tor  0.4.2.0-alpha-dev
channelpadding.c
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /* TOR_CHANNEL_INTERNAL_ define needed for an O(1) implementation of
8  * channelpadding_channel_to_channelinfo() */
9 #define TOR_CHANNEL_INTERNAL_
10 
11 #include "core/or/or.h"
12 #include "core/or/channel.h"
13 #include "core/or/channelpadding.h"
14 #include "core/or/channeltls.h"
15 #include "app/config/config.h"
18 #include "core/or/connection_or.h"
20 #include "core/mainloop/mainloop.h"
21 #include "feature/stats/rephist.h"
22 #include "feature/relay/router.h"
24 #include "lib/time/compat_time.h"
26 #include "lib/evloop/timers.h"
27 
28 #include "core/or/cell_st.h"
29 #include "core/or/or_connection_st.h"
30 
31 STATIC int32_t channelpadding_get_netflow_inactive_timeout_ms(
32  const channel_t *);
33 STATIC int channelpadding_send_disable_command(channel_t *);
34 STATIC int64_t channelpadding_compute_time_until_pad_for_netflow(channel_t *);
35 
37 static uint64_t total_timers_pending;
38 
41 static int consensus_nf_ito_low;
43 static int consensus_nf_ito_high;
45 static int consensus_nf_ito_low_reduced;
47 static int consensus_nf_ito_high_reduced;
49 static int consensus_nf_conntimeout_relays;
51 static int consensus_nf_conntimeout_clients;
53 static int consensus_nf_pad_before_usage;
55 static int consensus_nf_pad_relays;
57 static int consensus_nf_pad_single_onion;
58 
59 #define TOR_MSEC_PER_SEC 1000
60 #define TOR_USEC_PER_MSEC 1000
61 
65 #define TOR_HOUSEKEEPING_CALLBACK_MSEC 1000
66 
70 #define TOR_HOUSEKEEPING_CALLBACK_SLACK_MSEC 100
71 
77 #define CHANNEL_IS_CLIENT(chan, options) \
78  (!public_server_mode((options)) || channel_is_client(chan) || \
79  !connection_or_digest_is_known_relay((chan)->identity_digest))
80 
87 void
88 channelpadding_new_consensus_params(networkstatus_t *ns)
89 {
90 #define DFLT_NETFLOW_INACTIVE_KEEPALIVE_LOW 1500
91 #define DFLT_NETFLOW_INACTIVE_KEEPALIVE_HIGH 9500
92 #define DFLT_NETFLOW_INACTIVE_KEEPALIVE_MIN 0
93 #define DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX 60000
94  consensus_nf_ito_low = networkstatus_get_param(ns, "nf_ito_low",
95  DFLT_NETFLOW_INACTIVE_KEEPALIVE_LOW,
96  DFLT_NETFLOW_INACTIVE_KEEPALIVE_MIN,
97  DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX);
98  consensus_nf_ito_high = networkstatus_get_param(ns, "nf_ito_high",
99  DFLT_NETFLOW_INACTIVE_KEEPALIVE_HIGH,
100  consensus_nf_ito_low,
101  DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX);
102 
103 #define DFLT_NETFLOW_REDUCED_KEEPALIVE_LOW 9000
104 #define DFLT_NETFLOW_REDUCED_KEEPALIVE_HIGH 14000
105 #define DFLT_NETFLOW_REDUCED_KEEPALIVE_MIN 0
106 #define DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX 60000
107  consensus_nf_ito_low_reduced =
108  networkstatus_get_param(ns, "nf_ito_low_reduced",
109  DFLT_NETFLOW_REDUCED_KEEPALIVE_LOW,
110  DFLT_NETFLOW_REDUCED_KEEPALIVE_MIN,
111  DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX);
112 
113  consensus_nf_ito_high_reduced =
114  networkstatus_get_param(ns, "nf_ito_high_reduced",
115  DFLT_NETFLOW_REDUCED_KEEPALIVE_HIGH,
116  consensus_nf_ito_low_reduced,
117  DFLT_NETFLOW_REDUCED_KEEPALIVE_MAX);
118 
119 #define CONNTIMEOUT_RELAYS_DFLT (60*60) // 1 hour
120 #define CONNTIMEOUT_RELAYS_MIN 60
121 #define CONNTIMEOUT_RELAYS_MAX (7*24*60*60) // 1 week
122  consensus_nf_conntimeout_relays =
123  networkstatus_get_param(ns, "nf_conntimeout_relays",
124  CONNTIMEOUT_RELAYS_DFLT,
125  CONNTIMEOUT_RELAYS_MIN,
126  CONNTIMEOUT_RELAYS_MAX);
127 
128 #define CIRCTIMEOUT_CLIENTS_DFLT (30*60) // 30 minutes
129 #define CIRCTIMEOUT_CLIENTS_MIN 60
130 #define CIRCTIMEOUT_CLIENTS_MAX (24*60*60) // 24 hours
131  consensus_nf_conntimeout_clients =
132  networkstatus_get_param(ns, "nf_conntimeout_clients",
133  CIRCTIMEOUT_CLIENTS_DFLT,
134  CIRCTIMEOUT_CLIENTS_MIN,
135  CIRCTIMEOUT_CLIENTS_MAX);
136 
137  consensus_nf_pad_before_usage =
138  networkstatus_get_param(ns, "nf_pad_before_usage", 1, 0, 1);
139 
140  consensus_nf_pad_relays =
141  networkstatus_get_param(ns, "nf_pad_relays", 0, 0, 1);
142 
143  consensus_nf_pad_single_onion =
144  networkstatus_get_param(ns,
145  CHANNELPADDING_SOS_PARAM,
146  CHANNELPADDING_SOS_DEFAULT, 0, 1);
147 }
148 
167 STATIC int32_t
168 channelpadding_get_netflow_inactive_timeout_ms(const channel_t *chan)
169 {
170  int low_timeout = consensus_nf_ito_low;
171  int high_timeout = consensus_nf_ito_high;
172  int X1, X2;
173 
174  if (low_timeout == 0 && low_timeout == high_timeout)
175  return 0; // No padding
176 
177  /* If we have negotiated different timeout values, use those, but
178  * don't allow them to be lower than the consensus ones */
179  if (chan->padding_timeout_low_ms && chan->padding_timeout_high_ms) {
180  low_timeout = MAX(low_timeout, chan->padding_timeout_low_ms);
181  high_timeout = MAX(high_timeout, chan->padding_timeout_high_ms);
182  }
183 
184  if (low_timeout == high_timeout)
185  return low_timeout; // No randomization
186 
187  /*
188  * This MAX() hack is here because we apply the timeout on both the client
189  * and the server. This creates the situation where the total time before
190  * sending a packet in either direction is actually
191  * min(client_timeout,server_timeout).
192  *
193  * If X is a random variable uniform from 0..R-1 (where R=high-low),
194  * then Y=max(X,X) has Prob(Y == i) = (2.0*i + 1)/(R*R).
195  *
196  * If we create a third random variable Z=min(Y,Y), then it turns out that
197  * Exp[Z] ~= Exp[X]. Here's a table:
198  *
199  * R Exp[X] Exp[Z] Exp[min(X,X)] Exp[max(X,X)]
200  * 2000 999.5 1066 666.2 1332.8
201  * 3000 1499.5 1599.5 999.5 1999.5
202  * 5000 2499.5 2666 1666.2 3332.8
203  * 6000 2999.5 3199.5 1999.5 3999.5
204  * 7000 3499.5 3732.8 2332.8 4666.2
205  * 8000 3999.5 4266.2 2666.2 5332.8
206  * 10000 4999.5 5328 3332.8 6666.2
207  * 15000 7499.5 7995 4999.5 9999.5
208  * 20000 9900.5 10661 6666.2 13332.8
209  *
210  * In other words, this hack makes it so that when both the client and
211  * the guard are sending this padding, then the averages work out closer
212  * to the midpoint of the range, making the overhead easier to tune.
213  * If only one endpoint is padding (for example: if the relay does not
214  * support padding, but the client has set ConnectionPadding 1; or
215  * if the relay does support padding, but the client has set
216  * ReducedConnectionPadding 1), then the defense will still prevent
217  * record splitting, but with less overhead than the midpoint
218  * (as seen by the Exp[max(X,X)] column).
219  *
220  * To calculate average padding packet frequency (and thus overhead),
221  * index into the table by picking a row based on R = high-low. Then,
222  * use the appropriate column (Exp[Z] for two-sided padding, and
223  * Exp[max(X,X)] for one-sided padding). Finally, take this value
224  * and add it to the low timeout value. This value is the average
225  * frequency which padding packets will be sent.
226  */
227 
228  X1 = crypto_rand_int(high_timeout - low_timeout);
229  X2 = crypto_rand_int(high_timeout - low_timeout);
230  return low_timeout + MAX(X1, X2);
231 }
232 
239 int
240 channelpadding_update_padding_for_channel(channel_t *chan,
241  const channelpadding_negotiate_t *pad_vars)
242 {
243  if (pad_vars->version != 0) {
244  static ratelim_t version_limit = RATELIM_INIT(600);
245 
246  log_fn_ratelim(&version_limit,LOG_PROTOCOL_WARN,LD_PROTOCOL,
247  "Got a PADDING_NEGOTIATE cell with an unknown version. Ignoring.");
248  return -1;
249  }
250 
251  // We should not allow malicious relays to disable or reduce padding for
252  // us as clients. In fact, we should only accept this cell at all if we're
253  // operating as a relay. Bridges should not accept it from relays, either
254  // (only from their clients).
255  if ((get_options()->BridgeRelay &&
257  !get_options()->ORPort_set) {
258  static ratelim_t relay_limit = RATELIM_INIT(600);
259 
260  log_fn_ratelim(&relay_limit,LOG_PROTOCOL_WARN,LD_PROTOCOL,
261  "Got a PADDING_NEGOTIATE from relay at %s (%s). "
262  "This should not happen.",
263  chan->get_remote_descr(chan, 0),
265  return -1;
266  }
267 
268  chan->padding_enabled = (pad_vars->command == CHANNELPADDING_COMMAND_START);
269 
270  /* Min must not be lower than the current consensus parameter
271  nf_ito_low. */
272  chan->padding_timeout_low_ms = MAX(consensus_nf_ito_low,
273  pad_vars->ito_low_ms);
274 
275  /* Max must not be lower than ito_low_ms */
276  chan->padding_timeout_high_ms = MAX(chan->padding_timeout_low_ms,
277  pad_vars->ito_high_ms);
278 
280  "Negotiated padding=%d, lo=%d, hi=%d on %"PRIu64,
282  chan->padding_timeout_high_ms,
283  (chan->global_identifier));
284 
285  return 1;
286 }
287 
294 STATIC int
295 channelpadding_send_disable_command(channel_t *chan)
296 {
297  channelpadding_negotiate_t disable;
298  cell_t cell;
299 
300  tor_assert(chan);
301  tor_assert(BASE_CHAN_TO_TLS(chan)->conn->link_proto >=
302  MIN_LINK_PROTO_FOR_CHANNEL_PADDING);
303 
304  memset(&cell, 0, sizeof(cell_t));
305  memset(&disable, 0, sizeof(channelpadding_negotiate_t));
306  cell.command = CELL_PADDING_NEGOTIATE;
307 
308  channelpadding_negotiate_set_command(&disable, CHANNELPADDING_COMMAND_STOP);
309 
310  if (channelpadding_negotiate_encode(cell.payload, CELL_PAYLOAD_SIZE,
311  &disable) < 0)
312  return -1;
313 
314  if (chan->write_cell(chan, &cell) == 1)
315  return 0;
316  else
317  return -1;
318 }
319 
326 int
327 channelpadding_send_enable_command(channel_t *chan, uint16_t low_timeout,
328  uint16_t high_timeout)
329 {
330  channelpadding_negotiate_t enable;
331  cell_t cell;
332 
333  tor_assert(chan);
334  tor_assert(BASE_CHAN_TO_TLS(chan)->conn->link_proto >=
335  MIN_LINK_PROTO_FOR_CHANNEL_PADDING);
336 
337  memset(&cell, 0, sizeof(cell_t));
338  memset(&enable, 0, sizeof(channelpadding_negotiate_t));
339  cell.command = CELL_PADDING_NEGOTIATE;
340 
341  channelpadding_negotiate_set_command(&enable, CHANNELPADDING_COMMAND_START);
342  channelpadding_negotiate_set_ito_low_ms(&enable, low_timeout);
343  channelpadding_negotiate_set_ito_high_ms(&enable, high_timeout);
344 
345  if (channelpadding_negotiate_encode(cell.payload, CELL_PAYLOAD_SIZE,
346  &enable) < 0)
347  return -1;
348 
349  if (chan->write_cell(chan, &cell) == 1)
350  return 0;
351  else
352  return -1;
353 }
354 
362 static void
363 channelpadding_send_padding_cell_for_callback(channel_t *chan)
364 {
365  cell_t cell;
366 
367  /* Check that the channel is still valid and open */
368  if (!chan || chan->state != CHANNEL_STATE_OPEN) {
369  if (chan) chan->pending_padding_callback = 0;
371  "Scheduled a netflow padding cell, but connection already closed.");
372  return;
373  }
374 
375  /* We should have a pending callback flag set. */
376  if (BUG(chan->pending_padding_callback == 0))
377  return;
378 
379  chan->pending_padding_callback = 0;
380 
381  if (monotime_coarse_is_zero(&chan->next_padding_time) ||
382  chan->has_queued_writes(chan) ||
383  (chan->cmux && circuitmux_num_cells(chan->cmux))) {
384  /* We must have been active before the timer fired */
385  monotime_coarse_zero(&chan->next_padding_time);
386  return;
387  }
388 
389  {
390  monotime_coarse_t now;
391  monotime_coarse_get(&now);
392 
394  "Sending netflow keepalive on %"PRIu64" to %s (%s) after "
395  "%"PRId64" ms. Delta %"PRId64"ms",
396  (chan->global_identifier),
397  safe_str_client(chan->get_remote_descr(chan, 0)),
398  safe_str_client(hex_str(chan->identity_digest, DIGEST_LEN)),
399  (monotime_coarse_diff_msec(&chan->timestamp_xfer,&now)),
400  (
401  monotime_coarse_diff_msec(&chan->next_padding_time,&now)));
402  }
403 
404  /* Clear the timer */
405  monotime_coarse_zero(&chan->next_padding_time);
406 
407  /* Send the padding cell. This will cause the channel to get a
408  * fresh timestamp_active */
409  memset(&cell, 0, sizeof(cell));
410  cell.command = CELL_PADDING;
411  chan->write_cell(chan, &cell);
412 }
413 
422 static void
423 channelpadding_send_padding_callback(tor_timer_t *timer, void *args,
424  const struct monotime_t *when)
425 {
426  channel_t *chan = channel_handle_get((struct channel_handle_t*)args);
427  (void)timer; (void)when;
428 
429  if (chan && CHANNEL_CAN_HANDLE_CELLS(chan)) {
430  /* Hrmm.. It might be nice to have an equivalent to assert_connection_ok
431  * for channels. Then we could get rid of the channeltls dependency */
432  tor_assert(TO_CONN(BASE_CHAN_TO_TLS(chan)->conn)->magic ==
433  OR_CONNECTION_MAGIC);
434  assert_connection_ok(TO_CONN(BASE_CHAN_TO_TLS(chan)->conn), approx_time());
435 
436  channelpadding_send_padding_cell_for_callback(chan);
437  } else {
439  "Channel closed while waiting for timer.");
440  }
441 
442  total_timers_pending--;
443 }
444 
453 static channelpadding_decision_t
454 channelpadding_schedule_padding(channel_t *chan, int in_ms)
455 {
456  struct timeval timeout;
458 
459  if (in_ms <= 0) {
460  chan->pending_padding_callback = 1;
461  channelpadding_send_padding_cell_for_callback(chan);
462  return CHANNELPADDING_PADDING_SENT;
463  }
464 
465  timeout.tv_sec = in_ms/TOR_MSEC_PER_SEC;
466  timeout.tv_usec = (in_ms%TOR_USEC_PER_MSEC)*TOR_USEC_PER_MSEC;
467 
468  if (!chan->timer_handle) {
469  chan->timer_handle = channel_handle_new(chan);
470  }
471 
472  if (chan->padding_timer) {
474  channelpadding_send_padding_callback,
475  chan->timer_handle);
476  } else {
477  chan->padding_timer = timer_new(channelpadding_send_padding_callback,
478  chan->timer_handle);
479  }
480  timer_schedule(chan->padding_timer, &timeout);
481 
482  rep_hist_padding_count_timers(++total_timers_pending);
483 
484  chan->pending_padding_callback = 1;
485  return CHANNELPADDING_PADDING_SCHEDULED;
486 }
487 
502 #define CHANNELPADDING_TIME_LATER -1
503 #define CHANNELPADDING_TIME_DISABLED -2
504 STATIC int64_t
505 channelpadding_compute_time_until_pad_for_netflow(channel_t *chan)
506 {
507  monotime_coarse_t now;
508  monotime_coarse_get(&now);
509 
510  if (monotime_coarse_is_zero(&chan->next_padding_time)) {
511  /* If the below line or crypto_rand_int() shows up on a profile,
512  * we can avoid getting a timeout until we're at least nf_ito_lo
513  * from a timeout window. That will prevent us from setting timers
514  * on connections that were active up to 1.5 seconds ago.
515  * Idle connections should only call this once every 5.5s on average
516  * though, so that might be a micro-optimization for little gain. */
517  int32_t padding_timeout =
518  channelpadding_get_netflow_inactive_timeout_ms(chan);
519 
520  if (!padding_timeout)
521  return CHANNELPADDING_TIME_DISABLED;
522 
523  monotime_coarse_add_msec(&chan->next_padding_time,
524  &chan->timestamp_xfer,
525  padding_timeout);
526  }
527 
528  const int64_t ms_till_pad =
529  monotime_coarse_diff_msec(&now, &chan->next_padding_time);
530 
531  /* If the next padding time is beyond the maximum possible consensus value,
532  * then this indicates a clock jump, so just send padding now. This is
533  * better than using monotonic time because we want to avoid the situation
534  * where we wait around forever for monotonic time to move forward after
535  * a clock jump far into the past.
536  */
537  if (ms_till_pad > DFLT_NETFLOW_INACTIVE_KEEPALIVE_MAX) {
539  log_warn(LD_BUG,
540  "Channel padding timeout scheduled %"PRId64"ms in the future. "
541  "Did the monotonic clock just jump?",
542  (ms_till_pad));
543  return 0; /* Clock jumped: Send padding now */
544  }
545 
546  /* If the timeout will expire before the next time we're called (1000ms
547  from now, plus some slack), then calculate the number of milliseconds
548  from now which we should send padding, so we can schedule a callback
549  then.
550  */
551  if (ms_till_pad < (TOR_HOUSEKEEPING_CALLBACK_MSEC +
552  TOR_HOUSEKEEPING_CALLBACK_SLACK_MSEC)) {
553  /* If the padding time is in the past, that means that libevent delayed
554  * calling the once-per-second callback due to other work taking too long.
555  * See https://bugs.torproject.org/22212 and
556  * https://bugs.torproject.org/16585. This is a systemic problem
557  * with being single-threaded, but let's emit a notice if this
558  * is long enough in the past that we might have missed a netflow window,
559  * and allowed a router to emit a netflow frame, just so we don't forget
560  * about it entirely.. */
561 #define NETFLOW_MISSED_WINDOW (150000 - DFLT_NETFLOW_INACTIVE_KEEPALIVE_HIGH)
562  if (ms_till_pad < 0) {
563  int severity = (ms_till_pad < -NETFLOW_MISSED_WINDOW)
564  ? LOG_NOTICE : LOG_INFO;
565  log_fn(severity, LD_OR,
566  "Channel padding timeout scheduled %"PRId64"ms in the past. ",
567  (-ms_till_pad));
568  return 0; /* Clock jumped: Send padding now */
569  }
570 
571  return ms_till_pad;
572  }
573  return CHANNELPADDING_TIME_LATER;
574 }
575 
589 unsigned int
590 channelpadding_get_channel_idle_timeout(const channel_t *chan,
591  int is_canonical)
592 {
593  const or_options_t *options = get_options();
594  unsigned int timeout;
595 
596  /* Non-canonical and client channels only last for 3-4.5 min when idle */
597  if (!is_canonical || CHANNEL_IS_CLIENT(chan, options)) {
598 #define CONNTIMEOUT_CLIENTS_BASE 180 // 3 to 4.5 min
599  timeout = CONNTIMEOUT_CLIENTS_BASE
600  + crypto_rand_int(CONNTIMEOUT_CLIENTS_BASE/2);
601  } else { // Canonical relay-to-relay channels
602  // 45..75min or consensus +/- 25%
603  timeout = consensus_nf_conntimeout_relays;
604  timeout = 3*timeout/4 + crypto_rand_int(timeout/2);
605  }
606 
607  /* If ReducedConnectionPadding is set, we want to halve the duration of
608  * the channel idle timeout, since reducing the additional time that
609  * a channel stays open will reduce the total overhead for making
610  * new channels. This reduction in overhead/channel expense
611  * is important for mobile users. The option cannot be set by relays.
612  *
613  * We also don't reduce any values for timeout that the user explicitly
614  * set.
615  */
616  if (options->ReducedConnectionPadding
617  && !options->CircuitsAvailableTimeout) {
618  timeout /= 2;
619  }
620 
621  return timeout;
622 }
623 
636 int
637 channelpadding_get_circuits_available_timeout(void)
638 {
639  const or_options_t *options = get_options();
640  int timeout = options->CircuitsAvailableTimeout;
641 
642  if (!timeout) {
643  timeout = consensus_nf_conntimeout_clients;
644 
645  /* If ReducedConnectionPadding is set, we want to halve the duration of
646  * the channel idle timeout, since reducing the additional time that
647  * a channel stays open will reduce the total overhead for making
648  * new connections. This reduction in overhead/connection expense
649  * is important for mobile users. The option cannot be set by relays.
650  *
651  * We also don't reduce any values for timeout that the user explicitly
652  * set.
653  */
654  if (options->ReducedConnectionPadding) {
655  // half the value to 15..30min by default
656  timeout /= 2;
657  }
658  }
659 
660  // 30..60min by default
661  timeout = timeout + crypto_rand_int(timeout);
662 
663  tor_assert(timeout >= 0);
664 
665  return timeout;
666 }
667 
672 void
673 channelpadding_disable_padding_on_channel(channel_t *chan)
674 {
675  chan->padding_enabled = 0;
676 
677  // Send cell to disable padding on the other end
678  channelpadding_send_disable_command(chan);
679 }
680 
686 void
687 channelpadding_reduce_padding_on_channel(channel_t *chan)
688 {
689  /* Padding can be forced and reduced by clients, regardless of if
690  * the channel supports it. So we check for support here before
691  * sending any commands. */
692  if (chan->padding_enabled) {
693  channelpadding_send_disable_command(chan);
694  }
695 
696  chan->padding_timeout_low_ms = consensus_nf_ito_low_reduced;
697  chan->padding_timeout_high_ms = consensus_nf_ito_high_reduced;
698 
700  "Reduced padding on channel %"PRIu64": lo=%d, hi=%d",
701  (chan->global_identifier),
702  chan->padding_timeout_low_ms, chan->padding_timeout_high_ms);
703 }
704 
715 channelpadding_decision_t
716 channelpadding_decide_to_pad_channel(channel_t *chan)
717 {
718  const or_options_t *options = get_options();
719 
720  /* Only pad open channels */
721  if (chan->state != CHANNEL_STATE_OPEN)
722  return CHANNELPADDING_WONTPAD;
723 
724  if (chan->channel_usage == CHANNEL_USED_FOR_FULL_CIRCS) {
725  if (!consensus_nf_pad_before_usage)
726  return CHANNELPADDING_WONTPAD;
727  } else if (chan->channel_usage != CHANNEL_USED_FOR_USER_TRAFFIC) {
728  return CHANNELPADDING_WONTPAD;
729  }
730 
731  if (chan->pending_padding_callback)
732  return CHANNELPADDING_PADDING_ALREADY_SCHEDULED;
733 
734  /* Don't pad the channel if we didn't negotiate it, but still
735  * allow clients to force padding if options->ChannelPadding is
736  * explicitly set to 1.
737  */
738  if (!chan->padding_enabled && options->ConnectionPadding != 1) {
739  return CHANNELPADDING_WONTPAD;
740  }
741 
742  if (rend_service_allow_non_anonymous_connection(options) &&
743  !consensus_nf_pad_single_onion) {
744  /* If the consensus just changed values, this channel may still
745  * think padding is enabled. Negotiate it off. */
746  if (chan->padding_enabled)
747  channelpadding_disable_padding_on_channel(chan);
748 
749  return CHANNELPADDING_WONTPAD;
750  }
751 
752  /* There should always be a cmux on the circuit. After that,
753  * only schedule padding if there are no queued writes and no
754  * queued cells in circuitmux queues. */
755  if (chan->cmux && !chan->has_queued_writes(chan) &&
756  !circuitmux_num_cells(chan->cmux)) {
757  int is_client_channel = 0;
758 
759  if (CHANNEL_IS_CLIENT(chan, options)) {
760  is_client_channel = 1;
761  }
762 
763  /* If nf_pad_relays=1 is set in the consensus, we pad
764  * on *all* idle connections, relay-relay or relay-client.
765  * Otherwise pad only for client+bridge cons */
766  if (is_client_channel || consensus_nf_pad_relays) {
767  int64_t pad_time_ms =
768  channelpadding_compute_time_until_pad_for_netflow(chan);
769 
770  if (pad_time_ms == CHANNELPADDING_TIME_DISABLED) {
771  return CHANNELPADDING_WONTPAD;
772  } else if (pad_time_ms == CHANNELPADDING_TIME_LATER) {
773  chan->currently_padding = 1;
774  return CHANNELPADDING_PADLATER;
775  } else {
776  if (BUG(pad_time_ms > INT_MAX)) {
777  pad_time_ms = INT_MAX;
778  }
779  /* We have to schedule a callback because we're called exactly once per
780  * second, but we don't want padding packets to go out exactly on an
781  * integer multiple of seconds. This callback will only be scheduled
782  * if we're within 1.1 seconds of the padding time.
783  */
784  chan->currently_padding = 1;
785  return channelpadding_schedule_padding(chan, (int)pad_time_ms);
786  }
787  } else {
788  chan->currently_padding = 0;
789  return CHANNELPADDING_WONTPAD;
790  }
791  } else {
792  return CHANNELPADDING_PADLATER;
793  }
794 }
channel_state_t state
Definition: channel.h:192
void rep_hist_padding_count_timers(uint64_t num_timers)
Definition: rephist.c:2717
Header file for channeltls.c.
int(* has_queued_writes)(channel_t *)
Definition: channel.h:352
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:16
Common functions for using (pseudo-)random number generators.
#define TO_CONN(c)
Definition: or.h:735
Header file for connection.c.
Definition: cell_st.h:12
struct channel_handle_t * timer_handle
Definition: channel.h:237
Functions and types for monotonic times.
#define LOG_INFO
Definition: log.h:42
int connection_or_digest_is_known_relay(const char *id_digest)
Header file for config.c.
channel_usage_info_t channel_usage
Definition: channel.h:228
#define tor_fragile_assert()
Definition: util_bug.h:241
#define LOG_NOTICE
Definition: log.h:47
Header file for mainloop.c.
circuitmux_t * cmux
Definition: channel.h:403
int CircuitsAvailableTimeout
struct tor_timer_t * padding_timer
Definition: channel.h:235
const char *(* get_remote_descr)(channel_t *, int)
Definition: channel.h:350
Header file for channel.c.
tor_assert(buffer)
uint16_t padding_timeout_low_ms
Definition: channel.h:256
unsigned int padding_enabled
Definition: channel.h:214
Header file for routermode.c.
#define DIGEST_LEN
Definition: digest_sizes.h:20
Master header file for Tor-specific functionality.
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
int crypto_rand_int(unsigned int max)
unsigned int currently_padding
Definition: channel.h:218
Header file for rephist.c.
int ReducedConnectionPadding
void timer_schedule(tor_timer_t *t, const struct timeval *tv)
Definition: timers.c:299
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:277
Header file for rendservice.c.
#define LD_OR
Definition: log.h:89
monotime_coarse_t next_padding_time
Definition: channel.h:232
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5251
#define CELL_PAYLOAD_SIZE
Definition: or.h:576
tor_timer_t * timer_new(timer_cb_fn_t cb, void *arg)
Definition: timers.c:248
Header for timers.c.
void timer_set_cb(tor_timer_t *t, timer_cb_fn_t cb, void *arg)
Definition: timers.c:274
Header file for router.c.
unsigned int pending_padding_callback
Definition: channel.h:221
#define log_fn(severity, domain, args,...)
Definition: log.h:272
monotime_coarse_t timestamp_xfer
Definition: channel.h:308
time_t approx_time(void)
Definition: approx_time.c:32
#define MAX(a, b)
Definition: cmp.h:22
uint8_t command
Definition: cell_st.h:14
Header file for connection_or.c.
char identity_digest[DIGEST_LEN]
Definition: channel.h:384
#define LD_PROTOCOL
Definition: log.h:69
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:83
uint64_t global_identifier
Definition: channel.h:197