[tor-bugs] #13702 [Tor]: Adding OpenBSD to doc/TUNING

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#13702: Adding OpenBSD to doc/TUNING
-----------------------------------------+---------------------------------
 Reporter:  mmcc                         |          Owner:
     Type:  enhancement                  |         Status:  new
 Priority:  normal                       |      Milestone:
Component:  Tor                          |        Version:  Tor:
 Keywords:  OpenBSD, tuning, doc/TUNING  |  unspecified
Parent ID:                               |  Actual Points:
                                         |         Points:
-----------------------------------------+---------------------------------
 As described in the below draft, OpenBSD is a little more persnickety
 about maximum file descriptor counts than most OSs. It's also the most-
 used Unix OS not listed in doc/TUNING thus far, so it makes sense to
 include it.

 I wrote the below section, which turned out to be a little long. Please
 let me know what you think of it; I'd be fine cutting much of it out or
 doing a total rewrite if that's the best option.
 -------



 OpenBSD
 -------

 For recent versions of OpenBSD (5.5 and 5.6, and probably older releases
 as well), the maximum number of file descriptors that can be opened is
 7030:

 http://unix.stackexchange.com/questions/104929/does-openbsd-have-a-limit-
 to-the-number-of-file-descriptors/104948#104948

 This limit is kernel-level. To change it, you would have to modify the
 relevant constants and recompile the kernel.

 However, there are stricter limits set on users. This is a security
 feature intended to prevent one user from choking out others by opening
 all possible file descriptors.

 The stricter limits are set in /etc/login.conf. This config file sets
 resource access rules for user classes. You should be running
 Tor as a non-privileged daemon user '_tor', which belongs to the 'daemon'
 class. It will therefore be subject to the 'default' and 'daemon' rules.
 There are two relevant rules: openfiles-cur and openfiles-max. The prior
 is the initial limit upon login - the soft limit. The latter is the
 maximum limit
 that can be set using 'ulimit -n' or setrlimit() without editing
 /etc/login.conf and
 rebooting. This is known as the hard limit.

 Without editing /etc/login.conf, daemon-owned processes have a
 soft limit of 512 open files and a hard limit
 of 1024 open files. Tor can increase the soft limit as needed, so
 you will therefore eventually get warnings about running
 out of available file descriptors once Tor reaches ~1024 open files.

 To increase the hard limit, add the following line to the daemon class
 rules in /etc/login.conf:

     :openfiles-max=6500:\

 Upon restarting the machine, Tor will be able to open up to 6500 file
 descriptors.

 Be aware that, by doing this, you are bypassing a security and stability
 feature of the OS. If you are running your relay on a weak or old system,
 watch
 your system load to ensure that it can handle this many open files.
 Also, Tor may interfere with any other programs that open many files.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13702>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs