| blob | 2fbac47b300305a6023d525423b0582ea55ed35c |
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 /**
7 * \file voteflags.c
8 * \brief Authority code for deciding the performance thresholds for flags,
9 * and assigning flags to routers.
10 **/
12 #define VOTEFLAGS_PRIVATE
39 /* Thresholds for server performance: set by
40 * dirserv_compute_performance_thresholds, and used by
41 * generate_v2_networkstatus */
43 /** Any router with an uptime of at least this value is stable. */
45 /** Any router with an mtbf of at least this value is stable. */
47 /** If true, we have measured enough mtbf info to look at stable_mtbf rather
48 * than stable_uptime. */
50 /** Any router with a weighted fractional uptime of at least this much might
51 * be good as a guard. */
53 /** Don't call a router a guard unless we've known about it for at least this
54 * many seconds. */
56 /** Any router with a bandwidth at least this high is "Fast" */
58 /** If exits can be guards, then all guards must have a bandwidth this
59 * high. */
61 /** If exits can't be guards, then all guards must have a bandwidth this
62 * high. */
65 /** Helper: estimate the uptime of a router given its stated uptime and the
66 * amount of time since it last stated its stated uptime. */
69 {
72 else
74 }
76 /** Return 1 if <b>router</b> is not suitable for these parameters, else 0.
77 * If <b>need_uptime</b> is non-zero, we require a minimum uptime.
78 * If <b>need_capacity</b> is non-zero, we require a minimum advertised
79 * bandwidth.
80 */
81 static int
85 {
88 /* XXXX We should change the rule from
89 * "use uptime if we don't have mtbf data" to "don't advertise Stable on
90 * v3 if we don't have enough mtbf data." Or maybe not, since if we ever
91 * hit a point where we need to reset a lot of authorities at once,
92 * none of them would be in a position to declare Stable.
93 */
104 }
105 }
110 }
112 }
114 /** Return 1 if <b>ri</b>'s descriptor is "active" -- running, valid,
115 * not hibernating, and not too old. Else return 0.
116 */
117 static int
119 {
123 }
126 }
128 }
130 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
131 *
132 * Right now this means it advertises support for it, it has a high uptime,
133 * it's a directory cache, it has the Stable and Fast flags, and it's currently
134 * considered Running.
135 *
136 * This function needs to be called after router-\>is_running has
137 * been set.
138 */
139 static int
142 {
146 /* If we haven't been running for at least
147 * MinUptimeHidServDirectoryV2 seconds, we can't
148 * have accurate data telling us a relay has been up for at least
149 * that long. We also want to allow a bit of slack: Reachability
150 * tests aren't instant. If we haven't been running long enough,
151 * trust the relay. */
157 else
165 }
167 /** Don't consider routers with less bandwidth than this when computing
168 * thresholds. */
169 #define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER_KB 4
171 /** Helper for dirserv_compute_performance_thresholds(): Decide whether to
172 * include a router in our calculations, and return true iff we should; the
173 * require_mbw parameter is passed in by
174 * dirserv_compute_performance_thresholds() and controls whether we ever
175 * count routers with only advertised bandwidths */
176 static int
180 {
181 /* Have measured bw? */
190 }
196 }
198 /** Look through the routerlist, the Mean Time Between Failure history, and
199 * the Weighted Fractional Uptime history, and use them to set thresholds for
200 * the Stable, Fast, and Guard flags. Update the fields stable_uptime,
201 * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth,
202 * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits.
203 *
204 * Also, set the is_exit flag of each router appropriately. */
205 void
207 {
217 /* Require mbw? */
222 /* initialize these all here, in case there are no routers */
234 /* Initialize arrays that will hold values for each router. We'll
235 * sort them and use that to compute thresholds. */
237 /* Uptime for every active router. */
239 /* Bandwidth for every active router. */
241 /* Bandwidth for every active non-exit router. */
242 bandwidths_excluding_exits_kb =
244 /* Weighted mean time between failure for each active router. */
246 /* Time-known for each active router. */
248 /* Weighted fractional uptime for each active router. */
251 /* Now, fill in the arrays. */
262 }
265 require_mbw)) {
269 /* resolve spurious clang shallow analysis null pointer errors */
279 }
281 }
284 /* Now, compute thresholds. */
286 /* The median uptime is stable. */
288 /* The median mtbf is stable, if we have enough mtbf info */
290 /* The 12.5th percentile bandwidth is fast. */
292 /* (Now bandwidths is sorted.) */
297 guard_bandwidth_including_exits_kb =
300 }
305 {
306 /* We can vote on a parameter for the minimum and maximum. */
307 #define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4
310 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
311 ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
312 INT32_MAX);
315 }
325 }
326 /* Protect sufficiently fast nodes from being pushed out of the set
327 * of Fast nodes. */
328 {
332 }
334 /* Now that we have a time-known that 7/8 routers are known longer than,
335 * fill wfus with the wfu of every such "familiar" router. */
347 }
359 guard_bandwidth_excluding_exits_kb =
361 }
364 "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. "
365 "For Fast: %lu kilobytes/sec. "
366 "For Guard: WFU %.03f%%, time-known %lu sec, "
367 "and bandwidth %lu or %lu kilobytes/sec. "
384 }
386 /* Use dirserv_compute_performance_thresholds() to compute the thresholds
387 * for the status flags, specifically for bridges.
388 *
389 * This is only called by a Bridge Authority from
390 * networkstatus_getinfo_by_purpose().
391 */
392 void
394 {
398 }
400 /** Give a statement of our current performance thresholds for inclusion
401 * in a vote document. */
404 {
412 "stable-uptime=%lu stable-mtbf=%lu "
413 "fast-speed=%lu "
414 "guard-wfu=%.03f%% guard-tk=%lu "
415 "guard-bw-inc-exits=%lu guard-bw-exc-exits=%lu "
428 }
430 /** Directory authorities should avoid expressing an opinion on the
431 * Running flag if their own uptime is too low for the opinion to be
432 * accurate. They implement this step by not listing Running on the
433 * "known-flags" line in their vote.
434 *
435 * The default threshold is 30 minutes, because authorities do a full
436 * reachability sweep of the ID space every 10*128=1280 seconds
437 * (see REACHABILITY_TEST_CYCLE_PERIOD).
438 *
439 * For v3 dir auths, as long as some authorities express an opinion about
440 * Running, it's fine if a few authorities don't. There's an explicit
441 * check, when making the consensus, to abort if *no* authorities list
442 * Running as a known-flag.
443 *
444 * For the bridge authority, if it doesn't vote about Running, the
445 * resulting networkstatus file simply won't list any bridges as Running.
446 * That means the supporting tools, like bridgedb/rdsys and onionoo, need
447 * to be able to handle getting a bridge networkstatus document with no
448 * Running flags. For more details, see
449 * https://bugs.torproject.org/tpo/anti-censorship/rdsys/102 */
450 int
452 {
456 }
458 /** Each server needs to have passed a reachability test no more
459 * than this number of seconds ago, or it is listed as down in
460 * the directory. */
461 #define REACHABLE_TIMEOUT (45*60)
463 /** If we tested a router and found it reachable _at least this long_ after it
464 * declared itself hibernating, it is probably done hibernating and we just
465 * missed a descriptor from it. */
466 #define HIBERNATION_PUBLICATION_SKEW (60*60)
468 /** Treat a router as alive if
469 * - It's me, and I'm not hibernating.
470 * or - We've found it reachable recently. */
471 void
473 {
474 /*XXXX This function is a mess. Separate out the part that calculates
475 whether it's reachable and the part that tells rephist that the router was
476 unreachable.
477 */
484 /* We always know if we are shutting down or hibernating ourselves. */
489 /* A hibernating router is down unless we (somehow) had contact with it
490 * since it declared itself to be hibernating. */
493 /* If we aren't testing reachability, then everybody is up unless they say
494 * they are down. */
497 /* Otherwise, a router counts as up if we found all announced OR
498 ports reachable in the last REACHABLE_TIMEOUT seconds.
500 XXX prop186 For now there's always one IPv4 and at most one
501 IPv6 OR port.
503 If we're not on IPv6, don't consider reachability of potential
504 IPv6 OR port since that'd kill all dual stack relays until a
505 majority of the dir auths have IPv6 connectivity. */
510 }
513 /* Not considered reachable. tell rephist about that.
515 Because we launch a reachability test for each router every
516 REACHABILITY_TEST_CYCLE_PERIOD seconds, then the router has probably
517 been down since at least that time after we last successfully reached
518 it.
520 XXX ipv6
521 */
527 }
530 }
532 /* Check <b>node</b> and <b>ri</b> on whether or not we should publish a
533 * relay's IPv6 addresses. */
534 static int
537 {
544 }
546 /** Set routerstatus flags based on the authority options. Same as the testing
547 * function but for the main network. */
548 static void
550 {
555 /* Assign Guard flag to relays that can get it unconditionnaly. */
558 }
559 }
561 /**
562 * Extract status information from <b>ri</b> and from other authority
563 * functions and store it in <b>rs</b>, as per
564 * <b>set_routerstatus_from_routerinfo</b>. Additionally, sets information
565 * in from the authority subsystem.
566 */
567 void
574 {
578 /* Set these flags so that set_routerstatus_from_routerinfo can copy them.
579 */
586 /* Override rs->is_possible_guard. */
592 guard_bandwidth_excluding_exits_kb))) {
600 }
602 /* Override rs->is_bad_exit */
605 /* Override rs->is_middle_only and related flags. */
611 }
613 /* Set rs->is_staledesc. */
618 /* We're not configured as having IPv6 connectivity or the node isn't:
619 * zero its IPv6 information. */
622 }
628 }
629 }
631 /** Use TestingDirAuthVoteExit, TestingDirAuthVoteGuard, and
632 * TestingDirAuthVoteHSDir to give out the Exit, Guard, and HSDir flags,
633 * respectively. But don't set the corresponding node flags.
634 * Should only be called if TestingTorNetwork is set. */
635 STATIC void
637 {
647 }
654 }
661 }
662 }
664 /** Use dirserv_set_router_is_running() to set bridges as running if they're
665 * reachable.
666 *
667 * This function is called from set_bridge_running_callback() when running as
668 * a bridge authority.
669 */
670 void
672 {
679 }