2005-03-29 jrandom
* Decreased the initial RTT estimate to 10s to allow more retries.
* Increased the default netDb store replication factor from 2 to 6 to take
into consideration tunnel failures.
* Address some statistical anonymity attacks against the netDb that could
be mounted by an active internal adversary by only answering lookups for
leaseSets we received through an unsolicited store.
* Don't throttle lookup responses (we throttle enough elsewhere)
* Fix the NewsFetcher so that it doesn't incorrectly resume midway through
the file (thanks nickster!)
* Updated the I2PTunnel HTML (thanks postman!)
* Added support to the I2PTunnel pages for the URL parameter "passphrase",
which, if matched against the router.config "i2ptunnel.passphrase" value,
skips the nonce check. If the config prop doesn't exist or is blank, no
passphrase is accepted.
* Implemented HMAC-SHA256.
* Enable the tunnel batching with a 500ms delay by default
* Dropped compatability with 0.5.0.3 and earlier releases
* New /configupdate.jsp page for controlling the update / notification
process, as well as various minor related updates. Note that not all
options are exposed yet, and the update detection code isn't in place
in this commit - it currently says there is always an update available.
* New EepGet component for reliable downloading, with a CLI exposed in
java -cp lib/i2p.jar net.i2p.util.EepGet url
* Added a default signing key to the TrustedUpdate component to be used
for verifying updates. This signing key can be authenticated via
gpg --verify i2p/core/java/src/net/i2p/crypto/TrustedUpdate.java
* New public domain SHA1 implementation for the DSA code so that we can
handle signing streams of arbitrary size without excess memory usage
(thanks P.Verdy!)
* Added some helpers to the TrustedUpdate to work off streams and to offer
a minimal CLI:
TrustedUpdate keygen pubKeyFile privKeyFile
TrustedUpdate sign origFile signedFile privKeyFile
TrustedUpdate verify signedFile
2005-03-18 jrandom
* Minor tweak to the timestamper to help reduce small skews
* Adjust the stats published to include only the relevent ones
* Only show the currently used speed calculation on the profile page
* Allow the full max # resends to be sent, rather than piggybacking the
RESET packet along side the final resend (duh)
* Add irc.postman.i2p to the default list of IRC servers for new installs
* Drop support for routers running 0.5 or 0.5.0.1 while maintaining
backwards compatability for users running 0.5.0.2.
* Update the old speed calculator and associated profile data points to
use a non-tiered moving average of the tunnel test time, avoiding the
freshness issues of the old tiered speed stats.
* Explicitly synchronize all of the methods on the PRNG, rather than just
the feeder methods (sun and kaffe only need the feeder, but it seems ibm
needs all of them synchronized).
* Properly use the tunnel tests as part of the profile stats.
* Don't flood the jobqueue with sequential persist profile tasks, but
instead, inject a brief scheduling delay between them.
* Reduce the TCP connection establishment timeout to 20s (which is still
absurdly excessive)
* Reduced the max resend delay to 30s so we can get some resends in when
dealing with client apps that hang up early (e.g. wget)
* Added more alternative socketManager factories (good call aum!)
2005-03-11 jrandom
* Rather than the fixed resend timeout floor (10s), use 10s+RTT as the
minimum (increased on resends as before, of course).
* Always prod the clock update listeners, even if just to tell them that
the time hasn't changed much.
* Added support for explicit peer selection for individual tunnel pools,
which will be useful in debugging but not recommended for use by normal
end users.
* More aggressively search for the next hop's routerInfo on tunnel join.
* Give messages received via inbound tunnels that are bound to remote
locations sufficient time (taking into account clock skew).
* Give alternate direct send messages sufficient time (10s min, not 5s)
* Always give the end to end data message the explicit timeout (though the
old default was sufficient before)
* No need to give end to end messages an insane expiration (+2m), as we
are already handling skew on the receiving side.
* Don't complain too loudly about expired TunnelCreateMessages (at least,
not until after all those 0.5 and 0.5.0.1 users upgrade ;)
* Properly keep the sendBps stat
* When running the router with router.keepHistory=true, log more data to
messageHistory.txt
* Logging updates
* Minor formatting updates
2005-03-06 jrandom
* Allow the I2PTunnel web interface to select streaming lib options for
individual client tunnels, rather than sharing them across all of them,
as we do with the session options. This way people can (and should) set
the irc proxy to interactive and the eepproxy to bulk.
* Added a startRouter.sh script to new installs which simply calls
"sh i2prouter start". This should make it clear how people should start
I2P.
* Filter HTTP response headers in the eepproxy, forcing Connection: close
so that broken (/malicious) webservers can't allow persistent
connections. All HTTP compliant browsers should now always close the
socket.
* Enabled the GZIPInputStream's cache (they were'nt cached before)
* Make sure our first send is always a SYN (duh)
* Workaround for some buggy compilers
* Loop while starting up the I2PTunnel instances, in case the I2CP
listener isn't up yet (thanks detonate!)
* Implement custom reusable GZIP streams to both reduce memory churn
and prevent the exposure of data in the standard GZIP header (creation
time, OS, etc). This is RFC1952 compliant, and backwards compatible,
though has only been tested within the confines of I2P's compression use
(DataHelper.[de]compress).
* Preemptively support the next protocol version, so that after the 0.5.0.2
release, we'll be able to drop protocol=2 to get rid of 0.5 users.
* Fix one substantial OOM cause (session tag manager was only dropping
tags once the critical limit was met, rather than honoring their
expiration) (duh)
* Lots of small memory fixes
* Double the allowable concurrent outstanding tunnel build tasks (20)
* Really disable the streaming lib packet caching
* Synchronized a message handling point in the SDK (even though its use is
already essentially single threaded, its better to play it safe)
* Don't add new RepublishLeaseSetJobs on failure, just requeue up the
existing one (duh)
* Throttle the number of concurrent pending tunnel builds across all
pools, in addition to simply throttling the number of new requests per
minute for each pool individually. This should avoid the cascading
failure when tunnel builds take too long, as no new builds will be
created until the previous ones are handled.
* Factored out and extended the DataHelper's unit tests for dealing with
long and date formatting.
* Explicitly specify the HTTP auth realm as "i2prouter", though this
alone doesn't address the bug where jetty asks for authentication too
much. (thanks orion!)
* Updated the StreamSinkServer to ignore all read bytes, rather than write
them to the filesystem.
* Don't rerequest leaseSets if there are already pending requests
* Reverted the insufficiently tested caching in the DSA/SHA1 impl, and
temporary disabled the streaming lib packet caching.
* Reduced the resend RTT penalty to 10s
* Further streaming lib caching improvements
* Reduce the minimum RTT (used to calculate retry timeouts), but also
increase the RTT on resends.
* Lower the default message size to 4KB from 16KB to further reduce the
chance of failed fragmentation.
* Extend tunnel rebuild throttling to include fallback rebuilds
* If there are less than 20 routers known, don't drop the last 20 (to help
avoid dropping all peers under catastrophic failures)
* New stats for end to end messages - "client.leaseSetFoundLocally",
"client.leaseSetFoundRemoteTime", and "client.leaseSetFailedRemoteTime"
* Throttle the number of tunnel rebuilds per minute, preventing CPU
overload under catastrophic failures (thanks Tracker and cervantes!)
* Block the router startup process until we've initialized the clock
* Cache temporary memory allocation in the DSA's SHA1 impl, and the packet
data in the streaming lib.
* Fixed a streaming lib bug where the connection initiator would fail the
stream if the ACK to their SYN was lost.
* Reworked the tunnel (re)building process to remove the tokens and
provide cleaner controls on the tunnels built.
* Fixed situations where the timestamper wanted to test more servers than
were provided (thanks Tracker!)
* Get rid of the dead SAM sessions by using the streaming lib's callbacks
(thanks Tracker!)
* Temporary workaround for the I2CP disconnect bug (have the streaminglib
try to automatically reconnect on accept()/connect(..)).
* Loop check for expired lease republishing (just in case)
* Adjusted (and fixed...) the timestamper change detection
* Deal with a rare reordering bug at the beginning of a stream (so we
don't drop it unnecessarily)
* Cleaned up some dropped message handling in the router
* Reduced job queue churn when dealing with a large number of tunnels by
sharing an expiration job
* Keep a separate list of the most recent CRIT messages (shown on the
logs.jsp). This way they don't get buried among any other messages.
* For clarity, display the tunnel variance config as "Randomization" on
the web console.
* If lease republishing fails (boo! hiss!) try it again
* Actually fix the negative jobLag in the right place (this time)
* Allow reseeding when there are less than 10 known peer references
* Lots of logging updates.
* Only build new extra tunnels on failure if we don't have enough
* Fix a fencepost in the tunnel building so that e.g. a variance of
2 means +/- 2, not +/- 1 (thanks dm!)
* Avoid an NPE on client disconnect
* Never select a shitlisted peer to participate in a tunnel
* Have netDb store messages timeout after 10s, not the full 60s (duh)
* Keep session tags around for a little longer, just in case (grr)
* Cleaned up some closing event issues on the streaming lib
* Stop bundling the jetty 5.1.2 and updated wrapper.config in the update
so that 0.4.* users will need to do a clean install, but we don't need
to shove an additional 2MB in each update to those already on 0.5.
* Imported the susimail css (oops, thanks susi!)
* Added some error handling when the number of session tags exceeds the
realistic capacity, dropping a random chunk of received tag sets and
conducting some minor analysis of the remaining ones. This is a part
of a pretty serious error condition, and logs as CRIT (if/when people
see "TOO MANY SESSION TAGS!", please let me know the full log line it
puts in the wrapper.log or /logs.jsp)
* Update the addressbook to only write to the published hosts location
if the addressbook's config contains "should_publish=true" (by default,
it contains "should_publish=false")
* (Merged the 0.5-pre branch back into CVS HEAD)
* Replaced the old tunnel routing crypto with the one specified in
router/doc/tunnel-alt.html, including updates to the web console to view
and tweak it.
* Provide the means for routers to reject tunnel requests with a wider
range of responses:
probabalistic rejection, due to approaching overload
transient rejection, due to temporary overload
bandwidth rejection, due to persistent bandwidth overload
critical rejection, due to general router fault (or imminent shutdown)
The different responses are factored into the profiles accordingly.
* Replaced the old I2CP tunnel related options (tunnels.depthInbound, etc)
with a series of new properties, relevent to the new tunnel routing code:
inbound.nickname (used on the console)
inbound.quantity (# of tunnels to use in any leaseSets)
inbound.backupQuantity (# of tunnels to keep in the ready)
inbound.length (# of remote peers in the tunnel)
inbound.lengthVariance (if > 0, permute the length by adding a random #
up to the variance. if < 0, permute the length
by adding or subtracting a random # up to the
variance)
outbound.* (same as the inbound, except for the, uh, outbound tunnels
in that client's pool)
There are other options, and more will be added later, but the above are
the most relevent ones.
* Replaced Jetty 4.2.21 with Jetty 5.1.2
* Compress all profile data on disk.
* Adjust the reseeding functionality to work even when the JVM's http proxy
is set.
* Enable a poor-man's interactive-flow in the streaming lib by choking the
max window size.
* Reduced the default streaming lib max message size to 16KB (though still
configurable by the user), also doubling the default maximum window
size.
* Replaced the RouterIdentity in a Lease with its SHA256 hash.
* Reduced the overall I2NP message checksum from a full 32 byte SHA256 to
the first byte of the SHA256.
* Added a new "netId" flag to let routers drop references to other routers
who we won't be able to talk to.
* Extended the timestamper to get a second (or third) opinion whenever it
wants to actually adjust the clock offset.
* Replaced that kludge of a timestamp I2NP message with a full blown
DateMessage.
* Substantial memory optimizations within the router and the SDK to reduce
GC churn. Client apps and the streaming libs have not been tuned,
however.
* More bugfixes thank you can shake a stick at.
2005-02-13 jrandom
* Updated jbigi source to handle 64bit CPUs. The bundled jbigi.jar still
only contains 32bit versions, so build your own, placing libjbigi.so in
your install dir if necessary. (thanks mule!)
* Added support for libjbigi-$os-athlon64 to NativeBigInteger and CPUID
(thanks spaetz!)
* Added a couple of scripts, i2ptest.sh and i2pbench.sh, to manage the core
tests and benchmarks.
* Routerconsole now builds under gcj 3.4.3.
* Corrected divide by zero error in TunnelId class under gcj (jrandom++).
* Updated jbigi build scripts for OSX.
2005-01-21 jrandom
* Added support for OSX to the NativeBigInteger code so that it will look
in the classpath for libjbigi-osx-none.jnilib. At the moment, that file
is not bundled with the shipped jbigi.jar yet though.
* Handle unexpected network read errors more carefully (thanks parg!)
* Added more methods to partially compare (DataHelper) and display
arrays (Base64.encode).
* Exposed the AES encryptBlock/decryptBlock on the context.aes()
* Be more generous on the throttle when just starting up the router
* Fix a missing scheduled event in the streaming lib (caused after reset)
* Add a new DisconnectListener on the I2PSocketManager to allow
notification of session destruction.
* Make sure our own router identity is valid, and if it isn't, build a new
one and restart the router. Alternately, you can run the Router with
the single command line argument "rebuild" and it will do the same.
* Cleaned up the resending and choking algorithm in the streaming lib.
* Removed the read timeout override for I2PTunnel's httpclient, allowing
it to use the default for the streaming lib.
* Revised ack triggers in the streaming lib.
* Logging.
* Cleaned up the postinstall/startup scripts a bit more to handle winME,
and added windows info to the headless docs. (thanks ardvark!)
* Fixed a harmless (yet NPE inspiring) race during the final shutdown of
a stream (thanks frosk!)
* Add a pair of new stats for monitoring tunnel participation -
tunnel.participatingBytesProcessed (total # bytes transferred) and
tunnel.participatingBytesProcessedActive (total # bytes transferred for
tunnels whose byte count exceed the 10m average). This should help
further monitor congestion issues.
* Made the NamingService factory property public (thanks susi!)
* Added a new i2ptunnel type: 'httpserver', allowing you to specify what
hostname should be sent to the webserver. By default, new installs will
have an httpserver pointing at their jetty instance with the spoofed
name 'mysite.i2p' (editable on the /i2ptunnel/edit.jsp page).
* Reenable the probabalistic drop on the TCP queues to deal with good old
fashioned bandwidth limiting. However, by default the probability is
rigged to reserve 0% of the queue free - meaning we just aggressively
fail messages in the queue if we're transferring too slowly. That
reservation factor can be increased with 'tcp.queueFreeFactor=0.25'
(or whatever) and the drop code can be disabled with the parameter
'tcp.dropProbabalistically=false'.
* Still penalize a peer on tunnel failure, but don't immediately drop
their capacity to 0.
* More aggressively ACK duplicates
* Randomize the timestamper period
* Display the clock skew on the connection logs when a peer sends it.
* Allow the timestamper to fix skews of up to 10 minutes
* Logging
* Revised the buffering when reading from the SAM client and writing
to the stream. Also added a thread (sigh) so we don't block the
SAM client from giving us more messages for abnormally long periods
of time.
* Display the router version in the logs on startup (oft requested)
* Fix a race during the closing of a messageOutputStream
* Default the I2CP listener to localhost only, unless overridden by
i2cp.tcp.bindAllInterfaces=true (thanks dm!)
* More SAM fixes for things recently broken (whee)
