[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21621 [Core Tor/Tor]: Intro points can get stuck in CIRCUIT_PURPOSE_S_ESTABLISH_INTRO



#21621: Intro points can get stuck in CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:  teor
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.2.7.2-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  tor-hs        |  Actual Points:
Parent ID:  #21446        |         Points:  1
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by teor):

 So let's try something like:

 If a circuit is stuck in CIRCUIT_PURPOSE_S_ESTABLISH_INTRO for more than N
 seconds, close the circuit and treat it as a failure.

 This should be fixed along with #21600, where we wait T seconds between
 detecting failure and retrying the connection.

 We have the following approximate constraints:
 * Detecting failure (#21600) takes 1-2 first-hop latencies (it's likely to
 be the slow hop),
 * Building a 3-hop circuit (this ticket) and sending and receiving a reply
 takes about 8 first-hop latencies (3*2 + 2),
 * The total potential failure delay is approximately 10 first-hop
 latencies,
 * multiplied by 3 retry attempts, this gives ~30 first-hop latencies,
 * We reset the intro attempt count every 600 seconds (5 minutes), giving
 an approximate first-hop latency of ~20 seconds.

 But we don't want to penalise hidden services on slow connections (our
 connection timeout is ~30 seconds), which would give us 7.5 minutes for a
 full set of retries. That's probably acceptable, unless we've just killed
 off all of our intro points and will never get any of them back. But as
 long as they are in the consensus, they should be reachable (and if
 they're not, we drop them straight away).

 So that makes:
 * N = 8*30 = 240 (or maybe 8*15 = 120 if the timeout is the rtt)
 * T = 2*30 = 60 (or maybe 2*15 = 30)

 Given we've had no limit for N before this ticket, I'd be conservative and
 make it 240 seconds.

 Given that T has been 1 second before this ticket, I'd be conservative and
 make it 30 seconds.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21621#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs