-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Gordon Morehouse: > Gordon Morehouse: >> I'm still waiting for another "storm" to test the 60 sec findtime >> / 90 sec bantime guesses that I made (and just pushed to my >> repo, BTW). Every time my relay crashes due to a storm, it takes >> me that much longer to get Stable back, and the storms are >> almost nonexistent until you have the Stable flag in my >> observation. > > Another circuit-creation storm (detectable as SYN flood on ORPort) > happened last night soon after reattaining my Stable flag > (argh!!!) and the following limits on SYNs to the ORPort were not > enough to save Tor from the oom-killer: > > 1. Absolute limit avg 4 SYN per second with burst of 10 to ORPort, > with an iptables REJECT (as opposed to DROP) for hosts that send > SYNs when this limit has been reached. > > 2. 90-second iptables DROP ban for hosts which exceed the above > (and are thus logged) in any 60-second period.
I should have said "exceed the above 5 times" here. > > Sigh. More trial and error and another (figurative) century before > I get my Stable flag back. I'm going to try dropping the total SYN limit to 3/sec burst 8, extend the watch time from 60 to 75 seconds, and decrease the max # of exceeds from 5 to 4 and see how that does. This is fairly Pi-specific. Best, - -Gordon M. -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJSZou8AAoJED/jpRoe7/ujrBYH/jJesRC0xRzo8lAf/UVKCMPf PCN+8HAbMxFcMJw6nd0/OQQKdA3wGU6YUv3BlfgeyP/a2Ro+g9f5MZo3rCR7bvNG dLjMG3oB4rDAmwcFAxHbJlZumPjWNcFGVOFkkxIrY+sSIhQAssDMjqTlj+YTdDJF sh69FRl01WwghP2ivzAUZaL/NKEKEAIhPmHLMyL62qbFNhdPAbL0JV+Z/EO0Y5Sg QGXazl7MLyvqBFUrkftQukkbn2tPkWWXOQv8gbCXhlq9UHw1TTtDbcgJpOEcwltS TJPWXKemE/AeV06+5Aa2GQ9PdMmfwoMd9v4GFu/sFIJScN1p4JaOcA4EF69sr1E= =DGXF -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
