Waendeshaji wa Relay

Exit inapo sanidiwa vibaya au hasidi inapoingia kwenye bendera mbaya ya Exit. Hii uiambia Tor kuzuia kutoka kupitia relay hio. Katika athari, relay ya bendera hii huwa hazitoki. Kama umepata bendera hii huenda tumegundua tatizo au shughuli za mashaka pale unapoperuzi kutumia exit yako na hatuwezi kuwasiliana na wewe. Tafadhali watafute timu ya relay mbaya ili tuweze kutatua tatizo.

Kwa kuwa sasa imekuwa guard, watumiaji wanaitumia kwa uchache katika nafasi zingine, lakini sio watumiaji wote wamezitoa guards zao zilizopo kuanza kutumiaka kama guard. Soma taarifa zaidi katika blog post or in Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor.

Ndio, utaweza kutokujulika vizuri dhidi ya mashambulizi fulani.

Mfano mrahisi ni mshambuliaji ambaye ana idadi ndogo ya Tor relays. Wataona muunganisho kutoka kwako, lakini haitaweza kutambau kama muunganiko uliotokea kwenye kompyuta yako au ulichelewa kutoka kwa mtu mwingine.

Kuna baadhi ya masuala ambayo hayaonekani kusaidia, Ikiwa mshambuliaji ataangalia usafirishwa wako wa data za kutoka na kuingia, hapo ni rahisi kwao kujifunza muunganiko umbao ulichelewa ambao unakaribia kuanza. (Katika suala hili haziwezi kuendelea kujua mwisho wako isipokuwa wakiwa wanakuangalia, lakini wewe sio mzuri zaidi ungekuwa mteja wa kawaida.)

Pia kuna baadhi ya hasara ya kutumia Tor relay. Kwanza, wakati tuna relay mia chache tu, ukweli ni kwamba wakati unatumia mtu anaweza kuashiria kuwa mashambulia ambayo umeyaweka katika thamani kubwa ya kutokujulikana kwako. Halafu, kuna mashambulizi zaidi esoteric ambayo bado hayajaeleweka vizuri au hayajapimwa vizuri ambayo hujumuisha matumizi ya maarifa katika kutumia relay -- kwa mfano, mshambuliaji anaweza "kuangalia" kama umetuma data hata kama hawawezi kuutazama mtandao wako, kwa ushafirishwa wa relay kupitia Tor relay yako na kugundua mabadiliko katika muda wa usafirishwaji wa data.

Ni swalai la tafiti lililowazi kama manufaa yanazidi hatari. Mengi zaidi ambayo hutegemea shambulio ambalo unaliogopa. Kwa watumiaji wakuu, tunafikiria ni hatua nzuri.

Chaguo la kuhesabu katika file la torrc inakuruhusu kubainisha kiasi cha juu cha matumizi ya bytes cha relay kwa muda.

    AccountingStart day week month [day] HH:MM

Hii hubainisha wakati wa kuhesabu unapaswa kujipangilia, Kwa mfano, ili kupangilia jumla ya kiasi cha bytes kilichohifadhiwa kwa wiki (ambayo inapangiliwa upya kila jumatano saa 10:00 asubuhi), unaweza kuitumia:

    AccountingStart week 3 10:00
    AccountingMax 500 GBytes

Hii hubainisha kiasi cha juu cha data cha rilei yako kitakachotumwa kipindi inahesabu, na kiwango cha juu cha data cha rilei yako kitakacho pokea wakati wa kuhesabu. Wakati kipindi cha kuhesabu kinapojipangalia (kutoka AccountingStart), kisha hesabu AccountingMax inajipangilia kuwa 0.

Kwa mfano: Hebu tusema unataka kuruhusu 50 GB za usafirishwaji wa data katika kila upande na kuhesabu kunapaswa kupangiliwa adhuri kila siku:

    AccountingStart day 12:00
    AccountingMax 50 GBytes

Kumbuka kuwa relay yako haiwezi kuamka kikamilifu mwanzoni wa kila kipindi cha kuhesabu. Itaendelea kufuatilia jinsi unavyotumia mgao haraka katika kipindi cha mwisho, na uchague vituo visivyo katika mpangilio katika kipindi kipya cha kuamka. Kwa njia hii tunaepuka kuwa na mamia ya relays yanayofanya kazi kuanzia mwanzo kwa kila mwezi kati ya hizo zinaendelea kuwa hai hadi mwisho.

Ikiwa una kiasi kidogo cha kiwango cha data cha kutoa kulinganisha na kasi ya mtandao wako, tunapendekeza tumia mfumo wa kila siku wa kuhesabu, ili usiishie kutumia mgao wako wote kila mwezi katika siku ya kwanza. Gawanya kiasi chako mwezi kwa 30. Unapaswa pia kuzingatia kikomo cha kiwango ili kueneza manufaa yako ya kasi kwa zaidi ya siku: Ikiwa unataka kutoa X GB katika kila upande, unapaswa kupangalia RelayBandwidthRate yako kwa 20*X KBytes. Kwa mfano, Ikiwa una 50 GB za kutoa kila njia, unapaswa kupangilia RelayBandwidthRate yako kwa 1000 KBytes: kwa njia hii relay yako daima itakuwa na manufaa kwa angalau nusu ya kila siku.

    AccountingStart day 0:00
    AccountingMax 50 GBytes
    RelayBandwidthRate 1000 KBytes
    RelayBandwidthBurst 5000 KBytes # huruhusu utumiaji wa data kwa kiwango cha juu lakini hudumisha matumizi ya wastani

Tumedhamiria kuweka mpangilio Tor relay kuwa rahisi na inayowezekana:

  • Ni sawa kama relay wakati mwingine inatoka mtandaoni. Saraka la kutoa taarifa kwa haraka sana itasitisha kuitangaza relay. Jaribu kuhakikisha kuwa haiwi marakwamara, sababu mawasiliano kwa kutumia relay inapokuwa imeacha kujiunganisha yanavunjika.
  • Kila Tor relay inaexit policy ambazo zinabainisha aina gani ya vifaa toka nje vinaruhusiwa kuunganisha au vinakaliwa na relay. Kama haujisikii vizuri kuruhusu watu kutoka katika relay yako, unaweza kupangilia kuruhusu tu mawasiliano katika Tor relay zingine.
  • Relay yako kwa ukimya itakadilia na kutangaza kiwango cha data kilichosafirisha muda mfupi, kwa hiyo relay yenye kiwango kikubwa cha usafirishaji wa data utavutia zaidi watumiaji wengi kuliko yenye kiwango kidogo. Kwahiyo, kuwa na relay yenye uwezo mdogo inafaa pia.

BridgeDB hutekeleza njia 6 za utaratibu katika kusambaza bridges: HTTPS, Moat, Email, Telegram, Settings na Reserved. Waendeshaji wa Bridge wanaweza kuangalia njia zipi za kutumia bridge zao, katika Relay Search. Ingiza bridge's <HASHED FINGERPRINT> katika aina na bofya "Search".

Muendeshaji unaweza pia kuchagua njia ipi ya usambazaji kwa watumiaji wake wa bridge. Kubadili njia, boresha BridgeDistribution setting in the torrc file to one of these: https, moat, email, telegram, settings, none, any.

Soma zaidi juu ya muongozo wa Bridges post-install.

Hapana. Ikiwa idara ya usalama wa sheria itaanza kuonyesha nia ya kufuatilia usafirishaji wa data kutoka kwenye kifaa chako cha kupeleka mtandao (exit relay), ni sawa kabisa kama maafisa wanaweza kukamata kompyuta yako. Kwa sababu hiyo, njia bora si kutumia exit ralay nyumbani kwako au kutumia mtandao wako wa nyumbani.

Badala yake, fikiria kuendesha exit relay yako ya kutokea katika kituo cha biashara ambacho kinaiunga mkono Tor. Kuwa na anwani ya IP tofauti kwa ajili ya kifaa chako cha kutoa mtandao (exit relay), na usiruhusu usairishaji wa data yako mwenyewe ipite kupitia hiyo. Bila shaka, unapaswa kuepuka kuweka habari yoyote nyeti au binafsi kwenye kompyuta inayohifadhi exit relay yako.

Kuna machaguo mawili unaweza kuongeza faili lako la torrc:

BandwidthRate kiwango cha juu cha muda mrefu cha bandwidth ndicho kinachoruhusiwa (baiti kwa sekunde). Kwa mfano, unaweza kuhitaji kuchagua "BandwidthRate 10 MBytes" kwa 10 megabytes kwa sekunde (kwa muunganisho wa haraka) au "BandwidthRate 500 KBytes" kwa 500 kilobytes kwa sekunde (kwa muunganiko sakiti uliokubalika). Mpangilio wa Kiasi kidogo cha BandwidthRate ni 75 kilobytes kwa sekunde.

BandwidthBurst ni mchanganyiko wa alama, herufi, na namba wa baiti zinazotumika kutimiza maombi kwa kipindi cha muda mfupi wa usafirishwaji wa data katika BandwidthRate lakini ikiendelea kuhifadhi kwa wastani wa muda mrefu wa BandwidthRate. Kiwango cha chini lakini Kiwango cha juu cha Kupasuka hutekeleza wastani wa muda mrefu huku kikiruhusu usafirishwaji wa data zaidi wakati wa kilele ikiwa wastani haujafikiwa hivi karibuni. Kwa mfano, Kama utachagua "BandwidthBurst 500 KBytes" na pia ukatumia kwa BandwidthRate yako, hapo huwezi kutumia zaidi ya 500 Kilobytes kwa sekunde, lakini ikiwa unachagua BandwidthBurst kubwa (kama 5 MBytes), Itaruhusu bytes zaidi kupita hadi pale hifadhi sata itakapokuwa wazi.

Ikiwa una muunganiko ulioshindwa kuunganisha (pakia kiasi zaidi ya unachopakua) kama vile sakiti ya modem, unapaswa kupangilia BandwidthRate kwa kiasi pungufu zaidi ya kiwango kidogo cha data (kwa kawaida ambazo zinapakia kiwango cha data). Vinginevyo, unaweza kuacha pakiti nyingi wakati wa matumizi ya kiwango kikubwa cha data - utahitaji kufanya jaribio ambalo thamani yake itafanya muunganiko wako kuwa na utulivu. Halafu pangilia BandwidthBurst kuwa sawa na BandwidthRate.

Sehemu inayotuma data ya Linux kutoka sehemu moja kwenda ingine katika Tor ina chaguo lingine la kuzitoa: wanaweza kuweka kipaumbele kwa usafirishwaji wa data za Tor katika njia nyingine ya usafirishwaji data katika kifaa chao, kwa hiyo usharishwaji wa data zao binafsi haziwezi kuathiriwa na mzigo uliobebwa na Tor. A script to do this inaweza kupatikana katika saraka ya mchangi wa usambazaji wa chanzo cha Tor.

Zaidi ya hayo, Kuna machaguzi ya kutumia nishati ndogo ambapo unaweza kusema Tor pekee huhifadhi kiwango fulani cha kipimo cha data kwa kipindi cha muda (kama vile 100GB kwa mwezi). Hizi huhifadhiwa katika hibernation entry.

Kumbuka kuwa BandwidthRate na BandwidthBurst zipo katika Bytes, na sio Bits.

Kwa nini mzigo wa Relay hutofautiana

Tor inasimamia upana wa mtandao mzima. Inafanya kazi nzuri kwa zaidi ya maeneo ya relays. Lakini malengo ya Tor ni tofauti na utaratibu kama BitTorrent. Tor inataka kurasa za wavuti zenye kuchelewa kidogo, ambazo zinahitaji uhusiano wa haraka wenye nafasi ya ziada. BitTorrent zinataka kupakua kwa wingi, mahitaji gani yanatumia vipimo data vyote.

tunafanyia kazi new bandwith scanner, ambayo ni rahisi kuelewa na kudumisha. Itakuwa na uchambuzi kwa ajili ya relay ambayo haijapimwa na relay ambazo zina vipimo vidogo.

Kwa nini Tor inahitaji skana ya kipimo data?

Watoa huduma wengi hukwambia kasi kubwa zaidi ya uunganisho wako wa ndani. Lakini Tor ina watumiaji wote duniani, na watumiaji wetu hujiunganisha na guar relay moja au mbili bila mpangilio. Hivyo tunahitaji kujua vizuri jinsi relay inavyoweza kuunganisha ulimwengu mzima.

Kwa hivyo hata kama waendeshaji wote wa rilei wataweka kipimo data chao kilichotangazwa kwa kasi ya muunganisho wao wa karibu bado tutahitaji mamlaka ya kipimo data kusawazisha mzigo kati ya sehemu tofauti za intaneti.

Mzigo wa kawaida wa relay ni nini?

Ni kawaida kwa baadhi ya relays kupakiwa kwa asilimia 30%-80% kulingana na uwezo. hii nzuri kwa watumiaji: relay iliozidiwa ina utulivu wa hali ya juu. (Tunataka relay za kutosha ili kila relay izunguke kwa 10%. Ndipo Tor itakua haraka kama mtandao mapana).

Wakati mwingine, relay huchelewa kwa sababu ya kasi ndogo ya kichakata au uhusiano wake umepunguzwa. Wakati mwingine, mtandao ndio unaosababisha kupungua kasi: relay kina mawasiliano mabovu na kiunganishi kingine cha tor au kipo mbali sana.

Kutafuta nini kinaizuia Relay

Vitu vingi vinaleta chini relay. hapa ni jinsi ya kuchukua data kwa chini.

Mipaka ya mfumo

  • Angalia RAM, CPU na soketi/utumiaji wa maelezo ya faili kwenye relay yako

kumbukumbu ya baadhi ya Tor kama zikianzishwa. zingine zinaweza kuonyeshwa kwa vifaa sawa.

Mipaka ya mtoa huduma

  • Angalia utazamaji wa mtandao (kipimo data, utulivu) kutoka kwa mtoa huduma wako wa relay kwenda kwenye relay ngingine. Relays zinazosafirishwa kupitia Comcast yamekuwa polepole wakati mwingine. Relays nje ya Amerika ya Kaskazini na Magharibi mwa Ulaya kawaida huwa ipo taratibu.

Mipaka ya mtandao wa Tor

Upana wa mtandao wa kiwango cha usafirishaji wa data kwa relay unaweza kupunguzwa na upana wa mtandao ulioonekana wa kiwango cha usafirishaji wa data, au kupimwa na directory authorities. Hii hapa ni namna ya kutafuta kipimo kivi kimezuia relay yako:

  • Angalia kila kura kwenye relay yako kwenye (ukurasa mkubwa) wa afya -consensus, na angalia wastani. Kama relay yako haijawekwa alama kutumia baadhi ya directory authorities:
    • Ina anwani isiyo sahihi ya IPv4 au IPv6?
    • Ni anwani ya IPv4 au IPv6 ambayo haipatikani kwa baadhi ya mitandao?
    • Kuna zaidi ya Relay 2 kwenye anwani ya IPv4?

Wakati mwingine, angalia kasi ya relay ya uchunguzi wa kiwango cha data inayosafirishwa. Angalia relay yako kwenye Metrics. Kisha weka mouse juu ya kiwango cha data kuona kiwango cha relay na kiwango cha usafirishaji wa data.

Hizi ni baadhi ya taarifa na baadhi ya mifano: Drop in consensus weight na Rampup speed of Exit relay.

Narekebishaje

Nambari ndogo zaidi kati ya hizi inapunguza wigo wa kiwango cha usafirishaji wa data uliotengwa kwa ajili ya relay.

  • Kama kiwango cha kipimo data, inaongeza Bandwidthrate/ Burst au RelayBandwidthRate/ Burst kwenye torrc yako.
  • Kama kipimo data kimezingatiwa, relay yako haitakuuliza kwa ajili ya kipimo data zaidi hadi inapojiona imekua haraka. unatakiwa kufanyia kazi kwanini ipo chini.
  • Kama wastani ulipimwa na kipimo data, relay yako itaonekana polepole kutoka kwenye mamlaka nyingi za kipimo data. unatakiwa kufanyia kazi kwanini wanapima ikiwa chini.

Kufanya vipimo vyako vya Relay

Kama relay yako inashani ni polepole au mamlaka ya kipimo data hudhani ni polepole, unaweza ukapima kipimo data mwenyewe:

  • Endesha jaribio kwa ukitumia tor kuona jinsi tor inavyoenda haraka kwenye mtandao wako

    Kwa hii, unahitaji kusanidi mteja wa tor kutumia tumia rileia yako kama kiingilio. Ikiwa rilei yako in bendera ya Guard tu weka EntryNodes na alama ya vidole ya rilei yako katika torrc. Ikiwa rilei yako haina bendera ya Guard au ina bendera za Guard na Exit unaweza kuweka rilei yako kama nodi ya kuingia (angalia https://gitlab.torproject.org/tpo/core/tor/-/issues/22204) lakini unaweza kuiweka kama kiungo hata kama si kiungo. Kuweka rilei yako kama kiungo, ongeza kwa torrc yako:

    Bridge <ip>:<port>
    UseBridge 1
    

    Halafu pakua faili kubwa kwa kutumia SocksPort yako kama proksi ya socks. Kwa hii unaweza tumia curl k.m:

    curl https://target/path --proxy socks5h://<user>:<password>@127.0.0.1:<socks-port>
    

    Kutumia user/password tofauti inahakikisha sakiti tofauti. Unaweza kutumia $RANDOM.

    Hiyo itakupa wazo la kiasi gani cha trafiki rilei yako inaweza kuendeleza.

    Vinginevyo, unaweza kuendesha relay_bw ili kujaribu rilei yako kwa kutumia sakiti ya 2hops, kwa njia sawa na sbws hufanya.

  • Endesha kipimo ukitumia Tor na chutney kutambua namna gani tor ina haraka kwenye CPU yako. Endelea kuongeza kiasi cha data hadi kipimo data kikome kuongezeka.

Tor inakisia anwani yake ya IP kwa kuuliza kompyuta yake jina lake la msimamizi wa tovuti, na kisha kutatua jina hilo la msimamizi wa tovuti. Mara nyingi watu huwa na maelezo ya zamani katika faili yao ya /etc/hosts ambayo inaelekeza kwa anwani za zamani za IP.

Ikiwa hiyo haitatatua tatizo hilo, unapaswa kutumia chaguo la "Anwani" kwenye mipangilio ili kueleza anwani ya IP unayoitaka ichague. Ikiwa kompyuta yako iko nyuma ya NAT na ina anwani ya IP ya ndani tu, tafadhali tazama ingizo lifuatalo la Usaidizi kwenye anwani za IP za kudumu.

Pia, ikiwa una anwani nyingi, unaweza kutaka kuweka "OutboundBindAddress" ili uhusiano wa nje uje kutoka kwa anwani ya IP unayotaka kuonesha ulimwenguni.

Kwa maneno rahisi, inafanya kazi kama hivi:

  • Hapa kuna faili la msingi la alama za kipekee lenye utambulisho ed25519 huitwa "ed25519_master_id_secret_key". Hili ndilo la muhimu zaidi, kwahiyo hakikisha unaweza ku backup mahali salama - faili nyeti na inapaswa kulindwa. Tor inaweza kusimba kwa njia fiche kwako kama ukizalisha wa manual na uweke neno siri wakati ikiuliza.
  • Ufunguo wa kutia sahihi wa muda wa wastani unaoitwa "ed25519_signing_secret_key" huundwa kwa matumizi ya Tor. Pia, cheti kinatokana na jina "ed25519_signing_cert" ambayo imetiwa saini na ufunguo msingi wa siri wa kitambulisho na inathibitisha kuwa ufunguo wa kutia saini wa muda wa kati ni halali kwa kipindi fulani cha muda. Uhalali wa cgaguo la msingi ni siku 30, lakin hii inaweza kua imeboreshwa kwa mpangilio "SigningKeyLifetime N siku|wiki|miezi" kwa torrc.
  • Pia kuna ufunguo wa mwanzo wa umma unaoitwa "ed25519_master_id_public_key", ndio utambulisho halisi wa relay unaotangazwa kwenye mtandao. Hii moja sio nyeti na inaweza kua rahisi kutoka "ed5519_master_id_secret_key".

Tor itahitaji upatikanaji wa kati ufunguo wa kusaini na cheti ikiwa tu ni halali, kwa hivyo ufunguo msingi wa siri wa utambulisho unaweza kuwekwa nje ya DataDirectory/funguo, kwenye hifadhi ya midia au kompyuta tofauti. Utatakiwa kuifanya mpya tena saini ya funguo na cheti kabla ya kuisha muda wake vinginevyo hatua za Tor kwenye relay itatoka katika muda wake wa kuisha kutumika.

kipengele hiki ni hiari, hauwezi kukitumia isipokua ukikihitaji. Ikiwa unataka relay kuendelea bila kushughulikiwa kwa muda bila kua na manual kwa kipindi cha kati kutia sahihi kusasisha ufunguo mara kwa mara, bora zaidi kuacha ufunguo msingi wa siri wa utambulisho katika DataDirectory/funguo, weka tu nakala rudufu ikiwa utahitaji kukisakinisha tena. Ikiwa unataka kutumia kipengele hiki, unaweza kushauriana zaididetailed guide kwenye mada.

uunganisho wote unaotoka lazima iruhusiwe, hivyo kila relay inaweza kuwasiliana na relay nyingine kila siku.

Katika mahakama nyingi, waendeshaji wa Tor relay wamelindwa kisheria kwa miongozo sawa ambayo huzuia watoa huduma za mtandao kuweza kupata maudhui ambayo hupita kupitia mtandao wao. Exit Relay ambazo zinachuja baadhi ya peruzi inaendana na ulinzi wote.

Tor hutoa upatikananji wa mdandao bure bila muingiliano. Relay za Kutoka hazipaswi kufanya uchujaji wa usafirisshaji wa data inayopita kupitia kwao kwenda mtandaoni. Matokeo ya uchunguzi yanapoonyesha ya kwamba mtandao wa Exit umepunguza kasi ya usafirishaji wa data wa BadExititawekwa kwenye kituo hicho mara baada ya kugunduliwa.

Unaweza kuendesha relay kwa kuzingatia mafunzo yafuatayo:

Unaweza kuendesha kompyuta ya relay kama unaweza kuiendesha kwa 24/7. Ikiwa huwezi kuhakikisha hilo, snowflake ni njia nzuri zaidi ya kuwasilisha rasilimali zako kwenye mtandao wa Tor.

  • Exit relay ni aina ya relay inayohitajika zaidi pia inakuja na hatari kubwa ya kisheria (na hutakiwi kutumia kwenye simu yako).
  • Kama unataka kutumia relay kwa nguvu ndogo, guard relay haraka pia ni muhimu sana
  • Inafuatiwa na bridge.

Safi. Ikiwa unataka kutumia relays mbalimbali ili kutoa zaidi kwenye mtandao, tutafurahi kwa hili. Tafdhali lakini usiendeshe zaidi ya dazini chache katika mtandao ule, kwani sehemu ya lengo la mtandao wa Tor zimetawanyika na zina utofauti.

Ikiwa umeamua kuendesha relay zaidi ya moja, tafadhali pangilia "MyFamily" chagua sanidi katika torrc kwa kila relay, orodhesha relay zote (ikitenganisha na koma) ambazo ziko chini ya udhibiti wako:

MyFamily $fingerprint1,$fingerprint2,$fingerprint3

wakati kila fingerprint ni alama 40 bila nafasi kutambua fingerprint (bila kuweka nafasi).

Njia hiyo, Watumiaji wa Tor watajua namna ya kuepuka kutumia relay zako zaidi ya moja katika circuit moja. Unatakiwa kupangilia MyFamily kama una udhibiti wa kiuatawala katika kompyuta au mitandao yao, hata kama wote hawapo katika eneo moja kijografia.

Tor inaweza kushughulikia relays na anwani za IP zinazo badilika kwa ufasaha. Acha tu mstari wa "Anwani" uliowazi katika torrc, na Tor itabashiri.

Upo sahihi, kwa sehemu kubwa, Byte kuingia kwenye Tor relay kunamaanisha baytes moja kutoka nje, na vivyo hivyo. Lakini kuna baadhi ya ubaguzi:

Ikiwa umefungua DirPort yako, kisha mtumiaji wa Tor atakuuliza nakala ya saraka. Ombi wanalofanya (HTTP GET) ni dogo sana, na majibu yake muda mwingine ni makubwa sana. Hii inawezekana ndio sababu kubwa ya tofauti kati ya idadi ya bytes"andika" na idadi ya bytes "soma".

Ubaguzi mwingine mdogo huonesha wakati unapofanya kazi kama exit node, na ukasoma baiti chache kutoka muunganiko wa kutoka (Kwa mfano, ujumbe wa papo kwa hapo au mawasiliano ya ssh) na kufunika ndani ya seli nzima ya baiti 512 kwa usafirishaji kupitia mtandao wa Tor.

Ikiwa unatumia Debian au Ubuntu hususani, tafadhali tumia hazina ya mradi wa Tor ili uweze kupokea masasisho kwa urahisi. Kwa kuongeza, kutumia kifurushi hutoa manufaa nyingine:

  • ulimit -n yako huwekwa kwa nambari ya juu kwa hivyo Tor inaweza weka wazi miunganisho yote inayohitaji.
  • Kifurushi huunda na kutumia mtumiaji tofauti, kwa hivyo hauitaji kuendesha Tor kama mtumiaji wako mwenyewe.
  • Kifurushi kinajumuisha hati ya init kwa hivyo Tor inaendesha kwenye boot.
  • Tor inaweza kufunga bandari za nambari ya chini, kisha ikashusha vipaumbele.

Katika utafutaji wa relay tunaonyesha nukta ya njano baada ya relay nickname inapokuwa imezidiwa. Hii inamaanisha kuwa moja au zaidi ya vipimo vifuatavyo vya metrics vimesababisha:

Kumbuka kua ikiwa relayimefikia kwa kiasi kikubwa tutaonesha kwenye masaa 72 baada ya relay kua sawa.

Ikiwa umegundua kua relay yako imejaa tafadhali:

1.angalia https://status.torproject.org/ kwa suala lolote linalojulikana kwa "mtandao wa Tor" kwa kila kundi.

  1. zingatia tuningsysctlkwa mfumo wako kwa mtandao, kumbukumbu na uwezo wa CPU.

  2. Zingatia kuwezeshaMetricsPort kuelewa nini kinatokea.

Geuzasysctl kwa ajili ya mtandao, memory na CPU

matokeo ya TCP port

Ikiwa unauzoefu port ya TCP fikiria kuongeza safu yako ya port kwa karibu. Unaweza kufanya hili na

# sysctl -w net.ipv4.ip_local_port_range="15000 64000"

au

# echo 15000 64000 > /proc/sys/net/ipv4/ip_local_port_range

Kumbuka kwamba tuni sysctl imeelezea sio ya kudumu na itapotea baada ya kuanza upya. Unahitaji kuongeza usanidi katika /etc/sysctl.conf or to a file in /etc/sysctl.d/ kuifanya iwe ya kudumu.

Metricsport

Kuelewa ustawi wa vituo vya Tor na mtandao wa Tor ni muhimu kutoa na kuwa na ufikiaji wa takwimu za relay. Taarifa za Relay zilizozidi zimeongezwa katika maelekezo ya relay descriptors tangu 0.4.6+ lakini haikuwa mpakal Tor >= 0.4.7.1-alpha ambayo seva ya relay husika ilikuwepo katika kifaa cha metrics.

kuwezesha Metricsport

Tor inatoa ufikiaji wa vipimo vya seva kupitia chaguo la usanidi wa torrc linaloitwa MetricsPort.

Ni muhimu kuelewa kua imefichua tor MetricPort ni hatari kwenye mtandao wa watumiaji wa Tor, Hii ni kwasababu kua port haijawashwa na ufikiaji wake unatakiwa kusimamiwa na sera ya ufikiaji. Tfadhali chukua tahadhali ya ziada unapofungua kifaa hiki, na ifunge unapomaliza kutatua dosari.

Hebu tufikirie wewe ni mtumiaji pekee kwenye seva inayoendesha Tor relay. Unaweza kuwezesha sakiti ya metrics kwa kuongeza hii katika faili lako la torrc:

MetricsPort 127.0.0.1:9035
MetricsPortPolicy accept 127.0.0.1

Na kisha utaweza kupata vipimo kwa urahisi na:

# curl http://127.0.0.1:9035/metrics

Ambazo kwa asili yake zipo katika mfumo wa kuhifadhi data kulingana na muda.

taarifa kila mtumiaji ambae seva yake inaweza kufikia hizo relay metrics kwenye mfano huo. Kwa ujumla, weka sera kali ya ufikiaji ukitumia MetricsPortPolicy na uzingatie kutumia vipengele vyako vya firewall vya mifumo ya uendeshaji kwa ulinzi wa kina.

kwa maelezo zaidi kuhusu MetricsPortnaMetricsPortPolicyangalia ukurasa wa mtumiaji wa Tor.

metricsPort output

hapa kuna mfano wa matokeo yanayowezesha MetricsPortitazalisha (tulitoa vipimo vyote vinavyohusisha kudhibiti muingiliano kuweka usawa):

# HELP tor_relay_connections Total number of opened connections
# TYPE tor_relay_connections gauge
tor_relay_connections{type="OR listener",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="OR listener",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="OR listener",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="OR listener",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="OR",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="OR",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="OR",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="OR",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Exit",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Exit",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Exit",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Exit",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Socks listener",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Socks listener",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Socks listener",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Socks listener",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Socks",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Socks",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Socks",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Socks",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Directory listener",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Directory listener",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Directory listener",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Directory listener",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Directory",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Directory",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Directory",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Directory",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Control listener",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Control listener",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Control listener",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Control listener",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Control",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Control",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Control",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Control",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Transparent pf/netfilter listener",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Transparent pf/netfilter listener",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Transparent pf/netfilter listener",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Transparent pf/netfilter listener",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Transparent natd listener",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Transparent natd listener",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Transparent natd listener",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Transparent natd listener",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="DNS listener",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="DNS listener",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="DNS listener",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="DNS listener",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Extended OR",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Extended OR",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Extended OR",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Extended OR",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Extended OR listener",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Extended OR listener",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Extended OR listener",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Extended OR listener",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="HTTP tunnel listener",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="HTTP tunnel listener",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="HTTP tunnel listener",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="HTTP tunnel listener",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Metrics listener",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Metrics listener",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Metrics listener",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Metrics listener",direction="received",state="opened",family="ipv6"} 0
tor_relay_connections{type="Metrics",direction="initiated",state="opened",family="ipv4"} 0
tor_relay_connections{type="Metrics",direction="initiated",state="opened",family="ipv6"} 0
tor_relay_connections{type="Metrics",direction="received",state="opened",family="ipv4"} 0
tor_relay_connections{type="Metrics",direction="received",state="opened",family="ipv6"} 0
# HELP tor_relay_connections_total Total number of created/rejected connections
# TYPE tor_relay_connections_total counter
tor_relay_connections_total{type="OR listener",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="OR listener",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="OR listener",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="OR listener",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="OR listener",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="OR listener",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="OR",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="OR",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="OR",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="OR",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="OR",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="OR",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Exit",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Exit",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Exit",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Exit",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Exit",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Exit",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Socks listener",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Socks listener",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Socks listener",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Socks listener",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Socks listener",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Socks listener",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Socks",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Socks",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Socks",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Socks",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Socks",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Socks",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Directory listener",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Directory listener",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Directory listener",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Directory listener",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Directory listener",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Directory listener",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Directory",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Directory",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Directory",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Directory",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Directory",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Directory",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Control listener",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Control listener",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Control listener",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Control listener",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Control listener",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Control listener",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Control",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Control",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Control",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Control",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Control",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Control",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Transparent pf/netfilter listener",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Transparent pf/netfilter listener",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Transparent pf/netfilter listener",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Transparent pf/netfilter listener",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Transparent pf/netfilter listener",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Transparent pf/netfilter listener",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Transparent natd listener",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Transparent natd listener",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Transparent natd listener",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Transparent natd listener",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Transparent natd listener",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Transparent natd listener",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="DNS listener",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="DNS listener",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="DNS listener",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="DNS listener",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="DNS listener",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="DNS listener",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Extended OR",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Extended OR",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Extended OR",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Extended OR",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Extended OR",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Extended OR",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Extended OR listener",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Extended OR listener",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Extended OR listener",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Extended OR listener",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Extended OR listener",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Extended OR listener",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="HTTP tunnel listener",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="HTTP tunnel listener",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="HTTP tunnel listener",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="HTTP tunnel listener",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="HTTP tunnel listener",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="HTTP tunnel listener",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Metrics listener",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Metrics listener",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Metrics listener",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Metrics listener",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Metrics listener",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Metrics listener",direction="received",state="rejected",family="ipv6"} 0
tor_relay_connections_total{type="Metrics",direction="initiated",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Metrics",direction="initiated",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Metrics",direction="received",state="created",family="ipv4"} 0
tor_relay_connections_total{type="Metrics",direction="received",state="created",family="ipv6"} 0
tor_relay_connections_total{type="Metrics",direction="received",state="rejected",family="ipv4"} 0
tor_relay_connections_total{type="Metrics",direction="received",state="rejected",family="ipv6"} 0
# HELP tor_relay_flag Relay flags from consensus
# TYPE tor_relay_flag gauge
tor_relay_flag{type="Fast"} 0
tor_relay_flag{type="Exit"} 0
tor_relay_flag{type="Authority"} 0
tor_relay_flag{type="Stable"} 0
tor_relay_flag{type="HSDir"} 0
tor_relay_flag{type="Running"} 0
tor_relay_flag{type="V2Dir"} 0
tor_relay_flag{type="Sybil"} 0
tor_relay_flag{type="Guard"} 0
# HELP tor_relay_circuits_total Total number of circuits
# TYPE tor_relay_circuits_total gauge
tor_relay_circuits_total{state="opened"} 0
# HELP tor_relay_streams_total Total number of streams
# TYPE tor_relay_streams_total counter
tor_relay_streams_total{type="BEGIN"} 0
tor_relay_streams_total{type="BEGIN_DIR"} 0
tor_relay_streams_total{type="RESOLVE"} 0
# HELP tor_relay_traffic_bytes Traffic related counters
# TYPE tor_relay_traffic_bytes counter
tor_relay_traffic_bytes{direction="read"} 0
tor_relay_traffic_bytes{direction="written"} 0
# HELP tor_relay_dos_total Denial of Service defenses related counters
# TYPE tor_relay_dos_total counter
tor_relay_dos_total{type="circuit_rejected"} 0
tor_relay_dos_total{type="circuit_killed_max_cell"} 0
tor_relay_dos_total{type="circuit_killed_max_cell_outq"} 0
tor_relay_dos_total{type="marked_address"} 0
tor_relay_dos_total{type="marked_address_maxq"} 0
tor_relay_dos_total{type="conn_rejected"} 0
tor_relay_dos_total{type="concurrent_conn_rejected"} 0
tor_relay_dos_total{type="single_hop_refused"} 0
tor_relay_dos_total{type="introduce2_rejected"} 0
# HELP tor_relay_load_onionskins_total Total number of onionskins handled
# TYPE tor_relay_load_onionskins_total counter
tor_relay_load_onionskins_total{type="tap",action="processed"} 0
tor_relay_load_onionskins_total{type="tap",action="dropped"} 0
tor_relay_load_onionskins_total{type="fast",action="processed"} 0
tor_relay_load_onionskins_total{type="fast",action="dropped"} 0
tor_relay_load_onionskins_total{type="ntor",action="processed"} 0
tor_relay_load_onionskins_total{type="ntor",action="dropped"} 0
tor_relay_load_onionskins_total{type="ntor_v3",action="processed"} 0
tor_relay_load_onionskins_total{type="ntor_v3",action="dropped"} 0
# HELP tor_relay_exit_dns_query_total Total number of DNS queries done by this relay
# TYPE tor_relay_exit_dns_query_total counter
tor_relay_exit_dns_query_total 0
# HELP tor_relay_exit_dns_error_total Total number of DNS errors encountered by this relay
# TYPE tor_relay_exit_dns_error_total counter
tor_relay_exit_dns_error_total{reason="success"} 0
tor_relay_exit_dns_error_total{reason="format"} 0
tor_relay_exit_dns_error_total{reason="serverfailed"} 0
tor_relay_exit_dns_error_total{reason="notexist"} 0
tor_relay_exit_dns_error_total{reason="notimpl"} 0
tor_relay_exit_dns_error_total{reason="refused"} 0
tor_relay_exit_dns_error_total{reason="truncated"} 0
tor_relay_exit_dns_error_total{reason="unknown"} 0
tor_relay_exit_dns_error_total{reason="tor_timeout"} 0
tor_relay_exit_dns_error_total{reason="shutdown"} 0
tor_relay_exit_dns_error_total{reason="cancel"} 0
tor_relay_exit_dns_error_total{reason="nodata"} 0
# HELP tor_relay_load_oom_bytes_total Total number of bytes the OOM has freed by subsystem
# TYPE tor_relay_load_oom_bytes_total counter
tor_relay_load_oom_bytes_total{subsys="cell"} 0
tor_relay_load_oom_bytes_total{subsys="dns"} 0
tor_relay_load_oom_bytes_total{subsys="geoip"} 0
tor_relay_load_oom_bytes_total{subsys="hsdir"} 0
# HELP tor_relay_load_socket_total Total number of sockets
# TYPE tor_relay_load_socket_total gauge
tor_relay_load_socket_total{state="opened"} 0
tor_relay_load_socket_total 0
# HELP tor_relay_load_tcp_exhaustion_total Total number of times we ran out of TCP ports
# TYPE tor_relay_load_tcp_exhaustion_total counter
tor_relay_load_tcp_exhaustion_total 0
# HELP tor_relay_load_global_rate_limit_reached_total Total number of global connection bucket limit reached
# TYPE tor_relay_load_global_rate_limit_reached_total counter
tor_relay_load_global_rate_limit_reached_total{side="read"} 0
tor_relay_load_global_rate_limit_reached_total{side="write"} 0

wacha tujue baadhi ya mistari hii inamanisha nini:

tor_relay_load_onionskins_total{type="ntor",action="dropped"} 0

Unapoanza kuona "dropped" kwenye relay, kawaida ni tatizo la CPU/RAM.

Tor ni programu isiyo na uwezo wa kutumia vitambulishi vingi isipokuwa pale ambapo "onion skins" zinapochakatwa. "onion skins" ni kazi za kiptografia ambazo zinahitajika kufanyika katika "onion layers" zinazofahamika katika kila circuits.

Tor ikiwa inachakata matabaka tunatumia mkusanyiko wa wafanyakazi na kutoa katika vyanzo vya nje wote ambao wanafanya kazi hapo. Inaweza kutokea kua sehemu hii itaanza kuacha kazi kwa sababu ya kumbukumbu au presha ya CPU na hii itasababisha hali ya upakiaji kupitakiasi.

Ikiwa huduma yako inafanya kazi kwa uwezo hii inawezekana kuanzishwa.

tor_relay_exit_dns_error_total{...}

Ulinganishi wowote katika eneo la "*_dns_error_total" (isipokuwa ule wa maswali mafanikio) unaweza kuashiria tatizo linalohusiana na DNS. hivyo,tumegundua kipindi cha 0.4.7 kuachiwa kwa mzunguko ambao makosa ya DNS ni njia ambazo zina usumbufu na inajumuisha makosa mengi kutumika kwa njia chanya kutoa taarifa kwa malengo. Hivyo basi hatutumii tena kwa kusudio hilo tangu toleo la 0.4.6.9 na 0.4.7.4-alpha. Hata hivyo, bado tunahifadhi takwimu za DNS ili kumpa mwendeshaji wa msambazaji wa relay ufahamu wa kinachoendelea na msambazaji wao.

Matatizo ya muda wa DNS na makosa yanatumika tu kwenye nodi za kutoa.

tor_relay_load_oom_bytes_total{...}

Uwakilishi wa 'Out-Of-Memory' unamaanisha tatizo la RAM. Relay zinaweza kuhitaji RAM zaidi au itavujisha kumbukumbu. Ikiwa umegundua kua mchakato wa tor ni kumbukumbu iliyovuja, tafadhali toa taarifa kupitia Tor gitLab au tuma barua pepe kwenye tor-relays mailing list.

Tor ina kifaa chake cha OOM na kinaitwa wakati asilimia 75 ya kumbukumbu yote ambayo Tor inafikiri ipo, inafikiwa. Kwa hiyo, hebu sema Tor anafikiri anaweza kutumia jumla ya 2GB kwa hivyo kwenye matumizi ya kumbukumbu ya 1.5GB, itaanza kuachilia kumbukumbu. Hii inaonekana kama hali ya kuzidiwa.

Ili kukadiria kiasi cha kumbukumbu ambacho kinapatikana, unapoanza kutumia Tor, itatumia MaxMemInQueues au, kama haipo, itaangalia jumla ya RAM inayopatikana kwenye mfumo na kutumia algorithm hii:

    if RAM >= 8GB {
      memory = RAM * 40%
    } else {
      memory = RAM * 75%
    }
    /* Capped. */
    memory = min(memory, 8GB) -> [8GB on 64bit and 2GB on 32bit)
    /* Minimum value. */
    memory = max(250MB, memory)

Ili kuepuka hali ya kuzidiwa na kazi tunapendekeza kuendesha relay yenye RAM zaidi ya 2GB kwenye kompyuta yenye teknolojia ya 64biti. 4gb inashauriwa, jjapokuwa labda haiwezi kuathiri RAM kama unaweza.

Mmoja anaweza kutambua kuwa tor inaweza kuitwa na OS OOM yenyewe. Kwa sababu Tor inachukua kumbukumbu kamili kwenye mfumo wakati inapoanza, ikiwa mfumo mzima una programu nyingi zingine zinazotumia RAM, inamaliza kula kumbukumbu nyingi sana. Kwa kesi hii OS ingeweza kua OOM tor, bila tor hata kugundua ufanyaji kazi wa kumbukumbu.

tor_relay_load_socket_total

Ikiwa namba ya kufungua soketi imefungwa au sawa na soketi zote zinazopatikana alafu hii inaashiria relay inafanyakazi nje ya soketi. Suluhisho ni kuongeza ulimit -n katika mchakato wa tor.

tor_relay_load_tcp_exhaustion_total

Hii mistari inaonyesha relay inatumika zaidi Vifaa vya TCP.

Jaribu kuzingatiasysctl kama ilivyoelezwa hapo juu.

tor_relay_load_global_rate_limit_reached_total

ikiwa kihesabu hiki kitaongezwa kwa thamani fulani inayonekana kwa muda mfupi, relay itasongamana. Inauwezekano imetumia Guard kwa onion service au kwa DDoS inayoendelea kwenye mtandao.

Ikiwa relay yako bado imejaa na haujui ni kwanin, tafadhali wasiliana kupitianetwork-report@torproject.org. Unaweza kusimba barua pepe yako kwa kutumia [ network-report OpenPGP key.

  • Usitumie vifurushi katika hazina za ubuntu. Havijaboreshwa. Kama utazitumia, utakosa ulinzi imara.
  • Tambua toleo lako la Ubuntu kwa kutumia maelekezo yafuatayo:
     ‪$ lsb_release -c
    
  • Kama shina, ongeza mistari ifuatayo kwenda /etc/apt/sources.list. Badili na 'toleo' na toleo uliloliona katika ukurasa uliopita:
     deb https://deb.torproject.org/torproject.org version main
     deb-src https://deb.torproject.org/torproject.org version main
    
  • Ongeza funguo ya gpg kusaini kifurushi kwa kutumia maelezo yafuatayo:
     ‪$ curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | sudo apt-key add -
    
  • Endesha amri zifuatazo ili kupakua Tor na uangalie saini zake:
     ‪$ sudo apt-get update
     ‪$ sudo apt-get install tor deb.torproject.org-keyring
    

Unapoboresha rilei yako ya Tor au kuisogeza kwenye kompyuta tofauti, hakikisha kuweka ufunguo za utambulisho sawa (zilizohifadhiwa kwenye keys/ed25519_master_id_secret_key na keys/secret_id_key kwenye DataDirectory yako).

Ikiwa wewe ni mwendeshaji wa kiungo hakikisha pia kuwa umeweka pt_state/. Ina data inayohitajika ili kiungo chako kiendelee kufanya kazi na njia ile ile ya kiungo.

Kwa urahisi,kunakili tu juu ya DataDirectory nzima inapaswa kufanya kazi pia.

Unaweza kutaka kuweka nakala rudufu za funguo hizi za utambulisho, pamoja na pt_state kwa kiungo, ili uweze kurejesha rilei ikiwa kitu kitaenda vibaya.

Tor ina msaada kwa sehemu ya IPv6 na tunawahimiza kila muendeshaji wa relay ku wezesha utendaji wa IPv6 katika torrc faili zake usanidi wakati muunganisho wa IPv6 unapatikana. Kwa sasa Tor inahitaji anwani za IPv4 katika relays, huwezi kutumia Tor relay katika kumiliki anwani pekee za IPv6.

Kama Tor relay yako inatumia kumbukumbu zaidi kuliko ulivyotaka, pata baadhi ya dondoo za kupunguza footprint yake:

  • Ikiwa upo katika Linux, unaweza kukutana na tatizo la kupoteza mgawanyiko wa kumbukumbu katika sehemu tofautitofauti katika utendaji wa glibc's malloc. Hii inamaanisha kwamba, wakati Tor inapoachilia kumbukumbu kurudi kwenye mfumo, vipande vya kumbukumbu huwa vimegawanyika na hivyo ni vigumu kuvitumia tena. Faili la kutunza kumbukumbu la Tor husafiri na utendaji wa OpenBSD's malloc, ambayo haina matatizo mengi ya kuhifadhi kumbukumbu katika sehemu tofauti (lakini inahitajika CPU zaidi). Unaweza kuiambia Tor kutumia huu utendaji wa malloc badala: ./configure --enable-openbsd-malloc.
  • IKama unatumia relay yenye kasi kubwa, inamaanisha umeunganishwa katika TLS nyingi za wazi, kuna uwezekano unapoteza kumbukumbu nyingi katika vifaa vya kuhifadhi data vya ndani vya OpenSSL' (38KB+ kwa kila socket). Tumerekebisha OpenSSL katika release unused buffer memory more aggressively. Kama utasasisha katika OpenSSL 1.0.0 au mpya, kitendo cha kuunda Tor mojakwamoja yenyewe itatambua na kutumia tabia hii.
  • Ikiwa bado huwezi kumudu kumbukumbu za kiwango cha data, kumbuka kupunguza kiwango cha data ambacho relay yako imekitangaza. Kutangaza kiwango kidogo cha usafirishaji wa data inawavutia watumiaji wachache, kwahiyo relay yako haitakuwa sana. Angalia chaguo laMaxAdvertisedBandwidth katika kurasa kuu.

Yote haya yalisemwa, relays ya Tor yenye kasi hutumia kumbukumbu nyingi sana. Si jambo la kawaida kwa exit relay ya haraka kutumia MB 500-1000 ya kumbukumbu.

Kiuhalisia sakiti zilizofungulia zimeorodhesha hapa chini lakini weka akilini mwako, Sakiti yeyote au nyingi zinaweza kufunguliwa na muendeshaji wa relay kwa kuzisanidi katika torrc au kuboresha chanzo cha msimbo. Katika asili yake kulingana na src/or/policies.c (line 85 and line 1901) Kutoka katika vyanzo vya msimbo vilivyotolewa release-0.4.6:

reject 0.0.0.0/8
reject 169.254.0.0/16
reject 127.0.0.0/8
reject 192.168.0.0/16
reject 10.0.0.0/8
reject 172.16.0.0/12

reject *:25
reject *:119
reject *:135-139
reject *:445
reject *:563
reject *:1214
reject *:4661-4666
reject *:6346-6429
reject *:6699
reject *:6881-6999
accept *:*

Ikiwa relay yako ni mpya kwa kiwango fulani, basi ipatie muda. Tor inachagua relays inavyoona inafaa kwa kutumia mbinu za utafiti wa kisayansi kulingana na ripoti kutoka kwa Mamlaka za kiwago cha data inayosafirishwa. Mamlaka hizi hufanya vipimo vya uwezo wa relay yako na, kwa muda, huongoza usafirishaji wa data zaidi hapo hadi inapofikia kiwango bora. kipindi cha mzunguko wa relay mpya umeelezwa kwa undani zaidi katika chapisho hili la blogi. kama umekua ukiendesha relay kwa mda na bado una suala linatatiza jaribu kuulizia kwa tor-relay list.

Vigezo vilivyowekwa katika AccountingMax na BandwidthRate hutumika kwa kazi za watumiaji na utendaji wa relay katika mfumo wa Tor. Kwa hiyo unaweza kugundua kuwa huwezi kuvinjari mara tu Tor yako inapoingia katika hali ya kupumzika, iliyosainiwa na ingizo hili la kumbukumbu:

Bandwidth soft limit reached; commencing hibernation.
No new connections will be accepted

suluhisho ni kuendesha michakato miwili ya Tor - relay moja na mtumiaji mmoja, kila moja kwa usanidi wake. Njia moja ya kufanya hivyo (ikiwa umeanza kutoka katika mpangilio unafanya kazi wa relay) ni kama ifuatavyo:

  • Katika faili la relay Tor torrc, weka tu SocksPort kuwa 0.
  • Tengenza faili jipya la mtumiaji la torrc.chagua na hakikisha inatumia kumbukumbu ya faili tofauti kutoka katika relay. Mkataba mmoja wa kutaja unaweza kuwa torrc.client na torrc.relay.
  • Boresha mtumiaji wa Tor na relay maandishi ya kuanza ikijumuisha -f /path/to/correct/torrc.
  • Katika Linux/BSD/Mac OS X, badilisha maandishi ya kuanza katika Tor.client na Tor.relay inaweza kurahisisha utenganishaji wa usanidi.

Kama utaruhusu mawasiliano ya exit, baadhi ya huduma ambazo watu wamejiunganisha kwenye relay yako watajuinganisha tena kukusanya taaria zaidi kuhusu wewe. Kwa mfano, baadhi ya seva za IRC itajiunganisha tena kwenye port ambayo mtumiaji amejiunganisha. (Hii haifanyi kazi kwa ufasaha, kwa sababu Tor haijui taarifa hii, lakini wanajaribu ). Pia watumiaji wanaotoka kwako wanaweza kuwavutia watumiaji wengine kwenye seva ya IRC, tovuti na kadhalika. Nani anataka kujua zaidi kuhusu mwendeshaji anayesambaza.

Sababu nyingine ni kuwa makundi ambayo huskan proxy kwenye mtandao yamejifunza hayo muda mwingine relay za Tor hufichua port za soksi zao duniani. Tunapendekeza ufunge port za soksi zako kwenye mitandao ya ndani tu.

Katika hili, unatakiwa kuendelea kuimarisha ulinzi wako. Tazama makala hii kwenye ulinzi kwa ajili ya Tor relay kwa mapendekezo zaidi.

Tunatafuta watu wenye uunganisho wa mtandao wa intaneti ambao ni wa kuaminika kwa kiwango cha wastani na angalau wana upana wa usafirishaji wa data wa Mbit/s 10 kila upande. Ikiwa wewe ni mmoja wao, tafadhali fikiria kuanzisha kituo cha running a Tor relay.

Hata kama hauna angalau 10mbit/sya kiwango cha data inayopatikana bado unweza kusaidia mtandao wa Tor kwa kuendesha Tor bridge with obfs4 support. kwa hilo suala, bado unatakiwa kuwa na angalau 1MBit/s ya kiwango cha data inayopatikana.

Angalia portforward.com katika uelekeo wa jinsi gani ya post forwad katika kifaacha chako cha NAT/router.

Ikiwa unatumia relay yako katika mtandao wa ndani, unahitaji kupangilia port forwarding. Forwarding TCP connections ni mfumo tegemezei lakini firewalled-clients FAQ ingizo linatoa baadhi ya mifano jinsi ya kufanya hivi.

Pia, hapa ni mfano wa jinsi gani utapaswa kufanya hivi katika GNU/Linux ikiwa unatumia iptables:

/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 9001 -j ACCEPT

Unawweza kubadilisha "eth0" ikiwa una kiunganishi tofauti cha nje (moja ambayo imeunganishwa kwenye mtandao). Nafasi unayo moja tu (isipokuwa kitanzi) kwahiyo haipaswi kuwa ngumu sana kuibaini.

Kubwa zaidi, ndiyo sababu tulitekeleza sera ya kuondoka.

Kila Tor relay ina sera ya kutoka ambayo inabainisha aina gani ya muunganiko wa nje unaruhusiwa au unakataliwa kutoka kwenye hiyo relay. Sera za kutoka zinaenezwa kwa watumiaji wa Tor kupitia saraka, hivyo mtumiaji atapaswa kuepuka kuchagua relays za kutoka kiotomatiki ambazo zitakataa kutoka katika lengo lao. Kwa njia hii kila relay inaamua huduma, mmiliki, na mtandao inaoutaka ili kuruhusu muunganiko, kulingana na uwezekano wa unyanyasaji na hali yake mwenyewe. Soma Ingizo la msaada kwenye masuala unayoweza kukutana nayo] ikiwa unatumia sera za kutoka za kawaida, na pia soma Mike Perry's vidokezo vya kutumia exit node kwa unyanyasaji kidogo.

Sera za kawaida za kutoka zinaruhusu kufikiwa kwa huduma nyingi zinazojulikana (mfano kuvinjari tovuti), lakini zinazuia baadhi kutokana na uwezekano wa matumizi mabaya (kwa mfano barua pepe) na zingine kwani mtandao wa Tor hauwezi kushughulikia mzigo (kwa mfano sakiti za kusambaza mafaili kwa njia ya kawaida). Unaweza kubadilisha sera yako ya kutoka kwa kuhariri faili lako la torrc. Ikiwa unataka kuepuka zaidi kukiwa hakuna uwezekano wowote wa unyanyasaji, pangilia iwe "reject *:*". Mpangilio huu unamaanisha kuwa relay yako itatumika kwa relaying ya kusafirisha data ndani ya mtandao wa Tor, lakini sio kwa mawasiliano ya tovuti za nje au kwa huduma zingine.

Ikiwa hutaruhusu mawasiliano yeyote ya kutoka, hakikisha azimo la jina linafanya kazi (hii ni, kompyuta yako inaweza kutatua anwani za mtandao kwa usahihi). Kama kuna vyanzo vyovyote ambao komputa haiwezi kuvifikia (kwa mfano, upo nyuma ya programu za ulinzi zilizozuiliwa au maudhui yaliyo chujwa), tafadhali wazikatae katikasera yako ya kutoka vinginevyo watumiaji wa Tor wataathiriwa pia.