added OnionsPerSecond to prevent create flooding

first cut, probably needs more playing with svn:r137
author: Roger Dingledine <arma@torproject.org> 2002-11-23 08:49:03 +0000
committer: Roger Dingledine <arma@torproject.org> 2002-11-23 08:49:03 +0000
commit: ab0aee04d910520ca8e683356069e53997908b85 (patch)
tree: a0736d3b2b49802b7e1ad1d80479dc353814fe83 /src
parent: 00a9e3732e88d73860b772dcbac0b8275aa7f467 (diff)
download: tor-ab0aee04d910520ca8e683356069e53997908b85.tar
tor-ab0aee04d910520ca8e683356069e53997908b85.tar.gz
4 files changed, 28 insertions, 9 deletions
diff --git a/src/or/command.c b/src/or/command.c
index 43474bf87..d29edc5d0 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -4,6 +4,8 @@
 
 #include "or.h"
 
+extern or_options_t options; /* command-line and config-file options */
+
 void command_process_cell(cell_t *cell, connection_t *conn) {
 
   switch(cell->command) {
@@ -129,6 +131,14 @@ void command_process_create_cell(cell_t *cell, connection_t *conn) {
   /* we're all ready to go now. */ 
   circ->state = CIRCUIT_STATE_OPEN;
 
+  conn->onions_handled_this_second++;
+  log(LOG_DEBUG,"command_process_create_cell(): Processing onion %d for this second.",conn->onions_handled_this_second);
+  if(conn->onions_handled_this_second > options.OnionsPerSecond) {
+    log(LOG_DEBUG,"command_process_create_cell(): Received too many onions (now %d) this second. Closing.", conn->onions_handled_this_second);
+    circuit_close(circ);
+    return;
+  }
+
   if(process_onion(circ, conn) < 0) {
     log(LOG_DEBUG,"command_process_create_cell(): Onion processing failed. Closing.");
     circuit_close(circ);
diff --git a/src/or/config.c b/src/or/config.c
index 5db8d4d5f..d2e3dc3b0 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -181,6 +181,7 @@ void config_assign(or_options_t *options, struct config_line *list) {
     config_compare(list, "DirRebuildPeriod",CONFIG_TYPE_INT, &options->DirRebuildPeriod) ||
     config_compare(list, "DirFetchPeriod",  CONFIG_TYPE_INT, &options->DirFetchPeriod) ||
     config_compare(list, "KeepalivePeriod", CONFIG_TYPE_INT, &options->KeepalivePeriod) ||
+    config_compare(list, "OnionsPerSecond", CONFIG_TYPE_INT, &options->OnionsPerSecond) ||
 
     /* float options */
     config_compare(list, "CoinWeight",     CONFIG_TYPE_DOUBLE, &options->CoinWeight)
@@ -213,6 +214,7 @@ int getconfig(int argc, char **argv, or_options_t *options) {
   options->DirRebuildPeriod = 600;
   options->DirFetchPeriod = 6000;
   options->KeepalivePeriod = 300;
+  options->OnionsPerSecond = 50;
 //  options->ReconnectPeriod = 6001;
   options->Role = ROLE_OR_LISTEN | ROLE_OR_CONNECT_ALL | ROLE_OP_LISTEN | ROLE_AP_LISTEN;
 
diff --git a/src/or/main.c b/src/or/main.c
index ef0f3e55f..6d8961d25 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -301,7 +301,7 @@ void check_conn_marked(int i) {
 
 int prepare_for_poll(int *timeout) {
   int i;
-  int need_to_refill_buckets = 0;
+  int need_to_wake_soon = 0;
   connection_t *conn = NULL;
   connection_t *tmpconn;
   struct timeval now, soonest;
@@ -371,28 +371,32 @@ int prepare_for_poll(int *timeout) {
   }
   assert(*timeout >= 0);
   /* blow away any connections that need to die. can't do this later
-   * because we might open up a circuit and not realize it.
+   * because we might open up a circuit and not realize it we're about to cull it.
    */
   for(i=0;i<nfds;i++)
     check_conn_marked(i); 
 
-  /* check if we need to refill buckets */
+  /* check if we need to refill buckets or zero out any per-second stats */
   for(i=0;i<nfds;i++) {
-    if(connection_receiver_bucket_should_increase(connection_array[i])) {
-      need_to_refill_buckets = 1;
+    if(connection_receiver_bucket_should_increase(connection_array[i]) ||
+       connection_array[i]->onions_handled_this_second) {
+      need_to_wake_soon = 1;
       break;
     }
   }
 
-  if(need_to_refill_buckets) {
+  if(need_to_wake_soon) {
     if(now.tv_sec > current_second) { /* the second has already rolled over! */
 //      log(LOG_DEBUG,"prepare_for_poll(): The second has rolled over, immediately refilling.");
-      for(i=0;i<nfds;i++)
+      for(i=0;i<nfds;i++) {
         connection_increment_receiver_bucket(connection_array[i]);
+        connection_array[i]->onions_handled_this_second = 0;
+      }
       current_second = now.tv_sec; /* remember which second it is, for next time */
+    } else {
+      /* this timeout is definitely sooner than any of the above ones */
+      *timeout = 1000 - (now.tv_usec / 1000); /* how many milliseconds til the next second? */
     }
-    /* this timeout is definitely sooner than any of the above ones */
-    *timeout = 1000 - (now.tv_usec / 1000); /* how many milliseconds til the next second? */
   }
 
   if(options.LinkPadding) {
diff --git a/src/or/or.h b/src/or/or.h
index a2dd9b328..d9e466970 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -216,6 +216,8 @@ typedef struct
 
   long timestamp_created;
 
+  int onions_handled_this_second;
+
 //  uint16_t aci; /* anonymous connection identifier */
 
 /* used by OR and OP: */
@@ -376,6 +378,7 @@ typedef struct
    int DirRebuildPeriod;
    int DirFetchPeriod;
    int KeepalivePeriod;
+   int OnionsPerSecond;
    int Role;
    int loglevel;
 } or_options_t;
author	Roger Dingledine <arma@torproject.org>	2002-11-23 08:49:03 +0000
committer	Roger Dingledine <arma@torproject.org>	2002-11-23 08:49:03 +0000
commit	ab0aee04d910520ca8e683356069e53997908b85 (patch)
tree	a0736d3b2b49802b7e1ad1d80479dc353814fe83 /src
parent	00a9e3732e88d73860b772dcbac0b8275aa7f467 (diff)
download	tor-ab0aee04d910520ca8e683356069e53997908b85.tar tor-ab0aee04d910520ca8e683356069e53997908b85.tar.gz