With a bit of help from list archieves I found https://github.com/Enkidu-6/tor-ddos which does prevent the "drops"

I remain curious why it seemed to be dropping before hitting cpu or memory limits. Though clearly there's no point in burning CPU on DDoS processing, so I don't feel a great urgency about this.

-Jon

On Fri, Oct 07, 2022 at 10:42:29AM -0400, Jonathan D. Proulx wrote: :HI All, : :I was checkign up on my (middle) relay stats: : :https://metrics.torproject.org/rs.html#details/9715C81BA8C5B0C698882035F75C6... : :and saw an "overload" banner, after some learning I see lots of :onionskins being dropped in the metrics: : :tor_relay_load_onionskins_total{type="tap",action="processed"} 890 :tor_relay_load_onionskins_total{type="tap",action="dropped"} 0 :tor_relay_load_onionskins_total{type="fast",action="processed"} 0 :tor_relay_load_onionskins_total{type="fast",action="dropped"} 0 :tor_relay_load_onionskins_total{type="ntor",action="processed"} 3096501 :tor_relay_load_onionskins_total{type="ntor",action="dropped"} 2827649 :tor_relay_load_onionskins_total{type="ntor_v3",action="processed"} 3096501 :tor_relay_load_onionskins_total{type="ntor_v3",action="dropped"} 2827649 : :processed and dropped are growing pretty rapidly so maybe this is a :know and ongoing attack, but I don't see why I would be dropping. : :The system has 8 corse and 8G RAM neither of which seems stressed. :Less than 2G or RAM is in use and systrrem load (top under linux) :reports ~70% idle (I guess if they're coming in really tight bursts it :could average to that and still be droppong peaks). : :Anyone know what this is or have hints as to where to look? : :Thanks, :-Jon :