On Mon, Feb 12, 2018 at 03:09:00PM +0000, nusenu wrote: > >>> NOTICE: moria1 had 756 HSDir flags in its vote but > >>> the consensus had 2583 > > I tried to find it on trac, I guess this is: > https://trac.torproject.org/projects/tor/ticket/19162
Yes, correct. moria1 runs all sorts of experimental patches. One of them is choosing the HSDir flag for relays based on: + hsdir_tk = find_nth_long(tks, n_active, n_active*3/4); + hsdir_bandwidth = find_nth_uint32(bandwidths_kb, n_active, n_active/4); That is, the relay needs to be in the top quarter of the relays by time-known, and in the top three-quarters of the relays by bandwidth weights (as decided by moria1's bwauth). I think the time-known idea is a potentially really smart one, since if we do it right we force attacking hsdir relays to be in the network for a long time before they are allowed to become hsdirs. --Roger
diff --git a/src/or/dirserv.c b/src/or/dirserv.c index d3bae24..9c4d91a 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1336,6 +1336,11 @@ static double guard_wfu = 0.0; /** Don't call a router a guard unless we've known about it for at least this * many seconds. */ static long guard_tk = 0; +/** Don't call a router an HSDir unless we've known about it for at least this + * many seconds. */ +static long hsdir_tk = 0; +/** Don't call a router an HSDir unless it has at least this weight. */ +static long hsdir_bandwidth = 0; /** Any router with a bandwidth at least this high is "Fast" */ static uint32_t fast_bandwidth_kb = 0; /** If exits can be guards, then all guards must have a bandwidth this @@ -1409,6 +1414,8 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router, { long uptime; + long tk = rep_hist_get_weighted_time_known(node->identity, now); + uint32_t bw_kb = dirserv_get_credible_bandwidth_kb(router); /* If we haven't been running for at least * get_options()->MinUptimeHidServDirectoryV2 seconds, we can't @@ -1427,6 +1434,8 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router, return (router->wants_to_be_hs_dir && router->supports_tunnelled_dir_requests && node->is_stable && node->is_fast && + tk >= hsdir_tk && + bw_kb >= hsdir_bandwidth && uptime >= get_options()->MinUptimeHidServDirectoryV2 && router_is_active(router, node, now)); } @@ -1463,9 +1472,10 @@ router_counts_toward_thresholds(const node_t *node, time_t now, /** Look through the routerlist, the Mean Time Between Failure history, and * the Weighted Fractional Uptime history, and use them to set thresholds for - * the Stable, Fast, and Guard flags. Update the fields stable_uptime, - * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, fast_bandwidth, - * guard_bandwidth_including_exits, and guard_bandwidth_excluding_exits. + * the Stable, Fast, Guard, and HSDir flags. Update the fields stable_uptime, + * stable_mtbf, enough_mtbf_info, guard_wfu, guard_tk, hsdir_tk, + * hsdir_bandwidth, fast_bandwidth, guard_bandwidth_including_exits, + * and guard_bandwidth_excluding_exits. * * Also, set the is_exit flag of each router appropriately. */ static void @@ -1492,6 +1502,8 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil) guard_bandwidth_excluding_exits_kb = 0; guard_tk = 0; guard_wfu = 0; + hsdir_tk = 0; + hsdir_bandwidth = 0; nodelist_assert_ok(); nodelist = nodelist_get_list(); @@ -1560,6 +1572,16 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil) guard_bandwidth_including_exits_kb = third_quartile_uint32(bandwidths_kb, n_active); guard_tk = find_nth_long(tks, n_active, n_active/8); + hsdir_tk = find_nth_long(tks, n_active, n_active*3/4); +// hsdir_bandwidth = median_uint32(bandwidths_kb, n_active); + hsdir_bandwidth = find_nth_uint32(bandwidths_kb, n_active, n_active/4); + } + + { + int i; + for (i = 0; i < n_active; i++) { + log_info(LD_GENERAL, "TK %d/%d: %ld", i, n_active, tks[i]); + } } if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR) @@ -1621,11 +1643,13 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil) } log_info(LD_DIRSERV, - "Cutoffs: For Stable, %lu sec uptime, %lu sec MTBF. " + "Cutoffs (%d active): For Stable, %lu sec uptime, %lu sec MTBF. " "For Fast: %lu kilobytes/sec. " "For Guard: WFU %.03f%%, time-known %lu sec, " "and bandwidth %lu or %lu kilobytes/sec. " + "For HSDir: time-known %lu sec, bandwidth %lu kilobytes/sec. " "We%s have enough stability data.", + n_active, (unsigned long)stable_uptime, (unsigned long)stable_mtbf, (unsigned long)fast_bandwidth_kb, @@ -1633,6 +1657,8 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil) (unsigned long)guard_tk, (unsigned long)guard_bandwidth_including_exits_kb, (unsigned long)guard_bandwidth_excluding_exits_kb, + (unsigned long)hsdir_tk, + (unsigned long)hsdir_bandwidth, enough_mtbf_info ? "" : " don't"); tor_free(uptimes);
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev