Commit 1397a86b authored by George Kadianakis's avatar George Kadianakis
Browse files

Merge remote-tracking branch 'tor-gitlab/mr/130' into maint-0.4.4

parents 6e37086f f5c9f6d4
o Major bugfixes (onion services, DoS):
- The consensus parameters for the onion service DoS defenses was
overwriting the circuit parameters that could have been set by the service
operator using HiddenServiceEnableIntroDoSDefense. Fixes bug 40109; bugfix
......@@ -75,6 +75,10 @@ struct or_circuit_t {
/** If set, the DoS defenses are enabled on this circuit meaning that the
* introduce2_bucket is initialized and used. */
unsigned int introduce2_dos_defense_enabled : 1;
/** If set, the DoS defenses were explicitly enabled through the
* ESTABLISH_INTRO cell extension. If unset, the consensus is used to learn
* if the defenses can be enabled or not. */
unsigned int introduce2_dos_defense_explicit : 1;
/** INTRODUCE2 cell bucket controlling how much can go on this circuit. Only
* used if this is a service introduction circuit at the intro point
......@@ -93,6 +93,11 @@ update_intro_circuits(void)
smartlist_t *intro_circs = hs_circuitmap_get_all_intro_circ_relay_side();
SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) {
/* Ignore circuit if the defenses were set explicitly through the
* ESTABLISH_INTRO cell DoS extension. */
if (TO_OR_CIRCUIT(circ)->introduce2_dos_defense_explicit) {
/* Defenses might have been enabled or disabled. */
TO_OR_CIRCUIT(circ)->introduce2_dos_defense_enabled =
......@@ -285,6 +285,11 @@ handle_establish_intro_cell_dos_extension(
/* At this point, the extension is valid so any values out of it implies
* that it was set explicitly and thus flag the circuit that it should not
* look at the consensus for that reason for the defenses' values. */
circ->introduce2_dos_defense_explicit = 1;
/* A value of 0 is valid in the sense that we accept it but we still disable
* the defenses so return false. */
if (intro2_rate_per_sec == 0 || intro2_burst_per_sec == 0) {
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment