| blob | 4f7593a3e1b6d13feedc288e75c33ca5deb56900 |
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2019, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 /**
7 * \file voteflags.c
8 * \brief Authority code for deciding the performance thresholds for flags,
9 * and assigning flags to routers.
10 **/
12 #define VOTEFLAGS_PRIVATE
36 /** If a router's uptime is at least this value, then it is always
37 * considered stable, regardless of the rest of the network. This
38 * way we resist attacks where an attacker doubles the size of the
39 * network using allegedly high-uptime nodes, displacing all the
40 * current guards. */
41 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
42 /** If a router's MTBF is at least this value, then it is always stable.
43 * See above. (Corresponds to about 7 days for current decay rates.) */
44 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
45 /** Similarly, every node with at least this much weighted time known can be
46 * considered familiar enough to be a guard. Corresponds to about 20 days for
47 * current decay rates.
48 */
49 #define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60)
50 /** Similarly, every node with sufficient WFU is around enough to be a guard.
51 */
52 #define WFU_TO_GUARANTEE_GUARD (0.98)
54 /* Thresholds for server performance: set by
55 * dirserv_compute_performance_thresholds, and used by
56 * generate_v2_networkstatus */
58 /** Any router with an uptime of at least this value is stable. */
60 /** Any router with an mtbf of at least this value is stable. */
62 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
63 * than stable_uptime. */
65 /** Any router with a weighted fractional uptime of at least this much might
66 * be good as a guard. */
68 /** Don't call a router a guard unless we've known about it for at least this
69 * many seconds. */
71 /** Any router with a bandwidth at least this high is "Fast" */
73 /** If exits can be guards, then all guards must have a bandwidth this
74 * high. */
76 /** If exits can't be guards, then all guards must have a bandwidth this
77 * high. */
80 /** Helper: estimate the uptime of a router given its stated uptime and the
81 * amount of time since it last stated its stated uptime. */
84 {
87 else
89 }
91 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
92 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
93 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
94 * bandwidth.
95 */
96 static int
100 {
103 /* XXXX We should change the rule from
104 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
105 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
106 * hit a point where we need to reset a lot of authorities at once,
107 * none of them would be in a position to declare Stable.
108 */
119 }
120 }
125 }
127 }
129 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
130 * not hibernating, having observed bw greater 0, and not too old. Else
131 * return 0.
132 */
133 static int
135 {
139 }
142 }
143 /* Only require bandwidth capacity in non-test networks, or
144 * if TestingTorNetwork, and TestingMinExitFlagThreshold is non-zero */
148 /* If we're in a TestingTorNetwork, and TestingMinExitFlagThreshold is,
149 * then require bandwidthcapacity */
151 }
153 /* If we're not in a TestingTorNetwork, then require bandwidthcapacity */
155 }
156 }
158 }
160 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
161 *
162 * Right now this means it advertises support for it, it has a high uptime,
163 * it's a directory cache, it has the Stable and Fast flags, and it's currently
164 * considered Running.
165 *
166 * This function needs to be called after router-\>is_running has
167 * been set.
168 */
169 static int
172 {
176 /* If we haven't been running for at least
177 * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't
178 * have accurate data telling us a relay has been up for at least
179 * that long. We also want to allow a bit of slack: Reachability
180 * tests aren't instant. If we haven't been running long enough,
181 * trust the relay. */
187 else
195 }
197 /** Don't consider routers with less bandwidth than this when computing
198 * thresholds. */
199 #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
201 /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
202 * include a router in our calculations, and return true iff we should; the
203 * require_mbw parameter is passed in by
204 * dirserv_compute_performance_thresholds() and controls whether we ever
205 * count routers with only advertised bandwidths */
206 static int
210 {
211 /* Have measured bw? */
219 }
225 }
227 /** Look through the routerlist, the Mean Time Between Failure history, and
228 * the Weighted Fractional Uptime history, and use them to set thresholds for
229 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
230 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
231 * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
232 *
233 * Also, set the is_exit flag of each router appropriately. */
234 void
236 {
245 /* Require mbw? */
250 /* initialize these all here, in case there are no routers */
262 /* Initialize arrays that will hold values for each router. We'll
263 * sort them and use that to compute thresholds. */
265 /* Uptime for every active router. */
267 /* Bandwidth for every active router. */
269 /* Bandwidth for every active non-exit router. */
270 bandwidths_excluding_exits_kb =
272 /* Weighted mean time between failure for each active router. */
274 /* Time-known for each active router. */
276 /* Weighted fractional uptime for each active router. */
279 /* Now, fill in the arrays. */
290 }
293 require_mbw)) {
297 /* resolve spurious clang shallow analysis null pointer errors */
307 }
309 }
312 /* Now, compute thresholds. */
314 /* The median uptime is stable. */
316 /* The median mtbf is stable, if we have enough mtbf info */
318 /* The 12.5th percentile bandwidth is fast. */
320 /* (Now bandwidths is sorted.) */
323 guard_bandwidth_including_exits_kb =
326 }
331 {
332 /* We can vote on a parameter for the minimum and maximum. */
333 #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
336 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
337 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
338 INT32_MAX);
341 }
351 }
352 /* Protect sufficiently fast nodes from being pushed out of the set
353 * of Fast nodes. */
358 /* Now that we have a time-known that 7/8 routers are known longer than,
359 * fill wfus with the wfu of every such "familiar" router. */
371 }
381 guard_bandwidth_excluding_exits_kb =
384 }
387 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
388 "For Fast: %lu kilobytes/sec. "
389 "For Guard: WFU %.03f%%, time-known %lu sec, "
390 "and bandwidth %lu or %lu kilobytes/sec. "
407 }
409 /* Use dirserv_compute_performance_thresholds() to compute the thresholds
410 * for the status flags, specifically for bridges.
411 *
412 * This is only called by a Bridge Authority from
413 * networkstatus_getinfo_by_purpose().
414 */
415 void
417 {
421 }
423 /** Give a statement of our current performance thresholds for inclusion
424 * in a vote document. */
427 {
435 "stable-uptime=%lu stable-mtbf=%lu "
436 "fast-speed=%lu "
437 "guard-wfu=%.03f%% guard-tk=%lu "
438 "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
451 }
453 /* DOCDOC running_long_enough_to_decide_unreachable */
454 int
456 {
457 return time_of_process_start
459 }
461 /** Each server needs to have passed a reachability test no more
462 * than this number of seconds ago, or it is listed as down in
463 * the directory. */
464 #define REACHABLE_TIMEOUT (45*60)
466 /** If we tested a router and found it reachable _at least this long_ after it
467 * declared itself hibernating, it is probably done hibernating and we just
468 * missed a descriptor from it. */
469 #define HIBERNATION_PUBLICATION_SKEW (60*60)
471 /** Treat a router as alive if
472 * - It's me, and I'm not hibernating.
473 * or - We've found it reachable recently. */
474 void
476 {
477 /*XXXX This function is a mess. Separate out the part that calculates
478 whether it's reachable and the part that tells rephist that the router was
479 unreachable.
480 */
487 /* We always know if we are shutting down or hibernating ourselves. */
492 /* A hibernating router is down unless we (somehow) had contact with it
493 * since it declared itself to be hibernating. */
496 /* If AssumeReachable, everybody is up unless they say they are down! */
499 /* Otherwise, a router counts as up if we found all announced OR
500 ports reachable in the last REACHABLE_TIMEOUT seconds.
502 XXX prop186 For now there's always one IPv4 and at most one
503 IPv6 OR port.
505 If we're not on IPv6, don't consider reachability of potential
506 IPv6 OR port since that'd kill all dual stack relays until a
507 majority of the dir auths have IPv6 connectivity. */
512 }
515 /* Not considered reachable. tell rephist about that.
517 Because we launch a reachability test for each router every
518 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
519 been down since at least that time after we last successfully reached
520 it.
522 XXX ipv6
523 */
529 }
532 }
534 /** Extract status information from <b>ri</b> and from other authority
535 * functions and store it in <b>rs</b>. <b>rs</b> is zeroed out before it is
536 * set.
537 *
538 * We assume that ri-\>is_running has already been set, e.g. by
539 * dirserv_set_router_is_running(ri, now);
540 */
541 void
547 {
556 /* Already set by compute_performance_thresholds. */
571 guard_bandwidth_excluding_exits_kb))) {
579 }
590 DIGEST_LEN);
603 /* We're configured as having IPv6 connectivity. There's an IPv6
604 OR port and it's reachable so copy it to the routerstatus. */
610 }
614 }
615 }
617 /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
618 * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
619 * respectively. But don't set the corresponding node flags.
620 * Should only be called if TestingTorNetwork is set. */
621 STATIC void
623 {
633 }
640 }
647 }
648 }