magic Wednesday

Sat Oct 13 22:56:57 UTC 2007

On Thu, Jul 12, 2007 at 08:22:45PM +0200, Olaf Selke wrote:
> I'm looking for an explanation of a strange phenomena showing my OR's
> traffic stats since weeks. Every night at about midnight local time,
> which is GMT+2, the bandwidth utilization is dropping down to about 30%
> peak value. This happens every day of the week besides the night from
> Wednesday to Thursday. This special night the bandwidth utilization
> doesn't vary. Attached you'll find the traffic and cpu load stats for
> the last week as well as for the last four weeks. I don't think it's
> related to the provider's IP network, peerings or upstreams. It really
> looks like a behavior of TOR itself.
> 
> Are there any explanations around? Maybe some conspiracy theories? ;-)

Is blutmagie running weasel's Tor deb, by any chance?

I believe I have fixed this in
http://archives.seul.org/or/cvs/Oct-2007/msg00191.html

Here's the answer:

Your Tor server publishes a new server descriptor whenever something
important changes, or whenever 18 hours have passed since you last
published one.

Authorities stop listing servers if the last descriptor they have is more
than 20 hours old. To protect against crazy broken servers that publish
a new descriptor every minute, the authorities compare new descriptors
to old ones, and if nothing important has changed and it's been less
than 12 hours, they drop the new one -- no point forcing clients to
fetch extra descriptors if they wouldn't learn anything new.

So what's happening is that on the first morning at 6am, your Tor server
is getting a hup signal, which causes it to publish a new descriptor
and reset its "18 hour" counter -- meaning it won't publish again until
6+18=midnight. So now it's in a cycle where it tries to publish twice
a day: once at midnight, and once at 6am.

But the authorities discard the next 6am descriptor, because nothing
important has changed. And the midnight descriptor expires around 8pm,
meaning there's a 4-hour gap before you publish again.

The fix will be in 0.2.0.9-alpha, and might get backported to 0.1.2.18
if we decide we should. The next steps will be to fix it even more
thoroughly: the current thought is that authorities should distinguish
between "I accepted that" and "I accepted that but then discarded it"
in their response code when servers try to publish, and servers should
consider 18 hours from the last successful publish, not 18 hours from
the last attempt.

(Oh, and the magic Wednesday? Your Tor server generates a new onion
key every 7 days -- the new onion key produced a descriptor that the
authorities accepted, so there was no gap on that day.)

Thanks!
--Roger