|
|
@@ -57,45 +57,11 @@ R - Hunt for places that change networkstatus info that I might have
|
|
|
TunnelDirConns and PreferTunneledDirConns
|
|
|
R - actually cause the directory.c functions to know about or_port
|
|
|
and use it when we're supposed to.
|
|
|
-N - for tunneled edge conns, stop reading to the bridge connection
|
|
|
+N o for tunneled edge conns, stop reading to the bridge connection
|
|
|
when the or_conn we're writing to has a full outbuf.
|
|
|
- - This is iffy. Really, it would've been better to stop writing
|
|
|
- on the dir conn when the edge conn's inbuf is getting full.
|
|
|
- But the issue there is that we package from edge
|
|
|
- connections aggressively until we hit their package windows or the
|
|
|
- circuit package windows, even if the buffer on the corresponding OR
|
|
|
- connection is pretty damn big. This sucks from a RAM usage POV.
|
|
|
- Now, we could try to stop reading on the edges (or just the edges
|
|
|
- connected to a local bridge) when an or_conn's outbuf is full. But
|
|
|
- if we're a server, and we stop reading on some exit conns when OR
|
|
|
- conns are full, soon OR conns will contain only traffic from other OR
|
|
|
- conns, and the exit data in question will never get written.
|
|
|
-
|
|
|
- - The right solution in the long run (0.2.0) is probably as follows:
|
|
|
- - Remove socketpair-based bridges: use shared (or connected) buffers
|
|
|
- for communication, rather than sockets.
|
|
|
- - When relaying cells from an OR conn to an OR conn, have them wait
|
|
|
- in a queue on the or_circuit_t object; don't move them onto the
|
|
|
- target conn until there is space in the target conn's outbuf.
|
|
|
- Also, only package data from exitconns when there is space in the
|
|
|
- target conn's outbuf.
|
|
|
- - As an added advantage, this would let us kill stalled _circuits_
|
|
|
- when their buffers get too full, rather than killing entire OR
|
|
|
- conns. But we must think about anonymity implications of that.
|
|
|
- - We'll probably want to do some kind of big refactoring of our
|
|
|
- dataflow when we do these changes; stuff is hairy enough already,
|
|
|
- and it will only get harrier with this stuff.
|
|
|
-
|
|
|
- - For the short run, our options seem to be:
|
|
|
- - Disable BEGIN_DIR support at the server-side unless it's
|
|
|
- explicitly turned on.
|
|
|
- - Go ahead and make directory bridge data not get produced when the
|
|
|
- corresponding or_conn is full, and accept the sometimes directory
|
|
|
- data will just never get written.
|
|
|
- - Rate-limit directory bridge data somehow when the corresponding
|
|
|
- or_conn is full. Possibly based on the flush rate of the or_conn?
|
|
|
- - Reject BEGIN_DIR requests that we think will be insanely big.
|
|
|
-
|
|
|
+ . make directory bridge data not get produced when the corresponding
|
|
|
+ or_conn is full, and accept the sometimes directory data will just
|
|
|
+ never get written.
|
|
|
|
|
|
N - DNS improvements
|
|
|
. Asynchronous DNS
|
|
|
@@ -157,6 +123,10 @@ N - Implement, if we think it's smart.
|
|
|
a descriptor.
|
|
|
NR - Design
|
|
|
N - Implement, if we think it's smart.
|
|
|
+ - Check for any outstanding checks we do on the form or number of client
|
|
|
+ certificates that would prevent us from executing certain
|
|
|
+ blocking-resistance strategies.
|
|
|
+
|
|
|
|
|
|
Topics to think about during 0.1.2.x development:
|
|
|
* Figure out incentives.
|
|
|
@@ -197,6 +167,29 @@ P - Figure out why openssl 0.9.8d "make test" fails at sha256t test.
|
|
|
- What do we do about the fact that people can't read zlib-
|
|
|
compressed files manually?
|
|
|
|
|
|
+ - Change the way we handle cells, flow-control, and bridges.
|
|
|
+ - The issue is that we package from edge connections aggressively until
|
|
|
+ we hit their package windows or the circuit package windows, even if
|
|
|
+ the buffer on the corresponding OR connection is pretty damn big. This
|
|
|
+ sucks from a RAM usage POV. Now, we could try to stop reading on the
|
|
|
+ edges (or just the edges connected to a local bridge) when an or_conn's
|
|
|
+ outbuf is full. But if we're a server, and we stop reading on some
|
|
|
+ exit conns when OR conns are full, soon OR conns will contain only
|
|
|
+ traffic from other OR conns, and the exit data in question will never
|
|
|
+ get written.
|
|
|
+ - Remove socketpair-based bridges: use shared (or connected) buffers for
|
|
|
+ communication, rather than sockets.
|
|
|
+ - When relaying cells from an OR conn to an OR conn, have them wait in a
|
|
|
+ queue on the or_circuit_t object; don't move them onto the target conn
|
|
|
+ until there is space in the target conn's outbuf. Also, only package
|
|
|
+ data from exitconns when there is space in the target conn's outbuf.
|
|
|
+ - As an added advantage, this would let us kill stalled _circuits_
|
|
|
+ when their buffers get too full, rather than killing entire OR
|
|
|
+ conns. But we must think about anonymity implications of that.
|
|
|
+ - We'll probably want to do some kind of big refactoring of our
|
|
|
+ dataflow when we do these changes; stuff is hairy enough already,
|
|
|
+ and it will only get harrier with this stuff.
|
|
|
+
|
|
|
- If the client's clock is too far in the past, it will drop (or
|
|
|
just not try to get) descriptors, so it'll never build circuits.
|
|
|
- Tolerate clock skew on bridge relays.
|
Nick Mathewson