Adaptive padding final #624
Conversation
We need this for padding negotiation so that we can have later machine revisions supercede earlier ones. Co-authored-by: George Kadianakis <desnacked@riseup.net>
This is a good code review start point, to get an overview of the interfaces and types used in circuit padding. Co-authored-by: George Kadianakis <desnacked@riseup.net>
Co-authored-by: George Kadianakis <desnacked@riseup.net>
Co-authored-by: George Kadianakis <desnacked@riseup.net>
This helps us to determine if a middle node can pad to us or not. Co-authored-by: George Kadianakis <desnacked@riseup.net>
Co-authored-by: George Kadianakis <desnacked@riseup.net>
These event callbacks allow circuit padding to decide when to attempt to launch and negotiate new padding machines, and when to tear old ones down. Co-authored-by: George Kadianakis <desnacked@riseup.net>
These callbacks allow the padding state machines to react to various types of sent and received relay cells. Co-authored-by: George Kadianakis <desnacked@riseup.net>
This implements all of the event handling, state machines, and padding decisions for circuit padding. I recommend reviewing this after you look at the call-in points into it from the rest of Tor. Co-authored-by: George Kadianakis <desnacked@riseup.net>
Co-authored-by: George Kadianakis <desnacked@riseup.net>
Co-authored-by: George Kadianakis <desnacked@riseup.net>
Hope is this will make it easier to test on the live tor network. Does not need to be merged if we don't want to, but will come in handy for researchers. Co-authored-by: George Kadianakis <desnacked@riseup.net>
This project introduces the prob_distr.c subsystem which implements all the probability distributions that WTF-PAD needs. It also adds unittests for all of them. Code and tests courtesy of Riastradh. Co-authored-by: Taylor R Campbell <campbell+tor@mumble.net> Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
Co-authored-by: Mike Perry <mikeperry-git@torproject.org> Co-authored-by: Taylor R Campbell <campbell+tor@mumble.net>
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
Co-authored-by: Mike Perry <mikeperry-git@torproject.org>
Note to self/others: don't merge this. Co-authored-by: George Kadianakis <desnacked@riseup.net>
Pull Request Test Coverage Report for Build 3569
💛 - Coveralls |
| @@ -83,6 +83,14 @@ | |||
| ++var ## _sl_idx) { \ | |||
| var = (sl)->list[var ## _sl_idx]; | |||
|
|
|||
| #define SMARTLIST_FOREACH_REVERSE_BEGIN(sl, type, var) \ | |||
There was a problem hiding this comment.
I think this will be incompatible with SMARTLIST_DEL_CURRENT; we should maybe add a comment?
There was a problem hiding this comment.
A comment about this was added in a336d81.
src/core/or/circuitpadding.h
Outdated
| #ifndef TOR_CIRCUITPADDING_H | ||
| #define TOR_CIRCUITPADDING_H | ||
|
|
||
| #include "circpad_negotiation.h" |
There was a problem hiding this comment.
We try to include stuff like this by full path; can fix post merge though.
| typedef int8_t circpad_hist_index_t; | ||
|
|
||
| /** The type for absolute time, from monotime_absolute_usec() */ | ||
| typedef uint64_t circpad_time_t; |
There was a problem hiding this comment.
It is probably faster to use something else if we are going to be calling this a lot; the non-coarse monotime functions are slower than the coarse ones, and converting to usec sometimes takes an expensive division on 32-bit platforms.
There was a problem hiding this comment.
Hmm, not quite sure how to fix this.
Not sure if using coarse time sources is acceptable here given that padding delays are can be pretty small and might need to be accurate.
Any ideas?
There was a problem hiding this comment.
So, how small are we talking here? Libevent won't reliably give us a timeout more fine-grained than tens of milliseconds on many platforms.
Even if coarse time isn't workable, we should at least figure out how to minimize how often this is called, and try to use monotime_t. But I think coarse time or timestamp-units is a better idea, probably.
Maybe the right answer is to define an abstraction that can be one or the other, and compile it conditionally?
There was a problem hiding this comment.
This was discussed and resolved in the trac ticket: https://trac.torproject.org/projects/tor/ticket/28142#comment:35
We should fix this for good before enabling any machines.
|
|
||
| /** | ||
| * \file circuitpadding.h | ||
| * \brief Header file for circuitpadding.c. |
There was a problem hiding this comment.
This could use a comment that explains WTF-PAD 101 for beginners, unless such a comment will appear somewhere else. Most of the stuff below in this file only makes sense if you know how the rest of wtfpad works.
| * A circuit must satisfy every sub-field in this type in order | ||
| * to be considered to match the conditions. | ||
| */ | ||
| typedef struct circpad_machine_conditions_t { |
There was a problem hiding this comment.
Are all of these structures are stuff that users of the wtf-pad api will need, or are some of them internal only, or only used in a few places? In the latter case, we now use a "foo_st.h" header for them.
There was a problem hiding this comment.
I think we can do this, yes.
Folded this idea in https://trac.torproject.org/projects/tor/ticket/28777#comment:3 so that we can do it post-merge, if you think that's acceptable.
PADDING_TODO.txt
Outdated
| @@ -0,0 +1,58 @@ | |||
| TODO sketch for this branch, in rough priority order: | |||
There was a problem hiding this comment.
Does this file get removed later on in the branch? If not, then the commit message suggests we have an issue here. :)
There was a problem hiding this comment.
Mike what should we do with this file in your opinion?
There was a problem hiding this comment.
I removed the TODO file in b269ab5 and added the remaining items as children of #28632.
| @@ -1020,6 +1020,21 @@ The following options are useful only for clients (that is, if | |||
| The .exit address notation, if enabled via MapAddress, overrides | |||
| this option. | |||
|
|
|||
| [[MiddleNodes]] **MiddleNodes** __node__,__node__,__...__:: | |||
There was a problem hiding this comment.
If this is going to get merged, we should mark it as experimental-only for some reason, and tell people what they should use instead for non-experimental use. We may also want to say explicitly that it might go away in the future.
src/lib/crypt_ops/crypto_rand.c
Outdated
| * Draw an unsigned 32-bit integer uniformly at random. | ||
| */ | ||
| uint32_t | ||
| crypto_rand_uint32(void) |
There was a problem hiding this comment.
This function's behavior is inconsistent with crypto_rand_uint64(), which takes an argument. Maybe it should have a different name, like, crypto_rand_u32()? Or maybe we should rename the other one?
| @@ -3,3 +3,5 @@ orconfig.h | |||
| lib/cc/*.h | |||
| lib/log/*.h | |||
| lib/math/*.h | |||
| lib/testsupport/*.h | |||
| lib/crypt_ops/*.h | |||
There was a problem hiding this comment.
This change raises lib/math to a higher level than it was at before, which means that these libraries will no longer be able to use it: container, trace, thread, term, memarea, encoding, sandbox, fs, meminfo, crypt_os, and time. I think that's okay?
There was a problem hiding this comment.
OK. If it ever becomes a problem, we can reevaluate.
|
|
||
| /* isinf() wrapper for tor */ | ||
| int | ||
| tor_isinf(double x) |
In file included from src/core/or/connection_edge.c:70:0: ./src/core/or/circuitpadding.h:16:26: error: redefinition of typedef ‘circuit_t’ ./src/core/or/or.h:930:26: note: previous declaration of ‘circuit_t’ was here ./src/core/or/circuitpadding.h:17:33: error: redefinition of typedef ‘origin_circuit_t’ ./src/core/or/or.h:931:33: note: previous declaration of ‘origin_circuit_t’ was here ./src/core/or/circuitpadding.h:18:23: error: redefinition of typedef ‘cell_t’ ./src/core/or/or.h:628:23: note: previous declaration of ‘cell_t’ was here typedef doesn't work for forward declarations, but plain struct without a typedef wrapper does (and unlike the _t type aliases makes it clearer for everyone whether you're talking about the struct or the pointer).
In file included from ./src/core/or/or_circuit_st.h:12:0,
from src/core/or/circuitlist.c:112:
./src/core/or/circuit_st.h:15:39: error: redefinition of typedef ‘circpad_machine_spec_t’
./src/core/or/circuitpadding.h:572:3: note: previous declaration of ‘circpad_machine_spec_t’ was here
./src/core/or/circuit_st.h:16:40: error: redefinition of typedef ‘circpad_machine_state_t’
./src/core/or/circuitpadding.h:517:3: note: previous declaration of ‘circpad_machine_state_t’ was here
Test exactly what the geometric sampler returns, because that's what
the downstream callers of it are going to use.
While here, also assert that the geometric sampler returns a positive
integer. (Our geometric distribution is the one suported on {1, 2,
3, ...} that returns the number of trials before the first success,
not the one supported on {0, 1, 2, ...} that returns the number of
failures before the first success.)
NOTE: This commit breaks the build, because there was a mistake in an earlier change of exactly the sort that this is meant to detect! I'm leaving it broken for illustration.
asn-d6
force-pushed
the
adaptive_padding-final
branch
from
94c33ea
to
4dc189a
Compare
All remaining tasks are now part of #28632.
ghost
merged commit 
No description provided.