diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-02-04 10:19:26 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-02-04 10:19:26 -0500 |
| commit | 40c13240c08349b94d39a1af320f61a1f7a4fda0 (patch) | |
| tree | e5ee040d85fd01d27a7aa22cbfa595a1f9735bf5 | |
| parent | ddf2c36ab1e606ea9dcd0253512da16ab17b3457 (diff) | |
| download | tor-40c13240c08349b94d39a1af320f61a1f7a4fda0.tar.gz tor-40c13240c08349b94d39a1af320f61a1f7a4fda0.zip | |
When computing performance thresholds, ignore omitted-as-sybil nodes.
Fixes bug 8146.
| -rw-r--r-- | changes/bug8146_etc | 5 | ||||
| -rw-r--r-- | src/or/dirserv.c | 18 |
2 files changed, 15 insertions, 8 deletions
diff --git a/changes/bug8146_etc b/changes/bug8146_etc new file mode 100644 index 0000000000..d59c4c1af8 --- /dev/null +++ b/changes/bug8146_etc @@ -0,0 +1,5 @@ + o Major bugfixes (security, directory authority): + - When computing directory thresholds, ignore any rejected-as-sybil + nodes during the computation so that they can't influence Fast, + Guard, etc. Fixes bug 8146. + diff --git a/src/or/dirserv.c b/src/or/dirserv.c index e2cd7cfd26..320b8e00d3 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1893,7 +1893,8 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router, * * Also, set the is_exit flag of each router appropriately. */ static void -dirserv_compute_performance_thresholds(routerlist_t *rl) +dirserv_compute_performance_thresholds(routerlist_t *rl, + digestmap_t *omit_as_sybil) { int n_active, n_active_nonexit, n_familiar; uint32_t *uptimes, *bandwidths, *bandwidths_excluding_exits; @@ -1935,7 +1936,8 @@ dirserv_compute_performance_thresholds(routerlist_t *rl) /* Now, fill in the arrays. */ SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) { routerinfo_t *ri = node->ri; - if (ri && router_is_active(ri, node, now)) { + if (ri && router_is_active(ri, node, now) && + !digestmap_get(omit_as_sybil, ri->cache_info.identity_digest)) { const char *id = ri->cache_info.identity_digest; uint32_t bw; node->is_exit = (!router_exit_policy_rejects_all(ri) && @@ -1997,7 +1999,8 @@ dirserv_compute_performance_thresholds(routerlist_t *rl) SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) { routerinfo_t *ri = node->ri; - if (ri && router_is_active(ri, node, now)) { + if (ri && router_is_active(ri, node, now) && + !digestmap_get(omit_as_sybil, ri->cache_info.identity_digest)) { const char *id = ri->cache_info.identity_digest; long tk = rep_hist_get_weighted_time_known(id, now); if (tk < guard_tk) @@ -2751,13 +2754,13 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, dirserv_set_router_is_running(ri, now); }); - dirserv_compute_performance_thresholds(rl); - routers = smartlist_new(); smartlist_add_all(routers, rl->routers); routers_sort_by_identity(routers); omit_as_sybil = get_possible_sybil_list(routers); + dirserv_compute_performance_thresholds(rl, omit_as_sybil); + routerstatuses = smartlist_new(); microdescriptors = smartlist_new(); @@ -3008,14 +3011,13 @@ generate_v2_networkstatus_opinion(void) dirserv_set_router_is_running(ri, now); }); - dirserv_compute_performance_thresholds(rl); - routers = smartlist_new(); smartlist_add_all(routers, rl->routers); routers_sort_by_identity(routers); - omit_as_sybil = get_possible_sybil_list(routers); + dirserv_compute_performance_thresholds(rl, omit_as_sybil); + SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) { if (ri->cache_info.published_on >= cutoff) { routerstatus_t rs; |