- Apr 17, 2005
-
-
* Added new user-editable eepproxy error page templates. 2005-04-17 jrandom * Revamp the tunnel building throttles, fixing a situation where the rebuild may not recover, and defaulting it to unthrottled (users with slow CPUs may want to set "router.tunnel.shouldThrottle=true" in their advanced router config) -
-
- Apr 12, 2005
-
-
- Apr 09, 2005
-
-
- Apr 08, 2005
-
-
* Security improvements to TrustedUpdate: signing and verification of the version string along with the data payload for signed update files (consequently the positions of the DSA signature and version string fields have been swapped in the spec for the update file's header); router will no longer perform a trusted update if the signed update's version is lower than or equal to the currently running router's version. * Added two new CLI commands to TrustedUpdate: showversion, verifyupdate. * Extended TrustedUpdate public API for use by third party applications.
-
- Apr 06, 2005
-
-
- Apr 05, 2005
-
-
-
* After a successfull netDb search for a leaseSet, republish it to all of the peers we have tried so far who did not give us the key (up to 10), rather than the old K closest (which may include peers who had given us the key) * Don't wait 5 minutes to publish a leaseSet (duh!), and rather than republish it every 5 minutes, republish it every 3. In addition, always republish as soon as the leaseSet changes (duh^2). * Minor fix for oddball startup race (thanks travis_bickle!) * Minor AES update to allow in-place decryption.
-
- Apr 03, 2005
-
-
- Apr 01, 2005
-
-
- Mar 30, 2005
-
-
2005-03-29 jrandom * Decreased the initial RTT estimate to 10s to allow more retries. * Increased the default netDb store replication factor from 2 to 6 to take into consideration tunnel failures. * Address some statistical anonymity attacks against the netDb that could be mounted by an active internal adversary by only answering lookups for leaseSets we received through an unsolicited store. * Don't throttle lookup responses (we throttle enough elsewhere) * Fix the NewsFetcher so that it doesn't incorrectly resume midway through the file (thanks nickster!) * Updated the I2PTunnel HTML (thanks postman!) * Added support to the I2PTunnel pages for the URL parameter "passphrase", which, if matched against the router.config "i2ptunnel.passphrase" value, skips the nonce check. If the config prop doesn't exist or is blank, no passphrase is accepted. * Implemented HMAC-SHA256. * Enable the tunnel batching with a 500ms delay by default * Dropped compatability with 0.5.0.3 and earlier releases
-
- Mar 26, 2005
-
-
- Mar 25, 2005
-
-
- Mar 24, 2005
-
-
-
-
-
-
* Implemented the news fetch / update policy code, as configurated on /configupdate.jsp. Defaults are to grab the news every 24h (or if it doesn't exist yet, on startup). No action is taken however, though if the news.xml specifies that a new release is available, an option to update will be shown on the router console. * New initialNews.xml delivered with new installs, and moved news.xml out of the i2pwww module and into the i2p module so that we can bundle it within each update.
-
- Mar 23, 2005
-
-
* New /configupdate.jsp page for controlling the update / notification process, as well as various minor related updates. Note that not all options are exposed yet, and the update detection code isn't in place in this commit - it currently says there is always an update available. * New EepGet component for reliable downloading, with a CLI exposed in java -cp lib/i2p.jar net.i2p.util.EepGet url * Added a default signing key to the TrustedUpdate component to be used for verifying updates. This signing key can be authenticated via gpg --verify i2p/core/java/src/net/i2p/crypto/TrustedUpdate.java * New public domain SHA1 implementation for the DSA code so that we can handle signing streams of arbitrary size without excess memory usage (thanks P.Verdy!) * Added some helpers to the TrustedUpdate to work off streams and to offer a minimal CLI: TrustedUpdate keygen pubKeyFile privKeyFile TrustedUpdate sign origFile signedFile privKeyFile TrustedUpdate verify signedFile
-
- Mar 22, 2005
-
-
* Fixed the tunnel fragmentation handler to deal with multiple fragments in a single message properly (rather than release the buffer into the cache after processing the first one) (duh!) * Added the batching preprocessor which will bundle together multiple small messages inside a single tunnel message by delaying their delivery up to .5s, or whenever the pending data will fill a full message, whichever comes first. This is disabled at the moment, since without the above bugfix widely deployed, lots and lots of messages would fail. * Within each tunnel pool, stick with a randomly selected peer for up to .5s before randomizing and selecting again, instead of randomizing the pool each time a tunnel is needed.
-
- Mar 18, 2005
-
-
2005-03-18 jrandom * Minor tweak to the timestamper to help reduce small skews * Adjust the stats published to include only the relevent ones * Only show the currently used speed calculation on the profile page * Allow the full max # resends to be sent, rather than piggybacking the RESET packet along side the final resend (duh) * Add irc.postman.i2p to the default list of IRC servers for new installs * Drop support for routers running 0.5 or 0.5.0.1 while maintaining backwards compatability for users running 0.5.0.2. -
-
- Mar 17, 2005
-
-
* Update the old speed calculator and associated profile data points to use a non-tiered moving average of the tunnel test time, avoiding the freshness issues of the old tiered speed stats. * Explicitly synchronize all of the methods on the PRNG, rather than just the feeder methods (sun and kaffe only need the feeder, but it seems ibm needs all of them synchronized). * Properly use the tunnel tests as part of the profile stats. * Don't flood the jobqueue with sequential persist profile tasks, but instead, inject a brief scheduling delay between them. * Reduce the TCP connection establishment timeout to 20s (which is still absurdly excessive) * Reduced the max resend delay to 30s so we can get some resends in when dealing with client apps that hang up early (e.g. wget) * Added more alternative socketManager factories (good call aum!) -
* Adjust the old speed calculator to include end to end RTT data in its estimates, and use that as the primary speed calculator again. * Use the mean of the high capacity speeds to determine the fast threshold, rather than the median. Perhaps we should use the mean of all active non-failing peers? * Updated the profile page to sort by tier, then alphabetically. * Added some alternative socketManager factories (good call aum!)
-
- Mar 15, 2005
-
-
* New strict speed calculator that goes off the actual number of messages verifiably sent through the peer by way of tunnels. Initially, this only contains the successful message count on inbound tunnels, but may be augmented later to include verified outbound messages, peers queried in the netDb, etc. The speed calculation decays quickly, but should give a better differential than the previous stat (both values are shown on the /profiles.jsp page)
-
- Mar 11, 2005
-
-
2005-03-11 jrandom * Rather than the fixed resend timeout floor (10s), use 10s+RTT as the minimum (increased on resends as before, of course). * Always prod the clock update listeners, even if just to tell them that the time hasn't changed much. * Added support for explicit peer selection for individual tunnel pools, which will be useful in debugging but not recommended for use by normal end users. * More aggressively search for the next hop's routerInfo on tunnel join. * Give messages received via inbound tunnels that are bound to remote locations sufficient time (taking into account clock skew). * Give alternate direct send messages sufficient time (10s min, not 5s) * Always give the end to end data message the explicit timeout (though the old default was sufficient before) * No need to give end to end messages an insane expiration (+2m), as we are already handling skew on the receiving side. * Don't complain too loudly about expired TunnelCreateMessages (at least, not until after all those 0.5 and 0.5.0.1 users upgrade ;) * Properly keep the sendBps stat * When running the router with router.keepHistory=true, log more data to messageHistory.txt * Logging updates * Minor formatting updates
-
- Mar 08, 2005
-
-
- Mar 07, 2005
-
-
-
2005-03-06 jrandom * Allow the I2PTunnel web interface to select streaming lib options for individual client tunnels, rather than sharing them across all of them, as we do with the session options. This way people can (and should) set the irc proxy to interactive and the eepproxy to bulk. * Added a startRouter.sh script to new installs which simply calls "sh i2prouter start". This should make it clear how people should start I2P.
-
- Mar 05, 2005
-
-
* Filter HTTP response headers in the eepproxy, forcing Connection: close so that broken (/malicious) webservers can't allow persistent connections. All HTTP compliant browsers should now always close the socket. * Enabled the GZIPInputStream's cache (they were'nt cached before) * Make sure our first send is always a SYN (duh) * Workaround for some buggy compilers
-
- Mar 04, 2005
-
-
* Loop while starting up the I2PTunnel instances, in case the I2CP listener isn't up yet (thanks detonate!) * Implement custom reusable GZIP streams to both reduce memory churn and prevent the exposure of data in the standard GZIP header (creation time, OS, etc). This is RFC1952 compliant, and backwards compatible, though has only been tested within the confines of I2P's compression use (DataHelper.[de]compress). * Preemptively support the next protocol version, so that after the 0.5.0.2 release, we'll be able to drop protocol=2 to get rid of 0.5 users.
-
- Mar 03, 2005
-
-
- Mar 01, 2005
-
-
* Really disable the streaming lib packet caching * Synchronized a message handling point in the SDK (even though its use is already essentially single threaded, its better to play it safe) * Don't add new RepublishLeaseSetJobs on failure, just requeue up the existing one (duh) * Throttle the number of concurrent pending tunnel builds across all pools, in addition to simply throttling the number of new requests per minute for each pool individually. This should avoid the cascading failure when tunnel builds take too long, as no new builds will be created until the previous ones are handled. * Factored out and extended the DataHelper's unit tests for dealing with long and date formatting. * Explicitly specify the HTTP auth realm as "i2prouter", though this alone doesn't address the bug where jetty asks for authentication too much. (thanks orion!) * Updated the StreamSinkServer to ignore all read bytes, rather than write them to the filesystem.
-
- Feb 27, 2005
-
-
- Feb 26, 2005
-
-
* Further streaming lib caching improvements * Reduce the minimum RTT (used to calculate retry timeouts), but also increase the RTT on resends. * Lower the default message size to 4KB from 16KB to further reduce the chance of failed fragmentation. * Extend tunnel rebuild throttling to include fallback rebuilds * If there are less than 20 routers known, don't drop the last 20 (to help avoid dropping all peers under catastrophic failures) * New stats for end to end messages - "client.leaseSetFoundLocally", "client.leaseSetFoundRemoteTime", and "client.leaseSetFailedRemoteTime"
-
- Feb 24, 2005
-
-
- Feb 23, 2005
-
-
