Turn #defines for prop271 into networkstatus params

Some of these will get torrc options to override them too; this
is just the mechanical conversion.

Also, add documentation for a couple of undocumented (but now used)
parameters.
This commit is contained in:
Nick Mathewson 2016-11-26 10:06:50 -05:00
parent 039bd01767
commit d2af9826fd
3 changed files with 170 additions and 41 deletions

View File

@ -323,6 +323,118 @@ randomize_time,(time_t now, time_t max_backdate))
return crypto_rand_time_range(earliest, latest); return crypto_rand_time_range(earliest, latest);
} }
/**
* @name parameters for networkstatus algorithm
*
* These parameters are taken from the consensus; some are overrideable in
* the torrc.
*/
/**@{*/
/**
* We never let our sampled guard set grow larger than this fraction
* of the guards on the network.
*/
STATIC double
get_max_sample_threshold(void)
{
int32_t pct =
networkstatus_get_param(NULL, "guard-max-sample-threshold-percent",
DFLT_MAX_SAMPLE_THRESHOLD_PERCENT,
1, 100);
return pct / 100.0;
}
/**
* We always try to make our sample contain at least this many guards.
*
* XXXX prop271 There was a MIN_SAMPLE_THRESHOLD in the proposal, but I
* removed it in favor of MIN_FILTERED_SAMPLE_SIZE. -NM
*/
STATIC int
get_min_filtered_sample_size(void)
{
return networkstatus_get_param(NULL, "guard-min-filtered-sample-size",
DFLT_MIN_FILTERED_SAMPLE_SIZE,
1, INT32_MAX);
}
/**
* If a guard is unlisted for this many days in a row, we remove it.
*/
STATIC int
get_remove_unlisted_guards_after_days(void)
{
return networkstatus_get_param(NULL,
"guard-remove-unlisted-guards-after-days",
DFLT_REMOVE_UNLISTED_GUARDS_AFTER_DAYS,
1, 365*10);
}
/**
* We remove unconfirmed guards from the sample after this many days,
* regardless of whether they are listed or unlisted.
*/
STATIC int
get_guard_lifetime_days(void)
{
return networkstatus_get_param(NULL,
"guard-lifetime-days",
DFLT_GUARD_LIFETIME_DAYS, 1, 365*10);
}
/**
* We remove confirmed guards from the sample if they were sampled
* GUARD_LIFETIME_DAYS ago and confirmed this many days ago.
*/
STATIC int
get_guard_confirmed_min_lifetime_days(void)
{
return networkstatus_get_param(NULL, "guard-confirmed-min-lifetime-days",
DFLT_GUARD_CONFIRMED_MIN_LIFETIME_DAYS,
1, 365*10);
}
/**
* How many guards do we try to keep on our primary guard list?
*/
STATIC int
get_n_primary_guards(void)
{
return networkstatus_get_param(NULL, "guard-n-primary-guards",
DFLT_N_PRIMARY_GUARDS, 1, INT32_MAX);
}
/**
* If we haven't successfully built or used a circuit in this long, then
* consider that the internet is probably down.
*/
STATIC int
get_internet_likely_down_interval(void)
{
return networkstatus_get_param(NULL, "guard-internet-likely-down-interval",
DFLT_INTERNET_LIKELY_DOWN_INTERVAL,
1, INT32_MAX);
}
/**
* If we're trying to connect to a nonprimary guard for at least this
* many seconds, and we haven't gotten the connection to work, we will treat
* lower-priority guards as usable.
*/
STATIC int
get_nonprimary_guard_connect_timeout(void)
{
return networkstatus_get_param(NULL,
"guard-nonprimary-guard-connect-timeout",
DFLT_NONPRIMARY_GUARD_CONNECT_TIMEOUT,
1, INT32_MAX);
}
/**
* If a circuit has been sitting around in 'waiting for better guard' state
* for at least this long, we'll expire it.
*/
STATIC int
get_nonprimary_guard_idle_timeout(void)
{
return networkstatus_get_param(NULL,
"guard-nonprimary-guard-idle-timeout",
(10*60), 1, INT32_MAX);
}
/**@}*/
/** /**
* Return true iff <b>node</b> has all the flags needed for us to consider it * Return true iff <b>node</b> has all the flags needed for us to consider it
* a possible guard when sampling guards. * a possible guard when sampling guards.
@ -377,7 +489,7 @@ STATIC entry_guard_t *
entry_guard_add_to_sample(guard_selection_t *gs, entry_guard_add_to_sample(guard_selection_t *gs,
const node_t *node) const node_t *node)
{ {
const int GUARD_LIFETIME = GUARD_LIFETIME_DAYS * 86400; const int GUARD_LIFETIME = get_guard_lifetime_days() * 86400;
tor_assert(gs); tor_assert(gs);
tor_assert(node); tor_assert(node);
@ -470,8 +582,8 @@ entry_guards_expand_sample(guard_selection_t *gs)
if (! smartlist_len(eligible_guards)) if (! smartlist_len(eligible_guards))
goto done; goto done;
const int max_sample = (int)(n_guards * MAX_SAMPLE_THRESHOLD); const int max_sample = (int)(n_guards * get_max_sample_threshold());
const int min_filtered_sample = MIN_FILTERED_SAMPLE_SIZE; const int min_filtered_sample = get_min_filtered_sample_size();
log_info(LD_GUARD, "Expanding the sample guard set. We have %d guards " log_info(LD_GUARD, "Expanding the sample guard set. We have %d guards "
"in the sample, and %d eligible guards to extend it with.", "in the sample, and %d eligible guards to extend it with.",
@ -570,7 +682,7 @@ sampled_guards_update_from_consensus(guard_selection_t *gs)
{ {
tor_assert(gs); tor_assert(gs);
const int REMOVE_UNLISTED_GUARDS_AFTER = const int REMOVE_UNLISTED_GUARDS_AFTER =
(REMOVE_UNLISTED_GUARDS_AFTER_DAYS * 86400); (get_remove_unlisted_guards_after_days() * 86400);
const int unlisted_since_slop = REMOVE_UNLISTED_GUARDS_AFTER / 5; const int unlisted_since_slop = REMOVE_UNLISTED_GUARDS_AFTER / 5;
// It's important to use only a live consensus here; we don't want to // It's important to use only a live consensus here; we don't want to
@ -637,9 +749,9 @@ sampled_guards_update_from_consensus(guard_selection_t *gs)
const time_t remove_if_unlisted_since = const time_t remove_if_unlisted_since =
approx_time() - REMOVE_UNLISTED_GUARDS_AFTER; approx_time() - REMOVE_UNLISTED_GUARDS_AFTER;
const time_t maybe_remove_if_sampled_before = const time_t maybe_remove_if_sampled_before =
approx_time() - (GUARD_LIFETIME_DAYS * 86400); approx_time() - (get_guard_lifetime_days() * 86400);
const time_t remove_if_confirmed_before = const time_t remove_if_confirmed_before =
approx_time() - (GUARD_CONFIRMED_MIN_LIFETIME_DAYS * 86400); approx_time() - (get_guard_confirmed_min_lifetime_days() * 86400);
/* Then: remove the ones that have been junk for too long */ /* Then: remove the ones that have been junk for too long */
SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) {
@ -656,7 +768,7 @@ sampled_guards_update_from_consensus(guard_selection_t *gs)
*/ */
log_info(LD_GUARD, "Removing sampled guard %s: it has been unlisted " log_info(LD_GUARD, "Removing sampled guard %s: it has been unlisted "
"for over %d days", entry_guard_describe(guard), "for over %d days", entry_guard_describe(guard),
REMOVE_UNLISTED_GUARDS_AFTER_DAYS); get_remove_unlisted_guards_after_days());
remove = 1; remove = 1;
} else if (guard->sampled_on_date < maybe_remove_if_sampled_before) { } else if (guard->sampled_on_date < maybe_remove_if_sampled_before) {
/* We have a live consensus, and {ADDED_ON_DATE} is over /* We have a live consensus, and {ADDED_ON_DATE} is over
@ -668,13 +780,14 @@ sampled_guards_update_from_consensus(guard_selection_t *gs)
log_info(LD_GUARD, "Removing sampled guard %s: it was sampled " log_info(LD_GUARD, "Removing sampled guard %s: it was sampled "
"over %d days ago, but never confirmed.", "over %d days ago, but never confirmed.",
entry_guard_describe(guard), entry_guard_describe(guard),
GUARD_LIFETIME_DAYS); get_guard_lifetime_days());
} else if (guard->confirmed_on_date < remove_if_confirmed_before) { } else if (guard->confirmed_on_date < remove_if_confirmed_before) {
remove = 1; remove = 1;
log_info(LD_GUARD, "Removing sampled guard %s: it was sampled " log_info(LD_GUARD, "Removing sampled guard %s: it was sampled "
"over %d days ago, and confirmed over %d days ago.", "over %d days ago, and confirmed over %d days ago.",
entry_guard_describe(guard), entry_guard_describe(guard),
GUARD_LIFETIME_DAYS, GUARD_CONFIRMED_MIN_LIFETIME_DAYS); get_guard_lifetime_days(),
get_guard_confirmed_min_lifetime_days());
} }
} }
@ -820,7 +933,8 @@ sample_reachable_filtered_entry_guards(guard_selection_t *gs,
log_info(LD_GUARD, "Trying to sample a reachable guard: We know of %d " log_info(LD_GUARD, "Trying to sample a reachable guard: We know of %d "
"in the USABLE_FILTERED set.", n_reachable_filtered); "in the USABLE_FILTERED set.", n_reachable_filtered);
if (n_reachable_filtered < MIN_FILTERED_SAMPLE_SIZE) { const int min_filtered_sample = get_min_filtered_sample_size();
if (n_reachable_filtered < min_filtered_sample) {
log_info(LD_GUARD, " (That isn't enough. Trying to expand the sample.)"); log_info(LD_GUARD, " (That isn't enough. Trying to expand the sample.)");
entry_guards_expand_sample(gs); entry_guards_expand_sample(gs);
} }
@ -916,7 +1030,7 @@ make_guard_confirmed(guard_selection_t *gs, entry_guard_t *guard)
if (BUG(smartlist_contains(gs->confirmed_entry_guards, guard))) if (BUG(smartlist_contains(gs->confirmed_entry_guards, guard)))
return; // LCOV_EXCL_LINE return; // LCOV_EXCL_LINE
const int GUARD_LIFETIME = GUARD_LIFETIME_DAYS * 86400; const int GUARD_LIFETIME = get_guard_lifetime_days() * 86400;
guard->confirmed_on_date = randomize_time(approx_time(), GUARD_LIFETIME/10); guard->confirmed_on_date = randomize_time(approx_time(), GUARD_LIFETIME/10);
log_info(LD_GUARD, "Marking %s as a confirmed guard (index %d)", log_info(LD_GUARD, "Marking %s as a confirmed guard (index %d)",
@ -947,6 +1061,8 @@ entry_guards_update_primary(guard_selection_t *gs)
tor_assert(!running); tor_assert(!running);
running = 1; running = 1;
const int N_PRIMARY_GUARDS = get_n_primary_guards();
smartlist_t *new_primary_guards = smartlist_new(); smartlist_t *new_primary_guards = smartlist_new();
smartlist_t *old_primary_guards = smartlist_new(); smartlist_t *old_primary_guards = smartlist_new();
smartlist_add_all(old_primary_guards, gs->primary_entry_guards); smartlist_add_all(old_primary_guards, gs->primary_entry_guards);
@ -1278,7 +1394,7 @@ entry_guards_note_guard_success(guard_selection_t *gs,
old_state == GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD); old_state == GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD);
new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD;
if (last_time_on_internet + INTERNET_LIKELY_DOWN_INTERVAL if (last_time_on_internet + get_internet_likely_down_interval()
< approx_time()) { < approx_time()) {
mark_primary_guards_maybe_reachable(gs); mark_primary_guards_maybe_reachable(gs);
} }
@ -1620,7 +1736,7 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs,
*/ */
int n_blockers_found = 0; int n_blockers_found = 0;
const time_t state_set_at_cutoff = const time_t state_set_at_cutoff =
approx_time() - NONPRIMARY_GUARD_CONNECT_TIMEOUT; approx_time() - get_nonprimary_guard_connect_timeout();
SMARTLIST_FOREACH_BEGIN(all_circuits, origin_circuit_t *, circ) { SMARTLIST_FOREACH_BEGIN(all_circuits, origin_circuit_t *, circ) {
circuit_guard_state_t *state = origin_circuit_get_guard_state(circ); circuit_guard_state_t *state = origin_circuit_get_guard_state(circ);
if (state == NULL) if (state == NULL)
@ -1678,7 +1794,7 @@ entry_guard_state_should_expire(circuit_guard_state_t *guard_state)
if (guard_state == NULL) if (guard_state == NULL)
return 0; return 0;
const time_t expire_if_waiting_since = const time_t expire_if_waiting_since =
approx_time() - NONPRIMARY_GUARD_IDLE_TIMEOUT; approx_time() - get_nonprimary_guard_idle_timeout();
return (guard_state->state == GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD return (guard_state->state == GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD
&& guard_state->state_set_at < expire_if_waiting_since); && guard_state->state_set_at < expire_if_waiting_since);
} }

View File

@ -347,63 +347,76 @@ int num_bridges_usable(void);
#ifdef ENTRYNODES_PRIVATE #ifdef ENTRYNODES_PRIVATE
/** /**
* @name Parameters for the new (prop271) entry guard algorithm. * @name Default values for the parameters for the new (prop271) entry guard
* algorithm.
*/ */
/* XXXX prop271 some of these should be networkstatus parameters */
/**@{*/ /**@{*/
/** /**
* We never let our sampled guard set grow larger than this fraction * We never let our sampled guard set grow larger than this percentage
* of the guards on the network. * of the guards on the network.
*/ */
#define MAX_SAMPLE_THRESHOLD 0.30 #define DFLT_MAX_SAMPLE_THRESHOLD_PERCENT 30
/** /**
* We always try to make our sample contain at least this many guards. * We always try to make our sample contain at least this many guards.
* *
* XXXX prop271 There was a MIN_SAMPLE_THRESHOLD in the proposal, but I * XXXX prop271 There was a MIN_SAMPLE_THRESHOLD in the proposal, but I
* removed it in favor of MIN_FILTERED_SAMPLE_SIZE. -NM * removed it in favor of MIN_FILTERED_SAMPLE_SIZE. -NM
*/ */
#define MIN_FILTERED_SAMPLE_SIZE 20 #define DFLT_MIN_FILTERED_SAMPLE_SIZE 20
/** /**
* If a guard is unlisted for this many days in a row, we remove it. * If a guard is unlisted for this many days in a row, we remove it.
*/ */
#define REMOVE_UNLISTED_GUARDS_AFTER_DAYS 20 #define DFLT_REMOVE_UNLISTED_GUARDS_AFTER_DAYS 20
/** /**
* We remove unconfirmed guards from the sample after this many days, * We remove unconfirmed guards from the sample after this many days,
* regardless of whether they are listed or unlisted. * regardless of whether they are listed or unlisted.
*/ */
#define GUARD_LIFETIME_DAYS 120 #define DFLT_GUARD_LIFETIME_DAYS 120
/** /**
* We remove confirmed guards from the sample if they were sampled * We remove confirmed guards from the sample if they were sampled
* GUARD_LIFETIME_DAYS ago and confirmed this many days ago. * GUARD_LIFETIME_DAYS ago and confirmed this many days ago.
*/ */
#define GUARD_CONFIRMED_MIN_LIFETIME_DAYS 60 #define DFLT_GUARD_CONFIRMED_MIN_LIFETIME_DAYS 60
/** /**
* How many guards do we try to keep on our primary guard list? * How many guards do we try to keep on our primary guard list?
*/ */
#define N_PRIMARY_GUARDS 3 #define DFLT_N_PRIMARY_GUARDS 3
/** /**
* If we haven't successfully built or used a circuit in this long, then * If we haven't successfully built or used a circuit in this long, then
* consider that the internet is probably down. * consider that the internet is probably down.
*/ */
#define INTERNET_LIKELY_DOWN_INTERVAL (10*60) #define DFLT_INTERNET_LIKELY_DOWN_INTERVAL (10*60)
/**
* If we're trying to connect to a nonprimary guard for at least this
* many seconds, and we haven't gotten the connection to work, we will treat
* lower-priority guards as usable.
*/
#define DFLT_NONPRIMARY_GUARD_CONNECT_TIMEOUT 15
/**
* If a circuit has been sitting around in 'waiting for better guard' state
* for at least this long, we'll expire it.
*/
#define DLFT_NONPRIMARY_GUARD_IDLE_TIMEOUT (10*60)
/** /**
* DOCDOC. not yet used; see prop271. * DOCDOC. not yet used; see prop271.
*/ */
#define NONPRIMARY_GUARD_CONNECT_TIMEOUT 15 #define DFLT_MEANINGFUL_RESTRICTION_FRAC 0.2
/**
* DOCDOC. not yet used; see prop271.
*/
#define NONPRIMARY_GUARD_IDLE_TIMEOUT (10*60)
/**
* DOCDOC. not yet used; see prop271.
*/
#define MEANINGFUL_RESTRICTION_FRAC 0.2
/** /**
* DOCDOC. not yet used. see prop271. * DOCDOC. not yet used. see prop271.
*/ */
#define EXTREME_RESTRICTION_FRAC 0.01 #define DFLT_EXTREME_RESTRICTION_FRAC 0.01
/**@}*/ /**@}*/
STATIC double get_max_sample_threshold(void);
STATIC int get_min_filtered_sample_size(void);
STATIC int get_remove_unlisted_guards_after_days(void);
STATIC int get_guard_lifetime_days(void);
STATIC int get_guard_confirmed_min_lifetime_days(void);
STATIC int get_n_primary_guards(void);
STATIC int get_internet_likely_down_interval(void);
STATIC int get_nonprimary_guard_connect_timeout(void);
STATIC int get_nonprimary_guard_idle_timeout(void);
// ---------- XXXX these functions and definitions are post-prop271. // ---------- XXXX these functions and definitions are post-prop271.
HANDLE_DECL(entry_guard, entry_guard_t, STATIC) HANDLE_DECL(entry_guard, entry_guard_t, STATIC)
STATIC guard_selection_t *guard_selection_new(const char *name); STATIC guard_selection_t *guard_selection_new(const char *name);

View File

@ -1425,7 +1425,7 @@ test_entry_guard_expand_sample(void *arg)
num_reachable_filtered_guards(gs)); num_reachable_filtered_guards(gs));
/* Make sure we got the right number. */ /* Make sure we got the right number. */
tt_int_op(MIN_FILTERED_SAMPLE_SIZE, OP_EQ, tt_int_op(DFLT_MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
num_reachable_filtered_guards(gs)); num_reachable_filtered_guards(gs));
// Make sure everything we got was from our fake node list, and everything // Make sure everything we got was from our fake node list, and everything
@ -1444,7 +1444,7 @@ test_entry_guard_expand_sample(void *arg)
// make no changes. // make no changes.
guard = entry_guards_expand_sample(gs); guard = entry_guards_expand_sample(gs);
tt_assert(! guard); // no guard was added. tt_assert(! guard); // no guard was added.
tt_int_op(MIN_FILTERED_SAMPLE_SIZE, OP_EQ, tt_int_op(DFLT_MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
num_reachable_filtered_guards(gs)); num_reachable_filtered_guards(gs));
// Make a few guards unreachable. // Make a few guards unreachable.
@ -1454,13 +1454,13 @@ test_entry_guard_expand_sample(void *arg)
guard->is_usable_filtered_guard = 0; guard->is_usable_filtered_guard = 0;
guard = smartlist_get(gs->sampled_entry_guards, 2); guard = smartlist_get(gs->sampled_entry_guards, 2);
guard->is_usable_filtered_guard = 0; guard->is_usable_filtered_guard = 0;
tt_int_op(MIN_FILTERED_SAMPLE_SIZE - 3, OP_EQ, tt_int_op(DFLT_MIN_FILTERED_SAMPLE_SIZE - 3, OP_EQ,
num_reachable_filtered_guards(gs)); num_reachable_filtered_guards(gs));
// This time, expanding the sample will add some more guards. // This time, expanding the sample will add some more guards.
guard = entry_guards_expand_sample(gs); guard = entry_guards_expand_sample(gs);
tt_assert(guard); // no guard was added. tt_assert(guard); // no guard was added.
tt_int_op(MIN_FILTERED_SAMPLE_SIZE, OP_EQ, tt_int_op(DFLT_MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
num_reachable_filtered_guards(gs)); num_reachable_filtered_guards(gs));
tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_EQ, tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_EQ,
num_reachable_filtered_guards(gs)+3); num_reachable_filtered_guards(gs)+3);
@ -1468,7 +1468,7 @@ test_entry_guard_expand_sample(void *arg)
// Still idempotent. // Still idempotent.
guard = entry_guards_expand_sample(gs); guard = entry_guards_expand_sample(gs);
tt_assert(! guard); // no guard was added. tt_assert(! guard); // no guard was added.
tt_int_op(MIN_FILTERED_SAMPLE_SIZE, OP_EQ, tt_int_op(DFLT_MIN_FILTERED_SAMPLE_SIZE, OP_EQ,
num_reachable_filtered_guards(gs)); num_reachable_filtered_guards(gs));
// Now, do a nasty trick: tell the filter to exclude 31/32 of the guards. // Now, do a nasty trick: tell the filter to exclude 31/32 of the guards.
@ -1486,7 +1486,7 @@ test_entry_guard_expand_sample(void *arg)
// Surely (p ~ 1-2**-60), one of our guards has been excluded. // Surely (p ~ 1-2**-60), one of our guards has been excluded.
tt_int_op(num_reachable_filtered_guards(gs), OP_LT, tt_int_op(num_reachable_filtered_guards(gs), OP_LT,
MIN_FILTERED_SAMPLE_SIZE); DFLT_MIN_FILTERED_SAMPLE_SIZE);
// Try to regenerate the guards. // Try to regenerate the guards.
guard = entry_guards_expand_sample(gs); guard = entry_guards_expand_sample(gs);
@ -1494,7 +1494,7 @@ test_entry_guard_expand_sample(void *arg)
/* this time, it's possible that we didn't add enough sampled guards. */ /* this time, it's possible that we didn't add enough sampled guards. */
tt_int_op(num_reachable_filtered_guards(gs), OP_LE, tt_int_op(num_reachable_filtered_guards(gs), OP_LE,
MIN_FILTERED_SAMPLE_SIZE); DFLT_MIN_FILTERED_SAMPLE_SIZE);
/* but we definitely didn't exceed the sample maximum. */ /* but we definitely didn't exceed the sample maximum. */
tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_LE, tt_int_op(smartlist_len(gs->sampled_entry_guards), OP_LE,
(int)((271 / 2) * .3)); (int)((271 / 2) * .3));