In a relay's logs:
Oct 20 10:31:47 XXXXX Tor[YYYY]: We're low on memory. Killing circuits with over-long queues. (This behavior is controlled by MaxMemInQueues.) Oct 20 10:32:11 XXXXX Tor[YYYY]: Removed 1565259696 bytes by killing 1 circuits; 40008 circuits remain alive. Also killed 0 non-linked directory connections.
Tor removed ~ 1565 MB by killing 1 circuit? Seems like that can't be right?
Earlier in the log I see "Based on detected system memory, MaxMemInQueues is set to 1500 MB." So either it's dumping the entire queue here, or the output is misleading. Or perhaps I don't understand how it works.
It doesn't seem to be impactful; I'm just curious what's going on.
What version of Tor is the relay running and what is the total available memory available to the relay?
On Oct 20, 2017, at 4:27 PM, tor tor@anondroid.com wrote:
In a relay's logs:
Oct 20 10:31:47 XXXXX Tor[YYYY]: We're low on memory. Killing circuits with over-long queues. (This behavior is controlled by MaxMemInQueues.) Oct 20 10:32:11 XXXXX Tor[YYYY]: Removed 1565259696 bytes by killing 1 circuits; 40008 circuits remain alive. Also killed 0 non-linked directory connections.
Tor removed ~ 1565 MB by killing 1 circuit? Seems like that can't be right?
Earlier in the log I see "Based on detected system memory, MaxMemInQueues is set to 1500 MB." So either it's dumping the entire queue here, or the output is misleading. Or perhaps I don't understand how it works.
It doesn't seem to be impactful; I'm just curious what's going on.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
The relay is running Tor version 0.3.1.7 on Linux. There's 2 GB of available RAM.
File a bug report and post your tor log into the bug report here https://trac.torproject.org/projects/tor https://trac.torproject.org/projects/tor
On Oct 20, 2017, at 8:19 PM, tor tor@anondroid.com wrote:
The relay is running Tor version 0.3.1.7 on Linux. There's 2 GB of available RAM.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Fri, Oct 20, 2017 at 07:27:22PM -0400, tor wrote:
In a relay's logs:
Oct 20 10:31:47 XXXXX Tor[YYYY]: We're low on memory. Killing circuits with over-long queues. (This behavior is controlled by MaxMemInQueues.) Oct 20 10:32:11 XXXXX Tor[YYYY]: Removed 1565259696 bytes by killing 1 circuits; 40008 circuits remain alive. Also killed 0 non-linked directory connections.
Tor removed ~ 1565 MB by killing 1 circuit? Seems like that can't be right?
Intriguing!
I would believe that it could be right.
This situation can happen if something (a client or relay or website or etc) requests a whole lot of bytes, and then stops reading on that socket.
The earlier version of that attack, where in the original version it could take down the relay rather than give you this strange log message, is written about here: https://www.freehaven.net/anonbib/#sniper14 and Rob kindly wrote a more readable explanation here: https://blog.torproject.org/new-tor-denial-service-attacks-and-defenses
Rob and I have an in-progress draft proposal for "authenticated sendme cells" which would make it harder to queue up so many bytes -- but it would only make the attack more complicated, which is not the same as impossible, so I haven't managed to get excited about deploying it.
--Roger
tor-relays@lists.torproject.org
-
Jacki M -
Roger Dingledine -
tor