| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
| |
Based on a patch from Linus, regenerated so as to not conflict with
Linus's 5535/6363 patches.
|
| |\ |
|
| | |
| |
| |
| | |
Fix for bug 6774; bugfix on 0.2.3.17-beta.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
extend_info_from_node() used to use the primary OR port (i.e. IPv4)
unless the node had routerinfo. Now that we have IPv6 addresses in
microdescs we may want to use them.
Note that this patch changes using r->cache_info.identity_digest into
using node->identity. I count on these being well synchronised, or
things would break in other ways. Right?
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.
Use "preferred OR port" for all entry nodes, not only for bridges.
Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
configured in Bridge line and ClientPreferIPv6ORPort is set.
Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
descriptor and ClientPreferIPv6ORPort is set.
Filter "preferred OR port" through the ClientUseIPv6 config option. We
might want to move this test to where actual connection is being set
up once we have a fall back mechanism in place.
Have only non-servers pick an IPv6 address for the first hop: We
don't want relays to connect over IPv6 yet. (IPv6 has never been used
for second or third hops.)
Implements ticket 5535.
|
| |\| |
|
| | |
| |
| |
| | |
Fix for #6251
|
| | |
| |
| |
| |
| |
| |
| | |
We've had over two months to fix them, and didn't. Now we need
0.2.3.x stable. Yes, it would be cool to get this working in
0.2.3.x, but not at the expense of delaying every other feature that
_does_ work in 0.2.3.x. We can do a real fix in 0.2.4.
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | | |
We were effectively resetting our counts, and the rounding error
leads to incorrect log messages.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also make a couple of them less scary.
We'll do a separate, additional commit on 0.2.4.x to bump them back
up again.
|
| | | |
| | |
| | |
| | |
| | | |
This should eliminate a lot of notices for Directory Authorities and other
situations where circuits built without using guard nodes.
|
| |\ \ \
| | |/
| |/| |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is important, since otherwise an attacker can use timing info
to probe the internal network.
Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.
Fix for bug 6710; bugfix on all released versions of Tor.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move extend_info_from_router() from circuitbuild.c to router.c and
make it static.
Add get_configured_bridge_by_orports_digest() and have
get_configured_bridge_by_routerinfo() and
node_is_a_configured_bridge() use it. We now consider all OR ports of
a bridge when looking for it.
Move node_get_*_orport to nodelist.c.
Fix a cut'n'paste error in header of nodelist.h.
Add node_assert_ok().
Add router_get_all_orports(). It's duplicating code from
node_get_all_orports(). Worth fixing at the cost of complicating the
API slightly?
|
| |\| |
|
| | | |
|
| | |
| |
| |
| | |
Also promote log messages to notice and rate-limit them.
|
| | |
| |
| |
| |
| |
| | |
This is done to avoid spurious warns. Additional log lines are also
added to try to track down the codepaths where we are somehow overcounting
success counts.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The SMARTLIST_FOREACH macro is more convenient than BEGIN/END when
you have a nice short loop body, but using it for long bodies makes
your preprocessor tell the compiler that all the code is on the same
line. That causes grief, since compiler warnings and debugger lines
will all refer to that one line.
So, here's a new style rule: SMARTLIST_FOREACH blocks need to be
short.
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| | |
Move 'transport_t' to transports.h, and all transport-related
functions that don't rely on 'bridge_list' to transports.c.
|
| |/
|
|
| |
Fixes bug 6397 and coverity issue 709599. Bugfix on 0.2.3.17-beta.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We now catch bare {s that should be on the previous line with a do,
while, if, or for, and elses that should share a line with their
preceding }.
That is,
if (foo)
{
and
if (foo) {
...
}
else
are now detected.
We should think about maybe making Tor uncrustify-clean some day,
but configuring uncrustify is an exercise in bizarreness, and
reformatting huge gobs of Tor is always painful.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
I saw 72% on a test run with 26 circuits. 70% might be a little close to the
line. That, or min_circs is too low and we need to be more patient. We still
need to test/simulate more.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.
If the failure rate exceeds a certain amount, a notice is emitted.
If it exceeds a greater amount, a warn is emitted and the guard is disabled.
These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
The warning message of validate_pluggable_transports_config() is
superseded by the changes in the warning message of
connection_or_connect() when the proxy credentials can't be found.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
disabled
|
| | | |
|
| | |
| |
| |
| | |
is disabled
|
| | |
| |
| |
| | |
timeouts
|
| |/
|
|
| |
queries of consensus parameters for bug 5049
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
* Minor stylistic changes to comments and doxygen
* Use strcmp_opt; it already exists.
* Tighten bridge_has_digest implementation a little.
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
|
| |
Also, try to resolve some doxygen issues. First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
|
| | |
|
| |
|
|
|
|
|
|
| |
Previously, we only did this check at startup, which could lead to
us holding a guard indefinitely, and give weird results. Fixes bug
5380; bugfix on 0.2.1.14-rc.
(Patch by Roger; changes file and commit message by Nick)
|