[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit 2374d6becd059d290b94df999259dde7ae3047df Author: Translation commit botDate: Sat Dec 17 00:49:51 2016 + Update translations for tor-browser-manual --- de/de.po | 25 +++-- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/de/de.po b/de/de.po index bf2bdbc..4040473 100644 --- a/de/de.po +++ b/de/de.po @@ -251,7 +251,7 @@ msgstr "" #: circumvention.page:22 msgid "Using pluggable transports" -msgstr "Mit steckbarern Transporten" +msgstr "Mit steckbaren Transporten" #. This is a reference to an external file such as an image or video. When #. the file changes, the md5 hash will change to let you know you need to @@ -405,7 +405,7 @@ msgstr "" #: downloading.page:84 msgid "Satori" -msgstr "" +msgstr "Satori" #: downloading.page:85 msgid "" @@ -423,7 +423,7 @@ msgstr "Satori aus dem Chrome App Store installieren." #: downloading.page:100 msgid "Select Satori from your browserâs Apps menu." -msgstr "" +msgstr "Wählen Sie im Apps-Menü Ihres Browsers Satori aus." #: downloading.page:105 msgid "" @@ -457,7 +457,7 @@ msgstr "" #: first-time.page:10 msgid "Running Tor Browser for the first time" -msgstr "" +msgstr "Tor Browser zum ersten Mal ausführen" #: first-time.page:12 msgid "" @@ -577,7 +577,7 @@ msgstr "Kaspersky Internet Security 2012" #: known-issues.page:29 msgid "Sophos Antivirus for Mac" -msgstr "" +msgstr "Sophos Antivirus für Mac" #: known-issues.page:32 msgid "Microsoft Security Essentials" @@ -620,6 +620,9 @@ msgid "" "./start-tor-browser.desktop\n" "" msgstr "" +"\n" +"./start-tor-browser.desktop\n" +"" #: managing-identities.page:6 msgid "Learn how to control personally-identifying information in Tor Browser" @@ -938,7 +941,7 @@ msgstr "" #: plugins.page:58 msgid "Browser Add-ons" -msgstr "" +msgstr "Browser-Erweiterungen" #: plugins.page:59 msgid "" @@ -1151,7 +1154,7 @@ msgstr "" #: transports.page:6 transports.page:20 msgid "Types of pluggable transport" -msgstr "" +msgstr "Typen an steckbarem Transport" #: transports.page:10 msgid "Pluggable Transports" @@ -1173,7 +1176,7 @@ msgstr "" #: transports.page:28 msgid "obfs3" -msgstr "" +msgstr "obfs3" #: transports.page:33 msgid "" @@ -1183,7 +1186,7 @@ msgstr "" #: transports.page:42 msgid "obfs4" -msgstr "" +msgstr "obfs4" #: transports.page:47 msgid "" @@ -1202,13 +1205,15 @@ msgstr "" #: transports.page:69 msgid "FTE" -msgstr "" +msgstr "FTE" #: transports.page:74 msgid "" "FTE (format-transforming encryption) disguises Tor traffic as ordinary web " "(HTTP) traffic." msgstr "" +"FTE (Format-Transformierende-Verschlüsselung) verschleiert Tor-Datenverkehr " +"als gewöhnlichen Web (HTTP)-Datenverkehr." #: transports.page:82 msgid "meek" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-progress_completed] Update translations for tor-launcher-progress_completed
commit 5cea77dcd02f035dffba8ccaaa53b2eb9e98d3dd Author: Translation commit botDate: Fri Dec 16 19:46:11 2016 + Update translations for tor-launcher-progress_completed --- fr/progress.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fr/progress.dtd b/fr/progress.dtd index a7d1857..39a0643 100644 --- a/fr/progress.dtd +++ b/fr/progress.dtd @@ -1,4 +1,4 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-progress] Update translations for tor-launcher-progress
commit bbcc4ad093a6adcd8df552a16e6b3338121acc3c Author: Translation commit botDate: Fri Dec 16 19:46:08 2016 + Update translations for tor-launcher-progress --- fr/progress.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fr/progress.dtd b/fr/progress.dtd index a7d1857..39a0643 100644 --- a/fr/progress.dtd +++ b/fr/progress.dtd @@ -1,4 +1,4 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbirdy] Update translations for torbirdy
commit 330aa56071799ced34cd06b2d383e65eac6ec878 Author: Translation commit botDate: Fri Dec 16 19:45:49 2016 + Update translations for torbirdy --- fr/torbirdy.properties| 20 ++-- fr_CA/torbirdy.properties | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/fr/torbirdy.properties b/fr/torbirdy.properties index be6d72a..25acc4c 100644 --- a/fr/torbirdy.properties +++ b/fr/torbirdy.properties @@ -1,18 +1,18 @@ torbirdy.name=TorBirdy -torbirdy.enabled.tor=TorBirdy Activé : Tor -torbirdy.enabled.jondo=TorBidy Activé : JonDo -torbirdy.enabled.custom=TorBirdy Activé : Proxy personnalisé -torbirdy.enabled.torification=TorBirdy Activé : Transparent Torification -torbirdy.enabled.whonix=TorBirdy Activé : Whonix -torbirdy.disabled=TorBirdy : Désactivé ! -torbirdy.enabled=TorBirdy: Activé +torbirdy.enabled.tor=Activé avec TorBirdy : Tor +torbirdy.enabled.jondo=Activé avec TorBirdy : JonDo +torbirdy.enabled.custom=Activé avec TorBirdy : mandataire personnalisé +torbirdy.enabled.torification=Activé avec TorBirdy : torification transparente +torbirdy.enabled.whonix=Activé avec TorBirdy : Whonix +torbirdy.disabled=TorBirdy : désactivé ! +torbirdy.enabled=TorBirdy : activé -torbirdy.email.prompt=TorBirdy a désactivé la configuration automatique de Thunderbird pour protéger votre anonymat.\n\nLes paramètres de sécurité recommandés pour %S ont été selectionnés.\n\nVous pouvez maintenant configurer les autres paramètres de ce compte manuellement. +torbirdy.email.prompt=TorBirdy a désactivé la configuration automatique de Thunderbird pour protéger votre anonymat.\n\nLes paramètres de sécurité recommandés pour %S on été définis.\n\nVous pouvez maintenant configurer les autres paramètres du compte manuellement. torbirdy.email.advanced=Veuillez noter qu'il n'est PAS recommandé de modifier les paramètres avancés de TorBirdy.\n\nVous ne devriez poursuivre que si vous êtes certain de ce que vous faites. torbirdy.email.advanced.nextwarning=Afficher cet avertissement la prochaine fois -torbirdy.email.advanced.title=Paramètres Avancés de TorBirdy +torbirdy.email.advanced.title=Paramètres avancés de TorBirdy -torbirdy.firstrun=TorBirdy est maintenant en cours d'exécution.\n\nPour vous aider à protéger votre anonymat, TorBirdy va appliquer les paramètres de Thunderbird qu'il a lui-même configuré, les empêchant d'être modifiés par vous-même ou tout autre module complémentaire. Il y a certains paramètres qui peuvent être changés et ceux-ci sont accessibles par le biais de la boîte de dialogue de TorBirdy. Lorsque TorBirdy est désinstallé ou désactivé, les paramètres qu'il a modifié sont réinitialisés à leurs valeurs par défaut (valeurs avant l'installation de TorBirdy).\n\nSi vous êtes un nouvel utilisateur, il vous est conseillé de lire le site Internet de TorBirdy afin de comprendre ce que nous essayons d'accomplir pour nos utilisateurs. +torbirdy.firstrun=TorBirdy est maintenant en cours d'exécution.\n\nPour vous aider à protéger votre anonymat, TorBirdy va appliquer les paramètres de Thunderbird qu'il a configuré, les empêchant d'être modifiés par vous ou tout autre module complémentaire. Certains paramètres peuvent être changés et sont accessibles par le biais de la boîte de dialogue de TorBirdy. Lorsque TorBirdy est désinstallé ou désactivé, tous les paramètres qu'il a modifié sont réinitialisés à leur valeur par défaut (valeurs avant l'installation de TorBirdy).\n\nSi vous êtes un nouvel utilisateur, il vous est conseillé de lire le site Internet de TorBirdy afin de comprendre ce que nous essayons d'accomplir avec TorBirdy, pour nos utilisateurs. torbirdy.website=https://trac.torproject.org/projects/tor/wiki/torbirdy diff --git a/fr_CA/torbirdy.properties b/fr_CA/torbirdy.properties index e2c6f20..c5923f5 100644 --- a/fr_CA/torbirdy.properties +++ b/fr_CA/torbirdy.properties @@ -8,11 +8,11 @@ torbirdy.enabled.whonix=Activé avec TorBirdy : Whonix torbirdy.disabled=TorBirdy : désactivé! torbirdy.enabled=TorBirdy : activé -torbirdy.email.prompt=TorBirdy a désactivé l'auto-configuration de Thunderbird pour protéger votre anonymat.\n\nLes paramètres de sécurité recommandé pour %S on été définis.\n\nVous pouvez maintenant configurer les paramètres de l'autre compte manuellement. +torbirdy.email.prompt=TorBirdy a désactivé la configuration automatique de Thunderbird pour protéger votre anonymat.\n\nLes paramètres de sécurité recommandés pour %S on été définis.\n\nVous pouvez maintenant configurer les autres paramètres du compte manuellement. torbirdy.email.advanced=Veuillez noter qu'il n'est PAS recommandé de modifier les paramètres avancés de TorBirdy.\n\nVous ne devriez poursuivre que si vous êtes certain de ce que vous faites.
[tor-commits] [translation/torbirdy_completed] Update translations for torbirdy_completed
commit 1eb66926587f20abfe48bff2e524e9b9e4975df5 Author: Translation commit botDate: Fri Dec 16 19:45:54 2016 + Update translations for torbirdy_completed --- fr/torbirdy.properties| 20 ++-- fr_CA/torbirdy.properties | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/fr/torbirdy.properties b/fr/torbirdy.properties index be6d72a..25acc4c 100644 --- a/fr/torbirdy.properties +++ b/fr/torbirdy.properties @@ -1,18 +1,18 @@ torbirdy.name=TorBirdy -torbirdy.enabled.tor=TorBirdy Activé : Tor -torbirdy.enabled.jondo=TorBidy Activé : JonDo -torbirdy.enabled.custom=TorBirdy Activé : Proxy personnalisé -torbirdy.enabled.torification=TorBirdy Activé : Transparent Torification -torbirdy.enabled.whonix=TorBirdy Activé : Whonix -torbirdy.disabled=TorBirdy : Désactivé ! -torbirdy.enabled=TorBirdy: Activé +torbirdy.enabled.tor=Activé avec TorBirdy : Tor +torbirdy.enabled.jondo=Activé avec TorBirdy : JonDo +torbirdy.enabled.custom=Activé avec TorBirdy : mandataire personnalisé +torbirdy.enabled.torification=Activé avec TorBirdy : torification transparente +torbirdy.enabled.whonix=Activé avec TorBirdy : Whonix +torbirdy.disabled=TorBirdy : désactivé ! +torbirdy.enabled=TorBirdy : activé -torbirdy.email.prompt=TorBirdy a désactivé la configuration automatique de Thunderbird pour protéger votre anonymat.\n\nLes paramètres de sécurité recommandés pour %S ont été selectionnés.\n\nVous pouvez maintenant configurer les autres paramètres de ce compte manuellement. +torbirdy.email.prompt=TorBirdy a désactivé la configuration automatique de Thunderbird pour protéger votre anonymat.\n\nLes paramètres de sécurité recommandés pour %S on été définis.\n\nVous pouvez maintenant configurer les autres paramètres du compte manuellement. torbirdy.email.advanced=Veuillez noter qu'il n'est PAS recommandé de modifier les paramètres avancés de TorBirdy.\n\nVous ne devriez poursuivre que si vous êtes certain de ce que vous faites. torbirdy.email.advanced.nextwarning=Afficher cet avertissement la prochaine fois -torbirdy.email.advanced.title=Paramètres Avancés de TorBirdy +torbirdy.email.advanced.title=Paramètres avancés de TorBirdy -torbirdy.firstrun=TorBirdy est maintenant en cours d'exécution.\n\nPour vous aider à protéger votre anonymat, TorBirdy va appliquer les paramètres de Thunderbird qu'il a lui-même configuré, les empêchant d'être modifiés par vous-même ou tout autre module complémentaire. Il y a certains paramètres qui peuvent être changés et ceux-ci sont accessibles par le biais de la boîte de dialogue de TorBirdy. Lorsque TorBirdy est désinstallé ou désactivé, les paramètres qu'il a modifié sont réinitialisés à leurs valeurs par défaut (valeurs avant l'installation de TorBirdy).\n\nSi vous êtes un nouvel utilisateur, il vous est conseillé de lire le site Internet de TorBirdy afin de comprendre ce que nous essayons d'accomplir pour nos utilisateurs. +torbirdy.firstrun=TorBirdy est maintenant en cours d'exécution.\n\nPour vous aider à protéger votre anonymat, TorBirdy va appliquer les paramètres de Thunderbird qu'il a configuré, les empêchant d'être modifiés par vous ou tout autre module complémentaire. Certains paramètres peuvent être changés et sont accessibles par le biais de la boîte de dialogue de TorBirdy. Lorsque TorBirdy est désinstallé ou désactivé, tous les paramètres qu'il a modifié sont réinitialisés à leur valeur par défaut (valeurs avant l'installation de TorBirdy).\n\nSi vous êtes un nouvel utilisateur, il vous est conseillé de lire le site Internet de TorBirdy afin de comprendre ce que nous essayons d'accomplir avec TorBirdy, pour nos utilisateurs. torbirdy.website=https://trac.torproject.org/projects/tor/wiki/torbirdy diff --git a/fr_CA/torbirdy.properties b/fr_CA/torbirdy.properties index e2c6f20..c5923f5 100644 --- a/fr_CA/torbirdy.properties +++ b/fr_CA/torbirdy.properties @@ -8,11 +8,11 @@ torbirdy.enabled.whonix=Activé avec TorBirdy : Whonix torbirdy.disabled=TorBirdy : désactivé! torbirdy.enabled=TorBirdy : activé -torbirdy.email.prompt=TorBirdy a désactivé l'auto-configuration de Thunderbird pour protéger votre anonymat.\n\nLes paramètres de sécurité recommandé pour %S on été définis.\n\nVous pouvez maintenant configurer les paramètres de l'autre compte manuellement. +torbirdy.email.prompt=TorBirdy a désactivé la configuration automatique de Thunderbird pour protéger votre anonymat.\n\nLes paramètres de sécurité recommandés pour %S on été définis.\n\nVous pouvez maintenant configurer les autres paramètres du compte manuellement. torbirdy.email.advanced=Veuillez noter qu'il n'est PAS recommandé de modifier les paramètres avancés de TorBirdy.\n\nVous ne devriez poursuivre que si vous êtes certain de ce que vous faites.
[tor-commits] [translation/torcheck_completed] Update translations for torcheck_completed
commit 0615956af97d11f7164163a8fbc44d39963c18b9 Author: Translation commit botDate: Fri Dec 16 19:45:15 2016 + Update translations for torcheck_completed --- fr/torcheck.po| 30 +++--- fr_CA/torcheck.po | 16 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/fr/torcheck.po b/fr/torcheck.po index 6a57e46..5964eee 100644 --- a/fr/torcheck.po +++ b/fr/torcheck.po @@ -17,7 +17,7 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "POT-Creation-Date: 2012-02-16 20:28+PDT\n" -"PO-Revision-Date: 2016-12-12 16:30+\n" +"PO-Revision-Date: 2016-12-16 19:31+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" @@ -34,10 +34,10 @@ msgid "" "Please refer to the https://www.torproject.org/\;>Tor website " "for further information about using Tor safely. You are now free to browse " "the Internet anonymously." -msgstr "Merci de visiter le https://www.torproject.org/\;>site web de Tor pour obtenir de plus amples informations sur une utilisation sûre de Tor. Vous êtes maintenant libre de naviguer anonymement sur l'Internet." +msgstr "Veuillez vous référer au https://www.torproject.org/\;>site Web de Tor pour plus d'informations sur une utilisation de Tor en toute sécurité. Vous êtes maintenant libre de naviguer anonymement sur l'Internet." msgid "There is a security update available for Tor Browser." -msgstr "Il y a une mise à jour de sécurité disponible pour Tor Browser." +msgstr "Une mise à jour de sécurité est proposée pour le navigateur Tor." msgid "" "https://www.torproject.org/download/download-easy.html\;>Click " @@ -45,14 +45,14 @@ msgid "" msgstr "https://www.torproject.org/download/download-easy.html\;>Cliquez ici pour aller sur la page de téléchargement" msgid "Sorry. You are not using Tor." -msgstr "Désolé. Vous n'êtes pas en train d'utiliser Tor." +msgstr "Désolé. Vous n'utilisez pas Tor." msgid "" "If you are attempting to use a Tor client, please refer to the https://www.torproject.org/\;>Tor website and specifically the instructions for " "configuring your Tor client." -msgstr "Si vous vous apprêtez à utiliser un client Tor, merci de visiter le https://www.torproject.org/\;>site web de Tor et plus particulièrement les https://www.torproject.org/docs/faq#DoesntWork\;>instructions pour configurer votre client Tor." +msgstr "Si vous tentez d'utiliser un client Tor, veuillez vous référer au https://www.torproject.org/\;>site Web de Tor et plus particulièrement aux https://www.torproject.org/docs/faq#DoesntWork\;>instructions pour configurer votre client Tor." msgid "Sorry, your query failed or an unexpected response was received." msgstr "Désolé, votre demande a échoué ou une réponse inattendue a été reçue." @@ -60,16 +60,16 @@ msgstr "Désolé, votre demande a échoué ou une réponse inattendue a été re msgid "" "A temporary service outage prevents us from determining if your source IP " "address is a https://www.torproject.org/\;>Tor node." -msgstr "Une interruption temporaire de service nous empêche de déterminer si votre adresse IP source est un noeud https://www.torproject.org/\;>Tor." +msgstr "Une interruption temporaire de service nous empêche de déterminer si votre adresse IP source est un nÅud https://www.torproject.org/\;>Tor." msgid "Your IP address appears to be: " -msgstr "Votre adresse IP semble être : " +msgstr "Votre adresse IP semble être :" msgid "Are you using Tor?" msgstr "Ãtes-vous en train d'utiliser Tor ?" msgid "This page is also available in the following languages:" -msgstr "Cette page est également disponible dans les langues suivantes :" +msgstr "Cette page est également proposée dans les langues suivantes :" msgid "For more information about this exit relay, see:" msgstr "Pour plus d'informations sur ce relais de sortie, voir :" @@ -77,13 +77,13 @@ msgstr "Pour plus d'informations sur ce relais de sortie, voir :" msgid "" "The Tor Project is a US 501(c)(3) non-profit dedicated to the research, " "development, and education of online anonymity and privacy." -msgstr "Le projet Tor est une organisation à but non lucratif (US 501(c)(3)) dédiée à la recherche, le développement et l'éducation sur l'anonymat et la vie privée en ligne." +msgstr "Le projet Tor est une organisation sans but lucratif US 501(c)(3) dédiée à la recherche, au développement et à l'éducation au sujet de l'anonymat et de la protection des données personnelles en ligne." msgid "Learn More " -msgstr "En savoir plus " +msgstr "En apprendre plus " msgid "Go" -msgstr "OK" +msgstr "Aller" msgid "Short User Manual" msgstr "Petit guide d'utilisation" @@ -92,7 +92,7 @@ msgid
[tor-commits] [translation/torcheck] Update translations for torcheck
commit 33c6374b937449787c6e369f6bf85ea56f189dc3 Author: Translation commit botDate: Fri Dec 16 19:45:10 2016 + Update translations for torcheck --- fr/torcheck.po| 30 +++--- fr_CA/torcheck.po | 16 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/fr/torcheck.po b/fr/torcheck.po index 6a57e46..5964eee 100644 --- a/fr/torcheck.po +++ b/fr/torcheck.po @@ -17,7 +17,7 @@ msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "POT-Creation-Date: 2012-02-16 20:28+PDT\n" -"PO-Revision-Date: 2016-12-12 16:30+\n" +"PO-Revision-Date: 2016-12-16 19:31+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" @@ -34,10 +34,10 @@ msgid "" "Please refer to the https://www.torproject.org/\;>Tor website " "for further information about using Tor safely. You are now free to browse " "the Internet anonymously." -msgstr "Merci de visiter le https://www.torproject.org/\;>site web de Tor pour obtenir de plus amples informations sur une utilisation sûre de Tor. Vous êtes maintenant libre de naviguer anonymement sur l'Internet." +msgstr "Veuillez vous référer au https://www.torproject.org/\;>site Web de Tor pour plus d'informations sur une utilisation de Tor en toute sécurité. Vous êtes maintenant libre de naviguer anonymement sur l'Internet." msgid "There is a security update available for Tor Browser." -msgstr "Il y a une mise à jour de sécurité disponible pour Tor Browser." +msgstr "Une mise à jour de sécurité est proposée pour le navigateur Tor." msgid "" "https://www.torproject.org/download/download-easy.html\;>Click " @@ -45,14 +45,14 @@ msgid "" msgstr "https://www.torproject.org/download/download-easy.html\;>Cliquez ici pour aller sur la page de téléchargement" msgid "Sorry. You are not using Tor." -msgstr "Désolé. Vous n'êtes pas en train d'utiliser Tor." +msgstr "Désolé. Vous n'utilisez pas Tor." msgid "" "If you are attempting to use a Tor client, please refer to the https://www.torproject.org/\;>Tor website and specifically the instructions for " "configuring your Tor client." -msgstr "Si vous vous apprêtez à utiliser un client Tor, merci de visiter le https://www.torproject.org/\;>site web de Tor et plus particulièrement les https://www.torproject.org/docs/faq#DoesntWork\;>instructions pour configurer votre client Tor." +msgstr "Si vous tentez d'utiliser un client Tor, veuillez vous référer au https://www.torproject.org/\;>site Web de Tor et plus particulièrement aux https://www.torproject.org/docs/faq#DoesntWork\;>instructions pour configurer votre client Tor." msgid "Sorry, your query failed or an unexpected response was received." msgstr "Désolé, votre demande a échoué ou une réponse inattendue a été reçue." @@ -60,16 +60,16 @@ msgstr "Désolé, votre demande a échoué ou une réponse inattendue a été re msgid "" "A temporary service outage prevents us from determining if your source IP " "address is a https://www.torproject.org/\;>Tor node." -msgstr "Une interruption temporaire de service nous empêche de déterminer si votre adresse IP source est un noeud https://www.torproject.org/\;>Tor." +msgstr "Une interruption temporaire de service nous empêche de déterminer si votre adresse IP source est un nÅud https://www.torproject.org/\;>Tor." msgid "Your IP address appears to be: " -msgstr "Votre adresse IP semble être : " +msgstr "Votre adresse IP semble être :" msgid "Are you using Tor?" msgstr "Ãtes-vous en train d'utiliser Tor ?" msgid "This page is also available in the following languages:" -msgstr "Cette page est également disponible dans les langues suivantes :" +msgstr "Cette page est également proposée dans les langues suivantes :" msgid "For more information about this exit relay, see:" msgstr "Pour plus d'informations sur ce relais de sortie, voir :" @@ -77,13 +77,13 @@ msgstr "Pour plus d'informations sur ce relais de sortie, voir :" msgid "" "The Tor Project is a US 501(c)(3) non-profit dedicated to the research, " "development, and education of online anonymity and privacy." -msgstr "Le projet Tor est une organisation à but non lucratif (US 501(c)(3)) dédiée à la recherche, le développement et l'éducation sur l'anonymat et la vie privée en ligne." +msgstr "Le projet Tor est une organisation sans but lucratif US 501(c)(3) dédiée à la recherche, au développement et à l'éducation au sujet de l'anonymat et de la protection des données personnelles en ligne." msgid "Learn More " -msgstr "En savoir plus " +msgstr "En apprendre plus " msgid "Go" -msgstr "OK" +msgstr "Aller" msgid "Short User Manual" msgstr "Petit guide d'utilisation" @@ -92,7 +92,7 @@ msgid "Donate to
[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup
commit 48b028d25937b9431c7ec289f7f4923ae0e11dca Author: Translation commit botDate: Fri Dec 16 19:15:35 2016 + Update translations for tails-persistence-setup --- fr/fr.po | 18 +- fr_CA/fr_CA.po | 8 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/fr/fr.po b/fr/fr.po index bf9a98f..70fc21b 100644 --- a/fr/fr.po +++ b/fr/fr.po @@ -23,7 +23,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2016-05-25 02:27+0200\n" -"PO-Revision-Date: 2016-12-16 18:45+\n" +"PO-Revision-Date: 2016-12-16 18:51+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" @@ -195,7 +195,7 @@ msgstr "Le périphérique %s est un lecteur optique." #: ../lib/Tails/Persistence/Setup.pm:422 #, perl-format msgid "Device %s was not created using Tails Installer." -msgstr "Le périphérique %s n'a pas été créé par Tails Installer." +msgstr "Le périphérique %s n'a pas été créé en utilisant le programme d'installation Tails." #: ../lib/Tails/Persistence/Setup.pm:668 msgid "Persistence wizard - Finished" @@ -206,11 +206,11 @@ msgid "" "Any changes you have made will only take effect after restarting Tails.\n" "\n" "You may now close this application." -msgstr "Les modifications que vous avez effectuées ne prendront effet qu'après le redémarrage de Tails.\n\nVous pouvez maintenant fermer cette application." +msgstr "Toute modification que vous avez effectuée ne prendra effet qu'après le redémarrage de Tails.\n\nVous pouvez maintenant fermer cette application." #: ../lib/Tails/Persistence/Step/Bootstrap.pm:54 msgid "Persistence wizard - Persistent volume creation" -msgstr "Assistant de persistance - Configuration du volume persistant" +msgstr "Assistant de persistance - Création du volume persistant" #: ../lib/Tails/Persistence/Step/Bootstrap.pm:57 msgid "Choose a passphrase to protect the persistent volume" @@ -234,7 +234,7 @@ msgid "" "understood. Tails can't help you if you use it wrong! See Tails" " documentation about persistence to learn more." -msgstr "Attention ! L'utilisation de la persistance a des conséquences qui doivent être bien comprises. Tails ne peut pas vous protéger d'une mauvaise utilisation ! Voir la documentation de Tails concernant la persistance pour en savoir plus." +msgstr "Attention ! L'utilisation de la persistance a des conséquences qui doivent être bien comprises. Tails ne peut pas vous aider si vous l'utilisez mal ! Voir la documentation de Tails concernant la persistance pour en savoir plus." #: ../lib/Tails/Persistence/Step/Bootstrap.pm:144 msgid "Passphrase:" @@ -289,7 +289,7 @@ msgstr "Assistant de persistance - Configuration du volume persistant" #: ../lib/Tails/Persistence/Step/Configure.pm:64 msgid "Specify the files that will be saved in the persistent volume" -msgstr "Choisissez les fichiers qui seront enregistrés dans le volume persistant" +msgstr "Spécifiez les fichiers a enregistrer dans le volume persistant" #. TRANSLATORS: partition, size, device vendor, device model #: ../lib/Tails/Persistence/Step/Configure.pm:68 @@ -301,7 +301,7 @@ msgstr "Les fichiers choisis seront stockés dans la partition persistante de Ta #: ../lib/Tails/Persistence/Step/Configure.pm:74 msgid "Save" -msgstr "Sauvegarder" +msgstr "Enregistrer" #: ../lib/Tails/Persistence/Step/Configure.pm:143 msgid "Saving..." @@ -323,11 +323,11 @@ msgstr "Vos données persistantes seront supprimées." #, perl-format msgid "" "The persistent volume %s (%s), on the %s %s device, will be deleted." -msgstr "Le volume persistant %s (%s), sur le périphérique %s %s, sera supprimé." +msgstr "Le volume persistant %s (%s) du périphérique %s %s sera supprimé." #: ../lib/Tails/Persistence/Step/Delete.pm:54 msgid "Delete" -msgstr "Suppression" +msgstr "Supprimer" #: ../lib/Tails/Persistence/Step/Delete.pm:111 msgid "Deleting..." diff --git a/fr_CA/fr_CA.po b/fr_CA/fr_CA.po index 19df89f..b9bd460 100644 --- a/fr_CA/fr_CA.po +++ b/fr_CA/fr_CA.po @@ -17,7 +17,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2016-05-25 02:27+0200\n" -"PO-Revision-Date: 2016-12-16 18:44+\n" +"PO-Revision-Date: 2016-12-16 18:51+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (Canada) (http://www.transifex.com/otf/torproject/language/fr_CA/)\n" "MIME-Version: 1.0\n" @@ -189,7 +189,7 @@ msgstr "Le périphérique %s est un lecteur optique." #: ../lib/Tails/Persistence/Setup.pm:422 #, perl-format msgid "Device %s was not created using Tails Installer." -msgstr "Le dispositif %s n'a pas été créé en utilisant le
[tor-commits] [translation/tails-persistence-setup_completed] Update translations for tails-persistence-setup_completed
commit ab820d5f6393e5358bf3f446133862039c7daf21 Author: Translation commit botDate: Fri Dec 16 19:15:39 2016 + Update translations for tails-persistence-setup_completed --- fr/fr.po | 18 +- fr_CA/fr_CA.po | 8 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/fr/fr.po b/fr/fr.po index bf9a98f..70fc21b 100644 --- a/fr/fr.po +++ b/fr/fr.po @@ -23,7 +23,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2016-05-25 02:27+0200\n" -"PO-Revision-Date: 2016-12-16 18:45+\n" +"PO-Revision-Date: 2016-12-16 18:51+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" @@ -195,7 +195,7 @@ msgstr "Le périphérique %s est un lecteur optique." #: ../lib/Tails/Persistence/Setup.pm:422 #, perl-format msgid "Device %s was not created using Tails Installer." -msgstr "Le périphérique %s n'a pas été créé par Tails Installer." +msgstr "Le périphérique %s n'a pas été créé en utilisant le programme d'installation Tails." #: ../lib/Tails/Persistence/Setup.pm:668 msgid "Persistence wizard - Finished" @@ -206,11 +206,11 @@ msgid "" "Any changes you have made will only take effect after restarting Tails.\n" "\n" "You may now close this application." -msgstr "Les modifications que vous avez effectuées ne prendront effet qu'après le redémarrage de Tails.\n\nVous pouvez maintenant fermer cette application." +msgstr "Toute modification que vous avez effectuée ne prendra effet qu'après le redémarrage de Tails.\n\nVous pouvez maintenant fermer cette application." #: ../lib/Tails/Persistence/Step/Bootstrap.pm:54 msgid "Persistence wizard - Persistent volume creation" -msgstr "Assistant de persistance - Configuration du volume persistant" +msgstr "Assistant de persistance - Création du volume persistant" #: ../lib/Tails/Persistence/Step/Bootstrap.pm:57 msgid "Choose a passphrase to protect the persistent volume" @@ -234,7 +234,7 @@ msgid "" "understood. Tails can't help you if you use it wrong! See Tails" " documentation about persistence to learn more." -msgstr "Attention ! L'utilisation de la persistance a des conséquences qui doivent être bien comprises. Tails ne peut pas vous protéger d'une mauvaise utilisation ! Voir la documentation de Tails concernant la persistance pour en savoir plus." +msgstr "Attention ! L'utilisation de la persistance a des conséquences qui doivent être bien comprises. Tails ne peut pas vous aider si vous l'utilisez mal ! Voir la documentation de Tails concernant la persistance pour en savoir plus." #: ../lib/Tails/Persistence/Step/Bootstrap.pm:144 msgid "Passphrase:" @@ -289,7 +289,7 @@ msgstr "Assistant de persistance - Configuration du volume persistant" #: ../lib/Tails/Persistence/Step/Configure.pm:64 msgid "Specify the files that will be saved in the persistent volume" -msgstr "Choisissez les fichiers qui seront enregistrés dans le volume persistant" +msgstr "Spécifiez les fichiers a enregistrer dans le volume persistant" #. TRANSLATORS: partition, size, device vendor, device model #: ../lib/Tails/Persistence/Step/Configure.pm:68 @@ -301,7 +301,7 @@ msgstr "Les fichiers choisis seront stockés dans la partition persistante de Ta #: ../lib/Tails/Persistence/Step/Configure.pm:74 msgid "Save" -msgstr "Sauvegarder" +msgstr "Enregistrer" #: ../lib/Tails/Persistence/Step/Configure.pm:143 msgid "Saving..." @@ -323,11 +323,11 @@ msgstr "Vos données persistantes seront supprimées." #, perl-format msgid "" "The persistent volume %s (%s), on the %s %s device, will be deleted." -msgstr "Le volume persistant %s (%s), sur le périphérique %s %s, sera supprimé." +msgstr "Le volume persistant %s (%s) du périphérique %s %s sera supprimé." #: ../lib/Tails/Persistence/Step/Delete.pm:54 msgid "Delete" -msgstr "Suppression" +msgstr "Supprimer" #: ../lib/Tails/Persistence/Step/Delete.pm:111 msgid "Deleting..." diff --git a/fr_CA/fr_CA.po b/fr_CA/fr_CA.po index 19df89f..b9bd460 100644 --- a/fr_CA/fr_CA.po +++ b/fr_CA/fr_CA.po @@ -17,7 +17,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2016-05-25 02:27+0200\n" -"PO-Revision-Date: 2016-12-16 18:44+\n" +"PO-Revision-Date: 2016-12-16 18:51+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (Canada) (http://www.transifex.com/otf/torproject/language/fr_CA/)\n" "MIME-Version: 1.0\n" @@ -189,7 +189,7 @@ msgstr "Le périphérique %s est un lecteur optique." #: ../lib/Tails/Persistence/Setup.pm:422 #, perl-format msgid "Device %s was not created using Tails Installer." -msgstr "Le dispositif %s n'a pas été créé en
[tor-commits] [translation/torbirdy_completed] Update translations for torbirdy_completed
commit ea8a347e4fcc38a549c28fd8e9482b7821a8da18 Author: Translation commit botDate: Fri Dec 16 19:15:55 2016 + Update translations for torbirdy_completed --- fr/torbirdy.dtd| 28 ++-- fr_CA/torbirdy.dtd | 6 +++--- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/fr/torbirdy.dtd b/fr/torbirdy.dtd index 924d530..1ccf4cf 100644 --- a/fr/torbirdy.dtd +++ b/fr/torbirdy.dtd @@ -1,40 +1,40 @@ - - + + - + - + - + - - + + - + - + - + - + @@ -42,15 +42,15 @@ - + - + - + diff --git a/fr_CA/torbirdy.dtd b/fr_CA/torbirdy.dtd index 7e04835..399922d 100644 --- a/fr_CA/torbirdy.dtd +++ b/fr_CA/torbirdy.dtd @@ -17,7 +17,7 @@ - + @@ -34,7 +34,7 @@ - + @@ -50,7 +50,7 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbirdy] Update translations for torbirdy
commit 9144712aa8d97aeff2135ad5b0a617685902ccd1 Author: Translation commit botDate: Fri Dec 16 19:15:50 2016 + Update translations for torbirdy --- fr/torbirdy.dtd| 28 ++-- fr_CA/torbirdy.dtd | 6 +++--- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/fr/torbirdy.dtd b/fr/torbirdy.dtd index 924d530..1ccf4cf 100644 --- a/fr/torbirdy.dtd +++ b/fr/torbirdy.dtd @@ -1,40 +1,40 @@ - - + + - + - + - + - - + + - + - + - + - + @@ -42,15 +42,15 @@ - + - + - + diff --git a/fr_CA/torbirdy.dtd b/fr_CA/torbirdy.dtd index 7e04835..399922d 100644 --- a/fr_CA/torbirdy.dtd +++ b/fr_CA/torbirdy.dtd @@ -17,7 +17,7 @@ - + @@ -34,7 +34,7 @@ - + @@ -50,7 +50,7 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix another pointless stack-protector warning.
commit ff08be56acab7fbdc312142284dccb20516f15f2 Author: Nick MathewsonDate: Fri Dec 16 14:06:25 2016 -0500 Fix another pointless stack-protector warning. This is the same as we fixed in 39f455468731d4746adb729a67. --- src/test/test_entrynodes.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 30c9339..32f8b6e 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -1625,7 +1625,7 @@ test_entry_guard_node_filter(void *arg) bridge_line_t *bl = NULL; /* Initialize a bunch of node objects that are all guards. */ - const int NUM = 7; +#define NUM 7 node_t *n[NUM]; entry_guard_t *g[NUM]; int i; @@ -1704,6 +1704,7 @@ test_entry_guard_node_filter(void *arg) done: guard_selection_free(gs); tor_free(bl); +#undef NUM } static void ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Rename 'remove' -> 'rmv' to avoid shadowing a libc global
commit 762b799545ad200c126f0b7d9981630802688c2b Author: Nick MathewsonDate: Fri Dec 16 14:04:57 2016 -0500 Rename 'remove' -> 'rmv' to avoid shadowing a libc global --- src/or/entrynodes.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 2e46aba..8260186 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1287,7 +1287,7 @@ sampled_guards_update_from_consensus(guard_selection_t *gs) /* Then: remove the ones that have been junk for too long */ SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { -int remove = 0; +int rmv = 0; if (guard->currently_listed == 0 && guard->unlisted_since_date < remove_if_unlisted_since) { @@ -1299,20 +1299,20 @@ sampled_guards_update_from_consensus(guard_selection_t *gs) log_info(LD_GUARD, "Removing sampled guard %s: it has been unlisted " "for over %d days", entry_guard_describe(guard), get_remove_unlisted_guards_after_days()); - remove = 1; + rmv = 1; } else if (guard->sampled_on_date < maybe_remove_if_sampled_before) { /* We have a live consensus, and {ADDED_ON_DATE} is over {GUARD_LIFETIME} ago, *and* {CONFIRMED_ON_DATE} is either "never", or over {GUARD_CONFIRMED_MIN_LIFETIME} ago. */ if (guard->confirmed_on_date == 0) { -remove = 1; +rmv = 1; log_info(LD_GUARD, "Removing sampled guard %s: it was sampled " "over %d days ago, but never confirmed.", entry_guard_describe(guard), get_guard_lifetime() / 86400); } else if (guard->confirmed_on_date < remove_if_confirmed_before) { -remove = 1; +rmv = 1; log_info(LD_GUARD, "Removing sampled guard %s: it was sampled " "over %d days ago, and confirmed over %d days ago.", entry_guard_describe(guard), @@ -1321,7 +1321,7 @@ sampled_guards_update_from_consensus(guard_selection_t *gs) } } -if (remove) { +if (rmv) { ++n_changes; SMARTLIST_DEL_CURRENT(gs->sampled_entry_guards, guard); remove_guard_from_confirmed_and_primary_lists(gs, guard); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup
commit fcf0bbf6e9b28bd31b4c61f6916f0ec1b71008c9 Author: Translation commit botDate: Fri Dec 16 18:45:33 2016 + Update translations for tails-persistence-setup --- fr/fr.po | 30 +++--- fr_CA/fr_CA.po | 8 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/fr/fr.po b/fr/fr.po index 9121a12..bf9a98f 100644 --- a/fr/fr.po +++ b/fr/fr.po @@ -23,7 +23,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2016-05-25 02:27+0200\n" -"PO-Revision-Date: 2016-12-16 15:04+\n" +"PO-Revision-Date: 2016-12-16 18:45+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" @@ -38,7 +38,7 @@ msgstr "Données personnelles" #: ../lib/Tails/Persistence/Configuration/Presets.pm:50 msgid "Keep files stored in the `Persistent' directory" -msgstr "Conserver les fichiers dans le dossier `Persistant'" +msgstr "Conserver les fichiers dans le répertoire « persistent »" #: ../lib/Tails/Persistence/Configuration/Presets.pm:58 msgid "GnuPG" @@ -54,7 +54,7 @@ msgstr "Client SSH" #: ../lib/Tails/Persistence/Configuration/Presets.pm:70 msgid "SSH keys, configuration and known hosts" -msgstr "Clés, configuration et hôtes connus de SSH" +msgstr "Clés, configuration et hôtes connus SSH" #: ../lib/Tails/Persistence/Configuration/Presets.pm:78 msgid "Pidgin" @@ -78,7 +78,7 @@ msgstr "Trousseau de clés GNOME" #: ../lib/Tails/Persistence/Configuration/Presets.pm:100 msgid "Secrets stored by GNOME Keyring" -msgstr "Secrets stockés dans le trousseau de GNOME." +msgstr "Secrets stockés par le trousseau de clés GNOME" #: ../lib/Tails/Persistence/Configuration/Presets.pm:108 msgid "Network Connections" @@ -86,7 +86,7 @@ msgstr "Connexions réseau" #: ../lib/Tails/Persistence/Configuration/Presets.pm:110 msgid "Configuration of network devices and connections" -msgstr "Configuration des périphériques et des connexions réseau" +msgstr "Configuration des périphériques et connexions réseau" #: ../lib/Tails/Persistence/Configuration/Presets.pm:118 msgid "Browser bookmarks" @@ -106,7 +106,7 @@ msgstr "Configuration des imprimantes" #: ../lib/Tails/Persistence/Configuration/Presets.pm:138 msgid "Bitcoin client" -msgstr "Client bitcoin" +msgstr "Client Bitcoin" #: ../lib/Tails/Persistence/Configuration/Presets.pm:140 msgid "Electrum's bitcoin wallet and configuration" @@ -122,11 +122,11 @@ msgstr "Paquets téléchargés par APT" #: ../lib/Tails/Persistence/Configuration/Presets.pm:158 msgid "APT Lists" -msgstr "Listes APT" +msgstr "Listes d'APT" #: ../lib/Tails/Persistence/Configuration/Presets.pm:160 msgid "Lists downloaded by APT" -msgstr "Listes de paquets téléchargées par APT" +msgstr "Listes téléchargées par APT" #: ../lib/Tails/Persistence/Configuration/Presets.pm:168 msgid "Dotfiles" @@ -135,11 +135,11 @@ msgstr "Dotfiles" #: ../lib/Tails/Persistence/Configuration/Presets.pm:170 msgid "" "Symlink into $HOME every file or directory found in the `dotfiles' directory" -msgstr "Créer un lien symbolique, dans $HOME, vers chaque fichier ou dossier se trouvant dans le dossier `dotfiles'" +msgstr "Créer un lien symbolique, dans $HOME, pour chaque fichier ou dossier se trouvant dans le dossier « dotfiles »" #: ../lib/Tails/Persistence/Setup.pm:230 msgid "Setup Tails persistent volume" -msgstr "Configurer le volume persistant de Tails" +msgstr "Définir le volume persistant de Tails" #: ../lib/Tails/Persistence/Setup.pm:312 ../lib/Tails/Persistence/Setup.pm:459 msgid "Error" @@ -148,17 +148,17 @@ msgstr "Erreur" #: ../lib/Tails/Persistence/Setup.pm:344 #, perl-format msgid "Device %s already has a persistent volume." -msgstr "Le périphérique %s contient déjà un espace de stockage persistant." +msgstr "Le périphérique %s contient déjà un volume persistant." #: ../lib/Tails/Persistence/Setup.pm:352 #, perl-format msgid "Device %s has not enough unallocated space." -msgstr "Le périphérique %s n'a pas assez d'espace libre." +msgstr "Le périphérique %s n'a pas assez d'espace non alloué." #: ../lib/Tails/Persistence/Setup.pm:360 ../lib/Tails/Persistence/Setup.pm:374 #, perl-format msgid "Device %s has no persistent volume." -msgstr "Le périphérique %s n'a pas d'espace de stockage persistant." +msgstr "Le périphérique %s n'a pas de volume persistant." #: ../lib/Tails/Persistence/Setup.pm:366 msgid "" @@ -168,7 +168,7 @@ msgstr "Impossible de supprimer le volume persistant pendant quâil est utilis #: ../lib/Tails/Persistence/Setup.pm:385 msgid "Persistence volume is not unlocked." -msgstr "Le volume persistant est verrouillé." +msgstr "Le volume persistant n'est pas déverrouillé." #:
[tor-commits] [translation/tails-persistence-setup_completed] Update translations for tails-persistence-setup_completed
commit 73a8e06cf06cfc9353e219f494e2166cbdfd5ace Author: Translation commit botDate: Fri Dec 16 18:45:38 2016 + Update translations for tails-persistence-setup_completed --- fr/fr.po | 30 +++--- fr_CA/fr_CA.po | 8 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/fr/fr.po b/fr/fr.po index 9121a12..bf9a98f 100644 --- a/fr/fr.po +++ b/fr/fr.po @@ -23,7 +23,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2016-05-25 02:27+0200\n" -"PO-Revision-Date: 2016-12-16 15:04+\n" +"PO-Revision-Date: 2016-12-16 18:45+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" @@ -38,7 +38,7 @@ msgstr "Données personnelles" #: ../lib/Tails/Persistence/Configuration/Presets.pm:50 msgid "Keep files stored in the `Persistent' directory" -msgstr "Conserver les fichiers dans le dossier `Persistant'" +msgstr "Conserver les fichiers dans le répertoire « persistent »" #: ../lib/Tails/Persistence/Configuration/Presets.pm:58 msgid "GnuPG" @@ -54,7 +54,7 @@ msgstr "Client SSH" #: ../lib/Tails/Persistence/Configuration/Presets.pm:70 msgid "SSH keys, configuration and known hosts" -msgstr "Clés, configuration et hôtes connus de SSH" +msgstr "Clés, configuration et hôtes connus SSH" #: ../lib/Tails/Persistence/Configuration/Presets.pm:78 msgid "Pidgin" @@ -78,7 +78,7 @@ msgstr "Trousseau de clés GNOME" #: ../lib/Tails/Persistence/Configuration/Presets.pm:100 msgid "Secrets stored by GNOME Keyring" -msgstr "Secrets stockés dans le trousseau de GNOME." +msgstr "Secrets stockés par le trousseau de clés GNOME" #: ../lib/Tails/Persistence/Configuration/Presets.pm:108 msgid "Network Connections" @@ -86,7 +86,7 @@ msgstr "Connexions réseau" #: ../lib/Tails/Persistence/Configuration/Presets.pm:110 msgid "Configuration of network devices and connections" -msgstr "Configuration des périphériques et des connexions réseau" +msgstr "Configuration des périphériques et connexions réseau" #: ../lib/Tails/Persistence/Configuration/Presets.pm:118 msgid "Browser bookmarks" @@ -106,7 +106,7 @@ msgstr "Configuration des imprimantes" #: ../lib/Tails/Persistence/Configuration/Presets.pm:138 msgid "Bitcoin client" -msgstr "Client bitcoin" +msgstr "Client Bitcoin" #: ../lib/Tails/Persistence/Configuration/Presets.pm:140 msgid "Electrum's bitcoin wallet and configuration" @@ -122,11 +122,11 @@ msgstr "Paquets téléchargés par APT" #: ../lib/Tails/Persistence/Configuration/Presets.pm:158 msgid "APT Lists" -msgstr "Listes APT" +msgstr "Listes d'APT" #: ../lib/Tails/Persistence/Configuration/Presets.pm:160 msgid "Lists downloaded by APT" -msgstr "Listes de paquets téléchargées par APT" +msgstr "Listes téléchargées par APT" #: ../lib/Tails/Persistence/Configuration/Presets.pm:168 msgid "Dotfiles" @@ -135,11 +135,11 @@ msgstr "Dotfiles" #: ../lib/Tails/Persistence/Configuration/Presets.pm:170 msgid "" "Symlink into $HOME every file or directory found in the `dotfiles' directory" -msgstr "Créer un lien symbolique, dans $HOME, vers chaque fichier ou dossier se trouvant dans le dossier `dotfiles'" +msgstr "Créer un lien symbolique, dans $HOME, pour chaque fichier ou dossier se trouvant dans le dossier « dotfiles »" #: ../lib/Tails/Persistence/Setup.pm:230 msgid "Setup Tails persistent volume" -msgstr "Configurer le volume persistant de Tails" +msgstr "Définir le volume persistant de Tails" #: ../lib/Tails/Persistence/Setup.pm:312 ../lib/Tails/Persistence/Setup.pm:459 msgid "Error" @@ -148,17 +148,17 @@ msgstr "Erreur" #: ../lib/Tails/Persistence/Setup.pm:344 #, perl-format msgid "Device %s already has a persistent volume." -msgstr "Le périphérique %s contient déjà un espace de stockage persistant." +msgstr "Le périphérique %s contient déjà un volume persistant." #: ../lib/Tails/Persistence/Setup.pm:352 #, perl-format msgid "Device %s has not enough unallocated space." -msgstr "Le périphérique %s n'a pas assez d'espace libre." +msgstr "Le périphérique %s n'a pas assez d'espace non alloué." #: ../lib/Tails/Persistence/Setup.pm:360 ../lib/Tails/Persistence/Setup.pm:374 #, perl-format msgid "Device %s has no persistent volume." -msgstr "Le périphérique %s n'a pas d'espace de stockage persistant." +msgstr "Le périphérique %s n'a pas de volume persistant." #: ../lib/Tails/Persistence/Setup.pm:366 msgid "" @@ -168,7 +168,7 @@ msgstr "Impossible de supprimer le volume persistant pendant quâil est utilis #: ../lib/Tails/Persistence/Setup.pm:385 msgid "Persistence volume is not unlocked." -msgstr "Le volume persistant est verrouillé." +msgstr "Le volume persistant n'est pas déverrouillé." #:
[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit 30e652f84e84b2e074ebd44f5ff00f0cfd778b90 Author: Translation commit botDate: Fri Dec 16 18:18:16 2016 + Update translations for tor-browser-manual --- vi/vi.po | 4 1 file changed, 4 insertions(+) diff --git a/vi/vi.po b/vi/vi.po index 6458a44..fb38a2e 100644 --- a/vi/vi.po +++ b/vi/vi.po @@ -77,6 +77,10 @@ msgid "" " valid for a single session (until Tor Browser is exited or a New Identity is requested)." msgstr "" +"Mặc Äá»nh, Trình duyá»t Tor không lÆ°u bất kỳ lá»ch sá» duyá»t web nà o Cookies " +"chá» hợp lá» trong má»t phiên duy nhất (cho Äến khi Trình duyá»t Tor Äược thoát " +"ra hoặc má»t New " +"Identity Äược yêu cầu)." #: about-tor-browser.page:50 msgid "How Tor works" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Resolve a division-by-zero complaint from coverity. CID 1397272
commit 23c09b6bc2897ada21de220c48799f01171dcdf4 Author: Nick MathewsonDate: Fri Dec 16 12:21:02 2016 -0500 Resolve a division-by-zero complaint from coverity. CID 1397272 --- src/or/entrynodes.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 8715af7..2e46aba 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -638,7 +638,8 @@ choose_guard_selection(const or_options_t *options, */ static int have_warned_extreme_threshold = 0; - if (n_passing_filter < extreme_threshold && + if (n_guards && + n_passing_filter < extreme_threshold && ! have_warned_extreme_threshold) { have_warned_extreme_threshold = 1; const double exclude_frac = ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Resolve some coverity complaints in test_entrynodes.c
commit 698ed75e1a4b55936e412a476b2f4880cd7b2fa7 Author: Nick MathewsonDate: Fri Dec 16 12:23:46 2016 -0500 Resolve some coverity complaints in test_entrynodes.c --- src/test/test_entrynodes.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 6816113..30c9339 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -1792,8 +1792,9 @@ test_entry_guard_expand_sample(void *arg) tt_int_op(num_reachable_filtered_guards(gs, NULL), OP_LE, DFLT_MIN_FILTERED_SAMPLE_SIZE); /* but we definitely didn't exceed the sample maximum. */ + const int n_guards = 271 / 2; tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_LE, -(int)((271 / 2) * .3)); +(int)(n_guards * .3)); done: guard_selection_free(gs); @@ -2909,6 +2910,7 @@ test_entry_guard_select_and_cancel(void *arg) for (i = 0; i < N_PRIMARY; ++i) { r = entry_guard_pick_for_circuit(gs, GUARD_USAGE_TRAFFIC, NULL, , ); +tt_int_op(r, OP_EQ, 0); tt_int_op(guard->state, OP_EQ, GUARD_CIRC_STATE_USABLE_ON_COMPLETION); g = entry_guard_handle_get(guard->guard); tt_int_op(g->is_primary, OP_EQ, 1); @@ -3047,7 +3049,7 @@ upgrade_circuits_cleanup(const struct testcase_t *testcase, void *ptr) circuit_free(TO_CIRCUIT(data->circ1)); circuit_free(TO_CIRCUIT(data->circ2)); tor_free(data); - return big_fake_network_cleanup(testcase, ptr); + return big_fake_network_cleanup(testcase, NULL); } static void ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Revert "Stop checking whether environ is declared."
commit 2a00110e5bd3592ff69e659681b9294285a98dd0 Author: Nick MathewsonDate: Fri Dec 16 12:16:52 2016 -0500 Revert "Stop checking whether environ is declared." This reverts commit 954eeda619a59dae76144ad69967f0ed7341b564. Apparently, OpenBSD is what expects you to declare environ yourself. So 19142 is a wontfix. --- changes/19142 | 3 --- configure.ac| 16 src/common/compat.c | 9 + 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/changes/19142 b/changes/19142 deleted file mode 100644 index 685bbbc..000 --- a/changes/19142 +++ /dev/null @@ -1,3 +0,0 @@ - o Removed features: -- We no longer attempt to build on systems where 'environ' is not - declared in the C headers. Closes ticket 19142. diff --git a/configure.ac b/configure.ac index 552465c..fea884b 100644 --- a/configure.ac +++ b/configure.ac @@ -1535,6 +1535,17 @@ int main(int c, char **v) { puts(__FUNCTION__); }])], tor_cv_have_FUNCTION_macro=yes, tor_cv_have_FUNCTION_macro=no)) +AC_CACHE_CHECK([whether we have extern char **environ already declared], + tor_cv_have_environ_declared, + AC_COMPILE_IFELSE([AC_LANG_SOURCE([ +#ifdef HAVE_UNISTD_H +#include +#endif +#include +int main(int c, char **v) { char **t = environ; }])], + tor_cv_have_environ_declared=yes, + tor_cv_have_environ_declared=no)) + if test "$tor_cv_have_func_macro" = "yes"; then AC_DEFINE(HAVE_MACRO__func__, 1, [Defined if the compiler supports __func__]) fi @@ -1548,6 +1559,11 @@ if test "$tor_cv_have_FUNCTION_macro" = "yes"; then [Defined if the compiler supports __FUNCTION__]) fi +if test "$tor_cv_have_environ_declared" = "yes"; then + AC_DEFINE(HAVE_EXTERN_ENVIRON_DECLARED, 1, + [Defined if we have extern char **environ already declared]) +fi + # $prefix stores the value of the --prefix command line option, or # NONE if the option wasn't set. In the case that it wasn't set, make # it be the default, so that we can use it to expand directories now. diff --git a/src/common/compat.c b/src/common/compat.c index 97d1faf..ebf05f5 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -2390,6 +2390,15 @@ make_path_absolute(char *fname) #endif } +#ifndef HAVE__NSGETENVIRON +#ifndef HAVE_EXTERN_ENVIRON_DECLARED +/* Some platforms declare environ under some circumstances, others don't. */ +#ifndef RUNNING_DOXYGEN +extern char **environ; +#endif +#endif +#endif + /** Return the current environment. This is a portable replacement for * 'environ'. */ char ** ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Mark 271 finished
commit 75cd8f10c7e8ec142ddc607f4e666bde1b10d816 Author: Nick MathewsonDate: Fri Dec 16 12:08:24 2016 -0500 Mark 271 finished --- proposals/000-index.txt | 16 proposals/271-another-guard-selection.txt | 3 ++- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/proposals/000-index.txt b/proposals/000-index.txt index 6828a64..6eb4e4f 100644 --- a/proposals/000-index.txt +++ b/proposals/000-index.txt @@ -179,8 +179,8 @@ Proposals by number: 256 Key revocation for relays and authorities [OPEN] 257 Refactoring authorities and making them more isolated from the net [META] 258 Denial-of-service resistance for directory authorities [ACCEPTED] -259 New Guard Selection Behaviour [DRAFT] -260 Rendezvous Single Onion Services [DRAFT] +259 New Guard Selection Behaviour [OBSOLETE] +260 Rendezvous Single Onion Services [FINISHED] 261 AEZ for relay cryptography [OPEN] 262 Re-keying live circuits with new cryptographic material [OPEN] 263 Request to change key exchange protocol for handshake v1.2 [OBSOLETE] @@ -188,10 +188,10 @@ Proposals by number: 265 Load Balancing with Overhead Parameters [ACCEPTED] 266 Removing current obsolete clients from the Tor network [DRAFT] 267 Tor Consensus Transparency [DRAFT] -268 New Guard Selection Behaviour [DRAFT] +268 New Guard Selection Behaviour [OBSOLETE] 269 Transitionally secure hybrid handshakes [DRAFT] 270 RebelAlliance: A Post-Quantum Secure Hybrid Handshake Based on NewHope [DRAFT] -271 Another algorithm for guard selection [OPEN] +271 Another algorithm for guard selection [FINISHED] 272 Listed routers should be Valid, Running, and treated as such [FINISHED] 273 Exit relay pinning for web services [DRAFT] @@ -214,11 +214,8 @@ Proposals by status: 253 Out of Band Circuit HMACs 254 Padding Negotiation 255 Controller features to allow for load-balancing hidden services - 259 New Guard Selection Behaviour - 260 Rendezvous Single Onion Services 266 Removing current obsolete clients from the Tor network 267 Tor Consensus Transparency - 268 New Guard Selection Behaviour 269 Transitionally secure hybrid handshakes 270 RebelAlliance: A Post-Quantum Secure Hybrid Handshake Based on NewHope 273 Exit relay pinning for web services [for n/a] @@ -252,7 +249,6 @@ Proposals by status: 256 Key revocation for relays and authorities 261 AEZ for relay cryptography 262 Re-keying live circuits with new cryptographic material - 271 Another algorithm for guard selection ACCEPTED: 140 Provide diffs between consensuses 172 GETINFO controller option for circuit information @@ -281,6 +277,8 @@ Proposals by status: 217 Tor Extended ORPort Authentication [for 0.2.5.x] 232 Pluggable Transport through SOCKS proxy [in 0.2.6] 235 Stop assigning (and eventually supporting) the Named flag [in 0.2.6, 0.2.7] + 260 Rendezvous Single Onion Services + 271 Another algorithm for guard selection [in 0.3.0.1-alpha] 272 Listed routers should be Valid, Running, and treated as such [in 0.2.9.3-alpha, 0.2.9.4-alpha] CLOSED: 101 Voting on the Tor Directory System [in 0.2.0.x] @@ -383,7 +381,9 @@ Proposals by status: 141 Download server descriptors on demand 144 Increase the diversity of circuits by detecting nodes belonging the same provider 199 Integration of BridgeFinder and BridgeFinderHelper + 259 New Guard Selection Behaviour 263 Request to change key exchange protocol for handshake v1.2 + 268 New Guard Selection Behaviour RESERVE: 133 Incorporate Unreachable ORs into the Tor Network 211 Internal Mapaddress for Tor Configuration Testing [for 0.2.4.x+] diff --git a/proposals/271-another-guard-selection.txt b/proposals/271-another-guard-selection.txt index 83f624d..0e39ea9 100644 --- a/proposals/271-another-guard-selection.txt +++ b/proposals/271-another-guard-selection.txt @@ -3,7 +3,8 @@ Title: Another algorithm for guard selection Author: Isis Lovecruft, George Kadianakis, Ola Bini, Nick Mathewson Created: 2016-07-11 Supersedes: 259, 268 -Status: Open +Status: Finished +Implemented-In: 0.3.0.1-alpha 0.0. Preliminaries ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix broken entrynodes/retry_unreachable test
commit 79a24750ba8b3b1efc87c5b43d91229b6478ef82 Author: Nick MathewsonDate: Fri Dec 16 11:49:07 2016 -0500 Fix broken entrynodes/retry_unreachable test I broke this with 20292ec4974b777d430e7962cc38349c5f82b220 when I changed the primary guard retry schedule. --- src/test/test_entrynodes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 0024113..6816113 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -2293,7 +2293,7 @@ test_entry_guard_retry_unreachable(void *arg) tt_int_op(g2->is_reachable, OP_EQ, GUARD_REACHABLE_NO); g1->is_reachable = GUARD_REACHABLE_NO; - g1->last_tried_to_connect = start + 35*60; + g1->last_tried_to_connect = start + 55*60; /* After 1 hour, we'll retry the nonprimary one. */ update_approx_time(start + 61 * 60); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'ticket20831_v2'
commit 990a863d7ca74c84238791607b6515813b3b5633 Merge: 988b0af 506bd6d Author: Nick MathewsonDate: Fri Dec 16 11:40:19 2016 -0500 Merge branch 'ticket20831_v2' changes/ticket20831| 6 +++ doc/tor.1.txt | 9 - src/or/config.c| 2 +- src/or/directory.c | 5 +-- src/or/entrynodes.c| 91 ++ src/or/entrynodes.h| 23 +++- src/or/or.h| 2 - src/test/test_dir.c| 14 ++- src/test/test_entrynodes.c | 70 +-- 9 files changed, 152 insertions(+), 70 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Remove UseDirectoryGuards
commit 3902a18a6976af2ceb2d6ca43266bf6154881621 Author: Nick MathewsonDate: Thu Dec 8 12:35:55 2016 -0500 Remove UseDirectoryGuards It is obsoleted in an always-on direction by prop271. --- changes/ticket20831 | 6 ++ doc/tor.1.txt | 9 - src/or/config.c | 2 +- src/or/directory.c | 5 ++--- src/or/or.h | 2 -- src/test/test_dir.c | 14 -- 6 files changed, 13 insertions(+), 25 deletions(-) diff --git a/changes/ticket20831 b/changes/ticket20831 new file mode 100644 index 000..cb4a3a3 --- /dev/null +++ b/changes/ticket20831 @@ -0,0 +1,6 @@ + o Removed features: +- The NumDirectoryGuards and UseDirectoryGuards torrc options are + no longer present: all users that use entry guards will also use + directory guards. Related to proposal 271; implements part of + ticket 20831. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 670c75d..6b59f08 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1208,15 +1208,6 @@ The following options are useful only for clients (that is, if Authorities, Single Onion Services, and Tor2web clients. In these cases, the this option is ignored. (Default: 1) -[[UseEntryGuardsAsDirGuards]] **UseEntryGuardsAsDirGuards** **0**|**1**:: -If this option is set to 1, and UseEntryGuards is also set to 1, -we try to use our entry guards as directory -guards, and failing that, pick more nodes to act as our directory guards. -This helps prevent an adversary from enumerating clients. It's only -available for clients (non-relay, non-bridge) that aren't configured to -download any non-default directory material. It doesn't currently -do anything when we lack a live consensus. (Default: 1) - [[GuardfractionFile]] **GuardfractionFile** __FILENAME__:: V3 authoritative directories only. Configures the location of the guardfraction file which contains information about how long relays diff --git a/src/or/config.c b/src/or/config.c index 2ec96d3..e45ad94 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -495,7 +495,7 @@ static config_var_t option_vars_[] = { V(UpdateBridgesFromAuthority, BOOL, "0"), V(UseBridges, BOOL, "0"), VAR("UseEntryGuards", BOOL, UseEntryGuards_option, "1"), - V(UseEntryGuardsAsDirGuards, BOOL, "1"), + OBSOLETE("UseEntryGuardsAsDirGuards"), V(UseGuardFraction,AUTOBOOL, "auto"), V(UseMicrodescriptors, AUTOBOOL, "auto"), OBSOLETE("UseNTorHandshake"), diff --git a/src/or/directory.c b/src/or/directory.c index 9c039a0..acae5de 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -442,10 +442,9 @@ should_use_directory_guards(const or_options_t *options) /* Public (non-bridge) servers never use directory guards. */ if (public_server_mode(options)) return 0; - /* If guards are disabled, or directory guards are disabled, we can't - * use directory guards. + /* If guards are disabled, we can't use directory guards. */ - if (!options->UseEntryGuards || !options->UseEntryGuardsAsDirGuards) + if (!options->UseEntryGuards) return 0; /* If we're configured to fetch directory info aggressively or of a * nonstandard type, don't use directory guards. */ diff --git a/src/or/or.h b/src/or/or.h index 04ff548..ceeaff5 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4070,8 +4070,6 @@ typedef struct { int UseEntryGuards; int NumEntryGuards; /**< How many entry guards do we try to establish? */ - int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info - * from a smallish number of fixed nodes? */ /** If 1, we use any guardfraction information we see in the * consensus. If 0, we don't. If -1, let the consensus parameter diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 4ef421f..ed58ba5 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -4354,7 +4354,6 @@ test_dir_should_use_directory_guards(void *data) tt_int_op(should_use_directory_guards(options), OP_EQ, 0); tt_int_op(CALLED(public_server_mode), OP_EQ, 1); - options->UseEntryGuardsAsDirGuards = 1; options->UseEntryGuards = 1; options->DownloadExtraInfo = 0; options->FetchDirInfoEarly = 0; @@ -4368,29 +4367,24 @@ test_dir_should_use_directory_guards(void *data) tt_int_op(CALLED(public_server_mode), OP_EQ, 3); options->UseEntryGuards = 1; - options->UseEntryGuardsAsDirGuards = 0; - tt_int_op(should_use_directory_guards(options), OP_EQ, 0); - tt_int_op(CALLED(public_server_mode), OP_EQ, 4); - options->UseEntryGuardsAsDirGuards = 1; - options->DownloadExtraInfo = 1; tt_int_op(should_use_directory_guards(options), OP_EQ, 0); - tt_int_op(CALLED(public_server_mode), OP_EQ, 5); + tt_int_op(CALLED(public_server_mode), OP_EQ, 4); options->DownloadExtraInfo = 0; options->FetchDirInfoEarly = 1;
[tor-commits] [tor/master] Make NumEntryGuards work as expected again.
commit d9200d853d5b9125ebcb47ae5a02ef0cd52f436a Author: Nick MathewsonDate: Thu Dec 8 12:59:58 2016 -0500 Make NumEntryGuards work as expected again. Further, add a "guard-n-primary-guards-to-use" parameter, defaulting to 1, for NumEntryGuards to override. --- src/or/entrynodes.c | 26 -- src/or/entrynodes.h | 6 ++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 5c64dfd..9defd11 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -471,10 +471,32 @@ get_guard_confirmed_min_lifetime(void) STATIC int get_n_primary_guards(void) { - return networkstatus_get_param(NULL, "guard-n-primary-guards", + const int n = get_options()->NumEntryGuards; + if (n > 5) { +return n + n / 2; + } else if (n > 1) { +return n * 2; + } + + return networkstatus_get_param(NULL, + "guard-n-primary-guards", DFLT_N_PRIMARY_GUARDS, 1, INT32_MAX); } /** + * Return the number of the live primary guards we should look at when + * making a circuit. + */ +STATIC int +get_n_primary_guards_to_use(void) +{ + if (get_options()->NumEntryGuards > 1) { +return get_options()->NumEntryGuards; + } + return networkstatus_get_param(NULL, + "guard-n-primary-guards-to-use", + DFLT_N_PRIMARY_GUARDS_TO_USE, 1, INT32_MAX); +} +/** * If we haven't successfully built or used a circuit in this long, then * consider that the internet is probably down. */ @@ -1795,7 +1817,7 @@ select_entry_guard_for_circuit(guard_selection_t *gs, if (!gs->primary_guards_up_to_date) entry_guards_update_primary(gs); - int num_entry_guards = 1; + int num_entry_guards = get_n_primary_guards_to_use(); smartlist_t *usable_primary_guards = smartlist_new(); /* "If any entry in PRIMARY_GUARDS has {is_reachable} status of diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 827755a..e2ae256 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -472,6 +472,11 @@ int num_bridges_usable(void); */ #define DFLT_N_PRIMARY_GUARDS 3 /** + * Of the live guards on the primary guard list, how many do we consider when + * choosing a guard to use? + */ +#define DFLT_N_PRIMARY_GUARDS_TO_USE 1 +/** * If we haven't successfully built or used a circuit in this long, then * consider that the internet is probably down. */ @@ -506,6 +511,7 @@ STATIC int get_remove_unlisted_guards_after_days(void); STATIC int get_guard_lifetime(void); STATIC int get_guard_confirmed_min_lifetime(void); STATIC int get_n_primary_guards(void); +STATIC int get_n_primary_guards_to_use(void); STATIC int get_internet_likely_down_interval(void); STATIC int get_nonprimary_guard_connect_timeout(void); STATIC int get_nonprimary_guard_idle_timeout(void); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] 271: Algorithm tweak to allow multiple entry guards.
commit deb8bcadced3c54d986c526662444a46e630621d Author: Nick MathewsonDate: Thu Dec 8 12:47:29 2016 -0500 271: Algorithm tweak to allow multiple entry guards. Previously, we had NumEntryGuards kind of hardwired to 1. Now we have the code (but not the configuarability) to choose randomly from among the first N primary guards that would work, where N defaults to 1. Part of 20831 support for making NumEntryGuards work again. --- src/or/entrynodes.c | 18 +++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index f89594b..5c64dfd 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1795,6 +1795,9 @@ select_entry_guard_for_circuit(guard_selection_t *gs, if (!gs->primary_guards_up_to_date) entry_guards_update_primary(gs); + int num_entry_guards = 1; + smartlist_t *usable_primary_guards = smartlist_new(); + /* "If any entry in PRIMARY_GUARDS has {is_reachable} status of or , return the first such guard." */ SMARTLIST_FOREACH_BEGIN(gs->primary_entry_guards, entry_guard_t *, guard) { @@ -1804,12 +1807,21 @@ select_entry_guard_for_circuit(guard_selection_t *gs, if (guard->is_reachable != GUARD_REACHABLE_NO) { *state_out = GUARD_CIRC_STATE_USABLE_ON_COMPLETION; guard->last_tried_to_connect = approx_time(); - log_info(LD_GUARD, "Selected primary guard %s for circuit.", - entry_guard_describe(guard)); - return guard; + smartlist_add(usable_primary_guards, guard); + if (smartlist_len(usable_primary_guards) >= num_entry_guards) +break; } } SMARTLIST_FOREACH_END(guard); + if (smartlist_len(usable_primary_guards)) { +entry_guard_t *guard = smartlist_choose(usable_primary_guards); +smartlist_free(usable_primary_guards); +log_info(LD_GUARD, "Selected primary guard %s for circuit.", + entry_guard_describe(guard)); +return guard; + } + smartlist_free(usable_primary_guards); + /* "Otherwise, if the ordered intersection of {CONFIRMED_GUARDS} and {USABLE_FILTERED_GUARDS} is nonempty, return the first entry in that intersection that has {is_pending} set to ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Respect GuardLifetime in prop271 code.
commit 385602e9826e79dbf0d8b51abfd925e59f275708 Author: Nick MathewsonDate: Thu Dec 8 12:42:28 2016 -0500 Respect GuardLifetime in prop271 code. It overrides both the GUARD_LIFETIME and the GUARD_CONFIRMED_MIN_LIFETIME options. --- src/or/entrynodes.c | 30 +++--- src/or/entrynodes.h | 4 ++-- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index ac5398f..f89594b 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -440,22 +440,30 @@ get_remove_unlisted_guards_after_days(void) * regardless of whether they are listed or unlisted. */ STATIC int -get_guard_lifetime_days(void) +get_guard_lifetime(void) { - return networkstatus_get_param(NULL, + if (get_options()->GuardLifetime >= 86400) +return get_options()->GuardLifetime; + int32_t days; + days = networkstatus_get_param(NULL, "guard-lifetime-days", DFLT_GUARD_LIFETIME_DAYS, 1, 365*10); + return days * 86400; } /** * We remove confirmed guards from the sample if they were sampled * GUARD_LIFETIME_DAYS ago and confirmed this many days ago. */ STATIC int -get_guard_confirmed_min_lifetime_days(void) +get_guard_confirmed_min_lifetime(void) { - return networkstatus_get_param(NULL, "guard-confirmed-min-lifetime-days", + if (get_options()->GuardLifetime >= 86400) +return get_options()->GuardLifetime; + int32_t days; + days = networkstatus_get_param(NULL, "guard-confirmed-min-lifetime-days", DFLT_GUARD_CONFIRMED_MIN_LIFETIME_DAYS, 1, 365*10); + return days * 86400; } /** * How many guards do we try to keep on our primary guard list? @@ -793,7 +801,7 @@ entry_guard_add_to_sample_impl(guard_selection_t *gs, const char *nickname, const tor_addr_port_t *bridge_addrport) { - const int GUARD_LIFETIME = get_guard_lifetime_days() * 86400; + const int GUARD_LIFETIME = get_guard_lifetime(); tor_assert(gs); // prop271 take ed25519 identity here too. @@ -1228,9 +1236,9 @@ sampled_guards_update_from_consensus(guard_selection_t *gs) const time_t remove_if_unlisted_since = approx_time() - REMOVE_UNLISTED_GUARDS_AFTER; const time_t maybe_remove_if_sampled_before = -approx_time() - (get_guard_lifetime_days() * 86400); +approx_time() - get_guard_lifetime(); const time_t remove_if_confirmed_before = -approx_time() - (get_guard_confirmed_min_lifetime_days() * 86400); +approx_time() - get_guard_confirmed_min_lifetime(); /* Then: remove the ones that have been junk for too long */ SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { @@ -1257,14 +1265,14 @@ sampled_guards_update_from_consensus(guard_selection_t *gs) log_info(LD_GUARD, "Removing sampled guard %s: it was sampled " "over %d days ago, but never confirmed.", entry_guard_describe(guard), - get_guard_lifetime_days()); + get_guard_lifetime() / 86400); } else if (guard->confirmed_on_date < remove_if_confirmed_before) { remove = 1; log_info(LD_GUARD, "Removing sampled guard %s: it was sampled " "over %d days ago, and confirmed over %d days ago.", entry_guard_describe(guard), - get_guard_lifetime_days(), - get_guard_confirmed_min_lifetime_days()); + get_guard_lifetime() / 86400, + get_guard_confirmed_min_lifetime() / 86400); } } @@ -1559,7 +1567,7 @@ make_guard_confirmed(guard_selection_t *gs, entry_guard_t *guard) if (BUG(smartlist_contains(gs->confirmed_entry_guards, guard))) return; // LCOV_EXCL_LINE - const int GUARD_LIFETIME = get_guard_lifetime_days() * 86400; + const int GUARD_LIFETIME = get_guard_lifetime(); guard->confirmed_on_date = randomize_time(approx_time(), GUARD_LIFETIME/10); log_info(LD_GUARD, "Marking %s as a confirmed guard (index %d)", diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index d7dc014..827755a 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -503,8 +503,8 @@ STATIC double get_max_sample_threshold(void); STATIC int get_max_sample_size_absolute(void); STATIC int get_min_filtered_sample_size(void); STATIC int get_remove_unlisted_guards_after_days(void); -STATIC int get_guard_lifetime_days(void); -STATIC int get_guard_confirmed_min_lifetime_days(void); +STATIC int get_guard_lifetime(void); +STATIC int get_guard_confirmed_min_lifetime(void); STATIC int get_n_primary_guards(void); STATIC int get_internet_likely_down_interval(void); STATIC int get_nonprimary_guard_connect_timeout(void); ___ tor-commits mailing list tor-commits@lists.torproject.org
[tor-commits] [translation/tails-perl5lib_completed] Update translations for tails-perl5lib_completed
commit 3265d9244954cc79553e3aabbc62474ca6dfc33c Author: Translation commit botDate: Fri Dec 16 16:46:50 2016 + Update translations for tails-perl5lib_completed --- fr.po| 13 +++-- fr_CA.po | 15 --- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/fr.po b/fr.po index 0588b5c..6676959 100644 --- a/fr.po +++ b/fr.po @@ -4,14 +4,15 @@ # # Translators: # Bronner Matthieu , 2016 -# Phil Beau , 2016 +# French language coordinator , 2016 +# phil beau , 2016 msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" -"POT-Creation-Date: 2016-06-05 19:40+0200\n" -"PO-Revision-Date: 2016-07-12 07:56+\n" -"Last-Translator: Phil Beau \n" +"POT-Creation-Date: 2016-09-20 15:58+0200\n" +"PO-Revision-Date: 2016-12-16 16:36+\n" +"Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -27,10 +28,10 @@ msgstr "Erreur" msgid "" "The device Tails is running from cannot be found. Maybe you used the `toram'" " option?" -msgstr "Le périphérique depuis lequel Tails est exécuté nâa pas été trouvé. Peut-être avez-vous utilisé lâoption âtoramâ ?" +msgstr "Le périphérique à partir duquel Tails fonctionne est introuvable. Auriez-vous utilisé lâoption « toram » ?" #: ../lib/Tails/RunningSystem.pm:192 msgid "" "The drive Tails is running from cannot be found. Maybe you used the `toram' " "option?" -msgstr "Le périphérique depuis lequel Tails est exécuté nâa pas été trouvé. Peut-être avez-vous utilisé lâoption 'toram' ?" +msgstr "Le lecteur à partir duquel Tails fonctionne est introuvable. Auriez-vous utilisé lâoption « toram » ?" diff --git a/fr_CA.po b/fr_CA.po index c5c2108..763d2a7 100644 --- a/fr_CA.po +++ b/fr_CA.po @@ -3,15 +3,16 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: -# Trans-fr, 2016 -# Trans-fr, 2014 +# French language coordinator , 2016 +# French language coordinator , 2016 +# French language coordinator , 2014 msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" -"POT-Creation-Date: 2016-01-25 16:59+0100\n" -"PO-Revision-Date: 2016-03-21 16:27+\n" -"Last-Translator: Trans-fr\n" +"POT-Creation-Date: 2016-09-20 15:58+0200\n" +"PO-Revision-Date: 2016-12-16 16:35+\n" +"Last-Translator: French language coordinator \n" "Language-Team: French (Canada) (http://www.transifex.com/otf/torproject/language/fr_CA/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -27,10 +28,10 @@ msgstr "Erreur" msgid "" "The device Tails is running from cannot be found. Maybe you used the `toram'" " option?" -msgstr "Le périphérique depuis lequel Tails tourne ne peut être trouvé. Peut-être avez-vous utilisé lâoption « toram »?" +msgstr "Le périphérique à partir duquel Tails fonctionne est introuvable. Auriez-vous utilisé lâoption « toram »?" #: ../lib/Tails/RunningSystem.pm:192 msgid "" "The drive Tails is running from cannot be found. Maybe you used the `toram' " "option?" -msgstr "Le lecteur à partir duquel Tails fonctionne est introuvable. Peut-être avez-vous utilisé l'option « toram »?" +msgstr "Le lecteur à partir duquel Tails fonctionne est introuvable. Auriez-vous utilisé lâoption « toram »?" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-perl5lib] Update translations for tails-perl5lib
commit 1331ba9afbac7c5bf246aa3334dc3c94d0281920 Author: Translation commit botDate: Fri Dec 16 16:46:46 2016 + Update translations for tails-perl5lib --- fr.po| 13 +++-- fr_CA.po | 15 --- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/fr.po b/fr.po index 0588b5c..6676959 100644 --- a/fr.po +++ b/fr.po @@ -4,14 +4,15 @@ # # Translators: # Bronner Matthieu , 2016 -# Phil Beau , 2016 +# French language coordinator , 2016 +# phil beau , 2016 msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" -"POT-Creation-Date: 2016-06-05 19:40+0200\n" -"PO-Revision-Date: 2016-07-12 07:56+\n" -"Last-Translator: Phil Beau \n" +"POT-Creation-Date: 2016-09-20 15:58+0200\n" +"PO-Revision-Date: 2016-12-16 16:36+\n" +"Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -27,10 +28,10 @@ msgstr "Erreur" msgid "" "The device Tails is running from cannot be found. Maybe you used the `toram'" " option?" -msgstr "Le périphérique depuis lequel Tails est exécuté nâa pas été trouvé. Peut-être avez-vous utilisé lâoption âtoramâ ?" +msgstr "Le périphérique à partir duquel Tails fonctionne est introuvable. Auriez-vous utilisé lâoption « toram » ?" #: ../lib/Tails/RunningSystem.pm:192 msgid "" "The drive Tails is running from cannot be found. Maybe you used the `toram' " "option?" -msgstr "Le périphérique depuis lequel Tails est exécuté nâa pas été trouvé. Peut-être avez-vous utilisé lâoption 'toram' ?" +msgstr "Le lecteur à partir duquel Tails fonctionne est introuvable. Auriez-vous utilisé lâoption « toram » ?" diff --git a/fr_CA.po b/fr_CA.po index c5c2108..763d2a7 100644 --- a/fr_CA.po +++ b/fr_CA.po @@ -3,15 +3,16 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: -# Trans-fr, 2016 -# Trans-fr, 2014 +# French language coordinator , 2016 +# French language coordinator , 2016 +# French language coordinator , 2014 msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" -"POT-Creation-Date: 2016-01-25 16:59+0100\n" -"PO-Revision-Date: 2016-03-21 16:27+\n" -"Last-Translator: Trans-fr\n" +"POT-Creation-Date: 2016-09-20 15:58+0200\n" +"PO-Revision-Date: 2016-12-16 16:35+\n" +"Last-Translator: French language coordinator \n" "Language-Team: French (Canada) (http://www.transifex.com/otf/torproject/language/fr_CA/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -27,10 +28,10 @@ msgstr "Erreur" msgid "" "The device Tails is running from cannot be found. Maybe you used the `toram'" " option?" -msgstr "Le périphérique depuis lequel Tails tourne ne peut être trouvé. Peut-être avez-vous utilisé lâoption « toram »?" +msgstr "Le périphérique à partir duquel Tails fonctionne est introuvable. Auriez-vous utilisé lâoption « toram »?" #: ../lib/Tails/RunningSystem.pm:192 msgid "" "The drive Tails is running from cannot be found. Maybe you used the `toram' " "option?" -msgstr "Le lecteur à partir duquel Tails fonctionne est introuvable. Peut-être avez-vous utilisé l'option « toram »?" +msgstr "Le lecteur à partir duquel Tails fonctionne est introuvable. Auriez-vous utilisé lâoption « toram »?" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-iuk] Update translations for tails-iuk
commit a72fc128d389b71789d61b8a7062667a3b591582 Author: Translation commit botDate: Fri Dec 16 16:46:39 2016 + Update translations for tails-iuk --- fr.po| 52 ++-- fr_CA.po | 38 +++--- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/fr.po b/fr.po index 621b53f..6bf4a31 100644 --- a/fr.po +++ b/fr.po @@ -22,7 +22,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2016-05-25 16:55+0200\n" -"PO-Revision-Date: 2016-12-16 16:16+\n" +"PO-Revision-Date: 2016-12-16 16:33+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" @@ -89,7 +89,7 @@ msgstr "Cette version de Tails est obsolète et peut poser des problèmes de sé msgid "" "The available incremental upgrade requires %{space_needed}s of free space on" " Tails system partition, but only %{free_space}s is available." -msgstr "La mise à niveau incrémentale proposée exige %{space_needed}s d'espace libre sur la partition système de Tails, mais il n'y a que %{free_space}s." +msgstr "La mise à niveau incrémentale proposée exige %{space_needed}s d'espace libre sur la partition système de Tails, mais il n'y en a que %{free_space}s." #: ../lib/Tails/IUK/Frontend.pm:335 #, perl-brace-format @@ -102,11 +102,11 @@ msgstr "La mise à niveau incrémentale proposée exige %{memory_needed}s de mé msgid "" "An incremental upgrade is available, but no full upgrade is.\n" "This should not happen. Please report a bug." -msgstr "Une mise à niveau incrémentale est proposée, mais aucune mise à niveau complète.\nCela ne devrait pas arriver. Veuillez signaler un bogue." +msgstr "Une mise à niveau incrémentale est proposée, mais aucune mise à niveau complète ne l'est.\nCela ne devrait pas arriver. Veuillez signaler un bogue." #: ../lib/Tails/IUK/Frontend.pm:361 msgid "Error while detecting available upgrades" -msgstr "Erreur lors de la vérification des mises à jour disponibles" +msgstr "Erreur de vérification des mises à niveau proposées" #: ../lib/Tails/IUK/Frontend.pm:371 #, perl-brace-format @@ -122,19 +122,19 @@ msgid "" "Download size: %{size}s\n" "\n" "Do you want to upgrade now?" -msgstr "Vous devriez mettre à niveau vers %{name}s %{version}s.\n\nPour plus d'informations sur cette nouvelle version, allez sur %{details_url}s.\n\nIl est recommandé de fermer toutes les applications ouvertes pendant la mise à niveau. Le téléchargement de la mise à niveau pourrait prendre un long moment, de plusieurs minutes à quelques heures. Le réseau sera mis hors service après le téléchargement de la mise à niveau. \n\nTaille du téléchargement : %{size}s\n\nVoulez-vous mettre à niveau maintenant ?" +msgstr "Vous devriez mettre à niveau vers %{name}s %{version}s.\n\nPour plus d'informations sur cette nouvelle version, visitez %{details_url}s\n\nIl est recommandé de fermer toutes les applications pendant la mise à niveau.\nLe téléchargement de la mise à niveau peut être long, de plusieurs minutes à quelques heures.\nLe réseau sera désactivé après le téléchargement de la mise à niveau.\n\nTaille du téléchargement : %{size}s\n\nVoulez-vous mettre à niveau maintenant ?" #: ../lib/Tails/IUK/Frontend.pm:386 msgid "Upgrade available" -msgstr "Mise à jour disponible" +msgstr "Un mise à niveau est proposée" #: ../lib/Tails/IUK/Frontend.pm:387 msgid "Upgrade now" -msgstr "Mettre à jour maintenant" +msgstr "Mettre à niveau maintenant" #: ../lib/Tails/IUK/Frontend.pm:388 msgid "Upgrade later" -msgstr "Mettre à jour plus tard" +msgstr "Mettre à niveau plus tard" #: ../lib/Tails/IUK/Frontend.pm:396 #, perl-brace-format @@ -146,15 +146,15 @@ msgid "" "It is not possible to automatically upgrade your device to this new version: %{explanation}s.\n" "\n" "To learn how to do a manual upgrade, go to https://tails.boum.org/doc/first_steps/upgrade/#manual; -msgstr "Vous devriez mettre à niveau manuellement vers %{name}s %{version}s.\n\nPour plus d'informations sur cette nouvelle version, aller sur %{details_url}s.\n\nIl n'est pas possible de mettre automatiquement à niveau votre appareil vers cette nouvelle version : %{explanation}s.\n\nPour apprendre comment faire une mise à niveau manuelle, aller à https://tails.boum.org/doc/first_steps/upgrade/#manual; +msgstr "Vous devriez mettre à niveau manuellement vers %{name}s %{version}s.\n\nPour plus d'informations sur cette nouvelle version, visitez %{details_url}s.\n\nIl n'est pas possible de mettre à niveau votre appareil automatiquement vers cette nouvelle version : %{explanation}s.\n\nPour apprendre à faire une mise à niveau manuelle, visitez
[tor-commits] [translation/tails-iuk_completed] Update translations for tails-iuk_completed
commit 55a6f9bb511f80237a60b5c7fe63bf20a0c7c2f1 Author: Translation commit botDate: Fri Dec 16 16:46:43 2016 + Update translations for tails-iuk_completed --- fr.po| 52 ++-- fr_CA.po | 36 ++-- 2 files changed, 44 insertions(+), 44 deletions(-) diff --git a/fr.po b/fr.po index 621b53f..6bf4a31 100644 --- a/fr.po +++ b/fr.po @@ -22,7 +22,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2016-05-25 16:55+0200\n" -"PO-Revision-Date: 2016-12-16 16:16+\n" +"PO-Revision-Date: 2016-12-16 16:33+\n" "Last-Translator: French language coordinator \n" "Language-Team: French (http://www.transifex.com/otf/torproject/language/fr/)\n" "MIME-Version: 1.0\n" @@ -89,7 +89,7 @@ msgstr "Cette version de Tails est obsolète et peut poser des problèmes de sé msgid "" "The available incremental upgrade requires %{space_needed}s of free space on" " Tails system partition, but only %{free_space}s is available." -msgstr "La mise à niveau incrémentale proposée exige %{space_needed}s d'espace libre sur la partition système de Tails, mais il n'y a que %{free_space}s." +msgstr "La mise à niveau incrémentale proposée exige %{space_needed}s d'espace libre sur la partition système de Tails, mais il n'y en a que %{free_space}s." #: ../lib/Tails/IUK/Frontend.pm:335 #, perl-brace-format @@ -102,11 +102,11 @@ msgstr "La mise à niveau incrémentale proposée exige %{memory_needed}s de mé msgid "" "An incremental upgrade is available, but no full upgrade is.\n" "This should not happen. Please report a bug." -msgstr "Une mise à niveau incrémentale est proposée, mais aucune mise à niveau complète.\nCela ne devrait pas arriver. Veuillez signaler un bogue." +msgstr "Une mise à niveau incrémentale est proposée, mais aucune mise à niveau complète ne l'est.\nCela ne devrait pas arriver. Veuillez signaler un bogue." #: ../lib/Tails/IUK/Frontend.pm:361 msgid "Error while detecting available upgrades" -msgstr "Erreur lors de la vérification des mises à jour disponibles" +msgstr "Erreur de vérification des mises à niveau proposées" #: ../lib/Tails/IUK/Frontend.pm:371 #, perl-brace-format @@ -122,19 +122,19 @@ msgid "" "Download size: %{size}s\n" "\n" "Do you want to upgrade now?" -msgstr "Vous devriez mettre à niveau vers %{name}s %{version}s.\n\nPour plus d'informations sur cette nouvelle version, allez sur %{details_url}s.\n\nIl est recommandé de fermer toutes les applications ouvertes pendant la mise à niveau. Le téléchargement de la mise à niveau pourrait prendre un long moment, de plusieurs minutes à quelques heures. Le réseau sera mis hors service après le téléchargement de la mise à niveau. \n\nTaille du téléchargement : %{size}s\n\nVoulez-vous mettre à niveau maintenant ?" +msgstr "Vous devriez mettre à niveau vers %{name}s %{version}s.\n\nPour plus d'informations sur cette nouvelle version, visitez %{details_url}s\n\nIl est recommandé de fermer toutes les applications pendant la mise à niveau.\nLe téléchargement de la mise à niveau peut être long, de plusieurs minutes à quelques heures.\nLe réseau sera désactivé après le téléchargement de la mise à niveau.\n\nTaille du téléchargement : %{size}s\n\nVoulez-vous mettre à niveau maintenant ?" #: ../lib/Tails/IUK/Frontend.pm:386 msgid "Upgrade available" -msgstr "Mise à jour disponible" +msgstr "Un mise à niveau est proposée" #: ../lib/Tails/IUK/Frontend.pm:387 msgid "Upgrade now" -msgstr "Mettre à jour maintenant" +msgstr "Mettre à niveau maintenant" #: ../lib/Tails/IUK/Frontend.pm:388 msgid "Upgrade later" -msgstr "Mettre à jour plus tard" +msgstr "Mettre à niveau plus tard" #: ../lib/Tails/IUK/Frontend.pm:396 #, perl-brace-format @@ -146,15 +146,15 @@ msgid "" "It is not possible to automatically upgrade your device to this new version: %{explanation}s.\n" "\n" "To learn how to do a manual upgrade, go to https://tails.boum.org/doc/first_steps/upgrade/#manual; -msgstr "Vous devriez mettre à niveau manuellement vers %{name}s %{version}s.\n\nPour plus d'informations sur cette nouvelle version, aller sur %{details_url}s.\n\nIl n'est pas possible de mettre automatiquement à niveau votre appareil vers cette nouvelle version : %{explanation}s.\n\nPour apprendre comment faire une mise à niveau manuelle, aller à https://tails.boum.org/doc/first_steps/upgrade/#manual; +msgstr "Vous devriez mettre à niveau manuellement vers %{name}s %{version}s.\n\nPour plus d'informations sur cette nouvelle version, visitez %{details_url}s.\n\nIl n'est pas possible de mettre à niveau votre appareil automatiquement vers cette nouvelle version : %{explanation}s.\n\nPour apprendre à faire une mise à niveau manuelle, visitez
[tor-commits] [tor/master] Disable the legacy guard algorithm. Code isn't removed yet.
commit c52c47ae6f0da5a94b0605fd84fd469a29db962c Author: Nick MathewsonDate: Fri Dec 16 11:42:34 2016 -0500 Disable the legacy guard algorithm. Code isn't removed yet. (Keeping the code around in case I broke Tor in some unexpected way.) --- src/or/entrynodes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index c215c10..db84d59 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -31,7 +31,7 @@ typedef struct entry_guard_restriction_t entry_guard_restriction_t; /* Prop271 undefine this in order to disable all legacy guard functions. */ -#define ENABLE_LEGACY_GUARD_ALGORITHM +// #define ENABLE_LEGACY_GUARD_ALGORITHM /* Information about a guard's pathbias status. * These fields are used in circpathbias.c to try to detect entry ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'ticket20826_v2'
commit 988b0afbd6bbb97e3ca796a608a4087888f162aa Merge: 4ec9751 e044b4f Author: Nick MathewsonDate: Fri Dec 16 11:29:02 2016 -0500 Merge branch 'ticket20826_v2' src/or/entrynodes.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Support restrictive ENTRYNODES configurations correctly.
commit e044b4f8ce8ba009ed11b662f46d254b52a2791c Author: Nick MathewsonDate: Thu Dec 8 12:19:40 2016 -0500 Support restrictive ENTRYNODES configurations correctly. Since we already had a separate function for getting the universe of possible guards, all we had to do was tweak it to handle very the GS_TYPE_RESTRICTED case. --- src/or/entrynodes.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index ac5398f..ad4f99c 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -965,7 +965,8 @@ get_max_sample_size(guard_selection_t *gs, * that were already sampled. */ static smartlist_t * -get_eligible_guards(guard_selection_t *gs, +get_eligible_guards(const or_options_t *options, +guard_selection_t *gs, int *n_guards_out) { /* Construct eligible_guards as GUARDS - SAMPLED_GUARDS */ @@ -995,6 +996,14 @@ get_eligible_guards(guard_selection_t *gs, SMARTLIST_FOREACH_BEGIN(nodes, const node_t *, node) { if (! node_is_possible_guard(node)) continue; + if (gs->type == GS_TYPE_RESTRICTED) { +/* In restricted mode, we apply the filter BEFORE sampling, so + * that we are sampling from the nodes that we might actually + * select. If we sampled first, we might wind up with a sample + * that didn't include any EntryNodes at all. */ +if (! node_passes_guard_filter(options, node)) + continue; + } ++n_guards; if (digestset_contains(sampled_guard_ids, node->identity)) continue; @@ -1046,11 +1055,12 @@ STATIC entry_guard_t * entry_guards_expand_sample(guard_selection_t *gs) { tor_assert(gs); + const or_options_t *options = get_options(); int n_sampled = smartlist_len(gs->sampled_entry_guards); entry_guard_t *added_guard = NULL; int n_usable_filtered_guards = num_reachable_filtered_guards(gs, NULL); int n_guards = 0; - smartlist_t *eligible_guards = get_eligible_guards(gs, _guards); + smartlist_t *eligible_guards = get_eligible_guards(options, gs, _guards); const int max_sample = get_max_sample_size(gs, n_guards); const int min_filtered_sample = get_min_filtered_sample_size(); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make NumDirectoryGuards work with the new guard algorithm.
commit 506bd6d47c9c003a94eae7132e83b682a53f0bc9 Author: Nick MathewsonDate: Mon Dec 12 10:32:25 2016 -0500 Make NumDirectoryGuards work with the new guard algorithm. Now that we support NumEntryGuards, NumDirectoryGuards is pretty easy to put back in. --- src/or/entrynodes.c| 39 ++ src/or/entrynodes.h| 15 +- src/test/test_entrynodes.c | 70 -- 3 files changed, 85 insertions(+), 39 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 9defd11..9416298 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -472,10 +472,11 @@ STATIC int get_n_primary_guards(void) { const int n = get_options()->NumEntryGuards; + const int n_dir = get_options()->NumDirectoryGuards; if (n > 5) { -return n + n / 2; - } else if (n > 1) { -return n * 2; +return MAX(n_dir, n + n / 2); + } else if (n >= 1) { +return MAX(n_dir, n * 2); } return networkstatus_get_param(NULL, @@ -487,14 +488,25 @@ get_n_primary_guards(void) * making a circuit. */ STATIC int -get_n_primary_guards_to_use(void) -{ - if (get_options()->NumEntryGuards > 1) { -return get_options()->NumEntryGuards; +get_n_primary_guards_to_use(guard_usage_t usage) +{ + int configured; + const char *param_name; + int param_default; + if (usage == GUARD_USAGE_DIRGUARD) { +configured = get_options()->NumDirectoryGuards; +param_name = "guard-n-primary-dir-guards-to-use"; +param_default = DFLT_N_PRIMARY_DIR_GUARDS_TO_USE; + } else { +configured = get_options()->NumEntryGuards; +param_name = "guard-n-primary-guards-to-use"; +param_default = DFLT_N_PRIMARY_GUARDS_TO_USE; + } + if (configured >= 1) { +return configured; } return networkstatus_get_param(NULL, - "guard-n-primary-guards-to-use", - DFLT_N_PRIMARY_GUARDS_TO_USE, 1, INT32_MAX); + param_name, param_default, 1, INT32_MAX); } /** * If we haven't successfully built or used a circuit in this long, then @@ -1807,6 +1819,7 @@ entry_guards_note_internet_connectivity(guard_selection_t *gs) */ STATIC entry_guard_t * select_entry_guard_for_circuit(guard_selection_t *gs, + guard_usage_t usage, const entry_guard_restriction_t *rst, unsigned *state_out) { @@ -1817,7 +1830,7 @@ select_entry_guard_for_circuit(guard_selection_t *gs, if (!gs->primary_guards_up_to_date) entry_guards_update_primary(gs); - int num_entry_guards = get_n_primary_guards_to_use(); + int num_entry_guards = get_n_primary_guards_to_use(usage); smartlist_t *usable_primary_guards = smartlist_new(); /* "If any entry in PRIMARY_GUARDS has {is_reachable} status of @@ -2080,6 +2093,7 @@ circuit_guard_state_free(circuit_guard_state_t *state) */ int entry_guard_pick_for_circuit(guard_selection_t *gs, + guard_usage_t usage, entry_guard_restriction_t *rst, const node_t **chosen_node_out, circuit_guard_state_t **guard_state_out) @@ -2091,7 +2105,8 @@ entry_guard_pick_for_circuit(guard_selection_t *gs, *guard_state_out = NULL; unsigned state = 0; - entry_guard_t *guard = select_entry_guard_for_circuit(gs, rst, ); + entry_guard_t *guard = +select_entry_guard_for_circuit(gs, usage, rst, ); if (! guard) goto fail; if (BUG(state == 0)) @@ -4986,6 +5001,7 @@ guards_choose_guard(cpath_build_state_t *state, memcpy(rst->exclude_id, exit_id, DIGEST_LEN); } if (entry_guard_pick_for_circuit(get_guard_selection_info(), + GUARD_USAGE_TRAFFIC, rst, , guard_state_out) < 0) { @@ -5018,6 +5034,7 @@ guards_choose_dirguard(dirinfo_type_t info, * microdescriptors. -NM */ const node_t *r = NULL; if (entry_guard_pick_for_circuit(get_guard_selection_info(), + GUARD_USAGE_DIRGUARD, NULL, , guard_state_out) < 0) { diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index e2ae256..c215c10 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -397,8 +397,16 @@ const char *entry_guard_get_rsa_id_digest(const entry_guard_t *guard); const char *entry_guard_describe(const entry_guard_t *guard); guard_pathbias_t *entry_guard_get_pathbias_state(entry_guard_t *guard); +/** Enum to specify how we're going to use a given guard, when we're picking + * one for immediate use. */ +typedef enum { + GUARD_USAGE_TRAFFIC = 0, + GUARD_USAGE_DIRGUARD = 1 +} guard_usage_t;
[tor-commits] [tor/master] fixup! Remove UseDirectoryGuards
commit a752ccd24f78838c7c1b6e245d09485459d28942 Author: Nick MathewsonDate: Fri Dec 16 11:34:22 2016 -0500 fixup! Remove UseDirectoryGuards --- changes/ticket20831 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changes/ticket20831 b/changes/ticket20831 index cb4a3a3..c5be243 100644 --- a/changes/ticket20831 +++ b/changes/ticket20831 @@ -1,5 +1,5 @@ o Removed features: -- The NumDirectoryGuards and UseDirectoryGuards torrc options are +- The UseDirectoryGuards torrc options is no longer present: all users that use entry guards will also use directory guards. Related to proposal 271; implements part of ticket 20831. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make new prop271 entry guards persistent
commit 858c8f5593e573cdf36c360141cf6e96d91d6474 Author: Nick MathewsonDate: Tue Nov 22 14:22:54 2016 -0500 Make new prop271 entry guards persistent To do this, it makes sense to treat legacy guards as a separate guard_selection_t *, and handle them separately. This also means we add support here for having multiple guard selections. Note that we don't persist pathbias information yet; that will take some refactoring. --- src/or/entrynodes.c| 186 - src/or/entrynodes.h| 14 +++- src/or/or.h| 5 +- src/or/statefile.c | 2 + src/test/test_entrynodes.c | 50 5 files changed, 218 insertions(+), 39 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index eca88a9..4e32154 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -179,14 +179,16 @@ should_apply_guardfraction(const networkstatus_t *ns) return options->UseGuardFraction; } -/** Allocate and return a new guard_selection_t */ - +/** + * Allocate and return a new guard_selection_t, with the name name. + */ STATIC guard_selection_t * -guard_selection_new(void) +guard_selection_new(const char *name) { guard_selection_t *gs; gs = tor_malloc_zero(sizeof(*gs)); + gs->name = tor_strdup(name); gs->chosen_entry_guards = smartlist_new(); gs->sampled_entry_guards = smartlist_new(); gs->confirmed_entry_guards = smartlist_new(); @@ -195,6 +197,37 @@ guard_selection_new(void) return gs; } +/** + * Return the guard selection called name. If there is none, and + * create_if_absent is true, then create and return it. If there + * is none, and create_if_absent is false, then return NULL. + */ +static guard_selection_t * +get_guard_selection_by_name(const char *name, int create_if_absent) +{ + if (!guard_contexts) { +guard_contexts = smartlist_new(); + } + SMARTLIST_FOREACH_BEGIN(guard_contexts, guard_selection_t *, gs) { +if (!strcmp(gs->name, name)) + return gs; + } SMARTLIST_FOREACH_END(gs); + + if (! create_if_absent) +return NULL; + + guard_selection_t *new_selection = guard_selection_new(name); + smartlist_add(guard_contexts, new_selection); + + const char *default_name = get_options()->UseDeprecatedGuardAlgorithm ? +"legacy" : "default"; + + if (!strcmp(name, default_name)) +curr_guard_context = new_selection; + + return new_selection; +} + /** Get current default guard_selection_t, creating it if necessary */ guard_selection_t * get_guard_selection_info(void) @@ -204,7 +237,9 @@ get_guard_selection_info(void) } if (!curr_guard_context) { -curr_guard_context = guard_selection_new(); +const char *name = get_options()->UseDeprecatedGuardAlgorithm ? + "legacy" : "default"; +curr_guard_context = guard_selection_new(name); smartlist_add(guard_contexts, curr_guard_context); } @@ -355,6 +390,7 @@ entry_guard_add_to_sample(guard_selection_t *gs, entry_guard_t *guard = tor_malloc_zero(sizeof(entry_guard_t)); /* persistent fields */ + guard->selection_name = tor_strdup(gs->name); memcpy(guard->identity, node->identity, DIGEST_LEN); strlcpy(guard->nickname, node_get_nickname(node), sizeof(guard->nickname)); guard->sampled_on_date = randomize_time(approx_time(), GUARD_LIFETIME/10); @@ -691,8 +727,9 @@ entry_guard_passes_filter(const or_options_t *options, guard_selection_t *gs, return 0; const node_t *node = node_get_by_id(guard->identity); - if (BUG(node == NULL)) { -// should be impossible, since currently_listed was true. + if (node == NULL) { +// This can happen when currently_listed is true, and we're not updating +// it because we don't have a live consensus. return 0; } @@ -1627,6 +1664,7 @@ entry_guard_encode_for_state(entry_guard_t *guard) tor_assert(guard); + smartlist_add_asprintf(result, "in=%s", guard->selection_name); smartlist_add_asprintf(result, "rsa_id=%s", hex_str(guard->identity, DIGEST_LEN)); if (strlen(guard->nickname)) { @@ -1678,6 +1716,7 @@ entry_guard_parse_from_state(const char *s) smartlist_t *extra = smartlist_new(); /* These fields get parsed from the string. */ + char *in = NULL; char *rsa_id = NULL; char *nickname = NULL; char *sampled_on = NULL; @@ -1693,6 +1732,7 @@ entry_guard_parse_from_state(const char *s) smartlist_t *entries = smartlist_new(); strmap_t *vals = strmap_new(); // Maps keyword to location +strmap_set(vals, "in", ); strmap_set(vals, "rsa_id", _id); strmap_set(vals, "nickname", ); strmap_set(vals, "sampled_on", _on); @@ -1731,6 +1771,14 @@ entry_guard_parse_from_state(const char *s) entry_guard_t *guard = tor_malloc_zero(sizeof(entry_guard_t)); + if (in == NULL) { +log_warn(LD_CIRC, "Guard missing 'in' field"); +goto err; + } + + guard->selection_name = in; + in = NULL; + if
[tor-commits] [tor/master] Fix remaining case of circpathbias inspecting entryguard internals
commit 62477906e9b5a378bcdd7b4588253ee422ccbb9f Author: Nick MathewsonDate: Mon Nov 14 12:48:18 2016 -0500 Fix remaining case of circpathbias inspecting entryguard internals --- src/or/circpathbias.c | 2 +- src/or/entrynodes.c | 7 +++ src/or/entrynodes.h | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/or/circpathbias.c b/src/or/circpathbias.c index a2e1641..7a9af82 100644 --- a/src/or/circpathbias.c +++ b/src/or/circpathbias.c @@ -1175,7 +1175,7 @@ pathbias_count_circs_in_states(entry_guard_t *guard, if (ocirc->path_state >= from && ocirc->path_state <= to && pathbias_should_count(ocirc) && -fast_memeq(guard->identity, +fast_memeq(entry_guard_get_rsa_id_digest(guard), ocirc->cpath->extend_info->identity_digest, DIGEST_LEN)) { log_debug(LD_CIRC, "Found opened circuit %d in path_state %s", diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 32d198a..1324e31 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -177,6 +177,13 @@ entry_guard_describe(const entry_guard_t *guard) return buf; } +/** Return guard's 20-byte RSA identity digest */ +const char * +entry_guard_get_rsa_id_digest(const entry_guard_t *guard) +{ + return guard->identity; +} + /** Check whether the entry guard e is usable, given the directory * authorities' opinion about the router (stored in ri) and the user's * configuration (in options). Set e->bad_since diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 97ae3ac..ba8cd9f 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -104,6 +104,7 @@ int num_live_entry_guards(int for_directory); const node_t *entry_guard_find_node(const entry_guard_t *guard); void entry_guard_mark_bad(entry_guard_t *guard); +const char *entry_guard_get_rsa_id_digest(const entry_guard_t *guard); const char *entry_guard_describe(const entry_guard_t *guard); #ifdef ENTRYNODES_PRIVATE ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Expire circuits that have been WAITING_FOR_BETTER_GUARD too long
commit 2ea5aa71823f385e36f20e643a20996dcb164464 Author: Nick MathewsonDate: Fri Nov 25 12:53:00 2016 -0500 Expire circuits that have been WAITING_FOR_BETTER_GUARD too long (This is required by 3.9 in prop271, but is better done as a separate function IMO) --- src/or/circuitlist.c | 12 +++- src/or/circuitlist.h | 1 + src/or/circuituse.c | 19 +++ src/or/circuituse.h | 1 + src/or/entrynodes.c | 18 +++--- src/or/entrynodes.h | 1 + src/or/main.c| 1 + 7 files changed, 49 insertions(+), 4 deletions(-) diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 9d7a5d7..0afe2f8 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -553,7 +553,7 @@ circuit_close_all_marked(void) smartlist_clear(circuits_pending_close); } -/** Return the head of the global linked list of circuits. */ +/** Return a pointer to the global list of circuits. */ MOCK_IMPL(smartlist_t *, circuit_get_global_list,(void)) { @@ -562,6 +562,16 @@ circuit_get_global_list,(void)) return global_circuitlist; } +/** */ +/** Return a pointer to the global list of origin circuits. */ +smartlist_t * +circuit_get_global_origin_circuit_list(void) +{ + if (NULL == global_origin_circuit_list) +global_origin_circuit_list = smartlist_new(); + return global_circuitlist; +} + /** Function to make circ-\>state human-readable */ const char * circuit_state_to_string(int state) diff --git a/src/or/circuitlist.h b/src/or/circuitlist.h index 73039cc..e2102a1 100644 --- a/src/or/circuitlist.h +++ b/src/or/circuitlist.h @@ -15,6 +15,7 @@ #include "testsupport.h" MOCK_DECL(smartlist_t *, circuit_get_global_list, (void)); +smartlist_t *circuit_get_global_origin_circuit_list(void); const char *circuit_state_to_string(int state); const char *circuit_purpose_to_controller_string(uint8_t purpose); const char *circuit_purpose_to_controller_hs_state_string(uint8_t purpose); diff --git a/src/or/circuituse.c b/src/or/circuituse.c index b9f94fb..b925729 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -800,6 +800,25 @@ circuit_expire_building(void) } SMARTLIST_FOREACH_END(victim); } +/** + * Mark for close all circuits that start here, that were built through a + * guard we weren't sure if we wanted to use, and that have been waiting + * around for way too long. + */ +void +circuit_expire_waiting_for_better_guard(void) +{ + SMARTLIST_FOREACH_BEGIN(circuit_get_global_origin_circuit_list(), + origin_circuit_t *, circ) { +if (TO_CIRCUIT(circ)->marked_for_close) + continue; +if (circ->guard_state == NULL) + continue; +if (entry_guard_state_should_expire(circ->guard_state)) + circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NONE); + } SMARTLIST_FOREACH_END(circ); +} + /** For debugging #8387: track when we last called * circuit_expire_old_circuits_clientside. */ static time_t last_expired_clientside_circuits = 0; diff --git a/src/or/circuituse.h b/src/or/circuituse.h index 5973978..110bdda 100644 --- a/src/or/circuituse.h +++ b/src/or/circuituse.h @@ -13,6 +13,7 @@ #define TOR_CIRCUITUSE_H void circuit_expire_building(void); +void circuit_expire_waiting_for_better_guard(void); void circuit_remove_handled_ports(smartlist_t *needed_ports); int circuit_stream_is_being_handled(entry_connection_t *conn, uint16_t port, int min); diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 951ce15..1c9349e 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1605,9 +1605,6 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, "circuit had higher priority, so not upgrading.", n_complete, n_waiting); - /* prop271 implement: "(Time them out after a - {NONPRIMARY_GUARD_IDLE_TIMEOUT} seconds.)" - */ return 0; } } @@ -1672,6 +1669,21 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, } /** + * Return true iff the circuit whose state is guard_state should + * expire. + */ +int +entry_guard_state_should_expire(circuit_guard_state_t *guard_state) +{ + if (guard_state == NULL) +return 0; + const time_t expire_if_waiting_since = +approx_time() - NONPRIMARY_GUARD_IDLE_TIMEOUT; + return (guard_state->state == GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD + && guard_state->state_set_at < expire_if_waiting_since); +} + +/** * Update all derived pieces of the guard selection state in gs. * Return true iff we should stop using all previously generated circuits. */ diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index ec24011..648e599 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -337,6 +337,7 @@ int entry_guards_update_all(guard_selection_t *gs); int entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, const smartlist_t
[tor-commits] [tor/master] Avoid division-by-zero in pathbias_check_*_success_count
commit 526b0e2ce2c5d31c70eb3e48eda59b34e9eb681d Author: Nick MathewsonDate: Wed Nov 23 13:05:22 2016 -0500 Avoid division-by-zero in pathbias_check_*_success_count --- src/or/entrynodes.c | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index bd30078..860be9b 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -3402,10 +3402,13 @@ static void pathbias_check_use_success_count(entry_guard_t *node) { const or_options_t *options = get_options(); + const double EPSILON = 1.0e-9; + /* Note: We rely on the < comparison here to allow us to set a 0 * rate and disable the feature entirely. If refactoring, don't * change to <= */ - if (pathbias_get_use_success_count(node)/node->pb.use_attempts + if (node->pb.use_attempts > EPSILON && + pathbias_get_use_success_count(node)/node->pb.use_attempts < pathbias_get_extreme_use_rate(options) && pathbias_get_dropguards(options)) { node->pb.path_bias_disabled = 1; @@ -3420,10 +3423,13 @@ static void pathbias_check_close_success_count(entry_guard_t *node) { const or_options_t *options = get_options(); + const double EPSILON = 1.0e-9; + /* Note: We rely on the < comparison here to allow us to set a 0 * rate and disable the feature entirely. If refactoring, don't * change to <= */ - if (pathbias_get_close_success_count(node)/node->pb.circ_attempts + if (node->pb.circ_attempts > EPSILON && + pathbias_get_close_success_count(node)/node->pb.circ_attempts < pathbias_get_extreme_rate(options) && pathbias_get_dropguards(options)) { node->pb.path_bias_disabled = 1; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Turn #defines for prop271 into networkstatus params
commit d2af9826fd0a75efee8612b96709c39f24196f53 Author: Nick MathewsonDate: Sat Nov 26 10:06:50 2016 -0500 Turn #defines for prop271 into networkstatus params Some of these will get torrc options to override them too; this is just the mechanical conversion. Also, add documentation for a couple of undocumented (but now used) parameters. --- src/or/entrynodes.c| 144 - src/or/entrynodes.h| 45 +- src/test/test_entrynodes.c | 14 ++--- 3 files changed, 166 insertions(+), 37 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 1c9349e..f1fe9f1 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -324,6 +324,118 @@ randomize_time,(time_t now, time_t max_backdate)) } /** + * @name parameters for networkstatus algorithm + * + * These parameters are taken from the consensus; some are overrideable in + * the torrc. + */ +/**@{*/ +/** + * We never let our sampled guard set grow larger than this fraction + * of the guards on the network. + */ +STATIC double +get_max_sample_threshold(void) +{ + int32_t pct = +networkstatus_get_param(NULL, "guard-max-sample-threshold-percent", +DFLT_MAX_SAMPLE_THRESHOLD_PERCENT, +1, 100); + return pct / 100.0; +} +/** + * We always try to make our sample contain at least this many guards. + * + * prop271 There was a MIN_SAMPLE_THRESHOLD in the proposal, but I + * removed it in favor of MIN_FILTERED_SAMPLE_SIZE. -NM + */ +STATIC int +get_min_filtered_sample_size(void) +{ + return networkstatus_get_param(NULL, "guard-min-filtered-sample-size", + DFLT_MIN_FILTERED_SAMPLE_SIZE, + 1, INT32_MAX); +} +/** + * If a guard is unlisted for this many days in a row, we remove it. + */ +STATIC int +get_remove_unlisted_guards_after_days(void) +{ + return networkstatus_get_param(NULL, + "guard-remove-unlisted-guards-after-days", + DFLT_REMOVE_UNLISTED_GUARDS_AFTER_DAYS, + 1, 365*10); +} +/** + * We remove unconfirmed guards from the sample after this many days, + * regardless of whether they are listed or unlisted. + */ +STATIC int +get_guard_lifetime_days(void) +{ + return networkstatus_get_param(NULL, + "guard-lifetime-days", + DFLT_GUARD_LIFETIME_DAYS, 1, 365*10); +} +/** + * We remove confirmed guards from the sample if they were sampled + * GUARD_LIFETIME_DAYS ago and confirmed this many days ago. + */ +STATIC int +get_guard_confirmed_min_lifetime_days(void) +{ + return networkstatus_get_param(NULL, "guard-confirmed-min-lifetime-days", + DFLT_GUARD_CONFIRMED_MIN_LIFETIME_DAYS, + 1, 365*10); +} +/** + * How many guards do we try to keep on our primary guard list? + */ +STATIC int +get_n_primary_guards(void) +{ + return networkstatus_get_param(NULL, "guard-n-primary-guards", + DFLT_N_PRIMARY_GUARDS, 1, INT32_MAX); +} +/** + * If we haven't successfully built or used a circuit in this long, then + * consider that the internet is probably down. + */ +STATIC int +get_internet_likely_down_interval(void) +{ + return networkstatus_get_param(NULL, "guard-internet-likely-down-interval", + DFLT_INTERNET_LIKELY_DOWN_INTERVAL, + 1, INT32_MAX); +} +/** + * If we're trying to connect to a nonprimary guard for at least this + * many seconds, and we haven't gotten the connection to work, we will treat + * lower-priority guards as usable. + */ +STATIC int +get_nonprimary_guard_connect_timeout(void) +{ + return networkstatus_get_param(NULL, + "guard-nonprimary-guard-connect-timeout", + DFLT_NONPRIMARY_GUARD_CONNECT_TIMEOUT, + 1, INT32_MAX); +} +/** + * If a circuit has been sitting around in 'waiting for better guard' state + * for at least this long, we'll expire it. + */ +STATIC int +get_nonprimary_guard_idle_timeout(void) +{ + return networkstatus_get_param(NULL, + "guard-nonprimary-guard-idle-timeout", + (10*60), 1, INT32_MAX); +} +/**@}*/ + +/** * Return true iff node has all the flags needed for us to consider it * a possible guard when sampling guards. */ @@ -377,7 +489,7 @@ STATIC entry_guard_t * entry_guard_add_to_sample(guard_selection_t *gs, const node_t *node) { - const int GUARD_LIFETIME = GUARD_LIFETIME_DAYS * 86400; + const int GUARD_LIFETIME = get_guard_lifetime_days() * 86400; tor_assert(gs); tor_assert(node); @@ -470,8 +582,8 @@ entry_guards_expand_sample(guard_selection_t *gs)
[tor-commits] [tor/master] Add a GUARD log domain, for use with new guards code
commit bf64564e37c5fc0bc476d1b93890b15a18bf Author: Nick MathewsonDate: Tue Nov 15 18:57:17 2016 -0500 Add a GUARD log domain, for use with new guards code --- src/common/log.c| 2 +- src/common/torlog.h | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/common/log.c b/src/common/log.c index 3b0eb88..d031364 100644 --- a/src/common/log.c +++ b/src/common/log.c @@ -1177,7 +1177,7 @@ static const char *domain_list[] = { "GENERAL", "CRYPTO", "NET", "CONFIG", "FS", "PROTOCOL", "MM", "HTTP", "APP", "CONTROL", "CIRC", "REND", "BUG", "DIR", "DIRSERV", "OR", "EDGE", "ACCT", "HIST", "HANDSHAKE", "HEARTBEAT", "CHANNEL", - "SCHED", NULL + "SCHED", "GUARD", NULL }; /** Return a bitmask for the log domain for which domain is the name, diff --git a/src/common/torlog.h b/src/common/torlog.h index 6732a42..bc95785 100644 --- a/src/common/torlog.h +++ b/src/common/torlog.h @@ -99,8 +99,10 @@ #define LD_CHANNEL (1u<<21) /** Scheduler */ #define LD_SCHED (1u<<22) +/** Guard nodes */ +#define LD_GUARD (1u<<23) /** Number of logging domains in the code. */ -#define N_LOGGING_DOMAINS 23 +#define N_LOGGING_DOMAINS 24 /** This log message is not safe to send to a callback-based logger * immediately. Used as a flag, not a log domain. */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Implement most of the prop271 data structure backends.
commit 7bf946965bad88116582dfd3d20e5837eeddd758 Author: Nick MathewsonDate: Wed Nov 16 08:21:39 2016 -0500 Implement most of the prop271 data structure backends. This code handles: * Maintaining the sampled set, the filtered set, and the usable_filtered set. * Maintaining the confirmed and primary guard lists. * Picking guards for circuits, and updating guard state when circuit state changes. Additionally, I've done code structure movement: even more constants and structures from entrynodes.c have become ENTRYNODES_PRIVATE fields of entrynodes.h. I've also included a bunch of documentation and a bunch of unit tests. Coverage on the new code is pretty high. I've noted important things to resolve before this branch is done with the /.*prop271/ regex. --- src/or/entrynodes.c| 1256 +++- src/or/entrynodes.h| 272 +- src/test/test_entrynodes.c | 1093 ++ 3 files changed, 2488 insertions(+), 133 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index c6ed59d..958aba4 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -10,7 +10,113 @@ * * Entry nodes can be guards (for general use) or bridges (for censorship * circumvention). + * + * prop271 This module is in flux, since I'm currently in the middle of + * implementation proposal 271. The module documentation here will describe + * the new algorithm and data structures; the old ones should get removed as + * proposal 271 is completed. + * + * In general, we use entry guards to prevent traffic-sampling attacks: + * if we chose every circuit independently, an adversary controlling + * some fraction of paths on the network would observe a sample of every + * user's traffic. Using guards gives users a chance of not being + * profiled. + * + * The current entry guard selection code is designed to try to avoid + * _ever_ trying every guard on the network, to try to stick to guards + * that we've used before, to handle hostile/broken networks, and + * to behave sanely when the network goes up and down. + * + * Our algorithm works as follows: First, we maintain a SAMPLE of guards + * we've seen in the networkstatus consensus. We maintain this sample + * over time, and store it persistently; it is chosen without reference + * to our configuration or firewall rules. Guards remain in the sample + * as they enter and leave the consensus. We expand this sample as + * needed, up to a maximum size. + * + * As a subset of the sample, we maintain a FILTERED SET of the guards + * that we would be willing to use if we could connect to them. The + * filter removes all the guards that we're excluding because they're + * bridges (or not bridges), because we have restrictive firewall rules, + * because of ExcludeNodes, because we of path bias restrictions, + * because they're absent from the network at present, and so on. + * + * As a subset of the filtered set, we keep a REACHABLE FILTERED SET + * (also called a "usable filtered set") of those guards that we call + * "reachable" or "maybe reachable". A guard is reachable if we've + * connected to it more recently than we've failed. A guard is "maybe + * reachable" if we have never tried to connect to it, or if we + * failed to connect to it so long ago that we no longer think our + * failure means it's down. + * + * As a persistent ordered list whose elements are taken from the + * sampled set, we track a CONFIRMED GUARDS LIST. A guard becomes + * confirmed when we successfully build a circuit through it, and decide + * to use that circuit. We order the guards on this list by the order + * in which they became confirmed. + * + * And as a final group, we have an ordered list of PRIMARY GUARDS, + * whose elements are taken from the filtered set. We prefer + * confirmed guards to non-confirmed guards for this list, and place + * other restrictions on it. The primary guards are the ones that we + * connect to "when nothing is wrong" -- circuits through them can be used + * immediately. + * + * To build circuits, we take a primary guard if possible -- or a + * reachable filtered confirmed guard if no primary guard is possible -- + * or a random reachable filtered guard otherwise. If the guard is + * primary, we can use the circuit immediately on success. Otherwise, + * the guard is now "pending" -- we won't use its circuit unless all + * of the circuits we're trying to build through better guards have + * definitely failed. + * + * While we're building circuits, we track a little "guard state" for + * each circuit. We use this to keep track of whether the circuit is + * one that we can use as soon as its done, or whether it's one that + * we should keep around to see if we can do better. In the latter case, + * a periodic call to
[tor-commits] [tor/master] Don't make $hexid nicknames persistent.
commit 52e196bab56d97f31e3fd24f187f842ac08cf7b7 Author: Nick MathewsonDate: Wed Nov 30 13:10:35 2016 -0500 Don't make $hexid nicknames persistent. (That's asking for trouble, and also totally completely redundant.) --- src/or/entrynodes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 1f6d562..78257ca 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -2420,7 +2420,7 @@ entry_guard_encode_for_state(entry_guard_t *guard) fmt_and_decorate_addr(>bridge_addr->addr), guard->bridge_addr->port); } - if (strlen(guard->nickname)) { + if (strlen(guard->nickname) && is_legal_nickname(guard->nickname)) { smartlist_add_asprintf(result, "nickname=%s", guard->nickname); } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] guard->nickname is never NULL.
commit 4ec9751c144465f6f70450545d68372f35f2ba78 Author: Nick MathewsonDate: Fri Dec 16 11:25:59 2016 -0500 guard->nickname is never NULL. --- src/or/entrynodes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 4c68247..ee904ac 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -341,7 +341,7 @@ entry_guard_describe(const entry_guard_t *guard) static char buf[256]; tor_snprintf(buf, sizeof(buf), "%s ($%s)", - guard->nickname ? guard->nickname : "[bridge]", + strlen(guard->nickname) ? guard->nickname : "[bridge]", hex_str(guard->identity, DIGEST_LEN)); return buf; } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Tests for choosing which guard_selection to use
commit 72dc2ae319f66d3b4dec59709c28605912c6bc56 Author: Nick MathewsonDate: Wed Nov 30 14:11:36 2016 -0500 Tests for choosing which guard_selection to use --- src/test/test_entrynodes.c | 43 +++ 1 file changed, 43 insertions(+) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index e443210..fbb3b13 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -1528,6 +1528,48 @@ test_entry_guard_get_guard_selection_by_name(void *arg) } static void +test_entry_guard_choose_selection_initial(void *arg) +{ + /* Tests for picking our initial guard selection (based on having had + * no previous selection */ + (void)arg; + guard_selection_type_t type = GS_TYPE_INFER; + const char *name = choose_guard_selection(get_options(), +dummy_consensus, NULL, ); + tt_str_op(name, OP_EQ, "default"); + tt_int_op(type, OP_EQ, GS_TYPE_NORMAL); + + /* If we're using bridges, we get the bridge selection. */ + get_options_mutable()->UseBridges = 1; + name = choose_guard_selection(get_options(), +dummy_consensus, NULL, ); + tt_str_op(name, OP_EQ, "bridges"); + tt_int_op(type, OP_EQ, GS_TYPE_BRIDGE); + get_options_mutable()->UseBridges = 0; + + /* If we're using legacy guards, we get the legacy selection */ + get_options_mutable()->UseDeprecatedGuardAlgorithm = 1; + name = choose_guard_selection(get_options(), +dummy_consensus, NULL, ); + tt_str_op(name, OP_EQ, "legacy"); + tt_int_op(type, OP_EQ, GS_TYPE_LEGACY); + get_options_mutable()->UseDeprecatedGuardAlgorithm = 0; + + /* If we discard >99% of our guards, though, we should be in the restricted + * set. */ + tt_assert(get_options_mutable()->EntryNodes == NULL); + get_options_mutable()->EntryNodes = routerset_new(); + routerset_parse(get_options_mutable()->EntryNodes, "1.0.0.0/8", "foo"); + name = choose_guard_selection(get_options(), +dummy_consensus, NULL, ); + tt_str_op(name, OP_EQ, "restricted"); + tt_int_op(type, OP_EQ, GS_TYPE_RESTRICTED); + + done: + ; +} + +static void test_entry_guard_add_single_guard(void *arg) { (void)arg; @@ -3360,6 +3402,7 @@ struct testcase_t entrynodes_tests[] = { test_entry_guard_parse_from_state_broken, TT_FORK, NULL, NULL }, { "get_guard_selection_by_name", test_entry_guard_get_guard_selection_by_name, TT_FORK, NULL, NULL }, + BFN_TEST(choose_selection_initial), BFN_TEST(add_single_guard), BFN_TEST(node_filter), BFN_TEST(expand_sample), ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Move a TODO comment into doxygen comments.
commit b7088e5b5add8bf3b6f783ec37ce7cd231476b35 Author: Nick MathewsonDate: Wed Dec 7 13:57:04 2016 -0500 Move a TODO comment into doxygen comments. --- src/or/entrynodes.c | 15 ++- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index bcf4182..ad9242e 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -630,8 +630,9 @@ choose_guard_selection(const or_options_t *options, * Check whether we should switch from our current guard selection to a * different one. If so, switch and return 1. Return 0 otherwise. * - * On a 1 return, the caller should mark all currently live circuits - * unusable for new streams. + * On a 1 return, the caller should mark all currently live circuits unusable + * for new streams, by calling circuit_mark_all_unused_circs() and + * circuit_mark_all_dirty_circs_as_unusable(). */ int update_guard_selection_choice(const or_options_t *options) @@ -665,12 +666,6 @@ update_guard_selection_choice(const or_options_t *options) tor_assert(new_guard_context != curr_guard_context); curr_guard_context = new_guard_context; - /* -Be sure to call: -circuit_mark_all_unused_circs(); -circuit_mark_all_dirty_circs_as_unusable(); - */ - return 1; } @@ -4879,7 +4874,9 @@ entries_retry_all(const or_options_t *options) /** Helper: Update the status of all entry guards, in whatever algorithm * is used. Return true if we should stop using all previously generated - * circuits. */ + * circuits, by calling circuit_mark_all_unused_circs() and + * circuit_mark_all_dirty_circs_as_unusable(). + */ int guards_update_all(void) { ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Trivial documentation improvements.
commit 7ab2678074e5d49628d948fadb80c5904950236c Author: George KadianakisDate: Tue Dec 6 14:34:48 2016 -0500 Trivial documentation improvements. --- src/or/circuitlist.c | 13 ++--- src/or/entrynodes.c | 17 + src/or/entrynodes.h | 9 ++--- 3 files changed, 25 insertions(+), 14 deletions(-) diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index b25f817..ab38b54 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -562,7 +562,6 @@ circuit_get_global_list,(void)) return global_circuitlist; } -/** */ /** Return a pointer to the global list of origin circuits. */ smartlist_t * circuit_get_global_origin_circuit_list(void) @@ -1758,17 +1757,17 @@ circuit_find_circuits_to_upgrade_from_guard_wait(void) if (! circuits_pending_other_guards || smartlist_len(circuits_pending_other_guards)==0) return NULL; - /* Only if we have some origin circuiuts should we run the algorithm. - */ + /* Only if we have some origin circuits should we run the algorithm. */ if (!global_origin_circuit_list) return NULL; /* Okay; we can pass our circuit list to entrynodes.c.*/ smartlist_t *result = smartlist_new(); - int r = entry_guards_upgrade_waiting_circuits(get_guard_selection_info(), -global_origin_circuit_list, -result); - if (r && smartlist_len(result)) { + int circuits_upgraded = entry_guards_upgrade_waiting_circuits( + get_guard_selection_info(), + global_origin_circuit_list, + result); + if (circuits_upgraded && smartlist_len(result)) { return result; } else { smartlist_free(result); diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 76070a3..a28603d 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -142,7 +142,9 @@ #include "transports.h" #include "statefile.h" +/** A list of existing guard selection contexts. */ static smartlist_t *guard_contexts = NULL; +/** The currently enabled guard selection context. */ static guard_selection_t *curr_guard_context = NULL; /** A value of 1 means that at least one context has changed, @@ -593,7 +595,8 @@ choose_guard_selection(const or_options_t *options, "rest of the world.", (int)(exclude_frac * 100)); } - /* Easy case: no previous selection */ + /* Easy case: no previous selection. Just check if we are in restricted or + normal guard selection. */ if (old_selection == NULL) { if (n_passing_filter >= meaningful_threshold_mid) { *type_out = GS_TYPE_NORMAL; @@ -768,8 +771,9 @@ entry_guard_add_to_sample(guard_selection_t *gs, /** * Backend: adds a new sampled guard to gs, with given identity, - * nickname, and ORPort. rsa_id_digest and bridge_addrport are - * optional, but we need one of them. nickname is optional. + * nickname, and ORPort. rsa_id_digest and bridge_addrport are optional, but + * we need one of them. nickname is optional. The caller is responsible for + * maintaining the size limit of the SAMPLED_GUARDS set. */ static entry_guard_t * entry_guard_add_to_sample_impl(guard_selection_t *gs, @@ -2171,7 +2175,8 @@ entry_guards_all_primary_guards_are_down(guard_selection_t *gs) } /** Wrapper for entry_guard_has_higher_priority that compares the - * guard-priorities of a pair of circuits. + * guard-priorities of a pair of circuits. Return 1 if a has higher + * priority than b. * * If a restriction is provided in rst, then do not consider * a to have higher priority if it violates the restriction. @@ -4180,6 +4185,8 @@ choose_random_entry_impl(guard_selection_t *gs, } #endif +/** Check the pathbias use success count of node and disable it if it + * goes over our thresholds. */ static void pathbias_check_use_success_count(entry_guard_t *node) { @@ -4201,6 +4208,8 @@ pathbias_check_use_success_count(entry_guard_t *node) } } +/** Check the pathbias close count of node and disable it if it goes + * over our thresholds. */ static void pathbias_check_close_success_count(entry_guard_t *node) { diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 3250be1..116e5ab 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -402,11 +402,14 @@ int entry_guard_pick_for_circuit(guard_selection_t *gs, entry_guard_restriction_t *rst, const node_t **chosen_node_out, circuit_guard_state_t **guard_state_out); + +/* We just connected to an entry guard. What should we do with the circuit? */ typedef enum { - GUARD_USABLE_NEVER = -1, - GUARD_MAYBE_USABLE_LATER = 0, - GUARD_USABLE_NOW = 1, + GUARD_USABLE_NEVER = -1, /* Never use the circuit */ + GUARD_MAYBE_USABLE_LATER = 0, /* Keep it. We might use it
[tor-commits] [tor/master] Add a separate, non-fractional, limit to the sampled guard set size.
commit 2e2f3a4d99885c0d348024dc85ed6ef064a62ace Author: Nick MathewsonDate: Thu Dec 8 10:02:19 2016 -0500 Add a separate, non-fractional, limit to the sampled guard set size. Letting the maximum sample size grow proportionally to the number of guards defeats its purpose to a certain extent. Noted by asn during code review. Fixes bug 20920; bug not in any released (or merged) version of Tor. --- src/or/entrynodes.c | 14 +- src/or/entrynodes.h | 8 +++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index f41464a..3249ce2 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -402,6 +402,16 @@ get_max_sample_threshold(void) return pct / 100.0; } /** + * We never let our sampled guard set grow larger than this number. + */ +STATIC int +get_max_sample_size_absolute(void) +{ + return (int) networkstatus_get_param(NULL, "guard-max-sample-size", + DFLT_MAX_SAMPLE_SIZE, + 1, INT32_MAX); +} +/** * We always try to make our sample contain at least this many guards. * * prop271 spec deviation There was a MIN_SAMPLE_THRESHOLD in the @@ -937,7 +947,9 @@ get_max_sample_size(guard_selection_t *gs, if (using_bridges) return n_guards; - const int max_sample = (int)(n_guards * get_max_sample_threshold()); + const int max_sample_by_pct = (int)(n_guards * get_max_sample_threshold()); + const int max_sample_absolute = get_max_sample_size_absolute(); + const int max_sample = MIN(max_sample_by_pct, max_sample_absolute); if (max_sample < min_sample) // prop271 spec deviation return min_sample; else diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 1133525..d7dc014 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -440,7 +440,12 @@ int num_bridges_usable(void); * We never let our sampled guard set grow larger than this percentage * of the guards on the network. */ -#define DFLT_MAX_SAMPLE_THRESHOLD_PERCENT 30 +#define DFLT_MAX_SAMPLE_THRESHOLD_PERCENT 20 +/** + * We never let our sampled guard set grow larger than this number of + * guards. + */ +#define DFLT_MAX_SAMPLE_SIZE 60 /** * We always try to make our sample contain at least this many guards. * @@ -495,6 +500,7 @@ int num_bridges_usable(void); /**@}*/ STATIC double get_max_sample_threshold(void); +STATIC int get_max_sample_size_absolute(void); STATIC int get_min_filtered_sample_size(void); STATIC int get_remove_unlisted_guards_after_days(void); STATIC int get_guard_lifetime_days(void); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Rewrite state transition logic in entry_guards_note_success()
commit fc7751a989681fbf0f94387c070cced261a83c9c Author: Nick MathewsonDate: Thu Dec 8 10:22:23 2016 -0500 Rewrite state transition logic in entry_guards_note_success() asn found while testing that this function can be reached with GUARD_STATE_COMPLETE circuits; I believe this happens when cannibalization occurs. The added complexity of handling one more state made it reasonable to turn the main logic here into a switch statement. --- src/or/entrynodes.c | 40 +++- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 3249ce2..cf85dad 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1927,25 +1927,31 @@ entry_guards_note_guard_success(guard_selection_t *gs, } unsigned new_state; - if (old_state == GUARD_CIRC_STATE_USABLE_ON_COMPLETION) { -new_state = GUARD_CIRC_STATE_COMPLETE; - } else { -tor_assert_nonfatal( - old_state == GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD); - -if (guard->is_primary) { - /* prop271 -- I don't actually like this logic. It seems to make us - * a little more susceptible to evil-ISP attacks. The mitigations I'm - * thinking of, however, aren't local to this point, so I'll leave it - * alone. */ - /* This guard may have become primary by virtue of being confirmed. -If so, the circuit for it is now complete. - */ + switch (old_state) { +case GUARD_CIRC_STATE_COMPLETE: +case GUARD_CIRC_STATE_USABLE_ON_COMPLETION: new_state = GUARD_CIRC_STATE_COMPLETE; -} else { - new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; -} + break; +default: + tor_assert_nonfatal_unreached(); + /* Fall through. */ +case GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD: + if (guard->is_primary) { +/* prop271 -- I don't actually like this logic. It seems to make + * us a little more susceptible to evil-ISP attacks. The mitigations + * I'm thinking of, however, aren't local to this point, so I'll leave + * it alone. */ +/* This guard may have become primary by virtue of being confirmed. + * If so, the circuit for it is now complete. + */ +new_state = GUARD_CIRC_STATE_COMPLETE; + } else { +new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; + } + break; + } + if (! guard->is_primary) { if (last_time_on_internet + get_internet_likely_down_interval() < approx_time()) { mark_primary_guards_maybe_reachable(gs); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix a signed/unsigned warning on 32-bit
commit 2b4bfe62ee74b927d65923f5d07fe04f51f8779a Author: Nick MathewsonDate: Wed Nov 30 14:25:16 2016 -0500 Fix a signed/unsigned warning on 32-bit --- src/or/entrynodes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 78257ca..ac62155 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1665,7 +1665,7 @@ entry_guards_update_primary(guard_selection_t *gs) * Return the number of seconds after the last attempt at which we should * retry a guard that has been failing since failing_since. */ -static unsigned +static int get_retry_schedule(time_t failing_since, time_t now, int is_primary) { @@ -1712,7 +1712,7 @@ entry_guard_consider_retry(entry_guard_t *guard) return; /* No retry needed. */ const time_t now = approx_time(); - const unsigned delay = + const int delay = get_retry_schedule(guard->failing_since, now, guard->is_primary); const time_t last_attempt = guard->last_tried_to_connect; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Wrap all of the legacy guard code, and its users, in #ifdefs
commit 68679504323b0a676a446b8fb34b976c9dc66b4f Author: Nick MathewsonDate: Wed Dec 7 12:36:13 2016 -0500 Wrap all of the legacy guard code, and its users, in #ifdefs This will make it easier to see what we remove down the line. --- src/or/bridges.c | 8 src/or/channel.c | 2 + src/or/circpathbias.c | 6 +++ src/or/circuitbuild.c | 2 + src/or/circuituse.c| 16 src/or/config.c| 9 + src/or/connection_or.c | 4 ++ src/or/control.c | 5 +++ src/or/entrynodes.c| 91 -- src/or/entrynodes.h| 26 + src/or/routerlist.c| 6 +++ src/test/test_entrynodes.c | 20 -- src/test/test_routerlist.c | 10 + 13 files changed, 188 insertions(+), 17 deletions(-) diff --git a/src/or/bridges.c b/src/or/bridges.c index c480e3f..4058979 100644 --- a/src/or/bridges.c +++ b/src/or/bridges.c @@ -743,7 +743,11 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) (int) bridge->port); } if (get_options()->UseDeprecatedGuardAlgorithm) { +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM add_bridge_as_entry_guard(get_guard_selection_info(), node); +#else +tor_assert_nonfatal_unreached(); +#endif } else { entry_guard_learned_bridge_identity(>addrport_configured, (const uint8_t*)ri->cache_info.identity_digest); @@ -754,8 +758,12 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) /* set entry->made_contact so if it goes down we don't drop it from * our entry node list */ if (get_options()->UseDeprecatedGuardAlgorithm) { +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM entry_guard_register_connect_status(ri->cache_info.identity_digest, 1, 0, now); +#else +tor_assert_nonfatal_unreached(); +#endif } if (first) { routerlist_retry_directory_downloads(now); diff --git a/src/or/channel.c b/src/or/channel.c index 1e3e99c..9898148 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -2538,6 +2538,7 @@ channel_do_open_actions(channel_t *chan) if (started_here) { circuit_build_times_network_is_live(get_circuit_build_times_mutable()); rep_hist_note_connect_succeeded(chan->identity_digest, now); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM // prop271 this call is no longer useful with the new algorithm. if (entry_guard_register_connect_status( chan->identity_digest, 1, 0, now) < 0) { @@ -2549,6 +2550,7 @@ channel_do_open_actions(channel_t *chan) "connection so we can retry the earlier entry guards."); close_origin_circuits = 1; } +#endif router_set_status(chan->identity_digest, 1); } else { /* only report it to the geoip module if it's not a known router */ diff --git a/src/or/circpathbias.c b/src/or/circpathbias.c index be11465..d86d70f 100644 --- a/src/or/circpathbias.c +++ b/src/or/circpathbias.c @@ -1279,7 +1279,10 @@ pathbias_measure_use_rate(entry_guard_t *guard) tor_lround(pb->timeouts), tor_lround(get_circuit_build_close_time_ms()/1000)); pb->path_bias_disabled = 1; +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM + // entry_guard_mark_bad(guard); +#endif return; } } else if (!pb->path_bias_use_extreme) { @@ -1385,7 +1388,10 @@ pathbias_measure_close_rate(entry_guard_t *guard) tor_lround(pb->timeouts), tor_lround(get_circuit_build_close_time_ms()/1000)); pb->path_bias_disabled = 1; +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM + // entry_guard_mark_bad(guard); +#endif return; } } else if (!pb->path_bias_extreme) { diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 0790309..bf52b90 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2277,6 +2277,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state, * family. */ nodelist_add_node_and_family(excluded, node); } +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /* and exclude current entry guards and their families, * unless we're in a test network, and excluding guards * would exclude all nodes (i.e. we're in an incredibly small tor network, @@ -2295,6 +2296,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state, } }); } +#endif if (state) { if (state->need_uptime) diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 787c490..8e0fbd1 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -550,16 +550,14 @@ circuit_expire_building(void) == CPATH_STATE_OPEN; log_info(LD_CIRC, "No circuits are opened. Relaxing timeout for circuit %d " -
[tor-commits] [tor/master] Tests for restricted-circuit cases of upgrade_waiting_circuits()
commit 7361e1b499f3b2dc4a24192eed47d0adb668c25a Author: Nick MathewsonDate: Wed Nov 30 13:28:44 2016 -0500 Tests for restricted-circuit cases of upgrade_waiting_circuits() --- src/test/test_entrynodes.c | 80 ++ 1 file changed, 80 insertions(+) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 1fbb8f8..84fdf07 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -3079,6 +3079,45 @@ test_entry_guard_upgrade_blocked_by_better_circ_complete(void *arg) } static void +test_entry_guard_upgrade_not_blocked_by_restricted_circ_complete(void *arg) +{ + upgrade_circuits_data_t *data = arg; + + /* Once more, let circ1 become complete. But this time, we'll claim + * that circ2 was restricted to not use the same guard as circ1. */ + data->guard2_state->restrictions = +tor_malloc_zero(sizeof(entry_guard_restriction_t)); + memcpy(data->guard2_state->restrictions->exclude_id, + data->guard1->identity, DIGEST_LEN); + + smartlist_t *result = smartlist_new(); + int r; + r = entry_guards_upgrade_waiting_circuits(data->gs, +data->all_origin_circuits, +result); + tt_int_op(r, OP_EQ, 1); + tt_int_op(smartlist_len(result), OP_EQ, 1); + origin_circuit_t *oc = smartlist_get(result, 0); + tt_ptr_op(oc, OP_EQ, data->circ1); + tt_ptr_op(data->guard1_state, OP_NE, NULL); + tt_int_op(data->guard1_state->state, OP_EQ, GUARD_CIRC_STATE_COMPLETE); + + /* Now, we try again. Since circ2 has a restriction that circ1 doesn't obey, + * circ2 _is_ eligible for upgrade. */ + smartlist_clear(result); + r = entry_guards_upgrade_waiting_circuits(data->gs, +data->all_origin_circuits, +result); + tt_int_op(r, OP_EQ, 1); + tt_int_op(smartlist_len(result), OP_EQ, 1); + origin_circuit_t *oc2 = smartlist_get(result, 0); + tt_ptr_op(oc2, OP_EQ, data->circ2); + + done: + smartlist_free(result); +} + +static void test_entry_guard_upgrade_not_blocked_by_worse_circ_complete(void *arg) { upgrade_circuits_data_t *data = arg; @@ -3140,6 +3179,43 @@ test_entry_guard_upgrade_blocked_by_better_circ_pending(void *arg) } static void +test_entry_guard_upgrade_not_blocked_by_restricted_circ_pending(void *arg) +{ + upgrade_circuits_data_t *data = arg; + /* circ2 is done, but circ1 is still pending. But when there is a + restriction on circ2 that circ1 can't satisfy, circ1 can't block + circ2. */ + + /* Prop271 -- this is a kludge. I'm making sure circ1 _is_ better, + * by messing with the guards' confirmed_idx */ + make_guard_confirmed(data->gs, data->guard1); + { +int tmp; +tmp = data->guard1->confirmed_idx; +data->guard1->confirmed_idx = data->guard2->confirmed_idx; +data->guard2->confirmed_idx = tmp; + } + + data->guard2_state->restrictions = +tor_malloc_zero(sizeof(entry_guard_restriction_t)); + memcpy(data->guard2_state->restrictions->exclude_id, + data->guard1->identity, DIGEST_LEN); + + smartlist_t *result = smartlist_new(); + int r; + r = entry_guards_upgrade_waiting_circuits(data->gs, +data->all_origin_circuits, +result); + tt_int_op(r, OP_EQ, 1); + tt_int_op(smartlist_len(result), OP_EQ, 1); + origin_circuit_t *oc = smartlist_get(result, 0); + tt_ptr_op(oc, OP_EQ, data->circ2); + + done: + smartlist_free(result); +} + +static void test_entry_guard_upgrade_not_blocked_by_worse_circ_pending(void *arg) { upgrade_circuits_data_t *data = arg; @@ -3283,8 +3359,12 @@ struct testcase_t entrynodes_tests[] = { UPGRADE_TEST(upgrade_blocked_by_live_primary_guards, "c1-done c2-done"), UPGRADE_TEST(upgrade_blocked_by_lack_of_waiting_circuits, ""), UPGRADE_TEST(upgrade_blocked_by_better_circ_complete, "c1-done c2-done"), + UPGRADE_TEST(upgrade_not_blocked_by_restricted_circ_complete, + "c1-done c2-done"), UPGRADE_TEST(upgrade_not_blocked_by_worse_circ_complete, "c1-done c2-done"), UPGRADE_TEST(upgrade_blocked_by_better_circ_pending, "c2-done"), + UPGRADE_TEST(upgrade_not_blocked_by_restricted_circ_pending, + "c2-done"), UPGRADE_TEST(upgrade_not_blocked_by_worse_circ_pending, "c1-done"), { "should_expire_waiting", test_enty_guard_should_expire_waiting, TT_FORK, NULL, NULL }, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Clean check for live consensus when updating the guard sample.
commit e50d85b90cb3fbc562517c11ded12940682ffec0 Author: Nick MathewsonDate: Wed Dec 7 14:15:38 2016 -0500 Clean check for live consensus when updating the guard sample. The valid_until check was redundant. --- src/or/entrynodes.c | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index ad9242e..f41464a 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1157,12 +1157,13 @@ sampled_guards_update_from_consensus(guard_selection_t *gs) if (gs->type != GS_TYPE_BRIDGE) { networkstatus_t *ns = networkstatus_get_live_consensus(approx_time()); -log_info(LD_GUARD, "Updating sampled guard status based on received " - "consensus."); - -if (! ns || ns->valid_until < approx_time()) { - log_info(LD_GUARD, "Hey, there wasn't a valid consensus. Ignoring"); +if (! ns) { + log_info(LD_GUARD, "No live consensus; can't update " + "sampled entry guards."); return; +} else { + log_info(LD_GUARD, "Updating sampled guard status based on received " + "consensus."); } } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'prop271_030_v1_squashed'
commit 2cee38f76a46860e2fb29fbd95ba36b332aa38c6 Merge: b310929 20292ec Author: Nick MathewsonDate: Fri Dec 16 11:20:59 2016 -0500 Merge branch 'prop271_030_v1_squashed' src/common/address.c |8 + src/common/address.h |2 + src/common/container.c | 18 + src/common/container.h |1 + src/common/log.c |2 +- src/common/torlog.h|4 +- src/common/util.c | 32 +- src/common/util.h |3 +- src/or/bridges.c | 866 + src/or/bridges.h | 66 + src/or/channel.c |3 + src/or/channeltls.c|9 + src/or/circpathbias.c | 330 ++-- src/or/circuitbuild.c | 105 +- src/or/circuitbuild.h |9 +- src/or/circuitlist.c | 121 +- src/or/circuitlist.h |3 + src/or/circuituse.c| 40 +- src/or/circuituse.h|1 + src/or/config.c| 57 + src/or/connection.c|6 + src/or/connection_or.c | 11 + src/or/control.c | 11 +- src/or/directory.c | 101 +- src/or/directory.h |6 +- src/or/entrynodes.c| 4347 +--- src/or/entrynodes.h| 617 ++- src/or/include.am |2 + src/or/main.c | 14 +- src/or/networkstatus.c | 20 + src/or/networkstatus.h |5 + src/or/or.h| 32 +- src/or/rendclient.c|2 +- src/or/rendservice.c |2 +- src/or/routerlist.c| 11 +- src/or/routerparse.c |3 +- src/or/routerset.c | 13 + src/or/routerset.h |5 +- src/or/statefile.c |2 + src/or/transports.c|2 +- src/test/test_config.c |1 + src/test/test_containers.c | 41 + src/test/test_controller.c |1 + src/test/test_dir.c| 17 +- src/test/test_entrynodes.c | 2599 +- src/test/test_routerlist.c | 10 + src/test/test_util.c | 17 + 47 files changed, 8206 insertions(+), 1372 deletions(-) diff --cc src/or/bridges.c index 000,4058979..7d1acdf mode 00,100644..100644 --- a/src/or/bridges.c +++ b/src/or/bridges.c @@@ -1,0 -1,847 +1,866 @@@ + /* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2016, The Tor Project, Inc. */ + /* See LICENSE for licensing information */ + + /** + * \file bridges.c + * \brief Code to manage bridges and bridge selection. + * + * Bridges are fixed entry nodes, used for censorship circumvention. + **/ + + #include "or.h" + #include "bridges.h" + #include "circuitbuild.h" + #include "config.h" + #include "connection.h" + #include "directory.h" + #include "entrynodes.h" + #include "nodelist.h" + #include "policies.h" + #include "router.h" + #include "routerlist.h" + #include "routerset.h" + #include "transports.h" + + /** Information about a configured bridge. Currently this just matches the + * ones in the torrc file, but one day we may be able to learn about new + * bridges on our own, and remember them in the state file. */ + struct bridge_info_t { + /** Address and port of the bridge, as configured by the user.*/ + tor_addr_port_t addrport_configured; + /** Address of the bridge. */ + tor_addr_t addr; + /** TLS port for the bridge. */ + uint16_t port; + /** Boolean: We are re-parsing our bridge list, and we are going to remove +* this one if we don't find it in the list of configured bridges. */ + unsigned marked_for_removal : 1; + /** Expected identity digest, or all zero bytes if we don't know what the +* digest should be. */ + char identity[DIGEST_LEN]; + + /** Name of pluggable transport protocol taken from its config line. */ + char *transport_name; + + /** When should we next try to fetch a descriptor for this bridge? */ + download_status_t fetch_status; + + /** A smartlist of k=v values to be passed to the SOCKS proxy, if + transports are used for this bridge. */ + smartlist_t *socks_args; + }; + + static void bridge_free(bridge_info_t *bridge); + + /** A list of configured bridges. Whenever we actually get a descriptor + * for one, we add it as an entry guard. Note that the order of bridges + * in this list does not necessarily correspond to the order of bridges + * in the torrc. */ + static smartlist_t *bridge_list = NULL; + + /** Mark every entry of the bridge list to be removed on our next call to + * sweep_bridge_list unless it has first been un-marked. */ + void + mark_bridge_list(void) + { + if (!bridge_list) + bridge_list = smartlist_new(); + SMARTLIST_FOREACH(bridge_list, bridge_info_t *, b, + b->marked_for_removal = 1); + } + + /** Remove every entry of the bridge list that was marked with + * mark_bridge_list if it has not subsequently been un-marked. */ + void +
[tor-commits] [tor/master] Per suggestion, increase the retry frequency for primary guards.
commit 20292ec4974b777d430e7962cc38349c5f82b220 Author: Nick MathewsonDate: Thu Dec 8 13:10:22 2016 -0500 Per suggestion, increase the retry frequency for primary guards. --- src/or/entrynodes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index cf85dad..ac5398f 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1708,8 +1708,8 @@ get_retry_schedule(time_t failing_since, time_t now, const struct { time_t maximum; int primary_delay; int nonprimary_delay; } delays[] = { -{ SIX_HOURS,30*60, 1*60*60 }, -{ FOUR_DAYS, 2*60*60, 4*60*60 }, +{ SIX_HOURS,10*60, 1*60*60 }, +{ FOUR_DAYS,90*60, 4*60*60 }, { SEVEN_DAYS, 4*60*60, 18*60*60 }, { TIME_MAX, 9*60*60, 36*60*60 } }; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add a test for entry_guard_state_should_expire()
commit 171981f8a0eebf3f00feabe36dc66e031d51c5bd Author: Nick MathewsonDate: Wed Nov 30 11:28:18 2016 -0500 Add a test for entry_guard_state_should_expire() --- src/test/test_entrynodes.c | 33 + 1 file changed, 33 insertions(+) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 5fff1d6..5360b0e 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -2926,6 +2926,37 @@ test_entry_guard_upgrade_not_blocked_by_worse_circ_pending(void *arg) smartlist_free(result); } +static void +test_enty_guard_should_expire_waiting(void *arg) +{ + (void)arg; + circuit_guard_state_t *fake_state = tor_malloc_zero(sizeof(*fake_state)); + /* We'll leave "guard" unset -- it won't matter here. */ + + /* No state? Can't expire. */ + tt_assert(! entry_guard_state_should_expire(NULL)); + + /* Let's try one that expires. */ + fake_state->state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; + fake_state->state_set_at = +approx_time() - DFLT_NONPRIMARY_GUARD_IDLE_TIMEOUT - 1; + + tt_assert(entry_guard_state_should_expire(fake_state)); + + /* But it wouldn't expire if we changed the state. */ + fake_state->state = GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD; + tt_assert(! entry_guard_state_should_expire(fake_state)); + + /* And it wouldn't have expired a few seconds ago. */ + fake_state->state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; + fake_state->state_set_at = +approx_time() - DFLT_NONPRIMARY_GUARD_IDLE_TIMEOUT + 5; + tt_assert(! entry_guard_state_should_expire(fake_state)); + + done: + tor_free(fake_state); +} + static const struct testcase_setup_t fake_network = { fake_network_setup, fake_network_cleanup }; @@ -3017,6 +3048,8 @@ struct testcase_t entrynodes_tests[] = { UPGRADE_TEST(upgrade_not_blocked_by_worse_circ_complete, "c1-done c2-done"), UPGRADE_TEST(upgrade_blocked_by_better_circ_pending, "c2-done"), UPGRADE_TEST(upgrade_not_blocked_by_worse_circ_pending, "c1-done"), + { "should_expire_waiting", test_enty_guard_should_expire_waiting, TT_FORK, +NULL, NULL }, END_OF_TESTCASES }; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Easy code fixes.
commit 50783d0123c38c649851421f33c616e0bf75d827 Author: George KadianakisDate: Tue Dec 6 14:35:31 2016 -0500 Easy code fixes. - Correctly maintain the previous guard selection in choose_guard_selection(). - Print bridge identifier instead of nothing in entry_guard_describe()._ --- src/or/entrynodes.c | 19 +-- src/or/entrynodes.h | 6 +++--- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index a28603d..bcf4182 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -341,7 +341,8 @@ entry_guard_describe(const entry_guard_t *guard) static char buf[256]; tor_snprintf(buf, sizeof(buf), "%s ($%s)", - guard->nickname, hex_str(guard->identity, DIGEST_LEN)); + guard->nickname ? guard->nickname : "[bridge]", + hex_str(guard->identity, DIGEST_LEN)); return buf; } @@ -527,7 +528,7 @@ get_extreme_restriction_threshold(void) STATIC const char * choose_guard_selection(const or_options_t *options, const networkstatus_t *live_ns, - const char *old_selection, + const guard_selection_t *old_selection, guard_selection_type_t *type_out) { tor_assert(options); @@ -607,7 +608,11 @@ choose_guard_selection(const or_options_t *options, } } - /* Trickier case: we do have a previous selection */ + /* Trickier case: we do have a previous guard selection context. */ + tor_assert(old_selection); + + /* Use high and low thresholds to decide guard selection, and if we fall in + the middle then keep the current guard selection context. */ if (n_passing_filter >= meaningful_threshold_high) { *type_out = GS_TYPE_NORMAL; return "default"; @@ -615,7 +620,9 @@ choose_guard_selection(const or_options_t *options, *type_out = GS_TYPE_RESTRICTED; return "restricted"; } else { -return NULL; +/* we are in the middle: maintain previous guard selection */ +*type_out = old_selection->type; +return old_selection->name; } } @@ -634,16 +641,16 @@ update_guard_selection_choice(const or_options_t *options) return 1; } - const char *cur_name = curr_guard_context->name; guard_selection_type_t type = GS_TYPE_INFER; const char *new_name = choose_guard_selection( options, networkstatus_get_live_consensus(approx_time()), - cur_name, + curr_guard_context, ); tor_assert(new_name); tor_assert(type != GS_TYPE_INFER); + const char *cur_name = curr_guard_context->name; if (! strcmp(cur_name, new_name)) { log_debug(LD_GUARD, "Staying with guard context \"%s\" (no change)", new_name); diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 116e5ab..1133525 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -519,9 +519,9 @@ STATIC void guard_selection_free(guard_selection_t *gs); MOCK_DECL(STATIC int, entry_guard_is_listed, (guard_selection_t *gs, const entry_guard_t *guard)); STATIC const char *choose_guard_selection(const or_options_t *options, - const networkstatus_t *ns, - const char *old_selection, - guard_selection_type_t *type_out); +const networkstatus_t *ns, +const guard_selection_t *old_selection, +guard_selection_type_t *type_out); STATIC entry_guard_t *get_sampled_guard_with_id(guard_selection_t *gs, const uint8_t *rsa_id); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] prop271: Tests for the highlevel or_state_t encode/decode functions
commit 79d3e94f8b1769ee8d1957cb1d6dd35bd02a7271 Author: Nick MathewsonDate: Wed Nov 30 12:35:16 2016 -0500 prop271: Tests for the highlevel or_state_t encode/decode functions --- src/or/entrynodes.c| 4 +- src/or/entrynodes.h| 2 + src/test/test_entrynodes.c | 238 + 3 files changed, 242 insertions(+), 2 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 9441be4..1f6d562 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1115,8 +1115,8 @@ remove_guard_from_confirmed_and_primary_lists(guard_selection_t *gs, /** Return true iff guard is currently "listed" -- that is, it * appears in the consensus, or as a configured bridge (as * appropriate) */ -static int -entry_guard_is_listed(guard_selection_t *gs, const entry_guard_t *guard) +MOCK_IMPL(STATIC int, +entry_guard_is_listed,(guard_selection_t *gs, const entry_guard_t *guard)) { if (gs->type == GS_TYPE_BRIDGE) { return NULL != get_bridge_info_for_guard(guard); diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index b676172..c05a3e3 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -498,6 +498,8 @@ STATIC guard_selection_t *guard_selection_new(const char *name, STATIC guard_selection_t *get_guard_selection_by_name( const char *name, guard_selection_type_t type, int create_if_absent); STATIC void guard_selection_free(guard_selection_t *gs); +MOCK_DECL(STATIC int, entry_guard_is_listed, + (guard_selection_t *gs, const entry_guard_t *guard)); STATIC const char *choose_guard_selection(const or_options_t *options, const networkstatus_t *ns, const char *old_selection, diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 5360b0e..1fbb8f8 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -14,6 +14,7 @@ #include "bridges.h" #include "circuitlist.h" #include "config.h" +#include "confparse.h" #include "entrynodes.h" #include "nodelist.h" #include "networkstatus.h" @@ -1247,6 +1248,239 @@ test_entry_guard_parse_from_state_partial_failure(void *arg) tor_free(mem_op_hex_tmp); } +static int +mock_entry_guard_is_listed(guard_selection_t *gs, const entry_guard_t *guard) +{ + (void)gs; + (void)guard; + return 1; +} + +static void +test_entry_guard_parse_from_state_full(void *arg) +{ + (void)arg; + /* Here's a state I made while testing. The identities and locations for + * the bridges are redacted. */ + const char STATE[] = + "Guard in=default rsa_id=214F44BD5B638E8C817D47FF7C97397790BF0345 " +"nickname=TotallyNinja sampled_on=2016-11-12T19:32:49 " +"sampled_by=0.3.0.0-alpha-dev " +"listed=1\n" + "Guard in=default rsa_id=052900AB0EA3ED54BAB84AE8A99E74E8693CE2B2 " +"nickname=5OfNovember sampled_on=2016-11-20T04:32:05 " +"sampled_by=0.3.0.0-alpha-dev " +"listed=1 confirmed_on=2016-11-22T08:13:28 confirmed_idx=0 " +"pb_circ_attempts=4.00 pb_circ_successes=2.00 " +"pb_successful_circuits_closed=2.00\n" + "Guard in=default rsa_id=7B700C0C207EBD0002E00F499BE265519AC3C25A " +"nickname=dc6jgk11 sampled_on=2016-11-28T11:50:13 " +"sampled_by=0.3.0.0-alpha-dev " +"listed=1 confirmed_on=2016-11-24T08:45:30 confirmed_idx=4 " +"pb_circ_attempts=5.00 pb_circ_successes=5.00 " +"pb_successful_circuits_closed=5.00\n" + "Guard in=wobblesome rsa_id=7B700C0C207EBD0002E00F499BE265519AC3C25A " +"nickname=dc6jgk11 sampled_on=2016-11-28T11:50:13 " +"sampled_by=0.3.0.0-alpha-dev " +"listed=1\n" + "Guard in=default rsa_id=E9025AD60D86875D5F11548D536CC6AF60F0EF5E " +"nickname=maibrunn sampled_on=2016-11-25T22:36:38 " +"sampled_by=0.3.0.0-alpha-dev listed=1\n" + "Guard in=default rsa_id=DCD30B90BA3A792DA75DC54A327EF353FB84C38E " +"nickname=Unnamed sampled_on=2016-11-25T14:34:00 " +"sampled_by=0.3.0.0-alpha-dev listed=1\n" + "Guard in=bridges rsa_id=8F2E " +"bridge_addr=24.1.1.1:443 sampled_on=2016-11-25T06:44:14 " +"sampled_by=0.3.0.0-alpha-dev listed=1 " +"confirmed_on=2016-11-29T10:36:06 confirmed_idx=0 " +"pb_circ_attempts=8.00 pb_circ_successes=8.00 " +"pb_successful_circuits_closed=13.00\n" + "Guard in=bridges rsa_id=5800 " +"bridge_addr=37.218.246.143:28366 " +"sampled_on=2016-11-18T15:07:34 sampled_by=0.3.0.0-alpha-dev listed=1\n"; + + config_line_t *lines = NULL; + or_state_t *state = tor_malloc_zero(sizeof(or_state_t)); + int r = config_get_lines(STATE, , 0); + char *msg = NULL; + smartlist_t *text = smartlist_new(); + char *joined = NULL; + + MOCK(entry_guard_is_listed, mock_entry_guard_is_listed); + + dummy_state = state; + MOCK(get_or_state, + get_or_state_replacement); + + tt_assert(r == 0); + tt_assert(lines); + +
[tor-commits] [tor/master] Update node-selection tests to consider restrictions
commit d9f010db8448fa2aa4de80f0c26c41fafb25a694 Author: Nick MathewsonDate: Wed Nov 30 13:37:37 2016 -0500 Update node-selection tests to consider restrictions --- src/test/test_entrynodes.c | 27 ++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 84fdf07..e443210 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -2464,6 +2464,19 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg) tt_i64_op(guard->unreachable_since, OP_EQ, approx_time() - 30); }); + /* Let's try again and we should get the first primary guard again */ + g = select_entry_guard_for_circuit(gs, NULL, ); + tt_ptr_op(g, OP_EQ, smartlist_get(gs->primary_entry_guards, 0)); + g2 = select_entry_guard_for_circuit(gs, NULL, ); + tt_ptr_op(g2, OP_EQ, g); + + /* But if we impose a restriction, we don't get the same guard */ + entry_guard_restriction_t rst; + memset(, 0, sizeof(rst)); + memcpy(rst.exclude_id, g->identity, DIGEST_LEN); + g2 = select_entry_guard_for_circuit(gs, , ); + tt_ptr_op(g2, OP_NE, g); + done: guard_selection_free(gs); } @@ -2527,10 +2540,22 @@ test_entry_guard_select_for_circuit_confirmed(void *arg) tt_uint_op(state, OP_EQ, GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD); tt_i64_op(g2->last_tried_to_connect, OP_EQ, approx_time()); + // If we say that the next confirmed guard in order is excluded, we get + // The one AFTER that. + g = smartlist_get(gs->confirmed_entry_guards, + smartlist_len(gs->primary_entry_guards)+2); + entry_guard_restriction_t rst; + memset(, 0, sizeof(rst)); + memcpy(rst.exclude_id, g->identity, DIGEST_LEN); + g2 = select_entry_guard_for_circuit(gs, , ); + tt_ptr_op(g2, OP_NE, g); + tt_int_op(g2->confirmed_idx, OP_EQ, +smartlist_len(gs->primary_entry_guards)+3); + // If we make every confirmed guard become pending then we start poking // other guards. const int n_remaining_confirmed = -N_CONFIRMED - 2 - smartlist_len(gs->primary_entry_guards); +N_CONFIRMED - 3 - smartlist_len(gs->primary_entry_guards); for (i = 0; i < n_remaining_confirmed; ++i) { g = select_entry_guard_for_circuit(gs, NULL, ); tt_int_op(g->confirmed_idx, OP_GE, 0); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Repair unit test for tiny-network case.
commit 13315812e857f37828475101cc8d5acb63403c0e Author: Nick MathewsonDate: Wed Nov 30 09:19:10 2016 -0500 Repair unit test for tiny-network case. The test assumed that the old rules about handling small max_sample were in effect, and didn't actually handle that case very well anyway. --- src/test/test_entrynodes.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 0921e20..5fff1d6 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -1524,7 +1524,7 @@ test_entry_guard_expand_sample_small_net(void *arg) /* Fun corner case: not enough guards to make up our whole sample size. */ SMARTLIST_FOREACH(big_fake_net_nodes, node_t *, n, { -if (n_sl_idx >= 40) { +if (n_sl_idx >= 15) { tor_free(n->rs); tor_free(n->md); tor_free(n); @@ -1536,8 +1536,9 @@ test_entry_guard_expand_sample_small_net(void *arg) entry_guard_t *guard = entry_guards_expand_sample(gs); tt_assert(guard); // the last guard returned -- some guard was added. - tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_GT, 0); - tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_LT, 10); + // half the nodes are guards, so we have 8 guards left. The set + // is small, so we sampled everything. + tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_EQ, 8); tt_int_op(num_reachable_filtered_guards(gs, NULL), OP_EQ, 0); done: guard_selection_free(gs); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] More entry guard tests: for cancel, and for upgrade.
commit 08d3ca2e5657a759d10064a2acb62b0a47bc15ff Author: Nick MathewsonDate: Sun Nov 27 18:47:27 2016 -0500 More entry guard tests: for cancel, and for upgrade. --- src/test/test_entrynodes.c | 371 + 1 file changed, 371 insertions(+) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index eaba3c4..eaaadce 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -2558,6 +2558,359 @@ test_entry_guard_select_for_circuit_highlevel_primary_retry(void *arg) circuit_guard_state_free(guard2); } +static void +test_entry_guard_select_and_cancel(void *arg) +{ + (void) arg; + const int N_PRIMARY = DFLT_N_PRIMARY_GUARDS; + int i,r; + const node_t *node = NULL; + circuit_guard_state_t *guard; + guard_selection_t *gs = guard_selection_new("default"); + entry_guard_t *g; + + /* Once more, we mark all the primary guards down. */ + entry_guards_note_internet_connectivity(gs); + for (i = 0; i < N_PRIMARY; ++i) { +r = entry_guard_pick_for_circuit(gs, , ); +tt_int_op(guard->state, OP_EQ, GUARD_CIRC_STATE_USABLE_ON_COMPLETION); +g = entry_guard_handle_get(guard->guard); +tt_int_op(g->is_primary, OP_EQ, 1); +tt_int_op(g->is_pending, OP_EQ, 0); +make_guard_confirmed(gs, g); +entry_guard_failed(gs, ); +circuit_guard_state_free(guard); +guard = NULL; +node = NULL; + } + + tt_assert(entry_guards_all_primary_guards_are_down(gs)); + + /* Now get another guard we could try... */ + r = entry_guard_pick_for_circuit(gs, , ); + tt_assert(node); + tt_assert(guard); + tt_assert(r == 0); + tt_int_op(guard->state, OP_EQ, GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD); + g = entry_guard_handle_get(guard->guard); + tt_int_op(g->is_primary, OP_EQ, 0); + tt_int_op(g->is_pending, OP_EQ, 1); + + /* Whoops! We should never have asked for this guard. Cancel the request! */ + entry_guard_cancel(gs, ); + tt_assert(guard == NULL); + tt_int_op(g->is_primary, OP_EQ, 0); + tt_int_op(g->is_pending, OP_EQ, 0); + + done: + guard_selection_free(gs); + circuit_guard_state_free(guard); +} + +/* Unit test setup function: Create a fake network, and set everything up + * for testing the upgrade-a-waiting-circuit code. */ +typedef struct { + guard_selection_t *gs; + time_t start; + circuit_guard_state_t *guard1_state; + circuit_guard_state_t *guard2_state; + entry_guard_t *guard1; + entry_guard_t *guard2; + origin_circuit_t *circ1; + origin_circuit_t *circ2; + smartlist_t *all_origin_circuits; +} upgrade_circuits_data_t; +static void * +upgrade_circuits_setup(const struct testcase_t *testcase) +{ + upgrade_circuits_data_t *data = tor_malloc_zero(sizeof(*data)); + guard_selection_t *gs = data->gs = guard_selection_new("default"); + circuit_guard_state_t *guard; + const node_t *node; + entry_guard_t *g; + int i; + const int N_PRIMARY = DFLT_N_PRIMARY_GUARDS; + const char *argument = testcase->setup_data; + const int make_circ1_succeed = strstr(argument, "c1-done") != NULL; + const int make_circ2_succeed = strstr(argument, "c2-done") != NULL; + + big_fake_network_setup(testcase); + + /* We're going to set things up in a state where a circuit will be ready to + * be upgraded. Each test can make a single change (or not) that should + * block the upgrade. + */ + + /* First, make all the primary guards confirmed, and down. */ + data->start = approx_time(); + entry_guards_note_internet_connectivity(gs); + for (i = 0; i < N_PRIMARY; ++i) { +entry_guard_pick_for_circuit(gs, , ); +g = entry_guard_handle_get(guard->guard); +make_guard_confirmed(gs, g); +entry_guard_failed(gs, ); +circuit_guard_state_free(guard); + } + + /* Grab another couple of guards */ + data->all_origin_circuits = smartlist_new(); + + update_approx_time(data->start + 27); + entry_guard_pick_for_circuit(gs, , >guard1_state); + origin_circuit_t *circ; + data->circ1 = circ = origin_circuit_new(); + circ->base_.purpose = CIRCUIT_PURPOSE_C_GENERAL; + circ->guard_state = data->guard1_state; + smartlist_add(data->all_origin_circuits, circ); + + update_approx_time(data->start + 30); + entry_guard_pick_for_circuit(gs, , >guard2_state); + data->circ2 = circ = origin_circuit_new(); + circ->base_.purpose = CIRCUIT_PURPOSE_C_GENERAL; + circ->guard_state = data->guard2_state; + smartlist_add(data->all_origin_circuits, circ); + + data->guard1 = entry_guard_handle_get(data->guard1_state->guard); + data->guard2 = entry_guard_handle_get(data->guard2_state->guard); + tor_assert(data->guard1 != data->guard2); + tor_assert(data->guard1_state->state == + GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD); + tor_assert(data->guard2_state->state == + GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD); + + int r; + update_approx_time(data->start + 32); + if (make_circ1_succeed) { +r = entry_guard_succeeded(gs, >guard1_state); +tor_assert(r == 0); +
[tor-commits] [tor/master] Implement bridge backends for sampling, filtering guards.
commit 82fa71610de1c7d7faed78490a3cb90ce917a3e2 Author: Nick MathewsonDate: Tue Nov 29 10:19:10 2016 -0500 Implement bridge backends for sampling, filtering guards. Still missing is functionality for picking bridges when we don't know a descriptor for them yet, and functionality for learning a bridge ID. Everything else remains (basically) the same. Neat! --- src/or/entrynodes.c | 185 +++- 1 file changed, 139 insertions(+), 46 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index dcaab35..6ac3166 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -802,12 +802,10 @@ entry_guard_add_to_sample_impl(guard_selection_t *gs, * Add an entry guard to the "bridges" guard selection sample, with * information taken from bridge. Return that entry guard. */ -entry_guard_t * -entry_guard_add_bridge_to_sample(const bridge_info_t *bridge) +static entry_guard_t * +entry_guard_add_bridge_to_sample(guard_selection_t *gs, + const bridge_info_t *bridge) { - guard_selection_t *gs = get_guard_selection_by_name("bridges", - GS_TYPE_BRIDGE, - 1); const uint8_t *id_digest = bridge_get_rsa_id_digest(bridge); const tor_addr_port_t *addrport = bridge_get_addr_port(bridge); @@ -896,24 +894,34 @@ num_reachable_filtered_guards(guard_selection_t *gs) } /** - * Add new guards to the sampled guards in gs until there are - * enough usable filtered guards, but never grow the sample beyond its - * maximum size. Return the last guard added, or NULL if none were - * added. + * Return a smartlist of the all the guards that are not currently + * members of the sample (GUARDS - SAMPLED_GUARDS). The elements of + * this list are node_t pointers in the non-bridge case, and + * bridge_info_t pointers in the bridge case. Set *n_guards_out/b> + * to the number of guards that we found in GUARDS, including those + * that were already sampled. */ -STATIC entry_guard_t * -entry_guards_expand_sample(guard_selection_t *gs) +static smartlist_t * +get_eligible_guards(guard_selection_t *gs, +int *n_guards_out) { - tor_assert(gs); - int n_sampled = smartlist_len(gs->sampled_entry_guards); - entry_guard_t *added_guard = NULL; - - const smartlist_t *nodes = nodelist_get_list(); /* Construct eligible_guards as GUARDS - SAMPLED_GUARDS */ smartlist_t *eligible_guards = smartlist_new(); int n_guards = 0; // total size of "GUARDS" - int n_usable_filtered_guards = num_reachable_filtered_guards(gs); - { + + if (gs->type == GS_TYPE_BRIDGE) { +const smartlist_t *bridges = bridge_list_get(); +SMARTLIST_FOREACH_BEGIN(bridges, bridge_info_t *, bridge) { + ++n_guards; + if (NULL != get_sampled_guard_for_bridge(gs, bridge)) { +continue; + } + smartlist_add(eligible_guards, bridge); +} SMARTLIST_FOREACH_END(bridge); + } else { +const smartlist_t *nodes = nodelist_get_list(); +const int n_sampled = smartlist_len(gs->sampled_entry_guards); + /* Build a bloom filter of our current guards: let's keep this O(N). */ digestset_t *sampled_guard_ids = digestset_new(n_sampled); SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, const entry_guard_t *, @@ -934,11 +942,58 @@ entry_guards_expand_sample(guard_selection_t *gs) digestset_free(sampled_guard_ids); } - /* Is there at least one guard we haven't sampled? */ - if (! smartlist_len(eligible_guards)) -goto done; + *n_guards_out = n_guards; + return eligible_guards; +} + +/** Helper: given a smartlist of either bridge_info_t (if gs->type is + * GS_TYPE_BRIDGE) or node_t (otherwise), pick one that can be a guard, + * add it as a guard, remove it from the list, and return a new + * entry_guard_t. Return NULL on failure. */ +static entry_guard_t * +select_and_add_guard_item_for_sample(guard_selection_t *gs, + smartlist_t *eligible_guards) +{ + entry_guard_t *added_guard; + if (gs->type == GS_TYPE_BRIDGE) { +const bridge_info_t *bridge = smartlist_choose(eligible_guards); +if (BUG(!bridge)) + return NULL; // LCOV_EXCL_LINE +smartlist_remove(eligible_guards, bridge); +added_guard = entry_guard_add_bridge_to_sample(gs, bridge); + } else { +const node_t *node = + node_sl_choose_by_bandwidth(eligible_guards, WEIGHT_FOR_GUARD); +if (BUG(!node)) + return NULL; // LCOV_EXCL_LINE +smartlist_remove(eligible_guards, node); +added_guard = entry_guard_add_to_sample(gs, node); + } - const int max_sample = (int)(n_guards * get_max_sample_threshold()); + return added_guard; +} + +/** + * Add new guards to the sampled guards in gs until there are + * enough usable filtered guards, but never grow the sample beyond its + * maximum size. Return the last guard
[tor-commits] [tor/master] Add some needed accessors/inspectors for bridge/guard convergence
commit 53f248f6c9d71784c271cf14501ec4c28e5e885d Author: Nick MathewsonDate: Tue Nov 29 10:14:42 2016 -0500 Add some needed accessors/inspectors for bridge/guard convergence --- src/or/bridges.c| 24 src/or/bridges.h| 5 + src/or/entrynodes.c | 48 +--- src/or/entrynodes.h | 4 src/or/routerset.c | 13 + src/or/routerset.h | 5 - 6 files changed, 71 insertions(+), 28 deletions(-) diff --git a/src/or/bridges.c b/src/or/bridges.c index f16acfa..8090bae 100644 --- a/src/or/bridges.c +++ b/src/or/bridges.c @@ -179,7 +179,7 @@ get_configured_bridge_by_orports_digest(const char *digest, * bridge with no known digest whose address matches addr:port, * return that bridge. Else return NULL. If digest is NULL, check for * address/port matches only. */ -static bridge_info_t * +bridge_info_t * get_configured_bridge_by_addr_port_digest(const tor_addr_t *addr, uint16_t port, const char *digest) @@ -416,28 +416,12 @@ bridge_add_from_config(bridge_line_t *bridge_line) smartlist_add(bridge_list, b); } -/** Return true iff routerset contains the bridge bridge. */ -static int -routerset_contains_bridge(const routerset_t *routerset, - const bridge_info_t *bridge) -{ - int result; - extend_info_t *extinfo; - tor_assert(bridge); - if (!routerset) -return 0; - - extinfo = extend_info_new( - NULL, bridge->identity, NULL, NULL, >addr, bridge->port); - result = routerset_contains_extendinfo(routerset, extinfo); - extend_info_free(extinfo); - return result; -} - /** If digest is one of our known bridges, return it. */ -static bridge_info_t * +bridge_info_t * find_bridge_by_digest(const char *digest) { + if (! bridge_list) +return NULL; SMARTLIST_FOREACH(bridge_list, bridge_info_t *, bridge, { if (tor_memeq(bridge->identity, digest, DIGEST_LEN)) diff --git a/src/or/bridges.h b/src/or/bridges.h index d01794f..74c5113 100644 --- a/src/or/bridges.h +++ b/src/or/bridges.h @@ -20,8 +20,13 @@ typedef struct bridge_info_t bridge_info_t; void mark_bridge_list(void); void sweep_bridge_list(void); const smartlist_t *bridge_list_get(void); +bridge_info_t *find_bridge_by_digest(const char *digest); const uint8_t *bridge_get_rsa_id_digest(const bridge_info_t *bridge); const tor_addr_port_t * bridge_get_addr_port(const bridge_info_t *bridge); +bridge_info_t *get_configured_bridge_by_addr_port_digest( + const tor_addr_t *addr, + uint16_t port, + const char *digest); int addr_is_a_configured_bridge(const tor_addr_t *addr, uint16_t port, const char *digest); diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index e725d4e..dcaab35 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -167,6 +167,8 @@ static entry_guard_t *entry_guard_add_to_sample_impl(guard_selection_t *gs, const uint8_t *rsa_id_digest, const char *nickname, const tor_addr_port_t *bridge_addrport); +static entry_guard_t *get_sampled_guard_by_bridge_addr(guard_selection_t *gs, + const tor_addr_port_t *addrport); /** Return 0 if we should apply guardfraction information found in the * consensus. A specific consensus can be specified with the @@ -679,6 +681,46 @@ get_sampled_guard_with_id(guard_selection_t *gs, return NULL; } +/** If gs contains a sampled entry guard matching bridge, + * return that guard. Otherwise return NULL. */ +static entry_guard_t * +get_sampled_guard_for_bridge(guard_selection_t *gs, + const bridge_info_t *bridge) +{ + const uint8_t *id = bridge_get_rsa_id_digest(bridge); + const tor_addr_port_t *addrport = bridge_get_addr_port(bridge); + entry_guard_t *guard; + if (id) { +guard = get_sampled_guard_with_id(gs, id); +if (guard) + return guard; + } + if (BUG(!addrport)) +return NULL; // LCOV_EXCL_LINE + guard = get_sampled_guard_by_bridge_addr(gs, addrport); + if (! guard || (id && tor_memneq(id, guard->identity, DIGEST_LEN))) +return NULL; + else +return guard; +} + +/** If we know a bridge_info_t matching guard, return that + * bridge. Otherwise return NULL. */ +static bridge_info_t * +get_bridge_info_for_guard(const entry_guard_t *guard) +{ + if (! tor_digest_is_zero(guard->identity)) { +bridge_info_t *bridge = find_bridge_by_digest(guard->identity); +if (bridge) + return bridge; + } + if (BUG(guard->bridge_addr == NULL)) +return NULL; + return get_configured_bridge_by_addr_port_digest(>bridge_addr->addr, +
[tor-commits] [tor/master] Fix for small test networks: don't refuse to have any sampled guards.
commit 80fa404625b757cbde07be76abf848efadab7c46 Author: Nick MathewsonDate: Tue Nov 29 12:48:32 2016 -0500 Fix for small test networks: don't refuse to have any sampled guards. Don't restrict the sample size if the network size is less than 20 guards. Maybe we'll think of a better rule later on? --- src/or/entrynodes.c | 23 ++- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 3ba0179..8380dbf 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -891,6 +891,23 @@ num_reachable_filtered_guards(guard_selection_t *gs) return n_reachable_filtered_guards; } +/** Return the actual maximum size for the sample in gs, + * given that we know about n_guards total. */ +static int +get_max_sample_size(guard_selection_t *gs, +int n_guards) +{ + const int using_bridges = (gs->type == GS_TYPE_BRIDGE); + + /* prop271 spec deviation with bridges, max_sample is "all of them" */ + if (using_bridges) +return n_guards; + else if (n_guards < 20) // prop271 spec deviation +return n_guards; + else +return (int)(n_guards * get_max_sample_threshold()); +} + /** * Return a smartlist of the all the guards that are not currently * members of the sample (GUARDS - SAMPLED_GUARDS). The elements of @@ -987,11 +1004,7 @@ entry_guards_expand_sample(guard_selection_t *gs) int n_guards = 0; smartlist_t *eligible_guards = get_eligible_guards(gs, _guards); - const int using_bridges = (gs->type == GS_TYPE_BRIDGE); - - /* prop271 spec deviation with bridges, max_sample is "all of them" */ - const int max_sample = using_bridges ? n_guards : -(int)(n_guards * get_max_sample_threshold()); + const int max_sample = get_max_sample_size(gs, n_guards); const int min_filtered_sample = get_min_filtered_sample_size(); log_info(LD_GUARD, "Expanding the sample guard set. We have %d guards " ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Another tweak for guard restrictions: don't let complete circs block
commit 2c8c58ab2fe7d452d06abdb7328be7eae658bcc0 Author: Nick MathewsonDate: Wed Nov 30 09:04:34 2016 -0500 Another tweak for guard restrictions: don't let complete circs block If a complete circuit C2 doesn't obey the restrictions of C1, then C2 cannot block C1. The patch here is a little big-ish, since we can no longer look through all the complete circuits and all the waiting circuits on a single pass: we have to find the best waiting circuit first. --- src/or/entrynodes.c | 43 +++ 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 9b38641..02ed924 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -2214,8 +2214,8 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, int n_waiting = 0; int n_complete = 0; + int n_complete_blocking = 0; origin_circuit_t *best_waiting_circuit = NULL; - origin_circuit_t *best_complete_circuit = NULL; smartlist_t *all_circuits = smartlist_new(); SMARTLIST_FOREACH_BEGIN(all_circuits_in, origin_circuit_t *, circ) { // We filter out circuits that aren't ours, or which we can't @@ -2241,12 +2241,6 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, circ_state_has_higher_priority(circ, NULL, best_waiting_circuit)) { best_waiting_circuit = circ; } -} else if (state->state == GUARD_CIRC_STATE_COMPLETE) { - ++n_complete; - if (! best_complete_circuit || - circ_state_has_higher_priority(circ, NULL, best_complete_circuit)) { -best_complete_circuit = circ; - } } } SMARTLIST_FOREACH_END(circ); @@ -2262,19 +2256,28 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, const entry_guard_restriction_t *rst_on_best_waiting = origin_circuit_get_guard_state(best_waiting_circuit)->restrictions; - if (best_complete_circuit) { -if (circ_state_has_higher_priority(best_complete_circuit, - rst_on_best_waiting, - best_waiting_circuit)) { - /* "If any circuit is , then do not use any - or circuits - circuits whose guards have lower priority." */ - log_debug(LD_GUARD, "Considered upgrading guard-stalled circuits: found " -"%d complete and %d guard-stalled. At least one complete " -"circuit had higher priority, so not upgrading.", -n_complete, n_waiting); - goto no_change; -} + /* First look at the complete circuits: Do any block this circuit? */ + SMARTLIST_FOREACH_BEGIN(all_circuits, origin_circuit_t *, circ) { +circuit_guard_state_t *state = origin_circuit_get_guard_state(circ); +if BUG((state == NULL)) + continue; +if (state->state != GUARD_CIRC_STATE_COMPLETE) + continue; +++n_complete; +if (circ_state_has_higher_priority(circ, rst_on_best_waiting, + best_waiting_circuit)) + ++n_complete_blocking; + } SMARTLIST_FOREACH_END(circ); + + if (n_complete_blocking) { +/* "If any circuit is , then do not use any +or circuits + circuits whose guards have lower priority." */ +log_debug(LD_GUARD, "Considered upgrading guard-stalled circuits: found " + "%d complete and %d guard-stalled. At least one complete " + "circuit had higher priority, so not upgrading.", + n_complete, n_waiting); +goto no_change; } /* "If any circuit is , and every currently ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] guards_choose_dirguard(): replace one XXXX with another.
commit 17c3faa2e393c59e9ee4aeca6986b0905d17f3b5 Author: Nick MathewsonDate: Wed Nov 30 07:51:40 2016 -0500 guards_choose_dirguard(): replace one with another. I had been asking myself, "hey, doesn't the new code need to look at this "info" parameter? The old code did!" But it turns out that the old code hasn't, since 05f7336624d6a47b3. So instead of "support this!" the comment now says "we can remove this!" --- src/or/entrynodes.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 9630f17..dd3a890 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -4779,7 +4779,13 @@ guards_choose_dirguard(dirinfo_type_t info, if (get_options()->UseDeprecatedGuardAlgorithm) { return choose_random_dirguard(info); } else { -// prop271 look at info? +/* prop271 We don't need to look at the dirinfo_type_t here, + * apparently. If you look at the old implementation, and you follow info + * downwards through choose_random_dirguard(), into + * choose_random_entry_impl(), into populate_live_entry_guards()... you + * find out that it isn't even used, and hasn't been since 0.2.7.1-alpha, + * when we realized that every Tor on the network would support + * microdescriptors. -NM */ const node_t *r = NULL; if (entry_guard_pick_for_circuit(get_guard_selection_info(), , ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Note a couple of XXX-prop271s as spec deviations.
commit 1e9cd5d2bbbf54818da6b6585bb60298712e6f06 Author: Nick MathewsonDate: Tue Nov 29 14:32:32 2016 -0500 Note a couple of XXX-prop271s as spec deviations. --- src/or/control.c| 2 +- src/or/entrynodes.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index 9cc99b6..03742e8 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2597,7 +2597,7 @@ getinfo_helper_events(control_connection_t *control_conn, if (circ->base_.state == CIRCUIT_STATE_OPEN) state = "BUILT"; else if (circ->base_.state == CIRCUIT_STATE_GUARD_WAIT) -state = "GUARD_WAIT"; // prop271 must specify this. +state = "GUARD_WAIT"; // prop271 spec deviation-- specify this. else if (circ->cpath) state = "EXTENDED"; else diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index bb8cd4c..c624c64 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -381,8 +381,8 @@ get_max_sample_threshold(void) /** * We always try to make our sample contain at least this many guards. * - * prop271 There was a MIN_SAMPLE_THRESHOLD in the proposal, but I - * removed it in favor of MIN_FILTERED_SAMPLE_SIZE. -NM + * prop271 spec deviation There was a MIN_SAMPLE_THRESHOLD in the + * proposal, but I removed it in favor of MIN_FILTERED_SAMPLE_SIZE. -NM */ STATIC int get_min_filtered_sample_size(void) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Remove some resolved "XXXX prop271" comments.
commit f4e64c04f49a3cd8c9b2289bd28641db85441acc Author: Nick MathewsonDate: Tue Nov 29 14:31:24 2016 -0500 Remove some resolved " prop271" comments. --- src/or/circuituse.c| 3 ++- src/or/connection_or.c | 6 -- src/or/entrynodes.c| 1 - src/or/entrynodes.h| 1 - 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 698b158..787c490 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1652,9 +1652,10 @@ circuit_build_failed(origin_circuit_t *circ) "Our circuit died before the first hop with no connection"); } if (n_chan_id && !already_marked) { + /* New guard API: we failed. */ if (circ->guard_state) entry_guard_failed(>guard_state); - /* prop271 -- old API */ + /* Old guard API: we failed. */ entry_guard_register_connect_status(n_chan_id, 0, 1, time(NULL)); /* if there are any one-hop streams waiting on this circuit, fail * them now so they can retry elsewhere. */ diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 14d5979..3b6f82c 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -735,8 +735,9 @@ connection_or_about_to_close(or_connection_t *or_conn) const or_options_t *options = get_options(); connection_or_note_state_when_broken(or_conn); rep_hist_note_connect_failed(or_conn->identity_digest, now); + /* Tell the new guard API about the channel failure */ entry_guard_chan_failed(TLS_CHAN_TO_BASE(or_conn->chan)); - /* prop271 -- old API */ + /* Tell the old guard API about the channel failure */ entry_guard_register_connect_status(or_conn->identity_digest,0, !options->HTTPSProxy, now); if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) { @@ -1675,8 +1676,9 @@ connection_or_client_learned_peer_id(or_connection_t *conn, "Tried connecting to router at %s:%d, but identity key was not " "as expected: wanted %s but got %s.%s", conn->base_.address, conn->base_.port, expected, seen, extra_log); +/* Tell the new guard API about the channel failure */ entry_guard_chan_failed(TLS_CHAN_TO_BASE(conn->chan)); -/* prop271 old API */ +/* Tell the old guard API about the channel failure */ entry_guard_register_connect_status(conn->identity_digest, 0, 1, time(NULL)); control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED, diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 8380dbf..bb8cd4c 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1928,7 +1928,6 @@ entry_guard_has_higher_priority(entry_guard_t *a, entry_guard_t *b) void circuit_guard_state_free(circuit_guard_state_t *state) { - /* prop271 -- do we want to inline this structure? */ if (!state) return; entry_guard_handle_free(state->guard); diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index ceccd0f..4ea60e8 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -226,7 +226,6 @@ typedef enum guard_selection_type_t { /** * All of the the context for guard selection on a particular client. * - * ( prop271 this paragraph below is not actually implemented yet.) * We maintain multiple guard selection contexts for a client, depending * aspects on its current configuration -- whether an extremely * restrictive EntryNodes is used, whether UseBridges is enabled, and so ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Change return value of entry_guard_succeeded to an enum.
commit 84bfa895d725338d92f677a31a4dcf6381845e0c Author: Nick MathewsonDate: Tue Nov 29 11:47:12 2016 -0500 Change return value of entry_guard_succeeded to an enum. George pointed out that (-1,0,1) for (never usable, maybe usable later, usable right now) was a pretty rotten convention that made the code harder to read. --- src/or/circuitbuild.c | 13 +++-- src/or/entrynodes.c| 28 +--- src/or/entrynodes.h| 7 ++- src/test/test_entrynodes.c | 29 - 4 files changed, 42 insertions(+), 35 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 5d0a04f..c7e116e 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -964,28 +964,29 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) memset(, 0, sizeof(ec)); if (!hop) { /* done building the circuit. whew. */ - int r; + guard_usable_t r; if (get_options()->UseDeprecatedGuardAlgorithm) { // The circuit is usable; we already marked the guard as okay. -r = 1; +r = GUARD_USABLE_NOW; } else if (! circ->guard_state) { if (circuit_get_cpath_len(circ) != 1) { log_warn(LD_BUG, "%d-hop circuit %p with purpose %d has no " "guard state", circuit_get_cpath_len(circ), circ, circ->base_.purpose); } -r = 1; +r = GUARD_USABLE_NOW; } else { r = entry_guard_succeeded(>guard_state); } - const int is_usable_for_streams = (r == 1); - if (r == 1) { + const int is_usable_for_streams = (r == GUARD_USABLE_NOW); + if (r == GUARD_USABLE_NOW) { circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_OPEN); - } else if (r == 0) { + } else if (r == GUARD_MAYBE_USABLE_LATER) { // prop271 we might want to probe for whether this // one is ready even before the next second rolls over. circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_GUARD_WAIT); } else { +tor_assert_nonfatal(r == GUARD_USABLE_NEVER); return - END_CIRC_REASON_INTERNAL; } diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index af1869f..aa90566 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1965,28 +1965,26 @@ entry_guard_pick_for_circuit(guard_selection_t *gs, } /** - * Called by the circuit building module when a circuit has succeeded: - * informs the guards code that the guard in *guard_state_p is - * working, and advances the state of the guard module. On a -1 return - * value, the circuit is broken and should not be used. On a 1 return - * value, the circuit is ready to use. On a 0 return value, the circuit - * should not be used until we find out whether preferred guards will - * work for us. - * - * X prop271 tristates are ugly; reconsider that interface. + * Called by the circuit building module when a circuit has succeeded: informs + * the guards code that the guard in *guard_state_p is working, and + * advances the state of the guard module. On a GUARD_USABLE_NEVER return + * value, the circuit is broken and should not be used. On a GUARD_USABLE_NOW + * return value, the circuit is ready to use. On a GUARD_MAYBE_USABLE_LATER + * return value, the circuit should not be used until we find out whether + * preferred guards will work for us. */ -int +guard_usable_t entry_guard_succeeded(circuit_guard_state_t **guard_state_p) { if (get_options()->UseDeprecatedGuardAlgorithm) -return 1; +return GUARD_USABLE_NOW; if (BUG(*guard_state_p == NULL)) -return -1; +return GUARD_USABLE_NEVER; entry_guard_t *guard = entry_guard_handle_get((*guard_state_p)->guard); if (! guard || BUG(guard->in_selection == NULL)) -return -1; +return GUARD_USABLE_NEVER; unsigned newstate = entry_guards_note_guard_success(guard->in_selection, guard, @@ -1996,9 +1994,9 @@ entry_guard_succeeded(circuit_guard_state_t **guard_state_p) (*guard_state_p)->state_set_at = approx_time(); if (newstate == GUARD_CIRC_STATE_COMPLETE) { -return 1; +return GUARD_USABLE_NOW; } else { -return 0; +return GUARD_MAYBE_USABLE_LATER; } } diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 21dab6e..ceccd0f 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -359,7 +359,12 @@ void circuit_guard_state_free(circuit_guard_state_t *state); int entry_guard_pick_for_circuit(guard_selection_t *gs, const node_t **chosen_node_out, circuit_guard_state_t **guard_state_out); -int entry_guard_succeeded(circuit_guard_state_t **guard_state_p); +typedef enum { + GUARD_USABLE_NEVER = -1, + GUARD_MAYBE_USABLE_LATER = 0, + GUARD_USABLE_NOW = 1, +} guard_usable_t; +guard_usable_t entry_guard_succeeded(circuit_guard_state_t **guard_state_p); void
[tor-commits] [tor/master] Extract guard_selection_infer_type into its own function.
commit 217590ad05943968683f02c3f556b987e99158b1 Author: Nick MathewsonDate: Wed Nov 30 10:16:24 2016 -0500 Extract guard_selection_infer_type into its own function. --- src/or/entrynodes.c | 24 ++-- src/or/entrynodes.h | 3 +++ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 02ed924..9441be4 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -194,14 +194,13 @@ should_apply_guardfraction(const networkstatus_t *ns) } /** - * Allocate and return a new guard_selection_t, with the name name. + * Try to determine the correct type for a selection named "name", + * if type is GS_TYPE_INFER. */ -STATIC guard_selection_t * -guard_selection_new(const char *name, -guard_selection_type_t type) +STATIC guard_selection_type_t +guard_selection_infer_type(guard_selection_type_t type, + const char *name) { - guard_selection_t *gs; - if (type == GS_TYPE_INFER) { if (!strcmp(name, "legacy")) type = GS_TYPE_LEGACY; @@ -212,6 +211,19 @@ guard_selection_new(const char *name, else type = GS_TYPE_NORMAL; } + return type; +} + +/** + * Allocate and return a new guard_selection_t, with the name name. + */ +STATIC guard_selection_t * +guard_selection_new(const char *name, +guard_selection_type_t type) +{ + guard_selection_t *gs; + + type = guard_selection_infer_type(type, name); gs = tor_malloc_zero(sizeof(*gs)); gs->name = tor_strdup(name); diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 753d6f7..b676172 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -490,6 +490,9 @@ STATIC double get_extreme_restriction_threshold(void); // -- these functions and definitions are post-prop271. HANDLE_DECL(entry_guard, entry_guard_t, STATIC) +STATIC guard_selection_type_t guard_selection_infer_type( + guard_selection_type_t type_in, + const char *name); STATIC guard_selection_t *guard_selection_new(const char *name, guard_selection_type_t type); STATIC guard_selection_t *get_guard_selection_by_name( ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Implement support for per-circuit guard restrictions.
commit 87f9b42179bd23418c3e698938bdeead56da1c43 Author: Nick MathewsonDate: Wed Nov 30 08:49:39 2016 -0500 Implement support for per-circuit guard restrictions. This is an important thing I hadn't considered when writing prop271: sometimes you have to restrict what guard you use for a particular circuit. Most frequently, that would be because you plan to use a certain node as your exit, and so you can't choose that for your guard. This change means that the upgrade-waiting-circuits algorithm needs a slight tweak too: circuit A cannot block circuit B from upgrading if circuit B needs to follow a restriction that circuit A does not follow. --- src/or/circuitbuild.c | 15 +- src/or/circuitbuild.h | 1 + src/or/entrynodes.c| 122 ++--- src/or/entrynodes.h| 38 +- src/test/test_entrynodes.c | 92 +- 5 files changed, 200 insertions(+), 68 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index c7e116e..0790309 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2515,8 +2515,8 @@ extend_info_dup(extend_info_t *info) return newinfo; } -/** Return the routerinfo_t for the chosen exit router in state. - * If there is no chosen exit, or if we don't know the routerinfo_t for +/** Return the node_t for the chosen exit router in state. + * If there is no chosen exit, or if we don't know the node_t for * the chosen exit, return NULL. */ const node_t * @@ -2527,6 +2527,17 @@ build_state_get_exit_node(cpath_build_state_t *state) return node_get_by_id(state->chosen_exit->identity_digest); } +/** Return the RSA ID digest for the chosen exit router in state. + * If there is no chosen exit, return NULL. + */ +const uint8_t * +build_state_get_exit_rsa_id(cpath_build_state_t *state) +{ + if (!state || !state->chosen_exit) +return NULL; + return (const uint8_t *) state->chosen_exit->identity_digest; +} + /** Return the nickname for the chosen exit router in state. If * there is no chosen exit, or if we don't know the routerinfo_t for the * chosen exit, return NULL. diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h index 2c83a16..b85dbec 100644 --- a/src/or/circuitbuild.h +++ b/src/or/circuitbuild.h @@ -61,6 +61,7 @@ int extend_info_supports_ntor(const extend_info_t* ei); int circuit_can_use_tap(const origin_circuit_t *circ); int circuit_has_usable_onion_key(const origin_circuit_t *circ); int extend_info_has_preferred_onion_key(const extend_info_t* ei); +const uint8_t *build_state_get_exit_rsa_id(cpath_build_state_t *state); const node_t *build_state_get_exit_node(cpath_build_state_t *state); const char *build_state_get_exit_nickname(cpath_build_state_t *state); diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index dd3a890..9b38641 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -168,6 +168,8 @@ static entry_guard_t *entry_guard_add_to_sample_impl(guard_selection_t *gs, const tor_addr_port_t *bridge_addrport); static entry_guard_t *get_sampled_guard_by_bridge_addr(guard_selection_t *gs, const tor_addr_port_t *addrport); +static int entry_guard_obeys_restriction(const entry_guard_t *guard, + const entry_guard_restriction_t *rst); /** Return 0 if we should apply guardfraction information found in the * consensus. A specific consensus can be specified with the @@ -878,13 +880,20 @@ entry_guard_learned_bridge_identity(const tor_addr_port_t *addrport, /** * Return the number of sampled guards in gs that are "filtered" * (that is, we're willing to connect to them) and that are "usable" - * (that is, either "reachable" or "maybe reachable"). */ + * (that is, either "reachable" or "maybe reachable"). + * + * If a restriction is provided in rst, do not count any guards that + * violate it. + */ STATIC int -num_reachable_filtered_guards(guard_selection_t *gs) +num_reachable_filtered_guards(guard_selection_t *gs, + const entry_guard_restriction_t *rst) { int n_reachable_filtered_guards = 0; SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { entry_guard_consider_retry(guard); +if (! entry_guard_obeys_restriction(guard, rst)) + continue; if (guard->is_usable_filtered_guard) ++n_reachable_filtered_guards; } SMARTLIST_FOREACH_END(guard); @@ -1003,7 +1012,7 @@ entry_guards_expand_sample(guard_selection_t *gs) tor_assert(gs); int n_sampled = smartlist_len(gs->sampled_entry_guards); entry_guard_t *added_guard = NULL; - int n_usable_filtered_guards = num_reachable_filtered_guards(gs); + int n_usable_filtered_guards = num_reachable_filtered_guards(gs, NULL); int n_guards = 0; smartlist_t *eligible_guards =
[tor-commits] [tor/master] Fix a magic number in get_max_sample_size
commit 9d065ecc3d9e1a34c35be2d3531696798f6ecd3e Author: Nick MathewsonDate: Tue Nov 29 14:47:39 2016 -0500 Fix a magic number in get_max_sample_size --- src/or/entrynodes.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index c624c64..9630f17 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -898,14 +898,17 @@ get_max_sample_size(guard_selection_t *gs, int n_guards) { const int using_bridges = (gs->type == GS_TYPE_BRIDGE); + const int min_sample = get_min_filtered_sample_size(); /* prop271 spec deviation with bridges, max_sample is "all of them" */ if (using_bridges) return n_guards; - else if (n_guards < 20) // prop271 spec deviation -return n_guards; + + const int max_sample = (int)(n_guards * get_max_sample_threshold()); + if (max_sample < min_sample) // prop271 spec deviation +return min_sample; else -return (int)(n_guards * get_max_sample_threshold()); +return max_sample; } /** ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Remove a few unused arguments.
commit eac8b3f758545f02fd7db58c458de19a6442044b Author: Nick MathewsonDate: Tue Nov 29 11:59:48 2016 -0500 Remove a few unused arguments. --- src/or/entrynodes.c | 21 - 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index aa90566..3ba0179 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -159,9 +159,8 @@ static void entry_guard_set_filtered_flags(const or_options_t *options, entry_guard_t *guard); static void pathbias_check_use_success_count(entry_guard_t *guard); static void pathbias_check_close_success_count(entry_guard_t *guard); -static int node_is_possible_guard(guard_selection_t *gs, const node_t *node); +static int node_is_possible_guard(const node_t *node); static int node_passes_guard_filter(const or_options_t *options, -guard_selection_t *gs, const node_t *node); static entry_guard_t *entry_guard_add_to_sample_impl(guard_selection_t *gs, const uint8_t *rsa_id_digest, @@ -530,9 +529,9 @@ choose_guard_selection(const or_options_t *options, const smartlist_t *nodes = nodelist_get_list(); int n_guards = 0, n_passing_filter = 0; SMARTLIST_FOREACH_BEGIN(nodes, const node_t *, node) { -if (node_is_possible_guard(NULL, node)) { +if (node_is_possible_guard(node)) { ++n_guards; - if (node_passes_guard_filter(options, NULL, node)) { + if (node_passes_guard_filter(options, node)) { ++n_passing_filter; } } @@ -650,13 +649,12 @@ update_guard_selection_choice(const or_options_t *options) * a possible guard when sampling guards. */ static int -node_is_possible_guard(guard_selection_t *gs, const node_t *node) +node_is_possible_guard(const node_t *node) { /* The "GUARDS" set is all nodes in the nodelist for which this predicate * holds. */ /* -- prop271 spec deviation. We require node_is_dir() here. */ - (void)gs; /* Remove this argument */ tor_assert(node); return (node->is_possible_guard && node->is_stable && @@ -930,7 +928,7 @@ get_eligible_guards(guard_selection_t *gs, } SMARTLIST_FOREACH_END(guard); SMARTLIST_FOREACH_BEGIN(nodes, const node_t *, node) { - if (! node_is_possible_guard(gs, node)) + if (! node_is_possible_guard(node)) continue; ++n_guards; if (digestset_contains(sampled_guard_ids, node->identity)) @@ -1088,7 +1086,7 @@ entry_guard_is_listed(guard_selection_t *gs, const entry_guard_t *guard) } else { const node_t *node = node_get_by_id(guard->identity); -return node && node_is_possible_guard(gs, node); +return node && node_is_possible_guard(node); } } @@ -1231,12 +1229,9 @@ sampled_guards_update_from_consensus(guard_selection_t *gs) * Return true iff node is a Tor relay that we are configured to * be able to connect to. */ static int -node_passes_guard_filter(const or_options_t *options, guard_selection_t *gs, +node_passes_guard_filter(const or_options_t *options, const node_t *node) { - /* prop271 remote the gs option; it is unused, and sometimes NULL. */ - (void)gs; - /* NOTE: Make sure that this function stays in sync with * options_transition_affects_entry_guards */ if (routerset_contains_node(options->ExcludeNodes, node)) @@ -1308,7 +1303,7 @@ entry_guard_passes_filter(const or_options_t *options, guard_selection_t *gs, return 0; } -return node_passes_guard_filter(options, gs, node); +return node_passes_guard_filter(options, node); } } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Have multiple guard contexts we can switch between.
commit 404e9e5611eff39866c2e45133a60b40d7492f7e Author: Nick MathewsonDate: Mon Nov 28 07:41:45 2016 -0500 Have multiple guard contexts we can switch between. Currently, this code doesn't actually have the contexts behave differently, (except for the legacy context), but it does switch back and forth between them nicely. --- src/or/config.c| 7 -- src/or/entrynodes.c| 270 - src/or/entrynodes.h| 50 +++-- src/or/main.c | 7 +- src/test/test_entrynodes.c | 59 +- 5 files changed, 321 insertions(+), 72 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index b7b5cff..22e5dfd 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -4536,13 +4536,6 @@ options_transition_allowed(const or_options_t *old, return -1; } - if (old->UseDeprecatedGuardAlgorithm != - new_val->UseDeprecatedGuardAlgorithm) { -*msg = tor_strdup("While Tor is running, changing " - "UseDeprecatedGuardAlgorithm is not allowed."); -return -1; - } - if (sandbox_is_active()) { #define SB_NOCHANGE_STR(opt)\ do {\ diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 6f6853e..59205a8 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -159,6 +159,10 @@ static void entry_guard_set_filtered_flags(const or_options_t *options, entry_guard_t *guard); static void pathbias_check_use_success_count(entry_guard_t *guard); static void pathbias_check_close_success_count(entry_guard_t *guard); +static int node_is_possible_guard(guard_selection_t *gs, const node_t *node); +static int node_passes_guard_filter(const or_options_t *options, +guard_selection_t *gs, +const node_t *node); /** Return 0 if we should apply guardfraction information found in the * consensus. A specific consensus can be specified with the @@ -186,12 +190,25 @@ should_apply_guardfraction(const networkstatus_t *ns) * Allocate and return a new guard_selection_t, with the name name. */ STATIC guard_selection_t * -guard_selection_new(const char *name) +guard_selection_new(const char *name, +guard_selection_type_t type) { guard_selection_t *gs; + if (type == GS_TYPE_INFER) { +if (!strcmp(name, "legacy")) + type = GS_TYPE_LEGACY; +else if (!strcmp(name, "bridges")) + type = GS_TYPE_BRIDGE; +else if (!strcmp(name, "restricted")) + type = GS_TYPE_RESTRICTED; +else + type = GS_TYPE_NORMAL; + } + gs = tor_malloc_zero(sizeof(*gs)); gs->name = tor_strdup(name); + gs->type = type; gs->chosen_entry_guards = smartlist_new(); gs->sampled_entry_guards = smartlist_new(); gs->confirmed_entry_guards = smartlist_new(); @@ -206,7 +223,9 @@ guard_selection_new(const char *name) * is none, and create_if_absent is false, then return NULL. */ STATIC guard_selection_t * -get_guard_selection_by_name(const char *name, int create_if_absent) +get_guard_selection_by_name(const char *name, +guard_selection_type_t type, +int create_if_absent) { if (!guard_contexts) { guard_contexts = smartlist_new(); @@ -219,31 +238,42 @@ get_guard_selection_by_name(const char *name, int create_if_absent) if (! create_if_absent) return NULL; - guard_selection_t *new_selection = guard_selection_new(name); + log_debug(LD_GUARD, "Creating a guard selection called %s", name); + guard_selection_t *new_selection = guard_selection_new(name, type); smartlist_add(guard_contexts, new_selection); - const char *default_name = get_options()->UseDeprecatedGuardAlgorithm ? -"legacy" : "default"; - - if (!strcmp(name, default_name)) -curr_guard_context = new_selection; - return new_selection; } -/** Get current default guard_selection_t, creating it if necessary */ -guard_selection_t * -get_guard_selection_info(void) +/** + * Allocate the first guard context that we're planning to use, + * and make it the current context. + */ +static void +create_initial_guard_context(void) { + tor_assert(! curr_guard_context); if (!guard_contexts) { guard_contexts = smartlist_new(); } + guard_selection_type_t type = GS_TYPE_INFER; + const char *name = choose_guard_selection( + get_options(), + networkstatus_get_live_consensus(approx_time()), + NULL, + ); + tor_assert(name); // "name" can only be NULL if we had an old name. + tor_assert(type != GS_TYPE_INFER); + log_notice(LD_GUARD, "Starting with guard context \"%s\"", name); + curr_guard_context = get_guard_selection_by_name_and_type(name, type);
[tor-commits] [tor/master] Add a backpointer from entry_guard_t to guard_selection_t
commit 6dcbc24a4e9da3d46dc9fa1c225982f7088a6e34 Author: Nick MathewsonDate: Mon Nov 28 10:50:36 2016 -0500 Add a backpointer from entry_guard_t to guard_selection_t This is safe, because no entry_guard_t ever outlives its guard_selection_t. I want this because now that multiple guard selections can be active during one tor session, we should make sure that any information we register about guards is with respect to the selection that they came from. --- src/or/entrynodes.c | 52 +--- src/or/entrynodes.h | 1 + 2 files changed, 42 insertions(+), 11 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 59205a8..e0626cf 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -722,6 +722,7 @@ entry_guard_add_to_sample(guard_selection_t *gs, guard->is_reachable = GUARD_REACHABLE_MAYBE; smartlist_add(gs->sampled_entry_guards, guard); + guard->in_selection = gs; entry_guard_set_filtered_flags(get_options(), gs, guard); entry_guards_changed_for_guard_selection(gs); return guard; @@ -1743,6 +1744,8 @@ entry_guard_succeeded(guard_selection_t *gs, if (! guard) return -1; + tor_assert(gs == guard->in_selection); // prop271 remove argument + unsigned newstate = entry_guards_note_guard_success(gs, guard, (*guard_state_p)->state); @@ -1772,6 +1775,8 @@ entry_guard_cancel(guard_selection_t *gs, if (! guard) return; + tor_assert(gs == guard->in_selection); // prop271 remove argument + /* prop271 -- last_tried_to_connect_at will be erroneous here, but this * function will only get called in "bug" cases anyway. */ guard->is_pending = 0; @@ -1798,6 +1803,8 @@ entry_guard_failed(guard_selection_t *gs, if (! guard) return; + tor_assert(gs == guard->in_selection); // prop271 remove argument + entry_guards_note_guard_failure(gs, guard); (*guard_state_p)->state = GUARD_CIRC_STATE_DEAD; @@ -1876,7 +1883,7 @@ circ_state_has_higher_priority(origin_circuit_t *a, } /** - * Look at all of the origin_circuit_t * objects in all_circuits, + * Look at all of the origin_circuit_t * objects in all_circuits_in, * and see if any of them that were previously not ready to use for * guard-related reasons are now ready to use. Place those circuits * in newly_complete_out, and mark them COMPLETE. @@ -1885,11 +1892,11 @@ circ_state_has_higher_priority(origin_circuit_t *a, */ int entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, - const smartlist_t *all_circuits, + const smartlist_t *all_circuits_in, smartlist_t *newly_complete_out) { tor_assert(gs); - tor_assert(all_circuits); + tor_assert(all_circuits_in); tor_assert(newly_complete_out); if (! entry_guards_all_primary_guards_are_down(gs)) { @@ -1904,10 +1911,24 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, int n_complete = 0; origin_circuit_t *best_waiting_circuit = NULL; origin_circuit_t *best_complete_circuit = NULL; - SMARTLIST_FOREACH_BEGIN(all_circuits, origin_circuit_t *, circ) { + smartlist_t *all_circuits = smartlist_new(); + SMARTLIST_FOREACH_BEGIN(all_circuits_in, origin_circuit_t *, circ) { +// We filter out circuits that aren't ours, or which we can't +// reason about. circuit_guard_state_t *state = origin_circuit_get_guard_state(circ); if (state == NULL) continue; +entry_guard_t *guard = entry_guard_handle_get(state->guard); +if (!guard || guard->in_selection != gs) + continue; + +smartlist_add(all_circuits, circ); + } SMARTLIST_FOREACH_END(circ); + + SMARTLIST_FOREACH_BEGIN(all_circuits, origin_circuit_t *, circ) { +circuit_guard_state_t *state = origin_circuit_get_guard_state(circ); +if BUG((state == NULL)) + continue; if (state->state == GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD) { ++n_waiting; @@ -1927,7 +1948,7 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, if (! best_waiting_circuit) { log_debug(LD_GUARD, "Considered upgrading guard-stalled circuits, " "but didn't find any."); -return 0; +goto no_change; } if (best_complete_circuit) { @@ -1940,8 +1961,7 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, "%d complete and %d guard-stalled. At least one complete " "circuit had higher priority, so not upgrading.", n_complete, n_waiting); - - return 0; + goto no_change; } } @@ -1959,7 +1979,7 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, approx_time() - get_nonprimary_guard_connect_timeout(); SMARTLIST_FOREACH_BEGIN(all_circuits, origin_circuit_t *, circ) { circuit_guard_state_t *state = origin_circuit_get_guard_state(circ); -
[tor-commits] [tor/master] Lay down some infrastructure for bridges in the New Guard Order.
commit 1d52ac4d3f67a6e3fac3602f87d00c14060068ab Author: Nick MathewsonDate: Tue Nov 29 08:04:41 2016 -0500 Lay down some infrastructure for bridges in the New Guard Order. This includes: * making bridge_info_t exposed but opaque * allowing guards where we don't know an identity * making it possible to learn the identity of a guard * creating a guard that lacks a node_t * remembering a guard's address and port. * Looking up a guard by address and port. * Only enforcing the rule that we need a live consensus to update the "listed" status for guards when we are not using bridges. --- src/common/address.c | 8 +++ src/common/address.h | 2 + src/or/bridges.c | 44 - src/or/bridges.h | 6 ++ src/or/entrynodes.c| 161 + src/or/entrynodes.h| 18 - src/test/test_entrynodes.c | 10 +++ 7 files changed, 233 insertions(+), 16 deletions(-) diff --git a/src/common/address.c b/src/common/address.c index 773e688..1bb0c07 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -2121,3 +2121,11 @@ tor_addr_port_new(const tor_addr_t *addr, uint16_t port) return ap; } +/** Return true iff a and b are the same address and port */ +int +tor_addr_port_eq(const tor_addr_port_t *a, + const tor_addr_port_t *b) +{ + return tor_addr_eq(>addr, >addr) && a->port == b->port; +} + diff --git a/src/common/address.h b/src/common/address.h index 51db42c..41daf01 100644 --- a/src/common/address.h +++ b/src/common/address.h @@ -342,6 +342,8 @@ get_interface_address_list(int severity, int include_internal) } tor_addr_port_t *tor_addr_port_new(const tor_addr_t *addr, uint16_t port); +int tor_addr_port_eq(const tor_addr_port_t *a, + const tor_addr_port_t *b); #ifdef ADDRESS_PRIVATE MOCK_DECL(smartlist_t *,get_interface_addresses_raw,(int severity, diff --git a/src/or/bridges.c b/src/or/bridges.c index 2170cc6..f16acfa 100644 --- a/src/or/bridges.c +++ b/src/or/bridges.c @@ -28,7 +28,9 @@ /** Information about a configured bridge. Currently this just matches the * ones in the torrc file, but one day we may be able to learn about new * bridges on our own, and remember them in the state file. */ -typedef struct { +struct bridge_info_t { + /** Address and port of the bridge, as configured by the user.*/ + tor_addr_port_t addrport_configured; /** Address of the bridge. */ tor_addr_t addr; /** TLS port for the bridge. */ @@ -49,7 +51,7 @@ typedef struct { /** A smartlist of k=v values to be passed to the SOCKS proxy, if transports are used for this bridge. */ smartlist_t *socks_args; -} bridge_info_t; +}; static void bridge_free(bridge_info_t *bridge); @@ -111,6 +113,40 @@ bridge_free(bridge_info_t *bridge) tor_free(bridge); } +/** Return a list of all the configured bridges, as bridge_info_t pointers. */ +const smartlist_t * +bridge_list_get(void) +{ + if (!bridge_list) +bridge_list = smartlist_new(); + return bridge_list; +} + +/** + * Given a bridge, return a pointer to its RSA identity digest, or + * NULL if we don't know one for it. + */ +const uint8_t * +bridge_get_rsa_id_digest(const bridge_info_t *bridge) +{ + tor_assert(bridge); + if (tor_digest_is_zero(bridge->identity)) +return NULL; + else +return (const uint8_t *) bridge->identity; +} + +/** + * Given a bridge, return a pointer to its configured addr:port + * combination. + */ +const tor_addr_port_t * +bridge_get_addr_port(const bridge_info_t *bridge) +{ + tor_assert(bridge); + return >addrport_configured; +} + /** If we have a bridge configured whose digest matches digest, or a * bridge with no known digest whose address matches any of the * tor_addr_port_t's in orports, return that bridge. Else return @@ -243,6 +279,7 @@ learned_router_identity(const tor_addr_t *addr, uint16_t port, hex_str(digest, DIGEST_LEN), fmt_addrport(addr, port), transport_info ? transport_info : ""); tor_free(transport_info); +// prop271 here. we will need to update the guard info too. } } @@ -361,6 +398,8 @@ bridge_add_from_config(bridge_line_t *bridge_line) bridge_line->transport_name); b = tor_malloc_zero(sizeof(bridge_info_t)); + tor_addr_copy(>addrport_configured.addr, _line->addr); + b->addrport_configured.port = bridge_line->port; tor_addr_copy(>addr, _line->addr); b->port = bridge_line->port; memcpy(b->identity, bridge_line->digest, DIGEST_LEN); @@ -718,6 +757,7 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) fmt_and_decorate_addr(>addr), (int) bridge->port); } + // prop271 here we will need to update the guard info too. add_bridge_as_entry_guard(get_guard_selection_info(), node);
[tor-commits] [tor/master] Remove guard_selection argument from status-reporting functions
commit 89f5f149df984bab00de9868a9305b611c4aa17e Author: Nick MathewsonDate: Mon Nov 28 11:04:28 2016 -0500 Remove guard_selection argument from status-reporting functions This prevents us from mixing up multiple guard_selections --- src/or/circuitbuild.c | 3 +-- src/or/circuitlist.c | 2 +- src/or/circuituse.c| 2 +- src/or/connection.c| 2 +- src/or/connection_or.c | 6 ++ src/or/directory.c | 9 - src/or/entrynodes.c| 31 ++- src/or/entrynodes.h| 12 src/test/test_entrynodes.c | 26 +- 9 files changed, 37 insertions(+), 56 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 16b53f6..5d0a04f 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -976,8 +976,7 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) } r = 1; } else { -r = entry_guard_succeeded(get_guard_selection_info(), - >guard_state); +r = entry_guard_succeeded(>guard_state); } const int is_usable_for_streams = (r == 1); if (r == 1) { diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 0afe2f8..b25f817 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -898,7 +898,7 @@ circuit_free(circuit_t *circ) /* Cancel before freeing, if we haven't already succeeded or failed. */ if (ocirc->guard_state) { - entry_guard_cancel(get_guard_selection_info(), >guard_state); + entry_guard_cancel(>guard_state); } circuit_guard_state_free(ocirc->guard_state); diff --git a/src/or/circuituse.c b/src/or/circuituse.c index b925729..698b158 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1653,7 +1653,7 @@ circuit_build_failed(origin_circuit_t *circ) } if (n_chan_id && !already_marked) { if (circ->guard_state) -entry_guard_failed(get_guard_selection_info(), >guard_state); +entry_guard_failed(>guard_state); /* prop271 -- old API */ entry_guard_register_connect_status(n_chan_id, 0, 1, time(NULL)); /* if there are any one-hop streams waiting on this circuit, fail diff --git a/src/or/connection.c b/src/or/connection.c index 25c75ff..87f0f91 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -636,7 +636,7 @@ connection_free_(connection_t *conn) rend_data_free(dir_conn->rend_data); if (dir_conn->guard_state) { /* Cancel before freeing, if it's still there. */ - entry_guard_cancel(get_guard_selection_info(), _conn->guard_state); + entry_guard_cancel(_conn->guard_state); } circuit_guard_state_free(dir_conn->guard_state); } diff --git a/src/or/connection_or.c b/src/or/connection_or.c index fefcc86..14d5979 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -735,8 +735,7 @@ connection_or_about_to_close(or_connection_t *or_conn) const or_options_t *options = get_options(); connection_or_note_state_when_broken(or_conn); rep_hist_note_connect_failed(or_conn->identity_digest, now); - entry_guard_chan_failed(get_guard_selection_info(), - TLS_CHAN_TO_BASE(or_conn->chan)); + entry_guard_chan_failed(TLS_CHAN_TO_BASE(or_conn->chan)); /* prop271 -- old API */ entry_guard_register_connect_status(or_conn->identity_digest,0, !options->HTTPSProxy, now); @@ -1676,8 +1675,7 @@ connection_or_client_learned_peer_id(or_connection_t *conn, "Tried connecting to router at %s:%d, but identity key was not " "as expected: wanted %s but got %s.%s", conn->base_.address, conn->base_.port, expected, seen, extra_log); -entry_guard_chan_failed(get_guard_selection_info(), -TLS_CHAN_TO_BASE(conn->chan)); +entry_guard_chan_failed(TLS_CHAN_TO_BASE(conn->chan)); /* prop271 old API */ entry_guard_register_connect_status(conn->identity_digest, 0, 1, time(NULL)); diff --git a/src/or/directory.c b/src/or/directory.c index 4164672..6fc8809 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -902,7 +902,7 @@ connection_dir_request_failed(dir_connection_t *conn) if (conn->guard_state) { /* We haven't seen a success on this guard state, so consider it to have * failed. */ -entry_guard_failed(get_guard_selection_info(), >guard_state); +entry_guard_failed(>guard_state); } if (directory_conn_is_self_reachability_test(conn)) { return; /* this was a test fetch. don't retry. */ @@ -1271,7 +1271,7 @@ directory_initiate_command_rend(const tor_addr_port_t *or_addr_port, // In this case we should not have picked a directory guard. if (BUG(guard_state)) { - entry_guard_cancel(get_guard_selection_info(), _state); +
[tor-commits] [tor/master] More progress on bridge implementation with prop271 guards
commit 3bcbbea350ccab4bc25b191fcce1dd3fc63775d3 Author: Nick MathewsonDate: Tue Nov 29 11:26:55 2016 -0500 More progress on bridge implementation with prop271 guards Here we handle most (all?) of the remaining tasks, and fix some bugs, in the prop271 bridge implementation. * We record bridge identities as we learn them. * We only call deprecated functions from bridges.c when the deprecated guard algorithm is in use. * We update any_bridge_descriptors_known() and num_bridges_usable() to work correctly with the new backend code. (Previously, they called into the guard selection logic. * We update bridge directory fetches to work with the new guard code. * We remove some erroneous assertions where we assumed that we'd never load a guard that wasn't for the current selection. Also, we fix a couple of typos. --- src/or/bridges.c| 34 ++ src/or/directory.c | 29 +++-- src/or/entrynodes.c | 38 ++ 3 files changed, 71 insertions(+), 30 deletions(-) diff --git a/src/or/bridges.c b/src/or/bridges.c index 8090bae..c480e3f 100644 --- a/src/or/bridges.c +++ b/src/or/bridges.c @@ -279,7 +279,8 @@ learned_router_identity(const tor_addr_t *addr, uint16_t port, hex_str(digest, DIGEST_LEN), fmt_addrport(addr, port), transport_info ? transport_info : ""); tor_free(transport_info); -// prop271 here. we will need to update the guard info too. +entry_guard_learned_bridge_identity(>addrport_configured, +(const uint8_t *)digest); } } @@ -741,16 +742,21 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) fmt_and_decorate_addr(>addr), (int) bridge->port); } - // prop271 here we will need to update the guard info too. - add_bridge_as_entry_guard(get_guard_selection_info(), node); + if (get_options()->UseDeprecatedGuardAlgorithm) { +add_bridge_as_entry_guard(get_guard_selection_info(), node); + } else { +entry_guard_learned_bridge_identity(>addrport_configured, + (const uint8_t*)ri->cache_info.identity_digest); + } log_notice(LD_DIR, "new bridge descriptor '%s' (%s): %s", ri->nickname, from_cache ? "cached" : "fresh", router_describe(ri)); /* set entry->made_contact so if it goes down we don't drop it from * our entry node list */ - // prop271 use new interface here when we hit bridges? - entry_guard_register_connect_status(ri->cache_info.identity_digest, - 1, 0, now); + if (get_options()->UseDeprecatedGuardAlgorithm) { +entry_guard_register_connect_status(ri->cache_info.identity_digest, +1, 0, now); + } if (first) { routerlist_retry_directory_downloads(now); } @@ -768,8 +774,20 @@ int any_bridge_descriptors_known(void) { tor_assert(get_options()->UseBridges); - // prop271 this needs to get fixed. -- bridges - return choose_random_entry(NULL) != NULL; + + if (!bridge_list) +return 0; + + SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge) { +const node_t *node; +if (!tor_digest_is_zero(bridge->identity) && +(node = node_get_by_id(bridge->identity)) != NULL && +node->ri) { + return 1; +} + } SMARTLIST_FOREACH_END(bridge); + + return 0; } /** Return a smartlist containing all bridge identity digests */ diff --git a/src/or/directory.c b/src/or/directory.c index 6fc8809..9c039a0 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -560,26 +560,35 @@ MOCK_IMPL(void, directory_get_from_dirserver, ( * sort of dir fetch we'll be doing, so it won't return a bridge * that can't answer our question. */ - // prop271 update this for bridge support. - const node_t *node = choose_random_dirguard(type); + const node_t *node = guards_choose_dirguard(type, + _state); if (node && node->ri) { /* every bridge has a routerinfo. */ routerinfo_t *ri = node->ri; /* clients always make OR connections to bridges */ tor_addr_port_t or_ap; +tor_addr_port_t nil_dir_ap; /* we are willing to use a non-preferred address if we need to */ fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0, _ap); -directory_initiate_command(_ap.addr, or_ap.port, - NULL, 0, /*no dirport*/ - ri->cache_info.identity_digest, - dir_purpose, -
[tor-commits] [tor/master] Note some large functions that could be split.
commit 46619ec9143450b181a8510011d3e3fd92542aa4 Author: Nick MathewsonDate: Tue Nov 29 11:34:37 2016 -0500 Note some large functions that could be split. George Kadianakis pointed these out. --- src/or/entrynodes.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 004081e..af1869f 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1099,6 +1099,7 @@ entry_guard_is_listed(guard_selection_t *gs, const entry_guard_t *guard) STATIC void sampled_guards_update_from_consensus(guard_selection_t *gs) { + /* prop271 consider splitting this function up. */ tor_assert(gs); const int REMOVE_UNLISTED_GUARDS_AFTER = (get_remove_unlisted_guards_after_days() * 86400); @@ -1503,6 +1504,7 @@ make_guard_confirmed(guard_selection_t *gs, entry_guard_t *guard) STATIC void entry_guards_update_primary(guard_selection_t *gs) { + /* prop271 consider splitting this function up. */ tor_assert(gs); // prevent recursion. Recursion is potentially very bad here. @@ -1697,6 +1699,7 @@ entry_guards_note_internet_connectivity(guard_selection_t *gs) STATIC entry_guard_t * select_entry_guard_for_circuit(guard_selection_t *gs, unsigned *state_out) { + /* prop271 consider splitting this function up. */ tor_assert(gs); tor_assert(state_out); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Re-enable some disabled tests about switching guard_selections
commit 6c3f555a8c4d33b8f9dcdc55c03bee8170feb65f Author: Nick MathewsonDate: Tue Nov 29 14:28:43 2016 -0500 Re-enable some disabled tests about switching guard_selections --- src/test/test_entrynodes.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 6a3048b..e3a9d18 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -1276,18 +1276,18 @@ test_entry_guard_get_guard_selection_by_name(void *arg) tt_assert(gs3 != NULL); tt_assert(gs3 != gs2); tt_assert(gs3 != gs1); - // prop271 re-enable this. tt_assert(gs3 == get_guard_selection_info()); + tt_assert(gs3 == get_guard_selection_info()); -#if 0 or_options_t *options = get_options_mutable(); options->UseDeprecatedGuardAlgorithm = 1; - gs4 = get_guard_selection_info(); + update_guard_selection_choice(options); + guard_selection_t *gs4 = get_guard_selection_info(); tt_assert(gs4 != gs3); - tt_assert(gs4 == get_guard_selection_by_name("legacy", 1)); + tt_assert(gs4 == get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 1)); options->UseDeprecatedGuardAlgorithm = 0; + update_guard_selection_choice(options); tt_assert(gs3 == get_guard_selection_info()); -#endif done: entry_guards_free_all(); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Test for entry_guard_has_higher_priority().
commit fcb50f18398791c2a6e6c78465ab12012d3991e7 Author: Nick MathewsonDate: Sun Nov 27 14:48:17 2016 -0500 Test for entry_guard_has_higher_priority(). --- src/test/test_entrynodes.c | 49 ++ 1 file changed, 49 insertions(+) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 4678c77..eaba3c4 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -2094,6 +2094,54 @@ test_entry_guard_manage_primary(void *arg) } static void +test_entry_guard_guard_preferred(void *arg) +{ + (void) arg; + entry_guard_t *g1 = tor_malloc_zero(sizeof(entry_guard_t)); + entry_guard_t *g2 = tor_malloc_zero(sizeof(entry_guard_t)); + + g1->confirmed_idx = g2->confirmed_idx = -1; + g1->last_tried_to_connect = approx_time(); + g2->last_tried_to_connect = approx_time(); + + tt_int_op(0, OP_EQ, entry_guard_has_higher_priority(g1, g1)); + + /* Neither is pending; priorities equal. */ + tt_int_op(0, OP_EQ, entry_guard_has_higher_priority(g2, g1)); + tt_int_op(0, OP_EQ, entry_guard_has_higher_priority(g1, g2)); + + /* If one is pending, the pending one has higher priority */ + g1->is_pending = 1; + tt_int_op(1, OP_EQ, entry_guard_has_higher_priority(g1, g2)); + tt_int_op(0, OP_EQ, entry_guard_has_higher_priority(g2, g1)); + + /* If both are pending, and last_tried_to_connect is equal: + priorities equal */ + g2->is_pending = 1; + tt_int_op(0, OP_EQ, entry_guard_has_higher_priority(g2, g1)); + tt_int_op(0, OP_EQ, entry_guard_has_higher_priority(g1, g2)); + + /* One had a connection that startied earlier: it has higher priority. */ + g2->last_tried_to_connect -= 10; + tt_int_op(1, OP_EQ, entry_guard_has_higher_priority(g2, g1)); + tt_int_op(0, OP_EQ, entry_guard_has_higher_priority(g1, g2)); + + /* Now, say that g1 is confirmed. It will get higher priority. */ + g1->confirmed_idx = 5; + tt_int_op(0, OP_EQ, entry_guard_has_higher_priority(g2, g1)); + tt_int_op(1, OP_EQ, entry_guard_has_higher_priority(g1, g2)); + + /* But if g2 was confirmed first, it will get priority */ + g2->confirmed_idx = 2; + tt_int_op(1, OP_EQ, entry_guard_has_higher_priority(g2, g1)); + tt_int_op(0, OP_EQ, entry_guard_has_higher_priority(g1, g2)); + + done: + tor_free(g1); + tor_free(g2); +} + +static void test_entry_guard_select_for_circuit_no_confirmed(void *arg) { /* Simpler cases: no gaurds are confirmed yet. */ @@ -2578,6 +2626,7 @@ struct testcase_t entrynodes_tests[] = { BFN_TEST(sample_reachable_filtered_empty), BFN_TEST(retry_unreachable), BFN_TEST(manage_primary), + { "guard_preferred", test_entry_guard_guard_preferred, TT_FORK, NULL, NULL }, BFN_TEST(select_for_circuit_no_confirmed), BFN_TEST(select_for_circuit_confirmed), BFN_TEST(select_for_circuit_highlevel_primary), ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Test no-consensus case for filter.
commit 9cad2628dd8c22d41f0e3c47bcd4c926e733f4c3 Author: Nick MathewsonDate: Wed Nov 23 15:32:48 2016 -0500 Test no-consensus case for filter. --- src/test/test_entrynodes.c | 14 ++ 1 file changed, 14 insertions(+) diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 785503b..de36142 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -1391,6 +1391,20 @@ test_entry_guard_node_filter(void *arg) } tt_int_op(num_reachable_filtered_guards(gs), OP_EQ, 1); + /* Now make sure we have no live consensus, and no nodes. Nothing should + * pass the filter any more. */ + tor_free(dummy_consensus); + dummy_consensus = NULL; + SMARTLIST_FOREACH(big_fake_net_nodes, node_t *, node, { +memset(node->identity, 0xff, 20); + }); + entry_guards_update_filtered_sets(gs); + for (i = 0; i < NUM; ++i) { +tt_assert(g[i]->is_filtered_guard == 0); +tt_assert(g[i]->is_usable_filtered_guard == 0); + } + tt_int_op(num_reachable_filtered_guards(gs), OP_EQ, 0); + done: guard_selection_free(gs); tor_free(bl); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Unit tests for entry_guard_{pick_for_circuit, succeeded, failed}
commit c6d218c44b723bbc02efc43d89507c7305137e5a Author: Nick MathewsonDate: Sun Nov 27 13:55:36 2016 -0500 Unit tests for entry_guard_{pick_for_circuit,succeeded,failed} --- src/or/entrynodes.c| 2 +- src/or/entrynodes.h| 1 + src/test/test_entrynodes.c | 262 + 3 files changed, 264 insertions(+), 1 deletion(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 0650cbe..6f6853e 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1628,7 +1628,7 @@ entry_guard_chan_failed(guard_selection_t *gs, * Return true iff every primary guard in gs is believed to * be unreachable. */ -static int +STATIC int entry_guards_all_primary_guards_are_down(guard_selection_t *gs) { tor_assert(gs); diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 0ed94cb..a0f4c2e 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -434,6 +434,7 @@ STATIC char *entry_guard_encode_for_state(entry_guard_t *guard); STATIC entry_guard_t *entry_guard_parse_from_state(const char *s); STATIC void entry_guard_free(entry_guard_t *e); STATIC void entry_guards_update_filtered_sets(guard_selection_t *gs); +STATIC int entry_guards_all_primary_guards_are_down(guard_selection_t *gs); /** * @name Flags for sample_reachable_filtered_entry_guards() */ diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index ee08375..4678c77 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -3,6 +3,7 @@ #include "orconfig.h" +#define CIRCUITLIST_PRIVATE #define STATEFILE_PRIVATE #define ENTRYNODES_PRIVATE #define ROUTERLIST_PRIVATE @@ -11,6 +12,7 @@ #include "test.h" #include "bridges.h" +#include "circuitlist.h" #include "config.h" #include "entrynodes.h" #include "nodelist.h" @@ -2251,6 +2253,263 @@ test_entry_guard_select_for_circuit_confirmed(void *arg) guard_selection_free(gs); } +static void +test_entry_guard_select_for_circuit_highlevel_primary(void *arg) +{ + /* Play around with selecting primary guards for circuits and markign + * them up and down */ + (void)arg; + guard_selection_t *gs = guard_selection_new("default"); + + time_t start = approx_time(); + + const node_t *node = NULL; + circuit_guard_state_t *guard = NULL; + entry_guard_t *g; + /* + * Make sure that the pick-for-circuit API basically works. We'll get + * a primary guard, so it'll be usable on completion. + */ + int r = entry_guard_pick_for_circuit(gs, , ); + + tt_assert(r == 0); + tt_assert(node); + tt_assert(guard); + tt_int_op(guard->state, OP_EQ, GUARD_CIRC_STATE_USABLE_ON_COMPLETION); + g = entry_guard_handle_get(guard->guard); + tt_assert(g); + tt_mem_op(g->identity, OP_EQ, node->identity, DIGEST_LEN); + tt_int_op(g->is_primary, OP_EQ, 1); + tt_i64_op(g->last_tried_to_connect, OP_EQ, start); + tt_int_op(g->confirmed_idx, OP_EQ, -1); + + /* Call that circuit successful. */ + update_approx_time(start+15); + r = entry_guard_succeeded(gs, ); + tt_int_op(r, OP_EQ, 1); /* We can use it now. */ + tt_assert(guard); + tt_int_op(guard->state, OP_EQ, GUARD_CIRC_STATE_COMPLETE); + g = entry_guard_handle_get(guard->guard); + tt_assert(g); + tt_int_op(g->is_reachable, OP_EQ, GUARD_REACHABLE_YES); + tt_int_op(g->confirmed_idx, OP_EQ, 0); + + circuit_guard_state_free(guard); + guard = NULL; + node = NULL; + g = NULL; + + /* Try again. We'll also get a primary guard this time. (The same one, + in fact.) But this time, we'll say the connection has failed. */ + update_approx_time(start+35); + r = entry_guard_pick_for_circuit(gs, , ); + tt_assert(r == 0); + tt_assert(node); + tt_assert(guard); + tt_int_op(guard->state, OP_EQ, GUARD_CIRC_STATE_USABLE_ON_COMPLETION); + tt_i64_op(guard->state_set_at, OP_EQ, start+35); + g = entry_guard_handle_get(guard->guard); + tt_assert(g); + tt_mem_op(g->identity, OP_EQ, node->identity, DIGEST_LEN); + tt_int_op(g->is_primary, OP_EQ, 1); + tt_i64_op(g->last_tried_to_connect, OP_EQ, start+35); + tt_int_op(g->confirmed_idx, OP_EQ, 0); // same one. + + /* It's failed! What will happen to our poor guard? */ + update_approx_time(start+45); + entry_guard_failed(gs, ); + tt_assert(guard); + tt_int_op(guard->state, OP_EQ, GUARD_CIRC_STATE_DEAD); + tt_i64_op(guard->state_set_at, OP_EQ, start+45); + g = entry_guard_handle_get(guard->guard); + tt_assert(g); + tt_int_op(g->is_reachable, OP_EQ, GUARD_REACHABLE_NO); + tt_i64_op(g->failing_since, OP_EQ, start+45); + tt_int_op(g->confirmed_idx, OP_EQ, 0); // still confirmed. + + circuit_guard_state_free(guard); + guard = NULL; + node = NULL; + entry_guard_t *g_prev = g; + g = NULL; + + /* Now try a third time. Since the other one is down, we'll get a different + * (still primary) guard. + */ + update_approx_time(start+60); + r = entry_guard_pick_for_circuit(gs, , ); + tt_assert(r == 0); + tt_assert(node); + tt_assert(guard); +
[tor-commits] [tor/master] When freeing a guard state, cancel it if its state is unknown
commit f71be7434074a1b7f8508b96cbf55cee44afb993 Author: Nick MathewsonDate: Wed Nov 23 09:15:51 2016 -0500 When freeing a guard state, cancel it if its state is unknown We don't want a guard to stay "pending" forever if the circuit_guard_state_t for it is freed before it succeeds or fails. --- src/or/circuitlist.c | 5 + src/or/connection.c | 4 2 files changed, 9 insertions(+) diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 2a03f8a..9d7a5d7 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -885,6 +885,11 @@ circuit_free(circuit_t *circ) cpath_ref_decref(ocirc->build_state->service_pending_final_cpath_ref); } tor_free(ocirc->build_state); + +/* Cancel before freeing, if we haven't already succeeded or failed. */ +if (ocirc->guard_state) { + entry_guard_cancel(get_guard_selection_info(), >guard_state); +} circuit_guard_state_free(ocirc->guard_state); circuit_clear_cpath(ocirc); diff --git a/src/or/connection.c b/src/or/connection.c index c2a7a87..25c75ff 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -634,6 +634,10 @@ connection_free_(connection_t *conn) cached_dir_decref(dir_conn->cached_dir); rend_data_free(dir_conn->rend_data); +if (dir_conn->guard_state) { + /* Cancel before freeing, if it's still there. */ + entry_guard_cancel(get_guard_selection_info(), _conn->guard_state); +} circuit_guard_state_free(dir_conn->guard_state); } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Move the 'dirty' flag for the guards to a global again
commit e56bc1e5de05d9bc6876d91d364d33f0771eb322 Author: Nick MathewsonDate: Wed Nov 23 15:48:10 2016 -0500 Move the 'dirty' flag for the guards to a global again It makes more sense to have a single dirty flag, since we always regenerate the whole state file when we save it. --- src/or/entrynodes.c | 28 src/or/entrynodes.h | 10 -- 2 files changed, 16 insertions(+), 22 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 1501bf7..951ce15 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -145,6 +145,10 @@ static smartlist_t *guard_contexts = NULL; static guard_selection_t *curr_guard_context = NULL; +/** A value of 1 means that at least one context has changed, + * and those changes need to be flushed to disk. */ +static int entry_guards_dirty = 0; + static const node_t *choose_random_entry_impl(guard_selection_t *gs, cpath_build_state_t *state, int for_directory, @@ -2027,7 +2031,6 @@ entry_guards_update_guards_in_state(or_state_t *state) (*nextline)->value = entry_guard_encode_for_state(guard); nextline = &(*nextline)->next; } SMARTLIST_FOREACH_END(guard); -gs->dirty = 0; } SMARTLIST_FOREACH_END(gs); config_free_lines(state->Guard); @@ -3685,11 +3688,11 @@ entry_guards_parse_state_for_guard_selection( smartlist_free(gs->chosen_entry_guards); } gs->chosen_entry_guards = new_entry_guards; -gs->dirty = 0; + /* XXX hand new_entry_guards to this func, and move it up a * few lines, so we don't have to re-dirty it */ if (remove_obsolete_entry_guards(gs, now)) - gs->dirty = 1; + entry_guards_dirty = 1; } digestmap_free(added_by, tor_free_); return *msg ? -1 : 0; @@ -3704,12 +3707,16 @@ entry_guards_parse_state_for_guard_selection( int entry_guards_parse_state(or_state_t *state, int set, char **msg) { + entry_guards_dirty = 0; + int r1 = entry_guards_load_guards_from_state(state, set); int r2 = entry_guards_parse_state_for_guard_selection( get_guard_selection_by_name("legacy", 1), state, set, msg); + entry_guards_dirty = 0; + if (r1 < 0 || r2 < 0) { if (msg && *msg == NULL) { *msg = tor_strdup("parsing error"); // prop271 should we try harder? @@ -3737,7 +3744,7 @@ entry_guards_changed_for_guard_selection(guard_selection_t *gs) tor_assert(gs != NULL); - gs->dirty = 1; + entry_guards_dirty = 1; if (get_options()->AvoidDiskWrites) when = time(NULL) + SLOW_GUARD_STATE_FLUSH_TIME; @@ -3764,26 +3771,23 @@ entry_guards_changed(void) * Otherwise, free the EntryGuards piece of state and create * a new one out of the global entry_guards list, and then mark * state dirty so it will get saved to disk. - * - * XXX this should get totally redesigned around storing multiple - * entry guard contexts. For the initial refactor we'll just - * always use the current default. Fix it as soon as we actually - * have any way that default can change. */ void entry_guards_update_state(or_state_t *state) { config_line_t **next, *line; + entry_guards_dirty = 0; + // Handles all non-legacy guard info. entry_guards_update_guards_in_state(state); + entry_guards_dirty = 0; + guard_selection_t *gs = get_guard_selection_by_name("legacy", 0); if (!gs) return; // nothign to save. tor_assert(gs->chosen_entry_guards != NULL); - if (!gs->dirty) -return; config_free_lines(state->EntryGuards); next = >EntryGuards; @@ -3854,7 +3858,7 @@ entry_guards_update_state(or_state_t *state) } SMARTLIST_FOREACH_END(e); if (!get_options()->AvoidDiskWrites) or_state_mark_dirty(get_or_state(), 0); - gs->dirty = 0; + entry_guards_dirty = 0; } /** If question is the string "entry-guards", then dump diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 285664d..ec24011 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -213,16 +213,6 @@ struct guard_selection_s { char *name; /** - * A value of 1 means that guard_selection_t structures have changed - * and those changes need to be flushed to disk. - * - * XXX prop271 we don't know how to flush multiple guard contexts to - * disk yet; fix that as soon as any way to change the default exists, - * or at least make sure this gets set on change. - */ - int dirty; - - /** * A value of 1 means that primary_entry_guards is up-to-date; 0 * means we need to recalculate it before using primary_entry_guards * or the is_primary flag on any guard. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Don't call into the new guard algorithm when the old one is enabled.
commit 8edd3d2b6c43bd5eb64d79177e6e4c44ca4fc618 Author: Nick MathewsonDate: Wed Nov 23 08:02:48 2016 -0500 Don't call into the new guard algorithm when the old one is enabled. (I'm surprised that these are the only bugs I ran into when I tested running with the old algorithm again!) --- src/or/circuitbuild.c | 5 - src/or/circuituse.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 2f4ce7a..16b53f6 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -965,7 +965,10 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) if (!hop) { /* done building the circuit. whew. */ int r; - if (! circ->guard_state) { + if (get_options()->UseDeprecatedGuardAlgorithm) { +// The circuit is usable; we already marked the guard as okay. +r = 1; + } else if (! circ->guard_state) { if (circuit_get_cpath_len(circ) != 1) { log_warn(LD_BUG, "%d-hop circuit %p with purpose %d has no " "guard state", diff --git a/src/or/circuituse.c b/src/or/circuituse.c index d2a7f20..b9f94fb 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1633,7 +1633,8 @@ circuit_build_failed(origin_circuit_t *circ) "Our circuit died before the first hop with no connection"); } if (n_chan_id && !already_marked) { - entry_guard_failed(get_guard_selection_info(), >guard_state); + if (circ->guard_state) +entry_guard_failed(get_guard_selection_info(), >guard_state); /* prop271 -- old API */ entry_guard_register_connect_status(n_chan_id, 0, 1, time(NULL)); /* if there are any one-hop streams waiting on this circuit, fail ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add a wrapper for a common networkstatus param pattern
commit 039bd01767d42961cb16ff4914481332b52cf8db Author: Nick MathewsonDate: Sat Nov 26 09:22:04 2016 -0500 Add a wrapper for a common networkstatus param pattern We frequently want to check a networkstatus parameter only when it isn't overridden from the torrc file. --- src/or/networkstatus.c | 19 +++ src/or/networkstatus.h | 5 + src/test/test_dir.c| 9 + 3 files changed, 33 insertions(+) diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index ec8f77f..ce23d67 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -2304,6 +2304,25 @@ networkstatus_get_param(const networkstatus_t *ns, const char *param_name, } /** + * As networkstatus_get_param(), but check torrc_value before checking the + * consensus. If torrc_value is in-range, then return it instead of the + * value from the consensus. + */ +int32_t +networkstatus_get_overridable_param(const networkstatus_t *ns, +int32_t torrc_value, +const char *param_name, +int32_t default_val, +int32_t min_val, int32_t max_val) +{ + if (torrc_value >= min_val && torrc_value <= max_val) +return torrc_value; + else +return networkstatus_get_param( + ns, param_name, default_val, min_val, max_val); +} + +/** * Retrieve the consensus parameter that governs the * fixed-point precision of our network balancing 'bandwidth-weights' * (which are themselves integer consensus values). We divide them diff --git a/src/or/networkstatus.h b/src/or/networkstatus.h index 71f36b6..4b3854d 100644 --- a/src/or/networkstatus.h +++ b/src/or/networkstatus.h @@ -111,6 +111,11 @@ int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val); +int32_t networkstatus_get_overridable_param(const networkstatus_t *ns, +int32_t torrc_value, +const char *param_name, +int32_t default_val, +int32_t min_val, int32_t max_val); int getinfo_helper_networkstatus(control_connection_t *conn, const char *question, char **answer, const char **errmsg); diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 4501d6b..4ef421f 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -1494,6 +1494,15 @@ test_dir_param_voting(void *arg) tt_int_op(-8,OP_EQ, networkstatus_get_param(, "ab", -12, -100, -8)); tt_int_op(0,OP_EQ, networkstatus_get_param(, "foobar", 0, -100, 8)); + tt_int_op(100,OP_EQ, networkstatus_get_overridable_param( +, -1, "x-yz", 50, 0, 300)); + tt_int_op(30,OP_EQ, networkstatus_get_overridable_param( +, 30, "x-yz", 50, 0, 300)); + tt_int_op(0,OP_EQ, networkstatus_get_overridable_param( +, -101, "foobar", 0, -100, 8)); + tt_int_op(-99,OP_EQ, networkstatus_get_overridable_param( +, -99, "foobar", 0, -100, 8)); + smartlist_add(votes, ); /* Do the first tests without adding all the other votes, for ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Mark confirmed guards primary as appropriate.
commit 9493711077a0de1a704657b9645f0127e77455ed Author: Nick MathewsonDate: Sun Nov 27 13:19:54 2016 -0500 Mark confirmed guards primary as appropriate. If a guard becomes primary as a result of confirming it, consider the circuit through that guard as a primary circuit. Also, note open questions on behavior when confirming nonprimary guards --- src/or/entrynodes.c | 16 +++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index f1fe9f1..0650cbe 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1384,6 +1384,8 @@ entry_guards_note_guard_success(guard_selection_t *gs, if (guard->confirmed_idx < 0) { make_guard_confirmed(gs, guard); +if (!gs->primary_guards_up_to_date) + entry_guards_update_primary(gs); } unsigned new_state; @@ -1392,7 +1394,19 @@ entry_guards_note_guard_success(guard_selection_t *gs, } else { tor_assert_nonfatal( old_state == GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD); -new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; + +if (guard->is_primary) { + /* prop271 -- I don't actually like this logic. It seems to make us + * a little more susceptible to evil-ISP attacks. The mitigations I'm + * thinking of, however, aren't local to this point, so I'll leave it + * alone. */ + /* This guard may have become primary by virtue of being confirmed. +If so, the circuit for it is now complete. + */ + new_state = GUARD_CIRC_STATE_COMPLETE; +} else { + new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; +} if (last_time_on_internet + get_internet_likely_down_interval() < approx_time()) { ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Test get_guard_selection_by_name
commit a7bc73935b030100b0d7b9f39c5dec5ef6eb0a85 Author: Nick MathewsonDate: Wed Nov 23 15:08:07 2016 -0500 Test get_guard_selection_by_name --- src/or/entrynodes.c| 2 +- src/or/entrynodes.h| 2 ++ src/test/test_entrynodes.c | 48 ++ 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 860be9b..cf35b02 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -201,7 +201,7 @@ guard_selection_new(const char *name) * create_if_absent is true, then create and return it. If there * is none, and create_if_absent is false, then return NULL. */ -static guard_selection_t * +STATIC guard_selection_t * get_guard_selection_by_name(const char *name, int create_if_absent) { if (!guard_contexts) { diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index a514c13..285664d 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -416,6 +416,8 @@ int num_bridges_usable(void); // -- these functions and definitions are post-prop271. HANDLE_DECL(entry_guard, entry_guard_t, STATIC) STATIC guard_selection_t *guard_selection_new(const char *name); +STATIC guard_selection_t *get_guard_selection_by_name( +const char *name, int create_if_absent); STATIC void guard_selection_free(guard_selection_t *gs); STATIC entry_guard_t *get_sampled_guard_with_id(guard_selection_t *gs, const uint8_t *rsa_id); diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index cdf8672..785503b 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -1236,6 +1236,52 @@ test_entry_guard_parse_from_state_partial_failure(void *arg) } static void +test_entry_guard_get_guard_selection_by_name(void *arg) +{ + (void)arg; + guard_selection_t *gs1, *gs2, *gs3; + + gs1 = get_guard_selection_by_name("unlikely", 0); + tt_assert(gs1 == NULL); + gs1 = get_guard_selection_by_name("unlikely", 1); + tt_assert(gs1 != NULL); + gs2 = get_guard_selection_by_name("unlikely", 1); + tt_assert(gs2 == gs1); + gs2 = get_guard_selection_by_name("unlikely", 0); + tt_assert(gs2 == gs1); + + gs2 = get_guard_selection_by_name("implausible", 0); + tt_assert(gs2 == NULL); + gs2 = get_guard_selection_by_name("implausible", 1); + tt_assert(gs2 != NULL); + tt_assert(gs2 != gs1); + gs3 = get_guard_selection_by_name("implausible", 0); + tt_assert(gs3 == gs2); + + gs3 = get_guard_selection_by_name("default", 0); + tt_assert(gs3 == NULL); + gs3 = get_guard_selection_by_name("default", 1); + tt_assert(gs3 != NULL); + tt_assert(gs3 != gs2); + tt_assert(gs3 != gs1); + tt_assert(gs3 == get_guard_selection_info()); + +#if 0 + or_options_t *options = get_options_mutable(); + options->UseDeprecatedGuardAlgorithm = 1; + gs4 = get_guard_selection_info(); + tt_assert(gs4 != gs3); + tt_assert(gs4 == get_guard_selection_by_name("legacy", 1)); + + options->UseDeprecatedGuardAlgorithm = 0; + tt_assert(gs3 == get_guard_selection_info()); +#endif + + done: + entry_guards_free_all(); +} + +static void test_entry_guard_add_single_guard(void *arg) { (void)arg; @@ -2245,6 +2291,8 @@ struct testcase_t entrynodes_tests[] = { test_entry_guard_parse_from_state_failure, 0, NULL, NULL }, { "parse_from_state_partial_failure", test_entry_guard_parse_from_state_partial_failure, 0, NULL, NULL }, + { "get_guard_selection_by_name", +test_entry_guard_get_guard_selection_by_name, TT_FORK, NULL, NULL }, BFN_TEST(add_single_guard), BFN_TEST(node_filter), BFN_TEST(expand_sample), ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Use the new guard notification/selection APIs throughout Tor
commit dbbaa515183e250e20c40fa7b4c00df9487058fa Author: Nick MathewsonDate: Mon Nov 21 17:23:25 2016 -0500 Use the new guard notification/selection APIs throughout Tor This patch doesn't cover every case; omitted cases are marked with " prop271", as usual. It leaves both the old interface and the new interface for guard status notification, since they don't actually work in the same way: the new API wants to be told when a circuit has failed or succeeded, whereas the old API wants to know when a channel has failed or succeeded. I ran into some trouble with directory guard stuff, since when we pick the directory guard, we don't actually have a circuit to associate it with. I solved that by allowing guard states to be associated with directory connections, not just circuits. --- src/or/bridges.c | 2 ++ src/or/channel.c | 1 + src/or/circuitbuild.c | 75 ++ src/or/circuitbuild.h | 6 +++- src/or/circuitlist.c | 42 +++- src/or/circuitlist.h | 2 ++ src/or/circuituse.c| 2 ++ src/or/connection.c| 1 + src/or/connection_or.c | 6 src/or/directory.c | 74 +++-- src/or/directory.h | 6 ++-- src/or/entrynodes.c| 60 src/or/entrynodes.h| 2 +- src/or/main.c | 5 +++- src/or/or.h| 4 +++ src/or/rendclient.c| 2 +- src/or/rendservice.c | 2 +- src/or/routerlist.c| 4 +-- src/test/test_dir.c| 8 -- 19 files changed, 268 insertions(+), 36 deletions(-) diff --git a/src/or/bridges.c b/src/or/bridges.c index 508c77f..2170cc6 100644 --- a/src/or/bridges.c +++ b/src/or/bridges.c @@ -724,6 +724,7 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) from_cache ? "cached" : "fresh", router_describe(ri)); /* set entry->made_contact so if it goes down we don't drop it from * our entry node list */ + // prop271 use new interface here when we hit bridges? entry_guard_register_connect_status(ri->cache_info.identity_digest, 1, 0, now); if (first) { @@ -743,6 +744,7 @@ int any_bridge_descriptors_known(void) { tor_assert(get_options()->UseBridges); + // prop271 this needs to get fixed. -- bridges return choose_random_entry(NULL) != NULL; } diff --git a/src/or/channel.c b/src/or/channel.c index af58107..1e3e99c 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -2538,6 +2538,7 @@ channel_do_open_actions(channel_t *chan) if (started_here) { circuit_build_times_network_is_live(get_circuit_build_times_mutable()); rep_hist_note_connect_succeeded(chan->identity_digest, now); +// prop271 this call is no longer useful with the new algorithm. if (entry_guard_register_connect_status( chan->identity_digest, 1, 0, now) < 0) { /* Close any circuits pending on this channel. We leave it in state diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index a33c2ca..2f4ce7a 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -964,7 +964,35 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) memset(, 0, sizeof(ec)); if (!hop) { /* done building the circuit. whew. */ - circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_OPEN); + int r; + if (! circ->guard_state) { +if (circuit_get_cpath_len(circ) != 1) { + log_warn(LD_BUG, "%d-hop circuit %p with purpose %d has no " + "guard state", + circuit_get_cpath_len(circ), circ, circ->base_.purpose); +} +r = 1; + } else { +r = entry_guard_succeeded(get_guard_selection_info(), + >guard_state); + } + const int is_usable_for_streams = (r == 1); + if (r == 1) { +circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_OPEN); + } else if (r == 0) { +// prop271 we might want to probe for whether this +// one is ready even before the next second rolls over. +circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_GUARD_WAIT); + } else { +return - END_CIRC_REASON_INTERNAL; + } + + /* prop271 -- the rest of this branch needs careful thought! + * Some of the things here need to happen when a circuit becomes + * mechanically open; some need to happen when it is actually usable. + * I think I got them right, but more checking would be wise. -NM + */ + if (circuit_timeout_want_to_count_circ(circ)) { struct timeval end; long timediff; @@ -1006,7 +1034,8 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) pathbias_count_build_success(circ); circuit_rep_hist_note_result(circ); -
[tor-commits] [tor/master] Fix pathbias interactions with entry guards
commit d98b9b6d65946e14ee325327d5beac1a60ace6cc Author: Nick MathewsonDate: Tue Nov 22 15:30:12 2016 -0500 Fix pathbias interactions with entry guards entry_guard_get_by_id_digest() was always returning NULL, which was causing "adventure" and "fun" --- src/or/entrynodes.c | 5 + 1 file changed, 5 insertions(+) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index f1fc055..81751f5 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -2351,6 +2351,11 @@ entry_guard_get_by_id_digest_for_guard_selection(guard_selection_t *gs, { tor_assert(gs != NULL); + SMARTLIST_FOREACH(gs->sampled_entry_guards, entry_guard_t *, entry, +if (tor_memeq(digest, entry->identity, DIGEST_LEN)) + return entry; + ); + SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, entry, if (tor_memeq(digest, entry->identity, DIGEST_LEN)) return entry; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Rebuild the guard lists as appropriate on torrc change.
commit 897626953b15ac216d27b3814804524caa9fdd1c Author: Nick MathewsonDate: Wed Nov 23 09:09:30 2016 -0500 Rebuild the guard lists as appropriate on torrc change. (Also, prepare to tie guard changes into the mark-all-old-circuits logic.) --- src/or/config.c | 43 +++ src/or/entrynodes.c | 17 - src/or/entrynodes.h | 4 ++-- src/or/main.c | 5 - 4 files changed, 61 insertions(+), 8 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index f77f4d1..b7b5cff 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1561,6 +1561,36 @@ options_transition_requires_fresh_tls_context(const or_options_t *old_options, return 0; } +/** + * Return true if changing the configuration from old to new + * affects the guard susbsystem. + */ +static int +options_transition_affects_guards(const or_options_t *old, + const or_options_t *new) +{ + /* NOTE: Make sure this function stays in sync with + * entry_guards_set_filtered_flags */ + + tor_assert(old); + tor_assert(new); + + return +(old->UseEntryGuards != new->UseEntryGuards || + old->UseDeprecatedGuardAlgorithm != new->UseDeprecatedGuardAlgorithm || + old->UseBridges != new->UseBridges || + old->UseEntryGuards != new->UseEntryGuards || + old->ClientUseIPv4 != new->ClientUseIPv4 || + old->ClientUseIPv6 != new->ClientUseIPv6 || + old->FascistFirewall != new->FascistFirewall || + !routerset_equal(old->ExcludeNodes, new->ExcludeNodes) || + !routerset_equal(old->EntryNodes, new->EntryNodes) || + !smartlist_strings_eq(old->FirewallPorts, new->FirewallPorts) || + !config_lines_eq(old->Bridges, new->Bridges) || + !config_lines_eq(old->ReachableORAddresses, new->ReachableORAddresses) || + !config_lines_eq(old->ReachableDirAddresses, new->ReachableDirAddresses)); +} + /** Fetch the active option list, and take actions based on it. All of the * things we do should survive being done repeatedly. If present, * old_options contains the previous value of the options. @@ -1580,6 +1610,8 @@ options_act(const or_options_t *old_options) const int transition_affects_workers = old_options && options_transition_affects_workers(old_options, options); int old_ewma_enabled; + const int transition_affects_guards = +old_options && options_transition_affects_guards(old_options, options); /* disable ptrace and later, other basic debugging techniques */ { @@ -1875,6 +1907,7 @@ options_act(const or_options_t *old_options) if (old_options) { int revise_trackexithosts = 0; int revise_automap_entries = 0; +int abandon_circuits = 0; if ((options->UseEntryGuards && !old_options->UseEntryGuards) || options->UseBridges != old_options->UseBridges || (options->UseBridges && @@ -1891,6 +1924,16 @@ options_act(const or_options_t *old_options) "Changed to using entry guards or bridges, or changed " "preferred or excluded node lists. " "Abandoning previous circuits."); + abandon_circuits = 1; +} + +if (transition_affects_guards) { + if (guards_update_all()) { +abandon_circuits = 1; + } +} + +if (abandon_circuits) { circuit_mark_all_unused_circs(); circuit_mark_all_dirty_circs_as_unusable(); revise_trackexithosts = 1; diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 81751f5..9a753e6 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -91,7 +91,7 @@ * * [x] Whenever we get a new consensus, call update_from_consensus(). (LATER.) * - * [ ] Whenever the configuration changes in a relevant way, update the + * [x] Whenever the configuration changes in a relevant way, update the * filtered/usable flags. (LATER.) * * [x] Whenever we add a guard to the sample, make sure its filtered/usable @@ -696,6 +696,9 @@ static int node_passes_guard_filter(const or_options_t *options, guard_selection_t *gs, const node_t *node) { + /* NOTE: Make sure that this function stays in sync with + * options_transition_affects_entry_guards */ + (void)gs; if (routerset_contains_node(options->ExcludeNodes, node)) return 0; @@ -1636,14 +1639,16 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, /** * Update all derived pieces of the guard selection state in gs. + * Return true iff we should stop using all previously generated circuits. */ -void +int entry_guards_update_all(guard_selection_t *gs) { sampled_guards_update_from_consensus(gs); entry_guards_update_filtered_sets(gs); entry_guards_update_confirmed(gs); entry_guards_update_primary(gs); + return 0; } /** @@ -4020,14 +4025,16 @@ entries_retry_all(const or_options_t *options) } /** Helper: Update the status of all entry guards, in whatever algorithm -is used. */ -void + * is used.
[tor-commits] [tor/master] Maintain a list of all the origin circuits.
commit de617a471442342fc2abafdde4e250fd31eb45ac Author: Nick MathewsonDate: Tue Nov 22 09:05:52 2016 -0500 Maintain a list of all the origin circuits. We'll want this for upgrading waiting circuits. --- src/or/circuitlist.c | 39 +++ src/or/or.h | 4 2 files changed, 43 insertions(+) diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 0189412..c274534 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -85,6 +85,10 @@ /** A global list of all circuits at this hop. */ static smartlist_t *global_circuitlist = NULL; +/** A global list of all origin circuits. Every element of this is also + * an element of global_circuitlist. */ +static smartlist_t *global_origin_circuit_list = NULL; + /** A list of all the circuits in CIRCUIT_STATE_CHAN_WAIT. */ static smartlist_t *circuits_pending_chans = NULL; @@ -523,6 +527,19 @@ circuit_close_all_marked(void) } circ->global_circuitlist_idx = -1; +/* Remove it from the origin circuit list, if appropriate. */ +if (CIRCUIT_IS_ORIGIN(circ)) { + origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ); + int origin_idx = origin_circ->global_origin_circuit_list_idx; + smartlist_del(global_origin_circuit_list, origin_idx); + if (origin_idx < smartlist_len(global_origin_circuit_list)) { +origin_circuit_t *replacement = + smartlist_get(global_origin_circuit_list, origin_idx); +replacement->global_origin_circuit_list_idx = origin_idx; + } + origin_circ->global_origin_circuit_list_idx = -1; +} + circuit_about_to_free(circ); circuit_free(circ); } SMARTLIST_FOREACH_END(circ); @@ -780,6 +797,13 @@ origin_circuit_new(void) init_circuit_base(TO_CIRCUIT(circ)); + /* Add to origin-list. */ + if (!global_origin_circuit_list) +global_origin_circuit_list = smartlist_new(); + smartlist_add(global_origin_circuit_list, circ); + circ->global_origin_circuit_list_idx = +smartlist_len(global_origin_circuit_list) - 1; + circuit_build_times_update_last_circ(get_circuit_build_times_mutable()); return circ; @@ -837,6 +861,18 @@ circuit_free(circuit_t *circ) mem = ocirc; memlen = sizeof(origin_circuit_t); tor_assert(circ->magic == ORIGIN_CIRCUIT_MAGIC); + +if (ocirc->global_origin_circuit_list_idx != -1) { + int idx = ocirc->global_origin_circuit_list_idx; + origin_circuit_t *c2 = smartlist_get(global_origin_circuit_list, idx); + tor_assert(c2 == ocirc); + smartlist_del(global_origin_circuit_list, idx); + if (idx < smartlist_len(global_origin_circuit_list)) { +c2 = smartlist_get(global_origin_circuit_list, idx); +c2->global_origin_circuit_list_idx = idx; + } +} + if (ocirc->build_state) { extend_info_free(ocirc->build_state->chosen_exit); circuit_free_cpath_node(ocirc->build_state->pending_final_cpath); @@ -977,6 +1013,9 @@ circuit_free_all(void) smartlist_free(lst); global_circuitlist = NULL; + smartlist_free(global_origin_circuit_list); + global_origin_circuit_list = NULL; + smartlist_free(circuits_pending_chans); circuits_pending_chans = NULL; diff --git a/src/or/or.h b/src/or/or.h index 8282731..c8f39f9 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3157,6 +3157,10 @@ typedef struct origin_circuit_t { * whether this circuit can be used. */ struct circuit_guard_state_t *guard_state; + /** Index into global_origin_circuit_list for this circuit. -1 if not + * present. */ + int global_origin_circuit_list_idx; + /** How many more relay_early cells can we send on this circuit, according * to the specification? */ unsigned int remaining_relay_early_cells : 4; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make entry_guard_t opaque to circpathbias.c
commit f66f9c82e9b8aaac04dc01ee3bbcf60019864c9b Author: Nick MathewsonDate: Mon Nov 14 12:57:05 2016 -0500 Make entry_guard_t opaque to circpathbias.c This was a relatively mechanical change. First, I added an accessor function for the pathbias-state field of a guard. Then I did a search-and-replace in circpathbias.c to replace "guard->pb." with "pb->". Finally, I made sure that "pb" was declared whenever it was needed. --- src/or/circpathbias.c | 249 +++--- src/or/entrynodes.c | 7 ++ src/or/entrynodes.h | 3 +- 3 files changed, 143 insertions(+), 116 deletions(-) diff --git a/src/or/circpathbias.c b/src/or/circpathbias.c index 7a9af82..3df68b8 100644 --- a/src/or/circpathbias.c +++ b/src/or/circpathbias.c @@ -21,9 +21,6 @@ * each guard, and stored persistently in the state file. */ -/* prop271 I would like to remove this. */ -#define ENTRYNODES_EXPOSE_STRUCT - #include "or.h" #include "channel.h" #include "circpathbias.h" @@ -54,18 +51,20 @@ static int entry_guard_inc_circ_attempt_count(entry_guard_t *guard); static int entry_guard_inc_circ_attempt_count(entry_guard_t *guard) { + guard_pathbias_t *pb = entry_guard_get_pathbias_state(guard); + entry_guards_changed(); pathbias_measure_close_rate(guard); - if (guard->pb.path_bias_disabled) + if (pb->path_bias_disabled) return -1; pathbias_scale_close_rates(guard); - guard->pb.circ_attempts++; + pb->circ_attempts++; log_info(LD_CIRC, "Got success count %f/%f for guard %s", - guard->pb.circ_successes, guard->pb.circ_attempts, + pb->circ_successes, pb->circ_attempts, entry_guard_describe(guard)); return 0; } @@ -516,13 +515,15 @@ pathbias_count_build_success(origin_circuit_t *circ) } if (guard) { + guard_pathbias_t *pb = entry_guard_get_pathbias_state(guard); + if (circ->path_state == PATH_STATE_BUILD_ATTEMPTED) { circ->path_state = PATH_STATE_BUILD_SUCCEEDED; -guard->pb.circ_successes++; +pb->circ_successes++; entry_guards_changed(); log_info(LD_CIRC, "Got success count %f/%f for guard %s", - guard->pb.circ_successes, guard->pb.circ_attempts, + pb->circ_successes, pb->circ_attempts, entry_guard_describe(guard)); } else { if ((rate_msg = rate_limit_log(_notice_limit, @@ -538,10 +539,10 @@ pathbias_count_build_success(origin_circuit_t *circ) } } - if (guard->pb.circ_attempts < guard->pb.circ_successes) { + if (pb->circ_attempts < pb->circ_successes) { log_notice(LD_BUG, "Unexpectedly high successes counts (%f/%f) " "for guard %s", - guard->pb.circ_successes, guard->pb.circ_attempts, + pb->circ_successes, pb->circ_attempts, entry_guard_describe(guard)); } /* In rare cases, CIRCUIT_PURPOSE_TESTING can get converted to @@ -585,8 +586,6 @@ pathbias_count_build_success(origin_circuit_t *circ) void pathbias_count_use_attempt(origin_circuit_t *circ) { - entry_guard_t *guard; - if (!pathbias_should_count(circ)) { return; } @@ -599,18 +598,20 @@ pathbias_count_use_attempt(origin_circuit_t *circ) circuit_purpose_to_string(circ->base_.purpose), circuit_state_to_string(circ->base_.state)); } else if (circ->path_state < PATH_STATE_USE_ATTEMPTED) { -guard = entry_guard_get_by_id_digest( +entry_guard_t *guard = entry_guard_get_by_id_digest( circ->cpath->extend_info->identity_digest); if (guard) { + guard_pathbias_t *pb = entry_guard_get_pathbias_state(guard); + pathbias_measure_use_rate(guard); pathbias_scale_use_rates(guard); - guard->pb.use_attempts++; + pb->use_attempts++; entry_guards_changed(); log_debug(LD_CIRC, "Marked circuit %d (%f/%f) as used for guard %s.", circ->global_identifier, - guard->pb.use_successes, guard->pb.use_attempts, + pb->use_successes, pb->use_attempts, entry_guard_describe(guard)); } @@ -713,20 +714,22 @@ pathbias_count_use_success(origin_circuit_t *circ) guard = entry_guard_get_by_id_digest( circ->cpath->extend_info->identity_digest); if (guard) { - guard->pb.use_successes++; + guard_pathbias_t *pb = entry_guard_get_pathbias_state(guard); + + pb->use_successes++; entry_guards_changed(); - if (guard->pb.use_attempts < guard->pb.use_successes) { + if (pb->use_attempts < pb->use_successes) { log_notice(LD_BUG, "Unexpectedly high use successes counts (%f/%f) " "for guard %s", - guard->pb.use_successes, guard->pb.use_attempts, + pb->use_successes, pb->use_attempts,
[tor-commits] [tor/master] Make sure primary-guards are up-to-date when we inspect them.
commit ac67819396ac9e96c3dd65a5b5b23715e11eeec5 Author: Nick MathewsonDate: Wed Nov 23 10:04:23 2016 -0500 Make sure primary-guards are up-to-date when we inspect them. (Plus some magic to prevent and detect recursive invocation of entry_guards_update_primary(), since that can cause some pretty tricky misbehavior.) --- src/or/entrynodes.c| 58 +- src/or/entrynodes.h| 8 +++ src/test/test_entrynodes.c | 3 ++- 3 files changed, 52 insertions(+), 17 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 9a753e6..bd30078 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -79,9 +79,6 @@ **/ /* DOCDOC -- expand this. * - * prop271 -- make sure we check all of these properties everywhere we - * should. - * * Information invariants: * * [x] whenever a guard becomes unreachable, clear its usable_filtered flag. @@ -100,11 +97,11 @@ * [x] Whenever we remove a guard from the sample, remove it from the primary * and confirmed lists. * - * [ ] When we make a guard confirmed, update the primary list. + * [x] When we make a guard confirmed, update the primary list. * - * [ ] When we make a guard filtered or unfiltered, update the primary list. + * [x] When we make a guard filtered or unfiltered, update the primary list. * - * [ ] When we are about to pick a guard, make sure that the primary list is + * [x] When we are about to pick a guard, make sure that the primary list is * full. * * [x] Before calling sample_reachable_filtered_entry_guards(), make sure @@ -682,9 +679,12 @@ sampled_guards_update_from_consensus(guard_selection_t *gs) } SMARTLIST_FOREACH_END(guard); if (n_changes) { -/* Regnerate other things. XX prop271 */ -// prop271 rebuild confirmed list. +gs->primary_guards_up_to_date = 0; entry_guards_update_filtered_sets(gs); +/* We don't need to rebuild the confirmed list right here -- we may have + * removed confirmed guards above, but we can't have added any new + * confirmed guards. + */ entry_guards_changed_for_guard_selection(gs); } } @@ -749,6 +749,7 @@ entry_guard_set_filtered_flags(const or_options_t *options, guard_selection_t *gs, entry_guard_t *guard) { + unsigned was_filtered = guard->is_filtered_guard; guard->is_filtered_guard = 0; guard->is_usable_filtered_guard = 0; @@ -763,6 +764,11 @@ entry_guard_set_filtered_flags(const or_options_t *options, log_debug(LD_GUARD, "Updated sampled guard %s: filtered=%d; " "reachable_filtered=%d.", entry_guard_describe(guard), guard->is_filtered_guard, guard->is_usable_filtered_guard); + + if (!bool_eq(was_filtered, guard->is_filtered_guard)) { +/* This guard might now be primary or nonprimary. */ +gs->primary_guards_up_to_date = 0; + } } /** @@ -795,6 +801,7 @@ sample_reachable_filtered_entry_guards(guard_selection_t *gs, const unsigned exclude_confirmed = flags & SAMPLE_EXCLUDE_CONFIRMED; const unsigned exclude_primary = flags & SAMPLE_EXCLUDE_PRIMARY; const unsigned exclude_pending = flags & SAMPLE_EXCLUDE_PENDING; + const unsigned no_update_primary = flags & SAMPLE_NO_UPDATE_PRIMARY; SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { entry_guard_consider_retry(guard); @@ -810,6 +817,9 @@ sample_reachable_filtered_entry_guards(guard_selection_t *gs, entry_guards_expand_sample(gs); } + if (exclude_primary && !gs->primary_guards_up_to_date && !no_update_primary) +entry_guards_update_primary(gs); + /* Build the set of reachable filtered guards. */ smartlist_t *reachable_filtered_sample = smartlist_new(); SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { @@ -908,24 +918,34 @@ make_guard_confirmed(guard_selection_t *gs, entry_guard_t *guard) guard->confirmed_idx = gs->next_confirmed_idx++; smartlist_add(gs->confirmed_entry_guards, guard); + // This confirmed guard might kick something else out of the primary + // guards. + gs->primary_guards_up_to_date = 0; + entry_guards_changed_for_guard_selection(gs); } /** * Recalculate the list of primary guards (the ones we'd prefer to use) from * the filtered sample and the confirmed list. - * - * X prop271 are calling this enough ??? */ STATIC void entry_guards_update_primary(guard_selection_t *gs) { tor_assert(gs); + // prevent recursion. Recursion is potentially very bad here. + static int running = 0; + tor_assert(!running); + running = 1; + smartlist_t *new_primary_guards = smartlist_new(); smartlist_t *old_primary_guards = smartlist_new(); smartlist_add_all(old_primary_guards, gs->primary_entry_guards); + /* Set this flag now, to prevent the calls below from recursing. */ + gs->primary_guards_up_to_date = 1; + /* First,
[tor-commits] [tor/master] Make pathbias fields persistent for new guards
commit 783fa2f58637f896d5476d907aa460cae067e51a Author: Nick MathewsonDate: Tue Nov 22 15:12:31 2016 -0500 Make pathbias fields persistent for new guards --- src/or/entrynodes.c | 173 1 file changed, 133 insertions(+), 40 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 4e32154..f1fc055 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -156,6 +156,8 @@ static const node_t *choose_random_entry_impl(guard_selection_t *gs, static void entry_guard_set_filtered_flags(const or_options_t *options, guard_selection_t *gs, entry_guard_t *guard); +static void pathbias_check_use_success_count(entry_guard_t *guard); +static void pathbias_check_close_success_count(entry_guard_t *guard); /** Return 0 if we should apply guardfraction information found in the * consensus. A specific consensus can be specified with the @@ -1694,6 +1696,30 @@ entry_guard_encode_for_state(entry_guard_t *guard) smartlist_add_asprintf(result, "confirmed_idx=%d", guard->confirmed_idx); } + const double EPSILON = 1.0e-6; + + /* Make a copy of the pathbias object, since we will want to update + some of them */ + guard_pathbias_t *pb = tor_memdup(>pb, sizeof(*pb)); + pb->use_successes = pathbias_get_use_success_count(guard); + pb->successful_circuits_closed = pathbias_get_close_success_count(guard); + + #define PB_FIELD(field) do { \ + if (pb->field >= EPSILON) { \ +smartlist_add_asprintf(result, "pb_" #field "=%f", pb->field); \ + } \ +} while (0) + PB_FIELD(use_attempts); + PB_FIELD(use_successes); + PB_FIELD(circ_attempts); + PB_FIELD(circ_successes); + PB_FIELD(successful_circuits_closed); + PB_FIELD(collapsed_circuits); + PB_FIELD(unusable_circuits); + PB_FIELD(timeouts); + tor_free(pb); +#undef PB_FIELD + if (guard->extra_state_fields) smartlist_add_strdup(result, guard->extra_state_fields); @@ -1726,21 +1752,42 @@ entry_guard_parse_from_state(const char *s) char *confirmed_on = NULL; char *confirmed_idx = NULL; + // pathbias + char *pb_use_attempts = NULL; + char *pb_use_successes = NULL; + char *pb_circ_attempts = NULL; + char *pb_circ_successes = NULL; + char *pb_successful_circuits_closed = NULL; + char *pb_collapsed_circuits = NULL; + char *pb_unusable_circuits = NULL; + char *pb_timeouts = NULL; + /* Split up the entries. Put the ones we know about in strings and the * rest in "extra". */ { smartlist_t *entries = smartlist_new(); strmap_t *vals = strmap_new(); // Maps keyword to location -strmap_set(vals, "in", ); -strmap_set(vals, "rsa_id", _id); -strmap_set(vals, "nickname", ); -strmap_set(vals, "sampled_on", _on); -strmap_set(vals, "sampled_by", _by); -strmap_set(vals, "unlisted_since", _since); -strmap_set(vals, "listed", ); -strmap_set(vals, "confirmed_on", _on); -strmap_set(vals, "confirmed_idx", _idx); +#define FIELD(f) \ +strmap_set(vals, #f, ); +FIELD(in); +FIELD(rsa_id); +FIELD(nickname); +FIELD(sampled_on); +FIELD(sampled_by); +FIELD(unlisted_since); +FIELD(listed); +FIELD(confirmed_on); +FIELD(confirmed_idx); +FIELD(pb_use_attempts); +FIELD(pb_use_successes); +FIELD(pb_circ_attempts); +FIELD(pb_circ_successes); +FIELD(pb_successful_circuits_closed); +FIELD(pb_collapsed_circuits); +FIELD(pb_unusable_circuits); +FIELD(pb_timeouts); +#undef FIELD smartlist_split_string(entries, s, " ", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); @@ -1848,7 +1895,7 @@ entry_guard_parse_from_state(const char *s) int ok=1; long idx = tor_parse_long(confirmed_idx, 10, 0, INT_MAX, , NULL); if (! ok) { - log_warn(LD_CIRC, "Guard has invalid confirmed_idx %s", + log_warn(LD_GUARD, "Guard has invalid confirmed_idx %s", escaped(confirmed_idx)); } else { guard->confirmed_idx = (int)idx; @@ -1863,7 +1910,34 @@ entry_guard_parse_from_state(const char *s) /* initialize non-persistent fields */ guard->is_reachable = GUARD_REACHABLE_MAYBE; - /* prop271 Update everything on this guard. */ +#define PB_FIELD(field) \ + do { \ +if (pb_ ## field) { \ + int ok = 1; \ + double r = tor_parse_double(pb_ ## field, 0.0, 1e9, , NULL); \ + if (! ok) { \ +log_warn(LD_CIRC, "Guard has invalid pb_%s %s", \
[tor-commits] [tor/master] Function to cancel a guard state.
commit 8e43398986313f31bfda53aa798263972bf24c11 Author: Nick MathewsonDate: Tue Nov 22 10:03:18 2016 -0500 Function to cancel a guard state. We'll want to use this if we allocate a guard state then decide, "whoops, we don't want to use this." --- src/or/entrynodes.c | 23 +++ src/or/entrynodes.h | 2 ++ 2 files changed, 25 insertions(+) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index cda5540..24a3448 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1347,6 +1347,29 @@ entry_guard_succeeded(guard_selection_t *gs, } } +/** Cancel the selection of *guard_state_p without declaring + * success or failure. It is safe to call this function if success or + * failure _has_ already been declared. */ +void +entry_guard_cancel(guard_selection_t *gs, + circuit_guard_state_t **guard_state_p) +{ + (void) gs; + if (get_options()->UseDeprecatedGuardAlgorithm) +return; + if (BUG(*guard_state_p == NULL)) +return; + entry_guard_t *guard = entry_guard_handle_get((*guard_state_p)->guard); + if (! guard) +return; + + /* prop271 -- last_tried_to_connect_at will be erroneous here, but this + * function will only get called in "bug" cases anyway. */ + guard->is_pending = 0; + circuit_guard_state_free(*guard_state_p); + *guard_state_p = NULL; +} + /** * Called by the circuit building module when a circuit has succeeded: * informs the guards code that the guard in *guard_state_p is diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 7119d54..60191ab 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -322,6 +322,8 @@ int entry_guard_succeeded(guard_selection_t *gs, circuit_guard_state_t **guard_state_p); void entry_guard_failed(guard_selection_t *gs, circuit_guard_state_t **guard_state_p); +void entry_guard_cancel(guard_selection_t *gs, +circuit_guard_state_t **guard_state_p); void entry_guard_chan_failed(guard_selection_t *gs, channel_t *chan); void entry_guards_update_all(guard_selection_t *gs); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] New entry_guard_chan_failed function
commit af1918d28999c2c38ace984296927d9244c7c7b1 Author: Nick MathewsonDate: Mon Nov 21 17:18:35 2016 -0500 New entry_guard_chan_failed function To be called when an entire channel has failed: tell any/all circuits pending for the guard of that channel that they have failed. --- src/or/entrynodes.c | 26 +- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 4a99897..2b6fd51 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -124,6 +124,7 @@ #include "bridges.h" #include "circpathbias.h" #include "circuitbuild.h" +#include "circuitlist.h" #include "circuitstats.h" #include "config.h" #include "confparse.h" @@ -1371,7 +1372,30 @@ entry_guard_failed(guard_selection_t *gs, (*guard_state_p)->state = GUARD_CIRC_STATE_DEAD; (*guard_state_p)->state_set_at = approx_time(); - return 0; +/** + * Run the entry_guard_failed() function on every circuit that is + * pending on chan. + */ +void +entry_guard_chan_failed(guard_selection_t *gs, +channel_t *chan) +{ + tor_assert(gs); + if (!chan) +return; + if (get_options()->UseDeprecatedGuardAlgorithm) +return; + + smartlist_t *pending = smartlist_new(); + circuit_get_all_pending_on_channel(pending, chan); + SMARTLIST_FOREACH_BEGIN(pending, circuit_t *, circ) { +if (!CIRCUIT_IS_ORIGIN(circ)) + continue; + +origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ); +entry_guard_failed(gs, _circ->guard_state); + } SMARTLIST_FOREACH_END(circ); + smartlist_free(pending); } /** ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Mark some more BUG lines as unreachable.
commit bce0f79252e12a791c50e9b11ceb5867eeb07559 Author: Nick MathewsonDate: Wed Nov 23 15:33:02 2016 -0500 Mark some more BUG lines as unreachable. --- src/or/entrynodes.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index cf35b02..1501bf7 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -539,7 +539,9 @@ remove_guard_from_confirmed_and_primary_lists(guard_selection_t *gs, found_guard = smartlist_get(gs->confirmed_entry_guards, guard->confirmed_idx); if (BUG(guard != found_guard)) { + // LCOV_EXCL_START smartlist_remove_keeporder(gs->confirmed_entry_guards, guard); + // LCOV_EXCL_STOP } else { smartlist_del_keeporder(gs->confirmed_entry_guards, guard->confirmed_idx); @@ -548,7 +550,9 @@ remove_guard_from_confirmed_and_primary_lists(guard_selection_t *gs, guard->confirmed_on_date = 0; } else { if (BUG(smartlist_contains(gs->confirmed_entry_guards, guard))) { + // LCOV_EXCL_START smartlist_remove_keeporder(gs->confirmed_entry_guards, guard); + // LCOV_EXCL_STOP } } } @@ -903,10 +907,10 @@ STATIC void make_guard_confirmed(guard_selection_t *gs, entry_guard_t *guard) { if (BUG(guard->confirmed_on_date && guard->confirmed_idx >= 0)) -return; +return; // LCOV_EXCL_LINE if (BUG(smartlist_contains(gs->confirmed_entry_guards, guard))) -return; +return; // LCOV_EXCL_LINE const int GUARD_LIFETIME = GUARD_LIFETIME_DAYS * 86400; guard->confirmed_on_date = randomize_time(approx_time(), GUARD_LIFETIME/10); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Initial code to parse/encode/sample prop271 guards
commit dd6def5daf5b0b579a61c9e83cfa905b333f99a1 Author: Nick MathewsonDate: Mon Nov 14 15:46:09 2016 -0500 Initial code to parse/encode/sample prop271 guards The encoding code is very straightforward. The decoding code is a bit tricky, but clean-ish. The sampling code is untested and probably needs more work. --- src/or/entrynodes.c| 310 - src/or/entrynodes.h| 14 +- src/test/test_entrynodes.c | 243 +++ 3 files changed, 564 insertions(+), 3 deletions(-) diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index c96ff09..9af7140 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -77,6 +77,11 @@ struct guard_selection_s { int dirty; /** + * A list of the sampled entry guards, as entry_guard_t structures. + * Not in any particular order. */ + smartlist_t *sampled_entry_guards; + + /** * A list of our chosen entry guards, as entry_guard_t structures; this * preserves the pre-Prop271 behavior. */ @@ -87,6 +92,8 @@ struct guard_selection_s { * config's EntryNodes first? This was formerly a global. */ int should_add_entry_nodes; + + int filtered_up_to_date; }; static smartlist_t *guard_contexts = NULL; @@ -118,6 +125,7 @@ guard_selection_new(void) gs = tor_malloc_zero(sizeof(*gs)); gs->chosen_entry_guards = smartlist_new(); + gs->sampled_entry_guards = smartlist_new(); return gs; } @@ -191,6 +199,293 @@ entry_guard_get_pathbias_state(entry_guard_t *guard) return >pb; } +/** Return an interval betweeen 'now' and 'max_backdate' seconds in the past, + * chosen uniformly at random. */ +STATIC time_t +randomize_time(time_t now, time_t max_backdate) +{ + tor_assert(max_backdate > 0); + + time_t earliest = now - max_backdate; + time_t latest = now; + if (earliest <= 0) +earliest = 1; + if (latest <= earliest) +latest = earliest + 1; + + return crypto_rand_time_range(earliest, latest); +} + +/** + * DOCDOC + */ +STATIC void +entry_guard_add_to_sample(guard_selection_t *gs, + node_t *node) +{ + (void) entry_guard_add_to_sample; // prop271 remove -- unused + const int GUARD_LIFETIME = 90 * 86400; // prop271 + tor_assert(gs); + tor_assert(node); + + // prop271 take ed25519 identity here too. + + /* make sure that the guard is not already sampled. */ + SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, + entry_guard_t *, sampled) { +if (BUG(tor_memeq(node->identity, sampled->identity, DIGEST_LEN))) { + return; +} + } SMARTLIST_FOREACH_END(sampled); + + entry_guard_t *guard = tor_malloc_zero(sizeof(entry_guard_t)); + + /* persistent fields */ + memcpy(guard->identity, node->identity, DIGEST_LEN); + strlcpy(guard->nickname, node_get_nickname(node), sizeof(guard->nickname)); + guard->sampled_on_date = randomize_time(approx_time(), GUARD_LIFETIME/10); + tor_free(guard->sampled_by_version); + guard->sampled_by_version = tor_strdup(VERSION); + guard->confirmed_idx = -1; + + /* non-persistent fields */ + guard->is_reachable = GUARD_REACHABLE_MAYBE; + + smartlist_add(gs->sampled_entry_guards, guard); + gs->filtered_up_to_date = 0; + + entry_guards_changed_for_guard_selection(gs); +} + +/** + * Return a newly allocated string for encoding the persistent parts of + * guard to the state file. + */ +STATIC char * +entry_guard_encode_for_state(entry_guard_t *guard) +{ + /* + * The meta-format we use is K=V K=V K=V... where K can be any + * characters excepts space and =, and V can be any characters except + * space. The order of entries is not allowed to matter. + * Unrecognized K=V entries are persisted; recognized but erroneous + * entries are corrected. + */ + + smartlist_t *result = smartlist_new(); + char tbuf[ISO_TIME_LEN+1]; + + tor_assert(guard); + + smartlist_add_asprintf(result, "rsa_id=%s", + hex_str(guard->identity, DIGEST_LEN)); + if (strlen(guard->nickname)) { +smartlist_add_asprintf(result, "nickname=%s", guard->nickname); + } + + format_iso_time_nospace(tbuf, guard->sampled_on_date); + smartlist_add_asprintf(result, "sampled_on=%s", tbuf); + + if (guard->sampled_by_version) { +smartlist_add_asprintf(result, "sampled_by=%s", + guard->sampled_by_version); + } + + if (guard->unlisted_since_date > 0) { +format_iso_time_nospace(tbuf, guard->unlisted_since_date); +smartlist_add_asprintf(result, "unlisted_since=%s", tbuf); + } + + smartlist_add_asprintf(result, "listed=%d", + (int)guard->currently_listed); + + if (guard->confirmed_idx >= 0) { +format_iso_time_nospace(tbuf, guard->confirmed_on_date); +smartlist_add_asprintf(result, "confirmed_on=%s", tbuf); + +smartlist_add_asprintf(result, "confirmed_idx=%d", guard->confirmed_idx); + } + + if