[tor-commits] [tor/master] Adding section on OpenBSD to doc/TUNING

Tue Jan 27 17:42:23 UTC 2015

commit d7ac4d913019345884c548dfd05f8bdffcee9d16
Author: rl1987 <rl1987 at sdf.lonestar.org>
Date:   Fri Nov 14 23:07:35 2014 +0200

    Adding section on OpenBSD to doc/TUNING
---
 changes/doc13702 |    4 ++++
 doc/TUNING       |   60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)

diff --git a/changes/doc13702 b/changes/doc13702
new file mode 100644
index 0000000..917dca3
--- /dev/null
+++ b/changes/doc13702
@@ -0,0 +1,4 @@
+  o Documentation:
+    - Adding section on OpenBSD to our TUNING document. Thanks to
+      mmcc for writing the OpenBSD-specific tips. Resolves ticket
+      13702.
diff --git a/doc/TUNING b/doc/TUNING
index a4bf386..90bd120 100644
--- a/doc/TUNING
+++ b/doc/TUNING
@@ -35,6 +35,66 @@ when it launches tor service (see launchd.plist(5) manpage). Also,
 kern.ipc.maxsockets is determined dynamically by the system and thus is 
 read-only on OS X.
 
+OpenBSD
+-------
+
+For recent versions of OpenBSD (5.5 and 5.6, and probably older releases
+as well), the maximum number of file descriptors that can be opened is
+7030:
+
+http://unix.stackexchange.com/questions/104929/does-openbsd-have-a-limit-to-the-number-of-file-descriptors/104948#104948
+
+The maximum number of file descriptors that an OpenBSD machine can have
+open is stored in the sysctl variable kern.maxfiles. This value defaults
+to 7030 - to verify this, run sysctl kern.maxfiles.
+
+To immediately change a running system's file descriptor limit to, for
+example, 20,000 files, run sudo sysctl kern.maxfiles=20000. All sysctl
+variables are reset upon reboot using defaults and /etc/sysctl.conf, so
+to make your change permanent you must add the line kern.maxfiles=20000
+to /etc/sysctl.conf.
+
+One can also change a maximum number of allowed file descriptors for Tor
+daemon alone by editing /etc/rc.d/tor and adding the following lines:
+
+tor:\
+        :openfiles-max=8192:\
+        :tc=daemon:
+
+However, there are stricter limits set on users. This is a security
+feature intended to prevent one user from choking out others by opening
+all possible file descriptors.
+
+The stricter limits are set in /etc/login.conf. This config file sets
+resource access rules for user classes. You should be running
+Tor as a non-privileged daemon user '_tor', which belongs to the 'daemon'
+class. It will therefore be subject to the 'default' and 'daemon' rules.
+There are two relevant rules: openfiles-cur and openfiles-max. The prior
+is the initial limit upon login - the soft limit. The latter is the maximum
+limit that can be set using 'ulimit -n' or setrlimit() without editing
+/etc/login.conf and rebooting. This is known as the hard limit.
+
+Without editing /etc/login.conf, daemon-owned processes have
+soft limit of 512 open files and a hard limit of 1024 open files.
+Tor can increase the soft limit as needed, so you will therefore
+eventually get warnings about running out of available file descriptors
+once Tor reaches ~1024 open files.
+
+To increase the hard limit, add the following line to the daemon class
+rules in /etc/login.conf:
+
+tor:\
+        :openfiles-max=8192:\
+        :tc=daemon:
+
+Upon restarting the machine, Tor will be able to open up to 6500 file
+descriptors.
+
+Be aware that, by doing this, you are bypassing a security and stability
+feature of the OS. If you are running your relay on a weak or old system,
+watch your system load to ensure that it can handle this many open files.
+Also, Tor may interfere with any other programs that open many files.
+
 Disclaimer
 ----------
 



