[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] First cut at labelinging things for 0.1.0.x
Update of /home/or/cvsroot/tor/doc
In directory moria.mit.edu:/tmp/cvs-serv23445/doc
Modified Files:
TODO
Log Message:
First cut at labelinging things for 0.1.0.x
Index: TODO
===================================================================
RCS file: /home/or/cvsroot/tor/doc/TODO,v
retrieving revision 1.254
retrieving revision 1.255
diff -u -d -r1.254 -r1.255
--- TODO 23 Feb 2005 21:12:25 -0000 1.254
+++ TODO 23 Feb 2005 21:47:40 -0000 1.255
@@ -10,152 +10,135 @@
D Deferred
X Abandoned
-For 0.0.9:
+For 0.0.9.5:
+ - Server instructions for OSX and Windows operators.
+ - Audit all changes to bandwidth buckets for integer over/underflow.
- o Solve the MSVC nuisance where __FILE__ contains the full path.
- People are getting confused about why their errors are coming from
- C:\Documents and Settings\Nick Mathewson\My Documents\src\tor .
-N&R. bring tor-spec up to date
-N&R. make loglevels info,debug less noisy
- o OS X package (and bundle?)
- o Working RPMs
- o Get win32 servers working, or find out why it isn't happening now.
- o Why can't win32 find a cpuworker?
+For 0.1.0.x:
-For 0.0.9.3:
- o All tasks marked for 0093 in flyspray.
- o Backport performance improvement (stop calling getttimeofday for
- each cell)
- o Tor startup script should be installed by default on OSX.
- o Setup instructions for OSX.
+ Refactoring and infrastructure:
+ . Switch to libevent
+ - Hold-open-until-flushed now works by accident; it should work by
+ design.
+ - The logic for reading from TLS sockets is likely to overrun the
+ bandwidth buckets under heavy load. (Really, the logic was
+ never right in the first place.) Also, we should audit all users
+ of get_pending_bytes().
+ - Find a way to make sure we have libevent 1.0 or later.
+ - Log which poll method we're using.
+ . Check return from event_set, event_add, event_del.
-For 0.0.9.5:
- - Server instructions for OSX and Windows operators.
- - Audit all changes to bandwidth buckets for integer over/underflow.
+ Security:
+ - Make sure logged info is "safe"ish.
-************************ For Post 0.0.9 *****************************
+ Stability
+ - Reset uptime when IP/ORPort/... changes.
- - make min uptime a function of the available choices
- - kill dns workers more slowly
- - reset uptime when ip changes
- - build testing circuits? going through non-verified nodes?
+ Functionality
+ - Implement pending controller features.
+ - HTTPS proxy for OR CONNECT stuff. (For outgoing SSL connections to
+ other ORs.)
+ - Changes for forward compatibility
+ - If a version is later than the last in its series, but a version
+ in the next series is recommended, that doesn't mean it's bad.
+ - Do end reasons better
+ - Realize that unrecognized end reasons are probably features rather than
+ bugs. (backport to 009x)
+ - Start using RESOURCELIMIT more.
+ - Try to use MISC a lot less.
+ - bug: if the exit node fails to create a socket (e.g. because it
+ has too many open), we will get a generic stream end response.
+ - niels's "did it fail because conn refused or timeout or what"
+ relay end feature.
+ - Start recognizing, but maybe not yet generating, more reasons and
+ needed -- aim to eliminate misc. (backport to 009x)
+ - Feed end reason back into SOCK5 as reasonable.
+ - cache .foo.exit names better, or differently, or not.
+ - make !advertised_server_mode() ORs fetch dirs less often.
+ - Clean up NT service code even more. Document it. Enable it by default.
+ Make sure it works.
- - config option to publish what ports you listen on, beyond ORPort/DirPort
- - https proxy for OR CONNECT stuff
- - choose entry node to be one you're already connected to?
+ Documentation
+ - Document new version system.
+ - Correct and clarify the wiki entry on port forwarding.
+ - Document where OSX, windows logs go, where stuff is installed.
-Tier one:
- o Move to our new version system.
- - Changes for forward compatibility
- - If a version is later than the last in its series, but a version
- in the next series is recommended, that doesn't mean it's bad.
+ Installers
+ - Vet all pending installer patches
+ - Win32 installer plus privoxy, sockscap/freecap, etc.
+ - Make OSX man pages go into man directory.
+ Correctness
- Bugfixes
- o fix dfc/weasel's intro point bug
- when we haven't explicitly sent a socks reject, sending one in
connection_about_to_close_connection() fails because we never give it
a chance to flush. right answer is to do the socks reply manually in
each appropriate case, and then about-to-close-connection can simply
- warn us if we forgot one.
-
- - Documentation
- - Convert man pages to pod, or whatever's right. Alternatively, find
- a man2html that actually works.
- o Macintosh HOWTO page.
-
- - Evangelism
- - Get more nodes running on 80 and 443.
- - Get epic, aclu, etc running nodes.
-
- - Dirservers and server descs: small, backward-compatible changes
- - support hostnames as well as IPs for authdirservers.
- - If we have a trusted directory on port 80, stop falling back to
- forbidden ports when fascistfirewall blocks all good dirservers.
- - GPSLocation optional config string.
-
- - SOCKS enhancements
- - niels's "did it fail because conn refused or timeout or what"
- relay end feature.
- - bug: if the exit node fails to create a socket (e.g. because it
- has too many open), we will get a generic stream end response.
+ warn us if we forgot one. [Tag this 010 in flyspray.]
+ - should retry exitpolicy end streams even if the end cell didn't
+ resolve the address for you
+ - Figure out when to reset addressmaps (on hup, on reconfig, etc)
- - Windows
-N - Make millisecond accuracy work on win32
- X Switch to WSA*Event code as a better poll replacement. Or maybe just
- do libevent?
+ Improvements to self-measurement.
+ - round detected bandwidth up to nearest 10KB?
+ - client software not upload descriptor until:
+ - you've been running for an hour
+ - it's sufficiently satisfied with its bandwidth
+ - it decides it is reachable
+ - start counting again if your IP ever changes.
+ - never regenerate identity keys, for now.
+ - you can set a bit for not-being-an-OR.
+ * no need to do this yet. few people define their ORPort.
- - Code cleanup
- X Make more configuration variables into CSVs.
- - Make configure.in handle cross-compilation
- - Have NULL_REP_IS_ZERO_BYTES default to 1.
- - Make with-ssl-dir disable search for ssl.
- - Support
- o Bug tracker.
+ Arguable
+ - Reverse DNS: specify and implement.
+ - make min uptime a function of the available choices (say, choose 60th
+ percentile, not 1 day.)
+ - kill dns workers more slowly
+ - build testing circuits? going through non-verified nodes?
+ - config option to publish what ports you listen on, beyond ORPort/DirPort
+ - It would be nice to have a FirewalledIPs thing that works like
+ FirewallPorts.
+ - If we have a trusted directory on port 80, stop falling back to
+ forbidden ports when fascistfirewall blocks all good dirservers.
+ - Code cleanup
+ - Make configure.in handle cross-compilation
+ - Have NULL_REP_IS_ZERO_BYTES default to 1.
+ - Make with-ssl-dir disable search for ssl.
+ - Efficiency/speed improvements.
+ - Write limiting; configurable token buckets.
+ - Make it harder to circumvent bandwidth caps: look at number of bytes
+ sent across sockets, not number sent inside TLS stream.
+ - Let more config options (e.g. ORPort) change dynamically.
+ - hidserv offerers shouldn't need to define a SocksPort
+ * figure out what breaks for this, and do it.
- - Exit hostname support
- - cache .foo.exit names better, or differently, or not.
- - IPv6 support
+ No
+ - choose entry node to be one you're already connected to?
+ - Convert man pages to pod, or whatever's right.
+ - support hostnames as well as IPs for authdirservers.
+ - GPSLocation optional config string.
+ - Windows
+ - Make millisecond accuracy work on win32
+ - IPv6 support
- teach connection_ap_handshake_socks_reply() about ipv6 and friends
so connection_ap_handshake_socks_resolved() doesn't also need
to know about them.
-
- Packaging
- Figure out how to make the rpm not strip the binaries it makes.
-
-
-Tier two:
-
- - Efficiency/speed improvements.
- o Handle pools of waiting circuits better.
- o Limit number of circuits that we preemptively generate based on past
- behavior; use same limits in circuit_expire_old_circuits().
- - Write limiting; configurable token buckets.
- - Make it harder to circumvent bandwidth caps: look at number of bytes
- sent across sockets, not number sent inside TLS stream.
-
- . Switch to libevent
- o Evaluate libevent
- o Convert socket handling
- o Convert signal handling
- o Convert timers
- o Update configure.in
- o Remove fakepoll
- - Hold-open-until-flushed now works by accident; it should work by
- design.
- - The logic for reading from TLS sockets is likely to overrun the
- bandwidth buckets under heavy load. (Really, the logic was
- never right in the first place.) Also, we should audit all users
- of get_pending_bytes().
- - Make sure it works on more platforms.
- - Find a way to make sure we have libevent 1.0 or later.
- - Check return from event_set, event_add, event_del.
-
- Integrate an http proxy into Tor (maybe as a third class of worker
process), so we can stop shipping with the beast that is Privoxy.
-
- - QOI
- - Let more config options (e.g. ORPort) change dynamically.
-
- - Dirservers and server descs: small, backward-compatible changes
- - make advertised_server_mode() ORs fetch dirs more often.
- - Implement If-Modified-Since for directories.
-
+ - Implement If-Modified-Since for directories.
- Big, incompatible re-architecting and decentralization of directory
system.
- Only the top of a directory needs to be signed.
-
- Windows
-N - Clean up NT service code; make it work
- Get a controller to launch tor and keep it on the system tray.
- - Win32 installer plus privoxy, sockscap/freecap, etc.
- - Controller enhancements.
- o Implement SIGNAL feature so windows can hup, shutdown, etc.
- - controller should have 'getinfo' command to query about rephist,
- about rendezvous status, etc.
+Tier two:
N - Handle rendezvousing with unverified nodes.
- Specify: Stick rendezvous point's key in INTRODUCE cell.
@@ -171,27 +154,18 @@
a generalize address struct.
- Change relay cell types to accept new addresses.
- Add flag to serverdescs to tell whether IPv6 is supported.
- - When should servers
- Security fixes
- christian grothoff's attack of infinite-length circuit.
the solution is to have a separate 'extend-data' cell type
which is used for the first N data cells, and only
extend-data cells can be extend requests.
- - Make sure logged information is 'safe'.
- Code cleanup
- . rename/rearrange functions for what file they're in
- fix router_get_by_* functions so they can get ourselves too,
and audit everything to make sure rend and intro points are
just as likely to be us as not.
- - Bugfixes
- - hidserv offerers shouldn't need to define a SocksPort
- * figure out what breaks for this, and do it.
- - should retry exitpolicy end streams even if the end cell didn't
- resolve the address for you
-
- tor should be able to have a pool of outgoing IP addresses
that it is able to rotate through. (maybe)
@@ -209,15 +183,6 @@
- DoS protection: TLS puzzles, public key ops, bandwidth exhaustion.
- Have clients and dirservers preserve reputation info over
reboots.
- - round detected bandwidth up to nearest 10KB?
- - client software not upload descriptor until:
- - you've been running for an hour
- - it's sufficiently satisfied with its bandwidth
- - it decides it is reachable
- - start counting again if your IP ever changes.
- - never regenerate identity keys, for now.
- - you can set a bit for not-being-an-OR.
- * no need to do this yet. few people define their ORPort.
- authdirserver lists you as running iff:
- he can connect to you
- he has successfully extended to you
@@ -247,7 +212,6 @@
- scrubbing proxies for protocols other than http.
- Find an smtp proxy?
. Get socks4a support into Mozilla
-N - Reverse DNS: specify and implement.
- figure out enclaves, e.g. so we know what to recommend that people
do, and so running a tor server on your website is helpful.
- Do enclaves for same IP only.