checkpoint some cleanups

svn:r8599
This commit is contained in:
Roger Dingledine 2006-10-05 08:23:21 +00:00
parent 8c11212317
commit 64b5fd3194
3 changed files with 40 additions and 43 deletions

View File

@ -9,80 +9,77 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
lookups; see doc/socks-extensions.txt for full information.
- Add a BEGIN_DIR relay cell type for an easier in-protocol way to
connect to directory servers through Tor. Previously, clients
could only connect to directory servers over Tor from exit nodes,
but couldn't get directory information anonymously from a non-exit
cache without getting a separate exit node involved.
could only connect to directory servers over Tor from exit nodes.
o Minor features:
- Check for name servers (like Earthlink's) that hijack failing DNS
requests and replace the no-such-server answer with a "helpful"
redirect to an advertising-driven search portal. We're a little
redirect to an advertising-driven search portal. We're a little
clever about this, in order to work around DNS hijackers who
"helpfully" decline to hijack known-invalid RFC2606 addresses.
Config option "ServerDNSDetectHijacking 0" lets you turn it off.
- When asked to resolve a hostname, don't use non-exit servers unless
requested to do so. This allows servers with broken DNS to
be useful to the network.
requested to do so. This allows servers with broken DNS to be
useful to the network.
- Add an "EnforceDistinctSubnets" option to control our "exclude
servers on the same /16" behavior. It's still on by default; this
is mostly for people who want to operate private test networks with
all the machines on the same subnet.
- If one of our entry guards is on the ExcludeNodes list, or the
directory authorities don't think it's a good guard, treat it as if it
were unlisted: stop using it as a guard, and throw it off the guards
list if it stays that way for a long time.
- Allow directory authorities to be marked separately as authorities for
the v1 directory protocol, the v2 directory protocol, and as hidden
service directories, to make it easier to retire old authorities.
V1 authorities should set "HSAuthoritativeDir 1" to continue being
hidden service authorities too.
- Reserve the nickname "Unnamed" for routers that can't pick a hostname;
any router can call itself Unnamed; directory servers will never
allocate Unnamed to any particular router; clients won't believe that
any router is the canonical Unnamed.
- New controller event to alert the controller when our server descriptor
has changed.
directory authorities don't think it's a good guard, treat it as
if it were unlisted: stop using it as a guard, and throw it off
the guards list if it stays that way for a long time.
- Allow directory authorities to be marked separately as authorities
for the v1 directory protocol, the v2 directory protocol, and
as hidden service directories, to make it easier to retire old
authorities. V1 authorities should set "HSAuthoritativeDir 1"
to continue being hidden service authorities too.
- Reserve the nickname "Unnamed" for routers that can't pick
a hostname; any router can call itself Unnamed; directory
authorities will never allocate Unnamed to any particular router;
clients won't believe that any router is the canonical Unnamed.
- New controller event to alert the controller when our server
descriptor has changed.
- Only include function names in log messages for debugging messages;
in other cases, the content of the message should be clear on its own,
and including the function name only seems to confuse users.
- Fix CIRC controller events so that controllers can learn the identity
digests of non-Named servers used in circuit paths. (Fixes bug 336.)
- Avoid choosing Exit nodes for entry or middle hops when the bandwidth
available in non-Exit nodes is much higher then the bandwidth available
in Exit nodes. (Fixes bug 200.)
in other cases, the content of the message should be clear on its
own, and including the function name only seems to confuse users.
- Fix CIRC controller events so that controllers can learn the
identity digests of non-Named servers used in circuit paths.
- Avoid choosing Exit nodes for entry or middle hops when the
bandwidth available in non-Exit nodes is much higher than the
bandwidth available in Exit nodes.
- Give more meaningful errors on control authentication failure.
- Avoid possibility of controller-triggered crash when misusing certain
commands from a v0 controller on platforms that do not handle
printf("%s",NULL) gracefully.
- When deciding whether an IP is "local", check for IPs on the same /24
as us. This prevents some false positives during reachability
detection.
- Avoid possibility of controller-triggered crash when misusing certain
commands from a v0 controller on platforms that do not handle
- Avoid some false positives during reachability testing: don't try
to test via a server that's on the same /24 as us.
- Avoid controller-triggered crash when misusing certain commands
from a v0 controller on platforms that do not handle
printf("%s",NULL) gracefully.
- Add an (off by default) feature so that controllers can get more useful
identifiers for servers. Instead of learning identity digests for
identifiers for servers. Instead of learning identity digests for
un-Named servers and nicknames for Named servers, the new identifiers
include digest, nickname, and indication of Named status. See
include digest, nickname, and indication of Named status. See
control-spec.txt for more information.
o Security Fixes, minor:
- If a client asked for a server by name, and we didn't have a
descriptor for a named server with that name, we might return an
old one.
- If a client asked for a server by name, and there's a named server
in our network-status but we don't have its descriptor yet, we
would return an unnamed one instead.
- Fix NetBSD bug that could allow someone to force uninitialized RAM
to be sent to a server's DNS resolver. This only affects NetBSD
and other platforms that do not bounds-check tolower().
- Reject (most) attempts to use Tor as a one-hop proxy; if many people
start using Tor as a one-hop proxy, exit nodes become a more attractive
target for compromise. (Fixes bug 303.)
- Reject (most) attempts to use Tor circuits with length one. (If
many people start using Tor as a one-hop proxy, exit nodes become
a more attractive target for compromise.)
- Just because your DirPort is open doesn't mean people should be
able to remotely teach you about hidden service descriptors. Now
only accept rendezvous posts if you've got HSAuthoritativeDir set.
o Major bugfixes:
- Avoiding crashing on race condition in dns.c:
tor_assert(! resolve->expire)
tor_assert(!resolve->expire)
- When a client asks the server to resolve (not connect to)
an address, and it has a cached answer, give them the cached answer.
Previously, the server would give them no answer at all.

View File

@ -1885,7 +1885,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
* and users who'd be better off with, well, single-hop proxies.
*/
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Attempt to open a stream on first hop of circuit. Rejecting.");
"Attempt to open a stream on first hop of circuit. Dropping.");
tor_free(address);
return 0;
}

View File

@ -1711,7 +1711,7 @@ launch_wildcard_check(int min_len, int max_len, const char *suffix)
addr = tor_strdup(name);
r = evdns_resolve_ipv4(name, DNS_QUERY_NO_SEARCH,
evdns_wildcard_check_callback, addr);
evdns_wildcard_check_callback, addr);
if (r)
tor_free(addr);
}