diff options
| author | David Goulet <dgoulet@ev0ke.net> | 2015-04-20 15:51:06 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@ev0ke.net> | 2015-04-20 17:38:31 -0400 |
| commit | 6f6881c4324f35d44b997591939de7e847cca7a3 (patch) | |
| tree | 378446299ad2585a4ab139391492a7283c3591af /src/or/or.h | |
| parent | 06939551f4c081c46a09864465a4989ca8bb2e42 (diff) | |
| download | tor-6f6881c4324f35d44b997591939de7e847cca7a3.tar.gz tor-6f6881c4324f35d44b997591939de7e847cca7a3.zip | |
Use a random count of INTRODUCE2 for IP rotation
An introduction point is currently rotated when the amount of INTRODUCE2
cells reached a fixed value of 16384. This makes it pretty easy for an
attacker to inflate that number and observe when the IP rotates which leaks
the popularity of the HS (amount of client that passed through the IP).
This commit makes it a random count between the current value of 16384 and
two times that.
Fixes #15745
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Diffstat (limited to 'src/or/or.h')
| -rw-r--r-- | src/or/or.h | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/src/or/or.h b/src/or/or.h index d548aeabb6..4fd6d1d9f6 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4805,12 +4805,13 @@ typedef struct rend_encoded_v2_service_descriptor_t { * introduction point. See also rend_intro_point_t.unreachable_count. */ #define MAX_INTRO_POINT_REACHABILITY_FAILURES 5 -/** The maximum number of distinct INTRODUCE2 cells which a hidden - * service's introduction point will receive before it begins to - * expire. - * - * XXX023 Is this number at all sane? */ -#define INTRO_POINT_LIFETIME_INTRODUCTIONS 16384 +/** The minimum and maximum number of distinct INTRODUCE2 cells which a + * hidden service's introduction point will receive before it begins to + * expire. */ +#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS 16384 +/* Double the minimum value so the interval is [min, min * 2]. */ +#define INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS \ + (INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS * 2) /** The minimum number of seconds that an introduction point will last * before expiring due to old age. (If it receives @@ -4864,6 +4865,12 @@ typedef struct rend_intro_point_t { */ int accepted_introduce2_count; + /** (Service side only) Number of maximum INTRODUCE2 cells that this IP + * will accept. This is a random value between + * INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS and + * INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS. */ + unsigned int max_introductions; + /** (Service side only) The time at which this intro point was first * published, or -1 if this intro point has not yet been * published. */ |