diff options
author | David Goulet <dgoulet@torproject.org> | 2018-02-13 09:44:07 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2018-03-03 11:55:04 -0500 |
commit | ed14d85d57cdcf0742040a57e9f0a75f69567482 (patch) | |
tree | ec146afaf4a30db6e1e3cb5b44f61f2a5e97f3b8 /dir-spec.txt | |
parent | ef91cd6a595128847c991eb875d105b850d60fcf (diff) | |
download | torspec-ed14d85d57cdcf0742040a57e9f0a75f69567482.tar.gz torspec-ed14d85d57cdcf0742040a57e9f0a75f69567482.zip |
tor-spec: Document DoS mitigation consensus param
Closes #25095
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'dir-spec.txt')
-rw-r--r-- | dir-spec.txt | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/dir-spec.txt b/dir-spec.txt index ece2991..bcfa62c 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -1995,6 +1995,47 @@ Min 1. Max 10. Default 2. First-appeared: 0.3.3.0-alpha. + Denial of Service mitigation parameters. Introduced in 0.3.3.2-alpha: + + "DoSCircuitCreationEnabled" -- Enable the circuit creation DoS + mitigation. + + "DoSCircuitCreationMinConnections" -- Minimum threshold of concurrent + connections before a client address can be flagged as executing a + circuit creation DoS + + "DoSCircuitCreationRate" -- Allowed circuit creation rate per second + per client IP address once the minimum concurrent connection + threshold is reached. + + "DoSCircuitCreationBurst" -- The allowed circuit creation burst per + client IP address once the minimum concurrent connection threshold is + reached. + + "DoSCircuitCreationDefenseType" -- Defense type applied to a detected + client address for the circuit creation mitigation. + + 1: No defense. + 2: Refuse circuit creation for the + DoSCircuitCreationDefenseTimePeriod period. + + "DoSCircuitCreationDefenseTimePeriod" -- The base time period that + the DoS defense is activated for. + + "DoSConnectionEnabled" -- Enable the connection DoS mitigation. + + "DoSConnectionMaxConcurrentCount" -- The maximum threshold of + concurrent connection from a client IP address. + + "DoSConnectionDefenseType" -- Defense type applied to a detected + client address for the connection mitigation. Possible values are: + + 1: No defense. + 2: Immediately close new connections. + + "DoSRefuseSingleHopClientRendezvous" -- Refuse establishment of + rendezvous points for single hop clients. + "shared-rand-previous-value" SP NumReveals SP Value NL [At most once] |