From f8b259c2fe2208889a26a7d9494fea0c1b97f7a4 Mon Sep 17 00:00:00 2001
From: trinity-1686a <trinity@deuxfleurs.fr>
Date: Sun, 10 Sep 2023 13:18:34 +0200
Subject: add metrics for rejected BEGIN/RESOLVE

---
 src/core/or/connection_edge.c     | 3 ++-
 src/core/or/dos.c                 | 7 +++++++
 src/core/or/dos.h                 | 1 +
 src/feature/relay/dns.h           | 2 ++
 src/feature/relay/relay_metrics.c | 6 ++++++
 5 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index 764e1c886b..0dbd5eb33f 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -4247,7 +4247,8 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
       dns_send_resolved_error_cell(dummy_conn, RESOLVED_TYPE_ERROR_TRANSIENT);
       return 0;
     case DOS_STREAM_DEFENSE_CLOSE_CIRCUIT:
-      /* TODO maybe use REASON_RESOURCELIMIT? See connection_exit_begin_conn() */
+      /* TODO maybe use REASON_RESOURCELIMIT?
+       * See connection_exit_begin_conn() */
       return -END_CIRC_REASON_NONE;
   }
 
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 63cac190fd..632a49888d 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -839,6 +839,13 @@ dos_conn_addr_get_defense_type(const tor_addr_t *addr)
 
 /* Stream creation public API. */
 
+/** Return the number of rejected stream and resolve. */
+uint64_t
+dos_get_num_stream_rejected(void)
+{
+  return stream_num_rejected;
+}
+
 /* Return the action to take against a BEGIN or RESOLVE cell. Return
  *  DOS_STREAM_DEFENSE_NONE when no action should be taken.
  *  Increment the appropriate counter when the cell was found to go over a
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index 77dce333d1..9581d9f233 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -90,6 +90,7 @@ uint64_t dos_get_num_cc_rejected(void);
 uint64_t dos_get_num_conn_addr_rejected(void);
 uint64_t dos_get_num_conn_addr_connect_rejected(void);
 uint64_t dos_get_num_single_hop_refused(void);
+uint64_t dos_get_num_stream_rejected(void);
 
 /*
  * Circuit creation DoS mitigation subsystemn interface.
diff --git a/src/feature/relay/dns.h b/src/feature/relay/dns.h
index b43b42756e..5de70039d4 100644
--- a/src/feature/relay/dns.h
+++ b/src/feature/relay/dns.h
@@ -38,6 +38,8 @@ void dns_launch_correctness_checks(void);
 #else /* !defined(HAVE_MODULE_RELAY) */
 
 #define dns_init() (0)
+#define dns_send_resolved_error_cell(conn, answer_type) \
+  ((void)(conn), (void)(answer_type))
 #define dns_seems_to_be_broken() (0)
 #define has_dns_init_failed() (0)
 #define dns_cache_total_allocation() (0)
diff --git a/src/feature/relay/relay_metrics.c b/src/feature/relay/relay_metrics.c
index 8f3b82bd96..8b8c07f580 100644
--- a/src/feature/relay/relay_metrics.c
+++ b/src/feature/relay/relay_metrics.c
@@ -433,6 +433,12 @@ fill_dos_values(void)
   metrics_store_entry_add_label(sentry,
           metrics_format_label("type", "introduce2_rejected"));
   metrics_store_entry_update(sentry, hs_dos_get_intro2_rejected_count());
+
+  sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+                             rentry->help, 0, NULL);
+  metrics_store_entry_add_label(sentry,
+          metrics_format_label("type", "stream_rejected"));
+  metrics_store_entry_update(sentry, dos_get_num_stream_rejected());
 }
 
 /** Fill function for the RELAY_METRICS_CC_COUNTERS metric. */
-- 
cgit v1.2.3-54-g00ecf