mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
finish poking and prodding. i'm all happy now.
svn:r8633
This commit is contained in:
parent
a339449a41
commit
9fb98b269c
69
ChangeLog
69
ChangeLog
@ -1,14 +1,13 @@
|
|||||||
Changes in version 0.1.2.2-alpha - 2006-10-??
|
Changes in version 0.1.2.2-alpha - 2006-10-07
|
||||||
o Major features:
|
o Major features:
|
||||||
- Make our async eventdns library on-by-default for Tor servers,
|
- Make our async eventdns library on-by-default for Tor servers,
|
||||||
and plan to deprecate using separate dnsworker threads. Let us
|
and plan to deprecate the separate dnsworker threads.
|
||||||
know if you encounter bugs.
|
|
||||||
- Add server-side support for "reverse" DNS lookups (using PTR
|
- Add server-side support for "reverse" DNS lookups (using PTR
|
||||||
records so clients can determine the canonical hostname for a given
|
records so clients can determine the canonical hostname for a given
|
||||||
IPv4 address). Only supported by servers using eventdns; servers
|
IPv4 address). Only supported by servers using eventdns; servers
|
||||||
now announce in their descriptors whether they support eventdns.
|
now announce in their descriptors whether they support eventdns.
|
||||||
- Specify and implement client-side SOCKS5 interface for reverse DNS
|
- Specify and implement client-side SOCKS5 interface for reverse DNS
|
||||||
lookups; see doc/socks-extensions.txt for full information.
|
lookups (see doc/socks-extensions.txt).
|
||||||
- Add a BEGIN_DIR relay cell type for an easier in-protocol way to
|
- Add a BEGIN_DIR relay cell type for an easier in-protocol way to
|
||||||
connect to directory servers through Tor. Previously, clients needed
|
connect to directory servers through Tor. Previously, clients needed
|
||||||
to find Tor exits to make private connections to directory servers.
|
to find Tor exits to make private connections to directory servers.
|
||||||
@ -17,18 +16,18 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
|
|||||||
the total bandwidth available from Exit nodes.
|
the total bandwidth available from Exit nodes.
|
||||||
- Workaround for name servers (like Earthlink's) that hijack failing
|
- Workaround for name servers (like Earthlink's) that hijack failing
|
||||||
DNS requests and replace the no-such-server answer with a "helpful"
|
DNS requests and replace the no-such-server answer with a "helpful"
|
||||||
redirect to an advertising-driven search portal. We're a little
|
redirect to an advertising-driven search portal. Also work around
|
||||||
clever about this, in order to work around DNS hijackers who
|
DNS hijackers who "helpfully" decline to hijack known-invalid
|
||||||
"helpfully" decline to hijack known-invalid RFC2606 addresses.
|
RFC2606 addresses. Config option "ServerDNSDetectHijacking 0"
|
||||||
Config option "ServerDNSDetectHijacking 0" lets you turn it off.
|
lets you turn it off.
|
||||||
- Send out a burst of long-range padding cells once we've established
|
- Send out a burst of long-range padding cells once we've established
|
||||||
that we're reachable. Spread them over 4 circuits, so hopefully
|
that we're reachable. Spread them over 4 circuits, so hopefully
|
||||||
a few will be fast. This exercises our bandwidth and bootstraps
|
a few will be fast. This exercises our bandwidth and bootstraps
|
||||||
us into the directory quicker.
|
us into the directory more quickly.
|
||||||
|
|
||||||
o New/improved config options:
|
o New/improved config options:
|
||||||
- Add new config option "ResolvConf" to let the server operator
|
- Add new config option "ResolvConf" to let the server operator
|
||||||
choose an alternate resolve.conf file.
|
choose an alternate resolve.conf file when using eventdns.
|
||||||
- Add an "EnforceDistinctSubnets" option to control our "exclude
|
- Add an "EnforceDistinctSubnets" option to control our "exclude
|
||||||
servers on the same /16" behavior. It's still on by default; this
|
servers on the same /16" behavior. It's still on by default; this
|
||||||
is mostly for people who want to operate private test networks with
|
is mostly for people who want to operate private test networks with
|
||||||
@ -47,14 +46,16 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
|
|||||||
o Minor features, controller:
|
o Minor features, controller:
|
||||||
- Fix CIRC controller events so that controllers can learn the
|
- Fix CIRC controller events so that controllers can learn the
|
||||||
identity digests of non-Named servers used in circuit paths.
|
identity digests of non-Named servers used in circuit paths.
|
||||||
- Give more meaningful errors on control authentication failure.
|
- Let controllers ask for more useful identifiers for servers. Instead
|
||||||
- Add an (off by default) feature so that controllers can get
|
of learning identity digests for un-Named servers and nicknames
|
||||||
more useful identifiers for servers. Instead of learning identity
|
for Named servers, the new identifiers include digest, nickname,
|
||||||
digests for un-Named servers and nicknames for Named servers,
|
and indication of Named status. Off by default; see control-spec.txt
|
||||||
the new identifiers include digest, nickname, and indication of
|
for more information.
|
||||||
Named status. See control-spec.txt for more information.
|
|
||||||
- Add a "getinfo address" controller command so it can display Tor's
|
- Add a "getinfo address" controller command so it can display Tor's
|
||||||
best guess to the user.
|
best guess to the user.
|
||||||
|
- New controller event to alert the controller when our server
|
||||||
|
descriptor has changed.
|
||||||
|
- Give more meaningful errors on controller authentication failure.
|
||||||
|
|
||||||
o Minor features, other:
|
o Minor features, other:
|
||||||
- When asked to resolve a hostname, don't use non-exit servers unless
|
- When asked to resolve a hostname, don't use non-exit servers unless
|
||||||
@ -62,23 +63,24 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
|
|||||||
useful to the network.
|
useful to the network.
|
||||||
- Divide eventdns log messages into warn and info messages.
|
- Divide eventdns log messages into warn and info messages.
|
||||||
- Reserve the nickname "Unnamed" for routers that can't pick
|
- Reserve the nickname "Unnamed" for routers that can't pick
|
||||||
a hostname; any router can call itself Unnamed; directory
|
a hostname: any router can call itself Unnamed; directory
|
||||||
authorities will never allocate Unnamed to any particular router;
|
authorities will never allocate Unnamed to any particular router;
|
||||||
clients won't believe that any router is the canonical Unnamed.
|
clients won't believe that any router is the canonical Unnamed.
|
||||||
- Only include function names in log messages for info/debug messages.
|
- Only include function names in log messages for info/debug messages.
|
||||||
For notice/warn/err, the content of the message should be clear on
|
For notice/warn/err, the content of the message should be clear on
|
||||||
its own, and printing the function name only seems to confuse users.
|
its own, and printing the function name only confuses users.
|
||||||
- Avoid some false positives during reachability testing: don't try
|
- Avoid some false positives during reachability testing: don't try
|
||||||
to test via a server that's on the same /24 as us.
|
to test via a server that's on the same /24 as us.
|
||||||
- New controller event to alert the controller when our server
|
|
||||||
descriptor has changed.
|
|
||||||
- If we fail to build a circuit to an intended enclave, and it's
|
- If we fail to build a circuit to an intended enclave, and it's
|
||||||
not mandatory that we use that enclave, stop wanting it.
|
not mandatory that we use that enclave, stop wanting it.
|
||||||
|
- When eventdns is enabled, allow multithreaded builds on NetBSD and
|
||||||
|
OpenBSD. (We had previously disabled threads on these platforms
|
||||||
|
because they didn't have working thread-safe resolver functions)
|
||||||
|
|
||||||
o Major bugfixes, anonymity/security:
|
o Major bugfixes, anonymity/security:
|
||||||
- If a client asked for a server by name, and there's a named server
|
- If a client asked for a server by name, and there's a named server
|
||||||
in our network-status but we don't have its descriptor yet, we
|
in our network-status but we don't have its descriptor yet, we
|
||||||
could return an unnamed one instead.
|
could return an unnamed server instead.
|
||||||
- Fix NetBSD bug that could allow someone to force uninitialized RAM
|
- Fix NetBSD bug that could allow someone to force uninitialized RAM
|
||||||
to be sent to a server's DNS resolver. This only affects NetBSD
|
to be sent to a server's DNS resolver. This only affects NetBSD
|
||||||
and other platforms that do not bounds-check tolower().
|
and other platforms that do not bounds-check tolower().
|
||||||
@ -88,13 +90,9 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
|
|||||||
- Just because your DirPort is open doesn't mean people should be
|
- Just because your DirPort is open doesn't mean people should be
|
||||||
able to remotely teach you about hidden service descriptors. Now
|
able to remotely teach you about hidden service descriptors. Now
|
||||||
only accept rendezvous posts if you've got HSAuthoritativeDir set.
|
only accept rendezvous posts if you've got HSAuthoritativeDir set.
|
||||||
- When eventdns is enabled, allow multithreaded builds on NetBSD and
|
|
||||||
OpenBSD. (We had previously disabled threads on these platforms
|
|
||||||
because they didn't have working thread-safe resolver functions)
|
|
||||||
|
|
||||||
o Major bugfixes, other:
|
o Major bugfixes, other:
|
||||||
- Avoiding crashing on race condition in dns.c:
|
- Don't crash on race condition in dns.c: tor_assert(!resolve->expire)
|
||||||
tor_assert(!resolve->expire)
|
|
||||||
- When a client asks the server to resolve (not connect to)
|
- When a client asks the server to resolve (not connect to)
|
||||||
an address, and it has a cached answer, give them the cached answer.
|
an address, and it has a cached answer, give them the cached answer.
|
||||||
Previously, the server would give them no answer at all.
|
Previously, the server would give them no answer at all.
|
||||||
@ -117,13 +115,13 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
|
|||||||
- Avoid controller-triggered crash when misusing certain commands
|
- Avoid controller-triggered crash when misusing certain commands
|
||||||
from a v0 controller on platforms that do not handle
|
from a v0 controller on platforms that do not handle
|
||||||
printf("%s",NULL) gracefully.
|
printf("%s",NULL) gracefully.
|
||||||
- Don't crash when the controller receives a third argument to an
|
- Don't crash when a controller sends a third argument to an
|
||||||
"extendcircuit" request.
|
"extendcircuit" request.
|
||||||
- Controller protocol fixes: fix encoding in "getinfo addr-mappings"
|
- Controller protocol fixes: fix encoding in "getinfo addr-mappings"
|
||||||
response; fix error code when "getinfo dir/status/" fails.
|
response; fix error code when "getinfo dir/status/" fails.
|
||||||
- Avoid crash when telling controller stream-status and a stream
|
- Avoid crash when telling controller stream-status and a stream
|
||||||
is detached.
|
is detached.
|
||||||
- Apply patch from Adam Langley: fix assert() in eventdns.c.
|
- Patch from Adam Langley to fix assert() in eventdns.c.
|
||||||
- Fix a debug log message in eventdns to say "X resolved to Y"
|
- Fix a debug log message in eventdns to say "X resolved to Y"
|
||||||
instead of "X resolved to X".
|
instead of "X resolved to X".
|
||||||
- Make eventdns give strings for DNS errors, not just error numbers.
|
- Make eventdns give strings for DNS errors, not just error numbers.
|
||||||
@ -132,7 +130,7 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
|
|||||||
authorities'. With the old code, if a guard was unreachable by
|
authorities'. With the old code, if a guard was unreachable by
|
||||||
us but listed as running, it would clog our guard list forever.
|
us but listed as running, it would clog our guard list forever.
|
||||||
- Behave correctly in case we ever have a network with more than
|
- Behave correctly in case we ever have a network with more than
|
||||||
2GB per second total advertised capacity.
|
2GB/s total advertised capacity.
|
||||||
- Make TrackExitHosts case-insensitive, and fix the behavior of
|
- Make TrackExitHosts case-insensitive, and fix the behavior of
|
||||||
".suffix" TrackExitHosts items to avoid matching in the middle of
|
".suffix" TrackExitHosts items to avoid matching in the middle of
|
||||||
an address.
|
an address.
|
||||||
@ -143,6 +141,8 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
|
|||||||
result more than once.
|
result more than once.
|
||||||
- Patch from Steve Hildrey: Generate network status correctly on
|
- Patch from Steve Hildrey: Generate network status correctly on
|
||||||
non-versioning dirservers.
|
non-versioning dirservers.
|
||||||
|
- Don't listen to the X-Your-Address-Is hint if you did the lookup
|
||||||
|
via Tor; otherwise you'll think you're the exit node's IP address.
|
||||||
|
|
||||||
o Minor bugfixes, performance:
|
o Minor bugfixes, performance:
|
||||||
- Two small performance improvements on parsing descriptors.
|
- Two small performance improvements on parsing descriptors.
|
||||||
@ -163,10 +163,11 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
|
|||||||
|
|
||||||
o Packaging, bugfixes:
|
o Packaging, bugfixes:
|
||||||
- Patches so Tor builds with MinGW on Windows.
|
- Patches so Tor builds with MinGW on Windows.
|
||||||
- Patches so Tor might build and run on Cygwin again.
|
- Patches so Tor might run on Cygwin again.
|
||||||
- Resume building on non-gcc compilers and ancient gcc. Resume
|
- Resume building on non-gcc compilers and ancient gcc. Resume
|
||||||
building with the -O0 compile flag. Resume building cleanly on
|
building with the -O0 compile flag. Resume building cleanly on
|
||||||
Debian woody.
|
Debian woody.
|
||||||
|
- Run correctly on OS X platforms with case-sensitive filesystems.
|
||||||
- Correct includes for net/if.h and net/pfvar.h on OpenBSD (from Tup).
|
- Correct includes for net/if.h and net/pfvar.h on OpenBSD (from Tup).
|
||||||
- Add autoconf checks so Tor can build on Solaris x86 again.
|
- Add autoconf checks so Tor can build on Solaris x86 again.
|
||||||
|
|
||||||
@ -176,14 +177,6 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
|
|||||||
- Be clearer that the *ListenAddress directives can be repeated
|
- Be clearer that the *ListenAddress directives can be repeated
|
||||||
multiple times.
|
multiple times.
|
||||||
|
|
||||||
(stopped at r8571)
|
|
||||||
- Build correctly for use on OS X platforms with case-sensitive
|
|
||||||
filesystems.
|
|
||||||
- Bugfix: when we tunnel our dir fetches via tor, don't believe
|
|
||||||
the X-Forwarded-For header.
|
|
||||||
- stop trying to hammer router_rebuild_descriptor() when we don't
|
|
||||||
have a public address we like yet.
|
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.1.2.1-alpha - 2006-08-27
|
Changes in version 0.1.2.1-alpha - 2006-08-27
|
||||||
o Major features:
|
o Major features:
|
||||||
|
2
doc/TODO
2
doc/TODO
@ -78,7 +78,7 @@ P - Figure out why openssl 0.9.8c "make test" fails at sha256t test.
|
|||||||
Items for 0.1.2.x:
|
Items for 0.1.2.x:
|
||||||
- Now that we're avoiding exits when picking non-exit positions,
|
- Now that we're avoiding exits when picking non-exit positions,
|
||||||
we need to consider how to pick nodes for internal circuits. If
|
we need to consider how to pick nodes for internal circuits. If
|
||||||
we avoid exits for all positions, we skew the load balancig. If
|
we avoid exits for all positions, we skew the load balancing. If
|
||||||
we accept exits for all positions, we leak whether it's an internal
|
we accept exits for all positions, we leak whether it's an internal
|
||||||
circuit at every step. If we accept exits only at the last hop, we
|
circuit at every step. If we accept exits only at the last hop, we
|
||||||
reintroduce Lasse's attacks from the Oakland paper.
|
reintroduce Lasse's attacks from the Oakland paper.
|
||||||
|
@ -92,7 +92,7 @@ $Id$
|
|||||||
; $Digest -- The router whose identity key hashes to the given digest.
|
; $Digest -- The router whose identity key hashes to the given digest.
|
||||||
; This is the preferred way to refer to an OR.
|
; This is the preferred way to refer to an OR.
|
||||||
; $Digest~Name -- The router whose identity key hashes to the given
|
; $Digest~Name -- The router whose identity key hashes to the given
|
||||||
; digest, but only if the routes has the given nickname.
|
; digest, but only if the router has the given nickname.
|
||||||
; $Digest=Name -- The router whose identity key hashes to the given
|
; $Digest=Name -- The router whose identity key hashes to the given
|
||||||
; digest, but only if the router is Named and has the given
|
; digest, but only if the router is Named and has the given
|
||||||
; nickname.
|
; nickname.
|
||||||
@ -601,7 +601,7 @@ $Id$
|
|||||||
Sometimes extensions to the controller protocol break compatibility with
|
Sometimes extensions to the controller protocol break compatibility with
|
||||||
older controllers. In this case, whenever possible, the extensions are
|
older controllers. In this case, whenever possible, the extensions are
|
||||||
first included in Tor disabled by default, and only enabled on a given
|
first included in Tor disabled by default, and only enabled on a given
|
||||||
controller connection when the 'USEFEATURE' command is given. Once a
|
controller connection when the "USEFEATURE" command is given. Once a
|
||||||
"USEFEATURE" command is given, it applies to all subsequent interactions on
|
"USEFEATURE" command is given, it applies to all subsequent interactions on
|
||||||
the same connection; to disable an enabled feature, a new controller
|
the same connection; to disable an enabled feature, a new controller
|
||||||
connection must be opened.
|
connection must be opened.
|
||||||
@ -624,10 +624,10 @@ $Id$
|
|||||||
|
|
||||||
VERBOSE_NAMES
|
VERBOSE_NAMES
|
||||||
|
|
||||||
Instead of ServerID as specified elsewhere, the controller should
|
Instead of ServerID as specified above, the controller should
|
||||||
identify ORs by LongName in events and GETINFO results. This format is
|
identify ORs by LongName in events and GETINFO results. This format is
|
||||||
strictly more informative, since rather than including Nickname for
|
strictly more informative: rather than including Nickname for
|
||||||
known Named routers and Fingerprint for unknown or unNamed routers; the
|
known Named routers and Fingerprint for unknown or unNamed routers, the
|
||||||
LongName format includes a Fingerprint, an indication of Named status,
|
LongName format includes a Fingerprint, an indication of Named status,
|
||||||
and a Nickname (if one is known).
|
and a Nickname (if one is known).
|
||||||
|
|
||||||
|
@ -218,7 +218,7 @@ circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
|
|||||||
* extended; the _first_ hop that isn't open (if any) is marked as
|
* extended; the _first_ hop that isn't open (if any) is marked as
|
||||||
* unable to extend.
|
* unable to extend.
|
||||||
*/
|
*/
|
||||||
/* XXXX Someday we should learn from or circuits too. */
|
/* XXXX Someday we should learn from OR circuits too. */
|
||||||
void
|
void
|
||||||
circuit_rep_hist_note_result(origin_circuit_t *circ)
|
circuit_rep_hist_note_result(origin_circuit_t *circ)
|
||||||
{
|
{
|
||||||
|
@ -2144,7 +2144,7 @@ connection_exit_connect(edge_connection_t *edge_conn)
|
|||||||
* bridge connection with a socketpair, create a new directory conn, and join
|
* bridge connection with a socketpair, create a new directory conn, and join
|
||||||
* them together. Return 0 on success (or if there was an error we could send
|
* them together. Return 0 on success (or if there was an error we could send
|
||||||
* back an end cell for). Return -1 if the circuit needs to be torn down.
|
* back an end cell for). Return -1 if the circuit needs to be torn down.
|
||||||
* Either connects exit_conn, or frees it, or marks it, as appropriate.
|
* Either connects exit_conn, frees it, or marks it, as appropriate.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
connection_exit_connect_dir(edge_connection_t *exit_conn)
|
connection_exit_connect_dir(edge_connection_t *exit_conn)
|
||||||
|
@ -63,7 +63,7 @@ const char control_c_id[] =
|
|||||||
#define ERR_NO_ROUTER 0x000C
|
#define ERR_NO_ROUTER 0x000C
|
||||||
|
|
||||||
/* Recognized asynchronous event types. It's okay to expand this list
|
/* Recognized asynchronous event types. It's okay to expand this list
|
||||||
* because it use used both as a list of v0 event types, and as indices
|
* because it is used both as a list of v0 event types, and as indices
|
||||||
* into the bitfield to determine which controllers want which events.
|
* into the bitfield to determine which controllers want which events.
|
||||||
*/
|
*/
|
||||||
#define _EVENT_MIN 0x0001
|
#define _EVENT_MIN 0x0001
|
||||||
@ -1058,8 +1058,8 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
|
|||||||
if (base16_decode(password, i/2+1, body, i)<0) {
|
if (base16_decode(password, i/2+1, body, i)<0) {
|
||||||
connection_write_str_to_buf(
|
connection_write_str_to_buf(
|
||||||
"551 Invalid hexadecimal encoding. Maybe you tried a plain text "
|
"551 Invalid hexadecimal encoding. Maybe you tried a plain text "
|
||||||
"password? If so, the standard requires you put it in double "
|
"password? If so, the standard requires that you put it in "
|
||||||
"quotes.\r\n", conn);
|
"double quotes.\r\n", conn);
|
||||||
tor_free(password);
|
tor_free(password);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1108,7 +1108,7 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
|
|||||||
else
|
else
|
||||||
errstr = "Password did not match HashedControlPassword value from "
|
errstr = "Password did not match HashedControlPassword value from "
|
||||||
"configuration. Maybe you tried a plain text password? "
|
"configuration. Maybe you tried a plain text password? "
|
||||||
"If so, the standard requires you put it in double quotes.";
|
"If so, the standard requires that you put it in double quotes.";
|
||||||
goto err;
|
goto err;
|
||||||
} else {
|
} else {
|
||||||
/* if Tor doesn't demand any stronger authentication, then
|
/* if Tor doesn't demand any stronger authentication, then
|
||||||
|
@ -2558,7 +2558,6 @@ typedef enum {
|
|||||||
V1_AUTHORITY, V2_AUTHORITY, HIDSERV_AUTHORITY,
|
V1_AUTHORITY, V2_AUTHORITY, HIDSERV_AUTHORITY,
|
||||||
} authority_type_t;
|
} authority_type_t;
|
||||||
routerstatus_t *router_pick_trusteddirserver(authority_type_t type,
|
routerstatus_t *router_pick_trusteddirserver(authority_type_t type,
|
||||||
|
|
||||||
int requireother,
|
int requireother,
|
||||||
int fascistfirewall,
|
int fascistfirewall,
|
||||||
int retry_if_no_servers);
|
int retry_if_no_servers);
|
||||||
|
Loading…
Reference in New Issue
Block a user