Document why we divide it by two.

Check for > 0 instead of nonzero for success, since that's what the
manpage says.

Allow watchdog timers greater than 1 second.

Michael Scherer authored 10 years ago and Nick Mathewson committed 10 years ago

It work by notifying systemd on a regular basis. If
there is no notification, the daemon is restarted.
This requires a version newer than the 209 version
of systemd, as it is not supported before.

Michael Scherer authored 11 years ago and Nick Mathewson committed 10 years ago

This permit for now to signal readiness in a cleaner way
to systemd.

Francisco Blas Izquierdo Riera (klondike) authored 10 years ago and Nick Mathewson committed 10 years ago

When receiving a trasnsparently proxied request with tor using iptables tor
dies because the appropriate getsockopt calls aren't enabled on the sandbox.

This patch fixes this by adding the two getsockopt calls used when doing
transparent proxying with tor to the sandbox for the getsockopt policy.

This patch is released under the same license as the original file as
long as the author is credited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>

Francisco Blas Izquierdo Riera (klondike) authored 10 years ago and Nick Mathewson committed 10 years ago

The original call to getsockopt to know the original address on transparently
proxyed sockets using REDIRECT in iptables failed with IPv6 addresses because
it assumed all sockets used IPv4.

This patch fixes this by using the appropriate options and adding the headers
containing the needed definitions for these.

This patch is released under the same license as the original file as
long as the author iscredited.

Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>

channel_write_*_cell() can delete its argument, so coverity doesn't
like us doing pointer comparison against that argument later.
Silly.

This is a good idea in case the caller stupidly doesn't check the
return value from baseX_decode(), and as a workaround for the
current inconsistent API of base16_decode.

Prevents any fallout from bug 14013.