Running Tor on a v-server with limited number of TCP sockets
Andrew Del Vecchio
firefox-gen at walala.org
Wed Feb 21 21:18:11 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Is this a problem with the tor lookup/directory protocol? I assume the
case here is that the descriptor data assumes full socket access and
therefore does not have a data entry specifying the # of sockets that
can be used. On one level, this is an internal/localhost issue, but
there should be a way to work around this. Chances are, if this guy
has a problem, many more may as well. Might one solution be to
incorporate this information into the data that clients use to
determine how preferential a particular OR is?
It seems like it would be easy to put in some code that says, "If
Sockets<X, rating=-10 points" or whatever. This would keep such
servers usable, but put down at the bottom of the stack. After all, if
you're in the middle of Boratland with crappy state run dial-up, you
can't really take advantage of any benefits from a faster/more
reliable router anyway, right? :D
Frivolous lawsuits. Unlawful government seizures. What's YOUR defense?
Protect your assets, keep what you earn, and generate more income at the
Visit http://www.mpassetprotection.com/ today.
On 02/21/2007 01:09 PM, Mike Perry wrote:
> Thus spake Stephan Walter (stephan at walter.name):
>> On 2007-02-21 21:25, Alexander W. Janssen wrote:
>>> From a pragmatic point of view that would also mean that you wouldn't
>>> be able to log in from remote if TOR gobbles up all sockets.
>> It's not as bad as that, as the ssh daemon is listening all the time and
>> therefor already has its socket.
> Actually, it probably is as bad as that. Each time accept() is called
> on this server socket to handle a new SSH connection a new socket is
> formed.. Unless their limit has a special exemption that they coded
> themselves for accept().. But most likely its some garbage usermode
> Linux thingy with ulimit -n set on the usermode linux process.
> On the plus side, if they did code this exception for accept(), it
> should apply to Tor as well, at least for incoming connections to the
> OR port. Eventually most routers should connect to you, and Tor will
> just use those OR connections (though they may get closed if no
> circuits are on them.. not sure about how long Tor keeps idle OR
> connections open).
> However, my scanner (if it ever works :) probably will end up flagging
> your node as unreliable.. But you've got a while before that actually
> means anything.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the tor-talk