| Commit message (Expand) | Author | Age |
|---|
| * | Appease clang - and my tortured mind•••This possible div by 0 warning from clang's analyzer was quite fun to
track down. Turns out the current behaviour is safe.
| Sebastian Hahn | 2011-05-09 |
| * | Fix circuit_list_path_impl(): internal circuits do not have an "exit". Trivia... | Nick Mathewson | 2011-05-03 |
| * | stop putting wacky values into state->lastwritten | Roger Dingledine | 2011-04-28 |
| * | fix a function comment | Roger Dingledine | 2011-04-28 |
| * | better user-facing warnings for unexpected last hops•••these still aren't perfect, but we won't know how to correct them until
we start experiencing surprised users.
| Roger Dingledine | 2011-04-27 |
| * | revert most of ef81649d2fc•••Now we believe it to be the case that we never build a circuit for our
stream that has an unsuitable exit, so we'll never need to use such
a circuit. The risk is that we have some code that builds the circuit,
but now we refuse to use it, meaning we just build a bazillion circuits
and ignore them all.
| Roger Dingledine | 2011-04-27 |
| * | Add a circuit_purpose_to_string() function, and use it•••We had a circuit_purpose_to_controller_string() function, but it was
pretty coarse-grained and didn't try to be human-readable.
| Nick Mathewson | 2011-04-27 |
| * | Explain the "using anyway" log message better•••Also add a request to report any cases where we are not honoring
StrictNodes to the developers: These should now all be bugs.
| Sebastian Hahn | 2011-04-26 |
| * | If we have chosen an exit that shares a family with all bridges, fail the cir...•••We could probably do something smarter here, but the situation is
unusual enough that it's okay to just fail the circuit.
| Nick Mathewson | 2011-04-26 |
| * | Do not try to download descriptors for bridges in ExcludeNodes. | Nick Mathewson | 2011-04-26 |
| * | Do not automatically ignore Fast/Stable for exits when ExitNodes is set•••This once maybe made sense when ExitNodes meant "Here are 3 exits;
use them all", but now it more typically means "Here are 3
countries; exit from there." Using non-Fast/Stable exits created a
potential partitioning opportunity and an annoying stability
problem.
(Don't worry about the case where all of our ExitNodes are non-Fast
or non-Stable: we handle that later in the function by retrying with
need_capacity and need_uptime set to 0.)
| Nick Mathewson | 2011-04-26 |
| * | Add an XXX022-1090 to note consider_exit_fmily b0rkenness | Nick Mathewson | 2011-04-26 |
| * | three more cases where maybe we want to exclude | Roger Dingledine | 2011-04-26 |
| * | If ExitNodes and Exclude{Exit}Nodes overlap, obey Exclude{Exit}Nodes.•••Also, ExitNodes are always strict.
| Roger Dingledine | 2011-04-26 |
| * | the new entrynodes behavior is always strict | Roger Dingledine | 2011-04-26 |
| * | If EntryNodes and ExcludeNodes overlap, obey ExcludeNodes. | Roger Dingledine | 2011-04-26 |
| * | Merge remote-tracking branch 'public/xxx_fixups' into maint-0.2.2•••Conflicts:
src/or/or.h
| Nick Mathewson | 2011-04-07 |
| |\ |
|
| | * | Triage the XXX022 and XXX021 comments remaining in the code•••Remove some, postpone others, leave some alone. Now the only
remaining XXX022s are ones that seem important to fix or investigate.
| Nick Mathewson | 2011-03-25 |
| * | | Use timevals, not time_t, when expiring circuits.•••We've got millisecond timers now, we might as well use them.
This change won't actually make circuits get expiered with microsecond
precision, since we only call the expiry functions once per second.
Still, it should avoid the situation where we have a circuit get
expired too early because of rounding.
A couple of the expiry functions now call tor_gettimeofday: this
should be cheap since we're only doing it once per second. If it gets
to be called more often, though, we should onsider having the current
time be an argument again.
| Nick Mathewson | 2011-03-30 |
| |/ |
|
| * | Fix up all doxygen warnings other than "foo is not documented" | Nick Mathewson | 2011-03-16 |
| * | Merge remote branch 'arma/bug2510' into maint-0.2.2 | Nick Mathewson | 2011-03-14 |
| |\ |
|
| | * | support multihomed bridges (bug 2510) | Roger Dingledine | 2011-02-08 |
| * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 | Nick Mathewson | 2011-03-08 |
| |\ \ |
|
| | * | | Avoid crash in any_pending_bridge_descriptor_fetches•••This is based on shitlei's fix for bug2629, with extra parens removed.
Fixes bug 2629, bugfix on 0.2.1.2-alpha.
| Nick Mathewson | 2011-03-08 |
| * | | | prevent same entry and exit for insane edge case | Roger Dingledine | 2011-02-22 |
| | |/
|/| |
|
| * | | Merge branch 'bug2321' into maint-0.2.2 | Nick Mathewson | 2011-01-26 |
| |\ \ |
|
| | * | | Avoid sketchy integer cast in cbt code•••When calling circuit_build_times_shuffle_and_store_array, we were
passing a uint32_t as an int. arma is pretty sure that this can't
actually cause a bug, because of checks elsewhere in the code, but
it's best not to pass a uint32_t as an int anyway.
Found by doorss; fix on 0.2.2.4-alpha.
| Nick Mathewson | 2011-01-26 |
| * | | | Comment remaining CBT functions.•••Left circuit_build_times_get_bw_scale() uncommented because it is in the wrong
place due to an improper bug2317 fix. It needs to be moved and renamed, as it
is not a cbt parameter.
| Mike Perry | 2011-01-25 |
| * | | | Fix bug #2004 by demoting a log message.•••To quote arma: "So instead of stopping your CBT from screaming, you're just
going to throw it in the closet and hope you can't hear it?"
Yep. The log message can happen because at 95% point on the curve, we can be
way beyond the max timeout we've seen, if the curve has few points and is
shallow.
Also applied Nick's rule of thumb for rewriting some other notice log messages
to read like how you would explain them to a raving lunatic on #tor who was
shouting at you demanding what they meant. Hopefully the changes live up to
that standard.
| Mike Perry | 2011-01-25 |
| |/ / |
|
| * | | Provide constant limits for all consensus params•••This addresses Nick's concern about doing non-constant bounds checking
inside networkstatus_get_param().
| Sebastian Hahn | 2011-01-15 |
| * | | Sanity-check consensus param values•••We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.
One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.
This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
| Sebastian Hahn | 2011-01-15 |
| * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts:
src/or/routerparse.c
| Nick Mathewson | 2011-01-03 |
| |\| |
|
| | * | fix whitespace issues | Nick Mathewson | 2011-01-03 |
| * | | Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2•••Conflicts:
src/common/test.h
src/or/test.c
| Nick Mathewson | 2011-01-03 |
| |\| |
|
| | * | Bump copyright statements to 2011 | Nick Mathewson | 2011-01-03 |
| * | | Merge remote branch fix_security_bug_021 into fix_security_bug_022•••Conflicts:
src/common/memarea.c
src/or/or.h
src/or/rendclient.c
| Nick Mathewson | 2010-12-15 |
| |\| |
|
| | * | Make payloads into uint8_t.•••This will avoid some signed/unsigned assignment-related bugs.
| Nick Mathewson | 2010-12-15 |
| * | | Merge branch 'bug1772' into maint-0.2.2 | Roger Dingledine | 2010-09-29 |
| |\ \ |
|
| | * | | fix two casts | Roger Dingledine | 2010-09-29 |
| | * | | Comment network liveness and change detection behavior. | Mike Perry | 2010-09-29 |
| | * | | refactor and recomment; no actual changes | Roger Dingledine | 2010-09-29 |
| | * | | Cap the circuit build timeout to the max time we've seen.•••Also, cap the measurement timeout to 2X the max we've seen.
| Mike Perry | 2010-09-29 |
| | * | | Do away with the complexity of the network liveness detection.•••We really should ignore any timeouts that have *no* network activity for their
entire measured lifetime, now that we have the 95th percentile measurement
changes. Usually this is up to a minute, even on fast connections.
| Mike Perry | 2010-09-29 |
| | * | | Fix state checks on liveness handling.•••If we really want all this complexity for these stages here, we need to handle
it better for people with large timeouts. It should probably go away, though.
| Mike Perry | 2010-09-29 |
| | * | | Fix non-live condition checks.•••Rechecking the timeout condition was foolish, because it is checked on the
same codepath. It was also wrong, because we didn't round.
Also, the liveness check itself should be <, and not <=, because we only have
1 second resolution.
| Mike Perry | 2010-09-29 |
| * | | | Merge commit 'mikeperry/bug1740' into maint-0.2.2 | Roger Dingledine | 2010-09-29 |
| |\| | |
|
| | * | | Only count timeout data for 3 hop circuits.•••Use 4/3 of this timeout value for 4 hop circuits, and use half of it for
canabalized circuits.
| Mike Perry | 2010-09-29 |
| * | | | improve code comments, based on comments from nick | Roger Dingledine | 2010-09-28 |
| * | | | handle ugly edge case in retrying entrynodes•••Specifically, a circ attempt that we'd launched while the network was
down could timeout after we've marked our entrynodes up, marking them
back down again. The fix is to annotate as bad the OR conns that were
around before we did the retry, so if a circuit that's attached to them
times out we don't do anything about it.
| Roger Dingledine | 2010-09-28 |
| * | | | Actually notice when our last entrynode goes down•••Otherwise we'd never set have_minimum_dir_info to false, so the
"optimistic retry" would never trigger.
| Roger Dingledine | 2010-09-28 |