| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
Also document it better.
Mention this refactoring in the comments for the path state machine.
|
| |
|
|
|
|
|
|
|
|
|
| |
An adversary could let the first stream request succeed (ie the resolve), but
then tag and timeout the remainder (via cell dropping), forcing them on new
circuits.
Rolling back the state will cause us to probe such circuits, which should lead
to probe failures in the event of such tagging due to either unrecognized
cells coming in while we wait for the probe, or the cipher state getting out
of sync in the case of dropped cells.
|
| |
|
|
|
|
|
| |
Path use bias measures how often we can actually succeed using the circuits we
actually try to use. It is a subset of path bias accounting, but it is
computed as a separate statistic because the rate of client circuit use may
vary depending on use case.
|
| |
|
|
|
|
| |
The implementation is pretty straightforward: parse_extended_hostname() is
modified to drop any leading components from an address like
'foo.aaaaaaaaaaaaaaaa.onion'.
|
| |
|
|
| |
Fix wide lines and comments, and add a changes file
|
| |
|
|
|
|
|
|
|
|
|
| |
This is an automatically generated commit, from the following perl script,
run with the options "-w -i -p".
s/smartlist_string_num_isin/smartlist_contains_int_as_string/g;
s/smartlist_string_isin((?:_case)?)/smartlist_contains_string$1/g;
s/smartlist_digest_isin/smartlist_contains_digest/g;
s/smartlist_isin/smartlist_contains/g;
s/digestset_isin/digestset_contains/g;
|
| | |
|
| |
|
|
|
|
|
|
| |
In general, if we tried to use a circ for a stream, but then decided to place
that stream on a different circuit, we need to probe the original circuit
before deciding it was a "success".
We also need to do the same for cannibalized circuits that go unused.
|
| |
|
|
| |
Fixes bug 7814; bugfix on 0.2.4.7-alpha.
|
| | |
|
| |\ |
|
| | |
| |
| |
| | |
I think this is actually his third code review of this branch so far.
|
| | | |
|
| | |
| |
| |
| | |
Also improve some log messages.
|
| | |
| |
| |
| | |
Also, improve and log some failure cases.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Turns out there's more than one way to block a tagged circuit.
This seems to successfully handle all of the normal exit circuits. Hidden
services need additional tweaks, still.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With an IPv6 virtual address map, we can basically hand out a new
IPv6 address for _every_ address we connect to. That'll be cool, and
will let us maybe get around prop205 issues.
This uses some fancy logic to try to make the code paths in the ipv4
and the ipv6 case as close as possible, and moves to randomly
generated addresses so we don't need to maintain those stupid counters
that will collide if Tor restarts but apps don't.
Also has some XXXX items to fix to make this useful. More design
needed.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
(This is part 3 of making DNS cache use enabled/disabled on a
per-client port basis. This implements the UseCacheIPv[46]DNS options)
|
| |/
|
|
|
|
| |
(This is part 2 of making DNS cache use enabled/disabled on a
per-client port basis. This implements the CacheIPv[46]DNS options,
but not the UseCachedIPv[46] ones.)
|
| | |
|
| |\
| |
| |
| |
| | |
Conflicts:
src/or/dns.c
|
| | |
| |
| |
| |
| |
| | |
We need this since win64 has a 64-bit SOCKET type.
Based on a patch from yayooo for 7260, forward-ported to 0.2.4.
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes bug #7592; bugfix on 882b389668067a29bb539d0f5bd5cb2f83b93012.
The bug is not present in any released versions of Tor.
|
| |/ / |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
We had some old code to send back connected cells for IPv6 addresses,
but it was wrong. Fortunately, it was also unreachable.
|
| | | |
|
| | |
| |
| |
| | |
Also, fix the function so it actually looks at our ipv6 exit policy.
|
| | | |
|
| | |
| |
| |
| | |
This uses advertised IPv6 ports as an implicit version check.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes it so we can handle getting an IPv6 in the 3 different
formats we specified it for in RESOLVED cells,
END_STREAM_REASON_EXITPOLICY cells, and CONNECTED cells.
We don't cache IPv6 addresses yet, since proposal 205 isn't
implemented.
There's a refactored function for parsing connected cells; it has unit
tests.
|
| | | |
|
| | |
| |
| |
| |
| | |
Don't advertise an IPv6 exit policy, or accept IPv6 exit requests,
if IPv6Exit is not true.
|
| | |
| |
| |
| |
| |
| |
| | |
This is a relatively simple set of changes: we mostly need to
remove a few "but not for IPv6" changes. We also needed to tweak
the handling of DNS code to generate RESOLVED cells that could get
an IPv6 answer in return.
|
| | | |
|
| | |
| |
| |
| | |
Add 'flags' argument to begin cells, per proposal 208.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We'd like these functions to be circuit-relative so that we can
implement a per-circuit DNS cache and per-circuit DNS cache rules for
proposal 205 or its successors. I'm doing this now, as a part of the
IPv6 exits code, since there are about to be a few more instances
of code using this.
|