[tor-commits] [stegotorus/master] Various bugs in exponential backoff; split dummy/dummy_rr; remove completely unused steg constants
zwol at torproject.org
zwol at torproject.org
Fri Jul 20 23:17:06 UTC 2012
commit 37b973f695a47032d107291d3c91f1ec4ae9ed54
Author: Zack Weinberg <zackw at cmu.edu>
Date: Mon Jan 16 22:37:25 2012 +0000
Various bugs in exponential backoff; split dummy/dummy_rr; remove completely unused steg constants
git-svn-id: svn+ssh://spartan.csl.sri.com/svn/private/DEFIANCE@227 a58ff0ac-194c-e011-a152-003048836090
---
Makefile.am | 3 +-
src/protocol/chop.cc | 19 ++++---
src/steg.h | 48 +++++-------------
src/steg/dummy.cc | 59 +++-------------------
src/steg/dummy_rr.cc | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++
src/steg/embed.cc | 2 +-
src/steg/http.cc | 6 +--
7 files changed, 169 insertions(+), 101 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 04df59d..32f422b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -28,7 +28,8 @@ STEGANOGRAPHERS = \
src/steg/pdfSteg.cc \
src/steg/swfSteg.cc \
src/steg/zpack.cc \
- src/steg/dummy.cc
+ src/steg/dummy.cc \
+ src/steg/dummy_rr.cc
libstegotorus_a_SOURCES = \
src/connections.cc \
diff --git a/src/protocol/chop.cc b/src/protocol/chop.cc
index b7e95fb..348f610 100644
--- a/src/protocol/chop.cc
+++ b/src/protocol/chop.cc
@@ -36,9 +36,9 @@ struct chop_header
};
#define CHOP_WIRE_HDR_LEN (sizeof(struct chop_header))
-#define CHOP_MAX_DATA 16384
-#define CHOP_MAX_CHAFF 2048
#define CHOP_BLOCK_OVERHD (CHOP_WIRE_HDR_LEN + GCM_TAG_LEN)
+#define CHOP_MAX_DATA (65535 - CHOP_BLOCK_OVERHD)
+#define CHOP_MAX_CHAFF 2048
#define CHOP_F_SYN 0x0001
#define CHOP_F_FIN 0x0002
@@ -104,16 +104,18 @@ namespace {
CIRCUIT_DECLARE_METHODS(chop);
uint32_t axe_interval() {
- // 20*60*1000 lies between 2^20 and 2^21.
- uint32_t shift = std::max(1u, std::min(20u, dead_cycles));
- uint32_t xv = std::max(1u, std::min(20u * 60 * 1000, 1u << shift));
- return rng_range_geom(30 * 60 * 1000, xv) + 5 * 1000;
+ // This function must always return a number which is larger than
+ // the maximum possible number that *our peer's* flush_interval()
+ // could have returned; otherwise, we might axe the connection when
+ // it was just that there was nothing to say for a while.
+ // For simplicity's sake, right now we hardwire this to be 30 minutes.
+ return 30 * 60 * 1000;
}
uint32_t flush_interval() {
// 10*60*1000 lies between 2^19 and 2^20.
uint32_t shift = std::max(1u, std::min(19u, dead_cycles));
uint32_t xv = std::max(1u, std::min(10u * 60 * 1000, 1u << shift));
- return rng_range_geom(20 * 60 * 1000, xv) + 1000;
+ return rng_range_geom(20 * 60 * 1000, xv) + 100;
}
};
@@ -737,14 +739,12 @@ chop_push_to_upstream(circuit_t *c)
chop_reassembly_elt *ready = ckt->reassembly_queue.next;
if (!ready->data || ckt->recv_offset != ready->offset) {
log_debug(c, "no data pushable to upstream yet");
- ckt->dead_cycles++;
return 0;
}
if (!ckt->received_syn) {
if (!(ready->flags & CHOP_F_SYN)) {
log_debug(c, "waiting for SYN");
- ckt->dead_cycles++;
return 0;
}
log_debug(c, "processed SYN");
@@ -1113,6 +1113,7 @@ chop_circuit_t::send()
if (chop_send_chaff(this))
return -1;
this->dead_cycles++;
+ log_debug(this, "%u dead cycles", this->dead_cycles);
} else {
if (chop_send_blocks(this))
return -1;
diff --git a/src/steg.h b/src/steg.h
index c78ffd7..1ad5f82 100644
--- a/src/steg.h
+++ b/src/steg.h
@@ -54,27 +54,6 @@ struct steg_module
/** Name of the steganography module. Must be a valid C identifier. */
const char *name;
- /** Maximum data rate, in bytes per second, that this module can
- reasonably absorb when transmitting client-to-server. */
- size_t max_c2s_rate;
-
- /** Maximum data rate server-to-client. */
- size_t max_s2c_rate;
-
- /** Maximum number of concurrent connections to any single IP address
- that should be made using one instance of this module.
- If this value is greater than one, the module proposes to
- generate _correlated_ traffic across all concurrent connections.
- Only relevant for client-to-server traffic. */
- unsigned int max_corr_conns_per_ip;
-
- /** Maximum number of IP addresses that should be simultaneously
- connected to using one instance of this module. Again,
- if this value is greater than one, the module proposes to
- generate correlated traffic across all concurrent connections.
- Only relevant for client-to-server traffic. */
- unsigned int max_corr_ips;
-
/** Detect whether the inbound traffic from CONN is disguised using
the steganography this module implements. Do not consume any
data from CONN's inbound buffer, regardless of success or
@@ -95,20 +74,19 @@ steg_t *steg_detect(conn_t *conn);
/* Macros for use in defining steg modules. */
-#define STEG_DEFINE_MODULE(mod, csm, scm, mcci, mci) \
- /* detect and new_ dispatchers */ \
- static bool mod##_detect(conn_t *conn) \
- { return mod::detect(conn); } \
- static steg_t *mod##_new(bool is_clientside) \
- { return new mod(is_clientside); } \
- \
- /* canned methods */ \
- const char *mod::name() { return #mod; } \
- \
- /* module object */ \
- extern const steg_module s_mod_##mod = { \
- #mod, csm, scm, mcci, mci, \
- mod##_detect, mod##_new \
+#define STEG_DEFINE_MODULE(mod) \
+ /* detect and new_ dispatchers */ \
+ static bool mod##_detect(conn_t *conn) \
+ { return mod::detect(conn); } \
+ static steg_t *mod##_new(bool is_clientside) \
+ { return new mod(is_clientside); } \
+ \
+ /* canned methods */ \
+ const char *mod::name() { return #mod; } \
+ \
+ /* module object */ \
+ extern const steg_module s_mod_##mod = { \
+ #mod, mod##_detect, mod##_new \
} /* deliberate absence of semicolon */
#define STEG_DECLARE_METHODS(mod) \
diff --git a/src/steg/dummy.cc b/src/steg/dummy.cc
index 5823a69..c81b53f 100644
--- a/src/steg/dummy.cc
+++ b/src/steg/dummy.cc
@@ -37,28 +37,19 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include "protocol.h"
#include "steg.h"
#include <event2/buffer.h>
-#include <stdio.h>
#define DUMMY_PORT 3333
namespace {
struct dummy : steg_t
{
- bool have_transmitted : 1;
- bool have_received : 1;
STEG_DECLARE_METHODS(dummy);
};
}
-STEG_DEFINE_MODULE(dummy,
- 1024, /* client-server max data rate - made up */
- 10240, /* server-client max data rate - ditto */
- 1, /* max concurrent connections per IP */
- 1); /* max concurrent IPs */
-
+STEG_DEFINE_MODULE(dummy);
dummy::dummy(bool is_clientside)
- : have_transmitted(false), have_received(false)
{
this->is_clientside = is_clientside;
}
@@ -79,78 +70,46 @@ dummy::detect(conn_t *conn)
}
struct sockaddr_in* sin = (struct sockaddr_in*) addrs->ai_addr;
-
if (sin->sin_port == htons(DUMMY_PORT))
return 1;
return 0;
-
}
size_t
dummy::transmit_room(conn_t *)
{
-
- if (have_transmitted)
- return 0;
-
- if (is_clientside)
- return SIZE_MAX;
-
- if (!have_received)
- return 0;
-
return SIZE_MAX;
}
-
-
-
-
-
-
int
dummy::transmit(struct evbuffer *source, conn_t *conn)
{
struct evbuffer *dest = conn_get_outbound(conn);
- fprintf(stderr, "transmitting %d\n", (int) evbuffer_get_length(source));;
-
+ log_debug(conn, "transmitting %lu bytes",
+ (unsigned long)evbuffer_get_length(source));
if (evbuffer_add_buffer(dest, source)) {
- fprintf(stderr, "failed to transfer buffer\n");
+ log_warn(conn, "failed to transfer buffer");
+ return -1;
}
-
-
- conn_cease_transmission(conn);
- this->have_transmitted = 1;
return 0;
-
}
-
-
-
-
-
int
dummy::receive(conn_t *conn, struct evbuffer *dest)
{
struct evbuffer *source = conn_get_inbound(conn);
-
- fprintf(stderr, "receiving %d\n", (int) evbuffer_get_length(source));
+ log_debug(conn, "receiving %lu bytes",
+ (unsigned long)evbuffer_get_length(source));
if (evbuffer_add_buffer(dest, source)) {
- fprintf(stderr, "failed to transfer buffer\n");
+ log_warn(conn, "failed to transfer buffer");
+ return -1;
}
-
-
-
-
- this->have_received = 1;
- conn_transmit_soon(conn, 100);
return 0;
}
diff --git a/src/steg/dummy_rr.cc b/src/steg/dummy_rr.cc
new file mode 100644
index 0000000..010b91e
--- /dev/null
+++ b/src/steg/dummy_rr.cc
@@ -0,0 +1,133 @@
+/* Copyright (c) 2011, SRI International
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+
+ * Neither the names of the copyright owners nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ Contributors: Zack Weinberg, Vinod Yegneswaran
+ See LICENSE for other credits and copying information
+*/
+
+#include "util.h"
+#include "connections.h"
+#include "protocol.h"
+#include "steg.h"
+#include <event2/buffer.h>
+
+#define DUMMY_RR_PORT 3334
+
+namespace {
+struct dummy_rr : steg_t
+{
+ bool can_transmit : 1;
+ STEG_DECLARE_METHODS(dummy_rr);
+};
+}
+
+STEG_DEFINE_MODULE(dummy_rr);
+
+dummy_rr::dummy_rr(bool is_clientside)
+{
+ this->is_clientside = is_clientside;
+ this->can_transmit = is_clientside;
+}
+
+dummy_rr::~dummy_rr()
+{
+}
+
+/** Determine whether a connection should be processed by this
+ steganographer. */
+bool
+dummy_rr::detect(conn_t *conn)
+{
+ struct evutil_addrinfo *addrs = conn->cfg->get_listen_addrs(0);
+ if (!addrs) {
+ log_debug("no listen addrs\n");
+ return 0;
+ }
+
+ struct sockaddr_in* sin = (struct sockaddr_in*) addrs->ai_addr;
+ if (sin->sin_port == htons(DUMMY_RR_PORT))
+ return 1;
+
+ return 0;
+}
+
+size_t
+dummy_rr::transmit_room(conn_t *)
+{
+ return can_transmit ? SIZE_MAX : 0;
+}
+
+int
+dummy_rr::transmit(struct evbuffer *source, conn_t *conn)
+{
+ log_assert(can_transmit);
+
+ struct evbuffer *dest = conn_get_outbound(conn);
+
+ log_debug(conn, "transmitting %lu bytes",
+ (unsigned long)evbuffer_get_length(source));
+
+ if (evbuffer_add_buffer(dest, source)) {
+ log_warn(conn, "failed to transfer buffer");
+ return -1;
+ }
+
+ can_transmit = false;
+ if (is_clientside) {
+ conn_cease_transmission(conn);
+ } else {
+ conn_close_after_transmit(conn);
+ }
+
+ return 0;
+}
+
+int
+dummy_rr::receive(conn_t *conn, struct evbuffer *dest)
+{
+ struct evbuffer *source = conn_get_inbound(conn);
+
+ log_debug(conn, "receiving %lu bytes",
+ (unsigned long)evbuffer_get_length(source));
+
+ if (evbuffer_add_buffer(dest, source)) {
+ log_warn(conn, "failed to transfer buffer");
+ return -1;
+ }
+
+ if (is_clientside) {
+ conn_expect_close(conn);
+ } else {
+ can_transmit = true;
+ conn_transmit_soon(conn, 100);
+ }
+
+ return 0;
+}
diff --git a/src/steg/embed.cc b/src/steg/embed.cc
index 447d4cf..ae1a7fa 100644
--- a/src/steg/embed.cc
+++ b/src/steg/embed.cc
@@ -36,7 +36,7 @@ static int embed_init = 0; // whether traces are initialized
static int embed_num_traces; // number of traces
static trace_t *embed_traces; // global array of all traces
-STEG_DEFINE_MODULE(embed, 1024, 1024, 1, 1);
+STEG_DEFINE_MODULE(embed);
int millis_since(struct timeval *last) {
struct timeval cur;
diff --git a/src/steg/http.cc b/src/steg/http.cc
index 47290b0..70d5014 100644
--- a/src/steg/http.cc
+++ b/src/steg/http.cc
@@ -68,11 +68,7 @@ struct http : steg_t
};
}
-STEG_DEFINE_MODULE(http,
- 1024, /* client-server max data rate - made up */
- 10240, /* server-client max data rate - ditto */
- 1, /* max concurrent connections per IP */
- 1); /* max concurrent IPs */
+STEG_DEFINE_MODULE(http);
int http_client_uri_transmit (steg_t *s, struct evbuffer *source, conn_t *conn);
int http_client_cookie_transmit (steg_t *s, struct evbuffer *source, conn_t *conn);
More information about the tor-commits
mailing list