1 files changed, 16 insertions, 7 deletions

diff --git a/src/or/command.c b/src/or/command.c
index c8735165e..44420c980 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -45,7 +45,11 @@ uint64_t stats_n_versions_cells_processed = 0;
 /** How many CELL_NETINFO cells have we received, ever? */
 uint64_t stats_n_netinfo_cells_processed = 0;
 /** Have we received a NETINFO cell from a trusted dir, ever? Used
- * to decide what to do about time skew. */
+ * to decide what to do about time skew.
+ * 0 == No, and and we haven't tried asking an authority yet
+ * 1 == No, we've launched a query but haven't heard back yet
+ * 2 == Yes
+ **/
 static int received_netinfo_from_trusted_dir = 0;
 
 /* These are the main functions for processing cells */
@@ -625,9 +629,9 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
 #define NETINFO_NOTICE_SKEW 3600
   if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
       router_get_by_digest(conn->identity_digest) &&
-      !received_netinfo_from_trusted_dir) {
+      received_netinfo_from_trusted_dir != 2) {
     char dbuf[64];
-    /*XXXX be smarter about when everybody says we are skewed. */
+
     int severity = router_digest_is_trusted_dir(conn->identity_digest) ?
                    LOG_WARN : LOG_INFO;
     format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
@@ -643,7 +647,10 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
                           "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
                           apparent_skew,
                           conn->_base.address, conn->_base.port);
-    } else { /* Connect to a trusted dir to trigger a NETINFO cell*/
+      received_netinfo_from_trusted_dir = 2;
+    /* Connect to a trusted dir to trigger a NETINFO cell
+     * only if we haven't already */
+    } else if(received_netinfo_from_trusted_dir == 0) {
       routerstatus_t *any_trusted_dir =
         router_pick_trusteddirserver(NO_AUTHORITY, 0);
       tor_addr_t trusted_dir_addr;
@@ -651,12 +658,14 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
       connection_or_connect(&trusted_dir_addr,
         any_trusted_dir->or_port,
         any_trusted_dir->descriptor_digest);
+      received_netinfo_from_trusted_dir = 1;
     }
   }
 
-  /* Note that we received a netinfo cell from a trusted directory */
-  if (router_digest_is_trusted_dir(conn->identity_digest))
-    received_netinfo_from_trusted_dir = 1;
+  /* Note that we received a good netinfo cell from a trusted directory */
+  if (router_digest_is_trusted_dir(conn->identity_digest) &&
+      labs(apparent_skew) <= NETINFO_NOTICE_SKEW)
+    received_netinfo_from_trusted_dir = 2;
 
   /* XXX maybe act on my_apparent_addr, if the source is sufficiently
    * trustworthy. */