1. 06 May, 2020 3 commits
    • Nick Mathewson's avatar
      Use __attribute__((fallthrough)) rather than magic GCC comments. · 28ac17f4
      Nick Mathewson authored
      GCC added an implicit-fallthrough warning a while back, where it
      would complain if you had a nontrivial "case:" block that didn't end
      with break, return, or something like that.  Clang recently added
      the same thing.
      
      GCC, however, would let you annotate a fall-through as intended by
      any of various magic "/* fall through */" comments.  Clang, however,
      only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
      accepts that too.
      
      A previous commit in this branch defined a FALLTHROUGH macro to do
      the right thing if GNUC is defined; here we replace all of our "fall
      through" comments with uses of that macro.
      
      This is an automated commit, made with the following perl one-liner:
      
        #!/usr/bin/perl -i -p
        s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
      
      (In order to avoid conflicts, I'm applying this script separately to
      each maint branch. This is the 0.4.2 version.)
      28ac17f4
    • Nick Mathewson's avatar
      Use __attribute__((fallthrough)) rather than magic GCC comments. · 79ff2b6a
      Nick Mathewson authored
      GCC added an implicit-fallthrough warning a while back, where it
      would complain if you had a nontrivial "case:" block that didn't end
      with break, return, or something like that.  Clang recently added
      the same thing.
      
      GCC, however, would let you annotate a fall-through as intended by
      any of various magic "/* fall through */" comments.  Clang, however,
      only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
      accepts that too.
      
      A previous commit in this branch defined a FALLTHROUGH macro to do
      the right thing if GNUC is defined; here we replace all of our "fall
      through" comments with uses of that macro.
      
      This is an automated commit, made with the following perl one-liner:
      
        #!/usr/bin/perl -i -p
        s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
      
      (In order to avoid conflicts, I'm applying this script separately to
      each maint branch. This is the 0.4.1 version.)
      79ff2b6a
    • Nick Mathewson's avatar
      Use __attribute__((fallthrough)) rather than magic GCC comments. · cc397449
      Nick Mathewson authored
      GCC added an implicit-fallthrough warning a while back, where it
      would complain if you had a nontrivial "case:" block that didn't end
      with break, return, or something like that.  Clang recently added
      the same thing.
      
      GCC, however, would let you annotate a fall-through as intended by
      any of various magic "/* fall through */" comments.  Clang, however,
      only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
      accepts that too.
      
      A previous commit in this branch defined a FALLTHROUGH macro to do
      the right thing if GNUC is defined; here we replace all of our "fall
      through" comments with uses of that macro.
      
      This is an automated commit, made with the following perl one-liner:
      
        #!/usr/bin/perl -i -p
        s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
      cc397449
  2. 05 Sep, 2019 1 commit
  3. 11 Jun, 2019 1 commit
  4. 27 May, 2019 1 commit
    • Nick Mathewson's avatar
      Make sure that we send at least some random data in RELAY_DATA cells · 0bc12414
      Nick Mathewson authored
      Proposal 289 prevents SENDME-flooding by requiring the other side to
      authenticate the data it has received.  But this data won't actually
      be random if they are downloading a known resource.  "No problem",
      we said, "let's fell the empty parts of our cells with some
      randomness!" and we did that in #26871.
      
      Unfortunately, if the relay data payloads are all completely full,
      there won't be any empty parts for us to randomize.
      
      Therefore, we now pick random "randomness windows" between
      CIRCWINDOW_INCREMENT/2 and CIRCWINDOW_INCREMENT. We remember whether we have
      sent a cell containing at least 16 bytes of randomness in that window.  If we
      haven't, then when the window is exhausted, we send one.  (This window approach
      is designed to lower the number of rng checks we have to do.  The number 16 is
      pulled out of a hat to change the attacker's guessing difficulty to
      "impossible".)
      
      Implements 28646.
      0bc12414
  5. 15 May, 2019 2 commits
    • Mike Perry's avatar
      Bug 28780: Make use of purpose to keep padding circuits open. · 66282547
      Mike Perry authored
      When a circuit is marked for close, check to see if any of our padding
      machines want to take ownership of it and continue padding until the machine
      hits the END state.
      
      For safety, we also ensure that machines that do not terminate are still
      closed as follows: Because padding machine timers are UINT32_MAX in size, if
      some sort of network event doesn't happen on a padding-only circuit within
      that time, we can conclude it is deadlocked and allow
      circuit_expire_old_circuits_clientside() to close it.
      
      If too much network activity happens, then per-machine padding limits can be
      used to cease padding, which will cause network cell events to cease, on the
      circuit, which will cause circpad to abandon the circuit as per the above time
      limit.
      66282547
    • Mike Perry's avatar
      d44e3e57
  6. 03 May, 2019 3 commits
  7. 29 Apr, 2019 1 commit
  8. 25 Mar, 2019 1 commit
  9. 15 Mar, 2019 1 commit
  10. 16 Jan, 2019 2 commits
  11. 02 Jan, 2019 1 commit
  12. 21 Dec, 2018 1 commit
    • Taylor Yu's avatar
      Add origin circuit event pubsub system · a0b4fa1f
      Taylor Yu authored
      Add a publish-subscribe subsystem to publish messages about changes to
      origin circuits.
      
      Functions in circuitbuild.c and circuitlist.c publish messages to this
      subsystem.
      
      Move circuit event constants out of control.h so that subscribers
      don't have to include all of control.h to take actions based on
      messages they receive.
      
      Part of ticket 27167.
      a0b4fa1f
  13. 14 Nov, 2018 1 commit
  14. 18 Oct, 2018 1 commit
    • David Goulet's avatar
      hs-v3: Close client intro circuits if the descriptor is replaced · 9ba16c4d
      David Goulet authored
      
      
      When storing a descriptor in the client cache, if we are about to replace an
      existing descriptor, make sure to close every introduction circuits of the old
      descriptor so we don't have leftovers lying around.
      
      Ticket 27471 describes a situation where tor is sending an INTRODUCE1 cell on
      an introduction circuit for which it doesn't have a matching intro point
      object (taken from the descriptor).
      
      The main theory is that, after a new descriptor showed up, the introduction
      points changed which led to selecting an introduction circuit not used by the
      service anymore thus for which we are unable to find the corresponding
      introduction point within the descriptor we just fetched.
      
      Closes #27471.
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      9ba16c4d
  15. 27 Sep, 2018 1 commit
    • Nick Mathewson's avatar
      Move the predicted ports code out of rephist.c · 241c1505
      Nick Mathewson authored
      It differs from the rest of the rephist code in that it's actually
      necessary for Tor to operate, so it should probably go somewhere
      else.  I'm not sure where yet, so I'll leave it in the same
      directory, but give it its own file.
      241c1505
  16. 21 Sep, 2018 3 commits
  17. 18 Sep, 2018 1 commit
  18. 05 Jul, 2018 2 commits
    • Nick Mathewson's avatar
      Fix every include path changed in the previous commit (automated) · ef486e3c
      Nick Mathewson authored
      I am very glad to have written this script.
      ef486e3c
    • Nick Mathewson's avatar
      Move literally everything out of src/or · 63b4ea22
      Nick Mathewson authored
      This commit won't build yet -- it just puts everything in a slightly
      more logical place.
      
      The reasoning here is that "src/core" will hold the stuff that every (or
      nearly every) tor instance will need in order to do onion routing.
      Other features (including some necessary ones) will live in
      "src/feature".  The "src/app" directory will hold the stuff needed
      to have Tor be an application you can actually run.
      
      This commit DOES NOT refactor the former contents of src/or into a
      logical set of acyclic libraries, or change any code at all.  That
      will have to come in the future.
      
      We will continue to move things around and split them in the future,
      but I hope this lays a reasonable groundwork for doing so.
      63b4ea22
  19. 03 Jul, 2018 2 commits
  20. 01 Jul, 2018 2 commits
  21. 21 Jun, 2018 3 commits
  22. 20 Jun, 2018 2 commits
  23. 15 Jun, 2018 4 commits