[tor-bugs] #12184 [Tor]: Circuit on detached list which I had no reason to mark
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 11 18:39:25 UTC 2014
#12184: Circuit on detached list which I had no reason to mark
-----------------------------+--------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version: Tor: 0.2.5.4-alpha
Resolution: | Keywords: 024-backport 025-triaged
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------------
Comment (by nickm):
To explain more about my "bug12184_diagnostic" branch, currently pending
review:
There are two possibilities behind this bug as far as I can tell:
1. There really are ~32K pending DESTROY cells waiting to get flushed on
these channels.
A. Because a huge number of circuits all died at once, and we're
flushing their DESTROY cells fairly.
B. Because there is a bug that makes us not flush destroy cells.
2. These circuit IDs are marked unusable in the
(circuitid,channel)->circuit map, but they are not really unusable.
A. They should never have been marked.
B. They were marked correctly on this channel, but when we sent a
DESTROY cell, they never got un-marked.
C. They were marked correctly on this channel, but for some reason we
never sent a DESTROY cell, so they never got un-marked.
D. They were marked correctly on another channel. When that channel
was freed, the (circuitid,channel) pair was never marked as usable again.
Later, another channel was created, and received the same address as the
original channel.
I think that we can learn whether case 1.1 or case 1.2 applies by logging
how many destroy cells are pending when we hit this error case. (My patch
also checks the count of pending destroy cells for correctness, and for
consistency with the (circid,channel) map.)
I think we can learn whether one of the 2.1..2.4 subcases applies by the
timestamps my patch adds to the placeholder entries. If any entry older
than the channel, we'll know that it's case 2.4. If all entries are very
new, we can guess case 1.1. If the entries are very old but not older
than the channel, we can guess that it's one of 1.2 or 2.1..3, depending
on the result from logging how many destroy cells are pending.
At that point, we will know what to investigate more closely.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12184#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list