[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 29 08:42:31 UTC 2018
#24902: Denial of Service mitigation subsystem
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: dgoulet
Type: enhancement | Status:
| needs_review
Priority: Very High | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ddos, tor-relay, review-group-30, | Actual Points:
029-backport, 031-backport, 032-backport, |
review-group-31 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by arma):
get_circuit_rate_per_second() still isn't doing what I think you wanted.
Let's say dos_cc_circuit_rate_tenths is 19, i.e. 1.9 circuits per second.
Then get_circuit_rate_per_second() will return
{{{dos_cc_circuit_rate_tenths / 10}}} which is 1. Then later you'll
compute {{{num_token = elapsed_time_last_refill * circuit_rate}}} and
you'll be adding 1 circ per second to the token bucket.
I think if you want to keep the "tenths" notion, you need the rounding-
down to happen when you're computing num_token, and not before. That is,
you want to compute elapsed_time_since_refill * dos_cc_circuit_rate_tenths
and then divide *that* by 10.
(It still won't be totally accurate, since whenever you get a create cell
you'll call this refill function and discard the "fractional" circuit that
you didn't add to the bucket. But I think that's ok.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list