[tor-bugs] #28511 [Core Tor/Tor]: Limit the number of open testing circuits, and the total number of testing circuits
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 19 03:43:55 UTC 2018
#28511: Limit the number of open testing circuits, and the total number of testing
circuits
-------------------------------------------------+-------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.4.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-bwauth, tor-dos, 035-backport, | Actual Points:
034-backport-maybe, 033-backport-maybe, 029 |
-backport-maybe-not |
Parent ID: #22453 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Description changed by teor:
Old description:
> Tor relays can open many more testing circuits than they need:
>
> When Tor is doing its first ORPort reachability test, it initiates one
> testing circuit after the first successful circuit, then one testing
> circuit per second until the ORPort is found reachable. Then it gives up
> after 20 minutes. (1200 circuits is definitely too many.)
>
> When tor receives any descriptor or consensus, it does another ORPort
> reachability test, and initiates a testing circuit.
>
> When a testing circuit opens, and there aren't enough testing circuits to
> test bandwidth, then tor initiates another testing circuit.
>
> When a testing circuit expires, tor doesn't stop opening testing circuits
> to replace it.
>
> We should place a timeout on bandwidth testing (the same as reachability
> tests?), a limit on the number of in-progress and open testing circuits
> (NUM_PARALLEL_TESTING_CIRCS*3/2 ?), and a limit on the total number of
> testing circuits that tor will build over a certain time
> (NUM_PARALLEL_TESTING_CIRCS*3 an hour?).
>
> We should be careful to make these limits apply to relays, but not
> authorities. Authorities need to test a large number of relays every
> hour.
>
> Edit: suggest some limits
New description:
Tor relays can open many more testing circuits than they need:
When Tor is doing its first ORPort reachability test, it initiates one
testing circuit after the first successful circuit, then one testing
circuit per second until the ORPort is found reachable. Then it gives up
after 20 minutes. (1200 circuits is definitely too many.)
When tor receives any descriptor or consensus, it does another ORPort
reachability test, and initiates a testing circuit.
When a testing circuit opens, and there aren't enough testing circuits to
test bandwidth, then tor initiates another testing circuit.
When a testing circuit expires, tor doesn't stop opening testing circuits
to replace it.
We should place a timeout on bandwidth testing (the same as reachability
tests?), a limit on the number of in-progress and open testing circuits
(NUM_PARALLEL_TESTING_CIRCS*3/2 ?), and a limit on the total number of
testing circuits that tor will build over a certain time
(NUM_PARALLEL_TESTING_CIRCS*3 an hour?).
We should also reduce the frequency of the initial ORPort testing circuit
callback, so those circuits are spread out over the 20 minute ORPort
testing interval.
We should be careful to make these limits apply to relays, but not
authorities. Authorities need to test a large number of relays every hour.
Edit: suggest some limits
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28511#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list