revising TODO structure

author: Christian Grothoff <christian@grothoff.org> 2009-07-26 22:13:01 +0000
committer: Christian Grothoff <christian@grothoff.org> 2009-07-26 22:13:01 +0000
commit: 25ef9ccbc3f4c582a2ed8cf1af3b6d6677e58148 (patch)
tree: c9c71c2fc931a0e1bb642f75108c7414ad707505 /BUGS
parent: 138b0402c39ff1c8e725bc1fe3f96e0d7e82dd70 (diff)
download: gnunet-25ef9ccbc3f4c582a2ed8cf1af3b6d6677e58148.tar.gz
gnunet-25ef9ccbc3f4c582a2ed8cf1af3b6d6677e58148.zip
1 files changed, 119 insertions, 0 deletions
diff --git a/BUGS b/BUGS
new file mode 100644
index 000000000..d3790ac2e
--- /dev/null
+++ b/BUGS
@@ -0,0 +1,119 @@
+This file lists minor work items (also possibly called "known bugs").
+We are not tracking them in Mantis yet since there are too many and no
+sane end-user should care about this codebase yet anyway.
+* UTIL:
+  - crypto_hash: use libgcrypt (supports SHA-512 since 2003)
+  - container_bloomfilter: improve efficiency (see FIXME)
+  - Windows: use events instead of pipes to signal select()s [Nils]
+  - only connect() sockets that are ready (select()) [Nils]
+    [On W32, we need to select after calling socket before
+     doing connect etc.]
+  - Add "DISK" API for creating of temporary files
+    (as used in datacache/ module) [Nils?]
+* SERVER:
+  - inefficient memmove
+* TRANSPORT:
+  - transport_api: support forcing disconnects through low quotas!
+    (required for working F2F support!)
+  - API: consider having core provide deadline information for each message
+    (likely important for DV plugin which wants to loop back!)
+  - implement transport API to pretty-print transport address 
+    + transport_api extension (API extension!)
+    + service-transport extension (protocol extension)
+  - add calls to statistics in various places
+  - implement gnunet-transport (transport configurator / tester)
+  - UPnP-based IP detection
+    (Note: build library always, build service when libxml2/etc. are available)
+  - instantly filter addresses from *other* peers that 
+    are *equal* to our own address + port (i.e., localhost:2086).  We 
+    no longer filter those for outgoing (helps with loopback testing
+    and keeps the code clean), but we should filter strictly *impossible*
+    incoming addresses!  This is for efficiency, not correctness.
+  - We currently are happy to take any address told to us in a WELCOME
+    to our set of addresses; we should have some minimal threshold-based
+    scheme, limiting both the total number of addresses that we accept 
+    this way as well as requiring multiple confirmations; also, we
+    should possibly try to confirm that the given address works for
+    us ourselves (loopback-style) before adding it to the list
+    [SECURITY issue]
+    + we may be able to simplify WELCOME messages (no need to add 
+      addresses there anymore, but may help to learn them there anyway...).
+    + we probably want some kind of voting/counting for learning IP addresses
+      (maybe including IP addresses in ads proportional to how often others
+       report them? we at least need some protection against >64k HELLOs!),
+    + provide a way to give the user a list of "learned" IP addresses and
+      a way to easily "veto" addresses off the list!
+      => If MiM attacker uses vetoed address, blacklist the specific IP for
+         the presumed neighbour!
+  - not sure current way of doing ACKs works well-enough 
+    with unreliable transports where the ACK maybe lost;
+    the "is_new" check would then possibly prevent future
+    ACKs to be delivered, all while we're happily 
+    receiving messages from that peer!  Worse, the other
+    peer won't generate another ACK since it thinks we're
+    connected just fine...
+    Key questions:
+    + How necessary is ACKing in the first place? (alternatives?)
+    + Should we transmit ACKs in response to every HELLO? (would that 
+      fully address the problem?)
+  - latency measurements implemented in the transport
+    plugins makes it only work for bi-di transports
+    and results in code replication
+  - should latency be included in the ReceiveCallback and
+    NotifyConnect or passed on request?
+  - FIXME's with latency being simply set to 0 in a few places
+  - Memory leak (running valgrind --trace-children=yes on test_transport_api:   
+    ==28393== 16 bytes in 1 blocks are indirectly lost in loss record 1 of 5
+    ==28393==    at 0x4C2260E: malloc (vg_replace_malloc.c:207)
+    ==28393==    by 0x52343E3: GNUNET_xmalloc_unchecked_ (common_allocation.c:62)
+    ==28393==    by 0x5234389: GNUNET_xmalloc_ (common_allocation.c:53)
+    ==28393==    by 0x524458A: GNUNET_NETWORK_socket_create_from_accept (network.c:289)
+    ==28393==    by 0x524B2DA: ??? (server.c:332)
+    ==28393==    by 0x524A4C7: ??? (scheduler.c:425)
+    ==28393==    by 0x524A73D: GNUNET_SCHEDULER_run (scheduler.c:510)
+    ==28393==    by 0x524FF8C: GNUNET_SERVICE_run (service.c:1326)
+    ==28393==    by 0x405500: main (gnunet-service-transport.c:2645)
+    And also:
+    ==28393== 65,744 (65,728 direct, 16 indirect) bytes in 1 blocks are definitely lost in loss record 5 of 5
+    ==28393==    at 0x4C2260E: malloc (vg_replace_malloc.c:207)
+    ==28393==    by 0x52343E3: GNUNET_xmalloc_unchecked_ (common_allocation.c:62)
+    ==28393==    by 0x5234389: GNUNET_xmalloc_ (common_allocation.c:53)
+    ==28393==    by 0x524473E: GNUNET_NETWORK_socket_create_from_accept (network.c:323)
+    (rest of trace identical)
+* DATASTORE:
+  - mysql backend
+  - postgres backend
+* SETUP:
+  - auto-generate "defaults.conf" using gnunet-setup from "config.scm"
+  - integrate all options into "config.scm"
+  - change config-file writing to exclude options set to default values
+* ARM:
+  - implement exponential back-off for service restarts
+  - better tracking of which config changes actually need to cause process restarts by ARM.
+  - have way to specify dependencies between services (to manage ARM restarts better)
+  - client-API is inefficient since it opens a TCP connection per service that is started
+    (instead of re-using connections).
+* CORE: 
+  - code currently notifies clients about "encrypted" connections being up well before
+    we get the encrypted PONG; sometimes this may be OK (for topology killing
+    unwanted connnections), but of course not in general.  I suspect we want
+    to signal on PONG and have topology hook directly into transport to
+    kill plaintext connections before they have a chance to become encrypted
+    (may require minor hack in transport API)
+* PEERINFO:
+  - have gnunet-peerinfo print actual host addresses again
+  - add option to gnunet-peerinfo to modify trust value
+* POSTGRES-DB:
+  - finish postgres implementation; simplify other SQLs using new stats
+* HTTPS transport
+  - PolariSSL for MHD?
+  - https integration
+* GAP improvements:
+  - active reply route caching design & implementation of service,
+    gap extension!
+* HOSTLIST:
+  - implement advertising of hostlist URL
+  - implement learning of hostlist URLs
author	Christian Grothoff <christian@grothoff.org>	2009-07-26 22:13:01 +0000
committer	Christian Grothoff <christian@grothoff.org>	2009-07-26 22:13:01 +0000
commit	25ef9ccbc3f4c582a2ed8cf1af3b6d6677e58148 (patch)
tree	c9c71c2fc931a0e1bb642f75108c7414ad707505 /BUGS
parent	138b0402c39ff1c8e725bc1fe3f96e0d7e82dd70 (diff)
download	gnunet-25ef9ccbc3f4c582a2ed8cf1af3b6d6677e58148.tar.gz gnunet-25ef9ccbc3f4c582a2ed8cf1af3b6d6677e58148.zip

diff --git a/BUGS b/BUGS new file mode 100644 index 000000000..d3790ac2e --- /dev/null +++ b/BUGS
@@ -0,0 +1,119 @@
	1	This file lists minor work items (also possibly called "known bugs").
	2	We are not tracking them in Mantis yet since there are too many and no
	3	sane end-user should care about this codebase yet anyway.
	4
	5
	6	* UTIL:
	7	- crypto_hash: use libgcrypt (supports SHA-512 since 2003)
	8	- container_bloomfilter: improve efficiency (see FIXME)
	9	- Windows: use events instead of pipes to signal select()s [Nils]
	10	- only connect() sockets that are ready (select()) [Nils]
	11	[On W32, we need to select after calling socket before
	12	doing connect etc.]
	13	- Add "DISK" API for creating of temporary files
	14	(as used in datacache/ module) [Nils?]
	15	* SERVER:
	16	- inefficient memmove
	17	* TRANSPORT:
	18	- transport_api: support forcing disconnects through low quotas!
	19	(required for working F2F support!)
	20	- API: consider having core provide deadline information for each message
	21	(likely important for DV plugin which wants to loop back!)
	22	- implement transport API to pretty-print transport address
	23	+ transport_api extension (API extension!)
	24	+ service-transport extension (protocol extension)
	25	- add calls to statistics in various places
	26	- implement gnunet-transport (transport configurator / tester)
	27	- UPnP-based IP detection
	28	(Note: build library always, build service when libxml2/etc. are available)
	29	- instantly filter addresses from other peers that
	30	are equal to our own address + port (i.e., localhost:2086). We
	31	no longer filter those for outgoing (helps with loopback testing
	32	and keeps the code clean), but we should filter strictly impossible
	33	incoming addresses! This is for efficiency, not correctness.
	34	- We currently are happy to take any address told to us in a WELCOME
	35	to our set of addresses; we should have some minimal threshold-based
	36	scheme, limiting both the total number of addresses that we accept
	37	this way as well as requiring multiple confirmations; also, we
	38	should possibly try to confirm that the given address works for
	39	us ourselves (loopback-style) before adding it to the list
	40	[SECURITY issue]
	41	+ we may be able to simplify WELCOME messages (no need to add
	42	addresses there anymore, but may help to learn them there anyway...).
	43	+ we probably want some kind of voting/counting for learning IP addresses
	44	(maybe including IP addresses in ads proportional to how often others
	45	report them? we at least need some protection against >64k HELLOs!),
	46	+ provide a way to give the user a list of "learned" IP addresses and
	47	a way to easily "veto" addresses off the list!
	48	=> If MiM attacker uses vetoed address, blacklist the specific IP for
	49	the presumed neighbour!
	50	- not sure current way of doing ACKs works well-enough
	51	with unreliable transports where the ACK maybe lost;
	52	the "is_new" check would then possibly prevent future
	53	ACKs to be delivered, all while we're happily
	54	receiving messages from that peer! Worse, the other
	55	peer won't generate another ACK since it thinks we're
	56	connected just fine...
	57	Key questions:
	58	+ How necessary is ACKing in the first place? (alternatives?)
	59	+ Should we transmit ACKs in response to every HELLO? (would that
	60	fully address the problem?)
	61	- latency measurements implemented in the transport
	62	plugins makes it only work for bi-di transports
	63	and results in code replication
	64	- should latency be included in the ReceiveCallback and
	65	NotifyConnect or passed on request?
	66	- FIXME's with latency being simply set to 0 in a few places
	67	- Memory leak (running valgrind --trace-children=yes on test_transport_api:
	68	==28393== 16 bytes in 1 blocks are indirectly lost in loss record 1 of 5
	69	==28393== at 0x4C2260E: malloc (vg_replace_malloc.c:207)
	70	==28393== by 0x52343E3: GNUNET_xmalloc_unchecked_ (common_allocation.c:62)
	71	==28393== by 0x5234389: GNUNET_xmalloc_ (common_allocation.c:53)
	72	==28393== by 0x524458A: GNUNET_NETWORK_socket_create_from_accept (network.c:289)
	73	==28393== by 0x524B2DA: ??? (server.c:332)
	74	==28393== by 0x524A4C7: ??? (scheduler.c:425)
	75	==28393== by 0x524A73D: GNUNET_SCHEDULER_run (scheduler.c:510)
	76	==28393== by 0x524FF8C: GNUNET_SERVICE_run (service.c:1326)
	77	==28393== by 0x405500: main (gnunet-service-transport.c:2645)
	78	And also:
	79	==28393== 65,744 (65,728 direct, 16 indirect) bytes in 1 blocks are definitely lost in loss record 5 of 5
	80	==28393== at 0x4C2260E: malloc (vg_replace_malloc.c:207)
	81	==28393== by 0x52343E3: GNUNET_xmalloc_unchecked_ (common_allocation.c:62)
	82	==28393== by 0x5234389: GNUNET_xmalloc_ (common_allocation.c:53)
	83	==28393== by 0x524473E: GNUNET_NETWORK_socket_create_from_accept (network.c:323)
	84	(rest of trace identical)
	85
	86	* DATASTORE:
	87	- mysql backend
	88	- postgres backend
	89	* SETUP:
	90	- auto-generate "defaults.conf" using gnunet-setup from "config.scm"
	91	- integrate all options into "config.scm"
	92	- change config-file writing to exclude options set to default values
	93	* ARM:
	94	- implement exponential back-off for service restarts
	95	- better tracking of which config changes actually need to cause process restarts by ARM.
	96	- have way to specify dependencies between services (to manage ARM restarts better)
	97	- client-API is inefficient since it opens a TCP connection per service that is started
	98	(instead of re-using connections).
	99	* CORE:
	100	- code currently notifies clients about "encrypted" connections being up well before
	101	we get the encrypted PONG; sometimes this may be OK (for topology killing
	102	unwanted connnections), but of course not in general. I suspect we want
	103	to signal on PONG and have topology hook directly into transport to
	104	kill plaintext connections before they have a chance to become encrypted
	105	(may require minor hack in transport API)
	106	* PEERINFO:
	107	- have gnunet-peerinfo print actual host addresses again
	108	- add option to gnunet-peerinfo to modify trust value
	109	* POSTGRES-DB:
	110	- finish postgres implementation; simplify other SQLs using new stats
	111	* HTTPS transport
	112	- PolariSSL for MHD?
	113	- https integration
	114	* GAP improvements:
	115	- active reply route caching design & implementation of service,
	116	gap extension!
	117	* HOSTLIST:
	118	- implement advertising of hostlist URL
	119	- implement learning of hostlist URLs