[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] hs-v3: Report SOCKS ExtendedErrors when all intro timed out



commit 6ab11bbf30e66ab4d63079657b689e09e127c939
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date:   Wed Dec 11 10:30:31 2019 -0500

    hs-v3: Report SOCKS ExtendedErrors when all intro timed out
    
    Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
 src/feature/hs/hs_client.c  | 50 ++++++++++++++++++++++++++++++++++++++++-----
 src/lib/net/socks5_status.h |  1 +
 2 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index ceaba08ff..40647ac25 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -961,6 +961,37 @@ client_get_random_intro(const ed25519_public_key_t *service_pk)
   return ei;
 }
 
+/** Return true iff all intro points for the given service have timed out. */
+static bool
+intro_points_all_timed_out(const ed25519_public_key_t *service_pk)
+{
+  bool ret = false;
+
+  tor_assert(service_pk);
+
+  const hs_descriptor_t *desc = hs_cache_lookup_as_client(service_pk);
+
+  SMARTLIST_FOREACH_BEGIN(desc->encrypted_data.intro_points,
+                          const hs_desc_intro_point_t *, ip) {
+    const hs_cache_intro_state_t *state =
+      hs_cache_client_intro_state_find(service_pk,
+                                       &ip->auth_key_cert->signed_key);
+    if (!state || !state->timed_out) {
+      /* No state or if this intro point has not timed out, we are done since
+       * clearly not all of them have timed out. */
+      goto end;
+    }
+  } SMARTLIST_FOREACH_END(ip);
+
+  /* Exiting the loop here means that all intro points we've looked at have
+   * timed out. Note that we can _not_ have a descriptor without intro points
+   * in the client cache. */
+  ret = true;
+
+ end:
+  return ret;
+}
+
 /** Called when a rendezvous circuit has timed out. Every streams attached to
  * the circuit will get set with the SOCKS5_HS_REND_FAILED (0xF3) extended
  * error code so if the connection to the rendezvous point ends up not
@@ -986,14 +1017,23 @@ socks_report_rend_circuit_timed_out(const origin_circuit_t *rend_circ)
  * introduction points to be used (either NACKed or failed) for the given
  * entry connection.
  *
- * This function only reports back the SOCKS5_HS_INTRO_FAILED (0xF2) code. The
- * caller has to make sure to close the entry connections. */
+ * This function only reports back the SOCKS5_HS_INTRO_FAILED (0xF2) code or
+ * SOCKS5_HS_INTRO_TIMEDOUT (0xF7) if all intros have timed out. The caller
+ * has to make sure to close the entry connections. */
 static void
-socks_report_introduction_failed(entry_connection_t *conn)
+socks_report_introduction_failed(entry_connection_t *conn,
+                                 const ed25519_public_key_t *identity_pk)
 {
+  socks5_reply_status_t code = SOCKS5_HS_INTRO_FAILED;
+
   tor_assert(conn);
   tor_assert(conn->socks_request);
-  conn->socks_request->socks_extended_error_code = SOCKS5_HS_INTRO_FAILED;
+  tor_assert(identity_pk);
+
+  if (intro_points_all_timed_out(identity_pk)) {
+    code = SOCKS5_HS_INTRO_TIMEDOUT;
+  }
+  conn->socks_request->socks_extended_error_code = code;
 }
 
 /** For this introduction circuit, we'll look at if we have any usable
@@ -1350,7 +1390,7 @@ client_desc_has_arrived(const smartlist_t *entry_conns)
                         "Closing streams.");
       /* Report the extended socks error code that we were unable to introduce
        * to the service. */
-      socks_report_introduction_failed(entry_conn);
+      socks_report_introduction_failed(entry_conn, identity_pk);
 
       connection_mark_unattached_ap(entry_conn,
                                     END_STREAM_REASON_RESOLVEFAILED);
diff --git a/src/lib/net/socks5_status.h b/src/lib/net/socks5_status.h
index 2b663e00c..90c4305d2 100644
--- a/src/lib/net/socks5_status.h
+++ b/src/lib/net/socks5_status.h
@@ -37,6 +37,7 @@ typedef enum {
   SOCKS5_HS_MISSING_CLIENT_AUTH     = 0xF4,
   SOCKS5_HS_BAD_CLIENT_AUTH         = 0xF5,
   SOCKS5_HS_BAD_ADDRESS             = 0xF6,
+  SOCKS5_HS_INTRO_TIMEDOUT          = 0xF7,
 } socks5_reply_status_t;
 
 #endif /* !defined(TOR_SOCKS5_STATUS_H) */



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits