[tor-commits] [chutney/master] Introduce hs-v3 network file and temlate.
teor at torproject.org
teor at torproject.org
Tue Sep 12 06:16:29 UTC 2017
commit b96614275f251da9229183046cd63ba9a44166a7
Author: David Goulet <dgoulet at ev0ke.net>
Date: Thu Aug 31 11:32:16 2017 -0400
Introduce hs-v3 network file and temlate.
This is a chutney network with next generation hidden services.
Signed-off-by: David Goulet <dgoulet at ev0ke.net>
---
networks/hs-v3 | 16 ++++++++++++++++
networks/hs-v3-intro | 18 ++++++++++++++++++
networks/hs-v3-min | 17 +++++++++++++++++
torrc_templates/hs-v3-10.tmpl | 2 ++
torrc_templates/hs-v3.tmpl | 2 ++
torrc_templates/hs3-only-v6.tmpl | 3 +++
torrc_templates/hs3-use-v6.tmpl | 3 +++
torrc_templates/single-onion-v3-indirect.tmpl | 6 ++++++
torrc_templates/single-onion-v3-only-v6.tmpl | 3 +++
torrc_templates/single-onion-v3-use-v6.tmpl | 3 +++
torrc_templates/single-onion-v3.tmpl | 2 ++
11 files changed, 75 insertions(+)
diff --git a/networks/hs-v3 b/networks/hs-v3
new file mode 100644
index 0000000..ea67f79
--- /dev/null
+++ b/networks/hs-v3
@@ -0,0 +1,16 @@
+# Next gen hidden services config
+
+# By default, Authorities are not configured as exits
+Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl")
+ExitRelay = Node(tag="r", relay=1, exit=1, torrc="relay.tmpl")
+Client = Node(tag="c", torrc="client.tmpl")
+HS = Node(tag="h", hs=1, torrc="hs-v3.tmpl")
+
+# We need 8 authorities/relays/exits to ensure at least 2 get the guard flag
+# in 0.2.6
+# We need 5 authorities/relays/exits to ensure we can build HS connections
+NODES = Authority.getN(3) + ExitRelay.getN(5) + \
+ Client.getN(1) + HS.getN(1)
+
+ConfigureNodes(NODES)
+
diff --git a/networks/hs-v3-intro b/networks/hs-v3-intro
new file mode 100644
index 0000000..6dc39f2
--- /dev/null
+++ b/networks/hs-v3-intro
@@ -0,0 +1,18 @@
+# By default, Authorities are not configured as exits
+Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl")
+NonExitRelay = Node(tag="r", relay=1, torrc="relay-non-exit.tmpl")
+Client = Node(tag="c", torrc="client.tmpl")
+HS10 = Node(tag="h", hs=1, torrc="hs-v3-10.tmpl")
+
+# Since only 25% of relays get the guard flag,
+# TestingDirAuthVoteGuard * may need to be used in small networks
+
+# A hidden service needs 5 authorities/relays to ensure it can build HS
+# connections:
+# a minimum path length of 3, plus the client-nominated rendezvous point,
+# plus a seperate introduction point
+# A hidden service with 10 intro points actually tries 12, then repurposes 2
+NODES = Authority.getN(2) + NonExitRelay.getN(10) + \
+ Client.getN(1) + HS10.getN(2)
+
+ConfigureNodes(NODES)
diff --git a/networks/hs-v3-min b/networks/hs-v3-min
new file mode 100644
index 0000000..9812a31
--- /dev/null
+++ b/networks/hs-v3-min
@@ -0,0 +1,17 @@
+# By default, Authorities are not configured as exits
+Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl")
+NonExitRelay = Node(tag="r", relay=1, torrc="relay-non-exit.tmpl")
+Client = Node(tag="c", torrc="client.tmpl")
+HS = Node(tag="h", hs=1, torrc="hs-v3.tmpl")
+
+# Since only 25% of relays get the guard flag,
+# TestingDirAuthVoteGuard * may need to be used in small networks
+
+# A hidden service needs 5 authorities/relays to ensure it can build HS
+# connections:
+# a minimum path length of 3, plus the client-nominated rendezvous point,
+# plus a seperate introduction point
+NODES = Authority.getN(2) + NonExitRelay.getN(3) + \
+ Client.getN(1) + HS.getN(1)
+
+ConfigureNodes(NODES)
diff --git a/torrc_templates/hs-v3-10.tmpl b/torrc_templates/hs-v3-10.tmpl
new file mode 100644
index 0000000..0be6ef1
--- /dev/null
+++ b/torrc_templates/hs-v3-10.tmpl
@@ -0,0 +1,2 @@
+${include:hs-v3.tmpl}
+HiddenServiceNumIntroductionPoints 10
diff --git a/torrc_templates/hs-v3.tmpl b/torrc_templates/hs-v3.tmpl
new file mode 100644
index 0000000..27f031f
--- /dev/null
+++ b/torrc_templates/hs-v3.tmpl
@@ -0,0 +1,2 @@
+${include:hs.tmpl}
+HiddenServiceVersion 3
diff --git a/torrc_templates/hs3-only-v6.tmpl b/torrc_templates/hs3-only-v6.tmpl
new file mode 100644
index 0000000..0ff8759
--- /dev/null
+++ b/torrc_templates/hs3-only-v6.tmpl
@@ -0,0 +1,3 @@
+${include:hs-v3.tmpl}
+# Hidden services are just another kind of client
+${include:client-only-v6.i}
diff --git a/torrc_templates/hs3-use-v6.tmpl b/torrc_templates/hs3-use-v6.tmpl
new file mode 100644
index 0000000..51e3700
--- /dev/null
+++ b/torrc_templates/hs3-use-v6.tmpl
@@ -0,0 +1,3 @@
+${include:hs-v3.tmpl}
+# Hidden services are just another kind of client
+${include:client-use-v6.i}
diff --git a/torrc_templates/single-onion-v3-indirect.tmpl b/torrc_templates/single-onion-v3-indirect.tmpl
new file mode 100644
index 0000000..8cf6cd6
--- /dev/null
+++ b/torrc_templates/single-onion-v3-indirect.tmpl
@@ -0,0 +1,6 @@
+${include:single-onion-v3.tmpl}
+
+# Only allow direct connections to the first directory authority's ORPort
+# This checks that a single onion service makes 3-hop connections to
+# unreachable intro points and rend points
+ReachableAddresses 127.0.0.1:5000
diff --git a/torrc_templates/single-onion-v3-only-v6.tmpl b/torrc_templates/single-onion-v3-only-v6.tmpl
new file mode 100644
index 0000000..7427cd7
--- /dev/null
+++ b/torrc_templates/single-onion-v3-only-v6.tmpl
@@ -0,0 +1,3 @@
+${include:single-onion-v3.tmpl}
+# Onion services are just another kind of client
+${include:client-only-v6.i}
diff --git a/torrc_templates/single-onion-v3-use-v6.tmpl b/torrc_templates/single-onion-v3-use-v6.tmpl
new file mode 100644
index 0000000..25a6636
--- /dev/null
+++ b/torrc_templates/single-onion-v3-use-v6.tmpl
@@ -0,0 +1,3 @@
+${include:single-onion-v3.tmpl}
+# Onion services are just another kind of client
+${include:client-use-v6.i}
diff --git a/torrc_templates/single-onion-v3.tmpl b/torrc_templates/single-onion-v3.tmpl
new file mode 100644
index 0000000..a9b1a19
--- /dev/null
+++ b/torrc_templates/single-onion-v3.tmpl
@@ -0,0 +1,2 @@
+${include:single-onion.tmpl}
+${include:hs-v3.tmpl}
More information about the tor-commits
mailing list