TODO 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247
  1. make connection_flush_buf() more obviously obsolete
  2. let hup reread the config file, eg so we can get new exit policies without restarting
  3. use times(2) rather than gettimeofday to measure how long it takes to process a cell
  4. Legend:
  5. SPEC!! - Not specified
  6. SPEC - Spec not finalized
  7. NICK - nick claims
  8. ARMA - arma claims
  9. - Not done
  10. * Top priority
  11. . Partially done
  12. o Done
  13. D Deferred
  14. X Abandoned
  15. Short-term:
  16. o routers have identity key, link key, onion key.
  17. o link key certs are
  18. D signed by identity key
  19. D not in descriptor
  20. o not in config
  21. D not on disk
  22. o identity and onion keys are in descriptor (and disk)
  23. o upon boot, if it doesn't find identity key, generate it and write it.
  24. o also write a file with the identity key fingerprint in it
  25. o router generates descriptor: flesh out router_get_my_descriptor()
  26. o Routers sign descriptors with identity key
  27. o routers put version number in descriptor
  28. o routers should maybe have `uname -a` in descriptor?
  29. o Give nicknames to routers
  30. o in config
  31. o in descriptors
  32. o router posts descriptor
  33. o when it boots
  34. D when it changes
  35. o change tls stuff so certs don't get written to disk, or read from disk
  36. o make directory.c 'thread'safe
  37. o dirserver parses descriptor
  38. o dirserver checks signature
  39. D client checks signature?
  40. o dirserver writes directory to file
  41. o reads that file upon boot
  42. o directory includes all routers, up and down
  43. o add "up" line to directory, listing nicknames
  44. ARMA . find an application that uses half-open connections: openssh
  45. o instruments ORs to report stats
  46. o average cell fullness
  47. o average bandwidth used
  48. . integrate rep_ok functions, see what breaks
  49. ARMA - configure log files. separate log file, separate severities.
  50. ARMA - what assumptions break if we fclose(0) when we daemonize?
  51. o make buffer struct elements opaque outside buffers.c
  52. ARMA . Go through log messages, reduce confusing error messages.
  53. ARMA . make the logs include more info (fd, etc)
  54. ARMA . add log convention to the HACKING file
  55. - make 'make install' do the right thing
  56. o change binary name to tor
  57. o change config files so you look at commandline, else look in
  58. /etc/torrc. no cascading.
  59. o have an absolute datadir with fixed names for files, and fixed-name
  60. keydir under that with fixed names
  61. ARMA - tor faq
  62. list all other systems, why we're different.
  63. o Move (most of) the router/directory code out of main.c
  64. Mid-term:
  65. . migrate to using nickname rather than addr:port for routers
  66. o decide_aci_type
  67. - generate onion skins
  68. - circuit_send_next_onion_skin
  69. - circuit_extend
  70. - onion_generate_cpath
  71. - get_unique_aci_by_addr_port
  72. - circ->n_addr and circ->n_port
  73. - circuit_enumerate_by_naddr_nport
  74. - cpath layers
  75. - connection_or_connect
  76. - connection_exact_get_by_addr_port
  77. - connection_twin_get_by_addr_port
  78. - router_get_by_addr_port
  79. - connection_or_init_conn_from_router
  80. - tag_pack, tag_unpack, connection_cpu_process_inbuf
  81. - directory_initiate_command
  82. . Redo scheduler
  83. o fix SSL_read bug for buffered records
  84. - make round-robining more fair
  85. - What happens when a circuit's length is 1? What breaks?
  86. . streams / circuits
  87. o Implement streams
  88. o Rotate circuits after N minutes?
  89. X Circuits should expire when circuit->expire triggers
  90. NICK . Handle half-open connections
  91. o Figure out what causes connections to close, standardize
  92. when we mark a connection vs when we tear it down
  93. o Look at what ssl does to keep from mutating data streams
  94. ARMA - Reduce streamid footprint from 7 bytes to 2 bytes
  95. - Check for collisions in streamid (now possible with
  96. just 2 bytes), and back up & replace with padding if so
  97. - Use the 3 saved bytes to put pseudorandomness in each relay cell
  98. - Use the 4 reserved bytes in each cell header to keep 1/5
  99. of a sha1 of the relay payload (move into stream header)
  100. - Move length into the stream header too
  101. - Spec the stream_id stuff. Clarify that nobody on the backward
  102. stream should look at stream_id.
  103. ARMA . Exit policies
  104. o Spec how to write the exit policies
  105. - Path selection algorithms
  106. - Let user request certain nodes
  107. - And disallow certain nodes
  108. D Choose path by jurisdiction, etc?
  109. - Make relay end cells have failure status and payload attached
  110. - Streams that fail due to exit policy must reextend to new node
  111. - Add extend_wait state to edge connections, thumb through them
  112. when the AP get an extended cell.
  113. SPEC!! D Non-clique topologies
  114. D Implement our own memory management, at least for common structs
  115. . Put CPU workers in separate processes
  116. o Handle multiple cpu workers (one for each cpu, plus one)
  117. o Queue for pending tasks if all workers full
  118. o Support the 'process this onion' task
  119. D Merge dnsworkers and cpuworkers to some extent
  120. - Handle cpuworkers dying
  121. o Simple directory servers
  122. o Include key in source; sign directories
  123. o Signed directory backend
  124. o Document
  125. o Integrate
  126. o Add versions to code
  127. o Have directories list recommended-versions
  128. o Include (unused) line in directories
  129. o Check for presence of line.
  130. o Quit if running the wrong version
  131. o Command-line option to override quit
  132. o Add more information to directory server entries
  133. o Exit policies
  134. D Advanced directory servers
  135. D Automated reputation management
  136. SPEC!! D Figure out how to do threshold directory servers
  137. D jurisdiction info in dirserver entries? other info?
  138. . Scrubbing proxies
  139. - Find an smtp proxy?
  140. - Check the old smtp proxy code
  141. o Find an ftp proxy? wget --passive
  142. D Wait until there are packet redirectors for Linux
  143. . Get socks4a support into Mozilla
  144. . Get tor to act like a socks server
  145. o socks4, socks4a
  146. ARMA - socks5
  147. SPEC!! - Handle socks commands other than connect, eg, bind?
  148. . Develop rendezvous points
  149. o Design
  150. - Spec
  151. - Implement
  152. D Deploy and manage open source development site.
  153. . Documentation
  154. o Discussion of socks, tsocks, etc
  155. o On-the-network protocol
  156. o Onions
  157. o Cells
  158. . Better comments for functions!
  159. - Tests
  160. o Testing harness/infrastructure
  161. NICK . Unit tests
  162. D System tests (how?)
  163. - Performance tests, so we know when we've improved
  164. . webload infrastructure (Bruce)
  165. . httperf infrastructure (easy to set up)
  166. . oprofile (installed in RH >8.0)
  167. D Deploy a widespread network
  168. D Load balancing between router twins
  169. D Keep track of load over links/nodes, to
  170. know who's hosed
  171. NICK . Daemonize and package
  172. o Teach it to fork and background
  173. - Red Hat spec file
  174. - Debian spec file equivalent
  175. . Portability
  176. . Which .h files are we actually using?
  177. . Port to:
  178. o Linux
  179. o BSD
  180. . Solaris
  181. o Cygwin
  182. o Win32
  183. o OS X
  184. - deal with pollhup / reached_eof on all platforms
  185. o openssl randomness
  186. o inet_ntoa
  187. . stdint.h
  188. - Make a script to set up a local network on your machine
  189. X Move away from openssl
  190. o Abstract out crypto calls
  191. X Look at nss, others? Just include code?
  192. o Clearer bandwidth management
  193. o Do we want to remove bandwidth from OR handshakes?
  194. o What about OP handshakes?
  195. - More flexibility in node addressing
  196. D Support IPv6 rather than just 4
  197. - Handle multihomed servers (config variable to set IP)
  198. . Move from onions to ephemeral DH
  199. o incremental path building
  200. o transition circuit-level sendmes to hop-level sendmes
  201. o implement truncate, truncated
  202. o move from 192byte DH to 128byte DH, so it isn't so damn slow
  203. - exiting from not-last hop
  204. - OP logic to decide to extend/truncate a path
  205. - make sure exiting from the not-last hop works
  206. - logic to find last *open* hop, not last hop, in cpath
  207. - choose exit nodes by exit policies
  208. Older (done) todo stuff:
  209. o Use a stronger cipher
  210. o aes now, by including the code ourselves
  211. X On the fly compression of each stream
  212. o Clean up the event loop (optimize and sanitize)
  213. o Remove that awful concept of 'roles'
  214. o Terminology
  215. o Circuits, topics, cells stay named that
  216. o 'Connection' gets divided, or renamed, or something?
  217. o DNS farm
  218. o Distribute queries onto the farm, get answers
  219. o Preemptively grow a new worker before he's needed
  220. o Prune workers when too many are idle
  221. o DNS cache
  222. o Clear DNS cache over time
  223. D Honor DNS TTL info (how??)
  224. o Have strategy when all workers are busy
  225. o Keep track of which connections are in dns_wait
  226. o Need to cache positives/negatives on the tor side
  227. o Keep track of which queries have been asked
  228. o Better error handling when
  229. o An address doesn't resolve
  230. o We have max workers running
  231. o Consider taking the master out of the loop?
  232. X Implement reply onions
  233. o Total rate limiting
  234. o Look at OR handshake in more detail
  235. o Spec it
  236. o Merge OR and OP handshakes
  237. o rearrange connection_or so it doesn't suck so much to read
  238. D Periodic link key rotation. Spec?
  239. o wrap malloc with something that explodes when it fails
  240. o Clean up the number of places that get to look at prkey