Opened 7 years ago

Last modified 15 months ago

#5457 new defect

Bw auths don't count circuit failures in descriptor mode

Reported by: mikeperry Owned by: mikeperry
Priority: Medium Milestone:
Component: Core Tor/Torflow Version:
Severity: Normal Keywords:
Cc: aagbsn@… Actual Points:
Parent ID: #5456 Points:
Reviewer: Sponsor:

Description

When we are using descriptor bandwidth (ie no feedback), we are unable to properly use circuit failure statistics to penalize nodes that are either attempting path bias, or are just experiencing CPU overload.

The fix *should* be simple. I think we just need to add another clause in aggregate.py where we check for use_circ_fails to also check for use_desc_bw and properly combine the pid_error and circ_error for that case (perhaps just by multiplying them).

Child Tickets

Change History (6)

comment:1 Changed 6 years ago by mikeperry

Summary: Bw auths can't count circuit failures properly in compatibility modeBw auths don't count circuit failures in descriptor mode

#7023 is a dup of this.

comment:2 Changed 6 years ago by mikeperry

The circuit failure rate of the network appears to vary wildly. It also seems that it doesn't take much to push nodes into CPU overload. This is rather concerning, as it seems to indicate that measuring for CPU overload is very prone to DoS attacks designed to demote certain nodes from high bandwidth rankings.

We might not want to rush into this fix... :/

comment:3 Changed 4 years ago by aagbsn

Cc: aagbsn@… added

comment:4 Changed 15 months ago by teor

Severity: Blocker

We probably won't implement this in torflow, see #13630 for a replacement.

comment:5 Changed 15 months ago by teor

Severity: BlockerNormal

comment:6 Changed 15 months ago by teor

Priority: HighMedium

Priorities and Severities in torflow are meaningless, setting them all to Medium/Normal.

Note: See TracTickets for help on using tickets.