Re: [tor-relays] tor-relays Digest, 3 questions on torcc file

I got a couple of question to ask on the torrc file and I hope one of you will direct me.

Ok here we go. I got it working as a relay which i can see in the terminal. I just started so it is still testing bandwidth. but this is not my questions

1. on line 18 of mine it is about Socks. I was reading in the man pages on this. It was #Socksport 9050. Per the man pages I took out the comment and placed as "+" per the page. So now it is +SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections.

Ok, lines 37-44

## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
#Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr

at one time I had the 2nd one uncommented and I did get a log file in the /var/tor/log file. I'm not running the tor-browser pkg I am just running tor thru the terminal to be straight.

If I would run the say tor-browser pkg from synaptic and I do have installed, but I just cant tell for sure if the relay is working that way. This way in terminal I can but also can not use the browser.

Should I have the 2nd one uncommented?

Lines 55-61 I do have the ControlPort uncommented and it does show it connects to all ports. Took me a bit to get the partitions active thru the modem/router. Never had to do that before. I just used the standard ports that it had on it till the other day.

line 57 like i said I have uncommented and also line 61 for the hash control.

ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
HashedControlPassword

OrPort is uncommented and set to the port line 84.

on line 109 it is speaking of the bandwidth I have it uncommented

RelayBandwidthRate 100 KBytes #Throttle traffic to 100KB/s (800Kbps)
#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)

This one here blows my mind. Lines 103-122 what throws me in the terminal it shows its in hibernation

Here this from the torrc file not to throw anyone off.

## Define these to limit how much relayed traffic you will allow. Your
## own traffic is still unthrottled. Note that RelayBandwidthRate must
## be at least 20 kilobytes per second.
## Note that units for these config options are bytes (per second), not
## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,
## 2^20, etc.
RelayBandwidthRate 100 KBytes #Throttle traffic to 100KB/s (800Kbps)
#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)

## Use these to restrict the maximum traffic per day, week, or month.
## Note that this threshold applies separately to sent and received bytes,
## not to their sum: setting "40 GB" may allow up to 80 GB total before
## hibernating.
##
## Set a maximum of 40 gigabytes each way per period.
line 118 AccountingMax 20 GBytes
## Each period starts daily at midnight (AccountingMax is per day)
line 120 AccountingStart day 00:00
## Each period starts on the 3rd of the month at 15:00 (AccountingMax
## is per month)
#AccountingStart month 3 15:00

line 118 You see i have mine set at 20G. but it was at 40GB "is that a good setting?

line 120 what do you do with that one?

DirPort i do not have uncommented for a caution from the man page.

lines 186-190

#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more
#ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy
#ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy
#ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy
line 190 ExitPolicy reject *:25 #no exits allowed

The man pages suggested that number

This is from my Terminal

If you do want to run an exit Relay, please set the ExitRelay option to 1 to disable this warning, and for forward compatibility.

I am a little foggy on that one. Can someone please set me straight on my questions?

tks

-db-

Sent: Saturday, September 03, 2016 at 12:07 PM
From: tor-relays-request@xxxxxxxxxxxxxxxxxxxx
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: tor-relays Digest, Vol 68, Issue 10

Send tor-relays mailing list submissions to
tor-relays@xxxxxxxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
or, via email, send a message with subject or body 'help' to
tor-relays-request@xxxxxxxxxxxxxxxxxxxx

You can reach the person managing the list at
tor-relays-owner@xxxxxxxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of tor-relays digest..."

Today's Topics:

1. Re: Why can't I see more traffic? (is my banana too weak?) (Aeris)
2. Re: Why can't I see more traffic? (is my banana too weak?)
(Roman Mamedov)
3. Re: Why can't I see more traffic? (is my banana too weak?)
(Logforme)
4. Re: Why can't I see more traffic? (is my banana too weak?) (Aeris)

----------------------------------------------------------------------

Message: 1
Date: Sat, 03 Sep 2016 17:05:38 +0200
From: Aeris <aeris+tor@xxxxxxxxxx>
To: Farid Joubbi <joubbi@xxxxxx>
Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Why can't I see more traffic? (is my banana
too weak?)
Message-ID: <3248493.tyuSCxODC6@home>
Content-Type: text/plain; charset="utf-8"

> Could it be that it is due to the quite slow hardware, even though I know
> that it is able to push more traffic?

I notice too your relay got the guard flag very recently. So your relay is
currently probably not at full capacity and rather at a low one (relay usage
drops at guard flag assignment).
You have to wait 60 days from your guard flag to reach this point.

See https://blog.torproject.org/blog/lifecycle-of-a-new-relay, you’re
currently at the beginning of the 3rd phase.

<3,
--
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160903/b1ce48da/attachment-0001.sig>

------------------------------

Message: 2
Date: Sat, 3 Sep 2016 20:14:08 +0500
From: Roman Mamedov <rm@xxxxxxxxxxx>
To: Aeris <aeris+tor@xxxxxxxxxx>
Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx, Farid Joubbi <joubbi@xxxxxx>
Subject: Re: [tor-relays] Why can't I see more traffic? (is my banana
too weak?)
Message-ID: <20160903201408.178d30dc@natsu>
Content-Type: text/plain; charset="utf-8"

On Sat, 03 Sep 2016 16:53:25 +0200
Aeris <aeris+tor@xxxxxxxxxx> wrote:

> > Could it be that it is due to the quite slow hardware, even though I know
> > that it is able to push more traffic?
>
> Yep, surely.
>
> You currently push 3Mbps of traffic, which is correct for this kind of hardware.
> All "cheap" hardware (raspi, banana, olimex, pine…) suffer of the fact they
> don’t have crypto hardware acceleration and do software encryption. And so is
> very slow (10-100× factor) even compared to low end amd64 CPU with AES-NI
> extension.

According to 'openssl speed aes-128-cbc' the Allwinner A20 CPU in Banana Pro is
capable of about 25 MBytes/sec in AES performance. While that won't translate
1:1 into Tor performance, as Farid noted in his case the CPU isn't being a
bottleneck, with only 10-20% CPU load observed.

@Farid,

> According to top the CPU hovers around 10-20% most of the time.

I wonder is it 20% across both cores, which could be 40% of one core (since
Tor is not multithreaded enough), and at least somewhat closer to not being
practically idle. Can you launch 'top' and press '1' there to check?

Also seems unclear why it didn't get the guard flag for so long, does your
public IP address change from time to time? Or do you turn the relay off and
on for whatever reason.

--
With respect,
Roman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160903/3472ab60/attachment-0001.sig>

------------------------------

Message: 3
Date: Sat, 03 Sep 2016 15:37:54 +0000
From: Logforme <m7527@xxxxxx>
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Why can't I see more traffic? (is my banana
too weak?)
Message-ID: <em4b0fc087-63e2-4672-be99-28f2687390a1@mats-win7>
Content-Type: text/plain; charset="utf-8"; Format="flowed"

Looking at Atlas your relay advertises 2.45 MB/s which is quite low for
a 100Mbit connection: 2.45 MByte x 8 = 19.6 MbitWhat value do you have
in your torrc? For a 100mbit connection it should be at least:
BandwidthRate 12 MB

------ Originalmeddelande ------
Från: "Roman Mamedov" <rm@xxxxxxxxxxx>
Till: "Aeris" <aeris+tor@xxxxxxxxxx>
Kopia: tor-relays@xxxxxxxxxxxxxxxxxxxx; "Farid Joubbi" <joubbi@xxxxxx>
Skickat: 2016-09-03 17:14:08
Ämne: Re: [tor-relays] Why can't I see more traffic? (is my banana too
weak?)

>On Sat, 03 Sep 2016 16:53:25 +0200
>Aeris <aeris+tor@xxxxxxxxxx> wrote:
>
>> > Could it be that it is due to the quite slow hardware, even though
>>I know
>> > that it is able to push more traffic?
>>
>> Yep, surely.
>>
>> You currently push 3Mbps of traffic, which is correct for this kind
>>of hardware.
>> All "cheap" hardware (raspi, banana, olimex, pine…) suffer of the
>>fact they
>> don’t have crypto hardware acceleration and do software encryption.
>>And so is
>> very slow (10-100× factor) even compared to low end amd64 CPU with
>>AES-NI
>> extension.
>
>According to 'openssl speed aes-128-cbc' the Allwinner A20 CPU in
>Banana Pro is
>capable of about 25 MBytes/sec in AES performance. While that won't
>translate
>1:1 into Tor performance, as Farid noted in his case the CPU isn't
>being a
>bottleneck, with only 10-20% CPU load observed.
>
>@Farid,
>
>> According to top the CPU hovers around 10-20% most of the time.
>
>I wonder is it 20% across both cores, which could be 40% of one core
>(since
>Tor is not multithreaded enough), and at least somewhat closer to not
>being
>practically idle. Can you launch 'top' and press '1' there to check?
>
>Also seems unclear why it didn't get the guard flag for so long, does
>your
>public IP address change from time to time? Or do you turn the relay
>off and
>on for whatever reason.
>
>--
>With respect,
>Roman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160903/4b9daf12/attachment-0001.html>

------------------------------

Message: 4
Date: Sat, 03 Sep 2016 18:06:59 +0200
From: Aeris <aeris+tor@xxxxxxxxxx>
To: Roman Mamedov <rm@xxxxxxxxxxx>
Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx, Farid Joubbi <joubbi@xxxxxx>
Subject: Re: [tor-relays] Why can't I see more traffic? (is my banana
too weak?)
Message-ID: <4817647.aCTGf0bmfv@home>
Content-Type: text/plain; charset="utf-8"

> According to 'openssl speed aes-128-cbc' the Allwinner A20 CPU in Banana Pro
> is capable of about 25 MBytes/sec in AES performance. While that won't
> translate 1:1 into Tor performance, as Farid noted in his case the CPU
> isn't being a bottleneck, with only 10-20% CPU load observed.

I don’t understand very well this fact, but CPU can be the bottleneck even if
load or CPU usage not at full capacity.

One of my Tor guard relay have the same CPU behaviour (see screenshot
enclosed).
2 instances at 50-60% CPU usage (as reported by htop), load around 0.70-0.80
(4 cores), RAM at 20% (400MB/2GB) but bandwidth not saturated (20Mbps only on
a 200Mbps line).
Perhaps because of the multiple changes of context (AES crypto, Tor software
logic, network IO…) and so a lot of wait/IRQ (as visible on the screen) and
not a fully used CPU.

> Also seems unclear why it didn't get the guard flag for so long, does your
> public IP address change from time to time? Or do you turn the relay off and
> on for whatever reason.

Perhaps a low bandwidth ?
Babylonian seems to be on the lower part of guard relay (2146/2313), possible
it hadn’t enough bandwith before end of august to get guard flags ?
Only the 25% fastest relays can get the guard flag. Today it’s around 2.5 MBps
advertised / 1MBps measured. Babylonian is just at the limit (2.45MBps
advertised, 600kBps measured).

<3,
--
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: screen.png
Type: image/png
Size: 27289 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160903/68dda35b/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160903/68dda35b/attachment.sig>

------------------------------

Subject: Digest Footer

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

------------------------------

End of tor-relays Digest, Vol 68, Issue 10
******************************************