commit b96614275f251da9229183046cd63ba9a44166a7 Author: David Goulet dgoulet@ev0ke.net Date: Thu Aug 31 11:32:16 2017 -0400
Introduce hs-v3 network file and temlate.
This is a chutney network with next generation hidden services.
Signed-off-by: David Goulet dgoulet@ev0ke.net --- networks/hs-v3 | 16 ++++++++++++++++ networks/hs-v3-intro | 18 ++++++++++++++++++ networks/hs-v3-min | 17 +++++++++++++++++ torrc_templates/hs-v3-10.tmpl | 2 ++ torrc_templates/hs-v3.tmpl | 2 ++ torrc_templates/hs3-only-v6.tmpl | 3 +++ torrc_templates/hs3-use-v6.tmpl | 3 +++ torrc_templates/single-onion-v3-indirect.tmpl | 6 ++++++ torrc_templates/single-onion-v3-only-v6.tmpl | 3 +++ torrc_templates/single-onion-v3-use-v6.tmpl | 3 +++ torrc_templates/single-onion-v3.tmpl | 2 ++ 11 files changed, 75 insertions(+)
diff --git a/networks/hs-v3 b/networks/hs-v3 new file mode 100644 index 0000000..ea67f79 --- /dev/null +++ b/networks/hs-v3 @@ -0,0 +1,16 @@ +# Next gen hidden services config + +# By default, Authorities are not configured as exits +Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl") +ExitRelay = Node(tag="r", relay=1, exit=1, torrc="relay.tmpl") +Client = Node(tag="c", torrc="client.tmpl") +HS = Node(tag="h", hs=1, torrc="hs-v3.tmpl") + +# We need 8 authorities/relays/exits to ensure at least 2 get the guard flag +# in 0.2.6 +# We need 5 authorities/relays/exits to ensure we can build HS connections +NODES = Authority.getN(3) + ExitRelay.getN(5) + \ + Client.getN(1) + HS.getN(1) + +ConfigureNodes(NODES) + diff --git a/networks/hs-v3-intro b/networks/hs-v3-intro new file mode 100644 index 0000000..6dc39f2 --- /dev/null +++ b/networks/hs-v3-intro @@ -0,0 +1,18 @@ +# By default, Authorities are not configured as exits +Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl") +NonExitRelay = Node(tag="r", relay=1, torrc="relay-non-exit.tmpl") +Client = Node(tag="c", torrc="client.tmpl") +HS10 = Node(tag="h", hs=1, torrc="hs-v3-10.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +# A hidden service with 10 intro points actually tries 12, then repurposes 2 +NODES = Authority.getN(2) + NonExitRelay.getN(10) + \ + Client.getN(1) + HS10.getN(2) + +ConfigureNodes(NODES) diff --git a/networks/hs-v3-min b/networks/hs-v3-min new file mode 100644 index 0000000..9812a31 --- /dev/null +++ b/networks/hs-v3-min @@ -0,0 +1,17 @@ +# By default, Authorities are not configured as exits +Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl") +NonExitRelay = Node(tag="r", relay=1, torrc="relay-non-exit.tmpl") +Client = Node(tag="c", torrc="client.tmpl") +HS = Node(tag="h", hs=1, torrc="hs-v3.tmpl") + +# Since only 25% of relays get the guard flag, +# TestingDirAuthVoteGuard * may need to be used in small networks + +# A hidden service needs 5 authorities/relays to ensure it can build HS +# connections: +# a minimum path length of 3, plus the client-nominated rendezvous point, +# plus a seperate introduction point +NODES = Authority.getN(2) + NonExitRelay.getN(3) + \ + Client.getN(1) + HS.getN(1) + +ConfigureNodes(NODES) diff --git a/torrc_templates/hs-v3-10.tmpl b/torrc_templates/hs-v3-10.tmpl new file mode 100644 index 0000000..0be6ef1 --- /dev/null +++ b/torrc_templates/hs-v3-10.tmpl @@ -0,0 +1,2 @@ +${include:hs-v3.tmpl} +HiddenServiceNumIntroductionPoints 10 diff --git a/torrc_templates/hs-v3.tmpl b/torrc_templates/hs-v3.tmpl new file mode 100644 index 0000000..27f031f --- /dev/null +++ b/torrc_templates/hs-v3.tmpl @@ -0,0 +1,2 @@ +${include:hs.tmpl} +HiddenServiceVersion 3 diff --git a/torrc_templates/hs3-only-v6.tmpl b/torrc_templates/hs3-only-v6.tmpl new file mode 100644 index 0000000..0ff8759 --- /dev/null +++ b/torrc_templates/hs3-only-v6.tmpl @@ -0,0 +1,3 @@ +${include:hs-v3.tmpl} +# Hidden services are just another kind of client +${include:client-only-v6.i} diff --git a/torrc_templates/hs3-use-v6.tmpl b/torrc_templates/hs3-use-v6.tmpl new file mode 100644 index 0000000..51e3700 --- /dev/null +++ b/torrc_templates/hs3-use-v6.tmpl @@ -0,0 +1,3 @@ +${include:hs-v3.tmpl} +# Hidden services are just another kind of client +${include:client-use-v6.i} diff --git a/torrc_templates/single-onion-v3-indirect.tmpl b/torrc_templates/single-onion-v3-indirect.tmpl new file mode 100644 index 0000000..8cf6cd6 --- /dev/null +++ b/torrc_templates/single-onion-v3-indirect.tmpl @@ -0,0 +1,6 @@ +${include:single-onion-v3.tmpl} + +# Only allow direct connections to the first directory authority's ORPort +# This checks that a single onion service makes 3-hop connections to +# unreachable intro points and rend points +ReachableAddresses 127.0.0.1:5000 diff --git a/torrc_templates/single-onion-v3-only-v6.tmpl b/torrc_templates/single-onion-v3-only-v6.tmpl new file mode 100644 index 0000000..7427cd7 --- /dev/null +++ b/torrc_templates/single-onion-v3-only-v6.tmpl @@ -0,0 +1,3 @@ +${include:single-onion-v3.tmpl} +# Onion services are just another kind of client +${include:client-only-v6.i} diff --git a/torrc_templates/single-onion-v3-use-v6.tmpl b/torrc_templates/single-onion-v3-use-v6.tmpl new file mode 100644 index 0000000..25a6636 --- /dev/null +++ b/torrc_templates/single-onion-v3-use-v6.tmpl @@ -0,0 +1,3 @@ +${include:single-onion-v3.tmpl} +# Onion services are just another kind of client +${include:client-use-v6.i} diff --git a/torrc_templates/single-onion-v3.tmpl b/torrc_templates/single-onion-v3.tmpl new file mode 100644 index 0000000..a9b1a19 --- /dev/null +++ b/torrc_templates/single-onion-v3.tmpl @@ -0,0 +1,2 @@ +${include:single-onion.tmpl} +${include:hs-v3.tmpl}