commit 5399092235e6d1f74841347b01adddaf9df63d3a Author: Damian Johnson atagar@torproject.org Date: Fri Apr 13 12:52:35 2018 -0700
Check for clock skew
Roger had the great suggestion that we should check for clock skew...
https://trac.torproject.org/projects/tor/ticket/25768
Expanded stem a bit along with this to surface response headers. --- consensus_health_checker.py | 13 ++++++++++--- data/consensus_health.cfg | 1 + 2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/consensus_health_checker.py b/consensus_health_checker.py index 48c1224..981c4a6 100755 --- a/consensus_health_checker.py +++ b/consensus_health_checker.py @@ -927,7 +927,7 @@ def get_votes():
def _get_documents(label, resource): - documents, times_taken, issues = {}, {}, [] + documents, times_taken, clock_skew, issues = {}, {}, {}, []
for authority in DIRECTORY_AUTHORITIES.values(): if authority.v3ident is None: @@ -940,9 +940,12 @@ def _get_documents(label, resource): )
try: - start_time = time.time() + start_time = datetime.datetime.utcnow() documents[authority.nickname] = query.run()[0] - times_taken[authority.nickname] = time.time() - start_time + response_timestamp = datetime.datetime.strptime(query.reply_headers.get('date'), '%a, %d %b %Y %H:%M:%S %Z') + + times_taken[authority.nickname] = (datetime.datetime.utcnow() - start_time).total_seconds() + clock_skew[authority.nickname] = abs((start_time - response_timestamp).total_seconds()) except Exception as exc: issues.append(Issue(Runlevel.ERROR, 'AUTHORITY_UNAVAILABLE', fetch_type = label, authority = authority.nickname, url = query.download_url, error = exc, to = [authority.nickname]))
@@ -954,6 +957,10 @@ def _get_documents(label, resource): if time_taken > median_time * 5: issues.append(Issue(Runlevel.NOTICE, 'LATENCY', authority = nickname, time_taken = '%0.1fs' % time_taken, median_time = '%0.1fs' % median_time, authority_times = authority_times, to = [nickname]))
+ for nickname, difference in clock_skew.items(): + if difference > 10: + issues.append(Issue(Runlevel.NOTICE, 'CLOCK_SKEW', authority = nickname, difference = difference, to = [nickname])) + return documents, issues
diff --git a/data/consensus_health.cfg b/data/consensus_health.cfg index 39aa2e5..994b361 100644 --- a/data/consensus_health.cfg +++ b/data/consensus_health.cfg @@ -1,6 +1,7 @@ # message templates for notifications we send
msg LATENCY => Downloading the consensus from {authority} took {time_taken}. Median download time is {median_time}: {authority_times} +msg CLOCK_SKEW => The system clock of {authority} is {difference} seconds off msg MISSING_LATEST_CONSENSUS => The consensuses published by the following directory authorities are more than one hour old and therefore not fresh anymore: {authorities} msg MISSING_AUTHORITY_DESC => {authority} is missing the server descriptor of {peer} msg CONSENSUS_METHOD_UNSUPPORTED => The following directory authorities do not support the consensus method that the consensus uses: {authorities}