[tor-commits] [tor/master] When computing performance thresholds, ignore omitted-as-sybil nodes.
nickm at torproject.org
nickm at torproject.org
Mon Feb 4 17:39:03 UTC 2013
commit 40c13240c08349b94d39a1af320f61a1f7a4fda0
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Feb 4 10:19:26 2013 -0500
When computing performance thresholds, ignore omitted-as-sybil nodes.
Fixes bug 8146.
---
changes/bug8146_etc | 5 +++++
src/or/dirserv.c | 18 ++++++++++--------
2 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/changes/bug8146_etc b/changes/bug8146_etc
new file mode 100644
index 0000000..d59c4c1
--- /dev/null
+++ b/changes/bug8146_etc
@@ -0,0 +1,5 @@
+ o Major bugfixes (security, directory authority):
+ - When computing directory thresholds, ignore any rejected-as-sybil
+ nodes during the computation so that they can't influence Fast,
+ Guard, etc. Fixes bug 8146.
+
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index e2cd7cf..320b8e0 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1893,7 +1893,8 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
*
* Also, set the is_exit flag of each router appropriately. */
static void
-dirserv_compute_performance_thresholds(routerlist_t *rl)
+dirserv_compute_performance_thresholds(routerlist_t *rl,
+ digestmap_t *omit_as_sybil)
{
int n_active, n_active_nonexit, n_familiar;
uint32_t *uptimes, *bandwidths, *bandwidths_excluding_exits;
@@ -1935,7 +1936,8 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
/* Now, fill in the arrays. */
SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) {
routerinfo_t *ri = node->ri;
- if (ri && router_is_active(ri, node, now)) {
+ if (ri && router_is_active(ri, node, now) &&
+ !digestmap_get(omit_as_sybil, ri->cache_info.identity_digest)) {
const char *id = ri->cache_info.identity_digest;
uint32_t bw;
node->is_exit = (!router_exit_policy_rejects_all(ri) &&
@@ -1997,7 +1999,8 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) {
routerinfo_t *ri = node->ri;
- if (ri && router_is_active(ri, node, now)) {
+ if (ri && router_is_active(ri, node, now) &&
+ !digestmap_get(omit_as_sybil, ri->cache_info.identity_digest)) {
const char *id = ri->cache_info.identity_digest;
long tk = rep_hist_get_weighted_time_known(id, now);
if (tk < guard_tk)
@@ -2751,13 +2754,13 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
dirserv_set_router_is_running(ri, now);
});
- dirserv_compute_performance_thresholds(rl);
-
routers = smartlist_new();
smartlist_add_all(routers, rl->routers);
routers_sort_by_identity(routers);
omit_as_sybil = get_possible_sybil_list(routers);
+ dirserv_compute_performance_thresholds(rl, omit_as_sybil);
+
routerstatuses = smartlist_new();
microdescriptors = smartlist_new();
@@ -3008,14 +3011,13 @@ generate_v2_networkstatus_opinion(void)
dirserv_set_router_is_running(ri, now);
});
- dirserv_compute_performance_thresholds(rl);
-
routers = smartlist_new();
smartlist_add_all(routers, rl->routers);
routers_sort_by_identity(routers);
-
omit_as_sybil = get_possible_sybil_list(routers);
+ dirserv_compute_performance_thresholds(rl, omit_as_sybil);
+
SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
if (ri->cache_info.published_on >= cutoff) {
routerstatus_t rs;
More information about the tor-commits
mailing list