[tor-bugs] #24666 [Core Tor/Tor]: sched: Store the circuit ID instead of the full DESTROY cell in the destroy queue
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 19 20:42:31 UTC 2017
#24666: sched: Store the circuit ID instead of the full DESTROY cell in the destroy
queue
-------------------------+-------------------------------------------------
Reporter: dgoulet | Owner: nickm
Type: defect | Status: assigned
Priority: Very | Milestone: Tor: 0.3.2.x-final
High |
Component: Core | Version:
Tor/Tor | Keywords: tor-sched, tor-cell,
Severity: Normal | backport-031,backport-030, backport-029,
| backport-028, backport-025
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------+-------------------------------------------------
Tor currently keeps the DESTROY cells it needs to relay on the
`cmux->destroy_queue` but it keeps the entire `packed_cell_t` which is a
full 514 bytes usually.
Instead, we should keep the `circid_t` because this is really only what we
need which would shrink down the used memory by a factor of 128x.
We've observed this on very loaded relays getting DoS with CREATE/DESTROY
cells at high rate by many clients which is filling the DESTROY queue
while tor is struggling to flush them on the network towards a relay that
is also struggling.
This needs to be backported as far as we can in order to avoid relays
being memory DoS too hard. The next step is to make our OOM consider those
DESTROY cells but that is a bit more involving.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24666>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list