On 3/19/14, Zenaan Harkness zen@freedbms.net wrote:
On 3/19/14, Moritz Bartl moritz@torservers.net wrote:
You should add the torproject repository, and then just let it upgrade whenever there is a new version. There's no need to reboot or wait, having the upgrade process restart the service is fine. Your relay will not lose its flags during short downtimes like that.
Thank you, I did that.
The Debian install script evidently gives tor 30 seconds to disconnect, since it did stop tor after 30 seconds.
Then it went through the normal upgrade process, I kept my existing config file and voi la - tor was no longer running! This bit does not seem quite optimal - surely tor ought to have been auto restarted.
Anyway a quick service tor restart started it again and yes, flags intact.
HOWEVER: killing tor in 30 seconds seems to me a little harsh on all those anonymous connections that were previously going through my exit relay. Can those clients (if they need) pick up their connections after about 3 minutes? It appeared that all connections were completely gone when I finally got tor restarted, which makes sense but:
Is there are a gentler way such as "don't take new connections, notify clients we are going down for an upgrade" but allow continuation for say up to 10 or 30 minutes?
There is of course MaxAdvertisedBandwidth - so ought this option be set to say zero for say 10 or 20 minutes, before stopping/upgrading the server (either manually by admin, me, or assuming admin config allows this)?
Would that be better or could that be worse eg for privacy, correlation attacks etc?
Should I forward this question (or rather, create a thread) "optimal tor relay upgrade protocol" on tor-talk?
TIA Zenaan