-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I still have the really weird circuit creation storms going on. I'm trying to figure out how to *eliminate* the possibility with some kind of iptables throttling, but limiting SYNs to 4 per second bursting to 10 didn't do anything at all.
I know about the MaxAdvertisedBandwidth trick but it seems like a hacky workaround to me. I'd rather just advertise the bandwidth I have and either be able to handle it or, if possible, gracefully degrade during a storm, if I can detect it, by throttling circuit creation requests or TCP SYNs or whatever does the job.
I happened to pop in and take a peek at the Pi during a "storm," which I noticed because there were some messages in the logs pretty recently with lots of "your computer is too slow to handle this many circuit creation requests!" with astronomical (seeming) numbers:
Aug 12 00:43:45.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [369 similar message(s) suppressed in last 60 seconds] Aug 12 00:44:26.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [2514 similar message(s) suppressed in last 60 seconds] Aug 12 00:45:25.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [3196 similar message(s) suppressed in last 60 seconds] Aug 12 00:48:03.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [350 similar message(s) suppressed in last 60 seconds]
The machine was receiving only 30KB/sec sustained Ethernet traffic and replying with the same, but system load was 0.00 and Tor appeared to be dead. So, I restarted it. Here are some logs.
After the restart, notice the instant it's bootstrapped 100%, it gets slamed with circuit requests *again:*
Aug 12 01:01:20.000 [notice] We now have enough directory information to build circuits. Aug 12 01:01:20.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Aug 12 01:01:21.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Aug 12 01:01:23.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 17 circuits open. I've sent 35 kB and received 28 kB. Aug 12 01:01:23.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. Aug 12 01:01:24.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Aug 12 01:01:26.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Aug 12 01:01:26.000 [notice] Bootstrapped 100%: Done. Aug 12 01:01:26.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. Aug 12 01:01:26.000 [warn] Failed to hand off onionskin. Closing.
Bandwidth before and after the restart... Slammed immediately. Actually, my max relay bandwith when bursting is around ~350KB/sec, but how much of this is legit and how much is what appears to be either thousands of creation requests or a logging bug about said requests? Either way, Tor *will* crash (and make my router sad) if left to its own devices for a day or two on the Pi, as it stands now.
Device eth0 [192.168.1.2] (1/2): ===================================================== Incoming:
. |...##|# . |.. ##|######## . |||#..################## ||##|########################## .################################# ################################### #################################### Curr: 283 kByte/s .#################################### Avg: 99 kByte/s ##################################### Min: 7.79 kByte/s . |##################################### Max: 292 kByte/s ####|.|........###################################### Ttl: 3.00 GByte
Outgoing:
|. ||.||#|#### . | ..#|#|#|########### ....###|##################### ..|############################## Curr: 203 kByte/s .################################## Avg: 71 kByte/s .|################################### Min: 0.52 kByte/s ##################################### Max: 214 kByte/s ####|.|........|##################################### Ttl: 3.22 GByte
And logs as I was adjusting the bandwidth paste (I let it continue) ... note the bit about the nameserver, that's my *router* (WRT54G running Tomato) getting hammered hard enough by something - number of connections? - to start having problems. The last message has 7069 suppressed repeats. WTF.
One additional clue, if Tor is dead and I restart it, the 30KB/sec sustained traffic you see at the lower left of the graph above drops off immediately. That's when I *start* the Tor process. WTF.
Aug 12 01:02:26.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Aug 12 01:04:09.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [12350 similar message(s) suppressed in last 60 seconds] Aug 12 01:04:11.000 [warn] eventdns: All nameservers have failed Aug 12 01:04:11.000 [notice] eventdns: Nameserver 192.168.1.1:53 is back up Aug 12 01:04:11.000 [warn] eventdns: All nameservers have failed Aug 12 01:04:11.000 [notice] eventdns: Nameserver 192.168.1.1:53 is back up Aug 12 01:04:45.000 [warn] eventdns: All nameservers have failed Aug 12 01:04:45.000 [notice] eventdns: Nameserver 192.168.1.1:53 is back up Aug 12 01:05:10.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [9647 similar message(s) suppressed in last 60 seconds] Aug 12 01:06:11.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [6107 similar message(s) suppressed in last 60 seconds] Aug 12 01:06:13.000 [notice] Tried for 121 seconds to get a connection to [scrubbed]:993. Giving up. (waiting for circuit) Aug 12 01:07:09.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [7069 similar message(s) suppressed in last 60 seconds]
What is going on here?! And, how do I throttle it? I've had to shut it down for the time being once again.
- -Gordon
Gordon Morehouse:
... or for easy pasting, http://v.gd/An7s4B