nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 12:23:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor clock skew warning code to avoid duplication

Browse Source
This commit is contained in:
Arlo Breault 2015-12-08 11:32:29 -08:00 committed by Nick Mathewson
parent d015c70a11
commit d68b7fd442
5 changed files with 48 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/or/channeltls.c
View File

@ -1663,30 +1663,9 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
#define NETINFO_NOTICE_SKEW 3600 #define NETINFO_NOTICE_SKEW 3600
if (labs(apparent_skew) > NETINFO_NOTICE_SKEW && if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
router_get_by_id_digest(chan->conn->identity_digest)) { router_get_by_id_digest(chan->conn->identity_digest)) {
char dbuf[64]; int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);
int severity; clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL,
/*XXXX be smarter about when everybody says we are skewed. */ "NETINFO cell", "OR");
if (router_digest_is_trusted_dir(chan->conn->identity_digest))
severity = LOG_WARN;
else
severity = LOG_INFO;
format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
log_fn(severity, LD_GENERAL,
"Received NETINFO cell with skewed time from "
"server at %s:%d. It seems that our clock is %s by %s, or "
"that theirs is %s. Tor requires an accurate clock to work: "
"please check your time and date settings.",
chan->conn->base_.address,
(int)(chan->conn->base_.port),
apparent_skew > 0 ? "ahead" : "behind",
dbuf,
apparent_skew > 0 ? "behind" : "ahead");
if (severity == LOG_WARN) /* only tell the controller if an authority */
control_event_general_status(LOG_WARN,
"CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
apparent_skew,
chan->conn->base_.address,
chan->conn->base_.port);
} }
/* XXX maybe act on my_apparent_addr, if the source is sufficiently /* XXX maybe act on my_apparent_addr, if the source is sufficiently

30
src/or/connection.c
View File

@ -5018,3 +5018,33 @@ connection_free_all(void)
#endif #endif
} }
/** Log a warning, and possibly emit a control event, that <b>received</b> came
* at a skewed time. <b>trusted</b> indicates that the <b>source</b> was one
* that we had more faith in and therefore the warning level should have higher
* severity.
*/
void
clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted,
log_domain_mask_t domain, const char *received,
const char *source)
{
char dbuf[64];
char *ext_source = NULL;
format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
if (conn)
tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
else
ext_source = tor_strdup(source);
log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
"Received %s with skewed time (%s): "
"It seems that our clock is %s by %s, or that theirs is %s%s. "
"Tor requires an accurate clock to work: please check your time, "
"timezone, and date settings.", received, ext_source,
apparent_skew > 0 ? "ahead" : "behind", dbuf,
apparent_skew > 0 ? "behind" : "ahead",
(!conn || trusted) ? "" : ", or they are sending us the wrong time");
if (trusted)
control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
apparent_skew, ext_source);
tor_free(ext_source);
}

4
src/or/connection.h
View File

@ -210,6 +210,10 @@ int connection_or_nonopen_was_started_here(or_connection_t *conn);
void connection_dump_buffer_mem_stats(int severity); void connection_dump_buffer_mem_stats(int severity);
void remove_file_if_very_old(const char *fname, time_t now); void remove_file_if_very_old(const char *fname, time_t now);
void clock_skew_warning(const connection_t *conn, long apparent_skew,
int trusted, log_domain_mask_t domain,
const char *received, const char *source);
#ifdef USE_BUFFEREVENTS #ifdef USE_BUFFEREVENTS
int connection_type_uses_bufferevent(connection_t *conn); int connection_type_uses_bufferevent(connection_t *conn);
void connection_configure_bufferevent_callbacks(connection_t *conn); void connection_configure_bufferevent_callbacks(connection_t *conn);

25
src/or/directory.c
View File

@ -1595,7 +1595,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
size_t body_len = 0, orig_len = 0; size_t body_len = 0, orig_len = 0;
int status_code; int status_code;
time_t date_header = 0; time_t date_header = 0;
long delta; long apparent_skew;
compress_method_t compression; compress_method_t compression;
int plausible; int plausible;
int skewed = 0; int skewed = 0;
@ -1654,28 +1654,15 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
* and the date header. (We used to check now-date_header, but that's * and the date header. (We used to check now-date_header, but that's
* inaccurate if we spend a lot of time downloading.) * inaccurate if we spend a lot of time downloading.)
*/ */
delta = conn->base_.timestamp_lastwritten - date_header; apparent_skew = conn->base_.timestamp_lastwritten - date_header;
if (labs(delta)>ALLOW_DIRECTORY_TIME_SKEW) { if (labs(apparent_skew)>ALLOW_DIRECTORY_TIME_SKEW) {
char dbuf[64];
int trusted = router_digest_is_trusted_dir(conn->identity_digest); int trusted = router_digest_is_trusted_dir(conn->identity_digest);
format_time_interval(dbuf, sizeof(dbuf), delta); clock_skew_warning(TO_CONN(conn), apparent_skew, trusted, LD_HTTP,
log_fn(trusted ? LOG_WARN : LOG_INFO, "directory", "DIRSERV");
LD_HTTP,
"Received directory with skewed time (server '%s:%d'): "
"It seems that our clock is %s by %s, or that theirs is %s. "
"Tor requires an accurate clock to work: please check your time, "
"timezone, and date settings.",
conn->base_.address, conn->base_.port,
delta>0 ? "ahead" : "behind", dbuf,
delta>0 ? "behind" : "ahead");
skewed = 1; /* don't check the recommended-versions line */ skewed = 1; /* don't check the recommended-versions line */
if (trusted)
control_event_general_status(LOG_WARN,
"CLOCK_SKEW SKEW=%ld SOURCE=DIRSERV:%s:%d",
delta, conn->base_.address, conn->base_.port);
} else { } else {
log_debug(LD_HTTP, "Time on received directory is within tolerance; " log_debug(LD_HTTP, "Time on received directory is within tolerance; "
"we are %ld seconds skewed. (That's okay.)", delta); "we are %ld seconds skewed. (That's okay.)", apparent_skew);
} }
} }
(void) skewed; /* skewed isn't used yet. */ (void) skewed; /* skewed isn't used yet. */

16
src/or/statefile.c
View File

@ -9,6 +9,7 @@
#include "circuitstats.h" #include "circuitstats.h"
#include "config.h" #include "config.h"
#include "confparse.h" #include "confparse.h"
#include "connection.h"
#include "entrynodes.h" #include "entrynodes.h"
#include "hibernate.h" #include "hibernate.h"
#include "rephist.h" #include "rephist.h"
@ -374,17 +375,10 @@ or_state_load(void)
log_info(LD_GENERAL, "Loaded state from \"%s\"", fname); log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
/* Warn the user if their clock has been set backwards, /* Warn the user if their clock has been set backwards,
* they could be tricked into using old consensuses */ * they could be tricked into using old consensuses */
if (new_state->LastWritten > time(NULL)) { time_t apparent_skew = new_state->LastWritten - time(NULL);
char last_written_str[ISO_TIME_LEN+1]; if (apparent_skew > 0)
char now_str[ISO_TIME_LEN+1]; clock_skew_warning(NULL, (long)apparent_skew, 1, LD_GENERAL,
format_iso_time(last_written_str, new_state->LastWritten), "local state file", fname);
format_iso_time(now_str, time(NULL));
log_warn(LD_GENERAL, "Your system clock has been set back in time. "
"Tor needs an accurate clock to know when the consensus "
"expires. You might have an empty clock battery or bad NTP "
"server. Clock time is %s, state file time is %s.",
now_str, last_written_str);
}
} else { } else {
log_info(LD_GENERAL, "Initialized state"); log_info(LD_GENERAL, "Initialized state");
} }