- May 01, 2005
-
-
- Apr 26, 2005
-
-
- Apr 12, 2005
-
-
- Apr 08, 2005
-
-
* Security improvements to TrustedUpdate: signing and verification of the version string along with the data payload for signed update files (consequently the positions of the DSA signature and version string fields have been swapped in the spec for the update file's header); router will no longer perform a trusted update if the signed update's version is lower than or equal to the currently running router's version. * Added two new CLI commands to TrustedUpdate: showversion, verifyupdate. * Extended TrustedUpdate public API for use by third party applications.
-
- Apr 05, 2005
-
-
* After a successfull netDb search for a leaseSet, republish it to all of the peers we have tried so far who did not give us the key (up to 10), rather than the old K closest (which may include peers who had given us the key) * Don't wait 5 minutes to publish a leaseSet (duh!), and rather than republish it every 5 minutes, republish it every 3. In addition, always republish as soon as the leaseSet changes (duh^2). * Minor fix for oddball startup race (thanks travis_bickle!) * Minor AES update to allow in-place decryption.
-
- Apr 01, 2005
-
-
- Mar 30, 2005
-
-
2005-03-29 jrandom * Decreased the initial RTT estimate to 10s to allow more retries. * Increased the default netDb store replication factor from 2 to 6 to take into consideration tunnel failures. * Address some statistical anonymity attacks against the netDb that could be mounted by an active internal adversary by only answering lookups for leaseSets we received through an unsolicited store. * Don't throttle lookup responses (we throttle enough elsewhere) * Fix the NewsFetcher so that it doesn't incorrectly resume midway through the file (thanks nickster!) * Updated the I2PTunnel HTML (thanks postman!) * Added support to the I2PTunnel pages for the URL parameter "passphrase", which, if matched against the router.config "i2ptunnel.passphrase" value, skips the nonce check. If the config prop doesn't exist or is blank, no passphrase is accepted. * Implemented HMAC-SHA256. * Enable the tunnel batching with a 500ms delay by default * Dropped compatability with 0.5.0.3 and earlier releases
-
- Mar 24, 2005
-
-
-
-
* Implemented the news fetch / update policy code, as configurated on /configupdate.jsp. Defaults are to grab the news every 24h (or if it doesn't exist yet, on startup). No action is taken however, though if the news.xml specifies that a new release is available, an option to update will be shown on the router console. * New initialNews.xml delivered with new installs, and moved news.xml out of the i2pwww module and into the i2p module so that we can bundle it within each update.
-
- Mar 23, 2005
-
-
* New /configupdate.jsp page for controlling the update / notification process, as well as various minor related updates. Note that not all options are exposed yet, and the update detection code isn't in place in this commit - it currently says there is always an update available. * New EepGet component for reliable downloading, with a CLI exposed in java -cp lib/i2p.jar net.i2p.util.EepGet url * Added a default signing key to the TrustedUpdate component to be used for verifying updates. This signing key can be authenticated via gpg --verify i2p/core/java/src/net/i2p/crypto/TrustedUpdate.java * New public domain SHA1 implementation for the DSA code so that we can handle signing streams of arbitrary size without excess memory usage (thanks P.Verdy!) * Added some helpers to the TrustedUpdate to work off streams and to offer a minimal CLI: TrustedUpdate keygen pubKeyFile privKeyFile TrustedUpdate sign origFile signedFile privKeyFile TrustedUpdate verify signedFile
-
- Mar 17, 2005
-
-
* Adjust the old speed calculator to include end to end RTT data in its estimates, and use that as the primary speed calculator again. * Use the mean of the high capacity speeds to determine the fast threshold, rather than the median. Perhaps we should use the mean of all active non-failing peers? * Updated the profile page to sort by tier, then alphabetically. * Added some alternative socketManager factories (good call aum!)
-
- Mar 01, 2005
-
-
-
* Really disable the streaming lib packet caching * Synchronized a message handling point in the SDK (even though its use is already essentially single threaded, its better to play it safe) * Don't add new RepublishLeaseSetJobs on failure, just requeue up the existing one (duh) * Throttle the number of concurrent pending tunnel builds across all pools, in addition to simply throttling the number of new requests per minute for each pool individually. This should avoid the cascading failure when tunnel builds take too long, as no new builds will be created until the previous ones are handled. * Factored out and extended the DataHelper's unit tests for dealing with long and date formatting. * Explicitly specify the HTTP auth realm as "i2prouter", though this alone doesn't address the bug where jetty asks for authentication too much. (thanks orion!) * Updated the StreamSinkServer to ignore all read bytes, rather than write them to the filesystem.
-
- Feb 22, 2005
-
-
* Adjusted (and fixed...) the timestamper change detection * Deal with a rare reordering bug at the beginning of a stream (so we don't drop it unnecessarily) * Cleaned up some dropped message handling in the router * Reduced job queue churn when dealing with a large number of tunnels by sharing an expiration job * Keep a separate list of the most recent CRIT messages (shown on the logs.jsp). This way they don't get buried among any other messages. * For clarity, display the tunnel variance config as "Randomization" on the web console. * If lease republishing fails (boo! hiss!) try it again * Actually fix the negative jobLag in the right place (this time) * Allow reseeding when there are less than 10 known peer references * Lots of logging updates.
-
- Feb 21, 2005
-
-
* Allow the streaming lib resend frequency to drop down to 20s as the minimum, so that up to 2 retries can get sent on an http request. * Add further limits to failsafe tunnels. * Keep exploratory and client tunnel testing and building stats separate. * Only use the 60s period for throttling tunnel requests due to transient network overload. * Rebuild tunnels earlier (1-3m before expiration, by default) * Cache the next hop's routerInfo for participating tunnels so that the tunnel participation doesn't depend on the netDb. * Fixed a long standing bug in the streaming lib where we wouldn't always unchoke messages when the window size grows. * Make sure the window size never reaches 0 (duh)
-
- Feb 18, 2005
-
-
- Feb 16, 2005
-
-
-
* (Merged the 0.5-pre branch back into CVS HEAD) * Replaced the old tunnel routing crypto with the one specified in router/doc/tunnel-alt.html, including updates to the web console to view and tweak it. * Provide the means for routers to reject tunnel requests with a wider range of responses: probabalistic rejection, due to approaching overload transient rejection, due to temporary overload bandwidth rejection, due to persistent bandwidth overload critical rejection, due to general router fault (or imminent shutdown) The different responses are factored into the profiles accordingly. * Replaced the old I2CP tunnel related options (tunnels.depthInbound, etc) with a series of new properties, relevent to the new tunnel routing code: inbound.nickname (used on the console) inbound.quantity (# of tunnels to use in any leaseSets) inbound.backupQuantity (# of tunnels to keep in the ready) inbound.length (# of remote peers in the tunnel) inbound.lengthVariance (if > 0, permute the length by adding a random # up to the variance. if < 0, permute the length by adding or subtracting a random # up to the variance) outbound.* (same as the inbound, except for the, uh, outbound tunnels in that client's pool) There are other options, and more will be added later, but the above are the most relevent ones. * Replaced Jetty 4.2.21 with Jetty 5.1.2 * Compress all profile data on disk. * Adjust the reseeding functionality to work even when the JVM's http proxy is set. * Enable a poor-man's interactive-flow in the streaming lib by choking the max window size. * Reduced the default streaming lib max message size to 16KB (though still configurable by the user), also doubling the default maximum window size. * Replaced the RouterIdentity in a Lease with its SHA256 hash. * Reduced the overall I2NP message checksum from a full 32 byte SHA256 to the first byte of the SHA256. * Added a new "netId" flag to let routers drop references to other routers who we won't be able to talk to. * Extended the timestamper to get a second (or third) opinion whenever it wants to actually adjust the clock offset. * Replaced that kludge of a timestamp I2NP message with a full blown DateMessage. * Substantial memory optimizations within the router and the SDK to reduce GC churn. Client apps and the streaming libs have not been tuned, however. * More bugfixes thank you can shake a stick at. 2005-02-13 jrandom * Updated jbigi source to handle 64bit CPUs. The bundled jbigi.jar still only contains 32bit versions, so build your own, placing libjbigi.so in your install dir if necessary. (thanks mule!) * Added support for libjbigi-$os-athlon64 to NativeBigInteger and CPUID (thanks spaetz!)
-
- Dec 16, 2004
-
-
* Catch another oddball case for a reset connection in the streaming lib. * Add a dumpprofile.jsp page, called with ?peer=base64OfPeerHash, which dumps the current state of that peer's profile. Instead of the full base64, you can pass in however many characters you have and it will return the first match found. -
-
- Nov 30, 2004
-
-
* Render the burst rate fields on /config.jsp properly (thanks ugha!) * Build in a simple timeout to flush data queued into the I2PSocket but not yet flushed. * Don't explicitly flush after each SAM stream write, but leave it up to the [nonblocking] passive flush. * Don't whine about 10-99 connection events occurring in a second * Don't wait for completion of packets that will not be ACKed (duh) * Adjust the congestion window, even if the packet was resent (duh) * Make sure to wake up any blocking read()'s when the MessageInputStream is close()ed (duh) * Never wait more than the disconnect timeout for a write to complete
-
- Nov 25, 2004
-
-
* Revised the installer to include start menu and desktop shortcuts for windows platforms, including pretty icons (thanks DrWoo!) * Allow clients specified in clients.config to have an explicit startup delay. * Update the default install to launch a browser pointing at the console whenever I2P starts up, rather than only the first time it starts up (configurable on /configservice.jsp, or in clients.config) * Bugfix to the clock skew checking code to monitor the delta between offsets, not the offset itself (duh) * Router console html update * New (and uuuuugly) code to verify that the wrapper.config contains the necessary classpath entries on update. If it has to update the wrapper.config, it will stop the JVM and service completely, since the java service wrapper doesn't reread the wrapper.config on JVM restart - requiring the user to manually restart the service after an update. * Increase the TCP connection timeout to 30s (which is obscenely long) ------------------------------------------------
-
- Nov 21, 2004
-
-
* Only allow small clock skews after the first 10 minutes of operation (to prevent later network lag bouncing us way off course - yes, we really need an NTP impl to balance out the network burps...) * Revamp the I2PTunnel web interface startup process so that everything is shown immediately, so that different pieces hanging don't hang the rest, and other minor bugfixes. * Take note of SAM startup error (in case you're already running a SAM bridge...) * Increase the bandwidth limiter burst values available to 10-60s (or whatever is placed in /configadvanced.jsp, of course) -
* Allow end of line comments in the hosts.txt and other config files, using '#' to begin the comments (thanks susi!) * Add support to I2PTunnel's 'client' feature for picking between multiple target destinations (e.g. 'client 6668 irc.duck.i2p,irc.baffled.i2p') * Add a quick link on the left hand nav to reseed if there aren't enough known peers, as well as link to the config page if there are no active peers. Revised config page accordingly.
-
- Nov 07, 2004
-
-
* Expose a drop down on the /configclients.jsp to enter the outbound tunnel depth. * Improved *hosts.txt loading * Explicitly override the JVM's timezone settings to use GMT so that any client applications which use timezones won't leak sensitive data (thanks gott!) * Bundle sam.jar in the update (thanks duck!)
-
- Oct 05, 2004
-
-
- Oct 01, 2004
-
-
- Sep 30, 2004
-
-
- Sep 29, 2004
-
-
- sendsPerFailure: how many partial sends we make when they all fail - timeoutCongestionInbound: describes how much faster than our average speed we were receiving data when each partial send timed out (in Bps) - timeoutCongestionMessage: our send processing time when each partial send timed out (in ms) - timeoutCongestionTunnel: our tunnel test time when each partial send timed out (in ms) - participatingMessagesProcessedActive: # of messages more than the (most recent) average that a tunnel we were participating in transmitted (for tunnels with more than the average) * updated to use Writer for rendering the console, so we can do partial writes (and hopefully help debug some kooky threading bugs on kaffe)
-
-
- Sep 27, 2004
-
-
- Sep 13, 2004
-
-
- Sep 09, 2004
-
-
2004-09-08 jrandom * Updated the "Active:" peer count to display the # of connections as well as the number of recently active router identities. * Implement some basic updating code - on startup, if there is a file named "i2pupdate.zip" in the I2P installation directory, extract it, delete it, then restart. * Added an ugly little script to allow launching the router on win9x machines without a dos box (using javaw to run a .bat file). * Logging updates. * Updated VERSION constants to 0.4.0.1
-
- Sep 07, 2004
-
-
* Write the native libraries to the current directory when they are loaded from a resource, and load them from that file on subsequent runs (in turn, we no longer *cough* delete the running libraries...) * Added support for a graceful restart. * Added new pseudo-shutdown hook specific to the router, allowing applications to request tasks to be run when the router shuts down. We use this for integration with the service manager, since otherwise a graceful shutdown would cause a timeout, followed by a forced hard shutdown. * Handle a bug in the SimpleTimer with requeued tasks. * Made the capacity calculator a bit more dynamic by not outright ignoring the otherwise valid capacity data for a period with a single rejected tunnel (except for the 10 minute period). In addition, peers with an equal capacity are ordered by speed rather than by their hashes. * Cleaned up the SimpleTimer, addressing some threading and synchronization issues. * When an I2PTunnel client or httpclient is explicitly closed, destroy the associated session (unless there are other clients using it), and deal with a closed session when starting a new I2PTunnel instance. * Refactoring and logging.
-
- Sep 06, 2004
-
-
* Address a race condition in the key management code that would manifest itself as a corrupt router identity. * Properly clear old transport addresses from being displayed on the old console after soft restarts. * Properly refuse to load the client applications more than once in the same JVM. * Added support for a graceful restart (a graceful shutdown followed by a full JVM restart - useful for restarting client apps). * More defensive programming, HTML cleanup, logging * wrapper.config cleanup of duplicate lines
-
- Sep 03, 2004
-
-
- Sep 02, 2004
-
-
