[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Tor 0.1.0.1-rc is out
This is the first release candidate for the 0.1.0 series. (See
http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ#VersionNumbers for an
explanation of our new version scheme.) Please report any bugs, either
in the installers or in Tor operation, so we can get it perfect for an
actual release: http://bugs.noreply.org/tor
This release incorporates automatic reachability testing for servers (the
first step to getting rid of the 'verified servers' notion), uses pthreads
if available to reduce server memory footprint, uses libevent so we can
use better polling interfaces when available, handles slow/busy hidden
services better, supports https proxies for clients, and fleshes out our
controller interface. It also fixes a bunch of minor but annoying bugs.
o New features:
- Add reachability testing. Your Tor server will automatically try
to see if its ORPort and DirPort are reachable from the outside,
and it won't upload its descriptor until it decides they are.
- Handle unavailable hidden services better. Handle slow or busy
hidden services better.
- Add support for CONNECTing through https proxies, with "HttpsProxy"
- New exit policy: accept most low-numbered ports, rather than
rejecting most low-numbered ports.
- More Tor controller support (still experimental). See
http://tor.eff.org/doc/control-spec.txt for all the new features,
including signals to emulate unix signals from any platform;
redirectstream; extendcircuit; mapaddress; getinfo; postdescriptor;
closestream; closecircuit; etc.
- Make nt services work and start on startup on win32 (based on
patch by Matt Edman).
- Add a new AddressMap config directive to rewrite incoming socks
addresses. This lets you, for example, declare an implicit
required exit node for certain sites.
- Add a new TrackHostExits config directive to trigger addressmaps
for certain incoming socks addresses -- for sites that break when
your exit keeps changing (based on patch by Mike Perry).
- Redo the client-side dns cache so it's just an addressmap too.
- Notice when our IP changes, and reset stats/uptime/reachability.
- When an application is using socks5, give him the whole variety of
potential socks5 responses (connect refused, host unreachable, etc),
rather than just "success" or "failure".
- A more sane version numbering system. See
http://tor.eff.org/cvs/tor/doc/version-spec.txt for details.
- New contributed script "exitlist": a simple python script to
parse directories and find Tor nodes that exit to listed
- New contributed script "privoxy-tor-toggle" to toggle whether
Privoxy uses Tor. Seems to be configured for Debian by default.
- Report HTTP reasons to client when getting a response from directory
servers -- so you can actually know what went wrong.
- New config option MaxAdvertisedBandwidth which lets you advertise
a low bandwidthrate (to not attract as many circuits) while still
allowing a higher bandwidthrate in reality.
o Robustness/stability fixes:
- Make Tor use Niels Provos's libevent instead of its current
poll-but-sometimes-select mess. This will let us use faster async
cores (like epoll, kpoll, and /dev/poll), and hopefully work better
on Windows too.
- pthread support now too. This was forced because when we forked,
we ended up wasting a lot of duplicate ram over time. Also switch
to foo_r versions of some library calls to allow reentry and
- Better handling for heterogeneous / unreliable nodes:
- Annotate circuits w/ whether they aim to contain high uptime nodes
and/or high capacity nodes. When building circuits, choose
- This means that every single node in an intro rend circuit,
not just the last one, will have a minimum uptime.
- New config option LongLivedPorts to indicate application streams
that will want high uptime circuits.
- Servers reset uptime when a dir fetch entirely fails. This
hopefully reflects stability of the server's network connectivity.
- If somebody starts his tor server in Jan 2004 and then fixes his
clock, don't make his published uptime be a year.
- Reset published uptime when you wake up from hibernation.
- Introduce a notion of 'internal' circs, which are chosen without
regard to the exit policy of the last hop. Intro and rendezvous
circs must be internal circs, to avoid leaking information. Resolve
and connect streams can use internal circs if they want.
- New circuit pooling algorithm: make sure to have enough circs around
to satisfy any predicted ports, and also make sure to have 2 internal
circs around if we've required internal circs lately (and with high
uptime if we've seen that lately too).
- Split NewCircuitPeriod option into NewCircuitPeriod (30 secs),
which describes how often we retry making new circuits if current
ones are dirty, and MaxCircuitDirtiness (10 mins), which describes
how long we're willing to make use of an already-dirty circuit.
- Cannibalize GENERAL circs to be C_REND, C_INTRO, S_INTRO, and S_REND
circ as necessary, if there are any completed ones lying around
when we try to launch one.
- Make hidden services try to establish a rendezvous for 30 seconds,
rather than for n (where n=3) attempts to build a circuit.
- Change SHUTDOWN_WAIT_LENGTH from a fixed 30 secs to a config option
- Try to be more zealous about calling connection_edge_end when
things go bad with edge conns in connection.c.
- Revise tor-spec to add more/better stream end reasons.
- Revise all calls to connection_edge_end to avoid sending "misc",
and to take errno into account where possible.
o Bug fixes:
- Fix a race condition that can trigger an assert, when we have a
pending create cell and an OR connection fails right then.
- Fix several double-mark-for-close bugs, e.g. where we were finding
a conn for a cell even if that conn is already marked for close.
- Make sequence of log messages when starting on win32 with no config
file more reasonable.
- When choosing an exit node for a new non-internal circ, don't take
into account whether it'll be useful for any pending x.onion
addresses -- it won't.
- Turn addr_policy_compare from a tristate to a quadstate; this should
help address our "Ah, you allow 18.104.22.168:80. You are a good choice
for google.com" problem.
- Make "platform" string in descriptor more accurate for Win32 servers,
so it's not just "unknown platform".
- Fix an edge case in parsing config options (thanks weasel).
If they say "--" on the commandline, it's not an option.
- Reject odd-looking addresses at the client (e.g. addresses that
contain a colon), rather than having the server drop them because
- tor-resolve requests were ignoring .exit if there was a working circuit
they could use instead.
- REUSEADDR on normal platforms means you can rebind to the port
right after somebody else has let it go. But REUSEADDR on win32
means to let you bind to the port _even when somebody else
already has it bound_! So, don't do that on Win32.
- Change version parsing logic: a version is "obsolete" if it is not
recommended and (1) there is a newer recommended version in the
same series, or (2) there are no recommended versions in the same
series, but there are some recommended versions in a newer series.
A version is "new" if it is newer than any recommended version in
the same series.
- Stop most cases of hanging up on a socks connection without sending
the socks reject.
o Helpful fixes:
- Require BandwidthRate to be at least 20kB/s for servers.
- When a dirserver causes you to give a warn, mention which dirserver
- New config option DirAllowPrivateAddresses for authdirservers.
Now by default they refuse router descriptors that have non-IP or
- Stop publishing socksport in the directory, since it's not
actually meant to be public. For compatibility, publish a 0 there
- Change DirFetchPeriod/StatusFetchPeriod to have a special "Be
smart" value, that is low for servers and high for clients.
- If our clock jumps forward by 100 seconds or more, assume something
has gone wrong with our network and abandon all not-yet-used circs.
- Warn when exit policy implicitly allows local addresses.
- If we get an incredibly skewed timestamp from a dirserver mirror
that isn't a verified OR, don't warn -- it's probably him that's
- Since we ship our own Privoxy on OS X, tweak it so it doesn't write
cookies to disk and doesn't log each web request to disk. (Thanks
to Brett Carrington for pointing this out.)
- When a client asks us for a dir mirror and we don't have one,
launch an attempt to get a fresh one.
- If we're hibernating and we get a SIGINT, exit immediately.
- Add --with-dmalloc ./configure option, to track memory leaks.
- And try to free all memory on closing, so we can detect what
- Cache local dns resolves correctly even when they're .exit
- Give a better warning when some other server advertises an
ORPort that is actually an apache running ssl.
- Add "opt hibernating 1" to server descriptor to make it clearer
whether the server is hibernating.