Merge remote-tracking branch 'tor-gitlab/mr/278'

13 files changed, 233 insertions, 62 deletions

diff --git a/changes/ticket40261 b/changes/ticket40261
new file mode 100644
index 0000000000..f8d05a25be
--- /dev/null
+++ b/changes/ticket40261
@@ -0,0 +1,4 @@
+  o Code simplification and refactoring (metrics, DoS):
+    - Move the DoS subsystem into the subsys manager including its configuration
+      options. Closes ticket 40261.
+
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 1a1f3a674b..a4dbac4b49 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -428,19 +428,6 @@ static const config_var_t option_vars_[] = {
   V(DormantTimeoutDisabledByIdleStreams, BOOL,     "1"),
   V(DormantOnFirstStartup,       BOOL,      "0"),
   V(DormantCanceledByStartup,    BOOL,      "0"),
-  /* DoS circuit creation options. */
-  V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
-  V(DoSCircuitCreationMinConnections,      POSINT, "0"),
-  V(DoSCircuitCreationRate,      POSINT,     "0"),
-  V(DoSCircuitCreationBurst,     POSINT,     "0"),
-  V(DoSCircuitCreationDefenseType,         INT,  "0"),
-  V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
-  /* DoS connection options. */
-  V(DoSConnectionEnabled,        AUTOBOOL, "auto"),
-  V(DoSConnectionMaxConcurrentCount,       POSINT, "0"),
-  V(DoSConnectionDefenseType,    INT,      "0"),
-  /* DoS single hop client options. */
-  V(DoSRefuseSingleHopClientRendezvous,    AUTOBOOL, "auto"),
   V(DownloadExtraInfo,           BOOL,     "0"),
   V(TestingEnableConnBwEvent,    BOOL,     "0"),
   V(TestingEnableCellStatsEvent, BOOL,     "0"),
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index 4364f145ed..714034b28d 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -1031,35 +1031,6 @@ struct or_options_t {
    */
   int DisableSignalHandlers;
 
-  /** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */
-  int DoSCircuitCreationEnabled;
-  /** Minimum concurrent connection needed from one single address before any
-   * defense is used. */
-  int DoSCircuitCreationMinConnections;
-  /** Circuit rate used to refill the token bucket. */
-  int DoSCircuitCreationRate;
-  /** Maximum allowed burst of circuits. Reaching that value, the address is
-   * detected as malicious and a defense might be used. */
-  int DoSCircuitCreationBurst;
-  /** When an address is marked as malicious, what defense should be used
-   * against it. See the dos_cc_defense_type_t enum. */
-  int DoSCircuitCreationDefenseType;
-  /** For how much time (in seconds) the defense is applicable for a malicious
-   * address. A random time delta is added to the defense time of an address
-   * which will be between 1 second and half of this value. */
-  int DoSCircuitCreationDefenseTimePeriod;
-
-  /** Autobool: Is the DoS connection mitigation subsystem enabled? */
-  int DoSConnectionEnabled;
-  /** Maximum concurrent connection allowed per address. */
-  int DoSConnectionMaxConcurrentCount;
-  /** When an address is reaches the maximum count, what defense should be
-   * used against it. See the dos_conn_defense_type_t enum. */
-  int DoSConnectionDefenseType;
-
-  /** Autobool: Do we refuse single hop client rendezvous? */
-  int DoSRefuseSingleHopClientRendezvous;
-
   /** Interval: how long without activity does it take for a client
    * to become dormant?
    **/
diff --git a/src/app/main/subsystem_list.c b/src/app/main/subsystem_list.c
index cb79909e69..4b417f57e2 100644
--- a/src/app/main/subsystem_list.c
+++ b/src/app/main/subsystem_list.c
@@ -14,6 +14,7 @@
 #include "lib/cc/torint.h"
 
 #include "core/mainloop/mainloop_sys.h"
+#include "core/or/dos_sys.h"
 #include "core/or/or_sys.h"
 #include "feature/control/btrack_sys.h"
 #include "lib/compress/compress_sys.h"
@@ -64,6 +65,7 @@ const subsys_fns_t *tor_subsystems[] = {
 
   &sys_mainloop,
   &sys_or,
+  &sys_dos,
 
   &sys_relay,
   &sys_hs,
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 41bf303ffe..a761082be0 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -23,7 +23,9 @@
 #include "lib/crypt_ops/crypto_rand.h"
 
 #include "core/or/dos.h"
+#include "core/or/dos_sys.h"
 
+#include "core/or/dos_options_st.h"
 #include "core/or/or_connection_st.h"
 
 /*
@@ -77,8 +79,8 @@ static uint64_t num_single_hop_client_refused;
 MOCK_IMPL(STATIC unsigned int,
 get_param_cc_enabled, (const networkstatus_t *ns))
 {
-  if (get_options()->DoSCircuitCreationEnabled != -1) {
-    return get_options()->DoSCircuitCreationEnabled;
+  if (dos_get_options()->DoSCircuitCreationEnabled != -1) {
+    return dos_get_options()->DoSCircuitCreationEnabled;
   }
 
   return !!networkstatus_get_param(ns, "DoSCircuitCreationEnabled",
@@ -90,8 +92,8 @@ get_param_cc_enabled, (const networkstatus_t *ns))
 STATIC uint32_t
 get_param_cc_min_concurrent_connection(const networkstatus_t *ns)
 {
-  if (get_options()->DoSCircuitCreationMinConnections) {
-    return get_options()->DoSCircuitCreationMinConnections;
+  if (dos_get_options()->DoSCircuitCreationMinConnections) {
+    return dos_get_options()->DoSCircuitCreationMinConnections;
   }
   return networkstatus_get_param(ns, "DoSCircuitCreationMinConnections",
                                  DOS_CC_MIN_CONCURRENT_CONN_DEFAULT,
@@ -104,8 +106,8 @@ static uint32_t
 get_param_cc_circuit_rate(const networkstatus_t *ns)
 {
   /* This is in seconds. */
-  if (get_options()->DoSCircuitCreationRate) {
-    return get_options()->DoSCircuitCreationRate;
+  if (dos_get_options()->DoSCircuitCreationRate) {
+    return dos_get_options()->DoSCircuitCreationRate;
   }
   return networkstatus_get_param(ns, "DoSCircuitCreationRate",
                                  DOS_CC_CIRCUIT_RATE_DEFAULT,
@@ -117,8 +119,8 @@ get_param_cc_circuit_rate(const networkstatus_t *ns)
 STATIC uint32_t
 get_param_cc_circuit_burst(const networkstatus_t *ns)
 {
-  if (get_options()->DoSCircuitCreationBurst) {
-    return get_options()->DoSCircuitCreationBurst;
+  if (dos_get_options()->DoSCircuitCreationBurst) {
+    return dos_get_options()->DoSCircuitCreationBurst;
   }
   return networkstatus_get_param(ns, "DoSCircuitCreationBurst",
                                  DOS_CC_CIRCUIT_BURST_DEFAULT,
@@ -129,8 +131,8 @@ get_param_cc_circuit_burst(const networkstatus_t *ns)
 static uint32_t
 get_param_cc_defense_type(const networkstatus_t *ns)
 {
-  if (get_options()->DoSCircuitCreationDefenseType) {
-    return get_options()->DoSCircuitCreationDefenseType;
+  if (dos_get_options()->DoSCircuitCreationDefenseType) {
+    return dos_get_options()->DoSCircuitCreationDefenseType;
   }
   return networkstatus_get_param(ns, "DoSCircuitCreationDefenseType",
                                  DOS_CC_DEFENSE_TYPE_DEFAULT,
@@ -143,8 +145,8 @@ static int32_t
 get_param_cc_defense_time_period(const networkstatus_t *ns)
 {
   /* Time in seconds. */
-  if (get_options()->DoSCircuitCreationDefenseTimePeriod) {
-    return get_options()->DoSCircuitCreationDefenseTimePeriod;
+  if (dos_get_options()->DoSCircuitCreationDefenseTimePeriod) {
+    return dos_get_options()->DoSCircuitCreationDefenseTimePeriod;
   }
   return networkstatus_get_param(ns, "DoSCircuitCreationDefenseTimePeriod",
                                  DOS_CC_DEFENSE_TIME_PERIOD_DEFAULT,
@@ -156,8 +158,8 @@ get_param_cc_defense_time_period(const networkstatus_t *ns)
 MOCK_IMPL(STATIC unsigned int,
 get_param_conn_enabled, (const networkstatus_t *ns))
 {
-  if (get_options()->DoSConnectionEnabled != -1) {
-    return get_options()->DoSConnectionEnabled;
+  if (dos_get_options()->DoSConnectionEnabled != -1) {
+    return dos_get_options()->DoSConnectionEnabled;
   }
   return !!networkstatus_get_param(ns, "DoSConnectionEnabled",
                                    DOS_CONN_ENABLED_DEFAULT, 0, 1);
@@ -168,8 +170,8 @@ get_param_conn_enabled, (const networkstatus_t *ns))
 STATIC uint32_t
 get_param_conn_max_concurrent_count(const networkstatus_t *ns)
 {
-  if (get_options()->DoSConnectionMaxConcurrentCount) {
-    return get_options()->DoSConnectionMaxConcurrentCount;
+  if (dos_get_options()->DoSConnectionMaxConcurrentCount) {
+    return dos_get_options()->DoSConnectionMaxConcurrentCount;
   }
   return networkstatus_get_param(ns, "DoSConnectionMaxConcurrentCount",
                                  DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT,
@@ -180,8 +182,8 @@ get_param_conn_max_concurrent_count(const networkstatus_t *ns)
 static uint32_t
 get_param_conn_defense_type(const networkstatus_t *ns)
 {
-  if (get_options()->DoSConnectionDefenseType) {
-    return get_options()->DoSConnectionDefenseType;
+  if (dos_get_options()->DoSConnectionDefenseType) {
+    return dos_get_options()->DoSConnectionDefenseType;
   }
   return networkstatus_get_param(ns, "DoSConnectionDefenseType",
                                  DOS_CONN_DEFENSE_TYPE_DEFAULT,
@@ -613,8 +615,8 @@ dos_should_refuse_single_hop_client(void)
     return 0;
   }
 
-  if (get_options()->DoSRefuseSingleHopClientRendezvous != -1) {
-    return get_options()->DoSRefuseSingleHopClientRendezvous;
+  if (dos_get_options()->DoSRefuseSingleHopClientRendezvous != -1) {
+    return dos_get_options()->DoSRefuseSingleHopClientRendezvous;
   }
 
   return (int) networkstatus_get_param(NULL,
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index b3eca058b8..62c3857409 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -9,6 +9,8 @@
 #ifndef TOR_DOS_H
 #define TOR_DOS_H
 
+#include "core/or/or.h"
+
 /* Structure that keeps stats of client connection per-IP. */
 typedef struct cc_client_stats_t {
   /* Number of allocated circuits remaining for this address.  It is
diff --git a/src/core/or/dos_config.c b/src/core/or/dos_config.c
new file mode 100644
index 0000000000..e97c505ea3
--- /dev/null
+++ b/src/core/or/dos_config.c
@@ -0,0 +1,29 @@
+/* Copyright (c) 2021, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * @file dos_config.c
+ * @brief Code to interpret the user's configuration of DoS module.
+ **/
+
+#include "core/or/dos_config.h"
+#include "core/or/dos_options_st.h"
+
+/* Declare the options field table for dos_options */
+#define CONF_CONTEXT TABLE
+#include "core/or/dos_options.inc"
+#undef CONF_CONTEXT
+
+/** Magic number for dos_options_t. */
+#define DOS_OPTIONS_MAGIC 0x91716151
+
+/**
+ * Declare the configuration options for the dos module.
+ **/
+const config_format_t dos_options_fmt = {
+  .size = sizeof(dos_options_t),
+  .magic = { "dos_options_t",
+             DOS_OPTIONS_MAGIC,
+             offsetof(dos_options_t, magic) },
+  .vars = dos_options_t_vars,
+};
diff --git a/src/core/or/dos_config.h b/src/core/or/dos_config.h
new file mode 100644
index 0000000000..de8e135aaa
--- /dev/null
+++ b/src/core/or/dos_config.h
@@ -0,0 +1,16 @@
+/* Copyright (c) 2021, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * @file dos_config.h
+ * @brief Header for core/or/dos_config.c
+ **/
+
+#ifndef TOR_CORE_OR_DOS_CONFIG_H
+#define TOR_CORE_OR_DOS_CONFIG_H
+
+#include "lib/conf/conftypes.h"
+
+extern const struct config_format_t dos_options_fmt;
+
+#endif /* !defined(TOR_CORE_OR_DOS_CONFIG_H) */
diff --git a/src/core/or/dos_options.inc b/src/core/or/dos_options.inc
new file mode 100644
index 0000000000..063a739939
--- /dev/null
+++ b/src/core/or/dos_options.inc
@@ -0,0 +1,47 @@
+/* Copyright (c) 2021, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * @file dos_options.inc
+ * @brief Declare configuration options for the DoS module.
+ **/
+
+BEGIN_CONF_STRUCT(dos_options_t)
+
+/** Autobool: Is the DoS connection mitigation subsystem enabled? */
+CONF_VAR(DoSConnectionEnabled, AUTOBOOL, 0, "auto")
+
+/** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */
+CONF_VAR(DoSCircuitCreationEnabled, AUTOBOOL, 0, "auto")
+
+/** Minimum concurrent connection needed from one single address before any
+ * defense is used. */
+CONF_VAR(DoSCircuitCreationMinConnections, POSINT, 0, "0")
+
+/** Circuit rate used to refill the token bucket. */
+CONF_VAR(DoSCircuitCreationRate, POSINT, 0, "0")
+
+/** Maximum allowed burst of circuits. Reaching that value, the address is
+ * detected as malicious and a defense might be used. */
+CONF_VAR(DoSCircuitCreationBurst, POSINT, 0, "0")
+
+/** When an address is marked as malicious, what defense should be used
+ * against it. See the dos_cc_defense_type_t enum. */
+CONF_VAR(DoSCircuitCreationDefenseType, INT, 0, "0")
+
+/** For how much time (in seconds) the defense is applicable for a malicious
+ * address. A random time delta is added to the defense time of an address
+ * which will be between 1 second and half of this value. */
+CONF_VAR(DoSCircuitCreationDefenseTimePeriod, INTERVAL, 0, "0")
+
+/** Maximum concurrent connection allowed per address. */
+CONF_VAR(DoSConnectionMaxConcurrentCount, POSINT, 0, "0")
+
+/** When an address is reaches the maximum count, what defense should be
+ * used against it. See the dos_conn_defense_type_t enum. */
+CONF_VAR(DoSConnectionDefenseType, INT, 0, "0")
+
+/** Autobool: Do we refuse single hop client rendezvous? */
+CONF_VAR(DoSRefuseSingleHopClientRendezvous, AUTOBOOL, 0, "auto")
+
+END_CONF_STRUCT(dos_options_t)
diff --git a/src/core/or/dos_options_st.h b/src/core/or/dos_options_st.h
new file mode 100644
index 0000000000..b62bdecc82
--- /dev/null
+++ b/src/core/or/dos_options_st.h
@@ -0,0 +1,20 @@
+/* Copyright (c) 2021, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * @file dos_options_st.h
+ * @brief Structure dos_options_t to hold options for the DoS subsystem.
+ **/
+
+#ifndef TOR_CORE_OR_DOS_OPTIONS_ST_H
+#define TOR_CORE_OR_DOS_OPTIONS_ST_H
+
+#include "lib/conf/confdecl.h"
+
+#define CONF_CONTEXT STRUCT
+#include "core/or/dos_options.inc"
+#undef CONF_CONTEXT
+
+typedef struct dos_options_t dos_options_t;
+
+#endif /* !defined(TOR_CORE_OR_DOS_OPTIONS_ST_H) */
diff --git a/src/core/or/dos_sys.c b/src/core/or/dos_sys.c
new file mode 100644
index 0000000000..cc3b5bf9c6
--- /dev/null
+++ b/src/core/or/dos_sys.c
@@ -0,0 +1,60 @@
+/* Copyright (c) 2021, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * @file dos_sys.c
+ * @brief Subsystem definitions for DOS module.
+ **/
+
+#include "core/or/or.h"
+
+#include "lib/subsys/subsys.h"
+
+#include "core/or/dos_config.h"
+#include "core/or/dos_sys.h"
+
+#include "core/or/dos_options_st.h"
+
+static const dos_options_t *global_dos_options;
+
+static int
+subsys_dos_initialize(void)
+{
+  return 0;
+}
+
+static void
+subsys_dos_shutdown(void)
+{
+  global_dos_options = NULL;
+}
+
+const dos_options_t *
+dos_get_options(void)
+{
+  tor_assert(global_dos_options);
+  return global_dos_options;
+}
+
+static int
+dos_set_options(void *arg)
+{
+  dos_options_t *opts = arg;
+  global_dos_options = opts;
+  return 0;
+}
+
+const struct subsys_fns_t sys_dos = {
+  SUBSYS_DECLARE_LOCATION(),
+
+  .name = "dos",
+  .supported = true,
+  .level = DOS_SUBSYS_LEVEL,
+
+  .initialize = subsys_dos_initialize,
+  .shutdown = subsys_dos_shutdown,
+
+  /* Configuration Options. */
+  .options_format = &dos_options_fmt,
+  .set_options = dos_set_options,
+};
diff --git a/src/core/or/dos_sys.h b/src/core/or/dos_sys.h
new file mode 100644
index 0000000000..2212d3c707
--- /dev/null
+++ b/src/core/or/dos_sys.h
@@ -0,0 +1,25 @@
+/* Copyright (c) 2021, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * @file dos_sys.h
+ * @brief Header for core/or/dos_sys.c
+ **/
+
+#ifndef TOR_CORE_OR_DOS_SYS_H
+#define TOR_CORE_OR_DOS_SYS_H
+
+struct dos_options_t;
+const struct dos_options_t *dos_get_options(void);
+
+extern const struct subsys_fns_t sys_dos;
+
+/**
+ * Subsystem level for the metrics system.
+ *
+ * Defined here so that it can be shared between the real and stub
+ * definitions.
+ **/
+#define DOS_SUBSYS_LEVEL (21)
+
+#endif /* !defined(TOR_CORE_OR_DOS_SYS_H) */
diff --git a/src/core/or/include.am b/src/core/or/include.am
index 7c42268c46..b578b75673 100644
--- a/src/core/or/include.am
+++ b/src/core/or/include.am
@@ -18,6 +18,8 @@ LIBTOR_APP_A_SOURCES += 				\
 	src/core/or/connection_edge.c		\
 	src/core/or/connection_or.c		\
 	src/core/or/dos.c			\
+	src/core/or/dos_config.c			\
+	src/core/or/dos_sys.c			\
 	src/core/or/extendinfo.c			\
 	src/core/or/onion.c			\
 	src/core/or/ocirc_event.c		\
@@ -64,6 +66,10 @@ noinst_HEADERS +=					\
 	src/core/or/crypt_path_st.h			\
 	src/core/or/destroy_cell_queue_st.h		\
 	src/core/or/dos.h				\
+	src/core/or/dos_config.h				\
+	src/core/or/dos_options.inc				\
+	src/core/or/dos_options_st.h				\
+	src/core/or/dos_sys.h				\
 	src/core/or/edge_connection_st.h		\
 	src/core/or/extendinfo.h			\
 	src/core/or/half_edge_st.h			\