Commit Graph

2893 Commits

Author SHA1 Message Date
Jacob Appelbaum
2aac39a779 Implement DisableAllSwap to avoid putting secret info in page files.
This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.

Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
2009-10-27 04:28:40 -04:00
Nick Mathewson
a007a7c6ba Revise consensus-flavors proposal to better URLs.
The old flavored consensus URL format made it harder to decode URLs
based on their prefixes, and didn't take into account our "only give
it to me if it's signed by enough authorities" stuff.
2009-10-18 18:46:12 -04:00
Nick Mathewson
0bce0161dd Revise proposal 162: SHA256(x), not SHA256(SHA256(x))
The point of doing SHA256 twice is, generally, is to prevent message
extension attacks where an attacker who knows H(A) can calculate
H(A|B).  But for attaching a signature to a document, the attacker
already _knows_ A, so trying to keep them from calculating H(A|B) is
pointless.
2009-10-15 15:17:13 -04:00
Nick Mathewson
80a7a34755 Revise 162's idea of how detached signatures work with flavors
The original proposal was vague and would have made older Tors reject
detached-signature documents as soon as they saw one with flavors.
2009-10-15 15:17:12 -04:00
Roger Dingledine
e84dc32cb8 correct the spec for the stream_bw event.
"neonomad" pointed out on or-talk that the order is opposite from the
intuitive order. explain why. we chose to fix the spec rather than the
code because there are controllers like torflow that already expect
the current behavior.
2009-10-10 15:07:37 -04:00
Roger Dingledine
1efb643224 fix the wiki link in doc pages. remove obsolete FAQ. 2009-10-01 04:45:59 -04:00
Roger Dingledine
bda2a94cf9 update spec to reflect change in Fast definition
we made anybody who has 20KB/s Fast by definition, in 0.2.1.14-rc,
but it looks like we forgot to fix the spec.
2009-09-30 19:02:05 -04:00
Sebastian Hahn
81895dbd52 Our test script moved from src/or/test to src/test/test.
Update the HACKING document and the cross compilation helper
2009-09-23 00:24:43 -04:00
Roger Dingledine
cf2afcd707 Fix typos and comments, plus two bugs
A) We were considering a circuit had timed out in the special cases
where we close rendezvous circuits because the final rendezvous
circuit couldn't be built in time.
B) We were looking at the wrong timestamp_created when considering
a timeout.
2009-09-20 19:50:44 -04:00
Mike Perry
f39bedf250 Implement and document new network liveness algorithm.
Based on irc discussion with arma.
2009-09-20 14:51:30 -07:00
Roger Dingledine
b02b11c4b4 a mish-mash of stuff in my sandbox 2009-09-17 01:58:39 -04:00
Roger Dingledine
4850a3a75f Merge commit 'mikeperry/circuitbuildtimeout-final' 2009-09-16 21:43:31 -04:00
Roger Dingledine
61eb3711ee Merge commit 'sebastian/manpage' 2009-09-16 20:29:37 -04:00
Mike Perry
81dc435ffa Update proposal to match implementation. 2009-09-16 17:03:54 -07:00
Karsten Loesing
b508e4748f Remove trailing spaces. As if bytes were free...
Also correct some typos.
2009-09-16 15:52:05 -07:00
Mike Perry
fd412549fd Update proposal to bring it more in-line with implementation. 2009-09-16 15:52:03 -07:00
Sebastian Hahn
5f77363242 it is cached-descriptors now, not cached-routers 2009-09-15 13:15:00 +02:00
Roger Dingledine
39dee3d52c revert the month in the man page, so we don't drive weasel mad 2009-09-15 06:52:23 -04:00
Roger Dingledine
40bcab1faf ConsensusParams config option lists key=value params
finishes the authority-operator interface side of proposal 167.
2009-09-15 04:40:08 -04:00
Nick Mathewson
d9872cc676 Mark proposal 167 as implemented. 2009-09-14 23:24:39 -04:00
Nick Mathewson
381766ce4b Implement proposal 167: Authorities vote on network parameters.
This code adds a new field to vote on: "params".  It consists of a list of
sorted key=int pairs.  The output is computed as the median of all the
integers for any key on which anybody voted.

Improved with input from Roger.
2009-09-14 23:21:53 -04:00
Nick Mathewson
1cda6f3e75 Merge commit 'origin/maint-0.2.1' 2009-09-01 15:59:40 -04:00
Roger Dingledine
075c004095 Add getinfo accepted-server-descriptor. Clean spec.
Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.
2009-08-31 18:37:25 -04:00
Roger Dingledine
0bb59f1c38 Merge branch 'maint-0.2.1' 2009-08-28 03:47:18 -04:00
Roger Dingledine
64f393d56f Only send netinfo clock_skew to controller if an authority told us so
We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
2009-08-28 03:42:09 -04:00
Roger Dingledine
659552a3c6 Merge branch 'maint-0.2.1' 2009-08-27 21:42:58 -04:00
Sebastian Hahn
1092fdca53 HiddenServiceVersion must be set to 2 currently.
0d68da2381 removed support for Version 0,
but didn't fix the manpage.
2009-08-27 05:10:48 +02:00
Roger Dingledine
b7e8a4631f changelog and spec changes for the .exit fix 2009-08-26 15:43:18 -04:00
Roger Dingledine
5965a85ce0 typos in dir-spec 2009-08-26 14:48:13 -04:00
Roger Dingledine
76108dce3f mark off a done proposal 2009-08-26 14:47:29 -04:00
Nick Mathewson
1d9b8a1e16 Merge commit 'karsten/proposal-166-impl-master' 2009-08-26 11:36:40 -04:00
Nick Mathewson
707a6bd659 Merge commit 'public/socks-client'
Resolved conflict in:
	src/or/or.h
2009-08-26 11:27:19 -04:00
phobos
25f9e20a1c update osx-dmg creation directions for the new methods 2009-08-25 15:58:25 -04:00
Roger Dingledine
f1b5fd2aaa new proposals: params in consensus, and lower circwindow 2009-08-25 00:34:29 -04:00
Karsten Loesing
75c59d1a92 Some final (?) cleanups of proposal 166 implementation. 2009-08-19 23:36:27 +02:00
Karsten Loesing
4e29f33427 Write all statistics to disk exactly every 24 hours. 2009-08-19 15:41:12 +02:00
Karsten Loesing
10fbc998e1 Update dir-spec.txt and man page. 2009-08-18 16:14:22 +02:00
Karsten Loesing
dccadb30cd Clean up proposal 166 and its implementation. 2009-08-18 15:53:08 +02:00
Nick Mathewson
b9e45cc508 Merge commit 'mikeperry/bandwidth-voting-final' 2009-08-14 17:12:05 -04:00
Nick Mathewson
492416be0c Merge commit 'ioerror/LetsKillNoConnect' 2009-08-09 18:55:32 -07:00
Nick Mathewson
4311b9a6d1 Merge commit 'arma/dotexit' 2009-08-09 18:48:08 -07:00
Mike Perry
cb477f9cc0 Merge commit 'nickm/strtok' into mp-voting-final 2009-08-09 18:23:53 -07:00
Nick Mathewson
8f8877c624 Merge commit 'origin/maint-0.2.1' 2009-08-09 18:14:35 -07:00
Nick Mathewson
6423091f07 Merge commit 'mikeperry/bandwidth-proposals-final' 2009-08-09 13:10:06 -07:00
Jacob Appelbaum
33762b5296 LetsKillNoConnect removes support for .noconnect
This is a patch to remove support for .noconnect.
We are removing .noconnect because of a talk at Defcon 17 by Gregory Fleischer.
2009-08-08 19:15:22 -07:00
Roger Dingledine
07d95440ef oops, fix typo 2009-08-07 19:29:19 -04:00
Roger Dingledine
3e4379c2e7 Disable .exit notation unless AllowDotExit is 1. 2009-08-07 19:26:41 -04:00
Roger Dingledine
8196130f24 fix typo in control-spec 2009-08-07 17:55:17 -04:00
Mike Perry
3a1b9526f8 Update the ratio calculation to prefer faster measurements.
Also: simplify complicated filtering steps, always take the
most recent measurement, and use slightly smaller file sizes
based on measurements.
2009-08-06 14:38:54 -07:00
Mike Perry
011b732436 Update 161 to reflect current implementation.
Also mention rounding step.
2009-08-06 14:38:36 -07:00