Grcov report - mgr.rs

1

//! Abstract code to manage a set of tunnels which has underlying circuit(s).

2

//!

3

//! This module implements the real logic for deciding when and how to

4

//! launch tunnels, and for which tunnels to hand out in response to

5

//! which requests.

6

//!

7

//! For testing and abstraction purposes, this module _does not_

8

//! actually know anything about tunnels _per se_.  Instead,

9

//! everything is handled using a set of traits that are internal to this

10

//! crate:

11

//!

12

//!  * [`AbstractTunnel`] is a view of a tunnel.

13

//!  * [`AbstractTunnelBuilder`] knows how to build an `AbstractCirc`.

14

//!

15

//! Using these traits, the [`AbstractTunnelMgr`] object manages a set of

16

//! tunnels , launching them as necessary, and keeping track of the

17

//! restrictions on their use.

18

19

// TODO:

20

// - Testing

21

//    - Error from prepare_action()

22

//    - Error reported by restrict_mut?

23

24

use crate::config::CircuitTiming;

25

use crate::usage::{SupportedTunnelUsage, TargetTunnelUsage};

26

use crate::{DirInfo, Error, PathConfig, Result, timeouts};

27

28

use retry_error::RetryError;

29

use tor_async_utils::mpsc_channel_no_memquota;

30

use tor_basic_utils::retry::RetryDelay;

31

use tor_config::MutCfg;

32

use tor_error::{AbsRetryTime, HasRetryTime, debug_report, info_report, internal, warn_report};

33

#[cfg(feature = "vanguards")]

34

use tor_guardmgr::vanguards::VanguardMgr;

35

use tor_linkspec::CircTarget;

36

use tor_proto::circuit::UniqId;

37

use tor_proto::client::circuit::{CircParameters, Path};

38

use tor_rtcompat::{Runtime, SleepProviderExt};

39

40

use async_trait::async_trait;

41

use futures::channel::mpsc;

42

use futures::future::{FutureExt, Shared};

43

use futures::stream::{FuturesUnordered, StreamExt};

44

use oneshot_fused_workaround as oneshot;

45

use std::collections::HashMap;

46

use std::fmt::Debug;

47

use std::hash::Hash;

48

use std::panic::AssertUnwindSafe;

49

use std::sync::{self, Arc, Weak};

50

use std::time::{Duration, Instant};

51

use tor_rtcompat::SpawnExt;

52

use tracing::{debug, instrument, trace, warn};

53

use weak_table::PtrWeakHashSet;

54

55

mod streams;

56

57

/// Description of how we got a tunnel.

58

#[non_exhaustive]

59

#[derive(Debug, Copy, Clone, Eq, PartialEq)]

60

pub(crate) enum TunnelProvenance {

61

    /// This channel was newly launched, or was in progress and finished while

62

    /// we were waiting.

63

    NewlyCreated,

64

    /// This channel already existed when we asked for it.

65

    Preexisting,

66

67

68

/// An error returned when we cannot apply circuit restriction.

69

#[derive(Clone, Debug, thiserror::Error)]

70

#[non_exhaustive]

71

pub enum RestrictionFailed {

72

    /// Tried to restrict a specification, but the tunnel didn't support the

73

    /// requested usage.

74

    #[error("Specification did not support desired usage")]

75

    NotSupported,

76

77

78

/// Minimal abstract view of a tunnel.

79

///

80

/// From this module's point of view, tunnels are simply objects

81

/// with unique identities, and a possible closed-state.

82

#[async_trait]

83

pub(crate) trait AbstractTunnel: Debug {

84

    /// Type for a unique identifier for tunnels.

85

    type Id: Clone + Debug + Hash + Eq + Send + Sync;

86

    /// Return the unique identifier for this tunnel.

87

///

88

    /// # Requirements

89

///

90

    /// The values returned by this function are unique for distinct

91

    /// tunnels.

92

    fn id(&self) -> Self::Id;

93

94

    /// Return true if this tunnel is usable for some purpose.

95

///

96

    /// Reasons a tunnel might be unusable include being closed.

97

    fn usable(&self) -> bool;

98

99

    /// Return a list of [`Path`] objects describing the only circuit in this tunnel.

100

///

101

    /// Returns an error if the tunnel has more than one tunnel.

102

    fn single_path(&self) -> tor_proto::Result<Arc<Path>>;

103

104

    /// Return the number of hops in this tunnel.

105

///

106

    /// Returns an error if the circuit is closed.

107

///

108

    /// NOTE: This function will currently return only the number of hops

109

    /// _currently_ in the tunnel. If there is an extend operation in progress,

110

    /// the currently pending hop may or may not be counted, depending on whether

111

    /// the extend operation finishes before this call is done.

112

    fn n_hops(&self) -> tor_proto::Result<usize>;

113

114

    /// Return true if this tunnel is closed and therefore unusable.

115

    fn is_closing(&self) -> bool;

116

117

    /// Return a process-unique identifier for this tunnel.

118

    fn unique_id(&self) -> UniqId;

119

120

    /// Extend the tunnel via the most appropriate handshake to a new `target` hop.

121

    async fn extend<T: CircTarget + Sync>(

122

        &self,

123

        target: &T,

124

        params: CircParameters,

125

    ) -> tor_proto::Result<()>;

126

127

    /// Return a time at which this tunnel is last known to be used,

128

    /// or None if it is in use right now (or has never been used).

129

    async fn last_known_to_be_used_at(&self) -> tor_proto::Result<Option<Instant>>;

130

131

132

/// A plan for an `AbstractCircBuilder` that can maybe be mutated by tests.

133

///

134

/// You should implement this trait using all default methods for all code that isn't test code.

135

pub(crate) trait MockablePlan {

136

    /// Add a reason string that was passed to `SleepProvider::block_advance()` to this object

137

    /// so that it knows what to pass to `::release_advance()`.

138

    fn add_blocked_advance_reason(&mut self, _reason: String) {}

139

140

141

/// An object that knows how to build tunnels.

142

///

143

/// This creates tunnels in two phases. First, a plan is

144

/// made for how to build the tunnel. This planning phase should be

145

/// relatively fast, and must not suspend or block.  Its purpose is to

146

/// get an early estimate of which operations the tunnel will be able

147

/// to support when it's done.

148

///

149

/// Second, the tunnel is actually built, using the plan as input.

150

151

#[async_trait]

152

pub(crate) trait AbstractTunnelBuilder<R: Runtime>: Send + Sync {

153

    /// The tunnel type that this builder knows how to build.

154

    type Tunnel: AbstractTunnel + Send + Sync;

155

    /// An opaque type describing how a given tunnel will be built.

156

    /// It may represent some or all of a path-or it may not.

157

//

158

    // TODO: It would be nice to have this parameterized on a lifetime,

159

    // and have that lifetime depend on the lifetime of the directory.

160

    // But I don't think that rust can do that.

161

//

162

    // HACK(eta): I don't like the fact that `MockablePlan` is necessary here.

163

    type Plan: Send + Debug + MockablePlan;

164

165

    // TODO: I'd like to have a Dir type here to represent

166

    // create::DirInfo, but that would need to be parameterized too,

167

    // and would make everything complicated.

168

169

    /// Form a plan for how to build a new tunnel that supports `usage`.

170

///

171

    /// Return an opaque Plan object, and a new spec describing what

172

    /// the tunnel will actually support when it's built.  (For

173

    /// example, if the input spec requests a tunnel that connect to

174

    /// port 80, then "planning" the tunnel might involve picking an

175

    /// exit that supports port 80, and the resulting spec might be

176

    /// the exit's complete list of supported ports.)

177

///

178

    /// # Requirements

179

///

180

    /// The resulting Spec must support `usage`.

181

    fn plan_tunnel(

182

        &self,

183

        usage: &TargetTunnelUsage,

184

        dir: DirInfo<'_>,

185

    ) -> Result<(Self::Plan, SupportedTunnelUsage)>;

186

187

    /// Construct a tunnel according to a given plan.

188

///

189

    /// On success, return a spec describing what the tunnel can be used for,

190

    /// and the tunnel that was just constructed.

191

///

192

    /// This function should implement some kind of a timeout for

193

    /// tunnel that are taking too long.

194

///

195

    /// # Requirements

196

///

197

    /// The spec that this function returns _must_ support the usage

198

    /// that was originally passed to `plan_tunnel`.  It _must_ also

199

    /// contain the spec that was originally returned by

200

    /// `plan_tunnel`.

201

    async fn build_tunnel(&self, plan: Self::Plan) -> Result<(SupportedTunnelUsage, Self::Tunnel)>;

202

203

    /// Return a "parallelism factor" with which tunnels should be

204

    /// constructed for a given purpose.

205

///

206

    /// If this function returns N, then whenever we launch tunnels

207

    /// for this purpose, then we launch N in parallel.

208

///

209

    /// The default implementation returns 1.  The value of 0 is

210

    /// treated as if it were 1.

211

604

    fn launch_parallelism(&self, usage: &TargetTunnelUsage) -> usize {

212

604

        let _ = usage; // default implementation ignores this.

213

604

214

604

215

216

    /// Return a "parallelism factor" for which tunnels should be

217

    /// used for a given purpose.

218

///

219

    /// If this function returns N, then whenever we select among

220

    /// open tunnels for this purpose, we choose at random from the

221

    /// best N.

222

///

223

    /// The default implementation returns 1.  The value of 0 is

224

    /// treated as if it were 1.

225

    // TODO: Possibly this doesn't belong in this trait.

226

382

    fn select_parallelism(&self, usage: &TargetTunnelUsage) -> usize {

227

382

        let _ = usage; // default implementation ignores this.

228

382

229

382

230

231

    /// Return true if we are currently attempting to learn tunnel

232

    /// timeouts by building testing tunnels.

233

    fn learning_timeouts(&self) -> bool;

234

235

    /// Flush state to the state manager if we own the lock.

236

///

237

    /// Return `Ok(true)` if we saved, and `Ok(false)` if we didn't hold the lock.

238

    fn save_state(&self) -> Result<bool>;

239

240

    /// Return this builder's [`PathConfig`].

241

    fn path_config(&self) -> Arc<PathConfig>;

242

243

    /// Replace this builder's [`PathConfig`].

244

    // TODO: This is dead_code because we only call this for the CircuitBuilder specialization of

245

    // CircMgr, not from the generic version, because this trait doesn't provide guardmgr, which is

246

    // needed by the [`CircMgr::reconfigure`] function that would be the only caller of this. We

247

    // should add `guardmgr` to this trait, make [`CircMgr::reconfigure`] generic, and remove this

248

    // dead_code marking.

249

    #[allow(dead_code)]

250

    fn set_path_config(&self, new_config: PathConfig);

251

252

    /// Return a reference to this builder's timeout estimator.

253

    fn estimator(&self) -> &timeouts::Estimator;

254

255

    /// Return a reference to this builder's `VanguardMgr`.

256

    #[cfg(feature = "vanguards")]

257

    fn vanguardmgr(&self) -> &Arc<VanguardMgr<R>>;

258

259

    /// Replace our state with a new owning state, assuming we have

260

    /// storage permission.

261

    fn upgrade_to_owned_state(&self) -> Result<()>;

262

263

    /// Reload persistent state from disk, if we don't have storage permission.

264

    fn reload_state(&self) -> Result<()>;

265

266

    /// Return a reference to this builder's `GuardMgr`.

267

    fn guardmgr(&self) -> &tor_guardmgr::GuardMgr<R>;

268

269

    /// Reconfigure this builder using the latest set of network parameters.

270

///

271

    /// (NOTE: for now, this only affects tunnel timeout estimation.)

272

    fn update_network_parameters(&self, p: &tor_netdir::params::NetParameters);

273

274

275

/// Enumeration to track the expiration state of a tunnel.

276

///

277

/// A tunnel an either be unused (at which point it should expire if it is

278

/// _still unused_ by a certain time, or dirty (at which point it should

279

/// expire after a certain duration).

280

///

281

/// All tunnels start out "unused" and become "dirty" when their spec

282

/// is first restricted -- that is, when they are first handed out to be

283

/// used for a request.

284

#[derive(Debug, Clone, PartialEq, Eq)]

285

enum ExpirationInfo {

286

    /// The tunnel has never been used, and has never been restricted for use with a request.

287

    Unused {

288

        /// A time when the tunnel was created.

289

        created: Instant,

290

},

291

292

    /// The tunnel is not-long-lived; we will expire by waiting until a certain amount of time

293

    /// after it was first used.

294

    Dirty {

295

        /// The time at which this tunnel's spec was first restricted.

296

        dirty_since: Instant,

297

},

298

299

    /// The tunnel is long-lived; we will expire by waiting until it has passed

300

    /// a certain amount of time without having any streams attached to it.

301

    LongLived {

302

        /// Last time at which the tunnel was checked and found not to have any streams.

303

///

304

        /// (This is a bit complicated: We have to be vague here, since we need

305

        /// an async check to find out that a tunnel is used, or when it actually

306

        /// became disused.)

307

        last_known_to_be_used_at: Instant,

308

},

309

310

311

impl ExpirationInfo {

312

    /// Return an ExpirationInfo for a newly created tunnel.

313

92

    fn new(now: Instant) -> Self {

314

92

        ExpirationInfo::Unused { created: now }

315

92

316

317

    /// Mark this ExpirationInfo as having been in-use at `now`.

318

///

319

    /// If `long_lived` is false, the associated tunnel should expire a certain amount of time

320

    /// after it was _first_ used.

321

    /// If `long_lived` is true, the associated tunnel should expire a certain amount of time

322

    /// after it was _last_ used.

323

448

    fn mark_used(&mut self, now: Instant, long_lived: bool) {

324

448

        if long_lived {

325

            *self = ExpirationInfo::LongLived {

326

                last_known_to_be_used_at: now,

327

};

328

        } else {

329

448

            match self {

330

52

                ExpirationInfo::Unused { .. } => {

331

52

                    // This is our first time using this circuit; mark it dirty

332

52

                    *self = ExpirationInfo::Dirty { dirty_since: now };

333

52

334

396

                ExpirationInfo::Dirty { .. } => {

335

396

                    // no need to update; we're tracking the time when the circuit _first_ became

336

396

                    // dirty, so further uses don't matter.

337

396

338

                ExpirationInfo::LongLived { .. } => {

339

                    // shouldn't occur: we shouldn't be able to attach a stream with non-long-lived isolation

340

                    // to a tunnel marked as long-lived.  In this case we leave the timestamp alone.

341

                    // (If there were a bug here, it would be harmless, since we would

342

                    // correct the timestamp the next time we tried to expire the circuit.)

343

344

345

346

448

347

348

    /// Return an internal error if this ExpirationInfo is not marked as long-lived.

349

    fn check_long_lived(&self) -> Result<()> {

350

        match self {

351

            ExpirationInfo::Unused { .. } | ExpirationInfo::Dirty { .. } => Err(internal!(

352

                "Tunnel was not long-lived as expected. (Expiration status: {:?})",

353

                self

354

355

            .into()),

356

            ExpirationInfo::LongLived { .. } => Ok(()),

357

358

359

360

361

/// Settings to determine when circuits are expired.

362

#[derive(Clone, Debug)]

363

pub(crate) struct ExpirationParameters {

364

    /// Any unused circuit is expired this long after it was created.

365

    expire_unused_after: Duration,

366

    /// Any non long-lived dirty circuit is expired this long after it first becomes dirty.

367

    expire_dirty_after: Duration,

368

    /// Any long-lived circuit is expired after having been disused for this long.

369

    expire_disused_after: Duration,

370

371

372

/// An entry for an open tunnel held by an `AbstractTunnelMgr`.

373

#[derive(Debug, Clone)]

374

pub(crate) struct OpenEntry<T> {

375

    /// The supported usage for this tunnel.

376

    spec: SupportedTunnelUsage,

377

    /// The tunnel under management.

378

    tunnel: Arc<T>,

379

    /// When does this tunnel expire?

380

///

381

    /// (Note that expired tunnels are removed from the manager,

382

    /// which does not actually close them until there are no more

383

    /// references to them.)

384

    expiration: ExpirationInfo,

385

386

387

impl<T: AbstractTunnel> OpenEntry<T> {

388

    /// Make a new OpenEntry for a given tunnel and spec.

389

98

    fn new(spec: SupportedTunnelUsage, tunnel: T, expiration: ExpirationInfo) -> Self {

390

98

        OpenEntry {

391

98

            spec,

392

98

            tunnel: tunnel.into(),

393

98

            expiration,

394

98

395

98

396

397

    /// Return true if the underlying tunnel can be used for `usage`.

398

1324

    pub(crate) fn supports(&self, usage: &TargetTunnelUsage) -> bool {

399

1324

        self.tunnel.usable() && self.spec.supports(usage)

400

1324

401

402

    /// Change the underlying tunnel's permissible usage, based on its having

403

    /// been used for `usage` at time `now`.

404

///

405

    /// Return an error if the tunnel may not be used for `usage`.

406

448

    fn restrict_mut(&mut self, usage: &TargetTunnelUsage, now: Instant) -> Result<()> {

407

448

        self.spec.restrict_mut(usage)?;

408

448

        self.expiration.mark_used(now, self.spec.is_long_lived());

409

448

        Ok(())

410

448

411

412

    /// Find the "best" entry from a slice of OpenEntry for supporting

413

    /// a given `usage`.

414

///

415

    /// If `parallelism` is some N greater than 1, we pick randomly

416

    /// from the best `N` tunnels.

417

///

418

    /// # Requirements

419

///

420

    /// Requires that `ents` is nonempty, and that every element of `ents`

421

    /// supports `spec`.

422

382

    fn find_best<'a>(

423

382

        // we do not mutate `ents`, but to return `&mut Self` we must have a mutable borrow

424

382

        ents: &'a mut [&'a mut Self],

425

382

        usage: &TargetTunnelUsage,

426

382

        parallelism: usize,

427

382

    ) -> &'a mut Self {

428

382

        let _ = usage; // not yet used.

429

        use rand::seq::IndexedMutRandom as _;

430

382

        let parallelism = parallelism.clamp(1, ents.len());

431

        // TODO: Actually look over the whole list to see which is better.

432

382

        let slice = &mut ents[0..parallelism];

433

382

        let mut rng = rand::rng();

434

382

        slice.choose_mut(&mut rng).expect("Input list was empty")

435

382

436

437

    /// Return true if this tunnel should be expired given that the current time is `now`,

438

    /// and the current settings are `params`.

439

8

    fn should_expire(&self, now: Instant, params: &ExpirationParameters) -> ShouldExpire {

440

8

        match self.expiration {

441

            ExpirationInfo::Unused { created } => {

442

                ShouldExpire::certain(now, created + params.expire_unused_after)

443

444

8

            ExpirationInfo::Dirty { dirty_since } => {

445

8

                ShouldExpire::certain(now, dirty_since + params.expire_dirty_after)

446

447

            ExpirationInfo::LongLived {

448

                last_known_to_be_used_at,

449

            } => {

450

                ShouldExpire::uncertain(now, last_known_to_be_used_at + params.expire_disused_after)

451

452

453

8

454

455

456

/// When should a tunnel expire?

457

///

458

/// Reflects possible uncertainty.

459

#[derive(Clone, Copy, Debug, Eq, PartialEq)]

460

enum ShouldExpire {

461

    /// The tunnel should expire now.

462

    Now,

463

    /// The circuit might expire now; we need to check.

464

///

465

    /// (This is the result we get when we know that this is a tunnel that should expire

466

    /// if it has gone for some duration D without having any streams on it,

467

    /// and that it definitely had a stream at time T.  It is now at least time T+D,

468

    /// but we don't know whether the tunnel has any streams in the intervening time.

469

    /// We need to call the async fn `last_known_to_be_used_at` to check.)

470

    PossiblyNow,

471

    /// The tunnel will not expire before the specified time.

472

    NotBefore(Instant),

473

474

475

impl ShouldExpire {

476

    /// Return a ShouldExpire reflecting an expiration that is known to be happening at `expiration`.

477

8

    fn certain(now: Instant, expiration: Instant) -> Self {

478

8

        if now >= expiration {

479

4

            ShouldExpire::Now

480

        } else {

481

4

            ShouldExpire::NotBefore(expiration)

482

483

8

484

485

    /// Return a ShouldExpire reflecting an expiration that is known to be no sooner than `expiration`,

486

    /// but possibly later.

487

    fn uncertain(now: Instant, expiration: Instant) -> Self {

488

        if now >= expiration {

489

            ShouldExpire::PossiblyNow

490

        } else {

491

            ShouldExpire::NotBefore(expiration)

492

493

494

495

496

/// A result type whose "Ok" value is the Id for a tunnel from B.

497

type PendResult<B, R> = Result<<<B as AbstractTunnelBuilder<R>>::Tunnel as AbstractTunnel>::Id>;

498

499

/// An in-progress tunnel request tracked by an `AbstractTunnelMgr`.

500

///

501

/// (In addition to tracking tunnels, `AbstractTunnelMgr` tracks

502

/// _requests_ for tunnels.  The manager uses these entries if it

503

/// finds that some tunnel created _after_ a request first launched

504

/// might meet the request's requirements.)

505

struct PendingRequest<B: AbstractTunnelBuilder<R>, R: Runtime> {

506

    /// Usage for the operation requested by this request

507

    usage: TargetTunnelUsage,

508

    /// A channel to use for telling this request about tunnels that it

509

    /// might like.

510

    notify: mpsc::Sender<PendResult<B, R>>,

511

512

513

impl<B: AbstractTunnelBuilder<R>, R: Runtime> PendingRequest<B, R> {

514

    /// Return true if this request would be supported by `spec`.

515

34

    fn supported_by(&self, spec: &SupportedTunnelUsage) -> bool {

516

34

        spec.supports(&self.usage)

517

34

518

519

520

/// An entry for an under-construction in-progress tunnel tracked by

521

/// an `AbstractTunnelMgr`.

522

#[derive(Debug)]

523

struct PendingEntry<B: AbstractTunnelBuilder<R>, R: Runtime> {

524

    /// Specification that this tunnel will support, if every pending

525

    /// request that is waiting for it is attached to it.

526

///

527

    /// This spec becomes more and more restricted as more pending

528

    /// requests are waiting for this tunnel.

529

///

530

    /// This spec is contained by circ_spec, and must support the usage

531

    /// of every pending request that's waiting for this tunnel.

532

    tentative_assignment: sync::Mutex<SupportedTunnelUsage>,

533

    /// A shared future for requests to use when waiting for

534

    /// notification of this tunnel's success.

535

    receiver: Shared<oneshot::Receiver<PendResult<B, R>>>,

536

537

538

impl<B: AbstractTunnelBuilder<R>, R: Runtime> PendingEntry<B, R> {

539

    /// Make a new PendingEntry that starts out supporting a given

540

    /// spec.  Return that PendingEntry, along with a Sender to use to

541

    /// report the result of building this tunnel.

542

140

    fn new(spec: &SupportedTunnelUsage) -> (Self, oneshot::Sender<PendResult<B, R>>) {

543

140

        let tentative_assignment = sync::Mutex::new(spec.clone());

544

140

        let (sender, receiver) = oneshot::channel();

545

140

        let receiver = receiver.shared();

546

140

        let entry = PendingEntry {

547

140

            tentative_assignment,

548

140

            receiver,

549

140

};

550

140

        (entry, sender)

551

140

552

553

    /// Return true if this tunnel's current tentative assignment

554

    /// supports `usage`.

555

54

    fn supports(&self, usage: &TargetTunnelUsage) -> bool {

556

54

        let assignment = self.tentative_assignment.lock().expect("poisoned lock");

557

54

        assignment.supports(usage)

558

54

559

560

    /// Try to change the tentative assignment of this tunnel by

561

    /// restricting it for use with `usage`.

562

///

563

    /// Return an error if the current tentative assignment didn't

564

    /// support `usage` in the first place.

565

26

    fn tentative_restrict_mut(&self, usage: &TargetTunnelUsage) -> Result<()> {

566

26

        if let Ok(mut assignment) = self.tentative_assignment.lock() {

567

26

            assignment.restrict_mut(usage)?;

568

569

26

        Ok(())

570

26

571

572

    /// Find the best PendingEntry values from a slice for use with

573

    /// `usage`.

574

///

575

    /// # Requirements

576

///

577

    /// The `ents` slice must not be empty.  Every element of `ents`

578

    /// must support the given spec.

579

26

    fn find_best(ents: &[Arc<Self>], usage: &TargetTunnelUsage) -> Vec<Arc<Self>> {

580

        // TODO: Actually look over the whole list to see which is better.

581

26

        let _ = usage; // currently unused

582

26

        vec![Arc::clone(&ents[0])]

583

26

584

585

586

/// Wrapper type to represent the state between planning to build a

587

/// tunnel and constructing it.

588

#[derive(Debug)]

589

struct TunnelBuildPlan<B: AbstractTunnelBuilder<R>, R: Runtime> {

590

    /// The Plan object returned by [`AbstractTunnelBuilder::plan_tunnel`].

591

    plan: B::Plan,

592

    /// A sender to notify any pending requests when this tunnel is done.

593

    sender: oneshot::Sender<PendResult<B, R>>,

594

    /// A strong entry to the PendingEntry for this tunnel build attempt.

595

    pending: Arc<PendingEntry<B, R>>,

596

597

598

/// The inner state of an [`AbstractTunnelMgr`].

599

struct TunnelList<B: AbstractTunnelBuilder<R>, R: Runtime> {

600

    /// A map from tunnel ID to [`OpenEntry`] values for all managed

601

    /// open tunnels.

602

///

603

    /// A tunnel is added here from [`AbstractTunnelMgr::do_launch`] when we find

604

    /// that it completes successfully, and has not been cancelled.

605

    /// When we decide that such a tunnel should no longer be handed out for

606

    /// any new requests, we "retire" the tunnel by removing it from this map.

607

    #[allow(clippy::type_complexity)]

608

    open_tunnels: HashMap<<B::Tunnel as AbstractTunnel>::Id, OpenEntry<B::Tunnel>>,

609

    /// Weak-set of PendingEntry for tunnels that are being built.

610

///

611

    /// Because this set only holds weak references, and the only strong

612

    /// reference to the PendingEntry is held by the task building the tunnel,

613

    /// this set's members are lazily removed after the tunnel is either built

614

    /// or fails to build.

615

///

616

    /// This set is used for two purposes:

617

///

618

    /// 1. When a tunnel request finds that there is no open tunnel for its

619

    ///    purposes, it checks here to see if there is a pending tunnel that it

620

    ///    could wait for.

621

    /// 2. When a pending tunnel finishes building, it checks here to make sure

622

    ///    that it has not been cancelled. (Removing an entry from this set marks

623

    ///    it as cancelled.)

624

///

625

    /// An entry is added here in [`AbstractTunnelMgr::prepare_action`] when we

626

    /// decide that a tunnel needs to be launched.

627

///

628

    /// Later, in [`AbstractTunnelMgr::do_launch`], once the tunnel has finished

629

    /// (or failed), we remove the entry (by pointer identity).

630

    /// If we cannot find the entry, we conclude that the request has been

631

    /// _cancelled_, and so we discard any tunnel that was created.

632

    pending_tunnels: PtrWeakHashSet<Weak<PendingEntry<B, R>>>,

633

    /// Weak-set of PendingRequest for requests that are waiting for a

634

    /// tunnel to be built.

635

///

636

    /// Because this set only holds weak references, and the only

637

    /// strong reference to the PendingRequest is held by the task

638

    /// waiting for the tunnel to be built, this set's members are

639

    /// lazily removed after the request succeeds or fails.

640

    pending_requests: PtrWeakHashSet<Weak<PendingRequest<B, R>>>,

641

642

643

impl<B: AbstractTunnelBuilder<R>, R: Runtime> TunnelList<B, R> {

644

    /// Make a new empty `CircList`

645

98

    fn new() -> Self {

646

98

        TunnelList {

647

98

            open_tunnels: HashMap::new(),

648

98

            pending_tunnels: PtrWeakHashSet::new(),

649

98

            pending_requests: PtrWeakHashSet::new(),

650

98

651

98

652

653

    /// Add `e` to the list of open tunnels.

654

92

    fn add_open(&mut self, e: OpenEntry<B::Tunnel>) {

655

92

        let id = e.tunnel.id();

656

92

        self.open_tunnels.insert(id, e);

657

92

658

659

    /// Find all the usable open tunnels that support `usage`.

660

///

661

    /// Return None if there are no such tunnels.

662

596

    fn find_open(&mut self, usage: &TargetTunnelUsage) -> Option<Vec<&mut OpenEntry<B::Tunnel>>> {

663

596

        let list = self.open_tunnels.values_mut();

664

596

        let v = SupportedTunnelUsage::find_supported(list, usage);

665

596

        if v.is_empty() { None } else { Some(v) }

666

596

667

668

    /// Find an open tunnel by ID.

669

///

670

    /// Return None if no such tunnels exists in this list.

671

70

    fn get_open_mut(

672

70

        &mut self,

673

70

        id: &<B::Tunnel as AbstractTunnel>::Id,

674

70

    ) -> Option<&mut OpenEntry<B::Tunnel>> {

675

70

        self.open_tunnels.get_mut(id)

676

70

677

678

    /// Extract an open tunnel by ID, removing it from this list.

679

///

680

    /// Return None if no such tunnel exists in this list.

681

8

    fn take_open(

682

8

        &mut self,

683

8

        id: &<B::Tunnel as AbstractTunnel>::Id,

684

8

    ) -> Option<OpenEntry<B::Tunnel>> {

685

8

        self.open_tunnels.remove(id)

686

8

687

688

    /// Remove tunnels based on expiration times.

689

///

690

    /// We remove every unused tunnel that is set to expire by

691

    /// `unused_cutoff`, and every dirty tunnel that has been dirty

692

    /// since before `dirty_cutoff`.

693

///

694

    /// Return the next time at which anything will definitely expire,

695

    /// and a list of long-lived tunnels where we need to check their usage status

696

    /// before we can be sure if they are expired.

697

    #[must_use]

698

4

    fn expire_tunnels(

699

4

        &mut self,

700

4

        now: Instant,

701

4

        params: &ExpirationParameters,

702

4

    ) -> (Option<Instant>, Vec<Weak<B::Tunnel>>) {

703

4

        let mut need_check = Vec::new();

704

4

        let mut earliest_expiration = None;

705

4

        self.open_tunnels

706

8

            .retain(|_k, v| match v.should_expire(now, params) {

707

                // Expires now: Do not retain.

708

4

                ShouldExpire::Now => false,

709

710

                // Will expire at `when`: keep, but update `earliest_expiration`.

711

4

                ShouldExpire::NotBefore(when) => {

712

                    earliest_expiration = match earliest_expiration {

713

                        Some(t) if t < when => Some(t),

714

4

                        _ => Some(when),

715

};

716

4

                    true

717

718

719

                // Need to check tunnel to see if/when it is disused.

720

                ShouldExpire::PossiblyNow => {

721

                    need_check.push(Arc::downgrade(&v.tunnel));

722

                    true

723

724

8

});

725

4

        (earliest_expiration, need_check)

726

4

727

728

    /// Return the time when the tunnel with given `id`, should expire.

729

///

730

    /// Return None if no such tunnel exists.

731

    fn tunnel_should_expire(

732

        &mut self,

733

        id: &<B::Tunnel as AbstractTunnel>::Id,

734

        now: Instant,

735

        params: &ExpirationParameters,

736

    ) -> Option<ShouldExpire> {

737

        self.open_tunnels

738

            .get(id)

739

            .map(|v| v.should_expire(now, params))

740

741

742

    /// Update the "last known to be in use" time of a long-lived tunnel with ID `id`,

743

    /// based on learning when it was last used.

744

///

745

    /// Expire the tunnel if appropriate.

746

///

747

    /// If the tunnel is still part of the map, return the next instant at which it might expire.

748

///

749

    /// Returns an error if the tunnel was present but was _not_ already marked as long-lived.

750

    fn update_long_lived_tunnel_last_used(

751

        &mut self,

752

        id: &<B::Tunnel as AbstractTunnel>::Id,

753

        now: Instant,

754

        params: &ExpirationParameters,

755

        disused_since: &tor_proto::Result<Option<Instant>>,

756

    ) -> crate::Result<Option<Instant>> {

757

        let Ok(disused_since) = disused_since else {

758

            // got an error looking up disused time: discard the circuit.

759

            let discard = self.take_open(id);

760

            if let Some(ent) = discard {

761

                ent.expiration.check_long_lived()?;

762

763

            return Ok(None);

764

};

765

        let Some(tun) = self.open_tunnels.get_mut(id) else {

766

            // Circuit isn't there. Return.

767

            return Ok(None);

768

};

769

        tun.expiration.check_long_lived()?;

770

        let last_known_in_use_at = disused_since.unwrap_or(now);

771

772

        tun.expiration.mark_used(last_known_in_use_at, true);

773

        match tun.should_expire(now, params) {

774

            ShouldExpire::Now | ShouldExpire::PossiblyNow => {

775

                let _discard = self.take_open(id);

776

                Ok(None)

777

778

            ShouldExpire::NotBefore(instant) => Ok(Some(instant)),

779

780

781

782

    /// Add `pending` to the set of in-progress tunnels.

783

136

    fn add_pending_tunnel(&mut self, pending: Arc<PendingEntry<B, R>>) {

784

136

        self.pending_tunnels.insert(pending);

785

136

786

787

    /// Find all pending tunnels that support `usage`.

788

///

789

    /// If no such tunnels are currently being built, return None.

790

166

    fn find_pending_tunnels(

791

166

        &self,

792

166

        usage: &TargetTunnelUsage,

793

166

    ) -> Option<Vec<Arc<PendingEntry<B, R>>>> {

794

166

        let result: Vec<_> = self

795

166

            .pending_tunnels

796

166

            .iter()

797

166

            .filter(|p| p.supports(usage))

798

166

            .filter(|p| !matches!(p.receiver.peek(), Some(Err(_))))

799

166

            .collect();

800

801

166

        if result.is_empty() {

802

140

            None

803

        } else {

804

26

            Some(result)

805

806

166

807

808

    /// Return true if `circ` is still pending.

809

///

810

    /// A tunnel will become non-pending when finishes (successfully or not), or when it's

811

    /// removed from this list via `clear_all_tunnels()`.

812

52

    fn tunnel_is_pending(&self, circ: &Arc<PendingEntry<B, R>>) -> bool {

813

52

        self.pending_tunnels.contains(circ)

814

52

815

816

    /// Construct and add a new entry to the set of request waiting

817

    /// for a tunnel.

818

///

819

    /// Return the request, and a new receiver stream that it should

820

    /// use for notification of possible tunnels to use.

821

150

    fn add_pending_request(&mut self, pending: &Arc<PendingRequest<B, R>>) {

822

150

        self.pending_requests.insert(Arc::clone(pending));

823

150

824

825

    /// Return all pending requests that would be satisfied by a tunnel

826

    /// that supports `circ_spec`.

827

32

    fn find_pending_requests(

828

32

        &self,

829

32

        circ_spec: &SupportedTunnelUsage,

830

32

    ) -> Vec<Arc<PendingRequest<B, R>>> {

831

32

        self.pending_requests

832

32

            .iter()

833

34

            .filter(|pend| pend.supported_by(circ_spec))

834

32

            .collect()

835

32

836

837

    /// Clear all pending and open tunnels.

838

///

839

    /// Calling `clear_all_tunnels` ensures that any request that is answered _after

840

    /// this method runs_ will receive a tunnels that was launched _after this

841

    /// method runs_.

842

    fn clear_all_tunnels(&mut self) {

843

        // Note that removing entries from pending_circs will also cause the

844

        // tunnel tasks to realize that they are cancelled when they

845

        // go to tell anybody about their results.

846

        self.pending_tunnels.clear();

847

        self.open_tunnels.clear();

848

849

850

851

/// Timing information for tunnels that have been built but never used.

852

///

853

/// Currently taken from the network parameters.

854

struct UnusedTimings {

855

    /// Minimum lifetime of a tunnel created while learning

856

    /// tunnel timeouts.

857

    learning: Duration,

858

    /// Minimum lifetime of a tunnel created while not learning

859

    /// tunnel timeouts.

860

    not_learning: Duration,

861

862

863

// This isn't really fallible, given the definitions of the underlying

864

// types.

865

#[allow(clippy::fallible_impl_from)]

866

impl From<&tor_netdir::params::NetParameters> for UnusedTimings {

867

690

    fn from(v: &tor_netdir::params::NetParameters) -> Self {

868

        // These try_into() calls can't fail, so unwrap() can't panic.

869

        #[allow(clippy::unwrap_used)]

870

690

        UnusedTimings {

871

690

            learning: v

872

690

                .unused_client_circ_timeout_while_learning_cbt

873

690

                .try_into()

874

690

                .unwrap(),

875

690

            not_learning: v.unused_client_circ_timeout.try_into().unwrap(),

876

690

877

690

878

879

880

/// Abstract implementation for tunnel management.

881

///

882

/// The algorithm provided here is fairly simple. In its simplest form:

883

///

884

/// When somebody asks for a tunnel for a given operation: if we find

885

/// one open already, we return it.  If we find in-progress tunnels

886

/// that would meet our needs, we wait for one to finish (or for all

887

/// to fail).  And otherwise, we launch one or more tunnels to meet the

888

/// request's needs.

889

///

890

/// If this process fails, then we retry it, up to a timeout or a

891

/// numerical limit.

892

///

893

/// If a tunnel not previously considered for a given request

894

/// finishes before the request is satisfied, and if the tunnel would

895

/// satisfy the request, we try to give that tunnel as an answer to

896

/// that request even if it was not one of the tunnels that request

897

/// was waiting for.

898

pub(crate) struct AbstractTunnelMgr<B: AbstractTunnelBuilder<R>, R: Runtime> {

899

    /// Builder used to construct tunnels.

900

    builder: B,

901

    /// An asynchronous runtime to use for launching tasks and

902

    /// checking timeouts.

903

    runtime: R,

904

    /// A CircList to manage our list of tunnels, requests, and

905

    /// pending tunnels.

906

    tunnels: sync::Mutex<TunnelList<B, R>>,

907

908

    /// Configured information about when to expire tunnels and requests.

909

    circuit_timing: MutCfg<CircuitTiming>,

910

911

    /// Minimum lifetime of an unused tunnel.

912

///

913

    /// Derived from the network parameters.

914

    unused_timing: sync::Mutex<UnusedTimings>,

915

916

917

/// An action to take in order to satisfy a request for a tunnel.

918

enum Action<B: AbstractTunnelBuilder<R>, R: Runtime> {

919

    /// We found an open tunnel: return immediately.

920

    Open(Arc<B::Tunnel>),

921

    /// We found one or more pending tunnels: wait until one succeeds,

922

    /// or all fail.

923

    Wait(FuturesUnordered<Shared<oneshot::Receiver<PendResult<B, R>>>>),

924

    /// We should launch tunnels: here are the instructions for how

925

    /// to do so.

926

    Build(Vec<TunnelBuildPlan<B, R>>),

927

928

929

impl<B: AbstractTunnelBuilder<R> + 'static, R: Runtime> AbstractTunnelMgr<B, R> {

930

    /// Construct a new AbstractTunnelMgr.

931

90

    pub(crate) fn new(builder: B, runtime: R, circuit_timing: CircuitTiming) -> Self {

932

90

        let circs = sync::Mutex::new(TunnelList::new());

933

90

        let dflt_params = tor_netdir::params::NetParameters::default();

934

90

        let unused_timing = (&dflt_params).into();

935

90

        AbstractTunnelMgr {

936

90

            builder,

937

90

            runtime,

938

90

            tunnels: circs,

939

90

            circuit_timing: circuit_timing.into(),

940

90

            unused_timing: sync::Mutex::new(unused_timing),

941

90

942

90

943

944

    /// Reconfigure this manager using the latest set of network parameters.

945

    pub(crate) fn update_network_parameters(&self, p: &tor_netdir::params::NetParameters) {

946

        let mut u = self

947

            .unused_timing

948

            .lock()

949

            .expect("Poisoned lock for unused_timing");

950

        *u = p.into();

951

952

953

    /// Return this manager's [`CircuitTiming`].

954

608

    pub(crate) fn circuit_timing(&self) -> Arc<CircuitTiming> {

955

608

        self.circuit_timing.get()

956

608

957

958

    /// Return this manager's [`CircuitTiming`].

959

4

    pub(crate) fn set_circuit_timing(&self, new_config: CircuitTiming) {

960

4

        self.circuit_timing.replace(new_config);

961

4

962

    /// Return a circuit suitable for use with a given `usage`,

963

    /// creating that circuit if necessary, and restricting it

964

    /// under the assumption that it will be used for that spec.

965

///

966

    /// This is the primary entry point for AbstractTunnelMgr.

967

    #[allow(clippy::cognitive_complexity)] // TODO #2010: Refactor?

968

    #[instrument(level = "trace", skip_all)]

969

464

    pub(crate) async fn get_or_launch(

970

464

        self: &Arc<Self>,

971

464

        usage: &TargetTunnelUsage,

972

464

        dir: DirInfo<'_>,

973

464

    ) -> Result<(Arc<B::Tunnel>, TunnelProvenance)> {

974

        /// Largest number of "resets" that we will accept in this attempt.

975

///

976

        /// A "reset" is an internally generated error that does not represent a

977

        /// real problem; only a "whoops, got to try again" kind of a situation.

978

        /// For example, if we reconfigure in the middle of an attempt and need

979

        /// to re-launch the circuit, that counts as a "reset", since there was

980

        /// nothing actually _wrong_ with the circuit we were building.

981

///

982

        /// We accept more resets than we do real failures. However,

983

        /// we don't accept an unlimited number: we don't want to inadvertently

984

        /// permit infinite loops here. If we ever bump against this limit, we

985

        /// should not automatically increase it: we should instead figure out

986

        /// why it is happening and try to make it not happen.

987

        const MAX_RESETS: usize = 8;

988

989

        let circuit_timing = self.circuit_timing();

990

        let timeout_at = self.runtime.now() + circuit_timing.request_timeout;

991

        let max_tries = circuit_timing.request_max_retries;

992

        // We compute the maximum number of failures by dividing the maximum

993

        // number of circuits to attempt by the number that will be launched in

994

        // parallel for each iteration.

995

        let max_failures = usize::div_ceil(

996

            max_tries as usize,

997

            std::cmp::max(1, self.builder.launch_parallelism(usage)),

998

);

999

1000

        let mut retry_schedule = RetryDelay::from_msec(100);

1001

        let mut retry_err = RetryError::<Box<Error>>::in_attempt_to("find or build a tunnel");

1002

1003

        let mut n_failures = 0;

1004

        let mut n_resets = 0;

1005

1006

        for attempt_num in 1.. {

1007

            // How much time is remaining?

1008

            let remaining = match timeout_at.checked_duration_since(self.runtime.now()) {

1009

                None => {

1010

                    retry_err.push_timed(

1011

                        Error::RequestTimeout,

1012

                        self.runtime.now(),

1013

                        Some(self.runtime.wallclock()),

1014

);

1015

                    break;

1016

1017

                Some(t) => t,

1018

};

1019

1020

            let error = match self.prepare_action(usage, dir, true) {

1021

                Ok(action) => {

1022

                    // We successfully found an action: Take that action.

1023

                    let outcome = self

1024

                        .runtime

1025

                        .timeout(remaining, Arc::clone(self).take_action(action, usage))

1026

                        .await;

1027

1028

                    match outcome {

1029

                        Ok(Ok(circ)) => return Ok(circ),

1030

                        Ok(Err(e)) => {

1031

                            debug!("Circuit attempt {} failed.", attempt_num);

1032

                            Error::RequestFailed(e)

1033

1034

                        Err(_) => {

1035

                            // We ran out of "remaining" time; there is nothing

1036

                            // more to be done.

1037

                            warn!("All tunnel attempts failed due to timeout");

1038

                            retry_err.push_timed(

1039

                                Error::RequestTimeout,

1040

                                self.runtime.now(),

1041

                                Some(self.runtime.wallclock()),

1042

);

1043

                            break;

1044

1045

1046

1047

                Err(e) => {

1048

                    // We couldn't pick the action!

1049

                    debug_report!(

1050

&e,

1051

                        "Couldn't pick action for tunnel attempt {}",

1052

                        attempt_num,

1053

);

1054

1055

1056

};

1057

1058

            // There's been an error.  See how long we wait before we retry.

1059

            let now = self.runtime.now();

1060

            let retry_time =

1061

                error.abs_retry_time(now, || retry_schedule.next_delay(&mut rand::rng()));

1062

1063

            let (count, count_limit) = if error.is_internal_reset() {

1064

                (&mut n_resets, MAX_RESETS)

1065

            } else {

1066

                (&mut n_failures, max_failures)

1067

};

1068

            // Record the error, flattening it if needed.

1069

            match error {

1070

                // Flatten nested RetryError, using mockable time for each error

1071

                Error::RequestFailed(e) => {

1072

                    retry_err.extend_from_retry_error(e);

1073

1074

                e => retry_err.push_timed(e, now, Some(self.runtime.wallclock())),

1075

1076

1077

            *count += 1;

1078

            // If we have reached our limit of this kind of problem, we're done.

1079

            if *count >= count_limit {

1080

                warn!("Reached circuit build retry limit, exiting...");

1081

                break;

1082

1083

1084

            // Wait, or not, as appropriate.

1085

            match retry_time {

1086

                AbsRetryTime::Immediate => {}

1087

                AbsRetryTime::Never => break,

1088

                AbsRetryTime::At(t) => {

1089

                    let remaining = timeout_at.saturating_duration_since(now);

1090

                    let delay = t.saturating_duration_since(now);

1091

                    trace!(?delay, "Waiting to retry...");

1092

                    self.runtime.sleep(std::cmp::min(delay, remaining)).await;

1093

1094

1095

1096

1097

        warn!("Request failed");

1098

        Err(Error::RequestFailed(retry_err))

1099

464

1100

1101

    /// Make sure a circuit exists, without actually asking for it.

1102

///

1103

    /// Make sure that there is a circuit (built or in-progress) that could be

1104

    /// used for `usage`, and launch one or more circuits in a background task

1105

    /// if there is not.

1106

    // TODO: This should probably take some kind of parallelism parameter.

1107

    #[cfg(test)]

1108

8

    pub(crate) fn ensure_tunnel(

1109

8

        self: &Arc<Self>,

1110

8

        usage: &TargetTunnelUsage,

1111

8

        dir: DirInfo<'_>,

1112

8

    ) -> Result<()> {

1113

8

        let action = self.prepare_action(usage, dir, false)?;

1114

8

        if let Action::Build(plans) = action {

1115

16

            for plan in plans {

1116

8

                let self_clone = Arc::clone(self);

1117

8

                let _ignore_receiver = self_clone.spawn_launch(usage, plan);

1118

8

1119

1120

1121

8

        Ok(())

1122

8

1123

1124

    /// Choose which action we should take in order to provide a tunnel

1125

    /// for a given `usage`.

1126

///

1127

    /// If `restrict_circ` is true, we restrict the spec of any

1128

    /// circ we decide to use to mark that it _is_ being used for

1129

    /// `usage`.

1130

    #[instrument(level = "trace", skip_all)]

1131

548

    fn prepare_action(

1132

548

        &self,

1133

548

        usage: &TargetTunnelUsage,

1134

548

        dir: DirInfo<'_>,

1135

548

        restrict_circ: bool,

1136

548

    ) -> Result<Action<B, R>> {

1137

548

        let mut list = self.tunnels.lock().expect("poisoned lock");

1138

1139

548

        if let Some(mut open) = list.find_open(usage) {

1140

            // We have open tunnels that meet the spec: return the best one.

1141

382

            let parallelism = self.builder.select_parallelism(usage);

1142

382

            let best = OpenEntry::find_best(&mut open, usage, parallelism);

1143

382

            if restrict_circ {

1144

382

                let now = self.runtime.now();

1145

382

                best.restrict_mut(usage, now)?;

1146

1147

            // TODO: If we have fewer tunnels here than our select

1148

            // parallelism, perhaps we should launch more?

1149

1150

382

            return Ok(Action::Open(best.tunnel.clone()));

1151

166

1152

1153

166

        if let Some(pending) = list.find_pending_tunnels(usage) {

1154

            // There are pending tunnels that could meet the spec.

1155

            // Restrict them under the assumption that they could all

1156

            // be used for this, and then wait until one is ready (or

1157

            // all have failed)

1158

26

            let best = PendingEntry::find_best(&pending, usage);

1159

26

            if restrict_circ {

1160

52

                for item in &best {

1161

                    // TODO: Do we want to tentatively restrict _all_ of these?

1162

                    // not clear to me.

1163

26

                    item.tentative_restrict_mut(usage)?;

1164

1165

1166

26

            let stream = best.iter().map(|item| item.receiver.clone()).collect();

1167

            // TODO: if we have fewer tunnels here than our launch

1168

            // parallelism, we might want to launch more.

1169

1170

26

            return Ok(Action::Wait(stream));

1171

140

1172

1173

        // Okay, we need to launch tunnels here.

1174

140

        let parallelism = std::cmp::max(1, self.builder.launch_parallelism(usage));

1175

140

        let mut plans = Vec::new();

1176

140

        let mut last_err = None;

1177

140

        for _ in 0..parallelism {

1178

140

            match self.plan_by_usage(dir, usage) {

1179

132

                Ok((pending, plan)) => {

1180

132

                    list.add_pending_tunnel(pending);

1181

132

                    plans.push(plan);

1182

132

1183

8

                Err(e) => {

1184

8

                    debug!("Unable to make a plan for {:?}: {}", usage, e);

1185

8

                    last_err = Some(e);

1186

1187

1188

1189

140

        if !plans.is_empty() {

1190

132

            Ok(Action::Build(plans))

1191

8

        } else if let Some(last_err) = last_err {

1192

8

            Err(last_err)

1193

        } else {

1194

            // we didn't even try to plan anything!

1195

            Err(internal!("no plans were built, but no errors were found").into())

1196

1197

548

1198

1199

    /// Execute an action returned by pick-action, and return the

1200

    /// resulting tunnel or error.

1201

    #[allow(clippy::cognitive_complexity, clippy::type_complexity)] // TODO #2010: Refactor

1202

    #[instrument(level = "trace", skip_all)]

1203

532

    async fn take_action(

1204

532

        self: Arc<Self>,

1205

532

        act: Action<B, R>,

1206

532

        usage: &TargetTunnelUsage,

1207

532

    ) -> std::result::Result<(Arc<B::Tunnel>, TunnelProvenance), RetryError<Box<Error>>> {

1208

        /// Store the error `err` into `retry_err`, as appropriate.

1209

80

        fn record_error<R: Runtime>(

1210

80

            retry_err: &mut RetryError<Box<Error>>,

1211

80

            source: streams::Source,

1212

80

            building: bool,

1213

80

            mut err: Error,

1214

80

            runtime: &R,

1215

80

) {

1216

80

            if source == streams::Source::Right {

1217

                // We don't care about this error, since it is from neither a tunnel we launched

1218

                // nor one that we're waiting on.

1219

                return;

1220

80

1221

80

            if !building {

1222

8

                // We aren't building our own tunnels, so our errors are

1223

8

                // secondary reports of other tunnels' failures.

1224

8

                err = Error::PendingFailed(Box::new(err));

1225

72

1226

80

            retry_err.push_timed(err, runtime.now(), Some(runtime.wallclock()));

1227

80

1228

        /// Return a string describing what it means, within the context of this

1229

        /// function, to have gotten an answer from `source`.

1230

        fn describe_source(building: bool, source: streams::Source) -> &'static str {

1231

            match (building, source) {

1232

                (_, streams::Source::Right) => "optimistic advice",

1233

                (true, streams::Source::Left) => "tunnel we're building",

1234

                (false, streams::Source::Left) => "pending tunnel",

1235

1236

1237

1238

        // Get or make a stream of futures to wait on.

1239

532

        let (building, wait_on_stream) = match act {

1240

            Action::Open(c) => {

1241

                // There's already a perfectly good open tunnel; we can return

1242

                // it now.

1243

                trace!("Returning existing tunnel.");

1244

                return Ok((c, TunnelProvenance::Preexisting));

1245

1246

            Action::Wait(f) => {

1247

                // There is one or more pending tunnel that we're waiting for.

1248

                // If any succeeds, we try to use it.  If they all fail, we

1249

                // fail.

1250

                trace!("Waiting for tunnel.");

1251

                (false, f)

1252

1253

            Action::Build(plans) => {

1254

                // We're going to launch one or more tunnels in parallel.  We

1255

                // report success if any succeeds, and failure of they all fail.

1256

                trace!("Building new tunnel.");

1257

                let futures = FuturesUnordered::new();

1258

                for plan in plans {

1259

                    let self_clone = Arc::clone(&self);

1260

                    // (This is where we actually launch tunnels.)

1261

                    futures.push(self_clone.spawn_launch(usage, plan));

1262

1263

                (true, futures)

1264

1265

};

1266

1267

        // Insert ourself into the list of pending requests, and make a

1268

        // stream for us to listen on for notification from pending tunnels

1269

        // other than those we are pending on.

1270

        let (pending_request, additional_stream) = {

1271

            // We don't want this queue to participate in memory quota tracking.

1272

            // There isn't any tunnel yet, so there wouldn't be anything to account it to.

1273

            // If this queue has the oldest data, probably the whole system is badly broken.

1274

            // Tearing down the whole tunnel manager won't help.

1275

            let (send, recv) = mpsc_channel_no_memquota(8);

1276

            let pending = Arc::new(PendingRequest {

1277

                usage: usage.clone(),

1278

                notify: send,

1279

});

1280

1281

            let mut list = self.tunnels.lock().expect("poisoned lock");

1282

            list.add_pending_request(&pending);

1283

1284

            (pending, recv)

1285

};

1286

1287

        // We use our "select_biased" stream combiner here to ensure that:

1288

        //   1) Circuits from wait_on_stream (the ones we're pending on) are

1289

        //      preferred.

1290

        //   2) We exit this function when those tunnels are exhausted.

1291

        //   3) We still get notified about other tunnels that might meet our

1292

        //      interests.

1293

//

1294

        // The events from Left stream are the oes that we explicitly asked for,

1295

        // so we'll treat errors there as real problems.  The events from the

1296

        // Right stream are ones that we got opportunistically told about; it's

1297

        // not a big deal if those fail.

1298

        let mut incoming = streams::select_biased(wait_on_stream, additional_stream.map(Ok));

1299

1300

        let mut retry_error = RetryError::in_attempt_to("wait for tunnels");

1301

1302

        while let Some((src, id)) = incoming.next().await {

1303

            match id {

1304

                Ok(Ok(ref id)) => {

1305

                    // Great, we have a tunnel . See if we can use it!

1306

                    let mut list = self.tunnels.lock().expect("poisoned lock");

1307

                    if let Some(ent) = list.get_open_mut(id) {

1308

                        let now = self.runtime.now();

1309

                        match ent.restrict_mut(usage, now) {

1310

                            Ok(()) => {

1311

                                // Great, this will work.  We drop the

1312

                                // pending request now explicitly to remove

1313

                                // it from the list.

1314

                                drop(pending_request);

1315

                                if matches!(ent.expiration, ExpirationInfo::Unused { .. }) {

1316

                                    let try_to_expire_after = if ent.spec.is_long_lived() {

1317

                                        self.circuit_timing().disused_circuit_timeout

1318

                                    } else {

1319

                                        self.circuit_timing().max_dirtiness

1320

};

1321

                                    // Since this tunnel hasn't been used yet, schedule expiration

1322

                                    // task after `max_dirtiness` from now.

1323

                                    spawn_expiration_task(

1324

                                        &self.runtime,

1325

                                        Arc::downgrade(&self),

1326

                                        ent.tunnel.id(),

1327

                                        now + try_to_expire_after,

1328

);

1329

1330

                                return Ok((ent.tunnel.clone(), TunnelProvenance::NewlyCreated));

1331

1332

                            Err(e) => {

1333

                                // In this case, a `UsageMismatched` error just means that we lost the race

1334

                                // to restrict this tunnel.

1335

                                let e = match e {

1336

                                    Error::UsageMismatched(e) => Error::LostUsabilityRace(e),

1337

                                    x => x,

1338

};

1339

                                if src == streams::Source::Left {

1340

                                    info_report!(

1341

&e,

1342

                                        "{} suggested we use {:?}, but restrictions failed",

1343

                                        describe_source(building, src),

1344

id,

1345

);

1346

                                } else {

1347

                                    debug_report!(

1348

&e,

1349

                                        "{} suggested we use {:?}, but restrictions failed",

1350

                                        describe_source(building, src),

1351

id,

1352

);

1353

1354

                                record_error(&mut retry_error, src, building, e, &self.runtime);

1355

                                continue;

1356

1357

1358

1359

1360

                Ok(Err(ref e)) => {

1361

                    debug!("{} sent error {:?}", describe_source(building, src), e);

1362

                    record_error(&mut retry_error, src, building, e.clone(), &self.runtime);

1363

1364

                Err(oneshot::Canceled) => {

1365

                    debug!(

1366

                        "{} went away (Canceled), quitting take_action right away",

1367

                        describe_source(building, src)

1368

);

1369

                    record_error(

1370

                        &mut retry_error,

1371

                        src,

1372

                        building,

1373

                        Error::PendingCanceled,

1374

                        &self.runtime,

1375

);

1376

                    return Err(retry_error);

1377

1378

1379

1380

            debug!(

1381

                "While waiting on tunnel: {:?} from {}",

1382

id,

1383

                describe_source(building, src)

1384

);

1385

1386

1387

        // Nothing worked.  We drop the pending request now explicitly

1388

        // to remove it from the list.  (We could just let it get dropped

1389

        // implicitly, but that's a bit confusing.)

1390

        drop(pending_request);

1391

1392

        Err(retry_error)

1393

528

1394

1395

    /// Given a directory and usage, compute the necessary objects to

1396

    /// build a tunnel: A [`PendingEntry`] to keep track of the in-process

1397

    /// tunnel, and a [`TunnelBuildPlan`] that we'll give to the thread

1398

    /// that will build the tunnel.

1399

///

1400

    /// The caller should probably add the resulting `PendingEntry` to

1401

    /// `self.circs`.

1402

///

1403

    /// This is an internal function that we call when we're pretty sure

1404

    /// we want to build a tunnel.

1405

    #[allow(clippy::type_complexity)]

1406

148

    fn plan_by_usage(

1407

148

        &self,

1408

148

        dir: DirInfo<'_>,

1409

148

        usage: &TargetTunnelUsage,

1410

148

    ) -> Result<(Arc<PendingEntry<B, R>>, TunnelBuildPlan<B, R>)> {

1411

148

        let (plan, bspec) = self.builder.plan_tunnel(usage, dir)?;

1412

140

        let (pending, sender) = PendingEntry::new(&bspec);

1413

140

        let pending = Arc::new(pending);

1414

1415

140

        let plan = TunnelBuildPlan {

1416

140

            plan,

1417

140

            sender,

1418

140

            pending: Arc::clone(&pending),

1419

140

};

1420

1421

140

        Ok((pending, plan))

1422

148

1423

1424

    /// Launch a managed tunnel for a target usage, without checking

1425

    /// whether one already exists or is pending.

1426

///

1427

    /// Return a listener that will be informed when the tunnel is done.

1428

    #[instrument(level = "trace", skip_all)]

1429

4

    pub(crate) fn launch_by_usage(

1430

4

        self: &Arc<Self>,

1431

4

        usage: &TargetTunnelUsage,

1432

4

        dir: DirInfo<'_>,

1433

4

    ) -> Result<Shared<oneshot::Receiver<PendResult<B, R>>>> {

1434

4

        let (pending, plan) = self.plan_by_usage(dir, usage)?;

1435

1436

4

        self.tunnels

1437

4

            .lock()

1438

4

            .expect("Poisoned lock for tunnel list")

1439

4

            .add_pending_tunnel(pending);

1440

1441

4

        Ok(Arc::clone(self).spawn_launch(usage, plan))

1442

4

1443

1444

    /// Spawn a background task to launch a tunnel, and report its status.

1445

///

1446

    /// The `usage` argument is the usage from the original request that made

1447

    /// us build this tunnel.

1448

    #[instrument(level = "trace", skip_all)]

1449

136

    fn spawn_launch(

1450

136

        self: Arc<Self>,

1451

136

        usage: &TargetTunnelUsage,

1452

136

        plan: TunnelBuildPlan<B, R>,

1453

136

    ) -> Shared<oneshot::Receiver<PendResult<B, R>>> {

1454

136

        let _ = usage; // Currently unused.

1455

        let TunnelBuildPlan {

1456

136

            mut plan,

1457

136

            sender,

1458

136

            pending,

1459

136

        } = plan;

1460

136

        let request_loyalty = self.circuit_timing().request_loyalty;

1461

1462

136

        let wait_on_future = pending.receiver.clone();

1463

136

        let runtime = self.runtime.clone();

1464

136

        let runtime_copy = self.runtime.clone();

1465

1466

136

        let tid = rand::random::<u64>();

1467

        // We release this block when the tunnel builder task terminates.

1468

136

        let reason = format!("tunnel builder task {}", tid);

1469

136

        runtime.block_advance(reason.clone());

1470

        // During tests, the `FakeBuilder` will need to release the block in order to fake a timeout

1471

        // correctly.

1472

136

        plan.add_blocked_advance_reason(reason);

1473

1474

136

        runtime

1475

136

            .spawn(async move {

1476

136

                let self_clone = Arc::clone(&self);

1477

136

                let future = AssertUnwindSafe(self_clone.do_launch(plan, pending)).catch_unwind();

1478

136

                let (new_spec, reply) = match future.await {

1479

124

                    Ok(x) => x, // Success or regular failure

1480

                    Err(e) => {

1481

                        // Okay, this is a panic.  We have to tell the calling

1482

                        // thread about it, then exit this tunnel builder task.

1483

                        let _ = sender.send(Err(internal!("tunnel build task panicked").into()));

1484

                        std::panic::panic_any(e);

1485

1486

};

1487

1488

                // Tell anybody who was listening about it that this

1489

                // tunnel is now usable or failed.

1490

//

1491

                // (We ignore any errors from `send`: That just means that nobody

1492

                // was waiting for this tunnel.)

1493

124

                let _ = sender.send(reply.clone());

1494

1495

124

                if let Some(new_spec) = new_spec {

1496

                    // Wait briefly before we notify opportunistically.  This

1497

                    // delay will give the tunnels that were originally

1498

                    // specifically intended for a request a little more time

1499

                    // to finish, before we offer it this tunnel instead.

1500

52

                    let sl = runtime_copy.sleep(request_loyalty);

1501

52

                    runtime_copy.allow_one_advance(request_loyalty);

1502

52

                    sl.await;

1503

1504

32

                    let pending = {

1505

32

                        let list = self.tunnels.lock().expect("poisoned lock");

1506

32

                        list.find_pending_requests(&new_spec)

1507

};

1508

40

                    for pending_request in pending {

1509

8

                        let _ = pending_request.notify.clone().try_send(reply.clone());

1510

8

1511

72

1512

104

                runtime_copy.release_advance(format!("tunnel builder task {}", tid));

1513

104

})

1514

136

            .expect("Couldn't spawn tunnel-building task");

1515

1516

136

        wait_on_future

1517

136

1518

1519

    /// Run in the background to launch a tunnel. Return a 2-tuple of the new

1520

    /// tunnel spec and the outcome that should be sent to the initiator.

1521

    #[instrument(level = "trace", skip_all)]

1522

136

    async fn do_launch(

1523

136

        self: Arc<Self>,

1524

136

        plan: <B as AbstractTunnelBuilder<R>>::Plan,

1525

136

        pending: Arc<PendingEntry<B, R>>,

1526

136

    ) -> (Option<SupportedTunnelUsage>, PendResult<B, R>) {

1527

        let outcome = self.builder.build_tunnel(plan).await;

1528

1529

        match outcome {

1530

            Err(e) => (None, Err(e)),

1531

            Ok((new_spec, tunnel)) => {

1532

                let id = tunnel.id();

1533

1534

                let use_duration = self.pick_use_duration();

1535

                let now = self.runtime.now();

1536

                let exp_inst = now + use_duration;

1537

                let runtime_copy = self.runtime.clone();

1538

                spawn_expiration_task(&runtime_copy, Arc::downgrade(&self), tunnel.id(), exp_inst);

1539

                // I used to call restrict_mut here, but now I'm not so

1540

                // sure. Doing restrict_mut makes sure that this

1541

                // tunnel will be suitable for the request that asked

1542

                // for us in the first place, but that should be

1543

                // ensured anyway by our tracking its tentative

1544

                // assignment.

1545

//

1546

                // new_spec.restrict_mut(&usage_copy).unwrap();

1547

                let use_before = ExpirationInfo::new(now);

1548

                let open_ent = OpenEntry::new(new_spec.clone(), tunnel, use_before);

1549

1550

                    let mut list = self.tunnels.lock().expect("poisoned lock");

1551

                    // Finally, before we return this tunnel, we need to make

1552

                    // sure that this pending tunnel is still pending.  (If it

1553

                    // is not pending, then it was cancelled through a call to

1554

                    // `retire_all_tunnels`, and the configuration that we used

1555

                    // to launch it is now sufficiently outdated that we should

1556

                    // no longer give this tunnel to a client.)

1557

                    if list.tunnel_is_pending(&pending) {

1558

                        list.add_open(open_ent);

1559

                        // We drop our reference to 'pending' here:

1560

                        // this should make all the weak references to

1561

                        // the `PendingEntry` become dangling.

1562

                        drop(pending);

1563

                        (Some(new_spec), Ok(id))

1564

                    } else {

1565

                        // This tunnel is no longer pending! It must have been cancelled, probably

1566

                        // by a call to retire_all_tunnels()

1567

                        drop(pending); // ibid

1568

                        (None, Err(Error::CircCanceled))

1569

1570

1571

1572

1573

124

1574

1575

    /// Return the currently configured expiration parameters.

1576

4

    fn expiration_params(&self) -> ExpirationParameters {

1577

4

        let expire_unused_after = self.pick_use_duration();

1578

4

        let expire_dirty_after = self.circuit_timing().max_dirtiness;

1579

4

        let expire_disused_after = self.circuit_timing().disused_circuit_timeout;

1580

1581

4

        ExpirationParameters {

1582

4

            expire_unused_after,

1583

4

            expire_dirty_after,

1584

4

            expire_disused_after,

1585

4

1586

4

1587

1588

    /// Plan and launch a new tunnel to a given target, bypassing our managed

1589

    /// pool of tunnels.

1590

///

1591

    /// This method will always return a new tunnel, and never return a tunnel

1592

    /// that this CircMgr gives out for anything else.

1593

///

1594

    /// The new tunnel will participate in the guard and timeout apparatus as

1595

    /// appropriate, no retry attempt will be made if the tunnel fails.

1596

    #[cfg(feature = "hs-common")]

1597

    #[instrument(level = "trace", skip_all)]

1598

4

    pub(crate) async fn launch_unmanaged(

1599

4

        &self,

1600

4

        usage: &TargetTunnelUsage,

1601

4

        dir: DirInfo<'_>,

1602

4

    ) -> Result<(SupportedTunnelUsage, B::Tunnel)> {

1603

        let (_, plan) = self.plan_by_usage(dir, usage)?;

1604

        self.builder.build_tunnel(plan.plan).await

1605

4

1606

1607

    /// Remove the tunnel with a given `id` from this manager.

1608

///

1609

    /// After this function is called, that tunnel will no longer be handed

1610

    /// out to any future requests.

1611

///

1612

    /// Return None if we have no tunnel with the given ID.

1613

8

    pub(crate) fn take_tunnel(

1614

8

        &self,

1615

8

        id: &<B::Tunnel as AbstractTunnel>::Id,

1616

8

    ) -> Option<Arc<B::Tunnel>> {

1617

8

        let mut list = self.tunnels.lock().expect("poisoned lock");

1618

8

        list.take_open(id).map(|e| e.tunnel)

1619

8

1620

1621

    /// Remove all open and pending tunnels and from this manager, to ensure

1622

    /// they can't be given out for any more requests.

1623

///

1624

    /// Calling `retire_all_tunnels` ensures that any tunnel request that gets

1625

    /// an  answer _after this method runs_ will receive a tunnel that was

1626

    /// launched _after this method runs_.

1627

///

1628

    /// We call this method this when our configuration changes in such a way

1629

    /// that we want to make sure that any new (or pending) requests will

1630

    /// receive tunnels that are built using the new configuration.

1631

//

1632

    // For more information, see documentation on [`CircuitList::open_circs`],

1633

    // [`CircuitList::pending_circs`], and comments in `do_launch`.

1634

    pub(crate) fn retire_all_tunnels(&self) {

1635

        let mut list = self.tunnels.lock().expect("poisoned lock");

1636

        list.clear_all_tunnels();

1637

1638

1639

    /// Expire tunnels according to the rules in `config` and the

1640

    /// current time `now`.

1641

///

1642

    /// Expired tunnels will not be automatically closed, but they will

1643

    /// no longer be given out for new tunnels.

1644

///

1645

    /// Return the earliest time at which any current tunnel will expire.

1646

4

    pub(crate) async fn expire_tunnels(&self, now: Instant) -> Option<Instant> {

1647

4

        let expiration_params = self.expiration_params();

1648

1649

        // While holding the lock, we call TunnelList::expire_tunnels.

1650

        // That function will expire what it can, and return a list of the tunnels for which

1651

        // we need to call `disused_since`.

1652

4

        let (mut earliest_expiration, need_to_check) = {

1653

4

            let mut list = self.tunnels.lock().expect("poisoned lock");

1654

4

            list.expire_tunnels(now, &expiration_params)

1655

4

};

1656

1657

        // Now we've dropped the lock, and can do async checks.

1658

4

        let mut last_known_usage = Vec::new();

1659

4

        for tunnel in need_to_check {

1660

            let Some(tunnel) = Weak::upgrade(&tunnel) else {

1661

                continue; // The tunnel is already gone.

1662

};

1663

            last_known_usage.push((tunnel.id(), tunnel.last_known_to_be_used_at().await));

1664

1665

1666

        // Now get the lock again, and tell the list what we learned.

1667

//

1668

        // Note that if this function is called twice simultaneously, in some corner cases, we might

1669

        // decide to expire something twice.  That's okay.

1670

1671

4

            let mut list = self.tunnels.lock().expect("poisoned lock");

1672

4

            for (id, disused_since) in last_known_usage {

1673

                match list.update_long_lived_tunnel_last_used(

1674

                    &id,

1675

                    now,

1676

                    &expiration_params,

1677

                    &disused_since,

1678

) {

1679

                    Ok(Some(may_expire)) => {

1680

                        earliest_expiration = match earliest_expiration {

1681

                            Some(exp) if exp < may_expire => Some(exp),

1682

                            _ => Some(may_expire),

1683

};

1684

1685

                    Ok(None) => {}

1686

                    Err(e) => warn_report!(e, "Error while updating status on tunnel {:?}", id),

1687

1688

1689

1690

1691

4

        earliest_expiration

1692

4

1693

1694

    /// Consider expiring the tunnel with given tunnel `id`,

1695

    /// according to the rules in `config` and the current time `now`.

1696

///

1697

    /// Returns None if the circuit is expired; otherwise returns the next time at which the circuit may expire.

1698

    pub(crate) async fn consider_expiring_tunnel(

1699

        &self,

1700

        tun_id: &<B::Tunnel as AbstractTunnel>::Id,

1701

        now: Instant,

1702

    ) -> Result<Option<Instant>> {

1703

        let expiration_params = self.expiration_params();

1704

1705

        // With the lock, call TunneList::tunnel_should_expire, and expire it (or don't)

1706

        // if the decision is obvious.

1707

        let tunnel = {

1708

            let mut list: sync::MutexGuard<'_, TunnelList<B, R>> =

1709

                self.tunnels.lock().expect("poisoned lock");

1710

            let Some(should_expire) = list.tunnel_should_expire(tun_id, now, &expiration_params)

1711

            else {

1712

                return Ok(None);

1713

};

1714

            match should_expire {

1715

                ShouldExpire::Now => {

1716

                    let _discard = list.take_open(tun_id);

1717

                    return Ok(None);

1718

1719

                ShouldExpire::NotBefore(t) => return Ok(Some(t)),

1720

                ShouldExpire::PossiblyNow => {

1721

                    let Some(tunnel_ent) = list.get_open_mut(tun_id) else {

1722

                        return Ok(None);

1723

};

1724

                    Arc::clone(&tunnel_ent.tunnel)

1725

1726

1727

};

1728

1729

        // If we get here, then we have a long-lived tunnel for which we need to check `disused_since`

1730

        let last_known_in_use_at = tunnel.last_known_to_be_used_at().await;

1731

1732

        // Now we tell the TunnelList what we learned.

1733

1734

            let mut list: sync::MutexGuard<'_, TunnelList<B, R>> =

1735

                self.tunnels.lock().expect("poisoned lock");

1736

            list.update_long_lived_tunnel_last_used(

1737

                tun_id,

1738

                now,

1739

                &expiration_params,

1740

                &last_known_in_use_at,

1741

1742

1743

1744

1745

    /// Return the number of open tunnels held by this tunnel manager.

1746

24

    pub(crate) fn n_tunnels(&self) -> usize {

1747

24

        let list = self.tunnels.lock().expect("poisoned lock");

1748

24

        list.open_tunnels.len()

1749

24

1750

1751

    /// Return the number of pending tunnels tracked by this tunnel manager.

1752

    #[cfg(test)]

1753

8

    pub(crate) fn n_pending_tunnels(&self) -> usize {

1754

8

        let list = self.tunnels.lock().expect("poisoned lock");

1755

8

        list.pending_tunnels.len()

1756

8

1757

1758

    /// Get a reference to this manager's runtime.

1759

30

    pub(crate) fn peek_runtime(&self) -> &R {

1760

30

        &self.runtime

1761

30

1762

1763

    /// Get a reference to this manager's builder.

1764

160

    pub(crate) fn peek_builder(&self) -> &B {

1765

160

        &self.builder

1766

160

1767

1768

    /// Pick a duration by when a new tunnel should expire from now

1769

    /// if it has not yet been used

1770

56

    fn pick_use_duration(&self) -> Duration {

1771

56

        let timings = self

1772

56

            .unused_timing

1773

56

            .lock()

1774

56

            .expect("Poisoned lock for unused_timing");

1775

1776

56

        if self.builder.learning_timeouts() {

1777

            timings.learning

1778

        } else {

1779

            // TODO: In Tor, this calculation also depends on

1780

            // stuff related to predicted ports and channel

1781

            // padding.

1782

            use tor_basic_utils::RngExt as _;

1783

56

            let mut rng = rand::rng();

1784

56

            rng.gen_range_checked(timings.not_learning..=timings.not_learning * 2)

1785

56

                .expect("T .. 2x T turned out to be an empty duration range?!")

1786

1787

56

1788

1789

1790

/// Spawn an expiration task that expires a tunnel at given instant.

1791

///

1792

/// When the timeout occurs, if the tunnel manager is still present,

1793

/// the task will ask the manager to expire the tunnel, if the tunnel

1794

/// is ready to expire.

1795

//

1796

// TODO: It would be good to do away with this function entirely, and have a smarter expiration

1797

// function.  This one only exists because there is not an "expire some circuits" background task.

1798

52

fn spawn_expiration_task<B, R>(

1799

52

    runtime: &R,

1800

52

    circmgr: Weak<AbstractTunnelMgr<B, R>>,

1801

52

    circ_id: <<B as AbstractTunnelBuilder<R>>::Tunnel as AbstractTunnel>::Id,

1802

52

    exp_inst: Instant,

1803

52

) where

1804

52

    R: Runtime,

1805

52

    B: 'static + AbstractTunnelBuilder<R>,

1806

1807

52

    let now = runtime.now();

1808

52

    let rt_copy = runtime.clone();

1809

52

    let mut duration = exp_inst.saturating_duration_since(now);

1810

1811

    // NOTE: Once there was an optimization here that ran the expiration immediately if

1812

    // `duration` was zero.

1813

    // I discarded that optimization when I made `consider_expiring_tunnel` async,

1814

    // since we really want this function _not_ to be async,

1815

    // because we run it in contexts where we hold a Mutex on the tunnel list.

1816

1817

    // Spawn a timer expiration task with given expiration instant.

1818

52

    if let Err(e) = runtime.spawn(async move {

1819

        loop {

1820

52

            rt_copy.sleep(duration).await;

1821

            let cm = if let Some(cm) = Weak::upgrade(&circmgr) {

1822

cm

1823

            } else {

1824

                return;

1825

};

1826

            match cm.consider_expiring_tunnel(&circ_id, exp_inst).await {

1827

                Ok(None) => return,

1828

                Ok(Some(when)) => {

1829

                    duration = when.saturating_duration_since(rt_copy.now());

1830

1831

                Err(e) => {

1832

                    warn_report!(

1833

e,

1834

                        "Error while considering expiration for tunnel {:?}",

1835

                        circ_id

1836

);

1837

                    return;

1838

1839

1840

1841

    }) {

1842

        warn_report!(e, "Unable to launch expiration task");

1843

52

1844

52

1845

1846

#[cfg(test)]

1847

mod test {

1848

    // @@ begin test lint list maintained by maint/add_warning @@

1849

    #![allow(clippy::bool_assert_comparison)]

1850

    #![allow(clippy::clone_on_copy)]

1851

    #![allow(clippy::dbg_macro)]

1852

    #![allow(clippy::mixed_attributes_style)]

1853

    #![allow(clippy::print_stderr)]

1854

    #![allow(clippy::print_stdout)]

1855

    #![allow(clippy::single_char_pattern)]

1856

    #![allow(clippy::unwrap_used)]

1857

    #![allow(clippy::unchecked_time_subtraction)]

1858

    #![allow(clippy::useless_vec)]

1859

    #![allow(clippy::needless_pass_by_value)]

1860

    //! <!-- @@ end test lint list maintained by maint/add_warning @@ -->

1861

    use super::*;

1862

    use crate::isolation::test::{IsolationTokenEq, assert_isoleq};

1863

    use crate::mocks::{FakeBuilder, FakeCirc, FakeId, FakeOp};

1864

    use crate::usage::{ExitPolicy, SupportedTunnelUsage};

1865

    use crate::{

1866

        Error, IsolationToken, StreamIsolation, TargetPort, TargetPorts, TargetTunnelUsage,

1867

};

1868

    use std::sync::LazyLock;

1869

    use tor_dircommon::fallback::FallbackList;

1870

    use tor_guardmgr::TestConfig;

1871

    use tor_llcrypto::pk::ed25519::Ed25519Identity;

1872

    use tor_netdir::testnet;

1873

    use tor_persist::TestingStateMgr;

1874

    use tor_rtcompat::SleepProvider;

1875

    use tor_rtmock::MockRuntime;

1876

1877

    #[allow(deprecated)] // TODO #1885

1878

    use tor_rtmock::MockSleepRuntime;

1879

1880

    static FALLBACKS_EMPTY: LazyLock<FallbackList> = LazyLock::new(|| [].into());

1881

1882

    fn di() -> DirInfo<'static> {

1883

        (&*FALLBACKS_EMPTY).into()

1884

1885

1886

    fn target_to_spec(target: &TargetTunnelUsage) -> SupportedTunnelUsage {

1887

        match target {

1888

            TargetTunnelUsage::Exit {

1889

                ports,

1890

                isolation,

1891

                country_code,

1892

                require_stability,

1893

            } => SupportedTunnelUsage::Exit {

1894

                policy: ExitPolicy::from_target_ports(&TargetPorts::from(&ports[..])),

1895

                isolation: Some(isolation.clone()),

1896

                country_code: country_code.clone(),

1897

                all_relays_stable: *require_stability,

1898

},

1899

            _ => unimplemented!(),

1900

1901

1902

1903

    impl<U: PartialEq> IsolationTokenEq for OpenEntry<U> {

1904

        fn isol_eq(&self, other: &Self) -> bool {

1905

            self.spec.isol_eq(&other.spec)

1906

                && self.tunnel == other.tunnel

1907

                && self.expiration == other.expiration

1908

1909

1910

1911

    impl<U: PartialEq> IsolationTokenEq for &mut OpenEntry<U> {

1912

        fn isol_eq(&self, other: &Self) -> bool {

1913

            self.spec.isol_eq(&other.spec)

1914

                && self.tunnel == other.tunnel

1915

                && self.expiration == other.expiration

1916

1917

1918

1919

    fn make_builder<R: Runtime>(runtime: &R) -> FakeBuilder<R> {

1920

        let state_mgr = TestingStateMgr::new();

1921

        let guard_config = TestConfig::default();

1922

        FakeBuilder::new(runtime, state_mgr, &guard_config)

1923

1924

1925

    #[test]

1926

    fn basic_tests() {

1927

        MockRuntime::test_with_various(|rt| async move {

1928

            #[allow(deprecated)] // TODO #1885

1929

            let rt = MockSleepRuntime::new(rt);

1930

1931

            let builder = make_builder(&rt);

1932

1933

            let mgr = Arc::new(AbstractTunnelMgr::new(

1934

                builder,

1935

                rt.clone(),

1936

                CircuitTiming::default(),

1937

));

1938

1939

            let webports = TargetTunnelUsage::new_from_ipv4_ports(&[80, 443]);

1940

1941

            // Check initialization.

1942

            assert_eq!(mgr.n_tunnels(), 0);

1943

            assert!(mgr.peek_builder().script.lock().unwrap().is_empty());

1944

1945

            // Launch a tunnel ; make sure we get it.

1946

            let c1 = rt.wait_for(mgr.get_or_launch(&webports, di())).await;

1947

            let c1 = c1.unwrap().0;

1948

            assert_eq!(mgr.n_tunnels(), 1);

1949

1950

            // Make sure we get the one we already made if we ask for it.

1951

            let port80 = TargetTunnelUsage::new_from_ipv4_ports(&[80]);

1952

            let c2 = mgr.get_or_launch(&port80, di()).await;

1953

1954

            let c2 = c2.unwrap().0;

1955

            assert!(FakeCirc::eq(&c1, &c2));

1956

            assert_eq!(mgr.n_tunnels(), 1);

1957

1958

            // Now try launching two tunnels "at once" to make sure that our

1959

            // pending-tunnel code works.

1960

1961

            let dnsport = TargetTunnelUsage::new_from_ipv4_ports(&[53]);

1962

            let dnsport_restrict = TargetTunnelUsage::Exit {

1963

                ports: vec![TargetPort::ipv4(53)],

1964

                isolation: StreamIsolation::builder().build().unwrap(),

1965

                country_code: None,

1966

                require_stability: false,

1967

};

1968

1969

            let (c3, c4) = rt

1970

                .wait_for(futures::future::join(

1971

                    mgr.get_or_launch(&dnsport, di()),

1972

                    mgr.get_or_launch(&dnsport_restrict, di()),

1973

))

1974

                .await;

1975

1976

            let c3 = c3.unwrap().0;

1977

            let c4 = c4.unwrap().0;

1978

            assert!(!FakeCirc::eq(&c1, &c3));

1979

            assert!(FakeCirc::eq(&c3, &c4));

1980

            assert_eq!(c3.id(), c4.id());

1981

            assert_eq!(mgr.n_tunnels(), 2);

1982

1983

            // Now we're going to remove c3 from consideration.  It's the

1984

            // same as c4, so removing c4 will give us None.

1985

            let c3_taken = mgr.take_tunnel(&c3.id()).unwrap();

1986

            let now_its_gone = mgr.take_tunnel(&c4.id());

1987

            assert!(FakeCirc::eq(&c3_taken, &c3));

1988

            assert!(now_its_gone.is_none());

1989

            assert_eq!(mgr.n_tunnels(), 1);

1990

1991

            // Having removed them, let's launch another dnsport and make

1992

            // sure we get a different tunnel.

1993

            let c5 = rt.wait_for(mgr.get_or_launch(&dnsport, di())).await;

1994

            let c5 = c5.unwrap().0;

1995

            assert!(!FakeCirc::eq(&c3, &c5));

1996

            assert!(!FakeCirc::eq(&c4, &c5));

1997

            assert_eq!(mgr.n_tunnels(), 2);

1998

1999

            // Now try launch_by_usage.

2000

            let prev = mgr.n_pending_tunnels();

2001

            assert!(mgr.launch_by_usage(&dnsport, di()).is_ok());

2002

            assert_eq!(mgr.n_pending_tunnels(), prev + 1);

2003

            // TODO: Actually make sure that launch_by_usage launched

2004

            // the right thing.

2005

});

2006

2007

2008

    #[test]

2009

    fn request_timeout() {

2010

        MockRuntime::test_with_various(|rt| async move {

2011

            #[allow(deprecated)] // TODO #1885

2012

            let rt = MockSleepRuntime::new(rt);

2013

2014

            let ports = TargetTunnelUsage::new_from_ipv4_ports(&[80, 443]);

2015

2016

            // This will fail once, and then completely time out.  The

2017

            // result will be a failure.

2018

            let builder = make_builder(&rt);

2019

            builder.set(&ports, vec![FakeOp::Fail, FakeOp::Timeout]);

2020

2021

            let mgr = Arc::new(AbstractTunnelMgr::new(

2022

                builder,

2023

                rt.clone(),

2024

                CircuitTiming::default(),

2025

));

2026

            let c1 = mgr

2027

                .peek_runtime()

2028

                .wait_for(mgr.get_or_launch(&ports, di()))

2029

                .await;

2030

2031

            assert!(matches!(c1, Err(Error::RequestFailed(_))));

2032

});

2033

2034

2035

    #[test]

2036

    fn request_timeout2() {

2037

        MockRuntime::test_with_various(|rt| async move {

2038

            #[allow(deprecated)] // TODO #1885

2039

            let rt = MockSleepRuntime::new(rt);

2040

2041

            // Now try a more complicated case: we'll try to get things so

2042

            // that we wait for a little over our predicted time because

2043

            // of our wait-for-next-action logic.

2044

            let ports = TargetTunnelUsage::new_from_ipv4_ports(&[80, 443]);

2045

            let builder = make_builder(&rt);

2046

            builder.set(

2047

                &ports,

2048

                vec![

2049

                    FakeOp::Delay(Duration::from_millis(60_000 - 25)),

2050

                    FakeOp::NoPlan,

2051

],

2052

);

2053

2054

            let mgr = Arc::new(AbstractTunnelMgr::new(

2055

                builder,

2056

                rt.clone(),

2057

                CircuitTiming::default(),

2058

));

2059

            let c1 = mgr

2060

                .peek_runtime()

2061

                .wait_for(mgr.get_or_launch(&ports, di()))

2062

                .await;

2063

2064

            assert!(matches!(c1, Err(Error::RequestFailed(_))));

2065

});

2066

2067

2068

    #[test]

2069

    fn request_unplannable() {

2070

        MockRuntime::test_with_various(|rt| async move {

2071

            #[allow(deprecated)] // TODO #1885

2072

            let rt = MockSleepRuntime::new(rt);

2073

2074

            let ports = TargetTunnelUsage::new_from_ipv4_ports(&[80, 443]);

2075

2076

            // This will fail a the planning stages, a lot.

2077

            let builder = make_builder(&rt);

2078

            builder.set(&ports, vec![FakeOp::NoPlan; 2000]);

2079

2080

            let mgr = Arc::new(AbstractTunnelMgr::new(

2081

                builder,

2082

                rt.clone(),

2083

                CircuitTiming::default(),

2084

));

2085

            let c1 = rt.wait_for(mgr.get_or_launch(&ports, di())).await;

2086

2087

            assert!(matches!(c1, Err(Error::RequestFailed(_))));

2088

});

2089

2090

2091

    #[test]

2092

    fn request_fails_too_much() {

2093

        MockRuntime::test_with_various(|rt| async move {

2094

            #[allow(deprecated)] // TODO #1885

2095

            let rt = MockSleepRuntime::new(rt);

2096

            let ports = TargetTunnelUsage::new_from_ipv4_ports(&[80, 443]);

2097

2098

            // This will fail 1000 times, which is above the retry limit.

2099

            let builder = make_builder(&rt);

2100

            builder.set(&ports, vec![FakeOp::Fail; 1000]);

2101

2102

            let mgr = Arc::new(AbstractTunnelMgr::new(

2103

                builder,

2104

                rt.clone(),

2105

                CircuitTiming::default(),

2106

));

2107

            let c1 = rt.wait_for(mgr.get_or_launch(&ports, di())).await;

2108

2109

            assert!(matches!(c1, Err(Error::RequestFailed(_))));

2110

});

2111

2112

2113

    #[test]

2114

    fn request_wrong_spec() {

2115

        MockRuntime::test_with_various(|rt| async move {

2116

            #[allow(deprecated)] // TODO #1885

2117

            let rt = MockSleepRuntime::new(rt);

2118

            let ports = TargetTunnelUsage::new_from_ipv4_ports(&[80, 443]);

2119

2120

            // The first time this is called, it will build a tunnel

2121

            // with the wrong spec.  (A tunnel builder should never

2122

            // actually _do_ that, but it's something we code for.)

2123

            let builder = make_builder(&rt);

2124

            builder.set(

2125

                &ports,

2126

                vec![FakeOp::WrongSpec(target_to_spec(

2127

                    &TargetTunnelUsage::new_from_ipv4_ports(&[22]),

2128

                ))],

2129

);

2130

2131

            let mgr = Arc::new(AbstractTunnelMgr::new(

2132

                builder,

2133

                rt.clone(),

2134

                CircuitTiming::default(),

2135

));

2136

            let c1 = rt.wait_for(mgr.get_or_launch(&ports, di())).await;

2137

2138

            assert!(c1.is_ok());

2139

});

2140

2141

2142

    #[test]

2143

    fn request_retried() {

2144

        MockRuntime::test_with_various(|rt| async move {

2145

            #[allow(deprecated)] // TODO #1885

2146

            let rt = MockSleepRuntime::new(rt);

2147

            let ports = TargetTunnelUsage::new_from_ipv4_ports(&[80, 443]);

2148

2149

            // This will fail twice, and then succeed. The result will be

2150

            // a success.

2151

            let builder = make_builder(&rt);

2152

            builder.set(&ports, vec![FakeOp::Fail, FakeOp::Fail]);

2153

2154

            let mgr = Arc::new(AbstractTunnelMgr::new(

2155

                builder,

2156

                rt.clone(),

2157

                CircuitTiming::default(),

2158

));

2159

2160

            // This test doesn't exercise any timeout behaviour.

2161

            rt.block_advance("test doesn't require advancing");

2162

2163

            let (c1, c2) = rt

2164

                .wait_for(futures::future::join(

2165

                    mgr.get_or_launch(&ports, di()),

2166

                    mgr.get_or_launch(&ports, di()),

2167

))

2168

                .await;

2169

2170

            let c1 = c1.unwrap().0;

2171

            let c2 = c2.unwrap().0;

2172

2173

            assert!(FakeCirc::eq(&c1, &c2));

2174

});

2175

2176

2177

    #[test]

2178

    fn isolated() {

2179

        MockRuntime::test_with_various(|rt| async move {

2180

            #[allow(deprecated)] // TODO #1885

2181

            let rt = MockSleepRuntime::new(rt);

2182

            let builder = make_builder(&rt);

2183

            let mgr = Arc::new(AbstractTunnelMgr::new(

2184

                builder,

2185

                rt.clone(),

2186

                CircuitTiming::default(),

2187

));

2188

2189

            // Set our isolation so that iso1 and iso2 can't share a tunnel,

2190

            // but no_iso can share a tunnel with either.

2191

            let iso1 = TargetTunnelUsage::Exit {

2192

                ports: vec![TargetPort::ipv4(443)],

2193

                isolation: StreamIsolation::builder()

2194

                    .owner_token(IsolationToken::new())

2195

                    .build()

2196

                    .unwrap(),

2197

                country_code: None,

2198

                require_stability: false,

2199

};

2200

            let iso2 = TargetTunnelUsage::Exit {

2201

                ports: vec![TargetPort::ipv4(443)],

2202

                isolation: StreamIsolation::builder()

2203

                    .owner_token(IsolationToken::new())

2204

                    .build()

2205

                    .unwrap(),

2206

                country_code: None,

2207

                require_stability: false,

2208

};

2209

            let no_iso1 = TargetTunnelUsage::new_from_ipv4_ports(&[443]);

2210

            let no_iso2 = no_iso1.clone();

2211

2212

            // We're going to try launching these tunnels in 24 different

2213

            // orders, to make sure that the outcome is correct each time.

2214

            use itertools::Itertools;

2215

            let timeouts: Vec<_> = [0_u64, 2, 4, 6]

2216

                .iter()

2217

                .map(|d| Duration::from_millis(*d))

2218

                .collect();

2219

2220

            for delays in timeouts.iter().permutations(4) {

2221

                let d1 = delays[0];

2222

                let d2 = delays[1];

2223

                let d3 = delays[2];

2224

                let d4 = delays[2];

2225

                let (c_iso1, c_iso2, c_no_iso1, c_no_iso2) = rt

2226

                    .wait_for(futures::future::join4(

2227

                        async {

2228

                            rt.sleep(*d1).await;

2229

                            mgr.get_or_launch(&iso1, di()).await

2230

},

2231

                        async {

2232

                            rt.sleep(*d2).await;

2233

                            mgr.get_or_launch(&iso2, di()).await

2234

},

2235

                        async {

2236

                            rt.sleep(*d3).await;

2237

                            mgr.get_or_launch(&no_iso1, di()).await

2238

},

2239

                        async {

2240

                            rt.sleep(*d4).await;

2241

                            mgr.get_or_launch(&no_iso2, di()).await

2242

},

2243

))

2244

                    .await;

2245

2246

                let c_iso1 = c_iso1.unwrap().0;

2247

                let c_iso2 = c_iso2.unwrap().0;

2248

                let c_no_iso1 = c_no_iso1.unwrap().0;

2249

                let c_no_iso2 = c_no_iso2.unwrap().0;

2250

2251

                assert!(!FakeCirc::eq(&c_iso1, &c_iso2));

2252

                assert!(!FakeCirc::eq(&c_iso1, &c_no_iso1));

2253

                assert!(!FakeCirc::eq(&c_iso1, &c_no_iso2));

2254

                assert!(!FakeCirc::eq(&c_iso2, &c_no_iso1));

2255

                assert!(!FakeCirc::eq(&c_iso2, &c_no_iso2));

2256

                assert!(FakeCirc::eq(&c_no_iso1, &c_no_iso2));

2257

2258

});

2259

2260

2261

    #[test]

2262

    fn opportunistic() {

2263

        MockRuntime::test_with_various(|rt| async move {

2264

            #[allow(deprecated)] // TODO #1885

2265

            let rt = MockSleepRuntime::new(rt);

2266

2267

            // The first request will time out completely, but we're

2268

            // making a second request after we launch it.  That

2269

            // request should succeed, and notify the first request.

2270

2271

            let ports1 = TargetTunnelUsage::new_from_ipv4_ports(&[80]);

2272

            let ports2 = TargetTunnelUsage::new_from_ipv4_ports(&[80, 443]);

2273

2274

            let builder = make_builder(&rt);

2275

            builder.set(&ports1, vec![FakeOp::Timeout]);

2276

2277

            let mgr = Arc::new(AbstractTunnelMgr::new(

2278

                builder,

2279

                rt.clone(),

2280

                CircuitTiming::default(),

2281

));

2282

            // Note that ports2 will be wider than ports1, so the second

2283

            // request will have to launch a new tunnel.

2284

2285

            let (c1, c2) = rt

2286

                .wait_for(futures::future::join(

2287

                    mgr.get_or_launch(&ports1, di()),

2288

                    async {

2289

                        rt.sleep(Duration::from_millis(100)).await;

2290

                        mgr.get_or_launch(&ports2, di()).await

2291

},

2292

))

2293

                .await;

2294

2295

            if let (Ok((c1, _)), Ok((c2, _))) = (c1, c2) {

2296

                assert!(FakeCirc::eq(&c1, &c2));

2297

            } else {

2298

                panic!();

2299

};

2300

});

2301

2302

2303

    #[test]

2304

    fn prebuild() {

2305

        MockRuntime::test_with_various(|rt| async move {

2306

            // This time we're going to use ensure_tunnel() to make

2307

            // sure that a tunnel gets built, and then launch two

2308

            // other tunnels that will use it.

2309

            #[allow(deprecated)] // TODO #1885

2310

            let rt = MockSleepRuntime::new(rt);

2311

            let builder = make_builder(&rt);

2312

            let mgr = Arc::new(AbstractTunnelMgr::new(

2313

                builder,

2314

                rt.clone(),

2315

                CircuitTiming::default(),

2316

));

2317

2318

            let ports1 = TargetTunnelUsage::new_from_ipv4_ports(&[80, 443]);

2319

            let ports2 = TargetTunnelUsage::new_from_ipv4_ports(&[80]);

2320

            let ports3 = TargetTunnelUsage::new_from_ipv4_ports(&[443]);

2321

2322

            let ok = mgr.ensure_tunnel(&ports1, di());

2323

            let (c1, c2) = rt

2324

                .wait_for(futures::future::join(

2325

                    async {

2326

                        rt.sleep(Duration::from_millis(10)).await;

2327

                        mgr.get_or_launch(&ports2, di()).await

2328

},

2329

                    async {

2330

                        rt.sleep(Duration::from_millis(50)).await;

2331

                        mgr.get_or_launch(&ports3, di()).await

2332

},

2333

))

2334

                .await;

2335

2336

            assert!(ok.is_ok());

2337

2338

            let c1 = c1.unwrap().0;

2339

            let c2 = c2.unwrap().0;

2340

2341

            // If we had launched these separately, they wouldn't share

2342

            // a tunnel.

2343

            assert!(FakeCirc::eq(&c1, &c2));

2344

});

2345

2346

2347

    #[test]

2348

    fn expiration() {

2349

        MockRuntime::test_with_various(|rt| async move {

2350

            use crate::config::CircuitTimingBuilder;

2351

            // Now let's make some tunnels -- one dirty, one clean, and

2352

            // make sure that one expires and one doesn't.

2353

            #[allow(deprecated)] // TODO #1885

2354

            let rt = MockSleepRuntime::new(rt);

2355

            let builder = make_builder(&rt);

2356

2357

            let circuit_timing = CircuitTimingBuilder::default()

2358

                .max_dirtiness(Duration::from_secs(15))

2359

                .build()

2360

                .unwrap();

2361

2362

            let mgr = Arc::new(AbstractTunnelMgr::new(builder, rt.clone(), circuit_timing));

2363

2364

            let imap = TargetTunnelUsage::new_from_ipv4_ports(&[993]);

2365

            let pop = TargetTunnelUsage::new_from_ipv4_ports(&[995]);

2366

2367

            let ok = mgr.ensure_tunnel(&imap, di());

2368

            let pop1 = rt.wait_for(mgr.get_or_launch(&pop, di())).await;

2369

2370

            assert!(ok.is_ok());

2371

            let pop1 = pop1.unwrap().0;

2372

2373

            rt.advance(Duration::from_secs(30)).await;

2374

            rt.advance(Duration::from_secs(15)).await;

2375

            let imap1 = rt.wait_for(mgr.get_or_launch(&imap, di())).await.unwrap().0;

2376

2377

            // This should expire the pop tunnel, since it came from

2378

            // get_or_launch() [which marks the tunnel as being

2379

            // used].  It should not expire the imap tunnel, since

2380

            // it was not dirty until 15 seconds after the cutoff.

2381

            let now = rt.now();

2382

2383

            mgr.expire_tunnels(now).await;

2384

2385

            let (pop2, imap2) = rt

2386

                .wait_for(futures::future::join(

2387

                    mgr.get_or_launch(&pop, di()),

2388

                    mgr.get_or_launch(&imap, di()),

2389

))

2390

                .await;

2391

2392

            let pop2 = pop2.unwrap().0;

2393

            let imap2 = imap2.unwrap().0;

2394

2395

            assert!(!FakeCirc::eq(&pop2, &pop1));

2396

            assert!(FakeCirc::eq(&imap2, &imap1));

2397

});

2398

2399

2400

    /// Returns three exit policies; one that permits nothing, one that permits ports 80

2401

    /// and 443 only, and one that permits all ports.

2402

    fn get_exit_policies() -> (ExitPolicy, ExitPolicy, ExitPolicy) {

2403

        // FIXME(eta): the below is copypasta; would be nice to have a better way of

2404

        //             constructing ExitPolicy objects for testing maybe

2405

        let network = testnet::construct_netdir().unwrap_if_sufficient().unwrap();

2406

2407

        // Nodes with ID 0x0a through 0x13 and 0x1e through 0x27 are

2408

        // exits.  Odd-numbered ones allow only ports 80 and 443;

2409

        // even-numbered ones allow all ports.

2410

        let id_noexit: Ed25519Identity = [0x05; 32].into();

2411

        let id_webexit: Ed25519Identity = [0x11; 32].into();

2412

        let id_fullexit: Ed25519Identity = [0x20; 32].into();

2413

2414

        let not_exit = network.by_id(&id_noexit).unwrap();

2415

        let web_exit = network.by_id(&id_webexit).unwrap();

2416

        let full_exit = network.by_id(&id_fullexit).unwrap();

2417

2418

        let ep_none = ExitPolicy::from_relay(&not_exit);

2419

        let ep_web = ExitPolicy::from_relay(&web_exit);

2420

        let ep_full = ExitPolicy::from_relay(&full_exit);

2421

        (ep_none, ep_web, ep_full)

2422

2423

2424

    #[test]

2425

    fn test_find_supported() {

2426

        let (ep_none, ep_web, ep_full) = get_exit_policies();

2427

        let fake_circ = FakeCirc { id: FakeId::next() };

2428

        let expiration = ExpirationInfo::Unused {

2429

            created: Instant::now(),

2430

};

2431

2432

        let mut entry_none = OpenEntry::new(

2433

            SupportedTunnelUsage::Exit {

2434

                policy: ep_none,

2435

                isolation: None,

2436

                country_code: None,

2437

                all_relays_stable: true,

2438

},

2439

            fake_circ.clone(),

2440

            expiration.clone(),

2441

);

2442

        let mut entry_none_c = entry_none.clone();

2443

        let mut entry_web = OpenEntry::new(

2444

            SupportedTunnelUsage::Exit {

2445

                policy: ep_web,

2446

                isolation: None,

2447

                country_code: None,

2448

                all_relays_stable: true,

2449

},

2450

            fake_circ.clone(),

2451

            expiration.clone(),

2452

);

2453

        let mut entry_web_c = entry_web.clone();

2454

        let mut entry_full = OpenEntry::new(

2455

            SupportedTunnelUsage::Exit {

2456

                policy: ep_full,

2457

                isolation: None,

2458

                country_code: None,

2459

                all_relays_stable: true,

2460

},

2461

            fake_circ,

2462

            expiration,

2463

);

2464

        let mut entry_full_c = entry_full.clone();

2465

2466

        let usage_web = TargetTunnelUsage::new_from_ipv4_ports(&[80]);

2467

        let empty: Vec<&mut OpenEntry<FakeCirc>> = vec![];

2468

2469

        assert_isoleq!(

2470

            SupportedTunnelUsage::find_supported(vec![&mut entry_none].into_iter(), &usage_web),

2471

            empty

2472

);

2473

2474

        // HACK(eta): We have to faff around with clones and such because

2475

        //            `abstract_spec_find_supported` has a silly signature that involves `&mut`

2476

        //            refs, which we can't have more than one of.

2477

2478

        assert_isoleq!(

2479

            SupportedTunnelUsage::find_supported(

2480

                vec![&mut entry_none, &mut entry_web].into_iter(),

2481

                &usage_web,

2482

),

2483

            vec![&mut entry_web_c]

2484

);

2485

2486

        assert_isoleq!(

2487

            SupportedTunnelUsage::find_supported(

2488

                vec![&mut entry_none, &mut entry_web, &mut entry_full].into_iter(),

2489

                &usage_web,

2490

),

2491

            vec![&mut entry_web_c, &mut entry_full_c]

2492

);

2493

2494

        // Test preemptive tunnel usage:

2495

2496

        let usage_preemptive_web = TargetTunnelUsage::Preemptive {

2497

            port: Some(TargetPort::ipv4(80)),

2498

            circs: 2,

2499

            require_stability: false,

2500

};

2501

        let usage_preemptive_dns = TargetTunnelUsage::Preemptive {

2502

            port: None,

2503

            circs: 2,

2504

            require_stability: false,

2505

};

2506

2507

        // shouldn't return anything unless there are >=2 tunnels

2508

2509

        assert_isoleq!(

2510

            SupportedTunnelUsage::find_supported(

2511

                vec![&mut entry_none].into_iter(),

2512

                &usage_preemptive_web

2513

),

2514

            empty

2515

);

2516

2517

        assert_isoleq!(

2518

            SupportedTunnelUsage::find_supported(

2519

                vec![&mut entry_none].into_iter(),

2520

                &usage_preemptive_dns

2521

),

2522

            empty

2523

);

2524

2525

        assert_isoleq!(

2526

            SupportedTunnelUsage::find_supported(

2527

                vec![&mut entry_none, &mut entry_web].into_iter(),

2528

                &usage_preemptive_web

2529

),

2530

            empty

2531

);

2532

2533

        assert_isoleq!(

2534

            SupportedTunnelUsage::find_supported(

2535

                vec![&mut entry_none, &mut entry_web].into_iter(),

2536

                &usage_preemptive_dns

2537

),

2538

            vec![&mut entry_none_c, &mut entry_web_c]

2539

);

2540

2541

        assert_isoleq!(

2542

            SupportedTunnelUsage::find_supported(

2543

                vec![&mut entry_none, &mut entry_web, &mut entry_full].into_iter(),

2544

                &usage_preemptive_web

2545

),

2546

            vec![&mut entry_web_c, &mut entry_full_c]

2547

);

2548

2549

2550

    #[test]

2551

    fn test_circlist_preemptive_target_circs() {

2552

        MockRuntime::test_with_various(|rt| async move {

2553

            #[allow(deprecated)] // TODO #1885

2554

            let rt = MockSleepRuntime::new(rt);

2555

            let netdir = testnet::construct_netdir().unwrap_if_sufficient().unwrap();

2556

            let dirinfo = DirInfo::Directory(&netdir);

2557

2558

            let builder = make_builder(&rt);

2559

2560

            for circs in [2, 8].iter() {

2561

                let mut circlist = TunnelList::<FakeBuilder<MockRuntime>, MockRuntime>::new();

2562

2563

                let preemptive_target = TargetTunnelUsage::Preemptive {

2564

                    port: Some(TargetPort::ipv4(80)),

2565

                    circs: *circs,

2566

                    require_stability: false,

2567

};

2568

2569

                for _ in 0..*circs {

2570

                    assert!(circlist.find_open(&preemptive_target).is_none());

2571

2572

                    let usage = TargetTunnelUsage::new_from_ipv4_ports(&[80]);

2573

                    let (plan, _) = builder.plan_tunnel(&usage, dirinfo).unwrap();

2574

                    let (spec, circ) = rt.wait_for(builder.build_tunnel(plan)).await.unwrap();

2575

                    let entry = OpenEntry::new(

2576

                        spec,

2577

                        circ,

2578

                        ExpirationInfo::new(rt.now() + Duration::from_secs(60)),

2579

);

2580

                    circlist.add_open(entry);

2581

2582

2583

                assert!(circlist.find_open(&preemptive_target).is_some());

2584

2585

});

2586

2587