[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: opening up (exit policy) a bit ...

To: John Case <case@xxxxxxxxxxxxxxxx>, or-talk@xxxxxxxxxxxxx
Subject: Re: opening up (exit policy) a bit ...
From: Scott Bennett <bennett@xxxxxxxxxx>
Date: Sat, 8 May 2010 19:00:45 -0500 (CDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 08 May 2010 20:02:38 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

     On Sat, 8 May 2010 22:49:26 +0000 (UTC) John Case <case@xxxxxxxxxxxxxxxx>
>On Sat, 8 May 2010, Mike Perry wrote:
>
>>> This means that your non-Exit flagged node will be weighted like an
>>> Exit flagged node for the exit position, but will be weighted as if
>>> you were a non-scarce middle or guard node for the other positions.
>>>
>>> In sort, you would in theory get slightly more total load than if you
>>> were an actual Exit.
>>
>> On second thought, this is not fully correct. You will in theory get
>> slightly more load than if you were just a Guard/Middle node. Since we
>> do not currently balance among different exit port classes, you might
>> still get less load than a full-on Exit when Exits are scarce, because
>> 80 might not carry that much traffic in terms of bytes as other ports.
>>
>> Not an easy question to answer in either case. Having good answers to
>> these questions might help us refine our load balancing algoriths
>> further.
>
>
>Thanks.  So, it's hard to say, but I can assume there will be significant 
>exit traffic, even with just one TCP port valid for exit...
>
>I suppose I could see the ratio of actual connections by simply running 
>'netstat', yes ?  If my orport and dirport are 9001/9030, and I am 
>allowing port 80 exit, then all netstat connections showing port 80 are 
>exit connections, so I could (roughly) calculate these numbers myself, 
>right ?

     No, not really.  That method does not distinguish between connections
going to actual web servers and connections going to other tor relays that
listen on 80 as their ORPort or DirPort, of which there are quite a few.
You would need to compare each address and port number with the addresses
and port numbers listed in the directory to determine which case you were
seeing.  Also, netstat doesn't tell you whether your system connected to
the other end or vice versa.  pftop(8) does identify connections as being
inbound (I) or outbound (O), but if you don't have pf(4) support on your
system (OpenBSD and FreeBSD only, I think), then you don't have pftop
available.  I don't know what similar tools may be available for use with
other systems.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Prev by Author: Re: Using tor as proxy for the command line
Next by Author: Re: why is the traffic not more linear?
Previous by thread: Re: opening up (exit policy) a bit ...
Next by thread: Re: Polipo question
Index(es):
- Author
- Thread