]> git.ipfire.org Git - thirdparty/tor.git/commit
projects / thirdparty / tor.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3d63d71) | patch
Extend DoS protection to partially-open channels
authorMicah Elizabeth Scott <beth@torproject.org>
Thu, 10 Aug 2023 01:07:34 +0000 (18:07 -0700)
committerMicah Elizabeth Scott <beth@torproject.org>
Thu, 10 Aug 2023 01:07:34 +0000 (18:07 -0700)
commit3e18507dc75afcf0c6560e966c9f18942406b0c8
tree70968ea83670e390e63f70d20ac2e133b53bea5ctree | snapshot
parent3d63d713ea42d1ed1ca4686340cd03f82ba394b7commit | diff
Extend DoS protection to partially-open channels

tor only marks a channel as 'open' once the TLS and OR handshakes have both
completed, and normal "client" (ORPort) DoS protection is not enabled until
the channel becomes open. This patch adds an additional earlier initialization
path for DoS protection on incoming TLS connections.

This leaves the existing dos_new_client_conn() call sites intact, but adds a
guard against multiple-initialization using the existing
tracked_for_dos_mitigation flag. Other types of channels shouldn't be affected
by this patch.
src/core/or/channel.c diff | blob | blame | history
src/core/or/channeltls.c diff | blob | blame | history
src/core/or/dos.c diff | blob | blame | history
src/feature/stats/geoip_stats.h diff | blob | blame | history
src/test/test_dos.c diff | blob | blame | history
Mirror of https://git.torproject.org/tor.git