mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 05:03:43 +01:00
r16278@catbus: nickm | 2007-10-30 09:46:28 -0400
Accept future networkstatus documents, but warn about skew when we get them. svn:r12282
This commit is contained in:
parent
07621f090f
commit
7709fb7143
@ -36,6 +36,7 @@ Changes in version 0.2.0.10-alpha - 2007-1?-??
|
||||
- When we have no consensus, check FallbackNetworkstatusFile (defaults
|
||||
to $PREFIX/share/tor/fallback-consensus) for a consensus. This way
|
||||
we start knowing some directory caches.
|
||||
- When we receive a consensus from the future, warn about skew.
|
||||
|
||||
- Utilities:
|
||||
- Update linux-tor-prio.sh script to allow QoS based on the uid of
|
||||
|
4
doc/TODO
4
doc/TODO
@ -58,8 +58,8 @@ Things we'd like to do in 0.2.0.x:
|
||||
- Revised handshake.
|
||||
- Have a 'waiting_for_authentication' state.
|
||||
- Only do version negotiation if we use the normalized TLS.
|
||||
- Skew issues:
|
||||
- if you load (nick says receive/set/anything) a consensus that's
|
||||
. Skew issues:
|
||||
o if you load (nick says receive/set/anything) a consensus that's
|
||||
in the future, then log about skew.
|
||||
- should change the "skew complaint" to specify in largest units
|
||||
rather than just seconds.
|
||||
|
@ -1200,12 +1200,14 @@ $Id$
|
||||
|
||||
CLOCK_SKEW
|
||||
SKEW="+" / "-" SECONDS
|
||||
SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT"
|
||||
SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT" / "CONSENSUS"
|
||||
If "SKEW" is present, it's an estimate of how far we are from the
|
||||
time declared in the source. If the source is a DIRSERV, we got
|
||||
the current time from a connection to a dirserver. If the source is
|
||||
a NETWORKSTATUS, we decided we're skewed because we got a
|
||||
networkstatus from far in the future.
|
||||
a NETWORKSTATUS, we decided we're skewed because we got a v2
|
||||
networkstatus from far in the future. If the source is
|
||||
CONSENSUS, we decided we're skewed because we got a networkstatus
|
||||
consensus from the future.
|
||||
|
||||
{Controllers may want to warn the user if the skew is high, or if
|
||||
multiple skew messages appear at severity WARN. Controllers
|
||||
|
@ -1235,7 +1235,8 @@ networkstatus_set_current_consensus(const char *consensus, int from_cache,
|
||||
}
|
||||
|
||||
if (current_consensus && c->valid_after <= current_consensus->valid_after) {
|
||||
/* We have a newer one. */
|
||||
/* We have a newer one. There's no point in accepting this one,
|
||||
* even if it's great. */
|
||||
log_info(LD_DIR, "Got a consensus at least as old as the one we have");
|
||||
goto done;
|
||||
}
|
||||
@ -1284,9 +1285,6 @@ networkstatus_set_current_consensus(const char *consensus, int from_cache,
|
||||
}
|
||||
}
|
||||
|
||||
/* XXXX020 check dates for plausibility. Don't trust a consensus whose
|
||||
* valid-after date is very far in the future. */
|
||||
|
||||
/* Are we missing any certificates at all? */
|
||||
if (r != 1)
|
||||
authority_certs_fetch_missing(c, now);
|
||||
@ -1330,6 +1328,15 @@ networkstatus_set_current_consensus(const char *consensus, int from_cache,
|
||||
dirserv_set_cached_networkstatus_v3(consensus,
|
||||
current_consensus->valid_after);
|
||||
|
||||
if (ftime_definitely_before(now, current_consensus->valid_after)) {
|
||||
char buf[ISO_TIME_LEN+1];
|
||||
format_iso_time(buf, current_consensus->valid_after);
|
||||
log_warn(LD_GENERAL, "Consensus network status document was published "
|
||||
"at some time in the future (%s GMT). Check your time and date "
|
||||
"settings!", buf);
|
||||
control_event_general_status(LOG_WARN, "CLOCK_SKEW SOURCE=CONSENSUS");
|
||||
}
|
||||
|
||||
router_dir_info_changed();
|
||||
|
||||
result = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user