[tor-relays] 100K circuit request per minute for hours killed my relay

Felix zwiebel at quantentunnel.de
Sat Jul 22 10:45:52 UTC 2017


Hi everybody

I observed two circuit bursts around July 19th. On a poor server Tor 
crashed, on a strong it didn't. The logs below are from the crashed one.

I'm on FreeBSD. To my mind the circuit burst exhausts the nmbclusters 
(not memory, Inact tells). Strong servers have more. How long is more 
enough ? On FreeBSD nmbclusters is a boot tunable.

The strong server took 140k circuits for several hours.

Is it worth thinking about a Tor setting like MaxCircuitsPerTime ?
MaxAdvertisedBandwidth won't help directly.


1) Normal operation

kern.openfiles: 5516
Mem: 36M Active, 1288M Inact, 455M Wired, 1452K Cache, 425M Buf, 191M Free
Swap: 3072M Total, 3072M Free
USERNAME   PRI NICE   SIZE    RES STATE    TIME     CPU COMMAND
_tor        87    0   309M   283M RUN    125.7H  50.00% tor{tor}
_tor        22    0   309M   283M uwait  167:32   3.96% tor{tor}


2) Last minute before crash:

kern.openfiles: 5467
Mem: 296M Active, 935M Inact, 692M Wired, 21M Cache, 425M Buf, 27M Free
Swap: 3072M Total, 1592K Used, 3070M Free
USERNAME   PRI NICE   SIZE    RES STATE    TIME     CPU COMMAND
_tor        85    0   465M   438M RUN    126.8H  43.99% tor{tor}
_tor        33    0   465M   438M uwait  186:39  15.97% tor{tor}


3) Crashed:

kern.openfiles: 5455
Mem: 295M Active, 936M Inact, 699M Wired, 21M Cache, 425M Buf, 21M Free
Swap: 3072M Total, 1592K Used, 3070M Free
kernel: [zone: mbuf_cluster] kern.ipc.nmbclusters limit reached



sysctl kern.ipc.nmbclusters
126138



Heartbeat: Tor's uptime is 15 days 16:00 hours, with 1611 circuits 
Heartbeat: Tor's uptime is 15 days 17:00 hours, with 40471 circuits 
Heartbeat: Tor's uptime is 15 days 18:00 hours, with 88052 circuits 
Heartbeat: Tor's uptime is 15 days 19:00 hours, with 78444 circuits 
[warn] Your computer is too slow to handle this many circuit creation 
requests! Please consider using the MaxAdvertisedBandwidth config option 
or choosing a more restricted exit policy.

-- 
Cheers, Felix



More information about the tor-relays mailing list