[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Do Tor relays rely on ICMP type 11 (time exceeded / timeout in transit)?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Do Tor relays rely on ICMP type 11 (time exceeded / timeout in transit)?
From: Igor Mitrofanov <igor.n.mitrofanov@xxxxxxxxx>
Date: Sun, 22 Oct 2017 11:14:08 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 22 Oct 2017 14:14:44 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=FFGboUe6rl7JmxnylRRUsz9c73lE8HPpyN/SEEglBnI=; b=DlX1cjxvcwLcUk5EaZ91rEXI3/sQifYMLQPFmJRP8wJji1ZaPEXJBY8bsFSYUim50Q i4h/qJSkqqPUior3WPMXK29UyiaVj1TApDj1P9QALXLZhUhNfI7aM3BAIUvVt58zlhSp qS3JLAzfxHbPv5ILcB+HfASiWXLlLL07nmCav/vBAJDHzl+ZkD0b3swfZ3PEGJbtNqZH 21a6VWsSbfJoy8GPKDFL2V/z0sjZuQSqE6FXP/ulqRvT/YMMkxrK803B5loCQqXM7HCm emBVDMGi9+8bfrqZrb6BsmdhNFiqyD+P0w8woaRYOFgiGNo3WBO9Nb9zesyBZ05wJhV6 8n2w==
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

On my relays I am dropping any traffic that Tor itself does not rely on.
I wonder if I should allow or block incoming and/outgoing ICMP type 11
(time exceeded / timeout in transit)?

My host does receive some ICMP type 11 packets, and does seem to send
some out, but I am not sure if Tor is the source or destination.
Do Tor relays use some 'traceroute'-like mechanism to detect unreachable relays?

"netstat -s:
    ...
    ICMP input histogram:
        ...
        timeout in transit: 1923
    ...
    ICMP output histogram:
        ...
        timeout in transit: 1277
"
I remember seeing outgoing TCP packets with TTL set to 1 - those were
the ones triggering incoming ICMP type 11 packets.

Thanks,
- Igor
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Do Tor relays rely on ICMP type 11 (time exceeded / timeout in transit)?
  - From: teor

Prev by Author: Re: [tor-dev] Do Tor relays rely on ICMP type 11 (time exceeded / timeout in transit)?
Next by Author: [tor-dev] v3 hidden services: inconsistencies between spec and implementation
Previous by thread: Re: [tor-dev] Request for resource requirement
Next by thread: Re: [tor-dev] Do Tor relays rely on ICMP type 11 (time exceeded / timeout in transit)?
Index(es):
- Author
- Thread