[warn] Your computer is too slow. . .
Raspberries are cute but seriously underpowered for crypto-intensive applications such as Tor. You can (any/all of)
1) ignore the warnings
2) restart the relay to send-off any hidden services that might be causing the overload
3) buy a dirt-cheap used laptop or mini-tower on eBay to run the relay
4) buy a Beagle Board if you enjoy fiddling with miniature computers --much more powerful device
The configured limit is reasonable for the device.
Thank you,
I've tried:
DirPort 0 HidServDirectoryV2 0 RelayBandwidthRate 300 KB RelayBandwidthBurst 600 KB
and restarted.
Now it still has 100% CPU and about 3500-4000 inbound connections. The log is full of the same warning.
Buying some equipment is a possibility. I prefer miniature computers because of their low consumption. What would you recommend?
On 2015-10-24 16:51, starlight.2015q3@binnacle.cx wrote:
[warn] Your computer is too slow. . .
Raspberries are cute but seriously underpowered for crypto-intensive applications such as Tor. You can (any/all of)
ignore the warnings
restart the relay to send-off
any hidden services that might be causing the overload
- buy a dirt-cheap used laptop
or mini-tower on eBay to run the relay
- buy a Beagle Board if you enjoy
fiddling with miniature computers --much more powerful device
The configured limit is reasonable for the device.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sat, 24 Oct 2015 18:23:43 +0000 trshck_tor@riseup.net wrote:
Now it still has 100% CPU and about 3500-4000 inbound connections. The log is full of the same warning.
Buying some equipment is a possibility. I prefer miniature computers because of their low consumption. What would you recommend?
Currently the best deal as far as compute performance per buck goes is: http://www.cnx-software.com/2015/08/26/orange-pi-pc-allwinner-h3-board-is-no...
I suggest that you get a set with a case and PSU rather than the bare board. http://www.aliexpress.com/store/group/Orange-PI-Sets/1553371_259879807.html
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi,
I have checked on atlas and your HSDir flag is gone, so if those additional circuits where HSDir requests, they won't appear any longer.
However, keep in mind that this doesn't happen immediately. Some clients might still use the old consensus document in which your relay had HSDir flag, and only find out it's no longer a HSDir after the circuit has been established so the load on your raspberry will still exist. Give it some time and it should come back to normal in few hours.
Also, is there anything else on that raspberry which could consume cpu/ram/bandwidth?
On 10/24/2015 9:23 PM, trshck_tor@riseup.net wrote:
Thank you,
I've tried:
DirPort 0 HidServDirectoryV2 0 RelayBandwidthRate 300 KB RelayBandwidthBurst 600 KB
and restarted.
Now it still has 100% CPU and about 3500-4000 inbound connections. The log is full of the same warning.
Buying some equipment is a possibility. I prefer miniature computers because of their low consumption. What would you recommend?
Hi,
you are right: after some time, the load is back to normal. Thank you all for your help.
The raspberry has a minimum console-only installation and tor is the only service I installed, so there aren't any other processes consuming resources.
Now to the next step: looking for a better computer to host the relay :)
On 2015-10-25 02:05, s7r wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi,
I have checked on atlas and your HSDir flag is gone, so if those additional circuits where HSDir requests, they won't appear any longer.
However, keep in mind that this doesn't happen immediately. Some clients might still use the old consensus document in which your relay had HSDir flag, and only find out it's no longer a HSDir after the circuit has been established so the load on your raspberry will still exist. Give it some time and it should come back to normal in few hours.
Also, is there anything else on that raspberry which could consume cpu/ram/bandwidth?
On 10/24/2015 9:23 PM, trshck_tor@riseup.net wrote:
Thank you,
I've tried:
DirPort 0 HidServDirectoryV2 0 RelayBandwidthRate 300 KB RelayBandwidthBurst 600 KB
and restarted.
Now it still has 100% CPU and about 3500-4000 inbound connections. The log is full of the same warning.
Buying some equipment is a possibility. I prefer miniature computers because of their low consumption. What would you recommend?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBCAAGBQJWLDjYAAoJEIN/pSyBJlsRqpAIAMcMq7iX+Kz5yc22IVcyGKyN Mr25WTuScajxw4UpWJJwuXeW3JZ3z0pWiNpzD8cCU6xCPHC16gbGcAbRflgauqWW z+r42kJ3XUO4prTlOijd2fsM3eWeoVb6OxBoTR6HQfe09QMGShszc9ybWnFx99HL xDfVOzZzaZJTmYZzkUSxFuG+ViYjJS1UN9chxk3C7b/HgPjdM8OtE1gxb7CHR2R/ S8FR4BYjESct/E6zaNsiTaq35yz5aHTXqAF6vqahMMEccTGvakKeraSPWmmtR4SN wJdjerXMJqCLJppC/O6JJUyzRXdApal17RGX/RQMec7dM5YY6PNvs46WnAkNyW4= =sYM3 -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
At 18:23 10/24/2015 -0000, trshck_tor@riseup.net wrote:
Thank you,
I've tried:
DirPort 0 HidServDirectoryV2 0 RelayBandwidthRate 300 KB RelayBandwidthBurst 600 KB
and restarted.
Now it still has 100% CPU and about 3500-4000 inbound connections. The log is full of the same warning.
Keep in mind the handshake stats increase forever and include circuits that are long gone. If however you are quoting
netstat -nt | wc -l
3000+ would be insanely large for relay rated around 100. Let the list know if that's the case as it would be some kind of bug or attack. Make sure the connections are to the relay daemon and not some other process. 'lsof -Pn' is good for that.
Buying some equipment is a possibility. I prefer miniature computers because of their low consumption. What would you recommend?
I've never run one, but corresponded with an exit operator who has a Beagle Board Black on a Comcast connection.
e_fs_ BeagleBoneBlackA5B1 US 490 44 4.27 L 50.129.135.213 443 80 ....comcast.net
https://atlas.torproject.org/#details/EFE9BC81FBCE1CC52E1DCA97E760723CAD622E...
He expressed great satisfaction with it and quoted its merits vs the Pi at length. They have a newer X15 version of the board now due out next month:
https://en.wikipedia.org/wiki/BeagleBoard
Good luck with it!
# lsof -Pn | grep "^tor" | grep ESTABLISHED | wc -l 3169 # netstat -nt | wc -l 1599
On 2015-10-24 18:56, starlight.2015q3@binnacle.cx wrote:
At 18:23 10/24/2015 -0000, trshck_tor@riseup.net wrote:
Thank you,
I've tried:
DirPort 0 HidServDirectoryV2 0 RelayBandwidthRate 300 KB RelayBandwidthBurst 600 KB
and restarted.
Now it still has 100% CPU and about 3500-4000 inbound connections. The log is full of the same warning.
Keep in mind the handshake stats increase forever and include circuits that are long gone. If however you are quoting
netstat -nt | wc -l
3000+ would be insanely large for relay rated around 100. Let the list know if that's the case as it would be some kind of bug or attack. Make sure the connections are to the relay daemon and not some other process. 'lsof -Pn' is good for that.
Buying some equipment is a possibility. I prefer miniature computers because of their low consumption. What would you recommend?
I've never run one, but corresponded with an exit operator who has a Beagle Board Black on a Comcast connection.
e_fs_ BeagleBoneBlackA5B1 US 490 44 4.27 L 50.129.135.213 443 80 ....comcast.net
https://atlas.torproject.org/#details/EFE9BC81FBCE1CC52E1DCA97E760723CAD622E...
He expressed great satisfaction with it and quoted its merits vs the Pi at length. They have a newer X15 version of the board now due out next month:
https://en.wikipedia.org/wiki/BeagleBoard
Good luck with it!
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Mmmm... I think the first email hasn't been sent...
# lsof -Pn | grep "^tor" | grep ESTABLISHED | wc -l 3169 # netstat -nt | wc -l 1599
On 2015-10-24 18:56, starlight.2015q3@binnacle.cx wrote:
At 18:23 10/24/2015 -0000, trshck_tor@riseup.net wrote:
Thank you,
I've tried:
DirPort 0 HidServDirectoryV2 0 RelayBandwidthRate 300 KB RelayBandwidthBurst 600 KB
and restarted.
Now it still has 100% CPU and about 3500-4000 inbound connections. The log is full of the same warning.
Keep in mind the handshake stats increase forever and include circuits that are long gone. If however you are quoting
netstat -nt | wc -l
3000+ would be insanely large for relay rated around 100. Let the list know if that's the case as it would be some kind of bug or attack. Make sure the connections are to the relay daemon and not some other process. 'lsof -Pn' is good for that.
Buying some equipment is a possibility. I prefer miniature computers because of their low consumption. What would you recommend?
I've never run one, but corresponded with an exit operator who has a Beagle Board Black on a Comcast connection.
e_fs_ BeagleBoneBlackA5B1 US 490 44 4.27 L 50.129.135.213 443 80 ....comcast.net
https://atlas.torproject.org/#details/EFE9BC81FBCE1CC52E1DCA97E760723CAD622E...
He expressed great satisfaction with it and quoted its merits vs the Pi at length. They have a newer X15 version of the board now due out next month:
https://en.wikipedia.org/wiki/BeagleBoard
Good luck with it!
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
At 19:34 10/24/2015 -0000, trshck_tor@riseup.net wrote:
On 2015-10-24 18:56, starlight.2015q3 at binnacle.cx wrote:
3000+ would be insanely large for relay rated around 100.
# lsof -Pn | grep "^tor" | grep ESTABLISHED | wc -l 3169 # netstat -nt | wc -l 1599
1600 is probably reasonable--is 25% of the relay population.
The 'lsof' number appears doubled. Probably the kernel in use is showing each socket once for each 'tor' process thread --two threads is the usual number.
You can obtain more detail by requesting a connection list on a control channel with
nc 127.0.0.1 9151 getinfo orconn-status
Authentication may be required by the control channel. I use AUTHENTICATE with a password but I think a token mechanism is the default (don't know how that works). Gruesome details here
https://gitweb.torproject.org/torspec.git/tree/control-spec.txt
Using <<EOF one can create small scripts for making control channel requests.
Output lines beginning with $ are relays. You may find user-client connections (IP only) because some old botnet is running a pre-guard version of tor or has disabled guards. For a middle relay only the peer relay count matters.
On 2015-10-25 18:43, starlight.2015q3@binnacle.cx wrote:
You can obtain more detail by requesting a connection list on a control channel with
nc 127.0.0.1 9151 getinfo orconn-status
First I tried to use socat to connect directly to the tor control socket file, but failed to authenticate. Then, I've successfully tried this using arm's control interpreter.
Anyway, there are far less connections now.
tor-relays@lists.torproject.org
-
Green Dream -
Roman Mamedov -
s7r -
starlight.2015q3@binnacle.cx -
trshck_tor@riseup.net