Ticket15516 042 02 #1061
Closed
Ticket15516 042 02 #1061
Conversation
Pull Request Test Coverage Report for Build 5518
|
asn-d6
reviewed
Jun 6, 2019
asn-d6
reviewed
Jun 6, 2019
asn-d6
reviewed
Jun 6, 2019
asn-d6
reviewed
Jun 6, 2019
asn-d6
reviewed
Jun 6, 2019
asn-d6
reviewed
Jun 6, 2019
This commit add the hs_dos.{c|h} file that has the purpose of having the
anti-DoS code for onion services.
At this commit, it only has one which is a function that decides if an
INTRODUCE2 can be sent on the given introduction service circuit (S<->IP)
using a simple token bucket.
The rate per second is 25 and allowed burst to 200.
Basic defenses on #15516.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Currently test the only available function which is hs_dos_can_send_intro2() within the HS anti-DoS subsystem. Closes #15516 Signed-off-by: David Goulet <dgoulet@torproject.org>
Part of #15516 Signed-off-by: David Goulet <dgoulet@torproject.org>
asn-d6
reviewed
Jun 26, 2019
asn-d6
reviewed
Jun 26, 2019
asn-d6
reviewed
Jun 26, 2019
asn-d6
reviewed
Jun 26, 2019
teor2345
reviewed
Jun 26, 2019
| @@ -202,6 +203,9 @@ handle_verified_establish_intro_cell(or_circuit_t *circ, | |||
| hs_circuitmap_register_intro_circ_v3_relay_side(circ, &auth_key); | |||
| /* Repurpose this circuit into an intro circuit. */ | |||
| circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT); | |||
| /* Initialize the INTRODUCE2 token bucket for the rate limiting. */ | |||
| token_bucket_ctr_init(&circ->introduce2_bucket, hs_dos_get_intro2_rate(), | |||
| hs_dos_get_intro2_burst(), (uint32_t) approx_time()); | |||
Introduction circuits can last for 18-24 hours, so it's a bit surprising that we copy the DoS values at the ESTABLISH_INTRO, and then don't change them, even if the torrc config or consensus parameters change.
That means operators will need to restart their intro point or onion service (or wait 24 hours) to overcome a DoS.
GREAT catch.
So this patch for now only has consensus parameters support where torrc options (for the ESTABLISH_INTRO parameter comes with another ticket, prop305) aren't implemented yet.
This fix required a bit more code that is a function in the HS circuitmap module to "get all intro circuits" so we can go over them and adjust the token bucket parameters.
New commit takes care of this: d5e28d0
LGTM, but I will let teor take a look as well. Not resolving yet.
Ok, looks good to me.
Let's make sure we remember to update all the circuits when the torrc options change :-)
Following prop305 values. Signed-off-by: David Goulet <dgoulet@torproject.org>
In case the consensus parameters for the rate/burst changes, we need to update all already established introduction circuits to the newest value. This commit introduces a "get all intro circ" function from the HS circuitmap (v2 and v3) so it can be used by the HS DoS module to go over all circuits and adjust the INTRODUCE2 token bucket parameters. Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: David Goulet <dgoulet@torproject.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
No description provided.
The text was updated successfully, but these errors were encountered: