diff options
| author | David Goulet <dgoulet@torproject.org> | 2018-01-25 16:36:05 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2018-01-30 09:18:16 -0500 |
| commit | 14a8b87852887f8c20a424ff32a2b6746105dd6c (patch) | |
| tree | b9e53a30646bbcd730d5d9c7c260be77a55e16c3 | |
| parent | 36a0ae151f8f85c76b4bd91a8fc2871dd88b6005 (diff) | |
| download | tor-14a8b87852887f8c20a424ff32a2b6746105dd6c.tar.gz tor-14a8b87852887f8c20a424ff32a2b6746105dd6c.zip | |
dos: Add a heartbeat log
Signed-off-by: David Goulet <dgoulet@torproject.org>
| -rw-r--r-- | src/or/dos.c | 45 | ||||
| -rw-r--r-- | src/or/dos.h | 1 | ||||
| -rw-r--r-- | src/or/status.c | 2 |
3 files changed, 48 insertions, 0 deletions
diff --git a/src/or/dos.c b/src/or/dos.c index d98d3db16a..40e88aead0 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -555,6 +555,51 @@ dos_should_refuse_single_hop_client(void) 0 /* default */, 0, 1); } +/* Log a heartbeat message with some statistics. */ +void +dos_log_heartbeat(void) +{ + char *conn_msg = NULL; + char *cc_msg = NULL; + char *single_hop_client_msg = NULL; + + if (!dos_is_enabled()) { + goto end; + } + + if (dos_cc_enabled) { + tor_asprintf(&cc_msg, + " %" PRIu64 " circuits rejected," + " %" PRIu32 " marked addresses.", + cc_num_rejected_cells, cc_num_marked_addrs); + } + + if (dos_conn_enabled) { + tor_asprintf(&conn_msg, + " %" PRIu64 " connections closed.", + conn_num_addr_rejected); + } + + if (dos_should_refuse_single_hop_client()) { + tor_asprintf(&single_hop_client_msg, + " %" PRIu64 " single hop clients refused.", + num_single_hop_client_refused); + } + + log_notice(LD_HEARTBEAT, + "DoS mitigation since startup:%s%s%s", + (cc_msg != NULL) ? cc_msg : " [cc not enabled]", + (conn_msg != NULL) ? conn_msg : " [conn not enabled]", + (single_hop_client_msg != NULL) ? single_hop_client_msg : ""); + + tor_free(conn_msg); + tor_free(cc_msg); + tor_free(single_hop_client_msg); + + end: + return; +} + /* Called when a new client connection has been established on the given * address. */ void diff --git a/src/or/dos.h b/src/or/dos.h index ec4c033ae3..56835169d2 100644 --- a/src/or/dos.h +++ b/src/or/dos.h @@ -47,6 +47,7 @@ void dos_init(void); void dos_free_all(void); void dos_consensus_has_changed(const networkstatus_t *ns); int dos_enabled(void); +void dos_log_heartbeat(void); void dos_new_client_conn(or_connection_t *or_conn); void dos_close_client_conn(const or_connection_t *or_conn); diff --git a/src/or/status.c b/src/or/status.c index fce6a10157..fa2238b9f9 100644 --- a/src/or/status.c +++ b/src/or/status.c @@ -27,6 +27,7 @@ #include "hibernate.h" #include "rephist.h" #include "statefile.h" +#include "dos.h" static void log_accounting(const time_t now, const or_options_t *options); #include "geoip.h" @@ -145,6 +146,7 @@ log_heartbeat(time_t now) if (public_server_mode(options)) { rep_hist_log_circuit_handshake_stats(now); rep_hist_log_link_protocol_counts(); + dos_log_heartbeat(); } circuit_log_ancient_one_hop_circuits(1800); |