start folding in the changes entries

ChangeLog

@@ -1,3 +1,129 @@
+Changes in version 0.2.4.8-alpha - 2013-01-14
+
+  o Major features:
+    - Preliminary support for directory guards (proposal 207): when
+      possible, clients now use their entry guards for non-anonymous
+      directory requests. This can help prevent client enumeration. Note
+      that this behavior only works when we have a usable consensus
+      directory: and when options about what to download are more or
+      less standard. Resolves ticket 6526.
+    - Tor servers and clients now support a better CREATE/EXTEND cell
+      format, allowing the sender to specify multiple address, identity,
+      and handshake types. Implements Robert Ransom's proposal 200;
+      closes ticket 7199.
+
+  o Major features (new circuit handshake):
+    - Tor now supports a new circuit extension handshake designed by Ian
+      Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original
+      circuit extension handshake, later called "TAP", was a bit slow
+      (especially on the server side), had a fragile security proof, and
+      used weaker keys than we'd now prefer. The new circuit handshake
+      uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman
+      function, making it significantly more secure than the older
+      handshake, and significantly faster. Tor can use one of two built-in
+      pure-C curve25519-donna implementations by Adam Langley, or it
+      can link against the "nacl" library for a tuned version if present.
+
+      The built-in version is very fast for 64-bit systems when building
+      with GCC. The built-in 32-bit version is still faster than the
+      old TAP protocol, but using libnacl is better on most such hosts.
+
+      Clients don't currently use this protocol by default, since
+      comparatively few clients support it so far. To try it, set
+      UseNTorHandshake to 1.
+
+      Implements proposal 216; closes ticket 7202.
+
+  o Major features (better link encryption):
+    - Servers can now enable the ECDHE TLS ciphersuites when available
+      and appropriate. These ciphersuites let us negotiate forward-
+      secure TLS secret keys more safely and more efficiently than with
+      our previous use of Diffie-Hellman modulo a 1024-bit prime.
+      By default, public servers prefer the (faster) P224 group, and
+      bridges prefer the (more common) P256 group; you can override this
+      with the TLSECGroup option.
+
+      Enabling these ciphers was a little tricky, since for a long time,
+      clients had been claiming to support them without actually doing
+      so, in order to foil fingerprinting. But with the client-side
+      implementation of proposal 198 in 0.2.3.17-beta, clients can now
+      match the ciphers from recent Firefox versions *and* list the
+      ciphers they actually mean, so servers can believe such clients
+      when they advertise ECDHE support in their TLS ClientHello messages.
+
+      This feature requires clients running 0.2.3.17-beta or later,
+      and requires both sides to be running OpenSSL 1.0.0 or later
+      with ECC support. OpenSSL 1.0.1, with the compile-time option
+      "enable-ec_nistp_64_gcc_128", is highly recommended. Implements
+      the server side of proposal 198; closes ticket 7200.
+
+  o Major bugfixes:
+    - Avoid crashing when, as a node without IPv6-exit support, a
+      client insists on getting an IPv6 address or nothing. Fixes bug
+      7814; bugfix on 0.2.4.7-alpha.
+
+  o Minor features:
+    - Improve circuit build timeout handling for hidden services.
+      In particular: adjust build timeouts more accurately depending
+      upon the number of hop-RTTs that a particular circuit type
+      undergoes. Additionally, launch intro circuits in parallel
+      if they timeout, and take the first one to reply as valid.
+    - Work correctly on unix systems where EAGAIN and EWOULDBLOCK are
+      separate error codes--or at least, don't break for that reason.
+      Fixes bug 7935. Reported by "oftc_must_be_destroyed".
+
+  o Minor features (testing):
+    - Add benchmarks for DH (1024-bit multiplicative group) and ECDH
+      (P-256) diffie-hellman handshakes to src/or/bench.
+    - Add benchmark functions to test onion handshake performance.
+
+  o Minor features (path bias detection):
+    - Alter the Path Bias log messages to be more descriptive in terms
+      of reporting timeouts and other statistics.
+    - Create three levels of Path Bias log messages, as opposed to just
+      two. These are configurable via consensus as well as via the torrc
+      options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate.
+      The default values are 0.70, 0.50, and 0.30 respectively.
+    - Separate the log message levels from the decision to drop guards,
+      which also is available via torrc option PathBiasDropGuards.
+      PathBiasDropGuards still defaults to 0 (off).
+    - Deprecate PathBiasDisableRate in favor of PathBiasDropGuards
+      in combination with PathBiasExtremeRate.
+    - Increase the default values for PathBiasScaleThreshold and
+      PathBiasCircThreshold from (200, 20) to (300, 150).
+    - Add in circuit usage accounting to path bias. If we try to use a
+      built circuit but fail for any reason, it counts as path bias.
+      Certain classes of circuits where the adversary gets to pick your
+      destination node are exempt from this accounting. Usage accounting
+      can be specifically disabled via consensus parameter or torrc.
+    - Convert all internal path bias state to double-precision floating
+      point, to avoid roundoff error and other issues.
+    - Only record path bias information for circuits that have completed
+      *two* hops. Assuming end-to-end tagging is the attack vector, this
+      makes us more resilient to ambient circuit failure without any 
+      detection capability loss.
+
+  o Minor bugfixes:
+    - Rate-limit the "No circuits are opened. Relaxed timeout for a
+      circuit with channel state open..." message to once per hour to
+      keep it from filling the notice logs. Mitigates bug 7799 but does
+     not fix the underlying cause. Bugfix on 0.2.4.7-alpha.
+    - Avoid spurious warnings when configuring multiple client ports of
+      which only some are nonlocal. Previously, we had claimed that some
+      were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on
+      0.2.3.3-alpha.
+
+  o Code simplifications and refactoring:
+    - Get rid of a couple of harmless clang warnings, where we compared
+      enums to ints. These warnings are newly introduced in clang 3.2.
+    - Split the onion.c file into separate modules for the onion queue
+      and the different handshakes it supports.
+    - Remove the marshalling/unmarshalling code for sending requests to
+      cpuworkers over a socket, and instead just send structs. The
+      recipient will always be the same Tor binary as the sender, so
+      any encoding is overkill.
+
+
 Changes in version 0.2.4.7-alpha - 2012-12-24
   Tor 0.2.4.7-alpha introduces a new approach to providing fallback
   directory mirrors for more robust bootstrapping; fixes more issues where

changes/bug7157

@@ -1,26 +0,0 @@
-
- o Minor features:
-   - Alter the Path Bias log messages to be more descriptive in terms
-     of reporting timeouts and other statistics.
-   - Create three levels of Path Bias log messages, as opposed to just
-     two. These are configurable via consensus as well as via torrc
-     options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate.
-     The default values are 0.70, 0.50, and 0.30 respectively.
-   - Separate the log message levels from the decision to drop guards,
-     which also is available via torrc option PathBiasDropGuards.
-     PathBiasDropGuards defaults to 0 (off).
-   - Deprecate PathBiasDisableRate in favor of PathBiasDropGuards
-     in combination with PathBiasExtremeRate.
-   - Increase the default values for PathBiasScaleThreshold and
-     PathBiasCircThreshold from 200 and 20 to 300 and 150, respectively.
-   - Add in circuit usage accounting to path bias. If we try to use a
-     built circuit but fail for any reason, it counts as path bias.
-     Certain classes of circuits where the adversary gets to pick your
-     destination node are exempt from this accounting. Usage accounting
-     can be specifically disabled via consensus parameter or torrc.
-   - Convert all internal path bias state to double-precision floating
-     point, to avoid roundoff error and other issues.
-   - Only record path bias information for circuits that have completed
-     *two* hops. Assuming end-to-end tagging is the attack vector, this
-     makes us more resilient to ambient circuit failure without any 
-     detection capability loss.

changes/bug7341

@@ -1,7 +0,0 @@
-
- o Minor features:
-   - Improve circuit build timeout handling for hidden services.
-     In particular: adjust build timeouts more accurately depending
-     upon the number of hop-RTTs that a particular circuit type
-     undergoes. Additionally, launch intro circuits in parallel
-     if they timeout, and take the first one to reply as valid.

changes/bug7799.ratelim

@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-    - Rate-limit the "No circuits are opened. Relaxed timeout for a
-      circuit with channel state open..." message to once per hour to
-      keep it from filling the notice logs. Mitigates bug 7799 but does
-      not fix the underlying cause. Bugfix on 0.2.4.7-alpha.
-

changes/bug7814

@@ -1,4 +0,0 @@
-  o Major bugfixes:
-    - Avoid crashing when, as a node without IPv6-exit support, a
-      client insists on getting an IPv6 address or nothing.  Fixes bug
-      #7814; bugfix on 0.2.4.7-alpha.

changes/bug7836

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Avoid spurious warnings when configuring multiple client ports of
-      which only some are nonlocal. Previously, we had claimed that some
-      were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on
-      0.2.3.3-alpha.

changes/bug7935

@@ -1,4 +0,0 @@
-  o Minor features (portability):
-    - Work correctly on unix systems where EAGAIN and EWOULDBLOCK are
-      separate error codes--or at least, don't break for that reason.
-      Fixes bug 7935. Reported by "oftc_must_be_destroyed".

changes/clang_enum_warnings

@@ -1,3 +0,0 @@
-  o Code simplifications and refactoring:
-    - Get rid of a couple of harmless clang warnings, where we compared
-      enums to ints. These warnings are newly introduced in clang 3.2.

changes/dh_benchmarks

@@ -1,3 +0,0 @@
-  o Minor features (testing):
-    - Add benchmarks for DH (1024-bit multiplicative group) and ECDH
-      (P-256) diffie-hellman handshakes to src/or/bench.

changes/dirguards

@@ -1,8 +0,0 @@
-  o Major features:
-    - Preliminary support for directory guards: when possible,
-      clients now use guards for non-anonymous directory requests.
-      This can help prevent client enumeration.  Note that this
-      behavior only works when we have a usable consensus directory:
-      and when options about what to download are more or less
-      standard.  Implements proposal 207; closes ticket 6526.
-

changes/ntor

@@ -1,40 +0,0 @@
-  o Major features:
-
-    - Tor now supports a new circuit extension handshake designed by Ian
-      Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original
-      circuit extension handshake, later called "TAP", was a bit slow
-      (especially on the server side), had a fragile security proof, and
-      used weaker keys than we'd now prefer. The new circuit handshake
-      uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman
-      function, making it significantly more secure than the older
-      handshake, and significantly faster. Tor can either use one of two
-      built-in pure-C curve25519-donna implementations by Adam Langley,
-      or link against the "nacl" library for a tuned version if present.
-
-      The built-in version is very fast for 64-bit systems building with
-      GCC. (About 10-14x faster on the server side, and about 7x faster
-      on the client side.) The built-in 32-bit version is still faster
-      than the old TAP protocol (about 3x), but using libnacl would be
-      better on most 32-bit x86 hosts.
-
-      Clients don't currently use this protocol by default, since
-      comparatively few clients support it so far. To try it, set
-      UseNTorHandshake to 1.
-
-      Implements proposal 216; closes ticket #7202.
-
-    - Tor servers and clients now support a better CREATE/EXTEND cell
-      format, allowing the sender to specify multiple address, identity,
-      and handshake types.  Implements Robert Ransom's proposal 200;
-      closes ticket #7199.
-
-  o Code simplification and refactoring:
-    - Split the onion.c file into separate modules for the onion queue
-      and the different handshakes it supports.
-    - Remove the marshalling/unmarshalling code for sending requests to
-      cpuworkers over a socket, and instead just send structs.  The
-      recipient will always be the same Tor binary as the sender, so
-      any encoding is overkill.
-
-  o Testing:
-    - Add benchmark functions to test onion handshake performance.

changes/tls_ecdhe

@@ -1,26 +0,0 @@
-  o Major features:
-
-    - Servers can now enable the ECDHE TLS ciphersuites when available
-      and appropriate. These ciphersuites let us negotiate forward-
-      secure TLS secret keys more safely and more efficiently than with
-      our previous use of Diffie Hellman modulo a 1024-bit prime.
-      By default, public servers prefer the (faster) P224 group, and
-      bridges prefer the (more common) P256 group; you can override this
-      with the TLSECGroup option.
-
-      Enabling these ciphers was a little tricky, since for a long
-      time, clients had been claiming to support them without
-      actually doing so, in order to foil fingerprinting. But with
-      the client-side implementation of proposal 198 in
-      0.2.3.17-beta, clients can now match the ciphers from recent
-      firefox versions *and* list the ciphers they actually mean, so
-      servers can believe such clients when they advertise ECDHE
-      support in their TLS ClientHello messages.
-
-      This feature requires clients running 0.2.3.17-beta or later,
-      and requires both sides to be running OpenSSL 1.0.0 or later
-      with ECC support. OpenSSL 1.0.1, with the compile-time option
-      "enable-ec_nistp_64_gcc_128", is highly recommended.
-      Implements the server side of proposal 198; closes ticket
-      7200.
-

src/or/connection.c

@@ -1245,6 +1245,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
   if (!SOCKET_OK(news)) { /* accept() error */
     int e = tor_socket_errno(conn->s);
     if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
+      log_notice(LD_APP, "he hung up before we could accept(). that's fine.");
       return 0; /* he hung up before we could accept(). that's fine. */
     } else if (ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e)) {
       warn_too_many_conns();
@@ -1256,7 +1257,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
     connection_mark_for_close(conn);
     return -1;
   }
-  log_debug(LD_NET,
+  log_notice(LD_NET,
             "Connection accepted on socket %d (child of fd %d).",
             (int)news,(int)conn->s);
 

src/or/relay.c

@@ -1619,6 +1619,14 @@ connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial,
             conn->base_.s,
             (int)length, (int)connection_get_inbuf_len(TO_CONN(conn)));
 
+  if (conn->base_.type == CONN_TYPE_AP) {
+    char *text = tor_memdup(payload, length+1);
+    text[length] = 0;
+    log_notice(LD_APP, "Incoming socks text (%d):===\n%s\n===",
+               conn->base_.s, text);
+    tor_free(text);
+  }
+
   if (sending_optimistically && !sending_from_optimistic) {
     /* This is new optimistic data; remember it in case we need to detach and
        retry */