[tor-relays] [warn] Error relaying cell across rendezvous; closing circuits

[Logforme]

I run the non-exit relay 8F6A78B1EA917F2BF221E87D14361C050A70CCC3
Today I noticed two [warn] lines in the Tor log file that I have not 
seen before:


[warn] Error relaying cell across rendezvous; closing circuits
[warn] circuit_mark_for_close_(): Bug: Duplicate call to 
circuit_mark_for_close at ../src/core/or/command.c:577 (first at 
../src/core/or/relay.c:343) (on Tor 0.4.8.12 )


I assume this is more of a FYI for the developers than for me as an 
operator. I'll keep an eye out to see if they appear more times.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Warn:

[sysmanager7 via tor-relays]

I got the below message on my relay #2. It's been in operation for a year and a 
half. First time I've
ever got one of these.

0re7:26:40 [WARN] Your computer is too slow to handle this many circuit 
creation requests! Please consider using the MaxAdvertisedBandwidth config 
option or choosing a more restricted exit policy. [505 similar message(s) 
suppssed in last 57840 seconds]

OK > Both relays operate on Digital Ocean Droplets
Bandwidth on both 2 MBs Burst 3MBs
both relays have the same settings NEITHER is an exit: ExitPolicy reject
I see relay #2 has been restarted. Last eve it had been up four days. As of 
this writing just over 2 hours.

Or is this another way to muck up a relay?

Sysmanager

Sent with [Proton Mail](https://proton.me/) secure email.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] Received a bad CERTS cell: Link certificate does not match TLS certificate

[Felix]

Hi all

I found a message in the logs:
Apr 16 15:07:46.000 [warn] Received a bad CERTS cell: Link certificate
does not match TLS certificate

-- 
Cheers Felix


pgpz8Afm4HlbY.pgp
Description: Digitale Signatur von OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] warn message in notices .log after reinstallation of the relay (and restore of torrc and "keys" folder)

[David Strappazon]

Hi,

I had issues with my bridge who is running on a Raspberry pi 3+ so i've decided 
to completely reinstall it.

First i saved my torrc file and my "keys" folder from /var/lib/tor.

First thing i did after a clean install of the server was to copy and paste my 
torrc file in /etc/tor/ and the files  "ed25519_master_id_secret_key" and 
"secret_id_key" in the keys directory.

Anyway after starting Tor i had the following messages in notices.log:

[warn] http status 400 '"looks like your keypair has changed?...etc...etc...

i decided to completely replace the content of the keys folder by my backup but 
i still have the same message.

When i go to Tor relay search i see my bridge with two different identities and 
both are offline ( one of the hashed fingerprints is the right one). Anyway if 
i run "nyx" i can see that Tor is working, reachable from the outside and some 
circuits are built.

I suspect i make a mistake with the "keys" but i'm a little bit lost.

Can you guys help me please ?

Sent with [ProtonMail](https://protonmail.com) Secure Email.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests

[Vasilis]

Hi,

*UPDATE**
I'm still seeing these warning messages but in a lower frequency:
Your computer is too slow to handle this many circuit creation requests! Please
consider using the MaxAdvertisedBandwidth config option or choosing a more
restricted exit policy. [1077 similar message(s) suppressed in last 60 seconds]


The defenses seems to be working (?):
DoS mitigation since startup: 45482775 circuits rejected, 157 marked addresses.
2187600 connections closed. 993 single hop clients refused.


~Vasilis
-- 
Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests

[Vasilis]

Hi,

Running for more than a week the alpha version 0.3.3.2 (git-7b1d356bdb76607d)
the issue seems to be resolved.

Heartbeat: Tor's uptime is 7 days 11:59 hours, with 19157 circuits open. I've
sent 2372.16 GB and received 2372.27 GB.


Cheers,
~Vasilis
-- 
Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests

[Vasilis]

Roger Dingledine:
> On Wed, Feb 21, 2018 at 01:13:00PM +, Vasilis wrote:
>> I see a number of warning log messages on a dedicated server:
>> [WARN] Your computer is too slow to handle this many circuit creation 
>> requests!
> 
> You get that warning message when there are too many create cells coming
> in, and your relay ends up sending back preemptively destroy cells for
> some of them. That is, it tries to estimate internally how long it will
> take to handle the current queue of create cells, and if the queue gets
> so big that the one that just arrived will take several seconds before
> it can be processed, Tor just sends back a destroy cell instead, and
> gives you this warn.
> 
> The flood of circuits created by the ddos storm will be causing this
> sort of warning sometimes. For example, my FreeBogatov relay gets 30-70
> million create requests per 6 hours, and when that number goes over
> about 100 million, there are times where it can't keep up.
> 
> (Careful though because the heartbeat message about number of circuits
> does not count circuits that come from client connections. That is, the
> circuits in the heartbeat count are only circuits that come via other
> relays. So non-Guards are giving you a reasonably accurate count, and
> Guards are leaving out an unknown number of circuits from their count,
> and that unknown number could be quite large.)
> 
> Ultimately, the fix needs to be that more and more relays upgrade to a
> version of Tor tht includes the DDoS mitigation. One of the main goals
> of the mitigation is not to help *your* relay in particular, since hey
> maybe your relay is huge and it can keep up, but rather to slow down the
> mass of circuits heading towards *other* relays after yours.
> 
> That is, you need *other* relays to deploy the mitigation in order to
> help you.
> https://en.wikipedia.org/wiki/Herd_immunity

Makes sense great explanation, thank you!
Wasn't planning to stop running/administering any of the relays.

>> Setting the NumCPUs option to the actual number of CPUs (2) didn't help.
> 
> Are you sure you only have 2 cores? These days each cpu has many cores,
> so a system with 2 cpus could easily have 8 cores.

It's an old processor with 2 CPU and 1 core per CPU.

>> Is this hardware really too old/slow to run a relay on one ethernet Gigabit 
>> link?
> 
> Well, there are times where it isn't able to keep up. But if you turn
> off the relay or turn down its capacity, then it will just increase the
> load on the other relays. So I think we shouldn't worry too much about
> these warnings during this period of overload.
> 
> Oh, I guess I should ask: are you using 0.3.3.2-alpha or a version with
> the ddos mitigation? If not, that's a clear next step.

I 'll upgrade to the alpha version and closely monitor its activity.


Thanks,
~Vasilis



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests

[Roger Dingledine]

On Wed, Feb 21, 2018 at 01:13:00PM +, Vasilis wrote:
> I see a number of warning log messages on a dedicated server:
> [WARN] Your computer is too slow to handle this many circuit creation 
> requests!

You get that warning message when there are too many create cells coming
in, and your relay ends up sending back preemptively destroy cells for
some of them. That is, it tries to estimate internally how long it will
take to handle the current queue of create cells, and if the queue gets
so big that the one that just arrived will take several seconds before
it can be processed, Tor just sends back a destroy cell instead, and
gives you this warn.

The flood of circuits created by the ddos storm will be causing this
sort of warning sometimes. For example, my FreeBogatov relay gets 30-70
million create requests per 6 hours, and when that number goes over
about 100 million, there are times where it can't keep up.

(Careful though because the heartbeat message about number of circuits
does not count circuits that come from client connections. That is, the
circuits in the heartbeat count are only circuits that come via other
relays. So non-Guards are giving you a reasonably accurate count, and
Guards are leaving out an unknown number of circuits from their count,
and that unknown number could be quite large.)

Ultimately, the fix needs to be that more and more relays upgrade to a
version of Tor tht includes the DDoS mitigation. One of the main goals
of the mitigation is not to help *your* relay in particular, since hey
maybe your relay is huge and it can keep up, but rather to slow down the
mass of circuits heading towards *other* relays after yours.

That is, you need *other* relays to deploy the mitigation in order to
help you.
https://en.wikipedia.org/wiki/Herd_immunity

> Setting the NumCPUs option to the actual number of CPUs (2) didn't help.

Are you sure you only have 2 cores? These days each cpu has many cores,
so a system with 2 cpus could easily have 8 cores.

> Is this hardware really too old/slow to run a relay on one ethernet Gigabit 
> link?

Well, there are times where it isn't able to keep up. But if you turn
off the relay or turn down its capacity, then it will just increase the
load on the other relays. So I think we shouldn't worry too much about
these warnings during this period of overload.

Oh, I guess I should ask: are you using 0.3.3.2-alpha or a version with
the ddos mitigation? If not, that's a clear next step.

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests

[Vasilis]

Hi,

I see a number of warning log messages on a dedicated server:
[WARN] Your computer is too slow to handle this many circuit creation requests!
Please consider using the MaxAdvertisedBandwidth config option or choosing a
more restricted exit policy. [27615 similar message(s) suppressed in last 60
seconds]

The relay is running on a dedicated hardware with the following specifications:

CPU: Intel(R) Xeon(TM) CPU 3.00GHz
RAM: 6G
Kernel: Linux 3.16.0-5-amd64
Tor version: 0.3.2.9
flags: Fast, Guard, HSDir, Running, Stable, V2Dir, Valid
exit policy: reject *:*

Setting the NumCPUs option to the actual number of CPUs (2) didn't help.
Is this hardware really too old/slow to run a relay on one ethernet Gigabit 
link?


Cheers,
~Vasilis
-- 
Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162
Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] assign_to_cpuworker failed. Ignoring.

[teor]

> On 1 Aug 2017, at 08:17, Ybslik  wrote:
> ...
> 
>   Me  -  9D60A484CFBDB5B890FB5B18941494734584BA17
> 
> ...
> Jul 31 20:37:34.000 [notice] Since startup, we have initiated 0 v1 
> connections, 0 v2 connections, 3 v3 connections, and 908239 v4 connections; 
> and received 3548 v1 connections, 254 v2 connections, 7 v3 connections, and 
> 1155164 v4 connections.
> ...
> I've highlighted the number of circuits in red..never had that many 
> before.

Read this thread:

https://lists.torproject.org/pipermail/tor-relays/2017-July/012660.html

If you still have any questions, feel free to write back.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org






signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] channelpadding_ and [warn] assign_

[Roger Dingledine]

On Mon, Jul 03, 2017 at 09:58:02PM +0200, Felix wrote:
> [warn] channelpadding_compute_time_until_pad_for_netflow: Bug: Channel
> padding timeout scheduled 212ms in the past. Did the monotonic clock just
> jump? (on Tor 0.3.1.3-alpha dc47d936d47ffc25)

https://bugs.torproject.org/22212

> and
> 
> [warn] assign_to_cpuworker failed. Ignoring.

https://bugs.torproject.org/22356

> Seems without impact to performance. I just wonder.
> Switching to 3.1.4a might fix it ?

The 0.3.1.4-alpha changelog lists both of these tickets. So, let us know
if they continue once you've updated!

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] channelpadding_ and [warn] assign_

[Toralf Förster]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/03/2017 09:58 PM, Felix wrote:
> Switching to 3.1.4a might fix it ?
Doubt,
got it today too (just once till now) at 0.3.1.4-alpha


- -- 
Toralf
PGP C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWVqiwxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTqavAP9TMX3RPRH2thkxfHu6JE8HAreo
ih3AIHefHcLhwfNP4AD9HromYZMykGvusiqfH7forOGap2cVyK342FDshgZ42JQ=
=ZdBT
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] channelpadding_ and [warn] assign_

[Felix]

Hi everybody

On 3.1.3a there are quiet some log entries like 10 per day and relay, 
more cicuits - more entries:


[warn] channelpadding_compute_time_until_pad_for_netflow: Bug: Channel 
padding timeout scheduled 212ms in the past. Did the monotonic clock 
just jump? (on Tor 0.3.1.3-alpha dc47d936d47ffc25)


and

[warn] assign_to_cpuworker failed. Ignoring.

Seems without impact to performance. I just wonder.
Switching to 3.1.4a might fix it ?

3.0.8 doesn't show it.

[] Tor 0.3.1.3-alpha (git-dc47d936d47ffc25) running on FreeBSD with 
Libevent 2.1.8-stable, OpenSSL LibreSSL 2.4.3, Zlib 1.2.8, Liblzma 
5.2.2, and Libzstd 1.2.0.


--
Cheers, Felix
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] circuit_mark_for_close under (Linux 4.4.0-21-generic) Tor 0.2.9.10

[Paul]

[warn] circuit_mark_for_close_(): Bug: Duplicate call to circuit_mark_for_close 
at ../src/or/onion.c:238 (first at ../src/or/command.c:579) (on Tor 0.2.9.10 )

Can this warning be neglected - I thought it is a BSD and not a Linux issue?
Got nearly a hundred of them today - all with the same time stamp.

Thanks - Paul
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "[warn] Cannot make an outgoing connection without a DirPort" under BSD

[nusenu]

https://trac.torproject.org/projects/tor/ticket/20711



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "[warn] Cannot make an outgoing connection without a DirPort" under BSD

[Ivan Markin]

pa011:
> I am running (FreeBSD 11.0-RELEASE-p2)   Tor 0.2.8.11
> getting following warnings while Self-testing indicates that DirPort is 
> reachable from the outside?
> 
> Can these warnings be ignored, while Tor is running properly afterwards ?

> Dec 24 13:21:57.000 [warn] Cannot make an outgoing connection without a 
> DirPort.

This is probably a bug. Try to switch log level to "info" - tor should
provide a more detailed backtrace saying something like "Address came
from...". Please don't forget to sanitize log from irrelevant private data.

--
Ivan Markin
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] "[warn] Cannot make an outgoing connection without a DirPort" under BSD

[pa011]

I am running (FreeBSD 11.0-RELEASE-p2)   Tor 0.2.8.11
getting following warnings while Self-testing indicates that DirPort is 
reachable from the outside?

Can these warnings be ignored, while Tor is running properly afterwards ?

Merry Christmas!

Paul 

Dec 24 13:20:57.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Dec 24 13:20:57.000 [warn] Cannot make an outgoing connection without a DirPort.
Dec 24 13:20:58.000 [notice] Bootstrapped 85%: Finishing handshake with first 
hop
Dec 24 13:20:58.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Dec 24 13:20:58.000 [notice] Tor has successfully opened a circuit. Looks like 
client functionality is working.
Dec 24 13:20:58.000 [notice] Bootstrapped 100%: Done
Dec 24 13:20:58.000 [notice] Now checking whether ORPort x.x.x.x:9001 and 
DirPort x.x.x.x:9030 are reachable... (this may take up to 20 minutes -$
Dec 24 13:20:59.000 [notice] Self-testing indicates your ORPort is reachable 
from the outside. Excellent.
Dec 24 13:20:59.000 [notice] Self-testing indicates your DirPort is reachable 
from the outside. Excellent. Publishing server descriptor.
Dec 24 13:21:00.000 [notice] Performing bandwidth self-test...done.
Dec 24 13:21:57.000 [warn] Cannot make an outgoing connection without a DirPort.
Dec 24 13:21:57.000 [warn] Cannot make an outgoing connection without a DirPort.
Dec 24 13:21:57.000 [warn] Cannot make an outgoing connection without a DirPort.
Dec 24 13:21:57.000 [warn] Cannot make an outgoing connection without a DirPort.
Dec 24 13:21:57.000 [warn] Cannot make an outgoing connection without a DirPort.
Dec 24 13:21:57.000 [warn] Cannot make an outgoing connection without a DirPort.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Remote server sent bogus reason code 65021

[pa011]

Looks like this is solved and belonged to not open ports
Sorry for the hassle

Paul



Am 16.08.2016 um 18:34 schrieb pa011:
> Just established a new Exit with two instances on (Linux 3.16.0-4-amd64) ,Tor 
> 0.2.8.6  
> 
> On the second instance I get these warnings:
> 
> [WARN] Remote server sent bogus reason code 65021 [21 duplicates hidden]
> [WARN] Remote server sent bogus reason code 65023  [95 duplicates hidden]
> [NOTICE] Have tried resolving or connecting to address '[scrubbed]' at 3 
> different places. Giving up. [40 duplicates hidden]
> 
> The code65023 is ticking up by one in about 10 seconds?
> 
> The default instance is free of that.
> 
> Anything to worry about?
> 
> Thanks
> 
> Paul
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [WARN] Remote server sent bogus reason code 65021

[pa011]

Just established a new Exit with two instances on (Linux 3.16.0-4-amd64) ,Tor 
0.2.8.6  

On the second instance I get these warnings:

[WARN] Remote server sent bogus reason code 65021 [21 duplicates hidden]
[WARN] Remote server sent bogus reason code 65023  [95 duplicates hidden]
[NOTICE] Have tried resolving or connecting to address '[scrubbed]' at 3 
different places. Giving up. [40 duplicates hidden]

The code65023 is ticking up by one in about 10 seconds?

The default instance is free of that.

Anything to worry about?

Thanks

Paul
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] eventdns: All nameservers have failed

[s7r]

Hello,

This warn is known for some time. It's safe to ignore this warning no
matter how many times you see it in your log file, IIRC it's a libevent
issue when DNS resolvers are idle. All my exit relays have multiple such
lines in the log files constantly.

It's highly important to run your own resolver on localhost 127.0.0.1
such as unbound or bind. Installation is pretty straight forward since
you need only a resolver. You will still get this warning even with your
own resolver hosted on localhost regardless if you use unbound or bind,
it's unrelated to this warning message, but using a local resolver will
help privacy of the users using your exit. It's the recommended way to
run exit relays.

On 6/19/2016 10:59 PM, pa011 wrote:
> Jun 19 20:24:38.000 [warn] eventdns: All nameservers have failed
> Jun 19 20:24:38.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
> 
> 
> I do get this in my logs on an exit (Tor 0.2.7.6) several times every hour.
> 
> The /etc/resolv.conf contains
> 
> # Generated by SolusVM
> nameserver 8.8.8.8
> nameserver 8.8.4.4
> 
> Is it really best to set only one DNS like specified here
> https://trac.torproject.org/projects/tor/ticket/11600 ?
> 
> Or are there better working solutions?



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] eventdns: All nameservers have failed

[SuperSluether]

It's been mentioned here once before, but you shouldn't be using 
Google's DNS servers as they see almost all of the Tor network traffic.


My solution was to run a local DNS resolver (unbound in my case) and to 
use at least 2 DNS servers from the Open NIC project: 
https://www.opennicproject.org/configure-your-dns/


After adding servers from OpenNIC, the errors disappeared completely for me.

On 06/19/2016 02:59 PM, pa011 wrote:

Jun 19 20:24:38.000 [warn] eventdns: All nameservers have failed
Jun 19 20:24:38.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up


I do get this in my logs on an exit (Tor 0.2.7.6) several times every hour.

The /etc/resolv.conf contains

# Generated by SolusVM
nameserver 8.8.8.8
nameserver 8.8.4.4

Is it really best to set only one DNS like specified here
https://trac.torproject.org/projects/tor/ticket/11600 ?

Or are there better working solutions?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] eventdns: All nameservers have failed

[Toralf Förster]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 06/19/2016 09:59 PM, pa011 wrote:
> Or are there better working solutions?

I do have only 127.0.0.1 set in my resolv.conf and do use dnsmasq together with 
strict DNSSEC.
works like a charm and DNSSEC is really a good thing IMO.

The configuration is straight forward:

# grep -v -e '#' -e'^$' /etc/dnsmasq.conf
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec
dnssec-check-unsigned
no-resolv
server=
server=
server=
server=
server=
server=
cache-size=1


Furthermore it reduces the load to upstream DNS servers by 1/3 :

# pkill -SIGUSR1 dnsmasq; sleep 1; tail /var/log/messages | grep dnsmasq
Jun 19 22:14:49 ms-magpie dnsmasq[1442]: time 1466367289
Jun 19 22:14:49 ms-magpie dnsmasq[1442]: cache size 1, 91142/4075150 cache 
insertions re-used unexpired cache entries.
Jun 19 22:14:49 ms-magpie dnsmasq[1442]: queries forwarded 1665387, queries 
answered locally 695441
Jun 19 22:14:49 ms-magpie dnsmasq[1442]: DNSSEC memory in use 174384, max 
311808, allocated 84



- -- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAldm/cIACgkQxOrN3gB26U7r8wD8DDPMBmNHc3ENAQfeYd0clt3X
xPZdiFXwiQ6a94niYu4A/0phgRXBP++MgJOURWHlN3irSJiVkniuUcChSXY8wr8K
=ugdK
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] eventdns: All nameservers have failed

[pa011]

Jun 19 20:24:38.000 [warn] eventdns: All nameservers have failed
Jun 19 20:24:38.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up


I do get this in my logs on an exit (Tor 0.2.7.6) several times every hour.

The /etc/resolv.conf contains

# Generated by SolusVM
nameserver 8.8.8.8
nameserver 8.8.4.4

Is it really best to set only one DNS like specified here
https://trac.torproject.org/projects/tor/ticket/11600 ?

Or are there better working solutions?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Received http status code 504 ("Gateway Time-out") from server '154.35.175.225:80' while fetching "/tor/ ...

[Roger Dingledine]

On Thu, Jun 02, 2016 at 11:07:15AM +0100, Robin Kjeld wrote:
> Jun 02 07:24:40.000 [warn] Received http status code 504 ("Gateway Time-
> out") from server '154.35.175.225:80'

Right, that is the directory authority 'faravahar' being broken again. It
does this sometimes, unfortunately causing scary-sounding warnings in
relay log messages. It's nothing to worry about (so long as enough other
dir auths aren't broken).

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] Received http status code 504 ("Gateway Time-out") from server '154.35.175.225:80' while fetching "/tor/ ...

[Robin Kjeld]

Tor version 0.2.7.6
Tor relay logged this a few times:
 
Jun 02 07:24:40.000 [warn] Received http status code 504 ("Gateway Time-
out") from server '154.35.175.225:80' while fetching "/tor/server/d/6D3-
3995A9D954195FCDB0385B6A26F0F71543161+6F7D97B389CBF5409D4011155047C70E9-
FCB832C+70041AC73A4118691EA88E399BE781F4B7A4CD58+701EBDF7F377CAB09F9D99-
F70AAEAAE8E82544EC+70900B72F73CBFF3E72DAC29A89474788CEF9004+70A0349B8DD-
808578B4CA4DBECFEF7F136F9218C+71CEB7849F84AB7C04F209FFA16124F08953D610+-
722A3CF1578EDE7FE430C5D1D67F321086BA0DF8+72D74B2BC453A4F8F23C54E3A7417F-
1C36681156+7383EE1D444867B8F9F8F051CFF4343BB795EE28+73B2899D83B8A0C2B5A-
7B6059A155B0BEFB5ADC4+759459609126827E352FAC6F6875F39132869291+75A196C0-
E4A2805B8E22F83536C3A7DE7323A1AB+768F373C6F831EF48E303430C81198527ADADD-
65+76BFB344148FF57B070AAA145B8E1FF13F349BFA+76E170B620F90AD5DC42F47473B-
19671E64B24A3+76FCB446C6D467BB3C90074F5629807F4EC3+7732811259B3BB6B-
4EA9226FB9BAE1BBCD28E953+793C514D5EE5B344BEE851D0E1AC74A349FB2264+79AE1-
8E570C791493C7861D50C6727E2ACAAF9D9+7B3A243BC8D5D28C35BC2228E956CEC4A84-
E2FD9+7B491188699BE315594674BCF220F646374D37FB+7B6B192F80DF97B77F154759-
D52DCB36EDAA4C04+7B7646488C79B4B65E68377F031C8F311B5DA41C+7C3451A8B0815-
2D3F96D14C2A8FF7E7E9A7B35BA+7C760434848F269526B9106C1AF90ECB30C99233+7D-
71D536F0008C92359B90A562C9833F5F05FBAE+7E1C1950A7811EBE18C9A13786D368F5-
EE6D1739+7E4D270E81E09F6FC04C2CB86EAF35EF2D1E17DC+7EFADD3DCBCFC177FE279-
2B04E56ACBD41738048+7F149EDEB7FC006E217999D41B7847EBC1367C84+8037A25D01-
DFCE6B96C17B78263C9729B392BC13+80A970A07F05248443B6323179118DD60B6FE8AF-
+80D5060536A2CB4824C4EAAA49DF564AB80F8817+8168C3A6E8F8376B23E4C9C323633-
CB6A1ED311F+818B389B9692BB25405A1AC61F578B3D034D70D3+82956AA740B1BD8210-
52FF6EDC73FB2806E64472+82CE752961AA720E1762EF69C55E44CDD7DDE3A1+83629CD-
7509434E26020BC28D9F5AFBC3DF9EA5C+859280FD9FF7E586AA306B11E613BEA170B82-
44C+862921EEDF2EBDD44D546F3B05AB9AD815A128CF+86916AB2F07553D663B7F3B8A8-
1383296068D180+86A954EC560D8F73DA482F38CAF0617DCB91A816+86AD7F577807E21-
B57816992190A1568E1731F62+87167BB849E55F842DD78A4377FDD7477AD9C819+875D-
3632780DEE3B9E89995F52BBAE2EF4AA6B8E+87FF43A30177FD9801F604B94C55FA8BD8-
76EECC+88952C1DD1D4E42E32876940AB2D03E2B5AB25AC+889BC7B97BA1D324D7509E9-
FCD8D0601F6CE6E21+894DC5E08249EFF04EC49C3BCBFFCE3122E0CCCD+8A2B0EB6E654-
D220AE549C8C09EBE8D64BD2B3AF+8A7A13ED1B836A7431626A92BCBBCE77BFFA379D+8-
C199B1772784027F71C951462AC2E0ED796B1BD+8E8E22DE494E10707A8DDE6EF8A6EF8-
3810A009E+8F90BD2B1C5647DAA742BA25643F2617CDCEB383+903E82F24EE49BE72DFC-
C60ED4C64D0918F8D3EA+91A539224B5620E65E6A36FFA27ED5E5F4DCE35D+926FD4182-
E326F2F9AAC5E2DEF51016027EE6367+92FBF1C6B639D05273CB2181F19A46DA2AC968D-
B+9307B09E1DE0DA6799A827D7A51DA62BD0F7D693+931453E4CBDC0D065AA639843B5C-
12CBCD1CF26C+94CA00B23F72666493399F3E4B6C50DCE9B5571B+95302D3629AC852AF-
BEBEEF4A48C99FA096A09E8+9538D730B09FE41427ACBABCD82593EA85CA77E9+95AC53-
CCFB1854AAFC3EAB2A193EB0283107E414+95BA05F40C786971DB8B6E866A31C60D5FCD-
BEF1+968F2D92839F2D604041B3587AC0513FD983D194+96BB8D5DCA68BC49B3D4D9A7C-
53E9E76886B6997+96BD8E7BC2830968B08D67834895FE12DB07EF49+977886E5651552-
6B4F1210B460F2C0ADD7FD0D81+98E5C2870D9803E1CBE334B2EB2B718C834138B5+98F-
9E9696885D68C11AA5116A20750B98515F7AA+992A0AF2B05F9B64B4B038BF0E2FC0020-
7154492+9951D9A803C7388126FB0303DDA89031E8453F82+99DD7FC8F1C4DE68FECE2A-
B36FE289B9E01CD53B+9A26CDB3BF3904B9FC7C6E3D846D596B15E9BA58+9A412922A40-
E5239D1969BDF7CB509852CD4C38D+9B4E0AA9D3C36CD9DFFFA9E6CEE3FE62E97B5069+-
9B8B598D5D46A3BBC3B4D1AA603F98374B504804+9C3B40EEB6A12E833FD4C661440413-
9CAD02D223+9C9CF0DE4D877BDE43BAFE9E9B695BED1A29D057+9DB1718DCD5F679FA0A-
6D060679C31229B53647D+9DF89A5588542EEF76379376DA1C8D76B5AB5409+9E4F0417-
C3FF859F3C12DC2FCD5534EFFBC67F0C+9E676DB8E98F5859F6C5BF96D8B67141A8E2FC-
D3+9E6FECAA29FF31835098BF53D964C525AA8D94AE+9F0A9522F6FB6F1EE1318D2DEB9-
4E830377CE730+9F4E97792302B5CAAC3A302E8BA0F665C4488934+A059681F1A2C40FF-
54F6ADC79536140EF33BFE69+A0627FBE8951E2CA32D6DF511EC5EBB1DC2747F5+A13AC-
CB7074E264E0F240156860365BCDAFC14E8+A18B9E8897F1C5E16A12329989A79FA87D8-
BAC5E+A1E21DE9D05B134243F4210E5C7A1534E0F75CC9+A20EEB1C32CA85087E036275-
9F1B6820B15EFF38+A375B7FF8818FFDA4CCD1A9B0829A850494CD7DE+A3A7118B579EC-
83D2D685CFACCE72CAF0AC2D0D4.z". I'll try again soon.
 
Best regards
Robin
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN]Failing because we have 4063 connections already. Please read doc/TUNING for guidance

[tor-admin]

On Sunday 21 February 2016 12:02:49 nusenu wrote:
> > since I upgraded the torland relay from 2.6.7 to 0.2.7.6 I get the
> > following warnings:
> > 
> > 09:20:30 [WARN] Failing because we have 4063 connections already. Please
> > read doc/TUNING for guidance. [101144347 similar message(s) suppressed in
> > last 21600 seconds]
> 
> Are you using tor packages from
> https://deb.torproject.org/torproject.org/dists/ ?
I get packages via
deb https://deb.torproject.org/torproject.org precise main

But I use a custom startup script from torservers, that is able to handle 
multiple instances. It should set ulimits -a 65535 but that seams not to work. 
After I increased it via sysctl, the warning is gone.

torland 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN]Failing because we have 4063 connections already. Please read doc/TUNING for guidance

[tor-admin]

On Sunday 21 February 2016 12:57:52 Julien ROBIN wrote:
> When I had 2 tor clients running (the second launched manually by a user
> named "tor2"), I modified the "limits.conf" file, adding those 2 lines at
> the end :
> 
> #*   softcore0
> #roothardcore10
> #*   hardrss 1
> #@studenthardnproc   20
> #@facultysoftnproc   20
> #@facultyhardnproc   50
> #ftp hardnproc   0
> #ftp -   chroot  /ftp
> #@student-   maxlogins   4
> tor2 softnofile  10
> tor2 hardnofile  10
> 
> May be it needs a restart, or it doesn't apply to what have been started by
> "tor2" user before the modification When tor is launched by /etc/init.d/tor
> start may be this haven't to be done manually.
Thanks Julian for the hint. I adjusted limits.conf accordingly, so the users 
that run the tor processes get increased number of fds.

torland
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN]Failing because we have 4063 connections already. Please read doc/TUNING for guidance

[tor-admin]

On Sunday 21 February 2016 11:56:37 Jonas Bergler wrote:
> https://gitweb.torproject.org/tor.git/tree/doc/TUNING

Thanks Jonas for the link. file descriptors should be set to ulimit -n 65535 in 
the tor startup script. I thought that would work. But checking 
/proc/PID/limits I saw that file descriptors were actually limited to 4096.

I increased fds via sysctl. Now the warning is gone.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN]Failing because we have 4063 connections already. Please read doc/TUNING for guidance

[nusenu]

> since I upgraded the torland relay from 2.6.7 to 0.2.7.6 I get the following 
> warnings:
> 
> 09:20:30 [WARN] Failing because we have 4063 connections already. Please read 
> doc/TUNING for guidance. [101144347 similar message(s) suppressed in last 
> 21600 seconds]

Are you using tor packages from
https://deb.torproject.org/torproject.org/dists/ ?

> Google only spits out https://trac.torproject.org/projects/tor/ticket/16929 
> which does not help me. I don't find the mentioned branch bug16929 in git.
> 
> Can someone please advise what has to be done to avoid the warning, 

> or point 
> me where I find can the file "doc/TUNING". 

https://gitweb.torproject.org/tor.git/tree/doc/TUNING



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN]Failing because we have 4063 connections already. Please read doc/TUNING for guidance

[Julien ROBIN]

Hi,

I think it's a problem of amount of file descriptors : depending on the user, 
you have a limited amount of file descriptor that can be used (inside the tor's 
code, file descriptors are also used as handle/identifier for all network 
connections).

I think the max amount of it (for a given user) can be checked with the command 
"ulimit -n" as this user.

When I had 2 tor clients running (the second launched manually by a user named 
"tor2"), I modified the "limits.conf" file, adding those 2 lines at the end :

#*   softcore0
#roothardcore10
#*   hardrss 1
#@studenthardnproc   20
#@facultysoftnproc   20
#@facultyhardnproc   50
#ftp hardnproc   0
#ftp -   chroot  /ftp
#@student-   maxlogins   4
tor2 softnofile  10
tor2 hardnofile  10

May be it needs a restart, or it doesn't apply to what have been started by 
"tor2" user before the modification
When tor is launched by /etc/init.d/tor start may be this haven't to be done 
manually.

That's all I know about it, hope it will help you to find and correct the 
problem !

Best regards,
Julien ROBIN

- Mail original -
De: tor-ad...@torland.me
À: tor-relays@lists.torproject.org
Envoyé: Dimanche 21 Février 2016 12:39:59
Objet: [tor-relays] [WARN]Failing because we have 4063 connections  
already. Please read doc/TUNING for guidance

Hi all,

since I upgraded the torland relay from 2.6.7 to 0.2.7.6 I get the following 
warnings:

09:20:30 [WARN] Failing because we have 4063 connections already. Please read 
doc/TUNING for guidance. [101144347 similar message(s) suppressed in last 
21600 seconds]

Google only spits out https://trac.torproject.org/projects/tor/ticket/16929 
which does not help me. I don't find the mentioned branch bug16929 in git.

Can someone please advise what has to be done to avoid the warning, or point 
me where I find can the file "doc/TUNING". 

Thanks

torland
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN]Failing because we have 4063 connections already. Please read doc/TUNING for guidance

[Jonas Bergler]

https://gitweb.torproject.org/tor.git/tree/doc/TUNING

On Sun, Feb 21, 2016 at 11:39 AM,  wrote:

> Hi all,
>
> since I upgraded the torland relay from 2.6.7 to 0.2.7.6 I get the
> following
> warnings:
>
> 09:20:30 [WARN] Failing because we have 4063 connections already. Please
> read
> doc/TUNING for guidance. [101144347 similar message(s) suppressed in last
> 21600 seconds]
>
> Google only spits out
> https://trac.torproject.org/projects/tor/ticket/16929
> which does not help me. I don't find the mentioned branch bug16929 in git.
>
> Can someone please advise what has to be done to avoid the warning, or
> point
> me where I find can the file "doc/TUNING".
>
> Thanks
>
> torland
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [WARN]Failing because we have 4063 connections already. Please read doc/TUNING for guidance

[tor-admin]

Hi all,

since I upgraded the torland relay from 2.6.7 to 0.2.7.6 I get the following 
warnings:

09:20:30 [WARN] Failing because we have 4063 connections already. Please read 
doc/TUNING for guidance. [101144347 similar message(s) suppressed in last 
21600 seconds]

Google only spits out https://trac.torproject.org/projects/tor/ticket/16929 
which does not help me. I don't find the mentioned branch bug16929 in git.

Can someone please advise what has to be done to avoid the warning, or point 
me where I find can the file "doc/TUNING". 

Thanks

torland
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Bad password or authentication cookie on controller.

[Tim Wilson-Brown - teor]

> On 22 Jan 2016, at 08:33, pa011  wrote:
> 
> Hello,
> 
> yesterday I got within a minute three times the above warning in my log
> file on Tor 0.2.7.6.
> 
> Could somebody please explain to me what it means and how to solve?

Someone tried to login to your control port with the wrong password.
Are you running a relay monitor? (It could be misconfigured.)

Is your ControlPort bound to a non-loopback address?
Are you running in a FreeBSD jail or OpenVZ VM?
They can bind to non-loopback addresses unexpectedly.

Are you running an exit?
Have you set your exit policy to block all local addresses on your relay?
Tor tries to find and block all local addresses, sometimes it can't discover 
all of them.

> Is there a source where I can possibly find answers on this and other
> warnings?


Unfortunately, there's no reference containing all of Tor's warnings.
Search the mailing lists, source code or Internet?

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] Bad password or authentication cookie on controller.

[pa011]

Hello,

yesterday I got within a minute three times the above warning in my log
file on Tor 0.2.7.6.

Could somebody please explain to me what it means and how to solve?

Is there a source where I can possibly find answers on this and other
warnings?

Thanks in advance

Paul
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Content-Length is less than zero; it looks like someone is trying to crash us

[Toralf Förster]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/23/2015 09:59 PM, Roger Dingledine wrote:
> If your DirPorts are on port 80, it might even just be a random bad
> person on the Internet who thinks he is attacking webservers, and
> doesn't even know it is Tor.
> 
indeed - port 80 here.

> I guess at some point we should make these into protocol-warns
> (meaning they're info-level logs unless you set "ProtocolWarnings
> 1"), since there isn't really anything you should *do* in response
> to them.
yes, I translate a  "[warn]" into "do something !"

- -- 
Toralf, pgp key: 872AE508 0076E94E
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlWxVvUACgkQxOrN3gB26U4HYQD+Js4mdkSvHpqft2jHiq9fwov/
hGEGb3goh6bg2W7lKkgA/2hn2YvqlYs11xpstbNUxD+w6GvqMNBflzRAkiy8TnjZ
=FVe3
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Content-Length is less than zero; it looks like someone is trying to crash us

[Roger Dingledine]

On Thu, Jul 23, 2015 at 09:38:02AM -0400, Steve Snyder wrote:
> Yes, I got the same thing recently.  A burst of 56 of these log entries over 
> a 3-minute period on July 21st. Seen with v0.2.6.10.
> 
> Somebody shaking doorknobs.

If your DirPorts are on port 80, it might even just be a random bad person
on the Internet who thinks he is attacking webservers, and doesn't even
know it is Tor.

I guess at some point we should make these into protocol-warns (meaning
they're info-level logs unless you set "ProtocolWarnings 1"), since
there isn't really anything you should *do* in response to them.

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Content-Length is less than zero; it looks like someone is trying to crash us

[Toralf Förster]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/23/2015 03:38 PM, Steve Snyder wrote:
> Seen with v0.2.6.10.
yep, 0.2.6.10 here too


- -- 
Toralf, pgp key: 872AE508 0076E94E
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EAREIAAYFAlWxNL0ACgkQxOrN3gB26U4eBQEAh8Vdxp1dxod0hYpmiCIEPJkV
9jwVt5bJa4FXXR9ricIA/R+2PFRg3ZSuTk4gVQh8SKF6qGa5W0Y309/ZpxAsrDP0
=UFQ6
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Content-Length is less than zero; it looks like someone is trying to crash us

[Steve Snyder]

Yes, I got the same thing recently.  A burst of 56 of these log entries over a 
3-minute period on July 21st. Seen with v0.2.6.10.

Somebody shaking doorknobs.


On Thursday, July 23, 2015 8:46am, "Toralf Förster"  
said:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 07/23/2015 02:26 PM, Pascal Terjan wrote:
>> You message seems encrypted with your own key so only you can read it.
> 
> Ick, again here just signed :
> 
> 
> Got the warnings messages today morning for the first time -I'm just curioius 
> if
> somebody else was affected too ?
> 
> 
> Jul 23 09:32:22.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:32:22.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:32:22.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:32:23.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:32:23.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:32:23.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:32:23.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:32:24.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:38:11.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:38:13.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:38:13.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:38:56.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:38:56.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:15.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:19.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:19.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:20.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:20.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:20.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:20.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:20.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:20.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:20.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:20.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:21.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:21.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:21.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:21.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:21.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:21.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:21.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:21.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:21.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:21.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:22.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:22.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:22.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:22.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:22.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:22.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:22.000 [warn] Content-Length is less than zero; it looks like 
> someone
> is trying to crash us.
> Jul 23 09:39:22.000 [warn] Request too large from address '[scrubbed]' to 
> DirPort.
> Closing.
> Jul 23 09:39:23.000 

Re: [tor-relays] [warn] Content-Length is less than zero; it looks like someone is trying to crash us

[Toralf Förster]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/23/2015 02:26 PM, Pascal Terjan wrote:
> You message seems encrypted with your own key so only you can read it.

Ick, again here just signed :


Got the warnings messages today morning for the first time -I'm just curioius 
if somebody else was affected too ? 


Jul 23 09:32:22.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:32:22.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:32:22.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:32:23.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:32:23.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:32:23.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:32:23.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:32:24.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:38:11.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:38:13.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:38:13.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:38:56.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:38:56.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:15.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:19.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:19.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:20.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:20.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:20.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:20.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:20.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:20.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:20.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:20.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:21.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:21.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:21.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:21.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:21.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:21.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:21.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:21.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:21.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:21.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:22.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:22.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:22.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:22.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:22.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:22.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:22.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:22.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:23.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:23.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:23.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:23.000 [warn] Request too large from address '[scrubbed]' to 
DirPort. Closing.
Jul 23 09:39:23.000 [warn] Content-Length is less than zero; it looks like 
someone is trying to crash us.
Jul 23 09:39:23.

Re: [tor-relays] [warn] Content-Length is less than zero; it looks like someone is trying to crash us

[Pascal Terjan]

On 23 July 2015 at 13:22, Toralf Förster  wrote:
> -BEGIN PGP MESSAGE-
> Charset: utf-8
> Version: GnuPG v2
>
> hQQOA9vCYl42+L0WEBAArg1D4faK3HdxN9Zqql89LPgFAdUVfIuyS+HdMpeHYGcU
[...]
> -END PGP MESSAGE-

You message seems encrypted with your own key so only you can read it.

gpg: encrypted with ELG-E key, ID 36F8BD16
gpg: decryption failed: secret key not available
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] Content-Length is less than zero; it looks like someone is trying to crash us

[Toralf Förster]

-BEGIN PGP MESSAGE-
Charset: utf-8
Version: GnuPG v2

hQQOA9vCYl42+L0WEBAArg1D4faK3HdxN9Zqql89LPgFAdUVfIuyS+HdMpeHYGcU
bHuEAiFA20YWtXTqvEQZ3T1FFCN5tX3psIJdfSUmvIEo8Q8vvK18g2wAiyXUp+aG
Rvm4KLfjVIYVNTO4jc3t9rFiaIhE1OtF9IY41Cr9UPZ4ICkg2Yszvy49F9FVPrjY
vEvu0ng3FIdFVdNTXFg+UZ+qN7Rvv/P2cWlcgLfltE6pne+7WHFy/KTNClysyEmF
ee0QciCcqs+qLAeYpKyDfbUUQMiYxA0rUKk/o6UMJyAmzwNSr+i/cY1LWhyvBaHk
7c2lqBsj2SQQeqMEnrENE/hHRdOOIMSe06lSRcOt4HG8y1MFGhOvXmA+3CyR4EYk
+MazRhZ+obOwhOCo1Hq7bRnuZygRL/sE/AY+MX/OQ7Cy/MaFhIHdIdc9HZ50VgZB
Ze9TclgA/Tl+hMGSG6kyuagx3K0GrdrhfAmIZltKezqFG9ug+PLEiscZ5oSBZLKz
Zpft46iKSme6zhtx63CJUsoxHF73OzTkW2zVPRpsPCXW3cpMlaya/Mb9B8yB8Bqa
lRbC2mql7hWMwmOCC4x5OP7usztiu7BNY53hb5FYKpwCWcM+gNFP6TR3CD+uOvVp
0kzJb+GX6bm0j4S5TcAg8BcEvVjCbtiUJfPrLDuqaZwdQSsQd0hA6wU72WhMEFAQ
ANF59cv9JL2u+9o92VZ38ROvh0Cph34MAbn/s7keZWaKRb4GXaeSDeHdAnT9mMlb
Pu6s+K5YrOysxA0OwICfn9GNfOPDi8paP0eCZebp8SOKwmLo/u2H9jYdqPqzgo0U
scjPZA0reKBskdoPFZtdiGy/Pwb+SWjolnpjSJOOj2ziCgt0VZOyMfU+8X1T2Foj
7OqAcmz/gihhGG86g2fstF26M0rPtbB7ug9MWdxk9hNDnt14NW1+Zxa/XouWhF2x
e5vbX4bSCMczD4zey0G4U0kSjJKs88CQ1dPWeHW4fZEVby1cEdq1WxS3Rz9hFWp9
uGNJZvg1NEs8JiznyKYm1ae8wzacXt0LFEJbf0NfZFxHRYdBaJ37xg1PErOIyAhJ
FbEDZOTY012xf9ZgeY8FOAYVbj61v9QuB3In48m0xNNv3/fyIuUuECtuyTfOwHyt
pm+oPjF7Vckj9FEljmct5qDceDbgaZU71F1cVGCM4MRhpbYw2RVSuGzjfJmkyhty
cLWHysQfBI9qGjDLvyY6y5ffJX7IpwngwSXG0AgQRafAUO70ubeWMm7ExKLqgMyG
LiPp5lxZj9W+bwp/pmkaAreXzZRsxwjIGsob+oLN8PFO3eU6rk2lWsNjGF8t0nWa
hn8+3Oqdi00/ij1DPLuL0j7SasC1HosU6MAhgoG6gDo+0ukBSKVDsVwkavPTT1aD
fwoCUhsIUtRz3O9nmVTppPk5s4XpCbKcn9SJziyDRpHoMIiXib58lOq/MjzfB6pf
YUkDkvUJ0AghuPDl0LbkEPGi9WrwZSfoZxNXSj7AxdsqQYrkw/UwUrclDg8npP1R
ptwGJVWbrri5lzEhFYliFQN7qgxsCicdZeZPza130gC//J4oZ0GcIzZK37NIduSQ
xpCtMeofaHnUaq7hQnwk6Ac/Ct3FXY+TDbhOPKkpyH/ldRxoY25eDOvsdnMVQEo6
whooRuAiVqumMZor4hWvaJ7+/IwcgfM48xb4kxAq6iihzFCqzAQRZPIsLFyTGXn/
Z09jVjK6SaKj1U+DolmmpmIsQSmyj7G21oXO0gaf0Yu4dhjnorndQ2UoYOUSrzyg
7W2lkc64VszELxYL/sdXxbGmdJXwQKb8hVYy6DuD2xpZnp17WdvcxfhrsPnP19Th
V9k1qDSSdftFcDLzKLp5yp5hJQQVnaVLFY4lrADSj996uxVYUBj6rUyl+YuLF+Sg
FGWD76DiGbfo33uhC/UDgspITD3laFZlAB1FBBnondXOn6QRHXqqM+QS3mSa5h7c
jSHLi68tZro5nkq4GWv/NKX0qaZVYwqi8Klzuzzk5zpuoPslk8EEtMB24BeTj8/F
ugl7/GrS+cHqyO+kApXT8XdHba0L0Z0y+/geHwwgsCd5RXjqKJssEAFrgh28+zgp
faJdt3bFa9CZWQnYXOwP7G8F+x10Eo9uRC6esSDmiwLvg6f6u2BBX4FJTeQl9Exd
18+P/JDmT5SM7BsfaCXhLVK15aEeSDnZkoTP0bkbeIAAJU0gkSWnGlS0WzBSqQBZ
sNNVLhBbaDGI1kQuf6SUO5ULrmzU37ke9xSBucH4IrH2pEWygrKuJn1E9G+M7QBj
vQ==
=j7hG
-END PGP MESSAGE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server.

[Martin Ekendahl]

This morning I rebooted my relay after some patching. I was running 2.6.7
on Ubuntu 14.04.2 LTS from. The server is always a bit slow rebooting but
when it came back up always check the Tor relay and now I see an excessive
amount of these errors:

May 29 12:20:36.000 [warn] Problem bootstrapping. Stuck at 10%: Finishing
handshake with directory server. (DONE; DONE; count 906; recommendation
warn; host CC23B32FA040945FF49D94AC3D4334429CB4E2CD at 62.75.241.71:1110)
May 29 12:20:36.000 [warn] 905 connections have failed:
May 29 12:20:36.000 [warn]  849 connections died in state connect()ing with
SSL state (No SSL object)
May 29 12:20:36.000 [warn]  42 connections died in state handshaking (TLS)
with SSL state unknown state in HANDSHAKE
May 29 12:20:36.000 [warn]  8 connections died in state handshaking (Tor,
v3 handshake) with SSL state SSL negotiation finished successfully in OPEN
May 29 12:20:36.000 [warn]  2 connections died in state handshaking (TLS)
with SSL state SSL negotiation finished successfully in OPEN
May 29 12:20:36.000 [warn]  2 connections died in state handshaking (TLS)
with SSL state SSLv3 read server hello B in HANDSHAKE
May 29 12:20:36.000 [warn]  1 connections died in state handshaking (TLS)
with SSL state SSLv3 read finished A in HANDSHAKE
May 29 12:20:36.000 [warn]  1 connections died in state handshaking (Tor,
v3 handshake) with SSL state SSL negotiation finished successfully in CLOSED

I still see about 7000 inbound connections and 3000 outbound, I'm not sure
what my connection average is, but the current bandwidth being used is
below average (from the reboot).

There have been a couple DDOS alerts from my ISP the past couple days,
something I never used to get. I can confirm via my dashboard nothing has
been mitigated so I assume no filtering is going on, and traffic is still
coming and going, but for some reason there are a lot of connections not
being made it appears from the logs, and these only started appearing after
I restarted my server/relay. Any ideas what would be causing all these
issues?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Tried to establish rendezvous on non-OR or non-edge circuit.

[Random Tor Node Operator]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21.05.2015 13:23, Sharif Olorin wrote:
>> Any idea ? or its normal ?
> 
> I'm not sure, but I also saw this for the first time today after 
> enabling ipv6 on a relay last week. A quick look at the relevant
> code doesn't shed any immediate light on what would be causing this
> (the triggering request is to establish a rendezvous point with a
> hidden service, but I'm not familiar with the semantics of the
> CIRCUIT_PURPOSE check that's failing).


I have been getting these warnings on both of my relays for a long
time, whether with or without IPv6.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJVXcckAAoJEJe61A/xrcOQFboQAJFbwudTfJuQKvTQFxCQ7IAJ
HWhBCCsMHRHGyRZdywJJXNx5LKx+GYnvjWqNZiYANeGKpCvAsL6oXF60s81smv1U
baoXPdyA5z+GwVOTJVbC+URt1UzjMHV18Y5gdWM6w/IbBaiTUBu83KPhGrmE3z8V
NFKRb8aqrfqZ+tUx6K2vIONup6/NaByFHMF6d6xJfOCC0xrYTR0a2HnFV0cDP4Ne
vNYuTbLAoSkwyfQgJ0mvCLY0y+VDbW4RLgoLzBUchDIJSABghTnvfnH5U+cye8m+
fnFzY5WolIehtBwX9Y1vsJNpY9WGn9P5RO2OVKBn3s+u7IT6kIWcpVyv25MmkVUD
9c7ilxhsgdBjaEF29gAELZbAZiCPDXm2xMopwxZ67vVxBAOqc3PwbB4T4ly2idzZ
dL/i9Kw4PgPWN5YIkaR6ksyz67fTwXmg14crSj63xYyZHGUY1h1gGphH/SG7HdSF
+MLwJ+HKc2R9Qj0zVn3yCweybwMTgEh+d4MfkD42+dFvsebG5Kpy/vKse/IC/laM
BpgPcWM3TBYkls4cq+/GzgX/qe9oeNCt8RB7H0Rq3nLdNvS7SBXZWCB+TWsq8XFr
B9brTZWqzfUsqkxJARyDlUmkiygAQUliRq2ZR4I9ayWSaZw1LBKAfvX2XCg1+m9v
uHVr3hEUDx5ocfUJPQ5g
=QB5r
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] Tried to establish rendezvous on non-OR or non-edge circuit.

[Cmar433]

Hi people ..

i yesterday started IPV6 but now i see in log following messages periodically


part of my torrc below.
I only add ipv6 lines.
Any idea ? or its normal ?

Thanks

Cmar


ORPort 37.157.192.208:443
ORPort [2a02:2b88:2:1::3a62:1]:9050

## If you want to listen on a port other than the one advertised in
## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
## follows.  You'll need to do ipchains or other port forwarding
## yourself to make this work.
#ORPort 443 NoListen
#ORPort 127.0.0.1:9090 NoAdvertise

## The IP address or full DNS name for incoming connections to your
## relay. Leave commented out and Tor will guess.
Address 37.157.192.208

## If you have multiple network interfaces, you can specify one for
## outgoing traffic to use.
OutboundBindAddress 37.157.192.208


info from log:

May 19 22:42:03.000 [notice] Average packaged cell fullness: 99.082%
May 19 22:42:03.000 [notice] TLS write overhead: 3%
May 19 22:42:03.000 [notice] Circuit handshake stats since last time: 
118791/118793 TAP, 161141/161141 NTor.
May 19 23:13:45.000 [warn] Tried to establish rendezvous on non-OR or non-edge 
circuit.
May 20 03:08:03.000 [warn] Tried to establish rendezvous on non-OR or non-edge 
circuit.
May 20 03:33:54.000 [warn] Tried to establish rendezvous on non-OR or non-edge 
circuit.
May 20 04:42:03.000 [notice] Heartbeat: Tor's uptime is 18:00 hours, with 4375 
circuits open. I've sent 211.07 GB and received 203.24 GB.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Tried to establish rendezvous on non-OR or non-edge circuit.

[Sharif Olorin]

> Any idea ? or its normal ?

I'm not sure, but I also saw this for the first time today after
enabling ipv6 on a relay last week. A quick look at the relevant code
doesn't shed any immediate light on what would be causing this (the
triggering request is to establish a rendezvous point with a hidden
service, but I'm not familiar with the semantics of the CIRCUIT_PURPOSE
check that's failing).

Relevant: https://trac.torproject.org/projects/tor/ticket/15618

Regards,
Sharif

-- 
PGP: 6FB7 ED25 BFCF 3E22 72AE 6E8C 47D4 CE7F 6B9F DF57


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] No unused circIDs found on channel without wide circID support

[ra]

reply-to: tor-dev

On Monday 29 September 2014 15:00:29 tor-admin wrote:
> since upgrading torland to 0.2.5.8-rc I see the below warnings. Is this
> something to worry about?

IMHO this might be due to a programming error in the circuit ID selection code 
or possibly indicate a DoS attack. 

> --
> Sep 28 16:07:24.000 [warn] No unused circIDs found on channel without wide
> circID support, with 0 inbound and 4 outbound circuits. Found 0 circuit IDs
> in use by circuits, and 64 with pending destroy cells. (0 of those were
> marked bogusly.) The ones with pending destroy cells have been marked
> unusable for an average of 7594 seconds and a maximum of 16137 seconds.
> This channel is 18469 seconds old. Failing a circuit.
> Sep 28 16:07:24.000 [warn]   Circuitmux on this channel has 4 circuits, of
> which 4 are active. It says it has 29535 destroy cells queued.

Those lines are important. I would suggest opening a ticket on trac. See 
#11553.

Best,
Robert


signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] No unused circIDs found on channel without wide circID support

[tor-admin]

Hi,

since upgrading torland to 0.2.5.8-rc I see the below warnings. Is this 
something to worry about?

Regards,

torland

--
Sep 28 16:07:24.000 [warn] No unused circIDs found on channel without wide 
circID support, with 0 inbound and 4 outbound circuits. Found 0 circuit IDs in 
use by circuits, and 64 with pending destroy cells. (0 of those were marked 
bogusly.) The ones with pending destroy cells have been marked unusable for an 
average of 7594 seconds and a maximum of 16137 seconds. This channel is 18469 
seconds old. Failing a circuit.
Sep 28 16:07:24.000 [warn]   Circuitmux on this channel has 4 circuits, of 
which 4 are active. It says it has 29535 destroy cells queued.
Sep 28 16:07:24.000 [warn] Channel 93320 (at 0x7fbff4579d90) with transport 
TLS channel (connection 3245390) is in state open (2)
Sep 28 16:07:24.000 [warn]  * Channel 93320 was created at 1411894775 (18469 
seconds ago) and last active at 1411913240 (4 seconds ago)
Sep 28 16:07:24.000 [warn]  * Channel 93320 says it is connected to an OR with 
digest 4C733BAC82CC609ACC58AD95BFBFF04D5D06188C and no known nickname
Sep 28 16:07:24.000 [warn]  * Channel 93320 says its remote address is 
[scrubbed], and gives a canonical description of "[scrubbed]" and an actual 
description of "[scrubbed]"
Sep 28 16:07:24.000 [warn]  * Channel 93320 has these marks: 
!bad_for_new_circs canonical is_canonical_is_reliable !client !local outgoing
Sep 28 16:07:24.000 [warn]  * Channel 93320 has 0 queued incoming cells and 0 
queued outgoing cells
Sep 28 16:07:24.000 [warn]  * Channel 93320 has 4 active circuits out of 4 in 
total
Sep 28 16:07:24.000 [warn]  * Channel 93320 was last used by a client at 0 
(1411913244 seconds ago)
Sep 28 16:07:24.000 [warn]  * Channel 93320 was last drained at 1411913141 
(103 seconds ago)
Sep 28 16:07:24.000 [warn]  * Channel 93320 last received a cell at 1411913240 
(4 seconds ago)
Sep 28 16:07:24.000 [warn]  * Channel 93320 last transmitted a cell at 
1411913141 (103 seconds ago)
Sep 28 16:07:24.000 [warn]  * Channel 93320 has received 234 cells and 
transmitted 2497
Sep 28 16:07:24.000 [warn]  * Channel 93320 has averaged 78.927350 seconds 
between received cells
Sep 28 16:07:24.000 [warn]  * Channel 93320 has averaged 7.396476 seconds 
between transmitted cells
Sep 28 16:07:24.000 [warn] failed to get unique circID
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] crypto error while checking RSA signature: padding check failed

[Nick Mathewson]

On Fri, Feb 21, 2014 at 10:46 PM, Zenaan Harkness  wrote:
> Occasionally (such as just now) I have seen these two errors in arm:
>
>  │ 13:21:25 [WARN] crypto error while checking RSA signature: padding
> check failed (in rsa routines:-
>  │   RSA_EAY_PUBLIC_DECRYPT)
>  │ 13:21:25 [WARN] crypto error while checking RSA signature: block
> type is not 01 (in rsa routines:-
>  │   RSA_padding_check_PKCS1_type_1)
>
> Are they anything to worry about?
> Zenaan

Probably not.  It probably means that some bytes got corrupted on the
network, not that somebody's trying an attack.

(If somebody _were_ trying an attack, this would be a stupid one,
since it wouldn't work against any Tor software I'm aware of.)

peace,
-- 
Nick
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [WARN] crypto error while checking RSA signature: padding check failed

[Zenaan Harkness]

Occasionally (such as just now) I have seen these two errors in arm:

 │ 13:21:25 [WARN] crypto error while checking RSA signature: padding
check failed (in rsa routines:-
 │   RSA_EAY_PUBLIC_DECRYPT)
 │ 13:21:25 [WARN] crypto error while checking RSA signature: block
type is not 01 (in rsa routines:-
 │   RSA_padding_check_PKCS1_type_1)

Are they anything to worry about?
Zenaan
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Zenaan Harkness]

On 2/21/14, grarpamp  wrote:
>> something I did to ntpd.conf (probably adding servers above the
>> default debian entries which are:
>> server 0.debian.pool.ntp.org iburst
>
> The order doesn't matter. Though if DNS is not up before
> ntpd on boot, specified poolnames won't resolve and I think it's still a
> oneshot so only servers listed by ip would be loaded. see ntpq -np
> while listing a bogus hostname, a poolname, and an ip.

Well I have a couple of IP listings now, and I haven't seen the
~2minute jump since adding them.

So things have definitely improved on that front.

I still see rather wild deltas (upwards of a second sometime), but at
least it doesn't get worse than that:
Feb 22 11:26:38 lt8 ntpdate[4832]: step time server 192.189.54.17
offset 0.762756 sec
Feb 22 11:31:48 lt8 ntpdate[4836]: adjust time server 203.59.7.248
offset -0.052660 sec
Feb 22 11:37:00 lt8 ntpdate[4839]: adjust time server 203.23.237.200
offset 0.283965 sec
Feb 22 11:42:11 lt8 ntpdate[4841]: adjust time server 203.23.237.200
offset 0.151871 sec
Feb 22 11:47:26 lt8 ntpdate[4843]: adjust time server 150.101.247.149
offset 0.470046 sec
Feb 22 11:52:35 lt8 ntpdate[4845]: adjust time server 27.106.200.45
offset 0.063318 sec
Feb 22 11:57:46 lt8 ntpdate[4847]: adjust time server 130.102.128.23
offset 0.090110 sec
Feb 22 12:03:00 lt8 ntpdate[4851]: step time server 192.189.54.17
offset 0.515640 sec
Feb 22 12:08:12 lt8 ntpdate[4853]: adjust time server 192.189.54.17
offset 0.308896 sec
Feb 22 12:13:20 lt8 ntpdate[4855]: adjust time server 118.88.20.194
offset -0.162371 sec
Feb 22 12:18:33 lt8 ntpdate[4860]: adjust time server 128.184.218.53
offset 0.302422 sec
Feb 22 12:23:44 lt8 ntpdate[4915]: adjust time server 203.161.12.165
offset 0.162629 sec
Feb 22 12:28:54 lt8 ntpdate[4922]: adjust time server 203.161.12.165
offset 0.035504 sec

Your comment above reminds me of something else I saw:
log.3.gz:Feb 19 09:55:50.000 [warn] eventdns: All nameservers have failed
log.3.gz:Feb 19 09:59:07.000 [warn] Your system clock just jumped 100
seconds forward;

This only happened once or twice back then.

What this leads me to is a couple of things - have a couple ntp
servers listed as ip address in case there is dns problems, but also I
think that one thing that may have affected me is I had essentially no
throttling/bandwidth shaping on the tor relay - and if the
uplink/upload gets satturated, this used to be a problem for
bittorrent (still is I think) and probably for tor relay too - if
certain outgoing packets don't make it out in a timely manner, then
problems happen.

So I have set my RelayBandwidthBurst to 90KB (KiB) (and non-burst to
80KB) - it's an ADSL2 connection pretty close to the exchange, so the
full 1MiB upload is generally possible, I think. I'll see how I
continue to go at 90KB.

Thanks all,
Zenaan
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Gordon Morehouse]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Andreas Krey:
> On Tue, 18 Feb 2014 22:02:21 +, Zenaan Harkness wrote:
>> My tor logs (running on Debian) are showing this warning: [WARN]
>> Your system clock just jumped 100 seconds forward; assuming 
>> established circuits no longer work.
> 
> It may just be that your machine completely hangs for a while 
> occasionally; that will look to tor like a clock jump in that 
> direction. Either hard disk timeouts of some kind, or serious 
> swapping. If VM then also possibly the entire VM being starved 
> occasionally.

This is the case with older versions of Tor (I haven't been active as
much recently, sadly) on the Raspberry Pi.  When the Pi gets
overloaded, Tor thinks there are clock jumps.

Best,
- -Gordon M.



-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJTBsoWAAoJED/jpRoe7/ujGIoIALuGntLCZrRKvXBQKKwg+mJQ
K0NwwGKWDOr62ZC6viAD1G41sTMWSlJjzPx4A3mkzC0fEkwGi6fucaTPMrIrOmTj
W79KoDZVmYQ5T/jmGA+uMV69Hvs+/OfzfYxZF7pgb02KN+nbEV+kykeNNpmPzQtG
znqgdurc75SHbxLh2EYs8hJ+uyRlVTOM1RKDD0TlybCFDfB1Iuie2WCrNnaPqWJM
cQeLMByz8vijyXH+x2LWlJ/gVt2wOUoMKQ2eWdwX0jTqKcedjHoY3OEq+xjOitrW
eKMaqpyG6XWPAElZXaYCBx0+PejaWGLB6Qp9OXKfix1XIIFW7GMe3r/tWKoFb+I=
=iq0R
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[grarpamp]

> I've now gone and added some ntp servers from telstra, iinet and ntp.org.
> Good. Well now I have a number of ntp servers listed, hopefully it
> shall improve the situation.

I don't think ntpd has an option yet to autoreplace bad servers from
DNS pools via future DNS queries. Either way all that's really
needed is 2+1 to break ties, plus 1 or 2 for redundancy.

 If system [ntp]date
 is set first, then under ntpd running for 15min+,
 if ntpq -np does not show one asterisk(*) in front

This will tell you status of peers.

> TOR relay docs should perhaps include, for debian "add your isp's ntp
> servers, and possibly a few from ntp.org, to your /etc/ntpd.conf (and
> check this file is sane)".

You'd have to first figure out why it didn't work out of the box.

> something I did to ntpd.conf (probably adding servers above the
> default debian entries which are:
> server 0.debian.pool.ntp.org iburst

The order doesn't matter. Though if DNS is not up before
ntpd on boot, specified poolnames won't resolve and I think it's still a
oneshot so only servers listed by ip would be loaded. see ntpq -np
while listing a bogus hostname, a poolname, and an ip.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Zenaan Harkness]

On 2/20/14, grarpamp  wrote:
>>> - configure tor to syslog
>>
>> added
>
> 'Log syslog'

The example in etc/torrc is 'Log notice syslog' which I uncommented.

>>> - send an ntpdate -q pool to syslog every 5min,
>>>  remove when solved.
>>
>> Do you mean disable ntpd daemon, and run this instead? Sounds easy
>> enough, I imagine:
>> service ntp stop; while true; do ntpd -gqn -l /var/log/syslog; sleep 5m;
>> done
>> service ntp start
>
> I meant remove it when solved so you don't forget
> and you're banging on the pool every 5 for eternity.
>
> -l /var/log/syslog - this is potentially overwriting or blocking this file
> which
> is managed by syslogd in syslog.conf, pick another new file, or just
> better to use ntp.conf logconfig option.
>
> if you were running ntpd during problems, and ntpd was not working
> right, then ntpdate would be just a tool to separately query and
> print external pool time without impact to running system, for
> comparing with system time.

Thank you. Restarted ntpd, installed ntpdate, running this script:
while true; do sleep 5m; ntpdate -qsv 3.debian.pool.ntp.org; echo "---"; done

...
> ntpd disciplines kernel clock by calculating drift from the net
> and feeds back small rate deltas to kernel.
> no ntpd -> no discipline -> lots of drift... then these manual slews
> and jumpsets happen for people setting time manually, which is non
> ideal, get the daemon running right on its own.
> Tor said 100sec forward, so it maybe sees what look like
> the forward jumps above as accumulated.
> ntpd would not do that if running right, so check for some
> ntp thing in crontab maybe making your jump.

# cd etc; # grep -in ntp cron*/*
cron.daily/ntp:3:# The default Debian ntp.conf enables logging of
various statistics to
cron.daily/ntp:4:# the /var/log/ntpstats directory.  The daemon
automatically changes
cron.daily/ntp:9:statsdir=$(cat /etc/ntp.conf | grep -v '^#' | sed -n
's/statsdir \([^ ][^ ]*\)/\1/p')

Nothing special at all - just standard debian ntp install.

I've now gone and added some ntp servers from telstra, iinet and ntp.org.

>> So it seems that the slew is somehow not being set properly, or
>> rather, now that ntpd is being run every 5 minutes, it gets to add
>> about .2 of a second pretty regularly (I'll continue to watch of
>> course), so something definitely seems amiss. I'm not loading the
>> system default ntpd config file.
>>
>> It looks like time could be running slow and being _not_ updated,
>> except a few times a day, resulting in the 2-3minute jump.
>
> Maybe ntpd is not working/running and cron is maybe doing manual sets.

I've restarted ntpd and running the above script as mentioned. Will
post some output soon.

# service ntp status
NTP server is running.

>>> - send *.* to /var/log/all
>>
>> intended to be a torrc config? It sounds like a good idea to send
>> everything to one log file for a while, till I debug this.
>
> man syslog.conf

Thanks. Looks like debian defaults to rsyslog. Anyway, I know what you
are referring to now, thanks (I'm a bit green, although have been
reported to have at least 1.5 brain cells - though some dispute this
as being biased sample).

>> interesting repeating lines all over daemon.log re ntpd (but not
>> nothing similar in today's daemon.log though.
>
> ntp automatically chooses who it thinks is best to listen to
> among given peers.

Good. Well now I have a number of ntp servers listed, hopefully it
shall improve the situation.

>>> If [system ntp]date
>>> is set, then under ntpd running for 15min+,
>>> if ntpq -np does not show one asterisk(*) in front
>
> Only one of ntpd or ntpdate should be doing the actual timing.
> For most people that means 'ntpd -g' starting as daemon
> at boot, with 'ntpdate -q' and 'ntpq -np' as just cli checks.

Thanks. That's what I'm doing now.

TOR relay docs should perhaps include, for debian "add your isp's ntp
servers, and possibly a few from ntp.org, to your /etc/ntpd.conf (and
check this file is sane)".

OK, grepping logs time...:
Feb 20 23:51:35 lt8 ntpdate[29233]: adjust time server 130.102.2.123
offset -0.024247 sec
Feb 20 23:57:31 lt8 ntpdate[29289]: adjust time server 54.252.129.186
offset 0.018113 sec
Feb 21 00:02:38 lt8 ntpdate[29329]: adjust time server 59.167.170.228
offset 0.025050 sec
Feb 21 00:07:46 lt8 ntpdate[29377]: adjust time server 121.0.0.41
offset 0.017704 sec
Feb 21 00:12:53 lt8 ntpdate[29380]: adjust time server 203.206.205.83
offset 0.004626 sec
Feb 21 00:18:00 lt8 ntpdate[29395]: adjust time server 27.116.36.44
offset -0.003997 sec
Feb 21 00:23:08 lt8 ntpdate[29411]: adjust time server 118.88.20.194
offset -0.003071 sec

Looking very hopeful - convergence of time offset on the way. I guess
something I did to ntpd.conf (probably adding servers above the
default debian entries which are:
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst

I'll check it again in the morning. Next stop, l

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[grarpamp]

>> - configure tor to syslog
>
> added

'Log syslog'

>> - send an ntpdate -q pool to syslog every 5min,
>>  remove when solved.
>
> Do you mean disable ntpd daemon, and run this instead? Sounds easy
> enough, I imagine:
> service ntp stop; while true; do ntpd -gqn -l /var/log/syslog; sleep 5m; done
> service ntp start

I meant remove it when solved so you don't forget
and you're banging on the pool every 5 for eternity.

-l /var/log/syslog - this is potentially overwriting or blocking this file which
is managed by syslogd in syslog.conf, pick another new file, or just
better to use ntp.conf logconfig option.

if you were running ntpd during problems, and ntpd was not working
right, then ntpdate would be just a tool to separately query and
print external pool time without impact to running system, for
comparing with system time.

> Something like -L seems to be needed but -L doesn't stop, the
> following - I don't know what these sorts of lines are (reading docs
> now, but it might take a while to figure it out) - ie I don't know why
> ntpd listens on LAN:
> 20 Feb 18:31:26 ntpd[22655]: Listen normally on 3 eth1 192.168.5.2 UDP 123

ntpd is server and client. ntp.conf can disable/restrict server and other
forms of listening to just 127.0.0.1/::1, or firewall it.

> BTW, looks like ntpd has the same options as ntpdate, intended for the
> same functions (at least on Debian, says ntpdate is deprecated).

It's said that for ages.

> Now, here's the last short while of this ntpd script output:
> ntpd: time slew -0.015558s
> ntpd: time slew +0.062676s
> ntpd: time set +0.191404s
> ntpd: time set +0.187068s
> ntpd: time slew -0.029898s
> ntpd: time slew +0.027801s

If ntpd daemon was running right you'd see ntpdate -q's of under
1ms. .2sec/5min is way out so ntpd isn't running or running right.

ntpd disciplines kernel clock by calculating drift from the net
and feeds back small rate deltas to kernel.
no ntpd -> no discipline -> lots of drift... then these manual slews
and jumpsets happen for people setting time manually, which is non
ideal, get the daemon running right on its own.
Tor said 100sec forward, so it maybe sees what look like
the forward jumps above as accumulated.
ntpd would not do that if running right, so check for some
ntp thing in crontab maybe making your jump.

> So it seems that the slew is somehow not being set properly, or
> rather, now that ntpd is being run every 5 minutes, it gets to add
> about .2 of a second pretty regularly (I'll continue to watch of
> course), so something definitely seems amiss. I'm not loading the
> system default ntpd config file.
>
> It looks like time could be running slow and being _not_ updated,
> except a few times a day, resulting in the 2-3minute jump.

Maybe ntpd is not working/running and cron is maybe doing manual sets.

>> - send *.* to /var/log/all
>
> intended to be a torrc config? It sounds like a good idea to send
> everything to one log file for a while, till I debug this.

man syslog.conf

> interesting repeating lines all over daemon.log re ntpd (but not
> nothing similar in today's daemon.log though.

ntp automatically chooses who it thinks is best to listen to
among given peers.

> (downloading debian boot cd for example) - and no ntp server
> connection failures I could spot in the logs just before.

>> your ntp cli query may not be the same as the ntp
>> daemon query re: udp/tcp port they use, stateful
>> firewall timeout, etc... ie: somehow ntp blocked.
>> Or stale/unwriteable startup drift files on disk.
>
> I am running the 5-minutely script at the moment. But perhaps I should
> keep running the system ntpd at the same time, so I can do this
> suggested test?

I think ntpd will complain about unreachability anyway,
and it seems to be doing peer picking above ok.

>> If [system ntp]date
>> is set, then under ntpd running for 15min+,
>> if ntpq -np does not show one asterisk(*) in front

Only one of ntpd or ntpdate should be doing the actual timing.
For most people that means 'ntpd -g' starting as daemon
at boot, with 'ntpdate -q' and 'ntpq -np' as just cli checks.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Zenaan Harkness]

On 2/20/14, grarpamp  wrote:
> Since you say it repeats you oppurtunity to check the
> system clock first:
> - configure tor to syslog

added

> - send an ntpdate -q pool to syslog every 5min,
>  remove when solved.

Do you mean disable ntpd daemon, and run this instead? Sounds easy
enough, I imagine:
service ntp stop; while true; do ntpd -gqn -l /var/log/syslog; sleep 5m; done
service ntp start

Something like -L seems to be needed but -L doesn't stop, the
following - I don't know what these sorts of lines are (reading docs
now, but it might take a while to figure it out) - ie I don't know why
ntpd listens on LAN:
20 Feb 18:31:26 ntpd[22655]: Listen normally on 3 eth1 192.168.5.2 UDP 123

BTW, looks like ntpd has the same options as ntpdate, intended for the
same functions (at least on Debian, says ntpdate is deprecated).


Now, here's the last short while of this ntpd script output:
ntpd: time slew -0.015558s
ntpd: time slew +0.062676s
ntpd: time set +0.191404s
ntpd: time set +0.187068s
ntpd: time slew -0.029898s
ntpd: time slew +0.027801s

So it seems that the slew is somehow not being set properly, or
rather, now that ntpd is being run every 5 minutes, it gets to add
about .2 of a second pretty regularly (I'll continue to watch of
course), so something definitely seems amiss. I'm not loading the
system default ntpd config file.

It looks like time could be running slow and being _not_ updated,
except a few times a day, resulting in the 2-3minute jump.


> - send *.* to /var/log/all

What's that mean? I need just a little more handholding sorry. Is this
intended to be a torrc config? It sounds like a good idea to send
everything to one log file for a while, till I debug this.

I'll get back to this, but just for the moment, I notice some
interesting repeating lines all over daemon.log re ntpd (but not
recently):

...
daemon.log:Feb 18 03:10:08 lt8 ntpd[2845]: peer 203.24.120.194 now valid
daemon.log:Feb 18 03:15:37 lt8 ntpd[2845]: peer 203.59.9.110 now invalid
daemon.log:Feb 18 03:28:34 lt8 ntpd[2843]: adjusting clock frequency
by 18.354661 to 3.931566ppm
daemon.log:Feb 18 04:08:41 lt8 ntpd[2845]: peer 203.59.9.110 now valid
daemon.log:Feb 18 04:15:29 lt8 ntpd[2845]: peer 118.88.20.194 now invalid
daemon.log:Feb 18 04:15:34 lt8 ntpd[2845]: peer 130.102.2.123 now invalid
daemon.log:Feb 18 04:15:47 lt8 ntpd[2845]: peer 203.171.85.237 now invalid
daemon.log:Feb 18 04:15:52 lt8 ntpd[2845]: peer 202.127.210.37 now invalid
daemon.log:Feb 18 04:16:01 lt8 ntpd[2845]: peer 202.147.104.52 now invalid
daemon.log:Feb 18 04:30:05 lt8 ntpd[2845]: peer 203.59.9.110 now invalid
daemon.log:Feb 18 04:59:11 lt8 ntpd[2845]: 10 out of 20 peers valid
daemon.log:Feb 18 04:59:11 lt8 ntpd[2845]: bad peer from pool
0.debian.pool.ntp.org (130.102.2.123)
daemon.log:Feb 18 04:59:11 lt8 ntpd[2845]: bad peer from pool
0.debian.pool.ntp.org (202.127.210.37)
daemon.log:Feb 18 04:59:11 lt8 ntpd[2845]: bad peer from pool
1.debian.pool.ntp.org (203.59.9.110)
...

nothing similar in today's daemon.log though.


> and see what you find around where the date lines
> start to slide or jump past each other. Graph it
> with rrd/gnuplot if you want. epoch format helps there.
> Your timekeeping is probably just broke somewhere,

sounds like it.


> ie: your system has bad clock drift and also can't sync
> because there's a firewall blocking ntp, so off goes
> your time. Check that first.

Here's what I'm getting every 5 minutes:

Feb 20 18:46:59 lt8 ntpd[22662]: ntpd 4.2.6p5@1.2349-o Sat May 12
09:07:18 UTC 2012 (1)
20 Feb 18:46:59 ntpd[22662]: proto: precision = 2.514 usec
20 Feb 18:46:59 ntpd[22662]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Feb 20 18:46:59 lt8 ntpd[22662]: logging to file /var/log/syslog
20 Feb 18:46:59 ntpd[22662]: Listen and drop on 1 v6wildcard :: UDP 123
20 Feb 18:46:59 ntpd[22662]: Listen normally on 2 lo 127.0.0.1 UDP 123
20 Feb 18:46:59 ntpd[22662]: Listen normally on 3 eth0 192.168.5.2 UDP 123
20 Feb 18:46:59 ntpd[22662]: Listen normally on 4 eth0
fe80::202:8aff:fe21:77f1 UDP 123
20 Feb 18:46:59 ntpd[22662]: Listen normally on 5 lo ::1 UDP 123
20 Feb 18:46:59 ntpd[22662]: peers refreshed
20 Feb 18:46:59 ntpd[22662]: Listening on routing socket on fd #22 for
interface updates
20 Feb 18:47:12 ntpd[22662]: ntpd: time slew +0.027801 s

again, I don't (yet) understand why ntpd is Listening as seen above.

there appears to be no problems with firewall, that I can tell yet
anyway (also eg the logs above - I've done some grepping etc over the
last few days of logs and everything outgoing appears to work, and
incoming ORPort DIRPort are successfully forwarded and the relay is
chugging away nicely within its limits. Also Internet generally works
(downloading debian boot cd for example) - and no ntp server
connection failures I could spot in the logs just before.


> It's not your isp since you say you're using
> ntpd against external debian pool and odds are
> not someone stuffing you bogus timedata. Though
> your ntp cli 

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[grarpamp]

Since you say it repeats you oppurtunity to check the
system clock first:
- configure tor to syslog
- send an ntpdate -q pool to syslog every 5min,
 remove when solved.
- send *.* to /var/log/all

and see what you find around where the date lines
start to slide or jump past each other. Graph it
with rrd/gnuplot if you want. epoch format helps there.
Your timekeeping is probably just broke somewhere,
ie: your system has bad clock drift and also can't sync
because there's a firewall blocking ntp, so off goes
your time. Check that first.
It's not your isp since you say you're using
ntpd against external debian pool and odds are
not someone stuffing you bogus timedata. Though
your ntp cli query may not be the same as the ntp
daemon query re: udp/tcp port they use, stateful
firewall timeout, etc... ie: somehow ntp blocked.
Or stale/unwriteable startup drift files on disk. If ntpdate
is set, then under ntpd running for 15min+,
if ntpq -np does not show one asterisk(*) in front
of one of the nonlocal peers, you're not synced.
And you'll be no luck until you are, fix that first.

Not likely to be Tor or kernel, but you can then next
- move the drive to another known good mobo/cpu box.
- do the kernel event logging thing
- bump tor's loglevel
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Zenaan Harkness]

On 2/19/14, Zenaan Harkness  wrote:
> On 2/19/14, Alexander Makarov  wrote:

>> Could you show the log?
>
> Current and previous tor logs attached. What is also interesting is IP
> address seems to change rather frequently from the ISP (iiNet in this
> case - a home ADSL2 connection, but off-net, so it's a resell of
> Telstra).

Telstra could be running carrier grade NAT or something perhaps? Looks
like IP address changes may be coming faster until there's a 99%
conversion to IPv6.

> I also note an early morning torrc file read (log.1) - there are no
> changes in the torrc file since the 17th, so except that I run service
> tor reload, I do not expect tor to re-read the torrc file; is this
> normal?:
> Feb 19 07:35:19.000 [notice] Read configuration file "/etc/tor/torrc".

Guess I need to get into coding again - or at least code review...
this doesn't make sense to me though - the log message should say a
bit more than it does (eg "confirmed no change" or "changes to BLAH
and BLAG"... the message as it reads is enigmatic to the point of
consternation.

>> Can you rebuild you kernel with debug option and
>> check what kernel events have the same timestamps
>
> I could install a debug kernel - Debian makes them available. How
> would I "check kernel events" - just check the logs?
>
> Happy to investigate... might need some hand holding on the process.

Installed Debian's ...-dbg kernel package. Apparently it's just
symbols - no new kernel. I've asked on debian-user for assistance in
the recommendation to check kernel events.

Thanks
Zenaan
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Alexander Makarov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yea, maybe you will find something strange or regular

On 19.02.2014 10:59, Zenaan Harkness wrote:
> On 2/19/14, Alexander Makarov  wrote:
>> On 18.02.2014 23:39, Zenaan Harkness wrote:
>>> On 2/18/14, Alexander Makarov  wrote:
 On 18.02.2014 22:02, Zenaan Harkness wrote:
> My tor logs (running on Debian) are showing this warning:
> [WARN] Your system clock just jumped 100 seconds forward; assuming
> established circuits no longer work.
>
> I tried running openntpd as well as ntp packages (debian), and both
> display the same problem - once or twice a day I get this jump in time
> of in the order of a couple of minutes.
>
> Any idea why?
>>>
 Maybe problem with hardware clocks?
>>>
>>> OK, I just checked that the time is very close to correct local time
>>> (within a couple seconds as best I can tell), and ran
>>> hwclock --systohc
>>>
>>> But, surely the log warning would only happen once? - that's the whole
>>> point of running ntp I thought...
>>>
>>> See how my node goes over the next day or two,
> 
> Well, the time jump still happens, roughly 5hrs apart, 2-3 minute jump.
> 
> 
>> Could you show the log?
> 
> Current and previous tor logs attached. What is also interesting is IP
> address seems to change rather frequently from the ISP (iiNet in this
> case - a home ADSL2 connection, but off-net, so it's a resell of
> Telstra).
> 
> I also note an early morning torrc file read (log.1) - there are no
> changes in the torrc file since the 17th, so except that I run service
> tor reload, I do not expect tor to re-read the torrc file; is this
> normal?:
> Feb 19 07:35:19.000 [notice] Read configuration file "/etc/tor/torrc".
> 
> 
>> Can you rebuild you kernel with debug option and
>> check what kernel events have the same timestamps
> 
> I could install a debug kernel - Debian makes them available. How
> would I "check kernel events" - just check the logs?
> 
> Happy to investigate... might need some hand holding on the process.
> 
> Thanks
> Zenaan
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

- -- 
Best regards,
Alexander Makarov
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTBCs/AAoJEBuTDJZeb03Vfs8P/3PKhPayOSwEoT2nUeUMKdo7
GLusU4CS+bPVwYkz0iGOwAG/X/Of+wOMGDseaQh/Ta0Cfex4qzNwvtXaVe/lDpEs
rYq459ibWR3TApeYzS1B7H2uqRqPqDZscofClygpfzRBf44Ge6nIbqRhaq93Dg7Q
+kgMKTd+HAKFgZwJRsl1c1y2ISdRFnyOs8AuBciZuN8UCQhy8iiQhTXMTAW3Dn6J
+RarlCN0FqD1Z0nCdNjMEAqQH6r2z4kX9rnMr3TkXwgKoJjuHn/PhLa6kjBUbnE0
cKHfL0ww8Ur+yG3H42mny0/sgrv+lF9vLzYDzo6LdvXWGXadt5703KsLkhZ0Cw1f
sb8+mJ+uhyCiSNOFcZp1nQ82bXskFYpf1HrpBJaby+r9ZeovMH5RAVw95Ghnp+f9
MvuVMOR6ufp9MFBkHuULmeHA/mT4vXzupQNHSeXR5OwoknR52dbnyb3JDKCFd+sB
sXqVorEobXFtWlft2aEAYC7pSTiKNypaFc0jDwAoGWNGWDfQs1iTz7XjZ2bqoDw0
bhqgGVvOOUPE4G6X14RBcZ1nk4esQyY11eJGPyRsp6r5D9iMNebhkfEo3US9Sx2B
c+OBrWCO0I51A218TV5+wITuzq8gbq8WnwfX3TSSvydd85Gtl0pyTJeQYhalFgJV
M8bVnTpBMSzjNO4eBJJQ
=u1Rp
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[I]

Iinet are having some sort of problem this morning which was just resolved a 
short while ago.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Zenaan Harkness]

On 2/19/14, Alexander Makarov  wrote:
> On 18.02.2014 23:39, Zenaan Harkness wrote:
>> On 2/18/14, Alexander Makarov  wrote:
>>> On 18.02.2014 22:02, Zenaan Harkness wrote:
 My tor logs (running on Debian) are showing this warning:
 [WARN] Your system clock just jumped 100 seconds forward; assuming
 established circuits no longer work.

 I tried running openntpd as well as ntp packages (debian), and both
 display the same problem - once or twice a day I get this jump in time
 of in the order of a couple of minutes.

 Any idea why?
>>
>>> Maybe problem with hardware clocks?
>>
>> OK, I just checked that the time is very close to correct local time
>> (within a couple seconds as best I can tell), and ran
>> hwclock --systohc
>>
>> But, surely the log warning would only happen once? - that's the whole
>> point of running ntp I thought...
>>
>> See how my node goes over the next day or two,

Well, the time jump still happens, roughly 5hrs apart, 2-3 minute jump.


> Could you show the log?

Current and previous tor logs attached. What is also interesting is IP
address seems to change rather frequently from the ISP (iiNet in this
case - a home ADSL2 connection, but off-net, so it's a resell of
Telstra).

I also note an early morning torrc file read (log.1) - there are no
changes in the torrc file since the 17th, so except that I run service
tor reload, I do not expect tor to re-read the torrc file; is this
normal?:
Feb 19 07:35:19.000 [notice] Read configuration file "/etc/tor/torrc".


> Can you rebuild you kernel with debug option and
> check what kernel events have the same timestamps

I could install a debug kernel - Debian makes them available. How
would I "check kernel events" - just check the logs?

Happy to investigate... might need some hand holding on the process.

Thanks
Zenaan


log
Description: Binary data


log.1
Description: Binary data
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Zenaan Harkness]

On 2/18/14, D.S. Ljungmark  wrote:
> On Tue, Feb 18, 2014 at 12:02 PM, Zenaan Harkness  wrote:
>> My tor logs (running on Debian) are showing this warning:
>> [WARN] Your system clock just jumped 100 seconds forward; assuming
>> established circuits no longer work.
>>
>> I tried running openntpd as well as ntp packages (debian), and both
>> display the same problem - once or twice a day I get this jump in time
>> of in the order of a couple of minutes.

> Are you on a virtual machine?  Do you control the VM host? If not, it could
> be that your host is migrating your VM, or not scheduling it properly,
> which causes time drifts inside the VM.

No VM, an older 32-bit box, 1GiB RAM, no swap.

On 2/19/14, Andreas Krey  wrote:
> It may just be that your machine completely hangs for a while
> occasionally; that will look to tor like a clock jump in that
> direction. Either hard disk timeouts of some kind, or serious
> swapping. If VM then also possibly the entire VM being starved
> occasionally.

Default Debian ntp servers/ config:
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst
etc
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Andreas Krey]

On Tue, 18 Feb 2014 22:02:21 +, Zenaan Harkness wrote:
> My tor logs (running on Debian) are showing this warning:
> [WARN] Your system clock just jumped 100 seconds forward; assuming
> established circuits no longer work.

It may just be that your machine completely hangs for a while
occasionally; that will look to tor like a clock jump in that
direction. Either hard disk timeouts of some kind, or serious
swapping. If VM then also possibly the entire VM being starved
occasionally.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Alexander Makarov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Could you show the log? Can you rebuild you kernel with debug option and
check what kernel events have the same timestamps

On 18.02.2014 23:39, Zenaan Harkness wrote:
> On 2/18/14, Alexander Makarov  wrote:
>> On 18.02.2014 22:02, Zenaan Harkness wrote:
>>> My tor logs (running on Debian) are showing this warning:
>>> [WARN] Your system clock just jumped 100 seconds forward; assuming
>>> established circuits no longer work.
>>>
>>> I tried running openntpd as well as ntp packages (debian), and both
>>> display the same problem - once or twice a day I get this jump in time
>>> of in the order of a couple of minutes.
>>>
>>> Any idea why?
> 
>> Maybe problem with hardware clocks?
> 
> OK, I just checked that the time is very close to correct local time
> (within a couple seconds as best I can tell), and ran
> hwclock --systohc
> 
> But, surely the log warning would only happen once? - that's the whole
> point of running ntp I thought...
> 
> See how my node goes over the next day or two,
> Thanks
> Zenaan
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

- -- 
Best regards,
Alexander Makarov
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTA1nlAAoJEBuTDJZeb03VbSkQALF56FA/x/PjHFdsqeHMismS
OwaQXDEp9LwnMhTwy+sl67FTZqGegKy/eY/elfTV35Tz2J2zEraj05CoiJMIIN1z
Sw9/PH2OexWsGPO6ZrfnhwcO1e+lgso2ayQNYeAkV2o2xy+87hJmlKUq5Zf+3SBJ
xGziNJ8WKq9ttArMwkXy26SsuG6hWGPRSU/CE//CDdanqiufp5t1qEiv5OnkmcdN
ji0MqwVjwJz7ccJnyAS/6KgoCeROkntxuu8PrSmpFhlkcGr+lugtOK2ccBALeomX
EjMVMg3qbC9ZeCVm6LCKSL43LNjjptkXQPumS8w/hLD6LwNZO3pmPIAB2wMqIs7w
TALp2psg1cJnl6wiYqt9b/x3gQc3iTcFq0ME0C41wohoRL8fFyVCOZ3Shcyi27Vp
zJzfkKJAzAoLPiZa3R0t1/v9z/vp0kYQSUlIaVlNgBF4w+BlS2S1WypVrc0G+rsu
SATj0C9JXpMe8T3QtZByIOGoLWbuBKsCbeSTvuYLrKRPIgDTk6XOeQefXraYWbtz
K+9MjaIRy7nEq4rgOz9MxwyabBegnaBQhk/nAkpVIpQJwhBRcTRMFwtmRz/Fuu/I
o2TUFghlfRSD1exWmROUHKm9wTl8Nop6JN0nNuXtybca4Hze4LuG+hwQQ29OUvr5
eJ7QRxdPLJnNWwk0iPR5
=duvg
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[D.S. Ljungmark]

Are you on a virtual machine?  Do you control the VM host? If not, it could
be that your host is migrating your VM, or not scheduling it properly,
which causes time drifts inside the VM.


On Tue, Feb 18, 2014 at 12:02 PM, Zenaan Harkness  wrote:

> My tor logs (running on Debian) are showing this warning:
> [WARN] Your system clock just jumped 100 seconds forward; assuming
> established circuits no longer work.
>
> I tried running openntpd as well as ntp packages (debian), and both
> display the same problem - once or twice a day I get this jump in time
> of in the order of a couple of minutes.
>
> Any idea why?
>
> TIA
> Zenaan
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[I]

I was told by a network engineer that recently there have been attacks 
targetting ntp.
It may or may not have anything to do with your relay though.

Robert

> 
> My tor logs (running on Debian) are showing this warning:
> [WARN] Your system clock just jumped 100 seconds forward; assuming
> established circuits no longer work.
> 
> I tried running openntpd as well as ntp packages (debian), and both
> display the same problem - once or twice a day I get this jump in time
> of in the order of a couple of minutes.
> 
> Any idea why?
> 
>


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Zenaan Harkness]

On 2/18/14, Alexander Makarov  wrote:
> On 18.02.2014 22:02, Zenaan Harkness wrote:
>> My tor logs (running on Debian) are showing this warning:
>> [WARN] Your system clock just jumped 100 seconds forward; assuming
>> established circuits no longer work.
>>
>> I tried running openntpd as well as ntp packages (debian), and both
>> display the same problem - once or twice a day I get this jump in time
>> of in the order of a couple of minutes.
>>
>> Any idea why?

> Maybe problem with hardware clocks?

OK, I just checked that the time is very close to correct local time
(within a couple seconds as best I can tell), and ran
hwclock --systohc

But, surely the log warning would only happen once? - that's the whole
point of running ntp I thought...

See how my node goes over the next day or two,
Thanks
Zenaan
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Alexander Makarov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Maybe problem with hardware clocks?

On 18.02.2014 22:02, Zenaan Harkness wrote:
> My tor logs (running on Debian) are showing this warning:
> [WARN] Your system clock just jumped 100 seconds forward; assuming
> established circuits no longer work.
> 
> I tried running openntpd as well as ntp packages (debian), and both
> display the same problem - once or twice a day I get this jump in time
> of in the order of a couple of minutes.
> 
> Any idea why?
> 
> TIA
> Zenaan
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
- -- 
Best regards,
Alexander Makarov
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTA0gIAAoJEBuTDJZeb03V5h8P/17FbMwXPJZ9X+uKWN+A2fSq
TTIbrOn1CQ5w/JW2Pqg5ykC/Q5QSxIJTWHnXl7dppQ82tkPtSBbRHjXSddgq2WwS
csGqV70KIPpr9FTGyuLrZPnNognKpdorzaYy5lq1ECp1IQkrdweuzbQEdUpeLnOq
n3O00Bjf4WhFHSpKdXPjHDpGac2GPywRoqsrF6OCVrVSN0ptZiPibRP1RDvYl0bb
8P6iQ7+53rIMvzuDGSaAh1yFVAB1ilbnMUXGZpNpBS9yYLt7m6Pg8MbvM+1/tXHQ
a3J1QWFwUduF2pvBIokeb8FjJsWwQDbSYm76lNxAwsVDWTo4KCns2+vWLUwkN4Tv
HQVXIGKPHoS/p9QBXrKz26zWlK4V6NY6FlfrYzkwkNeRf+ZCFZGJIOGIZryniXAH
RTN6/dBgr3MrxZiWViS96TkEVaS315qtIVfS3clgN9FdtoB8KpojN7N8V7s2ODFI
43Au4M6FEQjeGm371MfiAtZOtDuWrER3rH+vgFyE1yl5UkeidLIIAwMNIm31WSXq
/UxrhXb4NxF4oM+Qj3rvXTPKUtEym/gBlFEztyhXUOrOjs7kzr4550Um9B2ehcAo
FWs4JQKlElQbEl5QsXC+HH9YzSCK4cLh1QcbbiM8gpIuuuFJ7Bsr+TlAIRBIdVXd
668JcZMi9/NW6+8LgyZ+
=EMtC
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [WARN] Your system clock just jumped 100 seconds forward; assuming established circuits no longer work.

[Zenaan Harkness]

My tor logs (running on Debian) are showing this warning:
[WARN] Your system clock just jumped 100 seconds forward; assuming
established circuits no longer work.

I tried running openntpd as well as ntp packages (debian), and both
display the same problem - once or twice a day I get this jump in time
of in the order of a couple of minutes.

Any idea why?

TIA
Zenaan
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [warn] Tried to establish rendezvous on non-OR or non-edge circuit.

[Nick Mathewson]

On Fri, Jan 25, 2013 at 8:12 AM, Samuel Walker
 wrote:
> Hi,
>
> I've started receiving this message on my relay (non-exit, non-hidden-serivce)
>
>> [warn] Tried to establish rendezvous on non-OR or non-edge circuit.
>
> I've had a look in the bug tracker, and it looks like it was previously noted 
> under 4171, with the cause being 4641. Both now fixed.
>
> Should I be concerned over this?

Probably not.  The likeliest explanation (from what I can tell) is
somebody else running an old buggy version.  Not your problem, most
likely.

-- 
Nick
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] Tried to establish rendezvous on non-OR or non-edge circuit.

[Samuel Walker]

Hi,

I've started receiving this message on my relay (non-exit, non-hidden-serivce)

> [warn] Tried to establish rendezvous on non-OR or non-edge circuit.

I've had a look in the bug tracker, and it looks like it was previously noted 
under 4171, with the cause being 4641. Both now fixed.

Should I be concerned over this?

Many Thanks
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] [warn] Request too large from address '[scrubbed]' to DirPort. Closing.

[Klaus Layer]

Hi,

last night the log of one of my nodes showed within 2 minutes about 160 of 
these messages. Traffic stats show that the incoming bandwidth increased from 
the average of 300 Mbit/s to more than 400 Mbit/s, where at the same time 
outgoing traffic dropped. From the peak I see, the requests must have been 
really big. Does anyone noticed this on other tor servers too? 

Regards,

Klaus


signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays