[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor] 12/77: hs: Don't expire RP circuits to HS with PoW

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor] 12/77: hs: Don't expire RP circuits to HS with PoW
From: gitolite role via tor-commits <tor-commits@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 10 May 2023 15:46:56 +0000
Auto-submitted: auto-generated
Cc: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 10 May 2023 11:47:19 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1683733636; bh=NCEYeEbL1Cyr6yt5PCNuXZbb+MUoYPRoZJhAs49jEzQ=; h=Date:To:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=cUN6kWy7G66bs0YSvdFIqIB/IKxjHyqwI6tSheZTK4uJ4DUJit/ylUV3SZ/yXXgoG JgEEUWLoOiO2/8QyU5zGMIAaoGqgT1JQNtJzrgiexUBJzYdJv8ReFb5hClFFWARAWQ pteZhfNzlGH3gTiLcyUY3NXmKqbMNCGPYINmpRnN1of9v20AdG3D32FYdDr+sK/GMn DtVsp9Q0TIjRhL5CgiFpRVLK5yDfuB0FmY+H+bD/gRXWmrwYJfAG32Kk5NpuNUnd9o nTQGE9/2PL+1J2xWTneCCyZ+EIVjJJ7zRseuy1IGglivI4bKSLpqPtuTDMzStXhjac tvQj8HbY4G3Ug==
In-reply-to: <168373360469.13998.2199490141248939962@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <168373360469.13998.2199490141248939962@cupani.torproject.org>
Reply-to: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRW18IRXHA5SYObXiIb5OXYBQ==

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository tor.

commit c2f6b057b88ea3ee4d3a4a86ec198775d50c6d4c
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
AuthorDate: Wed Jun 29 15:00:59 2022 -0400

    hs: Don't expire RP circuits to HS with PoW
    
    Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
 src/core/or/circuituse.c          | 14 ++++++++++++--
 src/core/or/connection_edge.c     | 18 +++++++++++++++++-
 src/core/or/entry_connection_st.h |  4 ++++
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c
index 6956cf9849..d5879a21eb 100644
--- a/src/core/or/circuituse.c
+++ b/src/core/or/circuituse.c
@@ -564,6 +564,14 @@ circuit_expire_building(void)
       continue;
     }
 
+    /* Ignore circuits that are waiting for an introduction to a service with
+     * PoW enabled, it can take an arbitrary amount of time. They will get
+     * cleaned up if the SOCKS connection is closed. */
+    if (TO_ORIGIN_CIRCUIT(victim)->hs_with_pow_circ &&
+        victim->purpose == CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED) {
+      continue;
+    }
+
     build_state = TO_ORIGIN_CIRCUIT(victim)->build_state;
     if (build_state && build_state->onehop_tunnel)
       cutoff = begindir_cutoff;
@@ -2841,8 +2849,10 @@ connection_ap_handshake_attach_circuit(entry_connection_t *conn)
 
   conn_age = (int)(time(NULL) - base_conn->timestamp_created);
 
-  /* Is this connection so old that we should give up on it? */
-  if (conn_age >= get_options()->SocksTimeout) {
+  /* Is this connection so old that we should give up on it? Don't timeout if
+   * this is a connection to an HS with PoW enabled because it can take an
+   * arbitrary amount of time. */
+  if (conn_age >= get_options()->SocksTimeout && !conn->hs_with_pow_conn) {
     int severity = (tor_addr_is_null(&base_conn->addr) && !base_conn->port) ?
       LOG_INFO : LOG_NOTICE;
     log_fn(severity, LD_APP,
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index e1eeb2f64f..f21779a80c 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -1213,7 +1213,10 @@ connection_ap_expire_beginning(void)
      * it here too because controllers that put streams in controller_wait
      * state never ask Tor to attach the circuit. */
     if (AP_CONN_STATE_IS_UNATTACHED(base_conn->state)) {
-      if (seconds_since_born >= options->SocksTimeout) {
+      /* If this is a connection to an HS with PoW defenses enabled, we need to
+       * wait longer than the usual Socks timeout. */
+      if (seconds_since_born >= options->SocksTimeout &&
+          !entry_conn->hs_with_pow_conn) {
         log_fn(severity, LD_APP,
             "Tried for %d seconds to get a connection to %s:%d. "
             "Giving up. (%s)",
@@ -2051,6 +2054,19 @@ connection_ap_handle_onion(entry_connection_t *conn,
     descriptor_is_usable =
       hs_client_any_intro_points_usable(&hs_conn_ident->identity_pk,
                                         cached_desc);
+    /* Check if PoW parameters have expired. If yes, the descriptor is
+     * unusable. */
+    if (cached_desc->encrypted_data.pow_params) {
+      if (cached_desc->encrypted_data.pow_params->expiration_time <
+          approx_time()) {
+        log_info(LD_REND, "Descriptor PoW parameters have expired.");
+        descriptor_is_usable = 0;
+      } else {
+        /* Mark that the connection is to an HS with PoW defenses on. */
+        conn->hs_with_pow_conn = 1;
+      }
+    }
+
     log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.",
              (descriptor_is_usable) ? "usable" : "unusable",
              safe_str_client(socks->address),
diff --git a/src/core/or/entry_connection_st.h b/src/core/or/entry_connection_st.h
index 500de7521b..a9484bece2 100644
--- a/src/core/or/entry_connection_st.h
+++ b/src/core/or/entry_connection_st.h
@@ -96,6 +96,10 @@ struct entry_connection_t {
    * the exit has sent a CONNECTED cell) and we have chosen to use it.
    */
   unsigned int may_use_optimistic_data : 1;
+
+  /** True iff this is a connection to a HS that has PoW defenses enabled,
+   * so we know not to apply the usual SOCKS timeout. */
+  unsigned int hs_with_pow_conn : 1;
 };
 
 /** Cast a entry_connection_t subtype pointer to a edge_connection_t **/

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [tor] branch main updated (9ee71eaf5a -> e643a70879)
  - From: gitolite role via tor-commits

Prev by Author: [tor-commits] [tor] 01/10: Added INTRO and REND metrics for relay.
Next by Author: [tor-commits] [tor] 05/77: hs: Add solve and verify PoW functions
Previous by thread: [tor-commits] [tor] 11/77: trunnel: Centralize the INTRO1 extension type
Next by thread: [tor-commits] [tor] 10/77: hs: Priority queue for rendezvous requests
Index(es):
- Author
- Thread