[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] moria1 had 756 HSDir flags in its vote but, the consensus had 2583

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] moria1 had 756 HSDir flags in its vote but, the consensus had 2583
From: Roger Dingledine <arma@xxxxxxx>
Date: Thu, 15 Feb 2018 12:47:47 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 15 Feb 2018 12:48:12 -0500
In-reply-to: <46dfa8ab-43d8-2353-c6da-eaefba78f3ed@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <8480589a-65c1-5279-fb62-af0572cd2128@riseup.net> <CAJdkzEOAvcL7ba38UtFSd+a5DDtxxj3hGYEsSR1zGjKyR7m48Q@mail.gmail.com> <450991cd-c152-bd01-bf20-fb7fafca4723@riseup.net> <20180212144933.GB9634@raoul> <46dfa8ab-43d8-2353-c6da-eaefba78f3ed@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.9.2 (2017-12-15)

On Mon, Feb 12, 2018 at 03:09:00PM +0000, nusenu wrote:
> >>> NOTICE: moria1 had 756 HSDir flags in its vote but
> >>> the consensus had 2583
>
> I tried to find it on trac, I guess this is:
> https://trac.torproject.org/projects/tor/ticket/19162

Yes, correct. moria1 runs all sorts of experimental patches.

One of them is choosing the HSDir flag for relays based on:

+    hsdir_tk = find_nth_long(tks, n_active, n_active*3/4);
+    hsdir_bandwidth = find_nth_uint32(bandwidths_kb, n_active, n_active/4);

That is, the relay needs to be in the top quarter of the relays
by time-known, and in the top three-quarters of the relays by
bandwidth weights (as decided by moria1's bwauth).

I think the time-known idea is a potentially really smart one, since if
we do it right we force attacking hsdir relays to be in the network for
a long time before they are allowed to become hsdirs.

--Roger

diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index d3bae24..9c4d91a 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1336,6 +1336,11 @@ static double guard_wfu = 0.0;
 /** Don't call a router a guard unless we've known about it for at least this
  * many seconds. */
 static long guard_tk = 0;
+/** Don't call a router an HSDir unless we've known about it for at least this
+ * many seconds. */
+static long hsdir_tk = 0;
+/** Don't call a router an HSDir unless it has at least this weight. */
+static long hsdir_bandwidth = 0;
 /** Any router with a bandwidth at least this high is "Fast" */
 static uint32_t fast_bandwidth_kb = 0;
 /** If exits can be guards, then all guards must have a bandwidth this
@@ -1409,6 +1414,8 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
 {
 
   long uptime;
+  long tk = rep_hist_get_weighted_time_known(node->identity, now);
+  uint32_t bw_kb = dirserv_get_credible_bandwidth_kb(router);
 
   /* If we haven't been running for at least
    * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
@@ -1427,6 +1434,8 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
   return (router->wants_to_be_hs_dir &&
           router->supports_tunnelled_dir_requests &&
           node->is_stable && node->is_fast &&
+          tk >= hsdir_tk &&
+          bw_kb >= hsdir_bandwidth &&
           uptime >= get_options()->MinUptimeHidServDirectoryV2 &&
           router_is_active(router, node, now));
 }
@@ -1463,9 +1472,10 @@ router_counts_toward_thresholds(const node_t *node, time_t now,
 
 /** Look through the routerlist, the Mean Time Between Failure history, and
  * the Weighted Fractional Uptime history, and use them to set thresholds for
- * the Stable, Fast, and Guard flags.  Update the fields stable_uptime,
- * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
- * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
+ * the Stable, Fast, Guard, and HSDir flags.  Update the fields stable_uptime,
+ * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, hsdir_tk,
+ * hsdir_bandwidth, fast_bandwidth, guard_bandwidth_including_exits,
+ * and guard_bandwidth_excluding_exits.
  *
  * Also, set the is_exit flag of each router appropriately. */
 static void
@@ -1492,6 +1502,8 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil)
   guard_bandwidth_excluding_exits_kb = 0;
   guard_tk = 0;
   guard_wfu = 0;
+  hsdir_tk = 0;
+  hsdir_bandwidth = 0;
 
   nodelist_assert_ok();
   nodelist = nodelist_get_list();
@@ -1560,6 +1572,16 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil)
     guard_bandwidth_including_exits_kb =
       third_quartile_uint32(bandwidths_kb, n_active);
     guard_tk = find_nth_long(tks, n_active, n_active/8);
+    hsdir_tk = find_nth_long(tks, n_active, n_active*3/4);
+//    hsdir_bandwidth = median_uint32(bandwidths_kb, n_active);
+    hsdir_bandwidth = find_nth_uint32(bandwidths_kb, n_active, n_active/4);
+  }
+
+  {
+    int i;
+    for (i = 0; i < n_active; i++) {
+      log_info(LD_GENERAL, "TK %d/%d: %ld", i, n_active, tks[i]);
+    }
   }
 
   if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
@@ -1621,11 +1643,13 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil)
   }
 
   log_info(LD_DIRSERV,
-      "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
+      "Cutoffs (%d active): For Stable, %lu sec uptime, %lu sec MTBF. "
       "For Fast: %lu kilobytes/sec. "
       "For Guard: WFU %.03f%%, time-known %lu sec, "
       "and bandwidth %lu or %lu kilobytes/sec. "
+      "For HSDir: time-known %lu sec, bandwidth %lu kilobytes/sec. "
       "We%s have enough stability data.",
+      n_active,
       (unsigned long)stable_uptime,
       (unsigned long)stable_mtbf,
       (unsigned long)fast_bandwidth_kb,
@@ -1633,6 +1657,8 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil)
       (unsigned long)guard_tk,
       (unsigned long)guard_bandwidth_including_exits_kb,
       (unsigned long)guard_bandwidth_excluding_exits_kb,
+      (unsigned long)hsdir_tk,
+      (unsigned long)hsdir_bandwidth,
       enough_mtbf_info ? "" : " don't");
 
   tor_free(uptimes);

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] monitoring significant drops of flags in dirauth votes
  - From: nusenu
- Re: [tor-dev] monitoring significant drops of flags in dirauth votes
  - From: Damian Johnson
- Re: [tor-dev] monitoring significant drops of flags in dirauth votes
  - From: nusenu
- Re: [tor-dev] monitoring significant drops of flags in dirauth votes
  - From: David Goulet
- Re: [tor-dev] moria1 had 756 HSDir flags in its vote but, the consensus had 2583
  - From: nusenu

Prev by Author: [tor-dev] Creating custom Tor Browser settings profile
Next by Author: [tor-dev] Proposal: Authenticating sendme cells to mitigate bandwidth attacks
Previous by thread: Re: [tor-dev] moria1 had 756 HSDir flags in its vote but, the consensus had 2583
Next by thread: [tor-dev] Enhancement for Tor 0.3.4.x
Index(es):
- Author
- Thread