| blob | 435436c45c54772d285f795ecde035ab27e80222 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2015, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
7 /* TOR_CHANNEL_INTERNAL_ define needed for an O(1) implementation of
8 * channelpadding_channel_to_channelinfo() */
9 #define TOR_CHANNEL_INTERNAL_
23 #include <event2/event.h>
30 /** The total number of pending channelpadding timers */
33 /** These are cached consensus parameters for netflow */
34 /** The timeout lower bound that is allowed before sending padding */
36 /** The timeout upper bound that is allowed before sending padding */
38 /** The timeout lower bound that is allowed before sending reduced padding */
40 /** The timeout upper bound that is allowed before sending reduced padding */
42 /** The connection timeout between relays */
44 /** The connection timeout for client connections */
46 /** Should we pad before circuits are actually used for client data? */
48 /** Should we pad relay-to-relay connections? */
50 /** Should we pad tor2web connections? */
52 /** Should we pad rosos connections? */
55 #define TOR_MSEC_PER_SEC 1000
56 #define TOR_USEC_PER_MSEC 1000
58 /**
59 * How often do we get called by the connection housekeeping (ie: once
60 * per second) */
61 #define TOR_HOUSEKEEPING_CALLBACK_MSEC 1000
62 /**
63 * Additional extra time buffer on the housekeeping callback, since
64 * it can be delayed. This extra slack is used to decide if we should
65 * schedule a timer or wait for the next callback. */
66 #define TOR_HOUSEKEEPING_CALLBACK_SLACK_MSEC 100
68 /**
69 * This macro tells us if either end of the channel is connected to a client.
70 * (If we're not a server, we're definitely a client. If the channel thinks
71 * its a client, use that. Then finally verify in the consensus).
72 */
73 #define CHANNEL_IS_CLIENT(chan, options) \
74 (!public_server_mode((options)) || channel_is_client(chan) || \
75 !connection_or_digest_is_known_relay((chan)->identity_digest))
77 /**
78 * This function is called to update cached consensus parameters every time
79 * there is a consensus update. This allows us to move the consensus param
80 * search off of the critical path, so it does not need to be evaluated
81 * for every single connection, every second.
82 */
83 void
85 {
86 #define DFLT_NETFLOW_INACTIVE_KEEPALIVE_LOW 1500
87 #define DFLT_NETFLOW_INACTIVE_KEEPALIVE_HIGH 9500
88 #define DFLT_NETFLOW_INACTIVE_KEEPALIVE_MIN 0
89 #define DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX 60000
91 DFLT_NETFLOW_INACTIVE_KEEPALIVE_LOW,
92 DFLT_NETFLOW_INACTIVE_KEEPALIVE_MIN,
93 DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX);
95 DFLT_NETFLOW_INACTIVE_KEEPALIVE_HIGH,
96 consensus_nf_ito_low,
97 DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX);
99 #define DFLT_NETFLOW_REDUCED_KEEPALIVE_LOW 9000
100 #define DFLT_NETFLOW_REDUCED_KEEPALIVE_HIGH 14000
101 #define DFLT_NETFLOW_REDUCED_KEEPALIVE_MIN 0
102 #define DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX 60000
103 consensus_nf_ito_low_reduced =
105 DFLT_NETFLOW_REDUCED_KEEPALIVE_LOW,
106 DFLT_NETFLOW_REDUCED_KEEPALIVE_MIN,
107 DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX);
109 consensus_nf_ito_high_reduced =
111 DFLT_NETFLOW_REDUCED_KEEPALIVE_HIGH,
112 consensus_nf_ito_low_reduced,
113 DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX);
116 #define CONNTIMEOUT_RELAYS_MIN 60
118 consensus_nf_conntimeout_relays =
120 CONNTIMEOUT_RELAYS_DFLT,
121 CONNTIMEOUT_RELAYS_MIN,
122 CONNTIMEOUT_RELAYS_MAX);
125 #define CIRCTIMEOUT_CLIENTS_MIN 60
127 consensus_nf_conntimeout_clients =
129 CIRCTIMEOUT_CLIENTS_DFLT,
130 CIRCTIMEOUT_CLIENTS_MIN,
131 CIRCTIMEOUT_CLIENTS_MAX);
133 consensus_nf_pad_before_usage =
136 consensus_nf_pad_relays =
139 consensus_nf_pad_tor2web =
141 CHANNELPADDING_TOR2WEB_PARAM,
144 consensus_nf_pad_single_onion =
146 CHANNELPADDING_SOS_PARAM,
148 }
150 /**
151 * Get a random netflow inactive timeout keepalive period in milliseconds,
152 * the range for which is determined by consensus parameters, negotiation,
153 * configuration, or default values. The consensus parameters enforce the
154 * minimum possible value, to avoid excessively frequent padding.
155 *
156 * The ranges for this value were chosen to be low enough to ensure that
157 * routers do not emit a new netflow record for a connection due to it
158 * being idle.
159 *
160 * Specific timeout values for major routers are listed in Proposal 251.
161 * No major router appeared capable of setting an inactive timeout below 10
162 * seconds, so we set the defaults below that value, since we can always
163 * scale back if it ends up being too much padding.
164 *
165 * Returns the next timeout period (in milliseconds) after which we should
166 * send a padding packet, or 0 if padding is disabled.
167 */
168 STATIC int
170 {
178 /* If we have negotiated different timeout values, use those, but
179 * don't allow them to be lower than the consensus ones */
183 }
188 /*
189 * This MAX() hack is here because we apply the timeout on both the client
190 * and the server. This creates the situation where the total time before
191 * sending a packet in either direction is actually
192 * min(client_timeout,server_timeout).
193 *
194 * If X is a random variable uniform from 0..R-1 (where R=high-low),
195 * then Y=max(X,X) has Prob(Y == i) = (2.0*i + 1)/(R*R).
196 *
197 * If we create a third random variable Z=min(Y,Y), then it turns out that
198 * Exp[Z] ~= Exp[X]. Here's a table:
199 *
200 * R Exp[X] Exp[Z] Exp[min(X,X)] Exp[max(X,X)]
201 * 2000 999.5 1066 666.2 1332.8
202 * 3000 1499.5 1599.5 999.5 1999.5
203 * 5000 2499.5 2666 1666.2 3332.8
204 * 6000 2999.5 3199.5 1999.5 3999.5
205 * 7000 3499.5 3732.8 2332.8 4666.2
206 * 8000 3999.5 4266.2 2666.2 5332.8
207 * 10000 4999.5 5328 3332.8 6666.2
208 * 15000 7499.5 7995 4999.5 9999.5
209 * 20000 9900.5 10661 6666.2 13332.8
210 *
211 * In other words, this hack makes it so that when both the client and
212 * the guard are sending this padding, then the averages work out closer
213 * to the midpoint of the range, making the overhead easier to tune.
214 * If only one endpoint is padding (for example: if the relay does not
215 * support padding, but the client has set ConnectionPadding 1; or
216 * if the relay does support padding, but the client has set
217 * ReducedConnectionPadding 1), then the defense will still prevent
218 * record splitting, but with less overhead than the midpoint
219 * (as seen by the Exp[max(X,X)] column).
220 *
221 * To calculate average padding packet frequency (and thus overhead),
222 * index into the table by picking a row based on R = high-low. Then,
223 * use the appropriate column (Exp[Z] for two-sided padding, and
224 * Exp[max(X,X)] for one-sided padding). Finally, take this value
225 * and add it to the low timeout value. This value is the average
226 * frequency which padding packets will be sent.
227 */
232 }
234 /**
235 * Update this channel's padding settings based on the PADDING_NEGOTIATE
236 * contents.
237 *
238 * Returns -1 on error; 1 on success.
239 */
240 int
243 {
250 }
252 // We should not allow malicious relays to disable or reduce padding for
253 // us as clients. In fact, we should only accept this cell at all if we're
254 // operating as a relay. Bridges should not accept it from relays, either
255 // (only from their clients).
262 "Got a PADDING_NEGOTIATE from relay at %s (%s). "
267 }
271 /* Min must not be lower than the current consensus parameter
272 nf_ito_low. */
276 /* Max must not be lower than ito_low_ms */
287 }
289 /**
290 * Sends a CELL_PADDING_NEGOTIATE on the channel to tell the other side not
291 * to send padding.
292 *
293 * Returns -1 on error, 0 on success.
294 */
295 STATIC int
297 {
298 channelpadding_negotiate_t disable;
299 cell_t cell;
302 MIN_LINK_PROTO_FOR_CHANNEL_PADDING);
316 else
318 }
320 /**
321 * Sends a CELL_PADDING_NEGOTIATE on the channel to tell the other side to
322 * resume sending padding at some rate.
323 *
324 * Returns -1 on error, 0 on success.
325 */
326 int
329 {
330 channelpadding_negotiate_t enable;
331 cell_t cell;
334 MIN_LINK_PROTO_FOR_CHANNEL_PADDING);
350 else
352 }
354 /**
355 * Sends a CELL_PADDING cell on a channel if it has been idle since
356 * our callback was scheduled.
357 *
358 * This function also clears the pending padding timer and the callback
359 * flags.
360 */
361 static void
363 {
364 cell_t cell;
366 /* Check that the channel is still valid and open */
372 }
374 /* We should have a pending callback flag set. */
382 /* We must have been active before the timer fired */
385 }
387 {
398 }
400 /* Clear the timer */
403 /* Send the padding cell. This will cause the channel to get a
404 * fresh timestamp_active */
408 }
410 /**
411 * tor_timer callback function for us to send padding on an idle channel.
412 *
413 * This function just obtains the channel from the callback handle, ensures
414 * it is still valid, and then hands it off to
415 * channelpadding_send_padding_cell_for_callback(), which checks if
416 * the channel is still idle before sending padding.
417 */
418 static void
421 {
426 /* Hrmm.. It might be nice to have an equivalent to assert_connection_ok
427 * for channels. Then we could get rid of the channeltls dependency */
429 OR_CONNECTION_MAGIC);
436 }
438 total_timers_pending--;
439 }
441 /**
442 * Schedules a callback to send padding on a channel in_ms milliseconds from
443 * now.
444 *
445 * Returns CHANNELPADDING_WONTPAD on error, CHANNELPADDING_PADDING_SENT if we
446 * sent the packet immediately without a timer, and
447 * CHANNELPADDING_PADDING_SCHEDULED if we decided to schedule a timer.
448 */
449 static channelpadding_decision_t
451 {
459 }
466 }
470 channelpadding_send_padding_callback,
475 }
482 }
484 /**
485 * Calculates the number of milliseconds from now to schedule a padding cell.
486 *
487 * Returns the number of milliseconds from now (relative) to schedule the
488 * padding callback. If the padding timer is more than 1.1 seconds in the
489 * future, we return -1, to avoid scheduling excessive callbacks. If padding
490 * is disabled in the consensus, we return -2.
491 *
492 * Side-effects: Updates chan->next_padding_time_ms, storing an (absolute, not
493 * relative) millisecond representation of when we should send padding, unless
494 * other activity happens first. This side-effect allows us to avoid
495 * scheduling a libevent callback until we're within 1.1 seconds of the padding
496 * time.
497 */
498 #define CHANNELPADDING_TIME_LATER -1
499 #define CHANNELPADDING_TIME_DISABLED -2
500 STATIC int64_t
502 {
506 /* If the below line or crypto_rand_int() shows up on a profile,
507 * we can avoid getting a timeout until we're at least nf_ito_lo
508 * from a timeout window. That will prevent us from setting timers
509 * on connections that were active up to 1.5 seconds ago.
510 * Idle connections should only call this once every 5.5s on average
511 * though, so that might be a micro-optimization for little gain. */
520 }
522 /* If the next padding time is beyond the maximum possible consensus value,
523 * then this indicates a clock jump, so just send padding now. This is
524 * better than using monotonic time because we want to avoid the situation
525 * where we wait around forever for monotonic time to move forward after
526 * a clock jump far into the past.
527 */
529 DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX) {
536 }
538 /* If the timeout will expire before the next time we're called (1000ms
539 from now, plus some slack), then calculate the number of milliseconds
540 from now which we should send padding, so we can schedule a callback
541 then.
542 */
547 long_now;
548 /* If the padding time is in the past, that means that libevent delayed
549 * calling the once-per-second callback due to other work taking too long.
550 * See https://bugs.torproject.org/22212 and
551 * https://bugs.torproject.org/16585. This is a systemic problem
552 * with being single-threaded, but let's emit a notice if this
553 * is long enough in the past that we might have missed a netflow window,
554 * and allowed a router to emit a netflow frame, just so we don't forget
555 * about it entirely.. */
556 #define NETFLOW_MISSED_WINDOW (150000 - DFLT_NETFLOW_INACTIVE_KEEPALIVE_HIGH)
564 }
567 }
569 }
571 /**
572 * Returns a randomized value for channel idle timeout in seconds.
573 * The channel idle timeout governs how quickly we close a channel
574 * after its last circuit has disappeared.
575 *
576 * There are three classes of channels:
577 * 1. Client+non-canonical. These live for 3-4.5 minutes
578 * 2. relay to relay. These live for 45-75 min by default
579 * 3. Reduced padding clients. These live for 1.5-2.25 minutes.
580 *
581 * Also allows the default relay-to-relay value to be controlled by the
582 * consensus.
583 */
584 unsigned int
587 {
591 /* Non-canonical and client channels only last for 3-4.5 min when idle */
594 timeout = CONNTIMEOUT_CLIENTS_BASE
597 // 45..75min or consensus +/- 25%
600 }
602 /* If ReducedConnectionPadding is set, we want to halve the duration of
603 * the channel idle timeout, since reducing the additional time that
604 * a channel stays open will reduce the total overhead for making
605 * new channels. This reduction in overhead/channel expense
606 * is important for mobile users. The option cannot be set by relays.
607 *
608 * We also don't reduce any values for timeout that the user explicitly
609 * set.
610 */
614 }
617 }
619 /**
620 * This function controls how long we keep idle circuits open,
621 * and how long we build predicted circuits. This behavior is under
622 * the control of channelpadding because circuit availability is the
623 * dominant factor in channel lifespan, which influences total padding
624 * overhead.
625 *
626 * Returns a randomized number of seconds in a range from
627 * CircuitsAvailableTimeout to 2*CircuitsAvailableTimeout. This value is halved
628 * if ReducedConnectionPadding is set. The default value of
629 * CircuitsAvailableTimeout can be controlled by the consensus.
630 */
631 int
633 {
640 /* If ReducedConnectionPadding is set, we want to halve the duration of
641 * the channel idle timeout, since reducing the additional time that
642 * a channel stays open will reduce the total overhead for making
643 * new connections. This reduction in overhead/connection expense
644 * is important for mobile users. The option cannot be set by relays.
645 *
646 * We also don't reduce any values for timeout that the user explicitly
647 * set.
648 */
650 // half the value to 15..30min by default
652 }
653 }
655 // 30..60min by default
659 }
661 /**
662 * Calling this function on a channel causes it to tell the other side
663 * not to send padding, and disables sending padding from this side as well.
664 */
665 void
667 {
670 // Send cell to disable padding on the other end
672 }
674 /**
675 * Calling this function on a channel causes it to tell the other side
676 * not to send padding, and reduces the rate that padding is sent from
677 * this side.
678 */
679 void
681 {
682 /* Padding can be forced and reduced by clients, regardless of if
683 * the channel supports it. So we check for support here before
684 * sending any commands. */
687 }
696 }
698 /**
699 * This function is called once per second by run_connection_housekeeping(),
700 * but only if the channel is still open, valid, and non-wedged.
701 *
702 * It decides if and when we should send a padding cell, and if needed,
703 * schedules a callback to send that cell at the appropriate time.
704 *
705 * Returns an enum that represents the current padding decision state.
706 * Return value is currently used only by unit tests.
707 */
708 channelpadding_decision_t
710 {
713 /* Only pad open channels */
722 }
727 /* Don't pad the channel if we didn't negotiate it, but still
728 * allow clients to force padding if options->ChannelPadding is
729 * explicitly set to 1.
730 */
733 }
736 /* If the consensus just changed values, this channel may still
737 * think padding is enabled. Negotiate it off. */
742 }
746 /* If the consensus just changed values, this channel may still
747 * think padding is enabled. Negotiate it off. */
752 }
759 }
761 /* If nf_pad_relays=1 is set in the consensus, we pad
762 * on *all* idle connections, relay-relay or relay-client.
763 * Otherwise pad only for client+bridge cons */
776 }
777 /* We have to schedule a callback because we're called exactly once per
778 * second, but we don't want padding packets to go out exactly on an
779 * integer multiple of seconds. This callback will only be scheduled
780 * if we're within 1.1 seconds of the padding time.
781 */
784 }
788 }
791 }
792 }