Tor 0.4.9.0-alpha-dev
dos_options.inc
Go to the documentation of this file.
1/* Copyright (c) 2021, The Tor Project, Inc. */
2/* See LICENSE for licensing information */
3
4/**
5 * @file dos_options.inc
6 * @brief Declare configuration options for the DoS module.
7 **/
8
9BEGIN_CONF_STRUCT(dos_options_t)
10
11/** Autobool: Is the DoS connection mitigation subsystem enabled? */
12CONF_VAR(DoSConnectionEnabled, AUTOBOOL, 0, "auto")
13
14/** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */
15CONF_VAR(DoSCircuitCreationEnabled, AUTOBOOL, 0, "auto")
16
17/** Minimum concurrent connection needed from one single address before any
18 * defense is used. */
19CONF_VAR(DoSCircuitCreationMinConnections, POSINT, 0, "0")
20
21/** Circuit rate used to refill the token bucket. */
22CONF_VAR(DoSCircuitCreationRate, POSINT, 0, "0")
23
24/** Maximum allowed burst of circuits. Reaching that value, the address is
25 * detected as malicious and a defense might be used. */
26CONF_VAR(DoSCircuitCreationBurst, POSINT, 0, "0")
27
28/** When an address is marked as malicious, what defense should be used
29 * against it. See the dos_cc_defense_type_t enum. */
30CONF_VAR(DoSCircuitCreationDefenseType, INT, 0, "0")
31
32/** For how much time (in seconds) the defense is applicable for a malicious
33 * address. A random time delta is added to the defense time of an address
34 * which will be between 1 second and half of this value. */
35CONF_VAR(DoSCircuitCreationDefenseTimePeriod, INTERVAL, 0, "0")
36
37/** Maximum concurrent connection allowed per address. */
38CONF_VAR(DoSConnectionMaxConcurrentCount, POSINT, 0, "0")
39
40/** When an address is reaches the maximum count, what defense should be
41 * used against it. See the dos_conn_defense_type_t enum. */
42CONF_VAR(DoSConnectionDefenseType, INT, 0, "0")
43
44/** Autobool: Do we refuse single hop client rendezvous? */
45CONF_VAR(DoSRefuseSingleHopClientRendezvous, AUTOBOOL, 0, "auto")
46
47/** Allowed burst of client connection allowed per address. */
48CONF_VAR(DoSConnectionConnectBurst, POSINT, 0, "0")
49
50/** Allowed rate of client connection allowed per address. */
51CONF_VAR(DoSConnectionConnectRate, POSINT, 0, "0")
52
53/** Autobool: Is the stream creation DoS mitigation subsystem enabled? */
54CONF_VAR(DoSStreamCreationEnabled, AUTOBOOL, 0, "auto")
55
56/** Stream rate used to refill the token bucket. */
57CONF_VAR(DoSStreamCreationRate, POSINT, 0, "0")
58
59/** Maximum allowed burst of stream. */
60CONF_VAR(DoSStreamCreationBurst, POSINT, 0, "0")
61
62/** When an circuit is detected as malicious, what defense should be used
63 * against it. See the dos_stream_defense_type_t enum. */
64CONF_VAR(DoSStreamCreationDefenseType, INT, 0, "0")
65
66/** For how much time (in seconds) the connection connect rate defense is
67* applicable for a malicious address. A random time delta is added to the
68* defense time of an address which will be between 1 second and half of this
69* value. */
70CONF_VAR(DoSConnectionConnectDefenseTimePeriod, INTERVAL, 0, "0")
71
72END_CONF_STRUCT(dos_options_t)
END_CONF_STRUCT
#define END_CONF_STRUCT(name)
Definition: confdecl.h:64
CONF_VAR
#define CONF_VAR(varname, vartype, varflags, initval)
Definition: confdecl.h:70
BEGIN_CONF_STRUCT
#define BEGIN_CONF_STRUCT(name)
Definition: confdecl.h:59
dos_options_t
Definition: dos_options.inc:9
Generated by doxygen 1.9.4