1 PHASE #1: (Goal: settle key design questions)
4 * Make sure that the service does not go bezerk
5 on all plugins and all sessions on disconnects,
6 specifically, whenever disconnect_neighbour is called.
7 (We may have other sessions, in particular through other transports,
8 that are active for the same peer; clearly we should
9 not immediately discard all messages and stop all
10 plugins); the call is fine in the various places where it is; but except in the
11 timeout case, we should check the status of the other plugins before killing all.
13 * "Another peer saw us using..." messages for TCP
14 use the (random, high) sender port instead of the
15 adjusted port; this will be confusing to users...
18 * improve disk API [Nils] (Nils, is this done? -Christian)
19 * Windows: use events instead of pipes to signal select()s [Nils]
20 * only connect() sockets that are ready (select()) [Nils]
21 [On W32, we need to select after calling socket before
25 For these functions, it would be nice if we had testcases ("make check")
26 that would cause them to be executed and check that they are working:
27 * gnunet-service-peerinfo:
28 - change_host_trust / flush_trust
30 - discard_hosts_helper / cron_clean_data_hosts
31 * gnunet-service-transport:
32 - try_unvalidated_addresses
33 - lookup_address_callback
34 - lookup_hello_callback
35 - plugin_env_lookup_address
36 - notify_clients_disconnect
37 - list_validated_addresses
39 - disconnect_neighbour
41 * plugin_transport_tcp.c:
43 - tcp_plugin_address_pretty_printer / append_port
44 - tcp_plugin_set_receive_quota
47 - GNUNET_TRANSPORT_set_qutoa / send_set_quota
51 - remove_from_any_list / remove_neighbour
52 - GNUNET_TRANSPORT_notify_transmit_ready_cancel
55 - solicit_traffic / copy_and_free
56 - GNUNET_CORE_peer_configure / produce_configure_message
57 * gnunet-service-core:
60 - handle_client_request_configure
63 - handle_transport_notify_disconnect
64 * hostlist (everything)
65 * topology (everything)
69 PHASE #2: (Goal: recover basic file-sharing functionality)
72 * implement sqlite-based sqstore/datastore service
73 + implement service (datastore + talks to plugin)
74 + implement library (talks to service)
75 + implement sqlite plugin (talks to DB)
76 + fix testcases (make them use CPS, complete their inner workings...)
77 * implement sqlite-based dstore services
79 + implement library (talks to service)
80 + implement service (talks to plugin)
81 + implement sqlite plugin (talks to DB)
89 PHASE #3: (Goal: ready for pre-release) [completion-goal: end of 2009]
99 * UDP backend (need LIBRARY to support (de)fragmentation!)
102 + Testcases for set_quota, timeouts, disconnects, transmit_ready_cancel
103 + Better coverage of gnunet-service-transport (HELLO validation)
104 + direct test of plugins compliance to plugin API
107 * sqlite, mysql & postgres backend
113 - crypto_hash: use libgcrypt (supports SHA-512 since 2003)
114 - container_bloomfilter: improve efficiency (see FIXME)
116 - inefficient memmove
118 - transport_api: support forcing disconnects through low quotas!
119 (required for working F2F support!)
120 - API: consider having core provide deadline information for each message
121 (likely important for DV plugin which wants to loop back!)
122 - implement transport API to pretty-print transport address
123 + transport_api extension (API extension!)
124 + service-transport extension (protocol extension)
125 - add calls to statistics in various places
126 - implement gnunet-transport (transport configurator / tester)
127 - UPnP-based IP detection
128 (Note: build library always, build service when libxml2/etc. are available)
129 - instantly filter addresses from *other* peers that
130 are *equal* to our own address + port (i.e., localhost:2086). We
131 no longer filter those for outgoing (helps with loopback testing
132 and keeps the code clean), but we should filter strictly *impossible*
133 incoming addresses! This is for efficiency, not correctness.
134 - We currently are happy to take any address told to us in a WELCOME
135 to our set of addresses; we should have some minimal threshold-based
136 scheme, limiting both the total number of addresses that we accept
137 this way as well as requiring multiple confirmations; also, we
138 should possibly try to confirm that the given address works for
139 us ourselves (loopback-style) before adding it to the list
141 + we may be able to simplify WELCOME messages (no need to add
142 addresses there anymore, but may help to learn them there anyway...).
143 + we probably want some kind of voting/counting for learning IP addresses
144 (maybe including IP addresses in ads proportional to how often others
145 report them? we at least need some protection against >64k HELLOs!),
146 + provide a way to give the user a list of "learned" IP addresses and
147 a way to easily "veto" addresses off the list!
148 => If MiM attacker uses vetoed address, blacklist the specific IP for
149 the presumed neighbour!
150 - not sure current way of doing ACKs works well-enough
151 with unreliable transports where the ACK maybe lost;
152 the "is_new" check would then possibly prevent future
153 ACKs to be delivered, all while we're happily
154 receiving messages from that peer! Worse, the other
155 peer won't generate another ACK since it thinks we're
156 connected just fine...
158 + How necessary is ACKing in the first place? (alternatives?)
159 + Should we transmit ACKs in response to every HELLO? (would that
160 fully address the problem?)
161 - latency measurements implemented in the transport
162 plugins makes it only work for bi-di transports
163 and results in code replication
164 - should latency be included in the ReceiveCallback and
165 NotifyConnect or passed on request?
166 - FIXME's with latency being simply set to 0 in a few places
168 - auto-generate "defaults.conf" using gnunet-setup from "config.scm"
169 - integrate all options into "config.scm"
170 - change config-file writing to exclude options set to default values
172 - implement exponential back-off for service restarts
173 - better tracking of which config changes actually need to cause process restarts by ARM.
174 - have way to specify dependencies between services (to manage ARM restarts better)
175 - client-API is inefficient since it opens a TCP connection per service that is started
176 (instead of re-using connections).
178 - code currently notifies clients about "encrypted" connections being up well before
179 we get the encrypted PONG; sometimes this may be OK (for topology killing
180 unwanted connnections), but of course not in general. I suspect we want
181 to signal on PONG and have topology hook directly into transport to
182 kill plaintext connections before they have a chance to become encrypted
183 (may require minor hack in transport API)
185 - have gnunet-peerinfo print actual host addresses again
186 - add option to gnunet-peerinfo to modify trust value
188 - finish postgres implementation; simplify other SQLs using new stats
193 - active reply route caching design & implementation of service,
196 - implement advertising of hostlist URL
197 - implement learning of hostlist URLs
203 PHASE #4: [completion-goal: mid 2010]
211 * Features eliminated from util:
212 - threading (goal: good riddance!)
213 - complex logging features [ectx-passing, target-kinds] (goal: good riddance!)
214 - complex configuration features [defaults, notifications] (goal: good riddance!)
215 - network traffic monitors (goal: eliminate)
216 - IPC semaphores (goal: d-bus? / eliminate?)
218 - DNS lookup (goal: have async service; issue: still need synchronous resolution in places, current code may not be portable)
219 => code shrunk from 61 files to 34, 22k LOC to 15k LOC, 470k to 330k (with symbols)
220 * New features in util:
222 - service and program boot-strap code
223 * Major changes in util:
224 - more expressive server (replaces selector)
226 - how to integrate scheduler with GTK event loop!