[tor-dev] Timers in Arti?

Michael Rogers michael at briarproject.org
Tue Jan 9 13:19:21 UTC 2024 

Sorry, I should have said that we're interested in keeping a hidden 
service running. Without that requirement, I agree we could just close 
the guard connection via DisableNetwork after some idle period.

So the question is about keeping circuits alive, and I guess also 
keeping HS descriptors published and the consensus fresh, although 
hopefully the timing requirements for those are a bit looser due to the 
longer timescales involved.

Cheers,
Michael

On 08/01/2024 21:01, Micah Elizabeth Scott wrote:
> A variety of timers are needed on the relay side; on the client side 
> though, aren't you mostly limited by the requirement of keeping a TCP 
> connection open?
> 
> Really deep sleep would involve avoiding any protocol-level keepalives 
> as well as TCP keepalives. This seems a lot like just shutting down the 
> connection to the guard when sleeping; but of course that's got a 
> latency penalty and it's visible to anyone who can see network activity.
> 
> -beth
> 
> On 1/4/24 04:48, Michael Rogers wrote:
> 
>> Hi,
>>
>> If I understand right, the C implementation of Tor has various state 
>> machines that are driven by local libevent timers as well as events 
>> from the network. For example, when building a circuit, if there 
>> hasn't been any progress for a certain amount of time then a timer 
>> fires to handle the timeout.
>>
>> When running Tor on Android, we need to prevent the OS from suspending 
>> so that these timers fire when they're supposed to. This uses a lot of 
>> battery, because normally the OS would spend most of its time 
>> suspended. Unlike a laptop, an Android device with its screen turned 
>> off is constantly dipping in an out of suspension, and a lot of the 
>> platform's power optimisations are aimed at batching whatever work 
>> needs to be done so that the periods of suspension can be longer.
>>
>> If we allowed the OS to suspend then the timers would fire with 
>> arbitrary delays, and I don't really know what impact that would have: 
>> I'd speculate that there might be connectivity problems (eg dead 
>> circuits not being detected and replaced) and/or network-visible 
>> changes in the behaviour of circuits that could affect anonymity.
>>
>> So I've had a longstanding but not-very-hopeful request that maybe 
>> Tor's reliance on timers could be reduced, or at least clarified, so 
>> that we could either allow the OS to suspend without breaking 
>> anything, or at least know what was likely to break.
>>
>> And basically I'd just like to renew that request for Arti. Could 
>> anyone give me an overview of how these local timers are handled in 
>> Arti, or any information about what's likely to happen if the timers 
>> are arbitrarily delayed?
>>
>> Thanks,
>> Michael
>>
>> _______________________________________________
>> tor-dev mailing list
>> tor-dev at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x11044FD19FC527CC.asc
Type: application/pgp-keys
Size: 12048 bytes
Desc: OpenPGP public key
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20240109/a3732633/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20240109/a3732633/attachment.sig>

More information about the tor-dev mailing list