hs-v3: Add enable/disable HS DoS introduce parameter

Following prop305 values.

Signed-off-by: David Goulet <dgoulet@torproject.org>

1 files changed, 19 insertions, 0 deletions

diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c
index 25d282adbc..f817b49885 100644
--- a/src/feature/hs/hs_dos.c
+++ b/src/feature/hs/hs_dos.c
@@ -40,11 +40,24 @@
  * but never goes above that burst value. */
 #define HS_DOS_INTRODUCE_CELL_BURST_PER_SEC 200
 
+/* Default value of the consensus parameter enabling or disabling the
+ * introduction DoS defense. Disabled by default. */
+#define HS_DOS_INTRODUCE_ENABLED_DEFAULT 0
+
 /* Consensus parameters. */
 static uint32_t hs_dos_introduce_rate_per_sec =
   HS_DOS_INTRODUCE_CELL_RATE_PER_SEC;
 static uint32_t hs_dos_introduce_burst_per_sec =
   HS_DOS_INTRODUCE_CELL_BURST_PER_SEC;
+static uint32_t hs_dos_introduce_enabled =
+  HS_DOS_INTRODUCE_ENABLED_DEFAULT;
+
+static uint32_t
+get_param_intro_dos_enabled(const networkstatus_t *ns)
+{
+  return networkstatus_get_param(ns, "HiddenServiceEnableIntroDoSDefense",
+                                 HS_DOS_INTRODUCE_ENABLED_DEFAULT, 0, 1);
+}
 
 /* Return the parameter for the introduction rate per sec. */
 static uint32_t
@@ -70,6 +83,7 @@ set_consensus_parameters(const networkstatus_t *ns)
 {
   hs_dos_introduce_rate_per_sec = get_param_rate_per_sec(ns);
   hs_dos_introduce_burst_per_sec = get_param_burst_per_sec(ns);
+  hs_dos_introduce_enabled = get_param_intro_dos_enabled(ns);
 }
 
 /*
@@ -111,6 +125,11 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ)
 {
   tor_assert(s_intro_circ);
 
+  /* Always allowed if the defense is disabled. */
+  if (!hs_dos_introduce_enabled) {
+    return true;
+  }
+
   /* Should not happen but if so, scream loudly. */
   if (BUG(TO_CIRCUIT(s_intro_circ)->purpose != CIRCUIT_PURPOSE_INTRO_POINT)) {
     return false;