Ticket #24797: b24797-001.patch

File b24797-001.patch, 4.3 KB (added by neel, 3 years ago)

Patch (Revision 1)

  • new file changes/ticket24797

    From abf8aa5d4ebb71fe545cdfe60f5bdb683fa0ff9c Mon Sep 17 00:00:00 2001
    From: Neel Chauhan <neel@neelc.org>
    Date: Sun, 15 Apr 2018 16:17:40 -0400
    Subject: [PATCH] Add MaxSockets option
    
    ---
     changes/ticket24797 |  7 +++++++
     doc/tor.1.txt       |  7 +++++++
     src/or/config.c     | 20 ++++++++++++++++++++
     src/or/or.h         |  1 +
     4 files changed, 35 insertions(+)
     create mode 100644 changes/ticket24797
    
    diff --git a/changes/ticket24797 b/changes/ticket24797
    new file mode 100644
    index 000000000..7cee6ce3c
    - +  
     1  o Minor features (DoS mitigation):
     2    - Implement an option, MaxSockets, to allow a user to specify the
     3      maximum number of file descriptors Tor can use. This helps with
     4      both DoS migitation and servers with multiple Tor instances where
     5      in both circumstances it would be desirable to limit the number
     6      of file descriptors Tor can use. Closes ticket 24797. Patch by
     7      Neel Chauhan.
  • doc/tor.1.txt

    diff --git a/doc/tor.1.txt b/doc/tor.1.txt
    index 95620a334..86a4e0344 100644
    a b GENERAL OPTIONS 
    306306    You probably don't need to adjust this. It has no effect on Windows
    307307    since that platform lacks getrlimit(). (Default: 1000)
    308308
     309[[MaxSockets]] **MaxSockets** __NUM__::
     310    The maximum number of file descriptors that Tor will use. If set to 0,
     311    Tor will ask the OS for as many file descriptors as the OS will allow.
     312    If the number of file descriptors is lower than MaxSockets, Tor will
     313    refuse to start. This option requires that DisableOOSCheck is set to 0.
     314    (Default: 1000)
     315
    309316[[DisableNetwork]] **DisableNetwork** **0**|**1**::
    310317    When this option is set, we don't listen for or accept any connections
    311318    other than controller connections, and we close (and don't reattempt)
  • src/or/config.c

    diff --git a/src/or/config.c b/src/or/config.c
    index 206274cd3..702c91422 100644
    a b static config_var_t option_vars_[] = { 
    442442  VAR("MaxMemInQueues",          MEMUNIT,   MaxMemInQueues_raw, "0"),
    443443  OBSOLETE("MaxOnionsPending"),
    444444  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
     445  V(MaxSockets,                  UINT,     "0"),
    445446  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
    446447  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
    447448  VAR("MyFamily",                LINELIST, MyFamily_lines,       NULL),
    options_act_reversible(const or_options_t *old_options, char **msg) 
    14081409      options->ConnLimit_ = old_options->ConnLimit_;
    14091410    }
    14101411
     1412    /* Set the maximum number of sockets if specified. If we specified more
     1413     * sockets than are available, fail. */
     1414    if (options->MaxSockets) {
     1415      if (options->MaxSockets < options->ConnLimit_)
     1416        options->ConnLimit_ = options->MaxSockets;
     1417      else {
     1418        tor_asprintf(msg, "We need %d file descriptors available, and "
     1419                    "we're limited to %d. Please change your ulimit -n.",
     1420                    options->MaxSockets, options->ConnLimit_);
     1421        goto rollback;
     1422      }
     1423    }
     1424
    14111425    /* Set up libevent.  (We need to do this before we can register the
    14121426     * listeners as listeners.) */
    14131427    if (running_tor && !libevent_initialized) {
    options_validate(or_options_t *old_options, or_options_t *options, 
    35093523    return -1;
    35103524  }
    35113525
     3526  if (options->MaxSockets && options->DisableOOSCheck) {
     3527    tor_asprintf(msg, "You cannot set both MaxSockets and DisableOOSCheck. "
     3528                 "Please set DisableOOSCheck to 0.");
     3529    return -1;
     3530  }
     3531
    35123532  if (options->PathsNeededToBuildCircuits >= 0.0) {
    35133533    if (options->PathsNeededToBuildCircuits < 0.25) {
    35143534      log_warn(LD_CONFIG, "PathsNeededToBuildCircuits is too low. Increasing "
  • src/or/or.h

    diff --git a/src/or/or.h b/src/or/or.h
    index c0e1ffff4..4e99c15af 100644
    a b typedef struct { 
    39053905                              *   have this many. */
    39063906  int ConnLimit_low_thresh; /**< try to get down to here after socket
    39073907                             *   exhaustion. */
     3908  int MaxSockets; /**< Demanded maximum number of simultaneous connections. */
    39083909  int RunAsDaemon; /**< If true, run in the background. (Unix only) */
    39093910  int FascistFirewall; /**< Whether to prefer ORs reachable on open ports. */
    39103911  smartlist_t *FirewallPorts; /**< Which ports our firewall allows