| Commit message (Expand) | Author | Age |
|---|
| ... | |
| * | | Merge remote-tracking branch 'origin/maint-0.2.3' | Nick Mathewson | 2012-08-27 |
| |\| |
|
| | * | Disable extending to private/internal addresses by default•••This is important, since otherwise an attacker can use timing info
to probe the internal network.
Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.
Fix for bug 6710; bugfix on all released versions of Tor.
| Nick Mathewson | 2012-08-27 |
| * | | Move ipv6_preferred from routerinfo_t to node_t.•••Move extend_info_from_router() from circuitbuild.c to router.c and
make it static.
Add get_configured_bridge_by_orports_digest() and have
get_configured_bridge_by_routerinfo() and
node_is_a_configured_bridge() use it. We now consider all OR ports of
a bridge when looking for it.
Move node_get_*_orport to nodelist.c.
Fix a cut'n'paste error in header of nodelist.h.
Add node_assert_ok().
Add router_get_all_orports(). It's duplicating code from
node_get_all_orports(). Worth fixing at the cost of complicating the
API slightly?
| Linus Nordberg | 2012-08-23 |
| * | | Merge remote-tracking branch 'origin/maint-0.2.3' | Nick Mathewson | 2012-08-17 |
| |\| |
|
| | * | Merge remote-tracking branch 'public/bug6507' into maint-0.2.3 | Nick Mathewson | 2012-08-17 |
| | |\ |
|
| | | * | Fix spaces from last patch | Nick Mathewson | 2012-08-09 |
| | | * | Don't infer we have a FooPort from the presence of a FooPort line•••Thanks to the changes we started making with SocksPort and friends
in 0.2.3.3-alpha, any of our code that did "if (options->Sockport)"
became wrong, since "SocksPort 0" would make that test true whereas
using the default SocksPort value would make it false. (We didn't
actually do "if (options->SockPort)" but we did have tests for
TransPort. When we moved DirPort, ORPort, and ControlPort over to
the same system in 0.2.3.9-alpha, the problem got worse, since our
code is littered with checks for DirPort and ORPort as booleans.
This code renames the current linelist-based FooPort options to
FooPort_lines, and adds new FooPort_set options which get set at
parse-and-validate time on the or_options_t. FooPort_set is true
iff we will actually try to open a listener of the given type. (I
renamed the FooPort options rather than leave them alone so that
every previous user of a FooPort would need to get inspected, and so
that any new code that forgetfully uses FooPort will need fail to
compile.)
Fix for bug 6507.
| Nick Mathewson | 2012-08-09 |
| * | | | Merge remote-tracking branch 'origin/maint-0.2.3' | Nick Mathewson | 2012-08-17 |
| |\| | |
|
| | * | | Address Nick's comments from code review.•••Also promote log messages to notice and rate-limit them.
| Mike Perry | 2012-08-16 |
| | * | | Bug 6475: Explicitly track our path bias state.•••This is done to avoid spurious warns. Additional log lines are also
added to try to track down the codepaths where we are somehow overcounting
success counts.
| Mike Perry | 2012-08-15 |
| | |/ |
|
| * | | Use new replaycache_t structure for replay detection in rend_service_introduce() | Andrea Shepard | 2012-07-31 |
| * | | Add config option AuthDirPublishIPv6.•••Test for config option AuthDirPublishIPv6 == 1 rather than for running
as a bridge authority when deciding whether to care or not about IPv6
OR ports in descriptors.
Implements enhancement #6406.
| Linus Nordberg | 2012-07-19 |
| * | | Add configure option AuthDirHasIPv6Connectivity.•••Implements enhancement 5974.
| Linus Nordberg | 2012-07-19 |
| * | | Add "a" line to status document. | Linus Nordberg | 2012-07-19 |
| * | | Add last_reachable and testing_since for IPv6 OR port. | Linus Nordberg | 2012-07-19 |
| * | | Move last_reachable and testing_since from routerinfo_t to node_t. | Linus Nordberg | 2012-07-19 |
| |/ |
|
| * | Defend against entry node path bias attacks•••The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.
If the failure rate exceeds a certain amount, a notice is emitted.
If it exceeds a greater amount, a warn is emitted and the guard is disabled.
These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
| Mike Perry | 2012-06-14 |
| * | Merge remote-tracking branch 'public/bug3940_redux' | Nick Mathewson | 2012-06-13 |
| |\ |
|
| | * | Document ADDRMAPSRC_NONE. | Nick Mathewson | 2012-06-11 |
| | * | An attempt at bug3940 and making AllowDotExit 0 work with MapAddress•••This time, I follow grarpamp's suggestion and move the check for
.exit+AllowDotExit 0 to the top of connection_ap_rewrite_and_attach,
before any rewriting occurs. This way, .exit addresses are
forbidden as they arrive from a socks connection or a DNSPort
request, and not otherwise.
It _is_ a little more complicated than that, though. We need to
treat any .exit addresses whose source is TrackHostExits as meaning
that we can retry without that exit. We also need to treat any
.exit address that comes from an AutomapHostsOnResolve operation as
user-provided (and thus forbidden if AllowDotExits==0), so that
transitioning from AllowDotExits==1 to AllowDotExits==0 will
actually turn off automapped .exit addresses.
| Nick Mathewson | 2012-05-11 |
| * | | Resolve about 24 DOCDOCs | Nick Mathewson | 2012-06-05 |
| * | | Update copyright dates to 2012; add a few missing copyright statements | Nick Mathewson | 2012-06-04 |
| * | | Add about 60 more DOCDOC comments to 0.2.3•••Also, try to resolve some doxygen issues. First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
| Nick Mathewson | 2012-06-04 |
| * | | Resolve all currently pending DOCDOC items in master | Nick Mathewson | 2012-06-04 |
| * | | Bump _WIN32_WINNT to 0x0501 throughout the code•••This tells the windows headers to give us definitions that didn't
exist before XP -- like the ones that we need for IPv6 support.
See bug #5861. We didn't run into this issue with mingw, since
mingw doesn't respect _WIN32_WINNT as well as it should for some of
its definitions.
| Nick Mathewson | 2012-05-14 |
| * | | Remove all instances of WIN32_WINNT (without leading _)•••We started adding it in 59e2c77824840f back in 2004, 8 years and 3
days ago. It's time to deprogram ourselves from this cargo cult.
| Nick Mathewson | 2012-05-14 |
| |/ |
|
| * | Merge remote-tracking branch 'nickm/bug2497' | Roger Dingledine | 2012-04-24 |
| |\ |
|
| | * | Twiddle ROUTER_{MAX_COSMETIC_TIME_DIFFERENCE,MAX_AGE_TO_PUBLISH}•••This is ticket 2479. Roger's original explanation was:
We have a series of bugs where relays publish a descriptor within
12 hours of their last descriptor, but the authorities drop it
because it's not different "enough" from the last one and it's
too close to the last one.
The original goal of this idea was to a) reduce the number of new
descriptors authorities accept (and thus have to store) and b)
reduce the total number of descriptors that clients and mirrors
fetch. It's a defense against bugs where relays publish a new
descriptor every minute.
Now that we're putting out one consensus per hour, we're doing
better at the total damage that can be caused by 'b'.
There are broader-scale design changes that would help here, and
we've had a trac entry open for years about how relays should
recognize that they're not in the consensus, or recognize when
their publish failed, and republish sooner.
In the mean time, I think we should change some of the parameters
to make the problem less painful.
| Nick Mathewson | 2012-03-30 |
| * | | Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays•••Closes ticket 4572.
| Nick Mathewson | 2012-04-11 |
| * | | Merge branch 'maint-0.2.2'•••Conflicts:
src/or/config.c
| Roger Dingledine | 2012-04-01 |
| |\ \ |
|
| | * | | put a _ before or_options_t elements that aren't configurable•••it's fine with me if we change the current convention, but we should
actually decide to change it if we want to.
| Roger Dingledine | 2012-04-01 |
| * | | | Merge remote-tracking branch 'origin/maint-0.2.2'•••Conflicts:
src/or/config.c
Conflict was in or_options_free, where two newly added fields had free
calls in the same place.
| Nick Mathewson | 2012-04-01 |
| |\| |
| |/
|/| |
|
| | * | Do not use strcmp() to compare an http authenticator to its expected value•••This fixes a side-channel attack on the (fortunately unused!)
BridgePassword option for bridge authorities. Fix for bug 5543;
bugfix on 0.2.0.14-alpha.
| Nick Mathewson | 2012-04-01 |
| * | | Merge remote-tracking branch 'origin/maint-0.2.2'•••Conflicts:
src/or/control.c
| Nick Mathewson | 2012-03-26 |
| |\| |
|
| | * | Implement 'safe cookie authentication' | Robert Ransom | 2012-02-22 |
| * | | Use the standard _WIN32, not the Torism MS_WINDOWS or deprecated WIN32•••This commit is completely mechanical; I used this perl script to make it:
#!/usr/bin/perl -w -i.bak -p
if (/^\s*\#/) {
s/MS_WINDOWS/_WIN32/g;
s/\bWIN32\b/_WIN32/g;
}
| Nick Mathewson | 2012-01-31 |
| * | | update comment to reflect our TOR_INVALID_SOCKET convention | Roger Dingledine | 2012-01-22 |
| * | | Rename nonconformant identifiers.•••Fixes bug 4893.
These changes are pure mechanical, and were generated with this
perl script:
/usr/bin/perl -w -i.bak -p
s/crypto_pk_env_t/crypto_pk_t/g;
s/crypto_dh_env_t/crypto_dh_t/g;
s/crypto_cipher_env_t/crypto_cipher_t/g;
s/crypto_digest_env_t/crypto_digest_t/g;
s/aes_free_cipher/aes_cipher_free/g;
s/crypto_free_cipher_env/crypto_cipher_free/g;
s/crypto_free_digest_env/crypto_digest_free/g;
s/crypto_free_pk_env/crypto_pk_free/g;
s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;
s/crypto_new_cipher_env/crypto_cipher_new/g;
s/crypto_new_digest_env/crypto_digest_new/g;
s/crypto_new_digest256_env/crypto_digest256_new/g;
s/crypto_new_pk_env/crypto_pk_new/g;
s/crypto_create_crypto_env/crypto_cipher_new/g;
s/connection_create_listener/connection_listener_new/g;
s/smartlist_create/smartlist_new/g;
s/transport_create/transport_new/g;
| Nick Mathewson | 2012-01-18 |
| * | | fix crash bug in original feature4207 branch•••PLURAL() assumes that the plural is the canonical name for the option,
so now it is.
| Roger Dingledine | 2012-01-16 |
| * | | Comment fixups on 4207 suggested by arma | Nick Mathewson | 2012-01-16 |
| * | | Allow authorities to baddir/badexit/invalid/reject nodes by cc•••Implements ticket #4207
| Nick Mathewson | 2012-01-13 |
| * | | Merge branch 'prop187_squashed' | Nick Mathewson | 2012-01-11 |
| |\ \ |
|
| | * | | Implement proposal 187: reserve a cell type for client authorization•••This needs a changes file and more testing.
| Nick Mathewson | 2012-01-11 |
| * | | | Merge branch 'feature3457-v4-nm-squashed'•••Conflicts:
src/or/rendclient.c
| Nick Mathewson | 2012-01-11 |
| |\ \ \
| |/ /
|/| | |
|
| | * | | Rename CIRC2 to CIRC_MINOR•••Also give the arguments to control_event_circuit_status_minor real
names.
| Nick Mathewson | 2012-01-11 |
| | * | | Send CIRC2 event when a circuit is cannibalized | Robert Ransom | 2011-11-24 |
| | * | | Add CIRC2 control-port event, and send it when a circ's purpose changes | Robert Ransom | 2011-11-24 |
| * | | | Don't remove rend cpath element from relaunched service-side rend circs•••Fixes bug 4842, not in any release.
| Robert Ransom | 2012-01-06 |
| * | | | Verbotify documentation comments for the #1297-fix flags | Robert Ransom | 2012-01-04 |
| * | | | Add an option to close HS service-side rend circs on timeout | Robert Ransom | 2011-12-27 |