Re: [p2p-hackers] Help needed: Autonomous NAT traversal test [Was: enabling bridges on NATed clients]

[Michael Blizek]

Hi!

On 11:18 Sun 07 Mar , Stephen Williams wrote:
> I've been lurking for a while.  Apologies that I've missed most of the 
> conversation.
> 
> Michael Blizek wrote:

...

> > - Do throttling the proper way and *not* by "usleep", but by setting
> >   TCP_CONGESTION or smaller tcp window sizes if possible. "usleep" should 
> > only
> >   be the last resort. When using usleep or smaller tcp window sizes, the lib
> >   should be able to figure the proper parameters out by itself e.g. by 
> > pinging
> >   a fixed IP and looking at the response times when the net is under load.
> >   
> 
> Rate-based end-to-end flow control with bandwidth estimation, usually 
> needed at both the communications and application level, is the way to 
> solve most related problems.  I can detail and provide references.  It 
> turns out not to be very hard to implement in most cases.  Recently, we 
> called this "pro-active flow control" to try to distinguish it from 
> simple window-based flow control.

There is a thing called "congestion avoidance" which should take care of the
flow control. In linux, you can select the algorithm per-socket - and you can
sometimes set a "low priority" one. The bad thing is that this congestion
avoidance is triggered by packet loss. On slow lines with big buffers, this
might be too late. Using the latency for flow control also has its down sides,
like convergence issues.

Anyway the point is that "usleep" is one of the worst mays of doing the
throttling on the sending side (it is ok on the receiving side). The reason
is that the TCP/IP stack will create lots of small packets (increases CPU
usage of routern) which have the push flag set (which triggers ACK sending
without delay, which causes even more small packets).

> > - Provide a way for the application to tell the library which connections 
> > are
> >   important and which connections need throughput or low latency.
> >   
> 
> Yes, need a standard way to provide and propagate these hints.  Also, 
> need to provide visibility of preferences of routers (i.e. intermediate 
> systems) along the pipeline if possible.  This allows things like 
> bandwidth throttling to be visible, enforced, and accounted for (perhaps 
> by opening additional channels).

IP has a way to do this. It is called TOS field, but it is rarely used. There
is little point on TP networks anyway. If there is not enough backbane
bandwith, everybody will try to get as much as possible and nobody will set
the TOS field. They will rather randomise ports and do encryption and traffic
normalisation to prevend being slowed down. I think this parameter is mostly
interesting before the traffic leaves into the internet. 

-Michi
-- 
programing a layer 3+4 network protocol for mesh networks
see http://michaelblizek.twilightparadox.com

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Linux (32-bit) TBB -- seeking testers

[Erinn Clark]

Hi everyone,

I've been working on making a Linux Tor Browser Bundle and I need some
testers with 32-bit Linux systems. This is extremely alpha -- do not
expect it to work perfectly and don't depend on it for privacy (unless
you happen to be running Debian unstable, like me, where it seems to
work flawlessly every time). 

Pre-requisites: you need to at least be able to run Firefox already and
you need to shutdown Tor, Polipo/Privoxy, and Vidalia. Existing
Firefoxes/Iceweasels do not need to be shutdown.

It can be found here:
http://erinn.org/~e/tbb-linux32-030710.tgz
http://erinn.org/~e/tbb-linux32-030710.tgz.asc

If it doesn't work for you, please do the following:
- Tell me your Linux distribution
- Send me any relevant shell output
- Run ./start-tor-browser --debug and send me the vidalia-debug-log
- From within the TBB directory, run: 'strace -f -e open -o ff-opens.log
  ./App/Firefox/firefox -no-remote -profile ./Data/profile' and send me the 
output

Known issues

General

- If it doesn't launch Firefox the first time, try closing everything
  and re-launching. 
 
SuSE

- It might complain about not being able to find the display if you
  launch from shell
- System xulrunner via /etc/gre.d/*.conf hijacks Firefox
- It runs, but torbutton doesn't appear to work (in my VM, 11.2). Preliminary
  testing indicates that it runs on 11.0

Fedora

- It makes SELinux pretty unhappy

Libraries 

- If you get a libxml2 error about gzopen64 in the debug log, please
  check your system for an old zlib:
  https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/151045


signature.asc
Description: Digital signature

Re: clock error

[andrew]

On Sun, Mar 07, 2010 at 09:11:29AM -0500, zzzjethro...@email2me.net wrote 2.9K 
bytes in 98 lines about:
: I'm posting part of my question from a couple of days ago because with it I 
noticed my clock was supposedly off, according to the message log.
: However, it is set to automatically set or adjust to the time zone I am in.
: Just wondering if the above and what's below are related and if my clock is 
set for properly setting itself, how do I adjust it? Sorry for my trivial 
questions.

If you are seeing messages in your tor logfile that your clock is wrong,
yet you are certain your clock is correct, then ignore them.  It
probably means the directory server has an incorrect clock.

-- 
Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: New ban of tor-exit-nodes -IPs by the LiveJournal

[Marcus Griep]

On Sun, Mar 7, 2010 at 11:31 AM, James Brown  wrote:
> Many IP-addresses of exit-nodes of the Tor was banned from access to the
> LJ today.
> We have the next information when trying to connect with it:
> "You've been temporarily banned from accessing LiveJournal, perhaps
> because you were hitting the site too quickly. Please make sure that
> you're following our Bot Policy . If
> you have questions, contact us at webmas...@livejournal.com with the
> following information: CMTGP7urjSahlts @ xx.xx.xx.xx

As has been mentioned previously by the likes of Jacob Applebaum and
others on this list, the Tor community has a good working relationship
with LiveJournal, and they, as much as anyone, want to re-enable
access from Tor, but also have to deal with abuse from the system. I
expect that LJ will have access restored in a reasonable time, and you
can always email their webmaster for more information.

> I think that it is a new, latent method to restrict access to the LJ
> through the Tor which certainly established by order of Putin's and
> Medvedev's junta gived to the "SUP".

I'd be careful blindly pointing accusations of association around.
These types of statements of opinion don't serve to endear the Tor
community to anyone, much less to those services that welcome the use
of Tor.

--
Marcus Griep
——
Ακακια את.ψο´, 3°
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Full bandwidth is not used.

[Damian Johnson]

Unfortunately the state doesn't provide a complete bandwidth history - if
you check on line 1168 of src/or/rephist.c you'll see:

/** How many bandwidth usage intervals do we remember? (derived) */
#define NUM_TOTALS (NUM_SECS_BW_SUM_IS_VALID/NUM_SECS_BW_SUM_INTERVAL)

This is used later when writing to the state (line 1441 of the same file) -
honestly I'm green enough with C that I got lost pretty quick once it
started juggling smart lists and buffers around but I'll take the comments
at their word ;)

This is why I don't use it to populate past bandwidth data in arm. Cheers!
-Damian

On Sun, Mar 7, 2010 at 3:16 AM, Paul Menzel <
paulepan...@users.sourceforge.net> wrote:

> Am Freitag, den 05.03.2010, 23:54 +0100 schrieb Paul Menzel:
> > Am Freitag, den 05.03.2010, 10:17 -0500 schrieb and...@torproject.org:
> > > On Fri, Mar 05, 2010 at 09:32:59AM +0100,
> paulepan...@users.sourceforge.net wrote 1.4K bytes in 39 lines about:
> > > : > What did you configure for your bandwidth limits or accountingmax?
> > > :
> > > : I did not configure them and so the defaults are used. arm is
> displaying
> > > : »(cap: 5 MB, burst: 10 MB)«.
> > >
> > > Ok, then Tor will figure out how much bandwidth it can reliably
> provide.
> >
> > On what conditions does that depend?
> >
> > > If you look at your (datadirectory)/state file, it will show you how
> > > much bandwidth tor has been providing over time.
> >
> > I guess arm is using this or something similar to display the bandwidth
> > usage of Tor.
>
> On average arm’s values are the same as the ones in
> `(datadirectory)/state`.
>
> […]
>
>
> Thanks,
>
> Paul
>

Re: New ban of tor-exit-nodes -IPs by the LiveJournal

[Flamsmark]

On 7 March 2010 11:31, James Brown  wrote:

> Many IP-addresses of exit-nodes of the Tor was banned from access to the
> LJ today.
> We have the next information when trying to connect with it:
> "You've been temporarily banned from accessing LiveJournal, perhaps
> because you were hitting the site too quickly. Please make sure that
> you're following our Bot Policy . If
> you have questions, contact us at webmas...@livejournal.com with the
> following information: CMTGP7urjSahlts @ xx.xx.xx.xx
>
> I think that it is a new, latent method to restrict access to the LJ
> through the Tor which certainly established by order of Putin's and
> Medvedev's junta gived to the "SUP".


I'm not sure about your conspiracy theory; it sounds like they've just
implemented a new bot policy. If they really wanted to ban Tor, they could
just ban all the exits. This policy does have a negative impact on those
attempting to access LJ through Tor. However, it sounds like a neutral rule
of general applicability: banning bots which violate your bot rules is not
an unreasonable thing to do. It certainly doesn't seem that they're
deliberately trying to go after Tor users in an attempt to prevent them from
connecting.

In the past, when LJ has implemented measures that had negative knock-on
effects on Tor, they've responded pretty positively to inquiries from the
Tor developers/community. It's been my impression that they're pretty
sympathetic to the anonymity needs of their users, and willing to compromise
in order to meet those needs. Perhaps a fluent English-speaker could write
them a polite note pointing out that this new measure (if indeed it is new)
has had this unforeseen negative secondary effect, and requesting their
cooperation in mitigating it.

Re: [p2p-hackers] Help needed: Autonomous NAT traversal test [Was: enabling bridges on NATed clients]

[Michael Blizek]

Hi!

On 16:35 Sun 07 Mar , Eugen Leitl wrote:
> - Forwarded message from Christian Grothoff  -
> 
> From: Christian Grothoff 
> Date: Sun, 7 Mar 2010 12:30:53 +0100
> To: or-...@freehaven.net, or-...@seul.org, or-t...@seul.org,
>   gnunet-develop...@gnu.org, help-gnu...@gnu.org
> Subject: Help needed: Autonomous NAT traversal test [Was: enabling bridges on 
> NATed clients]
> User-Agent: KMail/1.12.4 (Linux/2.6.31-14-generic; KDE/4.3.5; i686; ; )
> Reply-To: or-talk@freehaven.net
> 
> Dear all,
> 
> In order to more thoroughly answer sird's question (for GNUnet, possibly for 
> Tor and generally for anyone interested in P2P), a group of people (including 
> Andreas Mueller, Samy Kamkar, Nate Evans and myself) would like your help.

I had some thoughts about building a library for applications which do fancy
things with the underlying network. Primarily, because I have a project which
will likely be more useful, if applications take proper use of it. (see
http://michaelblizek.twilightparadox.com/projects/cor/internet_exit.html )

To my mind such a library should do *way* more than NAT transversal, if it is
supposed to be "generic":
- Provide OS abstractions
- Provide socks proxy (which BTW have a way for opening ports
  on the other side) abstractions
- Use its own configuration file, if the application does not override things
  at runtime. This way, the user can configure everything even if the
  application does not provide ways to set certain parameters. Also, an
  "application name" parameter should be passed to the lib, so that the config
  file could contain different parameters for each application.
- Maybe provide some addressing abstractions, so that applications can run
  within IPv4/IPv6/.onion/... networks without changes.
- Provide ways to set things like IP_TOS, so that external shapers are easier
  to setup.
- Make sure that e.g. TCP_CORK is always set when possible.
- Do throttling the proper way and *not* by "usleep", but by setting
  TCP_CONGESTION or smaller tcp window sizes if possible. "usleep" should only
  be the last resort. When using usleep or smaller tcp window sizes, the lib
  should be able to figure the proper parameters out by itself e.g. by pinging
  a fixed IP and looking at the response times when the net is under load.
- Provide a way for the application to tell the library which connections are
  important and which connections need throughput or low latency.

-Michi

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

New ban of tor-exit-nodes -IPs by the LiveJournal

[James Brown]

Many IP-addresses of exit-nodes of the Tor was banned from access to the
LJ today.
We have the next information when trying to connect with it:
"You've been temporarily banned from accessing LiveJournal, perhaps
because you were hitting the site too quickly. Please make sure that
you're following our Bot Policy . If
you have questions, contact us at webmas...@livejournal.com with the
following information: CMTGP7urjSahlts @ xx.xx.xx.xx

I think that it is a new, latent method to restrict access to the LJ
through the Tor which certainly established by order of Putin's and
Medvedev's junta gived to the "SUP".
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

clock error

[zzzjethro666]

 

 
 Hello.

I'm posting part of my question from a couple of days ago because with it I 
noticed my clock was supposedly off, according to the message log.
However, it is set to automatically set or adjust to the time zone I am in.
Just wondering if the above and what's below are related and if my clock is set 
for properly setting itself, how do I adjust it? Sorry for my trivial questions.


 

>From a couple of days ago: 
Is this normal? Does anyone know about this or has had it happen to them?

Firefox started installing version 3.0.18 (I was running 3.0.17), on my Mac 
(10.5.2), while I was in Hidden Services waiting for Onion Forum to open.
It caught me by surprise and finished the install but then another window 
popped open and showed me it was putting on Add-ons which I cancelled.

I regularly check my FF preferences, so did immediately and nothing is checked, 
especially automatically updating or adding add-ons without asking first.

Thanks for any help.

Help needed: Autonomous NAT traversal test [Was: enabling bridges on NATed clients]

[Christian Grothoff]

Dear all,

In order to more thoroughly answer sird's question (for GNUnet, possibly for 
Tor and generally for anyone interested in P2P), a group of people (including 
Andreas Mueller, Samy Kamkar, Nate Evans and myself) would like your help.  

We've written a piece of software that will test your NAT implementation to 
determine how well various NAT hole punching techniques work.  The tester (at 
least the version with the tests we're interested in right now) currently only 
runs on W32 and requires that you first install http://www.winpcap.org/.  
Then, please download, unzip and run the NAT tester from 
http://nattest.net.in.tum.de/.

At the end, the tester will launch a browser to report the results back to the 
nat tester website for evaluation.  The collected data is made public, and our 
evaluation report will also be public; finally, whatever method we end up 
implementing for GNUnet based on this will be reasonably modular so that Tor 
can choose to build on our code (if the evaluation makes it look promising 
enough). 

Thanks for your help in advance!

Best regards,

Christian

On Monday 22 February 2010 12:56:39 am s...@rckc.at wrote:
> What do you guys think about using http://samy.pl/pwnat/ idea to allow
> people that want to run a bridge behind a NAT? Maybe enhance the
> discovery protocol to this kind of stuff.
> 
> I say this because I think that people in china need bridges, and this
> kind of solutions may dramatically help in that, specially because now
> they can't just send reset packets in the discovery part of the
> protocol.
> 
> Anyway, it's just an idea, what do you think? is it usable?
> 
> Greetings!!
> 
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Full bandwidth is not used.

[Paul Menzel]

Am Freitag, den 05.03.2010, 23:54 +0100 schrieb Paul Menzel:
> Am Freitag, den 05.03.2010, 10:17 -0500 schrieb and...@torproject.org:
> > On Fri, Mar 05, 2010 at 09:32:59AM +0100, paulepan...@users.sourceforge.net 
> > wrote 1.4K bytes in 39 lines about:
> > : > What did you configure for your bandwidth limits or accountingmax?
> > : 
> > : I did not configure them and so the defaults are used. arm is displaying
> > : »(cap: 5 MB, burst: 10 MB)«.
> > 
> > Ok, then Tor will figure out how much bandwidth it can reliably provide.
> 
> On what conditions does that depend?
> 
> > If you look at your (datadirectory)/state file, it will show you how
> > much bandwidth tor has been providing over time.
> 
> I guess arm is using this or something similar to display the bandwidth
> usage of Tor.

On average arm’s values are the same as the ones in
`(datadirectory)/state`.

[…]


Thanks,

Paul


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

provided bandwitdth over time in /var/lib/tor/state (was: Full bandwidth is not used.)

[Paul Menzel]

Am Samstag, den 06.03.2010, 02:36 -0800 schrieb Paul Campbell:
> > From: Marcin Kowalczyk 
> > Sent: Sat, March 6, 2010 7:56:39 AM
> > 
> > > Looking at `DataDirectory/state` directly I cannot figure out how to
> > > interpret the values. Maybe I need tot enable bandwidth accounting.
> > 
> > The values for BWHistoryReadValues and BWHistoryWriteValues are
> > sent/received bytes in 15 minutes.
> > 
> > So VALUE/1024/15/60 shows you your actual kb/s throughput in one
> > direction.
>
> Maybe this poorly written perl script can help:
> 
> perl -ne 'next if !/BW.*Values/; @s = split; print "$s[0]\n"; foreach
> $value (split(/,/, $s[1])) {printf "%10.1f kB/s\n", $value/15/60/1024}'
> <
> /var/lib/tor/state

Thanks a lot for this.

It shows around the same values as arm on average.


Thanks,

Paul


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil