Nick Mathewson [Fri, 19 Jul 2013 03:45:40 +0000 (23:45 -0400)]
Stop accepting milliseconds in various directory contexts
Have clients and authorities both have new behavior, since the
fix for bug 11243 has gone in. But make clients still accept
accept old bogus HSDir descriptors, to avoid fingerprinting trickery.
Nick Mathewson [Thu, 13 Nov 2014 15:48:15 +0000 (10:48 -0500)]
Add an ExitRelay option to override ExitPolicy
If we're not a relay, we ignore it.
If it's set to 1, we obey ExitPolicy.
If it's set to 0, we force ExitPolicy to 'reject *:*'
And if it's set to auto, then we warn the user if they're running an
exit, and tell them how they can stop running an exit if they didn't
mean to do that.
Nick Mathewson [Tue, 6 Jan 2015 19:05:35 +0000 (14:05 -0500)]
Use package-config output for -lsystemd correctly
In systemd 209, they deprecated -lsystemd-daemon in favor of
-lsystemd. So we'd better actually look at the pkg-config output,
or we'll get warnings on newer distributions.
For some as-yet-unknown-to-me reason, setting CFLAGS so early makes
it so -O2 -g doesn't get added to it later. So, adding it myself
later. Perhaps a better fix here can be found.
Fixes 14072; bugfix on 0.2.6.2-alpha. Based on a patch from h.venev
Nick Mathewson [Sun, 4 Jan 2015 22:28:54 +0000 (17:28 -0500)]
Prevent changes to other options from removing . from AutomapHostsSuffixes
This happened because we changed AutomapHostsSuffixes to replace "."
with "", since a suffix of "" means "match everything." But our
option handling code for CSV options likes to remove empty entries
when it re-parses stuff.
Instead, let "." remain ".", and treat it specially when we're
checking for a match.
Yawning Angel [Tue, 30 Dec 2014 16:36:16 +0000 (16:36 +0000)]
Allow IPv4 and IPv6 addresses in SOCKS5 FQDN requests.
Supposedly there are a decent number of applications that "support"
IPv6 and SOCKS5 using the FQDN address type. While said applications
should be using the IPv6 address type, allow the connection if
SafeSocks is not set.
teor [Sat, 20 Dec 2014 10:44:16 +0000 (21:44 +1100)]
Fix Reachability self-tests in test networks
Stop assuming that private addresses are local when checking
reachability in a TestingTorNetwork. Instead, when testing, assume
all OR connections are remote. (This is necessary due to many test
scenarios running all nodes on localhost.)
This assists in bootstrapping a testing Tor network.
teor [Thu, 25 Dec 2014 13:43:58 +0000 (00:43 +1100)]
Add "internal" to some bootstrap statuses when no exits are available.
If the consensus does not contain Exits, Tor will only build internal
circuits. In this case, relevant statuses will contain the word "internal"
as indicated in the Tor control-spec.txt. When bootstrap completes,
Tor will be ready to handle an application requesting an internal
circuit to hidden services at ".onion" addresses.
If a future consensus contains Exits, exit circuits may become available.
Tor already notifies the user at "notice" level if they have no exits in
the consensus, and can therefor only build internal paths.
teor [Thu, 25 Dec 2014 13:31:16 +0000 (00:31 +1100)]
Avoid building exit circuits from a consensus with no exits
Tor can now build circuits from a consensus with no exits.
But if it tries to build exit circuits, they fail and flood the logs.
The circuit types in the Exit Circuits list below will only be
built if the current consensus has exits. If it doesn't,
only the Internal Circuits will be built. (This can change
with each new consensus.)
Fixes bug #13814, causes fewer path failures due to #13817.
Exit Circuits:
Predicted Exit Circuits
User Traffic Circuits
Most AP Streams
Circuits Marked Exit
Build Timeout Circuits (with exits)
Internal Circuits:
Hidden Service Server Circuits
Hidden Service Client Circuits
Hidden Service AP Streams
Hidden Service Intro Point Streams
Circuits Marked Internal
Build Timeout Circuits (with no exits)
Other Circuits?
teor [Thu, 25 Dec 2014 12:42:38 +0000 (23:42 +1100)]
Avoid excluding guards from path building in minimal test networks
choose_good_entry_server() now excludes current entry
guards and their families, unless we're in a test network,
and excluding guards would exclude all nodes.
This typically occurs in incredibly small tor networks,
and those using TestingAuthVoteGuard *
This is an incomplete fix, but is no worse than the previous
behaviour, and only applies to minimal, testing tor networks
(so it's no less secure).
David Goulet [Tue, 25 Nov 2014 15:37:55 +0000 (10:37 -0500)]
Fix: mitigate as much as we can HS port scanning
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.
This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.
Nick Mathewson [Mon, 29 Dec 2014 15:06:12 +0000 (10:06 -0500)]
Wipe all of the target space in tor_addr_{to,from}_sockaddr()
Otherwise we risk a subsequent memdup or memcpy copying
uninitialized RAM into some other place that might eventually expose
it. Let's make sure that doesn't happen.
teor [Sat, 20 Dec 2014 10:59:17 +0000 (21:59 +1100)]
Fix If-Modified-Since in rapidly updating Tor networks
When V3AuthVotingInterval is low, decrease the delay on the
If-Modified-Since header passed to directory servers.
This allows us to obtain consensuses promptly when the consensus
interval is very short.
This assists in bootstrapping a testing Tor network.
teor [Sat, 20 Dec 2014 10:42:28 +0000 (21:42 +1100)]
Fix TestingMinExitFlagThreshold 0
Stop requiring exits to have non-zero bandwithcapacity in a
TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
ignore exit bandwidthcapacity.
This assists in bootstrapping a testing Tor network.
Fixes bugs 13718 & 13839.
Makes bug 13161's TestingDirAuthVoteExit non-essential.
Michael Scherer [Tue, 23 Dec 2014 16:22:42 +0000 (11:22 -0500)]
Add support for systemd watchdog protocol
It work by notifying systemd on a regular basis. If
there is no notification, the daemon is restarted.
This requires a version newer than the 209 version
of systemd, as it is not supported before.
Add the transparent proxy getsockopt to the sandbox
When receiving a trasnsparently proxied request with tor using iptables tor
dies because the appropriate getsockopt calls aren't enabled on the sandbox.
This patch fixes this by adding the two getsockopt calls used when doing
transparent proxying with tor to the sandbox for the getsockopt policy.
This patch is released under the same license as the original file as
long as the author is credited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
Use the appropriate call to getsockopt for IPv6 sockets
The original call to getsockopt to know the original address on transparently
proxyed sockets using REDIRECT in iptables failed with IPv6 addresses because
it assumed all sockets used IPv4.
This patch fixes this by using the appropriate options and adding the headers
containing the needed definitions for these.
This patch is released under the same license as the original file as
long as the author iscredited.
Signed-off-by: Francisco Blas Izquierdo Riera (klondike) <klondike@gentoo.org>
projects / thirdparty / tor.git / log
