[tor-bugs] #25226 [Core Tor/Tor]: Circuit cell queue can fill up memory
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 12 21:15:05 UTC 2018
#25226: Circuit cell queue can fill up memory
------------------------------+------------------------------------------
Reporter: dgoulet | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-cell, tor-relay, tor-dos
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+------------------------------------------
A relay operator just reported this on 0.3.3.2-alpha:
https://lists.torproject.org/pipermail/tor-
relays/2018-February/014496.html
In a nutshell, the OOM fired up with these logs:
{{{
Feb 12 18:54:55 tornode2 Tor[6362]: We're low on memory (cell queues total
alloc: 1602579792 buffer total alloc: 1388544, tor compress total alloc:
1586784 rendezvous cache total alloc: 489909). Killing circuits withover-
long queues. (This behavior is controlled by MaxMemInQueues.)
Feb 12 18:54:56 tornode2 Tor[6362]: Removed 1599323088 bytes by killing 1
circuits; 39546 circuits remain alive. Also killed 0 non-linked directory
connections.
}}}
Notice the ~1GB of cells for one single circuit? Somehow, there is an
issue in tor that makes it possible to fill up the circuit cell queue
while the scheduler is just not emptying that queue.
This really looks like the Sniper Attack:
http://www.robgjansen.com/publications/sniper-ndss2014.pdf
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25226>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list