8 +1685,8 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, overloaded_direct = smartlist_new(); overloaded_tunnel = smartlist_new(); - const int skip_or = router_skip_or_reachability(options, try_ip_pref); - const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref); + const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref); const int must_have_or = directory_must_use_begindir(options); /* Find all the running dirservers we know about. */ @@ -1739,12 +1739,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, * address for each router (if any). (To ensure correct load-balancing * we try routers that only have one address both times.) */ -if (!fascistfirewall || skip_or || +if (!fascistfirewall || skip_or_fw || fascist_firewall_allows_rs(status, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); -else if (!must_have_or && (skip_dir || +else if (!must_have_or && (skip_dir_fw || fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : @@ -1848,8 +1848,8 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, overloaded_direct = smartlist_new(); overloaded_tunnel = smartlist_new(); - const int skip_or = router_skip_or_reachability(options, try_ip_pref); - const int skip_dir = router_skip_dir_reachability(options, try_ip_pref); + const int skip_or_fw = router_skip_or_reachability(options, try_ip_pref); + const int skip_dir_fw = router_skip_dir_reachability(options, try_ip_pref); const int must_have_or = directory_must_use_begindir(options); SMARTLIST_FOREACH_BEGIN(sourcelist, const dir_server_t *, d) @@ -1886,11 +1886,11 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, * address for each router (if any). (To ensure correct load-balancing * we try routers that only have one address both times.) */ - if (!fascistfirewall || skip_or || + if (!fascistfirewall || skip_or_fw || fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); - else if (!must_have_or && (skip_dir || + else if (!must_have_or && (skip_dir_fw || fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, try_ip_pref))) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.8] Only choose directory DirPorts on relays
commit 9aa280cc0c105bc282c3c1c0dee385387251ab12 Author: teor (Tim Wilson-Brown)Date: Thu Apr 28 16:07:47 2016 +1000 Only choose directory DirPorts on relays --- src/or/directory.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/or/directory.c b/src/or/directory.c index a03283e..8dc018a 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -630,6 +630,7 @@ directory_choose_address_routerstatus(const routerstatus_t *status, tor_assert(use_or_ap != NULL); tor_assert(use_dir_ap != NULL); + const or_options_t *options = get_options(); int have_or = 0, have_dir = 0; /* We expect status to have at least one reachable address if we're @@ -671,10 +672,11 @@ directory_choose_address_routerstatus(const routerstatus_t *status, } /* DirPort connections - * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort */ + * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */ if (indirection == DIRIND_DIRECT_CONN || indirection == DIRIND_ANON_DIRPORT || - indirection == DIRIND_ONEHOP) { + (indirection == DIRIND_ONEHOP + && !directory_must_use_begindir(options))) { have_dir = fascist_firewall_choose_address_rs(status, FIREWALL_DIR_CONNECTION, 0, use_dir_ap); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.8] Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8
commit 68d913c49c7aff441fc6671406aee5137f36f620 Merge: 2e5b35d 9aa280c Author: Nick MathewsonDate: Thu May 5 08:16:36 2016 -0400 Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8 changes/feature18483 | 4 src/or/directory.c | 67 src/or/directory.h | 6 +++-- src/or/routerlist.c | 10 4 files changed, 71 insertions(+), 16 deletions(-) diff --cc src/or/routerlist.c index 2167ae2,6a293b7..97512d7 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@@ -1743,11 -1746,13 +1744,11 @@@ router_pick_directory_server_impl(dirin try_ip_pref)) smartlist_add(is_trusted ? trusted_tunnel : is_overloaded ? overloaded_tunnel : tunnel, (void*)node); - else if (skip_dir || + else if (!must_have_or && (skip_dir || fascist_firewall_allows_rs(status, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + try_ip_pref))) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); -else if (!tor_addr_is_null(>ipv6_addr)) - ++n_not_preferred; } SMARTLIST_FOREACH_END(node); if (smartlist_len(tunnel)) { @@@ -1888,10 -1894,12 +1890,10 @@@ router_pick_trusteddirserver_impl(cons fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); - else if (skip_dir || + else if (!must_have_or && (skip_dir || fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, - try_ip_pref)) + try_ip_pref))) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); - else if (!tor_addr_is_null(>ipv6_addr)) -++n_not_preferred; } SMARTLIST_FOREACH_END(d); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.2.8] Make directory node selection more reliable
commit 2e5b35db81e867e782086e3d714fcc7882c9c171 Author: teor (Tim Wilson-Brown)Date: Thu May 5 11:51:37 2016 +1000 Make directory node selection more reliable Delete an unnecessary check for non-preferred IP versions. Allows clients which can't reach any directories of their preferred IP address version to get directory documents. Patch on #17840 in 0.2.8.1-alpha. --- changes/bug18929| 5 + src/or/routerlist.c | 12 +++- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/changes/bug18929 b/changes/bug18929 new file mode 100644 index 000..f79baca --- /dev/null +++ b/changes/bug18929 @@ -0,0 +1,5 @@ + o Minor bugfixes (IPv6): +- Make directory node selection more reliable, mainly for + IPv6-only clients and clients with few reachable addresses. + Resolves #18929, bugfix on #17840 in 0.2.8.1-alpha. + Patch by "teor". diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 3c9023e..2167ae2 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1597,11 +1597,10 @@ router_picked_poor_directory_log(const routerstatus_t *rs) STMT_BEGIN \ if (result == NULL && try_ip_pref && options->ClientUseIPv4 \ && fascist_firewall_use_ipv6(options) && !server_mode(options)\ -&& n_not_preferred && !n_busy) { \ +&& !n_busy) { \ n_excluded = 0; \ n_busy = 0; \ try_ip_pref = 0;\ - n_not_preferred = 0;\ goto retry_label; \ } \ STMT_END\ @@ -1620,7 +1619,6 @@ router_picked_poor_directory_log(const routerstatus_t *rs) n_excluded = 0; \ n_busy = 0; \ try_ip_pref = 1;\ - n_not_preferred = 0;\ goto retry_label; \ } \ STMT_END @@ -1673,7 +1671,7 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, const int no_microdesc_fetching = (flags & PDS_NO_EXISTING_MICRODESC_FETCH); const int for_guard = (flags & PDS_FOR_GUARD); int try_excluding = 1, n_excluded = 0, n_busy = 0; - int try_ip_pref = 1, n_not_preferred = 0; + int try_ip_pref = 1; if (!consensus) return NULL; @@ -1750,8 +1748,6 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, try_ip_pref)) smartlist_add(is_trusted ? trusted_direct : is_overloaded ? overloaded_direct : direct, (void*)node); -else if (!tor_addr_is_null(>ipv6_addr)) - ++n_not_preferred; } SMARTLIST_FOREACH_END(node); if (smartlist_len(tunnel)) { @@ -1839,7 +1835,7 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, smartlist_t *pick_from; int n_busy = 0; int try_excluding = 1, n_excluded = 0; - int try_ip_pref = 1, n_not_preferred = 0; + int try_ip_pref = 1; if (!sourcelist) return NULL; @@ -1896,8 +1892,6 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist, fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, try_ip_pref)) smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); - else if (!tor_addr_is_null(>ipv6_addr)) -++n_not_preferred; } SMARTLIST_FOREACH_END(d); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-properties] Update translations for tor-launcher-properties
commit 708921ad026b603b067c826dcd0dad5a08c88c01 Author: Translation commit botDate: Thu May 5 12:15:35 2016 + Update translations for tor-launcher-properties --- sv/torlauncher.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sv/torlauncher.properties b/sv/torlauncher.properties index a49b83f..3345deb 100644 --- a/sv/torlauncher.properties +++ b/sv/torlauncher.properties @@ -36,7 +36,7 @@ torlauncher.quit_win=Stäng torlauncher.done=Klar torlauncher.forAssistance=För assistans, kontakta %S -torlauncher.forAssistance2=For assistance, visit %S +torlauncher.forAssistance2=För hjälp, besök %S torlauncher.copiedNLogMessages=Kopieringen är färdig. %S meddelanden från Tor-loggen som du kan klistra in i en textredigerare eller ett e-postmeddelande. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-properties_completed] Update translations for tor-launcher-properties_completed
commit 57d3bb6aed1a744a2b90be8cbb24408459009379 Author: Translation commit botDate: Thu May 5 12:15:39 2016 + Update translations for tor-launcher-properties_completed --- sv/torlauncher.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/sv/torlauncher.properties b/sv/torlauncher.properties index cb7b8f5..3345deb 100644 --- a/sv/torlauncher.properties +++ b/sv/torlauncher.properties @@ -36,6 +36,7 @@ torlauncher.quit_win=Stäng torlauncher.done=Klar torlauncher.forAssistance=För assistans, kontakta %S +torlauncher.forAssistance2=För hjälp, besök %S torlauncher.copiedNLogMessages=Kopieringen är färdig. %S meddelanden från Tor-loggen som du kan klistra in i en textredigerare eller ett e-postmeddelande. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-torbuttonproperties] Update translations for torbutton-torbuttonproperties
commit d6170785c4dfc4ac3a72129c96fa1c6e62167e48 Author: Translation commit botDate: Thu May 5 09:45:53 2016 + Update translations for torbutton-torbuttonproperties --- lo/torbutton.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lo/torbutton.properties b/lo/torbutton.properties index 48b154b..1a443ff 100644 --- a/lo/torbutton.properties +++ b/lo/torbutton.properties @@ -76,4 +76,4 @@ profileProblemTitle=ລາàºàº¥àº°àºàº½àºàºàº±àºàº«àº² %S profileReadOnly=àºà»àº²àºàºà»à»àºªàº²àº¡àº²àºà»àº¥à»àº %S àºàº²àºàº¥àº°àºàº»àºàºàº²àºàº¥à»àºà»àº²àºà»àºà»àº¢à»àº²àºàºàº½àº§. àºàº°àº¥àº¸àºàº² àºà»àº²àºà»àºàº»àº² %S à»àºà»àºªà»àºà»àºàºàºàº·à»àºàºà»àºàº àºà»àºàºàºàº°àºàº°àºàº²àºàº²àº¡à»àºà»àº¡àº±àº. profileReadOnlyMac=àºà»àº²àºàºà»à»àºªàº²àº¡àº²àºà»àº¥à»àº %S àºàº²àºàº¥àº°àºàº»àºàºàº²àºàº¥à»àºà»àº²àºà»àºà»àº¢à»àº²àºàºàº½àº§. àºàº°àº¥àº¸àºàº² àºà»àº²àºà»àºàº»àº² %S à»àºà»àºªà» à»à»àº²àºà»àºàºàºàºà»àº²àºàºà»àºàº ຫຼື à»àºªà»àºàº¹à»à»àºàº±àºàºàº¼àºµà»àºàºàº±àº àºà»àºàºàºàº°àºàº°àºàº²àºàº²àº¡à»àºà»àº¡àº±àº. profileAccessDenied=%S àºà»à»àº¡àºµàºàº°àºàº¸àºàº²àºà»àº«à»à»àºàº»à»àº²à»àºàº´àºàº¥àº²àºàº¥àº°àºàº½àºàºàºµà»à»àºà». àºàº°àº¥àº¸àºàº² àºàº±àº ລະàºàº±àºàºàº°àºàº¸àºàº²àº àºàº²àºàº¥à» ລະàºàº»àºàºà»àºàº à»àº¥à»àº§àºàº¶à»àº ລàºàºà»à»à»àºàºµàº. -profileMigrationFailed=Migration of your existing %S profile failed.\nNew settings will be used. +profileMigrationFailed=àºàº²àºà»àºàº·à»àºàºàºà»àº²àºàº¥àº²àºàº¥àº°àºàº½àº %S àºàºàº àºà»àº²àº àºàºµà»àº¡àºµàº¢àº¹à» àºàº·àºàº¥àº»à»àº¡à»àº«àº¼àº§.\nàºàº²àºàºàº±à»àºàºà»àº²à»à»à»àºàº°àºàº¶àºàºà»àº²à»àºà»à»àºàº. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits