Fix a bug weasel found: when we are an authority and somebody requests "all" statuses, cconsider regenerating our own.


svn:r5466

Make arguments to circuit_set_circid_orconn match the connection that is closing in circuit_about_to_close_connection. This accounts for our mysterious "arbitrary ram gets decremented!" bug.


svn:r5465

svn:r5464

conn over and over. that's really bad for memory.


svn:r5463

(nick, do i have my libevent strerror dance moves correct?)


svn:r5462

svn:r5461

Weasel says circuit_get_by_conn is his main timesink.  Most of its
users were just checking whether OR conns had circuits, so add a
circuit count to OR conns, and check that. One was
circuit_about_to_close_conn, which was doing an O(n^2) series of calls
to get all circs on an OR conn, so make an O(n) function for that.
Finally, circuit_get_by_edge_conn was using it as a sanity test that
has been around for a while but never found any actualy insanity, so
kill that.

circuit_get_by_conn is finally dead, which is good, since it was never
sane to begin with.


svn:r5460

svn:r5459

svn:r5458

separately. It's important to keep them separate because internal
circuits have their last hops picked like middle hops, rather than like
exit hops. So exiting on them will break the user's expectations.

- Stop cannibalizing internal circuits for general exits, and stop
  cannibalizing exit circuits for rendezvous stuff.

- Don't let new exit streams attach to internal circuits.

- When deciding if we have enough circuits for internal and for exit,
  don't count the wrong ones.

- Treat predicted resolves as predicted port 80 exits.


svn:r5457

for non-OR conns. this should save a bit of time.


svn:r5456

This is not a real fix. I didn't look at the rest of the code.
Nick?


svn:r5455

svn:r5454

(intended to be cannibalized later for rendezvous and introduction
circuits), we were picking them so that they had useful exit nodes. There
was no need for this, and it actually aids some statistical attacks.


svn:r5453

svn:r5452

svn:r5451

svn:r5450

svn:r5449

svn:r5448

svn:r5447

svn:r5446

Make dropping very old descriptors faster (remove old correctness check). Track bytes dropped that are still in our store or journal, and rebuild when it gets very high.


svn:r5445

svn:r5444

svn:r5443

Track how many bytes we have in signed descriptors. Try to make sure we are tracking this right. Somebody should valgrind a dirserver on an example net.  There should be code to dump this value.


svn:r5442

svn:r5441

svn:r5440

svn:r5439

svn:r5438

svn:r5437

server descriptors that were uploaded to a router in its role as authoritative
dirserver.


svn:r5436

svn:r5435

svn:r5434

svn:r5433

svn:r5432

  - If we can't get to a dirserver directly, try going via Tor.
  - Don't ever try to connect (as a client) to a place our firewall
    options forbid.
  - If we specify a proxy and also firewall options, obey the firewall
    options even when we're using the proxy: some proxies can only proxy
    to certain destinations.


svn:r5431

svn:r5430

don't tell you (it happens!); and rotate TLS connections once a week.

1) If an OR conn becomes more than a week old, make it obsolete.
2) If it's obsolete and empty, kill it.
3) When an OR makes a second connection to you, allow it.
4) If we want to send a new create cell, but the best conn we've
   got is obsolete, and the router is 0.1.1.9-alpha-cvs or later, ask
   for a new conn instead.
5) When we time out on circuit building on the first hop, make that
   connection obsolete.


svn:r5429

svn:r5428

first few moments of their existence in CIRCUIT_STATE_OPEN, then
when Alice sent an extend request for a Tor that they're not connected
to, they switched to CIRCUIT_STATE_OR_WAIT and spent the rest of
their sorry little lives in that state, even when the connection
was established and they were shuttling relay cells back and forth.

And I'm not going to backport this (yet), because somehow it worked!


svn:r5427