This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main in repository tor.
commit c8d8fa0d3639058544ffe153c1b83e0ed80bf43a Author: David Goulet dgoulet@torproject.org AuthorDate: Wed Oct 12 09:25:01 2022 -0400
relay: Add number of rejected connections to MetricsPort
Related to #40194
Signed-off-by: David Goulet dgoulet@torproject.org --- src/core/mainloop/connection.c | 3 +++ src/core/or/connection_edge.c | 2 ++ src/feature/relay/relay_metrics.c | 5 +++++ src/feature/stats/rephist.c | 19 +++++++++++++++++++ src/feature/stats/rephist.h | 2 ++ 5 files changed, 31 insertions(+)
diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index c6af478c44..8bb3534b28 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -2013,6 +2013,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) log_notice(LD_APP, "Denying socks connection from untrusted address %s.", fmt_and_decorate_addr(&addr)); + rep_hist_note_conn_rejected(new_type); tor_close_socket(news); return 0; } @@ -2022,6 +2023,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) if (dir_policy_permits_address(&addr) == 0) { log_notice(LD_DIRSERV,"Denying dir connection from address %s.", fmt_and_decorate_addr(&addr)); + rep_hist_note_conn_rejected(new_type); tor_close_socket(news); return 0; } @@ -2030,6 +2032,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) /* Assess with the connection DoS mitigation subsystem if this address * can open a new connection. */ if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) { + rep_hist_note_conn_rejected(new_type); tor_close_socket(news); return 0; } diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index ea4bf00735..7ba7ecc4c5 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -4206,6 +4206,7 @@ connection_exit_connect(edge_connection_t *edge_conn) log_info(LD_EXIT,"%s failed exit policy%s. Closing.", connection_describe(conn), why_failed_exit_policy); + rep_hist_note_conn_rejected(conn->type); connection_edge_end(edge_conn, END_STREAM_REASON_EXITPOLICY); circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn); connection_free(conn); @@ -4233,6 +4234,7 @@ connection_exit_connect(edge_connection_t *edge_conn) nodelist_reentry_contains(&conn->addr, conn->port)) { log_info(LD_EXIT, "%s tried to connect back to a known relay address. " "Closing.", connection_describe(conn)); + rep_hist_note_conn_rejected(conn->type); connection_edge_end(edge_conn, END_STREAM_REASON_CONNECTREFUSED); circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn); connection_free(conn); diff --git a/src/feature/relay/relay_metrics.c b/src/feature/relay/relay_metrics.c index efe77473aa..8d0fef86b3 100644 --- a/src/feature/relay/relay_metrics.c +++ b/src/feature/relay/relay_metrics.c @@ -170,6 +170,11 @@ fill_connections_values(void) rentry->help); fill_single_connection_value(sentry, i, "received", "opened", rep_hist_get_conn_opened(true, i)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_connection_value(sentry, i, "received", "rejected", + rep_hist_get_conn_rejected(i)); } }
diff --git a/src/feature/stats/rephist.c b/src/feature/stats/rephist.c index b272f27909..f12b1e8a70 100644 --- a/src/feature/stats/rephist.c +++ b/src/feature/stats/rephist.c @@ -1651,6 +1651,8 @@ rep_hist_note_exit_stream_opened(uint16_t port) static uint64_t conn_num_created[2][CONN_TYPE_MAX_]; /** Number of connections opened per direction per type. */ static uint64_t conn_num_opened[2][CONN_TYPE_MAX_]; +/** Number of connections rejected per type. Always inbound. */ +static uint64_t conn_num_rejected[CONN_TYPE_MAX_];
/** Note that a connection has opened of the given type. */ void @@ -1677,6 +1679,15 @@ rep_hist_note_conn_closed(bool from_listener, unsigned int type) } }
+/** Note that a connection has rejected of the given type. */ +void +rep_hist_note_conn_rejected(unsigned int type) +{ + tor_assert(type <= CONN_TYPE_MAX_); + + conn_num_rejected[type]++; +} + /** Return number of created connections of the given type. */ uint64_t rep_hist_get_conn_created(bool from_listener, unsigned int type) @@ -1695,6 +1706,14 @@ rep_hist_get_conn_opened(bool from_listener, unsigned int type) return conn_num_opened[dir][type]; }
+/** Return number of opened connections of the given type. */ +uint64_t +rep_hist_get_conn_rejected(unsigned int type) +{ + tor_assert(type <= CONN_TYPE_MAX_); + return conn_num_rejected[type]; +} + /*** cell statistics ***/
/** Start of the current buffer stats interval or 0 if we're not diff --git a/src/feature/stats/rephist.h b/src/feature/stats/rephist.h index 21808cdee8..2a83dd185e 100644 --- a/src/feature/stats/rephist.h +++ b/src/feature/stats/rephist.h @@ -43,8 +43,10 @@ void rep_hist_note_exit_stream_opened(uint16_t port);
void rep_hist_note_conn_opened(bool initiated, unsigned int type); void rep_hist_note_conn_closed(bool initiated, unsigned int type); +void rep_hist_note_conn_rejected(unsigned int type); uint64_t rep_hist_get_conn_created(bool initiated, unsigned int type); uint64_t rep_hist_get_conn_opened(bool initiated, unsigned int type); +uint64_t rep_hist_get_conn_rejected(unsigned int type);
void rep_hist_buffer_stats_init(time_t now); void rep_hist_buffer_stats_add_circ(circuit_t *circ,