|
|
@@ -270,6 +270,70 @@ $Id$
|
|
|
It uses the last-mapped identity value, unless all of the "binding"
|
|
|
network status documents bind the name to some other identity.
|
|
|
|
|
|
+5.3. Notes on what we do now.
|
|
|
+
|
|
|
+ THIS SECTION SHOULD BE FOLDED INTO THE EARLIER SECTIONS; THEY ARE WRONG;
|
|
|
+ THIS IS RIGHT.
|
|
|
+
|
|
|
+ All downloaded networkstatuses are discarded once they are 10 days old (by
|
|
|
+ published date).
|
|
|
+
|
|
|
+ Authdirs download each others' networkstatus every
|
|
|
+ AUTHORITY_NS_CACHE_INTERVAL minutes (currently 10).
|
|
|
+
|
|
|
+ Directory caches download authorities' networkstatus every
|
|
|
+ NONAUTHORITY_NS_CACHE_INTERVAL minutes (currently 10).
|
|
|
+
|
|
|
+ Clients always try to replace any networkstatus received over
|
|
|
+ NETWORKSTATUS_MAX_VALIDITY ago (currently 2 days). Also, when the most
|
|
|
+ recently received networkstatus is more than
|
|
|
+ NETWORKSTATUS_CLIENT_DL_INTERVAL (30 minutes) old, and we do not have any
|
|
|
+ open directory connections fetching a networkstatus, clients try to
|
|
|
+ download the networkstatus on their list after the most recently received
|
|
|
+ networkstatus, skipping failed networkstatuses. A networkstatus is
|
|
|
+ "failed" if NETWORKSTATUS_N_ALLOWABLE_FAILURES (3) attempts in a row have
|
|
|
+ all failed.
|
|
|
+
|
|
|
+ We do not update router statuses if we have less than half of the
|
|
|
+ networkstatuses.
|
|
|
+
|
|
|
+ A networkstatus is "live" if it is the most recent we have received signed
|
|
|
+ by a given trusted authority.
|
|
|
+
|
|
|
+ A networkstatus is "recent" if it is "live" and:
|
|
|
+ - it was received in the last DEFAULT_RUNNING_INTERVAL (currently 60
|
|
|
+ minutes)
|
|
|
+ OR - it was one of the MIN_TO_INFLUENCE_RUNNING (3) most recently received
|
|
|
+ networkstatuses.
|
|
|
+
|
|
|
+ Authorities always believe their own opinion as to a router's status. For
|
|
|
+ other tors:
|
|
|
+ - a router is valid if more than half of the live networkstatuses think
|
|
|
+ it's valid.
|
|
|
+ - a router is named if more than half of the live networkstatuses from
|
|
|
+ naming authorities think it's named, and they all think it has the
|
|
|
+ same name.
|
|
|
+ - a router is running if more than half of the recent networkstatuses
|
|
|
+ think it's running.
|
|
|
+
|
|
|
+ Everyone downloads router descriptors as follows:
|
|
|
+
|
|
|
+ - If any networkstatus lists a more recently published routerdesc with a
|
|
|
+ different descriptor digest, and no more than
|
|
|
+ MAX_ROUTERDESC_DOWNLOAD_FAILURES attempts to retrieve that routerdesc
|
|
|
+ have failed, then that routerdesc is "downloadable".
|
|
|
+
|
|
|
+ - Every DirFetchInterval, or whenever a request for routerdescs returns
|
|
|
+ no routerdescs, we launch a set of requests for all downloadable
|
|
|
+ routerdescs. We divide the downloadable routerdescs into groups of no
|
|
|
+ more than DL_PER_REQUEST, and send a request for each group to
|
|
|
+ directory servers chosen independently.
|
|
|
+
|
|
|
+ - We also launch a request as above when a request for routerdescs
|
|
|
+ fails and we have no directory connections fetching routerdescs.
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
6. Remaining issues
|
|
|
|
|
|
Client-knowledge partitioning is worrisome. Most versions of this don't
|
Nick Mathewson