On Sun, Mar 30, 2014 at 11:21:02AM +1100, Zenaan Harkness wrote:
The Debian install script evidently gives tor 30 seconds to disconnect, since it did stop tor after 30 seconds.
This is actually Tor's behavior. From the man page:
ShutdownWaitLength NUM When we get a SIGINT and we're a server, we begin shutting down: we close listeners and start refusing new circuits. After NUM seconds, we exit. If we get a second SIGINT, we exit immediately. (Default: 30 seconds)
But you're right that the Debian init script has a bound on the time it will let Tor sit around before it gives up and declares that it has failed to do what you asked. See: WAITFORDAEMON=60 in /etc/init.d/tor
HOWEVER: killing tor in 30 seconds seems to me a little harsh on all those anonymous connections that were previously going through my exit relay. Can those clients (if they need) pick up their connections after about 3 minutes? It appeared that all connections were completely gone when I finally got tor restarted
As soon as your relay goes away the circuits will be cut, and the streams that clients had on those circuits will be cut too. Whether those clients will automatically reconnect those streams on new circuits depends on the application.
Is there are a gentler way such as "don't take new connections, notify clients we are going down for an upgrade" but allow continuation for say up to 10 or 30 minutes?
You could set ShutdownWaitLength to something much larger. You'd want to either do a controlled shutdown of Tor on your own, or modify the init script so it knows you raised the value of ShutdownWaitLength.
There is of course MaxAdvertisedBandwidth - so ought this option be set to say zero for say 10 or 20 minutes, before stopping/upgrading the server (either manually by admin, me, or assuming admin config allows this)?
No, a change to the advertised bandwidth of your relay will take hours to propagate to clients.
Would that be better or could that be worse eg for privacy, correlation attacks etc?
Should I forward this question (or rather, create a thread) "optimal tor relay upgrade protocol" on tor-talk?
This list is the better choice.
--Roger