[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 29 07:11:55 UTC 2018


#24902: Denial of Service mitigation subsystem
-------------------------------------------------+-------------------------
 Reporter:  dgoulet                              |          Owner:  dgoulet
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Very High                            |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ddos, tor-relay, review-group-30,    |  Actual Points:
  029-backport, 031-backport, 032-backport,      |
  review-group-31                                |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arma):

 I've been running dgoulet's ticket24902_029_04 with the following
 additional patch to make channel_is_client() not be a lie:
 {{{
 diff --git a/src/or/channeltls.c b/src/or/channeltls.c
 index 09cca95..7ad8a8c 100644
 --- a/src/or/channeltls.c
 +++ b/src/or/channeltls.c
 @@ -1640,6 +1640,7 @@ channel_tls_process_netinfo_cell(cell_t *cell,
 channel_tls
          tor_assert(tor_digest_is_zero(
                    (const char*)(chan->conn->handshake_state->
                        authenticated_peer_id)));
 +        channel_mark_client(TLS_CHAN_TO_BASE(chan));
          channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
                 chan->conn->link_proto <
 MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);

 diff --git a/src/or/connection_or.c b/src/or/connection_or.c
 index dadfdc4..8beedca 100644
 --- a/src/or/connection_or.c
 +++ b/src/or/connection_or.c
 @@ -1880,6 +1880,12 @@ connection_or_set_state_open(or_connection_t *conn)
    connection_or_change_state(conn, OR_CONN_STATE_OPEN);
    control_event_or_conn_status(conn, OR_CONN_EVENT_CONNECTED, 0);

 +  /* Link protocol 3 appeared in Tor 0.2.3.6-alpha, so any connection
 +   * that uses an earlier link protocol should not be treated as a relay.
 */
 +  if (conn->link_proto < 3) {
 +    channel_mark_client(TLS_CHAN_TO_BASE(conn->chan));
 +  }
 +
    or_handshake_state_free(conn->handshake_state);
    conn->handshake_state = NULL;
    connection_start_reading(TO_CONN(conn));
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list