[tor-relays] Too many connections warning

Torix torix at protonmail.com
Thu Dec 7 15:58:41 UTC 2017 

I am running Debian Jesse that was recommended by the Tor docs.  As I remember, some part of an install script reset my file limits to 65536, which is what I get with:
ulimit -n
I have never had to think about this, but I'm not running anything big; I have about  2500 - 3000 connections, but I'm offering this number, as it was not set by me, but by wiser minds than mine.

Sent with [ProtonMail](https://protonmail.com) Secure Email.

> -------- Original Message --------
> Subject: Re: [tor-relays] Too many connections warning
> Local Time: December 7, 2017 10:46 AM
> UTC Time: December 7, 2017 3:46 PM
> From: r1610091651 at telenet.be
> To: tor-relays at lists.torproject.org
>
> Hi
>
> I think tor already has 32k open files limit, hence the error. Just to make sure, try this:
>
> cat /proc/`cat /run/tor/tor.pid`/limits
>
> Notice the line with "Max open files"
>
> Depending on how tor is started, you might need to change the config:
> with systemd
>   /lib/systemd/system/tor at default.service:
>       LimitNOFILE=xxxxx     <= change this
> with init
>   /etc/security/limits.conf:
>       *                soft    nofile          8192
>       *                hard    nofile          32768
>       that one can be change /user (username), /group, ... or for all users (*)
>
> Bye
>
> On Thu, 7 Dec 2017 at 16:25 Tyler Johnson <tylrcjhnsn at gmail.com> wrote:
>
>> I believe this warning describes a lack of available file descriptors, limiting the amount of connections your tor relay is able to make.
>>
>> ulimit -n is exactly the command you want to use to raise that limit from your current 1024.
>>
>> What exactly that number should be, I couldn't say, but you could start at 10000 and raise / lower based on your needs and resources.
>>
>> Raising a similar limit on OpenBSD from the default to 20000 helped eliminate the error for me.
>>
>> On Dec 7, 2017 7:28 AM, "Logforme" <m7527 at abc.se> wrote:
>>
>>> I run the non-exit relay Logforme (855BC2DABE24C861CD887DB9B2E950424B49FC34).
>>>
>>> Today I saw a new warning in my tor log file:
>>> Dec 07 09:48:12.000 [warn] Failing because we have 32735 connections already. Please read doc/TUNING for guidance.
>>>
>>> The relay runs on an old Debian Wheezy machine. Me being a Linux noob I tried to read the doc/TUNING document (https://gitweb.torproject.org/tor.git/tree/doc/TUNING) but the only information I deemed suitable for me was "Use ulimit -n", which I ran and it reported "1024". I guess that's not of interest for this warning.
>>>
>>> Over the years I have added some stuff to my sysctl.conf file that I have picked up. Don't remember from where:
>>> # Tor
>>> net.core.rmem_max = 33554432
>>> net.core.wmem_max = 33554432
>>> net.ipv4.tcp_rmem = 4096 87380 33554432
>>> net.ipv4.tcp_wmem = 4096 65536 33554432
>>> net.core.rmem_default = 524287
>>> net.core.wmem_default = 524287
>>> net.core.optmem_max = 524287
>>> net.core.netdev_max_backlog = 300000
>>> net.ipv4.tcp_mem = 33554432 33554432 33554432
>>> net.ipv4.tcp_max_orphans = 300000
>>> net.ipv4.tcp_max_syn_backlog = 300000
>>> net.ipv4.tcp_fin_timeout = 4
>>> vm.min_free_kbytes = 65536
>>> net.ipv4.tcp_keepalive_time = 60
>>> net.ipv4.tcp_keepalive_intvl = 10
>>> net.ipv4.tcp_keepalive_probes = 3
>>> net.ipv4.ip_local_port_range = 1025 65530
>>> net.core.somaxconn = 30720
>>> net.ipv4.tcp_max_tw_buckets = 2000000
>>> net.ipv4.tcp_timestamps = 0
>>> net.ipv4.tcp_challenge_ack_limit = 999999999
>>>
>>> None of the values seem to match the 32735 mentioned in the warning so I'm at a loss for what I am supposed to change.
>>> Anyone knowledgeable of these things that can give me some pointers?
>>>
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171207/a00ccdc7/attachment-0001.html>

More information about the tor-relays mailing list