[tor-bugs] #23512 [Core Tor/Tor]: Bandwidth stats watermark can be induced using OOM killer
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 13 03:46:06 UTC 2018
#23512: Bandwidth stats watermark can be induced using OOM killer
-------------------------------------------------+-------------------------
Reporter: asn | Owner: (none)
Type: defect | Status:
| needs_review
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-bug-bounty, congestion-attack, | Actual Points:
research, watermark, tor-stats, guard- |
discovery-stats, 034-triage-20180328, |
034-removed-20180328 |
Parent ID: | Points:
Reviewer: | Sponsor:
| SponsorQ
-------------------------------------------------+-------------------------
Changes (by mikeperry):
* status: new => needs_review
* cc: dgoulet (added)
Comment:
Ok what do we think about this: https://github.com/torproject/tor/pull/324
I made that branch off of 0.3.2, because yesterday dgoulet told me that
the network is still experiencing continuous OOM attacks, trigging circuit
oomkiller. This very well could be (one of) the reasons for such attacks.
So I think we should backport. Certainly plenty of relays are experiencing
circuit OOMs and reporting asymmetric stats.
Instead of trying to guess when the bytes arrived and subtract them from
the appropriate read totals, I just report that we wrote them instead.
Much simpler, easier to backport, etc.
Downsides of this fix (and probably any other fix): We don't know how many
bytes the TLS headers took up. For this reason, I also didn't bend over
backwards to count bytes for var cells, wide circ ids, etc. Do we think
that is sufficient? Should we lie and add ~1 TLS header of bytes per cell?
Are there other places where we kill circuits like this?
Dgoulet - what about the DoS/DESTROY queue handling?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23512#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list