diff options
| author | David Goulet <dgoulet@torproject.org> | 2022-02-03 19:04:34 +0000 |
|---|---|---|
| committer | Mike Perry <mikeperry-git@torproject.org> | 2022-02-22 19:28:34 +0000 |
| commit | 0eaf0e8a31979621f8a2cfb1671cc4f02fe92b87 (patch) | |
| tree | 6357e0e2ce8a58cc4eca8e05b3423cef60f385d2 /src/feature/hs | |
| parent | 89f5eeefb83231c6eb7b8a857b173a9f962f3c0d (diff) | |
| download | tor-0eaf0e8a31979621f8a2cfb1671cc4f02fe92b87.tar.gz tor-0eaf0e8a31979621f8a2cfb1671cc4f02fe92b87.zip | |
hs: Republish onion descriptor on sendme_inc change
Republishing is necessary to ensure that clients connect using the correct
sendme_inc upon any change. Additionally, introduction points must be
re-chosen, so that cached descriptors with old values are not usable.
We do not expect to change sendme_inc, unless cell size or TLS record size
changes, so this should be rare.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/feature/hs')
| -rw-r--r-- | src/feature/hs/hs_service.c | 29 | ||||
| -rw-r--r-- | src/feature/hs/hs_service.h | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index bf99ad69bd..ff34e5dc44 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -16,6 +16,7 @@ #include "core/or/circuitbuild.h" #include "core/or/circuitlist.h" #include "core/or/circuituse.h" +#include "core/or/congestion_control_common.h" #include "core/or/extendinfo.h" #include "core/or/relay.h" #include "feature/client/circpathbias.h" @@ -3690,6 +3691,34 @@ hs_service_map_has_changed(void) rescan_periodic_events(get_options()); } +/** Called when a new consensus has arrived and has been set globally. The new + * consensus is pointed by ns. */ +void +hs_service_new_consensus_params(const networkstatus_t *ns) +{ + tor_assert(ns); + + /* This value is the new value from the consensus. */ + uint8_t current_sendme_inc = congestion_control_sendme_inc(); + + if (!hs_service_map) + return; + + /* Check each service and look if their descriptor contains a different + * sendme increment. If so, nuke all intro points by forcing an expiration + * which will lead to rebuild and reupload with the new value. */ + FOR_EACH_SERVICE_BEGIN(service) { + FOR_EACH_DESCRIPTOR_BEGIN(service, desc) { + if (desc->desc && + desc->desc->encrypted_data.sendme_inc != current_sendme_inc) { + /* Passing the maximum time_t will force expiration of all intro points + * and thus will lead to a rebuild of the descriptor. */ + cleanup_intro_points(service, LONG_MAX); + } + } FOR_EACH_DESCRIPTOR_END; + } FOR_EACH_SERVICE_END; +} + /** Upload an encoded descriptor in encoded_desc of the given version. This * descriptor is for the service identity_pk and blinded_pk used to setup the * directory connection identifier. It is uploaded to the directory hsdir_rs diff --git a/src/feature/hs/hs_service.h b/src/feature/hs/hs_service.h index c48f470245..95461289ce 100644 --- a/src/feature/hs/hs_service.h +++ b/src/feature/hs/hs_service.h @@ -355,6 +355,7 @@ smartlist_t *hs_service_get_metrics_stores(void); void hs_service_map_has_changed(void); void hs_service_dir_info_changed(void); +void hs_service_new_consensus_params(const networkstatus_t *ns); void hs_service_run_scheduled_events(time_t now); void hs_service_circuit_has_opened(origin_circuit_t *circ); int hs_service_receive_intro_established(origin_circuit_t *circ, |