Commits · 687a85950afc25010c80cd14539728b3a7ae5675 · Mike Perry / Tor

08 May, 2017 6 commits

Cache netflow-related consensus parameters. · 687a8595

Mike Perry authored Sep 22, 2016 and

Nick Mathewson committed May 08, 2017

Checking all of these parameter lists for every single connection every second
seems like it could be an expensive waste.

Updating globally cached versions when there is a new consensus will still
allow us to apply consensus parameter updates to all existing connections
immediately.

687a8595

Fix a breakage in test_options.c. · ae4d8c9c

Mike Perry authored Sep 22, 2016 and

Nick Mathewson committed May 08, 2017

IMO, these tests should be calling options_init() to properly set everything
to default values, but when that is done, about a dozen tests fail. Setting
the one default value that broke the tests for my branch. Sorry for being
lame.

ae4d8c9c

Remove a PredictedPortsRelevantTime test. · 20a3d4ef
Mike Perry authored Sep 06, 2016 and Nick Mathewson committed May 08, 2017
```
The option was deprecated by bug #17592.
```
20a3d4ef

Bug 17604: Converge on only one long-lived TLS conn between relays. · 76c9330f

Mike Perry authored Nov 14, 2015 and

Nick Mathewson committed May 08, 2017

Accomplished via the following:

1. Use NETINFO cells to determine if both peers will agree on canonical
   status. Prefer connections where they agree to those where they do not.
2. Alter channel_is_better() to prefer older orconns in the case of multiple
   canonical connections, and use the orconn with more circuits on it in case
   of age ties.

Also perform some hourly accounting on how many of these types of connections
there are and log it at info or notice level.

76c9330f

Bug 17592: Clean up connection timeout logic. · d5a151a0

Mike Perry authored Feb 21, 2017 and

Nick Mathewson committed May 08, 2017

This unifies CircuitIdleTimeout and PredictedCircsRelevanceTime into a single
option, and randomizes it.

It also gives us control over the default value as well as relay-to-relay
connection lifespan through the consensus.

Conflicts:
	src/or/circuituse.c
	src/or/config.c
	src/or/main.c
	src/test/testing_common.c

d5a151a0

Netflow record collapsing defense. · b0e92634

Mike Perry authored Sep 06, 2016 and

Nick Mathewson committed May 08, 2017

This defense will cause Cisco, Juniper, Fortinet, and other routers operating
in the default configuration to collapse netflow records that would normally
be split due to the 15 second flow idle timeout.

Collapsing these records should greatly reduce the utility of default netflow
data for correlation attacks, since all client-side records should become 30
minute chunks of total bytes sent/received, rather than creating multiple
separate records for every webpage load/ssh command interaction/XMPP chat/whatever
else happens to be inactive for more than 15 seconds.

The defense adds consensus parameters to govern the range of timeout values
for sending padding packets, as well as for keeping connections open.

The defense only sends padding when connections are otherwise inactive, and it
does not pad connections used solely for directory traffic at all. By default
it also doesn't pad inter-relay connections.

Statistics on the total padding in the last 24 hours are exported to the
extra-info descriptors.

b0e92634

22 Feb, 2017 1 commit
- Add an O(1) map from channel->global_identifier to channel · 515e1f66
  Nick Mathewson authored Jan 23, 2016
  
  515e1f66
17 Feb, 2017 6 commits
- Merge branch 'maint-0.3.0' · efa5bbab
  Nick Mathewson authored Feb 17, 2017
  
  efa5bbab
- Remove a redundant check in ..transition_affects_guards() · 823fb68a
  Nick Mathewson authored Feb 17, 2017
```
scan-build found that we we checking UseEntryGuards twice.

Fixes bug 21492.
```
  823fb68a
- Merge branch 'maint-0.3.0' · 9b1d9901
  Nick Mathewson authored Feb 17, 2017
  
  9b1d9901
- Merge branch 'maint-0.2.9' into maint-0.3.0 · 5dbbd6bc
  Nick Mathewson authored Feb 17, 2017
  
  5dbbd6bc
- Check for micro < 0, rather than checking "minor" twice. · 67cec757
  Nick Mathewson authored Feb 17, 2017
```
Bug found with clang scan-build.  Fixes bug on f63e06d3.
Bug not present in any released Tor.
```
  67cec757
- Fix memleak in test_getinfo_helper_onion. · d3f0f10e
  Nick Mathewson authored Feb 17, 2017
```
Fix on fc58c37e. Not in any released tor
```
  d3f0f10e
16 Feb, 2017 1 commit
- Merge remote-tracking branch 'meejah/ticket-21329-onions-current' · 31be66ea
  Nick Mathewson authored Feb 16, 2017
  
  31be66ea
15 Feb, 2017 26 commits
- Bump master to 0.3.1.0-alpha-dev · 832d4636
  Nick Mathewson authored Feb 15, 2017
  
  832d4636
- hs: Avoid a strlen(NULL) if descriptor is not found in cache · 3336f26e
  David Goulet authored Feb 15, 2017
```
Instead of returning 404 error code, this led to a NULL pointer being used and
thus a crash of tor.

Fixes #21471

Signed-off-by: David Goulet <dgoulet@torproject.org>
```
  3336f26e
- Merge branch 'maint-0.2.9' · d633c475
  Nick Mathewson authored Feb 15, 2017
  
  d633c475
- whoops; make 21450 compile · fea93abe
  Nick Mathewson authored Feb 15, 2017
  
  fea93abe
- Merge branch 'bug21447' · 39af9fc2
  Nick Mathewson authored Feb 15, 2017
  
  39af9fc2
- Merge branch 'maint-0.2.9' · 62f98ad4
  Nick Mathewson authored Feb 15, 2017
  
  62f98ad4
- Limit version numbers to 0...INT32_MAX. · cb6b3b7c
  Nick Mathewson authored Feb 15, 2017
```
Closes 21450; patch from teor.
```
  cb6b3b7c
- Merge branch 'maint-0.2.9' · 1fbff411
  Nick Mathewson authored Feb 15, 2017
  
  1fbff411
- Merge branch 'maint-0.2.8' into maint-0.2.9 · a1c3b391
  Nick Mathewson authored Feb 15, 2017
  
  a1c3b391
- Merge branch 'maint-0.2.7' into maint-0.2.8 · 52220541
  Nick Mathewson authored Feb 15, 2017
  
  52220541
- Merge branch 'maint-0.2.6' into maint-0.2.7 · e6376a80
  Nick Mathewson authored Feb 15, 2017
  
  e6376a80
- Merge branch 'maint-0.2.5' into maint-0.2.6 · f7ed4a7d
  Nick Mathewson authored Feb 15, 2017
  
  f7ed4a7d
- Merge branch 'maint-0.2.8' of git-rw.torproject.org:/tor into maint-0.2.8 · 71cd68b6
  Nick Mathewson authored Feb 15, 2017
  
  71cd68b6
- Merge branch 'maint-0.2.7' of git-rw.torproject.org:/tor into maint-0.2.7 · 67877f55
  Nick Mathewson authored Feb 15, 2017
  
  67877f55
- Merge branch 'maint-0.2.6' of git-rw.torproject.org:/tor into maint-0.2.6 · 6e7ff9ee
  Nick Mathewson authored Feb 15, 2017
  
  6e7ff9ee
- Merge branch 'maint-0.2.5' of git-rw.torproject.org:/tor into maint-0.2.5 · aeb299ba
  Nick Mathewson authored Feb 15, 2017
  
  aeb299ba
- Merge branch 'maint-0.2.9' · 76d79d59
  Nick Mathewson authored Feb 15, 2017
  
  76d79d59
- Merge branch 'bug21278_extra_029' into maint-0.2.9 · 5d88267b
  Nick Mathewson authored Feb 15, 2017
  
  5d88267b
- Merge branch 'bug21278_redux_029_squashed' into maint-0.2.9 · ec6b5a09
  Nick Mathewson authored Feb 15, 2017
  
  ec6b5a09
- Merge branch 'maint-0.2.8' into maint-0.2.9 · eeb74358
  Nick Mathewson authored Feb 15, 2017
  
  eeb74358
- Merge branch 'maint-0.2.7' into maint-0.2.8 · 1ebdae61
  Nick Mathewson authored Feb 15, 2017
  
  1ebdae61
- Merge branch 'maint-0.2.6' into maint-0.2.7 · ed806843
  Nick Mathewson authored Feb 15, 2017
  
  ed806843
- Merge branch 'maint-0.2.5' into maint-0.2.6 · 3781f24b
  Nick Mathewson authored Feb 15, 2017
  
  3781f24b
- Merge branch 'maint-0.2.4' into maint-0.2.5 · a452b713
  Nick Mathewson authored Feb 15, 2017
  
  a452b713
- give tor_version_parse_platform some function documentation · 3c4da8a1
  Roger Dingledine authored Feb 14, 2017 and Nick Mathewson committed Feb 15, 2017
  
  3c4da8a1
- When examining descriptors as a dirserver, reject ones with bad versions · 02e05bd7
  Nick Mathewson authored Feb 13, 2017
```
This is an extra fix for bug 21278: it ensures that these
descriptors and platforms will never be listed in a legit consensus.
```
  02e05bd7