diff options
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/config.c | 8 | ||||
-rw-r--r-- | src/or/cpuworker.c | 14 | ||||
-rw-r--r-- | src/or/dirserv.c | 24 | ||||
-rw-r--r-- | src/or/or.h | 8 |
4 files changed, 40 insertions, 14 deletions
diff --git a/src/or/config.c b/src/or/config.c index afccf2e84e..7cbadc25c3 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -184,6 +184,8 @@ static config_var_t _option_vars[] = { V(AuthDirBadDir, LINELIST, NULL), V(AuthDirBadExit, LINELIST, NULL), V(AuthDirInvalid, LINELIST, NULL), + V(AuthDirFastGuarantee, MEMUNIT, "20 KB"), + V(AuthDirGuardBWGuarantee, MEMUNIT, "250 KB"), V(AuthDirReject, LINELIST, NULL), V(AuthDirRejectUnlisted, BOOL, "0"), V(AuthDirListBadDirs, BOOL, "0"), @@ -3544,6 +3546,12 @@ options_validate(or_options_t *old_options, or_options_t *options, if (ensure_bandwidth_cap(&options->PerConnBWBurst, "PerConnBWBurst", msg) < 0) return -1; + if (ensure_bandwidth_cap(&options->AuthDirFastGuarantee, + "AuthDirFastGuarantee", msg) < 0) + return -1; + if (ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee, + "AuthDirGuardBWGuarantee", msg) < 0) + return -1; if (options->RelayBandwidthRate && !options->RelayBandwidthBurst) options->RelayBandwidthBurst = options->RelayBandwidthRate; diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c index bf8964c29c..914003790a 100644 --- a/src/or/cpuworker.c +++ b/src/or/cpuworker.c @@ -445,9 +445,19 @@ assign_onionskin_to_cpuworker(connection_t *cpuworker, { char qbuf[1]; char tag[TAG_LEN]; + time_t now = approx_time(); + static time_t last_culled_cpuworkers = 0; - cull_wedged_cpuworkers(); - spawn_enough_cpuworkers(); + /* Checking for wedged cpuworkers requires a linear search over all + * connections, so let's do it only once a minute. + */ +#define CULL_CPUWORKERS_INTERVAL 60 + + if (last_culled_cpuworkers + CULL_CPUWORKERS_INTERVAL <= now) { + cull_wedged_cpuworkers(); + spawn_enough_cpuworkers(); + last_culled_cpuworkers = now; + } if (1) { if (num_cpuworkers_busy == num_cpuworkers) { diff --git a/src/or/dirserv.c b/src/or/dirserv.c index e4cbcaaded..64db94df31 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1720,12 +1720,6 @@ should_generate_v2_networkstatus(void) /** If a router's MTBF is at least this value, then it is always stable. * See above. (Corresponds to about 7 days for current decay rates.) */ #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5) -/** Similarly, we protect sufficiently fast nodes from being pushed - * out of the set of Fast nodes. */ -#define BANDWIDTH_TO_GUARANTEE_FAST ROUTER_REQUIRED_MIN_BANDWIDTH -/** Similarly, every node with sufficient bandwidth can be considered - * for Guard status. */ -#define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024) /** Similarly, every node with at least this much weighted time known can be * considered familiar enough to be a guard. Corresponds to about 20 days for * current decay rates. @@ -1870,6 +1864,7 @@ dirserv_compute_performance_thresholds(routerlist_t *rl) long *tks; double *mtbfs, *wfus; time_t now = time(NULL); + or_options_t *options = get_options(); /* initialize these all here, in case there are no routers */ stable_uptime = 0; @@ -1942,8 +1937,11 @@ dirserv_compute_performance_thresholds(routerlist_t *rl) if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR) guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR; - if (fast_bandwidth > BANDWIDTH_TO_GUARANTEE_FAST) - fast_bandwidth = BANDWIDTH_TO_GUARANTEE_FAST; + /* Protect sufficiently fast nodes from being pushed out of the set + * of Fast nodes. */ + if (options->AuthDirFastGuarantee && + fast_bandwidth > options->AuthDirFastGuarantee) + fast_bandwidth = options->AuthDirFastGuarantee; /* Now that we have a time-known that 7/8 routers are known longer than, * fill wfus with the wfu of every such "familiar" router. */ @@ -2375,6 +2373,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, const or_options_t *options = get_options(); int unstable_version = !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs"); + uint32_t routerbw = router_get_advertised_bandwidth(ri); + memset(rs, 0, sizeof(routerstatus_t)); rs->is_authority = @@ -2400,10 +2400,10 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->is_valid = node->is_valid; if (node->is_fast && - (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD || - router_get_advertised_bandwidth(ri) >= - MIN(guard_bandwidth_including_exits, - guard_bandwidth_excluding_exits)) && + ((options->AuthDirGuardBWGuarantee && + routerbw >= options->AuthDirGuardBWGuarantee) || + routerbw >= MIN(guard_bandwidth_including_exits, + guard_bandwidth_excluding_exits)) && (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( diff --git a/src/or/or.h b/src/or/or.h index 259ae5c989..67ba62bdd6 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3162,6 +3162,14 @@ typedef struct { * exploitation of CVE-2011-2768 against their clients? */ int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; + /** If non-zero, always vote the Fast flag for any relay advertising + * this amount of capacity or more. */ + uint64_t AuthDirFastGuarantee; + + /** If non-zero, this advertised capacity or more is always sufficient + * to satisfy the bandwidth requirement for the Guard flag. */ + uint64_t AuthDirGuardBWGuarantee; + char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting |