Teach DirMgr to use slightly untimely directories
In tor we've found it important to actually accept consensus documents that are slightly expired, or not quite yet valid. This serves two purposes:
- It makes us a little more tolerant of clients with clock skew.
- It makes us able to tolerate a failure condition in which authorities aren't able to reach a consensus for a while.
We've actually hit the second case in the past, and nearly run out tor's 24-hour limit, so I'm taking a better limit from proposal 212.
Making this change required some follow-on changes in how we compute bootstrapped-status, how old of a directory we're willing to ask for, and how we do reset times.
Closes #412 (closed). Closes #467 (closed).
Assigning to @eta for review since she's been wrangling this code most recently.
Merge request reports
Activity
requested review from @eta
assigned to @nickm
mentioned in merge request !501 (merged)
942 942 Weak::upgrade(weak).ok_or(Error::ManagerDropped) 943 943 } 944 944 945 /// At most how much age can we tolerate in a consensus? 946 /// 947 /// TODO: Make this public and/or use it elsewhere; see arti#412. 948 const CONSENSUS_ALLOW_SKEW: Duration = Duration::from_secs(3600 * 48); 949 950 945 /// Given a time `now`, return the age of the oldest consensus that we should 951 946 /// request at that time. 952 pub(crate) fn default_consensus_cutoff(now: SystemTime) -> Result<SystemTime> { 953 let cutoff = time::OffsetDateTime::from(now - CONSENSUS_ALLOW_SKEW); 947 /// 948 /// DOCDOC allow_skew. changed this line in version 2 of the diff
enabled an automatic merge when the pipeline for 24c7dea3 succeeds
mentioned in commit 2a5ee2c8
