Commit Graph

9728 Commits

Author SHA1 Message Date
Roger Dingledine
2c877d2da4 collect and log statistics about onionskins received/processed
we skip onionskins that came from non-relays, so we're less likely to
run into privacy troubles.

starts to implement ticket 9658.
2013-09-05 01:44:52 -04:00
Roger Dingledine
f51add6dbc Revert e443beff and solve it a different way
Now we explicitly check for overflow.

This approach seemed smarter than a cascade of "change int to unsigned
int and hope nothing breaks right before the release".

Nick, feel free to fix in a better way, maybe in master.
2013-09-05 01:41:07 -04:00
Roger Dingledine
e443beffeb don't let recently_chosen_ntors overflow
with commit c6f1668d we let it grow arbitrarily large.

it can still overflow, but the damage is very small now.
2013-09-05 01:27:46 -04:00
Roger Dingledine
c6f1668db3 nickm wants us to prioritize tap in a currently-rare edge case 2013-09-04 23:21:46 -04:00
Roger Dingledine
a4400952ee Be more general in calculating expected onion queue processing time
Now we consider the TAP cells we'll process while draining the NTor
queue, and vice versa.
2013-09-04 23:21:45 -04:00
Roger Dingledine
a66791230f let the NumNTorsPerTAP consensus param override our queue choice 2013-09-04 23:21:45 -04:00
Roger Dingledine
7acc7c3dc6 do a lopsided round-robin between the onion queues
that way tap won't starve entirely, but we'll still handle ntor requests
quicker.
2013-09-04 23:21:45 -04:00
Roger Dingledine
16b5c609a4 check bounds on handshake_type more thoroughly 2013-09-04 23:21:45 -04:00
Roger Dingledine
9d2030e580 add info-level logs to help track onion queue sizes 2013-09-04 23:21:45 -04:00
Roger Dingledine
bb32bfa2f2 refactor and give it unit tests 2013-09-04 23:21:45 -04:00
Roger Dingledine
87a18514ef Separate cpuworker queues by handshake type
Now we prioritize ntor create cells over tap create cells.

Starts to address ticket 9574.
2013-09-04 23:21:45 -04:00
Nick Mathewson
a60d21a85d Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/circuitbuild.c
2013-09-04 16:08:02 -04:00
Nick Mathewson
4f3dbb3c0a use !cbt_disabled in place of LearnCBT to avoid needless circs
This would make us do testing circuits "even when cbt is disabled by
consensus, or when we're a directory authority, or when we've failed
to write cbt history to our state file lately." (Roger's words.)

This is a fix for 9671 and an improvement in our fix for 5049.
The original misbehavior was in 0.2.2.14-alpha; the incomplete
fix was in 0.2.3.17-beta.
2013-09-04 15:54:05 -04:00
Nick Mathewson
8611195a00 Merge remote-tracking branch 'public/bug9546_023_v2' into maint-0.2.3 2013-08-25 00:32:27 -04:00
Nick Mathewson
4107ddd003 Merge remote-tracking branch 'public/bug9546_v2' into maint-0.2.4 2013-08-25 00:31:51 -04:00
Nick Mathewson
1ee1c8fb4f Merge remote-tracking branch 'public/bug9366' into maint-0.2.4 2013-08-25 00:29:49 -04:00
Nick Mathewson
3727a978b8 Merge remote-tracking branch 'public/bug9543' into maint-0.2.4 2013-08-25 00:29:06 -04:00
Nick Mathewson
43f187ec2e Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-08-22 20:47:10 -04:00
Nick Mathewson
2530c84220 Replace return with continue in update_consensus_networkstatus_downloads
Fix for bug 9564; bugfix on 0.2.3.14-alpha.
2013-08-22 10:00:37 -04:00
Nick Mathewson
af7970b6bc Add a 30-day maximum on user-supplied MaxCircuitDirtiness
Fix for bug 9543.
2013-08-21 11:35:00 -04:00
Nick Mathewson
cbc53a2d52 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:29:19 -04:00
Nick Mathewson
940cef3367 Make bridges send AUTH_CHALLENGE cells
The spec requires them to do so, and not doing so creates a situation
where they can't send-test because relays won't extend to them because
of the other part of bug 9546.

Fixes bug 9546; bugfix on 0.2.3.6-alpha.
2013-08-21 11:28:58 -04:00
Nick Mathewson
0daa26a473 Send NETINFO on receiving a NETINFO if we have not yet sent one.
(Backport to Tor 0.2.3)

Relays previously, when initiating a connection, would only send a
NETINFO after sending an AUTHENTICATE.  But bridges, when receiving a
connection, would never send AUTH_CHALLENGE.  So relays wouldn't
AUTHENTICATE, and wouldn't NETINFO, and then bridges would be
surprised to be receiving CREATE cells on a non-open circuit.

Fixes bug 9546.
2013-08-21 11:28:57 -04:00
Nick Mathewson
1bb4a4f9bd Send NETINFO on receiving a NETINFO if we have not yet sent one.
Relays previously, when initiating a connection, would only send a
NETINFO after sending an AUTHENTICATE.  But bridges, when receiving a
connection, would never send AUTH_CHALLENGE.  So relays wouldn't
AUTHENTICATE, and wouldn't NETINFO, and then bridges would be
surprised to be receiving CREATE cells on a non-open circuit.

Fixes bug 9546.
2013-08-20 14:52:56 -04:00
Nick Mathewson
d5cfbf96a2 Fix an uninitialized-read when parsing v3 introduction requests.
Fortunately, later checks mean that uninitialized data can't get sent
to the network by this bug.  Unfortunately, reading uninitialized heap
*can* (in some cases, with some allocators) cause a crash if you get
unlucky and go off the end of a page.

Found by asn.  Bugfix on 0.2.4.1-alpha.
2013-08-10 17:49:51 -04:00
Nick Mathewson
b9f9110ac7 Don't allow all ORPort values to be NoAdvertise
Fix for bug #9366
2013-08-05 12:14:48 -04:00
Nick Mathewson
0a0f93d277 Merge remote-tracking branch 'arma/bug9354' into maint-0.2.4 2013-07-31 21:48:48 -04:00
George Kadianakis
5a5147dd2e Fix invalid-read when a managed proxy configuration fails. 2013-07-31 13:56:07 -04:00
Roger Dingledine
ff6bb13c02 NumDirectoryGuards now tracks NumEntryGuards by default
Now a user who changes only NumEntryGuards will get the behavior she
expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
2013-07-30 12:05:39 -04:00
Nick Mathewson
11f1b7d9df Avoid assertion failure on unexepcted address family in DNS reply.
Fixes bug 9337; bugfix on 0.2.4.7-alpha.
2013-07-26 15:33:46 +02:00
Nick Mathewson
1d2e8020b7 Fix bug9309, and n_noncanonical count/continue code
When we moved channel_matches_target_addr_for_extend() into a separate
function, its sense was inverted from what one might expect, and we
didn't have a ! in one place where we should have.

Found by skruffy.
2013-07-23 11:52:10 +02:00
Nick Mathewson
17a960734a Merge remote-tracking branch 'public/bug9295_023' into maint-0.2.4 2013-07-18 23:17:05 -04:00
Nick Mathewson
5977435629 tmp 2013-07-18 23:08:36 -04:00
Nick Mathewson
c36bdbd535 Re-do a cast in order to make old buggy freebsd gcc happy
Fix for #9254.  Bugfix on 0.2.4.14-alpha.

This is not actually a bug in the Tor code.
2013-07-16 14:48:12 -04:00
Nick Mathewson
b34279d3ab Add a comment and a check for why flag indices will be <= 63 2013-07-08 11:35:06 -04:00
Nick Mathewson
15cd79f832 FIx undefined behavior in dirvote.c
Fix a bug in the voting algorithm that could yield incorrect results
 when a non-naming authority declared too many flags. Fixes bug 9200;
 bugfix on 0.2.0.3-alpha.

Found by coverity scan.
2013-07-03 12:01:37 -04:00
Nick Mathewson
c955149271 Give a warning when bufferevents are enabled.
Ticket 9147.
2013-06-29 03:45:40 -04:00
Nick Mathewson
ca6aacce16 Fix bug 9122: don't allow newdefaultoptions to be NULL
(This caused a crash that was reported as bug 9122, but the underlying
behavior has been wrong for a while.)

Fix on 0.2.3.9-alpha.
2013-06-24 12:53:37 -04:00
Nick Mathewson
7c4544e5a4 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2013-06-18 14:45:29 -04:00
Nick Mathewson
60d633c73a Fix some problems with the bug9002 fix.
Fixes bug 9090; bug not in any released Tor.
2013-06-18 11:54:57 -04:00
Nick Mathewson
efa342f5fa Tweak bug9063_redux patch: {n_p}_chan_cells, not {n,p}_conn_cells 2013-06-18 10:25:10 -04:00
Nick Mathewson
d3063da691 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/config.c
	src/or/relay.c
2013-06-18 10:23:03 -04:00
Nick Mathewson
c37fdc2eef Merge branch 'bug9063_redux_023_squashed' into maint-0.2.3 2013-06-18 10:16:47 -04:00
Nick Mathewson
2e1fe1fcf9 Implement a real OOM-killer for too-long circuit queues.
This implements "algorithm 1" from my discussion of bug #9072: on OOM,
find the circuits with the longest queues, and kill them.  It's also a
fix for #9063 -- without the side-effects of bug #9072.

The memory bounds aren't perfect here, and you need to be sure to
allow some slack for the rest of Tor's usage.

This isn't a perfect fix; the rest of the solutions I describe on
codeable.
2013-06-18 10:15:16 -04:00
Nick Mathewson
dc516a5436 Limit hidden service descriptors to at most 10 guard nodes.
Fixes bug 9002; bugfix on 0.1.1.11-alpha (which introduced guard
nodes), or on 0.0.6pre1 (which introduced hidden services).
2013-06-16 20:24:48 -04:00
Andrea Shepard
9e45d940d4 Merge branch 'bug9072-023' into bug9072-024 2013-06-15 02:20:19 -07:00
Andrea Shepard
2a95f31716 Disable middle relay queue overfill detection code due to possible guard discovery attack 2013-06-15 02:16:00 -07:00
Nick Mathewson
79cdf81ec1 Increase the limit so leaky pipe might work 2013-06-14 01:37:22 -04:00
Nick Mathewson
9e8c104ab8 Increase the limit so leaky pipe might work 2013-06-14 01:35:21 -04:00
Andrea Shepard
418c2845d0 Don't queue more cells as a middle relay than the spec allows to be in flight 2013-06-13 21:53:36 -07:00