[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor is out

Tor further improves performance and robustness of hidden
services, starts work on supporting per-country relay selection, and
fixes a variety of smaller issues.


Changes in version - 2008-09-30
  o Major features:
    - Implement proposal 121: make it possible to build hidden services
      that only certain clients are allowed to connect to. This is
      enforced at several points, so that unauthorized clients are unable
      to send INTRODUCE cells to the service, or even (depending on the
      type of authentication) to learn introduction points. This feature
      raises the bar for certain kinds of active attacks against hidden
      services. Code by Karsten Loesing.
    - Relays now store and serve v2 hidden service descriptors by default,
      i.e., the new default value for HidServDirectoryV2 is 1. This is
      the last step in proposal 114, which aims to make hidden service
      lookups more reliable.
    - Start work to allow node restrictions to include country codes. The
      syntax to exclude nodes in a country with country code XX is
      "ExcludeNodes {XX}". Patch from Robert Hogan. It still needs some
      refinement to decide what config options should take priority if
      you ask to both use a particular node and exclude it.
    - Allow ExitNodes list to include IP ranges and country codes, just
      like the Exclude*Nodes lists. Patch from Robert Hogan.

  o Major bugfixes:
    - Fix a bug when parsing ports in tor_addr_port_parse() that caused
      Tor to fail to start if you had it configured to use a bridge
      relay. Fixes bug 809. Bugfix on
    - When extending a circuit to a hidden service directory to upload a
      rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all
      requests failed, because the router descriptor had not been
      downloaded yet. In these cases, we now wait until the router
      descriptor is downloaded, and then retry. Likewise, clients
      now skip over a hidden service directory if they don't yet have
      its router descriptor, rather than futilely requesting it and
      putting mysterious complaints in the logs. Fixes bug 767. Bugfix
    - When fetching v0 and v2 rendezvous service descriptors in parallel,
      we were failing the whole hidden service request when the v0
      descriptor fetch fails, even if the v2 fetch is still pending and
      might succeed. Similarly, if the last v2 fetch fails, we were
      failing the whole hidden service request even if a v0 fetch is
      still pending. Fixes bug 814. Bugfix on
    - DNS replies need to have names matching their requests, but
      these names should be in the questions section, not necessarily
      in the answers section. Fixes bug 823. Bugfix on

  o Minor features:
    - Update to the "September 1 2008" ip-to-country file.
    - Allow ports 465 and 587 in the default exit policy again. We had
      rejected them in, because back in 2005 they were commonly
      misconfigured and ended up as spam targets. We hear they are better
      locked down these days.
    - Use a lockfile to make sure that two Tor processes are not
      simultaneously running with the same datadir.
    - Serve the latest v3 networkstatus consensus via the control
      port. Use "getinfo dir/status-vote/current/consensus" to fetch it.
    - Better logging about stability/reliability calculations on directory
    - Drop the requirement to have an open dir port for storing and
      serving v2 hidden service descriptors.
    - Directory authorities now serve a /tor/dbg-stability.txt URL to
      help debug WFU and MTBF calculations.
    - Implement most of Proposal 152: allow specialized servers to permit
      single-hop circuits, and clients to use those servers to build
      single-hop circuits when using a specialized controller. Patch
      from Josh Albrecht. Resolves feature request 768.
    - Add a -p option to tor-resolve for specifying the SOCKS port: some
      people find host:port too confusing.
    - Make TrackHostExit mappings expire a while after their last use, not
      after their creation.  Patch from Robert Hogan.
    - Provide circuit purposes along with circuit events to the controller.

  o Minor bugfixes:
    - Fix compile on OpenBSD 4.4-current. Bugfix on
      Reported by Tas.
    - Fixed some memory leaks -- some quite frequent, some almost
      impossible to trigger -- based on results from Coverity.
    - When testing for libevent functions, set the LDFLAGS variable
      correctly. Found by Riastradh.
    - Fix an assertion bug in parsing policy-related options; possible fix
      for bug 811.
    - Catch and report a few more bootstrapping failure cases when Tor
      fails to establish a TCP connection. Cleanup on 0.2.1.x.
    - Avoid a bug where the FastFirstHopPK 0 option would keep Tor from
      bootstrapping with tunneled directory connections. Bugfix on Fixes bug 797. Found by Erwin Lam.
    - When asked to connect to A.B.exit:80, if we don't know the IP for A
      and we know that server B rejects most-but-not all connections to
      port 80, we would previously reject the connection. Now, we assume
      the user knows what they were asking for. Fixes bug 752. Bugfix
      on 0.0.9rc5. Diagnosed by BarkerJr.
    - If we are not using BEGIN_DIR cells, don't attempt to contact hidden
      service directories if they have no advertised dir port. Bugfix
    - If we overrun our per-second write limits a little, count this as
      having used up our write allocation for the second, and choke
      outgoing directory writes. Previously, we had only counted this when
      we had met our limits precisely. Fixes bug 824. Patch from by rovv.
      Bugfix on 0.2.0.x (??).
    - Avoid a "0 divided by 0" calculation when calculating router uptime
      at directory authorities. Bugfix on
    - Make DNS resolved controller events into "CLOSED", not
      "FAILED". Bugfix on Fix by Robert Hogan. Resolves
      bug 807.
    - Fix a bug where an unreachable relay would establish enough
      reachability testing circuits to do a bandwidth test -- if
      we already have a connection to the middle hop of the testing
      circuit, then it could establish the last hop by using the existing
      connection. Bugfix on, exposed when we made testing
      circuits no longer use entry guards in
    - If we have correct permissions on $datadir, we complain to stdout
      and fail to start. But dangerous permissions on
      $datadir/cached-status/ would cause us to open a log and complain
      there. Now complain to stdout and fail to start in both cases. Fixes
      bug 820, reported by seeess.
    - Remove the old v2 directory authority 'lefkada' from the default
      list. It has been gone for many months.

  o Code simplifications and refactoring:
    - Revise the connection_new functions so that a more typesafe variant
      exists. This will work better with Coverity, and let us find any
      actual mistakes we're making here.
    - Refactor unit testing logic so that dmalloc can be used sensibly
      with unit tests to check for memory leaks.
    - Move all hidden-service related fields from connection and circuit
      structure to substructures: this way they won't eat so much memory.

Attachment: signature.asc
Description: Digital signature