[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #28511 [Core Tor/Tor]: Limit the number of open testing circuits, and the total number of testing circuits
#28511: Limit the number of open testing circuits, and the total number of testing
circuits
-------------------------------------------------+-------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.4.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-bwauth, tor-dos, 035-backport, | Actual Points:
034-backport-maybe, 033-backport-maybe, 029 |
-backport-maybe-not |
Parent ID: #22453 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Description changed by teor:
Old description:
> Tor relays can open many more testing circuits than they need:
>
> When Tor is doing its first ORPort reachability test, it initiates one
> testing circuit after the first successful circuit, then one testing
> circuit per second until the ORPort is found reachable. Then it gives up
> after 20 minutes. (1200 circuits is definitely too many.)
>
> When tor receives any descriptor or consensus, it does another ORPort
> reachability test, and initiates a testing circuit.
>
> When a testing circuit opens, and there aren't enough testing circuits to
> test bandwidth, then tor initiates another testing circuit.
>
> When a testing circuit expires, tor doesn't stop opening testing circuits
> to replace it.
>
> We should place a timeout on bandwidth testing, a limit on the number of
> open testing circuits, and a limit on the total number of testing
> circuits that tor will builds over a certain time. (Maybe an hour?)
>
> We should be careful to make these limits apply to relays, but not
> authorities. Authorities need to test a large number of relays every
> hour.
New description:
Tor relays can open many more testing circuits than they need:
When Tor is doing its first ORPort reachability test, it initiates one
testing circuit after the first successful circuit, then one testing
circuit per second until the ORPort is found reachable. Then it gives up
after 20 minutes. (1200 circuits is definitely too many.)
When tor receives any descriptor or consensus, it does another ORPort
reachability test, and initiates a testing circuit.
When a testing circuit opens, and there aren't enough testing circuits to
test bandwidth, then tor initiates another testing circuit.
When a testing circuit expires, tor doesn't stop opening testing circuits
to replace it.
We should place a timeout on bandwidth testing (the same as reachability
tests?), a limit on the number of in-progress and open testing circuits
(NUM_PARALLEL_TESTING_CIRCS*3/2 ?), and a limit on the total number of
testing circuits that tor will build over a certain time
(NUM_PARALLEL_TESTING_CIRCS*3 an hour?).
We should be careful to make these limits apply to relays, but not
authorities. Authorities need to test a large number of relays every hour.
Edit: suggest some limits
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28511#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs