Re: getinfo circuit-status
Roger Dingledine schrieb: On Mon, Feb 15, 2010 at 03:41:55PM -0500, Roger Dingledine wrote: On Mon, Feb 15, 2010 at 08:17:32PM +0100, Nico Weinreich wrote: {This is based on re-reading circuit_get_best in circuituse.c.} OK, thanks for this very detailed explaination. But is there a way to get (before or after a HTTP request) the circuit which will be (or was) used? Not currently. As Nick points out, there's an easy way to do it after the fact. My longer mail is talking about predicting which circuit will be used by a hypothetical stream without actually making any connections through Tor. --Roger Yeah, I read in control-spec for the last hour, but it's still a bit confusing for me. I hope you can still help me a little bit. As I understand, I've to do the following: - get tor to watch for stream events by sending SETEVENTS STREAM over control port - send my real request over tor (in my case a http request) - this is an asynchronous response, so I've to wait for a response like 650 SP STREAM SP stream_id SP SUCCEEDED SP circ_id SP target:port - get circuit by GETINFO CIRCUIT-STATUS But I've no idea to realize the last point in PHP. To act with control port I open a normal socket in PHP and send my request. After that, the tor request itself is done with CURL. I found PHPs function socket_select which allows to wait a specific time for a response, but what time should I wait? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: getinfo circuit-status
OK, I already thought, that a node with real name (not the fingerprint) could be identified clearly. Can someone help with my first question (which of the circuits from getinfo circuit-status TOR will use)? Am 14.02.2010 01:04, schrieb Damian Johnson: Not sure about the first question (my guess would be either multiple circuits are built for added bandwidth or for complimentary exit policies - docs or someone else could answer this). As for the second question, I'm assuming that entries using nickname (verses a fingerprint like $4F0826FA4C325C3CAA0054A6E023E566302C20C7) have the named flag and hence won't have a problem with ambiguity. Unfortunately the control-spec is a little tight lipped on this point so don't blame you for wondering about it. Cheers! -Damian On Sat, Feb 13, 2010 at 12:21 PM, Nico Weinreichi...@web-unity.de wrote: Hi, when interacting with tor control I can get the circuit with command getinfo circuit-status. What's a bit confusing for me, there are more than one circuits: getinfo circuit-status 250+circuit-status= 51 BUILT rueckgrat,myrnaloy,$2DDAC53D4E7A556483ACE6859A57A63849F2C4F6 PURPOSE=GENERAL 50 BUILT Freedom,nixnix,$4744AD962D32A11CD7CF4513617FAC33B339806B PURPOSE=GENERAL 15 BUILT HW2,$4F0826FA4C325C3CAA0054A6E023E566302C20C7,RainCloud PURPOSE=GENERAL 14 BUILT Freedom,SuperDave,bp1 PURPOSE=GENERAL So I have two questions: -which circuit does tor use (is it alway the circuit with the highest number?) -is there a way to get this nodes always as fingerprint (for example, there are many nodes with name idideditheconfig and how do I know which one is it when the node is listed in plain text?) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: ressource problem on linux?
or could this be a problem of privoxy handling all tor clients? I think it's no problem to run a privoxy instance for each tor client, but I can't find a config option in tor, which specifies the port of privoxy? - Original Message - From: i...@web-unity.de To: or-t...@seul.org Sent: Thursday, February 11, 2010 9:03 AM Subject: ressource problem on linux? Hi, I'm using Tor 0.2.1.22 on Debian Lenny. I played a little bit with Tor (so there are 10 instances of tor client running simultaneous). I can see very often the following in log: We tried for 15 seconds to connect to '111.222.333.444' using exit 'SoDesuKa'. Retrying on a new circuit. This very often occurs on SoDesuKa and sometimes on some other nodes to. There is also Have tried resolving or connecting to address '111.222.333.444' at 3 different places. Giving up. When enabling debug log, I can see Feb 11 08:23:51.768 [debug] connection_ap_handshake_rewrite_and_attach(): Client asked for 111.222.333.444:80 Feb 11 08:23:51.768 [debug] connection_ap_handshake_attach_circuit(): Attaching apconn to circ 3699 (stream 0 sec old). Feb 11 08:23:51.768 [info] exit circ (length 3): $B8E356A56EC7300CA87BE4FD0D8096EA6E9113E1(open) lanroamer(open) CityTor(open) Feb 11 08:23:51.768 [debug] link_apconn_to_circ(): attaching new conn to circ. n_circ_id 3699. Feb 11 08:23:51.768 [debug] connection_ap_handshake_send_begin(): Sending relay cell to begin stream 35585. Feb 11 08:23:51.768 [debug] relay_send_command_from_edge(): delivering 1 cell forward. Feb 11 08:23:51.768 [debug] relay_send_command_from_edge(): Sending a RELAY_EARLY cell; 4 remaining. Feb 11 08:23:51.768 [debug] circuit_package_relay_cell(): crypting a layer of the relay cell. Feb 11 08:23:51.768 [debug] circuit_package_relay_cell(): crypting a layer of the relay cell. Feb 11 08:23:51.768 [debug] circuit_package_relay_cell(): crypting a layer of the relay cell. Feb 11 08:23:51.768 [debug] append_cell_to_circuit_queue(): Made a circuit active. Feb 11 08:23:51.768 [debug] append_cell_to_circuit_queue(): Primed a buffer. Feb 11 08:23:51.768 [debug] connection_or_flush_from_first_active_circuit(): Made a circuit inactive. Feb 11 08:23:51.768 [info] connection_ap_handshake_send_begin(): Address/port sent, ap socket 13, n_circ_id 3699 Feb 11 08:23:51.768 [info] connection_edge_process_inbuf(): data from edge while in 'waiting for connect response' state. Leaving it on buffer. Feb 11 08:23:51.768 [debug] conn_write_callback(): socket 4 wants to write. Feb 11 08:23:51.768 [debug] flush_chunk_tls(): flushed 512 bytes, 0 ready to flush, 0 remain. Feb 11 08:23:51.768 [debug] connection_handle_write(): After TLS write of 512: 0 read, 586 written Feb 11 08:23:52.100 [debug] global_write_bucket now 10485760. Feb 11 08:23:53.032 [debug] conn_read_callback(): socket 4 wants to read. Feb 11 08:23:53.033 [debug] connection_read_to_buf(): 4: starting, inbuf_datalen 0 (0 pending in tls object). at_most 16384. Feb 11 08:23:53.033 [debug] connection_read_to_buf(): After TLS read of 512: 586 read, 0 written Feb 11 08:23:53.033 [debug] connection_or_process_cells_from_inbuf(): 4: starting, inbuf_datalen 512 (0 pending in tls object). Feb 11 08:23:53.033 [debug] relay_lookup_conn(): found conn for stream 35585. Feb 11 08:23:53.033 [debug] circuit_receive_relay_cell(): Sending to origin. Feb 11 08:23:53.033 [debug] connection_edge_process_relay_cell(): Now seen 9 relay cells here. Feb 11 08:23:53.033 [info] connection_ap_process_end_not_open(): Address '111.222.333.444' refused due to 'server out of resources'. Considering retrying. [...] Feb 11 08:24:56.496 [info] connection_ap_process_end_not_open(): Address '111.222.333.444' refused due to 'misc error'. Considering retrying. Feb 11 08:24:56.496 [info] client_dns_incr_failures(): Address 111.222.333.444 now has 1 resolve failures. This occurs only when running 10 instances, with 5 tor instances all seems fine. So it seems to be a problem with file descriptors or tcp ports? Can anyone help? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
getinfo circuit-status
Hi, when interacting with tor control I can get the circuit with command getinfo circuit-status. What's a bit confusing for me, there are more than one circuits: getinfo circuit-status 250+circuit-status= 51 BUILT rueckgrat,myrnaloy,$2DDAC53D4E7A556483ACE6859A57A63849F2C4F6 PURPOSE=GENERAL 50 BUILT Freedom,nixnix,$4744AD962D32A11CD7CF4513617FAC33B339806B PURPOSE=GENERAL 15 BUILT HW2,$4F0826FA4C325C3CAA0054A6E023E566302C20C7,RainCloud PURPOSE=GENERAL 14 BUILT Freedom,SuperDave,bp1 PURPOSE=GENERAL So I have two questions: -which circuit does tor use (is it alway the circuit with the highest number?) -is there a way to get this nodes always as fingerprint (for example, there are many nodes with name idideditheconfig and how do I know which one is it when the node is listed in plain text?) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
signal newnym and rate limiting
Hi, in tor log I can see, that tor delayes sometimes the newnym signal. Is there a way to get this information (including the delayed time in seconds) trough control port after sending the newnym signal? Cheers *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
How to exactly determine country of an exit node
Hi all, I've visited http://torstatus.all.de to get some tor servers from germany. I thought it's enough to look on the country flag, but I've noticed a strange entry on this page. I found a router with name bleakgadfly5 file:///C:/Users/Nico%20Weinreich/Desktop/TOR/router_detail.php?FP=f1a05306b76358908111e15396e663344a186888 which belongs to germany (at least all.de claims so) with ip 217.114.215.227 and the hostname of this server is hosted-by-vps-hosting.co.uk. You can see the .co.uk domain and a whois for this ip gave a GB for country. So, do I have to check ever the whois for an ip or is there another way to be sure to use a german server? So long, Nico *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How to exactly determine country of an exit node
Olaf Selke schrieb: what do you consider a German server? - a server with a German ip address according to the ripe db - a server physically located in Germany - a server with an ip address reverse resolving to a .de domain - a server operated by a German individual I think the first and third arguments are the interesting one for me. Resolving an ip to a domain isn't possible all the time, because some ip addresses don't resolve. Recently I dumped my own dns cache into a perl script and compared the ip addresses stored with those from an open danish dns server poisoned with the danish dns blocklist. I found a lot of blocked servers within the Chinese tld .cn using ip address space from the US. OK, but there are german ip addresses which resolve to a .net domain or so. A check against ripe db would be the best. So there is the whois for all ip addresses again. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How to exactly determine country of an exit node
Olaf Selke schrieb: why do you want to reinvent the wheel instead of sticking with Maxminds GeoIP db? hehe, you're right. thanks for this hint. and thanks for all your fast replies, my problem is solved. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/