diff --git a/ChangeLog b/ChangeLog index d77f453ab8..8840082cdf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,8 +29,15 @@ Changes in version 0.1.2.7-alpha - 2007-??-?? pointer loops. - Fix a memory leak when sending a 503 response for a networkstatus request. - - If we're not marking exits as guards, ignore exit bandwidth - when we're deciding the required bandwidth to become a guard. + - If exits are rare enough that we're not marking exits as guards, + ignore exit bandwidth when we're deciding the required bandwidth + to become a guard. + - When we're handling a directory connection tunneled over Tor, + don't fill up internal memory buffers with all the data we want + to tunnel; instead, only add it if the OR connection that will + eventually receive it has some room for it. (This can lead to + slowdowns in tunneled dir connections; a better solution will have + to wait for 0.2.0.) o Minor bugfixes: - When computing clock skew from directory HTTP headers, consider what @@ -58,12 +65,6 @@ Changes in version 0.1.2.7-alpha - 2007-??-?? us from downloading a bunch of descriptors we don't need. - Do not log IPs with TLS failures for incoming TLS connections. (Fixes bug 382.) - - When we're handling a directory connection tunneled over Tor, - don't fill up internal memory buffers with all the data we want - to tunnel; instead, only add it if the OR connection that will - eventually receive it has some room for it. (This can lead to - slowdowns in tunneled dir connections; a better solution will have - to wait for 0.2.0.) - If the user asks to use invalid exit nodes, be willing to use the unstable ones. - Handle TTL values correctly on reverse DNS lookups. @@ -76,12 +77,13 @@ Changes in version 0.1.2.7-alpha - 2007-??-?? o Major features: - Weight directory requests by advertised bandwidth. Now we can let servers enable write limiting but still allow most clients to - succeed at their directory requests. + succeed at their directory requests. (We still ignore weights when + choosing a directory authority; I hope this is a feature.) o Minor features: - Create a new file ReleaseNotes which was the old ChangeLog. The - new ChangeLog file now includes the summaries for even development - versions. + new ChangeLog file now includes the summaries for all development + versions too. - Check for addresses with invalid characters at the exit as well as at the client, and warn less verbosely when they fail. You can override this by setting ServerDNSAllowNonRFC953Addresses to 1. diff --git a/doc/spec/path-spec.txt b/doc/spec/path-spec.txt index ffa37d9686..ec5afa361b 100644 --- a/doc/spec/path-spec.txt +++ b/doc/spec/path-spec.txt @@ -270,7 +270,8 @@ of their choices. We use Guard nodes (also called "helper nodes" in the literature) to prevent certain profiling attacks. Here's the risk: if we choose entry and - exit nodes at random, and an attacker controls C out of N servers, then the + exit nodes at random, and an attacker controls C out of N servers + (ignoring advertised bandwidth), then the attacker will control the entry and exit node of any given circuit with probability (C/N)^2. But as we make many different circuits over time, then the probability that the attacker will see a sample of about (C/N)^2 @@ -298,13 +299,14 @@ of their choices. A guard is unusable for a particular circuit if any of the rules for path selection in 2.2 are not met. In particular, if the circuit is "fast" and the guard is not Fast, or if the circuit is "stable" and the guard is - not Stable, Tor can't use the guard for that circuit. + not Stable, or if the guard has already been chosen as the exit node in + that circuit, Tor can't use it as a guard node for that circuit. If the guard is excluded because of its status in the networkstatuses for over 30 days, Tor removes it from the list entirely, preserving order. If Tor fails to connect to an otherwise usable guard, it retries - periodically: every hour for six hours, every for hours for 3 days, every + periodically: every hour for six hours, every 4 hours for 3 days, every 18 hours for a week, and every 36 hours thereafter. Additionally, Tor retries unreachable guards the first time it adds a new guard to the list, since it is possible that the old guards were only marked as unreachable diff --git a/doc/tor.1.in b/doc/tor.1.in index e8b4678ece..b6517ece01 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -58,14 +58,15 @@ Options are case-insensitive. .LP .TP \fBBandwidthRate \fR\fIN\fR \fBbytes\fR|\fBKB\fR|\fBMB\fR|\fBGB\fR|\fBTB\fP -A token bucket limits the average bandwidth usage on this node to the -specified number of bytes per second. (Default: 3 MB) +A token bucket limits the average incoming bandwidth usage on this node +to the specified number of bytes per second, and the average outgoing +bandwidth usage to that same value. (Default: 3 MB) .LP .TP \fBBandwidthBurst \fR\fIN\fR \fBbytes\fR|\fBKB\fR|\fBMB\fR|\fBGB\fR|\fBTB\fP Limit the maximum token bucket size (also known as the burst) to the -given number of bytes. This value should be at least twice your -BandwidthRate. (Default: 6 MB) +given number of bytes in each direction. This value should be at least +twice your BandwidthRate. (Default: 6 MB) .LP .TP \fBMaxAdvertisedBandwidth \fR\fIN\fR \fBbytes\fR|\fBKB\fR|\fBMB\fR|\fBGB\fR|\fBTB\fP diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 5ae6ceeeb5..f1571d5d30 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1735,7 +1735,7 @@ extend_info_from_routerstatus(routerstatus_t *s) info = tor_malloc_zero(sizeof(extend_info_t)); strlcpy(info->nickname, s->nickname, sizeof(info->nickname)); memcpy(info->identity_digest, s->identity_digest, DIGEST_LEN); - info->onion_key = NULL; /* routerstatus doesn't include this! */ + info->onion_key = NULL; /* routerstatus doesn't know this */ info->addr = s->addr; info->port = s->or_port; return info; diff --git a/src/or/connection_or.c b/src/or/connection_or.c index b234e906a7..d171914860 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -779,9 +779,14 @@ connection_or_send_destroy(uint16_t circ_id, or_connection_t *conn, int reason) return 0; } -/** DOCDOC */ +/** A high waterlevel for whether to refill this OR connection + * with more directory information, if any is pending. */ #define BUF_FULLNESS_THRESHOLD (128*1024) -/** DOCDOC */ +/** A bottom waterlevel for whether to refill this OR connection + * with more directory information, if any is pending. We don't want + * to make this too low, since we already run the risk of starving + * the pending dir connections if the OR conn is frequently busy with + * other things. */ #define BUF_EMPTINESS_THRESHOLD (96*1024) /** Return true iff there is so much data waiting to be flushed on conn