diff options
| author | Sebastian Hahn <sebastian@torproject.org> | 2010-12-30 19:54:13 +0100 |
|---|---|---|
| committer | Sebastian Hahn <sebastian@torproject.org> | 2011-01-15 19:42:17 +0100 |
| commit | 038f759779abcf74eb3c71d887946709981cde03 (patch) | |
| tree | 1692deeb74ccecf591bb200ba4bc656acd647d84 /path-spec.txt | |
| parent | 130ff4614dce691a0d28855210b415d1d279e621 (diff) | |
| download | torspec-038f759779abcf74eb3c71d887946709981cde03.tar.gz torspec-038f759779abcf74eb3c71d887946709981cde03.zip | |
Sanity-check consensus param values
We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.
One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.
This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
Diffstat (limited to 'path-spec.txt')
| -rw-r--r-- | path-spec.txt | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/path-spec.txt b/path-spec.txt index 2e4207b..4e1bdd0 100644 --- a/path-spec.txt +++ b/path-spec.txt @@ -421,12 +421,16 @@ of their choices. cbtdisabled Default: 0 - Effect: If non-zero, all CircuitBuildTime learning code should be + Min: 0 + Max: 1 + Effect: If 1, all CircuitBuildTime learning code should be disabled and history should be discarded. For use in emergency situations only. cbtnummodes Default: 3 + Min: 1 + Max: 20 Effect: This value governs how many modes to use in the weighted average calculation of Pareto paramter Xm. A value of 3 introduces some bias (2-5% of CDF) under ideal conditions, but allows for better @@ -435,43 +439,61 @@ of their choices. cbtrecentcount Default: 20 + Min: 3 + Max: 1000 Effect: This is the number of circuit build times to keep track of for the following option. cbtmaxtimeouts Default: 18 + Min: 3 + Max: 10000 Effect: When this many timeouts happen in the last 'cbtrecentcount' circuit attempts, the client should discard all of its history and begin learning a fresh timeout value. cbtmincircs Default: 100 + Min: 1 + Max: 10000 Effect: This is the minimum number of circuits to build before computing a timeout. cbtquantile Default: 80 + Min: 10 + Max: 99 Effect: This is the position on the quantile curve to use to set the - timeout value. It is a percent (0-99). + timeout value. It is a percent (10-99). cbtclosequantile Default: 95 + Min: Value of cbtquantile parameter + Max: 99 Effect: This is the position on the quantile curve to use to set the timeout value to use to actually close circuits. It is a percent (0-99). cbttestfreq Default: 60 + Min: 1 + Max: 2147483647 (INT32_MAX) Effect: Describes how often in seconds to build a test circuit to gather timeout values. Only applies if less than 'cbtmincircs' have been recorded. cbtmintimeout Default: 2000 + Min: 500 + Max: 2147483647 (INT32_MAX) Effect: This is the minimum allowed timeout value in milliseconds. + The minimum is to prevent rounding to 0 (we only check once + per second). cbtinitialtimeout Default: 60000 + Min: Value of cbtmintimeout + Max: 2147483647 (INT32_MAX) Effect: This is the timeout value to use before computing a timeout, in milliseconds. |