1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
<a id="dir-spec.txt-3.4.2"></a>
# Assigning flags in a vote
(This section describes how directory authorities choose which status
flags to apply to routers. Later directory authorities MAY do things
differently, so long as clients keep working well. Clients MUST NOT
depend on the exact behaviors in this section.)
In the below definitions, a router is considered "active" if it is
running, valid, and not hibernating.
When we speak of a router's bandwidth in this section, we mean either
its measured bandwidth, or its advertised bandwidth. If a sufficient
threshold (configurable with MinMeasuredBWsForAuthToIgnoreAdvertised,
500 by default) of routers have measured bandwidth values, then the
authority bases flags on _measured_ bandwidths, and treats nodes with
non-measured bandwidths as if their bandwidths were zero. Otherwise,
it uses measured bandwidths for nodes that have them, and advertised
bandwidths for other nodes.
When computing thresholds based on percentiles of nodes, an authority
only considers nodes that are active, that have not been
omitted as a sybil (see below), and whose bandwidth is at least
4 KB. Nodes that don't meet these criteria do not influence any
threshold calculations (including calculation of stability and uptime
and bandwidth thresholds) and also do not have their Exit status
change.
"Valid" -- a router is 'Valid' if it is running a version of Tor not
known to be broken, and the directory authority has not blacklisted
it as suspicious.
```text
"Named" --
"Unnamed" -- Directory authorities no longer assign these flags.
They were once used to determine whether a relay's nickname was
canonically linked to its public key.
```
"Running" -- A router is 'Running' if the authority managed to connect to
it successfully within the last 45 minutes on all its published ORPorts.
Authorities check reachability on:
```text
* the IPv4 ORPort in the "r" line, and
* the IPv6 ORPort considered for the "a" line, if:
* the router advertises at least one IPv6 ORPort, and
* AuthDirHasIPv6Connectivity 1 is set on the authority.
```
A minority of voting authorities that set AuthDirHasIPv6Connectivity will
drop unreachable IPv6 ORPorts from the full consensus. Consensus method 27
in 0.3.3.x puts IPv6 ORPorts in the microdesc consensus, so that
authorities can drop unreachable IPv6 ORPorts from all consensus flavors.
Consensus method 28 removes IPv6 ORPorts from microdescriptors.
"Stable" -- A router is 'Stable' if it is active, and either its Weighted
MTBF is at least the median for known active routers or its Weighted MTBF
corresponds to at least 7 days. Routers are never called Stable if they are
running a version of Tor known to drop circuits stupidly. (0.1.1.10-alpha
through 0.1.1.16-rc are stupid this way.)
To calculate weighted MTBF, compute the weighted mean of the lengths
of all intervals when the router was observed to be up, weighting
intervals by $\\alpha^n$, where $n$ is the amount of time that has
passed since the interval ended, and $\\alpha$ is chosen so that
measurements over approximately one month old no longer influence the
weighted MTBF much.
\[XXXX what happens when we have less than 4 days of MTBF info.\]
"Exit" -- A router is called an 'Exit' iff it allows exits to at
least one /8 address space on each of ports 80 and 443. (Up until
Tor version 0.3.2, the flag was assigned if relays exit to at least
two of the ports 80, 443, and 6667.)
"Fast" -- A router is 'Fast' if it is active, and its bandwidth is either in
the top 7/8ths for known active routers or at least 100KB/s.
"Guard" -- A router is a possible Guard if all of the following apply:
```text
- It is Fast,
- It is Stable,
- Its Weighted Fractional Uptime is at least the median for "familiar"
active routers,
- It is "familiar",
- Its bandwidth is at least AuthDirGuardBWGuarantee (if set, 2 MB by
default), OR its bandwidth is among the 25% fastest relays,
- It qualifies for the V2Dir flag as described below (this
constraint was added in 0.3.3.x, because in 0.3.0.x clients
started avoiding guards that didn't also have the V2Dir flag).
```
To calculate weighted fractional uptime, compute the fraction
of time that the router is up in any given day, weighting so that
downtime and uptime in the past counts less.
A node is 'familiar' if 1/8 of all active nodes have appeared more
recently than it, OR it has been around for a few weeks.
"Authority" -- A router is called an 'Authority' if the authority
generating the network-status document believes it is an authority.
"V2Dir" -- A router supports the v2 directory protocol or higher if it has
an open directory port OR a tunnelled-dir-server line in its router
descriptor, and it is running a version of the directory
protocol that supports the functionality clients need. (Currently, every
supported version of Tor supports the functionality that clients need,
but some relays might set "DirCache 0" or set really low rate limiting,
making them unqualified to be a directory mirror, i.e. they will omit
the tunnelled-dir-server line from their descriptor.)
"HSDir" -- A router is a v2 hidden service directory if it stores and
serves v2 hidden service descriptors, has the Stable and Fast flag, and the
authority believes that it's been up for at least 96 hours (or the current
value of MinUptimeHidServDirectoryV2).
"MiddleOnly" -- An authority should vote for this flag if it believes
that a relay is unsuitable for use except as a middle relay. When
voting for this flag, the authority should also vote against "Exit",
"Guard", "HsDir", and "V2Dir". When voting for this flag, if the
authority votes on the "BadExit" flag, the authority should vote in
favor of "BadExit". (This flag was added in 0.4.7.2-alpha.)
"NoEdConsensus" -- authorities should not vote on this flag; it is
produced as part of the consensus for consensus method 22 or later.
"StaleDesc" -- authorities should vote to assign this flag if the
published time on the descriptor is over 18 hours in the past. (This flag
was added in 0.4.0.1-alpha.)
"Sybil" -- authorities SHOULD NOT accept more than 2 relays on a single IP.
If this happens, the authority _should_ vote for the excess relays, but
should omit the Running or Valid flags and instead should assign the "Sybil"
flag. When there are more than 2 (or AuthDirMaxServersPerAddr) relays to
choose from, authorities should first prefer authorities to non-authorities,
then prefer Running to non-Running, and then prefer high-bandwidth to
low-bandwidth relays. In this comparison, measured bandwidth is used unless
it is not present for a router, in which case advertised bandwidth is used.
Thus, the network-status vote includes all non-blacklisted,
non-expired, non-superseded descriptors.
The bandwidth in a "w" line should be taken as the best estimate
of the router's actual capacity that the authority has. For now,
this should be the lesser of the observed bandwidth and bandwidth
rate limit from the server descriptor. It is given in kilobytes
per second, and capped at some arbitrary value (currently 10 MB/s).
The Measured= keyword on a "w" line vote is currently computed
by multiplying the previous published consensus bandwidth by the
ratio of the measured average node stream capacity to the network
average. If 3 or more authorities provide a Measured= keyword for
a router, the authorities produce a consensus containing a "w"
Bandwidth= keyword equal to the median of the Measured= votes.
As a special case, if the "w" line in a vote is about a relay with the
Authority flag, it should not include a Measured= keyword. The goal is
to leave such relays marked as Unmeasured, so they can reserve their
attention for authority-specific activities. "w" lines for votes about
authorities may include the bandwidth authority's measurement using
a different keyword, e.g. MeasuredButAuthority=, so it can still be
reported and recorded for posterity.
The ports listed in a "p" line should be taken as those ports for
which the router's exit policy permits 'most' addresses, ignoring any
accept not for all addresses, ignoring all rejects for private
netblocks. "Most" addresses are permitted if no more than 2^25
IPv4 addresses (two /8 networks) were blocked. The list is encoded
as described in section 3.8.2.
|
