| Age | Commit message (Collapse) | Author |
|---|
|
This was previously added to facilitate testing intro point rotation
with chutney. However, the implementation is problematic since it forces
excessive rotation whenever TestingTorNetwork is enabled, and can't be
adjusted or disabled.
Alternatives for testing intro point rotation include:
* Using shadow to "fast forward" time
* Overriding the consensus parameters hs_intro_min_lifetime and
hs_intro_max_lifetime.
Fixes #40922
|
|
This check was originally added in 962765a3, with the intent of
preventing relays with 0 measured bandwidth from being listed in the
consensus (part of fixing #13000).
Currently, that decision and other relevant places effectively use
`dirserv_get_credible_bandwidth_kb`, which prefers bwauth-measured
bandwidth over the self-reported `bandwidthcapacity`, making this check
mostly redundant.
i.e. this change should only affect behavior when the relay has uploaded
a descriptor with `bandwidthcapacity=0` *and* we have a non-zero
measured bandwidth, in which case we'll still trust the measured
bandwidth. This is what we want when bootstrapping a network (e.g. for
testing), since it allows us to initialize bandwidths using a bandwidth
authority file.
A relay can still cause `router_is_active` to return false by setting
the hibernate flag.
Also see discussion in #40917.
Fixes #40917.
|
|
|
|
The only way to figure out that posting a vote or signatures to another
dirauth failed is by counting how many success messages there are on
notice level, and noticing that it is fewer than the number of
configured dirauths.
Closes #40910.
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Closes #40891
|
|
This commit adds the total number of DROP cell seen, the total number of
DESTROY cell received and the total number of protocol violation that lead to a
circuit close.
Closes #40816
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
Fix bridge exit warn
Closes #40884
See merge request tpo/core/tor!783
|
|
don't warn for empty RecommendedServerVersion
Closes #40888
See merge request tpo/core/tor!787
|
|
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Closes #40891
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
The hs_metrics_failed_rdv() macro could pass a NULL value for the identity key
when a building circuit would end up in a failure path *before* the "hs_ident"
was able to be set which leading to this assert.
This was introduced in 0.4.8.1-alpha with the addition of rendezvous circuit
failure metrics for the MetricsPort.
This fixes TROVE-2023-006 for which its severity is considered high.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
Fixes #40874
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
add configuration option to reject descriptor based on tor version
Closes #40817
See merge request tpo/core/tor!773
|
|
This has been misspelled when using consensus method 31 or later
since 0.4.6.1-alpha. Fixes bug 40869.
This commit is a backport of b9b0abd6c26d9b361923 to 0.4.8.
|
|
and fix memory leak on reload error path
|
|
|
|
This has been misspelled when using consensus method 31 or later
since 0.4.6.1-alpha. Fixes bug 40869.
|
|
|
|
This also lets us discard extract_param_buggy, which we've been
wanting to do.
|
|
|
|
|
|
Per proposal 290, all earlier consensus methods are obsolete, since 32 is the
highest method supported by 0.4.7.7.
|
|
Handle ntor and ntor_v3 individually in rephist and for MetricsPort.
Closes #40638
See merge request tpo/core/tor!767
|
|
This patch should not mess with the DoS protection here.
Fixes tpo/core/tor#40638.
|
|
|
|
|
|
|
|
|
|
Bug found and fixed by @hyunsoo.kim676.
|
|
This patch removes a call to `tor_assert_nonfatal_unreached()` in
`relay_key_is_unavailable_()` that is only called when Tor is compiled
without relay support.
Unfortunately, the non-fatal assertion causes a BUG log
message to appear for clients when they start up without relay support
for each CPU worker we spawn. This makes it spotting issues during
bootstrap harder particularly for our iOS developers.
Since the call sites to `get_master_identity_key()` handles `NULL`
values already, we do not think this will be an issue later on.
Reported by Benjamin Erhart (@tla) from Guardian Project.
Fixes tpo/core/tor#40848.
|
|
|
|
When we implemented prop275 in 0.4.8.1-alpha, we changed the
behavior of networkstatus_getinfo_helper_single to omit meaningful
published_on times, replacing them with "2038-01-01". This is
necessary when we're formatting a routerstatus with no additional
info, since routerstatus objects no longer include a published_on.
But in networkstatus_getinfo_by_purpose, we do have a routerinfo
that does have a published_on. This patch uses that information
to report published_on times in our output when we're making a
"virtual" networkstatus for a big file of routerinfo_t objects.
This is mostly important for bridge authorities, since when
they dump a secret list of the bridges, they want to include
published_on times.
Closes #40855. Bugfix on 0.4.8.1-alpha.
|
|
Implement proposal 301-dont-vote-on-package-fingerprints.txt
See merge request tpo/core/tor!743
|
|
This commit adds a new consensus method which, when present, causes
authorities not to consider package fingerprints when computing a
consensus. It builds on earlier work which dropped support for putting
these lines into the votes.
|
