[tor-reports] Core Tor august work for sponsor U report

Fri, 07 Oct 2016 11:37:54 -0700 

Core Tor August 2016 report

anti-DoS work:

#8625 [1] Do not call networkstatus_reset_download_failures() hourly

    This problem was actually reported 4 years ago. It was found while 
searching about a bug reported in our consensus process.

    We identified that once an hour, we call 
router_reset_descriptor_download_failures, which calls 
networkstatus_reset_download_failures().

    Our download logic has a way to say "Try this once an hour": that's by 
having a download schedule with a one-hour interval. What this does is make us 
retry several times an hour, as if we had never failed before.

    When early this year we worked on #4483, we made consensus downloads more 
reliable by opening more connections. These extra connections made this issue 
more important to fix so we decided to pick it up as well.

    The work to fix it ended up being quite easy and what took longer was to 
actually test the fix. But we managed to do it as well, more information about 
the tests are on comments at the ticket for this issue.


#18640 [2] Use smarter algorithms to handle socket exhaustion

    This work aims to protect against a possible attack that could use socket 
exhaustion to create a DoS.

    Sockets probably account for most of the descriptor use in a running Tor 
process, but we should make the maximum socket count a little lower than the 
maximum number of descriptors so they can't block us from opening files.

    We created a basic plumbing to implement a MaxSockets config option and a 
stub connection_handle_oos() function called in the appropriate places. We also 
applied a simple sort heuristic to decide which connections are least harmful 
to kill analogous to OOM handling.


Improved public identity keys for Tor relays:

    We did a lot of work related to Proposal 220 [3] work, which is related to 
migrating server identity keys to Ed25519.

    * https://trac.torproject.org/projects/tor/ticket/13752
    * https://trac.torproject.org/projects/tor/ticket/19155
    * https://trac.torproject.org/projects/tor/ticket/19156
    * https://trac.torproject.org/projects/tor/ticket/19157
    * https://trac.torproject.org/projects/tor/ticket/19158
    * https://trac.torproject.org/projects/tor/ticket/19160

Miscellaneous, related to improved public identity keys:

#15087 [4]     Small patch to give consistent behavior to how our certificate 
API checks expiration date. 


[1] https://trac.torproject.org/projects/tor/ticket/8625    
[2] https://trac.torproject.org/projects/tor/ticket/18640
[3] 
https://github.com/torproject/torspec/blob/master/proposals/220-ecc-id-keys.txt
[ ] https://trac.torproject.org/projects/tor/ticket/15087
_______________________________________________
tor-reports mailing list
tor-reports@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports














    











					Reply via email to