aboutsummaryrefslogtreecommitdiff
path: root/src/feature
AgeCommit message (Collapse)Author
2019-09-05Check IPv6 exit policies on microdescriptors in node_exit_policy_rejects_all()Neel Chauhan
2019-08-20Merge branch 'ticket30914' into ticket30914_mergedNick Mathewson
2019-08-19Merge remote-tracking branch 'tor-github/pr/1225'Nick Mathewson
2019-08-19Merge branch 'tor-github/pr/1122'George Kadianakis
2019-08-15fix typo in keypin journal log entry (for dir auths)Roger Dingledine
2019-08-08hs: Initialize the INTRO2 bucket for legacy intro pointDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-08Merge branch 'maint-0.4.1'Nick Mathewson
2019-08-08Merge branch 'ticket31343_040' into maint-0.4.1Nick Mathewson
2019-08-08Merge branch 'ticket31343_035' into ticket31343_040Nick Mathewson
2019-08-08Merge branch 'ticket31343_029' into ticket31343_035Nick Mathewson
2019-08-06hs-v3: Rename HS DoS default definesDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06dos: Update HS intro circuits if parameters changeDavid Goulet
In case the consensus parameters for the rate/burst changes, we need to update all already established introduction circuits to the newest value. This commit introduces a "get all intro circ" function from the HS circuitmap (v2 and v3) so it can be used by the HS DoS module to go over all circuits and adjust the INTRODUCE2 token bucket parameters. Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06hs-v3: Add enable/disable HS DoS introduce parameterDavid Goulet
Following prop305 values. Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06hs-v3: Add consensus parameters for DoS defensesDavid Goulet
Part of #15516 Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-08-06hs: Limit the amount of relayed INTRODUCE2David Goulet
This commit add the hs_dos.{c|h} file that has the purpose of having the anti-DoS code for onion services. At this commit, it only has one which is a function that decides if an INTRODUCE2 can be sent on the given introduction service circuit (S<->IP) using a simple token bucket. The rate per second is 25 and allowed burst to 200. Basic defenses on #15516. Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-07-25Merge branch 'maint-0.4.1'David Goulet
2019-07-25Merge branch 'tor-github/pr/1171' into maint-0.4.1David Goulet
2019-07-24Merge branch 'maint-0.4.1'George Kadianakis
2019-07-24Merge branch 'tor-github/pr/1181' into maint-0.4.1George Kadianakis
2019-07-23Merge branch 'ticket24963_042_02'Nick Mathewson
2019-07-23Allow NULL circ->p_chan in circuit_is_suitable_for_introduce1()Nick Mathewson
This shouldn't be possible while Tor is running, but the tests can hit this code. Rather than force the tests to add a dummy channel object, let's just tolerate their incompletely built circuits.
2019-07-19Set 'routerlist' global to NULL before freeing it.Nick Mathewson
There is other code that uses this value, and some of it is apparently reachable from inside router_dir_info_changed(), which routerlist_free() apparently calls. (ouch!) This is a minimal fix to try to resolve the issue without causing other problems. Fixes bug 31003. I'm calling this a bugfix on 0.1.2.2-alpha, where the call to router_dir_info_changed() was added to routerlist_free().
2019-07-08Adjust log callback type to use log_domain_mask_tNick Mathewson
2019-07-03hs-v3: Disallow single hop client to post/get a descriptorDavid Goulet
Closes #24964 Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-07-02Merge remote-tracking branch 'tor-github/pr/1136'Nick Mathewson
2019-07-02Merge remote-tracking branch 'tor-github/pr/1120'Nick Mathewson
2019-06-26Merge remote-tracking branch 'tor-github/pr/1119'Nick Mathewson
2019-06-26Merge remote-tracking branch 'tor-github/pr/1118' into maint-0.4.1Nick Mathewson
2019-06-25Use struct_magic_decl to verify magic numbers in config objectsNick Mathewson
2019-06-25Port confparse to use struct_var in place of typed_var.Nick Mathewson
This requires changes to config_var_t, causing corresponding changes throughout its users.
2019-06-25Fix some onion helpersTaylor Yu
Fix add_onion_helper_clientauth() and add_onion_helper_keyarg() to explicitly call the appropriate control reply abstractions instead of allocating a string to pass to their callers. Part of ticket 30889.
2019-06-25Make control_write_reply() mockableTaylor Yu
Part of ticket 30889.
2019-06-25Clean up some uses of low-level control repliesTaylor Yu
Part of ticket 30889.
2019-06-25stats: add comments about the required chunk structure in extra info filesteor
These comments should prevent future instances of 30958. And allow a larger file in practracker. Follow up after 30958.
2019-06-25Merge branch 'bug30958_041' into bug30958_masterteor
2019-06-24Partially port routerset to being a full-fledged config type again.Nick Mathewson
2019-06-24Merge branch 'bug30958_040' into bug30958_041teor
2019-06-24Merge branch 'bug30958_035' into bug30958_040teor
2019-06-24Merge branch 'bug30958_029' into bug30958_035teor
2019-06-24stats: Split extrainfo_dump_to_string() into smaller functions.teor
Closes ticket 30956.
2019-06-24Merge branch 'bug30956_041' into bug30956_masterteor
2019-06-24stats: Always publish pluggable transports in extra info documentsteor
Always publish bridge pluggable transport information in the extra info descriptor, even if ExtraInfoStatistics is 0. This information is needed by BridgeDB. Fixes bug 30956; bugfix on 0.4.1.1-alpha.
2019-06-19hs: Disallow single hop client circuit when introducingDavid Goulet
This will effectively also deny any bridge to be used as a single hop to the introduction point since bridge do not authenticate like clients. Fixes #24963 Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19hs-v3: Close intro circuits when cleaning client cacheDavid Goulet
Fixes #30921 Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19guard: Ignore marked for close circuit when changing state to openDavid Goulet
When we consider all circuits in "waiting for guard" state to be promoted to an "open" state, we were considering all circuits, even the one marked for close. This ultiamtely triggers a "circuit_has_opened()" called on the circuit that is marked for close which then leads to possible undesirable behaviors within a subsystem. For instance, the HS subsystem would be unable to find the authentication key of the introduction point circuit leading to a BUG() warning and a duplicate mark for close on the circuit. This commit also adds a unit test to make sure we never select marked for close circuits when upgrading its guard state from waiting for guard to open. Fixes #30871 Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-19guard: Ignore marked for close circuit when changing state to openDavid Goulet
When we consider all circuits in "waiting for guard" state to be promoted to an "open" state, we were considering all circuits, even the one marked for close. This ultiamtely triggers a "circuit_has_opened()" called on the circuit that is marked for close which then leads to possible undesirable behaviors within a subsystem. For instance, the HS subsystem would be unable to find the authentication key of the introduction point circuit leading to a BUG() warning and a duplicate mark for close on the circuit. This commit also adds a unit test to make sure we never select marked for close circuits when upgrading its guard state from waiting for guard to open. Fixes #30871 Signed-off-by: David Goulet <dgoulet@torproject.org>
2019-06-15Renaming: CONFIG_TYPE_UINT -> CONFIG_TYPE_POSINTNick Mathewson
This name has been a historical source of confusion, since "uint" usually suggests "unsigned int" to people, when the real type is "nonnegative int".
2019-06-11Merge branch 'tor-github/pr/1040'David Goulet
2019-06-11Rework origin circuit tracking to use pubsubTaylor Yu
Part of ticket 29976.
2019-06-11Rework orconn tracking to use pubsubTaylor Yu
Part of ticket 29976.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion