| Age | Commit message (Collapse) | Author |
|---|
|
|
|
dirauth: Add new faravahar
Closes #40689
See merge request tpo/core/tor!819
|
|
Brand new address, brand new keys, brand new day.
Closes #40689
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fixes #40932
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
also consider LD_BUG logs when counting bug reached
Closes #40924
See merge request tpo/core/tor!805
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
It turns out that circuit_package_relay_cell() returns 0 in order to drop a
cell but there is a code path, if the circuit queue is full, that also silently
closes the circuit and returns 0.
This lead to Conflux thinking a cell was sent but actually the cell was not and
the circuit was closed leading to the hard assert.
And so this function makes sure that circuit_package_relay_cell() and
append_cell_to_circuit_queue() returns a value that indicate what happened with
the cell and circuit so the caller can make an informed decision with it.
This change makes it that we do NOT enter the Conflux subsystem if the cell is
not queued on the circuit.
Fixes #40921
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This was previously added to facilitate testing intro point rotation
with chutney. However, the implementation is problematic since it forces
excessive rotation whenever TestingTorNetwork is enabled, and can't be
adjusted or disabled.
Alternatives for testing intro point rotation include:
* Using shadow to "fast forward" time
* Overriding the consensus parameters hs_intro_min_lifetime and
hs_intro_max_lifetime.
Fixes #40922
|
|
This check was originally added in 962765a3, with the intent of
preventing relays with 0 measured bandwidth from being listed in the
consensus (part of fixing #13000).
Currently, that decision and other relevant places effectively use
`dirserv_get_credible_bandwidth_kb`, which prefers bwauth-measured
bandwidth over the self-reported `bandwidthcapacity`, making this check
mostly redundant.
i.e. this change should only affect behavior when the relay has uploaded
a descriptor with `bandwidthcapacity=0` *and* we have a non-zero
measured bandwidth, in which case we'll still trust the measured
bandwidth. This is what we want when bootstrapping a network (e.g. for
testing), since it allows us to initialize bandwidths using a bandwidth
authority file.
A relay can still cause `router_is_active` to return false by setting
the hibernate flag.
Also see discussion in #40917.
Fixes #40917.
|
|
make read_file_to_str_until_eof doc more explicit
Closes #40852
See merge request tpo/core/tor!799
|
|
|
|
the sz_out param is set to what was read (i.e not including the final
NULL the function adds for convenience), but could be understood to
be set to what was read+1 (including the NULL terminator)
|
|
Make two 1-bit fields unsigned
Closes #40911
See merge request tpo/core/tor!796
|
|
This should be a completely harmless warning as we only check whether
the fields are true or false.
Closes #40911.
|
|
|
|
The only way to figure out that posting a vote or signatures to another
dirauth failed is by counting how many success messages there are on
notice level, and noticing that it is fewer than the number of
configured dirauths.
Closes #40910.
|
|
|
|
metrics: Add new relay metrics to MetricsPort
Closes #40816
See merge request tpo/core/tor!793
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Closes #40891
|
|
This commit adds the total number of DROP cell seen, the total number of
DESTROY cell received and the total number of protocol violation that lead to a
circuit close.
Closes #40816
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We strongly suspect that bug 40897 was caused by a custom Tor client that
tried to use more than the default number of conflux circuits, for either
performance or traffic analysis defense gains, or both.
This entity hit a safety check on the exit side, which caused a UAF. Our
"belt and suspenders" snapped off, and hit us in the face... again...
Since there are good reasons to try more than 2 conflux legs, and research has
found some traffic analysis benefits with as many as 5, we're going to raise
and parameterize this limit as a form of bug bounty for finding this UAF, so
that this entity can try out a little more confluxing.
This should also make it easier for researchers to try things like gathering
traces with larger amounts of confluxing than normal, to measure real-world
traffic analysis impacts of conflux.
Shine on, you yoloing anonymous diamond. Let us know if you find out anything
interesting!
|
|
Similar double-frees would be caught earlier by these, so long as the pointers
remain nulled out.
|
|
|
|
Fix bridge exit warn
Closes #40884
See merge request tpo/core/tor!783
|
