mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2025-02-28 16:58:18 +01:00
9f738be893
This commit add the hs_dos.{c|h} file that has the purpose of having the
anti-DoS code for onion services.
At this commit, it only has one which is a function that decides if an
INTRODUCE2 can be sent on the given introduction service circuit (S<->IP)
using a simple token bucket.
The rate per second is 25 and allowed burst to 200.
Basic defenses on #15516.
Signed-off-by: David Goulet <dgoulet@torproject.org>
44 lines
964 B
C
44 lines
964 B
C
/* Copyright (c) 2019, The Tor Project, Inc. */
|
|
/* See LICENSE for licensing information */
|
|
|
|
/**
|
|
* \file hs_dos.h
|
|
* \brief Header file containing denial of service defenses for the HS
|
|
* subsystem for all versions.
|
|
**/
|
|
|
|
#ifndef TOR_HS_DOS_H
|
|
#define TOR_HS_DOS_H
|
|
|
|
#include "core/or/or_circuit_st.h"
|
|
|
|
#include "lib/evloop/token_bucket.h"
|
|
|
|
#define HS_DOS_INTRODUCE_CELL_RATE_PER_SEC 25
|
|
#define HS_DOS_INTRODUCE_CELL_BURST_PER_SEC 200
|
|
|
|
bool hs_dos_can_send_intro2(or_circuit_t *s_intro_circ);
|
|
|
|
/* Return the INTRODUCE2 cell rate per second. */
|
|
static inline
|
|
uint32_t hs_dos_get_intro2_rate(void)
|
|
{
|
|
return HS_DOS_INTRODUCE_CELL_RATE_PER_SEC;
|
|
}
|
|
|
|
/* Return the INTRODUCE2 cell burst per second. */
|
|
static inline
|
|
uint32_t hs_dos_get_intro2_burst(void)
|
|
{
|
|
return HS_DOS_INTRODUCE_CELL_BURST_PER_SEC;
|
|
}
|
|
|
|
#ifdef HS_DOS_PRIVATE
|
|
|
|
#ifdef TOR_UNIT_TESTS
|
|
|
|
#endif /* define(TOR_UNIT_TESTS) */
|
|
|
|
#endif /* defined(HS_DOS_PRIVATE) */
|
|
|
|
#endif /* !defined(TOR_HS_DOS_H) */
|