[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r9788: Directory authorities now call routers stable if they have a (in tor/trunk: . doc/spec src/or)
- To: or-cvs@xxxxxxxxxxxxx
- Subject: [or-cvs] r9788: Directory authorities now call routers stable if they have a (in tor/trunk: . doc/spec src/or)
- From: arma@xxxxxxxx
- Date: Sat, 10 Mar 2007 00:43:37 -0500 (EST)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Sat, 10 Mar 2007 00:43:50 -0500
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-cvs@xxxxxxxxxxxxx
Author: arma
Date: 2007-03-10 00:43:35 -0500 (Sat, 10 Mar 2007)
New Revision: 9788
Modified:
tor/trunk/ChangeLog
tor/trunk/doc/spec/dir-spec.txt
tor/trunk/src/or/dirserv.c
Log:
Directory authorities now call routers stable if they have an
uptime of at least 30 days, even if that's not the median uptime
in the network. Implements proposal 1xx, suggested by Kevin Bauer
and Damon McCoy.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-03-09 23:08:34 UTC (rev 9787)
+++ tor/trunk/ChangeLog 2007-03-10 05:43:35 UTC (rev 9788)
@@ -1,4 +1,10 @@
Changes in version 0.2.0.1-alpha - 2007-??-??
+ o Security fixes:
+ - Directory authorities now call routers stable if they have an
+ uptime of at least 30 days, even if that's not the median uptime
+ in the network. Implements proposal 1xx, suggested by Kevin Bauer
+ and Damon McCoy.
+
o Minor features (build):
- Make autoconf search for libevent and openssl consistently.
- Update deprecated macros in configure.in
Modified: tor/trunk/doc/spec/dir-spec.txt
===================================================================
--- tor/trunk/doc/spec/dir-spec.txt 2007-03-09 23:08:34 UTC (rev 9787)
+++ tor/trunk/doc/spec/dir-spec.txt 2007-03-10 05:43:35 UTC (rev 9788)
@@ -441,10 +441,12 @@
"Running" -- A router is 'Running' if the authority managed to connect to
it successfully within the last 30 minutes.
- "Stable" -- A router is 'Stable' if its uptime is above median for known
- running, valid routers, and it's running a version of Tor not known to
- drop circuits stupidly. (0.1.1.10-alpha through 0.1.1.16-rc are stupid
- this way.)
+ "Stable" -- A router is 'Stable' if it is running, valid, not
+ hibernating, and either its uptime is at least the median uptime for
+ known running, valid, non-hibernating routers, or its uptime is at
+ least 30 days. Routers are never called stable if they are running
+ a version of Tor known to drop circuits stupidly. (0.1.1.10-alpha
+ through 0.1.1.16-rc are stupid this way.)
"Fast" -- A router is 'Fast' if its bandwidth is in the top 7/8ths for
known running, valid routers.
Modified: tor/trunk/src/or/dirserv.c
===================================================================
--- tor/trunk/src/or/dirserv.c 2007-03-09 23:08:34 UTC (rev 9787)
+++ tor/trunk/src/or/dirserv.c 2007-03-10 05:43:35 UTC (rev 9788)
@@ -1364,6 +1364,13 @@
the_v2_networkstatus_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL);
}
+/** If a router's uptime is at least this value, then it is always
+ * considered stable, regardless of the rest of the network. This
+ * way we resist attacks where an attacker doubles the size of the
+ * network using allegedly high-uptime nodes, displacing all the
+ * current guards. */
+#define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
+
/* Thresholds for server performance: set by
* dirserv_compute_performance_thresholds, and used by
* generate_v2_networkstatus */
@@ -1395,9 +1402,12 @@
routerinfo_t *router,
int need_uptime, int need_capacity)
{
- if (need_uptime &&
- (unsigned)real_uptime(router, now) < stable_uptime)
- return 1;
+ if (need_uptime) {
+ int uptime = real_uptime(router, now);
+ if ((unsigned)uptime < stable_uptime &&
+ (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
+ return 1;
+ }
if (need_capacity &&
router_get_advertised_bandwidth(router) < fast_bandwidth)
return 1;