ressource problem on linux?
Hi, I'm using Tor 0.2.1.22 on Debian Lenny. I played a little bit with Tor (so there are 10 instances of tor client running simultaneous). I can see very often the following in log: We tried for 15 seconds to connect to '111.222.333.444' using exit 'SoDesuKa'. Retrying on a new circuit. This very often occurs on SoDesuKa and sometimes on some other nodes to. There is also Have tried resolving or connecting to address '111.222.333.444' at 3 different places. Giving up. When enabling debug log, I can see Feb 11 08:23:51.768 [debug] connection_ap_handshake_rewrite_and_attach(): Client asked for 111.222.333.444:80 Feb 11 08:23:51.768 [debug] connection_ap_handshake_attach_circuit(): Attaching apconn to circ 3699 (stream 0 sec old). Feb 11 08:23:51.768 [info] exit circ (length 3): $B8E356A56EC7300CA87BE4FD0D8096EA6E9113E1(open) lanroamer(open) CityTor(open) Feb 11 08:23:51.768 [debug] link_apconn_to_circ(): attaching new conn to circ. n_circ_id 3699. Feb 11 08:23:51.768 [debug] connection_ap_handshake_send_begin(): Sending relay cell to begin stream 35585. Feb 11 08:23:51.768 [debug] relay_send_command_from_edge(): delivering 1 cell forward. Feb 11 08:23:51.768 [debug] relay_send_command_from_edge(): Sending a RELAY_EARLY cell; 4 remaining. Feb 11 08:23:51.768 [debug] circuit_package_relay_cell(): crypting a layer of the relay cell. Feb 11 08:23:51.768 [debug] circuit_package_relay_cell(): crypting a layer of the relay cell. Feb 11 08:23:51.768 [debug] circuit_package_relay_cell(): crypting a layer of the relay cell. Feb 11 08:23:51.768 [debug] append_cell_to_circuit_queue(): Made a circuit active. Feb 11 08:23:51.768 [debug] append_cell_to_circuit_queue(): Primed a buffer. Feb 11 08:23:51.768 [debug] connection_or_flush_from_first_active_circuit(): Made a circuit inactive. Feb 11 08:23:51.768 [info] connection_ap_handshake_send_begin(): Address/port sent, ap socket 13, n_circ_id 3699 Feb 11 08:23:51.768 [info] connection_edge_process_inbuf(): data from edge while in 'waiting for connect response' state. Leaving it on buffer. Feb 11 08:23:51.768 [debug] conn_write_callback(): socket 4 wants to write. Feb 11 08:23:51.768 [debug] flush_chunk_tls(): flushed 512 bytes, 0 ready to flush, 0 remain. Feb 11 08:23:51.768 [debug] connection_handle_write(): After TLS write of 512: 0 read, 586 written Feb 11 08:23:52.100 [debug] global_write_bucket now 10485760. Feb 11 08:23:53.032 [debug] conn_read_callback(): socket 4 wants to read. Feb 11 08:23:53.033 [debug] connection_read_to_buf(): 4: starting, inbuf_datalen 0 (0 pending in tls object). at_most 16384. Feb 11 08:23:53.033 [debug] connection_read_to_buf(): After TLS read of 512: 586 read, 0 written Feb 11 08:23:53.033 [debug] connection_or_process_cells_from_inbuf(): 4: starting, inbuf_datalen 512 (0 pending in tls object). Feb 11 08:23:53.033 [debug] relay_lookup_conn(): found conn for stream 35585. Feb 11 08:23:53.033 [debug] circuit_receive_relay_cell(): Sending to origin. Feb 11 08:23:53.033 [debug] connection_edge_process_relay_cell(): Now seen 9 relay cells here. Feb 11 08:23:53.033 [info] connection_ap_process_end_not_open(): Address '111.222.333.444' refused due to 'server out of resources'. Considering retrying. [...] Feb 11 08:24:56.496 [info] connection_ap_process_end_not_open(): Address '111.222.333.444' refused due to 'misc error'. Considering retrying. Feb 11 08:24:56.496 [info] client_dns_incr_failures(): Address 111.222.333.444 now has 1 resolve failures. This occurs only when running 10 instances, with 5 tor instances all seems fine. So it seems to be a problem with file descriptors or tcp ports? Can anyone help? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Announce: amnesia Live system 0.4.2
thus Hannah Schroeter spake: Hi! Hi, Just checked a bit. On Wed, Feb 10, 2010 at 11:13:05AM +0100, intrigeri wrote: Hannah Schroeter wrote (09 Feb 2010 21:26:07 GMT) : 404 Not found for both the RSS and the Atom. oops, sorry, the correct links are: - RSS: https://amnesia.boum.org/torrents/rss/index.rss - Atom: https://amnesia.boum.org/torrents/rss/index.atom They're right now. Btw, if you want people to do something (keep seeds running), perhaps make it less work for them. I.e. push principle instead of pull principle (having to actively poll a feed on and off, no, I'm not one of the RSS/... junkies anyway). Well, this would be great, but I don't know any way of pushing new .torrent files to seeds we don't manage ourselves; we need to research this, as solutions probably exist already. Any idea? I don't see a *completely* automatic solution, and I didn't mean it either. I meant things like announcing them by mail (and ensuring that one doesn't need *too* frequent updates, +1. I could provide a bunch of well-connected machines seeding, but updates on new releases would be best by email. I like it old school. ;) as that would pose additional workload on seed operators, as well as additional download load to them, too). One also has to follow quite many links from the start page (or the download page) to finally actually *get* to the torrents. Perhaps optimize the link depth? Ack, we will try to fix this. Okay. wget also complains about a certificate mismatch $ wget https://amnesia.boum.org/torrents/files/amnesia-i386-gnome-0.4.2-20100207.torrent --22:25:04-- https://amnesia.boum.org/torrents/files/amnesia-i386-gnome-0.4.2-20100207.torrent = `amnesia-i386-gnome-0.4.2-20100207.torrent' Resolving amnesia.boum.org... 204.13.164.189 Connecting to amnesia.boum.org|204.13.164.189|:443... connected. ERROR: certificate common name `boum.org' doesn't match requested host name `amnesia.boum.org'. To connect to amnesia.boum.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection. Agreed, this is truly annoying. The certificate is actually valid: it has the *.boum.org wildcard listed in Subject Alternative Name. Many clients, such as wget, don't understand such valid, though uncommon, certificates. I'll ask the webhost sysadmins to get a new certificate with amnesia.boum.org explicitly listed as a SubjAltName. Okay. Staying tuned a bit. Kind regards, Hannah. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor in China
From: Jon torance...@gmail.com To: or-talk@freehaven.net Sent: Wed, February 10, 2010 2:10:16 AM Subject: Re: Tor in China Am not sure if they are still blocking, but I presume there are some blocks still on, as the bridge usage is very high for users from there. Are you talking about who uses a bridge you operate? I hope there is not a way for people to know who uses bridges in general. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor in China
On Thu, Feb 11, 2010 at 2:08 PM, Curious Kid letsshareinformat...@yahoo.com wrote: From: Jon torance...@gmail.com To: or-talk@freehaven.net Sent: Wed, February 10, 2010 2:10:16 AM Subject: Re: Tor in China Am not sure if they are still blocking, but I presume there are some blocks still on, as the bridge usage is very high for users from there. Are you talking about who uses a bridge you operate? I hope there is not a way for people to know who uses bridges in general. There is an estimate of the number of Chinese Tor users via bridges: http://metrics.torproject.org/graphs.html#bridgeusers -- Runa Sandvik *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TOR Blocked at Universities
On Thu, Feb 11, 2010 at 11:15 AM, Peter Farver farv...@auburn.edu wrote: TOR is now blocked campus-wide at Auburn University (for all 24,000 students) because of apparent attacks emanating from the TOR network. can you elaborate on that? are these apparent attacks coming _from_ the Tor exits or are Tor clients being used to circumvent network policy, etc? Whenever trying to run TOR, TOR cannot get past the 10% mark. do bridges work or is this identifying Tor client signature to filter? best regards, *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
RetroShare v 0.5 is out (encrypted messenger)
http://downloads.sourceforge.net/project/retroshare/RetroShare/0.5.0%20alpha%201/RetroShare_0.5.0_alpha_1_2282_setup.exe?use_mirror=ovh http://retroshare.sourceforge.net/downloads.html http://downloads.sourceforge.net/project/retroshare/RetroShare/0.5.0%20alpha%201/RetroShare_0.5-alpha1.2282_ubuntu_amd64.deb?use_mirror=garr http://retroshare.svn.sourceforge.net/viewvc/retroshare/trunk.tar.gz?view=tarpathrev=2282 in the feature patch section is a http server code for browsing the web over friends, not peers. like syphon. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Can't connect to TOR from uverse
I just installed TOR on OSX and I am trying to connect. My ISP is ATT Uverse. I never get past 10% Establishing encrypted directory connection I do not have outbound ports blocked for 80 or 443 I have tried with and without setting bridges. and also with and without restricted ports. Included is my log output. Any clues for a total newbie? Thanks, Feb 11 12:50:51.178 [Debug] directory_initiate_command_rend(): Initiating authority cert fetch Feb 11 12:50:51.179 [Info] connection_ap_make_link(): Making internal direct tunnel to [scrubbed]:8080 ... Feb 11 12:50:51.180 [Debug] connection_add(): new conn type Socks, socket -1, address (Tor_internal), n_conns 7. Feb 11 12:50:51.182 [Debug] circuit_get_open_circ_or_launch(): one on the way! Feb 11 12:50:51.184 [Info] connection_ap_make_link(): ... application connection created and linked. Feb 11 12:50:51.185 [Debug] connection_add(): new conn type Directory, socket -1, address 80.190.246.100, n_conns 8. Feb 11 12:50:51.186 [Debug] conn_read_callback(): socket -1 wants to read. Feb 11 12:50:51.187 [Info] connection_edge_process_inbuf(): data from edge while in 'waiting for circuit' state. Leaving it on buffer. Feb 11 12:50:51.188 [Info] connection_edge_process_inbuf(): data from edge while in 'waiting for circuit' state. Leaving it on buffer. Feb 11 12:50:51.189 [Debug] connection_dir_finished_flushing(): client finished sending command. Feb 11 12:50:51.192 [Debug] conn_read_callback(): socket -1 wants to read. Feb 11 12:50:51.193 [Info] connection_edge_process_inbuf(): data from edge while in 'waiting for circuit' state. Leaving it on buffer. Feb 11 12:50:51.194 [Info] connection_edge_process_inbuf(): data from edge while in 'waiting for circuit' state. Leaving it on buffer. Feb 11 12:50:51.195 [Debug] connection_dir_finished_flushing(): client finished sending command. Feb 11 12:50:51.329 [Debug] conn_write_callback(): socket 10 wants to write. Feb 11 12:50:51.332 [Debug] connection_or_finished_connecting(): OR connect() to router at 80.190.246.100:8080 finished. Feb 11 12:50:51.333 [Debug] connection_tls_start_handshake(): starting TLS handshake on fd 10 Feb 11 12:50:51.334 [Debug] connection_tls_continue_handshake(): wanted read Feb 11 12:50:51.335 [Debug] connection_tls_continue_handshake(): wanted read Feb 11 12:50:51.583 [Debug] conn_read_callback(): socket 10 wants to read. Feb 11 12:50:51.610 [Debug] connection_tls_continue_handshake(): wanted read Feb 11 12:50:51.791 [Debug] conn_read_callback(): socket 10 wants to read. Feb 11 12:50:51.814 [Debug] tor_tls_handshake(): Server sent back a single certificate; looks like a v2 handshake on 0x20f170. Feb 11 12:50:51.828 [Warning] TLS error: unexpected close while renegotiating Feb 11 12:50:51.828 [Info] connection_tls_continue_handshake(): tls error [unexpected close]. breaking connection. Feb 11 12:50:51.829 [Debug] conn_close_if_marked(): Cleaning up connection (fd -1). Feb 11 12:50:51.830 [Debug] circuit_n_conn_done(): or_conn to $F2044413DAC2E02E3D6BCF4735A19BCA1DE97281/80.190.246.100, status=0 Feb 11 12:50:51.830 [Info] circuit_n_conn_done(): or_conn failed. Closing circ. Feb 11 12:50:51.831 [Info] connection_ap_fail_onehop(): Closing one-hop stream to '$F2044413DAC2E02E3D6BCF4735A19BCA1DE97281/80.190.246.100' because the OR conn just failed. Feb 11 12:50:51.832 [Info] connection_ap_fail_onehop(): Closing one-hop stream to '$F2044413DAC2E02E3D6BCF4735A19BCA1DE97281/80.190.246.100' because the OR conn just failed. Feb 11 12:50:51.832 [Debug] circuit_increment_failure_count(): n_circuit_failures now 4. Feb 11 12:50:51.833 [Info] control_event_bootstrap_problem(): Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 4; recommendation ignore) Feb 11 12:50:51.834 [Debug] connection_remove(): removing socket -1 (type OR), n_conns now 8 Feb 11 12:50:51.835 [Debug] conn_close_if_marked(): Cleaning up connection (fd -1). Feb 11 12:50:51.835 [Debug] connection_remove(): removing socket -1 (type Socks), n_conns now 7 Feb 11 12:50:51.836 [Info] _connection_free(): Freeing linked Socks connection [waiting for circuit] with 343 bytes on inbuf, 0 on outbuf. Feb 11 12:50:51.837 [Debug] conn_close_if_marked(): Cleaning up connection (fd -1). Feb 11 12:50:51.837 [Debug] connection_remove(): removing socket -1 (type Socks), n_conns now 6 Feb 11 12:50:51.838 [Info] _connection_free(): Freeing linked Socks connection [waiting for circuit] with 80 bytes on inbuf, 0 on outbuf. Feb 11 12:50:51.838 [Debug] conn_read_callback(): socket -1 wants to read. Feb 11 12:50:51.839 [Info] connection_dir_client_reached_eof(): 'fetch' response not all here, but we're at eof. Closing. Feb 11 12:50:51.840 [Debug] conn_close_if_marked(): Cleaning up connection (fd -1). Feb 11 12:50:51.840 [Info] connection_dir_request_failed(): Giving up on directory server at '80.190.246.100'; retrying Feb 11 12:50:51.841 [Debug] connection_remove(): removing socket -1 (type Directory), n_conns now 5 Feb 11
Re: TOR Blocked at Universities
Why couldn't your exit policy just block the IPs of the journal sites? Because there's 1000 of them (and each would be a /32). It was discussed in another thread at the time, and the developers led me to the conclusion that such hugely long exit policies were a bad idea. Cheers, Michael Holstein Cleveland State University *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TOR Blocked at Universities
On Thu, Feb 11, 2010 at 04:20:49PM -0500, Flamsmark wrote: On 11 February 2010 16:17, Michael Holstein michael.holst...@csuohio.eduwrote: Let's not debate the stupidity of authenticating a network by IP address .. but the above problem is ultimately what forced us to do the same thing (although we just prohibit the operation of an exit). I should note that the original effort to run an exit was conducted by myself, and I do network security here .. but it was the complaints from the library folks that got us into hot water .. there simply wasn't an easy way to block access to all of them without an overly-complex exit policy, and all of our IP space is within a single /16. Why couldn't your exit policy just block the IPs of the journal sites? Or more generally, just block *:80? It's not the best answer I could hope for, but it's sure better than not being an exit relay at all. A more general approach would be to get a DMZ address, meaning somewhere in your university address space that hasn't been whitelisted by the libraries. That concept might not exist at your university though -- yet :). --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TOR Blocked at Universities
Why couldn't your exit policy just block the IPs of the journal sites? Because there's 1000 of them (and each would be a /32). It was discussed in another thread at the time, and the developers led me to the conclusion that such hugely long exit policies were a bad idea. Could you bind your exit traffic to IPs outside your University's primary block?