nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 21:53:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

dos: Add HS DoS INTRO2 rejected stats in heartbeat

Browse Source 
The DoS heartbeat now contains the number of rejected INTRODUCE2 cell that the
relay has seen.

Closes #31371

Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet 2019-10-31 13:57:14 -04:00
parent ff8823d03c
commit e85f86bb7b
3 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/core/or/dos.c
View File

@ -15,6 +15,7 @@
#include "core/or/channel.h" #include "core/or/channel.h"
#include "core/or/connection_or.h" #include "core/or/connection_or.h"
#include "core/or/relay.h" #include "core/or/relay.h"
#include "feature/hs/hs_dos.h"
#include "feature/nodelist/networkstatus.h" #include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h" #include "feature/nodelist/nodelist.h"
#include "feature/relay/routermode.h" #include "feature/relay/routermode.h"
@ -629,6 +630,7 @@ dos_log_heartbeat(void)
char *cc_msg = NULL; char *cc_msg = NULL;
char *single_hop_client_msg = NULL; char *single_hop_client_msg = NULL;
char *circ_stats_msg = NULL; char *circ_stats_msg = NULL;
char *hs_dos_intro2_msg = NULL;
/* Stats number coming from relay.c append_cell_to_circuit_queue(). */ /* Stats number coming from relay.c append_cell_to_circuit_queue(). */
tor_asprintf(&circ_stats_msg, tor_asprintf(&circ_stats_msg,
@ -654,17 +656,24 @@ dos_log_heartbeat(void)
num_single_hop_client_refused); num_single_hop_client_refused);
} }
/* HS DoS stats. */
tor_asprintf(&hs_dos_intro2_msg,
" %" PRIu64 " INTRODUCE2 rejected.",
hs_dos_get_intro2_rejected_count());
log_notice(LD_HEARTBEAT, log_notice(LD_HEARTBEAT,
"DoS mitigation since startup:%s%s%s%s", "DoS mitigation since startup:%s%s%s%s%s",
circ_stats_msg, circ_stats_msg,
(cc_msg != NULL) ? cc_msg : " [cc not enabled]", (cc_msg != NULL) ? cc_msg : " [cc not enabled]",
(conn_msg != NULL) ? conn_msg : " [conn not enabled]", (conn_msg != NULL) ? conn_msg : " [conn not enabled]",
(single_hop_client_msg != NULL) ? single_hop_client_msg : ""); (single_hop_client_msg != NULL) ? single_hop_client_msg : "",
(hs_dos_intro2_msg != NULL) ? hs_dos_intro2_msg : "");
tor_free(conn_msg); tor_free(conn_msg);
tor_free(cc_msg); tor_free(cc_msg);
tor_free(single_hop_client_msg); tor_free(single_hop_client_msg);
tor_free(circ_stats_msg); tor_free(circ_stats_msg);
tor_free(hs_dos_intro2_msg);
return; return;
} }

7
src/feature/hs/hs_dos.c
View File

@ -206,6 +206,13 @@ hs_dos_can_send_intro2(or_circuit_t *s_intro_circ)
return true; return true;
} }
/* Return rolling count of rejected INTRO2. */
uint64_t
hs_dos_get_intro2_rejected_count(void)
{
return intro2_rejected_count;
}
/* Initialize the onion service Denial of Service subsystem. */ /* Initialize the onion service Denial of Service subsystem. */
void void
hs_dos_init(void) hs_dos_init(void)

3
src/feature/hs/hs_dos.h
View File

@ -24,6 +24,9 @@ void hs_dos_consensus_has_changed(const networkstatus_t *ns);
bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ); bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ);
void hs_dos_setup_default_intro2_defenses(or_circuit_t *circ); void hs_dos_setup_default_intro2_defenses(or_circuit_t *circ);
/* Statistics. */
uint64_t hs_dos_get_intro2_rejected_count(void);
#ifdef HS_DOS_PRIVATE #ifdef HS_DOS_PRIVATE
#ifdef TOR_UNIT_TESTS #ifdef TOR_UNIT_TESTS