2004-02-17 01:31:39 +01:00
|
|
|
Changes in version 0.0.2pre20 - 2004-01-30
|
|
|
|
o New features:
|
|
|
|
- We now have a deb package, and it's in debian unstable. Go to
|
|
|
|
it, apt-getters. :)
|
|
|
|
- I've split the TotalBandwidth option into BandwidthRate (how many
|
|
|
|
bytes per second you want to allow, long-term) and
|
|
|
|
BandwidthBurst (how many bytes you will allow at once before the cap
|
|
|
|
kicks in). This better token bucket approach lets you, say, set
|
|
|
|
BandwidthRate to 10KB/s and BandwidthBurst to 10MB, allowing good
|
|
|
|
performance while not exceeding your monthly bandwidth quota.
|
|
|
|
- Push out a tls record's worth of data once you've got it, rather
|
|
|
|
than waiting until you've read everything waiting to be read. This
|
|
|
|
may improve performance by pipelining better. We'll see.
|
|
|
|
- Add an AP_CONN_STATE_CONNECTING state, to allow streams to detach
|
|
|
|
from failed circuits (if they haven't been connected yet) and attach
|
|
|
|
to new ones.
|
|
|
|
- Expire old streams that haven't managed to connect. Some day we'll
|
|
|
|
have them reattach to new circuits instead.
|
|
|
|
|
|
|
|
o Bugfixes:
|
|
|
|
- Fix several memory leaks that were causing servers to become bloated
|
|
|
|
after a while.
|
|
|
|
- Fix a few very rare assert triggers. A few more remain.
|
|
|
|
- Setuid to User _before_ complaining about running as root.
|
|
|
|
|
|
|
|
|
|
|
|
Changes in version 0.0.2pre19 - 2004-01-07
|
|
|
|
o Bugfixes:
|
|
|
|
- Fix deadlock condition in dns farm. We were telling a child to die by
|
|
|
|
closing the parent's file descriptor to him. But newer children were
|
|
|
|
inheriting the open file descriptor from the parent, and since they
|
|
|
|
weren't closing it, the socket never closed, so the child never read
|
|
|
|
eof, so he never knew to exit. Similarly, dns workers were holding
|
|
|
|
open other sockets, leading to all sorts of chaos.
|
|
|
|
- New cleaner daemon() code for forking and backgrounding.
|
|
|
|
- If you log to a file, it now prints an entry at the top of the
|
|
|
|
logfile so you know it's working.
|
|
|
|
- The onionskin challenge length was 30 bytes longer than necessary.
|
|
|
|
- Started to patch up the spec so it's not quite so out of date.
|
|
|
|
|
|
|
|
|
|
|
|
Changes in version 0.0.2pre18 - 2004-01-02
|
|
|
|
o Bugfixes:
|
|
|
|
- Fix endian issues with the 'integrity' field in the relay header.
|
|
|
|
- Fix a potential bug where connections in state
|
|
|
|
AP_CONN_STATE_CIRCUIT_WAIT might unexpectedly ask to write.
|
|
|
|
|
|
|
|
|
|
|
|
Changes in version 0.0.2pre17 - 2003-12-30
|
|
|
|
o Bugfixes:
|
|
|
|
- Made --debuglogfile (or any second log file, actually) work.
|
|
|
|
- Resolved an edge case in get_unique_circ_id_by_conn where a smart
|
|
|
|
adversary could force us into an infinite loop.
|
|
|
|
|
|
|
|
o Features:
|
|
|
|
- Each onionskin handshake now includes a hash of the computed key,
|
|
|
|
to prove the server's identity and help perfect forward secrecy.
|
|
|
|
- Changed cell size from 256 to 512 bytes (working toward compatibility
|
|
|
|
with MorphMix).
|
|
|
|
- Changed cell length to 2 bytes, and moved it to the relay header.
|
|
|
|
- Implemented end-to-end integrity checking for the payloads of
|
|
|
|
relay cells.
|
|
|
|
- Separated streamid from 'recognized' (otherwise circuits will get
|
|
|
|
messed up when we try to have streams exit from the middle). We
|
|
|
|
use the integrity-checking to confirm that a cell is addressed to
|
|
|
|
this hop.
|
|
|
|
- Randomize the initial circid and streamid values, so an adversary who
|
|
|
|
breaks into a node can't learn how many circuits or streams have
|
|
|
|
been made so far.
|
|
|
|
|
|
|
|
|
|
|
|
Changes in version 0.0.2pre16 - 2003-12-14
|
|
|
|
o Bugfixes:
|
|
|
|
- Fixed a bug that made HUP trigger an assert
|
|
|
|
- Fixed a bug where a circuit that immediately failed wasn't being
|
|
|
|
counted as a failed circuit in counting retries.
|
|
|
|
|
|
|
|
o Features:
|
|
|
|
- Now we close the circuit when we get a truncated cell: otherwise we're
|
|
|
|
open to an anonymity attack where a bad node in the path truncates
|
|
|
|
the circuit and then we open streams at him.
|
|
|
|
- Add port ranges to exit policies
|
|
|
|
- Add a conservative default exit policy
|
|
|
|
- Warn if you're running tor as root
|
|
|
|
- on HUP, retry OR connections and close/rebind listeners
|
|
|
|
- options.EntryNodes: try these nodes first when picking the first node
|
|
|
|
- options.ExitNodes: if your best choices happen to include any of
|
|
|
|
your preferred exit nodes, you choose among just those preferred
|
|
|
|
exit nodes.
|
|
|
|
- options.ExcludedNodes: nodes that are never picked in path building
|
|
|
|
|
|
|
|
|
|
|
|
Changes in version 0.0.2pre15 - 2003-12-03
|
|
|
|
o Robustness and bugfixes:
|
|
|
|
- Sometimes clients would cache incorrect DNS resolves, which would
|
|
|
|
really screw things up.
|
|
|
|
- An OP that goes offline would slowly leak all its sockets and stop
|
|
|
|
working.
|
|
|
|
- A wide variety of bugfixes in exit node selection, exit policy
|
|
|
|
handling, and processing pending streams when a new circuit is
|
|
|
|
established.
|
|
|
|
- Pick nodes for a path only from those the directory says are up
|
|
|
|
- Choose randomly from all running dirservers, not always the first one
|
|
|
|
- Increase allowed http header size for directory fetch.
|
|
|
|
- Stop writing to stderr (if we're daemonized it will be closed).
|
|
|
|
- Enable -g always, so cores will be more useful to me.
|
|
|
|
- Switch "-lcrypto -lssl" to "-lssl -lcrypto" for broken distributions.
|
|
|
|
|
|
|
|
o Documentation:
|
|
|
|
- Wrote a man page. It lists commonly used options.
|
|
|
|
|
|
|
|
o Configuration:
|
|
|
|
- Change default loglevel to warn.
|
|
|
|
- Make PidFile default to null rather than littering in your CWD.
|
|
|
|
- OnionRouter config option is now obsolete. Instead it just checks
|
|
|
|
ORPort>0.
|
|
|
|
- Moved to a single unified torrc file for both clients and servers.
|
|
|
|
|
|
|
|
|
|
|
|
Changes in version 0.0.2pre14 - 2003-11-29
|
|
|
|
o Robustness and bugfixes:
|
|
|
|
- Force the admin to make the DataDirectory himself
|
|
|
|
- to get ownership/permissions right
|
|
|
|
- so clients no longer make a DataDirectory and then never use it
|
|
|
|
- fix bug where a client who was offline for 45 minutes would never
|
|
|
|
pull down a directory again
|
|
|
|
- fix (or at least hide really well) the dns assert bug that was
|
|
|
|
causing server crashes
|
|
|
|
- warnings and improved robustness wrt clockskew for certs
|
|
|
|
- use the native daemon(3) to daemonize, when available
|
|
|
|
- exit if bind() fails
|
|
|
|
- exit if neither socksport nor orport is defined
|
|
|
|
- include our own tor_timegm (Win32 doesn't have its own)
|
|
|
|
- bugfix for win32 with lots of connections
|
|
|
|
- fix minor bias in PRNG
|
|
|
|
- make dirserver more robust to corrupt cached directory
|
|
|
|
|
|
|
|
o Documentation:
|
|
|
|
- Wrote the design document (woo)
|
|
|
|
|
|
|
|
o Circuit building and exit policies:
|
|
|
|
- Circuits no longer try to use nodes that the directory has told them
|
|
|
|
are down.
|
|
|
|
- Exit policies now support bitmasks (18.0.0.0/255.0.0.0) and
|
|
|
|
bitcounts (18.0.0.0/8).
|
|
|
|
- Make AP connections standby for a circuit if no suitable circuit
|
|
|
|
exists, rather than failing
|
|
|
|
- Circuits choose exit node based on addr/port, exit policies, and
|
|
|
|
which AP connections are standing by
|
|
|
|
- Bump min pathlen from 2 to 3
|
|
|
|
- Relay end cells have a payload to describe why the stream ended.
|
|
|
|
- If the stream failed because of exit policy, try again with a new
|
|
|
|
circuit.
|
|
|
|
- Clients have a dns cache to remember resolved addresses.
|
|
|
|
- Notice more quickly when we have no working circuits
|
|
|
|
|
|
|
|
o Configuration:
|
|
|
|
- APPort is now called SocksPort
|
|
|
|
- SocksBindAddress, ORBindAddress, DirBindAddress let you configure
|
|
|
|
where to bind
|
|
|
|
- RecommendedVersions is now a config variable rather than
|
|
|
|
hardcoded (for dirservers)
|
|
|
|
- Reloads config on HUP
|
|
|
|
- Usage info on -h or --help
|
|
|
|
- If you set User and Group config vars, it'll setu/gid to them.
|