commit 82639a8c7bf59bb6ae73218cd78cee07b6586d96
parent f95b5d07c1a0407a60ca6335c032ec7a01b28968
Author: David Goulet <dgoulet@torproject.org>
Date: Tue, 20 Aug 2019 08:35:21 -0400
hs-v3: Move to hs_dos.c INTRO2 defenses initialization
A bit cleaner especially that the next commit(s) will make the consensus param
interface private to hs_dos.c so we expose as little as we can outside of the
subsystem.
Part of #30924
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat:
4 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c
@@ -135,6 +135,21 @@ hs_dos_get_intro2_enabled_param(void)
return (unsigned int) param_introduce_defense_enabled;
}
+/* Initialize the INTRODUCE2 token bucket for the DoS defenses using the
+ * consensus/default values. We might get a cell extension that changes those
+ * later but if we don't, the default or consensus parameters are used. */
+void
+hs_dos_setup_default_intro2_defenses(or_circuit_t *circ)
+{
+ tor_assert(circ);
+
+ circ->introduce2_dos_defense_enabled = get_param_intro_dos_enabled(NULL);
+ token_bucket_ctr_init(&circ->introduce2_bucket,
+ get_param_rate_per_sec(NULL),
+ get_param_burst_per_sec(NULL),
+ (uint32_t) approx_time());
+}
+
/* Called when the consensus has changed. We might have new consensus
* parameters to look at. */
void
diff --git a/src/feature/hs/hs_dos.h b/src/feature/hs/hs_dos.h
@@ -22,6 +22,7 @@ void hs_dos_consensus_has_changed(const networkstatus_t *ns);
/* Introduction Point. */
bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ);
+void hs_dos_setup_default_intro2_defenses(or_circuit_t *circ);
unsigned int hs_dos_get_intro2_enabled_param(void);
uint32_t hs_dos_get_intro2_rate_param(void);
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
@@ -298,14 +298,9 @@ handle_verified_establish_intro_cell(or_circuit_t *circ,
get_auth_key_from_cell(&auth_key, RELAY_COMMAND_ESTABLISH_INTRO,
parsed_cell);
- /* Initialize the INTRODUCE2 token bucket for the DoS defenses using the
- * consensus/default values. We might get a cell extension that changes
- * those but if we don't, the default or consensus parameters are used. */
- circ->introduce2_dos_defense_enabled = hs_dos_get_intro2_enabled_param();
- token_bucket_ctr_init(&circ->introduce2_bucket,
- hs_dos_get_intro2_rate_param(),
- hs_dos_get_intro2_burst_param(),
- (uint32_t) approx_time());
+ /* Setup INTRODUCE2 defenses on the circuit. Must be done before parsing the
+ * cell extension that can possibly change the defenses' values. */
+ hs_dos_setup_default_intro2_defenses(circ);
/* Handle cell extension if any. */
handle_establish_intro_cell_extensions(parsed_cell, circ);
diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c
@@ -117,8 +117,7 @@ rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request,
/* Now, set up this circuit. */
circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT);
hs_circuitmap_register_intro_circ_v2_relay_side(circ, (uint8_t *)pk_digest);
- token_bucket_ctr_init(&circ->introduce2_bucket, hs_dos_get_intro2_rate(),
- hs_dos_get_intro2_burst(), (uint32_t) approx_time());
+ hs_dos_setup_default_intro2_defenses(circ);
log_info(LD_REND,
"Established introduction point on circuit %u for service %s",
