Drop the maximum attempts to get a virtual address to 1000.

This is good enough to give P_success >= 999,999,999/1,000,000,000 so
long as the address space is less than 97.95 full.  It'd be ridiculous
for that to happen for IPv6, and usome reasonable assumptions, it
would also be pretty silly for IPv4.

diff --git a/changes/ipv6_automap b/changes/ipv6_automap
index 150349c382d94503f288e7db82d2e72655b0ae52..1b44585277d6cf8f8f2ea73bedf0816056e90ab0 100644 (file)
--- a/changes/ipv6_automap
+++ b/changes/ipv6_automap
@@ -10,3 +10,10 @@
     - AutomapHostsOnResolve responses are now randomized, to avoid
       annoying situations where Tor is restarted and applications
       connect to the wrong addresses.
+
+    - We never try more than 1000 times to pick a virtual address
+      when AutomapHostsOnResolve is set. That's good enough so long
+      as we aren't close to handing out our entire virtual address
+      space; if you're getting there, it's best to switch to IPv6
+      virtual addresses anyway.
+

diff --git a/src/or/addressmap.c b/src/or/addressmap.c
index e1efbf4bfd7b5ea476d31eda47f81214b19317bf..f4c31295a84ca36e79eac72511546ab898d121ba 100644 (file)
--- a/src/or/addressmap.c
+++ b/src/or/addressmap.c
@@ -863,9 +863,13 @@ addressmap_get_virtual_address(int type)
     const virtual_addr_conf_t *conf = ipv6 ?
       &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
 
-    // This is an imperfect estimate of how many addresses are available, but
-    // that's ok.  We also don't try every one.
-    uint32_t attempts = ipv6 ? UINT32_MAX : (1u << (32- conf->bits));
+    /* Don't try more than 1000 times.  This gives us P < 1e-9 for
+     * failing to get a good address so long as the address space is
+     * less than ~97.95% full.  That's always going to be true under
+     * sensible circumstances for an IPv6 /10, and it's going to be
+     * true for an IPv4 /10 as long as we've handed out less than
+     * 4.08 million addresses. */
+    uint32_t attempts = 1000;
 
     tor_addr_t addr;