From 56d3119581fc87cc096b9832de4aa1cd8ea1dc18 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Sat, 21 Jul 2007 23:40:55 +0000 Subject: Directory authorities now call routers Fast if their bandwidth is at least 100KB/s, and consider their bandwidth adequate to be a Guard if it is at least 250KB/s. This fix complements proposal 107. [Bugfix on 0.1.2.x] svn:r10897 --- ChangeLog | 8 +++++++- doc/spec/dir-spec.txt | 12 ++++++------ src/or/dirserv.c | 21 +++++++++++++++------ 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index e6e2a5336..0ff5a21f2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,12 @@ Changes in version 0.2.0.3-alpha - 2007-??-?? o Deprecated features: - RedirectExits is now deprecated. + o Security fixes: + - Directory authorities now call routers Fast if their bandwidth is + at least 100KB/s, and consider their bandwidth adequate to be a + Guard if it is at least 250KB/s. This fix complements proposal + 107. [Bugfix on 0.1.2.x] + o Major bugfixes (directory): - Fix a crash bug when router descriptors end at a 4096-byte boundary on disk. [Bugfix on 0.1.2.x] @@ -191,7 +197,7 @@ Changes in version 0.2.0.1-alpha - 2007-06-01 Add a standalone tool to generate key certificates. (Proposal 103.) o Security fixes: - - Directory authorities now call routers stable if they have an + - Directory authorities now call routers Stable if they have an uptime of at least 30 days, even if that's not the median uptime in the network. Implements proposal 107, suggested by Kevin Bauer and Damon McCoy. diff --git a/doc/spec/dir-spec.txt b/doc/spec/dir-spec.txt index 2f6689fc3..6ca7dcf7b 100644 --- a/doc/spec/dir-spec.txt +++ b/doc/spec/dir-spec.txt @@ -938,19 +938,19 @@ $Id$ it successfully within the last 30 minutes. "Stable" -- A router is 'Stable' if it is active, and either its - uptime is at least the median uptime for known active routers, or + uptime is at least the median uptime for known active routers or its uptime is at least 30 days. Routers are never called stable if they are running a version of Tor known to drop circuits stupidly. (0.1.1.10-alpha through 0.1.1.16-rc are stupid this way.) "Fast" -- A router is 'Fast' if it is active, and its bandwidth is - in the top 7/8ths for known active routers. + either in the top 7/8ths for known active routers or at least 100KB/s. "Guard" -- A router is a possible 'Guard' if it is 'Stable' and its - bandwidth is above median for known active routers. If the total - bandwidth of active non-BadExit Exit servers is less than one third - of the total bandwidth of all active servers, no Exit is listed as - a Guard. + bandwidth is either above median for known active routers or at least + 250KB/s. If the total bandwidth of active non-BadExit Exit servers + is less than one third of the total bandwidth of all active servers, + no Exit is listed as a Guard. "Authority" -- A router is called an 'Authority' if the authority generating the network-status document believes it is an authority. diff --git a/src/or/dirserv.c b/src/or/dirserv.c index ae4c93218..546873bf3 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1437,6 +1437,12 @@ should_generate_v2_networkstatus(void) * network using allegedly high-uptime nodes, displacing all the * current guards. */ #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30) +/** Similarly, we protect sufficiently fast nodes from being pushed + * out of the set of Fast nodes. */ +#define BANDWIDTH_TO_GUARANTEE_FAST (100*1024) +/** Similarly, every node with sufficient bandwidth can be considered + * for Guard status. */ +#define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024) /* Thresholds for server performance: set by * dirserv_compute_performance_thresholds, and used by @@ -1475,9 +1481,11 @@ dirserv_thinks_router_is_unreliable(time_t now, (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE) return 1; } - if (need_capacity && - router_get_advertised_bandwidth(router) < fast_bandwidth) - return 1; + if (need_capacity) { + uint32_t bw = router_get_advertised_bandwidth(router); + if (bw < fast_bandwidth && bw < BANDWIDTH_TO_GUARANTEE_FAST) + return 1; + } return 0; } @@ -1710,9 +1718,10 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->is_valid = ri->is_valid; rs->is_possible_guard = rs->is_fast && rs->is_stable && (!rs->is_exit || exits_can_be_guards) && - router_get_advertised_bandwidth(ri) >= - (exits_can_be_guards ? guard_bandwidth_including_exits : - guard_bandwidth_excluding_exits); + (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD || + router_get_advertised_bandwidth(ri) >= + (exits_can_be_guards ? guard_bandwidth_including_exits : + guard_bandwidth_excluding_exits)); rs->is_bad_exit = listbadexits && ri->is_bad_exit; /* 0.1.1.9-alpha is the first version to support fetch by descriptor * hash. */ -- cgit v1.2.3