17 years ago · a247792169
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,10 @@
 
				 Changes in version 0.2.0.1-alpha - 2007-??-??
			
 
				+  o Security fixes:
			
 
				+    - Directory authorities now call routers stable if they have an
			
 
				+      uptime of at least 30 days, even if that's not the median uptime
			
 
				+      in the network. Implements proposal 1xx, suggested by Kevin Bauer
			
 
				+      and Damon McCoy.
			
 
				+
			
 
				   o Minor features (build):
			
 
				     - Make autoconf search for libevent and openssl consistently.
			
 
				     - Update deprecated macros in configure.in
			
--- a/doc/spec/dir-spec.txt
+++ b/doc/spec/dir-spec.txt
@@ -441,10 +441,12 @@ $Id$
 
				    "Running" -- A router is 'Running' if the authority managed to connect to
			
 
				    it successfully within the last 30 minutes.
			
 
				 
			
 
				-   "Stable" -- A router is 'Stable' if its uptime is above median for known
			
 
				-   running, valid routers, and it's running a version of Tor not known to
			
 
				-   drop circuits stupidly.  (0.1.1.10-alpha through 0.1.1.16-rc are stupid
			
 
				-   this way.)
			
 
				+   "Stable" -- A router is 'Stable' if it is running, valid, not
			
 
				+   hibernating, and either its uptime is at least the median uptime for
			
 
				+   known running, valid, non-hibernating routers, or its uptime is at
			
 
				+   least 30 days. Routers are never called stable if they are running
			
 
				+   a version of Tor known to drop circuits stupidly.  (0.1.1.10-alpha
			
 
				+   through 0.1.1.16-rc are stupid this way.)
			
 
				 
			
 
				    "Fast" -- A router is 'Fast' if its bandwidth is in the top 7/8ths for
			
 
				    known running, valid routers.
			
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1364,6 +1364,13 @@ should_generate_v2_networkstatus(void)
 
				     the_v2_networkstatus_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL);
			
 
				 }
			
 
				 
			
 
				+/** If a router's uptime is at least this value, then it is always
			
 
				+ * considered stable, regardless of the rest of the network. This
			
 
				+ * way we resist attacks where an attacker doubles the size of the
			
 
				+ * network using allegedly high-uptime nodes, displacing all the
			
 
				+ * current guards. */
			
 
				+#define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
			
 
				+
			
 
				 /* Thresholds for server performance: set by
			
 
				  * dirserv_compute_performance_thresholds, and used by
			
 
				  * generate_v2_networkstatus */
			
@@ -1395,9 +1402,12 @@ dirserv_thinks_router_is_unreliable(time_t now,
 
				                                     routerinfo_t *router,
			
 
				                                     int need_uptime, int need_capacity)
			
 
				 {
			
 
				-  if (need_uptime &&
			
 
				-      (unsigned)real_uptime(router, now) < stable_uptime)
			
 
				-    return 1;
			
 
				+  if (need_uptime) {
			
 
				+    int uptime = real_uptime(router, now);
			
 
				+    if ((unsigned)uptime < stable_uptime &&
			
 
				+        (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE)
			
 
				+      return 1;
			
 
				+  }
			
 
				   if (need_capacity &&
			
 
				       router_get_advertised_bandwidth(router) < fast_bandwidth)
			
 
				     return 1;