From b8802e63b4d19699e27b740b46bf13012b1cbd1e Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 29 Nov 2016 14:51:01 -0500 Subject: Fix the cases where prop271 differs from my implementation. --- proposals/271-another-guard-selection.txt | 46 ++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 16 deletions(-) (limited to 'proposals/271-another-guard-selection.txt') diff --git a/proposals/271-another-guard-selection.txt b/proposals/271-another-guard-selection.txt index b778b1f..c0463d3 100644 --- a/proposals/271-another-guard-selection.txt +++ b/proposals/271-another-guard-selection.txt @@ -108,6 +108,8 @@ Status: Open {SAMPLED_GUARDS} and {CONFIRMED_GUARDS} and other derived values for the UseBridges case. + In this case, we impose no upper limit on the sample size. + B. EntryNodes / ExcludeNodes / Reachable*Addresses / FascistFirewall / ClientUseIPv4=0 @@ -118,6 +120,13 @@ Status: Open If this fraction is less than {MEANINGFUL_RESTRICTION_FRAC}, we use a separate instance of the state. + (While Tor is running, we do not change back and forth between + the separate instance of the state and the default instance + unless the fraction of usable guards is 5% higher than, or 5% + lower than, {MEANINGFUL_RESTRICTION_FRAC}. This prevents us + from flapping back and forth between instances if we happen to + hit {MEANINGFUL_RESTRICTION_FRAC} exactly. + If this fraction is less than {EXTREME_RESTRICTION_FRAC}, we use a separate instance of the state, and warn the user. @@ -134,8 +143,8 @@ Status: Open 3.0. The guards listed in the current consensus. [Section:GUARDS] By {set:GUARDS} we mean the set of all guards in the current - consensus that are usable for all circuits. (They must have the - flags: Stable, Fast, V2Dir, Guard.) + consensus that are usable for all circuits and directory + requests. (They must have the flags: Stable, Fast, V2Dir, Guard.) **Rationale** @@ -192,9 +201,10 @@ Status: Open guard, and we don't know whether it will succeed. We require that {SAMPLED_GUARDS} contain at least - {MIN_SAMPLE_THRESHOLD} of the number of guards in the consensus - (if possible), but not more than {MAX_SAMPLE_THRESHOLD} of the - number of guards in the consensus. + {MIN_FILTERED_SAMPLE} guards from the consensus (if possible), + but not more than {MAX_SAMPLE_THRESHOLD} of the number of guards + in the consensus. (But if the maximum would be smaller than + {MIN_FILTERED_SAMPLE}, we set the maximum at {MIN_FILTERED_SAMPLE}.) To add a new guard to {SAMPLED_GUARDS}, pick an entry at random from ({GUARDS} - {SAMPLED_GUARDS}), weighted by bandwidth. @@ -205,11 +215,6 @@ Status: Open {FIRST_UNLISTED_AT} is over {REMOVE_UNLISTED_GUARDS_AFTER} days in the past. - OR - - * We have a live consensus, and we cannot parse - {ADDED_BY_VERSION}. - OR * We have a live consensus, and {ADDED_ON_DATE} is over @@ -256,6 +261,8 @@ Status: Open - It is not disabled because of ExcludeNodes. - It is a bridge if UseBridges is true; or it is not a bridge if UseBridges is false. + - Is included in EntryNodes if EntryNodes is set and + UseBridges is not. (But see 2.B above). We have an additional subset, {set:USABLE_FILTERED_GUARDS}, which is defined to be the subset of {FILTERED_GUARDS} where @@ -522,8 +529,8 @@ Status: Open circuit might be ready to be called . - * If any circuit is , and every currently - {is_pending} circuit whose guard has higher priority has been + * If any circuit is , and every + circuit with an {is_pending} guard having higher priority has been in state for at least {NONPRIMARY_GUARD_CONNECT_TIMEOUT} seconds, and all primary guards have reachable status of , then call that circuit @@ -584,16 +591,14 @@ A.1. Parameters with suggested values. [Section:PARAM_VALS] (All suggested values chosen arbitrarily) - {param:MIN_SAMPLE_THRESHOLD} -- 15 - - {param:MAX_SAMPLE_THRESHOLD} -- 50 + {param:MAX_SAMPLE_THRESHOLD} -- 30% {param:GUARD_LIFETIME} -- 120 days {param:REMOVE_UNLISTED_GUARDS_AFTER} -- 20 days [previously ENTRY_GUARD_REMOVE_AFTER] - {param:MIN_FILTERED_SAMPLE} -- 10 + {param:MIN_FILTERED_SAMPLE} -- 20 {param:N_PRIMARY_GUARDS} -- 3 @@ -681,6 +686,15 @@ A.3. Why not a sliding scale of primaryness? [Section:CVP] simple to make to the code after we implement the simpler version of the algorithm described above. +A.3. Controller changes + + We will add to control-spec.txt a new possible circuit state, GUARD_WAIT, + that can be given as part of circuit events and GETINFO responses about + circuits. A circuit is in the GUARD_WAIT state when it is fully built, + but we will not use it because a circuit with a better guard might + become built too. + + TODO. Still non-addressed issues [Section:TODO] Formats to use when making information persistent -- cgit v1.2.3-54-g00ecf