diff options
Diffstat (limited to 'src/core/or/dos_options.inc')
-rw-r--r-- | src/core/or/dos_options.inc | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/src/core/or/dos_options.inc b/src/core/or/dos_options.inc new file mode 100644 index 0000000000..9baa7a35b8 --- /dev/null +++ b/src/core/or/dos_options.inc @@ -0,0 +1,59 @@ +/* Copyright (c) 2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file dos_options.inc + * @brief Declare configuration options for the DoS module. + **/ + +BEGIN_CONF_STRUCT(dos_options_t) + +/** Autobool: Is the DoS connection mitigation subsystem enabled? */ +CONF_VAR(DoSConnectionEnabled, AUTOBOOL, 0, "auto") + +/** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */ +CONF_VAR(DoSCircuitCreationEnabled, AUTOBOOL, 0, "auto") + +/** Minimum concurrent connection needed from one single address before any + * defense is used. */ +CONF_VAR(DoSCircuitCreationMinConnections, POSINT, 0, "0") + +/** Circuit rate used to refill the token bucket. */ +CONF_VAR(DoSCircuitCreationRate, POSINT, 0, "0") + +/** Maximum allowed burst of circuits. Reaching that value, the address is + * detected as malicious and a defense might be used. */ +CONF_VAR(DoSCircuitCreationBurst, POSINT, 0, "0") + +/** When an address is marked as malicious, what defense should be used + * against it. See the dos_cc_defense_type_t enum. */ +CONF_VAR(DoSCircuitCreationDefenseType, INT, 0, "0") + +/** For how much time (in seconds) the defense is applicable for a malicious + * address. A random time delta is added to the defense time of an address + * which will be between 1 second and half of this value. */ +CONF_VAR(DoSCircuitCreationDefenseTimePeriod, INTERVAL, 0, "0") + +/** Maximum concurrent connection allowed per address. */ +CONF_VAR(DoSConnectionMaxConcurrentCount, POSINT, 0, "0") + +/** When an address is reaches the maximum count, what defense should be + * used against it. See the dos_conn_defense_type_t enum. */ +CONF_VAR(DoSConnectionDefenseType, INT, 0, "0") + +/** Autobool: Do we refuse single hop client rendezvous? */ +CONF_VAR(DoSRefuseSingleHopClientRendezvous, AUTOBOOL, 0, "auto") + +/** Allowed burst of client connection allowed per address. */ +CONF_VAR(DoSConnectionConnectBurst, POSINT, 0, "0") + +/** Allowed rate of client connection allowed per address. */ +CONF_VAR(DoSConnectionConnectRate, POSINT, 0, "0") + +/** For how much time (in seconds) the connection connect rate defense is +* applicable for a malicious address. A random time delta is added to the +* defense time of an address which will be between 1 second and half of this +* value. */ +CONF_VAR(DoSConnectionConnectDefenseTimePeriod, INTERVAL, 0, "0") + +END_CONF_STRUCT(dos_options_t) |