-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Richard Budd:

I'm seeing the same on all 5 of my non-exit nodes, they are spread around the US and EU. It seems that they all are running at close to max bandwith for the last several days also.

My guess is whoever is running the DDOS[1] figured out that they can most cheaply disrupt the Tor network by creating bogus circuits (and eventually causing relays to run out of RAM and/or CPU) rather than sending reams of bogus data through.

Whether that's true or not, my experiments with Raspberry Pi relays provide sort of a 'canary in the coal mine' - enough circuits and tor *will* consume all available RAM and be killed, as happened finally to me sometime in the wee hours here.

[1] I presume it's a DDOS because a) come on; b) look at the graph of clients connecting from Vietnam. ~0 to ~5000 in a week or two? Yeah right.

Best, - -Gordon M.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Richard Budd:

I've been following your Pi thread, and up until yesterday I've haven't seen any problems at all on mine. Of course it's only running 2 meg bandwidth total. So I thought that might be the difference.

Yes, I have 3Mbps outbound and I currently let the Pi burst up to about 80% of that or so, though it rarely sees that much traffic for long. It's still pretty variable, especially when I lose my Stable flag. :(

Then last night my router (Asus Asus RT-N66U running Shibby Tomato) became very sluggish. Log showed pages of "Tomato user.warn kernel: nf_conntrack: table full, dropping packet" So I increased Max Connections and Hash Table sizes by about 50% and that has seemed to relieve the router problems.

This is a common problem with Tor and Bittorrent and especially the combination of both. Just be aware, many router firmwares aren't too smart and will let you increase the size of your conntrack tables past the point where the router will run out of RAM and start killing processes, thus necessitating a reboot. This includes whatever version of Tomato I'm running.

Top shows Tor using 60 to 80% CPU. But it's not doing anything else so I'll let it run till it gives up. (it's been running for over 70 days)

Maybe you could enable the statistics keeping that krishna e bara suggested[1]? I haven't peeked at them yet to see what they look like, but they might prove valuable to figuring out the Pi's limits.

In my extremely constrained free time I am working on purchasing a small flotilla of Pis to deploy at various friends' houses and use as a testbed for my "plug-and-forget Tor relay on a Pi that doesn't mess with your video streaming, games or torrents" project[2]. So, I'll have to eventually look at those files since they'll be useful to *me*. :)

[1] https://lists.torproject.org/pipermail/tor-relays/2013-August/002590.html

[2] https://github.com/gordon-morehouse/cipollini