August 2013 - tor-commits - lists.torproject.org

[tor/maint-0.2.4] NumDirectoryGuards now tracks NumEntryGuards by default
by nickm＠torproject.org 01 Aug '13

01 Aug '13

commit ff6bb13c02b3bb217ac8d48d5a20953f1b188d46 Author: Roger Dingledine <arma(a)torproject.org> Date: Tue Jul 30 12:05:39 2013 -0400 NumDirectoryGuards now tracks NumEntryGuards by default Now a user who changes only NumEntryGuards will get the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha. --- changes/bug9354 | 5 +++++ doc/tor.1.txt | 6 ++++-- src/or/config.c | 2 +- src/or/entrynodes.c | 17 +++++++++++++---- src/or/or.h | 3 ++- 5 files changed, 25 insertions(+), 8 deletions(-) diff --git a/changes/bug9354 b/changes/bug9354 new file mode 100644 index 0000000..68fc81a --- /dev/null +++ b/changes/bug9354 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Make the default behavior of NumDirectoryGuards be to track + NumEntryGuards. Now a user who changes only NumEntryGuards will get + the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index d5fab04..86e9afc 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1043,7 +1043,8 @@ The following options are useful only for clients (that is, if fraction of your paths. (Default: 1) **UseEntryGuardsAsDirectoryGuards** **0**|**1**:: - If this option is set to 1, we try to use our entry guards as directory + If this option is set to 1, and UseEntryGuards is also set to 1, + we try to use our entry guards as directory guards, and failing that, pick more nodes to act as our directory guards. This helps prevent an adversary from enumerating clients. It's only available for clients (non-relay, non-bridge) that aren't configured to @@ -1056,7 +1057,8 @@ The following options are useful only for clients (that is, if **NumDirectoryGuards** __NUM__:: If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we - have at least NUM routers to use as directory guards. (Default: 3) + have at least NUM routers to use as directory guards. If this option + is set to 0, use the value from NumEntryGuards. (Default: 0) **GuardLifetime** __N__ **days**|**weeks**|**months**:: If nonzero, and UseEntryGuards is set, minimum time to keep a guard before diff --git a/src/or/config.c b/src/or/config.c index bf82643..72ceea3 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -314,7 +314,7 @@ static config_var_t option_vars_[] = { OBSOLETE("NoPublish"), VAR("NodeFamily", LINELIST, NodeFamilies, NULL), V(NumCPUs, UINT, "0"), - V(NumDirectoryGuards, UINT, "3"), + V(NumDirectoryGuards, UINT, "0"), V(NumEntryGuards, UINT, "3"), V(ORListenAddress, LINELIST, NULL), VPORT(ORPort, LINELIST, NULL), diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 7a1f67d..f1af75a 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -415,14 +415,24 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend, return node; } +/** Choose how many entry guards or directory guards we'll use. If + * <b>for_directory</b> is true, we return how many directory guards to + * use; else we return how many entry guards to use. */ +static int +decide_num_guards(const or_options_t *options, int for_directory) +{ + if (for_directory && options->NumDirectoryGuards != 0) + return options->NumDirectoryGuards; + return options->NumEntryGuards; +} + /** If the use of entry guards is configured, choose more entry guards * until we have enough in the list. */ static void pick_entry_guards(const or_options_t *options, int for_directory) { int changed = 0; - const int num_needed = for_directory ? options->NumDirectoryGuards : - options->NumEntryGuards; + const int num_needed = decide_num_guards(options, for_directory); tor_assert(entry_guards); @@ -962,8 +972,7 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory, int need_capacity = state ? state->need_capacity : 0; int preferred_min, consider_exit_family = 0; int need_descriptor = !for_directory; - const int num_needed = for_directory ? options->NumDirectoryGuards : - options->NumEntryGuards; + const int num_needed = decide_num_guards(options, for_directory); if (chosen_exit) { nodelist_add_node_and_family(exit_family, chosen_exit); diff --git a/src/or/or.h b/src/or/or.h index 0b8d057..3dc96b9 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3769,7 +3769,8 @@ typedef struct { int NumEntryGuards; /**< How many entry guards do we try to establish? */ int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info * from a smallish number of fixed nodes? */ - int NumDirectoryGuards; /**< How many dir guards do we try to establish? */ + int NumDirectoryGuards; /**< How many dir guards do we try to establish? + * If 0, use value from NumEntryGuards. */ int RephistTrackTime; /**< How many seconds do we keep rephist info? */ int FastFirstHopPK; /**< If Tor believes it is safe, should we save a third * of our PK time by sending CREATE_FAST cells? */

1 0

[tor/maint-0.2.4] Merge remote-tracking branch 'arma/bug9354' into maint-0.2.4
by nickm＠torproject.org 01 Aug '13

01 Aug '13

commit 0a0f93d277046a524740ad110060abf8ed137b8f Merge: 5a5147d ff6bb13 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jul 31 21:48:48 2013 -0400 Merge remote-tracking branch 'arma/bug9354' into maint-0.2.4 changes/bug9354 | 5 +++++ doc/tor.1.txt | 6 ++++-- src/or/config.c | 2 +- src/or/entrynodes.c | 17 +++++++++++++---- src/or/or.h | 3 ++- 5 files changed, 25 insertions(+), 8 deletions(-)

1 0

[flashproxy/master] design doc: add a section discussing the protocols explicitly, and reword the component section to be a bit more precise
by dcf＠torproject.org 01 Aug '13

01 Aug '13

commit 3683a099d7190f5d117de084006a958d4c7f8aba Author: Ximin Luo <infinity0(a)gmx.com> Date: Wed Jul 31 19:58:19 2013 +0100 design doc: add a section discussing the protocols explicitly, and reword the component section to be a bit more precise --- doc/design.txt | 42 +++++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/doc/design.txt b/doc/design.txt index 7f1e548..bc0f377 100644 --- a/doc/design.txt +++ b/doc/design.txt @@ -35,18 +35,12 @@ Design of flash proxies But because of the limited networking facilities available to an in-browser application, several other pieces are needed. - 1. Tor client: Is just ordinary Tor with a special configuration to - allow it to connect through a flash proxy. It advertises its need - for a connection the the facilitator, and communicates with the - flash proxy through the client transport plugin. - 2. Client transport plugin: Runs on the same computer as the Tor - client. It opens one socket to the Internet and another to - localhost. It waits for a connection on both sockets, then starts - proxying data between them. The transport plugin speaks SOCKS on - the localhost side so that it can work as a pluggable transport for - Tor using the ClientTransportPlugin configuration option. On - startup, the transport plugin registers with the the facilitator to - inform the facilitator that it is waiting for a connection. + 1. Tor client: with a ClientTransportPlugin config option to allow it to + use the flashproxy transport client. + 2. Client transport plugin: Runs on the same computer as the Tor client. + On startup, it registers with the facilitator to inform that it is + waiting for a connection from a flash proxy. When this is received, + it starts proxying data between it and the local Tor client. 3. Flash proxy: Runs in someone's browser, in an uncensored region of the Internet. The flash proxy first connects to the facilitator to get a client registration. It then makes two outgoing connections, @@ -57,7 +51,29 @@ Design of flash proxies variety of ways. It sends registrations to flash proxies over HTTP. The facilitator is responsible for matching clients to proxies in a reasonable manner. - 5. Tor relay: An ordinary Tor relay. + 5. Tor relay: with a ServerTransportPlugin config option to allow it to + use the flashproxy transport server. + 6. Server transport plugin: Waits for a connection from a flash proxy and + proxies data between it and the local Tor relay. + +3. Protocols + + The numbers refer to the same components as in sect 2 above. Arrows + indicate the direction of the initial TCP connection. + + 1>2. Pluggable transport, client-side. See core tor docs for details. + 2>4. Secure rendezvous using a variety of custom methods; see + facilitator-howto.txt for details. This must be very hard to censor, + e.g. using a popular web service over HTTPS. + 3>4. Custom protocol specific to flashproxy, where each flashproxy polls + a facilitator for client registrations. + 2<3. WebSocket. This must be very hard to censor, which may require + additional transformations to the underlying data stream. Note + that this stream is controlled by the source client, not the flash + proxy; in a plain flashproxy-only channel, it is as described in + websocket-transport.txt. + 5<3. WebSocket. + 5>6. Pluggable transport, server-side. See core tor docs for details. 4. Sample session

1 0

[flashproxy/master] Remove obsolete comment.
by dcf＠torproject.org 01 Aug '13

01 Aug '13

commit 43e72ae6fca3a91f1288e62effd18a7049b29ead Author: David Fifield <david(a)bamsoftware.com> Date: Wed Jul 31 12:18:27 2013 -0700 Remove obsolete comment. Noticed by Ximin. --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index 86d5439..828d2c2 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,6 @@ $(PY2EXE_TMPDIR)/dist: $(CLIENT_BIN) rm -rf $(PY2EXE_TMPDIR) $(PYTHON) setup.py py2exe -q -# See doc/windows-deployment-howto.txt. dist-exe: DISTNAME := $(DISTNAME)-win32 dist-exe: CLIENT_BIN := $(PY2EXE_TMPDIR)/dist/* dist-exe: CLIENT_MAN := $(addsuffix .txt,$(CLIENT_MAN))

1 0

[tor-launcher/master] Bump version for 0.2.1.
by mikeperry＠torproject.org 01 Aug '13

01 Aug '13

commit 3c62ac4824df6b9566e811afa5fc1a22b278cb2e Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Thu Aug 1 02:26:43 2013 +0200 Bump version for 0.2.1. --- src/install.rdf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/install.rdf b/src/install.rdf index 497fa45..cbbf63a 100644 --- a/src/install.rdf +++ b/src/install.rdf @@ -7,7 +7,7 @@ <em:creator>The Tor Project, Inc.</em:creator> <em:contributor>Pearl Crescent, LLC</em:contributor> <em:id>tor-launcher(a)torproject.org</em:id> - <em:version>0.2-alpha</em:version> + <em:version>0.2.1-alpha</em:version> <em:homepageURL>https://www.torproject.org/projects/torbrowser.html</em:homepageURL> <!-- <em:optionsURL>chrome://torlauncher/content/preferences.xul</em:optionsURL>

1 0