sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adding section on OpenBSD to doc/TUNING

This commit is contained in:
rl1987 2014-11-14 23:07:35 +02:00 committed by Nick Mathewson
parent ab08d8c4f7
commit d7ac4d9130
2 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/doc13702 Normal file
View File

@ -0,0 +1,4 @@
o Documentation:
- Adding section on OpenBSD to our TUNING document. Thanks to
mmcc for writing the OpenBSD-specific tips. Resolves ticket
13702.

60
doc/TUNING
View File

@ -35,6 +35,66 @@ when it launches tor service (see launchd.plist(5) manpage). Also,
kern.ipc.maxsockets is determined dynamically by the system and thus is
read-only on OS X.
OpenBSD
-------
For recent versions of OpenBSD (5.5 and 5.6, and probably older releases
as well), the maximum number of file descriptors that can be opened is
7030:
http://unix.stackexchange.com/questions/104929/does-openbsd-have-a-limit-to-the-number-of-file-descriptors/104948#104948
The maximum number of file descriptors that an OpenBSD machine can have
open is stored in the sysctl variable kern.maxfiles. This value defaults
to 7030 - to verify this, run sysctl kern.maxfiles.
To immediately change a running system's file descriptor limit to, for
example, 20,000 files, run sudo sysctl kern.maxfiles=20000. All sysctl
variables are reset upon reboot using defaults and /etc/sysctl.conf, so
to make your change permanent you must add the line kern.maxfiles=20000
to /etc/sysctl.conf.
One can also change a maximum number of allowed file descriptors for Tor
daemon alone by editing /etc/rc.d/tor and adding the following lines:
tor:\
:openfiles-max=8192:\
:tc=daemon:
However, there are stricter limits set on users. This is a security
feature intended to prevent one user from choking out others by opening
all possible file descriptors.
The stricter limits are set in /etc/login.conf. This config file sets
resource access rules for user classes. You should be running
Tor as a non-privileged daemon user '_tor', which belongs to the 'daemon'
class. It will therefore be subject to the 'default' and 'daemon' rules.
There are two relevant rules: openfiles-cur and openfiles-max. The prior
is the initial limit upon login - the soft limit. The latter is the maximum
limit that can be set using 'ulimit -n' or setrlimit() without editing
/etc/login.conf and rebooting. This is known as the hard limit.
Without editing /etc/login.conf, daemon-owned processes have
soft limit of 512 open files and a hard limit of 1024 open files.
Tor can increase the soft limit as needed, so you will therefore
eventually get warnings about running out of available file descriptors
once Tor reaches ~1024 open files.
To increase the hard limit, add the following line to the daemon class
rules in /etc/login.conf:
tor:\
:openfiles-max=8192:\
:tc=daemon:
Upon restarting the machine, Tor will be able to open up to 6500 file
descriptors.
Be aware that, by doing this, you are bypassing a security and stability
feature of the OS. If you are running your relay on a weak or old system,
watch your system load to ensure that it can handle this many open files.
Also, Tor may interfere with any other programs that open many files.
Disclaimer
----------