HSDir flag now requires the Stable flag

Fixes #8243

diff --git a/changes/ticket8243 b/changes/ticket8243
new file mode 100644 (file)
index 0000000..8946a21
--- /dev/null
+++ b/changes/ticket8243
@@ -0,0 +1,7 @@
+  o Minor feature:
+    - The HSDir flag given by authorities now requires the Stable flag. For
+      the current network, this results in going from 2887 to 2806 HSDirs.
+      Also, it makes it harder for an attacker to launch a sybil attack by
+      raising the effort for a relay to become Stable which takes at the
+      very least 7 days to do so and by keeping the 96 hours uptime
+      requirement for HSDir. Implements ticket #8243.

diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index a024be8342e4e1ebd893ca3acdb44381d6d094af..65bfafba6cb3545b6ea3fc14c41730d2b450906f 100644 (file)
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1278,8 +1278,9 @@ dirserv_thinks_router_is_unreliable(time_t now,
 }
 
 /** Return true iff <b>router</b> should be assigned the "HSDir" flag.
- * Right now this means it advertises support for it, it has a high
- * uptime, it has a DirPort open, and it's currently considered Running.
+ * Right now this means it advertises support for it, it has a high uptime,
+ * it has a DirPort open, it has the Stable flag and it's currently
+ * considered Running.
  *
  * This function needs to be called after router-\>is_running has
  * been set.
@@ -1306,6 +1307,7 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
     uptime = real_uptime(router, now);
 
   return (router->wants_to_be_hs_dir && router->dir_port &&
+          node->is_stable &&
           uptime >= get_options()->MinUptimeHidServDirectoryV2 &&
           router_is_active(router, node, now));
 }