[tor-bugs] #33211 [Circumvention/Snowflake]: proxy-go sometimes gets into a 100+% CPU state

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 21 20:46:51 UTC 2020 

#33211: proxy-go sometimes gets into a 100+% CPU state
-------------------------------------+-----------------------------------
 Reporter:  dcf                      |          Owner:  (none)
     Type:  defect                   |         Status:  needs_information
 Priority:  Medium                   |      Milestone:
Component:  Circumvention/Snowflake  |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:                           |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+-----------------------------------

Comment (by cohosh):

 Looks like there's no way to set the DTLS ciphersuites from the API. I've
 attached a patch I used on pion/webrtc to set the ciphersuite to just
 `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`.

 The result was a huge improvement in performance. The CPU profile output
 is now:

 {{{
 (pprof) top --cum
 Showing nodes accounting for 1.94s, 27.09% of 7.16s total
 Dropped 182 nodes (cum <= 0.04s)
 Showing top 10 nodes out of 231
       flat  flat%   sum%        cum   cum%
          0     0%     0%      2.12s 29.61%  runtime.systemstack
      1.74s 24.30% 24.30%      1.74s 24.30%  runtime.futex
          0     0% 24.30%      1.29s 18.02%  runtime.mcall
      0.04s  0.56% 24.86%      1.23s 17.18%  runtime.schedule
          0     0% 24.86%      1.15s 16.06%  runtime.park_m
      0.02s  0.28% 25.14%      1.01s 14.11%  runtime.futexsleep
      0.05s   0.7% 25.84%      0.98s 13.69%  runtime.findrunnable
          0     0% 25.84%      0.93s 12.99%
 github.com/pion/sctp.(*Association).writeLoop
      0.09s  1.26% 27.09%      0.93s 12.99%  runtime.sysmon
          0     0% 27.09%      0.91s 12.71%  runtime.mstart
 }}}

 One client downloading a large file now takes 10-20% CPU as opposed to the
 ~50% before.

 It would be best for us to be able to set the ciphersuites in the API, so
 I'll file an issue with pion for that. I'll also file an issue to take a
 look at the performance of CCM and suggest using a more popular
 ciphersuite as the default.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33211#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list