tor-commits June 2012

tor-commits@lists.torproject.org

17 participants
880 discussions

[tor/master] another little step at making debugging 5458 easier
by arma＠torproject.org 15 Jun '12

15 Jun '12

commit a1caa96f9bff7e95cabad688d36a941b599d0e2a Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Jun 15 03:58:47 2012 -0400 another little step at making debugging 5458 easier --- src/or/circuitbuild.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 01eeb14..65fcaf4 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2295,9 +2295,9 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) if (guard) { guard->circuit_successes++; - log_info(LD_PROTOCOL, "Got success count %u/%u for guard %s", + log_info(LD_PROTOCOL, "Got success count %u/%u for guard %s=%s", guard->circuit_successes, guard->first_hops, - guard->nickname); + guard->nickname, hex_str(guard->identity, DIGEST_LEN)); if (guard->first_hops < guard->circuit_successes) { log_warn(LD_BUG, "Unexpectedly high circuit_successes (%u/%u) "

1 0

[tor/master] tab-man returneth (this time using the name 'rob')
by arma＠torproject.org 15 Jun '12

15 Jun '12

commit 5625812f9abc5f13dbaa12e89553ac636e23794d Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Jun 15 03:28:18 2012 -0400 tab-man returneth (this time using the name 'rob') --- src/or/main.c | 11 ++++++----- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/or/main.c b/src/or/main.c index 5c5dbf1..d9d64ce 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -849,11 +849,12 @@ conn_close_if_marked(int i) (int)conn->s)); conn->timestamp_lastwritten = now; /* reset so we can flush more */ } else if (sz == 0) { /* retval is also 0 */ - /* Connection must flush before closing, but it's being rate-limited. - Let's remove from Libevent, and mark it as blocked on bandwidth so it - will be re-added on next token bucket refill. Prevents busy Libevent - loops where we keep ending up here and returning 0 until we are no - longer blocked on bandwidth. */ + /* Connection must flush before closing, but it's being rate-limited. + * Let's remove from Libevent, and mark it as blocked on bandwidth + * so it will be re-added on next token bucket refill. Prevents + * busy Libevent loops where we keep ending up here and returning + * 0 until we are no longer blocked on bandwidth. + */ if (connection_is_writing(conn)) { conn->write_blocked_on_bw = 1; connection_stop_writing(conn);

1 0

[tor/master] fix typos, logic error, default in man page
by arma＠torproject.org 15 Jun '12

15 Jun '12

commit 427d4dd1480b00f443e211377bf8c9d12a759876 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Jun 15 03:25:27 2012 -0400 fix typos, logic error, default in man page --- doc/tor.1.txt | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 65bdcfd..feb7215 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1096,9 +1096,9 @@ The following options are useful only for clients (that is, if "auto" (recommended) then it is on for all clients that do not set FetchUselessDescriptors. (Default: auto) -**PathBiasCircTheshold** __NUM__ + +**PathBiasCircThreshold** __NUM__ + -**PathBiasNoticeRate** __NUM.__ + +**PathBiasNoticeRate** __NUM__ + **PathBiasDisableRate** __NUM__ + @@ -1112,7 +1112,7 @@ The following options are useful only for clients (that is, if PathBiasCircThreshold option controls how many circuits we need to build through a guard before we make these checks. The PathBiasNoticeRate and PathBiasDisableRate options control what fraction of circuits must - succeed through a guard before we will warn about it or disable it, + succeed through a guard so we won't warn about it or disable it, respectively. When we have seen more than PathBiasScaleThreshold circuits through a guard, we divide our observations by PathBiasScaleFactor, so that new observations don't get swamped by old @@ -1121,7 +1121,7 @@ The following options are useful only for clients (that is, if By default, or if a negative value is provided for one of these options, Tor uses reasonable defaults from the networkstatus consensus document. If no defaults are available there, these options default to 20, .70, - .50, 200, and 4 respectively. + 0.0, 200, and 4 respectively. SERVER OPTIONS

1 0

[tor/master] bump to 0.2.3.17-beta
by arma＠torproject.org 15 Jun '12

15 Jun '12

commit 4c87e82c6ceacf4ff4c356e15311f075b4454cad Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Jun 15 03:13:00 2012 -0400 bump to 0.2.3.17-beta --- configure.in | 2 +- contrib/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index e690cb2..3249b4b 100644 --- a/configure.in +++ b/configure.in @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2012, The Tor Project, Inc. dnl See LICENSE for licensing information AC_INIT -AM_INIT_AUTOMAKE(tor, 0.2.3.16-alpha-dev) +AM_INIT_AUTOMAKE(tor, 0.2.3.17-beta) AM_CONFIG_HEADER(orconfig.h) AC_CANONICAL_HOST diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index 990301c..e64d5e6 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.3.16-alpha-dev" +!define VERSION "0.2.3.17-beta" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index b28b732..4caa012 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -232,7 +232,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.3.16-alpha-dev" +#define VERSION "0.2.3.17-beta"

1 0

[tor/master] fold in next changes items
by arma＠torproject.org 15 Jun '12

15 Jun '12

commit f56e3122d8978d71ffed73c40c2dc0473dee0b75 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Jun 15 03:10:07 2012 -0400 fold in next changes items --- ChangeLog | 15 +++++++++++++-- changes/bug5458 | 6 ------ changes/bug5589 | 3 --- changes/doc_hush | 3 --- 4 files changed, 13 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1d8401e..b30b29b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -Changes in version 0.2.3.17-beta - 2012-06-1? +Changes in version 0.2.3.17-beta - 2012-06-15 o Major features: - Enable gcc and ld hardening by default. Resolves ticket 5210. - Update TLS cipher list to match Firefox 8 and later. Resolves @@ -54,6 +54,8 @@ Changes in version 0.2.3.17-beta - 2012-06-1? - Correct the manpage's descriptions for the default values of DirReqStatistics and ExtraInfoStatistics. Fixes bug 2865; bugfix on 0.2.3.1-alpha. + - Fix the documentation for the --hush and --quiet command line + options, which changed their behavior back in 0.2.3.3-alpha. - Fix compilation warning with clang 3.1. Fixes bug 6141; bugfix on 0.2.3.11-alpha. @@ -68,8 +70,17 @@ Changes in version 0.2.3.17-beta - 2012-06-1? configured. This can cause surprising behavior: it doesn't send all of Tor's traffic over the HTTPProxy -- it sends unencrypted directory traffic only. Resolves ticket 4663. + - Issue a notice if a guard completes less than 40% of your circuits. + Threshold is configurable by torrc option PathBiasNoticeRate and + consensus parameter pb_noticepct. There is additional, off-by- + default code to disable guards which fail too many circuits. + Addresses ticket 5458. - Update to the June 6 2012 Maxmind GeoLite Country database. + o Code simplifications and refactoring: + - Remove validate_pluggable_transports_config(): its warning + message is now handled by connection_or_connect(). + Changes in version 0.2.2.37 - 2012-06-06 Tor 0.2.2.37 introduces a workaround for a critical renegotiation @@ -217,7 +228,7 @@ Changes in version 0.2.3.16-alpha - 2012-06-05 network is disabled or the nameservers are unconfigurable. Fixes bug 5916; bugfix on Tor 0.1.2.1-alpha (for the unconfigurable nameserver case) and on 0.2.3.9-alpha (for the DisableNetwork case). - - Don't hold a windows file handle open for every file mapping; + - Don't hold a Windows file handle open for every file mapping; the file mapping handle is sufficient. Fixes bug 5951; bugfix on 0.1.2.1-alpha. - Avoid O(n^2) performance characteristics when parsing a large diff --git a/changes/bug5458 b/changes/bug5458 deleted file mode 100644 index a665783..0000000 --- a/changes/bug5458 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features - - Issue a notice if a guard completes less than 40% of your circuits. - Threshold is configurable by torrc option PathBiasNoticeRate - and consensus parameter pb_noticepct. There is additional, off-by- - default code to disable guards which fail too many circuits. - Addresses ticket 5458. diff --git a/changes/bug5589 b/changes/bug5589 deleted file mode 100644 index cbcaaa7..0000000 --- a/changes/bug5589 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplifications and refactoring: - - Remove validate_pluggable_transports_config(): its warning - message is now handled by connection_or_connect(). diff --git a/changes/doc_hush b/changes/doc_hush deleted file mode 100644 index b3a67aa..0000000 --- a/changes/doc_hush +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Fix the documentation for the --hush and --quiet command line options, - which changed their behavior back in 0.2.3.3-alpha.

1 0

[tor/master] For now, never disable any guards.
by nickm＠torproject.org 15 Jun '12

15 Jun '12

commit 61a5730392fb83b78a45c06990a095fca67d7d61 Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Wed Jun 13 16:37:43 2012 -0700 For now, never disable any guards. --- src/or/circuitbuild.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 9969f7e..08ef56f 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2589,7 +2589,8 @@ pathbias_get_notice_rate(const or_options_t *options) static double pathbias_get_disable_rate(const or_options_t *options) { -#define DFLT_PATH_BIAS_DISABLE_PCT 50 +// XXX: This needs tuning based on use + experimentation before we set it +#define DFLT_PATH_BIAS_DISABLE_PCT 0 if (options->PathBiasDisableRate >= 0.0) return options->PathBiasDisableRate; else

1 0

[tor/master] Lower the default path bias notice rate to 40%.
by nickm＠torproject.org 15 Jun '12

15 Jun '12

commit daedae4115dccd314b7aa3ffce642f2ac6123713 Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Thu Jun 14 21:15:08 2012 -0700 Lower the default path bias notice rate to 40%. I saw 72% on a test run with 26 circuits. 70% might be a little close to the line. That, or min_circs is too low and we need to be more patient. We still need to test/simulate more. --- src/or/circuitbuild.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 08ef56f..01eeb14 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2578,7 +2578,7 @@ pathbias_get_min_circs(const or_options_t *options) static double pathbias_get_notice_rate(const or_options_t *options) { -#define DFLT_PATH_BIAS_NOTICE_PCT 70 +#define DFLT_PATH_BIAS_NOTICE_PCT 40 if (options->PathBiasNoticeRate >= 0.0) return options->PathBiasNoticeRate; else

1 0

[tor/master] Defend against entry node path bias attacks
by nickm＠torproject.org 15 Jun '12

15 Jun '12

commit 8d59690033b1cc2b462b2b9ed61ddeaebb6f9ab0 Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Thu May 3 20:15:34 2012 -0700 Defend against entry node path bias attacks The defense counts the circuit failure rate for each guard for the past N circuits. Failure is defined as the ability to complete a first hop, but not finish completing the circuit all the way to the exit. If the failure rate exceeds a certain amount, a notice is emitted. If it exceeds a greater amount, a warn is emitted and the guard is disabled. These values are governed by consensus parameters which we intend to tune as we perform experiments and statistical simulations. --- doc/tor.1.txt | 28 +++++++ src/or/circuitbuild.c | 207 +++++++++++++++++++++++++++++++++++++++++++++++-- src/or/config.c | 16 ++++- src/or/or.h | 11 +++ 4 files changed, 254 insertions(+), 8 deletions(-) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 468ed63..65bdcfd 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1096,6 +1096,34 @@ The following options are useful only for clients (that is, if "auto" (recommended) then it is on for all clients that do not set FetchUselessDescriptors. (Default: auto) +**PathBiasCircTheshold** __NUM__ + + +**PathBiasNoticeRate** __NUM.__ + + +**PathBiasDisableRate** __NUM__ + + +**PathBiasScaleThreshold** __NUM__ + + +**PathBiasScaleFactor** __NUM__:: + These options override the default behavior of Tor's (**currently + experimental**) path bias detection algorithm. To try to find broken or + misbehaving guard nodes, Tor looks for nodes where more than a certain + fraction of circuits through that node fail after the first hop. The + PathBiasCircThreshold option controls how many circuits we need to build + through a guard before we make these checks. The PathBiasNoticeRate and + PathBiasDisableRate options control what fraction of circuits must + succeed through a guard before we will warn about it or disable it, + respectively. When we have seen more than PathBiasScaleThreshold + circuits through a guard, we divide our observations by + PathBiasScaleFactor, so that new observations don't get swamped by old + ones. + + + + By default, or if a negative value is provided for one of these options, + Tor uses reasonable defaults from the networkstatus consensus document. + If no defaults are available there, these options default to 20, .70, + .50, 200, and 4 respectively. + + SERVER OPTIONS -------------- diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 3c72204..9969f7e 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -70,6 +70,10 @@ typedef struct { * router, 1 if we have. */ unsigned int can_retry : 1; /**< Should we retry connecting to this entry, * in spite of having it marked as unreachable?*/ + unsigned int path_bias_notice : 1; /**< Did we alert the user about path bias + * for this node already? */ + unsigned int path_bias_disabled : 1; /**< Have we disabled this node because + * of path bias issues? */ time_t bad_since; /**< 0 if this guard is currently usable, or the time at * which it was observed to become (according to the * directory or the user configuration) unusable. */ @@ -78,6 +82,10 @@ typedef struct { * connect to it. */ time_t last_attempted; /**< 0 if we can connect to this guard, or the time * at which we last failed to connect to it. */ + + unsigned first_hops; /**< Number of first hops this guard has completed */ + unsigned circuit_successes; /**< Number of successfully built circuits using + * this guard as first hop. */ } entry_guard_t; /** Information about a configured bridge. Currently this just matches the @@ -123,6 +131,7 @@ static int count_acceptable_nodes(smartlist_t *routers); static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice); static void entry_guards_changed(void); +static entry_guard_t *entry_guard_get_by_id_digest(const char *digest); static void bridge_free(bridge_info_t *bridge); @@ -2276,8 +2285,28 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) } log_info(LD_CIRC,"circuit built!"); circuit_reset_failure_count(0); - if (circ->build_state->onehop_tunnel) + /* Don't count cannibalized or onehop circs for path bias */ + if (circ->build_state->onehop_tunnel || circ->has_opened) { control_event_bootstrap(BOOTSTRAP_STATUS_REQUESTING_STATUS, 0); + } else { + entry_guard_t *guard = + entry_guard_get_by_id_digest(circ->_base.n_conn->identity_digest); + + if (guard) { + guard->circuit_successes++; + + log_info(LD_PROTOCOL, "Got success count %u/%u for guard %s", + guard->circuit_successes, guard->first_hops, + guard->nickname); + + if (guard->first_hops < guard->circuit_successes) { + log_warn(LD_BUG, "Unexpectedly high circuit_successes (%u/%u) " + "for guard %s", + guard->circuit_successes, guard->first_hops, + guard->nickname); + } + } + } if (!can_complete_circuit && !circ->build_state->onehop_tunnel) { const or_options_t *options = get_options(); can_complete_circuit=1; @@ -2532,6 +2561,115 @@ circuit_init_cpath_crypto(crypt_path_t *cpath, const char *key_data, return 0; } +/** The minimum number of first hop completions before we start + * thinking about warning about path bias and dropping guards */ +static int +pathbias_get_min_circs(const or_options_t *options) +{ +#define DFLT_PATH_BIAS_MIN_CIRC 20 + if (options->PathBiasCircThreshold >= 5) + return options->PathBiasCircThreshold; + else + return networkstatus_get_param(NULL, "pb_mincircs", + DFLT_PATH_BIAS_MIN_CIRC, + 5, INT32_MAX); +} + +static double +pathbias_get_notice_rate(const or_options_t *options) +{ +#define DFLT_PATH_BIAS_NOTICE_PCT 70 + if (options->PathBiasNoticeRate >= 0.0) + return options->PathBiasNoticeRate; + else + return networkstatus_get_param(NULL, "pb_noticepct", + DFLT_PATH_BIAS_NOTICE_PCT, 0, 100)/100.0; +} + +static double +pathbias_get_disable_rate(const or_options_t *options) +{ +#define DFLT_PATH_BIAS_DISABLE_PCT 50 + if (options->PathBiasDisableRate >= 0.0) + return options->PathBiasDisableRate; + else + return networkstatus_get_param(NULL, "pb_disablepct", + DFLT_PATH_BIAS_DISABLE_PCT, 0, 100)/100.0; +} + +static int +pathbias_get_scale_threshold(const or_options_t *options) +{ +#define DFLT_PATH_BIAS_SCALE_THRESHOLD 200 + if (options->PathBiasScaleThreshold >= 2) + return options->PathBiasScaleThreshold; + else + return networkstatus_get_param(NULL, "pb_scalecircs", + DFLT_PATH_BIAS_SCALE_THRESHOLD, 10, + INT32_MAX); +} + +static int +pathbias_get_scale_factor(const or_options_t *options) +{ +#define DFLT_PATH_BIAS_SCALE_FACTOR 4 + if (options->PathBiasScaleFactor >= 1) + return options->PathBiasScaleFactor; + else + return networkstatus_get_param(NULL, "pb_scalefactor", + DFLT_PATH_BIAS_SCALE_THRESHOLD, 1, INT32_MAX); +} + +/** Increment the number of times we successfully extended a circuit to + * 'guard', first checking if the failure rate is high enough that we should + * eliminate the guard. Return -1 if the guard looks no good; return 0 if the + * guard looks fine. */ +static int +entry_guard_inc_first_hop_count(entry_guard_t *guard) +{ + const or_options_t *options = get_options(); + + entry_guards_changed(); + + if (guard->first_hops > (unsigned)pathbias_get_min_circs(options)) { + /* Note: We rely on the < comparison here to allow us to set a 0 + * rate and disable the feature entirely. If refactoring, don't + * change to <= */ + if (guard->circuit_successes/((double)guard->first_hops) + < pathbias_get_disable_rate(options)) { + + log_warn(LD_PROTOCOL, + "Extremely low circuit success rate %u/%u for guard %s=%s. " + "This might indicate an attack, or a bug.", + guard->circuit_successes, guard->first_hops, guard->nickname, + hex_str(guard->identity, DIGEST_LEN)); + + guard->path_bias_disabled = 1; + guard->bad_since = approx_time(); + return -1; + } else if (guard->circuit_successes/((double)guard->first_hops) + < pathbias_get_notice_rate(options) + && !guard->path_bias_notice) { + guard->path_bias_notice = 1; + log_notice(LD_PROTOCOL, + "Low circuit success rate %u/%u for guard %s=%s.", + guard->circuit_successes, guard->first_hops, guard->nickname, + hex_str(guard->identity, DIGEST_LEN)); + } + } + + /* If we get a ton of circuits, just scale everything down */ + if (guard->first_hops > (unsigned)pathbias_get_scale_threshold(options)) { + const int scale_factor = pathbias_get_scale_factor(options); + guard->first_hops /= scale_factor; + guard->circuit_successes /= scale_factor; + } + guard->first_hops++; + log_info(LD_PROTOCOL, "Got success count %u/%u for guard %s", + guard->circuit_successes, guard->first_hops, guard->nickname); + return 0; +} + /** A created or extended cell came back to us on the circuit, and it included * reply as its body. (If reply_type is CELL_CREATED, the body * contains (the second DH key, plus KH). If reply_type is @@ -2549,9 +2687,22 @@ circuit_finish_handshake(origin_circuit_t *circ, uint8_t reply_type, char keys[CPATH_KEY_MATERIAL_LEN]; crypt_path_t *hop; - if (circ->cpath->state == CPATH_STATE_AWAITING_KEYS) + if (circ->cpath->state == CPATH_STATE_AWAITING_KEYS) { hop = circ->cpath; - else { + /* Don't count cannibalized or onehop circs for path bias */ + if (!circ->has_opened && !circ->build_state->onehop_tunnel) { + entry_guard_t *guard; + + guard = entry_guard_get_by_id_digest( + circ->_base.n_conn->identity_digest); + if (guard) { + if (entry_guard_inc_first_hop_count(guard) < 0) { + /* Bogus guard; we already warned. */ + return -END_CIRC_REASON_TORPROTOCOL; + } + } + } + } else { hop = onion_next_hop_in_cpath(circ->cpath); if (!hop) { /* got an extended when we're all done? */ log_warn(LD_PROTOCOL,"got extended when circ already built? Closing."); @@ -3630,6 +3781,8 @@ entry_guard_set_status(entry_guard_t *e, const node_t *node, *reason = "not recommended as a guard"; else if (routerset_contains_node(options->ExcludeNodes, node)) *reason = "excluded"; + else if (e->path_bias_disabled) + *reason = "path-biased"; if (*reason && ! e->bad_since) { /* Router is newly bad. */ @@ -3694,6 +3847,10 @@ entry_is_live(entry_guard_t *e, int need_uptime, int need_capacity, const or_options_t *options = get_options(); tor_assert(msg); + if (e->path_bias_disabled) { + *msg = "path-biased"; + return NULL; + } if (e->bad_since) { *msg = "bad"; return NULL; @@ -3757,8 +3914,8 @@ num_live_entry_guards(void) /** If digest matches the identity of any node in the * entry_guards list, return that node. Else return NULL. */ -static INLINE entry_guard_t * -is_an_entry_guard(const char *digest) +static entry_guard_t * +entry_guard_get_by_id_digest(const char *digest) { SMARTLIST_FOREACH(entry_guards, entry_guard_t *, entry, if (tor_memeq(digest, entry->identity, DIGEST_LEN)) @@ -3844,7 +4001,7 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend) if (chosen) { node = chosen; - entry = is_an_entry_guard(node->identity); + entry = entry_guard_get_by_id_digest(node->identity); if (entry) { if (reset_status) { entry->bad_since = 0; @@ -3988,6 +4145,7 @@ remove_dead_entry_guards(time_t now) for (i = 0; i < smartlist_len(entry_guards); ) { entry_guard_t *entry = smartlist_get(entry_guards, i); if (entry->bad_since && + ! entry->path_bias_disabled && entry->bad_since + ENTRY_GUARD_REMOVE_AFTER < now) { base16_encode(dbuf, sizeof(dbuf), entry->identity, DIGEST_LEN); @@ -4253,7 +4411,7 @@ entry_guards_set_from_config(const or_options_t *options) /* Remove all currently configured guard nodes, excluded nodes, unreachable * nodes, or non-Guard nodes from entry_nodes. */ SMARTLIST_FOREACH_BEGIN(entry_nodes, const node_t *, node) { - if (is_an_entry_guard(node->identity)) { + if (entry_guard_get_by_id_digest(node->identity)) { SMARTLIST_DEL_CURRENT(entry_nodes, node); continue; } else if (routerset_contains_node(options->ExcludeNodes, node)) { @@ -4539,6 +4697,31 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg) continue; } digestmap_set(added_by, d, tor_strdup(line->value+HEX_DIGEST_LEN+1)); + } else if (!strcasecmp(line->key, "EntryGuardPathBias")) { + const or_options_t *options = get_options(); + unsigned hop_cnt, success_cnt; + + if (tor_sscanf(line->value, "%u %u", &success_cnt, &hop_cnt) != 2) { + log_warn(LD_GENERAL, "Unable to parse guard path bias info: " + "Misformated EntryGuardPathBias %s", escaped(line->value)); + continue; + } + + node->first_hops = hop_cnt; + node->circuit_successes = success_cnt; + log_info(LD_GENERAL, "Read %u/%u path bias for node %s", + node->circuit_successes, node->first_hops, node->nickname); + /* Note: We rely on the < comparison here to allow us to set a 0 + * rate and disable the feature entirely. If refactoring, don't + * change to <= */ + if (node->circuit_successes/((double)node->first_hops) + < pathbias_get_disable_rate(options)) { + node->path_bias_disabled = 1; + log_info(LD_GENERAL, + "Path bias is too high (%u/%u); disabling node %s", + node->circuit_successes, node->first_hops, node->nickname); + } + } else { log_warn(LD_BUG, "Unexpected key %s", line->key); } @@ -4563,6 +4746,8 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg) e->chosen_on_date = time(NULL) - crypto_rand_int(3600*24*30); } } + if (node->path_bias_disabled && !node->bad_since) + node->bad_since = time(NULL); }); if (*msg || !set) { @@ -4658,6 +4843,14 @@ entry_guards_update_state(or_state_t *state) d, e->chosen_by_version, t); next = &(line->next); } + if (e->first_hops) { + *next = line = tor_malloc_zero(sizeof(config_line_t)); + line->key = tor_strdup("EntryGuardPathBias"); + tor_asprintf(&line->value, "%u %u", + e->circuit_successes, e->first_hops); + next = &(line->next); + } + }); if (!get_options()->AvoidDiskWrites) or_state_mark_dirty(get_or_state(), 0); diff --git a/src/or/config.c b/src/or/config.c index 782a6e9..03e93e0 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -50,6 +50,7 @@ typedef enum config_type_t { CONFIG_TYPE_STRING = 0, /**< An arbitrary string. */ CONFIG_TYPE_FILENAME, /**< A filename: some prefixes get expanded. */ CONFIG_TYPE_UINT, /**< A non-negative integer less than MAX_INT */ + CONFIG_TYPE_INT, /**< Any integer. */ CONFIG_TYPE_PORT, /**< A port from 1...65535, 0 for "not set", or * "auto". */ CONFIG_TYPE_INTERVAL, /**< A number of seconds, with optional units*/ @@ -354,6 +355,13 @@ static config_var_t _option_vars[] = { V(ORListenAddress, LINELIST, NULL), V(ORPort, LINELIST, NULL), V(OutboundBindAddress, STRING, NULL), + + V(PathBiasCircThreshold, INT, "-1"), + V(PathBiasNoticeRate, DOUBLE, "-1"), + V(PathBiasDisableRate, DOUBLE, "-1"), + V(PathBiasScaleThreshold, INT, "-1"), + V(PathBiasScaleFactor, INT, "-1"), + OBSOLETE("PathlenCoinWeight"), V(PerConnBWBurst, MEMUNIT, "0"), V(PerConnBWRate, MEMUNIT, "0"), @@ -498,6 +506,7 @@ static config_var_t _state_vars[] = { VAR("EntryGuardDownSince", LINELIST_S, EntryGuards, NULL), VAR("EntryGuardUnlistedSince", LINELIST_S, EntryGuards, NULL), VAR("EntryGuardAddedBy", LINELIST_S, EntryGuards, NULL), + VAR("EntryGuardPathBias", LINELIST_S, EntryGuards, NULL), V(EntryGuards, LINELIST_V, NULL), VAR("TransportProxy", LINELIST_S, TransportProxies, NULL), @@ -2114,8 +2123,10 @@ config_assign_value(const config_format_t *fmt, or_options_t *options, break; } /* fall through */ + case CONFIG_TYPE_INT: case CONFIG_TYPE_UINT: - i = (int)tor_parse_long(c->value, 10, 0, + i = (int)tor_parse_long(c->value, 10, + var->type==CONFIG_TYPE_INT ? INT_MIN : 0, var->type==CONFIG_TYPE_PORT ? 65535 : INT_MAX, &ok, NULL); if (!ok) { @@ -2498,6 +2509,7 @@ get_assigned_option(const config_format_t *fmt, const void *options, case CONFIG_TYPE_INTERVAL: case CONFIG_TYPE_MSEC_INTERVAL: case CONFIG_TYPE_UINT: + case CONFIG_TYPE_INT: /* This means every or_options_t uint or bool element * needs to be an int. Not, say, a uint16_t or char. */ tor_asprintf(&result->value, "%d", *(int*)value); @@ -2741,6 +2753,7 @@ option_clear(const config_format_t *fmt, or_options_t *options, case CONFIG_TYPE_INTERVAL: case CONFIG_TYPE_MSEC_INTERVAL: case CONFIG_TYPE_UINT: + case CONFIG_TYPE_INT: case CONFIG_TYPE_PORT: case CONFIG_TYPE_BOOL: *(int*)lvalue = 0; @@ -7142,6 +7155,7 @@ getinfo_helper_config(control_connection_t *conn, case CONFIG_TYPE_STRING: type = "String"; break; case CONFIG_TYPE_FILENAME: type = "Filename"; break; case CONFIG_TYPE_UINT: type = "Integer"; break; + case CONFIG_TYPE_INT: type = "SignedInteger"; break; case CONFIG_TYPE_PORT: type = "Port"; break; case CONFIG_TYPE_INTERVAL: type = "TimeInterval"; break; case CONFIG_TYPE_MSEC_INTERVAL: type = "TimeMsecInterval"; break; diff --git a/src/or/or.h b/src/or/or.h index 7ff6284..3a53e5e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3550,6 +3550,17 @@ typedef struct { * control ports. */ int DisableNetwork; + /** + * Parameters for path-bias detection. + * @{ + */ + int PathBiasCircThreshold; + double PathBiasNoticeRate; + double PathBiasDisableRate; + int PathBiasScaleThreshold; + int PathBiasScaleFactor; + /** @} */ + } or_options_t; /** Persistent state for an onion router, as saved to disk. */

1 0

[tor/master] Add a changes file for bug5458.
by nickm＠torproject.org 15 Jun '12

15 Jun '12

commit eb2a4be2f7707ca34d63d473a5427640986ca8e0 Author: Mike Perry <mikeperry-git(a)fscked.org> Date: Thu Jun 14 21:31:36 2012 -0700 Add a changes file for bug5458. --- changes/bug5458 | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/changes/bug5458 b/changes/bug5458 new file mode 100644 index 0000000..8c0e372 --- /dev/null +++ b/changes/bug5458 @@ -0,0 +1,4 @@ + o Minor features + - Issue a notice if a guard completes less than 40% of your circuits. + Threshold is configurable by torrc option PathBiasNoticeRate + and consensus parameter pb_noticepct.

1 0

[tor/master] Expand on bug5458 changes file
by nickm＠torproject.org 15 Jun '12

15 Jun '12

commit 4a9498d6825b4cb05c2e5a2e09ca98931bcb8893 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Jun 15 00:45:48 2012 -0400 Expand on bug5458 changes file --- changes/bug5458 | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/changes/bug5458 b/changes/bug5458 index 8c0e372..a665783 100644 --- a/changes/bug5458 +++ b/changes/bug5458 @@ -1,4 +1,6 @@ o Minor features - Issue a notice if a guard completes less than 40% of your circuits. Threshold is configurable by torrc option PathBiasNoticeRate - and consensus parameter pb_noticepct. + and consensus parameter pb_noticepct. There is additional, off-by- + default code to disable guards which fail too many circuits. + Addresses ticket 5458.

1 0

← Newer
1
...
42
43
44
45
46
47
48
...
88
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits June 2012