diff options
| author | Peter Palfrader <peter@palfrader.org> | 2008-08-12 19:37:33 +0000 |
|---|---|---|
| committer | Peter Palfrader <peter@palfrader.org> | 2008-08-12 19:37:33 +0000 |
| commit | 5bad8637298cffea139e61820d0e9b488618c1cb (patch) | |
| tree | 652d77aa4ba800b5536d2782479119eaa2ce586a /proposals/141-jit-sd-downloads.txt | |
| parent | 858fa0f55305ffda4f98fc2dbe481d1fe8176157 (diff) | |
| download | torspec-5bad8637298cffea139e61820d0e9b488618c1cb.tar.gz torspec-5bad8637298cffea139e61820d0e9b488618c1cb.zip | |
Describe summary algorithm in more detail, based on prototype
svn:r16514
Diffstat (limited to 'proposals/141-jit-sd-downloads.txt')
| -rw-r--r-- | proposals/141-jit-sd-downloads.txt | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/proposals/141-jit-sd-downloads.txt b/proposals/141-jit-sd-downloads.txt index f2c816f..42154f7 100644 --- a/proposals/141-jit-sd-downloads.txt +++ b/proposals/141-jit-sd-downloads.txt @@ -216,11 +216,21 @@ Status: Draft addresses. A summary should claim a router exits to a specific TCP port if, - ignoring private IP addresses (link and site local per RFC3300), the - exit policy indicates that the router would exit to this port to any - IP address with the exception of at most 2^25 single addresses (That's - either two /8 netblocks, or one /8 and a couple of /12s or any other - combination). + ignoring private IP addresses, the exit policy indicates that the + router would exit to this port to most IP address. either two /8 + netblocks, or one /8 and a couple of /12s or any other combination). + The exact algorith used is this: Going through all exit policy items + - ignore any accept that is not for all IP addresses ("*"), + - ignore rejects for these netblocks (exactly, no subnetting): + 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, + and 172.16.0.0/12m + - for each reject count the number of IP addresses rejected against + the affected ports, + - once we hit an accept for all IP addresses ("*") add the ports in + that policy item to the list of accepted ports, if they don't have + more than 2^25 IP addresses (that's two /8 networks) counted + against them (i.e. if the router exits to a port to everywhere but + at most two /8 networks). An exit policy summary will be included in votes and consensus as a new line attached to each exit node. A lack of policy should indicate @@ -230,7 +240,10 @@ Status: Draft portranges (e.g. "22,80-88,1024-6000,6667"). Whether the summary shows the list of accepted ports or the list of rejected ports depends on which list is shorter (has a shorter string representation). In case of - ties we choose the list of accepted ports. + ties we choose the list of accepted ports. Summary items are + compressed, that is instead of "80-88,89-100" there only is a single + item of "80-100", similarly instead of "20,21" a summary will say + "20-21". Similarly to IP address, ports, and timestamp a consensus should list the exit policy matching the descriptor digest referenced in the |