Commit ad430b95 authored by Roger Dingledine's avatar Roger Dingledine
Browse files

checkpoint changelog and general polishing


svn:r8497
parent bc848c87
Changes in version 0.1.2.2-alpha - 2006-??-?? Changes in version 0.1.2.2-alpha - 2006-??-??
o Major features: o Major features:
- Add server-side support for "reverse" DNS lookups (using PTR - Add server-side support for "reverse" DNS lookups (using PTR
records so clients can determine the canonical hostname for a given records so clients can determine the canonical hostname for a
IPv4 address). This has been specified for a long time, but was given IPv4 address). This has been specified for a long time,
previously never implemented. This is only supported by eventdns; but was previously never implemented. This is only supported by
servers now announce in their descriptors whether they support eventdns; servers now announce in their descriptors whether they
eventdns. support eventdns.
- Specify and implement client-side SOCKS5 interface for reverse DNS - Specify and implement client-side SOCKS5 interface for reverse DNS
lookups; see doc/socks-extensions.txt for full information. lookups; see doc/socks-extensions.txt for full information.
o Minor features: o Minor features:
- Check for name servers (like Earthlink's) that hijack failing DNS - Check for name servers (like Earthlink's) that hijack failing DNS
requests and replace the 'no such server' answer with a "helpful" requests and replace the no-such-server answer with a "helpful"
redirect to an advertising-driven search portal. We're a little clever redirect to an advertising-driven search portal. We're a little
about this, in order to work around DNS hijackers who "helpfully" clever about this, in order to work around DNS hijackers who
decline to hijack known-invalid RFC2606 addresses. [Resolves bug 330.] "helpfully" decline to hijack known-invalid RFC2606 addresses.
Config option "ServerDNSDetectHijacking 0" lets you turn it off.
- When asked to resolve a hostname, don't use non-exit servers unless - When asked to resolve a hostname, don't use non-exit servers unless
requested to do so. This allows servers with broken DNS be useful to requested to do so. This allows servers with broken DNS to
the network. be useful to the network.
o Security Fixes, minor o Security Fixes, minor:
- If a client asked for a server by name, and we didn't have a - If a client asked for a server by name, and we didn't have a
descriptor for a named server with that name, we might return an old descriptor for a named server with that name, we might return an
one. old one.
- Fix NetBSD bug that could allow someone to force uninitialized RAM
to be sent to a server's DNS resolver. This only affects NetBSD
and other platforms that do not bounds-check tolower().
o Major bugfixes o Major bugfixes:
- When a client asks us to resolve (not connect to) an address, - Avoiding crashing on race condition in dns.c:
and we have a cached answer, give them the cached answer. tor_assert(! resolve->expire)
Previously, we would give them no answer at all. - When a client asks the server to resolve (not connect to)
an address, and it has a cached answer, give them the cached answer.
o Minor Bugfixes Previously, the server would give them no answer at all.
- Small performance improvements on parsing descriptors (x2).
- Major performance descriptor on inserting descriptors; change o Minor Bugfixes:
- Two small performance improvements on parsing descriptors.
- Major performance improvement on inserting descriptors: change
algorithm from O(n^2) to O(n). algorithm from O(n^2) to O(n).
- Make the common memory allocation path faster on machines where - Make the common memory allocation path faster on machines where
malloc(0) returns a pointer. malloc(0) returns a pointer.
- Fix a debug log message in eventdns to say "X resolved to Y" - Fix a debug log message in eventdns to say "X resolved to Y"
instead of "X resolved to X". instead of "X resolved to X".
- Prevent the 'exitlist' script from printing the same result more - Prevent the contrib/exitlist script from printing the same
than once. result more than once.
- Build correctly for use on OS X platforms with case-sensitive - Resume building on non-gcc compilers and ancient gcc. Resume
filesystems. building with the -O0 compile flag. Resume building cleanly on
Debian woody.
- Correct includes for net/if.h and net/pfvar.h on OpenBSD (from Tup).
- Improve Tor's chances of building and running on Cygwin again.
- If we're a directory mirror and we ask for "all" network status
documents, we would discard status documents from authorities
we don't recognize.
o Documentation o Documentation
- Documented (and renamed) ServerDNSSearchDomains and - Documented (and renamed) ServerDNSSearchDomains and
ServerDNSResolvConfFile options. ServerDNSResolvConfFile options.
o Packaging:
- Patches so Tor builds with MinGW on Windows.
- The Debian package now uses --verify-config when (re)starting,
to distinguish configuration errors from other errors.
- Update rpms to require libevent 1.1b.
- Remove architecture from OS X builds. The official builds are
now universal binaries.
- Make eventdns on-by-default.
- Divide eventdns log messages into warn and info messages.
- Add new config option "ResolvConf" to let the server operator
choose an alternate resolve.conf file.
- Allow really slow clients to not hang up five minutes into their
directory downloads (suggested by Adam J. Richter).
- Apply patch from Adam Langley: fix assert() in eventdns.c.
- Finally fix the openssl warnings with newer gccs that believe that
ignoring a return value is okay, but casting a return value and
then ignoring it is a sign of madness.
- Don't crash when the controller receives a third argument to an
"extendcircuit" request.
- Add a "getinfo address" controller command.
- Controller protocol fixes: fix encoding in "getinfo addr-mappings"
response; fix error code when "getinfo dir/status/" fails.
- Start remembering X-Your-Address-Is directory hints even if you're
a client, so you can become a server more smoothly.
- Avoid crash when telling controller stream-status and a stream
is detached.
- Avoid crashing when we mmap a router cache file of size 0.
- Avoid duplicate entries on MyFamily line in server descriptor.
- Patch from Steve Hildrey: Generate network status correctly on
non-versioning dirservers.
- Send out a burst of long-range drop cells after we've established
that we're reachable. Spread them over 4 circuits, so hopefully
a few will be fast. This exercises our bandwidth and bootstraps
us quicker.
- Remove 8888 as a long lived port, and add 6697 (ircs).
(stopped at r8478)
Changes in version 0.1.2.1-alpha - 2006-08-27 Changes in version 0.1.2.1-alpha - 2006-08-27
o Major features: o Major features:
- Add "eventdns" async dns library from Adam Langley, tweaked to - Add "eventdns" async dns library from Adam Langley, tweaked to
......
...@@ -270,6 +270,10 @@ Deferred from 0.1.2.x: ...@@ -270,6 +270,10 @@ Deferred from 0.1.2.x:
- Implement - Implement
Minor items for 0.1.2.x as time permits: Minor items for 0.1.2.x as time permits:
- Don't let 'newnym' be triggered more often than every n seconds.
- change log_fn() to log() on notice/warn/err logs where we can.
- the deb now uses --verify-config to distinguish between configuration
errors and other errors. Should the rpm, the ports, etc do this too?
X If we try to publish as a nickname that's already claimed, should X If we try to publish as a nickname that's already claimed, should
we append a number (or increment the number) and try again? This we append a number (or increment the number) and try again? This
way people who read their logs can fix it as before, but people way people who read their logs can fix it as before, but people
......
...@@ -347,7 +347,7 @@ $Id$ ...@@ -347,7 +347,7 @@ $Id$
set through any mechanism. set through any mechanism.
"address" -- the best guess at our external IP address. If we "address" -- the best guess at our external IP address. If we
have no guess, return a 551 error. have no guess, return a 551 error. (Added in 0.1.2.2-alpha)
"circuit-status" "circuit-status"
A series of lines as for a circuit status event. Each line is of A series of lines as for a circuit status event. Each line is of
......
...@@ -47,10 +47,11 @@ Tor's extensions to the SOCKS protocol ...@@ -47,10 +47,11 @@ Tor's extensions to the SOCKS protocol
(We support RESOLVE in SOCKS4 too, even though it is unnecessary.) (We support RESOLVE in SOCKS4 too, even though it is unnecessary.)
For SOCKS5 only, we support reverse resolution with a new command value, For SOCKS5 only, we support reverse resolution with a new command value,
"RESOLVE_PTR". In response to a "RESOLVE_PTR" SOCKS5 command with an IPv4 "RESOLVE_PTR" [F1]. In response to a "RESOLVE_PTR" SOCKS5 command with
address as its target, Tor attempts to find the canonical hostname for that an IPv4 address as its target, Tor attempts to find the canonical
IPv4 record, and returns it in the "server bound address" portion of the hostname for that IPv4 record, and returns it in the "server bound
reply. (This was not supported before Tor 0.1.2.2-alpha) address" portion of the reply.
(This command was not supported before Tor 0.1.2.2-alpha.)
3. HTTP-resistance 3. HTTP-resistance
......
...@@ -73,7 +73,7 @@ Type "make install" ...@@ -73,7 +73,7 @@ Type "make install"
OR OR
Make zlib1.dll: Make zlib1.dll:
Type "cd tor-mingw/zlib-1.2.3"/ Type "cd tor-mingw/zlib-1.2.3/"
Type "./configure" Type "./configure"
Type "make -f win32/Makefile.gcc" Type "make -f win32/Makefile.gcc"
......
...@@ -635,7 +635,7 @@ next day. All times are local, and given in 24-hour time. (Defaults to ...@@ -635,7 +635,7 @@ next day. All times are local, and given in 24-hour time. (Defaults to
\fBServerDNSResolvConfFile \fR\fIfilename\fP \fBServerDNSResolvConfFile \fR\fIfilename\fP
Overrides the default DNS configuration with the configuration in Overrides the default DNS configuration with the configuration in
\fIfilename\fP. The file format is the same as the standard Unix \fIfilename\fP. The file format is the same as the standard Unix
"\fBresolv.conf\fP" file (7). This option only effects name lookup for "\fBresolv.conf\fP" file (7). This option only affects name lookup for
addresses requested by clients; and only takes effect if Tor was built with addresses requested by clients; and only takes effect if Tor was built with
eventdns support. (Defaults to use the system DNS configuration.) eventdns support. (Defaults to use the system DNS configuration.)
.LP .LP
...@@ -645,7 +645,7 @@ If set to \fB1\fP, then we will search for addresses in the local search ...@@ -645,7 +645,7 @@ If set to \fB1\fP, then we will search for addresses in the local search
domain. For example, if this system is configured to believe it is in domain. For example, if this system is configured to believe it is in
"example.com", and a client tries to connect to "www", the client will be "example.com", and a client tries to connect to "www", the client will be
connected to "www.example.com". connected to "www.example.com".
This option only effects name lookup for addresses requested by clients. This option only affects name lookup for addresses requested by clients.
(Defaults to "0".) (Defaults to "0".)
.LP .LP
.TP .TP
...@@ -653,7 +653,7 @@ This option only effects name lookup for addresses requested by clients. ...@@ -653,7 +653,7 @@ This option only effects name lookup for addresses requested by clients.
When this option is set to 1, we will test periodically to determine whether When this option is set to 1, we will test periodically to determine whether
our local nameservers have been configured to hijack failing DNS requests our local nameservers have been configured to hijack failing DNS requests
(usually to an advertising site). If they are, we will attempt to correct (usually to an advertising site). If they are, we will attempt to correct
this. This option only effects name lookup for addresses requested by this. This option only affects name lookup for addresses requested by
clients; and only takes effect if Tor was built with eventdns support. clients; and only takes effect if Tor was built with eventdns support.
(Defaults to "1".) (Defaults to "1".)
......
...@@ -1326,7 +1326,8 @@ list_getinfo_options(void) ...@@ -1326,7 +1326,8 @@ list_getinfo_options(void)
/** Lookup the 'getinfo' entry <b>question</b>, and return /** Lookup the 'getinfo' entry <b>question</b>, and return
* the answer in <b>*answer</b> (or NULL if key not recognized). * the answer in <b>*answer</b> (or NULL if key not recognized).
* Return 0 if success, or -1 if recognized but internal error. */ * Return 0 if success or unrecognized, or -1 if recognized but
* internal error. */
static int static int
handle_getinfo_helper(const char *question, char **answer) handle_getinfo_helper(const char *question, char **answer)
{ {
...@@ -1572,7 +1573,7 @@ handle_getinfo_helper(const char *question, char **answer) ...@@ -1572,7 +1573,7 @@ handle_getinfo_helper(const char *question, char **answer)
} else if (!strcmpstart(question, "exit-policy/")) { } else if (!strcmpstart(question, "exit-policy/")) {
return policies_getinfo_helper(question, answer); return policies_getinfo_helper(question, answer);
} }
return 0; return 0; /* unrecognized */
} }
/** Called when we receive a GETINFO command. Try to fetch all requested /** Called when we receive a GETINFO command. Try to fetch all requested
......
...@@ -1025,8 +1025,8 @@ connection_dir_client_reached_eof(dir_connection_t *conn) ...@@ -1025,8 +1025,8 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
} else { } else {
/* Can we even end up here? -- weasel*/ /* Can we even end up here? -- weasel*/
source = NS_FROM_DIR_BY_FP; source = NS_FROM_DIR_BY_FP;
log_warn(LD_BUG, "we received a networkstatus but we did neither ask" log_warn(LD_BUG, "we received a networkstatus but we didn't ask"
"for it by fp/ nor did we ask for all."); "for it by fp/ or ask for all.");
} }
cp = body; cp = body;
while (*cp) { while (*cp) {
......
...@@ -525,8 +525,8 @@ parse_inaddr_arpa_address(const char *address, struct in_addr *in) ...@@ -525,8 +525,8 @@ parse_inaddr_arpa_address(const char *address, struct in_addr *in)
* if resolve valid, put it into <b>exitconn</b>-\>addr and return 1. * if resolve valid, put it into <b>exitconn</b>-\>addr and return 1.
* If resolve failed, unlink exitconn if needed, free it, and return -1. * If resolve failed, unlink exitconn if needed, free it, and return -1.
* *
* If <b>circ</b> is provided, and this is a resolve request, we have * If <b>oncirc</b> is provided, and this is a resolve request, we have
* a cached answer, send the answer back along circ; otherwise, send * a cached answer, send the answer back along oncirc; otherwise, send
* the answer back along <b>exitconn</b>'s attached circuit. * the answer back along <b>exitconn</b>'s attached circuit.
* *
* Else, if seen before and pending, add conn to the pending list, * Else, if seen before and pending, add conn to the pending list,
...@@ -571,7 +571,7 @@ dns_resolve(edge_connection_t *exitconn, or_circuit_t *oncirc) ...@@ -571,7 +571,7 @@ dns_resolve(edge_connection_t *exitconn, or_circuit_t *oncirc)
/* Check whether this is a reverse lookup. If it's malformed, or it's a /* Check whether this is a reverse lookup. If it's malformed, or it's a
* .in-addr.arpa address but this isn't a resolve request, kill the * .in-addr.arpa address but this isn't a resolve request, kill the
* connecction. * connection.
*/ */
if ((r = parse_inaddr_arpa_address(exitconn->_base.address, NULL)) != 0) { if ((r = parse_inaddr_arpa_address(exitconn->_base.address, NULL)) != 0) {
if (r == 1) if (r == 1)
...@@ -833,8 +833,8 @@ dns_cancel_pending_resolve(const char *address) ...@@ -833,8 +833,8 @@ dns_cancel_pending_resolve(const char *address)
} }
/** Helper: adds an entry to the DNS cache mapping <b>address</b> to the ipv4 /** Helper: adds an entry to the DNS cache mapping <b>address</b> to the ipv4
* address <b>addr</b> (if is_reverse is 0) or the hostname <b>hostname</b> if * address <b>addr</b> (if is_reverse is 0) or the hostname <b>hostname</b> (if
* (is_reverse is 1). <b>ttl</b> is a cache ttl; <b>outcome</b> is one of * is_reverse is 1). <b>ttl</b> is a cache ttl; <b>outcome</b> is one of
* DNS_RESOLVE_{FAILED_TRANSIENT|FAILED_PERMANENT|SUCCEEDED}. * DNS_RESOLVE_{FAILED_TRANSIENT|FAILED_PERMANENT|SUCCEEDED}.
**/ **/
static void static void
...@@ -1727,15 +1727,15 @@ dns_launch_wildcard_checks(void) ...@@ -1727,15 +1727,15 @@ dns_launch_wildcard_checks(void)
for (i = 0; i < N_WILDCARD_CHECKS; ++i) { for (i = 0; i < N_WILDCARD_CHECKS; ++i) {
/* RFC2606 reserves these. Sadly, some DNS hijackers, in a silly attempt /* RFC2606 reserves these. Sadly, some DNS hijackers, in a silly attempt
* to 'comply' with rfc2606, refrain from giving A records for these. * to 'comply' with rfc2606, refrain from giving A records for these.
* This is the standards-complaince equivalent of making sure that your * This is the standards-compliance equivalent of making sure that your
* crackhouse's elevator inspection certificate is up to date. * crackhouse's elevator inspection certificate is up to date.
*/ */
launch_wildcard_check(2, 16, "%s.invalid"); launch_wildcard_check(2, 16, "%s.invalid");
launch_wildcard_check(2, 16, "%s.test"); launch_wildcard_check(2, 16, "%s.test");
/* Thy somese will break specs if there are ever any number of /* These will break specs if there are ever any number of
* 8+-character top-level domains. */ * 8+-character top-level domains. */
launch_wildcard_check(8, 16,""); launch_wildcard_check(8, 16, "");
/* Try some random .com/org/net domains. This will work fine so long as /* Try some random .com/org/net domains. This will work fine so long as
* not too many resolve to the same place. */ * not too many resolve to the same place. */
......
...@@ -348,7 +348,9 @@ typedef enum { ...@@ -348,7 +348,9 @@ typedef enum {
#define _DIR_PURPOSE_MAX 9 #define _DIR_PURPOSE_MAX 9
#define _EXIT_PURPOSE_MIN 1 #define _EXIT_PURPOSE_MIN 1
/** This exit stream wants to do an ordinary connect. */
#define EXIT_PURPOSE_CONNECT 1 #define EXIT_PURPOSE_CONNECT 1
/** This exit stream wants to do a resolve (either normal or reverse). */
#define EXIT_PURPOSE_RESOLVE 2 #define EXIT_PURPOSE_RESOLVE 2
#define _EXIT_PURPOSE_MAX 2 #define _EXIT_PURPOSE_MAX 2
...@@ -1575,10 +1577,10 @@ typedef struct { ...@@ -1575,10 +1577,10 @@ typedef struct {
* addresses to be FQDNs, but rather search for them in * addresses to be FQDNs, but rather search for them in
* the local domains. */ * the local domains. */
int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure
* hijacking */ * hijacking. */
char *ServerDNSResolvConfFile; /**< If provided, we configure our internal char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
* resolver from the file here rather than from * resolver from the file here rather than from
* /etc/resolv.conf (unix) or the registry (windows) */ * /etc/resolv.conf (Unix) or the registry (Windows). */
} or_options_t; } or_options_t;
/** Persistent state for an onion router, as saved to disk. */ /** Persistent state for an onion router, as saved to disk. */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment