Commit Graph

15562 Commits

Author SHA1 Message Date
Mike Perry
daedae4115 Lower the default path bias notice rate to 40%.
I saw 72% on a test run with 26 circuits. 70% might be a little close to the
line. That, or min_circs is too low and we need to be more patient. We still
need to test/simulate more.
2012-06-14 21:20:10 -07:00
Mike Perry
61a5730392 For now, never disable any guards. 2012-06-14 13:20:01 -07:00
Mike Perry
8d59690033 Defend against entry node path bias attacks
The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.

If the failure rate exceeds a certain amount, a notice is emitted.

If it exceeds a greater amount, a warn is emitted and the guard is disabled.

These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
2012-06-14 13:19:56 -07:00
Nick Mathewson
75706527c1 Document --hush; fix documentation for --quiet. 2012-06-14 14:58:51 -04:00
Nick Mathewson
4fdce6b091 Merge remote-tracking branch 'asn-mytor/bug5589_take2' 2012-06-14 13:05:16 -04:00
George Kadianakis
aa212b173c Remove validate_pluggable_transports_config(): redundant since 9d9b5ed0.
The warning message of validate_pluggable_transports_config() is
superseded by the changes in the warning message of
connection_or_connect() when the proxy credentials can't be found.
2012-06-14 18:01:22 +03:00
Roger Dingledine
7e57609a9f demote two entries that don't affect most users 2012-06-14 05:50:32 -04:00
Roger Dingledine
8c044af300 fold in further changes files 2012-06-14 05:47:55 -04:00
Nick Mathewson
e5beb82e04 Merge remote-tracking branch 'public/bug4663' 2012-06-13 17:01:53 -04:00
Nick Mathewson
e3a6e01fe1 Merge branch 'trac-5049-squashed' 2012-06-13 16:55:39 -04:00
Nick Mathewson
5b0977df31 One more fix for bug 5049. 2012-06-13 16:45:13 -04:00
Andrea Shepard
d98590d3b7 Satisfy make check-spaces 2012-06-13 16:45:13 -04:00
Andrea Shepard
aa284561c8 Move cbt->liveness.timeouts_after_firsthop free code into its own function 2012-06-13 16:45:13 -04:00
Andrea Shepard
825fb149cd Add change file for bug 5049 2012-06-13 16:45:13 -04:00
Andrea Shepard
39a9178ba7 Early exit from circuit_build_times_set_timeout() if adaptive timeouts are disabled 2012-06-13 16:45:13 -04:00
Andrea Shepard
0c3c0b1ddd Don't poll to see if we need to build circuits for timeout data if LearnCircuitBuildTimeout is disabled 2012-06-13 16:45:12 -04:00
Andrea Shepard
a0f76289fd Use K&R style 2012-06-13 16:45:12 -04:00
Andrea Shepard
7df26de948 Unconditionally use config CircuitBuildTimeout if LearnCircuitBuildTimeout is disabled 2012-06-13 16:44:33 -04:00
Andrea Shepard
5177ab9e47 Don't track circuit timeout history unless we're actually using adaptive timeouts 2012-06-13 16:44:33 -04:00
Andrea Shepard
41a458ece1 Add debug logging to circuit_build_times_* of circuitbuild.c to trace queries of consensus parameters for bug 5049 2012-06-13 16:44:33 -04:00
Nick Mathewson
7826eef93e Only use -Qunused-arguments when building with clang. fix on 5210 fix. 2012-06-13 16:37:23 -04:00
Nick Mathewson
54ef039ba5 Merge branch 'bug5263_023' 2012-06-13 16:23:16 -04:00
Nick Mathewson
9c58873059 Add changes file for bug5263 2012-06-13 16:21:27 -04:00
Nick Mathewson
9282c88998 Add rate-limited log message to bug5263 fix
Initially I said, "I claim that we shouldn't be reading and marked;
let's see if I'm right."  But Rob finds that it does.
2012-06-13 16:21:06 -04:00
Rob G. Jansen
03b48352c6 Fix busy Libevent loops (infinite loops in Shadow)
There is a bug causing busy loops in Libevent and infinite loops in
the Shadow simulator. A connection that is marked for close, wants
to flush, is held open to flush, but is rate limited (the token
bucket is empty) triggers the bug.

This commit fixes the bug. Details are below.

This currently happens on read and write callbacks when the active
socket is marked for close. In this case, Tor doesn't actually try
to complete the read or write (it returns from those methods when
marked), but instead tries to clear the connection with
conn_close_if_marked(). Tor will not close a marked connection that
contains data: it must be flushed first. The bug occurs when this
flush operation on the marked connection can not occur because the
connection is rate-limited (its write token bucket is empty).

The fix is to detect when rate limiting is preventing a marked
connection from properly flushing. In this case, it should be
flagged as read/write_blocked_on_bandwidth and the read/write events
de-registered from Libevent. When the token bucket gets refilled, it
will check the associated read/write_blocked_on_bandwidth flag, and
add the read/write event back to Libevent, which will cause it to
fire. This time, it will be properly flushed and closed.

The reason that both read and write events are both de-registered
when the marked connection can not flush is because both result in
the same behavior. Both read/write events on marked connections will
never again do any actual reads/writes, and are only useful to
trigger the flush and close the connection. By setting the
associated read/write_blocked_on_bandwidth flag, we ensure that the
event will get added back to Libevent, properly flushed, and closed.

Why is this important? Every Shadow event occurs at a discrete time
instant. If Tor does not properly deregister Libevent events that
fire but result in Tor essentially doing nothing, Libevent will
repeatedly fire the event. In Shadow this means infinite loop,
outside of Shadow this means wasted CPU cycles.
2012-06-13 16:04:07 -04:00
Nick Mathewson
37ef4f1689 Change smartlist_create->smartlist_new in bug4744 branch as merged to master 2012-06-13 12:16:02 -04:00
Nick Mathewson
aa1fc73e33 Merge branch 'bug4744_squashed' 2012-06-13 12:09:13 -04:00
Nick Mathewson
df6bd478ee Implement the client side of proposal 198
This is a feature removal: we no longer fake any ciphersuite other
than the not-really-standard SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
(0xfeff).  This change will let servers rely on our actually
supporting what we claim to support, and thereby let Tor migrate to
better TLS ciphersuites.

As a drawback, Tor instances that use old openssl versions and
openssl builds with ciphers disabled will no longer give the
"firefox" cipher list.
2012-06-13 12:06:28 -04:00
Nick Mathewson
5a3d9636f5 Merge remote-tracking branch 'public/bug3940_redux' 2012-06-13 11:40:38 -04:00
Nick Mathewson
62a77f1117 Merge remote-tracking branch 'public/bug5210' 2012-06-13 11:37:11 -04:00
Sebastian Hahn
9dd4e5a9b0 Fix another clang compile warning
We forgot this when we fixed 5969.
2012-06-13 16:51:56 +02:00
Nick Mathewson
971cf12374 Merge branch 'task-5849-3-squashed' 2012-06-13 10:13:01 -04:00
Karsten Loesing
2133b6e5ba Fix integer overflow in cell stats spotted by atagar.
Fixes #5849.
2012-06-13 10:12:39 -04:00
Roger Dingledine
068046eebc Merge branch 'maint-0.2.2' 2012-06-13 03:48:43 -04:00
Karsten Loesing
229abbf4bb Update to the June 2012 GeoIP database.
Manually removed range 0.116.0.0 to 0.119.255.255 which Maxmind says is
assigned to AT.  This is very likely a bug in their database, because
0.0.0.0/8 is a reserved range.
2012-06-13 09:21:00 +02:00
Nick Mathewson
f4fccee4d2 Add a warning for using HTTPProxy with no other proxy.
From what I can tell, this configuration is usually a mistake, and
leads people to think that all their traffic is getting proxied when
in fact practically none of it is.  Resolves the issue behind "bug"
4663.
2012-06-12 15:21:41 -04:00
Roger Dingledine
7516b4ac99 forward-port the 0.2.2.37 changelog 2012-06-12 07:50:34 -04:00
Roger Dingledine
2294d16113 fold in changes files so far 2012-06-12 04:21:39 -04:00
Nick Mathewson
ba9a12119c fixup! An attempt at bug3940 and making AllowDotExit 0 work with MapAddress 2012-06-11 21:50:52 -04:00
Nick Mathewson
c18b6ec3d4 Document ADDRMAPSRC_NONE. 2012-06-11 21:49:08 -04:00
Nick Mathewson
f0f70ba6f1 Merge branch 'bug5452' 2012-06-11 14:44:26 -04:00
Nick Mathewson
b44cb4aef8 Call bug5452 fix a feature; note its trac number in the changes file 2012-06-11 14:44:08 -04:00
Andrea Shepard
997ed7807b Add change file for 5452 2012-06-11 11:17:59 -07:00
Andrea Shepard
6b73fad709 Make RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT warning tell the user how to fix it. 2012-06-11 11:09:19 -07:00
Nick Mathewson
4717951cfa Do not try to use -pie on windows; it appears to break badly and weirdly 2012-06-11 12:23:42 -04:00
Nick Mathewson
a6dac69aac Remove a couple of debugging "echo"s that snuck into configure.in 2012-06-11 11:30:43 -04:00
Nick Mathewson
ebaaa4834f Make our compiler-hardening checks robust against MinGW
First, specify -Werror when we are testing each option; if it causes
a warning to appear, we shouldn't be adding it.

Second, do not attempt to add these options until after we have
found the libraries we want.  Previously, I would hit a bug where
the linker hardening options worked fine when we weren't linking
anything, but failed completely once we added openssl or libevent.
2012-06-11 11:21:04 -04:00
Nick Mathewson
667a12b471 Merge remote-tracking branch 'public/bug4592' 2012-06-11 10:34:48 -04:00
Nick Mathewson
70910479e3 Merge remote-tracking branch 'public/bug5598'
Conflicts:
	doc/tor.1.txt

Conflict was on a formatting issue in the manpage.
2012-06-11 10:26:48 -04:00
Nick Mathewson
a6180b7f29 Merge branch 'bug6097' 2012-06-11 10:14:01 -04:00