Merge branch 'tor-github/pr/1491'

#include "core/or/channel.h"

#include "core/or/connection_or.h"

#include "core/or/relay.h"

#include "feature/hs/hs_dos.h"

#include "feature/nodelist/networkstatus.h"

#include "feature/nodelist/nodelist.h"

#include "feature/relay/routermode.h"

  char *cc_msg = NULL;

  char *single_hop_client_msg = NULL;

  char *circ_stats_msg = NULL;

  char *hs_dos_intro2_msg = NULL;

  /* Stats number coming from relay.c append_cell_to_circuit_queue(). */

  tor_asprintf(&circ_stats_msg,

                 num_single_hop_client_refused);

  }

  /* HS DoS stats. */

  tor_asprintf(&hs_dos_intro2_msg,

               " %" PRIu64 " INTRODUCE2 rejected.",

               hs_dos_get_intro2_rejected_count());

  log_notice(LD_HEARTBEAT,

             "DoS mitigation since startup:%s%s%s%s",

             "DoS mitigation since startup:%s%s%s%s%s",

             circ_stats_msg,

             (cc_msg != NULL) ? cc_msg : " [cc not enabled]",

             (conn_msg != NULL) ? conn_msg : " [conn not enabled]",

             (single_hop_client_msg != NULL) ? single_hop_client_msg : "");

             (single_hop_client_msg != NULL) ? single_hop_client_msg : "",

             (hs_dos_intro2_msg != NULL) ? hs_dos_intro2_msg : "");

  tor_free(conn_msg);

  tor_free(cc_msg);

  tor_free(single_hop_client_msg);

  tor_free(circ_stats_msg);

  tor_free(hs_dos_intro2_msg);

  return;

}

 * introduction DoS defense. Disabled by default. */

#define HS_DOS_INTRODUCE_ENABLED_DEFAULT 0

/* INTRODUCE2 rejected request counter. */

static uint64_t intro2_rejected_count = 0;

/* Consensus parameters. The ESTABLISH_INTRO DoS cell extension have higher

 * priority than these values. If no extension is sent, these are used only by

 * the introduction point. */

   * This can be set by the consensus, the ESTABLISH_INTRO cell extension or

   * the hardcoded values in tor code. */

  if (!s_intro_circ->introduce2_dos_defense_enabled) {

    return true;

    goto allow;

  }

  /* Should not happen but if so, scream loudly. */

  if (BUG(TO_CIRCUIT(s_intro_circ)->purpose != CIRCUIT_PURPOSE_INTRO_POINT)) {

    return false;

    goto disallow;

  }

  /* This is called just after we got a valid and parsed INTRODUCE1 cell. The

  }

  /* Finally, we can send a new INTRODUCE2 if there are still tokens. */

  return token_bucket_ctr_get(&s_intro_circ->introduce2_bucket) > 0;

  if (token_bucket_ctr_get(&s_intro_circ->introduce2_bucket) > 0) {

    goto allow;

  }

  /* Fallthrough is to disallow since this means the bucket has reached 0. */

 disallow:

  /* Increment stats counter, we are rejecting the INTRO2 cell. */

  intro2_rejected_count++;

  return false;

 allow:

  return true;

}

/* Return rolling count of rejected INTRO2. */

uint64_t

hs_dos_get_intro2_rejected_count(void)

{

  return intro2_rejected_count;

}

/* Initialize the onion service Denial of Service subsystem. */

bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ);

void hs_dos_setup_default_intro2_defenses(or_circuit_t *circ);

/* Statistics. */

uint64_t hs_dos_get_intro2_rejected_count(void);

#ifdef HS_DOS_PRIVATE

#ifdef TOR_UNIT_TESTS

    case 5:

      tt_int_op(severity, OP_EQ, LOG_NOTICE);

      tt_u64_op(domain, OP_EQ, LD_HEARTBEAT);

      tt_str_op(format, OP_EQ, "DoS mitigation since startup:%s%s%s%s");

      tt_str_op(format, OP_EQ, "DoS mitigation since startup:%s%s%s%s%s");

      tt_str_op(va_arg(ap, char *), OP_EQ,

                " 0 circuits killed with too many cells.");

      tt_str_op(va_arg(ap, char *), OP_EQ, " [cc not enabled]");

      tt_str_op(va_arg(ap, char *), OP_EQ, " [conn not enabled]");

      tt_str_op(va_arg(ap, char *), OP_EQ, "");

      tt_str_op(va_arg(ap, char *), OP_EQ, " 0 INTRODUCE2 rejected.");

      break;

    default:

      tt_abort_msg("unexpected call to logv()");  // TODO: prettyprint args