Opened 3 years ago

Last modified 3 years ago

#24899 new enhancement

[feature request] Increase the limit on pending client circuits with the number of onion services

Reported by: yurivict271 Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, ddos-risk, 034-triage-20180328, 034-removed-20180328
Cc: Actual Points:
Parent ID: #24897 Points: 1
Reviewer: Sponsor:


I suggest to add a new torrc config variable:

MaxClientCircuitsPendingPerHS hsCircuitsPending

This will be in addition to the existing

MaxClientCircuitsPending staticCircuitsPending

The actual number of pending circuits then will be determined by the formula:

totalCircuitsPending = staticCircuitsPending + hsCircuitsPending*numHS

where numHS is the current number of hidden services.

This way, when the apps would open many hidden services, this will also increase the limit on pending circuits, and the possibility of running out of them will decrease.

Child Tickets

Change History (8)

comment:1 Changed 3 years ago by gk

Component: - Select a componentCore Tor

comment:2 Changed 3 years ago by teor

Keywords: tor-hs ddos-risk added
Milestone: Tor: 0.3.4.x-final
Points: 1

This feature increases the risk of network DDoS, we should choose the limits here with care.

comment:3 Changed 3 years ago by teor

Parent ID: #24897

comment:4 Changed 3 years ago by dgoulet

Component: Core TorCore Tor/Tor

comment:5 Changed 3 years ago by yurivict271

MaxClientCircuitsPendingPerHS should have a sensible default.

Additionally, "purpose" can be assigned to the limits, with MaxClientCircuitsPendingPerHS only allocating pending circuits to individual onions, and MaxClientCircuitsPending being shared between all uses.

comment:6 Changed 3 years ago by nickm

Keywords: 034-triage-20180328 added

comment:7 Changed 3 years ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:8 Changed 3 years ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

Note: See TracTickets for help on using tickets.