Commit Graph

639 Commits

Author SHA1 Message Date
Nick Mathewson
98cef0ac1e Merge branch 'bug2279' into maint-0.2.2 2011-02-07 12:43:54 -05:00
Nick Mathewson
5774ada5d2 Fix typo in dir-spec.txt [found by sebastian] 2011-01-26 11:41:33 -05:00
Nick Mathewson
411ec3c0f8 Add client code to detect attempts to connect to 127.0.0.1 etc
We detect and reject said attempts if there is no chosen exit node or
circuit: connecting to a private addr via a randomly chosen exit node
will usually fail (if all exits reject private addresses), is always
ill-defined (you're not asking for any particular host or service),
and usually an error (you've configured all requests to go over Tor
when you really wanted to configure all _remote_ requests to go over
Tor).

This can also help detect forwarding loop requests.

Found as part of bug2279.
2011-01-25 20:39:44 -05:00
Nick Mathewson
ffc3caf8d5 Describe consensus method 11 in dir-spec.txt 2011-01-25 17:49:50 -05:00
Sebastian Hahn
a1860cc3f1 Update the spec with the new bounds 2011-01-15 19:50:06 +01:00
Sebastian Hahn
932e5c3cf0 Fix a typo spotted by Roger 2011-01-15 19:42:17 +01:00
Sebastian Hahn
026e7987ad Sanity-check consensus param values
We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.

One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.

This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
2011-01-15 19:42:17 +01:00
Poet (Tim Sally)
31b69027d3 Specified grammars for orconn-status and entry-guards for Tor versions 0.1.2.2-alpha through 0.2.2.1-alpha with feature VERBOSE_NAMES turned off. 2010-12-01 12:44:48 -05:00
Poet (Tim Sally)
45c302efe0 Correct information about support for guards being called helper nodes.
The spec stated that support for the helper-nodes command would be removed
in 0.1.3.x, however support for this command is still in Tor. Updated the spec
to reflect this and added a node that the command is deprecated.
2010-12-01 12:44:48 -05:00
Poet (Tim Sally)
87158368dc Correct grammars to reflect that VERBOSE_NAMES is part of the protocol.
Several updates to grammars for events and GETINFO results.  All relate
to the fact that LongName has replaced ServerID since 0.2.2.1-alpha. See
documentation of VERBOSE_NAMES for more information. The following
grammars were changed:
  * orconn-status GETINFO result
  * entry-guards GETINFO result
  * Path general token
  * OR Connection status changed event
  * New descriptors available event
In all cases a note was added about when the old grammar applies.
2010-12-01 12:44:48 -05:00
Poet (Tim Sally)
608bad6e32 Several changes to the way tokens describing servers are documented.
(1) Made the wording of the comments consistant with token names.
Digest/Fingerprint and Name/Nickname were being used interchangeably.
Better to just use Fingerprint and Nickname becuase they are the names
of the tokens.

(2) Places the tokens currently in use before the tokens used in older
versions.  ServerSpec should be documented before ServerID.

(3) Added a note to the comments about ServerID that cross reference
the VERBOSE_FEATURE, allowing users to see when and why ServerID was
replaced with LongName.
2010-12-01 12:44:48 -05:00
Poet (Tim Sally)
cff180f8b0 Clarify description of FEATURES in control-spec.
(1) On by default is a bad way to describe features. Rather, they
are always on and should be viewed as a part of the control
protocol. Updated the wording in USEFEATURE to reflect this.

(2) Made descriptions of Tor versions consistant across all
features. There is the version in which a feature was introduced and
the version in which it became part of the protocol.

(3) Reworded the description of the VERBOSE_NAMES feature. The
previous wording describes the way things used to be first. Better to
lead with the current state of things and then describe how it differs
from old versions.
2010-12-01 12:44:48 -05:00
Sebastian Hahn
556a1b9e45 Change Natd into NATD in our options.
Breaking this out of the last commit because this might be more
controversial.
2010-11-10 15:48:26 +01:00
Roger Dingledine
48cd096276 Merge commit 'mikeperry/bug1739' into maint-0.2.2 2010-09-29 17:17:59 -04:00
Mike Perry
c5b5643965 Send control port events for timeouts.
We now differentiate between timeouts and cutoffs by the REASON string and
the PURPOSE string.
2010-09-29 11:46:36 -07:00
Roger Dingledine
a467bf5fbb a dir-spec entry for refuseunknownexits
plus quiet a log line
2010-09-27 18:32:09 -04:00
Mike Perry
7af0aa25d8 Update dir-spec.txt with new weight constraints. 2010-09-27 09:11:55 -07:00
Roger Dingledine
0ac67bf3c3 perconnbwrate and perconnbwburst consensus params 2010-09-16 00:17:39 -04:00
Roger Dingledine
277295efc1 circwindow consensus param != CircWindow
aka update dir-spec.txt to reflect reality
2010-09-15 17:55:30 -04:00
Nick Mathewson
c18bcc8a55 Merge branch 'bug1184' 2010-09-15 14:20:28 -04:00
Nick Mathewson
69508d04a2 tor-spec.txt tweaks from arma 2010-09-15 13:08:44 -04:00
Nick Mathewson
2804c6b7ff Merge commit 'karsten/rendspec-koryk' 2010-08-25 16:44:37 -04:00
Nick Mathewson
a509dbba50 Merge commit 'karsten/dirbytes2'
Conflicts:
	src/or/rephist.h
2010-08-18 10:06:14 -04:00
Karsten Loesing
db94b7f46e Count bytes we spend on answering directory requests. 2010-08-18 13:54:41 +02:00
Karsten Loesing
8e8a34eb74 Add koryk's modifications to rend-spec. 2010-08-17 10:02:07 +02:00
Nick Mathewson
9bcea4a8ef Merge commit 'sebastian/misc-reason' 2010-08-15 21:27:32 -04:00
Sebastian Hahn
2d8db2aacb Fix url in rend-spec
Fixes bug 1822
2010-08-12 02:40:19 +02:00
Sebastian Hahn
28962ecae8 Fix a typo in control-spec 2010-08-12 02:38:58 +02:00
Sebastian Hahn
161b275028 Retry streams that ended with NOROUTE error
Also add the NOROUTE reason to control-spec.
2010-08-04 00:51:39 +02:00
Nick Mathewson
cafd868a78 Clarify that implementation is for discussion of implementation 2010-08-03 14:25:07 -04:00
Nick Mathewson
d5abd0b43e Add proposal 174 from Ian Goldberg: Optimistic Data for Tor: Server Side 2010-08-03 14:23:51 -04:00
Nick Mathewson
9d317e9bb4 Bless two proposals from Damian Johnson as 172 and 173.
(Leaving a gap for the proposal Jake blessed as 171.)
2010-08-03 13:23:34 -04:00
Sebastian Hahn
4e3373f7fe Make tor-spec wording easier to understand 2010-08-03 17:28:19 +02:00
Sebastian Hahn
150ed553df Introduce END_STREAM_REASON_NOROUTE 2010-08-03 16:46:28 +02:00
Nick Mathewson
05fa0a3ef6 Merge commit 'sebastian/rend-spec' 2010-08-03 09:16:24 -04:00
Sebastian Hahn
8557f64220 Clarify that rend cookies shouldn't be reused 2010-08-03 14:48:17 +02:00
Karsten Loesing
b3b3c919c6 Fix copy-and-paste fail in dir-spec.txt. 2010-08-03 13:12:06 +02:00
Nick Mathewson
c4b83b2177 Clarify that TRUNCATE behavior isn't as-intended
In tor-spec.txt, instead of saying "nodes may X" instead say "Current
nodes do X; this is nonconformant. Clients should watch out for that."

Based on observations by wanoskarnet.
2010-08-02 12:28:25 -04:00
Nick Mathewson
6f45101327 Clear cell queues when marking or truncating a circuit.
At best, this patch helps us avoid sending queued relayed cells that
would get ignored during the time between when a destroy cell is
sent and when the circuit is finally freed.  At worst, it lets us
release some memory a little earlier than it would otherwise.

Fix for bug #1184.  Bugfix on 0.2.0.1-alpha.
2010-07-30 18:55:24 -04:00
Karsten Loesing
1cf6da821c Add two authoritzation protocols to rend-spec.txt. 2010-07-30 10:33:28 +02:00
Karsten Loesing
9ecb64c44d Clean up Section 1 of rend-spec.txt. 2010-07-30 10:33:28 +02:00
Karsten Loesing
6e4c06598f Interchange sections 1.2 and 1.3. 2010-07-30 10:29:14 +02:00
Karsten Loesing
f6e0dc2a6e Rename all RELAY_* cell types to RELAY_COMMAND_*. 2010-07-30 10:28:07 +02:00
Mike Perry
9d5d0f040f Alter how guard flags are chosen.
V3 authorities no longer decide not to vote on Guard+Exit. The bandwidth
weights should take care of this now.

Also, lower the max threshold for WFU to 0.98, to allow more nodes to become
guards.
2010-07-14 20:49:19 -07:00
Nick Mathewson
bea55766af Merge remote branch 'mikeperry/cbt-bugfixes3' 2010-06-29 18:57:50 -04:00
Nick Mathewson
deb9e4aff7 Make spec docs reference RFC2119
Now people will have no excuse for not knowing what "MUST" and "MAY"
mean.  Fixes bug 1310.
2010-06-25 14:58:25 -04:00
Mike Perry
2abe1ceccf Add CLOSE_MS and CLOSE_RATE keywords to buildtimeout event. 2010-06-15 20:04:49 -07:00
Nick Mathewson
faef0fa35d Merge commit 'sjmurdoch/xxx-using-spdy' 2010-06-11 13:25:38 -04:00
Mike Perry
81736f426f Update spec with new right-censored pareto estimators. 2010-06-09 00:22:39 -07:00
Mike Perry
29e0d70814 Bug 1296: Add option+logic to disable CBT learning.
There are now four ways that CBT can be disabled:

1. Network-wide, with the cbtdisabled consensus param.
2. Via config, with "LearnCircuitBuildTimeout 0"
3. Via config, with "AuthoritativeDirectory 1"
4. Via a state file write failure.
2010-05-10 13:11:48 -07:00