From 4520500cde57f940b68138e3a771f989afe8d60c Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Wed, 15 Oct 2008 00:36:09 +0000 Subject: put in karsten's patch #1 for proposal 155, modified svn:r17106 --- ChangeLog | 2 ++ .../155-four-hidden-service-improvements.txt | 2 +- src/or/circuituse.c | 22 +++++++++++++++++----- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index e5a421a232..0c380f83ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ Changes in version 0.2.1.7-alpha - 2008-10-xx - Now NodeFamily and MyFamily config options allow spaces in identity fingerprints, so it's easier to paste them in. Suggested by Lucky Green. + - Reduce extension timeout for introduction circuits from 60 to 30 + seconds. o Minor bugfixes: - Minor fix in the warning messages when you're having problems diff --git a/doc/spec/proposals/155-four-hidden-service-improvements.txt b/doc/spec/proposals/155-four-hidden-service-improvements.txt index 6d681f8a81..e80700e176 100644 --- a/doc/spec/proposals/155-four-hidden-service-improvements.txt +++ b/doc/spec/proposals/155-four-hidden-service-improvements.txt @@ -18,7 +18,7 @@ Overview: in the network as well as connection establishment time. Some of these design changes have side-effects on anonymity or overall network load which had to be weighed up against individual performance gains. A - discussion of seven possible design changes [2] has lead to a selection + discussion of seven possible design changes [2] has led to a selection of four changes [3] that are proposed to be implemented here. Design: diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 467a195795..7da5508880 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -251,11 +251,13 @@ void circuit_expire_building(time_t now) { circuit_t *victim, *circ = global_circuitlist; - time_t cutoff = now - get_options()->CircuitBuildTimeout; - time_t begindir_cutoff = now - get_options()->CircuitBuildTimeout/2; + time_t general_cutoff = now - get_options()->CircuitBuildTimeout; + time_t begindir_cutoff = general_cutoff/2; + time_t introcirc_cutoff = general_cutoff/2; cpath_build_state_t *build_state; while (circ) { + time_t cutoff; victim = circ; circ = circ->next; if (!CIRCUIT_IS_ORIGIN(victim) || /* didn't originate here */ @@ -263,13 +265,23 @@ circuit_expire_building(time_t now) continue; build_state = TO_ORIGIN_CIRCUIT(victim)->build_state; - if (victim->timestamp_created > - ((build_state && build_state->onehop_tunnel) ? - begindir_cutoff : cutoff)) + if (build_state && build_state->onehop_tunnel) + cutoff = begindir_cutoff; + else if (victim->purpose == CIRCUIT_PURPOSE_C_INTRODUCING) + cutoff = introcirc_cutoff; + else + cutoff = general_cutoff; + if (victim->timestamp_created > cutoff) continue; /* it's still young, leave it alone */ #if 0 /* some debug logs, to help track bugs */ + if (victim->purpose == CIRCUIT_PURPOSE_C_INTRODUCING && + victim->timestamp_created <= introcirc_cutoff && + victim->timestamp_created > general_cutoff) + log_info(LD_REND|LD_CIRC, "Timing out introduction circuit which we " + "would not have done if it had been a general circuit."); + if (victim->purpose >= CIRCUIT_PURPOSE_C_INTRODUCING && victim->purpose <= CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED) { if (!victim->timestamp_dirty) -- cgit v1.2.3-54-g00ecf