Nick Mathewson [Thu, 21 Sep 2017 18:34:36 +0000 (14:34 -0400)]
Audit all of the "is the network turned off" checks.
DisableNetwork is a subset of net_is_disabled(), which is (now) a
subset of should_delay_dir_fetches().
Some of these changes are redundant with others higher or lower in
the call stack. The ones that I think are behavior-relevant are
listed in the changes file. I've also added comments in a few
places where the behavior is subtle.
David Goulet [Wed, 8 Nov 2017 19:36:04 +0000 (14:36 -0500)]
dirauth: Recalculate voting schedule at first vote
Commit e67f4441eb2646368e3e7cb1bcee403667b786f0 introduced a safeguard against
using an uninitialized voting schedule object. However, the dirvote_act() code
was looking roughly at the same thing to know if it had to compute the timings
before voting with this condition:
if (!voting_schedule.voting_starts) {
...
dirvote_recalculate_timing(options, now);
}
The sr_init() function is called very early and goes through the safeguard
thus the voting schedule is always initilized before the first vote.
That first vote is a crucial one because we need to have our voting schedule
aligned to the "now" time we are about to use for voting. Then, the schedule
is updated when we publish our consensus or/and when we set a new consensus.
From that point on, we only want to update the voting schedule through that
code flow.
This "created_on_demand" is indicating that the timings have been recalculated
on demand by another subsystem so if it is flagged, we know that we need to
ignore its values before voting.
Fixes #24186
Signed-off-by: David Goulet <dgoulet@torproject.org>
Nick Mathewson [Wed, 8 Nov 2017 18:22:16 +0000 (13:22 -0500)]
Don't delay descriptor fetches when missing info needed for circuits
When we have fewer than 15 descriptors to fetch, we will delay the
fetch for a little while. That's fine, if we can go ahead and build
circuits... but if not, it's a poor choice indeed.
Fixes bug 23985; bugfix on 0.1.1.11-alpha.
In 0.3.0.3-alpha, when we made primary guard descriptors necessary
for circuit building, this situation got worse.
teor [Wed, 8 Nov 2017 03:09:50 +0000 (14:09 +1100)]
Use node counts in networks with all zero-bandwidths
When calculating the fraction of nodes that have descriptors, and all
all nodes in the network have zero bandwidths, count the number of nodes
instead.
Nick Mathewson [Fri, 22 Sep 2017 19:29:15 +0000 (15:29 -0400)]
Remove an erroneous 0.5 in compute_weighted_bandwidths()
Back in 0.2.4.3-alpha (e106812a778f537), when we switched from using
double to using uint64 for selecting by bandwidth, I got the math
wrong: I should have used llround(x), or (uint64_t)(x+0.5), but
instead I wrote llround(x+0.5). That means we would always round
up, rather than rounding to the closest integer
David Goulet [Wed, 8 Nov 2017 14:44:39 +0000 (09:44 -0500)]
sched: Ignore closed channel after flushing cells
The flush cells process can close a channel if the connection write fails but
still return that it flushed at least one cell. This is due because the error
is not propagated up the call stack so there is no way of knowing if the flush
actually was successful or not.
Because this would require an important refactoring touching multiple
subsystems, this patch is a bandaid to avoid the KIST scheduler to handle
closed channel in its loop.
Bandaid on #23751.
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Tue, 7 Nov 2017 16:14:45 +0000 (11:14 -0500)]
Add a safe guard to avoid using a zeroed voting schedule
dirvote_get_next_valid_after_time() is the only public function that uses the
voting schedule outside of the dirvote subsystem so if it is zeroed,
recalculate its timing if we can that is if a consensus exists.
Part of #24161
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Tue, 7 Nov 2017 16:08:12 +0000 (11:08 -0500)]
Recalculate voting schedule first when getting a new consensus
Because the HS and SR subsystems can use the voting schedule early (with the
changes in #23623 making the SR subsystem using the static voting schedule
object), we need to recalculate the schedule very early when setting the new
consensus.
Fixes #24161
Signed-off-by: David Goulet <dgoulet@torproject.org>
Nick Mathewson [Sun, 5 Nov 2017 17:21:16 +0000 (12:21 -0500)]
Fix a memory leak on decryption non-failure of v3 hsdesc
If it decrypts something that turns out to start with a NUL byte,
then decrypt_desc_layer() will return 0 to indicate the length of
its result. But 0 also indicates an error, which causes the result
not to be freed by decrypt_desc_layer()'s callers.
Since we're trying to stabilize 0.3.2.x, I've opted for the simpler
possible fix here and made it so that an empty decrypted string will
also count as an error.
Fixes bug 24150 and OSS-Fuzz issue 3994.
The original bug was present but unreachable in 0.3.1.1-alpha. I'm
calling this a bugfix on 0.3.2.1-alpha since that's the first version
where you could actually try to decrypt these descriptors.
Damian Johnson [Sun, 5 Nov 2017 20:21:28 +0000 (12:21 -0800)]
Fix manual formatting
Few issues...
* Malformed ReducedExitPolicy, causing brackets to appear.
* ExitPolicyDefault wasn't actually listed, instead it munged the description
into the ExitPolicy description.
* Extra plus signs in the ExitPolicy and ReducedExitPolicy entries. After an
hour of struggling with asciidoc couldn't figure out how to format it as
'paragraph => example => paragraph with same indentation' so just
rearranging the ExitPolicy entry.
Patches welcome if someone strongly prefers having the paragraph after the
example.
David Goulet [Wed, 1 Nov 2017 16:15:15 +0000 (12:15 -0400)]
nodelist: Downgrade warning to protocol warning
The node_get_ed25519_id() warning can actually be triggered by a relay flagged
with NoEdConsensus so instead of triggering a warning on all relays of the
network, downgrade it to protocol warning.
Fixes #24025
Signed-off-by: David Goulet <dgoulet@torproject.org>
projects / thirdparty / tor.git / log
