commit 7faf10495fa50528fc8a9c45e729b9bc284fab19 Author: David Goulet dgoulet@torproject.org Date: Mon Aug 12 12:32:38 2019 -0400
hs-v3: Rename INTRO2 consensus param getters
Make it clear that these functions return the consensus param only. Introduction point can not set those values with a torrc option.
Signed-off-by: David Goulet dgoulet@torproject.org --- src/feature/hs/hs_dos.c | 37 ++++++++++++++++++++++--------------- src/feature/hs/hs_dos.h | 7 ++++--- src/feature/hs/hs_intropoint.c | 6 ++++-- src/test/test_hs_dos.c | 17 +++++++++-------- 4 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index a4586dd70..34af2b74e 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -46,11 +46,11 @@ #define HS_DOS_INTRODUCE_ENABLED_DEFAULT 0
/* Consensus parameters. */ -static uint32_t hs_dos_introduce_rate_per_sec = +static uint32_t param_introduce_rate_per_sec = HS_DOS_INTRODUCE_DEFAULT_CELL_RATE_PER_SEC; -static uint32_t hs_dos_introduce_burst_per_sec = +static uint32_t param_introduce_burst_per_sec = HS_DOS_INTRODUCE_DEFAULT_CELL_BURST_PER_SEC; -static uint32_t hs_dos_introduce_enabled = +static uint32_t param_introduce_defense_enabled = HS_DOS_INTRODUCE_ENABLED_DEFAULT;
static uint32_t @@ -90,8 +90,8 @@ update_intro_circuits(void) SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) { /* Adjust the rate/burst value that might have changed. */ token_bucket_ctr_adjust(&TO_OR_CIRCUIT(circ)->introduce2_bucket, - hs_dos_get_intro2_rate(), - hs_dos_get_intro2_burst()); + hs_dos_get_intro2_rate_param(), + hs_dos_get_intro2_burst_param()); } SMARTLIST_FOREACH_END(circ);
smartlist_free(intro_circs); @@ -101,9 +101,9 @@ update_intro_circuits(void) static void set_consensus_parameters(const networkstatus_t *ns) { - hs_dos_introduce_rate_per_sec = get_param_rate_per_sec(ns); - hs_dos_introduce_burst_per_sec = get_param_burst_per_sec(ns); - hs_dos_introduce_enabled = get_param_intro_dos_enabled(ns); + param_introduce_rate_per_sec = get_param_rate_per_sec(ns); + param_introduce_burst_per_sec = get_param_burst_per_sec(ns); + param_introduce_defense_enabled = get_param_intro_dos_enabled(ns);
/* The above might have changed which means we need to go through all * introduction circuits (relay side) and update the token buckets. */ @@ -114,18 +114,25 @@ set_consensus_parameters(const networkstatus_t *ns) * Public API. */
-/* Return the INTRODUCE2 cell rate per second. */ +/* Return the INTRODUCE2 cell rate per second (param or default). */ uint32_t -hs_dos_get_intro2_rate(void) +hs_dos_get_intro2_rate_param(void) { - return hs_dos_introduce_rate_per_sec; + return param_introduce_rate_per_sec; }
-/* Return the INTRODUCE2 cell burst per second. */ +/* Return the INTRODUCE2 cell burst per second (param or default). */ uint32_t -hs_dos_get_intro2_burst(void) +hs_dos_get_intro2_burst_param(void) { - return hs_dos_introduce_burst_per_sec; + return param_introduce_burst_per_sec; +} + +/* Return the INTRODUCE2 DoS defense enabled flag (param or default). */ +unsigned int +hs_dos_get_intro2_enabled_param(void) +{ + return (unsigned int) param_introduce_defense_enabled; }
/* Called when the consensus has changed. We might have new consensus @@ -150,7 +157,7 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ) tor_assert(s_intro_circ);
/* Always allowed if the defense is disabled. */ - if (!hs_dos_introduce_enabled) { + if (!param_introduce_defense_enabled) { return true; }
diff --git a/src/feature/hs/hs_dos.h b/src/feature/hs/hs_dos.h index 9fba00b52..ee7b697c7 100644 --- a/src/feature/hs/hs_dos.h +++ b/src/feature/hs/hs_dos.h @@ -20,11 +20,12 @@ void hs_dos_init(void); /* Consensus. */ void hs_dos_consensus_has_changed(const networkstatus_t *ns);
+/* Introduction Point. */ bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ);
-/* Getters. */ -uint32_t hs_dos_get_intro2_rate(void); -uint32_t hs_dos_get_intro2_burst(void); +unsigned int hs_dos_get_intro2_enabled_param(void); +uint32_t hs_dos_get_intro2_rate_param(void); +uint32_t hs_dos_get_intro2_burst_param(void);
#ifdef HS_DOS_PRIVATE
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index 2c105f0b6..a53ca0d6b 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -205,8 +205,10 @@ handle_verified_establish_intro_cell(or_circuit_t *circ, /* Repurpose this circuit into an intro circuit. */ circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT); /* Initialize the INTRODUCE2 token bucket for the rate limiting. */ - token_bucket_ctr_init(&circ->introduce2_bucket, hs_dos_get_intro2_rate(), - hs_dos_get_intro2_burst(), (uint32_t) approx_time()); + token_bucket_ctr_init(&circ->introduce2_bucket, + hs_dos_get_intro2_rate_param(), + hs_dos_get_intro2_burst_param(), + (uint32_t) approx_time());
return 0; } diff --git a/src/test/test_hs_dos.c b/src/test/test_hs_dos.c index 3dfa057a4..e2b211d5d 100644 --- a/src/test/test_hs_dos.c +++ b/src/test/test_hs_dos.c @@ -58,8 +58,9 @@ test_can_send_intro2(void *arg) /* Make that circuit a service intro point. */ circuit_change_purpose(TO_CIRCUIT(or_circ), CIRCUIT_PURPOSE_INTRO_POINT); /* Initialize the INTRODUCE2 token bucket for the rate limiting. */ - token_bucket_ctr_init(&or_circ->introduce2_bucket, hs_dos_get_intro2_rate(), - hs_dos_get_intro2_burst(), now); + token_bucket_ctr_init(&or_circ->introduce2_bucket, + hs_dos_get_intro2_rate_param(), + hs_dos_get_intro2_burst_param(), now);
/* Brand new circuit, we should be able to send INTRODUCE2 cells. */ tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ)); @@ -71,13 +72,13 @@ test_can_send_intro2(void *arg) tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ)); } tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, - hs_dos_get_intro2_burst() - 10); + hs_dos_get_intro2_burst_param() - 10);
/* Fully refill the bucket minus 1 cell. */ update_approx_time(++now); tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ)); tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, - hs_dos_get_intro2_burst() - 1); + hs_dos_get_intro2_burst_param() - 1);
/* Receive an INTRODUCE2 at each second. We should have the bucket full * since at every second it gets refilled. */ @@ -87,18 +88,18 @@ test_can_send_intro2(void *arg) } /* Last check if we can send the cell decrements the bucket so minus 1. */ tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, - hs_dos_get_intro2_burst() - 1); + hs_dos_get_intro2_burst_param() - 1);
/* Manually reset bucket for next test. */ token_bucket_ctr_reset(&or_circ->introduce2_bucket, now); tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, - hs_dos_get_intro2_burst()); + hs_dos_get_intro2_burst_param());
/* Do a full burst in the current second which should empty the bucket and * we shouldn't be allowed to send one more cell after that. We go minus 1 * cell else the very last check if we can send the INTRO2 cell returns * false because the bucket goes down to 0. */ - for (uint32_t i = 0; i < hs_dos_get_intro2_burst() - 1; i++) { + for (uint32_t i = 0; i < hs_dos_get_intro2_burst_param() - 1; i++) { tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ)); } tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, 1); @@ -116,7 +117,7 @@ test_can_send_intro2(void *arg) update_approx_time(++now); tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ)); tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, - hs_dos_get_intro2_rate() - 1); + hs_dos_get_intro2_rate_param() - 1);
done: circuit_free_(TO_CIRCUIT(or_circ));
tor-commits@lists.torproject.org
-
nickm@torproject.org