[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem

#24902: Denial of Service mitigation subsystem
-------------------------------------------------+-------------------------
 Reporter:  dgoulet                              |          Owner:  dgoulet
     Type:  enhancement                          |         Status:
                                                 |  merge_ready
 Priority:  Very High                            |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ddos, tor-relay, review-group-30,    |  Actual Points:
  029-backport, 031-backport, 032-backport,      |
  review-group-31, SponsorV                      |
Parent ID:                                       |         Points:
 Reviewer:  arma                                 |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 We've been testing this patch across 16 relays over the weekend. (And we
 disabled all the statistics options, because at least two of them cause
 massive RAM bloat.)

 RAM usage is down to about a gigabyte per relay.
 (Previously, it was up to 10 GB per relay.)

 On our largest guard, consensus weight 10x,xxx, we have the following
 heartbeat:
 {{{
 [notice] Heartbeat: Tor's uptime is x days xx:xx hours, with 25xxxx
 circuits open. I've sent 57xx.xx GB and received 57xx.xx GB.
 [notice] Circuit handshake stats since last time: 25xxxxx/25xxxxx TAP,
 27xxxxxx/27xxxxxx NTor.
 [notice] Since startup, we have initiated x v1 connections, x v2
 connections, x v3 connections, and 41xxx v4 connections; and received x v1
 connections, 44xxx v2 connections, 58xxx v3 connections, and 50xxxx v4
 connections.
 [notice] DoS mitigation since startup: 56xxxx circuits rejected, 2x marked
 addresses. 0 connections closed. 24xx single hop clients refused.
 }}}

 I'm about to remove all our custom DoS mitigations, including the
 firewall. I'll report back in a day or two on how that goes.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:67>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs