| blob | 6d4f34cff85a644552937f2254e9deab7f78d136 |
1 /* Copyright (c) 2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file congestion_control_common.c
6 * \brief Common code used by all congestion control algorithms.
7 */
9 #define TOR_CONGESTION_CONTROL_COMMON_PRIVATE
34 /* Consensus parameter defaults.
35 *
36 * More details for each of the parameters can be found in proposal 324,
37 * section 6.5 including tuning notes. */
38 #define CIRCWINDOW_INIT (500)
39 #define SENDME_INC_DFLT (50)
40 #define CC_ALG_DFLT (CC_ALG_SENDME)
41 #define CC_ALG_DFLT_ALWAYS (CC_ALG_VEGAS)
43 #define CWND_INC_DFLT (50)
44 #define CWND_INC_PCT_SS_DFLT (100)
45 #define CWND_INC_RATE_DFLT (1)
46 #define CWND_MAX_DFLT (INT32_MAX)
47 #define CWND_MIN_DFLT (MAX(100, SENDME_INC_DFLT))
49 #define BWE_SENDME_MIN_DFLT (5)
50 #define EWMA_CWND_COUNT_DFLT (2)
52 /* BDP algorithms for each congestion control algorithms use the piecewise
53 * estimattor. See section 3.1.4 of proposal 324. */
54 #define WESTWOOD_BDP_ALG BDP_ALG_PIECEWISE
55 #define VEGAS_BDP_MIX_ALG BDP_ALG_PIECEWISE
56 #define NOLA_BDP_ALG BDP_ALG_PIECEWISE
58 /* Indicate OR connection buffer limitations used to stop or start accepting
59 * cells in its outbuf.
60 *
61 * These watermarks are historical to tor in a sense that they've been used
62 * almost from the genesis point. And were likely defined to fit the bounds of
63 * TLS records of 16KB which would be around 32 cells.
64 *
65 * These are defaults of the consensus parameter "orconn_high" and "orconn_low"
66 * values. */
67 #define OR_CONN_HIGHWATER_DFLT (32*1024)
68 #define OR_CONN_LOWWATER_DFLT (16*1024)
70 /* Low and high values of circuit cell queue sizes. They are used to tell when
71 * to start or stop reading on the streams attached on the circuit.
72 *
73 * These are defaults of the consensus parameters "cellq_high" and "cellq_low".
74 */
75 #define CELL_QUEUE_LOW_DFLT (10)
76 #define CELL_QUEUE_HIGH_DFLT (256)
84 /* For unit tests */
87 /* Consensus parameters cached. The non static ones are extern. */
96 /**
97 * Update global congestion control related consensus parameter values,
98 * every consensus update.
99 */
100 void
102 {
103 #define CELL_QUEUE_HIGH_MIN (1)
104 #define CELL_QUEUE_HIGH_MAX (1000)
106 CELL_QUEUE_HIGH_DFLT,
107 CELL_QUEUE_HIGH_MIN,
108 CELL_QUEUE_HIGH_MAX);
110 #define CELL_QUEUE_LOW_MIN (1)
111 #define CELL_QUEUE_LOW_MAX (1000)
113 CELL_QUEUE_LOW_DFLT,
114 CELL_QUEUE_LOW_MIN,
115 CELL_QUEUE_LOW_MAX);
117 #define OR_CONN_HIGHWATER_MIN (CELL_PAYLOAD_SIZE)
118 #define OR_CONN_HIGHWATER_MAX (INT32_MAX)
119 or_conn_highwater =
121 OR_CONN_HIGHWATER_DFLT,
122 OR_CONN_HIGHWATER_MIN,
123 OR_CONN_HIGHWATER_MAX);
125 #define OR_CONN_LOWWATER_MIN (CELL_PAYLOAD_SIZE)
126 #define OR_CONN_LOWWATER_MAX (INT32_MAX)
127 or_conn_lowwater =
129 OR_CONN_LOWWATER_DFLT,
130 OR_CONN_LOWWATER_MIN,
131 OR_CONN_LOWWATER_MAX);
133 #define CWND_MAX_MIN 500
134 #define CWND_MAX_MAX (INT32_MAX)
135 cwnd_max =
137 CWND_MAX_DFLT,
138 CWND_MAX_MIN,
139 CWND_MAX_MAX);
141 #define SENDME_INC_MIN 10
142 #define SENDME_INC_MAX (1000)
143 cc_sendme_inc =
145 SENDME_INC_DFLT,
146 SENDME_INC_MIN,
147 SENDME_INC_MAX);
149 #define CC_ALG_MIN 0
150 #define CC_ALG_MAX (NUM_CC_ALGS-1)
151 cc_alg =
153 CC_ALG_DFLT,
154 CC_ALG_MIN,
155 CC_ALG_MAX);
156 }
158 /**
159 * Set congestion control parameters on a circuit's congestion
160 * control object based on values from the consensus.
161 *
162 * cc_alg is the negotiated congestion control algorithm.
163 *
164 * sendme_inc is the number of packaged cells that a sendme cell
165 * acks. This parameter will come from circuit negotiation.
166 */
167 static void
170 {
174 #define CWND_INIT_MIN 100
175 #define CWND_INIT_MAX (10000)
178 CIRCWINDOW_INIT,
179 CWND_INIT_MIN,
180 CWND_INIT_MAX);
182 #define CWND_INC_PCT_SS_MIN 1
183 #define CWND_INC_PCT_SS_MAX (500)
186 CWND_INC_PCT_SS_DFLT,
187 CWND_INC_PCT_SS_MIN,
188 CWND_INC_PCT_SS_MAX);
190 #define CWND_INC_MIN 1
191 #define CWND_INC_MAX (1000)
194 CWND_INC_DFLT,
195 CWND_INC_MIN,
196 CWND_INC_MAX);
198 #define CWND_INC_RATE_MIN 1
199 #define CWND_INC_RATE_MAX (250)
202 CWND_INC_RATE_DFLT,
203 CWND_INC_RATE_MIN,
204 CWND_INC_RATE_MAX);
206 #define CWND_MIN_MIN 20
207 #define CWND_MIN_MAX (1000)
210 CWND_MIN_DFLT,
211 CWND_MIN_MIN,
212 CWND_MIN_MAX);
214 #define EWMA_CWND_COUNT_MIN 1
215 #define EWMA_CWND_COUNT_MAX (100)
218 EWMA_CWND_COUNT_DFLT,
219 EWMA_CWND_COUNT_MIN,
220 EWMA_CWND_COUNT_MAX);
222 #define BWE_SENDME_MIN_MIN 2
223 #define BWE_SENDME_MIN_MAX (20)
226 BWE_SENDME_MIN_DFLT,
227 BWE_SENDME_MIN_MIN,
228 BWE_SENDME_MIN_MAX);
230 /* If the consensus says to use OG sendme, but torrc has
231 * always-enabled, use the default "always" alg (vegas),
232 * else use cached conensus alg. */
237 }
255 }
259 default_bdp_alg,
263 /* Algorithm-specific parameters */
270 }
271 }
273 /** Returns true if congestion control is enabled in the most recent
274 * consensus, or if __AlwaysCongestionControl is set to true.
275 *
276 * Note that this function (and many many other functions) should not
277 * be called from the CPU worker threads when handling congestion
278 * control negotiation. Relevant values are marshaled into the
279 * `circuit_params_t` struct, in order to be used in worker threads
280 * without touching global state. Use those values in CPU worker
281 * threads, instead of calling this function.
282 *
283 * The danger is still present, in your time, as it was in ours.
284 */
285 bool
287 {
294 /* If the user has set "__AlwaysCongesttionControl",
295 * then always try to negotiate congestion control, regardless
296 * of consensus param. This is to be used for testing and sbws.
297 *
298 * Note that we do *not* allow disabling congestion control
299 * if the consensus says to use it, as this is bad for queueing
300 * and fairness. */
305 }
307 /**
308 * For unit tests only: set the cached consensus cc alg to
309 * specified value.
310 */
311 void
313 {
315 }
317 /**
318 * Allocate and initialize fields in congestion control object.
319 *
320 * cc_alg is the negotiated congestion control algorithm.
321 *
322 * sendme_inc is the number of packaged cells that a sendme cell
323 * acks. This parameter will come from circuit negotiation.
324 */
325 static void
328 {
336 }
338 /** Allocate and initialize a new congestion control object */
339 congestion_control_t *
341 {
347 }
349 /**
350 * Free a congestion control object and its asssociated state.
351 */
352 void
354 {
364 }
366 /**
367 * Enqueue a u64 timestamp to the end of a queue of timestamps.
368 */
371 {
376 }
378 /**
379 * Peek at the head of a smartlist queue of u64 timestamps.
380 */
383 {
389 }
392 }
394 /**
395 * Dequeue a u64 monotime usec timestamp from the front of a
396 * smartlist of pointers to 64.
397 */
400 {
407 }
414 }
416 /**
417 * Returns the number of sendme acks that will be recieved in the
418 * current congestion window size, rounded to nearest int.
419 */
422 {
423 /* We add half a sendme_inc to cwnd to round to the nearest int */
425 }
427 /**
428 * Get a package window from either old sendme logic, or congestion control.
429 *
430 * A package window is how many cells you can still send.
431 */
432 int
435 {
447 }
452 /* Inflight can be above cwnd if cwnd was just reduced */
455 /* In the extremely unlikely event that cwnd-inflight is larger than
456 * INT32_MAX, just return that cap, so old code doesn't explode. */
459 else
461 }
462 }
464 /**
465 * Returns the number of cells that are acked by every sendme.
466 */
467 int
469 {
477 }
481 }
484 }
486 /** Return true iff the next cell we send will result in the other endpoint
487 * sending a SENDME.
488 *
489 * We are able to know that because the package or inflight window value minus
490 * one cell (the possible SENDME cell) should be a multiple of the
491 * cells-per-sendme increment value (set via consensus parameter, negotiated
492 * for the circuit, and passed in as sendme_inc).
493 *
494 * This function is used when recording a cell digest and this is done quite
495 * low in the stack when decrypting or encrypting a cell. The window is only
496 * updated once the cell is actually put in the outbuf.
497 */
498 bool
501 {
513 }
515 /* If we are using congestion control and the alg is not
516 * old-school 'fixed', then use cc->inflight to determine
517 * when sendmes will be sent */
522 /* This check must be +1 because this function is called *before*
523 * inflight is incremented for the sent cell */
528 }
530 /* At the start of the window, no SENDME will be expected. */
533 }
535 /* Are we at the limit of the increment and if not, we don't expect next
536 * cell is a SENDME.
537 *
538 * We test against the window minus 1 because when we are looking if the
539 * next cell is a SENDME, the window (either package or deliver) hasn't been
540 * decremented just yet so when this is called, we are currently processing
541 * the "window - 1" cell.
542 */
545 }
547 /* Next cell is expected to be a SENDME. */
549 }
551 /**
552 * Call-in to tell congestion control code that this circuit sent a cell.
553 *
554 * This updates the 'inflight' counter, and if this is a cell that will
555 * cause the other end to send a SENDME, record the current time in a list
556 * of pending timestamps, so that we can later compute the circuit RTT when
557 * the SENDME comes back. */
558 void
562 {
566 /* Is this the last cell before a SENDME? The idea is that if the
567 * package_window reaches a multiple of the increment, after this cell, we
568 * should expect a SENDME. Note that this function must be called *before*
569 * we account for the sent cell. */
573 }
577 /* Record this cell time for RTT computation when SENDME arrives */
580 }
582 /**
583 * Returns true if any edge connections are active.
584 *
585 * We need to know this so that we can stop computing BDP if the
586 * edges are not sending on the circuit.
587 */
588 static int
591 {
598 }
600 /* Check linked list of streams */
610 }
612 /* If we did not reach EOF on this read, there's more */
616 }
622 }
624 /* If there is a linked conn, and *it* did not each EOF,
625 * there's more */
629 }
630 }
631 }
632 }
635 }
637 /**
638 * Upon receipt of a SENDME, pop the oldest timestamp off the timestamp
639 * list, and use this to update RTT.
640 *
641 * Returns true if circuit estimates were successfully updated, false
642 * otherwise.
643 */
644 bool
648 {
651 /* Update RTT first, then BDP. BDP needs fresh RTT */
654 curr_rtt_usec);
655 }
657 /**
658 * Returns true if we have enough time data to use heuristics
659 * to compare RTT to a baseline.
660 */
661 static bool
663 {
665 /* If we have exited slow start, we should have processed at least
666 * a cwnd worth of RTTs */
669 }
671 /* If we managed to get enough acks to estimate a SENDME BDP, then
672 * we have enough to estimate clock jumps relative to a baseline,
673 * too. (This is at least 'cc_bwe_min' acks). */
676 }
678 /* Not enough data to estimate clock jumps */
680 }
684 /**
685 * Returns true if the monotime delta is 0, or is significantly
686 * different than the previous delta. Either case indicates
687 * that the monotime time source stalled or jumped.
688 *
689 * Also caches the clock state in the is_monotime_clock_broken flag,
690 * so we can also provide a is_monotime_clock_reliable() function,
691 * used by flow control rate timing.
692 */
693 static bool
696 {
697 #define DELTA_DISCREPENCY_RATIO_MAX 100
698 /* If we have a 0 new_delta, that is definitely a monotime stall */
704 /* If delta is every 0, the monotime clock has stalled, and we should
705 * not use it anywhere. */
709 }
711 /* If the old_delta is 0, we have no previous values on this circuit.
712 *
713 * So, return the global monotime status from other circuits, and
714 * do not update.
715 */
718 }
720 /*
721 * For the heuristic cases, we need at least a few timestamps,
722 * to average out any previous partial stalls or jumps. So until
723 * than point, let's just use the cached status from other circuits.
724 */
727 }
729 /* If old_delta is significantly larger than new_delta, then
730 * this means that the monotime clock recently stopped moving
731 * forward. */
742 }
744 /* If new_delta is significantly larger than old_delta, then
745 * this means that the monotime clock suddenly jumped forward. */
756 }
758 /* All good! Update cached status, too */
762 }
764 /**
765 * Is the monotime clock stalled according to any circuits?
766 */
767 bool
769 {
771 }
773 /**
774 * Called when we get a SENDME. Updates circuit RTT by pulling off a
775 * timestamp of when we sent the CIRCWINDOW_INCREMENT-th cell from
776 * the queue of such timestamps, and comparing that to current time.
777 *
778 * Also updates min, max, and EWMA of RTT.
779 *
780 * Returns the current circuit RTT in usecs, or 0 if it could not be
781 * measured (due to clock jump, stall, etc).
782 */
783 static uint64_t
786 {
792 /* Get the time that we sent the cell that resulted in the other
793 * end sending this sendme. Use this to calculate RTT */
798 /* Do not update RTT at all if it looks fishy */
801 }
810 }
814 }
817 }
819 /**
820 * Called when we get a SENDME. Updates the bandwidth-delay-product (BDP)
821 * estimates of a circuit. Several methods of computing BDP are used,
822 * depending on scenario. While some congestion control algorithms only
823 * use one of these methods, we update them all because it's quick and easy.
824 *
825 * - now_usec is the current monotime in usecs.
826 * - curr_rtt_usec is the current circuit RTT in usecs. It may be 0 if no
827 * RTT could bemeasured.
828 *
829 * Returns true if we were able to update BDP, false otherwise.
830 */
831 static bool
837 {
846 /* origin circs use n_chan */
850 /* Both onion services and exits use or_circuit and p_chan */
853 }
855 /* If we have no EWMA RTT, it is because monotime has been stalled
856 * or messed up the entire time so far. Set our BDP estimates directly
857 * to current cwnd */
861 /* If the channel is blocked, keep subtracting off the chan_q
862 * until we hit the min cwnd. */
868 }
877 "Our clock has been stalled for the entire lifetime of a circuit. "
881 }
883 /* Congestion window based BDP will respond to changes in RTT only, and is
884 * relative to cwnd growth. It is useful for correcting for BDP
885 * overestimation, but if BDP is higher than the current cwnd, it will
886 * underestimate it.
887 *
888 * We multiply here first to avoid precision issues from min_RTT being
889 * close to ewma RTT. Since all fields are u64, there is plenty of
890 * room here to multiply first.
891 */
894 /*
895 * If we have no pending streams, we do not have enough data to fill
896 * the BDP, so preserve our old estimates but do not make any more.
897 */
900 "CC: Streams drained. Spare package window: %"PRIu64
903 /* Clear SENDME timestamps; they will be wrong with intermittent data */
908 /* Sendme-based BDP will quickly measure BDP in much less than
909 * a cwnd worth of data when in use (in 2-10 SENDMEs).
910 *
911 * But if the link goes idle, it will be vastly lower than true BDP. Hence
912 * we only compute it if we have either pending stream data, or streams
913 * are still blocked on the channel queued data.
914 *
915 * We also do not compute it if we do not have a current RTT passed in,
916 * because that means that monotime is currently stalled or just jumped.
917 */
921 /* If we have more sendmes than fit in a cwnd, trim the list.
922 * Those are not acurrately measuring throughput, if cwnd is
923 * currently smaller than BDP */
929 }
932 /* Calculate SENDME_BWE_COUNT pure average */
936 /* The acked data is in sendme_cnt-1 chunks, because we are counting the
937 * data that is processed by the other endpoint *between* all of these
938 * sendmes. There's one less gap between the sendmes than the number
939 * of sendmes. */
942 /* The bandwidth estimate is cells/delta, which when multiplied
943 * by min RTT obtains the BDP. However, we multiply first to
944 * avoid precision issues with the RTT being close to delta in size. */
947 /* Calculate BDP_EWMA_COUNT N-EWMA */
951 }
953 /* In-flight BDP will cause the cwnd to drift down when underutilized.
954 * It is most useful when the local OR conn is blocked, so we only
955 * compute it if we're utilized. */
960 /* We can still update inflight with just an EWMA RTT, but only
961 * if there is data flowing */
964 }
966 /* The orconn is blocked; use smaller of inflight vs SENDME */
969 chan_q);
971 /* A blocked channel is an immediate congestion signal, but it still
972 * happens only once per cwnd */
976 }
983 }
985 /* If we were previously blocked, emit a new congestion event
986 * now that we are unblocked, to re-evaluate cwnd */
991 chan_q);
992 }
996 }
998 /* We can end up with no piecewise value if we didn't have either
999 * a SENDME estimate or enough data for an inflight estimate.
1000 * It also happens on the very first sendme, since we need two
1001 * to get a BDP. In these cases, use the cwnd method. */
1006 }
1011 "CC: Circuit %d "
1013 "BDP estimates: "
1026 sendme_rate_bdp,
1029 );
1039 // XXX: actually, is this p_chan here? This is
1040 // an or_circuit (exit or onion)
1048 sendme_rate_bdp,
1051 );
1052 }
1053 }
1055 /* We updated BDP this round if either we had a blocked channel, or
1056 * the curr_rtt_usec was not 0. */
1060 sendme_rate_bdp);
1061 }
1063 }
1065 /**
1066 * Dispatch the sendme to the appropriate congestion control algorithm.
1067 */
1068 int
1072 {
1090 }
1098 }
1101 }
1103 /**
1104 * Build an extension field request to negotiate congestion control.
1105 *
1106 * If congestion control is enabled, field TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST
1107 * is created in msg_out. It is a single 0-length field that signifies that we
1108 * want to use congestion control. The length of msg_out is provided via
1109 * msg_len_out.
1110 *
1111 * If congestion control is not enabled, a payload with 0 extensions is created
1112 * and returned.
1113 *
1114 * If there is a failure building the request, -1 is returned, else 0.
1115 *
1116 * *msg_out must be freed if the return value is 0.
1117 */
1118 int
1120 {
1127 /* With congestion control enabled, add the request, else it is an empty
1128 * request in the payload. */
1131 /* Build the extension field that will hold the CC field. */
1134 TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST);
1136 /* No payload indicating a request to use congestion control. */
1139 /* Build final extension. */
1142 }
1144 /* Encode extension. */
1148 }
1155 }
1159 /* Free everything, we've encoded the request now. */
1162 err:
1165 }
1167 /**
1168 * Parse a congestion control ntorv3 request payload for extensions.
1169 *
1170 * On parsing failure, -1 is returned.
1171 *
1172 * If congestion control request is present, return 1. If it is not present,
1173 * return 0.
1174 *
1175 * WARNING: Called from CPU worker! Must not access any global state.
1176 */
1177 int
1179 {
1184 /* Parse extension from payload. */
1188 }
1190 /* No extension implies no support for congestion control. In this case, we
1191 * simply return 0 to indicate CC is disabled. */
1195 }
1197 /* Go over all fields. If any field is TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST,
1198 * then congestion control is enabled. Ignore unknown fields. */
1204 }
1206 /* For congestion control to be enabled, we only need the field type. */
1208 TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST) {
1211 }
1212 }
1214 end:
1217 }
1219 /**
1220 * Given our observed parameters for circuits and congestion control,
1221 * as well as the parameters for the resulting circuit, build a response
1222 * payload using extension fields into *msg_out, with length specified in
1223 * *msg_out_len.
1224 *
1225 * If congestion control will be enabled, the extension field for
1226 * TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE will contain the sendme_inc value.
1227 *
1228 * If congestion control won't be enabled, an extension payload with 0
1229 * fields will be created.
1230 *
1231 * Return 0 if an extension payload was created in *msg_out, and -1 on
1232 * error.
1233 *
1234 * *msg_out must be freed if the return value is 0.
1235 *
1236 * WARNING: Called from CPU worker! Must not access any global state.
1237 */
1238 int
1242 {
1243 ssize_t ret;
1257 /* Build the extension field that will hold the CC field. */
1260 TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE);
1262 /* Build the congestion control field response. */
1270 }
1280 }
1282 /* Build final extension. */
1285 }
1287 /* Encode extension. */
1291 }
1298 }
1302 /* We've just encoded the extension, clean everything. */
1305 err:
1310 }
1313 }
1315 /** Return true iff the given sendme increment is within the acceptable
1316 * margins. */
1317 bool
1319 {
1320 /* We will only accept this response (and this circuit) if sendme_inc
1321 * is within a factor of 2 of our consensus value. We should not need
1322 * to change cc_sendme_inc much, and if we do, we can spread out those
1323 * changes over smaller increments once every 4 hours. Exits that
1324 * violate this range should just not be used. */
1325 #define MAX_SENDME_INC_NEGOTIATE_FACTOR 2
1332 sendme_inc <
1335 }
1337 }
1339 /** Return 1 if CC is enabled which also will set the SENDME increment into our
1340 * params_out. Return 0 if CC is disabled. Else, return -1 on error. */
1341 int
1345 {
1351 /* We will only accept this response (and this circuit) if sendme_inc
1352 * is within a factor of 2 of our consensus value. We should not need
1353 * to change cc_sendme_inc much, and if we do, we can spread out those
1354 * changes over smaller increments once every 4 hours. Exits that
1355 * violate this range should just not be used. */
1356 #define MAX_SENDME_INC_NEGOTIATE_FACTOR 2
1358 /* Parse extension from payload. */
1362 }
1367 }
1369 /* Go over all fields. If any field is TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE,
1370 * then congestion control is enabled. Ignore unknown fields. */
1376 }
1378 /* Only examine TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE; ignore other fields */
1380 TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE) {
1382 /* Parse the field into the congestion control field. */
1388 }
1395 }
1397 /* All good. Get value and break */
1401 }
1402 }
1404 end:
1409 }