| Commit message (Expand) | Author | Age |
|---|
| * | Defend against entry node path bias attacks•••The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.
If the failure rate exceeds a certain amount, a notice is emitted.
If it exceeds a greater amount, a warn is emitted and the guard is disabled.
These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
| Mike Perry | 2012-06-14 |
| * | Merge remote-tracking branch 'public/bug3940_redux' | Nick Mathewson | 2012-06-13 |
| |\ |
|
| | * | Document ADDRMAPSRC_NONE. | Nick Mathewson | 2012-06-11 |
| | * | An attempt at bug3940 and making AllowDotExit 0 work with MapAddress•••This time, I follow grarpamp's suggestion and move the check for
.exit+AllowDotExit 0 to the top of connection_ap_rewrite_and_attach,
before any rewriting occurs. This way, .exit addresses are
forbidden as they arrive from a socks connection or a DNSPort
request, and not otherwise.
It _is_ a little more complicated than that, though. We need to
treat any .exit addresses whose source is TrackHostExits as meaning
that we can retry without that exit. We also need to treat any
.exit address that comes from an AutomapHostsOnResolve operation as
user-provided (and thus forbidden if AllowDotExits==0), so that
transitioning from AllowDotExits==1 to AllowDotExits==0 will
actually turn off automapped .exit addresses.
| Nick Mathewson | 2012-05-11 |
| * | | Resolve about 24 DOCDOCs | Nick Mathewson | 2012-06-05 |
| * | | Update copyright dates to 2012; add a few missing copyright statements | Nick Mathewson | 2012-06-04 |
| * | | Add about 60 more DOCDOC comments to 0.2.3•••Also, try to resolve some doxygen issues. First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
| Nick Mathewson | 2012-06-04 |
| * | | Resolve all currently pending DOCDOC items in master | Nick Mathewson | 2012-06-04 |
| * | | Bump _WIN32_WINNT to 0x0501 throughout the code•••This tells the windows headers to give us definitions that didn't
exist before XP -- like the ones that we need for IPv6 support.
See bug #5861. We didn't run into this issue with mingw, since
mingw doesn't respect _WIN32_WINNT as well as it should for some of
its definitions.
| Nick Mathewson | 2012-05-14 |
| * | | Remove all instances of WIN32_WINNT (without leading _)•••We started adding it in 59e2c77824840f back in 2004, 8 years and 3
days ago. It's time to deprogram ourselves from this cargo cult.
| Nick Mathewson | 2012-05-14 |
| |/ |
|
| * | Merge remote-tracking branch 'nickm/bug2497' | Roger Dingledine | 2012-04-24 |
| |\ |
|
| | * | Twiddle ROUTER_{MAX_COSMETIC_TIME_DIFFERENCE,MAX_AGE_TO_PUBLISH}•••This is ticket 2479. Roger's original explanation was:
We have a series of bugs where relays publish a descriptor within
12 hours of their last descriptor, but the authorities drop it
because it's not different "enough" from the last one and it's
too close to the last one.
The original goal of this idea was to a) reduce the number of new
descriptors authorities accept (and thus have to store) and b)
reduce the total number of descriptors that clients and mirrors
fetch. It's a defense against bugs where relays publish a new
descriptor every minute.
Now that we're putting out one consensus per hour, we're doing
better at the total damage that can be caused by 'b'.
There are broader-scale design changes that would help here, and
we've had a trac entry open for years about how relays should
recognize that they're not in the consensus, or recognize when
their publish failed, and republish sooner.
In the mean time, I think we should change some of the parameters
to make the problem less painful.
| Nick Mathewson | 2012-03-30 |
| * | | Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays•••Closes ticket 4572.
| Nick Mathewson | 2012-04-11 |
| * | | Merge branch 'maint-0.2.2'•••Conflicts:
src/or/config.c
| Roger Dingledine | 2012-04-01 |
| |\ \ |
|
| | * | | put a _ before or_options_t elements that aren't configurable•••it's fine with me if we change the current convention, but we should
actually decide to change it if we want to.
| Roger Dingledine | 2012-04-01 |
| * | | | Merge remote-tracking branch 'origin/maint-0.2.2'•••Conflicts:
src/or/config.c
Conflict was in or_options_free, where two newly added fields had free
calls in the same place.
| Nick Mathewson | 2012-04-01 |
| |\| |
| |/
|/| |
|
| | * | Do not use strcmp() to compare an http authenticator to its expected value•••This fixes a side-channel attack on the (fortunately unused!)
BridgePassword option for bridge authorities. Fix for bug 5543;
bugfix on 0.2.0.14-alpha.
| Nick Mathewson | 2012-04-01 |
| * | | Merge remote-tracking branch 'origin/maint-0.2.2'•••Conflicts:
src/or/control.c
| Nick Mathewson | 2012-03-26 |
| |\| |
|
| | * | Implement 'safe cookie authentication' | Robert Ransom | 2012-02-22 |
| * | | Use the standard _WIN32, not the Torism MS_WINDOWS or deprecated WIN32•••This commit is completely mechanical; I used this perl script to make it:
#!/usr/bin/perl -w -i.bak -p
if (/^\s*\#/) {
s/MS_WINDOWS/_WIN32/g;
s/\bWIN32\b/_WIN32/g;
}
| Nick Mathewson | 2012-01-31 |
| * | | update comment to reflect our TOR_INVALID_SOCKET convention | Roger Dingledine | 2012-01-22 |
| * | | Rename nonconformant identifiers.•••Fixes bug 4893.
These changes are pure mechanical, and were generated with this
perl script:
/usr/bin/perl -w -i.bak -p
s/crypto_pk_env_t/crypto_pk_t/g;
s/crypto_dh_env_t/crypto_dh_t/g;
s/crypto_cipher_env_t/crypto_cipher_t/g;
s/crypto_digest_env_t/crypto_digest_t/g;
s/aes_free_cipher/aes_cipher_free/g;
s/crypto_free_cipher_env/crypto_cipher_free/g;
s/crypto_free_digest_env/crypto_digest_free/g;
s/crypto_free_pk_env/crypto_pk_free/g;
s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;
s/crypto_new_cipher_env/crypto_cipher_new/g;
s/crypto_new_digest_env/crypto_digest_new/g;
s/crypto_new_digest256_env/crypto_digest256_new/g;
s/crypto_new_pk_env/crypto_pk_new/g;
s/crypto_create_crypto_env/crypto_cipher_new/g;
s/connection_create_listener/connection_listener_new/g;
s/smartlist_create/smartlist_new/g;
s/transport_create/transport_new/g;
| Nick Mathewson | 2012-01-18 |
| * | | fix crash bug in original feature4207 branch•••PLURAL() assumes that the plural is the canonical name for the option,
so now it is.
| Roger Dingledine | 2012-01-16 |
| * | | Comment fixups on 4207 suggested by arma | Nick Mathewson | 2012-01-16 |
| * | | Allow authorities to baddir/badexit/invalid/reject nodes by cc•••Implements ticket #4207
| Nick Mathewson | 2012-01-13 |
| * | | Merge branch 'prop187_squashed' | Nick Mathewson | 2012-01-11 |
| |\ \ |
|
| | * | | Implement proposal 187: reserve a cell type for client authorization•••This needs a changes file and more testing.
| Nick Mathewson | 2012-01-11 |
| * | | | Merge branch 'feature3457-v4-nm-squashed'•••Conflicts:
src/or/rendclient.c
| Nick Mathewson | 2012-01-11 |
| |\ \ \
| |/ /
|/| | |
|
| | * | | Rename CIRC2 to CIRC_MINOR•••Also give the arguments to control_event_circuit_status_minor real
names.
| Nick Mathewson | 2012-01-11 |
| | * | | Send CIRC2 event when a circuit is cannibalized | Robert Ransom | 2011-11-24 |
| | * | | Add CIRC2 control-port event, and send it when a circ's purpose changes | Robert Ransom | 2011-11-24 |
| * | | | Don't remove rend cpath element from relaunched service-side rend circs•••Fixes bug 4842, not in any release.
| Robert Ransom | 2012-01-06 |
| * | | | Verbotify documentation comments for the #1297-fix flags | Robert Ransom | 2012-01-04 |
| * | | | Add an option to close HS service-side rend circs on timeout | Robert Ransom | 2011-12-27 |
| * | | | Don't close HS service-side rend circs on timeout | Robert Ransom | 2011-12-27 |
| * | | | Add an option to close 'almost-connected' HS client circs on timeout | Robert Ransom | 2011-12-27 |
| * | | | Don't close HS client circs which are 'almost connected' on timeout | Robert Ransom | 2011-12-27 |
| * | | | Adjust n_intro_points_wanted when a service's intro points are closed | Robert Ransom | 2011-12-20 |
| * | | | Revert "Make pending libevent actions cancelable"•••This reverts commit aba25a6939a5907d40dbcff7433a8c130ffd12ad.
| Nick Mathewson | 2011-12-06 |
| * | | | Merge branch 'feature2553-v4-rebased' | Nick Mathewson | 2011-11-30 |
| |\ \ \ |
|
| | * | | | Add a compile-time #define to control whether Tor runs in 'tor2web mode'•••The Tor2webMode torrc option is still required to run a Tor client in
'tor2web mode', but now it can't be turned on at runtime in a normal build
of Tor. (And a tor2web build of Tor can't be used as a normal Tor client,
so we don't have to worry as much about someone distributing packages with
this particular pistol accessible to normal users.)
| Robert Ransom | 2011-11-30 |
| | * | | | Add Tor2webMode configuration option | Robert Ransom | 2011-11-24 |
| | |/ / |
|
| * | | | appease "make check-spaces" | Nick Mathewson | 2011-11-30 |
| * | | | First chunk of support for bridges on IPv6•••Comments below focus on changes, see diff for added code.
New type tor_addr_port_t holding an IP address and a TCP/UDP port.
New flag in routerinfo_t, ipv6_preferred. This should go in the
node_t instead but not now.
Replace node_get_addr() with
- node_get_prim_addr() for primary address, i.e. IPv4 for now
- node_get_pref_addr() for preferred address, IPv4 or IPv6.
Rename node_get_addr_ipv4h() node_get_prim_addr_ipv4h() for
consistency. The primary address will not allways be an IPv4 address.
Same for node_get_orport() -> node_get_prim_orport().
Rewrite node_is_a_configured_bridge() to take all OR ports into account.
Extend argument list to extend_info_from_node and
extend_info_from_router with a flag indicating if we want to use the
routers primary address or the preferred address. Use the preferred
address in as few situtations as possible for allowing clients to
connect to bridges over IPv6.
| Linus Nordberg | 2011-11-30 |
| * | | | Initial support for simplest use of prop186 or-address lines•••This lets a routerinfo_t have a single IPv6 or-address, and adds
support for formatting and parsing those lines.
| Nick Mathewson | 2011-11-30 |
| * | | | Initial hacking for proposal 186.•••This code handles the new ORPort options, and incidentally makes all
remaining port types use the new port configuration systems.
There are some rough edges! It doesn't do well in the case where your
Address says one thing but you say to Advertise another ORPort. It
doesn't handle AllAddrs. It doesn't actually advertise anything besides
the first listed advertised IPv4 ORPort and DirPort. It doesn't do
port forwarding to them either.
It's not tested either, it needs more documentation, and it probably
forgets to put the milk back in the refrigerator.
| Nick Mathewson | 2011-11-30 |
| * | | | Merge remote-tracking branch 'rransom-tor/bug3460-v4'•••Conflicts:
src/or/rendservice.c
| Nick Mathewson | 2011-11-29 |
| |\ \ \ |
|
| | * | | | Correct documentation comments for fields formerly named accepted_intros | Robert Ransom | 2011-11-27 |
| | * | | | Rename accepted_intros fields | Robert Ransom | 2011-11-27 |
| | * | | | Reduce lifetime of DH public key replay-detection cache elements | Robert Ransom | 2011-10-31 |