Opened 15 months ago

Closed 7 weeks ago

#20942 closed enhancement (fixed)

Make consensus expiry tolerance for fallbacks lower when the stale consensus bug is fixed

Reported by: teor Owned by: teor
Priority: Medium Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Fallback Scripts Version:
Severity: Normal Keywords: fallback, review-group-28
Cc: Actual Points: 0.1
Parent ID: #22271 Points: 0.1
Reviewer: pastly Sponsor:


When #20909 is fixed, make CONSENSUS_EXPIRY_TOLERANCE in scripts/maint/ lower than 24 hours:

  • In update_consensus_networkstatus_fetch_time_impl, directory mirrors download consensuses between 2 and 90 minutes after they are created. So the tolerance can be as low as -90.
  • In networkstatus_get_reasonably_live_consensus, REASONABLY_LIVE_TIME is 24 hours after consensus expiry, so the tolerance must not be higher than 24 hours.
  • Relay clocks are allowed to drift 12 hours ahead, and 24 hours behind. So it might be reasonable to have the tolerance be 0, or a slightly positive value.

If 0.2.9 is released without #20909 being fixed, wait until most clients are on 0.3.0 before making this change.

Child Tickets

Change History (11)

comment:1 Changed 15 months ago by nickm

Component: Core Tor/TorCore Tor/Fallback Scripts
Milestone: Tor: 0.3.0.x-final
Owner: set to teor

Batch-move tickets into a new component, and remove them from maint-0.3.0.

I'm doing this as a separate component, after discussion with teor, mainly because development here seems to be decoupled from development on tor itself: they don't need to have the same release schedules, for example.

comment:2 Changed 9 months ago by teor

Milestone: Tor: 0.3.2.x-final
Parent ID: #22271

We should do this in 0.3.2, because all affected versions will be rejected by authorities running the upcoming,, and versions.

comment:3 Changed 5 months ago by teor

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

I'm not going to get time to do these in 0.3.2.
Moving them to 0.3.3.

comment:4 Changed 2 months ago by ingoglia.osource@…

Here is the diff for changing the CONSENSUS_EXPIRY_TOLERANCE to 0:

diff --git a/scripts/maint/ b/scripts/maint/
index 82a60420b..cfd72c87d 100755
--- a/scripts/maint/
+++ b/scripts/maint/
@@ -102,7 +102,7 @@ DOWNLOAD_MICRODESC_CONSENSUS = True
 # and later deliver stale consensuses, but typically recover
 # after ~12 hours.
 # We should make this lower when #20909 is fixed, see #20942.
 # Output fallback name, flags, bandwidth, and ContactInfo in a C comment?

Edit: quote diff

Last edited 2 months ago by teor (previous) (diff)

comment:5 Changed 2 months ago by teor

Status: newneeds_revision

This branch is now in as bug20942.

I will take it and add a changes file and a comment, and credit "minik".

comment:6 Changed 2 months ago by teor

Actual Points: 0.1
Status: needs_revisionneeds_review

Please see my branch bug20942, which includes minik's commit, and a commit that updates the comment in the script, and adds a changes file.

Thanks for the branch, minik!

comment:7 Changed 7 weeks ago by nickm

Keywords: review-group-28 added

comment:8 Changed 7 weeks ago by pastly

Status: needs_reviewmerge_ready

Code looks fine.

If we need to test the wisdom of this change but running the script, don't merge yet.

comment:9 Changed 7 weeks ago by teor

This code is now in my branch fallback-code-2018-01 at

comment:10 Changed 7 weeks ago by teor

Reviewer: pastly

pastly reviewed all of these

comment:11 Changed 7 weeks ago by teor

Resolution: fixed
Status: merge_readyclosed

This branch has been merged, so these tickets are now implemented,

Note: See TracTickets for help on using tickets.