Age | Commit message (Collapse) | Author |
|
Closes #40101.
|
|
This was once used for rate-limiting, but now it's only for
accounting. It hasn't served a useful purpose in a long time.
Closes ticket 33097.
|
|
Since we can list the real address and the canonical one in a
human-readable format we don't need to pick.
|
|
|
|
|
|
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
rep_hist_note_bytes_read bwhist_note_bytes_read \
rep_hist_note_bytes_written bwhist_note_bytes_written \
rep_hist_note_dir_bytes_read bwhist_note_dir_bytes_read \
rep_hist_note_dir_bytes_written bwhist_note_dir_bytes_written \
rep_hist_get_bandwidth_lines bwhist_get_bandwidth_lines \
rep_hist_update_state bwhist_update_state \
rep_hist_load_state bwhist_load_state \
rep_hist_bandwidth_assess bwhist_bandwidth_assess
|
|
These are logically independent from the rest of rephist, and make
more sense in isolation. The next patch will rename them too.
|
|
In order to disambiguate the subsystem and event_name identifiers in the
tor_trace() macro, add TR_SUBSYS() and TR_EV() which help to identify the
parameters of tor_trace() explicitly.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
Resume being willing to use preemptively-built circuits when
UseEntryGuards is set to 0. We accidentally disabled this feature with
that config setting (in our fix for #24469), leading to slower load times.
Fixes bug 34303; bugfix on 0.3.3.2-alpha.
|
|
But don't implement the actual node selection yet.
Part of 33226.
|
|
Amazingly, this time we had no merge conflicts with "falls through" comments.
|
|
GCC added an implicit-fallthrough warning a while back, where it
would complain if you had a nontrivial "case:" block that didn't end
with break, return, or something like that. Clang recently added
the same thing.
GCC, however, would let you annotate a fall-through as intended by
any of various magic "/* fall through */" comments. Clang, however,
only seems to like "__attribute__((fallthrough))". Fortunately, GCC
accepts that too.
A previous commit in this branch defined a FALLTHROUGH macro to do
the right thing if GNUC is defined; here we replace all of our "fall
through" comments with uses of that macro.
This is an automated commit, made with the following perl one-liner:
#!/usr/bin/perl -i -p
s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
(In order to avoid conflicts, I'm applying this script separately to
each maint branch. This is the 0.4.3 version.)
|
|
GCC added an implicit-fallthrough warning a while back, where it
would complain if you had a nontrivial "case:" block that didn't end
with break, return, or something like that. Clang recently added
the same thing.
GCC, however, would let you annotate a fall-through as intended by
any of various magic "/* fall through */" comments. Clang, however,
only seems to like "__attribute__((fallthrough))". Fortunately, GCC
accepts that too.
A previous commit in this branch defined a FALLTHROUGH macro to do
the right thing if GNUC is defined; here we replace all of our "fall
through" comments with uses of that macro.
This is an automated commit, made with the following perl one-liner:
#!/usr/bin/perl -i -p
s#/\* *falls? ?thr.*?\*/#FALLTHROUGH;#i;
|
|
|
|
|
|
Some ".c" files define *_PRIVATE macros, but those macros are
not used in any header file. Delete them.
These changes were created using the "make autostyle" from
32522, and then split into commits.
|
|
By centralizing the circuit cleanup type that is: on close, free and
repurpose, some actions on the circuit can not happen for a certain cleanup
type or for all types.
This passes a cleanup type so the HS subsystem (v2 and v3) can take actions
based on the type of cleanup.
For instance, there is slow code that we do not run on a circuit close but
rather only on free.
Part of #32020
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Refactor to decomplexify circuit_about_to_free() and finally have one single
entry point into the HS subsystems (v2 and v3) for when a circuit is freed.
With this, hs_circ_cleanup() becomes the one and only entry point when a
circuit is freed which then routes to the right subsystem version for any
actions to be taken.
This moves a big chunk of code from circuituse.c to rendclient.c. No behavior
change. Next commit will refactor it to reduce our technical debt.
Part of #32020
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Closes #32343
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
Part of ticket 29976.
|
|
Proposal 289 prevents SENDME-flooding by requiring the other side to
authenticate the data it has received. But this data won't actually
be random if they are downloading a known resource. "No problem",
we said, "let's fell the empty parts of our cells with some
randomness!" and we did that in #26871.
Unfortunately, if the relay data payloads are all completely full,
there won't be any empty parts for us to randomize.
Therefore, we now pick random "randomness windows" between
CIRCWINDOW_INCREMENT/2 and CIRCWINDOW_INCREMENT. We remember whether we have
sent a cell containing at least 16 bytes of randomness in that window. If we
haven't, then when the window is exhausted, we send one. (This window approach
is designed to lower the number of rng checks we have to do. The number 16 is
pulled out of a hat to change the attacker's guessing difficulty to
"impossible".)
Implements 28646.
|
|
When a circuit is marked for close, check to see if any of our padding
machines want to take ownership of it and continue padding until the machine
hits the END state.
For safety, we also ensure that machines that do not terminate are still
closed as follows: Because padding machine timers are UINT32_MAX in size, if
some sort of network event doesn't happen on a padding-only circuit within
that time, we can conclude it is deadlocked and allow
circuit_expire_old_circuits_clientside() to close it.
If too much network activity happens, then per-machine padding limits can be
used to cease padding, which will cause network cell events to cease, on the
circuit, which will cause circpad to abandon the circuit as per the above time
limit.
|
|
|
|
Some of these functions are now public and cpath-specific so their name should
signify the fact they are part of the cpath module:
assert_cpath_layer_ok -> cpath_assert_layer_ok
assert_cpath_ok -> cpath_assert_ok
onion_append_hop -> cpath_append_hop
circuit_init_cpath_crypto -> cpath_init_circuit_crypto
circuit_free_cpath_node -> cpath_free
onion_append_to_cpath -> cpath_extend_linked_list
|
|
Again everything is moved, apart from a free line using ->private.
|
|
This commit only moves code, and makes one function public.
|
|
This makes tor remember the last seen digest of a cell if that cell is the
last one before a SENDME on the Exit side.
Closes #26839
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Also, split the formatting code shared by control.c and
control_events.c into controller_fmt.c.
|
|
They are simply not used apart from assigning a pointer and asserting on the
pointer depending on the cell direction.
Closes #29196.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
Co-authored-by: George Kadianakis <desnacked@riseup.net>
|
|
Add a publish-subscribe subsystem to publish messages about changes to
origin circuits.
Functions in circuitbuild.c and circuitlist.c publish messages to this
subsystem.
Move circuit event constants out of control.h so that subscribers
don't have to include all of control.h to take actions based on
messages they receive.
Part of ticket 27167.
|
|
|
|
When storing a descriptor in the client cache, if we are about to replace an
existing descriptor, make sure to close every introduction circuits of the old
descriptor so we don't have leftovers lying around.
Ticket 27471 describes a situation where tor is sending an INTRODUCE1 cell on
an introduction circuit for which it doesn't have a matching intro point
object (taken from the descriptor).
The main theory is that, after a new descriptor showed up, the introduction
points changed which led to selecting an introduction circuit not used by the
service anymore thus for which we are unable to find the corresponding
introduction point within the descriptor we just fetched.
Closes #27471.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
It differs from the rest of the rephist code in that it's actually
necessary for Tor to operate, so it should probably go somewhere
else. I'm not sure where yet, so I'll leave it in the same
directory, but give it its own file.
|
|
Parts of this C file naturally belong in dircache, dirclient, and
dircommon: so, move them there.
|
|
The main.c code is responsible for initialization and shutdown;
the mainloop.c code is responsible for running the main loop of Tor.
Splitting the "generic event loop" part of mainloop.c from the
event-loop-specific part is not done as part of this patch.
|
|
The parts for handling cell formats should be in src/core/or.
The parts for handling onionskin queues should be in src/core/or.
Only the crypto wrapper belongs in src/core/crypto.
|
|
|
|
|
|
|
|
|
|
|