summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAlexander Færøy <ahf@torproject.org>2017-03-17 05:27:31 +0100
committerNick Mathewson <nickm@torproject.org>2017-03-17 11:15:43 -0400
commit946ccf3e4de883b98aa62666b8a5bdc3eb535447 (patch)
tree3430cca1257cd6207352500e6a85f1f593c7a075 /src
parent853b54dea4c56ea2913caf58ad6d337502b18b91 (diff)
downloadtor-946ccf3e4de883b98aa62666b8a5bdc3eb535447.tar.gz
tor-946ccf3e4de883b98aa62666b8a5bdc3eb535447.zip
Check onion key consensus parameters every hour.
This patch changes the way we decide when to check for whether it's time to rotate and/or expiry our onion keys. Due to proposal #274 we can now have the keys rotate at different frequencies than before and we thus do the check once an hour when our Tor daemon is running in server mode. This should allow us to quickly notice if the network consensus parameter have changed while we are running instead of having to wait until the current parameters timeout value have passed. See: See: https://bugs.torproject.org/21641
Diffstat (limited to 'src')
-rw-r--r--src/or/main.c11
-rw-r--r--src/or/or.h4
2 files changed, 8 insertions, 7 deletions
diff --git a/src/or/main.c b/src/or/main.c
index d24c674ba3..f8df5d3b9f 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -1485,7 +1485,7 @@ rotate_onion_key_callback(time_t now, const or_options_t *options)
int onion_key_lifetime = get_onion_key_lifetime();
time_t rotation_time = get_onion_key_set_at()+onion_key_lifetime;
if (rotation_time > now) {
- return safe_timer_diff(now, rotation_time);
+ return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
}
log_info(LD_GENERAL,"Rotating onion key.");
@@ -1496,7 +1496,7 @@ rotate_onion_key_callback(time_t now, const or_options_t *options)
}
if (advertised_server_mode() && !options->DisableNetwork)
router_upload_dir_desc_to_dirservers(0);
- return onion_key_lifetime;
+ return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
}
return PERIODIC_EVENT_NO_UPDATE;
}
@@ -1512,17 +1512,14 @@ check_onion_keys_expiry_time_callback(time_t now, const or_options_t *options)
if (server_mode(options)) {
int onion_key_grace_period = get_onion_key_grace_period();
time_t expiry_time = get_onion_key_set_at()+onion_key_grace_period;
-
if (expiry_time > now) {
- return safe_timer_diff(now, expiry_time);
+ return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
}
log_info(LD_GENERAL, "Expiring old onion keys.");
-
expire_old_onion_keys();
cpuworkers_rotate_keyinfo();
-
- return onion_key_grace_period;
+ return ONION_KEY_CONSENSUS_CHECK_INTERVAL;
}
return PERIODIC_EVENT_NO_UPDATE;
diff --git a/src/or/or.h b/src/or/or.h
index 1c4e24ea4a..855b234584 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -164,6 +164,10 @@
/** Default grace period for acceptance of an onion key in days. */
#define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)
+/** How often we should check the network consensus if it is time to rotate or
+ * expire onion keys. */
+#define ONION_KEY_CONSENSUS_CHECK_INTERVAL (60*60)
+
/** How often do we rotate TLS contexts? */
#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)