Hi folks,
I just released 0.2.4.17-rc. Hopefully there will be debs of it soon.
It comes with a new feature: - Relays now process the new "NTor" circuit-level handshake requests with higher priority than the old "TAP" circuit-level handshake requests. We still process some TAP requests to not totally starve 0.2.3 clients when NTor becomes popular. A new consensus parameter "NumNTorsPerTAP" lets us tune the balance later if we need to. Implements ticket 9574.
So the more relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be for 0.2.4 users, despite the huge circuit overload that the network is seeing.
Please consider upgrading. If you do, though, please also keep an eye on it -- it's possible we introduced some new bugs and the network will start dissolving once more relays move to the new version.
In my spare time I'm also working on a blog post to explain what's going on and what measures we're taking to keep things afloat.
Aren't distributed systems fun, --Roger
Roger Dingledine:
I just released 0.2.4.17-rc. Hopefully there will be debs of it soon.
For those in a hurry, automatically built packages are available by adding the following in your sources.list:
deb http://deb.torproject.org/torproject.org/ tor-nightly-0.2.4.x-wheezy main
You can replace wheezy by squeeze or sid for Debian; or by lucid, oneiric, precise, quantal or raring for Ubuntu.
Upgraded to the nightlies this morning. Everything running peachy keen so far.
Thanks!
On 2013-09-05, at 7:12 AM, Lunar lunar@torproject.org wrote:
Roger Dingledine:
I just released 0.2.4.17-rc. Hopefully there will be debs of it soon.
For those in a hurry, automatically built packages are available by adding the following in your sources.list:
deb http://deb.torproject.org/torproject.org/ tor-nightly-0.2.4.x-wheezy main
You can replace wheezy by squeeze or sid for Debian; or by lucid, oneiric, precise, quantal or raring for Ubuntu.
-- Lunar lunar@torproject.org _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, Sep 5, 2013 at 7:12 PM, Lunar lunar@torproject.org wrote:
For those in a hurry, automatically built packages are available by adding the following in your sources.list:
I see the following messages, which I was not seeing earlier. It eventually completes bootstrapping, 100%:
Sep 05 22:04:03.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Sep 05 22:04:06.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (DONE; DONE; count 10; recommendation warn ) Sep 05 22:04:06.000 [warn] 10 connections have failed: Sep 05 22:04:06.000 [warn] 7 connections died in state connect()ing with SSL state (No SSL object) Sep 05 22:04:06.000 [warn] 3 connections died in state handshaking (TLS) with SSL state unknown state in HANDSHAKE Sep 05 22:04:06.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection refused; CONNECTREFUSED; count 11; recommendation warn) Sep 05 22:04:06.000 [warn] 10 connections have failed: Sep 05 22:04:06.000 [warn] 7 connections died in state connect()ing with SSL state (No SSL object) Sep 05 22:04:06.000 [warn] 3 connections died in state handshaking (TLS) with SSL state unknown state in HANDSHAKE Sep 05 22:04:07.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection refused; CONNECTREFUSED; count 12; recommendation warn) Sep 05 22:04:07.000 [warn] 11 connections have failed: Sep 05 22:04:07.000 [warn] 8 connections died in state connect()ing with SSL state (No SSL object) Sep 05 22:04:07.000 [warn] 3 connections died in state handshaking (TLS) with SSL state unknown state in HANDSHAKE
Don't know if this is update specific or just because of the new users in the network:
17:00:25 [WARN] Your Guard curiosity3 ($07AE80AA2F475282E3C08F589826C8FB19E8086B) is failing a very large amount of circuits. Most likely this means the Tor network is overloaded, but it could also mean an attack against you or potentially the guard itself. Success counts are 93/248. Use counts are 91/91. 95 circuits completed, 0 were unusable, 2 collapsed, and 46 timed out. For reference, your timeout cutoff is 60 seconds.
On 09/05/2013 04:14 PM, Sanjeev Gupta wrote:
On Thu, Sep 5, 2013 at 7:12 PM, Lunar <lunar@torproject.org mailto:lunar@torproject.org> wrote:
For those in a hurry, automatically built packages are available by adding the following in your sources.list:
I see the following messages, which I was not seeing earlier. It eventually completes bootstrapping, 100%:
Sep 05 22:04:03.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Sep 05 22:04:06.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (DONE; DONE; count 10; recommendation warn ) Sep 05 22:04:06.000 [warn] 10 connections have failed: Sep 05 22:04:06.000 [warn] 7 connections died in state connect()ing with SSL state (No SSL object) Sep 05 22:04:06.000 [warn] 3 connections died in state handshaking (TLS) with SSL state unknown state in HANDSHAKE Sep 05 22:04:06.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection refused; CONNECTREFUSED; count 11; recommendation warn) Sep 05 22:04:06.000 [warn] 10 connections have failed: Sep 05 22:04:06.000 [warn] 7 connections died in state connect()ing with SSL state (No SSL object) Sep 05 22:04:06.000 [warn] 3 connections died in state handshaking (TLS) with SSL state unknown state in HANDSHAKE Sep 05 22:04:07.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection refused; CONNECTREFUSED; count 12; recommendation warn) Sep 05 22:04:07.000 [warn] 11 connections have failed: Sep 05 22:04:07.000 [warn] 8 connections died in state connect()ing with SSL state (No SSL object) Sep 05 22:04:07.000 [warn] 3 connections died in state handshaking (TLS) with SSL state unknown state in HANDSHAKE
-- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, 05 Sep 2013 17:04:15 +0200 virii virii@enn.lu wrote:
Don't know if this is update specific or just because of the new users in the network:
I had this on 0.2.4.16, so not update-specific.
On Thu, Sep 05, 2013 at 06:54:57AM -0400, Roger Dingledine wrote:
In my spare time I'm also working on a blog post to explain what's going on and what measures we're taking to keep things afloat.
https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
--Roger
On 09/05/2013 03:20 PM, Roger Dingledine wrote:
On Thu, Sep 05, 2013 at 06:54:57AM -0400, Roger Dingledine wrote:
In my spare time I'm also working on a blog post to explain what's going on and what measures we're taking to keep things afloat.
https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
--Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I updated one of our nodes to the newest version. Has this patch the nice side-effect of a better multicore handling? It's amazing that my 8 cores are now finally used.
Greetings
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Upgraded to 0.2.4.17-rc and almost immediately got the following in my syslog: debian kernel: [5000394.949751] TCP: Possible SYN flooding on port 443. Sending cookies. Check SNMP counters. No idea what it means. 443 is my or port. Tor is running fine and bandwidth usage is growing. 50mbit/s atm.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Roger Dingledine:
Hi folks,
I just released 0.2.4.17-rc. Hopefully there will be debs of it soon.
I will get binary debs for Raspbian completed this evening, and this time sign them with my public key[1] for anyone who chooses to trust me. It's quite easy, so I'll post a README about building from deb-src for those who don't wish to trust my binaries.
The instructions are already on the Tor Project web site though.
Thanks * 1000000 for your work on this.
[1] 1EEFFBA3 - also attached below for your convenience.
Best, - -Gordon M.
- -----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFIIHWwBCADSkqB1JQtrMnHAigieI4uhOFE4klu6OSr1pMVkYdI5LMkTc9kG dG/MnFrixOCR3X8tD4cFkPKPT1coxRNzHjcazhpz+ztnUXVEMt1LARVreh+Msl02 b6VaONIjJT8aJFf+9ysS1Y/esP5dwrOW9NdPD8TwE7Po17ZrEiJQ8Sb2hNOAvnLe AuG3h9A7BCe3//RRqBUv7Jc0VIjhnG0deh5e7IF+FY+1llamKZtsPRJMriGhGcmw f9vSmILVocpie41wAS60rHFeoI0zQJKjo+3SZovlJI/OW7CPrUDN3aJ+hXRVGYm6 HrTgdYKSb4obcQ1yiB+UZoP//U+tUVxPIQBHABEBAAG0REdvcmRvbiBNb3JlaG91 c2UgKGh0dHA6Ly9nb3Jkb24ubW9yZWhvdXNlLm1lLykgPGdvcmRvbkBtb3JlaG91 c2UubWU+iQE+BBMBAgAoBQJSCB1sAhsDBQkDwmcABgsJCAcDAgYVCAIJCgsEFgID AQIeAQIXgAAKCRA/46UaHu/7o5d0B/0RyKF4SCi4s6VOV6XTE4RjPUhJtka7YnOj bjcHEvS976/2oSbcemV8zxJUnLzO0TqgI8nCdddOGS+37sBt7+CXXis8XVneoSly 1r7Fx8vOPY/2dZjDb85uMLpUMBXWyHMLrG32yIud1UduC+r2MqelZq0loflTpk9d ghiYexmY5iMdEDfegAsOXPh7KzNHipeG5bjF0ohrWJUF7F3utdGBrTuitvuyO59q EDKBmfqPEonl7z+2HHPViWyaa0bw9q9Ee8Eb5CYjWLp/8KbKX6edKsIaVsuN0R+T h2J0cB3Hq/+Z61Q8DvqukRrpqyCkyz32Z39IF3kKeU/yni7fREhwuQENBFIIHWwB CADXMjO1xsvN30Dkt8qL7C7VYw8xOTgoT+tfIpjOI2daB16QGSxL3hvOj20ZbfRg 4J3m+VuxMz76/PhwhzaeRB3lmnzAXUGdFaTuUehWh+WclU9EXS2mR9zPbP2OJ4QL uCtCa0XkHHoL8NhVH/57mXnsW4vsN/DSjPTUvCwnsbHhmTIYw1zV8x+R7YUb/0mN rToHHqGREYK9THt1jby/LRVKEe0ARrKHeMyY3E5vzhRK+M6Nv2m6BYhtc1Y3kcLT iQ58K5d3feAy28QUM9CC713D7czKtz083Apst9lpBFMJQ/arhuOFzK4a2BugwFq7 ih31Af53VWPGMRYDVCraczklABEBAAGJASUEGAECAA8FAlIIHWwCGwwFCQPCZwAA CgkQP+OlGh7v+6ORCAf+Ka11bi/HCxc136cSHI9F5k0kfFZgZFUirfdB4MpTvxUb MQfkL/HJv5UQdG7qKmf4pLnvu7D/2aFmttlCgNxQf4f01fQXZ14rqw9xrXC6+bg6 mzGv+rZz+UTxTn/saIX+TtZ9GP+AXM+aDgOgk7kUCZcreGQMdzX/rkxj5fi+AsM5 mKDsq29VImL45xGAp+7W7JF9xDTAdEC68yX1YU1rwiSUCRpHn6KlfRKcAXYZAiaG KP7R0WLdrOIx3urheYNgkgiPOe6pKMwq25FAiWIa/BGZuJWhM2VoQbLaY+n4R0qe D+CF7JLDj3HHMwMUb+soYhT07Td7vRyXK2ka2Oi7vw== =xWdW - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Nice, thank you :) Let's see, how Tor reacts on this :D
Roger Dingledine arma@mit.edu schrieb:
Hi folks,
I just released 0.2.4.17-rc. Hopefully there will be debs of it soon.
It comes with a new feature:
- Relays now process the new "NTor" circuit-level handshake requests with higher priority than the old "TAP" circuit-level handshake requests. We still process some TAP requests to not totally starve 0.2.3 clients when NTor becomes popular. A new consensus parameter "NumNTorsPerTAP" lets us tune the balance later if we need to. Implements ticket 9574.
So the more relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be for 0.2.4 users, despite the huge circuit overload that the network is seeing.
Please consider upgrading. If you do, though, please also keep an eye on it -- it's possible we introduced some new bugs and the network will start dissolving once more relays move to the new version.
In my spare time I'm also working on a blog post to explain what's going on and what measures we're taking to keep things afloat.
Aren't distributed systems fun, --Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- -- We don't bubble you, we don't spoof you ;) Keep your data encrypted! Log you soon, your Admin elrippo@elrippoisland.net
Encrypted messages are welcome.
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+ B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5 Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9 jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7 uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/ axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt 7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5 KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv 5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs 9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj 1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU 3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr 9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN /VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ 6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8 6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1 wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz +v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9 8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5 GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE= =otlL - -----END PGP PUBLIC KEY BLOCK-----
On 2013-09-05, at 2:00 PM, Elrippo elrippo@elrippoisland.net wrote:
Nice, thank you :) Let's see, how Tor reacts on this :D
Just a quick note on my exit node's stats:
17:46:33 [NOTICE] Circuit handshake stats since last time: 25849/25857 TAP, 117/117 NTor. 16:46:33 [NOTICE] Circuit handshake stats since last time: 7809/7810 TAP, 65/65 NTor.
That's one heck of a climb on the TAP side. Machine's performance and resource usage are all within allowed norms (in fact running better than the 2.3.x release).
Consistently running bandwidth in the 3-4 Mb/sec range both up and down.
If anyone wants to externally monitor via whatever existing means; my node's ID is: OneTorST8 and fingerprint ID: EE9D7103D6013885BBF767D3B4F51CD0B9E59976 running version 2.4.17-rc-dev.
-- Kevin C. Krinke kevin@krinke.ca 851662D2 - 5216953E0CBA1767D6064AB2DAC1902A http://kevin.c.krinke.ca/851662D2.asc
On Sep 5, 2013, at 20:13 , Kevin C. Krinke wrote:
Machine's performance and resource usage are all within allowed norms (in fact running better than the 2.3.x release).
I concur with Kevin that this built is running smoothly:
Sep 05 21:24:37.000 [notice] Circuit handshake stats since last time: 2138926/4064871 TAP, 22/22 NTor. Sep 05 22:24:37.000 [notice] Circuit handshake stats since last time: 1688832/2282251 TAP, 605/605 NTor.
Cpu 16%, load 1.77, using 565 MB RAM. Average 5-6 MiB/s.
// Yoriz
On Sep 5, 2013, at 20:13 , Kevin C. Krinke wrote:
Just a quick note on my exit node's stats:
17:46:33 [NOTICE] Circuit handshake stats since last time: 25849/25857 TAP, 117/117 NTor. 16:46:33 [NOTICE] Circuit handshake stats since last time: 7809/7810 TAP, 65/65 NTor.
That's one heck of a climb on the TAP side. Machine's performance and resource usage are all within allowed norms (in fact running better than the 2.3.x release).
Consistently running bandwidth in the 3-4 Mb/sec range both up and down.
If anyone wants to externally monitor via whatever existing means; my node's ID is: OneTorST8 and fingerprint ID: EE9D7103D6013885BBF767D3B4F51CD0B9E59976 running version 2.4.17-rc-dev.
-- Kevin C. Krinke kevin@krinke.ca 851662D2 - 5216953E0CBA1767D6064AB2DAC1902A http://kevin.c.krinke.ca/851662D2.asc
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, Sep 05, 2013 at 06:54:57AM -0400, Roger Dingledine wrote:
So the more relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be for 0.2.4 users, despite the huge circuit overload that the network is seeing.
Please consider upgrading. If you do, though, please also keep an eye on it -- it's possible we introduced some new bugs and the network will start dissolving once more relays move to the new version.
I've upgraded noisetor to 17-rc. We were seeing memory consumption exceeding 2GB/daemon (leading to swap storms on our 4-daemon 8GB box), I'll keep an eye on it to see if we do better with 0.2.4.
After 20 minutes of uptime with 17-rc I'm not seeing the CPU pegged like it was within minutes of restart with 0.2.3.25, even though we are pushing 220 Mbps already.
According to "perf top" we're still spending a lot of time in circuit creation/teardown though:
cycle% image symbol ------ ----- ------ 19.37% tor circuit_unlink_all_from_channel 11.56% libcrypto.so.1.0.0 bn_sqr4x_mont 5.74% tor circuit_get_by_rend_token_and_purpose.constprop.11 4.95% libcrypto.so.1.0.0 sha1_block_data_order_ssse3 3.56% libcrypto.so.1.0.0 bn_mul4x_mont_gather5 3.20% libcrypto.so.1.0.0 _vpaes_encrypt_core 2.03% libcrypto.so.1.0.0 _bsaes_encrypt8_bitslice 1.32% libssl.so.1.0.0 ssl3_cbc_digest_record
-andy
On Thu, Sep 05, 2013 at 12:08:05PM -0700, Andy Isaacson wrote:
After 20 minutes of uptime with 17-rc I'm not seeing the CPU pegged like it was within minutes of restart with 0.2.3.25, even though we are pushing 220 Mbps already.
Here's stats from the last hourly:
==> /var/log/tor/notices1.log <== Sep 05 17:42:42.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 40064 circuits open. I've sent 131.09 GB and received 123.79 GB. Sep 05 17:42:42.000 [notice] Average packaged cell fullness: 98.154% Sep 05 17:42:42.000 [notice] TLS write overhead: 5% Sep 05 17:42:43.000 [notice] Circuit handshake stats since last time: 548880/568491 TAP, 3002/3004 NTor.
==> /var/log/tor/notices2.log <== Sep 05 17:42:43.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 40662 circuits open. I've sent 141.44 GB and received 133.70 GB. Sep 05 17:42:43.000 [notice] Average packaged cell fullness: 98.221% Sep 05 17:42:43.000 [notice] TLS write overhead: 5% Sep 05 17:42:43.000 [notice] Circuit handshake stats since last time: 609229/802888 TAP, 3409/3409 NTor.
==> /var/log/tor/notices3.log <== Sep 05 17:42:42.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 26160 circuits open. I've sent 128.60 GB and received 121.47 GB. Sep 05 17:42:42.000 [notice] Average packaged cell fullness: 98.151% Sep 05 17:42:42.000 [notice] TLS write overhead: 5% Sep 05 17:42:43.000 [notice] Circuit handshake stats since last time: 410112/512056 TAP, 2393/2393 NTor.
==> /var/log/tor/notices4.log <== Sep 05 17:42:42.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 33382 circuits open. I've sent 128.65 GB and received 121.24 GB. Sep 05 17:42:42.000 [notice] Average packaged cell fullness: 98.236% Sep 05 17:42:42.000 [notice] TLS write overhead: 5% Sep 05 17:42:43.000 [notice] Circuit handshake stats since last time: 534947/649379 TAP, 2535/2536 NTor.
Looks like our memory usage is on the same slope as the previous reboot with 0.2.3.
-andy
Updated torland family. Hope that the new version helps. One of the last messages before update to 0.2.4.17-rc:
Sep 05 21:06:29.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [434930 similar message(s) suppressed in last 60 seconds]
Because of this the number of exit connections dropped significantly to 300-400. Before this DDOS the exit numbers were around 7000-10000.
Regards,
Torland
On Thursday 05 September 2013 06:54:57 Roger Dingledine wrote:
Hi folks,
I just released 0.2.4.17-rc. Hopefully there will be debs of it soon.
It comes with a new feature: - Relays now process the new "NTor" circuit-level handshake
requests
with higher priority than the old "TAP" circuit-level handshake requests. We still process some TAP requests to not totally
starve
0.2.3 clients when NTor becomes popular. A new consensus
parameter
"NumNTorsPerTAP" lets us tune the balance later if we need to. Implements ticket 9574.
So the more relays that upgrade to 0.2.4.17-rc, the more stable and
fast
Tor will be for 0.2.4 users, despite the huge circuit overload that the network is seeing.
Please consider upgrading. If you do, though, please also keep an eye on it -- it's possible we introduced some new bugs and the network will start dissolving once more relays move to the new version.
In my spare time I'm also working on a blog post to explain what's
going
on and what measures we're taking to keep things afloat.
Aren't distributed systems fun, --Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thursday 05 September 2013 22:27:53 tor-admin wrote:
Updated torland family. Hope that the new version helps. One of the last messages before update to 0.2.4.17-rc:
Sep 05 21:06:29.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [434930 similar message(s) suppressed in last 60 seconds]
Because of this the number of exit connections dropped significantly to 300-400. Before this DDOS the exit numbers were around 7000-10000.
Just noticed that during bootstrap there are new warnings I never noticed before. Is this a known issue or should I file a ticket?
Sep 05 21:56:12.000 [notice] Tor 0.2.4.17-rc (git-36eb3e0da4c3a821) opening log file. Sep 05 21:56:12.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip. Sep 05 21:56:12.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6. Sep 05 21:56:12.000 [notice] Configured to measure statistics. Look for the *- stats files that will first be written to the data directory in 24 hours from now. Sep 05 21:56:12.000 [notice] Your Tor server's identity key fingerprint is 'TorLand2 332895D092C2524A3CDE8F6E1498FFE665EBFC34' Sep 05 21:56:14.000 [notice] We now have enough directory information to build circuits. Sep 05 21:56:14.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Sep 05 21:56:14.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Sep 05 21:56:14.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. Sep 05 21:56:15.000 [notice] Circuit handshake stats since last time: 599/782 TAP, 3/3 NTor. Sep 05 21:56:15.000 [warn] Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (Connection refused; CONNECTREFUSED; count 10; recommendation warn) Sep 05 21:56:15.000 [warn] 9 connections have failed: Sep 05 21:56:15.000 [warn] 9 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:16.000 [warn] Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (Connection refused; CONNECTREFUSED; count 11; recommendation warn) Sep 05 21:56:16.000 [warn] 10 connections have failed: Sep 05 21:56:16.000 [warn] 10 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:16.000 [warn] Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (Connection refused; CONNECTREFUSED; count 12; recommendation warn) Sep 05 21:56:16.000 [warn] 11 connections have failed: Sep 05 21:56:16.000 [warn] 11 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:16.000 [warn] Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (No route to host; NOROUTE; count 13; recommendation warn) Sep 05 21:56:16.000 [warn] 12 connections have failed: Sep 05 21:56:16.000 [warn] 12 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:16.000 [warn] Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (Connection refused; CONNECTREFUSED; count 14; recommendation warn) Sep 05 21:56:16.000 [warn] 13 connections have failed:
[..]
Sep 05 21:56:21.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection timed out; TIMEOUT; count 54; recommendation warn) Sep 05 21:56:21.000 [warn] 52 connections have failed: Sep 05 21:56:21.000 [warn] 51 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:21.000 [warn] 1 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN Sep 05 21:56:21.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection timed out; TIMEOUT; count 55; recommendation warn) Sep 05 21:56:21.000 [warn] 53 connections have failed: Sep 05 21:56:21.000 [warn] 52 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:21.000 [warn] 1 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN Sep 05 21:56:21.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection timed out; TIMEOUT; count 56; recommendation warn) Sep 05 21:56:21.000 [warn] 54 connections have failed: Sep 05 21:56:21.000 [warn] 53 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:21.000 [warn] 1 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN Sep 05 21:56:21.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection timed out; TIMEOUT; count 57; recommendation warn) Sep 05 21:56:21.000 [warn] 55 connections have failed: Sep 05 21:56:21.000 [warn] 54 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:21.000 [warn] 1 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN Sep 05 21:56:21.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection timed out; TIMEOUT; count 58; recommendation warn) Sep 05 21:56:21.000 [warn] 56 connections have failed: Sep 05 21:56:21.000 [warn] 55 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:21.000 [warn] 1 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN Sep 05 21:56:21.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection timed out; TIMEOUT; count 59; recommendation warn) Sep 05 21:56:21.000 [warn] 57 connections have failed: Sep 05 21:56:21.000 [warn] 56 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:21.000 [warn] 1 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN Sep 05 21:56:21.000 [warn] Problem bootstrapping. Stuck at 90%: Establishing a Tor circuit. (Connection timed out; TIMEOUT; count 60; recommendation warn) Sep 05 21:56:21.000 [warn] 58 connections have failed: Sep 05 21:56:21.000 [warn] 57 connections died in state connect()ing with SSL state (No SSL object) Sep 05 21:56:21.000 [warn] 1 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN Sep 05 21:56:21.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Sep 05 21:56:21.000 [notice] Bootstrapped 100%: Done. Sep 05 21:57:17.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Sep 05 21:58:31.000 [notice] New control connection opened. Sep 05 22:02:22.000 [notice] Performing bandwidth self-test...done.
On Thu, Sep 05, 2013 at 10:54:58PM +0200, tor-admin wrote:
Just noticed that during bootstrap there are new warnings I never noticed before. Is this a known issue or should I file a ticket?
Sep 05 21:56:15.000 [warn] Problem bootstrapping. Stuck at 85%: Finishing handshake with first hop. (Connection refused; CONNECTREFUSED; count 10; recommendation warn)
It's a known issue, but nobody's exploring it. I assume it's because of the overload on relays, including directory authorities. Things seem to work, so I'm not too worried.
--Roger
On Thu, 5 Sep 2013 06:54:57 -0400 Roger Dingledine arma@mit.edu wrote:
Hi folks,
I just released 0.2.4.17-rc. Hopefully there will be debs of it soon.
It comes with a new feature: - Relays now process the new "NTor" circuit-level handshake requests with higher priority than the old "TAP" circuit-level handshake requests. We still process some TAP requests to not totally starve 0.2.3 clients when NTor becomes popular. A new consensus parameter "NumNTorsPerTAP" lets us tune the balance later if we need to. Implements ticket 9574.
So the more relays that upgrade to 0.2.4.17-rc, the more stable and fast Tor will be for 0.2.4 users, despite the huge circuit overload that the network is seeing.
Can we have a torrc option to make a relay NTor-only?
Could help on some CPU-limited relays like the Raspberry Pi or (in my case) Intel Atom.
With some mechanism to ensure that TAP-only clients do not even see or try to use that relay (so they don't experience any broken connections).
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Roman Mamedov:
Can we have a torrc option to make a relay NTor-only?
Hi Roman,
I currently have my 0.2.4.17-rc installations set to this:
UseNTorHandshake auto
Although I can't be positive it was related, I first tried a setting of 1 on that, and had to eventually reload the relay's configs after changing this to 'auto' because it was stalling at starting up - seems a lot of the relays it 'knows' to talk to (or whatever is going on) still don't do NTor. As soon as I did so, it started right up like normal.
So, we need 0.2.4.17-rc and higher relays out there in much greater numbers first, I think.
Could help on some CPU-limited relays like the Raspberry Pi or (in my case) Intel Atom.
I think so, once it's viable :)
Best, - -Gordon M.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I just edited one of my nodes to use UseNTorHandshake 1
See how it goes *thepopcornarewaiting*
Gordon Morehouse gordon@morehouse.me schrieb:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Roman Mamedov:
Can we have a torrc option to make a relay NTor-only?
Hi Roman,
I currently have my 0.2.4.17-rc installations set to this:
UseNTorHandshake auto
Although I can't be positive it was related, I first tried a setting of 1 on that, and had to eventually reload the relay's configs after changing this to 'auto' because it was stalling at starting up - seems a lot of the relays it 'knows' to talk to (or whatever is going on) still don't do NTor. As soon as I did so, it started right up like normal.
So, we need 0.2.4.17-rc and higher relays out there in much greater numbers first, I think.
Could help on some CPU-limited relays like the Raspberry Pi or (in my case) Intel Atom.
I think so, once it's viable :)
Best,
- -Gordon M.
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJSK2YEAAoJED/jpRoe7/ujxvgIAJLuM/Jns4ndKnLojxtYsDdE lS3PaBzybjkVIIhhwCkzFOti080JwaNa6gAKqHZd7duHyoH2aJHPhhBhEUh/9TXh tADj4R0FU7PdZVmKX62L+GLDvTWVKLcRl7w+PlSSE+qC1fK9yHfoSKSNJPP0JAXf i1go+jqxU9RUm4VYE464fU/XYa0TGDw53Vgbct3Xr3INE/hMxyox8XEfxdSlUgGh IZUNQqBYbISOpq1O51ERiFmHir2G5l4htKmsfXEhwkAndXatCeWr0tFQ8moHu/0Q 88MNtCPwRbU+ixPTROinmFpr9LVUq17p/of8Wtp8EtaiJkUerjzXKmRlygXI5Yc= =Qmko -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- -- We don't bubble you, we don't spoof you ;) Keep your data encrypted! Log you soon, your Admin elrippo@elrippoisland.net
Encrypted messages are welcome.
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+ B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5 Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9 jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7 uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/ axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt 7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5 KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv 5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs 9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj 1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU 3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr 9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN /VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ 6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8 6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1 wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz +v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9 8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5 GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE= =otlL - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 07 Sep 2013 10:44:38 -0700 Gordon Morehouse gordon@morehouse.me wrote:
I currently have my 0.2.4.17-rc installations set to this:
UseNTorHandshake auto
Although I can't be positive it was related, I first tried a setting of 1 on that, and had to eventually reload the relay's configs after changing this to 'auto' because it was stalling at starting up - seems a lot of the relays it 'knows' to talk to (or whatever is going on) still don't do NTor. As soon as I did so, it started right up like normal.
Hello,
I do not think setting this to 1 changes anything at the moment. According to man page this is used to override the directory authorities' "suggestion" on whether or not to use NTor. In the current situation when they already say "yes please do", setting 1 does not change anything, NTor would have been enabled anyway, no matter if it's "1" or "auto". In either case, this does not disable handling of TAP, nor make the router invisible in the node list for older clients.
- -- With respect, Roman
Don't know if it's of interest but here's my log for the first 24 hours with 0.2.4.17-rc:
Sep 05 17:23:59.000 [notice] Circuit handshake stats since last time: 435758/1722581 TAP, 1503/1503 NTor. Sep 05 18:23:59.000 [notice] Circuit handshake stats since last time: 167983/1616396 TAP, 1427/1427 NTor. Sep 05 19:23:59.000 [notice] Circuit handshake stats since last time: 155229/1908153 TAP, 1460/1460 NTor. Sep 05 20:23:59.000 [notice] Circuit handshake stats since last time: 149878/1098074 TAP, 892/893 NTor. Sep 05 21:23:59.000 [notice] Circuit handshake stats since last time: 52844/53765 TAP, 163/163 NTor. Sep 05 22:23:58.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with 41076 circuits open. I've sent 174.17 GB and received 173.63 GB. Sep 05 22:23:58.000 [notice] Average packaged cell fullness: 99.124% Sep 05 22:23:58.000 [notice] TLS write overhead: 8% Sep 05 22:23:59.000 [notice] Circuit handshake stats since last time: 160430/610010 TAP, 636/636 NTor. Sep 05 23:23:59.000 [notice] Circuit handshake stats since last time: 176536/1080440 TAP, 893/893 NTor. Sep 06 00:23:59.000 [notice] Circuit handshake stats since last time: 227181/471650 TAP, 497/497 NTor. Sep 06 01:23:59.000 [notice] Circuit handshake stats since last time: 13170/13170 TAP, 96/96 NTor. Sep 06 02:23:59.000 [notice] Circuit handshake stats since last time: 8569/8569 TAP, 54/54 NTor. Sep 06 03:23:59.000 [notice] Circuit handshake stats since last time: 9512/9512 TAP, 28/28 NTor. Sep 06 04:23:58.000 [notice] Heartbeat: Tor's uptime is 12:00 hours, with 29242 circuits open. I've sent 366.41 GB and received 367.47 GB. Sep 06 04:23:58.000 [notice] Average packaged cell fullness: 99.172% Sep 06 04:23:58.000 [notice] TLS write overhead: 7% Sep 06 04:23:59.000 [notice] Circuit handshake stats since last time: 18198/18198 TAP, 36/36 NTor. Sep 06 05:23:59.000 [notice] Circuit handshake stats since last time: 242477/242488 TAP, 211/211 NTor. Sep 06 06:23:59.000 [notice] Circuit handshake stats since last time: 500718/515154 TAP, 414/414 NTor. Sep 06 07:23:59.000 [notice] Circuit handshake stats since last time: 531879/710244 TAP, 493/493 NTor. Sep 06 08:23:59.000 [notice] Circuit handshake stats since last time: 383965/671463 TAP, 493/493 NTor. Sep 06 08:40:51.000 [notice] We stalled too much while trying to write 26 bytes to address [scrubbed]. If this happens a lot, either something is wrong with your network connection, or something is wrong with theirs. (fd 4456, type Control, state 1, marked at ../src/or/control.c:3199). Sep 06 09:23:59.000 [notice] Circuit handshake stats since last time: 265395/1064314 TAP, 795/795 NTor. Sep 06 10:23:58.000 [notice] Heartbeat: Tor's uptime is 18:00 hours, with 36700 circuits open. I've sent 583.44 GB and received 581.96 GB. Sep 06 10:23:58.000 [notice] Average packaged cell fullness: 99.056% Sep 06 10:23:58.000 [notice] TLS write overhead: 7% Sep 06 10:23:59.000 [notice] Circuit handshake stats since last time: 168102/1572079 TAP, 1122/1122 NTor. Sep 06 11:23:59.000 [notice] Circuit handshake stats since last time: 178546/1670183 TAP, 1164/1164 NTor. Sep 06 12:23:59.000 [notice] Circuit handshake stats since last time: 196819/1920708 TAP, 1075/1075 NTor. Sep 06 13:23:59.000 [notice] Circuit handshake stats since last time: 167932/2339171 TAP, 1231/1232 NTor. Sep 06 14:23:59.000 [notice] Circuit handshake stats since last time: 163987/2175009 TAP, 1317/1317 NTor. Sep 06 15:23:59.000 [notice] Circuit handshake stats since last time: 150523/2308715 TAP, 1378/1378 NTor. Sep 06 16:23:54.000 [notice] Circuit handshake stats since last time: 154256/2283175 TAP, 1316/1316 NTor. Sep 06 16:23:58.000 [notice] Heartbeat: Tor's uptime is 1 day 0:00 hours, with 39815 circuits open. I've sent 795.24 GB and received 787.22 GB. Sep 06 16:23:58.000 [notice] Average packaged cell fullness: 99.051% Sep 06 16:23:58.000 [notice] TLS write overhead: 7%
Hi.
On Thu, Sep 05, 2013 at 06:54:57AM -0400, Roger Dingledine wrote:
Please consider upgrading. If you do, though, please also keep an eye on it -- it's possible we introduced some new bugs and the network will start dissolving once more relays move to the new version.
I upgraded and started experiencing segfaults: https://trac.torproject.org/projects/tor/ticket/9602
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Roger Dingledine:
Hi folks,
I just released 0.2.4.17-rc. Hopefully there will be debs of it soon.
[snip]
Please consider upgrading. If you do, though, please also keep an eye on it -- it's possible we introduced some new bugs and the network will start dissolving once more relays move to the new version.
Couple days now - Raspberry Pi (armhf/ARMv6) version showing minimal to no signs of strain, botnet or no. Also, number of NTor handshakes often in single digits, TAP handshakes in the mid four figures.
Best, - -Gordon M.
tor-relays@lists.torproject.org