diff options
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/channel.c | 3 | ||||
-rw-r--r-- | src/or/channel.h | 6 | ||||
-rw-r--r-- | src/or/circuitbuild.c | 19 |
3 files changed, 20 insertions, 8 deletions
diff --git a/src/or/channel.c b/src/or/channel.c index 286154cb2c..63af2f91c0 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -728,6 +728,9 @@ channel_init(channel_t *chan) /* Init timestamp */ chan->timestamp_last_added_nonpadding = time(NULL); + /* Warn about exhausted circuit IDs no more than hourly. */ + chan->last_warned_circ_ids_exhausted.rate = 3600; + /* Initialize queues. */ TOR_SIMPLEQ_INIT(&chan->incoming_queue); TOR_SIMPLEQ_INIT(&chan->outgoing_queue); diff --git a/src/or/channel.h b/src/or/channel.h index de19fad9a5..bd9a02f323 100644 --- a/src/or/channel.h +++ b/src/or/channel.h @@ -149,8 +149,6 @@ struct channel_s { circ_id_type_bitfield_t circ_id_type:2; /** DOCDOC*/ unsigned wide_circ_ids:1; - /** Have we logged a warning about circID exhaustion on this channel? */ - unsigned warned_circ_ids_exhausted:1; /** For how many circuits are we n_chan? What about p_chan? */ unsigned int num_n_circuits, num_p_circuits; @@ -179,6 +177,10 @@ struct channel_s { */ unsigned int is_local:1; + /** Have we logged a warning about circID exhaustion on this channel? + * If so, when? */ + ratelim_t last_warned_circ_ids_exhausted; + /** Channel timestamps for cell channels */ time_t timestamp_client; /* Client used this, according to relay.c */ time_t timestamp_drained; /* Output queue empty */ diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 550ed1cddc..9e11a0bb1a 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -87,6 +87,12 @@ channel_connect_for_circuit(const tor_addr_t *addr, uint16_t port, static circid_t get_unique_circ_id_by_chan(channel_t *chan) { +/* This number is chosen somewhat arbitrarily; see comment below for more + * info. When the space is 80% full, it gives a one-in-a-million failure + * chance; when the space is 90% full, it gives a one-in-850 chance; and when + * the space is 95% full, it gives a one-in-26 failure chance. That seems + * okay, though you could make a case IMO for anything between N=32 and + * N=256. */ #define MAX_CIRCID_ATTEMPTS 64 int in_use; unsigned n_with_circ = 0, n_pending_destroy = 0; @@ -123,9 +129,8 @@ get_unique_circ_id_by_chan(channel_t *chan) * whole circuit ID space every time we extend a circuit, which is * not so great either. */ - if (! chan->warned_circ_ids_exhausted) { - chan->warned_circ_ids_exhausted = 1; - log_warn(LD_CIRC,"No unused circIDs found on channel %s wide " + log_fn_ratelim(&chan->last_warned_circ_ids_exhausted, LOG_WARN, + LD_CIRC,"No unused circIDs found on channel %s wide " "circID support, with %u inbound and %u outbound circuits. " "Found %u circuit IDs in use by circuits, and %u with " "pending destroy cells." @@ -133,12 +138,14 @@ get_unique_circ_id_by_chan(channel_t *chan) chan->wide_circ_ids ? "with" : "without", chan->num_p_circuits, chan->num_n_circuits, n_with_circ, n_pending_destroy); - } return 0; } - crypto_rand((char*) &test_circ_id, sizeof(test_circ_id)); - test_circ_id &= mask; + do { + crypto_rand((char*) &test_circ_id, sizeof(test_circ_id)); + test_circ_id &= mask; + } while (test_circ_id == 0); + test_circ_id |= high_bit; in_use = circuit_id_in_use_on_channel(test_circ_id, chan); |