Still quiet here for the last couple of weeks. I've been moving ahead on circuit timeout inference, and reviewing _lots_ of volunteer-submitted code (and job applications).
The quiet part is coming to an end: Two of the engineers who have been on vacation or leave are back, and we're all trying to ramp up. We're also hoping to be scheduling interviews with prospective co-workers soon, so that's taking up some of our time.. but once it's done, it should accelerate our pace a bit. ## Circuit timeout inference logic I had hoped to be done with this by now, but it turns out that this code touches on several key architectural issues that we'll want to make sure we get right in the future. I'll touch on them a bit here. ### Persistent state The Tor protocol requires clients to keep persistent state across invocations in order to achieve good performance and privacy. Two notable cases of this are in the circuit management code: client need to remember circuit timeout data, and need to remember guard selection data. The C Tor client records these items in the same ad-hoc format used by Tor's configuration code. But for Rust, using serde seems like a better fit. I want to maintain the feature that Arti has now where you can run multiple processes with the same state directory. That could get tricky in the long run, but I think it's a design feature we need if we're going to keep Arti flexible enough for general use. My first implementation here is going to be bare-bones, but I'm trying to design it to grow and get replaced down the line. ### Inter-module event notification Frequently one module needs to notify another when some event occurs. In the circuit-timeout case, we need to notify the circuit manager whenever the network parameters have changed. We don't want to have the circuit manager probing the directory manager, since that's a higher-level module. And we don't want it probing the `NetDir` object it gets whenever it's time to build a circuit, since that would be a weird side-effect. The best I've been able to come up with for now is to allow the directory manager to expose a `Stream` of events for directory changes, and to have the `TorClient` object use events from that stream to alert the circuit manager to possibly changed network parameters. I think this should scale to other kinds of inter-module events in the future, though I do have a slight concern that it makes `TorClient` harder to reproduce with lower-level crates than it would be otherwise. (There's probably no avoiding that at this stage, though.) ### Non-user-initiated background tasks The circuit timeout code sometimes needs to build testing circuits in order to gather data, and the guard code does too. If we code this in a sloppy way, we'll wind up with three separate systems that all build circuits for different reasons at different times. With any luck, we can summarize the triggers from all of these circuit types into a single system. ## Coming up We've been working on refinements to the API in `arti-tor-client` to try to simplify the API as much as possible while still exposing the full back-end functionality. Everybody should expect a lot of unstability here. I am still hoping very much that the next time I write one of these reports, we'll be done with circuit timeout inference, and I can talk about API work and early progress on guards! :) _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev