[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Turning off a server
- To: or-dev@xxxxxxxxxxxxx, "Nick Mathewson" <nickm@xxxxxxxxxxxxx>
- Subject: Re: Turning off a server
- From: "Michael_google gmail_Gersten" <keybounce@xxxxxxxxx>
- Date: Mon, 1 Oct 2007 16:31:20 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-dev-outgoing@xxxxxxxx
- Delivered-to: or-dev@xxxxxxxx
- Delivery-date: Mon, 01 Oct 2007 19:31:28 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=Ee+C42sV6jIw7gTjXyraQflVEDLvsXEIU7Pucx5dVVY=; b=Bj6YxRgyUsDyRNlJ5xM3VwgWHX13BwyNtndHrZFPgHwoOGu5S7I13wR78GavWQhZiQg1GJaCe9SSQkSIpRPVu4AJ95CrY9ATGhXZDVYASjDdaDZU/2GmbBYekr9wAreVv0ceZmh/APr75GD9IkFqMIySD9vLPKouNeeBN/N+l14=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=tI7jGFQmV3ubKGe151FPFt1ttmda6q86SKJDHwuTKmPh75TD3TWS98IJxukr7shOUBOQsb0Q29+tGi7gRAHMe/y0LSCBvYnrgJIPgr9xUgK3larpxHqXow4cfL0U9Li4TXAwiA099HmKMzOpK5PmmI2lZqxlQ7VYVauWDo+EPPI=
- In-reply-to: <20071001201830.GB885@xxxxxxxxxxxxxxxxxx>
- References: <200709291402.17925.robert@xxxxxxxxxxxxxxx> <20071001201830.GB885@xxxxxxxxxxxxxxxxxx>
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-dev@xxxxxxxxxxxxx
> > AFAICS there's no way of turning off a server immediately, without actually
> > killing the tor process.
> >
> > What I mean by this is some controller command(s) that:
> >
> > - Closes all the server's ORCONNs immediately
> > - Sends a suicide descriptor to the authdirs.
> >
> > The use-case is the general user who runs a relay most of the time but
> > occasionally wants to toggle it off without disripting general use.
>
> I'd rather that users who want to stop being a server _not_ kill all
> ORCONNs immediately: doing so kills all the active connections for
> every user who's touching that server.
>
> Instead, I'd prefer that all circuits through that server die
> naturally as clients time them out over the next 10-30 minutes, and
> that the server stop accepting new circuits. Does not that work in
> practice? If it doesn't work (because circuits stay open
> indefinitely), I think the answer is to give existing circuits 5-10
> minutes or so finish up.
It doesn't work. I have more than once closed my OrPort, and seen
heavy traffic (>95% of bandwidth) for an hour. I can see >40% traffic
for an hour and a half.
My thought:
If I want to die, I will send a "Circuit wants to be terminated"
message back upstream to the originating node. That node knows if the
circuit is in use or not, and can close it if it is not. * If it is in
use, at least that tor client knows not to open any new TCP
connections over that circuit.
I think that's the "missing" element. There is no way that I know of
for a circuit to refuse any new TCP connection while still staying
open for existing ones. And even better is being able to notify that
originating client that new TCP connections will be rejected before
hand, so that a new circuit can be prepared ahead of time.