diff options
Diffstat (limited to 'src/test/test_hs_dos.c')
| -rw-r--r-- | src/test/test_hs_dos.c | 62 |
1 files changed, 52 insertions, 10 deletions
diff --git a/src/test/test_hs_dos.c b/src/test/test_hs_dos.c index 3dfa057a4a..f68639e24a 100644 --- a/src/test/test_hs_dos.c +++ b/src/test/test_hs_dos.c @@ -8,6 +8,8 @@ #define CIRCUITLIST_PRIVATE #define NETWORKSTATUS_PRIVATE +#define HS_DOS_PRIVATE +#define HS_INTROPOINT_PRIVATE #include "test/test.h" #include "test/test_helpers.h" @@ -20,6 +22,7 @@ #include "core/or/or_circuit_st.h" #include "feature/hs/hs_dos.h" +#include "feature/hs/hs_intropoint.h" #include "feature/nodelist/networkstatus.h" static void @@ -57,9 +60,8 @@ test_can_send_intro2(void *arg) /* Make that circuit a service intro point. */ circuit_change_purpose(TO_CIRCUIT(or_circ), CIRCUIT_PURPOSE_INTRO_POINT); - /* Initialize the INTRODUCE2 token bucket for the rate limiting. */ - token_bucket_ctr_init(&or_circ->introduce2_bucket, hs_dos_get_intro2_rate(), - hs_dos_get_intro2_burst(), now); + hs_dos_setup_default_intro2_defenses(or_circ); + or_circ->introduce2_dos_defense_enabled = 1; /* Brand new circuit, we should be able to send INTRODUCE2 cells. */ tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ)); @@ -71,13 +73,13 @@ test_can_send_intro2(void *arg) tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ)); } tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, - hs_dos_get_intro2_burst() - 10); + get_intro2_burst_consensus_param(NULL) - 10); /* Fully refill the bucket minus 1 cell. */ update_approx_time(++now); tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ)); tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, - hs_dos_get_intro2_burst() - 1); + get_intro2_burst_consensus_param(NULL) - 1); /* Receive an INTRODUCE2 at each second. We should have the bucket full * since at every second it gets refilled. */ @@ -87,18 +89,18 @@ test_can_send_intro2(void *arg) } /* Last check if we can send the cell decrements the bucket so minus 1. */ tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, - hs_dos_get_intro2_burst() - 1); + get_intro2_burst_consensus_param(NULL) - 1); /* Manually reset bucket for next test. */ token_bucket_ctr_reset(&or_circ->introduce2_bucket, now); tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, - hs_dos_get_intro2_burst()); + get_intro2_burst_consensus_param(NULL)); /* Do a full burst in the current second which should empty the bucket and * we shouldn't be allowed to send one more cell after that. We go minus 1 * cell else the very last check if we can send the INTRO2 cell returns * false because the bucket goes down to 0. */ - for (uint32_t i = 0; i < hs_dos_get_intro2_burst() - 1; i++) { + for (uint32_t i = 0; i < get_intro2_burst_consensus_param(NULL) - 1; i++) { tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ)); } tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, 1); @@ -116,7 +118,7 @@ test_can_send_intro2(void *arg) update_approx_time(++now); tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ)); tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, - hs_dos_get_intro2_rate() - 1); + get_intro2_rate_consensus_param(NULL) - 1); done: circuit_free_(TO_CIRCUIT(or_circ)); @@ -125,10 +127,50 @@ test_can_send_intro2(void *arg) free_mock_consensus(); } +static void +test_validate_dos_extension_params(void *arg) +{ + bool ret; + + (void) arg; + + /* Validate the default values. */ + ret = cell_dos_extension_parameters_are_valid( + get_intro2_rate_consensus_param(NULL), + get_intro2_burst_consensus_param(NULL)); + tt_assert(ret); + + /* Valid custom rate/burst. */ + ret = cell_dos_extension_parameters_are_valid(17, 42); + tt_assert(ret); + ret = cell_dos_extension_parameters_are_valid(INT32_MAX, INT32_MAX); + tt_assert(ret); + + /* Invalid rate. */ + ret = cell_dos_extension_parameters_are_valid(UINT64_MAX, 42); + tt_assert(!ret); + + /* Invalid burst. */ + ret = cell_dos_extension_parameters_are_valid(42, UINT64_MAX); + tt_assert(!ret); + + /* Value of 0 is valid (but should disable defenses) */ + ret = cell_dos_extension_parameters_are_valid(0, 0); + tt_assert(ret); + + /* Can't have burst smaller than rate. */ + ret = cell_dos_extension_parameters_are_valid(42, 40); + tt_assert(!ret); + + done: + return; +} + struct testcase_t hs_dos_tests[] = { { "can_send_intro2", test_can_send_intro2, TT_FORK, NULL, NULL }, + { "validate_dos_extension_params", test_validate_dos_extension_params, + TT_FORK, NULL, NULL }, END_OF_TESTCASES }; - |