Tor 0.2.1.6-alpha further improves performance and robustness of hidden
services, starts work on supporting per-country relay selection, and
fixes a variety of smaller issues.
https://www.torproject.org/download.html.en
Changes in version 0.2.1.6-alpha - 2008-09-30
o Major features:
- Implement proposal 121: make it possible to build hidden services
that only certain clients are allowed to connect to. This is
enforced at several points, so that unauthorized clients are unable
to send INTRODUCE cells to the service, or even (depending on the
type of authentication) to learn introduction points. This feature
raises the bar for certain kinds of active attacks against hidden
services. Code by Karsten Loesing.
- Relays now store and serve v2 hidden service descriptors by default,
i.e., the new default value for HidServDirectoryV2 is 1. This is
the last step in proposal 114, which aims to make hidden service
lookups more reliable.
- Start work to allow node restrictions to include country codes. The
syntax to exclude nodes in a country with country code XX is
"ExcludeNodes {XX}". Patch from Robert Hogan. It still needs some
refinement to decide what config options should take priority if
you ask to both use a particular node and exclude it.
- Allow ExitNodes list to include IP ranges and country codes, just
like the Exclude*Nodes lists. Patch from Robert Hogan.
o Major bugfixes:
- Fix a bug when parsing ports in tor_addr_port_parse() that caused
Tor to fail to start if you had it configured to use a bridge
relay. Fixes bug 809. Bugfix on 0.2.1.5-alpha.
- When extending a circuit to a hidden service directory to upload a
rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all
requests failed, because the router descriptor had not been
downloaded yet. In these cases, we now wait until the router
descriptor is downloaded, and then retry. Likewise, clients
now skip over a hidden service directory if they don't yet have
its router descriptor, rather than futilely requesting it and
putting mysterious complaints in the logs. Fixes bug 767. Bugfix
on 0.2.0.10-alpha.
- When fetching v0 and v2 rendezvous service descriptors in parallel,
we were failing the whole hidden service request when the v0
descriptor fetch fails, even if the v2 fetch is still pending and
might succeed. Similarly, if the last v2 fetch fails, we were
failing the whole hidden service request even if a v0 fetch is
still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.
- DNS replies need to have names matching their requests, but
these names should be in the questions section, not necessarily
in the answers section. Fixes bug 823. Bugfix on 0.2.1.5-alpha.
o Minor features:
- Update to the "September 1 2008" ip-to-country file.
- Allow ports 465 and 587 in the default exit policy again. We had
rejected them in 0.1.0.15, because back in 2005 they were commonly
misconfigured and ended up as spam targets. We hear they are better
locked down these days.
- Use a lockfile to make sure that two Tor processes are not
simultaneously running with the same datadir.
- Serve the latest v3 networkstatus consensus via the control
port. Use "getinfo dir/status-vote/current/consensus" to fetch it.
- Better logging about stability/reliability calculations on directory
servers.
- Drop the requirement to have an open dir port for storing and
serving v2 hidden service descriptors.
- Directory authorities now serve a /tor/dbg-stability.txt URL to
help debug WFU and MTBF calculations.
- Implement most of Proposal 152: allow specialized servers to permit
single-hop circuits, and clients to use those servers to build
single-hop circuits when using a specialized controller. Patch
from Josh Albrecht. Resolves feature request 768.
- Add a -p option to tor-resolve for specifying the SOCKS port: some
people find host:port too confusing.
- Make TrackHostExit mappings expire a while after their last use, not
after their creation. Patch from Robert Hogan.
- Provide circuit purposes along with circuit events to the controller.
o Minor bugfixes:
- Fix compile on OpenBSD 4.4-current. Bugfix on 0.2.1.5-alpha.
Reported by Tas.
- Fixed some memory leaks -- some quite frequent, some almost
impossible to trigger -- based on results from Coverity.
- When testing for libevent functions, set the LDFLAGS variable
correctly. Found by Riastradh.
- Fix an assertion bug in parsing policy-related options; possible fix
for bug 811.
- Catch and report a few more bootstrapping failure cases when Tor
fails to establish a TCP connection. Cleanup on 0.2.1.x.
- Avoid a bug where the FastFirstHopPK 0 option would keep Tor from
bootstrapping with tunneled directory connections. Bugfix on
0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
- When asked to connect to A.B.exit:80, if we don't know the IP for A
and we know that server B rejects most-but-not all connections to
port 80, we would previously reject the connection. Now, we assume
the user knows what they were asking for. Fixes bug 752. Bugfix
on 0.0.9rc5. Diagnosed by BarkerJr.
- If we are not using BEGIN_DIR cells, don't attempt to contact hidden
service directories if they have no advertised dir port. Bugfix
on 0.2.0.10-alpha.
- If we overrun our per-second write limits a little, count this as
having used up our write allocation for the second, and choke
outgoing directory writes. Previously, we had only counted this when
we had met our limits precisely. Fixes bug 824. Patch from by rovv.
Bugfix on 0.2.0.x (??).
- Avoid a "0 divided by 0" calculation when calculating router uptime
at directory authorities. Bugfix on 0.2.0.8-alpha.
- Make DNS resolved controller events into "CLOSED", not
"FAILED". Bugfix on 0.1.2.5-alpha. Fix by Robert Hogan. Resolves
bug 807.
- Fix a bug where an unreachable relay would establish enough
reachability testing circuits to do a bandwidth test -- if
we already have a connection to the middle hop of the testing
circuit, then it could establish the last hop by using the existing
connection. Bugfix on 0.1.2.2-alpha, exposed when we made testing
circuits no longer use entry guards in 0.2.1.3-alpha.
- If we have correct permissions on $datadir, we complain to stdout
and fail to start. But dangerous permissions on
$datadir/cached-status/ would cause us to open a log and complain
there. Now complain to stdout and fail to start in both cases. Fixes
bug 820, reported by seeess.
- Remove the old v2 directory authority 'lefkada' from the default
list. It has been gone for many months.
o Code simplifications and refactoring:
- Revise the connection_new functions so that a more typesafe variant
exists. This will work better with Coverity, and let us find any
actual mistakes we're making here.
- Refactor unit testing logic so that dmalloc can be used sensibly
with unit tests to check for memory leaks.
- Move all hidden-service related fields from connection and circuit
structure to substructures: this way they won't eat so much memory.
Attachment:
signature.asc
Description: Digital signature