summaryrefslogtreecommitdiff
path: root/src/test
diff options
context:
space:
mode:
Diffstat (limited to 'src/test')
-rw-r--r--src/test/test_dos.c148
1 files changed, 147 insertions, 1 deletions
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index d7d871ab6b..9a10a2084a 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -176,7 +176,7 @@ test_dos_bucket_refill(void *arg)
/* Initialize DoS subsystem and get relevant limits */
dos_init();
uint32_t max_circuit_count = get_param_cc_circuit_burst(NULL);
- int circ_rate = tor_lround(get_circuit_rate_per_second());
+ uint64_t circ_rate = get_circuit_rate_per_second();
/* Check that the circuit rate is a positive number and smaller than the max
* circuit count */
tt_int_op(circ_rate, OP_GT, 1);
@@ -234,6 +234,152 @@ test_dos_bucket_refill(void *arg)
current_circ_count += max_circuit_count;
tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+ /* Now send as many CREATE cells as needed to deplete our token bucket
+ * completely */
+ for (; current_circ_count != 0; current_circ_count--) {
+ dos_cc_new_create_cell(chan);
+ }
+ tt_uint_op(current_circ_count, OP_EQ, 0);
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now use a very large time, and check that the token bucket does not have
+ * more than max_circs allowance, even tho we let it simmer for so long. */
+ now = INT32_MAX; /* 2038? */
+ update_approx_time(now);
+ cc_stats_refill_bucket(&dos_stats->cc_stats, addr);
+ current_circ_count += max_circuit_count;
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now send as many CREATE cells as needed to deplete our token bucket
+ * completely */
+ for (; current_circ_count != 0; current_circ_count--) {
+ dos_cc_new_create_cell(chan);
+ }
+ tt_uint_op(current_circ_count, OP_EQ, 0);
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now use a very small time, and check that the token bucket has exactly
+ * the max_circs allowance, because backward clock jumps are rare. */
+ now = INT32_MIN; /* 19?? */
+ update_approx_time(now);
+ cc_stats_refill_bucket(&dos_stats->cc_stats, addr);
+ current_circ_count += max_circuit_count;
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now send as many CREATE cells as needed to deplete our token bucket
+ * completely */
+ for (; current_circ_count != 0; current_circ_count--) {
+ dos_cc_new_create_cell(chan);
+ }
+ tt_uint_op(current_circ_count, OP_EQ, 0);
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Progress time forward one sec again, refill the bucket and check that the
+ * refill happened correctly. */
+ now += 1;
+ update_approx_time(now);
+ cc_stats_refill_bucket(&dos_stats->cc_stats, addr);
+ /* check refill */
+ current_circ_count += circ_rate;
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now send as many CREATE cells as needed to deplete our token bucket
+ * completely */
+ for (; current_circ_count != 0; current_circ_count--) {
+ dos_cc_new_create_cell(chan);
+ }
+ tt_uint_op(current_circ_count, OP_EQ, 0);
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now use a very large time (again), and check that the token bucket does
+ * not have more than max_circs allowance, even tho we let it simmer for so
+ * long. */
+ now = INT32_MAX; /* 2038? */
+ update_approx_time(now);
+ cc_stats_refill_bucket(&dos_stats->cc_stats, addr);
+ current_circ_count += max_circuit_count;
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now send as many CREATE cells as needed to deplete our token bucket
+ * completely */
+ for (; current_circ_count != 0; current_circ_count--) {
+ dos_cc_new_create_cell(chan);
+ }
+ tt_uint_op(current_circ_count, OP_EQ, 0);
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* This code resets the time to zero with 32-bit time_t, which triggers the
+ * code that initialises the bucket. */
+#if SIZEOF_TIME_T == 8
+ /* Now use a very very small time, and check that the token bucket has
+ * exactly the max_circs allowance, because backward clock jumps are rare.
+ */
+ now = (time_t)INT64_MIN; /* ???? */
+ update_approx_time(now);
+ cc_stats_refill_bucket(&dos_stats->cc_stats, addr);
+ current_circ_count += max_circuit_count;
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now send as many CREATE cells as needed to deplete our token bucket
+ * completely */
+ for (; current_circ_count != 0; current_circ_count--) {
+ dos_cc_new_create_cell(chan);
+ }
+ tt_uint_op(current_circ_count, OP_EQ, 0);
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Progress time forward one sec again, refill the bucket and check that the
+ * refill happened correctly. */
+ now += 1;
+ update_approx_time(now);
+ cc_stats_refill_bucket(&dos_stats->cc_stats, addr);
+ /* check refill */
+ current_circ_count += circ_rate;
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now send as many CREATE cells as needed to deplete our token bucket
+ * completely */
+ for (; current_circ_count != 0; current_circ_count--) {
+ dos_cc_new_create_cell(chan);
+ }
+ tt_uint_op(current_circ_count, OP_EQ, 0);
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now use a very very small time, and check that the token bucket has
+ * exactly the max_circs allowance, because backward clock jumps are rare.
+ */
+ now = (time_t)INT64_MIN; /* ???? */
+ update_approx_time(now);
+ cc_stats_refill_bucket(&dos_stats->cc_stats, addr);
+ current_circ_count += max_circuit_count;
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now send as many CREATE cells as needed to deplete our token bucket
+ * completely */
+ for (; current_circ_count != 0; current_circ_count--) {
+ dos_cc_new_create_cell(chan);
+ }
+ tt_uint_op(current_circ_count, OP_EQ, 0);
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now use a very very large time, and check that the token bucket does not
+ * have more than max_circs allowance, even tho we let it simmer for so
+ * long. */
+ now = (time_t)INT64_MAX; /* ???? */
+ update_approx_time(now);
+ cc_stats_refill_bucket(&dos_stats->cc_stats, addr);
+ current_circ_count += max_circuit_count;
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+
+ /* Now send as many CREATE cells as needed to deplete our token bucket
+ * completely */
+ for (; current_circ_count != 0; current_circ_count--) {
+ dos_cc_new_create_cell(chan);
+ }
+ tt_uint_op(current_circ_count, OP_EQ, 0);
+ tt_uint_op(dos_stats->cc_stats.circuit_bucket, OP_EQ, current_circ_count);
+#endif
+
done:
tor_free(chan);
dos_free_all();
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion