aboutsummaryrefslogtreecommitdiff
path: root/src/or/config.c
Commit message (Expand)AuthorAge
* Add support for days of the week to intervalsNick Mathewson2013-03-19
* Make the guard lifetime configurable and adjustable via the consensus•••Fixes 8240. (Don't actually increase the default guard lifetime. It seems likely to break too many things if done precipitiously.) Nick Mathewson2013-03-19
* add faravahar as our ninth v3 dir authRoger Dingledine2012-09-22
* fix whitespace and trivial typoRoger Dingledine2012-09-03
* Disable extending to private/internal addresses by default•••This is important, since otherwise an attacker can use timing info to probe the internal network. Also, add an option (ExtendAllowPrivateAddresses) so that TestingTorNetwork won't break. Fix for bug 6710; bugfix on all released versions of Tor. Nick Mathewson2012-08-27
* Merge remote-tracking branch 'public/bug6244_part_c' into maint-0.2.3Nick Mathewson2012-08-17
|\
| * Raise the part of torrc mapaddress handling that knows wildcards•••This patch extracts the inner part of config_register_addressmaps -- the part that knows about detecting wildcard addresses addresses -- and makes it into a new function. The new function is deliberately not moved or reindented, so that the diff is smaller. I need this to fix bug 6244. Nick Mathewson2012-08-15
* | Reject attempts to say FooPort and FooPort 0 in the same cfg domainNick Mathewson2012-08-09
* | Fix spaces from last patchNick Mathewson2012-08-09
* | Don't infer we have a FooPort from the presence of a FooPort line•••Thanks to the changes we started making with SocksPort and friends in 0.2.3.3-alpha, any of our code that did "if (options->Sockport)" became wrong, since "SocksPort 0" would make that test true whereas using the default SocksPort value would make it false. (We didn't actually do "if (options->SockPort)" but we did have tests for TransPort. When we moved DirPort, ORPort, and ControlPort over to the same system in 0.2.3.9-alpha, the problem got worse, since our code is littered with checks for DirPort and ORPort as booleans. This code renames the current linelist-based FooPort options to FooPort_lines, and adds new FooPort_set options which get set at parse-and-validate time on the or_options_t. FooPort_set is true iff we will actually try to open a listener of the given type. (I renamed the FooPort options rather than leave them alone so that every previous user of a FooPort would need to get inspected, and so that any new code that forgetfully uses FooPort will need fail to compile.) Fix for bug 6507. Nick Mathewson2012-08-09
|/
* Warn when accounting is used in a way likely to link hidden services•••Fix for 6490. Nick Mathewson2012-07-31
* Merge remote-tracking branch 'asn/bug6274_take3' into maint-0.2.3Nick Mathewson2012-07-23
|\
| * Better handling of server managed proxies when Tor is not a relay.George Kadianakis2012-07-18
* | Merge branch 'smartlist_shorten' into maint-0.2.3Nick Mathewson2012-07-18
|\ \
| * | Change all SMARTLIST_FOREACH loops of >=10 lines to use BEGIN/END•••The SMARTLIST_FOREACH macro is more convenient than BEGIN/END when you have a nice short loop body, but using it for long bodies makes your preprocessor tell the compiler that all the code is on the same line. That causes grief, since compiler warnings and debugger lines will all refer to that one line. So, here's a new style rule: SMARTLIST_FOREACH blocks need to be short. Nick Mathewson2012-07-17
* | | Improve message on spurious SOCKSListenAddressNick Mathewson2012-07-17
|/ /
* / Allow TestingTorNetwork when alternate dir and bridge authorities are set.•••Allow TestingTorNetwork when AlternateDirAuthority and AlternateBridgeAuthority is set even if DirServer is not. Linus Nordberg2012-07-17
|/
* conn_type_to_string() on a listener already says it's a listenerRoger Dingledine2012-06-16
* Triage the XXX023 and XXX022 comments: postpone many.Nick Mathewson2012-06-15
* Defend against entry node path bias attacks•••The defense counts the circuit failure rate for each guard for the past N circuits. Failure is defined as the ability to complete a first hop, but not finish completing the circuit all the way to the exit. If the failure rate exceeds a certain amount, a notice is emitted. If it exceeds a greater amount, a warn is emitted and the guard is disabled. These values are governed by consensus parameters which we intend to tune as we perform experiments and statistical simulations. Mike Perry2012-06-14
* Add a warning for using HTTPProxy with no other proxy.•••From what I can tell, this configuration is usually a mistake, and leads people to think that all their traffic is getting proxied when in fact practically none of it is. Resolves the issue behind "bug" 4663. Nick Mathewson2012-06-12
* Merge branch 'bug5452'Nick Mathewson2012-06-11
|\
| * Make RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT warning tell the user how to fix it.Andrea Shepard2012-06-11
| * Warn if the user has set CircuitBuildTimeout stupidly low and turned off Lear...Andrea Shepard2012-06-08
* | Merge remote-tracking branch 'public/bug5598'•••Conflicts: doc/tor.1.txt Conflict was on a formatting issue in the manpage. Nick Mathewson2012-06-11
|\ \
| * | Change the default for DynamicDHGroups to 0•••This feature can make Tor relays less identifiable by their use of the mod_ssl DH group, but at the cost of some usability (#4721) and bridge tracing (#6087) regressions. We should try to turn this on by default again if we find that the mod_ssl group is uncommon and/or we move to a different DH group size (see #6088). Before we can do so, we need a fix for bugs #6087 and Resolves ticket #5598 for now. Nick Mathewson2012-06-06
| |/
* / Be more careful calling wcstombs•••The function is not guaranteed to NUL-terminate its output. It *is*, however, guaranteed not to generate more than two bytes per multibyte character (plus terminating nul), so the general approach I'm taking is to try to allocate enough space, AND to manually add a NUL at the end of each buffer just in case I screwed up the "enough space" thing. Fixes bug 5909. Nick Mathewson2012-06-07
|/
* Revert "Disable (Cell,DirReq,Entry,ExitPort)Statistics on bridges"•••This reverts commit 981e896dd2eaf69798bb503c271306ee779dd6d2. Apparently Karsten still needs DirReqStatistics for bridges; see Nick Mathewson2012-06-05
* Disable (Cell,DirReq,Entry,ExitPort)Statistics on bridges•••These stats are currently discarded, but we might as well hard-disable them on bridges, to be clean. Fix for bug 5824; bugfix on 0.2.1.17-rc. Patch originally by Karsten Loesing. Nick Mathewson2012-06-05
* Merge remote-tracking branch 'public/bug4657'•••Conflicts: src/or/router.c Nick Mathewson2012-06-05
|\
| * Warn and ignore the MyFamily setting if BridgeRelay is also set•••Roger explains at http://archives.seul.org/tor/talk/Nov-2011/msg00209.html : "If you list your bridge as part of your family in the relay descriptor, then everybody can learn your bridge fingerprint, and they can look up your bridge's descriptor (and thus location) at the bridge directory authority." Now, we can't stop relays from listing bridges, but we can warn when we notice a bridge listing anybody, which might help some. This fixes bug 4657; it's a fix on 0.2.0.3-alpha, where bridges were first introduced. Nick Mathewson2012-05-24
* | Fix "make check-spaces" issuesNick Mathewson2012-06-05
* | Resolve about 24 DOCDOCsNick Mathewson2012-06-05
* | Update copyright dates to 2012; add a few missing copyright statementsNick Mathewson2012-06-04
* | Add about 60 more DOCDOC comments to 0.2.3•••Also, try to resolve some doxygen issues. First, define a magic "This is doxygen!" macro so that we take the correct branch in various #if/#else/#endifs in order to get the right documentation. Second, add in a few grouping @{ and @} entries in order to get some variables and fields to get grouped together. Nick Mathewson2012-06-04
* | Resolve some markup complaints from doxygenNick Mathewson2012-06-04
* | Resolve all currently pending DOCDOC items in masterNick Mathewson2012-06-04
* | Merge branch 'bug5604'Nick Mathewson2012-05-30
|\ \
| * | If DisableNetwork, don't even try to open non-controller listeners•••Fix for 5604; bugfix on 0.2.3.9-alpha, which introduced DisableNetwork. Nick Mathewson2012-04-18
* | | When ReloadTorrcOnSIGHUP=1, do non-reload activities anyway•••Previously, we skipped everything that got invoked from options_init_from_torrc. But some of the stuff in options_act_reversible and options_act is actually important, like reopening the logs. Now, a SIGHUP always makes the effects of an options_set() happen, even though the options haven't changed. Fix for bug 5095; bugfix on 0.2.1.9-alpha, which introduced __ReloadTorrcOnSIGHUP. Nick Mathewson2012-05-16
* | | Do not publish the "git-XXX" tag in server descriptors•••Instead, allow packagers to put a 'TOR_BUILD_TAG' field in the server descriptor to indicate a platform-specific value, if they need to. (According to weasel, this was his use for the git- tag previously.) This is part of 2988 Nick Mathewson2012-05-11
* | | Merge remote-tracking branch 'asn/bug4865_take2'Nick Mathewson2012-05-11
|\ \ \
| * | | Fix issues found by nickm.•••* Document fmt_addr_impl() and friends. * Parenthesize macro arguments. * Rename get_first_listener_addrport_for_pt() to get_first_listener_addrport_string(). * Handle port_cfg_t with no_listen. * Handle failure of router_get_active_listener_port_by_type(). * Add an XXX to router_get_active_listener_port_by_type(). George Kadianakis2012-04-12
| * | | Pass OR address to PT proxy, even with IPv6 or ORListenAddress.•••Introduce get_first_listener_addrport_for_pt() which returns a string containing the addrport of the first listener we could find. Use it to form the TOR_PT_ORPORT managed proxy protocol line. George Kadianakis2012-03-31
* | | | Fix comments: There is no such thing as a NUL pointerNick Mathewson2012-05-07
* | | | Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays•••Closes ticket 4572. Nick Mathewson2012-04-11
| |/ / |/| |
* | | Simplify DH prime generation logic some.•••This is just refactoring work here. The old logic was kind of convoluted, especially after the bug 5572 fix. We don't actually need to distinguish so many cases here. Dropping detection of the "!old_options || !old_options->DynamicDHGroups" case is fine because that's the same that we'd do for clients. Also add a changes file for bug 5572. Sebastian Hahn2012-04-08
* | | fix bug 5572Daniel 'koolfy' Faucon2012-04-07
* | | Merge remote-tracking branch 'origin/maint-0.2.2'Nick Mathewson2012-04-04
|\ \ \ | | |/ | |/|
| * | Wrap long line; strlen("ides")<strlen("turtles").Nick Mathewson2012-04-04
generated by cgit v1.2.3 (git 2.47.1) at 2025-03-18 11:58:58 +0000