Bug 29204: Inspect circuit queues before sending padding.

Mitigates OOM conditions at relays.
This commit is contained in:
Mike Perry 2019-02-21 01:34:55 +00:00 committed by Nick Mathewson
parent d9010c5b67
commit ff410edec0
2 changed files with 21 additions and 4 deletions

4
changes/bug29204 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (circuitpadding):
- Inspect circuit-level cell queue before sending padding, to avoid
sending padding while too much data is queued. Fixes bug 29204;
bugfix on 0.4.0.1-alpha.

View File

@ -61,6 +61,7 @@
#include "core/or/crypt_path_st.h" #include "core/or/crypt_path_st.h"
#include "core/or/circuit_st.h" #include "core/or/circuit_st.h"
#include "core/or/origin_circuit_st.h" #include "core/or/origin_circuit_st.h"
#include "core/or/or_circuit_st.h"
#include "feature/nodelist/routerstatus_st.h" #include "feature/nodelist/routerstatus_st.h"
#include "feature/nodelist/node_st.h" #include "feature/nodelist/node_st.h"
#include "core/or/cell_st.h" #include "core/or/cell_st.h"
@ -81,6 +82,7 @@ static double circpad_distribution_sample(circpad_distribution_t dist);
/** Cached consensus params */ /** Cached consensus params */
static uint8_t circpad_global_max_padding_percent; static uint8_t circpad_global_max_padding_percent;
static uint16_t circpad_global_allowed_cells; static uint16_t circpad_global_allowed_cells;
static uint16_t circpad_max_circ_queued_cells;
/** Global cell counts, for rate limiting */ /** Global cell counts, for rate limiting */
static uint64_t circpad_global_padding_sent; static uint64_t circpad_global_padding_sent;
@ -1027,10 +1029,17 @@ circpad_send_padding_cell_for_callback(circpad_machine_state_t *mi)
} else { } else {
// If we're a non-origin circ, we can just send from here as if we're the // If we're a non-origin circ, we can just send from here as if we're the
// edge. // edge.
log_fn(LOG_INFO,LD_CIRC, if (TO_OR_CIRCUIT(circ)->p_chan_cells.n <= circpad_max_circ_queued_cells) {
"Callback: Sending padding to non-origin circuit."); log_fn(LOG_INFO,LD_CIRC,
relay_send_command_from_edge(0, mi->on_circ, RELAY_COMMAND_DROP, NULL, "Callback: Sending padding to non-origin circuit.");
0, NULL); relay_send_command_from_edge(0, mi->on_circ, RELAY_COMMAND_DROP, NULL,
0, NULL);
} else {
static ratelim_t cell_lim = RATELIM_INIT(600);
log_fn_ratelim(&cell_lim,LOG_NOTICE,LD_CIRC,
"Too many cells (%d) in circ queue to send padding.",
TO_OR_CIRCUIT(circ)->p_chan_cells.n);
}
} }
rep_hist_padding_count_write(PADDING_TYPE_DROP); rep_hist_padding_count_write(PADDING_TYPE_DROP);
@ -1093,6 +1102,10 @@ circpad_new_consensus_params(const networkstatus_t *ns)
circpad_global_max_padding_percent = circpad_global_max_padding_percent =
networkstatus_get_param(ns, "circpad_global_max_padding_pct", networkstatus_get_param(ns, "circpad_global_max_padding_pct",
0, 0, 100); 0, 0, 100);
circpad_max_circ_queued_cells =
networkstatus_get_param(ns, "circpad_max_circ_queued_cells",
CIRCWINDOW_START_MAX, 0, 50*CIRCWINDOW_START_MAX);
} }
/** /**