[tor-bugs] #9670 [Tor]: Disable exploratory client circuit builds during botnet
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 5 04:11:44 UTC 2013
#9670: Disable exploratory client circuit builds during botnet
------------------------+--------------------------------
Reporter: arma | Owner:
Type: task | Status: new
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-auth
Actual Points: | Parent ID: #9657
Points: |
------------------------+--------------------------------
Comment (by arma):
Replying to [comment:8 mikeperry]:
> Actually, maybe we want to let the test frequency be low enough to
compute a discarded CBT sooner rather than later, otherwise we're left
with a very low idle timeout in circuit_expire_old_circuits_clientside(),
which may also increase the number of circuits that get built.
The low value in circuit_expire_old_circuits_clientside() is 10 minutes,
compared to 60 minutes normally.
I think there's no reason to induce any more circuits than we'll make
naturally, by making circuits to handle port 80 on startup and to handle
whatever actual use there is after that.
So in sum, I'm a fan of cbtmincircs=10 cbttestfreq=1000000.
As for setting cbtmintimeout, I'm not so clear on the expected benefit
here. I guess it would make us build fewer circuits, since we're more
willing to use crappy circuits. But there could be a steep cost in mean
performance.
I'm inclined to start out trying just mincircs and testfreq.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9670#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list