summaryrefslogtreecommitdiff
path: root/src/feature/hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/feature/hs')
-rw-r--r--src/feature/hs/hs_config.c29
-rw-r--r--src/feature/hs/hs_service.c6
-rw-r--r--src/feature/hs/hs_service.h14
3 files changed, 42 insertions, 7 deletions
diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c
index 16bfe7c544..2378a4d3b2 100644
--- a/src/feature/hs/hs_config.c
+++ b/src/feature/hs/hs_config.c
@@ -145,6 +145,31 @@ helper_parse_uint64(const char *opt, const char *value, uint64_t min,
return ret;
}
+/** Helper function: Given a configuration option and its value, parse the
+ * value as a hs_circuit_id_protocol_t. On success, ok is set to 1 and ret is
+ * the parse value. On error, ok is set to 0 and the "none"
+ * hs_circuit_id_protocol_t is returned. This function logs on error. */
+static hs_circuit_id_protocol_t
+helper_parse_circuit_id_protocol(const char *key, const char *value, int *ok)
+{
+ tor_assert(value);
+ tor_assert(ok);
+
+ hs_circuit_id_protocol_t ret = HS_CIRCUIT_ID_PROTOCOL_NONE;
+ *ok = 0;
+
+ if (! strcasecmp(value, "haproxy")) {
+ *ok = 1;
+ ret = HS_CIRCUIT_ID_PROTOCOL_HAPROXY;
+ } else {
+ log_warn(LD_CONFIG, "%s must be 'haproxy'.", key);
+ goto err;
+ }
+
+ err:
+ return ret;
+}
+
/* Return the service version by trying to learn it from the key on disk if
* any. If nothing is found, the current service configured version is
* returned. */
@@ -295,8 +320,8 @@ config_service_v3(const config_line_t *line_,
continue;
}
if (!strcasecmp(line->key, "HiddenServiceExportCircuitID")) {
- config->export_circuit_id =
- (unsigned int) helper_parse_uint64(line->key, line->value, 0, 1, &ok);
+ config->circuit_id_protocol =
+ helper_parse_circuit_id_protocol(line->key, line->value, &ok);
if (!ok || export_circuit_id) {
if (export_circuit_id) {
dup_opt_seen = line->key;
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index 75d7cb75ed..e87cb990f5 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -3764,15 +3764,15 @@ hs_service_set_conn_addr_port(const origin_circuit_t *circ,
/** Does the service with identity pubkey <b>pk</b> export the circuit IDs of
* its clients? */
-bool
+hs_circuit_id_protocol_t
hs_service_exports_circuit_id(const ed25519_public_key_t *pk)
{
hs_service_t *service = find_service(hs_service_map, pk);
if (!service) {
- return 0;
+ return HS_CIRCUIT_ID_PROTOCOL_NONE;
}
- return service->config.export_circuit_id;
+ return service->config.circuit_id_protocol;
}
/* Add to file_list every filename used by a configured hidden service, and to
diff --git a/src/feature/hs/hs_service.h b/src/feature/hs/hs_service.h
index e541cb28b9..6fb15b9d37 100644
--- a/src/feature/hs/hs_service.h
+++ b/src/feature/hs/hs_service.h
@@ -161,6 +161,15 @@ typedef struct hs_service_authorized_client_t {
curve25519_public_key_t client_pk;
} hs_service_authorized_client_t;
+/** Which protocol to use for exporting HS client circuit ID. */
+typedef enum {
+ /** Don't expose the circuit id. */
+ HS_CIRCUIT_ID_PROTOCOL_NONE,
+
+ /** Use the HAProxy proxy protocol. */
+ HS_CIRCUIT_ID_PROTOCOL_HAPROXY
+} hs_circuit_id_protocol_t;
+
/* Service configuration. The following are set from the torrc options either
* set by the configuration file or by the control port. Nothing else should
* change those values. */
@@ -212,7 +221,7 @@ typedef struct hs_service_config_t {
unsigned int is_ephemeral : 1;
/* Does this service export the circuit ID of its clients? */
- bool export_circuit_id;
+ hs_circuit_id_protocol_t circuit_id_protocol;
} hs_service_config_t;
/* Service state. */
@@ -319,7 +328,8 @@ void hs_service_upload_desc_to_dir(const char *encoded_desc,
const ed25519_public_key_t *blinded_pk,
const routerstatus_t *hsdir_rs);
-bool hs_service_exports_circuit_id(const ed25519_public_key_t *pk);
+hs_circuit_id_protocol_t
+hs_service_exports_circuit_id(const ed25519_public_key_t *pk);
#ifdef HS_SERVICE_PRIVATE