[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Raspberry Pi Relay Node Performance and future Plans on Documentation and more
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I still have the really weird circuit creation storms going on. I'm
trying to figure out how to *eliminate* the possibility with some kind
of iptables throttling, but limiting SYNs to 4 per second bursting to
10 didn't do anything at all.
I know about the MaxAdvertisedBandwidth trick but it seems like a hacky
workaround to me. I'd rather just advertise the bandwidth I have and
either be able to handle it or, if possible, gracefully degrade during
a storm, if I can detect it, by throttling circuit creation requests
or TCP SYNs or whatever does the job.
I happened to pop in and take a peek at the Pi during a "storm,"
which I noticed because there were some messages in the logs pretty
recently with lots of "your computer is too slow to handle this many
circuit creation requests!" with astronomical (seeming) numbers:
Aug 12 00:43:45.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [369 similar message(s) suppressed in last 60 seconds]
Aug 12 00:44:26.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [2514 similar message(s) suppressed in last 60 seconds]
Aug 12 00:45:25.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [3196 similar message(s) suppressed in last 60 seconds]
Aug 12 00:48:03.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [350 similar message(s) suppressed in last 60 seconds]
The machine was receiving only 30KB/sec sustained Ethernet traffic and
replying with the same, but system load was 0.00 and Tor appeared to
be dead. So, I restarted it. Here are some logs.
After the restart, notice the instant it's bootstrapped 100%, it gets
slamed with circuit requests *again:*
Aug 12 01:01:20.000 [notice] We now have enough directory information
to build circuits.
Aug 12 01:01:20.000 [notice] Bootstrapped 80%: Connecting to the Tor
network.
Aug 12 01:01:21.000 [notice] Self-testing indicates your ORPort is
reachable from the outside. Excellent. Publishing server descriptor.
Aug 12 01:01:23.000 [notice] Heartbeat: Tor's uptime is 0:00 hours,
with 17 circuits open. I've sent 35 kB and received 28 kB.
Aug 12 01:01:23.000 [notice] Bootstrapped 85%: Finishing handshake
with first hop.
Aug 12 01:01:24.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Aug 12 01:01:26.000 [notice] Tor has successfully opened a circuit.
Looks like client functionality is working.
Aug 12 01:01:26.000 [notice] Bootstrapped 100%: Done.
Aug 12 01:01:26.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy.
Aug 12 01:01:26.000 [warn] Failed to hand off onionskin. Closing.
Bandwidth before and after the restart... Slammed immediately.
Actually, my max relay bandwith when bursting is around ~350KB/sec,
but how much of this is legit and how much is what appears to be
either thousands of creation requests or a logging bug about said
requests? Either way, Tor *will* crash (and make my router sad) if
left to its own devices for a day or two on the Pi, as it stands now.
Device eth0 [192.168.1.2] (1/2):
=====================================================
Incoming:
. |...##|#
. |.. ##|########
. |||#..##################
||##|##########################
.#################################
###################################
#################################### Curr: 283 kByte/s
.#################################### Avg: 99 kByte/s
##################################### Min: 7.79 kByte/s
. |##################################### Max: 292 kByte/s
####|.|........###################################### Ttl: 3.00 GByte
Outgoing:
|.
||.||#|####
. | ..#|#|#|###########
....###|#####################
..|############################## Curr: 203 kByte/s
.################################## Avg: 71 kByte/s
.|################################### Min: 0.52 kByte/s
##################################### Max: 214 kByte/s
####|.|........|##################################### Ttl: 3.22 GByte
And logs as I was adjusting the bandwidth paste (I let it continue)
... note the bit about the nameserver, that's my *router* (WRT54G
running Tomato) getting hammered hard enough by something - number of
connections? - to start having problems. The last message has 7069
suppressed repeats. WTF.
One additional clue, if Tor is dead and I restart it, the 30KB/sec
sustained traffic you see at the lower left of the graph above drops
off immediately. That's when I *start* the Tor process. WTF.
Aug 12 01:02:26.000 [notice] Self-testing indicates your DirPort is
reachable from the outside. Excellent.
Aug 12 01:04:09.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [12350 similar message(s) suppressed in last 60 seconds]
Aug 12 01:04:11.000 [warn] eventdns: All nameservers have failed
Aug 12 01:04:11.000 [notice] eventdns: Nameserver 192.168.1.1:53 is
back up
Aug 12 01:04:11.000 [warn] eventdns: All nameservers have failed
Aug 12 01:04:11.000 [notice] eventdns: Nameserver 192.168.1.1:53 is
back up
Aug 12 01:04:45.000 [warn] eventdns: All nameservers have failed
Aug 12 01:04:45.000 [notice] eventdns: Nameserver 192.168.1.1:53 is
back up
Aug 12 01:05:10.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [9647 similar message(s) suppressed in last 60 seconds]
Aug 12 01:06:11.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [6107 similar message(s) suppressed in last 60 seconds]
Aug 12 01:06:13.000 [notice] Tried for 121 seconds to get a connection
to [scrubbed]:993. Giving up. (waiting for circuit)
Aug 12 01:07:09.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [7069 similar message(s) suppressed in last 60 seconds]
What is going on here?! And, how do I throttle it? I've had to
shut it down for the time being once again.
- -Gordon
Gordon Morehouse:
... or for easy pasting, http://v.gd/An7s4B
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJSCJ4BAAoJED/jpRoe7/uj+QcIAJw/kyFifuMIhN3blVRWswvf
hQvTe2r5Z0lHH0ockL6KcHt1u14Yq/3ED2sEVFGs+q01XYKLao1OVDG4NO6wsZxq
CX+Lzug/BrhS8hDJlTTMSSDY4S0iHzyF9iMOlLW3iHgztDnfP/WhqjDnLV29qhNV
1iQVbhVYBzf6X3UAgiebbV07gLPlsY70bWBSL7JSon07aa5ZsI7lt/9rWRAiHeRp
Pk8lftIobq9t1Vx2NVsbRkJ8pmRMRELcX58SmHYjlD4+qgugObJKrG4pOcuj4Z2C
Z/Yz/VuiLv6AY+glxJtsSFZrukQr6isS2MW6f8bJwEXkQHOcLYj2Pf28TPdRMzk=
=njNC
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays