dos: Add the connection DoS mitigation subsystem

Defend against an address that has reached the concurrent connection count threshold. Signed-off-by: David Goulet <dgoulet@torproject.org>
author: David Goulet <dgoulet@torproject.org> 2018-01-25 16:28:54 -0500
committer: David Goulet <dgoulet@torproject.org> 2018-01-30 09:18:15 -0500
commit: acf7ea77d8d76830924a14145afbcf3c95a06b0e (patch)
tree: 83fa38059defe75af1dbcb905370c0b79ed25082 /src/or/connection.c
parent: 1bfc91a029839f36e04c8204d1bccaa04a5c2afd (diff)
download: tor-acf7ea77d8d76830924a14145afbcf3c95a06b0e.tar.gz
tor-acf7ea77d8d76830924a14145afbcf3c95a06b0e.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/or/connection.c b/src/or/connection.c
index 15f489c6b4..791fd95c27 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1600,6 +1600,14 @@ connection_handle_listener_read(connection_t *conn, int new_type)
         return 0;
       }
     }
+    if (new_type == CONN_TYPE_OR) {
+      /* Assess with the connection DoS mitigation subsystem if this address
+       * can open a new connection. */
+      if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
+        tor_close_socket(news);
+        return 0;
+      }
+    }
 
     newconn = connection_new(new_type, conn->socket_family);
     newconn->s = news;
author	David Goulet <dgoulet@torproject.org>	2018-01-25 16:28:54 -0500
committer	David Goulet <dgoulet@torproject.org>	2018-01-30 09:18:15 -0500
commit	acf7ea77d8d76830924a14145afbcf3c95a06b0e (patch)
tree	83fa38059defe75af1dbcb905370c0b79ed25082 /src/or/connection.c
parent	1bfc91a029839f36e04c8204d1bccaa04a5c2afd (diff)
download	tor-acf7ea77d8d76830924a14145afbcf3c95a06b0e.tar.gz tor-acf7ea77d8d76830924a14145afbcf3c95a06b0e.zip