src/test/test_hs_dos.c

   1 /* Copyright (c) 2017-2019, The Tor Project, Inc. */
   2 /* See LICENSE for licensing information */
   3
   4 /**
   5  * \file test_hs_cell.c
   6  * \brief Test hidden service cell functionality.
   7  */
   8
   9 #define CIRCUITLIST_PRIVATE
  10 #define NETWORKSTATUS_PRIVATE
  11
  12 #include "test/test.h"
  13 #include "test/test_helpers.h"
  14 #include "test/log_test_helpers.h"
  15
  16 #include "app/config/config.h"
  17
  18 #include "core/or/circuitlist.h"
  19 #include "core/or/circuituse.h"
  20 #include "core/or/or_circuit_st.h"
  21
  22 #include "feature/hs/hs_dos.h"
  23 #include "feature/nodelist/networkstatus.h"
  24
  25 static void
  26 setup_mock_consensus(void)
  27 {
  28   current_ns_consensus = tor_malloc_zero(sizeof(networkstatus_t));
  29   current_ns_consensus->net_params = smartlist_new();
  30   smartlist_add(current_ns_consensus->net_params,
  31                 (void *) "HiddenServiceEnableIntroDoSDefense=1");
  32   hs_dos_consensus_has_changed(current_ns_consensus);
  33 }
  34
  35 static void
  36 free_mock_consensus(void)
  37 {
  38   smartlist_free(current_ns_consensus->net_params);
  39   tor_free(current_ns_consensus);
  40 }
  41
  42 static void
  43 test_can_send_intro2(void *arg)
  44 {
  45   uint32_t now = (uint32_t) approx_time();
  46   or_circuit_t *or_circ = NULL;
  47
  48   (void) arg;
  49
  50   hs_init();
  51   hs_dos_init();
  52
  53   get_options_mutable()->ORPort_set = 1;
  54   setup_mock_consensus();
  55
  56   or_circ =  or_circuit_new(1, NULL);
  57
  58   /* Make that circuit a service intro point. */
  59   circuit_change_purpose(TO_CIRCUIT(or_circ), CIRCUIT_PURPOSE_INTRO_POINT);
  60   /* Initialize the INTRODUCE2 token bucket for the rate limiting. */
  61   token_bucket_ctr_init(&or_circ->introduce2_bucket, hs_dos_get_intro2_rate(),
  62                         hs_dos_get_intro2_burst(), now);
  63
  64   /* Brand new circuit, we should be able to send INTRODUCE2 cells. */
  65   tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
  66
  67   /* Simulate that 10 cells have arrived in 1 second. There should be no
  68    * refill since the bucket is already at maximum on the first cell. */
  69   update_approx_time(++now);
  70   for (int i = 0; i < 10; i++) {
  71     tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
  72   }
  73   tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
  74              hs_dos_get_intro2_burst() - 10);
  75
  76   /* Fully refill the bucket minus 1 cell. */
  77   update_approx_time(++now);
  78   tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
  79   tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
  80              hs_dos_get_intro2_burst() - 1);
  81
  82   /* Receive an INTRODUCE2 at each second. We should have the bucket full
  83    * since at every second it gets refilled. */
  84   for (int i = 0; i < 10; i++) {
  85     update_approx_time(++now);
  86     tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
  87   }
  88   /* Last check if we can send the cell decrements the bucket so minus 1. */
  89   tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
  90              hs_dos_get_intro2_burst() - 1);
  91
  92   /* Manually reset bucket for next test. */
  93   token_bucket_ctr_reset(&or_circ->introduce2_bucket, now);
  94   tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
  95              hs_dos_get_intro2_burst());
  96
  97   /* Do a full burst in the current second which should empty the bucket and
  98    * we shouldn't be allowed to send one more cell after that. We go minus 1
  99    * cell else the very last check if we can send the INTRO2 cell returns
 100    * false because the bucket goes down to 0. */
 101   for (uint32_t i = 0; i < hs_dos_get_intro2_burst() - 1; i++) {
 102     tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
 103   }
 104   tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, 1);
 105   /* Get the last remaining cell, we shouldn't be allowed to send it. */
 106   tt_int_op(false, OP_EQ, hs_dos_can_send_intro2(or_circ));
 107   tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, 0);
 108
 109   /* Make sure the next 100 cells aren't allowed and bucket stays at 0. */
 110   for (int i = 0; i < 100; i++) {
 111     tt_int_op(false, OP_EQ, hs_dos_can_send_intro2(or_circ));
 112     tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ, 0);
 113   }
 114
 115   /* One second has passed, we should have the rate minus 1 cell added. */
 116   update_approx_time(++now);
 117   tt_int_op(true, OP_EQ, hs_dos_can_send_intro2(or_circ));
 118   tt_uint_op(token_bucket_ctr_get(&or_circ->introduce2_bucket), OP_EQ,
 119              hs_dos_get_intro2_rate() - 1);
 120
 121  done:
 122   circuit_free_(TO_CIRCUIT(or_circ));
 123
 124   hs_free_all();
 125   free_mock_consensus();
 126 }
 127
 128 struct testcase_t hs_dos_tests[] = {
 129   { "can_send_intro2", test_can_send_intro2, TT_FORK,
 130     NULL, NULL },
 131
 132   END_OF_TESTCASES
 133 };
 134