Merge branch 'feature21622_only'

1 files changed, 48 insertions, 2 deletions

diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index eeccd4347b..82e31377cf 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -83,6 +83,7 @@ static const smartlist_t* rend_get_service_list(
                                   const smartlist_t* substitute_service_list);
 static smartlist_t* rend_get_service_list_mutable(
                                   smartlist_t* substitute_service_list);
+static int rend_max_intro_circs_per_period(unsigned int n_intro_points_wanted);
 
 /** Represents the mapping from a virtual port of a rendezvous service to
  * a real port on some IP.
@@ -1025,6 +1026,45 @@ rend_service_del_ephemeral(const char *service_id)
   return 0;
 }
 
+/* There can be 1 second's delay due to second_elapsed_callback, and perhaps
+ * another few seconds due to blocking calls. */
+#define INTRO_CIRC_RETRY_PERIOD_SLOP 10
+
+/** Log information about the intro point creation rate and current intro
+ * points for service, upgrading the log level from min_severity to warn if
+ * we have stopped launching new intro point circuits. */
+static void
+rend_log_intro_limit(const rend_service_t *service, int min_severity)
+{
+  int exceeded_limit = (service->n_intro_circuits_launched >=
+                        rend_max_intro_circs_per_period(
+                                              service->n_intro_points_wanted));
+  int severity = min_severity;
+  /* We stopped creating circuits */
+  if (exceeded_limit) {
+    severity = LOG_WARN;
+  }
+  time_t intro_period_elapsed = time(NULL) - service->intro_period_started;
+  tor_assert_nonfatal(intro_period_elapsed >= 0);
+  /* We delayed resuming circuits longer than expected */
+  int exceeded_elapsed = (intro_period_elapsed > INTRO_CIRC_RETRY_PERIOD +
+                          INTRO_CIRC_RETRY_PERIOD_SLOP);
+  if (exceeded_elapsed) {
+    severity = LOG_WARN;
+  }
+  log_fn(severity, LD_REND, "Hidden service %s %s %d intro points in the last "
+         "%d seconds%s. Intro circuit launches are limited to %d per %d "
+         "seconds.",
+         service->service_id,
+         exceeded_limit ? "exceeded launch limit with" : "launched",
+         service->n_intro_circuits_launched,
+         (int)intro_period_elapsed,
+         exceeded_elapsed ? " (delayed)" : "",
+         rend_max_intro_circs_per_period(service->n_intro_points_wanted),
+         INTRO_CIRC_RETRY_PERIOD);
+  rend_service_dump_stats(severity);
+}
+
 /** Replace the old value of <b>service</b>-\>desc with one that reflects
  * the other fields in service.
  */
@@ -1094,7 +1134,8 @@ rend_service_update_descriptor(rend_service_t *service)
            "descriptor was updated with %d instead.",
            service->service_id,
            service->n_intro_points_wanted, have_intro);
-    rend_service_dump_stats(severity);
+    /* Now log an informative message about how we might have got here. */
+    rend_log_intro_limit(service, severity);
   }
 }
 
@@ -4095,8 +4136,12 @@ rend_consider_services_intro_points(void)
 
     /* This retry period is important here so we don't stress circuit
      * creation. */
+
     if (now > service->intro_period_started + INTRO_CIRC_RETRY_PERIOD) {
-      /* One period has elapsed; we can try building circuits again. */
+      /* One period has elapsed:
+       *  - if we stopped, we can try building circuits again,
+       *  - if we haven't, we reset the circuit creation counts. */
+      rend_log_intro_limit(service, LOG_INFO);
       service->intro_period_started = now;
       service->n_intro_circuits_launched = 0;
     } else if (service->n_intro_circuits_launched >=
@@ -4104,6 +4149,7 @@ rend_consider_services_intro_points(void)
                                       service->n_intro_points_wanted)) {
       /* We have failed too many times in this period; wait for the next
        * one before we try to initiate any more connections. */
+      rend_log_intro_limit(service, LOG_WARN);
       continue;
     }