diff options
Diffstat (limited to 'doc/TODO')
-rw-r--r-- | doc/TODO | 230 |
1 files changed, 116 insertions, 114 deletions
@@ -1,8 +1,4 @@ -make connection_flush_buf() more obviously obsolete -let hup reread the config file, eg so we can get new exit policies without restarting -use times(2) rather than gettimeofday to measure how long it takes to process a cell - Legend: SPEC!! - Not specified SPEC - Spec not finalized @@ -16,56 +12,27 @@ ARMA - arma claims X Abandoned Short-term: - o routers have identity key, link key, onion key. - o link key certs are - D signed by identity key - D not in descriptor - o not in config - D not on disk - o identity and onion keys are in descriptor (and disk) - o upon boot, if it doesn't find identity key, generate it and write it. - o also write a file with the identity key fingerprint in it - o router generates descriptor: flesh out router_get_my_descriptor() - o Routers sign descriptors with identity key - o routers put version number in descriptor - o routers should maybe have `uname -a` in descriptor? - o Give nicknames to routers - o in config - o in descriptors - o router posts descriptor - o when it boots - D when it changes - o change tls stuff so certs don't get written to disk, or read from disk - o make directory.c 'thread'safe - o dirserver parses descriptor - o dirserver checks signature - D client checks signature? - o dirserver writes directory to file - o reads that file upon boot - o directory includes all routers, up and down - o add "up" line to directory, listing nicknames -ARMA . find an application that uses half-open connections: openssh - o instruments ORs to report stats - o average cell fullness - o average bandwidth used . integrate rep_ok functions, see what breaks - o configure log files. separate log file, separate severities. - o what assumptions break if we fclose(0) when we daemonize? - o make buffer struct elements opaque outside buffers.c -ARMA . Go through log messages, reduce confusing error messages. -ARMA . make the logs include more info (fd, etc) - o add log convention to the HACKING file - . make 'make install' do the right thing - o change binary name to tor - o change config files so you look at commandline, else look in - /etc/torrc. no cascading. - o have an absolute datadir with fixed names for files, and fixed-name - keydir under that with fixed names -ARMA - tor faq - list all other systems, why we're different. - o Move (most of) the router/directory code out of main.c - -Mid-term: + - update tor faq + . obey SocksBindAddress, ORBindAddress + - warn if we're running as root + - make connection_flush_buf() more obviously obsolete + . let hup reread the config file, eg so we can get new exit + policies without restarting + - use times(2) rather than gettimeofday to measure how long it + takes to process a cell + . Exit policies + o Spec how to write the exit policies + - Path selection algorithms + - Let user request certain nodes + - And disallow certain nodes + D Choose path by jurisdiction, etc? + - Make relay end cells have failure status and payload attached + - Streams that fail due to exit policy must reextend to new node + - Add extend_wait state to edge connections, thumb through them + when the AP get an extended cell. + - let non-approved routers handshake. + - just list approved routers in directory. . migrate to using nickname rather than addr:port for routers o decide_aci_type - generate onion skins @@ -83,6 +50,24 @@ Mid-term: - connection_or_init_conn_from_router - tag_pack, tag_unpack, connection_cpu_process_inbuf - directory_initiate_command + . Move from onions to ephemeral DH + o incremental path building + o transition circuit-level sendmes to hop-level sendmes + o implement truncate, truncated + o move from 192byte DH to 128byte DH, so it isn't so damn slow + - exiting from not-last hop + - OP logic to decide to extend/truncate a path + - make sure exiting from the not-last hop works + - logic to find last *open* hop, not last hop, in cpath + - choose exit nodes by exit policies + +On-going + . Better comments for functions! + . Go through log messages, reduce confusing error messages. + . make the logs include more info (fd, etc) + . Unit tests + +Mid-term: . Redo scheduler o fix SSL_read bug for buffered records - make round-robining more fair @@ -92,6 +77,7 @@ Mid-term: o Rotate circuits after N minutes? X Circuits should expire when circuit->expire triggers NICK . Handle half-open connections + o openssh is an application that uses half-open connections o Figure out what causes connections to close, standardize when we mark a connection vs when we tear it down o Look at what ssl does to keep from mutating data streams @@ -104,74 +90,30 @@ ARMA - Reduce streamid footprint from 7 bytes to 2 bytes - Move length into the stream header too - Spec the stream_id stuff. Clarify that nobody on the backward stream should look at stream_id. -ARMA . Exit policies - o Spec how to write the exit policies - - Path selection algorithms - - Let user request certain nodes - - And disallow certain nodes - D Choose path by jurisdiction, etc? - - Make relay end cells have failure status and payload attached - - Streams that fail due to exit policy must reextend to new node - - Add extend_wait state to edge connections, thumb through them - when the AP get an extended cell. -SPEC!! D Non-clique topologies - D Implement our own memory management, at least for common structs . Put CPU workers in separate processes o Handle multiple cpu workers (one for each cpu, plus one) o Queue for pending tasks if all workers full o Support the 'process this onion' task D Merge dnsworkers and cpuworkers to some extent - Handle cpuworkers dying - o Simple directory servers - o Include key in source; sign directories - o Signed directory backend - o Document - o Integrate - o Add versions to code - o Have directories list recommended-versions - o Include (unused) line in directories - o Check for presence of line. - o Quit if running the wrong version - o Command-line option to override quit - o Add more information to directory server entries - o Exit policies - D Advanced directory servers - D Automated reputation management -SPEC!! D Figure out how to do threshold directory servers - D jurisdiction info in dirserver entries? other info? . Scrubbing proxies - Find an smtp proxy? - Check the old smtp proxy code o Find an ftp proxy? wget --passive D Wait until there are packet redirectors for Linux . Get socks4a support into Mozilla - . Get tor to act like a socks server - o socks4, socks4a - o socks5 -SPEC!! - Handle socks commands other than connect, eg, bind? . Develop rendezvous points +SPEC!! - Handle socks commands other than connect, eg, bind? o Design - Spec - Implement - D Deploy and manage open source development site. - . Documentation - o Discussion of socks, tsocks, etc - o On-the-network protocol - o Onions - o Cells - . Better comments for functions! - Tests o Testing harness/infrastructure -NICK . Unit tests D System tests (how?) - Performance tests, so we know when we've improved . webload infrastructure (Bruce) . httperf infrastructure (easy to set up) . oprofile (installed in RH >8.0) - D Deploy a widespread network - D Load balancing between router twins - D Keep track of load over links/nodes, to - know who's hosed NICK . Daemonize and package o Teach it to fork and background - Red Hat spec file @@ -190,28 +132,88 @@ NICK . Daemonize and package o inet_ntoa . stdint.h - Make a script to set up a local network on your machine - X Move away from openssl - o Abstract out crypto calls - X Look at nss, others? Just include code? - o Clearer bandwidth management - o Do we want to remove bandwidth from OR handshakes? - o What about OP handshakes? - More flexibility in node addressing D Support IPv6 rather than just 4 - Handle multihomed servers (config variable to set IP) - . Move from onions to ephemeral DH - o incremental path building - o transition circuit-level sendmes to hop-level sendmes - o implement truncate, truncated - o move from 192byte DH to 128byte DH, so it isn't so damn slow - - exiting from not-last hop - - OP logic to decide to extend/truncate a path - - make sure exiting from the not-last hop works - - logic to find last *open* hop, not last hop, in cpath - - choose exit nodes by exit policies + +In the distant future: + D Load balancing between router twins + D Keep track of load over links/nodes, to + know who's hosed +SPEC!! D Non-clique topologies + D Implement our own memory management, at least for common structs + (Not ever necessary?) + D Advanced directory servers + D Automated reputation management +SPEC!! D Figure out how to do threshold directory servers + D jurisdiction info in dirserver entries? other info? Older (done) todo stuff: + o Get tor to act like a socks server + o socks4, socks4a + o socks5 + o routers have identity key, link key, onion key. + o link key certs are + D signed by identity key + D not in descriptor + o not in config + D not on disk + o identity and onion keys are in descriptor (and disk) + o upon boot, if it doesn't find identity key, generate it and write it. + o also write a file with the identity key fingerprint in it + o router generates descriptor: flesh out router_get_my_descriptor() + o Routers sign descriptors with identity key + o routers put version number in descriptor + o routers should maybe have `uname -a` in descriptor? + o Give nicknames to routers + o in config + o in descriptors + o router posts descriptor + o when it boots + D when it changes + o change tls stuff so certs don't get written to disk, or read from disk + o make directory.c 'thread'safe + o dirserver parses descriptor + o dirserver checks signature + D client checks signature? + o dirserver writes directory to file + o reads that file upon boot + o directory includes all routers, up and down + o add "up" line to directory, listing nicknames + o instruments ORs to report stats + o average cell fullness + o average bandwidth used + o configure log files. separate log file, separate severities. + o what assumptions break if we fclose(0) when we daemonize? + o make buffer struct elements opaque outside buffers.c + o add log convention to the HACKING file + o make 'make install' do the right thing + o change binary name to tor + o change config files so you look at commandline, else look in + /etc/torrc. no cascading. + o have an absolute datadir with fixed names for files, and fixed-name + keydir under that with fixed names + o Move (most of) the router/directory code out of main.c + o Simple directory servers + o Include key in source; sign directories + o Signed directory backend + o Document + o Integrate + o Add versions to code + o Have directories list recommended-versions + o Include line in directories + o Check for presence of line. + o Quit if running the wrong version + o Command-line option to override quit + o Add more information to directory server entries + o Exit policies + o Clearer bandwidth management + o Do we want to remove bandwidth from OR handshakes? + o What about OP handshakes? + X Move away from openssl + o Abstract out crypto calls + X Look at nss, others? Just include code? o Use a stronger cipher o aes now, by including the code ourselves X On the fly compression of each stream |