[or-cvs] r12282: Accept future networkstatus documents, but warn about skew w (in tor/trunk: . doc doc/spec src/or)

nickm at seul.org nickm at seul.org
Tue Oct 30 15:17:02 UTC 2007 

Author: nickm
Date: 2007-10-30 11:17:01 -0400 (Tue, 30 Oct 2007)
New Revision: 12282

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/doc/TODO
   tor/trunk/doc/spec/control-spec.txt
   tor/trunk/src/or/networkstatus.c
Log:
 r16278 at catbus:  nickm | 2007-10-30 09:46:28 -0400
 Accept future networkstatus documents, but warn about skew when we get them.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r16278] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-10-30 10:48:44 UTC (rev 12281)
+++ tor/trunk/ChangeLog	2007-10-30 15:17:01 UTC (rev 12282)
@@ -36,6 +36,7 @@
     - When we have no consensus, check FallbackNetworkstatusFile (defaults
       to $PREFIX/share/tor/fallback-consensus) for a consensus.  This way
       we start knowing some directory caches.
+    - When we receive a consensus from the future, warn about skew.
 
   - Utilities:
     - Update linux-tor-prio.sh script to allow QoS based on the uid of

Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO	2007-10-30 10:48:44 UTC (rev 12281)
+++ tor/trunk/doc/TODO	2007-10-30 15:17:01 UTC (rev 12282)
@@ -58,8 +58,8 @@
         - Revised handshake.
         - Have a 'waiting_for_authentication' state.
         - Only do version negotiation if we use the normalized TLS.
-    - Skew issues:
-      - if you load (nick says receive/set/anything) a consensus that's
+    . Skew issues:
+      o if you load (nick says receive/set/anything) a consensus that's
         in the future, then log about skew.
       - should change the "skew complaint" to specify in largest units
         rather than just seconds.

Modified: tor/trunk/doc/spec/control-spec.txt
===================================================================
--- tor/trunk/doc/spec/control-spec.txt	2007-10-30 10:48:44 UTC (rev 12281)
+++ tor/trunk/doc/spec/control-spec.txt	2007-10-30 15:17:01 UTC (rev 12282)
@@ -1200,12 +1200,14 @@
 
      CLOCK_SKEW
        SKEW="+" / "-" SECONDS
-       SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT"
+       SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT" / "CONSENSUS"
          If "SKEW" is present, it's an estimate of how far we are from the
          time declared in the source.  If the source is a DIRSERV, we got
          the current time from a connection to a dirserver.  If the source is
-         a NETWORKSTATUS, we decided we're skewed because we got a
-         networkstatus from far in the future.
+         a NETWORKSTATUS, we decided we're skewed because we got a v2
+         networkstatus from far in the future.  If the source is
+         CONSENSUS, we decided we're skewed because we got a networkstatus
+         consensus from the future.
 
          {Controllers may want to warn the user if the skew is high, or if
          multiple skew messages appear at severity WARN.  Controllers

Modified: tor/trunk/src/or/networkstatus.c
===================================================================
--- tor/trunk/src/or/networkstatus.c	2007-10-30 10:48:44 UTC (rev 12281)
+++ tor/trunk/src/or/networkstatus.c	2007-10-30 15:17:01 UTC (rev 12282)
@@ -1235,7 +1235,8 @@
   }
 
   if (current_consensus && c->valid_after <= current_consensus->valid_after) {
-    /* We have a newer one. */
+    /* We have a newer one.  There's no point in accepting this one,
+     * even if it's great. */
     log_info(LD_DIR, "Got a consensus at least as old as the one we have");
     goto done;
   }
@@ -1284,9 +1285,6 @@
     }
   }
 
-  /* XXXX020 check dates for plausibility.  Don't trust a consensus whose
-   * valid-after date is very far in the future. */
-
   /* Are we missing any certificates at all? */
   if (r != 1)
     authority_certs_fetch_missing(c, now);
@@ -1330,6 +1328,15 @@
     dirserv_set_cached_networkstatus_v3(consensus,
                                         current_consensus->valid_after);
 
+  if (ftime_definitely_before(now, current_consensus->valid_after)) {
+    char buf[ISO_TIME_LEN+1];
+    format_iso_time(buf, current_consensus->valid_after);
+    log_warn(LD_GENERAL, "Consensus network status document was published "
+             "at some time in the future (%s GMT).  Check your time and date "
+             "settings!", buf);
+    control_event_general_status(LOG_WARN, "CLOCK_SKEW SOURCE=CONSENSUS");
+  }
+
   router_dir_info_changed();
 
   result = 0;

More information about the tor-commits mailing list