| Age | Commit message (Collapse) | Author |
|---|
|
Fixes #16247, patch by "jojelino".
|
|
We had a regression in 0.2.6.3-alpha when we stopped saying
IPPROTO_TCP to socket(). Fixes bug 14989, bugfix on 0.2.6.3-alpha.
|
|
|
|
ca5ba2956bcd4b5ee1e526ccf5914f52fe6e6d51 broke this; bug not in any
released Tor.
Also fix a typo.
Fixes 14541 and 14527. Reported by qbi.
|
|
|
|
Also, revise bug12585 changes file to mention new syntax
|
|
|
|
|
|
Conflicts:
src/or/connection.c
src/or/or.h
src/or/relay.c
|
|
|
|
Also rename some options for uniformity, and apply this script:
@@
entry_connection_t *conn;
@@
conn->
+entry_cfg.
\(
isolation_flags
\|
session_group
\|
socks_prefer_no_auth
\|
ipv4_traffic
\|
ipv6_traffic
\|
prefer_ipv6
\|
cache_ipv4_answers
\|
cache_ipv6_answers
\|
use_cached_ipv4_answers
\|
use_cached_ipv6_answers
\|
prefer_ipv6_virtaddr
\)
|
|
Also, revise the code using these options with this cocci script:
@@
listener_connection_t *conn;
@@
conn->
+entry_cfg.
\(
isolation_flags
\|
session_group
\|
socks_prefer_no_auth
\|
ipv4_traffic
\|
ipv6_traffic
\|
prefer_ipv6
\|
cache_ipv4_answers
\|
cache_ipv6_answers
\|
use_cached_ipv4_answers
\|
use_cached_ipv6_answers
\|
prefer_ipv6_virtaddr
\)
|
|
Also, apply this cocci script to transform accesses. (Plus manual
migration for accesses inside smartlist_foreach loops.)
@@
port_cfg_t *cfgx;
@@
cfgx->
+server_cfg.
\(
no_advertise
\|
no_listen
\|
all_addrs
\|
bind_ipv4_only
\|
bind_ipv6_only
\)
@@
port_cfg_t *cfgx;
@@
cfgx->
+entry_cfg.
\(
isolation_flags
\|
session_group
\|
socks_prefer_no_auth
\|
ipv4_traffic
\|
ipv6_traffic
\|
prefer_ipv6
\|
cache_ipv4_answers
\|
cache_ipv6_answers
\|
use_cached_ipv4_answers
\|
use_cached_ipv6_answers
\|
prefer_ipv6_virtaddr
\)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
no longer implies TCP
|
|
check_location_for_unix_socket()/check_location_for_socks_unix_socket() to eliminate duplicated code
|
|
Signed-off-by: Andrea Shepard <andrea@torproject.org>
|
|
|
|
|
|
|
|
|
|
Conflicts:
src/or/or.h
src/test/Makefile.nmake
|
|
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code. Right?
|
|
|
|
queue total
|
|
Closes 11582; patch from "ra".
|
|
|
|
|
|
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.
Closes 13036. Patches from "teor".
|
|
This reverts commit b82e166bec5fcc468424af1ff71e2e753ac534a2.
We don't need that part in 0.2.5, since 0.2.5 no longer supports
non-multithreaded builds.
|
|
|
|
We don't want to call event_del() postfork, if cpuworkers are
multiprocess.
|
|
Previously, we had done this only in the connection_free() case, but
when we called connection_free_() directly from
connections_free_all(), we didn't free the connections.
|
|
|
|
Currently tor fails to build its test when enabled with bufferevents
because an #ifndef USE_BUFFEREVENTS hides bucket_millis_empty() and
friends. This is fine if we don't run tests, but if we do, we need
these functions in src/or/libtor-testing.a when linking src/test/test.
This patch moves the functions outside the #ifndef and exposes them.
See downstream bug:
https://bugs.gentoo.org/show_bug.cgi?id=510124
|
|
Conflicts:
src/or/channel.c
src/or/circuitlist.c
src/or/connection.c
Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
|
|
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits. But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.
This is part of fixing 6799.
When applied to 0.2.5, it is also a fix for 12023.
|
|
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.
Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.
Fix for ticket 6799.
|
|
get_proxy_addrport fills in proxy_type with the correct value, so there
is no point in logging something that's a "best guess" based off the
config.
|
|
The code was not disambiguating ClientTransportPlugin configured and
not used, and ClientTransportPlugin configured, but in a failed state.
The right thing to do is to undo moving the get_transport_by_addrport()
call back into get_proxy_addrport(), and remove and explicit check for
using a Bridge since by the time the check is made, if a Bridge is
being used, it is PT/proxy-less.
|
|
This change allows using Socks4Proxy, Socks5Proxy and HTTPSProxy with
ClientTransportPlugins via the TOR_PT_PROXY extension to the
pluggable transport specification.
This fixes bug #8402.
|
|
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd). The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.
To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.
(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox. It's not desirable either.)
|
|
|
