aboutsummaryrefslogtreecommitdiff
path: root/src/or/dos.h
AgeCommit message (Collapse)Author
2018-01-31dos: Make sure cc_stats_refill_bucket can't overflow while calculatingteor
Debug log the elapsed time in cc_stats_refill_bucket Part of #25094. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30dos: Make circuit rate limit per second, not tenths anymoreDavid Goulet
Because this touches too many commits at once, it is made into one single commit. Remove the use of "tenths" for the circuit rate to simplify things. We can only refill the buckets at best once every second because of the use of approx_time() and our token system is set to be 1 token = 1 circuit so make the rate a flat integer of circuit per second. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30dos: Clear connection tracked flag if geoip entry is removedDavid Goulet
Imagine this scenario. We had 10 connections over the 24h lifetime of a geoip cache entry. The lifetime of the entry has been reached so it is about to get freed but 2 connections remain for it. After the free, a third connection comes in thus making us create a new geoip entry for that address matching the 2 previous ones that are still alive. If they end up being closed, we'll have a concurrent count desynch from what the reality is. To mitigate this probably very rare scenario in practice, when we free a geoip entry and it has a concurrent count above 0, we'll go over all connections matching the address and clear out the tracked flag. So once they are closed, we don't try to decrement the count. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30dos: Add a heartbeat logDavid Goulet
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30dos: Add the DoSRefuseSingleHopClientRendezvous optionDavid Goulet
This option refuses any ESTABLISH_RENDEZVOUS cell arriving from a client connection. Its default value is "auto" for which we can turn it on or off with a consensus parameter. Default value is 0. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30dos: Add the connection DoS mitigation subsystemDavid Goulet
Defend against an address that has reached the concurrent connection count threshold. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30dos: Apply defense for circuit creation DoSDavid Goulet
If the client address was detected as malicious, apply a defense which is at this commit to return a DESTROY cell. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30dos: Detect circuit creation denial of serviceDavid Goulet
Add a function that notifies the DoS subsystem that a new CREATE cell has arrived. The statistics are updated accordingly and the IP address can also be marked as malicious if it is above threshold. At this commit, no defense is applied, just detection with a circuit creation token bucket system. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30dos: Track new and closed OR client connectionsDavid Goulet
Implement a basic connection tracking that counts the number of concurrent connections when they open and close. This commit also adds the circuit creation mitigation data structure that will be needed at later commit to keep track of the circuit rate. Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-01-30dos: Initial code of Denial of Service mitigationDavid Goulet
This commit introduces the src/or/dos.{c|h} files that contains the code for the Denial of Service mitigation subsystem. It currently contains basic functions to initialize and free the subsystem. They are used at this commit. The torrc options and consensus parameters are defined at this commit and getters are implemented. Signed-off-by: David Goulet <dgoulet@torproject.org>
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion