we can turn it into an autobool later if we have some way for it
to make a decision.

(patch possibly got lost when nickm merged #6770; or maybe nickm meant
for it to be this way. i'm not sure.)

Fix for bug 6774; bugfix on 0.2.3.17-beta.

See #4771 for rationale.

Note that this patch does not take suggested changes in #4470 into
account and keeps treating AuthDirHasIPv6Connectivity as an
AUTOBOOL. Thus, bug fixes for that are included here as well.

This is a fix on master, unreleased as of now.

This is a fix of unreleased tor. It solves ticket #6770.

In case the struct grows in the future. Shouldn't be too expensive.

Linus Nordberg authored 12 years ago and Nick Mathewson committed 12 years ago

Also, make node_get_prim_orport() indicate in its return value whether
a valid OR port was copied or not.

Maybe we should make it legal to pass ap_out==NULL?

Linus Nordberg authored 12 years ago and Nick Mathewson committed 12 years ago

Also, do this only for clients, explicitly.

Also, give the flag a value every time we set consensus. We used to
touch it only when ClientPreferIPv6ORPort was set, which was wrong.

Linus Nordberg authored 12 years ago and Nick Mathewson committed 12 years ago

extend_info_from_node() used to use the primary OR port (i.e. IPv4)
unless the node had routerinfo. Now that we have IPv6 addresses in
microdescs we may want to use them.

Note that this patch changes using r->cache_info.identity_digest into
using node->identity. I count on these being well synchronised, or
things would break in other ways. Right?

Linus Nordberg authored 12 years ago and Nick Mathewson committed 12 years ago

Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.

Use "preferred OR port" for all entry nodes, not only for bridges.

Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
configured in Bridge line and ClientPreferIPv6ORPort is set.

Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
descriptor and ClientPreferIPv6ORPort is set.

Filter "preferred OR port" through the ClientUseIPv6 config option. We
might want to move this test to where actual connection is being set
up once we have a fall back mechanism in place.

Have only non-servers pick an IPv6 address for the first hop: We
don't want relays to connect over IPv6 yet. (IPv6 has never been used
for second or third hops.)

Implements ticket 5535.

Linus Nordberg authored 12 years ago and Nick Mathewson committed 12 years ago

I'm not entirely sure that this is meningful but I'm pretty sure it's
not harmful. Seems like the logical thing to do.

Linus Nordberg authored 12 years ago and Nick Mathewson committed 12 years ago

Generate and store all supported microdescriptor formats. Generate
votes with one "m" line for each format. Only "m" lines with version
info matching chosen consensus method will be voted upon.

An optimisation would be to combine "m" lines with identical hashes,
i.e. instead of "m 1,2,3 H1" and "m 4,5 H1", say "m 1,2,3,4,5 H1".

Linus Nordberg authored 12 years ago and Nick Mathewson committed 12 years ago

Define new new consensus method 14 adding "a" lines to vote and
consensus documents.

From proposal 186:

  As with other data in the vote derived from the descriptor, the
  consensus will include whichever set of "a" lines are given by the
  most authorities who voted for the descriptor digest that will be
  used for the router.

This patch implements this.

specifically, specify what sort of routers we're fetching.

Reserve it for when new directory information arrives in response to
a fetch.

Resolves ticket 6760.

Addresses bug 6759.

Allow one-hop directory fetching circuits the full "circuit build timeout"
period, rather than just half of it, before failing them and marking
the relay down. This fix should help reduce cases where clients declare
relays (or worse, bridges) unreachable because the TLS handshake takes
a few seconds to complete.

Fixes bug 6743 (one piece of bug 3443); bugfix on 0.2.2.2-alpha, where
we changed the timeout from a static 30 seconds.

Fix for #6251

We've had over two months to fix them, and didn't.  Now we need
0.2.3.x stable.  Yes, it would be cool to get this working in
0.2.3.x, but not at the expense of delaying every other feature that
_does_ work in 0.2.3.x.  We can do a real fix in 0.2.4.

This can create a remote crash opportunity for/against directory
authorities.

This is important, since otherwise an attacker can use timing info
to probe the internal network.

Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.

Fix for bug 6710; bugfix on all released versions of Tor.

This comes at the cost of making its failure message a little less
friendly, but since when do assertion failures count as
user-friendly?

We were effectively resetting our counts, and the rounding error
leads to incorrect log messages.

Also make a couple of them less scary.

We'll do a separate, additional commit on 0.2.4.x to bump them back
up again.

This should eliminate a lot of notices for Directory Authorities and other
situations where circuits built without using guard nodes.

Move extend_info_from_router() from circuitbuild.c to router.c and
make it static.

Add get_configured_bridge_by_orports_digest() and have
get_configured_bridge_by_routerinfo() and
node_is_a_configured_bridge() use it. We now consider all OR ports of
a bridge when looking for it.

Move node_get_*_orport to nodelist.c.

Fix a cut'n'paste error in header of nodelist.h.

Add node_assert_ok().

Add router_get_all_orports(). It's duplicating code from
node_get_all_orports(). Worth fixing at the cost of complicating the
API slightly?