diff options
| author | George Kadianakis <desnacked@riseup.net> | 2020-08-25 14:51:23 +0300 |
|---|---|---|
| committer | George Kadianakis <desnacked@riseup.net> | 2020-08-25 14:51:23 +0300 |
| commit | 935160ce8629096691268f9902a803c4b871bacc (patch) | |
| tree | 39c3cfdd2d11072c576c122549750c4ec7de5812 /src | |
| parent | 36203e88949c6928d2bdb4bffe8b5e7e68657ee9 (diff) | |
| parent | 1397a86bbda04fbcf3e902282ccb4dd689821ea1 (diff) | |
| download | tor-935160ce8629096691268f9902a803c4b871bacc.tar.gz tor-935160ce8629096691268f9902a803c4b871bacc.zip | |
Merge branch 'maint-0.4.4'
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/or/or_circuit_st.h | 4 | ||||
| -rw-r--r-- | src/feature/hs/hs_dos.c | 5 | ||||
| -rw-r--r-- | src/feature/hs/hs_intropoint.c | 5 |
3 files changed, 14 insertions, 0 deletions
diff --git a/src/core/or/or_circuit_st.h b/src/core/or/or_circuit_st.h index 9bfe999728..4e17b1c143 100644 --- a/src/core/or/or_circuit_st.h +++ b/src/core/or/or_circuit_st.h @@ -75,6 +75,10 @@ struct or_circuit_t { /** If set, the DoS defenses are enabled on this circuit meaning that the * introduce2_bucket is initialized and used. */ unsigned int introduce2_dos_defense_enabled : 1; + /** If set, the DoS defenses were explicitly enabled through the + * ESTABLISH_INTRO cell extension. If unset, the consensus is used to learn + * if the defenses can be enabled or not. */ + unsigned int introduce2_dos_defense_explicit : 1; /** INTRODUCE2 cell bucket controlling how much can go on this circuit. Only * used if this is a service introduction circuit at the intro point diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index 1f7415a280..04c2bfbb89 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -93,6 +93,11 @@ update_intro_circuits(void) smartlist_t *intro_circs = hs_circuitmap_get_all_intro_circ_relay_side(); SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) { + /* Ignore circuit if the defenses were set explicitly through the + * ESTABLISH_INTRO cell DoS extension. */ + if (TO_OR_CIRCUIT(circ)->introduce2_dos_defense_explicit) { + continue; + } /* Defenses might have been enabled or disabled. */ TO_OR_CIRCUIT(circ)->introduce2_dos_defense_enabled = consensus_param_introduce_defense_enabled; diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index e282d1f1bd..69d60f21c3 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -285,6 +285,11 @@ handle_establish_intro_cell_dos_extension( } } + /* At this point, the extension is valid so any values out of it implies + * that it was set explicitly and thus flag the circuit that it should not + * look at the consensus for that reason for the defenses' values. */ + circ->introduce2_dos_defense_explicit = 1; + /* A value of 0 is valid in the sense that we accept it but we still disable * the defenses so return false. */ if (intro2_rate_per_sec == 0 || intro2_burst_per_sec == 0) { |