[tor-commits] [tor/master] dos: Add the DoSRefuseSingleHopClientRendezvous option

nickm at torproject.org nickm at torproject.org
Tue Jan 30 23:18:27 UTC 2018


commit 36a0ae151f8f85c76b4bd91a8fc2871dd88b6005
Author: David Goulet <dgoulet at torproject.org>
Date:   Thu Jan 25 16:32:28 2018 -0500

    dos: Add the DoSRefuseSingleHopClientRendezvous option
    
    This option refuses any ESTABLISH_RENDEZVOUS cell arriving from a client
    connection. Its default value is "auto" for which we can turn it on or off
    with a consensus parameter. Default value is 0.
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 src/or/dos.c     | 31 +++++++++++++++++++++++++++++++
 src/or/dos.h     |  3 +++
 src/or/rendmid.c | 12 ++++++++++++
 3 files changed, 46 insertions(+)

diff --git a/src/or/dos.c b/src/or/dos.c
index 7e3a2ab7f..d98d3db16 100644
--- a/src/or/dos.c
+++ b/src/or/dos.c
@@ -14,6 +14,7 @@
 #include "geoip.h"
 #include "main.h"
 #include "networkstatus.h"
+#include "router.h"
 
 #include "dos.h"
 
@@ -60,6 +61,9 @@ static uint64_t conn_num_addr_rejected;
  * General interface of the denial of service mitigation subsystem.
  */
 
+/* Keep stats for the heartbeat. */
+static uint64_t num_single_hop_client_refused;
+
 /* Return true iff the circuit creation mitigation is enabled. We look at the
  * consensus for this else a default value is returned. */
 MOCK_IMPL(STATIC unsigned int,
@@ -524,6 +528,33 @@ dos_conn_addr_get_defense_type(const tor_addr_t *addr)
 
 /* General API */
 
+/* Note down that we've just refused a single hop client. This increments a
+ * counter later used for the heartbeat. */
+void
+dos_note_refuse_single_hop_client(void)
+{
+  num_single_hop_client_refused++;
+}
+
+/* Return true iff single hop client connection (ESTABLISH_RENDEZVOUS) should
+ * be refused. */
+int
+dos_should_refuse_single_hop_client(void)
+{
+  /* If we aren't a public relay, this shouldn't apply to anything. */
+  if (!public_server_mode(get_options())) {
+    return 0;
+  }
+
+  if (get_options()->DoSRefuseSingleHopClientRendezvous != -1) {
+    return get_options()->DoSRefuseSingleHopClientRendezvous;
+  }
+
+  return (int) networkstatus_get_param(NULL,
+                                       "DoSRefuseSingleHopClientRendezvous",
+                                       0 /* default */, 0, 1);
+}
+
 /* Called when a new client connection has been established on the given
  * address. */
 void
diff --git a/src/or/dos.h b/src/or/dos.h
index cc7749836..ec4c033ae 100644
--- a/src/or/dos.h
+++ b/src/or/dos.h
@@ -51,6 +51,9 @@ int dos_enabled(void);
 void dos_new_client_conn(or_connection_t *or_conn);
 void dos_close_client_conn(const or_connection_t *or_conn);
 
+int dos_should_refuse_single_hop_client(void);
+void dos_note_refuse_single_hop_client(void);
+
 /*
  * Circuit creation DoS mitigation subsystemn interface.
  */
diff --git a/src/or/rendmid.c b/src/or/rendmid.c
index ca0ad7b0d..441d5043c 100644
--- a/src/or/rendmid.c
+++ b/src/or/rendmid.c
@@ -8,9 +8,11 @@
  **/
 
 #include "or.h"
+#include "channel.h"
 #include "circuitlist.h"
 #include "circuituse.h"
 #include "config.h"
+#include "dos.h"
 #include "relay.h"
 #include "rendmid.h"
 #include "rephist.h"
@@ -246,6 +248,16 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
     goto err;
   }
 
+  /* Check if we are configured to accept established rendezvous cells from
+   * client or in other words tor2web clients. */
+  if (channel_is_client(circ->p_chan) &&
+      dos_should_refuse_single_hop_client()) {
+    /* Note it down for the heartbeat log purposes. */
+    dos_note_refuse_single_hop_client();
+    /* Silent drop so the client has to time out before moving on. */
+    return 0;
+  }
+
   if (circ->base_.n_chan) {
     log_warn(LD_PROTOCOL,
              "Tried to establish rendezvous on non-edge circuit");





More information about the tor-commits mailing list