#24667: OOM needs to consider the DESTROY queued cells
------------------------------+----------------------------------------
Reporter: dgoulet | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-cell, tor-circuit, oom
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+----------------------------------------
Our OOM is only looking a the circuit queue cells and HS descriptors to
free up memory.
We need to teach it to cleanup DESTROY cells in case cleaning up the
circuits is not enough.
This isn't that trivial because while cleaning up circuits in the OOM
handler, we will also send DESTROY cells for those thus allocating memory.
But also not sending those will affects other relays hanging on dead
circuits.
All in all, this is an interesting challenge but there might be something
smart to do even if not perfect.
The idea here is to avoid an attack that takes advantage of a bug in tor
that can fill up the DESTROY cell queue and our OOM just can't do anything
about it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24667>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
