Spec compliance: if weighted MTBF of a router is at least 5 days, always vote it as Stable.

svn:r17821

ChangeLog

@@ -23,6 +23,8 @@ Changes in version 0.2.1.10-alpha - 2009-01-??
       don't need to use RELAY_EARLY cells: the first hop knows what kind of
       cell it is, and nobody else can even see the cell type.  This makes
       it easier to cannibalize circuits like this later.
+    - Authorities now list vote for the Stable flag for any router whose
+      weighted MTBF is at least 5 days, regardless of the mean MTBF.
 
   o Code simplifications and refactoring:
     - Change our header file guard macros to be less likely to conflict

src/or/dirserv.c

@@ -1625,7 +1625,6 @@ should_generate_v2_networkstatus(void)
 #define UPTIME_TO_GUARANTEE_STABLE (3600*24*30)
 /** If a router's MTBF is at least this value, then it is always stable.
  * See above.  (Corresponds to about 7 days for current decay rates.) */
-/*XXXX021 Never actually used! */
 #define MTBF_TO_GUARANTEE_STABLE (60*60*24*5)
 /** Similarly, we protect sufficiently fast nodes from being pushed
  * out of the set of Fast nodes. */
@@ -1695,7 +1694,7 @@ dirserv_thinks_router_is_unreliable(time_t now,
 {
   if (need_uptime) {
     if (!enough_mtbf_info) {
-      /* XXX021 Once most authorities are on v3, we should change the rule from
+      /* XXX022 Once most authorities are on v3, we should change the rule from
        * "use uptime if we don't have mtbf data" to "don't advertise Stable on
        * v3 if we don't have enough mtbf data." */
       long uptime = real_uptime(router, now);
@@ -1705,7 +1704,8 @@ dirserv_thinks_router_is_unreliable(time_t now,
     } else {
       double mtbf =
         rep_hist_get_stability(router->cache_info.identity_digest, now);
-      if (mtbf < stable_mtbf)
+      if (mtbf < stable_mtbf &&
+          mtbf < MTBF_TO_GUARANTEE_STABLE)
         return 1;
     }
   }