Skip to main content

Module state

tor_proto::stream::flow_ctrl::xon_xoff

Module state 

Source
Expand description

Circuit reactor’s stream XON/XOFF flow control.

§Notes on consensus parameters

§cc_xoff_client

This is the number of bytes that we buffer within a DataStream. The actual total number of bytes buffered can be much larger. For example there will be additional buffering:

  • Within the arti socks/http proxy: Arti’s proxy code needs to read some bytes from the stream, store it in a temporary buffer, then write the buffer to the socket. If the socket would block, the data would remain in that temporary buffer. In practice arti uses only a small byte buffer (APP_STREAM_BUF_LEN) at the time of writing, which is hopefully negligible. See arti::socks::copy_interactive().
  • Within the kernel: There are two additional buffers that will store stream data before the application connected over socks will see the data: Arti’s socket send buffer and the application’s socket receive buffer. If the application were to stop reading from its socket, stream data would accumulate first in the socket’s receive buffer. Once full, stream data would accumulate in arti’s socket’s send buffer. This can become relatively large, especially with buffer autotuning enabled. On a Linux 6.15 system with curl downloading a large file and stopping mid-download, the receive buffer was 6,116,738 bytes and the send buffer was 2,631,062 bytes. This sums to around 8.7 MB of stream data buffered in the kernel, which is significantly higher than the current consensus value of cc_xoff_client.

This means that the total number of bytes buffered before an XOFF is sent can be much larger than cc_xoff_client.

While we should take into account the kernel and arti socks buffering above, we also need to keep in mind that arti-client is a library that can be used by others. These library users might not do any kernel or socks buffering, for example if they write a rust program that handles the stream data entirely within their program. We don’t want to set cc_xoff_client too low that it harms the performance for these users, even if it’s fine for the arti socks proxy case.

Structs§

SidechannelMitigation 🔒
Sidechannel mitigations for DropMark attacks.
XonXoffFlowCtrl 🔒
State for XON/XOFF flow control.

Enums§

XonXoff 🔒
An XON or XOFF message with no associated data.
XonXoffMsg 🔒
An XON or XOFF message with associated data.