{5} Accepted, Active Tickets by Owner (Full Description) (122 matches)

List tickets accepted, group by ticket owner. This report demonstrates the use of full-row display.

Results (1 - 100 of 122)

1 2

Ady1994 (1 match)

Ticket Summary Component Milestone Type Created
Description
#2615 ttdnsd crash HTTPS Everywhere/HTTPS Everywhere: Chrome ttdnsd: 0.8 defect Feb 22, 2011

It appears that if Tor is listening on port 53 (for DNSPort) and ttdnsd attempts to start, we'll segfault:

[133510.913005] ttdnsd[5515]: segfault at 0 ip 00007f1ea6b16a7c sp 00007fff218948b8 error 4 in libc-2.11.1.so[7f1ea69ec000+17a000]
[133517.952944] ttdnsd[5520]: segfault at 0 ip 00007f250cff3a7c sp 00007fffa1f593d8 error 4 in libc-2.11.1.so[7f250cec9000+17a000]

Cthulhu (2 matches)

Ticket Summary Component Milestone Type Created
Description
#13421 GoodBadISP's Revamp Internal Services/Wiki project Oct 15, 2014

Following a discussion on the mailing list [1] the GoodBadISP page could do with some updating and proper arranging.

Some of the categories I have in mind to make available in the table format are as follows: Country, Company Name, ASN, Bridges Allowed, Relays Allowed, Exits Allowed, Last Updated, Correspondence.

Would "Bridges Allowed" be a redundant measure since they won't be in the public sphere?

Moritz @ Torservers already has done a fair deal of work, some is outdated or could use an update though but it's a good place to start our focus and give inspiration where needed. [2] [3] [4]

[1] https://lists.torproject.org/pipermail/tor-relays/2014-October/005493.html

[2] https://www.torservers.net/wiki/hoster/experience

[3] https://www.torservers.net/wiki/hoster/inquiry

[4] https://www.torservers.net/wiki/hoster/index

Note: Those wishing to assist on this project please feel free to CC yourself in and keep an eye on the child tickets. I can be found under the pseudonym "TheCthulhu" on IRC or contacted at thecthulhu <at> riseup <dot> net if you wish to ask me directly what to work on next. If this is the first time you've assisted using Trac or the Tor Wiki, don't hesitate to ask for help.


#13473 Sort Existing GoodBadISP page into tables Internal Services/Wiki task Oct 19, 2014

The existing GoodBadISP tables need sorting into the new format. All opinions, feedback and communications to that ISP must go in the correct section on ISPCorrespondence page to keep the primary page clean and to the point since it will grow substantially over time.

The new format should be available soon after this ticket is posted as it will be done for the US hosts (good experiences).


JacobHenner (1 match)

Ticket Summary Component Milestone Type Created
Description
#8177 Vidalia Help Documentation Out of Date Archived/Vidalia defect Feb 6, 2013

In the most recent release of the Tor Browser Bundle, the help documentation bundled with Vidalia (accessed by selecting Help) is out of date. A search of GeoIP will confirm this, as the documentation still lists the GeoIP lookup server at geoip.vidalia-project.net, which has not been maintained since 2010.


MB (1 match)

Ticket Summary Component Milestone Type Created
Description
#9328 o2online.de Live Check not working with enabled SSL strictness HTTPS Everywhere/EFF-HTTPS Everywhere defect Jul 25, 2013

With enabled HTTPS Everywhere, http://www.o2online.de/microsite/o2-netz/live-check/ does not load additional JavaScript from a non-SSL CDN


Sherief (1 match)

Ticket Summary Component Milestone Type Created
Description
#12236 Don't display the full URL in token table User Experience/Tor Support enhancement Jun 9, 2014

I'm interesting in the token full URL only when I create a new token so I give it to the user. The rest of the time, I don't really care to see the full thing, only the hash, maybe. That could reduce the table width.

So this change needs also a change to the token creation action to display a big fat URL that I can easily get into the clipboard.


arma (6 matches)

Ticket Summary Component Milestone Type Created
Description
#18213 The parameter WarnUnsafeSocks does not work as specified in the documentation, no warning is logged in the log file Core Tor/Tor Tor: 0.2.??? defect Feb 2, 2016

The parameter WarnUnsafeSocks does not work as specified in the documentation, no warning is logged in the log file when a connection is done to an ip address.

If WarnUnsafeSocks 1 (default) is set there is no warning in the log file. If you look at the code for log_unsafe_socks_warning, the only case where an error is logged is when safe_socks is true. safe_socks is true only when SafeSocks parameter is set, but not when WarnUnsafeSocks is set.

The code should be

if (safe_socks || options->WarnUnsafeSocks) {

instead of

if (safe_socks) {

#15434 Tor dies if you send it a HUP before it read its config, and doesn't take PTs with it Core Tor/Tor Tor: 0.2.9.x-final defect Mar 22, 2015

When sending tor a HUP before it has read its config, it will die, without killing its PTs. Starting tor again will then result in more PT crashes, as the ports will already be used by previous instances.

10149 ?        Sl     0:00 /usr/bin/obfs4proxy managed
10581 ?        Sl     0:01 /usr/bin/tor -f /etc/tor/torrc-node1
10582 ?        S      0:00  \_ /usr/bin/python /usr/bin/obfsproxy managed
10583 ?        Z      0:00  \_ [obfs4proxy] <defunct>
10584 ?        S      0:00  \_ /usr/bin/python /usr/bin/fteproxy --managed --mode server

#15713 toggling DisableNetwork during bootstrap causes delay Core Tor/Tor Tor: 0.2.??? defect Apr 17, 2015

While testing a fix for #11879, Kathy and I noticed that if the bootstrap process is interrupted by setting DisableNetwork=1 via the control port, Tor waits about a minute after DisableNetwork is set back to 0 before continuing network activity. We observed this problem on a Mac OS 10.8.5 system. Possibly related tickets: #9229, #11069.

Once release candidates for Tor Browser 4.5 are available, this should be reproducible by following these steps:

  1. Start Tor Browser and click "Connect".
  2. Click "Open Settings" in the connection progress window to interrupt the bootstrap process.
  3. Click "Connect" again. Notice that there is a delay before the bootstrap makes more progress.

We are also able to reproduce it using Tor 0.2.6.6 and a manual (telnet) control port connection. Follow these steps (control port authentication is up to you):

  1. Remove all cached Tor data and start Tor like this:

./tor --defaults-torrc torrc-defaults -f torrc DisableNetwork 1

  1. Make a control port connection and issue this command:

SETCONF DisableNetwork=0

  1. Wait for bootstrapping to reach 25-50% and then do:

SETCONF DisableNetwork=1

  1. Re-enable network access:

SETCONF DisableNetwork=0 Notice that there is a delay before the bootstrap makes more progress.

We used the torrc-defaults file that ships with Tor Browser 4.5a5:

# If non-zero, try to write to disk less frequently than we would otherwise.
AvoidDiskWrites 1
# Where to send logging messages.  Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log notice stdout
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
SocksPort 9150
ControlPort 9151
CookieAuthentication 1
## fteproxy configuration
ClientTransportPlugin fte exec PluggableTransports/fteproxy.bin --managed

## obfs4proxy configuration
ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy

## flash proxy configuration
#
# Change the second number here (9000) to the number of a port that can
# receive connections from the Internet (the port for which you
# configured port forwarding).
ClientTransportPlugin flashproxy exec PluggableTransports/flashproxy-client --register :0 :9000

## meek configuration
ClientTransportPlugin meek exec PluggableTransports/meek-client-torbrowser -- PluggableTransports/meek-client

Our torrc is also from Tor Browser and it just contains a few paths:

DataDirectory /Users/.../tb-11879.app/TorBrowser/Data/Tor
GeoIPFile /Users/.../tb-11879.app/TorBrowser/Data/Tor/geoip
GeoIPv6File /Users/.../tb-11879.app/TorBrowser/Data/Tor/geoip6

I will attach some log output.


#15715 spurious "Network is unreachable" error after setting DisableNetwork=1 Core Tor/Tor Tor: 0.2.??? defect Apr 17, 2015

If DisableNetwork is set to 1 via SETCONF during bootstrapping, Tor sometimes generates spurious errors such as "Network is unreachable". Kathy and I saw this while testing a fix for #11879. We realize this may be difficult to fix due to the internal architecture / concurrency inside Tor.

See #15713 for steps to reproduce (but note that an error does not occur every time). In the log that is attached to #15713 you can see an example:

Apr 17 10:28:10.000 [warn] Problem bootstrapping. Stuck at 25%: Loading networkstatus consensus. (Network is unreachable; NOROUTE; count 1; recommendation warn; host 847B1F850344D7876491A54892F904934E4EB85D at 86.59.21.38:443)

(the error happens right away if it happens at all – no delay).

This problem may cause some Tor Browser users to be a little confused; all they need to do is click "Open Settings" while Tor Browser was starting up and they will sometimes see an error alert.


#19162 Make it even harder to become HSDir Core Tor/Tor Tor: 0.2.9.x-final defect May 23, 2016

In #8243 we started requiring Stable flag for becoming HSDirs, but this is still not hard enough for motivated adversaries. Hence we need to make it even harder for a relay to become HSDir, so that only relays that have been around for long get the flag. After prop224 gets deployed, there will be less incentive for adversaries to become HSDirs since they won't be able to harvest onion addresses.

Until then, our current plan is to increase the bandwidth and uptime required to become an HSDir to something almost unreasonable. For example requiring an uptime of over 6 months, or maybe requiring that the relay is in the top 1/4th of uptimes on the network.


#17773 Should clients avoid using guards that lost the Guard flag? Core Tor/Tor Tor: 0.2.??? enhancement Dec 8, 2015

Nick and I both thought that at least in the past, Tor clients would stop using a relay as their guard, if it loses the Guard flag.

But it looks like the code doesn't do that -- once a relay is your guard, you'll use it in the guard position regardless of whether it has the Guard flag at this moment or not.

This is actually a tricky design decision. In favor of avoiding guards that don't have the guard flag:

  • If they get really slow, we can instruct clients to abandon them.
  • If a relay gets the guard flag for only a short period of time, it will have only a small number of (dedicated) users using it for the next months.

In favor of using non-Guard guards anyway:

  • An attacker can't push you away from your guard by hurting its performance in the eyes of the directory authorities.
  • You won't rotate guards as many times.

That "can't push you away" one looks big. What other aspects should we be considering here?


asn (1 match)

Ticket Summary Component Milestone Type Created
Description
#4626 Very high cpu usage for gabelmoo running with renegotiation-limiting code Core Tor/Tor Tor: unspecified defect Dec 1, 2011

Hey there,

gabelmoo is seeing almost full cpu utilization lately. I'm running openssl1 and libevent master. Traffic is at around 200KB/s, so not very much. Here's a profile for everything over 0.5%:

samples  %        image name               app name                 symbol name
397332   26.8226  libc.so.6                libc.so.6                /home/karsten/debug/libc.so.6
210739   14.2263  libpthread.so.0          libpthread.so.0          __pthread_mutex_unlock_usercnt
157849   10.6559  libpthread.so.0          libpthread.so.0          pthread_mutex_lock
62969     4.2508  tor                      tor                      connection_handle_write
56998     3.8477  tor                      tor                      _openssl_locking_cb
44452     3.0008  tor                      tor                      assert_connection_ok
38146     2.5751  tor                      tor                      connection_bucket_write_limit
37917     2.5597  [vdso] (tgid:17627 range:0x7fffb85ff000-0x7fffb8600000) tor                      [vdso] (tgid:17627 range:0x7fffb85ff000-0x7fffb8600000)
32683     2.2063  tor                      tor                      flush_buf_tls
29224     1.9728  tor                      tor                      connection_is_rate_limited
28245     1.9067  tor                      tor                      connection_bucket_round_robin
25259     1.7052  tor                      tor                      tor_tls_get_error
22309     1.5060  tor                      tor                      tor_tls_write
21562     1.4556  tor                      tor                      assert_buf_ok
20642     1.3935  tor                      tor                      get_options_mutable
19521     1.3178  tor                      tor                      approx_time
19272     1.3010  tor                      tor                      _check_no_tls_errors
19108     1.2899  tor                      tor                      conn_write_callback
18312     1.2362  tor                      tor                      tor_addr_is_internal
14932     1.0080  tor                      tor                      tor_tls_get_forced_write_size
14237     0.9611  tor                      tor                      tor_gettimeofday_cache_clear
12501     0.8439  librt.so.1               librt.so.1               /home/karsten/debug/librt.so.1
11918     0.8045  tor                      tor                      tor_mutex_acquire
11907     0.8038  tor                      tor                      tor_mutex_release
11376     0.7680  tor                      tor                      connection_bucket_refill
9770      0.6595  tor                      tor                      connection_is_listener
9582      0.6468  tor                      tor                      connection_is_reading
9493      0.6408  tor                      tor                      tor_tls_state_changed_callback
9087      0.6134  tor                      tor                      connection_is_writing
8689      0.5866  tor                      tor                      TO_OR_CONN
7890      0.5326  tor                      tor                      connection_state_is_connecting

atagar (1 match)

Ticket Summary Component Milestone Type Created
Description
#16348 Suppress exception chaining when PEP 3134 is merged Core Tor/Stem defect Jun 10, 2015

with tor-0.2.6.9 and stem-1.4.1 I run (rarely) into this :

cat ioerror.stderr.old
Exception in thread Event Notifier:
Traceback (most recent call last):
  File "/usr/lib64/python3.3/site-packages/stem/control.py", line 1758, in get_network_status
    desc_content = self.get_info(query, get_bytes = True)
  File "/usr/lib64/python3.3/site-packages/stem/control.py", line 414, in wrapped
    raise exc
  File "/usr/lib64/python3.3/site-packages/stem/control.py", line 409, in wrapped
    return func(self, *args, **kwargs)
  File "/usr/lib64/python3.3/site-packages/stem/control.py", line 1113, in get_info
    raise exc
  File "/usr/lib64/python3.3/site-packages/stem/control.py", line 1066, in get_info
    stem.response.convert('GETINFO', response)
  File "/usr/lib64/python3.3/site-packages/stem/response/__init__.py", line 135, in convert
    message._parse_message(**kwargs)
  File "/usr/lib64/python3.3/site-packages/stem/response/getinfo.py", line 38, in _parse_message
    raise stem.InvalidArguments('552', 'GETINFO request contained unrecognized keywords: %s\n' % ', '.join(unrecognized_keywords), unrecognized_keywords)
stem.InvalidArguments: GETINFO request contained unrecognized keywords: ns/id/2BCDF9F0BCEFC2A44F7850F92362BA85AA226E1F


During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib64/python3.3/threading.py", line 901, in _bootstrap_inner
    self.run()
  File "/usr/lib64/python3.3/threading.py", line 858, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/lib64/python3.3/site-packages/stem/control.py", line 882, in _event_loop
    self._handle_event(event_message)
  File "/usr/lib64/python3.3/site-packages/stem/control.py", line 3480, in _handle_event
    listener(event_message)
  File "./err.py", line 47, in orconn_event
    relay = controller.get_network_status(fingerprint)
  File "/usr/lib64/python3.3/site-packages/stem/control.py", line 414, in wrapped
    raise exc
  File "/usr/lib64/python3.3/site-packages/stem/control.py", line 409, in wrapped
    return func(self, *args, **kwargs)
  File "/usr/lib64/python3.3/site-packages/stem/control.py", line 1761, in get_network_status
    raise stem.DescriptorUnavailable("Tor was unable to provide the descriptor for '%s'" % relay)
stem.DescriptorUnavailable: Tor was unable to provide the descriptor for '2BCDF9F0BCEFC2A44F7850F92362BA85AA226E1F'

while running this script :

$ cat err.py
#!/usr/bin/python3 -u

#   Toralf Foerster
#   Hamburg
#   Germany

# collect data wrt to https://trac.torproject.org/projects/tor/ticket/13603
#

import time
import functools

from stem import ORStatus, ORClosureReason
from stem.control import EventType, Controller


def main():
  class Cnt(object):
    def __init__(self, done=0, closed=0, ioerror=0):
      self.done = done
      self.closed = closed
      self.ioerror = ioerror

  c = Cnt()

  with Controller.from_port(port=9051) as controller:
    controller.authenticate()

    orconn_listener = functools.partial(orconn_event, controller, c)
    controller.add_event_listener(orconn_listener, EventType.ORCONN)

    while True:
      time.sleep(1)

def orconn_event(controller, c, event):
  if event.status == ORStatus.CLOSED:
    c.closed += 1

    if event.reason == ORClosureReason.DONE:
      c.done += 1

    if event.reason == ORClosureReason.IOERROR:
      c.ioerror += 1

      fingerprint = event.endpoint_fingerprint
      print (" %i %i %i %i %s %40s" % (c.closed, c.done, c.ioerror, event.arrived_at, time.ctime(event.arrived_at), fingerprint), end='')
      relay = controller.get_network_status(fingerprint)
      if relay:
        print (" %15s %5i %s %s" % (relay.address, relay.or_port, controller.get_info("ip-to-country/%s" % relay.address, 'unknown'), relay.nickname), end='')
      print ('', flush=True)

if __name__ == '__main__':
  main()

boklm (2 matches)

Ticket Summary Component Milestone Type Created
Description
#11508 Test that about:tor page is properly loaded Applications/Quality Assurance and Testing enhancement Apr 14, 2014

During the last beta release we realized that some translators translate "about:tor" which breaks it. We should write a test that checks this crucial page is working in built bundles.


#11509 Make sure search engine strings are not translated Applications/Quality Assurance and Testing enhancement Apr 14, 2014

Bug #11236 is caused by translated search engine strings. We should make sure those strings are not translated.


danieleweber7624 (1 match)

Ticket Summary Component Milestone Type Created
Description
#8915 Cannot spoof useragent and vendor Applications/Tor Browser TorBrowserBundle 2.3.x-stable defect May 20, 2013

Can add any way to chage vendor to firefox via general.useragent.vendor?

Seems this only work in firefox 3 or older

Also firefox 17 not update the pref general.useragent.override without restarting the browser, this is actually same bug for newest vesions of firefox.


dgoulet (19 matches)

Ticket Summary Component Milestone Type Created
Description
#17980 Torify/Torsocks - Possible bug with OSX's default curl binary Core Tor/Torsocks defect Jan 3, 2016

OSX default curl binary is not being torified when using torify or torsocks. Using: curl --proxy socks5h://curl:curl@127.0.0.1:9050/ works fine, however, running torify/torsocks curl <url> does not work.

Example:

$ torify curl ifconfig.co/all.json # returns original IP $ curl --proxy socks5h://curl:curl@127.0.0.1:9050/ ifconfig.co/all.json # returns the expected output $ torify curl https://check.torproject.org/ | grep -i congratulations # returns nothing

Torify does work on the Homebrew's curl version with the torify command, but it does not work when running a torify --shell (nor does the default OSX's curl):

$ torify --shell
/usr/local/bin/torsocks: New torified shell coming right up...
$ /usr/local/opt/curl/bin/curl ifconfig.co/all.json # returns my real IP
$ /usr/bin/curl ifconfig.co/all.json # returns my real IP
$ wget ifconfig.co/all.json # returns my real IP too (using homebrew's wget version 1.17.1)

OSX default curl:

$ curl --version
curl 7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets

Homebrew's curl version:

$ /usr/local/opt/curl/bin/curl --version
curl 7.46.0 (x86_64-apple-darwin15.0.0) libcurl/7.46.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets

Apple makes this difficult to debug and find out why, due it's Security Integrity Protection (executables signed with restricted entitlements), so I copied OSX's default curl binary to /tmp, ran [1] then I was able to run btruss on the default curl, however I wasn't able run torify with btruss , since [1] didn't work, btruss output didn't have anything interesting as far as I know.

Attachments: with-torify.txt for the output of sudo torify dtruss ./curl ifconfig.co/all.json and no-torify.txt for sudo dtruss ./curl ifconfig.co/all.json

I am willing to help debug this if needed, but I would like some help to make this easier, since disabling OSX's System Integrity Protection is not a good idea, and apparently code-signing didn't work with me.

[1] codesign -f -s `whoami` curl

OSX version: 10.11.2 (15C50) Torsocks version: Torsocks 2.1.0 Tor version: 0.2.7.6


#18572 prop224: HSDir descriptor cache implementation Core Tor/Tor Tor: 0.2.9.x-final enhancement Mar 17, 2016

This ticket is part of proposal 224 and is for the implementation of the descriptor cache on the HSDir side.


#14322 torsocks fails to wrap setcap binaries Core Tor/Torsocks defect Jan 22, 2015

the Linux 'capabilities' library for allowing non-root users to perform tasks which normally require elevated privileges.

at present the torsocks wrappers have checked for setuid and setgid flags on the binaries it executes and failed closed, throwing an error if this occurs, however there is currently no check to see if the binaries have capabilities applied.

in the case where they do, the LD_PRELOAD set by torsocks is stripped and the program will execute with no warning and without the torsocks wrapper.

as an example of this, the current 'ping' command on my Linux is setcap:

$ getcap which ping /usr/bin/ping = cap_net_raw+ep $ torsocks ping -c 1 torproject.org PING torproject.org (82.195.75.101) 56(84) bytes of data. 64 bytes from 82.195.75.101: icmp_seq=1 ttl=50 time=38.1 ms

the install script which does setcap
setuid here:

https://projects.archlinux.org/svntogit/packages.git/tree/trunk/iputils.install?h=packages/iputils


#16183 torsocks upgrade broke OpenSSH connection sharing Core Tor/Torsocks defect May 25, 2015

After upgrading torsocks, I found that OpenSSH connection sharing did not work correctly anymore. It turned out that the master process (when running using torsocks) keeps file descriptors open which it received from the slave processes.

It turned out that the fd passing check introduced in commit eecc1152a9c8645 is responsible for the issue.


#16308 Attempts to resolve local hostname using tor Core Tor/Torsocks defect Jun 7, 2015

When using torsocks 2.1.0 built from tarball, torsocks attempts to resolve the local machine's hostname using tor.

To reproduce: clone a git repository using torsocks

Result: clone is successful, but produces an error in torsocks after an attempt to resolve the machine's hostname:42 using tor.

ERROR torsocks[pid]: Unable to resolve. Status reply: 4 (in socks5_recv_resolve_reply() at socks5.c:666)


#16349 Need to merge GigHub pull requests Core Tor/Torsocks defect Jun 10, 2015

Please merge all GitHub pull requests: https://github.com/dgoulet/torsocks/pulls

And please close pull request section on GitHub if this isn't the proper location for requests to be filed.


#16934 youtube-dl (recent), torsocks 2.1.0 and TBB5+ failure Core Tor/Torsocks defect Aug 31, 2015

ERROR torsocks[29369]: [socks5] Resolve destination buffer too small (in socks5_recv_resolve_reply() at socks5.c:690) ERROR: Unable to download webpage: <urlopen error [Errno -4] Non-recoverable failure in name resolution> (caused by URLError(gaierror(-4, 'Non-recoverable failure in name resolution'),))

The error changes over time. But it is mostly in this range. With a fresh restart the problem goes away, but it is back after some time blocking all requests.

Stopping any TBB5 running and starting TBB4.5.3 makes everything go smooth again.

Besides TBB, nothing changes in the configuration.


#16991 I think I've figured out why torsocks-ci-linux is failing on Jenkins! Core Tor/Torsocks defect Sep 6, 2015

So, the tests seem to assume that there is a tor process running that can receive their queries, and that it's on the internet, and that while on the internet it can connect to the Tor network.

Not crazy I guess!

But FWICT the Jenkins builder hasn't launched a Tor process, or has shut off access to the network. I guess that's why it's failing in test_dns.c

So, the question:

Q1. Does torsocks really require for its tests that there exist a Tor process on port 9050 with access to the internet?

If the answer to Q1 is no, there is a bug in torsocks.

If the answer to Q1 is yes, there are three possible solutions I see:

S1. Change torsocks so that no tests require a running Tor with access to the internet. S2. Change the Jenkins configuration so that it launches a tor client process for the torsocks test to use. S3. Divide the torsocks tests into the ones that need a Tor connected to the network, and the ones that do not. Only run the ones that do not when we're running under Jenkins.


#17936 torsocks fails open on Mac OS X 10.11 Core Tor/Torsocks defect Dec 25, 2015

I am running OSX 10.11 and since the update I just noticed that torsocks is failing to torify connections.

Here are the details of my system:

$ torsocks --version
Torsocks 2.1.0

$ uname -a
Darwin XXX 15.0.0 Darwin Kernel Version 15.0.0: Sat Sep 19 15:53:46 PDT 2015; root:xnu-3247.10.11~1/RELEASE_X86_64 x86_64

$ sw_vers -productVersion
10.11.1

Doing a cursory search into what may be the causes for this problem it seems like a security "feature" introduced in OSX 10.11 is to blame for this behaviour called System Integrity Protection [1]. Looking around there are other people complaining about the fact that DYLD_INSERT_LIBRARIES doesn't work in OSX 10.11 [2]. This stackoverflow article does a nice summary of what can be done and can't be done due to SIP: http://apple.stackexchange.com/questions/193368/what-is-the-rootless-feature-in-el-capitan-really.

I am not sure what can be done to overcome this limitation in the latest version of OSX, but I think that at least torsocks should implement a check for the OSX version and if it's greater than 10.10 it fails closed (without doing the non-torified request).

[1] https://developer.apple.com/library/mac/documentation/Security/Conceptual/System_Integrity_Protection_Guide/Introduction/Introduction.html

[2] https://groups.google.com/a/chromium.org/forum/#!topic/crashpad-dev/MafauT4BHSY


#11579 Torsocks should support Java Core Tor/Torsocks enhancement Apr 21, 2014

Right now Java programs run with torsocks have their network calls dropped, or sometimes crash. Torsocks should force Java programs to use Tor. This could be done by setting the proxy settings in the JVM with -DsockProxyHost=127.0.0.1 -DsocksProxyPort=8080. To ensure proxy obedience for DNS calls, torsocks might implement a DNS provider that uses SOCKS for resolution, add that to the classpath, and use it to override the DNS provider the JVM uses at runtime.


#11723 Support res_* API of libresolv Core Tor/Torsocks enhancement May 4, 2014

It's still unclear to me if that library is still distributed or/and maintained but some application still use it either compiled in or shared. I can't find that library in a recent Debian system.


#11724 Check recvmmsg() FD passing on Unix socket for TCP socket Core Tor/Torsocks enhancement May 4, 2014

recvmsg() is supported as of now. A full exit should be done here because Torsocks can't handle this inet socket with Tor.


#11727 Support shared onion pool for DNS resolution in separate process Core Tor/Torsocks enhancement May 4, 2014

So it turns out that in irssi is doing DNS resolution in an other process and passing the result back to the first process which will make the connection.

This means that the two process have two distinct onion pools so the process doing the DNS resolution will store the onion address with the reserved cookie but the other process, when connecting using that cookie, will be unable to find the onion address in its pool.

One solution I have in mind is to create that onion pool in a shared memory (SHM) and hijack the clone/fork symbol so when we detect a new process we can set the onion pool reference in it thus sharing the pool across processes that have a common parent.

I have a PoC that works but maybe there could be an IPC approach instead.


#13184 Add an option to whitelist networks Core Tor/Torsocks enhancement Sep 17, 2014

This warning is possible for anything socket trying to connect to a localhost address.

WARNING torsocks[12360]: [connect] Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it for safety reasons. (in tsocks_connect() at connect.c:177)

We should implement a whitelist mechanism so the user can tell which local network is allowed such as localhost.


#13207 Is rend_cache_clean_v2_descs_as_dir cutoff crazy high? Core Tor/Tor Tor: 0.2.??? enhancement Sep 21, 2014
  time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW;

That's currently 3 days.

Yet

config.c:  V(RendPostPeriod,              INTERVAL, "1 hour"),

So we expect our current one to get overwritten once an hour, yet if the hidden service goes away (stops publishing) we continue to serve its old (presumably no longer working) descriptor for 71 more hours.

One downside to this poor tuning is that we waste the time of clients who try to access the hidden service -- if we instead tell them there is no descriptor, they could go to another hsdir or give up more promptly.

One upside is that if we say we don't have one, clients *will* go visit five other hsdirs before giving up, which could result in a lot of thrashing. Whereas providing an old one will keep the client distracted for a while. But that's not really a good reason.

Another downside is that it's easier to stuff our cache full of things, i.e. use hsdirs for arbitrary storage of blobs for three days.


#18295 Make shared random rounds configurable in test networks Core Tor/Tor Tor: 0.2.9.x-final enhancement Feb 10, 2016

From #16943: Replying to dgoulet:

Replying to teor:

A hard-coded SHARED_RANDOM_N_ROUNDS is going to make it really hard to test hidden services quickly using chutney. (We'll always be testing them using the default initial shared random value.) Can we make this configurable in test networks?

#define SHARED_RANDOM_N_ROUNDS 12

The part I do not like about changing this value for testing network is that we do NOT get the real behavior of the protocol... I'm not against for a testing value but I would do that after merge in a separate ticket.


#19024 prop224: Refactor rend_data_t so be able to use multiple HS version Core Tor/Tor Tor: 0.2.9.x-final enhancement May 10, 2016

Break rend_data_t into something that could looks like this (or maybe without a union...):

struct rend_data_t {
  uint32_t version; /* XXX: Maybe not necessary if our code flow doesn't
                     * require us to learn the version through that data struct. */
  union {
    hs_data_v2_t v2;
    hs_data_v3_t v3;
  } hs;
};

Once we have such construction, we can use v3 with that data structure more cleanly.


#19407 Support FD passing on Unix socket Core Tor/Torsocks enhancement Jun 13, 2016

Multiple issues need FD passing through a Unix socket to work: #8585, #16183

It's maybe possible to support this safely. My intuition is that we might be able to get it work by passing some cookies in the ancillary data so we can recognize the sendmsg() with the recvmsg(). Maybe!?...


#18515 Refactoring routerparse.c/.h, hidden services parser in a seperate file Core Tor/Tor Tor: 0.2.9.x-final enhancement Mar 10, 2016

Took out the hidden services related functions to their own file out of routerparse.c/.h into rendparse.c/.h. Put the common functions/definitions in parsecommon.c/.h.


erinn (2 matches)

Ticket Summary Component Milestone Type Created
Description
#1873 Automate RPM package builds Core Tor/RPM packaging Deliverable-December2010 task Aug 26, 2010

Currently we distribute RPMs for vidalia and tor in our repositories. Building these is a lot less pleasant, and much slower, than building debs because of the overhead involved in launching VirtualBox VMs. This process needs to be streamlined first, either by finding a new solution to deal with RPM-based distributions, or VB needs to stop being recalcitrant and let me launch VMs headlessly.

The Tor spec file in my packaging-improvements branch (https://gitweb.torproject.org/erinn/tor.git/shortlog/refs/heads/packaging-improvements) has been generalized enough that it now builds on all of the distributions without any manual fiddling, but the init script still needs to be improved. When I add those, I'll move this to needs_review so it can be merged into Tor master which will streamline the autobuild process as well.


#1877 Create repository and package signing keys Applications/Tor bundles/installation Deliverable-December2010 task Aug 26, 2010

If we're going to be offering users nightly/weekly package builds, we want to offer them some modicum of proof that they came from us, and are what they claim to be, to the best of a robot's ability to verify them. The current plan is that all release builds/packages will be signed by hand, but for the nightlies/weeklies/whateverlies we need to create signing keys that can sign things automatically.


feynman (1 match)

Ticket Summary Component Milestone Type Created
Description
#9022 Create an XMPP pluggable transport Obfuscation/Pluggable transport task Jun 5, 2013

We should look into XMPP pluggable transports. There are many public XMPP services that see widespread use even from censored countries.


ficus (3 matches)

Ticket Summary Component Milestone Type Created
Description
#3664 Tor web interface for the DreamPlug Archived/Torouter task Jul 29, 2011

We need a Tor web interface for the DreamPlug, as discussed at the Tor dev meeting in Waterloo, Canada earlier this week.


#6686 torouter IPv6 support Archived/Torouter enhancement Aug 24, 2012

This is a placeholder/discussion ticket for IPv6 support with torouter. IPv6 support is not a blocker or high priority at this time, and there is some concern about trusting "new" IPv6 daemons and code paths (citation needed!).

One way way IPv6 would work is that "downstream" devices connecting to the torouter (over the open wifi network or the local ethernet port) would auto-configure addresses from a site-local prefix (not globaly routed) and the torouter (via tsocks) would effectively provide NAT. With this scheme it would be possible to enable "downstream" IPv6 connectivity without proper "upstream" support (or vica versa).

"Upstream" IPv6 would require at least:

  • tor network and daemon support (roadmap)
  • ntp client support
  • automatic SLAAC/DHCPv6 configuration

Presumably SLAAC would use a randomized address (not based on the ethernet MAC address). Bootstrap upstream DNS could go straight to global DNS servers known to return both AAAA records and reply to requests over IPv6.

"Downstream" IPv6 would require at least:

  • a (hardened?) radvd
  • IPv6 configuration and support of the onboard recursive DNS servers (ttdnsd, unbound, dnsmasq)
  • support in tsocks
  • appropriate firewall rules
  • extension of the web interface to display and configure IPv6 options

In either case, kernel and iptable support would need to be enabled and the web interface extended to display and configure IPv6 options.


#6687 torouter dreamplug update to debian wheezy and 3.2 kernel Archived/Torouter enhancement Aug 24, 2012

wheezy (debian testing) probably be released in the next few months, so it seems reasonable to develop torouter for that target to ensure stability over the next few years. Also, several DreamPlug-specific changes were upstreamed into the mainline kernel and are present in wheezy.

AFAIK the required code changes would be updating the freedom-maker folder in torouter.git to a more recent version (either directly from b'dale or from nickdaly's version on github), redo source.list entries (backports not necessary?), and test that all required packages exist and function as expected under wheezy.

One road-blocker is that the more recent kernel seems to require an updated version of the u-boot bootloader on the DreamPlug, and the upgrade process requires the

The WiFi chipset still requires some third-party firmware and kernel module compilation (uap8xxx.ko == libertas_uap) with the 3.2 kernel.

Thoughts?


hellais (1 match)

Ticket Summary Component Milestone Type Created
Description
#12823 Design and implement new deck format Metrics/Ooni enhancement Aug 7, 2014

The current test deck format has some limitations.

These are namely:

1) There is no way of making an input be part of the test deck itself

2) The format is too verbose and contains redundant information (all of the ooniprobe command line options need to be explicitly specified)

For this reason I think we should have a new format that makes it possible to include inputs as part of the test deck. The test deck should therefore be a compressed container (tar and gzip seem to be good candidates as they are well supported in python).

It should then be possible to reference input files that are part of the test deck itself.


hiviah (1 match)

Ticket Summary Component Milestone Type Created
Description
#13915 Tor no longer requires openssl on el7 Core Tor/RPM packaging defect Dec 8, 2014

The openssl libraries have been removed from the openssl package in el7. They are now in openssl-libs. The el7 rpms published in the Tor repo at https://deb.torproject.org/torproject.org/rpm/el/7/ are still configured to require "openssl >= 0.9.8". This forces openssl to be installed on systems that don't actually need it.


hkannan (1 match)

Ticket Summary Component Milestone Type Created
Description
#17740 Unit Tests for Recent Consensuses Core Tor/Tor enhancement Dec 2, 2015

It would be great to have unit tests for the functions that return a recent consensus:

Mock:

  • networkstatus_get_latest_consensus_by_flavor

Test:

  • networkstatus_get_latest_consensus
  • networkstatus_get_reasonably_live_consensus
  • networkstatus_consensus_is_boostrapping

irl (7 matches)

Ticket Summary Component Milestone Type Created
Description
#13350 Provide ooni-backend packages for Debian Metrics/Ooni task Oct 7, 2014

A check to determince the package dependencies requirements. Do I miss anything?

package exp. version status Debian version
pyyamlunspec.OKstable:3.10-4
python-twisted>=12.2.0OKstable-bpo:13.2.0-1
python-cyclone>1.1OKtesting:1.1-1
python-ipaddr>2.1.10OKstable:2.1.10-1
python-geoip>=0.2.6OKstable:1.2.4-2
transaction>=1.4.1OKtesting:1.4.3-3
python-txtorcon>=0.7OKstable-bpo:0.11.0-1
pyopenssl>=0.13OKstable:0.13-2
zope.component>=4.0.0OKtesting:4.2.1-2
zope.event>=4.0.0OKtesting:4.0.3-2
zope.interface>=4.0.1OKtesting:4.1.1-2
python-pysqlite2>=2.6.0OKstable:2.6.3-3
service-identityunspec.OKtesting:1.0.0-3

#6787 Make homepage more informative/intuitive Metrics/Atlas enhancement Sep 7, 2012

I visited http://atlas.torproject.org/ and noticed that "learn more" links me to http://atlas.torproject.org/?#about - as a first time user, I would have expected that to take me to learn more about the network, not the software.

Perhaps there is a nice page with some interesting summary graphs that might be a better landing page?


#7414 Test helper for Two Way traceroute Metrics/Ooni enhancement Nov 8, 2012

When a client requests a two way traceroute test helper a traceroute from the collector to the client should be initiated.


#10883 Atlas should explain how users can search for their bridge Metrics/Atlas enhancement Feb 11, 2014

There could be a link "how do I search for my bridge", or similar, that explains how to find their bridge's fingerprint and run it through SHA-1 before searching for it in Globe.


#19452 Make single request for Onionoo details document Metrics/Atlas enhancement Jun 20, 2016

This ticket came out of the discussion over at #15395. Quoting Karsten:

Rather than making 1 request for an Onionoo summary document and then n requests for full Onionoo details documents, let's make a single request for 1 Onionoo details document. Exact parameters are subject to further discussion but would include limit=51 (50 results max and 1 to see if there are even more), fields=... (all fields we'd like to display in the results table), search=... (whatever we pass to the summary request right now), and maybe more.


#19363 We should check for dead links in the website User Experience/Website task Jun 9, 2016

Following on from #19359, I suspect that similar problems are present in the website.

W3C have a link checker utility that could be run from a Jenkins job.

http://search.cpan.org/dist/W3C-LinkChecker/

I have a local Jenkins instance to experiment with this. If it proves to be effective/useful we can consider moving this to jenkins.tpo.

Sebastian noted in IRC that some failures may be temporary and each failure would require individual investigation. In any documentation we should note that we should never automate fixes, even where there are permanent redirects in place (a redirect may occur simply because the content doesn't exist anymore and it just takes you to a home page for instance).


#9768 The CSS used on Atlas should be responsive Metrics/Atlas enhancement Sep 18, 2013

my request is finetuning on atlas:

https://atlas.torproject.org/#details/[FINGERPRINT] on a mobile device, two columns would result in a better view.


isis (1 match)

Ticket Summary Component Milestone Type Created
Description
#12802 BridgeDB needs Nagios checks for the Email Distributor Obfuscation/BridgeDB enhancement Aug 6, 2014

BridgeDB needs Nagios checks that the Email Distributor is working. The best way to do this would be to send an email to bridges@… which say "get help".


iwakeh (9 matches)

Ticket Summary Component Milestone Type Created
Description
#19169 verify, correct and extend runtime statistics Metrics/CollecTor defect May 25, 2016

see Analysis Part 2 for background information.

  • verify current stats
  • avoid ambiguous log statements
  • maybe, separate stats for download and import
  • ...

#19170 make parsing more robust (extra-info) Metrics/CollecTor defect May 25, 2016

Almost all of the "Could not parse" warnings on the CollecTor mirror are caused by SweTor247.

It seems that some of the country codes use non-ascii characters. The code parsing this information is here.

Shouldn't the parser just replace the problematic characters by a default character and thus keep the readable information?

I'll add a stack trace when this happens again.


#15753 add performance tests to Onionoo's project structure and add the corresponding Ant task Metrics/Onionoo enhancement Apr 21, 2015

Make room for performance tests somewhere in src/ and write a separate Ant task to run them. (see parent #13616)


#18865 actively monitor resources like available storage space Metrics/CollecTor enhancement Apr 21, 2016

As the two incidents of at least temporary losses/unavailability of descriptors were due to insufficient memory (cf. here, a timed tasked should check this (and possibly other parameters) at regular intervals (preferably in a timely manner before the next run) and raise the red flag when a problem is visible.

Might this be useful? Or is storage only a current problem?


#18730 provide guidelines for the Metrics Team's java projects Metrics/CollecTor task Apr 6, 2016

This is the parent issue for defining

  • contributor's guidelines
  • coding style guidelines
  • release process description
  • (more?)

for java projects.

This issue serves for discussing "meta" questions like finding a central location and defining the structure.

The central place could be another git repository metrics-team-meta (or some better title), which could hold all documents like coding style guides for the various languages used by the Metrics-Team, guides and documents covering more than one Metrics-Team project, and other docs like the road-map.)


#18732 describe release process for java projects Metrics/CollecTor task Apr 6, 2016

The Release Process description should be based on existing documentation:

metrics-lib's CONTRIB.md

and after completion be referenced by metrics-lib's README


#18734 Installation Guide for Operators Metrics/CollecTor task Apr 6, 2016

adapt the existing document


#18798 analysis of descriptor completeness Metrics/CollecTor task Apr 12, 2016

I started a wiki page here.


#18955 javadoc coverage checkstyle warnings Metrics/CollecTor task May 3, 2016

How much javadoc is necessary for CollecTor?

Currently, there are many checkstyle warnings about missing javadoc. To what extend should javadoc be added or the rules weakened?

Some Examples

Many public methods are not accompanied by javadoc, for example:

  public BridgeDescriptorParser(SanitizedBridgesWriter sbw)
  public void parse(byte[] allData, String dateTime) 
  public ArchiveWriter(Configuration config)
  public static void main(String[] args)
  public void storeVote(byte[] data, long validAfter,
      String fingerprint, String digest,
      SortedSet<String> serverDescriptorDigests)

Some simple comments could be turned into javadoc

  /* Delete all files from the rsync directory that have not been modified
   * in the last three days. */
  public void cleanUpRsyncDirectory()

The following should not be a warning:

  /**
   * Should we try to download the current microdesc consensus if we don't
   * have it?
   */
  private boolean downloadCurrentMicrodescConsensus;

leads to the checkstyle warning First sentence of Javadoc is incomplete (period is missing) or not present. [SummaryJavadoc]

General Questions

Only document public? Let getters/setters go without javadoc? Try to use readable code instead of additional javadoc? ...

Thoughts?


karsten (5 matches)

Ticket Summary Component Milestone Type Created
Description
#15798 details document differences: empty list shown differently Metrics/Onionoo defect Apr 24, 2015

Karsten asked me to open a ticket for this, so I do.

Torprojects instance says: "flags":[] cthulhu's instance says: "flags":[""]


#17430 Top 10 countries graph Metrics/Metrics website defect Oct 27, 2015

on the main user stat page, we have the list of top ten countries connecting directly to Tor. and on the left side of the table, there's a huge white space.

Now I don't know if it's been left blank intentionally or not, but it'd be great to have a graph showing all the top ten countries with different colors on it.


#18663 Onionoo doesn't send certain headers on even-numbered responses Metrics/Onionoo defect Mar 28, 2016

When I load this URL, the first time I get meaningful output:

Screenshot of the 1st, 3rd, 5th, etc. time loading.

But if I hit Ctrl+R to refresh, I get this garbled (maybe compressed?) output instead:

Screenshot of the 2nd, 4th, 6th, etc. time loading.

If I refresh again, it goes back to the readable version, and if I refresh yet again, it switches back to the garbled version. I can keep switching back and forth.

The same happens if I click the refresh icon in the address bar. I tried it in Tor Browser 6.0a4 and Chromium 49.0, and it happens in both.

The garbled version additionally causes this to be printed to the console:

The character encoding of the plain text document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the file needs to be declared in the transfer protocol or file needs to use a byte order mark as an encoding signature.

With another type of document, namely https://onionoo.torproject.org/details?lookup=88F745840F47CE0C6A4FE61D827950B06F9E4534, the text remains readable while repeatedly refreshing, but the "character encoding" message appears in the console in alternating refreshes.


#14862 agregate *BSD in relays by platform (and future bandwidth by platform) Metrics/Metrics website enhancement Feb 11, 2015

Hi,

the metrics page currently shows the following platforms on the relay by platform graph:

  • Linux
  • Darvin
  • Windows
  • FreeBSD
  • Other

https://metrics.torproject.org/platforms.html

What do you think about chaning this to

  • Linux
  • Darvin
  • Windows
  • *BSD (includes: FreeBSD, OpenBSD, NetBSD, DragonFlyBSD)
  • Other (which would be SunOS + the ones that have an unknown platform)

current numbers for *BSD: FreeBSD: 204 OpenBSD: 60 NetBSD: 8 DragonFlyBSD: 2

(Background for this feature is that I would like to increase platform diversity by adding *BSD boxes and if they are agregated than they might be even noticable in the graphs.)


#6856 new graph: bandwidth by major Tor version and bandwidth by recommended flag Metrics/Metrics website enhancement Sep 15, 2012

It would be nice to have a graph similar to [1] but replacing the number of relays with overall traffic share.

example (numbers completely made up): 0.2.4 is handling 15% of the traffic 0.2.3 is handling 40% of the traffic ...

[1] https://metrics.torproject.org/network.html#versions


lunar (6 matches)

Ticket Summary Component Milestone Type Created
Description
#10755 Provide support through webchat User Experience/Tor Support task Jan 27, 2014

When doing support, there are some situation where it would be better to switch to a communication medium with lower latency than email. Having a way to do text based chats with our users sounds like a good idea.

This will be implemented by using an XMPP server allowing anonymous connections from a web interface on one side, and have the support team get accounts.

Users will be given access to chat-based support on an invitation basis. Support assistants will be able to create invitation “tokens” and will give out URLs to users when they need to.

This is part of SponsorO's deliverables.


#10890 Redirect “get bridges” messages automatically User Experience/Tor Support task Feb 11, 2014

Users keep sending messages with “get bridges” to the help desk instead of sending them to BridgeDB. It's painful.

It would be best to automatically detect such emails and bounce them to BridgeDB without human intervention.

“Scrip” will need to be written in RT. Interesting bits of the documentation: http://requesttracker.wikia.com/wiki/WriteCustomAction http://requesttracker.wikia.com/wiki/ReplyBasedUponContent http://requesttracker.wikia.com/wiki/SendEmailAction


#10936 Document support policy about “rejected” tickets User Experience/Tor Support task Feb 18, 2014

Karen would be happy if we can give stats regarding tickets we can't answer because users are asking to help them with illegal matters. “rejected” sounds like a good status for those. Let's talk and document this.


#10966 Define a process on how new support assistants can be accepted in the team User Experience/Tor Support task Feb 20, 2014

The switch from having a single person handling all support request to a team was made through recruiting support assistants as a contracting position. It would be good to define a process on how new people can get accepted in the team. It's mostly a question of trust and probably we need to define a vouching process and a set of people that need to ack the decision.


#11177 Extract “time to reply” from the RT database User Experience/Tor Support task Mar 10, 2014

In order to show nice charts to the sponsor, it would be good if we could extract from the RT database the time between a new message arrives on the help desk and the time to a reply.

Ideally, this should then be broken by ranges: eg. x% under 1 hour, y% 1-2 hours, etc.


#11355 Provide obfsproxy nightlies in our debian repositories Obfuscation/Obfsproxy task Mar 28, 2014

People are asking for obfsproxy nightlies (#10954). It would be brilliant if people could add our debian repo, and get the latest obfsproxy master through it.

How can I help you do this?

No hurry on this one. I mainly made this ticket because #10954 was not very specific.

Thanks!


mikeperry (1 match)

Ticket Summary Component Milestone Type Created
Description
#2161 Allow subscription to external rule feeds HTTPS Everywhere/EFF-HTTPS Everywhere enhancement Nov 6, 2010

The ultimate direction we want to go is towards an adblock plus model, where people can subscribe to rule feeds that are relevant to them, maintained by third parties. This involves both altering our XML schema to include a 'rulefeed' envelope tag, and adding a bit of UI to add and manage subscription urls.

It also depends upon a few enhancements being completed first. These are in the child ticket list below:


n8fr8 (7 matches)

Ticket Summary Component Milestone Type Created
Description
#2424 Android purges firewall rules after network disable/airplane mode. Applications/Orbot defect Jan 22, 2011

Setting my phone to disable data access and/or enable airplane mode seems to cause the transproxy iptables rules created by OrBot to get silently flushed. After re-enabling, all apps access everything without tor, until I go into the orbot config screen to cause it to reapply them.

OrBot should listen for these network disable/loss/disconnect events if possible, and reinstate the iptables rules after this happens.

Someone should also test if switching from cell data to+from wifi also triggers this iptables reset. I have not tested that yet.


#3595 Connections with IPv4-mapped IPv6 addresses bypass transproxy Applications/Orbot defect Jul 14, 2011

A user (DEplan on #guardianproject) reported that Gibberbot was using his real IP despite Orbot's transproxy being turned on; further research led to the conclusion that recent releases of Android seem to use IPv4-mapped IPv6 adresses for a large portion of connections. For examples, please see http://pastebin.com/Z4KDDq40. These connections completely bypass transproxy.

I am not yet sure about the circumstances under which Android employs these addresses.

The problems in finding a solution are that Android usually does not include ip6tables (though Orbot could simply package that) and kernels do usually not include IPv6 netfilter modules. The latter is a major issue, since Orbot can't package modules for every single kernel a user might be running.

As a side note, IPv6 does not support NAT (which is what transproxying is based on).

I'll try to figure out what triggers this behaviour of Android and find possible solutions (using sysctl to disable IPv6 does not solve it).


#5393 orbot relay bug - orbot is not setting the relay values into torrc properly causing orbot to not work when set as relay Applications/Orbot defect Mar 15, 2012

This is about the bug discussed with 'n8fr8' on #guardianproject at freenode. So, the relay functionality you said was broken and needs to be fixed for 'orbot' on smartphones. I checked with the orbot version '0.2.3.10-alpha-orbot-1.0.7-FINAL' and you have checked with the 'dev branch of the code' as you said (i suppose that means you have checked with latest version of code by compiling and running the latest updated version from git; i will do it too and let you know again). But none seemed to work. In fact, you said you were getting a more significant crash, when you enabled relaying on smartphone for dev branch of code. You also thought if the problem is: whether the Relay conflict is with transproxying/root or with Tor client connection in general. But, i'm not sure if it later seemed not to be the problem. Then, you told me to change the torrc file on my android phone, as you said that orbot is not setting the relay values properly which might be the reason for orbot not working as a relay on smartphone. So, I will do that and let you know about it. I will also keep checking 'https://guardianproject.info/builds/Orbot/' to see if any new dev/debug release is posted. Thankyou so very much for all your help, Mr.Nathan.


#2761 Orbot Service not shutting down Applications/Orbot defect Mar 15, 2011

Behaviour: When closing tor network with big Button and exiting Orbot after tor is "deactivated", privoxy is still running and the Orbot service is not stopped.

Actions:

  • Killing Privoxy from shell stops the privoxy process (OK)
  • Killing Orbot process simply restarts the process (BAD)

Env:

  • Running Orbot v1.0.4.1
  • Android Froyo 2.2.1 speedmod kernel
  • Samsung Galaxy

#3775 Permission error on Orbot Applications/Orbot defect Aug 21, 2011

There's some kind of problem with permissions in Orbot. I'm not sure if this happens only to me, but when I try to start Tor, it cannot access cache/control_auth_cookie. I can chmod it every time, but it is a bit annoying.


#5469 Orbot: can't specify node restrictions Applications/Orbot defect Mar 24, 2012

I'm using Orbot (v0.2.3.10-alpha-1.0.7-FINAL, on Android ICS v4.0.1) and I can't seem to get the exit node I request. In the Exit and Entrance Node fields I have "{us}" entered, yet sometimes I get IP's outside the US. Yesterday I got a UK ip.

Also, at random (usually after 30 minutes or so) I seem to lose connection to the Tor network without Orbot notifying me. I'm using Pandora from Canada.


#5700 Make/modify VoIP applications to work better on Tor Metrics/Analysis project Apr 30, 2012

Depending on how hard it will be to make Tor handle VoIP applications people already want to use (#5699), we should explore how much mileage we can get out of making our own or modifying existing VoIP applications to work better on Tor. One example here is Roger's "push to talk" not-actually-realtime-but-close VoIP wishlist item that Nathan is working on.


nickm (19 matches)

Ticket Summary Component Milestone Type Created
Description
#4588 Tor + bufferevents hang on with cpu at 100% Core Tor/Tor Tor: unspecified defect Nov 27, 2011

Hi,

After the last Tor update yesterday, Tor hang on with all cpu's at 100%. It look like that this problem appear after a couple hours and make the relay out of consensus too.

Tor version : "0.2.3.8-alpha-dev (git-58d1aa44023e8b45)" Libevent git version: commit f3b89dec9eac2cf4000c8dc9467abdbf27121674 I running Kubuntu Lucid 10.02.4 LTS bufferevents enabled vidalia 0.31-git OpenSSL 1.0.0e 6 Sep 2011

This problem was never appear before

Best Regards

SwissTorExit


#17278 Fix malleable relay crypto Core Tor/Tor Tor: 0.2.??? defect Oct 7, 2015

This has been an annoyance in our protocol for entirely too long. Once we have a solid proposal (#5640) for this, we should implement it posthaste.


#19470 Match 15055_wip commits to #15055 subtickets Core Tor/Tor Tor: 0.2.9.x-final defect Jun 20, 2016

Some parts of #15055 are done; I should figure out which.


#17289 Overall Tor test coverage very high... over 75%? Core Tor/Tor Tor: 0.2.9.x-final enhancement Oct 7, 2015

Right now the overall test coverage (stem, network, unit) is something like 69%. We have committed to raise it as high as possible ... over 75%?

This is a deliverable for October 2016.


#18637 Have OOM handler look at all memory consumption, not just some Core Tor/Tor Tor: 0.2.9.x-final enhancement Mar 25, 2016

Just because our OOM handler doesn't know how to free every kind of memory we allocate, doesn't mean we shouldn't teach it to consider our total allocation when deciding that we're low on memory.

For platforms where malloc() can return NULL, we could have it look at that too.


#1749 Split relay and link crypto across multiple CPU cores Core Tor/Tor Tor: unspecified project Jul 29, 2010

Right now, Tor does nearly all of its work in one main thread. We have a basic "CPUWorker" implementation that we use for doing server-side onionskin crypto in a separate thread, but thanks to improvements long ago, server-side onionskin crypto on longer dominates. If we could split the work of relay AES-CTR crypto and SSL crypto across multiple threads, that would be pretty helpful in letting high-performance servers saturate their connections. (Blutmagie has wanted this for some while.)

Child Tickets:

#1760
Parallel Crypto: Design a good crypto parallelization plan and architecture


#3428 Control port may emit log messages in the middle of another event/reply Core Tor/Tor Tor: unspecified defect Jun 18, 2011

If the following call to connection_printf_to_buf in handle_control_getinfo in src/or/control.c fails, it may emit a LOG control-port event in the middle of a reply:

    if (!strchr(v, '\n') && !strchr(v, '\r')) {
      connection_printf_to_buf(conn, "250-%s=", k);
      connection_write_str_to_buf(v, conn);
      connection_write_str_to_buf("\r\n", conn);
    } else {

I expect that other output functions can emit log messages in the middle of a control port event or reply, too. We should make sure that never happens, by making all control-port code build each complete reply/event in a separate buffer before writing any of it out, and adding an event/reply queue to the control_connection_t structure.


#16579 (Sandbox) Caught a bad syscall attempt (syscall socket) Core Tor/Tor Tor: 0.2.??? defect Jul 14, 2015

I'm running tor on Gentoo Hardened. The bug exists in 0.2.6.7 and 0.2.7.1-alpha. tor crashes within seconds of starting, before any clients can connect I think.

Jul 14 13:13:07.000 [notice] Tor 0.2.7.1-alpha (git-df76da0f3bfd6897) opening log file.
Jul 14 13:13:07.182 [notice] Tor v0.2.7.1-alpha (git-df76da0f3bfd6897) running on Linux with Libevent 2.0.22-stable, OpenSSL 1.0.1p and Zlib 1.2.8.
Jul 14 13:13:07.182 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jul 14 13:13:07.182 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Jul 14 13:13:07.182 [notice] Read configuration file "/etc/tor/torrc".
Jul 14 13:13:07.187 [notice] Opening Socks listener on 127.0.0.1:9050
Jul 14 13:13:07.187 [notice] Opening Socks listener on 127.0.0.1:9056
Jul 14 13:13:07.187 [notice] Opening Socks listener on 127.0.0.1:9055
Jul 14 13:13:07.187 [notice] Opening Control listener on 127.0.0.1:9015
Jul 14 13:13:07.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jul 14 13:13:07.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jul 14 13:13:07.000 [notice] Bootstrapped 0%: Starting

============================================================ T= 1436875987
(Sandbox) Caught a bad syscall attempt (syscall socket)
/usr/bin/tor(+0x142148)[0x4bb7bc8148]
/lib64/libc.so.6(socket+0x7)[0x3adc706ea07]
/lib64/libc.so.6(socket+0x7)[0x3adc706ea07]
/lib64/libc.so.6(+0xf16a0)[0x3adc70686a0]
/lib64/libc.so.6(__vsyslog_chk+0x3ef)[0x3adc7068aff]
/lib64/libc.so.6(__syslog_chk+0x89)[0x3adc7068df9]
/usr/bin/tor(+0x135bb0)[0x4bb7bbbbb0]
/usr/bin/tor(tor_log+0xd0)[0x4bb7bbc680]
/usr/bin/tor(control_event_bootstrap+0x1e4)[0x4bb7b7ba74]
/usr/bin/tor(do_main_loop+0x84)[0x4bb7abe234]
/usr/bin/tor(tor_main+0x16c5)[0x4bb7ac1225]
/lib64/libc.so.6(__libc_start_main+0x114)[0x3adc6f97134]
/usr/bin/tor(+0x34519)[0x4bb7aba519]
$ uname -r
3.18.9-hardened

This bug has been reported downstream: https://bugs.gentoo.org/show_bug.cgi?id=550302. It occurs with the following torrc:

#
# Minimal torrc so tor will work out of the box
#
User tor
PIDFile /var/run/tor/tor.pid
Log notice syslog
Log notice file /var/log/tor/log
DataDirectory /var/lib/tor/data
SandBox 1

SocksPort 9050
SocksPort 9056 IsolateDestAddr IsolateDestPort
SocksPort 9055

ControlPort 9015
CookieAuthentication 1

By commenting out "Sandbox 1" or unsetting it, tor will obviously run without crashing.


#18211 No interned sandbox parameter found for /var/lib/tor/keys/ed25519_signing_secret_key_encrypted Core Tor/Tor Tor: 0.2.7.x-final defect Feb 2, 2016

When I use the "Sandbox 1" option in my torrc for an exit node, I get the following :

[warn] sandbox_intern_string(): Bug: No interned sandbox parameter found for /var/lib/tor/keys/ed25519_signing_secret_key_encrypted (on Tor 0.2.7.6 ).

The file is probably missing from the whitelist ?


#18321 Exclude our own vote from the consensus if we think our own vote is invalid Core Tor/Tor Tor: 0.2.??? defect Feb 16, 2016

We're creating a vote that is invalid, but try to make a consensus anyway like nothing's wrong. Then we fail doing that as described above.


#19298 Have tor-guts describe containers Core Tor/Tor Tor: 0.2.9.x-final defect Jun 6, 2016

#19299 Document memory-related parts of src/common in tor-guts Core Tor/Tor Tor: 0.2.9.x-final defect Jun 6, 2016

#19329 Integrate callgraph complexity measures into our regular process Core Tor/Tor Tor: 0.2.9.x-final defect Jun 7, 2016

Unless we track the size of the largest cycles in our code, big cycles may return


#6836 Chop functionality out of routerlist.c Core Tor/Tor Tor: 0.2.??? enhancement Sep 13, 2012

In my branch "split_routerlist.c", I have the start of some work on dividing routerlist.c into more sensible pieces. I've chopped out routerset_t, killed a couple of functions, and moved most of the node manipulation pieces into nodelist.c

I'd still like to chop out more: the trusted_dir_server_t logic and the node-selection logic don't belong there any more. Nor does the authority certificate code. Nor does the hidden service directory stuff, nor does the hexdigest stuff.

In the longer term, I want routerlist.c to basically just not get invoked when you're not touching routerinfos.


#15426 Update ciphers.inc to match ciphers from current Firefox Core Tor/Tor Tor: 0.2.9.x-final enhancement Mar 21, 2015

Firefox changed ciphersuits since we last updated ciphers.inc. We need to re-run get_mozilla_ciphers.py on the most recent stable Firefox and openssl, to generate a new ciphers.inc.

We should fix get_mozilla_ciphers if it needs it; the code may have rotted a bit.


#449 dns failures prevent legitimate options being set Core Tor/Tor Tor: unspecified defect Jun 9, 2007

Outright hostname lookup failures for previously configured hidden services prevent other options being set while DNS is down.

For example, I configure a hidden service redirecting to google.com while DNS is working. DNS subsequently stops working, e.g. nameserver becomes completely unreachable. If I then attempt to set a config option using the controller, it will not get set as long as tor cannot resolve the hidden service name.

Rejection of hidden service configurations (and hence any subsequent or unrelated config change) made while tor is running needs to be more tolerant of lookup failures.

The following attempts to validate the hidden service config currently in use (and previously validated when DNS was working). If the validation fails, it must be because DNS is down, so the existing config is retained. If the user was attempting to add a new hidden service config, then it doesn't get added.

Index: src/or/config.c =================================================================== --- src/or/config.c (revision 10545) +++ src/or/config.c (working copy) @@ -963,10 +963,15 @@

}

}

  • if (running_tor && rend_config_services(options, 0)<0) {
  • log_warn(LD_BUG,
  • "Previously validated hidden services line could not be added!");
  • return -1;

+ if (running_tor && rend_config_services(options, 1)<0) { + log_warn(LD_CONFIG, + "Previously validated hidden services line no longer valid! Retaining existing hidden services config if there is one."); + }else{ + if (rend_config_services(options, 0)<0){ + log_warn(LD_BUG, + "Previously validated hidden services line could not be added!"); + return -1; + }

}

if (running_tor) {

@@ -2920,9 +2925,10 @@

}

}

+/*

if (rend_config_services(options, 1) < 0)

REJECT("Failed to configure rendezvous options. See logs for details.");

- +*/

if (parse_virtual_addr_network(options->VirtualAddrNetwork, 1, NULL)<0)

return -1;

[Automatically added by flyspray2trac: Operating System: All]


#4373 When we close a conn due to bad CERTS cell, we complain about stuff in our outbuf Core Tor/Tor Tor: unspecified defect Nov 1, 2011

While looking at bug #4371, here's what my client said:

Nov 01 04:30:45.000 [warn] Certificate not yet valid: is your system clock set incorrectly?
Nov 01 04:30:45.000 [warn] (certificate lifetime runs from Nov  1 12:15:08 2011 GMT through Oct 31 12:15:08 2012 GMT. Your time is Nov 01 08:30:45 2011 GMT.)
Nov 01 04:30:45.000 [notice] We stalled too much while trying to write 512 bytes to address "120.50.40.184".  If this happens a lot, either something is wrong with your network connection, or something is wrong with theirs. (fd 14, type OR, state 7, marked at command.c:995).

Looks like we had already written our netinfo cell to the outbuf, but hadn't flushed it. Since I'm a client and this was an OR connection, it gets to be severity notice. Fun.

For the client side, I think this bug might be resolved by the proposed fix to #4361.

But my directory authority experiences something similar: Nov 01 06:04:10.000 [info] conn_close_if_marked(): Conn (addr "120.50.40.184", fd 1609, type OR, state 7) marked, but wants to flush 916 bytes. (Marked at command.c:995) Nov 01 06:04:10.000 [info] conn_close_if_marked(): We stalled too much while trying to write 916 bytes to address "120.50.40.184". If this happens a lot, either something is wrong with your network connection, or something is wrong with theirs. (fd 1609, type OR, state 7, marked at command.c:995). I wonder what's sitting in its outbuf.


#7869 ntor-onion-key is padded with an equal sign Core Tor/Tor Tor: unspecified defect Jan 5, 2013

Replying to sonu:

ntor-onion-key Od2Sj3UXFyDjwESLXk6fhatqW9z/oBL/vAKJ+tbDqUU=

The unnecessary “=” at the end of that string needs to go away now, or every Tor client will have to download a thousand or so of them every week forever.


#14987 Settle on a name for descriptors Core Tor/Tor Tor: 0.2.??? defect Feb 22, 2015

As discussed on #14784 we call self-published descriptors quite a few things...

  • 'GETINFO desc/*' and Stem call the main self-published descriptors server descriptors. Metrics also uses a "server-descriptor 1.0" annotation for them.
  • The dir-spec calls them router descriptors... usually. It opts for 'server descriptor' in section 6.2.
  • CollecTor calls them relay descriptors.

Having three different names is confusing for new contributors and... well, us too. We should standardize on a name.

This primarily straddles Tor's spec, Stem, and CollecTor. Personally I'd like for us to standardize on server descriptors because it's codified in the Metrics annotation and classes Stem vends.

Karsten, Nick: any objections? If not then I'm happy to provide a spec patch and file a CollecTor ticket for this.


1 2
Note: See TracReports for help on using and creating reports.