dos: Apply defense for circuit creation DoS

If the client address was detected as malicious, apply a defense which is at this commit to return a DESTROY cell. Signed-off-by: David Goulet <dgoulet@torproject.org>
author: David Goulet <dgoulet@torproject.org> 2018-01-25 16:20:52 -0500
committer: David Goulet <dgoulet@torproject.org> 2018-01-30 09:18:15 -0500
commit: 1bfc91a029839f36e04c8204d1bccaa04a5c2afd (patch)
tree: 3fa04954da910773e4267567fc6332cb110c55bb /src/or/command.c
parent: 97abb3543b858afd27ed857903814175c1dfbf12 (diff)
download: tor-1bfc91a029839f36e04c8204d1bccaa04a5c2afd.tar.gz
tor-1bfc91a029839f36e04c8204d1bccaa04a5c2afd.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/or/command.c b/src/or/command.c
index d2df55a4be..0d2808e236 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -290,6 +290,13 @@ command_process_create_cell(cell_t *cell, channel_t *chan)
     return;
   }
 
+  /* Check if we should apply a defense for this channel. */
+  if (dos_cc_get_defense_type(chan) == DOS_CC_DEFENSE_REFUSE_CELL) {
+    channel_send_destroy(cell->circ_id, chan,
+                         END_CIRC_REASON_RESOURCELIMIT);
+    return;
+  }
+
   if (!server_mode(options) ||
       (!public_server_mode(options) && channel_is_outgoing(chan))) {
     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
author	David Goulet <dgoulet@torproject.org>	2018-01-25 16:20:52 -0500
committer	David Goulet <dgoulet@torproject.org>	2018-01-30 09:18:15 -0500
commit	1bfc91a029839f36e04c8204d1bccaa04a5c2afd (patch)
tree	3fa04954da910773e4267567fc6332cb110c55bb /src/or/command.c
parent	97abb3543b858afd27ed857903814175c1dfbf12 (diff)
download	tor-1bfc91a029839f36e04c8204d1bccaa04a5c2afd.tar.gz tor-1bfc91a029839f36e04c8204d1bccaa04a5c2afd.zip