[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9093 [Tor]: Better, fairer circuit OOM handling
#9093: Better, fairer circuit OOM handling
-----------------------------+----------------------------------------
Reporter: nickm | Owner:
Type: enhancement | Status: needs_review
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-relay 023-backport oom
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------------------------
Comment (by arma):
Patch looks fine. The only part that popped out as weird is where
circuit_max_queued_cell_age() looks at both the age in the n_conn and also
the age in the p_conn.
We've been mostly phrasing the attack as an attack on guards, so in that
case only p_conn matters. But I guess we could imagine this attack where
you extend your circuit to a colluding relay (maybe even not one in the
consensus), and then do the attack in reverse. Sounds good.
The other variant of the attack, where we upload a large file to a
colluding webserver which stops reading, in hopes of filling the ram at
the exit relay... I guess the exit will stop sending sendmes when the
webserver stops accepting bytes. Which means the attack would be a
parallel one, where you queue your 500 cells (250KB) and then move on to a
new connection to do it again. Is that variant handled by this fix (do
most of those cells hang out on an edge outbuf, or in a circuit queue?),
or is it a new ticket?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9093#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs