[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #28511 [Core Tor/Tor]: Limit the number of open testing circuits, and the total number of testing circuits



#28511: Limit the number of open testing circuits, and the total number of testing
circuits
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  (none)
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.0.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-bwauth, tor-dos, 035-backport,   |  Actual Points:
  034-backport-maybe, 033-backport-maybe, 029    |
  -backport-maybe-not                            |
Parent ID:  #22453                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Description changed by teor:

Old description:

> Tor relays can open many more testing circuits than they need:
>
> When Tor is doing its first ORPort reachability test, it initiates one
> testing circuit after the first successful circuit, then one testing
> circuit per second until the ORPort is found reachable. Then it gives up
> after 20 minutes. (1200 circuits is definitely too many.)
>
> When tor receives any descriptor or consensus, it does another ORPort
> reachability test, and initiates a testing circuit.
>
> When a testing circuit opens, and there aren't enough testing circuits to
> test bandwidth, then tor initiates another testing circuit.
>
> When a testing circuit expires, tor doesn't stop opening testing circuits
> to replace it.
>
> We should place a timeout on bandwidth testing, a limit on the number of
> open testing circuits, and a limit on the total number of testing
> circuits that tor will builds over a certain time. (Maybe an hour?)
>
> We should be careful to make these limits apply to relays, but not
> authorities. Authorities need to test a large number of relays every
> hour.

New description:

 Tor relays can open many more testing circuits than they need:

 When Tor is doing its first ORPort reachability test, it initiates one
 testing circuit after the first successful circuit, then one testing
 circuit per second until the ORPort is found reachable. Then it gives up
 after 20 minutes. (1200 circuits is definitely too many.)

 When tor receives any descriptor or consensus, it does another ORPort
 reachability test, and initiates a testing circuit.

 When a testing circuit opens, and there aren't enough testing circuits to
 test bandwidth, then tor initiates another testing circuit.

 When a testing circuit expires, tor doesn't stop opening testing circuits
 to replace it.

 We should place a timeout on bandwidth testing (the same as reachability
 tests?), a limit on the number of in-progress and open testing circuits
 (NUM_PARALLEL_TESTING_CIRCS*3/2 ?), and a limit on the total number of
 testing circuits that tor will build over a certain time
 (NUM_PARALLEL_TESTING_CIRCS*3 an hour?).

 We should be careful to make these limits apply to relays, but not
 authorities. Authorities need to test a large number of relays every hour.

 Edit: suggest some limits

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28511#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs