summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/channelpadding.c148
-rw-r--r--src/or/channelpadding.h1
-rw-r--r--src/or/main.c4
-rw-r--r--src/or/networkstatus.c2
4 files changed, 104 insertions, 51 deletions
diff --git a/src/or/channelpadding.c b/src/or/channelpadding.c
index 3156051c3b..a84994afc8 100644
--- a/src/or/channelpadding.c
+++ b/src/or/channelpadding.c
@@ -29,6 +29,87 @@ STATIC int64_t channelpadding_compute_time_until_pad_for_netflow(channel_t *);
/** The total number of pending channelpadding timers */
static uint64_t total_timers_pending;
+/** These are cached consensus parameters for netflow */
+/** The timeout lower bound that is allowed before sending padding */
+static int consensus_nf_ito_low;
+/** The timeout upper bound that is allowed before sending padding */
+static int consensus_nf_ito_high;
+/** The timeout lower bound that is allowed before sending reduced padding */
+static int consensus_nf_ito_low_reduced;
+/** The timeout upper bound that is allowed before sending reduced padding */
+static int consensus_nf_ito_high_reduced;
+/** The connection timeout between relays */
+static int consensus_nf_conntimeout_relays;
+/** The connection timeout for client connections */
+static int consensus_nf_conntimeout_clients;
+/** Should we pad before circuits are actually used for client data? */
+static int consensus_nf_pad_before_usage;
+/** Should we pad relay-to-relay connections? */
+static int consensus_nf_pad_relays;
+
+/**
+ * This function is called to update cached consensus parameters every time
+ * there is a consensus update. This allows us to move the consensus param
+ * search off of the critical path, so it does not need to be evaluated
+ * for every single connection, every second.
+ */
+void
+channelpadding_new_consensus_params(networkstatus_t *ns)
+{
+#define DFLT_NETFLOW_INACTIVE_KEEPALIVE_LOW 1500
+#define DFLT_NETFLOW_INACTIVE_KEEPALIVE_HIGH 9500
+#define DFLT_NETFLOW_INACTIVE_KEEPALIVE_MIN 0
+#define DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX 60000
+ consensus_nf_ito_low = networkstatus_get_param(ns, "nf_ito_low",
+ DFLT_NETFLOW_INACTIVE_KEEPALIVE_LOW,
+ DFLT_NETFLOW_INACTIVE_KEEPALIVE_MIN,
+ DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX);
+ consensus_nf_ito_high = networkstatus_get_param(NULL, "nf_ito_high",
+ DFLT_NETFLOW_INACTIVE_KEEPALIVE_HIGH,
+ consensus_nf_ito_low,
+ DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX);
+
+#define DFLT_NETFLOW_REDUCED_KEEPALIVE_LOW 9000
+#define DFLT_NETFLOW_REDUCED_KEEPALIVE_HIGH 14000
+#define DFLT_NETFLOW_REDUCED_KEEPALIVE_MIN 0
+#define DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX 60000
+ consensus_nf_ito_low_reduced =
+ networkstatus_get_param(NULL, "nf_ito_low_reduced",
+ DFLT_NETFLOW_REDUCED_KEEPALIVE_LOW,
+ DFLT_NETFLOW_REDUCED_KEEPALIVE_MIN,
+ DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX);
+
+ consensus_nf_ito_high_reduced =
+ networkstatus_get_param(NULL, "nf_ito_high_reduced",
+ DFLT_NETFLOW_REDUCED_KEEPALIVE_HIGH,
+ consensus_nf_ito_low_reduced,
+ DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX);
+
+#define CONNTIMEOUT_RELAYS_DFLT (60*60) // 1 hour
+#define CONNTIMEOUT_RELAYS_MIN 60
+#define CONNTIMEOUT_RELAYS_MAX (7*24*60*60) // 1 week
+ consensus_nf_conntimeout_relays =
+ networkstatus_get_param(NULL, "nf_conntimeout_relays",
+ CONNTIMEOUT_RELAYS_DFLT,
+ CONNTIMEOUT_RELAYS_MIN,
+ CONNTIMEOUT_RELAYS_MAX);
+
+#define CIRCTIMEOUT_CLIENTS_DFLT (30*60) // 30 minutes
+#define CIRCTIMEOUT_CLIENTS_MIN 60
+#define CIRCTIMEOUT_CLIENTS_MAX (24*60*60) // 24 hours
+ consensus_nf_conntimeout_clients =
+ networkstatus_get_param(NULL, "nf_conntimeout_clients",
+ CIRCTIMEOUT_CLIENTS_DFLT,
+ CIRCTIMEOUT_CLIENTS_MIN,
+ CIRCTIMEOUT_CLIENTS_MAX);
+
+ consensus_nf_pad_before_usage =
+ networkstatus_get_param(NULL, "nf_pad_before_usage", 1, 0, 1);
+
+ consensus_nf_pad_relays =
+ networkstatus_get_param(NULL, "nf_pad_relays", 0, 0, 1);
+}
+
/**
* Get a random netflow inactive timeout keepalive period in milliseconds,
* the range for which is determined by consensus parameters, negotiation,
@@ -47,21 +128,11 @@ static uint64_t total_timers_pending;
* Returns the next timeout period (in milliseconds) after which we should
* send a padding packet, or 0 if padding is disabled.
*/
-#define DFLT_NETFLOW_INACTIVE_KEEPALIVE_LOW 1500
-#define DFLT_NETFLOW_INACTIVE_KEEPALIVE_HIGH 9500
-#define DFLT_NETFLOW_INACTIVE_KEEPALIVE_MIN 0
-#define DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX 60000
STATIC int
channelpadding_get_netflow_inactive_timeout_ms(const channel_t *chan)
{
- int low_timeout = networkstatus_get_param(NULL, "nf_ito_low",
- DFLT_NETFLOW_INACTIVE_KEEPALIVE_LOW,
- DFLT_NETFLOW_INACTIVE_KEEPALIVE_MIN,
- DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX);
- int high_timeout = networkstatus_get_param(NULL, "nf_ito_high",
- DFLT_NETFLOW_INACTIVE_KEEPALIVE_HIGH,
- low_timeout,
- DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX);
+ int low_timeout = consensus_nf_ito_low;
+ int high_timeout = consensus_nf_ito_high;
int X1, X2;
if (low_timeout == 0 && low_timeout == high_timeout)
@@ -162,12 +233,8 @@ channelpadding_update_padding_for_channel(channel_t *chan,
/* Min must not be lower than the current consensus parameter
nf_ito_low. */
- chan->padding_timeout_low_ms = MAX(networkstatus_get_param(NULL,
- "nf_ito_low",
- DFLT_NETFLOW_INACTIVE_KEEPALIVE_LOW,
- DFLT_NETFLOW_INACTIVE_KEEPALIVE_MIN,
- DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX),
- pad_vars->ito_low_ms);
+ chan->padding_timeout_low_ms = MAX(consensus_nf_ito_low,
+ pad_vars->ito_low_ms);
/* Max must not be lower than ito_low_ms */
chan->padding_timeout_high_ms = MAX(chan->padding_timeout_low_ms,
@@ -399,6 +466,12 @@ channelpadding_compute_time_until_pad_for_netflow(channel_t *chan)
uint64_t long_now = monotime_coarse_absolute_msec();
if (!chan->next_padding_time_ms) {
+ /* If the below line or crypto_rand_int() shows up on a profile,
+ * we can avoid getting a timeout until we're at least nt_ito_lo
+ * from a timeout window. That will prevent us from setting timers
+ * on connections that were active up to 1.5 seconds ago.
+ * Idle connections should only call this once every 5.5s on average
+ * though, so that might be a micro-optimization for little gain. */
int64_t padding_timeout =
channelpadding_get_netflow_inactive_timeout_ms(chan);
@@ -475,14 +548,7 @@ channelpadding_get_channel_idle_timeout(const channel_t *chan,
+ crypto_rand_int(CONNTIMEOUT_CLIENTS_BASE/2);
} else { // Canonical relay-to-relay channels
// 45..75min or consensus +/- 25%
-#define CONNTIMEOUT_RELAYS_DFLT (60*60) // 1 hour
-#define CONNTIMEOUT_RELAYS_MIN 60
-#define CONNTIMEOUT_RELAYS_MAX (7*24*60*60) // 1 week
- timeout = networkstatus_get_param(NULL, "nf_conntimeout_relays",
- CONNTIMEOUT_RELAYS_DFLT,
- CONNTIMEOUT_RELAYS_MIN,
- CONNTIMEOUT_RELAYS_MAX);
-
+ timeout = consensus_nf_conntimeout_relays;
timeout = 3*timeout/4 + crypto_rand_int(timeout/2);
}
@@ -522,13 +588,7 @@ channelpadding_get_circuits_available_timeout(void)
int timeout = options->CircuitsAvailableTimeout;
if (!timeout) {
-#define CIRCTIMEOUT_CLIENTS_DFLT (30*60) // 30 minutes
-#define CIRCTIMEOUT_CLIENTS_MIN 60
-#define CIRCTIMEOUT_CLIENTS_MAX (24*60*60) // 24 hours
- timeout = networkstatus_get_param(NULL, "nf_conntimeout_clients",
- CIRCTIMEOUT_CLIENTS_DFLT,
- CIRCTIMEOUT_CLIENTS_MIN,
- CIRCTIMEOUT_CLIENTS_MAX);
+ timeout = consensus_nf_conntimeout_clients;
/* If ReducedConnectionPadding is set, we want to halve the duration of
* the channel idle timeout, since reducing the additional time that
@@ -579,21 +639,8 @@ channelpadding_reduce_padding_on_channel(channel_t *chan)
channelpadding_send_disable_command(chan);
}
-#define DFLT_NETFLOW_REDUCED_KEEPALIVE_LOW 9000
-#define DFLT_NETFLOW_REDUCED_KEEPALIVE_HIGH 14000
-#define DFLT_NETFLOW_REDUCED_KEEPALIVE_MIN 0
-#define DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX 60000
- chan->padding_timeout_low_ms =
- networkstatus_get_param(NULL, "nf_ito_low_reduced",
- DFLT_NETFLOW_REDUCED_KEEPALIVE_LOW,
- DFLT_NETFLOW_REDUCED_KEEPALIVE_MIN,
- DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX);
-
- chan->padding_timeout_high_ms =
- networkstatus_get_param(NULL, "nf_ito_high_reduced",
- DFLT_NETFLOW_REDUCED_KEEPALIVE_HIGH,
- chan->padding_timeout_low_ms,
- DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX);
+ chan->padding_timeout_low_ms = consensus_nf_ito_low_reduced;
+ chan->padding_timeout_high_ms = consensus_nf_ito_high_reduced;
log_fn(LOG_INFO,LD_OR,
"Reduced padding on channel "U64_FORMAT": lo=%d, hi=%d",
@@ -621,7 +668,7 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
return CHANNELPADDING_WONTPAD;
if (chan->channel_usage == CHANNEL_USED_FOR_FULL_CIRCS) {
- if (!networkstatus_get_param(NULL, "nf_pad_before_usage", 1, 0, 1))
+ if (!consensus_nf_pad_before_usage)
return CHANNELPADDING_WONTPAD;
} else if (chan->channel_usage != CHANNEL_USED_FOR_USER_TRAFFIC) {
return CHANNELPADDING_WONTPAD;
@@ -649,8 +696,7 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
/* If nf_pad_relays=1 is set in the consensus, we pad
* on *all* idle connections, relay-relay or relay-client.
* Otherwise pad only for client+bridge cons */
- if (is_client_channel ||
- networkstatus_get_param(NULL, "nf_pad_relays", 0, 0, 1)) {
+ if (is_client_channel || consensus_nf_pad_relays) {
int64_t pad_time_ms =
channelpadding_compute_time_until_pad_for_netflow(chan);
diff --git a/src/or/channelpadding.h b/src/or/channelpadding.h
index 07af7a6b46..e08f7a2045 100644
--- a/src/or/channelpadding.h
+++ b/src/or/channelpadding.h
@@ -33,6 +33,7 @@ int channelpadding_send_enable_command(channel_t *chan, uint16_t low_timeout,
int channelpadding_get_circuits_available_timeout(void);
unsigned int channelpadding_get_channel_idle_timeout(const channel_t *, int);
+void channelpadding_new_consensus_params(networkstatus_t *ns);
#endif
diff --git a/src/or/main.c b/src/or/main.c
index 5bc132a0e3..b729e0b378 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3033,6 +3033,10 @@ tor_init(int argc, char *argv[])
/* The options are now initialised */
const or_options_t *options = get_options();
+ /* Initialize channelpadding parameters to defaults until we get
+ * a consensus */
+ channelpadding_new_consensus_params(NULL);
+
/* Initialize predicted ports list after loading options */
predicted_ports_init();
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 76b968a8c8..4107542f56 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -63,6 +63,7 @@
#include "shared_random.h"
#include "transports.h"
#include "torcert.h"
+#include "channelpadding.h"
/** Map from lowercase nickname to identity digest of named server, if any. */
static strmap_t *named_server_map = NULL;
@@ -1966,6 +1967,7 @@ networkstatus_set_current_consensus(const char *consensus,
circuit_build_times_new_consensus_params(
get_circuit_build_times_mutable(), c);
+ channelpadding_new_consensus_params(c);
}
/* Reset the failure count only if this consensus is actually valid. */