Tor load averages, openssl performance and misc related questions -amd64-freebsd

Mike L jackoroses at gmail.com
Tue Nov 24 16:40:00 UTC 2009


Greetings,

I just recently started running an exit node (newbie) on a vps and have a
few questions that I didn't seem to find googling.

I am running tor-devel-0.2.2.5.alpha with
openssh-portable-overwrite-base-5.2.p1_2,1 and privoxy 3.0.12 (plus fail2ban
python25) on freebsd 7.2 amd64 on a quad core 2.4 ghz c2d VPS

The one issue that I'm a little perplexed on and I'm not really sure what it
can be is my load averages. Nothing is running on the machine except what is
required to run Tor.
sendmail and bsnmpd does run but those processes couldn't account for the
loads..
An example is  1 user, load averages: 1.32, 0.81, 0.79
The nic on the machine is re0 and I have enabled device polling in the
kernel.
The machine is pushing anywhere from 1-2.~ MB/s
I understand the load will increase with the traffic yet these load avg's
seem pretty high for that amount of traffic.  No errors are given about
running out of open sockets and their is plenty of openfiles overhead for
the system as well.
I'm not sure if this is to be expected or if I can tune this VPS to ease the
load a little more?
My fbsd machine (7.2 amd64) here at home doesn't exhibit the same load when
I hammer the network interface but it's a different nic and isn't a VPS..
This all may be normal (load avg) but since this is the first time I am
wading in the pool I thought I'd ask if anyone can confirm this is to be
expected or if I should tune another system variable to try and lower my
loads more.
Maybe relevant or not yet;
I read one of the operators (blutmagie?) compiled openssl with icc and they
saw some performance gain but it seems icc will not install on the amd64
platform. I was curious to try that though. If there is some compiling
options on the amd64 platform I can try I would be willing.

Next; I am curious about privoxy, does anyone have it configured with their
ip
in the listen address or do they leave it as 127.0.0.1?
listen-address 127.0.0.1:8118
I would like to be able to connect to the machine directly myself, to hop
onto the tor network,
and this seems the place to do so. What vulnerabilities does one open up
though by allowing anyone to connect to that? It's chained to Tor but again
I'm not sure if that is such a good idea or not to open it. ( I originally
had it configured to my machine ip and I could indeed connect to the Tor
network but changed it back until I could hear feedback on this)

One last question is..
Is it normal for Tor nodes to get hammered with this in their web logs?
client sent invalid method while reading client request line,
"^SBitTorrentprotocol^@^@^@^@^@^P^@^EEÀEíT+A°^U^R"
I recorded over 2k of these hits in the first hour Tor was running. When I
initially ran Tor
I wasn't getting these, when I first logged into the VPS I wasn't getting
these, I can't quite give an exact time frame when these started happening
but it wasn't long after I had Tor running for about an hour and than these
started coming and haven't stopped.
I actually shut down the web server because of the loads I'm currently
experiencing and didn't want a connection every 3 seconds of this garbage.
I understand people will run torrents through Tor but this doesn't seem to
be the case, it appears that this VPS IP somehow was tied into a seed box
somewhere at some time.
Maybe it is an exploit and now that the IP is live everyone in china is
trying for a fresh piece of meat..

Here is some output, this is mostly httpd with some sshd connections thrown
in.
The bulk of these came in the first 15 minutes of the server starting and
the web server automatically running before I could shut it down.
ipfw show | grep 400 -c (400 being the rule for all of these connections)
3311
 uptime
11:14AM  up 18:38, 1 user, load averages: 0.60, 0.82, 0.82

now here are some numbers when I start the web server back up in
comparison..
 ipfw show | grep 400 -c
3482
 uptime
11:30AM  up 18:54, 1 user, load averages: 1.48, 0.97, 0.87
those 100 extra bans all came in the whole 1:30 of running the server.

That's all that I can think of for now that I have been wondering about for
the last few days.

Thanks
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20091124/8644ccf1/attachment.htm>


More information about the tor-relays mailing list