diff options
| author | George Kadianakis <desnacked@riseup.net> | 2017-09-12 12:45:27 +0300 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-09-13 14:54:49 -0400 |
| commit | cf8a2b156769023e583b6c6374ac6de0134712f1 (patch) | |
| tree | 5f8dabec5c151cd6b8edb052cc8f52f56f567cf6 /src/or/hs_cache.h | |
| parent | f13ca360c9593fa9dfc94830996329dcb31c2324 (diff) | |
| download | tor-cf8a2b156769023e583b6c6374ac6de0134712f1.tar.gz tor-cf8a2b156769023e583b6c6374ac6de0134712f1.zip | |
prop224: Set stricter expiration time of cached client descriptors.
In #23466 we discovered that cached descriptors can stay around on the
client-side for up to 72 hours. In reality we only want those descs to
get cached for the duration of the current time period, since after that
TP is gone the client needs to compute a new blinded key to use for the HS.
In this commit we start using the consensus time (if available) when
cleaning up cached client descriptor entries. That makes sense because
the client uses consensus time anyway for connecting to hidden
services (e.g. computing blinded keys and time periods).
If no recent consensus is available, we consider descriptors to be
expired since we will want to fetch new ones when we get a live
consensus to avoid the Roger bug. If we didn't do that, when Roger
desuspends his laptop there would be a race between Tor fetching a new
consensus, and Tor connecting to the HS which would still cause
reachability issues.
We also turned a rev counter check into a BUG, since we should never
receive a descriptor with a strictly smaller rev counter than the one we
already have, except if there is a bug or if the HSDir wants to mess
with us. In any case, let's turn this into a BUG so that we can detect
and debug such cases easily.
Diffstat (limited to 'src/or/hs_cache.h')
| -rw-r--r-- | src/or/hs_cache.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/or/hs_cache.h b/src/or/hs_cache.h index 8dbc842b95..a6beaebc10 100644 --- a/src/or/hs_cache.h +++ b/src/or/hs_cache.h @@ -103,8 +103,10 @@ typedef struct hs_cache_client_descriptor_t { /* This object is indexed using the service identity public key */ ed25519_public_key_t key; - /* When was this entry created. Used to expire entries. */ - time_t created_ts; + /* When will this entry expire? We expire cached client descriptors in the + * start of the next time period, since that's when clients need to start + * using the next blinded key of the service. */ + time_t expiration_ts; /* The cached descriptor, this object is the owner. It can't be NULL. A * cache object without a valid descriptor is not possible. */ |