Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug28634 clean ish2 #1029

Closed

Conversation

@mikeperry-tor
Copy link
Contributor

commented May 16, 2019

No description provided.

asn-d6 and others added 19 commits Mar 20, 2019
Add some more useful logs for future debugging.
They were quite useful to me while debugging these machines.
Correctly handle machines out of tokens that have not closed yet.
Because perhaps the machine on the other side is still not done and keeping
them open.
Tune machines to obfuscate the circuit setup cell sequence.
I suggest you re-read the machines.c file instead of reading the diff here.

We abort the "look-like-nothing" strategy of the old machines, for these new
machines tha are carefully hand-tuned to obfuscate the circuit construction
sequence of intro/rend circuits.

We take this approach because it's easier to reason about the properties that
the machines offer, because they have minimal overhead, and also because they
are extensible by adding more states to them to do more advanced tricks
Use TOKEN_REMOVAL_NONE to avoid the use of monotime functions.
Control the volume of padding using state length.
Some machine tuning and extra documentation based on Mike's testing.
- Removed some useless intro-machine transitions, and documented the useful
  ones better.

- Tuned the intro machine to have zero tokens on the origin-side.

- Moved the 'should_negotiate_end' to the relay-side machine. This is needed,
  because there must be a way for the origin-side machine to be moved to the
  END state only _after_ receiving an INTRODUCE_ACK cell (otherwise, the
  circuit will be closed by the HS code). So we just have the relay-side
  machine close the circuit. This works out fine and does not cause a
  fingerprint because it's just a PADDING_NEGOTIATED incoming cell in the end,
  along with all the other incoming DROP cells.

- Decreased the latency of the rendezvous machine, so that the timing always
  works well.

- Fix some tests that got broken because now the origin-side intro machine,
  just moves to OBF state and stays there until the relay-side machine closes
  it down.
Add machine limits to guard against excess padding.
This will ensure that the machines stop padding if they ever xmit more than 1%
overhead after hitting their allowed counts.

This also ensures that they can't keep circuits opened forever via #28780,
even if they have bugs, since they will eventually hit this overhead limit,
stop padding, and then get shut down.
Update machine numbers for unit tests.
Now that we have real machines, other machines are later in this list.
fixup! Generate non-padding events for PADDING_NEGOTIATE(D).
We also need to deliver PADDING_NEGOTIATE events directly for the relay side,
so that rtt estimation behaves properly.
Improve comment clarity for packet patterns.
This helped me more easily visually match the patterns in
https://github.com/asn-d6/padanalyzer
@coveralls

This comment has been minimized.

Copy link

commented May 16, 2019

Pull Request Test Coverage Report for Build 5040

  • 160 of 172 (93.02%) changed or added relevant lines in 3 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.06%) to 62.569%

Changes Missing Coverage Covered Lines Changed/Added Lines %
src/core/or/circuitpadding.c 41 53 77.36%
Totals Coverage Status
Change from base Build 5038: 0.06%
Covered Lines: 46780
Relevant Lines: 74765

💛 - Coveralls

@asn-d6 asn-d6 closed this May 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.