make tor (client) DoSStreamCreation aware
Summary
tor in client mode should be aware of the consensus parameters around the DoSStreamCreation protection mechanism to avoid overloading exit relays.
What is the expected behavior?
A tor client should not exceed DoSStreamCreationRate
and DoSStreamCreationBurst
when consensus enabled DoSStreamCreationEnabled
.
DoSStreamCreationEnabled 0|1|auto Enable the stream DoS mitigation. If set to 1 (enabled), tor will apply rate limit on the creation of new streams and dns requests per circuit. "auto" means use the consensus parameter. If not defined in the consensus, the value is 0. (Default: auto) DoSStreamCreationDefenseType NUM This is the type of defense applied to a detected circuit or stream for the stream mitigation. The possible values are: 1: No defense. 2: Reject the stream or resolve request. 3: Close the circuit creating too many streams. "0" means use the consensus parameter. If not defined in the consensus, the value is 2. (Default: 0) DoSStreamCreationRate NUM The allowed rate of stream creation from a single circuit per second. Coupled with the burst (see below), if the limit is reached, actions can be taken against the stream or circuit (DoSStreamCreationDefenseType). If not defined or set to 0, it is controlled by a consensus parameter. If not defined in the consensus, the value is 100. (Default: 0) DoSStreamCreationBurst NUM The allowed burst of stream creation from a circuit per second. See the DoSStreamCreationRate for more details on this detection. If not defined or set to 0, it is controlled by a consensus parameter. If not defined in the consensus, the value is 300. (Default: 0)
https://lists.torproject.org/pipermail/tor-relays/2024-April/021627.html