| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/or/channel.c
src/or/circuitlist.c
src/or/connection.c
Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits. But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.
This is part of fixing 6799.
When applied to 0.2.5, it is also a fix for 12023.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.
Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.
Fix for ticket 6799.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd). The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.
To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.
(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox. It's not desirable either.)
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
When get_proxy_addrport returned PROXY_NONE, it would leave
addr/port unset. This is inconsistent, and could (if we used the
function in a stupid way) lead to undefined behavior. Bugfix on
5b050a9b0, though I don't think it affects tor-as-it-is.
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
Conflicts:
src/or/channel.h
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes a possible root cause of 11553 by only making 64 attempts at
most to pick a circuitID. Previously, we would test every possible
circuit ID until we found one or ran out.
This algorithm succeeds probabilistically. As the comment says:
This potentially causes us to give up early if our circuit ID
space is nearly full. If we have N circuit IDs in use, then we
will reject a new circuit with probability (N / max_range) ^
MAX_CIRCID_ATTEMPTS. This means that in practice, a few percent
of our circuit ID capacity will go unused.
The alternative here, though, is to do a linear search over the
whole circuit ID space every time we extend a circuit, which is
not so great either.
This makes new vs old clients distinguishable, so we should try to
batch it with other patches that do that, like 11438.
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
on an orconn
|
| |/ / |
|
| | | |
|
| | |
| |
| |
| |
| | |
This should fix bug10081. I believe this bug pertains to OSX
behavior, not any Tor behavior change.
|
| | | |
|
| |\ \ |
|
| | | | |
|
| |/ / |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| | |
late; fixes bug 9602
|
| | |\ |
|
| | | |
| | |
| | |
| | | |
Fixes bug 9731
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
I'm making this change now since ipfw will want its own option too,
and proliferating options here isn't sensible.
(See #10582 and #10267)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I'm doing this because:
* User doesn't mean you're running as root, and running as root
doesn't mean you've set User.
* It's possible that the user has done some other
capability-based hack to retain the necessary privileges.
|
| | | |
| | |
| | |
| | | |
Based on patch from "thomo" at #10582.
|
| | | |
| | |
| | |
| | | |
At arma's suggestion. Looks like I missed this one.
|
| | | |
| | |
| | |
| | | |
At arma's suggestion.
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | | |
Fixes bug 9731
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Conflicts:
doc/tor.1.txt
src/or/config.c
src/or/connection.h
src/or/control.c
src/or/control.h
src/or/or.h
src/or/relay.c
src/or/relay.h
src/test/test.c
|
| | | | |
| | | |
| | | |
| | | | |
Suggested by nickm.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Rename n_read and n_written in origin_circuit_t to make it clear that
these are only used for CIRC_BW events.
- Extract new code in control_update_global_event_mask to new
clear_circ_bw_fields function.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Avoid control_event_refill_global function with 13 arguments and
increase code reuse factor by moving more code from control.c to
connection.c.
- Avoid an unsafe uint32_t -> int cast.
- Add TestingEnableTbEmptyEvent option.
- Prepare functions for testing.
- Rename a few functions and improve documentation.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Rename read/write counters in connection_t to make it clear that these
are only used for CONN_BW events.
- Add TestingEnableConnBwEvent option.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Jointly authored with Rob Jansen <jansen@cs.umn.edu>.
|
| | | | |
| | | |
| | | |
| | | | |
Jointly authored with Rob Jansen <jansen@cs.umn.edu>.
|
| | | | |
| | | |
| | | |
| | | | |
Resolves 9698; patch from "sigpipe".
|
| |\ \ \ \
| | |_|/
| |/| | |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fall back to SOMAXCONN if INT_MAX doesn't work.
We'd like to do this because the actual maximum is overrideable by the
kernel, and the value in the header file might not be right at all.
All implementations I can find out about claim that this is supported.
Fix for 9716; bugfix on every Tor.
|
| |\ \ \ |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
* Change name of init_ext_or_auth_cookie_authentication().
* Add a small comment.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Move the code from the connection_or module to ext_orport.
This commit only moves code: it shouldn't modify anything.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Add documentation.
* Free ext_or_auth_correct_client_hash.
* Use VPORT(ExtORPort) instead of V(ExtORPOrt).
See dfe03d36c8749eb07e9bb2ea47e88ff05e9e3127 for details.
|
| | | | | |
|
| | | | | |
|