1. 06 May, 2020 1 commit
    • Nick Mathewson's avatar
      Use __attribute__((fallthrough)) rather than magic GCC comments. · cc397449
      Nick Mathewson authored
      GCC added an implicit-fallthrough warning a while back, where it
      would complain if you had a nontrivial "case:" block that didn't end
      with break, return, or something like that.  Clang recently added
      the same thing.
      GCC, however, would let you annotate a fall-through as intended by
      any of various magic "/* fall through */" comments.  Clang, however,
      only seems to like "__attribute__((fallthrough))".  Fortunately, GCC
      accepts that too.
      A previous commit in this branch defined a FALLTHROUGH macro to do
      the right thing if GNUC is defined; here we replace all of our "fall
      through" comments with uses of that macro.
      This is an automated commit, made with the following perl one-liner:
        #!/usr/bin/perl -i -p
        s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
  2. 16 Jan, 2019 1 commit
  3. 25 Sep, 2018 1 commit
  4. 19 Sep, 2018 1 commit
  5. 21 Aug, 2018 1 commit
  6. 20 Jul, 2018 1 commit
  7. 05 Jul, 2018 2 commits
    • Nick Mathewson's avatar
      Fix every include path changed in the previous commit (automated) · ef486e3c
      Nick Mathewson authored
      I am very glad to have written this script.
    • Nick Mathewson's avatar
      Move literally everything out of src/or · 63b4ea22
      Nick Mathewson authored
      This commit won't build yet -- it just puts everything in a slightly
      more logical place.
      The reasoning here is that "src/core" will hold the stuff that every (or
      nearly every) tor instance will need in order to do onion routing.
      Other features (including some necessary ones) will live in
      "src/feature".  The "src/app" directory will hold the stuff needed
      to have Tor be an application you can actually run.
      This commit DOES NOT refactor the former contents of src/or into a
      logical set of acyclic libraries, or change any code at all.  That
      will have to come in the future.
      We will continue to move things around and split them in the future,
      but I hope this lays a reasonable groundwork for doing so.
  8. 03 Jul, 2018 1 commit
  9. 01 Jul, 2018 1 commit
  10. 20 Jun, 2018 2 commits
  11. 15 Jun, 2018 5 commits
  12. 16 Feb, 2018 1 commit
    • Roger Dingledine's avatar
      backport to make channel_is_client() accurate · 8d5dcdbd
      Roger Dingledine authored and Nick Mathewson's avatar Nick Mathewson committed
      This commit takes a piece of commit af8cadf3 and a piece of commit
      46fe353f25, with the goal of making channel_is_client() be based on what
      sort of connection handshake the other side used, rather than seeing
      whether the other side ever sent a create_fast cell to us.
  13. 15 Feb, 2018 1 commit
    • David Goulet's avatar
      cmux: Make EWMA policy mandatory · 6b1dba21
      David Goulet authored
      To achieve this, a default value for the CircuitPriorityHalflife option was
      needed. We still look in the options and then the consensus but in case no
      value can be found, the default CircuitPriorityHalflifeMsec=30000 is used. It
      it the value we've been using since
      This means that EWMA, our only policy, can not be disabled anymore fallbacking
      to the round robin algorithm. Unneeded code to control that is removed in this
      Part of #25268
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
  14. 07 Feb, 2018 2 commits
  15. 31 Jan, 2018 1 commit
  16. 08 Dec, 2017 1 commit
    • David Goulet's avatar
      chan: Do not re-queue after a fail cell write · 6120efd7
      David Goulet authored and Nick Mathewson's avatar Nick Mathewson committed
      Couple things happen in this commit. First, we do not re-queue a cell back in
      the circuit queue if the write packed cell failed. Currently, it is close to
      impossible to have it failed but just in case, the channel is mark as closed
      and we move on.
      The second thing is that the channel_write_packed_cell() always took ownership
      of the cell whatever the outcome. This means, on success or failure, it needs
      to free it.
      It turns out that that we were using the wrong free function in one case and
      not freeing it in an other possible code path. So, this commit makes sure we
      only free it in one place that is at the very end of
      channel_write_packed_cell() which is the top layer of the channel abstraction.
      This makes also channel_tls_write_packed_cell_method() return a negative value
      on error.
      Two unit tests had to be fixed (quite trivial) due to a double free of the
      packed cell in the test since now we do free it in all cases correctly.
      Part of #23709
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
  17. 22 Nov, 2017 1 commit
    • David Goulet's avatar
      channel: Remove incoming/outgoing queue · 46a07092
      David Goulet authored
      For the rationale, see ticket #23709.
      This is a pretty massive commit. Those queues were everywhere in channel.c and
      it turns out that it was used by lots of dead code.
      The channel subsystem *never* handles variable size cell (var_cell_t) or
      unpacked cells (cell_t). The variable ones are only handled in channeltls and
      outbound cells are always packed from the circuit queue so this commit removes
      code related to variable and unpacked cells.
      However, inbound cells are unpacked (cell_t), that is untouched and is handled
      via channel_process_cell() function.
      In order to make the commit compile, test have been modified but not passing
      at this commit. Also, many tests have been removed but better improved ones
      get added in future commits.
      This commit also adds a XXX: which indicates that the handling process of
      outbound cells isn't fully working. This as well is fixed in a future commit.
      Finally, at this commit, more dead code remains, it will be cleanup in future
      Fixes #23709
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
  18. 20 Sep, 2017 1 commit
    • Nick Mathewson's avatar
      Fix a comment that misunderstood is_canonical · 427ae164
      Nick Mathewson authored
      is_canonical doesn't mean "am I connected to the one true address of
      this relay"; it means "does this relay tell me that the address I'm
      connected to belong to it."  The point is to prevent TCP-based MITM,
      not to prevent the relay from multi-homing.
      Related to 22890.
  19. 15 Sep, 2017 4 commits
  20. 05 Sep, 2017 1 commit
    • Nick Mathewson's avatar
      Repair buffer API so everything starts with buf_. · 4a7e90ad
      Nick Mathewson authored
      Our convention is that functions which manipulate a type T should be
      named T_foo.  But the buffer functions were super old, and followed
      all kinds of conventions.  Now they're uniform.
      Here's the perl I used to do this:
      \#!/usr/bin/perl -w -i -p
  21. 01 Jul, 2017 1 commit
  22. 21 Jun, 2017 1 commit
  23. 08 May, 2017 4 commits
    • Nick Mathewson's avatar
      whitespace fixes · fb97f76e
      Nick Mathewson authored
    • Mike Perry's avatar
    • Mike Perry's avatar
      Bug 17604: Converge on only one long-lived TLS conn between relays. · 76c9330f
      Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
      Accomplished via the following:
      1. Use NETINFO cells to determine if both peers will agree on canonical
         status. Prefer connections where they agree to those where they do not.
      2. Alter channel_is_better() to prefer older orconns in the case of multiple
         canonical connections, and use the orconn with more circuits on it in case
         of age ties.
      Also perform some hourly accounting on how many of these types of connections
      there are and log it at info or notice level.
    • Mike Perry's avatar
      Netflow record collapsing defense. · b0e92634
      Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
      This defense will cause Cisco, Juniper, Fortinet, and other routers operating
      in the default configuration to collapse netflow records that would normally
      be split due to the 15 second flow idle timeout.
      Collapsing these records should greatly reduce the utility of default netflow
      data for correlation attacks, since all client-side records should become 30
      minute chunks of total bytes sent/received, rather than creating multiple
      separate records for every webpage load/ssh command interaction/XMPP chat/whatever
      else happens to be inactive for more than 15 seconds.
      The defense adds consensus parameters to govern the range of timeout values
      for sending padding packets, as well as for keeping connections open.
      The defense only sends padding when connections are otherwise inactive, and it
      does not pad connections used solely for directory traffic at all. By default
      it also doesn't pad inter-relay connections.
      Statistics on the total padding in the last 24 hours are export...
  24. 02 May, 2017 1 commit
  25. 15 Mar, 2017 1 commit
  26. 08 Dec, 2016 2 commits