Bug 29204: Inspect circuit queues before sending padding. #719
Conversation
Mitigates OOM conditions at relays.
| "Callback: Sending padding to non-origin circuit."); | ||
| relay_send_command_from_edge(0, mi->on_circ, RELAY_COMMAND_DROP, NULL, | ||
| 0, NULL); | ||
| if (TO_OR_CIRCUIT(circ)->p_chan_cells.n <= circpad_max_circ_queued_cells) { |
I don't think this will work as expected. I think the problem is more on the outbuf side. If none of the cells go on the wire but we keep queuing padding cells directly in the outbuf, we'll ultimately fill it.
The above will keep sending those cells as long as the circuit queue has not too many cells but that won't work because the bloating in this case happens at the outbuf level.
Furthermore, the circuit cell queues already have a max check (in append_cell_to_circuit_queue()):
if (PREDICT_UNLIKELY(queue->n >= max_circuit_cell_queue_size)) {
I think to fix this, we need a way to ask the channel "can you write on the wire?" and if no, we do not queue anything and if yes, we check if the circuit queue and outbuf have stuff. If yes, I'm guessing do not send padding... (Not entirely sure about this because in between traffic pattern you might want to send padding especially for quiet circuit even though everything is still in the outbuf?)
Then you might want to couple the above with a "last cell emitted timestamp" to have some max threshold when you definitely stop?...
Also, the TROVE we just got in tor today makes it that KIST now considers the outbuf size in order to make a decision if there is enough space to flush cells from the circuit queue.
If the circuit padding subsystem does send the padding cell through the circuit queue, then we might be fine here. If it writes it directly into the outbuf, then problem.
Pull Request Test Coverage Report for Build 4113
|
Remove stray flag update. (not clear it is needed anyway).
Mitigates OOM conditions at relays.
The text was updated successfully, but these errors were encountered: