[tor-relays] «Possible compression bomb» from Authority?

Hi there,

today I found this warning in the log of my relay
(6A7551EEE18F78A9813096E82BF84F740D32B911):

Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning stream.
Jun 03 04:04:33.000 [warn] Unable to decompress HTTP body (tried
Zstandard compressed, on Directory connection (client reading) with
199.58.81.140:80).

What does this mean?

Regards

A simple log message that the tord didn't unpack a Zip Bomp. DDOS protection
in the Tor software I believe.

Hi

Jun 03 04:04:33.000 [warn] Possible compression bomb; abandoning
stream. Jun 03 04:04:33.000 [warn] Unable to decompress HTTP body
(tried Zstandard compressed, on Directory connection (client reading)
with 199.58.81.140:80).

We see the compression bomb warning from time to time

The address seems to be longclaw. Interestingly it's the dirport that
ie requested. I thought the dirport is no longer in use - do the
authorities still offer it?

Hi,

I get these warnings from time to time too. I believe they are rather
benign, though I wonder how a document with a 25:1 compression ratio
can happen in practice.

Interestingly it's the dirport that
ie requested. I thought the dirport is no longer in use - do the
authorities still offer it?

Authorities still provide a dirport, and relays are supposed to use it
over a tunneled directory request. I believe some authority operators
put varnish (or some other caching reverse-proxy) in front of their
dirport, to limit the load of serving those files. At the very least,
it reduces the amount of crypto required (none vs an OR connection),
for data which is already public and signed anyway.