Exceeding connection limit

[Roger Dingledine]

On Wed, Dec 03, 2008 at 07:40:54PM -0500, phobos at rootme.org wrote:
> In the manual page, there is:
> ConnLimit NUM
>  The minimum number of file descriptors that must be available to the
> Tor process before it will start.

Note that this is the *minimum* number. Basically the config option is
not useful in this case. (Or most other cases.)

> As for the design questions, I'll let someone else answer that as I
> can't find the details as to why right now.

Alas, right now the Tor design assumes that all relays can reach all other
relays. Since clients choose paths randomly, and there are roughly 100
times more clients than there are relays, then pretty much every link
is going to be in use.

There are some research directions for "restricted route topologies",
but they still have some hard challenges. One of the little ones is how
to grow the topology such that it maintains small-worlds properties
as new relays join and old relays disappear. One of the big ones is
communicating the topology to the clients in an efficient way, so they
can know which links they're allowed to use. Another big one is analyzing
how much anonymity we lose by making route selection more predictable --
done right we shouldn't lose much, but I'd need to work out a lot more
details before really believing it.

The more long-term solution for this is to switch to UDP transport between
relays. Done right, that basically means a few sockets would handle all
the TLS connections (well, DTLS then), and Tor would get a lot smarter
about handling the multiplexing between conversations internally. The
proposals you've seen on here from Joel Reardon and from Camilo Viecco
would move us in that direction.

--Roger