summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2019-08-12 12:32:38 -0400
committerGeorge Kadianakis <desnacked@riseup.net>2019-08-26 15:53:46 +0300
commit7faf10495fa50528fc8a9c45e729b9bc284fab19 (patch)
tree66cd768ebe45a5c952c52c9efedec68819e64359
parent6c79172924a6a1660e55c29b7f2a205205ce0d21 (diff)
downloadtor-7faf10495fa50528fc8a9c45e729b9bc284fab19.tar.gz
tor-7faf10495fa50528fc8a9c45e729b9bc284fab19.zip
hs-v3: Rename INTRO2 consensus param getters
Make it clear that these functions return the consensus param only. Introduction point can not set those values with a torrc option. Signed-off-by: David Goulet <dgoulet@torproject.org>
-rw-r--r--src/feature/hs/hs_dos.c37
-rw-r--r--src/feature/hs/hs_dos.h7
-rw-r--r--src/feature/hs/hs_intropoint.c6
-rw-r--r--src/test/test_hs_dos.c17
4 files changed, 39 insertions, 28 deletions
diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c
index a4586dd700..34af2b74e9 100644
--- a/src/feature/hs/hs_dos.c
+++ b/src/feature/hs/hs_dos.c
@@ -46,11 +46,11 @@
#define HS_DOS_INTRODUCE_ENABLED_DEFAULT 0
/* Consensus parameters. */
-static uint32_t hs_dos_introduce_rate_per_sec =
+static uint32_t param_introduce_rate_per_sec =
HS_DOS_INTRODUCE_DEFAULT_CELL_RATE_PER_SEC;
-static uint32_t hs_dos_introduce_burst_per_sec =
+static uint32_t param_introduce_burst_per_sec =
HS_DOS_INTRODUCE_DEFAULT_CELL_BURST_PER_SEC;
-static uint32_t hs_dos_introduce_enabled =
+static uint32_t param_introduce_defense_enabled =
HS_DOS_INTRODUCE_ENABLED_DEFAULT;
static uint32_t
@@ -90,8 +90,8 @@ update_intro_circuits(void)
SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) {
/* Adjust the rate/burst value that might have changed. */
token_bucket_ctr_adjust(&TO_OR_CIRCUIT(circ)->introduce2_bucket,
- hs_dos_get_intro2_rate(),
- hs_dos_get_intro2_burst());
+ hs_dos_get_intro2_rate_param(),
+ hs_dos_get_intro2_burst_param());
} SMARTLIST_FOREACH_END(circ);
smartlist_free(intro_circs);
@@ -101,9 +101,9 @@ update_intro_circuits(void)
static void
set_consensus_parameters(const networkstatus_t *ns)
{
- hs_dos_introduce_rate_per_sec = get_param_rate_per_sec(ns);
- hs_dos_introduce_burst_per_sec = get_param_burst_per_sec(ns);
- hs_dos_introduce_enabled = get_param_intro_dos_enabled(ns);
+ param_introduce_rate_per_sec = get_param_rate_per_sec(ns);
+ param_introduce_burst_per_sec = get_param_burst_per_sec(ns);
+ param_introduce_defense_enabled = get_param_intro_dos_enabled(ns);
/* The above might have changed which means we need to go through all
* introduction circuits (relay side) and update the token buckets. */
@@ -114,18 +114,25 @@ set_consensus_parameters(const networkstatus_t *ns)
* Public API.
*/
-/* Return the INTRODUCE2 cell rate per second. */
+/* Return the INTRODUCE2 cell rate per second (param or default). */
uint32_t
-hs_dos_get_intro2_rate(void)
+hs_dos_get_intro2_rate_param(void)
{
- return hs_dos_introduce_rate_per_sec;
+ return param_introduce_rate_per_sec;
}
-/* Return the INTRODUCE2 cell burst per second. */
+/* Return the INTRODUCE2 cell burst per second (param or default). */
uint32_t
-hs_dos_get_intro2_burst(void)
+hs_dos_get_intro2_burst_param(void)
{
- return hs_dos_introduce_burst_per_sec;
+ return param_introduce_burst_per_sec;
+}
+
+/* Return the INTRODUCE2 DoS defense enabled flag (param or default). */
+unsigned int
+hs_dos_get_intro2_enabled_param(void)
+{
+ return (unsigned int) param_introduce_defense_enabled;
}
/* Called when the consensus has changed. We might have new consensus
@@ -150,7 +157,7 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ)
tor_assert(s_intro_circ);
/* Always allowed if the defense is disabled. */
- if (!hs_dos_introduce_enabled) {
+ if (!param_introduce_defense_enabled) {
return true;
}
diff --git a/src/feature/hs/hs_dos.h b/src/feature/hs/hs_dos.h
index 9fba00b52b..ee7b697c70 100644
--- a/src/feature/hs/hs_dos.h
+++ b/src/feature/hs/hs_dos.h
@@ -20,11 +20,12 @@ void hs_dos_init(void);
/* Consensus. */
void hs_dos_consensus_has_changed(const networkstatus_t *ns);
+/* Introduction Point. */
bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ);
-/* Getters. */
-uint32_t hs_dos_get_intro2_rate(void);
-uint32_t hs_dos_get_intro2_burst(void);
+unsigned int hs_dos_get_intro2_enabled_param(void);
+uint32_t hs_dos_get_intro2_rate_param(void);
+uint32_t hs_dos_get_intro2_burst_param(void);
#ifdef HS_DOS_PRIVATE
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
index 2c105f0b60..a53ca0d6ba 100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@ -205,8 +205,10 @@ handle_verified_establish_intro_cell(or_circuit_t *circ,
/* Repurpose this circuit into an intro circuit. */
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT);
/* Initialize the INTRODUCE2 token bucket for the rate limiting. */
- token_bucket_ctr_init(&circ->introduce2_bucket, hs_dos_get_intro2_rate(),
- hs_dos_get_intro2_burst(), (uint32_t) approx_time());
+ token_bucket_ctr_init(&circ->introduce2_bucket,
+ hs_dos_get_intro2_rate_param(),
+ hs_dos_get_intro2_burst_param(),
+ (uint32_t) approx_time());
return 0;
}
diff --git a/src/test/test_hs_dos.c b/src/test/test_hs_dos.c
index 3dfa057a4a..e2b211d5df 100644
--- a/src/test/test_hs_dos.c
+++ b/src/test/test_hs_dos.c
@@ -58,8 +58,9 @@ test_can_send_intro2(void *arg)
/* Make that circuit a service intro point. */
circuit_change_purpose(TO_CIRCUIT(or_circ), CIRCUIT_PURPOSE_INTRO_POINT);
/* Initialize the INTRODUCE2 token bucket for the rate limiting. */
- token_bucket_ctr_init(&or_circ->introduce2_bucket, hs_dos_get_intro2_rate(),
- hs_dos_get_intro2_burst(), now);
+ token_bucket_ctr_init(&or_circ->introduce2_bucket,
+ hs_dos_get_intro2_rate_param(),
+ hs_dos_get_intro2_burst_param(), now);
/* Brand new circuit, we should be able to send INTRODUCE2 cells. */
tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
@@ -71,13 +72,13 @@ test_can_send_intro2(void *arg)
tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
}
tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
- hs_dos_get_intro2_burst() - 10);
+ hs_dos_get_intro2_burst_param() - 10);
/* Fully refill the bucket minus 1 cell. */
update_approx_time(++now);
tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
- hs_dos_get_intro2_burst() - 1);
+ hs_dos_get_intro2_burst_param() - 1);
/* Receive an INTRODUCE2 at each second. We should have the bucket full
* since at every second it gets refilled. */
@@ -87,18 +88,18 @@ test_can_send_intro2(void *arg)
}
/* Last check if we can send the cell decrements the bucket so minus 1. */
tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
- hs_dos_get_intro2_burst() - 1);
+ hs_dos_get_intro2_burst_param() - 1);
/* Manually reset bucket for next test. */
token_bucket_ctr_reset(&or_circ->introduce2_bucket, now);
tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
- hs_dos_get_intro2_burst());
+ hs_dos_get_intro2_burst_param());
/* Do a full burst in the current second which should empty the bucket and
* we shouldn't be allowed to send one more cell after that. We go minus 1
* cell else the very last check if we can send the INTRO2 cell returns
* false because the bucket goes down to 0. */
- for (uint32_t i = 0; i < hs_dos_get_intro2_burst() - 1; i++) {
+ for (uint32_t i = 0; i < hs_dos_get_intro2_burst_param() - 1; i++) {
tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
}
tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, 1);
@@ -116,7 +117,7 @@ test_can_send_intro2(void *arg)
update_approx_time(++now);
tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
- hs_dos_get_intro2_rate() - 1);
+ hs_dos_get_intro2_rate_param() - 1);
done:
circuit_free_(TO_CIRCUIT(or_circ));