Commit Graph

25163 Commits

Author SHA1 Message Date
Roger Dingledine
f0a9d0ae8c some scribblings on exit policies
somebody please go turn this into a section


svn:r669
2003-10-24 11:21:19 +00:00
Roger Dingledine
d59864859c and dirservers are better for non-clique situations
svn:r668
2003-10-24 04:09:10 +00:00
Roger Dingledine
b29e29f64a directories are signed so they can be cached elsewhere
svn:r667
2003-10-24 03:39:14 +00:00
Roger Dingledine
b1d8973990 figured out how to make autoconf a bit less viral
(thanks cherub)


svn:r666
2003-10-24 03:27:53 +00:00
Nick Mathewson
faa0f7ffe7 Use daemon(3) function where available.
svn:r665
2003-10-23 14:28:44 +00:00
Nick Mathewson
71e5ad714b resolve warning
svn:r664
2003-10-23 14:27:53 +00:00
Nick Mathewson
6b79d8a7e9 Two-pronged attack at my overzealous skew fixes.
The problem was that the fixes had us generating TLS certs with a
2-day lifetime on the assumption that we'd rotate fairly often.  In
fact, we never rotate our TLS keys.

This patch fixes the situation in 2 ways:
   1. It bumps the default lifetime back up to one year until we get
      rotation in place.
   2. It changes tor_tls_context_new() so that it doesn't leak memory
      when you call it more than once.


svn:r663
2003-10-23 14:20:51 +00:00
Roger Dingledine
0396449097 add the dirservers section
svn:r662
2003-10-23 11:45:51 +00:00
Paul Syverson
8ee82830b4 Router twins described in intro. Some more stuff in assumptions section.
svn:r661
2003-10-22 22:40:30 +00:00
Paul Syverson
4e3345ff08 Added censorship resistant refs. Answered Roger's key question with
more questions.


svn:r660
2003-10-22 18:58:44 +00:00
Steven Hazel
4fef6f4566 switch_id() no longer tries to log the user name when it's calld on
Windows, since we don't know whether it's the user or the group that
was set.


svn:r659
2003-10-22 17:25:58 +00:00
Nick Mathewson
7604cfe61b Clock skew fixes.
Allow some slop (currently 3 minutes) when checking certificate validity.

Change certificate lifetime from 1 year to 2 days.  Since we
regenerate regularly (we regenerate regularly, right??), this
shouldn't be a problem.

Have directories reject descriptors published too far in the future
(currently 30 minutes).  If dirservs don't do this:
    0) Today is January 1, 2000.
    1) A very skewed server publishes descriptor X with a declared
       publication time of August 1, 2000.
    2) The directory includes X.
    3) Because of certificate lifetime issues, nobody can use the
       skewed server.
    4) The server fixes its skew, and goes to republish a new descriptor Y
       with publication time of January 1, 2000.
    5) But because the directory already has a "more recent" descriptor X,
       it rejects descriptor "Y" as superseded!

This patch should make step 2 go away.


svn:r658
2003-10-22 16:41:35 +00:00
Roger Dingledine
cf2fe9d1da some minor tweaks
svn:r657
2003-10-22 11:30:47 +00:00
Steven Hazel
4139c1c86a - fixed a bug in the id switching code -- setgid has to happen before
setuid, because after we setuid we don't have the priviledges we
  need to setgid anymore, duh.  merged switch_user() and
  switch_group() into switch_id(), since that code has to be wound
  together.

- return -1 from switch_id() if it's not defined to do anything else.

- moved daemoinize(), write_pidfile(), and switch_id() from main.c to
  util.c


svn:r656
2003-10-22 11:21:29 +00:00
Roger Dingledine
c78d5d7d30 play with connection_edge_send_command
maybe more robust now


svn:r655
2003-10-22 09:08:10 +00:00
Roger Dingledine
c35fc271d2 move default exit policy into config files
svn:r654
2003-10-22 07:56:11 +00:00
Roger Dingledine
c6b442a346 make end relay cells have payloads
move default exit policy into config files


svn:r653
2003-10-22 07:55:44 +00:00
Steven Hazel
b1eca56b77 added User and Group options -- if you set them, tor will try to
setuid and setgid respectively, and die if it can't.

(If the User option is set, tor will setgid to the user's gid as well.)

This happens after the pidfile is created, so that in cases where tor
needs to be root to work with the pidfile, it will at least be able to
create it, although it won't be able to delete it.  That sucks, but
it's somewhat better than not being able to create the pidfile in the
first place.


svn:r652
2003-10-22 06:03:11 +00:00
Roger Dingledine
524d63ecc6 todo now reflects what we need to do.
svn:r651
2003-10-22 05:15:08 +00:00
Roger Dingledine
f84cdb9005 force the admin to mkdir the datadirectory himself,
so he gets the permissions right.

also this means clients will never need to make the datadirectory.

also remind the admin to fix his clock before setting up his node.


svn:r650
2003-10-22 04:33:11 +00:00
Roger Dingledine
1bf10257da fill in some lncs numbers
svn:r649
2003-10-21 22:13:18 +00:00
Paul Syverson
ac7a9ccadf Adversary model mostly done? Some other small changes in assumptions et passim.
svn:r648
2003-10-21 21:44:00 +00:00
Nick Mathewson
009f2f6dbb Update .cvsignores to exclude files generated due to recent build improvements
svn:r647
2003-10-21 17:49:52 +00:00
Nick Mathewson
53dca60b13 Add design goals section
svn:r646
2003-10-21 17:43:26 +00:00
Roger Dingledine
24536a65f3 fix error in rendezvous description
svn:r645
2003-10-21 09:50:06 +00:00
Roger Dingledine
0e137e413f APPort is now SocksPort
svn:r644
2003-10-21 09:49:39 +00:00
Roger Dingledine
069227db5b introduce new tor_free() macro
svn:r643
2003-10-21 09:48:58 +00:00
Roger Dingledine
e4127e4d36 move closer to being able to reload config on HUP
rename APPort to SocksPort
introduce new tor_free() macro


svn:r642
2003-10-21 09:48:17 +00:00
Roger Dingledine
80d428b225 remove obsolete config file
svn:r641
2003-10-21 09:22:38 +00:00
Roger Dingledine
4a66865d0b send the end cell when we realize we're going to end,
not when we're closing the stream.

this lets us put a payload in the end cell if we want to,
to describe why we're closing the stream.

there are still some places where we don't send the end cell
immediately. i need to track them down. but it's a low priority,
since i've made it send the end cell when we close the stream if
we haven't already sent it.


svn:r640
2003-10-21 08:37:07 +00:00
Roger Dingledine
f8a72b1c21 i seem to be listing hard problems.
still plenty more hard problems where those came from.


svn:r639
2003-10-21 08:09:55 +00:00
Roger Dingledine
668ec0b435 first draft of a conclusion / future works
svn:r638
2003-10-21 04:27:54 +00:00
Roger Dingledine
53baa69705 first draft of the rendezvous section done
svn:r637
2003-10-21 01:11:29 +00:00
Paul Syverson
08c44fc1ab Few more changes to intro. First complete draft of background.
Cut in threats from PETs 2000 paper and started adapting them.


svn:r636
2003-10-20 23:44:53 +00:00
Roger Dingledine
5f1750a288 include our own timegm() impl, since it's not portable
svn:r635
2003-10-20 20:19:59 +00:00
Roger Dingledine
b40d0bffa7 a skeletal print_usage() function
svn:r634
2003-10-20 01:19:54 +00:00
Roger Dingledine
db33eac4c4 add an Address line to the sample server rc file
svn:r633
2003-10-19 05:50:52 +00:00
Roger Dingledine
b4117d2a37 move to 0.0.2pre13
svn:r631
2003-10-19 05:45:22 +00:00
Roger Dingledine
dc85b7af3c warn, not err
svn:r630
2003-10-19 01:15:36 +00:00
Roger Dingledine
efce1b8b3e put small buffers back in place
svn:r629
2003-10-19 01:10:38 +00:00
Nick Mathewson
0142a568d3 Example code to get nickname from cert
svn:r628
2003-10-19 00:47:03 +00:00
Nick Mathewson
0ec2a34a1d Code to get nicknames from peer certs
svn:r627
2003-10-19 00:46:51 +00:00
Roger Dingledine
ec96419109 let tls tolerate reallocing the buf
and also remember the params for ssl_write if it returns wantread.


svn:r626
2003-10-19 00:39:48 +00:00
Roger Dingledine
c627ba2632 first steps toward a WANTWRITE SSL_write tls bug fix
how exactly the same do the arguments need to be? :(


svn:r625
2003-10-18 08:00:19 +00:00
Roger Dingledine
9d3f2b232b another minor memory leak
make dnsconn->address reflect what it's currently resolving


svn:r624
2003-10-18 07:09:09 +00:00
Roger Dingledine
61e180ceb1 start to track down the 'peer has invalid cert' bug
svn:r623
2003-10-18 06:48:46 +00:00
Roger Dingledine
a73a3a21f7 no more memory leaks
when you run it under normal operation
for as many as three minutes


svn:r622
2003-10-18 04:18:26 +00:00
Roger Dingledine
a3962bf6fc fix two more memory problems
one remains :)


svn:r621
2003-10-18 03:23:26 +00:00
Roger Dingledine
af3fc006a5 clean up memory leaks, confusions
still one memory leak remaining here.


svn:r620
2003-10-18 02:18:22 +00:00
Roger Dingledine
2093f60760 we've been stomping on memory while reading config
doesn't seem to have bitten us yet, but let's fix that :)


svn:r619
2003-10-18 01:28:39 +00:00