Commit Graph

176 Commits

Author SHA1 Message Date
Deepesh Pathak
ca6682f3f8 Fix spelling mistakes corresponding to ticket #23650 2018-02-07 10:41:57 -05:00
David Goulet
e1a40535ea Merge branch 'bug24700_032_01' into bug24700_033_01 2018-02-01 16:39:04 -05:00
Nick Mathewson
cb5654f300 sched: Use the sched_heap_idx field to double-check our fix for 24700.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-01 16:00:59 -05:00
David Goulet
cd81403cc0 Merge branch 'ticket24902_029_05' into ticket24902_033_02 2018-01-30 09:33:12 -05:00
George Kadianakis
c3c2b55dec test: Add unit tests for the DoS subsystem
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:16 -05:00
David Goulet
c05272783d dos: Track new and closed OR client connections
Implement a basic connection tracking that counts the number of concurrent
connections when they open and close.

This commit also adds the circuit creation mitigation data structure that will
be needed at later commit to keep track of the circuit rate.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30 09:18:15 -05:00
Roger Dingledine
94ec5af5fe whitespace and typo fixes 2018-01-06 15:02:12 -05:00
Nick Mathewson
219c969d7b Use monotime_coarse for transfer times and padding times
Using absolute_msec requires a 64-bit division operation every time
we calculate it, which gets expensive on 32-bit architectures.
Instead, just use the lazy "monotime_coarse_get()" operation, and
don't convert to milliseconds until we absolutely must.

In this case, it seemed fine to use a full monotime_coarse_t rather
than a truncated "stamp" as we did to solve this problem for the
timerstamps in buf_t and packed_cell_t: There are vastly more cells
and buffer chunks than there are channels, and using 16 bytes per
channel in the worst case is not a big deal.

There are still more millisecond operations here than strictly
necessary; let's see any divisions show up in profiles.
2017-12-13 09:46:58 -05:00
Nick Mathewson
5ee0cccd49 Merge branch 'macro_free_v2_squashed' 2017-12-08 14:58:43 -05:00
Nick Mathewson
fa0d24286b Convert remaining function (mostly static) to new free style 2017-12-08 14:47:19 -05:00
Nick Mathewson
b0cc9856ee Update free functions into macros: src/or/ part 1
This covers addressmap.h (no change needed) through confparse.h
2017-12-08 14:47:19 -05:00
Nick Mathewson
44010c6fc1 Merge branch 'dgoulet_ticket23709_033_01_squashed' 2017-12-08 14:44:09 -05:00
David Goulet
6120efd771 chan: Do not re-queue after a fail cell write
Couple things happen in this commit. First, we do not re-queue a cell back in
the circuit queue if the write packed cell failed. Currently, it is close to
impossible to have it failed but just in case, the channel is mark as closed
and we move on.

The second thing is that the channel_write_packed_cell() always took ownership
of the cell whatever the outcome. This means, on success or failure, it needs
to free it.

It turns out that that we were using the wrong free function in one case and
not freeing it in an other possible code path. So, this commit makes sure we
only free it in one place that is at the very end of
channel_write_packed_cell() which is the top layer of the channel abstraction.
This makes also channel_tls_write_packed_cell_method() return a negative value
on error.

Two unit tests had to be fixed (quite trivial) due to a double free of the
packed cell in the test since now we do free it in all cases correctly.

Part of #23709

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-08 14:43:27 -05:00
Alex Xu (Hello71)
f1e8e54964 Simplify channel_rsa_id_group_set_badness, #24119 2017-11-30 08:00:24 -05:00
Alex Xu (Hello71)
2cda005ac4 Add fast paths to channel_rsa_id_group_set_badness, #24119 2017-11-24 12:42:51 -05:00
David Goulet
428ee55e51 doc: Update channel.c top comments from latest
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
36f1fb3be3 test: Add unit test for channel_check_for_duplicates()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
1dc4f96d9c channel: Remove nickname attribute from channel_t
This was never set thus never could have been used. Get rid of it to simplify
the code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
163477b11e channel: Remove dead code
This removed code that was either never reached or irrelevant after the
incoming/outgoing queue removal such as the "timestamp_drained".

Lots of things are also removed from channel.h that do not exists anymore or
not used.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
0e7b23535c channel: Add and cleanup comments
No code nor behavior change, only documentation.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:47:37 -05:00
David Goulet
6d1ea7766b channel: Remove unused write cell functions
The channel_write_cell() and channel_write_var_cell() can't be possibly called
nor are used by tor. We only write on the connection outbuf packed cell coming
from the scheduler that takes them from the circuit queue.

This makes channel_write_packed_cell() the only usable function. It is
simplify and now returns a code value. The reason for this is that in the next
commit(s), we'll re-queue the cell onto the circuit queue if the write fails.

Finally, channel unit tests are being removed with this commit because they do
not match the new semantic. They will be re-written in future commits.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:46:15 -05:00
David Goulet
e1c29a769c channel: Remove everything related to queue size
The channel subsystem was doing a whole lot to track and try to predict the
channel queue size but they are gone due to previous commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:44:46 -05:00
David Goulet
46a0709261 channel: Remove incoming/outgoing queue
For the rationale, see ticket #23709.

This is a pretty massive commit. Those queues were everywhere in channel.c and
it turns out that it was used by lots of dead code.

The channel subsystem *never* handles variable size cell (var_cell_t) or
unpacked cells (cell_t). The variable ones are only handled in channeltls and
outbound cells are always packed from the circuit queue so this commit removes
code related to variable and unpacked cells.

However, inbound cells are unpacked (cell_t), that is untouched and is handled
via channel_process_cell() function.

In order to make the commit compile, test have been modified but not passing
at this commit. Also, many tests have been removed but better improved ones
get added in future commits.

This commit also adds a XXX: which indicates that the handling process of
outbound cells isn't fully working. This as well is fixed in a future commit.

Finally, at this commit, more dead code remains, it will be cleanup in future
commits.

Fixes #23709

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:37:59 -05:00
Nick Mathewson
91467e04b1 Merge branch 'bug22805_v2_squashed' 2017-09-22 08:58:17 -04:00
Nick Mathewson
ceb49c1c5f Use channel_is_client() accessor in channelpadding.c.
Also, allow channel_is_client() to take a const channel.
2017-09-22 08:55:53 -04:00
Nick Mathewson
d1e0e486e9 Stop clearing the is_client flag on channel directly 2017-09-22 08:55:53 -04:00
Nick Mathewson
c1deabd3b0 Run our #else/#endif annotator on our source code. 2017-09-15 16:24:44 -04:00
Nick Mathewson
639766dbc3 Merge branch 'maint-0.3.1'
Resolve conflict with 23532 code.
2017-09-15 14:40:35 -04:00
Nick Mathewson
0f4f40b70f Merge remote-tracking branch 'dgoulet/ticket12541_032_02' 2017-09-15 12:00:50 -04:00
Matt Traudt
dde358667d sched: Implement the KIST scheduler
Closes #12541

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Matt Traudt
2034e0d1d4 sched: Groundwork before KIST implementation
- HT_FOREACH_FN defined in an additional place because nickm did that
  in an old kist prototype
- Make channel_more_to_flush mockable for future sched tests
- Add empty scheduler_{vanilla,kist}.c files and put in include.am

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-15 11:40:59 -04:00
Nick Mathewson
e05414d241 Fix several places where md-using relays would get wrong behavior.
This patch replaces a few calls to router_get_by_id_digest ("do we
have a routerinfo?") with connection_or_digest_is_known_relay ("do
we know this relay to be in the consensus, or have been there some
time recently?").

Found while doing the 21585 audit; fixes bug 23533.  Bugfix on
0.3.0.1-alpha.
2017-09-15 09:35:59 -04:00
Nick Mathewson
8eef7fc845 Merge branch 'maint-0.3.1' 2017-09-12 10:30:54 -04:00
Mike Perry
6d221c8f37 Ticket #17857: Apply padding off-switch to existing connections. 2017-09-12 10:28:45 -04:00
Mike Perry
79e2e4d3cb Ticket #17857: Padding off-switch for single hop connections
This doesn't apply to currently active connections.. yet...
2017-06-23 16:53:39 -04:00
Nick Mathewson
3a8a92fddd Merge branch 'callgraph_reduction_v2' 2017-06-21 16:47:55 -04:00
Nick Mathewson
1c0a2335cd Extract channel_do_open_actions() from non-open _change_state cases
This reduces the size of the largest SCC in the callgraph by 30
functions, from 58 to 28.
2017-06-21 14:03:00 -04:00
Nick Mathewson
ef2248d09b Fix a warning about an extraneous semicolon 2017-05-09 07:25:34 -04:00
Nick Mathewson
4d6c79d1de Fix some clang-i386 warnings in master. 2017-05-08 15:34:37 -04:00
Nick Mathewson
fb97f76e71 whitespace fixes 2017-05-08 13:57:08 -04:00
Nick Mathewson
4d30dde156 Merge branch 'netflow_padding-v6-rebased2-squashed' 2017-05-08 13:54:59 -04:00
Mike Perry
76c9330f9d Bug 17604: Converge on only one long-lived TLS conn between relays.
Accomplished via the following:

1. Use NETINFO cells to determine if both peers will agree on canonical
   status. Prefer connections where they agree to those where they do not.
2. Alter channel_is_better() to prefer older orconns in the case of multiple
   canonical connections, and use the orconn with more circuits on it in case
   of age ties.

Also perform some hourly accounting on how many of these types of connections
there are and log it at info or notice level.
2017-05-08 13:49:22 -04:00
Mike Perry
b0e92634d8 Netflow record collapsing defense.
This defense will cause Cisco, Juniper, Fortinet, and other routers operating
in the default configuration to collapse netflow records that would normally
be split due to the 15 second flow idle timeout.

Collapsing these records should greatly reduce the utility of default netflow
data for correlation attacks, since all client-side records should become 30
minute chunks of total bytes sent/received, rather than creating multiple
separate records for every webpage load/ssh command interaction/XMPP chat/whatever
else happens to be inactive for more than 15 seconds.

The defense adds consensus parameters to govern the range of timeout values
for sending padding packets, as well as for keeping connections open.

The defense only sends padding when connections are otherwise inactive, and it
does not pad connections used solely for directory traffic at all. By default
it also doesn't pad inter-relay connections.

Statistics on the total padding in the last 24 hours are exported to the
extra-info descriptors.
2017-05-08 13:49:21 -04:00
Nick Mathewson
7505f452c8 Run the copyright update script. 2017-03-15 16:13:17 -04:00
Nick Mathewson
515e1f663a Add an O(1) map from channel->global_identifier to channel 2017-02-21 20:58:25 -05:00
Nick Mathewson
472b277207 Remove the (no longer compiled) code for legacy guard selection.
Part of 20830.
2017-01-18 15:27:10 -05:00
Nick Mathewson
97ed2ce085 Unindent long-misindented blocks.
We switched these to be "if (1) " a while back, so we could keep
the indentation and avoid merge conflicts.  But it's nice to clean
up from time to time.
2017-01-02 12:16:57 -05:00
Nick Mathewson
26651d7fdb Fix some dubious indentation 2017-01-02 12:13:11 -05:00
Nick Mathewson
2cee38f76a Merge branch 'prop271_030_v1_squashed' 2016-12-16 11:20:59 -05:00
Nick Mathewson
6867950432 Wrap all of the legacy guard code, and its users, in #ifdefs
This will make it easier to see what we remove down the line.
2016-12-16 11:06:22 -05:00