diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-02-04 12:34:09 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-02-04 12:34:09 -0500 |
| commit | b1cb9ebb1c6fb8d6126e2af143477d2e9ac24ead (patch) | |
| tree | 913eae66a554178c68d33c36f67df61fca569ab2 | |
| parent | 898f2d7c278442d2c4fbdf0126eaa406d503d088 (diff) | |
| parent | 4eff8b65305248b1e7a57d1efdf8f55039719bd7 (diff) | |
| download | tor-b1cb9ebb1c6fb8d6126e2af143477d2e9ac24ead.tar.gz tor-b1cb9ebb1c6fb8d6126e2af143477d2e9ac24ead.zip | |
Merge branch 'bug8146_etc'
| -rw-r--r-- | changes/bug8146_etc | 13 | ||||
| -rw-r--r-- | src/or/dirserv.c | 46 | ||||
| -rw-r--r-- | src/or/rephist.c | 15 | ||||
| -rw-r--r-- | src/or/rephist.h | 2 |
4 files changed, 65 insertions, 11 deletions
diff --git a/changes/bug8146_etc b/changes/bug8146_etc new file mode 100644 index 0000000000..173ea3b58d --- /dev/null +++ b/changes/bug8146_etc @@ -0,0 +1,13 @@ + o Major bugfixes (security, directory authority): + - When computing directory thresholds, ignore any rejected-as-sybil + nodes during the computation so that they can't influence Fast, + Guard, etc. Fixes bug 8146. + + - When computing thresholds for flags, never let the threshold for + the Fast flag to 4096 bytes. Fixes bug 8145. + - Do not consider nodes with extremely low bandwidths when deciding + thresholds for various directory flags. Another fix for 8145. + + - When marking a node as a likely sybil, reset its uptime metrics + to zero, so that it cannot time towards getting marked as Guard, + Stable, or HSDir. Fix for bug 8147. diff --git a/src/or/dirserv.c b/src/or/dirserv.c index e2cd7cfd26..b59478e17d 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1884,6 +1884,22 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router, node->is_running); } +/** Don't consider routers with less bandwidth than this when computing + * thresholds. */ +#define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER 4096 + +/** Helper for dirserv_compute_performance_thresholds(): Decide whether to + * include a router in our calculations, and return true iff we should. */ +static int +router_counts_toward_thresholds(const node_t *node, time_t now, + const digestmap_t *omit_as_sybil) +{ + return node->ri && router_is_active(node->ri, node, now) && + !digestmap_get(omit_as_sybil, node->ri->cache_info.identity_digest) && + (router_get_advertised_bandwidth(node->ri) >= + ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER); +} + /** Look through the routerlist, the Mean Time Between Failure history, and * the Weighted Fractional Uptime history, and use them to set thresholds for * the Stable, Fast, and Guard flags. Update the fields stable_uptime, @@ -1893,7 +1909,8 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router, * * Also, set the is_exit flag of each router appropriately. */ static void -dirserv_compute_performance_thresholds(routerlist_t *rl) +dirserv_compute_performance_thresholds(routerlist_t *rl, + digestmap_t *omit_as_sybil) { int n_active, n_active_nonexit, n_familiar; uint32_t *uptimes, *bandwidths, *bandwidths_excluding_exits; @@ -1934,8 +1951,8 @@ dirserv_compute_performance_thresholds(routerlist_t *rl) /* Now, fill in the arrays. */ SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) { - routerinfo_t *ri = node->ri; - if (ri && router_is_active(ri, node, now)) { + if (router_counts_toward_thresholds(node, now, omit_as_sybil)) { + routerinfo_t *ri = node->ri; const char *id = ri->cache_info.identity_digest; uint32_t bw; node->is_exit = (!router_exit_policy_rejects_all(ri) && @@ -1975,9 +1992,12 @@ dirserv_compute_performance_thresholds(routerlist_t *rl) { /* We can vote on a parameter for the minimum and maximum. */ +#define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4096 int32_t min_fast, max_fast; min_fast = networkstatus_get_param(NULL, "FastFlagMinThreshold", - 0, 0, INT32_MAX); + ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG, + ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG, + INT32_MAX); max_fast = networkstatus_get_param(NULL, "FastFlagMaxThreshold", INT32_MAX, min_fast, INT32_MAX); if (fast_bandwidth < (uint32_t)min_fast) @@ -1996,8 +2016,8 @@ dirserv_compute_performance_thresholds(routerlist_t *rl) n_familiar = 0; SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) { - routerinfo_t *ri = node->ri; - if (ri && router_is_active(ri, node, now)) { + if (router_counts_toward_thresholds(node, now, omit_as_sybil)) { + routerinfo_t *ri = node->ri; const char *id = ri->cache_info.identity_digest; long tk = rep_hist_get_weighted_time_known(id, now); if (tk < guard_tk) @@ -2751,13 +2771,18 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, dirserv_set_router_is_running(ri, now); }); - dirserv_compute_performance_thresholds(rl); - routers = smartlist_new(); smartlist_add_all(routers, rl->routers); routers_sort_by_identity(routers); omit_as_sybil = get_possible_sybil_list(routers); + DIGESTMAP_FOREACH(omit_as_sybil, sybil_id, void *, ignore) { + (void) ignore; + rep_hist_make_router_pessimal(sybil_id, now); + } DIGESTMAP_FOREACH_END; + + dirserv_compute_performance_thresholds(rl, omit_as_sybil); + routerstatuses = smartlist_new(); microdescriptors = smartlist_new(); @@ -3008,14 +3033,13 @@ generate_v2_networkstatus_opinion(void) dirserv_set_router_is_running(ri, now); }); - dirserv_compute_performance_thresholds(rl); - routers = smartlist_new(); smartlist_add_all(routers, rl->routers); routers_sort_by_identity(routers); - omit_as_sybil = get_possible_sybil_list(routers); + dirserv_compute_performance_thresholds(rl, omit_as_sybil); + SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) { if (ri->cache_info.published_on >= cutoff) { routerstatus_t rs; diff --git a/src/or/rephist.c b/src/or/rephist.c index 925ca88153..34caa4b518 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -422,6 +422,21 @@ rep_hist_note_router_unreachable(const char *id, time_t when) } } +/** Mark a router with ID <b>id</b> as non-Running, and retroactively declare + * that it has never been running: give it no stability and no WFU. */ +void +rep_hist_make_router_pessimal(const char *id, time_t when) +{ + or_history_t *hist = get_or_history(id); + tor_assert(hist); + + rep_hist_note_router_unreachable(id, when); + mark_or_down(hist, when, 1); + + hist->weighted_run_length = 0; + hist->weighted_uptime = 0; +} + /** Helper: Discount all old MTBF data, if it is time to do so. Return * the time at which we should next discount MTBF data. */ time_t diff --git a/src/or/rephist.h b/src/or/rephist.h index 5568330dd7..811cd8d450 100644 --- a/src/or/rephist.h +++ b/src/or/rephist.h @@ -24,6 +24,8 @@ void rep_hist_dump_stats(time_t now, int severity); void rep_hist_note_bytes_read(size_t num_bytes, time_t when); void rep_hist_note_bytes_written(size_t num_bytes, time_t when); +void rep_hist_make_router_pessimal(const char *id, time_t when); + void rep_hist_note_dir_bytes_read(size_t num_bytes, time_t when); void rep_hist_note_dir_bytes_written(size_t num_bytes, time_t when); |