r9091@totoro: nickm | 2006-10-19 11:45:28 -0400

Change to BadExit logic: Let authorities set an "I list bad exits" flag.  Consider an exit bad if it is listed as bad by more than half of *those* authorities.  This gives us a better migration path.


svn:r8756

ChangeLog

@@ -1,7 +1,8 @@
 Changes in version 0.1.2.3-alpha - 2006-10-??
   o Minor features:
-    - If most authorities set a (newly defined) BadExit flag for a server, do
+    - If most authorities set a (newly defined) BadExit flag for a server,
-      not consider it as a general-purpose exit.
+      do not consider it as a general-purpose exit.  Only consider
+      authorities that advertise themselves as listing bad exits.
 
   o Minor features, controller:
     - Add a REASON field to CIRC events; for backward compatibility, this

doc/dir-spec.txt

@@ -329,6 +329,8 @@ $Id$
       "dir-options" -- A set of flags, in any order, separated by whitespace:
           "Names" if this directory authority performs name bindings.
           "Versions" if this directory authority recommends software versions.
+          "BadExits" if the directory authority flags nodes that it believes
+              are performing incorrectly as exit nodes.
 
    The dir-options entry is optional.  The "-versions" entries are required if
    the "Versions" flag is present.  The other entries are required and must

doc/path-spec.txt

@@ -208,8 +208,9 @@ of their choices.
    such a connection if any clause that accepts any connections to that port
    precedes all clauses (if any) that reject all connections to that port.
 
-   Unless requested to do so by the user, we never choose a server flagged by
+   Unless requested to do so by the user, we never choose an exit server
-   more than half of the authorities as BadExit for an exit server.
+   flagged as "BadExit" by more than half of the authorities who advertise
+   themselves as listing bad exits.
 
 2.2.2. User configuration
 

src/or/or.h

@@ -1041,6 +1041,8 @@ typedef struct networkstatus_t {
   unsigned int recommends_versions:1; /**< True iff this directory server
                                        * recommends client and server software
                                        * versions. */
+  unsigned int lists_bad_exits:1; /** True iff this directory server marks
+                                   * malfunctioning exits as bad. */
 
   smartlist_t *entries; /**< List of routerstatus_t*.   This list is kept
                          * sorted by identity_digest. */

src/or/routerlist.c

@@ -3178,6 +3178,7 @@ routerstatus_list_update_from_networkstatus(time_t now)
 {
   or_options_t *options = get_options();
   int n_trusted, n_statuses, n_recent = 0, n_naming = 0;
+  int n_listing_bad_exits = 0;
   int i, j, warned;
   int *index, *size;
   networkstatus_t **networkstatus;
@@ -3225,6 +3226,8 @@ routerstatus_list_update_from_networkstatus(time_t now)
       ++n_naming;
     if (networkstatus[i]->is_recent)
       ++n_recent;
+    if (networkstatus[i]->lists_bad_exits)
+      ++n_listing_bad_exits;
   }
 
   /** Iterate over all entries in all networkstatuses, and build
@@ -3430,7 +3433,7 @@ routerstatus_list_update_from_networkstatus(time_t now)
     rs_out->status.is_possible_guard = n_guard > n_statuses/2;
     rs_out->status.is_stable = n_stable > n_statuses/2;
     rs_out->status.is_v2_dir = n_v2_dir > n_statuses/2;
-    rs_out->status.is_bad_exit = n_bad_exit > n_statuses/2;
+    rs_out->status.is_bad_exit = n_bad_exit > n_listing_bad_exits/2;
   }
   SMARTLIST_FOREACH(routerstatus_list, local_routerstatus_t *, rs,
                     local_routerstatus_free(rs));

src/or/routerparse.c

@@ -1205,6 +1205,8 @@ networkstatus_parse_from_string(const char *s)
         ns->binds_names = 1;
       if (!strcmp(tok->args[i], "Versions"))
         ns->recommends_versions = 1;
+      if (!strcmp(tok->args[i], "BadExits"))
+        ns->lists_bad_exits = 1;
     }
   }