Opened 5 years ago

Closed 5 years ago

#14261 closed defect (fixed)

Directory authority refuses vote fetch with "Too much data received from directory connection"

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-auth 025-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

My directory authority just failed to make a consensus this round, and its notice-level logs include:

Jan 17 13:52:31.570 [notice] We're missing votes from 8 authorities (14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 ED03BB616EB2F60BEC80151114BB25CEF515B226 585769C78764D58426B8B52B6651A5A71137189A 80550987E1D626E3EBA5E5E75A458DE0626D088C 49015F787433103580E3B66A1707A00E60F2D15B EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 23D15D965BC35114467363C165C4F724B64B4F66). Asking every other authority for a copy.
Jan 17 13:52:33.134 [warn] Too much data received from directory connection (154.35.32.5): denial of service attempt, or you need to upgrade?
Jan 17 13:52:34.187 [warn] Too much data received from directory connection (131.188.40.189): denial of service attempt, or you need to upgrade?
Jan 17 13:52:37.068 [warn] Too much data received from directory connection (194.109.206.212): denial of service attempt, or you need to upgrade?
Jan 17 13:52:38.146 [warn] Too much data received from directory connection (208.83.223.34): denial of service attempt, or you need to upgrade?
Jan 17 13:52:41.339 [warn] Too much data received from directory connection (86.59.21.38): denial of service attempt, or you need to upgrade?
Jan 17 13:52:44.722 [warn] Too much data received from directory connection (193.23.244.244): denial of service attempt, or you need to upgrade?
Jan 17 13:53:23.528 [warn] Too much data received from directory connection (171.25.193.9): denial of service attempt, or you need to upgrade?

It looks like our current limit of 10MB is too low for fetching all votes at once?

(I guess a second question is: did we really mean for Tor to ask for 10+ megabytes from each of 8 places in parallel?)

Child Tickets

Change History (3)

comment:1 Changed 5 years ago by nickm

Keywords: tor-auth added
Milestone: Tor: 0.2.6.x-finalTor: 0.2.5.x-final

waugh. That's pretty bad.

Is this compressed? Please tell me this is compressed.

I'm going to increase the limit to for now, to make sure it doesn't stop any more consensuses, but we need a better fix.

See branch "bug14261_025" for possible backport merge into 0.2.5. I've merged it into 0.2.6 and am marking this ticket for possible backport.

I've opened a ticket for a better fix as #14267 .

comment:2 Changed 5 years ago by nickm

Keywords: 025-backport added
Status: newneeds_review

comment:3 Changed 5 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Some authorities, I hear, are on 0.2.5 still. Better backport this one.

Note: See TracTickets for help on using tickets.