[tor-commits] [torbutton/master] Bug 13766: Set a 10 minute circuit dirty timeout for the catch-all circ.
mikeperry at torproject.org
mikeperry at torproject.org
Wed Mar 25 04:00:56 UTC 2015
commit 2359bd808367673ed7738a8b96b0fcb8571883dc
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Tue Mar 24 20:27:20 2015 -0700
Bug 13766: Set a 10 minute circuit dirty timeout for the catch-all circ.
This will allow us to raise the circuit dirty timeout value for all other
circs.
---
src/components/domain-isolator.js | 36 ++++++++++++++++++++++++++----------
1 file changed, 26 insertions(+), 10 deletions(-)
diff --git a/src/components/domain-isolator.js b/src/components/domain-isolator.js
index 6e6201e..a05fee2 100644
--- a/src/components/domain-isolator.js
+++ b/src/components/domain-isolator.js
@@ -53,6 +53,10 @@ let tor = tor || {};
// A mutable map that records what nonce we are using for each domain.
tor.noncesForDomains = {};
+// __tor.unknownDirtySince__.
+// Specifies when the current catch-all circuit was first used
+tor.unknownDirtySince = Date.now();
+
// __tor.socksProxyCredentials(originalProxy, domain)__.
// Takes a proxyInfo object (originalProxy) and returns a new proxyInfo
// object with the same properties, except the username is set to the
@@ -74,6 +78,17 @@ tor.socksProxyCredentials = function (originalProxy, domain) {
proxy.failoverProxy);
};
+tor.newCircuitForDomain = function(domain) {
+ // Check if we already have a nonce. If not, create
+ // one for this domain.
+ if (!tor.noncesForDomains.hasOwnProperty(domain)) {
+ tor.noncesForDomains[domain] = 0;
+ } else {
+ tor.noncesForDomains[domain] += 1;
+ }
+ logger.eclog(3, "New domain isolation count " +tor.noncesForDomains[domain] + " for " + domain);
+}
+
// __tor.isolateCircuitsByDomain()__.
// For every HTTPChannel, replaces the default SOCKS proxy with one that authenticates
// to the SOCKS server (the tor client process) with a username (the first party domain)
@@ -93,8 +108,16 @@ tor.isolateCircuitsByDomain = function () {
replacementProxy.username + ":" + replacementProxy.password);
return replacementProxy;
} catch (err) {
- // If we fail, then just use the default proxyInfo.
- return aProxy;
+ if (Date.now() - tor.unknownDirtySince > 1000*10*60) {
+ logger.eclog(3, "tor catchall circuit has been dirty for over 10 minutes. Rotating.");
+ tor.newCircuitForDomain("--unknown--");
+ tor.unknownDirtySince = Date.now();
+ }
+ let replacementProxy = tor.socksProxyCredentials(aProxy, "--unknown--");
+
+ logger.eclog(3, "tor SOCKS isolation catchall: " + aChannel.URI.spec + " via " +
+ replacementProxy.username + ":" + replacementProxy.password);
+ return replacementProxy;
}
}, 0);
};
@@ -125,14 +148,7 @@ DomainIsolator.prototype = {
}
},
newCircuitForDomain: function (domain) {
- // Check if we already have a nonce. If not, create
- // one for this domain.
- if (!tor.noncesForDomains.hasOwnProperty(domain)) {
- tor.noncesForDomains[domain] = 0;
- } else {
- tor.noncesForDomains[domain] += 1;
- }
- logger.eclog(3, "New domain isolation count " +tor.noncesForDomains[domain] + " for " + domain);
+ tor.newCircuitForDomain(domain);
},
wrappedJSObject: null
More information about the tor-commits
mailing list