Make controllers accept LF as well as CRLF. Update spec to reflect this. Remove now-dead code. Make controller warning about v0 protocol more accurate.
svn:r11299
Add a new ClientDNSRejectInternalAddresses option (default: on) to refuse to believe that any address can map to or from an internal address. This blocks some kinds of potential browser-based attacks, especially on hosts using DNSPort. Also clarify behavior in some comments. Backport candiate?
svn:r11287
Fix a bug caught by Kate: when we switched from masks to bits in 0.2.0.3-alpha, we added a spurious ! that made us never believe that any address fell inside a virtual address range. While we're at it, save a trip around the loop in the common case.
svn:r11129
ADDRMAP events should never have specified local time. Extend them to have the proper gmt time, and make GETINFO address-mappings always do the right thing (since it is new in this version).
svn:r10930
Another patch from croup: drop support for address masks that do not correspond to bit prefixes. Nobody has used this for a while, and we have given warnings for a long time.
svn:r10881
Patch from Robert Hogan: Generate STREAM NEW events for dnsport requests and tunneled directory connections. Log when we are testing for hijacking.
svn:r10737
Patch from Tup: treat RESOLVED_TYPE_ERROR_TRANSIENT as a SERVERFAILED, and RESOLVED_TYPE_ERROR as NOTEXIST. Generate transient/nontransient errors more sensibly. Set flags better on DNS replies.
svn:r10427
Well, that was easier than I thought it would be. Tor is now a DNS proxy as well as a socks proxy. Probably some bugs remain, but since it A) has managed to resolve one address for me successfully, and B) will not affect anybody who leaves DNSPort unset, it feel like a good time to commit.
svn:r10317
If a directory server runs out of space in the connection table
as it's processing a begin_dir request, it will free the exit stream
but leave it attached to the circuit, leading to unpredictable
behavior. (Reported by seeess, fixes bug 425.)
svn:r10154
Initial version of code to stop using socket pairs for linked connections. Superficially, it seems to work, but it probably needs a lot more testing and attention.
svn:r9995
A surprisingly simple patch to stop reading on edge connections when their circuits get too full, and start again when they empty out. This lets us remove the logic to block begin_dir conns when the corresponding or conns get full: it was already broken by cell queues anyway.
svn:r9905
behavior for getinfo addr-mappings/*. this is because
the code and spec have been mismatched since at least
0.1.1.x, so i would be surprised if nobody at all is
relying on the current behavior.
backport candidate.
backbackport candidate.
svn:r9823
Make all LD_BUG log messsages get prefixed with "Bug: ". Remove manually-generated "Bug: "s from log-messages. (Apparently, we remembered to add them about 40% of the time.)
svn:r9733
Make remap stream events have a souce; make them generated every time we get a successful connected or resolved cell. Also change reported stream target address to IP consistently when we get the IP from an exit node.
svn:r9624
Fix a longstanding dnsworker-related bug: when we decide to kill a DNS worker for having been in use too long, and we independently decide to close one of the exit connections waiting for that DNS worker (perhaps because we got an END relay cell), it was possible for us to try to double-free the connection. We were smart enough to detect this and assert, but not smart enough to fix this bug before now. This should resolve bug 390. Backport candidate.
svn:r9581
