clients specify their chosen rendezvous point by identity digest
rather than by (potentially ambiguous) nickname. This change could
speed up hidden service connections dramatically.
svn:r11499
Get rid of a needless malloc() when parsing address policies. Original patch from "Some guy on #tor", via arma. Altered to have a sufficiently large buffer, and not use the buffer so much, and to save a strlcpy.
svn:r11480
BandwidthRate, RelayBandwidthRate, or MaxAdvertisedBandwidth
were below a threshold. Now they only look at BandwidthRate and
RelayBandwidthRate.
svn:r11465
Refactor store_stats_t to hold a pointer to the proper mmap, and turn it into a full-fledged type. This sets stuff up nicely for adding a separate "annotated" store. Add some XXXX NM items that need to be fixed when annotated stores exist
svn:r11338
Teach tor about more libevent versions. Be more clear that "Known bugs" means "it will crash or something." Most significantly, stop issuing dire warnings every time we run with kqueue on os x: it seems to have worked for a while now.
svn:r11314
Make controllers accept LF as well as CRLF. Update spec to reflect this. Remove now-dead code. Make controller warning about v0 protocol more accurate.
svn:r11299
Add a line to the state file for each guard to let us know which version added the guard. If the line is absent, assume the guard was added by whatever version of Tor last wrote the state file. Remove guards if the version that added them was using a bad guard selection algorithm. (Previously, we removed guards if the version that wrote the file was using a bad guard selection algorithm, even if the guards themselves were chosen by a good version.)
svn:r11298
Add a new ClientDNSRejectInternalAddresses option (default: on) to refuse to believe that any address can map to or from an internal address. This blocks some kinds of potential browser-based attacks, especially on hosts using DNSPort. Also clarify behavior in some comments. Backport candiate?
svn:r11287
Add a hacked-up GETINFO desc/all-recent-extrainfo-hack so that torstat can keep working with a minimum of fuss, until it learns about extrainfo documents.
svn:r11269
Finish implementing and documenting proposal 108: Authorities now use MTBF data to set their stability flags, once they have at least 4 days of data to use.
svn:r11240
Expire application streams in all cases if they've been around
longer than SocksTimeout. Right now there are some cases where the
stream will live forever, demanding a new circuit every 15 seconds.
Bugfix on 0.1.2.7-alpha; fixes bug 454; reported by lodger.
svn:r11186
Long overdue test.c refactoring: add --warn/--notice/--info/--debug command line options to set logging levels, and let the user specify which tests to run from the commmand line.
svn:r11167
When we are loading state info from disk, never believe any date in the future. Doing so can keep us from retrying guards, rotating onion keys, storing bandwidth info, etc. Fixes bug 434, and others. Backport candidate, once it has been tested.
svn:r11166
Fix a bug caught by Kate: when we switched from masks to bits in 0.2.0.3-alpha, we added a spurious ! that made us never believe that any address fell inside a virtual address range. While we're at it, save a trip around the loop in the common case.
svn:r11129
- If we require CookieAuthentication but we fail to write the
cookie file, we would warn but not exit, and end up in a state
where no controller could authenticate. Now we exit.
- If we require CookieAuthentication, stop generating a new cookie
every time we change any piece of our config.
svn:r11117
Drop v1 directory support: instead, just generate stub v1 directories. This should save lots and lots of directory bandwidth, and break any code relying on v1 directories, including Tor 0.1.0.x and earlier.
svn:r11067
Glibc (and maybe others) define a mallinfo() that can be used to see how the platform malloc is acting inside. When we have it, dump its output on dumpmemusage().
svn:r10996
More directory voting code. Now, if everything works, and I haven't forgotten anything, it is possible to set up some v3 authorities and start voting. Of course, I have probably forgotten something, and there are probably bugs in there somewhere too.
svn:r10976
Cheesy attempt to break some censorware. Not a long-term fix, but it will be intersting to watch the epidemiology of the workarounds as the censors apply them.
svn:r10975
Implement proposal 109: As an authority, never call more than 3 servers per IP Running and Valid. Prefer Running servers to non-running ones; then prefer high-bandwidth to low-bandwidth. Needs testing.
svn:r10968
Make our control events for multi-line async replies conform to our old grammar. Change back to the old grammar (which got "corrected" in r10931).
svn:r10964
Weasel noticed that many buffers spend their time with empty 4k, 8k, and 16k memory chunks. Thus, be more aggressive about putting empty chunks on the freelist, regardless of their high water marks. (Also, run buffer_shrink_freelist on the 8k-chunk freelist.)
svn:r10953
Fix router_choose_by_bandwidth to no longer be biases by floating-point roundoff issues. This runs through the list of routers yet another time, and uses an additional bitfield, but this should be okay: the function did not appear in profiles before, and shouldnt start appearing now.
svn:r10939
Patch from Robert Hogan: set conn->dns_server_port correctly so that we can close dns server ports when they change, thus avoiding crashes and dangling references and other sources of unhappiness.
svn:r10933
ADDRMAP events should never have specified local time. Extend them to have the proper gmt time, and make GETINFO address-mappings always do the right thing (since it is new in this version).
svn:r10930
at least 100KB/s, and consider their bandwidth adequate to be a
Guard if it is at least 250KB/s. This fix complements proposal
107. [Bugfix on 0.1.2.x]
svn:r10897
Another patch from croup: drop support for address masks that do not correspond to bit prefixes. Nobody has used this for a while, and we have given warnings for a long time.
svn:r10881
We had accidentally labelled 0.1.2.x directory servers as not
suitable for begin_dir requests, and had labelled no directory
servers as suitable for uploading extra-info documents. [Bugfix
on 0.2.0.1-alpha]
svn:r10853
Patch from croup: rewrite the logic of get_next_token() to do the right thing with input that ends at weird places, or aligns with block boundaries after mmap. should fix bug 455. Needs fuzzing.
svn:r10847
Tweaks on constrained socket buffers patch from coderman: Add a changelog; rename some variables; fix some long lines and whitespace; make ConstrainedSockSize a memunit; pass setsockopt a void.
svn:r10843
Fix a potential crash bug when we load many server descriptors at
once and some of them make others of them obsolete. Fixes bug
458. [Bugfix on 0.1.2.x]
svn:r10832
Patch from lodger: avoid roundoff-error-induced crash bugs when picking routers by bandwidth.
Also, remove listed backports for 0.1.2.x; that list is now in TODO.012
svn:r10812
When sending destroy cells from a circuit's origin, don't include
the reason for tearing down the circuit. The spec says we didn't,
and now we actually don't. Reported by lodger. [Bugfix on 0.1.2.x]
svn:r10790
Patch from Robert Hogan: Generate STREAM NEW events for dnsport requests and tunneled directory connections. Log when we are testing for hijacking.
svn:r10737
never choose any guards past it. This way we don't expand our
guard list unless we need to. [Bugfix in 0.1.2.x]
I'm not sure if this will solve all our problems, but it is at least
something.
svn:r10730
Fix solaris eventdns.c behavior. This time, I think I got it. We were redefining _FILE_OFFSET_BITS, and thereby calling fstat64() on a struct stat, or something like that.
svn:r10643
Fix the fix for bug 445: set umask properly. Also use open+fdopen rather than just umask+fopen, and create authority identity key with mode 400.
svn:r10485
Add some code to mitigate bug 393: Choose at random from multiple hidden service ports with the same virtport. This allows limited ad-hoc round-robining.
svn:r10398
Well, that was easier than I thought it would be. Tor is now a DNS proxy as well as a socks proxy. Probably some bugs remain, but since it A) has managed to resolve one address for me successfully, and B) will not affect anybody who leaves DNSPort unset, it feel like a good time to commit.
svn:r10317
backport candidate: Warn when using a version of libevent before 1.3b to run a server on osx or bsd: these versions of libevent interact badly with userspace threads.
svn:r10307
Partial backport candidate: We had a bug where we were downloading descriptors by descriptor digest, but trying to look them up by identity fingerprint when updating their failure count and next retry time. (Also use correct backoff logic for extrainfo code.) Needs testing, doubtless.
svn:r10210
Patch from shibz: implement a getinfo status/version/... so a controller can tell whether the current version is recommended, whether any versions are good, and how many authorities agree.
svn:r10162
If a directory server runs out of space in the connection table
as it's processing a begin_dir request, it will free the exit stream
but leave it attached to the circuit, leading to unpredictable
behavior. (Reported by seeess, fixes bug 425.)
svn:r10154
[Backport candidate] On windows, open cached-routers with the sharing mode "FILE_SHARE_READ so that other processes can read it while Tor is running. (Reported by Janbar).
svn:r10148
authorities should set. This will let future authorities choose
not to serve V2 directory information.
Also, go through and revamp all the authdir_mode stuff so it tries
to do the right thing if you're an auth but not a V1 or V2 auth.
svn:r10092
(Needs review.) Allow directory authorities to accept multiple router descriptors and extra info documents in a single POST. This will make implementing the client side of proposal 104 a lot simpler.
svn:r10069
Initial version of patch from Karsten Loesing: Add an HSAuthorityRecordStats option to track statistics of overall hidden service usage without logging information that would be useful to an attacker.
svn:r10067
Backport candidate: Add asserts to dirserv_remove_invalid, and fix a bug in dirserv_remove_invalid that could mess with pointers in a freed routerinfo right after it was freed.
svn:r10052
Initial version of code to stop using socket pairs for linked connections. Superficially, it seems to work, but it probably needs a lot more testing and attention.
svn:r9995
Track the number of connection_t separately from the number of open sockets. It is already possible to have connections that do not count: resolving conns, for one. Once we move from socketpairs to linked conns, and once we do dns proxying, there will be lots of such connections.
svn:r9994
Refactor router/directory parsing backend: use a separate token table for everything that we parse, and enforce the correct count of each item.
svn:r9965
More autoconf hacking: use same machinery to find zlib as for openssl and libevent. Have unified library finder include setup for --with variable. Start trying to suggest to the user what packages they should install if finding the library fails.
svn:r9945
A surprisingly simple patch to stop reading on edge connections when their circuits get too full, and start again when they empty out. This lets us remove the logic to block begin_dir conns when the corresponding or conns get full: it was already broken by cell queues anyway.
svn:r9905
Initial version of circuit-based cell queues. Instead of hammering or_conns with piles of cells, queue cells on their corresponding circuits, and append them to the or_conn as needed. This seems to work so far, but needs a bit more work. This will break the memory-use-limitation patch for begin_dir conns: the solution will be a fun but fiddly.
svn:r9904
