Merge branch 'maint-0.2.2' into release-0.2.2
This commit is contained in:
commit
3f41df3005
|
@ -0,0 +1,5 @@
|
||||||
|
o Minor bugfixes:
|
||||||
|
- When configuring, starting, or stopping an NT service, stop
|
||||||
|
immediately after the service configuration attempt has succeeded
|
||||||
|
or failed. Fixes bug3963; bugfix on 0.2.0.7-alpha.
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
o Minor bugfixes (performance):
|
||||||
|
- Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers
|
||||||
|
function. This was eating up hideously large amounts of time on some
|
||||||
|
busy servers. Fixes bug 4518.
|
|
@ -0,0 +1,3 @@
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Backport fixes for a pair of compilation warnings on Windows.
|
||||||
|
Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta.
|
|
@ -0,0 +1,8 @@
|
||||||
|
o Minor features:
|
||||||
|
- Add two new config options for directory authorities:
|
||||||
|
AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
|
||||||
|
Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
|
||||||
|
that is always sufficient to satisfy the bandwidth requirement for
|
||||||
|
the Guard flag. Now it will be easier for researchers to simulate
|
||||||
|
Tor networks with different values. Resolves ticket 4484.
|
||||||
|
|
|
@ -1284,6 +1284,16 @@ DIRECTORY AUTHORITY SERVER OPTIONS
|
||||||
Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies
|
Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies
|
||||||
to addresses shared with directory authorities. (Default: 5)
|
to addresses shared with directory authorities. (Default: 5)
|
||||||
|
|
||||||
|
**AuthDirFastGuarantee** __N__ **bytes**|**KB**|**MB**|**GB**::
|
||||||
|
Authoritative directories only. If non-zero, always vote the
|
||||||
|
Fast flag for any relay advertising this amount of capacity or
|
||||||
|
more. (Default: 20 KB)
|
||||||
|
|
||||||
|
**AuthDirGuardBWGuarantee** __N__ **bytes**|**KB**|**MB**|**GB**::
|
||||||
|
Authoritative directories only. If non-zero, this advertised capacity
|
||||||
|
or more is always sufficient to satisfy the bandwidth requirement
|
||||||
|
for the Guard flag. (Default: 250 KB)
|
||||||
|
|
||||||
**BridgePassword** __Password__::
|
**BridgePassword** __Password__::
|
||||||
If set, contains an HTTP authenticator that tells a bridge authority to
|
If set, contains an HTTP authenticator that tells a bridge authority to
|
||||||
serve all requested bridge information. Used for debugging. (Default:
|
serve all requested bridge information. Used for debugging. (Default:
|
||||||
|
|
|
@ -396,7 +396,7 @@ typedef int socklen_t;
|
||||||
|
|
||||||
#ifdef MS_WINDOWS
|
#ifdef MS_WINDOWS
|
||||||
#define tor_socket_t intptr_t
|
#define tor_socket_t intptr_t
|
||||||
#define SOCKET_OK(s) ((s) != INVALID_SOCKET)
|
#define SOCKET_OK(s) ((unsigned)(s) != INVALID_SOCKET)
|
||||||
#else
|
#else
|
||||||
#define tor_socket_t int
|
#define tor_socket_t int
|
||||||
#define SOCKET_OK(s) ((s) >= 0)
|
#define SOCKET_OK(s) ((s) >= 0)
|
||||||
|
|
|
@ -1698,6 +1698,8 @@ check_private_dir(const char *dirname, cpd_check_t check,
|
||||||
struct passwd *pw = NULL;
|
struct passwd *pw = NULL;
|
||||||
uid_t running_uid;
|
uid_t running_uid;
|
||||||
gid_t running_gid;
|
gid_t running_gid;
|
||||||
|
#else
|
||||||
|
(void)effective_user;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
tor_assert(dirname);
|
tor_assert(dirname);
|
||||||
|
|
|
@ -175,6 +175,8 @@ static config_var_t _option_vars[] = {
|
||||||
V(AuthDirBadDir, LINELIST, NULL),
|
V(AuthDirBadDir, LINELIST, NULL),
|
||||||
V(AuthDirBadExit, LINELIST, NULL),
|
V(AuthDirBadExit, LINELIST, NULL),
|
||||||
V(AuthDirInvalid, LINELIST, NULL),
|
V(AuthDirInvalid, LINELIST, NULL),
|
||||||
|
V(AuthDirFastGuarantee, MEMUNIT, "20 KB"),
|
||||||
|
V(AuthDirGuardBWGuarantee, MEMUNIT, "250 KB"),
|
||||||
V(AuthDirReject, LINELIST, NULL),
|
V(AuthDirReject, LINELIST, NULL),
|
||||||
V(AuthDirRejectUnlisted, BOOL, "0"),
|
V(AuthDirRejectUnlisted, BOOL, "0"),
|
||||||
V(AuthDirListBadDirs, BOOL, "0"),
|
V(AuthDirListBadDirs, BOOL, "0"),
|
||||||
|
@ -3373,6 +3375,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||||
if (ensure_bandwidth_cap(&options->PerConnBWBurst,
|
if (ensure_bandwidth_cap(&options->PerConnBWBurst,
|
||||||
"PerConnBWBurst", msg) < 0)
|
"PerConnBWBurst", msg) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
if (ensure_bandwidth_cap(&options->AuthDirFastGuarantee,
|
||||||
|
"AuthDirFastGuarantee", msg) < 0)
|
||||||
|
return -1;
|
||||||
|
if (ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee,
|
||||||
|
"AuthDirGuardBWGuarantee", msg) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
|
if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
|
||||||
options->RelayBandwidthBurst = options->RelayBandwidthRate;
|
options->RelayBandwidthBurst = options->RelayBandwidthRate;
|
||||||
|
|
|
@ -446,9 +446,19 @@ assign_onionskin_to_cpuworker(connection_t *cpuworker,
|
||||||
{
|
{
|
||||||
char qbuf[1];
|
char qbuf[1];
|
||||||
char tag[TAG_LEN];
|
char tag[TAG_LEN];
|
||||||
|
time_t now = approx_time();
|
||||||
|
static time_t last_culled_cpuworkers = 0;
|
||||||
|
|
||||||
cull_wedged_cpuworkers();
|
/* Checking for wedged cpuworkers requires a linear search over all
|
||||||
spawn_enough_cpuworkers();
|
* connections, so let's do it only once a minute.
|
||||||
|
*/
|
||||||
|
#define CULL_CPUWORKERS_INTERVAL 60
|
||||||
|
|
||||||
|
if (last_culled_cpuworkers + CULL_CPUWORKERS_INTERVAL <= now) {
|
||||||
|
cull_wedged_cpuworkers();
|
||||||
|
spawn_enough_cpuworkers();
|
||||||
|
last_culled_cpuworkers = now;
|
||||||
|
}
|
||||||
|
|
||||||
if (1) {
|
if (1) {
|
||||||
if (num_cpuworkers_busy == num_cpuworkers) {
|
if (num_cpuworkers_busy == num_cpuworkers) {
|
||||||
|
|
|
@ -1692,12 +1692,6 @@ should_generate_v2_networkstatus(void)
|
||||||
/** If a router's MTBF is at least this value, then it is always stable.
|
/** If a router's MTBF is at least this value, then it is always stable.
|
||||||
* See above. (Corresponds to about 7 days for current decay rates.) */
|
* See above. (Corresponds to about 7 days for current decay rates.) */
|
||||||
#define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
|
#define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
|
||||||
/** Similarly, we protect sufficiently fast nodes from being pushed
|
|
||||||
* out of the set of Fast nodes. */
|
|
||||||
#define BANDWIDTH_TO_GUARANTEE_FAST ROUTER_REQUIRED_MIN_BANDWIDTH
|
|
||||||
/** Similarly, every node with sufficient bandwidth can be considered
|
|
||||||
* for Guard status. */
|
|
||||||
#define BANDWIDTH_TO_GUARANTEE_GUARD (250*1024)
|
|
||||||
/** Similarly, every node with at least this much weighted time known can be
|
/** Similarly, every node with at least this much weighted time known can be
|
||||||
* considered familiar enough to be a guard. Corresponds to about 20 days for
|
* considered familiar enough to be a guard. Corresponds to about 20 days for
|
||||||
* current decay rates.
|
* current decay rates.
|
||||||
|
@ -1841,6 +1835,7 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
|
||||||
long *tks;
|
long *tks;
|
||||||
double *mtbfs, *wfus;
|
double *mtbfs, *wfus;
|
||||||
time_t now = time(NULL);
|
time_t now = time(NULL);
|
||||||
|
or_options_t *options = get_options();
|
||||||
|
|
||||||
/* initialize these all here, in case there are no routers */
|
/* initialize these all here, in case there are no routers */
|
||||||
stable_uptime = 0;
|
stable_uptime = 0;
|
||||||
|
@ -1910,8 +1905,11 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
|
||||||
if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
|
if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR)
|
||||||
guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
|
guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR;
|
||||||
|
|
||||||
if (fast_bandwidth > BANDWIDTH_TO_GUARANTEE_FAST)
|
/* Protect sufficiently fast nodes from being pushed out of the set
|
||||||
fast_bandwidth = BANDWIDTH_TO_GUARANTEE_FAST;
|
* of Fast nodes. */
|
||||||
|
if (options->AuthDirFastGuarantee &&
|
||||||
|
fast_bandwidth > options->AuthDirFastGuarantee)
|
||||||
|
fast_bandwidth = options->AuthDirFastGuarantee;
|
||||||
|
|
||||||
/* Now that we have a time-known that 7/8 routers are known longer than,
|
/* Now that we have a time-known that 7/8 routers are known longer than,
|
||||||
* fill wfus with the wfu of every such "familiar" router. */
|
* fill wfus with the wfu of every such "familiar" router. */
|
||||||
|
@ -2335,6 +2333,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
|
||||||
const or_options_t *options = get_options();
|
const or_options_t *options = get_options();
|
||||||
int unstable_version =
|
int unstable_version =
|
||||||
!tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
|
!tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs");
|
||||||
|
uint32_t routerbw = router_get_advertised_bandwidth(ri);
|
||||||
|
|
||||||
memset(rs, 0, sizeof(routerstatus_t));
|
memset(rs, 0, sizeof(routerstatus_t));
|
||||||
|
|
||||||
rs->is_authority =
|
rs->is_authority =
|
||||||
|
@ -2360,10 +2360,10 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
|
||||||
rs->is_valid = ri->is_valid;
|
rs->is_valid = ri->is_valid;
|
||||||
|
|
||||||
if (rs->is_fast &&
|
if (rs->is_fast &&
|
||||||
(router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
|
((options->AuthDirGuardBWGuarantee &&
|
||||||
router_get_advertised_bandwidth(ri) >=
|
routerbw >= options->AuthDirGuardBWGuarantee) ||
|
||||||
MIN(guard_bandwidth_including_exits,
|
routerbw >= MIN(guard_bandwidth_including_exits,
|
||||||
guard_bandwidth_excluding_exits)) &&
|
guard_bandwidth_excluding_exits)) &&
|
||||||
(options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays ||
|
(options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays ||
|
||||||
is_router_version_good_for_possible_guard(ri->platform))) {
|
is_router_version_good_for_possible_guard(ri->platform))) {
|
||||||
long tk = rep_hist_get_weighted_time_known(
|
long tk = rep_hist_get_weighted_time_known(
|
||||||
|
|
|
@ -728,6 +728,7 @@ nt_service_parse_options(int argc, char **argv, int *should_exit)
|
||||||
if ((argc >= 3) &&
|
if ((argc >= 3) &&
|
||||||
(!strcmp(argv[1], "-service") || !strcmp(argv[1], "--service"))) {
|
(!strcmp(argv[1], "-service") || !strcmp(argv[1], "--service"))) {
|
||||||
nt_service_loadlibrary();
|
nt_service_loadlibrary();
|
||||||
|
*should_exit = 1;
|
||||||
if (!strcmp(argv[2], "install"))
|
if (!strcmp(argv[2], "install"))
|
||||||
return nt_service_install(argc, argv);
|
return nt_service_install(argc, argv);
|
||||||
if (!strcmp(argv[2], "remove"))
|
if (!strcmp(argv[2], "remove"))
|
||||||
|
@ -737,7 +738,6 @@ nt_service_parse_options(int argc, char **argv, int *should_exit)
|
||||||
if (!strcmp(argv[2], "stop"))
|
if (!strcmp(argv[2], "stop"))
|
||||||
return nt_service_cmd_stop();
|
return nt_service_cmd_stop();
|
||||||
printf("Unrecognized service command '%s'\n", argv[2]);
|
printf("Unrecognized service command '%s'\n", argv[2]);
|
||||||
*should_exit = 1;
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (argc >= 2) {
|
if (argc >= 2) {
|
||||||
|
|
|
@ -2676,6 +2676,14 @@ typedef struct {
|
||||||
* exploitation of CVE-2011-2768 against their clients? */
|
* exploitation of CVE-2011-2768 against their clients? */
|
||||||
int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays;
|
int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays;
|
||||||
|
|
||||||
|
/** If non-zero, always vote the Fast flag for any relay advertising
|
||||||
|
* this amount of capacity or more. */
|
||||||
|
uint64_t AuthDirFastGuarantee;
|
||||||
|
|
||||||
|
/** If non-zero, this advertised capacity or more is always sufficient
|
||||||
|
* to satisfy the bandwidth requirement for the Guard flag. */
|
||||||
|
uint64_t AuthDirGuardBWGuarantee;
|
||||||
|
|
||||||
char *AccountingStart; /**< How long is the accounting interval, and when
|
char *AccountingStart; /**< How long is the accounting interval, and when
|
||||||
* does it start? */
|
* does it start? */
|
||||||
uint64_t AccountingMax; /**< How many bytes do we allow per accounting
|
uint64_t AccountingMax; /**< How many bytes do we allow per accounting
|
||||||
|
|
Loading…
Reference in New Issue