diff options
| author | trinity-1686a <trinity@deuxfleurs.fr> | 2023-09-10 13:18:34 +0200 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2023-10-18 13:06:04 -0400 |
| commit | f8b259c2fe2208889a26a7d9494fea0c1b97f7a4 (patch) | |
| tree | 3b75a03def98d7576465a50c80652695c26162d5 | |
| parent | 1b907d13bb97aba8badcb428623fa13e803b8d92 (diff) | |
| download | tor-f8b259c2fe2208889a26a7d9494fea0c1b97f7a4.tar.gz tor-f8b259c2fe2208889a26a7d9494fea0c1b97f7a4.zip | |
add metrics for rejected BEGIN/RESOLVE
| -rw-r--r-- | src/core/or/connection_edge.c | 3 | ||||
| -rw-r--r-- | src/core/or/dos.c | 7 | ||||
| -rw-r--r-- | src/core/or/dos.h | 1 | ||||
| -rw-r--r-- | src/feature/relay/dns.h | 2 | ||||
| -rw-r--r-- | src/feature/relay/relay_metrics.c | 6 |
5 files changed, 18 insertions, 1 deletions
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 764e1c886b..0dbd5eb33f 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -4247,7 +4247,8 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ) dns_send_resolved_error_cell(dummy_conn, RESOLVED_TYPE_ERROR_TRANSIENT); return 0; case DOS_STREAM_DEFENSE_CLOSE_CIRCUIT: - /* TODO maybe use REASON_RESOURCELIMIT? See connection_exit_begin_conn() */ + /* TODO maybe use REASON_RESOURCELIMIT? + * See connection_exit_begin_conn() */ return -END_CIRC_REASON_NONE; } diff --git a/src/core/or/dos.c b/src/core/or/dos.c index 63cac190fd..632a49888d 100644 --- a/src/core/or/dos.c +++ b/src/core/or/dos.c @@ -839,6 +839,13 @@ dos_conn_addr_get_defense_type(const tor_addr_t *addr) /* Stream creation public API. */ +/** Return the number of rejected stream and resolve. */ +uint64_t +dos_get_num_stream_rejected(void) +{ + return stream_num_rejected; +} + /* Return the action to take against a BEGIN or RESOLVE cell. Return * DOS_STREAM_DEFENSE_NONE when no action should be taken. * Increment the appropriate counter when the cell was found to go over a diff --git a/src/core/or/dos.h b/src/core/or/dos.h index 77dce333d1..9581d9f233 100644 --- a/src/core/or/dos.h +++ b/src/core/or/dos.h @@ -90,6 +90,7 @@ uint64_t dos_get_num_cc_rejected(void); uint64_t dos_get_num_conn_addr_rejected(void); uint64_t dos_get_num_conn_addr_connect_rejected(void); uint64_t dos_get_num_single_hop_refused(void); +uint64_t dos_get_num_stream_rejected(void); /* * Circuit creation DoS mitigation subsystemn interface. diff --git a/src/feature/relay/dns.h b/src/feature/relay/dns.h index b43b42756e..5de70039d4 100644 --- a/src/feature/relay/dns.h +++ b/src/feature/relay/dns.h @@ -38,6 +38,8 @@ void dns_launch_correctness_checks(void); #else /* !defined(HAVE_MODULE_RELAY) */ #define dns_init() (0) +#define dns_send_resolved_error_cell(conn, answer_type) \ + ((void)(conn), (void)(answer_type)) #define dns_seems_to_be_broken() (0) #define has_dns_init_failed() (0) #define dns_cache_total_allocation() (0) diff --git a/src/feature/relay/relay_metrics.c b/src/feature/relay/relay_metrics.c index 8f3b82bd96..8b8c07f580 100644 --- a/src/feature/relay/relay_metrics.c +++ b/src/feature/relay/relay_metrics.c @@ -433,6 +433,12 @@ fill_dos_values(void) metrics_store_entry_add_label(sentry, metrics_format_label("type", "introduce2_rejected")); metrics_store_entry_update(sentry, hs_dos_get_intro2_rejected_count()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help, 0, NULL); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "stream_rejected")); + metrics_store_entry_update(sentry, dos_get_num_stream_rejected()); } /** Fill function for the RELAY_METRICS_CC_COUNTERS metric. */ |