Tor load averages, openssl performance and misc related questions -amd64-freebsd

Mike L jackoroses at gmail.com
Tue Nov 24 20:35:50 UTC 2009


On Tue, Nov 24, 2009 at 2:39 PM, Scott Bennett <bennett at cs.niu.edu> wrote:

>     On Tue, 24 Nov 2009 11:40:00 -0500 Mike L <jackoroses at gmail.com>
> wrote:
> >I just recently started running an exit node (newbie) on a vps and have a
> >few questions that I didn't seem to find googling.
> >
> >I am running tor-devel-0.2.2.5.alpha with
> >openssh-portable-overwrite-base-5.2.p1_2,1 and privoxy 3.0.12 (plus
> fail2ba=
>
>     Is openssh-portable-overwrite-base-5.2.p1_2,1 relevant in some way
> here?
> tor now uses openssl-0.9.8l, but I don't know of any reason for it to use
> any
> version of openssh.
>
> It isn't, I usually use ssh2 myself and never used openssh/ssl before.
I assumed the port I listed also overwrote the base install of openssl which
was why
I included it. I see now that it actually doesn't so shame on me for
assuming.
Reason I assumed was when doing a ssh -v the output is
OpenSSH_5.2p1 FreeBSD-openssh-portable-overwrite-base-5.2.p1_2,1, OpenSSL
0.9.8e 23 Feb 2007 which made me believe that ssl was part of the package..



> >n
> >python25) on freebsd 7.2 amd64 on a quad core 2.4 ghz c2d VPS
> >
> >The one issue that I'm a little perplexed on and I'm not really sure what
> i=
> >t
> >can be is my load averages. Nothing is running on the machine except what
> i=
> >s
> >required to run Tor.
> >sendmail and bsnmpd does run but those processes couldn't account for the
> >loads..
> >An example is  1 user, load averages: 1.32, 0.81, 0.79
> >The nic on the machine is re0 and I have enabled device polling in the
> >kernel.
> >The machine is pushing anywhere from 1-2.~ MB/s
> >I understand the load will increase with the traffic yet these load avg's
> >seem pretty high for that amount of traffic.  No errors are given about
> >running out of open sockets and their is plenty of openfiles overhead for
> >the system as well.
> >I'm not sure if this is to be expected or if I can tune this VPS to ease
> th=
> >e
> >load a little more?
> >My fbsd machine (7.2 amd64) here at home doesn't exhibit the same load
> when
> >I hammer the network interface but it's a different nic and isn't a VPS..
> >This all may be normal (load avg) but since this is the first time I am
> >wading in the pool I thought I'd ask if anyone can confirm this is to be
> >expected or if I should tune another system variable to try and lower my
> >loads more.
>
>     I'm not sure either, but it may well be normal.  My guess is that you
> see fairly low CPU utilization at the same time, right?  Remember that load
> averages are just the average numbers of processes in the run queue at the
> instants sampled during the last minute, five minutes, and fifteen minutes.
> They have little direct relation to CPU usage.
>
> >Maybe relevant or not yet;
> >I read one of the operators (blutmagie?) compiled openssl with icc and
> they
> >saw some performance gain but it seems icc will not install on the amd64
> >platform. I was curious to try that though. If there is some compiling
> >options on the amd64 platform I can try I would be willing.
>
>     Interesting.  You paid for it, downloaded it into /usr/ports/distfiles,
> and then the installation via portmaster/portinstall failed?  If so, then
> try posting to freebsd-ports@ or to the port maintainer for that port.
>  (You
> do need to buy a license from Intel before you can install it.)
>

I wasn't asking for help on the port, I was inquiring if their was any other
compiling/compiler
options I can try to enhance performance.
Besides Intel allows running the compiler for 30 days to evaluate it.
No I didn't buy it, yes I would try it out just for a learning experience. I
should of been more clear as well so I wouldn't get a presumptuous attitude.



> >
> >Next; I am curious about privoxy, does anyone have it configured with
> their
> >ip
> >in the listen address or do they leave it as 127.0.0.1?
> >listen-address 127.0.0.1:8118
> >I would like to be able to connect to the machine directly myself, to hop
> >onto the tor network,
> >and this seems the place to do so. What vulnerabilities does one open up
> >though by allowing anyone to connect to that? It's chained to Tor but
> again
> >I'm not sure if that is such a good idea or not to open it. ( I originally
> >had it configured to my machine ip and I could indeed connect to the Tor
> >network but changed it back until I could hear feedback on this)
>
>     I haven't done that, but it seems to me that if you use a private
> network
> address with no NAT/RDR rules for it in your gateway, then it shouldn't be
> a
> problem.  If you're really worried, of course, then you could add another
> ipfw rule to block access from outside.
> >
> >One last question is..
> >Is it normal for Tor nodes to get hammered with this in their web logs?
> >client sent invalid method while reading client request line,
> >"^SBitTorrentprotocol^@^@^@^@^@^P^@^EE=C0E=EDT+A=B0^U^R"
> >I recorded over 2k of these hits in the first hour Tor was running. When I
> >initially ran Tor
> >I wasn't getting these, when I first logged into the VPS I wasn't getting
> >these, I can't quite give an exact time frame when these started happening
> >but it wasn't long after I had Tor running for about an hour and than
> these
> >started coming and haven't stopped.
>
>     What was your choice of ORPort?  Was it a port number commonly used by
> BitTorrent clients?  Are the requests all coming from one IP address that
> you could easily block?
>
> orport is the default port 9001, no the requests are not all from one IP.
That would be far too easy and I wouldn't bother the list for something as
mundane
as that.


> >I actually shut down the web server because of the loads I'm currently
> >experiencing and didn't want a connection every 3 seconds of this garbage.
> >I understand people will run torrents through Tor but this doesn't seem to
> >be the case, it appears that this VPS IP somehow was tied into a seed box
> >somewhere at some time.
> >Maybe it is an exploit and now that the IP is live everyone in china is
> >trying for a fresh piece of meat..
>
>     I keep net.inet.tcp.blackhole=2 in /etc/sysctl.conf to discourage
> port scanners and other miscreants. :-)  More recently, I've added a
> generic
> block rule with logging to my pf rules, and I've started keeping a window
> open with a running display of the output in order to get a clearer picture
> of where such stuff comes from.  As it happens, well over half of the
> blocked
> connections do come from China, but the rest are from locations scattered
> around the rest of the world.  Most of the attempts come from repeat
> offenders.
> Because the SYN packets are blocked, the rest get dropped automatically
> without
> logging.
>

I do as well, the setting helps but it doesn't stop the attempted connects
unfortunately.
Guess both these vps IP's just happen to have history behind them..



> >
> >Here is some output, this is mostly httpd with some sshd connections
> thrown
> >in.
> >The bulk of these came in the first 15 minutes of the server starting and
> >the web server automatically running before I could shut it down.
> >ipfw show | grep 400 -c (400 being the rule for all of these connections)
> >3311
> > uptime
> >11:14AM  up 18:38, 1 user, load averages: 0.60, 0.82, 0.82
> >
> >now here are some numbers when I start the web server back up in
> >comparison..
> > ipfw show | grep 400 -c
> >3482
> > uptime
> >11:30AM  up 18:54, 1 user, load averages: 1.48, 0.97, 0.87
> >those 100 extra bans all came in the whole 1:30 of running the server.
> >
> >That's all that I can think of for now that I have been wondering about
> for
> >the last few days.
> >
>     Sorry I can't address more than I have above.  Best of luck with it.
>
>
>                                  Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at cs.niu.edu                              *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20091124/ad317174/attachment.htm>


More information about the tor-relays mailing list