logs archiveIRC Archive / Oftc / #tor / 2010 / July / 7 / 1
Sebastian_
A guess might be that you are trying to do a query that Tor doesn't support
Tor doesn't have a full dns implementation
clamaty
firewall is not blocking anything... logs show access granted to dnsport but nothing happens after that
i'm using lynx... does that help?
oh yeah, using just udp dns too
any idea what i can do to work around possible conflicts between the dns client and server?
(not even aware if it's possible)
that doesn't quite jive with my experience on another computer with iceweasel... works fine there
seems to be a difference in operating systems, in how they conform to the dns standard, i suppose
so basically, there's nothing i can do to fix this particular problem with dns?
arma
clamaty: what dns query are you trying to do?
clamaty
just trying 'lynx www.yahoo.com' to test that i can connect to the outside world through tor
other applications are having the same problem though... can't get their dns requests fulfilled
arma
does tor-resolve www.yahoo.com work?
clamaty
no, it's going through socks and i'm trying to do things transparently... socks support seems trickier on openbsd so i'm trying to do things transparently
do you mean to imply that socks support is necessary even when not sending data to the socksport?
arma
i know that's not what you're trying to do, but something is wrong, and nobody knows what, so getting more data is good.
clamaty
i'd be happy to supply some more data about what's going on locally... will paste it
here's my story: http://pastebin.com/ikk2wJXv
anything unclear?
arma
you're going to have to find an openbsd person, it looks like
various people tweak those howtos periodically. none of the people who write them or use them are tor developers, i'm afraid.
         

clamaty
ok arma, thanks for the thoughts
Goldstein
" Ethr.net is a Tor-friendly ISP that already has a 20Mbit Tor Exit Node hosted there"
i dont see a 20Mb/s server in the network map
or are speeds measured in mega*bytes* in the network map?
I *hate* having to covert for that
convert
clamaty
apparently tor sucks on openbsd or openbsd sucks for running tor, haven't figured out which
openbsd guys are silent on the matter
Goldstein
if you wanna use bsd, why not freebsd?
Sebastian
Goldstein: let's not get into religion here
clamaty: we have had some experiences with openbsd madness
clamaty: None of the core devs really use it
Goldstein
i wasnt, i was just thinking that fbsd would be the most likely to work of the bsd's
and, btw are the speeds shown in the network map bytes or bits?
Sebastian
clamaty: if we find someone who is good at debugging, Tor and openbsd would very likely become better friends.
clamaty
good points... i'm not trying freebsd b/c i would prefer to use an OS with a better reputation for security
dandon
has sourceforge prohibited to download from their mirrors?
Goldstein
no
dandon
http://sourceforge.net/projects/sabnzbdplus/files/sabnzbdplus/sabnzbd-0.5.3/SABnzbd-0.5.3-win32-bin.zip/download
Goldstein
if it's bytes, then i'd like to thank whoever has the money to run several near 100megabit severs
clamaty
how about telling my resolv.conf to only query in tcp and not udp? seems like a good idea, then i could, in theory, just forget about the dnsport stuff and say 'all outgoing tcp goes here'
will try it sometime
Goldstein
more than that even
200
no 100
dandon
Goldstein: the no from above was that directed to my question?
Goldstein
yeah but I didnt test your link, so I could be full of it
dandon
:D
it just keeps refreshing
Goldstein
How can blutmagie2 and blutmagie4 run on the same IP?
phobos
different ports
Goldstein
they are probably running 100Mb/s unmetered right?
         

phobos
olaf runs his own isp or something
so no idea
"sure
"
Goldstein
phobos: According to this: torservers.net, "Our 100TB 1Gbit/s high bandwidth node is online:
but the stats say 10MB/s
phobos
yup
Goldstein
isnt that ~100Mbit
phobos
it's 80Mbps
Goldstein
i.e. not 1Gbps
I cant believe that it's running that much below capacity
phobos
i believe they run 4 nodes on that same 1 Gbps link
tor also limits total bandwidth so no one node can see more than 15% (maybe?) of total traffic for the network
Goldstein
i see. yeah, it's 3
so buying more than 100TB/month would be a waste
phobos
you can only run 2 tor relays per IP address
Goldstein
Though if another large one was running, would that allow existing ones to better utilize their maximum throughput?
phobos
it's a fine test to run a bunch of high bw relays and see if tor network performance improves
Goldstein
So if you ran 100Mbps unmetered with just one node, couldnt you expect to get over 10MB/s or do you think you'd be bumping up against the percent of total bandwidth?
BarkerJr
if anyone wants to test that, I can upgrade my relay's bandwidth on short term
Goldstein
BarkerJr: yeah, I've got some stuff to download so let her rip!
;-P
BarkerJr
uh
Goldstein
what constitutes one "node"? the owner? if it's server, then I can capture more than 15% by running several large servers
i suppose that owner linkage is largely by the honor system anyway
some family setting
phobos
run may top bw servers in disparate IP space
more disparate than /16
Goldstein
huh?
you assume same /16 space = same family?
phobos
tor enforces no 1 circuit can use the same relays in a /16
Goldstein
alright, but what if I buy 6 unmetered 100Mbps from different providers
isnt that gonna capture more bandwidth than all the blutmagies even?
phobos
yes, that was my point
if you want to capture lots of traffic, that's how you can make paranoids need hugs
Goldstein
and when you buy hosting from a hosting provider to what extent do they just rent colocation space from the tier1's. If all the traffic gets mixed within the confines of the 6 tier1's it would seem to me that cenralized monitoring would be made a lot easier
phobos
AS-level attacks are a fine area of research
Goldstein
I guess what I'm getting at is, if someone like warren buffet wanted to get the most bang for his buck wrt say a $2000/month investment in servers, what would he best do to help the network?
It seems to me like he'd only want a couple tier1 colacated boxes, and then a few boxes deliberately *not* colocated in facilites they control
4 maybe
Trystero
since the start of this month my node bandwidth averages 30gb/day from 60gb/day.
Anthony
my node is using about 80gb/day
its always about 1mb/s
wanoskarnet
1653 bug describes the CELL_QUEUE_HIGHWATER_SIZE limit, it is 256 not 500.
it is so easly exploitable bug, nice find.
stream-level works too.
Goldstein
How much bandwidth can a tor node offer before it wont get utilized?
mikeperry
Goldstein: it depends on the node type
things are also in the process of changing
Goldstein
guard relay
mikeperry
unclear. we've done a poor job with handling guards so far
lots of bugs
they're not being utilized properly
hopefully we can fix that RSN though
Goldstein
any guess?
mikeperry
ioerror is the best person to ask
he runs a very fast guard node. I think he actually maxes out his CPU with it
which I think should mean somewhere around 100Mbit
depending on CPU
it appears that Tor can do about 100Mbit per CPU core on modern multicore boxes
I'm going to write a blog post about specing out high speed tor nodes in the next week or two, too
Goldstein
so minimum 100Mb/s
mikeperry
tor doesn't do so well with more than one core. its best just to run multiple nodes if you have > 100Mbit uplink
1 instance per core
each instance takes up about 400MB of RAM on an x64 box
Goldstein
there's a limit to how much traffic a family can handle
that's probably the limit then
mikeperry
there is? how so?
Goldstein
phobos>tor also limits total bandwidth so no one node can see more than 15% (maybe?) of total traffic for the network
mikeperry
its 5%
but its per node
not per family
Goldstein
what sense would allowing a declared family to handle all entry traffic for example?
mikeperry
right now, we don't actually do anyting against that. it's a hard thing to actually enforce if the adversary is dedicated
Goldstein
i c
mikeperry
the idea is that tor's security comes from the fact that a local adversary can only compromise (c/n)^2 of the traffic of the network with (c/n) of the bandwidth
and therefore, our primary interest is in having as many different parties as possible running nodes
Goldstein
yeah so you cant have one person run a ton of nodes
mikeperry
well we can. what I argue is that this just means we need to have more people step up and also run tons of nodes :)
rather than wasting effort on arbitrary and ineffective enforcement of limits
the 5% limit is just a safety valve to prevent the bw authorities from destroying the network, not a security measure
EugeneKay
Hi. Trying to setup a Tor relay with Exit, but I'm not seeing any traffic being used, nothing telling in the log files. Here's my torrc and the contents of /var/log/tor/tor.log: http://pastebin.com/w9ZpaY8i
I also don't seem to be listed in the network statuses(yes, I've waited.... I set this up last night, checking it again this morning, nada)
Goldstein
itHow long have you waited for it to work?
EugeneKay
10 hours
Goldstein
yep that's bad
EugeneKay
iftop shows no connections to/from the IP
(You'd think it would be easier to waste bandwidth than this)
Goldstein
:)
mikeperry
EugeneKay: what is your node name/ip?
EugeneKay
PMed it to you
mikeperry
ok
I see you in the votes, but not the consensus
EugeneKay
I've also checked.... Apache is not configured to listen on the IP in question
mikeperry
only two of the authorities think you are running
EugeneKay
Ok. Well, I am. :-p
Patience?
Goldstein
maybe, but it should be done by now
EugeneKay
Anything expressly "wrong" with my config?
mikeperry
EugeneKay: I can't telnet to your orport
are you sure its reachable from everywhere?
I get connection refused
otacon22
Hi all
How can i specify the exit node from the address of a website?
i remember that was possibile to add the fingerprint to the address to decide the exit node to use for that site
Sebastian
otacon22: you can say www.google.com.torrelay.exit if you set the AllowDotExit configuration option. That is disabled by default for security reasons, though.
otacon22
I see
Goldstein
or torproject.org.torrelay.exit if you wanted to go to a webpage that doesnt suck
EugeneK
FWIW, I'm still fiddling with getting my relay online. I rm'ed DataDirectory/keys so it would regenerate my keys, and changed my nickname in torrc. Restarted tor with the new, proper port configuration(:80 and :443, instead of 9030 and 9001)... gonna see what happens in an hour.
Sebastian
EugeneK: can you give the IP?
I could test reachability from a few places.
EugeneK
In PM, sure. I'm leery of logbots :-p
Sebastian
sure
I promise to leak it
erm
;)
EugeneK
Ha!
setori
there's no logbot for #tor
Goldstein
I assume there is
EugeneK
That is known.
;-)
For example, I have ZNC set to save logs for my personal grep-through use to find links from "Way Back When"
otacon22
With the AllowDotExit option in torrc it fails
EugeneK
No way to know what anybody else does with them.
Sebastian
EugeneK: reachable from three different continents for me. Wait and see, I'd say.
EugeneK
I'm thinking so. The problem I found earlier was that I had initially started it with the default ports and those were being remembered, when in fact I had changed them, and was no longer listening there.
Sebastian
otacon22: Maybe your Tor version is too old to have that option. If that is the case, then you can just use the .exit notation without a torrc change.
Goldstein
he's 0.2.1.25 iirc
otacon22
i have 0.2.1.26
EugeneK
I'm just trying to waste excess my bandwidth allowance, honestly!
Sebastian
otacon22: might be that we only changed it in the alphas. Just try .exit without the config option.
atagar
arm has a new release (1.3.6) filled with all sorts of tasty fixes, performance improvements, and features. Testers wanted!
currently it's just in the svn repos (I'll make the tarball after work)
changes: http://www.atagar.com/arm/log.php
arma
atagar: you're not a big fan of 80-column, are you :)
Sebastian
indeed, he never understood that was the only relevant gripe I've always had with arm
(Action) goes away to watch soccer
atagar
arma, Sebastian: Hey! I keep all docs down to 80-columns just for you guys :)
*grumble* they're never happy
nickm
If 80-columns were good enough for IBM punch cards in 1928, they're good enough for me. ;)
EugeneK
I use 120 columns and 40 rows, but I'm a twunt.
arma
the changelog isn't 80-column
that's what made me comment
atagar
ahhhhh
picky, picky
arma
i prefer the term 'pedantic'
« prev 1 2 next »