[tor-bugs] #32794 [Core Tor/Tor]: improve OOS (out-of-sockets) handler victim selection and more

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 7 02:19:53 UTC 2020


#32794: improve OOS (out-of-sockets) handler victim selection and more
--------------------------+------------------------------------
 Reporter:  starlight     |          Owner:  (none)
     Type:  defect        |         Status:  needs_review
 Priority:  Medium        |      Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.4.2.5
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:  nickm         |        Sponsor:
--------------------------+------------------------------------

Comment (by starlight):

 Replying to [comment:3 nickm]:
 > Is that right?  If so, I wonder if there is some way that attacker can
 exploit this by making a bunch of directory connections, if our directory
 port is open.  Maybe we should consider CONN_TYPE_DIR as well.

 Good point.  I could rework it to sort OR-OR connections to a low priority
 band, the rest in a high band without excluding any category except
 listeners.  Connection age sort within bands.  Open to your thoughts on
 this.

 > I also wonder if the attacker can reduce our number of available sockets
 by simply attempting a socket exhaustion attack.  We'll kill off some of
 their connections, but we won't kill them all.  If the attacker preserves
 the ones that we don't kill, they will always survive instead of any newer
 connections that we receive in the future.  Can we do any better than
 this?

 Have further work where underlying circuits are killed rather than
 connections.  Do you see that as improving this issue?  And dynamic
 configuration of the limits for threshold min, max and soft nofiles.

 > (Once we're in agreement here, we should describe the algorithm we want
 to follow in a patch to tor-spec.txt, so that the correct behavior is
 documented.)

 sure!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32794#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list