add metrics for rejected BEGIN/RESOLVE

diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index 764e1c886b4591a120e2651de786786d7524f313..0dbd5eb33fe6ca8ba0b42b090a03dceb86d2da34 100644 (file)
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -4247,7 +4247,8 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
       dns_send_resolved_error_cell(dummy_conn, RESOLVED_TYPE_ERROR_TRANSIENT);
       return 0;
     case DOS_STREAM_DEFENSE_CLOSE_CIRCUIT:
-      /* TODO maybe use REASON_RESOURCELIMIT? See connection_exit_begin_conn() */
+      /* TODO maybe use REASON_RESOURCELIMIT?
+       * See connection_exit_begin_conn() */
       return -END_CIRC_REASON_NONE;
   }
 

diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 63cac190fdf21befc236bb339daa8310eb92bd04..632a49888d5ab50f98a1623d3c927e59ba54ccd6 100644 (file)
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -839,6 +839,13 @@ dos_conn_addr_get_defense_type(const tor_addr_t *addr)
 
 /* Stream creation public API. */
 
+/** Return the number of rejected stream and resolve. */
+uint64_t
+dos_get_num_stream_rejected(void)
+{
+  return stream_num_rejected;
+}
+
 /* Return the action to take against a BEGIN or RESOLVE cell. Return
  *  DOS_STREAM_DEFENSE_NONE when no action should be taken.
  *  Increment the appropriate counter when the cell was found to go over a

diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index 77dce333d118bbf239b8f84526133ec5680482a9..9581d9f233be690f447951838feba494d3203119 100644 (file)
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -90,6 +90,7 @@ uint64_t dos_get_num_cc_rejected(void);
 uint64_t dos_get_num_conn_addr_rejected(void);
 uint64_t dos_get_num_conn_addr_connect_rejected(void);
 uint64_t dos_get_num_single_hop_refused(void);
+uint64_t dos_get_num_stream_rejected(void);
 
 /*
  * Circuit creation DoS mitigation subsystemn interface.

diff --git a/src/feature/relay/dns.h b/src/feature/relay/dns.h
index b43b42756e70910517aeec82ef7385ad3c41a553..5de70039d4dad3bfa189829ec1b794defce1a9ad 100644 (file)
--- a/src/feature/relay/dns.h
+++ b/src/feature/relay/dns.h
@@ -38,6 +38,8 @@ void dns_launch_correctness_checks(void);
 #else /* !defined(HAVE_MODULE_RELAY) */
 
 #define dns_init() (0)
+#define dns_send_resolved_error_cell(conn, answer_type) \
+  ((void)(conn), (void)(answer_type))
 #define dns_seems_to_be_broken() (0)
 #define has_dns_init_failed() (0)
 #define dns_cache_total_allocation() (0)

diff --git a/src/feature/relay/relay_metrics.c b/src/feature/relay/relay_metrics.c
index 8f3b82bd96c4326c00aa64739f3fb66015da7035..8b8c07f58094d606739713ae59118b3b7308f4aa 100644 (file)
--- a/src/feature/relay/relay_metrics.c
+++ b/src/feature/relay/relay_metrics.c
@@ -433,6 +433,12 @@ fill_dos_values(void)
   metrics_store_entry_add_label(sentry,
           metrics_format_label("type", "introduce2_rejected"));
   metrics_store_entry_update(sentry, hs_dos_get_intro2_rejected_count());
+
+  sentry = metrics_store_add(the_store, rentry->type, rentry->name,
+                             rentry->help, 0, NULL);
+  metrics_store_entry_add_label(sentry,
+          metrics_format_label("type", "stream_rejected"));
+  metrics_store_entry_update(sentry, dos_get_num_stream_rejected());
 }
 
 /** Fill function for the RELAY_METRICS_CC_COUNTERS metric. */