[tor-commits] [tor/master] Add a separate, non-fractional, limit to the sampled guard set size.

nickm at torproject.org nickm at torproject.org
Fri Dec 16 16:26:19 UTC 2016 

commit 2e2f3a4d99885c0d348024dc85ed6ef064a62ace
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Dec 8 10:02:19 2016 -0500

    Add a separate, non-fractional, limit to the sampled guard set size.
    
    Letting the maximum sample size grow proportionally to the number of
    guards defeats its purpose to a certain extent.  Noted by asn during
    code review.
    
    Fixes bug 20920; bug not in any released (or merged) version of Tor.
---
 src/or/entrynodes.c | 14 +++++++++++++-
 src/or/entrynodes.h |  8 +++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index f41464a..3249ce2 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -402,6 +402,16 @@ get_max_sample_threshold(void)
   return pct / 100.0;
 }
 /**
+ * We never let our sampled guard set grow larger than this number.
+ */
+STATIC int
+get_max_sample_size_absolute(void)
+{
+  return (int) networkstatus_get_param(NULL, "guard-max-sample-size",
+                                       DFLT_MAX_SAMPLE_SIZE,
+                                       1, INT32_MAX);
+}
+/**
  * We always try to make our sample contain at least this many guards.
  *
  * XXXX prop271 spec deviation There was a MIN_SAMPLE_THRESHOLD in the
@@ -937,7 +947,9 @@ get_max_sample_size(guard_selection_t *gs,
   if (using_bridges)
     return n_guards;
 
-  const int max_sample = (int)(n_guards * get_max_sample_threshold());
+  const int max_sample_by_pct = (int)(n_guards * get_max_sample_threshold());
+  const int max_sample_absolute = get_max_sample_size_absolute();
+  const int max_sample = MIN(max_sample_by_pct, max_sample_absolute);
   if (max_sample < min_sample) // XXXX prop271 spec deviation
     return min_sample;
   else
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index 1133525..d7dc014 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -440,7 +440,12 @@ int num_bridges_usable(void);
  * We never let our sampled guard set grow larger than this percentage
  * of the guards on the network.
  */
-#define DFLT_MAX_SAMPLE_THRESHOLD_PERCENT 30
+#define DFLT_MAX_SAMPLE_THRESHOLD_PERCENT 20
+/**
+ * We never let our sampled guard set grow larger than this number of
+ * guards.
+ */
+#define DFLT_MAX_SAMPLE_SIZE 60
 /**
  * We always try to make our sample contain at least this many guards.
  *
@@ -495,6 +500,7 @@ int num_bridges_usable(void);
 /**@}*/
 
 STATIC double get_max_sample_threshold(void);
+STATIC int get_max_sample_size_absolute(void);
 STATIC int get_min_filtered_sample_size(void);
 STATIC int get_remove_unlisted_guards_after_days(void);
 STATIC int get_guard_lifetime_days(void);

More information about the tor-commits mailing list