Syslog: Kernel TCP: Too many orphaned sockets
I looked at my exit relay's syslog for no specific reason, and saw that it was flooded with the following message: kernel: [1736405.162223] TCP: too many orphaned sockets These messages occur multiple times per second, but they only flood the log every couple of hours. What is this, and what does it mean? -- Finding information, passing it along. ~SuperSluether
It's related to /proc/sys/net/ipv4/tcp_max_orphans "Maximal number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning is printed." So, I'd start by checking the value of tcp_max_orphans (with "cat /proc/sys/net/ipv4/tcp_max_orphans"). The widely distributed sysctl.conf tweaks for Linux relays suggests a value of 262144. I think the default in many distros may be 4096, perhaps too low for an Exit. Some references: https://serverfault.com/questions/624911/what-does-tcp-too-many-orphaned-soc... https://raw.githubusercontent.com/torservers/server-config-templates/master/... If you need help making the sysctl tweaks let me know.
My default setting was 2048. I changed it to 200,000 for now. I haven't really played with sysctl at all. The only change I've ever made in there was for swappiness. On Mon, Aug 1, 2016 at 8:04 PM, Green Dream <greendream848@gmail.com> wrote:
It's related to /proc/sys/net/ipv4/tcp_max_orphans
"Maximal number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning is printed."
So, I'd start by checking the value of tcp_max_orphans (with "cat /proc/sys/net/ipv4/tcp_max_orphans"). The widely distributed sysctl.conf tweaks for Linux relays suggests a value of 262144. I think the default in many distros may be 4096, perhaps too low for an Exit.
Some references:
https://serverfault.com/questions/624911/what-does-tcp-too-many-orphaned-soc...
https://raw.githubusercontent.com/torservers/server-config-templates/master/...
If you need help making the sysctl tweaks let me know.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Finding information, passing it along. ~SuperSluether
The exit relay we (Digitalcourage) run gets this warning a lot, but it started only recently. I guess it is related to the DDoS attacks (syn flood) we get lately. Debian seems to set /proc/sys/net/ipv4/tcp_max_orphans automatically so that up to a quarter of the installed amount of RAM is used for this. (“Let me remind you again: each orphan eats up to 64K of unswappable memory” – https://serverfault.com/questions/624911/what-does-tcp-too-many-orphaned-soc...) So 262,144 value in Torservers' config will eat up to 16 GiB. I am not sure if overriding Debian's setting is a good idea. Any advice? Is this warning more than an annoyance? Cheers, Christian On Mon, Aug 01, 2016 at 09:12:12PM -0500, Tristan wrote:
My default setting was 2048. I changed it to 200,000 for now. I haven't really played with sysctl at all. The only change I've ever made in there was for swappiness.
On Mon, Aug 1, 2016 at 8:04 PM, Green Dream <greendream848@gmail.com> wrote:
It's related to /proc/sys/net/ipv4/tcp_max_orphans
"Maximal number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning is printed."
So, I'd start by checking the value of tcp_max_orphans (with "cat /proc/sys/net/ipv4/tcp_max_orphans"). The widely distributed sysctl.conf tweaks for Linux relays suggests a value of 262144. I think the default in many distros may be 4096, perhaps too low for an Exit.
Some references:
https://serverfault.com/questions/624911/what-does-tcp-too-many-orphaned-soc...
https://raw.githubusercontent.com/torservers/server-config-templates/master/...
If you need help making the sysctl tweaks let me know.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Digitalcourage e.V., Marktstr. 18, D-33602 Bielefeld, Germany Tel: +49-521-1639 1639 | Fax: +49-521-61172 | mail@digitalcourage.de https://digitalcourage.de | https://bigbrotherawards.de Vorratsdatenspeicherung? Nicht schon wieder! Unterstützen Sie unsere Verfassungsbeschwerde: https://digitalcourage.de/weg-mit-vds
Well, since changing the setting from 2048 to 200,000, my exit is still running fine, and I'm not seeing a drastic increase in RAM usage. You said each orphan can use up to 64K of memory. Maybe "up to" is the magic phrase? On Aug 5, 2016 10:42 AM, "Christian Pietsch" < christian.pietsch@digitalcourage.de> wrote:
The exit relay we (Digitalcourage) run gets this warning a lot, but it started only recently. I guess it is related to the DDoS attacks (syn flood) we get lately.
Debian seems to set /proc/sys/net/ipv4/tcp_max_orphans automatically so that up to a quarter of the installed amount of RAM is used for this. (“Let me remind you again: each orphan eats up to 64K of unswappable memory” – https://serverfault.com/questions/624911/what-does- tcp-too-many-orphaned-sockets-mean)
So 262,144 value in Torservers' config will eat up to 16 GiB. I am not sure if overriding Debian's setting is a good idea. Any advice? Is this warning more than an annoyance?
Cheers, Christian
On Mon, Aug 01, 2016 at 09:12:12PM -0500, Tristan wrote:
My default setting was 2048. I changed it to 200,000 for now. I haven't really played with sysctl at all. The only change I've ever made in there was for swappiness.
On Mon, Aug 1, 2016 at 8:04 PM, Green Dream <greendream848@gmail.com> wrote:
It's related to /proc/sys/net/ipv4/tcp_max_orphans
"Maximal number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning is printed."
So, I'd start by checking the value of tcp_max_orphans (with "cat /proc/sys/net/ipv4/tcp_max_orphans"). The widely distributed sysctl.conf tweaks for Linux relays suggests a value of 262144. I think the default in many distros may be 4096, perhaps too low for an Exit.
Some references:
https://serverfault.com/questions/624911/what-does- tcp-too-many-orphaned-sockets-mean
https://raw.githubusercontent.com/torservers/server-config- templates/master/sysctl.conf
If you need help making the sysctl tweaks let me know.
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Digitalcourage e.V., Marktstr. 18, D-33602 Bielefeld, Germany Tel: +49-521-1639 1639 | Fax: +49-521-61172 | mail@digitalcourage.de https://digitalcourage.de | https://bigbrotherawards.de
Vorratsdatenspeicherung? Nicht schon wieder! Unterstützen Sie unsere Verfassungsbeschwerde: https://digitalcourage.de/weg-mit-vds
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (3)
-
Christian Pietsch -
Green Dream -
Tristan