24 Apr
2024
24 Apr
'24
9:12 p.m.
Hello,
today we saw yet another outbound flooding affecting our exit relays and we were eager to see the effect of https://gitlab.torproject.org/tpo/core/tor/-/issues/40736 but we did not see any and according to metric tor_relay_dos_total{type="stream_rejected"} the protection did not trigger.
What are the consensus parameter names for these settings so we can check there current consensus values?
DoSStreamCreationEnabled 0|1|auto Enable the stream DoS mitigation. If set to 1 (enabled), tor will apply rate limit on the creation of new streams and dns requests per circuit. "auto" means use the consensus parameter. If not defined in the consensus, the value is 0. (Default: auto) DoSStreamCreationDefenseType NUM This is the type of defense applied to a detected circuit or stream for the stream mitigation. The possible values are: 1: No defense. 2: Reject the stream or resolve request. 3: Close the circuit creating too many streams. "0" means use the consensus parameter. If not defined in the consensus, the value is 2. (Default: 0) DoSStreamCreationRate NUM The allowed rate of stream creation from a single circuit per second. Coupled with the burst (see below), if the limit is reached, actions can be taken against the stream or circuit (DoSStreamCreationDefenseType). If not defined or set to 0, it is controlled by a consensus parameter. If not defined in the consensus, the value is 100. (Default: 0) DoSStreamCreationBurst NUM The allowed burst of stream creation from a circuit per second. See the DoSStreamCreationRate for more details on this detection. If not defined or set to 0, it is controlled by a consensus parameter. If not defined in the consensus, the value is 300. (Default: 0)
thanks! tor@appliedprivacy.net