Custom Query (26254 matches)


Show under each result:

Results (115 - 117 of 26254)

Ticket Resolution Summary Owner Reporter
#234 Fixed Mysterious crash on and servers weasel

Busy servers usually mysteriously crash after a day or two of uptime.

Possibly related to src/common/crypto's crypto_seed_rng() or some other openssl state.

Please fix.

[Automatically added by flyspray2trac: Operating System: All]

#235 Fixed Servers and ReachableAddresses weasel

A server operator did set FascistFirewall because he filtered incoming connections. Maybe Tor should do something, like warn or not let you be a server, when you have a restrictive ReachableAddresses list.

<weasel> should Tor allow you to be a server when you have

FascistFirewall set?

<nickm> weasel: Probably not. But it's hard to enforce, since it's

reasonable to allow servers when ReachableAddresses is set.

<nickm> And FascistFirewall aliases to that./ <weasel> is it reasonable? <nickm> Sure <weasel> ok :) <nickm> If I say "all ports 1024-65535 are reachable", I'm a fine


<weasel> this specific config would mean you can only access one of

the auth directory servers

<nickm> well, that would suck. <nickm> actually... <nickm> okay, adding proposed rule to TODO. <weasel> maybe Tor should warn if your ReachableAddresses prevents you

from reaching one of the dirservers?

<nickm> let me know what you think <nickm> If you're a directory cache, you need to be able to reach all

the directory authorities.

<nickm> If you're an OR, you should be able to reach (oh, say) 85% of

the other ORs.

<weasel> and you need to be able to reach at least one directory


<nickm> hm, true, to bootstrap. <nickm> I suspect this is not an earthshaking problem as it is: you'll

either bootstrap or you wont; you'll either be able to build a connection to yourself or

<weasel> you're right, it's not. it would just be nice to give the

operator some feedback that what he's doing is probably not a good idea :)

<weasel> as it turned out in this case the user didn't realize

FascistFirewall was for outgoing, not incoming connections.

[Automatically added by flyspray2trac: Operating System: All]

#236 Implemented cache network status of unknown authorities weasel

<nickm> arma: We should think about what will happen when we add new


<nickm> directory authorities, that is. <arma2> you mean anonymity attacks? <nickm> Well, that too. <nickm> But I meant in terms of everything working. <nickm> I looked over the code, and I see that it's only an info (not a warn)

to be given a network-status you don't recognize: that's good, since caches will ask authorities for "everybody!", and older ones will get authorities they won't recognize.

<nickm> OTOH, would it be a good idea to cache (if not use!) network-status

docs from unrecognized authorities?

<nickm> that way directory caches don't become less useful when we add new dir


<arma2> yes, i guess that would be useful to cache them. <arma2> tho we want to not cache too many. <nickm> right. <arma2> and we want to not use them (right?) <nickm> and again, right. <arma2> that should get fixed for if we are smart <nickm> I say cap it at 16 unrecognized authority identities. <arma2> is it easy to fix? <nickm> dunno <arma2> ok. <nickm> let me check.

[Automatically added by flyspray2trac: Operating System: All]

Note: See TracQuery for help on using queries.