[tor-commits] [tor/master] Refactor clock skew warning code to avoid duplication
nickm at torproject.org
nickm at torproject.org
Fri Dec 11 00:54:16 UTC 2015
commit d68b7fd4422f6ea1cad18a26b6a46b61bc182285
Author: Arlo Breault <arlolra at gmail.com>
Date: Tue Dec 8 11:32:29 2015 -0800
Refactor clock skew warning code to avoid duplication
---
src/or/channeltls.c | 27 +++------------------------
src/or/connection.c | 30 ++++++++++++++++++++++++++++++
src/or/connection.h | 4 ++++
src/or/directory.c | 25 ++++++-------------------
src/or/statefile.c | 16 +++++-----------
5 files changed, 48 insertions(+), 54 deletions(-)
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index c90f569..f0333e8 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1663,30 +1663,9 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
#define NETINFO_NOTICE_SKEW 3600
if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
router_get_by_id_digest(chan->conn->identity_digest)) {
- char dbuf[64];
- int severity;
- /*XXXX be smarter about when everybody says we are skewed. */
- if (router_digest_is_trusted_dir(chan->conn->identity_digest))
- severity = LOG_WARN;
- else
- severity = LOG_INFO;
- format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
- log_fn(severity, LD_GENERAL,
- "Received NETINFO cell with skewed time from "
- "server at %s:%d. It seems that our clock is %s by %s, or "
- "that theirs is %s. Tor requires an accurate clock to work: "
- "please check your time and date settings.",
- chan->conn->base_.address,
- (int)(chan->conn->base_.port),
- apparent_skew > 0 ? "ahead" : "behind",
- dbuf,
- apparent_skew > 0 ? "behind" : "ahead");
- if (severity == LOG_WARN) /* only tell the controller if an authority */
- control_event_general_status(LOG_WARN,
- "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
- apparent_skew,
- chan->conn->base_.address,
- chan->conn->base_.port);
+ int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest);
+ clock_skew_warning(TO_CONN(chan->conn), apparent_skew, trusted, LD_GENERAL,
+ "NETINFO cell", "OR");
}
/* XXX maybe act on my_apparent_addr, if the source is sufficiently
diff --git a/src/or/connection.c b/src/or/connection.c
index 4e39832..7b8cc6b 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -5018,3 +5018,33 @@ connection_free_all(void)
#endif
}
+/** Log a warning, and possibly emit a control event, that <b>received</b> came
+ * at a skewed time. <b>trusted</b> indicates that the <b>source</b> was one
+ * that we had more faith in and therefore the warning level should have higher
+ * severity.
+ */
+void
+clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted,
+ log_domain_mask_t domain, const char *received,
+ const char *source)
+{
+ char dbuf[64];
+ char *ext_source = NULL;
+ format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
+ if (conn)
+ tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
+ else
+ ext_source = tor_strdup(source);
+ log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
+ "Received %s with skewed time (%s): "
+ "It seems that our clock is %s by %s, or that theirs is %s%s. "
+ "Tor requires an accurate clock to work: please check your time, "
+ "timezone, and date settings.", received, ext_source,
+ apparent_skew > 0 ? "ahead" : "behind", dbuf,
+ apparent_skew > 0 ? "behind" : "ahead",
+ (!conn || trusted) ? "" : ", or they are sending us the wrong time");
+ if (trusted)
+ control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
+ apparent_skew, ext_source);
+ tor_free(ext_source);
+}
diff --git a/src/or/connection.h b/src/or/connection.h
index b6ff3d7..48929c3 100644
--- a/src/or/connection.h
+++ b/src/or/connection.h
@@ -210,6 +210,10 @@ int connection_or_nonopen_was_started_here(or_connection_t *conn);
void connection_dump_buffer_mem_stats(int severity);
void remove_file_if_very_old(const char *fname, time_t now);
+void clock_skew_warning(const connection_t *conn, long apparent_skew,
+ int trusted, log_domain_mask_t domain,
+ const char *received, const char *source);
+
#ifdef USE_BUFFEREVENTS
int connection_type_uses_bufferevent(connection_t *conn);
void connection_configure_bufferevent_callbacks(connection_t *conn);
diff --git a/src/or/directory.c b/src/or/directory.c
index 0a09e83..4e5644b 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -1595,7 +1595,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
size_t body_len = 0, orig_len = 0;
int status_code;
time_t date_header = 0;
- long delta;
+ long apparent_skew;
compress_method_t compression;
int plausible;
int skewed = 0;
@@ -1654,28 +1654,15 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
* and the date header. (We used to check now-date_header, but that's
* inaccurate if we spend a lot of time downloading.)
*/
- delta = conn->base_.timestamp_lastwritten - date_header;
- if (labs(delta)>ALLOW_DIRECTORY_TIME_SKEW) {
- char dbuf[64];
+ apparent_skew = conn->base_.timestamp_lastwritten - date_header;
+ if (labs(apparent_skew)>ALLOW_DIRECTORY_TIME_SKEW) {
int trusted = router_digest_is_trusted_dir(conn->identity_digest);
- format_time_interval(dbuf, sizeof(dbuf), delta);
- log_fn(trusted ? LOG_WARN : LOG_INFO,
- LD_HTTP,
- "Received directory with skewed time (server '%s:%d'): "
- "It seems that our clock is %s by %s, or that theirs is %s. "
- "Tor requires an accurate clock to work: please check your time, "
- "timezone, and date settings.",
- conn->base_.address, conn->base_.port,
- delta>0 ? "ahead" : "behind", dbuf,
- delta>0 ? "behind" : "ahead");
+ clock_skew_warning(TO_CONN(conn), apparent_skew, trusted, LD_HTTP,
+ "directory", "DIRSERV");
skewed = 1; /* don't check the recommended-versions line */
- if (trusted)
- control_event_general_status(LOG_WARN,
- "CLOCK_SKEW SKEW=%ld SOURCE=DIRSERV:%s:%d",
- delta, conn->base_.address, conn->base_.port);
} else {
log_debug(LD_HTTP, "Time on received directory is within tolerance; "
- "we are %ld seconds skewed. (That's okay.)", delta);
+ "we are %ld seconds skewed. (That's okay.)", apparent_skew);
}
}
(void) skewed; /* skewed isn't used yet. */
diff --git a/src/or/statefile.c b/src/or/statefile.c
index 7481cd7..7fe8dc5 100644
--- a/src/or/statefile.c
+++ b/src/or/statefile.c
@@ -9,6 +9,7 @@
#include "circuitstats.h"
#include "config.h"
#include "confparse.h"
+#include "connection.h"
#include "entrynodes.h"
#include "hibernate.h"
#include "rephist.h"
@@ -374,17 +375,10 @@ or_state_load(void)
log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
/* Warn the user if their clock has been set backwards,
* they could be tricked into using old consensuses */
- if (new_state->LastWritten > time(NULL)) {
- char last_written_str[ISO_TIME_LEN+1];
- char now_str[ISO_TIME_LEN+1];
- format_iso_time(last_written_str, new_state->LastWritten),
- format_iso_time(now_str, time(NULL));
- log_warn(LD_GENERAL, "Your system clock has been set back in time. "
- "Tor needs an accurate clock to know when the consensus "
- "expires. You might have an empty clock battery or bad NTP "
- "server. Clock time is %s, state file time is %s.",
- now_str, last_written_str);
- }
+ time_t apparent_skew = new_state->LastWritten - time(NULL);
+ if (apparent_skew > 0)
+ clock_skew_warning(NULL, (long)apparent_skew, 1, LD_GENERAL,
+ "local state file", fname);
} else {
log_info(LD_GENERAL, "Initialized state");
}
More information about the tor-commits
mailing list