diff --git a/ChangeLog b/ChangeLog index fa0ecbf8ef..18593f94fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,8 +35,6 @@ Changes in version 0.1.2.5-alpha - 2007-01-03 options files. - Reject *:563 (NTTPS) in the default exit policy. We already reject NNTP by default, so this seems like a sensible addition. - - Authorities do not recommend exits as guards if this would shift - excess load to the exit nodes. - Avoid some inadvertent info leaks by making clients reject hostnames with invalid characters. Add an option "AllowNonRFC953Hostnames" to disable this behavior, in case somebody is running a private @@ -44,7 +42,7 @@ Changes in version 0.1.2.5-alpha - 2007-01-03 - Add a new address-spec.txt document to describe our special-case addresses: .exit, .onion, and .noconnnect. - Add a maintainer script to tell us which options are missing - documentation. + documentation: "make check-docs". - Remove some options that have been deprecated since at least 0.1.0.x: AccountingMaxKB, LogFile, DebugLogFile, LogLevel, and SysLog. Use AccountingMax instead of AccountingMaxKB; use Log to set log options. diff --git a/doc/TODO b/doc/TODO index 7aa67bd39e..affa262b7d 100644 --- a/doc/TODO +++ b/doc/TODO @@ -59,18 +59,13 @@ R - handle connect-dir streams that don't have a chosen_exit_name set. o Implement R - Hunt for places that change networkstatus info that I might have missed. -R . option to dl directory info via tor - o Make an option like __AllDirActionsPrivate that falls back to - non-Tor DL when not enough info present. (TunnelDirConns). - - Set default to 0 before release candidate. - o Think harder about whether TunnelDirConns should be on - by default. No, they shouldn't, until we have much more of - blocking.pdf implemented. - o Handle case where we have no descriptors and so don't know who can - handle BEGIN_DIR. - - actually cause the directory.c functions to know about or_port - and use it when we're supposed to. - - man page items for TunnelDirConns and PreferTunneledDirConns + + . option to dl directory info via tor: + TunnelDirConns and PreferTunneledDirConns +R - actually cause the directory.c functions to know about or_port + and use it when we're supposed to. +N - for tunneled edge conns, stop reading to the bridge connection + when the or_conn we're writing to has a full outbuf. N - DNS improvements . Asynchronous DNS diff --git a/doc/tor.1.in b/doc/tor.1.in index 65cb8cade4..7efeaac77d 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -242,9 +242,14 @@ a limited number of writes. (Default: 0) .LP .TP \fBTunnelDirConns \fR\fB0|\fR\fB1\fP -If non-zero, try to have all directory info downloaded with encrypted -connections. (Default: 1) - +If non-zero, when a directory server we contact supports it, we will +build a one-hop circuit and make an encrypted connection via its +ORPort. (Default: 0) +.LP +.TP +\fBPreferTunneledDirConns \fR\fB0|\fR\fB1\fP +If non-zero, we will avoid directory servers that don't support tunneled +directory connections, when possible. (Default: 0) .SH CLIENT OPTIONS .PP diff --git a/src/or/config.c b/src/or/config.c index 2b1cfe11f9..70ad8ba60e 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -347,6 +347,8 @@ static config_var_description_t options_description[] = { "provided IP address (only useful for multiple network interfaces)." }, { "PIDFile", "On startup, write our PID to this file. On clean shutdown, " "remove the file." }, + { "PreferTunneledDirConns", "If non-zero, avoid directory servers that " + "don't support tunneled conncetions." }, /* PreferTunneledDirConns */ /* ProtocolWarnings */ /* RephistTrackTime */ @@ -354,8 +356,9 @@ static config_var_description_t options_description[] = { "started. Unix only." }, { "SafeLogging", "If set to 0, Tor logs potentially sensitive strings " "rather than replacing them with the string [scrubbed]." }, - { "TunnelDirConns", "If non-zero, try to have all directory info downloaded " - "via encrypted connections." }, + { "TunnelDirConns", "If non-zero, when a directory server we contact " + "supports it, we will build a one-hop circuit and make an encrypted " + "connection via its ORPort." }, { "User", "On startup, setuid to this user" }, /* ==== client options */ diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 7b41b198a6..c4b2a6e575 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -322,7 +322,7 @@ connection_edge_finished_connecting(edge_connection_t *edge_conn) /** Define a schedule for how long to wait between retrying * application connections. Rather than waiting a fixed amount of * time between each retry, we wait 10 seconds each for the first - * two tries, and 15 seconds for each retry after + * two tries, and 15 seconds for each retry after * that. Hopefully this will improve the expected user experience. */ static int compute_socks_timeout(edge_connection_t *conn) diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 6e32806f5e..66c73a0047 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1364,6 +1364,10 @@ dirserv_compute_performance_thresholds(routerlist_t *rl) * counting exit bandwidth. */ /* Also, we might want to document the one-third behavior in * dir-spec.txt. */ +/* ChangeLog line when we reenable it: + - Authorities do not recommend exits as guards if this would shift + excess load to the exit nodes. +*/ smartlist_add(bandwidths, bw); } });