mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-20 10:12:15 +01:00
Code Issues Projects Releases Wiki Activity

start folding in the changes entries

Browse Source
This commit is contained in:
Roger Dingledine 2013-01-14 13:34:59 -05:00
parent c9242f4fd4
commit 19d3720236
14 changed files with 136 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
ChangeLog
View File

@ -1,3 +1,129 @@
Changes in version 0.2.4.8-alpha - 2013-01-14
o Major features:
- Preliminary support for directory guards (proposal 207): when
possible, clients now use their entry guards for non-anonymous
directory requests. This can help prevent client enumeration. Note
that this behavior only works when we have a usable consensus
directory: and when options about what to download are more or
less standard. Resolves ticket 6526.
- Tor servers and clients now support a better CREATE/EXTEND cell
format, allowing the sender to specify multiple address, identity,
and handshake types. Implements Robert Ransom's proposal 200;
closes ticket 7199.
o Major features (new circuit handshake):
- Tor now supports a new circuit extension handshake designed by Ian
Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original
circuit extension handshake, later called "TAP", was a bit slow
(especially on the server side), had a fragile security proof, and
used weaker keys than we'd now prefer. The new circuit handshake
uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman
function, making it significantly more secure than the older
handshake, and significantly faster. Tor can use one of two built-in
pure-C curve25519-donna implementations by Adam Langley, or it
can link against the "nacl" library for a tuned version if present.
The built-in version is very fast for 64-bit systems when building
with GCC. The built-in 32-bit version is still faster than the
old TAP protocol, but using libnacl is better on most such hosts.
Clients don't currently use this protocol by default, since
comparatively few clients support it so far. To try it, set
UseNTorHandshake to 1.
Implements proposal 216; closes ticket 7202.
o Major features (better link encryption):
- Servers can now enable the ECDHE TLS ciphersuites when available
and appropriate. These ciphersuites let us negotiate forward-
secure TLS secret keys more safely and more efficiently than with
our previous use of Diffie-Hellman modulo a 1024-bit prime.
By default, public servers prefer the (faster) P224 group, and
bridges prefer the (more common) P256 group; you can override this
with the TLSECGroup option.
Enabling these ciphers was a little tricky, since for a long time,
clients had been claiming to support them without actually doing
so, in order to foil fingerprinting. But with the client-side
implementation of proposal 198 in 0.2.3.17-beta, clients can now
match the ciphers from recent Firefox versions *and* list the
ciphers they actually mean, so servers can believe such clients
when they advertise ECDHE support in their TLS ClientHello messages.
This feature requires clients running 0.2.3.17-beta or later,
and requires both sides to be running OpenSSL 1.0.0 or later
with ECC support. OpenSSL 1.0.1, with the compile-time option
"enable-ec_nistp_64_gcc_128", is highly recommended. Implements
the server side of proposal 198; closes ticket 7200.
o Major bugfixes:
- Avoid crashing when, as a node without IPv6-exit support, a
client insists on getting an IPv6 address or nothing. Fixes bug
7814; bugfix on 0.2.4.7-alpha.
o Minor features:
- Improve circuit build timeout handling for hidden services.
In particular: adjust build timeouts more accurately depending
upon the number of hop-RTTs that a particular circuit type
undergoes. Additionally, launch intro circuits in parallel
if they timeout, and take the first one to reply as valid.
- Work correctly on unix systems where EAGAIN and EWOULDBLOCK are
separate error codes--or at least, don't break for that reason.
Fixes bug 7935. Reported by "oftc_must_be_destroyed".
o Minor features (testing):
- Add benchmarks for DH (1024-bit multiplicative group) and ECDH
(P-256) diffie-hellman handshakes to src/or/bench.
- Add benchmark functions to test onion handshake performance.
o Minor features (path bias detection):
- Alter the Path Bias log messages to be more descriptive in terms
of reporting timeouts and other statistics.
- Create three levels of Path Bias log messages, as opposed to just
two. These are configurable via consensus as well as via the torrc
options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate.
The default values are 0.70, 0.50, and 0.30 respectively.
- Separate the log message levels from the decision to drop guards,
which also is available via torrc option PathBiasDropGuards.
PathBiasDropGuards still defaults to 0 (off).
- Deprecate PathBiasDisableRate in favor of PathBiasDropGuards
in combination with PathBiasExtremeRate.
- Increase the default values for PathBiasScaleThreshold and
PathBiasCircThreshold from (200, 20) to (300, 150).
- Add in circuit usage accounting to path bias. If we try to use a
built circuit but fail for any reason, it counts as path bias.
Certain classes of circuits where the adversary gets to pick your
destination node are exempt from this accounting. Usage accounting
can be specifically disabled via consensus parameter or torrc.
- Convert all internal path bias state to double-precision floating
point, to avoid roundoff error and other issues.
- Only record path bias information for circuits that have completed
*two* hops. Assuming end-to-end tagging is the attack vector, this
makes us more resilient to ambient circuit failure without any
detection capability loss.
o Minor bugfixes:
- Rate-limit the "No circuits are opened. Relaxed timeout for a
circuit with channel state open..." message to once per hour to
keep it from filling the notice logs. Mitigates bug 7799 but does
not fix the underlying cause. Bugfix on 0.2.4.7-alpha.
- Avoid spurious warnings when configuring multiple client ports of
which only some are nonlocal. Previously, we had claimed that some
were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on
0.2.3.3-alpha.
o Code simplifications and refactoring:
- Get rid of a couple of harmless clang warnings, where we compared
enums to ints. These warnings are newly introduced in clang 3.2.
- Split the onion.c file into separate modules for the onion queue
and the different handshakes it supports.
- Remove the marshalling/unmarshalling code for sending requests to
cpuworkers over a socket, and instead just send structs. The
recipient will always be the same Tor binary as the sender, so
any encoding is overkill.
Changes in version 0.2.4.7-alpha - 2012-12-24
Tor 0.2.4.7-alpha introduces a new approach to providing fallback
directory mirrors for more robust bootstrapping; fixes more issues where

26
changes/bug7157
View File

@ -1,26 +0,0 @@
o Minor features:
- Alter the Path Bias log messages to be more descriptive in terms
of reporting timeouts and other statistics.
- Create three levels of Path Bias log messages, as opposed to just
two. These are configurable via consensus as well as via torrc
options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate.
The default values are 0.70, 0.50, and 0.30 respectively.
- Separate the log message levels from the decision to drop guards,
which also is available via torrc option PathBiasDropGuards.
PathBiasDropGuards defaults to 0 (off).
- Deprecate PathBiasDisableRate in favor of PathBiasDropGuards
in combination with PathBiasExtremeRate.
- Increase the default values for PathBiasScaleThreshold and
PathBiasCircThreshold from 200 and 20 to 300 and 150, respectively.
- Add in circuit usage accounting to path bias. If we try to use a
built circuit but fail for any reason, it counts as path bias.
Certain classes of circuits where the adversary gets to pick your
destination node are exempt from this accounting. Usage accounting
can be specifically disabled via consensus parameter or torrc.
- Convert all internal path bias state to double-precision floating
point, to avoid roundoff error and other issues.
- Only record path bias information for circuits that have completed
*two* hops. Assuming end-to-end tagging is the attack vector, this
makes us more resilient to ambient circuit failure without any
detection capability loss.

7
changes/bug7341
View File

@ -1,7 +0,0 @@
o Minor features:
- Improve circuit build timeout handling for hidden services.
In particular: adjust build timeouts more accurately depending
upon the number of hop-RTTs that a particular circuit type
undergoes. Additionally, launch intro circuits in parallel
if they timeout, and take the first one to reply as valid.

6
changes/bug7799.ratelim
View File

@ -1,6 +0,0 @@
o Minor bugfixes:
- Rate-limit the "No circuits are opened. Relaxed timeout for a
circuit with channel state open..." message to once per hour to
keep it from filling the notice logs. Mitigates bug 7799 but does
not fix the underlying cause. Bugfix on 0.2.4.7-alpha.

4
changes/bug7814
View File

@ -1,4 +0,0 @@
o Major bugfixes:
- Avoid crashing when, as a node without IPv6-exit support, a
client insists on getting an IPv6 address or nothing. Fixes bug
#7814; bugfix on 0.2.4.7-alpha.

5
changes/bug7836
View File

@ -1,5 +0,0 @@
o Minor bugfixes:
- Avoid spurious warnings when configuring multiple client ports of
which only some are nonlocal. Previously, we had claimed that some
were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on
0.2.3.3-alpha.

4
changes/bug7935
View File

@ -1,4 +0,0 @@
o Minor features (portability):
- Work correctly on unix systems where EAGAIN and EWOULDBLOCK are
separate error codes--or at least, don't break for that reason.
Fixes bug 7935. Reported by "oftc_must_be_destroyed".

3
changes/clang_enum_warnings
View File

@ -1,3 +0,0 @@
o Code simplifications and refactoring:
- Get rid of a couple of harmless clang warnings, where we compared
enums to ints. These warnings are newly introduced in clang 3.2.

3
changes/dh_benchmarks
View File

@ -1,3 +0,0 @@
o Minor features (testing):
- Add benchmarks for DH (1024-bit multiplicative group) and ECDH
(P-256) diffie-hellman handshakes to src/or/bench.

8
changes/dirguards
View File

@ -1,8 +0,0 @@
o Major features:
- Preliminary support for directory guards: when possible,
clients now use guards for non-anonymous directory requests.
This can help prevent client enumeration. Note that this
behavior only works when we have a usable consensus directory:
and when options about what to download are more or less
standard. Implements proposal 207; closes ticket 6526.

40
changes/ntor
View File

@ -1,40 +0,0 @@
o Major features:
- Tor now supports a new circuit extension handshake designed by Ian
Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original
circuit extension handshake, later called "TAP", was a bit slow
(especially on the server side), had a fragile security proof, and
used weaker keys than we'd now prefer. The new circuit handshake
uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman
function, making it significantly more secure than the older
handshake, and significantly faster. Tor can either use one of two
built-in pure-C curve25519-donna implementations by Adam Langley,
or link against the "nacl" library for a tuned version if present.
The built-in version is very fast for 64-bit systems building with
GCC. (About 10-14x faster on the server side, and about 7x faster
on the client side.) The built-in 32-bit version is still faster
than the old TAP protocol (about 3x), but using libnacl would be
better on most 32-bit x86 hosts.
Clients don't currently use this protocol by default, since
comparatively few clients support it so far. To try it, set
UseNTorHandshake to 1.
Implements proposal 216; closes ticket #7202.
- Tor servers and clients now support a better CREATE/EXTEND cell
format, allowing the sender to specify multiple address, identity,
and handshake types. Implements Robert Ransom's proposal 200;
closes ticket #7199.
o Code simplification and refactoring:
- Split the onion.c file into separate modules for the onion queue
and the different handshakes it supports.
- Remove the marshalling/unmarshalling code for sending requests to
cpuworkers over a socket, and instead just send structs. The
recipient will always be the same Tor binary as the sender, so
any encoding is overkill.
o Testing:
- Add benchmark functions to test onion handshake performance.

26
changes/tls_ecdhe
View File

@ -1,26 +0,0 @@
o Major features:
- Servers can now enable the ECDHE TLS ciphersuites when available
and appropriate. These ciphersuites let us negotiate forward-
secure TLS secret keys more safely and more efficiently than with
our previous use of Diffie Hellman modulo a 1024-bit prime.
By default, public servers prefer the (faster) P224 group, and
bridges prefer the (more common) P256 group; you can override this
with the TLSECGroup option.
Enabling these ciphers was a little tricky, since for a long
time, clients had been claiming to support them without
actually doing so, in order to foil fingerprinting. But with
the client-side implementation of proposal 198 in
0.2.3.17-beta, clients can now match the ciphers from recent
firefox versions *and* list the ciphers they actually mean, so
servers can believe such clients when they advertise ECDHE
support in their TLS ClientHello messages.
This feature requires clients running 0.2.3.17-beta or later,
and requires both sides to be running OpenSSL 1.0.0 or later
with ECC support. OpenSSL 1.0.1, with the compile-time option
"enable-ec_nistp_64_gcc_128", is highly recommended.
Implements the server side of proposal 198; closes ticket
7200.

3
src/or/connection.c
View File

@ -1245,6 +1245,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
if (!SOCKET_OK(news)) { /* accept() error */
int e = tor_socket_errno(conn->s);
if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
log_notice(LD_APP, "he hung up before we could accept(). that's fine.");
return 0; /* he hung up before we could accept(). that's fine. */
} else if (ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e)) {
warn_too_many_conns();
@ -1256,7 +1257,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
connection_mark_for_close(conn);
return -1;
}
log_debug(LD_NET,
log_notice(LD_NET,
"Connection accepted on socket %d (child of fd %d).",
(int)news,(int)conn->s);

8
src/or/relay.c
View File

@ -1619,6 +1619,14 @@ connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial,
conn->base_.s,
(int)length, (int)connection_get_inbuf_len(TO_CONN(conn)));
if (conn->base_.type == CONN_TYPE_AP) {
char *text = tor_memdup(payload, length+1);
text[length] = 0;
log_notice(LD_APP, "Incoming socks text (%d):===\n%s\n===",
conn->base_.s, text);
tor_free(text);
}
if (sending_optimistically && !sending_from_optimistic) {
/* This is new optimistic data; remember it in case we need to detach and
retry */