GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Commit 3cb77a9c authored by George Kadianakis's avatar George Kadianakis

Merge branch 'maint-0.4.4'

parents 1797d051 52edea12
o Major features (Proposal 310, performance + security):
- Implements Proposal 310 - Bandaid on guard selection.
Proposal 310 solves a load-balancing issue within Prop271 which strongly
impact experimental research with Shadow.
Security improvement: Proposal 310 prevents any newly Guard relay to
have a chance to get into the primary list of older Tor clients,
except if the N first sampled guards of these clients are unreachable.
Implements recommendation from 32088.
Proposal 310 is linked to the CLAPS project researching optimal
client location-aware path selections. This project is a collaboration
between the UCLouvain Crypto Group, the U.S. Naval Research Laboratory and
Princeton University.
......@@ -182,10 +182,10 @@ problem function-size /src/feature/client/addressmap.c:addressmap_rewrite() 109
problem function-size /src/feature/client/bridges.c:rewrite_node_address_for_bridge() 125
problem function-size /src/feature/client/circpathbias.c:pathbias_measure_close_rate() 108
problem function-size /src/feature/client/dnsserv.c:evdns_server_callback() 153
problem file-size /src/feature/client/entrynodes.c 3827
problem file-size /src/feature/client/entrynodes.c 4000
problem function-size /src/feature/client/entrynodes.c:entry_guards_upgrade_waiting_circuits() 155
problem function-size /src/feature/client/entrynodes.c:entry_guard_parse_from_state() 246
problem file-size /src/feature/client/entrynodes.h 639
problem file-size /src/feature/client/entrynodes.h 700
problem function-size /src/feature/client/transports.c:handle_proxy_line() 108
problem function-size /src/feature/client/transports.c:parse_method_line_helper() 110
problem function-size /src/feature/client/transports.c:create_managed_proxy_environment() 111
......
This diff is collapsed.
......@@ -116,6 +116,13 @@ struct entry_guard_t {
* successfully and decide to keep it?) This field is zero if this is not a
* confirmed guard. */
time_t confirmed_on_date; /* 0 if not confirmed */
/**
* In what order was this guard sampled? Guards with
* lower indices appear earlier on the sampled list, the confirmed list and
* the primary list as a result of Prop 310
*/
int sampled_idx;
/**
* In what order was this guard confirmed? Guards with lower indices
* appear earlier on the confirmed list. If the confirmed list is compacted,
......@@ -242,8 +249,9 @@ struct guard_selection_t {
* Ordered list (from highest to lowest priority) of guards that we
* have successfully contacted and decided to use. Every member of
* this list is a member of sampled_entry_guards. Every member should
* have confirmed_on_date set, and have confirmed_idx greater than
* any earlier member of the list.
* have confirmed_on_date set.
* The ordering of the list should be by sampled idx. The reasoning behind
* it is linked to Proposal 310.
*
* This list is persistent. It is a subset of the elements in
* sampled_entry_guards, and its pointers point to elements of
......@@ -271,6 +279,12 @@ struct guard_selection_t {
* confirmed_entry_guards receive? */
int next_confirmed_idx;
/** What sampled_idx value should the next-added member of
* sampled_entry_guards receive? This should follow the size of the sampled
* list until sampled relays get pruned for some reason
*/
int next_sampled_idx;
};
struct entry_guard_handle_t;
......@@ -515,7 +529,8 @@ MOCK_DECL(STATIC circuit_guard_state_t *,
STATIC entry_guard_t *entry_guard_add_to_sample(guard_selection_t *gs,
const node_t *node);
STATIC entry_guard_t *entry_guards_expand_sample(guard_selection_t *gs);
STATIC char *entry_guard_encode_for_state(entry_guard_t *guard);
STATIC char *entry_guard_encode_for_state(entry_guard_t *guard, int
dense_sampled_index);
STATIC entry_guard_t *entry_guard_parse_from_state(const char *s);
#define entry_guard_free(e) \
FREE_AND_NULL(entry_guard_t, entry_guard_free_, (e))
......@@ -523,7 +538,7 @@ STATIC void entry_guard_free_(entry_guard_t *e);
STATIC void entry_guards_update_filtered_sets(guard_selection_t *gs);
STATIC int entry_guards_all_primary_guards_are_down(guard_selection_t *gs);
/**
* @name Flags for sample_reachable_filtered_entry_guards()
* @name Flags for first_reachable_filtered_entry_guard()
*/
/**@{*/
#define SAMPLE_EXCLUDE_CONFIRMED (1u<<0)
......@@ -532,7 +547,7 @@ STATIC int entry_guards_all_primary_guards_are_down(guard_selection_t *gs);
#define SAMPLE_NO_UPDATE_PRIMARY (1u<<3)
#define SAMPLE_EXCLUDE_NO_DESCRIPTOR (1u<<4)
/**@}*/
STATIC entry_guard_t *sample_reachable_filtered_entry_guards(
STATIC entry_guard_t *first_reachable_filtered_entry_guard(
guard_selection_t *gs,
const entry_guard_restriction_t *rst,
unsigned flags);
......
......@@ -390,12 +390,13 @@ test_entry_guard_encode_for_state_minimal(void *arg)
eg->confirmed_idx = -1;
char *s = NULL;
s = entry_guard_encode_for_state(eg);
s = entry_guard_encode_for_state(eg, 0);
tt_str_op(s, OP_EQ,
"in=wubwub "
"rsa_id=706C75727079666C75727079736C75727079646F "
"sampled_on=2016-11-14T00:00:00 "
"sampled_idx=0 "
"listed=0");
done:
......@@ -421,10 +422,11 @@ test_entry_guard_encode_for_state_maximal(void *arg)
eg->currently_listed = 1;
eg->confirmed_on_date = 1479081690;
eg->confirmed_idx = 333;
eg->sampled_idx = 42;
eg->extra_state_fields = tor_strdup("and the green grass grew all around");
char *s = NULL;
s = entry_guard_encode_for_state(eg);
s = entry_guard_encode_for_state(eg, 0);
tt_str_op(s, OP_EQ,
"in=default "
......@@ -432,6 +434,7 @@ test_entry_guard_encode_for_state_maximal(void *arg)
"bridge_addr=8.8.4.4:9999 "
"nickname=Fred "
"sampled_on=2016-11-14T00:00:00 "
"sampled_idx=0 "
"sampled_by=1.2.3 "
"unlisted_since=2016-11-14T00:00:45 "
"listed=1 "
......@@ -621,39 +624,47 @@ test_entry_guard_parse_from_state_full(void *arg)
const char STATE[] =
"Guard in=default rsa_id=214F44BD5B638E8C817D47FF7C97397790BF0345 "
"nickname=TotallyNinja sampled_on=2016-11-12T19:32:49 "
"sampled_idx=0 "
"sampled_by=0.3.0.0-alpha-dev "
"listed=1\n"
"Guard in=default rsa_id=052900AB0EA3ED54BAB84AE8A99E74E8693CE2B2 "
"nickname=5OfNovember sampled_on=2016-11-20T04:32:05 "
"sampled_idx=1 "
"sampled_by=0.3.0.0-alpha-dev "
"listed=1 confirmed_on=2016-11-22T08:13:28 confirmed_idx=0 "
"pb_circ_attempts=4.000000 pb_circ_successes=2.000000 "
"pb_successful_circuits_closed=2.000000\n"
"Guard in=default rsa_id=7B700C0C207EBD0002E00F499BE265519AC3C25A "
"nickname=dc6jgk11 sampled_on=2016-11-28T11:50:13 "
"sampled_idx=2 "
"sampled_by=0.3.0.0-alpha-dev "
"listed=1 confirmed_on=2016-11-24T08:45:30 confirmed_idx=4 "
"pb_circ_attempts=5.000000 pb_circ_successes=5.000000 "
"pb_successful_circuits_closed=5.000000\n"
"Guard in=wobblesome rsa_id=7B700C0C207EBD0002E00F499BE265519AC3C25A "
"nickname=dc6jgk11 sampled_on=2016-11-28T11:50:13 "
"sampled_idx=0 "
"sampled_by=0.3.0.0-alpha-dev "
"listed=1\n"
"Guard in=default rsa_id=E9025AD60D86875D5F11548D536CC6AF60F0EF5E "
"nickname=maibrunn sampled_on=2016-11-25T22:36:38 "
"sampled_idx=3 "
"sampled_by=0.3.0.0-alpha-dev listed=1\n"
"Guard in=default rsa_id=DCD30B90BA3A792DA75DC54A327EF353FB84C38E "
"nickname=Unnamed sampled_on=2016-11-25T14:34:00 "
"sampled_idx=10 "
"sampled_by=0.3.0.0-alpha-dev listed=1\n"
"Guard in=bridges rsa_id=8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2E "
"bridge_addr=24.1.1.1:443 sampled_on=2016-11-25T06:44:14 "
"sampled_idx=0 "
"sampled_by=0.3.0.0-alpha-dev listed=1 "
"confirmed_on=2016-11-29T10:36:06 confirmed_idx=0 "
"pb_circ_attempts=8.000000 pb_circ_successes=8.000000 "
"pb_successful_circuits_closed=13.000000\n"
"Guard in=bridges rsa_id=5800000000000000000000000000000000000000 "
"bridge_addr=37.218.246.143:28366 "
"sampled_on=2016-11-18T15:07:34 sampled_by=0.3.0.0-alpha-dev listed=1\n";
"sampled_on=2016-11-18T15:07:34 sampled_idx=1 "
"sampled_by=0.3.0.0-alpha-dev listed=1\n";
config_line_t *lines = NULL;
or_state_t *state = tor_malloc_zero(sizeof(or_state_t));
......@@ -729,35 +740,42 @@ test_entry_guard_parse_from_state_full(void *arg)
tt_str_op(joined, OP_EQ,
"Guard in=default rsa_id=052900AB0EA3ED54BAB84AE8A99E74E8693CE2B2 "
"nickname=5OfNovember sampled_on=2016-11-20T04:32:05 "
"sampled_idx=0 "
"sampled_by=0.3.0.0-alpha-dev "
"listed=1 confirmed_on=2016-11-22T08:13:28 confirmed_idx=0 "
"pb_circ_attempts=4.000000 pb_circ_successes=2.000000 "
"pb_successful_circuits_closed=2.000000\n"
"Guard in=default rsa_id=7B700C0C207EBD0002E00F499BE265519AC3C25A "
"nickname=dc6jgk11 sampled_on=2016-11-28T11:50:13 "
"sampled_idx=1 "
"sampled_by=0.3.0.0-alpha-dev "
"listed=1 confirmed_on=2016-11-24T08:45:30 confirmed_idx=1 "
"pb_circ_attempts=5.000000 pb_circ_successes=5.000000 "
"pb_successful_circuits_closed=5.000000\n"
"Guard in=default rsa_id=E9025AD60D86875D5F11548D536CC6AF60F0EF5E "
"nickname=maibrunn sampled_on=2016-11-25T22:36:38 "
"sampled_idx=2 "
"sampled_by=0.3.0.0-alpha-dev listed=1\n"
"Guard in=default rsa_id=DCD30B90BA3A792DA75DC54A327EF353FB84C38E "
"nickname=Unnamed sampled_on=2016-11-25T14:34:00 "
"sampled_idx=3 "
"sampled_by=0.3.0.0-alpha-dev listed=1\n"
"Guard in=wobblesome rsa_id=7B700C0C207EBD0002E00F499BE265519AC3C25A "
"nickname=dc6jgk11 sampled_on=2016-11-28T11:50:13 "
"sampled_idx=0 "
"sampled_by=0.3.0.0-alpha-dev "
"listed=1\n"
"Guard in=bridges rsa_id=8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2E "
"bridge_addr=24.1.1.1:443 sampled_on=2016-11-25T06:44:14 "
"sampled_idx=0 "
"sampled_by=0.3.0.0-alpha-dev listed=1 "
"confirmed_on=2016-11-29T10:36:06 confirmed_idx=0 "
"pb_circ_attempts=8.000000 pb_circ_successes=8.000000 "
"pb_successful_circuits_closed=13.000000\n"
"Guard in=bridges rsa_id=5800000000000000000000000000000000000000 "
"bridge_addr=37.218.246.143:28366 "
"sampled_on=2016-11-18T15:07:34 sampled_by=0.3.0.0-alpha-dev listed=1\n");
"sampled_on=2016-11-18T15:07:34 sampled_idx=1 "
"sampled_by=0.3.0.0-alpha-dev listed=1\n");
done:
config_free_lines(lines);
......@@ -1461,8 +1479,8 @@ test_entry_guard_confirming_guards(void *arg)
tt_i64_op(g1->confirmed_on_date, OP_EQ, start+10);
tt_i64_op(g2->confirmed_on_date, OP_EQ, start);
tt_i64_op(g3->confirmed_on_date, OP_EQ, start+10);
tt_ptr_op(smartlist_get(gs->confirmed_entry_guards, 0), OP_EQ, g2);
tt_ptr_op(smartlist_get(gs->confirmed_entry_guards, 1), OP_EQ, g1);
tt_ptr_op(smartlist_get(gs->confirmed_entry_guards, 0), OP_EQ, g1);
tt_ptr_op(smartlist_get(gs->confirmed_entry_guards, 1), OP_EQ, g2);
tt_ptr_op(smartlist_get(gs->confirmed_entry_guards, 2), OP_EQ, g3);
/* Now make sure we can regenerate the confirmed_entry_guards list. */
......@@ -1474,8 +1492,8 @@ test_entry_guard_confirming_guards(void *arg)
tt_int_op(g1->confirmed_idx, OP_EQ, 1);
tt_int_op(g2->confirmed_idx, OP_EQ, 0);
tt_int_op(g3->confirmed_idx, OP_EQ, 2);
tt_ptr_op(smartlist_get(gs->confirmed_entry_guards, 0), OP_EQ, g2);
tt_ptr_op(smartlist_get(gs->confirmed_entry_guards, 1), OP_EQ, g1);
tt_ptr_op(smartlist_get(gs->confirmed_entry_guards, 0), OP_EQ, g1);
tt_ptr_op(smartlist_get(gs->confirmed_entry_guards, 1), OP_EQ, g2);
tt_ptr_op(smartlist_get(gs->confirmed_entry_guards, 2), OP_EQ, g3);
/* Now make sure we can regenerate the confirmed_entry_guards list if
......@@ -1492,9 +1510,9 @@ test_entry_guard_confirming_guards(void *arg)
g1 = smartlist_get(gs->confirmed_entry_guards, 0);
g2 = smartlist_get(gs->confirmed_entry_guards, 1);
g3 = smartlist_get(gs->confirmed_entry_guards, 2);
tt_int_op(g1->confirmed_idx, OP_EQ, 0);
tt_int_op(g2->confirmed_idx, OP_EQ, 1);
tt_int_op(g3->confirmed_idx, OP_EQ, 2);
tt_int_op(g1->sampled_idx, OP_EQ, 0);
tt_int_op(g2->sampled_idx, OP_EQ, 1);
tt_int_op(g3->sampled_idx, OP_EQ, 8);
tt_assert(g1 != g2);
tt_assert(g1 != g3);
tt_assert(g2 != g3);
......@@ -1510,9 +1528,6 @@ test_entry_guard_sample_reachable_filtered(void *arg)
(void)arg;
guard_selection_t *gs = guard_selection_new("default", GS_TYPE_NORMAL);
entry_guards_expand_sample(gs);
const int N = 10000;
bitarray_t *selected = NULL;
int i, j;
/* We've got a sampled list now; let's make one non-usable-filtered; some
* confirmed, some primary, some pending.
......@@ -1547,32 +1562,21 @@ test_entry_guard_sample_reachable_filtered(void *arg)
{ SAMPLE_EXCLUDE_PENDING, 0 },
{ -1, -1},
};
int j;
for (j = 0; tests[j].flag >= 0; ++j) {
selected = bitarray_init_zero(n_guards);
const int excluded_flags = tests[j].flag;
const int excluded_idx = tests[j].idx;
for (i = 0; i < N; ++i) {
g = sample_reachable_filtered_entry_guards(gs, NULL, excluded_flags);
tor_assert(g);
int pos = smartlist_pos(gs->sampled_entry_guards, g);
tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_EQ, n_guards);
tt_int_op(pos, OP_GE, 0);
tt_int_op(pos, OP_LT, n_guards);
bitarray_set(selected, pos);
}
for (i = 0; i < n_guards; ++i) {
const int should_be_set = (i != excluded_idx &&
i != 3); // filtered out.
tt_int_op(!!bitarray_is_set(selected, i), OP_EQ, should_be_set);
}
bitarray_free(selected);
selected = NULL;
g = first_reachable_filtered_entry_guard(gs, NULL, excluded_flags);
tor_assert(g);
int pos = smartlist_pos(gs->sampled_entry_guards, g);
tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_EQ, n_guards);
const int should_be_set = (pos != excluded_idx &&
pos != 3); // filtered out.
tt_int_op(1, OP_EQ, should_be_set);
}
done:
guard_selection_free(gs);
bitarray_free(selected);
}
static void
......@@ -1584,7 +1588,7 @@ test_entry_guard_sample_reachable_filtered_empty(void *arg)
SMARTLIST_FOREACH(big_fake_net_nodes, node_t *, n,
n->is_possible_guard = 0);
entry_guard_t *g = sample_reachable_filtered_entry_guards(gs, NULL, 0);
entry_guard_t *g = first_reachable_filtered_entry_guard(gs, NULL, 0);
tt_ptr_op(g, OP_EQ, NULL);
done:
......@@ -1675,10 +1679,13 @@ test_entry_guard_manage_primary(void *arg)
tt_ptr_op(g, OP_EQ, smartlist_get(prev_guards, g_sl_idx));
});
/* If we have one confirmed guard, that guards becomes the first primary
* guard, and the other primary guards get kept. */
/**
* If we have one confirmed guard, that guards becomes the first primary
* only if its sampled_idx is smaller
* */
/* find a non-primary guard... */
/* find a non-primary guard... it should have a sampled_idx higher than
* existing primary guards */
entry_guard_t *confirmed = NULL;
SMARTLIST_FOREACH(gs->sampled_entry_guards, entry_guard_t *, g, {
if (! g->is_primary) {
......@@ -1694,15 +1701,13 @@ test_entry_guard_manage_primary(void *arg)
smartlist_add_all(prev_guards, gs->primary_entry_guards);
entry_guards_update_primary(gs);
/* and see what's primary now! */
/* the confirmed guard should be at the end of the primary list! Hopefully,
* one of the primary guards with a lower sampled_idx will confirm soon :)
* Doing this won't make the client switches between primaries depending on
* the order of confirming events */
tt_int_op(smartlist_len(gs->primary_entry_guards), OP_EQ, n_primary);
tt_ptr_op(smartlist_get(gs->primary_entry_guards, 0), OP_EQ, confirmed);
SMARTLIST_FOREACH(gs->primary_entry_guards, entry_guard_t *, g, {
tt_assert(g->is_primary);
if (g_sl_idx == 0)
continue;
tt_ptr_op(g, OP_EQ, smartlist_get(prev_guards, g_sl_idx - 1));
});
tt_ptr_op(smartlist_get(gs->primary_entry_guards,
smartlist_len(gs->primary_entry_guards)-1), OP_EQ, confirmed);
{
entry_guard_t *prev_last_guard = smartlist_get(prev_guards, n_primary-1);
tt_assert(! prev_last_guard->is_primary);
......@@ -1792,6 +1797,57 @@ test_entry_guard_guard_preferred(void *arg)
tor_free(g2);
}
static void
test_entry_guard_correct_cascading_order(void *arg)
{
(void)arg;
smartlist_t *old_primary_guards = smartlist_new();
guard_selection_t *gs = guard_selection_new("default", GS_TYPE_NORMAL);
entry_guards_expand_sample(gs);
/** First, a test in which the primary guards need be pulled from different
* lists to fill up the primary list -- this may happen, if for example, not
* enough guards have confirmed yet */
entry_guard_t *g;
/** just one confirmed */
g = smartlist_get(gs->sampled_entry_guards, 2);
make_guard_confirmed(gs, g);
entry_guards_update_primary(gs);
g = smartlist_get(gs->primary_entry_guards, 0);
tt_int_op(g->sampled_idx, OP_EQ, 0);
g = smartlist_get(gs->primary_entry_guards, 1);
tt_int_op(g->sampled_idx, OP_EQ, 1);
g = smartlist_get(gs->primary_entry_guards, 2);
tt_int_op(g->sampled_idx, OP_EQ, 2);
/** Now the primaries get all confirmed, and the primary list should not
* change */
make_guard_confirmed(gs, smartlist_get(gs->primary_entry_guards, 0));
make_guard_confirmed(gs, smartlist_get(gs->primary_entry_guards, 1));
smartlist_add_all(old_primary_guards, gs->primary_entry_guards);
entry_guards_update_primary(gs);
smartlist_ptrs_eq(gs->primary_entry_guards, old_primary_guards);
/** the confirmed guards should also have the same set of guards, in the same
* order :-) */
smartlist_ptrs_eq(gs->confirmed_entry_guards, gs->primary_entry_guards);
/** Now select a guard for a circuit, and make sure it is the first primary
* guard */
unsigned state = 9999;
g = select_entry_guard_for_circuit(gs, GUARD_USAGE_TRAFFIC, NULL, &state);
tt_ptr_op(g, OP_EQ, smartlist_get(gs->primary_entry_guards, 0));
/** Now, let's mark this guard as unreachable and let's update the lists */
g->is_reachable = GUARD_REACHABLE_NO;
g->failing_since = approx_time() - 10;
g->last_tried_to_connect = approx_time() - 10;
state = 9999;
entry_guards_update_primary(gs);
g = select_entry_guard_for_circuit(gs, GUARD_USAGE_TRAFFIC, NULL, &state);
/** we should have switched to the next one is sampled order */
tt_int_op(g->sampled_idx, OP_EQ, 1);
done:
smartlist_free(old_primary_guards);
guard_selection_free(gs);
}
static void
test_entry_guard_select_for_circuit_no_confirmed(void *arg)
{
......@@ -3094,6 +3150,7 @@ struct testcase_t entrynodes_tests[] = {
BFN_TEST(sample_reachable_filtered_empty),
BFN_TEST(retry_unreachable),
BFN_TEST(manage_primary),
BFN_TEST(correct_cascading_order),
EN_TEST_FORK(guard_preferred),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment