mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
Merge branch 'maint-0.2.9' into maint-0.3.0
This commit is contained in:
commit
766d0a2d98
9
changes/bug21394
Normal file
9
changes/bug21394
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
o Major bugfixes (Exit nodes):
|
||||||
|
- Fix an issue causing high-bandwidth exit nodes to fail a majority
|
||||||
|
or all of their DNS requests, making them basically unsuitable for
|
||||||
|
regular usage in Tor circuits. The problem is related to
|
||||||
|
libevent's DNS handling, but we can work around it in Tor. Fixes
|
||||||
|
bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced
|
||||||
|
eventdns. Credit goes to Dhalgren for identifying and finding a
|
||||||
|
workaround to this bug and to gamambel, arthuredelstein and
|
||||||
|
arma in helping to track it down and analyze it.
|
23
src/or/dns.c
23
src/or/dns.c
@ -1425,14 +1425,31 @@ configure_nameservers(int force)
|
|||||||
|
|
||||||
#define SET(k,v) evdns_base_set_option(the_evdns_base, (k), (v))
|
#define SET(k,v) evdns_base_set_option(the_evdns_base, (k), (v))
|
||||||
|
|
||||||
|
// If we only have one nameserver, it does not make sense to back off
|
||||||
|
// from it for a timeout. Unfortunately, the value for max-timeouts is
|
||||||
|
// currently clamped by libevent to 255, but it does not hurt to set
|
||||||
|
// it higher in case libevent gets a patch for this.
|
||||||
|
// Reducing attempts in the case of just one name server too, because
|
||||||
|
// it is very likely to be a local one where a network connectivity
|
||||||
|
// issue should not cause an attempt to fail.
|
||||||
if (evdns_base_count_nameservers(the_evdns_base) == 1) {
|
if (evdns_base_count_nameservers(the_evdns_base) == 1) {
|
||||||
SET("max-timeouts:", "16");
|
SET("max-timeouts:", "1000000");
|
||||||
SET("timeout:", "10");
|
SET("attempts:", "1");
|
||||||
} else {
|
} else {
|
||||||
SET("max-timeouts:", "3");
|
SET("max-timeouts:", "3");
|
||||||
SET("timeout:", "5");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Elongate the queue of maximum inflight dns requests, so if a bunch
|
||||||
|
// time out at the resolver (happens commonly with unbound) we won't
|
||||||
|
// stall every other DNS request. This potentially means some wasted
|
||||||
|
// CPU as there's a walk over a linear queue involved, but this is a
|
||||||
|
// much better tradeoff compared to just failing DNS requests because
|
||||||
|
// of a full queue.
|
||||||
|
SET("max-inflight:", "8192");
|
||||||
|
|
||||||
|
// Time out after 5 seconds if no reply.
|
||||||
|
SET("timeout:", "5");
|
||||||
|
|
||||||
if (options->ServerDNSRandomizeCase)
|
if (options->ServerDNSRandomizeCase)
|
||||||
SET("randomize-case:", "1");
|
SET("randomize-case:", "1");
|
||||||
else
|
else
|
||||||
|
Loading…
Reference in New Issue
Block a user