[Tor-BSD] kernel: ... was killed: out of swap space

George Rosamond george at ceetonetechnology.com
Mon Feb 19 15:30:00 EST 2018


teor:
> 
>> On 20 Feb 2018, at 05:51, George Rosamond <george at ceetonetechnology.com> wrote:
>>
>> But the best route would be to update security/tor to 0.3.2.9.  I
>> *think* it deals with the DDOS'g you're experiencing.
> 
> Unfortunately, 0.3.2.9 does not have the DDoS feature.
> Please wait for the 0.3.2.10 release, which should be out soon.

Cool.

> 
> In the meantime, please try adjusting:
> 
> MaxMemInQueues 1 GB # Or half your free RAM
> 

Changing MaxMemInQues had no effect for my FreeBSD relay.

> And please disable CellStatistics and ConnDirectionStatistics.
> 

CellStatistics off did but note it's not on by default.

> We could give you better advice if you posted your machine specs
> and torrc.

Definitely.  I clearly made some sweeping assumptions in terms of diagnosis.

> 
>> I can say that the current security/tor-devel (0.3.3.2) does deal with
>> it, and I see a good number of messages like:
>>
>> Feb 19 18:44:21.000 [notice] {HEARTBEAT} DoS mitigation since startup:
>> 1083 circuits rejected, 6 marked addresses. 59073 connections closed.
>> 1330 single hop clients refused.
> 
> The combination of DDoS defence and turning off statistics dropped my
> (Linux) relay RAM usage from 6-10 GB to about 1 GB.

I never had any issues with the OpenBSD relays, but with FreeBSD I had
to cron restarting tor every 15 hours or so.

The TorBSD wiki page I posted has some mitigations, but none seemed
effective.  It's good newer versions of Tor are dealing, but mitigating
further from the node is also good, like limiting tcp states via network
firewall, etc.

g



More information about the Tor-BSD mailing list