Merge branch 'bug8146_etc'

changes/bug8146_etc

@@ -0,0 +1,13 @@
+  o Major bugfixes (security, directory authority):
+    - When computing directory thresholds, ignore any rejected-as-sybil
+      nodes during the computation so that they can't influence Fast,
+      Guard, etc. Fixes bug 8146.
+
+    - When computing thresholds for flags, never let the threshold for
+      the Fast flag to 4096 bytes. Fixes bug 8145.
+    - Do not consider nodes with extremely low bandwidths when deciding
+      thresholds for various directory flags. Another fix for 8145.
+
+    - When marking a node as a likely sybil, reset its uptime metrics
+      to zero, so that it cannot time towards getting marked as Guard,
+      Stable, or HSDir. Fix for bug 8147.

src/or/dirserv.c

@@ -1884,6 +1884,22 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
           node->is_running);
 }
 
+/** Don't consider routers with less bandwidth than this when computing
+ * thresholds. */
+#define ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER 4096
+
+/** Helper for dirserv_compute_performance_thresholds(): Decide whether to
+ * include a router in our calculations, and return true iff we should. */
+static int
+router_counts_toward_thresholds(const node_t *node, time_t now,
+                                const digestmap_t *omit_as_sybil)
+{
+  return node->ri && router_is_active(node->ri, node, now) &&
+    !digestmap_get(omit_as_sybil, node->ri->cache_info.identity_digest) &&
+    (router_get_advertised_bandwidth(node->ri) >=
+       ABSOLUTE_MIN_BW_VALUE_TO_CONSIDER);
+}
+
 /** Look through the routerlist, the Mean Time Between Failure history, and
  * the Weighted Fractional Uptime history, and use them to set thresholds for
  * the Stable, Fast, and Guard flags.  Update the fields stable_uptime,
@@ -1893,7 +1909,8 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
  *
  * Also, set the is_exit flag of each router appropriately. */
 static void
-dirserv_compute_performance_thresholds(routerlist_t *rl)
+dirserv_compute_performance_thresholds(routerlist_t *rl,
+                                       digestmap_t *omit_as_sybil)
 {
   int n_active, n_active_nonexit, n_familiar;
   uint32_t *uptimes, *bandwidths, *bandwidths_excluding_exits;
@@ -1934,8 +1951,8 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
 
   /* Now, fill in the arrays. */
   SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) {
-    routerinfo_t *ri = node->ri;
-    if (ri && router_is_active(ri, node, now)) {
+    if (router_counts_toward_thresholds(node, now, omit_as_sybil)) {
+      routerinfo_t *ri = node->ri;
       const char *id = ri->cache_info.identity_digest;
       uint32_t bw;
       node->is_exit = (!router_exit_policy_rejects_all(ri) &&
@@ -1975,9 +1992,12 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
 
   {
     /* We can vote on a parameter for the minimum and maximum. */
+#define ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG 4096
     int32_t min_fast, max_fast;
     min_fast = networkstatus_get_param(NULL, "FastFlagMinThreshold",
-                                       0, 0, INT32_MAX);
+      ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
+      ABSOLUTE_MIN_VALUE_FOR_FAST_FLAG,
+      INT32_MAX);
     max_fast = networkstatus_get_param(NULL, "FastFlagMaxThreshold",
                                        INT32_MAX, min_fast, INT32_MAX);
     if (fast_bandwidth < (uint32_t)min_fast)
@@ -1996,8 +2016,8 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
   n_familiar = 0;
 
   SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), node_t *, node) {
-      routerinfo_t *ri = node->ri;
-      if (ri && router_is_active(ri, node, now)) {
+      if (router_counts_toward_thresholds(node, now, omit_as_sybil)) {
+        routerinfo_t *ri = node->ri;
         const char *id = ri->cache_info.identity_digest;
         long tk = rep_hist_get_weighted_time_known(id, now);
         if (tk < guard_tk)
@@ -2751,13 +2771,18 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
     dirserv_set_router_is_running(ri, now);
   });
 
-  dirserv_compute_performance_thresholds(rl);
-
   routers = smartlist_new();
   smartlist_add_all(routers, rl->routers);
   routers_sort_by_identity(routers);
   omit_as_sybil = get_possible_sybil_list(routers);
 
+  DIGESTMAP_FOREACH(omit_as_sybil, sybil_id, void *, ignore) {
+    (void) ignore;
+    rep_hist_make_router_pessimal(sybil_id, now);
+  } DIGESTMAP_FOREACH_END;
+
+  dirserv_compute_performance_thresholds(rl, omit_as_sybil);
+
   routerstatuses = smartlist_new();
   microdescriptors = smartlist_new();
 
@@ -3008,14 +3033,13 @@ generate_v2_networkstatus_opinion(void)
     dirserv_set_router_is_running(ri, now);
   });
 
-  dirserv_compute_performance_thresholds(rl);
-
   routers = smartlist_new();
   smartlist_add_all(routers, rl->routers);
   routers_sort_by_identity(routers);
-
   omit_as_sybil = get_possible_sybil_list(routers);
 
+  dirserv_compute_performance_thresholds(rl, omit_as_sybil);
+
   SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
     if (ri->cache_info.published_on >= cutoff) {
       routerstatus_t rs;

src/or/rephist.c

@@ -422,6 +422,21 @@ rep_hist_note_router_unreachable(const char *id, time_t when)
   }
 }
 
+/** Mark a router with ID <b>id</b> as non-Running, and retroactively declare
+ * that it has never been running: give it no stability and no WFU. */
+void
+rep_hist_make_router_pessimal(const char *id, time_t when)
+{
+  or_history_t *hist = get_or_history(id);
+  tor_assert(hist);
+
+  rep_hist_note_router_unreachable(id, when);
+  mark_or_down(hist, when, 1);
+
+  hist->weighted_run_length = 0;
+  hist->weighted_uptime = 0;
+}
+
 /** Helper: Discount all old MTBF data, if it is time to do so.  Return
  * the time at which we should next discount MTBF data. */
 time_t

src/or/rephist.h

@@ -24,6 +24,8 @@ void rep_hist_dump_stats(time_t now, int severity);
 void rep_hist_note_bytes_read(size_t num_bytes, time_t when);
 void rep_hist_note_bytes_written(size_t num_bytes, time_t when);
 
+void rep_hist_make_router_pessimal(const char *id, time_t when);
+
 void rep_hist_note_dir_bytes_read(size_t num_bytes, time_t when);
 void rep_hist_note_dir_bytes_written(size_t num_bytes, time_t when);