[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor] 03/04: token_bucket_ctr: replace 32-bit wallclock time with monotime
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main
in repository tor.
commit 23f4a28f9755a228ab295d5358298f1a72f8aff1
Author: Micah Elizabeth Scott <beth@xxxxxxxxxxxxxx>
AuthorDate: Tue May 16 16:28:26 2023 -0700
token_bucket_ctr: replace 32-bit wallclock time with monotime
This started as a response to ticket #40792 where Coverity is
complaining about a potential year 2038 bug where we cast time_t from
approx_time() to uint32_t for use in token_bucket_ctr.
There was a larger can of worms though, since token_bucket really
doesn't want to be using wallclock time here. I audited the call sites
for approx_time() and changed any that used a 32-bit cast or made
inappropriate use of wallclock time. Things like certificate lifetime,
consensus intervals, etc. need wallclock time. Measurements of rates
over time, however, are better served with a monotonic timer that does
not try and sync with wallclock ever.
Looking closer at token_bucket, its design is a bit odd because it was
initially intended for use with tick units but later forked into
token_bucket_rw which uses ticks to count bytes per second, and
token_bucket_ctr which uses seconds to count slower events. The rates
represented by either token bucket can't be lower than 1 per second, so
the slower timer in 'ctr' is necessary to represent the slower rates of
things like connections or introduction packets or rendezvous attempts.
I considered modifying token_bucket to use 64-bit timestamps overall
instead of 32-bit, but that seemed like an unnecessarily invasive change
that would grant some peace of mind but probably not help much. I was
more interested in removing the dependency on wallclock time. The
token_bucket_rw timer already uses monotonic time. This patch converts
token_bucket_ctr to use monotonic time as well. It introduces a new
monotime_coarse_absolute_sec(), which is currently the same as nsec
divided by a billion but could be optimized easily if we ever need to.
This patch also might fix a rollover bug.. I haven't tested this
extensively but I don't think the previous version of the rollover code
on either token bucket was correct, and I would expect it to get stuck
after the first rollover.
Signed-off-by: Micah Elizabeth Scott <beth@xxxxxxxxxxxxxx>
---
src/core/or/dos.c | 6 ++-
src/feature/hs/hs_circuit.c | 3 +-
src/feature/hs/hs_dos.c | 5 +-
src/feature/hs/hs_intropoint.c | 3 +-
src/feature/hs/hs_service.c | 3 +-
src/lib/evloop/token_bucket.c | 111 ++++++++++++++++++++---------------------
src/lib/evloop/token_bucket.h | 12 ++---
src/lib/time/compat_time.c | 17 +++++++
src/lib/time/compat_time.h | 16 +++++-
src/test/test_bwmgt.c | 24 ++++++++-
src/test/test_dos.c | 15 ++++--
src/test/test_hs_dos.c | 18 ++++---
src/test/test_hs_intropoint.c | 3 +-
13 files changed, 154 insertions(+), 82 deletions(-)
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 11a0edcc6a..8e0fe9e641 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -21,6 +21,7 @@
#include "feature/relay/routermode.h"
#include "feature/stats/geoip_stats.h"
#include "lib/crypt_ops/crypto_rand.h"
+#include "lib/time/compat_time.h"
#include "core/or/dos.h"
#include "core/or/dos_sys.h"
@@ -528,7 +529,8 @@ conn_update_on_connect(conn_client_stats_t *stats, const tor_addr_t *addr)
stats->concurrent_count++;
/* Refill connect connection count. */
- token_bucket_ctr_refill(&stats->connect_count, (uint32_t) approx_time());
+ token_bucket_ctr_refill(&stats->connect_count,
+ (uint32_t) monotime_coarse_absolute_sec());
/* Decrement counter for this new connection. */
if (token_bucket_ctr_get(&stats->connect_count) > 0) {
@@ -808,7 +810,7 @@ dos_geoip_entry_init(clientmap_entry_t *geoip_ent)
* can be enabled at runtime and these counters need to be valid. */
token_bucket_ctr_init(&geoip_ent->dos_stats.conn_stats.connect_count,
dos_conn_connect_rate, dos_conn_connect_burst,
- (uint32_t) approx_time());
+ (uint32_t) monotime_coarse_absolute_sec());
}
/** Note that the given channel has sent outbound the maximum amount of cell
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
index 4c27f417c5..4904f3ddf9 100644
--- a/src/feature/hs/hs_circuit.c
+++ b/src/feature/hs/hs_circuit.c
@@ -35,6 +35,7 @@
#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
+#include "lib/time/compat_time.h"
/* Trunnel. */
#include "trunnel/ed25519_cert.h"
@@ -794,7 +795,7 @@ handle_rend_pqueue_cb(mainloop_event_t *ev, void *arg)
if (pow_state->using_pqueue_bucket) {
token_bucket_ctr_refill(&pow_state->pqueue_bucket,
- (uint32_t) approx_time());
+ (uint32_t) monotime_coarse_absolute_sec());
if (token_bucket_ctr_get(&pow_state->pqueue_bucket) > 0) {
token_bucket_ctr_dec(&pow_state->pqueue_bucket, 1);
diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c
index 6323dbeeac..80ad3b1daa 100644
--- a/src/feature/hs/hs_dos.c
+++ b/src/feature/hs/hs_dos.c
@@ -28,6 +28,7 @@
#include "feature/relay/routermode.h"
#include "lib/evloop/token_bucket.h"
+#include "lib/time/compat_time.h"
#include "feature/hs/hs_dos.h"
@@ -143,7 +144,7 @@ hs_dos_setup_default_intro2_defenses(or_circuit_t *circ)
token_bucket_ctr_init(&circ->introduce2_bucket,
consensus_param_introduce_rate_per_sec,
consensus_param_introduce_burst_per_sec,
- (uint32_t) approx_time());
+ (uint32_t) monotime_coarse_absolute_sec());
}
/** Called when the consensus has changed. We might have new consensus
@@ -188,7 +189,7 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ)
/* Refill INTRODUCE2 bucket. */
token_bucket_ctr_refill(&s_intro_circ->introduce2_bucket,
- (uint32_t) approx_time());
+ (uint32_t) monotime_coarse_absolute_sec());
/* Decrement the bucket for this valid INTRODUCE1 cell we just got. Don't
* underflow else we end up with a too big of a bucket. */
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
index 0a656b78dd..52bd0cd499 100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@ -17,6 +17,7 @@
#include "feature/rend/rendmid.h"
#include "feature/stats/rephist.h"
#include "lib/crypt_ops/crypto_format.h"
+#include "lib/time/compat_time.h"
/* Trunnel */
#include "trunnel/ed25519_cert.h"
@@ -316,7 +317,7 @@ handle_establish_intro_cell_dos_extension(
token_bucket_ctr_init(&circ->introduce2_bucket,
(uint32_t) intro2_rate_per_sec,
(uint32_t) intro2_burst_per_sec,
- (uint32_t) approx_time());
+ (uint32_t) monotime_coarse_absolute_sec());
log_info(LD_REND, "Intro point DoS defenses enabled. Rate is %" PRIu64
" and Burst is %" PRIu64,
intro2_rate_per_sec, intro2_burst_per_sec);
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index 3ef2a9120c..777cc85fea 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -34,6 +34,7 @@
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/time/tvdiff.h"
+#include "lib/time/compat_time.h"
#include "feature/hs/hs_circuit.h"
#include "feature/hs/hs_common.h"
@@ -290,7 +291,7 @@ initialize_pow_defenses(hs_service_t *service)
token_bucket_ctr_init(&pow_state->pqueue_bucket,
service->config.pow_queue_rate,
service->config.pow_queue_burst,
- (uint32_t) approx_time());
+ (uint32_t) monotime_coarse_absolute_sec());
pow_state->pqueue_low_level = MAX(8, service->config.pow_queue_rate / 4);
pow_state->pqueue_high_level =
diff --git a/src/lib/evloop/token_bucket.c b/src/lib/evloop/token_bucket.c
index 16452314e2..9bcfeb9367 100644
--- a/src/lib/evloop/token_bucket.c
+++ b/src/lib/evloop/token_bucket.c
@@ -111,7 +111,9 @@ token_bucket_raw_dec(token_bucket_raw_t *bucket,
return becomes_empty;
}
-/** Convert a rate in bytes per second to a rate in bytes per step */
+/** Convert a rate in bytes per second to a rate in bytes per step.
+ * This is used for the 'rw' style (tick based) token buckets but not for
+ * the 'ctr' style buckets which count seconds. */
STATIC uint32_t
rate_per_sec_to_rate_per_step(uint32_t rate)
{
@@ -130,18 +132,18 @@ rate_per_sec_to_rate_per_step(uint32_t rate)
/**
* Initialize a token bucket in *<b>bucket</b>, set up to allow <b>rate</b>
* bytes per second, with a maximum burst of <b>burst</b> bytes. The bucket
- * is created such that <b>now_ts</b> is the current timestamp. The bucket
- * starts out full.
+ * is created such that <b>now_ts_stamp</b> is the current time in coarse stamp
+ * units. The bucket starts out full.
*/
void
token_bucket_rw_init(token_bucket_rw_t *bucket,
uint32_t rate,
uint32_t burst,
- uint32_t now_ts)
+ uint32_t now_ts_stamp)
{
memset(bucket, 0, sizeof(token_bucket_rw_t));
token_bucket_rw_adjust(bucket, rate, burst);
- token_bucket_rw_reset(bucket, now_ts);
+ token_bucket_rw_reset(bucket, now_ts_stamp);
}
/**
@@ -161,56 +163,54 @@ token_bucket_rw_adjust(token_bucket_rw_t *bucket,
}
/**
- * Reset <b>bucket</b> to be full, as of timestamp <b>now_ts</b>.
+ * Reset <b>bucket</b> to be full, as of timestamp <b>now_ts_stamp</b>.
*/
void
token_bucket_rw_reset(token_bucket_rw_t *bucket,
- uint32_t now_ts)
+ uint32_t now_ts_stamp)
{
token_bucket_raw_reset(&bucket->read_bucket, &bucket->cfg);
token_bucket_raw_reset(&bucket->write_bucket, &bucket->cfg);
- bucket->last_refilled_at_timestamp = now_ts;
+ bucket->last_refilled_at_timestamp = now_ts_stamp;
}
/**
* Refill <b>bucket</b> as appropriate, given that the current timestamp
- * is <b>now_ts</b>.
+ * is <b>now_ts_stamp</b> in coarse timestamp units.
*
* Return a bitmask containing TB_READ iff read bucket was empty and became
* nonempty, and TB_WRITE iff the write bucket was empty and became nonempty.
*/
int
token_bucket_rw_refill(token_bucket_rw_t *bucket,
- uint32_t now_ts)
+ uint32_t now_ts_stamp)
{
const uint32_t elapsed_ticks =
- (now_ts - bucket->last_refilled_at_timestamp);
- if (elapsed_ticks > UINT32_MAX-(300*1000)) {
- /* Either about 48 days have passed since the last refill, or the
- * monotonic clock has somehow moved backwards. (We're looking at you,
- * Windows.). We accept up to a 5 minute jump backwards as
- * "unremarkable".
- */
- return 0;
- }
- const uint32_t elapsed_steps = elapsed_ticks / TICKS_PER_STEP;
+ (now_ts_stamp - bucket->last_refilled_at_timestamp);
+ int flags = 0;
- if (!elapsed_steps) {
- /* Note that if less than one whole step elapsed, we don't advance the
- * time in last_refilled_at. That's intentional: we want to make sure
- * that we add some bytes to it eventually. */
- return 0;
- }
+ /* Skip over updates that include an overflow or a very large jump.
+ * This can happen for platform specific reasons, such as the old ~48
+ * day windows timer. */
+ if (elapsed_ticks <= UINT32_MAX/4) {
+ const uint32_t elapsed_steps = elapsed_ticks / TICKS_PER_STEP;
- int flags = 0;
- if (token_bucket_raw_refill_steps(&bucket->read_bucket,
- &bucket->cfg, elapsed_steps))
- flags |= TB_READ;
- if (token_bucket_raw_refill_steps(&bucket->write_bucket,
- &bucket->cfg, elapsed_steps))
- flags |= TB_WRITE;
+ if (!elapsed_steps) {
+ /* Note that if less than one whole step elapsed, we don't advance the
+ * time in last_refilled_at. That's intentional: we want to make sure
+ * that we add some bytes to it eventually. */
+ return 0;
+ }
+
+ if (token_bucket_raw_refill_steps(&bucket->read_bucket,
+ &bucket->cfg, elapsed_steps))
+ flags |= TB_READ;
+ if (token_bucket_raw_refill_steps(&bucket->write_bucket,
+ &bucket->cfg, elapsed_steps))
+ flags |= TB_WRITE;
+ }
- bucket->last_refilled_at_timestamp = now_ts;
+ bucket->last_refilled_at_timestamp = now_ts_stamp;
return flags;
}
@@ -259,15 +259,17 @@ token_bucket_rw_dec(token_bucket_rw_t *bucket,
/** Initialize a token bucket in <b>bucket</b>, set up to allow <b>rate</b>
* per second, with a maximum burst of <b>burst</b>. The bucket is created
- * such that <b>now_ts</b> is the current timestamp. The bucket starts out
- * full. */
+ * such that <b>now_ts_sec</b> is the current timestamp. The bucket starts
+ * out full. Note that these counters use seconds instead of approximate
+ * milliseconds, in order to allow a lower minimum rate than the rw counters.
+ */
void
token_bucket_ctr_init(token_bucket_ctr_t *bucket, uint32_t rate,
- uint32_t burst, uint32_t now_ts)
+ uint32_t burst, uint32_t now_ts_sec)
{
memset(bucket, 0, sizeof(token_bucket_ctr_t));
token_bucket_ctr_adjust(bucket, rate, burst);
- token_bucket_ctr_reset(bucket, now_ts);
+ token_bucket_ctr_reset(bucket, now_ts_sec);
}
/** Change the configured rate and burst of the given token bucket object in
@@ -280,31 +282,28 @@ token_bucket_ctr_adjust(token_bucket_ctr_t *bucket, uint32_t rate,
token_bucket_raw_adjust(&bucket->counter, &bucket->cfg);
}
-/** Reset <b>bucket</b> to be full, as of timestamp <b>now_ts</b>. */
+/** Reset <b>bucket</b> to be full, as of timestamp <b>now_ts_sec</b>. */
void
-token_bucket_ctr_reset(token_bucket_ctr_t *bucket, uint32_t now_ts)
+token_bucket_ctr_reset(token_bucket_ctr_t *bucket, uint32_t now_ts_sec)
{
token_bucket_raw_reset(&bucket->counter, &bucket->cfg);
- bucket->last_refilled_at_timestamp = now_ts;
+ bucket->last_refilled_at_timestamp = now_ts_sec;
}
/** Refill <b>bucket</b> as appropriate, given that the current timestamp is
- * <b>now_ts</b>. */
+ * <b>now_ts_sec</b> in seconds. */
void
-token_bucket_ctr_refill(token_bucket_ctr_t *bucket, uint32_t now_ts)
+token_bucket_ctr_refill(token_bucket_ctr_t *bucket, uint32_t now_ts_sec)
{
- const uint32_t elapsed_ticks =
- (now_ts - bucket->last_refilled_at_timestamp);
- if (elapsed_ticks > UINT32_MAX-(300*1000)) {
- /* Either about 48 days have passed since the last refill, or the
- * monotonic clock has somehow moved backwards. (We're looking at you,
- * Windows.). We accept up to a 5 minute jump backwards as
- * "unremarkable".
- */
- return;
- }
+ const uint32_t elapsed_sec =
+ (now_ts_sec - bucket->last_refilled_at_timestamp);
- token_bucket_raw_refill_steps(&bucket->counter, &bucket->cfg,
- elapsed_ticks);
- bucket->last_refilled_at_timestamp = now_ts;
+ /* Are we detecting a rollover or a similar extremely large jump? This
+ * shouldn't generally happen, but if it does for whatever (possibly
+ * platform-specific) reason, ignore it. */
+ if (elapsed_sec <= UINT32_MAX/4) {
+ token_bucket_raw_refill_steps(&bucket->counter, &bucket->cfg,
+ elapsed_sec);
+ }
+ bucket->last_refilled_at_timestamp = now_ts_sec;
}
diff --git a/src/lib/evloop/token_bucket.h b/src/lib/evloop/token_bucket.h
index b57d704298..d042041e02 100644
--- a/src/lib/evloop/token_bucket.h
+++ b/src/lib/evloop/token_bucket.h
@@ -66,19 +66,19 @@ typedef struct token_bucket_rw_t {
void token_bucket_rw_init(token_bucket_rw_t *bucket,
uint32_t rate,
uint32_t burst,
- uint32_t now_ts);
+ uint32_t now_ts_stamp);
void token_bucket_rw_adjust(token_bucket_rw_t *bucket,
uint32_t rate, uint32_t burst);
void token_bucket_rw_reset(token_bucket_rw_t *bucket,
- uint32_t now_ts);
+ uint32_t now_ts_stamp);
#define TB_READ 1
#define TB_WRITE 2
int token_bucket_rw_refill(token_bucket_rw_t *bucket,
- uint32_t now_ts);
+ uint32_t now_ts_stamp);
int token_bucket_rw_dec_read(token_bucket_rw_t *bucket,
ssize_t n);
@@ -114,11 +114,11 @@ typedef struct token_bucket_ctr_t {
} token_bucket_ctr_t;
void token_bucket_ctr_init(token_bucket_ctr_t *bucket, uint32_t rate,
- uint32_t burst, uint32_t now_ts);
+ uint32_t burst, uint32_t now_ts_sec);
void token_bucket_ctr_adjust(token_bucket_ctr_t *bucket, uint32_t rate,
uint32_t burst);
-void token_bucket_ctr_reset(token_bucket_ctr_t *bucket, uint32_t now_ts);
-void token_bucket_ctr_refill(token_bucket_ctr_t *bucket, uint32_t now_ts);
+void token_bucket_ctr_reset(token_bucket_ctr_t *bucket, uint32_t now_ts_sec);
+void token_bucket_ctr_refill(token_bucket_ctr_t *bucket, uint32_t now_ts_sec);
static inline bool
token_bucket_ctr_dec(token_bucket_ctr_t *bucket, ssize_t n)
diff --git a/src/lib/time/compat_time.c b/src/lib/time/compat_time.c
index eb716259c4..57a1e45b84 100644
--- a/src/lib/time/compat_time.c
+++ b/src/lib/time/compat_time.c
@@ -812,6 +812,12 @@ monotime_absolute_msec(void)
return monotime_absolute_nsec() / ONE_MILLION;
}
+uint64_t
+monotime_absolute_sec(void)
+{
+ return monotime_absolute_nsec() / ONE_BILLION;
+}
+
#ifdef MONOTIME_COARSE_FN_IS_DIFFERENT
uint64_t
monotime_coarse_absolute_nsec(void)
@@ -836,6 +842,17 @@ monotime_coarse_absolute_msec(void)
{
return monotime_coarse_absolute_nsec() / ONE_MILLION;
}
+
+uint64_t
+monotime_coarse_absolute_sec(void)
+{
+ /* Note: Right now I'm not too concerned about 64-bit division, but if this
+ * ever becomes a hotspot we need to optimize, we can modify this to grab
+ * tv_sec directly from CLOCK_MONOTONIC_COARSE on linux at least. Right now
+ * I'm choosing to make this simpler and easier to test, but this
+ * optimization is available easily if we need it. */
+ return monotime_coarse_absolute_nsec() / ONE_BILLION;
+}
#else /* !defined(MONOTIME_COARSE_FN_IS_DIFFERENT) */
#define initialized_at_coarse initialized_at
#endif /* defined(MONOTIME_COARSE_FN_IS_DIFFERENT) */
diff --git a/src/lib/time/compat_time.h b/src/lib/time/compat_time.h
index da96023894..eaf676ae84 100644
--- a/src/lib/time/compat_time.h
+++ b/src/lib/time/compat_time.h
@@ -89,6 +89,13 @@
* A: In general, regular monotime uses something that requires a system call.
* On platforms where system calls are cheap, you win! Otherwise, you lose.
*
+ * XXX: This hasn't been true for a long time. Expect both coarse and fine
+ * monotime won't require a syscall, but they will have different
+ * costs in terms of low-level synchronization inside the vDSO and
+ * the hardware. The basic guidelines here still apply, but we aren't
+ * really worrying about system calls any more, and the integer div
+ * concerns are becoming nearly unimportant as well.
+ *
* On Windows, monotonic time uses QuereyPerformanceCounter. Storing
* monotime_t costs 8 bytes.
*
@@ -232,7 +239,12 @@ MOCK_DECL(uint64_t, monotime_absolute_usec,(void));
* Fractional units are truncated, not rounded.
*/
uint64_t monotime_absolute_msec(void);
-
+/**
+ * Return the number of seconds since the timer system was initialized.
+ * The returned value may be equal to zero.
+ * Fractional units are truncated, not rounded.
+ */
+uint64_t monotime_absolute_sec(void);
/**
* Set <b>out</b> to zero.
*/
@@ -259,11 +271,13 @@ void monotime_coarse_get(monotime_coarse_t *out);
uint64_t monotime_coarse_absolute_nsec(void);
uint64_t monotime_coarse_absolute_usec(void);
uint64_t monotime_coarse_absolute_msec(void);
+uint64_t monotime_coarse_absolute_sec(void);
#else /* !defined(MONOTIME_COARSE_FN_IS_DIFFERENT) */
#define monotime_coarse_get monotime_get
#define monotime_coarse_absolute_nsec monotime_absolute_nsec
#define monotime_coarse_absolute_usec monotime_absolute_usec
#define monotime_coarse_absolute_msec monotime_absolute_msec
+#define monotime_coarse_absolute_sec monotime_absolute_sec
#endif /* defined(MONOTIME_COARSE_FN_IS_DIFFERENT) */
/**
diff --git a/src/test/test_bwmgt.c b/src/test/test_bwmgt.c
index a034c369d1..51ad8be59f 100644
--- a/src/test/test_bwmgt.c
+++ b/src/test/test_bwmgt.c
@@ -243,10 +243,30 @@ test_bwmgt_token_buf_refill(void *arg)
tt_int_op(b.read_bucket.bucket, OP_GT, 8*KB-400);
tt_int_op(b.read_bucket.bucket, OP_LT, 8*KB+400);
- // A ridiculous amount of time passes.
- tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, INT32_MAX));
+ /* A large amount of time passes, but less than the threshold at which
+ * we start detecting an assumed rollover event. This might be about 20
+ * days on a system with stamp units equal to 1ms. */
+ uint32_t ts_stamp = START_TS + UINT32_MAX / 5;
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, ts_stamp));
tt_int_op(b.read_bucket.bucket, OP_EQ, b.cfg.burst);
+ /* Fully empty the bucket and make sure it's filling once again */
+ token_bucket_rw_dec_read(&b, b.cfg.burst);
+ tt_int_op(b.read_bucket.bucket, OP_EQ, 0);
+ tt_int_op(1, OP_EQ, token_bucket_rw_refill(&b, ts_stamp += BW_SEC));
+ tt_int_op(b.read_bucket.bucket, OP_GT, 16*KB - 300);
+ tt_int_op(b.read_bucket.bucket, OP_LT, 16*KB + 300);
+
+ /* An even larger amount of time passes, which we take to be a 32-bit
+ * rollover event. The individual update is ignored, but the timestamp
+ * is still updated and the very next update should be accounted properly. */
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, ts_stamp += UINT32_MAX/2));
+ tt_int_op(b.read_bucket.bucket, OP_GT, 16*KB - 600);
+ tt_int_op(b.read_bucket.bucket, OP_LT, 16*KB + 600);
+ tt_int_op(0, OP_EQ, token_bucket_rw_refill(&b, ts_stamp += BW_SEC));
+ tt_int_op(b.read_bucket.bucket, OP_GT, 32*KB - 600);
+ tt_int_op(b.read_bucket.bucket, OP_LT, 32*KB + 600);
+
done:
;
}
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index a34420024f..8c9ddfcbe5 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -9,6 +9,7 @@
#include "core/or/dos.h"
#include "core/or/circuitlist.h"
#include "lib/crypt_ops/crypto_rand.h"
+#include "lib/time/compat_time.h"
#include "feature/stats/geoip_stats.h"
#include "core/or/channel.h"
#include "feature/nodelist/microdesc.h"
@@ -23,6 +24,8 @@
#include "test/test.h"
#include "test/log_test_helpers.h"
+static const uint64_t BILLION = 1000000000;
+
static networkstatus_t *dummy_ns = NULL;
static networkstatus_t *
mock_networkstatus_get_latest_consensus(void)
@@ -58,14 +61,18 @@ mock_enable_dos_protection(const networkstatus_t *ns)
static void
test_dos_conn_creation(void *arg)
{
+ uint64_t monotime_now = 0xfffffffe;
+
(void) arg;
+ monotime_enable_test_mocking();
+ monotime_coarse_set_mock_time_nsec(monotime_now);
MOCK(get_param_cc_enabled, mock_enable_dos_protection);
MOCK(get_param_conn_enabled, mock_enable_dos_protection);
/* Initialize test data */
or_connection_t or_conn;
- time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */
+ time_t wallclock_now = 1281533250; /* 2010-08-11 13:27:30 UTC */
tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&TO_CONN(&or_conn)->addr,
"18.0.0.1"));
tor_addr_t *addr = &TO_CONN(&or_conn)->addr;
@@ -75,13 +82,14 @@ test_dos_conn_creation(void *arg)
uint32_t max_concurrent_conns = get_param_conn_max_concurrent_count(NULL);
/* Introduce new client */
- geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now);
+ geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, wallclock_now);
{ /* Register many conns from this client but not enough to get it blocked */
unsigned int i;
for (i = 0; i < max_concurrent_conns; i++) {
/* Don't trigger the connect() rate limitation so advance the clock 1
* second for each connection. */
- update_approx_time(++now);
+ monotime_coarse_set_mock_time_nsec(monotime_now += BILLION);
+ update_approx_time(++wallclock_now);
dos_new_client_conn(&or_conn, NULL);
}
}
@@ -107,6 +115,7 @@ test_dos_conn_creation(void *arg)
done:
dos_free_all();
+ monotime_disable_test_mocking();
}
/** Helper mock: Place a fake IP addr for this channel in <b>addr_out</b> */
diff --git a/src/test/test_hs_dos.c b/src/test/test_hs_dos.c
index 70f2ef412f..81410f7b9b 100644
--- a/src/test/test_hs_dos.c
+++ b/src/test/test_hs_dos.c
@@ -16,6 +16,7 @@
#include "test/log_test_helpers.h"
#include "app/config/config.h"
+#include "lib/time/compat_time.h"
#include "core/or/circuitlist.h"
#include "core/or/circuituse.h"
@@ -45,7 +46,8 @@ free_mock_consensus(void)
static void
test_can_send_intro2(void *arg)
{
- uint32_t now = (uint32_t) approx_time();
+ static const uint64_t BILLION = 1000000000;
+ uint64_t now = 12345;
or_circuit_t *or_circ = NULL;
(void) arg;
@@ -55,6 +57,8 @@ test_can_send_intro2(void *arg)
get_options_mutable()->ORPort_set = 1;
setup_mock_consensus();
+ monotime_enable_test_mocking();
+ monotime_coarse_set_mock_time_nsec(now);
or_circ = or_circuit_new(1, NULL);
@@ -68,7 +72,7 @@ test_can_send_intro2(void *arg)
/* Simulate that 10 cells have arrived in 1 second. There should be no
* refill since the bucket is already at maximum on the first cell. */
- update_approx_time(++now);
+ monotime_coarse_set_mock_time_nsec(now += BILLION);
for (int i = 0; i < 10; i++) {
tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
}
@@ -76,7 +80,7 @@ test_can_send_intro2(void *arg)
get_intro2_burst_consensus_param(NULL) - 10);
/* Fully refill the bucket minus 1 cell. */
- update_approx_time(++now);
+ monotime_coarse_set_mock_time_nsec(now += BILLION);
tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
get_intro2_burst_consensus_param(NULL) - 1);
@@ -84,7 +88,7 @@ test_can_send_intro2(void *arg)
/* Receive an INTRODUCE2 at each second. We should have the bucket full
* since at every second it gets refilled. */
for (int i = 0; i < 10; i++) {
- update_approx_time(++now);
+ monotime_coarse_set_mock_time_nsec(now += BILLION);
tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
}
/* Last check if we can send the cell decrements the bucket so minus 1. */
@@ -92,7 +96,8 @@ test_can_send_intro2(void *arg)
get_intro2_burst_consensus_param(NULL) - 1);
/* Manually reset bucket for next test. */
- token_bucket_ctr_reset(&or_circ->introduce2_bucket, now);
+ token_bucket_ctr_reset(&or_circ->introduce2_bucket,
+ (uint32_t) monotime_coarse_absolute_sec());
tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
get_intro2_burst_consensus_param(NULL));
@@ -115,7 +120,7 @@ test_can_send_intro2(void *arg)
}
/* One second has passed, we should have the rate minus 1 cell added. */
- update_approx_time(++now);
+ monotime_coarse_set_mock_time_nsec(now += BILLION);
tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
get_intro2_rate_consensus_param(NULL) - 1);
@@ -125,6 +130,7 @@ test_can_send_intro2(void *arg)
hs_free_all();
free_mock_consensus();
+ monotime_disable_test_mocking();
}
static void
diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c
index cbcdeade92..82b7ec029d 100644
--- a/src/test/test_hs_intropoint.c
+++ b/src/test/test_hs_intropoint.c
@@ -14,6 +14,7 @@
#include "test/test.h"
#include "test/log_test_helpers.h"
#include "lib/crypt_ops/crypto_rand.h"
+#include "lib/time/compat_time.h"
#include "core/or/or.h"
#include "core/or/channel.h"
@@ -127,7 +128,7 @@ helper_create_intro_circuit(void)
tt_assert(circ);
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
token_bucket_ctr_init(&circ->introduce2_bucket, 100, 100,
- (uint32_t) approx_time());
+ (uint32_t) monotime_coarse_absolute_sec());
done:
return circ;
}
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits