[tor-commits] [chutney/master] Add more minimal HS, Single Onion and Exit networks
commit 3f39ce19111a11aa5620467936c2c7cd37f769da Author: teorDate: Wed Jan 31 16:04:14 2018 +1100 Add more minimal HS, Single Onion and Exit networks (Maybe we should come up with a way of combining networks?) --- networks/hs-single-onion-v23-exit-min | 19 +++ networks/hs-v23-exit-min | 15 +++ 2 files changed, 34 insertions(+) diff --git a/networks/hs-single-onion-v23-exit-min b/networks/hs-single-onion-v23-exit-min new file mode 100644 index 000..5f2d6f5 --- /dev/null +++ b/networks/hs-single-onion-v23-exit-min @@ -0,0 +1,19 @@ +# By default, Authorities are not configured as exits +Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl") +ExitRelay = Node(tag="r", relay=1, exit=1, torrc="relay.tmpl") +Client = Node(tag="c", client=1, torrc="client.tmpl") +HSv2 = Node(tag="h", hs=1, torrc="hs.tmpl") +HSv3 = Node(tag="h", hs=1, torrc="hs-v3.tmpl") +SingleOnionv2 = Node(tag="h", hs=1, torrc="single-onion.tmpl") +SingleOnionv3 = Node(tag="h", hs=1, torrc="single-onion-v3.tmpl") + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority.getN(2) + ExitRelay.getN(3) + \ +Client.getN(1) + \ +HSv2.getN(1) + HSv3.getN(1) + \ +SingleOnionv2.getN(1) + SingleOnionv3.getN(1) + +ConfigureNodes(NODES) diff --git a/networks/hs-v23-exit-min b/networks/hs-v23-exit-min new file mode 100644 index 000..ec7d9ac --- /dev/null +++ b/networks/hs-v23-exit-min @@ -0,0 +1,15 @@ +# By default, Authorities are not configured as exits +Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl") +ExitRelay = Node(tag="r", relay=1, exit=1, torrc="relay.tmpl") +Client = Node(tag="c", client=1, torrc="client.tmpl") +HSv2 = Node(tag="h", hs=1, torrc="hs.tmpl") +HSv3 = Node(tag="h", hs=1, torrc="hs-v3.tmpl") + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority.getN(2) + ExitRelay.getN(3) + \ +Client.getN(1) + HSv2.getN(1) + HSv3.getN(1) + +ConfigureNodes(NODES) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup_completed] Update translations for tails-persistence-setup_completed
commit f8343417d9884711d34b25cc01736f5e0c7d39ed Author: Translation commit botDate: Wed Jan 31 02:46:16 2018 + Update translations for tails-persistence-setup_completed --- el/el.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/el.po b/el/el.po index 4c52720dc..54ced6df3 100644 --- a/el/el.po +++ b/el/el.po @@ -17,7 +17,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2017-05-15 13:51+0200\n" -"PO-Revision-Date: 2018-01-31 02:02+\n" +"PO-Revision-Date: 2018-01-31 02:36+\n" "Last-Translator: Leonidas P.\n" "Language-Team: Greek (http://www.transifex.com/otf/torproject/language/el/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup
commit ed0031d80ec39d16b31a197c7f7468e2c81b7948 Author: Translation commit botDate: Wed Jan 31 02:46:09 2018 + Update translations for tails-persistence-setup --- el/el.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/el.po b/el/el.po index 4c52720dc..54ced6df3 100644 --- a/el/el.po +++ b/el/el.po @@ -17,7 +17,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2017-05-15 13:51+0200\n" -"PO-Revision-Date: 2018-01-31 02:02+\n" +"PO-Revision-Date: 2018-01-31 02:36+\n" "Last-Translator: Leonidas P.\n" "Language-Team: Greek (http://www.transifex.com/otf/torproject/language/el/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Move Brad to past contributors section
commit 80d5234365a68e464a568a83d5025df745239390 Author: Damian JohnsonDate: Tue Jan 30 09:50:33 2018 -0800 Move Brad to past contributors section --- about/en/contributors.wml | 3 + about/en/corepeople.wml | 145 ++ images/people/bparker.png | Bin 21887 -> 0 bytes keys/bparker.txt | 63 4 files changed, 71 insertions(+), 140 deletions(-) diff --git a/about/en/contributors.wml b/about/en/contributors.wml index 08d7c0a7..ef73529f 100644 --- a/about/en/contributors.wml +++ b/about/en/contributors.wml @@ -174,6 +174,9 @@ all the users who contact the support desk. Chris PalmerOur liaison and tech guy with EFF while EFF was funding us. Also helped advocate and write end-user docs. +Brad ParkerPrior chief financial grants officer at the Tor +Project. + Martin PeckWorked on a VM-based transparent proxying approach for Tor clients on Windows. diff --git a/about/en/corepeople.wml b/about/en/corepeople.wml index 0e1fd824..1e6c86a2 100644 --- a/about/en/corepeople.wml +++ b/about/en/corepeople.wml @@ -121,15 +121,6 @@ - - - - Brad Parker - IRC: bparker - Chief financial grants officer at the Tor Project. - - - https://db.torproject.org/fetchkey.cgi?fingerprint=F711FA29D61F88CE6879BAD0D91A345E56B01B25;> @@ -137,9 +128,7 @@ IRC: brade Developer on the Tor Browser team. - - @@ -149,7 +138,9 @@ IRC: komlo Chelsea is a software/security engineer and contributes to core tor. + + @@ -157,9 +148,7 @@ Cindy Cohn Tor Board member and https://www.eff.org/about/staff/cindy-cohn;>Executive Director of the EFF. Lawyer by training, https://blog.torproject.org/blog/tor-heart-notes-board-member;>my focus is on making sure Tor stays available and that Tor users stay safe. - - @@ -169,7 +158,9 @@ IRC: Phoul Support and translation coordinator, GSoC administrator, member of the community team and a director of https://www.coldhak.ca;>Coldhak. + + @@ -178,9 +169,7 @@ IRC: atagar Author of the https://stem.torproject.org/;>Stem python controller library and https://nyx.torproject.org/;>Nyx relay monitor. - - @@ -189,7 +178,9 @@ IRC: dgoulet Tor development team focusing on onion services and our torsocks maintainer. + + @@ -199,9 +190,7 @@ IRC: dawuud https://github.com/david415/;>Author of roflcoptor and honeybadger. Researches mixnets and contributes to txtorcon. - - @@ -211,7 +200,9 @@ IRC: DonnchaC Onion services developer, OnionBalance developer, hunter of bad relays. + + @@ -220,9 +211,7 @@ IRC: ewyatt Non-technical switchboard for people-related things: recruiting, onboarding, benefits, contracts, TPI policy questions, and baked goods. - - @@ -232,7 +221,9 @@ IRC: biella http://gabriellacoleman.org/;>Anthropologist and Wolfe Chair in Scientific and Technological Literacy at McGill University. + + @@ -240,9 +231,7 @@ IRC: gman999 Tor BSD Diversity Project member, long-time relay operator, trainer. - - @@ -251,7 +240,9 @@ IRC: GeKo Currently lead of the Tor Browser team. + + @@ -260,9 +251,7 @@ IRC: asn Onion services. Security analysis. Used to obfsproxy. Follower of the onion. - - @@ -272,7 +261,9 @@ IRC: saint Tamper-resistant software distribution, censorship detection, https://github.com/glamrock/cupcake;>Cupcake, and security training of activists and domestic violence survivors. + + @@ -282,9 +273,7 @@ IRC: irl https://metrics.torproject.org;>Metrics team member and maintainer of https://atlas.torproject.org/;>Atlas. - - @@ -292,7 +281,9 @@ Ian Goldberg https://cs.uwaterloo.ca/~iang/;>Professor of CS at the https://uwaterloo.ca/;>University of Waterloo, developing https://otr.cypherpunks.ca/;>Off-the-Record Messaging among other things. + + @@ -300,9 +291,7 @@ intrigeri Our main interface with the https://tails.boum.org/;>Tails project. - - @@ -312,7 +301,9 @@ IRC: isabela Coordinates Tor's development teams and roadmaps. Keeps track of priorities, and ensures Tor always thinks of the user first. + + @@ -322,9 +313,7 @@ IRC: isis Tor developer
[tor-commits] [translation/tails-openpgp-applet] Update translations for tails-openpgp-applet
commit df1129c8c9cc22ef8d57090dba41e36caaed99dc Author: Translation commit botDate: Wed Jan 31 02:18:49 2018 + Update translations for tails-openpgp-applet --- el/openpgp-applet.pot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/openpgp-applet.pot b/el/openpgp-applet.pot index e6e401620..1df9cce68 100644 --- a/el/openpgp-applet.pot +++ b/el/openpgp-applet.pot @@ -9,7 +9,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2018-01-25 15:53+\n" +"PO-Revision-Date: 2018-01-31 01:49+\n" "Last-Translator: metamec\n" "Language-Team: Greek (http://www.transifex.com/otf/torproject/language/el/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-openpgp-applet_completed] Update translations for tails-openpgp-applet_completed
commit 599e054d8df33ee68e627d7c9ff3ebd2a85f9f52 Author: Translation commit botDate: Wed Jan 31 02:18:55 2018 + Update translations for tails-openpgp-applet_completed --- el/openpgp-applet.pot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/openpgp-applet.pot b/el/openpgp-applet.pot index e6e401620..1df9cce68 100644 --- a/el/openpgp-applet.pot +++ b/el/openpgp-applet.pot @@ -9,7 +9,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2018-01-25 15:53+\n" +"PO-Revision-Date: 2018-01-31 01:49+\n" "Last-Translator: metamec\n" "Language-Team: Greek (http://www.transifex.com/otf/torproject/language/el/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit 2c4052b49ef368873941890a1ebf6864c8826f5f Author: Translation commit botDate: Wed Jan 31 02:17:09 2018 + Update translations for tails-misc --- el.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el.po b/el.po index acd357043..769e3d7e6 100644 --- a/el.po +++ b/el.po @@ -26,7 +26,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-09-13 20:10+0200\n" -"PO-Revision-Date: 2017-09-28 08:06+\n" +"PO-Revision-Date: 2018-01-31 01:57+\n" "Last-Translator: Elektra M. \n" "Language-Team: Greek (http://www.transifex.com/otf/torproject/language/el/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed
commit a039dbb5214d805d15448c90674d53956ba9fd40 Author: Translation commit botDate: Wed Jan 31 02:17:14 2018 + Update translations for tails-misc_completed --- el.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el.po b/el.po index acd357043..769e3d7e6 100644 --- a/el.po +++ b/el.po @@ -26,7 +26,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-09-13 20:10+0200\n" -"PO-Revision-Date: 2017-09-28 08:06+\n" +"PO-Revision-Date: 2018-01-31 01:57+\n" "Last-Translator: Elektra M. \n" "Language-Team: Greek (http://www.transifex.com/otf/torproject/language/el/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup_completed] Update translations for tails-persistence-setup_completed
commit 6296a16d1a0f10032c3a7a9c66e5c0ebad10955e Author: Translation commit botDate: Wed Jan 31 02:16:12 2018 + Update translations for tails-persistence-setup_completed --- el/el.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/el.po b/el/el.po index aa25edf02..4c52720dc 100644 --- a/el/el.po +++ b/el/el.po @@ -17,7 +17,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2017-05-15 13:51+0200\n" -"PO-Revision-Date: 2018-01-25 15:57+\n" +"PO-Revision-Date: 2018-01-31 02:02+\n" "Last-Translator: Leonidas P.\n" "Language-Team: Greek (http://www.transifex.com/otf/torproject/language/el/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup
commit 00e48097ee620850eded94b07e5da779a0da6c56 Author: Translation commit botDate: Wed Jan 31 02:16:03 2018 + Update translations for tails-persistence-setup --- el/el.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/el.po b/el/el.po index aa25edf02..4c52720dc 100644 --- a/el/el.po +++ b/el/el.po @@ -17,7 +17,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2017-05-15 13:51+0200\n" -"PO-Revision-Date: 2018-01-25 15:57+\n" +"PO-Revision-Date: 2018-01-31 02:02+\n" "Last-Translator: Leonidas P.\n" "Language-Team: Greek (http://www.transifex.com/otf/torproject/language/el/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbirdy] Update translations for torbirdy
commit 0ae8c816ddc16b4a6817964ba8dfd698f3a612c7 Author: Translation commit botDate: Tue Jan 30 23:46:21 2018 + Update translations for torbirdy --- el/torbirdy.dtd | 2 -- 1 file changed, 2 deletions(-) diff --git a/el/torbirdy.dtd b/el/torbirdy.dtd index a5e160464..767c973b7 100644 --- a/el/torbirdy.dtd +++ b/el/torbirdy.dtd @@ -40,8 +40,6 @@ - - ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] dos: Man page entry for DoS mitigation
commit a3714268f659998dc879ed723852440cd8be1b04 Author: David GouletDate: Fri Jan 26 09:00:17 2018 -0500 dos: Man page entry for DoS mitigation Signed-off-by: David Goulet --- doc/tor.1.txt | 90 +++ 1 file changed, 90 insertions(+) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 4c5d5359a..a2bbb8ab6 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -2441,6 +2441,96 @@ The following options are used to configure a hidden service. including setting SOCKSPort to "0". (Default: 0) +DENIAL OF SERVICE MITIGATION OPTIONS + + +The following options are useful only for a public relay. They control the +Denial of Service mitigation subsystem. + +[[DoSCircuitCreationEnabled]] **DoSCircuitCreationEnabled** **0**|**1**|**auto**:: + +Enable circuit creation DoS mitigation. If enabled, tor will cache client +IPs along with statistics in order to detect circuit DoS attacks. If an +address is positively identified, tor will activate defenses against the +address. See the DoSCircuitCreationDefenseType option for more details. +This is a client to relay detection only. "auto" means use the consensus +parameter. +(Default: auto) + +[[DoSCircuitCreationMinConnections]] **DoSCircuitCreationMinConnections** __NUM__:: + +Minimum threshold of concurrent connections before a client address can be +flagged as executing a circuit creation DoS. In other words, once a client +address reaches the circuit rate and has a minimum of NUM concurrent +connections, a detection is positive. "0" means use the consensus +parameter. +(Default: 0) + +[[DoSCircuitCreationRateTenths]] **DoSCircuitCreationRateTenths** __NUM__:: + +The allowed circuit creation rate in tenths of circuit per second applied +per client IP address. For example, if you want to set a rate of 5 +circuits per second allowed per IP address, this value should be set to +50. If this option is 0, it obeys a consensus parameter. (Default: 0) + +[[DoSCircuitCreationBurst]] **DoSCircuitCreationBurst** __NUM__:: + +The allowed circuit creation burst per client IP address. If the circuit +rate and the burst are reached, a client is marked as executing a circuit +creation DoS. "0" means use the consensus parameter. +(Default: 0) + +[[DoSCircuitCreationDefenseType]] **DoSCircuitCreationDefenseType** __NUM__:: + +This is the type of defense applied to a detected client address. The +possible values are: + + 1: No defense. + 2: Refuse circuit creation for the DoSCircuitCreationDefenseTimePeriod period of time. ++ +"0" means use the consensus parameter. +(Default: 0) + +[[DoSCircuitCreationDefenseTimePeriod]] **DoSCircuitCreationDefenseTimePeriod** __NUM__:: + +The base time period that the DoS defense is activated for. The actual +value is selected randomly for each activation from NUM+1 to 3/2 * NUM. +"0" means use the consensus parameter. +(Default: 0) + +[[DoSConnectionEnabled]] **DoSConnectionEnabled** **0**|**1**|**auto**:: + +Enable the connection DoS mitigation. For client address only, this allows +tor to mitigate against large number of concurrent connections made by a +single IP address. "auto" means use the consensus parameter. +(Default: auto) + +[[DoSConnectionMaxConcurrentCount]] **DoSConnectionMaxConcurrentCount** __NUM__:: + +The maximum threshold of concurrent connection from a client IP address. +Above this limit, a defense selected by DoSConnectionDefenseType is +applied. "0" means use the consensus parameter. +(Default: 0) + +[[DoSConnectionDefenseType]] **DoSConnectionDefenseType** __NUM__:: + +This is the type of defense applied to a detected client address for the +connection mitigation. The possible values are: + + 1: No defense. + 2: Immediately close new connections. ++ +"0" means use the consensus parameter. +(Default: 0) + +[[DoSRefuseSingleHopClientRendezvous]] **DoSRefuseSingleHopClientRendezvous** **0**|**1**|**auto**:: + +Refuse establishment of rendezvous points for single hop clients. In other +words, if a client directly connects to the relay and sends an +ESTABLISH_RENDEZVOUS cell, it is silently dropped. "auto" means use the +consensus parameter. +(Default: auto) + TESTING NETWORK OPTIONS --- ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'ticket24902_029_05' into ticket24902_033_02
commit cd81403cc0d73d53cb7f3650b38d49c54100af25 Merge: 03ab24b44 9aca7d473 Author: David GouletDate: Tue Jan 30 09:33:12 2018 -0500 Merge branch 'ticket24902_029_05' into ticket24902_033_02 changes/ticket24902| 13 + doc/tor.1.txt | 88 ++ src/common/log.c | 2 +- src/common/torlog.h| 4 +- src/or/channel.c | 9 +- src/or/channel.h | 3 +- src/or/command.c | 13 + src/or/config.c| 25 ++ src/or/connection.c| 16 ++ src/or/dos.c | 737 + src/or/dos.h | 140 ++ src/or/geoip.c | 63 +++-- src/or/geoip.h | 27 ++ src/or/include.am | 2 + src/or/main.c | 2 + src/or/networkstatus.c | 2 + src/or/or.h| 33 +++ src/or/rendmid.c | 12 + src/or/status.c| 2 + src/test/include.am| 1 + src/test/test.c| 1 + src/test/test.h| 1 + src/test/test_dos.c| 248 + 23 files changed, 1410 insertions(+), 34 deletions(-) diff --cc doc/tor.1.txt index ef3d1eb9e,58997cdf3..5ad818365 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@@ -2749,9 -2438,97 +2749,97 @@@ The following options are used to confi non-anonymous HiddenServiceSingleHopMode. Enables direct connections in the server-side hidden service protocol. If you are using this option, you need to disable all client-side services on your Tor instance, -including setting SOCKSPort to "0". -(Default: 0) +including setting SOCKSPort to "0". Can not be changed while tor is +running. (Default: 0) + DENIAL OF SERVICE MITIGATION OPTIONS + + + The following options are useful only for a public relay. They control the + Denial of Service mitigation subsystem. + + [[DoSCircuitCreationEnabled]] **DoSCircuitCreationEnabled** **0**|**1**|**auto**:: + + Enable circuit creation DoS mitigation. If enabled, tor will cache client + IPs along with statistics in order to detect circuit DoS attacks. If an + address is positively identified, tor will activate defenses against the + address. See the DoSCircuitCreationDefenseType option for more details. + This is a client to relay detection only. "auto" means use the consensus + parameter. + (Default: auto) + + [[DoSCircuitCreationMinConnections]] **DoSCircuitCreationMinConnections** __NUM__:: + + Minimum threshold of concurrent connections before a client address can be + flagged as executing a circuit creation DoS. In other words, once a client + address reaches the circuit rate and has a minimum of NUM concurrent + connections, a detection is positive. "0" means use the consensus + parameter. + (Default: 0) + + [[DoSCircuitCreationRate]] **DoSCircuitCreationRate** __NUM__:: + + The allowed circuit creation rate per second applied per client IP + address. If this option is 0, it obeys a consensus parameter. (Default: 0) + + [[DoSCircuitCreationBurst]] **DoSCircuitCreationBurst** __NUM__:: + + The allowed circuit creation burst per client IP address. If the circuit + rate and the burst are reached, a client is marked as executing a circuit + creation DoS. "0" means use the consensus parameter. + (Default: 0) + + [[DoSCircuitCreationDefenseType]] **DoSCircuitCreationDefenseType** __NUM__:: + + This is the type of defense applied to a detected client address. The + possible values are: + + 1: No defense. + 2: Refuse circuit creation for the DoSCircuitCreationDefenseTimePeriod period of time. + + + "0" means use the consensus parameter. + (Default: 0) + + [[DoSCircuitCreationDefenseTimePeriod]] **DoSCircuitCreationDefenseTimePeriod** __NUM__:: + + The base time period that the DoS defense is activated for. The actual + value is selected randomly for each activation from NUM+1 to 3/2 * NUM. + "0" means use the consensus parameter. + (Default: 0) + + [[DoSConnectionEnabled]] **DoSConnectionEnabled** **0**|**1**|**auto**:: + + Enable the connection DoS mitigation. For client address only, this allows + tor to mitigate against large number of concurrent connections made by a + single IP address. "auto" means use the consensus parameter. + (Default: auto) + + [[DoSConnectionMaxConcurrentCount]] **DoSConnectionMaxConcurrentCount** __NUM__:: + + The maximum threshold of concurrent connection from a client IP address. + Above this limit, a defense selected by DoSConnectionDefenseType is + applied. "0" means use the consensus parameter. + (Default: 0) + + [[DoSConnectionDefenseType]] **DoSConnectionDefenseType** __NUM__:: + + This is the type of defense applied to a detected client address for the + connection mitigation. The possible values are: + + 1: No defense. + 2: Immediately close new
[tor-commits] [tor/master] dos: Add changes file for ticket 24902
commit 9aca7d47306222f2870ec16a7291a8215d6c3316 Author: David GouletDate: Tue Jan 30 09:15:33 2018 -0500 dos: Add changes file for ticket 24902 Signed-off-by: David Goulet --- changes/ticket24902 | 13 + 1 file changed, 13 insertions(+) diff --git a/changes/ticket24902 b/changes/ticket24902 new file mode 100644 index 0..1a2ef95cc --- /dev/null +++ b/changes/ticket24902 @@ -0,0 +1,13 @@ + o Major features (denial of service mitigation): +- Give relays some defenses against the recent network overload. We start + with three defenses (default parameters in parentheses). First: if a + single client address makes too many concurrent connections (>100), hang + up on further connections. Second: if a single client address makes + circuits too quickly (more than 3 per second, with an allowed burst of + 90) while also having too many connections open (3), refuse new create + cells for the next while (1-2 hours). Third: if a client asks to + establish a rendezvous point to you directly, ignore the request. These + defenses can be manually controlled by new torrc options, but relays + will also take guidance from consensus parameters, so there's no need to + configure anything manually. Implements ticket 24902. + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] geoip: Add a lookup function for client map entry
commit 93b826faaa7cca351c68256ce60a7f7e6c5fda5b Author: David GouletDate: Thu Jan 25 15:44:48 2018 -0500 geoip: Add a lookup function for client map entry The upcoming DoS mitigation subsytem needs to keep information on a per-IP basis which is also what the geoip clientmap does. For another subsystem to access that clientmap, this commit adds a lookup function that returns the entry. For this, the clientmap_entry_t had to be moved to the header file. Signed-off-by: David Goulet --- src/or/geoip.c | 46 +- src/or/geoip.h | 22 ++ 2 files changed, 43 insertions(+), 25 deletions(-) diff --git a/src/or/geoip.c b/src/or/geoip.c index 00c055bbe..e2a1b1cee 100644 --- a/src/or/geoip.c +++ b/src/or/geoip.c @@ -472,24 +472,6 @@ geoip_db_digest(sa_family_t family) return hex_str(geoip6_digest, DIGEST_LEN); } -/** Entry in a map from IP address to the last time we've seen an incoming - * connection from that IP address. Used by bridges only, to track which - * countries have them blocked. */ -typedef struct clientmap_entry_t { - HT_ENTRY(clientmap_entry_t) node; - tor_addr_t addr; - /* Name of pluggable transport used by this client. NULL if no -pluggable transport was used. */ - char *transport_name; - - /** Time when we last saw this IP address, in MINUTES since the epoch. - * - * (This will run out of space around 4011 CE. If Tor is still in use around - * 4000 CE, please remember to add more bits to last_seen_in_minutes.) */ - unsigned int last_seen_in_minutes:30; - unsigned int action:2; -} clientmap_entry_t; - /** Largest allowable value for last_seen_in_minutes. (It's a 30-bit field, * so it can hold up to (1u<<30)-1, or 0x3fffu. */ @@ -564,8 +546,7 @@ geoip_note_client_seen(geoip_client_action_t action, time_t now) { const or_options_t *options = get_options(); - clientmap_entry_t lookup, *ent; - memset(, 0, sizeof(clientmap_entry_t)); + clientmap_entry_t *ent; if (action == GEOIP_CLIENT_CONNECT) { /* Only remember statistics as entry guard or as bridge. */ @@ -583,11 +564,7 @@ geoip_note_client_seen(geoip_client_action_t action, safe_str_client(fmt_addr((addr))), transport_name ? transport_name : ""); - tor_addr_copy(, addr); - lookup.action = (int)action; - lookup.transport_name = (char*) transport_name; - ent = HT_FIND(clientmap, _history, ); - + ent = geoip_lookup_client(addr, transport_name, action); if (! ent) { ent = tor_malloc_zero(sizeof(clientmap_entry_t)); tor_addr_copy(>addr, addr); @@ -635,6 +612,25 @@ geoip_remove_old_clients(time_t cutoff) ); } +/* Return a client entry object matching the given address, transport name and + * geoip action from the clientmap. NULL if not found. The transport_name can + * be NULL. */ +clientmap_entry_t * +geoip_lookup_client(const tor_addr_t *addr, const char *transport_name, +geoip_client_action_t action) +{ + clientmap_entry_t lookup; + + tor_assert(addr); + + /* We always look for a client connection with no transport. */ + tor_addr_copy(, addr); + lookup.action = action; + lookup.transport_name = (char *) transport_name; + + return HT_FIND(clientmap, _history, ); +} + /** How many responses are we giving to clients requesting v3 network * statuses? */ static uint32_t ns_v3_responses[GEOIP_NS_RESPONSE_NUM]; diff --git a/src/or/geoip.h b/src/or/geoip.h index 070296dd0..b80efceb3 100644 --- a/src/or/geoip.h +++ b/src/or/geoip.h @@ -20,6 +20,25 @@ STATIC int geoip_get_country_by_ipv4(uint32_t ipaddr); STATIC int geoip_get_country_by_ipv6(const struct in6_addr *addr); STATIC void clear_geoip_db(void); #endif + +/** Entry in a map from IP address to the last time we've seen an incoming + * connection from that IP address. Used by bridges only to track which + * countries have them blocked, or the DoS mitigation subsystem if enabled. */ +typedef struct clientmap_entry_t { + HT_ENTRY(clientmap_entry_t) node; + tor_addr_t addr; + /* Name of pluggable transport used by this client. NULL if no + pluggable transport was used. */ + char *transport_name; + + /** Time when we last saw this IP address, in MINUTES since the epoch. + * + * (This will run out of space around 4011 CE. If Tor is still in use around + * 4000 CE, please remember to add more bits to last_seen_in_minutes.) */ + unsigned int last_seen_in_minutes:30; + unsigned int action:2; +} clientmap_entry_t; + int should_record_bridge_info(const or_options_t *options); int geoip_load_file(sa_family_t family, const char *filename); MOCK_DECL(int, geoip_get_country_by_addr, (const tor_addr_t *addr)); @@ -33,6 +52,9 @@ void geoip_note_client_seen(geoip_client_action_t action, const tor_addr_t *addr, const char
[tor-commits] [tor/master] dos: Detect circuit creation denial of service
commit 97abb3543b858afd27ed857903814175c1dfbf12 Author: David GouletDate: Thu Jan 25 16:14:40 2018 -0500 dos: Detect circuit creation denial of service Add a function that notifies the DoS subsystem that a new CREATE cell has arrived. The statistics are updated accordingly and the IP address can also be marked as malicious if it is above threshold. At this commit, no defense is applied, just detection with a circuit creation token bucket system. Signed-off-by: David Goulet --- src/or/command.c | 6 ++ src/or/dos.c | 179 +++ src/or/dos.h | 6 ++ 3 files changed, 191 insertions(+) diff --git a/src/or/command.c b/src/or/command.c index 5866c386e..d2df55a4b 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -46,6 +46,7 @@ #include "config.h" #include "control.h" #include "cpuworker.h" +#include "dos.h" #include "hibernate.h" #include "nodelist.h" #include "onion.h" @@ -247,6 +248,11 @@ command_process_create_cell(cell_t *cell, channel_t *chan) (unsigned)cell->circ_id, U64_PRINTF_ARG(chan->global_identifier), chan); + /* First thing we do, even though the cell might be invalid, is inform the + * DoS mitigation subsystem layer of this event. Validation is done by this + * function. */ + dos_cc_new_create_cell(chan); + /* We check for the conditions that would make us drop the cell before * we check for the conditions that would make us send a DESTROY back, * since those conditions would make a DESTROY nonsensical. */ diff --git a/src/or/dos.c b/src/or/dos.c index d1a2c6a28..b83ea6029 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -35,6 +35,9 @@ static uint32_t dos_cc_circuit_burst; static dos_cc_defense_type_t dos_cc_defense_type; static int32_t dos_cc_defense_time_period; +/* Keep some stats for the heartbeat so we can report out. */ +static uint32_t cc_num_marked_addrs; + /* * Concurrent connection denial of service mitigation. * @@ -209,6 +212,117 @@ cc_consensus_has_changed(const networkstatus_t *ns) } } +/** Return the number of circuits we allow per second under the current + * configuration. */ +STATIC uint32_t +get_circuit_rate_per_second(void) +{ + int64_t circ_rate; + + /* We take the burst divided by the rate which is in tenths of a second so + * convert to get a circuit rate per second. */ + circ_rate = dos_cc_circuit_rate_tenths / 10; + if (circ_rate < 0) { +/* Safety check, never allow it to go below 0 else the bucket will always + * be empty resulting in every address to be detected. */ +circ_rate = 1; + } + + /* Clamp it down to a 32 bit value because a rate of 2^32 circuits per + * second is just too much in any circumstances. */ + if (circ_rate > UINT32_MAX) { +circ_rate = UINT32_MAX; + } + return (uint32_t) circ_rate; +} + +/* Given the circuit creation client statistics object, refill the circuit + * bucket if needed. This also works if the bucket was never filled in the + * first place. The addr is only used for logging purposes. */ +STATIC void +cc_stats_refill_bucket(cc_client_stats_t *stats, const tor_addr_t *addr) +{ + uint32_t new_circuit_bucket_count, circuit_rate = 0, num_token; + time_t now, elapsed_time_last_refill; + + tor_assert(stats); + tor_assert(addr); + + now = approx_time(); + + /* We've never filled the bucket so fill it with the maximum being the burst + * and we are done. */ + if (stats->last_circ_bucket_refill_ts == 0) { +num_token = dos_cc_circuit_burst; +goto end; + } + + /* At this point, we know we might need to add token to the bucket. We'll + * first compute the circuit rate that is how many circuit are we allowed to + * do per second. */ + circuit_rate = get_circuit_rate_per_second(); + + /* How many seconds have elapsed between now and the last refill? */ + elapsed_time_last_refill = now - stats->last_circ_bucket_refill_ts; + + /* If the elapsed time is below 0 it means our clock jumped backward so in + * that case, lets be safe and fill it up to the maximum. Not filling it + * could trigger a detection for a valid client. Also, if the clock jumped + * negative but we didn't notice until the elapsed time became positive + * again, then we potentially spent many seconds not refilling the bucket + * when we should have been refilling it. But the fact that we didn't notice + * until now means that no circuit creation requests came in during that + * time, so the client doesn't end up punished that much from this hopefully + * rare situation.*/ + if (elapsed_time_last_refill < 0) { +/* Dividing the burst by the circuit rate gives us the time span that will + * give us the maximum allowed value of token. */ +elapsed_time_last_refill = (dos_cc_circuit_burst / circuit_rate); + } + + /* Compute how many circuits we are allowed in that time frame
[tor-commits] [tor/master] dos: Add the connection DoS mitigation subsystem
commit acf7ea77d8d76830924a14145afbcf3c95a06b0e Author: David GouletDate: Thu Jan 25 16:28:54 2018 -0500 dos: Add the connection DoS mitigation subsystem Defend against an address that has reached the concurrent connection count threshold. Signed-off-by: David Goulet --- src/or/connection.c | 8 src/or/dos.c| 34 ++ src/or/dos.h| 2 ++ 3 files changed, 44 insertions(+) diff --git a/src/or/connection.c b/src/or/connection.c index 15f489c6b..791fd95c2 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1600,6 +1600,14 @@ connection_handle_listener_read(connection_t *conn, int new_type) return 0; } } +if (new_type == CONN_TYPE_OR) { + /* Assess with the connection DoS mitigation subsystem if this address + * can open a new connection. */ + if (dos_conn_addr_get_defense_type() == DOS_CONN_DEFENSE_CLOSE) { +tor_close_socket(news); +return 0; + } +} newconn = connection_new(new_type, conn->socket_family); newconn->s = news; diff --git a/src/or/dos.c b/src/or/dos.c index 8c00a2f31..7e3a2ab7f 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -53,6 +53,9 @@ static unsigned int dos_conn_enabled = 0; static uint32_t dos_conn_max_concurrent_count; static dos_conn_defense_type_t dos_conn_defense_type; +/* Keep some stats for the heartbeat so we can report out. */ +static uint64_t conn_num_addr_rejected; + /* * General interface of the denial of service mitigation subsystem. */ @@ -488,6 +491,37 @@ dos_cc_get_defense_type(channel_t *chan) /* Concurrent connection detection public API. */ +/* Return true iff the given address is permitted to open another connection. + * A defense value is returned for the caller to take appropriate actions. */ +dos_conn_defense_type_t +dos_conn_addr_get_defense_type(const tor_addr_t *addr) +{ + clientmap_entry_t *entry; + + tor_assert(addr); + + /* Skip everything if not enabled. */ + if (!dos_conn_enabled) { +goto end; + } + + /* We are only interested in client connection from the geoip cache. */ + entry = geoip_lookup_client(addr, NULL, GEOIP_CLIENT_CONNECT); + if (entry == NULL) { +goto end; + } + + /* Need to be above the maximum concurrent connection count to trigger a + * defense. */ + if (entry->dos_stats.concurrent_count > dos_conn_max_concurrent_count) { +conn_num_addr_rejected++; +return dos_conn_defense_type; + } + + end: + return DOS_CONN_DEFENSE_NONE; +} + /* General API */ /* Called when a new client connection has been established on the given diff --git a/src/or/dos.h b/src/or/dos.h index fa86295cf..cc7749836 100644 --- a/src/or/dos.h +++ b/src/or/dos.h @@ -107,6 +107,8 @@ typedef enum dos_conn_defense_type_t { DOS_CONN_DEFENSE_MAX = 2, } dos_conn_defense_type_t; +dos_conn_defense_type_t dos_conn_addr_get_defense_type(const tor_addr_t *addr); + #ifdef DOS_PRIVATE STATIC uint32_t get_param_conn_max_concurrent_count( ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] dos: Track new and closed OR client connections
commit c05272783d0164363023ddd4b3ee93c2e12c8911 Author: David GouletDate: Thu Jan 25 16:05:59 2018 -0500 dos: Track new and closed OR client connections Implement a basic connection tracking that counts the number of concurrent connections when they open and close. This commit also adds the circuit creation mitigation data structure that will be needed at later commit to keep track of the circuit rate. Signed-off-by: David Goulet --- src/or/channel.c| 5 src/or/connection.c | 8 ++ src/or/dos.c| 75 + src/or/dos.h| 3 +++ src/or/geoip.h | 5 src/or/or.h | 4 +++ 6 files changed, 100 insertions(+) diff --git a/src/or/channel.c b/src/or/channel.c index f547aea1b..fdd3f81e8 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -2583,6 +2583,7 @@ channel_do_open_actions(channel_t *chan) if (!router_get_by_id_digest(chan->identity_digest)) { if (channel_get_addr_if_possible(chan, _addr)) { char *transport_name = NULL; +channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); if (chan->get_transport_name(chan, _name) < 0) transport_name = NULL; @@ -2590,6 +2591,10 @@ channel_do_open_actions(channel_t *chan) _addr, transport_name, now); tor_free(transport_name); +/* Notify the DoS subsystem of a new client. */ +if (tlschan && tlschan->conn) { + dos_new_client_conn(tlschan->conn); +} } /* Otherwise the underlying transport can't tell us this, so skip it */ } diff --git a/src/or/connection.c b/src/or/connection.c index 8b00d637f..15f489c6b 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -78,6 +78,7 @@ #include "dirserv.h" #include "dns.h" #include "dnsserv.h" +#include "dos.h" #include "entrynodes.h" #include "ext_orport.h" #include "geoip.h" @@ -687,6 +688,13 @@ connection_free,(connection_t *conn)) "connection_free"); } #endif + + /* Notify the circuit creation DoS mitigation subsystem that an OR client + * connection has been closed. And only do that if we track it. */ + if (conn->type == CONN_TYPE_OR) { +dos_close_client_conn(TO_OR_CONN(conn)); + } + connection_unregister_events(conn); connection_free_(conn); } diff --git a/src/or/dos.c b/src/or/dos.c index 4b5983d16..d1a2c6a28 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -246,6 +246,81 @@ dos_is_enabled(void) /* General API */ +/* Called when a new client connection has been established on the given + * address. */ +void +dos_new_client_conn(or_connection_t *or_conn) +{ + clientmap_entry_t *entry; + + tor_assert(or_conn); + + /* Past that point, we know we have at least one DoS detection subsystem + * enabled so we'll start allocating stuff. */ + if (!dos_is_enabled()) { +goto end; + } + + /* We are only interested in client connection from the geoip cache. */ + entry = geoip_lookup_client(_conn->real_addr, NULL, + GEOIP_CLIENT_CONNECT); + if (BUG(entry == NULL)) { +/* Should never happen because we note down the address in the geoip + * cache before this is called. */ +goto end; + } + + entry->dos_stats.concurrent_count++; + or_conn->tracked_for_dos_mitigation = 1; + log_debug(LD_DOS, "Client address %s has now %u concurrent connections.", +fmt_addr(_conn->real_addr), +entry->dos_stats.concurrent_count); + + end: + return; +} + +/* Called when a client connection for the given IP address has been closed. */ +void +dos_close_client_conn(const or_connection_t *or_conn) +{ + clientmap_entry_t *entry; + + tor_assert(or_conn); + + /* We have to decrement the count on tracked connection only even if the + * subsystem has been disabled at runtime because it might be re-enabled + * after and we need to keep a synchronized counter at all time. */ + if (!or_conn->tracked_for_dos_mitigation) { +goto end; + } + + /* We are only interested in client connection from the geoip cache. */ + entry = geoip_lookup_client(_conn->real_addr, NULL, + GEOIP_CLIENT_CONNECT); + if (entry == NULL) { +/* This can happen because we can close a connection before the channel + * got to be noted down in the geoip cache. */ +goto end; + } + + /* Extra super duper safety. Going below 0 means an underflow which could + * lead to most likely a false positive. In theory, this should never happen + * but lets be extra safe. */ + if (BUG(entry->dos_stats.concurrent_count == 0)) { +goto end; + } + + entry->dos_stats.concurrent_count--; + log_debug(LD_DOS, "Client address %s has lost a connection. Concurrent " +"connections are now at %u", +
[tor-commits] [tor/master] dos: Add a heartbeat log
commit 14a8b87852887f8c20a424ff32a2b6746105dd6c Author: David GouletDate: Thu Jan 25 16:36:05 2018 -0500 dos: Add a heartbeat log Signed-off-by: David Goulet --- src/or/dos.c| 45 + src/or/dos.h| 1 + src/or/status.c | 2 ++ 3 files changed, 48 insertions(+) diff --git a/src/or/dos.c b/src/or/dos.c index d98d3db16..40e88aead 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -555,6 +555,51 @@ dos_should_refuse_single_hop_client(void) 0 /* default */, 0, 1); } +/* Log a heartbeat message with some statistics. */ +void +dos_log_heartbeat(void) +{ + char *conn_msg = NULL; + char *cc_msg = NULL; + char *single_hop_client_msg = NULL; + + if (!dos_is_enabled()) { +goto end; + } + + if (dos_cc_enabled) { +tor_asprintf(_msg, + " %" PRIu64 " circuits rejected," + " %" PRIu32 " marked addresses.", + cc_num_rejected_cells, cc_num_marked_addrs); + } + + if (dos_conn_enabled) { +tor_asprintf(_msg, + " %" PRIu64 " connections closed.", + conn_num_addr_rejected); + } + + if (dos_should_refuse_single_hop_client()) { +tor_asprintf(_hop_client_msg, + " %" PRIu64 " single hop clients refused.", + num_single_hop_client_refused); + } + + log_notice(LD_HEARTBEAT, + "DoS mitigation since startup:%s%s%s", + (cc_msg != NULL) ? cc_msg : " [cc not enabled]", + (conn_msg != NULL) ? conn_msg : " [conn not enabled]", + (single_hop_client_msg != NULL) ? single_hop_client_msg : ""); + + tor_free(conn_msg); + tor_free(cc_msg); + tor_free(single_hop_client_msg); + + end: + return; +} + /* Called when a new client connection has been established on the given * address. */ void diff --git a/src/or/dos.h b/src/or/dos.h index ec4c033ae..56835169d 100644 --- a/src/or/dos.h +++ b/src/or/dos.h @@ -47,6 +47,7 @@ void dos_init(void); void dos_free_all(void); void dos_consensus_has_changed(const networkstatus_t *ns); int dos_enabled(void); +void dos_log_heartbeat(void); void dos_new_client_conn(or_connection_t *or_conn); void dos_close_client_conn(const or_connection_t *or_conn); diff --git a/src/or/status.c b/src/or/status.c index fce6a1015..fa2238b9f 100644 --- a/src/or/status.c +++ b/src/or/status.c @@ -27,6 +27,7 @@ #include "hibernate.h" #include "rephist.h" #include "statefile.h" +#include "dos.h" static void log_accounting(const time_t now, const or_options_t *options); #include "geoip.h" @@ -145,6 +146,7 @@ log_heartbeat(time_t now) if (public_server_mode(options)) { rep_hist_log_circuit_handshake_stats(now); rep_hist_log_link_protocol_counts(); +dos_log_heartbeat(); } circuit_log_ancient_one_hop_circuits(1800); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] remove a redundant semicolon
commit d2ae1bfcb314965fd1ff1353308da0e92a00c958 Author: Nick MathewsonDate: Tue Jan 30 18:11:16 2018 -0500 remove a redundant semicolon --- src/test/test_dos.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test_dos.c b/src/test/test_dos.c index 5a8474ad8..d7d871ab6 100644 --- a/src/test/test_dos.c +++ b/src/test/test_dos.c @@ -78,7 +78,7 @@ static int mock_channel_get_addr_if_possible(channel_t *chan, tor_addr_t *addr_out) { (void)chan; - tt_int_op(AF_INET,OP_EQ, tor_addr_parse(addr_out, "18.0.0.1"));; + tt_int_op(AF_INET,OP_EQ, tor_addr_parse(addr_out, "18.0.0.1")); return 1; done: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] test: Add unit tests for the DoS subsystem
commit c3c2b55decc80028728780422fe2766ec6517246 Author: George KadianakisDate: Thu Jan 25 16:38:59 2018 -0500 test: Add unit tests for the DoS subsystem Signed-off-by: David Goulet --- src/or/channel.c| 4 +- src/or/channel.h| 3 +- src/test/include.am | 1 + src/test/test.c | 1 + src/test/test.h | 1 + src/test/test_dos.c | 248 6 files changed, 255 insertions(+), 3 deletions(-) diff --git a/src/or/channel.c b/src/or/channel.c index fdd3f81e8..54e10666d 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -3845,8 +3845,8 @@ channel_get_canonical_remote_descr(channel_t *chan) * supports this operation, and return 1. Return 0 if the underlying transport * doesn't let us do this. */ -int -channel_get_addr_if_possible(channel_t *chan, tor_addr_t *addr_out) +MOCK_IMPL(int, +channel_get_addr_if_possible,(channel_t *chan, tor_addr_t *addr_out)) { tor_assert(chan); tor_assert(addr_out); diff --git a/src/or/channel.h b/src/or/channel.h index a711b56d4..bcd345e8d 100644 --- a/src/or/channel.h +++ b/src/or/channel.h @@ -550,7 +550,8 @@ MOCK_DECL(void, channel_dump_statistics, (channel_t *chan, int severity)); void channel_dump_transport_statistics(channel_t *chan, int severity); const char * channel_get_actual_remote_descr(channel_t *chan); const char * channel_get_actual_remote_address(channel_t *chan); -int channel_get_addr_if_possible(channel_t *chan, tor_addr_t *addr_out); +MOCK_DECL(int, channel_get_addr_if_possible, (channel_t *chan, + tor_addr_t *addr_out)); const char * channel_get_canonical_remote_descr(channel_t *chan); int channel_has_queued_writes(channel_t *chan); int channel_is_bad_for_new_circs(channel_t *chan); diff --git a/src/test/include.am b/src/test/include.am index 8ecfaf10c..91b0a5910 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -87,6 +87,7 @@ src_test_test_SOURCES = \ src/test/test_controller.c \ src/test/test_controller_events.c \ src/test/test_crypto.c \ + src/test/test_dos.c \ src/test/test_data.c \ src/test/test_dir.c \ src/test/test_dir_common.c \ diff --git a/src/test/test.c b/src/test/test.c index 9a41b976b..f66dee2d0 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1197,6 +1197,7 @@ struct testgroup_t testgroups[] = { { "control/", controller_tests }, { "control/event/", controller_event_tests }, { "crypto/", crypto_tests }, + { "dos/", dos_tests }, { "dir/", dir_tests }, { "dir_handle_get/", dir_handle_get_tests }, { "dir/md/", microdesc_tests }, diff --git a/src/test/test.h b/src/test/test.h index 25336ac83..41df6b134 100644 --- a/src/test/test.h +++ b/src/test/test.h @@ -190,6 +190,7 @@ extern struct testcase_t container_tests[]; extern struct testcase_t controller_tests[]; extern struct testcase_t controller_event_tests[]; extern struct testcase_t crypto_tests[]; +extern struct testcase_t dos_tests[]; extern struct testcase_t dir_tests[]; extern struct testcase_t dir_handle_get_tests[]; extern struct testcase_t entryconn_tests[]; diff --git a/src/test/test_dos.c b/src/test/test_dos.c new file mode 100644 index 0..5a8474ad8 --- /dev/null +++ b/src/test/test_dos.c @@ -0,0 +1,248 @@ +/* Copyright (c) 2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#define DOS_PRIVATE +#define TOR_CHANNEL_INTERNAL_ +#define CIRCUITLIST_PRIVATE + +#include "or.h" +#include "dos.h" +#include "circuitlist.h" +#include "geoip.h" +#include "channel.h" +#include "test.h" +#include "log_test_helpers.h" + +static unsigned int +mock_enable_dos_protection(const networkstatus_t *ns) +{ + (void) ns; + return 1; +} + +/** Test that the connection tracker of the DoS subsystem will block clients + * who try to establish too many connections */ +static void +test_dos_conn_creation(void *arg) +{ + (void) arg; + + MOCK(get_param_cc_enabled, mock_enable_dos_protection); + MOCK(get_param_conn_enabled, mock_enable_dos_protection); + + /* Initialize test data */ + or_connection_t or_conn; + time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */ + tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_conn.real_addr, + "18.0.0.1")); + tor_addr_t *addr = _conn.real_addr; + + /* Get DoS subsystem limits */ + dos_init(); + uint32_t max_concurrent_conns = get_param_conn_max_concurrent_count(NULL); + + /* Introduce new client */ + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now); + { /* Register many conns from this client but not enough to get it blocked */ +unsigned int i; +for (i = 0; i < max_concurrent_conns; i++) { + dos_new_client_conn(_conn); +} + } + + /* Check that new conns are still permitted */ + tt_int_op(DOS_CONN_DEFENSE_NONE, OP_EQ, +dos_conn_addr_get_defense_type(addr)); + +
[tor-commits] [tor/master] dos: Apply defense for circuit creation DoS
commit 1bfc91a029839f36e04c8204d1bccaa04a5c2afd Author: David GouletDate: Thu Jan 25 16:20:52 2018 -0500 dos: Apply defense for circuit creation DoS If the client address was detected as malicious, apply a defense which is at this commit to return a DESTROY cell. Signed-off-by: David Goulet --- src/or/command.c | 7 ++ src/or/dos.c | 65 src/or/dos.h | 1 + 3 files changed, 73 insertions(+) diff --git a/src/or/command.c b/src/or/command.c index d2df55a4b..0d2808e23 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -290,6 +290,13 @@ command_process_create_cell(cell_t *cell, channel_t *chan) return; } + /* Check if we should apply a defense for this channel. */ + if (dos_cc_get_defense_type(chan) == DOS_CC_DEFENSE_REFUSE_CELL) { +channel_send_destroy(cell->circ_id, chan, + END_CIRC_REASON_RESOURCELIMIT); +return; + } + if (!server_mode(options) || (!public_server_mode(options) && channel_is_outgoing(chan))) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, diff --git a/src/or/dos.c b/src/or/dos.c index b83ea6029..8c00a2f31 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -36,6 +36,7 @@ static dos_cc_defense_type_t dos_cc_defense_type; static int32_t dos_cc_defense_time_period; /* Keep some stats for the heartbeat so we can report out. */ +static uint64_t cc_num_rejected_cells; static uint32_t cc_num_marked_addrs; /* @@ -323,6 +324,44 @@ cc_mark_client(cc_client_stats_t *stats) crypto_rand_int_range(1, dos_cc_defense_time_period / 2); } +/* Return true iff the given channel address is marked as malicious. This is + * called a lot and part of the fast path of handling cells. It has to remain + * as fast as we can. */ +static int +cc_channel_addr_is_marked(channel_t *chan) +{ + time_t now; + tor_addr_t addr; + clientmap_entry_t *entry; + cc_client_stats_t *stats = NULL; + + if (chan == NULL) { +goto end; + } + /* Must be a client connection else we ignore. */ + if (!channel_is_client(chan)) { +goto end; + } + /* Without an IP address, nothing can work. */ + if (!channel_get_addr_if_possible(chan, )) { +goto end; + } + + /* We are only interested in client connection from the geoip cache. */ + entry = geoip_lookup_client(, NULL, GEOIP_CLIENT_CONNECT); + if (entry == NULL) { +/* We can have a connection creating circuits but not tracked by the geoip + * cache. Once this DoS subsystem is enabled, we can end up here with no + * entry for the channel. */ +goto end; + } + now = approx_time(); + stats = >dos_stats.cc_stats; + + end: + return stats && stats->marked_until_ts >= now; +} + /* Concurrent connection private API. */ /* Free everything for the connection DoS mitigation subsystem. */ @@ -421,6 +460,32 @@ dos_cc_new_create_cell(channel_t *chan) return; } +/* Return the defense type that should be used for this circuit. + * + * This is part of the fast path and called a lot. */ +dos_cc_defense_type_t +dos_cc_get_defense_type(channel_t *chan) +{ + tor_assert(chan); + + /* Skip everything if not enabled. */ + if (!dos_cc_enabled) { +goto end; + } + + /* On an OR circuit, we'll check if the previous channel is a marked client + * connection detected by our DoS circuit creation mitigation subsystem. */ + if (cc_channel_addr_is_marked(chan)) { +/* We've just assess that this circuit should trigger a defense for the + * cell it just seen. Note it down. */ +cc_num_rejected_cells++; +return dos_cc_defense_type; + } + + end: + return DOS_CC_DEFENSE_NONE; +} + /* Concurrent connection detection public API. */ /* General API */ diff --git a/src/or/dos.h b/src/or/dos.h index bb8d7d1a7..fa86295cf 100644 --- a/src/or/dos.h +++ b/src/or/dos.h @@ -81,6 +81,7 @@ typedef enum dos_cc_defense_type_t { } dos_cc_defense_type_t; void dos_cc_new_create_cell(channel_t *channel); +dos_cc_defense_type_t dos_cc_get_defense_type(channel_t *chan); /* * Concurrent connection DoS mitigation interface. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] geoip: Remember client stats if DoS mitigation is enabled
commit 51fda85c23e5ff2cabbc66ea19b006c4cb04b1e2 Author: David GouletDate: Fri Jan 19 13:15:07 2018 -0500 geoip: Remember client stats if DoS mitigation is enabled Make the geoip cache track client address if the DoS subsystem is enabled. Signed-off-by: David Goulet --- src/or/geoip.c | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/or/geoip.c b/src/or/geoip.c index e2a1b1cee..5f0b04b56 100644 --- a/src/or/geoip.c +++ b/src/or/geoip.c @@ -33,6 +33,7 @@ #include "config.h" #include "control.h" #include "dnsserv.h" +#include "dos.h" #include "geoip.h" #include "routerlist.h" @@ -549,10 +550,14 @@ geoip_note_client_seen(geoip_client_action_t action, clientmap_entry_t *ent; if (action == GEOIP_CLIENT_CONNECT) { -/* Only remember statistics as entry guard or as bridge. */ -if (!options->EntryStatistics && -(!(options->BridgeRelay && options->BridgeRecordUsageByCountry))) - return; +/* Only remember statistics if the DoS mitigation subsystem is enabled. If + * not, only if as entry guard or as bridge. */ +if (!dos_enabled()) { + if (!options->EntryStatistics && + (!(options->BridgeRelay && options->BridgeRecordUsageByCountry))) { +return; + } +} } else { /* Only gather directory-request statistics if configured, and * forcibly disable them on bridge authorities. */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] dos: Add the DoSRefuseSingleHopClientRendezvous option
commit 36a0ae151f8f85c76b4bd91a8fc2871dd88b6005 Author: David GouletDate: Thu Jan 25 16:32:28 2018 -0500 dos: Add the DoSRefuseSingleHopClientRendezvous option This option refuses any ESTABLISH_RENDEZVOUS cell arriving from a client connection. Its default value is "auto" for which we can turn it on or off with a consensus parameter. Default value is 0. Signed-off-by: David Goulet --- src/or/dos.c | 31 +++ src/or/dos.h | 3 +++ src/or/rendmid.c | 12 3 files changed, 46 insertions(+) diff --git a/src/or/dos.c b/src/or/dos.c index 7e3a2ab7f..d98d3db16 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -14,6 +14,7 @@ #include "geoip.h" #include "main.h" #include "networkstatus.h" +#include "router.h" #include "dos.h" @@ -60,6 +61,9 @@ static uint64_t conn_num_addr_rejected; * General interface of the denial of service mitigation subsystem. */ +/* Keep stats for the heartbeat. */ +static uint64_t num_single_hop_client_refused; + /* Return true iff the circuit creation mitigation is enabled. We look at the * consensus for this else a default value is returned. */ MOCK_IMPL(STATIC unsigned int, @@ -524,6 +528,33 @@ dos_conn_addr_get_defense_type(const tor_addr_t *addr) /* General API */ +/* Note down that we've just refused a single hop client. This increments a + * counter later used for the heartbeat. */ +void +dos_note_refuse_single_hop_client(void) +{ + num_single_hop_client_refused++; +} + +/* Return true iff single hop client connection (ESTABLISH_RENDEZVOUS) should + * be refused. */ +int +dos_should_refuse_single_hop_client(void) +{ + /* If we aren't a public relay, this shouldn't apply to anything. */ + if (!public_server_mode(get_options())) { +return 0; + } + + if (get_options()->DoSRefuseSingleHopClientRendezvous != -1) { +return get_options()->DoSRefuseSingleHopClientRendezvous; + } + + return (int) networkstatus_get_param(NULL, + "DoSRefuseSingleHopClientRendezvous", + 0 /* default */, 0, 1); +} + /* Called when a new client connection has been established on the given * address. */ void diff --git a/src/or/dos.h b/src/or/dos.h index cc7749836..ec4c033ae 100644 --- a/src/or/dos.h +++ b/src/or/dos.h @@ -51,6 +51,9 @@ int dos_enabled(void); void dos_new_client_conn(or_connection_t *or_conn); void dos_close_client_conn(const or_connection_t *or_conn); +int dos_should_refuse_single_hop_client(void); +void dos_note_refuse_single_hop_client(void); + /* * Circuit creation DoS mitigation subsystemn interface. */ diff --git a/src/or/rendmid.c b/src/or/rendmid.c index ca0ad7b0d..441d5043c 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -8,9 +8,11 @@ **/ #include "or.h" +#include "channel.h" #include "circuitlist.h" #include "circuituse.h" #include "config.h" +#include "dos.h" #include "relay.h" #include "rendmid.h" #include "rephist.h" @@ -246,6 +248,16 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, goto err; } + /* Check if we are configured to accept established rendezvous cells from + * client or in other words tor2web clients. */ + if (channel_is_client(circ->p_chan) && + dos_should_refuse_single_hop_client()) { +/* Note it down for the heartbeat log purposes. */ +dos_note_refuse_single_hop_client(); +/* Silent drop so the client has to time out before moving on. */ +return 0; + } + if (circ->base_.n_chan) { log_warn(LD_PROTOCOL, "Tried to establish rendezvous on non-edge circuit"); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] dos: Initial code of Denial of Service mitigation
commit 64149353dda6336488e7d011534a7132b3f01acc Author: David GouletDate: Thu Jan 25 15:54:58 2018 -0500 dos: Initial code of Denial of Service mitigation This commit introduces the src/or/dos.{c|h} files that contains the code for the Denial of Service mitigation subsystem. It currently contains basic functions to initialize and free the subsystem. They are used at this commit. The torrc options and consensus parameters are defined at this commit and getters are implemented. Signed-off-by: David Goulet --- src/common/log.c | 2 +- src/common/torlog.h| 4 +- src/or/config.c| 25 + src/or/dos.c | 289 + src/or/dos.h | 120 src/or/include.am | 2 + src/or/main.c | 2 + src/or/networkstatus.c | 13 ++- src/or/or.h| 30 + 9 files changed, 483 insertions(+), 4 deletions(-) diff --git a/src/common/log.c b/src/common/log.c index 56adc77f8..4db1c9f0d 100644 --- a/src/common/log.c +++ b/src/common/log.c @@ -1177,7 +1177,7 @@ static const char *domain_list[] = { "GENERAL", "CRYPTO", "NET", "CONFIG", "FS", "PROTOCOL", "MM", "HTTP", "APP", "CONTROL", "CIRC", "REND", "BUG", "DIR", "DIRSERV", "OR", "EDGE", "ACCT", "HIST", "HANDSHAKE", "HEARTBEAT", "CHANNEL", - "SCHED", NULL + "SCHED", "DOS", NULL }; /** Return a bitmask for the log domain for which domain is the name, diff --git a/src/common/torlog.h b/src/common/torlog.h index 6732a4274..20b7d938f 100644 --- a/src/common/torlog.h +++ b/src/common/torlog.h @@ -99,8 +99,10 @@ #define LD_CHANNEL (1u<<21) /** Scheduler */ #define LD_SCHED (1u<<22) +/** Denial of Service mitigation. */ +#define LD_DOS (1u<<23) /** Number of logging domains in the code. */ -#define N_LOGGING_DOMAINS 23 +#define N_LOGGING_DOMAINS 24 /** This log message is not safe to send to a callback-based logger * immediately. Used as a flag, not a log domain. */ diff --git a/src/or/config.c b/src/or/config.c index 42ff25877..c651c202e 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -29,6 +29,7 @@ #include "dirserv.h" #include "dirvote.h" #include "dns.h" +#include "dos.h" #include "entrynodes.h" #include "geoip.h" #include "hibernate.h" @@ -241,6 +242,19 @@ static config_var_t option_vars_[] = { OBSOLETE("DynamicDHGroups"), VPORT(DNSPort, LINELIST, NULL), V(DNSListenAddress,LINELIST, NULL), + /* DoS circuit creation options. */ + V(DoSCircuitCreationEnabled, AUTOBOOL, "auto"), + V(DoSCircuitCreationMinConnections, UINT, "0"), + V(DoSCircuitCreationRateTenths, UINT, "0"), + V(DoSCircuitCreationBurst, UINT, "0"), + V(DoSCircuitCreationDefenseType, INT, "0"), + V(DoSCircuitCreationDefenseTimePeriod, INTERVAL, "0"), + /* DoS connection options. */ + V(DoSConnectionEnabled,AUTOBOOL, "auto"), + V(DoSConnectionMaxConcurrentCount, UINT, "0"), + V(DoSConnectionDefenseType,INT, "0"), + /* DoS single hop client options. */ + V(DoSRefuseSingleHopClientRendezvous,AUTOBOOL, "auto"), V(DownloadExtraInfo, BOOL, "0"), V(TestingEnableConnBwEvent,BOOL, "0"), V(TestingEnableCellStatsEvent, BOOL, "0"), @@ -2039,6 +2053,17 @@ options_act(const or_options_t *old_options) } } + /* DoS mitigation subsystem only applies to public relay. */ + if (public_server_mode(options)) { +/* If we are configured as a relay, initialize the subsystem. Even on HUP, + * this is safe to call as it will load data from the current options + * or/and the consensus. */ +dos_init(); + } else if (old_options && public_server_mode(old_options)) { +/* Going from relay to non relay, clean it up. */ +dos_free_all(); + } + /* Load the webpage we're going to serve every time someone asks for '/' on our DirPort. */ tor_free(global_dirfrontpagecontents); diff --git a/src/or/dos.c b/src/or/dos.c new file mode 100644 index 0..4b5983d16 --- /dev/null +++ b/src/or/dos.c @@ -0,0 +1,289 @@ +/* Copyright (c) 2018, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/* + * \file dos.c + * \brief Implement Denial of Service mitigation subsystem. + */ + +#define DOS_PRIVATE + +#include "or.h" +#include "channel.h" +#include "config.h" +#include "geoip.h" +#include "main.h" +#include "networkstatus.h" + +#include "dos.h" + +/* + * Circuit creation denial of service mitigation. + * + * Namespace used for this mitigation framework is "dos_cc_" where "cc" is for + * Circuit Creation. + */ + +/* Is the circuit creation DoS mitigation enabled? */ +static unsigned int dos_cc_enabled = 0; + +/* Consensus parameters. They can be changed when a new consensus arrives. + * They are initialized with the hardcoded default values. */ +static uint32_t
[tor-commits] [tor/master] dos: Make circuit rate limit per second, not tenths anymore
commit e58a4fc6cfcdeafc2ebfb61fd3cf6d163ce2436c Author: David GouletDate: Mon Jan 29 11:50:11 2018 -0500 dos: Make circuit rate limit per second, not tenths anymore Because this touches too many commits at once, it is made into one single commit. Remove the use of "tenths" for the circuit rate to simplify things. We can only refill the buckets at best once every second because of the use of approx_time() and our token system is set to be 1 token = 1 circuit so make the rate a flat integer of circuit per second. Signed-off-by: David Goulet --- doc/tor.1.txt | 8 +++- src/or/config.c | 2 +- src/or/dos.c| 32 src/or/dos.h| 2 +- src/or/or.h | 5 ++--- 5 files changed, 15 insertions(+), 34 deletions(-) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index a2bbb8ab6..58997cdf3 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -2466,12 +2466,10 @@ Denial of Service mitigation subsystem. parameter. (Default: 0) -[[DoSCircuitCreationRateTenths]] **DoSCircuitCreationRateTenths** __NUM__:: +[[DoSCircuitCreationRate]] **DoSCircuitCreationRate** __NUM__:: -The allowed circuit creation rate in tenths of circuit per second applied -per client IP address. For example, if you want to set a rate of 5 -circuits per second allowed per IP address, this value should be set to -50. If this option is 0, it obeys a consensus parameter. (Default: 0) +The allowed circuit creation rate per second applied per client IP +address. If this option is 0, it obeys a consensus parameter. (Default: 0) [[DoSCircuitCreationBurst]] **DoSCircuitCreationBurst** __NUM__:: diff --git a/src/or/config.c b/src/or/config.c index c651c202e..3b4027433 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -245,7 +245,7 @@ static config_var_t option_vars_[] = { /* DoS circuit creation options. */ V(DoSCircuitCreationEnabled, AUTOBOOL, "auto"), V(DoSCircuitCreationMinConnections, UINT, "0"), - V(DoSCircuitCreationRateTenths, UINT, "0"), + V(DoSCircuitCreationRate, UINT, "0"), V(DoSCircuitCreationBurst, UINT, "0"), V(DoSCircuitCreationDefenseType, INT, "0"), V(DoSCircuitCreationDefenseTimePeriod, INTERVAL, "0"), diff --git a/src/or/dos.c b/src/or/dos.c index 5af75ca57..a614d1231 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -31,7 +31,7 @@ static unsigned int dos_cc_enabled = 0; /* Consensus parameters. They can be changed when a new consensus arrives. * They are initialized with the hardcoded default values. */ static uint32_t dos_cc_min_concurrent_conn; -static uint32_t dos_cc_circuit_rate_tenths; +static uint32_t dos_cc_circuit_rate; static uint32_t dos_cc_circuit_burst; static dos_cc_defense_type_t dos_cc_defense_type; static int32_t dos_cc_defense_time_period; @@ -93,14 +93,14 @@ get_param_cc_min_concurrent_connection(const networkstatus_t *ns) /* Return the parameter for the time rate that is how many circuits over this * time span. */ static uint32_t -get_param_cc_circuit_rate_tenths(const networkstatus_t *ns) +get_param_cc_circuit_rate(const networkstatus_t *ns) { /* This is in seconds. */ - if (get_options()->DoSCircuitCreationRateTenths) { -return get_options()->DoSCircuitCreationRateTenths; + if (get_options()->DoSCircuitCreationRate) { +return get_options()->DoSCircuitCreationRate; } - return networkstatus_get_param(ns, "DoSCircuitCreationRateTenths", - DOS_CC_CIRCUIT_RATE_TENTHS_DEFAULT, + return networkstatus_get_param(ns, "DoSCircuitCreationRate", + DOS_CC_CIRCUIT_RATE_DEFAULT, 1, INT32_MAX); } @@ -189,7 +189,7 @@ set_dos_parameters(const networkstatus_t *ns) /* Get the default consensus param values. */ dos_cc_enabled = get_param_cc_enabled(ns); dos_cc_min_concurrent_conn = get_param_cc_min_concurrent_connection(ns); - dos_cc_circuit_rate_tenths = get_param_cc_circuit_rate_tenths(ns); + dos_cc_circuit_rate = get_param_cc_circuit_rate(ns); dos_cc_circuit_burst = get_param_cc_circuit_burst(ns); dos_cc_defense_time_period = get_param_cc_defense_time_period(ns); dos_cc_defense_type = get_param_cc_defense_type(ns); @@ -225,23 +225,7 @@ cc_consensus_has_changed(const networkstatus_t *ns) STATIC uint32_t get_circuit_rate_per_second(void) { - int64_t circ_rate; - - /* We take the burst divided by the rate which is in tenths of a second so - * convert to get a circuit rate per second. */ - circ_rate = dos_cc_circuit_rate_tenths / 10; - if (circ_rate < 0) { -/* Safety check, never allow it to go below 0 else the bucket will always - * be empty resulting in every address to be detected. */ -circ_rate = 1; - } - - /* Clamp it down to a 32 bit value because a rate of 2^32 circuits per - * second is just too much in any
[tor-commits] [tor/master] dos: Clear connection tracked flag if geoip entry is removed
commit 82de4ea900c5d3513214b127421890595343bfaa Author: David GouletDate: Thu Jan 25 09:44:21 2018 -0500 dos: Clear connection tracked flag if geoip entry is removed Imagine this scenario. We had 10 connections over the 24h lifetime of a geoip cache entry. The lifetime of the entry has been reached so it is about to get freed but 2 connections remain for it. After the free, a third connection comes in thus making us create a new geoip entry for that address matching the 2 previous ones that are still alive. If they end up being closed, we'll have a concurrent count desynch from what the reality is. To mitigate this probably very rare scenario in practice, when we free a geoip entry and it has a concurrent count above 0, we'll go over all connections matching the address and clear out the tracked flag. So once they are closed, we don't try to decrement the count. Signed-off-by: David Goulet --- src/or/dos.c | 35 +++ src/or/dos.h | 4 src/or/geoip.c | 4 3 files changed, 43 insertions(+) diff --git a/src/or/dos.c b/src/or/dos.c index 40e88aead..5af75ca57 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -528,6 +528,41 @@ dos_conn_addr_get_defense_type(const tor_addr_t *addr) /* General API */ +/* Take any appropriate actions for the given geoip entry that is about to get + * freed. This is called for every entry that is being freed. + * + * This function will clear out the connection tracked flag if the concurrent + * count of the entry is above 0 so if those connections end up being seen by + * this subsystem, we won't try to decrement the counter for a new geoip entry + * that might have been added after this call for the same address. */ +void +dos_geoip_entry_about_to_free(const clientmap_entry_t *geoip_ent) +{ + tor_assert(geoip_ent); + + /* The count is down to 0 meaning no connections right now, we can safely + * clear the geoip entry from the cache. */ + if (geoip_ent->dos_stats.concurrent_count == 0) { +goto end; + } + + /* For each connection matching the geoip entry address, we'll clear the + * tracked flag because the entry is about to get removed from the geoip + * cache. We do not try to decrement if the flag is not set. */ + SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) { +if (conn->type == CONN_TYPE_OR) { + or_connection_t *or_conn = TO_OR_CONN(conn); + if (!tor_addr_compare(_ent->addr, _conn->real_addr, +CMP_EXACT)) { +or_conn->tracked_for_dos_mitigation = 0; + } +} + } SMARTLIST_FOREACH_END(conn); + + end: + return; +} + /* Note down that we've just refused a single hop client. This increments a * counter later used for the heartbeat. */ void diff --git a/src/or/dos.h b/src/or/dos.h index 56835169d..9ce1baddb 100644 --- a/src/or/dos.h +++ b/src/or/dos.h @@ -43,11 +43,15 @@ typedef struct dos_client_stats_t { /* General API. */ +/* Stub. */ +struct clientmap_entry_t; + void dos_init(void); void dos_free_all(void); void dos_consensus_has_changed(const networkstatus_t *ns); int dos_enabled(void); void dos_log_heartbeat(void); +void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent); void dos_new_client_conn(or_connection_t *or_conn); void dos_close_client_conn(const or_connection_t *or_conn); diff --git a/src/or/geoip.c b/src/or/geoip.c index 5f0b04b56..4e4f6e639 100644 --- a/src/or/geoip.c +++ b/src/or/geoip.c @@ -516,6 +516,10 @@ clientmap_entry_free(clientmap_entry_t *ent) if (!ent) return; + /* This entry is about to be freed so pass it to the DoS subsystem to see if + * any actions can be taken about it. */ + dos_geoip_entry_about_to_free(ent); + tor_free(ent->transport_name); tor_free(ent); } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-messenger-build/master] Also add the logo to the config file
commit 7bb4436dda23bf06ab02dfcb038817bbf2391738 Author: Sukhbir SinghDate: Tue Jan 30 15:54:16 2018 -0500 Also add the logo to the config file --- projects/tor-launcher/config | 1 + 1 file changed, 1 insertion(+) diff --git a/projects/tor-launcher/config b/projects/tor-launcher/config index 10d0937..aa83531 100644 --- a/projects/tor-launcher/config +++ b/projects/tor-launcher/config @@ -10,3 +10,4 @@ input_files: content: '[% INCLUDE controlport.patch.tmpl -%]' refresh_input: 1 enable: '[% c("var/tor_control_port") %]' + - filename: tm-logo.svg ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-messenger-build/master] Set Tor Messenger's logo in Tor Launcher
commit 3e87965ab90ab3bb6c026ebc158293fb4badc3b4 Author: Sukhbir SinghDate: Tue Jan 30 15:53:17 2018 -0500 Set Tor Messenger's logo in Tor Launcher --- projects/tor-launcher/build | 3 + projects/tor-launcher/tm-logo.svg | 141 ++ 2 files changed, 144 insertions(+) diff --git a/projects/tor-launcher/build b/projects/tor-launcher/build index 0891389..45be6a6 100644 --- a/projects/tor-launcher/build +++ b/projects/tor-launcher/build @@ -5,5 +5,8 @@ cd [% project %]-[% c('version') %] [% IF c("var/tor_control_port") -%] patch -p1 < ../controlport.patch [% END -%] +[% IF c("var/tor-messenger") -%] +cp ../tm-logo.svg src/chrome/skin/tbb-logo.svg +[% END -%] make package mv pkg/*.xpi [% dest_dir _ '/' _ c('filename') %] diff --git a/projects/tor-launcher/tm-logo.svg b/projects/tor-launcher/tm-logo.svg new file mode 100644 index 000..279c7cd --- /dev/null +++ b/projects/tor-launcher/tm-logo.svg @@ -0,0 +1,141 @@ + +http://purl.org/dc/elements/1.1/; + xmlns:cc="http://creativecommons.org/ns#; + xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#; + xmlns:svg="http://www.w3.org/2000/svg; + xmlns="http://www.w3.org/2000/svg; + xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd; + xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape; + version="1.1" + id="Layer_1" + x="0px" + y="0px" + viewBox="0 0 328.6 66.3" + enable-background="new 0 0 328.6 66.3" + xml:space="preserve" + sodipodi:docname="tbb-logo.svg" + inkscape:version="0.92.2 (5c3e80d, 2017-08-06)">image/svg+xmlhttp://purl.org/dc/dcmitype/StillImage; /> \ No newline at end of file ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-messenger-build/master] Update config file for the last commit
commit 454d3e4e8115d7cd15a7109332b3a144fe6bdb6e Author: Sukhbir SinghDate: Tue Jan 30 11:38:10 2018 -0500 Update config file for the last commit --- projects/mozilla/STL_win64.patch | 24 projects/mozilla/config | 2 +- 2 files changed, 1 insertion(+), 25 deletions(-) diff --git a/projects/mozilla/STL_win64.patch b/projects/mozilla/STL_win64.patch deleted file mode 100644 index e528905..000 --- a/projects/mozilla/STL_win64.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 8f8c1a1069d4907d3cedae578975225d8caeecaf Mon Sep 17 00:00:00 2001 -From: Nicolas Vigier -Date: Sat, 12 Aug 2017 22:00:13 +0200 -Subject: [PATCH] Bug 23231: disable STL Wrappers on Windows - -Workaround for: -https://bugzilla.mozilla.org/show_bug.cgi?id=1392604 - old-configure.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/old-configure.in b/old-configure.in -index f5a2f05..e247551 100644 a/old-configure.in -+++ b/old-configure.in -@@ -1338,7 +1338,7 @@ MOZ_CXX11 - AC_LANG_C - - case "${OS_TARGET}" in --Darwin) -+WINNT|Darwin) - ;; - *) - STL_FLAGS="-I${DIST}/stl_wrappers" diff --git a/projects/mozilla/config b/projects/mozilla/config index f3c4234..81d52d7 100644 --- a/projects/mozilla/config +++ b/projects/mozilla/config @@ -11,5 +11,5 @@ input_files: - filename: 0003-OSX-package-as-tar.bz2.patch - filename: 0004-Updater-fixups-for-TM.patch - filename: 0005-Permit-storing-exceptions-even-w-inPrivateBrowsingMo.patch - - filename: STL_win64.patch + - filename: 0006-Bug-23231-disable-STL-Wrappers-on-Windows.patch enable: '[% c("var/windows-x86_64") %]' ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-messenger-build/master] Use proper formatting for mozilla/ patches
commit 7771c1378bd74a12d06a0a3429dbaec8743383ad Author: Sukhbir SinghDate: Tue Jan 30 11:22:10 2018 -0500 Use proper formatting for mozilla/ patches --- ...0001-Trac-19910-Prevents-STARTTLS-in-XMPP.patch | 6 ++--- .../mozilla/0002-Trac-16475-Block-flash-too.patch | 6 ++--- projects/mozilla/0003-OSX-package-as-tar.bz2.patch | 6 ++--- projects/mozilla/0004-Updater-fixups-for-TM.patch | 6 ++--- ...ing-exceptions-even-w-inPrivateBrowsingMo.patch | 6 ++--- ...Bug-23231-disable-STL-Wrappers-on-Windows.patch | 27 ++ 6 files changed, 42 insertions(+), 15 deletions(-) diff --git a/projects/mozilla/0001-Trac-19910-Prevents-STARTTLS-in-XMPP.patch b/projects/mozilla/0001-Trac-19910-Prevents-STARTTLS-in-XMPP.patch index e78e36b..d634f0b 100644 --- a/projects/mozilla/0001-Trac-19910-Prevents-STARTTLS-in-XMPP.patch +++ b/projects/mozilla/0001-Trac-19910-Prevents-STARTTLS-in-XMPP.patch @@ -1,7 +1,7 @@ -From 6ee07445bcfa1ef74934ecc7a7862afd10d0927d Mon Sep 17 00:00:00 2001 +From 4015b1fc6b60638ec28bdfb568ff263e4a69783a Mon Sep 17 00:00:00 2001 From: Arlo Breault Date: Fri, 1 Sep 2017 17:39:04 -0400 -Subject: [PATCH 1/5] Trac 19910: Prevents STARTTLS in XMPP +Subject: [PATCH 1/6] Trac 19910: Prevents STARTTLS in XMPP * Revert "Bug 3875: Use Optimistic Data SOCKS variant." @@ -115,5 +115,5 @@ index a21dfa4a5a11..5429637c1c3a 100644 void SetNamedPipeFD(PRFileDesc *fd) { mFD = fd; } -- -2.16.1 +2.11.0 diff --git a/projects/mozilla/0002-Trac-16475-Block-flash-too.patch b/projects/mozilla/0002-Trac-16475-Block-flash-too.patch index 5c24cdb..81d60d3 100644 --- a/projects/mozilla/0002-Trac-16475-Block-flash-too.patch +++ b/projects/mozilla/0002-Trac-16475-Block-flash-too.patch @@ -1,7 +1,7 @@ -From a1f8139363a279d8c948ef621e860e306eca2167 Mon Sep 17 00:00:00 2001 +From add0c6cef2e16013a4e937477fa74156589d310f Mon Sep 17 00:00:00 2001 From: Arlo Breault Date: Thu, 6 Oct 2016 20:13:35 -0700 -Subject: [PATCH 2/5] Trac 16475: Block flash too +Subject: [PATCH 2/6] Trac 16475: Block flash too * Builds on "Bug #3547: Block all plugins except flash." --- @@ -29,5 +29,5 @@ index cd1707beaf5f..d014832e0595 100644 } -- -2.16.1 +2.11.0 diff --git a/projects/mozilla/0003-OSX-package-as-tar.bz2.patch b/projects/mozilla/0003-OSX-package-as-tar.bz2.patch index ce7636d..33108b5 100644 --- a/projects/mozilla/0003-OSX-package-as-tar.bz2.patch +++ b/projects/mozilla/0003-OSX-package-as-tar.bz2.patch @@ -1,7 +1,7 @@ -From 4502122ff76eb1c6de00f3db49b6ff3121f1e9ce Mon Sep 17 00:00:00 2001 +From 4a6547f057868dcf8a6660632f2a84dcbdc9ff30 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Thu, 25 Jun 2015 12:18:43 +0200 -Subject: [PATCH 3/5] OSX: package as tar.bz2 +Subject: [PATCH 3/6] OSX: package as tar.bz2 --- toolkit/mozapps/installer/upload-files.mk | 2 +- @@ -21,5 +21,5 @@ index 51633178226c..64584f579390 100644 ifeq (,$(filter-out WINNT, $(OS_ARCH))) MOZ_PKG_FORMAT = ZIP -- -2.16.1 +2.11.0 diff --git a/projects/mozilla/0004-Updater-fixups-for-TM.patch b/projects/mozilla/0004-Updater-fixups-for-TM.patch index 305bc0f..9d3053d 100644 --- a/projects/mozilla/0004-Updater-fixups-for-TM.patch +++ b/projects/mozilla/0004-Updater-fixups-for-TM.patch @@ -1,7 +1,7 @@ -From 26c0c11d82d4192f68cdb87ea4dd2d5f6f6d52e3 Mon Sep 17 00:00:00 2001 +From 7bd981927d912cb20dc16658deccc9fa77a92690 Mon Sep 17 00:00:00 2001 From: Arlo Breault Date: Fri, 1 Sep 2017 17:45:40 -0400 -Subject: [PATCH 4/5] Updater fixups for TM +Subject: [PATCH 4/6] Updater fixups for TM * Remove updater links @@ -804,5 +804,5 @@ index c45961ac54e7..23d6fbe2929a 100644 nsresult rv = GetAppRootDir(aExeFile, getter_AddRefs(appRootDir)); NS_ENSURE_SUCCESS(rv, rv); -- -2.16.1 +2.11.0 diff --git a/projects/mozilla/0005-Permit-storing-exceptions-even-w-inPrivateBrowsingMo.patch b/projects/mozilla/0005-Permit-storing-exceptions-even-w-inPrivateBrowsingMo.patch index 1e327f6..9f9e15f 100644 --- a/projects/mozilla/0005-Permit-storing-exceptions-even-w-inPrivateBrowsingMo.patch +++ b/projects/mozilla/0005-Permit-storing-exceptions-even-w-inPrivateBrowsingMo.patch @@ -1,7 +1,7 @@ -From bd9333d8dfd64559b4d33f06b3871740104259f5 Mon Sep 17 00:00:00 2001 +From 7abd599adc7c76757e56cea3a4c73c1daa3c1781 Mon Sep 17 00:00:00 2001 From: Arlo Breault Date: Sat, 3 Dec 2016 10:01:52 -0800 -Subject: [PATCH 5/5] Permit storing exceptions even w/ inPrivateBrowsingMode +Subject: [PATCH 5/6] Permit storing exceptions even w/ inPrivateBrowsingMode --- security/manager/pki/resources/content/exceptionDialog.js | 3 ++- @@ -20,5 +20,5 @@ index 0ca24a614dca..df50701729ce 100644 + return false; // PrivateBrowsingUtils.isWindowPrivate(window); } -- -2.16.1 +2.11.0 diff --git a/projects/mozilla/0006-Bug-23231-disable-STL-Wrappers-on-Windows.patch
[tor-commits] [translation/tails-persistence-setup_completed] Update translations for tails-persistence-setup_completed
commit 9ab7fa50299982b7cef759583c977bba7d814922 Author: Translation commit botDate: Tue Jan 30 13:16:11 2018 + Update translations for tails-persistence-setup_completed --- ru/ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/ru.po b/ru/ru.po index f624e0d35..3431ed854 100644 --- a/ru/ru.po +++ b/ru/ru.po @@ -21,7 +21,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2017-05-15 13:51+0200\n" -"PO-Revision-Date: 2018-01-30 12:15+\n" +"PO-Revision-Date: 2018-01-30 12:46+\n" "Last-Translator: Andrey\n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup
commit dd9ec519f06303989e4317634f1261ecf3bc4a5b Author: Translation commit botDate: Tue Jan 30 13:16:05 2018 + Update translations for tails-persistence-setup --- ru/ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/ru.po b/ru/ru.po index f624e0d35..3431ed854 100644 --- a/ru/ru.po +++ b/ru/ru.po @@ -21,7 +21,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2017-05-15 13:51+0200\n" -"PO-Revision-Date: 2018-01-30 12:15+\n" +"PO-Revision-Date: 2018-01-30 12:46+\n" "Last-Translator: Andrey\n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Bug 25017: Remove 2017 donation banner from homepage
commit 42dd7261084a94da969dd809e6945629dfb6ab38 Author: Arthur EdelsteinDate: Thu Jan 25 00:13:26 2018 -0500 Bug 25017: Remove 2017 donation banner from homepage --- css/donation-banner.css | 99 en/index.wml| 2 +- images/onion-hand.png | Bin 69055 -> 0 bytes include/head.wmi| 19 -- js/donation_banner.js | 33 5 files changed, 1 insertion(+), 152 deletions(-) diff --git a/css/donation-banner.css b/css/donation-banner.css deleted file mode 100644 index 09b94e02.. --- a/css/donation-banner.css +++ /dev/null @@ -1,99 +0,0 @@ -#banner-wrapper { --khtml-user-select: none;/* Konqueror */ --moz-user-select: none; /* Firefox */ --ms-user-select: none; /* Internet Explorer/Edge */ --webkit-touch-callout: none; /* iOS Safari */ --webkit-user-select: none; /* Chrome/Safari/Opera */ -display: block; -height: 150px; -justify-content: center; -left: 0px; -margin-top: 0px; -min-width: 900px; -opacity: 1; -position: absolute; -user-select: none; -width: 100%; -z-index: 1; -} -#banner-wrapper:before { -background-color: #551373; -background-image: url('../images/onion-hand.png'); -background-position: calc(50% - 40px) 50%; -background-size: cover; -content: ""; -height: 150px; -left: 0px; -position: absolute; -top: 0px; -right: 0px; -} -#banner-contents-container { -align-items: center; -height: 100%; -margin: 0 auto; -max-width: 960px; -position: relative; -width: 960px; -} -#banner-tagline { -align-items: center; -bottom: 60px; -color: white; -display: flex; -font-family: monospace; -font-weight: bold; -left: 200px; -position: absolute; -right: 0px; -text-align: start; -text-transform: uppercase; -top: 10px; -} -#banner-slogan { -align-items: center; -bottom: 30px; -color: #f8f8a0; -display: flex; -font-size: 20px; -font-family: monospace; -font-weight: bold; -left: 200px; -position: absolute; -right: 285px; -text-align: start; -top: 90px; -white-space: nowrap; -} -#banner-donate-button { -align-items: center; -background-color: #13a513; -border: 0px; -bottom: 10px; -color: #fbf7ef; -display: flex; -font-family: sans-serif; -font-size: 22px; -font-weight: bold; -justify-content: center; -left: 630px; -letter-spacing: -0.00em; -position: absolute; -right: 10px; -top: 90px; -} -#banner-donate-button:hover { -background-color: #38bc38; -} -#banner-spacer { -background-color: #551373; -display: block; -height: 150px; -position: relative; -top: 0px; -left: 0px; -width: 100%; -} -body { -min-width: 960px; -} diff --git a/en/index.wml b/en/index.wml index 24f55b53..67414bcc 100644 --- a/en/index.wml +++ b/en/index.wml @@ -2,7 +2,7 @@ # Revision: $Revision$ # Translation-Priority: 1-high -#include "head.wmi" TITLE="Tor Project | Privacy Online" CHARSET="UTF-8" DONATION_BANNER="true" +#include "head.wmi" TITLE="Tor Project | Privacy Online" CHARSET="UTF-8" diff --git a/images/onion-hand.png b/images/onion-hand.png deleted file mode 100644 index 00a5a41c.. Binary files a/images/onion-hand.png and /dev/null differ diff --git a/include/head.wmi b/include/head.wmi index 0732bb7c..dc4d5e26 100644 --- a/include/head.wmi +++ b/include/head.wmi @@ -33,7 +33,6 @@ # begin WML to generate css/js paths "> "> - "> # - - -Protecting the Privacy of Millions Every Day -Tor: Powering Digital Resistance -https://www.torproject.org/donate/donate-pdr-hp;> - -Donate Now! - - - - - - - -"> Tor diff --git a/js/donation_banner.js b/js/donation_banner.js deleted file mode 100644 index 239fcafd.. --- a/js/donation_banner.js +++ /dev/null @@ -1,33 +0,0 @@ -/* jshint esnext:true */ - -let kTaglines = [ - "Protecting Journalists, Whistleblowers, & Activists Since 2006", - "Networking Freedom Worldwide", - "Freedom Online", - "Fostering Free Expression Worldwide", - "Protecting the Privacy of Millions Every Day", -]; - -let kTaglineSizes = [ - 30, - 40, - 48, - 36, - 36, -]; - -// Returns a random integer x, such that 0 <= x < max -let randomInteger = function (max) { - return Math.floor(max * Math.random()); -}; - -// The main donation banner function. -let runDonationBanner = function () { - // Load random tag line once page is loaded - let index = randomInteger(kTaglines.length); - let taglineElement = document.querySelector("#banner-tagline span"); - taglineElement.innerText = kTaglines[index]; - taglineElement.style.fontSize = kTaglineSizes[index] + "px"; -}; -
[tor-commits] [webwml/master] Merge branch 'master' of git-rw.torproject.org:project/web/webwml into 25017
commit 08ceceb08dd1099d394872f5226a5c165be0ea6d Merge: 42dd7261 c94a7c2c Author: hiromipawDate: Tue Jan 30 13:43:06 2018 +0100 Merge branch 'master' of git-rw.torproject.org:project/web/webwml into 25017 Makefile | 2 +- docs/en/rpms.wml | 47 docs/en/sidenav.wmi| 3 - include/versions.wmi | 2 +- projects/torbrowser/RecommendedTBBVersions | 12 projects/torbrowser/design/index.html.en | 112 +++-- 6 files changed, 91 insertions(+), 87 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-openpgp-applet_completed] Update translations for tails-openpgp-applet_completed
commit 468de492d0b1d6a641ba97e39b90faa3fd904b52 Author: Translation commit botDate: Tue Jan 30 12:19:01 2018 + Update translations for tails-openpgp-applet_completed --- ru/openpgp-applet.pot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/openpgp-applet.pot b/ru/openpgp-applet.pot index 21db88faa..701c11c5f 100644 --- a/ru/openpgp-applet.pot +++ b/ru/openpgp-applet.pot @@ -11,7 +11,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2018-01-30 10:46+\n" +"PO-Revision-Date: 2018-01-30 12:05+\n" "Last-Translator: Misha Dyachuk \n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-openpgp-applet] Update translations for tails-openpgp-applet
commit 8f30a67b6270df69522a4cecbb8f6bc518869bfa Author: Translation commit botDate: Tue Jan 30 12:18:56 2018 + Update translations for tails-openpgp-applet --- ru/openpgp-applet.pot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/openpgp-applet.pot b/ru/openpgp-applet.pot index 21db88faa..701c11c5f 100644 --- a/ru/openpgp-applet.pot +++ b/ru/openpgp-applet.pot @@ -11,7 +11,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2018-01-30 10:46+\n" +"PO-Revision-Date: 2018-01-30 12:05+\n" "Last-Translator: Misha Dyachuk \n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit 39fc9b1f6c588c866b8bd75eefa2d3e47e421499 Author: Translation commit botDate: Tue Jan 30 12:17:11 2018 + Update translations for tails-misc --- ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru.po b/ru.po index df6e31b66..4ffe6c8e0 100644 --- a/ru.po +++ b/ru.po @@ -28,7 +28,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-09-13 20:10+0200\n" -"PO-Revision-Date: 2018-01-30 10:49+\n" +"PO-Revision-Date: 2018-01-30 12:10+\n" "Last-Translator: Timofey Lisunov \n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed
commit 6d5e5a7cc07259cacad3131e226d6f6d4ccb4a39 Author: Translation commit botDate: Tue Jan 30 12:17:16 2018 + Update translations for tails-misc_completed --- ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru.po b/ru.po index df6e31b66..4ffe6c8e0 100644 --- a/ru.po +++ b/ru.po @@ -28,7 +28,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-09-13 20:10+0200\n" -"PO-Revision-Date: 2018-01-30 10:49+\n" +"PO-Revision-Date: 2018-01-30 12:10+\n" "Last-Translator: Timofey Lisunov \n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup
commit 1329cdbaf81b23df489f99395e710c505e510a2b Author: Translation commit botDate: Tue Jan 30 12:16:04 2018 + Update translations for tails-persistence-setup --- ru/ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/ru.po b/ru/ru.po index 0bd65e9c0..f624e0d35 100644 --- a/ru/ru.po +++ b/ru/ru.po @@ -21,7 +21,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2017-05-15 13:51+0200\n" -"PO-Revision-Date: 2018-01-12 16:43+\n" +"PO-Revision-Date: 2018-01-30 12:15+\n" "Last-Translator: Andrey\n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup_completed] Update translations for tails-persistence-setup_completed
commit d54780a8a8c5d2bb88cd6cfdab3fb81b841dcfa8 Author: Translation commit botDate: Tue Jan 30 12:16:12 2018 + Update translations for tails-persistence-setup_completed --- ru/ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/ru.po b/ru/ru.po index 0bd65e9c0..f624e0d35 100644 --- a/ru/ru.po +++ b/ru/ru.po @@ -21,7 +21,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2017-05-15 13:51+0200\n" -"PO-Revision-Date: 2018-01-12 16:43+\n" +"PO-Revision-Date: 2018-01-30 12:15+\n" "Last-Translator: Andrey\n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-browser-manual] Update translations for tor-browser-manual
commit 8379717d88d4f19b5bbbc9e13b00ebfe753157b6 Author: Translation commit botDate: Tue Jan 30 11:50:42 2018 + Update translations for tor-browser-manual --- br/br.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/br/br.po b/br/br.po index e889cc505..a5b7927b5 100644 --- a/br/br.po +++ b/br/br.po @@ -439,7 +439,7 @@ msgstr "" #: first-time.page:33 msgid "Configure" -msgstr "" +msgstr "Kefluniañ" #: first-time.page:37 msgid "" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-openpgp-applet] Update translations for tails-openpgp-applet
commit eaba8b3bee661994adefd17c0d4faeae46674750 Author: Translation commit botDate: Tue Jan 30 11:48:47 2018 + Update translations for tails-openpgp-applet --- br/openpgp-applet.pot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/br/openpgp-applet.pot b/br/openpgp-applet.pot index 300ba4579..142a7e656 100644 --- a/br/openpgp-applet.pot +++ b/br/openpgp-applet.pot @@ -27,7 +27,7 @@ msgstr "" #: bin/openpgp-applet:175 msgid "Exit" -msgstr "" +msgstr "Kuitaat" #: bin/openpgp-applet:177 msgid "About" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-network-settings] Update translations for tor-launcher-network-settings
commit ee410c6f84906e2a502d2e8f07e5de1c7bc2b7f4 Author: Translation commit botDate: Tue Jan 30 11:46:58 2018 + Update translations for tor-launcher-network-settings --- br/network-settings.dtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/br/network-settings.dtd b/br/network-settings.dtd index 740612491..bffe154b2 100644 --- a/br/network-settings.dtd +++ b/br/network-settings.dtd @@ -11,7 +11,7 @@ - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tor-launcher-properties] Update translations for tor-launcher-properties
commit a20a9ee8b8420bddb4857ad1e693a0b513789be4 Author: Translation commit botDate: Tue Jan 30 11:46:39 2018 + Update translations for tor-launcher-properties --- br/torlauncher.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/br/torlauncher.properties b/br/torlauncher.properties index 8b87e767a..eeaf0b53b 100644 --- a/br/torlauncher.properties +++ b/br/torlauncher.properties @@ -34,7 +34,7 @@ torlauncher.bridge_suffix.meek-azure=(works in China) torlauncher.connect=Connect torlauncher.restart_tor=Restart Tor torlauncher.quit=Quit -torlauncher.quit_win=Exit +torlauncher.quit_win=Kuitaat torlauncher.done=Done torlauncher.forAssistance=For assistance, contact %S ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/torbirdy] Update translations for torbirdy
commit deccbe18c03bb6040aa54d85c48484cdce3e8159 Author: Translation commit botDate: Tue Jan 30 11:46:17 2018 + Update translations for torbirdy --- br/torbirdy.dtd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/br/torbirdy.dtd b/br/torbirdy.dtd index bdccae1dd..ba467b325 100644 --- a/br/torbirdy.dtd +++ b/br/torbirdy.dtd @@ -5,11 +5,11 @@ - + - + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-persistence-setup] Update translations for tails-persistence-setup
commit 5c3f623ae7e04682355ee3d2fca3013a35937ec0 Author: Translation commit botDate: Tue Jan 30 11:46:04 2018 + Update translations for tails-persistence-setup --- br/br.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/br/br.po b/br/br.po index 513f8fdf9..493fc054d 100644 --- a/br/br.po +++ b/br/br.po @@ -9,7 +9,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers \n" "POT-Creation-Date: 2017-05-15 13:51+0200\n" -"PO-Revision-Date: 2018-01-26 13:31+\n" +"PO-Revision-Date: 2018-01-30 11:33+\n" "Last-Translator: carolyn \n" "Language-Team: Breton (http://www.transifex.com/otf/torproject/language/br/)\n" "MIME-Version: 1.0\n" @@ -287,7 +287,7 @@ msgstr "" #: ../lib/Tails/Persistence/Step/Configure.pm:74 msgid "Save" -msgstr "" +msgstr "Enrollañ" #: ../lib/Tails/Persistence/Step/Configure.pm:143 msgid "Saving..." ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc_completed] Update translations for tails-misc_completed
commit 080c3473103a2157b66ca95a0318bcefa3d7f68a Author: Translation commit botDate: Tue Jan 30 11:17:14 2018 + Update translations for tails-misc_completed --- ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru.po b/ru.po index 212e9f9cc..df6e31b66 100644 --- a/ru.po +++ b/ru.po @@ -28,7 +28,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-09-13 20:10+0200\n" -"PO-Revision-Date: 2017-12-29 07:52+\n" +"PO-Revision-Date: 2018-01-30 10:49+\n" "Last-Translator: Timofey Lisunov \n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-misc] Update translations for tails-misc
commit 158d69586240bb71f0becc2dce342c74fd9a337c Author: Translation commit botDate: Tue Jan 30 11:17:09 2018 + Update translations for tails-misc --- ru.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru.po b/ru.po index 212e9f9cc..df6e31b66 100644 --- a/ru.po +++ b/ru.po @@ -28,7 +28,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2017-09-13 20:10+0200\n" -"PO-Revision-Date: 2017-12-29 07:52+\n" +"PO-Revision-Date: 2018-01-30 10:49+\n" "Last-Translator: Timofey Lisunov \n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/bridgedb_completed] Update translations for bridgedb_completed
commit 56d1d8412a9e7ebd4dd9b03b7727ad54073c6e2b Author: Translation commit botDate: Tue Jan 30 11:15:15 2018 + Update translations for bridgedb_completed --- ru/LC_MESSAGES/bridgedb.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ru/LC_MESSAGES/bridgedb.po b/ru/LC_MESSAGES/bridgedb.po index 2b5c2a892..5147520d6 100644 --- a/ru/LC_MESSAGES/bridgedb.po +++ b/ru/LC_MESSAGES/bridgedb.po @@ -12,7 +12,7 @@ # Ðван Ðапенков, 2015 # joshua ridney , 2015 # Kalyuzhniy Aleksey, 2017 -# liquixis , 2012 +# liquixis, 2012 # Misha Dyachuk , 2016 # Oleg, 2014 # Roberto Brigante, 2017 @@ -27,7 +27,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB=bridgedb-reported,msgid=isis,sysrqb=isis'\n" "POT-Creation-Date: 2015-07-25 03:40+\n" -"PO-Revision-Date: 2017-10-02 08:49+\n" +"PO-Revision-Date: 2018-01-30 10:47+\n" "Last-Translator: Andrey\n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/bridgedb] Update translations for bridgedb
commit dea70792f12a708f83d3b56d0a45b843dc040f7a Author: Translation commit botDate: Tue Jan 30 11:15:08 2018 + Update translations for bridgedb --- ru/LC_MESSAGES/bridgedb.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ru/LC_MESSAGES/bridgedb.po b/ru/LC_MESSAGES/bridgedb.po index 2b5c2a892..5147520d6 100644 --- a/ru/LC_MESSAGES/bridgedb.po +++ b/ru/LC_MESSAGES/bridgedb.po @@ -12,7 +12,7 @@ # Ðван Ðапенков, 2015 # joshua ridney , 2015 # Kalyuzhniy Aleksey, 2017 -# liquixis , 2012 +# liquixis, 2012 # Misha Dyachuk , 2016 # Oleg, 2014 # Roberto Brigante, 2017 @@ -27,7 +27,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB=bridgedb-reported,msgid=isis,sysrqb=isis'\n" "POT-Creation-Date: 2015-07-25 03:40+\n" -"PO-Revision-Date: 2017-10-02 08:49+\n" +"PO-Revision-Date: 2018-01-30 10:47+\n" "Last-Translator: Andrey\n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Merge branch 'master' of git-rw.torproject.org:project/web/webwml into remove_rpms_from_sidenav
commit c94a7c2c5535d0b0548ed0f99e8819ff5ff9a858 Merge: 467ed909 59a33abb Author: hiromipawDate: Tue Jan 30 12:04:40 2018 +0100 Merge branch 'master' of git-rw.torproject.org:project/web/webwml into remove_rpms_from_sidenav Makefile | 2 +- include/versions.wmi | 14 +- projects/en/torbrowser.wml | 4 +- projects/torbrowser/RecommendedTBBVersions | 20 +- projects/torbrowser/design/index.html.en | 763 ++--- 5 files changed, 489 insertions(+), 314 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] delete obsolete docs/en/rpms.wml
commit 467ed909e08e152ab32ec986bcf77ddc5f4661f1 Author: nusenuDate: Tue Jan 23 14:41:06 2018 + delete obsolete docs/en/rpms.wml --- docs/en/rpms.wml | 47 --- 1 file changed, 47 deletions(-) diff --git a/docs/en/rpms.wml b/docs/en/rpms.wml deleted file mode 100644 index 77fd243f.. --- a/docs/en/rpms.wml +++ /dev/null @@ -1,47 +0,0 @@ -## translation metadata -# Revision: $Revision$ -# Translation-Priority: 3-low - -#include "head.wmi" TITLE="Tor Project: CentOS/Fedora Instructions" CHARSET="UTF-8" - - -Home -Documentation -RPMs - - - -Tor packages for RPM-based -linux distributions. - - -Fedora, RHEL, CentOS, Scientific Linux packages - -Use native Fedora packages for the Fedora distribution or https://fedoraproject.org/wiki/EPEL;>EPEL -packages for distribitons derived from RHEL. - - - - -Building from source - - - -If you'd like to build from source, please follow the RPM creation instructions. - - - - -If you have suggestions for improving this document, please send them to us. Thanks! - - - -#include "side.wmi" -#include "info.wmi" - - - - -#include \ No newline at end of file ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [webwml/master] Remove "Installing Tor on Fedora/CentOS" from sidenav
commit 97ff406ac1fc4b6f444be76b8e8d2b5896868299 Author: nusenuDate: Tue Jan 23 14:38:12 2018 + Remove "Installing Tor on Fedora/CentOS" from sidenav --- docs/en/sidenav.wmi | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/en/sidenav.wmi b/docs/en/sidenav.wmi index 764c556d..c86c811d 100644 --- a/docs/en/sidenav.wmi +++ b/docs/en/sidenav.wmi @@ -39,9 +39,6 @@ {'url' => 'docs/debian', 'txt' => 'Installing Tor on Debian/Ubuntu', }, - {'url' => 'docs/rpms', - 'txt' => 'Installing Tor on Fedora/CentOS', - }, {'url' => 'docs/tor-doc-unix', 'txt' => 'Installing Tor Source', }, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-openpgp-applet] Update translations for tails-openpgp-applet
commit 3c37b71d1483a0be4096e1c5d5a596b2075210cd Author: Translation commit botDate: Tue Jan 30 10:48:46 2018 + Update translations for tails-openpgp-applet --- ru/openpgp-applet.pot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/openpgp-applet.pot b/ru/openpgp-applet.pot index dbae1cd33..21db88faa 100644 --- a/ru/openpgp-applet.pot +++ b/ru/openpgp-applet.pot @@ -11,7 +11,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2018-01-12 22:03+\n" +"PO-Revision-Date: 2018-01-30 10:46+\n" "Last-Translator: Misha Dyachuk \n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/tails-openpgp-applet_completed] Update translations for tails-openpgp-applet_completed
commit 1c96a21f7e70c003946c8d6d46daa4b73b7fe9f8 Author: Translation commit botDate: Tue Jan 30 10:48:55 2018 + Update translations for tails-openpgp-applet_completed --- ru/openpgp-applet.pot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ru/openpgp-applet.pot b/ru/openpgp-applet.pot index dbae1cd33..21db88faa 100644 --- a/ru/openpgp-applet.pot +++ b/ru/openpgp-applet.pot @@ -11,7 +11,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: ta...@boum.org\n" "POT-Creation-Date: 2017-08-05 15:07-0400\n" -"PO-Revision-Date: 2018-01-12 22:03+\n" +"PO-Revision-Date: 2018-01-30 10:46+\n" "Last-Translator: Misha Dyachuk \n" "Language-Team: Russian (http://www.transifex.com/otf/torproject/language/ru/)\n" "MIME-Version: 1.0\n" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits