[tor-bugs] #1297 [Tor Hidden Services]: Update hidden service logic to be more resilient to timeout

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Jan 4 06:16:40 UTC 2012


#1297: Update hidden service logic to be more resilient to timeout
------------------------------------+---------------------------------------
    Reporter:  mikeperry            |       Owner:  rransom           
        Type:  defect               |      Status:  needs_review      
    Priority:  major                |   Milestone:  Tor: 0.2.3.x-final
   Component:  Tor Hidden Services  |     Version:  0.2.2.10-alpha    
  Resolution:  None                 |    Keywords:                    
      Parent:  #2552                |      Points:                    
Actualpoints:                       |  
------------------------------------+---------------------------------------

Comment(by rransom):

 Replying to [comment:16 nickm]:
 > Looks good, I think.  Could I have some comments explaining what can
 happen to a circuit once hs_circ_has_timed_out is set on it?  The current
 comments do a good job of explaining when the flag is set, but not the
 allowable transitions out of that state.

 OK.  I'll push a comment change tomorrow.

 > (So, the idea is that a "timed out" circuit is not really timed out, but
 allowed to stick around a little longer in case it works, in which case we
 declare it to be okay?)

 Yes, that's the idea.

 > Why would you want to set CloseHSClientCircuitsImmediatelyOnTimeout ? Is
 it just there for testing, or what?

 The justification for Tor's adaptive-CBT code is that circuits which are
 built more quickly are also ‘faster’ after they are built.  These changes
 will cause clients to use circuits with longer build times, in order to
 decrease the overall time until some circuit is connected to a hidden
 service.  Users who connect to or host latency-sensitive hidden services
 (e.g. IRC) might want to set the options which disable these changes.

 We will also want to use those options to test the impact of this change
 on performance, someday when we have a performance-measurement tool which
 measures the latency on an open circuit (rather than only measuring the
 time until a first request has completed through a Tor client with no
 circuits open).

 > Is there any limit on how many times this code can relaunch circuits on
 timeout for the same request?

 On the client side, HS circuits are relaunched by the existing code in
 `circuit_get_open_circ_or_launch` when it does not find an ‘acceptable’
 circuit to use (as defined by `circuit_is_acceptable`, which never
 considers a circuit with `hs_circ_has_timed_out` set acceptable).  The
 client will continue launching circuits as long as there is an AP
 connection trying to connect to the hidden service and there is an intro
 point remaining to try for the HS.  (Before the last #3825 change, clients
 could keep pounding an intro point for SocksTimeout seconds; now, the
 maximum number of intro circs is five circs per intro point.)

 On the service side, rendezvous circuits are relaunched when they reach
 the normal timeout for four-hop circuits.  The service will stop launching
 circuits to a client's rendezvous point after launching MAX_REND_FAILURES
 circuits (currently 30) or after trying to connect for MAX_REND_TIMEOUT
 seconds (currently 30).  [ticket:4241 MAX_REND_FAILURES is too high], but
 I don't know what number to lower it to yet.

 This change does not increase the number of circuits built for a hidden-
 service connection attempt; it is likely to decrease the number of
 circuits, by decreasing the time before a client successfully connects to
 a hidden service (and thus decreasing the time for which it builds new
 circuits for the HS connection attempt).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1297#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list