routerset_t has two representations of an empty routerset: NULL, and
a set containing no elements. But some of our config code assumes
that empty routersets are represented as NULL. So let's give it
what it assumes.
Fixes bug 31495. Bugfix on e16b90b88a76; but not in any released
Tor.
In case the consensus parameters for the rate/burst changes, we need to update
all already established introduction circuits to the newest value.
This commit introduces a "get all intro circ" function from the HS circuitmap
(v2 and v3) so it can be used by the HS DoS module to go over all circuits and
adjust the INTRODUCE2 token bucket parameters.
Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit add the hs_dos.{c|h} file that has the purpose of having the
anti-DoS code for onion services.
At this commit, it only has one which is a function that decides if an
INTRODUCE2 can be sent on the given introduction service circuit (S<->IP)
using a simple token bucket.
The rate per second is 25 and allowed burst to 200.
Basic defenses on #15516.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Now that we have a reasonable implementation for overriding the
default options for TestingTorNetwork, we don't need to modify
config_var_t structs any more. And therefore, we can have constant
format options, like reasonable people.
This shouldn't be possible while Tor is running, but the tests can
hit this code. Rather than force the tests to add a dummy channel
object, let's just tolerate their incompletely built circuits.
There is other code that uses this value, and some of it is
apparently reachable from inside router_dir_info_changed(), which
routerlist_free() apparently calls. (ouch!) This is a minimal fix
to try to resolve the issue without causing other problems.
Fixes bug 31003. I'm calling this a bugfix on 0.1.2.2-alpha, where
the call to router_dir_info_changed() was added to routerlist_free().
Fix add_onion_helper_clientauth() and add_onion_helper_keyarg() to
explicitly call the appropriate control reply abstractions instead of
allocating a string to pass to their callers.
Part of ticket 30889.
