1. 03 Jan, 2013 2 commits
    • Nick Mathewson's avatar
      Eliminate MaxOnionsPending; replace it with MaxOnionQueueDelay · b0b3c14c
      Nick Mathewson authored
      The right way to set "MaxOnionsPending" was to adjust it until the
      processing delay was appropriate.  So instead, let's measure how long
      it takes to process onionskins (sampling them once we have a big
      number), and then limit the queue based on its expected time to
      This change is extra-necessary for ntor, since there is no longer a
      reasonable way to set MaxOnionsPending without knowing what mix of
      onionskins you'll get.
      This patch also reserves 1/3 of the onionskin spots for ntor
      handshakes, on the theory that TAP handshakes shouldn't be allowed to
      starve their speedier cousins.  We can change this later if need be.
      Resolves 7291.
    • Nick Mathewson's avatar
      Document UseNTorHandshake · ed3c8d9d
      Nick Mathewson authored
  2. 26 Dec, 2012 2 commits
  3. 17 Dec, 2012 4 commits
  4. 10 Dec, 2012 1 commit
  5. 07 Dec, 2012 2 commits
  6. 06 Dec, 2012 5 commits
  7. 28 Nov, 2012 1 commit
  8. 15 Nov, 2012 1 commit
  9. 17 Oct, 2012 2 commits
  10. 20 Sep, 2012 1 commit
  11. 19 Sep, 2012 1 commit
  12. 14 Sep, 2012 1 commit
  13. 10 Sep, 2012 1 commit
  14. 05 Sep, 2012 4 commits
  15. 04 Sep, 2012 1 commit
    • Linus Nordberg's avatar
      Clients connect to public relays over IPv6. · e04e1a2e
      Linus Nordberg authored and Nick Mathewson's avatar Nick Mathewson committed
      Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.
      Use "preferred OR port" for all entry nodes, not only for bridges.
      Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
      configured in Bridge line and ClientPreferIPv6ORPort is set.
      Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
      descriptor and ClientPreferIPv6ORPort is set.
      Filter "preferred OR port" through the ClientUseIPv6 config option. We
      might want to move this test to where actual connection is being set
      up once we have a fall back mechanism in place.
      Have only non-servers pick an IPv6 address for the first hop: We
      don't want relays to connect over IPv6 yet. (IPv6 has never been used
      for second or third hops.)
      Implements ticket 5535.
  16. 31 Aug, 2012 1 commit
  17. 27 Aug, 2012 1 commit
    • Nick Mathewson's avatar
      Disable extending to private/internal addresses by default · b7c172c9
      Nick Mathewson authored
      This is important, since otherwise an attacker can use timing info
      to probe the internal network.
      Also, add an option (ExtendAllowPrivateAddresses) so that
      TestingTorNetwork won't break.
      Fix for bug 6710; bugfix on all released versions of Tor.
  18. 23 Aug, 2012 1 commit
  19. 31 Jul, 2012 1 commit
    • Nick Mathewson's avatar
      Fix some manpage typos · d9bd0de0
      Nick Mathewson authored
      This is based on a pair of patches from A. Costa. I couldn't apply
      those directly, since they changed the generated *roff files, not
      the asciidoc source.
      Fixes Tor bug 6500 and Debian bug 683359.
  20. 19 Jul, 2012 2 commits
  21. 16 Jul, 2012 1 commit
  22. 18 Jun, 2012 1 commit
  23. 15 Jun, 2012 1 commit
  24. 14 Jun, 2012 2 commits
    • Mike Perry's avatar
      Defend against entry node path bias attacks · 8d596900
      Mike Perry authored
      The defense counts the circuit failure rate for each guard for the past N
      circuits. Failure is defined as the ability to complete a first hop, but not
      finish completing the circuit all the way to the exit.
      If the failure rate exceeds a certain amount, a notice is emitted.
      If it exceeds a greater amount, a warn is emitted and the guard is disabled.
      These values are governed by consensus parameters which we intend to tune as
      we perform experiments and statistical simulations.
    • Nick Mathewson's avatar