aboutsummaryrefslogtreecommitdiff
path: root/src/core/or
AgeCommit message (Collapse)Author
12 daysfix a few comment typosRoger Dingledine
2024-04-30Merge branch 'maint-0.4.8'David Goulet
2024-04-30Fix typo in tor-relays list addresshiro
2024-04-29Merge branch 'maint-0.4.8'David Goulet
2024-04-16circuit: Remove log_warn triggered by a proto violationDavid Goulet
Fixes #40932 Signed-off-by: David Goulet <dgoulet@torproject.org>
2024-04-15Merge branch 'maint-0.4.8'David Goulet
2024-04-15Merge branch 'tor-gitlab/mr/808' into maint-0.4.8David Goulet
2024-04-15conflux: Don't process a closed circuit on get packaged windowDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2024-04-15conflux: Avoid noting a cell was sent on a closed circuitDavid Goulet
It turns out that circuit_package_relay_cell() returns 0 in order to drop a cell but there is a code path, if the circuit queue is full, that also silently closes the circuit and returns 0. This lead to Conflux thinking a cell was sent but actually the cell was not and the circuit was closed leading to the hard assert. And so this function makes sure that circuit_package_relay_cell() and append_cell_to_circuit_queue() returns a value that indicate what happened with the cell and circuit so the caller can make an informed decision with it. This change makes it that we do NOT enter the Conflux subsystem if the cell is not queued on the circuit. Fixes #40921 Signed-off-by: David Goulet <dgoulet@torproject.org>
2024-02-08Merge branch 'bug40911' into 'main'David Goulet
Make two 1-bit fields unsigned Closes #40911 See merge request tpo/core/tor!796
2024-02-01Make two 1-bit fields unsignedSebastian Hahn
This should be a completely harmless warning as we only check whether the fields are true or false. Closes #40911.
2024-01-30metrics: Add new relay metrics to MetricsPortDavid Goulet
This commit adds the total number of DROP cell seen, the total number of DESTROY cell received and the total number of protocol violation that lead to a circuit close. Closes #40816 Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-12-08Merge branch 'maint-0.4.8'David Goulet
2023-12-08Merge remote-tracking branch 'mikeperry-private/bug40897' into maint-0.4.8David Goulet
2023-12-07Merge branch 'maint-0.4.8'Alexander Færøy
2023-12-07Merge remote-tracking branch 'origin/merge-requests/776' into maint-0.4.8Alexander Færøy
2023-12-07Bug 40897 Bug Bounty: Double the number of max conflux circsMike Perry
We strongly suspect that bug 40897 was caused by a custom Tor client that tried to use more than the default number of conflux circuits, for either performance or traffic analysis defense gains, or both. This entity hit a safety check on the exit side, which caused a UAF. Our "belt and suspenders" snapped off, and hit us in the face... again... Since there are good reasons to try more than 2 conflux legs, and research has found some traffic analysis benefits with as many as 5, we're going to raise and parameterize this limit as a form of bug bounty for finding this UAF, so that this entity can try out a little more confluxing. This should also make it easier for researchers to try things like gathering traces with larger amounts of confluxing than normal, to measure real-world traffic analysis impacts of conflux. Shine on, you yoloing anonymous diamond. Let us know if you find out anything interesting!
2023-12-07Bug 40897: Add more checks to free pathsMike Perry
Similar double-frees would be caught earlier by these, so long as the pointers remain nulled out.
2023-12-07Bug 40897: Move safety check to proper location and give it error handling.Mike Perry
2023-10-30Merge branch 'maint-0.4.8'David Goulet
2023-10-30Bug 40878: Count a valid conflux linked cell as valid dataMike Perry
For vanguards addon.
2023-10-29fix memory leak in dos stream for resolve requeststrinity-1686a
2023-10-29correctly parse consensus params for dos stream mitigationtrinity-1686a
2023-10-18remove todostrinity-1686a
2023-10-18fix typostrinity-1686a
2023-10-18add metrics for rejected BEGIN/RESOLVEtrinity-1686a
2023-10-18add rate limit on BEGIN and RESOLVE cell per circuittrinity-1686a
2023-10-18add configuration and network parameters for stream dos mitigationtrinity-1686a
2023-10-18Merge branch 'ticket40870_048_02' into 'main'David Goulet
conflux: Flag set as in full teardown in the free path Closes #40870 See merge request tpo/core/tor!777
2023-10-16conflux: Flag set as in full teardown in the free pathDavid Goulet
We suspect a shutdown race of some sort for which the full teardown is not noticed during the close but should be during the free. For that, we flag the conflux set as in full teardown (if so) in the free path in case the close path didn't caught it. Fixes #40870 Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-10-12fix bridge transport statisticstrinity-1686a
2023-09-21Merge branch 'maint-0.4.8'David Goulet
2023-09-20Bug 40862: Check if circuits are unused more waysMike Perry
2023-09-12Correct a comment on channel_should_write_to_kernel.Nick Mathewson
This issue was originally called out by pseudonymisaTor on !707; the comment in this commit takes a different approach to explaining what is going on.
2023-09-05fix two simple typos in commentsRoger Dingledine
2023-08-28Merge branch 'maint-0.4.8'David Goulet
2023-08-25Bug #40842: Additional diagnosticsMike Perry
Just in case there are other instances hiding in the maze.
2023-08-25Bug #40842: Don't send on sets that are being torn downMike Perry
2023-08-25Merge branch 'maint-0.4.8'David Goulet
2023-08-25Merge branch 'reapply-exit-policy-on-reload' into 'main'David Goulet
reapply exit policy on reload Closes #40676 See merge request tpo/core/tor!735
2023-08-25Bug #40841: Demote extra legs to protocol warn.Mike Perry
Also add more info to leg dump.
2023-08-23doxygen: Typo fix in relay.c commentDavid Goulet
HTML in comment, what a bad idea... Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-08-23typo: Fix a doxygen html unclosed tagDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-08-22Merge remote-tracking branch 'mbeth-private/ticket40821_mr'David Goulet
2023-08-15Bug 40834: Remove assert and add logs to track no-leg caseMike Perry
2023-08-15Revert "Nullify on_circuit if last conflux leg"Mike Perry
This reverts commit 5487476fd919703b55cb1f1544d575224c9b685e.
2023-08-11Extend DoS protection to IP addresses with known relaysMicah Elizabeth Scott
This exemption used to be helpful in keeping exit relays from tripping the DoS detection subsystem and losing Tor connectivity. Now exit relays block re-entry into the network (tor issue #2667) so it's no longer needed. We'd like to re-enable protection on these addresses to avoid giving attackers a way around our DoS mitigations.
2023-08-09Extend DoS protection to partially-open channelsMicah Elizabeth Scott
tor only marks a channel as 'open' once the TLS and OR handshakes have both completed, and normal "client" (ORPort) DoS protection is not enabled until the channel becomes open. This patch adds an additional earlier initialization path for DoS protection on incoming TLS connections. This leaves the existing dos_new_client_conn() call sites intact, but adds a guard against multiple-initialization using the existing tracked_for_dos_mitigation flag. Other types of channels shouldn't be affected by this patch.
2023-08-05handle invalid exitpolicy when reapplying ittrinity-1686a
2023-08-02relay: Remove logging for a bug. It triggers a BUG() laterDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion