| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Based on text from s7r
|
|
|
|
|
|
|
|
Update the definition of the private exit policy in the man page
and torrcs. It didn't get merged correctly into the man page, and
it was incomplete in the torrcs. (Unfortunately, we only reject the
primary configured IPv4 and IPv6 addresses, not all configured IPv4
and IPv6 addresses.)
Also fixup msn page formatting errors from changes in tickets 16069
and 17027, mainly unescaped *s.
|
|
|
|
Advise users how to configure separate IPv4 and IPv6 exit
policies in the manpage and sample torrcs.
Related to fixes in ticket #16069 and #17027. Patch by "teor".
Patch on 2eb7eafc9d78 and a96c0affcb4c (25 Oct 2012),
released in 0.2.4.7-alpha.
|
|
src/test/test_policy.c:
Merged calls to policies_parse_exit_policy by adding additional arguments.
fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED.
Compacting logic test now produces previous list length of 4, corrected this.
src/config/torrc.sample.in:
src/config/torrc.minimal.in-staging:
Merged torrc modification dates in favour of latest.
|
|
ExitPolicyRejectPrivate now rejects more local addresses by default:
* the relay's published IPv6 address (if any), and
* any publicly routable IPv4 or IPv6 addresses on any local interfaces.
This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.
Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha.
|
|
In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.
To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.
Resolves bug #16069.
Patch on 2eb7eafc9d78 and a96c0affcb4c (25 Oct 2012),
released in 0.2.4.7-alpha.
|
|
|
|
This controls the circuit dirtyness reset behavior added for Tor
Browser's user experience fix (#15482). Unlike previous iterations
of this patch, the tunable actually works, and is documented.
|
|
When this is set, and Tor is running as a relay, it will not
generate or load its secret identity key. You can manage the secret
identity key with --keygen. Implements ticket 16944.
|
|
|
|
HiddenServiceStatistics option is now set to "1" by default.
Fixes #15254
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
|
|
|
|
|
|
"option to prevent guard,exit,hsdir flag assignment"
"A node will never receive the corresponding flag unless
that node is specified in the
TestingDirAuthVote{Exit,Guard,HSDir} list, regardless of
its uptime, bandwidth, exit policy, or DirPort".
Patch modified by "teor": VoteOnHidServDirectoriesV2
is now obsolete, so TestingDirAuthVoteHSDir always
votes on HSDirs.
Closes ticket 14882. Patch by "robgjansen".
Commit message and changes file by "teor"
with quotes from "robgjansen".
|
|
Fix an error in the manual page and comments for
TestingDirAuthVoteHSDir, which suggested that a
HSDir required "ORPort connectivity". While this is true,
it is in no way unique to the HSDir flag. Of all the flags,
only HSDirs need a DirPort configured in order for the
authorities to assign that particular flag.
Fixed as part of 14882. Patch by "teor".
Bugfix on 0.2.6.3 (f9d57473e1ff on 10 January 2015).
|
|
|
|
|
|
I think this section slipped downwards when flags where added.
|
|
|
|
This should make it more clear what I meant, if you know how to read ABNF.
(Thanks to rl1987 for correcting numerous issues here)
|
|
Closes ticket 2325
|
|
|
|
This is a way to specify the amount of introduction points an hidden service
can have. Maximum value is 10 and the default is 3.
Fixes #4862
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
|
|
|
Document use of coverity, clang static analyzer, and clang dynamic
undefined behavior and address sanitizers in doc/HACKING.
Add clang dynamic sanitizer blacklist in
contrib/clang/sanitizer_blacklist.txt to exempt known undefined
behavior. Include detailed usage instructions in this blacklist file.
Patch by "teor".
|
|
Fixed numerous conflicts, and ported code to use new base64 api.
|
|
|
|
|
|
When set, this limits the maximum number of simultaneous streams per
rendezvous circuit on the server side of a HS, with further RELAY_BEGIN
cells being silently ignored.
This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which
if set will cause offending rendezvous circuits to be torn down instead.
Addresses part of #16052.
|
|
|
|
|
|
Also, add some sample tests to be examples.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fixes the following rules in out-of-tree builds;
- check-spaces
- check-docs
- check-logs
- Doxygen
- coverage-html
And cleans up additional directories;
- coverage_html
- doc/doxygen
|
|
Closes ticket 15220
|
