| Age | Commit message (Collapse) | Author |
|---|
|
Coverity couldn't tell that 'addrport' was always non-NULL at this
point in the function, so I'm adding an explicit check. This closes
CID 1374060.
|
|
|
|
- function doesn't need to be inline.
- rename function
- Make documentation more pedantically correct
- Remove needless "? 1 : 0."
|
|
Patch from ericho.
Fixes 18529. Simple refactoring.
|
|
Feature 18753 -- all this to allow spaces.
|
|
The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
|
|
|
|
* FIXES #20201: https://bugs.torproject.org/20201
|
|
|
|
And make consequential line-length adjustments.
|
|
* Check consistency between the two single onion torrc options
* Use the more relevant option each time we check for single onion mode
* Clarify log messages
* Clarify comments
* Otherwise, no behaviour change
|
|
Parse the value to UseEntryNodes_option, then set UseEntryNodes before
validating options.
This way, Authorities, Tor2web, and Single Onion Services don't write
spurious "UseEntryNodes 0" lines to their configs. Document the fact that
these tor configurations ignore UseEntryNodes in the manual page.
Also reorder options validation so we modify UseEntryNodes first, then
check its value against EntryNodes.
And silence a warning about disabled UseEntryNodes for hidden services
when we're actually in non-anonymous single onion service mode.
|
|
|
|
|
|
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.
Implements proposal #260, completes ticket #17178. Patch by teor & asn.
squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services
Redesign single onion service poisoning.
When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.
Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.
Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.
Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
|
|
|
|
Users can't run an anonymous client and non-anonymous single
onion service at the same time. We need to know whether we have
any client ports or sockets open to do this check.
When determining whether a client port (SOCKS, Trans, NATD, DNS)
is set, count unix sockets when counting client listeners. This
has no user-visible behaviour change, because these options are
set once and never read in the current tor codebase.
Don't count sockets when setting ControlPort_set, that's what
ControlSocket is for. (This will be reviewed in #19665.)
Don't count sockets when counting server listeners, because the code
that uses these options expects to count externally-visible ports.
(And it would change the behaviour of Tor.)
|
|
|
|
|
|
|
|
OnionTrafficOnly is equivalent to NoDNSRequest, NoIPv4Traffic,
and NoIPv6Traffic.
Add unit tests for parsing and checking option validity.
Add documentation for each flag to the man page.
Add changes file for all of #18693.
Parsing only: the flags do not change client behaviour (yet!)
|
|
|
|
|
|
|
|
* FIXES #19728: https://bugs.torproject.org/19728
* CLOSES #19690: https://bugs.torproject.org/19690
|
|
Rely on onion_populate_cpath to check that we're only using
TAP for the rare hidden service cases.
Check and log if handshakes only support TAP when they should support
ntor.
|
|
|
|
|
|
|
|
socket count or thresholds
|
|
|
|
|
|
|
|
|
|
This bug was introduced in 8bbbbaf87b5ab3c when we added a separate
or_options_free() function but didn't start using it everywhere.
Fixes bug 19466.
|
|
|
|
Also, collapse all the config_assign*() options into a flags
argument, since having two boolean arguments was already confusing.
|
|
|
|
In particular, teach it that deprecated options must exist.
|
|
|
|
|
|
(All this IOCP stuff was bufferevent-only.)
|
|
These appeared on some of the Jenkins platforms. Apparently some
GCCs care when you shadow globals, and some don't.
|
|
|
|
This is a partial fix for 18902.
|
|
Signed-off-by: U+039b <*@0x39b.fr>
|
|
|
|
|
|
|
|
|
