GitLab

In handle_establish_intro_cell_dos_extension(), when the intro point receives an extension asking it to enable the rate limiting feature, it does:

  /* We passed validation, enable defenses and apply rate/burst. */
  circ->introduce2_dos_defense_enabled = 1;

  /* Initialize the INTRODUCE2 token bucket for the rate limiting. */
  token_bucket_ctr_init(&circ->introduce2_bucket,
                        (uint32_t) intro2_rate_per_sec,
                        (uint32_t) intro2_burst_per_sec,
                        (uint32_t) approx_time());

But then later, in hs_dos_consensus_has_changed() we call set_consensus_parameters(ns) which resets some global variables about what we think the consensus says (so far so good), and then it calls update_intro_circuits() which goes through the list of established intro points and

  SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) {
    /* Defenses might have been enabled or disabled. */
    TO_OR_CIRCUIT(circ)->introduce2_dos_defense_enabled =
      consensus_param_introduce_defense_enabled;
    /* Adjust the rate/burst value that might have changed. */
    token_bucket_ctr_adjust(&TO_OR_CIRCUIT(circ)->introduce2_bucket,
                            consensus_param_introduce_rate_per_sec,
                            consensus_param_introduce_burst_per_sec);
  } SMARTLIST_FOREACH_END(circ);

It sure looks to me like this is overwriting the values requested in the intro cell DoS extension.

And since the consensus right now doesn't have these consensus params set, then they will be reset to their defaults ("disabled", "25", "200") for every intro point every time a new consensus is processed by the intro point.

If this is so, then it sure seems like we want to set some flag on the intro point, called "I am using explicit values rather than the default", and if that flag is set then we don't mess with it when processing a new consensus.