| blob | a6696f324170c7707bd661f15f92963369bebfc4 |
1 improve how it behaves when i remove a line from the approved-routers files
2 on hup, retry_all_connections (plus binding? and closing i guess. hm.)
4 Legend:
5 SPEC!! - Not specified
6 SPEC - Spec not finalized
7 NICK - nick claims
8 ARMA - arma claims
9 - Not done
10 * Top priority
11 . Partially done
12 o Done
13 D Deferred
14 X Abandoned
16 For 0.0.2pre15:
17 o don't pick exit nodes which will certainly reject all things.
18 o don't pick nodes that the directory says are down
19 o choose randomly from running dirservers, not just first one
20 o install the man page
21 o warn when client-side tries an address/port which no router in the dir accepts.
23 For 0.0.2pre14:
24 o More flexible exit policies (18.*, 18.0.0.0/8)
25 o Work to succeed in the precense of exit policy violation
26 o Replace desired_path_len with opaque path-selection specifier
27 o Client-side DNS caching
28 o Add entries to client DNS cache based on END cells
29 o Remove port from END_REASON_EXITPOLICY cells
30 o Start building new circuits when we get an exit-policy
31 failure. (Defer exiting from the middle of existing
32 circuits or extending existing circuits for later.)
33 o Implement function to check whether a routerinfo_t
34 supports a given exit addr.
35 o Choose the exit node of an in-progress circuit based on
36 pending AP connections.
37 o Choose the exit node _first_, then beginning, then
38 middle nodes.
40 Short-term:
41 - Make tls connections tls_close intentionally
42 o Rename ACI to circID
43 . integrate rep_ok functions, see what breaks
44 - update tor faq
45 o obey SocksBindAddress, ORBindAddress
46 - warn if we're running as root
47 o make connection_flush_buf() more obviously obsolete
48 o let hup reread the config file, eg so we can get new exit
49 policies without restarting
50 o Put recommended_versions in a config entry
51 - use times(2) rather than gettimeofday to measure how long it
52 takes to process a cell
53 o Separate trying to rebuild a circuit because you have none from trying
54 to rebuild a circuit because the current one is stale
55 X Continue reading from socks port even while waiting for connect.
56 . Exit policies
57 o Spec how to write the exit policies
58 . Path selection algorithms
59 o Choose path more incrementally
60 - Let user request first/last node
61 - And disallow certain nodes
62 D Choose path by jurisdiction, etc?
63 o Make relay end cells have failure status and payload attached
64 X let non-approved routers handshake.
65 - Dirserver shouldn't put you in running-routers list if you haven't
66 uploaded a descriptor recently
67 . migrate to using nickname rather than addr:port for routers
68 o decide_aci_type
69 - generate onion skins
70 - circuit_send_next_onion_skin
71 - circuit_extend
72 - onion_generate_cpath
73 - get_unique_aci_by_addr_port
74 - circ->n_addr and circ->n_port
75 - circuit_enumerate_by_naddr_nport
76 - cpath layers
77 - connection_or_connect
78 - connection_exact_get_by_addr_port
79 - connection_twin_get_by_addr_port
80 - router_get_by_addr_port
81 - connection_or_init_conn_from_router
82 - tag_pack, tag_unpack, connection_cpu_process_inbuf
83 - directory_initiate_command
84 . Move from onions to ephemeral DH
85 o incremental path building
86 o transition circuit-level sendmes to hop-level sendmes
87 o implement truncate, truncated
88 o move from 192byte DH to 128byte DH, so it isn't so damn slow
89 - exiting from not-last hop
90 - OP logic to decide to extend/truncate a path
91 - make sure exiting from the not-last hop works
92 - logic to find last *open* hop, not last hop, in cpath
93 o Remember address and port when beginning.
94 - Extend by nickname/hostname/something, not by IP.
95 - Need a relay teardown cell, separate from one-way ends.
97 On-going
98 . Better comments for functions!
99 . Go through log messages, reduce confusing error messages.
100 . make the logs include more info (fd, etc)
101 . Unit tests
103 Mid-term:
104 - Rotate tls-level connections -- make new ones, expire old ones.
105 So we get actual key rotation, not just symmetric key rotation
106 - Are there anonymity issues with sequential streamIDs? Sequential
107 circIDs? Eg an attacker can learn how many there have been.
108 The fix is to initialize them randomly rather than at 1.
109 - Look at having smallcells and largecells
110 . Redo scheduler
111 o fix SSL_read bug for buffered records
112 - make round-robining more fair
113 - What happens when a circuit's length is 1? What breaks?
114 . streams / circuits
115 o Implement streams
116 o Rotate circuits after N minutes?
117 X Circuits should expire when circuit->expire triggers
118 NICK . Handle half-open connections
119 o openssh is an application that uses half-open connections
120 o Figure out what causes connections to close, standardize
121 when we mark a connection vs when we tear it down
122 o Look at what ssl does to keep from mutating data streams
123 ARMA - Reduce streamid footprint from 7 bytes to 2 bytes
124 - Check for collisions in streamid (now possible with
125 just 2 bytes), and back up & replace with padding if so
126 - Use the 3 saved bytes to put pseudorandomness in each relay cell
127 - Use the 4 reserved bytes in each cell header to keep 1/5
128 of a sha1 of the relay payload (move into stream header)
129 - Move length into the stream header too
130 - Spec the stream_id stuff. Clarify that nobody on the backward
131 stream should look at stream_id.
132 . Put CPU workers in separate processes
133 o Handle multiple cpu workers (one for each cpu, plus one)
134 o Queue for pending tasks if all workers full
135 o Support the 'process this onion' task
136 D Merge dnsworkers and cpuworkers to some extent
137 - Handle cpuworkers dying
138 . Scrubbing proxies
139 - Find an smtp proxy?
140 - Check the old smtp proxy code
141 o Find an ftp proxy? wget --passive
142 D Wait until there are packet redirectors for Linux
143 . Get socks4a support into Mozilla
144 . Develop rendezvous points
145 SPEC!! - Handle socks commands other than connect, eg, bind?
146 o Design
147 - Spec
148 - Implement
149 - Tests
150 o Testing harness/infrastructure
151 D System tests (how?)
152 - Performance tests, so we know when we've improved
153 . webload infrastructure (Bruce)
154 . httperf infrastructure (easy to set up)
155 . oprofile (installed in RH >8.0)
156 NICK . Daemonize and package
157 o Teach it to fork and background
158 - Red Hat spec file
159 - Debian spec file equivalent
160 . Portability
161 . Which .h files are we actually using?
162 . Port to:
163 o Linux
164 o BSD
165 . Solaris
166 o Cygwin
167 . Win32
168 o OS X
169 - deal with pollhup / reached_eof on all platforms
170 o openssl randomness
171 o inet_ntoa
172 . stdint.h
173 - Make a script to set up a local network on your machine
174 - More flexibility in node addressing
175 D Support IPv6 rather than just 4
176 - Handle multihomed servers (config variable to set IP)
178 In the distant future:
179 D Load balancing between router twins
180 D Keep track of load over links/nodes, to
181 know who's hosed
182 SPEC!! D Non-clique topologies
183 D Implement our own memory management, at least for common structs
184 (Not ever necessary?)
185 D Advanced directory servers
186 D Automated reputation management
187 SPEC!! D Figure out how to do threshold directory servers
188 D jurisdiction info in dirserver entries? other info?
190 Older (done) todo stuff:
192 o Get tor to act like a socks server
193 o socks4, socks4a
194 o socks5
195 o routers have identity key, link key, onion key.
196 o link key certs are
197 D signed by identity key
198 D not in descriptor
199 o not in config
200 D not on disk
201 o identity and onion keys are in descriptor (and disk)
202 o upon boot, if it doesn't find identity key, generate it and write it.
203 o also write a file with the identity key fingerprint in it
204 o router generates descriptor: flesh out router_get_my_descriptor()
205 o Routers sign descriptors with identity key
206 o routers put version number in descriptor
207 o routers should maybe have `uname -a` in descriptor?
208 o Give nicknames to routers
209 o in config
210 o in descriptors
211 o router posts descriptor
212 o when it boots
213 o every DirFetchPostPeriod seconds
214 D when it changes
215 o change tls stuff so certs don't get written to disk, or read from disk
216 o make directory.c 'thread'safe
217 o dirserver parses descriptor
218 o dirserver checks signature
219 D client checks signature?
220 o dirserver writes directory to file
221 o reads that file upon boot
222 o directory includes all routers, up and down
223 o add "up" line to directory, listing nicknames
224 o instruments ORs to report stats
225 o average cell fullness
226 o average bandwidth used
227 o configure log files. separate log file, separate severities.
228 o what assumptions break if we fclose(0) when we daemonize?
229 o make buffer struct elements opaque outside buffers.c
230 o add log convention to the HACKING file
231 o make 'make install' do the right thing
232 o change binary name to tor
233 o change config files so you look at commandline, else look in
234 /etc/torrc. no cascading.
235 o have an absolute datadir with fixed names for files, and fixed-name
236 keydir under that with fixed names
237 o Move (most of) the router/directory code out of main.c
238 o Simple directory servers
239 o Include key in source; sign directories
240 o Signed directory backend
241 o Document
242 o Integrate
243 o Add versions to code
244 o Have directories list recommended-versions
245 o Include line in directories
246 o Check for presence of line.
247 o Quit if running the wrong version
248 o Command-line option to override quit
249 o Add more information to directory server entries
250 o Exit policies
251 o Clearer bandwidth management
252 o Do we want to remove bandwidth from OR handshakes?
253 o What about OP handshakes?
254 X Move away from openssl
255 o Abstract out crypto calls
256 X Look at nss, others? Just include code?
257 o Use a stronger cipher
258 o aes now, by including the code ourselves
259 X On the fly compression of each stream
260 o Clean up the event loop (optimize and sanitize)
261 o Remove that awful concept of 'roles'
262 o Terminology
263 o Circuits, topics, cells stay named that
264 o 'Connection' gets divided, or renamed, or something?
265 o DNS farm
266 o Distribute queries onto the farm, get answers
267 o Preemptively grow a new worker before he's needed
268 o Prune workers when too many are idle
269 o DNS cache
270 o Clear DNS cache over time
271 D Honor DNS TTL info (how??)
272 o Have strategy when all workers are busy
273 o Keep track of which connections are in dns_wait
274 o Need to cache positives/negatives on the tor side
275 o Keep track of which queries have been asked
276 o Better error handling when
277 o An address doesn't resolve
278 o We have max workers running
279 o Consider taking the master out of the loop?
280 X Implement reply onions
281 o Total rate limiting
282 o Look at OR handshake in more detail
283 o Spec it
284 o Merge OR and OP handshakes
285 o rearrange connection_or so it doesn't suck so much to read
286 D Periodic link key rotation. Spec?
287 o wrap malloc with something that explodes when it fails
288 o Clean up the number of places that get to look at prkey