[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #25226 [Core Tor/Tor]: Circuit cell queue can fill up memory



#25226: Circuit cell queue can fill up memory
-------------------------------------------------+-------------------------
 Reporter:  dgoulet                              |          Owner:  dgoulet
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-cell, tor-relay, tor-dos,        |  Actual Points:
  033-must                                       |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Replying to [comment:9 dgoulet]:
 > An upper limit on the circuit queue bound with the SENDME logic would
 look like this: `bug25226_033_01`
 >
 > The gist is that if the queue size goes above the circuit window start
 maximum limit (1000), the circuit is closed with TORPROTOCOL reason.
 Assuming we ever reach that limit, it means something is wrong in the path
 and the edge connection keeps sending stuff even though it shouldn't.

 tor-spec.txt:
 > To control a circuit's bandwidth usage, each OR **keeps track of** two
 'windows', consisting of how many **RELAY_DATA cells** it is allowed to
 originate (package for transmission), and how many **RELAY_DATA cells** it
 is willing to consume (receive for local streams). **These limits do not
 apply to cells that the OR receives from one host and relays to another**.

 tor-design.pdf:
 > **Leaky-pipe circuit topology**: Through in-band signaling within the
 circuit, Tor initiators can direct traffic to nodes partway down the
 circuit. This novel approach allows traffic to exit the circuit from the
 middle — possibly frustrating traffic shape and volume attacks based on
 observing the end of the circuit. (It also allows for long-range padding
 if future research shows this to be worthwhile.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25226#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs