- tor-relays - lists.torproject.org

Re: [tor-relays] Tor relay on Verizon FiOS/FTTH: Advertised Bandwidth capped at ~19.5MiB/s
by starlight.2018q2＠binnacle.cx 18 Feb '19

18 Feb '19

Neel Chauhan neel at neelc.org at Mon Feb 18 18:05:47 UTC 2019 > >I feel it's my Linksys WRT1900AC because consumer routers aren't >designed for the traffic high-bandwidth Tor relays handle, even after >flashing things like OpenWrt. The router is probably dropping packets and is problem. Also consumer grade switches generally cannot handle FiOS without dropping tons of packets. A one TCP connection speedtest will not trigger overload the way a 7000 connection Tor router does. Dealt with this here by attaching the Linux server directly to FiOS and having it act as the outside router. The relay would run much better but I fried the mainboard with a PCIx NIC overload; swapped in an incredibly ancient system formerly collecting dust on a shelf. Too busy/lazy to put up the newer box waiting to take it's place.

1 0

Re: [tor-relays] Tor relay on Verizon FiOS/FTTH: Advertised Bandwidth capped at ~19.5MiB/s
by Roman Mamedov 18 Feb '19

18 Feb '19

On Mon, 18 Feb 2019 09:06:05 -0500 Neel Chauhan <neel(a)neelc.org> wrote: > Verizon gives both 300 mbps upload and download speeds. Uploads are more > heavily oversubscribed on FiOS, primarily because GPON gives 2.5gbps > downloads and 1.25gbps uploads. But then again the upload will be barely utilized by typical residential Internet users. Still my recommendation is to test your bandwidth in multiple ways first, be it speedtest.net, or (better yet) https://github.com/sivel/speedtest-cli, or iperf3 servers, if you can find any near your location. If tests show that you do get near 300 Mbit both directions, the next step would be to just set up two instances of Tor, as I suggested before in your thread[1]. Actually fun to see my prediction from back then coming true precisely (with regard to getting only 200 Mbit). [1] https://www.mail-archive.com/tor-relays@lists.torproject.org/msg15819.html Running two instances is the universal solution which should improve Tor's bandwidth utilization on almost any connection. -- With respect, Roman

2 2

IRC operator meeting - February 7th
by Colin Childs 13 Feb '19

13 Feb '19

Hi everyone, As previously discussed (https://lists.torproject.org/pipermail/tor-relays/2019-January/016894.html <https://lists.torproject.org/pipermail/tor-relays/2019-January/016894.html>) we are resuming our IRC relay operator meetings this Thursday, February 7th @ 2:00UTC. These meetings will be held in #tor-meeting on irc.oftc.net <http://irc.oftc.net/>. If you’d like to add to the agenda, please edit the pad at https://storm.torproject.org/shared/mbyhs_ors7pdIxU92TLQoK_OzDGNpVw6p_zkC6D… <https://storm.torproject.org/shared/mbyhs_ors7pdIxU92TLQoK_OzDGNpVw6p_zkC6D…> See you all there!

2 3

Re: [tor-relays] BadExit why?
by Olaf Grimm 12 Feb '19

12 Feb '19

Thank you for the answer. I try to get a new IP from the Trabia support. Olaf Am 12.02.19 um 21:51 schrieb David Goulet: > On 12 Feb (21:35:29), Olaf Grimm wrote: >> inet 178.175.148.15 > Thanks Olaf! > > That IP was flagged as rewritting bitcoin addresses on Jan 21st, 2019. > > It appears you re-used a malicious IP from I.C.S. Trabia-Network S.R.L. > > Do you have an easy way to request a new IP for that Exit node or it is kind > of a pain? > > Un-blacklisting a relay that is still not considered expired from our reject > rule set can be a laborious process because essentially, we have to make a > case to the directory authorities and they decide if they remove the rule or > not based on our arguments ;). > > So changing the IP would be definitely the easiest way else we can try to > convince the dirauth :). > > Sorry for the inconvenience! > David > >> Am 12.02.19 um 21:34 schrieb David Goulet: >>> On 12 Feb (21:30:10), Olaf Grimm wrote: >>>> Hello ! >>>> >>>> I provisioning a new exit since two hours. It is a totally new relay in >>>> a VM. My other relays at the same provider are ok. Why I see "BadExit" >>>> in Nyx??? Now my first bad experience with my 11 relays... >>>> >>>> fingerprint: CCDC4A28392C7448A34E98DF872213BC16DB27CD >>>> Nickname Hydra10 >>> This relay is not yet on Relay Search: >>> >>> http://rougmnvswfsmd4dq.onion/rs.html#search/CCDC4A28392C7448A34E98DF872213… >>> >>> I'm guessing it is quite new. >>> >>> That fingerprint is *not* set as a BadExit so this means you might have gotten >>> the IP address of an old BadExit. >>> >>> Can you share the address so I can look it up? >>> >>> Thanks! >>> David >>> >>>> At all exits I have the same firewall rules and torrc configs: >>>> >>>> ufw status >>>> Status: active >>>> >>>> To Action From >>>> -- ------ ---- >>>> 22/tcp ALLOW Anywhere >>>> 9001/tcp ALLOW Anywhere >>>> 9030/tcp ALLOW Anywhere >>>> 80/tcp ALLOW Anywhere >>>> 443/tcp ALLOW Anywhere >>>> 1194/tcp ALLOW Anywhere >>>> 53/tcp ALLOW Anywhere >>>> 53/udp ALLOW Anywhere >>>> 1194/udp ALLOW Anywhere >>>> 22/tcp (v6) ALLOW Anywhere (v6) >>>> 9001/tcp (v6) ALLOW Anywhere (v6) >>>> 9030/tcp (v6) ALLOW Anywhere (v6) >>>> 80/tcp (v6) ALLOW Anywhere (v6) >>>> 443/tcp (v6) ALLOW Anywhere (v6) >>>> 1194/tcp (v6) ALLOW Anywhere (v6) >>>> 53/tcp (v6) ALLOW Anywhere (v6) >>>> 53/udp (v6) ALLOW Anywhere (v6) >>>> 1194/udp (v6) ALLOW Anywhere (v6) >>>> >>>> Please take a look what happens. >>>> >>>> Olaf >>>> _______________________________________________ >>>> tor-relays mailing list >>>> tor-relays(a)lists.torproject.org >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> _______________________________________________ >>> tor-relays mailing list >>> tor-relays(a)lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > >

2 1

BadExit why?
by Olaf Grimm 12 Feb '19

12 Feb '19

Hello ! I provisioning a new exit since two hours. It is a totally new relay in a VM. My other relays at the same provider are ok. Why I see "BadExit" in Nyx??? Now my first bad experience with my 11 relays... fingerprint: CCDC4A28392C7448A34E98DF872213BC16DB27CD Nickname Hydra10 At all exits I have the same firewall rules and torrc configs: ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 9001/tcp ALLOW Anywhere 9030/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 1194/tcp ALLOW Anywhere 53/tcp ALLOW Anywhere 53/udp ALLOW Anywhere 1194/udp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 9001/tcp (v6) ALLOW Anywhere (v6) 9030/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 1194/tcp (v6) ALLOW Anywhere (v6) 53/tcp (v6) ALLOW Anywhere (v6) 53/udp (v6) ALLOW Anywhere (v6) 1194/udp (v6) ALLOW Anywhere (v6) Please take a look what happens. Olaf

3 2

plans to require ContactInfo to be non-empty
by nusenu 11 Feb '19

11 Feb '19

Hi, due to some recent and ongoing events related to a malicious entity running tor relays I'll start to pursue an idea that I had for some time: require non-empty ContactInfo (non-empty does not mean valid email address) This is primarily a non-technical policy discussion which will take place on tor-dev@. If you want to help right away and currently don't make use of the ContactInfo, please set it. If you think such a change would negatively affect you please let me know (off-list is also fine if you prefer). thanks, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

9 12

2 ip addresses at the same device, works except for the DirPort
by Toralf Förster 07 Feb '19

07 Feb '19

I ordered a 2nd ip address for my server and put them in the first order in my network configuration. I do wonder, why this adapted torrcconfiguration: $> cat /etc/tor/torrc # torrc at tor-relay # PIDFile /var/run/tor/tor.pid DataDirectory /var/lib/tor/data Nickname zwiebeltoralf OutboundBindAddress 5.9.158.75 DirPort 80 ORPort 443 DirPort [2a01:4f8:190:514a::2]:80 NoAdvertise ORPort [2a01:4f8:190:514a::2]:443 ControlPort 9051 Log warn file /tmp/warn.log #Log notice file /tmp/notice.log #Log info file /tmp/info.log ExitRelay 0 IPv6Exit 0 works at the first glance (about 6,000 connection) but still give after a while in the log: Feb 06 19:59:08.000 [notice] Tor 0.4.0.1-alpha opening log file. Feb 06 20:19:26.000 [warn] Your server (<xx>:80) has not managed to confirm that its DirPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. (where <xx> is the new main ip address at my eth0 device) -- Toralf PGP C4EACDDE 0076E94E

2 2

Tor meetup @ Onionspace, Berlin
by Vasilis 03 Feb '19

03 Feb '19

Dear Tor friends and relay operators, Tomorrow (02.02.2019) a relay operators meetup will take place at Onionspace, Berlin. When: Saturday, February 2nd, 2019 Time: 16:00 / 4:00 PM Where: Gottschedstrasse 4, Entrance 4, 13357 Berlin (U Nauener Platz) Event link: https://blog.torproject.org/events/tor-meetup-berlin Hope to see many of you there! Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162

3 2

note to Falback Directory operators: bandwidth wasting bot
by starlight.2018q2＠binnacle.cx 03 Feb '19

03 Feb '19

For the last year a bot of some kind has loaded Fallback Directory relays with excessive directory document requests. Some detail can be found in ticket #27921 at https://trac.torproject.org/projects/tor/ticket/27921. To determine if your relay is affected, look the relay up in https://metrics.torproject.org/rs.html, click the 6-Month history tab, and examine the graph for significantly higher "write bytes per second" relative to "read bytes per second". I find this annoying (since I pay for the wasted bandwidth) and came up with a one-line hack that mitigates the abuse without impairing the usefulness of the DIR service to normal relays and clients. If you compile your daemon from source and are interested contact me directly for the patch.

2 1

Re: [tor-relays] Tor RAM usage (DoS or memory leaks?) - Flood of circuits
by petrarca＠protonmail.ch 03 Feb '19

03 Feb '19

There is something really strange going on indeed. What I noticed is an increase of circuits and my device running out of memory until it stopped working so I had to reboot it on 31. Jan. Then again the memory usage increased until it leveled out at a rather unusual, high usage. The actual bandwidth usage is not unusual though (always around 2Mbps on my relay). Attached a screenshot of my memory usage the last few days (I hope attachments do work here; it's in fact Tor using that memory as could be checked with ps and htop). Heartbeat messages of the log are: Jan 31 10:57:56.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 447 circuits open. I've sent 2.66 GB and received 2.65 GB. Jan 31 16:57:56.000 [notice] Heartbeat: Tor's uptime is 12:00 hours, with 19764 circuits open. I've sent 9.59 GB and received 9.54 GB. Jan 31 22:57:56.000 [notice] Heartbeat: Tor's uptime is 18:00 hours, with 54178 circuits open. I've sent 12.36 GB and received 12.30 GB. Feb 01 04:57:56.000 [notice] Heartbeat: Tor's uptime is 23:50 hours, with 79333 circuits open. I've sent 14.89 GB and received 14.81 GB. Feb 01 10:57:56.000 [notice] Heartbeat: Tor's uptime is 1 day 5:50 hours, with 110815 circuits open. I've sent 19.55 GB and received 19.45 GB. Feb 01 16:57:56.000 [notice] Heartbeat: Tor's uptime is 1 day 11:50 hours, with 141724 circuits open. I've sent 24.03 GB and received 23.90 GB. Feb 01 22:57:56.000 [notice] Heartbeat: Tor's uptime is 1 day 17:50 hours, with 12829 circuits open. I've sent 29.96 GB and received 29.75 GB. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 1. February 2019 23:50, Roman Mamedov <rm(a)romanrm.net> wrote: > Hello, > > There seems to be an issue with Tor's memory usage. > Earlier today, with Tor 3.5.7 and 1.5 GB of RAM running two Tor processes, the > machine got 430 MB into swap, slowing down to a crawl from iowait on accessing > the swapped out memory. Typically 1.5 GB is more than enough for these. "VIRT" > in top was ~1GB each, and "RES" was ~512MB each. Which is weird because that > doesn't add up to exhausting the 1.5 GB, and there are no other heavy > processes on the machine running. I rebooted it without further investigation. > > And right now on another machine running 2.9.16 I see: > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 22432 debian-+ 30 10 5806816 5.157g 10464 R 39.5 33.1 39464:19 tor > > But not sure if it just accumulated 5.1GB of RAM slowly over time, or shot up > recently. > > Feb 01 17:00:49.000 [notice] Heartbeat: Tor's uptime is 82 days 23:59 hours, > with 70705 circuits open. I've sent 66622.45 GB and received 65906.91 GB. > Feb 01 17:00:49.000 [notice] Circuit handshake stats since last time: > 11361/11361 TAP, 239752/239752 NTor. > Feb 01 17:00:49.000 [notice] Since startup, we have initiated 0 v1 > connections, 0 v2 connections, 10 v3 connections, and 3385644 v4 connections; > and received 14 v1 connections, 78592 v2 connections, 822108 v3 connections, > and 8779474 v4 connections. > Feb 01 17:00:49.000 [notice] DoS mitigation since startup: 2899572 circuits > rejected, 121 marked addresses. 561 connections closed. 21956 single hop clients refused. > Feb 01 17:08:20.000 [warn] connection_edge_process_relay_cell (at origin) > failed. > > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > With respect, > Roman > > tor-relays mailing list > tor-relays(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

4 3