summaryrefslogtreecommitdiff
path: root/src/or/circuitbuild.c
AgeCommit message (Collapse)Author
2015-12-15Replace usage of INLINE with inlinecypherpunks
This patch was generated using; sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
2015-11-25Refuse to make direct connections to private OR addressesteor (Tim Wilson-Brown)
Refuse connection requests to private OR addresses unless ExtendAllowPrivateAddresses is set. Previously, tor would connect, then refuse to send any cells to a private address. Fixes bugs 17674 and 8976; bugfix on b7c172c9ec76 (28 Aug 2012) Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint release. Patch by "teor".
2015-04-22Reachability should check ExtendAllowPrivateAddresses not TestingTorNetworkteor
When self-testing reachability, use ExtendAllowPrivateAddresses to determine if local/private addresses imply reachability. The previous fix used TestingTorNetwork, which implies ExtendAllowPrivateAddresses, but this excluded rare configs where ExtendAllowPrivateAddresses is set but TestingTorNetwork is not. Fixes bug 15771; bugfix on 0.2.6.1-alpha, bug #13924. Patch by "teor", issue discovered by CJ Ess.
2015-04-16Merge remote-tracking branch 'arma/ticket8766'Nick Mathewson
2015-02-23Avoid logging natural-language reports that are redundant with bootstrappingNick Mathewson
2015-02-11Merge branch 'bug12844'Nick Mathewson
Conflicts: src/or/circuituse.c src/test/include.am src/test/test_entrynodes.c
2015-02-11Additional paranoia: do not even build tor2web stuff if not using.Nick Mathewson
(That is, don't build it unless we're building for tor2web, or we are building for tests.)
2015-02-09Recover better when our clock jumps back many hoursRoger Dingledine
like might happen for Tails or Whonix users who start with a very wrong hardware clock, use Tor to discover a more accurate time, and then fix their clock. Resolves part of ticket 8766. (There are still some timers in various places that aren't addressed yet.)
2015-02-02Merge remote-tracking branch 'public/bug9635_warnings_025'Nick Mathewson
Conflicts: src/test/test.c
2015-02-02tweak based on comments from dgouletNick Mathewson
2015-01-21fix a commentNick Mathewson
2015-01-07When closing circs build through a new guard, only close local onesNick Mathewson
If we decide not to use a new guard because we want to retry older guards, only close the locally-originating circuits passing through that guard. Previously we would close all the circuits. Fixes bug 9819; bugfix on 0.2.1.1-alpha. Reported by "skruffy".
2015-01-07appease "make check-spaces"Nick Mathewson
2015-01-02Bump copyright dates to 2015, in case someday this matters.Nick Mathewson
2014-12-30Fix Reachability self-tests in test networksteor
Stop assuming that private addresses are local when checking reachability in a TestingTorNetwork. Instead, when testing, assume all OR connections are remote. (This is necessary due to many test scenarios running all nodes on localhost.) This assists in bootstrapping a testing Tor network. Fixes bugs 13718 & 13924.
2014-12-30Avoid excluding guards from path building in minimal test networksteor
choose_good_entry_server() now excludes current entry guards and their families, unless we're in a test network, and excluding guards would exclude all nodes. This typically occurs in incredibly small tor networks, and those using TestingAuthVoteGuard * This is an incomplete fix, but is no worse than the previous behaviour, and only applies to minimal, testing tor networks (so it's no less secure). Discovered as part of #13718.
2014-12-26Fix log messages in channeltls.cteor
Add hop number in debug "Contemplating intermediate hop..." Fix capitalisation on warn "Failed to choose an exit server"
2014-12-21Merge branch 'ticket7356_squashed'Nick Mathewson
2014-12-21Using CHANNEL_IS_OPEN macro in circuitbuild.crl1987
2014-11-27Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'Nick Mathewson
Conflicts: src/or/or.h src/test/Makefile.nmake
2014-11-20Make can_complete_circuits a static variable.Nick Mathewson
2014-11-02Apply new calloc coccinelle patchNick Mathewson
2014-10-28Add another year to our copyright dates.Nick Mathewson
Because in 95 years, we or our successors will surely care about enforcing the BSD license terms on this code. Right?
2014-10-27Remove configure option to disable curve25519Sebastian Hahn
By now, support in the network is widespread and it's time to require more modern crypto on all Tor instances, whether they're clients or servers. By doing this early in 0.2.6, we can be sure that at some point all clients will have reasonable support.
2014-10-16Downgrade 'invalid result from curve25519 handshake: 4' warningNick Mathewson
Also, refactor the way we handle failed handshakes so that this warning doesn't propagate itself to "onion_skin_client_handshake failed" and "circuit_finish_handshake failed" and "connection_edge_process_relay_cell (at origin) failed." Resolves warning from 9635.
2014-09-30Expose get_unique_circ_id_by_chan() to test suiteAndrea Shepard
2014-09-22Scrub from logs the name of the RP we picked.George Kadianakis
2014-09-15Implement Tor2webRendezvousPoints functionality.George Kadianakis
2014-08-13Merge remote-tracking branch 'origin/maint-0.2.5'Nick Mathewson
2014-08-13Merge remote-tracking branch 'public/bug12848_024' into maint-0.2.5Nick Mathewson
Conflicts: src/or/circuitbuild.c
2014-08-13Apply coccinelle script to replace malloc(a*b)->calloc(a,b)Nick Mathewson
2014-08-12Fix another case of 12848 in circuit_handle_first_hopNick Mathewson
I looked for other places where we set circ->n_chan early, and found one in circuit_handle_first_hop() right before it calls circuit_send_next_onion_skin(). If onion_skin_create() fails there, then n_chan will still be set when circuit_send_next_onion_skin() returns. We should probably fix that too.
2014-08-12Don't send DESTROY to circID 0 when circuit_deliver_create_cell failsNick Mathewson
Cypherpunks found this and wrote this patch. Fix for 12848; fix on (I think) d58d4c0d, which went into 0.0.8pre1
2014-07-25Implement proposal 221: Stop sending CREATE_FASTNick Mathewson
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and makes the behavior of "auto" be "look at the consensus."
2014-07-16diagnostic for 12184: Add a call to channel_dump_statisticsNick Mathewson
2014-06-14Try to diagnose bug 12184Nick Mathewson
Check for consistency between the queued destroy cells and the marked circuit IDs. Check for consistency in the count of queued destroy cells in several ways. Check to see whether any of the marked circuit IDs have somehow been marked longer than the channel has existed.
2014-05-07Basic tests for get_unique_circ_id_by_chan.Nick Mathewson
2014-04-25Merge branch 'scanbuild_fixes'Nick Mathewson
2014-04-24whitespace fixNick Mathewson
2014-04-23Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson
Conflicts: src/or/circuitbuild.c
2014-04-23Improvements to #11553 fix based on reviewNick Mathewson
Use a per-channel ratelim_t to control the rate at which we report failures for each channel. Explain why I picked N=32. Never return a zero circID. Thanks to Andrea and to cypherpunks.
2014-04-18scan-build: circuit_cpath_support_ntor had a dead initializationNick Mathewson
We were initializing cpath twice, which doesn't make sense.
2014-04-18Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson
2014-04-18Add a rate-limiter for the other circuitID exhaustion warningNick Mathewson
2014-04-18Diagnostic warning to see if it's pending destroys causing 11553Nick Mathewson
2014-04-18Merge remote-tracking branch 'public/bug11553_024' into bug11553_025Nick Mathewson
Conflicts: src/or/channel.h
2014-04-18Switch to random allocation on circuitIDs.Nick Mathewson
Fixes a possible root cause of 11553 by only making 64 attempts at most to pick a circuitID. Previously, we would test every possible circuit ID until we found one or ran out. This algorithm succeeds probabilistically. As the comment says: This potentially causes us to give up early if our circuit ID space is nearly full. If we have N circuit IDs in use, then we will reject a new circuit with probability (N / max_range) ^ MAX_CIRCID_ATTEMPTS. This means that in practice, a few percent of our circuit ID capacity will go unused. The alternative here, though, is to do a linear search over the whole circuit ID space every time we extend a circuit, which is not so great either. This makes new vs old clients distinguishable, so we should try to batch it with other patches that do that, like 11438.
2014-04-18Supply better and less frequent warnings on circID exhaustionNick Mathewson
Fixes the surface behavior of #11553
2014-03-05Merge remote-tracking branch 'arma/ticket5528'Nick Mathewson
Conflicts: src/or/router.c src/test/test_dir.c
2014-02-07Merge remote-tracking branch 'public/feature9777_024_squashed'Nick Mathewson
Conflicts: src/or/circuitbuild.c