| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
and there's a running Tor server at that address which allows exit to
the destination, then extend the circuit to that exit first.
Also, if the user asks for a .exit node, cannibalize general circs for it.
svn:r4779
|
| |
|
|
|
|
|
| |
hidden services faster on the service end.
svn:r4772
|
| |
|
|
|
|
|
|
|
| |
CIRCUIT_PURPOSE_C_ESTABLISH_REND and CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
so we were being forced to build those from scratch.
This should save us a bit of time. Also fixes bug 173.
svn:r4763
|
| |
|
|
| |
svn:r4553
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add a new extend_info_t datatype to hold information needed to
extend a circuit (addr,port,keyid,onion_key). Use it in cpath and
build_state. Make appropriate functions take or return it instead of
routerinfo_t or keyid.
- #if 0 needless check in circuit_get_by_edge_conn; if nobody triggers this
error in 0.1.0.10, nobody will trigger it.
- Implement new hidden service descriptor format, which contains "extend
info" for introduction points, along with protocol version list.
- Parse new format.
- Generate new format
- Cache old and new formats alongside each other.
- Directories serve "old" format if asked in old way, "newest available"
format if asked in new way.
- Use new format to find introduction points if possible; otherwise fall
back. Keep nickname lists and extendinfo lists in sync.
- Tests for new format.
- Implement new "v2" INTRODUCE cell format.
- Accept new format
- Use new format if we have a versioned service descriptor that says the
server accepts the new format.
- Add documentation for functions and data types.
svn:r4506
|
| |
|
|
|
|
| |
function definition format uniform.
svn:r4411
|
| |
|
|
| |
svn:r4404
|
| |
|
|
| |
svn:r4382
|
| |
|
|
| |
svn:r4228
|
| |
|
|
|
|
|
| |
also generally clean up log messages.
svn:r4174
|
| |
|
|
| |
svn:r4116
|
| |
|
|
|
|
| |
skewed-descriptor messages better.
svn:r4047
|
| |
|
|
|
|
| |
using it. Watch out, kids!
svn:r4026
|
| |
|
|
|
|
| |
add some debugging sanity-checking for cirid_orconn_map stuff
svn:r4024
|
| |
|
|
|
|
| |
splay tree of (circid,orconn)->circuit mappings to make circuit_get_by_circid_conn much faster.
svn:r4020
|
| |
|
|
| |
svn:r3982
|
| |
|
|
|
|
|
| |
running at least 0.0.9.7
svn:r3966
|
| |
|
|
|
|
|
|
|
| |
but we didn't like the result, we were closing the connection
without sending any destroys back for the pending circuits. now
send those destroys anyway; i hope this doesn't break too much.
svn:r3951
|
| |
|
|
|
|
|
|
|
| |
when building testing circs for orport testing, require high-bandwidth
nodes, so fewer circs fail. complain about unreachable orport separately
from unreachable dirport.
svn:r3935
|
| |
|
|
|
|
|
| |
gets open circs.
svn:r3856
|
| |
|
|
| |
svn:r3855
|
| |
|
|
| |
svn:r3798
|
| |
|
|
|
|
|
|
| |
Also refactor circuit building so we plan the whole path ahead
of time.
svn:r3797
|
| |
|
|
|
|
| |
address our "Ah, you allow 1.2.3.4:80. You are a good choice for google.com" problem.
svn:r3786
|
| |
|
|
| |
svn:r3781
|
| |
|
|
|
|
| |
functions; time out uncontrolled unattached streams; feed reasons to SOCKS5 (refactoring connection_ap_handshake_socks_reply in the process); change DirFetchPeriod/StatusFetchPeriod to have a special "Be smart" value.
svn:r3769
|
| |
|
|
|
|
|
|
| |
also, consider your ORPort reachable after you've processed a
create cell from any non-local address.
svn:r3763
|
| |
|
|
| |
svn:r3757
|
| |
|
|
| |
svn:r3751
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add 'testing' circuit purpose, for reachability testing.
Notice when our IP changes, and reset stats.
Try to pull down a directory via Tor to see if our DirPort is working.
Try to extend a circuit back to us to see if our ORPort is working.
Only publish a descriptor if they're both reachable.
These mostly work, and I'd better get them in before I cause conflicts.
svn:r3703
|
| |
|
|
|
|
|
|
|
|
| |
Add a new TrackHostExits directive to trigger addressmaps for
certain incoming socks addresses, for sites that break when your exit
keeps changing.
Redo the client-side dns cache so it's just an addressmap too.
svn:r3641
|
| |
|
|
|
|
|
| |
a working circuit they could use instead.
svn:r3502
|
| |
|
|
|
|
|
|
| |
something goes wrong. this should only be used by people actively
tracking bugs.
svn:r3487
|
| |
|
|
|
|
|
|
| |
for normal connections, so we don't spend our internal circs on
other stuff and not have them when we need them.
svn:r3380
|
| |
|
|
|
|
|
|
|
|
| |
until none are left, then we try to refetch the descriptor. If it's
the same one we had before, then close streams right then. Whenever
a new stream arrives, even if it's right after, optimistically try
refetching the descriptor, just in case.
svn:r3379
|
| |
|
|
|
|
|
|
|
| |
a general circ, and called rend_client_rendcirc_has_opened(), which
called connection_ap_attach_pending(), which was needing a rendezvous
circ, so it cannibalized a general circuit, and called ...
svn:r3370
|
| |
|
|
| |
svn:r3361
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to the exit policy of the last hop. Intro and rendezvous circs must
be internal circs, to avoid leaking information. Resolve and connect
streams can use internal circs if they want.
New circuit pooling algorithm: make sure to have enough circs around
to satisfy any predicted ports, and also make sure to have 2 internal
circs around if we've required internal circs lately (with high uptime
if we've seen that lately).
Split NewCircuitPeriod config option into NewCircuitPeriod (30 secs),
which describes how often we retry making new circuits if current ones
are dirty, and MaxCircuitDirtiness (10 mins), which describes how long
we're willing to make use of an already-dirty circuit.
Once rendezvous circuits are established, keep using the same circuit as
long as you attach a new stream to it at least every 10 minutes. (So web
browsing doesn't require you to build new rend circs every 30 seconds.)
Cannibalize GENERAL circs to be C_REND, C_INTRO, S_INTRO, and S_REND
circ as necessary, if there are any completed ones lying around when
we try to launch one.
Re-instate the ifdef's to use version-0 style introduce cells, since
there was yet another bug in handling version-1 style. We'll try switching
over again after 0.0.9 is obsolete.
Bugfix: when choosing an exit node for a new non-internal circ, don't take
into account whether it'll be useful for any pending x.onion addresses --
it won't.
Bugfix: we weren't actually publishing the hidden service descriptor when
it became dirty. So we only published it every 20 minutes or so, which
means when you first start your Tor, the hidden service will seem broken.
svn:r3360
|
| |
|
|
| |
svn:r3353
|
| |
|
|
|
|
|
| |
consider it handled if there's a circ that fits but isn't high-uptime.
svn:r3349
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
high capacity nodes. When building circuits, choose appropriate nodes.
New config option LongLivedPorts to indicate application streams
that will want high uptime circuits.
When attaching a stream to a circuit, pay attention to its requirements.
This means that every single node in an intro rend circuit, not just
the last one, will have a minimum uptime.
Boost the min uptime from an hour to 24 hours.
svn:r3339
|
| |
|
|
|
|
|
|
|
|
|
|
| |
tried they were all unreachable, assume we are not connected to
the network.
when an application request comes in during this state, be
optimistic and assume we just reconnected. fetch a new directory
and if it works, begin making circuits.
svn:r3327
|
| |
|
|
|
|
|
|
|
| |
make it clearer which warns are bugs,
make the control log event match its specification,
point out a bug in how we deal with failure when renewing the tls context.
svn:r3138
|
| |
|
|
|
|
|
|
|
| |
Stop treating the uint16_t's as null-terminated strings,
and stop looking at the byte after them to see if it's null,
because sometimes you're not allowed to look there.
svn:r3108
|
| |
|
|
| |
svn:r3095
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the past 6 hours, and always try to have 2 circuits open or on the way
that will handle each such port. (We can extend this to include addresses
if exit policies shift to require that.) Seed us with port 80 so web
browsers won't complain that Tor is "slow to start up".
This was necessary because our old circuit building strategy just involved
counting circuits, and as time went by we would build up a big pile of
circuits that had peculiar exit policies (e.g. only exit to 9001-9100)
which would take up space in the circuit pile but never get used.
Fix router_compare_addr_to_addr_policy: it was not treating a port of *
as always matching, so we were picking reject *:* nodes as exit nodes too.
If you haven't used a clean circuit in an hour, throw it away, just to
be on the safe side.
This means after 6 hours a totally unused Tor client will have no
circuits open.
svn:r3078
|
| |
|
|
|
|
|
|
|
|
|
| |
Stop keeping track of num_retries for apconns, since they expire
after 60 seconds anyway.
When warning about retrying or giving up, print the address, so
the user knows which one it's talking about.
svn:r3073
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
waiting for its connected cell, we were calculating time from when the
ap_conn was created. So if it waited say 20 seconds before being attached,
then we would immediately decide that the circuit had timed out.
Also, make circuit_dump_by_conn() display actual circuit progress,
including circuits that haven't been attached to the conn yet but
hope to when it finishes connecting.
svn:r3072
|
| |
|
|
| |
svn:r3052
|
| |
|
|
|
|
|
|
|
|
|
| |
Put the check-if-requested-exitrouter-will-reject-us code in the
circuit_attach loop, so it gets checked periodically and not just
once at the beginning. This is useful in case the routerlist changes,
but also in case the address gets resolved into something that we learn
we'll reject.
svn:r3039
|