[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7912 [Tor]: Cells that don't get inserted into cell queues can clog connection flushing
#7912: Cells that don't get inserted into cell queues can clog connection flushing
-----------------------+----------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-relay | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Comment(by cypherpunks):
What about 0.2.3.x, non fixed 0.2.3.x leaves working attack alone for
almost year or more till 0.2.4.x become stable and majority relays
upgraded.
It need to parse all queue to find any a queued destroy cell that has some
circuitID, if queue huge enough then it leads to DoS. It's possible to
create bitfield with present ID in the destroy queue but that req 4KB per
conn.
The best fix in theory is to detach cell queues to independent creature
and to use it as pipe that every time attached by one end to conn and
another end attached to circuit if needed. It must be detachable from
circuit. It need to free only if no attach to circuit and no cells. Queue
must be marked as active or non active instead of circuit as it does right
now. And so on.
Once such design implemented it need to discuss what to do with exist
cells on the queue if destroy cell appends to it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7912#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs