OOM DoS resistence measures from C tor
As part of our work on onion services in arti, we should provide some or all of the same OOM DoS mechanisms as used in C tor.
Subtasks:
- Memory DoS:
- Track memory consumption for each stream and circuit.
- Track total memory consumption for all streams and circuits.
- Track age of data on streams and circuits.
- Configure and/or guess a memory limit.
- Code to notice when we're low on memory and kill streams and circuits.
Outstanding work before calling this done for how
-
#1660 (closed) internal architecture docs improvements !2509 (merged) -
#1661 (closed) abolish separate StreamAccount !2505 (closed) -
#1659 (closed) avoid accidentally making untracked queues -
add to example config file -
compile it in by default (but disabled - no quota) !2569 (merged) -
whatever ad-hoc test we can manage (at least, check that the config works and the memquota system is engaged) -- enabled in shadow test in !2560 (merged) -
check that there are no TODO #351remaining in tree. Done.
References
- dos-spec.md
- tor-spec section 8.1
- The "sniper attack" paper by Jansen, Tschorsch, Johnson, and Scheuermann.
Edited by Ian Jackson