Teor,
Yes, I can absolutely do that, let me set up logging and give it a couple of hours to get some data for you.
I can't say that I'm terribly comfortable sending the logs via a public, archived distribution list. Mind if I email them to you (or a non-public distribution) directly? We can update this thread later if we figure out that there is indeed an issue so anyone else in this position can learn.
Thanks again! gp
On Tue, Jan 3, 2017 at 12:13 AM, teor teor2345@gmail.com wrote:
On 27 Dec 2016, at 03:47, Gage Parrott gcparrott@gmail.com wrote:
Morning, everyone,
I recently migrated my bridge relay over to a VM and everything seems to
be working fine except for one oddity. I consistently see lines like this in tor's log file on the new machine:
Dec 25 23:48:14.000 [notice] Heartbeat: Tor's uptime is 4 days 5:59
hours, with 43 circuits open. I've sent 1.78 GB and received 28.37 GB.
Dec 25 23:48:14.000 [notice] Heartbeat: In the last 6 hours, I have seen
2 unique clients.
Dec 26 05:48:14.000 [notice] Heartbeat: Tor's uptime is 4 days 11:59
hours, with 105 circuits open. I've sent 1.87 GB and received 29.24 GB.
Dec 26 05:48:14.000 [notice] Heartbeat: In the last 6 hours, I have seen
2 unique clients.
Notice the amount of data sent and received. Can anyone think of why
there would be such a large discrepancy between the amount of traffic downloaded versus uploaded? This behavior persists after reboots, as well.
I thought maybe it was downloading a ton of directory data, but is there
really a GB's worth of directory data to download every six hours?? Also, the logs on my old machine (pre-migration, one line pasted below for reference) indicated that nearly the same amount of data was being sent as was being received. Any ideas on why would this have changed?
Dec 07 06:02:03.000 [notice] Heartbeat: Tor's uptime is 4 days 6:12
hours, with 78 circuits open. I've sent 33.71 GB and received 33.47 GB.
Any help is greatly appreciated. Thanks a bunch and merry Christmas!
It looks like you have very few clients. Perhaps those clients have switched to using interactive protocols? Or, more precisely, perhaps those clients are sending almost-empty cells, and then receiving back almost-full cells in response? (This could be an amplification attack, or simply lots of downloads.)
On the other hand, your bridge could be repeatedly asking for directory documents. If this is the case, we'd *really* like to know what is causing the issue. Please send more logs, at info-level if possible.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays