commit 0918cc2783b1744adffedb5b121d9afdd2f1fd79
parent fff2b92682222c960e2cd4455e8264bcd5d406fb
Author: David Goulet <dgoulet@torproject.org>
Date: Thu, 27 Oct 2022 11:41:26 -0400
Merge branch 'maint-0.4.7'
Diffstat:
5 files changed, 275 insertions(+), 0 deletions(-)
diff --git a/changes/ticket40194 b/changes/ticket40194
@@ -1,3 +1,9 @@
o Minor feature (relay, metrics):
- Add counters to the MetricsPort how many connections, per type, are
currently opened and how many were created. Part of ticket 40194.
+ - Add total number of streams seen by an Exit to the MetricsPort.
+ - Add congestion control RTT reset counter to MetricsPort.
+ - Add DoS defenses counter to MetricsPort.
+ - Add relay flags from the consensus to the MetricsPort.
+ - Add total number of opened circuits to MetricsPort.
+ - Add traffic stats as in number of read/written bytes in total.
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
@@ -581,6 +581,48 @@ dos_is_enabled(void)
/* Circuit creation public API. */
+/** Return the number of rejected circuits. */
+uint64_t
+dos_get_num_cc_rejected(void)
+{
+ return cc_num_rejected_cells;
+}
+
+/** Return the number of marked addresses. */
+uint32_t
+dos_get_num_cc_marked_addr(void)
+{
+ return cc_num_marked_addrs;
+}
+
+/** Return the number of marked addresses due to max queue limit reached. */
+uint32_t
+dos_get_num_cc_marked_addr_maxq(void)
+{
+ return cc_num_marked_addrs_max_queue;
+}
+
+/** Return number of concurrent connections rejected. */
+uint64_t
+dos_get_num_conn_addr_rejected(void)
+{
+ return conn_num_addr_rejected;
+}
+
+/** Return the number of connection rejected. */
+uint64_t
+dos_get_num_conn_addr_connect_rejected(void)
+{
+ return conn_num_addr_connect_rejected;
+}
+
+/** Return the number of single hop refused. */
+uint64_t
+dos_get_num_single_hop_refused(void)
+{
+ return num_single_hop_client_refused;
+}
+
/* Called when a CREATE cell is received from the given channel. */
void
dos_cc_new_create_cell(channel_t *chan)
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
@@ -84,6 +84,13 @@ int dos_should_refuse_single_hop_client(void);
void dos_note_refuse_single_hop_client(void);
void dos_note_circ_max_outq(const channel_t *chan);
+uint32_t dos_get_num_cc_marked_addr(void);
+uint32_t dos_get_num_cc_marked_addr_maxq(void);
+uint64_t dos_get_num_cc_rejected(void);
+uint64_t dos_get_num_conn_addr_rejected(void);
+uint64_t dos_get_num_conn_addr_connect_rejected(void);
+uint64_t dos_get_num_single_hop_refused(void);
+
/*
* Circuit creation DoS mitigation subsystemn interface.
*/
diff --git a/src/feature/relay/relay_metrics.c b/src/feature/relay/relay_metrics.c
@@ -12,30 +12,44 @@
#include "core/or/or.h"
#include "core/mainloop/connection.h"
+#include "core/mainloop/mainloop.h"
#include "core/or/congestion_control_common.h"
+#include "core/or/circuitlist.h"
+#include "core/or/dos.h"
#include "core/or/relay.h"
+#include "app/config/config.h"
+
#include "lib/malloc/malloc.h"
#include "lib/container/smartlist.h"
#include "lib/metrics/metrics_store.h"
#include "lib/log/util_bug.h"
+#include "feature/hs/hs_dos.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/nodelist/node_st.h"
+#include "feature/nodelist/routerstatus_st.h"
#include "feature/relay/relay_metrics.h"
+#include "feature/relay/router.h"
#include "feature/stats/rephist.h"
#include <event2/dns.h>
/** Declarations of each fill function for metrics defined in base_metrics. */
static void fill_cc_values(void);
+static void fill_circuits_values(void);
static void fill_connections_values(void);
static void fill_dns_error_values(void);
static void fill_dns_query_values(void);
+static void fill_dos_values(void);
static void fill_global_bw_limit_values(void);
static void fill_socket_values(void);
static void fill_onionskins_values(void);
static void fill_oom_values(void);
static void fill_streams_values(void);
+static void fill_relay_flags(void);
static void fill_tcp_exhaustion_values(void);
+static void fill_traffic_values(void);
/** The base metrics that is a static array of metrics added to the metrics
* store.
@@ -113,6 +127,34 @@ static const relay_metrics_entry_t base_metrics[] =
.help = "Congestion control related counters",
.fill_fn = fill_cc_values,
},
+ {
+ .key = RELAY_METRICS_NUM_DOS,
+ .type = METRICS_TYPE_COUNTER,
+ .name = METRICS_NAME(relay_dos_total),
+ .help = "Denial of Service defenses related counters",
+ .fill_fn = fill_dos_values,
+ },
+ {
+ .key = RELAY_METRICS_NUM_TRAFFIC,
+ .type = METRICS_TYPE_COUNTER,
+ .name = METRICS_NAME(relay_traffic_bytes),
+ .help = "Traffic related counters",
+ .fill_fn = fill_traffic_values,
+ },
+ {
+ .key = RELAY_METRICS_RELAY_FLAGS,
+ .type = METRICS_TYPE_GAUGE,
+ .name = METRICS_NAME(relay_flag),
+ .help = "Relay flags from consensus",
+ .fill_fn = fill_relay_flags,
+ },
+ {
+ .key = RELAY_METRICS_NUM_CIRCUITS,
+ .type = METRICS_TYPE_GAUGE,
+ .name = METRICS_NAME(relay_circuits_total),
+ .help = "Total number of circuits",
+ .fill_fn = fill_circuits_values,
+ },
};
static const size_t num_base_metrics = ARRAY_LENGTH(base_metrics);
@@ -139,6 +181,176 @@ handshake_type_to_str(const uint16_t type)
}
}
+/** Fill function for the RELAY_METRICS_NUM_CIRCUITS metric. */
+static void
+fill_circuits_values(void)
+{
+ const relay_metrics_entry_t *rentry =
+ &base_metrics[RELAY_METRICS_NUM_CIRCUITS];
+ metrics_store_entry_t *sentry =
+ metrics_store_add(the_store, rentry->type, rentry->name, rentry->help);
+
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("state", "opened"));
+ metrics_store_entry_update(sentry,
+ smartlist_len(circuit_get_global_list()));
+}
+
+/** Fill function for the RELAY_METRICS_RELAY_FLAGS metric. */
+static void
+fill_relay_flags(void)
+{
+ uint8_t is_fast = 0, is_exit = 0, is_authority = 0, is_stable = 0;
+ uint8_t is_running = 0, is_v2_dir = 0, is_guard = 0, is_sybil = 0;
+ uint8_t is_hs_dir = 0;
+
+ const node_t *me =
+ node_get_by_id((const char *) router_get_my_id_digest());
+ if (me && me->rs) {
+ is_fast = me->rs->is_fast;
+ is_exit = me->rs->is_exit;
+ is_authority = me->rs->is_authority;
+ is_stable = me->rs->is_stable;
+ is_running = me->rs->is_flagged_running;
+ is_v2_dir = me->rs->is_v2_dir;
+ is_guard = me->rs->is_possible_guard;
+ is_sybil = me->rs->is_sybil;
+ is_hs_dir = me->rs->is_hs_dir;
+ }
+
+ const relay_metrics_entry_t *rentry =
+ &base_metrics[RELAY_METRICS_RELAY_FLAGS];
+ metrics_store_entry_t *sentry =
+ metrics_store_add(the_store, rentry->type, rentry->name, rentry->help);
+
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "Fast"));
+ metrics_store_entry_update(sentry, is_fast);
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "Exit"));
+ metrics_store_entry_update(sentry, is_exit);
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "Authority"));
+ metrics_store_entry_update(sentry, is_authority);
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "Stable"));
+ metrics_store_entry_update(sentry, is_stable);
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "HSDir"));
+ metrics_store_entry_update(sentry, is_hs_dir);
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "Running"));
+ metrics_store_entry_update(sentry, is_running);
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "V2Dir"));
+ metrics_store_entry_update(sentry, is_v2_dir);
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "Sybil"));
+ metrics_store_entry_update(sentry, is_sybil);
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "Guard"));
+ metrics_store_entry_update(sentry, is_guard);
+}
+
+/** Fill function for the RELAY_METRICS_NUM_TRAFFIC metric. */
+static void
+fill_traffic_values(void)
+{
+ const relay_metrics_entry_t *rentry =
+ &base_metrics[RELAY_METRICS_NUM_TRAFFIC];
+ metrics_store_entry_t *sentry =
+ metrics_store_add(the_store, rentry->type, rentry->name, rentry->help);
+
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("direction", "read"));
+ metrics_store_entry_update(sentry, get_bytes_read());
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("direction", "written"));
+ metrics_store_entry_update(sentry, get_bytes_written());
+}
+
+/** Fill function for the RELAY_METRICS_NUM_DOS metric. */
+static void
+fill_dos_values(void)
+{
+ const relay_metrics_entry_t *rentry = &base_metrics[RELAY_METRICS_NUM_DOS];
+ metrics_store_entry_t *sentry =
+ metrics_store_add(the_store, rentry->type, rentry->name, rentry->help);
+
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "circuit_rejected"));
+ metrics_store_entry_update(sentry, dos_get_num_cc_rejected());
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "circuit_killed_max_cell"));
+ metrics_store_entry_update(sentry, stats_n_circ_max_cell_reached);
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "marked_address"));
+ metrics_store_entry_update(sentry, dos_get_num_cc_marked_addr());
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "marked_address_maxq"));
+ metrics_store_entry_update(sentry, dos_get_num_cc_marked_addr_maxq());
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "conn_rejected"));
+ metrics_store_entry_update(sentry, dos_get_num_conn_addr_connect_rejected());
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "concurrent_conn_rejected"));
+ metrics_store_entry_update(sentry, dos_get_num_conn_addr_rejected());
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "single_hop_refused"));
+ metrics_store_entry_update(sentry, dos_get_num_single_hop_refused());
+
+ sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+ rentry->help);
+ metrics_store_entry_add_label(sentry,
+ metrics_format_label("type", "introduce2_rejected"));
+ metrics_store_entry_update(sentry, hs_dos_get_intro2_rejected_count());
+}
+
/** Fill function for the RELAY_METRICS_NUM_CC metric. */
static void
fill_cc_values(void)
diff --git a/src/feature/relay/relay_metrics.h b/src/feature/relay/relay_metrics.h
@@ -35,6 +35,14 @@ typedef enum {
RELAY_METRICS_NUM_STREAMS = 8,
/** Congestion control counters. */
RELAY_METRICS_NUM_CC = 9,
+ /** Denial of Service defenses subsystem. */
+ RELAY_METRICS_NUM_DOS = 10,
+ /** Denial of Service defenses subsystem. */
+ RELAY_METRICS_NUM_TRAFFIC = 11,
+ /** Relay flags. */
+ RELAY_METRICS_RELAY_FLAGS = 12,
+ /** Numer of circuits. */
+ RELAY_METRICS_NUM_CIRCUITS = 13,
} relay_metrics_key_t;
/** The metadata of a relay metric. */
