summaryrefslogtreecommitdiff
path: root/src/or/command.c
AgeCommit message (Collapse)Author
2018-06-15Extract {or,origin}_circuit_t into their own headersNick Mathewson
2018-05-03Merge remote-tracking branch 'isis/bug24660_r1'Nick Mathewson
2018-04-16Use u32 add helper for CIRC_BW accounting.Mike Perry
There are quite a few other places this could be used, but keeping it simple for now.
2018-04-16Bug 25400: Make CIRC_BW event properly total everything on a circ.Mike Perry
2018-04-06crypto: Refactor (P)RNG functionality into new crypto_rand module.Isis Lovecruft
* ADD new /src/common/crypto_rand.[ch] module. * ADD new /src/common/crypto_util.[ch] module (contains the memwipe() function, since all crypto_* modules need this). * FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-02use channel_is_client for create cell countsRoger Dingledine
When a relay is collecting internal statistics about how many create cell requests it has seen of each type, accurately count the requests from relays that temporarily fall out of the consensus. (To be extra conservative, we were already ignoring requests from clients in our counts, and we continue ignoring them here.) Fixes bug 24910; bugfix on 0.2.4.17-rc.
2018-02-07more fixes for typos, grammar, whitespace, etcRoger Dingledine
some of these ought to have been noticed by the "misspell" tool, so if anybody is debugging it, here are some bug reports :)
2018-01-30Merge branch 'ticket24902_029_05' into ticket24902_033_02David Goulet
2018-01-30dos: Apply defense for circuit creation DoSDavid Goulet
If the client address was detected as malicious, apply a defense which is at this commit to return a DESTROY cell. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30dos: Detect circuit creation denial of serviceDavid Goulet
Add a function that notifies the DoS subsystem that a new CREATE cell has arrived. The statistics are updated accordingly and the IP address can also be marked as malicious if it is above threshold. At this commit, no defense is applied, just detection with a circuit creation token bucket system. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-17Merge branch 'maint-0.3.1' into maint-0.3.2Nick Mathewson
2018-01-15Remove false positives from channel_is_client()Roger Dingledine
Fix a set of false positives where relays would consider connections to other relays as being client-only connections (and thus e.g. deserving different link padding schemes) if those relays fell out of the consensus briefly. Now we look only at the initial handshake and whether the connection authenticated as a relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
2017-09-22Merge branch 'bug22805_v2_squashed'Nick Mathewson
2017-09-22Stop using CREATE_FAST as a signifier of clienthood.Nick Mathewson
Relays send it, and we may as well let them. Part of our fix for 22805.
2017-09-22Stop clearing the is_client flag on channel directlyNick Mathewson
2017-09-15Run our #else/#endif annotator on our source code.Nick Mathewson
2017-07-07Explicit length checks in circuit_init_cpath_crypto().George Kadianakis
2017-05-08Merge branch 'netflow_padding-v6-rebased2-squashed'Nick Mathewson
2017-05-08Fix issues from dgoulet's code review.Mike Perry
https://gitlab.com/dgoulet/tor/merge_requests/24
2017-05-08Netflow record collapsing defense.Mike Perry
This defense will cause Cisco, Juniper, Fortinet, and other routers operating in the default configuration to collapse netflow records that would normally be split due to the 15 second flow idle timeout. Collapsing these records should greatly reduce the utility of default netflow data for correlation attacks, since all client-side records should become 30 minute chunks of total bytes sent/received, rather than creating multiple separate records for every webpage load/ssh command interaction/XMPP chat/whatever else happens to be inactive for more than 15 seconds. The defense adds consensus parameters to govern the range of timeout values for sending padding packets, as well as for keeping connections open. The defense only sends padding when connections are otherwise inactive, and it does not pad connections used solely for directory traffic at all. By default it also doesn't pad inter-relay connections. Statistics on the total padding in the last 24 hours are exported to the extra-info descriptors.
2017-05-02Merge branch 'teor_connection-with-client-v2_squashed'Nick Mathewson
2017-05-02Accurately identify client connections by their lack of peer authenticationteor
This means that we bail out earlier if asked to extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix on 0.2.4.23.
2017-03-15Run the copyright update script.Nick Mathewson
2016-10-17Write a bunch of module documentation.Nick Mathewson
This commit adds or improves the module-level documenation for: buffers.c circuitstats.c command.c connection_edge.c control.c cpuworker.c crypto_curve25519.c crypto_curve25519.h crypto_ed25519.c crypto_format.c dircollate.c dirserv.c dns.c dns_structs.h fp_pair.c geoip.c hibernate.c keypin.c ntmain.c onion.c onion_fast.c onion_ntor.c onion_tap.c periodic.c protover.c protover.h reasons.c rephist.c replaycache.c routerlist.c routerparse.c routerset.c statefile.c status.c tor_main.c workqueue.c In particular, I've tried to explain (for each documented module) what each module does, what's in it, what the big idea is, why it belongs in Tor, and who calls it. In a few cases, I've added TODO notes about refactoring opportunities. I've also renamed an argument, and fixed a few DOCDOC comments.
2016-02-27Update the copyright year.Nick Mathewson
2015-08-17Remove redundant tor_free() in command_process_create_cell().Isis Lovecruft
* FIXES #16823: https://bugs.torproject.org/16823 If an OP were to send a CREATE_FAST cell to an OR, and that CREATE_FAST cell had unparseable key material, then tor_free() would be called on the create cell twice. This fix removes the second (conditional on the key material being bad) call to tor_free(), so that now the create cell is always freed once, regardless of the status of the key material. (This isn't actually a double-free bug, since tor_free() sets its input to NULL, and has no effect when called with input NULL.)
2015-02-02Merge remote-tracking branch 'public/bug9635_warnings_025'Nick Mathewson
Conflicts: src/test/test.c
2015-01-14Refactor cpuworker to use workqueue/threadpool code.Nick Mathewson
2015-01-02Bump copyright dates to 2015, in case someday this matters.Nick Mathewson
2014-12-19Add two hidden-service related statistics.George Kadianakis
The two statistics are: 1. number of RELAY cells observed on successfully established rendezvous circuits; and 2. number of .onion addresses observed as hidden-service directory. Both statistics are accumulated over 24 hours, obfuscated by rounding up to the next multiple of a given number and adding random noise, and written to local file stats/hidserv-stats. Notably, no statistics will be gathered on clients or services, but only on relays.
2014-10-28Add another year to our copyright dates.Nick Mathewson
Because in 95 years, we or our successors will surely care about enforcing the BSD license terms on this code. Right?
2014-10-16Downgrade 'invalid result from curve25519 handshake: 4' warningNick Mathewson
Also, refactor the way we handle failed handshakes so that this warning doesn't propagate itself to "onion_skin_client_handshake failed" and "circuit_finish_handshake failed" and "connection_edge_process_relay_cell (at origin) failed." Resolves warning from 9635.
2014-07-28Merge branch 'maint-0.2.4' into maint-0.2.5Roger Dingledine
2014-07-28Warn and drop the circuit if we receive an inbound 'relay early' cellRoger Dingledine
Those used to be normal to receive on hidden service circuits due to bug 1038, but the buggy Tor versions are long gone from the network so we can afford to resume watching for them. Resolves the rest of bug 1038; bugfix on 0.2.1.19.
2014-07-25circuit_build_failed: distinguish "first hop chan failed", "CREATE failed"Nick Mathewson
Roger spotted this on tor-dev in his comments on proposal 221. (Actually, detect DESTROY vs everything else, since arma likes network timeout indicating failure but not overload indicating failure.)
2014-06-13Also raise the check for 0 circuit ID in created cell.Nick Mathewson
And add a comment about why conditions that would cause us to drop a cell should get checked before actions that would cause us to send a destroy cell. Spotted by 'cypherpunks'. And note that these issues have been present since 0.0.8pre1 (commit 0da256ef), where we added a "shutting down" state, and started responding to all create cells with DESTROY when shutting down.
2014-06-10Move circuit-id-in-use check for CREATE cells to before all other checksNick Mathewson
This means that we never send a DESTROY cell in response to an attempt to CREATE an existing circuit. Fixes bug 12191.
2014-06-04Merge remote-tracking branch 'public/bug12195'Nick Mathewson
2014-06-03Fix ancient code that only checked circ_id, not circ_id and chanNick Mathewson
This code mis-handled the case where a circuit got the same circuit ID in both directions. I found three instances of it in the codebase, by grepping for [pn]_circ_id. Because of the issue in command_process_relay_cell(), this would have made roughly one circuit in a million completely nonfunctional. Fixes bug 12195.
2013-11-01Merge branch 'prop221_squashed_024'Nick Mathewson
Conflicts: src/or/or.h
2013-11-01circuit_build_failed: distinguish "got DESTROY" caseNick Mathewson
Roger spotted this on tor-dev in his comments on proposal 221. We etect DESTROY vs everything else, since arma likes network timeout indicating failure but not overload indicating failure.
2013-10-28Merge branch 'morestats4' into morestats5Karsten Loesing
Conflicts: doc/tor.1.txt src/or/config.c src/or/connection.h src/or/control.c src/or/control.h src/or/or.h src/or/relay.c src/or/relay.h src/test/test.c
2013-09-05collect and log statistics about onionskins received/processedRoger Dingledine
we skip onionskins that came from non-relays, so we're less likely to run into privacy troubles. starts to implement ticket 9658.
2013-05-25Tweak CELL_STATS event based on comments by nickm.Karsten Loesing
- Move cell_command_to_string from control.c to command.c. - Use accessor for global_circuitlist instead of extern. - Add a struct for cell statistics by command instead of six arrays. - Split up control_event_circuit_cell_stats by using two helper functions. - Add TestingEnableCellStatsEvent option. - Prepare functions for testing. - Rename a few variables and document a few things better.
2013-03-10Fix 8447: use %u to format circid_t.Nick Mathewson
Now that circid_t is 4 bytes long, the default integer promotions will leave it alone when sizeof(int) == 4, which will leave us formatting an unsigned as an int. That's technically undefined behavior. Fixes bug 8447 on bfffc1f0fc7616a25c32da2eb759dade4651659e. Bug not in any released Tor.
2013-02-15Merge remote-tracking branch 'public/wide_circ_ids'Nick Mathewson
Conflicts: src/or/channel.h src/or/connection_or.c src/or/cpuworker.c
2013-01-16Update the copyright date to 201.Nick Mathewson
2013-01-15Forward-port fix for 7889Nick Mathewson
2013-01-15Merge remote-tracking branch 'origin/maint-0.2.3'Nick Mathewson
2013-01-14Reject create/begin/etc cells with {circ,stream}ID 0.Nick Mathewson
Otherwise, it's possible to create streams or circuits with these bogus IDs, leading to orphaned circuits or streams, or to ones that can cause bandwidth DOS problems. Fixes bug 7889; bugfix on all released Tors.