mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-20 18:22:09 +01:00
Code Issues Projects Releases Wiki Activity

close idle tls conns early

Browse Source
This commit is contained in:
Roger Dingledine 2010-04-23 20:23:00 -04:00
parent b264192083
commit 67b38d5068
2 changed files with 59 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
changes/close_idle_conns_faster Normal file
View File

@ -0,0 +1,6 @@
o Major bugfixes:
- Make relays more aggressive about closing TLS connections that
have no circuits on them. Tens of thousands of them were piling
up at the fast relays, causing the relays to run out of sockets
and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
their directory fetches over TLS).

33
src/or/main.c
View File

@ -663,6 +663,15 @@ directory_info_has_arrived(time_t now, int from_cache)
consider_testing_reachability(1, 1); consider_testing_reachability(1, 1);
} }
/** How long do we wait before killing OR connections with no circuits?
* In Tor versions up to 0.2.1.25 and 0.2.2.12-alpha, we waited 15 minutes
* before cancelling these connections, which caused fast relays to accrue
* many many idle connections. Hopefully 3 minutes is low enough that
* it kills most idle connections, without being so low that we cause
* clients to bounce on and off.
*/
#define IDLE_OR_CONN_TIMEOUT 180
/** Perform regular maintenance tasks for a single connection. This /** Perform regular maintenance tasks for a single connection. This
* function gets run once per second per connection by run_scheduled_events. * function gets run once per second per connection by run_scheduled_events.
*/ */
@ -673,6 +682,8 @@ run_connection_housekeeping(int i, time_t now)
connection_t *conn = smartlist_get(connection_array, i); connection_t *conn = smartlist_get(connection_array, i);
or_options_t *options = get_options(); or_options_t *options = get_options();
or_connection_t *or_conn; or_connection_t *or_conn;
int past_keepalive =
now >= conn->timestamp_lastwritten + options->KeepalivePeriod;
if (conn->outbuf && !buf_datalen(conn->outbuf) && conn->type == CONN_TYPE_OR) if (conn->outbuf && !buf_datalen(conn->outbuf) && conn->type == CONN_TYPE_OR)
TO_OR_CONN(conn)->timestamp_lastempty = now; TO_OR_CONN(conn)->timestamp_lastempty = now;
@ -707,6 +718,9 @@ run_connection_housekeeping(int i, time_t now)
if (!connection_speaks_cells(conn)) if (!connection_speaks_cells(conn))
return; /* we're all done here, the rest is just for OR conns */ return; /* we're all done here, the rest is just for OR conns */
/* If we haven't written to an OR connection for a while, then either nuke
the connection or send a keepalive, depending. */
or_conn = TO_OR_CONN(conn); or_conn = TO_OR_CONN(conn);
if (or_conn->is_bad_for_new_circs && !or_conn->n_circuits) { if (or_conn->is_bad_for_new_circs && !or_conn->n_circuits) {
@ -721,14 +735,7 @@ run_connection_housekeeping(int i, time_t now)
"Tor gave up on the connection"); "Tor gave up on the connection");
connection_mark_for_close(conn); connection_mark_for_close(conn);
conn->hold_open_until_flushed = 1; conn->hold_open_until_flushed = 1;
return; } else if (past_keepalive && !connection_state_is_open(conn)) {
}
/* If we haven't written to an OR connection for a while, then either nuke
the connection or send a keepalive, depending. */
if (now >= conn->timestamp_lastwritten + options->KeepalivePeriod) {
int maxCircuitlessPeriod = options->MaxCircuitDirtiness*3/2;
if (!connection_state_is_open(conn)) {
/* We never managed to actually get this connection open and happy. */ /* We never managed to actually get this connection open and happy. */
log_info(LD_OR,"Expiring non-open OR connection to fd %d (%s:%d).", log_info(LD_OR,"Expiring non-open OR connection to fd %d (%s:%d).",
conn->s,conn->address, conn->port); conn->s,conn->address, conn->port);
@ -744,9 +751,10 @@ run_connection_housekeeping(int i, time_t now)
conn->hold_open_until_flushed = 1; conn->hold_open_until_flushed = 1;
} else if (!or_conn->n_circuits && } else if (!or_conn->n_circuits &&
now >= or_conn->timestamp_last_added_nonpadding + now >= or_conn->timestamp_last_added_nonpadding +
maxCircuitlessPeriod) { IDLE_OR_CONN_TIMEOUT) {
log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) " log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) "
"[idle].", conn->s,conn->address, conn->port); "[idle %d].", conn->s,conn->address, conn->port,
(int)(now - or_conn->timestamp_last_added_nonpadding));
connection_mark_for_close(conn); connection_mark_for_close(conn);
conn->hold_open_until_flushed = 1; conn->hold_open_until_flushed = 1;
} else if ( } else if (
@ -759,15 +767,14 @@ run_connection_housekeeping(int i, time_t now)
(int)buf_datalen(conn->outbuf), (int)buf_datalen(conn->outbuf),
(int)(now-conn->timestamp_lastwritten)); (int)(now-conn->timestamp_lastwritten));
connection_mark_for_close(conn); connection_mark_for_close(conn);
} else if (!buf_datalen(conn->outbuf)) { } else if (past_keepalive && !buf_datalen(conn->outbuf)) {
/* either in clique mode, or we've got a circuit. send a padding cell. */ /* send a padding cell */
log_fn(LOG_DEBUG,LD_OR,"Sending keepalive to (%s:%d)", log_fn(LOG_DEBUG,LD_OR,"Sending keepalive to (%s:%d)",
conn->address, conn->port); conn->address, conn->port);
memset(&cell,0,sizeof(cell_t)); memset(&cell,0,sizeof(cell_t));
cell.command = CELL_PADDING; cell.command = CELL_PADDING;
connection_or_write_cell_to_buf(&cell, or_conn); connection_or_write_cell_to_buf(&cell, or_conn);
} }
}
} }
/** Honor a NEWNYM request: make future requests unlinkability to past /** Honor a NEWNYM request: make future requests unlinkability to past