| blob | 7dc9dbafddf15ef5f55ec688a9b47d6bba3e819f |
1 /* Copyright (c) 2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file congestion_control_common.c
6 * \brief Common code used by all congestion control algorithms.
7 */
9 #define TOR_CONGESTION_CONTROL_COMMON_PRIVATE
10 #define TOR_CONGESTION_CONTROL_PRIVATE
36 /* Consensus parameter defaults.
37 *
38 * More details for each of the parameters can be found in proposal 324,
39 * section 6.5 including tuning notes. */
40 #define SENDME_INC_DFLT (TLS_RECORD_MAX_CELLS)
41 #define CIRCWINDOW_INIT (4*SENDME_INC_DFLT)
43 #define CC_ALG_DFLT (CC_ALG_VEGAS)
44 #define CC_ALG_DFLT_ALWAYS (CC_ALG_VEGAS)
46 #define CWND_INC_DFLT (1)
47 #define CWND_INC_PCT_SS_DFLT (100)
48 #define CWND_INC_RATE_DFLT (SENDME_INC_DFLT)
50 #define CWND_MIN_DFLT (CIRCWINDOW_INIT)
51 #define CWND_MAX_DFLT (INT32_MAX)
53 #define BWE_SENDME_MIN_DFLT (5)
55 #define N_EWMA_CWND_PCT_DFLT (50)
56 #define N_EWMA_MAX_DFLT (10)
57 #define N_EWMA_SS_DFLT (2)
59 #define RTT_RESET_PCT_DFLT (100)
61 /* BDP algorithms for each congestion control algorithms use the piecewise
62 * estimattor. See section 3.1.4 of proposal 324. */
63 #define WESTWOOD_BDP_ALG BDP_ALG_PIECEWISE
64 #define VEGAS_BDP_MIX_ALG BDP_ALG_PIECEWISE
65 #define NOLA_BDP_ALG BDP_ALG_PIECEWISE
67 /* Indicate OR connection buffer limitations used to stop or start accepting
68 * cells in its outbuf.
69 *
70 * These watermarks are historical to tor in a sense that they've been used
71 * almost from the genesis point. And were likely defined to fit the bounds of
72 * TLS records of 16KB which would be around 32 cells.
73 *
74 * These are defaults of the consensus parameter "orconn_high" and "orconn_low"
75 * values. */
76 #define OR_CONN_HIGHWATER_DFLT (32*1024)
77 #define OR_CONN_LOWWATER_DFLT (16*1024)
79 /* Low and high values of circuit cell queue sizes. They are used to tell when
80 * to start or stop reading on the streams attached on the circuit.
81 *
82 * These are defaults of the consensus parameters "cellq_high" and "cellq_low".
83 */
84 #define CELL_QUEUE_LOW_DFLT (10)
85 #define CELL_QUEUE_HIGH_DFLT (256)
90 /* Number of times the RTT value was reset. For MetricsPort. */
93 /* Number of times the clock was stalled. For MetricsPort. */
96 /* Consensus parameters cached. The non static ones are extern. */
105 /**
106 * Number of cwnd worth of sendme acks to smooth RTT and BDP with,
107 * using N_EWMA */
110 /**
111 * Maximum number N for the N-count EWMA averaging of RTT and BDP.
112 */
115 /**
116 * Maximum number N for the N-count EWMA averaging of RTT in Slow Start.
117 */
120 /**
121 * Minimum number of sendmes before we begin BDP estimates
122 */
125 /**
126 * Percentage of the current RTT to use when resetting the minimum RTT
127 * for a circuit. (RTT is reset when the cwnd hits cwnd_min).
128 */
131 /** Metric to count the number of congestion control circuits **/
134 /** Return the number of RTT reset that have been done. */
135 uint64_t
137 {
139 }
141 /** Return the number of clock stalls that have been done. */
142 uint64_t
144 {
146 }
148 /**
149 * Update global congestion control related consensus parameter values,
150 * every consensus update.
151 */
152 void
154 {
155 #define CELL_QUEUE_HIGH_MIN (1)
156 #define CELL_QUEUE_HIGH_MAX (1000)
158 CELL_QUEUE_HIGH_DFLT,
159 CELL_QUEUE_HIGH_MIN,
160 CELL_QUEUE_HIGH_MAX);
162 #define CELL_QUEUE_LOW_MIN (1)
163 #define CELL_QUEUE_LOW_MAX (1000)
165 CELL_QUEUE_LOW_DFLT,
166 CELL_QUEUE_LOW_MIN,
167 CELL_QUEUE_LOW_MAX);
169 #define OR_CONN_HIGHWATER_MIN (CELL_PAYLOAD_SIZE)
170 #define OR_CONN_HIGHWATER_MAX (INT32_MAX)
171 or_conn_highwater =
173 OR_CONN_HIGHWATER_DFLT,
174 OR_CONN_HIGHWATER_MIN,
175 OR_CONN_HIGHWATER_MAX);
177 #define OR_CONN_LOWWATER_MIN (CELL_PAYLOAD_SIZE)
178 #define OR_CONN_LOWWATER_MAX (INT32_MAX)
179 or_conn_lowwater =
181 OR_CONN_LOWWATER_DFLT,
182 OR_CONN_LOWWATER_MIN,
183 OR_CONN_LOWWATER_MAX);
185 #define CWND_MAX_MIN 500
186 #define CWND_MAX_MAX (INT32_MAX)
187 cwnd_max =
189 CWND_MAX_DFLT,
190 CWND_MAX_MIN,
191 CWND_MAX_MAX);
193 #define RTT_RESET_PCT_MIN (0)
194 #define RTT_RESET_PCT_MAX (100)
195 rtt_reset_pct =
197 RTT_RESET_PCT_DFLT,
198 RTT_RESET_PCT_MIN,
199 RTT_RESET_PCT_MAX);
201 #define SENDME_INC_MIN 1
202 #define SENDME_INC_MAX (254)
203 cc_sendme_inc =
205 SENDME_INC_DFLT,
206 SENDME_INC_MIN,
207 SENDME_INC_MAX);
209 #define CC_ALG_MIN 0
210 #define CC_ALG_MAX (NUM_CC_ALGS-1)
211 cc_alg =
213 CC_ALG_DFLT,
214 CC_ALG_MIN,
215 CC_ALG_MAX);
217 // Does not need rate limiting because consensus updates
218 // are at most 1x/hour
220 cc_alg);
222 }
224 #define BWE_SENDME_MIN_MIN 2
225 #define BWE_SENDME_MIN_MAX (20)
226 bwe_sendme_min =
228 BWE_SENDME_MIN_DFLT,
229 BWE_SENDME_MIN_MIN,
230 BWE_SENDME_MIN_MAX);
232 #define N_EWMA_CWND_PCT_MIN 1
233 #define N_EWMA_CWND_PCT_MAX (255)
234 n_ewma_cwnd_pct =
236 N_EWMA_CWND_PCT_DFLT,
237 N_EWMA_CWND_PCT_MIN,
238 N_EWMA_CWND_PCT_MAX);
240 #define N_EWMA_MAX_MIN 2
241 #define N_EWMA_MAX_MAX (INT32_MAX)
242 n_ewma_max =
244 N_EWMA_MAX_DFLT,
245 N_EWMA_MAX_MIN,
246 N_EWMA_MAX_MAX);
248 #define N_EWMA_SS_MIN 2
249 #define N_EWMA_SS_MAX (INT32_MAX)
250 n_ewma_ss =
252 N_EWMA_SS_DFLT,
253 N_EWMA_SS_MIN,
254 N_EWMA_SS_MAX);
255 }
257 /**
258 * Set congestion control parameters on a circuit's congestion
259 * control object based on values from the consensus.
260 *
261 * cc_alg is the negotiated congestion control algorithm.
262 *
263 * sendme_inc is the number of packaged cells that a sendme cell
264 * acks. This parameter will come from circuit negotiation.
265 */
266 static void
269 cc_path_t path)
270 {
274 #define CWND_INIT_MIN SENDME_INC_DFLT
275 #define CWND_INIT_MAX (10000)
278 CIRCWINDOW_INIT,
279 CWND_INIT_MIN,
280 CWND_INIT_MAX);
282 #define CWND_INC_PCT_SS_MIN 1
283 #define CWND_INC_PCT_SS_MAX (500)
286 CWND_INC_PCT_SS_DFLT,
287 CWND_INC_PCT_SS_MIN,
288 CWND_INC_PCT_SS_MAX);
290 #define CWND_INC_MIN 1
291 #define CWND_INC_MAX (1000)
294 CWND_INC_DFLT,
295 CWND_INC_MIN,
296 CWND_INC_MAX);
298 #define CWND_INC_RATE_MIN 1
299 #define CWND_INC_RATE_MAX (250)
302 CWND_INC_RATE_DFLT,
303 CWND_INC_RATE_MIN,
304 CWND_INC_RATE_MAX);
306 #define CWND_MIN_MIN SENDME_INC_DFLT
307 #define CWND_MIN_MAX (1000)
310 CWND_MIN_DFLT,
311 CWND_MIN_MIN,
312 CWND_MIN_MAX);
314 /* If the consensus says to use OG sendme, but torrc has
315 * always-enabled, use the default "always" alg (vegas),
316 * else use cached conensus alg. */
321 }
323 /* Algorithm-specific parameters */
327 // This should not happen anymore
330 }
331 }
333 /** Returns true if congestion control is enabled in the most recent
334 * consensus, or if __AlwaysCongestionControl is set to true.
335 *
336 * Note that this function (and many many other functions) should not
337 * be called from the CPU worker threads when handling congestion
338 * control negotiation. Relevant values are marshaled into the
339 * `circuit_params_t` struct, in order to be used in worker threads
340 * without touching global state. Use those values in CPU worker
341 * threads, instead of calling this function.
342 *
343 * The danger is still present, in your time, as it was in ours.
344 */
345 bool
347 {
354 /* If the user has set "__AlwaysCongesttionControl",
355 * then always try to negotiate congestion control, regardless
356 * of consensus param. This is to be used for testing and sbws.
357 *
358 * Note that we do *not* allow disabling congestion control
359 * if the consensus says to use it, as this is bad for queueing
360 * and fairness. */
365 }
367 #ifdef TOR_UNIT_TESTS
368 /**
369 * For unit tests only: set the cached consensus cc alg to
370 * specified value.
371 */
372 void
374 {
376 }
378 /**
379 * For unit tests only: set the cached consensus cc alg to
380 * specified value.
381 */
382 void
384 {
386 }
387 #endif
389 /**
390 * Allocate and initialize fields in congestion control object.
391 *
392 * cc_alg is the negotiated congestion control algorithm.
393 *
394 * sendme_inc is the number of packaged cells that a sendme cell
395 * acks. This parameter will come from circuit negotiation.
396 */
397 static void
400 cc_path_t path)
401 {
408 }
410 /** Allocate and initialize a new congestion control object */
411 congestion_control_t *
413 {
418 cc_stats_circs_created++;
421 }
423 /**
424 * Free a congestion control object and its associated state.
425 */
426 void
428 {
436 }
438 /**
439 * Enqueue a u64 timestamp to the end of a queue of timestamps.
440 */
443 {
448 }
450 /**
451 * Dequeue a u64 monotime usec timestamp from the front of a
452 * smartlist of pointers to 64.
453 */
456 {
463 }
470 }
472 /**
473 * Returns the number N of N-count EWMA, for averaging RTT and BDP over
474 * N SENDME acks.
475 *
476 * This N is bracketed between a divisor of the number of acks in a CWND
477 * and a max value. It is always at least 2.
478 */
481 {
485 /* In slow-start, we check the Vegas condition every sendme,
486 * so much lower ewma counts are needed. */
489 /* After slow-start, we check the Vegas condition only once per
490 * CWND, so it is better to average over longer periods. */
492 n_ewma_max);
493 }
496 }
498 /**
499 * Get a package window from either old sendme logic, or congestion control.
500 *
501 * A package window is how many cells you can still send.
502 */
503 int
506 {
518 }
523 /* Inflight can be above cwnd if cwnd was just reduced */
526 /* In the extremely unlikely event that cwnd-inflight is larger than
527 * INT32_MAX, just return that cap, so old code doesn't explode. */
530 else
532 }
533 }
535 /**
536 * Returns the number of cells that are acked by every sendme.
537 */
538 int
540 {
548 }
552 }
555 }
557 /** Return true iff the next cell we send will result in the other endpoint
558 * sending a SENDME.
559 *
560 * We are able to know that because the package or inflight window value minus
561 * one cell (the possible SENDME cell) should be a multiple of the
562 * cells-per-sendme increment value (set via consensus parameter, negotiated
563 * for the circuit, and passed in as sendme_inc).
564 *
565 * This function is used when recording a cell digest and this is done quite
566 * low in the stack when decrypting or encrypting a cell. The window is only
567 * updated once the cell is actually put in the outbuf.
568 */
569 bool
572 {
584 }
586 /* If we are using congestion control and the alg is not
587 * old-school 'fixed', then use cc->inflight to determine
588 * when sendmes will be sent */
593 /* This check must be +1 because this function is called *before*
594 * inflight is incremented for the sent cell */
599 }
601 /* At the start of the window, no SENDME will be expected. */
604 }
606 /* Are we at the limit of the increment and if not, we don't expect next
607 * cell is a SENDME.
608 *
609 * We test against the window minus 1 because when we are looking if the
610 * next cell is a SENDME, the window (either package or deliver) hasn't been
611 * decremented just yet so when this is called, we are currently processing
612 * the "window - 1" cell.
613 */
616 }
618 /* Next cell is expected to be a SENDME. */
620 }
622 /**
623 * Call-in to tell congestion control code that this circuit sent a cell.
624 *
625 * This updates the 'inflight' counter, and if this is a cell that will
626 * cause the other end to send a SENDME, record the current time in a list
627 * of pending timestamps, so that we can later compute the circuit RTT when
628 * the SENDME comes back. */
629 void
633 {
637 /* Is this the last cell before a SENDME? The idea is that if the
638 * package_window reaches a multiple of the increment, after this cell, we
639 * should expect a SENDME. Note that this function must be called *before*
640 * we account for the sent cell. */
644 }
648 /* Record this cell time for RTT computation when SENDME arrives */
651 }
653 /**
654 * Upon receipt of a SENDME, pop the oldest timestamp off the timestamp
655 * list, and use this to update RTT.
656 *
657 * Returns true if circuit estimates were successfully updated, false
658 * otherwise.
659 */
660 bool
663 {
666 /* Update RTT first, then BDP. BDP needs fresh RTT */
669 }
671 /**
672 * Returns true if we have enough time data to use heuristics
673 * to compare RTT to a baseline.
674 */
675 static bool
677 {
678 /* If we have exited slow start and also have an EWMA RTT, we
679 * should have processed at least a cwnd worth of RTTs */
682 }
684 /* Not enough data to estimate clock jumps */
686 }
690 /**
691 * Returns true if the monotime delta is 0, or is significantly
692 * different than the previous delta. Either case indicates
693 * that the monotime time source stalled or jumped.
694 *
695 * Also caches the clock state in the is_monotime_clock_broken flag,
696 * so we can also provide a is_monotime_clock_reliable() function,
697 * used by flow control rate timing.
698 */
699 STATIC bool
702 {
703 #define DELTA_DISCREPENCY_RATIO_MAX 5000
704 /* If we have a 0 new_delta, that is definitely a monotime stall */
712 }
714 /*
715 * For the heuristic cases, we need at least a few timestamps,
716 * to average out any previous partial stalls or jumps. So until
717 * that point, let's just assume its OK.
718 */
721 }
723 /* If old_delta is significantly larger than new_delta, then
724 * this means that the monotime clock could have recently
725 * stopped moving forward. However, use the cache for this
726 * value, because it may also be caused by network activity,
727 * or by a previous clock jump that was not detected.
728 *
729 * So if we have not gotten a 0-delta recently, we will
730 * still allow this new low RTT, but just yell about it. */
739 }
741 /* If new_delta is significantly larger than old_delta, then
742 * this means that the monotime clock suddenly jumped forward.
743 * However, do not cache this value, because it may also be caused
744 * by network activity.
745 */
754 }
756 /* All good! Update cached status, too */
760 }
762 /**
763 * Is the monotime clock stalled according to any circuits?
764 */
765 bool
767 {
769 }
771 /**
772 * Called when we get a SENDME. Updates circuit RTT by pulling off a
773 * timestamp of when we sent the CIRCWINDOW_INCREMENT-th cell from
774 * the queue of such timestamps, and comparing that to current time.
775 *
776 * Also updates min, max, and EWMA of RTT.
777 *
778 * Returns the current circuit RTT in usecs, or 0 if it could not be
779 * measured (due to clock jump, stall, etc).
780 */
781 STATIC uint64_t
784 {
790 /* Get the time that we sent the cell that resulted in the other
791 * end sending this sendme. Use this to calculate RTT */
796 /* Do not update RTT at all if it looks fishy */
800 }
808 }
811 // If we do not have a min_rtt yet, use current ewma
814 // Raise min rtt if cwnd hit cwnd_min. This gets us out of a wedge state
815 // if we hit cwnd_min due to an abnormally low rtt.
817 rtt_reset_pct);
827 // Using the EWMA for min instead of current RTT helps average out
828 // effects from other conns
830 }
833 }
835 /**
836 * Called when we get a SENDME. Updates the bandwidth-delay-product (BDP)
837 * estimates of a circuit. Several methods of computing BDP are used,
838 * depending on scenario. While some congestion control algorithms only
839 * use one of these methods, we update them all because it's quick and easy.
840 *
841 * - now_usec is the current monotime in usecs.
842 * - curr_rtt_usec is the current circuit RTT in usecs. It may be 0 if no
843 * RTT could bemeasured.
844 *
845 * Returns true if we were able to update BDP, false otherwise.
846 */
847 static bool
851 {
858 /* origin circs use n_chan */
862 /* Both onion services and exits use or_circuit and p_chan */
865 }
867 /* If we have no EWMA RTT, it is because monotime has been stalled
868 * or messed up the entire time so far. Set our BDP estimates directly
869 * to current cwnd */
875 /* If the channel is blocked, keep subtracting off the chan_q
876 * until we hit the min cwnd. */
878 /* Cast is fine because we're less than int32 */
885 }
889 }
895 "Our clock has been stalled for the entire lifetime of a circuit. "
899 }
901 /* Congestion window based BDP will respond to changes in RTT only, and is
902 * relative to cwnd growth. It is useful for correcting for BDP
903 * overestimation, but if BDP is higher than the current cwnd, it will
904 * underestimate it.
905 *
906 * We multiply here first to avoid precision issues from min_RTT being
907 * close to ewma RTT. Since all fields are u64, there is plenty of
908 * room here to multiply first.
909 */
912 /* The orconn is blocked; use smaller of inflight vs SENDME */
915 chan_q);
917 /* A blocked channel is an immediate congestion signal, but it still
918 * happens only once per cwnd */
922 }
924 /* If we were previously blocked, emit a new congestion event
925 * now that we are unblocked, to re-evaluate cwnd */
930 chan_q);
931 }
932 }
937 "CC: Circuit %d "
958 }
959 }
961 /* We updated BDP this round if either we had a blocked channel, or
962 * the curr_rtt_usec was not 0. */
966 }
968 }
970 /**
971 * Dispatch the sendme to the appropriate congestion control algorithm.
972 */
973 int
976 {
988 }
990 /* If we have a non-zero RTT measurement, update conflux. */
995 }
997 /**
998 * Build an extension field request to negotiate congestion control.
999 *
1000 * If congestion control is enabled, field TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST
1001 * is created in msg_out. It is a single 0-length field that signifies that we
1002 * want to use congestion control. The length of msg_out is provided via
1003 * msg_len_out.
1004 *
1005 * If congestion control is not enabled, a payload with 0 extensions is created
1006 * and returned.
1007 *
1008 * If there is a failure building the request, -1 is returned, else 0.
1009 *
1010 * *msg_out must be freed if the return value is 0.
1011 */
1012 int
1014 {
1021 /* With congestion control enabled, add the request, else it is an empty
1022 * request in the payload. */
1025 /* Build the extension field that will hold the CC field. */
1028 TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST);
1030 /* No payload indicating a request to use congestion control. */
1033 /* Build final extension. */
1036 }
1038 /* Encode extension. */
1042 }
1049 }
1053 /* Free everything, we've encoded the request now. */
1056 err:
1059 }
1061 /**
1062 * Parse a congestion control ntorv3 request payload for extensions.
1063 *
1064 * On parsing failure, -1 is returned.
1065 *
1066 * If congestion control request is present, return 1. If it is not present,
1067 * return 0.
1068 *
1069 * WARNING: Called from CPU worker! Must not access any global state.
1070 */
1071 int
1073 {
1078 /* Parse extension from payload. */
1082 }
1084 /* No extension implies no support for congestion control. In this case, we
1085 * simply return 0 to indicate CC is disabled. */
1089 }
1091 /* Go over all fields. If any field is TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST,
1092 * then congestion control is enabled. Ignore unknown fields. */
1098 }
1100 /* For congestion control to be enabled, we only need the field type. */
1102 TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST) {
1105 }
1106 }
1108 end:
1111 }
1113 /**
1114 * Given our observed parameters for circuits and congestion control,
1115 * as well as the parameters for the resulting circuit, build a response
1116 * payload using extension fields into *msg_out, with length specified in
1117 * *msg_out_len.
1118 *
1119 * If congestion control will be enabled, the extension field for
1120 * TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE will contain the sendme_inc value.
1121 *
1122 * If congestion control won't be enabled, an extension payload with 0
1123 * fields will be created.
1124 *
1125 * Return 0 if an extension payload was created in *msg_out, and -1 on
1126 * error.
1127 *
1128 * *msg_out must be freed if the return value is 0.
1129 *
1130 * WARNING: Called from CPU worker! Must not access any global state.
1131 */
1132 int
1136 {
1137 ssize_t ret;
1151 /* Build the extension field that will hold the CC field. */
1154 TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE);
1156 /* Build the congestion control field response. */
1165 }
1176 }
1178 /* Build final extension. */
1181 }
1183 /* Encode extension. */
1187 }
1194 }
1198 /* We've just encoded the extension, clean everything. */
1201 err:
1205 }
1207 /** Return true iff the given sendme increment is within the acceptable
1208 * margins. */
1209 bool
1211 {
1212 /* We will only accept this response (and this circuit) if sendme_inc
1213 * is within +/- 1 of the current consensus value. We should not need
1214 * to change cc_sendme_inc much, and if we do, we can spread out those
1215 * changes over smaller increments once every 4 hours. Exits that
1216 * violate this range should just not be used. */
1224 }
1226 }
1228 /** Return 1 if CC is enabled which also will set the SENDME increment into our
1229 * params_out. Return 0 if CC is disabled. Else, return -1 on error. */
1230 int
1234 {
1240 /* We will only accept this response (and this circuit) if sendme_inc
1241 * is within a factor of 2 of our consensus value. We should not need
1242 * to change cc_sendme_inc much, and if we do, we can spread out those
1243 * changes over smaller increments once every 4 hours. Exits that
1244 * violate this range should just not be used. */
1245 #define MAX_SENDME_INC_NEGOTIATE_FACTOR 2
1247 /* Parse extension from payload. */
1251 }
1256 }
1258 /* Go over all fields. If any field is TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE,
1259 * then congestion control is enabled. Ignore unknown fields. */
1265 }
1267 /* Only examine TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE; ignore other fields */
1269 TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE) {
1271 /* Parse the field into the congestion control field. */
1277 }
1284 }
1286 /* All good. Get value and break */
1290 }
1291 }
1293 end:
1298 }
1300 /**
1301 * Returns a formatted string of fields containing congestion
1302 * control information, for the CIRC_BW control port event.
1303 *
1304 * An origin circuit can have a ccontrol object directly on it,
1305 * if it is an onion service, or onion client. Exit-bound clients
1306 * will have the ccontrol on the cpath associated with their exit
1307 * (the last one in the cpath list).
1308 *
1309 * WARNING: This function does not support leaky-pipe topology. It
1310 * is to be used for control port information only.
1311 */
1314 {
1322 /* Get ccontrol for last hop (exit) if it exists */
1324 }
1337 }
1340 }