[tor-bugs] #25226 [Core Tor/Tor]: Circuit cell queue can fill up memory
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 20 14:34:22 UTC 2018
#25226: Circuit cell queue can fill up memory
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: dgoulet
Type: defect | Status:
| assigned
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-cell, tor-relay, tor-dos, | Actual Points:
033-must, review-group-34, security, |
033-triage-20180320, 033-included-20180320 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by dgoulet):
This has been discussed at the Rome meeting with arma and Robjansen.
The gist is that tor does keep a rolling count of circuit level SENDMEs at
each hop on the circuit because the tor protocol allow the client to exit
at any hop on the circuit.
However, normal circumstances, it is end-to-end from client to Exit.
Considering a the top limit of 8 hops per circuits, the circuit cell queue
should be at most 8000 cells (circ window start * 8 hops).
I'll submit a new version of the branch for this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25226#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list