From 8be50ca3ea90ac04b8a18c7d9a33f5ec3f3a6e28 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Wed, 22 Nov 2017 09:25:07 -0500 Subject: [PATCH] relay: Change bandwidth stats interval to 24 hours Going from 4 hours to 24 hours in order to try reduce the efficiency of guard discovery attacks. Closes #23856 Signed-off-by: David Goulet --- changes/ticket23856 | 4 ++++ src/or/rephist.c | 4 ++-- src/or/router.c | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 changes/ticket23856 diff --git a/changes/ticket23856 b/changes/ticket23856 new file mode 100644 index 000000000..049da18d0 --- /dev/null +++ b/changes/ticket23856 @@ -0,0 +1,4 @@ + o Minor feature (relay statistics): + - Change relay bandwidth reporting stats interval from 4 hours to 24 hours + in order to reduce the efficiency of guard discovery attacks. Fixes + ticket 23856. diff --git a/src/or/rephist.c b/src/or/rephist.c index cedc56af0..5acc8f351 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -1131,9 +1131,9 @@ rep_hist_load_mtbf_data(time_t now) * totals? */ #define NUM_SECS_ROLLING_MEASURE 10 /** How large are the intervals for which we track and report bandwidth use? */ -#define NUM_SECS_BW_SUM_INTERVAL (4*60*60) +#define NUM_SECS_BW_SUM_INTERVAL (24*60*60) /** How far in the past do we remember and publish bandwidth use? */ -#define NUM_SECS_BW_SUM_IS_VALID (24*60*60) +#define NUM_SECS_BW_SUM_IS_VALID (5*24*60*60) /** How many bandwidth usage intervals do we remember? (derived) */ #define NUM_TOTALS (NUM_SECS_BW_SUM_IS_VALID/NUM_SECS_BW_SUM_INTERVAL) diff --git a/src/or/router.c b/src/or/router.c index 90b2431a2..e1c2d20b3 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -2064,7 +2064,7 @@ mark_my_descriptor_dirty(const char *reason) /** How frequently will we republish our descriptor because of large (factor * of 2) shifts in estimated bandwidth? */ -#define MAX_BANDWIDTH_CHANGE_FREQ (20*60) +#define MAX_BANDWIDTH_CHANGE_FREQ (3*60*60) /** Check whether bandwidth has changed a lot since the last time we announced * bandwidth. If so, mark our descriptor dirty. */