r16278@catbus: nickm | 2007-10-30 09:46:28 -0400

 Accept future networkstatus documents, but warn about skew when we get them.


svn:r12282

4 files changed, 19 insertions, 9 deletions

diff --git a/ChangeLog b/ChangeLog
index e515d7c854..1a70f16b75 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,7 @@ Changes in version 0.2.0.10-alpha - 2007-1?-??
     - When we have no consensus, check FallbackNetworkstatusFile (defaults
       to $PREFIX/share/tor/fallback-consensus) for a consensus.  This way
       we start knowing some directory caches.
+    - When we receive a consensus from the future, warn about skew.
 
   - Utilities:
     - Update linux-tor-prio.sh script to allow QoS based on the uid of
diff --git a/doc/TODO b/doc/TODO
index 659c531e70..e72a2cc998 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -58,8 +58,8 @@ Things we'd like to do in 0.2.0.x:
         - Revised handshake.
         - Have a 'waiting_for_authentication' state.
         - Only do version negotiation if we use the normalized TLS.
-    - Skew issues:
-      - if you load (nick says receive/set/anything) a consensus that's
+    . Skew issues:
+      o if you load (nick says receive/set/anything) a consensus that's
         in the future, then log about skew.
       - should change the "skew complaint" to specify in largest units
         rather than just seconds.
diff --git a/doc/spec/control-spec.txt b/doc/spec/control-spec.txt
index a2826241c3..424deea736 100644
--- a/doc/spec/control-spec.txt
+++ b/doc/spec/control-spec.txt
@@ -1200,12 +1200,14 @@ $Id$
 
      CLOCK_SKEW
        SKEW="+" / "-" SECONDS
-       SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT"
+       SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT" / "CONSENSUS"
          If "SKEW" is present, it's an estimate of how far we are from the
          time declared in the source.  If the source is a DIRSERV, we got
          the current time from a connection to a dirserver.  If the source is
-         a NETWORKSTATUS, we decided we're skewed because we got a
-         networkstatus from far in the future.
+         a NETWORKSTATUS, we decided we're skewed because we got a v2
+         networkstatus from far in the future.  If the source is
+         CONSENSUS, we decided we're skewed because we got a networkstatus
+         consensus from the future.
 
          {Controllers may want to warn the user if the skew is high, or if
          multiple skew messages appear at severity WARN.  Controllers
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 355fac3902..bbcc0ff6d5 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -1235,7 +1235,8 @@ networkstatus_set_current_consensus(const char *consensus, int from_cache,
   }
 
   if (current_consensus && c->valid_after <= current_consensus->valid_after) {
-    /* We have a newer one. */
+    /* We have a newer one.  There's no point in accepting this one,
+     * even if it's great. */
     log_info(LD_DIR, "Got a consensus at least as old as the one we have");
     goto done;
   }
@@ -1284,9 +1285,6 @@ networkstatus_set_current_consensus(const char *consensus, int from_cache,
     }
   }
 
-  /* XXXX020 check dates for plausibility.  Don't trust a consensus whose
-   * valid-after date is very far in the future. */
-
   /* Are we missing any certificates at all? */
   if (r != 1)
     authority_certs_fetch_missing(c, now);
@@ -1330,6 +1328,15 @@ networkstatus_set_current_consensus(const char *consensus, int from_cache,
     dirserv_set_cached_networkstatus_v3(consensus,
                                         current_consensus->valid_after);
 
+  if (ftime_definitely_before(now, current_consensus->valid_after)) {
+    char buf[ISO_TIME_LEN+1];
+    format_iso_time(buf, current_consensus->valid_after);
+    log_warn(LD_GENERAL, "Consensus network status document was published "
+             "at some time in the future (%s GMT).  Check your time and date "
+             "settings!", buf);
+    control_event_general_status(LOG_WARN, "CLOCK_SKEW SOURCE=CONSENSUS");
+  }
+
   router_dir_info_changed();
 
   result = 0;