summaryrefslogtreecommitdiff
path: root/src/or/circuitbuild.c
diff options
context:
space:
mode:
authorMike Perry <mikeperry-git@fscked.org>2010-05-07 15:42:57 -0700
committerMike Perry <mikeperry-git@fscked.org>2010-05-10 13:11:46 -0700
commit728e946efd87d5cd0a9ff073eeeb7b4fe9c3c0db (patch)
tree29c64c0dc8fd688ee9a67c8f1622eb1cb608360c /src/or/circuitbuild.c
parente40e35507e91e8724a37ef2e6bf5828025f2dbe5 (diff)
downloadtor-728e946efd87d5cd0a9ff073eeeb7b4fe9c3c0db.tar.gz
tor-728e946efd87d5cd0a9ff073eeeb7b4fe9c3c0db.zip
Bug 1245: Ignore negative and large timeouts.
This should prevent some asserts and storage of incorrect build times for the cases where Tor is suspended during a circuit construction, or just after completing a circuit. The idea is that if the circuit build time is much greater than we would have cut it off at, we probably had a suspend event along this codepath, and we should discard the value.
Diffstat (limited to 'src/or/circuitbuild.c')
-rw-r--r--src/or/circuitbuild.c22
1 files changed, 15 insertions, 7 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index d597b752ad..0840e304f1 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -308,9 +308,9 @@ circuit_build_times_rewind_history(circuit_build_times_t *cbt, int n)
int
circuit_build_times_add_time(circuit_build_times_t *cbt, build_time_t time)
{
- tor_assert(time <= CBT_BUILD_TIME_MAX);
- if (time <= 0) {
+ if (time <= 0 || time > CBT_BUILD_TIME_MAX) {
log_warn(LD_CIRC, "Circuit build time is %u!", time);
+ tor_fragile_assert();
return -1;
}
@@ -1760,11 +1760,19 @@ circuit_send_next_onion_skin(origin_circuit_t *circ)
long timediff;
tor_gettimeofday(&end);
timediff = tv_mdiff(&circ->_base.highres_created, &end);
- if (timediff > INT32_MAX)
- timediff = INT32_MAX;
- circuit_build_times_add_time(&circ_times, (build_time_t)timediff);
- circuit_build_times_network_circ_success(&circ_times);
- circuit_build_times_set_timeout(&circ_times);
+ /*
+ * If the circuit build time is much greater than we would have cut
+ * it off at, we probably had a suspend event along this codepath,
+ * and we should discard the value.
+ */
+ if (timediff < 0 || timediff > 2*circ_times.timeout_ms+1000) {
+ log_notice(LD_CIRC, "Strange value for circuit build time: %ld. "
+ "Assuming clock jump.", timediff);
+ } else {
+ circuit_build_times_add_time(&circ_times, (build_time_t)timediff);
+ circuit_build_times_network_circ_success(&circ_times);
+ circuit_build_times_set_timeout(&circ_times);
+ }
}
log_info(LD_CIRC,"circuit built!");
circuit_reset_failure_count(0);