corridor[0], a Tor traffic whitelisting gateway, usually subscribes to NEWCONSENSUS events in a Tor control connection and converts each new networkstatus consensus into a Linux ipset. ipset entries can be be associated with a timeout value to make them disappear from the set after some number of seconds. I'd like to use that feature so the gateway fails closed if the corridor daemon dies. Is it possible to get a consensus's fresh-until/valid-until dates through a control connection? In practice, is there a maximum time that can pass between a client fetching consensus n and n+1? Over the last day I've observed intervals between 900 and 7700 seconds. Also, how does a client filter the raw incoming consensus into a NEWCONSENSUS event? For example, on a box without CONFIG_IPV6 in the kernel I can't see any IPv6 relay. Maybe the IPv4 relay list too is some kind of local view, dropping relays that couldn't be reached? Rusty [0] https://github.com/rustybird/corridor
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk