[tor-bugs] #7912 [Tor]: Cells that don't get inserted into cell queues can clog connection flushing

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 14 10:58:46 UTC 2013


#7912: Cells that don't get inserted into cell queues can clog connection flushing
-----------------------+----------------------------------------------------
 Reporter:  asn        |          Owner:                    
     Type:  defect     |         Status:  needs_review      
 Priority:  normal     |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor        |        Version:                    
 Keywords:  tor-relay  |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------

Comment(by cypherpunks):

 What about 0.2.3.x, non fixed 0.2.3.x leaves working attack alone for
 almost year or more till 0.2.4.x become stable and majority relays
 upgraded.

 It need to parse all queue to find any a queued destroy cell that has some
 circuitID, if queue huge enough then it leads to DoS. It's possible to
 create bitfield with present ID in the destroy queue but that req 4KB per
 conn.

 The best fix in theory is to detach cell queues to independent creature
 and to use it as pipe that every time attached by one end to conn and
 another end attached to circuit if needed. It must be detachable from
 circuit. It need to free only if no attach to circuit and no cells. Queue
 must be marked as active or non active instead of circuit as it does right
 now. And so on.

 Once such design implemented it need to discuss what to do with exist
 cells on the queue if destroy cell appends to it.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7912#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list