[tor-commits] [tor/master] Turn #defines for prop271 into networkstatus params
nickm at torproject.org
nickm at torproject.org
Fri Dec 16 16:26:18 UTC 2016
commit d2af9826fd0a75efee8612b96709c39f24196f53
Author: Nick Mathewson <nickm at torproject.org>
Date: Sat Nov 26 10:06:50 2016 -0500
Turn #defines for prop271 into networkstatus params
Some of these will get torrc options to override them too; this
is just the mechanical conversion.
Also, add documentation for a couple of undocumented (but now used)
parameters.
---
src/or/entrynodes.c | 144 ++++++++++++++++++++++++++++++++++++++++-----
src/or/entrynodes.h | 45 +++++++++-----
src/test/test_entrynodes.c | 14 ++---
3 files changed, 166 insertions(+), 37 deletions(-)
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 1c9349e..f1fe9f1 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -324,6 +324,118 @@ randomize_time,(time_t now, time_t max_backdate))
}
/**
+ * @name parameters for networkstatus algorithm
+ *
+ * These parameters are taken from the consensus; some are overrideable in
+ * the torrc.
+ */
+/**@{*/
+/**
+ * We never let our sampled guard set grow larger than this fraction
+ * of the guards on the network.
+ */
+STATIC double
+get_max_sample_threshold(void)
+{
+ int32_t pct =
+ networkstatus_get_param(NULL, "guard-max-sample-threshold-percent",
+ DFLT_MAX_SAMPLE_THRESHOLD_PERCENT,
+ 1, 100);
+ return pct / 100.0;
+}
+/**
+ * We always try to make our sample contain at least this many guards.
+ *
+ * XXXX prop271 There was a MIN_SAMPLE_THRESHOLD in the proposal, but I
+ * removed it in favor of MIN_FILTERED_SAMPLE_SIZE. -NM
+ */
+STATIC int
+get_min_filtered_sample_size(void)
+{
+ return networkstatus_get_param(NULL, "guard-min-filtered-sample-size",
+ DFLT_MIN_FILTERED_SAMPLE_SIZE,
+ 1, INT32_MAX);
+}
+/**
+ * If a guard is unlisted for this many days in a row, we remove it.
+ */
+STATIC int
+get_remove_unlisted_guards_after_days(void)
+{
+ return networkstatus_get_param(NULL,
+ "guard-remove-unlisted-guards-after-days",
+ DFLT_REMOVE_UNLISTED_GUARDS_AFTER_DAYS,
+ 1, 365*10);
+}
+/**
+ * We remove unconfirmed guards from the sample after this many days,
+ * regardless of whether they are listed or unlisted.
+ */
+STATIC int
+get_guard_lifetime_days(void)
+{
+ return networkstatus_get_param(NULL,
+ "guard-lifetime-days",
+ DFLT_GUARD_LIFETIME_DAYS, 1, 365*10);
+}
+/**
+ * We remove confirmed guards from the sample if they were sampled
+ * GUARD_LIFETIME_DAYS ago and confirmed this many days ago.
+ */
+STATIC int
+get_guard_confirmed_min_lifetime_days(void)
+{
+ return networkstatus_get_param(NULL, "guard-confirmed-min-lifetime-days",
+ DFLT_GUARD_CONFIRMED_MIN_LIFETIME_DAYS,
+ 1, 365*10);
+}
+/**
+ * How many guards do we try to keep on our primary guard list?
+ */
+STATIC int
+get_n_primary_guards(void)
+{
+ return networkstatus_get_param(NULL, "guard-n-primary-guards",
+ DFLT_N_PRIMARY_GUARDS, 1, INT32_MAX);
+}
+/**
+ * If we haven't successfully built or used a circuit in this long, then
+ * consider that the internet is probably down.
+ */
+STATIC int
+get_internet_likely_down_interval(void)
+{
+ return networkstatus_get_param(NULL, "guard-internet-likely-down-interval",
+ DFLT_INTERNET_LIKELY_DOWN_INTERVAL,
+ 1, INT32_MAX);
+}
+/**
+ * If we're trying to connect to a nonprimary guard for at least this
+ * many seconds, and we haven't gotten the connection to work, we will treat
+ * lower-priority guards as usable.
+ */
+STATIC int
+get_nonprimary_guard_connect_timeout(void)
+{
+ return networkstatus_get_param(NULL,
+ "guard-nonprimary-guard-connect-timeout",
+ DFLT_NONPRIMARY_GUARD_CONNECT_TIMEOUT,
+ 1, INT32_MAX);
+}
+/**
+ * If a circuit has been sitting around in 'waiting for better guard' state
+ * for at least this long, we'll expire it.
+ */
+STATIC int
+get_nonprimary_guard_idle_timeout(void)
+{
+ return networkstatus_get_param(NULL,
+ "guard-nonprimary-guard-idle-timeout",
+ (10*60), 1, INT32_MAX);
+}
+/**@}*/
+
+/**
* Return true iff <b>node</b> has all the flags needed for us to consider it
* a possible guard when sampling guards.
*/
@@ -377,7 +489,7 @@ STATIC entry_guard_t *
entry_guard_add_to_sample(guard_selection_t *gs,
const node_t *node)
{
- const int GUARD_LIFETIME = GUARD_LIFETIME_DAYS * 86400;
+ const int GUARD_LIFETIME = get_guard_lifetime_days() * 86400;
tor_assert(gs);
tor_assert(node);
@@ -470,8 +582,8 @@ entry_guards_expand_sample(guard_selection_t *gs)
if (! smartlist_len(eligible_guards))
goto done;
- const int max_sample = (int)(n_guards * MAX_SAMPLE_THRESHOLD);
- const int min_filtered_sample = MIN_FILTERED_SAMPLE_SIZE;
+ const int max_sample = (int)(n_guards * get_max_sample_threshold());
+ const int min_filtered_sample = get_min_filtered_sample_size();
log_info(LD_GUARD, "Expanding the sample guard set. We have %d guards "
"in the sample, and %d eligible guards to extend it with.",
@@ -570,7 +682,7 @@ sampled_guards_update_from_consensus(guard_selection_t *gs)
{
tor_assert(gs);
const int REMOVE_UNLISTED_GUARDS_AFTER =
- (REMOVE_UNLISTED_GUARDS_AFTER_DAYS * 86400);
+ (get_remove_unlisted_guards_after_days() * 86400);
const int unlisted_since_slop = REMOVE_UNLISTED_GUARDS_AFTER / 5;
// It's important to use only a live consensus here; we don't want to
@@ -637,9 +749,9 @@ sampled_guards_update_from_consensus(guard_selection_t *gs)
const time_t remove_if_unlisted_since =
approx_time() - REMOVE_UNLISTED_GUARDS_AFTER;
const time_t maybe_remove_if_sampled_before =
- approx_time() - (GUARD_LIFETIME_DAYS * 86400);
+ approx_time() - (get_guard_lifetime_days() * 86400);
const time_t remove_if_confirmed_before =
- approx_time() - (GUARD_CONFIRMED_MIN_LIFETIME_DAYS * 86400);
+ approx_time() - (get_guard_confirmed_min_lifetime_days() * 86400);
/* Then: remove the ones that have been junk for too long */
SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) {
@@ -656,7 +768,7 @@ sampled_guards_update_from_consensus(guard_selection_t *gs)
*/
log_info(LD_GUARD, "Removing sampled guard %s: it has been unlisted "
"for over %d days", entry_guard_describe(guard),
- REMOVE_UNLISTED_GUARDS_AFTER_DAYS);
+ get_remove_unlisted_guards_after_days());
remove = 1;
} else if (guard->sampled_on_date < maybe_remove_if_sampled_before) {
/* We have a live consensus, and {ADDED_ON_DATE} is over
@@ -668,13 +780,14 @@ sampled_guards_update_from_consensus(guard_selection_t *gs)
log_info(LD_GUARD, "Removing sampled guard %s: it was sampled "
"over %d days ago, but never confirmed.",
entry_guard_describe(guard),
- GUARD_LIFETIME_DAYS);
+ get_guard_lifetime_days());
} else if (guard->confirmed_on_date < remove_if_confirmed_before) {
remove = 1;
log_info(LD_GUARD, "Removing sampled guard %s: it was sampled "
"over %d days ago, and confirmed over %d days ago.",
entry_guard_describe(guard),
- GUARD_LIFETIME_DAYS, GUARD_CONFIRMED_MIN_LIFETIME_DAYS);
+ get_guard_lifetime_days(),
+ get_guard_confirmed_min_lifetime_days());
}
}
@@ -820,7 +933,8 @@ sample_reachable_filtered_entry_guards(guard_selection_t *gs,
log_info(LD_GUARD, "Trying to sample a reachable guard: We know of %d "
"in the USABLE_FILTERED set.", n_reachable_filtered);
- if (n_reachable_filtered < MIN_FILTERED_SAMPLE_SIZE) {
+ const int min_filtered_sample = get_min_filtered_sample_size();
+ if (n_reachable_filtered < min_filtered_sample) {
log_info(LD_GUARD, " (That isn't enough. Trying to expand the sample.)");
entry_guards_expand_sample(gs);
}
@@ -916,7 +1030,7 @@ make_guard_confirmed(guard_selection_t *gs, entry_guard_t *guard)
if (BUG(smartlist_contains(gs->confirmed_entry_guards, guard)))
return; // LCOV_EXCL_LINE
- const int GUARD_LIFETIME = GUARD_LIFETIME_DAYS * 86400;
+ const int GUARD_LIFETIME = get_guard_lifetime_days() * 86400;
guard->confirmed_on_date = randomize_time(approx_time(), GUARD_LIFETIME/10);
log_info(LD_GUARD, "Marking %s as a confirmed guard (index %d)",
@@ -947,6 +1061,8 @@ entry_guards_update_primary(guard_selection_t *gs)
tor_assert(!running);
running = 1;
+ const int N_PRIMARY_GUARDS = get_n_primary_guards();
+
smartlist_t *new_primary_guards = smartlist_new();
smartlist_t *old_primary_guards = smartlist_new();
smartlist_add_all(old_primary_guards, gs->primary_entry_guards);
@@ -1278,7 +1394,7 @@ entry_guards_note_guard_success(guard_selection_t *gs,
old_state == GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD);
new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD;
- if (last_time_on_internet + INTERNET_LIKELY_DOWN_INTERVAL
+ if (last_time_on_internet + get_internet_likely_down_interval()
< approx_time()) {
mark_primary_guards_maybe_reachable(gs);
}
@@ -1620,7 +1736,7 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs,
*/
int n_blockers_found = 0;
const time_t state_set_at_cutoff =
- approx_time() - NONPRIMARY_GUARD_CONNECT_TIMEOUT;
+ approx_time() - get_nonprimary_guard_connect_timeout();
SMARTLIST_FOREACH_BEGIN(all_circuits, origin_circuit_t *, circ) {
circuit_guard_state_t *state = origin_circuit_get_guard_state(circ);
if (state == NULL)
@@ -1678,7 +1794,7 @@ entry_guard_state_should_expire(circuit_guard_state_t *guard_state)
if (guard_state == NULL)
return 0;
const time_t expire_if_waiting_since =
- approx_time() - NONPRIMARY_GUARD_IDLE_TIMEOUT;
+ approx_time() - get_nonprimary_guard_idle_timeout();
return (guard_state->state == GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD
&& guard_state->state_set_at < expire_if_waiting_since);
}
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index 648e599..0ed94cb 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -347,63 +347,76 @@ int num_bridges_usable(void);
#ifdef ENTRYNODES_PRIVATE
/**
- * @name Parameters for the new (prop271) entry guard algorithm.
+ * @name Default values for the parameters for the new (prop271) entry guard
+ * algorithm.
*/
-/* XXXX prop271 some of these should be networkstatus parameters */
/**@{*/
/**
- * We never let our sampled guard set grow larger than this fraction
+ * We never let our sampled guard set grow larger than this percentage
* of the guards on the network.
*/
-#define MAX_SAMPLE_THRESHOLD 0.30
+#define DFLT_MAX_SAMPLE_THRESHOLD_PERCENT 30
/**
* We always try to make our sample contain at least this many guards.
*
* XXXX prop271 There was a MIN_SAMPLE_THRESHOLD in the proposal, but I
* removed it in favor of MIN_FILTERED_SAMPLE_SIZE. -NM
*/
-#define MIN_FILTERED_SAMPLE_SIZE 20
+#define DFLT_MIN_FILTERED_SAMPLE_SIZE 20
/**
* If a guard is unlisted for this many days in a row, we remove it.
*/
-#define REMOVE_UNLISTED_GUARDS_AFTER_DAYS 20
+#define DFLT_REMOVE_UNLISTED_GUARDS_AFTER_DAYS 20
/**
* We remove unconfirmed guards from the sample after this many days,
* regardless of whether they are listed or unlisted.
*/
-#define GUARD_LIFETIME_DAYS 120
+#define DFLT_GUARD_LIFETIME_DAYS 120
/**
* We remove confirmed guards from the sample if they were sampled
* GUARD_LIFETIME_DAYS ago and confirmed this many days ago.
*/
-#define GUARD_CONFIRMED_MIN_LIFETIME_DAYS 60
+#define DFLT_GUARD_CONFIRMED_MIN_LIFETIME_DAYS 60
/**
* How many guards do we try to keep on our primary guard list?
*/
-#define N_PRIMARY_GUARDS 3
+#define DFLT_N_PRIMARY_GUARDS 3
/**
* If we haven't successfully built or used a circuit in this long, then
* consider that the internet is probably down.
*/
-#define INTERNET_LIKELY_DOWN_INTERVAL (10*60)
+#define DFLT_INTERNET_LIKELY_DOWN_INTERVAL (10*60)
/**
- * DOCDOC. not yet used; see prop271.
+ * If we're trying to connect to a nonprimary guard for at least this
+ * many seconds, and we haven't gotten the connection to work, we will treat
+ * lower-priority guards as usable.
*/
-#define NONPRIMARY_GUARD_CONNECT_TIMEOUT 15
+#define DFLT_NONPRIMARY_GUARD_CONNECT_TIMEOUT 15
/**
- * DOCDOC. not yet used; see prop271.
+ * If a circuit has been sitting around in 'waiting for better guard' state
+ * for at least this long, we'll expire it.
*/
-#define NONPRIMARY_GUARD_IDLE_TIMEOUT (10*60)
+#define DLFT_NONPRIMARY_GUARD_IDLE_TIMEOUT (10*60)
/**
* DOCDOC. not yet used; see prop271.
*/
-#define MEANINGFUL_RESTRICTION_FRAC 0.2
+#define DFLT_MEANINGFUL_RESTRICTION_FRAC 0.2
/**
* DOCDOC. not yet used. see prop271.
*/
-#define EXTREME_RESTRICTION_FRAC 0.01
+#define DFLT_EXTREME_RESTRICTION_FRAC 0.01
/**@}*/
+STATIC double get_max_sample_threshold(void);
+STATIC int get_min_filtered_sample_size(void);
+STATIC int get_remove_unlisted_guards_after_days(void);
+STATIC int get_guard_lifetime_days(void);
+STATIC int get_guard_confirmed_min_lifetime_days(void);
+STATIC int get_n_primary_guards(void);
+STATIC int get_internet_likely_down_interval(void);
+STATIC int get_nonprimary_guard_connect_timeout(void);
+STATIC int get_nonprimary_guard_idle_timeout(void);
+
// ---------- XXXX these functions and definitions are post-prop271.
HANDLE_DECL(entry_guard, entry_guard_t, STATIC)
STATIC guard_selection_t *guard_selection_new(const char *name);
diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c
index de36142..ee08375 100644
--- a/src/test/test_entrynodes.c
+++ b/src/test/test_entrynodes.c
@@ -1425,7 +1425,7 @@ test_entry_guard_expand_sample(void *arg)
num_reachable_filtered_guards(gs));
/* Make sure we got the right number. */
- tt_int_op(MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
+ tt_int_op(DFLT_MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
num_reachable_filtered_guards(gs));
// Make sure everything we got was from our fake node list, and everything
@@ -1444,7 +1444,7 @@ test_entry_guard_expand_sample(void *arg)
// make no changes.
guard = entry_guards_expand_sample(gs);
tt_assert(! guard); // no guard was added.
- tt_int_op(MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
+ tt_int_op(DFLT_MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
num_reachable_filtered_guards(gs));
// Make a few guards unreachable.
@@ -1454,13 +1454,13 @@ test_entry_guard_expand_sample(void *arg)
guard->is_usable_filtered_guard = 0;
guard = smartlist_get(gs->sampled_entry_guards, 2);
guard->is_usable_filtered_guard = 0;
- tt_int_op(MIN_FILTERED_SAMPLE_SIZE - 3, OP_EQ,
+ tt_int_op(DFLT_MIN_FILTERED_SAMPLE_SIZE - 3, OP_EQ,
num_reachable_filtered_guards(gs));
// This time, expanding the sample will add some more guards.
guard = entry_guards_expand_sample(gs);
tt_assert(guard); // no guard was added.
- tt_int_op(MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
+ tt_int_op(DFLT_MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
num_reachable_filtered_guards(gs));
tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_EQ,
num_reachable_filtered_guards(gs)+3);
@@ -1468,7 +1468,7 @@ test_entry_guard_expand_sample(void *arg)
// Still idempotent.
guard = entry_guards_expand_sample(gs);
tt_assert(! guard); // no guard was added.
- tt_int_op(MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
+ tt_int_op(DFLT_MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
num_reachable_filtered_guards(gs));
// Now, do a nasty trick: tell the filter to exclude 31/32 of the guards.
@@ -1486,7 +1486,7 @@ test_entry_guard_expand_sample(void *arg)
// Surely (p ~ 1-2**-60), one of our guards has been excluded.
tt_int_op(num_reachable_filtered_guards(gs), OP_LT,
- MIN_FILTERED_SAMPLE_SIZE);
+ DFLT_MIN_FILTERED_SAMPLE_SIZE);
// Try to regenerate the guards.
guard = entry_guards_expand_sample(gs);
@@ -1494,7 +1494,7 @@ test_entry_guard_expand_sample(void *arg)
/* this time, it's possible that we didn't add enough sampled guards. */
tt_int_op(num_reachable_filtered_guards(gs), OP_LE,
- MIN_FILTERED_SAMPLE_SIZE);
+ DFLT_MIN_FILTERED_SAMPLE_SIZE);
/* but we definitely didn't exceed the sample maximum. */
tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_LE,
(int)((271 / 2) * .3));
More information about the tor-commits
mailing list