[tor-dev] Do Tor relays rely on ICMP type 11 (time exceeded / timeout in transit)?

Hi,

On my relays I am dropping any traffic that Tor itself does not rely on. I wonder if I should allow or block incoming and/outgoing ICMP type 11 (time exceeded / timeout in transit)?

My host does receive some ICMP type 11 packets, and does seem to send some out, but I am not sure if Tor is the source or destination. Do Tor relays use some 'traceroute'-like mechanism to detect unreachable relays?

"netstat -s: ... ICMP input histogram: ... timeout in transit: 1923 ... ICMP output histogram: ... timeout in transit: 1277 " I remember seeing outgoing TCP packets with TTL set to 1 - those were the ones triggering incoming ICMP type 11 packets.

Thanks, - Igor