class DefinitionParser extends Object
Constructor and Description |
---|
DefinitionParser() |
Modifier and Type | Method and Description |
---|---|
(package private) static FilterDefinition |
parse(String[] definition)
Processes an array of String objects containing the human-readable definition of
the filter.
|
static FilterDefinition parse(String[] definition) throws InvalidDefinitionException
Processes an array of String objects containing the human-readable definition of the filter.
The definition of a filter is a list of Strings. Each line can represent one of these items:
The order of the definitions matters. The first threshold for a given destination (whether explicit or listed in a file) overrides any future thresholds for the same destination, whether explicit or listed in a file.
Thresholds:
A threshold is defined by the number of connection attempts a remote destination is permitted to perform over a specified number of seconds before a "breach" occurs. For example the following threshold definition "15/5" means that the same remote destination is allowed to make 14 connection attempts over a 5 second period, If it makes one more attempt within the same period, the threshold will be breached.
The threshold format can be one of the following:
15/5 default allow default deny defaultExplicit thresholds are applied to a remote destination listed in the definition itself. Examples:
15/5 explicit asdfasdfasdf.b32.i2p allow explicit fdsafdsafdsa.b32.i2p deny explicit qwerqwerqwer.b32.i2pFor convenience it is possible to maintain a list of destinations in a file and define a threshold for all of them in bulk. Examples:
15/5 file /path/throttled_destinations.txt deny file /path/forbidden_destinations.txt allow file /path/unlimited_destinations.txtRecorders keep track of connection attempts made by a remote destination, and if that breaches a certain threshold, that destination gets recorded in a given file. Examples:
30/5 record /path/aggressive.txt 60/5 record /path/very_aggressive.txt
It is possible to use a recorder to record aggressive destinations to a given file, and then use that same file to throttle them. For example, the following snippet will define a filter that initially allows all connection attempts, but if any single destination exceeds 30 attempts per 5 seconds it gets throttled down to 15 attempts per 5 seconds:
# by default there are no limits allow default # but record overly aggressive destinations 30/5 record /path/throttled.txt # and any that end up in that file will get throttled in the future 15/5 file /path/throttled.txt
It is possible to use a recorder in one tunnel that writes to a file that throttles another tunnel. It is possible to reuse the same file with destinations in multiple tunnels. And of course, it is possible to edit these files by hand.
Here is an example filter definition that applies some throttling by default, no throttling for destinations in the file "friends.txt", forbids any connections from destinations in the file "enemies.txt" and records any aggressive behavior in a file called "suspicious.txt":
15/5 default allow file /path/friends.txt deny file /path/enemies.txt 60/5 record /path/suspicious.txt
InvalidDefinitionException
- if the definition is malformed