a changelog and doc fixes for the strictnodes work

ChangeLog

@@ -1,5 +1,5 @@
 Changes in version 0.2.2.7-alpha - 2009-??-??
-  o Major features:
+  o Major features (performance):
     - When choosing which cells to relay first, we can now favor circuits
       that have been quiet recently, so as to get lower latency for
       low-volume circuits.  By default, relays enable or disable this
@@ -9,6 +9,27 @@ Changes in version 0.2.2.7-alpha - 2009-??-??
       "CircuitPriorityHalflife" config option.  Design and code by Ian
       Goldberg, Can Tang, and Chris Alexander.
 
+  o Major features (relay selection):
+    - Switch to a StrictNodes config option, rather than the previous
+      "StrictEntryNodes" / "StrictExitNodes" separation.
+    - If EntryNodes, ExitNodes, ExcludeNodes, or ExcludeExitNodes
+      change during a config reload, mark and discard all our origin
+      circuits. This fix should address edge cases where we change the
+      config options and but then choose a circuit that we created before
+      the change.
+    - If EntryNodes or ExitNodes are set, be more willing to use an
+      unsuitable (e.g. slow or unstable) circuit. The user asked for it,
+      they get it.
+    - Make EntryNodes config option much more aggressive even when
+      StrictNodes is not set. Before it would prepend your requested
+      entrynodes to your list of guard nodes, but feel free to use others
+      after that. Now it chooses only from your EntryNodes if any of
+      those are available, and only falls back to others if a) they're
+      all down and b) StrictNodes is not set.
+    - Now we refresh your entry guards from EntryNodes at each consensus
+      fetch -- rather than just at startup and then they slowly rot as
+      the network changes.
+
   o Minor features:
     - New config option "CircuitStreamTimeout" to override our internal
       timeout schedule for how many seconds until we detach a stream from

doc/tor.1.in

@@ -515,26 +515,25 @@ list.
 .TP
 \fBEntryNodes \fR\fInode\fR,\fInode\fR,\fI...\fP
 A list of identity fingerprints, nicknames, country codes and address patterns
-of nodes to use for the first hop in the circuit.
-These are treated only as preferences unless StrictEntryNodes (see
+of nodes to use for the first hop in normal circuits.
+These are treated only as preferences unless StrictNodes (see
 below) is also set.
 .LP
 .TP
 \fBExitNodes \fR\fInode\fR,\fInode\fR,\fI...\fP
 A list of identity fingerprints, nicknames, country codes and address patterns
-of nodes to use for the last hop in the circuit.
-These are treated only as preferences unless StrictExitNodes (see
+of nodes to use for the last hop in normal exit circuits.
+These are treated only as preferences unless StrictNodes (see
 below) is also set.
 .LP
 .TP
-\fBStrictEntryNodes \fR\fB0\fR|\fB1\fR\fP
-If 1, Tor will never use any nodes besides those listed in "EntryNodes" for
-the first hop of a circuit.
-.LP
-.TP
-\fBStrictExitNodes \fR\fB0\fR|\fB1\fR\fP
-If 1, Tor will never use any nodes besides those listed in "ExitNodes" for
-the last hop of a circuit.
+\fBStrictNodes \fR\fB0\fR|\fB1\fR\fP
+If 1 and EntryNodes config option is set, Tor will never use any
+nodes besides those listed in EntryNodes for the first hop of a normal
+circuit. If 1 and ExitNodes config option is set, Tor will never use any
+nodes besides those listed in ExitNodes for the last hop of a normal exit
+circuit. Note that Tor might still use these nodes for non-exit circuits
+such as one-hop directory fetches or hidden service support circuits.
 .LP
 .TP
 \fBFascistFirewall \fR\fB0\fR|\fB1\fR\fP

src/or/config.c

@@ -551,8 +551,8 @@ static config_var_description_t options_description[] = {
     "to the SOCKSPort." },
   /* SocksTimeout */
   { "StrictNodes", "If set, Tor will fail to operate when none of the "
-    "configured EntryNodes, ExitNodes, ExcludeNodes, or ExcludeExitNodes "
-    "can be used." },
+    "configured EntryNodes or ExitNodes can be used (or if the usable ones "
+    "are listed in ExcludeNodes or ExcludeExitNodes)." },
   /* TestSocks */
   { "TrackHostsExit", "Hosts and domains which should, if possible, be "
     "accessed from the same exit node each time we connect to them." },