[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets
From: Christian Pietsch <christian.pietsch@xxxxxxxxxxxxxxxxx>
Date: Fri, 5 Aug 2016 17:40:52 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 05 Aug 2016 11:41:43 -0400
In-reply-to: <CAKkV4FEaf-prP2Y_8W9N4ZrdbjWRrE7pZ7f9JRxSKmG_puhDYg@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Organization: Digitalcourage e.V. (formerly FoeBuD e.V.)
References: <CAKkV4FFRTJ5bXJOawYtBVJrTXrdQU3gVNEiEJbCuxNr8=pLmEg@mail.gmail.com> <CAAd2PDJ71mrSacG6S9WmaAW_cNh54ebuLav7mnd=1Urxm3aTWQ@mail.gmail.com> <CAKkV4FEaf-prP2Y_8W9N4ZrdbjWRrE7pZ7f9JRxSKmG_puhDYg@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

The exit relay we (Digitalcourage) run gets this warning a lot, but it started only recently. I guess it is related to the DDoS attacks (syn flood) we get lately.

Debian seems to set /proc/sys/net/ipv4/tcp_max_orphans automatically so that up to a quarter of the installed amount of RAM is used for this.
(“Let me remind you again: each orphan eats up to 64K of unswappable memory” – https://serverfault.com/questions/624911/what-does-tcp-too-many-orphaned-sockets-mean)

So 262,144 value in Torservers' config will eat up to 16 GiB. I am not sure if overriding Debian's setting is a good idea. Any advice? Is this warning more than an annoyance?

Cheers,
Christian

On Mon, Aug 01, 2016 at 09:12:12PM -0500, Tristan wrote:
> My default setting was 2048. I changed it to 200,000 for now. I haven't
> really played with sysctl at all. The only change I've ever made in there
> was for swappiness.
> 
> On Mon, Aug 1, 2016 at 8:04 PM, Green Dream <greendream848@xxxxxxxxx> wrote:
> 
> > It's related to /proc/sys/net/ipv4/tcp_max_orphans
> >
> > "Maximal number of TCP sockets not attached to any user file handle, held
> > by system. If this number is exceeded orphaned connections are reset
> > immediately and warning is printed."
> >
> > So, I'd start by checking the value of tcp_max_orphans (with "cat
> > /proc/sys/net/ipv4/tcp_max_orphans"). The widely distributed sysctl.conf
> > tweaks for Linux relays suggests a value of 262144. I think the default in
> > many distros may be 4096, perhaps too low for an Exit.
> >
> > Some references:
> >
> >
> > https://serverfault.com/questions/624911/what-does-tcp-too-many-orphaned-sockets-mean
> >
> > https://raw.githubusercontent.com/torservers/server-config-templates/master/sysctl.conf
> >
> > If you need help making the sysctl tweaks let me know.
> >
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays@xxxxxxxxxxxxxxxxxxxx
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> >
> 
> 

-- 
  Digitalcourage e.V., Marktstr. 18, D-33602 Bielefeld, Germany
  Tel: +49-521-1639 1639 | Fax: +49-521-61172 | mail@xxxxxxxxxxxxxxxxx
  https://digitalcourage.de | https://bigbrotherawards.de

Vorratsdatenspeicherung? Nicht schon wieder! Unterstützen Sie
unsere Verfassungsbeschwerde: https://digitalcourage.de/weg-mit-vds

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets
  - From: Tristan

References:
- [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets
  - From: Tristan
- Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets
  - From: Green Dream
- Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets
  - From: Tristan

Prev by Author: [tor-relays] A question about transfer - any advice?
Next by Author: Re: [tor-relays] Got a visit from the police this morning..
Previous by thread: Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets
Next by thread: Re: [tor-relays] Syslog: Kernel TCP: Too many orphaned sockets
Index(es):
- Author
- Thread