|
@@ -489,6 +489,111 @@ test_staging_service_v3(void *arg)
|
|
|
hs_free_all();
|
|
hs_free_all();
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+static void
|
|
|
|
|
+test_dos_parameters(void *arg)
|
|
|
|
|
+{
|
|
|
|
|
+ int ret;
|
|
|
|
|
+
|
|
|
|
|
+ (void) arg;
|
|
|
|
|
+
|
|
|
|
|
+ hs_init();
|
|
|
|
|
+
|
|
|
|
|
+ /* Valid configuration. */
|
|
|
|
|
+ {
|
|
|
|
|
+ const char *conf =
|
|
|
|
|
+ "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n"
|
|
|
|
|
+ "HiddenServiceVersion 3\n"
|
|
|
|
|
+ "HiddenServicePort 22 1.1.1.1:22\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSDefense 1\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSRatePerSec 42\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSBurstPerSec 87\n";
|
|
|
|
|
+
|
|
|
|
|
+ setup_full_capture_of_logs(LOG_INFO);
|
|
|
|
|
+ ret = helper_config_service(conf, 0);
|
|
|
|
|
+ tt_int_op(ret, OP_EQ, 0);
|
|
|
|
|
+ expect_log_msg_containing("Service INTRO2 DoS defenses rate set to: 42");
|
|
|
|
|
+ expect_log_msg_containing("Service INTRO2 DoS defenses burst set to: 87");
|
|
|
|
|
+ teardown_capture_of_logs();
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /* Invalid rate. Value of 2^37. Max allowed is 2^31. */
|
|
|
|
|
+ {
|
|
|
|
|
+ const char *conf =
|
|
|
|
|
+ "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n"
|
|
|
|
|
+ "HiddenServiceVersion 3\n"
|
|
|
|
|
+ "HiddenServicePort 22 1.1.1.1:22\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSDefense 1\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSRatePerSec 137438953472\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSBurstPerSec 87\n";
|
|
|
|
|
+
|
|
|
|
|
+ setup_full_capture_of_logs(LOG_WARN);
|
|
|
|
|
+ ret = helper_config_service(conf, 0);
|
|
|
|
|
+ tt_int_op(ret, OP_EQ, -1);
|
|
|
|
|
+ expect_log_msg_containing("HiddenServiceEnableIntroDoSRatePerSec must "
|
|
|
|
|
+ "be between 0 and 2147483647, "
|
|
|
|
|
+ "not 137438953472");
|
|
|
|
|
+ teardown_capture_of_logs();
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /* Invalid burst. Value of 2^38. Max allowed is 2^31. */
|
|
|
|
|
+ {
|
|
|
|
|
+ const char *conf =
|
|
|
|
|
+ "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n"
|
|
|
|
|
+ "HiddenServiceVersion 3\n"
|
|
|
|
|
+ "HiddenServicePort 22 1.1.1.1:22\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSDefense 1\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSRatePerSec 42\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSBurstPerSec 274877906944\n";
|
|
|
|
|
+
|
|
|
|
|
+ setup_full_capture_of_logs(LOG_WARN);
|
|
|
|
|
+ ret = helper_config_service(conf, 0);
|
|
|
|
|
+ tt_int_op(ret, OP_EQ, -1);
|
|
|
|
|
+ expect_log_msg_containing("HiddenServiceEnableIntroDoSBurstPerSec must "
|
|
|
|
|
+ "be between 0 and 2147483647, "
|
|
|
|
|
+ "not 274877906944");
|
|
|
|
|
+ teardown_capture_of_logs();
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /* Burst is smaller than rate. */
|
|
|
|
|
+ {
|
|
|
|
|
+ const char *conf =
|
|
|
|
|
+ "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n"
|
|
|
|
|
+ "HiddenServiceVersion 3\n"
|
|
|
|
|
+ "HiddenServicePort 22 1.1.1.1:22\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSDefense 1\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSRatePerSec 42\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSBurstPerSec 27\n";
|
|
|
|
|
+
|
|
|
|
|
+ setup_full_capture_of_logs(LOG_WARN);
|
|
|
|
|
+ ret = helper_config_service(conf, 0);
|
|
|
|
|
+ tt_int_op(ret, OP_EQ, -1);
|
|
|
|
|
+ expect_log_msg_containing("Hidden service DoS defenses burst (27) can "
|
|
|
|
|
+ "not be smaller than the rate value (42).");
|
|
|
|
|
+ teardown_capture_of_logs();
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /* Negative value. */
|
|
|
|
|
+ {
|
|
|
|
|
+ const char *conf =
|
|
|
|
|
+ "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs3\n"
|
|
|
|
|
+ "HiddenServiceVersion 3\n"
|
|
|
|
|
+ "HiddenServicePort 22 1.1.1.1:22\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSDefense 1\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSRatePerSec -1\n"
|
|
|
|
|
+ "HiddenServiceEnableIntroDoSBurstPerSec 42\n";
|
|
|
|
|
+
|
|
|
|
|
+ setup_full_capture_of_logs(LOG_WARN);
|
|
|
|
|
+ ret = helper_config_service(conf, 0);
|
|
|
|
|
+ tt_int_op(ret, OP_EQ, -1);
|
|
|
|
|
+ expect_log_msg_containing("HiddenServiceEnableIntroDoSRatePerSec must be "
|
|
|
|
|
+ "between 0 and 2147483647, not -1");
|
|
|
|
|
+ teardown_capture_of_logs();
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ done:
|
|
|
|
|
+ hs_free_all();
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
struct testcase_t hs_config_tests[] = {
|
|
struct testcase_t hs_config_tests[] = {
|
|
|
/* Invalid service not specific to any version. */
|
|
/* Invalid service not specific to any version. */
|
|
|
{ "invalid_service", test_invalid_service, TT_FORK,
|
|
{ "invalid_service", test_invalid_service, TT_FORK,
|
|
@@ -512,6 +617,10 @@ struct testcase_t hs_config_tests[] = {
|
|
|
{ "staging_service_v3", test_staging_service_v3, TT_FORK,
|
|
{ "staging_service_v3", test_staging_service_v3, TT_FORK,
|
|
|
NULL, NULL },
|
|
NULL, NULL },
|
|
|
|
|
|
|
|
|
|
+ /* Test HS DoS parameters. */
|
|
|
|
|
+ { "dos_parameters", test_dos_parameters, TT_FORK,
|
|
|
|
|
+ NULL, NULL },
|
|
|
|
|
+
|
|
|
END_OF_TESTCASES
|
|
END_OF_TESTCASES
|
|
|
};
|
|
};
|
|
|
|
|
|
David Goulet