commit b8802e63b4d19699e27b740b46bf13012b1cbd1e Author: Nick Mathewson nickm@torproject.org Date: Tue Nov 29 14:51:01 2016 -0500
Fix the cases where prop271 differs from my implementation. --- proposals/271-another-guard-selection.txt | 46 ++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 16 deletions(-)
diff --git a/proposals/271-another-guard-selection.txt b/proposals/271-another-guard-selection.txt index b778b1f..c0463d3 100644 --- a/proposals/271-another-guard-selection.txt +++ b/proposals/271-another-guard-selection.txt @@ -108,6 +108,8 @@ Status: Open {SAMPLED_GUARDS} and {CONFIRMED_GUARDS} and other derived values for the UseBridges case.
+ In this case, we impose no upper limit on the sample size. + B. EntryNodes / ExcludeNodes / Reachable*Addresses / FascistFirewall / ClientUseIPv4=0
@@ -118,6 +120,13 @@ Status: Open If this fraction is less than {MEANINGFUL_RESTRICTION_FRAC}, we use a separate instance of the state.
+ (While Tor is running, we do not change back and forth between + the separate instance of the state and the default instance + unless the fraction of usable guards is 5% higher than, or 5% + lower than, {MEANINGFUL_RESTRICTION_FRAC}. This prevents us + from flapping back and forth between instances if we happen to + hit {MEANINGFUL_RESTRICTION_FRAC} exactly. + If this fraction is less than {EXTREME_RESTRICTION_FRAC}, we use a separate instance of the state, and warn the user.
@@ -134,8 +143,8 @@ Status: Open 3.0. The guards listed in the current consensus. [Section:GUARDS]
By {set:GUARDS} we mean the set of all guards in the current - consensus that are usable for all circuits. (They must have the - flags: Stable, Fast, V2Dir, Guard.) + consensus that are usable for all circuits and directory + requests. (They must have the flags: Stable, Fast, V2Dir, Guard.)
**Rationale**
@@ -192,9 +201,10 @@ Status: Open guard, and we don't know whether it will succeed.
We require that {SAMPLED_GUARDS} contain at least - {MIN_SAMPLE_THRESHOLD} of the number of guards in the consensus - (if possible), but not more than {MAX_SAMPLE_THRESHOLD} of the - number of guards in the consensus. + {MIN_FILTERED_SAMPLE} guards from the consensus (if possible), + but not more than {MAX_SAMPLE_THRESHOLD} of the number of guards + in the consensus. (But if the maximum would be smaller than + {MIN_FILTERED_SAMPLE}, we set the maximum at {MIN_FILTERED_SAMPLE}.)
To add a new guard to {SAMPLED_GUARDS}, pick an entry at random from ({GUARDS} - {SAMPLED_GUARDS}), weighted by bandwidth. @@ -207,11 +217,6 @@ Status: Open
OR
- * We have a live consensus, and we cannot parse - {ADDED_BY_VERSION}. - - OR - * We have a live consensus, and {ADDED_ON_DATE} is over {GUARD_LIFETIME} ago, *and* {CONFIRMED_ON_DATE} is either "never", or over {GUARD_CONFIRMED_MIN_LIFETIME} ago. @@ -256,6 +261,8 @@ Status: Open - It is not disabled because of ExcludeNodes. - It is a bridge if UseBridges is true; or it is not a bridge if UseBridges is false. + - Is included in EntryNodes if EntryNodes is set and + UseBridges is not. (But see 2.B above).
We have an additional subset, {set:USABLE_FILTERED_GUARDS}, which is defined to be the subset of {FILTERED_GUARDS} where @@ -522,8 +529,8 @@ Status: Open <waiting_for_better_guard> circuit might be ready to be called <complete>.
- * If any circuit is <waiting_for_better_guard>, and every currently - {is_pending} circuit whose guard has higher priority has been + * If any circuit is <waiting_for_better_guard>, and every + circuit with an {is_pending} guard having higher priority has been in state <usable_if_no_better_guard> for at least {NONPRIMARY_GUARD_CONNECT_TIMEOUT} seconds, and all primary guards have reachable status of <no>, then call that circuit @@ -584,16 +591,14 @@ A.1. Parameters with suggested values. [Section:PARAM_VALS]
(All suggested values chosen arbitrarily)
- {param:MIN_SAMPLE_THRESHOLD} -- 15 - - {param:MAX_SAMPLE_THRESHOLD} -- 50 + {param:MAX_SAMPLE_THRESHOLD} -- 30%
{param:GUARD_LIFETIME} -- 120 days
{param:REMOVE_UNLISTED_GUARDS_AFTER} -- 20 days [previously ENTRY_GUARD_REMOVE_AFTER]
- {param:MIN_FILTERED_SAMPLE} -- 10 + {param:MIN_FILTERED_SAMPLE} -- 20
{param:N_PRIMARY_GUARDS} -- 3
@@ -681,6 +686,15 @@ A.3. Why not a sliding scale of primaryness? [Section:CVP] simple to make to the code after we implement the simpler version of the algorithm described above.
+A.3. Controller changes + + We will add to control-spec.txt a new possible circuit state, GUARD_WAIT, + that can be given as part of circuit events and GETINFO responses about + circuits. A circuit is in the GUARD_WAIT state when it is fully built, + but we will not use it because a circuit with a better guard might + become built too. + + TODO. Still non-addressed issues [Section:TODO]
Formats to use when making information persistent