Re: [tor-relays] "Bug: Duplicate call to circuit_mark_for_close"
> On 17 Oct 2017, at 21:43, torwrote: > > > There's a bug in 0.3.0 and later that causes clients to fetch > > microdescriptors from fallbacks. So fallbacks (and authorities) > > will have extra load until that's fixed. > > > > https://trac.torproject.org/projects/tor/ticket/23862 > > Makes sense. The relay can't keep up with the extra load. It's basically a > DDoS. It's gone into this state 4 times over the past ~ 48 hours. I doubt this bug is the cause if it's just happened recently. It's more likely that your relay is the HSDir for some popular onion service. Or a genuine DDoS. Can't your provider support that many connections? > > I think Tor LTS / 0.2.9 is in Debian stable: > > http://deb.torproject.org/torproject.org/dists/stable/ > > > > I've opened a ticket to add LTS to the Debian repository instructions: > > https://trac.torproject.org/projects/tor/ticket/23897 > > > > I wouldn't recommend upgrading to 0.3.0 or later, there are stability issues > > on some clients, and maybe relays. > > https://trac.torproject.org/projects/tor/ticket/21969 > > Thanks the info. Unfortunately I upgraded to 0.3.1.7 before reading this (it > didn't help), and can't figure out how to obtain 0.2.9.12 from the repos. > I've tried these repos: > > deb http://deb.torproject.org/torproject.org trusty main > deb http://deb.torproject.org/torproject.org jessie main > deb http://deb.torproject.org/torproject.org stretch main > > All of them seem to only offer 0.3.1.7, but I'm not sure I'm looking in the > right places or querying apt in the right way. > > A static link to a signed dpkg (for 0.2.9.12) would be fine for the moment, > if anyone knows of one. There's 0.2.9 nightly, but I don't know if we have an 0.2.9-release build. T___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] "Bug: Duplicate call to circuit_mark_for_close"
> There's a bug in 0.3.0 and later that causes clients to fetch > microdescriptors from fallbacks. So fallbacks (and authorities) > will have extra load until that's fixed. > > https://trac.torproject.org/projects/tor/ticket/23862 Makes sense. The relay can't keep up with the extra load. It's basically a DDoS. It's gone into this state 4 times over the past ~ 48 hours. > I think Tor LTS / 0.2.9 is in Debian stable: > http://deb.torproject.org/torproject.org/dists/stable/ > > I've opened a ticket to add LTS to the Debian repository instructions: > https://trac.torproject.org/projects/tor/ticket/23897 > > I wouldn't recommend upgrading to 0.3.0 or later, there are stability issues > on some clients, and maybe relays. > https://trac.torproject.org/projects/tor/ticket/21969 Thanks the info. Unfortunately I upgraded to 0.3.1.7 before reading this (it didn't help), and can't figure out how to obtain 0.2.9.12 from the repos. I've tried these repos: deb http://deb.torproject.org/torproject.org trusty main deb http://deb.torproject.org/torproject.org jessie main deb http://deb.torproject.org/torproject.org stretch main All of them seem to only offer 0.3.1.7, but I'm not sure I'm looking in the right places or querying apt in the right way. A static link to a signed dpkg (for 0.2.9.12) would be fine for the moment, if anyone knows of one. Thanks.___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] "Bug: Duplicate call to circuit_mark_for_close"
> You are on 0.2.9.11 and #20059 was merged in 0.2.9.12 > https://gitweb.torproject.org/tor.git/tree/ReleaseNotes?h=release-0.2.9 I see. I'm trying to stay on 0.2.9.x since that is considered the "long-term support" release. This is a fallback directory mirror which I'd like to keep as stable as possible. apt wants to upgrade straight to 0.3.1.7 (from the repo at http://deb.torproject.org/torproject.org). I will see if I can install 0.2.9.12 from the repo instead, or perhaps install the package manually (or perhaps give up and switch to 0.3.1.7). > As for the relay, I am pretty sure there is a firewall or something > which throttles the incoming / outgoing TCP connection a > process/user/pid can initiate or something like this. The problem is > either in the operating system itself either a network-level firewall or > built-in router firewall. Could be. It's just simple iptables on the node, and I've tried to follow best practices for the sysctl and ulimit tweaks, but I don't really know what's going on upstream with the provider. It's a little odd that this is only a recent problem, as the node has been up for 700+ days and aside from kernel upgrades, there's no recent changes. Maybe it's just busier than usual now. I'll keep digging. Thanks for the feedback!___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] "Bug: Duplicate call to circuit_mark_for_close"
tor wrote: > Hi, > > I'm troubleshooting a Linux relay where the Tor service is having > problems. External monitoring alerts indicate both the ORPort and > DirPort are unreachable (TCP connection timeout). I can ssh in and the > Tor service is still running. The node seems to have increased memory > usage at this point but there's no evidence of OOM. I restart the Tor > service, monitoring says all is good again, and things seem fine for a > bit, until the cycle repeats hours later. > > I'm still investigating, but one thing I immediately noticed was > hundreds of these lines in the logs: > > [warn] circuit_mark_for_close_(): Bug: Duplicate call to > circuit_mark_for_close at ../src/or/onion.c:238 (first at > ../src/or/command.c:579) (on Tor 0.2.9.11 ) > > I found https://trac.torproject.org/projects/tor/ticket/20059 but it's > marked as fixed with a backport to 0.2.9. > > Any thoughts? > Hello, Thanks for running a relay. You are on 0.2.9.11 and #20059 was merged in 0.2.9.12 https://gitweb.torproject.org/tor.git/tree/ReleaseNotes?h=release-0.2.9 There is no sense to report this further because the issue is fixed, you are just one release behind. As for the relay, I am pretty sure there is a firewall or something which throttles the incoming / outgoing TCP connection a process/user/pid can initiate or something like this. The problem is either in the operating system itself either a network-level firewall or built-in router firewall. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] "Bug: Duplicate call to circuit_mark_for_close"
Hi, I'm troubleshooting a Linux relay where the Tor service is having problems. External monitoring alerts indicate both the ORPort and DirPort are unreachable (TCP connection timeout). I can ssh in and the Tor service is still running. The node seems to have increased memory usage at this point but there's no evidence of OOM. I restart the Tor service, monitoring says all is good again, and things seem fine for a bit, until the cycle repeats hours later. I'm still investigating, but one thing I immediately noticed was hundreds of these lines in the logs: [warn] circuit_mark_for_close_(): Bug: Duplicate call to circuit_mark_for_close at ../src/or/onion.c:238 (first at ../src/or/command.c:579) (on Tor 0.2.9.11 ) I found https://trac.torproject.org/projects/tor/ticket/20059 but it's marked as fixed with a backport to 0.2.9. Any thoughts?___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays