<div dir="ltr">Teor,<div><br></div><div>Yes, I can absolutely do that, let me set up logging and give it a couple of hours to get some data for you.</div><div><br></div><div>I can't say that I'm terribly comfortable sending the logs via a public, archived distribution list. Mind if I email them to you (or a non-public distribution) directly? We can update this thread later if we figure out that there is indeed an issue so anyone else in this position can learn.</div><div><br></div><div>Thanks again!</div><div>gp</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 3, 2017 at 12:13 AM, teor <span dir="ltr"><<a href="mailto:teor2345@gmail.com" target="_blank">teor2345@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
> On 27 Dec 2016, at 03:47, Gage Parrott <<a href="mailto:gcparrott@gmail.com">gcparrott@gmail.com</a>> wrote:<br>
><br>
> Morning, everyone,<br>
><br>
> I recently migrated my bridge relay over to a VM and everything seems to be working fine except for one oddity. I consistently see lines like this in tor's log file on the new machine:<br>
><br>
> Dec 25 23:48:14.000 [notice] Heartbeat: Tor's uptime is 4 days 5:59 hours, with 43 circuits open. I've sent 1.78 GB and received 28.37 GB.<br>
> Dec 25 23:48:14.000 [notice] Heartbeat: In the last 6 hours, I have seen 2 unique clients.<br>
> Dec 26 05:48:14.000 [notice] Heartbeat: Tor's uptime is 4 days 11:59 hours, with 105 circuits open. I've sent 1.87 GB and received 29.24 GB.<br>
> Dec 26 05:48:14.000 [notice] Heartbeat: In the last 6 hours, I have seen 2 unique clients.<br>
><br>
> Notice the amount of data sent and received. Can anyone think of why there would be such a large discrepancy between the amount of traffic downloaded versus uploaded? This behavior persists after reboots, as well.<br>
><br>
> I thought maybe it was downloading a ton of directory data, but is there really a GB's worth of directory data to download every six hours?? Also, the logs on my old machine (pre-migration, one line pasted below for reference) indicated that nearly the same amount of data was being sent as was being received. Any ideas on why would this have changed?<br>
><br>
> Dec 07 06:02:03.000 [notice] Heartbeat: Tor's uptime is 4 days 6:12 hours, with 78 circuits open. I've sent 33.71 GB and received 33.47 GB.<br>
><br>
> Any help is greatly appreciated. Thanks a bunch and merry Christmas!<br>
<br>
</span>It looks like you have very few clients.<br>
Perhaps those clients have switched to using interactive protocols?<br>
Or, more precisely, perhaps those clients are sending almost-empty<br>
cells, and then receiving back almost-full cells in response?<br>
(This could be an amplification attack, or simply lots of downloads.)<br>
<br>
On the other hand, your bridge could be repeatedly asking for directory<br>
documents. If this is the case, we'd *really* like to know what is<br>
causing the issue. Please send more logs, at info-level if possible.<br>
<br>
T<br>
<br>
--<br>
Tim Wilson-Brown (teor)<br>
<br>
teor2345 at gmail dot com<br>
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B<br>
ricochet:ekmygaiu4rzgsk6n<br>
xmpp: teor at torproject dot org<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
<br>
<br>
<br>
<br>______________________________<wbr>_________________<br>
tor-relays mailing list<br>
<a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.<wbr>org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/<wbr>cgi-bin/mailman/listinfo/tor-<wbr>relays</a><br>
<br></blockquote></div><br></div>