aboutsummaryrefslogtreecommitdiff
path: root/src/or/entrynodes.c
AgeCommit message (Collapse)Author
2017-11-30Merge branch 'maint-0.3.1' into maint-0.3.2Nick Mathewson
2017-11-30Merge branch 'maint-0.3.0' into maint-0.3.1Nick Mathewson
2017-11-28Guard: Don't pick ourselves as a possible GuardDavid Goulet
TROVE-2017-12. Severity: Medium Thankfully, tor will close any circuits that we try to extend to ourselves so this is not problematic but annoying. Part of #21534.
2017-11-20Merge branch 'bug23817_031' into maint-0.3.2Nick Mathewson
2017-11-20Check number of usable guards when applying md restrictions.George Kadianakis
We used to check whether we have enough filtered guards (guard set when torrc is applied) but that's not good enough, since that might be bad in some cases where many guards are not reachable (might cause overblocking and hence reacahbility issues). We now check if we have enough reachable filtered guards before applying md restrictions which should prevent overblocking.
2017-11-17Merge branch 'bug23817_031' into maint-0.3.2Nick Mathewson
2017-11-17Make should_set_md_dirserver_restriction() look at num filtered guardsNick Mathewson
This seems closer to what the code intended.
2017-11-17Skip dirserver restrictions in small networks.George Kadianakis
2017-11-17Introduce new guard restriction and use it to skip outdated dirs.George Kadianakis
2017-10-03entrynodes: Better naming for dir info check functions.George Kadianakis
2017-10-03entrynodes: Error msg for missing guard descs is now more informative.George Kadianakis
2017-10-03entrynodes: Be specific about how many primary descriptors we miss.George Kadianakis
2017-09-15Run our #else/#endif annotator on our source code.Nick Mathewson
2017-09-14Merge branch 'maint-0.3.0' into maint-0.3.1Nick Mathewson
2017-09-14Merge branch 'maint-0.3.1'Nick Mathewson
2017-09-14entrynodes.c: fix syntax error around BUG() statementMartin Kepplinger
Fix those misplaced brackets. Signed-off-by: Martin Kepplinger <martink@posteo.de>
2017-07-01general formatting / whitespace / typo fixesRoger Dingledine
2017-06-29Merge branch 'maint-0.3.0' into maint-0.3.1Nick Mathewson
2017-06-29Merge branch 'trove-2017-006' into maint-0.3.0Nick Mathewson
2017-06-29Consider the exit family when applying guard restrictions.Nick Mathewson
When the new path selection logic went into place, I accidentally dropped the code that considered the _family_ of the exit node when deciding if the guard was usable, and we didn't catch that during code review. This patch makes the guard_restriction_t code consider the exit family as well, and adds some (hopefully redundant) checks for the case where we lack a node_t for a guard but we have a bridge_info_t for it. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-006 and CVE-2017-0377.
2017-06-28Merge remote-tracking branch 'asn/bug21969_bridges_030' into maint-0.3.0Nick Mathewson
2017-06-22Merge branch 'maint-0.3.0' into maint-0.3.1Nick Mathewson
2017-06-22Combine our "don't do this if no consensus" entryguards checksNick Mathewson
Suggested by asn on 22400 review.
2017-06-19Don't expand guard sample set unless consensus is "reasonably live"Nick Mathewson
Fixes what I think is the main root cause of 22400. Bugfix on 0.3.0.1-alpha.
2017-05-22Raise common code for creating circuit_guard_state_tNick Mathewson
This will help if we ever need to add more fields or change the semantics of existing fields.
2017-05-22Merge remote-tracking branch 'asn/bug21969_bridges'Nick Mathewson
2017-05-22Set guard state on bridge descriptor fetches.George Kadianakis
We used to not set the guard state in launch_direct_bridge_descriptor_fetch(). So when a bridge descriptor fetch failed, the guard subsystem would never learn about the fail (and hence the guard's reachability state would not be updated).
2017-05-22Set guard state on bridge descriptor fetches.George Kadianakis
We used to not set the guard state in launch_direct_bridge_descriptor_fetch(). So when a bridge descriptor fetch failed, the guard subsystem would never learn about the fail (and hence the guard's reachability state would not be updated).
2017-05-19fix typo in commentRoger Dingledine
2017-04-03Merge remote-tracking branch 'public/bug21415_testfix_030' into maint-0.3.0Nick Mathewson
2017-03-27Merge remote-tracking branch 'origin/maint-0.3.0'Nick Mathewson
2017-03-27Fix max sampled size logic when in bridge mode.George Kadianakis
When calculating max sampled size, Tor would only count the number of bridges in torrc, without considering that our state file might already have sampled bridges in it. This caused problems when people swap bridges, since the following error would trigger: [warn] Not expanding the guard sample any further; just hit the maximum sample threshold of 1
2017-03-15Run the copyright update script.Nick Mathewson
2017-03-09Revert "Restore correct behavior of 0.3.0.4-rc with bridges+ipv6-min"George Kadianakis
This reverts commit 5298ab59170be74aed20e04e5378ec66eef6476e.
2017-03-01Restore correct behavior of 0.3.0.4-rc with bridges+ipv6-minNick Mathewson
In that chutney test, the bridge client is configured to connect to the same bridge at 127.0.0.1:5003 _and_ at [::1]:5003, with no change in transports. That meant, I think, that the descriptor is only assigned to the first bridge when it arrives, and never the second.
2017-03-01Improve descriptor checks in the new guard algorithm.George Kadianakis
- Make sure we check at least two guards for descriptor before making circuits. We typically use the first primary guard for circuits, but it can also happen that we use the second primary guard (e.g. if we pick our first primary guard as an exit), so we should make sure we have descriptors for both of them. - Remove BUG() from the guard_has_descriptor() check since we now know that this can happen in rare but legitimate situations as well, and we should just move to the next guard in that case.
2017-02-28Change approach to preventing duplicate guards.Nick Mathewson
Previously I'd made a bad assumption in the implementation of prop271 in 0.3.0.1-alpha: I'd assumed that there couldn't be two guards with the same identity. That's true for non-bridges, but in the bridge case, we allow two bridges to have the same ID if they have different addr:port combinations -- in order to have the same bridge ID running multiple PTs. Fortunately, this assumption wasn't deeply ingrained: we stop enforcing the "one guard per ID" rule in the bridge case, and instead enforce "one guard per <id,addr,port>". We also needed to tweak our implementation of get_bridge_info_for_guard, since it made the same incorrect assumption. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
2017-02-14Replace entry_guard_get_by_id_digest_for_guard_selection impl.Nick Mathewson
We already implemented this whole function somewhere else; no need to have the same code twice.
2017-02-09whoops, removed a semicolon :(Nick Mathewson
2017-02-09One more prop271 XXX.Nick Mathewson
2017-02-09Update some more XXXXprop271 comments to refer to actual tickets or to be ↵Nick Mathewson
up-to-date
2017-02-09Remove an XXXprop271 comment: turns out we didn't need a tristateNick Mathewson
2017-02-09Change "prop271" in XXXXs about guard Ed identity to refer to #20872.Nick Mathewson
2017-02-01Merge remote-tracking branch 'asn/bug21052'Nick Mathewson
2017-02-01Merge branch 'bug21242'Nick Mathewson
2017-02-01Merge remote-tracking branch 'public/bug21129'Nick Mathewson
2017-01-31When marking guard state instances on a channel, don't mark NULLNick Mathewson
It's okay for guard_state to be null: we might have a fallback circuit, or we might not be using guards. Fixes bug 211228; bugfix on 0.3.0.1-alpha
2017-01-31Don't try to use confirmed_idx in remove_guard_from_...lists()Nick Mathewson
Since we can call this function more than once before we update all the confirmed_idx fields, we can't rely on all the relays having an accurate confirmed_idx. Fixes bug 21129; bugfix on 0.3.0.1-alpha
2017-01-31Don't build circuits till primary guards have descriptorsNick Mathewson
In addition to not wanting to build circuits until we can see most of the paths in the network, and in addition to not wanting to build circuits until we have a consensus ... we shouldn't build circuits till all of our (in-use) primary guards have descriptors that we can use for them. This is another bug 21242 fix.
2017-01-31Don't (usually) return any guards that are missing descriptors.Nick Mathewson
Actually, it's _fine_ to use a descriptorless guard for fetching directory info -- we just shouldn't use it when building circuits. Fortunately, we already have a "usage" flag that we can use here. Partial fix for bug 21242.