From 8e388bc39ceb9b1a642359005b320cdc994f8a4e Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Sat, 19 Nov 2011 18:29:42 -0500
Subject: Only call cull_wedged_cpuworkers once every 60 seconds.

The function is over 10 or 20% on some of Moritz's profiles, depending
on how you could.

Since it's checking for a multi-hour timeout, this is safe to do.

Fixes bug 4518.
---
 src/or/cpuworker.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'src/or')

diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index c5e4863f7f..9d196d36eb 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -446,9 +446,19 @@ assign_onionskin_to_cpuworker(connection_t *cpuworker,
 {
   char qbuf[1];
   char tag[TAG_LEN];
+  time_t now = approx_time();
+  static time_t last_culled_cpuworkers = 0;
 
-  cull_wedged_cpuworkers();
-  spawn_enough_cpuworkers();
+  /* Checking for wedged cpuworkers requires a linear search over all
+   * connections, so let's do it only once a minute.
+   */
+#define CULL_CPUWORKERS_INTERVAL 60
+
+  if (last_culled_cpuworkers + CULL_CPUWORKERS_INTERVAL <= now) {
+    cull_wedged_cpuworkers();
+    spawn_enough_cpuworkers();
+    last_culled_cpuworkers = now;
+  }
 
   if (1) {
     if (num_cpuworkers_busy == num_cpuworkers) {
-- 
cgit v1.2.3-54-g00ecf


From c0ec4eafc54d84089536caf51b1367e8d9ddacef Mon Sep 17 00:00:00 2001
From: Roger Dingledine <arma@torproject.org>
Date: Wed, 16 Nov 2011 20:55:33 -0500
Subject: parameterize bw cutoffs to guarantee Fast and Guard flags

Now it will be easier for researchers to simulate Tor networks with
different values. Resolves ticket 4484.
---
 changes/feature4484 |  8 ++++++++
 src/or/config.c     |  8 ++++++++
 src/or/dirserv.c    | 24 ++++++++++++------------
 src/or/or.h         |  8 ++++++++
 4 files changed, 36 insertions(+), 12 deletions(-)
 create mode 100644 changes/feature4484

(limited to 'src/or')

diff --git a/changes/feature4484 b/changes/feature4484
new file mode 100644
index 0000000000..78154e9649
--- /dev/null
+++ b/changes/feature4484
@@ -0,0 +1,8 @@
+  o Minor features:
+    - Add two new config options for directory authorities:
+      AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
+      Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
+      that is always sufficient to satisfy the bandwidth requirement for
+      the Guard flag. Now it will be easier for researchers to simulate
+      Tor networks with different values. Resolves ticket 4484.
+
diff --git a/src/or/config.c b/src/or/config.c
index ffa763e65c..94a6538fa9 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -175,6 +175,8 @@ static config_var_t _option_vars[] = {
   V(AuthDirBadDir,               LINELIST, NULL),
   V(AuthDirBadExit,              LINELIST, NULL),
   V(AuthDirInvalid,              LINELIST, NULL),
+  V(AuthDirFastGuarantee,        MEMUNIT,  "20 KB"),
+  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
   V(AuthDirReject,               LINELIST, NULL),
   V(AuthDirRejectUnlisted,       BOOL,     "0"),
   V(AuthDirListBadDirs,          BOOL,     "0"),
@@ -3373,6 +3375,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
   if (ensure_bandwidth_cap(&options->PerConnBWBurst,
                            "PerConnBWBurst", msg) < 0)
     return -1;
+  if (ensure_bandwidth_cap(&options->AuthDirFastGuarantee,
+                           "AuthDirFastGuarantee", msg) < 0)
+    return -1;
+  if (ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee,
+                           "AuthDirGuardBWGuarantee", msg) < 0)
+    return -1;
 
   if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
     options->RelayBandwidthBurst = options->RelayBandwidthRate;
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index c427fe2ef3..19d9702a96 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1692,12 +1692,6 @@ should_generate_v2_networkstatus(void)
 /** If a router's MTBF is at least this value, then it is always stable.
  * See above.  (Corresponds to about 7 days for current decay rates.) */
 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
-/** Similarly, we protect sufficiently fast nodes from being pushed
- * out of the set of Fast nodes. */
-#define BANDWIDTH_TO_GUARANTEE_FAST ROUTER_REQUIRED_MIN_BANDWIDTH
-/** Similarly, every node with sufficient bandwidth can be considered
- * for Guard status. */
-#define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
 /** Similarly, every node with at least this much weighted time known can be
  * considered familiar enough to be a guard.  Corresponds to about 20 days for
  * current decay rates.
@@ -1841,6 +1835,7 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
   long *tks;
   double *mtbfs, *wfus;
   time_t now = time(NULL);
+  or_options_t *options = get_options();
 
   /* initialize these all here, in case there are no routers */
   stable_uptime = 0;
@@ -1910,8 +1905,11 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
   if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
     guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
 
-  if (fast_bandwidth > BANDWIDTH_TO_GUARANTEE_FAST)
-    fast_bandwidth = BANDWIDTH_TO_GUARANTEE_FAST;
+  /* Protect sufficiently fast nodes from being pushed out of the set
+   * of Fast nodes. */
+  if (options->AuthDirFastGuarantee &&
+      fast_bandwidth > options->AuthDirFastGuarantee)
+    fast_bandwidth = options->AuthDirFastGuarantee;
 
   /* Now that we have a time-known that 7/8 routers are known longer than,
    * fill wfus with the wfu of every such "familiar" router. */
@@ -2335,6 +2333,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
   const or_options_t *options = get_options();
   int unstable_version =
     !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
+  uint32_t routerbw = router_get_advertised_bandwidth(ri);
+
   memset(rs, 0, sizeof(routerstatus_t));
 
   rs->is_authority =
@@ -2360,10 +2360,10 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
   rs->is_valid = ri->is_valid;
 
   if (rs->is_fast &&
-      (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
-       router_get_advertised_bandwidth(ri) >=
-                              MIN(guard_bandwidth_including_exits,
-                                  guard_bandwidth_excluding_exits)) &&
+      ((options->AuthDirGuardBWGuarantee &&
+        routerbw >= options->AuthDirGuardBWGuarantee) ||
+       routerbw >= MIN(guard_bandwidth_including_exits,
+                       guard_bandwidth_excluding_exits)) &&
       (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays ||
        is_router_version_good_for_possible_guard(ri->platform))) {
     long tk = rep_hist_get_weighted_time_known(
diff --git a/src/or/or.h b/src/or/or.h
index 7d50e1f505..c0714ee4c6 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2676,6 +2676,14 @@ typedef struct {
    * exploitation of CVE-2011-2768 against their clients? */
   int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays;
 
+  /** If non-zero, always vote the Fast flag for any relay advertising
+   * this amount of capacity or more. */
+  uint64_t AuthDirFastGuarantee;
+
+  /** If non-zero, this advertised capacity or more is always sufficient
+   * to satisfy the bandwidth requirement for the Guard flag. */
+  uint64_t AuthDirGuardBWGuarantee;
+
   char *AccountingStart; /**< How long is the accounting interval, and when
                           * does it start? */
   uint64_t AccountingMax; /**< How many bytes do we allow per accounting
-- 
cgit v1.2.3-54-g00ecf