[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 29 08:42:31 UTC 2018

#24902: Denial of Service mitigation subsystem
 Reporter:  dgoulet                              |          Owner:  dgoulet
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Very High                            |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ddos, tor-relay, review-group-30,    |  Actual Points:
  029-backport, 031-backport, 032-backport,      |
  review-group-31                                |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by arma):

 get_circuit_rate_per_second() still isn't doing what I think you wanted.

 Let's say dos_cc_circuit_rate_tenths is 19, i.e. 1.9 circuits per second.

 Then get_circuit_rate_per_second() will return
 {{{dos_cc_circuit_rate_tenths / 10}}} which is 1. Then later you'll
 compute {{{num_token = elapsed_time_last_refill * circuit_rate}}} and
 you'll be adding 1 circ per second to the token bucket.

 I think if you want to keep the "tenths" notion, you need the rounding-
 down to happen when you're computing num_token, and not before. That is,
 you want to compute elapsed_time_since_refill * dos_cc_circuit_rate_tenths
 and then divide *that* by 10.

 (It still won't be totally accurate, since whenever you get a create cell
 you'll call this refill function and discard the "fractional" circuit that
 you didn't add to the bucket. But I think that's ok.)

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list