aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/config.c11
-rw-r--r--src/or/connection.c10
-rw-r--r--src/or/connection_edge.c2
-rw-r--r--src/or/or.h14
-rw-r--r--src/or/rephist.c170
5 files changed, 205 insertions, 2 deletions
diff --git a/src/or/config.c b/src/or/config.c
index 6ad1c3a9ba..f1fea13e58 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -205,6 +205,7 @@ static config_var_t _option_vars[] = {
V(ExitNodes, ROUTERSET, NULL),
V(ExitPolicy, LINELIST, NULL),
V(ExitPolicyRejectPrivate, BOOL, "1"),
+ V(ExitPortStatistics, BOOL, "0"),
V(FallbackNetworkstatusFile, FILENAME,
SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
V(FascistFirewall, BOOL, "0"),
@@ -1384,6 +1385,16 @@ options_act(or_options_t *old_options)
"write aggregate statistics to disk. Check the geoip-stats file "
"in your data directory once I've been running for 24 hours.");
#endif
+#ifdef ENABLE_EXIT_STATS
+ if (options->ExitPortStatistics)
+ log_notice(LD_CONFIG, "Configured to measure exit port statistics. "
+ "Look for the exit-stats file that will first be written to "
+ "the data directory in 24 hours from now.");
+#else
+ if (options->ExitPortStatistics)
+ log_warn(LD_CONFIG, "ExitPortStatistics enabled, but Tor was built "
+ "without port statistics support.");
+#endif
/* Check if we need to parse and add the EntryNodes config option. */
if (options->EntryNodes &&
(!old_options ||
diff --git a/src/or/connection.c b/src/or/connection.c
index c8406fee3f..0897eb4a5e 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1702,10 +1702,16 @@ connection_buckets_decrement(connection_t *conn, time_t now,
tor_fragile_assert();
}
- if (num_read > 0)
+ if (num_read > 0) {
+ if (conn->type == CONN_TYPE_EXIT)
+ rep_hist_note_exit_bytes_read(conn->port, num_read, now);
rep_hist_note_bytes_read(num_read, now);
- if (num_written > 0)
+ }
+ if (num_written > 0) {
+ if (conn->type == CONN_TYPE_EXIT)
+ rep_hist_note_exit_bytes_written(conn->port, num_written, now);
rep_hist_note_bytes_written(num_written, now);
+ }
if (connection_counts_as_relayed_traffic(conn, now)) {
global_relayed_read_bucket -= (int)num_read;
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 3cd00e2828..dd44190c71 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -333,6 +333,8 @@ connection_edge_finished_connecting(edge_connection_t *edge_conn)
escaped_safe_str(conn->address),conn->port,
safe_str(fmt_addr(&conn->addr)));
+ rep_hist_note_exit_stream_opened(conn->port, approx_time());
+
conn->state = EXIT_CONN_STATE_OPEN;
connection_watch_events(conn, READ_EVENT); /* stop writing, keep reading */
if (connection_wants_to_flush(conn)) /* in case there are any queued relay
diff --git a/src/or/or.h b/src/or/or.h
index 091264a4ef..935ea523df 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2475,6 +2475,9 @@ typedef struct {
* exit allows it, we use it. */
int AllowSingleHopCircuits;
+ /** If true, the user wants us to collect statistics on port usage. */
+ int ExitPortStatistics;
+
/** If true, do not believe anybody who tells us that a domain resolves
* to an internal address, or that an internal address has a PTR mapping.
* Helps avoid some cross-site attacks. */
@@ -3961,6 +3964,17 @@ void rep_hist_note_extend_failed(const char *from_name, const char *to_name);
void rep_hist_dump_stats(time_t now, int severity);
void rep_hist_note_bytes_read(size_t num_bytes, time_t when);
void rep_hist_note_bytes_written(size_t num_bytes, time_t when);
+#ifdef ENABLE_EXIT_STATS
+void rep_hist_note_exit_bytes_read(uint16_t port, size_t num_bytes,
+ time_t now);
+void rep_hist_note_exit_bytes_written(uint16_t port, size_t num_bytes,
+ time_t now);
+void rep_hist_note_exit_stream_opened(uint16_t port, time_t now);
+#else
+#define rep_hist_note_exit_bytes_read(p,n,t) STMT_NIL
+#define rep_hist_note_exit_bytes_written(p,n,t) STMT_NIL
+#define rep_hist_note_exit_stream_opened(p,t) STMT_NIL
+#endif
int rep_hist_bandwidth_assess(void);
char *rep_hist_get_bandwidth_lines(int for_extrainfo);
void rep_hist_update_state(or_state_t *state);
diff --git a/src/or/rephist.c b/src/or/rephist.c
index 13fdb58b5e..f1f502cad2 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -1320,6 +1320,176 @@ rep_hist_note_bytes_read(size_t num_bytes, time_t when)
add_obs(read_array, when, num_bytes);
}
+#ifdef ENABLE_EXIT_STATS
+/* Some constants */
+/** How long are the intervals for measuring exit stats? */
+#define EXIT_STATS_INTERVAL_SEC (24 * 60 * 60)
+/** To what multiple should byte numbers be rounded up? */
+#define EXIT_STATS_ROUND_UP_BYTES 1024
+/** To what multiple should stream counts be rounded up? */
+#define EXIT_STATS_ROUND_UP_STREAMS 4
+/** Number of TCP ports */
+#define EXIT_STATS_NUM_PORTS 65536
+
+/* The following data structures are arrays and no fancy smartlists or maps,
+ * so that all write operations can be done in constant time. This comes at
+ * the price of some memory (1.25 MB) and linear complexity when writing
+ * stats. */
+/** Number of bytes read in current period by exit port */
+static uint64_t exit_bytes_read[EXIT_STATS_NUM_PORTS];
+/** Number of bytes written in current period by exit port */
+static uint64_t exit_bytes_written[EXIT_STATS_NUM_PORTS];
+/** Number of streams opened in current period by exit port */
+static uint32_t exit_streams[EXIT_STATS_NUM_PORTS];
+
+/** When does the current exit stats period end? */
+static time_t end_of_current_exit_stats_period = 0;
+
+/** Write exit stats for the current period to disk and reset counters. */
+static void
+write_exit_stats(time_t when)
+{
+ char t[ISO_TIME_LEN+1];
+ int r, i, comma;
+ uint64_t *b;
+
+ char *filename = get_datadir_fname("exit-stats");
+ open_file_t *open_file = NULL;
+ FILE *out = NULL;
+
+ log_debug(LD_HIST, "Considering writing exit port statistics to disk..");
+ while (when > end_of_current_exit_stats_period) {
+ format_iso_time(t, end_of_current_exit_stats_period);
+ log_info(LD_HIST, "Writing exit port statistics to disk for period "
+ "ending at %s.", t);
+
+ if (!open_file) {
+ out = start_writing_to_stdio_file(filename, OPEN_FLAGS_APPEND,
+ 0600, &open_file);
+ if (!out) {
+ log_warn(LD_HIST, "Couldn't open '%s'.", filename);
+ goto done;
+ }
+ }
+
+ /* written yyyy-mm-dd HH:MM:SS (n s) */
+ if (fprintf(out, "written %s (%d s)\n", t, EXIT_STATS_INTERVAL_SEC) < 0)
+ goto done;
+
+ /* kibibytes-(read|written) port=kibibytes,.. */
+ for (r = 0; r < 2; r++) {
+ b = r ? exit_bytes_read : exit_bytes_written;
+ tor_assert(b);
+ if (fprintf(out, "%s ",
+ r == 0 ? "kibibytes-read" : "kibibytes-written")<0)
+ goto done;
+
+ comma = 0;
+ for (i = 1; i < EXIT_STATS_NUM_PORTS; i++) {
+ if (b[i] > 0) {
+ uint64_t num = b[i];
+ num += EXIT_STATS_ROUND_UP_BYTES - 1;
+ num /= EXIT_STATS_ROUND_UP_BYTES;
+ num *= EXIT_STATS_ROUND_UP_BYTES;
+ num /= 1024;
+ if (fprintf(out, "%s%d="U64_FORMAT,
+ comma++ ? "," : "", i,
+ U64_PRINTF_ARG(num)) < 0)
+ goto done;
+ }
+ }
+ if (fprintf(out, "\n")<0)
+ goto done;
+ /* Reset counters */
+ memset(b, 0, EXIT_STATS_NUM_PORTS*sizeof(uint64_t));
+ }
+ /* streams-opened port=num,.. */
+ if (fprintf(out, "streams-opened ")<0)
+ goto done;
+ comma = 0;
+ for (i = 1; i < EXIT_STATS_NUM_PORTS; i++) {
+ if (exit_streams[i] > 0) {
+ uint32_t num = exit_streams[i];
+ num += EXIT_STATS_ROUND_UP_STREAMS - 1;
+ num /= EXIT_STATS_ROUND_UP_STREAMS;
+ num *= EXIT_STATS_ROUND_UP_STREAMS;
+ if (fprintf(out, "%s%d=%d",
+ comma++ ? "," : "", i, num)<0)
+ goto done;
+ }
+ }
+ if (fprintf(out, "\n")<0)
+ goto done;
+ /* Reset counters */
+ memset(exit_streams, 0, sizeof(exit_streams));
+ end_of_current_exit_stats_period += EXIT_STATS_INTERVAL_SEC;
+ }
+
+ if (open_file)
+ finish_writing_to_file(open_file);
+ open_file = NULL;
+ done:
+ if (open_file)
+ abort_writing_to_file(open_file);
+ tor_free(filename);
+}
+
+/** Prepare to add an exit stats observation at second <b>when</b> by
+ * checking whether this observation lies in the current observation
+ * period; if not, shift the current period forward by one until the
+ * reported event fits it and write all results in between to disk. */
+static void
+add_exit_obs(time_t when)
+{
+ if (when > end_of_current_exit_stats_period) {
+ if (end_of_current_exit_stats_period)
+ write_exit_stats(when);
+ else
+ end_of_current_exit_stats_period = when + EXIT_STATS_INTERVAL_SEC;
+ }
+}
+
+/** Note that we wrote <b>num_bytes</b> to an exit connection to
+ * <b>port</b> in second <b>when</b>. */
+void
+rep_hist_note_exit_bytes_written(uint16_t port, size_t num_bytes,
+ time_t when)
+{
+ if (!get_options()->ExitPortStatistics)
+ return;
+ add_exit_obs(when);
+ exit_bytes_written[port] += num_bytes;
+ log_debug(LD_HIST, "Written %lu bytes to exit connection to port %d.",
+ (unsigned long)num_bytes, port);
+}
+
+/** Note that we read <b>num_bytes</b> from an exit connection to
+ * <b>port</b> in second <b>when</b>. */
+void
+rep_hist_note_exit_bytes_read(uint16_t port, size_t num_bytes,
+ time_t when)
+{
+ if (!get_options()->ExitPortStatistics)
+ return;
+ add_exit_obs(when);
+ exit_bytes_read[port] += num_bytes;
+ log_debug(LD_HIST, "Read %lu bytes from exit connection to port %d.",
+ (unsigned long)num_bytes, port);
+}
+
+/** Note that we opened an exit stream to <b>port</b> in second
+ * <b>when</b>. */
+void
+rep_hist_note_exit_stream_opened(uint16_t port, time_t when)
+{
+ if (!get_options()->ExitPortStatistics)
+ return;
+ add_exit_obs(when);
+ exit_streams[port]++;
+ log_debug(LD_HIST, "Opened exit stream to port %d", port);
+}
+#endif
+
/** Helper: Return the largest value in b->maxima. (This is equal to the
* most bandwidth used in any NUM_SECS_ROLLING_MEASURE period for the last
* NUM_SECS_BW_SUM_IS_VALID seconds.)