summaryrefslogtreecommitdiff
path: root/src/feature
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2019-06-11 08:28:13 -0400
committerDavid Goulet <dgoulet@torproject.org>2019-08-06 07:58:14 -0400
commitc5b00c5a514a6b40e5245bc1fd78fe5490922739 (patch)
tree52c2c6791d959c84c7c2b0d538e8aac1d5cb913a /src/feature
parentfec0a7b7cbae344bd813152c8a04b6e87b6fa9a7 (diff)
downloadtor-c5b00c5a514a6b40e5245bc1fd78fe5490922739.tar.gz
tor-c5b00c5a514a6b40e5245bc1fd78fe5490922739.zip
hs-v3: Add consensus parameters for DoS defenses
Part of #15516 Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/feature')
-rw-r--r--src/feature/hs/hs_common.c2
-rw-r--r--src/feature/hs/hs_dos.c85
-rw-r--r--src/feature/hs/hs_dos.h25
-rw-r--r--src/feature/nodelist/networkstatus.c2
4 files changed, 98 insertions, 16 deletions
diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c
index a5747fe170..8661ce046a 100644
--- a/src/feature/hs/hs_common.c
+++ b/src/feature/hs/hs_common.c
@@ -21,6 +21,7 @@
#include "feature/hs/hs_circuitmap.h"
#include "feature/hs/hs_client.h"
#include "feature/hs/hs_common.h"
+#include "feature/hs/hs_dos.h"
#include "feature/hs/hs_ident.h"
#include "feature/hs/hs_service.h"
#include "feature/hs_common/shared_random_client.h"
@@ -30,6 +31,7 @@
#include "feature/nodelist/routerset.h"
#include "feature/rend/rendcommon.h"
#include "feature/rend/rendservice.h"
+#include "feature/relay/routermode.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c
index ad9d044f48..25d282adbc 100644
--- a/src/feature/hs/hs_dos.c
+++ b/src/feature/hs/hs_dos.c
@@ -18,14 +18,92 @@
#define HS_DOS_PRIVATE
+#include "core/or/or.h"
+#include "app/config/config.h"
+
#include "core/or/circuitlist.h"
+#include "feature/nodelist/networkstatus.h"
+#include "feature/relay/routermode.h"
+
+#include "lib/evloop/token_bucket.h"
+
#include "hs_dos.h"
+/* Default value of the allowed INTRODUCE2 cell rate per second. Above that
+ * value per second, the introduction is denied. */
+#define HS_DOS_INTRODUCE_CELL_RATE_PER_SEC 25
+
+/* Default value of the allowed INTRODUCE2 cell burst per second. This is the
+ * maximum value a token bucket has per second. We thus allow up to this value
+ * of INTRODUCE2 cell per second but the bucket is refilled by the rate value
+ * but never goes above that burst value. */
+#define HS_DOS_INTRODUCE_CELL_BURST_PER_SEC 200
+
+/* Consensus parameters. */
+static uint32_t hs_dos_introduce_rate_per_sec =
+ HS_DOS_INTRODUCE_CELL_RATE_PER_SEC;
+static uint32_t hs_dos_introduce_burst_per_sec =
+ HS_DOS_INTRODUCE_CELL_BURST_PER_SEC;
+
+/* Return the parameter for the introduction rate per sec. */
+static uint32_t
+get_param_rate_per_sec(const networkstatus_t *ns)
+{
+ return networkstatus_get_param(ns, "HiddenServiceEnableIntroDoSRatePerSec",
+ HS_DOS_INTRODUCE_CELL_RATE_PER_SEC,
+ 0, INT32_MAX);
+}
+
+/* Return the parameter for the introduction burst per sec. */
+static uint32_t
+get_param_burst_per_sec(const networkstatus_t *ns)
+{
+ return networkstatus_get_param(ns, "HiddenServiceEnableIntroDoSBurstPerSec",
+ HS_DOS_INTRODUCE_CELL_BURST_PER_SEC,
+ 0, INT32_MAX);
+}
+
+/* Set consensus parameters. */
+static void
+set_consensus_parameters(const networkstatus_t *ns)
+{
+ hs_dos_introduce_rate_per_sec = get_param_rate_per_sec(ns);
+ hs_dos_introduce_burst_per_sec = get_param_burst_per_sec(ns);
+}
+
/*
* Public API.
*/
+/* Return the INTRODUCE2 cell rate per second. */
+uint32_t
+hs_dos_get_intro2_rate(void)
+{
+ return hs_dos_introduce_rate_per_sec;
+}
+
+/* Return the INTRODUCE2 cell burst per second. */
+uint32_t
+hs_dos_get_intro2_burst(void)
+{
+ return hs_dos_introduce_burst_per_sec;
+}
+
+/* Called when the consensus has changed. We might have new consensus
+ * parameters to look at. */
+void
+hs_dos_consensus_has_changed(const networkstatus_t *ns)
+{
+ /* No point on updating these values if we are not a public relay that can
+ * be picked to be an introduction point. */
+ if (!public_server_mode(get_options())) {
+ return;
+ }
+
+ set_consensus_parameters(ns);
+}
+
/* Return true iff an INTRODUCE2 cell can be sent on the given service
* introduction circuit. */
bool
@@ -58,3 +136,10 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ)
/* Finally, we can send a new INTRODUCE2 if there are still tokens. */
return token_bucket_ctr_get(&s_intro_circ->introduce2_bucket) > 0;
}
+
+/* Initialize the onion service Denial of Service subsystem. */
+void
+hs_dos_init(void)
+{
+ set_consensus_parameters(NULL);
+}
diff --git a/src/feature/hs/hs_dos.h b/src/feature/hs/hs_dos.h
index e3a83a1039..9fba00b52b 100644
--- a/src/feature/hs/hs_dos.h
+++ b/src/feature/hs/hs_dos.h
@@ -12,26 +12,19 @@
#include "core/or/or_circuit_st.h"
-#include "lib/evloop/token_bucket.h"
+#include "feature/nodelist/networkstatus_st.h"
-#define HS_DOS_INTRODUCE_CELL_RATE_PER_SEC 25
-#define HS_DOS_INTRODUCE_CELL_BURST_PER_SEC 200
+/* Init */
+void hs_dos_init(void);
+
+/* Consensus. */
+void hs_dos_consensus_has_changed(const networkstatus_t *ns);
bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ);
-/* Return the INTRODUCE2 cell rate per second. */
-static inline
-uint32_t hs_dos_get_intro2_rate(void)
-{
- return HS_DOS_INTRODUCE_CELL_RATE_PER_SEC;
-}
-
-/* Return the INTRODUCE2 cell burst per second. */
-static inline
-uint32_t hs_dos_get_intro2_burst(void)
-{
- return HS_DOS_INTRODUCE_CELL_BURST_PER_SEC;
-}
+/* Getters. */
+uint32_t hs_dos_get_intro2_rate(void);
+uint32_t hs_dos_get_intro2_burst(void);
#ifdef HS_DOS_PRIVATE
diff --git a/src/feature/nodelist/networkstatus.c b/src/feature/nodelist/networkstatus.c
index 2db293a8af..496bafb865 100644
--- a/src/feature/nodelist/networkstatus.c
+++ b/src/feature/nodelist/networkstatus.c
@@ -68,6 +68,7 @@
#include "feature/dircommon/voting_schedule.h"
#include "feature/dirparse/ns_parse.h"
#include "feature/hibernate/hibernate.h"
+#include "feature/hs/hs_dos.h"
#include "feature/nodelist/authcert.h"
#include "feature/nodelist/dirlist.h"
#include "feature/nodelist/fmt_routerstatus.h"
@@ -1674,6 +1675,7 @@ notify_before_networkstatus_changes(const networkstatus_t *old_c,
notify_control_networkstatus_changed(old_c, new_c);
dos_consensus_has_changed(new_c);
relay_consensus_has_changed(new_c);
+ hs_dos_consensus_has_changed(new_c);
}
/* Called after a new consensus has been put in the global state. It is safe