mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 13:13:44 +01:00
Check number of usable guards when applying md restrictions.
We used to check whether we have enough filtered guards (guard set when torrc is applied) but that's not good enough, since that might be bad in some cases where many guards are not reachable (might cause overblocking and hence reacahbility issues). We now check if we have enough reachable filtered guards before applying md restrictions which should prevent overblocking.
This commit is contained in:
parent
96b69942a5
commit
69f93f806c
@ -966,7 +966,7 @@ entry_guard_learned_bridge_identity(const tor_addr_port_t *addrport,
|
||||
* violate it.
|
||||
*/
|
||||
STATIC int
|
||||
num_reachable_filtered_guards(guard_selection_t *gs,
|
||||
num_reachable_filtered_guards(const guard_selection_t *gs,
|
||||
const entry_guard_restriction_t *rst)
|
||||
{
|
||||
int n_reachable_filtered_guards = 0;
|
||||
@ -1472,30 +1472,28 @@ guard_create_exit_restriction(const uint8_t *exit_id)
|
||||
return rst;
|
||||
}
|
||||
|
||||
/** If we have fewer than this many possible guards, don't set
|
||||
* MD-availability-based restrictions: we might blacklist all of
|
||||
* them. */
|
||||
/** If we have fewer than this many possible usable guards, don't set
|
||||
* MD-availability-based restrictions: we might blacklist all of them. */
|
||||
#define MIN_GUARDS_FOR_MD_RESTRICTION 10
|
||||
|
||||
/** Return true if we should set md dirserver restrictions. We might not want
|
||||
* to set those if our network is too restricted, since we don't want to
|
||||
* blacklist all our nodes. */
|
||||
* to set those if our guard options are too restricted, since we don't want
|
||||
* to blacklist all of them. */
|
||||
static int
|
||||
should_set_md_dirserver_restriction(void)
|
||||
{
|
||||
const guard_selection_t *gs = get_guard_selection_info();
|
||||
int num_usable_guards = num_reachable_filtered_guards(gs, NULL);
|
||||
|
||||
/* Compute the number of filtered guards */
|
||||
int n_filtered_guards = 0;
|
||||
SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) {
|
||||
if (guard->is_filtered_guard) {
|
||||
++n_filtered_guards;
|
||||
}
|
||||
} SMARTLIST_FOREACH_END(guard);
|
||||
/* Don't set restriction if too few reachable filtered guards. */
|
||||
if (num_usable_guards < MIN_GUARDS_FOR_MD_RESTRICTION) {
|
||||
log_info(LD_GUARD, "Not setting md restriction: only %d"
|
||||
" usable guards.", num_usable_guards);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Do we have enough filtered guards that we feel okay about blacklisting
|
||||
* some for MD restriction? */
|
||||
return (n_filtered_guards >= MIN_GUARDS_FOR_MD_RESTRICTION);
|
||||
/* We have enough usable guards: set MD restriction */
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** Allocate and return an outdated md guard restriction. Return NULL if no
|
||||
|
@ -521,7 +521,7 @@ STATIC void entry_guard_consider_retry(entry_guard_t *guard);
|
||||
STATIC void make_guard_confirmed(guard_selection_t *gs, entry_guard_t *guard);
|
||||
STATIC void entry_guards_update_confirmed(guard_selection_t *gs);
|
||||
STATIC void entry_guards_update_primary(guard_selection_t *gs);
|
||||
STATIC int num_reachable_filtered_guards(guard_selection_t *gs,
|
||||
STATIC int num_reachable_filtered_guards(const guard_selection_t *gs,
|
||||
const entry_guard_restriction_t *rst);
|
||||
STATIC void sampled_guards_update_from_consensus(guard_selection_t *gs);
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user