mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Get ready to stop sending timestamps in INTRODUCE cells
For now, round down to the nearest 10 minutes. Later, eliminate entirely by setting a consensus parameter. (This rounding is safe because, in 0.2.2, where the timestamp mattered, REND_REPLAY_TIME_INTERVAL was a nice generous 60 minutes.)
This commit is contained in:
parent
1d0ba9a61f
commit
f8b44eedf7
@ -1,5 +1,10 @@
|
||||
o Minor features (security):
|
||||
o Minor features (security, timestamp avoidance, proposal 222):
|
||||
- Clients no longer send timestamps in their NETINFO cells. These were
|
||||
not used for anything, and they provided one small way for clients
|
||||
to be distinguished from each other as they moved from network to
|
||||
network or behind NAT.
|
||||
network or behind NAT. Implements part of proposal 222.
|
||||
- Clients now round timestamps in INTRODUCE2 cells to the nearest
|
||||
10 minutes. If a new Support022HiddenServices option is set to 0,
|
||||
or if it's set to "auto" and the feature is disabled in the consensus,
|
||||
the timestamp is sent as 0 instead.
|
||||
|
||||
|
@ -1338,6 +1338,15 @@ The following options are useful only for clients (that is, if
|
||||
Tor will use a default value chosen by the directory
|
||||
authorities. (Default: -1.)
|
||||
|
||||
**Support022HiddenServices** **0**|**1**|**auto**::
|
||||
Tor hidden services running versions before 0.2.3.x required clients to
|
||||
send timestamps, which can potentially be used to distinguish clients
|
||||
whose view of the current time is skewed. If this option is set to 0, we
|
||||
do not send this timestamp, and hidden services on obsolete Tor versions
|
||||
will not work. If this option is set to 1, we send the timestamp. If
|
||||
this optoin is "auto", we take a recommendation from the latest consensus
|
||||
document. (Default: auto)
|
||||
|
||||
|
||||
SERVER OPTIONS
|
||||
--------------
|
||||
|
@ -388,6 +388,7 @@ static config_var_t option_vars_[] = {
|
||||
V(SSLKeyLifetime, INTERVAL, "0"),
|
||||
OBSOLETE("StatusFetchPeriod"),
|
||||
V(StrictNodes, BOOL, "0"),
|
||||
V(Support022HiddenServices, AUTOBOOL, "auto"),
|
||||
OBSOLETE("SysLog"),
|
||||
V(TestSocks, BOOL, "0"),
|
||||
OBSOLETE("TestVia"),
|
||||
|
@ -4099,6 +4099,9 @@ typedef struct {
|
||||
|
||||
/** How long (seconds) do we keep a guard before picking a new one? */
|
||||
int GuardLifetime;
|
||||
|
||||
/** Should we send the timestamps that pre-023 hidden services want? */
|
||||
int Support022HiddenServices;
|
||||
} or_options_t;
|
||||
|
||||
/** Persistent state for an onion router, as saved to disk. */
|
||||
|
@ -16,6 +16,7 @@
|
||||
#include "connection_edge.h"
|
||||
#include "directory.h"
|
||||
#include "main.h"
|
||||
#include "networkstatus.h"
|
||||
#include "nodelist.h"
|
||||
#include "relay.h"
|
||||
#include "rendclient.h"
|
||||
@ -127,6 +128,16 @@ rend_client_reextend_intro_circuit(origin_circuit_t *circ)
|
||||
return result;
|
||||
}
|
||||
|
||||
/** Return true iff we should send timestamps in our INTRODUCE1 cells */
|
||||
static int
|
||||
rend_client_should_send_timestamp(void)
|
||||
{
|
||||
if (get_options()->Support022HiddenServices >= 0)
|
||||
return get_options()->Support022HiddenServices;
|
||||
|
||||
return networkstatus_get_param(NULL, "Support022HiddenServices", 1, 0, 1);
|
||||
}
|
||||
|
||||
/** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
|
||||
* down introcirc if possible.
|
||||
*/
|
||||
@ -238,7 +249,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
|
||||
REND_DESC_COOKIE_LEN);
|
||||
v3_shift += 2+REND_DESC_COOKIE_LEN;
|
||||
}
|
||||
set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
|
||||
if (rend_client_should_send_timestamp()) {
|
||||
time_t now = (uint32_t)time(NULL);
|
||||
now += 300;
|
||||
now -= now % 600;
|
||||
set_uint32(tmp+v3_shift+1, htonl(now));
|
||||
} else {
|
||||
set_uint32(tmp+v3_shift+1, 0);
|
||||
}
|
||||
v3_shift += 4;
|
||||
} /* if version 2 only write version number */
|
||||
else if (entry->parsed->protocols & (1<<2)) {
|
||||
|
Loading…
Reference in New Issue
Block a user