[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] dos: Account rejection in hs_dos_can_send_intro2

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] dos: Account rejection in hs_dos_can_send_intro2
From: dgoulet@xxxxxxxxxxxxxx
Date: Wed, 6 Nov 2019 15:34:03 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 06 Nov 2019 10:34:20 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit ff8823d03cef50cb3a78f13a35558288e54c2173
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date:   Thu Oct 31 13:50:36 2019 -0400

    dos: Account rejection in hs_dos_can_send_intro2
    
    This required a small refactoring so we could count properly the INTRO2
    sending disallow.
    
    Part of #31371
    
    Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
 src/feature/hs/hs_dos.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c
index 19794e09d..81041475e 100644
--- a/src/feature/hs/hs_dos.c
+++ b/src/feature/hs/hs_dos.c
@@ -45,6 +45,9 @@
  * introduction DoS defense. Disabled by default. */
 #define HS_DOS_INTRODUCE_ENABLED_DEFAULT 0
 
+/* INTRODUCE2 rejected request counter. */
+static uint64_t intro2_rejected_count = 0;
+
 /* Consensus parameters. The ESTABLISH_INTRO DoS cell extension have higher
  * priority than these values. If no extension is sent, these are used only by
  * the introduction point. */
@@ -163,12 +166,12 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ)
    * This can be set by the consensus, the ESTABLISH_INTRO cell extension or
    * the hardcoded values in tor code. */
   if (!s_intro_circ->introduce2_dos_defense_enabled) {
-    return true;
+    goto allow;
   }
 
   /* Should not happen but if so, scream loudly. */
   if (BUG(TO_CIRCUIT(s_intro_circ)->purpose != CIRCUIT_PURPOSE_INTRO_POINT)) {
-    return false;
+    goto disallow;
   }
 
   /* This is called just after we got a valid and parsed INTRODUCE1 cell. The
@@ -189,7 +192,18 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ)
   }
 
   /* Finally, we can send a new INTRODUCE2 if there are still tokens. */
-  return token_bucket_ctr_get(&s_intro_circ->introduce2_bucket) > 0;
+  if (token_bucket_ctr_get(&s_intro_circ->introduce2_bucket) > 0) {
+    goto allow;
+  }
+
+  /* Fallthrough is to disallow since this means the bucket has reached 0. */
+ disallow:
+  /* Increment stats counter, we are rejecting the INTRO2 cell. */
+  intro2_rejected_count++;
+  return false;
+
+ allow:
+  return true;
 }
 
 /* Initialize the onion service Denial of Service subsystem. */



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [torspec/master] control-spec: Add error codes to the commands.
Next by Author: [tor-commits] [tor/master] Merge branch 'tor-github/pr/1537'
Previous by thread: [tor-commits] [tor/master] dos: Add HS DoS INTRO2 rejected stats in heartbeat
Next by thread: [tor-commits] [tor/master] test: Fix DoS heartbeat unit test after adding INTRO2
Index(es):
- Author
- Thread