Tor  0.4.7.0-alpha-dev
dos_options.inc
Go to the documentation of this file.
1 /* Copyright (c) 2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * @file dos_options.inc
6  * @brief Declare configuration options for the DoS module.
7  **/
8 
10 
11 /** Autobool: Is the DoS connection mitigation subsystem enabled? */
12 CONF_VAR(DoSConnectionEnabled, AUTOBOOL, 0, "auto")
13 
14 /** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */
15 CONF_VAR(DoSCircuitCreationEnabled, AUTOBOOL, 0, "auto")
16 
17 /** Minimum concurrent connection needed from one single address before any
18  * defense is used. */
19 CONF_VAR(DoSCircuitCreationMinConnections, POSINT, 0, "0")
20 
21 /** Circuit rate used to refill the token bucket. */
22 CONF_VAR(DoSCircuitCreationRate, POSINT, 0, "0")
23 
24 /** Maximum allowed burst of circuits. Reaching that value, the address is
25  * detected as malicious and a defense might be used. */
26 CONF_VAR(DoSCircuitCreationBurst, POSINT, 0, "0")
27 
28 /** When an address is marked as malicious, what defense should be used
29  * against it. See the dos_cc_defense_type_t enum. */
30 CONF_VAR(DoSCircuitCreationDefenseType, INT, 0, "0")
31 
32 /** For how much time (in seconds) the defense is applicable for a malicious
33  * address. A random time delta is added to the defense time of an address
34  * which will be between 1 second and half of this value. */
35 CONF_VAR(DoSCircuitCreationDefenseTimePeriod, INTERVAL, 0, "0")
36 
37 /** Maximum concurrent connection allowed per address. */
38 CONF_VAR(DoSConnectionMaxConcurrentCount, POSINT, 0, "0")
39 
40 /** When an address is reaches the maximum count, what defense should be
41  * used against it. See the dos_conn_defense_type_t enum. */
42 CONF_VAR(DoSConnectionDefenseType, INT, 0, "0")
43 
44 /** Autobool: Do we refuse single hop client rendezvous? */
45 CONF_VAR(DoSRefuseSingleHopClientRendezvous, AUTOBOOL, 0, "auto")
46 
47 /** Allowed burst of client connection allowed per address. */
48 CONF_VAR(DoSConnectionConnectBurst, POSINT, 0, "0")
49 
50 /** Allowed rate of client connection allowed per address. */
51 CONF_VAR(DoSConnectionConnectRate, POSINT, 0, "0")
52 
53 /** For how much time (in seconds) the connection connect rate defense is
54 * applicable for a malicious address. A random time delta is added to the
55 * defense time of an address which will be between 1 second and half of this
56 * value. */
57 CONF_VAR(DoSConnectionConnectDefenseTimePeriod, INTERVAL, 0, "0")
58 
#define END_CONF_STRUCT(name)
Definition: confdecl.h:64
#define CONF_VAR(varname, vartype, varflags, initval)
Definition: confdecl.h:70
#define BEGIN_CONF_STRUCT(name)
Definition: confdecl.h:59