[tor-bugs] #24902 [Core Tor/Tor]: Denial of Service mitigation subsystem
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 12 00:29:55 UTC 2018
#24902: Denial of Service mitigation subsystem
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: dgoulet
Type: enhancement | Status:
| merge_ready
Priority: Very High | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: ddos, tor-relay, review-group-30, | Actual Points:
029-backport, 031-backport, 032-backport, |
review-group-31, SponsorV |
Parent ID: | Points:
Reviewer: arma | Sponsor:
-------------------------------------------------+-------------------------
Comment (by teor):
We've been testing this patch across 16 relays over the weekend. (And we
disabled all the statistics options, because at least two of them cause
massive RAM bloat.)
RAM usage is down to about a gigabyte per relay.
(Previously, it was up to 10 GB per relay.)
On our largest guard, consensus weight 10x,xxx, we have the following
heartbeat:
{{{
[notice] Heartbeat: Tor's uptime is x days xx:xx hours, with 25xxxx
circuits open. I've sent 57xx.xx GB and received 57xx.xx GB.
[notice] Circuit handshake stats since last time: 25xxxxx/25xxxxx TAP,
27xxxxxx/27xxxxxx NTor.
[notice] Since startup, we have initiated x v1 connections, x v2
connections, x v3 connections, and 41xxx v4 connections; and received x v1
connections, 44xxx v2 connections, 58xxx v3 connections, and 50xxxx v4
connections.
[notice] DoS mitigation since startup: 56xxxx circuits rejected, 2x marked
addresses. 0 connections closed. 24xx single hop clients refused.
}}}
I'm about to remove all our custom DoS mitigations, including the
firewall. I'll report back in a day or two on how that goes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:67>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list