[tor-bugs] #25226 [Core Tor/Tor]: Circuit cell queue can fill up memory

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 27 19:57:19 UTC 2018


#25226: Circuit cell queue can fill up memory
-------------------------------------------------+-------------------------
 Reporter:  dgoulet                              |          Owner:  dgoulet
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-cell, tor-relay, tor-dos,        |  Actual Points:
  033-must                                       |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 Replying to [comment:11 cypherpunks]:
 > Replying to [comment:9 dgoulet]:
 > > An upper limit on the circuit queue bound with the SENDME logic would
 look like this: `bug25226_033_01`
 > >
 > > The gist is that if the queue size goes above the circuit window start
 maximum limit (1000), the circuit is closed with TORPROTOCOL reason.
 Assuming we ever reach that limit, it means something is wrong in the path
 and the edge connection keeps sending stuff even though it shouldn't.
 >
 > tor-spec.txt:
 > > To control a circuit's bandwidth usage, each OR **keeps track of** two
 'windows', consisting of how many **RELAY_DATA cells** it is allowed to
 originate (package for transmission), and how many **RELAY_DATA cells** it
 is willing to consume (receive for local streams). **These limits do not
 apply to cells that the OR receives from one host and relays to another**.

 We can change this part of the spec.

 > tor-design.pdf:
 > > **Leaky-pipe circuit topology**: Through in-band signaling within the
 circuit, Tor initiators can direct traffic to nodes partway down the
 circuit. This novel approach allows traffic to exit the circuit from the
 middle — possibly frustrating traffic shape and volume attacks based on
 observing the end of the circuit. (It also allows for long-range padding
 if future research shows this to be worthwhile.)

 Standard Tor clients do not use this feature, but they get close:
 * connection netflow padding is at link level, not circuit level
 * client introduce circuits send a single INTRODUCE1 cell, then EXTEND if
 the introduction fails

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25226#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list