Patch from Karsten to implement proposal 135 ("Testing Tor Networks").

svn:r15253

ChangeLog

@@ -1,9 +1,15 @@
 Changes in version 0.2.1.2-alpha - 2008-??-??
+  o Major features:
+    - New TestingTorNetwork option to allow adjustment of previously constant
+      values that, while reasonable, could slow bootstrapping.  Implements
+      proposal 135.  Patch from Karsten.
+
   o Minor features:
     - Allow OpenSSL to use dynamic locks if it wants.
     - When building a consensus do not include routers that are down.
       This will cut down 30% to 40% on consensus size.  Implements
       proposal 138.
+
   o Bugfixes:
     - Asking for a conditional consensus at .../consensus/<fingerprints>
       would crash a dirserver if it did not already have a consensus.

doc/spec/proposals/135-private-tor-networks.txt

@@ -4,7 +4,7 @@ Version: $Revision$
 Last-Modified: $Date$
 Author: Karsten Loesing
 Created: 29-Apr-2008
-Status: Open
+Status: Accepted
 
 Change history:
 

doc/tor.1.in

@@ -220,7 +220,11 @@ believe the same authorities they do.
 .LP
 .TP
 \fBAlternateDirAuthority \fR[\fInickname\fR] [\fBflags\fR] \fIaddress\fR\fB:\fIport fingerprint\fP
+.LP
+.TP
 \fBAlternateHSAuthority \fR[\fInickname\fR] [\fBflags\fR] \fIaddress\fR\fB:\fIport fingerprint\fP
+.LP
+.TP
 \fBAlternateBridgeAuthority \fR[\fInickname\fR] [\fBflags\fR] \fIaddress\fR\fB:\fIport fingerprint\fP
 As DirServer, but replaces less of the default directory authorities.
 Using AlternateDirAuthority replaces the default Tor directory
@@ -228,7 +232,8 @@ authorities, but leaves the hidden service authorities and bridge
 authorities in place.  Similarly, Using AlternateHSAuthority replaces
 the default hidden service authorities, but not the directory or
 bridge authorities.
-
+.LP
+.TP
 \fBFetchDirInfoEarly \fR\fB0\fR|\fB1\fR\fP
 If set to 1, Tor will always fetch directory information like other
 directory caches, even if you don't meet the normal criteria for
@@ -765,8 +770,6 @@ Like WarnPlaintextPorts, but instead of warning about risky port uses,
 Tor will instead refuse to make the connection.
 (Default: None).
 
-.LP
-.TP
 .SH SERVER OPTIONS
 .PP
 The following options are useful only for servers (that is, if \fBORPort\fP is non-zero):
@@ -1111,11 +1114,11 @@ addresses/ports.
 Set an entrance policy for this server, to limit who can connect to the
 directory ports.
 The policies have the same form as exit policies above.
-.LP
-.TP
 
 .SH DIRECTORY AUTHORITY SERVER OPTIONS
 .PP
+.LP
+.TP
 \fBRecommendedVersions \fR\fISTRING\fP
 STRING is a comma-separated list of Tor versions currently believed
 to be safe. The list is included in each directory, and nodes which
@@ -1215,7 +1218,7 @@ interval chosen by consensus from all the authorities' preferred
 intervals.  This time SHOULD divide evenly into a day. (Default: 1 hour)
 .LP
 .TP
-\fBV3AuthVoteDelay\fR \fINUM\fP
+\fBV3AuthVoteDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
 V3 authoritative directories only.  Configures the server's preferred
 delay between publishing its vote and assuming it has all the votes
 from all the other authorities.  Note that the actual time used is not
@@ -1223,7 +1226,7 @@ the server's preferred time, but the consensus of all preferences.
 (Default: 5 minutes.)
 .LP
 .TP
-\fBV3AuthDistDelay\fR \fINUM\fP
+\fBV3AuthDistDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
 V3 authoritative directories only.  Configures the server's preferred
 delay between publishing its consensus and signature and assuming it
 has all the signatures from all the other authorities.  Note that the
@@ -1291,6 +1294,67 @@ Every time the specified period elapses, Tor uploads any rendezvous
 service descriptors to the directory servers.  This information is also
 uploaded whenever it changes.  (Default: 20 minutes)
 
+.SH TESTING NETWORK OPTIONS
+.PP
+The following options are used for running a testing Tor network.
+.LP
+.TP
+\fBTestingTorNetwork \fR\fB0\fR|\fB1\fR\fP
+If set to 1, Tor adjusts default values of the configuration options below,
+so that it is easier to set up a testing Tor network. May only be set if
+non-default set of DirServers is set. Cannot be unset while Tor is running.
+(Default: 0)
+
+.PD 0
+.RS 12
+.IP "ServerDNSAllowBrokenResolvConf 1"
+.IP "DirAllowPrivateAddresses 1"
+.IP "EnforceDistinctSubnets 0"
+.IP "AssumeReachable 1"
+.IP "AuthDirMaxServersPerAddr 0"
+.IP "AuthDirMaxServersPerAuthAddr 0"
+.IP "ClientDNSRejectInternalAddresses 0"
+.IP "ExitPolicyRejectPrivate 0"
+.IP "V3AuthVotingInterval 5 minutes"
+.IP "V3AuthVoteDelay 20 seconds"
+.IP "V3AuthDistDelay 20 seconds"
+.IP "V3AuthInitialVotingInterval 5 minutes"
+.IP "V3AuthInitialVoteDelay 20 seconds"
+.IP "V3AuthInitialDistDelay 20 seconds"
+.IP "DirTimeToLearnReachability 0 minutes"
+.IP "EstimatedDescriptorPropagationTime 0 minutes"
+.RE
+.PD
+.LP
+.TP
+\fBV3AuthInitialVotingInterval\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
+Like \fBV3AuthVotingInterval\fR, but for initial voting interval before the
+first consensus has been created. Changing this requires that
+\fBTestingTorNetwork\fR is set. (Default: 30 minutes)
+.LP
+.TP
+\fBV3AuthInitialVoteDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
+Like \fBV3AuthInitialVoteDelay\fR, but for initial voting interval before
+the first consensus has been created. Changing this requires that
+\fBTestingTorNetwork\fR is set. (Default: 5 minutes)
+.LP
+.TP
+\fBV3AuthInitialDistDelay\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
+Like \fBV3AuthInitialDistDelay\fR, but for initial voting interval before
+the first consensus has been created. Changing this requires that
+\fBTestingTorNetwork\fR is set. (Default: 5 minutes)
+.LP
+.TP
+\fBDirTimeToLearnReachability\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
+Consider routers as Running this time after starting an authority.
+(Default: 30 minutes)
+.LP
+.TP
+\fBEstimatedDescriptorPropagationTime\fR \fR\fIN\fR \fBminutes\fR|\fBhours\fP
+Clients try downloading router descriptors from directory caches after this
+time. Changing this requires that \fBTestingTorNetwork\fR is set.
+(Default: 10 minutes)
+
 .\" UNDOCUMENTED
 .\" ignoreversion
 

src/or/config.c

@@ -174,6 +174,7 @@ static config_var_t _option_vars[] = {
   V(DataDirectory,               STRING,   NULL),
   OBSOLETE("DebugLogFile"),
   V(DirAllowPrivateAddresses,    BOOL,     NULL),
+  V(DirTimeToLearnReachability,  INTERVAL, "30 minutes"),
   V(DirListenAddress,            LINELIST, NULL),
   OBSOLETE("DirFetchPeriod"),
   V(DirPolicy,                   LINELIST, NULL),
@@ -188,6 +189,7 @@ static config_var_t _option_vars[] = {
   V(DownloadExtraInfo,           BOOL,     "0"),
   V(EnforceDistinctSubnets,      BOOL,     "1"),
   V(EntryNodes,                  STRING,   NULL),
+  V(EstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
   V(ExcludeNodes,                STRING,   NULL),
   V(ExitNodes,                   STRING,   NULL),
   V(ExitPolicy,                  LINELIST, NULL),
@@ -252,6 +254,7 @@ static config_var_t _option_vars[] = {
   V(OutboundBindAddress,         STRING,   NULL),
   OBSOLETE("PathlenCoinWeight"),
   V(PidFile,                     STRING,   NULL),
+  V(TestingTorNetwork,           BOOL,     "0"),
   V(PreferTunneledDirConns,      BOOL,     "1"),
   V(ProtocolWarnings,            BOOL,     "0"),
   V(PublishServerDescriptor,     CSV,      "1"),
@@ -306,6 +309,9 @@ static config_var_t _option_vars[] = {
   VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
   VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
   VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
+  V(V3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
+  V(V3AuthInitialVoteDelay,      INTERVAL, "5 minutes"),
+  V(V3AuthInitialDistDelay,      INTERVAL, "5 minutes"),
   V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
   V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
   V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
@@ -322,6 +328,27 @@ static config_var_t _option_vars[] = {
   V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"),
   { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
 };
+
+/* Keep defaults synchronous with man page and config value check. */
+static config_var_t testing_tor_network_defaults[] = {
+  V(ServerDNSAllowBrokenResolvConf, BOOL,  "1"),
+  V(DirAllowPrivateAddresses,    BOOL,     "1"),
+  V(EnforceDistinctSubnets,      BOOL,     "0"),
+  V(AssumeReachable,             BOOL,     "1"),
+  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
+  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
+  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
+  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
+  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
+  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
+  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
+  V(V3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
+  V(V3AuthInitialVoteDelay,      INTERVAL, "20 seconds"),
+  V(V3AuthInitialDistDelay,      INTERVAL, "20 seconds"),
+  V(DirTimeToLearnReachability,  INTERVAL, "0 minutes"),
+  V(EstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
+  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
+};
 #undef VAR
 
 #define VAR(name,conftype,member,initvalue)                             \
@@ -3350,6 +3377,73 @@ options_validate(or_options_t *old_options, or_options_t *options,
     });
   }
 
+  if (options->TestingTorNetwork && !options->DirServers) {
+    REJECT("TestingTorNetwork may only be configured in combination with "
+           "a non-default set of DirServers.");
+  }
+
+  /* Keep changes to hard-coded values synchronous to man page and default
+   * values table. */
+  if (options->V3AuthInitialVotingInterval != 30*60 &&
+      !options->TestingTorNetwork) {
+    REJECT("V3AuthInitialVotingInterval may only be changed in testing "
+           "Tor networks!");
+  } else if (options->V3AuthInitialVotingInterval < MIN_VOTE_INTERVAL) {
+    REJECT("V3AuthInitialVotingInterval is insanely low.");
+  } else if (((30*60) % options->V3AuthInitialVotingInterval) != 0) {
+    REJECT("V3AuthInitialVotingInterval does not divide evenly into "
+           "30 minutes.");
+  }
+
+  if (options->V3AuthInitialVoteDelay != 5*60 &&
+      !options->TestingTorNetwork) {
+    REJECT("V3AuthInitialVoteDelay may only be changed in testing "
+           "Tor networks!");
+  } else if (options->V3AuthInitialVoteDelay < MIN_VOTE_SECONDS) {
+    REJECT("V3AuthInitialVoteDelay is way too low.");
+  }
+
+  if (options->V3AuthInitialDistDelay != 5*60 &&
+      !options->TestingTorNetwork) {
+    REJECT("V3AuthInitialDistDelay may only be changed in testing "
+           "Tor networks!");
+  } else if (options->V3AuthInitialDistDelay < MIN_DIST_SECONDS) {
+    REJECT("V3AuthInitialDistDelay is way too low.");
+  }
+
+  if (options->V3AuthInitialVoteDelay + options->V3AuthInitialDistDelay >=
+      options->V3AuthInitialVotingInterval/2) {
+    REJECT("V3AuthInitialVoteDelay plus V3AuthInitialDistDelay must be "
+           "less than half V3AuthInitialVotingInterval");
+  }
+
+  if (options->DirTimeToLearnReachability != 30*60 &&
+      !options->TestingTorNetwork) {
+    REJECT("DirTimeToLearnReachability may only be changed in testing "
+           "Tor networks!");
+  } else if (options->DirTimeToLearnReachability < 0) {
+    REJECT("DirTimeToLearnReachability must be non-negative.");
+  } else if (options->DirTimeToLearnReachability > 2*60*60) {
+    COMPLAIN("DirTimeToLearnReachability is insanely high.");
+  }
+
+  if (options->EstimatedDescriptorPropagationTime != 10*60 &&
+      !options->TestingTorNetwork) {
+    REJECT("EstimatedDescriptorPropagationTime may only be changed in "
+           "testing Tor networks!");
+  } else if (options->EstimatedDescriptorPropagationTime < 0) {
+    REJECT("EstimatedDescriptorPropagationTime must be non-negative.");
+  } else if (options->EstimatedDescriptorPropagationTime > 60*60) {
+    COMPLAIN("EstimatedDescriptorPropagationTime is insanely high.");
+  }
+
+  if (options->TestingTorNetwork) {
+    log_warn(LD_CONFIG, "TestingTorNetwork is set. This will make your node "
+                        "almost unusable in the public Tor network, and is "
+                        "therefore only advised if you are building a "
+                        "testing Tor network!");
+  }
+
   return 0;
 #undef REJECT
 #undef COMPLAIN
@@ -3413,6 +3507,12 @@ options_transition_allowed(or_options_t *old, or_options_t *new_val,
     return -1;
   }
 
+  if (old->TestingTorNetwork != new_val->TestingTorNetwork) {
+    *msg = tor_strdup("While Tor is running, changing TestingTorNetwork "
+                      "is not allowed.");
+    return -1;
+  }
+
   return 0;
 }
 
@@ -3787,6 +3887,50 @@ options_init_from_string(const char *cf,
     goto err;
   }
 
+  /* If this is a testing network configuration, change defaults
+   * for a list of dependent config options, re-initialize newoptions
+   * with the new defaults, and assign all options to it second time. */
+  if (newoptions->TestingTorNetwork) {
+
+    /* Change defaults. */
+    int i;
+    for (i = 0; testing_tor_network_defaults[i].name; ++i) {
+      config_var_t *new_var = &testing_tor_network_defaults[i];
+      config_var_t *old_var =
+          config_find_option(&options_format, new_var->name);
+      tor_assert(new_var);
+      tor_assert(old_var);
+      old_var->initvalue = new_var->initvalue;
+    }
+
+    /* Clear newoptions and re-initialize them with new defaults. */
+    config_free(&options_format, newoptions);
+    newoptions = tor_malloc_zero(sizeof(or_options_t));
+    newoptions->_magic = OR_OPTIONS_MAGIC;
+    options_init(newoptions);
+    newoptions->command = command;
+    newoptions->command_arg = command_arg;
+
+    /* Assign all options a second time. */
+    retval = config_get_lines(cf, &cl);
+    if (retval < 0) {
+      err = SETOPT_ERR_PARSE;
+      goto err;
+    }
+    retval = config_assign(&options_format, newoptions, cl, 0, 0, msg);
+    config_free_lines(cl);
+    if (retval < 0) {
+      err = SETOPT_ERR_PARSE;
+      goto err;
+    }
+    retval = config_assign(&options_format, newoptions,
+                           global_cmdline_options, 0, 0, msg);
+    if (retval < 0) {
+      err = SETOPT_ERR_PARSE;
+      goto err;
+    }
+  }
+
   /* Validate newoptions */
   if (options_validate(oldoptions, newoptions, 0, msg) < 0) {
     err = SETOPT_ERR_PARSE; /*XXX021 make this separate.*/

src/or/dirserv.c

@@ -2122,10 +2122,6 @@ router_clear_status_flags(routerinfo_t *router)
     router->is_bad_exit = router->is_bad_directory = 0;
 }
 
-/** If we've been around for less than this amount of time, our reachability
- * information is not accurate. */
-#define DIRSERV_TIME_TO_GET_REACHABILITY_INFO (30*60)
-
 /** Return a new networkstatus_t* containing our current opinion. (For v3
  * authorities) */
 networkstatus_t *
@@ -2155,7 +2151,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
   tor_assert(private_key);
   tor_assert(cert);
 
-  if (now - time_of_process_start < DIRSERV_TIME_TO_GET_REACHABILITY_INFO)
+  if (now - time_of_process_start < options->DirTimeToLearnReachability)
     vote_on_reachability = 0;
 
   if (resolve_my_address(LOG_WARN, options, &addr, &hostname)<0) {
@@ -2241,7 +2237,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
       last_consensus_interval = current_consensus->fresh_until -
         current_consensus->valid_after;
     else
-      last_consensus_interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS;
+      last_consensus_interval = options->V3AuthInitialVotingInterval;
     v3_out->valid_after =
       dirvote_get_start_of_next_interval(now, (int)last_consensus_interval);
     format_iso_time(tbuf, v3_out->valid_after);

src/or/dirvote.c

@@ -1308,8 +1308,9 @@ dirvote_recalculate_timing(or_options_t *options, time_t now)
     vote_delay = consensus->vote_seconds;
     dist_delay = consensus->dist_seconds;
   } else {
-    interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS;
-    vote_delay = dist_delay = 300;
+    interval = options->V3AuthInitialVotingInterval;
+    vote_delay = options->V3AuthInitialVoteDelay;
+    dist_delay = options->V3AuthInitialDistDelay;
   }
 
   tor_assert(interval > 0);

src/or/or.h

@@ -2355,6 +2355,31 @@ typedef struct {
    * migration purposes? */
   int V3AuthUseLegacyKey;
 
+  /** The length of time that we think an initial consensus should be
+   * fresh. */
+  int V3AuthInitialVotingInterval;
+
+  /** The length of time we think it will take to distribute initial
+   * votes. */
+  int V3AuthInitialVoteDelay;
+
+  /** The length of time we think it will take to distribute initial
+   * signatures. */
+  int V3AuthInitialDistDelay;
+
+  /** If an authority has been around for less than this amount of time,
+   * its reachability information is not accurate. */
+  int DirTimeToLearnReachability;
+
+  /** Clients don't download any descriptor this recent, since it will
+   * probably not have propagated to enough caches. */
+  int EstimatedDescriptorPropagationTime;
+
+  /** If true, we take part in a testing network. Change the defaults of a
+   * couple of other configuration options and allow to change the values
+   * of certain configuration options. */
+  int TestingTorNetwork;
+
   /** File to check for a consensus networkstatus, if we don't have one
    * cached. */
   char *FallbackNetworkstatusFile;
@@ -3223,9 +3248,6 @@ cached_dir_t *new_cached_dir(char *s, time_t published);
 /** Smallest allowable voting interval. */
 #define MIN_VOTE_INTERVAL 300
 
-/** If there is no consensus, what interval do we default to? */
-#define DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS (30*60)
-
 void dirvote_free_all(void);
 
 /* vote manipulation */

src/or/routerlist.c

@@ -3718,10 +3718,6 @@ initiate_descriptor_downloads(routerstatus_t *source,
   tor_free(resource);
 }
 
-/** Clients don't download any descriptor this recent, since it will probably
- * not have propagated to enough caches. */
-#define ESTIMATED_PROPAGATION_TIME (10*60)
-
 /** Return 0 if this routerstatus is obsolete, too new, isn't
  * running, or otherwise not a descriptor that we would make any
  * use of even if we had it. Else return 1. */
@@ -3733,7 +3729,7 @@ client_would_use_router(routerstatus_t *rs, time_t now, or_options_t *options)
      * But, if we want to have a complete list, fetch it anyway. */
     return 0;
   }
-  if (rs->published_on + ESTIMATED_PROPAGATION_TIME > now) {
+  if (rs->published_on + options->EstimatedDescriptorPropagationTime > now) {
     /* Most caches probably don't have this descriptor yet. */
     return 0;
   }