[tor-commits] [torspec/main] Add congestion control fields to CIRC_BW
commit e38527978a3fa03e58f7e528593f1fac761584e3 Author: Mike Perry Date: Thu Mar 3 21:14:08 2022 + Add congestion control fields to CIRC_BW --- control-spec.txt | 21 - 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/control-spec.txt b/control-spec.txt index 0e2add3..b277d03 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -3430,14 +3430,21 @@ Table of Contents "WRITTEN=" BytesWritten SP "TIME=" Time SP "DELIVERED_READ=" DeliveredBytesRead SP "OVERHEAD_READ=" OverheadBytesRead SP - "DELIVERED_WRITTEN=" DeliveredBytesWritten CRLF + "DELIVERED_WRITTEN=" DeliveredBytesWritten SP "OVERHEAD_WRITTEN=" OverheadBytesWritten SP + "SS=" SlowStartState SP + "CWND=" CWNDCells SP + "RTT=" RTTMilliseconds SP + "MIN_RTT=" RTTMilliseconds CRLF BytesRead = 1*DIGIT BytesWritten = 1*DIGIT OverheadBytesRead = 1*DIGIT OverheadBytesWritten = 1*DIGIT DeliveredBytesRead = 1*DIGIT DeliveredBytesWritten = 1*DIGIT + SlowStartState = 0 or 1 + CWNDCells = 1*DIGIT + RTTMilliseconds= 1*DIGIT Time = ISOTime2Frac BytesRead and BytesWritten are the number of bytes read and written @@ -3465,6 +3472,16 @@ Table of Contents The Time field is provided only in versions 0.3.2.1-alpha and later. It records when Tor created the bandwidth event. + The SS, CWND, RTT, and MIN_RTT fields are present only if the circuit + has negotiated congestion control to an onion service or Exit hop (any + intermediate leaky pipe congestion control hops are not examined here). + SS provides an indication if the circuit is in slow start (1), or not (0). + CWND is the size of the congestion window in terms of number of cells. + RTT is the N_EWMA smoothed current RTT value, and MIN_RTT is the minimum + RTT value of the circuit. The SS and CWND fields apply only to the + upstream direction of the circuit. The slow start state and CWND values + of the other endpoint may be different. + These events are generated about once per second per circuit; no events are generated for circuits that had no attached stream writing or reading. @@ -3474,6 +3491,8 @@ Table of Contents [DELIVERED_READ, OVERHEAD_READ, DELIVERED_WRITTEN, and OVERHEAD_WRITTEN were added in Tor 0.3.4.0-alpha] + [SS, CWND, RTT, and MIN_RTT were added in Tor 0.4.7.5-alpha] + 4.1.23. Per-circuit cell stats The syntax is: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/main] Remove comma from STATUS format specification.
commit ec77ae643f3e47bea0292d125a51f8786bf33fb9 Author: David Fifield Date: Mon Feb 28 07:38:36 2022 + Remove comma from STATUS format specification. --- pt-spec.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pt-spec.txt b/pt-spec.txt index 05421c1..45b4c31 100644 --- a/pt-spec.txt +++ b/pt-spec.txt @@ -1,4 +1,3 @@ - Pluggable Transport Specification (Version 1) Abstract @@ -668,7 +667,7 @@ Table of Contents The format of the message: - STATUS TRANSPORT=Transport = [=, ...] + STATUS TRANSPORT=Transport = [= ...] The TRANSPORT value indicates a hint on what the PT is such has the name or the protocol used for instance. As an example, obfs4proxy would use ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Add congestion control fields to CIRC_BW control port event
commit 646a1d5f9ae481667f0ec43e45879b94ea2dd28a
Author: Mike Perry
Date: Thu Mar 3 20:06:38 2022 +
Add congestion control fields to CIRC_BW control port event
---
src/core/or/congestion_control_common.c | 42 +
src/core/or/congestion_control_common.h | 1 +
src/feature/control/control_events.c| 12 --
3 files changed, 53 insertions(+), 2 deletions(-)
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index 93d3a9f2c5..36099cc1c6 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -1442,3 +1442,45 @@ congestion_control_parse_ext_response(const uint8_t *msg,
return (int)ret;
}
+
+/**
+ * Returns a formatted string of fields containing congestion
+ * control information, for the CIRC_BW control port event.
+ *
+ * An origin circuit can have a ccontrol object directly on it,
+ * if it is an onion service, or onion client. Exit-bound clients
+ * will have the ccontrol on the cpath associated with their exit
+ * (the last one in the cpath list).
+ *
+ * WARNING: This function does not support leaky-pipe topology. It
+ * is to be used for control port information only.
+ */
+char *
+congestion_control_get_control_port_fields(const origin_circuit_t *circ)
+{
+ const congestion_control_t *ccontrol = NULL;
+ char *ret = NULL;
+ int len;
+
+ if (TO_CIRCUIT(circ)->ccontrol) {
+ccontrol = TO_CIRCUIT(circ)->ccontrol;
+ } else if (circ->cpath && circ->cpath->prev->ccontrol) {
+/* Get ccontrol for last hop (exit) if it exists */
+ccontrol = circ->cpath->prev->ccontrol;
+ }
+
+ if (!ccontrol)
+return NULL;
+
+ len = tor_asprintf(,
+ " SS=%d CWND=%"PRIu64" RTT=%"PRIu64" MIN_RTT=%"PRIu64,
+ ccontrol->in_slow_start, ccontrol->cwnd,
+ ccontrol->ewma_rtt_usec/1000,
+ ccontrol->min_rtt_usec/1000);
+ if (len < 0) {
+log_warn(LD_BUG, "Unable to format event for controller.");
+return NULL;
+ }
+
+ return ret;
+}
diff --git a/src/core/or/congestion_control_common.h
b/src/core/or/congestion_control_common.h
index 1a57d71331..71e984f914 100644
--- a/src/core/or/congestion_control_common.h
+++ b/src/core/or/congestion_control_common.h
@@ -80,6 +80,7 @@ int congestion_control_parse_ext_response(const uint8_t *msg,
const size_t msg_len,
circuit_params_t *params_out);
bool congestion_control_validate_sendme_increment(uint8_t sendme_inc);
+char *congestion_control_get_control_port_fields(const origin_circuit_t *);
/* Ugh, C.. these are private. Use the getter instead, when
* external to the congestion control code. */
diff --git a/src/feature/control/control_events.c
b/src/feature/control/control_events.c
index e2aca6c03e..f9b7caf934 100644
--- a/src/feature/control/control_events.c
+++ b/src/feature/control/control_events.c
@@ -21,6 +21,7 @@
#include "core/or/command.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
+#include "core/or/congestion_control_common.h"
#include "core/or/reasons.h"
#include "feature/control/control.h"
#include "feature/control/control_events.h"
@@ -1075,10 +1076,12 @@
control_event_circ_bandwidth_used_for_circ(origin_circuit_t *ocirc)
tor_gettimeofday();
format_iso_time_nospace_usec(tbuf, );
+
+ char *ccontrol_buf = congestion_control_get_control_port_fields(ocirc);
send_control_event(EVENT_CIRC_BANDWIDTH_USED,
"650 CIRC_BW ID=%d READ=%lu WRITTEN=%lu TIME=%s "
"DELIVERED_READ=%lu OVERHEAD_READ=%lu "
- "DELIVERED_WRITTEN=%lu OVERHEAD_WRITTEN=%lu\r\n",
+ "DELIVERED_WRITTEN=%lu OVERHEAD_WRITTEN=%lu%s\r\n",
ocirc->global_identifier,
(unsigned long)ocirc->n_read_circ_bw,
(unsigned long)ocirc->n_written_circ_bw,
@@ -1086,11 +1089,16 @@
control_event_circ_bandwidth_used_for_circ(origin_circuit_t *ocirc)
(unsigned long)ocirc->n_delivered_read_circ_bw,
(unsigned long)ocirc->n_overhead_read_circ_bw,
(unsigned long)ocirc->n_delivered_written_circ_bw,
- (unsigned long)ocirc->n_overhead_written_circ_bw);
+ (unsigned long)ocirc->n_overhead_written_circ_bw,
+ ccontrol_buf ? ccontrol_buf : "");
+
ocirc->n_written_circ_bw = ocirc->n_read_circ_bw = 0;
ocirc->n_overhead_written_circ_bw = ocirc->n_overhead_read_circ_bw = 0;
ocirc->n_delivered_written_circ_bw = ocirc->n_delivered_read_circ_bw = 0;
+ if (ccontrol_buf)
+tor_free(ccontrol_buf);
+
return 0;
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] hs: Don't BUG() when setting up RP congestion control
commit 069b27860102990b23b58e60fb1de65347f37669
Author: David Goulet
Date: Wed Mar 9 12:15:12 2022 -0500
hs: Don't BUG() when setting up RP congestion control
It is possible to not have the descriptor anymore by the time the
rendezvous circuit opens. Don't BUG() on that.
Instead, when sending the INTRODUCE1 cell, make sure the descriptor we
have (or have just fetched) matches what we setup in the rendezvous
circuit.
If not, the circuit is closed and another one is opened for a retry.
Fixes #40576
Signed-off-by: David Goulet
---
changes/ticket40576| 5 +
src/feature/hs/hs_client.c | 29 +++--
src/feature/hs/hs_descriptor.c | 13 +
src/feature/hs/hs_descriptor.h | 2 ++
4 files changed, 43 insertions(+), 6 deletions(-)
diff --git a/changes/ticket40576 b/changes/ticket40576
new file mode 100644
index 00..c9e3745560
--- /dev/null
+++ b/changes/ticket40576
@@ -0,0 +1,5 @@
+ o Minor bugfixes (onion service congestion control):
+- Avoid a non fatal assert in case we can't setup congestion control on the
+ rendezvous circuit after opening. Fixes bug 40576; bugfix on
+ 0.4.7.4-alpha.
+
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 81c0459a86..f5891e6bdc 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -624,6 +624,16 @@ send_introduce1(origin_circuit_t *intro_circ,
goto tran_err;
}
+ /* Check if the rendevous circuit was setup WITHOUT congestion control but if
+ * it is enabled and the service supports it. This can happen, see
+ * setup_rendezvous_circ_congestion_control() and so close rendezvous circuit
+ * so another one can be created. */
+ if (TO_CIRCUIT(rend_circ)->ccontrol == NULL && congestion_control_enabled()
+ && hs_desc_supports_congestion_control(desc)) {
+circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
+goto tran_err;
+ }
+
/* We need to find which intro point in the descriptor we are connected to
* on intro_circ. */
ip = find_desc_intro_point_by_ident(intro_circ->hs_ident, desc);
@@ -760,7 +770,14 @@ client_intro_circ_has_opened(origin_circuit_t *circ)
}
/** Setup the congestion control parameters on the given rendezvous circuit.
- * This looks at the service descriptor flow control line (if any). */
+ * This looks at the service descriptor flow control line (if any).
+ *
+ * It is possible that we are unable to set congestion control on the circuit
+ * if the descriptor can't be found. In that case, the introduction circuit
+ * can't be opened without it so a fetch will be triggered.
+ *
+ * However, if the descriptor asks for congestion control but the RP circuit
+ * doesn't have it, it will be closed and a new circuit will be opened. */
static void
setup_rendezvous_circ_congestion_control(origin_circuit_t *circ)
{
@@ -771,16 +788,16 @@ setup_rendezvous_circ_congestion_control(origin_circuit_t
*circ)
/* Setup congestion control parameters on the circuit. */
const hs_descriptor_t *desc =
hs_cache_lookup_as_client(>hs_ident->identity_pk);
- if (BUG(desc == NULL)) {
-/* This should really never happened but in case, scream and stop. */
+ if (desc == NULL) {
+/* This is possible because between launching the circuit and the circuit
+ * ending in opened state, the descriptor could have been removed from the
+ * cache. In this case, we just can't setup congestion control. */
return;
}
/* Check if the service lists support for congestion control in its
* descriptor. If not, we don't setup congestion control. */
- if (!desc->encrypted_data.flow_control_pv ||
- !protocol_list_supports_protocol(desc->encrypted_data.flow_control_pv,
- PRT_FLOWCTRL, PROTOVER_FLOWCTRL_CC)) {
+ if (!hs_desc_supports_congestion_control(desc)) {
return;
}
diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c
index 523ededf8c..15ad9d8efb 100644
--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@ -2987,3 +2987,16 @@ hs_descriptor_clear_intro_points(hs_descriptor_t *desc)
smartlist_clear(ips);
}
}
+
+/** Return true iff we support the given descriptor congestion control
+ * parameters. */
+bool
+hs_desc_supports_congestion_control(const hs_descriptor_t *desc)
+{
+ tor_assert(desc);
+
+ /* Validate that we support the protocol version in the descriptor. */
+ return desc->encrypted_data.flow_control_pv &&
+ protocol_list_supports_protocol(desc->encrypted_data.flow_control_pv,
+ PRT_FLOWCTRL, PROTOVER_FLOWCTRL_CC);
+}
diff --git a/src/feature/hs/hs_descriptor.h b/src/feature/hs/hs_descriptor.h
index 8f5ee6a2f1..8f42b2138b 100644
--- a/src/feature/hs/hs_descriptor.h
+++ b/src/feature/hs/hs_descriptor.h
@@ -319,6 +319,8 @@ void
[tor-commits] [tor/release-0.4.5] hs: Schedule mainloop event on dirinfo change
commit 254b23ab9d82a85892d01499100cde0b3d8b6931
Author: David Goulet
Date: Wed Mar 9 13:47:27 2022 -0500
hs: Schedule mainloop event on dirinfo change
Due to a possible Guard subsystem recursion, when the HS client gets
notified that the directory information has changed, it must run it in a
seperate mainloop event to avoid such issue.
See the ticket for more information on the recursion. This also fixes a
fatal assert.
Fixes #40579
Signed-off-by: David Goulet
---
changes/ticket40579| 3 +++
src/feature/hs/hs_client.c | 48 --
2 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/changes/ticket40579 b/changes/ticket40579
new file mode 100644
index 00..e2558c1102
--- /dev/null
+++ b/changes/ticket40579
@@ -0,0 +1,3 @@
+ o Minor bugfixes (onion service, client):
+- Fix a fatal assert due to a guard subsystem recursion triggered by the
+ onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha.
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 4b4e268542..6c9645f0b8 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -38,6 +38,7 @@
#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
+#include "lib/evloop/compat_libevent.h"
#include "core/or/cpath_build_state_st.h"
#include "feature/dircommon/dir_connection_st.h"
@@ -46,11 +47,30 @@
#include "core/or/origin_circuit_st.h"
#include "core/or/socks_request_st.h"
+#include "trunnel/hs/cell_introduce1.h"
+
+/** This event is activated when we are notified that directory information has
+ * changed. It must be done asynchronous from the call due to possible
+ * recursion from the caller of that notification. See #40579. */
+static struct mainloop_event_t *dir_info_changed_ev = NULL;
+
/** Client-side authorizations for hidden services; map of service identity
* public key to hs_client_service_authorization_t *. */
static digest256map_t *client_auths = NULL;
-#include "trunnel/hs/cell_introduce1.h"
+/** Mainloop callback. Scheduled to run when we are notified of a directory
+ * info change. See hs_client_dir_info_changed(). */
+static void
+dir_info_changed_callback(mainloop_event_t *event, void *arg)
+{
+ (void) event;
+ (void) arg;
+
+ /* We have possibly reached the minimum directory information or new
+ * consensus so retry all pending SOCKS connection in
+ * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
+ retry_all_socks_conn_waiting_for_desc();
+}
/** Return a human-readable string for the client fetch status code. */
static const char *
@@ -2584,6 +2604,9 @@ hs_client_free_all(void)
/* Purge the hidden service request cache. */
hs_purge_last_hid_serv_requests();
client_service_authorization_free_all();
+
+ /* This is NULL safe. */
+ mainloop_event_free(dir_info_changed_ev);
}
/** Purge all potentially remotely-detectable state held in the hidden
@@ -2609,14 +2632,27 @@ hs_client_purge_state(void)
log_info(LD_REND, "Hidden service client state has been purged.");
}
-/** Called when our directory information has changed. */
+/** Called when our directory information has changed.
+ *
+ * The work done in that function has to either be kept within the HS subsystem
+ * or else scheduled as a mainloop event. In other words, this function can't
+ * call outside to another subsystem to avoid risking recursion problems. */
void
hs_client_dir_info_changed(void)
{
- /* We have possibly reached the minimum directory information or new
- * consensus so retry all pending SOCKS connection in
- * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
- retry_all_socks_conn_waiting_for_desc();
+ /* Make sure the mainloop has been initialized. Code path exist that reaches
+ * this before it is. */
+ if (!tor_libevent_is_initialized()) {
+return;
+ }
+
+ /* Lazily create the event. HS Client subsystem doesn't have an init function
+ * and so we do it here before activating it. */
+ if (!dir_info_changed_ev) {
+dir_info_changed_ev = mainloop_event_new(dir_info_changed_callback, NULL);
+ }
+ /* Activate it to run immediately. */
+ mainloop_event_activate(dir_info_changed_ev);
}
#ifdef TOR_UNIT_TESTS
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] hs: Schedule mainloop event on dirinfo change
commit 254b23ab9d82a85892d01499100cde0b3d8b6931
Author: David Goulet
Date: Wed Mar 9 13:47:27 2022 -0500
hs: Schedule mainloop event on dirinfo change
Due to a possible Guard subsystem recursion, when the HS client gets
notified that the directory information has changed, it must run it in a
seperate mainloop event to avoid such issue.
See the ticket for more information on the recursion. This also fixes a
fatal assert.
Fixes #40579
Signed-off-by: David Goulet
---
changes/ticket40579| 3 +++
src/feature/hs/hs_client.c | 48 --
2 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/changes/ticket40579 b/changes/ticket40579
new file mode 100644
index 00..e2558c1102
--- /dev/null
+++ b/changes/ticket40579
@@ -0,0 +1,3 @@
+ o Minor bugfixes (onion service, client):
+- Fix a fatal assert due to a guard subsystem recursion triggered by the
+ onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha.
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 4b4e268542..6c9645f0b8 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -38,6 +38,7 @@
#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
+#include "lib/evloop/compat_libevent.h"
#include "core/or/cpath_build_state_st.h"
#include "feature/dircommon/dir_connection_st.h"
@@ -46,11 +47,30 @@
#include "core/or/origin_circuit_st.h"
#include "core/or/socks_request_st.h"
+#include "trunnel/hs/cell_introduce1.h"
+
+/** This event is activated when we are notified that directory information has
+ * changed. It must be done asynchronous from the call due to possible
+ * recursion from the caller of that notification. See #40579. */
+static struct mainloop_event_t *dir_info_changed_ev = NULL;
+
/** Client-side authorizations for hidden services; map of service identity
* public key to hs_client_service_authorization_t *. */
static digest256map_t *client_auths = NULL;
-#include "trunnel/hs/cell_introduce1.h"
+/** Mainloop callback. Scheduled to run when we are notified of a directory
+ * info change. See hs_client_dir_info_changed(). */
+static void
+dir_info_changed_callback(mainloop_event_t *event, void *arg)
+{
+ (void) event;
+ (void) arg;
+
+ /* We have possibly reached the minimum directory information or new
+ * consensus so retry all pending SOCKS connection in
+ * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
+ retry_all_socks_conn_waiting_for_desc();
+}
/** Return a human-readable string for the client fetch status code. */
static const char *
@@ -2584,6 +2604,9 @@ hs_client_free_all(void)
/* Purge the hidden service request cache. */
hs_purge_last_hid_serv_requests();
client_service_authorization_free_all();
+
+ /* This is NULL safe. */
+ mainloop_event_free(dir_info_changed_ev);
}
/** Purge all potentially remotely-detectable state held in the hidden
@@ -2609,14 +2632,27 @@ hs_client_purge_state(void)
log_info(LD_REND, "Hidden service client state has been purged.");
}
-/** Called when our directory information has changed. */
+/** Called when our directory information has changed.
+ *
+ * The work done in that function has to either be kept within the HS subsystem
+ * or else scheduled as a mainloop event. In other words, this function can't
+ * call outside to another subsystem to avoid risking recursion problems. */
void
hs_client_dir_info_changed(void)
{
- /* We have possibly reached the minimum directory information or new
- * consensus so retry all pending SOCKS connection in
- * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
- retry_all_socks_conn_waiting_for_desc();
+ /* Make sure the mainloop has been initialized. Code path exist that reaches
+ * this before it is. */
+ if (!tor_libevent_is_initialized()) {
+return;
+ }
+
+ /* Lazily create the event. HS Client subsystem doesn't have an init function
+ * and so we do it here before activating it. */
+ if (!dir_info_changed_ev) {
+dir_info_changed_ev = mainloop_event_new(dir_info_changed_callback, NULL);
+ }
+ /* Activate it to run immediately. */
+ mainloop_event_activate(dir_info_changed_ev);
}
#ifdef TOR_UNIT_TESTS
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] hs: Schedule mainloop event on dirinfo change
commit 254b23ab9d82a85892d01499100cde0b3d8b6931
Author: David Goulet
Date: Wed Mar 9 13:47:27 2022 -0500
hs: Schedule mainloop event on dirinfo change
Due to a possible Guard subsystem recursion, when the HS client gets
notified that the directory information has changed, it must run it in a
seperate mainloop event to avoid such issue.
See the ticket for more information on the recursion. This also fixes a
fatal assert.
Fixes #40579
Signed-off-by: David Goulet
---
changes/ticket40579| 3 +++
src/feature/hs/hs_client.c | 48 --
2 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/changes/ticket40579 b/changes/ticket40579
new file mode 100644
index 00..e2558c1102
--- /dev/null
+++ b/changes/ticket40579
@@ -0,0 +1,3 @@
+ o Minor bugfixes (onion service, client):
+- Fix a fatal assert due to a guard subsystem recursion triggered by the
+ onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha.
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 4b4e268542..6c9645f0b8 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -38,6 +38,7 @@
#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
+#include "lib/evloop/compat_libevent.h"
#include "core/or/cpath_build_state_st.h"
#include "feature/dircommon/dir_connection_st.h"
@@ -46,11 +47,30 @@
#include "core/or/origin_circuit_st.h"
#include "core/or/socks_request_st.h"
+#include "trunnel/hs/cell_introduce1.h"
+
+/** This event is activated when we are notified that directory information has
+ * changed. It must be done asynchronous from the call due to possible
+ * recursion from the caller of that notification. See #40579. */
+static struct mainloop_event_t *dir_info_changed_ev = NULL;
+
/** Client-side authorizations for hidden services; map of service identity
* public key to hs_client_service_authorization_t *. */
static digest256map_t *client_auths = NULL;
-#include "trunnel/hs/cell_introduce1.h"
+/** Mainloop callback. Scheduled to run when we are notified of a directory
+ * info change. See hs_client_dir_info_changed(). */
+static void
+dir_info_changed_callback(mainloop_event_t *event, void *arg)
+{
+ (void) event;
+ (void) arg;
+
+ /* We have possibly reached the minimum directory information or new
+ * consensus so retry all pending SOCKS connection in
+ * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
+ retry_all_socks_conn_waiting_for_desc();
+}
/** Return a human-readable string for the client fetch status code. */
static const char *
@@ -2584,6 +2604,9 @@ hs_client_free_all(void)
/* Purge the hidden service request cache. */
hs_purge_last_hid_serv_requests();
client_service_authorization_free_all();
+
+ /* This is NULL safe. */
+ mainloop_event_free(dir_info_changed_ev);
}
/** Purge all potentially remotely-detectable state held in the hidden
@@ -2609,14 +2632,27 @@ hs_client_purge_state(void)
log_info(LD_REND, "Hidden service client state has been purged.");
}
-/** Called when our directory information has changed. */
+/** Called when our directory information has changed.
+ *
+ * The work done in that function has to either be kept within the HS subsystem
+ * or else scheduled as a mainloop event. In other words, this function can't
+ * call outside to another subsystem to avoid risking recursion problems. */
void
hs_client_dir_info_changed(void)
{
- /* We have possibly reached the minimum directory information or new
- * consensus so retry all pending SOCKS connection in
- * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
- retry_all_socks_conn_waiting_for_desc();
+ /* Make sure the mainloop has been initialized. Code path exist that reaches
+ * this before it is. */
+ if (!tor_libevent_is_initialized()) {
+return;
+ }
+
+ /* Lazily create the event. HS Client subsystem doesn't have an init function
+ * and so we do it here before activating it. */
+ if (!dir_info_changed_ev) {
+dir_info_changed_ev = mainloop_event_new(dir_info_changed_callback, NULL);
+ }
+ /* Activate it to run immediately. */
+ mainloop_event_activate(dir_info_changed_ev);
}
#ifdef TOR_UNIT_TESTS
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] hs: Schedule mainloop event on dirinfo change
commit 254b23ab9d82a85892d01499100cde0b3d8b6931
Author: David Goulet
Date: Wed Mar 9 13:47:27 2022 -0500
hs: Schedule mainloop event on dirinfo change
Due to a possible Guard subsystem recursion, when the HS client gets
notified that the directory information has changed, it must run it in a
seperate mainloop event to avoid such issue.
See the ticket for more information on the recursion. This also fixes a
fatal assert.
Fixes #40579
Signed-off-by: David Goulet
---
changes/ticket40579| 3 +++
src/feature/hs/hs_client.c | 48 --
2 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/changes/ticket40579 b/changes/ticket40579
new file mode 100644
index 00..e2558c1102
--- /dev/null
+++ b/changes/ticket40579
@@ -0,0 +1,3 @@
+ o Minor bugfixes (onion service, client):
+- Fix a fatal assert due to a guard subsystem recursion triggered by the
+ onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha.
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 4b4e268542..6c9645f0b8 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -38,6 +38,7 @@
#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
+#include "lib/evloop/compat_libevent.h"
#include "core/or/cpath_build_state_st.h"
#include "feature/dircommon/dir_connection_st.h"
@@ -46,11 +47,30 @@
#include "core/or/origin_circuit_st.h"
#include "core/or/socks_request_st.h"
+#include "trunnel/hs/cell_introduce1.h"
+
+/** This event is activated when we are notified that directory information has
+ * changed. It must be done asynchronous from the call due to possible
+ * recursion from the caller of that notification. See #40579. */
+static struct mainloop_event_t *dir_info_changed_ev = NULL;
+
/** Client-side authorizations for hidden services; map of service identity
* public key to hs_client_service_authorization_t *. */
static digest256map_t *client_auths = NULL;
-#include "trunnel/hs/cell_introduce1.h"
+/** Mainloop callback. Scheduled to run when we are notified of a directory
+ * info change. See hs_client_dir_info_changed(). */
+static void
+dir_info_changed_callback(mainloop_event_t *event, void *arg)
+{
+ (void) event;
+ (void) arg;
+
+ /* We have possibly reached the minimum directory information or new
+ * consensus so retry all pending SOCKS connection in
+ * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
+ retry_all_socks_conn_waiting_for_desc();
+}
/** Return a human-readable string for the client fetch status code. */
static const char *
@@ -2584,6 +2604,9 @@ hs_client_free_all(void)
/* Purge the hidden service request cache. */
hs_purge_last_hid_serv_requests();
client_service_authorization_free_all();
+
+ /* This is NULL safe. */
+ mainloop_event_free(dir_info_changed_ev);
}
/** Purge all potentially remotely-detectable state held in the hidden
@@ -2609,14 +2632,27 @@ hs_client_purge_state(void)
log_info(LD_REND, "Hidden service client state has been purged.");
}
-/** Called when our directory information has changed. */
+/** Called when our directory information has changed.
+ *
+ * The work done in that function has to either be kept within the HS subsystem
+ * or else scheduled as a mainloop event. In other words, this function can't
+ * call outside to another subsystem to avoid risking recursion problems. */
void
hs_client_dir_info_changed(void)
{
- /* We have possibly reached the minimum directory information or new
- * consensus so retry all pending SOCKS connection in
- * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
- retry_all_socks_conn_waiting_for_desc();
+ /* Make sure the mainloop has been initialized. Code path exist that reaches
+ * this before it is. */
+ if (!tor_libevent_is_initialized()) {
+return;
+ }
+
+ /* Lazily create the event. HS Client subsystem doesn't have an init function
+ * and so we do it here before activating it. */
+ if (!dir_info_changed_ev) {
+dir_info_changed_ev = mainloop_event_new(dir_info_changed_callback, NULL);
+ }
+ /* Activate it to run immediately. */
+ mainloop_event_activate(dir_info_changed_ev);
}
#ifdef TOR_UNIT_TESTS
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.6] hs: Schedule mainloop event on dirinfo change
commit 254b23ab9d82a85892d01499100cde0b3d8b6931
Author: David Goulet
Date: Wed Mar 9 13:47:27 2022 -0500
hs: Schedule mainloop event on dirinfo change
Due to a possible Guard subsystem recursion, when the HS client gets
notified that the directory information has changed, it must run it in a
seperate mainloop event to avoid such issue.
See the ticket for more information on the recursion. This also fixes a
fatal assert.
Fixes #40579
Signed-off-by: David Goulet
---
changes/ticket40579| 3 +++
src/feature/hs/hs_client.c | 48 --
2 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/changes/ticket40579 b/changes/ticket40579
new file mode 100644
index 00..e2558c1102
--- /dev/null
+++ b/changes/ticket40579
@@ -0,0 +1,3 @@
+ o Minor bugfixes (onion service, client):
+- Fix a fatal assert due to a guard subsystem recursion triggered by the
+ onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha.
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 4b4e268542..6c9645f0b8 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -38,6 +38,7 @@
#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
+#include "lib/evloop/compat_libevent.h"
#include "core/or/cpath_build_state_st.h"
#include "feature/dircommon/dir_connection_st.h"
@@ -46,11 +47,30 @@
#include "core/or/origin_circuit_st.h"
#include "core/or/socks_request_st.h"
+#include "trunnel/hs/cell_introduce1.h"
+
+/** This event is activated when we are notified that directory information has
+ * changed. It must be done asynchronous from the call due to possible
+ * recursion from the caller of that notification. See #40579. */
+static struct mainloop_event_t *dir_info_changed_ev = NULL;
+
/** Client-side authorizations for hidden services; map of service identity
* public key to hs_client_service_authorization_t *. */
static digest256map_t *client_auths = NULL;
-#include "trunnel/hs/cell_introduce1.h"
+/** Mainloop callback. Scheduled to run when we are notified of a directory
+ * info change. See hs_client_dir_info_changed(). */
+static void
+dir_info_changed_callback(mainloop_event_t *event, void *arg)
+{
+ (void) event;
+ (void) arg;
+
+ /* We have possibly reached the minimum directory information or new
+ * consensus so retry all pending SOCKS connection in
+ * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
+ retry_all_socks_conn_waiting_for_desc();
+}
/** Return a human-readable string for the client fetch status code. */
static const char *
@@ -2584,6 +2604,9 @@ hs_client_free_all(void)
/* Purge the hidden service request cache. */
hs_purge_last_hid_serv_requests();
client_service_authorization_free_all();
+
+ /* This is NULL safe. */
+ mainloop_event_free(dir_info_changed_ev);
}
/** Purge all potentially remotely-detectable state held in the hidden
@@ -2609,14 +2632,27 @@ hs_client_purge_state(void)
log_info(LD_REND, "Hidden service client state has been purged.");
}
-/** Called when our directory information has changed. */
+/** Called when our directory information has changed.
+ *
+ * The work done in that function has to either be kept within the HS subsystem
+ * or else scheduled as a mainloop event. In other words, this function can't
+ * call outside to another subsystem to avoid risking recursion problems. */
void
hs_client_dir_info_changed(void)
{
- /* We have possibly reached the minimum directory information or new
- * consensus so retry all pending SOCKS connection in
- * AP_CONN_STATE_RENDDESC_WAIT state in order to fetch the descriptor. */
- retry_all_socks_conn_waiting_for_desc();
+ /* Make sure the mainloop has been initialized. Code path exist that reaches
+ * this before it is. */
+ if (!tor_libevent_is_initialized()) {
+return;
+ }
+
+ /* Lazily create the event. HS Client subsystem doesn't have an init function
+ * and so we do it here before activating it. */
+ if (!dir_info_changed_ev) {
+dir_info_changed_ev = mainloop_event_new(dir_info_changed_callback, NULL);
+ }
+ /* Activate it to run immediately. */
+ mainloop_event_activate(dir_info_changed_ev);
}
#ifdef TOR_UNIT_TESTS
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] readme: Fix sentence in Releases section
commit a04987dd8cc59e482b0c903bb7abc594d6bbbe67 Author: David Goulet Date: Wed Mar 9 14:13:34 2022 -0500 readme: Fix sentence in Releases section Signed-off-by: David Goulet --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 67767c5f36..4a8db49e53 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ make install ## Releases -The tarballs, checksums and signatures can be found: https://dist.torproject.org +The tarballs, checksums and signatures can be found here: https://dist.torproject.org - Checksum: `.sha256sum` - Signatures: `.sha256sum.asc` ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] hs: Fix multiple port label on single metric
commit f4aa985cf7b5ee0b617d235d5f121f5a1762aff2
Author: David Goulet
Date: Tue Mar 8 13:50:34 2022 -0500
hs: Fix multiple port label on single metric
Prometheus needs unique labels and so this bug was causing an onion
service with multiple ports to have multiple "port=" label for the
metrics requiring a port label.
Fixes #40581
Signed-off-by: David Goulet
---
changes/ticket40581 | 4
src/feature/hs/hs_metrics.c | 21 ++---
2 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/changes/ticket40581 b/changes/ticket40581
new file mode 100644
index 00..315215d8ed
--- /dev/null
+++ b/changes/ticket40581
@@ -0,0 +1,4 @@
+ o Minor bugfixes (metrics port, onion service):
+- Fix the metrics with a port label to be unique. Before this, all ports of
+ an onion service would be on the same line which violates the Prometheus
+ rules of unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
diff --git a/src/feature/hs/hs_metrics.c b/src/feature/hs/hs_metrics.c
index 0f1824c51c..e80d98c2dd 100644
--- a/src/feature/hs/hs_metrics.c
+++ b/src/feature/hs/hs_metrics.c
@@ -43,19 +43,26 @@ init_store(hs_service_t *service)
store = service->metrics.store;
for (size_t i = 0; i < base_metrics_size; ++i) {
-metrics_store_entry_t *entry =
- metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
-base_metrics[i].help);
-
-/* Add labels to the entry. */
-metrics_store_entry_add_label(entry,
- metrics_format_label("onion", service->onion_address));
+/* Add entries with port as label. We need one metric line per port. */
if (base_metrics[i].port_as_label && service->config.ports) {
SMARTLIST_FOREACH_BEGIN(service->config.ports,
const hs_port_config_t *, p) {
+metrics_store_entry_t *entry =
+ metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
+base_metrics[i].help);
+
+/* Add labels to the entry. */
+metrics_store_entry_add_label(entry,
+metrics_format_label("onion", service->onion_address));
metrics_store_entry_add_label(entry,
metrics_format_label("port", port_to_str(p->virtual_port)));
} SMARTLIST_FOREACH_END(p);
+} else {
+ metrics_store_entry_t *entry =
+metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
+ base_metrics[i].help);
+ metrics_store_entry_add_label(entry,
+ metrics_format_label("onion", service->onion_address));
}
}
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] hs: Fix multiple port label on single metric
commit 9efb04bb3e979941eada05c1a7d61d08d395376e
Author: David Goulet
Date: Tue Mar 8 13:50:34 2022 -0500
hs: Fix multiple port label on single metric
Prometheus needs unique labels and so this bug was causing an onion
service with multiple ports to have multiple "port=" label for the
metrics requiring a port label.
Fixes #40581
Signed-off-by: David Goulet
---
changes/ticket40581 | 4
src/feature/hs/hs_metrics.c | 23 +++
2 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/changes/ticket40581 b/changes/ticket40581
new file mode 100644
index 00..315215d8ed
--- /dev/null
+++ b/changes/ticket40581
@@ -0,0 +1,4 @@
+ o Minor bugfixes (metrics port, onion service):
+- Fix the metrics with a port label to be unique. Before this, all ports of
+ an onion service would be on the same line which violates the Prometheus
+ rules of unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
diff --git a/src/feature/hs/hs_metrics.c b/src/feature/hs/hs_metrics.c
index 452bb44419..25e2e62111 100644
--- a/src/feature/hs/hs_metrics.c
+++ b/src/feature/hs/hs_metrics.c
@@ -59,19 +59,26 @@ init_store(hs_service_t *service)
store = service->metrics.store;
for (size_t i = 0; i < base_metrics_size; ++i) {
-metrics_store_entry_t *entry =
- metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
-base_metrics[i].help);
-
-/* Add labels to the entry. */
-metrics_store_entry_add_label(entry,
-format_label("onion", service->onion_address));
+/* Add entries with port as label. We need one metric line per port. */
if (base_metrics[i].port_as_label && service->config.ports) {
SMARTLIST_FOREACH_BEGIN(service->config.ports,
const rend_service_port_config_t *, p) {
+metrics_store_entry_t *entry =
+ metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
+base_metrics[i].help);
+
+/* Add labels to the entry. */
+metrics_store_entry_add_label(entry,
+format_label("onion", service->onion_address));
metrics_store_entry_add_label(entry,
- format_label("port", port_to_str(p->virtual_port)));
+format_label("port", port_to_str(p->virtual_port)));
} SMARTLIST_FOREACH_END(p);
+} else {
+ metrics_store_entry_t *entry =
+metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
+ base_metrics[i].help);
+ metrics_store_entry_add_label(entry,
+ format_label("onion", service->onion_address));
}
}
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] hs: Fix multiple port label on single metric
commit 9efb04bb3e979941eada05c1a7d61d08d395376e
Author: David Goulet
Date: Tue Mar 8 13:50:34 2022 -0500
hs: Fix multiple port label on single metric
Prometheus needs unique labels and so this bug was causing an onion
service with multiple ports to have multiple "port=" label for the
metrics requiring a port label.
Fixes #40581
Signed-off-by: David Goulet
---
changes/ticket40581 | 4
src/feature/hs/hs_metrics.c | 23 +++
2 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/changes/ticket40581 b/changes/ticket40581
new file mode 100644
index 00..315215d8ed
--- /dev/null
+++ b/changes/ticket40581
@@ -0,0 +1,4 @@
+ o Minor bugfixes (metrics port, onion service):
+- Fix the metrics with a port label to be unique. Before this, all ports of
+ an onion service would be on the same line which violates the Prometheus
+ rules of unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
diff --git a/src/feature/hs/hs_metrics.c b/src/feature/hs/hs_metrics.c
index 452bb44419..25e2e62111 100644
--- a/src/feature/hs/hs_metrics.c
+++ b/src/feature/hs/hs_metrics.c
@@ -59,19 +59,26 @@ init_store(hs_service_t *service)
store = service->metrics.store;
for (size_t i = 0; i < base_metrics_size; ++i) {
-metrics_store_entry_t *entry =
- metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
-base_metrics[i].help);
-
-/* Add labels to the entry. */
-metrics_store_entry_add_label(entry,
-format_label("onion", service->onion_address));
+/* Add entries with port as label. We need one metric line per port. */
if (base_metrics[i].port_as_label && service->config.ports) {
SMARTLIST_FOREACH_BEGIN(service->config.ports,
const rend_service_port_config_t *, p) {
+metrics_store_entry_t *entry =
+ metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
+base_metrics[i].help);
+
+/* Add labels to the entry. */
+metrics_store_entry_add_label(entry,
+format_label("onion", service->onion_address));
metrics_store_entry_add_label(entry,
- format_label("port", port_to_str(p->virtual_port)));
+format_label("port", port_to_str(p->virtual_port)));
} SMARTLIST_FOREACH_END(p);
+} else {
+ metrics_store_entry_t *entry =
+metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
+ base_metrics[i].help);
+ metrics_store_entry_add_label(entry,
+ format_label("onion", service->onion_address));
}
}
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] hs: Fix multiple port label on single metric
commit 9efb04bb3e979941eada05c1a7d61d08d395376e
Author: David Goulet
Date: Tue Mar 8 13:50:34 2022 -0500
hs: Fix multiple port label on single metric
Prometheus needs unique labels and so this bug was causing an onion
service with multiple ports to have multiple "port=" label for the
metrics requiring a port label.
Fixes #40581
Signed-off-by: David Goulet
---
changes/ticket40581 | 4
src/feature/hs/hs_metrics.c | 23 +++
2 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/changes/ticket40581 b/changes/ticket40581
new file mode 100644
index 00..315215d8ed
--- /dev/null
+++ b/changes/ticket40581
@@ -0,0 +1,4 @@
+ o Minor bugfixes (metrics port, onion service):
+- Fix the metrics with a port label to be unique. Before this, all ports of
+ an onion service would be on the same line which violates the Prometheus
+ rules of unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
diff --git a/src/feature/hs/hs_metrics.c b/src/feature/hs/hs_metrics.c
index 452bb44419..25e2e62111 100644
--- a/src/feature/hs/hs_metrics.c
+++ b/src/feature/hs/hs_metrics.c
@@ -59,19 +59,26 @@ init_store(hs_service_t *service)
store = service->metrics.store;
for (size_t i = 0; i < base_metrics_size; ++i) {
-metrics_store_entry_t *entry =
- metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
-base_metrics[i].help);
-
-/* Add labels to the entry. */
-metrics_store_entry_add_label(entry,
-format_label("onion", service->onion_address));
+/* Add entries with port as label. We need one metric line per port. */
if (base_metrics[i].port_as_label && service->config.ports) {
SMARTLIST_FOREACH_BEGIN(service->config.ports,
const rend_service_port_config_t *, p) {
+metrics_store_entry_t *entry =
+ metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
+base_metrics[i].help);
+
+/* Add labels to the entry. */
+metrics_store_entry_add_label(entry,
+format_label("onion", service->onion_address));
metrics_store_entry_add_label(entry,
- format_label("port", port_to_str(p->virtual_port)));
+format_label("port", port_to_str(p->virtual_port)));
} SMARTLIST_FOREACH_END(p);
+} else {
+ metrics_store_entry_t *entry =
+metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
+ base_metrics[i].help);
+ metrics_store_entry_add_label(entry,
+ format_label("onion", service->onion_address));
}
}
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.6] hs: Fix multiple port label on single metric
commit 9efb04bb3e979941eada05c1a7d61d08d395376e
Author: David Goulet
Date: Tue Mar 8 13:50:34 2022 -0500
hs: Fix multiple port label on single metric
Prometheus needs unique labels and so this bug was causing an onion
service with multiple ports to have multiple "port=" label for the
metrics requiring a port label.
Fixes #40581
Signed-off-by: David Goulet
---
changes/ticket40581 | 4
src/feature/hs/hs_metrics.c | 23 +++
2 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/changes/ticket40581 b/changes/ticket40581
new file mode 100644
index 00..315215d8ed
--- /dev/null
+++ b/changes/ticket40581
@@ -0,0 +1,4 @@
+ o Minor bugfixes (metrics port, onion service):
+- Fix the metrics with a port label to be unique. Before this, all ports of
+ an onion service would be on the same line which violates the Prometheus
+ rules of unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha.
diff --git a/src/feature/hs/hs_metrics.c b/src/feature/hs/hs_metrics.c
index 452bb44419..25e2e62111 100644
--- a/src/feature/hs/hs_metrics.c
+++ b/src/feature/hs/hs_metrics.c
@@ -59,19 +59,26 @@ init_store(hs_service_t *service)
store = service->metrics.store;
for (size_t i = 0; i < base_metrics_size; ++i) {
-metrics_store_entry_t *entry =
- metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
-base_metrics[i].help);
-
-/* Add labels to the entry. */
-metrics_store_entry_add_label(entry,
-format_label("onion", service->onion_address));
+/* Add entries with port as label. We need one metric line per port. */
if (base_metrics[i].port_as_label && service->config.ports) {
SMARTLIST_FOREACH_BEGIN(service->config.ports,
const rend_service_port_config_t *, p) {
+metrics_store_entry_t *entry =
+ metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
+base_metrics[i].help);
+
+/* Add labels to the entry. */
+metrics_store_entry_add_label(entry,
+format_label("onion", service->onion_address));
metrics_store_entry_add_label(entry,
- format_label("port", port_to_str(p->virtual_port)));
+format_label("port", port_to_str(p->virtual_port)));
} SMARTLIST_FOREACH_END(p);
+} else {
+ metrics_store_entry_t *entry =
+metrics_store_add(store, base_metrics[i].type, base_metrics[i].name,
+ base_metrics[i].help);
+ metrics_store_entry_add_label(entry,
+ format_label("onion", service->onion_address));
}
}
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] version: Bump version to 0.4.7.4-alpha-dev
commit 331b2aa34874d5ef57b45ff591e1f64b695ff06c
Author: Tor CI Release
Date: Fri Feb 25 15:19:09 2022 +
version: Bump version to 0.4.7.4-alpha-dev
---
configure.ac| 4 ++--
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h| 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 9c2c30882d..d635aa41c3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.7.4-alpha])
+AC_INIT([tor],[0.4.7.4-alpha-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -18,7 +18,7 @@ AC_DEFINE_UNQUOTED([CONFIG_FLAGS], ["$configure_flags"],
[Flags passed to config
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-25"], # for 0.4.7.4-alpha
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-25"], # for 0.4.7.4-alpha-dev
[Approximate date when this software was released. (Updated when the
version changes.)])
# "foreign" means we don't follow GNU package layout standards
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index 722d944a46..50582190f8 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.4.7.4-alpha"
+!define VERSION "0.4.7.4-alpha-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/;
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index db680ed961..da70d4e7f0 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -217,7 +217,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.4.7.4-alpha"
+#define VERSION "0.4.7.4-alpha-dev"
#define HAVE_STRUCT_SOCKADDR_IN6
#define HAVE_STRUCT_IN6_ADDR
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] version: Bump version to 0.4.7.4-alpha
commit 9059baff91b451b6b65bf5e2d5e3415fa870c01b
Author: Tor CI Release
Date: Fri Feb 25 14:09:50 2022 +
version: Bump version to 0.4.7.4-alpha
---
configure.ac| 4 ++--
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h| 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 24a373ab2f..9c2c30882d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.7.3-alpha-dev])
+AC_INIT([tor],[0.4.7.4-alpha])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -18,7 +18,7 @@ AC_DEFINE_UNQUOTED([CONFIG_FLAGS], ["$configure_flags"],
[Flags passed to config
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2021-12-16"], # for 0.4.7.3-alpha-dev
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-25"], # for 0.4.7.4-alpha
[Approximate date when this software was released. (Updated when the
version changes.)])
# "foreign" means we don't follow GNU package layout standards
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index 60389afc5e..722d944a46 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.4.7.3-alpha-dev"
+!define VERSION "0.4.7.4-alpha"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/;
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 036314d39a..db680ed961 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -217,7 +217,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.4.7.3-alpha-dev"
+#define VERSION "0.4.7.4-alpha"
#define HAVE_STRUCT_SOCKADDR_IN6
#define HAVE_STRUCT_IN6_ADDR
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] release: ChangeLog and ReleaseNotes for 0.4.7.4-alpha
commit a6b948d1ccd022de9e09650b98b8b152fb96d5b6 Author: Tor CI Release Date: Fri Feb 25 14:09:50 2022 + release: ChangeLog and ReleaseNotes for 0.4.7.4-alpha --- ChangeLog | 66 + ReleaseNotes| 66 + changes/bug40499| 7 - changes/bug40550| 3 -- changes/fallbackdirs-2022-02-04 | 2 -- changes/fallbackdirs-2022-02-25 | 2 -- changes/geoip-2022-02-04| 3 -- changes/geoip-2022-02-25| 3 -- changes/ticket40444 | 5 changes/ticket40509 | 4 --- changes/ticket40516 | 3 -- changes/ticket40529 | 5 changes/ticket40544 | 3 -- changes/ticket40548 | 4 --- changes/ticket40559 | 2 -- changes/ticket40564 | 4 --- 16 files changed, 132 insertions(+), 50 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1202f19d36..dc3cf92cd8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,69 @@ +Changes in version 0.4.7.4-alpha - 2022-02-25 + This version contains the negotiation congestion control work which is the + final part needed before going stable. There are also various bugfixes + including two major ones detailed below. Last, the Exit notice page layout + has been modernized but the text is unchanged. We recommend that all relay + operators running any previous alpha upgrade to this one. + + o Major features (relay, client, onion services): +- Implement RTT-based congestion control for exits and onion + services, from Proposal 324. Disabled by default. Enabled by the + 'cc_alg' consensus parameter. Closes ticket 40444. + + o Major bugfixes (client): +- Stop caching TCP connect failures to relays/bridges when we + initiated the connection as a client. Now we only cache connect + failures as a relay or bridge when we initiated them because of an + EXTEND request. Declining to re-attempt the client-based + connections could cause problems when we lose connectivity and try + to reconnect. Fixes bug 40499; bugfix on 0.3.3.4-alpha. + + o Major bugfixes (relay, overload): +- Do not trigger a general overload on DNS timeout. Even after + fixing 40527, some code remained that triggered the overload. + Fixes bug 40564; bugfix on 0.4.7.1-alpha. + + o Minor feature (authority, relay): +- Reject End-Of-Life relays running version 0.3.5.x. Closes + ticket 40559. + + o Minor features (fallbackdir): +- Regenerate fallback directories generated on February 25, 2022. + + o Minor features (geoip data): +- Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/25. + + o Minor bugfix (logging): +- Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): +- Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (cell scheduling): +- Avoid writing empty payload with NSS write. +- Don't attempt to write 0 bytes after a cell scheduling loop. No + empty payload was put on the wire. Fixes bug 40548; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (compilation): +- Resume being able to build on old / esoteric gcc versions. Fixes + bug 40550; bugfix on 0.4.7.1-alpha. + + o Minor bugfixes (compiler warnings): +- Fix couple compiler warnings on latest Ubuntu Jammy. Fixes bug + 40516; bugfix on 0.3.5.1-alpha. + + o Documentation: +- Provide an improved version of the tor-exit-notice.html file for + exit relays to use as a landing page. The text is unchanged, but + the page design and layout are significantly modernized, and + several links are fixed. Patch from "n_user"; closes ticket 40529. + + Changes in version 0.4.6.10 - 2022-02-04 This version contains minor bugfixes but one in particular is that relays don't advertise onion service v2 support at the protocol version level. diff --git a/ReleaseNotes b/ReleaseNotes index 41b28e8307..cecbd0d315 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,72 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.7.4-alpha - 2022-02-25 + This version contains the negotiation congestion control work which is the + final part needed before going stable. There are also various bugfixes + including two major ones detailed below. Last, the Exit notice page layout + has been modernized but the text is unchanged. We recommend that all relay + operators running any previous alpha upgrade to this one. + + o Major features (relay, client,
[tor-commits] [tor/main] fallbackdir: Update list generated on February 25, 2022
commit 211e0937616d33b2875c8d69fdde1eb111cd0c6d Author: Tor CI Release Date: Fri Feb 25 14:09:00 2022 + fallbackdir: Update list generated on February 25, 2022 --- changes/fallbackdirs-2022-02-25 | 2 + src/app/config/fallback_dirs.inc | 979 +++ 2 files changed, 487 insertions(+), 494 deletions(-) diff --git a/changes/fallbackdirs-2022-02-25 b/changes/fallbackdirs-2022-02-25 new file mode 100644 index 00..46ea506bd2 --- /dev/null +++ b/changes/fallbackdirs-2022-02-25 @@ -0,0 +1,2 @@ + o Minor features (fallbackdir): +- Regenerate fallback directories generated on February 25, 2022. diff --git a/src/app/config/fallback_dirs.inc b/src/app/config/fallback_dirs.inc index 87c1886e83..197574896f 100644 --- a/src/app/config/fallback_dirs.inc +++ b/src/app/config/fallback_dirs.inc @@ -3,1100 +3,1091 @@ /* timestamp=2021041200 */ /* source=offer-list */ // -// Generated on: Fri, 04 Feb 2022 15:49:02 + +// Generated on: Fri, 25 Feb 2022 14:09:00 + -"140.78.100.21 orport=5443 id=6E3508CB2374D411CD41FEE8ECDF70DA3A2F7A28" -/* nickname=INSRelay21at5443 */ +"114.108.58.201 orport=443 id=412767ECB0CEF7DCBAF8748DDBA8575860DD6782" +/* nickname=winterferien */ /* extrainfo=0 */ /* = */ , -"88.196.80.132 orport=443 id=86CDD0D92AB972538416A382D99666736CDDF141" -/* nickname=RyderIII */ +"176.126.253.190 orport=9001 id=B5DE82BBE82B0950A2AFB488F1D51EC92BF0A6F6" +/* nickname=Uncle */ /* extrainfo=0 */ /* = */ , -"213.239.217.68 orport=4433 id=FFBC69467B37D6AC66598BBD295F9B0D74119ADC" -/* nickname=plan9leia */ +"212.74.233.18 orport=9001 id=D568EAA2A7017AFCD3FBAD64111C92CB8FD3A418" +/* nickname=nicotrack */ /* extrainfo=0 */ /* = */ , -"185.220.100.247 orport=9100 id=B891CB6370CF7C51C6FB24D80947AFB7ED463D00" -" ipv6=[2a0b:f4c0:16c:9::1]:9100" -/* nickname=niftygrolantor */ +"198.251.68.144 orport=9001 id=83AEDBDB4BE3AD0ED91850BF1A521B843077759E" +/* nickname=focaltohr */ /* extrainfo=0 */ /* = */ , -"192.121.108.236 orport=9001 id=C5F0591A16BD68EB88170D921B0E331F180E624B" -/* nickname=HjelmEnterprises01 */ +"104.244.74.55 orport=9001 id=B3D84B209451D608A81F5E87189CE79E3DFA87BA" +/* nickname=Hydra2 */ /* extrainfo=0 */ /* = */ , -"104.244.72.7 orport=9000 id=035F813195F0CB9F567EDFDF60C6745CA36BA0BD" -" ipv6=[2605:6400:30:ed94:5152:73e1:5e88:35f4]:9000" -/* nickname=Quetzalcoatl */ +"95.211.210.72 orport=443 id=D2F4DAC5918BB082A5CFAC5275B29FAC9B399B2B" +/* nickname=cairnes */ /* extrainfo=0 */ /* = */ , -"46.126.164.243 orport=443 id=7B28971D4A29995784E3066B9D87E42E9C685F3A" -/* nickname=torified */ +"91.39.145.184 orport=9001 id=6D93503E150496BB32A4912F904C4E2DB205278D" +" ipv6=[2003:c2:c723:7700:329c:23ff:fece:a96c]:9001" +/* nickname=SysadmAtNbg */ /* extrainfo=0 */ /* = */ , -"99.45.175.117 orport=443 id=515100EDE19C0F5E0CADD391DE33E0DE14B00FDD" -" ipv6=[2600:1700:6972:1200:dea6:32ff:fec5:ff87]:443" -/* nickname=pi87 */ +"85.208.97.42 orport=9000 id=9ED8E45D2C666F019C17F23FF567E9EB1E7DADB8" +/* nickname=dr167 */ /* extrainfo=0 */ /* = */ , -"54.38.219.251 orport=443 id=C303038FDCC72805A160FF64E994333A49ECDA71" -" ipv6=[2001:470:73f7::7]:443" -/* nickname=Fission12 */ +"134.209.85.230 orport=9001 id=FBB725EB8C2F099317933F8C5469B2B2249F36C7" +" ipv6=[2a03:b0c0:2:d0::fa0:9001]:9001" +/* nickname=pnamstor001 */ /* extrainfo=0 */ /* = */ , -"185.183.194.90 orport=443 id=4CEAFCE5841C0DAE30164B4F59452F7F4D818A67" -" ipv6=[2001:1620:425a:6fde::10]:443" -/* nickname=QOnan */ +"81.169.222.158 orport=9001 id=02740F472D1DA5C1B77475F18940FE79F15AF4B8" +" ipv6=[2a01:238:4224:8d00:f3a9:25e6:4cb6:f3d]:9001" +/* nickname=zagreus */ /* extrainfo=0 */ /* = */ , -"199.249.230.179 orport=443 id=3A1BC65DF03ECD50FDF7CFF9C5A4E049FCB9C1AF" -" ipv6=[2620:7:6001::179]:80" -/* nickname=Quintex90 */ +"158.69.205.247 orport=443 id=D7316BF7FD633DD7474B18C33E1D5FDEB04D26A7" +" ipv6=[2607:5300:201:3000::da8]:443" +/* nickname=NuclearShack */ /* extrainfo=0 */ /* = */ , -"185.220.101.10 orport=9443 id=DA9ABAEA49FBF9E75E9EC020380E361688A3B23E" -" ipv6=[2a0b:f4c2::10]:9443" -/* nickname=artikel10ber20 */ +"95.217.248.169 orport=9001 id=F08A3744CA6568ED28545C2B7C1BE7D8BA27CBDE" +" ipv6=[2a01:4f9:4a:f230::10:4]:9001" +/* nickname=winR */ /* extrainfo=0 */ /* = */ , -"67.3.185.13 orport=443 id=EC4B6AF202EFE752C4D9E2FBD092C4EAE779ADA1" -/* nickname=Unnamed */ +"82.118.21.102 orport=443 id=3BEEDD97C7B00C4BA417A8FAA22F858465E77EBC" +" ipv6=[2a05:9404::92]:443" +/* nickname=DTFNODE38 */ /* extrainfo=0 */ /* = */ , -"104.244.77.73 orport=9001 id=2FE81C1FD45AC593193F04DF781980257E4BCD03" -/* nickname=Hydra62 */ +"89.58.0.89 orport=443 id=1669E51A8F1D7D7255683F5536D3BE643EB11664" +" ipv6=[2a03:4000:5d:dd7:1451:c9ff:fe68:1d78]:443" +/* nickname=boats */ /* extrainfo=0 */ /* = */ , -"185.4.134.104 orport=9001 id=C6E3910CBADCA6D2D7E932AB31A038EDD6A6FB79" -" ipv6=[2a02:c500:2:110::2d49]:9001" -/*
[tor-commits] [fallback-scripts/main] Support latest arti and cargo update
commit d2a628291cc6ecc6d6b9672d5665f68248885efd
Author: David Goulet
Date: Fri Feb 25 09:07:04 2022 -0500
Support latest arti and cargo update
Signed-off-by: David Goulet
---
src/main.rs | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/main.rs b/src/main.rs
index 6413139..7b85d04 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -4,7 +4,7 @@ use rand::seq::SliceRandom;
use std::fs::File;
use std::io::{BufWriter, Write};
use tokio_crate as tokio;
-use tor_rtcompat::tokio::TokioRuntimeHandle;
+use tor_rtcompat::tokio::TokioNativeTlsRuntime;
use arti_client::{self, TorClientConfig};
use tor_netdir;
@@ -96,14 +96,14 @@ fn write_header_to_file(writer: BufWriter<>) ->
Result<()> {
#[tokio::main]
async fn main() -> Result<()> {
let config = TorClientConfig::default();
-let rt: TokioRuntimeHandle =
tokio_crate::runtime::Handle::current().into();
+let rt: TokioNativeTlsRuntime =
tokio_crate::runtime::Handle::current().into();
println!("[+] Fetching onionoo relays...");
let onionoo_relays_fprs = onionoo::get_relay_fprs_from_onionoo().await?;
println!("[+] Bootstrapping to the Tor network...");
-let arti_client = arti_client::TorClient::bootstrap(rt, config).await?;
-let netdir = arti_client.dirmgr().netdir();
+let arti_client = arti_client::TorClient::create_bootstrapped(rt,
config).await?;
+let netdir = arti_client.dirmgr().netdir()?;
println!("[+] Cross-referencing relays between Onionoo and Tor
consensus...");
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] don't cache connect failures from our own circuits
commit 5ad126a51bdfaeecc81b1cb6517abd2d5e039fad
Author: Roger Dingledine
Date: Tue Oct 26 05:40:38 2021 -0400
don't cache connect failures from our own circuits
The connect failure cache had a bad interaction with retrying connections
to our guards or bridges when we go offline and then come back online --
while offline we would fail to connect and cache this result, and then
when we return we would decline to even attempt to connect, because our
failure cache said it wouldn't work.
Now only cache connect failures for relays when we connected to them
because of somebody else's EXTEND request.
Fixes bug 40499; bugfix on 0.3.3.4-alpha.
---
changes/bug40499| 7 +++
src/core/or/connection_or.c | 7 +++
2 files changed, 14 insertions(+)
diff --git a/changes/bug40499 b/changes/bug40499
new file mode 100644
index 00..149e9bd200
--- /dev/null
+++ b/changes/bug40499
@@ -0,0 +1,7 @@
+ o Major bugfixes (client):
+- Stop caching TCP connect failures to relays/bridges when we
+ initiated the connection as a client. Now we only cache connect
+ failures as a relay or bridge when we initiated them because
+ of an EXTEND request. Declining to re-attempt the client-based
+ connections could cause problems when we lose connectivity and
+ try to reconnect. Fixes bug 40499; bugfix on 0.3.3.4-alpha.
diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c
index db9f93e6f6..0018b1dfd8 100644
--- a/src/core/or/connection_or.c
+++ b/src/core/or/connection_or.c
@@ -1316,6 +1316,13 @@ note_or_connect_failed(const or_connection_t *or_conn)
tor_assert(or_conn);
+ if (or_conn->potentially_used_for_bootstrapping) {
+/* Don't cache connection failures for connections we initiated ourself.
+ * If these direct connections fail, we're supposed to recognize that
+ * the destination is down and stop trying. See ticket 40499. */
+return;
+ }
+
ocf = or_connect_failure_find(or_conn);
if (ocf == NULL) {
ocf = or_connect_failure_new(or_conn);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] fix an already-existing bug in the unit tests
commit 5ee85c1fac9adbc09e0930166841c192129b2c28 Author: Roger Dingledine Date: Fri Oct 29 15:24:43 2021 -0400 fix an already-existing bug in the unit tests where the or_conn for testing the failure cache would be initialized with random stack data, so e.g. its potentially_used_for_bootstrapping field would start out at some random value. --- src/test/test_connection.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/test/test_connection.c b/src/test/test_connection.c index 87940f71e6..fbf9d6a5ab 100644 --- a/src/test/test_connection.c +++ b/src/test/test_connection.c @@ -826,6 +826,7 @@ test_failed_orconn_tracker(void *arg) /* Prepare the OR connection that will be used in this test */ or_connection_t or_conn; + memset(_conn, 0, sizeof(or_conn)); tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_conn.canonical_orport.addr, "18.0.0.1")); tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_conn.base_.addr, "18.0.0.1")); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Merge branch 'tor-gitlab/mr/488'
commit 45416356ed7dc5551cda491c01a4d7df1ed97a20 Merge: d09e58d9bf 5ee85c1fac Author: David Goulet Date: Wed Feb 23 15:21:40 2022 -0500 Merge branch 'tor-gitlab/mr/488' changes/bug40499| 7 +++ src/core/or/connection_or.c | 7 +++ src/test/test_connection.c | 1 + 3 files changed, 15 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] cc: Fix memleak when building extension response
commit d09e58d9bf0a2c94cec886756351cb718cb31959
Author: David Goulet
Date: Wed Feb 23 13:22:59 2022 -0500
cc: Fix memleak when building extension response
Fixes #40575
Signed-off-by: David Goulet
---
src/core/or/congestion_control_common.c | 8 +++-
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index fb56014315..93d3a9f2c5 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -1303,6 +1303,7 @@ congestion_control_build_ext_response(const
circuit_params_t *our_params,
ret = trn_extension_field_cc_encoded_len(cc_field);
if (BUG(ret <= 0)) {
+ trn_extension_field_free(field);
goto err;
}
size_t field_len = ret;
@@ -1313,6 +1314,7 @@ congestion_control_build_ext_response(const
circuit_params_t *our_params,
ret = trn_extension_field_cc_encode(field_array,
trn_extension_field_getlen_field(field), cc_field);
if (BUG(ret <= 0)) {
+ trn_extension_field_free(field);
goto err;
}
@@ -1340,11 +1342,7 @@ congestion_control_build_ext_response(const
circuit_params_t *our_params,
ret = 0;
err:
- if (ext) {
-trn_extension_free(ext);
- } else {
-trn_extension_field_free(field);
- }
+ trn_extension_free(ext);
trn_extension_field_cc_free(cc_field);
return (int)ret;
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Reject intro2 cells that request unadvertized congestion control.
commit 2d0377be75b158dde3a91b55d248fee4fe381452
Author: Mike Perry
Date: Wed Feb 23 00:42:31 2022 +
Reject intro2 cells that request unadvertized congestion control.
---
src/feature/hs/hs_cell.c | 6 ++
src/test/test_hs_service.c | 1 +
2 files changed, 7 insertions(+)
diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c
index b7ab68f7c4..490f05e54f 100644
--- a/src/feature/hs/hs_cell.c
+++ b/src/feature/hs/hs_cell.c
@@ -952,6 +952,12 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
}
}
+ /* If the client asked for congestion control, but we don't support it,
+ * that's a failure. It should not have asked, based on our descriptor. */
+ if (data->cc_enabled && !congestion_control_enabled()) {
+goto done;
+ }
+
/* Success. */
ret = 0;
log_info(LD_REND, "Valid INTRODUCE2 cell. Launching rendezvous circuit.");
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index 33a3f279c6..482ee1a014 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -2330,6 +2330,7 @@ test_intro2_handling(void *arg)
intro_circ->cpath->prev = intro_circ->cpath;
intro_circ->hs_ident = tor_malloc_zero(sizeof(*intro_circ->hs_ident));
origin_circuit_t rend_circ;
+ TO_CIRCUIT(_circ)->ccontrol = NULL;
rend_circ.hs_ident = tor_malloc_zero(sizeof(*rend_circ.hs_ident));
curve25519_keypair_generate(_circ.hs_ident->rendezvous_client_kp, 0);
memset(rend_circ.hs_ident->rendezvous_cookie, 'r', HS_REND_COOKIE_LEN);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Properly initialize the cc_enabled field in hs intro data.
commit 77bf932c83a1a8b1cf627a66656f40dea715d75e
Author: Mike Perry
Date: Wed Feb 23 00:23:23 2022 +
Properly initialize the cc_enabled field in hs intro data.
---
src/feature/hs/hs_circuit.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
index 271bf652e7..f8a0e06d90 100644
--- a/src/feature/hs/hs_circuit.c
+++ b/src/feature/hs/hs_circuit.c
@@ -996,6 +996,7 @@ hs_circ_handle_introduce2(const hs_service_t *service,
data.payload_len = payload_len;
data.link_specifiers = smartlist_new();
data.replay_cache = ip->replay_cache;
+ data.cc_enabled = 0;
if (get_subcredential_for_handling_intro2_cell(service,
, subcredential)) {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Merge branch 'tor-gitlab/mr/536'
commit 69f1a7aa5944060f62ab3761f468cb6cd654d636 Merge: 37b0d464b8 2d0377be75 Author: David Goulet Date: Wed Feb 23 13:19:10 2022 -0500 Merge branch 'tor-gitlab/mr/536' src/feature/hs/hs_cell.c| 6 ++ src/feature/hs/hs_circuit.c | 1 + src/test/test_hs_service.c | 1 + 3 files changed, 8 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/main] Prop 324: Updates for Negotiation and Simulation Testing
commit 71c326ae934eee9f76b957f9097f5dba7fed8974 Author: Mike Perry Date: Tue Nov 30 06:03:28 2021 + Prop 324: Updates for Negotiation and Simulation Testing Changes: - Rework exit negotiation logic a bit - Specify using ntorv3 with extension fields for negotiation - Clients only request congestion control; exits and services control sendme_inc - Rework onion service negotiation for descriptor-controlled FlowCtrl protover and sendme_inc value - Add bounds checks on sendme_inc for clients - Update parameter values based on Shadow results - Improvements to TOR_VEGAS algorithm based on simulation testing - Additional consensus parameters for RTT N-EWMA smoothing and TOR_VEGAS queue use caps - Clarify N_EWMA smoothing, and relocate it to its own sub-section. - TOR_VEGAS now defaults to CWND/RTT BDP estimator - Minor TOR_VEGAS alg bugfixes - Add a 'delta' parameter to TOR_VEGAS for steady-state backoff - Consensus param update notes and param range fixes. - Add glossary of common congestion control acronyms - Misc clarifications --- proposals/324-rtt-congestion-control.txt | 524 +++ 1 file changed, 395 insertions(+), 129 deletions(-) diff --git a/proposals/324-rtt-congestion-control.txt b/proposals/324-rtt-congestion-control.txt index 36e10e7..78b6789 100644 --- a/proposals/324-rtt-congestion-control.txt +++ b/proposals/324-rtt-congestion-control.txt @@ -51,6 +51,9 @@ be found at: An exhaustive list of citations for further reading is in Section [CITATIONS]. +A glossary of common congestion control acronyms and terminology is in +Section [GLOSSARY]. + 1. Overview [OVERVIEW] @@ -115,15 +118,14 @@ RELAY_COMMAND_SENDME relay cells every CIRCWINDOW_INCREMENT (100) cells of received RELAY_COMMAND_DATA. This allows those endpoints to measure the current circuit RTT, by -measuring the amount of time between sending of every 100th data cell -and the arrival of the SENDME command that the other endpoint -immediately sends to ack that 100th cell. - -Circuits will record the current RTT measurement as a field in their -circuit_t data structure. The current RTT is N-EWMA smoothed[27] over a -'cc_ewma_cwnd_cnt' multiple of congestion window worth of sendme acks. +measuring the amount of time between sending a RELAY_COMMAND_DATA cell +that would trigger a SENDME from the other endpoint, and the arrival of +that SENDME cell. This means that RTT is measured every 'cc_sendme_inc' +data cells. -Circuits will also record the minimum and maximum RTT seen so far. +Circuits will record the minimum and maximum RTT measurement, as well as +a smoothed value of representing the current RTT. The smoothing for the +current RTT is performed as specified in [N_EWMA_SMOOTHING]. Algorithms that make use of this RTT measurement for congestion window update are specified in [CONTROL_ALGORITHMS]. @@ -146,8 +148,8 @@ If the time delta is 0, that is always treated as a clock stall. If we have measured at least 'cc_bwe_min' RTT values or we have successfully exited slow start, then every sendme ACK, the new candidate RTT is compared to -the stored EWMA RTT. If the new RTT is either 100 times larger than the EWMA -RTT, or 100 times smaller than the stored EWMA RTT, then we do not record that +the stored EWMA RTT. If the new RTT is either 5000 times larger than the EWMA +RTT, or 5000 times smaller than the stored EWMA RTT, then we do not record that estimate, and do not update BDP or the congestion control algorithms for that SENDME ack. @@ -157,6 +159,28 @@ have enough data to compute the above heueristics. This cached value is also exported for use by the edge connection rate calculations done by [XON_ADVISORY]. +2.1.2. N_EWMA Smoothing [N_EWMA_SMOOTHING] + +Both RTT estimation and SENDME BDP estimation require smoothing, to +reduce the effects of packet jitter. + +This smoothing is performed using N_EWMA[27], which is an Exponential +Moving Average with alpha = 2/(N+1): + + N_EWMA = BDP*2/(N+1) + N_EWMA_prev*(N-1)/(N+1). + +Flow control rate limiting uses this function + +For both RTT and SENDME BDP estimation, N is the number of SENDME acks +between congestion window updates, divided by the value of consensus +parameter 'cc_ewma_cwnd_pct', and then capped at a max of 'cc_ewma_max', +but always at least 2: + + N = MAX(MIN(CWND_UPDATE_RATE(cc)*cc_ewma_cwnd_pct/100, cc_ewma_max), 2); + +CWND_UPDATE_RATE is normally just round(CWND/cc_sendme_inc), but after +slow start, it is round(CWND/(cc_cwnd_inc_rate*cc_sendme_inc)). + 2.2. SENDME behavior changes We will make four major changes to SENDME behavior to aid in computing @@ -174,10 +198,9 @@ congestion, since the RTT will be measured more often. If experimentation in Shadow shows that more frequent SENDMEs reduce congestion and improve performance but add significant overhead, we can reduce
[tor-commits] [tor/main] Add test for circuit_sendme_cell_is_next() when sendme_inc is 100.
commit 5c88bea84c3535ed908d51d2ed2e9beaa58ee607
Author: Mike Perry
Date: Thu Feb 17 00:04:41 2022 +
Add test for circuit_sendme_cell_is_next() when sendme_inc is 100.
This ensures compatibility with old tor.
---
src/core/or/sendme.c | 2 +-
src/core/or/sendme.h | 2 ++
src/test/test_sendme.c | 25 +
3 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/src/core/or/sendme.c b/src/core/or/sendme.c
index 9acef1cc20..494910049e 100644
--- a/src/core/or/sendme.c
+++ b/src/core/or/sendme.c
@@ -338,7 +338,7 @@ record_cell_digest_on_circ(circuit_t *circ, const uint8_t
*sendme_digest)
* low in the stack when decrypting or encrypting a cell. The window is only
* updated once the cell is actually put in the outbuf.
*/
-static bool
+STATIC bool
circuit_sendme_cell_is_next(int deliver_window, int sendme_inc)
{
/* Are we at the limit of the increment and if not, we don't expect next
diff --git a/src/core/or/sendme.h b/src/core/or/sendme.h
index 2abec91a91..bc1daef23d 100644
--- a/src/core/or/sendme.h
+++ b/src/core/or/sendme.h
@@ -73,6 +73,8 @@ STATIC ssize_t build_cell_payload_v1(const uint8_t
*cell_digest,
STATIC bool sendme_is_valid(const circuit_t *circ,
const uint8_t *cell_payload,
size_t cell_payload_len);
+STATIC bool circuit_sendme_cell_is_next(int deliver_window,
+int sendme_inc);
#endif /* defined(TOR_UNIT_TESTS) */
diff --git a/src/test/test_sendme.c b/src/test/test_sendme.c
index eef65a394e..1a046b5c50 100644
--- a/src/test/test_sendme.c
+++ b/src/test/test_sendme.c
@@ -348,6 +348,30 @@ test_package_payload_len(void *arg)
tor_free(c);
}
+/* Check that circuit_sendme_is_next works with a window of 1000,
+ * and a sendme_inc of 100 (old school tor compat) */
+static void
+test_sendme_is_next1000(void *arg)
+{
+ (void)arg;
+ tt_int_op(circuit_sendme_cell_is_next(1000, 100), OP_EQ, 0);
+ tt_int_op(circuit_sendme_cell_is_next(999, 100), OP_EQ, 0);
+ tt_int_op(circuit_sendme_cell_is_next(901, 100), OP_EQ, 1);
+
+ tt_int_op(circuit_sendme_cell_is_next(900, 100), OP_EQ, 0);
+ tt_int_op(circuit_sendme_cell_is_next(899, 100), OP_EQ, 0);
+ tt_int_op(circuit_sendme_cell_is_next(801, 100), OP_EQ, 1);
+
+ tt_int_op(circuit_sendme_cell_is_next(101, 100), OP_EQ, 1);
+ tt_int_op(circuit_sendme_cell_is_next(100, 100), OP_EQ, 0);
+ tt_int_op(circuit_sendme_cell_is_next(99, 100), OP_EQ, 0);
+ tt_int_op(circuit_sendme_cell_is_next(1, 100), OP_EQ, 1);
+ tt_int_op(circuit_sendme_cell_is_next(0, 100), OP_EQ, 0);
+
+done:
+ ;
+}
+
struct testcase_t sendme_tests[] = {
{ "v1_record_digest", test_v1_record_digest, TT_FORK,
NULL, NULL },
@@ -360,6 +384,7 @@ struct testcase_t sendme_tests[] = {
{ "cell_version_validation", test_cell_version_validation, TT_FORK,
NULL, NULL },
{ "package_payload_len", test_package_payload_len, 0, NULL, NULL },
+ { "sendme_is_next1000", test_sendme_is_next1000, 0, NULL, NULL },
END_OF_TESTCASES
};
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Add changes file
commit 933e4b4788982d35414d5ecfe54a94479513b136 Author: Mike Perry Date: Fri Feb 4 00:46:50 2022 + Add changes file --- changes/ticket40444 | 5 + 1 file changed, 5 insertions(+) diff --git a/changes/ticket40444 b/changes/ticket40444 new file mode 100644 index 00..62aa281889 --- /dev/null +++ b/changes/ticket40444 @@ -0,0 +1,5 @@ + o Major features (relay, client, onion services): +- Implement RTT-based congestion control for exits and onion services, + from Proposal 324. Disabled by default. Enabled by the 'cc_alg' + consensus parameter. Closes ticket 40444. + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Add test for sendme_inc validation.
commit 01bda6c23f58947ad1e20ea6367a5c260f53dfab
Author: Mike Perry
Date: Thu Feb 17 17:36:46 2022 +
Add test for sendme_inc validation.
---
src/test/test_hs_descriptor.c | 40
1 file changed, 40 insertions(+)
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index ecb7da2450..469e3c39f9 100644
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -840,6 +840,44 @@ test_build_authorized_client(void *arg)
testing_disable_prefilled_rng();
}
+static void
+test_validate_sendme(void *arg)
+{
+ (void)arg;
+
+ /* Test basic operation: factors of 2X in either direction are OK */
+ cc_sendme_inc = 31;
+ tt_assert(congestion_control_validate_sendme_increment(15));
+ tt_assert(congestion_control_validate_sendme_increment(62));
+
+ /* Test basic operation: Exceeding 2X fails */
+ cc_sendme_inc = 31;
+ tt_assert(!congestion_control_validate_sendme_increment(14));
+ tt_assert(!congestion_control_validate_sendme_increment(63));
+
+ /* Test potential overflow conditions */
+ cc_sendme_inc = 129;
+ tt_assert(congestion_control_validate_sendme_increment(255));
+ tt_assert(congestion_control_validate_sendme_increment(64));
+ tt_assert(!congestion_control_validate_sendme_increment(63));
+
+ cc_sendme_inc = 127;
+ tt_assert(!congestion_control_validate_sendme_increment(255));
+ tt_assert(congestion_control_validate_sendme_increment(254));
+
+ cc_sendme_inc = 255;
+ tt_assert(congestion_control_validate_sendme_increment(255));
+ tt_assert(congestion_control_validate_sendme_increment(127));
+ tt_assert(!congestion_control_validate_sendme_increment(126));
+
+ /* Test 0 case */
+ cc_sendme_inc = 1;
+ tt_assert(!congestion_control_validate_sendme_increment(0));
+
+done:
+ ;
+}
+
struct testcase_t hs_descriptor[] = {
/* Encoding tests. */
{ "cert_encoding", test_cert_encoding, TT_FORK,
@@ -860,6 +898,8 @@ struct testcase_t hs_descriptor[] = {
NULL, NULL },
{ "decode_bad_signature", test_decode_bad_signature, TT_FORK,
NULL, NULL },
+ { "validate_sendme", test_validate_sendme, TT_FORK,
+NULL, NULL },
/* Misc. */
{ "version", test_supported_version, TT_FORK,
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Add test for sendme_cell_is_next with sendme_inc of 31
commit 8f4bd8730c1df180e0ef2f5e6565c21b37ae593a
Author: Mike Perry
Date: Thu Feb 17 00:26:08 2022 +
Add test for sendme_cell_is_next with sendme_inc of 31
---
src/test/test_sendme.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/src/test/test_sendme.c b/src/test/test_sendme.c
index 1a046b5c50..ea7ccd0b3c 100644
--- a/src/test/test_sendme.c
+++ b/src/test/test_sendme.c
@@ -372,6 +372,26 @@ done:
;
}
+/* Check that circuit_sendme_is_next works with a window of 31 */
+static void
+test_sendme_is_next(void *arg)
+{
+ (void)arg;
+ tt_int_op(circuit_sendme_cell_is_next(1000, 31), OP_EQ, 0);
+ tt_int_op(circuit_sendme_cell_is_next(970, 31), OP_EQ, 1);
+ tt_int_op(circuit_sendme_cell_is_next(969, 31), OP_EQ, 0);
+
+ /* deliver_window should never get this low, but test anyway */
+ tt_int_op(circuit_sendme_cell_is_next(9, 31), OP_EQ, 1);
+ tt_int_op(circuit_sendme_cell_is_next(8, 31), OP_EQ, 0);
+ tt_int_op(circuit_sendme_cell_is_next(7, 31), OP_EQ, 0);
+ tt_int_op(circuit_sendme_cell_is_next(1, 31), OP_EQ, 0);
+ tt_int_op(circuit_sendme_cell_is_next(0, 31), OP_EQ, 0);
+
+ done:
+ ;
+}
+
struct testcase_t sendme_tests[] = {
{ "v1_record_digest", test_v1_record_digest, TT_FORK,
NULL, NULL },
@@ -385,6 +405,7 @@ struct testcase_t sendme_tests[] = {
NULL, NULL },
{ "package_payload_len", test_package_payload_len, 0, NULL, NULL },
{ "sendme_is_next1000", test_sendme_is_next1000, 0, NULL, NULL },
+ { "sendme_is_next", test_sendme_is_next, 0, NULL, NULL },
END_OF_TESTCASES
};
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Add a delta parameter to Vegas.
commit a956b20c1d090ee2439f47418a6540d2f95be279
Author: Mike Perry
Date: Tue Feb 1 15:32:08 2022 +
Add a delta parameter to Vegas.
This allows us to cap the queue use during steady state. In shadow, this
reduced instances of long circuit queues at relays.
---
src/core/or/congestion_control_st.h| 2 ++
src/core/or/congestion_control_vegas.c | 28 ++--
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/src/core/or/congestion_control_st.h
b/src/core/or/congestion_control_st.h
index ea80868350..2c905772c1 100644
--- a/src/core/or/congestion_control_st.h
+++ b/src/core/or/congestion_control_st.h
@@ -103,6 +103,8 @@ struct vegas_params_t {
uint16_t alpha;
/** The queue use above which we decrement cwnd */
uint16_t beta;
+/** The queue use at which we cap cwnd in steady state */
+uint16_t delta;
/** Weighted average (percent) between cwnd estimator and
* piecewise estimator. */
uint8_t bdp_mix_pct;
diff --git a/src/core/or/congestion_control_vegas.c
b/src/core/or/congestion_control_vegas.c
index ff825f94cc..5c62787375 100644
--- a/src/core/or/congestion_control_vegas.c
+++ b/src/core/or/congestion_control_vegas.c
@@ -29,27 +29,32 @@
#define VEGAS_ALPHA_SBWS_DFLT (2*OUTBUF_CELLS-TLS_RECORD_MAX_CELLS)
#define VEGAS_BETA_SBWS_DFLT (2*OUTBUF_CELLS)
#define VEGAS_GAMMA_SBWS_DFLT (2*OUTBUF_CELLS)
+#define VEGAS_DELTA_SBWS_DFLT (4*OUTBUF_CELLS)
/* Exits are three hops, so params are based on 3 outbufs of cells */
#define VEGAS_ALPHA_EXIT_DFLT (3*OUTBUF_CELLS-TLS_RECORD_MAX_CELLS)
#define VEGAS_BETA_EXIT_DFLT (3*OUTBUF_CELLS)
#define VEGAS_GAMMA_EXIT_DFLT (3*OUTBUF_CELLS)
+#define VEGAS_DELTA_EXIT_DFLT (5*OUTBUF_CELLS)
/* Onion rends are six hops, so params are based on 6 outbufs of cells */
#define VEGAS_ALPHA_ONION_DFLT (6*OUTBUF_CELLS-TLS_RECORD_MAX_CELLS)
#define VEGAS_BETA_ONION_DFLT (6*OUTBUF_CELLS)
#define VEGAS_GAMMA_ONION_DFLT (6*OUTBUF_CELLS)
+#define VEGAS_DELTA_ONION_DFLT (8*OUTBUF_CELLS)
/* Single Onions are three hops, so params are based on 3 outbufs of cells */
#define VEGAS_ALPHA_SOS_DFLT (3*OUTBUF_CELLS-TLS_RECORD_MAX_CELLS)
#define VEGAS_BETA_SOS_DFLT (3*OUTBUF_CELLS)
#define VEGAS_GAMMA_SOS_DFLT (3*OUTBUF_CELLS)
+#define VEGAS_DELTA_SOS_DFLT (5*OUTBUF_CELLS)
/* Vanguard Onions are 7 hops (or 8 if both sides use vanguards, but that
* should be rare), so params are based on 7 outbufs of cells */
#define VEGAS_ALPHA_VG_DFLT (7*OUTBUF_CELLS-TLS_RECORD_MAX_CELLS)
#define VEGAS_BETA_VG_DFLT (7*OUTBUF_CELLS)
#define VEGAS_GAMMA_VG_DFLT (7*OUTBUF_CELLS)
+#define VEGAS_DELTA_VG_DFLT (9*OUTBUF_CELLS)
#define VEGAS_BDP_MIX_PCT 100
@@ -81,48 +86,59 @@ congestion_control_vegas_set_params(congestion_control_t
*cc,
{
tor_assert(cc->cc_alg == CC_ALG_VEGAS);
const char *alpha_str = NULL, *beta_str = NULL, *gamma_str = NULL;
- int alpha, beta, gamma;
+ const char *delta_str = NULL;
+ int alpha, beta, gamma, delta;
switch (path) {
case CC_PATH_SBWS:
alpha_str = "cc_vegas_alpha_sbws";
beta_str = "cc_vegas_beta_sbws";
gamma_str = "cc_vegas_gamma_sbws";
+ delta_str = "cc_vegas_delta_sbws";
alpha = VEGAS_ALPHA_SBWS_DFLT;
beta = VEGAS_BETA_SBWS_DFLT;
gamma = VEGAS_GAMMA_SBWS_DFLT;
+ delta = VEGAS_DELTA_SBWS_DFLT;
break;
case CC_PATH_EXIT:
alpha_str = "cc_vegas_alpha_exit";
beta_str = "cc_vegas_beta_exit";
gamma_str = "cc_vegas_gamma_exit";
+ delta_str = "cc_vegas_delta_exit";
alpha = VEGAS_ALPHA_EXIT_DFLT;
beta = VEGAS_BETA_EXIT_DFLT;
gamma = VEGAS_GAMMA_EXIT_DFLT;
+ delta = VEGAS_DELTA_EXIT_DFLT;
break;
case CC_PATH_ONION:
alpha_str = "cc_vegas_alpha_onion";
beta_str = "cc_vegas_beta_onion";
gamma_str = "cc_vegas_gamma_onion";
+ delta_str = "cc_vegas_delta_onion";
alpha = VEGAS_ALPHA_ONION_DFLT;
beta = VEGAS_BETA_ONION_DFLT;
gamma = VEGAS_GAMMA_ONION_DFLT;
+ delta = VEGAS_DELTA_ONION_DFLT;
break;
case CC_PATH_ONION_SOS:
alpha_str = "cc_vegas_alpha_sos";
beta_str = "cc_vegas_beta_sos";
gamma_str = "cc_vegas_gamma_sos";
+ delta_str = "cc_vegas_delta_sos";
alpha = VEGAS_ALPHA_SOS_DFLT;
beta = VEGAS_BETA_SOS_DFLT;
gamma = VEGAS_GAMMA_SOS_DFLT;
+ delta = VEGAS_DELTA_SOS_DFLT;
break;
case CC_PATH_ONION_VG:
alpha_str = "cc_vegas_alpha_vg";
beta_str = "cc_vegas_beta_vg";
gamma_str = "cc_vegas_gamma_vg";
+ delta_str = "cc_vegas_delta_vg";
alpha = VEGAS_ALPHA_VG_DFLT;
beta = VEGAS_BETA_VG_DFLT;
gamma = VEGAS_GAMMA_VG_DFLT;
+ delta = VEGAS_DELTA_VG_DFLT;
break;
default:
tor_assert(0);
@@ -147,6 +163,12 @@ congestion_control_vegas_set_params(congestion_control_t
*cc,
0,
1000);
+ cc->vegas_params.delta =
+
[tor-commits] [tor/main] Exit slow start at the gamma threshold
commit 3a3f111b23d6d989dcae5858e2ab597a34f7910b
Author: Mike Perry
Date: Sun Jan 23 18:15:12 2022 +
Exit slow start at the gamma threshold
This improves performance and fairness.
---
src/core/or/congestion_control_vegas.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/or/congestion_control_vegas.c
b/src/core/or/congestion_control_vegas.c
index 0ebff17faf..ff825f94cc 100644
--- a/src/core/or/congestion_control_vegas.c
+++ b/src/core/or/congestion_control_vegas.c
@@ -210,8 +210,8 @@
congestion_control_vegas_process_sendme(congestion_control_t *cc,
cc->cwnd = MAX(cc->cwnd + MAX(CWND_INC_SS(cc), 2*cc->sendme_inc),
vegas_bdp_mix(cc));
} else {
-/* Congestion signal: Fall back to Vegas equilibrium (BDP) */
-cc->cwnd = vegas_bdp_mix(cc);
+/* Congestion signal: Set cwnd to gamma threshhold */
+cc->cwnd = vegas_bdp_mix(cc) + cc->vegas_params.gamma;
cc->in_slow_start = 0;
log_info(LD_CIRC, "CC: TOR_VEGAS exiting slow start");
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Only apply more frequent cwnd updates after slow start.
commit d62f9c9d0058ba3bfa8fe226c697abb05a477c5a
Author: Mike Perry
Date: Fri Jan 21 23:20:52 2022 +
Only apply more frequent cwnd updates after slow start.
---
src/core/or/congestion_control_st.h | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/core/or/congestion_control_st.h
b/src/core/or/congestion_control_st.h
index 0d6bf0b662..ea80868350 100644
--- a/src/core/or/congestion_control_st.h
+++ b/src/core/or/congestion_control_st.h
@@ -206,7 +206,8 @@ struct congestion_control_t {
*
* Congestion control literature recommends only one update of cwnd per
* cwnd worth of acks. However, we can also tune this to be more frequent
- * by increasing the 'cc_cwnd_inc_rate' consensus parameter.
+ * by increasing the 'cc_cwnd_inc_rate' consensus parameter. This tuning
+ * only applies after slow start.
*
* If this returns 0 due to high cwnd_inc_rate, the calling code will
* update every sendme ack.
@@ -215,8 +216,13 @@ static inline uint64_t CWND_UPDATE_RATE(const struct
congestion_control_t *cc)
{
/* We add cwnd_inc_rate*sendme_inc/2 to round to nearest integer number
* of acks */
- return ((cc->cwnd + cc->cwnd_inc_rate*cc->sendme_inc/2)
+
+ if (cc->in_slow_start) {
+return ((cc->cwnd + cc->sendme_inc/2)/cc->sendme_inc);
+ } else {
+return ((cc->cwnd + cc->cwnd_inc_rate*cc->sendme_inc/2)
/ (cc->cwnd_inc_rate*cc->sendme_inc));
+ }
}
/**
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Make N_EWMA a percentage of CWND update rate, capped by a max value.
commit 43f6f3fd3a85047fc7fc41e6ce8f924d007b98ee
Author: Mike Perry
Date: Fri Jan 21 23:00:35 2022 +
Make N_EWMA a percentage of CWND update rate, capped by a max value.
This proved better in Shadow sims than just a multiple of CWND.
---
src/core/or/congestion_control_common.c | 56 ++---
1 file changed, 37 insertions(+), 19 deletions(-)
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index 93d3e54fcd..fb56014315 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -49,7 +49,9 @@
#define CWND_MAX_DFLT (INT32_MAX)
#define BWE_SENDME_MIN_DFLT (5)
-#define EWMA_CWND_COUNT_DFLT (2)
+
+#define N_EWMA_CWND_PCT_DFLT (50)
+#define N_EWMA_MAX_DFLT (10)
/* BDP algorithms for each congestion control algorithms use the piecewise
* estimattor. See section 3.1.4 of proposal 324. */
@@ -98,7 +100,12 @@ static cc_alg_t cc_alg = CC_ALG_DFLT;
/**
* Number of cwnd worth of sendme acks to smooth RTT and BDP with,
* using N_EWMA */
-static uint8_t ewma_cwnd_cnt;
+static uint8_t n_ewma_cwnd_pct;
+
+/**
+ * Maximum number N for the N-count EWMA averaging of RTT and BDP.
+ */
+static uint8_t n_ewma_max;
/**
* Minimum number of sendmes before we begin BDP estimates
@@ -174,14 +181,21 @@ congestion_control_new_consensus_params(const
networkstatus_t *ns)
BWE_SENDME_MIN_MIN,
BWE_SENDME_MIN_MAX);
-#define EWMA_CWND_COUNT_MIN 1
-#define EWMA_CWND_COUNT_MAX (100)
- ewma_cwnd_cnt =
-networkstatus_get_param(NULL, "cc_ewma_cwnd_cnt",
-EWMA_CWND_COUNT_DFLT,
-EWMA_CWND_COUNT_MIN,
-EWMA_CWND_COUNT_MAX);
-
+#define N_EWMA_CWND_PCT_MIN 1
+#define N_EWMA_CWND_PCT_MAX (255)
+ n_ewma_cwnd_pct =
+networkstatus_get_param(NULL, "cc_ewma_cwnd_pct",
+N_EWMA_CWND_PCT_DFLT,
+N_EWMA_CWND_PCT_MIN,
+N_EWMA_CWND_PCT_MAX);
+
+#define N_EWMA_MAX_MIN 2
+#define N_EWMA_MAX_MAX (INT32_MAX)
+ n_ewma_max =
+networkstatus_get_param(NULL, "cc_ewma_max",
+N_EWMA_MAX_DFLT,
+N_EWMA_MAX_MIN,
+N_EWMA_MAX_MAX);
}
/**
@@ -429,14 +443,19 @@ dequeue_timestamp(smartlist_t *timestamps_u64_usecs)
}
/**
- * Returns the number of sendme acks that will be recieved in the
- * current congestion window size, rounded to nearest int.
+ * Returns the number N of N-count EWMA, for averaging RTT and BDP over
+ * N SENDME acks.
+ *
+ * This N is bracketed between a divisor of the number of acks in a CWND
+ * and a max value. It is always at least 2.
*/
static inline uint64_t
-sendme_acks_per_cwnd(const congestion_control_t *cc)
+n_ewma_count(const congestion_control_t *cc)
{
- /* We add half a sendme_inc to cwnd to round to the nearest int */
- return ((cc->cwnd + cc->sendme_inc/2)/cc->sendme_inc);
+ uint64_t ewma_cnt = MIN(CWND_UPDATE_RATE(cc)*n_ewma_cwnd_pct/100,
+ n_ewma_max);
+ ewma_cnt = MAX(ewma_cnt, 2);
+ return ewma_cnt;
}
/**
@@ -815,8 +834,7 @@ congestion_control_update_circuit_rtt(congestion_control_t
*cc,
return 0;
}
- ewma_cnt = ewma_cwnd_cnt*sendme_acks_per_cwnd(cc);
- ewma_cnt = MAX(ewma_cnt, 2); // Use at least 2
+ ewma_cnt = n_ewma_count(cc);
cc->ewma_rtt_usec = n_count_ewma(rtt, cc->ewma_rtt_usec, ewma_cnt);
@@ -939,7 +957,7 @@ congestion_control_update_circuit_bdp(congestion_control_t
*cc,
while (smartlist_len(cc->sendme_arrival_timestamps) >
bwe_sendme_min &&
(uint64_t)smartlist_len(cc->sendme_arrival_timestamps) >
- sendme_acks_per_cwnd(cc)) {
+ n_ewma_count(cc)) {
(void)dequeue_timestamp(cc->sendme_arrival_timestamps);
}
int sendme_cnt = smartlist_len(cc->sendme_arrival_timestamps);
@@ -966,7 +984,7 @@ congestion_control_update_circuit_bdp(congestion_control_t
*cc,
/* Calculate BDP_EWMA_COUNT N-EWMA */
cc->bdp[BDP_ALG_SENDME_RATE] =
n_count_ewma(sendme_rate_bdp, cc->bdp[BDP_ALG_SENDME_RATE],
-ewma_cwnd_cnt*sendme_acks_per_cwnd(cc));
+n_ewma_count(cc));
}
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Increment by at least 2 sendme_incs in slow start
commit 1960bf09f3e3fb234678247f1f78d806bb9066ed
Author: Mike Perry
Date: Sat Jan 22 19:22:40 2022 +
Increment by at least 2 sendme_incs in slow start
---
src/core/or/congestion_control_vegas.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/or/congestion_control_vegas.c
b/src/core/or/congestion_control_vegas.c
index d823a5068e..0ebff17faf 100644
--- a/src/core/or/congestion_control_vegas.c
+++ b/src/core/or/congestion_control_vegas.c
@@ -206,8 +206,8 @@
congestion_control_vegas_process_sendme(congestion_control_t *cc,
if (cc->in_slow_start) {
if (queue_use < cc->vegas_params.gamma && !cc->blocked_chan) {
/* Grow to BDP immediately, then exponential growth until
- * congestion signal */
-cc->cwnd = MAX(cc->cwnd + CWND_INC_SS(cc),
+ * congestion signal. Increment by at least 2 sendme's worth. */
+cc->cwnd = MAX(cc->cwnd + MAX(CWND_INC_SS(cc), 2*cc->sendme_inc),
vegas_bdp_mix(cc));
} else {
/* Congestion signal: Fall back to Vegas equilibrium (BDP) */
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Relocate two parameters from circuit scope to global scope.
commit 3079e2cacc43b17a3a2074a64153cc0f329b5151
Author: Mike Perry
Date: Fri Jan 21 19:47:39 2022 +
Relocate two parameters from circuit scope to global scope.
Changes in these will not affect in-progress transfers.
---
src/core/or/congestion_control_common.c | 51 -
src/core/or/congestion_control_st.h | 10 ---
2 files changed, 31 insertions(+), 30 deletions(-)
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index 4b483a90b0..93d3e54fcd 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -95,6 +95,16 @@ uint32_t or_conn_lowwater = OR_CONN_LOWWATER_DFLT;
uint8_t cc_sendme_inc = SENDME_INC_DFLT;
static cc_alg_t cc_alg = CC_ALG_DFLT;
+/**
+ * Number of cwnd worth of sendme acks to smooth RTT and BDP with,
+ * using N_EWMA */
+static uint8_t ewma_cwnd_cnt;
+
+/**
+ * Minimum number of sendmes before we begin BDP estimates
+ */
+static uint8_t bwe_sendme_min;
+
/**
* Update global congestion control related consensus parameter values,
* every consensus update.
@@ -155,6 +165,23 @@ congestion_control_new_consensus_params(const
networkstatus_t *ns)
CC_ALG_DFLT,
CC_ALG_MIN,
CC_ALG_MAX);
+
+#define BWE_SENDME_MIN_MIN 2
+#define BWE_SENDME_MIN_MAX (20)
+ bwe_sendme_min =
+networkstatus_get_param(NULL, "cc_bwe_min",
+BWE_SENDME_MIN_DFLT,
+BWE_SENDME_MIN_MIN,
+BWE_SENDME_MIN_MAX);
+
+#define EWMA_CWND_COUNT_MIN 1
+#define EWMA_CWND_COUNT_MAX (100)
+ ewma_cwnd_cnt =
+networkstatus_get_param(NULL, "cc_ewma_cwnd_cnt",
+EWMA_CWND_COUNT_DFLT,
+EWMA_CWND_COUNT_MIN,
+EWMA_CWND_COUNT_MAX);
+
}
/**
@@ -214,22 +241,6 @@ congestion_control_init_params(congestion_control_t *cc,
CWND_MIN_MIN,
CWND_MIN_MAX);
-#define EWMA_CWND_COUNT_MIN 1
-#define EWMA_CWND_COUNT_MAX (100)
- cc->ewma_cwnd_cnt =
-networkstatus_get_param(NULL, "cc_ewma_cwnd_cnt",
-EWMA_CWND_COUNT_DFLT,
-EWMA_CWND_COUNT_MIN,
-EWMA_CWND_COUNT_MAX);
-
-#define BWE_SENDME_MIN_MIN 2
-#define BWE_SENDME_MIN_MAX (20)
- cc->bwe_sendme_min =
-networkstatus_get_param(NULL, "cc_bwe_min",
-BWE_SENDME_MIN_DFLT,
-BWE_SENDME_MIN_MIN,
-BWE_SENDME_MIN_MAX);
-
/* If the consensus says to use OG sendme, but torrc has
* always-enabled, use the default "always" alg (vegas),
* else use cached conensus alg. */
@@ -804,7 +815,7 @@ congestion_control_update_circuit_rtt(congestion_control_t
*cc,
return 0;
}
- ewma_cnt = cc->ewma_cwnd_cnt*sendme_acks_per_cwnd(cc);
+ ewma_cnt = ewma_cwnd_cnt*sendme_acks_per_cwnd(cc);
ewma_cnt = MAX(ewma_cnt, 2); // Use at least 2
cc->ewma_rtt_usec = n_count_ewma(rtt, cc->ewma_rtt_usec, ewma_cnt);
@@ -921,12 +932,12 @@
congestion_control_update_circuit_bdp(congestion_control_t *cc,
*/
enqueue_timestamp(cc->sendme_arrival_timestamps, now_usec);
-if (smartlist_len(cc->sendme_arrival_timestamps) >= cc->bwe_sendme_min) {
+if (smartlist_len(cc->sendme_arrival_timestamps) >= bwe_sendme_min) {
/* If we have more sendmes than fit in a cwnd, trim the list.
* Those are not acurrately measuring throughput, if cwnd is
* currently smaller than BDP */
while (smartlist_len(cc->sendme_arrival_timestamps) >
- cc->bwe_sendme_min &&
+ bwe_sendme_min &&
(uint64_t)smartlist_len(cc->sendme_arrival_timestamps) >
sendme_acks_per_cwnd(cc)) {
(void)dequeue_timestamp(cc->sendme_arrival_timestamps);
@@ -955,7 +966,7 @@ congestion_control_update_circuit_bdp(congestion_control_t
*cc,
/* Calculate BDP_EWMA_COUNT N-EWMA */
cc->bdp[BDP_ALG_SENDME_RATE] =
n_count_ewma(sendme_rate_bdp, cc->bdp[BDP_ALG_SENDME_RATE],
-cc->ewma_cwnd_cnt*sendme_acks_per_cwnd(cc));
+ewma_cwnd_cnt*sendme_acks_per_cwnd(cc));
}
}
diff --git a/src/core/or/congestion_control_st.h
b/src/core/or/congestion_control_st.h
index 6038072568..0d6bf0b662 100644
--- a/src/core/or/congestion_control_st.h
+++ b/src/core/or/congestion_control_st.h
@@ -177,16 +177,6 @@ struct congestion_control_t {
* signals */
uint8_t cwnd_inc_rate;
- /**
- * Number of cwnd worth of sendme acks to smooth RTT and BDP with,
- * using N_EWMA */
- uint8_t ewma_cwnd_cnt;
-
- /**
- * Minimum number of sendmes before we begin BDP estimates
- */
- uint8_t bwe_sendme_min;
-
/**
* Number of cells to ack with every sendme. Taken from consensus parameter
* and negotiation during circuit setup. */
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Guard against 0 time delta in BDP calc.
commit 4f3a0e39cf18f3d44dd2f4b469edd7055287a478
Author: Mike Perry
Date: Fri Jan 21 18:40:49 2022 +
Guard against 0 time delta in BDP calc.
This can only happen in Shadow, but it will cause issues there.
---
src/core/or/congestion_control_common.c | 35 +++--
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index fe3228262a..4b483a90b0 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -937,21 +937,26 @@
congestion_control_update_circuit_bdp(congestion_control_t *cc,
timestamp_usec = peek_timestamp(cc->sendme_arrival_timestamps);
uint64_t delta = now_usec - timestamp_usec;
- /* The acked data is in sendme_cnt-1 chunks, because we are counting the
- * data that is processed by the other endpoint *between* all of these
- * sendmes. There's one less gap between the sendmes than the number
- * of sendmes. */
- uint64_t cells = (sendme_cnt-1)*cc->sendme_inc;
-
- /* The bandwidth estimate is cells/delta, which when multiplied
- * by min RTT obtains the BDP. However, we multiply first to
- * avoid precision issues with the RTT being close to delta in size. */
- sendme_rate_bdp = cells*cc->min_rtt_usec/delta;
-
- /* Calculate BDP_EWMA_COUNT N-EWMA */
- cc->bdp[BDP_ALG_SENDME_RATE] =
- n_count_ewma(sendme_rate_bdp, cc->bdp[BDP_ALG_SENDME_RATE],
- cc->ewma_cwnd_cnt*sendme_acks_per_cwnd(cc));
+ /* In Shadow, the time delta between acks can be 0 if there is no
+ * network activity between them. Only update BDP if the delta is
+ * non-zero. */
+ if (delta > 0) {
+/* The acked data is in sendme_cnt-1 chunks, because we are counting
+ * the data that is processed by the other endpoint *between* all of
+ * these sendmes. There's one less gap between the sendmes than the
+ * number of sendmes. */
+uint64_t cells = (sendme_cnt-1)*cc->sendme_inc;
+
+/* The bandwidth estimate is cells/delta, which when multiplied
+ * by min RTT obtains the BDP. However, we multiply first to
+ * avoid precision issues with the RTT being close to delta in size. */
+sendme_rate_bdp = cells*cc->min_rtt_usec/delta;
+
+/* Calculate BDP_EWMA_COUNT N-EWMA */
+cc->bdp[BDP_ALG_SENDME_RATE] =
+ n_count_ewma(sendme_rate_bdp, cc->bdp[BDP_ALG_SENDME_RATE],
+cc->ewma_cwnd_cnt*sendme_acks_per_cwnd(cc));
+ }
}
/* In-flight BDP will cause the cwnd to drift down when underutilized.
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Set new defaults for congestion control parameters.
commit 0a6cde8756423336c8e6901b55c31d67a2a35245 Author: Mike Perry Date: Fri Jan 21 15:17:20 2022 + Set new defaults for congestion control parameters. Defaults determined from Shadow experimentation. More parameter functionality changes to follow. --- src/core/or/congestion_control_common.c | 20 +++- src/core/or/congestion_control_common.h | 4 src/core/or/congestion_control_flow.c | 2 +- src/core/or/congestion_control_vegas.c | 10 ++ 4 files changed, 22 insertions(+), 14 deletions(-) diff --git a/src/core/or/congestion_control_common.c b/src/core/or/congestion_control_common.c index 6d4f34cff8..09c6c04bf3 100644 --- a/src/core/or/congestion_control_common.c +++ b/src/core/or/congestion_control_common.c @@ -35,16 +35,18 @@ * * More details for each of the parameters can be found in proposal 324, * section 6.5 including tuning notes. */ -#define CIRCWINDOW_INIT (500) -#define SENDME_INC_DFLT (50) +#define SENDME_INC_DFLT (TLS_RECORD_MAX_CELLS) +#define CIRCWINDOW_INIT (4*SENDME_INC_DFLT) + #define CC_ALG_DFLT (CC_ALG_SENDME) #define CC_ALG_DFLT_ALWAYS (CC_ALG_VEGAS) -#define CWND_INC_DFLT (50) -#define CWND_INC_PCT_SS_DFLT (100) +#define CWND_INC_DFLT (TLS_RECORD_MAX_CELLS) +#define CWND_INC_PCT_SS_DFLT (50) #define CWND_INC_RATE_DFLT (1) + +#define CWND_MIN_DFLT (SENDME_INC_DFLT) #define CWND_MAX_DFLT (INT32_MAX) -#define CWND_MIN_DFLT (MAX(100, SENDME_INC_DFLT)) #define BWE_SENDME_MIN_DFLT (5) #define EWMA_CWND_COUNT_DFLT (2) @@ -138,8 +140,8 @@ congestion_control_new_consensus_params(const networkstatus_t *ns) CWND_MAX_MIN, CWND_MAX_MAX); -#define SENDME_INC_MIN 10 -#define SENDME_INC_MAX (1000) +#define SENDME_INC_MIN 1 +#define SENDME_INC_MAX (255) cc_sendme_inc = networkstatus_get_param(NULL, "cc_sendme_inc", SENDME_INC_DFLT, @@ -171,7 +173,7 @@ congestion_control_init_params(congestion_control_t *cc, const or_options_t *opts = get_options(); cc->sendme_inc = params->sendme_inc_cells; -#define CWND_INIT_MIN 100 +#define CWND_INIT_MIN SENDME_INC_DFLT #define CWND_INIT_MAX (1) cc->cwnd = networkstatus_get_param(NULL, "cc_cwnd_init", @@ -203,7 +205,7 @@ congestion_control_init_params(congestion_control_t *cc, CWND_INC_RATE_MIN, CWND_INC_RATE_MAX); -#define CWND_MIN_MIN 20 +#define CWND_MIN_MIN SENDME_INC_DFLT #define CWND_MIN_MAX (1000) cc->cwnd_min = networkstatus_get_param(NULL, "cc_cwnd_min", diff --git a/src/core/or/congestion_control_common.h b/src/core/or/congestion_control_common.h index 936cb5887c..1e5a00c942 100644 --- a/src/core/or/congestion_control_common.h +++ b/src/core/or/congestion_control_common.h @@ -13,6 +13,10 @@ #include "core/or/crypt_path_st.h" #include "core/or/circuit_st.h" +/* The maximum whole number of cells that can fit in a + * full TLS record. This is 31. */ +#define TLS_RECORD_MAX_CELLS ((16 * 1024) / CELL_MAX_NETWORK_SIZE) + typedef struct congestion_control_t congestion_control_t; /** Wrapper for the free function, set the CC pointer to NULL after free */ diff --git a/src/core/or/congestion_control_flow.c b/src/core/or/congestion_control_flow.c index c8b5ba2473..3a3a9522fd 100644 --- a/src/core/or/congestion_control_flow.c +++ b/src/core/or/congestion_control_flow.c @@ -116,7 +116,7 @@ flow_control_new_consensus_params(const networkstatus_t *ns) CC_XON_RATE_BYTES_MAX)*RELAY_PAYLOAD_SIZE; #define CC_XON_EWMA_CNT_DFLT (2) -#define CC_XON_EWMA_CNT_MIN (1) +#define CC_XON_EWMA_CNT_MIN (2) #define CC_XON_EWMA_CNT_MAX (100) xon_ewma_cnt = networkstatus_get_param(ns, "cc_xon_ewma_cnt", CC_XON_EWMA_CNT_DFLT, diff --git a/src/core/or/congestion_control_vegas.c b/src/core/or/congestion_control_vegas.c index 3206821f4c..8e13499aff 100644 --- a/src/core/or/congestion_control_vegas.c +++ b/src/core/or/congestion_control_vegas.c @@ -23,11 +23,13 @@ #include "core/or/channel.h" #include "feature/nodelist/networkstatus.h" -#define VEGAS_GAMMA(cc) (6*(cc)->sendme_inc) -#define VEGAS_ALPHA(cc) (3*(cc)->sendme_inc) -#define VEGAS_BETA(cc)(6*(cc)->sendme_inc) +#define OUTBUF_CELLS (2*TLS_RECORD_MAX_CELLS) -#define VEGAS_BDP_MIX_PCT 0 +#define VEGAS_ALPHA(cc) (3*OUTBUF_CELLS-TLS_RECORD_MAX_CELLS) +#define VEGAS_BETA(cc)(3*OUTBUF_CELLS) +#define VEGAS_GAMMA(cc) (3*OUTBUF_CELLS) + +#define VEGAS_BDP_MIX_PCT 100 /** * The original TCP Vegas used only a congestion window BDP estimator. We ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] hs: Setup congestion control on service rends using intro data
commit 6f45ad3771880b9f03bcc0190dce4959df211005
Author: David Goulet
Date: Thu Feb 3 21:18:52 2022 +
hs: Setup congestion control on service rends using intro data
Signed-off-by: David Goulet
---
src/feature/hs/hs_circuit.c | 18 ++
src/feature/hs/hs_common.c | 13 +
2 files changed, 19 insertions(+), 12 deletions(-)
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
index 10a6f51eb3..f2953cfb02 100644
--- a/src/feature/hs/hs_circuit.c
+++ b/src/feature/hs/hs_circuit.c
@@ -17,6 +17,8 @@
#include "core/or/relay.h"
#include "core/or/crypt_path.h"
#include "core/or/extendinfo.h"
+#include "core/or/congestion_control_common.h"
+#include "core/crypto/onion_crypto.h"
#include "feature/client/circpathbias.h"
#include "feature/hs/hs_cell.h"
#include "feature/hs/hs_circuit.h"
@@ -408,6 +410,14 @@ launch_rendezvous_point_circuit,(const hs_service_t
*service,
tor_assert(circ->hs_ident);
}
+ if (data->cc_enabled) {
+circuit_params_t circ_params = {
+ .cc_enabled = data->cc_enabled,
+ .sendme_inc_cells = congestion_control_sendme_inc(),
+};
+TO_CIRCUIT(circ)->ccontrol = congestion_control_new(_params);
+ }
+
end:
extend_info_free(info);
}
@@ -504,6 +514,14 @@ retry_service_rendezvous_point(const origin_circuit_t
*circ)
new_circ->build_state->expiry_time = bstate->expiry_time;
new_circ->hs_ident = hs_ident_circuit_dup(circ->hs_ident);
+ if (TO_CIRCUIT(circ)->ccontrol != NULL) {
+circuit_params_t circ_params = {
+ .cc_enabled = 1,
+ .sendme_inc_cells = TO_CIRCUIT(circ)->ccontrol->sendme_inc,
+};
+TO_CIRCUIT(new_circ)->ccontrol = congestion_control_new(_params);
+ }
+
done:
return;
}
diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c
index 3036ce2710..e326581dd1 100644
--- a/src/feature/hs/hs_common.c
+++ b/src/feature/hs/hs_common.c
@@ -1687,18 +1687,7 @@ hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
/* We do have everything for which we think we can connect successfully. */
info = extend_info_new(NULL, legacy_id,
(have_ed25519_id) ? _pk : NULL, NULL,
- onion_key, , ap.port,
- /* TODO-324: oh wow, this is a hard one.
-
-The protover summary here needs to explain
-if we support the newer congestion control or
-not. This may require new specification changes.
-
-Probably there is some analogous service-side
-function that needs to initialize congestion
-control structures based on what the client says.
- */
- NULL, false);
+ onion_key, , ap.port, NULL, false);
done:
return info;
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] cc: Change edge_get_ccontrol() to look at both cpath and on_circuit
commit d4cf3fadec94169e4610717beaf4597456cbd961
Author: David Goulet
Date: Wed Jan 12 11:49:04 2022 -0500
cc: Change edge_get_ccontrol() to look at both cpath and on_circuit
Signed-off-by: David Goulet
---
src/core/or/congestion_control_flow.c | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/core/or/congestion_control_flow.c
b/src/core/or/congestion_control_flow.c
index d61da73627..c8b5ba2473 100644
--- a/src/core/or/congestion_control_flow.c
+++ b/src/core/or/congestion_control_flow.c
@@ -62,12 +62,15 @@ static uint32_t xon_rate_bytes;
static inline const congestion_control_t *
edge_get_ccontrol(const edge_connection_t *edge)
{
- if (edge->cpath_layer)
-return edge->cpath_layer->ccontrol;
- else if (edge->on_circuit)
-return edge->on_circuit->ccontrol;
- else
-return NULL;
+ congestion_control_t *ccontrol = NULL;
+
+ if (edge->on_circuit && edge->on_circuit->ccontrol) {
+ccontrol = edge->on_circuit->ccontrol;
+ } else if (edge->cpath_layer && edge->cpath_layer->ccontrol) {
+ccontrol = edge->cpath_layer->ccontrol;
+ }
+
+ return ccontrol;
}
/**
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Fix NULL pointer deref in logs
commit 338d00ba924a3884900bac425b35b6a2320da306 Author: Mike Perry Date: Wed Oct 13 21:06:33 2021 + Fix NULL pointer deref in logs --- src/core/or/congestion_control_common.c | 5 ++--- src/core/or/congestion_control_nola.c | 3 ++- src/core/or/congestion_control_vegas.c| 3 ++- src/core/or/congestion_control_westwood.c | 3 ++- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/core/or/congestion_control_common.c b/src/core/or/congestion_control_common.c index e316b631d1..6fa3bb9a11 100644 --- a/src/core/or/congestion_control_common.c +++ b/src/core/or/congestion_control_common.c @@ -1040,9 +1040,8 @@ congestion_control_update_circuit_bdp(congestion_control_t *cc, "%"PRIu64", " "%"PRIu64", " "%"PRIu64". ", - // XXX: actually, is this p_chan here? This is - // an or_circuit (exit or onion) - circ->n_chan->global_identifier, circ->n_circ_id, + CONST_TO_OR_CIRCUIT(circ)->p_chan->global_identifier, + CONST_TO_OR_CIRCUIT(circ)->p_circ_id, cc->min_rtt_usec/1000, curr_rtt_usec/1000, cc->ewma_rtt_usec/1000, diff --git a/src/core/or/congestion_control_nola.c b/src/core/or/congestion_control_nola.c index 09f88d4699..52d41157a2 100644 --- a/src/core/or/congestion_control_nola.c +++ b/src/core/or/congestion_control_nola.c @@ -111,7 +111,8 @@ congestion_control_nola_process_sendme(congestion_control_t *cc, "INFL: %"PRIu64", " "NCCE: %"PRIu64", " "SS: %d", - circ->n_chan->global_identifier, circ->n_circ_id, + CONST_TO_OR_CIRCUIT(circ)->p_chan->global_identifier, + CONST_TO_OR_CIRCUIT(circ)->p_circ_id, cc->cwnd, cc->inflight, cc->next_cc_event, diff --git a/src/core/or/congestion_control_vegas.c b/src/core/or/congestion_control_vegas.c index e7ed838478..d823a5068e 100644 --- a/src/core/or/congestion_control_vegas.c +++ b/src/core/or/congestion_control_vegas.c @@ -255,7 +255,8 @@ congestion_control_vegas_process_sendme(congestion_control_t *cc, "QUSE: %"PRIu64", " "NCCE: %"PRIu64", " "SS: %d", - circ->n_chan->global_identifier, circ->n_circ_id, + CONST_TO_OR_CIRCUIT(circ)->p_chan->global_identifier, + CONST_TO_OR_CIRCUIT(circ)->p_circ_id, cc->cwnd, cc->inflight, vegas_bdp_mix(cc), diff --git a/src/core/or/congestion_control_westwood.c b/src/core/or/congestion_control_westwood.c index 4b24234212..357cdeb3b9 100644 --- a/src/core/or/congestion_control_westwood.c +++ b/src/core/or/congestion_control_westwood.c @@ -213,7 +213,8 @@ congestion_control_westwood_process_sendme(congestion_control_t *cc, "WRTT: %"PRIu64", " "WSIG: %"PRIu64", " "SS: %d", - circ->n_chan->global_identifier, circ->n_circ_id, + CONST_TO_OR_CIRCUIT(circ)->p_chan->global_identifier, + CONST_TO_OR_CIRCUIT(circ)->p_circ_id, cc->cwnd, cc->inflight, cc->next_cc_event, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Increase RTT ratio used to detect monotime jumps/stalls.
commit 8052d0c2c08ac227aaee1134a52d5a3993ba4b10
Author: Mike Perry
Date: Fri Jan 21 18:09:48 2022 +
Increase RTT ratio used to detect monotime jumps/stalls.
In Shadow, we saw RTT jumps as high as 1000 naturally.
So let's set this to 5000, to give us some breathing room.
---
src/core/or/congestion_control_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index 6fa3bb9a11..fe3228262a 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -698,7 +698,7 @@ static bool
time_delta_stalled_or_jumped(const congestion_control_t *cc,
uint64_t old_delta, uint64_t new_delta)
{
-#define DELTA_DISCREPENCY_RATIO_MAX 100
+#define DELTA_DISCREPENCY_RATIO_MAX 5000
/* If we have a 0 new_delta, that is definitely a monotime stall */
if (new_delta == 0) {
static ratelim_t stall_info_limit = RATELIM_INIT(60);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Properly compute the number or recv cells from deliver_window
commit 86f81abe3043f273d3aa7166c72d100484af9d73
Author: Mike Perry
Date: Wed Dec 1 23:20:17 2021 +
Properly compute the number or recv cells from deliver_window
Without this conversion, there is an implict 1000-recv_cells, which causes
the mod to fail if it is not a factor of 1000.
---
src/core/or/sendme.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/core/or/sendme.c b/src/core/or/sendme.c
index ee670f9d51..9acef1cc20 100644
--- a/src/core/or/sendme.c
+++ b/src/core/or/sendme.c
@@ -339,7 +339,7 @@ record_cell_digest_on_circ(circuit_t *circ, const uint8_t
*sendme_digest)
* updated once the cell is actually put in the outbuf.
*/
static bool
-circuit_sendme_cell_is_next(int window, int sendme_inc)
+circuit_sendme_cell_is_next(int deliver_window, int sendme_inc)
{
/* Are we at the limit of the increment and if not, we don't expect next
* cell is a SENDME.
@@ -348,8 +348,13 @@ circuit_sendme_cell_is_next(int window, int sendme_inc)
* next cell is a SENDME, the window (either package or deliver) hasn't been
* decremented just yet so when this is called, we are currently processing
* the "window - 1" cell.
+ *
+ * Because deliver_window starts at CIRCWINDOW_START and counts down,
+ * to get the actual number of received cells for this check, we must
+ * first convert to receieved cells, or the modulus operator will fail.
*/
- if (((window - 1) % sendme_inc) != 0) {
+ tor_assert(deliver_window <= CIRCWINDOW_START);
+ if (((CIRCWINDOW_START - (deliver_window - 1)) % sendme_inc) != 0) {
return false;
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Use path type hint for Vegas queue parameters.
commit b2553bfba28b2e26f09041a3d78fa39c35fd4ac8
Author: Mike Perry
Date: Thu Feb 3 12:01:23 2022 +
Use path type hint for Vegas queue parameters.
These parameters will vary depending on path length, especially for onions.
---
src/app/config/config.c | 1 +
src/app/config/or_options_st.h | 3 +
src/core/mainloop/cpuworker.c | 8 ++-
src/core/or/circuitbuild.c | 16 +-
src/core/or/congestion_control_common.c | 14 +++--
src/core/or/congestion_control_common.h | 18 +-
src/core/or/congestion_control_vegas.c | 97 -
src/core/or/congestion_control_vegas.h | 3 +-
src/feature/hs/hs_circuit.c | 26 -
src/feature/hs/hs_client.c | 14 -
10 files changed, 174 insertions(+), 26 deletions(-)
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 05bd96fc6a..15addd5be4 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -676,6 +676,7 @@ static const config_var_t option_vars_[] = {
V(UseMicrodescriptors, AUTOBOOL, "auto"),
OBSOLETE("UseNTorHandshake"),
VAR("__AlwaysCongestionControl", BOOL, AlwaysCongestionControl, "0"),
+ VAR("__SbwsExit", BOOL, SbwsExit, "0"),
V_IMMUTABLE(User, STRING, NULL),
OBSOLETE("UserspaceIOCPBuffers"),
OBSOLETE("V1AuthoritativeDirectory"),
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index a1ef7a8cf8..290a2bb9b4 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -604,6 +604,9 @@ struct or_options_t {
/** Boolean: Switch to override consensus to enable congestion control */
int AlwaysCongestionControl;
+ /** Boolean: Switch to specify this is an sbws measurement exit */
+ int SbwsExit;
+
int RephistTrackTime; /**< How many seconds do we keep rephist info? */
/** Should we always fetch our dir info on the mirror schedule (which
* means directly from the authorities) no matter our other config? */
diff --git a/src/core/mainloop/cpuworker.c b/src/core/mainloop/cpuworker.c
index 2cb667615d..ab970259b5 100644
--- a/src/core/mainloop/cpuworker.c
+++ b/src/core/mainloop/cpuworker.c
@@ -391,7 +391,13 @@ cpuworker_onion_handshake_replyfn(void *work_)
/* If the client asked for congestion control, if our consensus parameter
* allowed it to negotiate as enabled, allocate a congestion control obj. */
if (rpl.circ_params.cc_enabled) {
-TO_CIRCUIT(circ)->ccontrol = congestion_control_new(_params);
+if (get_options()->SbwsExit) {
+ TO_CIRCUIT(circ)->ccontrol = congestion_control_new(_params,
+ CC_PATH_SBWS);
+} else {
+ TO_CIRCUIT(circ)->ccontrol = congestion_control_new(_params,
+ CC_PATH_EXIT);
+}
}
if (onionskin_answer(circ,
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index 2326dc2a6d..f62a1d93f5 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -1275,7 +1275,21 @@ circuit_finish_handshake(origin_circuit_t *circ,
}
if (params.cc_enabled) {
-hop->ccontrol = congestion_control_new();
+int circ_len = circuit_get_cpath_len(circ);
+
+if (circ_len == DEFAULT_ROUTE_LEN &&
+circuit_get_cpath_hop(circ, DEFAULT_ROUTE_LEN) == hop) {
+ hop->ccontrol = congestion_control_new(, CC_PATH_EXIT);
+} else if (circ_len == SBWS_ROUTE_LEN &&
+ circuit_get_cpath_hop(circ, SBWS_ROUTE_LEN) == hop) {
+ hop->ccontrol = congestion_control_new(, CC_PATH_SBWS);
+} else {
+ static ratelim_t cc_path_limit = RATELIM_INIT(600);
+ log_fn_ratelim(_path_limit, LOG_WARN, LD_CIRC,
+ "Unexpected path length %d for circuit",
+ circ_len);
+ hop->ccontrol = congestion_control_new(, CC_PATH_EXIT);
+}
}
hop->state = CPATH_STATE_OPEN;
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index 09c6c04bf3..e316b631d1 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -168,7 +168,8 @@ congestion_control_new_consensus_params(const
networkstatus_t *ns)
*/
static void
congestion_control_init_params(congestion_control_t *cc,
- const circuit_params_t *params)
+ const circuit_params_t *params,
+ cc_path_t path)
{
const or_options_t *opts = get_options();
cc->sendme_inc = params->sendme_inc_cells;
@@ -266,7 +267,7 @@ congestion_control_init_params(congestion_control_t *cc,
if (cc->cc_alg == CC_ALG_WESTWOOD) {
congestion_control_westwood_set_params(cc);
} else if (cc->cc_alg == CC_ALG_VEGAS) {
-congestion_control_vegas_set_params(cc);
+congestion_control_vegas_set_params(cc, path);
} else if (cc->cc_alg ==
[tor-commits] [tor/main] hs: Encode flow control value in the descriptor
commit 95639f35aede81bfde8bd4ee1616e10048176cc7
Author: David Goulet
Date: Thu Nov 4 10:26:04 2021 -0400
hs: Encode flow control value in the descriptor
This simply adds the "flow-control" line, as detailed in prop324, to the
descriptor. No decoding is done at this commit.
Part of #40506
---
src/feature/dirparse/parsecommon.h | 1 +
src/feature/hs/hs_descriptor.c | 12
2 files changed, 13 insertions(+)
diff --git a/src/feature/dirparse/parsecommon.h
b/src/feature/dirparse/parsecommon.h
index 0f343e9c62..675c5f68d5 100644
--- a/src/feature/dirparse/parsecommon.h
+++ b/src/feature/dirparse/parsecommon.h
@@ -172,6 +172,7 @@ typedef enum {
R3_DESC_AUTH_KEY,
R3_DESC_AUTH_CLIENT,
R3_ENCRYPTED,
+ R3_FLOW_CONTROL,
R_IPO_IDENTIFIER,
R_IPO_IP_ADDRESS,
diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c
index a37eab5b5d..80273c27b1 100644
--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@ -61,6 +61,8 @@
#include "trunnel/ed25519_cert.h" /* Trunnel interface. */
#include "feature/hs/hs_descriptor.h"
#include "core/or/circuitbuild.h"
+#include "core/or/congestion_control_common.h"
+#include "core/or/protover.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "feature/dirparse/parsecommon.h"
@@ -69,6 +71,7 @@
#include "feature/nodelist/torcert.h" /* tor_cert_encode_ed22519() */
#include "lib/memarea/memarea.h"
#include "lib/crypt_ops/crypto_format.h"
+#include "core/or/versions.h"
#include "core/or/extend_info_st.h"
@@ -92,6 +95,7 @@
#define str_ip_legacy_key "legacy-key"
#define str_ip_legacy_key_cert "legacy-key-cert"
#define str_intro_point_start "\n" str_intro_point " "
+#define str_flow_control "flow-control"
/* Constant string value for the construction to encrypt the encrypted data
* section. */
#define str_enc_const_superencryption "hsdir-superencrypted-data"
@@ -138,6 +142,7 @@ static token_rule_t hs_desc_encrypted_v3_token_table[] = {
T1_START(str_create2_formats, R3_CREATE2_FORMATS, CONCAT_ARGS, NO_OBJ),
T01(str_intro_auth_required, R3_INTRO_AUTH_REQUIRED, GE(1), NO_OBJ),
T01(str_single_onion, R3_SINGLE_ONION_SERVICE, ARGS, NO_OBJ),
+ T01(str_flow_control, R3_FLOW_CONTROL, GE(2), NO_OBJ),
END_OF_TABLE
};
@@ -765,6 +770,13 @@ get_inner_encrypted_layer_plaintext(const hs_descriptor_t
*desc)
if (desc->encrypted_data.single_onion_service) {
smartlist_add_asprintf(lines, "%s\n", str_single_onion);
}
+
+if (congestion_control_enabled()) {
+ /* Add flow control line into the descriptor. */
+ smartlist_add_asprintf(lines, "%s %s %u\n", str_flow_control,
+ protover_get_supported(PRT_FLOWCTRL),
+ congestion_control_sendme_inc());
+}
}
/* Build the introduction point(s) section. */
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] hs: Build INTRODUCE extension in the encrypted section
commit 38e9d9b465f5ae825d054b7baf06a851ad6b371a
Author: David Goulet
Date: Thu Feb 3 21:06:28 2022 +
hs: Build INTRODUCE extension in the encrypted section
Signed-off-by: David Goulet
---
src/feature/hs/hs_cell.c| 28 ++--
src/feature/hs/hs_cell.h| 2 ++
src/feature/hs/hs_circuit.c | 8
3 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c
index 116395b3c8..4b961a6add 100644
--- a/src/feature/hs/hs_cell.c
+++ b/src/feature/hs/hs_cell.c
@@ -18,6 +18,7 @@
#include "core/or/origin_circuit_st.h"
/* Trunnel. */
+#include "trunnel/congestion_control.h"
#include "trunnel/ed25519_cert.h"
#include "trunnel/extension.h"
#include "trunnel/hs/cell_establish_intro.h"
@@ -372,6 +373,26 @@ introduce1_encrypt_and_encode(trn_cell_introduce1_t *cell,
tor_free(encrypted);
}
+/** Build and set the INTRODUCE congestion control extension in the given
+ * extensions. */
+static void
+build_introduce_cc_extension(trn_extension_t *extensions)
+{
+ trn_extension_field_t *field = NULL;
+
+ /* Build CC request extension. */
+ field = trn_extension_field_new();
+ trn_extension_field_set_field_type(field,
+ TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST);
+
+ /* No payload indicating a request to use congestion control. */
+ trn_extension_field_set_field_len(field, 0);
+
+ /* Build final extension. */
+ trn_extension_add_fields(extensions, field);
+ trn_extension_set_num(extensions, trn_extension_get_num(extensions) + 1);
+}
+
/** Using the INTRODUCE1 data, setup the ENCRYPTED section in cell. This means
* set it, encrypt it and encode it. */
static void
@@ -387,10 +408,13 @@ introduce1_set_encrypted(trn_cell_introduce1_t *cell,
enc_cell = trn_cell_introduce_encrypted_new();
tor_assert(enc_cell);
- /* Set extension data. None are used. */
+ /* Setup extension(s) if any. */
ext = trn_extension_new();
tor_assert(ext);
- trn_extension_set_num(ext, 0);
+ /* Build congestion control extension is enabled. */
+ if (data->cc_enabled) {
+build_introduce_cc_extension(ext);
+ }
trn_cell_introduce_encrypted_set_extensions(enc_cell, ext);
/* Set the rendezvous cookie. */
diff --git a/src/feature/hs/hs_cell.h b/src/feature/hs/hs_cell.h
index c25fd45567..43be038a93 100644
--- a/src/feature/hs/hs_cell.h
+++ b/src/feature/hs/hs_cell.h
@@ -40,6 +40,8 @@ typedef struct hs_cell_introduce1_data_t {
const curve25519_keypair_t *client_kp;
/** Rendezvous point link specifiers. */
smartlist_t *link_specifiers;
+ /** Congestion control parameters. */
+ unsigned int cc_enabled : 1;
} hs_cell_introduce1_data_t;
/** This data structure contains data that we need to parse an INTRODUCE2 cell
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
index 3347bdca07..10a6f51eb3 100644
--- a/src/feature/hs/hs_circuit.c
+++ b/src/feature/hs/hs_circuit.c
@@ -37,6 +37,7 @@
#include "trunnel/ed25519_cert.h"
#include "trunnel/hs/cell_establish_intro.h"
+#include "core/or/congestion_control_st.h"
#include "core/or/cpath_build_state_st.h"
#include "core/or/crypt_path_st.h"
#include "feature/nodelist/node_st.h"
@@ -549,6 +550,7 @@ setup_introduce1_data(const hs_desc_intro_point_t *ip,
/* We can't rendezvous without the curve25519 onion key. */
goto end;
}
+
/* Success, we have valid introduce data. */
ret = 0;
@@ -1072,6 +1074,12 @@ hs_circ_send_introduce1(origin_circuit_t *intro_circ,
goto close;
}
+ /* If the rend circ was set up for congestion control, add that to the
+ * intro data, to signal it in an extension */
+ if (TO_CIRCUIT(rend_circ)->ccontrol) {
+intro1_data.cc_enabled = 1;
+ }
+
/* Final step before we encode a cell, we setup the circuit identifier which
* will generate both the rendezvous cookie and client keypair for this
* connection. Those are put in the ident. */
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] hs: Decode and cache the INTRODUCE cell congestion control extension
commit 729dd14fdec9ece47142a5dc1434d32da109982e
Author: David Goulet
Date: Thu Feb 3 22:44:25 2022 +
hs: Decode and cache the INTRODUCE cell congestion control extension
Signed-off-by: David Goulet
---
src/feature/hs/hs_cell.c | 41 +
src/feature/hs/hs_cell.h | 4
2 files changed, 45 insertions(+)
diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c
index 4b961a6add..b7ab68f7c4 100644
--- a/src/feature/hs/hs_cell.c
+++ b/src/feature/hs/hs_cell.c
@@ -14,6 +14,7 @@
#include "feature/hs/hs_cell.h"
#include "feature/hs/hs_ob.h"
#include "core/crypto/hs_ntor.h"
+#include "core/or/congestion_control_common.h"
#include "core/or/origin_circuit_st.h"
@@ -783,6 +784,31 @@
get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data,
return intro_keys_result;
}
+/** Parse the given INTRODUCE cell extension. Update the data object
+ * accordingly depending on the extension. */
+static void
+parse_introduce_cell_extension(hs_cell_introduce2_data_t *data,
+ const trn_extension_field_t *field)
+{
+ trn_extension_field_cc_t *cc_field = NULL;
+
+ tor_assert(data);
+ tor_assert(field);
+
+ switch (trn_extension_field_get_field_type(field)) {
+ case TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST:
+/* CC requests, enable it. */
+data->cc_enabled = 1;
+data->pv.protocols_known = 1;
+data->pv.supports_congestion_control = data->cc_enabled;
+break;
+ default:
+break;
+ }
+
+ trn_extension_field_cc_free(cc_field);
+}
+
/** Parse the INTRODUCE2 cell using data which contains everything we need to
* do so and contains the destination buffers of information we extract and
* compute from the cell. Return 0 on success else a negative value. The
@@ -911,6 +937,21 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data,
smartlist_add(data->link_specifiers, lspec_dup);
}
+ /* Extract any extensions. */
+ const trn_extension_t *extensions =
+trn_cell_introduce_encrypted_get_extensions(enc_cell);
+ if (extensions != NULL) {
+for (size_t idx = 0; idx < trn_extension_get_num(extensions); idx++) {
+ const trn_extension_field_t *field =
+trn_extension_getconst_fields(extensions, idx);
+ if (BUG(field == NULL)) {
+/* The number of extensions should match the number of fields. */
+break;
+ }
+ parse_introduce_cell_extension(data, field);
+}
+ }
+
/* Success. */
ret = 0;
log_info(LD_REND, "Valid INTRODUCE2 cell. Launching rendezvous circuit.");
diff --git a/src/feature/hs/hs_cell.h b/src/feature/hs/hs_cell.h
index 43be038a93..c76a0690a8 100644
--- a/src/feature/hs/hs_cell.h
+++ b/src/feature/hs/hs_cell.h
@@ -84,6 +84,10 @@ typedef struct hs_cell_introduce2_data_t {
smartlist_t *link_specifiers;
/** Replay cache of the introduction point. */
replaycache_t *replay_cache;
+ /** Flow control negotiation parameters. */
+ protover_summary_flags_t pv;
+ /** Congestion control parameters. */
+ unsigned int cc_enabled : 1;
} hs_cell_introduce2_data_t;
/* Build cell API. */
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] hs: Fix tests for congestion control
commit 27d948dab8f579890abdef155d20062938b84259
Author: David Goulet
Date: Thu Feb 3 12:11:42 2022 +
hs: Fix tests for congestion control
---
src/test/test_hs_client.c | 4
src/test/test_hs_descriptor.c | 5 +
src/test/test_protover.c | 17 -
3 files changed, 9 insertions(+), 17 deletions(-)
diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c
index 0fe71ed7bd..11a5589d21 100644
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@@ -54,6 +54,9 @@
#include "core/or/origin_circuit_st.h"
#include "core/or/socks_request_st.h"
+#define TOR_CONGESTION_CONTROL_PRIVATE
+#include "core/or/congestion_control_common.h"
+
static int
mock_connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
{
@@ -771,6 +774,7 @@ test_desc_has_arrived_cleanup(void *arg)
(void) arg;
hs_init();
+ congestion_control_set_cc_enabled();
MOCK(networkstatus_get_reasonably_live_consensus,
mock_networkstatus_get_reasonably_live_consensus);
diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c
index ec6c8ba6b4..ecb7da2450 100644
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -24,6 +24,9 @@
#include "test/log_test_helpers.h"
#include "test/rng_test_helpers.h"
+#define TOR_CONGESTION_CONTROL_PRIVATE
+#include "core/or/congestion_control_common.h"
+
#ifdef HAVE_CFLAG_WOVERLENGTH_STRINGS
DISABLE_GCC_WARNING("-Woverlength-strings")
/* We allow huge string constants in the unit tests, but not in the code
@@ -247,6 +250,8 @@ test_decode_descriptor(void *arg)
(void) arg;
+ congestion_control_set_cc_enabled();
+
ret = ed25519_keypair_generate(_kp, 0);
tt_int_op(ret, OP_EQ, 0);
desc = hs_helper_build_hs_desc_with_ip(_kp);
diff --git a/src/test/test_protover.c b/src/test/test_protover.c
index 7ad02cb9c1..9d14fd678a 100644
--- a/src/test/test_protover.c
+++ b/src/test/test_protover.c
@@ -355,7 +355,6 @@ test_protover_supports_version(void *arg)
#define PROTOVER_PADDING_V1 1
#define PROTOVER_FLOWCTRL_V1 1
-#define PROTOVER_FLOWCTRL_V2 2
#define PROTOVER_RELAY_NTOR_V3 4
@@ -704,22 +703,6 @@ test_protover_summarize_flags(void *args)
/* Now check version exceptions */
- /* Congestion control. */
- memset(, 0, sizeof(flags));
- summarize_protover_flags(,
- PROTOVER("FlowCtrl", PROTOVER_FLOWCTRL_V2),
- NULL);
- summarize_protover_flags(,
- PROTOVER("Relay", PROTOVER_RELAY_NTOR_V3),
- NULL);
- DEBUG_PROTOVER(flags);
- tt_int_op(flags.protocols_known, OP_EQ, 1);
- tt_int_op(flags.supports_congestion_control, OP_EQ, 1);
- /* Now clear those flags, and check the rest are zero */
- flags.protocols_known = 0;
- flags.supports_congestion_control = 0;
- tt_mem_op(, OP_EQ, _flags, sizeof(flags));
-
/* EXTEND2 cell support */
memset(, 0, sizeof(flags));
summarize_protover_flags(, NULL, "Tor 0.2.4.8-alpha");
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] hs: Decode flow-control line
commit 89f5eeefb83231c6eb7b8a857b173a9f962f3c0d
Author: David Goulet
Date: Thu Feb 3 20:06:36 2022 +
hs: Decode flow-control line
This puts the flow control version (unparsed) in the descriptor. The
client doesn't use it yet.
Signed-off-by: David Goulet
---
src/feature/hs/hs_descriptor.c | 18 ++
src/feature/hs/hs_descriptor.h | 4
src/test/hs_test_helpers.c | 6 ++
src/test/test_protover.c | 25 +++--
4 files changed, 51 insertions(+), 2 deletions(-)
diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c
index 80273c27b1..523ededf8c 100644
--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@ -2347,6 +2347,23 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc,
desc_encrypted_out->single_onion_service = 1;
}
+ /* Get flow control if any. */
+ tok = find_opt_by_keyword(tokens, R3_FLOW_CONTROL);
+ if (tok) {
+int ok;
+
+tor_asprintf(_encrypted_out->flow_control_pv, "FlowCtrl=%s",
+ tok->args[0]);
+uint8_t sendme_inc =
+ (uint8_t) tor_parse_uint64(tok->args[1], 10, 0, UINT8_MAX, , NULL);
+if (!ok || !congestion_control_validate_sendme_increment(sendme_inc)) {
+ log_warn(LD_REND, "Service descriptor flow control sendme "
+"value is invalid");
+ goto err;
+}
+desc_encrypted_out->sendme_inc = sendme_inc;
+ }
+
/* Initialize the descriptor's introduction point list before we start
* decoding. Having 0 intro point is valid. Then decode them all. */
desc_encrypted_out->intro_points = smartlist_new();
@@ -2757,6 +2774,7 @@
hs_desc_encrypted_data_free_contents(hs_desc_encrypted_data_t *desc)
hs_desc_intro_point_free(ip));
smartlist_free(desc->intro_points);
}
+ tor_free(desc->flow_control_pv);
memwipe(desc, 0, sizeof(*desc));
}
diff --git a/src/feature/hs/hs_descriptor.h b/src/feature/hs/hs_descriptor.h
index d959431369..8f5ee6a2f1 100644
--- a/src/feature/hs/hs_descriptor.h
+++ b/src/feature/hs/hs_descriptor.h
@@ -167,6 +167,10 @@ typedef struct hs_desc_encrypted_data_t {
/** Is this descriptor a single onion service? */
unsigned int single_onion_service : 1;
+ /** Flow control protocol version line. */
+ char *flow_control_pv;
+ uint8_t sendme_inc;
+
/** A list of intro points. Contains hs_desc_intro_point_t objects. */
smartlist_t *intro_points;
} hs_desc_encrypted_data_t;
diff --git a/src/test/hs_test_helpers.c b/src/test/hs_test_helpers.c
index 2af4f71d72..20b225ba4a 100644
--- a/src/test/hs_test_helpers.c
+++ b/src/test/hs_test_helpers.c
@@ -4,6 +4,7 @@
#define HS_CLIENT_PRIVATE
#include "core/or/or.h"
+#include "core/or/versions.h"
#include "lib/crypt_ops/crypto_ed25519.h"
#include "test/test.h"
#include "feature/nodelist/torcert.h"
@@ -186,6 +187,7 @@ hs_helper_build_hs_desc_impl(unsigned int no_ip,
desc->encrypted_data.create2_ntor = 1;
desc->encrypted_data.intro_auth_types = smartlist_new();
desc->encrypted_data.single_onion_service = 1;
+ desc->encrypted_data.flow_control_pv = tor_strdup("FlowCtrl=1-2");
smartlist_add(desc->encrypted_data.intro_auth_types, tor_strdup("ed25519"));
desc->encrypted_data.intro_points = smartlist_new();
if (!no_ip) {
@@ -332,6 +334,10 @@ hs_helper_desc_equal(const hs_descriptor_t *desc1,
/* Encrypted data section. */
tt_uint_op(desc1->encrypted_data.create2_ntor, OP_EQ,
desc2->encrypted_data.create2_ntor);
+ tt_uint_op(desc1->encrypted_data.single_onion_service, OP_EQ,
+ desc2->encrypted_data.single_onion_service);
+ tt_str_op(desc1->encrypted_data.flow_control_pv, OP_EQ,
+desc2->encrypted_data.flow_control_pv);
/* Authentication type. */
tt_int_op(!!desc1->encrypted_data.intro_auth_types, OP_EQ,
diff --git a/src/test/test_protover.c b/src/test/test_protover.c
index ae40556220..7ad02cb9c1 100644
--- a/src/test/test_protover.c
+++ b/src/test/test_protover.c
@@ -355,6 +355,9 @@ test_protover_supports_version(void *arg)
#define PROTOVER_PADDING_V1 1
#define PROTOVER_FLOWCTRL_V1 1
+#define PROTOVER_FLOWCTRL_V2 2
+
+#define PROTOVER_RELAY_NTOR_V3 4
/* Make sure we haven't forgotten any supported protocols */
static void
@@ -644,7 +647,8 @@ test_protover_vote_roundtrip_ours(void *args)
"supports_establish_intro_dos_extension: %d,\n" \
"supports_v3_hsdir: %d,\n" \
"supports_v3_rendezvous_point: %d,\n" \
-"supports_hs_setup_padding: %d.", \
+"supports_hs_setup_padding: %d,\n" \
+"supports_congestion_control: %d.", \
(flags).protocols_known, \
(flags).supports_extend2_cells, \
(flags).supports_accepting_ipv6_extends, \
@@ -656,7 +660,8 @@ test_protover_vote_roundtrip_ours(void *args)
(flags).supports_establish_intro_dos_extension, \
(flags).supports_v3_hsdir, \
[tor-commits] [tor/main] hs: Republish onion descriptor on sendme_inc change
commit 0eaf0e8a31979621f8a2cfb1671cc4f02fe92b87
Author: David Goulet
Date: Thu Feb 3 19:04:34 2022 +
hs: Republish onion descriptor on sendme_inc change
Republishing is necessary to ensure that clients connect using the correct
sendme_inc upon any change. Additionally, introduction points must be
re-chosen, so that cached descriptors with old values are not usable.
We do not expect to change sendme_inc, unless cell size or TLS record size
changes, so this should be rare.
Signed-off-by: David Goulet
---
src/feature/hs/hs_service.c | 29 +
src/feature/hs/hs_service.h | 1 +
src/feature/nodelist/networkstatus.c | 1 +
3 files changed, 31 insertions(+)
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index bf99ad69bd..ff34e5dc44 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -16,6 +16,7 @@
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuituse.h"
+#include "core/or/congestion_control_common.h"
#include "core/or/extendinfo.h"
#include "core/or/relay.h"
#include "feature/client/circpathbias.h"
@@ -3690,6 +3691,34 @@ hs_service_map_has_changed(void)
rescan_periodic_events(get_options());
}
+/** Called when a new consensus has arrived and has been set globally. The new
+ * consensus is pointed by ns. */
+void
+hs_service_new_consensus_params(const networkstatus_t *ns)
+{
+ tor_assert(ns);
+
+ /* This value is the new value from the consensus. */
+ uint8_t current_sendme_inc = congestion_control_sendme_inc();
+
+ if (!hs_service_map)
+return;
+
+ /* Check each service and look if their descriptor contains a different
+ * sendme increment. If so, nuke all intro points by forcing an expiration
+ * which will lead to rebuild and reupload with the new value. */
+ FOR_EACH_SERVICE_BEGIN(service) {
+FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
+ if (desc->desc &&
+ desc->desc->encrypted_data.sendme_inc != current_sendme_inc) {
+/* Passing the maximum time_t will force expiration of all intro points
+ * and thus will lead to a rebuild of the descriptor. */
+cleanup_intro_points(service, LONG_MAX);
+ }
+} FOR_EACH_DESCRIPTOR_END;
+ } FOR_EACH_SERVICE_END;
+}
+
/** Upload an encoded descriptor in encoded_desc of the given version. This
* descriptor is for the service identity_pk and blinded_pk used to setup the
* directory connection identifier. It is uploaded to the directory hsdir_rs
diff --git a/src/feature/hs/hs_service.h b/src/feature/hs/hs_service.h
index c48f470245..95461289ce 100644
--- a/src/feature/hs/hs_service.h
+++ b/src/feature/hs/hs_service.h
@@ -355,6 +355,7 @@ smartlist_t *hs_service_get_metrics_stores(void);
void hs_service_map_has_changed(void);
void hs_service_dir_info_changed(void);
+void hs_service_new_consensus_params(const networkstatus_t *ns);
void hs_service_run_scheduled_events(time_t now);
void hs_service_circuit_has_opened(origin_circuit_t *circ);
int hs_service_receive_intro_established(origin_circuit_t *circ,
diff --git a/src/feature/nodelist/networkstatus.c
b/src/feature/nodelist/networkstatus.c
index 77e2b547f5..41fd312295 100644
--- a/src/feature/nodelist/networkstatus.c
+++ b/src/feature/nodelist/networkstatus.c
@@ -1704,6 +1704,7 @@ notify_after_networkstatus_changes(void)
router_new_consensus_params(c);
congestion_control_new_consensus_params(c);
flow_control_new_consensus_params(c);
+ hs_service_new_consensus_params(c);
/* Maintenance of our L2 guard list */
maintain_layer2_guards();
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] cc: Export sendme_inc validation into public function
commit 02f4e7b42e2158039a138c9cb68211304a754a1d
Author: David Goulet
Date: Thu Feb 3 22:43:58 2022 +
cc: Export sendme_inc validation into public function
This is needed for client validation of server descriptor value,
before launching a rend/intro.
---
src/core/or/congestion_control_common.c | 24
src/core/or/congestion_control_common.h | 1 +
2 files changed, 25 insertions(+)
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index e999f435ed..6d4f34cff8 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -1312,6 +1312,30 @@ congestion_control_build_ext_response(const
circuit_params_t *our_params,
return (int)ret;
}
+/** Return true iff the given sendme increment is within the acceptable
+ * margins. */
+bool
+congestion_control_validate_sendme_increment(uint8_t sendme_inc)
+{
+ /* We will only accept this response (and this circuit) if sendme_inc
+ * is within a factor of 2 of our consensus value. We should not need
+ * to change cc_sendme_inc much, and if we do, we can spread out those
+ * changes over smaller increments once every 4 hours. Exits that
+ * violate this range should just not be used. */
+#define MAX_SENDME_INC_NEGOTIATE_FACTOR 2
+
+ if (sendme_inc == 0)
+return false;
+
+ if (sendme_inc >
+ MAX_SENDME_INC_NEGOTIATE_FACTOR * congestion_control_sendme_inc() ||
+ sendme_inc <
+ congestion_control_sendme_inc() / MAX_SENDME_INC_NEGOTIATE_FACTOR) {
+return false;
+ }
+ return true;
+}
+
/** Return 1 if CC is enabled which also will set the SENDME increment into our
* params_out. Return 0 if CC is disabled. Else, return -1 on error. */
int
diff --git a/src/core/or/congestion_control_common.h
b/src/core/or/congestion_control_common.h
index 21291983e0..936cb5887c 100644
--- a/src/core/or/congestion_control_common.h
+++ b/src/core/or/congestion_control_common.h
@@ -59,6 +59,7 @@ int congestion_control_build_ext_response(const
circuit_params_t *our_params,
int congestion_control_parse_ext_response(const uint8_t *msg,
const size_t msg_len,
circuit_params_t *params_out);
+bool congestion_control_validate_sendme_increment(uint8_t sendme_inc);
/* Ugh, C.. these are private. Use the getter instead, when
* external to the congestion control code. */
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] hs: Setup congestion control on client rends
commit c79df44d2221211590ea0b33b555d559b2d467fa
Author: David Goulet
Date: Thu Feb 3 19:37:30 2022 +
hs: Setup congestion control on client rends
Signed-off-by: David Goulet
---
src/feature/hs/hs_client.c | 39 +++
1 file changed, 39 insertions(+)
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 206a42dc0c..69b071e197 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -11,12 +11,15 @@
#include "core/or/or.h"
#include "app/config/config.h"
#include "core/crypto/hs_ntor.h"
+#include "core/crypto/onion_crypto.h"
#include "core/mainloop/connection.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuituse.h"
#include "core/or/connection_edge.h"
+#include "core/or/congestion_control_common.h"
#include "core/or/extendinfo.h"
+#include "core/or/protover.h"
#include "core/or/reasons.h"
#include "feature/client/circpathbias.h"
#include "feature/dirclient/dirclient.h"
@@ -756,6 +759,39 @@ client_intro_circ_has_opened(origin_circuit_t *circ)
connection_ap_attach_pending(1);
}
+/** Setup the congestion control parameters on the given rendezvous circuit.
+ * This looks at the service descriptor flow control line (if any). */
+static void
+setup_rendezvous_circ_congestion_control(origin_circuit_t *circ)
+{
+ circuit_params_t circ_params = {0};
+
+ tor_assert(circ);
+
+ /* Setup congestion control parameters on the circuit. */
+ const hs_descriptor_t *desc =
+hs_cache_lookup_as_client(>hs_ident->identity_pk);
+ if (BUG(desc == NULL)) {
+/* This should really never happened but in case, scream and stop. */
+return;
+ }
+
+ /* Check if the service lists support for congestion control in its
+ * descriptor. If not, we don't setup congestion control. */
+ if (!desc->encrypted_data.flow_control_pv ||
+ !protocol_list_supports_protocol(desc->encrypted_data.flow_control_pv,
+ PRT_FLOWCTRL, PROTOVER_FLOWCTRL_CC)) {
+return;
+ }
+
+ /* Take values from the consensus. */
+ circ_params.cc_enabled = congestion_control_enabled();
+ if (circ_params.cc_enabled) {
+circ_params.sendme_inc_cells = desc->encrypted_data.sendme_inc;
+TO_CIRCUIT(circ)->ccontrol = congestion_control_new(_params);
+ }
+}
+
/** Called when a rendezvous circuit has opened. */
static void
client_rendezvous_circ_has_opened(origin_circuit_t *circ)
@@ -785,6 +821,9 @@ client_rendezvous_circ_has_opened(origin_circuit_t *circ)
log_info(LD_REND, "Rendezvous circuit has opened to %s.",
safe_str_client(extend_info_describe(rp_ei)));
+ /* Setup congestion control parameters on the circuit. */
+ setup_rendezvous_circ_congestion_control(circ);
+
/* Ignore returned value, nothing we can really do. On failure, the circuit
* will be marked for close. */
hs_circ_send_establish_rendezvous(circ);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] trunnel: Make hs/cell_common.trunnel generic
commit b5439d6bd0eb72501abce6e5f897f473d9b27fc1
Author: David Goulet
Date: Tue Dec 14 09:42:02 2021 -0500
trunnel: Make hs/cell_common.trunnel generic
Move it to extension.trunnel instead so that extension ABI construction
can be used in other parts of tor than just HS cells.
Specifically, we'll use it in the ntorv3 data payload and make a
congestion control parameter extension using that binary structure.
Only rename. No code behavior changes.
Signed-off-by: David Goulet
---
src/feature/hs/hs_cell.c | 47 +++---
src/feature/hs/hs_cell.h | 4 +-
src/feature/hs/hs_circuit.c | 1 -
src/feature/hs/hs_intropoint.c| 30 ++--
src/feature/hs/hs_service.c | 1 -
src/test/test_hs_cell.c | 36 ++---
src/test/test_hs_intropoint.c | 6 +-
src/trunnel/{hs/cell_common.c => extension.c} | 187
src/trunnel/extension.h | 197 +
src/trunnel/extension.trunnel | 14 ++
src/trunnel/hs/cell_common.h | 203 --
src/trunnel/hs/cell_common.trunnel| 12 --
src/trunnel/hs/cell_establish_intro.c | 68 -
src/trunnel/hs/cell_establish_intro.h | 22 +--
src/trunnel/hs/cell_establish_intro.trunnel | 6 +-
src/trunnel/hs/cell_introduce1.c | 94 ++--
src/trunnel/hs/cell_introduce1.h | 32 ++--
src/trunnel/hs/cell_introduce1.trunnel| 8 +-
src/trunnel/include.am| 5 +-
19 files changed, 483 insertions(+), 490 deletions(-)
diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c
index f84407de9e..116395b3c8 100644
--- a/src/feature/hs/hs_cell.c
+++ b/src/feature/hs/hs_cell.c
@@ -19,7 +19,7 @@
/* Trunnel. */
#include "trunnel/ed25519_cert.h"
-#include "trunnel/hs/cell_common.h"
+#include "trunnel/extension.h"
#include "trunnel/hs/cell_establish_intro.h"
#include "trunnel/hs/cell_introduce1.h"
#include "trunnel/hs/cell_rendezvous.h"
@@ -379,7 +379,7 @@ introduce1_set_encrypted(trn_cell_introduce1_t *cell,
const hs_cell_introduce1_data_t *data)
{
trn_cell_introduce_encrypted_t *enc_cell;
- trn_cell_extension_t *ext;
+ trn_extension_t *ext;
tor_assert(cell);
tor_assert(data);
@@ -388,9 +388,9 @@ introduce1_set_encrypted(trn_cell_introduce1_t *cell,
tor_assert(enc_cell);
/* Set extension data. None are used. */
- ext = trn_cell_extension_new();
+ ext = trn_extension_new();
tor_assert(ext);
- trn_cell_extension_set_num(ext, 0);
+ trn_extension_set_num(ext, 0);
trn_cell_introduce_encrypted_set_extensions(enc_cell, ext);
/* Set the rendezvous cookie. */
@@ -454,20 +454,20 @@ build_establish_intro_dos_param(trn_cell_extension_dos_t
*dos_ext,
* possible if there is a bug.) */
static int
build_establish_intro_dos_extension(const hs_service_config_t *service_config,
-trn_cell_extension_t *extensions)
+trn_extension_t *extensions)
{
ssize_t ret;
size_t dos_ext_encoded_len;
uint8_t *field_array;
- trn_cell_extension_field_t *field = NULL;
+ trn_extension_field_t *field = NULL;
trn_cell_extension_dos_t *dos_ext = NULL;
tor_assert(service_config);
tor_assert(extensions);
/* We are creating a cell extension field of the type DoS. */
- field = trn_cell_extension_field_new();
- trn_cell_extension_field_set_field_type(field,
+ field = trn_extension_field_new();
+ trn_extension_field_set_field_type(field,
TRUNNEL_CELL_EXTENSION_TYPE_DOS);
/* Build DoS extension field. We will put in two parameters. */
@@ -490,24 +490,23 @@ build_establish_intro_dos_extension(const
hs_service_config_t *service_config,
}
dos_ext_encoded_len = ret;
/* Set length field and the field array size length. */
- trn_cell_extension_field_set_field_len(field, dos_ext_encoded_len);
- trn_cell_extension_field_setlen_field(field, dos_ext_encoded_len);
+ trn_extension_field_set_field_len(field, dos_ext_encoded_len);
+ trn_extension_field_setlen_field(field, dos_ext_encoded_len);
/* Encode the DoS extension into the cell extension field. */
- field_array = trn_cell_extension_field_getarray_field(field);
+ field_array = trn_extension_field_getarray_field(field);
ret = trn_cell_extension_dos_encode(field_array,
- trn_cell_extension_field_getlen_field(field), dos_ext);
+ trn_extension_field_getlen_field(field), dos_ext);
if (BUG(ret <= 0)) {
goto err;
}
tor_assert(ret == (ssize_t) dos_ext_encoded_len);
/* Finally, encode field into the cell extension. */
- trn_cell_extension_add_fields(extensions, field);
+ trn_extension_add_fields(extensions, field);
/*
[tor-commits] [tor/main] cc: Use trunnel extension for ntorv3 circ parameters
commit bbf160d31199ffe75fac5b8921da904dbd45e2fb
Author: David Goulet
Date: Tue Dec 14 11:38:22 2021 -0500
cc: Use trunnel extension for ntorv3 circ parameters
Signed-off-by: David Goulet
---
src/core/crypto/onion_crypto.c | 128 +++--
src/core/or/circuitbuild.c | 31 +--
src/core/or/congestion_control_common.c | 287
src/core/or/congestion_control_common.h | 13 +
src/trunnel/circ_params.c | 452
src/trunnel/circ_params.h | 147 ---
src/trunnel/circ_params.trunnel | 25 --
src/trunnel/congestion_control.c| 183 +
src/trunnel/congestion_control.h| 67 +
src/trunnel/congestion_control.trunnel | 22 ++
src/trunnel/include.am | 6 +-
11 files changed, 615 insertions(+), 746 deletions(-)
diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c
index 4a83a73dab..81e4e1b078 100644
--- a/src/core/crypto/onion_crypto.c
+++ b/src/core/crypto/onion_crypto.c
@@ -47,7 +47,9 @@
#include "core/or/crypt_path_st.h"
#include "core/or/extend_info_st.h"
-#include "trunnel/circ_params.h"
+
+#include "trunnel/congestion_control.h"
+#include "trunnel/extension.h"
static const uint8_t NTOR3_CIRC_VERIFICATION[] = "circuit extend";
static const size_t NTOR3_CIRC_VERIFICATION_LEN = 14;
@@ -230,72 +232,29 @@ negotiate_v3_ntor_server_circ_params(const uint8_t
*param_request_msg,
uint8_t **resp_msg_out,
size_t *resp_msg_len_out)
{
- circ_params_response_t *resp = NULL;
- circ_params_request_t *param_request = NULL;
- ssize_t resp_msg_len;
+ int ret;
- if (circ_params_request_parse(_request, param_request_msg,
-param_request_len) < 0) {
-return -1;
+ /* Parse request. */
+ ret = congestion_control_parse_ext_request(param_request_msg,
+ param_request_len);
+ if (ret < 0) {
+goto err;
}
+ params_out->cc_enabled = ret && our_ns_params->cc_enabled;
- /* CC is enabled if the client wants it, and our consensus paramers
- * allow it. If both are true, its on. If either is false, it's off. */
- params_out->cc_enabled =
- circ_params_request_get_cc_supported(param_request) &&
- our_ns_params->cc_enabled;
-
- resp = circ_params_response_new();
-
- if (circ_params_response_set_version(resp, 0) < 0) {
-circ_params_request_free(param_request);
-circ_params_response_free(resp);
-return -1;
+ /* Build the response. */
+ ret = congestion_control_build_ext_response(our_ns_params, params_out,
+ resp_msg_out, resp_msg_len_out);
+ if (ret < 0) {
+goto err;
}
-
- /* The relay always chooses its sendme_inc, and sends it to the client */
params_out->sendme_inc_cells = our_ns_params->sendme_inc_cells;
- if (circ_params_response_set_sendme_inc_cells(resp,
- our_ns_params->sendme_inc_cells) < 0) {
-circ_params_request_free(param_request);
-circ_params_response_free(resp);
-return -1;
- }
-
- /* Use the negotiated cc_enabled value to respond */
- if (circ_params_response_set_cc_enabled(resp, params_out->cc_enabled) < 0) {
-circ_params_request_free(param_request);
-circ_params_response_free(resp);
-return -1;
- }
+ /* Success. */
+ ret = 0;
- resp_msg_len = circ_params_response_encoded_len(resp);
-
- if (resp_msg_len < 0) {
-circ_params_request_free(param_request);
-circ_params_response_free(resp);
-return -1;
- }
-
- *resp_msg_out = tor_malloc_zero(resp_msg_len);
-
- resp_msg_len = circ_params_response_encode(*resp_msg_out, resp_msg_len,
- resp);
- if (resp_msg_len < 0) {
-circ_params_request_free(param_request);
-circ_params_response_free(resp);
-
-tor_free(*resp_msg_out);
-return -1;
- }
-
- *resp_msg_len_out = (size_t)resp_msg_len;
-
- circ_params_request_free(param_request);
- circ_params_response_free(resp);
-
- return 0;
+ err:
+ return ret;
}
/* This is the maximum value for keys_out_len passed to
@@ -462,46 +421,29 @@ negotiate_v3_ntor_client_circ_params(const uint8_t
*param_response_msg,
size_t param_response_len,
circuit_params_t *params_out)
{
- circ_params_response_t *param_response = NULL;
- bool cc_enabled;
- uint8_t sendme_inc_cells;
-
- if (circ_params_response_parse(_response, param_response_msg,
- param_response_len) < 0) {
+ int ret = congestion_control_parse_ext_response(param_response_msg,
+ param_response_len,
+ params_out);
+ if (ret < 0) {
return -1;
}
- cc_enabled =
-
[tor-commits] [tor/main] protover: Add function to get the value of a single type
commit dd938e58d3a20b11f694321d876e712dc69fee27
Author: David Goulet
Date: Thu Nov 4 10:20:07 2021 -0400
protover: Add function to get the value of a single type
We can now query the protover subsystem to get the current value we
support for a specific protover type.
This will be useful for prop324 onion service part which puts in the
FlowCtrl value in the service descriptor.
No behavior change.
Signed-off-by: David Goulet
---
src/core/or/protover.c | 68 ++
src/core/or/protover.h | 1 +
2 files changed, 53 insertions(+), 16 deletions(-)
diff --git a/src/core/or/protover.c b/src/core/or/protover.c
index ff986b62e2..4cd6510da7 100644
--- a/src/core/or/protover.c
+++ b/src/core/or/protover.c
@@ -385,6 +385,46 @@ protocol_list_supports_protocol_or_later(const char *list,
/*
* XXX START OF HAZARDOUS ZONE XXX
*/
+/* All protocol version that this relay version supports. */
+#define PR_CONS_V "1-2"
+#define PR_DESC_V "1-2"
+#define PR_DIRCACHE_V "2"
+#define PR_FLOWCTRL_V "1-2"
+#define PR_HSDIR_V "2"
+#define PR_HSINTRO_V "4-5"
+#define PR_HSREND_V"1-2"
+#define PR_LINK_V "1-5"
+#ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
+#define PR_LINKAUTH_V "1,3"
+#else
+#define PR_LINKAUTH_V "3"
+#endif
+#define PR_MICRODESC_V "1-2"
+#define PR_PADDING_V "2"
+#define PR_RELAY_V "1-4"
+
+/** Return the string containing the supported version for the given protocol
+ * type. */
+const char *
+protover_get_supported(const protocol_type_t type)
+{
+ switch (type) {
+ case PRT_CONS: return PR_CONS_V;
+ case PRT_DESC: return PR_DESC_V;
+ case PRT_DIRCACHE: return PR_DIRCACHE_V;
+ case PRT_FLOWCTRL: return PR_FLOWCTRL_V;
+ case PRT_HSDIR: return PR_HSDIR_V;
+ case PRT_HSINTRO: return PR_HSINTRO_V;
+ case PRT_HSREND: return PR_HSREND_V;
+ case PRT_LINK: return PR_LINK_V;
+ case PRT_LINKAUTH: return PR_LINKAUTH_V;
+ case PRT_MICRODESC: return PR_MICRODESC_V;
+ case PRT_PADDING: return PR_PADDING_V;
+ case PRT_RELAY: return PR_RELAY_V;
+ default:
+tor_assert_unreached();
+ }
+}
/** Return the canonical string containing the list of protocols
* that we support.
@@ -431,22 +471,18 @@ protover_get_supported_protocols(void)
*/
return
-"Cons=1-2 "
-"Desc=1-2 "
-"DirCache=2 "
-"FlowCtrl=1-2 "
-"HSDir=2 "
-"HSIntro=4-5 "
-"HSRend=1-2 "
-"Link=1-5 "
-#ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
-"LinkAuth=1,3 "
-#else
-"LinkAuth=3 "
-#endif
-"Microdesc=1-2 "
-"Padding=2 "
-"Relay=1-4";
+"Cons=" PR_CONS_V " "
+"Desc=" PR_DESC_V " "
+"DirCache=" PR_DIRCACHE_V " "
+"FlowCtrl=" PR_FLOWCTRL_V " "
+"HSDir=" PR_HSDIR_V " "
+"HSIntro=" PR_HSINTRO_V " "
+"HSRend=" PR_HSREND_V " "
+"Link=" PR_LINK_V " "
+"LinkAuth=" PR_LINKAUTH_V " "
+"Microdesc=" PR_MICRODESC_V " "
+"Padding=" PR_PADDING_V " "
+"Relay=" PR_RELAY_V;
}
/*
diff --git a/src/core/or/protover.h b/src/core/or/protover.h
index 410a67a9f7..8f15c02fb2 100644
--- a/src/core/or/protover.h
+++ b/src/core/or/protover.h
@@ -75,6 +75,7 @@ typedef enum protocol_type_t {
} protocol_type_t;
bool protover_list_is_invalid(const char *s);
+const char *protover_get_supported(const protocol_type_t type);
int protover_all_supported(const char *s, char **missing);
int protover_is_supported_here(protocol_type_t pr, uint32_t ver);
const char *protover_get_supported_protocols(void);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Add test for congestion control negotiation logic.
commit 6b2086773c7604e6db331c13cb44cd756022ab00
Author: Mike Perry
Date: Tue Nov 23 20:47:24 2021 +
Add test for congestion control negotiation logic.
---
src/core/or/congestion_control_common.c | 12 +++
src/core/or/congestion_control_common.h | 2 +
src/test/test_ntor_v3.c | 139
3 files changed, 153 insertions(+)
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index 7e38510814..bd0383e06c 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -78,6 +78,8 @@ static bool
congestion_control_update_circuit_bdp(congestion_control_t *,
const circuit_t *,
const crypt_path_t *,
uint64_t, uint64_t);
+/* For unit tests */
+void congestion_control_set_cc_enabled(void);
/* Consensus parameters cached. The non static ones are extern. */
static uint32_t cwnd_max = CWND_MAX_DFLT;
@@ -299,6 +301,16 @@ congestion_control_enabled(void)
return cc_alg != CC_ALG_SENDME;
}
+/**
+ * For unit tests only: set the cached consensus cc alg to
+ * specified value.
+ */
+void
+congestion_control_set_cc_enabled(void)
+{
+ cc_alg = CC_ALG_VEGAS;
+}
+
/**
* Allocate and initialize fields in congestion control object.
*
diff --git a/src/core/or/congestion_control_common.h
b/src/core/or/congestion_control_common.h
index c8f6b1c35e..4fd404a1cc 100644
--- a/src/core/or/congestion_control_common.h
+++ b/src/core/or/congestion_control_common.h
@@ -118,6 +118,8 @@ n_count_ewma(uint64_t curr, uint64_t prev, uint64_t N)
*/
#ifdef TOR_UNIT_TESTS
+void congestion_control_set_cc_enabled(void);
+
#endif /* defined(TOR_UNIT_TESTS) */
#endif /* defined(TOR_CONGESTION_CONTROL_PRIVATE) */
diff --git a/src/test/test_ntor_v3.c b/src/test/test_ntor_v3.c
index 096ac6668f..1d06403076 100644
--- a/src/test/test_ntor_v3.c
+++ b/src/test/test_ntor_v3.c
@@ -10,6 +10,12 @@
#include "lib/crypt_ops/crypto_curve25519.h"
#include "lib/crypt_ops/crypto_ed25519.h"
#include "core/crypto/onion_ntor_v3.h"
+#include "core/crypto/onion_crypto.h"
+#include "core/or/extend_info_st.h"
+#include "core/or/crypt_path_st.h"
+#define TOR_CONGESTION_CONTROL_PRIVATE
+#include "core/or/congestion_control_common.h"
+#include "app/config/config.h"
#define unhex(arry, s) \
{ tt_int_op(sizeof(arry), OP_EQ, \
@@ -166,7 +172,140 @@ test_ntor3_testvecs(void *arg)
dimap_free(private_keys, NULL);
}
+static void
+run_full_handshake(circuit_params_t *serv_params_in,
+ circuit_params_t *client_params_out,
+ circuit_params_t *serv_params_out)
+{
+ extend_info_t info = {0};
+ uint8_t onionskin[CELL_PAYLOAD_SIZE];
+ int onionskin_len = 0;
+ int reply_len = 0;
+ onion_handshake_state_t handshake_state = {0};
+ server_onion_keys_t server_keys = {0};
+ curve25519_keypair_t relay_onion_key;
+ uint8_t serv_reply[CELL_PAYLOAD_SIZE];
+ uint8_t serv_keys[100];
+ uint8_t rend_nonce[DIGEST_LEN];
+ uint8_t client_keys[CELL_PAYLOAD_SIZE];
+ uint8_t rend_auth[DIGEST_LEN];
+
+ info.exit_supports_congestion_control = 1;
+
+ unhex(relay_onion_key.seckey.secret_key,
+"4051daa5921cfa2a1c27b08451324919538e79e788a81b38cbed097a5dff454a");
+ unhex(relay_onion_key.pubkey.public_key,
+"f8307a2bc1870b00b828bb74dbb8fd88e632a6375ab3bcd1ae706aaa8b6cdd1d");
+
+ memcpy(_onion_key,
+ _onion_key.pubkey, sizeof(info.curve25519_onion_key));
+ unhex(info.ed_identity.pubkey,
+"9fad2af287ef942632833d21f946c6260c33fae6172b60006e86e4a6911753a2");
+
+ memcpy(_keys.my_ed_identity, _identity,
+ sizeof(server_keys.my_ed_identity));
+
+ dimap_add_entry(_keys.curve25519_key_map,
+ relay_onion_key.pubkey.public_key,
+ _onion_key);
+
+ onionskin_len = onion_skin_create(ONION_HANDSHAKE_TYPE_NTOR_V3, ,
+_state, onionskin,
+sizeof(onionskin));
+ tt_int_op(onionskin_len, OP_NE, -1);
+
+ server_keys.junk_keypair = _state.u.ntor3->client_keypair;
+
+ reply_len = onion_skin_server_handshake(ONION_HANDSHAKE_TYPE_NTOR_V3,
+ onionskin, onionskin_len,
+ _keys, serv_params_in,
+ serv_reply, sizeof(serv_reply),
+ serv_keys, sizeof(serv_keys),
+ rend_nonce, serv_params_out);
+ tt_int_op(reply_len, OP_NE, -1);
+
+ tt_int_op(onion_skin_client_handshake(ONION_HANDSHAKE_TYPE_NTOR_V3,
+ _state,
+ serv_reply, reply_len,
+ client_keys, sizeof(client_keys),
+ rend_auth, client_params_out,
+
[tor-commits] [tor/main] Add test for TAP vs ntor2+ntor3 onion queue ordering
commit f3283266c2e8425725d62fc4796cc0633e0c2f37
Author: Mike Perry
Date: Tue Nov 23 16:09:37 2021 +
Add test for TAP vs ntor2+ntor3 onion queue ordering
---
src/test/test.c | 122
1 file changed, 122 insertions(+)
diff --git a/src/test/test.c b/src/test/test.c
index c38d78da30..6b7e0b6442 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -350,6 +350,127 @@ test_onion_queues(void *arg)
tor_free(onionskin);
}
+/**
+ * Test onion queue priority, separation, and resulting
+ * ordering.
+ *
+ * create and add a mix of TAP, NTOR2, and NTORv3. Ensure
+ * they all end up in the right queue. In particular, ntorv2
+ * and ntorv3 should share a queue, but TAP should be separate,
+ * and lower prioritt.
+ *
+ * We test this by way of adding TAP first, and then an interleaving
+ * order of ntor2 and ntor3, and check that the ntor2 and ntor3 are
+ * still interleaved, but TAP comes last. */
+static void
+test_onion_queue_order(void *arg)
+{
+ uint8_t buf_tap[TAP_ONIONSKIN_CHALLENGE_LEN] = {0};
+ uint8_t buf_ntor[NTOR_ONIONSKIN_LEN] = {0};
+ uint8_t buf_ntor3[CELL_PAYLOAD_SIZE] = {0};
+
+ or_circuit_t *circ_tap = or_circuit_new(0, NULL);
+ or_circuit_t *circ_ntor = or_circuit_new(0, NULL);
+ or_circuit_t *circ_ntor3 = or_circuit_new(0, NULL);
+
+ create_cell_t *onionskin = NULL;
+ create_cell_t *create_tap1 = tor_malloc_zero(sizeof(create_cell_t));
+ create_cell_t *create_ntor1 = tor_malloc_zero(sizeof(create_cell_t));
+ create_cell_t *create_ntor2 = tor_malloc_zero(sizeof(create_cell_t));
+ create_cell_t *create_v3ntor1 = tor_malloc_zero(sizeof(create_cell_t));
+ create_cell_t *create_v3ntor2 = tor_malloc_zero(sizeof(create_cell_t));
+ (void)arg;
+
+ create_cell_init(create_tap1, CELL_CREATE, ONION_HANDSHAKE_TYPE_TAP,
+ TAP_ONIONSKIN_CHALLENGE_LEN, buf_tap);
+ create_cell_init(create_ntor1, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR,
+ NTOR_ONIONSKIN_LEN, buf_ntor);
+ create_cell_init(create_ntor2, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR,
+ NTOR_ONIONSKIN_LEN, buf_ntor);
+ create_cell_init(create_v3ntor1, CELL_CREATE2, ONION_HANDSHAKE_TYPE_NTOR_V3,
+ NTOR_ONIONSKIN_LEN, buf_ntor3);
+ create_cell_init(create_v3ntor2, CELL_CREATE2, ONION_HANDSHAKE_TYPE_NTOR_V3,
+ NTOR_ONIONSKIN_LEN, buf_ntor3);
+
+ /* sanity check queue init */
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
+
+ /* Add tap first so we can ensure it comes out last */
+ tt_int_op(0,OP_EQ, onion_pending_add(circ_tap, create_tap1));
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
+
+ /* Now add interleaving ntor2 and ntor3, to ensure they share
+ * the same queue and come out in this order */
+ tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor, create_ntor1));
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
+
+ tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor3, create_v3ntor1));
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+ tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
+
+ tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor, create_ntor2));
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+ tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
+
+ tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor3, create_v3ntor2));
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(4,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+ tt_int_op(4,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
+
+ /* Now remove 5 tasks, ensuring order and queue sizes */
+ tt_ptr_op(circ_ntor, OP_EQ, onion_next_task());
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+ tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
+ tt_ptr_op(onionskin, OP_EQ, create_ntor1);
+
+ tt_ptr_op(circ_ntor3, OP_EQ, onion_next_task());
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+ tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
+ tt_ptr_op(onionskin, OP_EQ, create_v3ntor1);
+
+ tt_ptr_op(circ_ntor, OP_EQ, onion_next_task());
+ tt_int_op(1,OP_EQ,
[tor-commits] [tor/main] Protover flag handling for congestion control negotiation
commit 1b1c26108050ebf8d739b6c6ce68925cf022ea3c
Author: Mike Perry
Date: Thu Nov 4 00:47:19 2021 +
Protover flag handling for congestion control negotiation
---
src/core/or/or.h | 7 +++
src/core/or/protover.c | 6 ++
src/core/or/protover.h | 5 +
src/core/or/versions.c | 11 ---
4 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/src/core/or/or.h b/src/core/or/or.h
index 22846872a0..885c0e8b11 100644
--- a/src/core/or/or.h
+++ b/src/core/or/or.h
@@ -732,10 +732,9 @@ typedef struct protover_summary_flags_t {
* negotiate hs circuit setup padding. Requires Padding=2. */
unsigned int supports_hs_setup_padding : 1;
- /** True iff this router supports ntor3 _and_ supports negotiating
- * additional circuit parameters via the handshake used in ntor3.
- */
- unsigned int supports_ntor3_and_param_negotiation : 1;
+ /** True iff this router supports congestion control.
+ * Requires both FlowCtrl=2 *and* Relay=4 */
+ unsigned int supports_congestion_control : 1;
} protover_summary_flags_t;
typedef struct routerinfo_t routerinfo_t;
diff --git a/src/core/or/protover.c b/src/core/or/protover.c
index 8405a720fb..ff986b62e2 100644
--- a/src/core/or/protover.c
+++ b/src/core/or/protover.c
@@ -430,13 +430,11 @@ protover_get_supported_protocols(void)
* XXX: WARNING!
*/
- /* TODO-324: Add a new Relay=* and a new FlowCtrl=* version to indicate
- * support for Ntorv3 and prop324. Make sure they get into the spec. */
return
"Cons=1-2 "
"Desc=1-2 "
"DirCache=2 "
-"FlowCtrl=1 "
+"FlowCtrl=1-2 "
"HSDir=2 "
"HSIntro=4-5 "
"HSRend=1-2 "
@@ -448,7 +446,7 @@ protover_get_supported_protocols(void)
#endif
"Microdesc=1-2 "
"Padding=2 "
-"Relay=1-3";
+"Relay=1-4";
}
/*
diff --git a/src/core/or/protover.h b/src/core/or/protover.h
index ae258d74a5..410a67a9f7 100644
--- a/src/core/or/protover.h
+++ b/src/core/or/protover.h
@@ -35,6 +35,8 @@ struct smartlist_t;
/** The protover version number where relays can consider IPv6 connections
* canonical */
#define PROTOVER_RELAY_CANONICAL_IPV6 3
+/** The protover version number where relays can accept ntorv3 */
+#define PROTOVER_RELAY_NTOR_V3 4
/** The protover version number that signifies HSv3 intro point support */
#define PROTOVER_HS_INTRO_V3 4
@@ -51,6 +53,9 @@ struct smartlist_t;
/** The protover that signals support for HS circuit setup padding machines */
#define PROTOVER_HS_SETUP_PADDING 2
+/** The protover that signals support for congestion control */
+#define PROTOVER_FLOWCTRL_CC 2
+
/** List of recognized subprotocols. */
/// C_RUST_COUPLED: src/rust/protover/ffi.rs `translate_to_rust`
/// C_RUST_COUPLED: src/rust/protover/protover.rs `Proto`
diff --git a/src/core/or/versions.c b/src/core/or/versions.c
index 052351120e..9913b3ee31 100644
--- a/src/core/or/versions.c
+++ b/src/core/or/versions.c
@@ -482,14 +482,11 @@ memoize_protover_summary(protover_summary_flags_t *out,
protocol_list_supports_protocol(protocols, PRT_PADDING,
PROTOVER_HS_SETUP_PADDING);
- /* TODO-324: Set these flags based on real values.
- out->supports_ntor3_and_param_negotiation =
-protocol_list_supports_protocol(protocols, PRT_RELAY,
-)
-&&
+ out->supports_congestion_control =
protocol_list_supports_protocol(protocols, PRT_FLOWCTRL,
-);
- */
+PROTOVER_FLOWCTRL_CC) &&
+protocol_list_supports_protocol(protocols, PRT_RELAY,
+PROTOVER_RELAY_NTOR_V3);
protover_summary_flags_t *new_cached = tor_memdup(out, sizeof(*out));
cached = strmap_set(protover_summary_map, protocols, new_cached);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Add hidden torrc option to always try CC negotiation.
commit b2789ae72aab35443c2988d930495b8efa870f3e
Author: Mike Perry
Date: Tue Nov 16 22:01:54 2021 +
Add hidden torrc option to always try CC negotiation.
This is for public network testing and for sbws. Should not otherwise be
used,
hence it is an undocumented __option.
The option deliberately does not allow force-disabling congestion control,
as
this is bad for queueing and fairness.
---
src/app/config/config.c | 1 +
src/app/config/or_options_st.h | 3 +++
src/core/or/congestion_control_common.c | 46 +++--
3 files changed, 42 insertions(+), 8 deletions(-)
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 8df5275cc6..05bd96fc6a 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -675,6 +675,7 @@ static const config_var_t option_vars_[] = {
V(VanguardsLiteEnabled,AUTOBOOL, "auto"),
V(UseMicrodescriptors, AUTOBOOL, "auto"),
OBSOLETE("UseNTorHandshake"),
+ VAR("__AlwaysCongestionControl", BOOL, AlwaysCongestionControl, "0"),
V_IMMUTABLE(User, STRING, NULL),
OBSOLETE("UserspaceIOCPBuffers"),
OBSOLETE("V1AuthoritativeDirectory"),
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index 3a1acad044..a1ef7a8cf8 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -601,6 +601,9 @@ struct or_options_t {
/** Boolean: Switch to toggle the vanguards-lite subsystem */
int VanguardsLiteEnabled;
+ /** Boolean: Switch to override consensus to enable congestion control */
+ int AlwaysCongestionControl;
+
int RephistTrackTime; /**< How many seconds do we keep rephist info? */
/** Should we always fetch our dir info on the mirror schedule (which
* means directly from the authorities) no matter our other config? */
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index d4b933a032..7e38510814 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -26,6 +26,7 @@
#include "core/or/trace_probes_cc.h"
#include "lib/time/compat_time.h"
#include "feature/nodelist/networkstatus.h"
+#include "app/config/config.h"
/* Consensus parameter defaults.
*
@@ -34,6 +35,7 @@
#define CIRCWINDOW_INIT (500)
#define SENDME_INC_DFLT (50)
#define CC_ALG_DFLT (CC_ALG_SENDME)
+#define CC_ALG_DFLT_ALWAYS (CC_ALG_VEGAS)
#define CWND_INC_DFLT (50)
#define CWND_INC_PCT_SS_DFLT (100)
@@ -161,6 +163,7 @@ static void
congestion_control_init_params(congestion_control_t *cc,
const circuit_params_t *params)
{
+ const or_options_t *opts = get_options();
cc->sendme_inc = params->sendme_inc_cells;
#define CWND_INIT_MIN 100
@@ -219,13 +222,14 @@ congestion_control_init_params(congestion_control_t *cc,
BWE_SENDME_MIN_MIN,
BWE_SENDME_MIN_MAX);
-#define CC_ALG_MIN 0
-#define CC_ALG_MAX (NUM_CC_ALGS-1)
- cc->cc_alg =
-networkstatus_get_param(NULL, "cc_alg",
-cc_alg,
-CC_ALG_MIN,
-CC_ALG_MAX);
+ /* If the consensus says to use OG sendme, but torrc has
+ * always-enabled, use the default "always" alg (vegas),
+ * else use cached conensus alg. */
+ if (cc_alg == CC_ALG_SENDME && opts->AlwaysCongestionControl) {
+cc->cc_alg = CC_ALG_DFLT_ALWAYS;
+ } else {
+cc->cc_alg = cc_alg;
+ }
bdp_alg_t default_bdp_alg = 0;
@@ -262,10 +266,36 @@ congestion_control_init_params(congestion_control_t *cc,
}
/** Returns true if congestion control is enabled in the most recent
- * consensus */
+ * consensus, or if __AlwaysCongestionControl is set to true.
+ *
+ * Note that this function (and many many other functions) should not
+ * be called from the CPU worker threads when handling congestion
+ * control negotiation. Relevant values are marshaled into the
+ * `circuit_params_t` struct, in order to be used in worker threads
+ * without touching global state. Use those values in CPU worker
+ * threads, instead of calling this function.
+ *
+ * The danger is still present, in your time, as it was in ours.
+ */
bool
congestion_control_enabled(void)
{
+ const or_options_t *opts = NULL;
+
+ tor_assert_nonfatal_once(in_main_thread());
+
+ opts = get_options();
+
+ /* If the user has set "__AlwaysCongesttionControl",
+ * then always try to negotiate congestion control, regardless
+ * of consensus param. This is to be used for testing and sbws.
+ *
+ * Note that we do *not* allow disabling congestion control
+ * if the consensus says to use it, as this is bad for queueing
+ * and fairness. */
+ if (opts->AlwaysCongestionControl)
+return 1;
+
return cc_alg != CC_ALG_SENDME;
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Congestion control usage of negotiated params
commit a07e008616e3bc00451cb28017750e4dc0bc9ca2
Author: Mike Perry
Date: Thu Nov 4 00:47:42 2021 +
Congestion control usage of negotiated params
---
src/core/or/congestion_control_common.c | 56 -
src/core/or/congestion_control_common.h | 17 ++
src/core/or/congestion_control_flow.c | 10 --
3 files changed, 46 insertions(+), 37 deletions(-)
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index b76c0957e4..d4b933a032 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -33,6 +33,7 @@
* section 6.5 including tuning notes. */
#define CIRCWINDOW_INIT (500)
#define SENDME_INC_DFLT (50)
+#define CC_ALG_DFLT (CC_ALG_SENDME)
#define CWND_INC_DFLT (50)
#define CWND_INC_PCT_SS_DFLT (100)
@@ -82,6 +83,8 @@ int32_t cell_queue_high = CELL_QUEUE_HIGH_DFLT;
int32_t cell_queue_low = CELL_QUEUE_LOW_DFLT;
uint32_t or_conn_highwater = OR_CONN_HIGHWATER_DFLT;
uint32_t or_conn_lowwater = OR_CONN_LOWWATER_DFLT;
+uint8_t cc_sendme_inc = SENDME_INC_DFLT;
+static cc_alg_t cc_alg = CC_ALG_DFLT;
/**
* Update global congestion control related consensus parameter values,
@@ -127,6 +130,22 @@ congestion_control_new_consensus_params(const
networkstatus_t *ns)
CWND_MAX_DFLT,
CWND_MAX_MIN,
CWND_MAX_MAX);
+
+#define SENDME_INC_MIN 10
+#define SENDME_INC_MAX (1000)
+ cc_sendme_inc =
+networkstatus_get_param(NULL, "cc_sendme_inc",
+SENDME_INC_DFLT,
+SENDME_INC_MIN,
+SENDME_INC_MAX);
+
+#define CC_ALG_MIN 0
+#define CC_ALG_MAX (NUM_CC_ALGS-1)
+ cc_alg =
+networkstatus_get_param(NULL, "cc_alg",
+CC_ALG_DFLT,
+CC_ALG_MIN,
+CC_ALG_MAX);
}
/**
@@ -140,9 +159,10 @@ congestion_control_new_consensus_params(const
networkstatus_t *ns)
*/
static void
congestion_control_init_params(congestion_control_t *cc,
- cc_alg_t cc_alg,
- int sendme_inc)
+ const circuit_params_t *params)
{
+ cc->sendme_inc = params->sendme_inc_cells;
+
#define CWND_INIT_MIN 100
#define CWND_INIT_MAX (1)
cc->cwnd =
@@ -175,16 +195,7 @@ congestion_control_init_params(congestion_control_t *cc,
CWND_INC_RATE_MIN,
CWND_INC_RATE_MAX);
-#define SENDME_INC_MIN 10
-#define SENDME_INC_MAX (1000)
- cc->sendme_inc =
-networkstatus_get_param(NULL, "cc_sendme_inc",
-sendme_inc,
-SENDME_INC_MIN,
-SENDME_INC_MAX);
-
- // XXX: this min needs to abide by sendme_inc range rules somehow
-#define CWND_MIN_MIN sendme_inc
+#define CWND_MIN_MIN 20
#define CWND_MIN_MAX (1000)
cc->cwnd_min =
networkstatus_get_param(NULL, "cc_cwnd_min",
@@ -250,6 +261,14 @@ congestion_control_init_params(congestion_control_t *cc,
}
}
+/** Returns true if congestion control is enabled in the most recent
+ * consensus */
+bool
+congestion_control_enabled(void)
+{
+ return cc_alg != CC_ALG_SENDME;
+}
+
/**
* Allocate and initialize fields in congestion control object.
*
@@ -259,14 +278,14 @@ congestion_control_init_params(congestion_control_t *cc,
* acks. This parameter will come from circuit negotiation.
*/
static void
-congestion_control_init(congestion_control_t *cc, cc_alg_t cc_alg,
-int sendme_inc)
+congestion_control_init(congestion_control_t *cc,
+const circuit_params_t *params)
{
cc->sendme_pending_timestamps = smartlist_new();
cc->sendme_arrival_timestamps = smartlist_new();
cc->in_slow_start = 1;
- congestion_control_init_params(cc, cc_alg, sendme_inc);
+ congestion_control_init_params(cc, params);
cc->next_cc_event = CWND_UPDATE_RATE(cc);
}
@@ -277,12 +296,7 @@ congestion_control_new(const circuit_params_t *params)
{
congestion_control_t *cc = tor_malloc_zero(sizeof(congestion_control_t));
- /* TODO-324: Use `params` to pick the algorithm and the window. */
- (void) params;
-
- // TODO-324: XXX: the alg and the sendme_inc need to be negotiated during
- // circuit handshake
- congestion_control_init(cc, CC_ALG_VEGAS, SENDME_INC_DFLT);
+ congestion_control_init(cc, params);
return cc;
}
diff --git a/src/core/or/congestion_control_common.h
b/src/core/or/congestion_control_common.h
index 81ec79c6e6..c8f6b1c35e 100644
--- a/src/core/or/congestion_control_common.h
+++ b/src/core/or/congestion_control_common.h
@@ -20,11 +20,6 @@ typedef struct congestion_control_t congestion_control_t;
void congestion_control_free_(congestion_control_t *cc);
-/* TODO-324: Whisky Tango Foxtot‽ Nothing calls this function anywhere!
- *
- * It needs to be called client-side and relay-side every time we initialize a
- * circuit!
- */
struct circuit_params_t;
congestion_control_t *congestion_control_new(
const struct circuit_params_t *params);
@@ -50,12 +45,15 @@ bool
[tor-commits] [tor/main] Extend info argument updates for non-ntorv3 cases
commit 812590f8aa6637cd2b3f869dc4e30fd6550beac3
Author: Mike Perry
Date: Thu Nov 4 19:57:57 2021 +
Extend info argument updates for non-ntorv3 cases
---
src/feature/hs/hs_common.c | 2 +-
src/feature/hs/hs_service.c| 2 +-
src/feature/relay/circuitbuild_relay.c | 3 ++-
src/feature/relay/relay_find_addr.c| 2 +-
src/feature/relay/selftest.c | 4 +++-
src/test/test_circuitpadding.c | 2 +-
src/test/test_hs_client.c | 8
7 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c
index 38c8bf2912..3036ce2710 100644
--- a/src/feature/hs/hs_common.c
+++ b/src/feature/hs/hs_common.c
@@ -1698,7 +1698,7 @@ hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
function that needs to initialize congestion
control structures based on what the client says.
*/
- NULL);
+ NULL, false);
done:
return info;
}
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index 9b7b590140..2b3699422a 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -714,7 +714,7 @@ get_extend_info_from_intro_point(const
hs_service_intro_point_t *ip,
/* In the case of a direct connection (single onion service), it is possible
* our firewall policy won't allow it so this can return a NULL value. */
- info = extend_info_from_node(node, direct_conn);
+ info = extend_info_from_node(node, direct_conn, false);
end:
return info;
diff --git a/src/feature/relay/circuitbuild_relay.c
b/src/feature/relay/circuitbuild_relay.c
index af3b488ae1..5b1609a1af 100644
--- a/src/feature/relay/circuitbuild_relay.c
+++ b/src/feature/relay/circuitbuild_relay.c
@@ -393,7 +393,8 @@ circuit_open_connection_for_extend(const struct
extend_cell_t *ec,
NULL, /*curve25519_key*/
_ap->addr,
chosen_ap->port,
-NULL /* protover summary */);
+NULL /* protover summary */,
+false);
circ->n_chan_create_cell = tor_memdup(>create_cell,
sizeof(ec->create_cell));
diff --git a/src/feature/relay/relay_find_addr.c
b/src/feature/relay/relay_find_addr.c
index 33a50ce3c3..f4f9d40823 100644
--- a/src/feature/relay/relay_find_addr.c
+++ b/src/feature/relay/relay_find_addr.c
@@ -221,7 +221,7 @@ relay_addr_learn_from_dirauth(void)
"learn for now our address from them.");
return;
}
-extend_info_t *ei = extend_info_from_node(node, 1);
+extend_info_t *ei = extend_info_from_node(node, 1, false);
if (BUG(!ei)) {
return;
}
diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c
index d52fea3c11..399b6bca6e 100644
--- a/src/feature/relay/selftest.c
+++ b/src/feature/relay/selftest.c
@@ -229,7 +229,9 @@ extend_info_from_router(const routerinfo_t *r, int family)
ed_id_key,
rsa_pubkey, r->onion_curve25519_pkey,
, ap.port,
- NULL /* should self-tests use ntor3? */);
+ /* TODO-324: Should self-test circuits use
+ * congestion control? */
+ NULL, false);
crypto_pk_free(rsa_pubkey);
return info;
}
diff --git a/src/test/test_circuitpadding.c b/src/test/test_circuitpadding.c
index 5dc5fc5201..63b7136a11 100644
--- a/src/test/test_circuitpadding.c
+++ b/src/test/test_circuitpadding.c
@@ -1609,7 +1609,7 @@ simulate_single_hop_extend(circuit_t *client, circuit_t
*mid_relay,
hop->extend_info = extend_info_new(
padding ? "padding" : "non-padding",
digest, NULL, NULL, NULL,
- , padding, NULL);
+ , padding, NULL, false);
cpath_init_circuit_crypto(hop, whatevs_key, sizeof(whatevs_key), 0, 0);
diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c
index 3d84238249..0fe71ed7bd 100644
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@@ -1186,7 +1186,7 @@ test_socks_hs_errors(void *arg)
/* Code path will log this exit so build it. */
ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest,
NULL, NULL, NULL, ,
-4242, NULL);
+4242, NULL, false);
/* Attach socks connection to this rendezvous circuit. */
ocirc->p_streams = ENTRY_TO_EDGE_CONN(socks_conn);
/* Trigger the rendezvous failure. Timeout the circuit and free. */
@@ -1281,7 +1281,7 @@ test_close_intro_circuit_failure(void *arg)
/* Code path will log this exit so build
[tor-commits] [tor/main] Handle other places that use onion handshake type values
commit a0eeadfba2c1d7d33214286ef7697971120cbe16
Author: Mike Perry
Date: Fri Nov 5 20:50:39 2021 +
Handle other places that use onion handshake type values
We want ntor and ntorv3 to use the same queues and stats.
---
src/core/crypto/onion_crypto.c | 1 -
src/core/or/onion.c | 14 +
src/core/or/or.h| 2 +-
src/feature/relay/onion_queue.c | 64 -
src/feature/stats/rephist.c | 59 ++---
src/feature/stats/rephist.h | 8 --
6 files changed, 95 insertions(+), 53 deletions(-)
diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c
index 13f8f54b35..4a83a73dab 100644
--- a/src/core/crypto/onion_crypto.c
+++ b/src/core/crypto/onion_crypto.c
@@ -49,7 +49,6 @@
#include "core/or/extend_info_st.h"
#include "trunnel/circ_params.h"
-/* TODO-324: Add this to the specification! */
static const uint8_t NTOR3_CIRC_VERIFICATION[] = "circuit extend";
static const size_t NTOR3_CIRC_VERIFICATION_LEN = 14;
diff --git a/src/core/or/onion.c b/src/core/or/onion.c
index 62ad7af3fe..0bdd2a6d35 100644
--- a/src/core/or/onion.c
+++ b/src/core/or/onion.c
@@ -88,6 +88,10 @@ check_create_cell(const create_cell_t *cell, int unknown_ok)
if (cell->handshake_len != NTOR_ONIONSKIN_LEN)
return -1;
break;
+ case ONION_HANDSHAKE_TYPE_NTOR_V3:
+/* ntor v3 has variable length fields that are checked
+ * elsewhere. Fall through to always valid here. */
+break;
default:
if (! unknown_ok)
return -1;
@@ -521,6 +525,11 @@ create_cell_format_impl(cell_t *cell_out, const
create_cell_t *cell_in,
switch (cell_in->cell_type) {
case CELL_CREATE:
+if (BUG(cell_in->handshake_type == ONION_HANDSHAKE_TYPE_NTOR_V3)) {
+ log_warn(LD_BUG, "Create cells cannot contain ntorv3.");
+ return -1;
+}
+
if (cell_in->handshake_type == ONION_HANDSHAKE_TYPE_NTOR) {
memcpy(p, NTOR_CREATE_MAGIC, 16);
p += 16;
@@ -619,6 +628,11 @@ extend_cell_format(uint8_t *command_out, uint16_t *len_out,
switch (cell_in->cell_type) {
case RELAY_COMMAND_EXTEND:
{
+ if (BUG(cell_in->create_cell.handshake_type ==
+ ONION_HANDSHAKE_TYPE_NTOR_V3)) {
+log_warn(LD_BUG, "Extend cells cannot contain ntorv3!");
+return -1;
+ }
*command_out = RELAY_COMMAND_EXTEND;
*len_out = 6 + TAP_ONIONSKIN_CHALLENGE_LEN + DIGEST_LEN;
set_uint32(p, tor_addr_to_ipv4n(_in->orport_ipv4.addr));
diff --git a/src/core/or/or.h b/src/core/or/or.h
index 885c0e8b11..dc8f516f0a 100644
--- a/src/core/or/or.h
+++ b/src/core/or/or.h
@@ -793,7 +793,7 @@ typedef enum {
#define ONION_HANDSHAKE_TYPE_TAP 0x
#define ONION_HANDSHAKE_TYPE_FAST 0x0001
#define ONION_HANDSHAKE_TYPE_NTOR 0x0002
-#define ONION_HANDSHAKE_TYPE_NTOR_V3 0x0003 /* TODO-324: Add to spec */
+#define ONION_HANDSHAKE_TYPE_NTOR_V3 0x0003
#define MAX_ONION_HANDSHAKE_TYPE 0x0003
typedef struct onion_handshake_state_t onion_handshake_state_t;
diff --git a/src/feature/relay/onion_queue.c b/src/feature/relay/onion_queue.c
index c09f4d5b9b..b0bb71a084 100644
--- a/src/feature/relay/onion_queue.c
+++ b/src/feature/relay/onion_queue.c
@@ -42,7 +42,7 @@
typedef struct onion_queue_t {
TOR_TAILQ_ENTRY(onion_queue_t) next;
or_circuit_t *circ;
- uint16_t handshake_type;
+ uint16_t queue_idx;
create_cell_t *onionskin;
time_t when_added;
} onion_queue_t;
@@ -53,20 +53,41 @@ typedef struct onion_queue_t {
TOR_TAILQ_HEAD(onion_queue_head_t, onion_queue_t);
typedef struct onion_queue_head_t onion_queue_head_t;
+/** We have 3 queues: tap, fast, and ntor. (ntorv3 goes into ntor queue). */
+#define MAX_QUEUE_IDX ONION_HANDSHAKE_TYPE_NTOR
+
/** Array of queues of circuits waiting for CPU workers. An element is NULL
* if that queue is empty.*/
-static onion_queue_head_t ol_list[MAX_ONION_HANDSHAKE_TYPE+1] =
+static onion_queue_head_t ol_list[MAX_QUEUE_IDX+1] =
{ TOR_TAILQ_HEAD_INITIALIZER(ol_list[0]), /* tap */
TOR_TAILQ_HEAD_INITIALIZER(ol_list[1]), /* fast */
TOR_TAILQ_HEAD_INITIALIZER(ol_list[2]), /* ntor */
};
/** Number of entries of each type currently in each element of ol_list[]. */
-static int ol_entries[MAX_ONION_HANDSHAKE_TYPE+1];
+static int ol_entries[MAX_QUEUE_IDX+1];
static int num_ntors_per_tap(void);
static void onion_queue_entry_remove(onion_queue_t *victim);
+/**
+ * We combine ntorv3 and ntor into the same queue, so we must
+ * use this function to covert the cell type to a queue index.
+ */
+static inline uint16_t
+onionskin_type_to_queue(uint16_t type)
+{
+ if (type == ONION_HANDSHAKE_TYPE_NTOR_V3) {
+return ONION_HANDSHAKE_TYPE_NTOR;
+ }
+
+ if (BUG(type > MAX_QUEUE_IDX)) {
+return MAX_QUEUE_IDX; // use ntor if out of range
+ }
+
+ return type;
+}
+
/* Check lengths vs MAX_ONIONSKIN_{CHALLENGE,REPLY}_LEN.
*
* (By which I think I meant, "make sure that no
@@
[tor-commits] [tor/main] Implement congestion control parameter negotiation
commit b6d5fbba7d7e0e2cfa0c0cbb7f91e6039e3decf9
Author: Mike Perry
Date: Thu Nov 4 00:44:38 2021 +
Implement congestion control parameter negotiation
---
src/core/crypto/onion_crypto.c | 200 +++--
src/core/crypto/onion_crypto.h | 10 ++-
src/core/mainloop/cpuworker.c | 22 -
3 files changed, 198 insertions(+), 34 deletions(-)
diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c
index 1e9913539f..13f8f54b35 100644
--- a/src/core/crypto/onion_crypto.c
+++ b/src/core/crypto/onion_crypto.c
@@ -41,15 +41,17 @@
#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_util.h"
#include "feature/relay/routerkeys.h"
+#include "core/or/congestion_control_common.h"
#include "core/or/circuitbuild.h"
#include "core/or/crypt_path_st.h"
#include "core/or/extend_info_st.h"
+#include "trunnel/circ_params.h"
/* TODO-324: Add this to the specification! */
-const uint8_t NTOR3_CIRC_VERIFICATION[] = "circuit extend";
-const size_t NTOR3_CIRC_VERIFICATION_LEN = 14;
+static const uint8_t NTOR3_CIRC_VERIFICATION[] = "circuit extend";
+static const size_t NTOR3_CIRC_VERIFICATION_LEN = 14;
#define NTOR3_VERIFICATION_ARGS \
NTOR3_CIRC_VERIFICATION, NTOR3_CIRC_VERIFICATION_LEN
@@ -210,6 +212,93 @@ onion_skin_create(int type,
return r;
}
+/**
+ * Takes a param request message from the client, compares it to our
+ * consensus parameters, and creates a reply message and output
+ * parameters.
+ *
+ * This function runs in a worker thread, so it can only inspect
+ * arguments and local variables.
+ *
+ * Returns 0 if successful.
+ * Returns -1 on parsing, parameter failure, or reply creation failure.
+ */
+static int
+negotiate_v3_ntor_server_circ_params(const uint8_t *param_request_msg,
+ size_t param_request_len,
+ const circuit_params_t *our_ns_params,
+ circuit_params_t *params_out,
+ uint8_t **resp_msg_out,
+ size_t *resp_msg_len_out)
+{
+ circ_params_response_t *resp = NULL;
+ circ_params_request_t *param_request = NULL;
+ ssize_t resp_msg_len;
+
+ if (circ_params_request_parse(_request, param_request_msg,
+param_request_len) < 0) {
+return -1;
+ }
+
+ /* CC is enabled if the client wants it, and our consensus paramers
+ * allow it. If both are true, its on. If either is false, it's off. */
+ params_out->cc_enabled =
+ circ_params_request_get_cc_supported(param_request) &&
+ our_ns_params->cc_enabled;
+
+ resp = circ_params_response_new();
+
+ if (circ_params_response_set_version(resp, 0) < 0) {
+circ_params_request_free(param_request);
+circ_params_response_free(resp);
+return -1;
+ }
+
+ /* The relay always chooses its sendme_inc, and sends it to the client */
+ params_out->sendme_inc_cells = our_ns_params->sendme_inc_cells;
+
+ if (circ_params_response_set_sendme_inc_cells(resp,
+ our_ns_params->sendme_inc_cells) < 0) {
+circ_params_request_free(param_request);
+circ_params_response_free(resp);
+return -1;
+ }
+
+ /* Use the negotiated cc_enabled value to respond */
+ if (circ_params_response_set_cc_enabled(resp, params_out->cc_enabled) < 0) {
+circ_params_request_free(param_request);
+circ_params_response_free(resp);
+return -1;
+ }
+
+ resp_msg_len = circ_params_response_encoded_len(resp);
+
+ if (resp_msg_len < 0) {
+circ_params_request_free(param_request);
+circ_params_response_free(resp);
+return -1;
+ }
+
+ *resp_msg_out = tor_malloc_zero(resp_msg_len);
+
+ resp_msg_len = circ_params_response_encode(*resp_msg_out, resp_msg_len,
+ resp);
+ if (resp_msg_len < 0) {
+circ_params_request_free(param_request);
+circ_params_response_free(resp);
+
+tor_free(*resp_msg_out);
+return -1;
+ }
+
+ *resp_msg_len_out = (size_t)resp_msg_len;
+
+ circ_params_request_free(param_request);
+ circ_params_response_free(resp);
+
+ return 0;
+}
+
/* This is the maximum value for keys_out_len passed to
* onion_skin_server_handshake, plus 16. We can make it bigger if needed:
* It just defines how many bytes to stack-allocate. */
@@ -226,6 +315,7 @@ int
onion_skin_server_handshake(int type,
const uint8_t *onion_skin, size_t onionskin_len,
const server_onion_keys_t *keys,
+ const circuit_params_t *our_ns_params,
uint8_t *reply_out,
size_t reply_out_maxlen,
uint8_t *keys_out, size_t keys_out_len,
@@ -233,7 +323,7 @@ onion_skin_server_handshake(int type,
circuit_params_t *params_out)
{
int r = -1;
- memset(params_out, 0, sizeof(*params_out)); // TODO-324: actually set this!
+ memset(params_out, 0,
[tor-commits] [tor/main] Convert TODO into TODO-324 for better visibility.
commit 93318ba5e21851f486e148ff216d239c4ca25ce7
Author: Nick Mathewson
Date: Tue Sep 14 17:23:31 2021 -0400
Convert TODO into TODO-324 for better visibility.
---
src/core/crypto/onion_crypto.c | 21 ++---
src/core/mainloop/cpuworker.c | 2 +-
src/core/or/circuitbuild.c | 4 ++--
src/core/or/command.c | 4 ++--
src/core/or/congestion_control_common.c | 4 ++--
src/core/or/congestion_control_common.h | 6 +-
src/core/or/or.h| 2 +-
src/core/or/protover.c | 4 ++--
src/core/or/versions.c | 2 +-
src/feature/hs/hs_common.c | 11 +--
10 files changed, 35 insertions(+), 25 deletions(-)
diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c
index 390151b5df..1e9913539f 100644
--- a/src/core/crypto/onion_crypto.c
+++ b/src/core/crypto/onion_crypto.c
@@ -47,7 +47,7 @@
#include "core/or/crypt_path_st.h"
#include "core/or/extend_info_st.h"
-/* TODO: Add this to the specification! */
+/* TODO-324: Add this to the specification! */
const uint8_t NTOR3_CIRC_VERIFICATION[] = "circuit extend";
const size_t NTOR3_CIRC_VERIFICATION_LEN = 14;
@@ -233,7 +233,7 @@ onion_skin_server_handshake(int type,
circuit_params_t *params_out)
{
int r = -1;
- memset(params_out, 0, sizeof(*params_out)); // TODO: actually set.
+ memset(params_out, 0, sizeof(*params_out)); // TODO-324: actually set this!
switch (type) {
case ONION_HANDSHAKE_TYPE_TAP:
@@ -306,10 +306,10 @@ onion_skin_server_handshake(int type,
uint8_t reply_msg[1] = { 0 };
size_t reply_msg_len = 1;
{
- /* TODO, Okay, we have a message from the client trying to negotiate
- * parameters. We need to decide whether the client's request is
- * okay, what we're going to say in response, and what circuit
- * parameters we've just negotiated
+ /* TODO-324, Okay, we have a message from the client trying to negotiate
+ * parameters. We need to decide whether the client's request is okay,
+ * what we're going to say in response, and what circuit parameters
+ * we've just negotiated
*/
/* NOTE! DANGER, DANGER, DANGER!
@@ -331,12 +331,12 @@ onion_skin_server_handshake(int type,
reply_msg, reply_msg_len,
_handshake, _handshake_len,
keys_tmp, keys_tmp_len) < 0) {
- // XXX TODO free some stuff
+ // XXX TODO-324 free some stuff
return -1;
}
if (server_handshake_len > reply_out_maxlen) {
- // XXX TODO free that stuff
+ // XXX TODO-324 free that stuff
return -1;
}
@@ -382,7 +382,7 @@ onion_skin_client_handshake(int type,
if (handshake_state->tag != type)
return -1;
- memset(params_out, 0, sizeof(*params_out)); // TODO: actually set.
+ memset(params_out, 0, sizeof(*params_out)); // TODO-324: actually set this!
switch (type) {
case ONION_HANDSHAKE_TYPE_TAP:
@@ -450,9 +450,8 @@ onion_skin_client_handshake(int type,
return -1;
}
-// handle the server message!
{
- // TODO: see what the server said, make sure it's okay, see what
+ // TODO-324: see what the server said, make sure it's okay, see what
// parameters it gave us, make sure we like them, and put them into
// `params_out`
}
diff --git a/src/core/mainloop/cpuworker.c b/src/core/mainloop/cpuworker.c
index 8da042aa57..7ca66a1c45 100644
--- a/src/core/mainloop/cpuworker.c
+++ b/src/core/mainloop/cpuworker.c
@@ -390,7 +390,7 @@ cpuworker_onion_handshake_replyfn(void *work_)
goto done_processing;
}
- /* TODO! We need to use rpl.circ_params here to initialize the congestion
+ /* TODO-324! We need to use rpl.circ_params here to initialize the congestion
control parameters of the circuit. */
log_debug(LD_OR,"onionskin_answer succeeded. Yay.");
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index ffb2c00493..53582d2829 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -1263,7 +1263,7 @@ circuit_finish_handshake(origin_circuit_t *circ,
onion_handshake_state_release(>handshake_state);
- // TODO: use `params` to initialize the congestion control.
+ // TODO-324: use `params` to initialize the congestion control.
if (cpath_init_circuit_crypto(hop, keys, sizeof(keys), 0, 0)<0) {
return -END_CIRC_REASON_TORPROTOCOL;
@@ -2600,6 +2600,6 @@ client_circ_negotiation_message(const extend_info_t *ei,
if (! ei->supports_ntor3_and_param_negotiation)
return -1;
- /* TODO: fill in the client message that gets sent. */
+ /* TODO-324: fill in the client message that gets sent. */
tor_assert_unreached();
}
diff --git a/src/core/or/command.c b/src/core/or/command.c
index fd6cebe743..12e4c26768 100644
--- a/src/core/or/command.c
+++ b/src/core/or/command.c
@@ -381,8
[tor-commits] [tor/main] Add circuit param payload definitions to trunnel
commit 095224cdfa5563973e4832c46f0d162310393156
Author: Mike Perry
Date: Thu Nov 4 00:01:33 2021 +
Add circuit param payload definitions to trunnel
---
src/trunnel/circ_params.c | 452
src/trunnel/circ_params.h | 147 +
src/trunnel/circ_params.trunnel | 25 +++
src/trunnel/include.am | 3 +
4 files changed, 627 insertions(+)
diff --git a/src/trunnel/circ_params.c b/src/trunnel/circ_params.c
new file mode 100644
index 00..650b533a0c
--- /dev/null
+++ b/src/trunnel/circ_params.c
@@ -0,0 +1,452 @@
+/* circ_params.c -- generated by Trunnel v1.5.3.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#include
+#include "trunnel-impl.h"
+
+#include "circ_params.h"
+
+#define TRUNNEL_SET_ERROR_CODE(obj) \
+ do { \
+(obj)->trunnel_error_code_ = 1; \
+ } while (0)
+
+#if defined(__COVERITY__) || defined(__clang_analyzer__)
+/* If we're running a static analysis tool, we don't want it to complain
+ * that some of our remaining-bytes checks are dead-code. */
+int circparams_deadcode_dummy__ = 0;
+#define OR_DEADCODE_DUMMY || circparams_deadcode_dummy__
+#else
+#define OR_DEADCODE_DUMMY
+#endif
+
+#define CHECK_REMAINING(nbytes, label) \
+ do { \
+if (remaining < (nbytes) OR_DEADCODE_DUMMY) {\
+ goto label;\
+}\
+ } while (0)
+
+circ_params_request_t *
+circ_params_request_new(void)
+{
+ circ_params_request_t *val = trunnel_calloc(1,
sizeof(circ_params_request_t));
+ if (NULL == val)
+return NULL;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+circ_params_request_clear(circ_params_request_t *obj)
+{
+ (void) obj;
+}
+
+void
+circ_params_request_free(circ_params_request_t *obj)
+{
+ if (obj == NULL)
+return;
+ circ_params_request_clear(obj);
+ trunnel_memwipe(obj, sizeof(circ_params_request_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+circ_params_request_get_version(const circ_params_request_t *inp)
+{
+ return inp->version;
+}
+int
+circ_params_request_set_version(circ_params_request_t *inp, uint8_t val)
+{
+ if (! ((val == 0))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint8_t
+circ_params_request_get_cc_supported(const circ_params_request_t *inp)
+{
+ return inp->cc_supported;
+}
+int
+circ_params_request_set_cc_supported(circ_params_request_t *inp, uint8_t val)
+{
+ if (! ((val == 0 || val == 1))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->cc_supported = val;
+ return 0;
+}
+const char *
+circ_params_request_check(const circ_params_request_t *obj)
+{
+ if (obj == NULL)
+return "Object was NULL";
+ if (obj->trunnel_error_code_)
+return "A set function failed on this object";
+ if (! (obj->version == 0))
+return "Integer out of bounds";
+ if (! (obj->cc_supported == 0 || obj->cc_supported == 1))
+return "Integer out of bounds";
+ return NULL;
+}
+
+ssize_t
+circ_params_request_encoded_len(const circ_params_request_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != circ_params_request_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [0] */
+ result += 1;
+
+ /* Length of u8 cc_supported IN [0, 1] */
+ result += 1;
+ return result;
+}
+int
+circ_params_request_clear_errors(circ_params_request_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+circ_params_request_encode(uint8_t *output, const size_t avail, const
circ_params_request_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = circ_params_request_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = circ_params_request_check(obj)))
+goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [0] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u8 cc_supported IN [0, 1] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+goto truncated;
+ trunnel_set_uint8(ptr, (obj->cc_supported));
+ written += 1; ptr += 1;
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+trunnel_assert(encoded_len >= 0);
+trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As
[tor-commits] [tor/main] Add stub argument for constructing congestion_control_t
commit 662b9c1c0d3a279359703487d97b155dcb89151a
Author: Nick Mathewson
Date: Tue Sep 14 17:13:05 2021 -0400
Add stub argument for constructing congestion_control_t
---
src/core/or/congestion_control_common.c | 6 +-
src/core/or/congestion_control_common.h | 5 -
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/core/or/congestion_control_common.c
b/src/core/or/congestion_control_common.c
index 0919f037db..f2becb9b20 100644
--- a/src/core/or/congestion_control_common.c
+++ b/src/core/or/congestion_control_common.c
@@ -10,6 +10,7 @@
#include "core/or/or.h"
+#include "core/crypto/onion_crypto.h"
#include "core/or/circuitlist.h"
#include "core/or/crypt_path.h"
#include "core/or/or_circuit_st.h"
@@ -272,10 +273,13 @@ congestion_control_init(congestion_control_t *cc,
cc_alg_t cc_alg,
/** Allocate and initialize a new congestion control object */
congestion_control_t *
-congestion_control_new(void)
+congestion_control_new(const circuit_params_t *params)
{
congestion_control_t *cc = tor_malloc_zero(sizeof(congestion_control_t));
+ /* TODO: Use `params` to pick the algorithm and the window. */
+ (void) params;
+
// XXX: the alg and the sendme_inc need to be negotiated during
// circuit handshake
congestion_control_init(cc, CC_ALG_VEGAS, SENDME_INC_DFLT);
diff --git a/src/core/or/congestion_control_common.h
b/src/core/or/congestion_control_common.h
index 01dbc1ceb4..1c44e6b0ef 100644
--- a/src/core/or/congestion_control_common.h
+++ b/src/core/or/congestion_control_common.h
@@ -20,7 +20,10 @@ typedef struct congestion_control_t congestion_control_t;
void congestion_control_free_(congestion_control_t *cc);
-congestion_control_t *congestion_control_new(void);
+/* TODO: Whisky Tango Foxtot‽ Nothing calls this function anywhere! */
+struct circuit_params_t;
+congestion_control_t *congestion_control_new(
+const struct circuit_params_t *params);
int congestion_control_dispatch_cc_alg(congestion_control_t *cc,
const circuit_t *circ,
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Hook up client usage of congestion control negotiation
commit 76bdadce121b0c33f46bb3d4e5eb0e8dc3277614
Author: Mike Perry
Date: Thu Nov 4 00:46:11 2021 +
Hook up client usage of congestion control negotiation
---
src/core/or/circuitbuild.c| 52 ---
src/core/or/circuituse.c | 6 +++--
src/core/or/command.c | 4 +--
src/core/or/extend_info_st.h | 7 +++---
src/core/or/extendinfo.c | 20 +--
src/core/or/extendinfo.h | 6 +++--
src/feature/control/control_cmd.c | 5 +++-
7 files changed, 72 insertions(+), 28 deletions(-)
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index 53582d2829..61d67c350d 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -72,6 +72,7 @@
#include "feature/stats/predict_ports.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/trace/events.h"
+#include "core/or/congestion_control_common.h"
#include "core/or/cell_st.h"
#include "core/or/cpath_build_state_st.h"
@@ -80,6 +81,7 @@
#include "feature/nodelist/node_st.h"
#include "core/or/or_circuit_st.h"
#include "core/or/origin_circuit_st.h"
+#include "trunnel/circ_params.h"
static int circuit_send_first_onion_skin(origin_circuit_t *circ);
static int circuit_build_no_more_hops(origin_circuit_t *circ);
@@ -841,7 +843,10 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
* using the TAP handshake, and CREATE2 otherwise. */
if (extend_info_supports_ntor(ei)) {
*cell_type_out = CELL_CREATE2;
-if (ei->supports_ntor3_and_param_negotiation)
+/* Only use ntor v3 with exits that support congestion control,
+ * and only when it is enabled. */
+if (ei->exit_supports_congestion_control &&
+congestion_control_enabled())
*handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR_V3;
else
*handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR;
@@ -1263,12 +1268,14 @@ circuit_finish_handshake(origin_circuit_t *circ,
onion_handshake_state_release(>handshake_state);
- // TODO-324: use `params` to initialize the congestion control.
-
if (cpath_init_circuit_crypto(hop, keys, sizeof(keys), 0, 0)<0) {
return -END_CIRC_REASON_TORPROTOCOL;
}
+ if (params.cc_enabled) {
+hop->ccontrol = congestion_control_new();
+ }
+
hop->state = CPATH_STATE_OPEN;
log_info(LD_CIRC,"Finished building circuit hop:");
circuit_log_path(LOG_INFO,LD_CIRC,circ);
@@ -2068,7 +2075,10 @@ onion_pick_cpath_exit(origin_circuit_t *circ,
extend_info_t *exit_ei,
log_warn(LD_CIRC,"Failed to choose an exit server");
return -1;
}
-exit_ei = extend_info_from_node(node, state->onehop_tunnel);
+exit_ei = extend_info_from_node(node, state->onehop_tunnel,
+/* for_exit_use */
+!state->is_internal && TO_CIRCUIT(circ)->purpose ==
+ CIRCUIT_PURPOSE_C_GENERAL);
if (BUG(exit_ei == NULL))
return -1;
}
@@ -2464,7 +2474,7 @@ onion_extend_cpath(origin_circuit_t *circ)
primary address, for potentially connecting to an IPv6 OR
port. Servers always want the primary (IPv4) address. */
int client = (server_mode(get_options()) == 0);
- info = extend_info_from_node(r, client);
+ info = extend_info_from_node(r, client, false);
/* Clients can fail to find an allowed address */
tor_assert_nonfatal(info || client);
}
@@ -2472,7 +2482,7 @@ onion_extend_cpath(origin_circuit_t *circ)
const node_t *r =
choose_good_middle_server(purpose, state, circ->cpath, cur_len);
if (r) {
- info = extend_info_from_node(r, 0);
+ info = extend_info_from_node(r, 0, false);
}
}
@@ -2597,9 +2607,33 @@ client_circ_negotiation_message(const extend_info_t *ei,
size_t *msg_len_out)
{
tor_assert(ei && msg_out && msg_len_out);
- if (! ei->supports_ntor3_and_param_negotiation)
+ circ_params_request_t params = {0};
+ ssize_t msg_len = 0;
+
+ if (! ei->exit_supports_congestion_control)
return -1;
- /* TODO-324: fill in the client message that gets sent. */
- tor_assert_unreached();
+ circ_params_request_set_version(, 0);
+
+ circ_params_request_set_cc_supported(,
+ congestion_control_enabled());
+
+ msg_len = circ_params_request_encoded_len();
+
+ if (msg_len < 0) {
+return -1;
+ }
+
+ *msg_out = tor_malloc_zero(msg_len);
+
+ msg_len = circ_params_request_encode(*msg_out, msg_len, );
+
+ if (msg_len < 0) {
+tor_free(*msg_out);
+return -1;
+ }
+
+ *msg_len_out = (size_t)msg_len;
+
+ return 0;
}
diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c
index 104e898d6c..a259957d37 100644
--- a/src/core/or/circuituse.c
+++ b/src/core/or/circuituse.c
@@ -2427,7 +2427,8 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
/* We might want to connect to an IPv6 bridge for loading
descriptors so we use the preferred address
[tor-commits] [tor/main] Negotiated circuit parameters must pass from worker.
commit a511718a30796e9441cdd066bdce1ad00aaec046
Author: Nick Mathewson
Date: Tue Sep 14 17:06:30 2021 -0400
Negotiated circuit parameters must pass from worker.
---
src/core/crypto/onion_crypto.c | 8
src/core/mainloop/cpuworker.c | 11 +++
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c
index b0808b80a8..390151b5df 100644
--- a/src/core/crypto/onion_crypto.c
+++ b/src/core/crypto/onion_crypto.c
@@ -312,6 +312,14 @@ onion_skin_server_handshake(int type,
* parameters we've just negotiated
*/
+ /* NOTE! DANGER, DANGER, DANGER!
+
+ Remember that this function can be run in a worker thread, and so
+ therefore you can't access "global" state that isn't lock-protected.
+
+ CAVEAT HAXX0R!
+ */
+
tor_free(client_msg);
}
diff --git a/src/core/mainloop/cpuworker.c b/src/core/mainloop/cpuworker.c
index 2f6dae36a8..8da042aa57 100644
--- a/src/core/mainloop/cpuworker.c
+++ b/src/core/mainloop/cpuworker.c
@@ -158,6 +158,8 @@ typedef struct cpuworker_reply_t {
uint8_t keys[CPATH_KEY_MATERIAL_LEN];
/** Input to use for authenticating introduce1 cells. */
uint8_t rend_auth_material[DIGEST_LEN];
+ /** Negotiated circuit parameters. */
+ circuit_params_t circ_params;
} cpuworker_reply_t;
typedef struct cpuworker_job_u_t {
@@ -387,6 +389,10 @@ cpuworker_onion_handshake_replyfn(void *work_)
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
goto done_processing;
}
+
+ /* TODO! We need to use rpl.circ_params here to initialize the congestion
+ control parameters of the circuit. */
+
log_debug(LD_OR,"onionskin_answer succeeded. Yay.");
done_processing:
@@ -416,7 +422,6 @@ cpuworker_onion_handshake_threadfn(void *state_, void
*work_)
const create_cell_t *cc = _cell;
created_cell_t *cell_out = _cell;
struct timeval tv_start = {0,0}, tv_end;
- circuit_params_t params;
int n;
rpl.timed = req.timed;
rpl.started_at = req.started_at;
@@ -430,7 +435,7 @@ cpuworker_onion_handshake_threadfn(void *state_, void
*work_)
sizeof(cell_out->reply),
rpl.keys, CPATH_KEY_MATERIAL_LEN,
rpl.rend_auth_material,
- );
+ _params);
if (n < 0) {
/* failure */
log_debug(LD_OR,"onion_skin_server_handshake failed.");
@@ -454,8 +459,6 @@ cpuworker_onion_handshake_threadfn(void *state_, void
*work_)
rpl.success = 1;
}
- // TODO: pass the parameters back up so we can initialize the cc paremeters.
-
rpl.magic = CPUWORKER_REPLY_MAGIC;
if (req.timed) {
struct timeval tv_diff;
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Add an exported struct to onion handshakes for circuits params
commit 24e8b1ac36bf9148aa656e4eb9e293daa5b4
Author: Nick Mathewson
Date: Tue Sep 14 15:15:30 2021 -0400
Add an exported struct to onion handshakes for circuits params
THis will eventually hold the congestion control parameters that we
negotiated, plus whatever else is relevant.
---
src/core/crypto/onion_crypto.c | 7 ++-
src/core/crypto/onion_crypto.h | 14 +-
src/core/mainloop/cpuworker.c | 7 ++-
src/core/or/circuitbuild.c | 4
src/core/or/command.c | 7 ++-
5 files changed, 35 insertions(+), 4 deletions(-)
diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c
index 66c21bf655..f93c2c8c58 100644
--- a/src/core/crypto/onion_crypto.c
+++ b/src/core/crypto/onion_crypto.c
@@ -183,9 +183,11 @@ onion_skin_server_handshake(int type,
uint8_t *reply_out,
size_t reply_out_maxlen,
uint8_t *keys_out, size_t keys_out_len,
- uint8_t *rend_nonce_out)
+ uint8_t *rend_nonce_out,
+ circuit_params_t *params_out)
{
int r = -1;
+ memset(params_out, 0, sizeof(*params_out)); // TODO: actually set.
switch (type) {
case ONION_HANDSHAKE_TYPE_TAP:
@@ -262,11 +264,14 @@ onion_skin_client_handshake(int type,
const uint8_t *reply, size_t reply_len,
uint8_t *keys_out, size_t keys_out_len,
uint8_t *rend_authenticator_out,
+ circuit_params_t *params_out,
const char **msg_out)
{
if (handshake_state->tag != type)
return -1;
+ memset(params_out, 0, sizeof(*params_out)); // TODO: actually set.
+
switch (type) {
case ONION_HANDSHAKE_TYPE_TAP:
if (reply_len != TAP_ONIONSKIN_REPLY_LEN) {
diff --git a/src/core/crypto/onion_crypto.h b/src/core/crypto/onion_crypto.h
index bf25552b83..af8dd1f03f 100644
--- a/src/core/crypto/onion_crypto.h
+++ b/src/core/crypto/onion_crypto.h
@@ -22,6 +22,16 @@ typedef struct server_onion_keys_t {
void onion_handshake_state_release(onion_handshake_state_t *state);
+/**
+ * Parameters negotiated as part of a circuit handshake.
+ */
+typedef struct circuit_params_t {
+ /* placeholder field for congestion control algorithm. Right now this
+ * is always set to zero */
+ int cc_algorithm;
+ int cc_window;
+} circuit_params_t;
+
int onion_skin_create(int type,
const extend_info_t *node,
onion_handshake_state_t *state_out,
@@ -33,12 +43,14 @@ int onion_skin_server_handshake(int type,
uint8_t *reply_out,
size_t reply_out_maxlen,
uint8_t *keys_out, size_t key_out_len,
- uint8_t *rend_nonce_out);
+ uint8_t *rend_nonce_out,
+ circuit_params_t *negotiated_params_out);
int onion_skin_client_handshake(int type,
const onion_handshake_state_t *handshake_state,
const uint8_t *reply, size_t reply_len,
uint8_t *keys_out, size_t key_out_len,
uint8_t *rend_authenticator_out,
+ circuit_params_t *negotiated_params_out,
const char **msg_out);
server_onion_keys_t *server_onion_keys_new(void);
diff --git a/src/core/mainloop/cpuworker.c b/src/core/mainloop/cpuworker.c
index b7b09784fa..2f6dae36a8 100644
--- a/src/core/mainloop/cpuworker.c
+++ b/src/core/mainloop/cpuworker.c
@@ -416,6 +416,7 @@ cpuworker_onion_handshake_threadfn(void *state_, void
*work_)
const create_cell_t *cc = _cell;
created_cell_t *cell_out = _cell;
struct timeval tv_start = {0,0}, tv_end;
+ circuit_params_t params;
int n;
rpl.timed = req.timed;
rpl.started_at = req.started_at;
@@ -428,7 +429,8 @@ cpuworker_onion_handshake_threadfn(void *state_, void
*work_)
cell_out->reply,
sizeof(cell_out->reply),
rpl.keys, CPATH_KEY_MATERIAL_LEN,
- rpl.rend_auth_material);
+ rpl.rend_auth_material,
+ );
if (n < 0) {
/* failure */
log_debug(LD_OR,"onion_skin_server_handshake failed.");
@@ -451,6 +453,9 @@ cpuworker_onion_handshake_threadfn(void *state_, void
*work_)
}
rpl.success = 1;
}
+
+ // TODO: pass the parameters back up so we can initialize the cc paremeters.
+
rpl.magic = CPUWORKER_REPLY_MAGIC;
if (req.timed) {
struct timeval tv_diff;
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index dc8d888c97..f67fe196e5 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -1242,6 +1242,7 @@ circuit_finish_handshake(origin_circuit_t *circ,
}
tor_assert(hop->state ==
[tor-commits] [tor/main] Add a size argument for the buffer on onion handshake functions
commit 358ce9a19d522d1e1cf9a119850e924ca106fec5
Author: Nick Mathewson
Date: Tue Sep 14 14:19:22 2021 -0400
Add a size argument for the buffer on onion handshake functions
---
src/core/crypto/onion_crypto.c | 19 ---
src/core/crypto/onion_crypto.h | 4 +++-
src/core/mainloop/cpuworker.c | 1 +
src/core/or/circuitbuild.c | 6 --
src/core/or/command.c | 1 +
5 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c
index f85ee2c82b..66c21bf655 100644
--- a/src/core/crypto/onion_crypto.c
+++ b/src/core/crypto/onion_crypto.c
@@ -103,19 +103,23 @@ onion_handshake_state_release(onion_handshake_state_t
*state)
/** Perform the first step of a circuit-creation handshake of type type
* (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in
- * onion_skin_out, and store any state information in state_out.
+ * onion_skin_out with length of up to onion_skin_out_maxlen,
+ * and store any state information in state_out.
* Return -1 on failure, and the length of the onionskin on acceptance.
*/
int
onion_skin_create(int type,
const extend_info_t *node,
onion_handshake_state_t *state_out,
- uint8_t *onion_skin_out)
+ uint8_t *onion_skin_out,
+ size_t onion_skin_out_maxlen)
{
int r = -1;
switch (type) {
case ONION_HANDSHAKE_TYPE_TAP:
+if (onion_skin_out_maxlen < TAP_ONIONSKIN_CHALLENGE_LEN)
+ return -1;
if (!node->onion_key)
return -1;
@@ -133,7 +137,9 @@ onion_skin_create(int type,
r = CREATE_FAST_LEN;
break;
case ONION_HANDSHAKE_TYPE_NTOR:
-if (!extend_info_supports_ntor(node))
+if (onion_skin_out_maxlen < NTOR_ONIONSKIN_LEN)
+ return -1;
+ if (!extend_info_supports_ntor(node))
return -1;
if (onion_skin_ntor_create((const uint8_t*)node->identity_digest,
>curve25519_onion_key,
@@ -175,6 +181,7 @@ onion_skin_server_handshake(int type,
const uint8_t *onion_skin, size_t onionskin_len,
const server_onion_keys_t *keys,
uint8_t *reply_out,
+ size_t reply_out_maxlen,
uint8_t *keys_out, size_t keys_out_len,
uint8_t *rend_nonce_out)
{
@@ -182,6 +189,8 @@ onion_skin_server_handshake(int type,
switch (type) {
case ONION_HANDSHAKE_TYPE_TAP:
+if (reply_out_maxlen < TAP_ONIONSKIN_REPLY_LEN)
+ return -1;
if (onionskin_len != TAP_ONIONSKIN_CHALLENGE_LEN)
return -1;
if (onion_skin_TAP_server_handshake((const char*)onion_skin,
@@ -193,6 +202,8 @@ onion_skin_server_handshake(int type,
memcpy(rend_nonce_out, reply_out+DH1024_KEY_LEN, DIGEST_LEN);
break;
case ONION_HANDSHAKE_TYPE_FAST:
+if (reply_out_maxlen < CREATED_FAST_LEN)
+ return -1;
if (onionskin_len != CREATE_FAST_LEN)
return -1;
if (fast_server_handshake(onion_skin, reply_out, keys_out, keys_out_len)<0)
@@ -201,6 +212,8 @@ onion_skin_server_handshake(int type,
memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
break;
case ONION_HANDSHAKE_TYPE_NTOR:
+if (reply_out_maxlen < NTOR_REPLY_LEN)
+ return -1;
if (onionskin_len < NTOR_ONIONSKIN_LEN)
return -1;
{
diff --git a/src/core/crypto/onion_crypto.h b/src/core/crypto/onion_crypto.h
index 68cd465cf7..bf25552b83 100644
--- a/src/core/crypto/onion_crypto.h
+++ b/src/core/crypto/onion_crypto.h
@@ -25,11 +25,13 @@ void onion_handshake_state_release(onion_handshake_state_t
*state);
int onion_skin_create(int type,
const extend_info_t *node,
onion_handshake_state_t *state_out,
- uint8_t *onion_skin_out);
+ uint8_t *onion_skin_out,
+ size_t onion_skin_out_maxlen);
int onion_skin_server_handshake(int type,
const uint8_t *onion_skin, size_t onionskin_len,
const server_onion_keys_t *keys,
uint8_t *reply_out,
+ size_t reply_out_maxlen,
uint8_t *keys_out, size_t key_out_len,
uint8_t *rend_nonce_out);
int onion_skin_client_handshake(int type,
diff --git a/src/core/mainloop/cpuworker.c b/src/core/mainloop/cpuworker.c
index 17855b8567..b7b09784fa 100644
--- a/src/core/mainloop/cpuworker.c
+++ b/src/core/mainloop/cpuworker.c
@@ -426,6 +426,7 @@ cpuworker_onion_handshake_threadfn(void *state_, void
*work_)
cc->onionskin, cc->handshake_len,
onion_keys,
cell_out->reply,
+ sizeof(cell_out->reply),
rpl.keys, CPATH_KEY_MATERIAL_LEN,
[tor-commits] [tor/main] Use protover to signal support for ntor3 + congestion control.
commit baaabb503c9c9fc81e0d95b2d5baeefef7423b7a
Author: Nick Mathewson
Date: Tue Sep 14 16:31:48 2021 -0400
Use protover to signal support for ntor3 + congestion control.
---
src/core/or/circuituse.c | 3 ++-
src/core/or/extendinfo.c | 14 ++
src/core/or/extendinfo.h | 3 ++-
src/core/or/or.h | 4
src/core/or/protover.c | 2 ++
src/core/or/versions.c | 9 +
src/feature/hs/hs_common.c | 6 +-
src/feature/nodelist/nodelist.c| 2 +-
src/feature/relay/circuitbuild_relay.c | 3 ++-
src/feature/relay/selftest.c | 3 ++-
src/test/test_circuitpadding.c | 2 +-
src/test/test_hs_client.c | 8
12 files changed, 44 insertions(+), 15 deletions(-)
diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c
index 2ec391eca0..104e898d6c 100644
--- a/src/core/or/circuituse.c
+++ b/src/core/or/circuituse.c
@@ -2462,7 +2462,8 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
digest,
NULL, /* Ed25519 ID */
NULL, NULL, /* onion keys */
- , conn->socks_request->port);
+ , conn->socks_request->port,
+ NULL);
} else { /* ! (want_onehop && conn->chosen_exit_name[0] == '$') */
/* We will need an onion key for the router, and we
* don't have one. Refuse or relax requirements. */
diff --git a/src/core/or/extendinfo.c b/src/core/or/extendinfo.c
index f33e887e7d..ca2288e0a4 100644
--- a/src/core/or/extendinfo.c
+++ b/src/core/or/extendinfo.c
@@ -35,7 +35,8 @@ extend_info_new(const char *nickname,
const ed25519_public_key_t *ed_id,
crypto_pk_t *onion_key,
const curve25519_public_key_t *ntor_key,
-const tor_addr_t *addr, uint16_t port)
+const tor_addr_t *addr, uint16_t port,
+const protover_summary_flags_t *pv)
{
extend_info_t *info = tor_malloc_zero(sizeof(extend_info_t));
if (rsa_id_digest)
@@ -57,7 +58,10 @@ extend_info_new(const char *nickname,
extend_info_add_orport(info, addr, port);
}
- info->supports_ntor3_and_param_negotiation = false; // TODO: set this.
+ if (pv) {
+info->supports_ntor3_and_param_negotiation =
+ pv->supports_ntor3_and_param_negotiation;
+ }
return info;
}
@@ -152,7 +156,8 @@ extend_info_from_node(const node_t *node, int
for_direct_connect)
rsa_pubkey,
curve_pubkey,
,
- ap.port);
+ ap.port,
+ >ri->pv);
} else if (valid_addr && node->rs && node->md) {
info = extend_info_new(node->rs->nickname,
node->identity,
@@ -160,7 +165,8 @@ extend_info_from_node(const node_t *node, int
for_direct_connect)
rsa_pubkey,
curve_pubkey,
,
- ap.port);
+ ap.port,
+ >rs->pv);
}
crypto_pk_free(rsa_pubkey);
diff --git a/src/core/or/extendinfo.h b/src/core/or/extendinfo.h
index ffe8317431..8781cc7047 100644
--- a/src/core/or/extendinfo.h
+++ b/src/core/or/extendinfo.h
@@ -17,7 +17,8 @@ extend_info_t *extend_info_new(const char *nickname,
const struct ed25519_public_key_t *ed_id,
crypto_pk_t *onion_key,
const struct curve25519_public_key_t *ntor_key,
- const tor_addr_t *addr, uint16_t port);
+ const tor_addr_t *addr, uint16_t port,
+ const struct protover_summary_flags_t *pv);
extend_info_t *extend_info_from_node(const node_t *r, int for_direct_connect);
extend_info_t *extend_info_dup(extend_info_t *info);
void extend_info_free_(extend_info_t *info);
diff --git a/src/core/or/or.h b/src/core/or/or.h
index 3911797563..409f4a0fea 100644
--- a/src/core/or/or.h
+++ b/src/core/or/or.h
@@ -732,6 +732,10 @@ typedef struct protover_summary_flags_t {
* negotiate hs circuit setup padding. Requires Padding=2. */
unsigned int supports_hs_setup_padding : 1;
+ /** True iff this router supports ntor3 _and_ supports negotiating
+ * additional circuit parameters via the handshake used in ntor3.
+ */
+ unsigned int supports_ntor3_and_param_negotiation : 1;
} protover_summary_flags_t;
typedef struct routerinfo_t routerinfo_t;
diff --git a/src/core/or/protover.c b/src/core/or/protover.c
index bd9cc60115..63e9a33b72 100644
--- a/src/core/or/protover.c
+++
[tor-commits] [tor/main] Implement core of ntor3 negotiation.
commit bd2e9a44097ff85934bc1c34f4fce2017a7a92c8
Author: Nick Mathewson
Date: Tue Sep 14 15:01:45 2021 -0400
Implement core of ntor3 negotiation.
There are a lot of TODOs about what to send, whom to send it to, and
etc.
---
src/core/crypto/onion_crypto.c| 136 ++
src/core/crypto/onion_crypto.h| 3 +
src/core/or/circuitbuild.c| 26 +++-
src/core/or/circuitbuild.h| 4 ++
src/core/or/crypt_path_st.h | 3 +
src/core/or/extend_info_st.h | 3 +
src/core/or/extendinfo.c | 12
src/core/or/extendinfo.h | 1 +
src/core/or/or.h | 3 +-
src/feature/relay/relay_metrics.c | 2 +
10 files changed, 191 insertions(+), 2 deletions(-)
diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c
index f93c2c8c58..b0808b80a8 100644
--- a/src/core/crypto/onion_crypto.c
+++ b/src/core/crypto/onion_crypto.c
@@ -35,14 +35,25 @@
#include "core/crypto/onion_crypto.h"
#include "core/crypto/onion_fast.h"
#include "core/crypto/onion_ntor.h"
+#include "core/crypto/onion_ntor_v3.h"
#include "core/crypto/onion_tap.h"
#include "feature/relay/router.h"
#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_util.h"
+#include "feature/relay/routerkeys.h"
+
+#include "core/or/circuitbuild.h"
#include "core/or/crypt_path_st.h"
#include "core/or/extend_info_st.h"
+/* TODO: Add this to the specification! */
+const uint8_t NTOR3_CIRC_VERIFICATION[] = "circuit extend";
+const size_t NTOR3_CIRC_VERIFICATION_LEN = 14;
+
+#define NTOR3_VERIFICATION_ARGS \
+ NTOR3_CIRC_VERIFICATION, NTOR3_CIRC_VERIFICATION_LEN
+
/** Return a new server_onion_keys_t object with all of the keys
* and other info we might need to do onion handshakes. (We make a copy of
* our keys for each cpuworker to avoid race conditions with the main thread,
@@ -52,6 +63,7 @@ server_onion_keys_new(void)
{
server_onion_keys_t *keys = tor_malloc_zero(sizeof(server_onion_keys_t));
memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN);
+ ed25519_pubkey_copy(>my_ed_identity, get_master_identity_key());
dup_onion_keys(>onion_key, >last_onion_key);
keys->curve25519_key_map = construct_ntor_key_map();
keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t));
@@ -91,6 +103,9 @@ onion_handshake_state_release(onion_handshake_state_t *state)
ntor_handshake_state_free(state->u.ntor);
state->u.ntor = NULL;
break;
+ case ONION_HANDSHAKE_TYPE_NTOR_V3:
+ntor3_handshake_state_free(state->u.ntor3);
+break;
default:
/* LCOV_EXCL_START
* This state should not even exist. */
@@ -149,6 +164,37 @@ onion_skin_create(int type,
r = NTOR_ONIONSKIN_LEN;
break;
+ case ONION_HANDSHAKE_TYPE_NTOR_V3:
+if (!extend_info_supports_ntor_v3(node))
+ return -1;
+if (ed25519_public_key_is_zero(>ed_identity))
+ return -1;
+size_t msg_len = 0;
+uint8_t *msg = NULL;
+if (client_circ_negotiation_message(node, , _len) < 0)
+ return -1;
+uint8_t *onion_skin = NULL;
+size_t onion_skin_len = 0;
+int status = onion_skin_ntor3_create(
+ >ed_identity,
+ >curve25519_onion_key,
+ NTOR3_VERIFICATION_ARGS,
+ msg, msg_len, /* client message */
+ _out->u.ntor3,
+ _skin, _skin_len);
+tor_free(msg);
+if (status < 0) {
+ return -1;
+}
+if (onion_skin_len > onion_skin_out_maxlen) {
+ tor_free(onion_skin);
+ return -1;
+}
+memcpy(onion_skin_out, onion_skin, onion_skin_len);
+tor_free(onion_skin);
+r = (int) onion_skin_len;
+break;
+
default:
/* LCOV_EXCL_START
* We should never try to create an impossible handshake type. */
@@ -238,6 +284,64 @@ onion_skin_server_handshake(int type,
r = NTOR_REPLY_LEN;
}
break;
+ case ONION_HANDSHAKE_TYPE_NTOR_V3: {
+size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
+tor_assert(keys_tmp_len <= MAX_KEYS_TMP_LEN);
+uint8_t keys_tmp[MAX_KEYS_TMP_LEN];
+uint8_t *client_msg = NULL;
+size_t client_msg_len = 0;
+ntor3_server_handshake_state_t *state = NULL;
+
+if (onion_skin_ntor3_server_handshake_part1(
+ keys->curve25519_key_map,
+ keys->junk_keypair,
+ >my_ed_identity,
+ onion_skin, onionskin_len,
+ NTOR3_VERIFICATION_ARGS,
+ _msg, _msg_len,
+ ) < 0) {
+ return -1;
+}
+
+uint8_t reply_msg[1] = { 0 };
+size_t reply_msg_len = 1;
+{
+ /* TODO, Okay, we have a message from the client trying to negotiate
+ * parameters. We need to decide whether the client's request is
+ * okay, what we're going to say in response, and what circuit
+ * parameters we've just negotiated
+ */
[tor-commits] [tor/main] dirauth: Reject EOL 0.3.5.x relays
commit 7eb543787873230e4fd51da42b74a9a771840cd9
Author: David Goulet
Date: Mon Feb 14 13:40:45 2022 -0500
dirauth: Reject EOL 0.3.5.x relays
Closes #40559
Signed-off-by: David Goulet
---
changes/ticket40559 | 2 ++
src/feature/dirauth/process_descs.c | 17 ++---
src/test/test_process_descs.c | 7 ---
3 files changed, 8 insertions(+), 18 deletions(-)
diff --git a/changes/ticket40559 b/changes/ticket40559
new file mode 100644
index 00..9aa464f446
--- /dev/null
+++ b/changes/ticket40559
@@ -0,0 +1,2 @@
+ o Minor feature (authority, relay):
+- Reject End-Of-Life relays running version 0.3.5.x. Closes ticket 40559.
diff --git a/src/feature/dirauth/process_descs.c
b/src/feature/dirauth/process_descs.c
index a75f516dca..7d61247e23 100644
--- a/src/feature/dirauth/process_descs.c
+++ b/src/feature/dirauth/process_descs.c
@@ -404,21 +404,8 @@ dirserv_rejects_tor_version(const char *platform,
static const char please_upgrade_string[] =
"Tor version is insecure or unsupported. Please upgrade!";
- /* Versions before Tor 0.3.5 are unsupported.
- *
- * Also, reject unstable versions of 0.3.5, since (as of this writing)
- * they are almost none of the network. */
- if (!tor_version_as_new_as(platform,"0.3.5.7")) {
-if (msg)
- *msg = please_upgrade_string;
-return true;
- }
-
- /* Series between Tor 0.3.6.x and 0.4.5.5-rc inclusive are unsupported.
- * Reject them. 0.3.6.0-alpha-dev only existed for a short time, before it
- * was renamed to 0.4.0.0-alpha-dev. */
- if (tor_version_as_new_as(platform,"0.3.6.0-alpha-dev") &&
- !tor_version_as_new_as(platform,"0.4.5.6")) {
+ /* Anything before 0.4.5.6 is unsupported. Reject them. */
+ if (!tor_version_as_new_as(platform,"0.4.5.6")) {
if (msg) {
*msg = please_upgrade_string;
}
diff --git a/src/test/test_process_descs.c b/src/test/test_process_descs.c
index 5503fc69ee..1471bec18e 100644
--- a/src/test/test_process_descs.c
+++ b/src/test/test_process_descs.c
@@ -21,9 +21,9 @@ test_process_descs_versions(void *arg)
// a non-tor program: don't reject.
{ "Wombat 0.1.2.3-alpha", false },
// some unsupported versions: reject.
+{ "Tor 0.2.9.100", true },
{ "Tor 0.2.9.4-alpha", true },
{ "Tor 0.2.9.5-alpha", true },
-{ "Tor 0.2.9.100", true },
{ "Tor 0.3.0.0-alpha-dev", true },
{ "Tor 0.3.0.2-alpha", true },
{ "Tor 0.3.0.5", true },
@@ -34,6 +34,8 @@ test_process_descs_versions(void *arg)
{ "Tor 0.3.4.100", true },
{ "Tor 0.3.5.1-alpha", true },
{ "Tor 0.3.5.6-rc", true},
+{ "Tor 0.3.5.7", true },
+{ "Tor 0.3.5.8", true },
{ "Tor 0.4.0.1-alpha", true },
{ "Tor 0.4.0.5", true },
{ "Tor 0.4.1.1-alpha", true },
@@ -47,12 +49,11 @@ test_process_descs_versions(void *arg)
{ "Tor 0.4.4.9", true },
{ "Tor 0.4.5.5-rc", true },
// new enough to be supported
-{ "Tor 0.3.5.7", false },
-{ "Tor 0.3.5.8", false },
{ "Tor 0.4.5.6", false },
{ "Tor 0.4.6.0-alpha-dev", false },
{ "Tor 0.4.6.5", false },
{ "Tor 0.4.7.0-alpha-dev", false },
+{ "Tor 0.4.7.3-alpha", false },
// Very far in the future
{ "Tor 100.100.1.5", false },
};
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Merge branch 'tor-gitlab/mr/531'
commit d057f45c6c446023eb368e8dab6b0d0a9d1c0d1d Merge: ea48ddc955 7eb5437878 Author: David Goulet Date: Wed Feb 16 13:59:37 2022 -0500 Merge branch 'tor-gitlab/mr/531' changes/ticket40559 | 2 ++ src/feature/dirauth/process_descs.c | 17 ++--- src/test/test_process_descs.c | 7 --- 3 files changed, 8 insertions(+), 18 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] dns: Do not trigger overload general on DNS timeout
commit ea48ddc9552ecfc73d3b2186c05ee15cd7cc361d
Author: David Goulet
Date: Mon Feb 14 13:20:53 2022 -0500
dns: Do not trigger overload general on DNS timeout
This was missed in #40527 when the DNS timeout overload general signal
was removed.
Closes #40564
Signed-off-by: David Goulet
---
changes/ticket40564 | 4
src/feature/relay/dns.c | 10 --
2 files changed, 4 insertions(+), 10 deletions(-)
diff --git a/changes/ticket40564 b/changes/ticket40564
new file mode 100644
index 00..2f805bdef5
--- /dev/null
+++ b/changes/ticket40564
@@ -0,0 +1,4 @@
+ o Major bugfixes (relay, overload):
+- Do not trigger a general overload on DNS timeout. Even after fixing
+ 40527, some code remained that triggered the overload. Fixes bug 40564;
+ bugfix on 0.4.7.1-alpha.
diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c
index c6e0439338..180f2cbdd1 100644
--- a/src/feature/relay/dns.c
+++ b/src/feature/relay/dns.c
@@ -1539,16 +1539,6 @@ evdns_callback(int result, char type, int count, int
ttl, void *addresses,
tor_addr_make_unspec();
- /* Note down any DNS errors to the statistics module */
- if (result == DNS_ERR_TIMEOUT) {
-/* libevent timed out while resolving a name. However, because libevent
- * handles retries and timeouts internally, this means that all attempts of
- * libevent timed out. If we wanted to get more granular information about
- * individual libevent attempts, we would have to implement our own DNS
- * timeout/retry logic */
-rep_hist_note_overload(OVERLOAD_GENERAL);
- }
-
/* Keep track of whether IPv6 is working */
if (type == DNS_IPv6_) {
if (result == DNS_ERR_TIMEOUT) {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] conn: add ClientHello Padding TLS extension
commit f1387b398c130eac740b759db5101d8c469114d5 Author: pseudonymisaTor <1397-pseudonymisa...@gitlab.torproject.org> Date: Sun Jan 23 09:24:28 2022 + conn: add ClientHello Padding TLS extension --- src/lib/tls/tortls_openssl.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c index d59d65d995..77de2d6a11 100644 --- a/src/lib/tls/tortls_openssl.c +++ b/src/lib/tls/tortls_openssl.c @@ -701,6 +701,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, /* let us realloc bufs that we're writing from */ SSL_CTX_set_mode(result->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); +#ifdef SSL_OP_TLSEXT_PADDING + /* Adds a padding extension to ensure the ClientHello size is never between + * 256 and 511 bytes in length. */ + SSL_CTX_set_options(result->ctx, SSL_OP_TLSEXT_PADDING); +#endif + return result; error: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Merge branch 'tor-gitlab/mr/518'
commit 52d1c1fd311c9d552b32108a7e92ea2be76e090c Merge: 763d72238d f1387b398c Author: David Goulet Date: Wed Feb 9 10:36:26 2022 -0500 Merge branch 'tor-gitlab/mr/518' src/lib/tls/tortls_openssl.c | 6 ++ 1 file changed, 6 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] nss: Don't write empty payload on the wire
commit 9bf4a9e18a244dd9930a906e92d1f33bbc3bbf13
Author: David Goulet
Date: Tue Feb 8 09:30:50 2022 -0500
nss: Don't write empty payload on the wire
Part of #40548
Signed-off-by: David Goulet
---
src/lib/tls/tortls_nss.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index b1007c6218..392747e930 100644
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -588,6 +588,10 @@ tor_tls_write(tor_tls_t *tls, const char *cp, size_t n)
tor_assert(cp || n == 0);
tor_assert(n < INT_MAX);
+ if (n == 0) {
+return 0;
+ }
+
PRInt32 rv = PR_Write(tls->ssl, cp, (int)n);
// log_debug(LD_NET, "PR_Write(%zu) returned %d", n, (int)rv);
if (rv > 0) {
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] kist: Don't try to flush empty outbuf
commit 763d72238d84ff5c2c0a889d15f25a145046c9e5
Author: David Goulet
Date: Tue Feb 8 09:31:17 2022 -0500
kist: Don't try to flush empty outbuf
It is possible that a scheduled channel ended up with 0 bytes in its
outbuf after the scheduling loop and having an outbuf table entry
indicating that we need to flush bytes on the wire after the loop.
This lead to attempt to write 0 bytes up to the TLS layer that would
prevent such action.
All in all, this fixes wasted CPU cycles on attempting to flush nothing.
Fixes #40548
Signed-off-by: David Goulet
---
changes/ticket40548 | 4
src/core/or/scheduler_kist.c | 12 ++--
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/changes/ticket40548 b/changes/ticket40548
new file mode 100644
index 00..277bb577a4
--- /dev/null
+++ b/changes/ticket40548
@@ -0,0 +1,4 @@
+ o Minor bugfixes (cell scheduling):
+- Don't attempt to write 0 bytes after a cell scheduling loop. No empty
+ payload was put on the wire. Fixes bug 40548; bugfix on 0.3.5.1-alpha.
+- Avoid writing empty payload with NSS write.
diff --git a/src/core/or/scheduler_kist.c b/src/core/or/scheduler_kist.c
index eba55f6497..52bc62f1b4 100644
--- a/src/core/or/scheduler_kist.c
+++ b/src/core/or/scheduler_kist.c
@@ -465,9 +465,17 @@ MOCK_IMPL(int, channel_should_write_to_kernel,
MOCK_IMPL(void, channel_write_to_kernel, (channel_t *chan))
{
tor_assert(chan);
+
+ /* This is possible because a channel might have an outbuf table entry even
+ * though it has no more cells in its outbuf. Just move on. */
+ size_t outbuf_len = channel_outbuf_length(chan);
+ if (outbuf_len == 0) {
+return;
+ }
+
log_debug(LD_SCHED, "Writing %lu bytes to kernel for chan %" PRIu64,
-(unsigned long)channel_outbuf_length(chan),
-chan->global_identifier);
+(unsigned long) outbuf_len, chan->global_identifier);
+
/* Note that 'connection_handle_write()' may change the scheduler state of
* the channel during the scheduling loop with
* 'connection_or_flushed_some()' -> 'scheduler_channel_wants_writes()'.
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] makefile: New README.md file name
commit 4c1a9b335f8abcfd989884c72b53299b7d91eced Author: David Goulet Date: Mon Feb 7 10:07:33 2022 -0500 makefile: New README.md file name Signed-off-by: David Goulet --- Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index b059496688..280047a71b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -186,7 +186,7 @@ EXTRA_DIST+= \ INSTALL \ LICENSE \ Makefile.nmake \ - README \ + README.md \ ReleaseNotes\ scripts/build/combine_libs \ scripts/maint/checkIncludes.py \ @@ -584,7 +584,7 @@ check-typos: $(top_srcdir)/doc \ $(top_srcdir)/contrib \ $(top_srcdir)/scripts \ - $(top_srcdir)/README \ + $(top_srcdir)/README.md \ $(top_srcdir)/ChangeLog \ $(top_srcdir)/INSTALL \ $(top_srcdir)/ReleaseNotes \ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] changelog: Forward port 0.4.5 and 0.4.6 ChangeLogs
commit 24b6b12224a328d4db340f912cdd606d8f8e2bc5 Author: David Goulet Date: Fri Feb 4 12:54:42 2022 -0500 changelog: Forward port 0.4.5 and 0.4.6 ChangeLogs Signed-off-by: David Goulet --- ChangeLog | 80 +++ 1 file changed, 80 insertions(+) diff --git a/ChangeLog b/ChangeLog index fd1cd934f1..26b733547f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,83 @@ +Changes in version 0.4.6.10 - 2022-02-04 + This version contains minor bugfixes but one in particular is that relays + don't advertise onion service v2 support at the protocol version level. + + o Minor features (fallbackdir): +- Regenerate fallback directories generated on February 04, 2022. + + o Minor features (geoip data): +- Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/04. + + o Minor bugfix (logging): +- Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): +- Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (MetricsPort, Prometheus): +- Add double quotes to the label values of the onion service + metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. + + +Changes in version 0.4.5.12 - 2022-02-04 + This version contains mostly minor bugfixes for which you can find the + details below. The previous release (0.4.5.11) was suppose to update the + GeoIP and fallbackdir lists but a problem in our release pipeline prevented + those files to be updated correctly. Thus, this release regenerates up to + date lists. Furthermore, another fix to highlight is that relays don't + advertise onion service v2 support at the protocol version level. + + o Minor feature (reproducible build): +- The repository can now build reproducible tarballs which adds the + build command "make dist-reprod" for that purpose. Closes + ticket 26299. + + o Minor features (compilation): +- Give an error message if trying to build with a version of + LibreSSL known not to work with Tor. (There's an incompatibility + with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of + their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes + ticket 40511. + + o Minor features (fallbackdir): +- Regenerate fallback directories generated on February 04, 2022. + + o Minor features (geoip data): +- Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/04. + + o Minor bugfix (logging): +- Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): +- Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (compilation): +- Fix a compilation error when trying to build Tor with a compiler + that does not support expanding statitically initialized const + values in macro's. Fixes bug 40410; bugfix on 0.4.5.1-alpha +- Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than + to change whether we suppress deprecated API warnings. Fixes bug + 40429; bugfix on 0.3.5.13. + + o Minor bugfixes (MetricsPort, Prometheus): +- Add double quotes to the label values of the onion service + metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay): +- Reject IPv6-only DirPorts. Our reachability self-test forces + DirPorts to be IPv4, but our configuration parser allowed them to + be IPv6-only, which led to an assertion failure. Fixes bug 40494; + bugfix on 0.4.5.1-alpha. + Changes in version 0.4.7.3-alpha - 2021-12-15 This third alpha release of the 0.4.7.x series fixes several bugs including two major ones affecting Bridges and Relays (see below). If you are running ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Remove unmaintained versions from CI and scripts
commit 2176354e223a51399afab4bd0a0b57e09f4e0c72
Author: David Goulet
Date: Fri Feb 4 13:00:56 2022 -0500
Remove unmaintained versions from CI and scripts
Signed-off-by: David Goulet
---
.gitlab-ci.yml | 24
scripts/ci/ci-driver.sh | 16
scripts/git/git-list-tor-branches.sh | 3 ---
3 files changed, 43 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c6bcf38c54..b27e75855a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -188,18 +188,6 @@ debian-tracing:
DISTCHECK: "yes"
script:
- ./scripts/ci/ci-driver.sh
- # Ensure that we only run tracing when it's implemented.
- #
- # Once versions before 0.4.5 are obsolete, we can remove this test.
- rules:
-# This first "if" check prevents us from running a duplicate version of
-# this pipeline whenever we push and create an MR. I don't understand why
-# it is necessary, though the following URL purports to explain:
-#
-# https://docs.gitlab.com/ee/ci/yaml/#prevent-duplicate-pipelines
-- if: '$CI_PIPELINE_SOURCE == "push"'
- exists:
-- src/lib/trace/trace_sys.c
#
# No-authority mode
@@ -220,18 +208,6 @@ debian-disable-relay:
DISABLE_RELAY: "yes"
script:
- ./scripts/ci/ci-driver.sh
- # Ensure that we only run tracing when it's implemented.
- #
- # Once versions before 0.4.3 are obsolete, we can remove this test.
- rules:
-# This first "if" check prevents us from running a duplicate version of
-# this pipeline whenever we push and create an MR. I don't understand why
-# it is necessary, though the following URL purports to explain:
-#
-# https://docs.gitlab.com/ee/ci/yaml/#prevent-duplicate-pipelines
-- if: '$CI_PIPELINE_SOURCE == "push"'
- exists:
-- src/feature/relay/relay_stub.c
#
# NSS check on debian
diff --git a/scripts/ci/ci-driver.sh b/scripts/ci/ci-driver.sh
index c9f63c2f40..09696924ba 100755
--- a/scripts/ci/ci-driver.sh
+++ b/scripts/ci/ci-driver.sh
@@ -293,22 +293,6 @@ TOR_VER_AT_LEAST_044=no
# These are the currently supported Tor versions; no need to work with anything
# ancient in this script.
case "$TOR_VERSION" in
-0.3.*)
-TOR_VER_AT_LEAST_043=no
-TOR_VER_AT_LEAST_044=no
-;;
-0.4.[012].*)
-TOR_VER_AT_LEAST_043=no
-TOR_VER_AT_LEAST_044=no
-;;
-0.4.3.*)
-TOR_VER_AT_LEAST_043=yes
-TOR_VER_AT_LEAST_044=no
-;;
-0.4.4.*)
-TOR_VER_AT_LEAST_043=yes
-TOR_VER_AT_LEAST_044=yes
-;;
0.4.5.*)
TOR_VER_AT_LEAST_043=yes
TOR_VER_AT_LEAST_044=yes
diff --git a/scripts/git/git-list-tor-branches.sh
b/scripts/git/git-list-tor-branches.sh
index 29e91dd1b6..d7142620d7 100755
--- a/scripts/git/git-list-tor-branches.sh
+++ b/scripts/git/git-list-tor-branches.sh
@@ -143,9 +143,6 @@ finish() {
# List of all branches. These must be in order, from oldest to newest, with
# maint before release.
-branch maint-0.3.5
-branch release-0.3.5
-
branch maint-0.4.5
branch release-0.4.5
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] Merge branch 'maint-0.4.5' into maint-0.4.6
commit a2be0c590cafbe12578e15ddac6eb4a0625587f6 Merge: 81a4f92b64 92b4e4d041 Author: David Goulet Date: Fri Feb 4 12:36:19 2022 -0500 Merge branch 'maint-0.4.5' into maint-0.4.6 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] version: Bump version to 0.4.6.10-dev
commit 5afdc851b2096f046503e63d9465d3c2c3ffba9a
Author: Tor CI Release
Date: Fri Feb 4 16:29:20 2022 +
version: Bump version to 0.4.6.10-dev
---
configure.ac| 4 ++--
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h| 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 58be6dd0a3..75e76d9075 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.6.10])
+AC_INIT([tor],[0.4.6.10-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -18,7 +18,7 @@ AC_DEFINE_UNQUOTED([CONFIG_FLAGS], ["$configure_flags"],
[Flags passed to config
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.6.10
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.6.10-dev
[Approximate date when this software was released. (Updated when the
version changes.)])
# "foreign" means we don't follow GNU package layout standards
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index 9c375a50e0..31579e7041 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.4.6.10"
+!define VERSION "0.4.6.10-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/;
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 890b2b7274..6c8997e5fb 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -217,7 +217,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.4.6.10"
+#define VERSION "0.4.6.10-dev"
#define HAVE_STRUCT_SOCKADDR_IN6
#define HAVE_STRUCT_IN6_ADDR
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] Merge branch 'maint-0.4.6' into release-0.4.6
commit 4c58953fc21108fc7cc6ebce1ee4f21d535e95fa Merge: 22fd351cf5 5afdc851b2 Author: David Goulet Date: Fri Feb 4 12:36:45 2022 -0500 Merge branch 'maint-0.4.6' into release-0.4.6 configure.ac| 4 ++-- contrib/win32build/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h| 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] version: Bump version to 0.4.5.12-dev
commit 92b4e4d04127bfdca4a3c869953e9fdf640729c7
Author: Tor CI Release
Date: Fri Feb 4 16:29:20 2022 +
version: Bump version to 0.4.5.12-dev
---
configure.ac| 4 ++--
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h| 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index b0044a1b15..b0ceb8a1f2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.5.12])
+AC_INIT([tor],[0.4.5.12-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -16,7 +16,7 @@ configure_flags="$*"
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.5.12
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.5.12-dev
[Approximate date when this software was released. (Updated when the
version changes.)])
# "foreign" means we don't follow GNU package layout standards
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index a7c7791919..9e5729e4e0 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.4.5.12"
+!define VERSION "0.4.5.12-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/;
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 431c372152..a244ce4698 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -217,7 +217,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.4.5.12"
+#define VERSION "0.4.5.12-dev"
#define HAVE_STRUCT_SOCKADDR_IN6
#define HAVE_STRUCT_IN6_ADDR
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] version: Bump version to 0.4.5.12-dev
commit 92b4e4d04127bfdca4a3c869953e9fdf640729c7
Author: Tor CI Release
Date: Fri Feb 4 16:29:20 2022 +
version: Bump version to 0.4.5.12-dev
---
configure.ac| 4 ++--
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h| 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index b0044a1b15..b0ceb8a1f2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.5.12])
+AC_INIT([tor],[0.4.5.12-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -16,7 +16,7 @@ configure_flags="$*"
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.5.12
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.5.12-dev
[Approximate date when this software was released. (Updated when the
version changes.)])
# "foreign" means we don't follow GNU package layout standards
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index a7c7791919..9e5729e4e0 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.4.5.12"
+!define VERSION "0.4.5.12-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/;
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 431c372152..a244ce4698 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -217,7 +217,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.4.5.12"
+#define VERSION "0.4.5.12-dev"
#define HAVE_STRUCT_SOCKADDR_IN6
#define HAVE_STRUCT_IN6_ADDR
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.6] version: Bump version to 0.4.6.10-dev
commit 5afdc851b2096f046503e63d9465d3c2c3ffba9a
Author: Tor CI Release
Date: Fri Feb 4 16:29:20 2022 +
version: Bump version to 0.4.6.10-dev
---
configure.ac| 4 ++--
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h| 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 58be6dd0a3..75e76d9075 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.6.10])
+AC_INIT([tor],[0.4.6.10-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -18,7 +18,7 @@ AC_DEFINE_UNQUOTED([CONFIG_FLAGS], ["$configure_flags"],
[Flags passed to config
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.6.10
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.6.10-dev
[Approximate date when this software was released. (Updated when the
version changes.)])
# "foreign" means we don't follow GNU package layout standards
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index 9c375a50e0..31579e7041 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.4.6.10"
+!define VERSION "0.4.6.10-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/;
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 890b2b7274..6c8997e5fb 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -217,7 +217,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.4.6.10"
+#define VERSION "0.4.6.10-dev"
#define HAVE_STRUCT_SOCKADDR_IN6
#define HAVE_STRUCT_IN6_ADDR
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Merge branch 'maint-0.4.5' into release-0.4.5
commit ac5533cea7e630eb3de342793a4866ff2bc86f91 Merge: 3d3c4b6dd5 92b4e4d041 Author: David Goulet Date: Fri Feb 4 12:36:44 2022 -0500 Merge branch 'maint-0.4.5' into release-0.4.5 configure.ac| 4 ++-- contrib/win32build/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h| 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.6] version: Bump version to 0.4.5.12-dev
commit 92b4e4d04127bfdca4a3c869953e9fdf640729c7
Author: Tor CI Release
Date: Fri Feb 4 16:29:20 2022 +
version: Bump version to 0.4.5.12-dev
---
configure.ac| 4 ++--
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h| 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index b0044a1b15..b0ceb8a1f2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.5.12])
+AC_INIT([tor],[0.4.5.12-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -16,7 +16,7 @@ configure_flags="$*"
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.5.12
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.5.12-dev
[Approximate date when this software was released. (Updated when the
version changes.)])
# "foreign" means we don't follow GNU package layout standards
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index a7c7791919..9e5729e4e0 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.4.5.12"
+!define VERSION "0.4.5.12-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/;
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 431c372152..a244ce4698 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -217,7 +217,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.4.5.12"
+#define VERSION "0.4.5.12-dev"
#define HAVE_STRUCT_SOCKADDR_IN6
#define HAVE_STRUCT_IN6_ADDR
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.6] Merge branch 'maint-0.4.5' into maint-0.4.6
commit a2be0c590cafbe12578e15ddac6eb4a0625587f6 Merge: 81a4f92b64 92b4e4d041 Author: David Goulet Date: Fri Feb 4 12:36:19 2022 -0500 Merge branch 'maint-0.4.5' into maint-0.4.6 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] version: Bump version to 0.4.6.10-dev
commit 5afdc851b2096f046503e63d9465d3c2c3ffba9a
Author: Tor CI Release
Date: Fri Feb 4 16:29:20 2022 +
version: Bump version to 0.4.6.10-dev
---
configure.ac| 4 ++--
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h| 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 58be6dd0a3..75e76d9075 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.6.10])
+AC_INIT([tor],[0.4.6.10-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -18,7 +18,7 @@ AC_DEFINE_UNQUOTED([CONFIG_FLAGS], ["$configure_flags"],
[Flags passed to config
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.6.10
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.6.10-dev
[Approximate date when this software was released. (Updated when the
version changes.)])
# "foreign" means we don't follow GNU package layout standards
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index 9c375a50e0..31579e7041 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.4.6.10"
+!define VERSION "0.4.6.10-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/;
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 890b2b7274..6c8997e5fb 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -217,7 +217,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.4.6.10"
+#define VERSION "0.4.6.10-dev"
#define HAVE_STRUCT_SOCKADDR_IN6
#define HAVE_STRUCT_IN6_ADDR
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] version: Bump version to 0.4.5.12-dev
commit 92b4e4d04127bfdca4a3c869953e9fdf640729c7
Author: Tor CI Release
Date: Fri Feb 4 16:29:20 2022 +
version: Bump version to 0.4.5.12-dev
---
configure.ac| 4 ++--
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h| 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index b0044a1b15..b0ceb8a1f2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.5.12])
+AC_INIT([tor],[0.4.5.12-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -16,7 +16,7 @@ configure_flags="$*"
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.5.12
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.5.12-dev
[Approximate date when this software was released. (Updated when the
version changes.)])
# "foreign" means we don't follow GNU package layout standards
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index a7c7791919..9e5729e4e0 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.4.5.12"
+!define VERSION "0.4.5.12-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/;
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 431c372152..a244ce4698 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -217,7 +217,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.4.5.12"
+#define VERSION "0.4.5.12-dev"
#define HAVE_STRUCT_SOCKADDR_IN6
#define HAVE_STRUCT_IN6_ADDR
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Merge branch 'maint-0.4.5' into maint-0.4.6
commit a2be0c590cafbe12578e15ddac6eb4a0625587f6 Merge: 81a4f92b64 92b4e4d041 Author: David Goulet Date: Fri Feb 4 12:36:19 2022 -0500 Merge branch 'maint-0.4.5' into maint-0.4.6 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] Merge branch 'maint-0.4.6'
commit d770e20b4fb7dd517870f0ef33b480a9b7d84ddd Merge: 3f613b09fa 5afdc851b2 Author: David Goulet Date: Fri Feb 4 12:36:40 2022 -0500 Merge branch 'maint-0.4.6' ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/main] version: Bump version to 0.4.5.12-dev
commit 92b4e4d04127bfdca4a3c869953e9fdf640729c7
Author: Tor CI Release
Date: Fri Feb 4 16:29:20 2022 +
version: Bump version to 0.4.5.12-dev
---
configure.ac| 4 ++--
contrib/win32build/tor-mingw.nsi.in | 2 +-
src/win32/orconfig.h| 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index b0044a1b15..b0ceb8a1f2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.5.12])
+AC_INIT([tor],[0.4.5.12-dev])
AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
AC_CONFIG_MACRO_DIR([m4])
@@ -16,7 +16,7 @@ configure_flags="$*"
# version number changes. Tor uses it to make sure that it
# only shuts down for missing "required protocols" when those protocols
# are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.5.12
+AC_DEFINE(APPROX_RELEASE_DATE, ["2022-02-04"], # for 0.4.5.12-dev
[Approximate date when this software was released. (Updated when the
version changes.)])
# "foreign" means we don't follow GNU package layout standards
diff --git a/contrib/win32build/tor-mingw.nsi.in
b/contrib/win32build/tor-mingw.nsi.in
index a7c7791919..9e5729e4e0 100644
--- a/contrib/win32build/tor-mingw.nsi.in
+++ b/contrib/win32build/tor-mingw.nsi.in
@@ -8,7 +8,7 @@
!include "LogicLib.nsh"
!include "FileFunc.nsh"
!insertmacro GetParameters
-!define VERSION "0.4.5.12"
+!define VERSION "0.4.5.12-dev"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/;
!define LICENSE "LICENSE"
diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h
index 431c372152..a244ce4698 100644
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@@ -217,7 +217,7 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
-#define VERSION "0.4.5.12"
+#define VERSION "0.4.5.12-dev"
#define HAVE_STRUCT_SOCKADDR_IN6
#define HAVE_STRUCT_IN6_ADDR
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.6] release: ChangeLog and ReleaseNotes for 0.4.6.10
commit 22fd351cf582aa2bef85c6768f0d66cf0e21a305 Author: Tor CI Release Date: Fri Feb 4 16:00:38 2022 + release: ChangeLog and ReleaseNotes for 0.4.6.10 --- ChangeLog | 25 + ReleaseNotes| 25 + changes/fallbackdirs-2022-02-04 | 2 -- changes/geoip-2022-02-04| 3 --- changes/ticket40509 | 4 changes/ticket40544 | 3 --- changes/ticket40552 | 3 --- 7 files changed, 50 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index 224b4c0f8c..a7ec7ed1e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,28 @@ +Changes in version 0.4.6.10 - 2022-02-04 + This version contains minor bugfixes but one in particular is that relays + don't advertise onion service v2 support at the protocol version level. + + o Minor features (fallbackdir): +- Regenerate fallback directories generated on February 04, 2022. + + o Minor features (geoip data): +- Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/04. + + o Minor bugfix (logging): +- Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): +- Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (MetricsPort, Prometheus): +- Add double quotes to the label values of the onion service + metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. + + Changes in version 0.4.6.9 - 2021-12-15 This version fixes several bugs from earlier versions of Tor. One important piece is the removal of DNS timeout metric from the overload general signal. diff --git a/ReleaseNotes b/ReleaseNotes index 15d2bef03c..341219da8e 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,31 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.6.10 - 2022-02-04 + This version contains minor bugfixes but one in particular is that relays + don't advertise onion service v2 support at the protocol version level. + + o Minor features (fallbackdir): +- Regenerate fallback directories generated on February 04, 2022. + + o Minor features (geoip data): +- Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/04. + + o Minor bugfix (logging): +- Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): +- Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (MetricsPort, Prometheus): +- Add double quotes to the label values of the onion service + metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. + + Changes in version 0.4.6.9 - 2021-12-15 This version fixes several bugs from earlier versions of Tor. One important piece is the removal of DNS timeout metric from the overload general signal. diff --git a/changes/fallbackdirs-2022-02-04 b/changes/fallbackdirs-2022-02-04 deleted file mode 100644 index 3d4ec28fe9..00 --- a/changes/fallbackdirs-2022-02-04 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): -- Regenerate fallback directories generated on February 04, 2022. diff --git a/changes/geoip-2022-02-04 b/changes/geoip-2022-02-04 deleted file mode 100644 index 41921da85f..00 --- a/changes/geoip-2022-02-04 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): -- Update the geoip files to match the IPFire Location Database, - as retrieved on 2022/02/04. diff --git a/changes/ticket40509 b/changes/ticket40509 deleted file mode 100644 index ba4502ff3b..00 --- a/changes/ticket40509 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (relay): -- Remove the HSDir and HSIntro onion service v2 protocol versions so relay - stop advertising that they support them. Fixes bug 40509; bugfix on - 0.3.5.17. diff --git a/changes/ticket40544 b/changes/ticket40544 deleted file mode 100644 index b0754f0fd4..00 --- a/changes/ticket40544 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (logging): -- Update a log notice dead URL to a working one. Fixes bug 40544; bugfix on - 0.3.5.1-alpha. diff --git a/changes/ticket40552 b/changes/ticket40552 deleted file mode 100644 index 7811f3a743..00 --- a/changes/ticket40552 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (MetricsPort, Prometheus): -- Add double quotes to the label values of the onion service metrics. Fixes - bug 40552; bugfix on 0.4.5.1-alpha. ___
[tor-commits] [tor/release-0.4.6] Merge branch 'maint-0.4.6' into release-0.4.6
commit 2bd52e2adc36a678ebd4b04ebbb7e5f00484348b Merge: 8390aa1c44 81a4f92b64 Author: David Goulet Date: Fri Feb 4 11:10:07 2022 -0500 Merge branch 'maint-0.4.6' into release-0.4.6 configure.ac| 4 ++-- contrib/win32build/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h| 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
