[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Factor out warn_early_consensus()
commit 0b80a0e500d5132ca4dd77403b5a4c7f23f26a80
Author: Taylor Yu <catalyst@xxxxxxxxxxxxxx>
Date: Tue May 1 18:13:37 2018 -0500
Factor out warn_early_consensus()
Factor out the early consensus warning code from
networkstatus_set_current_consensus() into a new function
warn_early_consensus().
---
src/or/networkstatus.c | 62 ++++++++++++++++++++++++++++++++++----------------
src/or/networkstatus.h | 2 ++
2 files changed, 45 insertions(+), 19 deletions(-)
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 44c0638c2..ace9fc94a 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -1751,6 +1751,48 @@ handle_missing_protocol_warning(const networkstatus_t *c,
handle_missing_protocol_warning_impl(c, 1);
}
+/**
+ * Check whether we received a consensus that appears to be coming
+ * from the future. Because we implicitly trust the directory
+ * authorities' idea of the current time, we produce a warning if we
+ * get an early consensus.
+ *
+ * If we got a consensus that is time stamped far in the past, that
+ * could simply have come from a stale cache. Possible ways to get a
+ * consensus from the future can include:
+ *
+ * - enough directory authorities have wrong clocks
+ * - directory authorities collude to produce misleading time stamps
+ * - our own clock is wrong (this is by far the most likely)
+ *
+ * We neglect highly improbable scenarios that involve actual time
+ * travel.
+ */
+STATIC void
+warn_early_consensus(const networkstatus_t *c, const char *flavor,
+ time_t now)
+{
+/** If a consensus appears more than this many seconds before its declared
+ * valid-after time, declare that our clock is skewed. */
+#define EARLY_CONSENSUS_NOTICE_SKEW 60
+
+ if (now < c->valid_after - EARLY_CONSENSUS_NOTICE_SKEW) {
+ char tbuf[ISO_TIME_LEN+1];
+ char dbuf[64];
+ long delta = now - c->valid_after;
+ char *flavormsg = NULL;
+ format_iso_time(tbuf, c->valid_after);
+ format_time_interval(dbuf, sizeof(dbuf), delta);
+ log_warn(LD_GENERAL, "Our clock is %s behind the time published in the "
+ "consensus network status document (%s UTC). Tor needs an "
+ "accurate clock to work correctly. Please check your time and "
+ "date settings!", dbuf, tbuf);
+ tor_asprintf(&flavormsg, "%s flavor consensus", flavor);
+ clock_skew_warning(NULL, delta, 1, LD_GENERAL, flavormsg, "CONSENSUS");
+ tor_free(flavormsg);
+ }
+}
+
/** Try to replace the current cached v3 networkstatus with the one in
* <b>consensus</b>. If we don't have enough certificates to validate it,
* store it in consensus_waiting_for_certs and launch a certificate fetch.
@@ -2053,25 +2095,7 @@ networkstatus_set_current_consensus(const char *consensus,
write_str_to_file(consensus_fname, consensus, 0);
}
-/** If a consensus appears more than this many seconds before its declared
- * valid-after time, declare that our clock is skewed. */
-#define EARLY_CONSENSUS_NOTICE_SKEW 60
-
- if (now < c->valid_after - EARLY_CONSENSUS_NOTICE_SKEW) {
- char tbuf[ISO_TIME_LEN+1];
- char dbuf[64];
- long delta = now - c->valid_after;
- char *flavormsg = NULL;
- format_iso_time(tbuf, c->valid_after);
- format_time_interval(dbuf, sizeof(dbuf), delta);
- log_warn(LD_GENERAL, "Our clock is %s behind the time published in the "
- "consensus network status document (%s UTC). Tor needs an "
- "accurate clock to work correctly. Please check your time and "
- "date settings!", dbuf, tbuf);
- tor_asprintf(&flavormsg, "%s flavor consensus", flavor);
- clock_skew_warning(NULL, delta, 1, LD_GENERAL, flavormsg, "CONSENSUS");
- tor_free(flavormsg);
- }
+ warn_early_consensus(c, flavor, now);
/* We got a new consesus. Reset our md fetch fail cache */
microdesc_reset_outdated_dirservers_list();
diff --git a/src/or/networkstatus.h b/src/or/networkstatus.h
index 0c325959d..b133f43dc 100644
--- a/src/or/networkstatus.h
+++ b/src/or/networkstatus.h
@@ -153,6 +153,8 @@ int any_client_port_set(const or_options_t *options);
#ifdef TOR_UNIT_TESTS
STATIC int networkstatus_set_current_consensus_from_ns(networkstatus_t *c,
const char *flavor);
+STATIC void warn_early_consensus(const networkstatus_t *c, const char *flavor,
+ time_t now);
extern networkstatus_t *current_ns_consensus;
extern networkstatus_t *current_md_consensus;
#endif /* defined(TOR_UNIT_TESTS) */
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits