When there's no concensus, we were forming a vote every 30

minutes, but writing the "valid-after" line in our vote based
on our configured V3AuthVotingInterval: so unless the intervals
matched up, we immediately rejected our own vote because it didn't
start at the voting interval that caused us to construct a vote.

This caused log entries like:

Oct 23 01:16:16.303 [notice] Choosing expected valid-after time
as 2007-10-23 05:30:00: consensus_set=0, interval=1800
...
Oct 23 01:20:01.203 [notice] Choosing valid-after time in vote as
2007-10-23 06:00:00: consensus_set=0, interval=3600
Oct 23 01:20:01.290 [warn] Rejecting vote with valid-after time of
2007-10-23 06:00:00; we were expecting 2007-10-23 05:30:00
Oct 23 01:20:01.291 [warn] Couldn't store my own vote! (I told
myself, 'Bad valid-after time'.)

Nick, you should look at this, as it's your design. :)


svn:r12129

ChangeLog

@@ -74,6 +74,11 @@ Changes in version 0.2.0.9-alpha - 2007-10-??
     - Distinguish between detached signatures for the wrong period, and
       detached signatures for a divergent vote.
     - Fix a small memory leak when computing a consensus.
+    - When there's no concensus, we were forming a vote every 30
+      minutes, but writing the "valid-after" line in our vote based
+      on our configured V3AuthVotingInterval: so unless the intervals
+      matched up, we immediately rejected our own vote because it didn't
+      start at the voting interval that caused us to construct a vote.
 
   o Minor bugfixes (v3 directory protocol):
     - Delete unverified-consensus when the real consensus is set.

src/or/dirserv.c

@@ -1969,18 +1969,18 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
     char tbuf[ISO_TIME_LEN+1];
     networkstatus_vote_t *current_consensus =
       networkstatus_get_live_consensus(now);
-    time_t consensus_interval;
+    time_t last_consensus_interval; /* only used to pick a valid_after */
     if (current_consensus)
-      consensus_interval = current_consensus->fresh_until -
+      last_consensus_interval = current_consensus->fresh_until -
         current_consensus->valid_after;
     else
-      consensus_interval = timing.vote_interval;
+      last_consensus_interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS;
     v3_out->valid_after =
-      dirvote_get_start_of_next_interval(now, consensus_interval);
+      dirvote_get_start_of_next_interval(now, last_consensus_interval);
     format_iso_time(tbuf, v3_out->valid_after);
     log_notice(LD_DIR,"Choosing valid-after time in vote as %s: "
-               "consensus_set=%d, interval=%d",
-               tbuf, current_consensus?1:0, (int)consensus_interval);
+               "consensus_set=%d, last_interval=%d",
+               tbuf, current_consensus?1:0, (int)last_consensus_interval);
   }
   v3_out->fresh_until = v3_out->valid_after + timing.vote_interval;
   v3_out->valid_until = v3_out->valid_after +

src/or/dirvote.c

@@ -1217,7 +1217,7 @@ dirvote_recalculate_timing(or_options_t *options, time_t now)
     vote_delay = consensus->vote_seconds;
     dist_delay = consensus->dist_seconds;
   } else {
-    interval = 30*60;
+    interval = DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS;
     vote_delay = dist_delay = 300;
   }
 

src/or/or.h

@@ -2907,6 +2907,9 @@ cached_dir_t *new_cached_dir(char *s, time_t published);
 /** Smallest allowable voting interval. */
 #define MIN_VOTE_INTERVAL 300
 
+/** If there is no consensus, what interval do we default to? */
+#define DEFAULT_VOTING_INTERVAL_WHEN_NO_CONSENSUS (30*60)
+
 void dirvote_free_all(void);
 
 /* vote manipulation */