[tor-relays] Syslog: Kernel TCP: Too many orphaned sockets
Tristan
supersluether at gmail.com
Fri Aug 5 15:46:05 UTC 2016
Well, since changing the setting from 2048 to 200,000, my exit is still
running fine, and I'm not seeing a drastic increase in RAM usage.
You said each orphan can use up to 64K of memory. Maybe "up to" is the
magic phrase?
On Aug 5, 2016 10:42 AM, "Christian Pietsch" <
christian.pietsch at digitalcourage.de> wrote:
> The exit relay we (Digitalcourage) run gets this warning a lot, but it
> started only recently. I guess it is related to the DDoS attacks (syn
> flood) we get lately.
>
> Debian seems to set /proc/sys/net/ipv4/tcp_max_orphans automatically so
> that up to a quarter of the installed amount of RAM is used for this.
> (“Let me remind you again: each orphan eats up to 64K of unswappable
> memory” – https://serverfault.com/questions/624911/what-does-
> tcp-too-many-orphaned-sockets-mean)
>
> So 262,144 value in Torservers' config will eat up to 16 GiB. I am not
> sure if overriding Debian's setting is a good idea. Any advice? Is this
> warning more than an annoyance?
>
> Cheers,
> Christian
>
>
> On Mon, Aug 01, 2016 at 09:12:12PM -0500, Tristan wrote:
> > My default setting was 2048. I changed it to 200,000 for now. I haven't
> > really played with sysctl at all. The only change I've ever made in there
> > was for swappiness.
> >
> > On Mon, Aug 1, 2016 at 8:04 PM, Green Dream <greendream848 at gmail.com>
> wrote:
> >
> > > It's related to /proc/sys/net/ipv4/tcp_max_orphans
> > >
> > > "Maximal number of TCP sockets not attached to any user file handle,
> held
> > > by system. If this number is exceeded orphaned connections are reset
> > > immediately and warning is printed."
> > >
> > > So, I'd start by checking the value of tcp_max_orphans (with "cat
> > > /proc/sys/net/ipv4/tcp_max_orphans"). The widely distributed
> sysctl.conf
> > > tweaks for Linux relays suggests a value of 262144. I think the
> default in
> > > many distros may be 4096, perhaps too low for an Exit.
> > >
> > > Some references:
> > >
> > >
> > > https://serverfault.com/questions/624911/what-does-
> tcp-too-many-orphaned-sockets-mean
> > >
> > > https://raw.githubusercontent.com/torservers/server-config-
> templates/master/sysctl.conf
> > >
> > > If you need help making the sysctl tweaks let me know.
> > >
> > >
> > > _______________________________________________
> > > tor-relays mailing list
> > > tor-relays at lists.torproject.org
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > >
> > >
> >
> >
>
>
> --
> Digitalcourage e.V., Marktstr. 18, D-33602 Bielefeld, Germany
> Tel: +49-521-1639 1639 | Fax: +49-521-61172 | mail at digitalcourage.de
> https://digitalcourage.de | https://bigbrotherawards.de
>
> Vorratsdatenspeicherung? Nicht schon wieder! Unterstützen Sie
> unsere Verfassungsbeschwerde: https://digitalcourage.de/weg-mit-vds
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160805/acc649e1/attachment.html>
More information about the tor-relays
mailing list