hs-v3: Move to hs_dos.c INTRO2 defenses initialization

A bit cleaner especially that the next commit(s) will make the consensus param
interface private to hs_dos.c so we expose as little as we can outside of the
subsystem.

Part of #30924

Signed-off-by: David Goulet <dgoulet@torproject.org>

4 files changed, 20 insertions, 10 deletions

diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c
index d83c8ee108..0eb3069770 100644
--- a/src/feature/hs/hs_dos.c
+++ b/src/feature/hs/hs_dos.c
@@ -135,6 +135,21 @@ hs_dos_get_intro2_enabled_param(void)
   return (unsigned int) param_introduce_defense_enabled;
 }
 
+/* Initialize the INTRODUCE2 token bucket for the DoS defenses using the
+ * consensus/default values. We might get a cell extension that changes those
+ * later but if we don't, the default or consensus parameters are used. */
+void
+hs_dos_setup_default_intro2_defenses(or_circuit_t *circ)
+{
+  tor_assert(circ);
+
+  circ->introduce2_dos_defense_enabled = get_param_intro_dos_enabled(NULL);
+  token_bucket_ctr_init(&circ->introduce2_bucket,
+                        get_param_rate_per_sec(NULL),
+                        get_param_burst_per_sec(NULL),
+                        (uint32_t) approx_time());
+}
+
 /* Called when the consensus has changed. We might have new consensus
  * parameters to look at. */
 void
diff --git a/src/feature/hs/hs_dos.h b/src/feature/hs/hs_dos.h
index ee7b697c70..1d2dd67d0f 100644
--- a/src/feature/hs/hs_dos.h
+++ b/src/feature/hs/hs_dos.h
@@ -22,6 +22,7 @@ void hs_dos_consensus_has_changed(const networkstatus_t *ns);
 
 /* Introduction Point. */
 bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ);
+void hs_dos_setup_default_intro2_defenses(or_circuit_t *circ);
 
 unsigned int hs_dos_get_intro2_enabled_param(void);
 uint32_t hs_dos_get_intro2_rate_param(void);
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
index bafd3d1f44..fc7d961945 100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@ -298,14 +298,9 @@ handle_verified_establish_intro_cell(or_circuit_t *circ,
   get_auth_key_from_cell(&auth_key, RELAY_COMMAND_ESTABLISH_INTRO,
                          parsed_cell);
 
-  /* Initialize the INTRODUCE2 token bucket for the DoS defenses using the
-   * consensus/default values. We might get a cell extension that changes
-   * those but if we don't, the default or consensus parameters are used. */
-  circ->introduce2_dos_defense_enabled = hs_dos_get_intro2_enabled_param();
-  token_bucket_ctr_init(&circ->introduce2_bucket,
-                        hs_dos_get_intro2_rate_param(),
-                        hs_dos_get_intro2_burst_param(),
-                        (uint32_t) approx_time());
+  /* Setup INTRODUCE2 defenses on the circuit. Must be done before parsing the
+   * cell extension that can possibly change the defenses' values. */
+  hs_dos_setup_default_intro2_defenses(circ);
 
   /* Handle cell extension if any. */
   handle_establish_intro_cell_extensions(parsed_cell, circ);
diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c
index ef2a44c40d..be3d66fc43 100644
--- a/src/feature/rend/rendmid.c
+++ b/src/feature/rend/rendmid.c
@@ -117,8 +117,7 @@ rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request,
   /* Now, set up this circuit. */
   circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT);
   hs_circuitmap_register_intro_circ_v2_relay_side(circ, (uint8_t *)pk_digest);
-  token_bucket_ctr_init(&circ->introduce2_bucket, hs_dos_get_intro2_rate(),
-                        hs_dos_get_intro2_burst(), (uint32_t) approx_time());
+  hs_dos_setup_default_intro2_defenses(circ);
 
   log_info(LD_REND,
            "Established introduction point on circuit %u for service %s",