2013-12-04 zzz
i2psnark: Fix ConnectionAcceptor not restarting after tunnel
restart, preventing incoming connections
2013-12-01 kytv
* Update geoip.txt based on Maxmind GeoLite Country database from 2013-11-05.
* French, Italian, Romanian, Spanish, and Swedish translation updates from transifex
2013-11-28 dg
* I2PTunnel: Don't send 'X-Powered-By' on HTTP server tunnels for anonymity reasons.
2013-11-25 str4d
* Reseed: Listen to "Require SSL" config option
2013-11-23 zzz
* i2ptunnel: Clean up old timer threads
2013-11-23 str4d
* susimail: Fix NPE when deleting last message (ticket #414)
2013-11-19 kytv
* Translation updates and start of Japanese translation pulled from Transifex
2013-11-14 kytv
* Update Java Service Wrapper to v3.5.22
- Windows: Self-compiled with VS2010 in Windows 7. The icon has been
changed from Tanuki's default to Itoopie.
- Linux ARMv6: Compiled on a RaspberryPi using gcc 4.6.3-14+rpi1,
Icedtea6 6b27-1.12.5-1+rpi1 and stripped
- All other binaries are from the "community edition" deltapack offered by
Tanuki.
2013-11-14 zzz
* Tunnels: Fix reception of encrypted responses to LS lookups (ticket #1125)
2013-11-07 zzz
* i2psnark: Fix file links, broken in -12 (ticket #1114)
* Logging: Track duplicates across flush interval (ticket #1110)
* NetDB: Fix RI publish interval, broken in -7
2013-11-03 zzz
* NetDB: Allow store of leaseset as long as one lease has not expired
* Transport:
- Expire wasUnreachable entries, so inbound tunnel build failures
don't escalate
- Add network status to event log
2013-11-01 zzz
* Transport: Fix GeoIPv6 (ticket #1096)
2013-10-31 zzz
* i2psnark: Always verify file lengths at startup (ticket #1099)
* Transports: Increase threshold for idle timeout reduction
(partially back out change from -10)
2013-10-29 dg
* i2psnark: Start torrents by default (ticket #1072)
2013-10-29 zzz
* i2psnark: Fix start and start-all buttons on text-mode browsers
and Opera (ticket #1093)
* InboundMessageDistributor:
- Don't discard an encrypted DSRM received
down a tunnel, just strip the hashes like we do for unencrypted
- Send a store of our own encrypted LS received down a tunnel to
the InNetMessagePool so the FloodfillVerifyStoreJob will see it.
* NetDB: Fix LS store verifies with encrypted replies
by storing the tagset with the correct SKM for the inbound tunnel used.
Broken since 0.9.7 when it was introduced.
* Tunnels:
- Build a new exploratory fallback tunnel in the BuildExecutor
loop if we run out.
- Don't use closest expl. tunnel as the paired tunnel for a build,
use a random one instead (partially back out change from -12)
2013-10-29 meeh
* Adding no.i2p registrar
2013-10-28 dg
* I2PTunnel: Enable persistent keying for SOCKS tunnels (ticket #1088)
2013-10-27 zzz
* Streaming; Fix crash caused by previous blacklist fix (ticket #1070)
2013-10-26 zzz
* i2psnark: Display base name, not torrent file name (ticket #985)
* I2PTunnel HTTP server: New POST limiter
* Profiles: Ensure we select random peers even before the first reorganization
* Streaming: Randomize end of first conn limit period
* Tunnels:
- Don't use fallback expl. tunnels as the paired tunnel
for a client tunnel build.
- Fix selection of an expl. tunnel close to a hash
2013-10-25 zzz
* Router: Only log ping file error once (ticket #1086)
* Streaming:
- Check blacklist/whitelist before connection limits, so
a blacklisted peer does not increment the counters
- Don't increment total throttle if peer is throttled
- Fix blacklist NPE after config change (ticket #1070)
* Transports: Reduce connection idle time sooner
2013-10-24 zzz
* i2psnark: Drop incoming connections on HTTP port
* I2PTunnel: Don't let uncaught exception kill server acceptor (ticket #1070)
* I2PTunnel standard, HTTP, and IRC servers:
Route connections to specific targets based on incoming I2P port
with custom option targetForPort.xxxx=myserver:yyyy
This allows multiple services on a single server tunnel (ticket #1066)
2013-10-23 zzz
* I2PTunnel standard and IRC clients:
- Allow host:port targets; set defaults in i2ptunnel.config (ticket #1066)
- Don't fail start if hostname is unresolvable; retry at connect time (ticket #946)
- Output IRC message on connect exception
- Update target list on-the-fly when configuration changes
* NetDB:
- Increase RI publish interval to reduce the connection load on ffs
- Save RI-last-published time; check it before publishing
2013-10-19 zzz
* NetDB:
- Reinstate ExpireRoutersJob
- Reduce min part. tunnels for floodfill
- Reduce floodfill redundancy
2013-10-17 zzz
* I2CP: Move SSL client socket code to util,
move cert location to certificates/i2cp.
* I2PTunnel: Support SSL for connection to local server
for Standard, HTTP, and IRC server tunnels.
Put server cert in certificates/i2ptunnel if necessary.
* Streaming: Throw IOE if socket is closed (ticket #1077)
2013-10-14 kytv
* French translation updates from Transifex
2013-10-14 zzz
* Translations: Move country names to a new resource bundle
2013-10-13 zzz
Prop from branch i2p.i2p.zzz.test2:
* Console:
- Implement webapp state detection and stop button for webapps
on /configclients (Ticket #1025)
- Set per-connector acceptors back to 1, Jetty default changed to 2?
- Tag strings on /jobs (ticket #969)
* Data Structures:
- Make Destination and RouterIdentity keys and cert immutable
- Add Destination cache
* i2psnark:
- Combine getPeers and announce into a single method, as we must announce to
the closest from the getPeers, not the closest from the kbuckets
- Stop getPeers when nothing closer is found
- Increase DHT dest lookup, search timeouts, and max search depth
- Loop tracker client faster when in magnet mode or if DHT announce fails
- Don't return an empty peers list in DHT if we only know about the requestor
- Refactor Storage file data structures
- Sort files when creating torrents
- Add torrent auto-stop support; enable for update file
- Add tunnel auto-close when no torrents are running
- Close socket before closing output stream to avoid blocking in
Peer.disconnect(), and prevent Peer.disconnect() loop
* I2PTunnelHTTPServer: Don't thread a receiver for GET or HEAD
* Jetty 7.6.13.v20130916
* Logging:
- Require strict match of class name component
- parseLimits() cleanup
* SSU: More efficient InboundMessageState
* Streaming:
- Fix active stream counting so it doesn't count streams
that are closed and in TIME-WAIT state. Also, break out of the
counting loop as soon as we know the answer. (Ticket #1039)
- Consolidate scheduling of DisconnectEvent, and ensure
we only do it once. (Ticket #1041)
- Atomics for close/reset send/receive
so we only do things once. (Ticket #1041)
- Remove setCloseReceivedOn(), unused outside Connection
- OR the isFlagSet parameter instead of multiple calls
- Remove acked packets from _outboundPackets inside synced iterator
- Short-circuit _outboundPackets iterator if empty
- Small optimization if not logging in ConnectionPacketHandler
- Stub out processing of close ack (ticket #1042)
- Don't queue a message for an unknown connection on the SYN queue
if it has a send ID set, it must be for a recently closed connection
- Major rework of connection disconnect process. Tickets 1040-1042.
- Prevent multiple calls or reentrancy in disconnect() (ticket #1041)
- Implement processing of close to skip TIME-WAIT, and
wait for all packets to be acked (not just the CLOSE) before
doing so, if possible (ticket #1042)
- Don't call disconnect() or disconnectComplete() from I2PSocketFull.destroy()
so retransmissions and acks can still happen (removes some close loops)
- Don't call disconnect() until we have both sent and received a CLOSE (ticket #1040)
- Don't reset the connection from CPH just because we sent a CLOSE
and it was acked (ticket #1040)
- Ack packets even if we sent a CLOSE (ticket #1040)
- Retransmit CLOSE if not acked (ticket #1040)
- Send received packets to the MessageInputStream even if we haven't received a SYN
- Don't call MessageInputStream.messageReceived() for ack-only packets, that was pointless
- Don't send a RESET after timeout of an outbound connection
- Work around bugs on other end by limiting retransmission of CLOSE packets
- Make I2PSocketFull.close() nonblocking; it will now cause any user-side
writes blocked in I/O (Connection.packetSendChoke()) to throw
an exception (tickets #629, #1041)
- Don't ignore InterruptedExceptions; throw InterruptedIOException
- MessageInputStream locking fixes
- Make _isInbound final
- More cleanups, javadocs, log tweaks
* Transport: Treat more IPs as local
- 25/8 Hamachi (moved from 5/8 Nov. 2012)
- 2620:9b::/32 Hamachi
- 3ffc::/16 6bone
- 2001:db8::/32 example (RFC 3849)
- 0::/8 Includes IPv4 compatibility addresses ::xxxx:xxxx
* Update:
- Support notification of updates that cannot be downloaded
due to "constraints". Add constraint checks for java version,
router version, configuration, and base permissions. (ticket #1024)
- Thread news fetcher so it doesn't clog the scheduler
* Watchdog: Format messages better
2013-10-06 zzz
Prop from branch i2p.i2p.zzz.ecdsa:
* Build:
- Generate su3 file in release target
- Add zzz's new RSA 4096 pubkey cert for updates
- Fix checkcerts.sh
* Console: Move advanced setting to HelperBase
* DSAEngine changes:
- Implement raw sign/verify for other SigTypes
- Add sign/verify methods using Java keys
* ECDSA Support:
- Add ECConstants which looks for named curves and falls back to
explicitly defining the curves
- Add support for ECDSA to SigType, DSAEngine and KeyGenerator
- Attempt to add BC as a Provider
- genSpec: fallback to BC provider
* EepGet:
- Fix non-proxied PartialEepGet
- Prevent non-proxied eepget for an I2P host
* KeyGenerator changes:
- Generate key pairs for all supported SigTypes
- KeyPairGen: Catch ProviderException, fallback to BC provider
- Add KeyGenerator main() tests
* KeyRing and DirKeyRing added: simple backend for storing X.509 certs
* KeyStoreUtil added:
- Consolidate KeyStore code from SSLEepGet, I2CPSSLSocketFactory,
SSLClientListenerRunner, and RouterConsoleRunner into new
KeyStoreUtil and CertUtil classes in net.i2p.crypto (ticket #744)
- Change default to RSA 2048 (ticket #1017)
- Set file modes on written keys
- Overwrite check in createKeys()
- New getCert(), getKey()
- Extend keygen max wait
- Read back private key to verify after keygen
- Validate cert after reading from file
- Validate CN in cert
- Specify cert signature algorithm when generating keys
* NativeBigInteger: Tweak to prevent early context instantiation
* RSA support added: constants, parameters, sig types, support in DSAEngine, KeyGenerator, SigUtil
* SHA1Hash: Add no-arg constructor
* SigType changes:
- Add parameters (curve specs) to SigTypes
- Add getHashInstance()
- Add RSA, fix ECDSA
- Renumber, rename, comment out types that are too short.
* SigUtil added:
- Converters from Java formats (ASN.1, X.509, PKCS#8)
to I2P formats for Signatures and SigningKeys
- Move ASN.1 converter from DSAEngine to SigUtil, generalize
for variable length, add support for longer sequences,
add more sanity checks, add more exceptions
- Move I2P-to-Java DSA key conversion from DSAEngine to SigUtil
- Add Java-to-I2P DSA key conversion
- Add Java key import
- New split() and combine() methods
* SSLEepGet: Move all certificates to certificates/ssl, in preparation
for other certificate uses by SU3File
* SU3File changes:
- Support all SigTypes
- Implement keygen
- Readahead to get sigtype on verify, as we need the hash type
- Enum for content type
- Add unknown content type, make default
- Fix NPE if private key not found or sign fails
- Store generated keys in keystore, and get private key from keystore
for signing, in Java format
- Use Java keys to sign and verify so we don't
lose the key parameters in the conversion to I2P keys
- Type checking of Java private key vs. type when signing
- Use certs instead of public keys for verification
- Fix arg processing
- Improve validate-without-extract
- New extract command
- Change static fields to avoid early context init
- Reduce PRNG buffer size for faster signing
* Update: Preliminary work for su3 router updates:
- New ROUTER_SIGNED_SU3 UpdateType
- Add support for torrent and HTTP
- Refactor UpdateRunners to return actual UpdateType
- Deal with signed/su3 conflicts
- Verify and extract su3 files.
- Stub out support for clearnet su3 updating
- New config for proxying news, separate from proxying update
- PartialEepGet and SSLEepGet tweaks to support clearnet update
- Remove proxy, key, and url config from /configupdate
- More URI checks in UpdateRunner
- Add https support for news fetch
- Add su3 mime type
- Reset found version in update loop so we don't fetch from
the next host too.
- Prevent NPE on version after SSL fetch
* 2013-10-02 0.9.8.1 released