diff --git a/doc/TODO b/doc/TODO index 39ebff86ea..7e75acb4cf 100644 --- a/doc/TODO +++ b/doc/TODO @@ -57,45 +57,11 @@ R - Hunt for places that change networkstatus info that I might have TunnelDirConns and PreferTunneledDirConns R - actually cause the directory.c functions to know about or_port and use it when we're supposed to. -N - for tunneled edge conns, stop reading to the bridge connection +N o for tunneled edge conns, stop reading to the bridge connection when the or_conn we're writing to has a full outbuf. - - This is iffy. Really, it would've been better to stop writing - on the dir conn when the edge conn's inbuf is getting full. - But the issue there is that we package from edge - connections aggressively until we hit their package windows or the - circuit package windows, even if the buffer on the corresponding OR - connection is pretty damn big. This sucks from a RAM usage POV. - Now, we could try to stop reading on the edges (or just the edges - connected to a local bridge) when an or_conn's outbuf is full. But - if we're a server, and we stop reading on some exit conns when OR - conns are full, soon OR conns will contain only traffic from other OR - conns, and the exit data in question will never get written. - - - The right solution in the long run (0.2.0) is probably as follows: - - Remove socketpair-based bridges: use shared (or connected) buffers - for communication, rather than sockets. - - When relaying cells from an OR conn to an OR conn, have them wait - in a queue on the or_circuit_t object; don't move them onto the - target conn until there is space in the target conn's outbuf. - Also, only package data from exitconns when there is space in the - target conn's outbuf. - - As an added advantage, this would let us kill stalled _circuits_ - when their buffers get too full, rather than killing entire OR - conns. But we must think about anonymity implications of that. - - We'll probably want to do some kind of big refactoring of our - dataflow when we do these changes; stuff is hairy enough already, - and it will only get harrier with this stuff. - - - For the short run, our options seem to be: - - Disable BEGIN_DIR support at the server-side unless it's - explicitly turned on. - - Go ahead and make directory bridge data not get produced when the - corresponding or_conn is full, and accept the sometimes directory - data will just never get written. - - Rate-limit directory bridge data somehow when the corresponding - or_conn is full. Possibly based on the flush rate of the or_conn? - - Reject BEGIN_DIR requests that we think will be insanely big. - + . make directory bridge data not get produced when the corresponding + or_conn is full, and accept the sometimes directory data will just + never get written. N - DNS improvements . Asynchronous DNS @@ -157,6 +123,10 @@ N - Implement, if we think it's smart. a descriptor. NR - Design N - Implement, if we think it's smart. + - Check for any outstanding checks we do on the form or number of client + certificates that would prevent us from executing certain + blocking-resistance strategies. + Topics to think about during 0.1.2.x development: * Figure out incentives. @@ -197,6 +167,29 @@ P - Figure out why openssl 0.9.8d "make test" fails at sha256t test. - What do we do about the fact that people can't read zlib- compressed files manually? + - Change the way we handle cells, flow-control, and bridges. + - The issue is that we package from edge connections aggressively until + we hit their package windows or the circuit package windows, even if + the buffer on the corresponding OR connection is pretty damn big. This + sucks from a RAM usage POV. Now, we could try to stop reading on the + edges (or just the edges connected to a local bridge) when an or_conn's + outbuf is full. But if we're a server, and we stop reading on some + exit conns when OR conns are full, soon OR conns will contain only + traffic from other OR conns, and the exit data in question will never + get written. + - Remove socketpair-based bridges: use shared (or connected) buffers for + communication, rather than sockets. + - When relaying cells from an OR conn to an OR conn, have them wait in a + queue on the or_circuit_t object; don't move them onto the target conn + until there is space in the target conn's outbuf. Also, only package + data from exitconns when there is space in the target conn's outbuf. + - As an added advantage, this would let us kill stalled _circuits_ + when their buffers get too full, rather than killing entire OR + conns. But we must think about anonymity implications of that. + - We'll probably want to do some kind of big refactoring of our + dataflow when we do these changes; stuff is hairy enough already, + and it will only get harrier with this stuff. + - If the client's clock is too far in the past, it will drop (or just not try to get) descriptors, so it'll never build circuits. - Tolerate clock skew on bridge relays.