|
|
@@ -1204,6 +1204,7 @@ circuit_build_times_count_timeout(circuit_build_times_t *cbt,
|
|
|
static int
|
|
|
circuit_build_times_set_timeout_worker(circuit_build_times_t *cbt)
|
|
|
{
|
|
|
+ build_time_t max_time;
|
|
|
if (cbt->total_build_times < circuit_build_times_min_circs_to_observe()) {
|
|
|
return 0;
|
|
|
}
|
|
|
@@ -1217,11 +1218,29 @@ circuit_build_times_set_timeout_worker(circuit_build_times_t *cbt)
|
|
|
cbt->close_ms = circuit_build_times_calculate_timeout(cbt,
|
|
|
circuit_build_times_close_quantile());
|
|
|
|
|
|
+ max_time = circuit_build_times_max(cbt);
|
|
|
+
|
|
|
/* Sometimes really fast guard nodes give us such a steep curve
|
|
|
* that this ends up being not that much greater than timeout_ms.
|
|
|
* Make it be at least 1 min to handle this case. */
|
|
|
cbt->close_ms = MAX(cbt->close_ms, circuit_build_times_initial_timeout());
|
|
|
|
|
|
+ if (cbt->timeout_ms > max_time) {
|
|
|
+ log_notice(LD_CIRC,
|
|
|
+ "Circuit build timeout of %dms is beyond the maximum build "
|
|
|
+ "time we have ever observed. Capping it to %dms.",
|
|
|
+ (int)cbt->timeout_ms, max_time);
|
|
|
+ cbt->timeout_ms = max_time;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (max_time < INT32_MAX/2 && cbt->close_ms > 2*max_time) {
|
|
|
+ log_notice(LD_CIRC,
|
|
|
+ "Circuit build measurement period of %dms is more than twice "
|
|
|
+ "the maximum build time we have ever observed. Capping it to "
|
|
|
+ "%dms.", (int)cbt->close_ms, 2*max_time);
|
|
|
+ cbt->close_ms = 2*max_time;
|
|
|
+ }
|
|
|
+
|
|
|
cbt->have_computed_timeout = 1;
|
|
|
return 1;
|
|
|
}
|
Mike Perry