aboutsummaryrefslogtreecommitdiff
path: root/src/or/connection.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/or/connection.c')
-rw-r--r--src/or/connection.c20
1 files changed, 18 insertions, 2 deletions
diff --git a/src/or/connection.c b/src/or/connection.c
index e3b430782d..a05c9fc627 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -80,6 +80,7 @@
#include "dirserv.h"
#include "dns.h"
#include "dnsserv.h"
+#include "dos.h"
#include "entrynodes.h"
#include "ext_orport.h"
#include "geoip.h"
@@ -703,6 +704,13 @@ connection_free_,(connection_t *conn))
"connection_free");
}
#endif /* 1 */
+
+ /* Notify the circuit creation DoS mitigation subsystem that an OR client
+ * connection has been closed. And only do that if we track it. */
+ if (conn->type == CONN_TYPE_OR) {
+ dos_close_client_conn(TO_OR_CONN(conn));
+ }
+
connection_unregister_events(conn);
connection_free_minimal(conn);
}
@@ -1605,6 +1613,14 @@ connection_handle_listener_read(connection_t *conn, int new_type)
return 0;
}
}
+ if (new_type == CONN_TYPE_OR) {
+ /* Assess with the connection DoS mitigation subsystem if this address
+ * can open a new connection. */
+ if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
+ tor_close_socket(news);
+ return 0;
+ }
+ }
newconn = connection_new(new_type, conn->socket_family);
newconn->s = news;
@@ -4231,7 +4247,7 @@ connection_buf_add_buf(connection_t *conn, buf_t *buf)
/* Return a list of connections that aren't close and matches the given type
* and state. The returned list can be empty and must be freed using
- * smartlist_free(). The caller does NOT have owernship of the objects in the
+ * smartlist_free(). The caller does NOT have ownership of the objects in the
* list so it must not free them nor reference them as they can disappear. */
smartlist_t *
connection_list_by_type_state(int type, int state)
@@ -4241,7 +4257,7 @@ connection_list_by_type_state(int type, int state)
/* Return a list of connections that aren't close and matches the given type
* and purpose. The returned list can be empty and must be freed using
- * smartlist_free(). The caller does NOT have owernship of the objects in the
+ * smartlist_free(). The caller does NOT have ownership of the objects in the
* list so it must not free them nor reference them as they can disappear. */
smartlist_t *
connection_list_by_type_purpose(int type, int purpose)
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion