aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/channeltls.h2
-rw-r--r--src/or/circuitlist.c59
-rw-r--r--src/or/circuitlist.h2
-rw-r--r--src/or/circuitstats.c20
-rw-r--r--src/or/circuituse.c18
-rw-r--r--src/or/or.h12
-rw-r--r--src/or/relay.c1
-rw-r--r--src/or/rephist.c26
-rw-r--r--src/or/rephist.h10
9 files changed, 123 insertions, 27 deletions
diff --git a/src/or/channeltls.h b/src/or/channeltls.h
index 8b5863a461..463f7d928c 100644
--- a/src/or/channeltls.h
+++ b/src/or/channeltls.h
@@ -12,6 +12,8 @@
#include "or.h"
#include "channel.h"
+#define TLS_PER_CELL_OVERHEAD 29
+
#define BASE_CHAN_TO_TLS(c) (channel_tls_from_base((c)))
#define TLS_CHAN_TO_BASE(c) (channel_tls_to_base((c)))
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 977afca18d..8cfdd3bb94 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -12,6 +12,7 @@
#define CIRCUITLIST_PRIVATE
#include "or.h"
#include "channel.h"
+#include "channeltls.h"
#include "circpathbias.h"
#include "circuitbuild.h"
#include "circuitlist.h"
@@ -1680,6 +1681,61 @@ circuit_mark_all_dirty_circs_as_unusable(void)
SMARTLIST_FOREACH_END(circ);
}
+/**
+ * Report any queued cells on or_circuits as written in our bandwidth
+ * totals, for the specified channel direction.
+ *
+ * When we close a circuit or clear its cell queues, we've read
+ * data and recorded those bytes in our read statistics, but we're
+ * not going to write it. This discrepancy can be used by an adversary
+ * to infer information from our public relay statistics and perform
+ * attacks such as guard discovery.
+ *
+ * This function is in the critical path of circuit_mark_for_close().
+ * It must be (and is) O(1)!
+ *
+ * See https://trac.torproject.org/projects/tor/ticket/23512.
+ */
+void
+circuit_synchronize_written_or_bandwidth(const circuit_t *c,
+ circuit_channel_direction_t dir)
+{
+ uint64_t cells;
+ uint64_t cell_size;
+ uint64_t written_sync;
+ const channel_t *chan = NULL;
+ const or_circuit_t *or_circ;
+
+ if (!CIRCUIT_IS_ORCIRC(c))
+ return;
+
+ or_circ = CONST_TO_OR_CIRCUIT(c);
+
+ if (dir == CIRCUIT_N_CHAN) {
+ chan = c->n_chan;
+ cells = c->n_chan_cells.n;
+ } else {
+ chan = or_circ->p_chan;
+ cells = or_circ->p_chan_cells.n;
+ }
+
+ /* If we still know the chan, determine real cell size. Otherwise,
+ * assume it's a wide circid channel */
+ if (chan)
+ cell_size = get_cell_network_size(chan->wide_circ_ids);
+ else
+ cell_size = CELL_MAX_NETWORK_SIZE;
+
+ /* The missing written bytes are the cell counts times their cell
+ * size plus TLS per cell overhead */
+ written_sync = cells*(cell_size+TLS_PER_CELL_OVERHEAD);
+
+ /* Report the missing bytes as written, to avoid asymmetry.
+ * We must use time() for consistency with rephist, even though on
+ * some very old rare platforms, approx_time() may be faster. */
+ rep_hist_note_bytes_written(written_sync, time(NULL));
+}
+
/** Mark <b>circ</b> to be closed next time we call
* circuit_close_all_marked(). Do any cleanup needed:
* - If state is onionskin_pending, remove circ from the onion_pending
@@ -1732,6 +1788,9 @@ circuit_mark_for_close_, (circuit_t *circ, int reason, int line,
reason = END_CIRC_REASON_NONE;
}
+ circuit_synchronize_written_or_bandwidth(circ, CIRCUIT_N_CHAN);
+ circuit_synchronize_written_or_bandwidth(circ, CIRCUIT_P_CHAN);
+
if (reason & END_CIRC_REASON_FLAG_REMOTE)
reason &= ~END_CIRC_REASON_FLAG_REMOTE;
diff --git a/src/or/circuitlist.h b/src/or/circuitlist.h
index 2707b426ab..2ede6f76cd 100644
--- a/src/or/circuitlist.h
+++ b/src/or/circuitlist.h
@@ -62,6 +62,8 @@ crypt_path_t *circuit_get_cpath_hop(origin_circuit_t *circ, int hopnum);
void circuit_get_all_pending_on_channel(smartlist_t *out,
channel_t *chan);
int circuit_count_pending_on_channel(channel_t *chan);
+void circuit_synchronize_written_or_bandwidth(const circuit_t *c,
+ circuit_channel_direction_t dir);
#define circuit_mark_for_close(c, reason) \
circuit_mark_for_close_((c), (reason), __LINE__, SHORT_FILE__)
diff --git a/src/or/circuitstats.c b/src/or/circuitstats.c
index 418acc0024..735b3f0fc2 100644
--- a/src/or/circuitstats.c
+++ b/src/or/circuitstats.c
@@ -753,11 +753,23 @@ circuit_build_times_get_xm(circuit_build_times_t *cbt)
histogram[nth_max_bin[n]]);
}
- /* The following assert is safe, because we don't get called when we
- * haven't observed at least CBT_MIN_MIN_CIRCUITS_TO_OBSERVE circuits. */
+ /* bin_counts can become zero if all of our last CBT_NCIRCUITS_TO_OBSERVE
+ * circuits were abandoned before they completed. This shouldn't happen,
+ * though. We should have reset/re-learned a lower timeout first. */
+ if (bin_counts == 0) {
+ ret = 0;
+ log_warn(LD_CIRC,
+ "No valid circuit build time data out of %d times, %u modes, "
+ "have_timeout=%d, %lfms", cbt->total_build_times, num_modes,
+ cbt->have_computed_timeout, cbt->timeout_ms);
+ goto done;
+ }
+
tor_assert(bin_counts > 0);
ret /= bin_counts;
+
+ done:
tor_free(histogram);
tor_free(nth_max_bin);
@@ -1043,6 +1055,10 @@ circuit_build_times_update_alpha(circuit_build_times_t *cbt)
* and less frechet-like. */
cbt->Xm = circuit_build_times_get_xm(cbt);
+ /* If Xm came back 0, then too many circuits were abandoned. */
+ if (cbt->Xm == 0)
+ return 0;
+
tor_assert(cbt->Xm > 0);
for (i=0; i< CBT_NCIRCUITS_TO_OBSERVE; i++) {
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 96cd3cd7e8..eaf16ecbff 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -494,8 +494,7 @@ circuit_expire_building(void)
cutoff = begindir_cutoff;
else if (victim->purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT)
cutoff = close_cutoff;
- else if (victim->purpose == CIRCUIT_PURPOSE_C_INTRODUCING ||
- victim->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT)
+ else if (victim->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT)
cutoff = c_intro_cutoff;
else if (victim->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)
cutoff = s_intro_cutoff;
@@ -614,12 +613,13 @@ circuit_expire_building(void)
TO_ORIGIN_CIRCUIT(victim)->path_state = PATH_STATE_USE_FAILED;
break;
case CIRCUIT_PURPOSE_C_INTRODUCING:
- /* We keep old introducing circuits around for
- * a while in parallel, and they can end up "opened".
- * We decide below if we're going to mark them timed
- * out and eventually close them.
- */
- break;
+ /* That purpose means that the intro point circuit has been opened
+ * succesfully but the INTRODUCE1 cell hasn't been sent yet because
+ * the client is waiting for the rendezvous point circuit to open.
+ * Keep this circuit open while waiting for the rendezvous circuit.
+ * We let the circuit idle timeout take care of cleaning this
+ * circuit if it never used. */
+ continue;
case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
@@ -713,8 +713,6 @@ circuit_expire_building(void)
NULL)
break;
/* fallthrough! */
- case CIRCUIT_PURPOSE_C_INTRODUCING:
- /* connection_ap_handshake_attach_circuit() will relaunch for us */
case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
/* If we have reached this line, we want to spare the circ for now. */
diff --git a/src/or/or.h b/src/or/or.h
index 024a9cff0f..9f53c80644 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2840,6 +2840,18 @@ typedef struct testing_cell_stats_entry_t {
} testing_cell_stats_entry_t;
/**
+ * An enum to allow us to specify which channel in a circuit
+ * we're interested in.
+ *
+ * This is needed because our data structures and other fields
+ * for channel delivery are disassociated from the channel.
+ */
+typedef enum {
+ CIRCUIT_N_CHAN = 0,
+ CIRCUIT_P_CHAN = 1
+} circuit_channel_direction_t;
+
+/**
* A circuit is a path over the onion routing
* network. Applications can connect to one end of the circuit, and can
* create exit connections at the other end of the circuit. AP and exit
diff --git a/src/or/relay.c b/src/or/relay.c
index 1c791e02cc..d1c7820c7c 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1682,6 +1682,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
}
if (circ->n_chan) {
uint8_t trunc_reason = get_uint8(cell->payload + RELAY_HEADER_SIZE);
+ circuit_synchronize_written_or_bandwidth(circ, CIRCUIT_N_CHAN);
circuit_clear_cell_queue(circ, circ->n_chan);
channel_send_destroy(circ->n_circ_id, circ->n_chan,
trunc_reason);
diff --git a/src/or/rephist.c b/src/or/rephist.c
index 2844c4d74e..dc86fad1d0 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -88,6 +88,11 @@
static void bw_arrays_init(void);
static void predicted_ports_init(void);
+typedef struct bw_array_t bw_array_t;
+STATIC uint64_t find_largest_max(bw_array_t *b);
+STATIC void commit_max(bw_array_t *b);
+STATIC void advance_obs(bw_array_t *b);
+
/** Total number of bytes currently allocated in fields used by rephist.c. */
uint64_t rephist_total_alloc=0;
/** Number of or_history_t objects currently allocated. */
@@ -1206,7 +1211,7 @@ rep_hist_load_mtbf_data(time_t now)
/** Structure to track bandwidth use, and remember the maxima for a given
* time period.
*/
-typedef struct bw_array_t {
+struct bw_array_t {
/** Observation array: Total number of bytes transferred in each of the last
* NUM_SECS_ROLLING_MEASURE seconds. This is used as a circular array. */
uint64_t obs[NUM_SECS_ROLLING_MEASURE];
@@ -1233,10 +1238,10 @@ typedef struct bw_array_t {
/** Circular array of the total bandwidth usage for the last NUM_TOTALS
* periods */
uint64_t totals[NUM_TOTALS];
-} bw_array_t;
+};
/** Shift the current period of b forward by one. */
-static void
+STATIC void
commit_max(bw_array_t *b)
{
/* Store total from current period. */
@@ -1256,7 +1261,7 @@ commit_max(bw_array_t *b)
}
/** Shift the current observation time of <b>b</b> forward by one second. */
-static inline void
+STATIC void
advance_obs(bw_array_t *b)
{
int nextidx;
@@ -1331,7 +1336,7 @@ bw_array_free(bw_array_t *b)
/** Recent history of bandwidth observations for read operations. */
static bw_array_t *read_array = NULL;
/** Recent history of bandwidth observations for write operations. */
-static bw_array_t *write_array = NULL;
+STATIC bw_array_t *write_array = NULL;
/** Recent history of bandwidth observations for read operations for the
directory protocol. */
static bw_array_t *dir_read_array = NULL;
@@ -1363,7 +1368,7 @@ bw_arrays_init(void)
* earlier than the latest <b>when</b> you've heard of.
*/
void
-rep_hist_note_bytes_written(size_t num_bytes, time_t when)
+rep_hist_note_bytes_written(uint64_t num_bytes, time_t when)
{
/* Maybe a circular array for recent seconds, and step to a new point
* every time a new second shows up. Or simpler is to just to have
@@ -1380,7 +1385,7 @@ rep_hist_note_bytes_written(size_t num_bytes, time_t when)
* (like rep_hist_note_bytes_written() above)
*/
void
-rep_hist_note_bytes_read(size_t num_bytes, time_t when)
+rep_hist_note_bytes_read(uint64_t num_bytes, time_t when)
{
/* if we're smart, we can make this func and the one above share code */
add_obs(read_array, when, num_bytes);
@@ -1390,7 +1395,7 @@ rep_hist_note_bytes_read(size_t num_bytes, time_t when)
* <b>when</b>. (like rep_hist_note_bytes_written() above)
*/
void
-rep_hist_note_dir_bytes_written(size_t num_bytes, time_t when)
+rep_hist_note_dir_bytes_written(uint64_t num_bytes, time_t when)
{
add_obs(dir_write_array, when, num_bytes);
}
@@ -1399,7 +1404,7 @@ rep_hist_note_dir_bytes_written(size_t num_bytes, time_t when)
* <b>when</b>. (like rep_hist_note_bytes_written() above)
*/
void
-rep_hist_note_dir_bytes_read(size_t num_bytes, time_t when)
+rep_hist_note_dir_bytes_read(uint64_t num_bytes, time_t when)
{
add_obs(dir_read_array, when, num_bytes);
}
@@ -1408,7 +1413,7 @@ rep_hist_note_dir_bytes_read(size_t num_bytes, time_t when)
* most bandwidth used in any NUM_SECS_ROLLING_MEASURE period for the last
* NUM_SECS_BW_SUM_IS_VALID seconds.)
*/
-static uint64_t
+STATIC uint64_t
find_largest_max(bw_array_t *b)
{
int i;
@@ -3292,4 +3297,3 @@ rep_hist_free_all(void)
tor_assert_nonfatal(rephist_total_alloc == 0);
tor_assert_nonfatal_once(rephist_total_num == 0);
}
-
diff --git a/src/or/rephist.h b/src/or/rephist.h
index 6d35ac67f6..c464b34f7c 100644
--- a/src/or/rephist.h
+++ b/src/or/rephist.h
@@ -21,13 +21,13 @@ void rep_hist_note_extend_succeeded(const char *from_name,
const char *to_name);
void rep_hist_note_extend_failed(const char *from_name, const char *to_name);
void rep_hist_dump_stats(time_t now, int severity);
-void rep_hist_note_bytes_read(size_t num_bytes, time_t when);
-void rep_hist_note_bytes_written(size_t num_bytes, time_t when);
+void rep_hist_note_bytes_read(uint64_t num_bytes, time_t when);
+void rep_hist_note_bytes_written(uint64_t num_bytes, time_t when);
void rep_hist_make_router_pessimal(const char *id, time_t when);
-void rep_hist_note_dir_bytes_read(size_t num_bytes, time_t when);
-void rep_hist_note_dir_bytes_written(size_t num_bytes, time_t when);
+void rep_hist_note_dir_bytes_read(uint64_t num_bytes, time_t when);
+void rep_hist_note_dir_bytes_written(uint64_t num_bytes, time_t when);
MOCK_DECL(int, rep_hist_bandwidth_assess, (void));
char *rep_hist_get_bandwidth_lines(void);
@@ -117,6 +117,8 @@ extern uint32_t rephist_total_num;
#ifdef TOR_UNIT_TESTS
extern int onion_handshakes_requested[MAX_ONION_HANDSHAKE_TYPE+1];
extern int onion_handshakes_assigned[MAX_ONION_HANDSHAKE_TYPE+1];
+typedef struct bw_array_t bw_array_t;
+extern bw_array_t *write_array;
#endif
#endif