[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 29 16:39:51 UTC 2018

#24902: Denial of Service mitigation subsystem
 Reporter:  dgoulet                              |          Owner:  dgoulet
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Very High                            |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ddos, tor-relay, review-group-30,    |  Actual Points:
  029-backport, 031-backport, 032-backport,      |
  review-group-31                                |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by dgoulet):

 Replying to [comment:41 arma]:
 > I would think that for DoS info, like circuit info, the thing I most
 want to know is "very recently, what happened"? So I personally would
 prefer the "since last time" data. But I can totally see this going either

 I implemented that before but then I switched because I wanted to have a
 big picture of the DoS where stats every heartbeat gives you an idea of
 the "right now" situation.

 I do think both would be useful tbh because for instance the "marked
 address" will go to some number then at some point will be 0 all the time
 because your tor marked all the addresses so that could be a bit
 confusing. Wouldn't be complicated to have both counts, a long term one
 and a "since last heartbeat" ?

 > Speaking of heartbeat, "40 marked address" doesn't tell me how many
 addresses are being rejected *right now*. In fact, this could be a single
 address that got marked 40 times since startup of my relay? (I guess not
 quite because I have 36 hours of uptime and there were 40 marked
 addresses, but it's close.)

 You can "double mark" an address only if it is marked once then removed
 from the geoip cache and then it comes back and marked again. In that
 case, the counter will do a ++ twice for the same address.

 Once the `marked_until_ts` is set, it is never put back to 0 so it can't
 be counted twice unless the entry is removed from the geoip cache.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:47>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list