If you have more than one bridge but don't know their keys,
you would only learn a request for the descriptor of the first one
on your list. (Tor considered launching requests for the others, but
found that it already had a connection on the way for $0000...0000
so it didn't open another.)
If you have more than one bridge but don't know their keys, and the
connection to one of the bridges failed, you would cancel all
pending bridge connections. (After all, they all have the same
digest.)
svn:r15366
streams. so they waited 120 seconds before timing out. this
was particularly bad during bootstrapping, if an authority is
down or not answering right.
svn:r14163
Part of fix for bug 617: allow connection_ap_handshake_attach_circuit() to mark connections, to avoid double-mark warnings. Note that this is an incomplete refactoring.
svn:r14066
Do the last part of arma's fix for bug 437: Track the origin of every addrmap, and use this info so we can remove all the trackhostexits-originated mappings for a given exit.
svn:r13660
would stop building circuits and start refusing connections after
24 hours, since we false believed that Tor was dormant. Reported
by nwf; bugfix on 0.1.2.x.
svn:r13583
Fix all but 2 DOCDOC items; defer many XXX020s (particularly those where fixing them would fix no bugs at the risk of introducing some bugs).
svn:r13529
Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks. Also, lots of new documentation.
svn:r13484
Add a bunch more code documentation; change the interface of fetch_var_cell_from_buf() so it takes the current link protocol into account and can't get confused by weird command bytes on v1 connections.
svn:r13430
Tor can warn and/or refuse connections to ports commonly used with
vulnerable-plaintext protocols.
We still need to figure out some good defaults for them.
svn:r13198
on but your ORPort is off.
Add a new config option BridgeRelay that specifies you want to
be a bridge relay. Right now the only difference is that it makes
you answer begin_dir requests, and it makes you cache dir info,
even if your DirPort isn't on.
Refactor directory_caches_dir_info() into some more functions.
svn:r12668
edge_connection_t: want_onehop if it must attach to a circuit with
only one hop (e.g. for the current tunnelled connections that use
begin_dir), and use_begindir if we mean to use a BEGIN_DIR relay
command to establish the stream rather than the normal BEGIN. Now
we can make anonymized begin_dir connections for (e.g.) more secure
hidden service posting and fetching.
svn:r12244
Make controllers accept LF as well as CRLF. Update spec to reflect this. Remove now-dead code. Make controller warning about v0 protocol more accurate.
svn:r11299
Add a new ClientDNSRejectInternalAddresses option (default: on) to refuse to believe that any address can map to or from an internal address. This blocks some kinds of potential browser-based attacks, especially on hosts using DNSPort. Also clarify behavior in some comments. Backport candiate?
svn:r11287
Fix a bug caught by Kate: when we switched from masks to bits in 0.2.0.3-alpha, we added a spurious ! that made us never believe that any address fell inside a virtual address range. While we're at it, save a trip around the loop in the common case.
svn:r11129
ADDRMAP events should never have specified local time. Extend them to have the proper gmt time, and make GETINFO address-mappings always do the right thing (since it is new in this version).
svn:r10930
Another patch from croup: drop support for address masks that do not correspond to bit prefixes. Nobody has used this for a while, and we have given warnings for a long time.
svn:r10881
Patch from Robert Hogan: Generate STREAM NEW events for dnsport requests and tunneled directory connections. Log when we are testing for hijacking.
svn:r10737