tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE

dos_options.inc (2879B)

      1 /* Copyright (c) 2021, The Tor Project, Inc. */
      2 /* See LICENSE for licensing information */
      3 
      4 /**
      5 * @file dos_options.inc
      6 * @brief Declare configuration options for the DoS module.
      7 **/
      8 
      9 BEGIN_CONF_STRUCT(dos_options_t)
     10 
     11 /** Autobool: Is the DoS connection mitigation subsystem enabled? */
     12 CONF_VAR(DoSConnectionEnabled, AUTOBOOL, 0, "auto")
     13 
     14 /** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */
     15 CONF_VAR(DoSCircuitCreationEnabled, AUTOBOOL, 0, "auto")
     16 
     17 /** Minimum concurrent connection needed from one single address before any
     18 * defense is used. */
     19 CONF_VAR(DoSCircuitCreationMinConnections, POSINT, 0, "0")
     20 
     21 /** Circuit rate used to refill the token bucket. */
     22 CONF_VAR(DoSCircuitCreationRate, POSINT, 0, "0")
     23 
     24 /** Maximum allowed burst of circuits. Reaching that value, the address is
     25 * detected as malicious and a defense might be used. */
     26 CONF_VAR(DoSCircuitCreationBurst, POSINT, 0, "0")
     27 
     28 /** When an address is marked as malicious, what defense should be used
     29 * against it. See the dos_cc_defense_type_t enum. */
     30 CONF_VAR(DoSCircuitCreationDefenseType, INT, 0, "0")
     31 
     32 /** For how much time (in seconds) the defense is applicable for a malicious
     33 * address. A random time delta is added to the defense time of an address
     34 * which will be between 1 second and half of this value. */
     35 CONF_VAR(DoSCircuitCreationDefenseTimePeriod, INTERVAL, 0, "0")
     36 
     37 /** Maximum concurrent connection allowed per address. */
     38 CONF_VAR(DoSConnectionMaxConcurrentCount, POSINT, 0, "0")
     39 
     40 /** When an address is reaches the maximum count, what defense should be
     41 * used against it. See the dos_conn_defense_type_t enum. */
     42 CONF_VAR(DoSConnectionDefenseType, INT, 0, "0")
     43 
     44 /** Autobool: Do we refuse single hop client rendezvous? */
     45 CONF_VAR(DoSRefuseSingleHopClientRendezvous, AUTOBOOL, 0, "auto")
     46 
     47 /** Allowed burst of client connection allowed per address. */
     48 CONF_VAR(DoSConnectionConnectBurst, POSINT, 0, "0")
     49 
     50 /** Allowed rate of client connection allowed per address. */
     51 CONF_VAR(DoSConnectionConnectRate, POSINT, 0, "0")
     52 
     53 /** Autobool: Is the stream creation DoS mitigation subsystem enabled? */
     54 CONF_VAR(DoSStreamCreationEnabled, AUTOBOOL, 0, "auto")
     55 
     56 /** Stream rate used to refill the token bucket. */
     57 CONF_VAR(DoSStreamCreationRate, POSINT, 0, "0")
     58 
     59 /** Maximum allowed burst of stream. */
     60 CONF_VAR(DoSStreamCreationBurst, POSINT, 0, "0")
     61 
     62 /** When an circuit is detected as malicious, what defense should be used
     63 * against it. See the dos_stream_defense_type_t enum. */
     64 CONF_VAR(DoSStreamCreationDefenseType, INT, 0, "0")
     65 
     66 /** For how much time (in seconds) the connection connect rate defense is
     67 * applicable for a malicious address. A random time delta is added to the
     68 * defense time of an address which will be between 1 second and half of this
     69 * value. */
     70 CONF_VAR(DoSConnectionConnectDefenseTimePeriod, INTERVAL, 0, "0")
     71 
     72 END_CONF_STRUCT(dos_options_t)