| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | |
|
| |\| |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
ChangeLog
src/or/routerparse.c
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Another dereference-then-NULL-check sequence. No reports of this bug
triggered in the wild. Fixes bugreport 1256.
Thanks to ekir for discovering and reporting this bug.
|
| | | | |
|
| | |/
|/|
| |
| |
| | |
Also always predict that we need a high capacity circuit or internal
circuit.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Also add a comment about an odd CBT timeout edgecase.
|
| | | |
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
ChangeLog
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
backport of c43859c5c12361fad505
backport of 0d13e0ed145f4c1b5bd1
|
| | |
| |
| |
| | |
it's wrong, but that's our problem not its problem
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Specifically, there are two cases: a) are we willing to start a new
circuit at a node not in your ExitNodes config option, and b) are we
willing to make use of a circuit that's already established but has an
unsuitable exit.
Now we discard all your circuits when you set ExitNodes, so the only
way you could end up with an exit circuit that ends at an unsuitable
place is if we explicitly ran out of exit nodes, StrictNodes was 0,
and we built this circuit to solve a stream that needs solving.
Fixes bug in dc322931, which would ignore the just-built circuit because
it has an unsuitable exit.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before it would prepend your requested entrynodes to your list of guard
nodes, but feel free to use others after that. Now it chooses only
from your EntryNodes if any of those are available, and only falls back
to others if a) they're all down and b) StrictNodes is not set.
Also, now we refresh your entry guards from EntryNode at each consensus
fetch (rather than just at startup and then they slowly rot as the
network changes).
The goal here is to make users less likely to set StrictNodes, since
it's doing closer to what they expect it should be doing.
|
| | |
| |
| |
| |
| |
| | |
This is step one of handling ExcludedNodes better. This first
step is just to make EntryNodes and ExitNodes do what they did
before.
|
| |\ \
| | |
| | |
| | |
| | | |
Conflicts:
ChangeLog
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The new rule is: safe_str_X() means "this string is a piece of X
information; make it safe to log." safe_str() on its own means
"this string is a piece of who-knows-what; make it safe to log".
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.
This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In C, the code "char x[10]; if (x) {...}" always takes the true branch of
the if statement. Coverity notices this now.
In some cases, we were testing arrays to make sure that an operation
we wanted to do would suceed. Those cases are now always-true.
In some cases, we were testing arrays to see if something was _set_.
Those caes are now tests for strlen(s), or tests for
!tor_mem_is_zero(d,len).
|
| | | |
|
| | |
| |
| |
| |
| | |
This was introduced in f7e6e852e80c22b40a8f09bc1c85074726d7078e.
Found by Coverity
|
| | |
| |
| |
| |
| |
| | |
There were however other places where we used to call this
function that might have caused this to fire. Better
safe than sorry now.
|
| | |
| |
| |
| |
| |
| | |
This seems to be happening to me a lot on a garbage DSL line.
We may need to come up with 2 threshholds: a high short onehop
count and a lower longer count.
|
| | |
| |
| |
| | |
Pretimeouts may have build time data, just no timeout data.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Don't count one-hop circuits when we're estimating how long it
takes circuits to build on average. Otherwise we'll set our circuit
build timeout lower than we should. Bugfix on 0.2.2.2-alpha.
|
| | |
| |
| |
| |
| |
| | |
1108 was actually just a fencepost error in an assert,
but making the state file handling code resilient is a
good idea.
|
| | |
| |
| |
| |
| |
| |
| | |
Some memory could be lost in the error case of
circuit_build_times_parse_state.
Found by Coverity
|
| | |
| |
| |
| |
| | |
Don't pass in a quantile that is too high during pretimeout
calcualtion.
|
| | |
| |
| |
| | |
Try to clarify things in the comment too.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
A) We were considering a circuit had timed out in the special cases
where we close rendezvous circuits because the final rendezvous
circuit couldn't be built in time.
B) We were looking at the wrong timestamp_created when considering
a timeout.
|
| | |
| |
| |
| | |
Based on irc discussion with arma.
|
| | |
| |
| |
| |
| | |
Mostly by storing the timeout as milliseconds and not seconds
internally.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
And also the number of recent circuits used to decide
when the network changes.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
We want it to be under our control so it doesn't mess
up initialization. This is likely the cause for
the bug the previous assert-adding commit (09a75ad) was
trying to address.
|
| | |
| |
| |
| | |
Got a negative timeout value on startup. Need to narrow it down.
|