Skip to content

Latest commit



136 lines (119 loc) · 5.97 KB

File metadata and controls

136 lines (119 loc) · 5.97 KB



  • Add an expiration date to topo files? -> BRs, CS, DSs may change! -> Should we use the TTL of the DNS NAPTR record?



  • Allow disabling local address resolution in DNS to local-IA. Resolving 127.0.0.x to localIA is fine for many purposes, but it can be confusing when testing a local mock-network (tiny, minimal, ...)
  • SCMP errors handling (above)
    • Especially for type ¨5: External Interface Down" and "6: Internal Connectivity Down" Problem: we need to receive() or read() to actually receive SCMP errors. We could do this concurrently (actually, this would probably block writes), or we do this only if the user calls read/receive. We can then store the failure info (path + AS/IP/IF of failure location). During next send/write, we compare the path against this failure and try to find a better one. If no better path is found we can just drop the packet (default; consistent with UDP behavior) or throw an error. Also: The list of broken paths should be cleaned up once the path is expired (or earlier?).
  • SCION-Proto questions:
    • FIX: Ask why requesting an UP segment effectively returns a DOWN segment (it needs to be reversed + the SegID needs to be XORed)
    • Why are Java pings 8 bytes shorter than scionproto pings? -> local AS
  • Segments:
    • Sorting by weight (see graph.go:195)
    • Consider peering
    • Look at newDMG (graph.go:89)
    • Order by expiration date? (netip.go:41)
  • Selector support
  • Consider subclassing DatagramChannel directly.
  • DISPATCHER migration:
    • Daemon supposedly provides information about dispatcher. Double check updated proto files
    • Parse topofiles with port range information -> indicates DISPATCHER presence
  • Consider SHIM support. SHIM is a compatibility component that supports old border-router software (requiring a fixed port on the client, unless the client is listening on this very port). When SHIM is used, we cannot get the return address (server mode) from the received packet because we receive it from the SHIM i.o. the BR. Fix: Either have server use daemon of topofile to find first hop, OR extend SHIM to accept and forward packets to the correct BR.
  • AS switching: handle localIsdAs code per Interface or IP
  • Path expiry: request new path asynchronously when old path is close to expiry Reconsider handling of expired path on server side. Try requesting a new path? Throw exception? Callback?
  • DNS with other options, see book p328ff, Section 13.2.3
  • UDP checksum validation + creation
  • SCMP checksum validation + creation
  • Fuzzing -> e.g. validate()
  • remove "internals" package?
  • For stand-alone path query, we should cache localAS->localCore paths.
  • For stand-alone, fill meta/proto properly
  • Consider removing DEFAULT ScionService?
  • Make ScionService AutoCloseable? -> Avoid separate CloseableService class and it's usage in try().
  • Convenience: Implement Transparent service that tries SCION and, if not available, returns a normal Java UDP DatagramChannel? Which Interface?
  • Transparent fallback to plain IP if target is in same AS?
  • https for topology server?
  • Secure DNS requests?
  • Make multi-module project for demos & inspector (also channel vs socket?) -> see JDO for releasing only some modules for a release.
  • Support authentication for control servers


  • Truncate PROTO files?
  • TEST concurrent path/as/DNS lookup
  • TEST concurrent use of single channel.
  • IMPORTANT: In non-blocking mode, the channel should probably block if it received a partial Scion-header? Or not? This would be an attack, send a partial header would block the receiver.... We could just buffer a partial header until it is complete...


  • Remove methods that are not required anymore:
    • configureRemoteDispatcher()


After that

  • Integrate with bazel -> Simplifies integration of go testing topology.
  • SECURITY: contains a lot of Security checks (see also class javadoc). Do weed need these? Isn't this handled by the underlying DatagramChannel? Isn't this deprecated in Java 17? -> Simply declare that we only support JDK 17+ for this reason?

General TODO


  • Use puppycrawl checkstyle plugin
    • to verify style in CI
    • for auto formatting in IntelliJ (if possible). How about other IDEs, e.g. MS code?
  • Change line length to 120


  • Fuzz test
  • Large packets that require Splitting
  • Interleaved response on server, e.g. Receive from A, Receive from B, send to B, send to A (see also NIO)
  • Test MTU exceed with proper network
  • Test SCMP handling, see Design.
  • Test general: Test that me make a minimum of gRPC calls, e.g. to get path from daemon

Reconsider tooling

  • Documentation
    • There seems to be no documentation specifying the latency unit. [ms]?
  • Daemon.proto
    • Expiration is a 96bit Timestamp, optimize?
    • Latencies are 96bit Durations, optimize?