1. 14 Jun, 2011 1 commit
    • Nick Mathewson's avatar
      Make the get_options() return const · 47c8433a
      Nick Mathewson authored
      This lets us make a lot of other stuff const, allows the compiler to
      generate (slightly) better code, and will make me get slightly fewer
      patches from folks who stick mutable stuff into or_options_t.
      const: because not every input is an output!
  2. 11 May, 2011 3 commits
    • Nick Mathewson's avatar
    • Nick Mathewson's avatar
      Hand-conversion and audit phase of memcmp transition · 59f9097d
      Nick Mathewson authored
      Here I looked at the results of the automated conversion and cleaned
      them up as follows:
         If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
         changed it to a fast_memcmp or fast_memeq.
         Otherwise if there was a tor_memcmp that could turn into a
         tor_memneq or tor_memeq, I converted it.
      This wants close attention.
      [*] I'm erring on the side of caution here, and leaving some things
      as tor_memcmp that could in my opinion use the data-dependent
      fast_memcmp variant.
    • Nick Mathewson's avatar
      Automated conversion of memcmp to tor_memcmp/tor_mem[n]eq · db7b2a33
      Nick Mathewson authored
      This commit is _exactly_ the result of
      perl -i -pe 's/\bmemcmp\(/tor_memcmp\(/g' src/*/*.[ch]
      perl -i -pe 's/\!\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
      perl -i -pe 's/0\s*==\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
      perl -i -pe 's/0\s*!=\s*tor_memcmp\(/tor_memneq\(/g' src/*/*.[ch]
      git checkout src/common/di_ops.[ch]
      git checkout src/or/test.c
      git checkout src/common/test.h
  3. 09 May, 2011 1 commit
  4. 25 Mar, 2011 1 commit
  5. 16 Mar, 2011 1 commit
  6. 15 Jan, 2011 1 commit
    • Sebastian Hahn's avatar
      Sanity-check consensus param values · 026e7987
      Sebastian Hahn authored
      We need to make sure that the worst thing that a weird consensus param
      can do to us is to break our Tor (and only if the other Tors are
      reliably broken in the same way) so that the majority of directory
      authorities can't pull any attacks that are worse than the DoS that
      they can trigger by simply shutting down.
      One of these worse things was the cbtnummodes parameter, which could
      lead to heap corruption on some systems if the value was sufficiently
      This commit fixes this particular issue and also introduces sanity
      checking for all consensus parameters.
  7. 06 Jan, 2011 1 commit
    • Nick Mathewson's avatar
      Use autoconf's FLEXIBLE_ARRAY_MEMBER for unspecified-length arrays · d4165ef8
      Nick Mathewson authored
      C99 allows a syntax for structures whose last element is of
      unspecified length:
         struct s {
           int elt1;
           char last_element[];
      Recent (last-5-years) autoconf versions provide an
      to either no tokens (if you have c99 flexible array support) or to 1
      (if you don't).  At that point you just use offsetof
      [STRUCT_OFFSET() for us] to see where last_element begins, and
      allocate your structures like:
         struct s {
           int elt1;
           char last_element[FLEXIBLE_ARRAY_MEMBER];
         tor_malloc(STRUCT_OFFSET(struct s, last_element) +
      The advantages are:
         1) It's easier to see which structures and elements are of
            unspecified length.
         2) The compiler and related checking tools can also see which
            structures and elements are of unspecified length, in case they
            wants to try weird bounds-checking tricks or something.
         3) The compiler can warn us if we do something dumb, like try
            to stack-allocate a flexible-length structure.
  8. 03 Jan, 2011 1 commit
  9. 16 Dec, 2010 1 commit
  10. 30 Nov, 2010 1 commit
  11. 22 Nov, 2010 1 commit
  12. 10 Nov, 2010 1 commit
  13. 09 Nov, 2010 1 commit
    • Nick Mathewson's avatar
      Add a testing-only option to use bufferevent_openssl as a filter · d238d838
      Nick Mathewson authored
      We need filtering bufferevent_openssl so that we can wrap around
      IOCP bufferevents on Windows.  This patch adds a temporary option to
      turn on filtering mode, so that we can test it out on non-IOCP
      systems to make sure it hasn't got any surprising bugs.
      It also fixes some allocation/teardown errors in using
      bufferevent_openssl as a filter.
  14. 21 Oct, 2010 1 commit
  15. 14 Oct, 2010 1 commit
    • Sebastian Hahn's avatar
      Rename router_get_by_digest() · 4556f2e7
      Sebastian Hahn authored
      We now call the function router_get_by_id_digest() to make clear that
      we're talking about the identity digest here, not descriptor digest.
  16. 12 Oct, 2010 2 commits
  17. 11 Oct, 2010 1 commit
  18. 05 Oct, 2010 1 commit
  19. 01 Oct, 2010 2 commits
    • Nick Mathewson's avatar
      Initial conversion to use node_t throughout our codebase. · 26e89742
      Nick Mathewson authored
      A node_t is an abstraction over routerstatus_t, routerinfo_t, and
      microdesc_t.  It should try to present a consistent interface to all
      of them.  There should be a node_t for a server whenever there is
        * A routerinfo_t for it in the routerlist
        * A routerstatus_t in the current_consensus.
      (note that a microdesc_t alone isn't enough to make a node_t exist,
      since microdescriptors aren't usable on their own.)
      There are three ways to get a node_t right now: looking it up by ID,
      looking it up by nickname, and iterating over the whole list of
      All (or nearly all) functions that are supposed to return "a router"
      -- especially those used in building connections and circuits --
      should return a node_t, not a routerinfo_t or a routerstatus_t.
      A node_t should hold all the *mutable* flags about a node.  This
      patch moves the is_foo flags from routerinfo_t into node_t.  The
      flags in routerstatus_t remain, but they get set from the consensus
      and should not change.
      Some other highlights of this patch are:
        * Looking up routerinfo and routerstatus by nickname is now
          unified and based on the "look up a node by nickname" function.
          This tries to look only at the values from current consensus,
          and not get confused by the routerinfo_t->is_named flag, which
          could get set for other weird reasons.  This changes the
          behavior of how authorities (when acting as clients) deal with
          nodes that have been listed by nickname.
        * I tried not to artificially increase the size of the diff here
          by moving functions around.  As a result, some functions that
          now operate on nodes are now in the wrong file -- they should
          get moved to nodelist.c once this refactoring settles down.
          This moving should happen as part of a patch that moves
          functions AND NOTHING ELSE.
        * Some old code is now left around inside #if 0/1 blocks, and
          should get removed once I've verified that I don't want it
          sitting around to see how we used to do things.
      There are still some unimplemented functions: these are flagged
      with "UNIMPLEMENTED_NODELIST()."  I'll work on filling in the
      implementation here, piece by piece.
      I wish this patch could have been smaller, but there did not seem to
      be any piece of it that was independent from the rest.  Moving flags
      forces many functions that once returned routerinfo_t * to return
      node_t *, which forces their friends to change, and so on.
    • Nick Mathewson's avatar
  20. 29 Sep, 2010 2 commits
  21. 27 Sep, 2010 7 commits
  22. 20 Sep, 2010 1 commit
  23. 16 Sep, 2010 1 commit
  24. 15 Sep, 2010 1 commit
  25. 15 Aug, 2010 2 commits
  26. 30 Jul, 2010 1 commit
    • Nick Mathewson's avatar
      Clear cell queues when marking or truncating a circuit. · 6f451013
      Nick Mathewson authored
      At best, this patch helps us avoid sending queued relayed cells that
      would get ignored during the time between when a destroy cell is
      sent and when the circuit is finally freed.  At worst, it lets us
      release some memory a little earlier than it would otherwise.
      Fix for bug #1184.  Bugfix on
  27. 27 Jul, 2010 2 commits