X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=TODO;h=99b21d3e4b869d9b74922ea647d55adb0d9f505d;hb=9de190ef8975f525d2e841e6658e344e771e1a19;hp=e9a52069eb7994a33b17d7ff3a90f39063a32112;hpb=191131b599cc0dc1219930221f84155b870ec6cd;p=oweals%2Fgnunet.git diff --git a/TODO b/TODO index e9a52069e..99b21d3e4 100644 --- a/TODO +++ b/TODO @@ -1,33 +1,5 @@ PHASE #1: (Goal: settle key design questions) -core: -- test fails with fresh /tmp directory (but passes when run a second time) - problem seems to be caused by HELLO validation (unvalidated - HELLO not used to connect for good, then somehow SETKEY never happens); - * double-check crypto involved in HELLO validation (PONG signature check; - what about MiM? Might be trivial right now; adding source IP-address - to PONG signature might help? How would we validate that (given that - we may be learning our source IP address(es) the same way...)) - + if we add address to transport-level PONG, we may be able to simplify - WELCOME messages (no need to add addresses there anymore, right?); - + we probably want some kind of voting/counting for learning IP addresses - (maybe including IP addresses in ads proportional to how often others - report them? we at least need some protection against >64k HELLOs!), - + provide a way to give the user a list of "learned" IP addresses and - a way to easily "veto" addresses off the list! - => If MiM attacker uses vetoed address, blacklist the specific IP for - the presumed neighbour! - * Use special, non-WELCOMEing TCP-connection for HELLO/address validation; - that way, we can avoid confusion between a dozen parallel validating connections - and the real one, avoid queueing messages on validating connections and - shut those down immediately after sending/receiving the PONG - (and maybe avoid some signalling about connections to the other layers) - * core notifies clients about "encrypted" connections being up well before - we get the encrypted PONG; sometimes this may be OK (for topology killing - unwanted connnections), but of course not in general. I suspect we want - to signal on PONG and have topology hook directly into transport to - kill plaintext connections before they have a chance to become encrypted - (may require minor hack in transport API) Util: * improve disk API [Nils] (Nils, is this done? -Christian) @@ -114,8 +86,8 @@ Transports: * UDP backend (need LIBRARY to support (de)fragmentation!) * HTTP backend * Testing: - + Testcases for set_quota, timeouts, disconnects, transmit_ready_cancel - + Better coverage of gnunet-service-transport (hello validation) + + Testcases for set_quota, timeouts, disconnects, transmit_ready_cancel + + Better coverage of gnunet-service-transport (HELLO validation) + direct test of plugins compliance to plugin API Databases: @@ -153,6 +125,15 @@ Minor TODO items: should possibly try to confirm that the given address works for us ourselves (loopback-style) before adding it to the list [SECURITY issue] + + we may be able to simplify WELCOME messages (no need to add + addresses there anymore, but may help to learn them there anyway...). + + we probably want some kind of voting/counting for learning IP addresses + (maybe including IP addresses in ads proportional to how often others + report them? we at least need some protection against >64k HELLOs!), + + provide a way to give the user a list of "learned" IP addresses and + a way to easily "veto" addresses off the list! + => If MiM attacker uses vetoed address, blacklist the specific IP for + the presumed neighbour! - not sure current way of doing ACKs works well-enough with unreliable transports where the ACK maybe lost; the "is_new" check would then possibly prevent future @@ -169,6 +150,26 @@ Minor TODO items: and results in code replication - should latency be included in the ReceiveCallback and NotifyConnect or passed on request? + - FIXME's with latency being simply set to 0 in a few places + - Memory leak (running valgrind --trace-children=yes on test_transport_api: + ==28393== 16 bytes in 1 blocks are indirectly lost in loss record 1 of 5 + ==28393== at 0x4C2260E: malloc (vg_replace_malloc.c:207) + ==28393== by 0x52343E3: GNUNET_xmalloc_unchecked_ (common_allocation.c:62) + ==28393== by 0x5234389: GNUNET_xmalloc_ (common_allocation.c:53) + ==28393== by 0x524458A: GNUNET_NETWORK_socket_create_from_accept (network.c:289) + ==28393== by 0x524B2DA: ??? (server.c:332) + ==28393== by 0x524A4C7: ??? (scheduler.c:425) + ==28393== by 0x524A73D: GNUNET_SCHEDULER_run (scheduler.c:510) + ==28393== by 0x524FF8C: GNUNET_SERVICE_run (service.c:1326) + ==28393== by 0x405500: main (gnunet-service-transport.c:2645) + And also: + ==28393== 65,744 (65,728 direct, 16 indirect) bytes in 1 blocks are definitely lost in loss record 5 of 5 + ==28393== at 0x4C2260E: malloc (vg_replace_malloc.c:207) + ==28393== by 0x52343E3: GNUNET_xmalloc_unchecked_ (common_allocation.c:62) + ==28393== by 0x5234389: GNUNET_xmalloc_ (common_allocation.c:53) + ==28393== by 0x524473E: GNUNET_NETWORK_socket_create_from_accept (network.c:323) + (rest of trace identical) + * SETUP: - auto-generate "defaults.conf" using gnunet-setup from "config.scm" - integrate all options into "config.scm" @@ -179,6 +180,13 @@ Minor TODO items: - have way to specify dependencies between services (to manage ARM restarts better) - client-API is inefficient since it opens a TCP connection per service that is started (instead of re-using connections). +* CORE: + - code currently notifies clients about "encrypted" connections being up well before + we get the encrypted PONG; sometimes this may be OK (for topology killing + unwanted connnections), but of course not in general. I suspect we want + to signal on PONG and have topology hook directly into transport to + kill plaintext connections before they have a chance to become encrypted + (may require minor hack in transport API) * PEERINFO: - have gnunet-peerinfo print actual host addresses again - add option to gnunet-peerinfo to modify trust value