logs archiveIRC Archive / Oftc / #tor / 2010 / June / 3 / 1
helmut
hi. is there a way to close forwarded connections apart from restarting tor?
(like via control port)
nze
Sebastian_: i had to modify the script a bit, but works very nicely, thanks!
Sebastian_
nze: feel free to send patches
nze
Sebastian_: on line 59 basically "mkdir keys" is missing and instead of line 48 [...] -f torrc.tmp \... it's rather [...] -f $path/torrc.tmp
Sebastian_: well, for now i guess i'll go sleep, maths exam tomorrow..
Sebastian_
mkdir keys should be irrelevant because Tor makes that directory
ah, good luck
helmut
is there any sane way to restrict tor bandwidth by daytime?
Sebastian_
and line 48 should work, too, I think, because you're in the right dir already
let me know where that doesn't work
helmut: make two different torrcs, and then write a cronjob to swap them and send a HUP signal to Tor
helmut
Sebastian_: that doesn't work, because I cannot limit below 50kbps using the config, which I have to.
Sebastian_: and closing the orport will not drop the active connections.
Sebastian_
you can limit down to 20 kbps
erm, kBps
         

nze
Sebastian_: thanks. tor won't create the keys directory for me.. and it insists on an absolute path for torrc (because it is run as deamon as it seems)
helmut
I'd have to go below 10kbps.
nze
tor --version
Jun 02 23:52:32.442 [notice] Tor v0.2.1.26. This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686)
Tor version 0.2.1.26.
on debian
anyways, see you around..
Sebastian_
nze: hm. ok. Maybe I didn't push the latest version that works for me :)
nze: I'll get that sorted out. Please provide the log messages about the keys directory, because Tor should really create that dir.
helmut
Sebastian_: I know that my bandwidth requirements are crazy. on the other hand my node moved 90gb this night.
Sebastian_
helmut: if you can't provide at least 20kBps, turn relaying off for part of the night.
or day
helmut
I do, but the active connections still consume bandwidth
Sebastian_
so you are saying you put orport 0 or remove the orport config option and Tor is still relaying?
helmut
I set orport to 0
Sebastian_
wow
please file a bug
helmut
well this is partly intended.
Sebastian_
no
helmut
I want to stop accepting connections a bit earlier than limiting bandwidth, so I disrupt less connections.
Sebastian_
if relaying is disabled, relaying should stop.
this sounds like accounting, except done on a time schedule, not bw schedule. We don't support that currently.
helmut
as my node will never be stable an hour should get most connections of, which happens.
however some connections stay like 8 hours after closing the orport.
Sebastian_
hm.
helmut
and I get bitten by those since our traffic accounting changed.
Sebastian_
this is most certainly a bug.
helmut
so how would I correctly stop accepting new connections without kicking existing? and how would I later kick those connections?
Sebastian_
hm. Good questions that I have no answers for. I believe that's not possible with the current Tor implementation.
         

helmut
first is by setting orport=0
second isn't
Sebastian_
right, and orport=0 should be the second.
helmut
that would be stupid.
because it takes time to ramp down the bandwith anyway.
nodes /will/ try to connect even after I close orport.
Sebastian_
I know that
but I don't see what you're trying to say.
helmut
I have to go down from like 4MB/s to 5KB/s
I was going to say that closing active connections do not lower bandwidth instantly.
instead it disrupts users.
Sebastian_
yes
but this is exactly what should be happening in this case
helmut
so there should be a delay between not accepting new connections and droping existing connections.
please do not "fix" this orport bug without proving a method to get the old behaviour.
nsa
or: [Tor Bug Tracker & Wiki] #1521 filed by Sebastian: #1521: Changing OrPort to 0 doesn't terminate relaying instantly - http://trac.torproject.org/projects/tor/ticket/1521
or: helmut on #tor reports that when a node's configuration is updated,
or: existing connections aren't closed instantly even though relaying should
or: be disabled.
or: Is this intentional? Is there a way to immediately close the connections[...]
Sebastian_
Please feel free to add your opinion there
helmut
thanks
btw. can you tell how much traffic running a directory causes? it would be important to know what fraction of that is incoming.
BarkerJr
maybe 3-5 mbit
helmut
incoming?
Sebastian_
helmut: dir requests are typically quite small
as a good first approximation, you can take the difference beetween incoming and outgoing traffic to be the dir traffic you sent out.
helmut
well yeah, but if they are more than 5kb/s...
hmmm. in any case thanks for answering all those questions. my workaround will probably be a daily /etc/init.d/tor restart
Sebastian_
yeah
since you'll have to stop being a relay anyways that shouldn't be a big deal.
helmut
my current schedule is like:
set high bandwidth limitations and open orport at 00:00, close orport at 08:30, limit bandwidth at 10:00, restart tor at 17:00 (orport closed)
hoping not to disrupt too many connections while at the same time providing a bit bandwidth. :-)
Sebastian_
and we're quite happy you're doing that
helmut
:-)
Sebastian_
If you want to prevent this bug from getting "fixed" as you say, please do add a comment there.
helmut
some nights I managed to get to the top20 bandwidth-wise
(Action) wonders whether the hibernating code could be adapted to daytime bandwidth limiting
Sebastian_
it might be. Generally, I'm against adding code that's useful for 1 user though
We have way too many little-used features already
and 5kB/s really isn't a useful bw contribution as a relay, unfortunately
Since you are never stable anyways, killing streams in progress is still not nice, but not so bad
I'd consider that the better alternative here
BarkerJr
the general rule is that if you can't run it 24/7, you shouldn't run a directory mirror
helmut
BarkerJr: only incoming traffic is accounted for me, so I was thinking about running a dir mirror, because I expect it to produce little incoming traffic (and I basically do not care about outgoing).
Sebastian_: well I think that daytime limiting is used by quite some users. there is even a wiki page on how to change bwlimits by daytime using cron.
Sebastian_: only I have too strict bandwidth requirements, so I have to stop relaying.
Sebastian_
BarkerJr: I see no reason why that should be true.
helmut: right, but if you have to stop relaying, no harm in restarting the Tor client, right?
helmut
Sebastian_: harm in running my own connections (I could run two instances of course)
Sebastian_
right
helmut
I think externally triggering hibernate_begin(HIBERNATE_STATE_LOWBANDWIDTH, time(NULL)), hibernate_go_dormant(time(NULL)) and hibernate_end(time(NULL)) would almost do what I want.
Sebastian_: do you think that a patch exposing those functions to control port could be accepted?
Sebastian_
potentially yes
in fact, probably yes.
helmut
maybe there could be "AccountingMode \(Bandwidth\|Manual\)" (Where bandwidth is what happens now.)
and "SIGNAL \(HIBERNATE_LOWBANDWIDTH\|HIBERNATE_DORMAND\|HIBERNATE_END\)"
BarkerJr
Sebastian_: then file a bug on why accounting and dirport are incompatible
Sebastian_
BarkerJr: hm?
they're only incompatible because only people with limited traffic are supposed to use accounting, and their traffic is better used actually anonymizing data.
BarkerJr
making assumptions about usage
Sebastian_
sure, accounting was implemented making this assumption.
Maybe other people try to bend accounting to what their usage requires, but that's not what it was made for.
BarkerJr
accounting is for anyone why has a monthly limit on their server
as opposed to a flat bitrate limit
Chase808
quick question... when i start using Tor in firefox, I am no longer allowed to click on any links. is this normal? is there a setting im overlooking? thanks
Goldstein
not normal, no
Chase808
what could i be doing wrong?
im running snowleopard on a mbp
Goldstein
are you using torbutton?
Chase808
yes
as soon as i click it and it says "tor enabled" im no longer allowed to click on links
nothing happens as if theyre disabled
Goldstein
well, you could try using tor without torbutton to see if it' a torbutton issue
which I suspect it is
Chase808
i checked the faq again and it states that this is to keep javascripts from sending info
every link can be command clicked and opened in a new tabe
sorry for the stupid question
Goldstein
it's cool
Chase808
but on a more serious note... how do i configure Tor to work with Transmission?
Goldstein
what is that
Chase808
torrent manager
Goldstein
we discourage using tor with file sharing
Chase808
oh...
lo siento
Goldstein
unofficially, if you're looking to do legal file sharing, you might consider i2p
but bear in mind that it hasnt been as rigorously tested for anonymity as tor has
Chase808
thank you sir
Goldstein
Chase808: http://www.i2p2.de
IIRC
Chase808
also, does Tor run automtically on startup?
not tor to be specific... but polip or something similarly named...
Goldstein
are you using vidalia?
Chase808
polipo
yes
Goldstein
I believe that is OS dependent.
Chase808
running macosx
rj
I have a Linode 360 account (360MB RAM, 200GB monthly bandwidth) and I'd like to set up a Tor relay. Preliminary Internet investigations suggest that I really ought to have 700MB+ of memory but that isn't going to happen. My questions are: (1) Should I even bother? (2) If so, is there a standard "table of config settings" that I can consult so I don't have to waste a lot of time experimenting?
arma
rj: hey. you don't need anywhere near 700MB ram for most relays
rj: as for experimenting, just edit the torrc that comes with your tor package. what distribution does a 'linode 360' use?
Runa
arma: you get to choose from a range of different linux distributions
jn_
rj: 360MB RAM is plenty for 200GB/month. You can push more than 200GB/day with that amount of RAM.
Goldstein
hello?
Runa
hi
Goldstein
when using tor, does one use the same circuit for every application at 10 minute intervals or just same circuit per application at 10 minute intervals?
Sebastian_
neither
Tor will use the circuit that is currently the best one per new connection
arma
when you start using a circuit, the 10 minute timer for that circuit starts. when the timer finishes, you never use that circuit for new requests.
Goldstein
Sebastian_: I'm confused by that
m3ga
rj: you should ask your question re memory usage on the or-talk mailing list.
i'm in a similar position to you, a linode 360 with spare network capacity, but only 360M of ram.
Sebastian_
this is my node: 2893 debian-t 20 0 141m 110m 16m S 6 5.5 1614:39 tor
I'm currently limiting it to 200KBytes/s
your nodes would most likely be limited to something substantially lower, which also means lower memory usage.
rj: ^^
Goldstein: well, erm, help me dispell the confusion?
Goldstein
I'll ask again later
Sebastian_
asking the same question again won't really help you, I'm afraid ;)
Goldstein
I'll be more specific later
Sebastian_
ok then
m3ga
Sebastian_: am i reading this right? you're using 110meg when limited to 200KBytes/sec?
Sebastian_
m3ga: yes
m3ga
thanks
Sebastian_
m3ga: please note that I use the latest alpha version. Other versions will probably use more ram.
m3ga
i'll probably set up a relay in the coming week or two.
any idea how far debian unstable is behind the latest alpha?
Sebastian_
I think it has it.
But we also have our own apt repository, if you want to use that. It is maintained by the same guy who pushes to debian, so the packages are exactly the same.
m3ga
wow, thats pretty rocking. i did notice that the debian package seemed to be in good order.
Sebastian_
yeah, our debian maintainer is part of the debian sysadmin team afaik, so pretty heavily involved :)
Goldstein
who's he?
m3ga
Peter Palfrader apparently :-)
Sebastian_
looks like http://packages.debian.org/lenny/tor lists a name ;)
What's a good name for a config option that prevents Tor from logging a warning when it receives just an IP address instead of a hostname?
Goldstein
hnnag
gimmie some xamples of other config options
Sebastian_
http://www.torproject.org/tor-manual.html.en
Goldstein
HostnameNag
or HostnameWarn
Sebastian_
I wondered about "NoHostnameWarn"
Goldstein
sounds good to me
nsa
or: [Tor Bug Tracker & Wiki] #1236 was updated: #1236: Tor doesn't warn if it gets an IP address as fqdn - http://trac.torproject.org/projects/tor/ticket/1236#comment:2
or: Changes (by Sebastian):
or: * status: new => closed
or: * resolution: None => invalid
or: [...]
or: [ernie/master] 2010-06-01 19:42:11 Karsten Loesing <karsten.loesing@gmx.net>: The submitted is also the final version of the WECSR paper.
or: [ernie/master] 2010-06-01 13:47:14 Karsten Loesing <karsten.loesing@gmx.net>: Add links to June 2010 tarballs.
or: sebastian committed revision 22466 (/projects/todo): new branch, woo
or: [Tor Bug Tracker & Wiki] #1520 was updated: #1520: segmentation fault on 0.2.2.13-alpha - http://trac.torproject.org/projects/tor/ticket/1520#comment:2
or: Comment(by nickm):
or: Well that's downright bizarre. "dlts1_accept()" is only supposed to get
or: called for the DTLS protocol, which Tor doesn't even use (it's a datagram[...]
deeyes
Hi. If I visit a https website, is it still possible for the person who runs exit node to "read" what website (I mean the name/address of the website) I am visiting?
« prev 1 2 next »