[tor-relays] 0.2.4.17-rc on Pi, a couple weeks on

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Hey folks,

Here are my reports. First the good news: it's WAY more stable. Then the bad news: it still gets OOM-killed once in a while, possibly preventably.

THE GOOD (notes from September 14):

Here's my Pi relay since compilation of 0.2.4.17-rc:

Sep 14 11:50:59.000 [notice] Circuit handshake stats since last time: 13308/13324 TAP, 22/22 NTor. Sep 14 11:51:51.000 [notice] Heartbeat: Tor's uptime is 7 days 18:00 hours, with 434 circuits open. I've sent 42.85 GB and received 34.05 GB. Sep 14 11:51:51.000 [notice] Average packaged cell fullness: 98.369% Sep 14 11:51:51.000 [notice] TLS write overhead: 9%

That low NTor number is depressing. That high TAP number is scary. TAP is the old way and the way the botnet is using. NTor is post-0.2.4.8, I think.

The replay has settled into a fairly steady state (after losing its flags except Named) of sending 5-10KB more per sec than it gets. I have a feeling this is literally due to the TAP replies being bigger than the TAP requests. It's handling tens of thousands every 6 hours. Load average is steadyish at 0.7. Unlike its predecessor, though, it's not yet crashed under the new network conditions.

...By last night (18 Sept) it had settled in to no Stable flag, but forwarding an essentially random amount of traffic that looked similar minute-to-minute. Load was between 0.9 and 1.1 with tor, top, and nload being really the only active processes. There is still room for tuning with the Pi given that this load was attained relaying about 2Mbps when I looked.

THE BAD:

This morning:

Sep 18 04:50:59.000 [notice] Circuit handshake stats since last time: 34818/41100 TAP, 50/52 NTor. Sep 18 05:30:43.000 [warn] Your system clock just jumped 101 seconds forward; assuming established circuits no longer work.

The system clock thing is a Pi thing. I'm pretty sure I need to get much more aggressive with ntpd. (Pis have no battery backup and tend to have pretty bad clock drift.)

But then, 2 minutes later:

Sep 18 05:32:20 tulameen kernel: [2188444.188460] Out of memory: Kill process 7544 (tor) score 148 or sacrifice child Sep 18 05:32:20 tulameen kernel: [2188444.188475] Killed process 7544 (tor) total-vm:153352kB, anon-rss:115156kB, file-rss:36712kB

Coincidence? Bug? Smells like the latter. Shouldn't Tor be shedding memory if it closes all its circuits, not acquiring more?

Best, - -Gordon M.