diff --git a/ChangeLog b/ChangeLog index 499873052c..03ed90752a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,129 @@ +Changes in version 0.2.4.8-alpha - 2013-01-14 + + o Major features: + - Preliminary support for directory guards (proposal 207): when + possible, clients now use their entry guards for non-anonymous + directory requests. This can help prevent client enumeration. Note + that this behavior only works when we have a usable consensus + directory: and when options about what to download are more or + less standard. Resolves ticket 6526. + - Tor servers and clients now support a better CREATE/EXTEND cell + format, allowing the sender to specify multiple address, identity, + and handshake types. Implements Robert Ransom's proposal 200; + closes ticket 7199. + + o Major features (new circuit handshake): + - Tor now supports a new circuit extension handshake designed by Ian + Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original + circuit extension handshake, later called "TAP", was a bit slow + (especially on the server side), had a fragile security proof, and + used weaker keys than we'd now prefer. The new circuit handshake + uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman + function, making it significantly more secure than the older + handshake, and significantly faster. Tor can use one of two built-in + pure-C curve25519-donna implementations by Adam Langley, or it + can link against the "nacl" library for a tuned version if present. + + The built-in version is very fast for 64-bit systems when building + with GCC. The built-in 32-bit version is still faster than the + old TAP protocol, but using libnacl is better on most such hosts. + + Clients don't currently use this protocol by default, since + comparatively few clients support it so far. To try it, set + UseNTorHandshake to 1. + + Implements proposal 216; closes ticket 7202. + + o Major features (better link encryption): + - Servers can now enable the ECDHE TLS ciphersuites when available + and appropriate. These ciphersuites let us negotiate forward- + secure TLS secret keys more safely and more efficiently than with + our previous use of Diffie-Hellman modulo a 1024-bit prime. + By default, public servers prefer the (faster) P224 group, and + bridges prefer the (more common) P256 group; you can override this + with the TLSECGroup option. + + Enabling these ciphers was a little tricky, since for a long time, + clients had been claiming to support them without actually doing + so, in order to foil fingerprinting. But with the client-side + implementation of proposal 198 in 0.2.3.17-beta, clients can now + match the ciphers from recent Firefox versions *and* list the + ciphers they actually mean, so servers can believe such clients + when they advertise ECDHE support in their TLS ClientHello messages. + + This feature requires clients running 0.2.3.17-beta or later, + and requires both sides to be running OpenSSL 1.0.0 or later + with ECC support. OpenSSL 1.0.1, with the compile-time option + "enable-ec_nistp_64_gcc_128", is highly recommended. Implements + the server side of proposal 198; closes ticket 7200. + + o Major bugfixes: + - Avoid crashing when, as a node without IPv6-exit support, a + client insists on getting an IPv6 address or nothing. Fixes bug + 7814; bugfix on 0.2.4.7-alpha. + + o Minor features: + - Improve circuit build timeout handling for hidden services. + In particular: adjust build timeouts more accurately depending + upon the number of hop-RTTs that a particular circuit type + undergoes. Additionally, launch intro circuits in parallel + if they timeout, and take the first one to reply as valid. + - Work correctly on unix systems where EAGAIN and EWOULDBLOCK are + separate error codes--or at least, don't break for that reason. + Fixes bug 7935. Reported by "oftc_must_be_destroyed". + + o Minor features (testing): + - Add benchmarks for DH (1024-bit multiplicative group) and ECDH + (P-256) diffie-hellman handshakes to src/or/bench. + - Add benchmark functions to test onion handshake performance. + + o Minor features (path bias detection): + - Alter the Path Bias log messages to be more descriptive in terms + of reporting timeouts and other statistics. + - Create three levels of Path Bias log messages, as opposed to just + two. These are configurable via consensus as well as via the torrc + options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate. + The default values are 0.70, 0.50, and 0.30 respectively. + - Separate the log message levels from the decision to drop guards, + which also is available via torrc option PathBiasDropGuards. + PathBiasDropGuards still defaults to 0 (off). + - Deprecate PathBiasDisableRate in favor of PathBiasDropGuards + in combination with PathBiasExtremeRate. + - Increase the default values for PathBiasScaleThreshold and + PathBiasCircThreshold from (200, 20) to (300, 150). + - Add in circuit usage accounting to path bias. If we try to use a + built circuit but fail for any reason, it counts as path bias. + Certain classes of circuits where the adversary gets to pick your + destination node are exempt from this accounting. Usage accounting + can be specifically disabled via consensus parameter or torrc. + - Convert all internal path bias state to double-precision floating + point, to avoid roundoff error and other issues. + - Only record path bias information for circuits that have completed + *two* hops. Assuming end-to-end tagging is the attack vector, this + makes us more resilient to ambient circuit failure without any + detection capability loss. + + o Minor bugfixes: + - Rate-limit the "No circuits are opened. Relaxed timeout for a + circuit with channel state open..." message to once per hour to + keep it from filling the notice logs. Mitigates bug 7799 but does + not fix the underlying cause. Bugfix on 0.2.4.7-alpha. + - Avoid spurious warnings when configuring multiple client ports of + which only some are nonlocal. Previously, we had claimed that some + were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on + 0.2.3.3-alpha. + + o Code simplifications and refactoring: + - Get rid of a couple of harmless clang warnings, where we compared + enums to ints. These warnings are newly introduced in clang 3.2. + - Split the onion.c file into separate modules for the onion queue + and the different handshakes it supports. + - Remove the marshalling/unmarshalling code for sending requests to + cpuworkers over a socket, and instead just send structs. The + recipient will always be the same Tor binary as the sender, so + any encoding is overkill. + + Changes in version 0.2.4.7-alpha - 2012-12-24 Tor 0.2.4.7-alpha introduces a new approach to providing fallback directory mirrors for more robust bootstrapping; fixes more issues where diff --git a/changes/bug7157 b/changes/bug7157 deleted file mode 100644 index 4f0e3b3fcb..0000000000 --- a/changes/bug7157 +++ /dev/null @@ -1,26 +0,0 @@ - - o Minor features: - - Alter the Path Bias log messages to be more descriptive in terms - of reporting timeouts and other statistics. - - Create three levels of Path Bias log messages, as opposed to just - two. These are configurable via consensus as well as via torrc - options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate. - The default values are 0.70, 0.50, and 0.30 respectively. - - Separate the log message levels from the decision to drop guards, - which also is available via torrc option PathBiasDropGuards. - PathBiasDropGuards defaults to 0 (off). - - Deprecate PathBiasDisableRate in favor of PathBiasDropGuards - in combination with PathBiasExtremeRate. - - Increase the default values for PathBiasScaleThreshold and - PathBiasCircThreshold from 200 and 20 to 300 and 150, respectively. - - Add in circuit usage accounting to path bias. If we try to use a - built circuit but fail for any reason, it counts as path bias. - Certain classes of circuits where the adversary gets to pick your - destination node are exempt from this accounting. Usage accounting - can be specifically disabled via consensus parameter or torrc. - - Convert all internal path bias state to double-precision floating - point, to avoid roundoff error and other issues. - - Only record path bias information for circuits that have completed - *two* hops. Assuming end-to-end tagging is the attack vector, this - makes us more resilient to ambient circuit failure without any - detection capability loss. diff --git a/changes/bug7341 b/changes/bug7341 deleted file mode 100644 index 7f046d2a4c..0000000000 --- a/changes/bug7341 +++ /dev/null @@ -1,7 +0,0 @@ - - o Minor features: - - Improve circuit build timeout handling for hidden services. - In particular: adjust build timeouts more accurately depending - upon the number of hop-RTTs that a particular circuit type - undergoes. Additionally, launch intro circuits in parallel - if they timeout, and take the first one to reply as valid. diff --git a/changes/bug7799.ratelim b/changes/bug7799.ratelim deleted file mode 100644 index cb7742c5da..0000000000 --- a/changes/bug7799.ratelim +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Rate-limit the "No circuits are opened. Relaxed timeout for a - circuit with channel state open..." message to once per hour to - keep it from filling the notice logs. Mitigates bug 7799 but does - not fix the underlying cause. Bugfix on 0.2.4.7-alpha. - diff --git a/changes/bug7814 b/changes/bug7814 deleted file mode 100644 index 7ecc2427af..0000000000 --- a/changes/bug7814 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Avoid crashing when, as a node without IPv6-exit support, a - client insists on getting an IPv6 address or nothing. Fixes bug - #7814; bugfix on 0.2.4.7-alpha. diff --git a/changes/bug7836 b/changes/bug7836 deleted file mode 100644 index 730d807451..0000000000 --- a/changes/bug7836 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Avoid spurious warnings when configuring multiple client ports of - which only some are nonlocal. Previously, we had claimed that some - were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on - 0.2.3.3-alpha. diff --git a/changes/bug7935 b/changes/bug7935 deleted file mode 100644 index ef910012c7..0000000000 --- a/changes/bug7935 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (portability): - - Work correctly on unix systems where EAGAIN and EWOULDBLOCK are - separate error codes--or at least, don't break for that reason. - Fixes bug 7935. Reported by "oftc_must_be_destroyed". diff --git a/changes/clang_enum_warnings b/changes/clang_enum_warnings deleted file mode 100644 index 50de605fc8..0000000000 --- a/changes/clang_enum_warnings +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplifications and refactoring: - - Get rid of a couple of harmless clang warnings, where we compared - enums to ints. These warnings are newly introduced in clang 3.2. diff --git a/changes/dh_benchmarks b/changes/dh_benchmarks deleted file mode 100644 index 2301995a74..0000000000 --- a/changes/dh_benchmarks +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (testing): - - Add benchmarks for DH (1024-bit multiplicative group) and ECDH - (P-256) diffie-hellman handshakes to src/or/bench. diff --git a/changes/dirguards b/changes/dirguards deleted file mode 100644 index 942ae6c24f..0000000000 --- a/changes/dirguards +++ /dev/null @@ -1,8 +0,0 @@ - o Major features: - - Preliminary support for directory guards: when possible, - clients now use guards for non-anonymous directory requests. - This can help prevent client enumeration. Note that this - behavior only works when we have a usable consensus directory: - and when options about what to download are more or less - standard. Implements proposal 207; closes ticket 6526. - diff --git a/changes/ntor b/changes/ntor deleted file mode 100644 index 3aca82075f..0000000000 --- a/changes/ntor +++ /dev/null @@ -1,40 +0,0 @@ - o Major features: - - - Tor now supports a new circuit extension handshake designed by Ian - Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original - circuit extension handshake, later called "TAP", was a bit slow - (especially on the server side), had a fragile security proof, and - used weaker keys than we'd now prefer. The new circuit handshake - uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman - function, making it significantly more secure than the older - handshake, and significantly faster. Tor can either use one of two - built-in pure-C curve25519-donna implementations by Adam Langley, - or link against the "nacl" library for a tuned version if present. - - The built-in version is very fast for 64-bit systems building with - GCC. (About 10-14x faster on the server side, and about 7x faster - on the client side.) The built-in 32-bit version is still faster - than the old TAP protocol (about 3x), but using libnacl would be - better on most 32-bit x86 hosts. - - Clients don't currently use this protocol by default, since - comparatively few clients support it so far. To try it, set - UseNTorHandshake to 1. - - Implements proposal 216; closes ticket #7202. - - - Tor servers and clients now support a better CREATE/EXTEND cell - format, allowing the sender to specify multiple address, identity, - and handshake types. Implements Robert Ransom's proposal 200; - closes ticket #7199. - - o Code simplification and refactoring: - - Split the onion.c file into separate modules for the onion queue - and the different handshakes it supports. - - Remove the marshalling/unmarshalling code for sending requests to - cpuworkers over a socket, and instead just send structs. The - recipient will always be the same Tor binary as the sender, so - any encoding is overkill. - - o Testing: - - Add benchmark functions to test onion handshake performance. diff --git a/changes/tls_ecdhe b/changes/tls_ecdhe deleted file mode 100644 index 48c6384dad..0000000000 --- a/changes/tls_ecdhe +++ /dev/null @@ -1,26 +0,0 @@ - o Major features: - - - Servers can now enable the ECDHE TLS ciphersuites when available - and appropriate. These ciphersuites let us negotiate forward- - secure TLS secret keys more safely and more efficiently than with - our previous use of Diffie Hellman modulo a 1024-bit prime. - By default, public servers prefer the (faster) P224 group, and - bridges prefer the (more common) P256 group; you can override this - with the TLSECGroup option. - - Enabling these ciphers was a little tricky, since for a long - time, clients had been claiming to support them without - actually doing so, in order to foil fingerprinting. But with - the client-side implementation of proposal 198 in - 0.2.3.17-beta, clients can now match the ciphers from recent - firefox versions *and* list the ciphers they actually mean, so - servers can believe such clients when they advertise ECDHE - support in their TLS ClientHello messages. - - This feature requires clients running 0.2.3.17-beta or later, - and requires both sides to be running OpenSSL 1.0.0 or later - with ECC support. OpenSSL 1.0.1, with the compile-time option - "enable-ec_nistp_64_gcc_128", is highly recommended. - Implements the server side of proposal 198; closes ticket - 7200. - diff --git a/src/or/connection.c b/src/or/connection.c index 740462e7c6..42ff7e1a02 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1245,6 +1245,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) if (!SOCKET_OK(news)) { /* accept() error */ int e = tor_socket_errno(conn->s); if (ERRNO_IS_ACCEPT_EAGAIN(e)) { + log_notice(LD_APP, "he hung up before we could accept(). that's fine."); return 0; /* he hung up before we could accept(). that's fine. */ } else if (ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e)) { warn_too_many_conns(); @@ -1256,7 +1257,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) connection_mark_for_close(conn); return -1; } - log_debug(LD_NET, + log_notice(LD_NET, "Connection accepted on socket %d (child of fd %d).", (int)news,(int)conn->s); diff --git a/src/or/relay.c b/src/or/relay.c index a942e44651..874aade213 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1619,6 +1619,14 @@ connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, conn->base_.s, (int)length, (int)connection_get_inbuf_len(TO_CONN(conn))); + if (conn->base_.type == CONN_TYPE_AP) { + char *text = tor_memdup(payload, length+1); + text[length] = 0; + log_notice(LD_APP, "Incoming socks text (%d):===\n%s\n===", + conn->base_.s, text); + tor_free(text); + } + if (sending_optimistically && !sending_from_optimistic) { /* This is new optimistic data; remember it in case we need to detach and retry */