PredictedCircsRelevanceTime: limit how long we predict a port will be used
By default, after you've made a connection to port XYZ, we assume
you might still want to have an exit ready to connect to XYZ for one
hour. This patch lets you lower that interval.
Nick Mathewson [Mon, 3 Mar 2014 15:45:39 +0000 (10:45 -0500)]
Warn if ports are specified in {Socks,Dir}Policy
We have ignored any ports listed here since 80365b989 (0.0.7rc1),
but we didn't warn the user that we were ignoring them. This patch
adds a warning if you put explicit ports in any of the options
{Socks,Dir}Policy or AuthDir{Reject,Invalid,BadDir,BadExit}. It
also adjusts the manpage to say that ports are ignored.
Nick Mathewson [Wed, 26 Feb 2014 14:51:30 +0000 (09:51 -0500)]
Monotonize the OOM-killer data timers
In a couple of places, to implement the OOM-circuit-killer defense
against sniper attacks, we have counters to remember the age of
cells or data chunks. These timers were based on wall clock time,
which can move backwards, thus giving roll-over results for our age
calculation. This commit creates a low-budget monotonic time, based
on ratcheting gettimeofday(), so that even in the event of a time
rollback, we don't do anything _really_ stupid.
A future version of Tor should update this function to do something
even less stupid here, like employ clock_gettime() or its kin.
When extracting geoip and geoip6 files from MaxMind's GeoLite2 Country
database, we only look at country->iso_code which is the two-character ISO
3166-1 country code of the country where MaxMind believes the end user is
located.
But if MaxMind thinks a range belongs to anonymous proxies, they don't put
anything there. Hence, we omit those ranges and resolve them all to '??'.
That's not what we want.
What we should do is first try country->iso_code, and if there's no such
key, try registered_country->iso_code which is the country in which the
ISP has registered the IP address.
In short: let's fill all A1 entries with what ARIN et. al think.
"""
Karsten Loesing [Tue, 25 Feb 2014 12:20:04 +0000 (13:20 +0100)]
Fall back to registered country if necessary.
When extracting geoip and geoip6 files from MaxMind's GeoLite2 Country
database, we only look at country->iso_code which is the two-character ISO
3166-1 country code of the country where MaxMind believes the end user is
located.
But if MaxMind thinks a range belongs to anonymous proxies, they don't put
anything there. Hence, we omit those ranges and resolve them all to '??'.
That's not what we want.
What we should do is first try country->iso_code, and if there's no such
key, try registered_country->iso_code which is the country in which the
ISP has registered the IP address.
In short: let's fill all A1 entries with what ARIN et. al think.
Nick Mathewson [Mon, 24 Feb 2014 16:41:53 +0000 (11:41 -0500)]
pass our compiler -fasynchronous-unwind-tables by default
This should make more platforms (in particular, ones with compilers
where -fomit-frame-pointer is on by default but table generation
isn't) support backtrace generation. Thanks to cypherpunks for this
one.
Nick Mathewson [Fri, 21 Feb 2014 18:04:48 +0000 (18:04 +0000)]
When not an exit node, don't test for DNS hijacking.
Back in 5e762e6a5c0e6729bb7dbb586af2690c087d9ba8, non-exit servers
stopped launching DNS requests for users. So there's no need for them
to see if their DNS answers are hijacked.
David Goulet [Fri, 21 Feb 2014 10:14:33 +0000 (10:14 +0000)]
Fix: send back correct IPv6 SOCKS5 connect reply
For a client using a SocksPort connection and IPv6, the connect reply
from tor daemon did not handle AF_INET6 thus sending back the wrong
payload to the client.
dana koch [Sat, 15 Feb 2014 10:48:58 +0000 (21:48 +1100)]
Restitute a successful stat call to this test case.
Since the first stat call is made for it to deliberately fail, and we
reference st.st_mode without st having valid data, st.st_mode can contain
garbage and cause chmod to fail with EINVAL. We rerun stat and ensure it
succeeded.
Also make use of tt_abort_perror, to properly convey failure reasons to
the user.
dana koch [Sun, 16 Feb 2014 05:12:50 +0000 (16:12 +1100)]
Appropriately condition the _le64toh macro definition for OpenBSD.
This corrects a linker error on OpenBSD, where the function is called letoh64. See also http://git.kernel.org/cgit/docs/man-pages/man-pages.git/tree/man3/endian.3#n84.
Sebastian Hahn [Thu, 13 Feb 2014 07:25:08 +0000 (08:25 +0100)]
gcc/clang: Mark macro-generated functions as possible unused
clang 3.4 introduced a new by-default warning about unused static
functions, which we triggered heavily for the hashtable and map function
generating macros. We can use __attribute__ ((unused)) (thanks nickm for
the suggestion :-) ) to silence these warnings.
Nick Mathewson [Sat, 15 Feb 2014 04:23:53 +0000 (23:23 -0500)]
tristate->enum in rendcommon functions
When we have more than two return values, we should really be using
an enum rather than "-2 means this, -1 means that, 0 means this, and
1 or more means a number."
Karsten Loesing [Thu, 13 Feb 2014 17:58:21 +0000 (18:58 +0100)]
Exclude Teredo IPv6 prefix from geoip6.
The latest GeoLite2 database includes a pointer from 2001::/32 to the root
node of the IPv4 address space in the tree. We need to exclude this whole
address space from geoip6, similar to how we exclude IPv4-mapped IPv6
addresses and the 6to4 mapping subnet.
projects / thirdparty / tor.git / log
