- tor-relays - lists.torproject.org

turned on statistics
by starlight.2015q2＠binnacle.cx 01 Jul '15

01 Jul '15

It looked interesting so I turned on EntryStatistics 1 ConnDirectionStatistics 1 HiddenServiceStatistics 1 in addition to the default DirReqStatistics 1 and the output is indeed interesting. Also have CellStatistics 1 though this information does not seem to be published in the ExtraInfo digest. Any reason why having any of these enabled might be a bad idea? Running 0.2.6.9.

1 0

How to create HSDir on a private network
by Ceysun Sucu 01 Jul '15

01 Jul '15

Hi, I'm currently trying to simulate a tor network on shadow to test out some properties of hidden service's, i was wondering how could i create a hidden service directory or if someone could point towards an example configuration. Thanks, C,Sucu

3 2

Tor handshaking
by Adrian Soh 30 Jun '15

30 Jun '15

My ISP slows handshaking (circuit initialization) severely. Are there Torrc settings or changes to Orbot (Android) that I could use?

2 1

Re: [tor-relays] A bridge too far
by jchase 29 Jun '15

29 Jun '15

Thanks, isis, for your answer. I restarted my bridge without the flags and it's been running 7 days and still no stable flag back. Any experiments you can suggest? -J Chase > jchase transcribed 0.8K bytes: >> Hello, >> Can anybody help me figure out why my bridge has stopped showing the >> flags fast, running and stable? Especially stable, I would love to get >> that flag back. I run two bridges, on two different Rasp Pi's, the one >> with a globe fingerprint of B08284109C72C81ACF5866A17A4CC64CE3E16499 . >> The other with a globe fingerprint of >> 1BCD3EBEFE17EEB86EEDE21D5E2DB8468E2864CF . The first bridge runs with >> obfs 3 & 4 on a Pi 2. It seems I lost the stable flag around the time I >> got obfs 4 up and running. The second bridge runs only with obfs 3 on an >> older Pi. >> I've read that the stable flag is quite handy. Any ideas about how I can >> get it back? >> Greetings, >> J Chase > > Hi J, > > Your bridge B08284109C72C81ACF5866A17A4CC64CE3E16499 appears to have a current > uptime of about 50 hours, and to have the Stable flag, according to > dir-spec.txt, [0] it must have: > > "Stable" -- A router is 'Stable' if it is active, and either its Weighted > MTBF is at least the median for known active routers or its Weighted MTBF > corresponds to at least 7 days. > > Meaning that you probably just need to let the bridge run for a few more days, > and it'll get its Stable flag back. > > Also, for what it's worth, BridgeDB will still distribute your bridge, even if > it doesn't have the Stable flag. The only required flag for your bridge to > get distributed is the Running flag. However, you are correct that having the > Stable flag is useful, because BridgeDB, when distributing some bridges to a > user, will try pretty hard to make sure that at least one of the bridges has > the Stable flag. So, with the Stable flag, you've got a better chance of > being distributed to clients more often, but it's not strictly necessary to > have it, especially for a bridge like yours with small bandwidth and CPU. > > [0]: https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt?id=26929b8c5554… >

1 0

Re: [tor-relays] More consensus weight problems
by Aaron Gibson 29 Jun '15

29 Jun '15

On 2015-06-29 17:51, Speak Freely wrote: > Hello, > > First of all, I love Tor. I love Tor Browser, and I love running > relays. > > When the problems are solved, I will most likely spin up more relays. > > I'm leaving my fastest relay running, as a method of checking the > status > for myself. The rest have already started to expire, and within the > next > week or so most of the other ones will have expired as well. > > I'm going to try tor-dev-alpha 2.7.1 and change fingerprints, as per a > suggestion from s7r, seeing as how I have nothing to lose. > > I just wish the bwauths could scan relays based off previous relative > consensus weights... If this particular relay was at 27000, it should > be > higher on the list to check compared to another one I have that is at > 487. My one relay was blazing fast with thousands of connections, my Well, relays are ranked by capacity, and split over several scanner processes - they do get measured against their relative peers. But it seems that, when they fall out of the measurement process ('Unmeasured') they must start again at the beginning. This is expected because all relays start Unmeasured, and gradually increase their position in the consensus (per relative capacity), in order to dampen sudden changes and limit sybil attacks by requiring relays to stick around for a while, increasing the cost to an adversary. It likely should not be the case that historically long running relays should start at the bottom if they are unmeasured for a short period of time. We are in the process of testing increasing the number of scanner and accompanying tor instances from 4 to 9 (double, plus one for currently unmeasured relays) in order to decrease the amount of time each fraction of the network takes to measure and ensure that new relays or unmeasured relays are measured often. There are additional patches that introduce extra exits into the slice of relays, if there are no suitable exits to measure with. This likely won't address the above behavior, but we hope it will reduce the number of relays that go missing. Currently we seem to have mixed results, with one Bandwidth Authority operator claiming minimal (50) unmeasured relays, and another claiming ~600 mixed relays. These numbers are not directly comparable because they were not sampled at the same time, and may not be representative of typical behavior - it's a little too soon to tell. It's a bit tricky to both test these changes, on the live tor network, demonstrate that they produce sane results, and convince the directory authority operators and partner bandwidth authority operators to upgrade - nor do we want to do that all at once - gradual change is better. So, the goal is to produce results that will convince operators they should update, improve the situation for relay operators, and then start looking at longer term solutions for the measurement problem that are more maintainable and scalable in the long run. > other is painfully useless with dozens, but my fastest one lost its > consensus while the slowest one kept it's consensus. It just seems > silly. That being said, I don't know how/if the bwauths scan in any > order or just willy-nilly, (that's not entirely true, I know it's > segmented to some degree as I recall reading a blog post about how it's > chopped up) but... I'd be much less upset if my best relays worked and > my worst relays didn't. More complaining... bleh. > I hope to have a testable hypothesis as to why your faster relays suffer(ed) more than the slower relays - it could be that the fraction of network by capacity allocated to a particular scanner is not well balanced, and that fraction is taking significantly longer to measure. In order to evaluate that statement I need to understand the common characteristics of relays that become unmeasured/lose rank and see if they are from a similar segment of the network, and whether or not that segment of the network takes longer to measure than other segments. Another hypothesis is that your relays are on the boundary between two segments, and that a transition between scanner instances causes enough missed measurements to drop your relays. It would be helpful to know what rank the last good measurement your or other relays had before becoming unmeasured. It will require some cooperation with the existing deployed Bandwidth Authorities, in order to learn what their current scan times are - I will be writing some simple scripts to scrape these results so that we can collect and publish some useful heuristics about the scanner processes to better try and debug this problem. > > One thing I would like to point out though... it appears... These > problems have at least a casual relationship with MyFamily. > > One group of MyFamily is completely done - all of them stuck at 20. > Another group of MyFamily is working happily. > I've been doing some tests over the past few months trying to > understand > why I keep having problems, and one thing has consistently popped up... > MyFamily. That is very interesting, because MyFamily should have nothing to do with the scanner process at all - I'll need to think about this some more. > > As one of MyFamily lost consensus, another family gained consensus back > on or around the same time. > > Yes, especially nusenu, I know I'm supposed to have it all configured > to > be under 1 MyFamily... But in a way I'm glad I didn't, as the casual > relationship I see really could only be seen having done what I did. > > I say casual because I have no proof of causation. But... it is > interesting. If no one else has experienced similar problems, then I'd > chock it up to a completely unexpected unrelated set of mysterious > circumstances that should not have happened for which there is no > explanation. > > Aaron, if there is anything I can do to help you please let me know. If anything that I said above sparks a thought, please let me know :) > > > So in conclusion, I'm not done, I'm just not happy. > > This was supposed to be a short email, oops. > > > Matt > Speak Freely

1 0

default value (after reboot ) of controller.get_server_descriptor.uptime changed ?
by Toralf Förster 28 Jun '15

28 Jun '15

I do wonder, why a python script [1], lines 22 and 113, nowadays returns "00:00:00" for the uptime of my exit relay, when the system was rebooted, whereas in former times '00:01:01' (= 61 sec) was returned. FWIW the only local change before reboot here was to switch from Gentoo hardened kernel 4.0.6 to 4.0.6-r1. [1] http://www.zwiebeltoralf.de/pub/info.py -- Toralf pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E

2 1

be in time or not to be in time ?
by Toralf Förster 28 Jun '15

28 Jun '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hhm, found this in the log: Jun 28 03:58:37.000 [warn] Our clock is 1 minutes, 23 seconds behind the time published in the consensus network status document (2015-06-28 02:00:00 UTC). Tor needs an accurate clock to work correctly. Please check your time and date settings! NTP runs fine at this exit relay since months, and I found nothing in the log which would tell me that sth was wrong with the time. Any hints / explanations ? - -- Toralf pgp key: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 0076 E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlWPuw0ACgkQxOrN3gB26U71+wD+PIH6JSVqR8SJ/43wwDZKNibH UdvUWwDG4eQQ5kn/3N4A/AydwluUvBMXXSy7fh+Zphg1dCUF+zq7jKmxzRYcAZ2A =bnzu -----END PGP SIGNATURE-----

2 2

More consensus weight problems
by Speak Freely 27 Jun '15

27 Jun '15

Just thought I'd throw it out there. About 5 days ago I setup a new relay - it's consensus weight is still at 20. Then, I noticed a relay I've been running for about a month all of sudden lost all of it's consensus weight. It was ~17000, now at 20. It's uptime is 25 days, and has downloaded 4.8TB and updated 5.0TB in that time. Normally, when I have a consensus weight of 20, I also see a measured speed in arm of 160b/s. However, my month old relay's measured speed is showing 136.7Kb/s. This relay was averaging 15-25Mbit/s up until today, but now jumps between 600Kbit - 8Mbit, but mainly between 800Kbit-2Mbit. My other relays with the same provider have not experienced this, nor have my relays with different providers. Just this one. The interesting one: https://atlas.torproject.org/#details/D60B02A13F5D9CAFD6EC27A5332C5FEF5B769… Matt Speak Freely

4 6

circuit_unlink_all_from_channel
by Logforme 27 Jun '15

27 Jun '15

FYI I run the relay 855BC2DABE24C861CD887DB9B2E950424B49FC34. Today I found a message in the log file I have not seen before: Jun 26 18:05:20.000 [warn] circuit_unlink_all_from_channel(): Bug: Circuit on detached list which I had no reason to mark Relay continues to run fine with 30 days uptime.

2 1

Re: [tor-relays] No Exit flag on Exit node
by spiros_spiros＠freemail.gr 25 Jun '15

25 Jun '15

Aha thank you, so simple! I will make the changes. Spiros Στις 25 Ιούνη, 2015, στις 19:18, ο Tom van der Woerdt <info(a)tvdw.eu> έγραψε: Hi, You need two of the ports [80,443,6667] allowed to get the Exit flag. Of these, your exit configuration only allows 80. Tom spiros_spiros(a)freemail.gr schreef op 25/06/15 om 20:19: Good evening all, An exit that I have been running for over one month now has not yet achieved the Exit flag in arm/atlas (I know it is working because regular spam/hacking/abuse emails I am receiving). I though this was related to recent bwauth issue, but have concerns now because the exit now has a Guard flag. I think the problem will lie in the torrc and some mistake in the config. Please can I ask for some advice on where the mistake might be? I have pasted torrc below, with sensitive information changed in the brackets <>. Thanks very much Spiros #:~ cat /etc/tor/torrc RunAsDaemon 1 DataDirectory /var/lib/tor ControlPort 9051 CookieAuthentication 1 ORPort 443 ORPort [<<valid IPv6 address>>]:9090 Nickname <<nickname of this exit>> RelayBandwidthRate 10 MB RelayBandwidthBurst 12.5 MB DirPort 9030 DirPortFrontPage /etc/tor/tor-exit-notice.html MyFamily <<nicknames of other exits and relays>> ExitPolicy accept *:20-23 ExitPolicy accept *:53 ExitPolicy accept *:79-81 ExitPolicy accept *:88 ExitPolicy accept *:110 ExitPolicy accept *:143 ExitPolicy accept *:1194 ExitPolicy accept *:5900 ExitPolicy accept *:8008 ExitPolicy accept *:8080 ExitPolicy accept *:8082 ExitPolicy accept *:8332-8333 ExitPolicy accept *:50002 ExitPolicy reject *:* ExitPolicy reject6 *:* IPv6Exit 1 DisableDebuggerAttachment 0 _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

1 0