summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2016-12-16hs: Remove a useless cast in verify_establish_intro_cell()David Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16hs: Add an extra safety check on ESTABLISH_INTRO sig lenDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16trunnel: Move ESTABLISH_INTRO cell sig_len after the end_sig_fieldsDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-12-16Revert "Stop checking whether environ is declared."Nick Mathewson
This reverts commit 954eeda619a59dae76144ad69967f0ed7341b564. Apparently, OpenBSD is what expects you to declare environ yourself. So 19142 is a wontfix.
2016-12-16Fix broken entrynodes/retry_unreachable testNick Mathewson
I broke this with 20292ec4974b777d430e7962cc38349c5f82b220 when I changed the primary guard retry schedule.
2016-12-16Disable the legacy guard algorithm. Code isn't removed yet.Nick Mathewson
(Keeping the code around in case I broke Tor in some unexpected way.)
2016-12-16Merge branch 'ticket20831_v2'Nick Mathewson
2016-12-16Make NumDirectoryGuards work with the new guard algorithm.Nick Mathewson
Now that we support NumEntryGuards, NumDirectoryGuards is pretty easy to put back in.
2016-12-16Make NumEntryGuards work as expected again.Nick Mathewson
Further, add a "guard-n-primary-guards-to-use" parameter, defaulting to 1, for NumEntryGuards to override.
2016-12-16271: Algorithm tweak to allow multiple entry guards.Nick Mathewson
Previously, we had NumEntryGuards kind of hardwired to 1. Now we have the code (but not the configuarability) to choose randomly from among the first N primary guards that would work, where N defaults to 1. Part of 20831 support for making NumEntryGuards work again.
2016-12-16Respect GuardLifetime in prop271 code.Nick Mathewson
It overrides both the GUARD_LIFETIME and the GUARD_CONFIRMED_MIN_LIFETIME options.
2016-12-16Remove UseDirectoryGuardsNick Mathewson
It is obsoleted in an always-on direction by prop271.
2016-12-16Merge branch 'ticket20826_v2'Nick Mathewson
2016-12-16Support restrictive ENTRYNODES configurations correctly.Nick Mathewson
Since we already had a separate function for getting the universe of possible guards, all we had to do was tweak it to handle very the GS_TYPE_RESTRICTED case.
2016-12-16guard->nickname is never NULL.Nick Mathewson
2016-12-16Merge branch 'prop271_030_v1_squashed'Nick Mathewson
2016-12-16Per suggestion, increase the retry frequency for primary guards.Nick Mathewson
2016-12-16Rewrite state transition logic in entry_guards_note_success()Nick Mathewson
asn found while testing that this function can be reached with GUARD_STATE_COMPLETE circuits; I believe this happens when cannibalization occurs. The added complexity of handling one more state made it reasonable to turn the main logic here into a switch statement.
2016-12-16Add a separate, non-fractional, limit to the sampled guard set size.Nick Mathewson
Letting the maximum sample size grow proportionally to the number of guards defeats its purpose to a certain extent. Noted by asn during code review. Fixes bug 20920; bug not in any released (or merged) version of Tor.
2016-12-16Clean check for live consensus when updating the guard sample.Nick Mathewson
The valid_until check was redundant.
2016-12-16Move a TODO comment into doxygen comments.Nick Mathewson
2016-12-16Easy code fixes.George Kadianakis
- Correctly maintain the previous guard selection in choose_guard_selection(). - Print bridge identifier instead of nothing in entry_guard_describe()._
2016-12-16Trivial documentation improvements.George Kadianakis
2016-12-16Wrap all of the legacy guard code, and its users, in #ifdefsNick Mathewson
This will make it easier to see what we remove down the line.
2016-12-16Fix a signed/unsigned warning on 32-bitNick Mathewson
2016-12-16Tests for choosing which guard_selection to useNick Mathewson
2016-12-16Update node-selection tests to consider restrictionsNick Mathewson
2016-12-16Tests for restricted-circuit cases of upgrade_waiting_circuits()Nick Mathewson
2016-12-16Don't make $hexid nicknames persistent.Nick Mathewson
(That's asking for trouble, and also totally completely redundant.)
2016-12-16prop271: Tests for the highlevel or_state_t encode/decode functionsNick Mathewson
2016-12-16Add a test for entry_guard_state_should_expire()Nick Mathewson
2016-12-16Extract guard_selection_infer_type into its own function.Nick Mathewson
2016-12-16Repair unit test for tiny-network case.Nick Mathewson
The test assumed that the old rules about handling small max_sample were in effect, and didn't actually handle that case very well anyway.
2016-12-16Another tweak for guard restrictions: don't let complete circs blockNick Mathewson
If a complete circuit C2 doesn't obey the restrictions of C1, then C2 cannot block C1. The patch here is a little big-ish, since we can no longer look through all the complete circuits and all the waiting circuits on a single pass: we have to find the best waiting circuit first.
2016-12-16Implement support for per-circuit guard restrictions.Nick Mathewson
This is an important thing I hadn't considered when writing prop271: sometimes you have to restrict what guard you use for a particular circuit. Most frequently, that would be because you plan to use a certain node as your exit, and so you can't choose that for your guard. This change means that the upgrade-waiting-circuits algorithm needs a slight tweak too: circuit A cannot block circuit B from upgrading if circuit B needs to follow a restriction that circuit A does not follow.
2016-12-16guards_choose_dirguard(): replace one XXXX with another.Nick Mathewson
I had been asking myself, "hey, doesn't the new code need to look at this "info" parameter? The old code did!" But it turns out that the old code hasn't, since 05f7336624d6a47b3. So instead of "support this!" the comment now says "we can remove this!"
2016-12-16Fix a magic number in get_max_sample_sizeNick Mathewson
2016-12-16Note a couple of XXX-prop271s as spec deviations.Nick Mathewson
2016-12-16Remove some resolved "XXXX prop271" comments.Nick Mathewson
2016-12-16Re-enable some disabled tests about switching guard_selectionsNick Mathewson
2016-12-16Fix for small test networks: don't refuse to have any sampled guards.Nick Mathewson
Don't restrict the sample size if the network size is less than 20 guards. Maybe we'll think of a better rule later on?
2016-12-16Remove a few unused arguments.Nick Mathewson
2016-12-16Change return value of entry_guard_succeeded to an enum.Nick Mathewson
George pointed out that (-1,0,1) for (never usable, maybe usable later, usable right now) was a pretty rotten convention that made the code harder to read.
2016-12-16Note some large functions that could be split.Nick Mathewson
George Kadianakis pointed these out.
2016-12-16More progress on bridge implementation with prop271 guardsNick Mathewson
Here we handle most (all?) of the remaining tasks, and fix some bugs, in the prop271 bridge implementation. * We record bridge identities as we learn them. * We only call deprecated functions from bridges.c when the deprecated guard algorithm is in use. * We update any_bridge_descriptors_known() and num_bridges_usable() to work correctly with the new backend code. (Previously, they called into the guard selection logic. * We update bridge directory fetches to work with the new guard code. * We remove some erroneous assertions where we assumed that we'd never load a guard that wasn't for the current selection. Also, we fix a couple of typos.
2016-12-16Implement bridge backends for sampling, filtering guards.Nick Mathewson
Still missing is functionality for picking bridges when we don't know a descriptor for them yet, and functionality for learning a bridge ID. Everything else remains (basically) the same. Neat!
2016-12-16Add some needed accessors/inspectors for bridge/guard convergenceNick Mathewson
2016-12-16Lay down some infrastructure for bridges in the New Guard Order.Nick Mathewson
This includes: * making bridge_info_t exposed but opaque * allowing guards where we don't know an identity * making it possible to learn the identity of a guard * creating a guard that lacks a node_t * remembering a guard's address and port. * Looking up a guard by address and port. * Only enforcing the rule that we need a live consensus to update the "listed" status for guards when we are not using bridges.
2016-12-16Remove guard_selection argument from status-reporting functionsNick Mathewson
This prevents us from mixing up multiple guard_selections
2016-12-16Add a backpointer from entry_guard_t to guard_selection_tNick Mathewson
This is safe, because no entry_guard_t ever outlives its guard_selection_t. I want this because now that multiple guard selections can be active during one tor session, we should make sure that any information we register about guards is with respect to the selection that they came from.