[or-cvs] r13484: Re-tune mempool parametes based on testing on peacetime: use (in tor/trunk: . doc src/common src/or)

nickm at seul.org nickm at seul.org
Tue Feb 12 20:20:52 UTC 2008


Author: nickm
Date: 2008-02-12 15:20:52 -0500 (Tue, 12 Feb 2008)
New Revision: 13484

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/doc/tor.1.in
   tor/trunk/src/common/aes.c
   tor/trunk/src/common/compat.h
   tor/trunk/src/common/mempool.c
   tor/trunk/src/common/mempool.h
   tor/trunk/src/common/tortls.c
   tor/trunk/src/common/tortls.h
   tor/trunk/src/or/buffers.c
   tor/trunk/src/or/command.c
   tor/trunk/src/or/connection_edge.c
   tor/trunk/src/or/connection_or.c
   tor/trunk/src/or/dnsserv.c
   tor/trunk/src/or/geoip.c
   tor/trunk/src/or/networkstatus.c
   tor/trunk/src/or/ntmain.c
   tor/trunk/src/or/or.h
   tor/trunk/src/or/relay.c
   tor/trunk/src/or/rendservice.c
   tor/trunk/src/or/rephist.c
   tor/trunk/src/or/test.c
Log:
 r18051 at catbus:  nickm | 2008-02-12 15:20:43 -0500
 Re-tune mempool parametes based on testing on peacetime: use smaller chuncks, free them a little more aggressively, and try very hard to concentrate allocations on fuller chunks.  Also, lots of new documentation.


/home/or/svnrepo/hooks/commit-email.pl: `/usr/bin/svnlook diff /home/or/svnrepo -r 13484' failed with this output:

Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r18051] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/ChangeLog	2008-02-12 20:20:52 UTC (rev 13484)
@@ -1,4 +1,8 @@
 Changes in version 0.2.0.20-?? - 2008-02-??
+  o Minor features (performance):
+    - Tune parameters for cell pool allocation to minimize amount of
+      RAM overhead used.
+
   o Minor bugfixes:
     - Log the correct memory chunk sizes for empty RAM chunks in mempool.c
     - Directory mirrors no longer include a guess at the client's IP

Modified: tor/trunk/doc/tor.1.in
===================================================================
--- tor/trunk/doc/tor.1.in	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/doc/tor.1.in	2008-02-12 20:20:52 UTC (rev 13484)
@@ -979,6 +979,17 @@
 behalf of clients, and only takes effect if Tor was built with
 eventdns support.
 (Default: 0)
+.LP
+.TP
+\fBBridgeRecordUsageByCountry \fR\fB0\fR|\fB1\fR\fP
+When this option is enabled and BridgeRelay is also enabled, and we
+have GeoIP data, Tor keeps a keep a per-country count of how many
+client addresses have contacted it so that it can help the bridge
+authority guess which countries have blocked access to it.
+.LP
+.TP
+\fBGeoIPFile \fR\fIfilename\fP
+A filename containing GeoIP data, for use with BridgeRecordUsageByCountry.
 
 .SH DIRECTORY SERVER OPTIONS
 .PP

Modified: tor/trunk/src/common/aes.c
===================================================================
--- tor/trunk/src/common/aes.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/common/aes.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -28,8 +28,13 @@
 /* We have 3 strategies for getting AES: Via OpenSSL's AES_encrypt function,
  * via OpenSSL's EVP_EncryptUpdate function, or via the built-in AES
  * implementation below. */
+
+/** Defined iff we're using openssl's AES functions for AES. */
 #undef USE_OPENSSL_AES
+/** Defined iff we're using openssl's EVP code for AES. */
 #undef USE_OPENSSL_EVP
+/** Defined iff we're using Tor's internal AES implementation, defined
+ * below. */
 #undef USE_BUILTIN_AES
 
 /* Figure out our CPU type.  We use this to pick an AES implementation.
@@ -130,6 +135,7 @@
 /*======================================================================*/
 /* Interface to AES code, and counter implementation */
 
+/** Implements an aes counter-mode cipher. */
 struct aes_cnt_cipher {
   /** This next element (howevever it's defined) is the AES key. */
 #if defined(USE_OPENSSL_EVP)

Modified: tor/trunk/src/common/compat.h
===================================================================
--- tor/trunk/src/common/compat.h	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/common/compat.h	2008-02-12 20:20:52 UTC (rev 13484)
@@ -330,6 +330,7 @@
 
 typedef uint8_t maskbits_t;
 struct in_addr;
+/** DOCDOC */
 typedef struct tor_addr_t
 {
   sa_family_t family;

Modified: tor/trunk/src/common/mempool.c
===================================================================
--- tor/trunk/src/common/mempool.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/common/mempool.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -12,7 +12,7 @@
 #define MEMPOOL_PRIVATE
 #include "mempool.h"
 
-//#define LAZY_CHUNK_SORT
+#define LAZY_CHUNK_SORT
 
 /* OVERVIEW:
  *
@@ -193,7 +193,9 @@
   return chunk;
 }
 
-/** DOCDOC */
+/** Take a <b>chunk</b> that has just been allocated or removed from
+ * <b>pool</b>'s empty chunk list, and add it to the head of the used chunk
+ * list. */
 static INLINE void
 add_newly_used_chunk_to_used_list(mp_pool_t *pool, mp_chunk_t *chunk)
 {
@@ -347,7 +349,6 @@
 
     ++pool->n_empty_chunks;
   }
-
   --chunk->n_allocated;
 }
 
@@ -404,7 +405,8 @@
 }
 
 #ifdef LAZY_CHUNK_SORT
-/** DOCDOC */
+/** Helper function for qsort: used to sort pointers to mp_chunk_t into
+ * descending order of fullness. */
 static int
 mp_pool_sort_used_chunks_helper(const void *_a, const void *_b)
 {
@@ -413,7 +415,9 @@
   return b->n_allocated - a->n_allocated;
 }
 
-/** DOCDOC */
+/** Sort the used chunks in <b>pool</b> into descending order of fullness,
+ * so that we preferentially fill up mostly full chunks before we make
+ * nearly empty chunks less nearly empty. */
 static void
 mp_pool_sort_used_chunks(mp_pool_t *pool)
 {
@@ -426,7 +430,6 @@
   }
   if (!inverted)
     return;
-  ASSERT(n);
   //printf("Sort %d/%d\n",inverted,n);
   chunks = ALLOC(sizeof(mp_chunk_t *)*n);
 #ifdef ALLOC_CAN_RETURN_NULL
@@ -456,12 +459,9 @@
 #endif
 
 /** If there are more than <b>n</b> empty chunks in <b>pool</b>, free the
- * excess ones that have been empty for the longest.  (If <b>n</b> is less
- * than zero, free only empty chunks that were not used since the last
- * call to mp_pool_clean(), leaving only -<b>n</b>.)
- * DOCDOC Keep_recently_used, n_to_keep
- * XXXX020 maybe dump negative n_to_keep behavior, if k_r_u turns out to be
- *   smarter.
+ * excess ones that have been empty for the longest. If
+ * <b>keep_recently_used</b> is true, do not free chunks unless they have been
+ * empty since the last call to this function.
  **/
 void
 mp_pool_clean(mp_pool_t *pool, int n_to_keep, int keep_recently_used)
@@ -471,12 +471,8 @@
 #ifdef LAZY_CHUNK_SORT
   mp_pool_sort_used_chunks(pool);
 #endif
+  ASSERT(n_to_keep >= 0);
 
-  if (n_to_keep < 0) {
-    /* As said in the documentation, "negative n" means "leave an additional
-     * -n chunks". So replace n with a positive number. */
-    n_to_keep = pool->min_empty_chunks + (-n_to_keep);
-  }
   if (keep_recently_used) {
     int n_recently_used = pool->n_empty_chunks - pool->min_empty_chunks;
     if (n_to_keep < n_recently_used)

Modified: tor/trunk/src/common/mempool.h
===================================================================
--- tor/trunk/src/common/mempool.h	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/common/mempool.h	2008-02-12 20:20:52 UTC (rev 13484)
@@ -3,7 +3,7 @@
 /* $Id$ */
 
 /**
- * \file util.h
+ * \file mempool.h
  * \brief Headers for mempool.c
  **/
 

Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/common/tortls.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -1105,8 +1105,13 @@
     tor_free(s2);
 }
 
-/** DOCDOC helper.
- * cert_out needs to be freed. id_cert_out doesn't. */
+/** Helper function: try to extract a link certificate and an identity
+ * certificate from <b>tls</b>, and store them in *<b>cert_out</b> and
+ * *<b>id_cert_out</b> respectively.  Log all messages at level
+ * <b>severity</b>.
+ *
+ * Note that a reference is added to cert_out, so it needs to be
+ * freed. id_cert_out doesn't. */
 static void
 try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
                               X509 **cert_out, X509 **id_cert_out)
@@ -1141,12 +1146,12 @@
 }
 
 /** If the provided tls connection is authenticated and has a
- * certificate that is currently valid and signed, then set
+ * certificate chain that is currently valid and signed, then set
  * *<b>identity_key</b> to the identity certificate's key and return
  * 0.  Else, return -1 and log complaints with log-level <b>severity</b>.
  */
 int
-tor_tls_verify_v1(int severity, tor_tls_t *tls, crypto_pk_env_t **identity_key)
+tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_env_t **identity_key)
 {
   X509 *cert = NULL, *id_cert = NULL;
   EVP_PKEY *id_pkey = NULL;
@@ -1279,7 +1284,8 @@
   tls_log_errors(LOG_WARN, NULL);
 }
 
-/**DOCDOC */
+/** Return true iff the initial TLS connection at <b>tls</b> did not use a v2
+ * TLS handshake. Output undefined if the handshake isn't finished. */
 int
 tor_tls_used_v1_handshake(tor_tls_t *tls)
 {

Modified: tor/trunk/src/common/tortls.h
===================================================================
--- tor/trunk/src/common/tortls.h	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/common/tortls.h	2008-02-12 20:20:52 UTC (rev 13484)
@@ -55,8 +55,7 @@
 int tor_tls_is_server(tor_tls_t *tls);
 void tor_tls_free(tor_tls_t *tls);
 int tor_tls_peer_has_cert(tor_tls_t *tls);
-int tor_tls_verify_v1(int severity, tor_tls_t *tls,
-                      crypto_pk_env_t **identity);
+int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_env_t **identity);
 int tor_tls_check_lifetime(tor_tls_t *tls, int tolerance);
 int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);
 int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);

Modified: tor/trunk/src/or/buffers.c
===================================================================
--- tor/trunk/src/or/buffers.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/or/buffers.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -20,6 +20,8 @@
 //#define NOINLINE
 
 #ifdef PARANOIA
+/** Helper: If PARANOIA is defined, assert that the buffer in local variable
+ * <b>buf</b> is well-formed. */
 #define check() STMT_BEGIN assert_buf_ok(buf); STMT_END
 #else
 #define check() STMT_NIL
@@ -124,6 +126,8 @@
   FL(0, 0, 0)
 };
 #undef FL
+/** How many times have we looked for a chunk of a size that no freelist
+ * could help with? */
 static uint64_t n_freelist_miss = 0;
 
 static void assert_freelist_ok(chunk_freelist_t *fl);
@@ -232,7 +236,7 @@
 #define MIN_READ_LEN 8
 /** Every chunk should take up at least this many bytes. */
 #define MIN_CHUNK_ALLOC 256
-/*XXXX020 enforce this maximum. */
+/** No chunk should take up more than this many bytes. */
 #define MAX_CHUNK_ALLOC 65536
 
 /** Return the allocation size we'd like to use to hold <b>target</b>
@@ -549,7 +553,7 @@
 }
 
 /** Read up to <b>at_most</b> bytes from the socket <b>fd</b> into
- * <b>chunk</b> (which must be on <b>buf/b>). If we get an EOF, set
+ * <b>chunk</b> (which must be on <b>buf</b>). If we get an EOF, set
  * *<b>reached_eof</b> to 1.  Return -1 on error, 0 on eof or blocking,
  * and the number of bytes read otherwise. */
 static INLINE int

Modified: tor/trunk/src/or/command.c
===================================================================
--- tor/trunk/src/or/command.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/or/command.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -445,10 +445,10 @@
   }
 }
 
-/** Process a 'versions' cell.  The current link protocol version must be 0
- * to indicate that no version has yet been negotiated.  We compare the versions
- * cell to the list of versions we support, pick the highest version we
- * have in common, and continue the negotiation from there.
+/** Process a 'versions' cell.  The current link protocol version must be 0 to
+ * indicate that no version has yet been negotiated.  We compare the versions
+ * cell to the list of versions we support, pick the highest version we have
+ * in common, and continue the negotiation from there.
  */
 static void
 command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)

Modified: tor/trunk/src/or/connection_edge.c
===================================================================
--- tor/trunk/src/or/connection_edge.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/or/connection_edge.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -925,6 +925,7 @@
  *
  * These options are configured by parse_virtual_addr_network().
  */
+/*DOCDOC options */
 static uint32_t virtual_addr_network = 0x7fc00000u;
 static maskbits_t virtual_addr_netmask_bits = 10;
 static uint32_t next_virtual_addr    = 0x7fc00000u;

Modified: tor/trunk/src/or/connection_or.c
===================================================================
--- tor/trunk/src/or/connection_or.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/or/connection_or.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -404,8 +404,8 @@
       /* Override the addr/port, so our log messages will make sense.
        * This is dangerous, since if we ever try looking up a conn by
        * its actual addr/port, we won't remember. Careful! */
-      /* XXXX020 this is stupid, and it's the reason we need real_addr to
-       * track is_canonical properly. */
+      /* XXXX020 arma: this is stupid, and it's the reason we need real_addr
+       * to track is_canonical properly.  What requires it? */
       conn->_base.addr = r->addr;
       conn->_base.port = r->or_port;
     }
@@ -724,8 +724,8 @@
   check_no_tls_errors();
 
   if (has_cert) {
-    int v = tor_tls_verify_v1(started_here?severity:LOG_INFO,
-                              conn->tls, &identity_rcvd);
+    int v = tor_tls_verify(started_here?severity:LOG_INFO,
+                           conn->tls, &identity_rcvd);
     if (started_here && v<0) {
       log_fn(severity,LD_OR,"Tried connecting to router at %s:%d: It"
              " has a cert but it's invalid. Closing.",

Modified: tor/trunk/src/or/dnsserv.c
===================================================================
--- tor/trunk/src/or/dnsserv.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/or/dnsserv.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -5,7 +5,7 @@
   "$Id$";
 
 /**
- * \file dnservs.c \brief Implements client-side DNS proxy server code.  Note:
+ * \file dnsserv.c \brief Implements client-side DNS proxy server code.  Note:
  * this is the DNS Server code, not the Server DNS code.  Confused?  This code
  * runs on client-side, and acts as a DNS server.  The code in dns.c, on the
  * other hand, runs on Tor servers, and acts as a DNS client.

Modified: tor/trunk/src/or/geoip.c
===================================================================
--- tor/trunk/src/or/geoip.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/or/geoip.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -294,10 +294,10 @@
   return client_history_starts;
 }
 
-/* Helper type: used to sort results by value. */
+/** Helper type: used to sort per-country totals by value. */
 typedef struct c_hist_t {
-  char country[3];
-  unsigned total;
+  char country[3]; /**< two-leter country code. */
+  unsigned total; /**< total ips seen in this country. */
 } c_hist_t;
 
 /** Sorting helper: return -1, 1, or 0 based on comparison of two

Modified: tor/trunk/src/or/networkstatus.c
===================================================================
--- tor/trunk/src/or/networkstatus.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/or/networkstatus.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -8,7 +8,8 @@
   "$Id$";
 
 /**
- * \file Functions and structures for handling network status documents as a
+ * \file networkstatus.c
+ * \brief Functions and structures for handling network status documents as a
  * client or cache.
  */
 

Modified: tor/trunk/src/or/ntmain.c
===================================================================
--- tor/trunk/src/or/ntmain.c	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/or/ntmain.c	2008-02-12 20:20:52 UTC (rev 13484)
@@ -45,6 +45,8 @@
 static int nt_service_cmd_start(void);
 static int nt_service_cmd_stop(void);
 
+/** Struct to hold dynamically loaded NT-service related function pointers.
+ */
 struct service_fns {
   int loaded;
 

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2008-02-12 18:42:16 UTC (rev 13483)
+++ tor/trunk/src/or/or.h	2008-02-12 20:20:52 UTC (rev 13484)
@@ -916,13 +916,20 @@
    * recent, we can rate limit it further. */
   time_t client_used;
 
-  uint32_t real_addr; /**DOCDOC */
+  uint32_t real_addr; /**< The actual address that this connection came from
+                       * or went to.  The <b>addr</b> field is prone to
+                       * getting overridden by the address from the router
+                       * descriptor matching <b>identity_digest</b>. */
 
   circ_id_type_t circ_id_type:2; /**< When we send CREATE cells along this
                                   * connection, which half of the space should
                                   * we use? */
-  unsigned int is_canonical:1; /**< DOCDOC */
-  unsigned int have_renegotiated:1; /**< DOCDOC */
+  /** Should this connection be used for extending circuits to the server
+   * matching the <b>identity_digest</b> field?  Set to true if we're pretty
+   * sure we aren't getting MITMed, either because we're connected to an
+   * address listed in a server descriptor, or because an authenticated
+   * NETINFO cell listed the address we're connected to as recognized. */
+  unsigned int is_canonical:1;
   uint8_t link_proto; /**< What protocol version are we using? 0 for
                        * "none negotiated yet." */
   uint16_t next_circ_id; /**< Which circ_id do we try to use next on
@@ -1445,7 +1452,7 @@
                   * running. */
 } vote_routerstatus_t;
 
-/* Information about a single voter in a vote or a consensus. */
+/** Information about a single voter in a vote or a consensus. */
 typedef struct networkstatus_voter_info_t {
   char *nickname; /**< Nickname of this voter */
   char identity_digest[DIGEST_LEN]; /**< Digest of this voter's identity key */
@@ -2335,8 +2342,11 @@
    * cached. */
   char *FallbackNetworkstatusFile;
 
-  /** DOCDOC here and in tor.1 */
+  /** If true, and we have GeoIP data, and we're a bridge, keep a per-country
+   * count of how many client addresses have contacted us so that we can help
+   * the bridge authority guess which countries have blocked access to us. */
   int BridgeRecordUsageByCountry;
+  /** Optionally, a file with GeoIP data. */
   char *GeoIPFile;
 
 } or_options_t;

Modified: tor/trunk/src/or/relay.c
===================================================================



More information about the tor-commits mailing list