From 93cb8072becb4213525d08a87fdf7284e6257168 Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Mon, 24 Feb 2020 12:15:35 +0200 Subject: Final touches to #32709 based on Nick's feedback. - Fix a bug and add unittest. - Add changes file. - Add man page entry. --- changes/bug32709 | 4 ++++ doc/tor.1.txt | 13 +++++++++++++ src/feature/hs/hs_ob.c | 4 ++-- src/test/test_hs_ob.c | 22 ++++++++++++++++------ 4 files changed, 35 insertions(+), 8 deletions(-) create mode 100644 changes/bug32709 diff --git a/changes/bug32709 b/changes/bug32709 new file mode 100644 index 0000000000..d00b112be6 --- /dev/null +++ b/changes/bug32709 @@ -0,0 +1,4 @@ + o Major features (v3 onion services): + - Allow v3 onion services to act as OnionBalance backend instances using + the HiddenServiceOnionBalanceInstance torrc option. Closes ticket 32709. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index a5108df805..4aa09e7f3e 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -3128,6 +3128,19 @@ The next section describes the per service options that can only be set The HAProxy version 1 protocol is described in detail at https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt +[[HiddenServiceOnionBalanceInstance]] **HiddenServiceOnionBalanceInstance** **0**|**1**:: + + If set to 1, this onion service becomes an OnionBalance instance and will + accept client connections destined to an OnionBalance frontend. In this + case, Tor expects to find a file named "ob_config" inside the + **HiddenServiceDir** directory with content: + + + MasterOnionAddress + + + where is the onion address of the OnionBalance + frontend (e.g. wrxdvcaqpuzakbfww5sxs6r2uybczwijzfn2ezy2osaj7iox7kl7nhad.onion). + + [[HiddenServiceMaxStreams]] **HiddenServiceMaxStreams** __N__:: The maximum number of simultaneous streams (connections) per rendezvous circuit. The maximum value allowed is 65535. (Setting this to 0 will allow diff --git a/src/feature/hs/hs_ob.c b/src/feature/hs/hs_ob.c index 49e01099a1..c18a789013 100644 --- a/src/feature/hs/hs_ob.c +++ b/src/feature/hs/hs_ob.c @@ -290,10 +290,10 @@ compute_subcredentials(const hs_service_t *service, tor_assert(service->desc_current); tor_assert(service->desc_next); - /* Our caller made sure that we are an OB instance */ + /* Make sure we are an OB instance, or bail out. */ num_pkeys = smartlist_len(service->config.ob_master_pubkeys); if (!num_pkeys) { - subcredentials_out = NULL; + *subcredentials_out = NULL; return 0; } diff --git a/src/test/test_hs_ob.c b/src/test/test_hs_ob.c index b84cef9dec..7f40187b5f 100644 --- a/src/test/test_hs_ob.c +++ b/src/test/test_hs_ob.c @@ -171,6 +171,7 @@ test_get_subcredentials(void *arg) int ret; hs_service_t *service = NULL; hs_service_config_t config; + hs_subcredential_t *subcreds = NULL; (void) arg; @@ -188,16 +189,24 @@ test_get_subcredentials(void *arg) config.ob_master_pubkeys = smartlist_new(); tt_assert(config.ob_master_pubkeys); - /* Generate a keypair to add to the list. */ - ed25519_keypair_generate(&onion_addr_kp_1, 0); - smartlist_add(config.ob_master_pubkeys, &onion_addr_kp_1.pubkey); - /* Set up an instance */ service = tor_malloc_zero(sizeof(hs_service_t)); service->config = config; + /* Setup the service descriptors */ service->desc_current = service_descriptor_new(); service->desc_next = service_descriptor_new(); + /* First try to compute subcredentials but with no OB keys. Make sure that + * subcreds get NULLed. To do this check we first poison subcreds. */ + subcreds = (void*)999; + tt_ptr_op(subcreds, OP_NE, NULL); + size_t num = compute_subcredentials(service, &subcreds); + tt_ptr_op(subcreds, OP_EQ, NULL); + + /* Generate a keypair to add to the OB keys list. */ + ed25519_keypair_generate(&onion_addr_kp_1, 0); + smartlist_add(config.ob_master_pubkeys, &onion_addr_kp_1.pubkey); + /* Set up the instance subcredentials */ char current_subcred[SUBCRED_LEN]; char next_subcred[SUBCRED_LEN]; @@ -208,10 +217,11 @@ test_get_subcredentials(void *arg) memcpy(service->desc_next->desc->subcredential.subcred, next_subcred, SUBCRED_LEN); - hs_subcredential_t *subcreds = NULL; - size_t num = compute_subcredentials(service, &subcreds); + /* See that subcreds are computed properly */ + num = compute_subcredentials(service, &subcreds); /* 5 subcredentials: 3 for the frontend, 2 for the instance */ tt_uint_op(num, OP_EQ, 5); + tt_ptr_op(subcreds, OP_NE, NULL); /* Validate the subcredentials we just got. We'll build them oursevles with * the right time period steps and compare. */ -- cgit v1.2.3-54-g00ecf