Extend DoS protection to IP addresses with known relays

This exemption used to be helpful in keeping exit relays from tripping
the DoS detection subsystem and losing Tor connectivity. Now exit relays
block re-entry into the network (tor issue #2667) so it's no longer
needed. We'd like to re-enable protection on these addresses to avoid
giving attackers a way around our DoS mitigations.

diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index b9f8eb22f2efa80cac323cd82f138178452213d3..ccdb30dbee9609a29514ef5054c3519c30f76aa1 100644 (file)
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -976,14 +976,6 @@ dos_new_client_conn(or_connection_t *or_conn, const char *transport_name)
     goto end;
   }
 
-  /* We ignore any known address meaning an address of a known relay. The
-   * reason to do so is because network reentry is possible where a client
-   * connection comes from an Exit node. Even when we'll fix reentry, this is
-   * a robust defense to keep in place. */
-  if (nodelist_probably_contains_address(&TO_CONN(or_conn)->addr)) {
-    goto end;
-  }
-
   /* We are only interested in client connection from the geoip cache. */
   entry = geoip_lookup_client(&TO_CONN(or_conn)->addr, transport_name,
                               GEOIP_CLIENT_CONNECT);

diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index 110441892cebd5b7502daecc9f676f266ac50d08..388a4bee6619bac7c3f3561e3ab2cd555a36024a 100644 (file)
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -434,12 +434,12 @@ test_dos_bucket_refill(void *arg)
   dos_free_all();
 }
 
-/* Test if we avoid counting a known relay. */
+/* Test if we avoid counting a known relay. (We no longer do) */
 static void
 test_known_relay(void *arg)
 {
   clientmap_entry_t *entry = NULL;
-  routerstatus_t *rs = NULL; microdesc_t *md = NULL; routerinfo_t *ri = NULL;
+  routerstatus_t *rs = NULL;
 
   (void) arg;
 
@@ -475,8 +475,7 @@ test_known_relay(void *arg)
    * client connection. */
   geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &TO_CONN(&or_conn)->addr,
                          NULL, 0);
-  /* Suppose we have 5 connections in rapid succession, the counter should
-   * always be 0 because we should ignore this. */
+  /* Suppose we have 5 connections in rapid succession */
   dos_new_client_conn(&or_conn, NULL);
   or_conn.tracked_for_dos_mitigation = 0;
   dos_new_client_conn(&or_conn, NULL);
@@ -489,26 +488,11 @@ test_known_relay(void *arg)
   entry = geoip_lookup_client(&TO_CONN(&or_conn)->addr, NULL,
                               GEOIP_CLIENT_CONNECT);
   tt_assert(entry);
-  /* We should have a count of 0. */
-  tt_uint_op(entry->dos_stats.conn_stats.concurrent_count, OP_EQ, 0);
-
-  /* To make sure that his is working properly, make a unknown client
-   * connection and see if we do get it. */
-  tor_addr_parse(&TO_CONN(&or_conn)->addr, "42.42.42.43");
-  geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &TO_CONN(&or_conn)->addr,
-                         NULL, 0);
-  or_conn.tracked_for_dos_mitigation = 0;
-  dos_new_client_conn(&or_conn, NULL);
-  or_conn.tracked_for_dos_mitigation = 0;
-  dos_new_client_conn(&or_conn, NULL);
-  entry = geoip_lookup_client(&TO_CONN(&or_conn)->addr, NULL,
-                              GEOIP_CLIENT_CONNECT);
-  tt_assert(entry);
-  /* We should have a count of 2. */
-  tt_uint_op(entry->dos_stats.conn_stats.concurrent_count, OP_EQ, 2);
+  /* We should have a count of 5. */
+  tt_uint_op(entry->dos_stats.conn_stats.concurrent_count, OP_EQ, 5);
 
  done:
-  routerstatus_free(rs); routerinfo_free(ri); microdesc_free(md);
+  routerstatus_free(rs);
   smartlist_clear(dummy_ns->routerstatus_list);
   networkstatus_vote_free(dummy_ns);
   dos_free_all();