December 2021 - tor-commits - lists.torproject.org

[tor/release-0.4.6] relay: Don't make DNS timeout trigger an overload
by ahf＠torproject.org 15 Dec '21

15 Dec '21

commit cda7acb35d40c505dc4d2c3b55d611faab189477 Author: David Goulet <dgoulet(a)torproject.org> Date: Mon Dec 13 10:22:29 2021 -0500 relay: Don't make DNS timeout trigger an overload Tor has configure libevent to attempt up to 3 times a DNS query for a maximum of 5 seconds each. Once that 5 seconds has elapsed, it consider the query "Timed Out" but tor only gets a timeout if all 3 attempts have failed. For example, using Unbound, it has a much higher threshold of timeout. It is well defined in https://www.nlnetlabs.nl/documentation/unbound/info-timeout/ and has some complexity to it. But the gist is that if it times out, it will be much more than 5 seconds. And so the Tor DNS timeouts are more of a "UX issue" rather than a "network issue". For this reason, we are removing this metric from the overload general signal. See https://gitlab.torproject.org/tpo/network-health/team/-/issues/139 for more information. Fixes #40527 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- changes/ticket40527 | 5 +++ src/feature/stats/rephist.c | 12 ------- src/test/test_stats.c | 82 ++------------------------------------------- 3 files changed, 8 insertions(+), 91 deletions(-) diff --git a/changes/ticket40527 b/changes/ticket40527 new file mode 100644 index 0000000000..631b3d4bb9 --- /dev/null +++ b/changes/ticket40527 @@ -0,0 +1,5 @@ + o Major bugfixes (relay, overload): + - Don't make Tor DNS timeout trigger an overload general state. These + timeouts are different from DNS server timeout. They have to be seen as + timeout related to UX and not because of a network problem. Fixes bug + 40527; bugfix on 0.4.6.1-alpha. diff --git a/src/feature/stats/rephist.c b/src/feature/stats/rephist.c index c3a281a8c2..2bfa14d326 100644 --- a/src/feature/stats/rephist.c +++ b/src/feature/stats/rephist.c @@ -283,18 +283,6 @@ overload_general_dns_assessment(void) return; } - /* Lets see if we can signal a general overload. */ - double fraction = (double) overload_dns_stats.stats_n_error_timeout / - (double) overload_dns_stats.stats_n_request; - if (fraction >= overload_dns_timeout_fraction) { - log_notice(LD_HIST, "General overload -> DNS timeouts (%" PRIu64 ") " - "fraction %.4f%% is above threshold of %.4f%%", - overload_dns_stats.stats_n_error_timeout, - fraction * 100.0, - overload_dns_timeout_fraction * 100.0); - rep_hist_note_overload(OVERLOAD_GENERAL); - } - reset: /* Reset counters for the next period. */ overload_dns_stats.stats_n_error_timeout = 0; diff --git a/src/test/test_stats.c b/src/test/test_stats.c index 3b9a192c75..af035ae54c 100644 --- a/src/test/test_stats.c +++ b/src/test/test_stats.c @@ -721,7 +721,7 @@ test_overload_stats(void *arg) stats_str = rep_hist_get_overload_stats_lines(); tt_assert(!stats_str); - /* Note a DNS overload */ + /* Note a overload */ rep_hist_note_overload(OVERLOAD_GENERAL); /* Move the time forward one hour */ @@ -742,7 +742,7 @@ test_overload_stats(void *arg) /* Now the time should be 2002-01-07 00:00:00 */ - /* Note a DNS overload */ + /* Note a overload */ rep_hist_note_overload(OVERLOAD_GENERAL); stats_str = rep_hist_get_overload_general_line(); @@ -760,7 +760,7 @@ test_overload_stats(void *arg) tt_str_op("overload-fd-exhausted 1 2002-01-07 00:00:00\n", OP_EQ, stats_str); tor_free(stats_str); - /* Move the time forward. Register DNS overload. See that the time changed */ + /* Move the time forward. Register overload. See that the time changed */ current_time += 3600*2; update_approx_time(current_time); @@ -867,81 +867,6 @@ test_overload_stats(void *arg) tor_free(stats_str); } -/** Test the overload stats logic. */ -static void -test_overload_dns_timeout(void *arg) -{ - char *stats_str = NULL; - (void) arg; - - /* Lets simulate a series of timeouts but below our default 1% threshold. */ - - for (int i = 0; i < 1000; i++) { - /* This should trigger 9 timeouts which is just below 1% (10) */ - if (i > 0 && !(i % 100)) { - rep_hist_note_dns_query(0, DNS_ERR_TIMEOUT); - } else { - rep_hist_note_dns_query(0, DNS_ERR_NONE); - } - } - - /* No overload yet. */ - stats_str = rep_hist_get_overload_general_line(); - tt_assert(!stats_str); - - /* Move it 10 minutes in the future and see if we get a general overload. */ - update_approx_time(approx_time() + (10 * 60)); - - /* This query should NOT trigger the general overload because we are below - * our default of 1%. */ - rep_hist_note_dns_query(0, DNS_ERR_NONE); - stats_str = rep_hist_get_overload_general_line(); - tt_assert(!stats_str); - - /* We'll now go above our 1% threshold. */ - for (int i = 0; i < 1000; i++) { - /* This should trigger 10 timeouts which is our threshold of 1% (10) */ - if (!(i % 10)) { - rep_hist_note_dns_query(0, DNS_ERR_TIMEOUT); - } else { - rep_hist_note_dns_query(0, DNS_ERR_NONE); - } - } - - /* Move it 10 minutes in the future and see if we get a general overload. */ - update_approx_time(approx_time() + (10 * 60)); - - /* This query should trigger the general overload because we are above 1%. */ - rep_hist_note_dns_query(0, DNS_ERR_NONE); - stats_str = rep_hist_get_overload_general_line(); - tt_assert(stats_str); - tor_free(stats_str); - - /* Move 72h in the future, we should NOT get an overload anymore. */ - update_approx_time(approx_time() + (72 * 3600)); - - stats_str = rep_hist_get_overload_general_line(); - tt_assert(!stats_str); - - /* This query should NOT trigger the general overload. */ - rep_hist_note_dns_query(0, DNS_ERR_TIMEOUT); - stats_str = rep_hist_get_overload_general_line(); - tt_assert(!stats_str); - - /* Move it 10 minutes in the future and see if we get a general overload. We - * have now 100% of requests timing out. */ - update_approx_time(approx_time() + (10 * 60)); - - /* This query should trigger the general overload with 50% of timeouts. */ - rep_hist_note_dns_query(0, DNS_ERR_NONE); - stats_str = rep_hist_get_overload_general_line(); - tt_assert(stats_str); - tor_free(stats_str); - - done: - tor_free(stats_str); -} - #define ENT(name) \ { #name, test_ ## name , 0, NULL, NULL } #define FORK(name) \ @@ -958,7 +883,6 @@ struct testcase_t stats_tests[] = { FORK(rephist_v3_onions), FORK(load_stats_file), FORK(overload_stats), - FORK(overload_dns_timeout), END_OF_TESTCASES };

1 0

[tor/maint-0.4.6] relay: Don't make DNS timeout trigger an overload
by ahf＠torproject.org 15 Dec '21

15 Dec '21

commit cda7acb35d40c505dc4d2c3b55d611faab189477 Author: David Goulet <dgoulet(a)torproject.org> Date: Mon Dec 13 10:22:29 2021 -0500 relay: Don't make DNS timeout trigger an overload Tor has configure libevent to attempt up to 3 times a DNS query for a maximum of 5 seconds each. Once that 5 seconds has elapsed, it consider the query "Timed Out" but tor only gets a timeout if all 3 attempts have failed. For example, using Unbound, it has a much higher threshold of timeout. It is well defined in https://www.nlnetlabs.nl/documentation/unbound/info-timeout/ and has some complexity to it. But the gist is that if it times out, it will be much more than 5 seconds. And so the Tor DNS timeouts are more of a "UX issue" rather than a "network issue". For this reason, we are removing this metric from the overload general signal. See https://gitlab.torproject.org/tpo/network-health/team/-/issues/139 for more information. Fixes #40527 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- changes/ticket40527 | 5 +++ src/feature/stats/rephist.c | 12 ------- src/test/test_stats.c | 82 ++------------------------------------------- 3 files changed, 8 insertions(+), 91 deletions(-) diff --git a/changes/ticket40527 b/changes/ticket40527 new file mode 100644 index 0000000000..631b3d4bb9 --- /dev/null +++ b/changes/ticket40527 @@ -0,0 +1,5 @@ + o Major bugfixes (relay, overload): + - Don't make Tor DNS timeout trigger an overload general state. These + timeouts are different from DNS server timeout. They have to be seen as + timeout related to UX and not because of a network problem. Fixes bug + 40527; bugfix on 0.4.6.1-alpha. diff --git a/src/feature/stats/rephist.c b/src/feature/stats/rephist.c index c3a281a8c2..2bfa14d326 100644 --- a/src/feature/stats/rephist.c +++ b/src/feature/stats/rephist.c @@ -283,18 +283,6 @@ overload_general_dns_assessment(void) return; } - /* Lets see if we can signal a general overload. */ - double fraction = (double) overload_dns_stats.stats_n_error_timeout / - (double) overload_dns_stats.stats_n_request; - if (fraction >= overload_dns_timeout_fraction) { - log_notice(LD_HIST, "General overload -> DNS timeouts (%" PRIu64 ") " - "fraction %.4f%% is above threshold of %.4f%%", - overload_dns_stats.stats_n_error_timeout, - fraction * 100.0, - overload_dns_timeout_fraction * 100.0); - rep_hist_note_overload(OVERLOAD_GENERAL); - } - reset: /* Reset counters for the next period. */ overload_dns_stats.stats_n_error_timeout = 0; diff --git a/src/test/test_stats.c b/src/test/test_stats.c index 3b9a192c75..af035ae54c 100644 --- a/src/test/test_stats.c +++ b/src/test/test_stats.c @@ -721,7 +721,7 @@ test_overload_stats(void *arg) stats_str = rep_hist_get_overload_stats_lines(); tt_assert(!stats_str); - /* Note a DNS overload */ + /* Note a overload */ rep_hist_note_overload(OVERLOAD_GENERAL); /* Move the time forward one hour */ @@ -742,7 +742,7 @@ test_overload_stats(void *arg) /* Now the time should be 2002-01-07 00:00:00 */ - /* Note a DNS overload */ + /* Note a overload */ rep_hist_note_overload(OVERLOAD_GENERAL); stats_str = rep_hist_get_overload_general_line(); @@ -760,7 +760,7 @@ test_overload_stats(void *arg) tt_str_op("overload-fd-exhausted 1 2002-01-07 00:00:00\n", OP_EQ, stats_str); tor_free(stats_str); - /* Move the time forward. Register DNS overload. See that the time changed */ + /* Move the time forward. Register overload. See that the time changed */ current_time += 3600*2; update_approx_time(current_time); @@ -867,81 +867,6 @@ test_overload_stats(void *arg) tor_free(stats_str); } -/** Test the overload stats logic. */ -static void -test_overload_dns_timeout(void *arg) -{ - char *stats_str = NULL; - (void) arg; - - /* Lets simulate a series of timeouts but below our default 1% threshold. */ - - for (int i = 0; i < 1000; i++) { - /* This should trigger 9 timeouts which is just below 1% (10) */ - if (i > 0 && !(i % 100)) { - rep_hist_note_dns_query(0, DNS_ERR_TIMEOUT); - } else { - rep_hist_note_dns_query(0, DNS_ERR_NONE); - } - } - - /* No overload yet. */ - stats_str = rep_hist_get_overload_general_line(); - tt_assert(!stats_str); - - /* Move it 10 minutes in the future and see if we get a general overload. */ - update_approx_time(approx_time() + (10 * 60)); - - /* This query should NOT trigger the general overload because we are below - * our default of 1%. */ - rep_hist_note_dns_query(0, DNS_ERR_NONE); - stats_str = rep_hist_get_overload_general_line(); - tt_assert(!stats_str); - - /* We'll now go above our 1% threshold. */ - for (int i = 0; i < 1000; i++) { - /* This should trigger 10 timeouts which is our threshold of 1% (10) */ - if (!(i % 10)) { - rep_hist_note_dns_query(0, DNS_ERR_TIMEOUT); - } else { - rep_hist_note_dns_query(0, DNS_ERR_NONE); - } - } - - /* Move it 10 minutes in the future and see if we get a general overload. */ - update_approx_time(approx_time() + (10 * 60)); - - /* This query should trigger the general overload because we are above 1%. */ - rep_hist_note_dns_query(0, DNS_ERR_NONE); - stats_str = rep_hist_get_overload_general_line(); - tt_assert(stats_str); - tor_free(stats_str); - - /* Move 72h in the future, we should NOT get an overload anymore. */ - update_approx_time(approx_time() + (72 * 3600)); - - stats_str = rep_hist_get_overload_general_line(); - tt_assert(!stats_str); - - /* This query should NOT trigger the general overload. */ - rep_hist_note_dns_query(0, DNS_ERR_TIMEOUT); - stats_str = rep_hist_get_overload_general_line(); - tt_assert(!stats_str); - - /* Move it 10 minutes in the future and see if we get a general overload. We - * have now 100% of requests timing out. */ - update_approx_time(approx_time() + (10 * 60)); - - /* This query should trigger the general overload with 50% of timeouts. */ - rep_hist_note_dns_query(0, DNS_ERR_NONE); - stats_str = rep_hist_get_overload_general_line(); - tt_assert(stats_str); - tor_free(stats_str); - - done: - tor_free(stats_str); -} - #define ENT(name) \ { #name, test_ ## name , 0, NULL, NULL } #define FORK(name) \ @@ -958,7 +883,6 @@ struct testcase_t stats_tests[] = { FORK(rephist_v3_onions), FORK(load_stats_file), FORK(overload_stats), - FORK(overload_dns_timeout), END_OF_TESTCASES };

1 0

[tor/main] fixup! relay: Change DNS timeout label on MetricsPort
by ahf＠torproject.org 15 Dec '21

15 Dec '21

commit eb06d52dae9cbb8344f543e1077ca6f0b62a317b Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Dec 14 16:13:00 2021 -0500 fixup! relay: Change DNS timeout label on MetricsPort Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/test/test_stats.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test/test_stats.c b/src/test/test_stats.c index a224c21198..c7e0c10845 100644 --- a/src/test/test_stats.c +++ b/src/test/test_stats.c @@ -721,7 +721,7 @@ test_overload_stats(void *arg) stats_str = rep_hist_get_overload_stats_lines(); tt_assert(!stats_str); - /* Note a overload */ + /* Note an overload */ rep_hist_note_overload(OVERLOAD_GENERAL); /* Move the time forward one hour */ @@ -742,7 +742,7 @@ test_overload_stats(void *arg) /* Now the time should be 2002-01-07 00:00:00 */ - /* Note a overload */ + /* Note an overload */ rep_hist_note_overload(OVERLOAD_GENERAL); stats_str = rep_hist_get_overload_general_line();

1 0

[tor/release-0.4.6] Merge branch 'maint-0.4.6' into release-0.4.6
by ahf＠torproject.org 15 Dec '21

15 Dec '21

commit a89ebdbc37003f1b0f611618e083a91b2fd36276 Merge: d06bcf7672 cda7acb35d Author: Alexander Færøy <ahf(a)torproject.org> Date: Wed Dec 15 12:43:48 2021 +0000 Merge branch 'maint-0.4.6' into release-0.4.6 changes/ticket40527 | 5 +++ src/feature/stats/rephist.c | 12 ------- src/test/test_stats.c | 82 ++------------------------------------------- 3 files changed, 8 insertions(+), 91 deletions(-)

1 0

[tor/main] Do not count controller-selected paths towards path bias.
by ahf＠torproject.org 15 Dec '21

15 Dec '21

commit dd085d42f96e39f9387aa1d7a306100c0d7df305 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Nov 15 08:55:47 2021 -0500 Do not count controller-selected paths towards path bias. As a side effect, this fixes a "Bug" warning. Closes #40515. Bugfix on 0.2.4.10-alpha. --- changes/bug40515 | 6 ++++++ src/core/or/origin_circuit_st.h | 6 ++++++ src/feature/client/circpathbias.c | 11 +++++++++++ src/feature/control/control_cmd.c | 2 ++ 4 files changed, 25 insertions(+) diff --git a/changes/bug40515 b/changes/bug40515 new file mode 100644 index 0000000000..d315e28411 --- /dev/null +++ b/changes/bug40515 @@ -0,0 +1,6 @@ + o Minor bugfixes (controller, path bias): + - When a circuit's path is specified, in full or in part, from the + controller API, do not count that circuit towards our path-bias + calculations. (Doing so was incorrect, since we cannot tell whether + the controller is selecting relays randomly.) Resolves a "Bug" + warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. diff --git a/src/core/or/origin_circuit_st.h b/src/core/or/origin_circuit_st.h index c40e84aed8..ca7c4b1bef 100644 --- a/src/core/or/origin_circuit_st.h +++ b/src/core/or/origin_circuit_st.h @@ -182,6 +182,12 @@ struct origin_circuit_t { */ unsigned first_hop_from_controller : 1; + /** + * If true, this circuit's path has been chosen, in full or in part, + * by the controller API, and it's okay to ignore checks that we'd + * usually do on the path as whole. */ + unsigned int any_hop_from_controller : 1; + /** * Tristate variable to guard against pathbias miscounting * due to circuit purpose transitions changing the decision diff --git a/src/feature/client/circpathbias.c b/src/feature/client/circpathbias.c index 4d27553926..29264135f9 100644 --- a/src/feature/client/circpathbias.c +++ b/src/feature/client/circpathbias.c @@ -363,6 +363,17 @@ pathbias_should_count(origin_circuit_t *circ) return 0; } + /* Ignore circuits where the controller helped choose the path. When + * this happens, we can't be sure whether the path was chosen randomly + * or not. */ + if (circ->any_hop_from_controller) { + /* (In this case, we _don't_ check to see if shouldcount is changing, + * since it's possible that an already-created circuit later gets extended + * by the controller. */ + circ->pathbias_shouldcount = PATHBIAS_SHOULDCOUNT_IGNORED; + return 0; + } + /* Completely ignore one hop circuits */ if (circ->build_state->onehop_tunnel || circ->build_state->desired_path_len == 1) { diff --git a/src/feature/control/control_cmd.c b/src/feature/control/control_cmd.c index b4d7228b51..a1c5e55fe1 100644 --- a/src/feature/control/control_cmd.c +++ b/src/feature/control/control_cmd.c @@ -822,6 +822,8 @@ handle_control_extendcircuit(control_connection_t *conn, circ->first_hop_from_controller = 1; } + circ->any_hop_from_controller = 1; + /* now circ refers to something that is ready to be extended */ first_node = zero_circ; SMARTLIST_FOREACH(nodes, const node_t *, node,

1 0

[tor/main] Merge remote-tracking branch 'tor-gitlab/mr/491' into main
by ahf＠torproject.org 15 Dec '21

15 Dec '21

commit 48d778bc3246cd7e459475f1045ad24684ddeb85 Merge: 95b82c4fee dd085d42f9 Author: Alexander Færøy <ahf(a)torproject.org> Date: Wed Dec 15 12:41:00 2021 +0000 Merge remote-tracking branch 'tor-gitlab/mr/491' into main changes/bug40515 | 6 ++++++ src/core/or/origin_circuit_st.h | 6 ++++++ src/feature/client/circpathbias.c | 11 +++++++++++ src/feature/control/control_cmd.c | 2 ++ 4 files changed, 25 insertions(+)

1 0

[tor/main] Limit the number of elements in a consdiff hash line.
by ahf＠torproject.org 15 Dec '21

15 Dec '21

commit 86819229afde13ae8466ee782f4c4bd9ba6f37cd Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Dec 6 12:35:08 2021 -0500 Limit the number of elements in a consdiff hash line. This avoids performing and then freeing a lot of small mallocs() if the hash line has too many elements. Fixes one case of bug 40472; resolves OSS-Fuzz 38363. Bugfix on 0.3.1.1-alpha when the consdiff parsing code was introduced. --- changes/bug40472 | 6 ++++++ src/feature/dircommon/consdiff.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/changes/bug40472 b/changes/bug40472 new file mode 100644 index 0000000000..d87c1dc2cc --- /dev/null +++ b/changes/bug40472 @@ -0,0 +1,6 @@ + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack found + by OSS-Fuzz in our consensus-diff parsing code. This attack causes a + lot small of memory allocations and then immediately frees them: this + is only slow when running with all the sanitizers enabled. Fixes one + case of bug 40472; bugfix on 0.3.1.1-alpha. diff --git a/src/feature/dircommon/consdiff.c b/src/feature/dircommon/consdiff.c index d0f7594ce3..3c38e92dd6 100644 --- a/src/feature/dircommon/consdiff.c +++ b/src/feature/dircommon/consdiff.c @@ -1126,7 +1126,7 @@ consdiff_get_digests(const smartlist_t *diff, { const cdline_t *line2 = smartlist_get(diff, 1); char *h = tor_memdup_nulterm(line2->s, line2->len); - smartlist_split_string(hash_words, h, " ", 0, 0); + smartlist_split_string(hash_words, h, " ", 0, 4); tor_free(h); }

1 0

[tor/main] Merge remote-tracking branch 'tor-gitlab/mr/497' into main
by ahf＠torproject.org 15 Dec '21

15 Dec '21

commit 95b82c4feede91e18ec24dafeb382208186a9791 Merge: 39848ca166 86819229af Author: Alexander Færøy <ahf(a)torproject.org> Date: Wed Dec 15 12:38:30 2021 +0000 Merge remote-tracking branch 'tor-gitlab/mr/497' into main changes/bug40472 | 6 ++++++ src/feature/dircommon/consdiff.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-)

1 0

[tor/main] Correct typo in scripts/README file
by ahf＠torproject.org 15 Dec '21

15 Dec '21

commit 39848ca1669b25135d484aa23cfbb0a796dc0e63 Author: skaluzka <skaluzka(a)protonmail.com> Date: Tue Dec 14 23:14:02 2021 +0100 Correct typo in scripts/README file Signed-off-by: skaluzka <skaluzka(a)protonmail.com> --- scripts/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/README b/scripts/README index 7de0d003e4..4cb49370f5 100644 --- a/scripts/README +++ b/scripts/README @@ -12,7 +12,7 @@ never used. maint/checkOptionDocs.pl -- Make sure that Tor options are documented in the manpage, and that the manpage only documents real Tor options. -maint/checkSpaces.pl -- Style checker for the Tor source code. Mainly checks +maint/checkSpace.pl -- Style checker for the Tor source code. Mainly checks whitespace. maint/findMergedChanges.pl -- Find a set of changes/* files that have been

1 0

[translation/support-portal] new translations in support-portal
by translation＠torproject.org 15 Dec '21

15 Dec '21

commit e09e463944fe930f0f4261617cd6db58c886e767 Author: Translation commit bot <translation(a)torproject.org> Date: Wed Dec 15 09:18:04 2021 +0000 new translations in support-portal --- contents+ru.po | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/contents+ru.po b/contents+ru.po index 02bc6c5bd7..8393fa22d7 100644 --- a/contents+ru.po +++ b/contents+ru.po @@ -3103,11 +3103,16 @@ msgid "" "possible to associate non anonymous and anonymous traffic at a given exit " "node, so be careful about what applications you run concurrently over Tor." msgstr "" +"Более того, можно связать анонимный трафик из выходного узла c тем же " +"трафиком на сайт, на котором выполнен вход. Поэтому что Tor использует одно " +"TCP-соединение одновременно для нескольких приложений. Поэтому будьте " +"внимательны, какие приложения вы запускаете через Tor." #: https//support.torproject.org/about/attacks-on-onion-routing/ #: (content/about/attacks-on-onion-routing/contents+en.lrquestion.description) msgid "Perhaps even run separate Tor clients for these applications." msgstr "" +"Как одно из решений: запускайте разные клиенты Tor для разных приложений." #: https//support.torproject.org/about/backdoor/ #: (content/about/backdoor/contents+en.lrquestion.title) @@ -3288,7 +3293,7 @@ msgstr "" #: https//support.torproject.org/about/change-paths/ #: (content/about/change-paths/contents+en.lrquestion.title) msgid "How often does Tor change its paths?" -msgstr "" +msgstr "Как часто Tor меняет используемые узлы?" #: https//support.torproject.org/about/change-paths/ #: (content/about/change-paths/contents+en.lrquestion.description) @@ -3296,11 +3301,13 @@ msgid "" "Tor will reuse the same circuit for new TCP streams for 10 minutes, as long " "as the circuit is working fine." msgstr "" +"Tor меняет узлы каждые 10 минут, если это соединение работает без сбоев." #: https//support.torproject.org/about/change-paths/ #: (content/about/change-paths/contents+en.lrquestion.description) msgid "(If the circuit fails, Tor will switch to a new circuit immediately.)" msgstr "" +"(если эти узлы перестают работать, Tor сразу же подключается к другим узлам)" #: https//support.torproject.org/about/change-paths/ #: (content/about/change-paths/contents+en.lrquestion.description)

1 0