Tor 0.3.2.8-rc is released, with important updates for relays
Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite schedulers that had led servers under heavy load to overload their outgoing connections. All relay operators running earlier 0.3.2.x versions should upgrade. This version also includes a mitigation for over-full DESTROY queues leading to out-of-memory conditions: if it works, we will soon backport it to earlier release series.
This is the second release candidate in the 0.3.2 series. If we find no new bugs or regression here, then the first stable 0.3.2 release will be nearly identical to this.
You can download the source from the usual place on the website. Binary packages should be available soon. There probably won't be a Tor Browser release for this one; this issues fixed here are mainly (but not exclusively) relevant to relays.
Changes in version 0.3.2.8-rc - 2017-12-21
- Major bugfixes (KIST, scheduler):
- The KIST scheduler did not correctly account for data already enqueued in each connection's send socket buffer, particularly in cases when the TCP/IP congestion window was reduced between scheduler calls. This situation lead to excessive per-connection buffering in the kernel, and a potential memory DoS. Fixes bug 24665; bugfix on 0.3.2.1-alpha.
- Minor features (geoip):
- Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2 Country database.
- Minor bugfixes (hidden service v3):
- Bump hsdir_spread_store parameter from 3 to 4 in order to increase the probability of reaching a service for a client missing microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha.
- Minor bugfixes (memory usage):
- When queuing DESTROY cells on a channel, only queue the circuit-id and reason fields: not the entire 514-byte cell. This fix should help mitigate any bugs or attacks that fill up these queues, and free more RAM for other uses. Fixes bug 24666; bugfix on 0.2.5.1-alpha.
- Minor bugfixes (scheduler, KIST):
- Use a sane write limit for KISTLite when writing onto a connection buffer instead of using INT_MAX and shoving as much as it can. Because the OOM handler cleans up circuit queues, we are better off at keeping them in that queue instead of the connection's buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha.
I can't extract the tar archive, is it a problem on my side or can you fix it?
What is the status of option
__AllDirActionsPrivate in current tor versions? It is not documented in
man torrc, but I can see some mentioning in control-spec.txt, in bug reports (with relation to crash, probably already fixed), and in old (more than 10 years) Roger's recommendations. Is it safe to use?
I need my tor parsing programs to use full nodes' descriptors. Recommended way to get it is to enable options
However, it results in like 10 extra connections of my tor client to some random tor nodes. I guess this can be used to easily profile me among other tor clients. So, I think about possibility to start my tor client with standard config and then, after start, do
ControlPort (with these 3 options and with the option
__AllDirActionsPrivate). I suppose that from outside it will look like more typical tor client connection than without the option
__AllDirActionsPrivate. What's Tor Project's opinion on this solution?