Commit Graph

38236 Commits

Author SHA1 Message Date
David Goulet
6196e9596a metrics: Add connection socket family to metrics
Adds either ipv4 or ipv6 to the "tor_relay_connections_total" stats.

Closes #40710

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-11-03 13:05:21 -04:00
David Goulet
87e820a0c5 metrics: Add stats for num circ reaching max cell outq
Part of #40708

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-11-03 09:37:38 -04:00
Rasmus Dahlberg
0fe2096144 Clip DNS TTL values once in event callback
This change ensures that other parts of the code base always operate on
the same clipped TTL values, notably without being aware of clipping.
2022-11-01 09:29:19 -04:00
David Goulet
619dd35321 sandbox: Add my-consensus-<flavor-name> to sandbox for dirauth
Fixese #40663

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-31 11:37:43 -04:00
David Goulet
5db238f3e3 thread: Bump max detectable CPU from 16 to 128
Lets take advantage of those beefy machines ;).

Closes #40703

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-28 11:28:43 -04:00
David Goulet
f09b913e18 Merge branch 'tor-gitlab/mr/645' into maint-0.4.7 2022-10-27 11:42:07 -04:00
David Goulet
72f52d2c85 Merge branch 'tor-gitlab/mr/644' into maint-0.4.7 2022-10-27 11:41:43 -04:00
David Goulet
6d40e980fb metrics: Treat relay connections as gauge, not counter
Fixes #40699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-27 11:37:21 -04:00
Mike Perry
b30193416c Changes file for 40683 2022-10-27 15:36:53 +00:00
Alexander Færøy
256339712d Strip "__.SYMDEF*" before re-archiving in combine_libs on macOS and iOS.
This patch changes how combine_libs works on Darwin like platforms to
make sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED`
symbols on the archive before we repack and run ${RANLIB} on the
archive.

See: tpo/core/tor#40683.
2022-10-27 15:18:01 +00:00
David Goulet
504a6da5ab changes: Update changes for ticket 40194
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-27 10:50:37 -04:00
David Goulet
177f3a40eb metrics: Add number of opened circuits to MetricsPort
Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-27 10:48:52 -04:00
David Goulet
1a2d93f72a relay: Add our consensus relay flag to MetricsPort
Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-27 10:48:52 -04:00
David Goulet
48ab17cc72 metrics: Add traffic related stats to MetricsPort
At this commit, bytes read and written are exported.

Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-27 10:48:48 -04:00
David Goulet
cd7be492d1 relay: Add DoS subsystem stats to MetricsPort
Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-27 10:47:56 -04:00
David Goulet
a1c40c8511 metrics: Fix naming and documentation
After nickm's review, minor changes to names and comments.

Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-27 10:45:08 -04:00
David Goulet
06a26f1872 relay: Change the connection metrics name
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 15:16:48 -04:00
David Goulet
00f714b374 relay: Add CC RTT reset stats to MetricsPort
Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 15:16:48 -04:00
David Goulet
e7e18ae914 relay: Add total number of streams seen on MetricsPort
Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 15:16:48 -04:00
David Goulet
98b98fd3ce rephist: Track number of streams seen per type
Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 15:16:48 -04:00
David Goulet
609a82a595 changes: Ticket 40694
Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 15:10:41 -04:00
David Goulet
78c184d2fe hs: Retry service rendezvous on circuit close
Move the retry from circuit_expire_building() to when the offending
circuit is being closed.

Fixes #40695

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 15:10:39 -04:00
David Goulet
5b44a32c59 circ: Get rid of hs_circ_has_timed_out
Logic is too convoluted and we can't efficiently apply a specific
timeout depending on the purpose.

Remove it and instead rely on the right circuit cutoff instead of
keeping this flagged circuit open forever.

Part of #40694

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 15:10:37 -04:00
David Goulet
88b5daf152 circ: Set proper timeout cutoff for HS circuits
Explicitly set the S_CONNECT_REND purpose to a 4-hop cutoff.

As for the established rendezvous circuit waiting on the RENDEZVOUS2,
set one that is very long considering the possible waiting time for the
service to get the request and join our rendezvous.

Part of #40694

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 15:10:34 -04:00
David Goulet
a7aa22a4e7 hs: Retry rdv circuit if repurposed
This can happen if our measurement subsystem decides to snatch it.

Fixes #40696

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 15:05:44 -04:00
David Goulet
0a49e04691 Merge branch 'tor-gitlab/mr/635' into maint-0.4.7 2022-10-26 15:01:40 -04:00
David Goulet
59008c6f51 hs: Change the error for a collapsing client circuit
Change it to an "unreachable" error so the intro point can be retried
and not flagged as a failure and never retried again.

Closes #40692

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 14:56:45 -04:00
David Goulet
a317326aae Merge branch 'maint-0.4.5' into maint-0.4.7 2022-10-26 14:21:41 -04:00
David Goulet
7a851e8983 Merge branch 'tor-gitlab/mr/631' into maint-0.4.5 2022-10-26 14:21:35 -04:00
David Goulet
efad436432 dirauth: Remove Faravahar
Closes #40688

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 14:20:07 -04:00
David Goulet
e19cf2dac6 Merge branch 'maint-0.4.5' into maint-0.4.7 2022-10-26 14:12:51 -04:00
David Goulet
b20f72943e Merge branch 'tor-gitlab/mr/629' into maint-0.4.7 2022-10-26 14:06:33 -04:00
David Goulet
f501564b40 relay: Reduce the minimum circuit cell in queue limit
With congestion control, the flow control window is much lower than the
initial 1000.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 14:05:28 -04:00
David Goulet
a2c034d8f5 dos: Apply circuit creation defenses if circ max queue cell reached
This adds two consensus parameters to control the outbound max circuit
queue cell size limit and how many times it is allowed to reach that
limit for a single client IP.

Closes #40680

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-26 14:05:28 -04:00
Roger Dingledine
bab8375ef5 dir auths now omit Measured= if rs->is_authority
Directory authorities stop voting a consensus "Measured" weight
for relays with the Authority flag. Now these relays will be
considered unmeasured, which should reserve their bandwidth
for their dir auth role and minimize distractions from other roles.

In place of the "Measured" weight, they now include a
"MeasuredButAuthority" weight (not used by anything) so the bandwidth
authority's opinion on this relay can be recorded for posterity.

Resolves ticket 40698.
2022-10-24 04:34:49 -04:00
Roger Dingledine
ea2ba4f5a8 back out most of commit b7992d4f
The AuthDirDontVoteOnDirAuthBandwidth torrc option never worked, and it
was implemented in a way that could have produced consensus conflicts
if it had.

Resolves bug 40700.
2022-10-24 04:34:00 -04:00
Roger Dingledine
e6899dcdf4 fix typo in #40673's changes file 2022-10-20 19:46:27 -04:00
David Goulet
938070f5c4 dirauth: Change dizum IP address
Closes #40687

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-18 10:35:54 -04:00
David Goulet
e86833ade6 Merge branch 'maint-0.4.5' into maint-0.4.7 2022-10-14 09:12:23 -04:00
Nick Mathewson
e531d4d1b9 Fix a completely wrong calculation in mach monotime_init_internal()
Bug 1: We were purporting to calculate milliseconds per tick, when we
*should* have been computing ticks per millisecond.

Bug 2: Instead of computing either one of those, we were _actually_
computing femtoseconds per tick.

These two bugs covered for one another on x86 hardware, where 1 tick
== 1 nanosecond.  But on M1 OSX, 1 tick is about 41 nanoseconds,
causing surprising results.

Fixes bug 40684; bugfix on 0.3.3.1-alpha.
2022-10-13 13:40:10 -04:00
David Goulet
c8d8fa0d36 relay: Add number of rejected connections to MetricsPort
Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-12 09:25:19 -04:00
David Goulet
d543db5ac0 relay: Add connection stats to MetricsPort
This adds the number of created and opened connections to the
MetricsPort for a relay for each connection type and direction.

Output looks like:

  # HELP tor_relay_connections Connections metrics of this relay
  # TYPE tor_relay_connections counter
  tor_relay_connections{type="OR listener",direction="initiated",state="created"} 0
  tor_relay_connections{type="OR listener",direction="received",state="created"} 0
  tor_relay_connections{type="OR listener",direction="initiated",state="opened"} 0
  tor_relay_connections{type="OR listener",direction="received",state="opened"} 0
  tor_relay_connections{type="OR",direction="initiated",state="created"} 5
  tor_relay_connections{type="OR",direction="received",state="created"} 0
  tor_relay_connections{type="OR",direction="initiated",state="opened"} 5
  tor_relay_connections{type="OR",direction="received",state="opened"} 0
  tor_relay_connections{type="Exit",direction="initiated",state="created"} 0
  tor_relay_connections{type="Exit",direction="received",state="created"} 0
  tor_relay_connections{type="Exit",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Exit",direction="received",state="opened"} 0
  tor_relay_connections{type="Socks listener",direction="initiated",state="created"} 0
  tor_relay_connections{type="Socks listener",direction="received",state="created"} 0
  tor_relay_connections{type="Socks listener",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Socks listener",direction="received",state="opened"} 0
  tor_relay_connections{type="Socks",direction="initiated",state="created"} 0
  tor_relay_connections{type="Socks",direction="received",state="created"} 0
  tor_relay_connections{type="Socks",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Socks",direction="received",state="opened"} 0
  tor_relay_connections{type="Directory listener",direction="initiated",state="created"} 0
  tor_relay_connections{type="Directory listener",direction="received",state="created"} 0
  tor_relay_connections{type="Directory listener",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Directory listener",direction="received",state="opened"} 0
  tor_relay_connections{type="Directory",direction="initiated",state="created"} 0
  tor_relay_connections{type="Directory",direction="received",state="created"} 0
  tor_relay_connections{type="Directory",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Directory",direction="received",state="opened"} 0
  tor_relay_connections{type="Control listener",direction="initiated",state="created"} 0
  tor_relay_connections{type="Control listener",direction="received",state="created"} 0
  tor_relay_connections{type="Control listener",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Control listener",direction="received",state="opened"} 0
  tor_relay_connections{type="Control",direction="initiated",state="created"} 0
  tor_relay_connections{type="Control",direction="received",state="created"} 0
  tor_relay_connections{type="Control",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Control",direction="received",state="opened"} 0
  tor_relay_connections{type="Transparent pf/netfilter listener",direction="initiated",state="created"} 0
  tor_relay_connections{type="Transparent pf/netfilter listener",direction="received",state="created"} 0
  tor_relay_connections{type="Transparent pf/netfilter listener",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Transparent pf/netfilter listener",direction="received",state="opened"} 0
  tor_relay_connections{type="Transparent natd listener",direction="initiated",state="created"} 0
  tor_relay_connections{type="Transparent natd listener",direction="received",state="created"} 0
  tor_relay_connections{type="Transparent natd listener",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Transparent natd listener",direction="received",state="opened"} 0
  tor_relay_connections{type="DNS listener",direction="initiated",state="created"} 0
  tor_relay_connections{type="DNS listener",direction="received",state="created"} 0
  tor_relay_connections{type="DNS listener",direction="initiated",state="opened"} 0
  tor_relay_connections{type="DNS listener",direction="received",state="opened"} 0
  tor_relay_connections{type="Extended OR",direction="initiated",state="created"} 0
  tor_relay_connections{type="Extended OR",direction="received",state="created"} 0
  tor_relay_connections{type="Extended OR",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Extended OR",direction="received",state="opened"} 0
  tor_relay_connections{type="Extended OR listener",direction="initiated",state="created"} 0
  tor_relay_connections{type="Extended OR listener",direction="received",state="created"} 0
  tor_relay_connections{type="Extended OR listener",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Extended OR listener",direction="received",state="opened"} 0
  tor_relay_connections{type="HTTP tunnel listener",direction="initiated",state="created"} 0
  tor_relay_connections{type="HTTP tunnel listener",direction="received",state="created"} 0
  tor_relay_connections{type="HTTP tunnel listener",direction="initiated",state="opened"} 0
  tor_relay_connections{type="HTTP tunnel listener",direction="received",state="opened"} 0
  tor_relay_connections{type="Metrics listener",direction="initiated",state="created"} 0
  tor_relay_connections{type="Metrics listener",direction="received",state="created"} 1
  tor_relay_connections{type="Metrics listener",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Metrics listener",direction="received",state="opened"} 1
  tor_relay_connections{type="Metrics",direction="initiated",state="created"} 0
  tor_relay_connections{type="Metrics",direction="received",state="created"} 0
  tor_relay_connections{type="Metrics",direction="initiated",state="opened"} 0
  tor_relay_connections{type="Metrics",direction="received",state="opened"} 0

Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-12 09:25:19 -04:00
David Goulet
5603baf257 conn: Keep stats of opened and closed connections
Related to #40194

Signed-off-by: David Goulet <dgoulet@torproject.org>
2022-10-12 09:25:19 -04:00
Andy
d09414858e Properly compute cell-drop overload fraction
Patch to address #40673. An additional check has been added to
onion_pending_add() in order to ensure that we avoid counting create
cells from clients.

In the cpuworker.c assign_onionskin_to_cpuworker
method if total_pending_tasks >= max_pending_tasks
and channel_is_client(circ->p_chan) returns false then
rep_hist_note_circuit_handshake_dropped() will be called and
rep_hist_note_circuit_handshake_assigned() will not be called. This
causes relays to run into errors due to the fact that the number of
dropped packets exceeds the total number of assigned packets.

To avoid this situation a check has been added to
onion_pending_add() to ensure that these erroneous calls to
rep_hist_note_circuit_handshake_dropped() are not made.

See the #40673 ticket for the conversation with armadev about this issue.
2022-10-06 00:46:29 -04:00
Tor CI Release
2dff82dc72 version: Bump version to 0.4.7.10-dev 2022-08-12 10:55:03 -04:00
David Goulet
42f72dc10c Merge branch 'maint-0.4.6' into maint-0.4.7 2022-08-12 10:54:47 -04:00
Tor CI Release
83965eca26 version: Bump version to 0.4.6.12-dev 2022-08-12 10:54:41 -04:00
David Goulet
0915eb6862 Merge branch 'maint-0.4.5' into maint-0.4.6 2022-08-12 10:54:31 -04:00
Tor CI Release
d52a5f2181 version: Bump version to 0.4.5.14-dev 2022-08-12 10:54:19 -04:00
Tor CI Release
f732a91a73 version: Bump version to 0.4.7.10 2022-08-12 10:19:37 -04:00