diff options
author | Roger Dingledine <arma@torproject.org> | 2006-10-05 08:23:21 +0000 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2006-10-05 08:23:21 +0000 |
commit | 64b5fd3194446aefe39480d0caf15d72531572d1 (patch) | |
tree | 4457eaa73fc7e801b0f28ff6e03a336cd891ba5d /ChangeLog | |
parent | 8c1121231720d659e2ad17db87ef58410b5bc867 (diff) | |
download | tor-64b5fd3194446aefe39480d0caf15d72531572d1.tar.gz tor-64b5fd3194446aefe39480d0caf15d72531572d1.zip |
checkpoint some cleanups
svn:r8599
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 79 |
1 files changed, 38 insertions, 41 deletions
@@ -9,80 +9,77 @@ Changes in version 0.1.2.2-alpha - 2006-10-?? lookups; see doc/socks-extensions.txt for full information. - Add a BEGIN_DIR relay cell type for an easier in-protocol way to connect to directory servers through Tor. Previously, clients - could only connect to directory servers over Tor from exit nodes, - but couldn't get directory information anonymously from a non-exit - cache without getting a separate exit node involved. + could only connect to directory servers over Tor from exit nodes. o Minor features: - Check for name servers (like Earthlink's) that hijack failing DNS requests and replace the no-such-server answer with a "helpful" - redirect to an advertising-driven search portal. We're a little + redirect to an advertising-driven search portal. We're a little clever about this, in order to work around DNS hijackers who "helpfully" decline to hijack known-invalid RFC2606 addresses. Config option "ServerDNSDetectHijacking 0" lets you turn it off. - When asked to resolve a hostname, don't use non-exit servers unless - requested to do so. This allows servers with broken DNS to - be useful to the network. + requested to do so. This allows servers with broken DNS to be + useful to the network. - Add an "EnforceDistinctSubnets" option to control our "exclude servers on the same /16" behavior. It's still on by default; this is mostly for people who want to operate private test networks with all the machines on the same subnet. - If one of our entry guards is on the ExcludeNodes list, or the - directory authorities don't think it's a good guard, treat it as if it - were unlisted: stop using it as a guard, and throw it off the guards - list if it stays that way for a long time. - - Allow directory authorities to be marked separately as authorities for - the v1 directory protocol, the v2 directory protocol, and as hidden - service directories, to make it easier to retire old authorities. - V1 authorities should set "HSAuthoritativeDir 1" to continue being - hidden service authorities too. - - Reserve the nickname "Unnamed" for routers that can't pick a hostname; - any router can call itself Unnamed; directory servers will never - allocate Unnamed to any particular router; clients won't believe that - any router is the canonical Unnamed. - - New controller event to alert the controller when our server descriptor - has changed. + directory authorities don't think it's a good guard, treat it as + if it were unlisted: stop using it as a guard, and throw it off + the guards list if it stays that way for a long time. + - Allow directory authorities to be marked separately as authorities + for the v1 directory protocol, the v2 directory protocol, and + as hidden service directories, to make it easier to retire old + authorities. V1 authorities should set "HSAuthoritativeDir 1" + to continue being hidden service authorities too. + - Reserve the nickname "Unnamed" for routers that can't pick + a hostname; any router can call itself Unnamed; directory + authorities will never allocate Unnamed to any particular router; + clients won't believe that any router is the canonical Unnamed. + - New controller event to alert the controller when our server + descriptor has changed. - Only include function names in log messages for debugging messages; - in other cases, the content of the message should be clear on its own, - and including the function name only seems to confuse users. - - Fix CIRC controller events so that controllers can learn the identity - digests of non-Named servers used in circuit paths. (Fixes bug 336.) - - Avoid choosing Exit nodes for entry or middle hops when the bandwidth - available in non-Exit nodes is much higher then the bandwidth available - in Exit nodes. (Fixes bug 200.) + in other cases, the content of the message should be clear on its + own, and including the function name only seems to confuse users. + - Fix CIRC controller events so that controllers can learn the + identity digests of non-Named servers used in circuit paths. + - Avoid choosing Exit nodes for entry or middle hops when the + bandwidth available in non-Exit nodes is much higher than the + bandwidth available in Exit nodes. - Give more meaningful errors on control authentication failure. - Avoid possibility of controller-triggered crash when misusing certain commands from a v0 controller on platforms that do not handle printf("%s",NULL) gracefully. - - When deciding whether an IP is "local", check for IPs on the same /24 - as us. This prevents some false positives during reachability - detection. - - Avoid possibility of controller-triggered crash when misusing certain - commands from a v0 controller on platforms that do not handle + - Avoid some false positives during reachability testing: don't try + to test via a server that's on the same /24 as us. + - Avoid controller-triggered crash when misusing certain commands + from a v0 controller on platforms that do not handle printf("%s",NULL) gracefully. - Add an (off by default) feature so that controllers can get more useful - identifiers for servers. Instead of learning identity digests for + identifiers for servers. Instead of learning identity digests for un-Named servers and nicknames for Named servers, the new identifiers - include digest, nickname, and indication of Named status. See + include digest, nickname, and indication of Named status. See control-spec.txt for more information. o Security Fixes, minor: - - If a client asked for a server by name, and we didn't have a - descriptor for a named server with that name, we might return an - old one. + - If a client asked for a server by name, and there's a named server + in our network-status but we don't have its descriptor yet, we + would return an unnamed one instead. - Fix NetBSD bug that could allow someone to force uninitialized RAM to be sent to a server's DNS resolver. This only affects NetBSD and other platforms that do not bounds-check tolower(). - - Reject (most) attempts to use Tor as a one-hop proxy; if many people - start using Tor as a one-hop proxy, exit nodes become a more attractive - target for compromise. (Fixes bug 303.) + - Reject (most) attempts to use Tor circuits with length one. (If + many people start using Tor as a one-hop proxy, exit nodes become + a more attractive target for compromise.) - Just because your DirPort is open doesn't mean people should be able to remotely teach you about hidden service descriptors. Now only accept rendezvous posts if you've got HSAuthoritativeDir set. o Major bugfixes: - Avoiding crashing on race condition in dns.c: - tor_assert(! resolve->expire) + tor_assert(!resolve->expire) - When a client asks the server to resolve (not connect to) an address, and it has a cached answer, give them the cached answer. Previously, the server would give them no answer at all. |