Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets

Subject: Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets

From: Tristan <supersluether@xxxxxxxxx>

Date: Mon, 1 Aug 2016 21:12:12 -0500

Delivery-date: Mon, 01 Aug 2016 22:13:59 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=H2UcWqcNoyl4qyuoKvudf25spbmWPVfnnogfH1alT/I=; b=aNogP9L1kCbYYZWrQgcwWRx8j+lGifjkuavfJYn3NYT4Z+jIhzVCwTcV1wNzsZREyU w3oo79h2aPcRZPjhDDFmLgSF49laoMktVenQpHRCK2GUbhBRJSUpNvHzMzC3nvEadcda jEtefMeqN3tz1srgbUXAek2jzaAGJrJt7cUXAco0bEywkQqx804PoUkYt0x/F8jWAUem Be1pp33ct0Ct3RAYg1xZUga39wzdG/ou3kcD2JzbcNNUh9zehvJnB1Y71YLTvDdOhNB/ v8hcnqX5atG6uvsk0LLNmd/riATzAtBPF6JLHDDUbVKD237NZ0NfIwyDpD9rnnMujAvx cSew==

In-reply-to: <CAAd2PDJ71mrSacG6S9WmaAW_cNh54ebuLav7mnd=1Urxm3aTWQ@mail.gmail.com>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <CAKkV4FFRTJ5bXJOawYtBVJrTXrdQU3gVNEiEJbCuxNr8=pLmEg@mail.gmail.com> <CAAd2PDJ71mrSacG6S9WmaAW_cNh54ebuLav7mnd=1Urxm3aTWQ@mail.gmail.com>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

My default setting was 2048. I changed it to 200,000 for now. I haven't really played with sysctl at all. The only change I've ever made in there was for swappiness.

On Mon, Aug 1, 2016 at 8:04 PM, Green Dream <greendream848@xxxxxxxxx> wrote:

It's related to /proc/sys/net/ipv4/tcp_max_orphans

"Maximal number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning is printed."

So, I'd start by checking the value of tcp_max_orphans (with "cat /proc/sys/net/ipv4/tcp_max_orphans"). The widely distributed sysctl.conf tweaks for Linux relays suggests a value of 262144. I think the default in many distros may be 4096, perhaps too low for an Exit.

Some references:

https://serverfault.com/questions/624911/what-does-tcp-too-many-orphaned-sockets-mean
https://raw.githubusercontent.com/torservers/server-config-templates/master/sysctl.conf

If you need help making the sysctl tweaks let me know.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Finding information, passing it along. ～SuperSluether

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays