1. 08 May, 2017 2 commits
    • Mike Perry's avatar
      Bug 17592: Clean up connection timeout logic. · d5a151a0
      Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
      This unifies CircuitIdleTimeout and PredictedCircsRelevanceTime into a single
      option, and randomizes it.
      It also gives us control over the default value as well as relay-to-relay
      connection lifespan through the consensus.
    • Mike Perry's avatar
      Netflow record collapsing defense. · b0e92634
      Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
      This defense will cause Cisco, Juniper, Fortinet, and other routers operating
      in the default configuration to collapse netflow records that would normally
      be split due to the 15 second flow idle timeout.
      Collapsing these records should greatly reduce the utility of default netflow
      data for correlation attacks, since all client-side records should become 30
      minute chunks of total bytes sent/received, rather than creating multiple
      separate records for every webpage load/ssh command interaction/XMPP chat/whatever
      else happens to be inactive for more than 15 seconds.
      The defense adds consensus parameters to govern the range of timeout values
      for sending padding packets, as well as for keeping connections open.
      The defense only sends padding when connections are otherwise inactive, and it
      does not pad connections used solely for directory traffic at all. By default
      it also doesn't pad inter-relay connections.
      Statistics on the total padding in the last 24 hours are exported to the
      extra-info descriptors.
  2. 17 Feb, 2017 1 commit
  3. 07 Feb, 2017 1 commit
  4. 03 Feb, 2017 1 commit
  5. 02 Feb, 2017 1 commit
  6. 01 Feb, 2017 2 commits
  7. 27 Jan, 2017 3 commits
  8. 23 Jan, 2017 1 commit
  9. 18 Jan, 2017 6 commits
  10. 14 Jan, 2017 1 commit
  11. 13 Jan, 2017 1 commit
    • teor's avatar
      Remove redundant options checks for IPv6 preference conflicts · 5227ff4a
      teor authored and Nick Mathewson's avatar Nick Mathewson committed
      It is no longer possible for the IPv6 preference options to differ from the
      IPv6 usage: preferring IPv6 implies possibly using IPv6.
      Also remove the corresponding unit test warning message checks.
      (But keep the unit tests themselves - they now run without warnings.)
  12. 03 Jan, 2017 1 commit
  13. 02 Jan, 2017 1 commit
    • Nick Mathewson's avatar
      Unindent long-misindented blocks. · 97ed2ce0
      Nick Mathewson authored
      We switched these to be "if (1) " a while back, so we could keep
      the indentation and avoid merge conflicts.  But it's nice to clean
      up from time to time.
  14. 30 Dec, 2016 1 commit
  15. 18 Dec, 2016 2 commits
  16. 16 Dec, 2016 6 commits
  17. 13 Dec, 2016 2 commits
    • Nick Mathewson's avatar
      Remove AuthDirMaxServersPerAuthAddr · 55d02c00
      Nick Mathewson authored
      Back when Roger had do do most of our testing on the moria host, we
      needed a higher limit for the number of relays running on a single
      IP address when that limit was shared with an authority. Nowadays,
      the idea is pretty obsolete.
      Also remove the router_addr_is_trusted_dir() function, which served
      no other purpose.
      Closes ticket 20960.
    • Nick Mathewson's avatar
      Change the default of AuthDirPinKeys to 1. · 0dd48bfe
      Nick Mathewson authored
      Closes ticket 18319.
  18. 12 Dec, 2016 1 commit
  19. 08 Dec, 2016 2 commits
  20. 07 Dec, 2016 1 commit
  21. 01 Dec, 2016 1 commit
    • teor's avatar
      Stop ignoring hidden service key anonymity when first starting tor · f80a43d1
      teor authored and Nick Mathewson's avatar Nick Mathewson committed
      Instead, refuse to start tor if any hidden service key has been used in
      a different hidden service anonymity mode.
      Fixes bug 20638; bugfix on 17178 in; reported by ahf.
      The original single onion service poisoning code checked poisoning state
      in options_validate, and poisoned in options_act. This was problematic,
      because the global array of hidden services had not been populated in
      options_validate (and there were ordrering issues with hidden service
      directory creation).
      This patch fixes this issue in rend_service_check_dir_and_add, which:
      * creates the directory, or checks permissions on an existing directory, then
      * checks the poisoning state of the directory, then
      * poisons the directory.
      When validating, only the permissions checks and the poisoning state checks
      are perfomed (the directory is not modified).
  22. 30 Nov, 2016 2 commits
    • Nick Mathewson's avatar
      Add an (as yet) unused UseDeprecatedGuardAlgorithm_ option. · 8dc6048c
      Nick Mathewson authored
      I expect we'll be ripping this out somewhere in 0.3.0, but let's
      keep it around for a little while in case it turns out to be the
      only way to avert disaster?
    • Nick Mathewson's avatar
      Split bridge functions into a new module. · 8da24c99
      Nick Mathewson authored
      This patch is just:
         * Code movement
         * Adding headers here and there as needed
         * Adding a bridges_free_all() with a call to it.
      It breaks compilation, since the bridge code needed to make exactly
      2 calls into entrynodes.c internals.  I'll fix those in the next