|
|
@@ -28,9 +28,6 @@ Items for 0.1.2.x, real soon now:
|
|
|
N - Test guard unreachable logic; make sure that we actually attempt to
|
|
|
connect to guards that we think are unreachable from time to time.
|
|
|
Make sure that we don't freak out when the network is down.
|
|
|
- o Stop recommending exits as guards?
|
|
|
- look at the overall fraction of exits in the network. if the
|
|
|
- fraction is too small, none of them get to be guards.
|
|
|
|
|
|
R - Reconstruct ChangeLog; put rolled-up info in ReleaseNotes or something.
|
|
|
|
|
|
@@ -46,29 +43,13 @@ R - and implement the rest
|
|
|
|
|
|
. Have (and document) a BEGIN_DIR relay cell that means "Connect to your
|
|
|
directory port."
|
|
|
- o Specify
|
|
|
o Implement
|
|
|
- o Use for something, so we can be sure it works.
|
|
|
- o Test and debug
|
|
|
R - turn the received socks addr:port into a digest for setting .exit
|
|
|
- be able to connect without having a server descriptor, to bootstrap.
|
|
|
R - handle connect-dir streams that don't have a chosen_exit_name set.
|
|
|
o include ORPort in DirServers lines so we can know where to connect.
|
|
|
list the orport as 0 if it can't handle begin_dir.
|
|
|
- o List versions in status page
|
|
|
- o A new line in the status entry. "Tor 0.1.2.2-alpha". If it's
|
|
|
- a version, treat it like one. If it's something else, assume
|
|
|
- it's at least 0.1.2.x.
|
|
|
- D maybe we could have it be a new 'v' line in the status, with
|
|
|
- key=value syntax. so we could have a 'tor' version, but we
|
|
|
- could also have a 'conn' version, a 'dir' version, etc down
|
|
|
- the road. and one day maybe the 'tor' key would be deprecated.
|
|
|
- o Give the right answer for X-Your-Address-Is on tunneled directory
|
|
|
- connections.
|
|
|
-
|
|
|
- o Document .noconnect addresses...
|
|
|
- A new file 'address-spec.txt' that describes .exit, .onion,
|
|
|
- .noconnect, etc?
|
|
|
+ - List orports of actual dirservers..
|
|
|
|
|
|
- Servers are easy to setup and run: being a relay is about as easy as
|
|
|
being a client.
|
|
|
@@ -88,46 +69,12 @@ R . option to dl directory info via tor
|
|
|
handle BEGIN_DIR.
|
|
|
|
|
|
N - DNS improvements
|
|
|
- o Don't ask reject *:* nodes for DNS unless client wants you to.
|
|
|
. Asynchronous DNS
|
|
|
- Make evdns use windows strerror equivalents.
|
|
|
- Make sure patches get into libevent.
|
|
|
- Verify that it works well on windows
|
|
|
- o Make reverse DNS work.
|
|
|
- o Add client-side interface
|
|
|
- o SOCKS interface: specify
|
|
|
- o SOCKS interface: implement
|
|
|
- o Cache answers client-side
|
|
|
- o Add to Tor-resolve.py
|
|
|
- o Add to tor-resolve
|
|
|
- D Be a DNS proxy.
|
|
|
- o Check for invalid characters in hostnames before trying to resolve
|
|
|
- them. (This will help catch attempts do to mean things to our DNS
|
|
|
- server, and bad software that tries to do DNS lookups on whole URLs.)
|
|
|
- o address_is_invalid_destination() is the right thing to call here
|
|
|
- (and feel free to make that function smarter)
|
|
|
- o add a config option to turn it off.
|
|
|
- o and a man page for that option
|
|
|
- o Bug 364: notice when all the DNS requests we get back (including a few
|
|
|
- well-known sites) are all going to the same place.
|
|
|
- o Bug 363: Warn and die if we can't find a nameserver and we're running a
|
|
|
- server; don't fall back to 127.0.0.1.
|
|
|
- o Re-check dns when we change IP addresses, rather than every 12 hours
|
|
|
- o Bug 326: Give fewer error messages from nameservers.
|
|
|
- o Only warn when _all_ nameservers are down; otherwise info.
|
|
|
- D Increase timeout; what's industry standard?
|
|
|
- D Alternatively, raise timeout when nameserver dies but comes back
|
|
|
- quickly?
|
|
|
- o Don't believe that our sole nameserver is dead? or, not until more
|
|
|
- failures than it would take to think one of several nameservers was
|
|
|
- dead?
|
|
|
- X Possibly, don't warn until second retry of a nameserver gets no
|
|
|
- answer?
|
|
|
- X warn if all of your nameservers go down and stay down for like
|
|
|
- 5 minutes.
|
|
|
-R o Take out the '5 second' timeout from the socks detach schedule.
|
|
|
-
|
|
|
- - Performance improvements
|
|
|
+ - Debug and re-enable server-side reverse DNS caching
|
|
|
+
|
|
|
|
|
|
- Critical but minor bugs, backport candidates.
|
|
|
- support dir 503s better
|
|
|
@@ -136,22 +83,11 @@ R o Take out the '5 second' timeout from the socks detach schedule.
|
|
|
D But eventually, we give up after getting a lot of 503s.
|
|
|
N - Delay when we get a lot of 503s, rather than punting onto the
|
|
|
servers that have given us 503s?
|
|
|
- o split "router is down" from "dirport shouldn't be tried for a while"?
|
|
|
- We want a field to hold "when did we last get a 503 from this
|
|
|
- directory server." Probably, it should go in local_routerstatus_t,
|
|
|
- not in routerinfo_t, since we can try to use servers as directories
|
|
|
- before we have their descriptors. Possibly, it should also go in
|
|
|
- trusted_dir_server_t.
|
|
|
- o Add a last_dir_503_at field.
|
|
|
- o Have it get updated correctly.
|
|
|
- o Prefer to use directories that haven't given us a 503 for the last
|
|
|
- 60 minutes.
|
|
|
- authorities should *never* 503 a cache, and should never 503
|
|
|
network status requests. They can 503 client descriptor requests
|
|
|
when they feel like it.
|
|
|
- update dir-spec with what we decided for each of these
|
|
|
|
|
|
-
|
|
|
o Have a mode that doesn't write to disk much, so we can run Tor on
|
|
|
flash memory (e.g. Linksys routers or USB keys).
|
|
|
o Add AvoidDiskWrites config option.
|
|
|
@@ -163,6 +99,10 @@ N - Delay when we get a lot of 503s, rather than punting onto the
|
|
|
|
|
|
NR. Write path-spec.txt
|
|
|
|
|
|
+ - Polishing
|
|
|
+ - Profile client and server; fix slow spots
|
|
|
+ - Address XXX012 items
|
|
|
+
|
|
|
- Packaging
|
|
|
- Tell people about OSX Uninstaller
|
|
|
- Quietly document NT Service options
|
|
|
@@ -173,8 +113,6 @@ NR D Get some kind of "meta signing key" to be used solely to sign
|
|
|
key, etc.
|
|
|
- If we haven't replaced privoxy, lock down its configuration in all
|
|
|
packages, as documented in tor-doc-unix.html
|
|
|
- o script to look at config.c, torrc.sample, tor.1.in, to tell us
|
|
|
- what's missing in which and notice which descriptions are missing.
|
|
|
|
|
|
- Docs
|
|
|
- More prominently, we should have a recommended apps list.
|
|
|
@@ -196,8 +134,6 @@ R - "bandwidth classes", for incoming vs initiated-here conns,
|
|
|
- separate config options for read vs write limiting
|
|
|
|
|
|
- Forward compatibility fixes
|
|
|
- o Stop requiring "opt" to ignore options in descriptors, networkstatuses,
|
|
|
- and so on.
|
|
|
- Caches should start trying to cache consensus docs?
|
|
|
- Start uploading short and long descriptors; authorities should support
|
|
|
URLs to retrieve long descriptors, and should discard short descriptors
|
|
|
@@ -215,13 +151,6 @@ Topics to think about during 0.1.2.x development:
|
|
|
- Design next-version protocol for directories
|
|
|
- Design next-version protocol for connections
|
|
|
|
|
|
-For blocking-resistance scheme:
|
|
|
- o allow ordinary-looking ssl for dir connections. need a new dirport
|
|
|
- for this, or can we handle both ssl and non-ssl, or should we
|
|
|
- entirely switch to ssl in certain cases?
|
|
|
- D need to figure out how to fetch status of a few servers from the BDA
|
|
|
- without fetching all statuses. A new URL to fetch I presume?
|
|
|
-
|
|
|
Deferred from 0.1.2.x:
|
|
|
P - Figure out why dll's compiled in mingw don't work right in WinXP.
|
|
|
P - Figure out why openssl 0.9.8d "make test" fails at sha256t test.
|
|
|
@@ -296,8 +225,6 @@ P - Figure out why openssl 0.9.8d "make test" fails at sha256t test.
|
|
|
- a way to pick entry guards based wholly on extend_info equivalent;
|
|
|
a way to export extend_info equivalent.
|
|
|
|
|
|
- o Count TLS bandwidth more accurately
|
|
|
-
|
|
|
- Better estimates in the directory of whether servers have good uptime
|
|
|
(high expected time to failure) or good guard qualities (high
|
|
|
fractional uptime).
|
|
|
@@ -337,11 +264,8 @@ R - add d64 and fp64 along-side d and fp so people can paste status
|
|
|
- add a "default.action" file to the tor/vidalia bundle so we can fix the
|
|
|
https thing in the default configuration:
|
|
|
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#PrivoxyWeirdSSLPort
|
|
|
- o even if your torrc lists yourself in your myfamily line, don't list it in
|
|
|
- the descriptor.
|
|
|
. Flesh out options_description array in src/or/config.c
|
|
|
- Don't let 'newnym' be triggered more often than every n seconds.
|
|
|
- o change log_fn() to log() on notice/warn/err logs where we can.
|
|
|
X If we try to publish as a nickname that's already claimed, should
|
|
|
we append a number (or increment the number) and try again? This
|
|
|
way people who read their logs can fix it as before, but people
|
|
|
@@ -356,7 +280,6 @@ R - add d64 and fp64 along-side d and fp so people can paste status
|
|
|
- Rate limit exit connections to a given destination -- this helps
|
|
|
us play nice with websites when Tor users want to crawl them; it
|
|
|
also introduces DoS opportunities.
|
|
|
- o The bw_accounting file should get merged into the state file.
|
|
|
- Streamline how we pick entry nodes: Make choose_random_entry() have
|
|
|
less magic and less control logic.
|
|
|
- Christian Grothoff's attack of infinite-length circuit.
|
Nick Mathewson