[tor-relays] DoSStreamCreation consensus parameters
tor_appliedprivacy.net
tor at appliedprivacy.net
Wed Apr 24 21:12:18 UTC 2024
Hello,
today we saw yet another outbound flooding affecting our exit relays
and we were eager to see the effect of
https://gitlab.torproject.org/tpo/core/tor/-/issues/40736
but we did not see any
and according to metric
tor_relay_dos_total{type="stream_rejected"}
the protection did not trigger.
What are the consensus parameter names for these settings so we can
check there current consensus values?
> DoSStreamCreationEnabled 0|1|auto
> Enable the stream DoS mitigation. If set to 1 (enabled), tor will
> apply rate limit on the creation of new streams and dns requests
> per circuit. "auto" means use the consensus parameter. If not
> defined in the consensus, the value is 0. (Default: auto)
>
> DoSStreamCreationDefenseType NUM
> This is the type of defense applied to a detected circuit or stream
> for the stream mitigation. The possible values are:
>
> 1: No defense.
>
> 2: Reject the stream or resolve request.
>
> 3: Close the circuit creating too many streams.
>
> "0" means use the consensus parameter. If not defined in the
> consensus, the value is 2. (Default: 0)
>
> DoSStreamCreationRate NUM
> The allowed rate of stream creation from a single circuit per
> second. Coupled with the burst (see below), if the limit is
> reached, actions can be taken against the stream or circuit
> (DoSStreamCreationDefenseType). If not defined or set to 0, it is
> controlled by a consensus parameter. If not defined in the
> consensus, the value is 100. (Default: 0)
>
> DoSStreamCreationBurst NUM
> The allowed burst of stream creation from a circuit per second. See
> the DoSStreamCreationRate for more details on this detection. If
> not defined or set to 0, it is controlled by a consensus parameter.
> If not defined in the consensus, the value is 300. (Default: 0)
thanks!
tor at appliedprivacy.net
More information about the tor-relays
mailing list