nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 13:53:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

added OnionsPerSecond to prevent create flooding

Browse Source 
first cut, probably needs more playing with


svn:r137
This commit is contained in:
Roger Dingledine 2002-11-23 08:49:03 +00:00
parent 00a9e3732e
commit ab0aee04d9
4 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/or/command.c
View File

@ -4,6 +4,8 @@
#include "or.h" #include "or.h"
extern or_options_t options; /* command-line and config-file options */
void command_process_cell(cell_t *cell, connection_t *conn) { void command_process_cell(cell_t *cell, connection_t *conn) {
switch(cell->command) { switch(cell->command) {
@ -129,6 +131,14 @@ void command_process_create_cell(cell_t *cell, connection_t *conn) {
/* we're all ready to go now. */ /* we're all ready to go now. */
circ->state = CIRCUIT_STATE_OPEN; circ->state = CIRCUIT_STATE_OPEN;
conn->onions_handled_this_second++;
log(LOG_DEBUG,"command_process_create_cell(): Processing onion %d for this second.",conn->onions_handled_this_second);
if(conn->onions_handled_this_second > options.OnionsPerSecond) {
log(LOG_DEBUG,"command_process_create_cell(): Received too many onions (now %d) this second. Closing.", conn->onions_handled_this_second);
circuit_close(circ);
return;
}
if(process_onion(circ, conn) < 0) { if(process_onion(circ, conn) < 0) {
log(LOG_DEBUG,"command_process_create_cell(): Onion processing failed. Closing."); log(LOG_DEBUG,"command_process_create_cell(): Onion processing failed. Closing.");
circuit_close(circ); circuit_close(circ);

2
src/or/config.c
View File

@ -181,6 +181,7 @@ void config_assign(or_options_t *options, struct config_line *list) {
config_compare(list, "DirRebuildPeriod",CONFIG_TYPE_INT, &options->DirRebuildPeriod) || config_compare(list, "DirRebuildPeriod",CONFIG_TYPE_INT, &options->DirRebuildPeriod) ||
config_compare(list, "DirFetchPeriod", CONFIG_TYPE_INT, &options->DirFetchPeriod) || config_compare(list, "DirFetchPeriod", CONFIG_TYPE_INT, &options->DirFetchPeriod) ||
config_compare(list, "KeepalivePeriod", CONFIG_TYPE_INT, &options->KeepalivePeriod) || config_compare(list, "KeepalivePeriod", CONFIG_TYPE_INT, &options->KeepalivePeriod) ||
config_compare(list, "OnionsPerSecond", CONFIG_TYPE_INT, &options->OnionsPerSecond) ||
/* float options */ /* float options */
config_compare(list, "CoinWeight", CONFIG_TYPE_DOUBLE, &options->CoinWeight) config_compare(list, "CoinWeight", CONFIG_TYPE_DOUBLE, &options->CoinWeight)
@ -213,6 +214,7 @@ int getconfig(int argc, char **argv, or_options_t *options) {
options->DirRebuildPeriod = 600; options->DirRebuildPeriod = 600;
options->DirFetchPeriod = 6000; options->DirFetchPeriod = 6000;
options->KeepalivePeriod = 300; options->KeepalivePeriod = 300;
options->OnionsPerSecond = 50;
// options->ReconnectPeriod = 6001; // options->ReconnectPeriod = 6001;
options->Role = ROLE_OR_LISTEN | ROLE_OR_CONNECT_ALL | ROLE_OP_LISTEN | ROLE_AP_LISTEN; options->Role = ROLE_OR_LISTEN | ROLE_OR_CONNECT_ALL | ROLE_OP_LISTEN | ROLE_AP_LISTEN;

20
src/or/main.c
View File

@ -301,7 +301,7 @@ void check_conn_marked(int i) {
int prepare_for_poll(int *timeout) { int prepare_for_poll(int *timeout) {
int i; int i;
int need_to_refill_buckets = 0; int need_to_wake_soon = 0;
connection_t *conn = NULL; connection_t *conn = NULL;
connection_t *tmpconn; connection_t *tmpconn;
struct timeval now, soonest; struct timeval now, soonest;
@ -371,29 +371,33 @@ int prepare_for_poll(int *timeout) {
} }
assert(*timeout >= 0); assert(*timeout >= 0);
/* blow away any connections that need to die. can't do this later /* blow away any connections that need to die. can't do this later
* because we might open up a circuit and not realize it. * because we might open up a circuit and not realize it we're about to cull it.
*/ */
for(i=0;i<nfds;i++) for(i=0;i<nfds;i++)
check_conn_marked(i); check_conn_marked(i);
/* check if we need to refill buckets */ /* check if we need to refill buckets or zero out any per-second stats */
for(i=0;i<nfds;i++) { for(i=0;i<nfds;i++) {
if(connection_receiver_bucket_should_increase(connection_array[i])) { if(connection_receiver_bucket_should_increase(connection_array[i]) ||
need_to_refill_buckets = 1; connection_array[i]->onions_handled_this_second) {
need_to_wake_soon = 1;
break; break;
} }
} }
if(need_to_refill_buckets) { if(need_to_wake_soon) {
if(now.tv_sec > current_second) { /* the second has already rolled over! */ if(now.tv_sec > current_second) { /* the second has already rolled over! */
// log(LOG_DEBUG,"prepare_for_poll(): The second has rolled over, immediately refilling."); // log(LOG_DEBUG,"prepare_for_poll(): The second has rolled over, immediately refilling.");
for(i=0;i<nfds;i++) for(i=0;i<nfds;i++) {
connection_increment_receiver_bucket(connection_array[i]); connection_increment_receiver_bucket(connection_array[i]);
current_second = now.tv_sec; /* remember which second it is, for next time */ connection_array[i]->onions_handled_this_second = 0;
} }
current_second = now.tv_sec; /* remember which second it is, for next time */
} else {
/* this timeout is definitely sooner than any of the above ones */ /* this timeout is definitely sooner than any of the above ones */
*timeout = 1000 - (now.tv_usec / 1000); /* how many milliseconds til the next second? */ *timeout = 1000 - (now.tv_usec / 1000); /* how many milliseconds til the next second? */
} }
}
if(options.LinkPadding) { if(options.LinkPadding) {
/* now check which conn wants to speak soonest */ /* now check which conn wants to speak soonest */

3
src/or/or.h
View File

@ -216,6 +216,8 @@ typedef struct
long timestamp_created; long timestamp_created;
int onions_handled_this_second;
// uint16_t aci; /* anonymous connection identifier */ // uint16_t aci; /* anonymous connection identifier */
/* used by OR and OP: */ /* used by OR and OP: */
@ -376,6 +378,7 @@ typedef struct
int DirRebuildPeriod; int DirRebuildPeriod;
int DirFetchPeriod; int DirFetchPeriod;
int KeepalivePeriod; int KeepalivePeriod;
int OnionsPerSecond;
int Role; int Role;
int loglevel; int loglevel;
} or_options_t; } or_options_t;