Loading changes/bug24977 0 → 100644 +5 −0 Original line number Diff line number Diff line o Minor bugfixes (onion services): - Recompute some consensus information after clock skews or when we transition from a non-live consensus to a live consensus. We do this to avoid having an outdated state which could impact next-generation onion services. Fixes bug 24977; bugfix on 0.3.2.1-alpha. src/or/hs_common.c +11 −6 Original line number Diff line number Diff line Loading @@ -1338,15 +1338,20 @@ hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, sorted_nodes = smartlist_new(); /* Add every node_t that support HSDir v3 for which we do have a valid * hsdir_index already computed for them for this consensus. */ { networkstatus_t *c = networkstatus_get_latest_consensus(); /* Make sure we actually have a live consensus */ networkstatus_t *c = networkstatus_get_live_consensus(approx_time()); if (!c || smartlist_len(c->routerstatus_list) == 0) { log_warn(LD_REND, "No valid consensus so we can't get the responsible " log_warn(LD_REND, "No live consensus so we can't get the responsible " "hidden service directories."); goto done; } /* Ensure the nodelist is fresh, since it contains the HSDir indices. */ nodelist_ensure_freshness(c); /* Add every node_t that support HSDir v3 for which we do have a valid * hsdir_index already computed for them for this consensus. */ { SMARTLIST_FOREACH_BEGIN(c->routerstatus_list, const routerstatus_t *, rs) { /* Even though this node_t object won't be modified and should be const, * we can't add const object in a smartlist_t. */ Loading src/or/nodelist.c +30 −0 Original line number Diff line number Diff line Loading @@ -121,6 +121,11 @@ typedef struct nodelist_t { /* Set of addresses that belong to nodes we believe in. */ address_set_t *node_addrs; /* The valid-after time of the last live consensus that initialized the * nodelist. We use this to detect outdated nodelists that need to be * rebuilt using a newer consensus. */ time_t live_consensus_valid_after; } nodelist_t; static inline unsigned int Loading Loading @@ -638,6 +643,12 @@ nodelist_set_consensus(networkstatus_t *ns) } } SMARTLIST_FOREACH_END(node); } /* If the consensus is live, note down the consensus valid-after that formed * the nodelist. */ if (networkstatus_is_live(ns, approx_time())) { the_nodelist->live_consensus_valid_after = ns->valid_after; } } /** Return 1 iff <b>node</b> has Exit flag and no BadExit flag. Loading Loading @@ -871,6 +882,25 @@ nodelist_assert_ok(void) digestmap_free(dm, NULL); } /** Ensure that the nodelist has been created with the most recent consensus. * If that's not the case, make it so. */ void nodelist_ensure_freshness(networkstatus_t *ns) { tor_assert(ns); /* We don't even have a nodelist: this is a NOP. */ if (!the_nodelist) { return; } if (the_nodelist->live_consensus_valid_after != ns->valid_after) { log_info(LD_GENERAL, "Nodelist was not fresh: rebuilding. (%d / %d)", (int) the_nodelist->live_consensus_valid_after, (int) ns->valid_after); nodelist_set_consensus(ns); } } /** Return a list of a node_t * for every node we know about. The caller * MUST NOT modify the list. (You can set and clear flags in the nodes if * you must, but you must not add or remove nodes.) */ Loading src/or/nodelist.h +1 −0 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ const node_t *node_get_by_hex_id(const char *identity_digest, node_t *nodelist_set_routerinfo(routerinfo_t *ri, routerinfo_t **ri_old_out); node_t *nodelist_add_microdesc(microdesc_t *md); void nodelist_set_consensus(networkstatus_t *ns); void nodelist_ensure_freshness(networkstatus_t *ns); int nodelist_probably_contains_address(const tor_addr_t *addr); void nodelist_remove_microdesc(const char *identity_digest, microdesc_t *md); Loading src/or/voting_schedule.c +25 −1 Original line number Diff line number Diff line Loading @@ -85,6 +85,10 @@ get_voting_schedule(const or_options_t *options, time_t now, int severity) interval = (int)( consensus->fresh_until - consensus->valid_after ); vote_delay = consensus->vote_seconds; dist_delay = consensus->dist_seconds; /* Note down the consensus valid after, so that we detect outdated voting * schedules in case of skewed clocks etc. */ new_voting_schedule->live_consensus_valid_after = consensus->valid_after; } else { interval = options->TestingV3AuthInitialVotingInterval; vote_delay = options->TestingV3AuthInitialVoteDelay; Loading Loading @@ -140,14 +144,34 @@ voting_schedule_t voting_schedule; time_t voting_schedule_get_next_valid_after_time(void) { time_t now = approx_time(); bool need_to_recalculate_voting_schedule = false; /* This is a safe guard in order to make sure that the voting schedule * static object is at least initialized. Using this function with a zeroed * voting schedule can lead to bugs. */ if (tor_mem_is_zero((const char *) &voting_schedule, sizeof(voting_schedule))) { voting_schedule_recalculate_timing(get_options(), time(NULL)); need_to_recalculate_voting_schedule = true; goto done; /* no need for next check if we have to recalculate anyway */ } /* Also make sure we are not using an outdated voting schedule. If we have a * newer consensus, make sure we recalculate the voting schedule. */ const networkstatus_t *ns = networkstatus_get_live_consensus(now); if (ns && ns->valid_after != voting_schedule.live_consensus_valid_after) { log_info(LD_DIR, "Voting schedule is outdated: recalculating (%d/%d)", (int) ns->valid_after, (int) voting_schedule.live_consensus_valid_after); need_to_recalculate_voting_schedule = true; } done: if (need_to_recalculate_voting_schedule) { voting_schedule_recalculate_timing(get_options(), now); voting_schedule.created_on_demand = 1; } return voting_schedule.interval_starts; } Loading Loading
changes/bug24977 0 → 100644 +5 −0 Original line number Diff line number Diff line o Minor bugfixes (onion services): - Recompute some consensus information after clock skews or when we transition from a non-live consensus to a live consensus. We do this to avoid having an outdated state which could impact next-generation onion services. Fixes bug 24977; bugfix on 0.3.2.1-alpha.
src/or/hs_common.c +11 −6 Original line number Diff line number Diff line Loading @@ -1338,15 +1338,20 @@ hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, sorted_nodes = smartlist_new(); /* Add every node_t that support HSDir v3 for which we do have a valid * hsdir_index already computed for them for this consensus. */ { networkstatus_t *c = networkstatus_get_latest_consensus(); /* Make sure we actually have a live consensus */ networkstatus_t *c = networkstatus_get_live_consensus(approx_time()); if (!c || smartlist_len(c->routerstatus_list) == 0) { log_warn(LD_REND, "No valid consensus so we can't get the responsible " log_warn(LD_REND, "No live consensus so we can't get the responsible " "hidden service directories."); goto done; } /* Ensure the nodelist is fresh, since it contains the HSDir indices. */ nodelist_ensure_freshness(c); /* Add every node_t that support HSDir v3 for which we do have a valid * hsdir_index already computed for them for this consensus. */ { SMARTLIST_FOREACH_BEGIN(c->routerstatus_list, const routerstatus_t *, rs) { /* Even though this node_t object won't be modified and should be const, * we can't add const object in a smartlist_t. */ Loading
src/or/nodelist.c +30 −0 Original line number Diff line number Diff line Loading @@ -121,6 +121,11 @@ typedef struct nodelist_t { /* Set of addresses that belong to nodes we believe in. */ address_set_t *node_addrs; /* The valid-after time of the last live consensus that initialized the * nodelist. We use this to detect outdated nodelists that need to be * rebuilt using a newer consensus. */ time_t live_consensus_valid_after; } nodelist_t; static inline unsigned int Loading Loading @@ -638,6 +643,12 @@ nodelist_set_consensus(networkstatus_t *ns) } } SMARTLIST_FOREACH_END(node); } /* If the consensus is live, note down the consensus valid-after that formed * the nodelist. */ if (networkstatus_is_live(ns, approx_time())) { the_nodelist->live_consensus_valid_after = ns->valid_after; } } /** Return 1 iff <b>node</b> has Exit flag and no BadExit flag. Loading Loading @@ -871,6 +882,25 @@ nodelist_assert_ok(void) digestmap_free(dm, NULL); } /** Ensure that the nodelist has been created with the most recent consensus. * If that's not the case, make it so. */ void nodelist_ensure_freshness(networkstatus_t *ns) { tor_assert(ns); /* We don't even have a nodelist: this is a NOP. */ if (!the_nodelist) { return; } if (the_nodelist->live_consensus_valid_after != ns->valid_after) { log_info(LD_GENERAL, "Nodelist was not fresh: rebuilding. (%d / %d)", (int) the_nodelist->live_consensus_valid_after, (int) ns->valid_after); nodelist_set_consensus(ns); } } /** Return a list of a node_t * for every node we know about. The caller * MUST NOT modify the list. (You can set and clear flags in the nodes if * you must, but you must not add or remove nodes.) */ Loading
src/or/nodelist.h +1 −0 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ const node_t *node_get_by_hex_id(const char *identity_digest, node_t *nodelist_set_routerinfo(routerinfo_t *ri, routerinfo_t **ri_old_out); node_t *nodelist_add_microdesc(microdesc_t *md); void nodelist_set_consensus(networkstatus_t *ns); void nodelist_ensure_freshness(networkstatus_t *ns); int nodelist_probably_contains_address(const tor_addr_t *addr); void nodelist_remove_microdesc(const char *identity_digest, microdesc_t *md); Loading
src/or/voting_schedule.c +25 −1 Original line number Diff line number Diff line Loading @@ -85,6 +85,10 @@ get_voting_schedule(const or_options_t *options, time_t now, int severity) interval = (int)( consensus->fresh_until - consensus->valid_after ); vote_delay = consensus->vote_seconds; dist_delay = consensus->dist_seconds; /* Note down the consensus valid after, so that we detect outdated voting * schedules in case of skewed clocks etc. */ new_voting_schedule->live_consensus_valid_after = consensus->valid_after; } else { interval = options->TestingV3AuthInitialVotingInterval; vote_delay = options->TestingV3AuthInitialVoteDelay; Loading Loading @@ -140,14 +144,34 @@ voting_schedule_t voting_schedule; time_t voting_schedule_get_next_valid_after_time(void) { time_t now = approx_time(); bool need_to_recalculate_voting_schedule = false; /* This is a safe guard in order to make sure that the voting schedule * static object is at least initialized. Using this function with a zeroed * voting schedule can lead to bugs. */ if (tor_mem_is_zero((const char *) &voting_schedule, sizeof(voting_schedule))) { voting_schedule_recalculate_timing(get_options(), time(NULL)); need_to_recalculate_voting_schedule = true; goto done; /* no need for next check if we have to recalculate anyway */ } /* Also make sure we are not using an outdated voting schedule. If we have a * newer consensus, make sure we recalculate the voting schedule. */ const networkstatus_t *ns = networkstatus_get_live_consensus(now); if (ns && ns->valid_after != voting_schedule.live_consensus_valid_after) { log_info(LD_DIR, "Voting schedule is outdated: recalculating (%d/%d)", (int) ns->valid_after, (int) voting_schedule.live_consensus_valid_after); need_to_recalculate_voting_schedule = true; } done: if (need_to_recalculate_voting_schedule) { voting_schedule_recalculate_timing(get_options(), now); voting_schedule.created_on_demand = 1; } return voting_schedule.interval_starts; } Loading
