[tor-talk] Time between client's consensus fetches?

Rusty Bird rustybird at openmailbox.org
Thu Mar 6 11:33:14 UTC 2014

corridor[0], a Tor traffic whitelisting gateway, usually subscribes to
NEWCONSENSUS events in a Tor control connection and converts each new
networkstatus consensus into a Linux ipset.

ipset entries can be be associated with a timeout value to make them
disappear from the set after some number of seconds. I'd like to use
that feature so the gateway fails closed if the corridor daemon dies.

Is it possible to get a consensus's fresh-until/valid-until dates
through a control connection?

In practice, is there a maximum time that can pass between a client
fetching consensus n and n+1? Over the last day I've observed intervals
between 900 and 7700 seconds.

Also, how does a client filter the raw incoming consensus into a
NEWCONSENSUS event? For example, on a box without CONFIG_IPV6 in the
kernel I can't see any IPv6 relay. Maybe the IPv4 relay list too is some
kind of local view, dropping relays that couldn't be reached?


[0] https://github.com/rustybird/corridor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140306/746e80a5/attachment-0001.sig>

More information about the tor-talk mailing list