From 45eadf39551bc1d3d00e677c8b7fd977a17aad01 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 8 Sep 2011 21:54:12 -0400 Subject: [PATCH 1/7] All NT service configuration commands should make the process exit. Fixes bug 3963; fix on 0.2.0.7-alpha. --- changes/bug3963 | 5 +++++ src/or/ntmain.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changes/bug3963 diff --git a/changes/bug3963 b/changes/bug3963 new file mode 100644 index 000000000..2fc44a095 --- /dev/null +++ b/changes/bug3963 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - When configuring, starting, or stopping an NT service, stop + immediately after the service configuration attempt has succeeded + or failed. Fixes bug3963; bugfix on 0.2.0.7-alpha. + diff --git a/src/or/ntmain.c b/src/or/ntmain.c index b2fee648c..985fab73c 100644 --- a/src/or/ntmain.c +++ b/src/or/ntmain.c @@ -728,6 +728,7 @@ nt_service_parse_options(int argc, char **argv, int *should_exit) if ((argc >= 3) && (!strcmp(argv[1], "-service") || !strcmp(argv[1], "--service"))) { nt_service_loadlibrary(); + *should_exit = 1; if (!strcmp(argv[2], "install")) return nt_service_install(argc, argv); if (!strcmp(argv[2], "remove")) @@ -737,7 +738,6 @@ nt_service_parse_options(int argc, char **argv, int *should_exit) if (!strcmp(argv[2], "stop")) return nt_service_cmd_stop(); printf("Unrecognized service command '%s'\n", argv[2]); - *should_exit = 1; return 1; } if (argc >= 2) { From 8e388bc39ceb9b1a642359005b320cdc994f8a4e Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sat, 19 Nov 2011 18:29:42 -0500 Subject: [PATCH 2/7] Only call cull_wedged_cpuworkers once every 60 seconds. The function is over 10 or 20% on some of Moritz's profiles, depending on how you could. Since it's checking for a multi-hour timeout, this is safe to do. Fixes bug 4518. --- changes/bug4518 | 4 ++++ src/or/cpuworker.c | 14 ++++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 changes/bug4518 diff --git a/changes/bug4518 b/changes/bug4518 new file mode 100644 index 000000000..8dcb93bf7 --- /dev/null +++ b/changes/bug4518 @@ -0,0 +1,4 @@ + o Minor bugfixes (performance): + - Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers + function. This was eating up hideously large amounts of time on some + busy servers. Fixes bug 4518. diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c index c5e4863f7..9d196d36e 100644 --- a/src/or/cpuworker.c +++ b/src/or/cpuworker.c @@ -446,9 +446,19 @@ assign_onionskin_to_cpuworker(connection_t *cpuworker, { char qbuf[1]; char tag[TAG_LEN]; + time_t now = approx_time(); + static time_t last_culled_cpuworkers = 0; - cull_wedged_cpuworkers(); - spawn_enough_cpuworkers(); + /* Checking for wedged cpuworkers requires a linear search over all + * connections, so let's do it only once a minute. + */ +#define CULL_CPUWORKERS_INTERVAL 60 + + if (last_culled_cpuworkers + CULL_CPUWORKERS_INTERVAL <= now) { + cull_wedged_cpuworkers(); + spawn_enough_cpuworkers(); + last_culled_cpuworkers = now; + } if (1) { if (num_cpuworkers_busy == num_cpuworkers) { From 3dc2a1c62cf01218f1a1afc03e54b0b2b52046e7 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Tue, 9 Aug 2011 11:00:25 +0200 Subject: [PATCH 3/7] Get rid of an unused parameter warning on win This is a backport of bed79c47f4ec0ee72b19e2b81c54131d516d07ef which accidentally only went into master --- src/common/util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/common/util.c b/src/common/util.c index de1ca3684..7675ede43 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1698,6 +1698,8 @@ check_private_dir(const char *dirname, cpd_check_t check, struct passwd *pw = NULL; uid_t running_uid; gid_t running_gid; +#else + (void)effective_user; #endif tor_assert(dirname); From 2efa6eb652d9eb2dd6d91a5e4ef3e9eea1ac7d22 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Tue, 9 Aug 2011 10:59:03 +0200 Subject: [PATCH 4/7] Sockets are unsigned on windows this gets rid of a warning about signed/unsigned comparison This is a backport of 0a5338e03cdf14ef80584c6ff8adeb49200b8a76 that accidentally only went into master --- src/common/compat.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/compat.h b/src/common/compat.h index 7e6058a54..011b9c867 100644 --- a/src/common/compat.h +++ b/src/common/compat.h @@ -396,7 +396,7 @@ typedef int socklen_t; #ifdef MS_WINDOWS #define tor_socket_t intptr_t -#define SOCKET_OK(s) ((s) != INVALID_SOCKET) +#define SOCKET_OK(s) ((unsigned)(s) != INVALID_SOCKET) #else #define tor_socket_t int #define SOCKET_OK(s) ((s) >= 0) From fbcd7c01e78c71df479c540c85a7ea94dc02a0a4 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sun, 20 Nov 2011 20:15:13 -0500 Subject: [PATCH 5/7] Changes file for bug4521 backports. --- changes/bug4521 | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changes/bug4521 diff --git a/changes/bug4521 b/changes/bug4521 new file mode 100644 index 000000000..9b0bae9b0 --- /dev/null +++ b/changes/bug4521 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Backport fixes for a pair of compilation warnings on Windows. + Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta. From c0ec4eafc54d84089536caf51b1367e8d9ddacef Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Wed, 16 Nov 2011 20:55:33 -0500 Subject: [PATCH 6/7] parameterize bw cutoffs to guarantee Fast and Guard flags Now it will be easier for researchers to simulate Tor networks with different values. Resolves ticket 4484. --- changes/feature4484 | 8 ++++++++ src/or/config.c | 8 ++++++++ src/or/dirserv.c | 24 ++++++++++++------------ src/or/or.h | 8 ++++++++ 4 files changed, 36 insertions(+), 12 deletions(-) create mode 100644 changes/feature4484 diff --git a/changes/feature4484 b/changes/feature4484 new file mode 100644 index 000000000..78154e964 --- /dev/null +++ b/changes/feature4484 @@ -0,0 +1,8 @@ + o Minor features: + - Add two new config options for directory authorities: + AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the + Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold + that is always sufficient to satisfy the bandwidth requirement for + the Guard flag. Now it will be easier for researchers to simulate + Tor networks with different values. Resolves ticket 4484. + diff --git a/src/or/config.c b/src/or/config.c index ffa763e65..94a6538fa 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -175,6 +175,8 @@ static config_var_t _option_vars[] = { V(AuthDirBadDir, LINELIST, NULL), V(AuthDirBadExit, LINELIST, NULL), V(AuthDirInvalid, LINELIST, NULL), + V(AuthDirFastGuarantee, MEMUNIT, "20 KB"), + V(AuthDirGuardBWGuarantee, MEMUNIT, "250 KB"), V(AuthDirReject, LINELIST, NULL), V(AuthDirRejectUnlisted, BOOL, "0"), V(AuthDirListBadDirs, BOOL, "0"), @@ -3373,6 +3375,12 @@ options_validate(or_options_t *old_options, or_options_t *options, if (ensure_bandwidth_cap(&options->PerConnBWBurst, "PerConnBWBurst", msg) < 0) return -1; + if (ensure_bandwidth_cap(&options->AuthDirFastGuarantee, + "AuthDirFastGuarantee", msg) < 0) + return -1; + if (ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee, + "AuthDirGuardBWGuarantee", msg) < 0) + return -1; if (options->RelayBandwidthRate && !options->RelayBandwidthBurst) options->RelayBandwidthBurst = options->RelayBandwidthRate; diff --git a/src/or/dirserv.c b/src/or/dirserv.c index c427fe2ef..19d9702a9 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1692,12 +1692,6 @@ should_generate_v2_networkstatus(void) /** If a router's MTBF is at least this value, then it is always stable. * See above. (Corresponds to about 7 days for current decay rates.) */ #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5) -/** Similarly, we protect sufficiently fast nodes from being pushed - * out of the set of Fast nodes. */ -#define BANDWIDTH_TO_GUARANTEE_FAST ROUTER_REQUIRED_MIN_BANDWIDTH -/** Similarly, every node with sufficient bandwidth can be considered - * for Guard status. */ -#define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024) /** Similarly, every node with at least this much weighted time known can be * considered familiar enough to be a guard. Corresponds to about 20 days for * current decay rates. @@ -1841,6 +1835,7 @@ dirserv_compute_performance_thresholds(routerlist_t *rl) long *tks; double *mtbfs, *wfus; time_t now = time(NULL); + or_options_t *options = get_options(); /* initialize these all here, in case there are no routers */ stable_uptime = 0; @@ -1910,8 +1905,11 @@ dirserv_compute_performance_thresholds(routerlist_t *rl) if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR) guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR; - if (fast_bandwidth > BANDWIDTH_TO_GUARANTEE_FAST) - fast_bandwidth = BANDWIDTH_TO_GUARANTEE_FAST; + /* Protect sufficiently fast nodes from being pushed out of the set + * of Fast nodes. */ + if (options->AuthDirFastGuarantee && + fast_bandwidth > options->AuthDirFastGuarantee) + fast_bandwidth = options->AuthDirFastGuarantee; /* Now that we have a time-known that 7/8 routers are known longer than, * fill wfus with the wfu of every such "familiar" router. */ @@ -2335,6 +2333,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, const or_options_t *options = get_options(); int unstable_version = !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs"); + uint32_t routerbw = router_get_advertised_bandwidth(ri); + memset(rs, 0, sizeof(routerstatus_t)); rs->is_authority = @@ -2360,10 +2360,10 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->is_valid = ri->is_valid; if (rs->is_fast && - (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD || - router_get_advertised_bandwidth(ri) >= - MIN(guard_bandwidth_including_exits, - guard_bandwidth_excluding_exits)) && + ((options->AuthDirGuardBWGuarantee && + routerbw >= options->AuthDirGuardBWGuarantee) || + routerbw >= MIN(guard_bandwidth_including_exits, + guard_bandwidth_excluding_exits)) && (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( diff --git a/src/or/or.h b/src/or/or.h index 7d50e1f50..c0714ee4c 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2676,6 +2676,14 @@ typedef struct { * exploitation of CVE-2011-2768 against their clients? */ int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; + /** If non-zero, always vote the Fast flag for any relay advertising + * this amount of capacity or more. */ + uint64_t AuthDirFastGuarantee; + + /** If non-zero, this advertised capacity or more is always sufficient + * to satisfy the bandwidth requirement for the Guard flag. */ + uint64_t AuthDirGuardBWGuarantee; + char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting From 97a209ea28f1b64fba51157e3e695c676eb0cf8e Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 21 Nov 2011 18:32:32 -0500 Subject: [PATCH 7/7] man page entries for AuthDir{Fast,GuardBW}Guarantee --- doc/tor.1.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 703cc82e2..d91f87326 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1284,6 +1284,16 @@ DIRECTORY AUTHORITY SERVER OPTIONS Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies to addresses shared with directory authorities. (Default: 5) +**AuthDirFastGuarantee** __N__ **bytes**|**KB**|**MB**|**GB**:: + Authoritative directories only. If non-zero, always vote the + Fast flag for any relay advertising this amount of capacity or + more. (Default: 20 KB) + +**AuthDirGuardBWGuarantee** __N__ **bytes**|**KB**|**MB**|**GB**:: + Authoritative directories only. If non-zero, this advertised capacity + or more is always sufficient to satisfy the bandwidth requirement + for the Guard flag. (Default: 250 KB) + **BridgePassword** __Password__:: If set, contains an HTTP authenticator that tells a bridge authority to serve all requested bridge information. Used for debugging. (Default: