commit d5807a07fe3d6f98fc15820aaa0158a51951a417 Author: teor teor2345@gmail.com Date: Mon Sep 5 17:46:16 2016 +1000
Add a single onion service which can only reach one relay
This tests that single onion services fall back to multi-hop paths when the intro and rend points are unreachable. --- networks/single-onion-indirect | 20 ++++++++++++++++++++ torrc_templates/single-onion-indirect.tmpl | 6 ++++++ 2 files changed, 26 insertions(+)
diff --git a/networks/single-onion-indirect b/networks/single-onion-indirect new file mode 100644 index 0000000..1c2a3ae --- /dev/null +++ b/networks/single-onion-indirect @@ -0,0 +1,20 @@ +# Check that a single onion service makes 3-hop connections to +# unreachable intro points and rend points, by forcing it to connect +# through only one guard +# It should act exactly like a hidden service, except that it might make +# direct connections to that one guard if that guard is also intro or rend + +# By default, Authorities are not configured as exits +Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl") +NonExitRelay = Node(tag="r", relay=1, torrc="relay-non-exit.tmpl") +Client = Node(tag="c", torrc="client.tmpl") +SingleOnionIndirect = Node(tag="h", hs=1, torrc="single-onion-indirect.tmpl") + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority.getN(2) + NonExitRelay.getN(3) + \ + Client.getN(1) + SingleOnionIndirect.getN(1) + +ConfigureNodes(NODES) diff --git a/torrc_templates/single-onion-indirect.tmpl b/torrc_templates/single-onion-indirect.tmpl new file mode 100644 index 0000000..58d812b --- /dev/null +++ b/torrc_templates/single-onion-indirect.tmpl @@ -0,0 +1,6 @@ +${include:single-onion.tmpl} + +# Only allow direct connections to the first directory authority's ORPort +# This checks that a single onion service makes 3-hop connections to +# unreachable intro points and rend points +ReachableAddresses 127.0.0.1:5000