David Goulet [Thu, 10 May 2018 13:16:50 +0000 (09:16 -0400)]
hs-v3: Add an extra white-space when parsing descriptor
The specification describes the signature token to be right after a newline
(\n) then the token "signature" and then a white-space followed by the encoded
signature.
This commit makes sure that when we parse the signature from the descriptor,
we are always looking for that extra white-space at the end of the token.
It will allow us also to support future fields that might start with
"signature".
Fixes #26069
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Wed, 9 May 2018 16:40:06 +0000 (12:40 -0400)]
Having a ControlPort open doesn't mean we are a client
The any_client_port_set() returns true if the ControlPort is set which is
wrong because we can have that port open but still not behave as a tor client
(like many relays for instance).
Fixes #26062
Signed-off-by: David Goulet <dgoulet@torproject.org>
teor [Wed, 2 May 2018 12:33:21 +0000 (22:33 +1000)]
Stop logging stack contents when reading a zero-length bandwidth file
When directory authorities read a zero-byte bandwidth file, they log
a warning with the contents of an uninitialised buffer. Log a warning
about the empty file instead.
manpage fix to stop saying CacheIPv4DNS is on by default
Stop saying in the manual that clients cache ipv4 dns answers from exit
relays. We haven't used them since 0.2.6.3-alpha, and in ticket 24050
we stopped even caching them as of 0.3.2.6-alpha, but we forgot to say
so in the man page.
teor [Wed, 2 May 2018 12:33:21 +0000 (22:33 +1000)]
Stop logging stack contents when reading a zero-length bandwidth file
When directory authorities read a zero-byte bandwidth file, they log
a warning with the contents of an uninitialised buffer. Log a warning
about the empty file instead.
Nick Mathewson [Wed, 2 May 2018 12:18:48 +0000 (08:18 -0400)]
LibreSSL compatibility fixes.
LibreSSL, despite not having the OpenSSL 1.1 API, does define
OPENSSL_VERSION in crypto.h. Additionally, it apparently annotates
some functions as returning NULL, so that our unit tests need to be
more careful about checking for NULL so they don't get compilation
warnings.
Mike Perry [Mon, 16 Apr 2018 22:49:27 +0000 (22:49 +0000)]
Bug 25733: Avoid assert failure if all circuits time out.
Prior to #23100, we were not counting HS circuit build times in our
calculation of the timeout. This could lead to a condition where our timeout
was set too low, based on non HS circuit build times, and then we would
abandon all HS circuits, storing no valid timeouts in the histogram.
Taylor Yu [Thu, 26 Apr 2018 19:22:52 +0000 (14:22 -0500)]
Show test-suite.log for distcheck on Travis CI
When Travis CI runs make distcheck, test-suite.log doesn't exist in
the expected place. Add a new make target to show this file and use
it when DISTCHECK=yes in .travis.yml. Fixes bug 25814; bug not in any
released Tor.
David Goulet [Tue, 17 Apr 2018 12:38:34 +0000 (08:38 -0400)]
heartbeat: Log the number of circuits killed because too many cells
We recently merged a circuit cell queue size safeguard. This commit adds the
number of killed circuits that have reached the limit to the DoS heartbeat. It
now looks like this:
[notice] DoS mitigation since startup: 0 circuits killed with too many
cells. 0 circuits rejected, 0 marked addresses. 0 connections closed. 0
single hop clients refused.
Second thing that this patch does. It makes tor always print the DoS
mitigation heartbeat line (for a relay) even though no DoS mitigation have
been enabled. The reason is because we now kill circuits that have too many
cells regardless on if it is enabled or not but also it will give the operator
a chance to learn what is enabled with the heartbeat instead of suddenly
appearing when it is enabled by let say the consensus.
Fixes #25824
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Tue, 20 Mar 2018 19:27:58 +0000 (15:27 -0400)]
relay: Implement a circuit cell queue maximum size
This commit introduces the consensus parameter "circ_max_cell_queue_size"
which controls the maximum number of cells a circuit queue should have.
The default value is currently 50000 cells which is above what should be
expected but keeps us a margin of error for padding cells.
Related to this is #9072. Back in 0.2.4.14-alpha, we've removed that limit due
to a Guard discovery attack. Ticket #25226 details why we are putting back the
limit due to the memory pressure issue on relays.
Fixes #25226
Signed-off-by: David Goulet <dgoulet@torproject.org>
Nick Mathewson [Thu, 12 Apr 2018 20:53:53 +0000 (16:53 -0400)]
Refine extend_info_for_node's "enough info" check once again.
In d1874b433953f64, we adjusted this check so that we insist on
using routerinfos for bridges. That's almost correct... but if we
have a bridge that is also a regular relay, then we should use
insist on its routerinfo when connecting to it as a bridge
(directly), and be willing to use its microdescriptor when
connecting to it elsewhere in our circuits.
This bug is a likely cause of some (all?) of the (exit_ei == NULL)
failures we've been seeing.
Alexander Færøy [Tue, 3 Apr 2018 16:26:52 +0000 (18:26 +0200)]
Use less memory for MaxMemInQueues for machines with more than 8 GB of RAM.
This patch changes the algorithm of compute_real_max_mem_in_queues() to
use 0.4 * RAM iff the system has more than or equal to 8 GB of RAM, but
will continue to use the old value of 0.75 * RAM if the system have less
than * GB of RAM available.
This patch also adds tests for compute_real_max_mem_in_queues().
projects / thirdparty / tor.git / log
