| Age | Commit message (Collapse) | Author |
|---|
|
Turns out that the HS DoS defenses parameters were overwritten by the
consensus parameters everytime a new consensus would arrive.
This means that a service operator can still enable the defenses but as soon
as the intro point relay would get a new consensus, they would be overwritten.
And at this commit, the network is entirely disabling DoS defenses.
Fix this by introducing an "explicit" flag that indicate if the
ESTABLISH_INTRO cell DoS extension set those parameters or not. If set, avoid
using the consenus at once.
We are not bumping the protover HSIntro value for this because 0.4.2.x series
is EOL in 1 month and thus 0.4.3.x would be the only series with this bug. We
are confident that a backport and then upgrade path to the latest 0.4.4.x
stable coming up soon is enough to mitigate this problem in the coming months.
It avoids the upgrade path on the service side by keeping the requirement for
protover HSIntro=5.
Fixes #40109
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
address_ttl_s address_ttl_t \
aes_cnt_cipher aes_cnt_cipher_t \
authchallenge_data_s authchallenge_data_t \
authenticate_data_s authenticate_data_t \
cached_bw_event_s cached_bw_event_t \
cbuf cbuf_t \
cell_ewma_s cell_ewma_t \
certs_data_s certs_data_t \
channel_idmap_entry_s channel_idmap_entry_t \
channel_listener_s channel_listener_t \
channel_s channel_t \
channel_tls_s channel_tls_t \
circuit_build_times_s circuit_build_times_t \
circuit_muxinfo_s circuit_muxinfo_t \
circuitmux_policy_circ_data_s circuitmux_policy_circ_data_t \
circuitmux_policy_data_s circuitmux_policy_data_t \
circuitmux_policy_s circuitmux_policy_t \
circuitmux_s circuitmux_t \
coord coord_t \
cpuworker_job_u cpuworker_job_u_t \
cv_testinfo_s cv_testinfo_t \
ddmap_entry_s ddmap_entry_t \
dircollator_s dircollator_t \
dist_ops dist_ops_t \
ecdh_work_s ecdh_work_t \
ewma_policy_circ_data_s ewma_policy_circ_data_t \
ewma_policy_data_s ewma_policy_data_t \
fp_pair_map_entry_s fp_pair_map_entry_t \
fp_pair_map_s fp_pair_map_t \
guard_selection_s guard_selection_t \
mbw_cache_entry_s mbw_cache_entry_t \
outbuf_table_ent_s outbuf_table_ent_t \
queued_event_s queued_event_t \
replyqueue_s replyqueue_t \
rsa_work_s rsa_work_t \
sandbox_cfg_elem sandbox_cfg_elem_t \
scheduler_s scheduler_t \
smp_param smp_param_t \
socket_table_ent_s socket_table_ent_t \
state_s state_t \
threadpool_s threadpool_t \
timeout_cb timeout_cb_t \
tor_libevent_cfg tor_libevent_cfg_t \
tor_threadlocal_s tor_threadlocal_t \
url_table_ent_s url_table_ent_t \
worker_state_s worker_state_t \
workerthread_s workerthread_t \
workqueue_entry_s workqueue_entry_t
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This commit add the hs_dos.{c|h} file that has the purpose of having the
anti-DoS code for onion services.
At this commit, it only has one which is a function that decides if an
INTRODUCE2 can be sent on the given introduction service circuit (S<->IP)
using a simple token bucket.
The rate per second is 25 and allowed burst to 200.
Basic defenses on #15516.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
They are simply not used apart from assigning a pointer and asserting on the
pointer depending on the cell direction.
Closes #29196.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
I am very glad to have written this script.
|
|
This commit won't build yet -- it just puts everything in a slightly
more logical place.
The reasoning here is that "src/core" will hold the stuff that every (or
nearly every) tor instance will need in order to do onion routing.
Other features (including some necessary ones) will live in
"src/feature". The "src/app" directory will hold the stuff needed
to have Tor be an application you can actually run.
This commit DOES NOT refactor the former contents of src/or into a
logical set of acyclic libraries, or change any code at all. That
will have to come in the future.
We will continue to move things around and split them in the future,
but I hope this lays a reasonable groundwork for doing so.
|
