1. 19 Aug, 2020 1 commit
    • David Goulet's avatar
      hs: Don't overwrite DoS parameters on circuit with consensus params · f5c9f6d4
      David Goulet authored
      
      
      Turns out that the HS DoS defenses parameters were overwritten by the
      consensus parameters everytime a new consensus would arrive.
      
      This means that a service operator can still enable the defenses but as soon
      as the intro point relay would get a new consensus, they would be overwritten.
      And at this commit, the network is entirely disabling DoS defenses.
      
      Fix this by introducing an "explicit" flag that indicate if the
      ESTABLISH_INTRO cell DoS extension set those parameters or not. If set, avoid
      using the consenus at once.
      
      We are not bumping the protover HSIntro value for this because 0.4.2.x series
      is EOL in 1 month and thus 0.4.3.x would be the only series with this bug. We
      are confident that a backport and then upgrade path to the latest 0.4.4.x
      stable coming up soon is enough to mitigate this problem in the coming months.
      
      It avoids the upgrade path on the service side by keeping the requirement for
      protover HSIntro=5.
      
      Fixes #40109
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      f5c9f6d4
  2. 08 Jan, 2020 1 commit
  3. 07 Nov, 2019 1 commit
  4. 16 Sep, 2019 1 commit
  5. 09 Sep, 2019 2 commits
  6. 05 Sep, 2019 1 commit
  7. 26 Aug, 2019 4 commits
  8. 06 Aug, 2019 1 commit
    • David Goulet's avatar
      hs: Limit the amount of relayed INTRODUCE2 · 9f738be8
      David Goulet authored
      
      
      This commit add the hs_dos.{c|h} file that has the purpose of having the
      anti-DoS code for onion services.
      
      At this commit, it only has one which is a function that decides if an
      INTRODUCE2 can be sent on the given introduction service circuit (S<->IP)
      using a simple token bucket.
      
      The rate per second is 25 and allowed burst to 200.
      
      Basic defenses on #15516.
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      9f738be8
  9. 23 Jul, 2019 1 commit
  10. 19 Jun, 2019 1 commit
  11. 30 Apr, 2019 1 commit
  12. 12 Mar, 2019 1 commit
    • teor's avatar
      hs: abolish hs_desc_link_specifier_t · bb98bc85
      teor authored and Nick Mathewson's avatar Nick Mathewson committed
      The previous commits for 23576 confused hs_desc_link_specifier_t
      and link_specifier_t. Removing hs_desc_link_specifier_t fixes this
      confusion.
      
      Fixes bug 22781; bugfix on 0.3.2.1-alpha.
      bb98bc85
  13. 16 Jan, 2019 2 commits
  14. 05 Jul, 2018 2 commits
    • Nick Mathewson's avatar
      Fix every include path changed in the previous commit (automated) · ef486e3c
      Nick Mathewson authored
      I am very glad to have written this script.
      ef486e3c
    • Nick Mathewson's avatar
      Move literally everything out of src/or · 63b4ea22
      Nick Mathewson authored
      This commit won't build yet -- it just puts everything in a slightly
      more logical place.
      
      The reasoning here is that "src/core" will hold the stuff that every (or
      nearly every) tor instance will need in order to do onion routing.
      Other features (including some necessary ones) will live in
      "src/feature".  The "src/app" directory will hold the stuff needed
      to have Tor be an application you can actually run.
      
      This commit DOES NOT refactor the former contents of src/or into a
      logical set of acyclic libraries, or change any code at all.  That
      will have to come in the future.
      
      We will continue to move things around and split them in the future,
      but I hope this lays a reasonable groundwork for doing so.
      63b4ea22
  15. 01 Jul, 2018 1 commit
  16. 20 Jun, 2018 2 commits
  17. 15 Jun, 2018 1 commit
  18. 20 Feb, 2018 1 commit
    • Nick Mathewson's avatar
      Remove a bunch of other redundant #includes · 4438ef32
      Nick Mathewson authored
      Folks have found two in the past week or so; we may as well fix the
      others.
      
      Found with:
      
      \#!/usr/bin/python3
      import re
      
      def findMulti(fname):
          includes = set()
          with open(fname) as f:
              for line in f:
                  m = re.match(r'^\s*#\s*include\s+["<](\S+)[>"]', line)
                  if m:
                      inc = m.group(1)
                      if inc in includes:
                          print("{}: {}".format(fname, inc))
                      includes.add(m.group(1))
      
      import sys
      for fname in sys.argv[1:]:
          findMulti(fname)
      4438ef32
  19. 07 Feb, 2018 1 commit
  20. 22 Sep, 2017 1 commit
  21. 21 Sep, 2017 2 commits
  22. 09 Aug, 2017 3 commits
  23. 01 Aug, 2017 1 commit
  24. 13 Apr, 2017 1 commit
    • George Kadianakis's avatar
      hs: Add service-side circuitmap API. · f02868bb
      George Kadianakis authored and Nick Mathewson's avatar Nick Mathewson committed
      
      
      Now we have separate getters and setters for service-side and relay-side. I
      took this approach over adding arguments to the already existing methods to
      have more explicit type-checking, and also because some functions would grow
      too large and dirty.
      
      This commit also fixes every callsite to use the new function names which
      modifies the legacy HS (v2) and the prop224 (v3) code.
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      f02868bb
  25. 12 Apr, 2017 1 commit
  26. 11 Apr, 2017 1 commit
    • David Goulet's avatar
      hs: Change trunnel prop224 cell's namespace · 6bacc3c7
      David Goulet authored
      
      
      One of the goals of this change is to have trunnel API/ABI being more explicit
      so we namespace them with "trn_*". Furthermore, we can now create
      hs_cells.[ch] without having to confuse it with trunnel which used to be
      "hs_cell_*" before that change.
      
      Here are the perl line that were used for this rename:
      
        perl -i -pe 's/cell_extension/trn_cell_extension/g;' src/*/*.[ch]
        perl -i -pe 's/cell_extension/trn_cell_extension/g;' src/trunnel/hs/*.trunnel
        perl -i -pe 's/hs_cell_/trn_cell_/g;' src/*/*.[ch]
        perl -i -pe 's/hs_cell_/trn_cell_/g;' src/trunnel/hs/*.trunnel
      
        And then "./scripts/codegen/run_trunnel.sh" with trunnel commit id
        613fb1b98e58504e2b84ef56b1602b6380629043.
      
      Fixes #21919
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      6bacc3c7
  27. 07 Apr, 2017 1 commit
  28. 15 Mar, 2017 1 commit
  29. 18 Jan, 2017 2 commits