[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] DoSStreamCreation consensus parameters

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] DoSStreamCreation consensus parameters
From: "tor_appliedprivacy.net via tor-relays" <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 24 Apr 2024 23:12:18 +0200
Cc: "tor_appliedprivacy.net" <tor@xxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 24 Apr 2024 17:12:44 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1713993154; bh=5t2ca85XZGxuzQLaKP+AkT3zagoS4qdchGK3p8cXBeM=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=XP5jQtp0YNfpp2WC/x4uv9gOaAA965tCKroYTZD7J4zW4/X/s531ghuLf6WwAFvMN qxXk51bFUA5aqpbjQWReTaUAb8BrQoSPq4KA9dnLu8G/0KERmOeLgnhRgaoZotul4/ BTZUS1n8XgJrcez+rZ+wOzC8GIANK5FEbG9cKb30XtQJrNjHSZJU43DCGHP+27yKSc gfUzsWk+Ltt9k/Rr56TSlzcWl5v6rZtqukDANnj5PBb3XOD+mRSbsoE2ed+/ukJ3Tr o8nlVnQAZJtO6xMpLA6bAGEevfLsczI9ugQdsVOri7zGVCwCGBvp9duopk4aie98Kx KRDViAlnKPZxw==
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hello,

today we saw yet another outbound flooding affecting our exit relays
and we were eager to see the effect of
https://gitlab.torproject.org/tpo/core/tor/-/issues/40736
but we did not see any
and according to metric
tor_relay_dos_total{type="stream_rejected"}
the protection did not trigger.

What are the consensus parameter names for these settings so we cancheck there current consensus values?

       DoSStreamCreationEnabled 0|1|auto
           Enable the stream DoS mitigation. If set to 1 (enabled), tor will
           apply rate limit on the creation of new streams and dns requests
           per circuit. "auto" means use the consensus parameter. If not
           defined in the consensus, the value is 0. (Default: auto)

       DoSStreamCreationDefenseType NUM
           This is the type of defense applied to a detected circuit or stream
           for the stream mitigation. The possible values are:

           1: No defense.

           2: Reject the stream or resolve request.

           3: Close the circuit creating too many streams.

           "0" means use the consensus parameter. If not defined in the
           consensus, the value is 2. (Default: 0)

       DoSStreamCreationRate NUM
           The allowed rate of stream creation from a single circuit per
           second. Coupled with the burst (see below), if the limit is
           reached, actions can be taken against the stream or circuit
           (DoSStreamCreationDefenseType). If not defined or set to 0, it is
           controlled by a consensus parameter. If not defined in the
           consensus, the value is 100. (Default: 0)

       DoSStreamCreationBurst NUM
           The allowed burst of stream creation from a circuit per second. See
           the DoSStreamCreationRate for more details on this detection. If
           not defined or set to 0, it is controlled by a consensus parameter.
           If not defined in the consensus, the value is 300. (Default: 0)



thanks!
tor@xxxxxxxxxxxxxxxxxx
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] DoSStreamCreation consensus parameters
  - From: tor_appliedprivacy.net via tor-relays

Prev by Author: Re: [tor-relays] disable conflux on exit relay?
Next by Author: Re: [tor-relays] I need a new VPS provider
Previous by thread: Re: [tor-relays] I need a new VPS provider
Next by thread: Re: [tor-relays] DoSStreamCreation consensus parameters
Index(es):
- Author
- Thread