mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
dos: Change the DoS heartbeat line format
Fix a bug introduced in 94b56eaa75 which
overwrite the connection message line.
Furthermore, improve how we generate that line by using a smartlist and change
the format so it is clearer of what is being rejected/detected and, if
applicable, which option is disabled thus yielding no stats.
Closes #40308
Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet
parent
83ab6adb10
commit
c96465259a
5
changes/changes40308
Normal file
5
changes/changes40308
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
o Minor feature (DoS log heartbeat):
|
||||||
|
- Change the DoS subsystem heartbeat line format so be more clear on what
|
||||||
|
has been detected/rejected and which option is disabled if any. Closes
|
||||||
|
ticket 40308.
|
||||||
|
|
||||||
@ -776,58 +776,54 @@ dos_should_refuse_single_hop_client(void)
|
|||||||
void
|
void
|
||||||
dos_log_heartbeat(void)
|
dos_log_heartbeat(void)
|
||||||
{
|
{
|
||||||
char *conn_msg = NULL;
|
smartlist_t *elems = smartlist_new();
|
||||||
char *cc_msg = NULL;
|
|
||||||
char *single_hop_client_msg = NULL;
|
|
||||||
char *circ_stats_msg = NULL;
|
|
||||||
char *hs_dos_intro2_msg = NULL;
|
|
||||||
|
|
||||||
/* Stats number coming from relay.c append_cell_to_circuit_queue(). */
|
/* Stats number coming from relay.c append_cell_to_circuit_queue(). */
|
||||||
tor_asprintf(&circ_stats_msg,
|
smartlist_add_asprintf(elems,
|
||||||
" %" PRIu64 " circuits killed with too many cells.",
|
"%" PRIu64 " circuits killed with too many cells",
|
||||||
stats_n_circ_max_cell_reached);
|
stats_n_circ_max_cell_reached);
|
||||||
|
|
||||||
if (dos_cc_enabled) {
|
if (dos_cc_enabled) {
|
||||||
tor_asprintf(&cc_msg,
|
smartlist_add_asprintf(elems,
|
||||||
" %" PRIu64 " circuits rejected,"
|
"%" PRIu64 " circuits rejected, "
|
||||||
" %" PRIu32 " marked addresses.",
|
"%" PRIu32 " marked addresses",
|
||||||
cc_num_rejected_cells, cc_num_marked_addrs);
|
cc_num_rejected_cells, cc_num_marked_addrs);
|
||||||
|
} else {
|
||||||
|
smartlist_add_asprintf(elems, "[DoSCircuitCreationEnabled disabled]");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dos_conn_enabled) {
|
if (dos_conn_enabled) {
|
||||||
tor_asprintf(&conn_msg,
|
smartlist_add_asprintf(elems,
|
||||||
" %" PRIu64 " connections closed.",
|
"%" PRIu64 " same address concurrent "
|
||||||
conn_num_addr_rejected);
|
"connections rejected", conn_num_addr_rejected);
|
||||||
tor_asprintf(&conn_msg,
|
smartlist_add_asprintf(elems,
|
||||||
" %" PRIu64 " connect() connections closed.",
|
"%" PRIu64 " connections rejected",
|
||||||
conn_num_addr_connect_rejected);
|
conn_num_addr_connect_rejected);
|
||||||
|
} else {
|
||||||
|
smartlist_add_asprintf(elems, "[DoSConnectionEnabled disabled]");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dos_should_refuse_single_hop_client()) {
|
if (dos_should_refuse_single_hop_client()) {
|
||||||
tor_asprintf(&single_hop_client_msg,
|
smartlist_add_asprintf(elems,
|
||||||
" %" PRIu64 " single hop clients refused.",
|
"%" PRIu64 " single hop clients refused",
|
||||||
num_single_hop_client_refused);
|
num_single_hop_client_refused);
|
||||||
|
} else {
|
||||||
|
smartlist_add_asprintf(elems,
|
||||||
|
"[DoSRefuseSingleHopClientRendezvous disabled]");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* HS DoS stats. */
|
/* HS DoS stats. */
|
||||||
tor_asprintf(&hs_dos_intro2_msg,
|
smartlist_add_asprintf(elems,
|
||||||
" %" PRIu64 " INTRODUCE2 rejected.",
|
"%" PRIu64 " INTRODUCE2 rejected",
|
||||||
hs_dos_get_intro2_rejected_count());
|
hs_dos_get_intro2_rejected_count());
|
||||||
|
|
||||||
log_notice(LD_HEARTBEAT,
|
char *msg = smartlist_join_strings(elems, ", ", 0, NULL);
|
||||||
"DoS mitigation since startup:%s%s%s%s%s",
|
|
||||||
circ_stats_msg,
|
|
||||||
(cc_msg != NULL) ? cc_msg : " [cc not enabled]",
|
|
||||||
(conn_msg != NULL) ? conn_msg : " [conn not enabled]",
|
|
||||||
(single_hop_client_msg != NULL) ? single_hop_client_msg : "",
|
|
||||||
(hs_dos_intro2_msg != NULL) ? hs_dos_intro2_msg : "");
|
|
||||||
|
|
||||||
tor_free(conn_msg);
|
log_notice(LD_HEARTBEAT, "DoS mitigation since startup: %s.", msg);
|
||||||
tor_free(cc_msg);
|
|
||||||
tor_free(single_hop_client_msg);
|
tor_free(msg);
|
||||||
tor_free(circ_stats_msg);
|
SMARTLIST_FOREACH(elems, char *, e, tor_free(e));
|
||||||
tor_free(hs_dos_intro2_msg);
|
smartlist_free(elems);
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Called when a new client connection has been established on the given
|
/* Called when a new client connection has been established on the given
|
||||||
|
|||||||
@ -360,7 +360,9 @@ test_status_hb_not_in_consensus(void *arg)
|
|||||||
"initiated 0 and received 0 v4 connections; "
|
"initiated 0 and received 0 v4 connections; "
|
||||||
"initiated 0 and received 0 v5 connections.\n");
|
"initiated 0 and received 0 v5 connections.\n");
|
||||||
expect_log_msg("DoS mitigation since startup: 0 circuits killed with "
|
expect_log_msg("DoS mitigation since startup: 0 circuits killed with "
|
||||||
"too many cells. [cc not enabled] [conn not enabled] "
|
"too many cells, [DoSCircuitCreationEnabled disabled], "
|
||||||
|
"[DoSConnectionEnabled disabled], "
|
||||||
|
"[DoSRefuseSingleHopClientRendezvous disabled], "
|
||||||
"0 INTRODUCE2 rejected.\n");
|
"0 INTRODUCE2 rejected.\n");
|
||||||
tt_int_op(mock_saved_log_n_entries(), OP_EQ, 6);
|
tt_int_op(mock_saved_log_n_entries(), OP_EQ, 6);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user