[tor-relays] cases where relay overload can be a false positive

s7r s7r at sky-ip.org
Sat Jan 1 19:12:38 UTC 2022


Hello,

One of my relays (guard, not exit) started to report being overloaded 
since once week ago for the first time in its life.

The consensus weight and advertised bandwidth are proper as per what 
they should be, considering the relay's configuration. More than this, 
they have not changed for years. So, I started to look at it more closely.

Apparently the overload is triggered at 5-6 days by flooding it with 
circuit creation requests. All I can see in tor.log is:

[warn] Your computer is too slow to handle this many circuit creation 
requests! Please consider using the MaxAdvertisedBandwidth config option 
or choosing a more restricted exit policy. [68382 similar message(s) 
suppressed in last 482700 seconds]

[warn] Your computer is too slow to handle this many circuit creation 
requests! Please consider using the MaxAdvertisedBandwidth config option 
or choosing a more restricted exit policy. [7882 similar message(s) 
suppressed in last 60 seconds]

This message is logged like 4-5 or 6 time as 1 minute (60 sec) 
difference between each warn entry.

After that, the relay is back to normal. So it feels like it is being 
probed or something like this. CPU usage is at 65%, RAM is at under 45%, 
SSD no problem, bandwidth no problem.

Metrics port says:

tor_relay_load_tcp_exhaustion_total 0

tor_relay_load_onionskins_total{type="tap",action="processed"} 52073
tor_relay_load_onionskins_total{type="tap",action="dropped"} 0
tor_relay_load_onionskins_total{type="fast",action="processed"} 0
tor_relay_load_onionskins_total{type="fast",action="dropped"} 0
tor_relay_load_onionskins_total{type="ntor",action="processed"} 8069522
tor_relay_load_onionskins_total{type="ntor",action="dropped"} 273275

So if we account the dropped ntor circuits with the processed ntor 
circuits we end up with a reasonable % (it's  >8 million vs <300k).

So the question here is: does the computed consensus weight of a relay 
change if that relay keeps sending reports to directory authorities that 
it is being overloaded? If yes, could this be triggered by an attacker, 
in order to arbitrary decrease a relay's consensus weight even when it's 
not really overloaded (to maybe increase the consensus weights of other 
malicious relays that we don't know about)?

Also, as a side note, I think that if the dropped/processed ratio is not 
over 15% or 20% a relay should not consider itself overloaded. Would 
this be a good idea?

Sending to tor-relays@ for now, if some of you think of this in any way 
we can open a thread about it on tor-dev@ - please let me know if I 
should do this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220101/3162e4f5/attachment.sig>


More information about the tor-relays mailing list