Головна сторінка Огляд Довідка
Увійти
piros
/
tor
3
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: 00a9e3732e
Гілки Теги
tor
/
TODO

TODO 4.1 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 
  1. [First four are all equally first.
    2. 

  2. Others follow in order of priority.]
    3. 

  3. 

  4. Patch well-known proxies to make them OR compliant
    5. 

  5.    Data stream anonymizing, HTTP/FTP (Privoxy, Squid), SMTP, etc.
    6. 

  6.    Packet Redirector, a la FreeBSD (DNS, authenticated connections, etc.)
    7. 

  7. 

  8. Deploy and manage open source development site.
    9. 

  9. Manage and maintain code, write documentation, design and write
    10. 

  10.  unit tests, handle patch submissions, make the autoconf work, etc
    11. 

  11. 

  12. Deploy a widespread network: manage deployment.
    13. 

  13. Maintain and distribute directory/network state information etc. Keep
    14. 

  14. operators and users happy.
    15. 

  15. 

  16. Test OR network for reliability and performance, with and without
    17. 

  17.  mechanisms for throttling, congestion control, padding, load balancing
    18. 

  18.  if applicable, etc.
    19. 

  19.      Use httperf and webload to get some performance stats
    20. 

  20.      Modify code as dictated by testing.
    21. 

  21. 

  22. Develop rendezvous points
    23. 

  23. Implement reply onions
    24. 

  24. Develop location protected servers idea
    25. 

  25. 

  26. Enhance router twins to do load balancing as well as DoS prevention
    27. 

  27. 

  28. Develop and deploy automated reputation management, directory servers,
    29. 

  29. and directory/network state monitoring.
    30. 

  30. 

  31. ---
    32. 

  32. 

  33. debian / red hat spec file
    34. 

  34. handle starting things as a system daemon
    35. 

  35. transition addr to sin_addr
    36. 

  36. get proxy to choose the same conn if it's open
    37. 

  37. 

  38. Obvious things I'd like to do that won't break anything:
    39. 

  39. 

  40. * Abstract out crypto calls (done), with the eventual goal of moving
    41. 

  41.   from openssl to something with a more flexible license.
    42. 

  42. 

  43. * Test suite. We need one.
    44. 

  44. 

  45. * Since my OR can handle multiple circuits through a given OP,
    46. 

  46.   I think it's clear that the OP should pass new create cells through the
    47. 

  47.   same channel. Thus we can take advantage of the padding we're already
    48. 

  48.   getting. Does that mean the choose_onion functions should be changed
    49. 

  49.   to always pick a favorite OR first, so the OP can minimize the number
    50. 

  50.   of outgoing connections it must sustain?
    51. 

  51. 

  52. * Figure out what .h files we're actually using, and how portable
    53. 

  53.   those are.
    54. 

  54. 

  55. * Exit policies. Since we don't really know what protocol is being spoken,
    56. 

  56.   it really comes down to an IP range and port range that we
    57. 

  57.   allow/disallow. The 'application' connection can evaluate it and make
    58. 

  58.   a decision.
    59. 

  59. 

  60. * We currently block on gethostbyname at the exit. This is poor. We need
    61. 

  61.   to set it up so we have a separate process that we talk to. There are
    62. 

  62.   some free software versions we can use, but they'll still be tricky.
    63. 

  63. 

  64. * I'd like a cleaner interface for the configuration files, keys, etc.
    65. 

  65.   Perhaps the next step is a central repository where we download router
    66. 

  66.   lists? We can aim to make use of the directory servers that Mixminion
    67. 

  67.   deploys.
    68. 

  68. 

  69. * ORs should rotate their link keys periodically. Later.
    70. 

  70. 

  71. * The parts of the code that say 'FIXME'
    72. 

  72. 

  73. * Clean up the number of places that get to look at prkey. Later.
    74. 

  74. 

  75. * Circuits should expire sometime, say, when circuit->expire triggers?
    76. 

  76.   Later.
    77. 

  77. 

  78. 

  79. 

  80. 

  81. Non-obvious things I'd like to do:
    82. 

  82. 

  83. (Many of these topics are inter-related. It's clear that we need more
    84. 

  84. analysis before we can guess which approaches are good.)
    85. 

  85. 

  86. * Currently when a connection goes down, it generates a destroy cell
    87. 

  87.   (either in both directions or just the appropriate one). When a
    88. 

  88.   destroy cell arrives to an OR (and it gets read after all previous
    89. 

  89.   cells have arrived), it delivers a destroy cell for the "other side"
    90. 

  90.   of the circuit: if the other side is an OP or App, it closes the entire
    91. 

  91.   connection as well.
    92. 

  92. 

  93.   But by "a connection going down", I mean "I read eof from it". Yet
    94. 

  94.   reading an eof simply means that it promises not to send any more
    95. 

  95.   data. It may still be perfectly fine receiving data (read "man 2
    96. 

  96.   shutdown"). In fact, some webservers work that way -- the client sends
    97. 

  97.   his entire request, and when the webserver reads an eof it begins
    98. 

  98.   its response. We currently don't support that sort of protocol; we
    99. 

  99.   may want to switch to some sort of a two-way-destroy-ripple technique
    100. 

  100.   (where a destroy makes its way all the way to the end of the circuit
    101. 

  101.   before being echoed back, and data stops flowing only when a destroy
    102. 

  102.   has been received from both sides of the circuit); this extends the
    103. 

  103.   one-hop-ack approach that Matej used.
    104. 

  104. 

  105. * Reply onions. Hrm.
    106. 

  106.