[tor-bugs] #29617 [- Select a component]: OOM manger wipes entire DNS cache
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 28 18:31:39 UTC 2019
#29617: OOM manger wipes entire DNS cache
--------------------+--------------------------------------
Reporter: pulls | Owner: (none)
Type: defect | Status: new
Priority: Medium | Component: - Select a component
Version: | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------+--------------------------------------
In relay.c, function cell_queues_check_size, the OOM manager attempts to
clear one tenth of MaxMemInQueues bytes from the DNS cache by calling
dns_cache_handle_oom. The function dns_cache_handle_oom, in dns.c, runs in
a loop removing cached entries that are now+n*time_inc old, until at least
the requested number of bytes have been freed. The first iteration of the
loop has n=0, and likely will not remove enough bytes. The second
iteration is way too aggressive, because:
{{{
time_inc += 3600; /* Increase time_inc by 1 hour. */
}}}
This is guaranteed to wipe the entire DNS cache, because in dns_clip_ttl
the maximum time to cache is MAX_DNS_TTL_AT_EXIT, which is set in dns.h
to:
{{{
/** Lowest value for DNS ttl that a server will give. */
#define MIN_DNS_TTL_AT_EXIT (5*60)
/** Highest value for DNS ttl that a server will give. */
#define MAX_DNS_TTL_AT_EXIT (60*60)
}}}
One possible and reasonable fix would be to instead increment time_inc by
MIN_DNS_TTL_AT_EXIT.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29617>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list