Added prefixes to testing-network-only configuration options.

svn:r15375
This commit is contained in:
Karsten Loesing 2008-06-20 17:03:13 +00:00
parent a2a3d1e329
commit 33ced73597
7 changed files with 117 additions and 116 deletions

View File

@ -11,6 +11,7 @@ Change history:
29-Apr-2008 Initial proposal for or-dev
19-May-2008 Included changes based on comments by Nick to or-dev and
added a section for test cases.
18-Jun-2008 Changed testing-network-only configuration option names.
Overview:
@ -52,13 +53,13 @@ Design:
V3AuthVotingInterval, V3AuthVoteDelay, and V3AuthDistDelay do not have an
effect on the _initial_ voting schedule, but only on the schedule that a
directory authority votes for). This can be achieved by introducing three
new configuration options: V3AuthInitialVotingInterval,
V3AuthInitialVoteDelay, and V3AuthInitialDistDelay.
new configuration options: TestingV3AuthInitialVotingInterval,
TestingV3AuthInitialVoteDelay, and TestingV3AuthInitialDistDelay.
As first safeguards, Tor should only accept configuration values for
V3AuthInitialVotingInterval that divide evenly into the default value of
30 minutes. The effect is that even if people misconfigured their
directory authorities, they would meet at the default values at the
TestingV3AuthInitialVotingInterval that divide evenly into the default
value of 30 minutes. The effect is that even if people misconfigured
their directory authorities, they would meet at the default values at the
latest. The second safeguard is to allow configuration only when the
umbrella configuration option TestingTorNetwork is set.
@ -75,12 +76,12 @@ Design:
* reachability information is not accurate. */
#define DIRSERV_TIME_TO_GET_REACHABILITY_INFO (30*60)
There should be another configuration option DirTimeToLearnReachability with
a default value of 30 minutes that can be changed when running testing
Tor networks, e.g. to 0 minutes. The configuration value would simply
replace the quoted constant. Again, changing this option could be
safeguarded by requiring the umbrella configuration option
TestingTorNetwork to be set.
There should be another configuration option
TestingAuthDirTimeToLearnReachability with a default value of 30 minutes
that can be changed when running testing Tor networks, e.g. to 0 minutes.
The configuration value would simply replace the quoted constant. Again,
changing this option could be safeguarded by requiring the umbrella
configuration option TestingTorNetwork to be set.
1.3. Reduce Estimated Descriptor Propagation Time
@ -95,9 +96,9 @@ Design:
#define ESTIMATED_PROPAGATION_TIME (10*60)
We suggest to introduce a new config option
EstimatedDescriptorPropagationTime which defaults to 10 minutes, but that
can be set to any lower non-negative value, e.g. 0 minutes. The same
safeguards as in 1.2 could be used here, too.
TestingEstimatedDescriptorPropagationTime which defaults to 10 minutes,
but that can be set to any lower non-negative value, e.g. 0 minutes. The
same safeguards as in 1.2 could be used here, too.
2. Umbrella Option for Setting Up Private Tor Networks
@ -143,15 +144,15 @@ Design:
- V3AuthDistDelay 20 seconds
Accelerate voting schedule after first consensus has been reached.
- V3AuthInitialVotingInterval 5 minutes
- V3AuthInitialVoteDelay 20 seconds
- V3AuthInitialDistDelay 20 seconds
- TestingV3AuthInitialVotingInterval 5 minutes
- TestingV3AuthInitialVoteDelay 20 seconds
- TestingV3AuthInitialDistDelay 20 seconds
Accelerate initial voting schedule until first consensus is reached.
- DirTimeToLearnReachability 0 minutes
- TestingAuthDirTimeToLearnReachability 0 minutes
Consider routers as Running from the start of running an authority.
- EstimatedDescriptorPropagationTime 0 minutes
- TestingEstimatedDescriptorPropagationTime 0 minutes
Clients try downloading router descriptors from directory caches,
even when they are not 10 minutes old.
@ -170,9 +171,9 @@ Test:
"mydir 127.0.0.1:1234 0000000000000000000000000000000000000000"
telnet 127.0.0.1 9051
AUTHENTICATE
GETCONF TestingTorNetwork DirTimeToLearnReachability
GETCONF TestingTorNetwork TestingAuthDirTimeToLearnReachability
250-TestingTorNetwork=1
250 DirTimeToLearnReachability=0
250 TestingAuthDirTimeToLearnReachability=0
QUIT
2. Set TestingTorNetwork and a dependent configuration value to see if
@ -180,12 +181,12 @@ Test:
tor DataDirectory . ControlPort 9051 TestingTorNetwork 1 DirServer \
"mydir 127.0.0.1:1234 0000000000000000000000000000000000000000" \
DirTimeToLearnReachability 5
TestingAuthDirTimeToLearnReachability 5
telnet 127.0.0.1 9051
AUTHENTICATE
GETCONF TestingTorNetwork DirTimeToLearnReachability
GETCONF TestingTorNetwork TestingAuthDirTimeToLearnReachability
250-TestingTorNetwork=1
250 DirTimeToLearnReachability=5
250 TestingAuthDirTimeToLearnReachability=5
QUIT
3. Start with TestingTorNetwork set and change a dependent configuration
@ -195,9 +196,9 @@ Test:
"mydir 127.0.0.1:1234 0000000000000000000000000000000000000000"
telnet 127.0.0.1 9051
AUTHENTICATE
SETCONF DirTimeToLearnReachability=5
GETCONF DirTimeToLearnReachability
250 DirTimeToLearnReachability=5
SETCONF TestingAuthDirTimeToLearnReachability=5
GETCONF TestingAuthDirTimeToLearnReachability
250 TestingAuthDirTimeToLearnReachability=5
QUIT
4. Start with TestingTorNetwork set and a dependent configuration value,
@ -206,14 +207,14 @@ Test:
tor DataDirectory . ControlPort 9051 TestingTorNetwork 1 DirServer \
"mydir 127.0.0.1:1234 0000000000000000000000000000000000000000" \
DirTimeToLearnReachability 5
TestingAuthDirTimeToLearnReachability 5
telnet 127.0.0.1 9051
AUTHENTICATE
GETCONF DirTimeToLearnReachability
250 DirTimeToLearnReachability=5
RESETCONF DirTimeToLearnReachability
GETCONF DirTimeToLearnReachability
250 DirTimeToLearnReachability=0
GETCONF TestingAuthDirTimeToLearnReachability
250 TestingAuthDirTimeToLearnReachability=5
RESETCONF TestingAuthDirTimeToLearnReachability
GETCONF TestingAuthDirTimeToLearnReachability
250 TestingAuthDirTimeToLearnReachability=0
QUIT
5. Leave TestingTorNetwork unset and check if dependent configuration
@ -223,9 +224,9 @@ Test:
"mydir 127.0.0.1:1234 0000000000000000000000000000000000000000"
telnet 127.0.0.1 9051
AUTHENTICATE
GETCONF TestingTorNetwork DirTimeToLearnReachability
GETCONF TestingTorNetwork TestingAuthDirTimeToLearnReachability
250-TestingTorNetwork=0
250 DirTimeToLearnReachability=1800
250 TestingAuthDirTimeToLearnReachability=1800
QUIT
6. Leave TestingTorNetwork unset, but set dependent configuration option
@ -233,9 +234,10 @@ Test:
tor DataDirectory . ControlPort 9051 DirServer \
"mydir 127.0.0.1:1234 0000000000000000000000000000000000000000" \
DirTimeToLearnReachability 0
[warn] Failed to parse/validate config: DirTimeToLearnReachability may
only be changed in testing Tor networks!
TestingAuthDirTimeToLearnReachability 0
[warn] Failed to parse/validate config:
TestingAuthDirTimeToLearnReachability may only be changed in testing
Tor networks!
7. Start with TestingTorNetwork unset and change dependent configuration
option later on which should fail.
@ -244,9 +246,9 @@ Test:
"mydir 127.0.0.1:1234 0000000000000000000000000000000000000000"
telnet 127.0.0.1 9051
AUTHENTICATE
SETCONF DirTimeToLearnReachability=0
513 Unacceptable option value: DirTimeToLearnReachability may only be
changed in testing Tor networks!
SETCONF TestingAuthDirTimeToLearnReachability=0
513 Unacceptable option value: TestingAuthDirTimeToLearnReachability
may only be changed in testing Tor networks!
8. Start with TestingTorNetwork unset and set it later on which should
fail.
@ -267,8 +269,8 @@ Test:
telnet 127.0.0.1 9051
AUTHENTICATE
RESETCONF TestingTorNetwork
513 Unacceptable option value: V3AuthInitialVotingInterval may only be
changed in testing Tor networks!
513 Unacceptable option value: TestingV3AuthInitialVotingInterval may
only be changed in testing Tor networks!
10. Set TestingTorNetwork, but do not provide an alternate DirServer
which should fail.

View File

@ -1318,41 +1318,41 @@ non-default set of DirServers is set. Cannot be unset while Tor is running.
.IP "V3AuthVotingInterval 5 minutes"
.IP "V3AuthVoteDelay 20 seconds"
.IP "V3AuthDistDelay 20 seconds"
.IP "V3AuthInitialVotingInterval 5 minutes"
.IP "V3AuthInitialVoteDelay 20 seconds"
.IP "V3AuthInitialDistDelay 20 seconds"
.IP "DirTimeToLearnReachability 0 minutes"
.IP "EstimatedDescriptorPropagationTime 0 minutes"
.IP "TestingV3AuthInitialVotingInterval 5 minutes"
.IP "TestingV3AuthInitialVoteDelay 20 seconds"
.IP "TestingV3AuthInitialDistDelay 20 seconds"
.IP "TestingAuthDirTimeToLearnReachability 0 minutes"
.IP "TestingEstimatedDescriptorPropagationTime 0 minutes"
.RE
.PD
.LP
.TP
\fBV3AuthInitialVotingInterval\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
\fBTestingV3AuthInitialVotingInterval\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
Like \fBV3AuthVotingInterval\fR, but for initial voting interval before the
first consensus has been created. Changing this requires that
\fBTestingTorNetwork\fR is set. (Default: 30 minutes)
.LP
.TP
\fBV3AuthInitialVoteDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
Like \fBV3AuthInitialVoteDelay\fR, but for initial voting interval before
the first consensus has been created. Changing this requires that
\fBTestingV3AuthInitialVoteDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
Like \fBTestingV3AuthInitialVoteDelay\fR, but for initial voting interval
before the first consensus has been created. Changing this requires that
\fBTestingTorNetwork\fR is set. (Default: 5 minutes)
.LP
.TP
\fBV3AuthInitialDistDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
Like \fBV3AuthInitialDistDelay\fR, but for initial voting interval before
the first consensus has been created. Changing this requires that
\fBTestingV3AuthInitialDistDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
Like \fBTestingV3AuthInitialDistDelay\fR, but for initial voting interval
before the first consensus has been created. Changing this requires that
\fBTestingTorNetwork\fR is set. (Default: 5 minutes)
.LP
.TP
\fBDirTimeToLearnReachability\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
\fBTestingAuthDirTimeToLearnReachability\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
After starting as an authority, do not make claims about whether routers are
Running until this much time has passed.
Changing this requires that\fBTestingTorNetwork\fR is set.
(Default: 30 minutes)
.LP
.TP
\fBEstimatedDescriptorPropagationTime\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
\fBTestingEstimatedDescriptorPropagationTime\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
Clients try downloading router descriptors from directory caches after this
time. Changing this requires that \fBTestingTorNetwork\fR is set.
(Default: 10 minutes)

View File

@ -175,7 +175,7 @@ static config_var_t _option_vars[] = {
V(DataDirectory, FILENAME, NULL),
OBSOLETE("DebugLogFile"),
V(DirAllowPrivateAddresses, BOOL, NULL),
V(DirTimeToLearnReachability, INTERVAL, "30 minutes"),
V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
V(DirListenAddress, LINELIST, NULL),
OBSOLETE("DirFetchPeriod"),
V(DirPolicy, LINELIST, NULL),
@ -193,7 +193,7 @@ static config_var_t _option_vars[] = {
V(DownloadExtraInfo, BOOL, "0"),
V(EnforceDistinctSubnets, BOOL, "1"),
V(EntryNodes, STRING, NULL),
V(EstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
V(ExcludeNodes, STRING, NULL),
V(ExitNodes, STRING, NULL),
V(ExitPolicy, LINELIST, NULL),
@ -312,9 +312,9 @@ static config_var_t _option_vars[] = {
VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),
VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir, "0"),
VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"),
V(V3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
V(V3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
V(V3AuthInitialDistDelay, INTERVAL, "5 minutes"),
V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
V(V3AuthVotingInterval, INTERVAL, "1 hour"),
V(V3AuthVoteDelay, INTERVAL, "5 minutes"),
V(V3AuthDistDelay, INTERVAL, "5 minutes"),
@ -345,11 +345,11 @@ static config_var_t testing_tor_network_defaults[] = {
V(V3AuthVotingInterval, INTERVAL, "5 minutes"),
V(V3AuthVoteDelay, INTERVAL, "20 seconds"),
V(V3AuthDistDelay, INTERVAL, "20 seconds"),
V(V3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
V(V3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
V(V3AuthInitialDistDelay, INTERVAL, "20 seconds"),
V(DirTimeToLearnReachability, INTERVAL, "0 minutes"),
V(EstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
{ NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
#undef VAR
@ -3392,57 +3392,58 @@ options_validate(or_options_t *old_options, or_options_t *options,
/* Keep changes to hard-coded values synchronous to man page and default
* values table. */
if (options->V3AuthInitialVotingInterval != 30*60 &&
if (options->TestingV3AuthInitialVotingInterval != 30*60 &&
!options->TestingTorNetwork) {
REJECT("V3AuthInitialVotingInterval may only be changed in testing "
REJECT("TestingV3AuthInitialVotingInterval may only be changed in testing "
"Tor networks!");
} else if (options->V3AuthInitialVotingInterval < MIN_VOTE_INTERVAL) {
REJECT("V3AuthInitialVotingInterval is insanely low.");
} else if (((30*60) % options->V3AuthInitialVotingInterval) != 0) {
REJECT("V3AuthInitialVotingInterval does not divide evenly into "
} else if (options->TestingV3AuthInitialVotingInterval < MIN_VOTE_INTERVAL) {
REJECT("TestingV3AuthInitialVotingInterval is insanely low.");
} else if (((30*60) % options->TestingV3AuthInitialVotingInterval) != 0) {
REJECT("TestingV3AuthInitialVotingInterval does not divide evenly into "
"30 minutes.");
}
if (options->V3AuthInitialVoteDelay != 5*60 &&
if (options->TestingV3AuthInitialVoteDelay != 5*60 &&
!options->TestingTorNetwork) {
REJECT("V3AuthInitialVoteDelay may only be changed in testing "
REJECT("TestingV3AuthInitialVoteDelay may only be changed in testing "
"Tor networks!");
} else if (options->V3AuthInitialVoteDelay < MIN_VOTE_SECONDS) {
REJECT("V3AuthInitialVoteDelay is way too low.");
} else if (options->TestingV3AuthInitialVoteDelay < MIN_VOTE_SECONDS) {
REJECT("TestingV3AuthInitialVoteDelay is way too low.");
}
if (options->V3AuthInitialDistDelay != 5*60 &&
if (options->TestingV3AuthInitialDistDelay != 5*60 &&
!options->TestingTorNetwork) {
REJECT("V3AuthInitialDistDelay may only be changed in testing "
REJECT("TestingV3AuthInitialDistDelay may only be changed in testing "
"Tor networks!");
} else if (options->V3AuthInitialDistDelay < MIN_DIST_SECONDS) {
REJECT("V3AuthInitialDistDelay is way too low.");
} else if (options->TestingV3AuthInitialDistDelay < MIN_DIST_SECONDS) {
REJECT("TestingV3AuthInitialDistDelay is way too low.");
}
if (options->V3AuthInitialVoteDelay + options->V3AuthInitialDistDelay >=
options->V3AuthInitialVotingInterval/2) {
REJECT("V3AuthInitialVoteDelay plus V3AuthInitialDistDelay must be "
"less than half V3AuthInitialVotingInterval");
if (options->TestingV3AuthInitialVoteDelay +
options->TestingV3AuthInitialDistDelay >=
options->TestingV3AuthInitialVotingInterval/2) {
REJECT("TestingV3AuthInitialVoteDelay plus TestingV3AuthInitialDistDelay "
"must be less than half TestingV3AuthInitialVotingInterval");
}
if (options->DirTimeToLearnReachability != 30*60 &&
if (options->TestingAuthDirTimeToLearnReachability != 30*60 &&
!options->TestingTorNetwork) {
REJECT("DirTimeToLearnReachability may only be changed in testing "
"Tor networks!");
} else if (options->DirTimeToLearnReachability < 0) {
REJECT("DirTimeToLearnReachability must be non-negative.");
} else if (options->DirTimeToLearnReachability > 2*60*60) {
COMPLAIN("DirTimeToLearnReachability is insanely high.");
}
if (options->EstimatedDescriptorPropagationTime != 10*60 &&
!options->TestingTorNetwork) {
REJECT("EstimatedDescriptorPropagationTime may only be changed in "
REJECT("TestingAuthDirTimeToLearnReachability may only be changed in "
"testing Tor networks!");
} else if (options->EstimatedDescriptorPropagationTime < 0) {
REJECT("EstimatedDescriptorPropagationTime must be non-negative.");
} else if (options->EstimatedDescriptorPropagationTime > 60*60) {
COMPLAIN("EstimatedDescriptorPropagationTime is insanely high.");
} else if (options->TestingAuthDirTimeToLearnReachability < 0) {
REJECT("TestingAuthDirTimeToLearnReachability must be non-negative.");
} else if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) {
COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high.");
}
if (options->TestingEstimatedDescriptorPropagationTime != 10*60 &&
!options->TestingTorNetwork) {
REJECT("TestingEstimatedDescriptorPropagationTime may only be changed in "
"testing Tor networks!");
} else if (options->TestingEstimatedDescriptorPropagationTime < 0) {
REJECT("TestingEstimatedDescriptorPropagationTime must be non-negative.");
} else if (options->TestingEstimatedDescriptorPropagationTime > 60*60) {
COMPLAIN("TestingEstimatedDescriptorPropagationTime is insanely high.");
}
if (options->TestingTorNetwork) {

View File

@ -2154,7 +2154,8 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
tor_assert(private_key);
tor_assert(cert);
if (now - time_of_process_start < options->DirTimeToLearnReachability)
if (now - time_of_process_start <
options->TestingAuthDirTimeToLearnReachability)
vote_on_reachability = 0;
if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
@ -2240,7 +2241,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
last_consensus_interval = current_consensus->fresh_until -
current_consensus->valid_after;
else
last_consensus_interval = options->V3AuthInitialVotingInterval;
last_consensus_interval = options->TestingV3AuthInitialVotingInterval;
v3_out->valid_after =
dirvote_get_start_of_next_interval(now, (int)last_consensus_interval);
format_iso_time(tbuf, v3_out->valid_after);

View File

@ -1308,9 +1308,9 @@ dirvote_recalculate_timing(or_options_t *options, time_t now)
vote_delay = consensus->vote_seconds;
dist_delay = consensus->dist_seconds;
} else {
interval = options->V3AuthInitialVotingInterval;
vote_delay = options->V3AuthInitialVoteDelay;
dist_delay = options->V3AuthInitialDistDelay;
interval = options->TestingV3AuthInitialVotingInterval;
vote_delay = options->TestingV3AuthInitialVoteDelay;
dist_delay = options->TestingV3AuthInitialDistDelay;
}
tor_assert(interval > 0);

View File

@ -2355,31 +2355,27 @@ typedef struct {
* migration purposes? */
int V3AuthUseLegacyKey;
/*XXXX021 I think all these "Testing Networks only" options should perhaps
* have a common prefix. -NM */
/** The length of time that we think an initial consensus should be fresh.
* Only altered on testing networks. */
int V3AuthInitialVotingInterval;
int TestingV3AuthInitialVotingInterval;
/** The length of time we think it will take to distribute initial votes.
* Only altered on testing networks. */
int V3AuthInitialVoteDelay;
int TestingV3AuthInitialVoteDelay;
/** The length of time we think it will take to distribute initial
* signatures. Only altered on testing networks.*/
int V3AuthInitialDistDelay;
int TestingV3AuthInitialDistDelay;
/*XXXX021 why is this not prefixed to indicate that it's an authority
* option? */
/** If an authority has been around for less than this amount of time, it
* does not believe its reachability information is accurate. Only
* altered on testing networks. */
int DirTimeToLearnReachability;
int TestingAuthDirTimeToLearnReachability;
/** Clients don't download any descriptor this recent, since it will
* probably not have propagated to enough caches. Only altered on testing
* networks. */
int EstimatedDescriptorPropagationTime;
int TestingEstimatedDescriptorPropagationTime;
/** If true, we take part in a testing network. Change the defaults of a
* couple of other configuration options and allow to change the values

View File

@ -3729,7 +3729,8 @@ client_would_use_router(routerstatus_t *rs, time_t now, or_options_t *options)
* But, if we want to have a complete list, fetch it anyway. */
return 0;
}
if (rs->published_on + options->EstimatedDescriptorPropagationTime > now) {
if (rs->published_on + options->TestingEstimatedDescriptorPropagationTime
> now) {
/* Most caches probably don't have this descriptor yet. */
return 0;
}