1. 08 May, 2017 2 commits
    • Mike Perry's avatar
      Bug 17592: Clean up connection timeout logic. · d5a151a0
      Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
      This unifies CircuitIdleTimeout and PredictedCircsRelevanceTime into a single
      option, and randomizes it.
      It also gives us control over the default value as well as relay-to-relay
      connection lifespan through the consensus.
    • Mike Perry's avatar
      Netflow record collapsing defense. · b0e92634
      Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
      This defense will cause Cisco, Juniper, Fortinet, and other routers operating
      in the default configuration to collapse netflow records that would normally
      be split due to the 15 second flow idle timeout.
      Collapsing these records should greatly reduce the utility of default netflow
      data for correlation attacks, since all client-side records should become 30
      minute chunks of total bytes sent/received, rather than creating multiple
      separate records for every webpage load/ssh command interaction/XMPP chat/whatever
      else happens to be inactive for more than 15 seconds.
      The defense adds consensus parameters to govern the range of timeout values
      for sending padding packets, as well as for keeping connections open.
      The defense only sends padding when connections are otherwise inactive, and it
      does not pad connections used solely for directory traffic at all. By default
      it also doesn't pad inter-relay connections.
      Statistics on the total padding in the last 24 hours are export...
  2. 07 Feb, 2017 5 commits
  3. 31 Jan, 2017 1 commit
    • Nick Mathewson's avatar
      Call monotime_init() earlier. · d183ec23
      Nick Mathewson authored
      We need to call it before nt_service_parse_options(), since
      nt_service_parse_options() can call back into nt_service_main(),
      which calls do_main_loop().
      Fixes bug 21356; bugfix on
  4. 08 Jan, 2017 1 commit
  5. 16 Dec, 2016 3 commits
  6. 14 Dec, 2016 1 commit
    • George Kadianakis's avatar
      prop224 prepwork: Use of HS circuitmap in existing HS code. · 9192e592
      George Kadianakis authored and Nick Mathewson's avatar Nick Mathewson committed
      The new HS circuitmap API replaces old public functions as follows:
         circuit_clear_rend_token -> hs_circuitmap_remove_circuit
         circuit_get_rendezvous -> hs_circuitmap_get_rend_circ
         circuit_get_intro_point -> hs_circuitmap_get_intro_circ_v2
         circuit_set_rendezvous_cookie -> hs_circuitmap_register_rend_circ
         circuit_set_intro_point_digest -> hs_circuitmap_register_intro_circ_v2
      This commit also removes the old rendinfo code that is now unused.
      It also fixes the broken rendinfo unittests.
  7. 08 Dec, 2016 2 commits
  8. 30 Nov, 2016 2 commits
    • Nick Mathewson's avatar
      Use the new guard notification/selection APIs throughout Tor · dbbaa515
      Nick Mathewson authored
      This patch doesn't cover every case; omitted cases are marked with
      "XXXX prop271", as usual.  It leaves both the old interface and the
      new interface for guard status notification, since they don't
      actually work in the same way: the new API wants to be told when a
      circuit has failed or succeeded, whereas the old API wants to know
      when a channel has failed or succeeded.
      I ran into some trouble with directory guard stuff, since when we
      pick the directory guard, we don't actually have a circuit to
      associate it with.  I solved that by allowing guard states to be
      associated with directory connections, not just circuits.
    • Nick Mathewson's avatar
      Split bridge functions into a new module. · 8da24c99
      Nick Mathewson authored
      This patch is just:
         * Code movement
         * Adding headers here and there as needed
         * Adding a bridges_free_all() with a call to it.
      It breaks compilation, since the bridge code needed to make exactly
      2 calls into entrynodes.c internals.  I'll fix those in the next
  9. 04 Nov, 2016 2 commits
  10. 02 Nov, 2016 1 commit
    • Nick Mathewson's avatar
      Always call connection_ap_attach_pending() once a second. · b2f82d45
      Nick Mathewson authored and Roger Dingledine's avatar Roger Dingledine committed
      Fixes bug 19969; bugfix on b1d56fc5.  We can fix this some more in
      later Tors, but for now, this is probably the simplest fix possible.
      This is a belt-and-suspenders fix, where the earlier fix ("Ask
      event_base_loop to finish when we add a pending stream") aims to respond
      to new streams as soon as they arrive, and this one aims to make sure
      that we definitely respond to all of the streams.
  11. 01 Nov, 2016 1 commit
  12. 27 Oct, 2016 1 commit
  13. 26 Sep, 2016 1 commit
  14. 13 Sep, 2016 3 commits
    • teor's avatar
      Remove a duplicate non-anonymous warning log message · 07d32d2e
      teor authored and Nick Mathewson's avatar Nick Mathewson committed
      We log this message every time we validate tor's options.
      There's no need to log a duplicate in main() as well.
      (It is impossible to run main() without validating our options.)
    • teor (Tim Wilson-Brown)'s avatar
      Refactor crypto init to use existing options variable · 831cf6d1
      teor (Tim Wilson-Brown) authored and Nick Mathewson's avatar Nick Mathewson committed
    • teor (Tim Wilson-Brown)'s avatar
      Implement Prop #260: Single Onion Services · b560f852
      teor (Tim Wilson-Brown) authored and Nick Mathewson's avatar Nick Mathewson committed
      Add experimental OnionServiceSingleHopMode and
      OnionServiceNonAnonymousMode options. When both are set to 1, every
      hidden service on a tor instance becomes a non-anonymous Single Onion
      Service. Single Onions make one-hop (direct) connections to their
      introduction and renzedvous points. One-hop circuits make Single Onion
      servers easily locatable, but clients remain location-anonymous.
      This is compatible with the existing hidden service implementation, and
      works on the current tor network without any changes to older relays or
      Implements proposal #260, completes ticket #17178. Patch by teor & asn.
      squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services
      Redesign single onion service poisoning.
      When in OnionServiceSingleHopMode, each hidden service key is poisoned
      (marked as non-anonymous) on creation by creating a poison file in the
      hidden service directory.
      Existing keys are considered non-anonymous if this file exists, and
      anonymous if it does not.
      Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
      are anonymous. Similarly, it refuses to launch in anonymous client mode
      if any existing keys are non-anonymous.
      Rewrite the unit tests to match and be more comprehensive.
      Adds a bonus unit test for rend_service_load_all_keys().
  15. 20 Aug, 2016 6 commits
  16. 16 Aug, 2016 1 commit
  17. 10 Aug, 2016 1 commit
  18. 02 Aug, 2016 3 commits
  19. 19 Jul, 2016 1 commit
  20. 14 Jul, 2016 1 commit
  21. 04 Jul, 2016 1 commit