summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMike Perry <mikeperry-git@torproject.org>2019-02-21 01:34:55 +0000
committerNick Mathewson <nickm@torproject.org>2019-03-08 10:25:28 -0500
commitff410edec04793d6d72f9961acd2f13a5ee3b9b5 (patch)
treea18b7a54bc89ec1717fdaab14e36f69eccdbea43 /src
parentd9010c5b67a60e9f0b9051ba6597005e33e58266 (diff)
downloadtor-ff410edec04793d6d72f9961acd2f13a5ee3b9b5.tar.gz
tor-ff410edec04793d6d72f9961acd2f13a5ee3b9b5.zip
Bug 29204: Inspect circuit queues before sending padding.
Mitigates OOM conditions at relays.
Diffstat (limited to 'src')
-rw-r--r--src/core/or/circuitpadding.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c
index 0dadc52139..ba6bfe1f53 100644
--- a/src/core/or/circuitpadding.c
+++ b/src/core/or/circuitpadding.c
@@ -61,6 +61,7 @@
#include "core/or/crypt_path_st.h"
#include "core/or/circuit_st.h"
#include "core/or/origin_circuit_st.h"
+#include "core/or/or_circuit_st.h"
#include "feature/nodelist/routerstatus_st.h"
#include "feature/nodelist/node_st.h"
#include "core/or/cell_st.h"
@@ -81,6 +82,7 @@ static double circpad_distribution_sample(circpad_distribution_t dist);
/** Cached consensus params */
static uint8_t circpad_global_max_padding_percent;
static uint16_t circpad_global_allowed_cells;
+static uint16_t circpad_max_circ_queued_cells;
/** Global cell counts, for rate limiting */
static uint64_t circpad_global_padding_sent;
@@ -1027,10 +1029,17 @@ circpad_send_padding_cell_for_callback(circpad_machine_state_t *mi)
} else {
// If we're a non-origin circ, we can just send from here as if we're the
// edge.
- log_fn(LOG_INFO,LD_CIRC,
- "Callback: Sending padding to non-origin circuit.");
- relay_send_command_from_edge(0, mi->on_circ, RELAY_COMMAND_DROP, NULL,
- 0, NULL);
+ if (TO_OR_CIRCUIT(circ)->p_chan_cells.n <= circpad_max_circ_queued_cells) {
+ log_fn(LOG_INFO,LD_CIRC,
+ "Callback: Sending padding to non-origin circuit.");
+ relay_send_command_from_edge(0, mi->on_circ, RELAY_COMMAND_DROP, NULL,
+ 0, NULL);
+ } else {
+ static ratelim_t cell_lim = RATELIM_INIT(600);
+ log_fn_ratelim(&cell_lim,LOG_NOTICE,LD_CIRC,
+ "Too many cells (%d) in circ queue to send padding.",
+ TO_OR_CIRCUIT(circ)->p_chan_cells.n);
+ }
}
rep_hist_padding_count_write(PADDING_TYPE_DROP);
@@ -1093,6 +1102,10 @@ circpad_new_consensus_params(const networkstatus_t *ns)
circpad_global_max_padding_percent =
networkstatus_get_param(ns, "circpad_global_max_padding_pct",
0, 0, 100);
+
+ circpad_max_circ_queued_cells =
+ networkstatus_get_param(ns, "circpad_max_circ_queued_cells",
+ CIRCWINDOW_START_MAX, 0, 50*CIRCWINDOW_START_MAX);
}
/**