[tor-relays] "Removed 1565259696 bytes by killing 1 circuits"

Roger Dingledine arma at mit.edu
Sat Oct 21 07:53:35 UTC 2017


On Fri, Oct 20, 2017 at 07:27:22PM -0400, tor wrote:
> In a relay's logs:
> 
> Oct 20 10:31:47 XXXXX Tor[YYYY]: We're low on memory.  Killing circuits with over-long queues. (This behavior is controlled by MaxMemInQueues.)
> Oct 20 10:32:11 XXXXX Tor[YYYY]: Removed 1565259696 bytes by killing 1 circuits; 40008 circuits remain alive. Also killed 0 non-linked directory connections.
> 
> Tor removed ~ 1565 MB by killing 1 circuit? Seems like that can't be right?

Intriguing!

I would believe that it could be right.

This situation can happen if something (a client or relay or website or
etc) requests a whole lot of bytes, and then stops reading on that socket.

The earlier version of that attack, where in the original version it
could take down the relay rather than give you this strange log message,
is written about here:
https://www.freehaven.net/anonbib/#sniper14
and Rob kindly wrote a more readable explanation here:
https://blog.torproject.org/new-tor-denial-service-attacks-and-defenses

Rob and I have an in-progress draft proposal for "authenticated sendme
cells" which would make it harder to queue up so many bytes -- but it
would only make the attack more complicated, which is not the same as
impossible, so I haven't managed to get excited about deploying it.

--Roger



More information about the tor-relays mailing list