1. 08 May, 2017 2 commits
    • Mike Perry's avatar
      Bug 17592: Clean up connection timeout logic. · d5a151a0
      Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
      This unifies CircuitIdleTimeout and PredictedCircsRelevanceTime into a single
      option, and randomizes it.
      
      It also gives us control over the default value as well as relay-to-relay
      connection lifespan through the consensus.
      
      Conflicts:
      	src/or/circuituse.c
      	src/or/config.c
      	src/or/main.c
      	src/test/testing_common.c
      d5a151a0
    • Mike Perry's avatar
      Netflow record collapsing defense. · b0e92634
      Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
      This defense will cause Cisco, Juniper, Fortinet, and other routers operating
      in the default configuration to collapse netflow records that would normally
      be split due to the 15 second flow idle timeout.
      
      Collapsing these records should greatly reduce the utility of default netflow
      data for correlation attacks, since all client-side records should become 30
      minute chunks of total bytes sent/received, rather than creating multiple
      separate records for every webpage load/ssh command interaction/XMPP chat/whatever
      else happens to be inactive for more than 15 seconds.
      
      The defense adds consensus parameters to govern the range of timeout values
      for sending padding packets, as well as for keeping connections open.
      
      The defense only sends padding when connections are otherwise inactive, and it
      does not pad connections used solely for directory traffic at all. By default
      it also doesn't pad inter-relay connections.
      
      Statistics on the total padding in the last 24 hours are exported to the
      extra-info descriptors.
      b0e92634
  2. 01 Feb, 2017 1 commit
  3. 27 Jan, 2017 1 commit
  4. 23 Jan, 2017 1 commit
    • David Goulet's avatar
      circuit: Change close reasons from uint16_t to int · 96c7ddbc
      David Goulet authored and Nick Mathewson's avatar Nick Mathewson committed
      
      
      When marking for close a circuit, the reason value, a integer, was assigned to
      a uint16_t converting any negative reasons (internal) to the wrong value. On
      the HS side, this was causing the client to flag introduction points to be
      unreachable as the internal reason was wrongfully converted to a positive
      16bit value leading to flag 2 out of 3 intro points to be unreachable.
      
      Fixes #20307 and partially fixes #21056
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      96c7ddbc
  5. 18 Jan, 2017 3 commits
  6. 08 Jan, 2017 1 commit
  7. 22 Dec, 2016 1 commit
    • David Goulet's avatar
      circuit: Change close reasons from uint16_t to int · 955d4b7a
      David Goulet authored
      
      
      When marking for close a circuit, the reason value, a integer, was assigned to
      a uint16_t converting any negative reasons (internal) to the wrong value. On
      the HS side, this was causing the client to flag introduction points to be
      unreachable as the internal reason was wrongfully converted to a positive
      16bit value leading to flag 2 out of 3 intro points to be unreachable.
      
      Fixes #20307 and partially fixes #21056
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      955d4b7a
  8. 18 Dec, 2016 1 commit
  9. 16 Dec, 2016 1 commit
  10. 14 Dec, 2016 2 commits
    • George Kadianakis's avatar
      prop224 prepwork: Use of HS circuitmap in existing HS code. · 9192e592
      George Kadianakis authored and Nick Mathewson's avatar Nick Mathewson committed
      The new HS circuitmap API replaces old public functions as follows:
         circuit_clear_rend_token -> hs_circuitmap_remove_circuit
         circuit_get_rendezvous -> hs_circuitmap_get_rend_circ
         circuit_get_intro_point -> hs_circuitmap_get_intro_circ_v2
         circuit_set_rendezvous_cookie -> hs_circuitmap_register_rend_circ
         circuit_set_intro_point_digest -> hs_circuitmap_register_intro_circ_v2
      
      This commit also removes the old rendinfo code that is now unused.
      It also fixes the broken rendinfo unittests.
      9192e592
    • George Kadianakis's avatar
      prop224 prepwork: Introduce HS circuitmap subsystem. · 2b9abbef
      George Kadianakis authored and Nick Mathewson's avatar Nick Mathewson committed
      The HS circuitmap is a hash table that maps introduction and rendezvous
      tokens to specific circuits such that given a token it's easy to find
      the corresponding circuit. It supports rend circuits and v2/v3 intro
      circuits.
      
      It will be used by the prop224 ESTABLISH_INTRO code to register and
      lookup v3 introduction circuits.
      
      The next commit after this removes the old code and fixes the unittests.
      Please consult both commits while reviewing functionality differences
      between the old and new code. Let me know if you want this rebased
      differently :)
      
      WRT architectural differences, this commit removes the rendinfo pointer
      from or_circuit_t. It then adds an hs_token_t pointer and a hashtable
      node for the HS circuitmap. IIUC, this adds another pointer to the
      weight of or_circuit_t. Let me know if you don't like this, or if you
      have suggestions on improving it.
      2b9abbef
  11. 13 Dec, 2016 1 commit
    • Nick Mathewson's avatar
      Remove AuthDirMaxServersPerAuthAddr · 55d02c00
      Nick Mathewson authored
      Back when Roger had do do most of our testing on the moria host, we
      needed a higher limit for the number of relays running on a single
      IP address when that limit was shared with an authority. Nowadays,
      the idea is pretty obsolete.
      
      Also remove the router_addr_is_trusted_dir() function, which served
      no other purpose.
      
      Closes ticket 20960.
      55d02c00
  12. 12 Dec, 2016 1 commit
  13. 08 Dec, 2016 4 commits
  14. 30 Nov, 2016 6 commits
    • Nick Mathewson's avatar
      Make new prop271 entry guards persistent · 858c8f55
      Nick Mathewson authored
      To do this, it makes sense to treat legacy guards as a separate
      guard_selection_t *, and handle them separately.  This also means we
      add support here for having multiple guard selections.
      
      Note that we don't persist pathbias information yet; that will take
      some refactoring.
      858c8f55
    • Nick Mathewson's avatar
      Use the new guard notification/selection APIs throughout Tor · dbbaa515
      Nick Mathewson authored
      This patch doesn't cover every case; omitted cases are marked with
      "XXXX prop271", as usual.  It leaves both the old interface and the
      new interface for guard status notification, since they don't
      actually work in the same way: the new API wants to be told when a
      circuit has failed or succeeded, whereas the old API wants to know
      when a channel has failed or succeeded.
      
      I ran into some trouble with directory guard stuff, since when we
      pick the directory guard, we don't actually have a circuit to
      associate it with.  I solved that by allowing guard states to be
      associated with directory connections, not just circuits.
      dbbaa515
    • Nick Mathewson's avatar
      Maintain a list of all the origin circuits. · de617a47
      Nick Mathewson authored
      We'll want this for upgrading waiting circuits.
      de617a47
    • Nick Mathewson's avatar
      Add an (as yet) unused UseDeprecatedGuardAlgorithm_ option. · 8dc6048c
      Nick Mathewson authored
      I expect we'll be ripping this out somewhere in 0.3.0, but let's
      keep it around for a little while in case it turns out to be the
      only way to avert disaster?
      8dc6048c
    • Nick Mathewson's avatar
      Add a new GUARD_WAIT state for circuits · 238828c9
      Nick Mathewson authored
      This state corresponds to the WAITING_FOR_BETTER_GUARD state; it's
      for circuits that are 100% constructed, but which we won't use until
      we are sure that we wouldn't use circuits with a better guard.
      238828c9
    • Nick Mathewson's avatar
      Write the easy parts of the public entryguard interface. · dd6bdab3
      Nick Mathewson authored
      Here we add a little bit of state to origin circuits, and set up
      the necessary functions for the circuit code to call in order to
      find guards, use guards, and decide when circuits can be used.
      
      There's also an incomplete function for the hard part of the
      circuit-maintenance code, where we figure out whether any waiting
      guards are ready to become usable.
      
      (This patch finally uses the handle.c code to make safe handles to
      entry_guard_t objects, so that we are allowed to free an
      entry_guard_t without checking whether any origin_circuit_t is
      holding a reference to it.)
      dd6bdab3
  15. 10 Nov, 2016 1 commit
  16. 04 Nov, 2016 1 commit
    • David Goulet's avatar
      hs: Refactor rend_data_t for multi version support · 8293356a
      David Goulet authored
      
      
      In order to implement proposal 224, we need the data structure rend_data_t to
      be able to accomodate versionning that is the current version of hidden
      service (2) and the new version (3) and future version.
      
      For that, we implement a series of accessors and a downcast function to get
      the v2 data structure. rend_data_t becomes a top level generic place holder.
      
      The entire rend_data_t API has been moved to hs_common.{c|h} in order to
      seperate code that is shared from between HS versions and unshared code (in
      rendcommon.c).
      
      Closes #19024
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      Signed-off-by: default avatarGeorge Kadianakis <desnacked@riseup.net>
      8293356a
  17. 03 Nov, 2016 8 commits
  18. 26 Sep, 2016 4 commits