commit a1e2232ed10d52062e0c0fe34c45cf7f441b4e78 Author: Roger Dingledine arma@torproject.org Date: Mon Dec 24 04:01:44 2012 -0500
fold in changes files so far --- ChangeLog | 123 ++++++++++++++++++++++++++++++++++++++++++++ changes/addrmap_error | 5 -- changes/bug3443 | 11 ---- changes/bug6113 | 3 - changes/bug6887 | 3 - changes/bug7013 | 4 -- changes/bug7059a | 5 -- changes/bug7260 | 3 - changes/bug7267 | 4 -- changes/bug7306 | 5 -- changes/dist-geoip6 | 3 - changes/fallback_dirsource | 14 ----- changes/geoip-dec2012 | 3 - changes/geoip-nov2012 | 3 - changes/hb-fullness | 3 - changes/ipv6_automap | 19 ------- changes/ipv6_exits | 18 ------ changes/prop205-simplified | 25 --------- changes/rename_dirserver | 3 - changes/split_addressmap | 3 - changes/task-6266 | 7 --- 21 files changed, 123 insertions(+), 144 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 027edcc..a41af9f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,126 @@ +Changes in version 0.2.4.7-alpha - 2012-12-24 + o Major features (client resilience): + - Add a new "FallbackDir" torrc option to use when we can't use + a directory mirror from the consensus (either because we lack a + consensus, or because they're all down). Currently, all authorities + are fallbacks by default, and there are no other default fallbacks, + but that will change. This option will allow us to give clients a + longer list of servers to try to get a consensus from when first + connecting to the Tor network, and thereby reduce load on the + directory authorities. Implements proposal 206, "Preconfigured + directory sources for bootstrapping". We also removed the old + "FallbackNetworkstatus" option, since we never got it working well + enough to use it. Closes bug 572. + - If we have no circuits open, use a relaxed timeout (the + 95-percentile cutoff) until a circuit succeeds. This heuristic + should allow Tor to succeed at building circuits even when the + network connection drastically changes. Should help with bug 3443. + + o Major features (IPv6): + - Tor now has (alpha) support for exiting to IPv6 addresses. To + enable it as an exit node, make sure that you have IPv6 + connectivity, then set the IPv6Exit flag to 1. Also make sure your + exit policy reads as you would like: the address * applies to all + address families, whereas *4 is IPv4 address only, and *6 is IPv6 + addresses only. On the client side, you'll need to wait until the + authorities have upgraded, wait for enough exits to support IPv6, + apply the "IPv6Traffic" flag to a SocksPort, and use Socks5. Closes + ticket 5547, implements proposal 117 as revised in proposal 208. + + We DO NOT recommend that clients with actual anonymity needs start + using IPv6 over Tor yet, since not enough exits support it yet. + + o Major features (geoip database): + - Maxmind began labelling Tor relays as being in country "A1", + which breaks by-country node selection inside Tor. Now we use a + script to replace "A1" ("Anonymous Proxy") entries in our geoip + file with real country codes. This script fixes about 90% of "A1" + entries automatically and uses manual country code assignments to + fix the remaining 10%. See src/config/README.geoip for details. + Fixes bug 6266. Also update to the December 5 2012 Maxmind GeoLite + Country database, as modified above. + + o Major bugfixes (client-side DNS): + - Turn off the client-side DNS cache by default. Updating and using + the DNS cache is now configurable on a per-client-port + level. SOCKSPort, DNSPort, etc lines may now contain + {No,}Cache{IPv4,IPv6,}DNS lines to indicate that we shouldn't + cache these types of DNS answers when we receive them from an + exit node in response to an application request on this port, and + {No,}UseCached{IPv4,IPv6,DNS} lines to indicate that if we have + cached DNS answers of these types, we shouldn't use them. It's + potentially risky to use cached DNS answers at the client, since + doing so can indicate to one exit what answers we've gotten + for DNS lookups in the past. With IPv6, this becomes especially + problematic. Using cached DNS answers for requests on the same + circuit would present less linkability risk, since all traffic + on a circuit is already linkable, but it would also provide + little performance benefit: the exit node caches DNS replies + too. Implements a simplified version of Proposal 205. Implements + ticket 7570. + + o Major bugfixes (other): + - Alter circuit build timeout measurement to start at the point + where we begin the CREATE/CREATE_FAST step (as opposed to circuit + initialization). This should make our timeout measurements more + uniform. Previously, we were sometimes including ORconn setup time + in our circuit build time measurements. Should resolve bug 3443. + - Fix an assertion that could trigger in hibernate_go_dormant() when + closing an or_connection_t: call channel_mark_for_close() rather + than connection_mark_for_close(). Fixes bug 7267. Bugfix on + 0.2.4.4-alpha. + - Distribute and install the geoip6 IPv6 GeoIP database. Fixes bug + 7655; bugfix on 0.2.4.6-alpha. + + o Minor features: + - Add a new torrc option "ServerTransportListenAddr" to let users + select the address where their pluggable transports will listen + for connections. Resolves ticket 7013. + - Allow an optional $ before the node identity digest in the + controller command GETINFO ns/id/<identity>, for consistency with + md/id/<identity> and desc/id/<identity>. Resolves ticket 7059. + - Log packaged cell fullness as part of the heartbeat message. + Diagnosis to try to determine the extent of bug 7743. + + o Minor features (IPv6): + - AutomapHostsOnResolve now supports IPv6 addresses. By default, we + prefer to hand out virtual IPv6 addresses, since there are more of + them and we can't run out. To override this behavior and make IPv4 + addresses preferred, set NoPreferIPv6Automap on whatever SOCKSPort + or DNSPort you're using for resolving. Implements ticket 7571. + - AutomapHostsOnResolve responses are now randomized, to avoid + annoying situations where Tor is restarted and applications + connect to the wrong addresses. + - We never try more than 1000 times to pick a new virtual address + when AutomapHostsOnResolve is set. That's good enough so long as + we aren't close to handing out our entire virtual address space; + if you're getting there, it's best to switch to IPv6 virtual + addresses anyway. + + o Minor bugfixes: + - The ADDRMAP command can no longer generate an ill-formed error + code on a failed MAPADDRESS. It now says "internal" rather than + an English sentence fragment with spaces in the middle. Bugfix on + Tor 0.2.0.19-alpha. + - Fix log messages and comments to avoid saying "GMT" when we mean + "UTC". Fixes bug 6113. + - Compile on win64 using mingw64. Fixes bug 7260; patches from + "yayooo". + - Fix a crash when debugging unit tests on Windows: deallocate a + shared library with FreeLibrary, not CloseHandle. Fixes bug 7306; + bugfix on 0.2.2.17-alpha. Reported by "ultramage". + + o Renamed options: + - The DirServer option is now DirAuthority, for consistency with + current naming patterns. You can still use the old DirServer form. + + o Code simplification and refactoring: + - Move the client-side address-map/virtual-address/DNS-cache code + out of connection_edge.c into a new addressmap.c module. + - Remove unused code for parsing v1 directories and "running routers" + documents. Fixes bug 6887. + + Changes in version 0.2.3.25 - 2012-11-19 The Tor 0.2.3 release series is dedicated to the memory of Len "rabbi" Sassaman (1980-2011), a long-time cypherpunk, anonymity researcher, diff --git a/changes/addrmap_error b/changes/addrmap_error deleted file mode 100644 index 17d9b54..0000000 --- a/changes/addrmap_error +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (controller): - - The ADDRMAP command can no longer generate an ill-formed error - code on a failed MAPADDRESS. It now says "internal" rather than - an English sentence fragment with spaces in the middle. Bugfix on - Tor 0.2.0.19-alpha. diff --git a/changes/bug3443 b/changes/bug3443 deleted file mode 100644 index 01896ff..0000000 --- a/changes/bug3443 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes - - Alter circuit build timeout measurement to start at the point - where we begin the CREATE/CREATE_FAST step (as opposed to circuit - initialization). This should make our timeout measurements more - uniform. Previously, we were sometimes including ORconn setup time - in our circuit build time measurements. Fixes bug #3443. - - o Minor features - - If we have no circuits open, use a relaxed timeout (the 95-percentile - cutoff) until a circuit succeeds. This should allow Tor to succeed - building circuits if the network connection drastically changes. diff --git a/changes/bug6113 b/changes/bug6113 deleted file mode 100644 index 436243d..0000000 --- a/changes/bug6113 +++ /dev/null @@ -1,3 +0,0 @@ - o Trivial bugfixes: - - Fix log messages and comments to avoid saying "GMT" when we mean - "UTC". Fixes bug 6113. diff --git a/changes/bug6887 b/changes/bug6887 deleted file mode 100644 index df226d4..0000000 --- a/changes/bug6887 +++ /dev/null @@ -1,3 +0,0 @@ - o Removed code: - - Removed unused code to parse v1 directories and "running routers" - documents. Fixes bug 6887. diff --git a/changes/bug7013 b/changes/bug7013 deleted file mode 100644 index ba78520..0000000 --- a/changes/bug7013 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Add a new torrc option 'ServerTransportListenAddr' which allows - users to select the address where their pluggable transports - will listen for connections. diff --git a/changes/bug7059a b/changes/bug7059a deleted file mode 100644 index b0c0611..0000000 --- a/changes/bug7059a +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (controller): - - Allow an optional $ before the node identity digest in the - controller command GETINFO ns/id/<identity>, for consistency with - md/id/<identity> and desc/id/<identity>. - diff --git a/changes/bug7260 b/changes/bug7260 deleted file mode 100644 index 8eb54c3..0000000 --- a/changes/bug7260 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Compile on win64 using mingw64. Fixes bug 7260; patches from "yayooo". - diff --git a/changes/bug7267 b/changes/bug7267 deleted file mode 100644 index 7089329..0000000 --- a/changes/bug7267 +++ /dev/null @@ -1,4 +0,0 @@ - - Major bugfixes - o Call channel_mark_for_close() rather than connection_mark_for_close() - in hibernate_go_dormant() when closing an or_connection_t. Fixes bug - 7267. diff --git a/changes/bug7306 b/changes/bug7306 deleted file mode 100644 index 949cc60..0000000 --- a/changes/bug7306 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix a crash when debugging unit tests on windows: deallocate a - shared library with FreeLibrary, not CloseHandle. Fixes bug #7306; - bugfix on 0.2.2.17-alpha. Reported by "ultramage". - diff --git a/changes/dist-geoip6 b/changes/dist-geoip6 deleted file mode 100644 index 09cdc42..0000000 --- a/changes/dist-geoip6 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Distribute and install the geoip6 IPv6 GeoIP database. Fixes bug - 7655; bugfix on 0.2.4.6-alpha. diff --git a/changes/fallback_dirsource b/changes/fallback_dirsource deleted file mode 100644 index 6b79d1a..0000000 --- a/changes/fallback_dirsource +++ /dev/null @@ -1,14 +0,0 @@ - o Major features: - - Add a new FallbackDir option to use when we can't use a directory - from the consensus (either because we lack a consensus, or because - they're all down). Currently, all authorities are fallbacks by - default, and there are no other default fallbacks, but that will - change. This option will allow us to give clients a longer list - of servers to try to get a consensus from when first connecting to - the Tor network, and thereby reduce load on the directory - authorities. Implements proposal 206, "Preconfigured directory - sources for bootstrapping". Closes bug 572. - - o Removed features: - - Drop the old FallbackNetworkstatus option: we never got it working - well enough to use it. Closes bug 572. diff --git a/changes/geoip-dec2012 b/changes/geoip-dec2012 deleted file mode 100644 index 26431c2..0000000 --- a/changes/geoip-dec2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the December 5 2012 Maxmind GeoLite Country database. - diff --git a/changes/geoip-nov2012 b/changes/geoip-nov2012 deleted file mode 100644 index 22e7bac..0000000 --- a/changes/geoip-nov2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the November 7 2012 Maxmind GeoLite Country database. - diff --git a/changes/hb-fullness b/changes/hb-fullness deleted file mode 100644 index 5a8beb8..0000000 --- a/changes/hb-fullness +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Log packaged cell fullness as part of the heartbeat message. - Diagnosis to try to determine the extent of bug 7743. diff --git a/changes/ipv6_automap b/changes/ipv6_automap deleted file mode 100644 index 1b44585..0000000 --- a/changes/ipv6_automap +++ /dev/null @@ -1,19 +0,0 @@ - o Minor features: - - - AutomapHostsOnResolve now support IPv6 addresses. By default, we - prefer to hand out virtual IPv6 addresses, since there are more of - them and we can't run out. To override this behavior and make - IPv4 addresses preferred, set NoPreferIPv6Automap on whatever - SOCKSPort or DNSPort you're using for resolving. Implements - ticket #7571. - - - AutomapHostsOnResolve responses are now randomized, to avoid - annoying situations where Tor is restarted and applications - connect to the wrong addresses. - - - We never try more than 1000 times to pick a virtual address - when AutomapHostsOnResolve is set. That's good enough so long - as we aren't close to handing out our entire virtual address - space; if you're getting there, it's best to switch to IPv6 - virtual addresses anyway. - diff --git a/changes/ipv6_exits b/changes/ipv6_exits deleted file mode 100644 index 97af751..0000000 --- a/changes/ipv6_exits +++ /dev/null @@ -1,18 +0,0 @@ - o Major features: - - - Tor now has (alpha) support for exiting to IPv6 addresses. To - enable it as an exit node, make sure that you have IPv6 - connectivity, set the IPv6Exit flag to 1. Also make sure your - exit policy reads as you would like: the address * applies to - all address families, whereas *4 is IPv4 address only, and *6 - is IPv6 addresses only. On the client side, you'll need to - wait till the authorities have upgraded, wait for enough exits - to support IPv6, apply the "IPv6Traffic" flag to a SocksPort, - and use Socks5. Closes ticket 5547, implements proposal 117 as - revised in proposal 208. - - We DO NOT recommend that clients with actual anonymity needs - start using IPv6 over Tor yet: not enough exits support it - yet, and there are some DNS-caching related issues that need - to be solved first. - diff --git a/changes/prop205-simplified b/changes/prop205-simplified deleted file mode 100644 index 25d204d..0000000 --- a/changes/prop205-simplified +++ /dev/null @@ -1,25 +0,0 @@ - o Major features (client-side DNS): - - - The updating and usage of DNS cache is now configurable on a - per- client-port level. SOCKSPort, DNSPort, etc lines may now - contain {No,}Cache{IPv4,IPv6,}DNS lines to indicate that we - shouldn't cache these types of DNS answers when we receive them - from an exit node in response to a request from this port, and - {No,}UseCached{IPv4,IPv6,DNS} lines to indicate that if we have - cached DNS answers of these types, we shouldn't use them. It's - potentially risky to use cached DNS answers at the client, - since doing so can indicate to one exit - what answers we've gotten for DNS lookups in the past. With - IPv6, this becomes especially problematic. Using cached DNS - answers for requests on the same circuit would present less - linkability risk, since all traffic on a circuits is already - linkable, but it would also provide little performance benefit: - the exit node caches DNS replies too. Implements a simplified - version of Proposal 205. Implements ticket #7570. - - o Disabled features: - - - Client-side use of the DNS cache is now off by default. See "Major - features (client-side DNS)" for more information. Implements a - simplified version of Proposal 205. Implements ticket #7570. - diff --git a/changes/rename_dirserver b/changes/rename_dirserver deleted file mode 100644 index 122a2df..0000000 --- a/changes/rename_dirserver +++ /dev/null @@ -1,3 +0,0 @@ - o Renamed options: - - The DirServer option is now DirAuthority, for consistency with current - naming patterns. You can still use the old DirServer form. diff --git a/changes/split_addressmap b/changes/split_addressmap deleted file mode 100644 index 9f377c5..0000000 --- a/changes/split_addressmap +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Move the client-side address-map/virtual-address/DNS-cache code - out of connection_edge.c into a new addressmap.c module. diff --git a/changes/task-6266 b/changes/task-6266 deleted file mode 100644 index e7f0509..0000000 --- a/changes/task-6266 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features: - - Use a script to replace "A1" ("Anonymous Proxy") entries in our - geoip file with real country codes. This script fixes about 90% of - "A1" entries automatically and uses manual country code assignments - to fix the remaining 10%. See src/config/README.geoip for details. - Fixes #6266. -