- Jan 26, 2006
-
-
* Run the peer profile coalescing/reorganization outside the job queue (on one of the timers), to cut down on some job queue congestion. Also, trim old profiles while running, not just when starting up. * Slightly more sane intra-floodfill-node netDb activity (only flood new entries) * Workaround in the I2PTunnelHTTPServer for some bad requests (though the source of the bug is not yet addressed) * Better I2PSnark reconnection handling * Further cleanup in the new tunnel build process * Make sure we expire old participants properly * Remove much of the transient overload throttling (it wasn't using a good metric)
-
- Dec 27, 2005
-
-
* Add a new Status: line on the router console - "ERR-ClockSkew", in case the clock is too skewed to do anything useful (check the year and month, not just the hour and minute). * Fixed the read/write timeouts in the streaming lib (so that it actually honors them now) * Minor I2PSnark cleanups (no read timeout, more careful shutdown and torrent closing) * Handle an oddball tunnel creation failure (thanks Xunk)
-
- Dec 23, 2005
-
-
- Dec 09, 2005
-
-
* Create different strategies for exploratory tunnels (which are difficult to create) and client tunnels (which are much easier) * Gradually increase number of parallel build attempts as tunnel expiry nears. * Temporarily shorten attempted build tunnel length if builds using configured tunnel length are unsuccessful * React more aggressively to tunnel failure than routine tunnel replacement * Make tunnel creation times randomized - there is existing code to randomize the tunnels but it isn't effective due to the tunnel creation strategy. Currently, most tunnels get built all at once, at about 2 1/2 to 3 minutes before expiration. The patch fixes this by fixing the randomization, and by changing the overlap time (with old tunnels) to a range of 2 to 4 minutes. * Reduce number of excess tunnels. Lots of excess tunnels get created due to overlapping calls. Just about anything generated a call which could build many tunnels all at once, even if tunnel building was already in process. * Miscellaneous router console enhancements
-
- Nov 28, 2005
-
-
* Inlined the Syndie CSS to reduce the number of HTTP requests (and because firefox [and others?] delay rendering until they fetch the css). * Make sure we fire the shutdown tasks when regenerating a new identity (thanks picsou!) * Cleaned up some of the things I b0rked in the 'dynamic keys' mode * Don't drop SSU sessions if they're still transmitting data successfully, even if there are transmission failures * Adjusted the time summarization to display hours after 119m, not 90m * Further EepGet cleanup (grr)
-
- Nov 26, 2005
-
-
* Added support for 'dynamic keys' mode, where the router creates a new router identity whenever it detects a substantial change in its public address (read: SSU IP or port). This only offers minimal additional protection against trivial attackers, but should provide functional improvement for people who have periodic IP changes, since their new router address would not be shitlisted while their old one would be. * Added further infrastructure for restricted route operation, but its use is not recommended.
-
- Oct 30, 2005
-
-
- Oct 29, 2005
-
-
* Improved the bandwidth throtting on tunnel participation, especially for low bandwidth peers. * Improved failure handling in SSU with proactive reestablishment of failing idle peers, and rather than shitlisting a peer who failed too much, drop the SSU session and allow a new attempt (which, if it fails, will cause a shitlisting) * Clarify the cause of the shitlist on the profiles page, and include bandwidth limiter info at the bottom of the peers page.
-
- Oct 19, 2005
-
-
* Bugfix for the auto-update code to handle different usage patterns * Decreased the addressbook recheck frequency to once every 12 hours instead of hourly. * Handle dynamically changing the HMAC size (again, unless your nym is toad or jrandom, ignore this ;) * Cleaned up some synchronization/locking code
-
- Oct 07, 2005
-
-
- Oct 01, 2005
-
-
- Sep 30, 2005
-
-
* Support noreseed.i2p in addition to .i2pnoreseed for disabling automatic reseeding - useful on OSes that make it hard to create dot files. Thanks Complication (and anon)! * Fixed the installer version string (thanks Frontier!) * Added cleaner rejection of invalid IP addresses, shitlist those who send us invalid IP addresses, verify again that we are not sending invalid IP addresses, and log an error if it happens. (Thanks Complication, ptm, and adab!)
-
- Sep 29, 2005
-
-
2005-09-29 jrandom * Let syndie users modify their metadata. * Reseed the router on startup if there aren't enough peer references known locally. This can be disabled by creating the file .i2pnoreseed in your home directory, and the existing detection and reseed handling on the web interface is unchanged.
-
- Sep 25, 2005
-
-
* Allow reseeding on the console if the netDb knows less than 30 peers, rather than less than 10 (without internet connectivity, we keep the last 15 router references) * Reenable the x-i2p-gzip HTTP processing by default, flushing the stream more aggressively. * Show the status that used to be called "ERR-Reject" as "OK (NAT)" * Reduced the default maximum number of streaming lib resends of a packet (10 retransmits is a bit much with a reasonable RTO)
-
- Sep 17, 2005
-
-
* Updated the bandwidth limiter to use two tiers of bandwidth - our normal steady state rate, plus a new limit on how fast we transfer when bursting. This is different from the old "burst as fast as possible until we're out of tokens" policy, and should help those with congested networks. See /config.jsp to manage this rate. * Bugfixes in Syndie to handle missing cache files (no data was lost, the old posts just didn't show up). * Log properly in EepPost
-
- Sep 13, 2005
-
-
-
* More aggressively publish updated routerInfo. * Expose the flag to force SSU introductions on the router console * Don't give people the option to disable SNTP time sync, at least not through the router console, because there is no reason to disable it. No, not even if your OS is "ntp synced", because chances are, its not.
-
- Sep 12, 2005
-
-
- Sep 11, 2005
-
-
* Test the router's reachability earlier and more aggressively * Use the low level bandwidth limiter's rates for the router console, and if the router has net.i2p.router.transport.FIFOBandwidthLimiter=INFO in the logger config, keep track of the 1 second transfer rates as the stat 'bw.sendBps1s' and 'bw.recvBps1s', allowing closer monitoring of burst behavior.
-
- Sep 05, 2005
-
-
* Expose the HTTP headers to EepGet status listeners * Handle DSA key failures properly (if the signature is not invertable, it is obviously invalid) also, syndie now properly detects whether the remote archive can send a filtered export.zip by examining the HTTP headers for X-Syndie-Export-Capable: true. If the remote archive does not set that header (and neither freesites, nor apache or anything other than the ArchiveServlet will), it uses individual HTTP requests for individual blog posts and metadata fetches.
-
- Aug 27, 2005
-
-
- Aug 10, 2005
-
-
* Deployed the peer testing implementation to be run every few minutes on each router, as well as any time the user requests a test manually. The tests do not reconfigure the ports at the moment, merely determine under what conditions the local router is reachable. The status shown in the top left will be "ERR-SymmetricNAT" if the user's IP and port show up differently for different peers, "ERR-Reject" if the router cannot receive unsolicited packets or the peer helping test could not find a collaborator, "Unknown" if the test has not been run or the test participants were unreachable, or "OK" if the router can receive unsolicited connections and those connections use the same IP and port.
-
- Aug 07, 2005
-
-
* Display the average clock skew for both SSU and TCP connections 2005-08-07 jrandom * Fixed the long standing streaming lib bug where we could lose the first packet on retransmission. * Avoid an NPE when a message expires on the SSU queue. * Adjust the streaming lib's window growth factor with an additional Vegas-esque congestion detection algorithm. * Removed an unnecessary SSU session drop * Reduced the MTU (until we get a working PMTU lib) * Deferr tunnel acceptance until we know how to reach the next hop, rejecting it if we can't find them in time. * If our netDb store of our leaseSet fails, give it a few seconds before republishing.
-
- Jul 27, 2005
-
-
2005-07-27 jrandom * Enabled SSU as the default top priority transport, adjusting the config.jsp page accordingly. * Add verification fields to the SSU and TCP connection negotiation (not compatible with previous builds) * Enable the backwards incompatible tunnel crypto change as documented in tunnel-alt.html (have each hop encrypt the received IV before using it, then encrypt it again before sending it on) * Disable the I2CP encryption, leaving in place the end to end garlic encryption (another backwards incompatible change) * Adjust the protocol versions on the TCP and SSU transports so that they won't talk to older routers. * Fix up the config stats handling again * Fix a rare off-by-one in the SSU fragmentation * Reduce some unnecessary netDb resending by inluding the peers queried successfully in the store redundancy count.
-
- Jul 21, 2005
-
-
- Jul 16, 2005
-
-
- Jul 04, 2005
-
-
* Within the tunnel, use xor(IV, msg[0:16]) as the flag to detect dups, rather than the IV by itself, preventing an attack that would let colluding internal adversaries tag a message to determine that they are in the same tunnel. Thanks dvorak for the catch! * Drop long inactive profiles on startup and shutdown * /configstats.jsp: web interface to pick what stats to log * Deliver more session tags to account for wider window sizes * Cache some intermediate values in our HMACSHA256 and BC's HMAC * Track the client send rate (stream.sendBps and client.sendBpsRaw) * UrlLauncher: adjust the browser selection order * I2PAppContext: hooks for dummy HMACSHA256 and a weak PRNG * StreamSinkClient: add support for sending an unlimited amount of data * Migrate the tests out of the default build jars 2005-06-22 Comwiz * Migrate the core tests to junit
-
- May 01, 2005
-
-
- Apr 26, 2005
-
-
- Apr 12, 2005
-
-
- Apr 08, 2005
-
-
* Security improvements to TrustedUpdate: signing and verification of the version string along with the data payload for signed update files (consequently the positions of the DSA signature and version string fields have been swapped in the spec for the update file's header); router will no longer perform a trusted update if the signed update's version is lower than or equal to the currently running router's version. * Added two new CLI commands to TrustedUpdate: showversion, verifyupdate. * Extended TrustedUpdate public API for use by third party applications.
-
- Apr 05, 2005
-
-
* After a successfull netDb search for a leaseSet, republish it to all of the peers we have tried so far who did not give us the key (up to 10), rather than the old K closest (which may include peers who had given us the key) * Don't wait 5 minutes to publish a leaseSet (duh!), and rather than republish it every 5 minutes, republish it every 3. In addition, always republish as soon as the leaseSet changes (duh^2). * Minor fix for oddball startup race (thanks travis_bickle!) * Minor AES update to allow in-place decryption.
-
- Apr 01, 2005
-
-
- Mar 30, 2005
-
-
2005-03-29 jrandom * Decreased the initial RTT estimate to 10s to allow more retries. * Increased the default netDb store replication factor from 2 to 6 to take into consideration tunnel failures. * Address some statistical anonymity attacks against the netDb that could be mounted by an active internal adversary by only answering lookups for leaseSets we received through an unsolicited store. * Don't throttle lookup responses (we throttle enough elsewhere) * Fix the NewsFetcher so that it doesn't incorrectly resume midway through the file (thanks nickster!) * Updated the I2PTunnel HTML (thanks postman!) * Added support to the I2PTunnel pages for the URL parameter "passphrase", which, if matched against the router.config "i2ptunnel.passphrase" value, skips the nonce check. If the config prop doesn't exist or is blank, no passphrase is accepted. * Implemented HMAC-SHA256. * Enable the tunnel batching with a 500ms delay by default * Dropped compatability with 0.5.0.3 and earlier releases
-
- Mar 25, 2005
-
-
- Mar 24, 2005
-
-
-
-
* Implemented the news fetch / update policy code, as configurated on /configupdate.jsp. Defaults are to grab the news every 24h (or if it doesn't exist yet, on startup). No action is taken however, though if the news.xml specifies that a new release is available, an option to update will be shown on the router console. * New initialNews.xml delivered with new installs, and moved news.xml out of the i2pwww module and into the i2p module so that we can bundle it within each update.
-
- Mar 23, 2005
-
-
* New /configupdate.jsp page for controlling the update / notification process, as well as various minor related updates. Note that not all options are exposed yet, and the update detection code isn't in place in this commit - it currently says there is always an update available. * New EepGet component for reliable downloading, with a CLI exposed in java -cp lib/i2p.jar net.i2p.util.EepGet url * Added a default signing key to the TrustedUpdate component to be used for verifying updates. This signing key can be authenticated via gpg --verify i2p/core/java/src/net/i2p/crypto/TrustedUpdate.java * New public domain SHA1 implementation for the DSA code so that we can handle signing streams of arbitrary size without excess memory usage (thanks P.Verdy!) * Added some helpers to the TrustedUpdate to work off streams and to offer a minimal CLI: TrustedUpdate keygen pubKeyFile privKeyFile TrustedUpdate sign origFile signedFile privKeyFile TrustedUpdate verify signedFile
-
