[tor-relays] # of connections of a exit relay dropped down by about 90% exactly after 1 month after installation time

teor teor at riseup.net
Thu Nov 8 23:43:42 UTC 2018


Hi,

There are two likely possibilities here:

> On 9 Nov 2018, at 06:17, Toralf Förster <toralf.foerster at gmx.de> wrote:
> 
> Signed PGP part
> On 11/8/18 9:12 PM, nusenu wrote:
>>> 2018-11-06 21:00 UTC
>> are you sure this is UTC?
>> 
> ick, it was 21:00 CET (the dropdown may even started at 20:00 CET), but obvious it was an hour later

1. If your exit's DNS fails, it will reject all exit requests in its descriptor.

>> I did not look at the underlying descriptor data but onionoo data suggests that
>> an exit policy change occurred which could have caused the change in connection counts.
> 
> indeed, I added networks to the reject lists at that time, but only 2 */8 class A nets - but will check ofc.

2. If you reject enough IP addresses in your exit policy:

If your exit blocks enough /8 networks, then its exit policy summary becomes
reject all.

If the exit policy summary is too long, then it is truncated to a list of
accept ports. (That doesn't seem to have happened here.)

Separately, if your exit doesn't exit to at least one /8 on ports 80 and 443,
it loses the Exit flag:
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2531

>> I'm still surprised that you do not have more connections since
>> even non-exits have more than 1k concurrent connections unless you are talking
>> about specific connections only?
> 
> I can try to check with "ExitRelay 0" - currently I downgraded to 0.3.4.9 to check that version.

T

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20181109/eebc627b/attachment-0001.sig>


More information about the tor-relays mailing list