#24902: Denial of Service mitigation subsystem -------------------------------------------------+------------------------- Reporter: dgoulet | Owner: dgoulet Type: enhancement | Status: | needs_review Priority: Very High | Milestone: Tor: | 0.3.3.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: ddos, tor-relay, review-group-30, | Actual Points: 029-backport, 031-backport, 032-backport | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by teor): Replying to [comment:29 arma]: > Replying to [comment:24 teor]: > > We could increase the cbtmintimeout consensus parameter to a really high value. (Which seemed to work well on my relays.) But the client's timeout would only stay high if almost all relays delayed almost all circuits created by these clients. > > No, I think the only way to get a higher timeout for establish- rendezvous attempts is if the user manually set their options->CircuitStreamTimeout. The code as you say is > {{{ > /* CIRCUIT_PURPOSE_C_ESTABLISH_REND behaves more like a RELAY cell. > * Use the stream cutoff (more or less). */ > SET_CUTOFF(stream_cutoff, MAX(options->CircuitStreamTimeout,15)*1000 + 1000); > }}} > which does not reference get_circuit_build_timeout_ms(). :( I was talking about dropping other types of cells earlier in circuit construction. Those purposes reference get_circuit_build_timeout_ms(). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24902#comment:30> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs