Commit Graph

3711 Commits

Author SHA1 Message Date
Nick Mathewson
a7d44731d9 Merge remote-tracking branch 'teor/feature4483-v10-squashed' 2015-12-15 12:57:57 -05:00
teor (Tim Wilson-Brown)
2212530bf5 Prop210: Close excess connections once a consensus is downloading
Once tor is downloading a usable consensus, any other connection
attempts are not needed.

Choose a connection to keep, favouring:
* fallback directories over authorities,
* connections initiated earlier over later connections

Close all other connections downloading a consensus.
2015-12-16 04:37:59 +11:00
teor (Tim Wilson-Brown)
35bbf2e4a4 Prop210: Add schedules for simultaneous client consensus downloads
Prop210: Add attempt-based connection schedules

Existing tor schedules increment the schedule position on failure,
then retry the connection after the scheduled time.

To make multiple simultaneous connections, we need to increment the
schedule position when making each attempt, then retry a (potentially
simultaneous) connection after the scheduled time.

(Also change find_dl_schedule_and_len to find_dl_schedule, as it no
longer takes or returns len.)

Prop210: Add multiple simultaneous consensus downloads for clients

Make connections on TestingClientBootstrapConsensus*DownloadSchedule,
incrementing the schedule each time the client attempts to connect.

Check if the number of downloads is less than
TestingClientBootstrapConsensusMaxInProgressTries before trying any
more connections.
2015-12-16 04:37:49 +11:00
Nick Mathewson
54433993c7 Merge branch 'feature17576-UseDefaultFallbackDirs-v2-squashed' 2015-12-15 12:19:08 -05:00
teor (Tim Wilson-Brown)
080ae03ee4 Add UseDefaultFallbackDirs for hard-coded directory mirrors
UseDefaultFallbackDirs enables any hard-coded fallback
directory mirrors. Default is 1, set it to 0 to disable fallbacks.

Implements ticket 17576.
Patch by "teor".
2015-12-15 12:19:01 -05:00
cypherpunks
816207511b Remove the INLINE coding standard 2015-12-15 11:34:00 -05:00
Nick Mathewson
85003f4c80 Add a new ipv6=address:orport flag to DirAuthority and FallbackDir
Resolves # 6027
2015-12-14 23:43:50 +11:00
Jamie Nguyen
ec4ef68271 Introduce DataDirectoryGroupReadable boolean 2015-12-10 20:00:06 -05:00
Nick Mathewson
9f6b9e28cc forward-port changelog and releasenotes 2015-12-10 14:24:22 -05:00
Nick Mathewson
caff665309 Merge remote-tracking branch 'teor/first-hop-no-private' 2015-12-09 10:47:59 -05:00
Andrew Kvalheim
61d3364f26 Fix formatting typo in manpage. 2015-12-09 10:37:22 -05:00
teor (Tim Wilson-Brown)
23b088907f Refuse to make direct connections to private OR addresses
Refuse connection requests to private OR addresses unless
ExtendAllowPrivateAddresses is set. Previously, tor would
connect, then refuse to send any cells to a private address.

Fixes bugs 17674 and 8976; bugfix on b7c172c9ec (28 Aug 2012)
Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
release.

Patch by "teor".
2015-11-25 03:11:15 +11:00
Damian Johnson
8661b4b5a2 Drop HidServDirectoryV2 and VoteOnHidServDirectoriesV2
These options were removed from tor in July. Time to axe them from our man
page. :P

  https://gitweb.torproject.org/tor.git/commit/?id=2f8cf524ba4e565ab613504a4c41fd724d32facc
2015-11-23 18:27:17 -08:00
Damian Johnson
feeb3e761c Split 'slop' man page options to their own lines
The slop testing options are the only spot where we try to enumerate multiple
options on the same line. Changing them to each be on their own line as we do
elsewhere.
2015-11-23 18:21:38 -08:00
Damian Johnson
91b0ba1d19 TestingLinkCertLifetime was misnamed as 'TestingLinkCertifetime'
Simple typo - we were missing a letter.
2015-11-23 17:51:30 -08:00
Damian Johnson
961db64d3c Rename RecommendedPackageVersions to RecommendedPackages
A 'RecommendedPackageVersions' option doesn't exist in tor. However, it *does*
have RecommendedPackages...

  feature: https://gitweb.torproject.org/tor.git/commit/?id=c83d8381
  man addition: https://gitweb.torproject.org/tor.git/commit/?id=ddfdeb56
2015-11-23 17:47:00 -08:00
Damian Johnson
1193647ac8 Replace 'SOCKSPort' with 'SocksPort'
When applying changes from proposal 171 Nick renamed SocksPort to SOCKSPort,
and SocksListenAddress to SOCKSListenAddress...

  https://gitweb.torproject.org/tor.git/commit/?id=891ccd3cd0690e83f1dc4dde7698c3bd9d7fe98d

However, this didn't change the option itself in tor (it's still SocksPort),
and wasn't even uniform in the man page. Functionally this doesn't matter
(tor's config options are case insensitive) but this is a pretty clear
regression.
2015-11-23 17:32:49 -08:00
Damian Johnson
5812930dc1 Note in man page where users can file bugs
In addition to inviting users to tell us about bugs, lets say where.
2015-11-23 17:26:46 -08:00
Damian Johnson
690b66ce48 ControlPort's section on flags wasn't indented
Minor formatting issue with our ControlPort entry. The part about flags wasn't
indented with the rest of its description.
2015-11-23 17:25:26 -08:00
Damian Johnson
4417effa52 Malformed ExtORPort entry in man page
Minor formatting issue with our ExtORPort that caused its description to be on
the same line as the option (munging the two together).
2015-11-23 17:23:14 -08:00
teor (Tim Wilson-Brown)
2a4057e042 man update: ExitPolicyRejectPrivate outbound and port addresses
ExitPolicyRejectPrivate now rejects addresses configured via
OutboundBindAddress and any port options, such as ORPort and DirPort.
2015-11-20 10:39:37 +11:00
Nick Mathewson
43609fba77 fix an email address in doc/HACKING/ReleasingTor.md 2015-11-13 09:01:55 -05:00
Nick Mathewson
7bdbcdaed8 Merge commit '7b859fd8c558c9cf08add79db87fb1cb76537535' 2015-11-13 08:42:20 -05:00
Joan Queralt
b370052ae4 + and / usage clarification - Fixes #13158 2015-11-12 14:01:00 -05:00
Nick Mathewson
5a37061885 Delete trailing whitespace in md files 2015-11-05 09:53:05 -05:00
Nick Mathewson
43ce4626f1 add release notes 2015-11-05 09:46:40 -05:00
tom lurge
617e0f8d26 added some markdown formatting 2015-11-05 09:13:53 -05:00
Nick Mathewson
8976e739af Fix filename endings in HACKING. Patch from "ckomlo", ticket #17515. 2015-11-03 08:23:08 -05:00
Nick Mathewson
c1c1c4d057 Refer to the actual minima and the preferred minimum 2015-10-30 10:57:47 -04:00
Nima Fatemi
e6888e2144 Bump up minimum BandwidthRate from 30KB to 250KBytes - Fixes #16382 2015-10-30 10:51:29 -04:00
Nick Mathewson
0696ac5b5e Merge branch 'doc17392' 2015-10-30 09:25:51 -04:00
rl1987
3c08b76fc4 Mention torspec URL in the manpage. 2015-10-30 09:25:39 -04:00
Nick Mathewson
92a6c578d7 hacking is now markdown
Not good markdown, mind you.
2015-10-29 10:31:38 -04:00
Nick Mathewson
e5976482a3 More issues that Karsten spotted 2015-10-29 10:29:21 -04:00
Karsten Loesing
f40dc287bd Clean up the doc/HACKING/* docs a bit. 2015-10-29 14:28:17 +01:00
Nick Mathewson
2929986049 Actually add HowToReview.txt 2015-10-22 10:03:04 -04:00
Nick Mathewson
609c1e8870 Start writing a how to review doc 2015-10-22 10:01:13 -04:00
Nick Mathewson
1a236c78aa Add another entry to ReleasingTor email list, per anonym 2015-10-21 17:06:10 -04:00
Nick Mathewson
7b859fd8c5 Note that you can use a unix domain socket for hsport 2015-10-21 12:22:05 -04:00
Nick Mathewson
34b4da709d Fix a bunch more memory leaks in the tests. 2015-10-21 10:00:05 -04:00
Nick Mathewson
49ccb7e7b8 Mention trunnel in CodingStandards; describe how in trunnel/README 2015-10-14 10:40:27 -04:00
Nick Mathewson
8182715a2b Add a doc/HACKING/README.1st 2015-10-09 10:40:53 -04:00
Nick Mathewson
a11cb74d29 Split the old doc/HACKING into several new files 2015-10-09 10:40:53 -04:00
Nick Mathewson
c751e5af4a Move hacking documentation into a new subdirectory. 2015-10-09 10:40:53 -04:00
Nick Mathewson
9e461588a6 Add my draft (in-progress) guide to getting started on tor development 2015-10-08 11:52:27 -04:00
Nick Mathewson
f3804a4d6f finish up doc/WritingTests.txt 2015-10-08 10:55:31 -04:00
Peter Palfrader
1cf0d82280 Add SyslogIdentityTag
When logging to syslog, allow a tag to be added to the syslog identity
("Tor"), i.e. the string prepended to every log message.  The tag can be
configured by setting SyslogIdentityTag and defaults to none.  Setting
it to "foo" will cause logs to be tagged as "Tor-foo".  Closes: #17194.
2015-09-30 18:34:15 +02:00
Nick Mathewson
51d18aeb42 changes file and manpage entry for AuthDirPinKeys 2015-09-24 11:29:05 -04:00
Nick Mathewson
e94ef30a2f Merge branch 'feature16944_v2' 2015-09-22 09:19:28 -04:00
teor (Tim Wilson-Brown)
b584152874 Update private ExitPolicy in man page and torrcs for 10727, formatting
Update the definition of the private exit policy in the man page
and torrcs. It didn't get merged correctly into the man page, and
it was incomplete in the torrcs. (Unfortunately, we only reject the
primary configured IPv4 and IPv6 addresses, not all configured IPv4
and IPv6 addresses.)

Also fixup msn page formatting errors from changes in tickets 16069
and 17027, mainly unescaped *s.
2015-09-22 12:14:27 +10:00
teor (Tim Wilson-Brown)
7268525142 Add IPv6 syntax to ExitPolicy intro paragraph in man page 2015-09-22 11:44:13 +10:00
teor (Tim Wilson-Brown)
249e82c906 Update docs with advice for separate IPv4 and IPv6 exit policies
Advise users how to configure separate IPv4 and IPv6 exit
policies in the manpage and sample torrcs.

Related to fixes in ticket #16069 and #17027. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-22 11:41:16 +10:00
teor (Tim Wilson-Brown)
a659a3fced Merge branch 'bug17027-reject-private-all-interfaces-v2' into bug16069-bug17027
src/test/test_policy.c:
Merged calls to policies_parse_exit_policy by adding additional arguments.
fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED.
Compacting logic test now produces previous list length of 4, corrected this.

src/config/torrc.sample.in:
src/config/torrc.minimal.in-staging:
Merged torrc modification dates in favour of latest.
2015-09-16 09:09:54 +10:00
teor (Tim Wilson-Brown)
098b82c7b2 ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses
ExitPolicyRejectPrivate now rejects more local addresses by default:
 * the relay's published IPv6 address (if any), and
 * any publicly routable IPv4 or IPv6 addresses on any local interfaces.

This resolves a security issue for IPv6 Exits and multihomed Exits that
trust connections originating from localhost.

Resolves ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-16 02:56:50 +10:00
teor (Tim Wilson-Brown)
d3358a0a05 ExitPolicy accept6/reject6 produces IPv6 wildcard addresses only
In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.

To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.

Resolves bug #16069.

Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
Nick Mathewson
fcec1f3381 Merge branch 'feature15482_squashed' 2015-09-08 14:03:04 -04:00
Yawning Angel
54510d4d1a Add KeepAliveIsolateSOCKSAuth as a SOCKSPort option.
This controls the circuit dirtyness reset behavior added for Tor
Browser's user experience fix (#15482). Unlike previous iterations
of this patch, the tunable actually works, and is documented.
2015-09-08 14:02:08 -04:00
Nick Mathewson
0ba4e0895a Add "OfflineMasterKey" option
When this is set, and Tor is running as a relay, it will not
generate or load its secret identity key.  You can manage the secret
identity key with --keygen.  Implements ticket 16944.
2015-09-04 09:55:07 -04:00
Nick Mathewson
1d514b8a91 Add doc/WritingTests.txt to distribution 2015-09-03 10:30:54 -04:00
David Goulet
d40358d91e Enable hidden service statistics by default
HiddenServiceStatistics option is now set to "1" by default.

Fixes #15254

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-02 13:53:36 +02:00
Sebastian Hahn
6034e21331 Include doc/TUNING in our release tarballs 2015-09-01 09:15:11 -04:00
Nick Mathewson
1eb2106375 Document callgraph analysis code 2015-08-25 11:53:20 -04:00
Sebastian Hahn
1633d1ad1d Remove tor-fw-helper more thoroughly 2015-08-21 10:36:53 -04:00
teor
359faf5e4b New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags
"option to prevent guard,exit,hsdir flag assignment"

"A node will never receive the corresponding flag unless
that node is specified in the
TestingDirAuthVote{Exit,Guard,HSDir} list, regardless of
its uptime, bandwidth, exit policy, or DirPort".

Patch modified by "teor": VoteOnHidServDirectoriesV2
is now obsolete, so TestingDirAuthVoteHSDir always
votes on HSDirs.

Closes ticket 14882. Patch by "robgjansen".
Commit message and changes file by "teor"
with quotes from "robgjansen".
2015-08-18 14:51:57 +10:00
teor
0cb82013cc Fix TestingDirAuthVoteHSDir docs: HSDir flag needs DirPort
Fix an error in the manual page and comments for
TestingDirAuthVoteHSDir, which suggested that a
HSDir required "ORPort connectivity". While this is true,
it is in no way unique to the HSDir flag. Of all the flags,
only HSDirs need a DirPort configured in order for the
authorities to assign that particular flag.

Fixed as part of 14882. Patch by "teor".
Bugfix on 0.2.6.3 (f9d57473e1 on 10 January 2015).
2015-08-18 14:51:57 +10:00
Nick Mathewson
9338847bf4 Write a bunch more test for doc/WritingTests 2015-08-05 11:47:38 -04:00
Nick Mathewson
5721627517 Update doc/HACKING with more coverage instructions 2015-08-03 13:30:25 -04:00
Linus Nordberg
5be36a46ca Move the note about non-localhost SOCKSPort usage up to where it belongs.
I think this section slipped downwards when flags where added.
2015-07-24 09:24:05 -04:00
Nick Mathewson
a8accd55f2 Bump version (and explain how) 2015-07-23 13:48:13 -04:00
Nick Mathewson
9d237bb00a Actually, write the torrc format in ABNF
This should make it more clear what I meant, if you know how to read ABNF.

(Thanks to rl1987 for correcting numerous issues here)
2015-07-22 12:24:15 -04:00
Nick Mathewson
7521c3ee91 Document the torrc format as thoroughly as possible
Closes ticket 2325
2015-07-20 12:05:44 -04:00
Nick Mathewson
2ba6542517 Merge remote-tracking branch 'sysrqb/bug15220_026_sysrqb' 2015-07-16 15:38:08 -04:00
David Goulet
adc04580f8 Add the torrc option HiddenServiceNumIntroductionPoints
This is a way to specify the amount of introduction points an hidden service
can have. Maximum value is 10 and the default is 3.

Fixes #4862

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-29 11:12:31 -04:00
Andrea Shepard
95bcd2dc15 Update and clarify release checklist 2015-06-10 15:05:52 +00:00
teor
bc0a9843e5 Add instructions for clang sanitizers, static analyzer, and coverity
Document use of coverity, clang static analyzer, and clang dynamic
undefined behavior and address sanitizers in doc/HACKING.

Add clang dynamic sanitizer blacklist in
contrib/clang/sanitizer_blacklist.txt to exempt known undefined
behavior. Include detailed usage instructions in this blacklist file.

Patch by "teor".
2015-06-06 04:04:23 +10:00
Nick Mathewson
1b52e95028 Merge branch '12498_ed25519_keys_v6'
Fixed numerous conflicts, and ported code to use new base64 api.
2015-05-28 11:04:33 -04:00
Nick Mathewson
5eb584e2e9 Document some ed25519 key options 2015-05-28 10:47:47 -04:00
rl1987
0989ba3383 FIx a couple of mistypes. 2015-05-26 21:52:26 +03:00
Yawning Angel
db7bde08be Add "HiddenServiceMaxStreams" as a per-HS tunable.
When set, this limits the maximum number of simultaneous streams per
rendezvous circuit on the server side of a HS, with further RELAY_BEGIN
cells being silently ignored.

This can be modified via "HiddenServiceMaxStreamsCloseCircuit", which
if set will cause offending rendezvous circuits to be torn down instead.

Addresses part of #16052.
2015-05-20 17:33:59 +00:00
Nick Mathewson
101fc13b99 Bump version to 0.2.7.1-alpha. (This is not the release yet.) 2015-05-11 10:10:29 -04:00
Nick Mathewson
e086db7952 Merge branch 'writing_tests' 2015-05-07 15:29:56 -04:00
Nick Mathewson
79e85313aa Write the outlines of a WritingTests.txt document
Also, add some sample tests to be examples.
2015-05-07 15:29:16 -04:00
Nick Mathewson
f15e7d4a1b New email for Lukas Fleischer 2015-04-22 09:49:23 -04:00
Roger Dingledine
c759ed2c62 update url in HACKING file 2015-04-08 13:44:56 -04:00
Nick Mathewson
1457364c49 Merge branch 'doc15550_squashed' 2015-04-07 14:05:52 -04:00
rl1987
636495257b Improve descriptions of statistics-related torrc options. 2015-04-07 14:04:03 -04:00
Nick Mathewson
f0fa0d2b7b Add lukas to doc/HACKING pakager list 2015-04-07 07:40:46 -04:00
Nick Mathewson
cd8f13b5cb Merge branch 'bug13736' 2015-04-01 13:46:50 -04:00
Nick Mathewson
840c11b14e Remove dynamicdhgroups from the manpage 2015-04-01 13:41:15 -04:00
Nick Mathewson
f31dc84f03 More addrs in HACKING 2015-03-25 09:16:42 -04:00
Nick Mathewson
8adecae09d spelling fix 2015-03-24 11:55:35 -04:00
Nick Mathewson
95530bac83 Start adding people to the packager list in doc/HACKING 2015-03-24 09:29:28 -04:00
cypherpunks
17cbc4350f Use output variables instead of relative paths.
Fixes the following rules in out-of-tree builds;
- check-spaces
- check-docs
- check-logs
- Doxygen
- coverage-html

And cleans up additional directories;
- coverage_html
- doc/doxygen
2015-03-14 13:00:04 -04:00
Nick Mathewson
809517a863 Allow {World,Group}Writable on AF_UNIX {Socks,Control}Ports.
Closes ticket 15220
2015-03-11 13:31:33 -04:00
cypherpunks
9dc90a5b7b Add check-changes rule for checking formatting of changes files.
Additional fixes to make the change work;
- fix Python 2 vs 3 issues
- fix some PEP 8 warnings
- handle paths with numbers correctly
- mention the make rule in doc/HACKING.
2015-03-09 09:00:12 -04:00
Nick Mathewson
cf55070e2c Standardize on calling them "server descriptors".
Part of 14987
2015-02-25 09:22:25 -05:00
Roger Dingledine
0883f92e91 specify a default for UseGuardFraction in the man page
(as added in commit f4a63f8eab)
2015-02-18 16:37:14 -05:00
Nick Mathewson
96211bcf71 Merge branch 'bug9321_rerebase'
Conflicts:
	src/or/dirvote.h
	src/test/include.am
	src/test/test_entrynodes.c
2015-02-18 09:17:02 -05:00
George Kadianakis
f4a63f8eab Parse GuardFraction info from consensuses and votes.
Also introduce the UseGuardFraction torrc option which decides whether
clients should use guardfraction information found in the consensus.
2015-02-18 09:09:33 -05:00
George Kadianakis
5ee48d47a7 Parse Guardfraction file and apply results to routerstatuses.
Parse the file just before voting and apply its information to the
provided vote_routerstatus_t. This follows the same logic as when
dirauths parse bwauth files.
2015-02-18 09:09:32 -05:00