[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r12218: Keep circuitless TLS connections open for 1.5 x MaxCircuitDi (in tor/trunk: . doc doc/spec src/or)

Author: nickm
Date: 2007-10-26 18:50:40 -0400 (Fri, 26 Oct 2007)
New Revision: 12218

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/doc/TODO
   tor/trunk/doc/spec/tor-spec.txt
   tor/trunk/src/or/main.c
Log:
 r16194@catbus:  nickm | 2007-10-26 18:37:02 -0400
 Keep circuitless TLS connections open for 1.5 x MaxCircuitDirtiness: this ensures that we don't thrash closing and repoening connections to our guards.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r16194] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-10-26 22:14:11 UTC (rev 12217)
+++ tor/trunk/ChangeLog	2007-10-26 22:50:40 UTC (rev 12218)
@@ -3,6 +3,12 @@
     - Drop support for OpenSSL version 0.9.6.  Just about nobody was using
       it, it had no AES, and it hasn't seen any security patches since 2004.
 
+  o Minor features:
+    - Clients new hold circuitless TLS connections open for 1.5 times
+      MaxCircuitDirtiness, since it is likely that they'll need to build
+      a circuit over them within that timeframe.  Previously, they held them
+      open only for KeepalivePeriod.
+
   o Minor bugfixes:
     - Refuse to start if both ORPort and UseBridges are set. Bugfix
       on 0.2.0.x.

Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO	2007-10-26 22:14:11 UTC (rev 12217)
+++ tor/trunk/doc/TODO	2007-10-26 22:50:40 UTC (rev 12218)
@@ -23,9 +23,10 @@
     - Support for preconfigured mirror lists
       - Use a pre-shipped fallback consensus.
     - Download consensuses (et al) via if-modified-since
-    - Saner TLS rotation
-      - Bump up the "connection timeout" value to be 1.5
+    o Saner TLS rotation
+      o Bump up OR the "connection timeout" value to be 1.5
 	circuit dirtiness interval.
+      o Document this in tor-spec
     - base Guard flag on WFU rather than or in addition to MTBF
     D 118 if feasible and obvious
     D Maintain a skew estimate and use ftime consistently.
@@ -103,8 +104,8 @@
         - Handle rate-limiting on directory writes to linked directory
           connections in a more sensible manner.
         - Find more ways to test this.
-    - Have clients do TLS connection rotation less often than "every 10
-      minutes" in the thrashy case, and more often than "once a week" in the
+    o Do TLS rotation less often than "every 10 minutes" in the thrashy case.
+    D Do TLS connection rotation more often than "once a week" in the
       extra-stable case.
     - Streamline how we pick entry nodes: Make choose_random_entry() have
       less magic and less control logic.

Modified: tor/trunk/doc/spec/tor-spec.txt
===================================================================
--- tor/trunk/doc/spec/tor-spec.txt	2007-10-26 22:14:11 UTC (rev 12217)
+++ tor/trunk/doc/spec/tor-spec.txt	2007-10-26 22:50:40 UTC (rev 12218)
@@ -194,9 +194,12 @@
    of TLS records MUST NOT leak information about the type or contents
    of the cells.
 
-   TLS connections are not permanent. Either side may close a connection
+   TLS connections are not permanent. Either side MAY close a connection
    if there are no circuits running over it and an amount of time
-   (KeepalivePeriod, defaults to 5 minutes) has passed.
+   (KeepalivePeriod, defaults to 5 minutes) has passed since the last time
+   any traffic was transmitted over the TLS connection.  Clients SHOULD
+   also hold a TLS connection with no circuits open, if it is likely that a
+   circuit will be built soon using that connection.
 
    (As an exception, directory servers may try to stay connected to all of
    the ORs -- though this will be phased out for the Tor 0.1.2.x release.)

Modified: tor/trunk/src/or/main.c
===================================================================
--- tor/trunk/src/or/main.c	2007-10-26 22:14:11 UTC (rev 12217)
+++ tor/trunk/src/or/main.c	2007-10-26 22:50:40 UTC (rev 12218)
@@ -764,19 +764,23 @@
      the connection or send a keepalive, depending. */
   if (now >= conn->timestamp_lastwritten + options->KeepalivePeriod) {
     routerinfo_t *router = router_get_by_digest(or_conn->identity_digest);
+    int maxCircuitlessPeriod = options->MaxCircuitDirtiness*3/2;
     if (!connection_state_is_open(conn)) {
+      /* We never managed to actually get this connection open and happy. */
       log_info(LD_OR,"Expiring non-open OR connection to fd %d (%s:%d).",
                conn->s,conn->address, conn->port);
       connection_mark_for_close(conn);
       conn->hold_open_until_flushed = 1;
     } else if (we_are_hibernating() && !or_conn->n_circuits &&
                !buf_datalen(conn->outbuf)) {
+      /* We're hibernating, there's no circuits, and nothing to flush.*/
       log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "
                "[Hibernating or exiting].",
                conn->s,conn->address, conn->port);
       connection_mark_for_close(conn);
       conn->hold_open_until_flushed = 1;
     } else if (!clique_mode(options) && !or_conn->n_circuits &&
+               now >= conn->timestamp_lastwritten + maxCircuitlessPeriod &&
                (!router || !server_mode(options) ||
                 !router_is_clique_mode(router))) {
       log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "