[tor-bugs] #24687 [Core Tor/Tor]: Tor eats all mbufs on FreeBSD
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 20 19:37:59 UTC 2017
#24687: Tor eats all mbufs on FreeBSD
--------------------------+----------------------------------
Reporter: AMDmi3 | Owner: (none)
Type: defect | Status: new
Priority: High | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version: Tor: 0.3.1.9
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+----------------------------------
Comment (by AMDmi3):
Thanks for pointers, I'll read the maillist.
While here, I need to clarify some bits. mbufs/mbuf clusters are units of
memory management in FreeBSD kernel IPC subsystems. In particular, socket
buffers are stored in mbufs. There's a (tunable) systemwide limit on
maximal number of mbuf clusters, and when it's reached no more mbufs are
allocated and incoming packets may no longer be processed, which results
in network completely dead for a whole machine. This is what happens here.
Since it's related to kernel memory management, it's unlikely that it
could be fixed by tor memory options. My guess is that the attack makes
tor open a lot of sockets and fills their buffers. In theory, on my
FreeBSD setup it allows taking up to (sysctl net.inet.tcp.recvspace *
min(sysctl kern.ipc.maxsockets, ulimit -n)) = (65536 * 31740) ~= 2G of
kernel memory. The machine only has 1G, but mbuf limit is hit before the
memory is exhausted anyway.
This could be fixed by limiting the max number of open files for tor with
some low value, but my graphs show that it needs at least 6k sockets as it
is, so any sane limit (around 10k) will still allow to take a lot of
memory. So it should probably be handled on the tor side somehow, limiting
number of connections which take a lot of memory (I assume normal
connections don't consume this much) or tuning socket buffer sizes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24687#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list