Create the hs_test_helpers.{c|h} files that contains helper functions to
create introduction point, descriptor and compare descriptor.

Used by both the hs cache and hs descriptor tests. Unify them to avoid code
duplication.

Also, this commit fixes the usage of the signing key that was wrongly used
when creating a cross signed certificate.

Signed-off-by: David Goulet <dgoulet@torproject.org>

This fixes a warning from jenkins.

Mike Perry authored 7 years ago and Nick Mathewson committed 7 years ago

asan was finding an alignment issue with a cast, so set the field in the
trunnel struct and then encode it instead. Also, enable log capture and
verification.

Mike Perry authored 7 years ago and Nick Mathewson committed 7 years ago

https://gitlab.com/dgoulet/tor/merge_requests/24

Mike Perry authored 8 years ago and Nick Mathewson committed 7 years ago

Checking all of these parameter lists for every single connection every second
seems like it could be an expensive waste.

Updating globally cached versions when there is a new consensus will still
allow us to apply consensus parameter updates to all existing connections
immediately.

Mike Perry authored 8 years ago and Nick Mathewson committed 7 years ago

IMO, these tests should be calling options_init() to properly set everything
to default values, but when that is done, about a dozen tests fail. Setting
the one default value that broke the tests for my branch. Sorry for being
lame.

Mike Perry authored 8 years ago and Nick Mathewson committed 7 years ago

The option was deprecated by bug #17592.

Mike Perry authored 9 years ago and Nick Mathewson committed 7 years ago

Accomplished via the following:

1. Use NETINFO cells to determine if both peers will agree on canonical
   status. Prefer connections where they agree to those where they do not.
2. Alter channel_is_better() to prefer older orconns in the case of multiple
   canonical connections, and use the orconn with more circuits on it in case
   of age ties.

Also perform some hourly accounting on how many of these types of connections
there are and log it at info or notice level.

Mike Perry authored 8 years ago and Nick Mathewson committed 7 years ago

This unifies CircuitIdleTimeout and PredictedCircsRelevanceTime into a single
option, and randomizes it.

It also gives us control over the default value as well as relay-to-relay
connection lifespan through the consensus.

Conflicts:
	src/or/circuituse.c
	src/or/config.c
	src/or/main.c
	src/test/testing_common.c

Mike Perry authored 8 years ago and Nick Mathewson committed 7 years ago

This defense will cause Cisco, Juniper, Fortinet, and other routers operating
in the default configuration to collapse netflow records that would normally
be split due to the 15 second flow idle timeout.

Collapsing these records should greatly reduce the utility of default netflow
data for correlation attacks, since all client-side records should become 30
minute chunks of total bytes sent/received, rather than creating multiple
separate records for every webpage load/ssh command interaction/XMPP chat/whatever
else happens to be inactive for more than 15 seconds.

The defense adds consensus parameters to govern the range of timeout values
for sending padding packets, as well as for keeping connections open.

The defense only sends padding when connections are otherwise inactive, and it
does not pad connections used solely for directory traffic at all. By default
it also doesn't pad inter-relay connections.

Statistics on the total padding in the last 24 hours are exported to the
extra-info descriptors.

Dead branch found by Coverity in CID #1405875.

This can happen if you've been running an earlier alpha on your
relay.  Instead, just ignore the entry.

These are mostly just identifier renames, except for one place in
routerparse.c where we switch to using a correct hash.