Nick Mathewson [Wed, 3 Jan 2018 14:13:00 +0000 (09:13 -0500)]
Fix some shadowed-global warnings.
These are all about local variables shadowing global
functions. That isn't normally a problem, but at least one
compiler we care about seems to treat this as a case of -Wshadow
violation, so let's fix it.
Nick Mathewson [Tue, 19 Dec 2017 18:53:52 +0000 (13:53 -0500)]
Move destroy cells into a separate queue type of their own, to save RAM
We've been seeing problems with destroy cells queues taking up a
huge amount of RAM. We can mitigate this, since while a full packed
destroy cell takes 514 bytes, we only need 5 bytes to remember a
circuit ID and a reason.
Fixes bug 24666. Bugfix on 0.2.5.1-alpha, when destroy cell queues
were introduced.
David Goulet [Tue, 19 Dec 2017 21:20:36 +0000 (16:20 -0500)]
sched: Consider extra_space even if negative in KIST
With extra_space negative, it means that the "notsent" queue is quite large so
we must consider that value with the current computed tcp_space. If we end up
to have negative space, we should not add more data to the kernel since the
notsent queue is just too filled up.
Fixes #24665
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Wed, 20 Dec 2017 19:14:02 +0000 (14:14 -0500)]
sched: Use lower layer cell limit with KISTLite
Instead of using INT_MAX as a write limit for KISTLite, use the lower layer
limit which is using the specialized num_cells_writeable() of the channel that
will down the line check the connection's outbuf and limit it to 32KB
(OR_CONN_HIGHWATER).
That way we don't take the chance of bloating the connection's outbuf and we
keep the cells in the circuit queue which our OOM handler can take care of,
not the outbuf.
Finally, this commit adds a log_debug() in the update socket information
function of KIST so we can get the socket information in debug.
Fixes #24671
Signed-off-by: David Goulet <dgoulet@torproject.org>
teor [Sun, 10 Dec 2017 15:29:05 +0000 (02:29 +1100)]
Make sure bridges are definitely running before delaying directory fetches
Retry directory downloads when we get our first bridge descriptor
during bootstrap or while reconnecting to the network. Keep retrying
every time we get a bridge descriptor, until we have a reachable bridge.
Stop delaying bridge descriptor fetches when we have cached bridge
descriptors. Instead, only delay bridge descriptor fetches when we
have at least one reachable bridge.
teor [Sun, 10 Dec 2017 14:14:28 +0000 (01:14 +1100)]
Simplify some conditionals in circuit_get_open_circ_or_launch()
When entry_list_is_constrained() is true, guards_retry_optimistic()
always returns true.
When entry_list_is_constrained() is false,
options->UseBridges is always false,
therefore !options->UseBridges is always true,
therefore (!options->UseBridges || ...) is always true.
When we cleanup intro points, we iterate over the descriptor's map of intro
points and we can possibly mark for close a circuit. This was problematic
because we would MAP_DEL_CURRENT() the intro point then free it and finally
mark for close the circuit which would lookup the intro point that we just
free in the map we are iterating over.
This can't be done and leads to a use-after-free because the intro point will
be returned successfully due to the fact that we are still in the loop
iterating. In other words, MAP_DEL_CURRENT() followed by a digest256map_get()
of the same object should never be done in the same loop.
Fixes #24595
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Mon, 11 Dec 2017 20:42:28 +0000 (15:42 -0500)]
sched: Avoid integer overflow when computing tcp_space
In KIST, we could have a small congestion window value than the unacked
packets leading to a integer overflow which leaves the tcp_space value to be
humongous.
This has no security implications but it results in KIST scheduler allowing to
send cells on a potentially saturated connection.
Found by #24423. Fixes #24590.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Don't consider a port "handled" by an isolated circuit.
Previously, circuit_stream_is_being_handled incorrectly reported
that (1) an exit port was "handled" by a circuit regardless of
whether the circuit was already isolated in some way, and
(2) that a stream could be "handled" by a circuit even if their
isolation settings were incompatible.
As a result of (1), in Tor Browser, circuit_get_unhandled_ports was
reporting that all ports were handled even though all non-internal
circuits had already been isolated by a SOCKS username+password.
Therefore, circuit_predict_and_launch_new was declining to launch
new exit circuits. Then, when the user visited a new site in Tor
Browser, a stream with new SOCKS credentials would be initiated,
and the stream would have to wait while a new circuit with those
credentials could be built. That wait was making the
time-to-first-byte longer than it needed to be.
Now, clean, not-yet-isolated circuit(s) will be automatically
launched ahead of time and be ready for use whenever a new stream
with new SOCKS credentials (or other isolation criteria) is
initiated.
Fixes bug 18859. Thanks to Nick Mathewson for improvements.
David Goulet [Wed, 6 Dec 2017 16:33:01 +0000 (11:33 -0500)]
test: Add a KIST test for a non opened channel
This makes sure that a non opened channel is never put back in the channel
pending list and that its state is consistent with what we expect that is
IDLE.
Test the fixes in #24502.
Signed-off-by: David Goulet <dgoulet@torproject.org>
projects / thirdparty / tor.git / log
