5 files changed, 53 insertions, 29 deletions

diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index f012b7bf64..284c9bef82 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -349,7 +349,7 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
 
   if (result & FP_REJECT) {
     if (msg)
-      *msg = "Fingerprint is marked rejected";
+      *msg = "Fingerprint is marked rejected -- please contact us?";
     return FP_REJECT;
   } else if (result & FP_INVALID) {
     if (msg)
@@ -367,7 +367,7 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
     log_fn(severity, LD_DIRSERV, "Rejecting '%s' because of address '%s'",
                nickname, fmt_addr32(addr));
     if (msg)
-      *msg = "Authdir is rejecting routers in this range.";
+      *msg = "Suspicious relay address range -- please contact us?";
     return FP_REJECT;
   }
   if (!authdir_policy_valid_address(addr, or_port)) {
@@ -1424,13 +1424,13 @@ router_counts_toward_thresholds(const node_t *node, time_t now,
  *
  * Also, set the is_exit flag of each router appropriately. */
 static void
-dirserv_compute_performance_thresholds(const smartlist_t *routers,
-                                       digestmap_t *omit_as_sybil)
+dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil)
 {
   int n_active, n_active_nonexit, n_familiar;
   uint32_t *uptimes, *bandwidths_kb, *bandwidths_excluding_exits_kb;
   long *tks;
   double *mtbfs, *wfus;
+  smartlist_t *nodelist;
   time_t now = time(NULL);
   const or_options_t *options = get_options();
 
@@ -1448,27 +1448,28 @@ dirserv_compute_performance_thresholds(const smartlist_t *routers,
   guard_tk = 0;
   guard_wfu = 0;
 
+  nodelist_assert_ok();
+  nodelist = nodelist_get_list();
+
   /* Initialize arrays that will hold values for each router.  We'll
    * sort them and use that to compute thresholds. */
   n_active = n_active_nonexit = 0;
   /* Uptime for every active router. */
-  uptimes = tor_calloc(smartlist_len(routers), sizeof(uint32_t));
+  uptimes = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
   /* Bandwidth for every active router. */
-  bandwidths_kb = tor_calloc(smartlist_len(routers), sizeof(uint32_t));
+  bandwidths_kb = tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
   /* Bandwidth for every active non-exit router. */
   bandwidths_excluding_exits_kb =
-    tor_calloc(smartlist_len(routers), sizeof(uint32_t));
+    tor_calloc(smartlist_len(nodelist), sizeof(uint32_t));
   /* Weighted mean time between failure for each active router. */
-  mtbfs = tor_calloc(smartlist_len(routers), sizeof(double));
+  mtbfs = tor_calloc(smartlist_len(nodelist), sizeof(double));
   /* Time-known for each active router. */
-  tks = tor_calloc(smartlist_len(routers), sizeof(long));
+  tks = tor_calloc(smartlist_len(nodelist), sizeof(long));
   /* Weighted fractional uptime for each active router. */
-  wfus = tor_calloc(smartlist_len(routers), sizeof(double));
-
-  nodelist_assert_ok();
+  wfus = tor_calloc(smartlist_len(nodelist), sizeof(double));
 
   /* Now, fill in the arrays. */
-  SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) {
+  SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) {
     if (options->BridgeAuthoritativeDir &&
         node->ri &&
         node->ri->purpose != ROUTER_PURPOSE_BRIDGE)
@@ -1544,7 +1545,7 @@ dirserv_compute_performance_thresholds(const smartlist_t *routers,
    * fill wfus with the wfu of every such "familiar" router. */
   n_familiar = 0;
 
-  SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) {
+  SMARTLIST_FOREACH_BEGIN(nodelist, node_t *, node) {
       if (router_counts_toward_thresholds(node, now,
                                           omit_as_sybil, require_mbw)) {
         routerinfo_t *ri = node->ri;
@@ -1598,11 +1599,11 @@ dirserv_compute_performance_thresholds(const smartlist_t *routers,
  * networkstatus_getinfo_by_purpose().
  */
 void
-dirserv_compute_bridge_flag_thresholds(const smartlist_t *routers)
+dirserv_compute_bridge_flag_thresholds()
 {
 
   digestmap_t *omit_as_sybil = digestmap_new();
-  dirserv_compute_performance_thresholds(routers, omit_as_sybil);
+  dirserv_compute_performance_thresholds(omit_as_sybil);
   digestmap_free(omit_as_sybil, NULL);
 }
 
@@ -2873,7 +2874,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
    * this must come before dirserv_compute_performance_thresholds() */
   dirserv_count_measured_bws(routers);
 
-  dirserv_compute_performance_thresholds(routers, omit_as_sybil);
+  dirserv_compute_performance_thresholds(omit_as_sybil);
 
   routerstatuses = smartlist_new();
   microdescriptors = smartlist_new();
diff --git a/src/or/dirserv.h b/src/or/dirserv.h
index 3e735db071..9a9725ad6f 100644
--- a/src/or/dirserv.h
+++ b/src/or/dirserv.h
@@ -50,7 +50,7 @@ int list_server_status_v1(smartlist_t *routers, char **router_status_out,
 int dirserv_dump_directory_to_string(char **dir_out,
                                      crypto_pk_t *private_key);
 char *dirserv_get_flag_thresholds_line(void);
-void dirserv_compute_bridge_flag_thresholds(const smartlist_t *routers);
+void dirserv_compute_bridge_flag_thresholds(void);
 
 int directory_fetches_from_authorities(const or_options_t *options);
 int directory_fetches_dir_info_early(const or_options_t *options);
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 51c985e85e..2975e7ebb4 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -2044,11 +2044,10 @@ networkstatus_dump_bridge_status_to_file(time_t now)
   char *fname = NULL;
   char *thresholds = NULL;
   char *published_thresholds_and_status = NULL;
-  routerlist_t *rl = router_get_routerlist();
   char published[ISO_TIME_LEN+1];
 
   format_iso_time(published, now);
-  dirserv_compute_bridge_flag_thresholds(rl->routers);
+  dirserv_compute_bridge_flag_thresholds();
   thresholds = dirserv_get_flag_thresholds_line();
   tor_asprintf(&published_thresholds_and_status,
                "published %s\nflag-thresholds %s\n%s",
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 21ac70a39b..7426d8b35d 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1441,6 +1441,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
   int status = 0, result;
   const or_options_t *options = get_options();
   char *err_msg = NULL;
+  int err_msg_severity = LOG_WARN;
   const char *stage_descr = NULL;
   int reason = END_CIRC_REASON_TORPROTOCOL;
   /* Service/circuit/key stuff we can learn before parsing */
@@ -1592,8 +1593,10 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
 
   /* Find the rendezvous point */
   rp = find_rp_for_intro(parsed_req, &err_msg);
-  if (!rp)
+  if (!rp) {
+    err_msg_severity = LOG_PROTOCOL_WARN;
     goto log_error;
+  }
 
   /* Check if we'd refuse to talk to this router */
   if (options->StrictNodes &&
@@ -1731,7 +1734,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
     }
   }
 
-  log_warn(LD_REND, "%s on circ %u", err_msg,
+  log_fn(err_msg_severity, LD_REND, "%s on circ %u", err_msg,
            (unsigned)circuit->base_.n_circ_id);
  err:
   status = -1;
@@ -1793,7 +1796,7 @@ find_rp_for_intro(const rend_intro_cell_t *intro,
     if (!rp) {
       if (err_msg_out) {
         tor_asprintf(&err_msg,
-                     "Could build extend_info_t for router %s named "
+                     "Couldn't build extend_info_t for router %s named "
                      "in INTRODUCE2 cell",
                      escaped_safe_str_client(rp_nickname));
       }
@@ -1829,8 +1832,10 @@ find_rp_for_intro(const rend_intro_cell_t *intro,
   goto done;
 
  err:
-  if (err_msg_out) *err_msg_out = err_msg;
-  else tor_free(err_msg);
+  if (err_msg_out)
+    *err_msg_out = err_msg;
+  else
+    tor_free(err_msg);
 
  done:
   return rp;
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 7f805f15b1..2149192509 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -148,6 +148,22 @@ get_n_authorities(dirinfo_type_t type)
   return n;
 }
 
+/** Initialise schedule, want_authority, and increment on in the download
+ * status dlstatus, then call download_status_reset() on it.
+ * It is safe to call this function or download_status_reset() multiple times
+ * on a new dlstatus. But it should *not* be called after a dlstatus has been
+ * used to count download attempts or failures. */
+static void
+download_status_cert_init(download_status_t *dlstatus)
+{
+  dlstatus->schedule = DL_SCHED_CONSENSUS;
+  dlstatus->want_authority = DL_WANT_ANY_DIRSERVER;
+  dlstatus->increment_on = DL_SCHED_INCREMENT_FAILURE;
+
+  /* Use the new schedule to set next_attempt_at */
+  download_status_reset(dlstatus);
+}
+
 /** Reset the download status of a specified element in a dsmap */
 static void
 download_status_reset_by_sk_in_cl(cert_list_t *cl, const char *digest)
@@ -168,6 +184,7 @@ download_status_reset_by_sk_in_cl(cert_list_t *cl, const char *digest)
     /* Insert before we reset */
     dlstatus = tor_malloc_zero(sizeof(*dlstatus));
     dsmap_set(cl->dl_status_map, digest, dlstatus);
+    download_status_cert_init(dlstatus);
   }
   tor_assert(dlstatus);
   /* Go ahead and reset it */
@@ -206,7 +223,7 @@ download_status_is_ready_by_sk_in_cl(cert_list_t *cl,
      * too.
      */
     dlstatus = tor_malloc_zero(sizeof(*dlstatus));
-    download_status_reset(dlstatus);
+    download_status_cert_init(dlstatus);
     dsmap_set(cl->dl_status_map, digest, dlstatus);
     rv = 1;
   }
@@ -225,7 +242,7 @@ get_cert_list(const char *id_digest)
   cl = digestmap_get(trusted_dir_certs, id_digest);
   if (!cl) {
     cl = tor_malloc_zero(sizeof(cert_list_t));
-    cl->dl_status_by_id.schedule = DL_SCHED_CONSENSUS;
+    download_status_cert_init(&cl->dl_status_by_id);
     cl->certs = smartlist_new();
     cl->dl_status_map = dsmap_new();
     digestmap_set(trusted_dir_certs, id_digest, cl);
@@ -896,7 +913,8 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
 
     if (smartlist_len(fps) > 1) {
       resource = smartlist_join_strings(fps, "", 0, NULL);
-      /* XXX - do we want certs from authorities or mirrors? - teor */
+      /* We want certs from mirrors, because they will almost always succeed.
+       */
       directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
                                    resource, PDS_RETRY_IF_NO_SERVERS,
                                    DL_WANT_ANY_DIRSERVER);
@@ -942,7 +960,8 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
 
     if (smartlist_len(fp_pairs) > 1) {
       resource = smartlist_join_strings(fp_pairs, "", 0, NULL);
-      /* XXX - do we want certs from authorities or mirrors? - teor */
+      /* We want certs from mirrors, because they will almost always succeed.
+       */
       directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
                                    resource, PDS_RETRY_IF_NO_SERVERS,
                                    DL_WANT_ANY_DIRSERVER);