[tor-dev] OpenBSD in doc/TUNING

Tue Nov 4 17:25:18 UTC 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I think it would be a good idea to add OpenBSD to doc/TUNING because
its file descriptor limits are a little confusing, and because
promoting OpenBSD relays benefits the Tor network's security.

By default, OpenBSD limits the total number of file descriptors to
7030. This can be changed only by recompiling the kernel:

http://unix.stackexchange.com/questions/104929/does-openbsd-have-a-limit-to-the-number-of-file-descriptors

However, stricter limits are set in /etc/login.conf so that a single
user cannot open all available file descriptors, preventing others
from opening files. In this config file, openfiles-cur is the max upon
login, and openfiles-max is the highest limit that can be set (even
using ulimit -n) without changing /etc/login.conf and restarting.

The _tor user is in the daemon class, at least on my install. You can
check using 'userinfo _tor'. This means that the daemon class rules in
/etc/login.conf also apply to Tor.

See 'man login.conf' and Absolute OpenBSD (2nd Ed.) for more info.

If I recall correctly, my OpenBSD relay maxed out at 1024 before I
changed /etc/login.conf. This agrees with what I'm seeing in
contrib/dist/tor.sh.in, and (again, IIRC) also happened to be the
openfiles-max value.

It's worth noting that contrib/dist/tor.sh.in only checks for the
maximum file descriptor count in /proc/sys/fs/file-max (lines 53-65 on
the master branch), which doesn't exist in OpenBSD, so Tor will
probably default to 1024 regardless of what openfiles-max is.

I'm still a beginner, so let me know if I made any mistakes. Also, let
me know if I should send this to the relays list as well.

I can write up a short draft paragraph if people think this is
accurate and worthwhile. Help is welcome.

Libertas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUWQv+AAoJELxHvGCsI27NXvAP/i5Q0wWuSY7d+DUqJfdddju1
FoEf27qtLV6ze8WscWQgCHciTTdXDkW43OVptcTbuwJ9TOYMPPhtF/6ENgizxoin
37I1lVlm5sZ926UKRwkOapc4keJ910gpcePZJ9vgbCSNJhRO7tg4BKdhLJfeRY0f
CaEFTB6bHigqfGAWeQjzDfGZ3LifawrdoN1tTDXpqpRH9tNhcAD+pvepP4Pze3xm
lVUcQmD/Dn4rpQTS7IrNkR66WtR/NJ2xc8JSXrX/81hKT+SbNGmCjTxIc7uWrI0S
aTrI9oAeQtJ4LRrlaZBzc1C1JbkW6xB5oNjtR6JEtK536/9nmzrRmZNGeKOtpGrk
rIEwJjwrv5sNYRhul8Hl6ngrjIzwQLmZR+aNda0USEaRLpfUBYiFg9rqxTPLMU3Q
VOo3Hf08zQTXCddcizs19Q1km67scJ5PkgSdkm8qS06H19uQEXXKcHOtUstNxGrY
GxWAD5RIm/53QIYurNJW4UctwvzCuanviHTkWCDn0dwV42HvUUfJCgOnmkuf9n1+
ZMxxT1F49WV4pBEPEVp4cRN9NPqkfMMMtKLCtM6WxoJNXdkIyQz46D9ZNahaHFOh
TuehsBW29GT/w9FW1APKeMleq+eV9lpZb2GbWXrjnFr7MRuCJZVCz5wzr11hnept
trInFflWvbIWtp4yv6Vf
=bm5p
-----END PGP SIGNATURE-----