-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Gordon Morehouse:
I'm still waiting for another "storm" to test the 60 sec findtime / 90 sec bantime guesses that I made (and just pushed to my repo, BTW). Every time my relay crashes due to a storm, it takes me that much longer to get Stable back, and the storms are almost nonexistent until you have the Stable flag in my observation.
Another circuit-creation storm (detectable as SYN flood on ORPort) happened last night soon after reattaining my Stable flag (argh!!!) and the following limits on SYNs to the ORPort were not enough to save Tor from the oom-killer: 1. Absolute limit avg 4 SYN per second with burst of 10 to ORPort, with an iptables REJECT (as opposed to DROP) for hosts that send SYNs when this limit has been reached. 2. 90-second iptables DROP ban for hosts which exceed the above (and are thus logged) in any 60-second period. Sigh. More trial and error and another (figurative) century before I get my Stable flag back. Best, - -Gordon M. -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJSZorpAAoJED/jpRoe7/ujVc0H/1w3cteInSXCNekjn76OgDMx o/RYfiCnlVqOd6ubKOzGXn5nsYqJJpRrIwWE9j2R5/1PqZA6XAR3AbZ9ENPLP9GY +xxY4ELn4wiQB4zSHuV/OOEwkvxq15XyDTv7mFTVhHwjC5nVV2z3g3rjGIM3735I HMDQ5mBF9URfn4vTKXrpZ2EWzX44EsP4oAPQqMSwGSpQQ2+cdMlOWmHg257VIDcu mrYm+lBMOqVq/ns6NMhWE/I9gwkEREK4VvpyIVANk5se+er/fL7cdKenIjciXQem 7fDDZMNov3cNa9M6dHn1yPo2r6lJkuw94M+knmexd7F+rij+vznZ524DQgrOPeI= =lmst -----END PGP SIGNATURE-----