[tor-bugs] #18640 [Core Tor/Tor]: Use smarter algorithms to handle socket exhaustion

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jun 26 07:42:18 UTC 2016


#18640: Use smarter algorithms to handle socket exhaustion
----------------------------------------+------------------------------
 Reporter:  nickm                       |          Owner:  andrea
     Type:  enhancement                 |         Status:  assigned
 Priority:  Medium                      |      Milestone:
Component:  Core Tor/Tor                |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  tor-dos, TorCoreTeam201606  |  Actual Points:
Parent ID:  #17293                      |         Points:  3
 Reviewer:                              |        Sponsor:  SponsorU-can
----------------------------------------+------------------------------

Comment (by andrea):

 Notes on handling OOS:

 Sockets probably account for most of the descriptor use in a running Tor
 process, but we should make the maximum socket count a little lower than
 the maximum number of descriptors so they can't block us from opening
 files.
 We'll need a heuristic to decide which connections are least harmful to
 kill analogous to OOM handling, but the first step is building plumbing
 to get a chance to run an OOS handler.

 Per compat.c, sockets are created (and the socket counter adjusted) in
 tor_socketpair() (AF_UNIX only), tor_open_socket() and
 tor_accept_socket(), and
 the _nonblocking/_with_extensions versions of those functions.

 Call sites:

  - tor_open_socket_nonblocking() called in three places, all in
 connection.c

    - connection_listener_new() (2 call sites)
    - connection_connect_sockaddr()

  - tor_accept_socket_nonblocking() called in one place, in
 connection_handle_listener_read()

  - open_socket() calls in src/ext/eventdns.c ?

  - get_n_open_sockets() returns counter

  - socket exhaustion can be detected by open/accept failing with
    errno EMFILE, ENFILE, ENOBUFS, ENOMEM.

  - For testing purposes, we can artificially restrict number of
 descriptors
    to trigger socket exhaustion using ulimit -n.

 We can build an OOS handler analogous to circuits_handle_oom called with
 current number of open sockets and an indicator of whether one just failed
 with one of the socket exhaustion related errnos from open_socket()/accept
 call sites.  It can then compare socket count against a new config setting
 parallel to the MaxMemInQueues setting the OOM handler relies on to decide
 if it needs to act.

  - How should we set the default of the number of sockets?  On Linux
    getrlimit(RLIMIT_NOFILE) works, but what about elsewhere?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18640#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list