Exceeding connection limit

Scott Bennett bennett at cs.niu.edu
Thu Dec 4 15:09:04 UTC 2008 

     On Wed, 3 Dec 2008 19:40:54 -0500 phobos at rootme.org wrote
>On Wed, Dec 03, 2008 at 11:44:13PM +0100, slush at centrum.cz wrote 2.4K bytes in 54 lines about:
>: is there any easy way, how to limit connections for Tor? Thousands of
>: connections often breaks my lowcost ADSL router at home and I have to
>: restart it.
>
>This is a FAQ answer,
>https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#CablemodemCrashes
>
>: I think it should be similar option like Bandwidth rate. Or is there any
>: reason, why there must be thousands of connection from point of Tor network
>: design?
>
>In the manual page, there is:
>ConnLimit NUM
> The minimum number of file descriptors that must be available to the
>Tor process before it will start. Tor will ask the OS for as many file
>descriptors as the OS will allow (you can find this by "ulimit -H -n").
>If this number is less than ConnLimit, then Tor will refuse to start. 
> You probably don't need to adjust this. It has no effect on Windows
>since that platform lacks getrlimit(). (Default: 1000)
>
>This may or may not work to fix the problems with a poorly designed ADSL
>router.  

     This appears to be a problem on many/all electronics store routers.
My suspicion is that these routers have fairly tight memory restrictions
and can support only small tables for state, NAT, and so forth.  Linksys
routers, for example, typically choke when their NAT/RDR capacity is exceeded,
refusing thereafter to allow any new outbound NATed connections until they
have been rebooted.
     All small routers I've used with tor when running a relay have never
allowed more than 200 - 400 simultaneously open connections.  I now have
my FreeBSD 6.3 system connected directly to the cable modem with pf handling
the RDRs, and the relay no longer encounters limits that low.  After the
relay has been running for several days, the number of connections has usually
slowly grown to hover in the 1000 - 1400 range.  I don't know why it stops
there, but it may just be a consequence of the limited transmission rate of my
Internet link.  It's certainly not due to memory or CPU speed limitations.
>
>As for the design questions, I'll let someone else answer that as I
>can't find the details as to why right now.

     I thought this issue had come up several times on this list already
and that a torrc option was now available to set a maximum number of
connections.  I don't see such an option in the 0.2.1.7-alpha man page,
however.  Perhaps it's one of those undocumented options.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

More information about the tor-talk mailing list