This is an unofficial Tor version which contains a circuit limiter. If there is a multiple connections going through a circuit and hits threashold limit, it will close the connection and circuit, thus the attacker will need to create a new circuit if he wants to DDoS the onion service.
In connection_edge_finished_connecting function of connection_edge.c source, once we have a connection, we give the circuit id to the go handler
GoCircuitHandler((unsigned)edge_conn->on_circuit->n_circ_id)If a threshold is hit, the error will be returend telling to close the connection
edge_conn->end_reason = END_STREAM_REASON_RESOURCELIMIT;
edge_conn->edge_has_sent_end = 1;
connection_close_immediate(conn);
connection_mark_for_close(conn);This layer protects your onion service for making request and Tor for resource handling (no reading or writing is happening)
To build, you will need a standard build tools for building a Tor from source and a Golang compiler
Before building a Tor, navigate to
cd src/lib/goddos Execute make to build a shared lib (.so)
makeYou should now have the libgoddos.h header file and libgoddos.so shared object.
Depending on your system, copy the shared library.
For example, in MacOS you will copy to
cp libgoddos.so /usr/local/libFollow the official Tor guide on how to build the source and install any missing build tools
./autogen.sh
./configure
make
make installIf you want to make changes about threashold and ban time, open main.go and modify this 2 constants
const maxRequestsPerSecond = 3
const banTime = 30 * time.MinuteOnce you are satified with configuration, execute make and replace already installed libgoddos.so with new one.
Probably, the best thing is to move configuration for threshold and ban time to torrc config file and pass it in Go lib. (PR welcome)
NOTE
You dont need to install the Tor source again, since the Tor will load the shared library at runtime.
Feel free to contribute, please check open issues.