From cb6bac3f4375a3cccac32db8bda1fb979f3b6f6f Mon Sep 17 00:00:00 2001 From: Bart Polot Date: Tue, 17 Jun 2014 12:13:23 +0000 Subject: [PATCH] - expire old keys adaptively --- src/cadet/gnunet-service-cadet_tunnel.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c index 88c59bdb5..31f4c2ef9 100644 --- a/src/cadet/gnunet-service-cadet_tunnel.c +++ b/src/cadet/gnunet-service-cadet_tunnel.c @@ -1792,11 +1792,16 @@ handle_pong (struct CadetTunnel *t, * Rationale: the KX could have happened over a very fast connection, * with payload traffic still signed with the old key stuck in a slower * connection. + * Don't keep the keys longer than 1/4 the rekey period, and no longer than + * one minute. */ if (GNUNET_SCHEDULER_NO_TASK == t->kx_ctx->finish_task) { - t->kx_ctx->finish_task = - GNUNET_SCHEDULER_add_delayed(GNUNET_TIME_UNIT_MINUTES, finish_kx, t); + struct GNUNET_TIME_Relative delay; + + delay = GNUNET_TIME_relative_divide (rekey_period, 4); + delay = GNUNET_TIME_relative_min (delay, GNUNET_TIME_UNIT_MINUTES); + t->kx_ctx->finish_task = GNUNET_SCHEDULER_add_delayed(delay, finish_kx, t); } GCT_change_estate (t, CADET_TUNNEL3_KEY_OK); } -- 2.25.1