From 4443934702da0aee0a553bc8b0639fe192b103fd Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Oct 2006 15:45:48 +0000 Subject: [PATCH] r9091@totoro: nickm | 2006-10-19 11:45:28 -0400 Change to BadExit logic: Let authorities set an "I list bad exits" flag. Consider an exit bad if it is listed as bad by more than half of *those* authorities. This gives us a better migration path. svn:r8756 --- ChangeLog | 5 +++-- doc/dir-spec.txt | 2 ++ doc/path-spec.txt | 5 +++-- src/or/or.h | 2 ++ src/or/routerlist.c | 5 ++++- src/or/routerparse.c | 2 ++ 6 files changed, 16 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 186cf6cee1..66e547e346 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,8 @@ Changes in version 0.1.2.3-alpha - 2006-10-?? o Minor features: - - If most authorities set a (newly defined) BadExit flag for a server, do - not consider it as a general-purpose exit. + - If most authorities set a (newly defined) BadExit flag for a server, + do not consider it as a general-purpose exit. Only consider + authorities that advertise themselves as listing bad exits. o Minor features, controller: - Add a REASON field to CIRC events; for backward compatibility, this diff --git a/doc/dir-spec.txt b/doc/dir-spec.txt index e829f06082..92039ef251 100644 --- a/doc/dir-spec.txt +++ b/doc/dir-spec.txt @@ -329,6 +329,8 @@ $Id$ "dir-options" -- A set of flags, in any order, separated by whitespace: "Names" if this directory authority performs name bindings. "Versions" if this directory authority recommends software versions. + "BadExits" if the directory authority flags nodes that it believes + are performing incorrectly as exit nodes. The dir-options entry is optional. The "-versions" entries are required if the "Versions" flag is present. The other entries are required and must diff --git a/doc/path-spec.txt b/doc/path-spec.txt index aeaf1bba9f..ad3e3029d5 100644 --- a/doc/path-spec.txt +++ b/doc/path-spec.txt @@ -208,8 +208,9 @@ of their choices. such a connection if any clause that accepts any connections to that port precedes all clauses (if any) that reject all connections to that port. - Unless requested to do so by the user, we never choose a server flagged by - more than half of the authorities as BadExit for an exit server. + Unless requested to do so by the user, we never choose an exit server + flagged as "BadExit" by more than half of the authorities who advertise + themselves as listing bad exits. 2.2.2. User configuration diff --git a/src/or/or.h b/src/or/or.h index 68c176ef0e..7c9d2ee51e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1041,6 +1041,8 @@ typedef struct networkstatus_t { unsigned int recommends_versions:1; /**< True iff this directory server * recommends client and server software * versions. */ + unsigned int lists_bad_exits:1; /** True iff this directory server marks + * malfunctioning exits as bad. */ smartlist_t *entries; /**< List of routerstatus_t*. This list is kept * sorted by identity_digest. */ diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 226b6d52f7..02e6f9650a 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -3178,6 +3178,7 @@ routerstatus_list_update_from_networkstatus(time_t now) { or_options_t *options = get_options(); int n_trusted, n_statuses, n_recent = 0, n_naming = 0; + int n_listing_bad_exits = 0; int i, j, warned; int *index, *size; networkstatus_t **networkstatus; @@ -3225,6 +3226,8 @@ routerstatus_list_update_from_networkstatus(time_t now) ++n_naming; if (networkstatus[i]->is_recent) ++n_recent; + if (networkstatus[i]->lists_bad_exits) + ++n_listing_bad_exits; } /** Iterate over all entries in all networkstatuses, and build @@ -3430,7 +3433,7 @@ routerstatus_list_update_from_networkstatus(time_t now) rs_out->status.is_possible_guard = n_guard > n_statuses/2; rs_out->status.is_stable = n_stable > n_statuses/2; rs_out->status.is_v2_dir = n_v2_dir > n_statuses/2; - rs_out->status.is_bad_exit = n_bad_exit > n_statuses/2; + rs_out->status.is_bad_exit = n_bad_exit > n_listing_bad_exits/2; } SMARTLIST_FOREACH(routerstatus_list, local_routerstatus_t *, rs, local_routerstatus_free(rs)); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index fce16d40ad..69cebb7059 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1205,6 +1205,8 @@ networkstatus_parse_from_string(const char *s) ns->binds_names = 1; if (!strcmp(tok->args[i], "Versions")) ns->recommends_versions = 1; + if (!strcmp(tok->args[i], "BadExits")) + ns->lists_bad_exits = 1; } }