Skip to content

dos: Avoid blacklisting Exit relays

It is possible to do "tor-in-tor" meaning a tor client connection can exit the network and come back at a Guard node.

And if this happens to be detected by the DoS subsystem, we'll blacklist the Exit relay for a while. That is NOT good.

Now that we have legacy/trac#25183 (moved), we can lookup the inbound address to learn if we know it. And if we do, don't consider it a potential malicious client that we need to look at.

That is one part of the solution, the second part is legacy/trac#2667 (moved) so we actually prevent reentry from Exit but that part won't be backported just yet (if ever).

This work will be part of legacy/trac#24902 (moved) so once merge_ready, it will be merged into my branch ticket24902_029_05.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information