From aa4f773670e79bc78ed68de3b4c05e7d5afadea0 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Sun, 1 Feb 2015 19:52:54 +0200 Subject: [PATCH] Updating OpenBSD section of doc/TUNING. --- doc/TUNING | 71 +++++++++++++++++++----------------------------------- 1 file changed, 25 insertions(+), 46 deletions(-) diff --git a/doc/TUNING b/doc/TUNING index 90bd120aa1..24552a38cb 100644 --- a/doc/TUNING +++ b/doc/TUNING @@ -38,62 +38,41 @@ read-only on OS X. OpenBSD ------- -For recent versions of OpenBSD (5.5 and 5.6, and probably older releases -as well), the maximum number of file descriptors that can be opened is -7030: +Because OpenBSD is primarily focused on security and stability, it uses default +resource limits stricter than those of more popular Unix-like operating systems. -http://unix.stackexchange.com/questions/104929/does-openbsd-have-a-limit-to-the-number-of-file-descriptors/104948#104948 +OpenBSD stores a kernel-level file descriptor limit in the sysctl variable +kern.maxfiles. It defaults to 7,030. To change it to, for example, 16,000 while +the system is running, use the command 'sudo sysctl kern.maxfiles=16000'. +kern.maxfiles will reset to the default value upon system reboot unless you also +add 'kern.maxfiles=16000' to the file /etc/sysctl.conf. -The maximum number of file descriptors that an OpenBSD machine can have -open is stored in the sysctl variable kern.maxfiles. This value defaults -to 7030 - to verify this, run sysctl kern.maxfiles. +There are stricter resource limits set on user classes, which are stored in +/etc/login.conf. This config file also allows limit sets for daemons started +with scripts in the /etc/rc.d directory, which presumably includes Tor. -To immediately change a running system's file descriptor limit to, for -example, 20,000 files, run sudo sysctl kern.maxfiles=20000. All sysctl -variables are reset upon reboot using defaults and /etc/sysctl.conf, so -to make your change permanent you must add the line kern.maxfiles=20000 -to /etc/sysctl.conf. - -One can also change a maximum number of allowed file descriptors for Tor -daemon alone by editing /etc/rc.d/tor and adding the following lines: +To increase the file descriptor limit from its default of 1,024, add the +following to /etc/login.conf: tor:\ - :openfiles-max=8192:\ - :tc=daemon: + :openfiles-max=13500:\ + :tc=daemon: -However, there are stricter limits set on users. This is a security -feature intended to prevent one user from choking out others by opening -all possible file descriptors. +Upon restarting Tor, it will be able to open up to 13,500 file descriptors. -The stricter limits are set in /etc/login.conf. This config file sets -resource access rules for user classes. You should be running -Tor as a non-privileged daemon user '_tor', which belongs to the 'daemon' -class. It will therefore be subject to the 'default' and 'daemon' rules. -There are two relevant rules: openfiles-cur and openfiles-max. The prior -is the initial limit upon login - the soft limit. The latter is the maximum -limit that can be set using 'ulimit -n' or setrlimit() without editing -/etc/login.conf and rebooting. This is known as the hard limit. +This will work *only* if you are starting Tor with the script /etc/rc.d/tor. If +you're using a custom build instead of the package, you can easily copy the rc.d +script from the Tor port directory. Alternatively, you can ensure that the Tor's +daemon user has its own user class and make a /etc/login.conf entry for it. -Without editing /etc/login.conf, daemon-owned processes have -soft limit of 512 open files and a hard limit of 1024 open files. -Tor can increase the soft limit as needed, so you will therefore -eventually get warnings about running out of available file descriptors -once Tor reaches ~1024 open files. +High-bandwidth relays sometimes give the syslog warning: -To increase the hard limit, add the following line to the daemon class -rules in /etc/login.conf: +/bsd: WARNING: mclpools limit reached; increase kern.maxclusters -tor:\ - :openfiles-max=8192:\ - :tc=daemon: - -Upon restarting the machine, Tor will be able to open up to 6500 file -descriptors. - -Be aware that, by doing this, you are bypassing a security and stability -feature of the OS. If you are running your relay on a weak or old system, -watch your system load to ensure that it can handle this many open files. -Also, Tor may interfere with any other programs that open many files. +In this case, increase kern.maxclusters with the sysctl command and in the file +/etc/sysctl.conf, as described with kern.maxfiles above. Use 'sysctl +kern.maxclusters' to query the current value. Increasing by about 15% per day +until the error no longer appears is a good guideline. Disclaimer ----------