Commit c0ec4eaf authored by Roger Dingledine's avatar Roger Dingledine
Browse files

parameterize bw cutoffs to guarantee Fast and Guard flags

Now it will be easier for researchers to simulate Tor networks with
different values. Resolves ticket 4484.
parent f4e053d6
o Minor features:
- Add two new config options for directory authorities:
AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
that is always sufficient to satisfy the bandwidth requirement for
the Guard flag. Now it will be easier for researchers to simulate
Tor networks with different values. Resolves ticket 4484.
......@@ -175,6 +175,8 @@ static config_var_t _option_vars[] = {
V(AuthDirBadDir, LINELIST, NULL),
V(AuthDirBadExit, LINELIST, NULL),
V(AuthDirInvalid, LINELIST, NULL),
V(AuthDirFastGuarantee, MEMUNIT, "20 KB"),
V(AuthDirGuardBWGuarantee, MEMUNIT, "250 KB"),
V(AuthDirReject, LINELIST, NULL),
V(AuthDirRejectUnlisted, BOOL, "0"),
V(AuthDirListBadDirs, BOOL, "0"),
......@@ -3373,6 +3375,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
if (ensure_bandwidth_cap(&options->PerConnBWBurst,
"PerConnBWBurst", msg) < 0)
return -1;
if (ensure_bandwidth_cap(&options->AuthDirFastGuarantee,
"AuthDirFastGuarantee", msg) < 0)
return -1;
if (ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee,
"AuthDirGuardBWGuarantee", msg) < 0)
return -1;
if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
options->RelayBandwidthBurst = options->RelayBandwidthRate;
......
......@@ -1692,12 +1692,6 @@ should_generate_v2_networkstatus(void)
/** If a router's MTBF is at least this value, then it is always stable.
* See above. (Corresponds to about 7 days for current decay rates.) */
#define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
/** Similarly, we protect sufficiently fast nodes from being pushed
* out of the set of Fast nodes. */
#define BANDWIDTH_TO_GUARANTEE_FAST ROUTER_REQUIRED_MIN_BANDWIDTH
/** Similarly, every node with sufficient bandwidth can be considered
* for Guard status. */
#define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
/** Similarly, every node with at least this much weighted time known can be
* considered familiar enough to be a guard. Corresponds to about 20 days for
* current decay rates.
......@@ -1841,6 +1835,7 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
long *tks;
double *mtbfs, *wfus;
time_t now = time(NULL);
or_options_t *options = get_options();
/* initialize these all here, in case there are no routers */
stable_uptime = 0;
......@@ -1910,8 +1905,11 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
if (fast_bandwidth > BANDWIDTH_TO_GUARANTEE_FAST)
fast_bandwidth = BANDWIDTH_TO_GUARANTEE_FAST;
/* Protect sufficiently fast nodes from being pushed out of the set
* of Fast nodes. */
if (options->AuthDirFastGuarantee &&
fast_bandwidth > options->AuthDirFastGuarantee)
fast_bandwidth = options->AuthDirFastGuarantee;
/* Now that we have a time-known that 7/8 routers are known longer than,
* fill wfus with the wfu of every such "familiar" router. */
......@@ -2335,6 +2333,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
const or_options_t *options = get_options();
int unstable_version =
!tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
uint32_t routerbw = router_get_advertised_bandwidth(ri);
memset(rs, 0, sizeof(routerstatus_t));
rs->is_authority =
......@@ -2360,10 +2360,10 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
rs->is_valid = ri->is_valid;
if (rs->is_fast &&
(router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
router_get_advertised_bandwidth(ri) >=
MIN(guard_bandwidth_including_exits,
guard_bandwidth_excluding_exits)) &&
((options->AuthDirGuardBWGuarantee &&
routerbw >= options->AuthDirGuardBWGuarantee) ||
routerbw >= MIN(guard_bandwidth_including_exits,
guard_bandwidth_excluding_exits)) &&
(options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays ||
is_router_version_good_for_possible_guard(ri->platform))) {
long tk = rep_hist_get_weighted_time_known(
......
......@@ -2676,6 +2676,14 @@ typedef struct {
* exploitation of CVE-2011-2768 against their clients? */
int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays;
/** If non-zero, always vote the Fast flag for any relay advertising
* this amount of capacity or more. */
uint64_t AuthDirFastGuarantee;
/** If non-zero, this advertised capacity or more is always sufficient
* to satisfy the bandwidth requirement for the Guard flag. */
uint64_t AuthDirGuardBWGuarantee;
char *AccountingStart; /**< How long is the accounting interval, and when
* does it start? */
uint64_t AccountingMax; /**< How many bytes do we allow per accounting
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment