[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r10436: polish 0.2.0.1-alpha changelog (tor/trunk)
Author: arma
Date: 2007-06-01 03:12:14 -0400 (Fri, 01 Jun 2007)
New Revision: 10436
Modified:
tor/trunk/ChangeLog
Log:
polish 0.2.0.1-alpha changelog
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-06-01 04:41:51 UTC (rev 10435)
+++ tor/trunk/ChangeLog 2007-06-01 07:12:14 UTC (rev 10436)
@@ -1,7 +1,33 @@
Changes in version 0.2.0.2-alpha - 2007-??-??
Changes in version 0.2.0.1-alpha - 2007-06-01
- o Major features:
+ o Major features, server usability:
+ - New config options RelayBandwidthRate and RelayBandwidthBurst:
+ a separate set of token buckets for relayed traffic. Right now
+ relayed traffic is defined as answers to directory requests, and
+ OR connections that don't have any local circuits on them.
+
+ o Major features, client usability:
+ - A client-side DNS proxy feature to replace the need for
+ dns-proxy-tor: Just set "DNSPort 9999", and Tor will now listen
+ for DNS requests on port 9999, use the Tor network to resolve them
+ anonymously, and send the reply back like a regular DNS server.
+ The code still only implements a subset of DNS.
+ - Make PreferTunneledDirConns and TunnelDirConns work even when
+ we have no cached directory info. This means Tor clients can now
+ do all of their connections protected by TLS.
+
+ o Major features, performance and efficiency:
+ - Directory authorities accept and serve "extra info" documents for
+ routers. These documents contain fields from router descriptors
+ that aren't usually needed, and that use a lot of excess
+ bandwidth. Once these fields are removed from router descriptors,
+ the bandwidth savings should be about 60%. [Partially implements
+ proposal 104.]
+ - Servers upload extra-info documents to any authority that accepts
+ them. Authorities (and caches that have been configured to download
+ extra-info documents) download them as needed. [Partially implements
+ proposal 104.]
- Change the way that Tor buffers data that it is waiting to write.
Instead of queueing data cells in an enormous ring buffer for each
client->OR or OR->OR connection, we now queue cells on a separate
@@ -12,23 +38,13 @@
efficiency, especially on platforms where malloc() is inefficient.
- Stop reading on edge connections when their corresponding circuit
buffers are full; start again as the circuits empty out.
- - New config options RelayBandwidthRate and RelayBandwidthBurst:
- a separate set of token buckets for relayed traffic. Right now
- relayed traffic is defined as answers to directory requests, and
- OR connections that don't have any local circuits on them.
- - Make PreferTunneledDirConns and TunnelDirConns work even when
- we have no cached directory info. This means Tor clients can now
- do all of their connections protected by TLS.
+
+ o Major features, other:
- Add an HSAuthorityRecordStats option that hidden service authorities
can use to track statistics of overall hidden service usage without
logging information that would be very useful to an attacker.
- - Start work implementing proposal 103: Add a standalone tool to
- generate key certificates.
- - A client-side DNS proxy feature to replace the need for dns-proxy-tor:
- Just set "DNSPort 9999", and Tor will now listen for DNS requests on
- port 9999, use the Tor network to resolve them anonymously, and send
- the reply back like a regular DNS server. The code is still only
- implements a subset of DNS.
+ - Start work implementing multi-level keys for directory authorities:
+ Add a standalone tool to generate key certificates. (Proposal 103.)
o Security fixes:
- Directory authorities now call routers stable if they have an
@@ -41,15 +57,14 @@
of active connection_t objects. This will let us avoid underusing
our allocated connection limit.
- We no longer use socket pairs to link an edge connection to an
- anonymous directory connection or a dirport test connection.
+ anonymous directory connection or a DirPort test connection.
Instead, we track the link internally and transfer the data
in-process. This saves two sockets per "linked" connection (at the
client and at the server), and avoids the nasty Windows socketpair()
workaround.
- Keep unused 4k and 16k buffers on free lists, rather than wasting 8k
- for every single inactive connection_t.
- - Free items from the 4k/16k-buffer free lists when they haven't been
- used for a while.
+ for every single inactive connection_t. Free items from the
+ 4k/16k-buffer free lists when they haven't been used for a while.
o Minor features (build):
- Make autoconf search for libevent, openssl, and zlib consistently.
@@ -72,22 +87,12 @@
buffer type.
o Minor features (directory system):
- - Directory authorities accept and serve "extra info" documents for
- routers. These documents contain fields from router descriptors
- that aren't usually needed, and that use a lot of excess
- bandwidth. Once these fields are removed from router descriptors,
- the bandwidth savings should be about 60%. [Partially implements
- proposal 104.]
+ - New config option V2AuthoritativeDirectory that all directory
+ authorities should set. This will let future authorities choose
+ not to serve V2 directory information.
- Directory authorities allow multiple router descriptors and/or extra
info documents to be uploaded in a single go. This will make
implementing proposal 104 simpler.
- - New config option V2AuthoritativeDirectory that all directory
- authorities should set. This will let future authorities choose
- not to serve V2 directory information.
- - Servers upload extra-info documents to any authority that accepts
- them. Authorities (and caches that have been configured to download
- extra-info documents) download them as needed. [Partially implements
- proposal 104.]
o Minor features (controller):
- Add a new config option __DisablePredictedCircuits designed for
@@ -100,11 +105,6 @@
whether the current version is recommended, and whether any versions
are good, and how many authorities agree. (Patch from shibz.)
- o Minor features (tor-resolve):
- - Add an "-F" option to force a resolve for a .onion address. Thanks
- to the AutomapHostsOnResolve option, this is no longer a completely
- silly thing to do.
-
o Minor features (hidden services):
- Allow multiple HiddenServeicePort directives with the same virtual
port; when they occur, the user is sent round-robin to one
@@ -119,16 +119,19 @@
allows DNSPort to work sensibly with hidden service users. By
default, .exit and .onion addresses are remapped; the list of
patterns can be reconfigured with AutomapHostsSuffixes.
+ - Add an "-F" option to tor-resolve to force a resolve for a .onion
+ address. Thanks to the AutomapHostsOnResolve option, this is no
+ longer a completely silly thing to do.
- If Tor is invoked from something that isn't a shell (e.g. Vidalia),
now we expand "-f ~/.tor/torrc" correctly. Suggested by Matt Edman.
- - Treat "2gb" when given in torrc for a bandwidth as meaning 2gb, minus 1
- byte: the actual maximum declared bandwidth.
+ - Treat "2gb" when given in torrc for a bandwidth as meaning 2gb,
+ minus 1 byte: the actual maximum declared bandwidth.
o Removed features:
- Removed support for the old binary "version 0" controller protocol.
This has been deprecated since 0.1.1, and warnings have been issued
- since 0.1.2. When we encounter a v0 control message, we now send back
- an error and close the connection.
+ since 0.1.2. When we encounter a v0 control message, we now send
+ back an error and close the connection.
- Remove the old "dns worker" server DNS code: it hasn't been default
since 0.1.2.2-alpha, and all the servers seem to be using the new
eventdns code.
@@ -151,23 +154,23 @@
unusable. (Bulletproofs against bug 222.)
o Minor bugfixes (other):
+ - In the exitlist script, only consider the most recently published
+ server descriptor for each server. Also, when the user requests
+ a list of servers that _reject_ connections to a given address,
+ explicitly exclude the IPs that also have servers that accept
+ connections to that address. (Resolves bug 405.)
- Stop allowing hibernating servers to be "stable" or "fast".
+ - On Windows, we were preventing other processes from reading
+ cached-routers while Tor was running. (Reported by janbar)
+ - Make the NodeFamilies config option work. (Reported by
+ lodger -- it has never actually worked, even though we added it
+ in Oct 2004.)
- Check return values from pthread_mutex functions.
- Don't save non-general-purpose router descriptors to the disk cache,
because we have no way of remembering what their purpose was when
we restart.
- Add even more asserts to hunt down bug 417.
- - On Windows, we were preventing other processes from reading
- cached-routers while Tor was running. (Reported by janbar)
- Build without verbose warnings even on (not-yet-released) gcc 4.2.
- - Make the NodeFamilies config option work. (Reported by
- lodger -- it has never actually worked, even though we added it
- in Oct 2004.)
- - In the exitlist script, only consider the most recently published
- server descriptor for each server. Also, when the user requests
- a list of servers that _reject_ connections to a given address,
- explicitly exclude the IPs that also have servers that accept
- connections to that address. (Resolves bug 405.)
o Minor bugfixes (controller):
- Make 'getinfo fingerprint' return a 551 error if we're not a
@@ -180,14 +183,14 @@
o Code simplifications and refactoring:
- Stop passing around circuit_t and crypt_path_t pointers that are
implicit in other procedure arguments.
- - Drop the old code to choke directory connections when the corresponding
- OR connections got full: thanks to the cell queue feature, OR conns
- don't get full any more.
+ - Drop the old code to choke directory connections when the
+ corresponding OR connections got full: thanks to the cell queue
+ feature, OR conns don't get full any more.
- Make dns_resolve() handle attaching connections to circuits
properly, so the caller doesn't have to.
- Rename wants_to_read and wants_to_write to read/write_blocked_on_bw.
- Keep the connection array as a dynamic smartlist_t, rather than as
- a fixed-sized array. This is important, as the number of connections
+ a fixed-sized array. This is important, as the number of connections
is becoming increasingly decoupled from the number of sockets.