[tor-commits] [onionoo/master] Clarify how searches by IP address are performed.
commit 2a7048f8119eb40dae86ec6b5e9d04efe06ea0ae
Author: Karsten Loesing karsten.loes...@gmx.net
Date: Thu Aug 15 11:49:33 2013 +0200
Clarify how searches by IP address are performed.
---
test/org/torproject/onionoo/ResourceServletTest.java | 17 -
web/index.html |3 +++
2 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/test/org/torproject/onionoo/ResourceServletTest.java
b/test/org/torproject/onionoo/ResourceServletTest.java
index 2d131b4..9ef12d8 100644
--- a/test/org/torproject/onionoo/ResourceServletTest.java
+++ b/test/org/torproject/onionoo/ResourceServletTest.java
@@ -557,15 +557,20 @@ public class ResourceServletTest {
}
@Test()
- public void testSearchIpv6Slash64() {
-/* TODO This request should return one bridge. */
+ public void testSearchIpv6Slash64NoTrailingBracket() {
+ResourceServletTestHelper.assertSummaryDocument(this.tempOutDir,
+/summary?search=[2001:4f8:3:2e::, 1,
+new String[] { Ferrari458 }, 0, null);
+ }
+
+ @Test()
+ public void testSearchIpv6Slash64TrailingBracket() {
ResourceServletTestHelper.assertSummaryDocument(this.tempOutDir,
/summary?search=[2001:4f8:3:2e::], 0, null, 0, null);
}
@Test()
public void testSearchIpv6Uncompressed() {
-/* TODO This request should return one bridge. */
ResourceServletTestHelper.assertSummaryDocument(this.tempOutDir,
/summary?search=[2001:04f8:0003:002e::::0051], 0,
null, 0, null);
@@ -580,24 +585,18 @@ public class ResourceServletTest {
@Test()
public void testSearchIpv6ThreeColons() {
-/* TODO This request should fail with a 400 status code, because the
- * given IPv6 address is invalid. */
ResourceServletTestHelper.assertSummaryDocument(this.tempOutDir,
/summary?search=[2001:4f8:3:2e:::51], 0, null, 0, null);
}
@Test()
public void testSearchIpv6FiveHex() {
-/* TODO This request should fail with a 400 status code, because the
- * given IPv6 address is invalid. */
ResourceServletTestHelper.assertSummaryDocument(this.tempOutDir,
/summary?search=[20014:f80:3:2e::51], 0, null, 0, null);
}
@Test()
public void testSearchIpv6NineGroups() {
-/* TODO This request should fail with a 400 status code, because the
- * given IPv6 address is invalid. */
ResourceServletTestHelper.assertSummaryDocument(this.tempOutDir,
/summary?search=[1:2:3:4:5:6:7:8:9], 0, null, 0, null);
}
diff --git a/web/index.html b/web/index.html
index 888130e..e0b2b99 100755
--- a/web/index.html
+++ b/web/index.html
@@ -666,6 +666,9 @@ Parameter values are case-insensitive.
matching (part of a) nickname, (possibly $-prefixed) beginning of a
fingerprint, or beginning of an IP address, and bridges with (part of a)
nickname or (possibly $-prefixed) beginning of a hashed fingerprint.
+Searches for beginnings of IP addresses are performed on textual
+representations of canonical IP address forms, so that searches using CIDR
+notation or non-canonical forms will return empty results.
Searches are case-insensitive.
If multiple search terms are given, separated by spaces, the intersection
of all relays and bridges matching all search terms will be returned.
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/liveusb-creator] Update translations for liveusb-creator
commit b2d8187b6895fec0f176f20aff5db4930ea65a54 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 14:16:17 2013 + Update translations for liveusb-creator --- pt/pt.po | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pt/pt.po b/pt/pt.po index 45a32ff..3ad5f07 100644 --- a/pt/pt.po +++ b/pt/pt.po @@ -10,7 +10,7 @@ msgstr Project-Id-Version: The Tor Project\n Report-Msgid-Bugs-To: https://trac.torproject.org/projects/tor\n; POT-Creation-Date: 2013-08-07 16:08+0200\n -PO-Revision-Date: 2013-08-13 19:30+\n +PO-Revision-Date: 2013-08-15 14:10+\n Last-Translator: SonhosDigitais sonhosdigit...@gmx.com\n Language-Team: Portuguese (http://www.transifex.com/projects/p/torproject/language/pt/)\n MIME-Version: 1.0\n @@ -153,7 +153,7 @@ msgstr A unidade é um loopback, a saltar o reset do MBR #: ../liveusb/creator.py:808 #, python-format msgid Entering unmount_device for '%(device)s' -msgstr +msgstr A entrar desmontar_dispositivo em '%(device)s' #: ../liveusb/creator.py:1182 msgid Error probing device @@ -254,12 +254,12 @@ msgstr A partição é FAT16; A restringir a área persistente a 2GB #: ../liveusb/gui.py:539 msgid Partition is FAT32; Restricting overlay size to 4G -msgstr +msgstr A partição é FAT32; a restringir o armazenamento permanente em 4GB #: ../liveusb/creator.py:226 ../liveusb/creator.py:837 #, python-format msgid Partitioning device %(device)s -msgstr +msgstr A particionar o dispositivo %(device)s #: ../liveusb/gui.py:610 msgid Persistent Storage @@ -461,12 +461,12 @@ msgstr Versão desconhecida: %s #: ../liveusb/creator.py:822 #, python-format msgid Unmounting '%(udi)s' on '%(device)s' -msgstr +msgstr A desmontar '%(udi)s' em '%(device)s' #: ../liveusb/creator.py:818 #, python-format msgid Unmounting mounted filesystems on '%(device)s' -msgstr +msgstr A desmontar partições em '%(device)s' #: ../liveusb/creator.py:765 ../liveusb/creator.py:877 #, python-format ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere] Update translations for https_everywhere
commit 9171d37cd67ff0d641589e437e3a6dc77920984a Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 14:46:11 2013 + Update translations for https_everywhere --- pt/ssl-observatory.dtd | 48 +++- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/pt/ssl-observatory.dtd b/pt/ssl-observatory.dtd index 2d3cd54..9a157a8 100644 --- a/pt/ssl-observatory.dtd +++ b/pt/ssl-observatory.dtd @@ -3,7 +3,7 @@ !ENTITY ssl-observatory.popup.later Perguntar Mais Tarde !ENTITY ssl-observatory.popup.no Não -!ENTITY ssl-observatory.popup.text HTTPS Everywhere pode detectar ataques ao seu navegador através do envio dos certificados que você recebe ao Observatory. Ativar isso? +!ENTITY ssl-observatory.popup.text HTTPS Everywhere pode detectar ataques ao seu navegador através do envio dos certificados que você recebe ao Observatory. Ativar funcionalidade? !--!ENTITY ssl-observatory.popup.text EFF's SSL Observatory can detect attacks against HTTPS websites by collecting @@ -11,23 +11,23 @@ and auditing the certificates being presented to your browser. Would you like to turn it on?-- !ENTITY ssl-observatory.popup.title -HTTPS Everywhere deve usar o SSL Observatory? +HTTPS Everywhere deve usar o Observatório SSL? !ENTITY ssl-observatory.popup.yes Sim !-- Observatory preferences dialog -- !ENTITY ssl-observatory.prefs.adv_priv_opts1 -à apropriado ativar isso, a menos que use uma rede corporativa muito intrusa: +à seguro ativar a funcionalidade, a menos que use uma rede empresarial muito intrusiva: !ENTITY ssl-observatory.prefs.adv_priv_opts2 -Apropriado, a menos que use uma rede corporativa com servidores de intranet cujos nomes consideram-se confidencias: +Apropriado, a menos que use uma rede empresarial, com servidores de intranet cujos nomes sejam confidenciais: !ENTITY ssl-observatory.prefs.alt_roots -Submeter e verificar certificados assinados por ACs raizes não padrões +Submeter e verificar certificados assinados por CAs raizes não padrões !ENTITY ssl-observatory.prefs.alt_roots_tooltip -à apropriado (e uma boa idéia) ativar esta opção, a menos que use uma rede corporativa que vigia sua navegação por meio de um proxy TLS e uma Autoridade Certificadora Raiz privada. Se for ativada em tal rede, esta opção poderá divulgar detalhes dos domÃnios https:// especÃficos que se acessaram através daquele proxy, por causa dos certificados distintivos assim criados. Por isso, esta opção é desativada por padrão. +à apropriado (e uma boa ideia) ativar esta opção, a menos que use uma rede corporativa que vigia sua navegação por meio de um proxy TLS e uma Autoridade Certificadora Raiz privada. Se for ativada em tal rede, esta opção poderá divulgar detalhes dos domÃnios https:// especÃficos que se acessaram através daquele proxy, por causa dos certificados distintivos assim criados. Por isso, esta opção é desativada por padrão. !ENTITY ssl-observatory.prefs.anonymous Verificar certificados usando Tor pelo anonimato !ENTITY ssl-observatory.prefs.anonymous_unavailable @@ -44,7 +44,10 @@ to turn it on?-- !ENTITY ssl-observatory.prefs.done Completo !ENTITY ssl-observatory.prefs.explanation - +HTTPS Everywhere pode usar o Observatório SSL da EFF's. Acontecem duas coisas: (1) +envia cópias dos certificados HTTPS para o Observatório, para nos ajudarem +a detetar ataques 'man in the middle' e a melhorar a segurança na Web; e (2) +permite-nos avisá-lo sobre ligações inseguras ou ataques ao seu navegador. !--!ENTITY ssl-observatory.prefs.explanation2 When you visit https://www.example.com, the Observatory will learn that @@ -53,34 +56,37 @@ Mouseover the options for further details:-- !ENTITY ssl-observatory.prefs.explanation2 - +Por exemplo, ao visitar https://www.something.com, o certificado +recebido pelo Observatório vai indicar que alguém visitou +https://www.something.com, mas não quem visitou o sÃtio ou que página foi especificamente +visualizada. Passe com o rato em cima das opções para mais pormenores: -!ENTITY ssl-observatory.prefs.hide +!ENTITY ssl-observatory.prefs.hide Esconder opções avançadas !ENTITY ssl-observatory.prefs.nonanon - +Conferir os certificados mesmo que o Tor não esteja disponÃvel !ENTITY ssl-observatory.prefs.nonanon_tooltip - +Vamos tentar manter os dados anónimos, mas esta opção é menos segura !ENTITY ssl-observatory.prefs.priv_dns - +Submeter e conferir certificados para nomes DNS não-públicos !ENTITY ssl-observatory.prefs.priv_dns_tooltip - +Se não ativar esta opção, o Observatório não vai guardar os certificados para nomes que não consiga resolver pelo DNS. -!ENTITY ssl-observatory.prefs.show +!ENTITY ssl-observatory.prefs.show Mostrar opções avançadas !ENTITY ssl-observatory.prefs.title Preferências do SSL Observatory -!ENTITY
[tor-commits] [translation/https_everywhere_completed] Update translations for https_everywhere_completed
commit 9708f20e19b082b7f6050b985daf16c0a79fe5c1 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 14:46:17 2013 + Update translations for https_everywhere_completed --- pt/ssl-observatory.dtd | 59 +--- 1 file changed, 31 insertions(+), 28 deletions(-) diff --git a/pt/ssl-observatory.dtd b/pt/ssl-observatory.dtd index 3056e04..9a157a8 100644 --- a/pt/ssl-observatory.dtd +++ b/pt/ssl-observatory.dtd @@ -3,7 +3,7 @@ !ENTITY ssl-observatory.popup.later Perguntar Mais Tarde !ENTITY ssl-observatory.popup.no Não -!ENTITY ssl-observatory.popup.text HTTPS Everywhere pode detectar ataques ao seu navegador através do envio dos certificados que você recebe ao Observatory. Ativar isso? +!ENTITY ssl-observatory.popup.text HTTPS Everywhere pode detectar ataques ao seu navegador através do envio dos certificados que você recebe ao Observatory. Ativar funcionalidade? !--!ENTITY ssl-observatory.popup.text EFF's SSL Observatory can detect attacks against HTTPS websites by collecting @@ -11,29 +11,29 @@ and auditing the certificates being presented to your browser. Would you like to turn it on?-- !ENTITY ssl-observatory.popup.title -HTTPS Everywhere deve usar o SSL Observatory? +HTTPS Everywhere deve usar o Observatório SSL? !ENTITY ssl-observatory.popup.yes Sim !-- Observatory preferences dialog -- !ENTITY ssl-observatory.prefs.adv_priv_opts1 -à apropriado ativar isso, a menos que use uma rede corporativa muito intrusa: +à seguro ativar a funcionalidade, a menos que use uma rede empresarial muito intrusiva: !ENTITY ssl-observatory.prefs.adv_priv_opts2 -Apropriado, a menos que use uma rede corporativa com servidores de intranet cujos nomes consideram-se confidencias: +Apropriado, a menos que use uma rede empresarial, com servidores de intranet cujos nomes sejam confidenciais: !ENTITY ssl-observatory.prefs.alt_roots -Submeter e verificar certificados assinados por ACs raizes não padrões +Submeter e verificar certificados assinados por CAs raizes não padrões !ENTITY ssl-observatory.prefs.alt_roots_tooltip -à apropriado (e uma boa idéia) ativar esta opção, a menos que use uma rede corporativa que vigia sua navegação por meio de um proxy TLS e uma Autoridade Certificadora Raiz privada. Se for ativada em tal rede, esta opção poderá divulgar detalhes dos domÃnios https:// especÃficos que se acessaram através daquele proxy, por causa dos certificados distintivos assim criados. Por isso, esta opção é desativada por padrão. +à apropriado (e uma boa ideia) ativar esta opção, a menos que use uma rede corporativa que vigia sua navegação por meio de um proxy TLS e uma Autoridade Certificadora Raiz privada. Se for ativada em tal rede, esta opção poderá divulgar detalhes dos domÃnios https:// especÃficos que se acessaram através daquele proxy, por causa dos certificados distintivos assim criados. Por isso, esta opção é desativada por padrão. !ENTITY ssl-observatory.prefs.anonymous Verificar certificados usando Tor pelo anonimato !ENTITY ssl-observatory.prefs.anonymous_unavailable Verificar certificados usando Tor pelo anonimato (precisa do Torbutton) !ENTITY ssl-observatory.prefs.anonymous_tooltip -Esta opça precisa da instalação do Tor e Torbutton +Esta opção precisa da instalação do Tor e Torbutton !ENTITY ssl-observatory.prefs.asn Quando você vê um certificado novo, avisar o Observatory do ISP ao qual você estiver ligado @@ -44,10 +44,10 @@ to turn it on?-- !ENTITY ssl-observatory.prefs.done Completo !ENTITY ssl-observatory.prefs.explanation -HTTPS Everywhere can use EFF's SSL Observatory. This does two things: (1) -sends copies of HTTPS certificates to the Observatory, to help us -detect 'man in the middle' attacks and improve the Web's security; and (2) -lets us warn you about insecure connections or attacks on your browser. +HTTPS Everywhere pode usar o Observatório SSL da EFF's. Acontecem duas coisas: (1) +envia cópias dos certificados HTTPS para o Observatório, para nos ajudarem +a detetar ataques 'man in the middle' e a melhorar a segurança na Web; e (2) +permite-nos avisá-lo sobre ligações inseguras ou ataques ao seu navegador. !--!ENTITY ssl-observatory.prefs.explanation2 When you visit https://www.example.com, the Observatory will learn that @@ -56,34 +56,37 @@ Mouseover the options for further details:-- !ENTITY ssl-observatory.prefs.explanation2 -For example, when you visit https://www.something.com, the certificate -received by the Observatory will indicate that somebody visited -www.something.com, but not who visited the site, or what specific page they -looked at. Mouseover the options for further details: +Por exemplo, ao visitar https://www.something.com, o certificado +recebido pelo Observatório vai indicar que alguém visitou +https://www.something.com, mas não quem visitou o sÃtio ou
[tor-commits] [translation/vidalia_alpha] Update translations for vidalia_alpha
commit 0da0234acac9ef2a0d0ceb28c0d9e8b868a5b7b9 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:15:31 2013 + Update translations for vidalia_alpha --- pt/vidalia_pt.po |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pt/vidalia_pt.po b/pt/vidalia_pt.po index 3a913a8..1d33dea 100644 --- a/pt/vidalia_pt.po +++ b/pt/vidalia_pt.po @@ -7,7 +7,7 @@ msgstr Project-Id-Version: The Tor Project\n Report-Msgid-Bugs-To: https://trac.torproject.org/projects/tor\n; POT-Creation-Date: 2012-03-21 17:46+\n -PO-Revision-Date: 2013-07-25 13:00+\n +PO-Revision-Date: 2013-08-15 15:10+\n Last-Translator: runasand runa.sand...@gmail.com\n Language-Team: Portuguese (http://www.transifex.com/projects/p/torproject/language/pt/)\n MIME-Version: 1.0\n ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/vidalia] Update translations for vidalia
commit fa0a258fb96e555253ef07179aff2634c46f88c4 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:15:22 2013 + Update translations for vidalia --- pt/vidalia_pt.po |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pt/vidalia_pt.po b/pt/vidalia_pt.po index e178fc2..ad8eca0 100644 --- a/pt/vidalia_pt.po +++ b/pt/vidalia_pt.po @@ -10,7 +10,7 @@ msgstr Project-Id-Version: The Tor Project\n Report-Msgid-Bugs-To: https://trac.torproject.org/projects/tor\n; POT-Creation-Date: 2012-03-21 17:52+\n -PO-Revision-Date: 2013-07-25 13:00+\n +PO-Revision-Date: 2013-08-15 15:10+\n Last-Translator: runasand runa.sand...@gmail.com\n Language-Team: Portuguese (http://www.transifex.com/projects/p/torproject/language/pt/)\n MIME-Version: 1.0\n ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/vidalia_completed] Update translations for vidalia_completed
commit 86afdcda3ef95ea9a42ace5daaa14108b6c6c47a Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:15:27 2013 + Update translations for vidalia_completed --- pt/vidalia_pt.po |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pt/vidalia_pt.po b/pt/vidalia_pt.po index e178fc2..ad8eca0 100644 --- a/pt/vidalia_pt.po +++ b/pt/vidalia_pt.po @@ -10,7 +10,7 @@ msgstr Project-Id-Version: The Tor Project\n Report-Msgid-Bugs-To: https://trac.torproject.org/projects/tor\n; POT-Creation-Date: 2012-03-21 17:52+\n -PO-Revision-Date: 2013-07-25 13:00+\n +PO-Revision-Date: 2013-08-15 15:10+\n Last-Translator: runasand runa.sand...@gmail.com\n Language-Team: Portuguese (http://www.transifex.com/projects/p/torproject/language/pt/)\n MIME-Version: 1.0\n ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-progress] Update translations for tor-launcher-progress
commit aa431a38f70620796080878a1a549c3db9803910 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:16:51 2013 + Update translations for tor-launcher-progress --- pt/progress.dtd |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pt/progress.dtd b/pt/progress.dtd index afcbe11..92136c4 100644 --- a/pt/progress.dtd +++ b/pt/progress.dtd @@ -1,4 +1,4 @@ !ENTITY torprogress.dialog.title Estado do Tor -!ENTITY torprogress.openSettings +!ENTITY torprogress.openSettings Abrir Configurações !ENTITY torprogress.heading Conectando à rede Tor -!ENTITY torprogress.pleaseWait +!ENTITY torprogress.pleaseWait O Navegador Tor vai abrir-se assim que se estabeleça uma ligação à rede Tor. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-properties] Update translations for tor-launcher-properties
commit 892c704714cf420692026810f9df1ad17789dcec Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:16:47 2013 + Update translations for tor-launcher-properties --- pt/torlauncher.properties | 24 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/pt/torlauncher.properties b/pt/torlauncher.properties index 1bb158d..9aa2c5f 100644 --- a/pt/torlauncher.properties +++ b/pt/torlauncher.properties @@ -3,28 +3,28 @@ # torlauncher.error_title=Tor Launcher -# torlauncher.tor_exited=Tor unexpectedly exited. -# torlauncher.tor_controlconn_failed=Could not connect to Tor control port. -# torlauncher.tor_failed_to_start=Tor failed to start. -# torlauncher.tor_bootstrap_failed=Tor failed to establish a Tor network connection.\n\n%S +torlauncher.tor_exited=O Tor fechou-se insperadamente. +torlauncher.tor_controlconn_failed=Não foi possÃvel ligar à porta de controlo do Tor. +torlauncher.tor_failed_to_start=O Tor falhou a inicialização. +torlauncher.tor_bootstrap_failed=o Tor não conseguiu ligar-se à rede Tor.\n\n %S -# torlauncher.unable_to_start_tor=Unable to start Tor.\n\n%S -# torlauncher.tor_missing=The Tor executable is missing. -# torlauncher.torrc_missing=The torrc file is missing. -# torlauncher.datadir_missing=The Tor data directory does not exist. -# torlauncher.password_hash_missing=Failed to get hashed password. +torlauncher.unable_to_start_tor=ImpossÃvel inicializar o Tor.\n\n %S +torlauncher.tor_missing=O executável do Tor está em falta. +torlauncher.torrc_missing=O ficheiro está em falta. +torlauncher.datadir_missing=A diretoria de dados do Tor não existe. +torlauncher.password_hash_missing=Falhou # torlauncher.failed_to_get_settings=Unable to retrieve Tor settings.\n\n%S # torlauncher.failed_to_save_settings=Unable to save Tor settings.\n\n%S # torlauncher.ensure_tor_is_running=Please ensure that Tor is running. -torlauncher.error_proxy_addr_missing=Deve especificar tanto um endereço IP ou nome do hospedeiro como um número de porta para configurar o Tor a utilizar um proxy para aceder à Internet. -torlauncher.error_proxy_type_missing=Tem de seleccionar o tipo de Proxy +torlauncher.error_proxy_addr_missing=Deve especificar tanto um endereço IP ou nome do hospedeiro como um número de porta, para configurar o Tor para utilizar um proxy para aceder à Internet. +torlauncher.error_proxy_type_missing=Tem de seleccionar o tipo de proxy torlauncher.error_bridges_missing=Deve especificar uma ou mais pontes. # torlauncher.connect=Connect torlauncher.quit=Sair -torlauncher.quit_win=Exit +torlauncher.quit_win=Sair torlauncher.done=Completo # torlauncher.forAssistance=For assistance, contact %S ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit f320bdf7f7f36067aee6e985e1e60665065596b4 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:16:59 2013 + Update translations for tails-misc --- pt.po |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pt.po b/pt.po index 6bf9761..1894244 100644 --- a/pt.po +++ b/pt.po @@ -7,8 +7,8 @@ msgid msgstr Project-Id-Version: The Tor Project\n Report-Msgid-Bugs-To: https://trac.torproject.org/projects/tor\n; -POT-Creation-Date: 2013-07-19 22:21+0200\n -PO-Revision-Date: 2013-07-25 13:00+\n +POT-Creation-Date: 2013-08-07 14:06+0200\n +PO-Revision-Date: 2013-08-15 15:10+\n Last-Translator: runasand runa.sand...@gmail.com\n Language-Team: Portuguese (http://www.transifex.com/projects/p/torproject/language/pt/)\n MIME-Version: 1.0\n ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbirdy] Update translations for torbirdy
commit 89db2be174a3c02f33e0e45e2366c1074ec278b7 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:16:39 2013 + Update translations for torbirdy --- pt/torbirdy.dtd |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pt/torbirdy.dtd b/pt/torbirdy.dtd index 6546586..174879a 100644 --- a/pt/torbirdy.dtd +++ b/pt/torbirdy.dtd @@ -1,7 +1,7 @@ -!ENTITY torbirdy.accountprefs.title -!ENTITY torbirdy.accountprefs.startup.label +!ENTITY torbirdy.accountprefs.title Configuração da Conta +!ENTITY torbirdy.accountprefs.startup.label Verifique as novas mensagens no inÃcio !ENTITY torbirdy.accountprefs.startup.key C -!ENTITY torbirdy.accountprefs.minutes.label +!ENTITY torbirdy.accountprefs.minutes.label Verifique as novas mensagens cada !ENTITY torbirdy.accountprefs.minutes.key r !ENTITY torbirdy.accountprefs.minutes.trail.label !ENTITY torbirdy.accountprefs.cancel.button Cancelar ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere] Update translations for https_everywhere
commit c7fdb874ccf777e4054238f780b1daf82d866314 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:16:21 2013 + Update translations for https_everywhere --- pt/https-everywhere.properties | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pt/https-everywhere.properties b/pt/https-everywhere.properties index 5a6f7cc..341c7ab 100644 --- a/pt/https-everywhere.properties +++ b/pt/https-everywhere.properties @@ -1,7 +1,7 @@ -https-everywhere.menu.globalEnable = Enable HTTPS Everywhere +https-everywhere.menu.globalEnable = Ativar HTTPS Everywhere https-everywhere.menu.globalDisable = Desativar HTTPS Everywhere -# https-everywhere.menu.enableDisable = Enable / Disable Rules -# https-everywhere.menu.noRules = (No Rules for This Page) -# https-everywhere.menu.unknownRules = (Rules for This Page Unknown) -# https-everywhere.toolbar.hint = HTTPS Everywhere is now active. You can toggle it on a site-by-site basis by clicking the icon in the address bar. -# https-everywhere.migration.notification0 = In order to implement a crucial fix, this update resets your HTTPS Everywhere rule preferences to their default values. +https-everywhere.menu.enableDisable = Regras de Ativação / Desativação +https-everywhere.menu.noRules = (Sem Regras para Esta Página) +https-everywhere.menu.unknownRules = (Regras Desconhecidas para Esta Página) +https-everywhere.toolbar.hint = O HTTPS Everywhere está agora ativo. Pode ativá-lo, sÃtio-a-sÃtio, clicando no Ãcone na barra de endereços. +https-everywhere.migration.notification0 = Para implementar esta correção crucial, a atualização vai alterar as suas regras do HTTPS Everywhere, para os valores originais. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere_completed] Update translations for https_everywhere_completed
commit 548f530875bb8c51250e54a841f3d4746b7b8543 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:16:27 2013 + Update translations for https_everywhere_completed --- pt/https-everywhere.properties |7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pt/https-everywhere.properties b/pt/https-everywhere.properties index 23d1c46..341c7ab 100644 --- a/pt/https-everywhere.properties +++ b/pt/https-everywhere.properties @@ -1,2 +1,7 @@ -https-everywhere.menu.globalEnable = Enable HTTPS Everywhere +https-everywhere.menu.globalEnable = Ativar HTTPS Everywhere https-everywhere.menu.globalDisable = Desativar HTTPS Everywhere +https-everywhere.menu.enableDisable = Regras de Ativação / Desativação +https-everywhere.menu.noRules = (Sem Regras para Esta Página) +https-everywhere.menu.unknownRules = (Regras Desconhecidas para Esta Página) +https-everywhere.toolbar.hint = O HTTPS Everywhere está agora ativo. Pode ativá-lo, sÃtio-a-sÃtio, clicando no Ãcone na barra de endereços. +https-everywhere.migration.notification0 = Para implementar esta correção crucial, a atualização vai alterar as suas regras do HTTPS Everywhere, para os valores originais. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-progress_completed] Update translations for tor-launcher-progress_completed
commit b9aaaf1df6fc8fd7fb1c83462e0e8ab8922c0bc8 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:16:54 2013 + Update translations for tor-launcher-progress_completed --- pt/progress.dtd |4 1 file changed, 4 insertions(+) diff --git a/pt/progress.dtd b/pt/progress.dtd new file mode 100644 index 000..92136c4 --- /dev/null +++ b/pt/progress.dtd @@ -0,0 +1,4 @@ +!ENTITY torprogress.dialog.title Estado do Tor +!ENTITY torprogress.openSettings Abrir Configurações +!ENTITY torprogress.heading Conectando à rede Tor +!ENTITY torprogress.pleaseWait O Navegador Tor vai abrir-se assim que se estabeleça uma ligação à rede Tor. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbirdy] Update translations for torbirdy
commit 8a3865dd73ad3b17be022589da60428b78316a6d Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:46:22 2013 + Update translations for torbirdy --- pt/torbirdy.dtd | 34 +- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/pt/torbirdy.dtd b/pt/torbirdy.dtd index 174879a..911d972 100644 --- a/pt/torbirdy.dtd +++ b/pt/torbirdy.dtd @@ -2,36 +2,36 @@ !ENTITY torbirdy.accountprefs.startup.label Verifique as novas mensagens no inÃcio !ENTITY torbirdy.accountprefs.startup.key C !ENTITY torbirdy.accountprefs.minutes.label Verifique as novas mensagens cada -!ENTITY torbirdy.accountprefs.minutes.key r -!ENTITY torbirdy.accountprefs.minutes.trail.label +!ENTITY torbirdy.accountprefs.minutes.key y +!ENTITY torbirdy.accountprefs.minutes.trail.label minutos !ENTITY torbirdy.accountprefs.cancel.button Cancelar !ENTITY torbirdy.accountprefs.save.button Guardar -!ENTITY torbirdy.accountprefs.save.key +!ENTITY torbirdy.accountprefs.save.key S -!ENTITY torbirdy.prefs.title +!ENTITY torbirdy.prefs.title Preferências TorBirdy !ENTITY torbirdy.prefs.save.button Guardar -!ENTITY torbirdy.prefs.save.key +!ENTITY torbirdy.prefs.save.key s !ENTITY torbirdy.prefs.cancel.button Cancelar !ENTITY torbirdy.prefs.extra2.button Testar configurações !ENTITY torbirdy.prefs.extra2.key P !ENTITY torbirdy.prefs.proxy.label Configurações do Proxy -!ENTITY torbirdy.prefs.privacy.label +!ENTITY torbirdy.prefs.privacy.label Definições de Privacidade !ENTITY torbirdy.prefs.enigmail.label !ENTITY torbirdy.prefs.security.label Configurações de Segurança -!ENTITY torbirdy.prefs.recommended.text +!ENTITY torbirdy.prefs.recommended.text Use as definições de proxy recomendadas para o TorBirdy (Tor) !ENTITY torbirdy.prefs.recommended.key r -!ENTITY torbirdy.prefs.anonservice.text -!ENTITY torbirdy.prefs.anonservice.key +!ENTITY torbirdy.prefs.anonservice.text Escolhe um serviço de anonimização +!ENTITY torbirdy.prefs.anonservice.key a !ENTITY torbirdy.prefs.customsettings.text Utilizar configurações padrão do proxy !ENTITY torbirdy.prefs.customsettings.key P -!ENTITY torbirdy.prefs.socks_host.label -!ENTITY torbirdy.prefs.socks_host.key -!ENTITY torbirdy.prefs.socks_port.label +!ENTITY torbirdy.prefs.socks_host.label Host SOCKS: +!ENTITY torbirdy.prefs.socks_host.key h +!ENTITY torbirdy.prefs.socks_port.label Porta: !ENTITY torbirdy.prefs.socks_port.key P !ENTITY torbirdy.prefs.torification.label -!ENTITY torbirdy.prefs.torification.key -!ENTITY torbirdy.prefs.global -!ENTITY torbirdy.prefs.imap.label +!ENTITY torbirdy.prefs.torification.key t +!ENTITY torbirdy.prefs.global Gobal +!ENTITY torbirdy.prefs.imap.label Ative o suporte para fazer push de email de contas IMAP [por defeito: desativado] !ENTITY torbirdy.prefs.imap.key P !ENTITY torbirdy.prefs.startup_folder.label !ENTITY torbirdy.prefs.startup_folder.key P @@ -45,9 +45,9 @@ !ENTITY torbirdy.prefs.emailwizard.key !ENTITY torbirdy.prefs.renegotiation.label !ENTITY torbirdy.prefs.renegotiation.key r -!ENTITY torbirdy.prefs.account_specific +!ENTITY torbirdy.prefs.account_specific EspecÃfico-da-Conta !ENTITY torbirdy.prefs.select_account.key C -!ENTITY torbirdy.prefs.select_account.label +!ENTITY torbirdy.prefs.select_account.label Escolha uma conta: !ENTITY torbirdy.prefs.enigmail.keyserver.label !ENTITY torbirdy.prefs.enigmail.keyserver.key ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-network-settings] Update translations for tor-launcher-network-settings
commit 4d23e6ba141b8076f14ddb2a516c723d6c87bd66 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:46:37 2013 + Update translations for tor-launcher-network-settings --- pt/network-settings.dtd |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pt/network-settings.dtd b/pt/network-settings.dtd index 31dbb6b..14c440f 100644 --- a/pt/network-settings.dtd +++ b/pt/network-settings.dtd @@ -13,7 +13,7 @@ !ENTITY torSettings.configure !ENTITY torSettings.connectPrompt1 !ENTITY torSettings.connectPrompt2 -!ENTITY torSettings.connect +!ENTITY torSettings.connect Ligar !ENTITY torSettings.proxyQuestion !-- see https://www.torproject.org/docs/proxychain.html.en -- ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-properties] Update translations for tor-launcher-properties
commit ad54d2ef9a92b6da220f9cd5e43330beb9a5a667 Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:46:30 2013 + Update translations for tor-launcher-properties --- pt/torlauncher.properties | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pt/torlauncher.properties b/pt/torlauncher.properties index 9aa2c5f..ca8df01 100644 --- a/pt/torlauncher.properties +++ b/pt/torlauncher.properties @@ -1,7 +1,7 @@ ### Copyright (c) 2013, The Tor Project, Inc. ### See LICENSE for licensing information. -# torlauncher.error_title=Tor Launcher +torlauncher.error_title=Iniciador Tor torlauncher.tor_exited=O Tor fechou-se insperadamente. torlauncher.tor_controlconn_failed=Não foi possÃvel ligar à porta de controlo do Tor. @@ -14,17 +14,17 @@ torlauncher.torrc_missing=O ficheiro está em falta. torlauncher.datadir_missing=A diretoria de dados do Tor não existe. torlauncher.password_hash_missing=Falhou -# torlauncher.failed_to_get_settings=Unable to retrieve Tor settings.\n\n%S -# torlauncher.failed_to_save_settings=Unable to save Tor settings.\n\n%S -# torlauncher.ensure_tor_is_running=Please ensure that Tor is running. +torlauncher.failed_to_get_settings=Incapaz de aceder as definições do Tor\n\n %S +torlauncher.failed_to_save_settings=Incapaz de gavar as definições do Tor\n\n %S +torlauncher.ensure_tor_is_running=Por favor confirme que o Tor está a correr. torlauncher.error_proxy_addr_missing=Deve especificar tanto um endereço IP ou nome do hospedeiro como um número de porta, para configurar o Tor para utilizar um proxy para aceder à Internet. torlauncher.error_proxy_type_missing=Tem de seleccionar o tipo de proxy torlauncher.error_bridges_missing=Deve especificar uma ou mais pontes. -# torlauncher.connect=Connect +torlauncher.connect=Ligar torlauncher.quit=Sair torlauncher.quit_win=Sair torlauncher.done=Completo -# torlauncher.forAssistance=For assistance, contact %S +torlauncher.forAssistance=Para assistência contacte %S ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-properties_completed] Update translations for tor-launcher-properties_completed
commit 4d0ac3d601e6787764c2c301baefc4153657158d Author: Translation commit bot translat...@torproject.org Date: Thu Aug 15 15:46:32 2013 + Update translations for tor-launcher-properties_completed --- pt/torlauncher.properties | 30 ++ 1 file changed, 30 insertions(+) diff --git a/pt/torlauncher.properties b/pt/torlauncher.properties new file mode 100644 index 000..ca8df01 --- /dev/null +++ b/pt/torlauncher.properties @@ -0,0 +1,30 @@ +### Copyright (c) 2013, The Tor Project, Inc. +### See LICENSE for licensing information. + +torlauncher.error_title=Iniciador Tor + +torlauncher.tor_exited=O Tor fechou-se insperadamente. +torlauncher.tor_controlconn_failed=Não foi possÃvel ligar à porta de controlo do Tor. +torlauncher.tor_failed_to_start=O Tor falhou a inicialização. +torlauncher.tor_bootstrap_failed=o Tor não conseguiu ligar-se à rede Tor.\n\n %S + +torlauncher.unable_to_start_tor=ImpossÃvel inicializar o Tor.\n\n %S +torlauncher.tor_missing=O executável do Tor está em falta. +torlauncher.torrc_missing=O ficheiro está em falta. +torlauncher.datadir_missing=A diretoria de dados do Tor não existe. +torlauncher.password_hash_missing=Falhou + +torlauncher.failed_to_get_settings=Incapaz de aceder as definições do Tor\n\n %S +torlauncher.failed_to_save_settings=Incapaz de gavar as definições do Tor\n\n %S +torlauncher.ensure_tor_is_running=Por favor confirme que o Tor está a correr. + +torlauncher.error_proxy_addr_missing=Deve especificar tanto um endereço IP ou nome do hospedeiro como um número de porta, para configurar o Tor para utilizar um proxy para aceder à Internet. +torlauncher.error_proxy_type_missing=Tem de seleccionar o tipo de proxy +torlauncher.error_bridges_missing=Deve especificar uma ou mais pontes. + +torlauncher.connect=Ligar +torlauncher.quit=Sair +torlauncher.quit_win=Sair +torlauncher.done=Completo + +torlauncher.forAssistance=Para assistência contacte %S ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Prepare codebase for the implementation of Extended ORPort auth.
commit 93b9f85d410aba1202b72e169ce386c783136b26
Author: George Kadianakis desnac...@riseup.net
Date: Wed Dec 5 18:38:42 2012 +0200
Prepare codebase for the implementation of Extended ORPort auth.
---
src/or/connection.c | 10 --
src/or/or.h | 28 ++--
2 files changed, 30 insertions(+), 8 deletions(-)
diff --git a/src/or/connection.c b/src/or/connection.c
index ad8e39c..9aea501 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -170,6 +170,12 @@ conn_state_to_string(int type, int state)
break;
case CONN_TYPE_EXT_OR:
switch (state) {
+case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE:
+ return waiting for authentication type;
+case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE:
+ return waiting for client nonce;
+case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH:
+ return waiting for client hash;
case EXT_OR_CONN_STATE_OPEN: return open;
case EXT_OR_CONN_STATE_FLUSHING: return flushing final OKAY;
}
@@ -1398,8 +1404,7 @@ connection_init_accepted_conn(connection_t *conn,
switch (conn-type) {
case CONN_TYPE_EXT_OR:
- conn-state = EXT_OR_CONN_STATE_OPEN;
- break;
+ return connection_ext_or_start_auth(TO_OR_CONN(conn));
case CONN_TYPE_OR:
control_event_or_conn_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
rv = connection_tls_start_handshake(TO_OR_CONN(conn), 1);
@@ -4450,6 +4455,7 @@ assert_connection_ok(connection_t *conn, time_t now)
case CONN_TYPE_OR:
tor_assert(conn-state = OR_CONN_STATE_MIN_);
tor_assert(conn-state = OR_CONN_STATE_MAX_);
+ break;
case CONN_TYPE_EXT_OR:
tor_assert(conn-state = EXT_OR_CONN_STATE_MIN_);
tor_assert(conn-state = EXT_OR_CONN_STATE_MAX_);
diff --git a/src/or/or.h b/src/or/or.h
index e81d7a9..63d137c 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -315,14 +315,24 @@ typedef enum {
#define OR_CONN_STATE_OPEN 8
#define OR_CONN_STATE_MAX_ 8
-/** States of Extended ORPort. */
+/** States of the Extended ORPort protocol. Be careful before changing
+ * the numbers: they matter. */
#define EXT_OR_CONN_STATE_MIN_ 1
-/** Extended ORPort just launched, and is accepting connections. */
-#define EXT_OR_CONN_STATE_OPEN 1
+/** Extended ORPort authentication is waiting for the authentication
+ * type selected by the client. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1
+/** Extended ORPort authentication is waiting for the client nonce. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2
+/** Extended ORPort authentication is waiting for the client hash. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3
+#define EXT_OR_CONN_STATE_AUTH_MAX 3
+/** Authentication finished and the Extended ORPort is now accepting
+ * traffic. */
+#define EXT_OR_CONN_STATE_OPEN 4
/** Extended ORPort is flushing its last messages and preparing to
* start accepting OR connections. */
-#define EXT_OR_CONN_STATE_FLUSHING 2
-#define EXT_OR_CONN_STATE_MAX_ 2
+#define EXT_OR_CONN_STATE_FLUSHING 5
+#define EXT_OR_CONN_STATE_MAX_ 5
#define EXIT_CONN_STATE_MIN_ 1
/** State for an exit connection: waiting for response from DNS farm. */
@@ -1440,6 +1450,9 @@ typedef struct or_connection_t {
char identity_digest[DIGEST_LEN];
/** Extended ORPort connection identifier. */
char *ext_or_conn_id;
+ /** Client hash of the Extended ORPort authentication scheme */
+ char *ext_or_auth_correct_client_hash;
+
char *nickname; /** Nickname of OR on other side (if any). */
tor_tls_t *tls; /** TLS connection state. */
@@ -3771,7 +3784,10 @@ typedef struct {
int CookieAuthentication; /** Boolean: do we enable cookie-based auth for
* the control system? */
- char *CookieAuthFile; /** Location of a cookie authentication file. */
+ char *CookieAuthFile; /** Filesystem location of a ControlPort
+ * authentication cookie. */
+ char *ExtORPortCookieAuthFile; /** Filesystem location of Extended
+ * ORPort authentication cookie. */
int CookieAuthFileGroupReadable; /** Boolean: Is the CookieAuthFile g+r? */
int LeaveStreamsUnattached; /** Boolean: Does Tor attach new streams to
* circuits itself (0), or does it expect a controller
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Create the Extended ORPort authentication cookie file.
commit d303228ecae1d4c5d9a242b12a4546366544a170
Author: George Kadianakis desnac...@riseup.net
Date: Wed Dec 5 18:19:44 2012 +0200
Create the Extended ORPort authentication cookie file.
---
src/or/config.c| 10 --
src/or/connection.c|9 -
src/or/connection_or.c | 92 +---
src/or/connection_or.h |3 ++
src/or/control.c |2 +-
src/or/control.h |2 +-
src/or/transports.c| 20 ++-
7 files changed, 120 insertions(+), 18 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index afdee3d..6dad019 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1474,8 +1474,14 @@ options_act(const or_options_t *old_options)
return -1;
}
- if (init_cookie_authentication(options-CookieAuthentication) 0) {
-log_warn(LD_CONFIG,Error creating cookie authentication file.);
+ if (init_control_auth_cookie_authentication(options-CookieAuthentication)
0) {
+log_warn(LD_CONFIG,Error creating control cookie authentication file.);
+return -1;
+ }
+
+ /* If we have an ExtORPort, initialize its auth cookie. */
+ if (init_ext_or_auth_cookie_authentication(!!options-ExtORPort_lines) 0) {
+log_warn(LD_CONFIG,Error creating Extended ORPort cookie file.);
return -1;
}
diff --git a/src/or/connection.c b/src/or/connection.c
index 130b1ec..ad8e39c 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -592,8 +592,10 @@ connection_free_(connection_t *conn)
log_warn(LD_BUG, called on OR conn with non-zeroed identity_digest);
connection_or_remove_from_identity_map(TO_OR_CONN(conn));
}
- if (conn-type == CONN_TYPE_OR || conn-type == CONN_TYPE_EXT_OR)
+ if (conn-type == CONN_TYPE_OR || conn-type == CONN_TYPE_EXT_OR) {
connection_or_remove_from_ext_or_id_map(TO_OR_CONN(conn));
+tor_free(TO_OR_CONN(conn)-ext_or_conn_id);
+ }
#ifdef USE_BUFFEREVENTS
if (conn-type == CONN_TYPE_OR TO_OR_CONN(conn)-bucket_cfg) {
@@ -4343,6 +4345,7 @@ assert_connection_ok(connection_t *conn, time_t now)
switch (conn-type) {
case CONN_TYPE_OR:
+case CONN_TYPE_EXT_OR:
tor_assert(conn-magic == OR_CONNECTION_MAGIC);
break;
case CONN_TYPE_AP:
@@ -4447,6 +4450,9 @@ assert_connection_ok(connection_t *conn, time_t now)
case CONN_TYPE_OR:
tor_assert(conn-state = OR_CONN_STATE_MIN_);
tor_assert(conn-state = OR_CONN_STATE_MAX_);
+case CONN_TYPE_EXT_OR:
+ tor_assert(conn-state = EXT_OR_CONN_STATE_MIN_);
+ tor_assert(conn-state = EXT_OR_CONN_STATE_MAX_);
break;
case CONN_TYPE_EXIT:
tor_assert(conn-state = EXIT_CONN_STATE_MIN_);
@@ -4580,6 +4586,7 @@ connection_free_all(void)
/* Unlink everything from the identity map. */
connection_or_clear_identity_map();
+ connection_or_clear_ext_or_id_map();
/* Clear out our list of broken connections */
clear_broken_connection_map(0);
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index ec5733f..e6fbb79 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -185,8 +185,10 @@ void
connection_or_remove_from_ext_or_id_map(or_connection_t *conn)
{
or_connection_t *tmp;
- if (!orconn_identity_map)
-orconn_identity_map = digestmap_new();
+ if (!orconn_ext_or_id_map)
+return;
+ if (!conn-ext_or_conn_id)
+return;
tmp = digestmap_remove(orconn_ext_or_id_map, conn-ext_or_conn_id);
if (!tor_digest_is_zero(conn-ext_or_conn_id))
@@ -200,6 +202,7 @@ void
connection_or_clear_ext_or_id_map(void)
{
digestmap_free(orconn_ext_or_id_map, NULL);
+ orconn_ext_or_id_map = NULL;
}
/** Creates an Extended ORPort identifier for bconnb/ and deposits
@@ -214,13 +217,16 @@ connection_or_set_ext_or_identifier(or_connection_t *conn)
orconn_ext_or_id_map = digestmap_new();
/* Remove any previous identifiers: */
- if (!tor_digest_is_zero(conn-ext_or_conn_id))
+ if (conn-ext_or_conn_id !tor_digest_is_zero(conn-ext_or_conn_id))
connection_or_remove_from_ext_or_id_map(conn);
do {
crypto_rand(random_id, sizeof(random_id));
} while (digestmap_get(orconn_ext_or_id_map, random_id));
+ if (!conn-ext_or_conn_id)
+conn-ext_or_conn_id = tor_malloc_zero(EXT_OR_CONN_ID_LEN);
+
memcpy(conn-ext_or_conn_id, random_id, EXT_OR_CONN_ID_LEN);
tmp = digestmap_set(orconn_ext_or_id_map, random_id, conn);
@@ -2484,7 +2490,75 @@ connection_ext_or_transition(or_connection_t *conn)
connection_tls_start_handshake(conn, 1);
}
-#define EXT_OR_CMD_WANT_CONTROL 0x0003
+/** DOCDOCDOC */
+#define EXT_OR_PORT_AUTH_COOKIE_LEN 32
+#define EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN 32
+#define EXT_OR_PORT_AUTH_COOKIE_FILE_LEN
EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN
+#define EXT_OR_PORT_AUTH_COOKIE_HEADER ! Extended ORPort Auth Cookie !\x0a
+
+/** If true, we've set ext_or_auth_cookie to a secret code and stored
+ * it to disk. */
+static int ext_or_auth_cookie_is_set = 0;
+/** If
[tor-commits] [tor/master] More Extended ORPort code improvements.
commit c46f1b810dab79514d650f44ccf21ca4d24a20d5
Author: George Kadianakis desnac...@riseup.net
Date: Wed Dec 5 19:19:24 2012 +0200
More Extended ORPort code improvements.
* Change name of init_ext_or_auth_cookie_authentication().
* Add a small comment.
---
src/or/config.c |2 +-
src/or/connection.c |1 +
src/or/ext_orport.c |2 +-
src/or/ext_orport.h |2 +-
4 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index 542191d..9c1505c 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1481,7 +1481,7 @@ options_act(const or_options_t *old_options)
}
/* If we have an ExtORPort, initialize its auth cookie. */
- if (init_ext_or_auth_cookie_authentication(!!options-ExtORPort_lines) 0) {
+ if (init_ext_or_cookie_authentication(!!options-ExtORPort_lines) 0) {
log_warn(LD_CONFIG,Error creating Extended ORPort cookie file.);
return -1;
}
diff --git a/src/or/connection.c b/src/or/connection.c
index fcdc9ab..6f66f79 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1406,6 +1406,7 @@ connection_init_accepted_conn(connection_t *conn,
switch (conn-type) {
case CONN_TYPE_EXT_OR:
+ /* Initiate Extended ORPort authentication. */
return connection_ext_or_start_auth(TO_OR_CONN(conn));
case CONN_TYPE_OR:
control_event_or_conn_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 18ee5ab..f44a3f5 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -128,7 +128,7 @@ get_ext_or_auth_cookie_file(void)
* authorized to use the control connection. Return -1 if we can't
* write the file, or 0 on success. */
int
-init_ext_or_auth_cookie_authentication(int is_enabled)
+init_ext_or_cookie_authentication(int is_enabled)
{
char *fname;
char cookie_file_string[EXT_OR_PORT_AUTH_COOKIE_FILE_LEN];
diff --git a/src/or/ext_orport.h b/src/or/ext_orport.h
index fbd7ed6..a7038b9 100644
--- a/src/or/ext_orport.h
+++ b/src/or/ext_orport.h
@@ -9,6 +9,6 @@ void connection_or_clear_ext_or_id_map(void);
int connection_ext_or_finished_flushing(or_connection_t *conn);
int connection_ext_or_process_inbuf(or_connection_t *or_conn);
-int init_ext_or_auth_cookie_authentication(int is_enabled);
+int init_ext_or_cookie_authentication(int is_enabled);
char *get_ext_or_auth_cookie_file(void);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Implement Extended ORPort authentication.
commit 4a55e39997a9fbe5a5b03432bd85140ed193eb93
Author: George Kadianakis desnac...@riseup.net
Date: Wed Dec 5 18:39:21 2012 +0200
Implement Extended ORPort authentication.
---
src/or/connection_or.c | 244 +++-
src/or/connection_or.h |2 +
2 files changed, 243 insertions(+), 3 deletions(-)
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index e6fbb79..db2ac9f 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2495,6 +2495,10 @@ connection_ext_or_transition(or_connection_t *conn)
#define EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN 32
#define EXT_OR_PORT_AUTH_COOKIE_FILE_LEN
EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN
#define EXT_OR_PORT_AUTH_COOKIE_HEADER ! Extended ORPort Auth Cookie !\x0a
+#define EXT_OR_PORT_AUTH_HASH_LEN DIGEST256_LEN
+#define EXT_OR_PORT_AUTH_NONCE_LEN 32
+#define EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST ExtORPort authentication
server-to-client hash
+#define EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST ExtORPort authentication
client-to-server hash
/** If true, we've set ext_or_auth_cookie to a secret code and stored
* it to disk. */
@@ -2569,6 +2573,194 @@ init_ext_or_auth_cookie_authentication(int is_enabled)
#define EXT_OR_CMD_BT_DENY 0x1001
#define EXT_OR_CMD_BT_CONTROL 0x1002
+/** DOCDOCDOC
+Return -1 on error. 0 on unsufficient data. 1 on correct.
+*/
+static int
+connection_ext_or_auth_neg_auth_type(connection_t *conn) /* XXX unit tests */
+{
+ char authtype[1] = {0};
+
+ if (connection_get_inbuf_len(conn) 1)
+return 0;
+
+ if (connection_fetch_from_buf(authtype, 1, conn) 0)
+return -1;
+
+ log_warn(LD_GENERAL, Client wants us to use %d auth type, authtype[0]);
+ if (authtype[0] != 1) /* '1' is the only auth type supported atm */
+return -1;
+
+ conn-state = EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE; /* XXX maybe do
state transition in process_inbuf ? */
+ return 1;
+}
+
+static int
+connection_ext_or_auth_handle_client_nonce(connection_t *conn)
+{
+ char server_hash[EXT_OR_PORT_AUTH_HASH_LEN] = {0};
+ char client_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
+ char server_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
+ char reply[EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
+
+ if (!ext_or_auth_cookie_is_set) { /* this should not happen */
+log_warn(LD_BUG, Extended ORPort authentication cookie was not set.
+ That's weird since we should have done that on startup.
+ This might be a Tor bug, please file a bug report. );
+return -1;
+ }
+
+ if (connection_get_inbuf_len(conn) EXT_OR_PORT_AUTH_NONCE_LEN)
+return 0;
+
+ if (connection_fetch_from_buf(client_nonce, EXT_OR_PORT_AUTH_NONCE_LEN,
conn) 0) /* XXX check-spaces */
+return -1;
+
+ /* Get our nonce */
+ if (crypto_rand(server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN) 0)
+return -1;
+
+ { /* set up macs */
+size_t hmac_s_msg_len = strlen(EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST) +
+ 2*EXT_OR_PORT_AUTH_NONCE_LEN;
+size_t hmac_c_msg_len = strlen(EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST) +
+ 2*EXT_OR_PORT_AUTH_NONCE_LEN;
+
+char *hmac_s_msg = tor_malloc_zero(hmac_s_msg_len);
+char *hmac_c_msg = tor_malloc_zero(hmac_c_msg_len);
+char *correct_client_hash = tor_malloc_zero(EXT_OR_PORT_AUTH_HASH_LEN);
+
+memcpy(hmac_s_msg,
+ EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST,
+ strlen(EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST));
+memcpy(hmac_s_msg + strlen(EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST),
+ client_nonce, EXT_OR_PORT_AUTH_NONCE_LEN);
+memcpy(hmac_s_msg + strlen(EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST) +
+ EXT_OR_PORT_AUTH_NONCE_LEN,
+ server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN);
+
+memcpy(hmac_c_msg,
+ EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST,
+ strlen(EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST));
+memcpy(hmac_c_msg + strlen(EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST),
+ client_nonce, EXT_OR_PORT_AUTH_NONCE_LEN);
+memcpy(hmac_c_msg + strlen(EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST) +
+ EXT_OR_PORT_AUTH_NONCE_LEN,
+ server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN);
+
+crypto_hmac_sha256(server_hash,
+ ext_or_auth_cookie,
+ EXT_OR_PORT_AUTH_COOKIE_LEN,
+ hmac_s_msg,
+ hmac_s_msg_len);
+
+crypto_hmac_sha256(correct_client_hash,
+ ext_or_auth_cookie,
+ EXT_OR_PORT_AUTH_COOKIE_LEN,
+ hmac_c_msg,
+ hmac_c_msg_len);
+
+/* Store the client hash we generated. We will need to compare it
+ with the hash sent by the client. */
+TO_OR_CONN(conn)-ext_or_auth_correct_client_hash = correct_client_hash;
+
+tor_free(hmac_s_msg);
+tor_free(hmac_c_msg);
+ }
+
+ { /* debug logging */ /* XXX disable this codepath if not logging
[tor-commits] [tor/master] Move Extended ORPort code to its own module.
commit d8f74cc439ad025cc52aea8495705096d6538029
Author: George Kadianakis desnac...@riseup.net
Date: Wed Dec 5 19:18:18 2012 +0200
Move Extended ORPort code to its own module.
Move the code from the connection_or module to ext_orport.
This commit only moves code: it shouldn't modify anything.
---
src/or/buffers.c |1 +
src/or/config.c|1 +
src/or/connection.c|1 +
src/or/connection_or.c | 524 +-
src/or/connection_or.h | 14 --
src/or/ext_orport.c| 537
src/or/ext_orport.h| 14 ++
src/or/include.am |2 +
src/or/transports.c|1 +
9 files changed, 558 insertions(+), 537 deletions(-)
diff --git a/src/or/buffers.c b/src/or/buffers.c
index ead6baa..50016d3 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -19,6 +19,7 @@
#include connection_or.h
#include control.h
#include reasons.h
+#include ext_orport.h
#include ../common/util.h
#include ../common/torlog.h
#ifdef HAVE_UNISTD_H
diff --git a/src/or/config.c b/src/or/config.c
index 19da45a..542191d 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -45,6 +45,7 @@
#include routerset.h
#include statefile.h
#include transports.h
+#include ext_orport.h
#ifdef _WIN32
#include shlobj.h
#endif
diff --git a/src/or/connection.c b/src/or/connection.c
index a2719e9..fcdc9ab 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -33,6 +33,7 @@
#include dns.h
#include dnsserv.h
#include entrynodes.h
+#include ext_orport.h
#include geoip.h
#include main.h
#include policies.h
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index d6d74a7..42127ad 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -37,7 +37,7 @@
#include rephist.h
#include router.h
#include routerlist.h
-
+#include ext_orport.h
#ifdef USE_BUFFEREVENTS
#include event2/bufferevent_ssl.h
#endif
@@ -482,24 +482,6 @@ var_cell_free(var_cell_t *cell)
tor_free(cell);
}
-/** Allocate and return a structure capable of holding an Extended
- * ORPort message of body length blen/b. */
-ext_or_cmd_t *
-ext_or_cmd_new(uint16_t len)
-{
- size_t size = STRUCT_OFFSET(ext_or_cmd_t, body) + len;
- ext_or_cmd_t *cmd = tor_malloc(size);
- cmd-len = len;
- return cmd;
-}
-
-/** Deallocate the Extended ORPort message in bcmd/b. */
-void
-ext_or_cmd_free(ext_or_cmd_t *cmd)
-{
- tor_free(cmd);
-}
-
/** We've received an EOF from bconn/b. Mark it for close and return. */
int
connection_or_reached_eof(or_connection_t *conn)
@@ -2442,507 +2424,3 @@ connection_or_send_authenticate_cell(or_connection_t
*conn, int authtype)
return 0;
}
-
-/** Get an Extended ORPort message from bconn/b, and place it in
- * bout/b. Return -1 on fail, 0 if we need more data, and 1 if we
- * successfully extracted an Extended ORPort command from the
- * buffer. */
-static int
-connection_fetch_ext_or_cmd_from_buf(connection_t *conn, ext_or_cmd_t **out)
-{
- IF_HAS_BUFFEREVENT(conn, {
-struct evbuffer *input = bufferevent_get_input(conn-bufev);
-return fetch_ext_or_command_from_evbuffer(input, out);
- }) ELSE_IF_NO_BUFFEREVENT {
-return fetch_ext_or_command_from_buf(conn-inbuf, out);
- }
-}
-
-/** Write an Extended ORPort message to bconn/b. Use
- * bcommand/b as the command type, bbodylen/b as the body
- * length, and bbody/b, if it's present, as the body of the
- * message. */
-static int
-connection_write_ext_or_command(connection_t *conn,
-uint16_t command,
-const char *body,
-size_t bodylen)
-{
- char header[4];
- if (bodylen UINT16_MAX)
-return -1;
- set_uint16(header, htons(command));
- set_uint16(header+2, htons(bodylen));
- connection_write_to_buf(header, 4, conn);
- if (bodylen) {
-tor_assert(body);
-connection_write_to_buf(body, bodylen, conn);
- }
- return 0;
-}
-
-/** Transition from an Extended ORPort which accepts Extended ORPort
- * messages, to an Extended ORport which accepts OR traffic. */
-static void
-connection_ext_or_transition(or_connection_t *conn)
-{
- tor_assert(conn-base_.type == CONN_TYPE_EXT_OR);
-
- conn-base_.type = CONN_TYPE_OR;
- control_event_or_conn_status(conn, OR_CONN_EVENT_NEW, 0);
- connection_tls_start_handshake(conn, 1);
-}
-
-/** Length of authentication cookie. */
-#define EXT_OR_PORT_AUTH_COOKIE_LEN 32
-/** Length of the header of the cookie file. */
-#define EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN 32
-/** Total length of the cookie file. */
-#define EXT_OR_PORT_AUTH_COOKIE_FILE_LEN \
- EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN
-/** Static cookie file header. */
-#define EXT_OR_PORT_AUTH_COOKIE_HEADER ! Extended ORPort Auth Cookie !\x0a
-/** Length of safe-cookie protocol hashes. */
-#define EXT_OR_PORT_AUTH_HASH_LEN DIGEST256_LEN
-/** Length of safe-cookie protocol nonces. */
-#define
[tor-commits] [tor/master] Skeleton ExtORPort implementation. Needs testing, documentation.
commit 8bf0382b220b31605fb5a542f36a842bdd7a6ed0
Author: Nick Mathewson ni...@torproject.org
Date: Fri Mar 16 09:40:44 2012 -0400
Skeleton ExtORPort implementation. Needs testing, documentation.
Does not implement TransportControlPort yet.
---
src/or/buffers.c | 48
src/or/buffers.h |4 +
src/or/config.c|9 +++
src/or/connection.c| 39 +-
src/or/connection.h|2 +-
src/or/connection_or.c | 202 +++-
src/or/connection_or.h |9 +++
src/or/or.h| 31 +++-
8 files changed, 334 insertions(+), 10 deletions(-)
diff --git a/src/or/buffers.c b/src/or/buffers.c
index cc58904..a79d17b 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1702,6 +1702,54 @@ fetch_from_evbuffer_socks(struct evbuffer *buf,
socks_request_t *req,
}
#endif
+/*DOCDOC*/
+#define EXT_OR_CMD_HEADER_SIZE 4
+/*DOCDOC*/
+int
+fetch_ext_or_command_from_buf(buf_t *buf, ext_or_cmd_t **out)
+{
+ char hdr[EXT_OR_CMD_HEADER_SIZE];
+ uint16_t len;
+
+ check();
+ if (buf-datalen EXT_OR_CMD_HEADER_SIZE)
+return 0;
+ peek_from_buf(hdr, sizeof(hdr), buf);
+ len = ntohs(get_uint16(hdr+2));
+ if (buf-datalen (unsigned)len + EXT_OR_CMD_HEADER_SIZE)
+return 0;
+ *out = ext_or_cmd_new(len);
+ (*out)-cmd = ntohs(get_uint16(hdr));
+ (*out)-len = len;
+ buf_remove_from_front(buf, EXT_OR_CMD_HEADER_SIZE);
+ fetch_from_buf((*out)-body, len, buf);
+ return 1;
+}
+
+#ifdef USE_BUFFEREVENTS
+/*DOCDOC*/
+int
+fetch_ext_or_command_from_evbuffer(struct evbuffer *buf, ext_or_cmd_t **out)
+{
+ char hdr[EXT_OR_CMD_HEADER_SIZE];
+ uint16_t len;
+ size_t buf_len = evbuffer_get_length(buf);
+
+ if (buf_len EXT_OR_CMD_HEADER_SIZE)
+return 0;
+ evbuffer_copyout(buf, hdr, EXT_OR_CMD_HEADER_SIZE);
+ len = ntohs(get_uint16(hdr+2));
+ if (buf_len (unsigned)len + EXT_OR_CMD_HEADER_SIZE)
+return 0;
+ *out = ext_or_cmd_new(len);
+ (*out)-cmd = ntohs(get_uint16(hdr));
+ (*out)-len = len;
+ evbuffer_drain(buf, EXT_OR_CMD_HEADER_SIZE);
+ evbuffer_remove(buf, (*out)-body, len);
+ return 1;
+}
+#endif
+
/** Implementation helper to implement fetch_from_*_socks. Instead of looking
* at a buffer's contents, we look at the bdatalen/b bytes of data in
* bdata/b. Instead of removing data from the buffer, we set
diff --git a/src/or/buffers.h b/src/or/buffers.h
index 910494a..50ac3dc 100644
--- a/src/or/buffers.h
+++ b/src/or/buffers.h
@@ -53,6 +53,8 @@ int fetch_from_buf_line(buf_t *buf, char *data_out, size_t
*data_len);
int peek_buf_has_control0_command(buf_t *buf);
+int fetch_ext_or_command_from_buf(buf_t *buf, ext_or_cmd_t **out);
+
#ifdef USE_BUFFEREVENTS
int fetch_var_cell_from_evbuffer(struct evbuffer *buf, var_cell_t **out,
int linkproto);
@@ -68,6 +70,8 @@ int peek_evbuffer_has_control0_command(struct evbuffer *buf);
int write_to_evbuffer_zlib(struct evbuffer *buf, tor_zlib_state_t *state,
const char *data, size_t data_len,
int done);
+int fetch_ext_or_command_from_evbuffer(struct evbuffer *buf,
+ ext_or_cmd_t **out);
#endif
#ifdef USE_BUFFEREVENTS
diff --git a/src/or/config.c b/src/or/config.c
index 2218e50..afdee3d 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -230,6 +230,7 @@ static config_var_t option_vars_[] = {
V(ExitPolicyRejectPrivate, BOOL, 1),
V(ExitPortStatistics, BOOL, 0),
V(ExtendAllowPrivateAddresses, BOOL, 0),
+ VPORT(ExtORPort, LINELIST, NULL),
V(ExtraInfoStatistics, BOOL, 1),
V(FallbackDir, LINELIST, NULL),
@@ -5688,6 +5689,14 @@ parse_ports(or_options_t *options, int validate_only,
goto err;
}
if (parse_port_config(ports,
+ options-ExtORPort_lines, NULL,
+ ExtOR, CONN_TYPE_EXT_OR_LISTENER,
+ 127.0.0.1, 0,
+ CL_PORT_SERVER_OPTIONS) 0) {
+ *msg = tor_strdup(Invalid ExtORPort configuration);
+ goto err;
+}
+if (parse_port_config(ports,
options-DirPort_lines, options-DirListenAddress,
Dir, CONN_TYPE_DIR_LISTENER,
0.0.0.0, 0,
diff --git a/src/or/connection.c b/src/or/connection.c
index 6a3cc7b..130b1ec 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -98,6 +98,7 @@ static smartlist_t *outgoing_addrs = NULL;
#define CASE_ANY_LISTENER_TYPE \
case CONN_TYPE_OR_LISTENER: \
+case CONN_TYPE_EXT_OR_LISTENER: \
case CONN_TYPE_AP_LISTENER: \
case CONN_TYPE_DIR_LISTENER: \
case CONN_TYPE_CONTROL_LISTENER: \
@@ -129,6 +130,8 @@ conn_type_to_string(int type)
case CONN_TYPE_CPUWORKER: return CPU worker;
case CONN_TYPE_CONTROL_LISTENER: return Control listener;
case CONN_TYPE_CONTROL:
[tor-commits] [tor/master] Move USERADDR handling to a dedicated function.
commit 85b7c73168eee63d81b4c1c9205e345d7aa8e773
Author: George Kadianakis desnac...@riseup.net
Date: Sun Nov 25 16:26:16 2012 +0200
Move USERADDR handling to a dedicated function.
---
src/or/connection_or.c | 98 +---
1 file changed, 52 insertions(+), 46 deletions(-)
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index db2ac9f..4139670 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2564,15 +2564,6 @@ init_ext_or_auth_cookie_authentication(int is_enabled)
return 0;
}
-/** Extended ORPort commands (Transport-to-Bridge) */
-#define EXT_OR_CMD_TB_DONE 0x
-#define EXT_OR_CMD_TB_USERADDR 0x0001
-
-/** Extended ORPort commands (Bridge-to-Transport) */
-#define EXT_OR_CMD_BT_OKAY 0x1000
-#define EXT_OR_CMD_BT_DENY 0x1001
-#define EXT_OR_CMD_BT_CONTROL 0x1002
-
/** DOCDOCDOC
Return -1 on error. 0 on unsufficient data. 1 on correct.
*/
@@ -2761,6 +2752,57 @@ connection_ext_or_auth_process_inbuf(or_connection_t
*or_conn)
}
}
+/** Extended ORPort commands (Transport-to-Bridge) */
+#define EXT_OR_CMD_TB_DONE 0x
+#define EXT_OR_CMD_TB_USERADDR 0x0001
+
+/** Extended ORPort commands (Bridge-to-Transport) */
+#define EXT_OR_CMD_BT_OKAY 0x1000
+#define EXT_OR_CMD_BT_DENY 0x1001
+#define EXT_OR_CMD_BT_CONTROL 0x1002
+
+static int
+connection_ext_or_handle_useraddr(connection_t *conn, char *payload, uint16_t
len)
+{
+ /* Copy address string. */
+ tor_addr_t addr;
+ uint16_t port;
+ char *addr_str;
+ char *address_part=NULL;
+ int res;
+ addr_str = tor_malloc(len + 1);
+ memcpy(addr_str, payload, len);
+ addr_str[len] = 0;
+
+ res = tor_addr_port_split(LOG_INFO, addr_str, address_part, port);
+ tor_free(addr_str);
+ if (res0)
+return -1;
+
+ res = tor_addr_parse(addr, address_part);
+ tor_free(address_part);
+ if (res0)
+return -1;
+
+ { /* do some logging */
+char *old_address = tor_dup_addr(conn-addr);
+char *new_address = tor_dup_addr(addr);
+
+log_warn(LD_NET, Received USERADDR. /* XXX FIX ALL LOG SEVERITIES AND
MESSAGES */
+ We rewrite our address from '%s:%u' to '%s:%u'.,
+ safe_str(old_address), conn-port, safe_str(new_address), port);
+
+tor_free(old_address);
+tor_free(new_address);
+ }
+
+ /* record the address */
+ tor_addr_copy(conn-addr, addr);
+ conn-port = port;
+
+ return 0;
+}
+
/** Process Extended ORPort messages from bor_conn/b. */
int
connection_ext_or_process_inbuf(or_connection_t *or_conn)
@@ -2810,44 +2852,8 @@ connection_ext_or_process_inbuf(or_connection_t *or_conn)
conn-state = EXT_OR_CONN_STATE_FLUSHING;
connection_stop_reading(conn);
} else if (command-cmd == EXT_OR_CMD_TB_USERADDR) {
- /* XXX Put this in a function of its own. We need to empasize
- that we change the address and port of this connection. */
-
- /* Copy address string. */
- tor_addr_t addr;
- uint16_t port;
- char *addr_str;
- char *address_part=NULL;
- int res;
- addr_str = tor_malloc(command-len + 1);
- memcpy(addr_str, command-body, command-len);
- addr_str[command-len] = 0;
-
- res = tor_addr_port_split(LOG_INFO, addr_str, address_part, port);
- tor_free(addr_str);
- if (res0)
-goto err;
-
- res = tor_addr_parse(addr, address_part);
- tor_free(address_part);
- if (res0)
+ if (connection_ext_or_handle_useraddr(conn, command-body, command-len)
0)
goto err;
-
- {
-char *old_address = tor_dup_addr(conn-addr);
-char *new_address = tor_dup_addr(addr);
-
-log_warn(LD_NET, Received USERADDR. /* XXX FIX ALL LOG SEVERITIES
AND MESSAGES */
- We rewrite our address from '%s:%u' to '%s:%u'.,
- safe_str(old_address), conn-port, safe_str(new_address),
port);
-
-tor_free(old_address);
-tor_free(new_address);
- }
-
- /* record the address */
- tor_addr_copy(conn-addr, addr);
- conn-port = port;
} else {
log_notice(LD_NET, Got an Extended ORPort command we don't understand
(%u).,
command-cmd);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Satisfy check-spaces.
commit 2207525a69702a13ad0b3c0346b8c3fdb90824c0
Author: George Kadianakis desnac...@riseup.net
Date: Wed Dec 5 19:16:04 2012 +0200
Satisfy check-spaces.
---
src/or/config.c|2 +-
src/or/connection_or.c | 41 ++---
src/or/control.c |2 +-
src/or/control.h |2 +-
src/or/transports.c|3 ++-
5 files changed, 31 insertions(+), 19 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index 6dad019..19da45a 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1474,7 +1474,7 @@ options_act(const or_options_t *old_options)
return -1;
}
- if (init_control_auth_cookie_authentication(options-CookieAuthentication)
0) {
+ if (init_control_cookie_authentication(options-CookieAuthentication) 0) {
log_warn(LD_CONFIG,Error creating control cookie authentication file.);
return -1;
}
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 089bb06..d6d74a7 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2498,7 +2498,8 @@ connection_ext_or_transition(or_connection_t *conn)
/** Length of the header of the cookie file. */
#define EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN 32
/** Total length of the cookie file. */
-#define EXT_OR_PORT_AUTH_COOKIE_FILE_LEN
EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN
+#define EXT_OR_PORT_AUTH_COOKIE_FILE_LEN \
+ EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN
/** Static cookie file header. */
#define EXT_OR_PORT_AUTH_COOKIE_HEADER ! Extended ORPort Auth Cookie !\x0a
/** Length of safe-cookie protocol hashes. */
@@ -2506,8 +2507,10 @@ connection_ext_or_transition(or_connection_t *conn)
/** Length of safe-cookie protocol nonces. */
#define EXT_OR_PORT_AUTH_NONCE_LEN 32
/** Safe-cookie protocol constants. */
-#define EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST ExtORPort authentication
server-to-client hash
-#define EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST ExtORPort authentication
client-to-server hash
+#define EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST \
+ ExtORPort authentication server-to-client hash
+#define EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST \
+ ExtORPort authentication client-to-server hash
/** If true, we've set ext_or_auth_cookie to a secret code and stored
* it to disk. */
@@ -2523,7 +2526,8 @@ char *
get_ext_or_auth_cookie_file(void)
{
const or_options_t *options = get_options();
- if (options-ExtORPortCookieAuthFile
strlen(options-ExtORPortCookieAuthFile)) {
+ if (options-ExtORPortCookieAuthFile
+ strlen(options-ExtORPortCookieAuthFile)) {
return tor_strdup(options-ExtORPortCookieAuthFile);
} else {
return get_datadir_fname(extended_orport_auth_cookie);
@@ -2554,7 +2558,8 @@ init_ext_or_auth_cookie_authentication(int is_enabled)
return -1;
ext_or_auth_cookie_is_set = 1;
- memcpy(cookie_file_string, EXT_OR_PORT_AUTH_COOKIE_HEADER,
EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN);
+ memcpy(cookie_file_string, EXT_OR_PORT_AUTH_COOKIE_HEADER,
+ EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN);
memcpy(cookie_file_string+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
ext_or_auth_cookie, EXT_OR_PORT_AUTH_COOKIE_LEN);
@@ -2624,7 +2629,8 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
if (connection_get_inbuf_len(conn) EXT_OR_PORT_AUTH_NONCE_LEN)
return 0;
- if (connection_fetch_from_buf(client_nonce, EXT_OR_PORT_AUTH_NONCE_LEN,
conn) 0) /* XXX check-spaces */
+ if (connection_fetch_from_buf(client_nonce,
+EXT_OR_PORT_AUTH_NONCE_LEN, conn) 0) /* XXX
check-spaces */
return -1;
/* Get our nonce */
@@ -2679,7 +2685,7 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
tor_free(hmac_c_msg);
}
- { /* debug logging */ /* XXX disable this codepath if not logging on debug?
*/
+ { /* debug logging */ /* XXX disable this codepath if not logging on debug?*/
char server_hash_encoded[(2*EXT_OR_PORT_AUTH_HASH_LEN) + 1];
char server_nonce_encoded[(2*EXT_OR_PORT_AUTH_NONCE_LEN) + 1];
char client_nonce_encoded[(2*EXT_OR_PORT_AUTH_NONCE_LEN) + 1];
@@ -2691,13 +2697,15 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
base16_encode(client_nonce_encoded, sizeof(client_nonce_encoded),
client_nonce, sizeof(client_nonce));
-log_warn(LD_GENERAL, server_hash: '%s'\nserver_nonce: '%s'\nclient_nonce:
'%s',
+log_warn(LD_GENERAL,
+ server_hash: '%s'\nserver_nonce: '%s'\nclient_nonce: '%s',
server_hash_encoded, server_nonce_encoded, client_nonce_encoded);
}
{ /* write reply: (server_hash, server_nonce) */
memcpy(reply, server_hash, EXT_OR_PORT_AUTH_HASH_LEN);
-memcpy(reply + EXT_OR_PORT_AUTH_HASH_LEN, server_nonce,
EXT_OR_PORT_AUTH_NONCE_LEN);
+memcpy(reply + EXT_OR_PORT_AUTH_HASH_LEN, server_nonce,
+ EXT_OR_PORT_AUTH_NONCE_LEN);
connection_write_to_buf(reply, sizeof(reply),
[tor-commits] [tor/master] Various Extended ORPort code improvements.
commit e2e0d09dab0490724555d5c67c2a1d27fd5199c4
Author: George Kadianakis desnac...@riseup.net
Date: Wed Dec 5 19:15:28 2012 +0200
Various Extended ORPort code improvements.
* Add documentation.
* Free ext_or_auth_correct_client_hash.
* Use VPORT(ExtORPort) instead of V(ExtORPOrt).
See dfe03d36c8749eb07e9bb2ea47e88ff05e9e3127 for details.
---
src/or/connection.c|1 +
src/or/connection_or.c | 67 +---
src/or/transports.c|2 +-
3 files changed, 54 insertions(+), 16 deletions(-)
diff --git a/src/or/connection.c b/src/or/connection.c
index 9aea501..a2719e9 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -601,6 +601,7 @@ connection_free_(connection_t *conn)
if (conn-type == CONN_TYPE_OR || conn-type == CONN_TYPE_EXT_OR) {
connection_or_remove_from_ext_or_id_map(TO_OR_CONN(conn));
tor_free(TO_OR_CONN(conn)-ext_or_conn_id);
+tor_free(TO_OR_CONN(conn)-ext_or_auth_correct_client_hash);
}
#ifdef USE_BUFFEREVENTS
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 4139670..089bb06 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -179,8 +179,8 @@ connection_or_set_identity_digest(or_connection_t *conn,
const char *digest)
}
/** Remove the Extended ORPort identifier of bconn/b from the
-global identifier list. Also, clear the identifier from the
-connection itself. */
+ * global identifier list. Also, clear the identifier from the
+ * connection itself. */
void
connection_or_remove_from_ext_or_id_map(or_connection_t *conn)
{
@@ -2443,7 +2443,10 @@ connection_or_send_authenticate_cell(or_connection_t
*conn, int authtype)
return 0;
}
-/** Get an Extended ORPort message from bconn/b, and place it in
bout/b. */
+/** Get an Extended ORPort message from bconn/b, and place it in
+ * bout/b. Return -1 on fail, 0 if we need more data, and 1 if we
+ * successfully extracted an Extended ORPort command from the
+ * buffer. */
static int
connection_fetch_ext_or_cmd_from_buf(connection_t *conn, ext_or_cmd_t **out)
{
@@ -2490,13 +2493,19 @@ connection_ext_or_transition(or_connection_t *conn)
connection_tls_start_handshake(conn, 1);
}
-/** DOCDOCDOC */
+/** Length of authentication cookie. */
#define EXT_OR_PORT_AUTH_COOKIE_LEN 32
+/** Length of the header of the cookie file. */
#define EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN 32
+/** Total length of the cookie file. */
#define EXT_OR_PORT_AUTH_COOKIE_FILE_LEN
EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN
+/** Static cookie file header. */
#define EXT_OR_PORT_AUTH_COOKIE_HEADER ! Extended ORPort Auth Cookie !\x0a
+/** Length of safe-cookie protocol hashes. */
#define EXT_OR_PORT_AUTH_HASH_LEN DIGEST256_LEN
+/** Length of safe-cookie protocol nonces. */
#define EXT_OR_PORT_AUTH_NONCE_LEN 32
+/** Safe-cookie protocol constants. */
#define EXT_OR_PORT_AUTH_SERVER_TO_CLIENT_CONST ExtORPort authentication
server-to-client hash
#define EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST ExtORPort authentication
client-to-server hash
@@ -2541,14 +2550,15 @@ init_ext_or_auth_cookie_authentication(int is_enabled)
if (ext_or_auth_cookie_is_set)
return 0; /* all set */
- fname = get_ext_or_auth_cookie_file();
- crypto_rand(ext_or_auth_cookie, EXT_OR_PORT_AUTH_COOKIE_LEN);
+ if (crypto_rand(ext_or_auth_cookie, EXT_OR_PORT_AUTH_COOKIE_LEN) 0)
+return -1;
ext_or_auth_cookie_is_set = 1;
memcpy(cookie_file_string, EXT_OR_PORT_AUTH_COOKIE_HEADER,
EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN);
memcpy(cookie_file_string+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
ext_or_auth_cookie, EXT_OR_PORT_AUTH_COOKIE_LEN);
+ fname = get_ext_or_auth_cookie_file();
if (write_bytes_to_file(fname, cookie_file_string,
EXT_OR_PORT_AUTH_COOKIE_FILE_LEN, 1)) {
log_warn(LD_FS,Error writing authentication cookie to %s.,
@@ -2564,11 +2574,15 @@ init_ext_or_auth_cookie_authentication(int is_enabled)
return 0;
}
-/** DOCDOCDOC
-Return -1 on error. 0 on unsufficient data. 1 on correct.
-*/
+/** Read data from bconn/b and see if the client sent us the
+ * authentication type that she prefers to use in this session.
+ *
+ * Return -1 if we received corrupted data or if we don't support the
+ * authentication type. Return 0 if we need more data in
+ * bconn/b. Return 1 if the authentication type negotiation was
+ * successful. */
static int
-connection_ext_or_auth_neg_auth_type(connection_t *conn) /* XXX unit tests */
+connection_ext_or_auth_neg_auth_type(connection_t *conn)
{
char authtype[1] = {0};
@@ -2582,10 +2596,16 @@ connection_ext_or_auth_neg_auth_type(connection_t
*conn) /* XXX unit tests */
if (authtype[0] != 1) /* '1' is the only auth type supported atm */
return -1;
- conn-state = EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE; /* XXX maybe do
state transition in process_inbuf ? */
+ conn-state =
[tor-commits] [tor/master] Trivially change unittests to make them more readable.
commit 85c556a4c265f6ce9587c46d0040f57cb09618bc
Author: George Kadianakis desnac...@riseup.net
Date: Sat Jun 29 14:46:45 2013 +0300
Trivially change unittests to make them more readable.
Pluggable transport names are now in alphabetical order like they
appear in the bridge-ip-transports string.
---
src/test/test.c | 22 +++---
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/test/test.c b/src/test/test.c
index cf4febf..822f93a 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1916,38 +1916,38 @@ test_geoip_with_pt(void)
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now-7200);
}
- /* 9 connections with when */
+ /* 9 connections with alpha */
for (i=4; i 13; ++i) {
SET_TEST_ADDRESS(i);
-geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, when, now-7200);
+geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, alpha, now-7200);
}
- /* one connection with I */
+ /* one connection with beta */
SET_TEST_ADDRESS(13);
- geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, I, now-7200);
+ geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, beta, now-7200);
- /* 14 connections with was */
+ /* 14 connections with charlie */
for (i=14; i 28; ++i) {
SET_TEST_ADDRESS(i);
-geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, was, now-7200);
+geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, charlie, now-7200);
}
- /* 131 connections with a */
+ /* 131 connections with ddr */
for (i=28; i 159; ++i) {
SET_TEST_ADDRESS(i);
-geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, a, now-7200);
+geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, ddr, now-7200);
}
- /* 8 connections with yout */
+ /* 8 connections with entropy */
for (i=159; i 167; ++i) {
SET_TEST_ADDRESS(i);
-geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, yout, now-7200);
+geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, entropy, now-7200);
}
/* Test the transport history string. */
s = geoip_get_transport_history();
tor_assert(s);
- test_streq(s, OR=8,I=8,a=136,was=16,when=16,yout=8);
+ test_streq(s, OR=8,alpha=16,beta=8,charlie=16,ddr=136,entropy=8);
/* Stop collecting entry statistics. */
geoip_entry_stats_term();
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add transport information to the GeoIP database.
commit 0ec4e5a698d248448aaf684a74fc51f31c84d313
Author: George Kadianakis desnac...@riseup.net
Date: Mon Feb 11 20:51:41 2013 +0100
Add transport information to the GeoIP database.
---
src/or/channel.c |3 ++-
src/or/directory.c |4 +++-
src/or/geoip.c | 16 +++-
src/or/geoip.h |3 ++-
src/test/test.c| 24
5 files changed, 34 insertions(+), 16 deletions(-)
diff --git a/src/or/channel.c b/src/or/channel.c
index 98c23d9..4b6c7e1 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -2379,7 +2379,8 @@ channel_do_open_actions(channel_t *chan)
/* only report it to the geoip module if it's not a known router */
if (!router_get_by_id_digest(chan-identity_digest)) {
if (channel_get_addr_if_possible(chan, remote_addr)) {
-geoip_note_client_seen(GEOIP_CLIENT_CONNECT, remote_addr,
+/* 5040/4773 : Is this 'NULL' right? */
+geoip_note_client_seen(GEOIP_CLIENT_CONNECT, remote_addr, NULL,
now);
}
/* Otherwise the underlying transport can't tell us this, so skip it */
diff --git a/src/or/directory.c b/src/or/directory.c
index 88d6717..97305ae 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -2966,7 +2966,9 @@ directory_handle_command_get(dir_connection_t *conn,
const char *headers,
tor_addr_t addr;
if (tor_inet_aton((TO_CONN(conn))-address, in)) {
tor_addr_from_ipv4h(addr, ntohl(in.s_addr));
-geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS, addr, time(NULL));
+geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS,
+ addr, NULL,
+ time(NULL));
geoip_note_ns_response(GEOIP_SUCCESS);
/* Note that a request for a network status has started, so that we
* can measure the download time later on. */
diff --git a/src/or/geoip.c b/src/or/geoip.c
index 020075f..b1efefd 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -461,6 +461,10 @@ geoip_db_digest(sa_family_t family)
typedef struct clientmap_entry_t {
HT_ENTRY(clientmap_entry_t) node;
tor_addr_t addr;
+ /* Name of pluggable transport used by this client. NULL if no
+pluggable transport was used. */
+ char *transport_name;
+
/** Time when we last saw this IP address, in MINUTES since the epoch.
*
* (This will run out of space around 4011 CE. If Tor is still in use around
@@ -519,7 +523,9 @@ client_history_clear(void)
* configured accordingly. */
void
geoip_note_client_seen(geoip_client_action_t action,
- const tor_addr_t *addr, time_t now)
+ const tor_addr_t *addr,
+ const char *transport_name,
+ time_t now)
{
const or_options_t *options = get_options();
clientmap_entry_t lookup, *ent;
@@ -534,12 +540,18 @@ geoip_note_client_seen(geoip_client_action_t action,
return;
}
+ log_debug(LD_GENERAL, Seen client from '%s' with transport '%s'.,
+safe_str_client(fmt_addr((addr))),
+transport_name ? transport_name : no transport);
+
tor_addr_copy(lookup.addr, addr);
lookup.action = (int)action;
ent = HT_FIND(clientmap, client_history, lookup);
if (! ent) {
ent = tor_malloc_zero(sizeof(clientmap_entry_t));
tor_addr_copy(ent-addr, addr);
+if (transport_name)
+ ent-transport_name = tor_strdup(transport_name);
ent-action = (int)action;
HT_INSERT(clientmap, client_history, ent);
}
@@ -566,6 +578,7 @@ remove_old_client_helper_(struct clientmap_entry_t *ent,
void *_cutoff)
{
time_t cutoff = *(time_t*)_cutoff / 60;
if (ent-last_seen_in_minutes cutoff) {
+tor_free(ent-transport_name);
tor_free(ent);
return 1;
} else {
@@ -1515,6 +1528,7 @@ geoip_free_all(void)
for (ent = HT_START(clientmap, client_history); ent != NULL; ent = next) {
this = *ent;
next = HT_NEXT_RMV(clientmap, client_history, ent);
+ tor_free(this-transport_name);
tor_free(this);
}
HT_CLEAR(clientmap, client_history);
diff --git a/src/or/geoip.h b/src/or/geoip.h
index d670072..19855c9 100644
--- a/src/or/geoip.h
+++ b/src/or/geoip.h
@@ -29,7 +29,8 @@ const char *geoip_db_digest(sa_family_t family);
country_t geoip_get_country(const char *countrycode);
void geoip_note_client_seen(geoip_client_action_t action,
-const tor_addr_t *addr, time_t now);
+const tor_addr_t *addr, const char *transport_name,
+time_t now);
void geoip_remove_old_clients(time_t cutoff);
void geoip_note_ns_response(geoip_ns_response_t response);
diff --git a/src/test/test.c b/src/test/test.c
index 9640169..4874ada 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1741,20 +1741,20 @@ test_geoip(void)
/* Put 9 observations in AB... */
for (i=32; i 40; ++i) {
SET_TEST_ADDRESS(i);
-
[tor-commits] [tor/master] Fix a number of issues with the #5040 code.
commit cb54e44587473782c2865c3ea4aca6e0666943a8
Author: George Kadianakis desnac...@riseup.net
Date: Thu Jun 27 17:50:56 2013 +0300
Fix a number of issues with the #5040 code.
- Don't leak if a transport proxy sends us a TRANSPORT command more
than once.
- Don't use smartlist_string_isin() in geoip_get_transport_history().
(pointed out by Nick)
- Use the 'join' argument of smartlist_join_strings() instead of
trying to write the separator on our own.
(pointed out by Nick)
- Document 'ext_or_transport' a bit better.
(pointed out by Nick)
- Be a bit more consistent with the types of the values of
'transport_counts'.
(pointed out by Nick)
---
src/or/ext_orport.c |6 ++
src/or/geoip.c | 13 +
src/or/or.h |5 +++--
3 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index f83002c..8fd9b77 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -460,6 +460,12 @@ connection_ext_or_handle_cmd_transport(or_connection_t
*conn,
return -1;
}
+ /* If ext_or_transport is already occupied (because the PT sent two
+ * TRANSPORT commands), deallocate the old name and keep the new
+ * one */
+ if (conn-ext_or_transport)
+tor_free(conn-ext_or_transport);
+
conn-ext_or_transport = transport_str;
return 0;
}
diff --git a/src/or/geoip.c b/src/or/geoip.c
index 7244c56..737512f 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -807,7 +807,6 @@ geoip_get_transport_history(void)
const char *transport_name = NULL;
smartlist_t *string_chunks = smartlist_new();
char *the_string = NULL;
- int i = 0;
/* If we haven't seen any clients yet, return NULL. */
if (HT_EMPTY(client_history))
@@ -841,7 +840,7 @@ geoip_get_transport_history(void)
strmap_set(transport_counts, transport_name, ptr);
/* If it's the first time we see this transport, note it. */
-if (!smartlist_contains_string(transports_used, transport_name))
+if (val == 1)
smartlist_add(transports_used, tor_strdup(transport_name));
log_debug(LD_GENERAL, Client from '%s' with transport '%s'.
@@ -857,20 +856,18 @@ geoip_get_transport_history(void)
/* Loop through all seen transports. */
SMARTLIST_FOREACH_BEGIN(transports_used, const char *, transport_name) {
void *transport_count_ptr = strmap_get(transport_counts, transport_name);
-unsigned int transport_count = (uintptr_t) transport_count_ptr;
-i++; /* counter so that we don't add a comma if it's the last transport. */
+unsigned int transport_count = (intptr_t) transport_count_ptr;
log_debug(LD_GENERAL, We got %u clients with transport '%s'.,
transport_count, transport_name);
-smartlist_add_asprintf(string_chunks, %s=%u%s,
+smartlist_add_asprintf(string_chunks, %s=%u,
transport_name,
round_to_next_multiple_of(transport_count,
- granularity),
- i != smartlist_len(transports_used) ? , : );
+ granularity));
} SMARTLIST_FOREACH_END(transport_name);
- the_string = smartlist_join_strings(string_chunks, , 0, NULL);
+ the_string = smartlist_join_strings(string_chunks, ,, 0, NULL);
log_debug(LD_GENERAL, Final bridge-ip-transports string: '%s', the_string);
diff --git a/src/or/or.h b/src/or/or.h
index 7916c47..9b519a7 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1452,8 +1452,9 @@ typedef struct or_connection_t {
char *ext_or_conn_id;
/** Client hash of the Extended ORPort authentication scheme */
char *ext_or_auth_correct_client_hash;
- /** Name of the pluggable transport that is obfuscating this
- connection. If no pluggable transports are used, it's NULL. */
+ /** String carrying the name of the pluggable transport
+ * (e.g. obfs2) that is obfuscating this connection. If no
+ * pluggable transports are used, it's NULL. */
char *ext_or_transport;
char *nickname; /** Nickname of OR on other side (if any). */
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make a channel getter method to retrieve transport names.
commit e765d6ed8404a9df97f39846bf943217cf6a2001
Author: George Kadianakis desnac...@riseup.net
Date: Mon Feb 11 20:52:12 2013 +0100
Make a channel getter method to retrieve transport names.
---
src/or/channel.c|9 +++--
src/or/channel.h|2 ++
src/or/channeltls.c | 27 +++
3 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/src/or/channel.c b/src/or/channel.c
index 4b6c7e1..ea5f961 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -2379,9 +2379,14 @@ channel_do_open_actions(channel_t *chan)
/* only report it to the geoip module if it's not a known router */
if (!router_get_by_id_digest(chan-identity_digest)) {
if (channel_get_addr_if_possible(chan, remote_addr)) {
-/* 5040/4773 : Is this 'NULL' right? */
-geoip_note_client_seen(GEOIP_CLIENT_CONNECT, remote_addr, NULL,
+char *transport_name = NULL;
+if (chan-get_transport_name(chan, transport_name) 0)
+ transport_name = NULL;
+
+geoip_note_client_seen(GEOIP_CLIENT_CONNECT,
+ remote_addr, transport_name,
now);
+tor_free(transport_name);
}
/* Otherwise the underlying transport can't tell us this, so skip it */
}
diff --git a/src/or/channel.h b/src/or/channel.h
index 83d7e90..bd99ebc 100644
--- a/src/or/channel.h
+++ b/src/or/channel.h
@@ -84,6 +84,8 @@ struct channel_s {
* available.
*/
int (*get_remote_addr)(channel_t *, tor_addr_t *);
+ int (*get_transport_name)(channel_t *chan, char **transport_out);
+
#define GRD_FLAG_ORIGINAL 1
#define GRD_FLAG_ADDR_ONLY 2
/*
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 60693da..40f22c0 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -55,6 +55,8 @@ static void channel_tls_close_method(channel_t *chan);
static const char * channel_tls_describe_transport_method(channel_t *chan);
static int
channel_tls_get_remote_addr_method(channel_t *chan, tor_addr_t *addr_out);
+static int
+channel_tls_get_transport_name_method(channel_t *chan, char **transport_out);
static const char *
channel_tls_get_remote_descr_method(channel_t *chan, int flags);
static int channel_tls_has_queued_writes_method(channel_t *chan);
@@ -114,6 +116,7 @@ channel_tls_common_init(channel_tls_t *tlschan)
chan-describe_transport = channel_tls_describe_transport_method;
chan-get_remote_addr = channel_tls_get_remote_addr_method;
chan-get_remote_descr = channel_tls_get_remote_descr_method;
+ chan-get_transport_name = channel_tls_get_transport_name_method;
chan-has_queued_writes = channel_tls_has_queued_writes_method;
chan-is_canonical = channel_tls_is_canonical_method;
chan-matches_extend_info = channel_tls_matches_extend_info_method;
@@ -406,6 +409,30 @@ channel_tls_get_remote_addr_method(channel_t *chan,
tor_addr_t *addr_out)
}
/**
+ * Get the name of the pluggable transport used by a channel_tls_t.
+ *
+ * This implements the get_transport_name for channel_tls_t. If the
+ * channel uses a pluggable transport, copy its name to
+ * btransport_out/b and return 0. If the channel did not use a
+ * pluggable transport, return -1. */
+
+static int
+channel_tls_get_transport_name_method(channel_t *chan, char **transport_out)
+{
+ channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
+
+ tor_assert(tlschan);
+ tor_assert(transport_out);
+ tor_assert(tlschan-conn);
+
+ if (!tlschan-conn-ext_or_transport)
+return -1;
+
+ *transport_out = tor_strdup(tlschan-conn-ext_or_transport);
+ return 0;
+}
+
+/**
* Get endpoint description of a channel_tls_t
*
* This implements the get_remote_descr method for channel_tls_t; it returns
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Use only uintptr_t for the value of transport_count
commit 656842441039399aca0dee95b7c51be7a3749ce0
Author: Nick Mathewson ni...@torproject.org
Date: Tue Jul 16 13:14:44 2013 -0400
Use only uintptr_t for the value of transport_count
---
src/or/geoip.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/or/geoip.c b/src/or/geoip.c
index 866f6a7..b4f54d4 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -810,8 +810,6 @@ geoip_get_transport_history(void)
unsigned granularity = IP_GRANULARITY;
/** String hash table name of transport - number of users. */
strmap_t *transport_counts = strmap_new();
- void *ptr;
- intptr_t val;
/** Smartlist that contains copies of the names of the transports
that have been used. */
@@ -847,13 +845,15 @@ geoip_get_transport_history(void)
/* Loop through all clients. */
HT_FOREACH(ent, clientmap, client_history) {
+uintptr_t val;
+void *ptr;
transport_name = (*ent)-transport_name;
if (!transport_name)
transport_name = no_transport_str;
/* Increase the count for this transport name. */
ptr = strmap_get(transport_counts, transport_name);
-val = (intptr_t)ptr;
+val = (uintptr_t)ptr;
val++;
ptr = (void*)val;
strmap_set(transport_counts, transport_name, ptr);
@@ -875,15 +875,16 @@ geoip_get_transport_history(void)
/* Loop through all seen transports. */
SMARTLIST_FOREACH_BEGIN(transports_used, const char *, transport_name) {
void *transport_count_ptr = strmap_get(transport_counts, transport_name);
-unsigned int transport_count = (intptr_t) transport_count_ptr;
+uintptr_t transport_count = (uintptr_t) transport_count_ptr;
-log_debug(LD_GENERAL, We got %u clients with transport '%s'.,
- transport_count, transport_name);
+log_debug(LD_GENERAL, We got U64_FORMAT clients with transport '%s'.,
+ U64_PRINTF_ARG((uint64_t)transport_count), transport_name);
-smartlist_add_asprintf(string_chunks, %s=%u,
+smartlist_add_asprintf(string_chunks, %s=U64_FORMAT,
transport_name,
- round_to_next_multiple_of(transport_count,
- granularity));
+ U64_PRINTF_ARG(round_uint64_to_next_multiple_of(
+ (uint64_t)transport_count,
+ granularity)));
} SMARTLIST_FOREACH_END(transport_name);
the_string = smartlist_join_strings(string_chunks, ,, 0, NULL);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix some unittests that broke when we added bridge-ip-transports.
commit f8a9591d3150dacadbae1b99ffa234c9821def5c Author: George Kadianakis desnac...@riseup.net Date: Mon Feb 25 21:29:28 2013 +0200 Fix some unittests that broke when we added bridge-ip-transports. --- src/test/test.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/test/test.c b/src/test/test.c index c3b3684..2ce9f66 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1658,7 +1658,8 @@ test_geoip(void) const char *bridge_stats_1 = bridge-stats-end 2010-08-12 13:27:30 (86400 s)\n bridge-ips zz=24,xy=8\n - bridge-ip-versions v4=16,v6=16\n, + bridge-ip-versions v4=16,v6=16\n + bridge-ip-transports OR=24\n, *dirreq_stats_1 = dirreq-stats-end 2010-08-12 13:27:30 (86400 s)\n dirreq-v3-ips ab=8\n ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add a changes file for #5040.
commit 4d325182886072107ec1e5089701d9152be2604c Author: George Kadianakis desnac...@riseup.net Date: Thu Feb 28 15:18:32 2013 +0200 Add a changes file for #5040. --- changes/bug5040 |4 1 file changed, 4 insertions(+) diff --git a/changes/bug5040 b/changes/bug5040 new file mode 100644 index 000..a2c37e7 --- /dev/null +++ b/changes/bug5040 @@ -0,0 +1,4 @@ + o Minor features: +- Bridges now track the usage of their pluggable transports and + report statistics in their extra-info descriptors. Resolves + ticket 5040. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make check-spaces happy.
commit b2c7379aec503f6af3b7cc73660df80fd5edacf7 Author: George Kadianakis desnac...@riseup.net Date: Thu Feb 28 15:23:24 2013 +0200 Make check-spaces happy. --- src/or/ext_orport.c |1 - src/or/geoip.c |4 ++-- src/test/test.c |2 -- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c index ff752f4..f83002c 100644 --- a/src/or/ext_orport.c +++ b/src/or/ext_orport.c @@ -464,7 +464,6 @@ connection_ext_or_handle_cmd_transport(or_connection_t *conn, return 0; } - /** Process Extended ORPort messages from bor_conn/b. */ int connection_ext_or_process_inbuf(or_connection_t *or_conn) diff --git a/src/or/geoip.c b/src/or/geoip.c index dbb7ddd..7244c56 100644 --- a/src/or/geoip.c +++ b/src/or/geoip.c @@ -865,7 +865,8 @@ geoip_get_transport_history(void) smartlist_add_asprintf(string_chunks, %s=%u%s, transport_name, - round_to_next_multiple_of(transport_count, granularity), + round_to_next_multiple_of(transport_count, + granularity), i != smartlist_len(transports_used) ? , : ); } SMARTLIST_FOREACH_END(transport_name); @@ -1348,7 +1349,6 @@ validate_bridge_stats(const char *stats_str, time_t now) return 0; } - return 1; } diff --git a/src/test/test.c b/src/test/test.c index 2ce9f66..cf4febf 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1885,7 +1885,6 @@ test_geoip(void) test_streq(entry_stats_2, s); tor_free(s); - /* Stop collecting entry statistics. */ geoip_entry_stats_term(); get_options_mutable()-EntryStatistics = 0; @@ -1945,7 +1944,6 @@ test_geoip_with_pt(void) geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, yout, now-7200); } - /* Test the transport history string. */ s = geoip_get_transport_history(); tor_assert(s); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Use memdup_nulterm and check for NULs in handle_cmd_transport
commit 50136b66981ae80c2b139aa441a8472c84bc11e6
Author: Nick Mathewson ni...@torproject.org
Date: Tue Jul 16 13:59:09 2013 -0400
Use memdup_nulterm and check for NULs in handle_cmd_transport
---
src/or/ext_orport.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 7dfe624..e0980de 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -467,9 +467,13 @@ static int
connection_ext_or_handle_cmd_transport(or_connection_t *conn,
const char *payload, uint16_t len)
{
- char *transport_str = tor_malloc(len + 1); /* NUL-terminate the string */
- memcpy(transport_str, payload, len);
- transport_str[len] = 0;
+ char *transport_str;
+ if (memchr(payload, '\0', len)) {
+log_fn(LOG_PROTOCOL_WARN, LD_NET, Unexpected NUL in ExtORPort Transport);
+return -1;
+ }
+
+ transport_str = tor_memdup_nulterm(payload, len);
/* Transport names MUST be C-identifiers. */
if (!string_is_C_identifier(transport_str)) {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add a unittest for the bridge-ip-transports extra-info line.
commit f4b36bee7e76f47953ed61529cdb4cca809eda86
Author: George Kadianakis desnac...@riseup.net
Date: Mon Feb 25 21:28:10 2013 +0200
Add a unittest for the bridge-ip-transports extra-info line.
---
src/test/test.c | 129 +--
1 file changed, 97 insertions(+), 32 deletions(-)
diff --git a/src/test/test.c b/src/test/test.c
index 4874ada..c3b3684 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1620,6 +1620,34 @@ test_rend_fns(void)
tor_free(intro_points_encrypted);
}
+ /* Record odd numbered fake-IPs using ipv6, even numbered fake-IPs
+ * using ipv4. Since our fake geoip database is the same between
+ * ipv4 and ipv6, we should get the same result no matter which
+ * address family we pick for each IP. */
+#define SET_TEST_ADDRESS(i) do {\
+if ((i) 1) { \
+ SET_TEST_IPV6(i); \
+ tor_addr_from_in6(addr, in6); \
+} else {\
+ tor_addr_from_ipv4h(addr, (uint32_t) i); \
+} \
+ } while (0)
+
+ /* Make sure that country ID actually works. */
+#define SET_TEST_IPV6(i) \
+ do { \
+set_uint32(in6.s6_addr + 12, htonl((uint32_t) (i)));\
+ } while (0)
+#define CHECK_COUNTRY(country, val) do {\
+/* test ipv4 country lookup */ \
+test_streq(country, \
+ geoip_get_country_name(geoip_get_country_by_ipv4(val))); \
+/* test ipv6 country lookup */ \
+SET_TEST_IPV6(val); \
+test_streq(country, \
+ geoip_get_country_name(geoip_get_country_by_ipv6(in6))); \
+ } while (0)
+
/** Run unit tests for GeoIP code. */
static void
test_geoip(void)
@@ -1694,21 +1722,6 @@ test_geoip(void)
test_eq(4, geoip_get_n_countries());
memset(in6, 0, sizeof(in6));
- /* Make sure that country ID actually works. */
-#define SET_TEST_IPV6(i) \
- do { \
-set_uint32(in6.s6_addr + 12, htonl((uint32_t) (i)));\
- } while (0)
-#define CHECK_COUNTRY(country, val) do {\
-/* test ipv4 country lookup */ \
-test_streq(country, \
- geoip_get_country_name(geoip_get_country_by_ipv4(val))); \
-/* test ipv6 country lookup */ \
-SET_TEST_IPV6(val); \
-test_streq(country, \
- geoip_get_country_name(geoip_get_country_by_ipv6(in6))); \
- } while (0)
-
CHECK_COUNTRY(??, 3);
CHECK_COUNTRY(ab, 32);
CHECK_COUNTRY(??, 5);
@@ -1721,21 +1734,6 @@ test_geoip(void)
SET_TEST_IPV6(3);
test_eq(0, geoip_get_country_by_ipv6(in6));
-#undef CHECK_COUNTRY
-
- /* Record odd numbered fake-IPs using ipv6, even numbered fake-IPs
- * using ipv4. Since our fake geoip database is the same between
- * ipv4 and ipv6, we should get the same result no matter which
- * address family we pick for each IP. */
-#define SET_TEST_ADDRESS(i) do {\
-if ((i) 1) { \
- SET_TEST_IPV6(i); \
- tor_addr_from_in6(addr, in6); \
-} else {\
- tor_addr_from_ipv4h(addr, (uint32_t) i); \
-} \
- } while (0)
-
get_options_mutable()-BridgeRelay = 1;
get_options_mutable()-BridgeRecordUsageByCountry = 1;
/* Put 9 observations in AB... */
@@ -1886,8 +1884,6 @@ test_geoip(void)
test_streq(entry_stats_2, s);
tor_free(s);
-#undef SET_TEST_ADDRESS
-#undef SET_TEST_IPV6
/* Stop collecting entry statistics. */
geoip_entry_stats_term();
@@ -1898,6 +1894,74 @@ test_geoip(void)
tor_free(v);
}
+static void
+test_geoip_with_pt(void)
+{
+ time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */
+ char *s = NULL;
+ int i;
+ tor_addr_t addr;
+ struct in6_addr in6;
+
+ get_options_mutable()-BridgeRelay = 1;
+ get_options_mutable()-BridgeRecordUsageByCountry = 1;
+
+ /* No clients seen yet. */
+ s = geoip_get_transport_history();
+ tor_assert(!s);
+
+ /* 4 connections without a pluggable transport */
+ for (i=0; i 4; ++i) {
+SET_TEST_ADDRESS(i);
+geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now-7200);
+ }
+
+ /* 9 connections with when */
+ for (i=4; i 13; ++i) {
+SET_TEST_ADDRESS(i);
+geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, when, now-7200);
+ }
+
+ /*
[tor-commits] [tor/master] Make the Extended ORPort understand the TRANSPORT command.
commit 210210f219a1773530dd117d7a48d6edc3a5e714
Author: George Kadianakis desnac...@riseup.net
Date: Mon Feb 11 20:45:17 2013 +0100
Make the Extended ORPort understand the TRANSPORT command.
---
src/or/connection.c |1 +
src/or/ext_orport.c | 43 ---
src/or/or.h |3 +++
3 files changed, 44 insertions(+), 3 deletions(-)
diff --git a/src/or/connection.c b/src/or/connection.c
index 6f66f79..57a9c58 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -603,6 +603,7 @@ connection_free_(connection_t *conn)
connection_or_remove_from_ext_or_id_map(TO_OR_CONN(conn));
tor_free(TO_OR_CONN(conn)-ext_or_conn_id);
tor_free(TO_OR_CONN(conn)-ext_or_auth_correct_client_hash);
+tor_free(TO_OR_CONN(conn)-ext_or_transport);
}
#ifdef USE_BUFFEREVENTS
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index db95843..ff752f4 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -12,6 +12,7 @@
#include ext_orport.h
#include control.h
#include config.h
+#include util.h
#include main.h
/** Allocate and return a structure capable of holding an Extended
@@ -381,6 +382,7 @@ connection_ext_or_auth_process_inbuf(or_connection_t
*or_conn)
/** Extended ORPort commands (Transport-to-Bridge) */
#define EXT_OR_CMD_TB_DONE 0x
#define EXT_OR_CMD_TB_USERADDR 0x0001
+#define EXT_OR_CMD_TB_TRANSPORT 0x0002
/** Extended ORPort commands (Bridge-to-Transport) */
#define EXT_OR_CMD_BT_OKAY 0x1000
@@ -395,8 +397,8 @@ connection_ext_or_auth_process_inbuf(or_connection_t
*or_conn)
*
* Return 0 on success and -1 on error. */
static int
-connection_ext_or_handle_useraddr(connection_t *conn,
- const char *payload, uint16_t len)
+connection_ext_or_handle_cmd_useraddr(connection_t *conn,
+ const char *payload, uint16_t len)
{
/* Copy address string. */
tor_addr_t addr;
@@ -437,6 +439,32 @@ connection_ext_or_handle_useraddr(connection_t *conn,
return 0;
}
+/** Process a TRANSPORT command from the Extended
+ * ORPort. bpayload/b is a payload of size blen/b.
+ *
+ * If the TRANSPORT command was well formed, register the name of the
+ * transport on bconn/b.
+ *
+ * Return 0 on success and -1 on error. */
+static int
+connection_ext_or_handle_cmd_transport(or_connection_t *conn,
+ const char *payload, uint16_t len)
+{
+ char *transport_str = tor_malloc(len + 1); /* NUL-terminate the string */
+ memcpy(transport_str, payload, len);
+ transport_str[len] = 0;
+
+ /* Transport names MUST be C-identifiers. */
+ if (!string_is_C_identifier(transport_str)) {
+tor_free(transport_str);
+return -1;
+ }
+
+ conn-ext_or_transport = transport_str;
+ return 0;
+}
+
+
/** Process Extended ORPort messages from bor_conn/b. */
int
connection_ext_or_process_inbuf(or_connection_t *or_conn)
@@ -480,15 +508,24 @@ connection_ext_or_process_inbuf(or_connection_t *or_conn)
log_debug(LD_NET, Received DONE.);
+ /* If the transport proxy did not use the TRANSPORT command to
+ * specify the transport name, mark this as unknown transport. */
+ if (!or_conn-ext_or_transport)
+or_conn-ext_or_transport = tor_strdup(?\?);
+
connection_write_ext_or_command(conn, EXT_OR_CMD_BT_OKAY, NULL, 0);
/* can't transition immediately; need to flush first. */
conn-state = EXT_OR_CONN_STATE_FLUSHING;
connection_stop_reading(conn);
} else if (command-cmd == EXT_OR_CMD_TB_USERADDR) {
- if (connection_ext_or_handle_useraddr(conn,
+ if (connection_ext_or_handle_cmd_useraddr(conn,
command-body, command-len) 0)
goto err;
+} else if (command-cmd == EXT_OR_CMD_TB_TRANSPORT) {
+ if (connection_ext_or_handle_cmd_transport(or_conn,
+ command-body, command-len) 0)
+goto err;
} else {
log_notice(LD_NET,Got Extended ORPort command we don't regognize (%u).,
command-cmd);
diff --git a/src/or/or.h b/src/or/or.h
index 63d137c..7916c47 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1452,6 +1452,9 @@ typedef struct or_connection_t {
char *ext_or_conn_id;
/** Client hash of the Extended ORPort authentication scheme */
char *ext_or_auth_correct_client_hash;
+ /** Name of the pluggable transport that is obfuscating this
+ connection. If no pluggable transports are used, it's NULL. */
+ char *ext_or_transport;
char *nickname; /** Nickname of OR on other side (if any). */
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix logging severities and remove some trivial XXXs.
commit 895709db07c75c9a3bf8f2ef4e507fd410495dff
Author: George Kadianakis desnac...@riseup.net
Date: Wed Dec 5 19:26:24 2012 +0200
Fix logging severities and remove some trivial XXXs.
---
src/or/connection_or.c |1 +
src/or/ext_orport.c| 26 +-
2 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 42127ad..3711cfe 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2424,3 +2424,4 @@ connection_or_send_authenticate_cell(or_connection_t
*conn, int authtype)
return 0;
}
+
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index f44a3f5..db95843 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -161,7 +161,7 @@ init_ext_or_cookie_authentication(int is_enabled)
return -1;
}
- log_warn(LD_GENERAL, Generated Extended ORPort cookie file in '%s'.,
+ log_info(LD_GENERAL, Generated Extended ORPort cookie file in '%s'.,
fname);
tor_free(fname);
@@ -186,7 +186,7 @@ connection_ext_or_auth_neg_auth_type(connection_t *conn)
if (connection_fetch_from_buf(authtype, 1, conn) 0)
return -1;
- log_warn(LD_GENERAL, Client wants us to use %d auth type, authtype[0]);
+ log_debug(LD_GENERAL, Client wants us to use %d auth type, authtype[0]);
if (authtype[0] != 1) /* '1' is the only auth type supported atm */
return -1;
@@ -219,7 +219,7 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
return 0;
if (connection_fetch_from_buf(client_nonce,
-EXT_OR_PORT_AUTH_NONCE_LEN, conn) 0) /* XXX
check-spaces */
+EXT_OR_PORT_AUTH_NONCE_LEN, conn) 0)
return -1;
/* Get our nonce */
@@ -286,9 +286,9 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
base16_encode(client_nonce_encoded, sizeof(client_nonce_encoded),
client_nonce, sizeof(client_nonce));
-log_warn(LD_GENERAL,
- server_hash: '%s'\nserver_nonce: '%s'\nclient_nonce: '%s',
- server_hash_encoded, server_nonce_encoded, client_nonce_encoded);
+log_debug(LD_GENERAL,
+ server_hash: '%s'\nserver_nonce: '%s'\nclient_nonce: '%s',
+ server_hash_encoded, server_nonce_encoded, client_nonce_encoded);
}
{ /* write reply: (server_hash, server_nonce) */
@@ -298,7 +298,7 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
connection_write_to_buf(reply, sizeof(reply), conn);
}
- log_warn(LD_GENERAL, Got client nonce, and sent our own nonce and hash.);
+ log_debug(LD_GENERAL, Got client nonce, and sent our own nonce and hash.);
conn-state = EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH;
return 1;
@@ -346,7 +346,7 @@ connection_ext_or_auth_handle_client_hash(connection_t
*conn)
return -1;
}
- log_warn(LD_GENERAL, Got client's hash and it was legit.);
+ log_debug(LD_GENERAL, Got client's hash and it was legit.);
/* send positive auth result */
connection_ext_or_auth_send_result_success(conn);
@@ -422,7 +422,7 @@ connection_ext_or_handle_useraddr(connection_t *conn,
char *old_address = tor_dup_addr(conn-addr);
char *new_address = tor_dup_addr(addr);
-log_warn(LD_NET, Received USERADDR. /* XXX Fix log severities/messages */
+log_debug(LD_NET, Received USERADDR.
We rewrite our address from '%s:%u' to '%s:%u'.,
safe_str(old_address), conn-port, safe_str(new_address), port);
@@ -448,8 +448,8 @@ connection_ext_or_process_inbuf(or_connection_t *or_conn)
/* If we are still in the authentication stage, process traffic as
authentication data: */
while (conn-state = EXT_OR_CONN_STATE_AUTH_MAX) {
-log_warn(LD_GENERAL, Got Extended ORPort authentication data (%u).,
- (unsigned int) connection_get_inbuf_len(conn));
+log_debug(LD_GENERAL, Got Extended ORPort authentication data (%u).,
+ (unsigned int) connection_get_inbuf_len(conn));
r = connection_ext_or_auth_process_inbuf(or_conn);
if (r 0) {
connection_mark_for_close(conn);
@@ -461,7 +461,7 @@ connection_ext_or_process_inbuf(or_connection_t *or_conn)
}
while (1) {
-log_warn(LD_GENERAL, Got Extended ORPort data.);
+log_debug(LD_GENERAL, Got Extended ORPort data.);
command = NULL;
r = connection_fetch_ext_or_cmd_from_buf(conn, command);
if (r 0)
@@ -526,7 +526,7 @@ connection_ext_or_start_auth(or_connection_t *or_conn)
connection_t *conn = TO_CONN(or_conn);
char authtypes[2] = \x01\x00; /* We only support authtype '1' for now. */
- log_warn(LD_GENERAL,
+ log_debug(LD_GENERAL,
ExtORPort authentication: Sending supported authentication types);
connection_write_to_buf(authtypes, sizeof(authtypes), conn);
___
tor-commits mailing list
tor-commits@lists.torproject.org
[tor-commits] [tor/master] Fix some ext_orport.c DOCDOCs.
commit e1d1d7a8dabf37043cdabc11432116cf08792f22
Author: George Kadianakis desnac...@riseup.net
Date: Thu Jul 18 19:58:42 2013 +0300
Fix some ext_orport.c DOCDOCs.
---
src/or/ext_orport.c | 19 ---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index b1bb11b..9b4db73 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -225,8 +225,12 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
EXT_OR_PORT_AUTH_NONCE_LEN, conn) 0)
return -1;
- /* DOCDOC comment this function more, with comments about what the
- * protocol is. */
+ /* We extract the ClientNonce from the received data, and use it to
+ calculate ServerHash and ServerNonce according to proposal 217.
+
+ We also calculate our own ClientHash value and save it in the
+ connection state. We validate it later against the ClientHash
+ sent by the client. */
/* Get our nonce */
if (crypto_rand(server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN) 0)
@@ -375,7 +379,16 @@ connection_ext_or_auth_process_inbuf(or_connection_t
*or_conn)
{
connection_t *conn = TO_CONN(or_conn);
- /* DOCDOC Document the state machine here! */
+ /* State transitions of the Extended ORPort authentication protocol:
+
+ EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE (start state) -
+ EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE -
+ EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH -
+ EXT_OR_CONN_STATE_OPEN
+
+ During EXT_OR_CONN_STATE_OPEN, data is handled by
+ connection_ext_or_process_inbuf().
+ */
switch (conn-state) { /* Functionify */
case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE:
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Tests for connection_write_ext_or_command.
commit 03e3881043de68f371883fdb82a1d2bebf4179ed
Author: Nick Mathewson ni...@torproject.org
Date: Thu Jul 18 16:23:48 2013 -0400
Tests for connection_write_ext_or_command.
---
src/or/connection.c |6 ++--
src/or/connection.h |4 +--
src/or/ext_orport.c |3 +-
src/or/ext_orport.h |7
src/test/test_extorport.c | 87 +
5 files changed, 101 insertions(+), 6 deletions(-)
diff --git a/src/or/connection.c b/src/or/connection.c
index f1d7961..6c95245 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -3714,9 +3714,9 @@ connection_flush(connection_t *conn)
* it all, so we don't end up with many megabytes of controller info queued at
* once.
*/
-void
-connection_write_to_buf_impl_(const char *string, size_t len,
- connection_t *conn, int zlib)
+MOCK_IMPL(void,
+connection_write_to_buf_impl_,(const char *string, size_t len,
+ connection_t *conn, int zlib))
{
/* This function really needs to return -1 on failure. */
int r;
diff --git a/src/or/connection.h b/src/or/connection.h
index 19f11c7..0454ac2 100644
--- a/src/or/connection.h
+++ b/src/or/connection.h
@@ -130,8 +130,8 @@ int connection_outbuf_too_full(connection_t *conn);
int connection_handle_write(connection_t *conn, int force);
int connection_flush(connection_t *conn);
-void connection_write_to_buf_impl_(const char *string, size_t len,
- connection_t *conn, int zlib);
+MOCK_DECL(void, connection_write_to_buf_impl_,
+ (const char *string, size_t len, connection_t *conn, int zlib));
/* DOCDOC connection_write_to_buf */
static void connection_write_to_buf(const char *string, size_t len,
connection_t *conn);
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index e0980de..b1bb11b 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -6,6 +6,7 @@
* \brief Code implementing the Extended ORPort.
*/
+#define EXT_ORPORT_PRIVATE
#include or.h
#include connection.h
#include connection_or.h
@@ -52,7 +53,7 @@ connection_fetch_ext_or_cmd_from_buf(connection_t *conn,
ext_or_cmd_t **out)
* bcommand/b as the command type, bbodylen/b as the body
* length, and bbody/b, if it's present, as the body of the
* message. */
-static int
+STATIC int
connection_write_ext_or_command(connection_t *conn,
uint16_t command,
const char *body,
diff --git a/src/or/ext_orport.h b/src/or/ext_orport.h
index 92ace77..35b92ad 100644
--- a/src/or/ext_orport.h
+++ b/src/or/ext_orport.h
@@ -22,5 +22,12 @@ int connection_ext_or_process_inbuf(or_connection_t
*or_conn);
int init_ext_or_cookie_authentication(int is_enabled);
char *get_ext_or_auth_cookie_file_name(void);
+#ifdef EXT_ORPORT_PRIVATE
+STATIC int connection_write_ext_or_command(connection_t *conn,
+ uint16_t command,
+ const char *body,
+ size_t bodylen);
+#endif
+
#endif
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index cfe810e..525ac4f 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -2,7 +2,9 @@
/* See LICENSE for licensing information */
#define CONNECTION_PRIVATE
+#define EXT_ORPORT_PRIVATE
#include or.h
+#include buffers.h
#include connection.h
#include ext_orport.h
#include test.h
@@ -59,7 +61,92 @@ test_ext_or_id_map(void *arg)
connection_or_clear_ext_or_id_map();
}
+/* Simple connection_write_to_buf_impl_ replacement that unconditionally
+ * writes to outbuf. */
+static void
+connection_write_to_buf_impl_replacement(const char *string, size_t len,
+ connection_t *conn, int zlib)
+{
+ (void) zlib;
+
+ tor_assert(string);
+ tor_assert(conn);
+ write_to_buf(string, len, conn-outbuf);
+}
+
+static char *
+buf_get_contents(buf_t *buf, size_t *sz_out)
+{
+ char *out;
+ *sz_out = buf_datalen(buf);
+ if (*sz_out = ULONG_MAX)
+return NULL; /* C'mon, really? */
+ out = tor_malloc(*sz_out + 1);
+ if (fetch_from_buf(out, (unsigned long)*sz_out, buf) != 0) {
+tor_free(out);
+return NULL;
+ }
+ out[*sz_out] = '\0'; /* Hopefully gratuitous. */
+ return out;
+}
+
+static void
+test_ext_or_write_command(void *arg)
+{
+ or_connection_t *c1;
+ char *cp = NULL;
+ char *buf = NULL;
+ size_t sz;
+
+ (void) arg;
+ MOCK(connection_write_to_buf_impl_,
+ connection_write_to_buf_impl_replacement);
+
+ c1 = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
+ tt_assert(c1);
+
+ /* Length too long */
+ tt_int_op(connection_write_ext_or_command(TO_CONN(c1), 100, X, 10),
+, 0);
+
+ /* Empty command */
+ tt_int_op(connection_write_ext_or_command(TO_CONN(c1), 0x99, NULL, 0),
+==, 0);
+ cp =
[tor-commits] [tor/master] Add a clientmap_entry_free().
commit 9d8ffa91ceb3dd57b9ff1170ebe200db25403391
Author: Nick Mathewson ni...@torproject.org
Date: Tue Jul 16 14:04:36 2013 -0400
Add a clientmap_entry_free().
Remove a nedless strdup/free pair.
---
src/or/geoip.c | 25 -
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/src/or/geoip.c b/src/or/geoip.c
index 21dceed..dc4730c 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -507,6 +507,17 @@ HT_PROTOTYPE(clientmap, clientmap_entry_t, node,
clientmap_entry_hash,
HT_GENERATE(clientmap, clientmap_entry_t, node, clientmap_entry_hash,
clientmap_entries_eq, 0.6, malloc, realloc, free);
+/** Free all storage held by bent/b. */
+static void
+clientmap_entry_free(clientmap_entry_t *ent)
+{
+ if (!ent)
+return;
+
+ tor_free(ent-transport_name);
+ tor_free(ent);
+}
+
/** Clear history of connecting clients used by entry and bridge stats. */
static void
client_history_clear(void)
@@ -517,7 +528,7 @@ client_history_clear(void)
if ((*ent)-action == GEOIP_CLIENT_CONNECT) {
this = *ent;
next = HT_NEXT_RMV(clientmap, client_history, ent);
- tor_free(this);
+ clientmap_entry_free(this);
} else {
next = HT_NEXT(clientmap, client_history, ent);
}
@@ -554,10 +565,8 @@ geoip_note_client_seen(geoip_client_action_t action,
tor_addr_copy(lookup.addr, addr);
lookup.action = (int)action;
- if (transport_name)
-lookup.transport_name = tor_strdup(transport_name);
+ lookup.transport_name = (char*) transport_name;
ent = HT_FIND(clientmap, client_history, lookup);
- tor_free(lookup.transport_name);
if (! ent) {
ent = tor_malloc_zero(sizeof(clientmap_entry_t));
@@ -590,8 +599,7 @@ remove_old_client_helper_(struct clientmap_entry_t *ent,
void *_cutoff)
{
time_t cutoff = *(time_t*)_cutoff / 60;
if (ent-last_seen_in_minutes cutoff) {
-tor_free(ent-transport_name);
-tor_free(ent);
+clientmap_entry_free(ent);
return 1;
} else {
return 0;
@@ -1162,7 +1170,7 @@ geoip_reset_dirreq_stats(time_t now)
if ((*ent)-action == GEOIP_CLIENT_NETWORKSTATUS) {
this = *ent;
next = HT_NEXT_RMV(clientmap, client_history, ent);
-tor_free(this);
+clientmap_entry_free(this);
} else {
next = HT_NEXT(clientmap, client_history, ent);
}
@@ -1656,8 +1664,7 @@ geoip_free_all(void)
for (ent = HT_START(clientmap, client_history); ent != NULL; ent = next) {
this = *ent;
next = HT_NEXT_RMV(clientmap, client_history, ent);
- tor_free(this-transport_name);
- tor_free(this);
+ clientmap_entry_free(this);
}
HT_CLEAR(clientmap, client_history);
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Unit test for the ext_orport safe_cookie handshake
commit 4e868a9bc3c4bb7c448fadaad0c69344432ea163
Author: Nick Mathewson ni...@torproject.org
Date: Thu Aug 1 13:19:07 2013 -0400
Unit test for the ext_orport safe_cookie handshake
---
src/test/test_extorport.c | 119 +
1 file changed, 119 insertions(+)
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index a3c0dfa..254ad05 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -3,10 +3,13 @@
#define CONNECTION_PRIVATE
#define EXT_ORPORT_PRIVATE
+#define MAIN_PRIVATE
#include or.h
#include buffers.h
#include connection.h
+#include control.h
#include ext_orport.h
+#include main.h
#include test.h
/* Test connection_or_remove_from_ext_or_id_map and
@@ -288,12 +291,128 @@ test_ext_or_cookie_auth_testvec(void *arg)
tor_free(mem_op_hex_tmp);
}
+static void
+ignore_bootstrap_problem(const char *warn, int reason)
+{
+ (void)warn;
+ (void)reason;
+}
+
+static void
+test_ext_or_handshake(void *arg)
+{
+ or_connection_t *conn=NULL;
+ char b[256];
+
+#define WRITE(s,n) \
+ do { \
+write_to_buf((s), (n), TO_CONN(conn)-inbuf); \
+ } while (0)
+#define CONTAINS(s,n) \
+ do { \
+tt_int_op((n), =, sizeof(b)); \
+tt_int_op(buf_datalen(TO_CONN(conn)-outbuf), ==, (n)); \
+if ((n)) { \
+ fetch_from_buf(b, (n), TO_CONN(conn)-outbuf);\
+ test_memeq(b, (s), (n)); \
+} \
+ } while (0)
+
+ (void) arg;
+ MOCK(connection_write_to_buf_impl_,
+ connection_write_to_buf_impl_replacement);
+ /* Use same authenticators as for test_ext_or_cookie_auth_testvec */
+ memcpy(ext_or_auth_cookie, Gliding wrapt in a brown mantle, , 32);
+ ext_or_auth_cookie_is_set = 1;
+
+ init_connection_lists();
+
+ conn = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
+ tt_int_op(0, ==, connection_ext_or_start_auth(conn));
+ /* The server starts by telling us about the one supported authtype. */
+ CONTAINS(\x01\x00, 2);
+ /* Say the client hasn't responded yet. */
+ tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+ /* Let's say the client replies badly. */
+ WRITE(\x99, 1);
+ tt_int_op(-1, ==, connection_ext_or_process_inbuf(conn));
+ CONTAINS(, 0);
+ tt_assert(TO_CONN(conn)-marked_for_close);
+ close_closeable_connections();
+ conn = NULL;
+
+ /* Okay, try again. */
+ conn = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
+ tt_int_op(0, ==, connection_ext_or_start_auth(conn));
+ CONTAINS(\x01\x00, 2);
+ /* Let's say the client replies sensibly this time. Yes, AUTHTYPE_COOKIE
+ * sounds delicious. Let's have some of that! */
+ WRITE(\x01, 1);
+ /* Let's say that the client also sends part of a nonce. */
+ WRITE(But when I look , 16);
+ tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+ CONTAINS(, 0);
+ tt_int_op(TO_CONN(conn)-state, ==,
+EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE);
+ /* Pump it again. Nothing should happen. */
+ tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+ /* send the rest of the nonce. */
+ WRITE(ahead up the whi, 16);
+ MOCK(crypto_rand, crypto_rand_return_tse_str);
+ tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+ UNMOCK(crypto_rand);
+ /* We should get the right reply from the server. */
+ CONTAINS(\xec\x80\xed\x6e\x54\x6d\x3b\x36\xfd\xfc\x22\xfe\x13\x15\x41\x6b
+ \x02\x9f\x1a\xde\x76\x10\xd9\x10\x87\x8b\x62\xee\xb7\x40\x38\x21
+ te road There is always another , 64);
+ /* Send the wrong response. */
+ WRITE(not with a bang but a whimper..., 32);
+ MOCK(control_event_bootstrap_problem, ignore_bootstrap_problem);
+ tt_int_op(-1, ==, connection_ext_or_process_inbuf(conn));
+ CONTAINS(\x00, 1);
+ tt_assert(TO_CONN(conn)-marked_for_close);
+ /* Hold-open-until-flushed. */
+ close_closeable_connections();
+ conn = NULL;
+ UNMOCK(control_event_bootstrap_problem);
+
+ /* Okay, this time let's succeed. */
+ conn = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
+ tt_int_op(0, ==, connection_ext_or_start_auth(conn));
+ CONTAINS(\x01\x00, 2);
+ WRITE(\x01, 1);
+ WRITE(But when I look ahead up the whi, 32);
+ MOCK(crypto_rand, crypto_rand_return_tse_str);
+ tt_int_op(0, ==, connection_ext_or_process_inbuf(conn));
+ UNMOCK(crypto_rand);
+ tt_int_op(TO_CONN(conn)-state, ==, EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH);
+ CONTAINS(\xec\x80\xed\x6e\x54\x6d\x3b\x36\xfd\xfc\x22\xfe\x13\x15\x41\x6b
+ \x02\x9f\x1a\xde\x76\x10\xd9\x10\x87\x8b\x62\xee\xb7\x40\x38\x21
+ te road There is always another , 64);
+ /* Send the right response this time. */
[tor-commits] [tor/master] Add guards to ext_orport.h, rename get_file to get_file_name
commit e4a241af11dce61d8722b74ad41d6ea0bec44ef1
Author: Nick Mathewson ni...@torproject.org
Date: Tue Jul 16 13:42:25 2013 -0400
Add guards to ext_orport.h, rename get_file to get_file_name
---
src/or/ext_orport.c |4 ++--
src/or/ext_orport.h | 13 -
src/or/transports.c |2 +-
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 8fd9b77..cd8ab2d 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -113,7 +113,7 @@ static char ext_or_auth_cookie[EXT_OR_PORT_AUTH_COOKIE_LEN]
= {0};
/** Helper: Return a newly allocated string containing a path to the
* file where we store our authentication cookie. */
char *
-get_ext_or_auth_cookie_file(void)
+get_ext_or_auth_cookie_file_name(void)
{
const or_options_t *options = get_options();
if (options-ExtORPortCookieAuthFile
@@ -153,7 +153,7 @@ init_ext_or_cookie_authentication(int is_enabled)
memcpy(cookie_file_string+EXT_OR_PORT_AUTH_COOKIE_HEADER_LEN,
ext_or_auth_cookie, EXT_OR_PORT_AUTH_COOKIE_LEN);
- fname = get_ext_or_auth_cookie_file();
+ fname = get_ext_or_auth_cookie_file_name();
if (write_bytes_to_file(fname, cookie_file_string,
EXT_OR_PORT_AUTH_COOKIE_FILE_LEN, 1)) {
log_warn(LD_FS,Error writing authentication cookie to %s.,
diff --git a/src/or/ext_orport.h b/src/or/ext_orport.h
index a7038b9..89c3032 100644
--- a/src/or/ext_orport.h
+++ b/src/or/ext_orport.h
@@ -1,3 +1,12 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2013, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#ifndef EXT_ORPORT_H
+#define EXT_ORPORT_H
+
int connection_ext_or_start_auth(or_connection_t *or_conn);
ext_or_cmd_t *ext_or_cmd_new(uint16_t len);
@@ -10,5 +19,7 @@ int connection_ext_or_finished_flushing(or_connection_t
*conn);
int connection_ext_or_process_inbuf(or_connection_t *or_conn);
int init_ext_or_cookie_authentication(int is_enabled);
-char *get_ext_or_auth_cookie_file(void);
+char *get_ext_or_auth_cookie_file_name(void);
+
+#endif
diff --git a/src/or/transports.c b/src/or/transports.c
index 196e18b..01a490f 100644
--- a/src/or/transports.c
+++ b/src/or/transports.c
@@ -1265,7 +1265,7 @@ create_managed_proxy_environment(const managed_proxy_t
*mp)
if (options-ExtORPort_lines) {
char *ext_or_addrport_tmp =
get_first_listener_addrport_string(CONN_TYPE_EXT_OR_LISTENER);
- char *cookie_file_loc = get_ext_or_auth_cookie_file();
+ char *cookie_file_loc = get_ext_or_auth_cookie_file_name();
smartlist_add_asprintf(envs, TOR_PT_EXTENDED_SERVER_PORT=%s,
ext_or_addrport_tmp);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix hash functions for transport_name in client entry
commit 34d02484c06f26653563176e4b5db2829ae4bc23
Author: Nick Mathewson ni...@torproject.org
Date: Tue Jul 16 13:59:31 2013 -0400
Fix hash functions for transport_name in client entry
---
src/or/geoip.c | 17 +
1 file changed, 5 insertions(+), 12 deletions(-)
diff --git a/src/or/geoip.c b/src/or/geoip.c
index b4f54d4..21dceed 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -486,23 +486,16 @@ static HT_HEAD(clientmap, clientmap_entry_t)
client_history =
static INLINE unsigned
clientmap_entry_hash(const clientmap_entry_t *a)
{
- return ht_improve_hash(tor_addr_hash(a-addr));
+ unsigned h = tor_addr_hash(a-addr);
+ if (a-transport_name)
+h += ht_string_hash(a-transport_name);
+ return ht_improve_hash(h);
}
/** Hashtable helper: compare two clientmap_entry_t values for equality. */
static INLINE int
clientmap_entries_eq(const clientmap_entry_t *a, const clientmap_entry_t *b)
{
- /* If one entry contains a transport and the other doesn't, then
- they are not equal. */
- if (a-transport_name !b-transport_name)
-return 0;
- if (!a-transport_name b-transport_name)
-return 0;
- /* If entries contain different transports, they they are not
- equal. */
- if (a-transport_name
- b-transport_name
- strcmp(a-transport_name, b-transport_name))
+ if (strcmp_opt(a-transport_name, b-transport_name))
return 0;
return !tor_addr_compare(a-addr, b-addr, CMP_EXACT)
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Unit tests for ext_or_id_map.
commit c342ea98791ccbeb67b1255816ca2e92167cefb0
Author: Nick Mathewson ni...@torproject.org
Date: Thu Jul 18 15:51:29 2013 -0400
Unit tests for ext_or_id_map.
---
src/or/connection.c |3 ++-
src/or/connection.h |4 +++
src/or/connection_or.c| 10 +++
src/or/ext_orport.h |1 +
src/test/include.am |1 +
src/test/test.c |2 ++
src/test/test_extorport.c | 65 +
src/test/test_options.c |3 ++-
8 files changed, 87 insertions(+), 2 deletions(-)
diff --git a/src/or/connection.c b/src/or/connection.c
index 57a9c58..f1d7961 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -10,6 +10,7 @@
* on connections.
**/
+#define CONNECTION_PRIVATE
#include or.h
#include buffers.h
/*
@@ -458,7 +459,7 @@ connection_link_connections(connection_t *conn_a,
connection_t *conn_b)
* necessary, close its socket if necessary, and mark the directory as dirty
* if bconn/b is an OR or OP connection.
*/
-static void
+STATIC void
connection_free_(connection_t *conn)
{
void *mem;
diff --git a/src/or/connection.h b/src/or/connection.h
index 5ca8ca3..19f11c7 100644
--- a/src/or/connection.h
+++ b/src/or/connection.h
@@ -214,5 +214,9 @@ void connection_enable_rate_limiting(connection_t *conn);
#define connection_type_uses_bufferevent(c) (0)
#endif
+#ifdef CONNECTION_PRIVATE
+STATIC void connection_free_(connection_t *conn);
+#endif
+
#endif
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 3711cfe..a55ca3a 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -197,6 +197,16 @@ connection_or_remove_from_ext_or_id_map(or_connection_t
*conn)
memset(conn-ext_or_conn_id, 0, EXT_OR_CONN_ID_LEN);
}
+/** Return the connection whose ext_or_id is bid/b. Return NULL if no such
+ * connection is found. */
+or_connection_t *
+connection_or_get_by_ext_or_id(const char *id)
+{
+ if (!orconn_ext_or_id_map)
+return NULL;
+ return digestmap_get(orconn_ext_or_id_map, id);
+}
+
/** Deallocate the global Extended ORPort identifier list */
void
connection_or_clear_ext_or_id_map(void)
diff --git a/src/or/ext_orport.h b/src/or/ext_orport.h
index 89c3032..92ace77 100644
--- a/src/or/ext_orport.h
+++ b/src/or/ext_orport.h
@@ -14,6 +14,7 @@ void ext_or_cmd_free(ext_or_cmd_t *cmd);
void connection_or_set_ext_or_identifier(or_connection_t *conn);
void connection_or_remove_from_ext_or_id_map(or_connection_t *conn);
void connection_or_clear_ext_or_id_map(void);
+or_connection_t *connection_or_get_by_ext_or_id(const char *id);
int connection_ext_or_finished_flushing(or_connection_t *conn);
int connection_ext_or_process_inbuf(or_connection_t *or_conn);
diff --git a/src/test/include.am b/src/test/include.am
index 8718ce7..74311ac 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -26,6 +26,7 @@ src_test_test_SOURCES = \
src/test/test_cell_queue.c \
src/test/test_data.c \
src/test/test_dir.c \
+ src/test/test_extorport.c \
src/test/test_introduce.c \
src/test/test_microdesc.c \
src/test/test_options.c \
diff --git a/src/test/test.c b/src/test/test.c
index a436688..851ddf0 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1569,6 +1569,7 @@ extern struct testcase_t circuitlist_tests[];
extern struct testcase_t cell_queue_tests[];
extern struct testcase_t options_tests[];
extern struct testcase_t socks_tests[];
+extern struct testcase_t extorport_tests[];
static struct testgroup_t testgroups[] = {
{ , test_array },
@@ -1588,6 +1589,7 @@ static struct testgroup_t testgroups[] = {
{ introduce/, introduce_tests },
{ circuitlist/, circuitlist_tests },
{ options/, options_tests },
+ { extorport/, extorport_tests },
END_OF_GROUPS
};
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
new file mode 100644
index 000..cfe810e
--- /dev/null
+++ b/src/test/test_extorport.c
@@ -0,0 +1,65 @@
+/* Copyright (c) 2013, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define CONNECTION_PRIVATE
+#include or.h
+#include connection.h
+#include ext_orport.h
+#include test.h
+
+/* Test connection_or_remove_from_ext_or_id_map and
+ * connection_or_set_ext_or_identifier */
+static void
+test_ext_or_id_map(void *arg)
+{
+ or_connection_t *c1 = NULL, *c2 = NULL, *c3 = NULL;
+ char *idp = NULL, *idp2 = NULL;
+ (void)arg;
+
+ /* pre-initialization */
+ tt_ptr_op(NULL, ==, connection_or_get_by_ext_or_id());
+
+ c1 = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
+ c2 = or_connection_new(CONN_TYPE_EXT_OR, AF_INET);
+ c3 = or_connection_new(CONN_TYPE_OR, AF_INET);
+
+ tt_ptr_op(c1-ext_or_conn_id, !=, NULL);
+ tt_ptr_op(c2-ext_or_conn_id, !=, NULL);
+ tt_ptr_op(c3-ext_or_conn_id, ==, NULL);
+
+ tt_ptr_op(c1, ==, connection_or_get_by_ext_or_id(c1-ext_or_conn_id));
+ tt_ptr_op(c2, ==,
[tor-commits] [tor/master] Fix a variety of issues in 4773
commit 550af7be0ae49f98d6ee7724934de115c80de4a9
Author: Nick Mathewson ni...@torproject.org
Date: Tue Jul 16 13:54:10 2013 -0400
Fix a variety of issues in 4773
memwipe some stack-allocated stuff
Add DOCDOC comments for state machines
Use memdup_nulterm as appropriate
Check for NULs in useraddr
Add a macro so that = AUTH_MAX has a meaning.
---
src/or/ext_orport.c | 30 ++
1 file changed, 26 insertions(+), 4 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 72dbaa5..7dfe624 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -165,6 +165,7 @@ init_ext_or_cookie_authentication(int is_enabled)
log_info(LD_GENERAL, Generated Extended ORPort cookie file in '%s'.,
fname);
+ memwipe(cookie_file_string, 0, sizeof(cookie_file_string));
tor_free(fname);
return 0;
}
@@ -223,6 +224,9 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
EXT_OR_PORT_AUTH_NONCE_LEN, conn) 0)
return -1;
+ /* DOCDOC comment this function more, with comments about what the
+ * protocol is. */
+
/* Get our nonce */
if (crypto_rand(server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN) 0)
return -1;
@@ -271,6 +275,9 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
with the hash sent by the client. */
TO_OR_CONN(conn)-ext_or_auth_correct_client_hash = correct_client_hash;
+memwipe(hmac_s_msg, 0, hmac_s_msg_len);
+memwipe(hmac_c_msg, 0, hmac_c_msg_len);
+
tor_free(hmac_s_msg);
tor_free(hmac_c_msg);
}
@@ -290,6 +297,10 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
log_debug(LD_GENERAL,
server_hash: '%s'\nserver_nonce: '%s'\nclient_nonce: '%s',
server_hash_encoded, server_nonce_encoded, client_nonce_encoded);
+
+memwipe(server_hash_encoded, 0, sizeof(server_hash_encoded));
+memwipe(server_nonce_encoded, 0, sizeof(server_nonce_encoded));
+memwipe(client_nonce_encoded, 0, sizeof(client_nonce_encoded));
}
{ /* write reply: (server_hash, server_nonce) */
@@ -297,6 +308,7 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
memcpy(reply + EXT_OR_PORT_AUTH_HASH_LEN, server_nonce,
EXT_OR_PORT_AUTH_NONCE_LEN);
connection_write_to_buf(reply, sizeof(reply), conn);
+memwipe(reply, 0, sizeof(reply));
}
log_debug(LD_GENERAL, Got client nonce, and sent our own nonce and hash.);
@@ -362,6 +374,8 @@ connection_ext_or_auth_process_inbuf(or_connection_t
*or_conn)
{
connection_t *conn = TO_CONN(or_conn);
+ /* DOCDOC Document the state machine here! */
+
switch (conn-state) { /* Functionify */
case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE:
return connection_ext_or_auth_neg_auth_type(conn);
@@ -406,9 +420,12 @@ connection_ext_or_handle_cmd_useraddr(connection_t *conn,
char *addr_str;
char *address_part=NULL;
int res;
- addr_str = tor_malloc(len + 1);
- memcpy(addr_str, payload, len);
- addr_str[len] = 0;
+ if (memchr(payload, '\0', len)) {
+log_fn(LOG_PROTOCOL_WARN, LD_NET, Unexpected NUL in ExtORPort UserAddr);
+return -1;
+ }
+
+ addr_str = tor_memdup_nulterm(payload, len);
res = tor_addr_port_split(LOG_INFO, addr_str, address_part, port);
tor_free(addr_str);
@@ -470,6 +487,9 @@ connection_ext_or_handle_cmd_transport(or_connection_t
*conn,
return 0;
}
+#define EXT_OR_CONN_STATE_IS_AUTHENTICATING(st) \
+ ((st) = EXT_OR_CONN_STATE_AUTH_MAX)
+
/** Process Extended ORPort messages from bor_conn/b. */
int
connection_ext_or_process_inbuf(or_connection_t *or_conn)
@@ -478,9 +498,11 @@ connection_ext_or_process_inbuf(or_connection_t *or_conn)
ext_or_cmd_t *command;
int r;
+ /* DOCDOC Document the state machine and transitions in this function */
+
/* If we are still in the authentication stage, process traffic as
authentication data: */
- while (conn-state = EXT_OR_CONN_STATE_AUTH_MAX) {
+ while (EXT_OR_CONN_STATE_IS_AUTHENTICATING(conn-state)) {
log_debug(LD_GENERAL, Got Extended ORPort authentication data (%u).,
(unsigned int) connection_get_inbuf_len(conn));
r = connection_ext_or_auth_process_inbuf(or_conn);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Split out buffers and socks tests into separate modules.
commit 7a12cbc03d8fda94c9387a1976ad2ffc30b4b5b7
Author: Nick Mathewson ni...@torproject.org
Date: Wed Jul 17 17:31:27 2013 -0400
Split out buffers and socks tests into separate modules.
No other changes were made here. Keeping everything in
src/test/test.c was a legacy of back when we had all our unit tests in
one big file.
Doing this now because I'm adding an ext_or_command test.
---
src/test/include.am |2 +
src/test/test.c | 640 +--
src/test/test_buffers.c | 266
src/test/test_socks.c | 393 +
4 files changed, 664 insertions(+), 637 deletions(-)
diff --git a/src/test/include.am b/src/test/include.am
index 6271909..8718ce7 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -18,6 +18,7 @@ src_test_AM_CPPFLAGS = -DSHARE_DATADIR=\$(datadir)\ \
src_test_test_SOURCES = \
src/test/test.c \
src/test/test_addr.c \
+ src/test/test_buffers.c \
src/test/test_cell_formats.c \
src/test/test_circuitlist.c \
src/test/test_containers.c \
@@ -30,6 +31,7 @@ src_test_test_SOURCES = \
src/test/test_options.c \
src/test/test_pt.c \
src/test/test_replay.c \
+ src/test/test_socks.c \
src/test/test_util.c \
src/test/test_config.c \
src/ext/tinytest.c
diff --git a/src/test/test.c b/src/test/test.c
index e0c6772..a436688 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -28,7 +28,6 @@ const char tor_git_revision[] = ;
/* These macros pull in declarations for some functions and structures that
* are typically file-private. */
-#define BUFFERS_PRIVATE
#define GEOIP_PRIVATE
#define ROUTER_PRIVATE
#define CIRCUITSTATS_PRIVATE
@@ -42,7 +41,6 @@ long int lround(double x);
double fabs(double x);
#include or.h
-#include buffers.h
#include circuitstats.h
#include config.h
#include connection_edge.h
@@ -215,622 +213,6 @@ free_pregenerated_keys(void)
}
}
-typedef struct socks_test_data_t {
- socks_request_t *req;
- buf_t *buf;
-} socks_test_data_t;
-
-static void *
-socks_test_setup(const struct testcase_t *testcase)
-{
- socks_test_data_t *data = tor_malloc(sizeof(socks_test_data_t));
- (void)testcase;
- data-buf = buf_new_with_capacity(256);
- data-req = socks_request_new();
- config_register_addressmaps(get_options());
- return data;
-}
-static int
-socks_test_cleanup(const struct testcase_t *testcase, void *ptr)
-{
- socks_test_data_t *data = ptr;
- (void)testcase;
- buf_free(data-buf);
- socks_request_free(data-req);
- tor_free(data);
- return 1;
-}
-
-const struct testcase_setup_t socks_setup = {
- socks_test_setup, socks_test_cleanup
-};
-
-#define SOCKS_TEST_INIT() \
- socks_test_data_t *testdata = ptr;\
- buf_t *buf = testdata-buf; \
- socks_request_t *socks = testdata-req;
-#define ADD_DATA(buf, s)\
- write_to_buf(s, sizeof(s)-1, buf)
-
-static void
-socks_request_clear(socks_request_t *socks)
-{
- tor_free(socks-username);
- tor_free(socks-password);
- memset(socks, 0, sizeof(socks_request_t));
-}
-
-/** Perform unsupported SOCKS 4 commands */
-static void
-test_socks_4_unsupported_commands(void *ptr)
-{
- SOCKS_TEST_INIT();
-
- /* SOCKS 4 Send BIND [02] to IP address 2.2.2.2:4369 */
- ADD_DATA(buf, \x04\x02\x11\x11\x02\x02\x02\x02\x00);
- test_assert(fetch_from_buf_socks(buf, socks, get_options()-TestSocks,
- get_options()-SafeSocks) == -1);
- test_eq(4, socks-socks_version);
- test_eq(0, socks-replylen); /* XXX: shouldn't tor reply? */
-
- done:
- ;
-}
-
-/** Perform supported SOCKS 4 commands */
-static void
-test_socks_4_supported_commands(void *ptr)
-{
- SOCKS_TEST_INIT();
-
- test_eq(0, buf_datalen(buf));
-
- /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4370 */
- ADD_DATA(buf, \x04\x01\x11\x12\x02\x02\x02\x03\x00);
- test_assert(fetch_from_buf_socks(buf, socks, get_options()-TestSocks,
- get_options()-SafeSocks) == 1);
- test_eq(4, socks-socks_version);
- test_eq(0, socks-replylen); /* XXX: shouldn't tor reply? */
- test_eq(SOCKS_COMMAND_CONNECT, socks-command);
- test_streq(2.2.2.3, socks-address);
- test_eq(4370, socks-port);
- test_assert(socks-got_auth == 0);
- test_assert(! socks-username);
-
- test_eq(0, buf_datalen(buf));
- socks_request_clear(socks);
-
- /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4369 with userid*/
- ADD_DATA(buf, \x04\x01\x11\x12\x02\x02\x02\x04me\x00);
- test_assert(fetch_from_buf_socks(buf, socks, get_options()-TestSocks,
- get_options()-SafeSocks) == 1);
- test_eq(4, socks-socks_version);
- test_eq(0, socks-replylen); /* XXX: shouldn't tor reply? */
- test_eq(SOCKS_COMMAND_CONNECT, socks-command);
- test_streq(2.2.2.4, socks-address);
- test_eq(4370,
[tor-commits] [tor/master] Write some free_all functions to free the auth. cookies.
commit f549e4c36d0658b6255d3b9cf7c56131d4a37a57
Author: George Kadianakis desnac...@riseup.net
Date: Wed Aug 14 17:16:06 2013 +0300
Write some free_all functions to free the auth. cookies.
We started allocating space for them on the heap in the previous
commit.
Conflicts:
src/or/ext_orport.h
---
src/or/control.c|8
src/or/control.h|1 +
src/or/ext_orport.c |8
src/or/ext_orport.h |1 +
src/or/main.c |3 +++
5 files changed, 21 insertions(+)
diff --git a/src/or/control.c b/src/or/control.c
index b6ba127..03b42af 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -4750,3 +4750,11 @@ control_event_clients_seen(const char *controller_str)
650 CLIENTS_SEEN %s\r\n, controller_str);
}
+/** Free any leftover allocated memory of the control.c subsystem. */
+void
+control_free_all(void)
+{
+ if (authentication_cookie) /* Free the auth cookie */
+tor_free(authentication_cookie);
+}
+
diff --git a/src/or/control.h b/src/or/control.h
index 3b2004b..be9476e 100644
--- a/src/or/control.h
+++ b/src/or/control.h
@@ -89,6 +89,7 @@ MOCK_DECL(void, control_event_bootstrap_problem,(const char
*warn,
int reason));
void control_event_clients_seen(const char *controller_str);
+void control_free_all(void);
#ifdef CONTROL_PRIVATE
/* Used only by control.c and test.c */
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 272fef4..fdcecac 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -633,3 +633,11 @@ connection_ext_or_start_auth(or_connection_t *or_conn)
return 0;
}
+/** Free any leftover allocated memory of the ext_orport.c subsystem. */
+void
+ext_orport_free_all(void)
+{
+ if (ext_or_auth_cookie) /* Free the auth cookie */
+tor_free(ext_or_auth_cookie);
+}
+
diff --git a/src/or/ext_orport.h b/src/or/ext_orport.h
index 37874b5..ce45e5f 100644
--- a/src/or/ext_orport.h
+++ b/src/or/ext_orport.h
@@ -21,6 +21,7 @@ int connection_ext_or_process_inbuf(or_connection_t *or_conn);
int init_ext_or_cookie_authentication(int is_enabled);
char *get_ext_or_auth_cookie_file_name(void);
+void ext_orport_free_all(void);
#ifdef EXT_ORPORT_PRIVATE
STATIC int connection_write_ext_or_command(connection_t *conn,
diff --git a/src/or/main.c b/src/or/main.c
index d8f86bc..33e1c64 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -52,6 +52,7 @@
#include routerparse.h
#include statefile.h
#include status.h
+#include ext_orport.h
#ifdef USE_DMALLOC
#include dmalloc.h
#include openssl/crypto.h
@@ -2510,6 +2511,8 @@ tor_free_all(int postfork)
memarea_clear_freelist();
nodelist_free_all();
microdesc_free_all();
+ ext_orport_free_all();
+ control_free_all();
if (!postfork) {
config_free_all();
or_state_free_all();
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] More unit tests for handle_client_auth_nonce
commit fd6749203ed9ca27263e895b53a12a6d15878cdd
Author: Nick Mathewson ni...@torproject.org
Date: Thu Aug 1 12:13:09 2013 -0400
More unit tests for handle_client_auth_nonce
Incidentally, this business here where I make crypto_rand mockable:
this is exactly the kind of thing that would make me never want to
include test-support stuff in production builds.
---
src/common/crypto.c |4 +--
src/common/crypto.h |2 +-
src/test/test_extorport.c | 78 -
3 files changed, 80 insertions(+), 4 deletions(-)
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 730ce08..6f1a0bc 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2404,8 +2404,8 @@ crypto_seed_rng(int startup)
/** Write bn/b bytes of strong random data to bto/b. Return 0 on
* success, -1 on failure.
*/
-int
-crypto_rand(char *to, size_t n)
+MOCK_IMPL(int,
+crypto_rand, (char *to, size_t n))
{
int r;
tor_assert(n INT_MAX);
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 651d553..2750ed8 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -248,7 +248,7 @@ int crypto_expand_key_material_rfc5869_sha256(
/* random numbers */
int crypto_seed_rng(int startup);
-int crypto_rand(char *to, size_t n);
+MOCK_DECL(int,crypto_rand,(char *to, size_t n));
int crypto_strongest_rand(uint8_t *out, size_t out_len);
int crypto_rand_int(unsigned int max);
uint64_t crypto_rand_uint64(uint64_t max);
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index 2caf2ac..a3c0dfa 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -147,7 +147,7 @@ test_ext_or_write_command(void *arg)
static void
test_ext_or_cookie_auth(void *arg)
{
- char *reply=NULL, *client_hash=NULL;
+ char *reply=NULL, *reply2=NULL, *client_hash=NULL, *client_hash2=NULL;
size_t reply_len=0;
char hmac1[32], hmac2[32];
@@ -209,15 +209,91 @@ test_ext_or_cookie_auth(void *arg)
test_memeq(hmac1, reply, 32);
test_memeq(hmac2, client_hash, 32);
+ /* Now do it again and make sure that the results are *different* */
+ tt_int_op(0, ==,
+handle_client_auth_nonce(client_nonce, 32, client_hash2, reply2,
+ reply_len));
+ test_memneq(reply2, reply, reply_len);
+ test_memneq(client_hash2, client_hash, 32);
+ /* But that this one checks out too. */
+ memcpy(server_hash_input+46+32, reply2+32, 32);
+ memcpy(client_hash_input+46+32, reply2+32, 32);
+ /* Check the HMACs are correct... */
+ crypto_hmac_sha256(hmac1, ext_or_auth_cookie, 32, server_hash_input,
+ 46+32+32);
+ crypto_hmac_sha256(hmac2, ext_or_auth_cookie, 32, client_hash_input,
+ 46+32+32);
+ test_memeq(hmac1, reply2, 32);
+ test_memeq(hmac2, client_hash2, 32);
+
+ done:
+ tor_free(reply);
+ tor_free(client_hash);
+ tor_free(reply2);
+ tor_free(client_hash2);
+}
+
+static int
+crypto_rand_return_tse_str(char *to, size_t n)
+{
+ if (n != 32) {
+TT_FAIL((Asked for %d bytes, not 32, (int)n));
+return -1;
+ }
+ memcpy(to, te road There is always another , 32);
+ return 0;
+}
+
+static void
+test_ext_or_cookie_auth_testvec(void *arg)
+{
+ char *reply=NULL, *client_hash=NULL;
+ size_t reply_len;
+ char *mem_op_hex_tmp=NULL;
+
+ const char client_nonce[] = But when I look ahead up the whi;
+ (void)arg;
+
+ memcpy(ext_or_auth_cookie, Gliding wrapt in a brown mantle, , 32);
+ ext_or_auth_cookie_is_set = 1;
+
+ MOCK(crypto_rand, crypto_rand_return_tse_str);
+
+ tt_int_op(0, ==,
+handle_client_auth_nonce(client_nonce, 32, client_hash, reply,
+ reply_len));
+ tt_ptr_op(reply, !=, NULL );
+ tt_ptr_op(reply_len, ==, 64);
+ test_memeq(reply+32, te road There is always another , 32);
+ /* HMACSHA256(Gliding wrapt in a brown mantle,
+ * ExtORPort authentication server-to-client hash
+ * But when I look ahead up the write road There is always another );
+ */
+ test_memeq_hex(reply,
+ ec80ed6e546d3b36fdfc22fe1315416b
+ 029f1ade7610d910878b62eeb7403821);
+ /* HMACSHA256(Gliding wrapt in a brown mantle,
+ * ExtORPort authentication client-to-server hash
+ * But when I look ahead up the write road There is always another );
+ * (Both values computed using Python CLI.)
+ */
+ test_memeq_hex(client_hash,
+ ab391732dd2ed968cd40c087d1b1f25b
+ 33b3cd77ff79bd80c2074bbf438119a2);
+
done:
+ UNMOCK(crypto_rand);
tor_free(reply);
tor_free(client_hash);
+ tor_free(mem_op_hex_tmp);
}
struct testcase_t extorport_tests[] = {
{ id_map, test_ext_or_id_map, TT_FORK, NULL, NULL },
{ write_command, test_ext_or_write_command, TT_FORK, NULL, NULL },
{ cookie_auth, test_ext_or_cookie_auth, TT_FORK, NULL, NULL },
+ { cookie_auth_testvec, test_ext_or_cookie_auth_testvec, TT_FORK,
+NULL, NULL },
END_OF_TESTCASES
[tor-commits] [tor/master] If a single client connects with multiple transports, note all transports.
commit 6ad535e6dca8e9e284a0fa3384679756dca34a87
Author: George Kadianakis desnac...@riseup.net
Date: Thu Jun 27 18:27:44 2013 +0300
If a single client connects with multiple transports, note all transports.
---
src/or/geoip.c | 19 +++
src/test/test.c |7 ++-
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/src/or/geoip.c b/src/or/geoip.c
index 737512f..866f6a7 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -492,6 +492,19 @@ clientmap_entry_hash(const clientmap_entry_t *a)
static INLINE int
clientmap_entries_eq(const clientmap_entry_t *a, const clientmap_entry_t *b)
{
+ /* If one entry contains a transport and the other doesn't, then
+ they are not equal. */
+ if (a-transport_name !b-transport_name)
+return 0;
+ if (!a-transport_name b-transport_name)
+return 0;
+ /* If entries contain different transports, they they are not
+ equal. */
+ if (a-transport_name
+ b-transport_name
+ strcmp(a-transport_name, b-transport_name))
+return 0;
+
return !tor_addr_compare(a-addr, b-addr, CMP_EXACT)
a-action == b-action;
}
@@ -529,6 +542,8 @@ geoip_note_client_seen(geoip_client_action_t action,
{
const or_options_t *options = get_options();
clientmap_entry_t lookup, *ent;
+ memset(lookup, 0, sizeof(clientmap_entry_t));
+
if (action == GEOIP_CLIENT_CONNECT) {
/* Only remember statistics as entry guard or as bridge. */
if (!options-EntryStatistics
@@ -546,7 +561,11 @@ geoip_note_client_seen(geoip_client_action_t action,
tor_addr_copy(lookup.addr, addr);
lookup.action = (int)action;
+ if (transport_name)
+lookup.transport_name = tor_strdup(transport_name);
ent = HT_FIND(clientmap, client_history, lookup);
+ tor_free(lookup.transport_name);
+
if (! ent) {
ent = tor_malloc_zero(sizeof(clientmap_entry_t));
tor_addr_copy(ent-addr, addr);
diff --git a/src/test/test.c b/src/test/test.c
index 822f93a..e0c6772 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1944,10 +1944,15 @@ test_geoip_with_pt(void)
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, entropy, now-7200);
}
+ /* 2 connections from the same IP with two different transports. */
+ SET_TEST_ADDRESS(++i);
+ geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, fire, now-7200);
+ geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, google, now-7200);
+
/* Test the transport history string. */
s = geoip_get_transport_history();
tor_assert(s);
- test_streq(s, OR=8,alpha=16,beta=8,charlie=16,ddr=136,entropy=8);
+ test_streq(s,
OR=8,alpha=16,beta=8,charlie=16,ddr=136,entropy=8,fire=8,google=8);
/* Stop collecting entry statistics. */
geoip_entry_stats_term();
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix some #5040 bugs found by Nick's tests.
commit 794447d03db263a0b887db53fc6bcd2c8d24eb71
Author: George Kadianakis desnac...@riseup.net
Date: Mon Aug 5 19:08:14 2013 +0300
Fix some #5040 bugs found by Nick's tests.
- Set conn-address when we receive a USERADDR command.
- Set conn-state to a sane value when we transition from Extended
ORPort to ORPort.
---
src/or/ext_orport.c |5 +
src/test/test_extorport.c |5 +
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index fdcecac..d5a0fa1 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -80,6 +80,7 @@ connection_ext_or_transition(or_connection_t *conn)
tor_assert(conn-base_.type == CONN_TYPE_EXT_OR);
conn-base_.type = CONN_TYPE_OR;
+ TO_CONN(conn)-state = 0; // set the state to a neutral value
control_event_or_conn_status(conn, OR_CONN_EVENT_NEW, 0);
connection_tls_start_handshake(conn, 1);
}
@@ -474,6 +475,10 @@ connection_ext_or_handle_cmd_useraddr(connection_t *conn,
/* record the address */
tor_addr_copy(conn-addr, addr);
conn-port = port;
+ if (conn-address) {
+tor_free(conn-address);
+ }
+ conn-address = tor_dup_addr(addr);
return 0;
}
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index e76808f..b32ca35 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -505,10 +505,7 @@ test_ext_or_handshake(void *arg)
tt_int_op(is_reading,==,1);
tt_int_op(handshake_start_called,==,1);
tt_int_op(TO_CONN(conn)-type, ==, CONN_TYPE_OR);
- /* X the state is now nonsensical! It should be set to something
- * neutral (zero?) before we connection_or_change_state; right now
- * it's EXT_OR_CONN_STATE_FLUSHING */
- /* tt_int_op(TO_CONN(conn)-state, ==, 0); */
+ tt_int_op(TO_CONN(conn)-state, ==, 0);
done:
UNMOCK(connection_write_to_buf_impl_);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] White-box tests for the succeeding case of ext_or_port handshake.
commit 28bb673584b3e7e839bebce64bd986c6c4ad1faa
Author: Nick Mathewson ni...@torproject.org
Date: Thu Aug 1 17:29:10 2013 -0400
White-box tests for the succeeding case of ext_or_port handshake.
(Okay, white-box plus mocking enough other functions so they don't
crash.)
---
src/or/connection_or.c|4 +--
src/or/connection_or.h|3 ++-
src/or/main.c | 16 ++--
src/or/main.h |8 +++---
src/test/test_extorport.c | 62 +
5 files changed, 78 insertions(+), 15 deletions(-)
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index a55ca3a..31fd6d6 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1281,8 +1281,8 @@ connection_or_close_for_error(or_connection_t *orconn,
int flush)
*
* Return -1 if bconn/b is broken, else return 0.
*/
-int
-connection_tls_start_handshake(or_connection_t *conn, int receiving)
+MOCK_IMPL(int,
+connection_tls_start_handshake,(or_connection_t *conn, int receiving))
{
channel_listener_t *chan_listener;
channel_t *chan;
diff --git a/src/or/connection_or.h b/src/or/connection_or.h
index 85e68f1..8d93028 100644
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@@ -45,7 +45,8 @@ void connection_or_close_for_error(or_connection_t *orconn,
int flush);
void connection_or_report_broken_states(int severity, int domain);
-int connection_tls_start_handshake(or_connection_t *conn, int receiving);
+MOCK_DECL(int,connection_tls_start_handshake,(or_connection_t *conn,
+ int receiving));
int connection_tls_continue_handshake(or_connection_t *conn);
int connection_init_or_handshake_state(or_connection_t *conn,
diff --git a/src/or/main.c b/src/or/main.c
index 20cc292..d8f86bc 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -519,8 +519,8 @@ connection_is_reading(connection_t *conn)
}
/** Tell the main loop to stop notifying bconn/b of any read events. */
-void
-connection_stop_reading(connection_t *conn)
+MOCK_IMPL(void,
+connection_stop_reading,(connection_t *conn))
{
tor_assert(conn);
@@ -544,8 +544,8 @@ connection_stop_reading(connection_t *conn)
}
/** Tell the main loop to start notifying bconn/b of any read events. */
-void
-connection_start_reading(connection_t *conn)
+MOCK_IMPL(void,
+connection_start_reading,(connection_t *conn))
{
tor_assert(conn);
@@ -584,8 +584,8 @@ connection_is_writing(connection_t *conn)
}
/** Tell the main loop to stop notifying bconn/b of any write events. */
-void
-connection_stop_writing(connection_t *conn)
+MOCK_IMPL(void,
+connection_stop_writing,(connection_t *conn))
{
tor_assert(conn);
@@ -610,8 +610,8 @@ connection_stop_writing(connection_t *conn)
}
/** Tell the main loop to start notifying bconn/b of any write events. */
-void
-connection_start_writing(connection_t *conn)
+MOCK_IMPL(void,
+connection_start_writing,(connection_t *conn))
{
tor_assert(conn);
diff --git a/src/or/main.h b/src/or/main.h
index 4aebe3e..df302ff 100644
--- a/src/or/main.h
+++ b/src/or/main.h
@@ -36,12 +36,12 @@ typedef enum watchable_events {
} watchable_events_t;
void connection_watch_events(connection_t *conn, watchable_events_t events);
int connection_is_reading(connection_t *conn);
-void connection_stop_reading(connection_t *conn);
-void connection_start_reading(connection_t *conn);
+MOCK_DECL(void,connection_stop_reading,(connection_t *conn));
+MOCK_DECL(void,connection_start_reading,(connection_t *conn));
int connection_is_writing(connection_t *conn);
-void connection_stop_writing(connection_t *conn);
-void connection_start_writing(connection_t *conn);
+MOCK_DECL(void,connection_stop_writing,(connection_t *conn));
+MOCK_DECL(void,connection_start_writing,(connection_t *conn));
void connection_stop_reading_from_linked_conn(connection_t *conn);
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index 0452421..1d97557 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -7,6 +7,7 @@
#include or.h
#include buffers.h
#include connection.h
+#include connection_or.h
#include config.h
#include control.h
#include ext_orport.h
@@ -344,6 +345,30 @@ ignore_bootstrap_problem(const char *warn, int reason)
(void)reason;
}
+static int is_reading = 1;
+static int handshake_start_called = 0;
+
+static void
+note_read_stopped(connection_t *conn)
+{
+ (void)conn;
+ is_reading=0;
+}
+static void
+note_read_started(connection_t *conn)
+{
+ (void)conn;
+ is_reading=1;
+}
+static int
+handshake_start(or_connection_t *conn, int receiving)
+{
+ if (!conn || !receiving)
+TT_FAIL((Bad arguments to handshake_start));
+ handshake_start_called = 1;
+ return 0;
+}
+
static void
test_ext_or_handshake(void *arg)
{
@@ -422,6 +447,10 @@ test_ext_or_handshake(void *arg)
conn = NULL;
UNMOCK(control_event_bootstrap_problem);
+ MOCK(connection_start_reading, note_read_started);
+
[tor-commits] [tor/master] Expose/mock some functions to make ext_orport.c testing possible
commit d7358e8598710a4b78274bddd371d036ad0d47ea
Author: Nick Mathewson ni...@torproject.org
Date: Thu Aug 1 13:15:58 2013 -0400
Expose/mock some functions to make ext_orport.c testing possible
---
src/or/control.c |4 ++--
src/or/control.h |3 ++-
src/or/main.c| 23 ---
src/or/main.h|5 +
4 files changed, 25 insertions(+), 10 deletions(-)
diff --git a/src/or/control.c b/src/or/control.c
index faf7942..3a32ea6 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -4699,8 +4699,8 @@ control_event_bootstrap(bootstrap_status_t status, int
progress)
* that indicates a problem. bwarn/b gives a hint as to why, and
* breason/b provides an or_conn_end_reason tag.
*/
-void
-control_event_bootstrap_problem(const char *warn, int reason)
+MOCK_IMPL(void,
+control_event_bootstrap_problem, (const char *warn, int reason))
{
int status = bootstrap_percent;
const char *tag, *summary;
diff --git a/src/or/control.h b/src/or/control.h
index 288c286..3b2004b 100644
--- a/src/or/control.h
+++ b/src/or/control.h
@@ -85,7 +85,8 @@ void enable_control_logging(void);
void monitor_owning_controller_process(const char *process_spec);
void control_event_bootstrap(bootstrap_status_t status, int progress);
-void control_event_bootstrap_problem(const char *warn, int reason);
+MOCK_DECL(void, control_event_bootstrap_problem,(const char *warn,
+ int reason));
void control_event_clients_seen(const char *controller_str);
diff --git a/src/or/main.c b/src/or/main.c
index d172825..20cc292 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -10,6 +10,7 @@
* connections, implements main loop, and drives scheduled events.
**/
+#define MAIN_PRIVATE
#include or.h
#include addressmap.h
#include buffers.h
@@ -412,6 +413,19 @@ connection_unlink(connection_t *conn)
connection_free(conn);
}
+/** Initialize the global connection list, closeable connection list,
+ * and active connection list. */
+STATIC void
+init_connection_lists(void)
+{
+ if (!connection_array)
+connection_array = smartlist_new();
+ if (!closeable_connection_lst)
+closeable_connection_lst = smartlist_new();
+ if (!active_linked_connection_lst)
+active_linked_connection_lst = smartlist_new();
+}
+
/** Schedule bconn/b to be closed. **/
void
add_connection_to_closeable_list(connection_t *conn)
@@ -685,7 +699,7 @@ connection_stop_reading_from_linked_conn(connection_t *conn)
}
/** Close all connections that have been scheduled to get closed. */
-static void
+STATIC void
close_closeable_connections(void)
{
int i;
@@ -2307,12 +2321,7 @@ tor_init(int argc, char *argv[])
char buf[256];
int i, quiet = 0;
time_of_process_start = time(NULL);
- if (!connection_array)
-connection_array = smartlist_new();
- if (!closeable_connection_lst)
-closeable_connection_lst = smartlist_new();
- if (!active_linked_connection_lst)
-active_linked_connection_lst = smartlist_new();
+ init_connection_lists();
/* Have the log set up with our application name. */
tor_snprintf(buf, sizeof(buf), Tor %s, get_version());
log_set_application_name(buf);
diff --git a/src/or/main.h b/src/or/main.h
index 85621a3..4aebe3e 100644
--- a/src/or/main.h
+++ b/src/or/main.h
@@ -69,5 +69,10 @@ int tor_main(int argc, char *argv[]);
int do_main_loop(void);
int tor_init(int argc, char **argv);
+#ifdef MAIN_PRIVATE
+STATIC void init_connection_lists(void);
+STATIC void close_closeable_connections(void);
+#endif
+
#endif
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'bug5040_4773_rebase_3'
commit 74262f157178071ad1bce8e70aae79dc01f3ba5d
Merge: 4ab1012 c5269a5
Author: Nick Mathewson ni...@torproject.org
Date: Thu Aug 15 12:04:56 2013 -0400
Merge branch 'bug5040_4773_rebase_3'
changes/bug5040 |4 +
src/common/crypto.c |4 +-
src/common/crypto.h |2 +-
src/common/util.c |6 +-
src/common/util.h |5 +-
src/or/buffers.c | 59
src/or/buffers.h |8 +
src/or/channel.c |8 +-
src/or/channel.h |2 +
src/or/channeltls.c | 27 ++
src/or/config.c | 103 +-
src/or/config.h |4 +
src/or/connection.c | 65 +++-
src/or/connection.h | 10 +-
src/or/connection_or.c| 82 -
src/or/connection_or.h|3 +-
src/or/control.c | 55 ++--
src/or/control.h |6 +-
src/or/directory.c|4 +-
src/or/ext_orport.c | 648
src/or/ext_orport.h | 42 +++
src/or/geoip.c| 168 +-
src/or/geoip.h|4 +-
src/or/include.am |2 +
src/or/main.c | 42 ++-
src/or/main.h | 13 +-
src/or/or.h | 63 +++-
src/or/transports.c | 22 +-
src/test/include.am |3 +
src/test/test.c | 803 +++--
src/test/test_buffers.c | 342 +++
src/test/test_extorport.c | 604 ++
src/test/test_options.c |3 +-
src/test/test_socks.c | 393 ++
34 files changed, 2828 insertions(+), 781 deletions(-)
diff --cc src/test/include.am
index fb704d7,74311ac..e3f2795
--- a/src/test/include.am
+++ b/src/test/include.am
@@@ -18,9 -18,9 +18,10 @@@ src_test_AM_CPPFLAGS = -DSHARE_DATADIR=
src_test_test_SOURCES = \
src/test/test.c \
src/test/test_addr.c \
+ src/test/test_buffers.c \
src/test/test_cell_formats.c \
src/test/test_circuitlist.c \
+ src/test/test_circuitmux.c \
src/test/test_containers.c \
src/test/test_crypto.c \
src/test/test_cell_queue.c \
diff --cc src/test/test.c
index 60fbfb1,851ddf0..8693180
--- a/src/test/test.c
+++ b/src/test/test.c
@@@ -2133,9 -1566,10 +1566,11 @@@ extern struct testcase_t introduce_test
extern struct testcase_t replaycache_tests[];
extern struct testcase_t cell_format_tests[];
extern struct testcase_t circuitlist_tests[];
+extern struct testcase_t circuitmux_tests[];
extern struct testcase_t cell_queue_tests[];
extern struct testcase_t options_tests[];
+ extern struct testcase_t socks_tests[];
+ extern struct testcase_t extorport_tests[];
static struct testgroup_t testgroups[] = {
{ , test_array },
@@@ -2153,8 -1588,8 +1589,9 @@@
{ replaycache/, replaycache_tests },
{ introduce/, introduce_tests },
{ circuitlist/, circuitlist_tests },
+ { circuitmux/, circuitmux_tests },
{ options/, options_tests },
+ { extorport/, extorport_tests },
END_OF_GROUPS
};
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Unit tests for fetch_ext_or_cmd
commit 7da59721a9963862b7b19dbba4e55d010c296d34
Author: Nick Mathewson ni...@torproject.org
Date: Wed Jul 17 17:51:21 2013 -0400
Unit tests for fetch_ext_or_cmd
---
src/or/buffers.h|4 +++
src/test/test_buffers.c | 76 +++
2 files changed, 80 insertions(+)
diff --git a/src/or/buffers.h b/src/or/buffers.h
index 50ac3dc..48b1185 100644
--- a/src/or/buffers.h
+++ b/src/or/buffers.h
@@ -81,6 +81,8 @@ int fetch_ext_or_command_from_evbuffer(struct evbuffer *buf,
#define generic_buffer_get(b,buf,buflen) evbuffer_remove((b),(buf),(buflen))
#define generic_buffer_clear(b) evbuffer_drain((b), evbuffer_get_length((b)))
#define generic_buffer_free(b) evbuffer_free((b))
+#define generic_buffer_fetch_ext_or_cmd(b, out) \
+ fetch_ext_or_command_from_evbuffer((b), (out))
#else
#define generic_buffer_new() buf_new()
#define generic_buffer_len(b) buf_datalen((b))
@@ -88,6 +90,8 @@ int fetch_ext_or_command_from_evbuffer(struct evbuffer *buf,
#define generic_buffer_get(b,buf,buflen) fetch_from_buf((buf),(buflen),(b))
#define generic_buffer_clear(b) buf_clear((b))
#define generic_buffer_free(b) buf_free((b))
+#define generic_buffer_fetch_ext_or_cmd(b, out) \
+ fetch_ext_or_command_from_buf((b), (out))
#endif
int generic_buffer_set_to_copy(generic_buffer_t **output,
const generic_buffer_t *input);
diff --git a/src/test/test_buffers.c b/src/test/test_buffers.c
index 7a8cf10..a009faa 100644
--- a/src/test/test_buffers.c
+++ b/src/test/test_buffers.c
@@ -6,6 +6,7 @@
#define BUFFERS_PRIVATE
#include or.h
#include buffers.h
+#include ext_orport.h
#include test.h
/** Run unit tests for buffers.c */
@@ -258,9 +259,84 @@ test_buffer_copy(void *arg)
generic_buffer_free(buf2);
}
+static void
+test_buffer_ext_or_cmd(void *arg)
+{
+ ext_or_cmd_t *cmd = NULL;
+ generic_buffer_t *buf = generic_buffer_new();
+ char *tmp = NULL;
+ (void) arg;
+
+ /* Empty -- should give not there. */
+ tt_int_op(0, ==, generic_buffer_fetch_ext_or_cmd(buf, cmd));
+ tt_ptr_op(NULL, ==, cmd);
+
+ /* Three bytes: shouldn't work. */
+ generic_buffer_add(buf, \x00\x20\x00, 3);
+ tt_int_op(0, ==, generic_buffer_fetch_ext_or_cmd(buf, cmd));
+ tt_ptr_op(NULL, ==, cmd);
+ tt_int_op(3, ==, generic_buffer_len(buf));
+
+ /* 0020 : That's a nil command. It should work. */
+ generic_buffer_add(buf, \x00, 1);
+ tt_int_op(1, ==, generic_buffer_fetch_ext_or_cmd(buf, cmd));
+ tt_ptr_op(NULL, !=, cmd);
+ tt_int_op(0x20, ==, cmd-cmd);
+ tt_int_op(0, ==, cmd-len);
+ tt_int_op(0, ==, generic_buffer_len(buf));
+ ext_or_cmd_free(cmd);
+ cmd = NULL;
+
+ /* Now try a length-6 command with one byte missing. */
+ generic_buffer_add(buf, \x10\x21\x00\x06abcde, 9);
+ tt_int_op(0, ==, generic_buffer_fetch_ext_or_cmd(buf, cmd));
+ tt_ptr_op(NULL, ==, cmd);
+ generic_buffer_add(buf, f, 1);
+ tt_int_op(1, ==, generic_buffer_fetch_ext_or_cmd(buf, cmd));
+ tt_ptr_op(NULL, !=, cmd);
+ tt_int_op(0x1021, ==, cmd-cmd);
+ tt_int_op(6, ==, cmd-len);
+ test_mem_op(abcdef, ==, cmd-body, 6);
+ tt_int_op(0, ==, generic_buffer_len(buf));
+ ext_or_cmd_free(cmd);
+ cmd = NULL;
+
+ /* Now try a length-10 command with 4 extra bytes. */
+ generic_buffer_add(buf, \xff\xff\x00\x0a
+ loremipsum\x10\x00\xff\xff, 18);
+ tt_int_op(1, ==, generic_buffer_fetch_ext_or_cmd(buf, cmd));
+ tt_ptr_op(NULL, !=, cmd);
+ tt_int_op(0x, ==, cmd-cmd);
+ tt_int_op(10, ==, cmd-len);
+ test_mem_op(loremipsum, ==, cmd-body, 10);
+ tt_int_op(4, ==, generic_buffer_len(buf));
+ ext_or_cmd_free(cmd);
+ cmd = NULL;
+
+ /* Finally, let's try a maximum-length command. We already have the header
+ * waiting. */
+ tt_int_op(0, ==, generic_buffer_fetch_ext_or_cmd(buf, cmd));
+ tmp = tor_malloc_zero(65535);
+ generic_buffer_add(buf, tmp, 65535);
+ tt_int_op(1, ==, generic_buffer_fetch_ext_or_cmd(buf, cmd));
+ tt_ptr_op(NULL, !=, cmd);
+ tt_int_op(0x1000, ==, cmd-cmd);
+ tt_int_op(0x, ==, cmd-len);
+ test_mem_op(tmp, ==, cmd-body, 65535);
+ tt_int_op(0, ==, generic_buffer_len(buf));
+ ext_or_cmd_free(cmd);
+ cmd = NULL;
+
+ done:
+ ext_or_cmd_free(cmd);
+ generic_buffer_free(buf);
+ tor_free(tmp);
+}
+
struct testcase_t buffer_tests[] = {
{ basic, test_buffers_basic, 0, NULL, NULL },
{ copy, test_buffer_copy, 0, NULL, NULL },
+ { ext_or_cmd, test_buffer_ext_or_cmd, 0, NULL, NULL },
END_OF_TESTCASES
};
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Test for initializing ext_or_auth_cookie file
commit 636aeb1f24fadd4c6c45dbfd1539f6312c91cc60
Author: Nick Mathewson ni...@torproject.org
Date: Thu Aug 1 16:24:20 2013 -0400
Test for initializing ext_or_auth_cookie file
---
src/test/test_extorport.c | 47 +
1 file changed, 47 insertions(+)
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index 254ad05..0452421 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -7,6 +7,7 @@
#include or.h
#include buffers.h
#include connection.h
+#include config.h
#include control.h
#include ext_orport.h
#include main.h
@@ -148,6 +149,51 @@ test_ext_or_write_command(void *arg)
}
static void
+test_ext_or_init_auth(void *arg)
+{
+ or_options_t *options = get_options_mutable();
+ const char *fn;
+ char *cp = NULL;
+ struct stat st;
+ char cookie0[32];
+ (void)arg;
+
+ /* Check default filename location */
+ options-DataDirectory = tor_strdup(foo);
+ cp = get_ext_or_auth_cookie_file_name();
+ tt_str_op(cp, ==, fooPATH_SEPARATORextended_orport_auth_cookie);
+ tor_free(cp);
+
+ /* Shouldn't be initialized already, or our tests will be a bit
+ * meaningless */
+ test_assert(tor_mem_is_zero(ext_or_auth_cookie, 32));
+
+ /* Now make sure we use a temporary file */
+ fn = get_fname(ext_cookie_file);
+ options-ExtORPortCookieAuthFile = tor_strdup(fn);
+ cp = get_ext_or_auth_cookie_file_name();
+ tt_str_op(cp, ==, fn);
+ tor_free(cp);
+
+ tt_int_op(0, ==, init_ext_or_cookie_authentication(1));
+ tt_int_op(ext_or_auth_cookie_is_set, ==, 1);
+ cp = read_file_to_str(fn, RFTS_BIN, st);
+ tt_ptr_op(cp, !=, NULL);
+ tt_int_op(st.st_size, ==, 64);
+ test_memeq(cp, ! Extended ORPort Auth Cookie !\x0a, 32);
+ test_memeq(cp+32, ext_or_auth_cookie, 32);
+ memcpy(cookie0, ext_or_auth_cookie, 32);
+ test_assert(!tor_mem_is_zero(ext_or_auth_cookie, 32));
+
+ /* Operation should be idempotent. */
+ tt_int_op(0, ==, init_ext_or_cookie_authentication(1));
+ test_memeq(cookie0, ext_or_auth_cookie, 32);
+
+ done:
+ tor_free(cp);
+}
+
+static void
test_ext_or_cookie_auth(void *arg)
{
char *reply=NULL, *reply2=NULL, *client_hash=NULL, *client_hash2=NULL;
@@ -409,6 +455,7 @@ test_ext_or_handshake(void *arg)
struct testcase_t extorport_tests[] = {
{ id_map, test_ext_or_id_map, TT_FORK, NULL, NULL },
{ write_command, test_ext_or_write_command, TT_FORK, NULL, NULL },
+ { init_auth, test_ext_or_init_auth, TT_FORK, NULL, NULL },
{ cookie_auth, test_ext_or_cookie_auth, TT_FORK, NULL, NULL },
{ cookie_auth_testvec, test_ext_or_cookie_auth_testvec, TT_FORK,
NULL, NULL },
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Split the cryptographic part of handle_client_auth_nonce into new fn
commit b64351ed17f3d30425e1e007de50ef66c2b6c789
Author: Nick Mathewson ni...@torproject.org
Date: Wed Jul 31 12:31:26 2013 -0400
Split the cryptographic part of handle_client_auth_nonce into new fn
---
src/or/ext_orport.c | 91 +--
1 file changed, 60 insertions(+), 31 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 9b4db73..f4df1b7 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -197,40 +197,19 @@ connection_ext_or_auth_neg_auth_type(connection_t *conn)
return 1;
}
-/** Read the client's nonce out of bconn/b, setup the safe-cookie
- * crypto, and then send our own hash and nonce to the client
- *
- * Return -1 if there was an error; return 0 if we need more data in
- * bconn/b, and return 1 if we successfully retrieved the
- * client's nonce and sent our own. */
+/** DOCDOC */
static int
-connection_ext_or_auth_handle_client_nonce(connection_t *conn)
+handle_client_auth_nonce(const char *client_nonce, size_t client_nonce_len,
+ char **client_hash_out,
+ char**reply_out, size_t *reply_len_out)
{
char server_hash[EXT_OR_PORT_AUTH_HASH_LEN] = {0};
- char client_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
char server_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
- char reply[EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
+ char *reply;
+ size_t reply_len;
- if (!ext_or_auth_cookie_is_set) { /* this should not happen */
-log_warn(LD_BUG, Extended ORPort authentication cookie was not set.
- That's weird since we should have done that on startup.
- This might be a Tor bug, please file a bug report. );
+ if (client_nonce_len != EXT_OR_PORT_AUTH_NONCE_LEN)
return -1;
- }
-
- if (connection_get_inbuf_len(conn) EXT_OR_PORT_AUTH_NONCE_LEN)
-return 0;
-
- if (connection_fetch_from_buf(client_nonce,
-EXT_OR_PORT_AUTH_NONCE_LEN, conn) 0)
-return -1;
-
- /* We extract the ClientNonce from the received data, and use it to
- calculate ServerHash and ServerNonce according to proposal 217.
-
- We also calculate our own ClientHash value and save it in the
- connection state. We validate it later against the ClientHash
- sent by the client. */
/* Get our nonce */
if (crypto_rand(server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN) 0)
@@ -278,7 +257,7 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
/* Store the client hash we generated. We will need to compare it
with the hash sent by the client. */
-TO_OR_CONN(conn)-ext_or_auth_correct_client_hash = correct_client_hash;
+*client_hash_out = correct_client_hash;
memwipe(hmac_s_msg, 0, hmac_s_msg_len);
memwipe(hmac_c_msg, 0, hmac_c_msg_len);
@@ -309,13 +288,63 @@ connection_ext_or_auth_handle_client_nonce(connection_t
*conn)
}
{ /* write reply: (server_hash, server_nonce) */
+
+reply_len = EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_NONCE_LEN;
+reply = tor_malloc_zero(reply_len);
memcpy(reply, server_hash, EXT_OR_PORT_AUTH_HASH_LEN);
memcpy(reply + EXT_OR_PORT_AUTH_HASH_LEN, server_nonce,
EXT_OR_PORT_AUTH_NONCE_LEN);
-connection_write_to_buf(reply, sizeof(reply), conn);
-memwipe(reply, 0, sizeof(reply));
}
+ *reply_out = reply;
+ *reply_len_out = reply_len;
+
+ return 0;
+}
+
+/** Read the client's nonce out of bconn/b, setup the safe-cookie
+ * crypto, and then send our own hash and nonce to the client
+ *
+ * Return -1 if there was an error; return 0 if we need more data in
+ * bconn/b, and return 1 if we successfully retrieved the
+ * client's nonce and sent our own. */
+static int
+connection_ext_or_auth_handle_client_nonce(connection_t *conn)
+{
+ char client_nonce[EXT_OR_PORT_AUTH_NONCE_LEN];
+ char *reply=NULL;
+ size_t reply_len=0;
+
+ if (!ext_or_auth_cookie_is_set) { /* this should not happen */
+log_warn(LD_BUG, Extended ORPort authentication cookie was not set.
+ That's weird since we should have done that on startup.
+ This might be a Tor bug, please file a bug report. );
+return -1;
+ }
+
+ if (connection_get_inbuf_len(conn) EXT_OR_PORT_AUTH_NONCE_LEN)
+return 0;
+
+ if (connection_fetch_from_buf(client_nonce,
+EXT_OR_PORT_AUTH_NONCE_LEN, conn) 0)
+return -1;
+
+ /* We extract the ClientNonce from the received data, and use it to
+ calculate ServerHash and ServerNonce according to proposal 217.
+
+ We also calculate our own ClientHash value and save it in the
+ connection state. We validate it later against the ClientHash
+ sent by the client. */
+ if (handle_client_auth_nonce(client_nonce, sizeof(client_nonce),
+TO_OR_CONN(conn)-ext_or_auth_correct_client_hash,
+reply, reply_len) 0)
+return -1;
+
+
[tor-commits] [tor/master] Unit test for basic ext_or_cookie authentication backend
commit 4526c3e0b617bd179bb0728ac2ea438e9a2276ed
Author: Nick Mathewson ni...@torproject.org
Date: Thu Aug 1 11:44:52 2013 -0400
Unit test for basic ext_or_cookie authentication backend
---
src/or/ext_orport.c |8 ++---
src/or/ext_orport.h |8 +
src/test/test_extorport.c | 71 +
3 files changed, 83 insertions(+), 4 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index f4df1b7..ec7c6c5 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -105,11 +105,11 @@ connection_ext_or_transition(or_connection_t *conn)
/** If true, we've set ext_or_auth_cookie to a secret code and stored
* it to disk. */
-static int ext_or_auth_cookie_is_set = 0;
+STATIC int ext_or_auth_cookie_is_set = 0;
/** If ext_or_auth_cookie_is_set, a secret cookie that we've stored to disk
* and which we're using to authenticate controllers. (If the controller can
* read it off disk, it has permission to connect.) */
-static char ext_or_auth_cookie[EXT_OR_PORT_AUTH_COOKIE_LEN] = {0};
+STATIC char ext_or_auth_cookie[EXT_OR_PORT_AUTH_COOKIE_LEN] = {0};
/** Helper: Return a newly allocated string containing a path to the
* file where we store our authentication cookie. */
@@ -198,10 +198,10 @@ connection_ext_or_auth_neg_auth_type(connection_t *conn)
}
/** DOCDOC */
-static int
+STATIC int
handle_client_auth_nonce(const char *client_nonce, size_t client_nonce_len,
char **client_hash_out,
- char**reply_out, size_t *reply_len_out)
+ char **reply_out, size_t *reply_len_out)
{
char server_hash[EXT_OR_PORT_AUTH_HASH_LEN] = {0};
char server_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
diff --git a/src/or/ext_orport.h b/src/or/ext_orport.h
index 35b92ad..2d15c18 100644
--- a/src/or/ext_orport.h
+++ b/src/or/ext_orport.h
@@ -27,6 +27,14 @@ STATIC int connection_write_ext_or_command(connection_t
*conn,
uint16_t command,
const char *body,
size_t bodylen);
+STATIC int handle_client_auth_nonce(const char *client_nonce,
+ size_t client_nonce_len,
+ char **client_hash_out,
+ char **reply_out, size_t *reply_len_out);
+#ifdef TOR_UNIT_TESTS
+extern char ext_or_auth_cookie[];
+extern int ext_or_auth_cookie_is_set;
+#endif
#endif
#endif
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index 525ac4f..2caf2ac 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -144,9 +144,80 @@ test_ext_or_write_command(void *arg)
UNMOCK(connection_write_to_buf_impl_);
}
+static void
+test_ext_or_cookie_auth(void *arg)
+{
+ char *reply=NULL, *client_hash=NULL;
+ size_t reply_len=0;
+ char hmac1[32], hmac2[32];
+
+ const char client_nonce[32] =
+Who is the third who walks alway;
+ char server_hash_input[] =
+ExtORPort authentication server-to-client hash
+Who is the third who walks alway
+;
+ char client_hash_input[] =
+ExtORPort authentication client-to-server hash
+Who is the third who walks alway
+;
+
+ (void)arg;
+
+ tt_int_op(strlen(client_hash_input), ==, 46+32+32);
+ tt_int_op(strlen(server_hash_input), ==, 46+32+32);
+
+ memcpy(ext_or_auth_cookie, s beside you? When I count, ther, 32);
+ ext_or_auth_cookie_is_set = 1;
+
+ /* For this authentication, the client sends 32 random bytes (ClientNonce)
+ * The server replies with 32 byte ServerHash and 32 byte ServerNonce,
+ * where ServerHash is:
+ * HMAC-SHA256(CookieString,
+ * ExtORPort authentication server-to-client hash | ClientNonce |
+ *ServerNonce)
+ * The client must reply with 32-byte ClientHash, which we compute as:
+ * ClientHash is computed as:
+ *HMAC-SHA256(CookieString,
+ * ExtORPort authentication client-to-server hash | ClientNonce |
+ *ServerNonce)
+ */
+
+ /* Wrong length */
+ tt_int_op(-1, ==,
+handle_client_auth_nonce(client_nonce, 33, client_hash, reply,
+ reply_len));
+ tt_int_op(-1, ==,
+handle_client_auth_nonce(client_nonce, 31, client_hash, reply,
+ reply_len));
+
+ /* Now let's try this for real! */
+ tt_int_op(0, ==,
+handle_client_auth_nonce(client_nonce, 32, client_hash, reply,
+ reply_len));
+ tt_int_op(reply_len, ==, 64);
+ tt_ptr_op(reply, !=, NULL);
+ tt_ptr_op(client_hash, !=, NULL);
+ /* Fill in the server nonce into the hash inputs... */
+ memcpy(server_hash_input+46+32, reply+32, 32);
+ memcpy(client_hash_input+46+32, reply+32, 32);
+ /* Check the HMACs are correct... */
+ crypto_hmac_sha256(hmac1, ext_or_auth_cookie, 32,
[tor-commits] [tor/master] Better documentation for ext_or_auth_correct_client_hash.
commit bdeddecd29fc6d7edce9ab1e9f1963f6f03a63f8
Author: George Kadianakis desnac...@riseup.net
Date: Wed Aug 14 17:00:56 2013 +0300
Better documentation for ext_or_auth_correct_client_hash.
---
src/or/or.h |7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/or/or.h b/src/or/or.h
index 9b519a7..363dfea 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1448,9 +1448,14 @@ typedef struct or_connection_t {
/** Hash of the public RSA key for the other side's identity key, or zeroes
* if the other side hasn't shown us a valid identity key. */
char identity_digest[DIGEST_LEN];
+
/** Extended ORPort connection identifier. */
char *ext_or_conn_id;
- /** Client hash of the Extended ORPort authentication scheme */
+ /** This is the ClientHash value we expect to receive from the
+ * client during the Extended ORPort authentication protocol. We
+ * compute it upon receiving the ClientNoce from the client, and we
+ * compare it with the acual ClientHash value sent by the
+ * client. */
char *ext_or_auth_correct_client_hash;
/** String carrying the name of the pluggable transport
* (e.g. obfs2) that is obfuscating this connection. If no
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make 0x01==SAFECOOKIE a macro, not a magic number
commit ba78a3c800477efeb9abe8aac477f92bc2634570
Author: Nick Mathewson ni...@torproject.org
Date: Thu Aug 1 13:21:52 2013 -0400
Make 0x01==SAFECOOKIE a macro, not a magic number
---
src/or/ext_orport.c | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index ec7c6c5..ee50a87 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -103,6 +103,9 @@ connection_ext_or_transition(or_connection_t *conn)
#define EXT_OR_PORT_AUTH_CLIENT_TO_SERVER_CONST \
ExtORPort authentication client-to-server hash
+/* Code to indicate cookie authentication */
+#define EXT_OR_AUTHTYPE_SAFECOOKIE 0x01
+
/** If true, we've set ext_or_auth_cookie to a secret code and stored
* it to disk. */
STATIC int ext_or_auth_cookie_is_set = 0;
@@ -190,8 +193,10 @@ connection_ext_or_auth_neg_auth_type(connection_t *conn)
return -1;
log_debug(LD_GENERAL, Client wants us to use %d auth type, authtype[0]);
- if (authtype[0] != 1) /* '1' is the only auth type supported atm */
+ if (authtype[0] != EXT_OR_AUTHTYPE_SAFECOOKIE) {
+/* '1' is the only auth type supported atm */
return -1;
+ }
conn-state = EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE;
return 1;
@@ -638,12 +643,17 @@ int
connection_ext_or_start_auth(or_connection_t *or_conn)
{
connection_t *conn = TO_CONN(or_conn);
- char authtypes[2] = \x01\x00; /* We only support authtype '1' for now. */
+ const uint8_t authtypes[] = {
+/* We only support authtype '1' for now. */
+EXT_OR_AUTHTYPE_SAFECOOKIE,
+/* Marks the end of the list. */
+0
+ };
log_debug(LD_GENERAL,
ExtORPort authentication: Sending supported authentication types);
- connection_write_to_buf(authtypes, sizeof(authtypes), conn);
+ connection_write_to_buf((const char *)authtypes, sizeof(authtypes), conn);
conn-state = EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE;
return 0;
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Warn if the Extended ORPort listens on a public IP address.
commit 13784d47536704e8b2fea918ffe4f9bf8c019f88
Author: George Kadianakis desnac...@riseup.net
Date: Sat Jun 1 18:38:06 2013 +0300
Warn if the Extended ORPort listens on a public IP address.
---
src/or/config.c | 30 +-
src/or/or.h |1 +
2 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/src/or/config.c b/src/or/config.c
index 9c1505c..f13db30 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -5100,6 +5100,27 @@ warn_nonlocal_client_ports(const smartlist_t *ports,
const char *portname,
} SMARTLIST_FOREACH_END(port);
}
+/** Warn for every Extended ORPort port in bports/b that is on a
+ * publicly routable address. */
+static void
+warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname)
+{
+ SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
+if (port-type != CONN_TYPE_EXT_OR_LISTENER)
+ continue;
+if (port-is_unix_addr)
+ continue;
+/* XXX maybe warn even if address is RFC1918? */
+if (!tor_addr_is_internal(port-addr, 1)) {
+ log_warn(LD_CONFIG, You specified a public address '%s' for %sPort.
+ This is not advised; this address is supposed to only be
+ exposed on localhost so that your pluggable transport
+ proxies can connect to it.,
+ fmt_addrport(port-addr, port-port), portname);
+}
+ } SMARTLIST_FOREACH_END(port);
+}
+
/** Given a list of port_cfg_t in bports/b, warn any controller port there
* is listening on any non-loopback address. If bforbid/b is true,
* then emit a stronger warning and remove the port from the list.
@@ -5200,6 +5221,7 @@ parse_port_config(smartlist_t *out,
smartlist_t *elts;
int retval = -1;
const unsigned is_control = (listener_type == CONN_TYPE_CONTROL_LISTENER);
+ const unsigned is_ext_orport = (listener_type == CONN_TYPE_EXT_OR_LISTENER);
const unsigned allow_no_options = flags CL_PORT_NO_OPTIONS;
const unsigned use_server_options = flags CL_PORT_SERVER_OPTIONS;
const unsigned warn_nonlocal = flags CL_PORT_WARN_NONLOCAL;
@@ -5277,6 +5299,8 @@ parse_port_config(smartlist_t *out,
if (warn_nonlocal out) {
if (is_control)
warn_nonlocal_controller_ports(out, forbid_nonlocal);
+ else if (is_ext_orport)
+warn_nonlocal_ext_orports(out, portname);
else
warn_nonlocal_client_ports(out, portname, listener_type);
}
@@ -5550,6 +5574,8 @@ parse_port_config(smartlist_t *out,
if (warn_nonlocal out) {
if (is_control)
warn_nonlocal_controller_ports(out, forbid_nonlocal);
+else if (is_ext_orport)
+ warn_nonlocal_ext_orports(out, portname);
else
warn_nonlocal_client_ports(out, portname, listener_type);
}
@@ -5699,7 +5725,7 @@ parse_ports(or_options_t *options, int validate_only,
options-ExtORPort_lines, NULL,
ExtOR, CONN_TYPE_EXT_OR_LISTENER,
127.0.0.1, 0,
- CL_PORT_SERVER_OPTIONS) 0) {
+ CL_PORT_SERVER_OPTIONS|CL_PORT_WARN_NONLOCAL) 0) {
*msg = tor_strdup(Invalid ExtORPort configuration);
goto err;
}
@@ -5738,6 +5764,8 @@ parse_ports(or_options_t *options, int validate_only,
!! count_real_listeners(ports, CONN_TYPE_DIR_LISTENER);
options-DNSPort_set =
!! count_real_listeners(ports, CONN_TYPE_AP_DNS_LISTENER);
+ options-ExtORPort_set =
+!! count_real_listeners(ports, CONN_TYPE_EXT_OR_LISTENER);
if (!validate_only) {
if (configured_ports) {
diff --git a/src/or/or.h b/src/or/or.h
index 363dfea..47b7a50 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3514,6 +3514,7 @@ typedef struct {
unsigned int ControlPort_set : 1;
unsigned int DirPort_set : 1;
unsigned int DNSPort_set : 1;
+ unsigned int ExtORPort_set : 1;
/**@}*/
int AssumeReachable; /** Whether to publish our descriptor regardless. */
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Test ExtORPort cookie initialization when file writing is broken.
commit c5269a59b011c8e961c7e88185b84e78af33d904
Author: George Kadianakis desnac...@riseup.net
Date: Wed Aug 14 18:00:08 2013 +0300
Test ExtORPort cookie initialization when file writing is broken.
---
src/common/util.c |6 +++---
src/common/util.h |5 +++--
src/test/test_extorport.c | 21 +
3 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/src/common/util.c b/src/common/util.c
index 0e8d34e..a4c2ef4 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -2216,9 +2216,9 @@ write_bytes_to_file_impl(const char *fname, const char
*str, size_t len,
/** As write_str_to_file, but does not assume a NUL-terminated
* string. Instead, we write blen/b bytes, starting at bstr/b. */
-int
-write_bytes_to_file(const char *fname, const char *str, size_t len,
-int bin)
+MOCK_IMPL(int,
+write_bytes_to_file,(const char *fname, const char *str, size_t len,
+ int bin))
{
return write_bytes_to_file_impl(fname, str, len,
OPEN_FLAGS_REPLACE|(bin?O_BINARY:O_TEXT));
diff --git a/src/common/util.h b/src/common/util.h
index 0a8e4a2..8dfb2de 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -355,8 +355,9 @@ FILE *fdopen_file(open_file_t *file_data);
int finish_writing_to_file(open_file_t *file_data);
int abort_writing_to_file(open_file_t *file_data);
int write_str_to_file(const char *fname, const char *str, int bin);
-int write_bytes_to_file(const char *fname, const char *str, size_t len,
-int bin);
+MOCK_DECL(int,
+write_bytes_to_file,(const char *fname, const char *str, size_t len,
+ int bin));
/** An ad-hoc type to hold a string of characters and a count; used by
* write_chunks_to_file. */
typedef struct sized_chunk_t {
diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c
index a3ccc41..7e38ba5 100644
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@@ -149,6 +149,18 @@ test_ext_or_write_command(void *arg)
UNMOCK(connection_write_to_buf_impl_);
}
+static int
+write_bytes_to_file_fail(const char *fname, const char *str, size_t len,
+ int bin)
+{
+ (void) fname;
+ (void) str;
+ (void) len;
+ (void) bin;
+
+ return -1;
+}
+
static void
test_ext_or_init_auth(void *arg)
{
@@ -177,6 +189,14 @@ test_ext_or_init_auth(void *arg)
tt_str_op(cp, ==, fn);
tor_free(cp);
+ /* Test the initialization function with a broken
+ write_bytes_to_file(). See if the problem is handled properly. */
+ MOCK(write_bytes_to_file, write_bytes_to_file_fail);
+ tt_int_op(-1, ==, init_ext_or_cookie_authentication(1));
+ tt_int_op(ext_or_auth_cookie_is_set, ==, 0);
+ UNMOCK(write_bytes_to_file);
+
+ /* Now do the actual initialization. */
tt_int_op(0, ==, init_ext_or_cookie_authentication(1));
tt_int_op(ext_or_auth_cookie_is_set, ==, 1);
cp = read_file_to_str(fn, RFTS_BIN, st);
@@ -193,6 +213,7 @@ test_ext_or_init_auth(void *arg)
done:
tor_free(cp);
+ ext_orport_free_all();
}
static void
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add changes file for #4773.
commit 1743144c341218e4af88423cccd2bf93e72730a1 Author: George Kadianakis desnac...@riseup.net Date: Thu Aug 15 19:15:34 2013 +0300 Add changes file for #4773. --- changes/bug5040 |4 1 file changed, 4 insertions(+) diff --git a/changes/bug5040 b/changes/bug5040 index a2c37e7..720665b 100644 --- a/changes/bug5040 +++ b/changes/bug5040 @@ -1,4 +1,8 @@ o Minor features: +- Bridges now track GeoIP information and the number of their + users even when pluggable transports are in use. These + statistics are reported in their extra-info descriptors like + normal bridges do. Resolves ticket 4773. - Bridges now track the usage of their pluggable transports and report statistics in their extra-info descriptors. Resolves ticket 5040. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix a wide line in test_geoip_with_pt
commit 172a55d9d6056a67a6e860c241fb0f5884a85fd0 Author: Nick Mathewson ni...@torproject.org Date: Thu Aug 15 12:10:10 2013 -0400 Fix a wide line in test_geoip_with_pt --- src/test/test.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/test/test.c b/src/test/test.c index 8693180..f895563 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1334,7 +1334,8 @@ test_geoip_with_pt(void) /* Test the transport history string. */ s = geoip_get_transport_history(); tor_assert(s); - test_streq(s, OR=8,alpha=16,beta=8,charlie=16,ddr=136,entropy=8,fire=8,google=8); + test_streq(s, OR=8,alpha=16,beta=8,charlie=16,ddr=136, + entropy=8,fire=8,google=8); /* Stop collecting entry statistics. */ geoip_entry_stats_term(); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Implement and use a generic auth. cookie initialization function.
commit 33c3e60a376291faed073dcfb6c9b8a0098572a0
Author: George Kadianakis desnac...@riseup.net
Date: Tue Jun 4 20:00:28 2013 +0300
Implement and use a generic auth. cookie initialization function.
Use the generic function for both the ControlPort cookie and the
ExtORPort cookie.
Also, place the global cookie variables in the heap so that we can
pass them around more easily as pointers.
Also also, fix the unit tests that broke by this change.
Conflicts:
src/or/config.h
src/or/ext_orport.c
---
src/or/config.c | 55 +
src/or/config.h |4
src/or/control.c | 41 ++---
src/or/ext_orport.c | 52 +++---
src/or/ext_orport.h |2 +-
src/test/test_extorport.c | 16 -
6 files changed, 95 insertions(+), 75 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index f13db30..8b89cc4 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -6464,3 +6464,58 @@ config_maybe_load_geoip_files_(const or_options_t
*options,
config_load_geoip_file_(AF_INET6, options-GeoIPv6File, geoip6);
}
+/** Initialize cookie authentication (used so far by the ControlPort
+ * and Extended ORPort).
+ *
+ * Allocate memory and create a cookie (of length bcookie_len/b)
+ * in bcookie_out/b.
+ * Then write it down to bfname/b and prepend it with bheader/b.
+ *
+ * If the whole procedure was successful, set
+ * bcookie_is_set_out/b to True. */
+int
+init_cookie_authentication(const char *fname, const char *header,
+ int cookie_len,
+ uint8_t **cookie_out, int *cookie_is_set_out)
+{
+ char cookie_file_str_len = strlen(header) + cookie_len;
+ char *cookie_file_str = tor_malloc(cookie_file_str_len);
+ int retval = -1;
+
+ /* We don't want to generate a new cookie every time we call
+ * options_act(). One should be enough. */
+ if (*cookie_is_set_out) {
+retval = 0; /* we are all set */
+goto done;
+ }
+
+ /* If we've already set the cookie, free it before re-setting
+ it. This can happen if we previously generated a cookie, but
+ couldn't write it to a disk. */
+ if (*cookie_out)
+tor_free(*cookie_out);
+
+ /* Generate the cookie */
+ *cookie_out = tor_malloc(cookie_len);
+ if (crypto_rand((char *)*cookie_out, cookie_len) 0)
+goto done;
+
+ /* Create the string that should be written on the file. */
+ memcpy(cookie_file_str, header, strlen(header));
+ memcpy(cookie_file_str+strlen(header), *cookie_out, cookie_len);
+ if (write_bytes_to_file(fname, cookie_file_str, cookie_file_str_len, 1)) {
+log_warn(LD_FS,Error writing auth cookie to %s., escaped(fname));
+goto done;
+ }
+
+ /* Success! */
+ log_info(LD_GENERAL, Generated auth cookie file in '%s'., escaped(fname));
+ *cookie_is_set_out = 1;
+ retval = 0;
+
+ done:
+ memwipe(cookie_file_str, 0, cookie_file_str_len);
+ tor_free(cookie_file_str);
+ return retval;
+}
+
diff --git a/src/or/config.h b/src/or/config.h
index 16a8a35..eb16e74 100644
--- a/src/or/config.h
+++ b/src/or/config.h
@@ -90,6 +90,10 @@ uint32_t get_effective_bwburst(const or_options_t *options);
char *get_transport_bindaddr_from_config(const char *transport);
+int init_cookie_authentication(const char *fname, const char *header,
+ int cookie_len,
+ uint8_t **cookie_out, int *cookie_is_set_out);
+
or_options_t *options_new(void);
void config_register_addressmaps(const or_options_t *options);
diff --git a/src/or/control.c b/src/or/control.c
index 3a32ea6..b6ba127 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -115,7 +115,7 @@ static int authentication_cookie_is_set = 0;
/** If authentication_cookie_is_set, a secret cookie that we've stored to disk
* and which we're using to authenticate controllers. (If the controller can
* read it off disk, it has permission to connect.) */
-static char authentication_cookie[AUTHENTICATION_COOKIE_LEN];
+static uint8_t *authentication_cookie = NULL;
#define SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT \
Tor safe cookie authentication server-to-controller hash
@@ -4446,44 +4446,27 @@ get_cookie_file(void)
}
}
-/** Choose a random authentication cookie and write it to disk.
- * Anybody who can read the cookie from disk will be considered
- * authorized to use the control connection. Return -1 if we can't
- * write the file, or 0 on success. */
+/* Initialize the cookie-based authentication system of the
+ * ControlPort. If benabled/b is 0, then disable the cookie
+ * authentication system. */
int
init_control_cookie_authentication(int enabled)
{
- char *fname;
+ char *fname = NULL;
+ int retval;
+
if (!enabled) {
authentication_cookie_is_set = 0;
return 0;
}
- /* We don't want to generate a new cookie every time we
[tor-commits] r26309: {website} i put newer pt ttb's up (website/trunk/include)
Author: arma Date: 2013-08-15 16:17:06 + (Thu, 15 Aug 2013) New Revision: 26309 Modified: website/trunk/include/versions.wmi Log: i put newer pt ttb's up Modified: website/trunk/include/versions.wmi === --- website/trunk/include/versions.wmi 2013-08-13 13:10:57 UTC (rev 26308) +++ website/trunk/include/versions.wmi 2013-08-15 16:17:06 UTC (rev 26309) @@ -33,7 +33,7 @@ define-tag version-torbrowser-vidalia whitespace=delete0.2.21/define-tag define-tag version-torimbrowserbundle whitespace=delete1.3.21/define-tag define-tag version-torbrowserbundlealpha whitespace=delete2.4.16-beta-1/define-tag -define-tag version-torobfsbundlealpha whitespace=delete2.4.15-beta-2-pt1/define-tag +define-tag version-torobfsbundlealpha whitespace=delete2.4.16-beta-1-pt1/define-tag define-tag version-torbrowserbundlelinux32 whitespace=delete2.3.25-12/define-tag define-tag version-torbrowserbundlelinux64 whitespace=delete2.3.25-12/define-tag @@ -44,8 +44,8 @@ define-tag version-gnu-torbrowser-vidalia whitespace=delete0.2.21/define-tag define-tag version-torbrowserbundlelinux32alpha whitespace=delete2.4.16-beta-1/define-tag define-tag version-torbrowserbundlelinux64alpha whitespace=delete2.4.16-beta-1/define-tag -define-tag version-torobfsbundlelinux32alpha whitespace=delete2.4.15-beta-2-pt1/define-tag -define-tag version-torobfsbundlelinux64alpha whitespace=delete2.4.15-beta-2-pt1/define-tag +define-tag version-torobfsbundlelinux32alpha whitespace=delete2.4.16-beta-1-pt1/define-tag +define-tag version-torobfsbundlelinux64alpha whitespace=delete2.4.16-beta-1-pt1/define-tag define-tag version-torbrowserbundleosx32 whitespace=delete2.3.25-12/define-tag define-tag version-torbrowserbundleosx64 whitespace=delete2.3.25-12/define-tag @@ -55,8 +55,8 @@ define-tag version-osx-torbrowser-vidalia whitespace=delete0.2.21/define-tag define-tag version-torbrowserbundleosx32alpha whitespace=delete2.4.16-beta-1/define-tag define-tag version-torbrowserbundleosx64alpha whitespace=delete2.4.16-beta-1/define-tag -define-tag version-torobfsbundleosx32alpha whitespace=delete2.4.15-beta-2-pt1/define-tag -define-tag version-torobfsbundleosx64alpha whitespace=delete2.4.15-beta-2-pt1/define-tag +define-tag version-torobfsbundleosx32alpha whitespace=delete2.4.16-beta-1-pt1/define-tag +define-tag version-torobfsbundleosx64alpha whitespace=delete2.4.16-beta-1-pt1/define-tag define-tag version-vidalia-stable whitespace=delete0.2.21/define-tag define-tag version-vidalia-alpha whitespace=delete0.3.1/define-tag ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Merge branch 'bug7751_take2_squashed'
commit 8e2cfca81a0e67ee90c8df55e97da02fe71494f7 Merge: 5380544 3fe1797 Author: Nick Mathewson ni...@torproject.org Date: Thu Aug 15 12:20:39 2013 -0400 Merge branch 'bug7751_take2_squashed' proposals/196-transport-control-ports.txt | 36 ++--- 1 file changed, 33 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Add descriptions for the commands of the Extended ORPort.
commit 3fe179789a9c0e86fe69240cf183fd7a196f3a5f Author: George Kadianakis desnac...@riseup.net Date: Wed Feb 6 00:42:23 2013 + Add descriptions for the commands of the Extended ORPort. --- proposals/196-transport-control-ports.txt | 26 +- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/proposals/196-transport-control-ports.txt b/proposals/196-transport-control-ports.txt index 0488934..db97ea7 100644 --- a/proposals/196-transport-control-ports.txt +++ b/proposals/196-transport-control-ports.txt @@ -55,6 +55,8 @@ Target: 0.2.4.x 3.1. The new extended ORPort protocol +3.1.1. Protocol + The extended server port protocol is as follows: COMMAND [2 bytes, big-endian] @@ -68,7 +70,7 @@ Target: 0.2.4.x (body ignored) [0x0001] USERADDR: an address:port string that represents the - user's address. + client's address. [0x0002] TRANSPORT: a string of the name of the pluggable transport currently in effect on the connection. @@ -90,6 +92,28 @@ Target: 0.2.4.x If the server receives a recognized command that does not parse, it MUST close the connection to the client. +3.1.2. Command descriptions + +3.1.2.1. USERADDR + + An ASCII string holding the TCP/IP address of the client of the + pluggable transport proxy. A Tor bridge SHOULD use that address to + collect statistics about its clients. + + The string MUST not be NUL-terminated. + +3.1.2.2. TRANSPORT + + An ASCII string holding the name of the pluggable transport used by + the client of the pluggable transport proxy. A Tor bridge that + supports multiple transports SHOULD use that information to collect + statistics about the popularity of individual pluggable transports. + + The string MUST not be NUL-terminated. + + Pluggable transport names are C-identifiers and Tor MUST check them + for correctness. + 3.2. The new TransportControlPort protocol The TransportControlPort protocol is as follows: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Pass name of transport to the Extended ORPort.
commit 1656e00cabb9d638c705494bbd3cfe40244eaee6 Author: George Kadianakis desnac...@riseup.net Date: Mon Dec 24 20:32:51 2012 +0200 Pass name of transport to the Extended ORPort. --- proposals/196-transport-control-ports.txt | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/proposals/196-transport-control-ports.txt b/proposals/196-transport-control-ports.txt index 549e8ce..0488934 100644 --- a/proposals/196-transport-control-ports.txt +++ b/proposals/196-transport-control-ports.txt @@ -67,8 +67,11 @@ Target: 0.2.4.x bytes sent by the transport will be those tunneled over it. (body ignored) - [0x0001] USERADDR: an address:port string that represents the user's - address. + [0x0001] USERADDR: an address:port string that represents the + user's address. + + [0x0002] TRANSPORT: a string of the name of the pluggable + transport currently in effect on the connection. Replies sent from tor to the proxy are: @@ -82,7 +85,10 @@ Target: 0.2.4.x the TransportControlPort. See the 'Association and identifier creation' section below. - Parties should ignore command codes that they do not understand. + Parties MUST ignore command codes that they do not understand. + + If the server receives a recognized command that does not parse, it + MUST close the connection to the client. 3.2. The new TransportControlPort protocol ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Introduce the bridge-transports extra-info descriptor field.
commit a01bb8e8e285d644c2e59c0ea788e45bf37470f4 Author: George Kadianakis desnac...@riseup.net Date: Thu Jan 24 15:04:10 2013 +0200 Introduce the bridge-transports extra-info descriptor field. --- dir-spec.txt | 22 ++ pt-spec.txt |5 - 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/dir-spec.txt b/dir-spec.txt index 09a5967..e143b2d 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -680,6 +680,28 @@ List of unique IP addresses that have connected to the bridge per protocol family. +bridge-ip-transports PT=N,PT=N,... NL +[At most once.] + +List of mappings from pluggable transport names to the number +of unique IP addresses that have connected using that +pluggable transport. Unobfuscated connections are counted +using the reserved pluggable transport name OR (without +quotes). If we received a connection from a transport proxy +but we couldn't figure out the name of the pluggable +transport, we use the reserved pluggable transport name +??. + +(OR and ?? are reserved because normal pluggable +transport names MUST match the following regular expression: +[a-zA-Z_][a-zA-Z0-9_]* ) + +The pluggable transport name list is sorted into lexically +ascending order. + +If no clients have connected to the bridge yet, we only write +bridge-ip-transports to the stats file. + dirreq-stats-end -MM-DD HH:MM:SS (NSEC s) NL [At most once.] diff --git a/pt-spec.txt b/pt-spec.txt index 72662b6..ed136ef 100644 --- a/pt-spec.txt +++ b/pt-spec.txt @@ -38,7 +38,10 @@ Specifications: Client behavior as necessary. If a key or value value must contain a semicolon or a backslash, it is escaped with a backslash. - Method names must be C identifiers. + Method names MUST be C identifiers. That is, method names must begin + with a letter or underscore and the rest of the characters can be + letters, numbers or underscores. No length limit is imposed. The + relevant regular expression is: [a-zA-Z_][a-zA-Z0-9_]*. For reference, the old bridge format was Bridge address[:port] [id-fingerprint] ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Merge branch 'bug8045_take3_squashed'
commit fef346f33a579f7f4014fac94685938755d2f3b2 Merge: 8e2cfca a01bb8e Author: Nick Mathewson ni...@torproject.org Date: Thu Aug 15 12:22:21 2013 -0400 Merge branch 'bug8045_take3_squashed' dir-spec.txt | 22 ++ pt-spec.txt |5 - 2 files changed, 26 insertions(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Break up ?? differently, and explain why
commit 6dd8ff0ad9cf32ab7b22d1e2c9fc24477300fa4f
Author: Nick Mathewson ni...@torproject.org
Date: Tue Jul 16 13:44:00 2013 -0400
Break up ?? differently, and explain why
---
src/or/ext_orport.c |7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index cd8ab2d..72dbaa5 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -515,8 +515,11 @@ connection_ext_or_process_inbuf(or_connection_t *or_conn)
/* If the transport proxy did not use the TRANSPORT command to
* specify the transport name, mark this as unknown transport. */
- if (!or_conn-ext_or_transport)
-or_conn-ext_or_transport = tor_strdup(?\?);
+ if (!or_conn-ext_or_transport) {
+/* We write this string this way to avoid ??, which is a C
+ * trigraph. */
+or_conn-ext_or_transport = tor_strdup(? ?);
+ }
connection_write_ext_or_command(conn, EXT_OR_CMD_BT_OKAY, NULL, 0);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] using precise-capable setup-dependencies from https://github.com/TheTorProject/ooni-probe/pull/54
commit 35636cba3fb1c9ae953147cecc13f6983461c529 Author: fh fh-git...@fholzhauer.de Date: Thu Jul 25 16:27:54 2013 +0200 using precise-capable setup-dependencies from https://github.com/TheTorProject/ooni-probe/pull/54 --- setup-dependencies.sh | 30 ++ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/setup-dependencies.sh b/setup-dependencies.sh old mode 100755 new mode 100644 index c4f356f..cdbd0f0 --- a/setup-dependencies.sh +++ b/setup-dependencies.sh @@ -1,16 +1,19 @@ #!/bin/bash +trap 'sudo -k exit 1' INT # Discover our Distro release RELEASE=`lsb_release -c|cut -f 2`; -TOR_DEB_REPO=deb.torproject.org/torproject.org; +TOR_DEB_REPO=http://deb.torproject.org/torproject.org;; -echo sudo is annoying, tell us your password once and sudo won't annoy you for the rest of this process...; -sudo echo if you read this, we won't ask for your password again during this process unless something goes wrong; +case $RELEASE in + natty|wheezy|squeeze|precise) + + echo sudo is annoying, tell us your password once and sudo won't annoy you for the rest of this process...; + sudo echo if you read this, we won't ask for your password again during this process unless something goes wrong; -# This is for Ubuntu's natty -if [ $RELEASE = natty ] || [ $RELEASE = wheezy ]; then # Add Tor repo HAVE_GPG_KEY=`sudo apt-key finger|grep 'A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89'|head -n 1`; + echo Checking for torproject.org Debian repository key... if [ -z $HAVE_GPG_KEY ]; then echo It appears that you do not have the torproject.org Debian repository key installed; installing it...; cat apt.key | sudo apt-key add -; @@ -21,7 +24,11 @@ if [ $RELEASE = natty ] || [ $RELEASE = wheezy ]; then HAVE_TOR_REPO=`grep deb.torproject.org/torproject.org /etc/apt/sources.list /etc/apt/sources.list.d/* 21|grep torproject|head -n 1`; if [ -z $HAVE_TOR_REPO ]; then echo It appears that you do not have the torproject.org Debian repository installed; installing it...; -sudo apt-add-repository deb $TOR_DEB_REPO $RELEASE main; + if [ $RELEASE = squeeze ]; then + (echo -e deb $TOR_DEB_REPO $RELEASE main\ndeb-src $TOR_DEB_REPO $RELEASE main | sudo tee -a /etc/apt/sources.list) /dev/null + else + sudo apt-add-repository deb $TOR_DEB_REPO $RELEASE main + fi else echo It appears that you have the torproject.org Debian repository installed!; fi @@ -34,7 +41,7 @@ if [ $RELEASE = natty ] || [ $RELEASE = wheezy ]; then if [ ! -f ~/.virtualenvs/ooniprobe/bin/activate ]; then # Set up the virtual environment -mkdir ~/.virtualenvs/ +mkdir -p ~/.virtualenvs virtualenv ~/.virtualenvs/ooniprobe source ~/.virtualenvs/ooniprobe/bin/activate else @@ -74,10 +81,9 @@ if [ $RELEASE = natty ] || [ $RELEASE = wheezy ]; then echo fi; echo ; -else - + ;; +*) echo It appears that you are using an unsupported OS - please tell us; echo by filing a bug: https://trac.torproject.org/projects/tor/newticket;; - -fi - + ;; +esac ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] wrong box name fixed
commit 4c5fa3e726cbb5f40e380bc129850282e689a6d2 Author: fh fh-git...@fholzhauer.de Date: Sun Jul 28 10:55:56 2013 +0200 wrong box name fixed --- Vagrantfile |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vagrantfile b/Vagrantfile index 493580f..a5658ec 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -5,7 +5,7 @@ Vagrant.configure(2) do |config| # All Vagrant configuration is done here. The most common configuration # options are documented and commented below. For a complete reference, # please see the online documentation at vagrantup.com. - config.vm.box = precise + config.vm.box = precise32 config.vm.box_url = http://files.vagrantup.com/precise32.box; config.vm.synced_folder ., /usr/share/ooni/ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] nettests dir changed
commit 47f879c7fa17b1135fba37c68d4402f428b110bf Author: fh fh-git...@fholzhauer.de Date: Thu Jul 25 17:50:20 2013 +0200 nettests dir changed --- README.md |2 +- inputs/README | 12 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 2d931ab..280fe96 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ ooniprobe will be installed in `/data/ooniprobe`. ``` cd /data/ooniprobe/ -./bin/ooniprobe nettests/blocking/http_requests.py -f /data/ooniprobe/inputs/input-pack/alexa-top-1k.txt +./bin/ooniprobe data/nettests/blocking/http_requests.py -f /data/ooniprobe/inputs/input-pack/alexa-top-1k.txt ``` ## The easy way to prep your system for running ooniprobe diff --git a/inputs/README b/inputs/README index 2bbc11e..fb3599d 100644 --- a/inputs/README +++ b/inputs/README @@ -3,38 +3,38 @@ the correct functionality of the various OONIProbe tests. # DNS Tamper -./bin/ooniprobe -o dns_tamper_test.yamloo nettests/blocking/dnsconsistency.py -t +./bin/ooniprobe -o dns_tamper_test.yamloo data/nettests/blocking/dnsconsistency.py -t example_inputs/dns_tamper_test_resolvers.txt -f example_inputs/dns_tamper_file.txt less dns_tamper_test.yamloo # Captive Portal -./bin/ooniprobe -o captive_portal_test.yamloo nettests/core/captiveportal.py +./bin/ooniprobe -o captive_portal_test.yamloo data/nettests/core/captiveportal.py less captive_portal_test.yamloo # HTTP Host -./bin/ooniprobe -o http_host.yamloo nettests/manipulation/http_host.py -b http://ooni.nu/test -f example_inputs/http_host_file.txt +./bin/ooniprobe -o http_host.yamloo data/nettests/manipulation/http_host.py -b http://ooni.nu/test -f example_inputs/http_host_file.txt less http_host.yamloo # Keyword filtering -./bin/ooniprobe -o keyword_filtering.yamloo nettests/core/keyword_filtering.py -b http://ooni.nu/test/ -f test_inputs/keyword_filtering_file.txt +./bin/ooniprobe -o keyword_filtering.yamloo data/nettests/core/keyword_filtering.py -b http://ooni.nu/test/ -f test_inputs/keyword_filtering_file.txt less keyword_filtering.yamloo # URL List -./bin/ooniprobe -o url_lists.yamloo nettests/core/url_list.py -f test_inputs/url_lists_file.txt +./bin/ooniprobe -o url_lists.yamloo data/nettests/core/url_list.py -f test_inputs/url_lists_file.txt less url_lists.yamloo # Squid transparent proxy -./bin/ooniprobe -o squid.yamloo nettests/core/squid.py +./bin/ooniprobe -o squid.yamloo data/nettests/core/squid.py less squid.yamloo ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] back to upstream master
commit d80f269f62fd8d6bd4cefc28f81b774b0312109b Author: fh fh-git...@fholzhauer.de Date: Thu Jul 25 17:52:42 2013 +0200 back to upstream master --- setup-dependencies.sh | 30 -- 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/setup-dependencies.sh b/setup-dependencies.sh index cdbd0f0..c4f356f 100644 --- a/setup-dependencies.sh +++ b/setup-dependencies.sh @@ -1,19 +1,16 @@ #!/bin/bash -trap 'sudo -k exit 1' INT # Discover our Distro release RELEASE=`lsb_release -c|cut -f 2`; -TOR_DEB_REPO=http://deb.torproject.org/torproject.org;; +TOR_DEB_REPO=deb.torproject.org/torproject.org; -case $RELEASE in - natty|wheezy|squeeze|precise) - - echo sudo is annoying, tell us your password once and sudo won't annoy you for the rest of this process...; - sudo echo if you read this, we won't ask for your password again during this process unless something goes wrong; +echo sudo is annoying, tell us your password once and sudo won't annoy you for the rest of this process...; +sudo echo if you read this, we won't ask for your password again during this process unless something goes wrong; +# This is for Ubuntu's natty +if [ $RELEASE = natty ] || [ $RELEASE = wheezy ]; then # Add Tor repo HAVE_GPG_KEY=`sudo apt-key finger|grep 'A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89'|head -n 1`; - echo Checking for torproject.org Debian repository key... if [ -z $HAVE_GPG_KEY ]; then echo It appears that you do not have the torproject.org Debian repository key installed; installing it...; cat apt.key | sudo apt-key add -; @@ -24,11 +21,7 @@ case $RELEASE in HAVE_TOR_REPO=`grep deb.torproject.org/torproject.org /etc/apt/sources.list /etc/apt/sources.list.d/* 21|grep torproject|head -n 1`; if [ -z $HAVE_TOR_REPO ]; then echo It appears that you do not have the torproject.org Debian repository installed; installing it...; - if [ $RELEASE = squeeze ]; then - (echo -e deb $TOR_DEB_REPO $RELEASE main\ndeb-src $TOR_DEB_REPO $RELEASE main | sudo tee -a /etc/apt/sources.list) /dev/null - else - sudo apt-add-repository deb $TOR_DEB_REPO $RELEASE main - fi +sudo apt-add-repository deb $TOR_DEB_REPO $RELEASE main; else echo It appears that you have the torproject.org Debian repository installed!; fi @@ -41,7 +34,7 @@ case $RELEASE in if [ ! -f ~/.virtualenvs/ooniprobe/bin/activate ]; then # Set up the virtual environment -mkdir -p ~/.virtualenvs +mkdir ~/.virtualenvs/ virtualenv ~/.virtualenvs/ooniprobe source ~/.virtualenvs/ooniprobe/bin/activate else @@ -81,9 +74,10 @@ case $RELEASE in echo fi; echo ; - ;; -*) +else + echo It appears that you are using an unsupported OS - please tell us; echo by filing a bug: https://trac.torproject.org/projects/tor/newticket;; - ;; -esac + +fi + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Merge pull request #54 from moskvax/squeeze-precise-setup-support
commit d560f34fa5b46a1b1a8fbd902fd5d87ebdcf04aa Merge: 41b7530 7e6bc88 Author: Arturo Filastò art...@filasto.net Date: Wed Aug 14 05:40:19 2013 -0700 Merge pull request #54 from moskvax/squeeze-precise-setup-support added precise and squeeze support to setup-dependencies.sh setup-dependencies.sh | 30 ++ 1 file changed, 18 insertions(+), 12 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] fixing rights
commit 32f799a1fded1bb52ac79731b6bb5a6cfefc769b Author: fh fh-git...@fholzhauer.de Date: Thu Jul 25 17:53:45 2013 +0200 fixing rights --- 0 files changed diff --git a/setup-dependencies.sh b/setup-dependencies.sh old mode 100644 new mode 100755 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Workaround crazy bugs.
commit eb75f19a4af364a3679ee280b0081e6cecb15bab
Author: Arturo Filastò a...@fuffa.org
Date: Thu Aug 15 18:22:42 2013 +0200
Workaround crazy bugs.
---
ooni/utils/log.py |3 +++
requirements.txt |1 -
setup.py |2 +-
3 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/ooni/utils/log.py b/ooni/utils/log.py
index 036a4b4..3aedc17 100644
--- a/ooni/utils/log.py
+++ b/ooni/utils/log.py
@@ -30,6 +30,9 @@ def start(logfile=None, application_name=ooniprobe):
if not logfile:
logfile = config.basic.logfile
+if not (os.access(logfile, os.W_OK)):
+logfile = ooniprobe.log
+
log_folder = os.path.dirname(logfile)
log_filename = os.path.basename(logfile)
diff --git a/requirements.txt b/requirements.txt
index b335716..03fcdfc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,6 @@
PyYAML=3.10
Twisted=12.2.0
argparse=1.2.1
-distribute=0.6.24
docutils=0.9.1
ipaddr=2.1.10
pyOpenSSL=0.13
diff --git a/setup.py b/setup.py
index 3c42218..470804c 100644
--- a/setup.py
+++ b/setup.py
@@ -54,7 +54,7 @@ setup(
url=https://ooni.torproject.org/;,
package_dir={'ooni': 'ooni'},
data_files=data_files,
-packages=['ooni', 'ooni.api', 'ooni.templates', 'ooni.tests',
'ooni.utils'],
+packages=['ooni', 'ooni.api', 'ooni.kit', 'ooni.templates', 'ooni.tests',
'ooni.utils'],
scripts=[bin/ooniprobe],
dependency_links=dependency_links,
install_requires=install_requires,
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] some steps closer to a fully running setup, documented the open issues
commit 0f7d42ecc861f79d7f14ee98feb35c48496a782f Author: fh fh-git...@fholzhauer.de Date: Sun Jul 28 10:54:49 2013 +0200 some steps closer to a fully running setup, documented the open issues --- Vagrantfile | 25 - 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 1434fd2..493580f 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -5,29 +5,44 @@ Vagrant.configure(2) do |config| # All Vagrant configuration is done here. The most common configuration # options are documented and commented below. For a complete reference, # please see the online documentation at vagrantup.com. - config.vm.box = precise32 + config.vm.box = precise config.vm.box_url = http://files.vagrantup.com/precise32.box; - config.vm.synced_folder ., /data/ooniprobe + config.vm.synced_folder ., /usr/share/ooni/ end $script = SCRIPT apt-get update -apt-get -y install curl python-setuptools python-dev python-software-properties python-virtualenv virtualenvwrapper vim +apt-get -y install curl python-setuptools python-dev python-software-properties python-virtualenv virtualenvwrapper vim unzip libpcap-dev -cd /data/ooniprobe +cd /usr/share/ooni/ ./setup-dependencies.sh +cd data +make geoip + echo source ~/.virtualenvs/ooniprobe/bin/activate ~root/.bashrc mkdir -p ~/.ooni -cp /data/ooniprobe/data/ooniprobe.conf.sample ~/.ooni/ooniprobe.conf +cp /usr/share/ooni/data/ooniprobe.conf.sample ~/.ooni/ooniprobe.conf + +# https://code.google.com/p/pypcap/issues/detail?id=27 +# pip install pydnet pypcap + +apt-get install tor echo Login using 'vagrant ssh', and dont forget to run ooniprobe as root. +echo First run: 'sudo su; cd /usr/share/ooni; ./bin/ooniprobe -i decks/before_i_commit.testdeck' SCRIPT +# TODO: +# Somehow, ooniprobe is not capable to connect to tor by default. My current +# workaround is to kill tor, and set start_tor: true in /root/.ooni/ooniprobe.conf +# + + Vagrant.configure(2) do |config| config.vm.provision :shell, :inline = $script end ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Merge branch 'master' into effhaa/vagrant-precise-ooni
commit 041796597b144754c091e10d46e25b5591355aa3 Merge: eb75f19 d4d8b0b Author: Arturo Filastò a...@fuffa.org Date: Thu Aug 15 19:14:50 2013 +0200 Merge branch 'master' into effhaa/vagrant-precise-ooni * master: Fetch dnspython and scapy from pypi instead of the tpo mirror requirements.txt | 17 - 1 file changed, 4 insertions(+), 13 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] fixing path to data dir
commit 23e634ccd800112ceb7b3189b47820289ba906cb Author: fh fh-git...@fholzhauer.de Date: Sun Jul 28 10:53:49 2013 +0200 fixing path to data dir --- data/ooniprobe.conf.sample |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/ooniprobe.conf.sample b/data/ooniprobe.conf.sample index 54f7b83..ac59c62 100644 --- a/data/ooniprobe.conf.sample +++ b/data/ooniprobe.conf.sample @@ -21,7 +21,7 @@ reports: pcap: null collector: 'httpo://nkvphnp3p6agi5qq.onion' advanced: -geoip_data_dir: /usr/share/ooni/ +geoip_data_dir: /usr/share/ooni/data/ debug: true # enable if auto detection fails #tor_binary: /usr/sbin/tor @@ -46,7 +46,7 @@ advanced: # How many reports to perform concurrently reporting_concurrency: 20 # Specify here a custom data_dir path -data_dir: /usr/share/ooni/ +data_dir: /usr/share/ooni/data/ oonid_api_port: 8042 tor: socks_port: 9050 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Fetch dnspython and scapy from pypi instead of the tpo mirror
commit d4d8b0bb5d44b464b9553bda49be7b86362bfa82 Author: Arturo Filastò a...@fuffa.org Date: Wed Jul 10 16:53:09 2013 +0200 Fetch dnspython and scapy from pypi instead of the tpo mirror --- requirements.txt | 17 - 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/requirements.txt b/requirements.txt index b335716..691c0ce 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,6 +11,7 @@ txsocksx=0.0.2 Pyrex=0.9.8.6 parsley=1.1 cyclone +dnspython=1.10.0 # Taken from the versions required by twisted 13.0.0 (latest) transaction=1.1.1 @@ -18,16 +19,6 @@ zope.component=3.5 zope.event=3.5 zope.interface=3.6 -# This is a Tor Project mirror with valid SSL/TLS certs that is stable and fast -# Originally fetched from the hg repo on secdev.org: -# https://hg.secdev.org/scapy/archive/tip.zip#egg=scapy -# Mirrored on Tor's webserver: -# This should be scapy=2.2.0, but pip does not like it -https://people.torproject.org/~ioerror/src/mirrors/ooniprobe/scapy-02-25-2013-tip.zip -# This was 'dnspython=1.10.0' above until it failed to download many times. -# Originally fetched from dnspython but it timed out often: -# http://www.dnspython.org/kits/1.10.0/dnspython-1.10.0.zip -# Mirrored on Tor's webserver: -# This should be the below, but pip does not like it. -dnspython=1.10.0 -https://people.torproject.org/~ioerror/src/mirrors/ooniprobe/dnspython-1.10.0.zip +# Get scapy 2.2 from pypi +# https://pypi.python.org/pypi/scapy-real/2.2.0-dev +scapy-real ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Merge pull request #155 from effhaa/readme-fix
commit 2d94c90f66c20f296810e4a6cb18357e4c43c578 Merge: d560f34 32f799a Author: Arturo Filastò art...@filasto.net Date: Wed Aug 14 05:45:51 2013 -0700 Merge pull request #155 from effhaa/readme-fix Readme Fix: nettests location changed README.md |2 +- inputs/README | 12 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] added precise and squeeze support to setup-dependencies.sh
commit 7e6bc883c0c0cbb99c152d9389994ded42e04de8 Author: Stephen Caraher mosk...@gmail.com Date: Wed Feb 27 21:45:05 2013 +1100 added precise and squeeze support to setup-dependencies.sh --- setup-dependencies.sh | 30 ++ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/setup-dependencies.sh b/setup-dependencies.sh index c4f356f..cdbd0f0 100755 --- a/setup-dependencies.sh +++ b/setup-dependencies.sh @@ -1,16 +1,19 @@ #!/bin/bash +trap 'sudo -k exit 1' INT # Discover our Distro release RELEASE=`lsb_release -c|cut -f 2`; -TOR_DEB_REPO=deb.torproject.org/torproject.org; +TOR_DEB_REPO=http://deb.torproject.org/torproject.org;; -echo sudo is annoying, tell us your password once and sudo won't annoy you for the rest of this process...; -sudo echo if you read this, we won't ask for your password again during this process unless something goes wrong; +case $RELEASE in + natty|wheezy|squeeze|precise) + + echo sudo is annoying, tell us your password once and sudo won't annoy you for the rest of this process...; + sudo echo if you read this, we won't ask for your password again during this process unless something goes wrong; -# This is for Ubuntu's natty -if [ $RELEASE = natty ] || [ $RELEASE = wheezy ]; then # Add Tor repo HAVE_GPG_KEY=`sudo apt-key finger|grep 'A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89'|head -n 1`; + echo Checking for torproject.org Debian repository key... if [ -z $HAVE_GPG_KEY ]; then echo It appears that you do not have the torproject.org Debian repository key installed; installing it...; cat apt.key | sudo apt-key add -; @@ -21,7 +24,11 @@ if [ $RELEASE = natty ] || [ $RELEASE = wheezy ]; then HAVE_TOR_REPO=`grep deb.torproject.org/torproject.org /etc/apt/sources.list /etc/apt/sources.list.d/* 21|grep torproject|head -n 1`; if [ -z $HAVE_TOR_REPO ]; then echo It appears that you do not have the torproject.org Debian repository installed; installing it...; -sudo apt-add-repository deb $TOR_DEB_REPO $RELEASE main; + if [ $RELEASE = squeeze ]; then + (echo -e deb $TOR_DEB_REPO $RELEASE main\ndeb-src $TOR_DEB_REPO $RELEASE main | sudo tee -a /etc/apt/sources.list) /dev/null + else + sudo apt-add-repository deb $TOR_DEB_REPO $RELEASE main + fi else echo It appears that you have the torproject.org Debian repository installed!; fi @@ -34,7 +41,7 @@ if [ $RELEASE = natty ] || [ $RELEASE = wheezy ]; then if [ ! -f ~/.virtualenvs/ooniprobe/bin/activate ]; then # Set up the virtual environment -mkdir ~/.virtualenvs/ +mkdir -p ~/.virtualenvs virtualenv ~/.virtualenvs/ooniprobe source ~/.virtualenvs/ooniprobe/bin/activate else @@ -74,10 +81,9 @@ if [ $RELEASE = natty ] || [ $RELEASE = wheezy ]; then echo fi; echo ; -else - + ;; +*) echo It appears that you are using an unsupported OS - please tell us; echo by filing a bug: https://trac.torproject.org/projects/tor/newticket;; - -fi - + ;; +esac ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Update README file
commit b6400a90e0a4b9b6946a59d6f8854bee52bce521 Author: Arturo Filastò a...@fuffa.org Date: Thu Aug 15 18:21:27 2013 +0200 Update README file --- README.md |5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2d931ab..821499d 100644 --- a/README.md +++ b/README.md @@ -50,13 +50,12 @@ vagrant up vagrant ssh ``` -ooniprobe will be installed in `/data/ooniprobe`. +ooniprobe will be installed in `/ooni`. 3) You can run tests with: ``` -cd /data/ooniprobe/ -./bin/ooniprobe nettests/blocking/http_requests.py -f /data/ooniprobe/inputs/input-pack/alexa-top-1k.txt +ooniprobe /usr/share/ooni/nettests/blocking/http_requests.py -f /ooni/inputs/input-pack/alexa-top-1k.txt ``` ## The easy way to prep your system for running ooniprobe ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Merge branch 'master' into effhaa/vagrant-precise-ooni
commit 3e47a9e6d90ed71d8943d245e21bad81ee566059 Merge: 0417965 296b704 Author: Arturo Filastò a...@fuffa.org Date: Thu Aug 15 19:27:15 2013 +0200 Merge branch 'master' into effhaa/vagrant-precise-ooni * master: Add disclaimer fixing rights back to upstream master nettests dir changed added precise and squeeze support to setup-dependencies.sh Conflicts: README.md README.md |7 +++ inputs/README | 12 ++-- 2 files changed, 13 insertions(+), 6 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Add obfsproxy_binary option to sample config
commit 8b4b2d9dabecf7192dccc64251d6c91ff6cf9932 Author: aagbsn aag...@extc.org Date: Thu Jul 4 15:04:39 2013 +0200 Add obfsproxy_binary option to sample config --- data/ooniprobe.conf.sample |1 + 1 file changed, 1 insertion(+) diff --git a/data/ooniprobe.conf.sample b/data/ooniprobe.conf.sample index f0c2fef..54f7b83 100644 --- a/data/ooniprobe.conf.sample +++ b/data/ooniprobe.conf.sample @@ -25,6 +25,7 @@ advanced: debug: true # enable if auto detection fails #tor_binary: /usr/sbin/tor +#obfsproxy_binary: /usr/bin/obfsproxy # For auto detection interface: auto # Of specify a specific interface ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Merge branch 'master' of github.com:TheTorProject/ooni-probe
commit 296b7046d0c9da9c12774e1341dd7b9147f82605 Merge: d4d8b0b 2d94c90 Author: Arturo Filastò a...@fuffa.org Date: Thu Aug 15 19:26:32 2013 +0200 Merge branch 'master' of github.com:TheTorProject/ooni-probe * 'master' of github.com:TheTorProject/ooni-probe: Add disclaimer fixing rights back to upstream master nettests dir changed using precise-capable setup-dependencies from https://github.com/TheTorProject/ooni-probe/pull/54 Add obfsproxy_binary option to sample config added precise and squeeze support to setup-dependencies.sh README.md |9 - data/ooniprobe.conf.sample |1 + inputs/README | 12 ++-- setup-dependencies.sh | 30 ++ 4 files changed, 33 insertions(+), 19 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Add disclaimer
commit 41b75308dacc778d56e9a75089d985223963672f Author: Arturo Filastò art...@filasto.net Date: Wed Jul 31 21:18:09 2013 +0200 Add disclaimer fixes: https://github.com/TheTorProject/ooni-probe/issues/145 --- README.md |7 +++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 2d931ab..888a389 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,13 @@ with others, so that you and others may better understand your network? If so, please read this document and we hope ooniprobe will help you to gather network data that will assist you with your endeavors! +## Disclaimer + +Note: ooni-probe takes no precautions to protect the install target machine +from forensics analysis. If the fact that you have installed or used ooni +probe is a liability for you, please be aware of this risk. + + ## Getting started with ooniprobe is easy (with Vagrant) 0) [Install Vagrant](http://downloads.vagrantup.com/) and [Install Virtualbox](https://www.virtualbox.org/wiki/Downloads) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Do some radical changes to Vagrantfile and setup-dependencies
commit 17f68aca83c06d75a82cc5f9ecd96c7dbb7919bf
Author: Arturo Filastò a...@fuffa.org
Date: Thu Aug 15 18:21:44 2013 +0200
Do some radical changes to Vagrantfile and setup-dependencies
A lot of this code is taken from the GlobaLeaks setup script.
---
Vagrantfile | 25 +--
setup-dependencies.sh | 563 +++--
2 files changed, 515 insertions(+), 73 deletions(-)
diff --git a/Vagrantfile b/Vagrantfile
index a5658ec..b1c6fe4 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -8,30 +8,29 @@ Vagrant.configure(2) do |config|
config.vm.box = precise32
config.vm.box_url = http://files.vagrantup.com/precise32.box;
- config.vm.synced_folder ., /usr/share/ooni/
+ config.vm.synced_folder ., /ooni
end
$script = SCRIPT
-apt-get update
-apt-get -y install curl python-setuptools python-dev
python-software-properties python-virtualenv virtualenvwrapper vim unzip
libpcap-dev
+cd /ooni/
+export USE_VIRTUALENV=0
+./setup-dependencies.sh -y
+python setup.py install
cd /usr/share/ooni/
-./setup-dependencies.sh
-
-cd data
-make geoip
-
-echo source ~/.virtualenvs/ooniprobe/bin/activate ~root/.bashrc
+echo [+] Building geoip stuff..
+make geoip 21 /dev/null
mkdir -p ~/.ooni
-cp /usr/share/ooni/data/ooniprobe.conf.sample ~/.ooni/ooniprobe.conf
+cp /usr/share/ooni/ooniprobe.conf.sample ~/.ooni/ooniprobe.conf
+
+cd /ooni/inputs/
+make lists 21 /dev/null
# https://code.google.com/p/pypcap/issues/detail?id=27
# pip install pydnet pypcap
-apt-get install tor
-
echo Login using 'vagrant ssh', and dont forget to run ooniprobe as root.
echo First run: 'sudo su; cd /usr/share/ooni; ./bin/ooniprobe -i
decks/before_i_commit.testdeck'
@@ -40,8 +39,6 @@ SCRIPT
# TODO:
# Somehow, ooniprobe is not capable to connect to tor by default. My current
# workaround is to kill tor, and set start_tor: true in
/root/.ooni/ooniprobe.conf
-#
-
Vagrant.configure(2) do |config|
config.vm.provision :shell, :inline = $script
diff --git a/setup-dependencies.sh b/setup-dependencies.sh
index cdbd0f0..b07a716 100755
--- a/setup-dependencies.sh
+++ b/setup-dependencies.sh
@@ -1,85 +1,530 @@
#!/bin/bash
-trap 'sudo -k exit 1' INT
+
+DIR=$( cd $( dirname ${BASH_SOURCE[0]} ) pwd )
+BUILD_DIR=/tmp/oonibuilding.$RANDOM
+BUILD_LOG=${BUILD_DIR}.log
+TMP_KEYRING=${BUILD_DIR}/tmpkeyring.gpg
+DISTRO='unknown'
+DISTRO_VERSION='unknown'
+REPO_ROOT=$(pwd)
# Discover our Distro release
-RELEASE=`lsb_release -c|cut -f 2`;
+if [ -f /etc/redhat-release ]; then
+ DISTRO=fedora
+# Debian/Ubuntu
+elif [ -r /lib/lsb/init-functions ]; then
+ DISTRO_VERSION=$( lsb_release -cs )
+ if [ $( lsb_release -is ) == Ubuntu ]; then
+DISTRO=ubuntu
+ else
+DISTRO=debian
+ fi
+fi
+
TOR_DEB_REPO=http://deb.torproject.org/torproject.org;;
+if [[ -z $USE_VIRTUALENV ]]; then
+ USE_VIRTUALENV=1
+fi
+usage()
+{
+cat EOF
+usage: ./${SCRIPTNAME} options
-case $RELEASE in
- natty|wheezy|squeeze|precise)
+OPTIONS:
+ -h Show this message
+ -y To assume yes to all queries
- echo sudo is annoying, tell us your password once and sudo won't annoy you
for the rest of this process...;
- sudo echo if you read this, we won't ask for your password again during
this process unless something goes wrong;
+EOF
+}
- # Add Tor repo
- HAVE_GPG_KEY=`sudo apt-key finger|grep 'A3C4 F0F9 79CA A22C DBA8 F512 EE8C
BC9E 886D DD89'|head -n 1`;
- echo Checking for torproject.org Debian repository key...
- if [ -z $HAVE_GPG_KEY ]; then
-echo It appears that you do not have the torproject.org Debian repository
key installed; installing it...;
-cat apt.key | sudo apt-key add -;
- else
-echo It appears that you have the torproject.org Debian repository key
installed!;
+ASSUME_YES=0
+while getopts âhv:nyâ OPTION
+do
+ case $OPTION in
+h)
+ usage
+ exit 1
+ ;;
+y)
+ ASSUME_YES=1
+ ;;
+?)
+ usage
+ exit
+ ;;
+esac
+done
+
+DO () {
+if [ -z $2 ]; then
+RET=0
+else
+RET=$2
+fi
+if [ -z $3 ]; then
+CMD=$1
+else
+CMD=$3
+fi
+echo Running:
+echo $CMD
+$1 ${BUILD_LOG}
+if [ $? -eq $2 ]; then
+echo SUCCESS
+else
+echo FAIL
+echo COMBINED STDOUT/STDERR OUTPUT OF FAILED COMMAND:
+cat ${BUILD_LOG}
+exit 1
+fi
+}
+
+vercomp () {
+# Returnned values:
+# 0: version are equals
+# 1: $1 is bigger than $2
+# 2: $2 is bigger than $1
+if [[ $1 == $2 ]]
+then
+return 0
+fi
+local IFS=.
+local i ver1=($1) ver2=($2)
+# fill empty fields in ver1 with zeros
+for ((i=${#ver1[@]}; i${#ver2[@]}; i++))
+do
+ver1[i]=0
+done
+for ((i=0; i${#ver1[@]}; i++))
+do
+if [[ -z ${ver2[i]} ]]
+then
+# fill empty fields in ver2 with zeros
+ver2[i]=0
+fi
+if ((10#${ver1[i]}
[tor-commits] [ooni-probe/master] Merge pull request #160 from TheTorProject/effhaa/vagrant-precise-ooni
commit c81d7fecd20dc4d89fe46cc3f98892fa8f62ee3e Merge: 2d94c90 3e47a9e Author: Arturo Filastò art...@filasto.net Date: Thu Aug 15 10:28:13 2013 -0700 Merge pull request #160 from TheTorProject/effhaa/vagrant-precise-ooni Effhaa/vagrant precise ooni README.md |5 +- Vagrantfile | 147 ++--- data/Makefile | 12 +- ooni/utils/log.py |3 + requirements.txt | 18 +- setup-dependencies.sh | 563 +++-- setup.py |2 +- 7 files changed, 540 insertions(+), 210 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Vagrantfile now using setup-dependencies.sh
commit 34243f764416716c10d8e9d5cbd39b404920cc34
Author: fh fh-git...@fholzhauer.de
Date: Thu Jul 25 17:38:02 2013 +0200
Vagrantfile now using setup-dependencies.sh
---
Vagrantfile | 131 +++
1 file changed, 6 insertions(+), 125 deletions(-)
diff --git a/Vagrantfile b/Vagrantfile
index 897838f..1434fd2 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -5,145 +5,26 @@ Vagrant.configure(2) do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
-
- # Every Vagrant virtual environment requires a box to build off of.
config.vm.box = precise32
-
- # The url from where the 'config.vm.box' box will be fetched if it
- # doesn't already exist on the user's system.
config.vm.box_url = http://files.vagrantup.com/precise32.box;
- # Create a forwarded port mapping which allows access to a specific port
- # within the machine from a port on the host machine. In the example below,
- # accessing localhost:8080 will access port 80 on the guest machine.
- # config.vm.network :forwarded_port, guest: 80, host: 8080
-
- # Create a private network, which allows host-only access to the machine
- # using a specific IP.
- # config.vm.network :private_network, ip: 192.168.33.10
-
- # Create a public network, which generally matched to bridged network.
- # Bridged networks make the machine appear as another physical device on
- # your network.
- # config.vm.network :public_network
-
- # Share an additional folder to the guest VM. The first argument is
- # the path on the host to the actual folder. The second argument is
- # the path on the guest to mount the folder. And the optional third
- # argument is a set of non-required options.
config.vm.synced_folder ., /data/ooniprobe
- # Provider-specific configuration so you can fine-tune various
- # backing providers for Vagrant. These expose provider-specific options.
- # Example for VirtualBox:
- #
- # config.vm.provider :virtualbox do |vb|
- # # Don't boot with headless mode
- # vb.gui = true
- #
- # # Use VBoxManage to customize the VM. For example to change memory:
- # vb.customize [modifyvm, :id, --memory, 1024]
- # end
- #
- # View the documentation for the provider you're using for more
- # information on available options.
-
- # Enable provisioning with Puppet stand alone. Puppet manifests
- # are contained in a directory path relative to this Vagrantfile.
- # You will need to create the manifests directory and a manifest in
- # the file base.pp in the manifests_path directory.
- #
- # An example Puppet manifest to provision the message of the day:
- #
- # # group { puppet:
- # # ensure = present,
- # # }
- # #
- # # File { owner = 0, group = 0, mode = 0644 }
- # #
- # # file { '/etc/motd':
- # # content = Welcome to your Vagrant-built virtual machine!
- # # Managed by Puppet.\n
- # # }
- #
- # config.vm.provision :puppet do |puppet|
- # puppet.manifests_path = manifests
- # puppet.manifest_file = init.pp
- # end
-
- # Enable provisioning with chef solo, specifying a cookbooks path, roles
- # path, and data_bags path (all relative to this Vagrantfile), and adding
- # some recipes and/or roles.
- #
- # config.vm.provision :chef_solo do |chef|
- # chef.cookbooks_path = ../my-recipes/cookbooks
- # chef.roles_path = ../my-recipes/roles
- # chef.data_bags_path = ../my-recipes/data_bags
- # chef.add_recipe mysql
- # chef.add_role web
- #
- # # You may also specify custom JSON attributes:
- # chef.json = { :mysql_password = foo }
- # end
-
- # Enable provisioning with chef server, specifying the chef server URL,
- # and the path to the validation key (relative to this Vagrantfile).
- #
- # The Opscode Platform uses HTTPS. Substitute your organization for
- # ORGNAME in the URL and validation key.
- #
- # If you have your own Chef Server, use the appropriate URL, which may be
- # HTTP instead of HTTPS depending on your configuration. Also change the
- # validation key to validation.pem.
- #
- # config.vm.provision :chef_client do |chef|
- # chef.chef_server_url = https://api.opscode.com/organizations/ORGNAME;
- # chef.validation_key_path = ORGNAME-validator.pem
- # end
- #
- # If you're using the Opscode platform, your validator client is
- # ORGNAME-validator, replacing ORGNAME with your organization name.
- #
- # If you have your own Chef Server, the default validation client name is
- # chef-validator, unless you changed the configuration.
- #
- # chef.validation_client_name = ORGNAME-validator
end
$script = SCRIPT
-apt-get -y install curl python-setuptools python-dev
-
-echo Installing Tor...
-
-echo deb http://deb.torproject.org/torproject.org precise main
/etc/apt/source.list
-
-gpg --keyserver
[tor-commits] [ooni-probe/master] nicer file handling if makefile is executed multiple times without clean
commit 27dbd3cf488e36b794124c32dec9b74c6ba0ece2 Author: fh fh-git...@fholzhauer.de Date: Sun Jul 28 10:54:22 2013 +0200 nicer file handling if makefile is executed multiple times without clean --- data/Makefile | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/data/Makefile b/data/Makefile index b64c939..969cc65 100644 --- a/data/Makefile +++ b/data/Makefile @@ -1,10 +1,10 @@ geoip: - wget http://www.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz - gunzip GeoIPASNum.dat.gz - wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz - gunzip GeoIP.dat.gz - wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz - gunzip GeoLiteCity.dat.gz + wget -N http://www.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz + gunzip -f GeoIPASNum.dat.gz + wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz + gunzip -f GeoIP.dat.gz + wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz + gunzip -f GeoLiteCity.dat.gz clean: rm -f *.dat ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Update to point to the /usr/share dir directly
commit a58b46f72f3516539a95531f600f9c16daa25dd8 Author: Arturo Filastò a...@fuffa.org Date: Thu Aug 15 18:22:18 2013 +0200 Update to point to the /usr/share dir directly --- data/ooniprobe.conf.sample |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/ooniprobe.conf.sample b/data/ooniprobe.conf.sample index ac59c62..54f7b83 100644 --- a/data/ooniprobe.conf.sample +++ b/data/ooniprobe.conf.sample @@ -21,7 +21,7 @@ reports: pcap: null collector: 'httpo://nkvphnp3p6agi5qq.onion' advanced: -geoip_data_dir: /usr/share/ooni/data/ +geoip_data_dir: /usr/share/ooni/ debug: true # enable if auto detection fails #tor_binary: /usr/sbin/tor @@ -46,7 +46,7 @@ advanced: # How many reports to perform concurrently reporting_concurrency: 20 # Specify here a custom data_dir path -data_dir: /usr/share/ooni/data/ +data_dir: /usr/share/ooni/ oonid_api_port: 8042 tor: socks_port: 9050 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Merge pull request #129 from aagbsn/fix/add_obfsproxy_binary_option_to_sample_config
commit 7908de9974a899ccad181a55be04244a69ed878c Merge: d979704 8b4b2d9 Author: Arturo Filastò hell...@gmail.com Date: Thu Jul 4 06:24:27 2013 -0700 Merge pull request #129 from aagbsn/fix/add_obfsproxy_binary_option_to_sample_config Add obfsproxy_binary option to sample config data/ooniprobe.conf.sample |1 + 1 file changed, 1 insertion(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [ooni-probe/master] Launch oonid by default and add notes on how to use the web UI
commit 779fa676111d55f55e2f87c9f85a90b493844398 Author: Arturo Filastò a...@fuffa.org Date: Thu Aug 15 20:52:46 2013 +0200 Launch oonid by default and add notes on how to use the web UI --- Vagrantfile|9 +++-- data/ooniprobe.conf.sample |6 +++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index b1c6fe4..9099960 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -31,8 +31,12 @@ make lists 21 /dev/null # https://code.google.com/p/pypcap/issues/detail?id=27 # pip install pydnet pypcap -echo Login using 'vagrant ssh', and dont forget to run ooniprobe as root. -echo First run: 'sudo su; cd /usr/share/ooni; ./bin/ooniprobe -i decks/before_i_commit.testdeck' +/ooni/bin/oonid +echo You may now visit http://localhost:8042/ to start running some ooniprobe tests +echo +echo Or if you are a bit more h4x0r you can ssh into the box and use the ooniprobe CLI +echo Login using 'vagrant ssh', and dont forget to run ooniprobe as root. +echo First run: 'sudo su; cd /usr/share/ooni; ./bin/ooniprobe -i decks/before_i_commit.testdeck' SCRIPT @@ -42,4 +46,5 @@ SCRIPT Vagrant.configure(2) do |config| config.vm.provision :shell, :inline = $script +config.vm.network :forwarded_port, guest: 8042, host: 8042 end diff --git a/data/ooniprobe.conf.sample b/data/ooniprobe.conf.sample index 54f7b83..7707be0 100644 --- a/data/ooniprobe.conf.sample +++ b/data/ooniprobe.conf.sample @@ -32,7 +32,7 @@ advanced: #interface: wlan0 # If you do not specify start_tor, you will have to have Tor running and # explicitly set the control port and SOCKS port -start_tor: false +start_tor: true # After how many seconds we should give up on a particular measurement measurement_timeout: 30 # After how many retries we should give up on a measurement @@ -49,8 +49,8 @@ advanced: data_dir: /usr/share/ooni/ oonid_api_port: 8042 tor: -socks_port: 9050 -#control_port: 9051 +socks_port: 9001 +control_port: 9002 # Specify the absolute path to the Tor bridges to use for testing #bridges: bridges.list # Specify path of the tor datadirectory. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix #9108 - make global_circuitlist a doubly linked list
commit 1555876d5f27acaa9326045e33b6e2bfc1013c7f
Author: Marek Majkowski ma...@popcount.org
Date: Thu Jun 20 16:56:54 2013 +0100
Fix #9108 - make global_circuitlist a doubly linked list
---
changes/bug9108 |3 ++
src/or/channel.h |1 -
src/or/circuitbuild.c |2 +-
src/or/circuitlist.c | 94 -
src/or/circuitlist.h |4 ++-
src/or/circuituse.c | 24 ++---
src/or/control.c |2 +-
src/or/onion.c|1 -
src/or/or.h |4 ++-
src/or/relay.c|2 +-
src/or/rendclient.c |2 +-
src/or/rendservice.c |4 +--
src/or/rephist.c |2 +-
src/or/status.c |2 +-
14 files changed, 58 insertions(+), 89 deletions(-)
diff --git a/changes/bug9108 b/changes/bug9108
new file mode 100644
index 000..9d2d3d8
--- /dev/null
+++ b/changes/bug9108
@@ -0,0 +1,3 @@
+ o Code simplifications and refactoring:
+- Make global_circuitlist data structure in circuitlist.c
+ a doubly-linked list. Bug #9108.
diff --git a/src/or/channel.h b/src/or/channel.h
index 83d7e90..8f08220 100644
--- a/src/or/channel.h
+++ b/src/or/channel.h
@@ -10,7 +10,6 @@
#define TOR_CHANNEL_H
#include or.h
-#include tor_queue.h
#include circuitmux.h
/* Channel handler function pointer typedefs */
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 8cdb227..0b5a855 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -2174,7 +2174,7 @@ pathbias_count_circs_in_states(entry_guard_t *guard,
int open_circuits = 0;
/* Count currently open circuits. Give them the benefit of the doubt. */
- for (circ = circuit_get_global_list_(); circ; circ = circ-next) {
+ TOR_LIST_FOREACH(circ, circuit_get_global_list_(), head) {
origin_circuit_t *ocirc = NULL;
if (!CIRCUIT_IS_ORIGIN(circ) || /* didn't originate here */
circ-marked_for_close) /* already counted */
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 1912b91..6bf1859 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -36,7 +36,8 @@
/* START VARIABLES **/
/** A global list of all circuits at this hop. */
-circuit_t *global_circuitlist=NULL;
+struct global_circuitlist_s global_circuitlist =
+ TOR_LIST_HEAD_INITIALIZER(global_circuitlist);
/** A list of all the circuits in CIRCUIT_STATE_CHAN_WAIT. */
static smartlist_t *circuits_pending_chans = NULL;
@@ -370,21 +371,6 @@ circuit_set_state(circuit_t *circ, uint8_t state)
circ-state = state;
}
-/** Add bcirc/b to the global list of circuits. This is called only from
- * within circuit_new.
- */
-static void
-circuit_add(circuit_t *circ)
-{
- if (!global_circuitlist) { /* first one */
-global_circuitlist = circ;
-circ-next = NULL;
- } else {
-circ-next = global_circuitlist;
-global_circuitlist = circ;
- }
-}
-
/** Append to bout/b all circuits in state CHAN_WAIT waiting for
* the given connection. */
void
@@ -442,33 +428,17 @@ circuit_count_pending_on_channel(channel_t *chan)
void
circuit_close_all_marked(void)
{
- circuit_t *tmp,*m;
-
- while (global_circuitlist global_circuitlist-marked_for_close) {
-tmp = global_circuitlist-next;
-circuit_free(global_circuitlist);
-global_circuitlist = tmp;
- }
-
- tmp = global_circuitlist;
- while (tmp tmp-next) {
-if (tmp-next-marked_for_close) {
- m = tmp-next-next;
- circuit_free(tmp-next);
- tmp-next = m;
- /* Need to check new tmp-next; don't advance tmp. */
-} else {
- /* Advance tmp. */
- tmp = tmp-next;
-}
- }
+ circuit_t *circ, *tmp;
+ TOR_LIST_FOREACH_SAFE(circ, global_circuitlist, head, tmp)
+if (circ-marked_for_close)
+ circuit_free(circ);
}
/** Return the head of the global linked list of circuits. */
-circuit_t *
+struct global_circuitlist_s *
circuit_get_global_list_(void)
{
- return global_circuitlist;
+ return global_circuitlist;
}
/** Function to make circ-\state human-readable */
@@ -684,7 +654,7 @@ init_circuit_base(circuit_t *circ)
circ-package_window = circuit_initial_package_window();
circ-deliver_window = CIRCWINDOW_START;
- circuit_add(circ);
+ TOR_LIST_INSERT_HEAD(global_circuitlist, circ, head);
}
/** Allocate space for a new circuit, initializing with bp_circ_id/b
@@ -802,6 +772,8 @@ circuit_free(circuit_t *circ)
extend_info_free(circ-n_hop);
tor_free(circ-n_chan_create_cell);
+ TOR_LIST_REMOVE(circ, head);
+
/* Remove from map. */
circuit_set_n_circid_chan(circ, 0, NULL);
@@ -837,11 +809,11 @@ circuit_free_cpath(crypt_path_t *cpath)
void
circuit_free_all(void)
{
- circuit_t *next;
- while (global_circuitlist) {
-next = global_circuitlist-next;
-if (! CIRCUIT_IS_ORIGIN(global_circuitlist)) {
- or_circuit_t *or_circ = TO_OR_CIRCUIT(global_circuitlist);
+ circuit_t *tmp, *tmp2;
+
+ TOR_LIST_FOREACH_SAFE(tmp, global_circuitlist, head, tmp2) {
+if (!
[tor-commits] [tor/master] Merge remote-tracking branch 'majek/bug9108'
commit d4634d1b72d660b1ea5ce9874fcd6b04a15968e9 Merge: 1743144 1555876 Author: Nick Mathewson ni...@torproject.org Date: Thu Aug 15 15:36:04 2013 -0400 Merge remote-tracking branch 'majek/bug9108' Conflicts: src/or/circuitlist.h changes/bug9108 |3 ++ src/or/channel.h |1 - src/or/circuitbuild.c |9 + src/or/circuitlist.c | 94 - src/or/circuitlist.h |4 ++- src/or/circuituse.c | 30 ++-- src/or/control.c |2 +- src/or/onion.c|1 - src/or/or.h |3 +- src/or/relay.c|2 +- src/or/rendclient.c |2 +- src/or/rendservice.c |4 +-- src/or/rephist.c |2 +- src/or/status.c |2 +- 14 files changed, 57 insertions(+), 102 deletions(-) diff --cc src/or/circuitlist.c index 85bacce,6bf1859..a4144e8 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@@ -682,9 -653,8 +652,9 @@@ init_circuit_base(circuit_t *circ circ-package_window = circuit_initial_package_window(); circ-deliver_window = CIRCWINDOW_START; + cell_queue_init(circ-n_chan_cells); - circuit_add(circ); + TOR_LIST_INSERT_HEAD(global_circuitlist, circ, head); } /** Allocate space for a new circuit, initializing with bp_circ_id/b diff --cc src/or/circuitlist.h index 4e56f52,4726b3b..a43315d --- a/src/or/circuitlist.h +++ b/src/or/circuitlist.h @@@ -12,9 -12,9 +12,11 @@@ #ifndef TOR_CIRCUITLIST_H #define TOR_CIRCUITLIST_H +#include testsupport.h + - circuit_t * circuit_get_global_list_(void); + TOR_LIST_HEAD(global_circuitlist_s, circuit_t); + + struct global_circuitlist_s* circuit_get_global_list_(void); const char *circuit_state_to_string(int state); const char *circuit_purpose_to_controller_string(uint8_t purpose); const char *circuit_purpose_to_controller_hs_state_string(uint8_t purpose); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
