commit be8bd2a46eaba4c992ec912a1bef8d950e481bd4 Author: David Goulet dgoulet@torproject.org Date: Thu Jun 27 12:58:43 2019 -0400

hs-v3: Add enable/disable HS DoS introduce parameter

Following prop305 values.

Signed-off-by: David Goulet dgoulet@torproject.org --- src/feature/hs/hs_dos.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)

diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index 25d282adb..f817b4988 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -40,11 +40,24 @@ * but never goes above that burst value. */ #define HS_DOS_INTRODUCE_CELL_BURST_PER_SEC 200

+/* Default value of the consensus parameter enabling or disabling the + * introduction DoS defense. Disabled by default. */ +#define HS_DOS_INTRODUCE_ENABLED_DEFAULT 0 + /* Consensus parameters. */ static uint32_t hs_dos_introduce_rate_per_sec = HS_DOS_INTRODUCE_CELL_RATE_PER_SEC; static uint32_t hs_dos_introduce_burst_per_sec = HS_DOS_INTRODUCE_CELL_BURST_PER_SEC; +static uint32_t hs_dos_introduce_enabled = + HS_DOS_INTRODUCE_ENABLED_DEFAULT; + +static uint32_t +get_param_intro_dos_enabled(const networkstatus_t *ns) +{ + return networkstatus_get_param(ns, "HiddenServiceEnableIntroDoSDefense", + HS_DOS_INTRODUCE_ENABLED_DEFAULT, 0, 1); +}

/* Return the parameter for the introduction rate per sec. */ static uint32_t @@ -70,6 +83,7 @@ set_consensus_parameters(const networkstatus_t *ns) { hs_dos_introduce_rate_per_sec = get_param_rate_per_sec(ns); hs_dos_introduce_burst_per_sec = get_param_burst_per_sec(ns); + hs_dos_introduce_enabled = get_param_intro_dos_enabled(ns); }

/* @@ -111,6 +125,11 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ) { tor_assert(s_intro_circ);

+ /* Always allowed if the defense is disabled. */ + if (!hs_dos_introduce_enabled) { + return true; + } + /* Should not happen but if so, scream loudly. */ if (BUG(TO_CIRCUIT(s_intro_circ)->purpose != CIRCUIT_PURPOSE_INTRO_POINT)) { return false;