mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
dos: Update HS intro circuits if parameters change
In case the consensus parameters for the rate/burst changes, we need to update all already established introduction circuits to the newest value. This commit introduces a "get all intro circ" function from the HS circuitmap (v2 and v3) so it can be used by the HS DoS module to go over all circuits and adjust the INTRODUCE2 token bucket parameters. Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
be8bd2a46e
commit
e537968548
@ -272,6 +272,33 @@ hs_circuitmap_get_or_circuit(hs_token_type_t type,
|
|||||||
|
|
||||||
/**** Public relay-side getters: */
|
/**** Public relay-side getters: */
|
||||||
|
|
||||||
|
/* Public function: Return v2 and v3 introduction circuit to this relay.
|
||||||
|
* Always return a newly allocated list for which it is the caller's
|
||||||
|
* responsability to free it. */
|
||||||
|
smartlist_t *
|
||||||
|
hs_circuitmap_get_all_intro_circ_relay_side(void)
|
||||||
|
{
|
||||||
|
circuit_t **iter;
|
||||||
|
smartlist_t *circuit_list = smartlist_new();
|
||||||
|
|
||||||
|
HT_FOREACH(iter, hs_circuitmap_ht, the_hs_circuitmap) {
|
||||||
|
circuit_t *circ = *iter;
|
||||||
|
|
||||||
|
/* An origin circuit or purpose is wrong or the hs token is not set to be
|
||||||
|
* a v2 or v3 intro relay side type, we ignore the circuit. Else, we have
|
||||||
|
* a match so add it to our list. */
|
||||||
|
if (CIRCUIT_IS_ORIGIN(circ) ||
|
||||||
|
circ->purpose != CIRCUIT_PURPOSE_INTRO_POINT ||
|
||||||
|
(circ->hs_token->type != HS_TOKEN_INTRO_V3_RELAY_SIDE &&
|
||||||
|
circ->hs_token->type != HS_TOKEN_INTRO_V2_RELAY_SIDE)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
smartlist_add(circuit_list, circ);
|
||||||
|
}
|
||||||
|
|
||||||
|
return circuit_list;
|
||||||
|
}
|
||||||
|
|
||||||
/* Public function: Return a v3 introduction circuit to this relay with
|
/* Public function: Return a v3 introduction circuit to this relay with
|
||||||
* <b>auth_key</b>. Return NULL if no such circuit is found in the
|
* <b>auth_key</b>. Return NULL if no such circuit is found in the
|
||||||
* circuitmap. */
|
* circuitmap. */
|
||||||
|
@ -34,6 +34,8 @@ void hs_circuitmap_register_intro_circ_v2_relay_side(struct or_circuit_t *circ,
|
|||||||
void hs_circuitmap_register_intro_circ_v3_relay_side(struct or_circuit_t *circ,
|
void hs_circuitmap_register_intro_circ_v3_relay_side(struct or_circuit_t *circ,
|
||||||
const ed25519_public_key_t *auth_key);
|
const ed25519_public_key_t *auth_key);
|
||||||
|
|
||||||
|
smartlist_t *hs_circuitmap_get_all_intro_circ_relay_side(void);
|
||||||
|
|
||||||
/** Public service-side API: */
|
/** Public service-side API: */
|
||||||
|
|
||||||
struct origin_circuit_t *
|
struct origin_circuit_t *
|
||||||
|
@ -23,6 +23,7 @@
|
|||||||
|
|
||||||
#include "core/or/circuitlist.h"
|
#include "core/or/circuitlist.h"
|
||||||
|
|
||||||
|
#include "feature/hs/hs_circuitmap.h"
|
||||||
#include "feature/nodelist/networkstatus.h"
|
#include "feature/nodelist/networkstatus.h"
|
||||||
#include "feature/relay/routermode.h"
|
#include "feature/relay/routermode.h"
|
||||||
|
|
||||||
@ -77,6 +78,25 @@ get_param_burst_per_sec(const networkstatus_t *ns)
|
|||||||
0, INT32_MAX);
|
0, INT32_MAX);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Go over all introduction circuit relay side and adjust their rate/burst
|
||||||
|
* values using the global parameters. This is called right after the
|
||||||
|
* consensus parameters might have changed. */
|
||||||
|
static void
|
||||||
|
update_intro_circuits(void)
|
||||||
|
{
|
||||||
|
/* Returns all HS version intro circuits. */
|
||||||
|
smartlist_t *intro_circs = hs_circuitmap_get_all_intro_circ_relay_side();
|
||||||
|
|
||||||
|
SMARTLIST_FOREACH_BEGIN(intro_circs, circuit_t *, circ) {
|
||||||
|
/* Adjust the rate/burst value that might have changed. */
|
||||||
|
token_bucket_ctr_adjust(&TO_OR_CIRCUIT(circ)->introduce2_bucket,
|
||||||
|
hs_dos_get_intro2_rate(),
|
||||||
|
hs_dos_get_intro2_burst());
|
||||||
|
} SMARTLIST_FOREACH_END(circ);
|
||||||
|
|
||||||
|
smartlist_free(intro_circs);
|
||||||
|
}
|
||||||
|
|
||||||
/* Set consensus parameters. */
|
/* Set consensus parameters. */
|
||||||
static void
|
static void
|
||||||
set_consensus_parameters(const networkstatus_t *ns)
|
set_consensus_parameters(const networkstatus_t *ns)
|
||||||
@ -84,6 +104,10 @@ set_consensus_parameters(const networkstatus_t *ns)
|
|||||||
hs_dos_introduce_rate_per_sec = get_param_rate_per_sec(ns);
|
hs_dos_introduce_rate_per_sec = get_param_rate_per_sec(ns);
|
||||||
hs_dos_introduce_burst_per_sec = get_param_burst_per_sec(ns);
|
hs_dos_introduce_burst_per_sec = get_param_burst_per_sec(ns);
|
||||||
hs_dos_introduce_enabled = get_param_intro_dos_enabled(ns);
|
hs_dos_introduce_enabled = get_param_intro_dos_enabled(ns);
|
||||||
|
|
||||||
|
/* The above might have changed which means we need to go through all
|
||||||
|
* introduction circuits (relay side) and update the token buckets. */
|
||||||
|
update_intro_circuits();
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
Loading…
Reference in New Issue
Block a user