diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-03-03 11:55:29 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-03-03 11:55:29 -0500 |
| commit | 9ebb361fd9b4489165215c7679d54dccfb074860 (patch) | |
| tree | 580fb664f64f03983d73881e6f45aa5434759cfa /dir-spec.txt | |
| parent | d4a64fbf5aaba383638d9f3c70bd2951f8c5ad89 (diff) | |
| parent | ed14d85d57cdcf0742040a57e9f0a75f69567482 (diff) | |
| download | torspec-9ebb361fd9b4489165215c7679d54dccfb074860.tar.gz torspec-9ebb361fd9b4489165215c7679d54dccfb074860.zip | |
Merge branch 'ticket25095_01_squashed'
Diffstat (limited to 'dir-spec.txt')
| -rw-r--r-- | dir-spec.txt | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/dir-spec.txt b/dir-spec.txt index 12ece96..186c4a8 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -1997,6 +1997,47 @@ Min 1. Max 10. Default 2. First-appeared: 0.3.3.0-alpha. + Denial of Service mitigation parameters. Introduced in 0.3.3.2-alpha: + + "DoSCircuitCreationEnabled" -- Enable the circuit creation DoS + mitigation. + + "DoSCircuitCreationMinConnections" -- Minimum threshold of concurrent + connections before a client address can be flagged as executing a + circuit creation DoS + + "DoSCircuitCreationRate" -- Allowed circuit creation rate per second + per client IP address once the minimum concurrent connection + threshold is reached. + + "DoSCircuitCreationBurst" -- The allowed circuit creation burst per + client IP address once the minimum concurrent connection threshold is + reached. + + "DoSCircuitCreationDefenseType" -- Defense type applied to a detected + client address for the circuit creation mitigation. + + 1: No defense. + 2: Refuse circuit creation for the + DoSCircuitCreationDefenseTimePeriod period. + + "DoSCircuitCreationDefenseTimePeriod" -- The base time period that + the DoS defense is activated for. + + "DoSConnectionEnabled" -- Enable the connection DoS mitigation. + + "DoSConnectionMaxConcurrentCount" -- The maximum threshold of + concurrent connection from a client IP address. + + "DoSConnectionDefenseType" -- Defense type applied to a detected + client address for the connection mitigation. Possible values are: + + 1: No defense. + 2: Immediately close new connections. + + "DoSRefuseSingleHopClientRendezvous" -- Refuse establishment of + rendezvous points for single hop clients. + "shared-rand-previous-value" SP NumReveals SP Value NL [At most once] |