Running Tor on a v-server with limited number of TCP sockets
Hi, I have rented a small v-server where I can spare about 400GB of bandwidth per month for Tor. Unfortunately, the number of open TCP sockets is limited to 128 and the operator is not willing to change that. (Any good reason why they wouldn't?). So what I'm doing now is running Tor as a non-exit server with "ulimit -c 130", limiting the number of network sockets to about 100 (The other thirty are regular files and UDP sockets). Is this a bad thing to do? (Apart from getting lots of warning messages in the log file?) Of course I don't want to cause any problems on the Tor network. Regards, Stephan signature.asc Description: OpenPGP digital signature
Re: Running Tor on a v-server with limited number of TCP sockets
On 2/21/07, Stephan Walter <[EMAIL PROTECTED]> wrote: Is this a bad thing to do? (Apart from getting lots of warning messages in the log file?) Of course I don't want to cause any problems on the Tor network. From a pragmatic point of view that would also mean that you wouldn't be able to log in from remote if TOR gobbles up all sockets. Gee, what a crippled machine... No idea what influence that has regarding TOR in general, as a network. But certainly you can't harm established circuits, it just prevents new circuits being build up - that affects your local TOR-software, rather than the whole net. I guess. Regards, Stephan Alex. -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped." -- Simon Cameron, U.S. Senator, on the Smithsonian Institute, 1901.
Re: Running Tor on a v-server with limited number of TCP sockets
Stephan Walter schrieb: > Hi, > > I have rented a small v-server where I can spare about 400GB of > bandwidth per month for Tor. Unfortunately, the number of open TCP > sockets is limited to 128 and the operator is not willing to change > that. (Any good reason why they wouldn't?). So what I'm doing now is > running Tor as a non-exit server with "ulimit -c 130", limiting the > number of network sockets to about 100 (The other thirty are regular > files and UDP sockets). > > Is this a bad thing to do? (Apart from getting lots of warning messages > in the log file?) Of course I don't want to cause any problems on the > Tor network. > You should read this: http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-f3a370dd3c42d82a180f3f1d070f94906f4eddea > Regards, > Stephan > > > -- BlueStar88 https://torstat.xenobite.eu (OPGP-KeyID:0x36150C86) signature.asc Description: OpenPGP digital signature
Re: Running Tor on a v-server with limited number of TCP sockets
On 2007-02-21 21:25, Alexander W. Janssen wrote: > From a pragmatic point of view that would also mean that you wouldn't > be able to log in from remote if TOR gobbles up all sockets. It's not as bad as that, as the ssh daemon is listening all the time and therefor already has its socket. > Gee, what a crippled machine... costs only €5/month though... and is enough for everything else. > No idea what influence that has regarding TOR in general, as a > network. But certainly you can't harm established circuits, it just > prevents new circuits being build up - that affects your local > TOR-software, rather than the whole net. I guess. I didn't think that it would harm existing circuits, but I thought that maybe it would cause a lot of connections to drop. -Stephan signature.asc Description: OpenPGP digital signature
Re: Running Tor on a v-server with limited number of TCP sockets
On 2007-02-21 21:42, BlueStar88 wrote: > You should read this: > > http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-f3a370dd3c42d82a180f3f1d070f94906f4eddea I've read this wiki article, but didn't find any final answer. It says: "Unfortunately, since Tor currently requires you to be able to connect to all the other Tor servers, we need you to be able to use at least 1024 file descriptors. This means we can't make use of Tor servers that are crippled in this way." Well my server seems to be working more or less (nickname "dangerdiabolik"), I just wanted to know whether it's any use to keep it running. -Stephan signature.asc Description: OpenPGP digital signature
Re: Running Tor on a v-server with limited number of TCP sockets
On Wed, Feb 21, 2007 at 09:46:07PM +0100, Stephan Walter wrote: > On 2007-02-21 21:25, Alexander W. Janssen wrote: > > From a pragmatic point of view that would also mean that you wouldn't > > be able to log in from remote if TOR gobbles up all sockets. > > It's not as bad as that, as the ssh daemon is listening all the time and > therefor already has its socket. That depends. The new connection is still a new connection. > > Gee, what a crippled machine... > > costs only ???5/month though... and is enough for everything else. BTW: This might piss off the operators running tor on here, you should probably check that with them before running it as they may just kill your account. -cl
Re: Running Tor on a v-server with limited number of TCP sockets
Thus spake Stephan Walter ([EMAIL PROTECTED]): > On 2007-02-21 21:25, Alexander W. Janssen wrote: > > From a pragmatic point of view that would also mean that you wouldn't > > be able to log in from remote if TOR gobbles up all sockets. > > It's not as bad as that, as the ssh daemon is listening all the time and > therefor already has its socket. Actually, it probably is as bad as that. Each time accept() is called on this server socket to handle a new SSH connection a new socket is formed.. Unless their limit has a special exemption that they coded themselves for accept().. But most likely its some garbage usermode Linux thingy with ulimit -n set on the usermode linux process. On the plus side, if they did code this exception for accept(), it should apply to Tor as well, at least for incoming connections to the OR port. Eventually most routers should connect to you, and Tor will just use those OR connections (though they may get closed if no circuits are on them.. not sure about how long Tor keeps idle OR connections open). However, my scanner (if it ever works :) probably will end up flagging your node as unreliable.. But you've got a while before that actually means anything. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Re: Running Tor on a v-server with limited number of TCP sockets
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Is this a problem with the tor lookup/directory protocol? I assume the case here is that the descriptor data assumes full socket access and therefore does not have a data entry specifying the # of sockets that can be used. On one level, this is an internal/localhost issue, but there should be a way to work around this. Chances are, if this guy has a problem, many more may as well. Might one solution be to incorporate this information into the data that clients use to determine how preferential a particular OR is? It seems like it would be easy to put in some code that says, "If Socketshttp://www.mpassetprotection.com/ today. On 02/21/2007 01:09 PM, Mike Perry wrote: > Thus spake Stephan Walter ([EMAIL PROTECTED]): > >> On 2007-02-21 21:25, Alexander W. Janssen wrote: >>> From a pragmatic point of view that would also mean that you wouldn't >>> be able to log in from remote if TOR gobbles up all sockets. >> It's not as bad as that, as the ssh daemon is listening all the time and >> therefor already has its socket. > > Actually, it probably is as bad as that. Each time accept() is called > on this server socket to handle a new SSH connection a new socket is > formed.. Unless their limit has a special exemption that they coded > themselves for accept().. But most likely its some garbage usermode > Linux thingy with ulimit -n set on the usermode linux process. > > On the plus side, if they did code this exception for accept(), it > should apply to Tor as well, at least for incoming connections to the > OR port. Eventually most routers should connect to you, and Tor will > just use those OR connections (though they may get closed if no > circuits are on them.. not sure about how long Tor keeps idle OR > connections open). > > However, my scanner (if it ever works :) probably will end up flagging > your node as unreliable.. But you've got a while before that actually > means anything. > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF3LcTgwZR2XMkZmQRA6ntAKCReIT4kLCQm2Xq0+yRGSf8ReEOfgCeKFuo jhnb010VOV+TOpGqlF7Z99Q= =h3xF -END PGP SIGNATURE-
Re: Running Tor on a v-server with limited number of TCP sockets
Am Mittwoch, den 21.02.2007, 21:05 +0100 schrieb Stephan Walter: > > So what I'm doing now is > running Tor as a non-exit server with "ulimit -c 130", limiting the > number of network sockets to about 100 (The other thirty are regular > files and UDP sockets). Hi, my non-exit node ran on a vServer with ulimit 1024. Because I was afraid of running in this limit I logged the number of oben files with pid=`cat /home/tor/.tor/tor.pid` sock=`ls -x1 /proc/$pid/fd | wc -l` The number of open files depends on the bandwith limit. I don't know, what my limit was, I think 40kb/s and the number of open sockets was about 80 or 90. Perhaps you could start with a low bandwith limit and have a look at your number of open sockets. Max
