1. 15 Sep, 2020 1 commit
  2. 14 Sep, 2020 1 commit
  3. 07 Sep, 2020 1 commit
    • George Kadianakis's avatar
      statistics: Properly count all rendezvous cells (avoid undercounting). · 85a1e6c6
      George Kadianakis authored
      tl;dr We were not counting cells flying from the client to the service, but we
      were counting cells flying from the service to the client.
      
      When a rendezvous cell arrives from the client to the RP, the RP forwards it to
      the service.
      
      For this to happen, the cell first passes through command_process_relay_cell()
      which normally does the statistics counting. However because the `rend_circ`
      circuit was not flagged with `circuit_carries_hs_traffic_stats` in
      rend_mid_rendezvous(), the cell is not counted there.
      
      Then the cell goes to circuit_receive_relay_cell() which has a special code
      block based on `rend_splice` specifically for rendezvous cells, and the cell
      gets directly passed to `rend_circ` via a direct call to
      circuit_receive_relay_cell(). The cell never passes through
      command_process_relay_cell() ever again and hence is never counted by our
      rephist module.
      
      The fix here is to flag the `rend_circ` circuit with
      `circuit_carries_hs_traffic_stats` so that the cell is counted as soon as it
      hits command_process_relay_cell().
      
      Furthermore we avoid double-counting cells since the special code block of
      circuit_receive_relay_cell() makes us count rendezvous cells only as they enter
      the RP and not as they exit it.
      
      Fixes #40117.
      85a1e6c6
  4. 25 Aug, 2020 2 commits
  5. 20 Aug, 2020 1 commit
  6. 19 Aug, 2020 3 commits
    • David Goulet's avatar
      hs: Don't overwrite DoS parameters on circuit with consensus params · f5c9f6d4
      David Goulet authored
      
      
      Turns out that the HS DoS defenses parameters were overwritten by the
      consensus parameters everytime a new consensus would arrive.
      
      This means that a service operator can still enable the defenses but as soon
      as the intro point relay would get a new consensus, they would be overwritten.
      And at this commit, the network is entirely disabling DoS defenses.
      
      Fix this by introducing an "explicit" flag that indicate if the
      ESTABLISH_INTRO cell DoS extension set those parameters or not. If set, avoid
      using the consenus at once.
      
      We are not bumping the protover HSIntro value for this because 0.4.2.x series
      is EOL in 1 month and thus 0.4.3.x would be the only series with this bug. We
      are confident that a backport and then upgrade path to the latest 0.4.4.x
      stable coming up soon is enough to mitigate this problem in the coming months.
      
      It avoids the upgrade path on the service side by keeping the requirement for
      protover HSIntro=5.
      
      Fixes #40109
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      f5c9f6d4
    • George Kadianakis's avatar
      Merge branch 'mr/124' into maint-0.4.4 · b1b00796
      George Kadianakis authored
      b1b00796
    • Nick Mathewson's avatar
      Parallelize src/test/test into chunks. · 974abdf6
      Nick Mathewson authored
      First, we introduce a flag to teach src/test/test to split its work
      into chunks.  Then we replace our invocation of src/test/test in our
      "make check" target with a set of 8 scripts that invoke the first
      8th of the tests, the second 8th, and so on.
      
      This change makes our "make -kj4 check" target in our hardened
      gitlab build more than twice as fast, since src/test/test was taking
      the longest to finish.
      
      Closes 40098.
      974abdf6
  7. 18 Aug, 2020 1 commit
  8. 13 Aug, 2020 10 commits
  9. 12 Aug, 2020 14 commits
  10. 11 Aug, 2020 6 commits