This is the second development snapshot for the 0.1.2.x series. It
features better load balancing when picking paths, an automated workaround
on the server-side for ISPs that "hijack" your DNS answers, and a whole
lot of bugfixes.
We also got it building on Windows with MinGW, so hopefully Windows
releases will be more reliable from now on.
http://tor.eff.org/download.html
Changes in version 0.1.2.2-alpha - 2006-10-07
o Major features:
- Make our async eventdns library on-by-default for Tor servers,
and plan to deprecate the separate dnsworker threads.
- Add server-side support for "reverse" DNS lookups (using PTR
records so clients can determine the canonical hostname for a given
IPv4 address). Only supported by servers using eventdns; servers
now announce in their descriptors whether they support eventdns.
- Specify and implement client-side SOCKS5 interface for reverse DNS
lookups (see doc/socks-extensions.txt).
- Add a BEGIN_DIR relay cell type for an easier in-protocol way to
connect to directory servers through Tor. Previously, clients needed
to find Tor exits to make private connections to directory servers.
- Avoid choosing Exit nodes for entry or middle hops when the
total bandwidth available from non-Exit nodes is much higher than
the total bandwidth available from Exit nodes.
- Workaround for name servers (like Earthlink's) that hijack failing
DNS requests and replace the no-such-server answer with a "helpful"
redirect to an advertising-driven search portal. Also work around
DNS hijackers who "helpfully" decline to hijack known-invalid
RFC2606 addresses. Config option "ServerDNSDetectHijacking 0"
lets you turn it off.
- Send out a burst of long-range padding cells once we've established
that we're reachable. Spread them over 4 circuits, so hopefully
a few will be fast. This exercises our bandwidth and bootstraps
us into the directory more quickly.
o New/improved config options:
- Add new config option "ResolvConf" to let the server operator
choose an alternate resolve.conf file when using eventdns.
- Add an "EnforceDistinctSubnets" option to control our "exclude
servers on the same /16" behavior. It's still on by default; this
is mostly for people who want to operate private test networks with
all the machines on the same subnet.
- If one of our entry guards is on the ExcludeNodes list, or the
directory authorities don't think it's a good guard, treat it as
if it were unlisted: stop using it as a guard, and throw it off
the guards list if it stays that way for a long time.
- Allow directory authorities to be marked separately as authorities
for the v1 directory protocol, the v2 directory protocol, and
as hidden service directories, to make it easier to retire old
authorities. V1 authorities should set "HSAuthoritativeDir 1"
to continue being hidden service authorities too.
- Remove 8888 as a LongLivedPort, and add 6697 (IRCS).
o Minor features, controller:
- Fix CIRC controller events so that controllers can learn the
identity digests of non-Named servers used in circuit paths.
- Let controllers ask for more useful identifiers for servers. Instead
of learning identity digests for un-Named servers and nicknames
for Named servers, the new identifiers include digest, nickname,
and indication of Named status. Off by default; see control-spec.txt
for more information.
- Add a "getinfo address" controller command so it can display Tor's
best guess to the user.
- New controller event to alert the controller when our server
descriptor has changed.
- Give more meaningful errors on controller authentication failure.
o Minor features, other:
- When asked to resolve a hostname, don't use non-exit servers unless
requested to do so. This allows servers with broken DNS to be
useful to the network.
- Divide eventdns log messages into warn and info messages.
- Reserve the nickname "Unnamed" for routers that can't pick
a hostname: any router can call itself Unnamed; directory
authorities will never allocate Unnamed to any particular router;
clients won't believe that any router is the canonical Unnamed.
- Only include function names in log messages for info/debug messages.
For notice/warn/err, the content of the message should be clear on
its own, and printing the function name only confuses users.
- Avoid some false positives during reachability testing: don't try
to test via a server that's on the same /24 as us.
- If we fail to build a circuit to an intended enclave, and it's
not mandatory that we use that enclave, stop wanting it.
- When eventdns is enabled, allow multithreaded builds on NetBSD and
OpenBSD. (We had previously disabled threads on these platforms
because they didn't have working thread-safe resolver functions)
o Major bugfixes, anonymity/security:
- If a client asked for a server by name, and there's a named server
in our network-status but we don't have its descriptor yet, we
could return an unnamed server instead.
- Fix NetBSD bug that could allow someone to force uninitialized RAM
to be sent to a server's DNS resolver. This only affects NetBSD
and other platforms that do not bounds-check tolower().
- Reject (most) attempts to use Tor circuits with length one. (If
many people start using Tor as a one-hop proxy, exit nodes become
a more attractive target for compromise.)
- Just because your DirPort is open doesn't mean people should be
able to remotely teach you about hidden service descriptors. Now
only accept rendezvous posts if you've got HSAuthoritativeDir set.
o Major bugfixes, other:
- Don't crash on race condition in dns.c: tor_assert(!resolve->expire)
- When a client asks the server to resolve (not connect to)
an address, and it has a cached answer, give them the cached answer.
Previously, the server would give them no answer at all.
- Allow really slow clients to not hang up five minutes into their
directory downloads (suggested by Adam J. Richter).
- We were building exactly the wrong circuits when we anticipated
hidden service requirements, meaning Tor would have to build all
its circuits on demand.
- Avoid crashing when we mmap a router cache file of size 0.
- When testing reachability of our DirPort, don't launch new
tests when there's already one in progress -- unreachable
servers were stacking up dozens of testing streams.
o Minor bugfixes, correctness:
- If we're a directory mirror and we ask for "all" network status
documents, we would discard status documents from authorities
we don't recognize.
- Avoid a memory corruption bug when creating a hash table for
the first time.
- Avoid controller-triggered crash when misusing certain commands
from a v0 controller on platforms that do not handle
printf("%s",NULL) gracefully.
- Don't crash when a controller sends a third argument to an
"extendcircuit" request.
- Controller protocol fixes: fix encoding in "getinfo addr-mappings"
response; fix error code when "getinfo dir/status/" fails.
- Avoid crash when telling controller stream-status and a stream
is detached.
- Patch from Adam Langley to fix assert() in eventdns.c.
- Fix a debug log message in eventdns to say "X resolved to Y"
instead of "X resolved to X".
- Make eventdns give strings for DNS errors, not just error numbers.
- Track unreachable entry guards correctly: don't conflate
'unreachable by us right now' with 'listed as down by the directory
authorities'. With the old code, if a guard was unreachable by
us but listed as running, it would clog our guard list forever.
- Behave correctly in case we ever have a network with more than
2GB/s total advertised capacity.
- Make TrackExitHosts case-insensitive, and fix the behavior of
".suffix" TrackExitHosts items to avoid matching in the middle of
an address.
- Finally fix the openssl warnings from newer gccs that believe that
ignoring a return value is okay, but casting a return value and
then ignoring it is a sign of madness.
- Prevent the contrib/exitlist script from printing the same
result more than once.
- Patch from Steve Hildrey: Generate network status correctly on
non-versioning dirservers.
- Don't listen to the X-Your-Address-Is hint if you did the lookup
via Tor; otherwise you'll think you're the exit node's IP address.
o Minor bugfixes, performance:
- Two small performance improvements on parsing descriptors.
- Major performance improvement on inserting descriptors: change
algorithm from O(n^2) to O(n).
- Make the common memory allocation path faster on machines where
malloc(0) returns a pointer.
- Start remembering X-Your-Address-Is directory hints even if you're
a client, so you can become a server more smoothly.
- Avoid duplicate entries on MyFamily line in server descriptor.
o Packaging, features:
- Remove architecture from OS X builds. The official builds are
now universal binaries.
- The Debian package now uses --verify-config when (re)starting,
to distinguish configuration errors from other errors.
- Update RPMs to require libevent 1.1b.
o Packaging, bugfixes:
- Patches so Tor builds with MinGW on Windows.
- Patches so Tor might run on Cygwin again.
- Resume building on non-gcc compilers and ancient gcc. Resume
building with the -O0 compile flag. Resume building cleanly on
Debian woody.
- Run correctly on OS X platforms with case-sensitive filesystems.
- Correct includes for net/if.h and net/pfvar.h on OpenBSD (from Tup).
- Add autoconf checks so Tor can build on Solaris x86 again.
o Documentation
- Documented (and renamed) ServerDNSSearchDomains and
ServerDNSResolvConfFile options.
- Be clearer that the *ListenAddress directives can be repeated
multiple times.
Attachment:
signature.asc
Description: Digital signature