[tor-relays] Exiting only port 8333
Roger Dingledine
arma at mit.edu
Sun Mar 23 09:18:40 UTC 2014
On Mon, Mar 17, 2014 at 09:39:05PM +0100, Mike Hearn wrote:
> I would like to be an exit for port 8333 only. I have configured my relay
> to do this, but I am not being listed with the relay flag and do not see
> any traffic exiting my node (at least not using arm). I saw an FAQ that
> says this is because you have to exit web traffic to get marked as an exit.
> I do not wish to do this.
>
> Is there any way to exit just one port?
Your exit policy means that you would allow a stream to exit if a
client asked you for it. The trouble is that most Tor clients build
their circuits preemptively -- before they know what destination stream
they'll be asked to connect to. The Exit flag is an approximation for
"probably will be able to handle whatever stream request shows up".
So your relay will actually get used in practice for exiting, in
the case where the client doesn't have any currently open, adequately
fresh circuits that would allow exit to port 8333. In that case it will
make a new circuit, choosing from all exits whose exit policies allow
that stream. But so long as things are going smoothly, there should be
preemptive circuits around and ready, so this case should be rare.
Another reason for the Exit flag is to help clients do load balancing --
e.g., avoid putting traffic for the first and second hop on relays that
probably have other clients putting traffic on them for the third hop.
https://gitweb.torproject.org/torflow.git/blob/HEAD:/NetworkScanners/BwAuthority/README.BwAuthorities
https://gitweb.torproject.org/torflow.git/blob/HEAD:/NetworkScanners/BwAuthority/README.spec.txt
In that sense, you actually don't want the Exit flag for your relay,
because it would make clients less likely to use you for their first and
second hop, because they'd figure you're busy handling exit streams for
other people.
The challenge there is that to do this load balancing more accurately,
we have to have an accurate model for what total network load to expect
for a given exit policy, so clients can take it into account. Since
it's hard to know what that model should be in practice (see
e.g. http://freehaven.net/anonbib/#cset12-modeling for more discussion
there), and also it's especially hard to predict how it should change
over time, it seems to me that a really simple approximation is more
likely to be robust.
Hope that helps to explain the tradeoffs,
--Roger
More information about the tor-relays
mailing list