[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 29 08:26:25 UTC 2018


#24902: Denial of Service mitigation subsystem
-------------------------------------------------+-------------------------
 Reporter:  dgoulet                              |          Owner:  dgoulet
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Very High                            |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ddos, tor-relay, review-group-30,    |  Actual Points:
  029-backport, 031-backport, 032-backport,      |
  review-group-31                                |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arma):

 {{{
 +  if (dos_cc_get_defense_type(chan) == DOS_CC_DEFENSE_REFUSE_CELL) {
 +    channel_send_destroy(cell->circ_id, chan,
 +                         END_CIRC_REASON_TORPROTOCOL);
 }}}
 Should we use END_CIRC_REASON_RESOURCELIMIT instead?

 I could see us using TORPROTOCOL but in that case we should add something
 to the tor specs describing what behavior is violating the protocol.

 For comparison, we use END_CIRC_REASON_RESOURCELIMIT right now when our
 create cell queue is too full so we're preemptively failing the circuit.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:43>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list