[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Issue about selection of Tor relays when using the default torrc configuration

Hello Scott
Thanks for you help. However , is there no way that I can cause tor client to reload a new set of entry guard nodes ? I have tried both NEWNYM and HUP signals through *nc* to communicate to tor controller . However , in both cases only a small set of (infact 3) entry guards are selected.

Scott Bennett wrote:
     On Fri, 29 May 2009 17:17:33 -0400 Sambuddho Chakravarty
<sc2516@xxxxxxxxxxxx> wrote:
I am using the default torrc without giving any information on what relays to select for circuit creation. But apparently tor (from what I experience) Tor doesn't change the relays selected in a long time. So each time (over a period of 2 - 3 hours) I start the tor client it seems to be selecting the same relays . Is there a way I can ensure different relay selection over each time I start the tor client.

     You may be observing any of several things that lead you to believe
what you wrote.  For example, The torrc distributed with the package and
most likely the internal default in the code say that three entry guards
are to be used.  Entry guard connections can be held open for a very long
time because all of your client traffic gets funneled through them.  The
default route length is 3, so each circuit needs at least two more nodes
beyond the entry guard.  We are fortunate that the tor network includes
several dozen nodes that handle very large volumes of data at high rates.
Those nodes, therefore, get chosen frequently during circuit route selection,
so you may see these popping up over and over again, but regardless of how
it seems in a Vidalia display, they are being used for new circuits each
time.  Also, many streams (i.e., TCP connections) may pass simultaneously
or in succession through the same circuit.  As long as a single stream is
still present in a circuit, the circuit is considered active and will not
be torn down, regardless of its age.  The upshot of this is that if you
have, say, a secure shell login session to your friendly UNIX/LINUX system
somewhere and you stay logged in, the circuit that connection passes through
will not normally be closed until you do logout.  (Note that after a circuit
has aged ten minutes, no *new* streams are to be assigned to it.  New
streams will be assigned to a new(er) circuit.
     tor's standard client behavior is to begin aging a circuit the first
time it is used.  It is important to remember this and to note that the
first time a circuit is used could conceivably be quite a while after it
is built because tor builds some circuits in anticipation of needing them.
Such circuits may end up not being used, but if they aren't, then they will
hang around anyway for an hour(?) or so before being torn down.
     If you use a tor controller, such as torctl or Vidalia, you can send
a NEWNYM command to tor that will cause it to mark all aging circuits (i.e.,
those that have been or are being used at least once).  Any circuits that
are aging but have no streams in them (i.e., the circuits are not currently
active) and get marked as "old" this way will automatically be torn down.
Any that are currently active will still be marked "old", so that they can
be torn down when they become inactive.  When tor has no available circuits
to assign a new stream to, it will begin building some new ones.  I confess
I don't recall offhand whether a NEWNYM or a SIGHUP will by itself cause
tor to build circuits preemptively (i.e., in anticipation of need for them).
The last time I used a version of Vidalia, it had some cute button to click
on that said, "New Identity" or some such thing.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *