1//! Tools and types for reporting declared clock skew.
23use std::time::{Duration, SystemTime};
45/// A reported amount of clock skew from a relay or other source.
6///
7/// Note that this information may not be accurate or trustworthy: the relay
8/// could be wrong, or lying.
9///
10/// The skews reported here are _minimum_ amounts; the actual skew may
11/// be a little higher, depending on latency.
12#[derive(Copy, Clone, Debug, Eq, PartialEq)]
13#[allow(clippy::exhaustive_enums)]
14pub enum ClockSkew {
15/// Our own clock is "running slow": the relay's clock is at least this far
16 /// ahead of ours.
17Slow(Duration),
18/// Our own clock is not necessarily inconsistent with the relay's clock.
19None,
20/// Own own clock is "running fast": the relay's clock is at least this far
21 /// behind ours.
22Fast(Duration),
23}
2425/// We treat clock skew as "zero" if it less than this long.
26///
27/// (Since the relay only reports its time to the nearest second, we
28/// can't reasonably infer that differences less than this much reflect
29/// accurate differences in our clocks.)
30const MIN: Duration = Duration::from_secs(2);
3132impl ClockSkew {
33/// Construct a ClockSkew from a set of channel handshake timestamps.
34 ///
35 /// Requires that `ours_at_start` is the timestamp at the point when we
36 /// started the handshake, `theirs` is the timestamp the relay reported in
37 /// its NETINFO cell, and `delay` is the total amount of time between when
38 /// we started the handshake and when we received the NETINFO cell.
39pub(crate) fn from_handshake_timestamps(
40 ours_at_start: SystemTime,
41 theirs: SystemTime,
42 delay: Duration,
43 ) -> Self {
44// The relay may have generated its own timestamp any time between when
45 // we sent the handshake, and when we got the reply. Therefore, at the
46 // time we started, it was between these values.
47let theirs_at_start_min = theirs - delay;
48let theirs_at_start_max = theirs;
4950if let Ok(skew) = theirs_at_start_min.duration_since(ours_at_start) {
51 ClockSkew::Slow(skew).if_above(MIN)
52 } else if let Ok(skew) = ours_at_start.duration_since(theirs_at_start_max) {
53 ClockSkew::Fast(skew).if_above(MIN)
54 } else {
55// Either there is no clock skew, or we can't detect any.
56ClockSkew::None
57 }
58 }
5960/// Return the magnitude of this clock skew.
61pub fn magnitude(&self) -> Duration {
62match self {
63 ClockSkew::Slow(d) => *d,
64 ClockSkew::None => Duration::from_secs(0),
65 ClockSkew::Fast(d) => *d,
66 }
67 }
6869/// Return this clock skew as a signed number of seconds, with slow values
70 /// treated as negative and fast values treated as positive.
71pub fn as_secs_f64(&self) -> f64 {
72match self {
73 ClockSkew::Slow(d) => -d.as_secs_f64(),
74 ClockSkew::None => 0.0,
75 ClockSkew::Fast(d) => d.as_secs_f64(),
76 }
77 }
7879/// Return a clock skew computed from a signed number of seconds.
80 ///
81 /// Returns None if the value is degenerate.
82pub fn from_secs_f64(seconds: f64) -> Option<Self> {
83use std::num::FpCategory;
84let max_seconds = Duration::MAX.as_secs_f64();
8586// I dislike working with floating point, and I dislike the current lack
87 // of Duration::try_from_secs_f64() in stable Rust. Look what they made
88 // me do!
89match seconds.classify() {
90 FpCategory::Nan => None,
91 FpCategory::Zero | FpCategory::Subnormal => Some(ClockSkew::None),
92 FpCategory::Normal | FpCategory::Infinite => Some(if seconds <= -max_seconds {
93 ClockSkew::Slow(Duration::MAX)
94 } else if seconds < 0.0 {
95 ClockSkew::Slow(Duration::from_secs_f64(-seconds)).if_above(MIN)
96 } else if seconds < max_seconds {
97 ClockSkew::Fast(Duration::from_secs_f64(seconds)).if_above(MIN)
98 } else {
99 ClockSkew::Fast(Duration::MAX)
100 }),
101 }
102 }
103104/// Return this value if it is greater than `min`; otherwise return None.
105pub fn if_above(self, min: Duration) -> Self {
106if self.magnitude() > min {
107self
108} else {
109 ClockSkew::None
110 }
111 }
112113/// Return true if we're estimating any skew.
114pub fn is_skewed(&self) -> bool {
115 !matches!(self, ClockSkew::None)
116 }
117}
118119impl Ord for ClockSkew {
120fn cmp(&self, other: &Self) -> std::cmp::Ordering {
121use std::cmp::Ordering::*;
122use ClockSkew::*;
123match (self, other) {
124// This is the reason we need to define this ordering rather than
125 // deriving it: we want clock skews to sort by their signed distance
126 // from the current time.
127(Slow(a), Slow(b)) => a.cmp(b).reverse(),
128 (Slow(_), _) => Less,
129130 (None, None) => Equal,
131 (None, Slow(_)) => Greater,
132 (None, Fast(_)) => Less,
133134 (Fast(a), Fast(b)) => a.cmp(b),
135 (Fast(_), _) => Greater,
136 }
137 }
138}
139140impl PartialOrd for ClockSkew {
141fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
142Some(self.cmp(other))
143 }
144}
145146#[cfg(test)]
147mod test {
148// @@ begin test lint list maintained by maint/add_warning @@
149#![allow(clippy::bool_assert_comparison)]
150 #![allow(clippy::clone_on_copy)]
151 #![allow(clippy::dbg_macro)]
152 #![allow(clippy::mixed_attributes_style)]
153 #![allow(clippy::print_stderr)]
154 #![allow(clippy::print_stdout)]
155 #![allow(clippy::single_char_pattern)]
156 #![allow(clippy::unwrap_used)]
157 #![allow(clippy::unchecked_duration_subtraction)]
158 #![allow(clippy::useless_vec)]
159 #![allow(clippy::needless_pass_by_value)]
160//! <!-- @@ end test lint list maintained by maint/add_warning @@ -->
161162use super::*;
163use tor_basic_utils::test_rng::testing_rng;
164165#[test]
166fn make_skew() {
167let now = SystemTime::now();
168let later = now + Duration::from_secs(777);
169let earlier = now - Duration::from_secs(333);
170let window = Duration::from_secs(30);
171172// Case 1: they say our clock is slow.
173let skew = ClockSkew::from_handshake_timestamps(now, later, window);
174// The window is only subtracted in this case, since we're reporting the _minimum_ skew.
175assert_eq!(skew, ClockSkew::Slow(Duration::from_secs(747)));
176177// Case 2: they say our clock is fast.
178let skew = ClockSkew::from_handshake_timestamps(now, earlier, window);
179assert_eq!(skew, ClockSkew::Fast(Duration::from_secs(333)));
180181// Case 3: The variation in our clock is less than the time window it took them to answer.
182let skew = ClockSkew::from_handshake_timestamps(now, now + Duration::from_secs(20), window);
183assert_eq!(skew, ClockSkew::None);
184185// Case 4: The variation in our clock is less than the limits of the timer precision.
186let skew = ClockSkew::from_handshake_timestamps(
187 now,
188 now + Duration::from_millis(500),
189 Duration::from_secs(0),
190 );
191assert_eq!(skew, ClockSkew::None);
192 }
193194#[test]
195fn from_f64() {
196use ClockSkew as CS;
197use Duration as D;
198199assert_eq!(CS::from_secs_f64(0.0), Some(CS::None));
200assert_eq!(CS::from_secs_f64(f64::MIN_POSITIVE / 2.0), Some(CS::None)); // subnormal
201assert_eq!(CS::from_secs_f64(1.0), Some(CS::None));
202assert_eq!(CS::from_secs_f64(-1.0), Some(CS::None));
203assert_eq!(CS::from_secs_f64(3.0), Some(CS::Fast(D::from_secs(3))));
204assert_eq!(CS::from_secs_f64(-3.0), Some(CS::Slow(D::from_secs(3))));
205206assert_eq!(CS::from_secs_f64(1.0e100), Some(CS::Fast(D::MAX)));
207assert_eq!(CS::from_secs_f64(-1.0e100), Some(CS::Slow(D::MAX)));
208209assert_eq!(CS::from_secs_f64(f64::NAN), None);
210assert_eq!(CS::from_secs_f64(f64::INFINITY), Some(CS::Fast(D::MAX)));
211assert_eq!(CS::from_secs_f64(f64::NEG_INFINITY), Some(CS::Slow(D::MAX)));
212 }
213214#[test]
215fn order() {
216use rand::seq::SliceRandom as _;
217use ClockSkew as CS;
218let sorted: Vec<ClockSkew> = vec![-10.0, -5.0, 0.0, 0.0, 10.0, 20.0]
219 .into_iter()
220 .map(|n| CS::from_secs_f64(n).unwrap())
221 .collect();
222223let mut rng = testing_rng();
224let mut v = sorted.clone();
225for _ in 0..100 {
226 v.shuffle(&mut rng);
227 v.sort();
228assert_eq!(v, sorted);
229 }
230 }
231}