From a15eb9ff439623f800de813c1a78eeb5d61f7f5a Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 15 Jan 2018 16:30:55 -0500 Subject: [PATCH 1/3] MAX_REND_FAILURES is 1, but we would try three times Fix an "off by 2" error in counting rendezvous failures on the onion service side. While we thought we would stop the rendezvous attempt after one failed circuit, we were actually making three circuit attempts before giving up. Fixes bug 24895; bugfix on 0.0.6. --- changes/bug24895 | 6 ++++++ src/or/rendservice.c | 5 ++++- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 changes/bug24895 diff --git a/changes/bug24895 b/changes/bug24895 new file mode 100644 index 0000000000..7b90f6d260 --- /dev/null +++ b/changes/bug24895 @@ -0,0 +1,6 @@ + o Major bugfixes (onion services): + - Fix an "off by 2" error in counting rendezvous failures on the + onion service side. While we thought we would stop the rendezvous + attempt after one failed circuit, we were actually making three + circuit attempts before giving up. Fixes bug 24895; bugfix on 0.0.6. + diff --git a/src/or/rendservice.c b/src/or/rendservice.c index a8c383444d..acc431a577 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -2930,8 +2930,11 @@ rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc) } oldcirc->hs_service_side_rend_circ_has_been_relaunched = 1; + /* We check failure_count >= MAX_REND_FAILURES-1 below rather than + * failure_count >= MAX_REND_FAILURES, because we increment the failure + * count for our current failure *after* this clause. */ if (!oldcirc->build_state || - oldcirc->build_state->failure_count > MAX_REND_FAILURES || + oldcirc->build_state->failure_count >= MAX_REND_FAILURES-1 || oldcirc->build_state->expiry_time < time(NULL)) { log_info(LD_REND, "Attempt to build circuit to %s for rendezvous has failed " From cc5a9e96674f39677a65daa2f7a2f5af7ac3106e Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Fri, 19 Jan 2018 02:38:07 -0500 Subject: [PATCH 2/3] turn MAX_REND_FAILURES into a function no actual changes in behavior --- src/or/rendservice.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/or/rendservice.c b/src/or/rendservice.c index acc431a577..b503eda7ff 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -108,13 +108,18 @@ struct rend_service_port_config_s { /** Don't try to build more than this many circuits before giving up * for a while.*/ #define MAX_INTRO_CIRCS_PER_PERIOD 10 -/** How many times will a hidden service operator attempt to connect to - * a requested rendezvous point before giving up? */ -#define MAX_REND_FAILURES 1 /** How many seconds should we spend trying to connect to a requested * rendezvous point before giving up? */ #define MAX_REND_TIMEOUT 30 +/** How many times will a hidden service operator attempt to connect to + * a requested rendezvous point before giving up? */ +static int +get_max_rend_failures(void) +{ + return 1; +} + /* Hidden service directory file names: * new file names should be added to rend_service_add_filenames_to_list() * for sandboxing purposes. */ @@ -2028,7 +2033,8 @@ rend_service_receive_introduction(origin_circuit_t *circuit, /* Launch a circuit to the client's chosen rendezvous point. */ - for (i=0;ihs_service_side_rend_circ_has_been_relaunched = 1; - /* We check failure_count >= MAX_REND_FAILURES-1 below rather than - * failure_count >= MAX_REND_FAILURES, because we increment the failure - * count for our current failure *after* this clause. */ + /* We check failure_count >= get_max_rend_failures()-1 below, and the -1 + * is because we increment the failure count for our current failure + * *after* this clause. */ + int max_rend_failures = get_max_rend_failures() - 1; + if (!oldcirc->build_state || - oldcirc->build_state->failure_count >= MAX_REND_FAILURES-1 || + oldcirc->build_state->failure_count >= max_rend_failures || oldcirc->build_state->expiry_time < time(NULL)) { log_info(LD_REND, "Attempt to build circuit to %s for rendezvous has failed " From 490ae26b24a6b2b8843515425cedabf99801163a Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Fri, 19 Jan 2018 03:00:43 -0500 Subject: [PATCH 3/3] hs: Use hs_service_max_rdv_failures consensus param, defaulting to 2 --- changes/bug24895 | 10 ++++++---- src/or/rendservice.c | 10 +++++++++- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/changes/bug24895 b/changes/bug24895 index 7b90f6d260..7edde94a0b 100644 --- a/changes/bug24895 +++ b/changes/bug24895 @@ -1,6 +1,8 @@ o Major bugfixes (onion services): - - Fix an "off by 2" error in counting rendezvous failures on the - onion service side. While we thought we would stop the rendezvous - attempt after one failed circuit, we were actually making three - circuit attempts before giving up. Fixes bug 24895; bugfix on 0.0.6. + - Fix an "off by 2" error in counting rendezvous failures on the onion + service side. While we thought we would stop the rendezvous attempt + after one failed circuit, we were actually making three circuit attempts + before giving up. Now switch to a default of 2, and allow the consensus + parameter "hs_service_max_rdv_failures" to override. Fixes bug 24895; + bugfix on 0.0.6. diff --git a/src/or/rendservice.c b/src/or/rendservice.c index b503eda7ff..da200d1381 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -111,13 +111,21 @@ struct rend_service_port_config_s { /** How many seconds should we spend trying to connect to a requested * rendezvous point before giving up? */ #define MAX_REND_TIMEOUT 30 +/* Default, minimum and maximum values for the maximum rendezvous failures + * consensus parameter. */ +#define MAX_REND_FAILURES_DEFAULT 2 +#define MAX_REND_FAILURES_MIN 1 +#define MAX_REND_FAILURES_MAX 10 /** How many times will a hidden service operator attempt to connect to * a requested rendezvous point before giving up? */ static int get_max_rend_failures(void) { - return 1; + return networkstatus_get_param(NULL, "hs_service_max_rdv_failures", + MAX_REND_FAILURES_DEFAULT, + MAX_REND_FAILURES_MIN, + MAX_REND_FAILURES_MAX); } /* Hidden service directory file names: