[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor] 01/13: relay: Add DoS subsystem stats to MetricsPort

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor] 01/13: relay: Add DoS subsystem stats to MetricsPort
From: gitolite role via tor-commits <tor-commits@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Oct 2022 15:46:14 +0000
Auto-submitted: auto-generated
Cc: gitolite role <git@xxxxxxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 27 Oct 2022 11:46:30 -0400
In-reply-to: <166688557339.12034.12355408165339548833@cupani.torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
References: <166688557339.12034.12355408165339548833@cupani.torproject.org>
Reply-to: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQAAEjRWrXexAa42TJKVFe4XaTQokQ==

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository tor.

commit cd7be492d1b70df50b4e35df5cc595490f912c9a
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
AuthorDate: Thu Oct 27 09:54:54 2022 -0400

    relay: Add DoS subsystem stats to MetricsPort
    
    Related to #40194
    
    Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
 src/core/or/dos.c                 | 42 +++++++++++++++++++++++++
 src/core/or/dos.h                 |  7 +++++
 src/feature/relay/relay_metrics.c | 65 +++++++++++++++++++++++++++++++++++++++
 src/feature/relay/relay_metrics.h |  2 ++
 4 files changed, 116 insertions(+)

diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 560abd7691..5bf7d148d7 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -581,6 +581,48 @@ dos_is_enabled(void)
 
 /* Circuit creation public API. */
 
+/** Return the number of rejected circuits. */
+uint64_t
+dos_get_num_cc_rejected(void)
+{
+  return cc_num_rejected_cells;
+}
+
+/** Return the number of marked addresses. */
+uint32_t
+dos_get_num_cc_marked_addr(void)
+{
+  return cc_num_marked_addrs;
+}
+
+/** Return the number of marked addresses due to max queue limit reached. */
+uint32_t
+dos_get_num_cc_marked_addr_maxq(void)
+{
+  return cc_num_marked_addrs_max_queue;
+}
+
+/** Return number of concurrent connections rejected. */
+uint64_t
+dos_get_num_conn_addr_rejected(void)
+{
+  return conn_num_addr_rejected;
+}
+
+/** Return the number of connection rejected. */
+uint64_t
+dos_get_num_conn_addr_connect_rejected(void)
+{
+  return conn_num_addr_connect_rejected;
+}
+
+/** Return the number of single hop refused. */
+uint64_t
+dos_get_num_single_hop_refused(void)
+{
+  return num_single_hop_client_refused;
+}
+
 /* Called when a CREATE cell is received from the given channel. */
 void
 dos_cc_new_create_cell(channel_t *chan)
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index b6412f4280..4a2227f132 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -84,6 +84,13 @@ int dos_should_refuse_single_hop_client(void);
 void dos_note_refuse_single_hop_client(void);
 void dos_note_circ_max_outq(const channel_t *chan);
 
+uint32_t dos_get_num_cc_marked_addr(void);
+uint32_t dos_get_num_cc_marked_addr_maxq(void);
+uint64_t dos_get_num_cc_rejected(void);
+uint64_t dos_get_num_conn_addr_rejected(void);
+uint64_t dos_get_num_conn_addr_connect_rejected(void);
+uint64_t dos_get_num_single_hop_refused(void);
+
 /*
  * Circuit creation DoS mitigation subsystemn interface.
  */
diff --git a/src/feature/relay/relay_metrics.c b/src/feature/relay/relay_metrics.c
index 814afa6006..e9f4b68350 100644
--- a/src/feature/relay/relay_metrics.c
+++ b/src/feature/relay/relay_metrics.c
@@ -13,6 +13,7 @@
 #include "core/or/or.h"
 #include "core/mainloop/connection.h"
 #include "core/or/congestion_control_common.h"
+#include "core/or/dos.h"
 #include "core/or/relay.h"
 
 #include "lib/malloc/malloc.h"
@@ -20,6 +21,7 @@
 #include "lib/metrics/metrics_store.h"
 #include "lib/log/util_bug.h"
 
+#include "feature/hs/hs_dos.h"
 #include "feature/relay/relay_metrics.h"
 #include "feature/stats/rephist.h"
 
@@ -30,6 +32,7 @@ static void fill_cc_values(void);
 static void fill_connections_values(void);
 static void fill_dns_error_values(void);
 static void fill_dns_query_values(void);
+static void fill_dos_values(void);
 static void fill_global_bw_limit_values(void);
 static void fill_socket_values(void);
 static void fill_onionskins_values(void);
@@ -113,6 +116,13 @@ static const relay_metrics_entry_t base_metrics[] =
     .help = "Congestion control related counters",
     .fill_fn = fill_cc_values,
   },
+  {
+    .key = RELAY_METRICS_NUM_DOS,
+    .type = METRICS_TYPE_COUNTER,
+    .name = METRICS_NAME(relay_dos_total),
+    .help = "Denial of Service defenses related counters",
+    .fill_fn = fill_dos_values,
+  },
 };
 static const size_t num_base_metrics = ARRAY_LENGTH(base_metrics);
 
@@ -139,6 +149,61 @@ handshake_type_to_str(const uint16_t type)
   }
 }
 
+/** Fill function for the RELAY_METRICS_NUM_DOS metric. */
+static void
+fill_dos_values(void)
+{
+  const relay_metrics_entry_t *rentry = &base_metrics[RELAY_METRICS_NUM_DOS];
+  metrics_store_entry_t *sentry =
+    metrics_store_add(the_store, rentry->type, rentry->name, rentry->help);
+
+  metrics_store_entry_add_label(sentry,
+          metrics_format_label("type", "circuit_rejected"));
+  metrics_store_entry_update(sentry, dos_get_num_cc_rejected());
+
+  sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+                             rentry->help);
+  metrics_store_entry_add_label(sentry,
+          metrics_format_label("type", "circuit_killed_max_cell"));
+  metrics_store_entry_update(sentry, stats_n_circ_max_cell_reached);
+
+  sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+                             rentry->help);
+  metrics_store_entry_add_label(sentry,
+          metrics_format_label("type", "marked_address"));
+  metrics_store_entry_update(sentry, dos_get_num_cc_marked_addr());
+
+  sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+                             rentry->help);
+  metrics_store_entry_add_label(sentry,
+          metrics_format_label("type", "marked_address_maxq"));
+  metrics_store_entry_update(sentry, dos_get_num_cc_marked_addr_maxq());
+
+  sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+                             rentry->help);
+  metrics_store_entry_add_label(sentry,
+          metrics_format_label("type", "conn_rejected"));
+  metrics_store_entry_update(sentry, dos_get_num_conn_addr_connect_rejected());
+
+  sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+                             rentry->help);
+  metrics_store_entry_add_label(sentry,
+          metrics_format_label("type", "concurrent_conn_rejected"));
+  metrics_store_entry_update(sentry, dos_get_num_conn_addr_rejected());
+
+  sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+                             rentry->help);
+  metrics_store_entry_add_label(sentry,
+          metrics_format_label("type", "single_hop_refused"));
+  metrics_store_entry_update(sentry, dos_get_num_single_hop_refused());
+
+  sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+                             rentry->help);
+  metrics_store_entry_add_label(sentry,
+          metrics_format_label("type", "introduce2_rejected"));
+  metrics_store_entry_update(sentry, hs_dos_get_intro2_rejected_count());
+}
+
 /** Fill function for the RELAY_METRICS_NUM_CC metric. */
 static void
 fill_cc_values(void)
diff --git a/src/feature/relay/relay_metrics.h b/src/feature/relay/relay_metrics.h
index a594726668..2aa227c9cb 100644
--- a/src/feature/relay/relay_metrics.h
+++ b/src/feature/relay/relay_metrics.h
@@ -35,6 +35,8 @@ typedef enum {
   RELAY_METRICS_NUM_STREAMS = 8,
   /** Congestion control counters. */
   RELAY_METRICS_NUM_CC = 9,
+  /** Denial of Service defenses subsystem. */
+  RELAY_METRICS_NUM_DOS = 10,
 } relay_metrics_key_t;
 
 /** The metadata of a relay metric. */

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

References:
- [tor-commits] [tor] branch main updated (fff2b92682 -> 4481c1e609)
  - From: gitolite role via tor-commits

Prev by Author: [tor-commits] [tor-browser] 73/81: Bug 13379: Sign our MAR files.
Next by Author: [tor-commits] [torbutton] 02/02: Added placeholders for about:tor in vi.
Previous by thread: [tor-commits] [tor] 03/13: relay: Add our consensus relay flag to MetricsPort
Next by thread: [tor-commits] [tor] 04/13: metrics: Add number of opened circuits to MetricsPort
Index(es):
- Author
- Thread