| Age | Commit message (Collapse) | Author |
|---|
|
Closes #40984
This reverts commit 3d2f7c3467e7aff545d8e22ffd4153d7598c6d7c.
|
|
Handle empty DNS reply without error as NOERROR
Closes #40248
See merge request tpo/core/tor!830
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Relay=1 is no longer supported; it corresponds to TAP.
Microdesc=3 and Desc=3 are now supported; they correspond to the ability to
handle (micro)descriptors without TAP onion keys.
|
|
|
|
|
|
(Renaming them has forced me to look at every place where they are used, so I
can make sure that they are really optional now.)
|
|
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This patch makes sure we clean up our version and implementation fields
in our Managed Proxy struct after each test run.
This was detected by LeakSanitizer.
See: tpo/core/tor#11101.
|
|
|
|
|
|
This patch adds support for handling the version status message. Once we
receive such message, we add the given version string to the
managed_proxy_t instance. Note this value can be NULL and the value can
change throughout the lifetime of the PT as multiple status version
messages are handled.
See: tpo/core/tor#11101
|
|
dirauth: Add new faravahar
Closes #40689
See merge request tpo/core/tor!819
|
|
Brand new address, brand new keys, brand new day.
Closes #40689
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Closes #40891
|
|
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Closes #40891
|
|
|
|
conflux: Flag set as in full teardown in the free path
Closes #40870
See merge request tpo/core/tor!777
|
|
We suspect a shutdown race of some sort for which the full teardown is not
noticed during the close but should be during the free.
For that, we flag the conflux set as in full teardown (if so) in the free path
in case the close path didn't caught it.
Fixes #40870
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This has been misspelled when using consensus method 31 or later
since 0.4.6.1-alpha. Fixes bug 40869.
|
|
This also lets us discard extract_param_buggy, which we've been
wanting to do.
|
|
|
|
Now that we never use an earlier consensus method, our tests actually
hit this, and we find that we have misspelled "maxunmeasurdbw" (sic) in
dirvote.c.
I have opened ticket #40869 to track this misspelling.
|
|
These tests had previously listed methods that we no longer support.
|
|
Handle ntor and ntor_v3 individually in rephist and for MetricsPort.
Closes #40638
See merge request tpo/core/tor!767
|
|
This patch should not mess with the DoS protection here.
Fixes tpo/core/tor#40638.
|
|
Fix sandbox on AArch64, RISC-V
Closes #24454
See merge request tpo/core/tor!446
|
|
This patch causes `tor_compress_is_compression_bomb()` to emit a
warning-level log message that lets us learn the potential ratio of the
input to output buffer sizes. Hopefully, this will give us a bit of a
better idea whether the compression bomb ratio needs some tuning.
See: tpo/core/tor#40739.
|
|
|
|
I saw this test fail intermittently due to what seemed like a filesystem
race in docker? The cleanup task was failing with a 'directory not
empty' error, despite trying to do a recursive 'rm'. This patch adds an
'ls' to the same directory, hoping the output might be useful to
diagnose future intermittent failures.
|
|
This was causing CI failures that didn't reproduce on my local machine.
The DoS subsystem now has a new assert() which triggers a BUG on some
nonzero memory contents (or_conn->tracked_for_dos_mitigation), and
uninitialized stack memory might be nonzero.
|
|
This exemption used to be helpful in keeping exit relays from tripping
the DoS detection subsystem and losing Tor connectivity. Now exit relays
block re-entry into the network (tor issue #2667) so it's no longer
needed. We'd like to re-enable protection on these addresses to avoid
giving attackers a way around our DoS mitigations.
|
|
tor only marks a channel as 'open' once the TLS and OR handshakes have both
completed, and normal "client" (ORPort) DoS protection is not enabled until
the channel becomes open. This patch adds an additional earlier initialization
path for DoS protection on incoming TLS connections.
This leaves the existing dos_new_client_conn() call sites intact, but adds a
guard against multiple-initialization using the existing
tracked_for_dos_mitigation flag. Other types of channels shouldn't be affected
by this patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
