Loading doc/TODO +87 −24 Original line number Diff line number Diff line Loading @@ -11,50 +11,95 @@ ARMA - arma claims D Deferred X Abandoned bug fixes, necessary: - Why is the first entry of kill -USR1 a router with a 0 key? - why does common/util.c build-depend on or/or.h ? 0.0.8: NICK - Why is the first entry of kill -USR1 a router with a 0 key? NICK - why does common/util.c build-depend on or/or.h ? NICK? - Tors deal appropriately when a newly-verified router has the same nickname as another router they know about NICK? - Add '[...truncated]' or similar to truncated log entries (like the directory in connection_dir_process_inbuf()). NICK? - put ip:port:keyhash in intro points, rendezvous points, and hidserv descriptors. * implement parsing and stuff, but don't switch over the cells until sometime in the future. NICK - unify similar config entries that need to be split. put them into a smartlist, and have things take a smartlist. o if a begin failed due to exit policy, but we believe the IP should have been allowed, switch that router to exitpolicy reject *:* until we get our next directory. o tor-resolve needs a man page - "AllowUnverifiedRouters" config option NICK - Parse it into 3 bits ARMA - Consider it when picking nodes for your path ARMA - if there's only one entrynode preference and multiple exit node choices, don't pick the desired entrynode as exit. o 'fascistfirewall' option to pick dirservers on port 80 and ORs on port 443. NICK - extend it to take a range of ports ARMA - don't replace options->Address with the resolved one at startup. keep the old one and also have a new one. ARMA - detect our address right before we make a routerinfo each time? ARMA - external IP vs bind-IP NICK - parse uptime into router->uptime o clients choose nodes proportional to advertised bandwidth o and/or while avoiding unreliable nodes, depending on goals - figure out what to do when somebody asks to extend to ip:port:differentkey * reject it. assuming this is as dumb as it sounds. - make loglevel info less noisy - defining an ORPort isn't necessary anymore, if you use ORAddress:port. Same with DirPort, SocksPort. * fix is-a-server macro to look at *bindaddress too. bug fixes, might be handy: - the directory servers complain a lot about people using the old key. does 0.0.7 use dirservers before it's pulled down the directory? - put expiry date on onion-key, so people don't keep trying old ones that they could know are expired? * Leave on todo list, see if pre3 onion fixes helped enough. - should the running-routers list put unverified routers at the end? * Cosmetic, don't do it yet. - make advertised_server_mode() ORs fetch dirs more often. - if a begin failed due to exit policy, but we believe the IP should have been allowed, switch that router to exitpolicy reject *:* until we get our next directory. - Tors deal appropriately when a newly-verified router has the same nickname as another router they know about * not necessary yet. - Add a notion of nickname->Pubkey binding that's not 'verification' * eventually, only when needed - ORs use uniquer default nicknames * Don't worry about this for now - Handle full buffers without totally borking - Add '[...truncated]' or similar to truncated log entries (like the directory in connection_dir_process_inbuf()). protocol changes and design work: - put ip:port in intro points, rendezvous points, and hidserv descriptors. - figure out what to do when somebody asks to extend to ip:port:differentkey * do this eventually, no rush. more features, easy: - check the date in the http headers, compare for clock skew. * nick should do this - requiredentrynode vs preferredentrynode * nick can do this, and will figure out what it should be called - per-month byte allowances - tor-resolve needs a man page - "AllowUnverifiedRouters" config option - Parse it into a bitvector - Consider it when picking nodes for your path * nick will spec something. - have a pool of circuits available, cannibalize them for your purposes (e.g. rendezvous, etc). * hold off on that. - node 'groups' that are known to be in the same zone of control * nick and roger will talk about it - do resolve before trying to attach the stream * don't do this for now. - if destination IP is running a tor node, extend a circuit there before sending begin. * don't do this for now. figure out how enclaves work. but do enclaves soon. more features, complex: - defining an ORPort isn't necessary anymore, if you use ORAddress:port. Same with DirPort, SocksPort. - compress the directory. client sends http header "accept-transfer-encoding: gzip", server might send http header "transfer-encoding: gzip". ta-da. - grow a zlib dependency. keep a cached compressed directory. * nick will look into this. not critical priority. - Switch dirservers entries to config lines: - read in and parse each TrustedDir config line. - stop reading dirservers file. Loading @@ -67,15 +112,19 @@ ARMA - arma claims options.TrustedDirs, and make sure there's a descriptor with that nickname, whose key hashes to the fingerprint, and who correctly signed the directory. * nick will do the above - when fetching a directory, if you want a trusted one, choose from the trusteddir list. - which means keeping track of which ones are "up" - if you don't need a trusted one, choose from the routerinfo list if you have one, else from the trusteddir list. * roger will do the above - add a listener for a ui * nick chats with weasel - and a basic gui - Have clients and dirservers preserve reputation info over reboots. * continue not doing until we have something we need to preserve - users can set their bandwidth, or we auto-detect it: - advertised bandwidth defaults to 10KB o advertised bandwidth is the min of max seen in each direction Loading @@ -90,11 +139,12 @@ ARMA - arma claims - start counting again if your IP ever changes. - never regenerate identity keys, for now. - you can set a bit for not-being-an-OR. - clients choose nodes proportional to advertised bandwidth * no need to do this yet. few people define their ORPort. - authdirserver lists you as running iff: - he can connect to you - he has successfully extended to you - you have sufficient mean-time-between-failures * keep doing nothing for now. blue sky: - Possible to get autoconf to easily install things into ~/.tor? Loading @@ -103,6 +153,7 @@ ARMA - arma claims . rename/rearrange functions for what file they're in - generalize our transport: add transport.c in preparation for http, airhook, etc transport. NICK - investigate sctp for alternate transport. For September: NICK . Windows port Loading @@ -117,28 +168,39 @@ NICK . Windows port - installer - Docs - FAQ . FAQ o overview of tor. how does it work, what's it do, pros and cons of using it, why should I use it, etc. - a howto tutorial with examples * put a stub on the wiki o tutorial: how to set up your own tor network - (need to not hardcode dirservers file in config.c) * this will be solved when we put dirservers in config lines - port forwarding howto for ipchains, etc * roger add to wiki of requests . correct, update, polish spec - document the exposed function api? o document what we mean by socks. NICK . packages . rpm * nick will look at the spec file - find a long-term rpm maintainer * roger will start guilting people - code - better warn/info messages o let tor do resolves. o extend socks4 to do resolves? o make script to ask tor for resolves - write howto for setting up tsocks, socat. - including on osx and win32 - freecap handling - tsocks o gather patches, submit to maintainer * send him a reminder mail and see what's up. - intercept gethostbyname and others * add this to tsocks o do resolve via tor - redesign and thorough code revamp, with particular eye toward: - support half-open tcp connections Loading @@ -152,6 +214,7 @@ Other details and small and hard things: that it is able to rotate through. (maybe) - tie into squid - hidserv offerers shouldn't need to define a SocksPort * figure out what breaks for this, and do it. - when the client fails to pick an intro point for a hidserv, it should refetch the hidserv desc. . should maybe make clients exit(1) when bad things happen? Loading Loading
doc/TODO +87 −24 Original line number Diff line number Diff line Loading @@ -11,50 +11,95 @@ ARMA - arma claims D Deferred X Abandoned bug fixes, necessary: - Why is the first entry of kill -USR1 a router with a 0 key? - why does common/util.c build-depend on or/or.h ? 0.0.8: NICK - Why is the first entry of kill -USR1 a router with a 0 key? NICK - why does common/util.c build-depend on or/or.h ? NICK? - Tors deal appropriately when a newly-verified router has the same nickname as another router they know about NICK? - Add '[...truncated]' or similar to truncated log entries (like the directory in connection_dir_process_inbuf()). NICK? - put ip:port:keyhash in intro points, rendezvous points, and hidserv descriptors. * implement parsing and stuff, but don't switch over the cells until sometime in the future. NICK - unify similar config entries that need to be split. put them into a smartlist, and have things take a smartlist. o if a begin failed due to exit policy, but we believe the IP should have been allowed, switch that router to exitpolicy reject *:* until we get our next directory. o tor-resolve needs a man page - "AllowUnverifiedRouters" config option NICK - Parse it into 3 bits ARMA - Consider it when picking nodes for your path ARMA - if there's only one entrynode preference and multiple exit node choices, don't pick the desired entrynode as exit. o 'fascistfirewall' option to pick dirservers on port 80 and ORs on port 443. NICK - extend it to take a range of ports ARMA - don't replace options->Address with the resolved one at startup. keep the old one and also have a new one. ARMA - detect our address right before we make a routerinfo each time? ARMA - external IP vs bind-IP NICK - parse uptime into router->uptime o clients choose nodes proportional to advertised bandwidth o and/or while avoiding unreliable nodes, depending on goals - figure out what to do when somebody asks to extend to ip:port:differentkey * reject it. assuming this is as dumb as it sounds. - make loglevel info less noisy - defining an ORPort isn't necessary anymore, if you use ORAddress:port. Same with DirPort, SocksPort. * fix is-a-server macro to look at *bindaddress too. bug fixes, might be handy: - the directory servers complain a lot about people using the old key. does 0.0.7 use dirservers before it's pulled down the directory? - put expiry date on onion-key, so people don't keep trying old ones that they could know are expired? * Leave on todo list, see if pre3 onion fixes helped enough. - should the running-routers list put unverified routers at the end? * Cosmetic, don't do it yet. - make advertised_server_mode() ORs fetch dirs more often. - if a begin failed due to exit policy, but we believe the IP should have been allowed, switch that router to exitpolicy reject *:* until we get our next directory. - Tors deal appropriately when a newly-verified router has the same nickname as another router they know about * not necessary yet. - Add a notion of nickname->Pubkey binding that's not 'verification' * eventually, only when needed - ORs use uniquer default nicknames * Don't worry about this for now - Handle full buffers without totally borking - Add '[...truncated]' or similar to truncated log entries (like the directory in connection_dir_process_inbuf()). protocol changes and design work: - put ip:port in intro points, rendezvous points, and hidserv descriptors. - figure out what to do when somebody asks to extend to ip:port:differentkey * do this eventually, no rush. more features, easy: - check the date in the http headers, compare for clock skew. * nick should do this - requiredentrynode vs preferredentrynode * nick can do this, and will figure out what it should be called - per-month byte allowances - tor-resolve needs a man page - "AllowUnverifiedRouters" config option - Parse it into a bitvector - Consider it when picking nodes for your path * nick will spec something. - have a pool of circuits available, cannibalize them for your purposes (e.g. rendezvous, etc). * hold off on that. - node 'groups' that are known to be in the same zone of control * nick and roger will talk about it - do resolve before trying to attach the stream * don't do this for now. - if destination IP is running a tor node, extend a circuit there before sending begin. * don't do this for now. figure out how enclaves work. but do enclaves soon. more features, complex: - defining an ORPort isn't necessary anymore, if you use ORAddress:port. Same with DirPort, SocksPort. - compress the directory. client sends http header "accept-transfer-encoding: gzip", server might send http header "transfer-encoding: gzip". ta-da. - grow a zlib dependency. keep a cached compressed directory. * nick will look into this. not critical priority. - Switch dirservers entries to config lines: - read in and parse each TrustedDir config line. - stop reading dirservers file. Loading @@ -67,15 +112,19 @@ ARMA - arma claims options.TrustedDirs, and make sure there's a descriptor with that nickname, whose key hashes to the fingerprint, and who correctly signed the directory. * nick will do the above - when fetching a directory, if you want a trusted one, choose from the trusteddir list. - which means keeping track of which ones are "up" - if you don't need a trusted one, choose from the routerinfo list if you have one, else from the trusteddir list. * roger will do the above - add a listener for a ui * nick chats with weasel - and a basic gui - Have clients and dirservers preserve reputation info over reboots. * continue not doing until we have something we need to preserve - users can set their bandwidth, or we auto-detect it: - advertised bandwidth defaults to 10KB o advertised bandwidth is the min of max seen in each direction Loading @@ -90,11 +139,12 @@ ARMA - arma claims - start counting again if your IP ever changes. - never regenerate identity keys, for now. - you can set a bit for not-being-an-OR. - clients choose nodes proportional to advertised bandwidth * no need to do this yet. few people define their ORPort. - authdirserver lists you as running iff: - he can connect to you - he has successfully extended to you - you have sufficient mean-time-between-failures * keep doing nothing for now. blue sky: - Possible to get autoconf to easily install things into ~/.tor? Loading @@ -103,6 +153,7 @@ ARMA - arma claims . rename/rearrange functions for what file they're in - generalize our transport: add transport.c in preparation for http, airhook, etc transport. NICK - investigate sctp for alternate transport. For September: NICK . Windows port Loading @@ -117,28 +168,39 @@ NICK . Windows port - installer - Docs - FAQ . FAQ o overview of tor. how does it work, what's it do, pros and cons of using it, why should I use it, etc. - a howto tutorial with examples * put a stub on the wiki o tutorial: how to set up your own tor network - (need to not hardcode dirservers file in config.c) * this will be solved when we put dirservers in config lines - port forwarding howto for ipchains, etc * roger add to wiki of requests . correct, update, polish spec - document the exposed function api? o document what we mean by socks. NICK . packages . rpm * nick will look at the spec file - find a long-term rpm maintainer * roger will start guilting people - code - better warn/info messages o let tor do resolves. o extend socks4 to do resolves? o make script to ask tor for resolves - write howto for setting up tsocks, socat. - including on osx and win32 - freecap handling - tsocks o gather patches, submit to maintainer * send him a reminder mail and see what's up. - intercept gethostbyname and others * add this to tsocks o do resolve via tor - redesign and thorough code revamp, with particular eye toward: - support half-open tcp connections Loading @@ -152,6 +214,7 @@ Other details and small and hard things: that it is able to rotate through. (maybe) - tie into squid - hidserv offerers shouldn't need to define a SocksPort * figure out what breaks for this, and do it. - when the client fails to pick an intro point for a hidserv, it should refetch the hidserv desc. . should maybe make clients exit(1) when bad things happen? Loading
