Tor issueshttps://gitlab.torproject.org/tpo/core/tor/-/issues2022-05-07T06:47:11Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/25376Disable as many timers as possible when DisableNetwork or when idle/hibernating2022-05-07T06:47:11ZNick MathewsonDisable as many timers as possible when DisableNetwork or when idle/hibernatingWith legacy/trac#25373 and legacy/trac#25375, we should be using first-class timer objects for more and more of our timed events. We should have a way to mark timers that should be disabled when Tor is idle, or when DisableNetwork has ...With legacy/trac#25373 and legacy/trac#25375, we should be using first-class timer objects for more and more of our timed events. We should have a way to mark timers that should be disabled when Tor is idle, or when DisableNetwork has been set. Then we should actually disable them, to lower the amount of wakeups that Tor performs under those circumstances.Tor: 0.3.4.x-finalDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/25573Track half-closed stream IDs2023-02-15T19:20:48ZMike PerryTrack half-closed stream IDsIn order to eliminate a side channel attack described in https://petsymposium.org/2018/files/papers/issue2/popets-2018-0011.pdf ("DropMark" attack) we need a way to determine if a stream id is invalid.
Many clients (particularly Firefox...In order to eliminate a side channel attack described in https://petsymposium.org/2018/files/papers/issue2/popets-2018-0011.pdf ("DropMark" attack) we need a way to determine if a stream id is invalid.
Many clients (particularly Firefox) will hang up on streams that still have data in flight. In this case, Tor clients send RELAY_COMMAND_END when they are done with a stream, and immediately remove that stream ID from their valid stream mapping. The remaining application data continues to arrive, but is silently dropped by the Tor client. The result is that this ignored stream data currently can't be distinguished from injected dummy traffic with completely random stream IDs, and this fact can be used to mount side channel attacks.
A similar situation exists for spurious RELAY_ENDs.Tor: 0.3.4.x-final