[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r9255: Add (and specify) a BadDirectory flag to networkstatuses, so (in tor/trunk: . doc src/or)
- To: or-cvs@xxxxxxxxxxxxx
- Subject: [or-cvs] r9255: Add (and specify) a BadDirectory flag to networkstatuses, so (in tor/trunk: . doc src/or)
- From: nickm@xxxxxxxx
- Date: Wed, 3 Jan 2007 14:58:03 -0500 (EST)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Wed, 03 Jan 2007 14:58:13 -0500
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-cvs@xxxxxxxxxxxxx
Author: nickm
Date: 2007-01-03 14:58:00 -0500 (Wed, 03 Jan 2007)
New Revision: 9255
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/doc/TODO
tor/trunk/doc/dir-spec.txt
tor/trunk/src/or/dirserv.c
tor/trunk/src/or/or.h
tor/trunk/src/or/routerlist.c
tor/trunk/src/or/routerparse.c
Log:
r11820@Kushana: nickm | 2007-01-03 14:54:05 -0500
Add (and specify) a BadDirectory flag to networkstatuses, so authorities can tell clients that some caches are broken. Also, implement an as-yet-unused function to estimate how many bytes will be sent on a directory connection.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r11820] on c95137ef-5f19-0410-b913-86e773d04f59
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-01-03 13:29:30 UTC (rev 9254)
+++ tor/trunk/ChangeLog 2007-01-03 19:58:00 UTC (rev 9255)
@@ -76,6 +76,8 @@
- When we change nameservers or IP addresses, reset and re-launch
our tests for DNS hijacking.
- Block an obscure DoS attack from directory caches.
+ - Add a BadDirectory flag to network status docs so that authorities
+ can (eventually) tell clients about caches they believe to be broken.
o Security bugfixes:
- Stop sending the HttpProxyAuthenticator string to directory
Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO 2007-01-03 13:29:30 UTC (rev 9254)
+++ tor/trunk/doc/TODO 2007-01-03 19:58:00 UTC (rev 9255)
@@ -86,7 +86,7 @@
D But eventually, we give up after getting a lot of 503s.
D Delay when we get a lot of 503s, rather than punting onto the
servers that have given us 503s?
-N - Add a 'BadDirectory' flag to statuses.
+ o Add a 'BadDirectory' flag to statuses.
- authorities should *never* 503 a cache, and should never 503
network status requests. They can 503 client descriptor requests
when they feel like it.
@@ -136,8 +136,8 @@
and to give dir conns lower priority.
. Write limiting; separate token bucket for write
o preemptively give a 503 to some v1 dir requests
- - preemptively give a 503 to some v2 dir requests
- - Write function to estimate bytes needed for N descriptors
+R - preemptively give a 503 to some v2 dir requests
+ o Write function to estimate bytes needed for N descriptors
statuses
D per-conn write buckets
D separate config options for read vs write limiting
Modified: tor/trunk/doc/dir-spec.txt
===================================================================
--- tor/trunk/doc/dir-spec.txt 2007-01-03 13:29:30 UTC (rev 9254)
+++ tor/trunk/doc/dir-spec.txt 2007-01-03 19:58:00 UTC (rev 9255)
@@ -347,6 +347,8 @@
"Versions" if this directory authority recommends software versions.
"BadExits" if the directory authority flags nodes that it believes
are performing incorrectly as exit nodes.
+ "BadDirectories" if the directory authority flags nodes that it
+ believes are performing incorrectly as directory caches.
The dir-options entry is optional. The "-versions" entries are required if
the "Versions" flag is present. The other entries are required and must
@@ -376,6 +378,10 @@
"BadExit" if the router is believed to be useless as an exit node
(because its ISP censors it, because it is behind a restrictive
proxy, or for some similar reason).
+ "BadDirectory" if the router is believed to be useless as a
+ directory cache (because its directory port isn't working;
+ because its bandwidth is always throttled, or for some
+ similar reason).
"Exit" if the router is useful for building general-purpose exit
circuits.
"Fast" if the router is suitable for high-bandwidth circuits.
Modified: tor/trunk/src/or/dirserv.c
===================================================================
--- tor/trunk/src/or/dirserv.c 2007-01-03 13:29:30 UTC (rev 9254)
+++ tor/trunk/src/or/dirserv.c 2007-01-03 19:58:00 UTC (rev 9255)
@@ -1882,6 +1882,35 @@
ctr = (ctr + 1) % 128;
}
+/** Return an approximate estimate of the number of bytes that will be needed
+ * to transmit the server descriptors (if is_serverdescs) or networkstatus
+ * objects (if !is_serverdescs) listed in <b>fps</b>. If <b>compressed</b> is
+ * set, we guess how large the data will be after compression.
+ *
+ * The return value is an estimate; it might be larger or smaller.
+ **/
+size_t
+dirserv_estimate_data_size(smartlist_t *fps, int is_serverdescs,
+ int compressed)
+{
+ size_t result;
+ if (is_serverdescs) {
+ int n = smartlist_len(fps);
+ routerinfo_t *me = router_get_my_routerinfo();
+ result = (me?me->cache_info.signed_descriptor_len:2048) * n;
+ if (compressed)
+ result /= 2; /* observed compressability is between 35 and 55%. */
+ } else {
+ result = 0;
+ SMARTLIST_FOREACH(fps, const char *, d, {
+ cached_dir_t *dir = digestmap_get(cached_v2_networkstatus, d);
+ if (dir)
+ result += compressed ? dir->dir_z_len : dir->dir_len;
+ });
+ }
+ return result;
+}
+
/** When we're spooling data onto our outbuf, add more whenever we dip
* below this threshold. */
#define DIRSERV_BUFFER_MIN 16384
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2007-01-03 13:29:30 UTC (rev 9254)
+++ tor/trunk/src/or/or.h 2007-01-03 19:58:00 UTC (rev 9255)
@@ -1012,6 +1012,8 @@
* choice as an entry guard. */
unsigned int is_bad_exit:1; /**< True iff this node is a bad choice for
* an exit node. */
+ unsigned int is_bad_directory:1; /**< Do we think this directory is junky,
+ * underpowered, or otherwise useless? */
/** True iff we know version info for this router. (i.e., a "v" entry was
* included.) We'll replace all these with a big tor_version_t or a char[]
@@ -1081,9 +1083,11 @@
unsigned int recommends_versions:1; /**< True iff this directory server
* recommends client and server software
* versions. */
- unsigned int lists_bad_exits:1; /** True iff this directory server marks
+ unsigned int lists_bad_exits:1; /**< True iff this directory server marks
* malfunctioning exits as bad. */
-
+ /** True iff this directory server marks malfunctioning directories as
+ * bad. */
+ unsigned int lists_bad_directories:1;
smartlist_t *entries; /**< List of routerstatus_t*. This list is kept
* sorted by identity_digest. */
} networkstatus_t;
@@ -2319,6 +2323,8 @@
int authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg,
int complain);
int dirserv_would_reject_router(routerstatus_t *rs);
+size_t dirserv_estimate_data_size(smartlist_t *fps, int is_serverdescs,
+ int compressed);
void dirserv_free_all(void);
void cached_dir_decref(cached_dir_t *d);
Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c 2007-01-03 13:29:30 UTC (rev 9254)
+++ tor/trunk/src/or/routerlist.c 2007-01-03 19:58:00 UTC (rev 9255)
@@ -546,6 +546,8 @@
int is_overloaded = _local_status->last_dir_503_at + DIR_503_TIMEOUT > now;
if (!status->is_running || !status->dir_port || !status->is_valid)
continue;
+ if (status->is_bad_directory)
+ continue;
if (requireother && router_digest_is_me(status->identity_digest))
continue;
is_trusted = router_digest_is_trusted_dir(status->identity_digest);
@@ -3212,7 +3214,7 @@
{
or_options_t *options = get_options();
int n_trusted, n_statuses, n_recent = 0, n_naming = 0;
- int n_listing_bad_exits = 0;
+ int n_listing_bad_exits = 0, n_listing_bad_directories = 0;
int i, j, warned;
int *index, *size;
networkstatus_t **networkstatus;
@@ -3262,6 +3264,8 @@
++n_recent;
if (networkstatus[i]->lists_bad_exits)
++n_listing_bad_exits;
+ if (networkstatus[i]->lists_bad_directories)
+ ++n_listing_bad_directories;
}
/** Iterate over all entries in all networkstatuses, and build
@@ -3333,6 +3337,7 @@
while (1) {
int n_running=0, n_named=0, n_valid=0, n_listing=0;
int n_v2_dir=0, n_fast=0, n_stable=0, n_exit=0, n_guard=0, n_bad_exit=0;
+ int n_bad_directory=0;
int n_version_known=0, n_supports_begindir=0;
int n_desc_digests=0, highest_count=0;
const char *the_name = NULL;
@@ -3421,6 +3426,8 @@
++n_v2_dir;
if (rs->is_bad_exit)
++n_bad_exit;
+ if (rs->is_bad_directory)
+ ++n_bad_directory;
if (rs->version_known)
++n_version_known;
if (rs->version_supports_begindir)
@@ -3475,6 +3482,8 @@
rs_out->status.is_stable = n_stable > n_statuses/2;
rs_out->status.is_v2_dir = n_v2_dir > n_statuses/2;
rs_out->status.is_bad_exit = n_bad_exit > n_listing_bad_exits/2;
+ rs_out->status.is_bad_directory =
+ n_bad_directory > n_listing_bad_directories/2;
rs_out->status.version_known = n_version_known > 0;
rs_out->status.version_supports_begindir =
n_supports_begindir > n_version_known/2;
Modified: tor/trunk/src/or/routerparse.c
===================================================================
--- tor/trunk/src/or/routerparse.c 2007-01-03 13:29:30 UTC (rev 9254)
+++ tor/trunk/src/or/routerparse.c 2007-01-03 19:58:00 UTC (rev 9255)
@@ -1077,6 +1077,8 @@
rs->is_possible_guard = 1;
else if (!strcmp(tok->args[i], "BadExit"))
rs->is_bad_exit = 1;
+ else if (!strcmp(tok->args[i], "BadDirectory"))
+ rs->is_bad_directory = 1;
}
}
if ((tok = find_first_by_keyword(tokens, K_V))) {
@@ -1224,6 +1226,8 @@
ns->recommends_versions = 1;
if (!strcmp(tok->args[i], "BadExits"))
ns->lists_bad_exits = 1;
+ if (!strcmp(tok->args[i], "BadDirectories"))
+ ns->lists_bad_directories = 1;
}
}