Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

r16194@catbus: nickm | 2007-10-26 18:37:02 -0400
Keep circuitless TLS connections open for 1.5 x MaxCircuitDirtiness: this ensures that we don't thrash closing and repoening connections to our guards.


svn:r12218

Nick Mathewson 18 years ago
parent
c9c9f581f6
commit
2c1d7cf674
4 changed files with 20 additions and 6 deletions
Unified View Show Diff Stats
  1. 6 0
      ChangeLog
  2. 5 4
      doc/TODO
  3. 5 2
      doc/spec/tor-spec.txt
  4. 4 0
      src/or/main.c

+ 6 - 0
ChangeLog
View File 

@@ -3,6 +3,12 @@ Changes in version 0.2.0.10-alpha - 2007-1?-??
 
     - Drop support for OpenSSL version 0.9.6.  Just about nobody was using
 
     - Drop support for OpenSSL version 0.9.6.  Just about nobody was using
 
       it, it had no AES, and it hasn't seen any security patches since 2004.
 
       it, it had no AES, and it hasn't seen any security patches since 2004.
 
 
 
+  o Minor features:
 
+    - Clients new hold circuitless TLS connections open for 1.5 times
 
+      MaxCircuitDirtiness, since it is likely that they'll need to build
 
+      a circuit over them within that timeframe.  Previously, they held them
 
+      open only for KeepalivePeriod.
 
+
 
   o Minor bugfixes:
 
   o Minor bugfixes:
 
     - Refuse to start if both ORPort and UseBridges are set. Bugfix
 
     - Refuse to start if both ORPort and UseBridges are set. Bugfix
 
       on 0.2.0.x.
 
       on 0.2.0.x.

+ 5 - 4
doc/TODO
View File 

@@ -23,9 +23,10 @@ Things we'd like to do in 0.2.0.x:
 
     - Support for preconfigured mirror lists
 
     - Support for preconfigured mirror lists
 
       - Use a pre-shipped fallback consensus.
 
       - Use a pre-shipped fallback consensus.
 
     - Download consensuses (et al) via if-modified-since
 
     - Download consensuses (et al) via if-modified-since
 
-    - Saner TLS rotation
 
-      - Bump up the "connection timeout" value to be 1.5
 
+    o Saner TLS rotation
 
+      o Bump up OR the "connection timeout" value to be 1.5
 
 	circuit dirtiness interval.
 
 	circuit dirtiness interval.
 
+      o Document this in tor-spec
 
     - base Guard flag on WFU rather than or in addition to MTBF
 
     - base Guard flag on WFU rather than or in addition to MTBF
 
     D 118 if feasible and obvious
 
     D 118 if feasible and obvious
 
     D Maintain a skew estimate and use ftime consistently.
 
     D Maintain a skew estimate and use ftime consistently.
 
@@ -103,8 +104,8 @@ Things we'd like to do in 0.2.0.x:
 
         - Handle rate-limiting on directory writes to linked directory
 
         - Handle rate-limiting on directory writes to linked directory
 
           connections in a more sensible manner.
 
           connections in a more sensible manner.
 
         - Find more ways to test this.
 
         - Find more ways to test this.
 
-    - Have clients do TLS connection rotation less often than "every 10
 
-      minutes" in the thrashy case, and more often than "once a week" in the
 
+    o Do TLS rotation less often than "every 10 minutes" in the thrashy case.
 
+    D Do TLS connection rotation more often than "once a week" in the
 
       extra-stable case.
 
       extra-stable case.
 
     - Streamline how we pick entry nodes: Make choose_random_entry() have
 
     - Streamline how we pick entry nodes: Make choose_random_entry() have
 
       less magic and less control logic.
 
       less magic and less control logic.

+ 5 - 2
doc/spec/tor-spec.txt
View File 

@@ -194,9 +194,12 @@ see tor-design.pdf.
 
    of TLS records MUST NOT leak information about the type or contents
 
    of TLS records MUST NOT leak information about the type or contents
 
    of the cells.
 
    of the cells.
 
 
 
-   TLS connections are not permanent. Either side may close a connection
 
+   TLS connections are not permanent. Either side MAY close a connection
 
    if there are no circuits running over it and an amount of time
 
    if there are no circuits running over it and an amount of time
 
-   (KeepalivePeriod, defaults to 5 minutes) has passed.
 
+   (KeepalivePeriod, defaults to 5 minutes) has passed since the last time
 
+   any traffic was transmitted over the TLS connection.  Clients SHOULD
 
+   also hold a TLS connection with no circuits open, if it is likely that a
 
+   circuit will be built soon using that connection.
 
 
 
    (As an exception, directory servers may try to stay connected to all of
 
    (As an exception, directory servers may try to stay connected to all of
 
    the ORs -- though this will be phased out for the Tor 0.1.2.x release.)
 
    the ORs -- though this will be phased out for the Tor 0.1.2.x release.)

+ 4 - 0
src/or/main.c
View File 

@@ -764,19 +764,23 @@ run_connection_housekeeping(int i, time_t now)
 
      the connection or send a keepalive, depending. */
 
      the connection or send a keepalive, depending. */
 
   if (now >= conn->timestamp_lastwritten + options->KeepalivePeriod) {
 
   if (now >= conn->timestamp_lastwritten + options->KeepalivePeriod) {
 
     routerinfo_t *router = router_get_by_digest(or_conn->identity_digest);
 
     routerinfo_t *router = router_get_by_digest(or_conn->identity_digest);
 
+    int maxCircuitlessPeriod = options->MaxCircuitDirtiness*3/2;
 
     if (!connection_state_is_open(conn)) {
 
     if (!connection_state_is_open(conn)) {
 
+      /* We never managed to actually get this connection open and happy. */
 
       log_info(LD_OR,"Expiring non-open OR connection to fd %d (%s:%d).",
 
       log_info(LD_OR,"Expiring non-open OR connection to fd %d (%s:%d).",
 
                conn->s,conn->address, conn->port);
 
                conn->s,conn->address, conn->port);
 
       connection_mark_for_close(conn);
 
       connection_mark_for_close(conn);
 
       conn->hold_open_until_flushed = 1;
 
       conn->hold_open_until_flushed = 1;
 
     } else if (we_are_hibernating() && !or_conn->n_circuits &&
 
     } else if (we_are_hibernating() && !or_conn->n_circuits &&
 
                !buf_datalen(conn->outbuf)) {
 
                !buf_datalen(conn->outbuf)) {
 
+      /* We're hibernating, there's no circuits, and nothing to flush.*/
 
       log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "
 
       log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "
 
                "[Hibernating or exiting].",
 
                "[Hibernating or exiting].",
 
                conn->s,conn->address, conn->port);
 
                conn->s,conn->address, conn->port);
 
       connection_mark_for_close(conn);
 
       connection_mark_for_close(conn);
 
       conn->hold_open_until_flushed = 1;
 
       conn->hold_open_until_flushed = 1;
 
     } else if (!clique_mode(options) && !or_conn->n_circuits &&
 
     } else if (!clique_mode(options) && !or_conn->n_circuits &&
 
+               now >= conn->timestamp_lastwritten + maxCircuitlessPeriod &&
 
                (!router || !server_mode(options) ||
 
                (!router || !server_mode(options) ||
 
                 !router_is_clique_mode(router))) {
 
                 !router_is_clique_mode(router))) {
 
       log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "
 
       log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "