Re: [tor-relays] "Bug: Duplicate call to circuit_mark_for_close"

2017-10-17 Thread teor 

> On 17 Oct 2017, at 21:43, tor  wrote:
> 
> > There's a bug in 0.3.0 and later that causes clients to fetch
> > microdescriptors from fallbacks. So fallbacks (and authorities)
> > will have extra load until that's fixed.
> > 
> > https://trac.torproject.org/projects/tor/ticket/23862
> 
> Makes sense. The relay can't keep up with the extra load. It's basically a 
> DDoS. It's gone into this state 4 times over the past ~ 48 hours.

I doubt this bug is the cause if it's just happened recently.
It's more likely that your relay is the HSDir for some popular
onion service. Or a genuine DDoS.

Can't your provider support that many connections?

> > I think Tor LTS / 0.2.9 is in Debian stable:
> > http://deb.torproject.org/torproject.org/dists/stable/
> > 
> > I've opened a ticket to add LTS to the Debian repository instructions:
> > https://trac.torproject.org/projects/tor/ticket/23897
> >
> > I wouldn't recommend upgrading to 0.3.0 or later, there are stability issues
> > on some clients, and maybe relays.
> > https://trac.torproject.org/projects/tor/ticket/21969
> 
> Thanks the info. Unfortunately I upgraded to 0.3.1.7 before reading this (it 
> didn't help), and can't figure out how to obtain 0.2.9.12 from the repos. 
> I've tried these repos:
> 
>   deb http://deb.torproject.org/torproject.org trusty main
>   deb http://deb.torproject.org/torproject.org jessie main
>   deb http://deb.torproject.org/torproject.org stretch main
> 
> All of them seem to only offer 0.3.1.7, but I'm not sure I'm looking in the 
> right places or querying apt in the right way.
> 
> A static link to a signed dpkg (for 0.2.9.12) would be fine for the moment, 
> if anyone knows of one.

There's 0.2.9 nightly, but I don't know if we have an 0.2.9-release build.

T___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Bug: Duplicate call to circuit_mark_for_close"

2017-10-17 Thread tor 
> There's a bug in 0.3.0 and later that causes clients to fetch
> microdescriptors from fallbacks. So fallbacks (and authorities)
> will have extra load until that's fixed.
>
> https://trac.torproject.org/projects/tor/ticket/23862

Makes sense. The relay can't keep up with the extra load. It's basically a 
DDoS. It's gone into this state 4 times over the past ~ 48 hours.

> I think Tor LTS / 0.2.9 is in Debian stable:
> http://deb.torproject.org/torproject.org/dists/stable/
>
> I've opened a ticket to add LTS to the Debian repository instructions:
> https://trac.torproject.org/projects/tor/ticket/23897
>
> I wouldn't recommend upgrading to 0.3.0 or later, there are stability issues
> on some clients, and maybe relays.
> https://trac.torproject.org/projects/tor/ticket/21969

Thanks the info. Unfortunately I upgraded to 0.3.1.7 before reading this (it 
didn't help), and can't figure out how to obtain 0.2.9.12 from the repos. I've 
tried these repos:

  deb http://deb.torproject.org/torproject.org trusty main
  deb http://deb.torproject.org/torproject.org jessie main
  deb http://deb.torproject.org/torproject.org stretch main

All of them seem to only offer 0.3.1.7, but I'm not sure I'm looking in the 
right places or querying apt in the right way.

A static link to a signed dpkg (for 0.2.9.12) would be fine for the moment, if 
anyone knows of one.

Thanks.___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Bug: Duplicate call to circuit_mark_for_close"

2017-10-17 Thread tor 
> You are on 0.2.9.11 and #20059 was merged in 0.2.9.12
> https://gitweb.torproject.org/tor.git/tree/ReleaseNotes?h=release-0.2.9

I see. I'm trying to stay on 0.2.9.x since that is considered the "long-term 
support" release. This is a fallback directory mirror which I'd like to keep as 
stable as possible. apt wants to upgrade straight to 0.3.1.7 (from the repo at 
http://deb.torproject.org/torproject.org). I will see if I can install 0.2.9.12 
from the repo instead, or perhaps install the package manually (or perhaps give 
up and switch to 0.3.1.7).

> As for the relay, I am pretty sure there is a firewall or something
> which throttles the incoming / outgoing TCP connection a
> process/user/pid can initiate or something like this. The problem is
> either in the operating system itself either a network-level firewall or
> built-in router firewall.

Could be. It's just simple iptables on the node, and I've tried to follow best 
practices for the sysctl and ulimit tweaks, but I don't really know what's 
going on upstream with the provider. It's a little odd that this is only a 
recent problem, as the node has been up for 700+ days and aside from kernel 
upgrades, there's no recent changes. Maybe it's just busier than usual now. 
I'll keep digging. Thanks for the feedback!___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] "Bug: Duplicate call to circuit_mark_for_close"

2017-10-17 Thread s7r 
tor wrote:
> Hi,
> 
> I'm troubleshooting a Linux relay where the Tor service is having
> problems. External monitoring alerts indicate both the ORPort and
> DirPort are unreachable (TCP connection timeout). I can ssh in and the
> Tor service is still running. The node seems to have increased memory
> usage at this point but there's no evidence of OOM. I restart the Tor
> service, monitoring says all is good again, and things seem fine for a
> bit, until the cycle repeats hours later.
> 
> I'm still investigating, but one thing I immediately noticed was
> hundreds of these lines in the logs:
> 
>   [warn] circuit_mark_for_close_(): Bug: Duplicate call to
> circuit_mark_for_close at ../src/or/onion.c:238 (first at
> ../src/or/command.c:579) (on Tor 0.2.9.11 )
> 
> I found https://trac.torproject.org/projects/tor/ticket/20059 but it's
> marked as fixed with a backport to 0.2.9. 
> 
> Any thoughts?
> 

Hello,

Thanks for running a relay.

You are on 0.2.9.11 and #20059 was merged in 0.2.9.12
https://gitweb.torproject.org/tor.git/tree/ReleaseNotes?h=release-0.2.9

There is no sense to report this further because the issue is fixed, you
are just one release behind.

As for the relay, I am pretty sure there is a firewall or something
which throttles the incoming / outgoing TCP connection a
process/user/pid can initiate or something like this. The problem is
either in the operating system itself either a network-level firewall or
built-in router firewall.



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] "Bug: Duplicate call to circuit_mark_for_close"

2017-10-17 Thread tor 
Hi,

I'm troubleshooting a Linux relay where the Tor service is having problems. 
External monitoring alerts indicate both the ORPort and DirPort are unreachable 
(TCP connection timeout). I can ssh in and the Tor service is still running. 
The node seems to have increased memory usage at this point but there's no 
evidence of OOM. I restart the Tor service, monitoring says all is good again, 
and things seem fine for a bit, until the cycle repeats hours later.

I'm still investigating, but one thing I immediately noticed was hundreds of 
these lines in the logs:

  [warn] circuit_mark_for_close_(): Bug: Duplicate call to 
circuit_mark_for_close at ../src/or/onion.c:238 (first at 
../src/or/command.c:579) (on Tor 0.2.9.11 )

I found https://trac.torproject.org/projects/tor/ticket/20059 but it's marked 
as fixed with a backport to 0.2.9.

Any thoughts?___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays