| blob | 0a2806b1dc3eb66d645c4136a7ecff957b6e0149 |
1 /* Copyright (c) 2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file conflux.c
6 * \brief Conflux multipath core algorithms
7 */
9 #define TOR_CONFLUX_PRIVATE
30 /** One million microseconds in a second */
31 #define USEC_PER_SEC 1000000
36 /* Track the total number of bytes used by all ooo_q so it can be used by the
37 * OOM handler to assess. */
40 /**
41 * Determine if we should multiplex a specific relay command or not.
42 *
43 * TODO: Version of this that is the set of forbidden commands
44 * on linked circuits
45 */
46 bool
48 {
50 /* These are all fine to multiplex, and must be
51 * so that ordering is preserved */
58 /* We can't multiplex these because they are
59 * circuit-specific */
68 /* We must multiplex RESOLVEs because their ordering
69 * impacts begin/end. */
74 /* These are all circuit-specific */
91 /* These must be multiplexed because their ordering
92 * relative to BEGIN/END must be preserved */
97 /* These two are not multiplexed, because they must
98 * be processed immediately to update sequence numbers
99 * before any other cells are processed on the circuit */
108 relay_command);
110 }
111 }
113 /** Return the leg for a circuit in a conflux set. Return NULL if not found. */
114 conflux_leg_t *
116 {
119 // Find the leg that the cell is written on
124 }
128 }
130 /**
131 * Gets the maximum last_seq_sent from all legs.
132 */
133 uint64_t
135 {
141 }
145 }
147 /**
148 * Gets the maximum last_seq_recv from all legs.
149 */
150 uint64_t
152 {
158 }
162 }
164 /** Return the total memory allocation the circuit is using by conflux. If this
165 * circuit is not a Conflux circuit, 0 is returned. */
166 uint64_t
168 {
171 }
173 }
175 /** Return the total memory allocation in bytes by the subsystem.
176 *
177 * At the moment, only out of order queues are consiered. */
178 uint64_t
180 {
182 }
184 /** The OOM handler is asking us to try to free at least bytes_to_remove. */
185 size_t
187 {
190 /* We are not doing anything on the sets, the OOM handler will trigger a
191 * circuit clean up which will affect conflux sets, by pruning oldest
192 * circuits. */
195 total_ooo_q_bytes);
197 }
199 /**
200 * Returns true if a circuit has package window space to send, and is
201 * not blocked locally.
202 */
205 {
209 /* We consider ourselves blocked if we're within 1 sendme of the
210 * cwnd, because inflight is decremented before this check */
211 // TODO-329-TUNING: This subtraction not be right.. It depends
212 // on call order wrt decisions and sendme arrival
215 }
217 /* Origin circuits use the package window of the last hop, and
218 * have an outbound cell direction (towards exit). Otherwise,
219 * there is no cpath and direction is inbound. */
224 }
225 }
227 /**
228 * Return the circuit with the minimum RTT. Do not use any
229 * other circuit.
230 *
231 * This algorithm will minimize RTT always, and will not provide
232 * any throughput benefit. We expect it to be useful for VoIP/UDP
233 * use cases. Because it only uses one circuit on a leg at a time,
234 * it can have more than one circuit per guard (ie: to find
235 * lower-latency middles for the path).
236 */
239 {
243 /* Can't get here without any legs. */
248 /* Ignore circuits with no RTT measurement */
252 }
255 /* If the minRTT circuit can't send, dont send on any circuit. */
258 }
260 }
262 /**
263 * Favor the circuit with the lowest RTT that still has space in the
264 * congestion window.
265 *
266 * This algorithm will maximize total throughput at the expense of
267 * bloating out-of-order queues.
268 */
271 {
275 /* Can't get here without any legs. */
279 /* If the package window is full, skip it */
282 }
284 /* Ignore circuits with no RTT */
288 }
291 /* At this point, if we found a circuit, we've already validated that its
292 * congestion window has room. */
294 }
296 /**
297 * Returns the amount of room in a cwnd on a circuit.
298 */
301 {
309 }
311 /**
312 * Return the amount of congestion window we can send on
313 * on_circ during in_usec. However, if we're still in
314 * slow-start, send the whole window to establish the true
315 * cwnd.
316 */
320 {
327 "cwnd_sendable: Missing RTT data. in_usec: %" PRIu64
330 }
335 /* For any given leg, it has min_rtt/2 time before the 'primary'
336 * leg's acks start arriving. So, the amount of data this
337 * 'secondary' leg can send while the min_rtt leg transmits these
338 * acks is:
339 * (cwnd_leg/(leg_rtt/2))*min_rtt/2 = cwnd_leg*min_rtt/leg_rtt.
340 */
343 }
344 }
346 /**
347 * Returns true if we can switch to a new circuit, false otherwise.
348 *
349 * This function assumes we're primarily switching between two circuits,
350 * the current and the prev. If we're using more than two circuits, we
351 * need to set cfx_drain_pct to 100.
352 */
355 {
356 /* If we still expected to send more cells on this circuit,
357 * we're only allowed to switch if the previous circuit emptied. */
359 /* If there is no prev leg, skip the inflight check. */
362 }
366 /* If the inflight count has drained to below cfx_drain_pct
367 * of the congestion window, then we can switch.
368 * We check the sendme_inc because there may be un-ackable
369 * data in inflight as well, and we can still switch then. */
370 // TODO-329-TUNING: Should we try to switch if the prev_leg is
371 // ready to send, instead of this?
376 }
379 }
382 }
384 /**
385 * Favor the circuit with the lowest RTT that still has space in the
386 * congestion window up to the ratio of RTTs.
387 *
388 * This algorithm should only use auxillary legs up to the point
389 * where their data arrives roughly the same time as the lowest
390 * RTT leg. It will not utilize the full cwnd of auxillary legs,
391 * except in slow start. Therefore, out-of-order queue bloat should
392 * be minimized to just the slow-start phase.
393 */
396 {
400 /* Can't get here without any legs. */
403 /* Find the leg with the minimum RTT.*/
405 /* Ignore circuits with invalid RTT */
409 }
412 /* If the package window is has room, use it */
415 }
422 }
424 /* Pick a 'min_leg' with the lowest RTT that still has
425 * room in the congestion window. Note that this works for
426 * min_leg itself, up to inflight. */
430 }
433 /* If the circuit can't send, don't send on any circuit. */
436 }
438 }
440 /**
441 * This function is called when we want to send a relay cell on a
442 * conflux, as well as when we want to compute available space in
443 * to package from streams.
444 *
445 * It determines the circuit that relay command should be sent on,
446 * and sends a SWITCH cell if necessary.
447 *
448 * It returns the circuit we should send on. If no circuits are ready
449 * to send, it returns NULL.
450 */
451 circuit_t *
455 {
456 /* If this command should not be multiplexed, send it on the original
457 * circuit */
460 }
464 /* Because our congestion window only cover relay data command, we can end up
465 * in a situation where we need to send non data command when all circuits
466 * are at capacity. For those cases, keep using the *current* leg,
467 * so these commands arrive in-order. */
469 /* Curr leg should be set, because conflux_decide_next_circ() should
470 * have set it earlier. No BUG() here because the only caller BUG()s. */
473 relay_command);
475 }
477 }
479 /*
480 * If we are switching to a new circuit, we need to send a SWITCH command.
481 * We also need to compute an estimate of how much data we can send on
482 * the new circuit before we are allowed to switch again, to rate
483 * limit the frequency of switching.
484 */
490 // TODO-329-TUNING: This is one mechanism to rate limit switching,
491 // which should reduce the OOQ mem. However, we're not going to do that
492 // until we get some data on if the memory usage is high
494 //cwnd_sendable(new_circ,cfx->curr_leg->circ_rtts_usec,
495 // new_leg->circ_rtts_usec);
512 }
513 }
516 }
518 /** Called after conflux actually sent a cell on a circuit.
519 * This function updates sequence number counters, and
520 * switch counters.
521 */
522 void
524 {
529 }
538 }
539 }
541 /** Find the leg with lowest non-zero curr_rtt_usec, and
542 * pick it for our current leg. */
545 {
549 /* We need to skip 0-RTT legs, since this can happen at the exit
550 * when there is a race between BEGIN and LINKED_ACK, and BEGIN
551 * wins the race. The good news is that because BEGIN won,
552 * we don't need to consider those other legs, since they are
553 * slower. */
557 }
558 }
562 // Get the 0th leg; if it does not exist, log the set.
563 // Bug 40827 managed to hit this, so let's dump the sets
564 // in case it happens again.
566 // Since we have no legs, we have no idea if this is really a client
567 // or server set. Try to find any that match:
574 }
582 }
583 }
585 // TODO-329-TUNING: We may want to initialize this to a cwnd, to
586 // minimize early switching?
587 //cfx->cells_until_switch = circuit_ccontrol(min_leg->circ)->cwnd;
593 }
595 /**
596 * Returns the circuit that conflux would send on next, if
597 * conflux_decide_circ_for_send were called. This is used to compute
598 * available space in the package window.
599 */
600 circuit_t *
602 {
603 // TODO-329-TUNING: Temporarily validate legs here. We can remove
604 // this once tuning is complete.
607 /* If the conflux set is tearing down and has no current leg,
608 * bail and give up */
611 }
613 /* If we don't have a current leg yet, pick one.
614 * (This is the only non-const operation in this function). */
618 }
620 /* First, check if we can switch. */
625 /* If we can't switch, and the current circuit can't send,
626 * then return null. */
629 }
632 }
643 }
644 }
646 /**
647 * Called when we have a new RTT estimate for a circuit.
648 */
649 void
651 {
657 }
659 // Update RTT
662 // TODO-329-ARTI: For UDP latency targeting, arti could decide to launch
663 // new a test leg to potentially replace this one, if a latency target
664 // was requested and we now exceed it. Since C-Tor client likely
665 // will not have UDP support, we aren't doing this here.
666 }
668 /**
669 * Comparison function for ooo_q pqueue.
670 *
671 * Ensures that lower sequence numbers are at the head of the pqueue.
672 */
673 static int
675 {
676 // Compare a and b as conflux_cell_t using the seq field, and return a
677 // comparison result such that the lowest seq is at the head of the pqueue.
690 }
691 }
693 /**
694 * Get the congestion control object for a conflux circuit.
695 *
696 * Because conflux can only be negotiated with the last hop, we
697 * can use the last hop of the cpath to obtain the congestion
698 * control object for origin circuits. For non-origin circuits,
699 * we can use the circuit itself.
700 */
703 {
713 }
715 /* Conflux circuits always have congestion control*/
718 }
720 // TODO-329-TUNING: For LowRTT, we can at most switch every SENDME,
721 // but for BLEST, we should switch at most every cwnd.. But
722 // we do not know the other side's CWND here.. We can at best
723 // asssume it is above the cwnd_min
724 #define CONFLUX_MIN_LINK_INCREMENT 31
725 /**
726 * Validate and handle RELAY_COMMAND_CONFLUX_SWITCH.
727 */
728 int
732 {
744 }
746 /* If there is no conflux object negotiated, this is invalid.
747 * log and close circ */
754 }
756 // TODO-329-TUNING: Temporarily validate that we have all legs.
757 // After tuning is complete, we can remove this.
762 /* If we can't find the conflux leg, we got big problems..
763 * Close the circuit. */
769 }
771 // Check source hop via layer_hint
777 }
781 /*
782 * We have to make sure that the switch command is truely
783 * incrementing the sequence number, or else it becomes
784 * a side channel that can be spammed for traffic analysis.
785 */
786 // TODO-329-TUNING: This can happen. Disabling for now..
787 //if (relative_seq < CONFLUX_MIN_LINK_INCREMENT) {
788 // log_warn(LD_CIRC, "Got a conflux switch command with a relative "
789 // "sequence number less than the minimum increment. Closing "
790 // "circuit.");
791 // circuit_mark_for_close(in_circ, END_CIRC_REASON_TORPROTOCOL);
792 // return -1;
793 //}
795 // TODO-329-UDP: When Prop#340 exits and was negotiated, ensure we're
796 // in a packed cell, with another cell following, otherwise
797 // this is a spammed side-channel.
798 // - We definitely should never get switches back-to-back.
799 // - We should not get switches across all legs with no data
800 // But before Prop#340, it doesn't make much sense to do this.
801 // C-Tor is riddled with side-channels like this anyway, unless
802 // vanguards is in use. And this feature is not supported by
803 // onion servicees in C-Tor, so we're good there.
805 /* Update the absolute sequence number on this leg by the delta.
806 * Since this cell is not multiplexed, we do not count it towards
807 * absolute sequence numbers. We only increment the sequence
808 * numbers for multiplexed cells. Hence there is no +1 here. */
811 /* Mark this data as validated for controlport and vanguards
812 * dropped cell handling */
815 }
818 }
820 /**
821 * Process an incoming relay cell for conflux. Called from
822 * connection_edge_process_relay_cell().
823 *
824 * Returns true if the conflux system now has well-ordered cells to deliver
825 * to streams, false otherwise.
826 */
827 bool
830 {
831 // TODO-329-TUNING: Temporarily validate legs here. We can remove
832 // this after tuning is complete.
841 }
843 /* We need to make sure this cell came from the expected hop, or
844 * else it could be a data corruption attack from a middle node. */
848 }
850 /* Update the running absolute sequence number */
853 /* If this cell is next, fast-path it by processing the cell in-place */
855 /* The cell is now ready to be processed, and rest of the queue should
856 * now be checked for remaining elements */
874 /* This cell should not be processed yet, and the queue is not ready
875 * to process because the next absolute seqnum has not yet arrived */
877 }
878 }
880 /**
881 * Dequeue the top cell from our queue.
882 *
883 * Returns the cell as a conflux_cell_t, or NULL if the queue is empty
884 * or has a hole.
885 */
886 conflux_cell_t *
888 {
895 /* If the top cell is the next sequence number we need, then
896 * pop and return it. */
905 }
906 }