If the cached networkstatus consensus is more than five days old,

discard it rather than trying to use it. In theory it could
be useful because it lists alternate directory mirrors, but in
practice it just means we spend many minutes trying directory
mirrors that are long gone from the network. Helps bug 887 a bit;
bugfix on 0.2.0.x.


svn:r17917

3 files changed, 23 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 8b64bd0a3d..a3a180ffcf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,12 @@
 Changes in version 0.2.1.10-alpha - 2009-01-??
+  o Major bugfixes:
+    - If the cached networkstatus consensus is more than five days old,
+      discard it rather than trying to use it. In theory it could
+      be useful because it lists alternate directory mirrors, but in
+      practice it just means we spend many minutes trying directory
+      mirrors that are long gone from the network. Helps bug 887 a bit;
+      bugfix on 0.2.0.x.
+
   o Minor features:
     - New controller event "clients_seen" to report a geoip-based summary
       of which countries we've seen clients from recently. Now controllers
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index e942567403..0290832c3a 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -211,7 +211,8 @@ router_reload_consensus_networkstatus(void)
     s = read_file_to_str(options->FallbackNetworkstatusFile,
                          RFTS_IGNORE_MISSING, NULL);
     if (s) {
-      if (networkstatus_set_current_consensus(s, flags)) {
+      if (networkstatus_set_current_consensus(s,
+                                              flags|NSSET_ACCEPT_OBSOLETE)) {
         log_info(LD_FS, "Couldn't load consensus networkstatus from \"%s\"",
                  options->FallbackNetworkstatusFile);
       } else {
@@ -1371,6 +1372,8 @@ networkstatus_copy_old_consensus_info(networkstatus_t *new_c,
  * cache.  If flags & NSSET_WAS_WAITING_FOR_CERTS, this networkstatus was
  * already received, but we were waiting for certificates on it.  If flags &
  * NSSET_DONT_DOWNLOAD_CERTS, do not launch certificate downloads as needed.
+ * If flags & NSSET_ACCEPT_OBSOLETE, then we should be willing to take this
+ * consensus, even if it comes from many days in the past.
  *
  * Return 0 on success, <0 on failure.  On failure, caller should increment
  * the failure count as appropriate.
@@ -1388,6 +1391,7 @@ networkstatus_set_current_consensus(const char *consensus, unsigned flags)
   const unsigned from_cache = flags & NSSET_FROM_CACHE;
   const unsigned was_waiting_for_certs = flags & NSSET_WAS_WAITING_FOR_CERTS;
   const unsigned dl_certs = !(flags & NSSET_DONT_DOWNLOAD_CERTS);
+  const unsigned accept_obsolete = flags & NSSET_ACCEPT_OBSOLETE;
 
   /* Make sure it's parseable. */
   c = networkstatus_parse_vote_from_string(consensus, NULL, NS_TYPE_CONSENSUS);
@@ -1397,6 +1401,15 @@ networkstatus_set_current_consensus(const char *consensus, unsigned flags)
     goto done;
   }
 
+  if (from_cache && !accept_obsolete &&
+      c->valid_until < now-OLD_ROUTER_DESC_MAX_AGE) {
+    /* XXX022 when we try to make fallbackconsensus work again, we should
+     * consider taking this out. Until then, believing obsolete consensuses
+     * is causing more harm than good. See also bug 887. */
+    log_info(LD_DIR, "Loaded an obsolete consensus. Discarding.");
+    goto done;
+  }
+
   if (current_consensus &&
       !memcmp(c->networkstatus_digest, current_consensus->networkstatus_digest,
               DIGEST_LEN)) {
diff --git a/src/or/or.h b/src/or/or.h
index 2d6fb3e0ef..765669aa2e 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3758,6 +3758,7 @@ networkstatus_t *networkstatus_get_reasonably_live_consensus(time_t now);
 #define NSSET_FROM_CACHE 1
 #define NSSET_WAS_WAITING_FOR_CERTS 2
 #define NSSET_DONT_DOWNLOAD_CERTS 4
+#define NSSET_ACCEPT_OBSOLETE 8
 int networkstatus_set_current_consensus(const char *consensus, unsigned flags);
 void networkstatus_note_certs_arrived(void);
 void routers_update_all_from_networkstatus(time_t now, int dir_version);