[tor-dev] Onion DoS: Killing rendezvous circuits over the application layer

Nick Mathewson nickm at torproject.org
Mon Dec 2 16:05:54 UTC 2019


On Mon, Dec 2, 2019 at 9:16 AM George Kadianakis <desnacked at riseup.net> wrote:

> However, IMO the right way to do this feature, would be to improve the control
> port code and design so that it doesn't get so overwhelmed by multiple
> events. That said, I'm not sure exactly what kind of changes we would have to
> do to the control port to actually make it a viable option, and it seems to me
> like a pretty big project that serves as a medium-term to long-term solution
> (which we have no resources to pursue right now), whereas the hack of this
> thread is more of a short-term solution.

I think I agree with you here about this part.

A quick question that might help us: _why_ is the control port code
slow in this case?  Is the problem that a bunch of events are queued,
and that keeps the controller from getting events that it needs?  Or
that the control port doesn't listen for incoming commands until the
events are flushed (seems unlikely to me)?  Or that a bunch of events
are queued, and that keeps the controller from getting the ACK for its
close command?    Or something else?

For some of these cases, there might be a quick workaround in just
having the controller open two connections: one for bulk and one for
low-latency.

-- 
Nick


More information about the tor-dev mailing list