| Age | Commit message (Collapse) | Author |
|---|
|
This was previously added to facilitate testing intro point rotation
with chutney. However, the implementation is problematic since it forces
excessive rotation whenever TestingTorNetwork is enabled, and can't be
adjusted or disabled.
Alternatives for testing intro point rotation include:
* Using shadow to "fast forward" time
* Overriding the consensus parameters hs_intro_min_lifetime and
hs_intro_max_lifetime.
Fixes #40922
|
|
This check was originally added in 962765a3, with the intent of
preventing relays with 0 measured bandwidth from being listed in the
consensus (part of fixing #13000).
Currently, that decision and other relevant places effectively use
`dirserv_get_credible_bandwidth_kb`, which prefers bwauth-measured
bandwidth over the self-reported `bandwidthcapacity`, making this check
mostly redundant.
i.e. this change should only affect behavior when the relay has uploaded
a descriptor with `bandwidthcapacity=0` *and* we have a non-zero
measured bandwidth, in which case we'll still trust the measured
bandwidth. This is what we want when bootstrapping a network (e.g. for
testing), since it allows us to initialize bandwidths using a bandwidth
authority file.
A relay can still cause `router_is_active` to return false by setting
the hibernate flag.
Also see discussion in #40917.
Fixes #40917.
|
|
make read_file_to_str_until_eof doc more explicit
Closes #40852
See merge request tpo/core/tor!799
|
|
|
|
the sz_out param is set to what was read (i.e not including the final
NULL the function adds for convenience), but could be understood to
be set to what was read+1 (including the NULL terminator)
|
|
Make two 1-bit fields unsigned
Closes #40911
See merge request tpo/core/tor!796
|
|
This should be a completely harmless warning as we only check whether
the fields are true or false.
Closes #40911.
|
|
|
|
The only way to figure out that posting a vote or signatures to another
dirauth failed is by counting how many success messages there are on
notice level, and noticing that it is fewer than the number of
configured dirauths.
Closes #40910.
|
|
|
|
metrics: Add new relay metrics to MetricsPort
Closes #40816
See merge request tpo/core/tor!793
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Closes #40891
|
|
This commit adds the total number of DROP cell seen, the total number of
DESTROY cell received and the total number of protocol violation that lead to a
circuit close.
Closes #40816
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We strongly suspect that bug 40897 was caused by a custom Tor client that
tried to use more than the default number of conflux circuits, for either
performance or traffic analysis defense gains, or both.
This entity hit a safety check on the exit side, which caused a UAF. Our
"belt and suspenders" snapped off, and hit us in the face... again...
Since there are good reasons to try more than 2 conflux legs, and research has
found some traffic analysis benefits with as many as 5, we're going to raise
and parameterize this limit as a form of bug bounty for finding this UAF, so
that this entity can try out a little more confluxing.
This should also make it easier for researchers to try things like gathering
traces with larger amounts of confluxing than normal, to measure real-world
traffic analysis impacts of conflux.
Shine on, you yoloing anonymous diamond. Let us know if you find out anything
interesting!
|
|
Similar double-frees would be caught earlier by these, so long as the pointers
remain nulled out.
|
|
|
|
Fix bridge exit warn
Closes #40884
See merge request tpo/core/tor!783
|
|
add sanity check in tor_memmem
Closes #40854
See merge request tpo/core/tor!785
|
|
don't warn for empty RecommendedServerVersion
Closes #40888
See merge request tpo/core/tor!787
|
|
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Closes #40891
|
|
|
|
it's believed most libc already have those, but just in case, it can't
hurt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
The hs_metrics_failed_rdv() macro could pass a NULL value for the identity key
when a building circuit would end up in a failure path *before* the "hs_ident"
was able to be set which leading to this assert.
This was introduced in 0.4.8.1-alpha with the addition of rendezvous circuit
failure metrics for the MetricsPort.
This fixes TROVE-2023-006 for which its severity is considered high.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
Fixes #40874
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
