| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
| |
plus some other unrelated touchups that have been sitting in my
sandbox
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.
Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
|
| |
|
|
|
|
| |
The old flavored consensus URL format made it harder to decode URLs
based on their prefixes, and didn't take into account our "only give
it to me if it's signed by enough authorities" stuff.
|
| |
|
|
|
|
|
|
| |
The point of doing SHA256 twice is, generally, is to prevent message
extension attacks where an attacker who knows H(A) can calculate
H(A|B). But for attaching a signature to a document, the attacker
already _knows_ A, so trying to keep them from calculating H(A|B) is
pointless.
|
| |
|
|
|
| |
The original proposal was vague and would have made older Tors reject
detached-signature documents as soon as they saw one with flavors.
|
| |
|
|
|
|
|
| |
"neonomad" pointed out on or-talk that the order is opposite from the
intuitive order. explain why. we chose to fix the spec rather than the
code because there are controllers like torflow that already expect
the current behavior.
|
| | |
|
| |
|
|
|
| |
we made anybody who has 20KB/s Fast by definition, in 0.2.1.14-rc,
but it looks like we forgot to fix the spec.
|
| |
|
|
| |
Update the HACKING document and the cross compilation helper
|
| |
|
|
|
|
|
|
| |
A) We were considering a circuit had timed out in the special cases
where we close rendezvous circuits because the final rendezvous
circuit couldn't be built in time.
B) We were looking at the wrong timestamp_created when considering
a timeout.
|
| |
|
|
| |
Based on irc discussion with arma.
|
| | |
|
| |\ |
|
| | | |
|
| | |
| |
| |
| | |
Also correct some typos.
|
| | | |
|
| |\ \
| |/
|/| |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
finishes the authority-operator interface side of proposal 167.
|
| | | |
|
| |/
|
|
|
|
|
|
| |
This code adds a new field to vote on: "params". It consists of a list of
sorted key=int pairs. The output is computed as the median of all the
integers for any key on which anybody voted.
Improved with input from Roger.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
|
| |\| |
|
| | | |
|
| | |
| |
| |
| |
| | |
0d68da2381780e2f8010b52a9e062947554699d5 removed support for Version 0,
but didn't fix the manpage.
|
| | | |
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Resolved conflict in:
src/or/or.h
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Added a sanity check in config.c and a check in directory.c
directory_initiate_command_rend() to catch any direct connection attempts
when a socks proxy is configured.
|
| | | | | |
|
| |\ \ \ \
| |_|/ /
|/| | | |
|
| | |\ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
"Measured=" is present in votes regardless of consensus method.
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This is a patch to remove support for .noconnect.
We are removing .noconnect because of a talk at Defcon 17 by Gregory Fleischer.
|
| |\| | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | /
| | |_|_|/
| |/| | | |
|
| | | | | | |
|