Roger Dingledine [Sat, 10 Nov 2007 21:17:51 +0000 (21:17 +0000)]
Exit policies now reject connections that are addressed to a
relay's public (external) IP address too, unless
ExitPolicyRejectPrivate is turned off. We do this because too
many relays are running nearby to services that trust them based
on network address.
Nick Mathewson [Thu, 8 Nov 2007 16:58:59 +0000 (16:58 +0000)]
r16573@catbus: nickm | 2007-11-08 11:57:16 -0500
Mess with the formula for the Guard flag again. Now it requires that you be in the most familiar 7/8 of nodes, and have above median wfu for that 7/8th. See spec for details. Also, log thresholds better.
Nick Mathewson [Thu, 8 Nov 2007 16:19:07 +0000 (16:19 +0000)]
r16570@catbus: nickm | 2007-11-08 11:04:20 -0500
Keep track, for each OR connection, of the last time we added a non-padding cell to its outbuf. Use this timestamp, not "lastwritten" to tell if it is time to close a circuitless connection. (We can'tuse lastwritten, since lastwritten is updated when ever the connection flushes anything, and by that point we can no longer tell what is a padding cell and what is not.)
Don't stop fetching descriptors when FetchUselessDescriptors is
set, even if we stop asking for circuits. Bugfix on 0.1.2.x;
reported by tup and ioerror.
Nick Mathewson [Wed, 7 Nov 2007 17:41:14 +0000 (17:41 +0000)]
r16531@catbus: nickm | 2007-11-07 12:39:56 -0500
Initialize re-parsed routerinfos with routerlist_index -1, since they are not yet inserted into the routerlist. Fixes another crash.
Nick Mathewson [Wed, 7 Nov 2007 17:11:23 +0000 (17:11 +0000)]
r16525@catbus: nickm | 2007-11-07 12:10:01 -0500
Clean up log messages from bug 543 fix, and make old_routers also keep track of their indices. This will probably crash some until all the bugs are fixed.
Nick Mathewson [Tue, 6 Nov 2007 20:51:45 +0000 (20:51 +0000)]
r16471@catbus: nickm | 2007-11-06 15:50:42 -0500
Detect whether any of the descriptors we want are in old_routers. Possibly useful in tracking down bug 543.
Nick Mathewson [Mon, 5 Nov 2007 18:15:52 +0000 (18:15 +0000)]
r16412@catbus: nickm | 2007-11-05 11:45:17 -0500
Make TLS contexts reference-counted, and add a reference from TLS objects to their corresponding context. This lets us reliably get the certificates for a given TLS connection, even if we have rotated TLS contexts.
Nick Mathewson [Sun, 4 Nov 2007 20:49:02 +0000 (20:49 +0000)]
r14702@tombo: nickm | 2007-11-04 15:48:56 -0500
Define SHARE_DATADIR, LOCALSTATEDIR, and BINDIR in Makefile.am as autoconf recommends. Do not move CONFDIR yet, since we seem to support overriding it in a weird way. Resolves bug 542.
avoid sending a request for "keys/fp" (for which we'll get a 400 bad
request) if we need more v3 certs but we've already got pending requests
for all of them.
fix an assert error on startup if we didn't already have the
consensus and certs cached in our datadirectory: we were
caching the consensus in consensus_waiting_for_certs but then
free'ing it right after.
If bridge users set UpdateBridgesFromAuthority, but the digest
they ask for is a 404 from the bridge authority, they now fall
back to trying the bridge directly.
Nick Mathewson [Sat, 3 Nov 2007 20:12:41 +0000 (20:12 +0000)]
r14678@tombo: nickm | 2007-11-03 16:12:31 -0400
Try to make hidden service directory lookup functions a bit more efficient: go for fewer O(n) operations, and look at the consensus rather than the routerinfo list.
Nick Mathewson [Sat, 3 Nov 2007 20:12:38 +0000 (20:12 +0000)]
r14677@tombo: nickm | 2007-11-03 15:16:27 -0400
Add a smartlist_bsearch_idx function that gives more useful output than regular bsearch for the value-not-found case.
Nov 03 11:15:13.103 [info] connection_dir_client_reached_eof(): Received consensus directory (size 330543) from server '86.59.21.38:80'
Nov 03 11:15:13.129 [info] networkstatus_set_current_consensus(): Got a consensus we already have
Nov 03 11:15:13.129 [warn] Unable to load consensus directory dowloaded from server '86.59.21.38:80'
Stop leaking conn->nickname every time we make a connection to a
Tor relay without knowing its expected identity digest (e.g. when
using bridges). Bugfix on 0.2.0.3-alpha.
Nick Mathewson [Fri, 2 Nov 2007 16:02:26 +0000 (16:02 +0000)]
r14652@tombo: nickm | 2007-11-02 12:02:13 -0400
If setting our rlimit to rlim_max or cap fails, fall back to OPEN_FILES if defiled. This makes Tor run on OSX 10.5, while allowing OSX to mend its ways in the future.
Nick Mathewson [Thu, 1 Nov 2007 05:01:24 +0000 (05:01 +0000)]
r16326@catbus: nickm | 2007-11-01 00:56:45 -0400
As an authority, send back an X-Descriptor-Not-New header when we accept but do not store a descriptor. Partial implementation of fix for bug 535.
Nick Mathewson [Thu, 1 Nov 2007 04:38:45 +0000 (04:38 +0000)]
r16323@catbus: nickm | 2007-11-01 00:32:12 -0400
Mark some finished items finished, some deferred items deferred, and move some "nice to haves" into "deferred-land."
Nick Mathewson [Wed, 31 Oct 2007 20:48:08 +0000 (20:48 +0000)]
r16301@catbus: nickm | 2007-10-31 16:43:49 -0400
A couple of small tweaks to karsten's latest patch, and note an issue with using a bitmap to represent a single int.
Nick Mathewson [Wed, 31 Oct 2007 20:48:06 +0000 (20:48 +0000)]
r16300@catbus: nickm | 2007-10-31 15:36:41 -0400
Next patch from Karsten: rename some macros, tunnel dir connections, generate (and upload) multiple descriptors as appropriate.
Nick Mathewson [Wed, 31 Oct 2007 04:56:59 +0000 (04:56 +0000)]
r16287@catbus: nickm | 2007-10-31 00:53:53 -0400
HMAC-SHA-1 implementation, with unit tests based on vectors from RVFC2202. Steven's stuff will need this.
Nick Mathewson [Tue, 30 Oct 2007 15:17:07 +0000 (15:17 +0000)]
r16279@catbus: nickm | 2007-10-30 11:14:29 -0400
Improved skew reporting: "You are 365 days in the duture" is more useful than "You are 525600 minutes in the future". Also, when we get something that proves we are at least an hour in the past, tell the controller "CLOCK_SKEW MIN_SKEW=-3600" rather than just "CLOCK_SKEW"
projects / thirdparty / tor.git / log
