diff options
| author | David Goulet <dgoulet@torproject.org> | 2018-04-17 08:38:34 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-04-17 10:44:43 -0400 |
| commit | 93ff1870ba153332ab695e53d906da6a14a8097c (patch) | |
| tree | c3755b27a3617e9c977ee036c64430e1d77f9ace /src/test/test_status.c | |
| parent | 9ef4c05df8323850b5894782f435da15810d6189 (diff) | |
| download | tor-93ff1870ba153332ab695e53d906da6a14a8097c.tar.gz tor-93ff1870ba153332ab695e53d906da6a14a8097c.zip | |
heartbeat: Log the number of circuits killed because too many cells
We recently merged a circuit cell queue size safeguard. This commit adds the
number of killed circuits that have reached the limit to the DoS heartbeat. It
now looks like this:
[notice] DoS mitigation since startup: 0 circuits killed with too many
cells. 0 circuits rejected, 0 marked addresses. 0 connections closed. 0
single hop clients refused.
Second thing that this patch does. It makes tor always print the DoS
mitigation heartbeat line (for a relay) even though no DoS mitigation have
been enabled. The reason is because we now kill circuits that have too many
cells regardless on if it is enabled or not but also it will give the operator
a chance to learn what is enabled with the heartbeat instead of suddenly
appearing when it is enabled by let say the consensus.
Fixes #25824
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/test/test_status.c')
| -rw-r--r-- | src/test/test_status.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/test/test_status.c b/src/test/test_status.c index 50ea203e4d..b4ca17891b 100644 --- a/src/test/test_status.c +++ b/src/test/test_status.c @@ -340,7 +340,7 @@ NS(test_main)(void *arg) actual = log_heartbeat(0); tt_int_op(actual, OP_EQ, expected); - tt_int_op(CALLED(logv), OP_EQ, 5); + tt_int_op(CALLED(logv), OP_EQ, 6); done: NS_UNMOCK(tls_get_write_overhead_ratio); @@ -439,6 +439,16 @@ NS(logv)(int severity, log_domain_mask_t domain, tt_ptr_op(strstr(funcname, "rep_hist_log_link_protocol_counts"), OP_NE, NULL); break; + case 5: + tt_int_op(severity, OP_EQ, LOG_NOTICE); + tt_int_op(domain, OP_EQ, LD_HEARTBEAT); + tt_str_op(format, OP_EQ, "DoS mitigation since startup:%s%s%s%s"); + tt_str_op(va_arg(ap, char *), OP_EQ, + " 0 circuits killed with too many cells."); + tt_str_op(va_arg(ap, char *), OP_EQ, " [cc not enabled]"); + tt_str_op(va_arg(ap, char *), OP_EQ, " [conn not enabled]"); + tt_str_op(va_arg(ap, char *), OP_EQ, ""); + break; default: tt_abort_msg("unexpected call to logv()"); // TODO: prettyprint args break; |