aboutsummaryrefslogtreecommitdiff
path: root/src/or
Commit message (Collapse)AuthorAge
...
| * | | | | | | | | | | Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson2014-04-18
| |\| | | | | | | | | |
| | * | | | | | | | | | Add a rate-limiter for the other circuitID exhaustion warningNick Mathewson2014-04-18
| | | | | | | | | | | |
| * | | | | | | | | | | Diagnostic warning to see if it's pending destroys causing 11553Nick Mathewson2014-04-18
| | | | | | | | | | | |
| * | | | | | | | | | | Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson2014-04-18
| |\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/or/channel.h
| | * | | | | | | | | | Switch to random allocation on circuitIDs.Nick Mathewson2014-04-18
| | | |_|_|_|_|_|_|_|/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes a possible root cause of 11553 by only making 64 attempts at most to pick a circuitID. Previously, we would test every possible circuit ID until we found one or ran out. This algorithm succeeds probabilistically. As the comment says: This potentially causes us to give up early if our circuit ID space is nearly full. If we have N circuit IDs in use, then we will reject a new circuit with probability (N / max_range) ^ MAX_CIRCID_ATTEMPTS. This means that in practice, a few percent of our circuit ID capacity will go unused. The alternative here, though, is to do a linear search over the whole circuit ID space every time we extend a circuit, which is not so great either. This makes new vs old clients distinguishable, so we should try to batch it with other patches that do that, like 11438.
| | * | | | | | | | | Supply better and less frequent warnings on circID exhaustionNick Mathewson2014-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the surface behavior of #11553
* | | | | | | | | | | Merge branch 'bug11396_v2_squashed'Nick Mathewson2014-04-24
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/or/main.c
| * | | | | | | | | | | Expose the real maxmeminqueues via a GETINFONick Mathewson2014-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | That is, GETINFO limits/max-mem-in-queues
| * | | | | | | | | | | Change the logic for the default for MaxMemInQueuesNick Mathewson2014-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we can't detect the physical memory, the new default is 8 GB on 64-bit architectures, and 1 GB on 32-bit architectures. If we *can* detect the physical memory, the new default is CLAMP(256 MB, phys_mem * 0.75, MAX_DFLT) where MAX_DFLT is 8 GB on 64-bit architectures and 2 GB on 32-bit architectures. You can still override the default by hand. The logic here is simply trying to choose a lower default value on systems with less than 12 GB of physical RAM.
| * | | | | | | | | | | get_total_system_memory(): see how much RAM we haveNick Mathewson2014-04-24
| | | | | | | | | | | |
* | | | | | | | | | | | Merge remote-tracking branch 'public/bug10268'Nick Mathewson2014-04-23
|\ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | Give no answer, not NOTIMPL, for unsupported DNS query typesNick Mathewson2014-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to reports, most programs degrade somewhat gracefully on getting no answer for an MX or a CERT for www.example.com, but many flip out completely on a NOTIMPL error. Also, treat a QTYPE_ALL query as just asking for an A record. The real fix here is to implement proposal 219 or something like it. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Based on a patch from "epoch".
* | | | | | | | | | | | | Merge remote-tracking branch 'public/bug11200'Nick Mathewson2014-04-23
|\ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | should_disable_dir_fetches() now returns 1 if DisableNetwork==1Nick Mathewson2014-03-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change prevents LD_BUG warnings and bootstrap failure messages when we try to do directory fetches when starting with DisableNetwork == 1, a consensus present, but no descriptors (or insufficient descriptors) yet. Fixes bug 11200 and bug 10405. It's a bugfix on 0.2.3.9-alpha. Thanks to mcs for walking me through the repro instructions!
* | | | | | | | | | | | | | Merge branch 'bug11156_issue2_squashed'Nick Mathewson2014-04-23
|\ \ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | Slightly improve the documentation of src/or/transports.cGeorge Kadianakis2014-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make it clear that a SIGHUP is not the only action that can cause a config re-read.
| * | | | | | | | | | | | | | Rename the got_hup element of managed proxies.George Kadianakis2014-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since we need to toggle that element in non-SIGHUP situations too where the config was re-read (like in SETCONF or RESETCONF).
| * | | | | | | | | | | | | | Don't halt bootstrap to figure out if we should restart PT proxies.George Kadianakis2014-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead, figure out if we should restart PT proxies _immediately_ after we re-read the config file.
* | | | | | | | | | | | | | | Merge remote-tracking branch 'public/bug9229_025'Nick Mathewson2014-04-23
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/or/entrynodes.c
| * | | | | | | | | | | | | | Make num_bridges_usable work properly.Nick Mathewson2014-04-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | My first implementation was broken, since it returned "whether there is one bridge" rather than "how many bridges." Also, the implementation for the n_options_out feature in choose_random_entry_impl was completely broken due to a missing *.
| * | | | | | | | | | | | | | Fix our check for the "first" bridge descriptor.Nick Mathewson2014-03-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is meant to be a better bug 9229 fix -- or at least, one more in tune with the intent of the original code, which calls router_retry_directory_downloads() only on the first bridge descriptor.
* | | | | | | | | | | | | | | Merge remote-tracking branch 'public/bug9963_v2_024'Nick Mathewson2014-04-18
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / / / / / / / / |/| | | | | | | | | | | | | |
| * | | | | | | | | | | | | | Log descriptor-download bootstrapping messages less verboselyNick Mathewson2014-03-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a fix for 9963. I say this is a feature, but if it's a bugfix, it's a bugfix on 0.2.4.18-rc. Old behavior: Mar 27 11:02:19.000 [notice] Bootstrapped 50%: Loading relay descriptors. Mar 27 11:02:20.000 [notice] Bootstrapped 51%: Loading relay descriptors. Mar 27 11:02:20.000 [notice] Bootstrapped 52%: Loading relay descriptors. ... [Many lines omitted] ... Mar 27 11:02:29.000 [notice] Bootstrapped 78%: Loading relay descriptors. Mar 27 11:02:33.000 [notice] We now have enough directory information to build circuits. New behavior: Mar 27 11:16:17.000 [notice] Bootstrapped 50%: Loading relay descriptors Mar 27 11:16:19.000 [notice] Bootstrapped 55%: Loading relay descriptors Mar 27 11:16:21.000 [notice] Bootstrapped 60%: Loading relay descriptors Mar 27 11:16:21.000 [notice] Bootstrapped 65%: Loading relay descriptors Mar 27 11:16:21.000 [notice] Bootstrapped 70%: Loading relay descriptors Mar 27 11:16:21.000 [notice] Bootstrapped 75%: Loading relay descriptors Mar 27 11:16:21.000 [notice] We now have enough directory information to build circuits.
* | | | | | | | | | | | | | | Merge remote-tracking branch 'public/sandbox_fixes_rebased_2'Nick Mathewson2014-04-16
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | | Block certain option transitions while sandbox enabledNick Mathewson2014-04-16
| | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | Don't reload logs or rewrite pidfile while sandbox is activeNick Mathewson2014-04-16
| | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | Don't allow change to ConnLimit while sandbox is activeNick Mathewson2014-04-16
| | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | Allow reloading torrc and writing to router-stabilityNick Mathewson2014-04-16
| | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | Add a couple of missing renames so the server sandbox works againNick Mathewson2014-04-16
| | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | Get Libevent's PRNG functioning under the linux sandboxNick Mathewson2014-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Libevent uses an arc4random implementation (I know, I know) to generate DNS transaction IDs and capitalization. But it liked to initialize it either with opening /dev/urandom (which won't work under the sandbox if it doesn't use the right pointer), or with sysctl({CTL_KERN,KERN_RANDOM,RANDOM_UUIC}). To make _that_ work, we were permitting sysctl unconditionally. That's not such a great idea. Instead, we try to initialize the libevent PRNG _before_ installing the sandbox, and make sysctl always fail with EPERM under the sandbox.
| * | | | | | | | | | | | | | | Make sure everything using an interned string is preceded by a logNick Mathewson2014-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (It's nice to know what we were about to rename before we died from renaming it.)
| * | | | | | | | | | | | | | | Drop 'fr' parameter from sandbox code.Nick Mathewson2014-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Appearently, the majority of the filenames we pass to sandbox_cfg_allow() functions are "freeable right after". So, consider _all_ of them safe-to-steal, and add a tor_strdup() in the few cases that aren't. (Maybe buggy; revise when I can test.)
| * | | | | | | | | | | | | | | Remove nonsensical exec permission from sandbox code.Nick Mathewson2014-04-16
| | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | Add 'rename' to the sandboxed syscallsNick Mathewson2014-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (If we don't restrict rename, there's not much point in restricting open, since an attacker could always use rename to make us open whatever they want.)
| * | | | | | | | | | | | | | | Fix some initial sandbox issues.Nick Mathewson2014-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow files that weren't in the list; Allow the _sysctl syscall; allow accept4 with CLOEXEC and NONBLOCK.
* | | | | | | | | | | | | | | | Merge remote-tracking branch 'andrea/bug11304'Nick Mathewson2014-04-16
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | | | Call connection_or_close_for_error() properly if write_to_buf() ever fails ↵Andrea Shepard2014-04-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | on an orconn
* | | | | | | | | | | | | | | | | Merge remote-tracking branch 'andrea/bug11306'Nick Mathewson2014-04-16
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | | | | | | | Avoid redundant calls to connection_mark_for_close() on listeners when ↵Andrea Shepard2014-04-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | setting DisableNetwork to 1
| * | | | | | | | | | | | | | | | | Close orconns correctly through channels when setting DisableNetwork to 1Andrea Shepard2014-04-15
| |/ / / / / / / / / / / / / / / /
* | | | | | | | | | | | | | | | | Merge branch '10267_plus_10896_rebased_twice'Nick Mathewson2014-04-16
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | |_|/ / / / / / / / / / / / / / / |/| | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | | Call pf-divert openbsd-specific, not no-linuxNick Mathewson2014-04-16
| | | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | | Fix OSX compilation.Nick Mathewson2014-04-16
| | | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | | Whitespace, doc fixesNick Mathewson2014-04-16
| | | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | | Educate tor on OpenBSD's use of divert-to rules with the pf firewall.dana koch2014-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This means that tor can run without needing to communicate with ioctls to the firewall, and therefore doesn't need to run with privileges to open the /dev/pf device node. A new TransProxyType is added for this purpose, "pf-divert"; if the user specifies this TransProxyType in their torrc, then the pf device node is never opened and the connection destination is determined with getsockname (as per pf(4)). The default behaviour (ie., when TransProxyType is "default" when using the pf firewall) is still to assume that pf is configured with rdr-to rules.
| * | | | | | | | | | | | | | | | tor_addr_from_sockaddr() is applicable in ipfw code, so use it.Nick Mathewson2014-04-16
| | | | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | | ipfw TransPort support on FreeBSD (10267)Nick Mathewson2014-04-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This isn't on by default; to get it, you need to set "TransProxyType ipfw". (The original patch had automatic detection for whether /dev/pf is present and openable, but that seems marginally fragile.)
* | | | | | | | | | | | | | | | | Merge remote-tracking branch 'origin/maint-0.2.4'Nick Mathewson2014-04-16
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | |_|/ / / / / / / / / / / / / / / |/| | | | | | | | | / / / / / / / | | |_|_|_|_|_|_|_|/ / / / / / / | |/| | | | | | | | | | | | | |
| * | | | | | | | | | | | | | | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson2014-04-16
| |\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | |_|_|_|_|_|_|_|_|/ / / / / | | |/| | | | | | | | | | | | |
| | * | | | | | | | | | | | | | remove note about dannenberg; it has upgraded.Nick Mathewson2014-04-16
| | | | | | | | | | | | | | | |
generated by cgit v1.2.3 (git 2.45.0) at 2024-11-28 15:29:01 +0000