So in general 0.3.3.1-alpha-dev and 0.3.3.2-alpha running on two nodes
without any connection limits on the iptables firewall seems to be a lot
more robust against the recent increase in clients (or possible [D]DoS).
But tonight for a short period of time one of the relays was running a
bit "hot" so to say.
Only to be greated by this log entry:
Feb 12 18:54:55 tornode2 Tor: We're low on memory (cell queues
total alloc: 1602579792 buffer total alloc: 1388544, tor compress total
alloc: 1586784 rendezvous cache total alloc: 489909). Killing circuits
withover-long queues. (This behavior is controlled by MaxMemInQueues.)
Feb 12 18:54:56 tornode2 Tor: Removed 1599323088 bytes by killing
1 circuits; 39546 circuits remain alive. Also killed 0 non-linked
Feb 12 19:04:10 tornode2 Tor: Your network connection speed
appears to have changed. Resetting timeout to 60s after 18 timeouts and
So 1 Circuit being able to claim 1,5 gig or ram, now this seems a big
much. Whilst the DoS protection seems to do something (see below). Now
this could be a new attack or just an error etc. However wouldn't some
sort of fair memory balance between circuits be an other mitigation
factor to consider? Not saying it should be as strict as "circuit
memory"/"# of circuits" but 99.x% of memory for one circuit feels wrong
for a relay.
Feb 12 13:58:34 tornode2 Tor: DoS mitigation since startup: 910770
circuits rejected, 10 marked addresses. 25972 connections closed. 324
single hop clients refused.
Feb 12 19:58:34 tornode2 Tor: DoS mitigation since startup:
1222320 circuits rejected, 12 marked addresses. 33359 connections
closed. 402 single hop clients refused.
tor-relays mailing list