tor/ChangeLog

166 lines
7.4 KiB
Plaintext
Raw Normal View History

Changes in version 0.0.2pre20 - 2004-01-30
o New features:
- We now have a deb package, and it's in debian unstable. Go to
it, apt-getters. :)
- I've split the TotalBandwidth option into BandwidthRate (how many
bytes per second you want to allow, long-term) and
BandwidthBurst (how many bytes you will allow at once before the cap
kicks in). This better token bucket approach lets you, say, set
BandwidthRate to 10KB/s and BandwidthBurst to 10MB, allowing good
performance while not exceeding your monthly bandwidth quota.
- Push out a tls record's worth of data once you've got it, rather
than waiting until you've read everything waiting to be read. This
may improve performance by pipelining better. We'll see.
- Add an AP_CONN_STATE_CONNECTING state, to allow streams to detach
from failed circuits (if they haven't been connected yet) and attach
to new ones.
- Expire old streams that haven't managed to connect. Some day we'll
have them reattach to new circuits instead.
o Bugfixes:
- Fix several memory leaks that were causing servers to become bloated
after a while.
- Fix a few very rare assert triggers. A few more remain.
- Setuid to User _before_ complaining about running as root.
Changes in version 0.0.2pre19 - 2004-01-07
o Bugfixes:
- Fix deadlock condition in dns farm. We were telling a child to die by
closing the parent's file descriptor to him. But newer children were
inheriting the open file descriptor from the parent, and since they
weren't closing it, the socket never closed, so the child never read
eof, so he never knew to exit. Similarly, dns workers were holding
open other sockets, leading to all sorts of chaos.
- New cleaner daemon() code for forking and backgrounding.
- If you log to a file, it now prints an entry at the top of the
logfile so you know it's working.
- The onionskin challenge length was 30 bytes longer than necessary.
- Started to patch up the spec so it's not quite so out of date.
Changes in version 0.0.2pre18 - 2004-01-02
o Bugfixes:
- Fix endian issues with the 'integrity' field in the relay header.
- Fix a potential bug where connections in state
AP_CONN_STATE_CIRCUIT_WAIT might unexpectedly ask to write.
Changes in version 0.0.2pre17 - 2003-12-30
o Bugfixes:
- Made --debuglogfile (or any second log file, actually) work.
- Resolved an edge case in get_unique_circ_id_by_conn where a smart
adversary could force us into an infinite loop.
o Features:
- Each onionskin handshake now includes a hash of the computed key,
to prove the server's identity and help perfect forward secrecy.
- Changed cell size from 256 to 512 bytes (working toward compatibility
with MorphMix).
- Changed cell length to 2 bytes, and moved it to the relay header.
- Implemented end-to-end integrity checking for the payloads of
relay cells.
- Separated streamid from 'recognized' (otherwise circuits will get
messed up when we try to have streams exit from the middle). We
use the integrity-checking to confirm that a cell is addressed to
this hop.
- Randomize the initial circid and streamid values, so an adversary who
breaks into a node can't learn how many circuits or streams have
been made so far.
Changes in version 0.0.2pre16 - 2003-12-14
o Bugfixes:
- Fixed a bug that made HUP trigger an assert
- Fixed a bug where a circuit that immediately failed wasn't being
counted as a failed circuit in counting retries.
o Features:
- Now we close the circuit when we get a truncated cell: otherwise we're
open to an anonymity attack where a bad node in the path truncates
the circuit and then we open streams at him.
- Add port ranges to exit policies
- Add a conservative default exit policy
- Warn if you're running tor as root
- on HUP, retry OR connections and close/rebind listeners
- options.EntryNodes: try these nodes first when picking the first node
- options.ExitNodes: if your best choices happen to include any of
your preferred exit nodes, you choose among just those preferred
exit nodes.
- options.ExcludedNodes: nodes that are never picked in path building
Changes in version 0.0.2pre15 - 2003-12-03
o Robustness and bugfixes:
- Sometimes clients would cache incorrect DNS resolves, which would
really screw things up.
- An OP that goes offline would slowly leak all its sockets and stop
working.
- A wide variety of bugfixes in exit node selection, exit policy
handling, and processing pending streams when a new circuit is
established.
- Pick nodes for a path only from those the directory says are up
- Choose randomly from all running dirservers, not always the first one
- Increase allowed http header size for directory fetch.
- Stop writing to stderr (if we're daemonized it will be closed).
- Enable -g always, so cores will be more useful to me.
- Switch "-lcrypto -lssl" to "-lssl -lcrypto" for broken distributions.
o Documentation:
- Wrote a man page. It lists commonly used options.
o Configuration:
- Change default loglevel to warn.
- Make PidFile default to null rather than littering in your CWD.
- OnionRouter config option is now obsolete. Instead it just checks
ORPort>0.
- Moved to a single unified torrc file for both clients and servers.
Changes in version 0.0.2pre14 - 2003-11-29
o Robustness and bugfixes:
- Force the admin to make the DataDirectory himself
- to get ownership/permissions right
- so clients no longer make a DataDirectory and then never use it
- fix bug where a client who was offline for 45 minutes would never
pull down a directory again
- fix (or at least hide really well) the dns assert bug that was
causing server crashes
- warnings and improved robustness wrt clockskew for certs
- use the native daemon(3) to daemonize, when available
- exit if bind() fails
- exit if neither socksport nor orport is defined
- include our own tor_timegm (Win32 doesn't have its own)
- bugfix for win32 with lots of connections
- fix minor bias in PRNG
- make dirserver more robust to corrupt cached directory
o Documentation:
- Wrote the design document (woo)
o Circuit building and exit policies:
- Circuits no longer try to use nodes that the directory has told them
are down.
- Exit policies now support bitmasks (18.0.0.0/255.0.0.0) and
bitcounts (18.0.0.0/8).
- Make AP connections standby for a circuit if no suitable circuit
exists, rather than failing
- Circuits choose exit node based on addr/port, exit policies, and
which AP connections are standing by
- Bump min pathlen from 2 to 3
- Relay end cells have a payload to describe why the stream ended.
- If the stream failed because of exit policy, try again with a new
circuit.
- Clients have a dns cache to remember resolved addresses.
- Notice more quickly when we have no working circuits
o Configuration:
- APPort is now called SocksPort
- SocksBindAddress, ORBindAddress, DirBindAddress let you configure
where to bind
- RecommendedVersions is now a config variable rather than
hardcoded (for dirservers)
- Reloads config on HUP
- Usage info on -h or --help
- If you set User and Group config vars, it'll setu/gid to them.