This eighth development snapshot fixes a crash bug that's been bothering
us since February 2007, lets bridge authorities store a list of bridge
descriptors they've seen, gets v3 directory voting closer to working,
starts caching v3 directory consensus documents on directory mirrors,
and fixes a variety of smaller issues including some minor memory leaks.
The Windows bundle also includes the new development Torbutton
version 1.1.8, which improves usability and compatibility over 1.1.7:
http://torbutton.torproject.org/dev/ Windows users are encouraged to
back up their Firefox settings before upgrading.
https://tor.eff.org/download.html
Changes in version 0.2.0.8-alpha - 2007-10-12
o Major features (router descriptor cache):
- Store routers in a file called cached-descriptors instead of in
cached-routers. Initialize cached-descriptors from cached-routers
if the old format is around. The new format allows us to store
annotations along with descriptors.
- Use annotations to record the time we received each descriptor, its
source, and its purpose.
- Disable the SETROUTERPURPOSE controller command: it is now
obsolete.
- Controllers should now specify cache=no or cache=yes when using
the +POSTDESCRIPTOR command.
- Bridge authorities now write bridge descriptors to disk, meaning
we can export them to other programs and begin distributing them
to blocked users.
o Major features (directory authorities):
- When a v3 authority is missing votes or signatures, it now tries
to fetch them.
- Directory authorities track weighted fractional uptime as well as
weighted mean-time-between failures. WFU is suitable for deciding
whether a node is "usually up", while MTBF is suitable for deciding
whether a node is "likely to stay up." We need both, because
"usually up" is a good requirement for guards, while "likely to
stay up" is a good requirement for long-lived connections.
o Major features (v3 directory system):
- Caches now download v3 network status documents as needed,
and download the descriptors listed in them.
- All hosts now attempt to download and keep fresh v3 authority
certificates, and re-attempt after failures.
- More internal-consistency checks for vote parsing.
o Major bugfixes (crashes):
- If a connection is shut down abruptly because of something that
happened inside connection_flushed_some(), do not call
connection_finished_flushing(). Should fix bug 451. Bugfix on
0.1.2.7-alpha.
o Major bugfixes (performance):
- Fix really bad O(n^2) performance when parsing a long list of
routers: Instead of searching the entire list for an "extra-info "
string which usually wasn't there, once for every routerinfo
we read, just scan lines forward until we find one we like.
Bugfix on 0.2.0.1.
- When we add data to a write buffer in response to the data on that
write buffer getting low because of a flush, do not consider the
newly added data as a candidate for immediate flushing, but rather
make it wait until the next round of writing. Otherwise, we flush
and refill recursively, and a single greedy TLS connection can
eat all of our bandwidth. Bugfix on 0.1.2.7-alpha.
o Minor features (v3 authority system):
- Add more ways for tools to download the votes that lead to the
current consensus.
- Send a 503 when low on bandwidth and a vote, consensus, or
certificate is requested.
- If-modified-since is now implemented properly for all kinds of
certificate requests.
o Minor bugfixes (network statuses):
- Tweak the implementation of proposal 109 slightly: allow at most
two Tor servers on the same IP address, except if it's the location
of a directory authority, in which case allow five. Bugfix on
0.2.0.3-alpha.
o Minor bugfixes (controller):
- When sending a status event to the controller telling it that an
OR address is readable, set the port correctly. (Previously we
were reporting the dir port.) Bugfix on 0.1.2.x.
o Minor bugfixes (v3 directory system):
- Fix logic to look up a cert by its signing key digest. Bugfix on
0.2.0.7-alpha.
- Only change the reply to a vote to "OK" if it's not already
set. This gets rid of annoying "400 OK" log messages, which may
have been masking some deeper issue. Bugfix on 0.2.0.7-alpha.
- When we get a valid consensus, recompute the voting schedule.
- Base the valid-after time of a vote on the consensus voting
schedule, not on our preferred schedule.
- Make the return values and messages from signature uploads and
downloads more sensible.
- Fix a memory leak when serving votes and consensus documents, and
another when serving certificates.
o Minor bugfixes (performance):
- Use a slightly simpler string hashing algorithm (copying Python's
instead of Java's) and optimize our digest hashing algorithm to take
advantage of 64-bit platforms and to remove some possibly-costly
voodoo.
- Fix a minor memory leak whenever we parse guards from our state
file. Bugfix on 0.2.0.7-alpha.
- Fix a minor memory leak whenever we write out a file. Bugfix on
0.2.0.7-alpha.
- Fix a minor memory leak whenever a controller sends the PROTOCOLINFO
command. Bugfix on 0.2.0.5-alpha.
o Minor bugfixes (portability):
- On some platforms, accept() can return a broken address. Detect
this more quietly, and deal accordingly. Fixes bug 483.
- Stop calling tor_strlower() on uninitialized memory in some cases.
Bugfix in 0.2.0.7-alpha.
o Minor bugfixes (usability):
- Treat some 403 responses from directory servers as INFO rather than
WARN-severity events.
- It's not actually an error to find a non-pending entry in the DNS
cache when canceling a pending resolve. Don't log unless stuff is
fishy. Resolves bug 463.
o Minor bugfixes (anonymity):
- Never report that we've used more bandwidth than we're willing to
relay: it leaks how much non-relay traffic we're using. Resolves
bug 516.
- When looking for a circuit to cannibalize, consider family as well
as identity. Fixes bug 438. Bugfix on 0.1.0.x (which introduced
circuit cannibalization).
o Code simplifications and refactoring:
- Make a bunch of functions static. Remove some dead code.
- Pull out about a third of the really big routerlist.c; put it in a
new module, networkstatus.c.
- Merge the extra fields in local_routerstatus_t back into
routerstatus_t: we used to need one routerstatus_t for each
authority's opinion, plus a local_routerstatus_t for the locally
computed consensus opinion. To save space, we put the locally
modified fields into local_routerstatus_t, and only the common
stuff into routerstatus_t. But once v3 directories are in use,
clients and caches will no longer need to hold authority opinions;
thus, the rationale for keeping the types separate is now gone.
- Make the code used to reschedule and reattempt downloads more
uniform.
- Turn all 'Are we a directory server/mirror?' logic into a call to
dirserver_mode().
- Remove the code to generate the oldest (v1) directory format.
The code has been disabled since 0.2.0.5-alpha.
Attachment:
signature.asc
Description: Digital signature