[tor-bugs] #18642 [Core Tor/Tor]: Teach the OOM handler about the DNS cache
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 17 00:47:21 UTC 2018
#18642: Teach the OOM handler about the DNS cache
-------------------------------------------------+-------------------------
Reporter: nickm | Owner: (none)
Type: enhancement | Status:
| needs_review
Priority: Medium | Milestone: Tor:
| 0.3.5.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-dos, oom, tor-relay, dns, 035 | Actual Points:
-triaged-in-20180711 |
Parent ID: | Points: 1
Reviewer: dgoulet | Sponsor:
| SponsorV-can
-------------------------------------------------+-------------------------
Comment (by teor):
Replying to [comment:23 dgoulet]:
> Replying to [comment:22 neel]:
> > If I have to make something, I am thinking about something like:
`OOMHandlerClearOnlyDNS (0/1)` where 0 is the default (run all OOM checks)
and 1 is to only run OOM on DNS (if you're an exit).
>
> Wait no, no need for that at all. What I was saying is that we should
only run that OOM handler in the case tor is running as an Exit and one
way to look at that is with `ExitRelay 1` global option ;).
That's not how ExitRelay works:
ExitRelay 0|1|auto
Tells Tor whether to run as an exit relay. If Tor is running as a non-
bridge server, and ExitRelay is set to 1, then Tor allows traffic to exit
according to the ExitPolicy option (or the default ExitPolicy if none is
specified).
If ExitRelay is set to 0, no traffic is allowed to exit, and the
ExitPolicy option is ignored.
If ExitRelay is set to "auto", then Tor behaves as if it were set to
1, but warns the user if this would cause traffic to exit. In a future
version, the default value will be 0. (Default: auto)
https://www.torproject.org/docs/tor-manual.html.en
Instead, try something like:
{{{
smartlist_t *exit_policy = router_get_my_routerinfo()->exit_policy;
if (!policy_is_reject_star(exit_policy, AF_INET) ||
!policy_is_reject_star(exit_policy, AF_INET6)) {
/* Run the OOM handler on DNS */
}
}}}
But that won't handle OOM when the operator has turned exiting off, but
used to have it on. So instead, maybe we should:
* always run the OOM handler on DNS
* check the approximate size of the DNS cache before running the OOM
handler on it, or
* set a flag when we run the OOM handler and we're not an exit, then clear
the flag when we become an exit.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18642#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list