Robert Ransom [Sat, 6 Aug 2011 20:42:32 +0000 (13:42 -0700)]
Fix handling of ISO_STREAM
Now we track *which* stream with ISO_STREAM set is associated to a
particular circuit, so that we won't think that stream is incompatible
with its circuit and launch another one a second later, and we use that
same field to mark circuits which have had an ISO_STREAM stream attached
to them, so that we won't ever put a second stream on that circuit.
Karsten Loesing [Thu, 4 Aug 2011 10:28:12 +0000 (12:28 +0200)]
Separate generation of a dirreq-stats string from writing it to disk.
This patch separates the generation of a dirreq-stats string from
actually writing it to disk. The new geoip_format_dirreq_stats()
generates a dirreq-stats string that geoip_dirreq_stats_write() writes
to disk. All the state changing (e.g., resetting the dirreq-stats
history and initializing the next measurement interval) takes place in
geoip_dirreq_stats_write(). That allows us to finally test the
dirreq-stats code better.
Karsten Loesing [Wed, 3 Aug 2011 11:29:03 +0000 (13:29 +0200)]
Add unit tests for buffer-stats.
Now that formatting the buffer-stats string is separate from writing
it to disk, we can also decouple the logic to extract stats from
circuits and finally write some unit tests for the history code.
Karsten Loesing [Wed, 3 Aug 2011 11:26:49 +0000 (13:26 +0200)]
Separate generation of a buffer-stats string from writing it to disk.
The new rep_hist_format_buffer_stats() generates a buffer-stats string
that rep_hist_buffer_stats_write() writes to disk. All the state
changing (e.g., resetting the buffer-stats history and initializing
the next measurement interval) takes place in
rep_hist_buffer_stats_write(). That allows us to finally test the
buffer-stats code better.
Karsten Loesing [Wed, 3 Aug 2011 11:33:48 +0000 (13:33 +0200)]
Create cell-stats history even if we didn't see a single circuit.
So far, if we didn't see a single circuit, we refrained from
generating a cell-stats string and logged a warning. Nobody will
notice the warning, and people will wonder why there's no cell-stats
string in the extra-info descriptor. The better behavior is to
generate a cell-stats string with all zeros.
Karsten Loesing [Thu, 4 Aug 2011 18:53:53 +0000 (20:53 +0200)]
Replace files in stats/ rather than appending to them.
Right now, we append statistics to files in the stats/ directory for
half of the statistics, whereas we overwrite these files for the other
half. In particular, we append buffer, dirreq, and entry stats and
overwrite exit, connection, and bridge stats.
Appending to files was useful when we didn't include stats in extra-info
descriptors, because otherwise we'd have to copy them away to prevent
Tor from overwriting them.
But now that we include statistics in extra-info descriptors, it makes
no sense to keep the old statistics forever. We should change the
behavior to overwriting instead of appending for all statistics.
Nick Mathewson [Thu, 4 Aug 2011 16:03:31 +0000 (12:03 -0400)]
Treat socks_request->{username,password} as non-NUL-terminated
They *are* non-NUL-terminated, after all (and they have to be, since
the SOCKS5 spec allows them to contain embedded NULs. But the code
to implement proposal 171 was copying them with tor_strdup and
comparing them with strcmp_opt.
Fix for bug on 3683; bug not present in any yet-released version.
Nick Mathewson [Tue, 2 Aug 2011 14:48:39 +0000 (10:48 -0400)]
Implement protocol-type isolation correctly.
Previously we'd just looked at the connection type, but that's
always CONN_TYPE_AP. Instead, we should be looking at the type of
the listener that created the connection.
Nick Mathewson [Mon, 1 Aug 2011 16:36:59 +0000 (12:36 -0400)]
Initial patch to build Tor with msvc and nmake
We'll still need to tweak it so that it looks for includes and
libraries somewhere more sensible than "where we happened to find
them on Erinn's system"; so that tests and tools get built too;
so that it's a bit documented; and so that we actually try running
the output.
Nick Mathewson [Wed, 20 Jul 2011 17:16:06 +0000 (13:16 -0400)]
Check return value in fmt_addr
Previously, if tor_addr_to_str() returned NULL, we would reuse the
last value returned by fmt_addr(). (This could happen if we were
erroneously asked to format an AF_UNSPEC address.) Now instead we
return "???".
Nick Mathewson [Wed, 20 Jul 2011 13:50:53 +0000 (09:50 -0400)]
Merge branch 'optimistic-client'
The conflicts are with the proposal 171 circuit isolation code, and
they're all trivial: they're just a matter of both branches adding
some unrelated code in the same places.
Nick Mathewson [Wed, 20 Jul 2011 00:40:15 +0000 (20:40 -0400)]
Fix spurious warning in bufferevent socks parsing
The problem was that we weren't initializing want_length to 0 before
calling parse_socks() the first time, so it looked like we were
risking an infinite loop when in fact we were safe.
Nick Mathewson [Tue, 19 Jul 2011 17:51:43 +0000 (13:51 -0400)]
Take a smarter approach to clearing isolation info
Back when I added this logic in 20c0581a79, the rule was that whenever
a circuit finished building, we cleared its isolation info. I did that
so that we would still use the circuit even if all the streams that
had previously led us to tentatively set its isolation info had closed.
But there were problems with that approach: We could pretty easily get
into a case where S1 had led us to launch C1 and S2 had led us to
launch C2, but when C1 finished, we cleared its isolation and attached
S2 first. Since C2 was still marked in a way that made S1
unattachable to it, we'd then launch another circuit needlessly.
So instead, we try the following approach now: when a circuit is done
building, we try to attach streams to it. If it remains unused after
we try attaching streams, then we clear its isolation info, and try
again to attach streams.
Thanks to Sebastian for helping me figure this out.
Nick Mathewson [Fri, 8 Jul 2011 19:15:59 +0000 (15:15 -0400)]
Implement destaddr-based isolation
The new candidate rule, which arma suggested and I like, is that
the original address as received from the client connection or as
rewritten by the controller is the address that counts.
Nick Mathewson [Thu, 7 Jul 2011 18:54:54 +0000 (14:54 -0400)]
Add an option to limit the number of non-open client circuits.
This is mainly meant as a way to keep clients from accidentally
DOSing themselves by (e.g.) enabling IsolateDestAddr or
IsolateDestPort on a port that they use for HTTP.
Nick Mathewson [Thu, 7 Jul 2011 14:40:23 +0000 (10:40 -0400)]
Launch sufficient circuits to satisfy pending isolated streams
Our old "do we need to launch a circuit for stream S" logic was,
more or less, that if we had a pending circuit that could handle S,
we didn't need to launch a new one.
But now that we have streams isolated from one another, we need
something stronger here: It's possible that some pending C can
handle either S1 or S2, but not both.
This patch reuses the existing isolation logic for a simple
solution: when we decide during circuit launching that some pending
C would satisfy stream S1, we "hypothetically" mark C as though S1
had been connected to it. Now if S2 is incompatible with S1, it
won't be something that can attach to C, and so we'll launch a new
stream.
When the circuit becomes OPEN for the first time (with no streams
attached to it), we reset the circuit's isolation status. I'm not
too sure about this part: I wanted some way to be sure that, if all
streams that would have used a circuit die before the circuit is
done, the circuit can still get used. But I worry that this
approach could also lead to us launching too many circuits. Careful
thought needed here.
Nick Mathewson [Wed, 6 Jul 2011 21:08:24 +0000 (17:08 -0400)]
Implement stream isolation
This is the meat of proposal 171: we change circuit_is_acceptable()
to require that the connection is compatible with every connection
that has been linked to the circuit; we update circuit_is_better to
prefer attaching streams to circuits in the way that decreases the
circuits' usefulness the least; and we update link_apconn_to_circ()
to do the appropriate bookkeeping.
Nick Mathewson [Wed, 6 Jul 2011 20:39:54 +0000 (16:39 -0400)]
Add a new isolation type and field: "nym epoch"
The "nym epoch" of a stream is defined as the number of times that
NEWNYM had been called before the stream was opened. All streams
are isolated by nym epoch.
This feature should be redundant with existing signewnym stuff, but
it provides a good belt-and-suspenders way for us to avoid ever
letting any circuit type bypass signewnym.
Nick Mathewson [Wed, 6 Jul 2011 20:03:47 +0000 (16:03 -0400)]
(Unused) backend logic for stream isolation
This patch adds fields to track how streams should be isolated, and
ensures that those fields are set correctly. It also adds fields to
track what streams can go on a circuit, and adds functions to see
whether a streams can go on a circuit and update the circuit
accordingly. Those functions aren't yet called.
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.
Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t. Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them. Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.
We should do a related refactoring on other port types. For
control ports, that'll be easy enough. For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).
Nick Mathewson [Mon, 18 Jul 2011 17:56:22 +0000 (13:56 -0400)]
Only use optimistic data with exits that support it
This adds a little code complexity: we need to remember for each
node whether it supports the right feature, and then check for each
connection whether it's exiting at such a node. We store this in a
flag in the edge_connection_t, and set that flag at link time.
Nick Mathewson [Mon, 18 Jul 2011 17:00:48 +0000 (13:00 -0400)]
Initial optimistic_client fixes
- Conform to make check-spaces
- Build without warnings from passing size_t to %d
- Use connection_get_inbuf_len(), not buf_datalen (otherwise bufferevents
won't work).
- Don't log that we're using this feature at warn.
Nick Mathewson [Fri, 15 Jul 2011 22:53:29 +0000 (18:53 -0400)]
Fix bug in upload/download of hsdesc with microdescs
Previously we were using router_get_by_id(foo) to test "do we have a
descriptor that will let us make an anonymous circuit to foo". But
that isn't right for microdescs: we should have been using node_t.
Nick Mathewson [Fri, 15 Jul 2011 16:58:13 +0000 (12:58 -0400)]
Remove compare_addr_to_node_policy
Instead, use compare_tor_addr_to_node_policy everywhere.
One advantage of this is that compare_tor_addr_to_node_policy can
better distinguish 0.0.0.0 from "unknown", which caused a nasty bug
with microdesc users.
Nick Mathewson [Fri, 15 Jul 2011 16:44:51 +0000 (12:44 -0400)]
Treat null address as "unknown", not "rejected" in md policy
Previously, we had an issue where we'd treat an unknown address as
0, which turned into "0.0.0.0", which looked like a rejected
address. This meant in practice that as soon as we started doing
comparisons of unknown uint32 addresses to short policies, we'd get
'rejected' right away. Because of the circumstances under which
this would be called, it would only happen when we had local DNS
cached entries and we were looking to launch new circuits.
projects / thirdparty / tor.git / log
