hs: Republish onion descriptor on sendme_inc change

Republishing is necessary to ensure that clients connect using the correct
sendme_inc upon any change. Additionally, introduction points must be
re-chosen, so that cached descriptors with old values are not usable.

We do not expect to change sendme_inc, unless cell size or TLS record size
changes, so this should be rare.

Signed-off-by: David Goulet <dgoulet@torproject.org>

src/feature/hs/hs_service.c

@@ -16,6 +16,7 @@
 #include "core/or/circuitbuild.h"
 #include "core/or/circuitlist.h"
 #include "core/or/circuituse.h"
+#include "core/or/congestion_control_common.h"
 #include "core/or/extendinfo.h"
 #include "core/or/relay.h"
 #include "feature/client/circpathbias.h"
@@ -3690,6 +3691,34 @@ hs_service_map_has_changed(void)
   rescan_periodic_events(get_options());
 }
 
+/** Called when a new consensus has arrived and has been set globally. The new
+ * consensus is pointed by ns. */
+void
+hs_service_new_consensus_params(const networkstatus_t *ns)
+{
+  tor_assert(ns);
+
+  /* This value is the new value from the consensus. */
+  uint8_t current_sendme_inc = congestion_control_sendme_inc();
+
+  if (!hs_service_map)
+    return;
+
+  /* Check each service and look if their descriptor contains a different
+   * sendme increment. If so, nuke all intro points by forcing an expiration
+   * which will lead to rebuild and reupload with the new value. */
+  FOR_EACH_SERVICE_BEGIN(service) {
+    FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
+      if (desc->desc &&
+          desc->desc->encrypted_data.sendme_inc != current_sendme_inc) {
+        /* Passing the maximum time_t will force expiration of all intro points
+         * and thus will lead to a rebuild of the descriptor. */
+        cleanup_intro_points(service, LONG_MAX);
+      }
+    } FOR_EACH_DESCRIPTOR_END;
+  } FOR_EACH_SERVICE_END;
+}
+
 /** Upload an encoded descriptor in encoded_desc of the given version. This
  * descriptor is for the service identity_pk and blinded_pk used to setup the
  * directory connection identifier. It is uploaded to the directory hsdir_rs

src/feature/hs/hs_service.h

@@ -355,6 +355,7 @@ smartlist_t *hs_service_get_metrics_stores(void);
 
 void hs_service_map_has_changed(void);
 void hs_service_dir_info_changed(void);
+void hs_service_new_consensus_params(const networkstatus_t *ns);
 void hs_service_run_scheduled_events(time_t now);
 void hs_service_circuit_has_opened(origin_circuit_t *circ);
 int hs_service_receive_intro_established(origin_circuit_t *circ,

src/feature/nodelist/networkstatus.c

@@ -1704,6 +1704,7 @@ notify_after_networkstatus_changes(void)
   router_new_consensus_params(c);
   congestion_control_new_consensus_params(c);
   flow_control_new_consensus_params(c);
+  hs_service_new_consensus_params(c);
 
   /* Maintenance of our L2 guard list */
   maintain_layer2_guards();