summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/bug45184
-rw-r--r--changes/feature44848
-rw-r--r--doc/tor.1.txt10
-rw-r--r--src/or/config.c8
-rw-r--r--src/or/cpuworker.c14
-rw-r--r--src/or/dirserv.c24
-rw-r--r--src/or/or.h8
7 files changed, 62 insertions, 14 deletions
diff --git a/changes/bug4518 b/changes/bug4518
new file mode 100644
index 0000000000..8dcb93bf72
--- /dev/null
+++ b/changes/bug4518
@@ -0,0 +1,4 @@
+ o Minor bugfixes (performance):
+ - Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers
+ function. This was eating up hideously large amounts of time on some
+ busy servers. Fixes bug 4518.
diff --git a/changes/feature4484 b/changes/feature4484
new file mode 100644
index 0000000000..78154e9649
--- /dev/null
+++ b/changes/feature4484
@@ -0,0 +1,8 @@
+ o Minor features:
+ - Add two new config options for directory authorities:
+ AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
+ Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
+ that is always sufficient to satisfy the bandwidth requirement for
+ the Guard flag. Now it will be easier for researchers to simulate
+ Tor networks with different values. Resolves ticket 4484.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index b54735d383..bc0435d4d9 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1406,6 +1406,16 @@ DIRECTORY AUTHORITY SERVER OPTIONS
Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies
to addresses shared with directory authorities. (Default: 5)
+**AuthDirFastGuarantee** __N__ **bytes**|**KB**|**MB**|**GB**::
+ Authoritative directories only. If non-zero, always vote the
+ Fast flag for any relay advertising this amount of capacity or
+ more. (Default: 20 KB)
+
+**AuthDirGuardBWGuarantee** __N__ **bytes**|**KB**|**MB**|**GB**::
+ Authoritative directories only. If non-zero, this advertised capacity
+ or more is always sufficient to satisfy the bandwidth requirement
+ for the Guard flag. (Default: 250 KB)
+
**BridgePassword** __Password__::
If set, contains an HTTP authenticator that tells a bridge authority to
serve all requested bridge information. Used for debugging. (Default:
diff --git a/src/or/config.c b/src/or/config.c
index afccf2e84e..7cbadc25c3 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -184,6 +184,8 @@ static config_var_t _option_vars[] = {
V(AuthDirBadDir, LINELIST, NULL),
V(AuthDirBadExit, LINELIST, NULL),
V(AuthDirInvalid, LINELIST, NULL),
+ V(AuthDirFastGuarantee, MEMUNIT, "20 KB"),
+ V(AuthDirGuardBWGuarantee, MEMUNIT, "250 KB"),
V(AuthDirReject, LINELIST, NULL),
V(AuthDirRejectUnlisted, BOOL, "0"),
V(AuthDirListBadDirs, BOOL, "0"),
@@ -3544,6 +3546,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
if (ensure_bandwidth_cap(&options->PerConnBWBurst,
"PerConnBWBurst", msg) < 0)
return -1;
+ if (ensure_bandwidth_cap(&options->AuthDirFastGuarantee,
+ "AuthDirFastGuarantee", msg) < 0)
+ return -1;
+ if (ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee,
+ "AuthDirGuardBWGuarantee", msg) < 0)
+ return -1;
if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
options->RelayBandwidthBurst = options->RelayBandwidthRate;
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index bf8964c29c..914003790a 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -445,9 +445,19 @@ assign_onionskin_to_cpuworker(connection_t *cpuworker,
{
char qbuf[1];
char tag[TAG_LEN];
+ time_t now = approx_time();
+ static time_t last_culled_cpuworkers = 0;
- cull_wedged_cpuworkers();
- spawn_enough_cpuworkers();
+ /* Checking for wedged cpuworkers requires a linear search over all
+ * connections, so let's do it only once a minute.
+ */
+#define CULL_CPUWORKERS_INTERVAL 60
+
+ if (last_culled_cpuworkers + CULL_CPUWORKERS_INTERVAL <= now) {
+ cull_wedged_cpuworkers();
+ spawn_enough_cpuworkers();
+ last_culled_cpuworkers = now;
+ }
if (1) {
if (num_cpuworkers_busy == num_cpuworkers) {
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index e4cbcaaded..64db94df31 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1720,12 +1720,6 @@ should_generate_v2_networkstatus(void)
/** If a router's MTBF is at least this value, then it is always stable.
* See above. (Corresponds to about 7 days for current decay rates.) */
#define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
-/** Similarly, we protect sufficiently fast nodes from being pushed
- * out of the set of Fast nodes. */
-#define BANDWIDTH_TO_GUARANTEE_FAST ROUTER_REQUIRED_MIN_BANDWIDTH
-/** Similarly, every node with sufficient bandwidth can be considered
- * for Guard status. */
-#define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
/** Similarly, every node with at least this much weighted time known can be
* considered familiar enough to be a guard. Corresponds to about 20 days for
* current decay rates.
@@ -1870,6 +1864,7 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
long *tks;
double *mtbfs, *wfus;
time_t now = time(NULL);
+ or_options_t *options = get_options();
/* initialize these all here, in case there are no routers */
stable_uptime = 0;
@@ -1942,8 +1937,11 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
- if (fast_bandwidth > BANDWIDTH_TO_GUARANTEE_FAST)
- fast_bandwidth = BANDWIDTH_TO_GUARANTEE_FAST;
+ /* Protect sufficiently fast nodes from being pushed out of the set
+ * of Fast nodes. */
+ if (options->AuthDirFastGuarantee &&
+ fast_bandwidth > options->AuthDirFastGuarantee)
+ fast_bandwidth = options->AuthDirFastGuarantee;
/* Now that we have a time-known that 7/8 routers are known longer than,
* fill wfus with the wfu of every such "familiar" router. */
@@ -2375,6 +2373,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
const or_options_t *options = get_options();
int unstable_version =
!tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
+ uint32_t routerbw = router_get_advertised_bandwidth(ri);
+
memset(rs, 0, sizeof(routerstatus_t));
rs->is_authority =
@@ -2400,10 +2400,10 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
rs->is_valid = node->is_valid;
if (node->is_fast &&
- (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
- router_get_advertised_bandwidth(ri) >=
- MIN(guard_bandwidth_including_exits,
- guard_bandwidth_excluding_exits)) &&
+ ((options->AuthDirGuardBWGuarantee &&
+ routerbw >= options->AuthDirGuardBWGuarantee) ||
+ routerbw >= MIN(guard_bandwidth_including_exits,
+ guard_bandwidth_excluding_exits)) &&
(options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays ||
is_router_version_good_for_possible_guard(ri->platform))) {
long tk = rep_hist_get_weighted_time_known(
diff --git a/src/or/or.h b/src/or/or.h
index 259ae5c989..67ba62bdd6 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3162,6 +3162,14 @@ typedef struct {
* exploitation of CVE-2011-2768 against their clients? */
int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays;
+ /** If non-zero, always vote the Fast flag for any relay advertising
+ * this amount of capacity or more. */
+ uint64_t AuthDirFastGuarantee;
+
+ /** If non-zero, this advertised capacity or more is always sufficient
+ * to satisfy the bandwidth requirement for the Guard flag. */
+ uint64_t AuthDirGuardBWGuarantee;
+
char *AccountingStart; /**< How long is the accounting interval, and when
* does it start? */
uint64_t AccountingMax; /**< How many bytes do we allow per accounting