| blob | f7392257247671f04f57e2c9e976e933fdf9830d |
1 mutiny suggests: if none of the ports is defined maybe it shouldn't start.
2 aaron got a crash in tor_timegm in tzset on os x, with -l warn but not with -l debug.
3 Oct 25 04:29:17.017 [warn] directory_initiate_command(): No running dirservers known. This is really bad.
4 rename ACI to CircID
5 rotate tls-level connections -- make new ones, expire old ones.
6 dirserver shouldn't put you in running-routers list if you haven't
7 uploading a descriptor recently
8 look at having smallcells and largecells
9 separate trying to rebuild a circuit because you have none from trying to rebuild a
10 circuit because the current one is stale
12 Legend:
13 SPEC!! - Not specified
14 SPEC - Spec not finalized
15 NICK - nick claims
16 ARMA - arma claims
17 - Not done
18 * Top priority
19 . Partially done
20 o Done
21 D Deferred
22 X Abandoned
24 Short-term:
25 . integrate rep_ok functions, see what breaks
26 - update tor faq
27 . obey SocksBindAddress, ORBindAddress
28 - warn if we're running as root
29 - make connection_flush_buf() more obviously obsolete
30 . let hup reread the config file, eg so we can get new exit
31 policies without restarting
32 - use times(2) rather than gettimeofday to measure how long it
33 takes to process a cell
34 . Exit policies
35 o Spec how to write the exit policies
36 - Path selection algorithms
37 - Let user request certain nodes
38 - And disallow certain nodes
39 D Choose path by jurisdiction, etc?
40 - Make relay end cells have failure status and payload attached
41 - Streams that fail due to exit policy must reextend to new node
42 - Add extend_wait state to edge connections, thumb through them
43 when the AP get an extended cell.
44 - let non-approved routers handshake.
45 - just list approved routers in directory.
46 . migrate to using nickname rather than addr:port for routers
47 o decide_aci_type
48 - generate onion skins
49 - circuit_send_next_onion_skin
50 - circuit_extend
51 - onion_generate_cpath
52 - get_unique_aci_by_addr_port
53 - circ->n_addr and circ->n_port
54 - circuit_enumerate_by_naddr_nport
55 - cpath layers
56 - connection_or_connect
57 - connection_exact_get_by_addr_port
58 - connection_twin_get_by_addr_port
59 - router_get_by_addr_port
60 - connection_or_init_conn_from_router
61 - tag_pack, tag_unpack, connection_cpu_process_inbuf
62 - directory_initiate_command
63 . Move from onions to ephemeral DH
64 o incremental path building
65 o transition circuit-level sendmes to hop-level sendmes
66 o implement truncate, truncated
67 o move from 192byte DH to 128byte DH, so it isn't so damn slow
68 - exiting from not-last hop
69 - OP logic to decide to extend/truncate a path
70 - make sure exiting from the not-last hop works
71 - logic to find last *open* hop, not last hop, in cpath
72 - choose exit nodes by exit policies
73 - Remember address and port when resolving.
74 - Extend by nickname/hostname/something, not by IP.
76 On-going
77 . Better comments for functions!
78 . Go through log messages, reduce confusing error messages.
79 . make the logs include more info (fd, etc)
80 . Unit tests
82 Mid-term:
83 . Redo scheduler
84 o fix SSL_read bug for buffered records
85 - make round-robining more fair
86 - What happens when a circuit's length is 1? What breaks?
87 . streams / circuits
88 o Implement streams
89 o Rotate circuits after N minutes?
90 X Circuits should expire when circuit->expire triggers
91 NICK . Handle half-open connections
92 o openssh is an application that uses half-open connections
93 o Figure out what causes connections to close, standardize
94 when we mark a connection vs when we tear it down
95 o Look at what ssl does to keep from mutating data streams
96 ARMA - Reduce streamid footprint from 7 bytes to 2 bytes
97 - Check for collisions in streamid (now possible with
98 just 2 bytes), and back up & replace with padding if so
99 - Use the 3 saved bytes to put pseudorandomness in each relay cell
100 - Use the 4 reserved bytes in each cell header to keep 1/5
101 of a sha1 of the relay payload (move into stream header)
102 - Move length into the stream header too
103 - Spec the stream_id stuff. Clarify that nobody on the backward
104 stream should look at stream_id.
105 . Put CPU workers in separate processes
106 o Handle multiple cpu workers (one for each cpu, plus one)
107 o Queue for pending tasks if all workers full
108 o Support the 'process this onion' task
109 D Merge dnsworkers and cpuworkers to some extent
110 - Handle cpuworkers dying
111 . Scrubbing proxies
112 - Find an smtp proxy?
113 - Check the old smtp proxy code
114 o Find an ftp proxy? wget --passive
115 D Wait until there are packet redirectors for Linux
116 . Get socks4a support into Mozilla
117 . Develop rendezvous points
118 SPEC!! - Handle socks commands other than connect, eg, bind?
119 o Design
120 - Spec
121 - Implement
122 - Tests
123 o Testing harness/infrastructure
124 D System tests (how?)
125 - Performance tests, so we know when we've improved
126 . webload infrastructure (Bruce)
127 . httperf infrastructure (easy to set up)
128 . oprofile (installed in RH >8.0)
129 NICK . Daemonize and package
130 o Teach it to fork and background
131 - Red Hat spec file
132 - Debian spec file equivalent
133 . Portability
134 . Which .h files are we actually using?
135 . Port to:
136 o Linux
137 o BSD
138 . Solaris
139 o Cygwin
140 . Win32
141 o OS X
142 - deal with pollhup / reached_eof on all platforms
143 o openssl randomness
144 o inet_ntoa
145 . stdint.h
146 - Make a script to set up a local network on your machine
147 - More flexibility in node addressing
148 D Support IPv6 rather than just 4
149 - Handle multihomed servers (config variable to set IP)
151 In the distant future:
152 D Load balancing between router twins
153 D Keep track of load over links/nodes, to
154 know who's hosed
155 SPEC!! D Non-clique topologies
156 D Implement our own memory management, at least for common structs
157 (Not ever necessary?)
158 D Advanced directory servers
159 D Automated reputation management
160 SPEC!! D Figure out how to do threshold directory servers
161 D jurisdiction info in dirserver entries? other info?
163 Older (done) todo stuff:
165 o Get tor to act like a socks server
166 o socks4, socks4a
167 o socks5
168 o routers have identity key, link key, onion key.
169 o link key certs are
170 D signed by identity key
171 D not in descriptor
172 o not in config
173 D not on disk
174 o identity and onion keys are in descriptor (and disk)
175 o upon boot, if it doesn't find identity key, generate it and write it.
176 o also write a file with the identity key fingerprint in it
177 o router generates descriptor: flesh out router_get_my_descriptor()
178 o Routers sign descriptors with identity key
179 o routers put version number in descriptor
180 o routers should maybe have `uname -a` in descriptor?
181 o Give nicknames to routers
182 o in config
183 o in descriptors
184 o router posts descriptor
185 o when it boots
186 D when it changes
187 o change tls stuff so certs don't get written to disk, or read from disk
188 o make directory.c 'thread'safe
189 o dirserver parses descriptor
190 o dirserver checks signature
191 D client checks signature?
192 o dirserver writes directory to file
193 o reads that file upon boot
194 o directory includes all routers, up and down
195 o add "up" line to directory, listing nicknames
196 o instruments ORs to report stats
197 o average cell fullness
198 o average bandwidth used
199 o configure log files. separate log file, separate severities.
200 o what assumptions break if we fclose(0) when we daemonize?
201 o make buffer struct elements opaque outside buffers.c
202 o add log convention to the HACKING file
203 o make 'make install' do the right thing
204 o change binary name to tor
205 o change config files so you look at commandline, else look in
206 /etc/torrc. no cascading.
207 o have an absolute datadir with fixed names for files, and fixed-name
208 keydir under that with fixed names
209 o Move (most of) the router/directory code out of main.c
210 o Simple directory servers
211 o Include key in source; sign directories
212 o Signed directory backend
213 o Document
214 o Integrate
215 o Add versions to code
216 o Have directories list recommended-versions
217 o Include line in directories
218 o Check for presence of line.
219 o Quit if running the wrong version
220 o Command-line option to override quit
221 o Add more information to directory server entries
222 o Exit policies
223 o Clearer bandwidth management
224 o Do we want to remove bandwidth from OR handshakes?
225 o What about OP handshakes?
226 X Move away from openssl
227 o Abstract out crypto calls
228 X Look at nss, others? Just include code?
229 o Use a stronger cipher
230 o aes now, by including the code ourselves
231 X On the fly compression of each stream
232 o Clean up the event loop (optimize and sanitize)
233 o Remove that awful concept of 'roles'
234 o Terminology
235 o Circuits, topics, cells stay named that
236 o 'Connection' gets divided, or renamed, or something?
237 o DNS farm
238 o Distribute queries onto the farm, get answers
239 o Preemptively grow a new worker before he's needed
240 o Prune workers when too many are idle
241 o DNS cache
242 o Clear DNS cache over time
243 D Honor DNS TTL info (how??)
244 o Have strategy when all workers are busy
245 o Keep track of which connections are in dns_wait
246 o Need to cache positives/negatives on the tor side
247 o Keep track of which queries have been asked
248 o Better error handling when
249 o An address doesn't resolve
250 o We have max workers running
251 o Consider taking the master out of the loop?
252 X Implement reply onions
253 o Total rate limiting
254 o Look at OR handshake in more detail
255 o Spec it
256 o Merge OR and OP handshakes
257 o rearrange connection_or so it doesn't suck so much to read
258 D Periodic link key rotation. Spec?
259 o wrap malloc with something that explodes when it fails
260 o Clean up the number of places that get to look at prkey