mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Change from first hop accounting to 2nd hop accounting
This has several advantages, including more resilience to ambient failure. I still need to rename all the first_hop vars tho.. Saving that for a separate commit.
This commit is contained in:
parent
fbbf894d4d
commit
04866055e8
@ -1145,6 +1145,34 @@ pathbias_state_to_string(path_state_t state)
|
|||||||
return "unknown";
|
return "unknown";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This function decides if a circuit has progressed far enough to count
|
||||||
|
* as a circuit "attempt". As long as end-to-end tagging is possible,
|
||||||
|
* we assume the adversary will use it over hop-to-hop failure. Therefore,
|
||||||
|
* we only need to account bias for the last hop. This should make us
|
||||||
|
* much more resilient to ambient circuit failure, and also make that
|
||||||
|
* failure easier to measure (we only need to measure Exit failure rates).
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
pathbias_is_new_circ_attempt(origin_circuit_t *circ)
|
||||||
|
{
|
||||||
|
#define N2N_TAGGING_IS_POSSIBLE
|
||||||
|
#ifdef N2N_TAGGING_IS_POSSIBLE
|
||||||
|
/* cpath is a circular list. We want circs with more than one hop,
|
||||||
|
* and the second hop must be waiting for keys still (it's just
|
||||||
|
* about to get them). */
|
||||||
|
return circ->cpath->next != circ->cpath &&
|
||||||
|
circ->cpath->next->state == CPATH_STATE_AWAITING_KEYS;
|
||||||
|
#else
|
||||||
|
/* If tagging attacks are no longer possible, we probably want to
|
||||||
|
* count bias from the first hop. However, one could argue that
|
||||||
|
* timing-based tagging is still more useful than per-hop failure.
|
||||||
|
* In which case, we'd never want to use this.
|
||||||
|
*/
|
||||||
|
return circ->cpath->state == CPATH_STATE_AWAITING_KEYS;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Decide if the path bias code should count a circuit.
|
* Decide if the path bias code should count a circuit.
|
||||||
*
|
*
|
||||||
@ -1219,11 +1247,7 @@ pathbias_count_first_hop(origin_circuit_t *circ)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// XXX: Technically, we could make this only count from the *second* hop..
|
if (pathbias_is_new_circ_attempt(circ)) {
|
||||||
// Until we get per-hop MACs or a lower circ failure rate, this might be
|
|
||||||
// better from a false positive POV. Should we s/first_hop/circ_attempt/g?
|
|
||||||
// Then we can control this check from the consensus.
|
|
||||||
if (circ->cpath->state == CPATH_STATE_AWAITING_KEYS) {
|
|
||||||
/* Help track down the real cause of bug #6475: */
|
/* Help track down the real cause of bug #6475: */
|
||||||
if (circ->has_opened && circ->path_state != PATH_STATE_DID_FIRST_HOP) {
|
if (circ->has_opened && circ->path_state != PATH_STATE_DID_FIRST_HOP) {
|
||||||
if ((rate_msg = rate_limit_log(&first_hop_notice_limit,
|
if ((rate_msg = rate_limit_log(&first_hop_notice_limit,
|
||||||
|
Loading…
Reference in New Issue
Block a user