On 2022-07-06 21:19, Roger Dingledine wrote:
But it was replaced with a new overload (boo), from way too many Tor clients running at a few cloud providers. The main result for relay operators is greatly increased file descriptor use, with a few IP addresses or /24's generating the majority of the new connections.
If your relay is bumping up against its file descriptor limits, or otherwise suffering (e.g. more memory usage than desired), one reasonable option for you might be to set some iptables-level connection limiting. More details in this ticket: https://gitlab.torproject.org/tpo/core/tor/-/issues/40636#note_2818529
I'm running the small non-exit 8F6A78B1EA917F2BF221E87D14361C050A70CCC3.
Since mid-may the relay has been under heavy load. I had to limit my bandwidth using "RelayBandwidthRate" in torrc to about 90% of my real BW to be able to use internet for myself. This solved my laggy internet.
Since the 2nd of July the number of (non torrelay) tor connections to my relay skyrocketed from about 3500 to 20000. A week ago I implementedĀ connection limits per Toralf's post: iptables -A INPUT -p tcp --destination-portĀ 443 -m connlimit --connlimit-mask 32 --connlimit-above 30 -j DROP This reduced the number of connections to about 10000.
I just now noticed that the relay is flagged as overloaded. What to do? Decrease the connection limit from 32 to .. what? Decrease my RelayBandwidthRate even more? Seems like giving in to the DoSer.
Logfile: Jul 10 02:58:39.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [8169 similar message(s) suppressed in last 14820 seconds] Jul 10 03:32:28.000 [notice] General overload -> Ntor dropped (220414) fraction 5.8677% is above threshold of 0.5000%
Metrics port: tor_relay_load_onionskins_total{type="tap",action="processed"} 697956 tor_relay_load_onionskins_total{type="tap",action="dropped"} 0 tor_relay_load_onionskins_total{type="fast",action="processed"} 0 tor_relay_load_onionskins_total{type="fast",action="dropped"} 0 tor_relay_load_onionskins_total{type="ntor",action="processed"} 503071860 tor_relay_load_onionskins_total{type="ntor",action="dropped"} 323369 tor_relay_load_onionskins_total{type="ntor_v3",action="processed"} 503071860 tor_relay_load_onionskins_total{type="ntor_v3",action="dropped"} 323369