Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
Fixes bug 24969; bugfix on 0.2.5.1-alpha when the sandbox was introduced.
|
|
Patch from CTassisF.
|
|
|
|
|
|
|
|
We recently merged a circuit cell queue size safeguard. This commit adds the
number of killed circuits that have reached the limit to the DoS heartbeat. It
now looks like this:
[notice] DoS mitigation since startup: 0 circuits killed with too many
cells. 0 circuits rejected, 0 marked addresses. 0 connections closed. 0
single hop clients refused.
Second thing that this patch does. It makes tor always print the DoS
mitigation heartbeat line (for a relay) even though no DoS mitigation have
been enabled. The reason is because we now kill circuits that have too many
cells regardless on if it is enabled or not but also it will give the operator
a chance to learn what is enabled with the heartbeat instead of suddenly
appearing when it is enabled by let say the consensus.
Fixes #25824
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Closes ticket 25818.
|
|
|
|
|
|
|
|
|
|
|
|
This commit introduces the consensus parameter "circ_max_cell_queue_size"
which controls the maximum number of cells a circuit queue should have.
The default value is currently 50000 cells which is above what should be
expected but keeps us a margin of error for padding cells.
Related to this is #9072. Back in 0.2.4.14-alpha, we've removed that limit due
to a Guard discovery attack. Ticket #25226 details why we are putting back the
limit due to the memory pressure issue on relays.
Fixes #25226
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Add to the Denial of Service section of the man page an explanation about the
three different mitigation Tor has.
Fixes #25248.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
In d1874b433953f64, we adjusted this check so that we insist on
using routerinfos for bridges. That's almost correct... but if we
have a bridge that is also a regular relay, then we should use
insist on its routerinfo when connecting to it as a bridge
(directly), and be willing to use its microdescriptor when
connecting to it elsewhere in our circuits.
This bug is a likely cause of some (all?) of the (exit_ei == NULL)
failures we've been seeing.
Fixes bug 25691; bugfix on 0.3.3.4-alpha
|
|
When size_t is 32 bits, the unit tests can't fit anything more than
4GB-1 into a size_t.
Additionally, tt_int_op() uses "long" -- we need tt_u64_op() to
safely test uint64_t values for equality.
Bug caused by tests for #24782 fix; not in any released Tor.
|
|
When size_t is 32 bits, doing "size_t ram; if (ram > 8GB) { ... }"
produces a compile-time warning.
Bug caused by #24782 fix; not in any released Tor.
|
|
This patch changes the algorithm of compute_real_max_mem_in_queues() to
use 0.4 * RAM iff the system has more than or equal to 8 GB of RAM, but
will continue to use the old value of 0.75 * RAM if the system have less
than * GB of RAM available.
This patch also adds tests for compute_real_max_mem_in_queues().
See: https://bugs.torproject.org/24782
|
|
This patch makes compute_real_max_mem_in_queues use the STATIC macro,
which allows us to test the function.
See: https://bugs.torproject.org/24782
|
|
This patch makes get_total_system_memory mockable, which allows us to
alter the return value of the function in tests.
See: https://bugs.torproject.org/24782
|
|
|
|
The old single-underscore names remain as a deprecated synonym.
Fixes bug 25581; bugfix on 0.3.3.1-alpha.
|
|
We removed this by breaking them out from general in #13837.
|
|
|
|
|
|
|
|
|
|
This patch lifts the list of default directory authorities from config.c
into their own auth_dirs.inc file, which is then included in config.c
using the C preprocessor.
Patch by beastr0.
See: https://bugs.torproject.org/24854
|
|
Fixes bug 25732; bugfix on 0.3.3.2-alpha when strings.rs was
introduced.
|
|
|
|
|
|
Closes ticket 25296; bugfix on 0.2.2.7-alpha when these manpage
entries were introduced.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|