From 1bfc91a029839f36e04c8204d1bccaa04a5c2afd Mon Sep 17 00:00:00 2001
From: David Goulet <dgoulet@torproject.org>
Date: Thu, 25 Jan 2018 16:20:52 -0500
Subject: dos: Apply defense for circuit creation DoS

If the client address was detected as malicious, apply a defense which is at
this commit to return a DESTROY cell.

Signed-off-by: David Goulet <dgoulet@torproject.org>
---
 src/or/command.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/or/command.c')

diff --git a/src/or/command.c b/src/or/command.c
index d2df55a4be..0d2808e236 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -290,6 +290,13 @@ command_process_create_cell(cell_t *cell, channel_t *chan)
     return;
   }
 
+  /* Check if we should apply a defense for this channel. */
+  if (dos_cc_get_defense_type(chan) == DOS_CC_DEFENSE_REFUSE_CELL) {
+    channel_send_destroy(cell->circ_id, chan,
+                         END_CIRC_REASON_RESOURCELIMIT);
+    return;
+  }
+
   if (!server_mode(options) ||
       (!public_server_mode(options) && channel_is_outgoing(chan))) {
     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-- 
cgit v1.2.3-54-g00ecf