* Don't publish leaseSets to the netDb if they will never be looked for -
namely, if they are for destinations that only establish outbound
streams. I2PTunnel's 'client' and 'httpclient' proxies have been
modified to tell the router that it doesn't need to publish their
leaseSet (by setting the I2CP config option 'i2cp.dontPublishLeaseSet'
to 'true').
* Don't publish the top 10 peer rankings of each router in the netdb, as
it isn't being watched right now.
* Minor logging and optimization tweaks in the router and SDK
* Use ISO-8859-1 in the XML files (thanks redzara!)
* The consolePassword config property can now be used to bypass the router
console's nonce checking, allowing CLI restarts
* Catch errors with corrupt tunnel messages more gracefully (no need to
kill the thread and cause an OOM...)
* Don't skip shitlisted peers for netDb store messages, as they aren't
necessarily shitlisted by other people (though they probably are).
* Adjust the netDb store per-peer timeout based on each particular peer's
profile (timeout = 4x their average netDb store response time)
* Don't republish leaseSets to *failed* peers - send them to peers who
replied but just didn't know the value.
* Set a 5 second timeout on the I2PTunnelHTTPServer reading the client's
HTTP headers, rather than blocking indefinitely. HTTP headers should be
sent entirely within the first streaming packet anyway, so this won't be
a problem.
* Don't use the I2PTunnel*Server handler thread pool by default, as it may
prevent any clients from accessing the server if the handlers get
blocked by the streaming lib or other issues.
* Don't overwrite a known status (OK/ERR-Reject/ERR-SymmetricNAT) with
Unknown.
* Removed the concept of "no bandwidth limit" - if none is specified, its
16KBps in/out.
* Include ack packets in the per-peer cwin throttle (they were part of the
bandwidth limit though).
* Tweak the SSU cwin operation to get more accurrate estimates under
congestions.
* SSU improvements to resend more efficiently.
* Added a basic scheduler to eepget to fetch multiple files sequentially.
* Revise the SSU peer testing protocol so that Bob verifies Charlie's
viability before agreeing to Alice's request. This doesn't work with
older SSU peer test builds, but is backwards compatible (older nodes
won't ask newer nodes to participate in tests, and newer nodes won't
ask older nodes to either).
* Keep detailed stats on the peer testing, publishing the results in the
netDb.
* Don't overwrite the status with 'unknown' unless we haven't had a valid
status in a while.
* Make sure to avoid shitlisted peers for peer testing.
* When we get an unknown result to a peer test, try again soon afterwards.
* When a peer tells us that our address is different from what we expect,
if we've done a recent peer test with a result of OK, fire off a peer
test to make sure our IP/port is still valid. If our test is old or the
result was not OK, accept their suggestion, but queue up a peer test for
later.
* Don't try to do a netDb store to a shitlisted peer, and adjust the way
we monitor netDb store progress (to clear up the high netDb.storePeers
stat)
* Deployed the peer testing implementation to be run every few minutes on
each router, as well as any time the user requests a test manually. The
tests do not reconfigure the ports at the moment, merely determine under
what conditions the local router is reachable. The status shown in the
top left will be "ERR-SymmetricNAT" if the user's IP and port show up
differently for different peers, "ERR-Reject" if the router cannot
receive unsolicited packets or the peer helping test could not find a
collaborator, "Unknown" if the test has not been run or the test
participants were unreachable, or "OK" if the router can receive
unsolicited connections and those connections use the same IP and port.
* Add a configurable throttle to the number of concurrent outbound SSU
connection negotiations (via i2np.udp.maxConcurrentEstablish=4). This
may help those with slow connections to get integrated at the start.
* Further fixlets to the streaming lib
* Display the average clock skew for both SSU and TCP connections
2005-08-07 jrandom
* Fixed the long standing streaming lib bug where we could lose the first
packet on retransmission.
* Avoid an NPE when a message expires on the SSU queue.
* Adjust the streaming lib's window growth factor with an additional
Vegas-esque congestion detection algorithm.
* Removed an unnecessary SSU session drop
* Reduced the MTU (until we get a working PMTU lib)
* Deferr tunnel acceptance until we know how to reach the next hop,
rejecting it if we can't find them in time.
* If our netDb store of our leaseSet fails, give it a few seconds before
republishing.
* Fix an addressbook NPE when a new hostname from the master addressbook
didn't exist in the router addressbook.
* Fix an addressbook bug which caused subscriptions not to be parsed at
all. (Oops!)
* Adjust the netDb search and store per peer timeouts to match the average
measured per peer success times, rather than huge fixed values.
* Optimized and reverified the netDb peer selection / retrieval process
within the kbuckets.
* Drop TCP connections that don't have any useful activity in 10 minutes.
* If i2np.udp.fixedPort=true, never change the externally published port,
even if we are autodetecting the IP address.
(also includes most of the new peer/NAT testing, but thats not used atm)
2005-07-27 jrandom
* Enabled SSU as the default top priority transport, adjusting the
config.jsp page accordingly.
* Add verification fields to the SSU and TCP connection negotiation (not
compatible with previous builds)
* Enable the backwards incompatible tunnel crypto change as documented in
tunnel-alt.html (have each hop encrypt the received IV before using it,
then encrypt it again before sending it on)
* Disable the I2CP encryption, leaving in place the end to end garlic
encryption (another backwards incompatible change)
* Adjust the protocol versions on the TCP and SSU transports so that they
won't talk to older routers.
* Fix up the config stats handling again
* Fix a rare off-by-one in the SSU fragmentation
* Reduce some unnecessary netDb resending by inluding the peers queried
successfully in the store redundancy count.
* Fix in the SDK for a bug which would manifest itself as misrouted
streaming packets when a destination has many concurrent streaming
connections (thanks duck!)
* No more "Graceful shutdown in -18140121441141s"
* Further preparation for removing I2CP crypto
* Added some validation to the DH key agreement (thanks $anon)
* Validate tunnel data message expirations (though not really a problem,
since tunnels expire)
* Minor PRNG threading cleanup
* Added workaround for an odd win32 bug in the stats configuration
console page which meant only the first checkbox selection was saved.
2005-07-15 Romster
* Added per group selection toggles in the stats configuration console
page.
* Fixed a recently injected bug in the multitransport bidding which had
allowed an essentially arbitrary choice of transports, rather than the
properly ordered choice.
(getLatency() != getLatencyMs(). duh)
* Fixed a long standing bug where we weren't properly comparing session
tags but instead largely depending upon comparing their hashCode,
causing intermittent decryption errors.
* Reduced the growth factor on the slow start and congestion avoidance for
the streaming lib.
* Adjusted some of the I2PTunnelServer threading to use a small pool of
handlers, rather than launching off new threads which then immediately
launch off an I2PTunnelRunner instance (which launches 3 more threads..)
* Don't persist session keys / session tags (not worth it, for now)
* Added some detection and handling code for duplicate session tags being
delivered (root cause still not addressed)
* Make the PRNG's buffer size configurable (via the config property
"i2p.prng.totalBufferSizeKB=4096")
* Disable SSU flooding by default (duh)
* Updates to the StreamSink apps for better throttling tests.
* Use a buffered PRNG, pulling the PRNG data off a larger precalculated
buffer, rather than the underlying PRNG's (likely small) one, which in
turn reduces the frequency of recalcing.
* More tuning to reduce temporary allocation churn
* Within the tunnel, use xor(IV, msg[0:16]) as the flag to detect dups,
rather than the IV by itself, preventing an attack that would let
colluding internal adversaries tag a message to determine that they are
in the same tunnel. Thanks dvorak for the catch!
* Drop long inactive profiles on startup and shutdown
* /configstats.jsp: web interface to pick what stats to log
* Deliver more session tags to account for wider window sizes
* Cache some intermediate values in our HMACSHA256 and BC's HMAC
* Track the client send rate (stream.sendBps and client.sendBpsRaw)
* UrlLauncher: adjust the browser selection order
* I2PAppContext: hooks for dummy HMACSHA256 and a weak PRNG
* StreamSinkClient: add support for sending an unlimited amount of data
* Migrate the tests out of the default build jars
2005-06-22 Comwiz
* Migrate the core tests to junit
* Cleaned up the peers page a bit more.
more udp stuff:
* add new config option: i2np.udp.alwaysPreferred=true to adjust the bidding
so that UDP is picked first, even if a TCP connection exists
* fixed the initial clock skew problem (duh)
* reduced the MTU to 576 (largest nearly-universally-safe, and allows a
tunnel message in 2 fragments)
* handle some races @ connection establishment (thanks duck!)
* if there are more ACKs than we can send in a packet, reschedule another
ACK immediately
* Added a small new page to the web console (/peers.jsp) which contains
the peer connection information. This will be cleaned up a lot more
before 0.6 is out, but its a start.
* Reduced some SimpleTimer churn
* add hooks for per-peer choking in the outbound message queue - if/when a
peer reaches their cwin, no further messages will enter the 'active' pool
until there are more bytes available. other messages waiting (either later
on in the same priority queue, or in the queues for other priorities) may
take that slot.
* when we have a message acked, release the acked size to the congestion
window (duh), rather than waiting for the second to expire and refill the
capacity.
* send packets in a volley explicitly, waiting until we can allocate the full
cwin size for that message
* Reduce the peer profile stat coallesce overhead by inlining it with the
reorganize.
* Limit each transport to at most one address (any transport that requires
multiple entry points can include those alternatives in the address).
udp stuff:
* change the UDP transport's style from "udp" to "SSUv1"
* keep track of each peer's skew
* properly handle session reestablishment over an existing session, rather
than requiring both sides to expire first
* More fixes for the I2PTunnel "other" interface handling (thanks nelgin!)
* Add back the code to handle bids from multiple transports (though there
is still only one transport enabled by default)
* Adjust the router's queueing of outbound client messages when under
heavy load by running the preparatory job in the client's I2CP handler
thread, thereby blocking additional outbound messages when the router is
hosed.
* No need to validate or persist a netDb entry if we already have it
And for some udp stuff:
* only bid on what we know (duh)
* reduceed the queue size in the UDPSender itself, so that ACKs go
through more quickly, leaving the payload messages to queue up in
the outbound fragment scheduler
* rather than /= 2 on congestion, /= 2/3 (still AIMD, but less drastic)
* adjust the fragment selector so a wsiz throttle won't force extra
volleys
* mark congestion when it occurs, not after the message has been
ACKed
* when doing a round robin over the active messages, move on to the
next after a full volley, not after each packet (causing less "fair"
performance but better latency)
* reduced the lock contention in the inboundMessageFragments by
moving the ack and complete queues to the ACKSender and
MessageReceiver respectively (each of which have their own
threads)
* prefer new and existing UDP sessions to new TCP sessions, but
prefer existing TCP sessions to new UDP sessions
* Added button to router console for manual update checks.
* Fixed bug in configupdate.jsp that caused the proxy port to be updated
every time the form was submitted even if it hadn't changed.
* Added a pool of PRNGs using a different synchronization technique,
hopefully sufficient to work around IBM's PRNG bugs until we get our
own Fortuna.
* In the streaming lib, don't jack up the RTT on NACK, and have the window
size bound the not-yet-ready messages to the peer, not the unacked
message count (not sure yet whether this is worthwile).
* Many additions to the messageHistory log.
* Handle out of order tunnel fragment delivery (not an issue on the live
net with TCP, but critical with UDP).
and for udp stuff:
* implemented tcp-esque rto code in the udp transport
* make sure we don't ACK too many messages at once
* transmit fragments in a simple (nonrandom) order so that we can more easily
adjust timeouts/etc.
* let the active outbound pool grow dynamically if there are outbound slots to
spare
* use a simple decaying bloom filter at the UDP level to drop duplicate resent
packets.
* In the SDK, we don't actually need to block when we're sending a message
as BestEffort (and these days, we're always sending BestEffort).
* Pass out client messages in fewer (larger) steps.
* Have the InNetMessagePool short circuit dispatch requests.
* Have the message validator take into account expiration to cut down on
false positives at high transfer rates.
* Allow configuration of the probabalistic window size growth rate in the
streaming lib's slow start and congestion avoidance phases, and default
them to a more conservative value (2), rather than the previous value
(1).
* Reduce the ack delay in the streaming lib to 500ms
* Honor choke requests in the streaming lib (only affects those getting
insanely high transfer rates)
* Let the user specify an interface besides 127.0.0.1 or 0.0.0.0 on the
I2PTunnel client page (thanks maestro^!)
(plus minor udp tweaks)
* Added the possibility for i2ptunnel client and httpclient instances to
have their own i2p session (and hence, destination and tunnels). By
default, tunnels are shared, but that can be changed on the web
interface or with the sharedClient config option in i2ptunnel.config.
2005-04-17 jrandom
* Marked the net.i2p.i2ptunnel.TunnelManager as deprecated. Anyone use
this? If not, I want to drop it (lots of tiny details with lots of
duplicated semantics).
* Added new user-editable eepproxy error page templates.
2005-04-17 jrandom
* Revamp the tunnel building throttles, fixing a situation where the
rebuild may not recover, and defaulting it to unthrottled (users with
slow CPUs may want to set "router.tunnel.shouldThrottle=true" in their
advanced router config)
* Make sure we don't get cached updates (thanks smeghead!)
* Clear out the callback for the TestJob after it passes (only affects the
job timing accounting)
* Security improvements to TrustedUpdate: signing and verification of the
version string along with the data payload for signed update files
(consequently the positions of the DSA signature and version string fields
have been swapped in the spec for the update file's header); router will
no longer perform a trusted update if the signed update's version is lower
than or equal to the currently running router's version.
* Added two new CLI commands to TrustedUpdate: showversion, verifyupdate.
* Extended TrustedUpdate public API for use by third party applications.
* Retry I2PTunnel startup if we are unable to build a socketManager for a
client or httpclient tunnel.
* Add some basic sanity checking on the I2CP settings (thanks duck!)
* After a successfull netDb search for a leaseSet, republish it to all of
the peers we have tried so far who did not give us the key (up to 10),
rather than the old K closest (which may include peers who had given us
the key)
* Don't wait 5 minutes to publish a leaseSet (duh!), and rather than
republish it every 5 minutes, republish it every 3. In addition, always
republish as soon as the leaseSet changes (duh^2).
* Minor fix for oddball startup race (thanks travis_bickle!)
* Minor AES update to allow in-place decryption.
