Closes most of #25323.

"ours" merge to avoid conflicts with the cherry-picked fix for 24898.

Roger Dingledine authored 7 years ago and Nick Mathewson committed 7 years ago

since all it does is produce false positives

this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.

[Cherry-picked]

Roger Dingledine authored 7 years ago and Nick Mathewson committed 7 years ago

since all it does is produce false positives

this commit should get merged into 0.2.9 and 0.3.0 *and* 0.3.1, even
though the code in the previous commit is already present in 0.3.1. sorry
for the mess.

Roger Dingledine authored 7 years ago and Nick Mathewson committed 7 years ago

This commit takes a piece of commit af8cadf3 and a piece of commit
46fe353f25, with the goal of making channel_is_client() be based on what
sort of connection handshake the other side used, rather than seeing
whether the other side ever sent a create_fast cell to us.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Fixes #25236

Signed-off-by: David Goulet <dgoulet@torproject.org>

Never allow the function to set a bucket value above the allowed circuit
burst.

Closes #25202

Signed-off-by: David Goulet <dgoulet@torproject.org>

We had this safeguard around dos_init() but not when the consensus changes
which can modify consensus parameters and possibly enable the DoS mitigation
even if tor wasn't a public relay.

Fixes #25223

Signed-off-by: David Goulet <dgoulet@torproject.org>

David Goulet authored 7 years ago and Nick Mathewson committed 7 years ago

Explicitly inform the operator of the rejected relay to set a valid email
address in the ContactInfo field and contact bad-relays@ mailing list.

Fixes #25170

Signed-off-by: David Goulet <dgoulet@torproject.org>

Nick Mathewson authored 7 years ago and David Goulet committed 7 years ago

We don't expect this to come up very much, but we may as well make
sure that the value isn't predictable (as we do for the other
addresses) in case the issue ever comes up.

Spotted by teor.

Part of #25193

Signed-off-by: David Goulet <dgoulet@torproject.org>

This is to avoid positively identifying Exit relays if tor client connection
comes from them that is reentering the network.

One thing to note is that this is done only in the DoS subsystem but we'll
still add it to the geoip cache as a "client" seen. This is done that way so
to avoid as much as possible changing the current behavior of the geoip client
cache since this is being backported.

Closes #25193

Signed-off-by: David Goulet <dgoulet@torproject.org>

This also adds one that tests the integration with the nodelist.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Nick Mathewson authored 7 years ago and David Goulet committed 7 years ago

This set is rebuilt whenever a consensus arrives.  In between
consensuses, it is add-only.

Nick Mathewson authored 7 years ago and David Goulet committed 7 years ago

This is a convenience function, so callers don't need to wrap
the IPv4 address.

Nick Mathewson authored 7 years ago and David Goulet committed 7 years ago

We're going to need this to make our anti-DoS code (see 24902) more
robust.

The HT_FOREACH() is insanely heavy on the CPU and this is part of the fast
path so make it return the nice memory size counter we added in
4d812e29.

Fixes #25148

Signed-off-by: David Goulet <dgoulet@torproject.org>