* Choke SSU retransmissions to a peer while there is already a
retransmission in flight to them. This currently lets other initial
transmissions through, since packet loss is often sporadic, but maybe
this should block initial transmissions as well?
* Display the retransmission bytes stat on peers.jsp (thanks bar!)
* Filter QUIT messages in the I2PTunnelIRCClient proxy
* Implemented a new I2PTunnelIRCClient which locally filters inbound and
outbound IRC commands for anonymity and security purposes, removing all
CTCP messages except ACTION, as well as stripping the hostname from the
USER message (while leaving the nick and 'full name'). The IRC proxy
doesn't use this by default, but you can enable it by creating a new
"IRC proxy" tunnel on the web interface, or by changing the tunnel type
to "ircclient" in i2ptunnel.config.
2005-10-10 jrandom
* I2PTunnel http client config cleanup and stats
* Minor SSU congestion tweaks and stats
* Reduced netDb exploration period
* Allow the I2PTunnelHTTPServer to send back the first few packets of an
HTTP response quicker, and initialize the streaming lib's cwin more
carefully.
* Added a small web UI to the new Syndie scheduled updater. If you log in
as a user authorized to use the remote archive funtionality, you can
request remote archives in your address book to be automatically pulled
down by checking the "scheduled?" checkbox.
* I2PTunnel bugfix (thanks Complication!)
* Increase the SSU cwin slower during congestion avoidance (at k/cwin^2
instead of k/cwin)
* Limit the number of inbound SSU sessions being built at once (using
half of the i2np.udp.maxConcurrentEstablish config prop)
* Don't shitlist on a message send failure alone (unless there aren't any
common transports).
* More careful bandwidth bursting
* Reworded the SSU introductions config section (thanks duck!)
* Force identity content encoding for I2PTunnel httpserver requests
(thanks redzara!)
* Further x-i2p-gzip bugfixes for the end of streams
* Reduce the minimum bandwidth limits to 3KBps steady and burst (though
I2P's performance at 3KBps is another issue)
* Cleaned up some streaming lib structures
* Allow reseeding on the console if the netDb knows less than 30 peers,
rather than less than 10 (without internet connectivity, we keep the
last 15 router references)
* Reenable the x-i2p-gzip HTTP processing by default, flushing the stream
more aggressively.
* Show the status that used to be called "ERR-Reject" as "OK (NAT)"
* Reduced the default maximum number of streaming lib resends of a packet
(10 retransmits is a bit much with a reasonable RTO)
* Better i2paddresshelper handling in the I2PTunnel httpclient, plus a new
conflict resolution page if the i2paddresshelper parameter differs from
an existing name to destination mapping.
2005-09-25 jrandom
* Fix a long standing streaming lib bug (in the inactivity detection code)
* Improved handling of initial streaming lib packet retransmissions to
kill the "lost first packet" bug (where a page shows up with the first
few KB missing)
* Add support for initial window sizes greater than 1 - useful for
eepsites to transmit e.g. 4 packets full of data along with the initial
ACK, thereby cutting down on the rtt latency. The congestion window
size can and does still shrink down to 1 packet though.
* Adjusted the streaming lib retransmission calculation algorithm to be
more TCP-like.
* Added the natively compiled jbigi and patched java service wrapper for
OS X. Thanks Bill Dorsey for letting me use your machine!
* Don't build i2p.exe or i2pinstall.exe when run on OS X machines, as we
don't bundle the binutils necessary (and there'd be a naming conflict
if we did).
* Added 'single user' functionality to syndie - if the single user
checkbox on the admin page is checked, all users are allowed to control
the instance and sync up with remote syndie nodes.
* Temporarily disable the x-i2p-gzip in i2ptunnel until it is more closely
debugged.
* Adjust I2PTunnelHTTPServer so it can be used for outproxy operators
(just specify the spoofed host as an empty string), allowing them to
honor x-i2p-gzip encoding.
* Let windows users build the exes too (thanks bar and redzara!)
* Allow I2PTunnel httpserver operators to disable gzip compression on
individual tunnels with the i2ptunnel.gzip=false client option
(good idea susi!)
* Added the i2p.exe and i2pinstall.exe for windows users, using launch4j.
* Added runplain.sh for *nix/osx users having problems using the java
service wrapper (called from the install dir as: sh runplain.sh)
* Bundle susidns and syndie, with links on the top nav
* Have I2PTunnelHTTPClient and I2PTunnelHTTPServer use the x-i2p-gzip
content-encoding (if offered), reducing the payload size before it
reaches the streaming lib. The existing compression is at the i2cp
level, so we've been packetizing 4KB of uncompressed data and then
compressing those messages, rather than compressing and then packetizing
4KB of compressed data. This should reduce the number of round trips
to fetch web pages substantially.
* Adjust the startup and timing of the addressbook so that susidns always
has config to work off, and expose a method for susidns to tell it to
reload its config and rerun.
* Don't persist peer profiles until we are shutting down, as the
persistence process gobbles RAM and wall time.
* Bugfix to allow you to check/uncheck the sharedClient setting on the
I2PTunnel web interface.
* Be more careful when expiring a failed tunnel message fragment so we
don't drop the data while attempting to read it.
* Don't publish leaseSets to the netDb if they will never be looked for -
namely, if they are for destinations that only establish outbound
streams. I2PTunnel's 'client' and 'httpclient' proxies have been
modified to tell the router that it doesn't need to publish their
leaseSet (by setting the I2CP config option 'i2cp.dontPublishLeaseSet'
to 'true').
* Don't publish the top 10 peer rankings of each router in the netdb, as
it isn't being watched right now.
* Catch errors with corrupt tunnel messages more gracefully (no need to
kill the thread and cause an OOM...)
* Don't skip shitlisted peers for netDb store messages, as they aren't
necessarily shitlisted by other people (though they probably are).
* Adjust the netDb store per-peer timeout based on each particular peer's
profile (timeout = 4x their average netDb store response time)
* Don't republish leaseSets to *failed* peers - send them to peers who
replied but just didn't know the value.
* Set a 5 second timeout on the I2PTunnelHTTPServer reading the client's
HTTP headers, rather than blocking indefinitely. HTTP headers should be
sent entirely within the first streaming packet anyway, so this won't be
a problem.
* Don't use the I2PTunnel*Server handler thread pool by default, as it may
prevent any clients from accessing the server if the handlers get
blocked by the streaming lib or other issues.
* Don't overwrite a known status (OK/ERR-Reject/ERR-SymmetricNAT) with
Unknown.
2005-07-27 jrandom
* Enabled SSU as the default top priority transport, adjusting the
config.jsp page accordingly.
* Add verification fields to the SSU and TCP connection negotiation (not
compatible with previous builds)
* Enable the backwards incompatible tunnel crypto change as documented in
tunnel-alt.html (have each hop encrypt the received IV before using it,
then encrypt it again before sending it on)
* Disable the I2CP encryption, leaving in place the end to end garlic
encryption (another backwards incompatible change)
* Adjust the protocol versions on the TCP and SSU transports so that they
won't talk to older routers.
* Fix up the config stats handling again
* Fix a rare off-by-one in the SSU fragmentation
* Reduce some unnecessary netDb resending by inluding the peers queried
successfully in the store redundancy count.
* Reduced the growth factor on the slow start and congestion avoidance for
the streaming lib.
* Adjusted some of the I2PTunnelServer threading to use a small pool of
handlers, rather than launching off new threads which then immediately
launch off an I2PTunnelRunner instance (which launches 3 more threads..)
* Don't persist session keys / session tags (not worth it, for now)
* Added some detection and handling code for duplicate session tags being
delivered (root cause still not addressed)
* Make the PRNG's buffer size configurable (via the config property
"i2p.prng.totalBufferSizeKB=4096")
* Disable SSU flooding by default (duh)
* Updates to the StreamSink apps for better throttling tests.
* Within the tunnel, use xor(IV, msg[0:16]) as the flag to detect dups,
rather than the IV by itself, preventing an attack that would let
colluding internal adversaries tag a message to determine that they are
in the same tunnel. Thanks dvorak for the catch!
* Drop long inactive profiles on startup and shutdown
* /configstats.jsp: web interface to pick what stats to log
* Deliver more session tags to account for wider window sizes
* Cache some intermediate values in our HMACSHA256 and BC's HMAC
* Track the client send rate (stream.sendBps and client.sendBpsRaw)
* UrlLauncher: adjust the browser selection order
* I2PAppContext: hooks for dummy HMACSHA256 and a weak PRNG
* StreamSinkClient: add support for sending an unlimited amount of data
* Migrate the tests out of the default build jars
2005-06-22 Comwiz
* Migrate the core tests to junit
* More fixes for the I2PTunnel "other" interface handling (thanks nelgin!)
* Add back the code to handle bids from multiple transports (though there
is still only one transport enabled by default)
* Adjust the router's queueing of outbound client messages when under
heavy load by running the preparatory job in the client's I2CP handler
thread, thereby blocking additional outbound messages when the router is
hosed.
* No need to validate or persist a netDb entry if we already have it
And for some udp stuff:
* only bid on what we know (duh)
* reduceed the queue size in the UDPSender itself, so that ACKs go
through more quickly, leaving the payload messages to queue up in
the outbound fragment scheduler
* rather than /= 2 on congestion, /= 2/3 (still AIMD, but less drastic)
* adjust the fragment selector so a wsiz throttle won't force extra
volleys
* mark congestion when it occurs, not after the message has been
ACKed
* when doing a round robin over the active messages, move on to the
next after a full volley, not after each packet (causing less "fair"
performance but better latency)
* reduced the lock contention in the inboundMessageFragments by
moving the ack and complete queues to the ACKSender and
MessageReceiver respectively (each of which have their own
threads)
* prefer new and existing UDP sessions to new TCP sessions, but
prefer existing TCP sessions to new UDP sessions
* Added the possibility for i2ptunnel client and httpclient instances to
have their own i2p session (and hence, destination and tunnels). By
default, tunnels are shared, but that can be changed on the web
interface or with the sharedClient config option in i2ptunnel.config.
2005-04-17 jrandom
* Marked the net.i2p.i2ptunnel.TunnelManager as deprecated. Anyone use
this? If not, I want to drop it (lots of tiny details with lots of
duplicated semantics).
* Added new user-editable eepproxy error page templates.
2005-04-17 jrandom
* Revamp the tunnel building throttles, fixing a situation where the
rebuild may not recover, and defaulting it to unthrottled (users with
slow CPUs may want to set "router.tunnel.shouldThrottle=true" in their
advanced router config)
* Retry I2PTunnel startup if we are unable to build a socketManager for a
client or httpclient tunnel.
* Add some basic sanity checking on the I2CP settings (thanks duck!)
2005-03-29 jrandom
* Decreased the initial RTT estimate to 10s to allow more retries.
* Increased the default netDb store replication factor from 2 to 6 to take
into consideration tunnel failures.
* Address some statistical anonymity attacks against the netDb that could
be mounted by an active internal adversary by only answering lookups for
leaseSets we received through an unsolicited store.
* Don't throttle lookup responses (we throttle enough elsewhere)
* Fix the NewsFetcher so that it doesn't incorrectly resume midway through
the file (thanks nickster!)
* Updated the I2PTunnel HTML (thanks postman!)
* Added support to the I2PTunnel pages for the URL parameter "passphrase",
which, if matched against the router.config "i2ptunnel.passphrase" value,
skips the nonce check. If the config prop doesn't exist or is blank, no
passphrase is accepted.
* Implemented HMAC-SHA256.
* Enable the tunnel batching with a 500ms delay by default
* Dropped compatability with 0.5.0.3 and earlier releases
2005-03-06 jrandom
* Allow the I2PTunnel web interface to select streaming lib options for
individual client tunnels, rather than sharing them across all of them,
as we do with the session options. This way people can (and should) set
the irc proxy to interactive and the eepproxy to bulk.
* Added a startRouter.sh script to new installs which simply calls
"sh i2prouter start". This should make it clear how people should start
I2P.
* Filter HTTP response headers in the eepproxy, forcing Connection: close
so that broken (/malicious) webservers can't allow persistent
connections. All HTTP compliant browsers should now always close the
socket.
* Enabled the GZIPInputStream's cache (they were'nt cached before)
* Make sure our first send is always a SYN (duh)
* Workaround for some buggy compilers
* Loop while starting up the I2PTunnel instances, in case the I2CP
listener isn't up yet (thanks detonate!)
* Implement custom reusable GZIP streams to both reduce memory churn
and prevent the exposure of data in the standard GZIP header (creation
time, OS, etc). This is RFC1952 compliant, and backwards compatible,
though has only been tested within the confines of I2P's compression use
(DataHelper.[de]compress).
* Preemptively support the next protocol version, so that after the 0.5.0.2
release, we'll be able to drop protocol=2 to get rid of 0.5 users.
* Cache temporary memory allocation in the DSA's SHA1 impl, and the packet
data in the streaming lib.
* Fixed a streaming lib bug where the connection initiator would fail the
stream if the ACK to their SYN was lost.
* Allow the streaming lib resend frequency to drop down to 20s as the
minimum, so that up to 2 retries can get sent on an http request.
* Add further limits to failsafe tunnels.
* Keep exploratory and client tunnel testing and building stats separate.
* Only use the 60s period for throttling tunnel requests due to transient
network overload.
* Rebuild tunnels earlier (1-3m before expiration, by default)
* Cache the next hop's routerInfo for participating tunnels so that the
tunnel participation doesn't depend on the netDb.
* Fixed a long standing bug in the streaming lib where we wouldn't always
unchoke messages when the window size grows.
* Make sure the window size never reaches 0 (duh)
* (Merged the 0.5-pre branch back into CVS HEAD)
* Replaced the old tunnel routing crypto with the one specified in
router/doc/tunnel-alt.html, including updates to the web console to view
and tweak it.
* Provide the means for routers to reject tunnel requests with a wider
range of responses:
probabalistic rejection, due to approaching overload
transient rejection, due to temporary overload
bandwidth rejection, due to persistent bandwidth overload
critical rejection, due to general router fault (or imminent shutdown)
The different responses are factored into the profiles accordingly.
* Replaced the old I2CP tunnel related options (tunnels.depthInbound, etc)
with a series of new properties, relevent to the new tunnel routing code:
inbound.nickname (used on the console)
inbound.quantity (# of tunnels to use in any leaseSets)
inbound.backupQuantity (# of tunnels to keep in the ready)
inbound.length (# of remote peers in the tunnel)
inbound.lengthVariance (if > 0, permute the length by adding a random #
up to the variance. if < 0, permute the length
by adding or subtracting a random # up to the
variance)
outbound.* (same as the inbound, except for the, uh, outbound tunnels
in that client's pool)
There are other options, and more will be added later, but the above are
the most relevent ones.
* Replaced Jetty 4.2.21 with Jetty 5.1.2
* Compress all profile data on disk.
* Adjust the reseeding functionality to work even when the JVM's http proxy
is set.
* Enable a poor-man's interactive-flow in the streaming lib by choking the
max window size.
* Reduced the default streaming lib max message size to 16KB (though still
configurable by the user), also doubling the default maximum window
size.
* Replaced the RouterIdentity in a Lease with its SHA256 hash.
* Reduced the overall I2NP message checksum from a full 32 byte SHA256 to
the first byte of the SHA256.
* Added a new "netId" flag to let routers drop references to other routers
who we won't be able to talk to.
* Extended the timestamper to get a second (or third) opinion whenever it
wants to actually adjust the clock offset.
* Replaced that kludge of a timestamp I2NP message with a full blown
DateMessage.
* Substantial memory optimizations within the router and the SDK to reduce
GC churn. Client apps and the streaming libs have not been tuned,
however.
* More bugfixes thank you can shake a stick at.
2005-02-13 jrandom
* Updated jbigi source to handle 64bit CPUs. The bundled jbigi.jar still
only contains 32bit versions, so build your own, placing libjbigi.so in
your install dir if necessary. (thanks mule!)
* Added support for libjbigi-$os-athlon64 to NativeBigInteger and CPUID
(thanks spaetz!)
* Speling fxi (thanks digum!)
* Bugfix for the I2PTunnel web interface so that it now properly launches
newly added tunnels that are defined to be run on startup (thanks ugha!)
* Revised the I2PTunnel client and httpclient connection establishment
throttles. There is now a pool of threads that build the I2PSocket
connections with a default size of 5, configurable via the I2PTunnel
client option 'i2ptunnel.numConnectionBuilders' (if set to 0, it will
not throttle the number of concurrent builders, but will launch a thread
per socket during establishment). In addition, sockets accepted but
not yet allocated to one of the connection builders will be destroyed
after 30 seconds, configurable via 'i2ptunnel.maxWaitTime' (if set to
0, it will wait indefinitely).
* Cleaned up the resending and choking algorithm in the streaming lib.
* Removed the read timeout override for I2PTunnel's httpclient, allowing
it to use the default for the streaming lib.
* Revised ack triggers in the streaming lib.
* Logging.
* Added a new i2ptunnel type: 'httpserver', allowing you to specify what
hostname should be sent to the webserver. By default, new installs will
have an httpserver pointing at their jetty instance with the spoofed
name 'mysite.i2p' (editable on the /i2ptunnel/edit.jsp page).
* Fix the missing HTTP timeout, which was caused by the deferred syn used
by default. This, in turn, meant the I2PSocket creation doesn't fail
on .connect, but is unable to transfer any data in any direction. We now
detect that condition for the I2PTunnelHTTPClient and throw up the right
error page.
* Logging
* Use a simpler and less memory intensive job for processing outbound
client messages when the session is in mode=bestEffort. We can
immediately discard the data as soon as its sent the first time,
rather than wait for an ack, since we will never internally resend.
* Reduce some synchronization to avoid a rare deadlock
* Replaced 'localhost' with 127.0.0.1 in the i2ptunnel config, and special
case it within the tunnel controller.
* Script cleanup for building jbigi/jcpuid
* Logging
* Toss in a small pool of threads (3) to execute the events queued up with
the SimpleTimer, as we do currently see the occational event
notification spiking up to a second or so.
* Implement a SAM client API in java, useful for event based streaming (or
for testing the SAM bridge)
* Added support to shut down the SAM bridge on OOM (useful if the SAM
bridge is being run outside of the router).
* Include the SAM test code in the sam.jar
* Remove an irrelevent warning message from SAM, which was caused by
perfectly normal operation due to a session being closed.
* Removed some unnecessary synchronization in the streaming lib's
PacketQueue
* More quickly clean up the memory used by the streaming lib by
immediately killing each packet's resend job as soon as it is ACKed (or
cancelled), so that there are no longer any valid pointers to the
(potentially 32KB) packet.
* Fixed the timestamps dumped to stdout when debugging the PacketHandler.
* Drop packets that would expand our inbound window beyond our maximum
buffer size (default 32 messages)
* Always read the ACK/NACK data from the verified packets received, even
if we are going to drop them
* Always adjust the window when there are messages ACKed, though do not
change its size except as before.
* Streamlined some synchronization in the router's I2CP handling
* Streamlined some memory allocation in the SAM bridge
* Default the streaming lib to disconnect on inactivity, rather than send
an empty message.
this still doesnt get the BT to where it needs to be, or fix the timeout problem,
but i dont like having so many commits outstanding and these updates are sound
2004-12-01 jrandom
* Fixed a stupid typo that inadvertantly allowed persistent HTTP
connections to work (thanks duck!)
* Make sure we override the inactivity timeout too
2004-12-01 jrandom
* Fixed a stupid typo that inadvertantly allowed persistent HTTP
connections to work (thanks duck!)
* Make sure we override the inactivity timeout too
