Tor 0.1.2.7-alpha is out
arma at mit.edu
Thu Feb 8 05:32:38 UTC 2007
This is the seventh development snapshot for the 0.1.2.x series. It makes
rate limiting much more comfortable for servers, along with a huge pile
of other bugfixes.
Changes in version 0.1.2.7-alpha - 2007-02-06
o Major bugfixes (rate limiting):
- Servers decline directory requests much more aggressively when
they're low on bandwidth. Otherwise they end up queueing more and
more directory responses, which can't be good for latency.
- But never refuse directory requests from local addresses.
- Fix a memory leak when sending a 503 response for a networkstatus
- Be willing to read or write on local connections (e.g. controller
connections) even when the global rate limiting buckets are empty.
- If our system clock jumps back in time, don't publish a negative
uptime in the descriptor. Also, don't let the global rate limiting
buckets go absurdly negative.
- Flush local controller connection buffers periodically as we're
writing to them, so we avoid queueing 4+ megabytes of data before
trying to flush.
o Major bugfixes (NT services):
- Install as NT_AUTHORITY\LocalService rather than as SYSTEM; add a
command-line flag so that admins can override the default by saying
"tor --service install --user "SomeUser"". This will not affect
existing installed services. Also, warn the user that the service
will look for its configuration file in the service user's
%appdata% directory. (We can't do the 'hardwire the user's appdata
directory' trick any more, since we may not have read access to that
o Major bugfixes (other):
- Previously, we would cache up to 16 old networkstatus documents
indefinitely, if they came from nontrusted authorities. Now we
discard them if they are more than 10 days old.
- Fix a crash bug in the presence of DNS hijacking (reported by Andrew
- Detect and reject malformed DNS responses containing circular
- If exits are rare enough that we're not marking exits as guards,
ignore exit bandwidth when we're deciding the required bandwidth
to become a guard.
- When we're handling a directory connection tunneled over Tor,
don't fill up internal memory buffers with all the data we want
to tunnel; instead, only add it if the OR connection that will
eventually receive it has some room for it. (This can lead to
slowdowns in tunneled dir connections; a better solution will have
to wait for 0.2.0.)
o Minor bugfixes (dns):
- Add some defensive programming to eventdns.c in an attempt to catch
possible memory-stomping bugs.
- Detect and reject DNS replies containing IPv4 or IPv6 records with
an incorrect number of bytes. (Previously, we would ignore the
- Fix as-yet-unused reverse IPv6 lookup code so it sends nybbles
in the correct order, and doesn't crash.
- Free memory held in recently-completed DNS lookup attempts on exit.
This was not a memory leak, but may have been hiding memory leaks.
- Handle TTL values correctly on reverse DNS lookups.
- Treat failure to parse resolv.conf as an error.
o Minor bugfixes (other):
- Fix crash with "tor --list-fingerprint" (reported by seeess).
- When computing clock skew from directory HTTP headers, consider what
time it was when we finished asking for the directory, not what
time it is now.
- Expire socks connections if they spend too long waiting for the
handshake to finish. Previously we would let them sit around for
days, if the connecting application didn't close them either.
- And if the socks handshake hasn't started, don't send a
"DNS resolve socks failed" handshake reply; just close it.
- Stop using C functions that OpenBSD's linker doesn't like.
- Don't launch requests for descriptors unless we have networkstatuses
from at least half of the authorities. This delays the first
download slightly under pathological circumstances, but can prevent
us from downloading a bunch of descriptors we don't need.
- Do not log IPs with TLS failures for incoming TLS
connections. (Fixes bug 382.)
- If the user asks to use invalid exit nodes, be willing to use
- Stop using the reserved ac_cv namespace in our configure script.
- Call stat() slightly less often; use fstat() when possible.
- Refactor the way we handle pending circuits when an OR connection
completes or fails, in an attempt to fix a rare crash bug.
- Only rewrite a conn's address based on X-Forwarded-For: headers
if it's a parseable public IP address; and stop adding extra quotes
to the resulting address.
o Major features:
- Weight directory requests by advertised bandwidth. Now we can
let servers enable write limiting but still allow most clients to
succeed at their directory requests. (We still ignore weights when
choosing a directory authority; I hope this is a feature.)
o Minor features:
- Create a new file ReleaseNotes which was the old ChangeLog. The
new ChangeLog file now includes the summaries for all development
- Check for addresses with invalid characters at the exit as well
as at the client, and warn less verbosely when they fail. You can
override this by setting ServerDNSAllowNonRFC953Addresses to 1.
- Adapt a patch from goodell to let the contrib/exitlist script
take arguments rather than require direct editing.
- Inform the server operator when we decide not to advertise a
DirPort due to AccountingMax enabled or a low BandwidthRate. It
was confusing Zax, so now we're hopefully more helpful.
- Bring us one step closer to being able to establish an encrypted
directory tunnel without knowing a descriptor first. Still not
ready yet. As part of the change, now assume we can use a
create_fast cell if we don't know anything about a router.
- Allow exit nodes to use nameservers running on ports other than 53.
- Servers now cache reverse DNS replies.
- Add an --ignore-missing-torrc command-line option so that we can
get the "use sensible defaults if the configuration file doesn't
exist" behavior even when specifying a torrc location on the command
o Minor features (controller):
- Track reasons for OR connection failure; make these reasons
available via the controller interface. (Patch from Mike Perry.)
- Add a SOCKS_BAD_HOSTNAME client status event so controllers
can learn when clients are sending malformed hostnames to Tor.
- Clean up documentation for controller status events.
- Add a REMAP status to stream events to note that a stream's
address has changed because of a cached address or a MapAddress
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
More information about the tor-talk