From 463f6628d316cecdd612b4a78cd5349ab4a824c5 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 9 Apr 2014 11:13:37 -0400 Subject: Give each or_connection_t a slightly randomized idle_timeout Instead of killing an or_connection_t that has had no circuits for the last 3 minutes, give every or_connection_t a randomized timeout, so that an observer can't so easily infer from the connection close time the time at which its last circuit closed. Also, increase the base timeout for canonical connections from 3 minutes to 15 minutes. Fix for ticket 6799. --- changes/bug6799 | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 changes/bug6799 (limited to 'changes') diff --git a/changes/bug6799 b/changes/bug6799 new file mode 100644 index 000000000..b50762bb0 --- /dev/null +++ b/changes/bug6799 @@ -0,0 +1,13 @@ + o Major features: + + - Increate the base amount of time that a canonical connection + (one that we have made to a known OR) is allowed to stay open + from a 3 minutes to 15 minutes. This leaks less information + about when circuits have closed, and avoids unnecessary overhead + from renegotiating connections. Part of a fix for ticket 6799. + + - Instead of closing connections at a fixed interval after their + last circuit closed, randomly add up to 50% to each connection's + maximum timout. This makes it harder to tell when the last + circuit closed by looking at when a connection closes. Part of a + fix for ticket 6799. -- cgit v1.2.3 From 6557e612959dd9a1df4e85df4a11153be38db3ca Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 16 May 2014 10:32:31 -0400 Subject: Replace last_added_nonpadding with last_had_circuits The point of the "idle timeout" for connections is to kill the connection a while after it has no more circuits. But using "last added a non-padding cell" as a proxy for that is wrong, since if the last circuit is closed from the other side of the connection, we will not have sent anything on that connection since well before the last circuit closed. This is part of fixing 6799. When applied to 0.2.5, it is also a fix for 12023. --- changes/bug6799 | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'changes') diff --git a/changes/bug6799 b/changes/bug6799 index b50762bb0..14ba4ae0c 100644 --- a/changes/bug6799 +++ b/changes/bug6799 @@ -1,13 +1,20 @@ o Major features: - - Increate the base amount of time that a canonical connection + - Increase the base amount of time that a canonical connection (one that we have made to a known OR) is allowed to stay open from a 3 minutes to 15 minutes. This leaks less information about when circuits have closed, and avoids unnecessary overhead from renegotiating connections. Part of a fix for ticket 6799. - - Instead of closing connections at a fixed interval after their - last circuit closed, randomly add up to 50% to each connection's - maximum timout. This makes it harder to tell when the last + - Instead of closing connections after they have been idle for a + fixed interval, randomly add up to 50% to each connection's + maximum timeout. This makes it harder to tell when the last circuit closed by looking at when a connection closes. Part of a fix for ticket 6799. + + - Base connection idleness tests on the actual time elapsed since + the connection last had circuits, not on the time when we last + added non-padding. This also makes it harder to tell when the last + circuit closed by looking at when a connection closes. Part of a + fix for ticket 6799. + Incidentally fixes bug 12023; bugfix on 0.2.5.1-alpha. -- cgit v1.2.3 From bbb8f12ee4efd6f1c2bc8b34dfaf50e314863476 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 11 Jun 2014 11:52:58 -0400 Subject: Tweak changes entry for 6799 --- changes/bug6799 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'changes') diff --git a/changes/bug6799 b/changes/bug6799 index 14ba4ae0c..72b6519a2 100644 --- a/changes/bug6799 +++ b/changes/bug6799 @@ -1,8 +1,8 @@ o Major features: - Increase the base amount of time that a canonical connection - (one that we have made to a known OR) is allowed to stay open - from a 3 minutes to 15 minutes. This leaks less information + (one that we have made to a known OR) is allowed to stay idle + from 3 minutes to 15 minutes. This leaks less information about when circuits have closed, and avoids unnecessary overhead from renegotiating connections. Part of a fix for ticket 6799. @@ -14,7 +14,7 @@ - Base connection idleness tests on the actual time elapsed since the connection last had circuits, not on the time when we last - added non-padding. This also makes it harder to tell when the last - circuit closed by looking at when a connection closes. Part of a - fix for ticket 6799. + added non-padding. This change also makes it harder for an + observer to tell when the last circuit closed by looking at when + a connection closes. Part of a fix for ticket 6799. Incidentally fixes bug 12023; bugfix on 0.2.5.1-alpha. -- cgit v1.2.3