Hello,
today we saw yet another outbound flooding affecting our exit relays
and we were eager to see the effect of
https://gitlab.torproject.org/tpo/core/tor/-/issues/40736
but we did not see any
and according to metric
tor_relay_dos_total{type="stream_rejected"}
the protection did not trigger.
What are the consensus parameter names for these settings so we can
check there current consensus values?
DoSStreamCreationEnabled 0|1|auto
Enable the stream DoS mitigation. If set to 1 (enabled), tor will
apply rate limit on the creation of new streams and dns requests
per circuit. "auto" means use the consensus parameter. If not
defined in the consensus, the value is 0. (Default: auto)
DoSStreamCreationDefenseType NUM
This is the type of defense applied to a detected circuit or stream
for the stream mitigation. The possible values are:
1: No defense.
2: Reject the stream or resolve request.
3: Close the circuit creating too many streams.
"0" means use the consensus parameter. If not defined in the
consensus, the value is 2. (Default: 0)
DoSStreamCreationRate NUM
The allowed rate of stream creation from a single circuit per
second. Coupled with the burst (see below), if the limit is
reached, actions can be taken against the stream or circuit
(DoSStreamCreationDefenseType). If not defined or set to 0, it is
controlled by a consensus parameter. If not defined in the
consensus, the value is 100. (Default: 0)
DoSStreamCreationBurst NUM
The allowed burst of stream creation from a circuit per second. See
the DoSStreamCreationRate for more details on this detection. If
not defined or set to 0, it is controlled by a consensus parameter.
If not defined in the consensus, the value is 300. (Default: 0)
thanks!
[email protected]
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
