[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r10897: Directory authorities now call routers Fast if their bandwid (in tor/trunk: . doc/spec src/or)
Author: arma
Date: 2007-07-21 19:40:55 -0400 (Sat, 21 Jul 2007)
New Revision: 10897
Modified:
tor/trunk/ChangeLog
tor/trunk/doc/spec/dir-spec.txt
tor/trunk/src/or/dirserv.c
Log:
Directory authorities now call routers Fast if their bandwidth is
at least 100KB/s, and consider their bandwidth adequate to be a
Guard if it is at least 250KB/s. This fix complements proposal
107. [Bugfix on 0.1.2.x]
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-07-21 22:04:18 UTC (rev 10896)
+++ tor/trunk/ChangeLog 2007-07-21 23:40:55 UTC (rev 10897)
@@ -47,6 +47,12 @@
o Deprecated features:
- RedirectExits is now deprecated.
+ o Security fixes:
+ - Directory authorities now call routers Fast if their bandwidth is
+ at least 100KB/s, and consider their bandwidth adequate to be a
+ Guard if it is at least 250KB/s. This fix complements proposal
+ 107. [Bugfix on 0.1.2.x]
+
o Major bugfixes (directory):
- Fix a crash bug when router descriptors end at a 4096-byte boundary
on disk. [Bugfix on 0.1.2.x]
@@ -191,7 +197,7 @@
Add a standalone tool to generate key certificates. (Proposal 103.)
o Security fixes:
- - Directory authorities now call routers stable if they have an
+ - Directory authorities now call routers Stable if they have an
uptime of at least 30 days, even if that's not the median uptime
in the network. Implements proposal 107, suggested by Kevin Bauer
and Damon McCoy.
Modified: tor/trunk/doc/spec/dir-spec.txt
===================================================================
--- tor/trunk/doc/spec/dir-spec.txt 2007-07-21 22:04:18 UTC (rev 10896)
+++ tor/trunk/doc/spec/dir-spec.txt 2007-07-21 23:40:55 UTC (rev 10897)
@@ -938,19 +938,19 @@
it successfully within the last 30 minutes.
"Stable" -- A router is 'Stable' if it is active, and either its
- uptime is at least the median uptime for known active routers, or
+ uptime is at least the median uptime for known active routers or
its uptime is at least 30 days. Routers are never called stable if
they are running a version of Tor known to drop circuits stupidly.
(0.1.1.10-alpha through 0.1.1.16-rc are stupid this way.)
"Fast" -- A router is 'Fast' if it is active, and its bandwidth is
- in the top 7/8ths for known active routers.
+ either in the top 7/8ths for known active routers or at least 100KB/s.
"Guard" -- A router is a possible 'Guard' if it is 'Stable' and its
- bandwidth is above median for known active routers. If the total
- bandwidth of active non-BadExit Exit servers is less than one third
- of the total bandwidth of all active servers, no Exit is listed as
- a Guard.
+ bandwidth is either above median for known active routers or at least
+ 250KB/s. If the total bandwidth of active non-BadExit Exit servers
+ is less than one third of the total bandwidth of all active servers,
+ no Exit is listed as a Guard.
"Authority" -- A router is called an 'Authority' if the authority
generating the network-status document believes it is an authority.
Modified: tor/trunk/src/or/dirserv.c
===================================================================
--- tor/trunk/src/or/dirserv.c 2007-07-21 22:04:18 UTC (rev 10896)
+++ tor/trunk/src/or/dirserv.c 2007-07-21 23:40:55 UTC (rev 10897)
@@ -1437,6 +1437,12 @@
* network using allegedly high-uptime nodes, displacing all the
* current guards. */
#define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
+/** Similarly, we protect sufficiently fast nodes from being pushed
+ * out of the set of Fast nodes. */
+#define BANDWIDTH_TO_GUARANTEE_FAST (100*1024)
+/** Similarly, every node with sufficient bandwidth can be considered
+ * for Guard status. */
+#define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
/* Thresholds for server performance: set by
* dirserv_compute_performance_thresholds, and used by
@@ -1475,9 +1481,11 @@
(unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
return 1;
}
- if (need_capacity &&
- router_get_advertised_bandwidth(router) < fast_bandwidth)
- return 1;
+ if (need_capacity) {
+ uint32_t bw = router_get_advertised_bandwidth(router);
+ if (bw < fast_bandwidth && bw < BANDWIDTH_TO_GUARANTEE_FAST)
+ return 1;
+ }
return 0;
}
@@ -1710,9 +1718,10 @@
rs->is_valid = ri->is_valid;
rs->is_possible_guard = rs->is_fast && rs->is_stable &&
(!rs->is_exit || exits_can_be_guards) &&
- router_get_advertised_bandwidth(ri) >=
- (exits_can_be_guards ? guard_bandwidth_including_exits :
- guard_bandwidth_excluding_exits);
+ (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
+ router_get_advertised_bandwidth(ri) >=
+ (exits_can_be_guards ? guard_bandwidth_including_exits :
+ guard_bandwidth_excluding_exits));
rs->is_bad_exit = listbadexits && ri->is_bad_exit;
/* 0.1.1.9-alpha is the first version to support fetch by descriptor
* hash. */