[tor-commits] [tor/master] dos: Make circuit rate limit per second, not tenths anymore

nickm at torproject.org nickm at torproject.org
Tue Jan 30 23:18:27 UTC 2018


commit e58a4fc6cfcdeafc2ebfb61fd3cf6d163ce2436c
Author: David Goulet <dgoulet at torproject.org>
Date:   Mon Jan 29 11:50:11 2018 -0500

    dos: Make circuit rate limit per second, not tenths anymore
    
    Because this touches too many commits at once, it is made into one single
    commit.
    
    Remove the use of "tenths" for the circuit rate to simplify things. We can
    only refill the buckets at best once every second because of the use of
    approx_time() and our token system is set to be 1 token = 1 circuit so make
    the rate a flat integer of circuit per second.
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 doc/tor.1.txt   |  8 +++-----
 src/or/config.c |  2 +-
 src/or/dos.c    | 32 ++++++++------------------------
 src/or/dos.h    |  2 +-
 src/or/or.h     |  5 ++---
 5 files changed, 15 insertions(+), 34 deletions(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index a2bbb8ab6..58997cdf3 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2466,12 +2466,10 @@ Denial of Service mitigation subsystem.
     parameter.
     (Default: 0)
 
-[[DoSCircuitCreationRateTenths]] **DoSCircuitCreationRateTenths** __NUM__::
+[[DoSCircuitCreationRate]] **DoSCircuitCreationRate** __NUM__::
 
-    The allowed circuit creation rate in tenths of circuit per second applied
-    per client IP address. For example, if you want to set a rate of 5
-    circuits per second allowed per IP address, this value should be set to
-    50. If this option is 0, it obeys a consensus parameter. (Default: 0)
+    The allowed circuit creation rate per second applied per client IP
+    address. If this option is 0, it obeys a consensus parameter. (Default: 0)
 
 [[DoSCircuitCreationBurst]] **DoSCircuitCreationBurst** __NUM__::
 
diff --git a/src/or/config.c b/src/or/config.c
index c651c202e..3b4027433 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -245,7 +245,7 @@ static config_var_t option_vars_[] = {
   /* DoS circuit creation options. */
   V(DoSCircuitCreationEnabled,   AUTOBOOL, "auto"),
   V(DoSCircuitCreationMinConnections,      UINT, "0"),
-  V(DoSCircuitCreationRateTenths,          UINT, "0"),
+  V(DoSCircuitCreationRate,      UINT,     "0"),
   V(DoSCircuitCreationBurst,     UINT,     "0"),
   V(DoSCircuitCreationDefenseType,         INT,  "0"),
   V(DoSCircuitCreationDefenseTimePeriod,   INTERVAL, "0"),
diff --git a/src/or/dos.c b/src/or/dos.c
index 5af75ca57..a614d1231 100644
--- a/src/or/dos.c
+++ b/src/or/dos.c
@@ -31,7 +31,7 @@ static unsigned int dos_cc_enabled = 0;
 /* Consensus parameters. They can be changed when a new consensus arrives.
  * They are initialized with the hardcoded default values. */
 static uint32_t dos_cc_min_concurrent_conn;
-static uint32_t dos_cc_circuit_rate_tenths;
+static uint32_t dos_cc_circuit_rate;
 static uint32_t dos_cc_circuit_burst;
 static dos_cc_defense_type_t dos_cc_defense_type;
 static int32_t dos_cc_defense_time_period;
@@ -93,14 +93,14 @@ get_param_cc_min_concurrent_connection(const networkstatus_t *ns)
 /* Return the parameter for the time rate that is how many circuits over this
  * time span. */
 static uint32_t
-get_param_cc_circuit_rate_tenths(const networkstatus_t *ns)
+get_param_cc_circuit_rate(const networkstatus_t *ns)
 {
   /* This is in seconds. */
-  if (get_options()->DoSCircuitCreationRateTenths) {
-    return get_options()->DoSCircuitCreationRateTenths;
+  if (get_options()->DoSCircuitCreationRate) {
+    return get_options()->DoSCircuitCreationRate;
   }
-  return networkstatus_get_param(ns, "DoSCircuitCreationRateTenths",
-                                 DOS_CC_CIRCUIT_RATE_TENTHS_DEFAULT,
+  return networkstatus_get_param(ns, "DoSCircuitCreationRate",
+                                 DOS_CC_CIRCUIT_RATE_DEFAULT,
                                  1, INT32_MAX);
 }
 
@@ -189,7 +189,7 @@ set_dos_parameters(const networkstatus_t *ns)
   /* Get the default consensus param values. */
   dos_cc_enabled = get_param_cc_enabled(ns);
   dos_cc_min_concurrent_conn = get_param_cc_min_concurrent_connection(ns);
-  dos_cc_circuit_rate_tenths = get_param_cc_circuit_rate_tenths(ns);
+  dos_cc_circuit_rate = get_param_cc_circuit_rate(ns);
   dos_cc_circuit_burst = get_param_cc_circuit_burst(ns);
   dos_cc_defense_time_period = get_param_cc_defense_time_period(ns);
   dos_cc_defense_type = get_param_cc_defense_type(ns);
@@ -225,23 +225,7 @@ cc_consensus_has_changed(const networkstatus_t *ns)
 STATIC uint32_t
 get_circuit_rate_per_second(void)
 {
-  int64_t circ_rate;
-
-  /* We take the burst divided by the rate which is in tenths of a second so
-   * convert to get a circuit rate per second. */
-  circ_rate = dos_cc_circuit_rate_tenths / 10;
-  if (circ_rate < 0) {
-    /* Safety check, never allow it to go below 0 else the bucket will always
-     * be empty resulting in every address to be detected. */
-    circ_rate = 1;
-  }
-
-  /* Clamp it down to a 32 bit value because a rate of 2^32 circuits per
-   * second is just too much in any circumstances. */
-  if (circ_rate > UINT32_MAX) {
-    circ_rate = UINT32_MAX;
-  }
-  return (uint32_t) circ_rate;
+  return dos_cc_circuit_rate;
 }
 
 /* Given the circuit creation client statistics object, refill the circuit
diff --git a/src/or/dos.h b/src/or/dos.h
index 9ce1baddb..8695512ea 100644
--- a/src/or/dos.h
+++ b/src/or/dos.h
@@ -70,7 +70,7 @@ void dos_note_refuse_single_hop_client(void);
 /* DoSCircuitCreationMinConnections default */
 #define DOS_CC_MIN_CONCURRENT_CONN_DEFAULT 3
 /* DoSCircuitCreationRateTenths is 3 per seconds. */
-#define DOS_CC_CIRCUIT_RATE_TENTHS_DEFAULT (3 * 10)
+#define DOS_CC_CIRCUIT_RATE_DEFAULT 3
 /* DoSCircuitCreationBurst default. */
 #define DOS_CC_CIRCUIT_BURST_DEFAULT 90
 /* DoSCircuitCreationDefenseTimePeriod in seconds. */
diff --git a/src/or/or.h b/src/or/or.h
index 454d05ed5..024a9cff0 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4520,9 +4520,8 @@ typedef struct {
   /** Minimum concurrent connection needed from one single address before any
    * defense is used. */
   int DoSCircuitCreationMinConnections;
-  /** Circuit rate, in tenths of a second, that is used to refill the token
-   * bucket at this given rate. */
-  int DoSCircuitCreationRateTenths;
+  /** Circuit rate used to refill the token bucket. */
+  int DoSCircuitCreationRate;
   /** Maximum allowed burst of circuits. Reaching that value, the address is
    * detected as malicious and a defense might be used. */
   int DoSCircuitCreationBurst;





More information about the tor-commits mailing list