[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 29 08:06:33 UTC 2018 

#24902: Denial of Service mitigation subsystem
-------------------------------------------------+-------------------------
 Reporter:  dgoulet                              |          Owner:  dgoulet
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Very High                            |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ddos, tor-relay, review-group-30,    |  Actual Points:
  029-backport, 031-backport, 032-backport,      |
  review-group-31                                |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arma):

 {{{
 +             "DoS mitigation since startup:%s%s%s",
 }}}

 We should make a decision here about whether heartbeat info should be
 "since last heartbeat" or "since startup". I think we have a mixture of it
 right now:
 {{{
 Jan 29 01:48:16.972 [notice] Heartbeat: Tor's uptime is 1 day 11:59 hours,
 with 207915 circuits open. I've sent 4020.40 GB and received 4106.65 GB.
 Jan 29 01:48:16.972 [notice] Circuit handshake stats since last time:
 1456490/1456490 TAP, 85381513/85381513 NTor.
 Jan 29 01:48:16.972 [notice] Since startup, we have initiated 0 v1
 connections, 0 v2 connections, 8 v3 connections, and 34886 v4 connections;
 and received 457 v1 connections, 41063 v2 connections, 78264 v3
 connections, and 657961 v4 connections.
 Jan 29 01:48:16.972 [notice] DoS mitigation since startup: 5094873 cells
 rejected, 40 marked address. 2618 MB have been dropped. 4238710 connection
 rejected. 413638 single hop client refused.
 }}}

 Looks like bandwidth info, connection info, and now DoS info, are since
 startup. Whereas circuit handshake info is since last heartbeat.

 I would think that for DoS info, like circuit info, the thing I most want
 to know is "very recently, what happened"? So I personally would prefer
 the "since last time" data. But I can totally see this going either way.

 Speaking of heartbeat, "40 marked address" doesn't tell me how many
 addresses are being rejected *right now*. In fact, this could be a single
 address that got marked 40 times since startup of my relay? (I guess not
 quite because I have 36 hours of uptime and there were 40 marked
 addresses, but it's close.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:41>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list