aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Expand)AuthorAge
...
| * | | | Remove n_chan codepaths for determinining guard.•••Cpath is apparently good enough. Mike Perry2012-12-07
| * | | | Move a pathbias function that depends on entryguard_t.Mike Perry2012-12-07
| * | | | Fix a crash due to NULL circ->n_chan.•••Is this redundant? Can we always rely on circ->cpath->extend_info being present for origin circuits? Mike Perry2012-12-07
| * | | | Prop209: Rend circuits weren't ever marked dirty.Mike Perry2012-12-07
| * | | | Prop 209: Add in hidserv path bias counts for usage.Mike Perry2012-12-07
| * | | | Prop 209: Add path bias counts for timeouts and other mechanisms.•••Turns out there's more than one way to block a tagged circuit. This seems to successfully handle all of the normal exit circuits. Hidden services need additional tweaks, still. Mike Perry2012-12-07
| * | | | Be explicit about units for timeout.Mike Perry2012-12-07
| * | | | Fix an assert crash and an incorrectly placed return.Mike Perry2012-12-07
| * | | | Update with code review changes from Nick.Mike Perry2012-12-07
| * | | | Fix spaces.Mike Perry2012-12-07
| * | | | Refactor pathbias functions to use pathbias_should_count.Mike Perry2012-12-07
| * | | | Update Path Bias log messages to match Proposal 209.Mike Perry2012-12-07
| * | | | Add log message checks for different rates.•••May want to squash this forward or back.. Mike Perry2012-12-07
| * | | | Update pathbias parameters to match Proposal 209.•••Needs manpage update and testing still.. Mike Perry2012-12-07
| * | | | Add the ability to count circuit timeouts for guards.•••This is purely for informational reasons for debugging. Mike Perry2012-12-07
* | | | | Add configuration options for directory guards•••In addition to all the other ways to make directory gurads not go, you can now set UseEntryGuardsAsDirGuards to 0. Nick Mathewson2012-12-25
* | | | | Directory guard implementation.•••Implements proposal 207; ticket 6526. Nick Mathewson2012-12-25
* | | | | Remember which of our guards are directory cachesNick Mathewson2012-12-25
* | | | | Split choosing a regular directory into its own fnNick Mathewson2012-12-25
* | | | | One last fix for a warning on non-EC systemsNick Mathewson2012-12-25
* | | | | Be more noncomittal about performance improvement of uint128 backend.Nick Mathewson2012-12-25
* | | | | Make ECDHE group configurable: 224 for public, 256 for bridges (default)Nick Mathewson2012-12-25
* | | | | Inform the user if they're passing up a 10x ECDH speedup.Nick Mathewson2012-12-25
* | | | | Add benchmark for DH handshake and ECDH-P-224/56 handshakeNick Mathewson2012-12-25
* | | | | Let servers choose better ciphersuites when clients support them•••This implements the server-side of proposal 198 by detecting when clients lack the magic list of ciphersuites that indicates that they're lying faking some ciphers they don't really have. When clients lack this list, we can choose any cipher that we'd actually like. The newly allowed ciphersuites are, currently, "All ECDHE-RSA ciphers that openssl supports, except for ECDHE-RSA-RC4". The code to detect the cipher list relies on on (ab)use of SSL_set_session_secret_cb. Nick Mathewson2012-12-25
* | | | | Remove the address argument from client cipher classification fnsNick Mathewson2012-12-25
* | | | | Cache the type of client cipher list we have in the tor_tls_t•••We already use this classification for deciding whether (as a server) to do a v2/v3 handshake, and we're about to start using it for deciding whether we can use good ciphersuites too. Nick Mathewson2012-12-25
* | | | | prop198: Detect the list of ciphersuites we used to lie about having•••This is less easy than you might think; we can't just look at the client ciphers list, since openssl doesn't remember client ciphers if it doesn't know about them. So we have to keep a list of the "v2" ciphers, with the ones we don't know about removed. Nick Mathewson2012-12-25
* | | | | Configure SSL context to know about using P-256 for ECDHE.Nick Mathewson2012-12-25
* | | | | bump to 0.2.4.7-alpha-devRoger Dingledine2012-12-25
* | | | | bump to 0.2.4.7-alphaRoger Dingledine2012-12-24
* | | | | When there are no dir_server_ts to choose, don't crash•••It's important not to call choose_array_element_by_weight and then pass its return value unchecked to smartlist_get : it is allowed to return -1. Fixes bug 7756; bugfix on 4e3d07a6 (not in any released Tor) Nick Mathewson2012-12-18
* | | | | Add packaged cell fullness to the heartbeat message.•••This is an attempt to diagnose the severity of bug 7743. Nick Mathewson2012-12-18
* | | | | Merge branch 'ticket7570_7571'•••Conflicts: src/or/routerlist.c Nick Mathewson2012-12-17
|\ \ \ \ \
| * | | | | Drop the maximum attempts to get a virtual address to 1000.•••This is good enough to give P_success >= 999,999,999/1,000,000,000 so long as the address space is less than 97.95 full. It'd be ridiculous for that to happen for IPv6, and usome reasonable assumptions, it would also be pretty silly for IPv4. Nick Mathewson2012-12-17
| * | | | | Add missing doxygen for DNS and automap codeNick Mathewson2012-12-17
| * | | | | Per-listener option to prefer IPv6 automaps when possible.Nick Mathewson2012-12-17
| * | | | | Build and test most of the machinery needed for IPv6 virtualaddrmaps•••With an IPv6 virtual address map, we can basically hand out a new IPv6 address for _every_ address we connect to. That'll be cool, and will let us maybe get around prop205 issues. This uses some fancy logic to try to make the code paths in the ipv4 and the ipv6 case as close as possible, and moves to randomly generated addresses so we don't need to maintain those stupid counters that will collide if Tor restarts but apps don't. Also has some XXXX items to fix to make this useful. More design needed. Nick Mathewson2012-12-17
| * | | | | Refactor the code to check if an address is matched by automapsuffixesNick Mathewson2012-12-17
| * | | | | Fix another uninitialized var warning from GCCNick Mathewson2012-12-17
| * | | | | Fixed an unused-variable warningNick Mathewson2012-12-17
| * | | | | Don't use the cache when changing an IP address because of an exit policyNick Mathewson2012-12-17
| * | | | | Turn off by-default use of client-side DNS cacheing.Nick Mathewson2012-12-17
| * | | | | Refactor port_cfg_t creation into a port_cfg_new() function•••This function gives us a single place to set reasonable default flags for port_cfg_t entries, to avoid bugs like the one where we weren't setting ipv4_traffic_ok to 1 on SocksPorts initialized in an older way. Nick Mathewson2012-12-17
| * | | | | Implement option to turn off DNS cache modification by a client port•••(This is part 3 of making DNS cache use enabled/disabled on a per-client port basis. This implements the UseCacheIPv[46]DNS options) Nick Mathewson2012-12-17
| * | | | | Implement option to turn off DNS cache use on a client port•••(This is part 2 of making DNS cache use enabled/disabled on a per-client port basis. This implements the CacheIPv[46]DNS options, but not the UseCachedIPv[46] ones.) Nick Mathewson2012-12-17
| * | | | | Oops: make the check for not adding ip->ip DNS maps correctNick Mathewson2012-12-17
| * | | | | Add options to turn DNS cache use on or off per client port.•••(This is part 1 of making DNS cache use enabled/disabled on a per-client port basis. These options are shuffled around correctly, but don't do anything yet.) Nick Mathewson2012-12-17
| * | | | | Oops; make DNSPort configuration take address family optionsNick Mathewson2012-12-17
* | | | | | Avoid a 'may be used uninitialized' warning•••Fixes bug 7746; bug not in any released version of Tor. Nick Mathewson2012-12-17
|/ / / / /
generated by cgit v1.2.3 (git 2.48.1) at 2025-03-22 06:16:38 +0000