Merge remote-tracking branch 'tor-gitlab/mr/130' into maint-0.4.4

1397a86b · George Kadianakis · 6e37086f · f5c9f6d4 · 1397a86b · 1397a86b
Commit 1397a86b authored Aug 25, 2020 by George Kadianakis
--- a/changes/ticket40109
+++ b/changes/ticket40109
+  o Major bugfixes (onion services, DoS):
+    - The consensus parameters for the onion service DoS defenses was
+      overwriting the circuit parameters that could have been set by the service
+      operator using HiddenServiceEnableIntroDoSDefense. Fixes bug 40109; bugfix
+      on 0.4.2.1-alpha.
+
--- a/src/core/or/or_circuit_st.h
+++ b/src/core/or/or_circuit_st.h
@@ -75,6 +75,10 @@ struct or_circuit_t {
  /** If set, the DoS defenses are enabled on this circuit meaning that the
   * introduce2_bucket is initialized and used. */
  unsigned int introduce2_dos_defense_enabled : 1;
+  /** If set, the DoS defenses were explicitly enabled through the
+   * ESTABLISH_INTRO cell extension. If unset, the consensus is used to learn
+   * if the defenses can be enabled or not. */
+  unsigned int introduce2_dos_defense_explicit : 1;

  /** INTRODUCE2 cell bucket controlling how much can go on this circuit. Only
   * used if this is a service introduction circuit at the intro point

--- a/src/feature/hs/hs_dos.c
+++ b/src/feature/hs/hs_dos.c
@@ -93,6 +93,11 @@ update_intro_circuits(void)
  smartlist_t *intro_circs = hs_circuitmap_get_all_intro_circ_relay_side();

  SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) {
+    /* Ignore circuit if the defenses were set explicitly through the
+     * ESTABLISH_INTRO cell DoS extension. */
+    if (TO_OR_CIRCUIT(circ)->introduce2_dos_defense_explicit) {
+      continue;
+    }
    /* Defenses might have been enabled or disabled. */
    TO_OR_CIRCUIT(circ)->introduce2_dos_defense_enabled =
      consensus_param_introduce_defense_enabled;

--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@ -285,6 +285,11 @@ handle_establish_intro_cell_dos_extension(
    }
  }

+  /* At this point, the extension is valid so any values out of it implies
+   * that it was set explicitly and thus flag the circuit that it should not
+   * look at the consensus for that reason for the defenses' values. */
+  circ->introduce2_dos_defense_explicit = 1;
+
  /* A value of 0 is valid in the sense that we accept it but we still disable
   * the defenses so return false. */
  if (intro2_rate_per_sec == 0 || intro2_burst_per_sec == 0) {