1. 25 Jan, 2018 1 commit
    • Nick Mathewson's avatar
      In relay_digest_matches(), use stack instead of heap. · 91c63aae
      Nick Mathewson authored
      We'd been using crypto_digest_dup() and crypto_digest_assign() here,
      but they aren't necessary.  Instead we can just use the stack to
      store the previous state of the SHA_CTX and avoid a malloc/free pair.
      
      Closes ticket 24914.
      91c63aae
  2. 21 Dec, 2017 3 commits
  3. 20 Dec, 2017 1 commit
  4. 08 Dec, 2017 2 commits
    • Nick Mathewson's avatar
    • David Goulet's avatar
      chan: Do not re-queue after a fail cell write · 6120efd7
      David Goulet authored and Nick Mathewson's avatar Nick Mathewson committed
      
      
      Couple things happen in this commit. First, we do not re-queue a cell back in
      the circuit queue if the write packed cell failed. Currently, it is close to
      impossible to have it failed but just in case, the channel is mark as closed
      and we move on.
      
      The second thing is that the channel_write_packed_cell() always took ownership
      of the cell whatever the outcome. This means, on success or failure, it needs
      to free it.
      
      It turns out that that we were using the wrong free function in one case and
      not freeing it in an other possible code path. So, this commit makes sure we
      only free it in one place that is at the very end of
      channel_write_packed_cell() which is the top layer of the channel abstraction.
      This makes also channel_tls_write_packed_cell_method() return a negative value
      on error.
      
      Two unit tests had to be fixed (quite trivial) due to a double free of the
      packed cell in the test since now we do free it in all cases correctly.
      
      Part of #23709
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      6120efd7
  5. 27 Nov, 2017 1 commit
    • Nick Mathewson's avatar
      Add a new notion of "stamps" to be a fast 32-bit monotonic timestamp · c3c0a05f
      Nick Mathewson authored
      The goal here is to replace our use of msec-based timestamps with
      something less precise, but easier to calculate.  We're doing this
      because calculating lots of msec-based timestamps requires lots of
      64/32 division operations, which can be inefficient on 32-bit
      platforms.
      
      We make sure that these stamps can be calculated using only the
      coarse monotonic timer and 32-bit bitwise operations.
      c3c0a05f
  6. 22 Nov, 2017 3 commits
  7. 04 Nov, 2017 1 commit
  8. 29 Sep, 2017 2 commits
    • Nick Mathewson's avatar
      Don't package cells onto marked circuits. · d256d4c0
      Nick Mathewson authored
      This caused a BUG log when we noticed that the circuit had no
      channel.  The likeliest culprit for exposing that behavior is
      d769cab3, where we made circuit_mark_for_close() NULL out
      the n_chan and p_chan fields of the circuit.
      
      Fixes bug 8185; bugfix on 0.2.5.4-alpha, I think.
      d256d4c0
    • Nick Mathewson's avatar
      Log more information when bug8185 is about to trigger. · 1b6ccb52
      Nick Mathewson authored
      My current theory is that this is just a marked circuit that hasn't
      closed yet, but let's gather more information in case that theory is
      wrong.
      
      Diagnostic for 8185.
      1b6ccb52
  9. 15 Sep, 2017 1 commit
  10. 11 Sep, 2017 1 commit
  11. 07 Sep, 2017 2 commits
  12. 05 Sep, 2017 3 commits
    • Nick Mathewson's avatar
      Add support for HTTP Connect tunnels · 4b30ae15
      Nick Mathewson authored
      4b30ae15
    • Nick Mathewson's avatar
      Refactor buffer APIs to put a buf_t first. · 6ec50597
      Nick Mathewson authored
      By convention, a function that frobs a foo_t should be called
      foo_frob, and it should have a foo_t * as its first argument.  But
      for many of the buf_t functions, the buf_t was the final argument,
      which is silly.
      6ec50597
    • Nick Mathewson's avatar
      Repair buffer API so everything starts with buf_. · 4a7e90ad
      Nick Mathewson authored
      Our convention is that functions which manipulate a type T should be
      named T_foo.  But the buffer functions were super old, and followed
      all kinds of conventions.  Now they're uniform.
      
      Here's the perl I used to do this:
      
      \#!/usr/bin/perl -w -i -p
      
      s/read_to_buf\(/buf_read_from_socket\(/;
      s/flush_buf\(/buf_flush_to_socket\(/;
      s/read_to_buf_tls\(/buf_read_from_tls\(/;
      s/flush_buf_tls\(/buf_flush_to_tls\(/;
      s/write_to_buf\(/buf_add\(/;
      s/write_to_buf_compress\(/buf_add_compress\(/;
      s/move_buf_to_buf\(/buf_move_to_buf\(/;
      s/peek_from_buf\(/buf_peek\(/;
      s/fetch_from_buf\(/buf_get_bytes\(/;
      s/fetch_from_buf_line\(/buf_get_line\(/;
      s/fetch_from_buf_line\(/buf_get_line\(/;
      s/buf_remove_from_front\(/buf_drain\(/;
      s/peek_buf_startswith\(/buf_peek_startswith\(/;
      s/assert_buf_ok\(/buf_assert_ok\(/;
      4a7e90ad
  13. 19 Jun, 2017 1 commit
  14. 08 Jun, 2017 1 commit
  15. 30 May, 2017 1 commit
  16. 28 May, 2017 1 commit
  17. 08 May, 2017 2 commits
    • Mike Perry's avatar
      02a5835c
    • Mike Perry's avatar
      Netflow record collapsing defense. · b0e92634
      Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
      This defense will cause Cisco, Juniper, Fortinet, and other routers operating
      in the default configuration to collapse netflow records that would normally
      be split due to the 15 second flow idle timeout.
      
      Collapsing these records should greatly reduce the utility of default netflow
      data for correlation attacks, since all client-side records should become 30
      minute chunks of total bytes sent/received, rather than creating multiple
      separate records for every webpage load/ssh command interaction/XMPP chat/whatever
      else happens to be inactive for more than 15 seconds.
      
      The defense adds consensus parameters to govern the range of timeout values
      for sending padding packets, as well as for keeping connections open.
      
      The defense only sends padding when connections are otherwise inactive, and it
      does not pad connections used solely for directory traffic at all. By default
      it also doesn't pad inter-relay connections.
      
      Statistics on the total padding in the last 24 hours are exported to the
      extra-info descriptors.
      b0e92634
  18. 25 Apr, 2017 3 commits
  19. 05 Apr, 2017 1 commit
    • David Goulet's avatar
      cell: Do not warn on hidden service invalid port · 0fdad78f
      David Goulet authored
      
      
      When a client tried to connect to an invalid port of an hidden service, a
      warning was printed:
      
        [warn] connection_edge_process_relay_cell (at origin) failed.
      
      This is because the connection subsystem wants to close the circuit because
      the port can't be found and then returns a negative reason to achieve that.
      However, that specific situation triggered a warning. This commit prevents it
      for the specific case of an invalid hidden service port.
      
      Fixes #16706
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      0fdad78f
  20. 15 Mar, 2017 1 commit
  21. 16 Feb, 2017 1 commit
  22. 18 Jan, 2017 1 commit
  23. 04 Nov, 2016 1 commit
  24. 03 Nov, 2016 1 commit
  25. 27 Oct, 2016 2 commits
  26. 26 Oct, 2016 1 commit
  27. 22 Sep, 2016 1 commit
    • Nick Mathewson's avatar
      When clearing cells from a circuit for OOM reasons, tell cmux we did so. · e4aaf766
      Nick Mathewson authored
      Not telling the cmux would sometimes cause an assertion failure in
      relay.c when we tried to get an active circuit and found an "active"
      circuit with no cells.
      
      Additionally, replace that assert with a test and a log message.
      
      Fix for bug 20203. This is actually probably a bugfix on
      0.2.8.1-alpha, specifically my code in 8b4e5b7e where I
      made circuit_mark_for_close_() do less in order to simplify our call
      graph. Thanks to "cypherpunks" for help diagnosing.
      e4aaf766