Tor v0.4.8.1-alpha: Onion Service Proof-of-Work

When onion service proof-of-work is widely implemented amongst nodes, the Denial of Service (DoS or DDoS) attacks that have plagued the network for years could be considerably lessened. For now, the feature is disabled by default.

Tor v0.4.8.1-alpha: Onion Service Proof-of-Work
  • "This is the first alpha of the 0.4.8.x series. Two major features in this version which are Conflux and onion service Proof-of-Work (PoW)."
  • "There are also many small features in particular, worth noting, the MetricsPort is now exporting more relay and onion service metrics."
  • "Finally, there are also numerous minor bugfixes included in this version."

What's new

  • "Implement proposal 327 (Proof-Of-Work). This is aimed at thwarting introduction flooding DoS attacks by introducing a dynamic Proof-Of-Work protocol that occurs over introduction circuits. This introduces several torrc options prefixed with "HiddenServicePoW" in order to control this feature. By default, this is disabled. Closes ticket 40634."
  • "Implement Proposal 329 (conflux traffic splitting). Conflux splits traffic across two circuits to Exits that support the protocol. These circuits are pre-built only, which means that if the prebuilt conflux pool runs out, regular circuits will then be used. Onion services are not currently supported, but will be in arti. Many other future optimizations will also be possible using this protocol. Closes ticket 40593."
  • Directory authorities and relays now interact properly with directory authorities if they change addresses (Implements ticket 40705.).
  • Update CI to use Debian Bullseye for runners.
  • "Make client able to pick IPv6 relays by default now meaning
    ClientUseIPv6 option now defaults to 1. Closes ticket 40785."
  • "Fix returning something other than "Unknown N/A" as libc version if we build tor on an O.S. like DragonFlyBSD, FreeBSD, OpenBSD or NetBSD."
  • "Always use the number of threads for our CPU worker pool to the number of core available but cap it to a minimum of 2 in case of a single core. Fixes bug 40713; bugfix on"
  • "Fix compiler warnings for liblzma >= 5.3.1. Closes ticket 40741."
  • "Expose time until online keys expires on the MetricsPort. Closes ticket 40546."
  • "Add metrics for the relay side onion service interactions counting seen cells. Closes ticket 40797. Patch by "friendly73"."
  • "Directory authorities now include their AuthDirMaxServersPerAddr config option in the consensus parameter section of their vote. Now external tools can better predict how they will behave. Implements ticket 40753."
  • "Add a new consensus method in which the "published" times on router entries in a microdesc consensus are all set to a meaningless fixed date. Doing this will make the download size for compressed microdesc consensus diffs much smaller. Part of ticket 40130; implements proposal 275."
  • "Clients and relays no longer track the "published on" time declared for relays in any consensus documents. When reporting this time on the control port, they instead report a fixed date in the future. Part of ticket 40130."
  • "Regenerate fallback directories generated on June 01, 2023."
  • "Update the geoip files to match the IPFire Location Database, as retrieved on 2023/06/01."
  • "Add tor_hs_rend_circ_build_time and tor_hs_intro_circ_build_time histograms to measure hidden service rend/intro circuit build time durations. Part of ticket 40757."
  • "Add a reason label to the HS error metrics. Closes ticket 40758."
  • "Add service side metrics for REND and introduction request failures. Closes ticket 40755."
  • "Add support for histograms. Part of ticket 40757."
  • "Automatically restart managed Pluggable Transport processes when their process terminate. Resolves ticket 33669."
  • "Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility. Fixes issue 40630; patch by Alex Xu (Hello71)."
  • "Do not warn about configuration options that may expose a non-anonymous onion service. Closes ticket 40691."
  • "Trigger OOS when bind fails with EADDRINUSE. This improves      fairness when a large number of exit connections are requested, and properly signals exhaustion to the network. Fixes issue 40597; patch by Alex Xu (Hello71)."
  • "Avoid needless key reinitialization with OpenSSL during unit tests, saving significant time. Patch from Alex Xu."
  • "The wrong max queue cell size was used in a protocol warning logging statement. Fixes bug 40745; bugfix on"
  • "Avoid ""double-quoting"" strings in several log messages. Fixes bug 22723; bugfix on"
  • "Correct a log message when cleaning microdescriptors. Fixes bug      40619; bugfix on"
  • "Decrement hs_intro_established_count on introduction circuit close. Fixes bug 40751; bugfix on"
  • "Remove a warning `BUG()` that could occur when attempting to      execute a non-existing pluggable transport on Windows. Fixes bug      40596; bugfix on"
  • "Remove a "BUG" warning for an acceptable race between a circuit      close and considering that circuit active. Fixes bug 40647; bugfix      on"
  • "Remove a harmless "Bug" log message that can happen in relay_addr_learn_from_dirauth() on relays during startup. Finishes fixing bug 40231. Fixes bug 40523; bugfix on"
  • "Allow membarrier for the sandbox. And allow rt_sigprocmask when compiled with LTTng. Fixes bug 40799; bugfix on"
  • "Fix sandbox support on AArch64 systems. More "*at" variants of      syscalls are now supported. Signed 32 bit syscall parameters are      checked more precisely, which should lead to lower likelihood of      breakages with future compiler and libc releases. Fixes bug 40599;      bugfix on"
  • "Avoid a segfault if the state file doesn't contains TotalBuildTimes      along CircuitBuildAbandonedCount being above 0. Fixes bug 40437; bugfix on"
  • "Remove the RendPostPeriod option. This was primarily used in Version 2 Onion Services and after its deprecation isn't needed anymore. Closes ticket 40431. Patch by Neel Chauhan."

GitLab Repo