aboutsummaryrefslogtreecommitdiff
path: root/doc/TODO
diff options
context:
space:
mode:
Diffstat (limited to 'doc/TODO')
-rw-r--r--doc/TODO230
1 files changed, 116 insertions, 114 deletions
diff --git a/doc/TODO b/doc/TODO
index 938e15c22..bc6844815 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,8 +1,4 @@
-make connection_flush_buf() more obviously obsolete
-let hup reread the config file, eg so we can get new exit policies without restarting
-use times(2) rather than gettimeofday to measure how long it takes to process a cell
-
Legend:
SPEC!! - Not specified
SPEC - Spec not finalized
@@ -16,56 +12,27 @@ ARMA - arma claims
X Abandoned
Short-term:
- o routers have identity key, link key, onion key.
- o link key certs are
- D signed by identity key
- D not in descriptor
- o not in config
- D not on disk
- o identity and onion keys are in descriptor (and disk)
- o upon boot, if it doesn't find identity key, generate it and write it.
- o also write a file with the identity key fingerprint in it
- o router generates descriptor: flesh out router_get_my_descriptor()
- o Routers sign descriptors with identity key
- o routers put version number in descriptor
- o routers should maybe have `uname -a` in descriptor?
- o Give nicknames to routers
- o in config
- o in descriptors
- o router posts descriptor
- o when it boots
- D when it changes
- o change tls stuff so certs don't get written to disk, or read from disk
- o make directory.c 'thread'safe
- o dirserver parses descriptor
- o dirserver checks signature
- D client checks signature?
- o dirserver writes directory to file
- o reads that file upon boot
- o directory includes all routers, up and down
- o add "up" line to directory, listing nicknames
-ARMA . find an application that uses half-open connections: openssh
- o instruments ORs to report stats
- o average cell fullness
- o average bandwidth used
. integrate rep_ok functions, see what breaks
- o configure log files. separate log file, separate severities.
- o what assumptions break if we fclose(0) when we daemonize?
- o make buffer struct elements opaque outside buffers.c
-ARMA . Go through log messages, reduce confusing error messages.
-ARMA . make the logs include more info (fd, etc)
- o add log convention to the HACKING file
- . make 'make install' do the right thing
- o change binary name to tor
- o change config files so you look at commandline, else look in
- /etc/torrc. no cascading.
- o have an absolute datadir with fixed names for files, and fixed-name
- keydir under that with fixed names
-ARMA - tor faq
- list all other systems, why we're different.
- o Move (most of) the router/directory code out of main.c
-
-Mid-term:
+ - update tor faq
+ . obey SocksBindAddress, ORBindAddress
+ - warn if we're running as root
+ - make connection_flush_buf() more obviously obsolete
+ . let hup reread the config file, eg so we can get new exit
+ policies without restarting
+ - use times(2) rather than gettimeofday to measure how long it
+ takes to process a cell
+ . Exit policies
+ o Spec how to write the exit policies
+ - Path selection algorithms
+ - Let user request certain nodes
+ - And disallow certain nodes
+ D Choose path by jurisdiction, etc?
+ - Make relay end cells have failure status and payload attached
+ - Streams that fail due to exit policy must reextend to new node
+ - Add extend_wait state to edge connections, thumb through them
+ when the AP get an extended cell.
+ - let non-approved routers handshake.
+ - just list approved routers in directory.
. migrate to using nickname rather than addr:port for routers
o decide_aci_type
- generate onion skins
@@ -83,6 +50,24 @@ Mid-term:
- connection_or_init_conn_from_router
- tag_pack, tag_unpack, connection_cpu_process_inbuf
- directory_initiate_command
+ . Move from onions to ephemeral DH
+ o incremental path building
+ o transition circuit-level sendmes to hop-level sendmes
+ o implement truncate, truncated
+ o move from 192byte DH to 128byte DH, so it isn't so damn slow
+ - exiting from not-last hop
+ - OP logic to decide to extend/truncate a path
+ - make sure exiting from the not-last hop works
+ - logic to find last *open* hop, not last hop, in cpath
+ - choose exit nodes by exit policies
+
+On-going
+ . Better comments for functions!
+ . Go through log messages, reduce confusing error messages.
+ . make the logs include more info (fd, etc)
+ . Unit tests
+
+Mid-term:
. Redo scheduler
o fix SSL_read bug for buffered records
- make round-robining more fair
@@ -92,6 +77,7 @@ Mid-term:
o Rotate circuits after N minutes?
X Circuits should expire when circuit->expire triggers
NICK . Handle half-open connections
+ o openssh is an application that uses half-open connections
o Figure out what causes connections to close, standardize
when we mark a connection vs when we tear it down
o Look at what ssl does to keep from mutating data streams
@@ -104,74 +90,30 @@ ARMA - Reduce streamid footprint from 7 bytes to 2 bytes
- Move length into the stream header too
- Spec the stream_id stuff. Clarify that nobody on the backward
stream should look at stream_id.
-ARMA . Exit policies
- o Spec how to write the exit policies
- - Path selection algorithms
- - Let user request certain nodes
- - And disallow certain nodes
- D Choose path by jurisdiction, etc?
- - Make relay end cells have failure status and payload attached
- - Streams that fail due to exit policy must reextend to new node
- - Add extend_wait state to edge connections, thumb through them
- when the AP get an extended cell.
-SPEC!! D Non-clique topologies
- D Implement our own memory management, at least for common structs
. Put CPU workers in separate processes
o Handle multiple cpu workers (one for each cpu, plus one)
o Queue for pending tasks if all workers full
o Support the 'process this onion' task
D Merge dnsworkers and cpuworkers to some extent
- Handle cpuworkers dying
- o Simple directory servers
- o Include key in source; sign directories
- o Signed directory backend
- o Document
- o Integrate
- o Add versions to code
- o Have directories list recommended-versions
- o Include (unused) line in directories
- o Check for presence of line.
- o Quit if running the wrong version
- o Command-line option to override quit
- o Add more information to directory server entries
- o Exit policies
- D Advanced directory servers
- D Automated reputation management
-SPEC!! D Figure out how to do threshold directory servers
- D jurisdiction info in dirserver entries? other info?
. Scrubbing proxies
- Find an smtp proxy?
- Check the old smtp proxy code
o Find an ftp proxy? wget --passive
D Wait until there are packet redirectors for Linux
. Get socks4a support into Mozilla
- . Get tor to act like a socks server
- o socks4, socks4a
- o socks5
-SPEC!! - Handle socks commands other than connect, eg, bind?
. Develop rendezvous points
+SPEC!! - Handle socks commands other than connect, eg, bind?
o Design
- Spec
- Implement
- D Deploy and manage open source development site.
- . Documentation
- o Discussion of socks, tsocks, etc
- o On-the-network protocol
- o Onions
- o Cells
- . Better comments for functions!
- Tests
o Testing harness/infrastructure
-NICK . Unit tests
D System tests (how?)
- Performance tests, so we know when we've improved
. webload infrastructure (Bruce)
. httperf infrastructure (easy to set up)
. oprofile (installed in RH >8.0)
- D Deploy a widespread network
- D Load balancing between router twins
- D Keep track of load over links/nodes, to
- know who's hosed
NICK . Daemonize and package
o Teach it to fork and background
- Red Hat spec file
@@ -190,28 +132,88 @@ NICK . Daemonize and package
o inet_ntoa
. stdint.h
- Make a script to set up a local network on your machine
- X Move away from openssl
- o Abstract out crypto calls
- X Look at nss, others? Just include code?
- o Clearer bandwidth management
- o Do we want to remove bandwidth from OR handshakes?
- o What about OP handshakes?
- More flexibility in node addressing
D Support IPv6 rather than just 4
- Handle multihomed servers (config variable to set IP)
- . Move from onions to ephemeral DH
- o incremental path building
- o transition circuit-level sendmes to hop-level sendmes
- o implement truncate, truncated
- o move from 192byte DH to 128byte DH, so it isn't so damn slow
- - exiting from not-last hop
- - OP logic to decide to extend/truncate a path
- - make sure exiting from the not-last hop works
- - logic to find last *open* hop, not last hop, in cpath
- - choose exit nodes by exit policies
+
+In the distant future:
+ D Load balancing between router twins
+ D Keep track of load over links/nodes, to
+ know who's hosed
+SPEC!! D Non-clique topologies
+ D Implement our own memory management, at least for common structs
+ (Not ever necessary?)
+ D Advanced directory servers
+ D Automated reputation management
+SPEC!! D Figure out how to do threshold directory servers
+ D jurisdiction info in dirserver entries? other info?
Older (done) todo stuff:
+ o Get tor to act like a socks server
+ o socks4, socks4a
+ o socks5
+ o routers have identity key, link key, onion key.
+ o link key certs are
+ D signed by identity key
+ D not in descriptor
+ o not in config
+ D not on disk
+ o identity and onion keys are in descriptor (and disk)
+ o upon boot, if it doesn't find identity key, generate it and write it.
+ o also write a file with the identity key fingerprint in it
+ o router generates descriptor: flesh out router_get_my_descriptor()
+ o Routers sign descriptors with identity key
+ o routers put version number in descriptor
+ o routers should maybe have `uname -a` in descriptor?
+ o Give nicknames to routers
+ o in config
+ o in descriptors
+ o router posts descriptor
+ o when it boots
+ D when it changes
+ o change tls stuff so certs don't get written to disk, or read from disk
+ o make directory.c 'thread'safe
+ o dirserver parses descriptor
+ o dirserver checks signature
+ D client checks signature?
+ o dirserver writes directory to file
+ o reads that file upon boot
+ o directory includes all routers, up and down
+ o add "up" line to directory, listing nicknames
+ o instruments ORs to report stats
+ o average cell fullness
+ o average bandwidth used
+ o configure log files. separate log file, separate severities.
+ o what assumptions break if we fclose(0) when we daemonize?
+ o make buffer struct elements opaque outside buffers.c
+ o add log convention to the HACKING file
+ o make 'make install' do the right thing
+ o change binary name to tor
+ o change config files so you look at commandline, else look in
+ /etc/torrc. no cascading.
+ o have an absolute datadir with fixed names for files, and fixed-name
+ keydir under that with fixed names
+ o Move (most of) the router/directory code out of main.c
+ o Simple directory servers
+ o Include key in source; sign directories
+ o Signed directory backend
+ o Document
+ o Integrate
+ o Add versions to code
+ o Have directories list recommended-versions
+ o Include line in directories
+ o Check for presence of line.
+ o Quit if running the wrong version
+ o Command-line option to override quit
+ o Add more information to directory server entries
+ o Exit policies
+ o Clearer bandwidth management
+ o Do we want to remove bandwidth from OR handshakes?
+ o What about OP handshakes?
+ X Move away from openssl
+ o Abstract out crypto calls
+ X Look at nss, others? Just include code?
o Use a stronger cipher
o aes now, by including the code ourselves
X On the fly compression of each stream