[tor-commits] [translation/support-portal] https://gitweb.torproject.org/translation.git/commit/?h=support-portal
commit a408ed32e70c7280af074496295917c00d4eacb6 Author: Translation commit bot Date: Mon Sep 9 21:23:22 2019 + https://gitweb.torproject.org/translation.git/commit/?h=support-portal --- contents+nl.po | 5 + 1 file changed, 5 insertions(+) diff --git a/contents+nl.po b/contents+nl.po index 83ca4ee90..291cde417 100644 --- a/contents+nl.po +++ b/contents+nl.po @@ -5095,6 +5095,11 @@ msgid "" "availability and use, and furthering their scientific and popular " "understanding." msgstr "" +"Het bevorderen van rechten en vrijheden van de mens door vrije en open-" +"broncode anonimiteits- en privacytechnologieën te ontwikkelen en te " +"implementeren, de onbeperkte beschikbaarheid en het gebruik ervan te " +"steunen, en het begrip ervoor in de wetenschap en bij het algemeen publiek " +"te bevorderen." #: lego/templates/footer.html:49 lego/templates/navbar.html:15 #: templates/footer.html:49 templates/navbar.html:15 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tpo-web] https://gitweb.torproject.org/translation.git/commit/?h=tpo-web
commit 58fa19c16cc8d8db7f5c4558198c62a16fdb9ebf Author: Translation commit bot Date: Mon Sep 9 21:22:54 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tpo-web --- contents+nl.po | 35 +-- 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/contents+nl.po b/contents+nl.po index 426372f41..c0ceed7c9 100644 --- a/contents+nl.po +++ b/contents+nl.po @@ -493,6 +493,9 @@ msgid "" "[2008](https://lists.torproject.org/pipermail/tor-"; "talk/2008-January/007837.html)." msgstr "" +"Ontwikkeling van Tor Browser begon in " +"[2008](https://lists.torproject.org/pipermail/tor-"; +"talk/2008-January/007837.html)." #: https//www.torproject.org/about/history/ #: (content/about/history/contents+en.lrpage.body) @@ -579,6 +582,9 @@ msgid "" "The Tor Project, Inc. is a US 501(c)(3) nonprofit organization committed to " "transparency in its work and reporting." msgstr "" +"Het Tor Project Inc. is een in de VS gevestigde 501(c)(3)-organisatie zonder" +" winstoogmerk gecommitteerd aan transparantie in haar werk en " +"verslaglegging." #: https//www.torproject.org/press/-new-release-tails/ #: (content/press/new-release-tails/contents+en.lrpost.title) @@ -591,6 +597,8 @@ msgid "" "This release fixes many security vulnerabilities. You should upgrade as soon" " as possible." msgstr "" +"Deze uitgave lost veel beveiligings-kwetsbaarheden op. U wordt aangeraden zo" +" snel mogelijk op te waarderen." #: https//www.torproject.org/press/-new-release-tails/ #: (content/press/new-release-tails/contents+en.lrpost.summary) @@ -651,6 +659,11 @@ msgid "" "availability and use, and furthering their scientific and popular " "understanding." msgstr "" +"Het bevorderen van rechten en vrijheden van de mens door vrije en open-" +"broncode anonimiteits- en privacytechnologieën te ontwikkelen en te " +"implementeren, de onbeperkte beschikbaarheid en het gebruik ervan te " +"steunen, en het begrip ervoor in de wetenschap en bij het algemeen publiek " +"te bevorderen." #: lego/templates/footer.html:54 templates/footer.html:54 msgid "Subscribe to our Newsletter" @@ -793,7 +806,7 @@ msgstr "" #: templates/download-android.html:15 templates/hero-download.html:5 msgid "Protect yourself against tracking, surveillance, and censorship." -msgstr "" +msgstr "Bescherm jezelf tegen volgen, toezicht en censuur." #: templates/download-android.html:20 templates/download-android.html:22 msgid "Download .apk" @@ -811,6 +824,8 @@ msgstr "Ga naar F-droid %s" #: templates/download-android.html:36 msgid "Are you an iOS user? We encourage you to try Onion Browser." msgstr "" +"Ben je een iOS-gebruiker? Dan stellen we voor dat je de Onion Browser " +"gebruikt." #: templates/download-languages.html:11 templates/download-options.html:11 msgid "Language" @@ -818,7 +833,7 @@ msgstr "Taal" #: templates/download-tor.html:25 templates/download-tor.html:30 msgid "sig" -msgstr "Handtekening" +msgstr "Signatuur" #: templates/download.html:5 msgid "Get Connected" @@ -850,7 +865,7 @@ msgstr "Ondersteuningsportaal" #: templates/download.html:14 msgid "Read other FAQs at our Support Portal" -msgstr "" +msgstr "Lees andere veel gestelde vragen in ons ondersteuningsportaal." #: templates/download.html:19 templates/download.html:21 msgid "Stay safe" @@ -871,6 +886,7 @@ msgid "" "We do not recommend installing additional add-ons or plugins into Tor " "Browser" msgstr "" +"We ontraden het installeren van extraa add-ons of plug-ins in Tor Browser." #: templates/download.html:28 msgid "" @@ -878,25 +894,31 @@ msgid "" "already comes with HTTPS Everywhere, NoScript, and other patches to protect " "your privacy and security." msgstr "" +"Plug-ins of add-ons communiceren mogelijk om Tor heen of compromitteren je " +"privacy. Tor Browser komt al met HTTPS-Everywhere, NoScript en andere " +"aanpassingen om je privacy en beveiliging te waarborgen." #: templates/download.html:40 #, python-format msgid "Check out the %s for more troubleshooting tips." -msgstr "" +msgstr "Kijk in de %s voor meer tips bij het oplossen van problemen." #: templates/download.html:49 msgid "Verify Tor Browser signature" -msgstr "" +msgstr "Verifieer de signatuur van Tor Browser" #: templates/download.html:54 msgid "Stand up for privacy and freedom online." -msgstr "" +msgstr "Kom op voor je privacy en vrijheid on-line." #: templates/download.html:55 msgid "" "We're a nonprofit organization and rely on supporters like you to help us " "keep Tor robust and secure for millions of people worldwide." msgstr "" +"We zijn een organisatie zonder winstoogmerk en we zijn afhankelijk van " +"donoren en vrijwilligers zoals jij wie ons helpen Tor robuust en veilig te " +"houden voor wereldwijd miljoenen mensen." #: templates/hero-download-languages.html:2 #: templates/hero-download-options.html:2 @@ -1177,6 +1199,7 @@ msgstr "" #: templates/thank-you.html:6 msgid "Want to jo
[tor-commits] [translation/tbmanual-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot
commit 3d084fc5d566990dbe1a56b856d25df863a57954 Author: Translation commit bot Date: Mon Sep 9 21:20:01 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tbmanual-contentspot --- contents+nl.po | 5 + 1 file changed, 5 insertions(+) diff --git a/contents+nl.po b/contents+nl.po index d1eb9c58c..aae60cdbf 100644 --- a/contents+nl.po +++ b/contents+nl.po @@ -2143,6 +2143,11 @@ msgid "" "availability and use, and furthering their scientific and popular " "understanding." msgstr "" +"Het bevorderen van rechten en vrijheden van de mens door vrije en open-" +"broncode anonimiteits- en privacytechnologieën te ontwikkelen en te " +"implementeren, de onbeperkte beschikbaarheid en het gebruik ervan te " +"steunen, en het begrip ervoor in de wetenschap en bij het algemeen publiek " +"te bevorderen." #: lego/templates/footer.html:49 lego/templates/navbar.html:15 #: templates/footer.html:49 templates/navbar.html:15 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tpo-web] https://gitweb.torproject.org/translation.git/commit/?h=tpo-web
commit 8f2371e3027d60231518c08e33bc12c09ae6ab7d Author: Translation commit bot Date: Mon Sep 9 20:53:01 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tpo-web --- contents+nl.po | 28 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/contents+nl.po b/contents+nl.po index bb699483e..426372f41 100644 --- a/contents+nl.po +++ b/contents+nl.po @@ -204,6 +204,11 @@ msgid "" "bugs](https://trac.torproject.org/projects/tor/wiki/doc/community/HowToReportBugFeedback)," " and are not putting yourself at risk." msgstr "" +"Download alstublieft de alfa-versie uitsluitend als u er mee akkoord gaat " +"dat sommige dingen niet goed werken, als u wilt helpen fouten te ontdekken " +"en te " +"[rapporteren](https://trac.torproject.org/projects/tor/wiki/doc/community/HowToReportBugFeedback)" +" en als u zeker weet dat u door gebruik geen risico loopt." #: https//www.torproject.org/download/languages/ #: (content/download/languages/contents+en.lrpage.title) @@ -218,6 +223,11 @@ msgid "" "add more. Want to help us translate? [See here](https://tb-"; "manual.torproject.org/becoming-tor-translator/)" msgstr "" +"We willen graag dat iedereen Tor Browser plezierig en gemakkelijk kan " +"gebruiken in zijn eigen taal. Tor Browser is op dit moment beschikbaar in 25" +" verschillende talen en we werken er aan om nog meer talen toe te voegen. " +"Wil je helpen vertalen? [Lees hier verder](https://tb-manual.torproject.org"; +"/becoming-tor-translator/)" #: https//www.torproject.org/download/tor/ #: (content/download/tor/contents+en.lrpage.title) @@ -258,22 +268,29 @@ msgid "" "The Tor Project is a U.S.-based 501(c)3 nonprofit founded in 2006 with the " "mission of advancing human rights and freedoms by:" msgstr "" +"Het Tor Project is een in 2006 in de VS gevestigde 501(c)(3)-organisatie " +"zonder winstoogmerk, met als doelstelling het bevorderen van de rechten en " +"vrijheden van de mens. Dit doel behartigen we door:" #: https//www.torproject.org/about/cy-pres/ #: (content/about/cy-pres/contents+en.lrpage.body) msgid "" "- Creating and deploying free and open anonymity and privacy technologies," msgstr "" +"- vrije en open-broncode anonimiteits- en privacy-technologieën te " +"ontwikkelen en te implementeren,â¦" #: https//www.torproject.org/about/cy-pres/ #: (content/about/cy-pres/contents+en.lrpage.body) msgid "- Supporting their unrestricted availability and use, and" -msgstr "" +msgstr "- de onbeperkte beschikbaarheid en het gebruik ervan te steunen enâ¦" #: https//www.torproject.org/about/cy-pres/ #: (content/about/cy-pres/contents+en.lrpage.body) msgid "- Furthering their scientific and popular understanding." msgstr "" +"- het begrip ervoor in de wetenschap en bij het algemeen publiek te " +"bevorderen." #: https//www.torproject.org/about/cy-pres/ #: (content/about/cy-pres/contents+en.lrpage.body) @@ -358,6 +375,9 @@ msgid "" "The Tor Project, Inc, became a 501(c)3 nonprofit in 2006, but the idea of " "\"onion routing\" began in the mid 1990s." msgstr "" +"Het Tor Project Inc. werd in 2005 een 501(c)(3)-organisatie zonder " +"winstoogmerk, mr het idee van \"onion routing\" begon halverwege de jaren " +"90." #: https//www.torproject.org/about/history/ #: (content/about/history/contents+en.lrpage.body) @@ -885,7 +905,7 @@ msgstr "VERDEDIG JEZELF" #: templates/hero-download-tor.html:2 msgid "GROW THE NETWORK" -msgstr "" +msgstr "BREID HET NETWERK UIT" #: templates/hero-download.html:2 msgid "Defend yourself." @@ -1060,7 +1080,7 @@ msgstr "Vind ondersteuning" #: templates/press.html:9 msgid "Visit our Support Portal" -msgstr "" +msgstr "Bezoek ons ondersteuningsportaal" #: templates/press.html:12 msgid "Ask us on #tor" @@ -1068,7 +1088,7 @@ msgstr "Vraag ons iets op #tor" #: templates/press.html:15 msgid "Write to a mailing list" -msgstr "" +msgstr "Schrijf naar een e-maillijst" #: templates/press.html:22 msgid "Brand Assets" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser-build/master] Add missing item in 9.0a6 Changelog
commit ff6fd56b61cbd0773448845c1187fb62f9adb7f4 Author: Georg Koppen Date: Mon Sep 9 19:23:01 2019 + Add missing item in 9.0a6 Changelog --- projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt index 2cf1c5a..6fcd33a 100644 --- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt +++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt @@ -24,6 +24,7 @@ Tor Browser 9.0a6 -- September 4 2019 * Bug 25214: Canvas data extraction on locale pdf file should be allowed * Bug 30657: Locale is leaked via title of link tag on non-html page * Bug 31015: Disabling SVG hides UI icons in extensions + * Bug 30538: Unable to comment on The Independent Newspaper * Bug 31357: Retire Tom's default obfs4 bridge * Windows + OS X + Linux * Update Tor to 0.4.1.5 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser-build/master] Fold in stable Changelog
commit 82d382db0d7ca83896ae1bc75b3c923904f626b1 Author: Georg Koppen Date: Mon Sep 9 19:23:38 2019 + Fold in stable Changelog --- projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt | 5 + 1 file changed, 5 insertions(+) diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt index 6fcd33a..f97cb65 100644 --- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt +++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,8 @@ +Tor Browser 8.5.6 -- September 9 2019 + * Android + * Update Torbutton to 2.1.14 + * Bug 31616: Fix JIT related crashes on aarch64 + Tor Browser 9.0a6 -- September 4 2019 * All platforms * Update Firefox to 68.1.0esr ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add new practracker test files to Makefile.am
commit 884ae485f6b0bb73b23cf246cc4cc2e0615b54c0 Author: Nick Mathewson Date: Mon Aug 26 13:47:09 2019 -0400 Add new practracker test files to Makefile.am --- Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile.am b/Makefile.am index d3cce3934..dd5bf904b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -174,6 +174,7 @@ EXTRA_DIST+= \ scripts/maint/practracker/practracker.py\ scripts/maint/practracker/practracker_tests.py \ scripts/maint/practracker/problem.py\ + scripts/maint/practracker/testdata/.may_include \ scripts/maint/practracker/testdata/a.c \ scripts/maint/practracker/testdata/b.c \ scripts/maint/practracker/testdata/ex0-expected.txt \ @@ -181,6 +182,7 @@ EXTRA_DIST+= \ scripts/maint/practracker/testdata/ex1-expected.txt \ scripts/maint/practracker/testdata/ex1.txt \ scripts/maint/practracker/testdata/ex.txt \ + scripts/maint/practracker/testdata/header.h \ scripts/maint/practracker/testdata/not_c_file \ scripts/maint/practracker/test_practracker.sh \ scripts/maint/practracker/util.py ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] changes file for ticket31477
commit 380d178e53bf4389a4f3085aef73d23c4a6b447f Author: Nick Mathewson Date: Thu Sep 5 16:20:31 2019 -0400 changes file for ticket31477 --- changes/ticket31477 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/changes/ticket31477 b/changes/ticket31477 new file mode 100644 index 0..5a0fdd154 --- /dev/null +++ b/changes/ticket31477 @@ -0,0 +1,3 @@ + o Minor features (tests): +- Add integration tests to make sure that practracker gives the outputs + we expect. Closes ticket 31477. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] New practracker exceptions for dependency violations in headers
commit bc4ddbf4aced574c6729220a924a38bfe1b0b63e Author: Nick Mathewson Date: Mon Aug 26 12:33:44 2019 -0400 New practracker exceptions for dependency violations in headers I've done this manually, since I don't want to override the existing exceptions in this branch. --- scripts/maint/practracker/exceptions.txt | 9 + 1 file changed, 9 insertions(+) diff --git a/scripts/maint/practracker/exceptions.txt b/scripts/maint/practracker/exceptions.txt index 0acb6fb7f..f0306ebeb 100644 --- a/scripts/maint/practracker/exceptions.txt +++ b/scripts/maint/practracker/exceptions.txt @@ -325,3 +325,12 @@ problem function-size /src/tools/tor-gencert.c:parse_commandline() 111 problem function-size /src/tools/tor-resolve.c:build_socks5_resolve_request() 102 problem function-size /src/tools/tor-resolve.c:do_resolve() 171 problem function-size /src/tools/tor-resolve.c:main() 112 + +problem dependency-violation /scripts/maint/practracker/testdata/a.c 3 +problem dependency-violation /scripts/maint/practracker/testdata/header.h 3 +problem dependency-violation /src/core/crypto/hs_ntor.h 1 +problem dependency-violation /src/core/or/cell_queue_st.h 1 +problem dependency-violation /src/core/or/channel.h 1 +problem dependency-violation /src/core/or/circuitlist.h 1 +problem dependency-violation /src/core/or/connection_edge.h 1 +problem dependency-violation /src/core/or/or.h 1 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add integration tests for new practracker features
commit c71051882586201f9f2566fa7073e13bf50b60db Author: Nick Mathewson Date: Mon Aug 26 12:28:46 2019 -0400 Add integration tests for new practracker features These tests check our .may_include checking, and our header file checking. They do not pass yet: we have a bug in our filtering code. --- scripts/maint/practracker/test_practracker.sh | 4 +++- scripts/maint/practracker/testdata/.may_include | 3 +++ scripts/maint/practracker/testdata/a.c | 2 +- scripts/maint/practracker/testdata/ex0-expected.txt | 4 scripts/maint/practracker/testdata/ex1.txt | 4 scripts/maint/practracker/testdata/header.h | 8 6 files changed, 23 insertions(+), 2 deletions(-) diff --git a/scripts/maint/practracker/test_practracker.sh b/scripts/maint/practracker/test_practracker.sh index c878ca558..4f8b7e204 100755 --- a/scripts/maint/practracker/test_practracker.sh +++ b/scripts/maint/practracker/test_practracker.sh @@ -25,7 +25,9 @@ DATA="${PRACTRACKER_DIR}/testdata" run_practracker() { "${PYTHON:-python}" "${PRACTRACKER_DIR}/practracker.py" \ ---max-include-count=0 --max-file-size=0 --max-function-size=0 --terse \ +--max-include-count=0 --max-file-size=0 \ +--max-h-include-count=0 --max-h-file-size=0 \ +--max-function-size=0 --terse \ "${DATA}/" "$@"; } compare() { diff --git a/scripts/maint/practracker/testdata/.may_include b/scripts/maint/practracker/testdata/.may_include new file mode 100644 index 0..40bf8155d --- /dev/null +++ b/scripts/maint/practracker/testdata/.may_include @@ -0,0 +1,3 @@ +!advisory + +permitted.h diff --git a/scripts/maint/practracker/testdata/a.c b/scripts/maint/practracker/testdata/a.c index b52a14f56..1939773f5 100644 --- a/scripts/maint/practracker/testdata/a.c +++ b/scripts/maint/practracker/testdata/a.c @@ -3,7 +3,7 @@ #include "two.h" #incldue "three.h" -# include "four.h" +# include "permitted.h" int i_am_a_function(void) diff --git a/scripts/maint/practracker/testdata/ex0-expected.txt b/scripts/maint/practracker/testdata/ex0-expected.txt index c021e6f71..5f3d9e5ae 100644 --- a/scripts/maint/practracker/testdata/ex0-expected.txt +++ b/scripts/maint/practracker/testdata/ex0-expected.txt @@ -2,6 +2,10 @@ problem file-size a.c 38 problem include-count a.c 4 problem function-size a.c:i_am_a_function() 9 problem function-size a.c:another_function() 12 +problem dependency-violation a.c 3 problem file-size b.c 15 problem function-size b.c:foo() 4 problem function-size b.c:bar() 5 +problem file-size header.h 8 +problem include-count header.h 4 +problem dependency-violation header.h 3 diff --git a/scripts/maint/practracker/testdata/ex1.txt b/scripts/maint/practracker/testdata/ex1.txt index db42ae845..f619e33b2 100644 --- a/scripts/maint/practracker/testdata/ex1.txt +++ b/scripts/maint/practracker/testdata/ex1.txt @@ -9,3 +9,7 @@ problem file-size b.c 15 # This is removed, and so will produce an error. # problem function-size b.c:foo() 4 problem function-size b.c:bar() 5 +problem dependency-violation a.c 3 +problem dependency-violation header.h 3 +problem file-size header.h 8 +problem include-count header.h 4 diff --git a/scripts/maint/practracker/testdata/header.h b/scripts/maint/practracker/testdata/header.h new file mode 100644 index 0..1183f5db9 --- /dev/null +++ b/scripts/maint/practracker/testdata/header.h @@ -0,0 +1,8 @@ + +// some forbidden includes +#include "foo.h" +#include "quux.h" +#include "quup.h" + +// a permitted include +#include "permitted.h" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'tor-github/pr/1264'
commit 796a9b37ea346f413f6684505ca31879ddf3f0f1 Merge: 6846d1486 380d178e5 Author: David Goulet Date: Mon Sep 9 14:53:12 2019 -0400 Merge branch 'tor-github/pr/1264' Makefile.am | 2 ++ changes/ticket31477 | 3 +++ scripts/maint/practracker/exceptions.txt| 9 + scripts/maint/practracker/practracker.py| 3 ++- scripts/maint/practracker/test_practracker.sh | 4 +++- scripts/maint/practracker/testdata/.may_include | 3 +++ scripts/maint/practracker/testdata/a.c | 2 +- scripts/maint/practracker/testdata/ex0-expected.txt | 4 scripts/maint/practracker/testdata/ex1.txt | 4 scripts/maint/practracker/testdata/header.h | 8 10 files changed, 39 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix a bug in practracker's handling of .may_include in headers
commit 318de94e49c99335987bfdead899c29908afc5bc Author: Nick Mathewson Date: Mon Aug 26 12:30:18 2019 -0400 Fix a bug in practracker's handling of .may_include in headers I was expecting our filter code to work in a way it didn't. I thought that saying that DependencyViolation applied to "*" would hit all of the files -- but actually, "*" wasn't implemented. I had to say "*.c" and "*.h" --- scripts/maint/practracker/practracker.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/maint/practracker/practracker.py b/scripts/maint/practracker/practracker.py index 6483b88da..b280a7676 100755 --- a/scripts/maint/practracker/practracker.py +++ b/scripts/maint/practracker/practracker.py @@ -213,7 +213,8 @@ def main(argv): filt.addThreshold(problem.FileSizeItem("*.h", int(args.max_h_file_size))) filt.addThreshold(problem.IncludeCountItem("*.h", int(args.max_h_include_count))) filt.addThreshold(problem.FunctionSizeItem("*.c", int(args.max_function_size))) -filt.addThreshold(problem.DependencyViolationItem("*", int(args.max_dependency_violations))) +filt.addThreshold(problem.DependencyViolationItem("*.c", int(args.max_dependency_violations))) +filt.addThreshold(problem.DependencyViolationItem("*.h", int(args.max_dependency_violations))) # 1) Get all the .c files we care about files_list = util.get_tor_c_files(TOR_TOPDIR) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] hs-v3: Rename validation function in hs_intropoint.c
commit 622c2c7884fd656b5140245c4695a5a145dc04fd Author: David Goulet Date: Tue Aug 20 10:59:04 2019 -0400 hs-v3: Rename validation function in hs_intropoint.c Signed-off-by: David Goulet --- src/feature/hs/hs_intropoint.c | 8 src/feature/hs/hs_intropoint.h | 6 +++--- src/test/test_hs_dos.c | 14 +++--- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index fb2ac52e5..90a7f2894 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -186,8 +186,8 @@ hs_intro_send_intro_established_cell,(or_circuit_t *circ)) * bound check and can be used. Else return false. See proposal 305 for * details and reasons about this validation. */ STATIC bool -validate_cell_dos_extension_parameters(uint64_t intro2_rate_per_sec, - uint64_t intro2_burst_per_sec) +cell_dos_extension_parameters_are_valid(uint64_t intro2_rate_per_sec, +uint64_t intro2_burst_per_sec) { bool ret = false; @@ -296,8 +296,8 @@ handle_establish_intro_cell_dos_extension( } /* If invalid, we disable the defense on the circuit. */ - if (!validate_cell_dos_extension_parameters(intro2_rate_per_sec, - intro2_burst_per_sec)) { + if (!cell_dos_extension_parameters_are_valid(intro2_rate_per_sec, + intro2_burst_per_sec)) { circ->introduce2_dos_defense_enabled = 0; log_info(LD_REND, "Disabling INTRO2 DoS defenses on circuit id %u", circ->p_circ_id); diff --git a/src/feature/hs/hs_intropoint.h b/src/feature/hs/hs_intropoint.h index 1bebcacd8..94ebf021e 100644 --- a/src/feature/hs/hs_intropoint.h +++ b/src/feature/hs/hs_intropoint.h @@ -57,9 +57,9 @@ STATIC int handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, size_t request_len); STATIC int validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell); STATIC int circuit_is_suitable_for_introduce1(const or_circuit_t *circ); -STATIC bool validate_cell_dos_extension_parameters( -uint64_t intro2_rate_per_sec, -uint64_t intro2_burst_per_sec); +STATIC bool cell_dos_extension_parameters_are_valid( + uint64_t intro2_rate_per_sec, + uint64_t intro2_burst_per_sec); #endif /* defined(HS_INTROPOINT_PRIVATE) */ diff --git a/src/test/test_hs_dos.c b/src/test/test_hs_dos.c index 03c755acb..f68639e24 100644 --- a/src/test/test_hs_dos.c +++ b/src/test/test_hs_dos.c @@ -135,23 +135,23 @@ test_validate_dos_extension_params(void *arg) (void) arg; /* Validate the default values. */ - ret = validate_cell_dos_extension_parameters( -get_intro2_rate_consensus_param(NULL), -get_intro2_burst_consensus_param(NULL)); + ret = cell_dos_extension_parameters_are_valid( + get_intro2_rate_consensus_param(NULL), + get_intro2_burst_consensus_param(NULL)); tt_assert(ret); /* Valid custom rate/burst. */ - ret = validate_cell_dos_extension_parameters(17, 42); + ret = cell_dos_extension_parameters_are_valid(17, 42); tt_assert(ret); ret = cell_dos_extension_parameters_are_valid(INT32_MAX, INT32_MAX); tt_assert(ret); /* Invalid rate. */ - ret = validate_cell_dos_extension_parameters(UINT64_MAX, 42); + ret = cell_dos_extension_parameters_are_valid(UINT64_MAX, 42); tt_assert(!ret); /* Invalid burst. */ - ret = validate_cell_dos_extension_parameters(42, UINT64_MAX); + ret = cell_dos_extension_parameters_are_valid(42, UINT64_MAX); tt_assert(!ret); /* Value of 0 is valid (but should disable defenses) */ @@ -159,7 +159,7 @@ test_validate_dos_extension_params(void *arg) tt_assert(ret); /* Can't have burst smaller than rate. */ - ret = validate_cell_dos_extension_parameters(42, 40); + ret = cell_dos_extension_parameters_are_valid(42, 40); tt_assert(!ret); done: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] test: Unit tests HS DoS torrc options
commit cbe5f9571f006a919a16b437c3e13ad5f6c7bf98 Author: David Goulet Date: Tue Aug 20 09:51:30 2019 -0400 test: Unit tests HS DoS torrc options Signed-off-by: David Goulet --- src/test/test_hs_config.c | 109 ++ 1 file changed, 109 insertions(+) diff --git a/src/test/test_hs_config.c b/src/test/test_hs_config.c index c2c556307..2b3afbb6e 100644 --- a/src/test/test_hs_config.c +++ b/src/test/test_hs_config.c @@ -489,6 +489,111 @@ test_staging_service_v3(void *arg) hs_free_all(); } +static void +test_dos_parameters(void *arg) +{ + int ret; + + (void) arg; + + hs_init(); + + /* Valid configuration. */ + { +const char *conf = + "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n" + "HiddenServiceVersion 3\n" + "HiddenServicePort 22 1.1.1.1:22\n" + "HiddenServiceEnableIntroDoSDefense 1\n" + "HiddenServiceEnableIntroDoSRatePerSec 42\n" + "HiddenServiceEnableIntroDoSBurstPerSec 87\n"; + +setup_full_capture_of_logs(LOG_INFO); +ret = helper_config_service(conf, 0); +tt_int_op(ret, OP_EQ, 0); +expect_log_msg_containing("Service INTRO2 DoS defenses rate set to: 42"); +expect_log_msg_containing("Service INTRO2 DoS defenses burst set to: 87"); +teardown_capture_of_logs(); + } + + /* Invalid rate. Value of 2^37. Max allowed is 2^31. */ + { +const char *conf = + "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n" + "HiddenServiceVersion 3\n" + "HiddenServicePort 22 1.1.1.1:22\n" + "HiddenServiceEnableIntroDoSDefense 1\n" + "HiddenServiceEnableIntroDoSRatePerSec 137438953472\n" + "HiddenServiceEnableIntroDoSBurstPerSec 87\n"; + +setup_full_capture_of_logs(LOG_WARN); +ret = helper_config_service(conf, 0); +tt_int_op(ret, OP_EQ, -1); +expect_log_msg_containing("HiddenServiceEnableIntroDoSRatePerSec must " + "be between 0 and 2147483647, " + "not 137438953472"); +teardown_capture_of_logs(); + } + + /* Invalid burst. Value of 2^38. Max allowed is 2^31. */ + { +const char *conf = + "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n" + "HiddenServiceVersion 3\n" + "HiddenServicePort 22 1.1.1.1:22\n" + "HiddenServiceEnableIntroDoSDefense 1\n" + "HiddenServiceEnableIntroDoSRatePerSec 42\n" + "HiddenServiceEnableIntroDoSBurstPerSec 274877906944\n"; + +setup_full_capture_of_logs(LOG_WARN); +ret = helper_config_service(conf, 0); +tt_int_op(ret, OP_EQ, -1); +expect_log_msg_containing("HiddenServiceEnableIntroDoSBurstPerSec must " + "be between 0 and 2147483647, " + "not 274877906944"); +teardown_capture_of_logs(); + } + + /* Burst is smaller than rate. */ + { +const char *conf = + "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n" + "HiddenServiceVersion 3\n" + "HiddenServicePort 22 1.1.1.1:22\n" + "HiddenServiceEnableIntroDoSDefense 1\n" + "HiddenServiceEnableIntroDoSRatePerSec 42\n" + "HiddenServiceEnableIntroDoSBurstPerSec 27\n"; + +setup_full_capture_of_logs(LOG_WARN); +ret = helper_config_service(conf, 0); +tt_int_op(ret, OP_EQ, -1); +expect_log_msg_containing("Hidden service DoS defenses burst (27) can " + "not be smaller than the rate value (42)."); +teardown_capture_of_logs(); + } + + /* Negative value. */ + { +const char *conf = + "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n" + "HiddenServiceVersion 3\n" + "HiddenServicePort 22 1.1.1.1:22\n" + "HiddenServiceEnableIntroDoSDefense 1\n" + "HiddenServiceEnableIntroDoSRatePerSec -1\n" + "HiddenServiceEnableIntroDoSBurstPerSec 42\n"; + +setup_full_capture_of_logs(LOG_WARN); +ret = helper_config_service(conf, 0); +tt_int_op(ret, OP_EQ, -1); +expect_log_msg_containing("HiddenServiceEnableIntroDoSRatePerSec must be " + "between 0 and 2147483647, not -1"); +teardown_capture_of_logs(); + } + + done: + hs_free_all(); +} + struct testcase_t hs_config_tests[] = { /* Invalid service not specific to any version. */ { "invalid_service", test_invalid_service, TT_FORK, @@ -512,6 +617,10 @@ struct testcase_t hs_config_tests[] = { { "staging_service_v3", test_staging_service_v3, TT_FORK, NULL, NULL }, + /* Test HS DoS parameters. */ + { "dos_parameters", test_dos_parameters, TT_FORK, +NULL, NULL }, + END_OF_TESTCASES }; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'ticket30924_042_04_squashed_merged'
commit 6846d14868b561e51e5f6afc27a1f1e8a0da94ce Merge: f16fc262e a642a4cbd Author: Nick Mathewson Date: Mon Sep 9 12:35:27 2019 -0400 Merge branch 'ticket30924_042_04_squashed_merged' changes/ticket30924 | 6 + doc/tor.1.txt | 46 ++- scripts/maint/practracker/exceptions.txt| 26 +- src/app/config/config.c | 5 + src/core/or/or.h| 4 + src/core/or/or_circuit_st.h | 4 + src/core/or/protover.c | 2 +- src/core/or/versions.c | 4 +- src/feature/hs/hs_cell.c| 111 ++- src/feature/hs/hs_cell.h| 11 + src/feature/hs/hs_circuit.c | 2 +- src/feature/hs/hs_config.c | 60 src/feature/hs/hs_config.h | 9 + src/feature/hs/hs_dos.c | 68 ++-- src/feature/hs/hs_dos.h | 10 +- src/feature/hs/hs_intropoint.c | 190 ++- src/feature/hs/hs_intropoint.h | 3 + src/feature/hs/hs_service.c | 7 + src/feature/hs/hs_service.h | 9 + src/feature/nodelist/nodelist.c | 13 +- src/feature/nodelist/nodelist.h | 1 + src/feature/rend/rendmid.c | 3 +- src/test/test_hs_cell.c | 96 +- src/test/test_hs_config.c | 109 +++ src/test/test_hs_dos.c | 62 +++- src/test/test_hs_intropoint.c | 161 +- src/trunnel/hs/cell_common.c| 116 +++ src/trunnel/hs/cell_common.h| 98 +++--- src/trunnel/hs/cell_common.trunnel | 4 +- src/trunnel/hs/cell_establish_intro.c | 469 src/trunnel/hs/cell_establish_intro.h | 159 ++ src/trunnel/hs/cell_establish_intro.trunnel | 23 ++ 32 files changed, 1703 insertions(+), 188 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] practracker: Make you happy funny script
commit a8a1ea4e0e78e5a24fad6939c47ef9dbf78b38c2 Author: David Goulet Date: Tue Aug 20 09:53:29 2019 -0400 practracker: Make you happy funny script Signed-off-by: David Goulet --- scripts/maint/practracker/exceptions.txt | 28 ++-- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/scripts/maint/practracker/exceptions.txt b/scripts/maint/practracker/exceptions.txt index 6bc023665..bd64e48f1 100644 --- a/scripts/maint/practracker/exceptions.txt +++ b/scripts/maint/practracker/exceptions.txt @@ -29,7 +29,7 @@ # # Remember: It is better to fix the problem than to add a new exception! -problem file-size /src/app/config/config.c 8518 +problem file-size /src/app/config/config.c 8515 problem include-count /src/app/config/config.c 88 problem function-size /src/app/config/config.c:options_act_reversible() 296 problem function-size /src/app/config/config.c:options_act() 589 @@ -44,7 +44,6 @@ problem function-size /src/app/config/config.c:parse_dir_authority_line() 150 problem function-size /src/app/config/config.c:parse_dir_fallback_line() 101 problem function-size /src/app/config/config.c:parse_port_config() 446 problem function-size /src/app/config/config.c:parse_ports() 168 -problem function-size /src/app/config/config.c:getinfo_helper_config() 113 problem file-size /src/app/config/or_options_st.h 1112 problem include-count /src/app/main/main.c 68 problem function-size /src/app/main/main.c:dumpstats() 102 @@ -81,8 +80,8 @@ problem dependency-violation /src/core/mainloop/netstatus.c 4 problem dependency-violation /src/core/mainloop/periodic.c 2 problem dependency-violation /src/core/or/address_set.c 1 problem file-size /src/core/or/channel.c 3487 -problem file-size /src/core/or/channel.h 780 problem dependency-violation /src/core/or/channel.c 9 +problem file-size /src/core/or/channel.h 780 problem dependency-violation /src/core/or/channelpadding.c 6 problem function-size /src/core/or/channeltls.c:channel_tls_handle_var_cell() 160 problem function-size /src/core/or/channeltls.c:channel_tls_process_versions_cell() 170 @@ -105,10 +104,10 @@ problem dependency-violation /src/core/or/circuitlist.c 19 problem function-size /src/core/or/circuitmux.c:circuitmux_set_policy() 109 problem function-size /src/core/or/circuitmux.c:circuitmux_attach_circuit() 113 problem dependency-violation /src/core/or/circuitmux_ewma.c 2 -problem file-size /src/core/or/circuitpadding.c 3043 -problem function-size /src/core/or/circuitpadding.c:circpad_machine_schedule_padding() 107 -problem file-size /src/core/or/circuitpadding.h 809 +problem file-size /src/core/or/circuitpadding.c 3096 +problem function-size /src/core/or/circuitpadding.c:circpad_machine_schedule_padding() 113 problem dependency-violation /src/core/or/circuitpadding.c 6 +problem file-size /src/core/or/circuitpadding.h 813 problem function-size /src/core/or/circuitpadding_machines.c:circpad_machine_relay_hide_intro_circuits() 103 problem function-size /src/core/or/circuitpadding_machines.c:circpad_machine_client_hide_rend_circuits() 112 problem dependency-violation /src/core/or/circuitpadding_machines.c 1 @@ -142,19 +141,19 @@ problem include-count /src/core/or/connection_or.c 51 problem function-size /src/core/or/connection_or.c:connection_or_group_set_badness_() 105 problem function-size /src/core/or/connection_or.c:connection_or_client_learned_peer_id() 142 problem function-size /src/core/or/connection_or.c:connection_or_compute_authenticate_cell_body() 231 -problem file-size /src/core/or/or.h 1103 -problem include-count /src/core/or/or.h 49 problem dependency-violation /src/core/or/connection_or.c 20 problem dependency-violation /src/core/or/dos.c 5 problem dependency-violation /src/core/or/onion.c 2 +problem file-size /src/core/or/or.h 1107 +problem include-count /src/core/or/or.h 49 problem dependency-violation /src/core/or/or_periodic.c 1 problem file-size /src/core/or/policies.c 3249 problem function-size /src/core/or/policies.c:policy_summarize() 107 problem dependency-violation /src/core/or/policies.c 14 problem function-size /src/core/or/protover.c:protover_all_supported() 117 -problem function-size /src/core/or/relay.c:circuit_receive_relay_cell() 127 -problem file-size /src/core/or/relay.c 3263 problem dependency-violation /src/core/or/reasons.c 2 +problem file-size /src/core/or/relay.c 3264 +problem function-size /src/core/or/relay.c:circuit_receive_relay_cell() 127 problem function-size /src/core/or/relay.c:relay_send_command_from_edge_() 109 problem function-size /src/core/or/relay.c:connection_ap_process_end_not_open() 192 problem function-size /src/core/or/relay.c:connection_edge_process_relay_cell_not_open() 137 @@ -237,18 +236,19 @@ problem function-size /src/feature/dirparse/parsecommon.c:get_next_token() 158 problem function-size /src/feature/dirparse/routerparse.c:router_parse_entry_from_string() 554 problem function-size /src/feature/dirpa
[tor-commits] [tor/master] hs-v3: Move DoS parameter check against 0
commit 385f6bcfccbc327f42e5139ac8136086e79fbb17 Author: David Goulet Date: Tue Aug 20 10:50:31 2019 -0400 hs-v3: Move DoS parameter check against 0 Move it outside of the validation function since 0 is a valid value but disables defenses. Signed-off-by: David Goulet --- src/feature/hs/hs_intropoint.c | 54 +- src/test/test_hs_dos.c | 11 - 2 files changed, 43 insertions(+), 22 deletions(-) diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index 9b6a96628..fb2ac52e5 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -191,28 +191,40 @@ validate_cell_dos_extension_parameters(uint64_t intro2_rate_per_sec, { bool ret = false; - /* A value of 0 is valid in the sense that we accept it but we still disable - * the defenses so return false. */ - if (intro2_rate_per_sec == 0 || intro2_burst_per_sec == 0) { -log_info(LD_REND, "Intro point DoS defenses parameter set to 0."); + /* Check that received value is not below the minimum. Don't check if minimum + is set to 0, since the param is a positive value and gcc will complain. */ +#if HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN > 0 + if (intro2_rate_per_sec < HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN) { +log_fn(LOG_PROTOCOL_WARN, LD_REND, + "Intro point DoS defenses rate per second is " + "too small. Received value: %" PRIu64, intro2_rate_per_sec); goto end; } +#endif - /* Bound check the received rate per second. MIN/MAX are inclusive. */ - if (!(intro2_rate_per_sec <= HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX && -intro2_rate_per_sec > HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN)) { -log_info(LD_REND, "Intro point DoS defenses rate per second is " - "invalid. Received value: %" PRIu64, - intro2_rate_per_sec); + /* Check that received value is not above maximum */ + if (intro2_rate_per_sec > HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX) { +log_fn(LOG_PROTOCOL_WARN, LD_REND, + "Intro point DoS defenses rate per second is " + "too big. Received value: %" PRIu64, intro2_rate_per_sec); +goto end; + } + + /* Check that received value is not below the minimum */ +#if HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN > 0 + if (intro2_burst_per_sec < HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN) { +log_fn(LOG_PROTOCOL_WARN, LD_REND, + "Intro point DoS defenses burst per second is " + "too small. Received value: %" PRIu64, intro2_burst_per_sec); goto end; } +#endif - /* Bound check the received burst per second. MIN/MAX are inclusive. */ - if (!(intro2_burst_per_sec <= HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX && -intro2_burst_per_sec > HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN)) { -log_info(LD_REND, "Intro point DoS defenses burst per second is " - "invalid. Received value: %" PRIu64, - intro2_burst_per_sec); + /* Check that received value is not above maximum */ + if (intro2_burst_per_sec > HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX) { +log_fn(LOG_PROTOCOL_WARN, LD_REND, + "Intro point DoS defenses burst per second is " + "too big. Received value: %" PRIu64, intro2_burst_per_sec); goto end; } @@ -273,6 +285,16 @@ handle_establish_intro_cell_dos_extension( } } + /* A value of 0 is valid in the sense that we accept it but we still disable + * the defenses so return false. */ + if (intro2_rate_per_sec == 0 || intro2_burst_per_sec == 0) { +log_info(LD_REND, "Intro point DoS defenses parameter set to 0. " + "Disabling INTRO2 DoS defenses on circuit id %u", + circ->p_circ_id); +circ->introduce2_dos_defense_enabled = 0; +goto end; + } + /* If invalid, we disable the defense on the circuit. */ if (!validate_cell_dos_extension_parameters(intro2_rate_per_sec, intro2_burst_per_sec)) { diff --git a/src/test/test_hs_dos.c b/src/test/test_hs_dos.c index 25a04d779..03c755acb 100644 --- a/src/test/test_hs_dos.c +++ b/src/test/test_hs_dos.c @@ -143,6 +143,8 @@ test_validate_dos_extension_params(void *arg) /* Valid custom rate/burst. */ ret = validate_cell_dos_extension_parameters(17, 42); tt_assert(ret); + ret = cell_dos_extension_parameters_are_valid(INT32_MAX, INT32_MAX); + tt_assert(ret); /* Invalid rate. */ ret = validate_cell_dos_extension_parameters(UINT64_MAX, 42); @@ -152,11 +154,9 @@ test_validate_dos_extension_params(void *arg) ret = validate_cell_dos_extension_parameters(42, UINT64_MAX); tt_assert(!ret); - /* Value of 0 should return invalid so defenses can be disabled. */ - ret = validate_cell_dos_extension_parameters(0, 42); - tt_assert(!ret); - ret = validate_cell_dos_extension_parameters(42, 0); - tt_assert(!ret); + /* Value of 0 is valid (but should disa
[tor-commits] [tor/master] hs-v3: Add protover HSIntro=5
commit 6c79172924a6a1660e55c29b7f2a205205ce0d21 Author: David Goulet Date: Tue Jun 25 10:47:37 2019 -0400 hs-v3: Add protover HSIntro=5 Signed-off-by: David Goulet --- src/core/or/or.h| 4 src/core/or/protover.c | 2 +- src/core/or/versions.c | 4 +++- src/feature/nodelist/nodelist.c | 13 - src/feature/nodelist/nodelist.h | 1 + 5 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/core/or/or.h b/src/core/or/or.h index ab258629a..990cfacbc 100644 --- a/src/core/or/or.h +++ b/src/core/or/or.h @@ -843,6 +843,10 @@ typedef struct protover_summary_flags_t { /** True iff this router has a protocol list that allows clients to * negotiate hs circuit setup padding. Requires Padding>=2. */ unsigned int supports_hs_setup_padding : 1; + + /** True iff this router has a protocol list that allows it to support the + * ESTABLISH_INTRO DoS cell extension. Requires HSIntro>=5. */ + unsigned int supports_establish_intro_dos_extension : 1; } protover_summary_flags_t; typedef struct routerinfo_t routerinfo_t; diff --git a/src/core/or/protover.c b/src/core/or/protover.c index ccd33fabf..905c5e9ed 100644 --- a/src/core/or/protover.c +++ b/src/core/or/protover.c @@ -392,7 +392,7 @@ protover_get_supported_protocols(void) "Desc=1-2 " "DirCache=1-2 " "HSDir=1-2 " -"HSIntro=3-4 " +"HSIntro=3-5 " "HSRend=1-2 " "Link=1-5 " #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS diff --git a/src/core/or/versions.c b/src/core/or/versions.c index 06417bb4e..2c32b529f 100644 --- a/src/core/or/versions.c +++ b/src/core/or/versions.c @@ -450,7 +450,9 @@ memoize_protover_summary(protover_summary_flags_t *out, PROTOVER_HS_RENDEZVOUS_POINT_V3); out->supports_hs_setup_padding = protocol_list_supports_protocol(protocols, PRT_PADDING, - PROTOVER_HS_SETUP_PADDING); +PROTOVER_HS_SETUP_PADDING); + out->supports_establish_intro_dos_extension = +protocol_list_supports_protocol(protocols, PRT_HSINTRO, 5); protover_summary_flags_t *new_cached = tor_memdup(out, sizeof(*out)); cached = strmap_set(protover_summary_map, protocols, new_cached); diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c index 21914c6c6..7da3b8524 100644 --- a/src/feature/nodelist/nodelist.c +++ b/src/feature/nodelist/nodelist.c @@ -1106,7 +1106,7 @@ node_ed25519_id_matches(const node_t *node, const ed25519_public_key_t *id) /** Dummy object that should be unreturnable. Used to ensure that * node_get_protover_summary_flags() always returns non-NULL. */ static const protover_summary_flags_t zero_protover_flags = { - 0,0,0,0,0,0,0,0 + 0,0,0,0,0,0,0,0,0 }; /** Return the protover_summary_flags for a given node. */ @@ -1166,6 +1166,17 @@ node_supports_ed25519_hs_intro(const node_t *node) return node_get_protover_summary_flags(node)->supports_ed25519_hs_intro; } +/** Return true iff node supports the DoS ESTABLISH_INTRO cell + * extenstion. */ +int +node_supports_establish_intro_dos_extension(const node_t *node) +{ + tor_assert(node); + + return node_get_protover_summary_flags(node)-> + supports_establish_intro_dos_extension; +} + /** Return true iff node supports to be a rendezvous point for hidden * service version 3 (HSRend=2). */ int diff --git a/src/feature/nodelist/nodelist.h b/src/feature/nodelist/nodelist.h index 84ab5f7a5..af144c197 100644 --- a/src/feature/nodelist/nodelist.h +++ b/src/feature/nodelist/nodelist.h @@ -76,6 +76,7 @@ int node_supports_ed25519_link_authentication(const node_t *node, int node_supports_v3_hsdir(const node_t *node); int node_supports_ed25519_hs_intro(const node_t *node); int node_supports_v3_rendezvous_point(const node_t *node); +int node_supports_establish_intro_dos_extension(const node_t *node); const uint8_t *node_get_rsa_id_digest(const node_t *node); smartlist_t *node_get_link_specifier_smartlist(const node_t *node, bool direct_conn); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] man: Entry for the HS intro DoS defenses
commit e5cf1423fdc1707093885e5d74f0691de3365b55 Author: David Goulet Date: Wed Aug 14 11:11:59 2019 -0400 man: Entry for the HS intro DoS defenses This also adds a "subsection" to the HIDDEN SERVICE OPTIONS section to seperate per-service and per-instance options. It is a bit less messy this way. The HS DoS options are added to the per-service section. Part of #30924 Signed-off-by: David Goulet --- doc/tor.1.txt | 46 +++--- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 362c40990..835962362 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -2915,7 +2915,13 @@ on the public Tor network. HIDDEN SERVICE OPTIONS -- -The following options are used to configure a hidden service. +The following options are used to configure a hidden service. Some options +apply per service and some apply for the whole tor instance. + +The next section describes the per service options that can only be set +**after** the **HiddenServiceDir** directive + +**PER SERVICE OPTIONS:** [[HiddenServiceDir]] **HiddenServiceDir** __DIRECTORY__:: Store data files for a hidden service in DIRECTORY. Every hidden service @@ -2941,12 +2947,6 @@ The following options are used to configure a hidden service. connects to that VIRTPORT, one of the TARGETs from those lines will be chosen at random. Note that address-port pairs have to be comma-separated. -[[PublishHidServDescriptors]] **PublishHidServDescriptors** **0**|**1**:: -If set to 0, Tor will run any hidden services you configure, but it won't -advertise them to the rendezvous directory. This option is only useful if -you're using a Tor controller that handles hidserv publishing for you. -(Default: 1) - [[HiddenServiceVersion]] **HiddenServiceVersion** **2**|**3**:: A list of rendezvous service descriptor versions to publish for the hidden service. Currently, versions 2 and 3 are supported. (Default: 3) @@ -3025,6 +3025,38 @@ The following options are used to configure a hidden service. Number of introduction points the hidden service will have. You can't have more than 10 for v2 service and 20 for v3. (Default: 3) +[[HiddenServiceEnableIntroDoSDefense]] **HiddenServiceEnableIntroDoSDefense** **0**|**1**:: +Enable DoS defense at the intropoint level. When this is enabled, the +rate and burst parameter (see below) will be sent to the intro point which +will then use them to apply rate limiting for introduction request to this +service. + + +The introduction point honors the consensus parameters except if this is +specifically set by the service operator using this option. The service +never looks at the consensus parameters in order to enable or disable this +defense. (Default: 0) + +[[HiddenServiceEnableIntroDoSRatePerSec]] **HiddenServiceEnableIntroDoSRatePerSec** __NUM__:: +The allowed client introduction rate per second at the introduction +point. If this option is 0, it is considered infinite and thus if +**HiddenServiceEnableIntroDoSDefense** is set, it then effectively +disables the defenses. (Default: 25) + +[[HiddenServiceEnableIntroDoSBurstPerSec]] **HiddenServiceEnableIntroDoSBurstPerSec** __NUM__:: +The allowed client introduction burst per second at the introduction +point. If this option is 0, it is considered infinite and thus if +**HiddenServiceEnableIntroDoSDefense** is set, it then effectively +disables the defenses. (Default: 200) + + +**PER INSTANCE OPTIONS:** + +[[PublishHidServDescriptors]] **PublishHidServDescriptors** **0**|**1**:: +If set to 0, Tor will run any hidden services you configure, but it won't +advertise them to the rendezvous directory. This option is only useful if +you're using a Tor controller that handles hidserv publishing for you. +(Default: 1) + [[HiddenServiceSingleHopMode]] **HiddenServiceSingleHopMode** **0**|**1**:: **Experimental - Non Anonymous** Hidden Services on a tor instance in HiddenServiceSingleHopMode make one-hop (direct) circuits between the onion ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'ticket30924_042_04_squashed' into ticket30924_042_04_squashed_merged
commit a642a4cbd7016b350b7386096e752e1a73057b54 Merge: 1e7c7870e 622c2c788 Author: Nick Mathewson Date: Mon Sep 9 11:10:53 2019 -0400 Merge branch 'ticket30924_042_04_squashed' into ticket30924_042_04_squashed_merged changes/ticket30924 | 6 + doc/tor.1.txt | 46 ++- scripts/maint/practracker/exceptions.txt| 26 +- src/app/config/config.c | 5 + src/core/or/or.h| 4 + src/core/or/or_circuit_st.h | 4 + src/core/or/protover.c | 2 +- src/core/or/versions.c | 4 +- src/feature/hs/hs_cell.c| 111 ++- src/feature/hs/hs_cell.h| 11 + src/feature/hs/hs_circuit.c | 2 +- src/feature/hs/hs_config.c | 60 src/feature/hs/hs_config.h | 9 + src/feature/hs/hs_dos.c | 68 ++-- src/feature/hs/hs_dos.h | 10 +- src/feature/hs/hs_intropoint.c | 190 ++- src/feature/hs/hs_intropoint.h | 3 + src/feature/hs/hs_service.c | 7 + src/feature/hs/hs_service.h | 9 + src/feature/nodelist/nodelist.c | 13 +- src/feature/nodelist/nodelist.h | 1 + src/feature/rend/rendmid.c | 3 +- src/test/test_hs_cell.c | 96 +- src/test/test_hs_config.c | 109 +++ src/test/test_hs_dos.c | 62 +++- src/test/test_hs_intropoint.c | 161 +- src/trunnel/hs/cell_common.c| 116 +++ src/trunnel/hs/cell_common.h| 98 +++--- src/trunnel/hs/cell_common.trunnel | 4 +- src/trunnel/hs/cell_establish_intro.c | 469 src/trunnel/hs/cell_establish_intro.h | 159 ++ src/trunnel/hs/cell_establish_intro.trunnel | 23 ++ 32 files changed, 1703 insertions(+), 188 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] test: Handling of ESTABLISH_INTRO DoS extension
commit 4c71accc49616e00cfaa021ee5c87b34cd0220d2 Author: David Goulet Date: Tue Aug 13 10:12:45 2019 -0400 test: Handling of ESTABLISH_INTRO DoS extension Signed-off-by: David Goulet --- src/test/test_hs_intropoint.c | 151 ++ 1 file changed, 151 insertions(+) diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c index 498b9dfcb..feb934d93 100644 --- a/src/test/test_hs_intropoint.c +++ b/src/test/test_hs_intropoint.c @@ -26,6 +26,7 @@ #include "feature/hs/hs_cell.h" #include "feature/hs/hs_circuitmap.h" #include "feature/hs/hs_common.h" +#include "feature/hs/hs_config.h" #include "feature/hs/hs_dos.h" #include "feature/hs/hs_intropoint.h" #include "feature/hs/hs_service.h" @@ -909,6 +910,153 @@ test_received_introduce1_handling(void *arg) UNMOCK(relay_send_command_from_edge_); } +static void +test_received_establish_intro_dos_ext(void *arg) +{ + int ret; + ssize_t cell_len = 0; + uint8_t cell[RELAY_PAYLOAD_SIZE] = {0}; + char circ_nonce[DIGEST_LEN] = {0}; + hs_service_intro_point_t *ip = NULL; + hs_service_config_t config; + or_circuit_t *intro_circ = or_circuit_new(0,NULL); + + (void) arg; + + MOCK(relay_send_command_from_edge_, mock_relay_send_command_from_edge); + + hs_circuitmap_init(); + + /* Setup. */ + crypto_rand(circ_nonce, sizeof(circ_nonce)); + ip = service_intro_point_new(NULL); + tt_assert(ip); + ip->support_intro2_dos_defense = 1; + memset(&config, 0, sizeof(config)); + config.has_dos_defense_enabled = 1; + config.intro_dos_rate_per_sec = 13; + config.intro_dos_burst_per_sec = 42; + helper_prepare_circ_for_intro(intro_circ, circ_nonce); + /* The INTRO2 bucket should be 0 at this point. */ + tt_u64_op(token_bucket_ctr_get(&intro_circ->introduce2_bucket), OP_EQ, 0); + tt_u64_op(intro_circ->introduce2_bucket.cfg.rate, OP_EQ, 0); + tt_int_op(intro_circ->introduce2_bucket.cfg.burst, OP_EQ, 0); + tt_int_op(intro_circ->introduce2_dos_defense_enabled, OP_EQ, 0); + + /* Case 1: Build encoded cell. Usable DoS parameters. */ + cell_len = hs_cell_build_establish_intro(circ_nonce, &config, ip, cell); + tt_size_op(cell_len, OP_GT, 0); + /* Pass it to the intro point. */ + ret = hs_intro_received_establish_intro(intro_circ, cell, cell_len); + tt_int_op(ret, OP_EQ, 0); + /* Should be set to the burst value. */ + tt_u64_op(token_bucket_ctr_get(&intro_circ->introduce2_bucket), OP_EQ, 42); + /* Validate the config of the intro2 bucket. */ + tt_u64_op(intro_circ->introduce2_bucket.cfg.rate, OP_EQ, 13); + tt_int_op(intro_circ->introduce2_bucket.cfg.burst, OP_EQ, 42); + tt_int_op(intro_circ->introduce2_dos_defense_enabled, OP_EQ, 1); + + /* Need to reset the circuit in between test cases. */ + circuit_free_(TO_CIRCUIT(intro_circ)); + intro_circ = or_circuit_new(0,NULL); + helper_prepare_circ_for_intro(intro_circ, circ_nonce); + + /* Case 2: Build encoded cell. Bad DoS parameters. */ + config.has_dos_defense_enabled = 1; + config.intro_dos_rate_per_sec = UINT_MAX; + config.intro_dos_burst_per_sec = 13; + cell_len = hs_cell_build_establish_intro(circ_nonce, &config, ip, cell); + tt_size_op(cell_len, OP_GT, 0); + /* Pass it to the intro point. */ + ret = hs_intro_received_establish_intro(intro_circ, cell, cell_len); + tt_int_op(ret, OP_EQ, 0); + tt_u64_op(token_bucket_ctr_get(&intro_circ->introduce2_bucket), OP_EQ, +HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT); + tt_u64_op(intro_circ->introduce2_bucket.cfg.rate, OP_EQ, +HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT); + tt_int_op(intro_circ->introduce2_bucket.cfg.burst, OP_EQ, +HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT); + tt_int_op(intro_circ->introduce2_dos_defense_enabled, OP_EQ, +HS_CONFIG_V3_DOS_DEFENSE_DEFAULT); + + /* Need to reset the circuit in between test cases. */ + circuit_free_(TO_CIRCUIT(intro_circ)); + intro_circ = or_circuit_new(0,NULL); + helper_prepare_circ_for_intro(intro_circ, circ_nonce); + + /* Case 3: Build encoded cell. Burst is smaller than rate. Not allowed. */ + config.has_dos_defense_enabled = 1; + config.intro_dos_rate_per_sec = 87; + config.intro_dos_burst_per_sec = 45; + cell_len = hs_cell_build_establish_intro(circ_nonce, &config, ip, cell); + tt_size_op(cell_len, OP_GT, 0); + /* Pass it to the intro point. */ + ret = hs_intro_received_establish_intro(intro_circ, cell, cell_len); + tt_int_op(ret, OP_EQ, 0); + tt_u64_op(token_bucket_ctr_get(&intro_circ->introduce2_bucket), OP_EQ, +HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT); + tt_u64_op(intro_circ->introduce2_bucket.cfg.rate, OP_EQ, +HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT); + tt_int_op(intro_circ->introduce2_bucket.cfg.burst, OP_EQ, +HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_DEFAULT); + tt_int_op(intro_circ->introduce2_dos_defense_enabled, OP_EQ, +HS_CONFIG_V3_DOS_DEFENSE_DEFAULT); + + /* Need to reset the circuit i
[tor-commits] [tor/master] hs-v3: Log info INTRO2 DoS defenses service values
commit 292e9b0c002fb695f77665d86908bb5cb1759ee6 Author: David Goulet Date: Tue Aug 20 09:04:43 2019 -0400 hs-v3: Log info INTRO2 DoS defenses service values Signed-off-by: David Goulet --- src/feature/hs/hs_config.c | 4 1 file changed, 4 insertions(+) diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c index 51558f323..7424d7d3c 100644 --- a/src/feature/hs/hs_config.c +++ b/src/feature/hs/hs_config.c @@ -374,6 +374,8 @@ config_service_v3(const config_line_t *line_, goto err; } dos_rate_per_sec = true; + log_info(LD_REND, "Service INTRO2 DoS defenses rate set to: %" PRIu32, + config->intro_dos_rate_per_sec); continue; } if (!strcasecmp(line->key, "HiddenServiceEnableIntroDoSBurstPerSec")) { @@ -388,6 +390,8 @@ config_service_v3(const config_line_t *line_, goto err; } dos_burst_per_sec = true; + log_info(LD_REND, "Service INTRO2 DoS defenses burst set to: %" PRIu32, + config->intro_dos_burst_per_sec); continue; } } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] hs-v3: Implement torrc DoS defenses options
commit 5419fd5d9f54bda86549b47e096d4f88e1b58655 Author: David Goulet Date: Tue Jun 25 10:26:57 2019 -0400 hs-v3: Implement torrc DoS defenses options Signed-off-by: David Goulet --- src/app/config/config.c | 5 src/feature/hs/hs_config.c | 56 + src/feature/hs/hs_config.h | 8 +++ src/feature/hs/hs_service.c | 3 +++ src/feature/hs/hs_service.h | 5 5 files changed, 77 insertions(+) diff --git a/src/app/config/config.c b/src/app/config/config.c index 8da1e2acd..f72aacd8a 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -507,6 +507,11 @@ static config_var_t option_vars_[] = { VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceExportCircuitID", LINELIST_S, RendConfigLines, NULL), + VAR("HiddenServiceEnableIntroDoSDefense", LINELIST_S, RendConfigLines, NULL), + VAR("HiddenServiceEnableIntroDoSRatePerSec", + LINELIST_S, RendConfigLines, NULL), + VAR("HiddenServiceEnableIntroDoSBurstPerSec", + LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"), V(HidServAuth, LINELIST, NULL), V(ClientOnionAuthDir, FILENAME, NULL), diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c index 87f625759..51558f323 100644 --- a/src/feature/hs/hs_config.c +++ b/src/feature/hs/hs_config.c @@ -218,6 +218,9 @@ config_has_invalid_options(const config_line_t *line_, const char *opts_exclude_v2[] = { "HiddenServiceExportCircuitID", +"HiddenServiceEnableIntroDoSDefense", +"HiddenServiceEnableIntroDoSRatePerSec", +"HiddenServiceEnableIntroDoSBurstPerSec", NULL /* End marker. */ }; @@ -276,6 +279,15 @@ config_validate_service(const hs_service_config_t *config) goto invalid; } + /* DoS validation values. */ + if (config->has_dos_defense_enabled && + (config->intro_dos_burst_per_sec < config->intro_dos_rate_per_sec)) { +log_warn(LD_CONFIG, "Hidden service DoS defenses burst (%" PRIu32 ") can " +"not be smaller than the rate value (%" PRIu32 ").", + config->intro_dos_burst_per_sec, config->intro_dos_rate_per_sec); +goto invalid; + } + /* Valid. */ return 0; invalid: @@ -296,6 +308,8 @@ config_service_v3(const config_line_t *line_, { int have_num_ip = 0; bool export_circuit_id = false; /* just to detect duplicate options */ + bool dos_enabled = false, dos_rate_per_sec = false; + bool dos_burst_per_sec = false; const char *dup_opt_seen = NULL; const config_line_t *line; @@ -334,6 +348,48 @@ config_service_v3(const config_line_t *line_, export_circuit_id = true; continue; } +if (!strcasecmp(line->key, "HiddenServiceEnableIntroDoSDefense")) { + config->has_dos_defense_enabled = +(unsigned int) helper_parse_uint64(line->key, line->value, + HS_CONFIG_V3_DOS_DEFENSE_DEFAULT, + 1, &ok); + if (!ok || dos_enabled) { +if (dos_enabled) { + dup_opt_seen = line->key; +} +goto err; + } + dos_enabled = true; + continue; +} +if (!strcasecmp(line->key, "HiddenServiceEnableIntroDoSRatePerSec")) { + config->intro_dos_rate_per_sec = +(unsigned int) helper_parse_uint64(line->key, line->value, + HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN, + HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX, &ok); + if (!ok || dos_rate_per_sec) { +if (dos_rate_per_sec) { + dup_opt_seen = line->key; +} +goto err; + } + dos_rate_per_sec = true; + continue; +} +if (!strcasecmp(line->key, "HiddenServiceEnableIntroDoSBurstPerSec")) { + config->intro_dos_burst_per_sec = +(unsigned int) helper_parse_uint64(line->key, line->value, + HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN, + HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX, &ok); + if (!ok || dos_burst_per_sec) { +if (dos_burst_per_sec) { + dup_opt_seen = line->key; +} +goto err; + } + dos_burst_per_sec = true; + continue; +} } /* We do not load the key material for the service at this stage. This is diff --git a/src/feature/hs/hs_config.h b/src/feature/hs/hs_config.h index 040e451f1..249e19309 100644 --- a/src/feature/hs/hs_config.h +++ b/src/feature/hs/hs_config.h @@ -15,6 +15,14 @@ #define HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT 65535 /* Maximum number of intro points per version 3 services. */ #define HS_CONFIG_V3_MAX_INTRO_POINTS 20 +/* Default value for the introduction DoS defenses. */ +#define HS_CONFIG_V3_DOS_DEFENSE_DEFAULT 0 +#def
[tor-commits] [tor/master] hs-v3: Move to hs_dos.c INTRO2 defenses initialization
commit 82639a8c7bf59bb6ae73218cd78cee07b6586d96 Author: David Goulet Date: Tue Aug 20 08:35:21 2019 -0400 hs-v3: Move to hs_dos.c INTRO2 defenses initialization A bit cleaner especially that the next commit(s) will make the consensus param interface private to hs_dos.c so we expose as little as we can outside of the subsystem. Part of #30924 Signed-off-by: David Goulet --- src/feature/hs/hs_dos.c| 15 +++ src/feature/hs/hs_dos.h| 1 + src/feature/hs/hs_intropoint.c | 11 +++ src/feature/rend/rendmid.c | 3 +-- 4 files changed, 20 insertions(+), 10 deletions(-) diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index d83c8ee10..0eb306977 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -135,6 +135,21 @@ hs_dos_get_intro2_enabled_param(void) return (unsigned int) param_introduce_defense_enabled; } +/* Initialize the INTRODUCE2 token bucket for the DoS defenses using the + * consensus/default values. We might get a cell extension that changes those + * later but if we don't, the default or consensus parameters are used. */ +void +hs_dos_setup_default_intro2_defenses(or_circuit_t *circ) +{ + tor_assert(circ); + + circ->introduce2_dos_defense_enabled = get_param_intro_dos_enabled(NULL); + token_bucket_ctr_init(&circ->introduce2_bucket, +get_param_rate_per_sec(NULL), +get_param_burst_per_sec(NULL), +(uint32_t) approx_time()); +} + /* Called when the consensus has changed. We might have new consensus * parameters to look at. */ void diff --git a/src/feature/hs/hs_dos.h b/src/feature/hs/hs_dos.h index ee7b697c7..1d2dd67d0 100644 --- a/src/feature/hs/hs_dos.h +++ b/src/feature/hs/hs_dos.h @@ -22,6 +22,7 @@ void hs_dos_consensus_has_changed(const networkstatus_t *ns); /* Introduction Point. */ bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ); +void hs_dos_setup_default_intro2_defenses(or_circuit_t *circ); unsigned int hs_dos_get_intro2_enabled_param(void); uint32_t hs_dos_get_intro2_rate_param(void); diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index bafd3d1f4..fc7d96194 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -298,14 +298,9 @@ handle_verified_establish_intro_cell(or_circuit_t *circ, get_auth_key_from_cell(&auth_key, RELAY_COMMAND_ESTABLISH_INTRO, parsed_cell); - /* Initialize the INTRODUCE2 token bucket for the DoS defenses using the - * consensus/default values. We might get a cell extension that changes - * those but if we don't, the default or consensus parameters are used. */ - circ->introduce2_dos_defense_enabled = hs_dos_get_intro2_enabled_param(); - token_bucket_ctr_init(&circ->introduce2_bucket, -hs_dos_get_intro2_rate_param(), -hs_dos_get_intro2_burst_param(), -(uint32_t) approx_time()); + /* Setup INTRODUCE2 defenses on the circuit. Must be done before parsing the + * cell extension that can possibly change the defenses' values. */ + hs_dos_setup_default_intro2_defenses(circ); /* Handle cell extension if any. */ handle_establish_intro_cell_extensions(parsed_cell, circ); diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c index ef2a44c40..be3d66fc4 100644 --- a/src/feature/rend/rendmid.c +++ b/src/feature/rend/rendmid.c @@ -117,8 +117,7 @@ rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request, /* Now, set up this circuit. */ circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT); hs_circuitmap_register_intro_circ_v2_relay_side(circ, (uint8_t *)pk_digest); - token_bucket_ctr_init(&circ->introduce2_bucket, hs_dos_get_intro2_rate(), -hs_dos_get_intro2_burst(), (uint32_t) approx_time()); + hs_dos_setup_default_intro2_defenses(circ); log_info(LD_REND, "Established introduction point on circuit %u for service %s", ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] hs-v3: Clarify comment in hs_dos.c
commit 1c4607b13254942256b869ff0044d205518cc949 Author: David Goulet Date: Tue Aug 20 09:10:08 2019 -0400 hs-v3: Clarify comment in hs_dos.c Signed-off-by: David Goulet --- src/feature/hs/hs_dos.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index c7d420195..0ae36017f 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -45,7 +45,9 @@ * introduction DoS defense. Disabled by default. */ #define HS_DOS_INTRODUCE_ENABLED_DEFAULT 0 -/* Consensus parameters. */ +/* Consensus parameters. The ESTABLISH_INTRO DoS cell extension have higher + * priority than these values. If no extension is sent, these are used only by + * the introduction point. */ static uint32_t consensus_param_introduce_rate_per_sec = HS_DOS_INTRODUCE_DEFAULT_CELL_RATE_PER_SEC; static uint32_t consensus_param_introduce_burst_per_sec = ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] trunnel: Add prop305 ESTABLISH_INTRO DoS cell extension
commit e4856d1bbf1e3d0dd452a7a1b495464404007577 Author: David Goulet Date: Tue Jun 25 09:40:56 2019 -0400 trunnel: Add prop305 ESTABLISH_INTRO DoS cell extension Signed-off-by: David Goulet --- src/trunnel/hs/cell_establish_intro.c | 469 src/trunnel/hs/cell_establish_intro.h | 157 ++ src/trunnel/hs/cell_establish_intro.trunnel | 19 ++ 3 files changed, 645 insertions(+) diff --git a/src/trunnel/hs/cell_establish_intro.c b/src/trunnel/hs/cell_establish_intro.c index 99ceadbda..f31404c55 100644 --- a/src/trunnel/hs/cell_establish_intro.c +++ b/src/trunnel/hs/cell_establish_intro.c @@ -36,6 +36,185 @@ ssize_t trn_cell_extension_encoded_len(const trn_cell_extension_t *obj); ssize_t trn_cell_extension_encode(uint8_t *output, size_t avail, const trn_cell_extension_t *input); const char *trn_cell_extension_check(const trn_cell_extension_t *obj); int trn_cell_extension_clear_errors(trn_cell_extension_t *obj); +trn_cell_extension_dos_param_t * +trn_cell_extension_dos_param_new(void) +{ + trn_cell_extension_dos_param_t *val = trunnel_calloc(1, sizeof(trn_cell_extension_dos_param_t)); + if (NULL == val) +return NULL; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +trn_cell_extension_dos_param_clear(trn_cell_extension_dos_param_t *obj) +{ + (void) obj; +} + +void +trn_cell_extension_dos_param_free(trn_cell_extension_dos_param_t *obj) +{ + if (obj == NULL) +return; + trn_cell_extension_dos_param_clear(obj); + trunnel_memwipe(obj, sizeof(trn_cell_extension_dos_param_t)); + trunnel_free_(obj); +} + +uint8_t +trn_cell_extension_dos_param_get_type(const trn_cell_extension_dos_param_t *inp) +{ + return inp->type; +} +int +trn_cell_extension_dos_param_set_type(trn_cell_extension_dos_param_t *inp, uint8_t val) +{ + inp->type = val; + return 0; +} +uint64_t +trn_cell_extension_dos_param_get_value(const trn_cell_extension_dos_param_t *inp) +{ + return inp->value; +} +int +trn_cell_extension_dos_param_set_value(trn_cell_extension_dos_param_t *inp, uint64_t val) +{ + inp->value = val; + return 0; +} +const char * +trn_cell_extension_dos_param_check(const trn_cell_extension_dos_param_t *obj) +{ + if (obj == NULL) +return "Object was NULL"; + if (obj->trunnel_error_code_) +return "A set function failed on this object"; + return NULL; +} + +ssize_t +trn_cell_extension_dos_param_encoded_len(const trn_cell_extension_dos_param_t *obj) +{ + ssize_t result = 0; + + if (NULL != trn_cell_extension_dos_param_check(obj)) + return -1; + + + /* Length of u8 type */ + result += 1; + + /* Length of u64 value */ + result += 8; + return result; +} +int +trn_cell_extension_dos_param_clear_errors(trn_cell_extension_dos_param_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +trn_cell_extension_dos_param_encode(uint8_t *output, const size_t avail, const trn_cell_extension_dos_param_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = trn_cell_extension_dos_param_encoded_len(obj); +#endif + + if (NULL != (msg = trn_cell_extension_dos_param_check(obj))) +goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 type */ + trunnel_assert(written <= avail); + if (avail - written < 1) +goto truncated; + trunnel_set_uint8(ptr, (obj->type)); + written += 1; ptr += 1; + + /* Encode u64 value */ + trunnel_assert(written <= avail); + if (avail - written < 8) +goto truncated; + trunnel_set_uint64(ptr, trunnel_htonll(obj->value)); + written += 8; ptr += 8; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { +trunnel_assert(encoded_len >= 0); +trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As trn_cell_extension_dos_param_parse(), but do not allocate the + * output object. + */ +static ssize_t +trn_cell_extension_dos_param_parse_into(trn_cell_extension_dos_param_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 type */ + CHECK_REMAINING(1, truncated); + obj->type = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + + /* Parse u64 value */ + CHECK_REMAINING(8, truncated); + obj->value = trunnel_ntohll(trunnel_get_uint64(ptr)); + remaining -= 8; ptr += 8; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; +} + +ssize_t +trn_cell_extension_dos_param_parse(trn_cell_extension_dos_param_t **output,
[tor-commits] [tor/master] hs-v3: Parse ESTABLISH_INTRO cell extension
commit 724d9eb84be4c9a8b6cd34f08dc7b5d00f69f09e Author: David Goulet Date: Mon Aug 12 13:34:09 2019 -0400 hs-v3: Parse ESTABLISH_INTRO cell extension Signed-off-by: David Goulet --- src/core/or/or_circuit_st.h| 4 ++ src/feature/hs/hs_intropoint.c | 122 +++-- 2 files changed, 121 insertions(+), 5 deletions(-) diff --git a/src/core/or/or_circuit_st.h b/src/core/or/or_circuit_st.h index 8f319585a..f3eb86161 100644 --- a/src/core/or/or_circuit_st.h +++ b/src/core/or/or_circuit_st.h @@ -72,6 +72,10 @@ struct or_circuit_t { * buffer stats to disk. */ uint64_t total_cell_waiting_time; + /** If set, the DoS defenses are enabled on this circuit meaning that the + * introduce2_bucket is initialized and used. */ + unsigned int introduce2_dos_defense_enabled : 1; + /** INTRODUCE2 cell bucket controlling how much can go on this circuit. Only * used if this is a service introduction circuit at the intro point * (purpose = CIRCUIT_PURPOSE_INTRO_POINT). */ diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index a53ca0d6b..bafd3d1f4 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -26,6 +26,7 @@ #include "feature/hs/hs_circuitmap.h" #include "feature/hs/hs_common.h" +#include "feature/hs/hs_config.h" #include "feature/hs/hs_descriptor.h" #include "feature/hs/hs_dos.h" #include "feature/hs/hs_intropoint.h" @@ -181,6 +182,110 @@ hs_intro_send_intro_established_cell,(or_circuit_t *circ)) return ret; } +static void +handle_establish_intro_cell_dos_extension( +const trn_cell_extension_field_t *field, +or_circuit_t *circ) +{ + ssize_t ret; + uint64_t intro2_rate_per_sec = 0, intro2_burst_per_sec = 0; + trn_cell_extension_dos_t *dos = NULL; + + tor_assert(field); + tor_assert(circ); + + ret = trn_cell_extension_dos_parse(&dos, + trn_cell_extension_field_getconstarray_field(field), + trn_cell_extension_field_getlen_field(field)); + if (ret < 0) { +goto end; + } + + for (size_t i = 0; i < trn_cell_extension_dos_get_n_params(dos); i++) { +const trn_cell_extension_dos_param_t *param = + trn_cell_extension_dos_getconst_params(dos, i); +if (BUG(param == NULL)) { + goto end; +} + +switch (trn_cell_extension_dos_param_get_type(param)) { +case TRUNNEL_DOS_PARAM_TYPE_INTRO2_RATE_PER_SEC: + intro2_rate_per_sec = trn_cell_extension_dos_param_get_value(param); + break; +case TRUNNEL_DOS_PARAM_TYPE_INTRO2_BURST_PER_SEC: + intro2_burst_per_sec = trn_cell_extension_dos_param_get_value(param); + break; +default: + goto end; +} + } + + /* Validation. A value of 0 on either of them means the defenses are + * disabled so we ignore. */ + if ((intro2_rate_per_sec > HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX || + intro2_rate_per_sec <= HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN) || + (intro2_burst_per_sec > HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX || + intro2_burst_per_sec <= HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN) || + (intro2_burst_per_sec < intro2_rate_per_sec)) { +circ->introduce2_dos_defense_enabled = 0; +log_info(LD_REND, "Intro point DoS defenses disabled due to bad values"); + } else { +circ->introduce2_dos_defense_enabled = 1; + +/* Initialize the INTRODUCE2 token bucket for the rate limiting. */ +token_bucket_ctr_init(&circ->introduce2_bucket, + (uint32_t) intro2_rate_per_sec, + (uint32_t) intro2_burst_per_sec, + (uint32_t) approx_time()); +log_debug(LD_REND, "Intro point DoS defenses enabled. Rate is %" PRIu64 + " and Burst is %" PRIu64, intro2_rate_per_sec, + intro2_burst_per_sec); + } + + end: + trn_cell_extension_dos_free(dos); + return; +} + +static void +handle_establish_intro_cell_extensions( +const trn_cell_establish_intro_t *parsed_cell, +or_circuit_t *circ) +{ + const trn_cell_extension_t *extensions; + + tor_assert(parsed_cell); + tor_assert(circ); + + extensions = trn_cell_establish_intro_getconst_extensions(parsed_cell); + if (extensions == NULL) { +goto end; + } + + /* Go over all extensions. */ + for (size_t idx = 0; idx < trn_cell_extension_get_num(extensions); idx++) { +const trn_cell_extension_field_t *field = + trn_cell_extension_getconst_fields(extensions, idx); +if (BUG(field == NULL)) { + /* The number of extensions should match the number of fields. */ + break; +} + +switch (trn_cell_extension_field_get_field_type(field)) { +case TRUNNEL_CELL_EXTENSION_TYPE_DOS: + /* After this, the circuit should be set for DoS defenses. */ + handle_establish_intro_cell_dos_extension(field, circ); + break; +d
[tor-commits] [tor/master] hs-v3: Rename INTRO2 consensus param getters
commit 7faf10495fa50528fc8a9c45e729b9bc284fab19 Author: David Goulet Date: Mon Aug 12 12:32:38 2019 -0400 hs-v3: Rename INTRO2 consensus param getters Make it clear that these functions return the consensus param only. Introduction point can not set those values with a torrc option. Signed-off-by: David Goulet --- src/feature/hs/hs_dos.c| 37 ++--- src/feature/hs/hs_dos.h| 7 --- src/feature/hs/hs_intropoint.c | 6 -- src/test/test_hs_dos.c | 17 + 4 files changed, 39 insertions(+), 28 deletions(-) diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index a4586dd70..34af2b74e 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -46,11 +46,11 @@ #define HS_DOS_INTRODUCE_ENABLED_DEFAULT 0 /* Consensus parameters. */ -static uint32_t hs_dos_introduce_rate_per_sec = +static uint32_t param_introduce_rate_per_sec = HS_DOS_INTRODUCE_DEFAULT_CELL_RATE_PER_SEC; -static uint32_t hs_dos_introduce_burst_per_sec = +static uint32_t param_introduce_burst_per_sec = HS_DOS_INTRODUCE_DEFAULT_CELL_BURST_PER_SEC; -static uint32_t hs_dos_introduce_enabled = +static uint32_t param_introduce_defense_enabled = HS_DOS_INTRODUCE_ENABLED_DEFAULT; static uint32_t @@ -90,8 +90,8 @@ update_intro_circuits(void) SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) { /* Adjust the rate/burst value that might have changed. */ token_bucket_ctr_adjust(&TO_OR_CIRCUIT(circ)->introduce2_bucket, -hs_dos_get_intro2_rate(), -hs_dos_get_intro2_burst()); +hs_dos_get_intro2_rate_param(), +hs_dos_get_intro2_burst_param()); } SMARTLIST_FOREACH_END(circ); smartlist_free(intro_circs); @@ -101,9 +101,9 @@ update_intro_circuits(void) static void set_consensus_parameters(const networkstatus_t *ns) { - hs_dos_introduce_rate_per_sec = get_param_rate_per_sec(ns); - hs_dos_introduce_burst_per_sec = get_param_burst_per_sec(ns); - hs_dos_introduce_enabled = get_param_intro_dos_enabled(ns); + param_introduce_rate_per_sec = get_param_rate_per_sec(ns); + param_introduce_burst_per_sec = get_param_burst_per_sec(ns); + param_introduce_defense_enabled = get_param_intro_dos_enabled(ns); /* The above might have changed which means we need to go through all * introduction circuits (relay side) and update the token buckets. */ @@ -114,18 +114,25 @@ set_consensus_parameters(const networkstatus_t *ns) * Public API. */ -/* Return the INTRODUCE2 cell rate per second. */ +/* Return the INTRODUCE2 cell rate per second (param or default). */ uint32_t -hs_dos_get_intro2_rate(void) +hs_dos_get_intro2_rate_param(void) { - return hs_dos_introduce_rate_per_sec; + return param_introduce_rate_per_sec; } -/* Return the INTRODUCE2 cell burst per second. */ +/* Return the INTRODUCE2 cell burst per second (param or default). */ uint32_t -hs_dos_get_intro2_burst(void) +hs_dos_get_intro2_burst_param(void) { - return hs_dos_introduce_burst_per_sec; + return param_introduce_burst_per_sec; +} + +/* Return the INTRODUCE2 DoS defense enabled flag (param or default). */ +unsigned int +hs_dos_get_intro2_enabled_param(void) +{ + return (unsigned int) param_introduce_defense_enabled; } /* Called when the consensus has changed. We might have new consensus @@ -150,7 +157,7 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ) tor_assert(s_intro_circ); /* Always allowed if the defense is disabled. */ - if (!hs_dos_introduce_enabled) { + if (!param_introduce_defense_enabled) { return true; } diff --git a/src/feature/hs/hs_dos.h b/src/feature/hs/hs_dos.h index 9fba00b52..ee7b697c7 100644 --- a/src/feature/hs/hs_dos.h +++ b/src/feature/hs/hs_dos.h @@ -20,11 +20,12 @@ void hs_dos_init(void); /* Consensus. */ void hs_dos_consensus_has_changed(const networkstatus_t *ns); +/* Introduction Point. */ bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ); -/* Getters. */ -uint32_t hs_dos_get_intro2_rate(void); -uint32_t hs_dos_get_intro2_burst(void); +unsigned int hs_dos_get_intro2_enabled_param(void); +uint32_t hs_dos_get_intro2_rate_param(void); +uint32_t hs_dos_get_intro2_burst_param(void); #ifdef HS_DOS_PRIVATE diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index 2c105f0b6..a53ca0d6b 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -205,8 +205,10 @@ handle_verified_establish_intro_cell(or_circuit_t *circ, /* Repurpose this circuit into an intro circuit. */ circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT); /* Initialize the INTRODUCE2 token bucket for the rate limiting. */ - token_bucket_ctr_init(&circ->introduce2_bucket, hs_dos_get_intro2_rate(), -hs_dos_get_intro2_burst(), (uint32_t) approx_time()); + token_bucket_ctr_init(&circ-
[tor-commits] [tor/master] hs-v3: Missing intro circuit INTRO2 DoS enabled flag
commit a98f5099c4c58c25826835fbfc3ce708e5d378fd Author: David Goulet Date: Tue Aug 20 08:55:26 2019 -0400 hs-v3: Missing intro circuit INTRO2 DoS enabled flag When consensus changes, we also need to update the circuit INTRO2 defenses enabled flag and not only the token bucket. Signed-off-by: David Goulet --- src/feature/hs/hs_dos.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index a7a43b9bc..c7d420195 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -88,6 +88,9 @@ update_intro_circuits(void) smartlist_t *intro_circs = hs_circuitmap_get_all_intro_circ_relay_side(); SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) { +/* Defenses might have been enabled or disabled. */ +TO_OR_CIRCUIT(circ)->introduce2_dos_defense_enabled = + consensus_param_introduce_defense_enabled; /* Adjust the rate/burst value that might have changed. */ token_bucket_ctr_adjust(&TO_OR_CIRCUIT(circ)->introduce2_bucket, consensus_param_introduce_rate_per_sec, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] hs-v3: Don't apply DoS defenses if circuit has not been flagged
commit aee66c80bd9824650b26c4918fcfeed37ddb9b49 Author: David Goulet Date: Tue Aug 13 11:25:26 2019 -0400 hs-v3: Don't apply DoS defenses if circuit has not been flagged Signed-off-by: David Goulet --- src/feature/hs/hs_dos.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index 34af2b74e..d83c8ee10 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -156,8 +156,10 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ) { tor_assert(s_intro_circ); - /* Always allowed if the defense is disabled. */ - if (!param_introduce_defense_enabled) { + /* Allow to send the cell if the DoS defenses are disabled on the circuit. + * This can be set by the consensus, the ESTABLISH_INTRO cell extension or + * the hardcoded values in tor code. */ + if (!s_intro_circ->introduce2_dos_defense_enabled) { return true; } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] hs-v3: Privatize access to HS DoS consensus param
commit 94a22217082f99bb7d5409e22af69d45def52889 Author: David Goulet Date: Tue Aug 20 08:52:34 2019 -0400 hs-v3: Privatize access to HS DoS consensus param Remove the public functions returning the HS DoS consensus param or default values as it is exclusively used internally now. Rename the param_* variables to consensus_param_* for better code semantic. Finally, make some private functions available to unit tests. Signed-off-by: David Goulet --- src/feature/hs/hs_dos.c | 53 + src/feature/hs/hs_dos.h | 8 src/test/test_hs_dos.c | 18 - 3 files changed, 30 insertions(+), 49 deletions(-) diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index cf663396f..a7a43b9bc 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -46,14 +46,14 @@ #define HS_DOS_INTRODUCE_ENABLED_DEFAULT 0 /* Consensus parameters. */ -static uint32_t param_introduce_rate_per_sec = +static uint32_t consensus_param_introduce_rate_per_sec = HS_DOS_INTRODUCE_DEFAULT_CELL_RATE_PER_SEC; -static uint32_t param_introduce_burst_per_sec = +static uint32_t consensus_param_introduce_burst_per_sec = HS_DOS_INTRODUCE_DEFAULT_CELL_BURST_PER_SEC; -static uint32_t param_introduce_defense_enabled = +static uint32_t consensus_param_introduce_defense_enabled = HS_DOS_INTRODUCE_ENABLED_DEFAULT; -static uint32_t +STATIC uint32_t get_intro2_enable_consensus_param(const networkstatus_t *ns) { return networkstatus_get_param(ns, "HiddenServiceEnableIntroDoSDefense", @@ -61,7 +61,7 @@ get_intro2_enable_consensus_param(const networkstatus_t *ns) } /* Return the parameter for the introduction rate per sec. */ -static uint32_t +STATIC uint32_t get_intro2_rate_consensus_param(const networkstatus_t *ns) { return networkstatus_get_param(ns, "HiddenServiceEnableIntroDoSRatePerSec", @@ -70,7 +70,7 @@ get_intro2_rate_consensus_param(const networkstatus_t *ns) } /* Return the parameter for the introduction burst per sec. */ -static uint32_t +STATIC uint32_t get_intro2_burst_consensus_param(const networkstatus_t *ns) { return networkstatus_get_param(ns, "HiddenServiceEnableIntroDoSBurstPerSec", @@ -90,8 +90,8 @@ update_intro_circuits(void) SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) { /* Adjust the rate/burst value that might have changed. */ token_bucket_ctr_adjust(&TO_OR_CIRCUIT(circ)->introduce2_bucket, -param_introduce_rate_per_sec, -param_introduce_burst_per_sec); +consensus_param_introduce_rate_per_sec, +consensus_param_introduce_burst_per_sec); } SMARTLIST_FOREACH_END(circ); smartlist_free(intro_circs); @@ -101,9 +101,12 @@ update_intro_circuits(void) static void set_consensus_parameters(const networkstatus_t *ns) { - param_introduce_rate_per_sec = get_intro2_rate_consensus_param(ns); - param_introduce_burst_per_sec = get_intro2_burst_consensus_param(ns); - param_introduce_defense_enabled = get_intro2_enable_consensus_param(ns); + consensus_param_introduce_rate_per_sec = +get_intro2_rate_consensus_param(ns); + consensus_param_introduce_burst_per_sec = +get_intro2_burst_consensus_param(ns); + consensus_param_introduce_defense_enabled = +get_intro2_enable_consensus_param(ns); /* The above might have changed which means we need to go through all * introduction circuits (relay side) and update the token buckets. */ @@ -114,27 +117,6 @@ set_consensus_parameters(const networkstatus_t *ns) * Public API. */ -/* Return the INTRODUCE2 cell rate per second (param or default). */ -uint32_t -hs_dos_get_intro2_rate_param(void) -{ - return param_introduce_rate_per_sec; -} - -/* Return the INTRODUCE2 cell burst per second (param or default). */ -uint32_t -hs_dos_get_intro2_burst_param(void) -{ - return param_introduce_burst_per_sec; -} - -/* Return the INTRODUCE2 DoS defense enabled flag (param or default). */ -unsigned int -hs_dos_get_intro2_enabled_param(void) -{ - return (unsigned int) param_introduce_defense_enabled; -} - /* Initialize the INTRODUCE2 token bucket for the DoS defenses using the * consensus/default values. We might get a cell extension that changes those * later but if we don't, the default or consensus parameters are used. */ @@ -143,10 +125,11 @@ hs_dos_setup_default_intro2_defenses(or_circuit_t *circ) { tor_assert(circ); - circ->introduce2_dos_defense_enabled = param_introduce_defense_enabled; + circ->introduce2_dos_defense_enabled = +consensus_param_introduce_defense_enabled; token_bucket_ctr_init(&circ->introduce2_bucket, -param_introduce_rate_per_sec, -param_introduce_burst_per_sec, +consensus_param_introduce_rate_per_sec, +consensus_param_introduce_burst_per_sec,
[tor-commits] [tor/master] hs-v3: Cleanup usage of consensus param in hs_dos.c
commit 184c76e339fdf25ea5f61ed052810cd5f356852e Author: David Goulet Date: Tue Aug 20 08:41:15 2019 -0400 hs-v3: Cleanup usage of consensus param in hs_dos.c This commit makes it that the hs_dos.c file only uses the consensus parameter variables set when we initialize and when the consensus changes. There is no need to call each time networkstatus_get_param(), which is expensive, when we want access to a consensus value. Signed-off-by: David Goulet --- src/feature/hs/hs_dos.c | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index 0eb306977..cf663396f 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -54,7 +54,7 @@ static uint32_t param_introduce_defense_enabled = HS_DOS_INTRODUCE_ENABLED_DEFAULT; static uint32_t -get_param_intro_dos_enabled(const networkstatus_t *ns) +get_intro2_enable_consensus_param(const networkstatus_t *ns) { return networkstatus_get_param(ns, "HiddenServiceEnableIntroDoSDefense", HS_DOS_INTRODUCE_ENABLED_DEFAULT, 0, 1); @@ -62,7 +62,7 @@ get_param_intro_dos_enabled(const networkstatus_t *ns) /* Return the parameter for the introduction rate per sec. */ static uint32_t -get_param_rate_per_sec(const networkstatus_t *ns) +get_intro2_rate_consensus_param(const networkstatus_t *ns) { return networkstatus_get_param(ns, "HiddenServiceEnableIntroDoSRatePerSec", HS_DOS_INTRODUCE_DEFAULT_CELL_RATE_PER_SEC, @@ -71,7 +71,7 @@ get_param_rate_per_sec(const networkstatus_t *ns) /* Return the parameter for the introduction burst per sec. */ static uint32_t -get_param_burst_per_sec(const networkstatus_t *ns) +get_intro2_burst_consensus_param(const networkstatus_t *ns) { return networkstatus_get_param(ns, "HiddenServiceEnableIntroDoSBurstPerSec", HS_DOS_INTRODUCE_DEFAULT_CELL_BURST_PER_SEC, @@ -90,8 +90,8 @@ update_intro_circuits(void) SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) { /* Adjust the rate/burst value that might have changed. */ token_bucket_ctr_adjust(&TO_OR_CIRCUIT(circ)->introduce2_bucket, -hs_dos_get_intro2_rate_param(), -hs_dos_get_intro2_burst_param()); +param_introduce_rate_per_sec, +param_introduce_burst_per_sec); } SMARTLIST_FOREACH_END(circ); smartlist_free(intro_circs); @@ -101,9 +101,9 @@ update_intro_circuits(void) static void set_consensus_parameters(const networkstatus_t *ns) { - param_introduce_rate_per_sec = get_param_rate_per_sec(ns); - param_introduce_burst_per_sec = get_param_burst_per_sec(ns); - param_introduce_defense_enabled = get_param_intro_dos_enabled(ns); + param_introduce_rate_per_sec = get_intro2_rate_consensus_param(ns); + param_introduce_burst_per_sec = get_intro2_burst_consensus_param(ns); + param_introduce_defense_enabled = get_intro2_enable_consensus_param(ns); /* The above might have changed which means we need to go through all * introduction circuits (relay side) and update the token buckets. */ @@ -143,10 +143,10 @@ hs_dos_setup_default_intro2_defenses(or_circuit_t *circ) { tor_assert(circ); - circ->introduce2_dos_defense_enabled = get_param_intro_dos_enabled(NULL); + circ->introduce2_dos_defense_enabled = param_introduce_defense_enabled; token_bucket_ctr_init(&circ->introduce2_bucket, -get_param_rate_per_sec(NULL), -get_param_burst_per_sec(NULL), +param_introduce_rate_per_sec, +param_introduce_burst_per_sec, (uint32_t) approx_time()); } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] hs-v3: Add changes file for prop305 implementation
commit f95b5d07c1a0407a60ca6335c032ec7a01b28968 Author: David Goulet Date: Wed Aug 14 11:15:39 2019 -0400 hs-v3: Add changes file for prop305 implementation Signed-off-by: David Goulet --- changes/ticket30924 | 6 ++ 1 file changed, 6 insertions(+) diff --git a/changes/ticket30924 b/changes/ticket30924 new file mode 100644 index 0..832c37797 --- /dev/null +++ b/changes/ticket30924 @@ -0,0 +1,6 @@ + o Major features (onion service v3, denial of service): +- Add onion service introduction denial of service defenses. They consist of + rate limiting client introduction at the intro point using parameters that + can be sent by the service within the ESTABLISH_INTRO cell. If the cell + extension for this is not used, the intro point will honor the consensus + parameters. Closes ticket 30924. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] test: Adapt HS DoS test to use latest parameter
commit 1c554334ac6a7d39c69ec8dd26702a613bb899b4 Author: David Goulet Date: Wed Aug 14 10:41:40 2019 -0400 test: Adapt HS DoS test to use latest parameter We added a flag on the circuit to know if the DoS defenses are enabled or not. Before, it was solely the consensus parameter. Part of #30924 Signed-off-by: David Goulet --- src/test/test_hs_dos.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/test/test_hs_dos.c b/src/test/test_hs_dos.c index e2b211d5d..f92d953fa 100644 --- a/src/test/test_hs_dos.c +++ b/src/test/test_hs_dos.c @@ -57,6 +57,7 @@ test_can_send_intro2(void *arg) /* Make that circuit a service intro point. */ circuit_change_purpose(TO_CIRCUIT(or_circ), CIRCUIT_PURPOSE_INTRO_POINT); + or_circ->introduce2_dos_defense_enabled = 1; /* Initialize the INTRODUCE2 token bucket for the rate limiting. */ token_bucket_ctr_init(&or_circ->introduce2_bucket, hs_dos_get_intro2_rate_param(), ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] hs-v3: Encode DoS ESTABLISH_INTRO cell extension
commit d692c5fd0368da79f83307f6f023ae5793472e1a Author: David Goulet Date: Mon Aug 12 11:59:51 2019 -0400 hs-v3: Encode DoS ESTABLISH_INTRO cell extension This commit makes tor add the DoS cell extension to the ESTABLISH_INTRO cell if the defense is enabled on the service side with a torrc option. Furthermore, the cell extension is only added if the introduction point supports it. The protover version HSIntro=5 is looked for. Signed-off-by: David Goulet --- src/feature/hs/hs_cell.c| 111 +++- src/feature/hs/hs_cell.h| 1 + src/feature/hs/hs_circuit.c | 2 +- src/feature/hs/hs_service.c | 4 + src/feature/hs/hs_service.h | 4 + src/test/test_hs_cell.c | 9 ++- src/test/test_hs_intropoint.c | 10 ++- src/trunnel/hs/cell_establish_intro.h | 2 + src/trunnel/hs/cell_establish_intro.trunnel | 4 + 9 files changed, 138 insertions(+), 9 deletions(-) diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index 69f1ccbef..a67af1e9a 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -473,10 +473,110 @@ introduce1_set_legacy_id(trn_cell_introduce1_t *cell, } } +/* Build and add to the given DoS cell extension the given parameter type and + * value. */ +static void +build_establish_intro_dos_param(trn_cell_extension_dos_t *dos_ext, +uint8_t param_type, uint64_t param_value) +{ + trn_cell_extension_dos_param_t *dos_param = +trn_cell_extension_dos_param_new(); + + /* Extra safety. We should never send an unknown parameter type. */ + tor_assert(param_type == TRUNNEL_DOS_PARAM_TYPE_INTRO2_RATE_PER_SEC || + param_type == TRUNNEL_DOS_PARAM_TYPE_INTRO2_BURST_PER_SEC); + + trn_cell_extension_dos_param_set_type(dos_param, param_type); + trn_cell_extension_dos_param_set_value(dos_param, param_value); + trn_cell_extension_dos_add_params(dos_ext, dos_param); + + /* Not freeing the trunnel object because it is now owned by dos_ext. */ +} + +/* Build the DoS defense cell extension and put it in the given extensions + * object. This can't fail. */ +static void +build_establish_intro_dos_extension(const hs_service_config_t *service_config, +trn_cell_extension_t *extensions) +{ + ssize_t ret, dos_ext_encoded_len; + uint8_t *field_array; + trn_cell_extension_field_t *field; + trn_cell_extension_dos_t *dos_ext; + + tor_assert(service_config); + tor_assert(extensions); + + /* We are creating a cell extension field of the type DoS. */ + field = trn_cell_extension_field_new(); + trn_cell_extension_field_set_field_type(field, + TRUNNEL_CELL_EXTENSION_TYPE_DOS); + + /* Build DoS extension field. We will put in two parameters. */ + dos_ext = trn_cell_extension_dos_new(); + trn_cell_extension_dos_set_n_params(dos_ext, 2); + + /* Build DoS parameter INTRO2 rate per second. */ + build_establish_intro_dos_param(dos_ext, + TRUNNEL_DOS_PARAM_TYPE_INTRO2_RATE_PER_SEC, + service_config->intro_dos_rate_per_sec); + /* Build DoS parameter INTRO2 burst per second. */ + build_establish_intro_dos_param(dos_ext, + TRUNNEL_DOS_PARAM_TYPE_INTRO2_BURST_PER_SEC, + service_config->intro_dos_burst_per_sec); + + /* Set the field with the encoded DoS extension. */ + dos_ext_encoded_len = trn_cell_extension_dos_encoded_len(dos_ext); + /* Set length field and the field array size length. */ + trn_cell_extension_field_set_field_len(field, dos_ext_encoded_len); + trn_cell_extension_field_setlen_field(field, dos_ext_encoded_len); + /* Encode the DoS extension into the cell extension field. */ + field_array = trn_cell_extension_field_getarray_field(field); + ret = trn_cell_extension_dos_encode(field_array, + trn_cell_extension_field_getlen_field(field), dos_ext); + tor_assert(ret == dos_ext_encoded_len); + + /* Finally, encode field into the cell extension. */ + trn_cell_extension_add_fields(extensions, field); + + /* We've just add an extension field to the cell extensions so increment the + * total number. */ + trn_cell_extension_set_num(extensions, + trn_cell_extension_get_num(extensions) + 1); + + /* Cleanup. DoS extension has been encoded at this point. */ + trn_cell_extension_dos_free(dos_ext); +} + /* == */ /* Public API */ /* == */ +/* Allocate and build all the ESTABLISH_INTRO cell extension. The given + * extensions pointer is always set to a valid cell extension object. */ +static trn_cell_extension_t * +build_establish_intro_extensions(const hs_service_config_t *service_config, + const hs_service_intro_point_t *ip) +{ + trn_ce
[tor-commits] [tor/master] test: Build DoS cell extension
commit dde073764c2eb237919aa9e908fda1968c11a091 Author: David Goulet Date: Tue Aug 13 09:26:46 2019 -0400 test: Build DoS cell extension Signed-off-by: David Goulet --- src/feature/hs/hs_cell.c | 2 +- src/feature/hs/hs_cell.h | 10 ++ src/test/test_hs_cell.c | 87 3 files changed, 98 insertions(+), 1 deletion(-) diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index a67af1e9a..547dda3e1 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -554,7 +554,7 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, /* Allocate and build all the ESTABLISH_INTRO cell extension. The given * extensions pointer is always set to a valid cell extension object. */ -static trn_cell_extension_t * +STATIC trn_cell_extension_t * build_establish_intro_extensions(const hs_service_config_t *service_config, const hs_service_intro_point_t *ip) { diff --git a/src/feature/hs/hs_cell.h b/src/feature/hs/hs_cell.h index 5fb416c2f..864b6fda5 100644 --- a/src/feature/hs/hs_cell.h +++ b/src/feature/hs/hs_cell.h @@ -106,5 +106,15 @@ int hs_cell_parse_rendezvous2(const uint8_t *payload, size_t payload_len, /* Util API. */ void hs_cell_introduce1_data_clear(hs_cell_introduce1_data_t *data); +#ifdef TOR_UNIT_TESTS + +#include "trunnel/hs/cell_common.h" + +STATIC trn_cell_extension_t * +build_establish_intro_extensions(const hs_service_config_t *service_config, + const hs_service_intro_point_t *ip); + +#endif /* defined(TOR_UNIT_TESTS) */ + #endif /* !defined(TOR_HS_CELL_H) */ diff --git a/src/test/test_hs_cell.c b/src/test/test_hs_cell.c index 874c04b20..403509fbc 100644 --- a/src/test/test_hs_cell.c +++ b/src/test/test_hs_cell.c @@ -20,6 +20,7 @@ #include "feature/hs/hs_service.h" /* Trunnel. */ +#include "trunnel/hs/cell_common.h" #include "trunnel/hs/cell_establish_intro.h" /** We simulate the creation of an outgoing ESTABLISH_INTRO cell, and then we @@ -125,11 +126,97 @@ test_gen_establish_intro_cell_bad(void *arg) UNMOCK(ed25519_sign_prefixed); } +static void +test_gen_establish_intro_dos_ext(void *arg) +{ + ssize_t ret; + hs_service_config_t config; + hs_service_intro_point_t *ip = NULL; + trn_cell_extension_t *extensions = NULL; + trn_cell_extension_dos_t *dos = NULL; + + (void) arg; + + memset(&config, 0, sizeof(config)); + ip = service_intro_point_new(NULL); + tt_assert(ip); + ip->support_intro2_dos_defense = 1; + + /* Case 1: No DoS parameters so no extension to be built. */ + extensions = build_establish_intro_extensions(&config, ip); + tt_int_op(trn_cell_extension_get_num(extensions), OP_EQ, 0); + trn_cell_extension_free(extensions); + extensions = NULL; + + /* Case 2: Enable the DoS extension. Parameter set to 0 should indicate to + * disable the defense on the intro point but there should be an extension + * nonetheless in the cell. */ + config.has_dos_defense_enabled = 1; + extensions = build_establish_intro_extensions(&config, ip); + tt_int_op(trn_cell_extension_get_num(extensions), OP_EQ, 1); + /* Validate the extension. */ + const trn_cell_extension_field_t *field = +trn_cell_extension_getconst_fields(extensions, 0); + tt_int_op(trn_cell_extension_field_get_field_type(field), OP_EQ, +TRUNNEL_CELL_EXTENSION_TYPE_DOS); + ret = trn_cell_extension_dos_parse(&dos, + trn_cell_extension_field_getconstarray_field(field), + trn_cell_extension_field_getlen_field(field)); + tt_int_op(ret, OP_EQ, 19); + /* Rate per sec param. */ + const trn_cell_extension_dos_param_t *param = +trn_cell_extension_dos_getconst_params(dos, 0); + tt_int_op(trn_cell_extension_dos_param_get_type(param), OP_EQ, +TRUNNEL_DOS_PARAM_TYPE_INTRO2_RATE_PER_SEC); + tt_u64_op(trn_cell_extension_dos_param_get_value(param), OP_EQ, 0); + /* Burst per sec param. */ + param = trn_cell_extension_dos_getconst_params(dos, 1); + tt_int_op(trn_cell_extension_dos_param_get_type(param), OP_EQ, +TRUNNEL_DOS_PARAM_TYPE_INTRO2_BURST_PER_SEC); + tt_u64_op(trn_cell_extension_dos_param_get_value(param), OP_EQ, 0); + trn_cell_extension_dos_free(dos); dos = NULL; + trn_cell_extension_free(extensions); extensions = NULL; + + /* Case 3: Enable the DoS extension. Parameter set to some normal values. */ + config.has_dos_defense_enabled = 1; + config.intro_dos_rate_per_sec = 42; + config.intro_dos_burst_per_sec = 250; + extensions = build_establish_intro_extensions(&config, ip); + tt_int_op(trn_cell_extension_get_num(extensions), OP_EQ, 1); + /* Validate the extension. */ + field = trn_cell_extension_getconst_fields(extensions, 0); + tt_int_op(trn_cell_extension_field_get_field_type(field), OP_EQ, +TRUNNEL_CELL_EXTENSION_TYPE_DOS); + ret = trn_cell_extension_dos_parse(&dos, + trn_cell_extension_field_getconstarray_
[tor-commits] [tor/master] hs-v3: Refactor DoS cell extension parameters validation
commit 461d231289584110bde37ab498db3631fb6b0cf1 Author: David Goulet Date: Tue Aug 20 09:38:13 2019 -0400 hs-v3: Refactor DoS cell extension parameters validation Move everything to its own function in order to better log, document and tests the introduction point validation process. Signed-off-by: David Goulet --- src/feature/hs/hs_config.h | 3 +- src/feature/hs/hs_intropoint.c | 91 +- src/feature/hs/hs_intropoint.h | 3 ++ src/test/test_hs_dos.c | 43 4 files changed, 120 insertions(+), 20 deletions(-) diff --git a/src/feature/hs/hs_config.h b/src/feature/hs/hs_config.h index 249e19309..beefc7a61 100644 --- a/src/feature/hs/hs_config.h +++ b/src/feature/hs/hs_config.h @@ -15,7 +15,8 @@ #define HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT 65535 /* Maximum number of intro points per version 3 services. */ #define HS_CONFIG_V3_MAX_INTRO_POINTS 20 -/* Default value for the introduction DoS defenses. */ +/* Default value for the introduction DoS defenses. The MIN/MAX are inclusive + * meaning they can be used as valid values. */ #define HS_CONFIG_V3_DOS_DEFENSE_DEFAULT 0 #define HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_DEFAULT 25 #define HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN 0 diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index fc7d96194..9b6a96628 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -182,6 +182,59 @@ hs_intro_send_intro_established_cell,(or_circuit_t *circ)) return ret; } +/* Validate the cell DoS extension parameters. Return true iff they've been + * bound check and can be used. Else return false. See proposal 305 for + * details and reasons about this validation. */ +STATIC bool +validate_cell_dos_extension_parameters(uint64_t intro2_rate_per_sec, + uint64_t intro2_burst_per_sec) +{ + bool ret = false; + + /* A value of 0 is valid in the sense that we accept it but we still disable + * the defenses so return false. */ + if (intro2_rate_per_sec == 0 || intro2_burst_per_sec == 0) { +log_info(LD_REND, "Intro point DoS defenses parameter set to 0."); +goto end; + } + + /* Bound check the received rate per second. MIN/MAX are inclusive. */ + if (!(intro2_rate_per_sec <= HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX && +intro2_rate_per_sec > HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN)) { +log_info(LD_REND, "Intro point DoS defenses rate per second is " + "invalid. Received value: %" PRIu64, + intro2_rate_per_sec); +goto end; + } + + /* Bound check the received burst per second. MIN/MAX are inclusive. */ + if (!(intro2_burst_per_sec <= HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX && +intro2_burst_per_sec > HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN)) { +log_info(LD_REND, "Intro point DoS defenses burst per second is " + "invalid. Received value: %" PRIu64, + intro2_burst_per_sec); +goto end; + } + + /* In a rate limiting scenario, burst can never be smaller than the rate. At + * best it can be equal. */ + if (intro2_burst_per_sec < intro2_rate_per_sec) { +log_info(LD_REND, "Intro point DoS defenses burst is smaller than rate. " + "Rate: %" PRIu64 " vs Burst: %" PRIu64, + intro2_rate_per_sec, intro2_burst_per_sec); +goto end; + } + + /* Passing validation. */ + ret = true; + + end: + return ret; +} + +/* Parse the cell DoS extension and apply defenses on the given circuit if + * validation passes. If the cell extension is malformed or contains unusable + * values, the DoS defenses is disabled on the circuit. */ static void handle_establish_intro_cell_dos_extension( const trn_cell_extension_field_t *field, @@ -220,33 +273,33 @@ handle_establish_intro_cell_dos_extension( } } - /* Validation. A value of 0 on either of them means the defenses are - * disabled so we ignore. */ - if ((intro2_rate_per_sec > HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX || - intro2_rate_per_sec <= HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN) || - (intro2_burst_per_sec > HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX || - intro2_burst_per_sec <= HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN) || - (intro2_burst_per_sec < intro2_rate_per_sec)) { + /* If invalid, we disable the defense on the circuit. */ + if (!validate_cell_dos_extension_parameters(intro2_rate_per_sec, + intro2_burst_per_sec)) { circ->introduce2_dos_defense_enabled = 0; -log_info(LD_REND, "Intro point DoS defenses disabled due to bad values"); - } else { -circ->introduce2_dos_defense_enabled = 1; - -/* Initialize the INTRODUCE2 token bucket for the rate limiting. */ -token_bucket_ctr_init(&circ->introduce2_bucket, - (uint32_t) intro2_rate_
[tor-commits] [tor/master] trunnel: Remove typo in cell extention field name
commit 414e90025d711df6853a119ac5c7514428750d12 Author: David Goulet Date: Mon Aug 12 11:07:19 2019 -0400 trunnel: Remove typo in cell extention field name There can be multiple fields in a cell extension but individually, it is singular. Signed-off-by: David Goulet --- src/trunnel/hs/cell_common.c | 116 ++--- src/trunnel/hs/cell_common.h | 98 +++ src/trunnel/hs/cell_common.trunnel | 4 +- 3 files changed, 109 insertions(+), 109 deletions(-) diff --git a/src/trunnel/hs/cell_common.c b/src/trunnel/hs/cell_common.c index 830af5c78..1f50961d6 100644 --- a/src/trunnel/hs/cell_common.c +++ b/src/trunnel/hs/cell_common.c @@ -28,10 +28,10 @@ int cellcommon_deadcode_dummy__ = 0; }\ } while (0) -trn_cell_extension_fields_t * -trn_cell_extension_fields_new(void) +trn_cell_extension_field_t * +trn_cell_extension_field_new(void) { - trn_cell_extension_fields_t *val = trunnel_calloc(1, sizeof(trn_cell_extension_fields_t)); + trn_cell_extension_field_t *val = trunnel_calloc(1, sizeof(trn_cell_extension_field_t)); if (NULL == val) return NULL; return val; @@ -40,7 +40,7 @@ trn_cell_extension_fields_new(void) /** Release all storage held inside 'obj', but do not free 'obj'. */ static void -trn_cell_extension_fields_clear(trn_cell_extension_fields_t *obj) +trn_cell_extension_field_clear(trn_cell_extension_field_t *obj) { (void) obj; TRUNNEL_DYNARRAY_WIPE(&obj->field); @@ -48,62 +48,62 @@ trn_cell_extension_fields_clear(trn_cell_extension_fields_t *obj) } void -trn_cell_extension_fields_free(trn_cell_extension_fields_t *obj) +trn_cell_extension_field_free(trn_cell_extension_field_t *obj) { if (obj == NULL) return; - trn_cell_extension_fields_clear(obj); - trunnel_memwipe(obj, sizeof(trn_cell_extension_fields_t)); + trn_cell_extension_field_clear(obj); + trunnel_memwipe(obj, sizeof(trn_cell_extension_field_t)); trunnel_free_(obj); } uint8_t -trn_cell_extension_fields_get_field_type(const trn_cell_extension_fields_t *inp) +trn_cell_extension_field_get_field_type(const trn_cell_extension_field_t *inp) { return inp->field_type; } int -trn_cell_extension_fields_set_field_type(trn_cell_extension_fields_t *inp, uint8_t val) +trn_cell_extension_field_set_field_type(trn_cell_extension_field_t *inp, uint8_t val) { inp->field_type = val; return 0; } uint8_t -trn_cell_extension_fields_get_field_len(const trn_cell_extension_fields_t *inp) +trn_cell_extension_field_get_field_len(const trn_cell_extension_field_t *inp) { return inp->field_len; } int -trn_cell_extension_fields_set_field_len(trn_cell_extension_fields_t *inp, uint8_t val) +trn_cell_extension_field_set_field_len(trn_cell_extension_field_t *inp, uint8_t val) { inp->field_len = val; return 0; } size_t -trn_cell_extension_fields_getlen_field(const trn_cell_extension_fields_t *inp) +trn_cell_extension_field_getlen_field(const trn_cell_extension_field_t *inp) { return TRUNNEL_DYNARRAY_LEN(&inp->field); } uint8_t -trn_cell_extension_fields_get_field(trn_cell_extension_fields_t *inp, size_t idx) +trn_cell_extension_field_get_field(trn_cell_extension_field_t *inp, size_t idx) { return TRUNNEL_DYNARRAY_GET(&inp->field, idx); } uint8_t -trn_cell_extension_fields_getconst_field(const trn_cell_extension_fields_t *inp, size_t idx) +trn_cell_extension_field_getconst_field(const trn_cell_extension_field_t *inp, size_t idx) { - return trn_cell_extension_fields_get_field((trn_cell_extension_fields_t*)inp, idx); + return trn_cell_extension_field_get_field((trn_cell_extension_field_t*)inp, idx); } int -trn_cell_extension_fields_set_field(trn_cell_extension_fields_t *inp, size_t idx, uint8_t elt) +trn_cell_extension_field_set_field(trn_cell_extension_field_t *inp, size_t idx, uint8_t elt) { TRUNNEL_DYNARRAY_SET(&inp->field, idx, elt); return 0; } int -trn_cell_extension_fields_add_field(trn_cell_extension_fields_t *inp, uint8_t elt) +trn_cell_extension_field_add_field(trn_cell_extension_field_t *inp, uint8_t elt) { #if SIZE_MAX >= UINT8_MAX if (inp->field.n_ == UINT8_MAX) @@ -117,17 +117,17 @@ trn_cell_extension_fields_add_field(trn_cell_extension_fields_t *inp, uint8_t el } uint8_t * -trn_cell_extension_fields_getarray_field(trn_cell_extension_fields_t *inp) +trn_cell_extension_field_getarray_field(trn_cell_extension_field_t *inp) { return inp->field.elts_; } const uint8_t * -trn_cell_extension_fields_getconstarray_field(const trn_cell_extension_fields_t *inp) +trn_cell_extension_field_getconstarray_field(const trn_cell_extension_field_t *inp) { - return (const uint8_t *)trn_cell_extension_fields_getarray_field((trn_cell_extension_fields_t*)inp); + return (const uint8_t *)trn_cell_extension_field_getarray_field((trn_cell_extension_field_t*)inp); } int -trn_cell_extens
[tor-commits] [translation/snowflake-website-indexhtml] https://gitweb.torproject.org/translation.git/commit/?h=snowflake-website-indexhtml
commit d94a5a20b4b6402fd57b53a1c6332be0b2d74e21 Author: Translation commit bot Date: Mon Sep 9 16:17:29 2019 + https://gitweb.torproject.org/translation.git/commit/?h=snowflake-website-indexhtml --- id/index.html | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/id/index.html b/id/index.html index cfcfa749a..6abff126d 100644 --- a/id/index.html +++ b/id/index.html @@ -35,11 +35,11 @@ tentang bagaimana Snowflake bekerja, lihat Tambahan - Jika akses internet Anda tidakdisensor, Anda sebaiknya -mempertimbangkan untuk memasang tambahan (ekstensi) Snowflake untuk membantu pengguna di jaringan yang disensor. -Tidak ada yang perlu dikhawatirkan mengenai situsweb mana yang orang-orang sedang -akses melalui proksi Anda. Alamat IP perambanan mereka yang terlihat akan -cocok dengan node keluar Tor mereka, bukan milik Anda. + Jika akses internet Anda tidak disensor, Anda harus + mempertimbangkan untuk menginstal ekstensi tambahan Snowflake untuk membantu pengguna dalam jaringan yang disensor + Tidak perlu khawatir tentang situs web mana yang diakses oleh orang lain melalui proxy Anda + Alamat IP penelusuran yang terlihat akan cocok dengan simpul keluar + Tor mereka, bukan milik Anda. https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/";> Pasang di Firefox ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere] https://gitweb.torproject.org/translation.git/commit/?h=https_everywhere
commit d522d5e79a66c7fddd7e9faa3344d7a93c7ddd72 Author: Translation commit bot Date: Mon Sep 9 16:16:03 2019 + https://gitweb.torproject.org/translation.git/commit/?h=https_everywhere --- id/https-everywhere.dtd | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/id/https-everywhere.dtd b/id/https-everywhere.dtd index d25a4f2c0..cad1b4af5 100644 --- a/id/https-everywhere.dtd +++ b/id/https-everywhere.dtd @@ -42,25 +42,25 @@ - + - - + + - - - - - + + + + + - - + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/orfox-stringsxml_completed] https://gitweb.torproject.org/translation.git/commit/?h=orfox-stringsxml_completed
commit ee407f7be8bc25baddd5011783bd75868979faa8 Author: Translation commit bot Date: Mon Sep 9 15:46:57 2019 + https://gitweb.torproject.org/translation.git/commit/?h=orfox-stringsxml_completed --- id/strings.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/id/strings.xml b/id/strings.xml index 842c60b2b..8e9560027 100644 --- a/id/strings.xml +++ b/id/strings.xml @@ -6,4 +6,4 @@ PERGI KE F-DROID PERGI KE GOOGLE PLAY UNDUH .APK - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/orfox-stringsxml] https://gitweb.torproject.org/translation.git/commit/?h=orfox-stringsxml
commit 1738366341a4d91bfdc43b91b6c5b880dbb163ad Author: Translation commit bot Date: Mon Sep 9 15:46:50 2019 + https://gitweb.torproject.org/translation.git/commit/?h=orfox-stringsxml --- id/strings.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/id/strings.xml b/id/strings.xml index 8e9560027..ea6d4b159 100644 --- a/id/strings.xml +++ b/id/strings.xml @@ -6,4 +6,5 @@ PERGI KE F-DROID PERGI KE GOOGLE PLAY UNDUH .APK - +Mengekspor Bookmark + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere] https://gitweb.torproject.org/translation.git/commit/?h=https_everywhere
commit 105fa572c6d1b7c126398147f9e6c3f861cc6a6a Author: Translation commit bot Date: Mon Sep 9 15:46:01 2019 + https://gitweb.torproject.org/translation.git/commit/?h=https_everywhere --- id/https-everywhere.dtd | 28 ++-- pl/https-everywhere.dtd | 12 ++-- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/id/https-everywhere.dtd b/id/https-everywhere.dtd index a33b70c2c..d25a4f2c0 100644 --- a/id/https-everywhere.dtd +++ b/id/https-everywhere.dtd @@ -9,13 +9,13 @@ - - - - - - - + + + + + + + @@ -27,20 +27,20 @@ - - - - + + + + - + - + - + diff --git a/pl/https-everywhere.dtd b/pl/https-everywhere.dtd index 8c4e91afc..e0173026c 100644 --- a/pl/https-everywhere.dtd +++ b/pl/https-everywhere.dtd @@ -3,14 +3,14 @@ - + - - + + @@ -36,11 +36,11 @@ - + - + @@ -55,7 +55,7 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Remove unused struct_var_* functions.
commit a727d4a3a17674e886f2b3fd6344774a2d759743 Author: Nick Mathewson Date: Thu Sep 5 15:24:54 2019 -0400 Remove unused struct_var_* functions. These turned out to be unnecessary, so let's not keep them around and let them start getting complicated. Closes ticket 31630. --- src/lib/confmgt/structvar.c | 27 --- src/lib/confmgt/structvar.h | 4 2 files changed, 31 deletions(-) diff --git a/src/lib/confmgt/structvar.c b/src/lib/confmgt/structvar.c index 32f616c21..75edda2c3 100644 --- a/src/lib/confmgt/structvar.c +++ b/src/lib/confmgt/structvar.c @@ -93,20 +93,6 @@ get_type_def(const struct_member_t *member) } /** - * (As typed_var_assign, but assign a value to the member of object - * defined by member.) - **/ -int -struct_var_assign(void *object, const char *value, char **errmsg, - const struct_member_t *member) -{ - void *p = struct_get_mptr(object, member); - const var_type_def_t *def = get_type_def(member); - - return typed_var_assign(p, value, errmsg, def); -} - -/** * (As typed_var_free, but free and clear the member of object defined * by member.) **/ @@ -120,19 +106,6 @@ struct_var_free(void *object, const struct_member_t *member) } /** - * (As typed_var_encode, but encode the member of object defined - * by member.) - **/ -char * -struct_var_encode(const void *object, const struct_member_t *member) -{ - const void *p = struct_get_ptr(object, member); - const var_type_def_t *def = get_type_def(member); - - return typed_var_encode(p, def); -} - -/** * (As typed_var_copy, but copy from src to dest the member * defined by member.) **/ diff --git a/src/lib/confmgt/structvar.h b/src/lib/confmgt/structvar.h index e6dbc6d6e..9783d1ec2 100644 --- a/src/lib/confmgt/structvar.h +++ b/src/lib/confmgt/structvar.h @@ -28,12 +28,8 @@ void *struct_get_mptr(void *object, const void *struct_get_ptr(const void *object, const struct struct_member_t *member); -int struct_var_assign(void *object, const char *value, char **errmsg, - const struct struct_member_t *member); void struct_var_free(void *object, const struct struct_member_t *member); -char *struct_var_encode(const void *object, -const struct struct_member_t *member); int struct_var_copy(void *dest, const void *src, const struct struct_member_t *member); bool struct_var_eq(const void *a, const void *b, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'tor-github/pr/1298'
commit f16fc262e5e6dd562924549bee06a3088279f439 Merge: 1e7c7870e a727d4a3a Author: David Goulet Date: Mon Sep 9 11:05:51 2019 -0400 Merge branch 'tor-github/pr/1298' src/lib/confmgt/structvar.c | 27 --- src/lib/confmgt/structvar.h | 4 2 files changed, 31 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere] https://gitweb.torproject.org/translation.git/commit/?h=https_everywhere
commit bbc3096ed60084d6f87a0bebdf481eebd94821cd Author: Translation commit bot Date: Mon Sep 9 15:16:01 2019 + https://gitweb.torproject.org/translation.git/commit/?h=https_everywhere --- pl/https-everywhere.dtd | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pl/https-everywhere.dtd b/pl/https-everywhere.dtd index 8edd8adef..8c4e91afc 100644 --- a/pl/https-everywhere.dtd +++ b/pl/https-everywhere.dtd @@ -2,13 +2,13 @@ - + - - + + @@ -20,20 +20,20 @@ - + - + - + - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/https_everywhere_completed] https://gitweb.torproject.org/translation.git/commit/?h=https_everywhere_completed
commit a8f69626b2731f5c377d7713b9fe781f3af80a15 Author: Translation commit bot Date: Mon Sep 9 15:16:09 2019 + https://gitweb.torproject.org/translation.git/commit/?h=https_everywhere_completed --- pl/https-everywhere.dtd | 110 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/pl/https-everywhere.dtd b/pl/https-everywhere.dtd index 8edd8adef..824486d24 100644 --- a/pl/https-everywhere.dtd +++ b/pl/https-everywhere.dtd @@ -2,66 +2,66 @@ - - + + - + - - - - - - - - - + + + + + + + + + - + - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + - + - + - - - + + + - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tpo/master] Set Tor Browser for Android version to 8.5.6
commit b23afc4367808fdd41f4ad584c8b210e81514941 Author: Nicolas Vigier Date: Mon Sep 9 17:09:26 2019 +0200 Set Tor Browser for Android version to 8.5.6 Set a separate version number on Android. We should revert this when the next stable release is published on all platforms. --- databags/versions.ini | 3 +++ templates/download-android.html | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/databags/versions.ini b/databags/versions.ini index 3a9ee37..8678372 100644 --- a/databags/versions.ini +++ b/databags/versions.ini @@ -2,6 +2,9 @@ version = 8.5.5 win32 = 0.4.1.5 +[torbrowser-stable-android] +version = 8.5.6 + [torbrowser-alpha] version = 9.0a6 diff --git a/templates/download-android.html b/templates/download-android.html index 71eb856..dee3912 100644 --- a/templates/download-android.html +++ b/templates/download-android.html @@ -16,7 +16,7 @@ - {% set t = bag('versions', 'torbrowser-stable') %} + {% set t = bag('versions', 'torbrowser-stable-android') %} https://dist.torproject.org/torbrowser/{{ t.version }}/tor-browser-{{ t.version }}-android-armv7-multi.apk">{{ _('Download .apk') }} arm https://dist.torproject.org/torbrowser/{{ t.version }}/tor-browser-{{ t.version }}-android-armv7-multi.apk.asc">sig https://dist.torproject.org/torbrowser/{{ t.version }}/tor-browser-{{ t.version }}-android-x86-multi.apk">{{ _('Download .apk') }} x86 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'tor-github/pr/1287'
commit 1e7c7870e87ff660d4dce0b381790993be0328eb Merge: 545c21e23 193c74faf Author: David Goulet Date: Mon Sep 9 10:51:19 2019 -0400 Merge branch 'tor-github/pr/1287' changes/bug31571| 7 +++ src/lib/err/backtrace.c | 42 +++--- src/lib/err/backtrace.h | 1 + src/lib/err/torerr.c| 11 +-- 4 files changed, 48 insertions(+), 13 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'bug31571_035' into bug31571_040
commit 0cee6f498c1c9bb2f9fc05605bd0f11617d9d809 Merge: a52a5e009 a836dd253 Author: teor Date: Wed Sep 4 13:57:31 2019 +1000 Merge branch 'bug31571_035' into bug31571_040 changes/bug31571| 7 +++ src/lib/err/backtrace.c | 42 +++--- src/lib/err/backtrace.h | 1 + src/lib/err/torerr.c| 11 +-- 4 files changed, 48 insertions(+), 13 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'bug31571_041' into bug31571_master
commit 193c74faf9c4c4dd32789e89cfd3f40291842524 Merge: 7fa624537 abe1f4f23 Author: teor Date: Wed Sep 4 13:57:39 2019 +1000 Merge branch 'bug31571_041' into bug31571_master changes/bug31571| 7 +++ src/lib/err/backtrace.c | 42 +++--- src/lib/err/backtrace.h | 1 + src/lib/err/torerr.c| 11 +-- 4 files changed, 48 insertions(+), 13 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.3.5' into bug31571_035
commit a836dd25309935edf74d993be1d437afdccc073a Merge: f311d0676 1132dc9f7 Author: teor Date: Wed Sep 4 13:57:15 2019 +1000 Merge branch 'maint-0.3.5' into bug31571_035 changes/bug30894 | 4 changes/bug31003 | 4 changes/ticket30871 | 6 + src/app/config/confparse.c| 1 + src/feature/client/entrynodes.c | 4 src/feature/nodelist/routerlist.c | 12 +- src/test/test_circuitbuild.c | 47 +++ 7 files changed, 72 insertions(+), 6 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'bug31571_040' into bug31571_041
commit abe1f4f23ea885b60d3a677f730d9ce11d8eb8cb Merge: e3a458e44 0cee6f498 Author: teor Date: Wed Sep 4 13:57:36 2019 +1000 Merge branch 'bug31571_040' into bug31571_041 changes/bug31571| 7 +++ src/lib/err/backtrace.c | 42 +++--- src/lib/err/backtrace.h | 1 + src/lib/err/torerr.c| 11 +-- 4 files changed, 48 insertions(+), 13 deletions(-) diff --cc src/lib/err/backtrace.c index e6cbe3d32,8606f4217..75d5093c5 --- a/src/lib/err/backtrace.c +++ b/src/lib/err/backtrace.c @@@ -240,10 -237,11 +237,11 @@@ remove_bt_handler(void #ifdef NO_BACKTRACE_IMPL void -log_backtrace_impl(int severity, int domain, const char *msg, +log_backtrace_impl(int severity, log_domain_mask_t domain, const char *msg, tor_log_fn logger) { - logger(severity, domain, "%s. (Stack trace not available)", msg); + logger(severity, domain, "%s: %s. (Stack trace not available)", + bt_version, msg); } static int ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] torerr: Try harder to flush raw assert messages before process termination
commit c55591825fedb0fe1db92fab7b654ccc15ad50d3 Author: teor Date: Fri Aug 30 21:17:56 2019 +1000 torerr: Try harder to flush raw assert messages before process termination Some platforms (macOS, maybe others?) can swallow the last write before an abort. This issue is probably caused by a race condition between write buffer cache flushing, and process termination. So we write an extra newline, to make sure that the message always gets through. Fixes bug 31571; bugfix on 0.3.5.1-alpha. --- changes/bug31571 | 7 +++ src/lib/err/torerr.c | 8 +++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/changes/bug31571 b/changes/bug31571 new file mode 100644 index 0..86de3537b --- /dev/null +++ b/changes/bug31571 @@ -0,0 +1,7 @@ + o Minor bugfixes (error handling): +- Report the tor version whenever an assertion fails. Previously, we only + reported the Tor version on some crashes, and some non-fatal assertions. + Fixes bug 31571; bugfix on 0.3.5.1-alpha. +- On abort, try harder to flush the output buffers of log messages. On + some platforms (macOS), log messages can be discarded when the process + terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha. diff --git a/src/lib/err/torerr.c b/src/lib/err/torerr.c index 88b19b732..6b5224273 100644 --- a/src/lib/err/torerr.c +++ b/src/lib/err/torerr.c @@ -146,13 +146,19 @@ tor_raw_assertion_failed_msg_(const char *file, int line, const char *expr, format_dec_number_sigsafe(line, linebuf, sizeof(linebuf)); tor_log_err_sigsafe("INTERNAL ERROR: Raw assertion failed in ", get_tor_backtrace_version(), " at ", - file, ":", linebuf, ": ", expr, NULL); + file, ":", linebuf, ": ", expr, "\n", NULL); if (msg) { tor_log_err_sigsafe_write(msg); tor_log_err_sigsafe_write("\n"); } dump_stack_symbols_to_error_fds(); + + /* Some platforms (macOS, maybe others?) can swallow the last write before an + * abort. This issue is probably caused by a race condition between write + * buffer cache flushing, and process termination. So we write an extra + * newline, to make sure that the message always gets through. */ + tor_log_err_sigsafe_write("\n"); } /* As format_{hex,dex}_number_sigsafe, but takes a radix argument ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] torerr: Log the Tor backtrace version when a raw assertion fails
commit 65a1d86491d56c77048d01e0b4fc6b933a13795c Author: teor Date: Fri Aug 30 21:17:07 2019 +1000 torerr: Log the Tor backtrace version when a raw assertion fails Part of 31571. --- src/lib/err/backtrace.c | 8 src/lib/err/backtrace.h | 1 + src/lib/err/torerr.c| 3 ++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c index c34eb6dfa..a4d8269c6 100644 --- a/src/lib/err/backtrace.c +++ b/src/lib/err/backtrace.c @@ -261,6 +261,14 @@ dump_stack_symbols_to_error_fds(void) } #endif /* defined(NO_BACKTRACE_IMPL) */ +/** Return the tor version used for error messages on crashes. + * Signal-safe: returns a pointer to a static array. */ +const char * +get_tor_backtrace_version(void) +{ + return bt_version; +} + /** Set up code to handle generating error messages on crashes. */ int configure_backtrace_handler(const char *tor_version) diff --git a/src/lib/err/backtrace.h b/src/lib/err/backtrace.h index 9b313261e..48b41fca0 100644 --- a/src/lib/err/backtrace.h +++ b/src/lib/err/backtrace.h @@ -21,6 +21,7 @@ void log_backtrace_impl(int severity, int domain, const char *msg, int configure_backtrace_handler(const char *tor_version); void clean_up_backtrace_handler(void); void dump_stack_symbols_to_error_fds(void); +const char *get_tor_backtrace_version(void); #define log_backtrace(sev, dom, msg) \ log_backtrace_impl((sev), (dom), (msg), tor_log) diff --git a/src/lib/err/torerr.c b/src/lib/err/torerr.c index 54acf722a..88b19b732 100644 --- a/src/lib/err/torerr.c +++ b/src/lib/err/torerr.c @@ -144,7 +144,8 @@ tor_raw_assertion_failed_msg_(const char *file, int line, const char *expr, { char linebuf[16]; format_dec_number_sigsafe(line, linebuf, sizeof(linebuf)); - tor_log_err_sigsafe("INTERNAL ERROR: Raw assertion failed at ", + tor_log_err_sigsafe("INTERNAL ERROR: Raw assertion failed in ", + get_tor_backtrace_version(), " at ", file, ":", linebuf, ": ", expr, NULL); if (msg) { tor_log_err_sigsafe_write(msg); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] backtrace: Always set a backtrace Tor version
commit e2a7d08aa7c51fa903d5294628612a13b4c0d6e0 Author: teor Date: Fri Aug 30 21:12:52 2019 +1000 backtrace: Always set a backtrace Tor version We want to report the tor version, even on platforms that don't have backtrace support (like Android). This commit stores the backtrace Tor version, regardless of USE_BACKTRACE. Preparation for 31571. --- src/lib/err/backtrace.c | 15 +++ 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c index 1d1b3bcfa..8cca3c37e 100644 --- a/src/lib/err/backtrace.c +++ b/src/lib/err/backtrace.c @@ -68,10 +68,10 @@ // Redundant with util.h, but doing it here so we can avoid that dependency. #define raw_free free -#ifdef USE_BACKTRACE /** Version of Tor to report in backtrace messages. */ static char bt_version[128] = ""; +#ifdef USE_BACKTRACE /** Largest stack depth to try to dump. */ #define MAX_DEPTH 256 /** Static allocation of stack to dump. This is static so we avoid stack @@ -193,15 +193,12 @@ dump_stack_symbols_to_error_fds(void) /** Install signal handlers as needed so that when we crash, we produce a * useful stack trace. Return 0 on success, -errno on failure. */ static int -install_bt_handler(const char *software) +install_bt_handler(void) { int trap_signals[] = { SIGSEGV, SIGILL, SIGFPE, SIGBUS, SIGSYS, SIGIO, -1 }; int i, rv=0; - strncpy(bt_version, software, sizeof(bt_version) - 1); - bt_version[sizeof(bt_version) - 1] = 0; - struct sigaction sa; memset(&sa, 0, sizeof(sa)); @@ -247,9 +244,8 @@ log_backtrace_impl(int severity, int domain, const char *msg, } static int -install_bt_handler(const char *software) +install_bt_handler(void) { - (void) software; return 0; } @@ -274,7 +270,10 @@ configure_backtrace_handler(const char *tor_version) snprintf(version, sizeof(version), "Tor %s", tor_version); } - return install_bt_handler(version); + strncpy(bt_version, version, sizeof(bt_version) - 1); + bt_version[sizeof(bt_version) - 1] = 0; + + return install_bt_handler(); } /** Perform end-of-process cleanup for code that generates error messages on ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] backtrace: Log the Tor backtrace version whenever we log a backtrace
commit 743bc0028be46e92a46b3b5e38f1e50ee69ff284 Author: teor Date: Fri Aug 30 21:15:54 2019 +1000 backtrace: Log the Tor backtrace version whenever we log a backtrace Previously, we just logged it in the crash handler. Part of 31571. --- src/lib/err/backtrace.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c index 8cca3c37e..c34eb6dfa 100644 --- a/src/lib/err/backtrace.c +++ b/src/lib/err/backtrace.c @@ -127,7 +127,7 @@ log_backtrace_impl(int severity, int domain, const char *msg, depth = backtrace(cb_buf, MAX_DEPTH); symbols = backtrace_symbols(cb_buf, (int)depth); - logger(severity, domain, "%s. Stack trace:", msg); + logger(severity, domain, "%s: %s. Stack trace:", bt_version, msg); if (!symbols) { /* LCOV_EXCL_START -- we can't provoke this. */ logger(severity, domain, "Unable to generate backtrace."); @@ -240,7 +240,8 @@ void log_backtrace_impl(int severity, int domain, const char *msg, tor_log_fn logger) { - logger(severity, domain, "%s. (Stack trace not available)", msg); + logger(severity, domain, "%s: %s. (Stack trace not available)", + bt_version, msg); } static int ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] backtrace: Check the return values of snprintf() and strncpy()
commit f311d0676caad1c61a4dbf8fffbeb79003866903 Author: teor Date: Tue Sep 3 15:50:37 2019 +1000 backtrace: Check the return values of snprintf() and strncpy() We can't use strlcat() or strlcpy() in torerr, because they are defined in string/compat_string.h on some platforms, and string uses torerr. Part of 31571. --- src/lib/err/backtrace.c | 16 ++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c index a4d8269c6..8606f4217 100644 --- a/src/lib/err/backtrace.c +++ b/src/lib/err/backtrace.c @@ -276,11 +276,23 @@ configure_backtrace_handler(const char *tor_version) char version[128] = "Tor\0"; if (tor_version) { -snprintf(version, sizeof(version), "Tor %s", tor_version); +int snp_rv = 0; +/* We can't use strlcat() here, because it is defined in + * string/compat_string.h on some platforms, and string uses torerr. */ +snp_rv = snprintf(version, sizeof(version), "Tor %s", tor_version); +/* It's safe to call raw_assert() here, because raw_assert() does not + * call configure_backtrace_handler(). */ +raw_assert(snp_rv < (int)sizeof(version)); +raw_assert(snp_rv >= 0); } - strncpy(bt_version, version, sizeof(bt_version) - 1); + char *str_rv = NULL; + /* We can't use strlcpy() here, see the note about strlcat() above. */ + str_rv = strncpy(bt_version, version, sizeof(bt_version) - 1); + /* We must terminate bt_version, then raw_assert(), because raw_assert() + * uses bt_version. */ bt_version[sizeof(bt_version) - 1] = 0; + raw_assert(str_rv == bt_version); return install_bt_handler(); } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tba-torbrowserstringsdtd] https://gitweb.torproject.org/translation.git/commit/?h=tba-torbrowserstringsdtd
commit d9a00a43ba8aff30c118f1b93c5e48b6780aae9c Author: Translation commit bot Date: Mon Sep 9 14:20:15 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tba-torbrowserstringsdtd --- nl/torbrowser_strings.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nl/torbrowser_strings.dtd b/nl/torbrowser_strings.dtd index 6b2548de2..a8e2d7363 100644 --- a/nl/torbrowser_strings.dtd +++ b/nl/torbrowser_strings.dtd @@ -26,7 +26,7 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup] https://gitweb.torproject.org/translation.git/commit/?h=tails-persistence-setup
commit edc844e76287d07f346024346fcccd3aa0a42f89 Author: Translation commit bot Date: Mon Sep 9 14:19:57 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tails-persistence-setup --- nl/nl.po | 141 --- 1 file changed, 71 insertions(+), 70 deletions(-) diff --git a/nl/nl.po b/nl/nl.po index b039420b2..836b82cf2 100644 --- a/nl/nl.po +++ b/nl/nl.po @@ -9,6 +9,7 @@ # gjlajfklajdkladj kasldfjaslkf <1bsuaz+3xy1gedeys...@sharklasers.com>, 2015 # kwadronaut , 2017 # Nathan Follens, 2016 +# Meteor0id, 2019 # Oussama El Bachiri , 2013 # Richard E. van der Luit , 2012 # Shondoit Walker , 2013 @@ -22,8 +23,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2019-03-17 09:03+0100\n" -"PO-Revision-Date: 2019-08-24 08:18+\n" -"Last-Translator: Tonnes \n" +"PO-Revision-Date: 2019-09-09 13:53+\n" +"Last-Translator: Meteor0id\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -33,181 +34,181 @@ msgstr "" #: ../lib/Tails/Persistence/Setup.pm:265 msgid "Setup Tails persistent volume" -msgstr "" +msgstr "Permanent volume voor Tails configureren" #: ../lib/Tails/Persistence/Setup.pm:343 ../lib/Tails/Persistence/Setup.pm:481 msgid "Error" -msgstr "" +msgstr "Fout" #: ../lib/Tails/Persistence/Setup.pm:372 #, perl-format msgid "Device %s already has a persistent volume." -msgstr "" +msgstr "Apparaat %s heeft al een permanent volume." #: ../lib/Tails/Persistence/Setup.pm:380 #, perl-format msgid "Device %s has not enough unallocated space." -msgstr "" +msgstr "Apparaat %s heeft onvoldoende niet-toegewezen ruimte." #: ../lib/Tails/Persistence/Setup.pm:387 ../lib/Tails/Persistence/Setup.pm:401 #, perl-format msgid "Device %s has no persistent volume." -msgstr "" +msgstr "Apparaat %s heeft geen permanent volume." #: ../lib/Tails/Persistence/Setup.pm:393 #, perl-format msgid "" "Cannot delete the persistent volume on %s while in use. You should restart " "Tails without persistence." -msgstr "" +msgstr "Kan het permanente volume op %s niet verwijderen zolang het in gebruik is. Herstart Tails zonder persistentie." #: ../lib/Tails/Persistence/Setup.pm:407 #, perl-format msgid "Persistence volume on %s is not unlocked." -msgstr "" +msgstr "Persistentievolume op %s is niet ontgrendeld." #: ../lib/Tails/Persistence/Setup.pm:412 #, perl-format msgid "Persistence volume on %s is not mounted." -msgstr "" +msgstr "Persistentievolume op %s is niet gekoppeld." #: ../lib/Tails/Persistence/Setup.pm:417 #, perl-format msgid "" "Persistence volume on %s is not readable. Permissions or ownership problems?" -msgstr "" +msgstr "Persistentievolume op %s is niet leesbaar. Problemen met machtigingen of eigendom?" #: ../lib/Tails/Persistence/Setup.pm:422 #, perl-format msgid "Persistence volume on %s is not writable." -msgstr "" +msgstr "Persistentievolume op %s is niet beschrijfbaar." #: ../lib/Tails/Persistence/Setup.pm:431 #, perl-format msgid "Tails is running from non-USB / non-SDIO device %s." -msgstr "" +msgstr "Tails wordt uitgevoerd vanaf niet-USB- / niet-SDIO-apparaat %s." #: ../lib/Tails/Persistence/Setup.pm:437 #, perl-format msgid "Device %s is optical." -msgstr "" +msgstr "Apparaat %s is optisch." #: ../lib/Tails/Persistence/Setup.pm:444 #, perl-format msgid "Device %s was not created using Tails Installer." -msgstr "" +msgstr "Apparaat %s is niet met Tails Installer gemaakt." #: ../lib/Tails/Persistence/Setup.pm:688 msgid "Persistence wizard - Finished" -msgstr "" +msgstr "Persistentiewizard - Voltooid" #: ../lib/Tails/Persistence/Setup.pm:691 msgid "" "Any changes you have made will only take effect after restarting Tails.\n" "\n" "You may now close this application." -msgstr "" +msgstr "Aangebrachte wijzigingen worden pas van kracht na herstarten van Tails.\n\nU kunt deze toepassing nu sluiten." #: ../lib/Tails/Persistence/Configuration/Setting.pm:113 msgid "Custom" -msgstr "" +msgstr "Aangepast" #: ../lib/Tails/Persistence/Configuration/Presets.pm:55 msgid "Personal Data" -msgstr "" +msgstr "Persoonlijke gegevens" #: ../lib/Tails/Persistence/Configuration/Presets.pm:57 msgid "Keep files stored in the `Persistent' directory" -msgstr "" +msgstr "Bestanden bewaren in de map 'Persistent'" #: ../lib/Tails/Persistence/Configuration/Presets.pm:70 msgid "Browser Bookmarks" -msgstr "" +msgstr "Browserbladwijzers" #: ../lib/Tails/Persistence/Configuration/Presets.pm:72 msgid "Bookmarks saved in the Tor Browser" -msgstr "" +msgstr "Bladwijzer opgeslagen in de Tor-browser" #: ../lib/Tails/Persistence/Configuration/Presets.pm:85 msgid "Network Connections" -msgstr "" +msgstr "Netwerkverbindingen" #: ../lib/Tails/Persistence/Configuration/Presets.pm:87 msgid "Configuration of net
[tor-commits] [translation/tails-onioncircuits] https://gitweb.torproject.org/translation.git/commit/?h=tails-onioncircuits
commit f3b102399aa7cbb2198b0a1b62540e4b89778d6e Author: Translation commit bot Date: Mon Sep 9 14:19:45 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tails-onioncircuits --- nl/onioncircuits.pot | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/nl/onioncircuits.pot b/nl/onioncircuits.pot index 64b0985a5..5409b6e66 100644 --- a/nl/onioncircuits.pot +++ b/nl/onioncircuits.pot @@ -4,6 +4,7 @@ # # Translators: # André Koot , 2016 +# Meteor0id, 2019 # Tonnes , 2019 # Volluta , 2016 msgid "" @@ -11,8 +12,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-08-03 13:00+\n" -"PO-Revision-Date: 2019-08-29 12:52+\n" -"Last-Translator: Tonnes \n" +"PO-Revision-Date: 2019-09-09 13:58+\n" +"Last-Translator: Meteor0id\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -22,7 +23,7 @@ msgstr "" #: ../onioncircuits:81 msgid "You are not connected to Tor yet..." -msgstr "U bent nog niet verbonden met Tor..." +msgstr "U bent nog niet verbonden met Torâ¦" #: ../onioncircuits:95 msgid "Onion Circuits" @@ -42,11 +43,11 @@ msgstr "Klik op een circuit voor meer info over de Tor-relays ervan." #: ../onioncircuits:221 msgid "The connection to Tor was lost..." -msgstr "De verbinding met Tor is verbroken..." +msgstr "De verbinding met Tor is verbrokenâ¦" #: ../onioncircuits:317 msgid "..." -msgstr "..." +msgstr "â¦" #: ../onioncircuits:343 #, c-format ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-onioncircuits_completed] https://gitweb.torproject.org/translation.git/commit/?h=tails-onioncircuits_completed
commit 546409a3ff08d58e7f158b9aee54316bec653aa1 Author: Translation commit bot Date: Mon Sep 9 14:19:51 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tails-onioncircuits_completed --- nl/onioncircuits.pot | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nl/onioncircuits.pot b/nl/onioncircuits.pot index a54d05613..449032911 100644 --- a/nl/onioncircuits.pot +++ b/nl/onioncircuits.pot @@ -4,6 +4,7 @@ # # Translators: # André Koot , 2016 +# Meteor0id, 2019 # Tonnes , 2019 # Volluta , 2016 msgid "" @@ -11,8 +12,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-08-03 13:00+\n" -"PO-Revision-Date: 2019-08-29 12:52+\n" -"Last-Translator: Tonnes \n" +"PO-Revision-Date: 2019-09-09 13:58+\n" +"Last-Translator: Meteor0id\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc_release] https://gitweb.torproject.org/translation.git/commit/?h=tails-misc_release
commit f42973011797c3d3efb93b800de65f3dc5661948 Author: Translation commit bot Date: Mon Sep 9 14:18:44 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tails-misc_release --- nl.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nl.po b/nl.po index 3ebb32fe9..f3f3c2bdb 100644 --- a/nl.po +++ b/nl.po @@ -34,8 +34,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2019-08-14 14:11+0200\n" -"PO-Revision-Date: 2019-08-28 10:20+\n" -"Last-Translator: Tonnes \n" +"PO-Revision-Date: 2019-09-09 13:59+\n" +"Last-Translator: Meteor0id\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-iuk] https://gitweb.torproject.org/translation.git/commit/?h=tails-iuk
commit ec3516e1888f0ed006f34f5d62a6795f3421dd3b Author: Translation commit bot Date: Mon Sep 9 14:18:49 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tails-iuk --- nl.po | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/nl.po b/nl.po index a5c01ce0e..4fd87351d 100644 --- a/nl.po +++ b/nl.po @@ -9,6 +9,7 @@ # Cleveridge , 2014 # Joost Rijneveld , 2014 # Joren Vandeweyer , 2017 +# Meteor0id, 2019 # Roy Jacobs, 2016 # Tjeerd , 2014 # Tonnes , 2019 @@ -19,8 +20,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2018-12-09 13:56+0100\n" -"PO-Revision-Date: 2019-08-28 11:34+\n" -"Last-Translator: Tonnes \n" +"PO-Revision-Date: 2019-09-09 13:57+\n" +"Last-Translator: Meteor0id\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -155,7 +156,7 @@ msgstr "Upgrade downloaden" #: ../lib/Tails/IUK/Frontend.pm:472 #, perl-brace-format msgid "Downloading the upgrade to %{name}s %{version}s..." -msgstr "De upgrade naar %{name}s %{version}s downloaden..." +msgstr "De upgrade naar %{name}s %{version}s wordt gedownloadâ¦" #: ../lib/Tails/IUK/Frontend.pm:513 msgid "" @@ -259,7 +260,7 @@ msgid "" "Your Tails device is being upgraded...\n" "\n" "For security reasons, the networking is now disabled." -msgstr "Uw Tails-apparaat wordt geüpgraded...\n\nOm veiligheidsredenen wordt het netwerk nu uitgeschakeld." +msgstr "Uw Tails-apparaat wordt opgewaardeerdâ¦\n\nOm veiligheidsredenen wordt het netwerk nu uitgeschakeld." #: ../lib/Tails/IUK/Frontend.pm:705 msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] https://gitweb.torproject.org/translation.git/commit/?h=tails-misc
commit 498626c03fc0f3f0d285ab81ae6e6584238d1a25 Author: Translation commit bot Date: Mon Sep 9 14:17:32 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tails-misc --- nl.po | 440 +- 1 file changed, 220 insertions(+), 220 deletions(-) diff --git a/nl.po b/nl.po index 06ca325a2..6dae983a6 100644 --- a/nl.po +++ b/nl.po @@ -19,7 +19,7 @@ # LittleNacho , 2013 # 53a60eabbf5124a226a7678001f9a57b, 2015 # Nathan Follens, 2015 -# Full name, 2019 +# Meteor0id, 2019 # Midgard, 2014 # T. Des Maison , 2014 # Thinkwell, 2018 @@ -34,8 +34,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2019-08-14 14:11+0200\n" -"PO-Revision-Date: 2019-08-28 10:20+\n" -"Last-Translator: Tonnes \n" +"PO-Revision-Date: 2019-09-09 13:59+\n" +"Last-Translator: Meteor0id\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -45,11 +45,11 @@ msgstr "" #: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh:39 msgid "Tor is ready" -msgstr "" +msgstr "Tor is gereed" #: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh:40 msgid "You can now access the Internet." -msgstr "" +msgstr "U hebt nu toegang tot het internet." #: config/chroot_local-includes/etc/whisperback/config.py:69 #, python-format @@ -66,24 +66,24 @@ msgid "" "an opportunity for eavesdroppers, like your email or Internet provider, to\n" "confirm that you are using Tails.\n" "\n" -msgstr "" +msgstr "Help ons uw bug op te lossen!\nLees onze instructies voor het melden van bugs.\nVoeg niet meer persoonlijke gegevens toe dan\nnodig!\nOver het geven van een e-mailadres\n\nDoor een e-mailadres op te geven, kunnen we contact met u opnemen om het probleem te\nverhelderen. Voor de overgrote meerderheid van rapporten die we ontvangen is dit nodig,\nomdat de meeste rapporten zonder contactgegevens nutteloos zijn. Anderzijds biedt het ook\neen gelegenheid voor afluisteraars, zoals uw e-mail- of internetprovider, om te bevestigen\ndat u Tails gebruikt.\n\n" #: config/chroot_local-includes/usr/share/tails/additional-software/configuration-window.ui:8 #: ../config/chroot_local-includes/usr/share/applications/org.boum.tails.additional-software-config.desktop.in.h:1 msgid "Additional Software" -msgstr "" +msgstr "Extra software" #: config/chroot_local-includes/usr/share/tails/additional-software/configuration-window.ui:51 msgid "" "You can install additional software automatically from your persistent " "storage when starting Tails." -msgstr "" +msgstr "U kunt automatisch extra software vanaf uw permanente opslag installeren bij het starten van Tails." #: config/chroot_local-includes/usr/share/tails/additional-software/configuration-window.ui:77 msgid "" "The following software is installed automatically from your persistent " "storage when starting Tails." -msgstr "" +msgstr "De volgende software wordt automatisch vanaf uw permanente opslag geïnstalleerd bij het starten van Tails." #: config/chroot_local-includes/usr/share/tails/additional-software/configuration-window.ui:135 #: config/chroot_local-includes/usr/local/bin/tails-additional-software-config:171 @@ -91,108 +91,108 @@ msgid "" "To add more, install some software using Synaptic Package Manager or APT on the command line." -msgstr "" +msgstr "Om meer toe te voegen, kunt u software installeren via de Synaptic Package Manager of APT op de opdrachtregel." #: config/chroot_local-includes/usr/share/tails/additional-software/configuration-window.ui:154 msgid "_Create persistent storage" -msgstr "" +msgstr "_Permanente opslag aanmaken" #: config/chroot_local-includes/usr/local/bin/electrum:57 msgid "Persistence is disabled for Electrum" -msgstr "" +msgstr "Persistentie is uitgeschakeld voor Electrum" #: config/chroot_local-includes/usr/local/bin/electrum:59 msgid "" "When you reboot Tails, all of Electrum's data will be lost, including your " "Bitcoin wallet. It is strongly recommended to only run Electrum when its " "persistence feature is activated." -msgstr "" +msgstr "Als u Tails opnieuw start, gaan alle gegevens van Electrum verloren, waaronder uw Bitcoin-portemonnee. Het wordt sterk aanbevolen Electrum alleen uit te voeren als de persistentiefunctie ervan is geactiveerd." #: config/chroot_local-includes/usr/local/bin/electrum:60 msgid "Do you want to start Electrum anyway?" -msgstr "" +msgstr "Wilt u Electrum alsnog starten?" #: config/chroot_local-includes/usr/local/bin/electrum:63 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:41 msgid "_Launch" -msgstr "" +msgstr "_Starten" #: config/chroot_local-includes/usr/local/bin/electrum:64 #: config/chroot_local-includes/usr/local/sbin/unsafe-browser:42 msgid "_Exit" -msgstr "" +msgstr "_
[tor-commits] [translation/liveusb-creator] https://gitweb.torproject.org/translation.git/commit/?h=liveusb-creator
commit 6ad4d68526ee428d8253bb721cfeab6412bdc751 Author: Translation commit bot Date: Mon Sep 9 14:16:20 2019 + https://gitweb.torproject.org/translation.git/commit/?h=liveusb-creator --- nl/nl.po | 215 --- 1 file changed, 108 insertions(+), 107 deletions(-) diff --git a/nl/nl.po b/nl/nl.po index 54b255937..ad07cc7f1 100644 --- a/nl/nl.po +++ b/nl/nl.po @@ -10,6 +10,7 @@ # Geert Warrink , 2009-2010 # Cleveridge , 2014 # Joren Vandeweyer , 2017 +# Meteor0id, 2019 # Richard E. van der Luit , 2012 # Shondoit Walker , 2013 # Thinkwell, 2018 @@ -25,8 +26,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2019-04-13 08:42+0200\n" -"PO-Revision-Date: 2019-08-24 07:39+\n" -"Last-Translator: Tonnes \n" +"PO-Revision-Date: 2019-09-09 13:56+\n" +"Last-Translator: Meteor0id\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -36,295 +37,295 @@ msgstr "" #: ../tails_installer/creator.py:100 msgid "You must run this application as root" -msgstr "" +msgstr "U moet deze toepassing als root uitvoeren" #: ../tails_installer/creator.py:146 msgid "Extracting live image to the target device..." -msgstr "" +msgstr "Live-installatiekopie naar het doelapparaat aan het uitpakkenâ¦" #: ../tails_installer/creator.py:153 #, python-format msgid "Wrote to device at %(speed)d MB/sec" -msgstr "" +msgstr "Naar apparaat geschreven met %(speed)d MB/sec" #: ../tails_installer/creator.py:296 #, python-format msgid "" "There was a problem executing the following command: `%(command)s`.\n" "A more detailed error log has been written to '%(filename)s'." -msgstr "" +msgstr "Er was een probleem bij het uitvoeren van de volgende opdracht: `%(command)s`.\nEr is meer gedetailleerde informatie geschreven naar '%(filename)s'." #: ../tails_installer/creator.py:315 msgid "Verifying SHA1 checksum of LiveCD image..." -msgstr "" +msgstr "SHA1-controlesom van LiveCD-image aan het verifiërenâ¦" #: ../tails_installer/creator.py:319 msgid "Verifying SHA256 checksum of LiveCD image..." -msgstr "" +msgstr "SHA256-controlesom van LiveCD-image aan het verifiërenâ¦" #: ../tails_installer/creator.py:335 msgid "" "Error: The SHA1 of your Live CD is invalid. You can run this program with " "the --noverify argument to bypass this verification check." -msgstr "" +msgstr "Fout: de SHA1 van uw Live-cd is ongeldig. U kunt dit programma uitvoeren met het argument --noverify om deze verificatiecontrole over te slaan." #: ../tails_installer/creator.py:341 msgid "Unknown ISO, skipping checksum verification" -msgstr "" +msgstr "Onbekende ISO, checksumverificatie wordt overgeslagen" #: ../tails_installer/creator.py:353 #, python-format msgid "" "Not enough free space on device.\n" "%dMB ISO + %dMB overlay > %dMB free space" -msgstr "" +msgstr "Niet genoeg vrije ruimte op het apparaat.\n %dMB ISO + %dMB overlay > %dMB vrije ruimte" #: ../tails_installer/creator.py:360 #, python-format msgid "Creating %sMB persistent overlay" -msgstr "" +msgstr "%sMB permanente geheugenruimte aanmaken..." #: ../tails_installer/creator.py:421 #, python-format msgid "Unable to copy %(infile)s to %(outfile)s: %(message)s" -msgstr "" +msgstr "Kan %(infile)s niet naar %(outfile)s kopiëren: %(message)s" #: ../tails_installer/creator.py:435 msgid "Removing existing Live OS" -msgstr "" +msgstr "Bestaand Live OS verwijderen" #: ../tails_installer/creator.py:444 ../tails_installer/creator.py:457 #, python-format msgid "Unable to chmod %(file)s: %(message)s" -msgstr "" +msgstr "Kan rechten op %(file)s niet aanpassen: %(message)s" #: ../tails_installer/creator.py:450 #, python-format msgid "Unable to remove file from previous LiveOS: %(message)s" -msgstr "" +msgstr "Kan bestand van vorige LiveOS niet verwijderen: %(message)s" #: ../tails_installer/creator.py:464 #, python-format msgid "Unable to remove directory from previous LiveOS: %(message)s" -msgstr "" +msgstr "Kan map van vorige LiveOS niet verwijderen: %(message)s" #: ../tails_installer/creator.py:512 #, python-format msgid "Cannot find device %s" -msgstr "" +msgstr "Kan apparaat %s niet vinden" #: ../tails_installer/creator.py:713 #, python-format msgid "Unable to write on %(device)s, skipping." -msgstr "" +msgstr "Kan niet schrijven naar %(device)s; wordt overgeslagen." #: ../tails_installer/creator.py:743 #, python-format msgid "" "Some partitions of the target device %(device)s are mounted. They will be " "unmounted before starting the installation process." -msgstr "" +msgstr "Sommige partities van het doelapparaat %(device)s zijn gekoppeld. Ze zullen ontkoppeld worden voordat het installatieproces wordt gestart." #: ../tails_installer/creator.py:786 ../tails_installer/creator.py:1010 msgid "Unknown filesy
[tor-commits] [translation/bridgedb_completed] https://gitweb.torproject.org/translation.git/commit/?h=bridgedb_completed
commit 932029dbbd8fab8f18e72e0c3fb9611f17586e87 Author: Translation commit bot Date: Mon Sep 9 14:15:24 2019 + https://gitweb.torproject.org/translation.git/commit/?h=bridgedb_completed --- nl/LC_MESSAGES/bridgedb.po | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nl/LC_MESSAGES/bridgedb.po b/nl/LC_MESSAGES/bridgedb.po index 06f1bfc33..134823124 100644 --- a/nl/LC_MESSAGES/bridgedb.po +++ b/nl/LC_MESSAGES/bridgedb.po @@ -13,6 +13,7 @@ # Johann Behrens , 2013 # Joren Vandeweyer , 2019 # 53a60eabbf5124a226a7678001f9a57b, 2015 +# Meteor0id, 2019 # Not Much <1028484728...@protonmail.com>, 2018 # Shondoit Walker , 2011 # Marco Brohet , 2012 @@ -26,8 +27,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywords=bridgedb-reported,msgid&cc=isis,sysrqb&owner=isis'\n" "POT-Creation-Date: 2015-07-25 03:40+\n" -"PO-Revision-Date: 2019-09-09 06:17+\n" -"Last-Translator: Joren Vandeweyer \n" +"PO-Revision-Date: 2019-09-09 13:57+\n" +"Last-Translator: Meteor0id\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/bridgedb] https://gitweb.torproject.org/translation.git/commit/?h=bridgedb
commit c450da7b270b794e1b328117a34da35d8a9d84d3 Author: Translation commit bot Date: Mon Sep 9 14:15:17 2019 + https://gitweb.torproject.org/translation.git/commit/?h=bridgedb --- nl/LC_MESSAGES/bridgedb.po | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nl/LC_MESSAGES/bridgedb.po b/nl/LC_MESSAGES/bridgedb.po index b6743f3df..1b4f18314 100644 --- a/nl/LC_MESSAGES/bridgedb.po +++ b/nl/LC_MESSAGES/bridgedb.po @@ -13,6 +13,7 @@ # Johann Behrens , 2013 # Joren Vandeweyer , 2019 # 53a60eabbf5124a226a7678001f9a57b, 2015 +# Meteor0id, 2019 # Not Much <1028484728...@protonmail.com>, 2018 # Shondoit Walker , 2011 # Marco Brohet , 2012 @@ -26,8 +27,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywords=bridgedb-reported,msgid&cc=isis,sysrqb&owner=isis'\n" "POT-Creation-Date: 2015-07-25 03:40+\n" -"PO-Revision-Date: 2019-09-09 06:17+\n" -"Last-Translator: Joren Vandeweyer \n" +"PO-Revision-Date: 2019-09-09 13:57+\n" +"Last-Translator: Meteor0id\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -333,7 +334,7 @@ msgstr "Uw browser vertoont afbeeldingen niet naar behoren." #: bridgedb/strings.py:140 msgid "Enter the characters from the image above..." -msgstr "Voer de tekens in van de afbeelding hier beneden..." +msgstr "Voer de tekens in van de afbeelding hieronderâ¦" #: bridgedb/strings.py:144 msgid "How to start using your bridges" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/whisperback] https://gitweb.torproject.org/translation.git/commit/?h=whisperback
commit abeb6646ae2777eea0a94e69a1203a25e3decb9d Author: Translation commit bot Date: Mon Sep 9 13:54:27 2019 + https://gitweb.torproject.org/translation.git/commit/?h=whisperback --- nl/nl.po | 93 1 file changed, 47 insertions(+), 46 deletions(-) diff --git a/nl/nl.po b/nl/nl.po index 7788b9747..b30b7c2a4 100644 --- a/nl/nl.po +++ b/nl/nl.po @@ -9,6 +9,7 @@ # Jeroen Baert , 2015 # kwadronaut , 2017 # Nathan Follens, 2016 +# Meteor0id, 2019 # Roy Jacobs, 2016 # Shondoit Walker , 2012 # Marco Brohet , 2012 @@ -21,8 +22,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2019-04-29 12:08+0200\n" -"PO-Revision-Date: 2019-05-01 06:27+\n" -"Last-Translator: Tonnes \n" +"PO-Revision-Date: 2019-09-09 13:51+\n" +"Last-Translator: Meteor0id\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -34,72 +35,72 @@ msgstr "" #: ../whisperBack/whisperback.py:63 #, python-format msgid "Invalid contact email: %s" -msgstr "" +msgstr "Ongeldig contact-e-mailadres: %s" #: ../whisperBack/whisperback.py:83 #, python-format msgid "Invalid contact OpenPGP key: %s" -msgstr "" +msgstr "Ongeldige OpenPGP-sleutel van contact: %s" #: ../whisperBack/whisperback.py:85 msgid "Invalid contact OpenPGP public key block" -msgstr "" +msgstr "Ongeldig OpenPGP-publiekesleutelblok van contact" #: ../whisperBack/exceptions.py:41 #, python-format msgid "" "The %s variable was not found in any of the configuration files " "/etc/whisperback/config.py, ~/.whisperback/config.py, or ./config.py" -msgstr "" +msgstr "De variabele %s is niet gevonden in een van de configuatiebestanden /etc/whisperback/config.py, ~/.whisperback/config.py of ./config.py" #: ../whisperBack/gui.py:114 msgid "Name of the affected software" -msgstr "" +msgstr "Naam van betreffende software" #: ../whisperBack/gui.py:116 msgid "Exact steps to reproduce the error" -msgstr "" +msgstr "Exacte stappen om de fout te reproduceren" #: ../whisperBack/gui.py:118 msgid "Actual result and description of the error" -msgstr "" +msgstr "Werkelijke resultaat en beschrijving van de fout" #: ../whisperBack/gui.py:120 msgid "Desired result" -msgstr "" +msgstr "Gewenste resultaat" #: ../whisperBack/gui.py:133 msgid "Unable to load a valid configuration." -msgstr "" +msgstr "Kan geen geldige configuratie laden." #: ../whisperBack/gui.py:170 msgid "Sending mail..." -msgstr "" +msgstr "E-mail wordt nu verstuurdâ¦" #: ../whisperBack/gui.py:171 msgid "Sending mail" -msgstr "" +msgstr "E-mail wordt nu verstuurd" #. pylint: disable=C0301 #: ../whisperBack/gui.py:173 msgid "This could take a while..." -msgstr "" +msgstr "Dit kan enige tijd durenâ¦" #: ../whisperBack/gui.py:189 msgid "The contact email address doesn't seem valid." -msgstr "" +msgstr "Het contact-e-mailadres lijkt niet geldig te zijn." #: ../whisperBack/gui.py:206 msgid "Unable to send the mail: SMTP error." -msgstr "" +msgstr "Kan de e-mail niet versturen: SMTP-fout." #: ../whisperBack/gui.py:208 msgid "Unable to connect to the server." -msgstr "" +msgstr "Kan niet verbinden met de server." #: ../whisperBack/gui.py:210 msgid "Unable to create or to send the mail." -msgstr "" +msgstr "E-mail kan niet worden aangemaakt of verstuurd." #: ../whisperBack/gui.py:213 msgid "" @@ -108,20 +109,20 @@ msgid "" "The bug report could not be sent, likely due to network problems. Please try to reconnect to the network and click send again.\n" "\n" "If it does not work, you will be offered to save the bug report." -msgstr "" +msgstr "\n\nHet foutrapport kon niet worden verstuurd, waarschijnlijk vanwege netwerkproblemen. Probeer opnieuw verbinding te maken met het netwerk en klik nogmaals op Versturen.\n\nAls dit niet werkt, wordt u de mogelijkheid geboden om het foutrapport op te slaan." #: ../whisperBack/gui.py:226 msgid "Your message has been sent." -msgstr "" +msgstr "Uw bericht is verstuurd." #: ../whisperBack/gui.py:233 msgid "An error occured during encryption." -msgstr "" +msgstr "Er is een fout opgetreden tijdens het versleutelen" #: ../whisperBack/gui.py:253 #, python-format msgid "Unable to save %s." -msgstr "" +msgstr "Kan %s niet opslaan." #: ../whisperBack/gui.py:276 #, python-format @@ -131,39 +132,39 @@ msgid "" "As a work-around you can save the bug report as a file on a USB drive and try to send it to us at %s from your email account using another system. Note that your bug report will not be anonymous when doing so unless you take further steps yourself (e.g. using Tor with a throw-away email account).\n" "\n" "Do you want to save the bug report to a file?" -msgstr "" +msgstr "Het foutrapport kon niet worden verstuurd, waarschijnlijk door netwerkproblemen.\n\nAls tijdelijke oplossing kunt u het f
[tor-commits] [translation/tor-launcher-properties] https://gitweb.torproject.org/translation.git/commit/?h=tor-launcher-properties
commit ee8ede8cf200f739c0e8b388176a36f77f996ebe Author: Translation commit bot Date: Mon Sep 9 13:53:43 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tor-launcher-properties --- nl/torlauncher.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nl/torlauncher.properties b/nl/torlauncher.properties index b5f8fb107..6edbe3224 100644 --- a/nl/torlauncher.properties +++ b/nl/torlauncher.properties @@ -4,7 +4,7 @@ torlauncher.error_title=Tor Starter torlauncher.tor_exited_during_startup=Tor is afgesloten tijdens het opstarten. Dit kan komen door een fout in uw torrc-bestand, een bug in Tor of ander programma op uw systeem, of defecte hardware. Totdat u het onderliggende probleem oplost en Tor opnieuw start, zal Tor Browser niet opstarten. -torlauncher.tor_exited=Tor is onverwachts afgesloten. Dit kan komen door een bug in Tor zelf, een ander programma op uw systeem, of defecte hardware. Totdat u Tor opnieuw start, zal Tor Browser geen websites kunnen bereiken. Stuur een kopie van uw Tor-logboek naar het ondersteuningsteam als het probleem zich blijft voordoen. +torlauncher.tor_exited=Tor is onverwachts afgesloten. Dit kan komen door een fout in Tor zelf, een ander programma op uw systeem, of defecte hardware. Totdat u Tor opnieuw start, zal Tor Browser geen websites kunnen bereiken. Stuur een kopie van uw Tor-logboek naar het ondersteuningsteam als het probleem zich blijft voordoen. torlauncher.tor_exited2=Tor herstarten zal niet uw browsertabbladen sluiten. torlauncher.tor_controlconn_failed=Kon geen verbinding maken met Tor-controlepoort. torlauncher.tor_failed_to_start=Tor kon niet worden gestart. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-network-settings] https://gitweb.torproject.org/translation.git/commit/?h=tor-launcher-network-settings
commit d1a7d53164d5fafdbbed16f21b55c65bc078c7fe Author: Translation commit bot Date: Mon Sep 9 13:53:54 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tor-launcher-network-settings --- nl/network-settings.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nl/network-settings.dtd b/nl/network-settings.dtd index 270d5a6a2..f39a8f934 100644 --- a/nl/network-settings.dtd +++ b/nl/network-settings.dtd @@ -55,7 +55,7 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-abouttbupdatedtd] https://gitweb.torproject.org/translation.git/commit/?h=torbutton-abouttbupdatedtd
commit 05aa92eb999acc29fd253bd867615ded0c303ac5 Author: Translation commit bot Date: Mon Sep 9 13:52:53 2019 + https://gitweb.torproject.org/translation.git/commit/?h=torbutton-abouttbupdatedtd --- nl/abouttbupdate.dtd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nl/abouttbupdate.dtd b/nl/abouttbupdate.dtd index 56f0e81d2..6d078b5d0 100644 --- a/nl/abouttbupdate.dtd +++ b/nl/abouttbupdate.dtd @@ -1,8 +1,8 @@ - + - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/orfox-stringsxml_completed] https://gitweb.torproject.org/translation.git/commit/?h=orfox-stringsxml_completed
commit f57c658f74799290f6e41c26ff7361eb33d56894 Author: Translation commit bot Date: Mon Sep 9 13:46:57 2019 + https://gitweb.torproject.org/translation.git/commit/?h=orfox-stringsxml_completed --- mk/strings.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/mk/strings.xml b/mk/strings.xml index 689fe638e..91d3a341b 100644 --- a/mk/strings.xml +++ b/mk/strings.xml @@ -6,4 +6,5 @@ Ðди на F-DROID Ðди на GOOGLE PLAY ÐÐ ÐÐÐÐÐ .APK +Ðзвези ÐележниÑи ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/orfox-stringsxml] https://gitweb.torproject.org/translation.git/commit/?h=orfox-stringsxml
commit 01ee55e7623067ead4b9a72689f9fe8412bd10bd Author: Translation commit bot Date: Mon Sep 9 13:46:51 2019 + https://gitweb.torproject.org/translation.git/commit/?h=orfox-stringsxml --- mk/strings.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mk/strings.xml b/mk/strings.xml index 0c9d0e50e..91d3a341b 100644 --- a/mk/strings.xml +++ b/mk/strings.xml @@ -6,4 +6,5 @@ Ðди на F-DROID Ðди на GOOGLE PLAY ÐÐ ÐÐÐÐÐ .APK - +Ðзвези ÐележниÑи + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/abouttor-homepage] https://gitweb.torproject.org/translation.git/commit/?h=abouttor-homepage
commit 38e75670a27ccb1ff70cc6912da95db775f273ea Author: Translation commit bot Date: Mon Sep 9 13:45:06 2019 + https://gitweb.torproject.org/translation.git/commit/?h=abouttor-homepage --- nl/aboutTor.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nl/aboutTor.dtd b/nl/aboutTor.dtd index ba5da2998..03cab5e67 100644 --- a/nl/aboutTor.dtd +++ b/nl/aboutTor.dtd @@ -22,7 +22,7 @@ - + https://www.torproject.org/getinvolved/volunteer.html.en";> ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [lego/master] Update css for toggles checkbox in page animations
commit a1fa6cd2432e07bcba649864bd49c538ca1d3d33 Author: hiro Date: Mon Sep 9 14:59:41 2019 +0200 Update css for toggles checkbox in page animations --- assets/scss/_tor.scss | 84 +++ 1 file changed, 84 insertions(+) diff --git a/assets/scss/_tor.scss b/assets/scss/_tor.scss index b673e5e..2deb29a 100644 --- a/assets/scss/_tor.scss +++ b/assets/scss/_tor.scss @@ -37,6 +37,90 @@ color: $white; } +// toggle buttons for animations + +.toggle { + -webkit-appearance: none; + -moz-appearance: none; + appearance: none; + width: 62px; + height: 32px; + display: inline-block; + position: relative; + border-radius: 50px; + overflow: hidden; + outline: none; + border: none; + cursor: pointer; + background-color: #707070; + transition: background-color ease 0.3s; +} + +.toggle:before { + content: "on off"; + display: block; + position: absolute; + z-index: 2; + width: 28px; + height: 28px; + background: #fff; + left: 2px; + top: 2px; + border-radius: 50%; + font: 10px/28px Helvetica; + text-transform: uppercase; + font-weight: bold; + text-indent: -22px; + word-spacing: 37px; + color: #fff; + text-shadow: -1px -1px rgba(0,0,0,0.15); + white-space: nowrap; + box-shadow: 0 1px 2px rgba(0,0,0,0.2); + transition: all cubic-bezier(0.3, 1.5, 0.7, 1) 0.3s; +} + +.toggle:checked { + background-color: #4CD964; +} + +.toggle:checked:before { + left: 32px; +} + + +#https-switch:checked ~ #https { + display: inline; +} + +#https-switch:checked ~ #http { + display: none; +} + +#tor-switch:checked ~ #tor { + display: inline; +} + +#https-switch:checked ~ #tor-switch:checked ~ .switch-on { +display: inline; +} + +#https-switch:checked ~ #tor-switch:checked ~ .switch-off { +display: none; +} + +#https { + display: none; + +} + +#tor { + display: none; +} + +#https-tor { + display: none; +} + // Define darker background .bg-darker{ background-color: $purple-darker; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-abouttbupdatedtd] https://gitweb.torproject.org/translation.git/commit/?h=torbutton-abouttbupdatedtd
commit 54a483cd4b66b159067ca3fdd6f00fa559693031 Author: Translation commit bot Date: Mon Sep 9 12:51:58 2019 + https://gitweb.torproject.org/translation.git/commit/?h=torbutton-abouttbupdatedtd --- nl/abouttbupdate.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nl/abouttbupdate.dtd b/nl/abouttbupdate.dtd index ba7394543..56f0e81d2 100644 --- a/nl/abouttbupdate.dtd +++ b/nl/abouttbupdate.dtd @@ -4,5 +4,5 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-network-settings] https://gitweb.torproject.org/translation.git/commit/?h=tor-launcher-network-settings
commit 10d5b524727e15b056a4fc5a6fc3ed61c7a41162 Author: Translation commit bot Date: Mon Sep 9 11:53:01 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tor-launcher-network-settings --- nl/network-settings.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nl/network-settings.dtd b/nl/network-settings.dtd index f39a8f934..270d5a6a2 100644 --- a/nl/network-settings.dtd +++ b/nl/network-settings.dtd @@ -55,7 +55,7 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-properties] https://gitweb.torproject.org/translation.git/commit/?h=tor-launcher-properties
commit 9238395bcd1573a49c1413c47734bc099e76c601 Author: Translation commit bot Date: Mon Sep 9 11:52:50 2019 + https://gitweb.torproject.org/translation.git/commit/?h=tor-launcher-properties --- nl/torlauncher.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nl/torlauncher.properties b/nl/torlauncher.properties index 38768bbf9..b5f8fb107 100644 --- a/nl/torlauncher.properties +++ b/nl/torlauncher.properties @@ -4,7 +4,7 @@ torlauncher.error_title=Tor Starter torlauncher.tor_exited_during_startup=Tor is afgesloten tijdens het opstarten. Dit kan komen door een fout in uw torrc-bestand, een bug in Tor of ander programma op uw systeem, of defecte hardware. Totdat u het onderliggende probleem oplost en Tor opnieuw start, zal Tor Browser niet opstarten. -torlauncher.tor_exited=Tor is onverwachts afgesloten. Dit kan komen door een fout in Tor zelf, een ander programma op uw systeem, of defecte hardware. Totdat u Tor opnieuw start, zal Tor Browser geen websites kunnen bereiken. Stuur een kopie van uw Tor-logboek naar het ondersteuningsteam als het probleem zich blijft voordoen. +torlauncher.tor_exited=Tor is onverwachts afgesloten. Dit kan komen door een bug in Tor zelf, een ander programma op uw systeem, of defecte hardware. Totdat u Tor opnieuw start, zal Tor Browser geen websites kunnen bereiken. Stuur een kopie van uw Tor-logboek naar het ondersteuningsteam als het probleem zich blijft voordoen. torlauncher.tor_exited2=Tor herstarten zal niet uw browsertabbladen sluiten. torlauncher.tor_controlconn_failed=Kon geen verbinding maken met Tor-controlepoort. torlauncher.tor_failed_to_start=Tor kon niet worden gestart. @@ -61,7 +61,7 @@ torlauncher.bootstrapStatus.conn=Verbinden met een Tor-relay torlauncher.bootstrapStatus.conn_done=Verbonden met een Tor-relay torlauncher.bootstrapStatus.handshake=Onderhandelen met een Tor-relay torlauncher.bootstrapStatus.handshake_done=Onderhandelen met een Tor-relay voltooid -torlauncher.bootstrapStatus.onehop_create=Versleutelde adreslijstverbinding aan het maken +torlauncher.bootstrapStatus.onehop_create=Een versleutelde adreslijstverbinding maken torlauncher.bootstrapStatus.requesting_status=Netwerkstatus ophalen torlauncher.bootstrapStatus.loading_status=Netwerkstatus laden torlauncher.bootstrapStatus.loading_keys=Autoriteitscertificaten laden ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbutton-abouttbupdatedtd] https://gitweb.torproject.org/translation.git/commit/?h=torbutton-abouttbupdatedtd
commit 227b89c75e3da37f627b3a483dc751e532cfed04 Author: Translation commit bot Date: Mon Sep 9 11:52:01 2019 + https://gitweb.torproject.org/translation.git/commit/?h=torbutton-abouttbupdatedtd --- nl/abouttbupdate.dtd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nl/abouttbupdate.dtd b/nl/abouttbupdate.dtd index c812f0a96..ba7394543 100644 --- a/nl/abouttbupdate.dtd +++ b/nl/abouttbupdate.dtd @@ -1,8 +1,8 @@ - + - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/abouttor-homepage] https://gitweb.torproject.org/translation.git/commit/?h=abouttor-homepage
commit 5cfa77f2ad4738471d55f37787432703085380d7 Author: Translation commit bot Date: Mon Sep 9 11:45:06 2019 + https://gitweb.torproject.org/translation.git/commit/?h=abouttor-homepage --- nl/aboutTor.dtd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nl/aboutTor.dtd b/nl/aboutTor.dtd index 68f4c848f..ba5da2998 100644 --- a/nl/aboutTor.dtd +++ b/nl/aboutTor.dtd @@ -19,10 +19,10 @@ - + - + https://www.torproject.org/getinvolved/volunteer.html.en";> ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits