[tor-bugs] #25226 [Core Tor/Tor]: Circuit cell queue can fill up memory
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 27 17:30:56 UTC 2018
#25226: Circuit cell queue can fill up memory
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: dgoulet
Type: defect | Status:
| needs_review
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-cell, tor-relay, tor-dos, | Actual Points:
033-must, review-group-34, security, |
033-triage-20180320, 033-included-20180320 |
Parent ID: | Points:
Reviewer: arma | Sponsor:
-------------------------------------------------+-------------------------
Comment (by arma):
Replying to [comment:1 dgoulet]:
> This is *not* trivial so I'll try to explain what I can see:
>
> In `append_cell_to_circuit_queue()`, there is a check on the cell queue
for a maximum size which then makes the circuit to stop reading on the
connection if reached:
Careful here! You're right, but by "connection" you mean edge connection,
or stream. Not TLS ("OR") connection.
> Lets use the example where we are a Guard and we have an `or_circuit_t`
with the "p_chan" being the client connection and the "n_chan" being the
connection to the middle node.
>
> If we set the block on `n_chan`, we would only stop the read() if the
circuit is origin because `p_streams` is only set on a tor client.
Correct. That whole set_streams_blocked_on_circ() business is for
*streams*, i.e. edge connections. Specifically, origin streams when we're
a client, or exit streams when we're an exit.
> Does this means that if we try to deliver a cell forward (n_chan), even
though we've reached the high limit, we'll still queue it because there is
never a time where we check if we are blocked on "n_chan" at the relay
level?
Yes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25226#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list