On one of my relays I have 389 inbound, 38 outbound connections and 15 circuits
What's the connection between these 3 numbers and why such asymmetry in inbound and outbound?
Rana:
On one of my relays I have 389 inbound, 38 outbound connections and 15 circuits
What's the connection between these 3 numbers and why such asymmetry in inbound and outbound?
I don't think that there is something meaningful hidden here. This is because TCP+TLS connections are bidirectional and it doesn't matter who started them (sent SYN). As circuits are multiplexed over TLS, it doesn't always reveal bijective dependency between number of circuits and number of TLS connections. Except that there are constraints:
o there is ~1 circuit (not client ones) per TLS connection if a relay joined the network recently o one has ~7100 [number of relays] TLS connections if their relay is up for quite some time o TLS connection is not going to terminate if no circuits left on it*
[*] I may be wrong about it. It holds true from my experience. -- Ivan Markin
On 17 Dec. 2016, at 06:19, Ivan Markin twim@riseup.net wrote:
o TLS connection is not going to terminate if no circuits left on it*
[*] I may be wrong about it. It holds true from my experience.
It takes about a week for a TLS connection to close if there is traffic on it, or a few minutes if there is no traffic:
Relays close circuits with no streams and no traffic on then after a minute in circuit_expire_old_circuits_serverside.
Old TLS connections in tor are marked not to be used for new circuits after 7 days in connection_or_group_set_badness_.
Most client circuits last a maximum of 10 minutes (longer if they are being used, or for hidden service introduction point circuits, which last up to 24 hours) in circuit_expire_old_circs_as_needed.
(As an aside, TLS certificates are rotated every 2 hours in rotate_x509_certificate_callback.)
T
teor:
It takes about a week for a TLS connection to close if there is traffic on it, or a few minutes if there is no traffic:
...
Old TLS connections in tor are marked not to be used for new circuits after 7 days in connection_or_group_set_badness_.
Thanks for the clarification! Though I can't see how do these two intersect. What is a path for TLS to close in "a few minutes if there is no traffic"? If there is no traffic (no circuits) on top of a TLS connection it still can be used in next 7 days, right?
-- Ivan Markin
On 19 Dec. 2016, at 17:03, Ivan Markin twim@riseup.net wrote:
teor:
It takes about a week for a TLS connection to close if there is traffic on it, or a few minutes if there is no traffic:
...
Old TLS connections in tor are marked not to be used for new circuits after 7 days in connection_or_group_set_badness_.
Thanks for the clarification! Though I can't see how do these two intersect. What is a path for TLS to close in "a few minutes if there is no traffic"? If there is no traffic (no circuits) on top of a TLS connection it still can be used in next 7 days, right?
I'm pretty sure tor will close the connection, then reopen it when it is needed by another circuit.
T
tor-relays@lists.torproject.org
-
Ivan Markin -
Rana -
teor