Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ticket30924 042 04 squashed merged #1304

Merged
merged 25 commits into from Sep 9, 2019
Merged

Ticket30924 042 04 squashed merged #1304

merged 25 commits into from Sep 9, 2019

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@nmathewson @coveralls @torproject-pusher @dgoulet-tor
@nmathewson
Copy link
Contributor

@nmathewson nmathewson commented Sep 9, 2019

No description provided.

dgoulet-tor and others added 25 commits Aug 26, 2019
@dgoulet-tor @asn-d6
trunnel: Remove typo in cell extention field name
414e900 
There can be multiple fields in a cell extension but individually, it is
singular.

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
trunnel: Add prop305 ESTABLISH_INTRO DoS cell extension
e4856d1 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Implement torrc DoS defenses options
5419fd5 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Add protover HSIntro=5
6c79172 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Rename INTRO2 consensus param getters
7faf104 
Make it clear that these functions return the consensus param only.
Introduction point can not set those values with a torrc option.

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Encode DoS ESTABLISH_INTRO cell extension
d692c5f 
This commit makes tor add the DoS cell extension to the ESTABLISH_INTRO cell
if the defense is enabled on the service side with a torrc option.

Furthermore, the cell extension is only added if the introduction point
supports it. The protover version HSIntro=5 is looked for.

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Parse ESTABLISH_INTRO cell extension
724d9eb 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Don't apply DoS defenses if circuit has not been flagged
aee66c8 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
test: Build DoS cell extension
dde0737 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
test: Handling of ESTABLISH_INTRO DoS extension
4c71acc 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
test: Adapt HS DoS test to use latest parameter
1c55433 
We added a flag on the circuit to know if the DoS defenses are enabled or not.
Before, it was solely the consensus parameter.

Part of #30924

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
man: Entry for the HS intro DoS defenses
e5cf142 
This also adds a "subsection" to the HIDDEN SERVICE OPTIONS section to
seperate per-service and per-instance options. It is a bit less messy this
way.

The HS DoS options are added to the per-service section.

Part of #30924

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Add changes file for prop305 implementation
f95b5d0 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Move to hs_dos.c INTRO2 defenses initialization
82639a8 
A bit cleaner especially that the next commit(s) will make the consensus param
interface private to hs_dos.c so we expose as little as we can outside of the
subsystem.

Part of #30924

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Cleanup usage of consensus param in hs_dos.c
184c76e 
This commit makes it that the hs_dos.c file only uses the consensus parameter
variables set when we initialize and when the consensus changes.

There is no need to call each time networkstatus_get_param(), which is
expensive, when we want access to a consensus value.

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Privatize access to HS DoS consensus param
94a2221 
Remove the public functions returning the HS DoS consensus param or default
values as it is exclusively used internally now.

Rename the param_* variables to consensus_param_* for better code semantic.

Finally, make some private functions available to unit tests.

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Missing intro circuit INTRO2 DoS enabled flag
a98f509 
When consensus changes, we also need to update the circuit INTRO2 defenses
enabled flag and not only the token bucket.

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Log info INTRO2 DoS defenses service values
292e9b0 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Clarify comment in hs_dos.c
1c4607b 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
hs-v3: Refactor DoS cell extension parameters validation
461d231 
Move everything to its own function in order to better log, document and tests
the introduction point validation process.

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @asn-d6
test: Unit tests HS DoS torrc options
cbe5f95 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @nmathewson
practracker: Make you happy funny script
a8a1ea4 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @nmathewson
hs-v3: Move DoS parameter check against 0
385f6bc 
Move it outside of the validation function since 0 is a valid value but
disables defenses.

Signed-off-by: David Goulet <dgoulet@torproject.org>
@dgoulet-tor @nmathewson
hs-v3: Rename validation function in hs_intropoint.c
622c2c7 
Signed-off-by: David Goulet <dgoulet@torproject.org>
@nmathewson
Merge branch 'ticket30924_042_04_squashed' into ticket30924_042_04_sq…
a642a4c 
…uashed_merged
@coveralls
Copy link

@coveralls coveralls commented Sep 9, 2019

Pull Request Test Coverage Report for Build 6110

  • 150 of 155 (96.77%) changed or added relevant lines in 8 files are covered.
  • 8 unchanged lines in 2 files lost coverage.
  • Overall coverage increased (+0.1%) to 63.17%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/feature/hs/hs_dos.c 15 16 93.75%
src/feature/hs/hs_config.c 28 32 87.5%
Files with Coverage Reduction New Missed Lines %
src/feature/hs/hs_dos.c 1 93.33%
src/lib/confmgt/structvar.c 7 88.06%
Totals Coverage Status
Change from base Build 6109: 0.1%
Covered Lines: 47782
Relevant Lines: 75640
💛 - Coveralls

@torproject-pusher torproject-pusher merged commit a642a4c into torproject:master Sep 9, 2019
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment