[tor-relays] We're trying out guard-n-primary-guards-to-use=2
Logforme
m7527 at abc.se
Sun Jul 10 20:28:29 UTC 2022
On 2022-07-06 21:19, Roger Dingledine wrote:
> But it was replaced with a new overload (boo), from way too many Tor
> clients running at a few cloud providers. The main result for relay
> operators is greatly increased file descriptor use, with a few IP
> addresses or /24's generating the majority of the new connections.
>
> If your relay is bumping up against its file descriptor limits,
> or otherwise suffering (e.g. more memory usage than desired), one
> reasonable option for you might be to set some iptables-level connection
> limiting. More details in this ticket:
> https://gitlab.torproject.org/tpo/core/tor/-/issues/40636#note_2818529
>
I'm running the small non-exit 8F6A78B1EA917F2BF221E87D14361C050A70CCC3.
Since mid-may the relay has been under heavy load. I had to limit my
bandwidth using "RelayBandwidthRate" in torrc to about 90% of my real BW
to be able to use internet for myself. This solved my laggy internet.
Since the 2nd of July the number of (non torrelay) tor connections to my
relay skyrocketed from about 3500 to 20000.
A week ago I implemented connection limits per Toralf's post:
iptables -A INPUT -p tcp --destination-port 443 -m connlimit
--connlimit-mask 32 --connlimit-above 30 -j DROP
This reduced the number of connections to about 10000.
I just now noticed that the relay is flagged as overloaded. What to do?
Decrease the connection limit from 32 to .. what?
Decrease my RelayBandwidthRate even more? Seems like giving in to the DoSer.
Logfile:
Jul 10 02:58:39.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted exit
policy. [8169 similar message(s) suppressed in last 14820 seconds]
Jul 10 03:32:28.000 [notice] General overload -> Ntor dropped (220414)
fraction 5.8677% is above threshold of 0.5000%
Metrics port:
tor_relay_load_onionskins_total{type="tap",action="processed"} 697956
tor_relay_load_onionskins_total{type="tap",action="dropped"} 0
tor_relay_load_onionskins_total{type="fast",action="processed"} 0
tor_relay_load_onionskins_total{type="fast",action="dropped"} 0
tor_relay_load_onionskins_total{type="ntor",action="processed"} 503071860
tor_relay_load_onionskins_total{type="ntor",action="dropped"} 323369
tor_relay_load_onionskins_total{type="ntor_v3",action="processed"} 503071860
tor_relay_load_onionskins_total{type="ntor_v3",action="dropped"} 323369
More information about the tor-relays
mailing list