[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 23 11:27:29 UTC 2018
#24902: Denial of Service mitigation subsystem
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: dgoulet
Type: enhancement | Status:
| needs_review
Priority: Very High | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ddos, tor-relay, review-group-30, | Actual Points:
029-backport, 031-backport, 032-backport |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by teor):
Replying to [comment:29 arma]:
> Replying to [comment:24 teor]:
> > We could increase the cbtmintimeout consensus parameter to a really
high value. (Which seemed to work well on my relays.) But the client's
timeout would only stay high if almost all relays delayed almost all
circuits created by these clients.
>
> No, I think the only way to get a higher timeout for establish-
rendezvous attempts is if the user manually set their
options->CircuitStreamTimeout. The code as you say is
> {{{
> /* CIRCUIT_PURPOSE_C_ESTABLISH_REND behaves more like a RELAY cell.
> * Use the stream cutoff (more or less). */
> SET_CUTOFF(stream_cutoff, MAX(options->CircuitStreamTimeout,15)*1000 +
1000);
> }}}
> which does not reference get_circuit_build_timeout_ms(). :(
I was talking about dropping other types of cells earlier in circuit
construction. Those purposes reference get_circuit_build_timeout_ms().
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list