Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d7ac4d9130
Branches Tags
tor
/
doc
/
TUNING

TUNING 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 
  1. Most operating systems limit an amount of TCP sockets that can be used 
    2. 

  2. simultaneously. It is possible for a busy Tor relay to run into these
    3. 

  3. limits, thus being unable to fully utilize the bandwidth resources it 
    4. 

  4. has at its disposal. Following system-specific tips might be helpful
    5. 

  5. to alleviate the aforementioned problem.
    6. 

  6. 

  7. Linux
    8. 

  8. -----
    9. 

  9. 

  10. Use 'ulimit -n' to raise an allowed number of file descriptors to be 
    11. 

  11. opened on your host at the same time.
    12. 

  12. 

  13. FreeBSD
    14. 

  14. -------
    15. 

  15. 

  16. Tune the followind sysctl(8) variables:
    17. 

  17.  * kern.maxfiles - maximum allowed file descriptors (for entire system)
    18. 

  18.  * kern.maxfilesperproc - maximum file descriptors one process is allowed
    19. 

  19.    to use
    20. 

  20.  * kern.ipc.maxsockets - overall maximum numbers of sockets for entire 
    21. 

  21.    system
    22. 

  22.  * kern.ipc.somaxconn - size of listen queue for incoming TCP connections
    23. 

  23.    for entire system
    24. 

  24. 

  25. See also:
    26. 

  26.  * https://www.freebsd.org/doc/handbook/configtuning-kernel-limits.html
    27. 

  27.  * https://wiki.freebsd.org/NetworkPerformanceTuning
    28. 

  28. 

  29. Mac OS X
    30. 

  30. --------
    31. 

  31. 

  32. Since Mac OS X is BSD-based system, most of the above hold for OS X as well.
    33. 

  33. However, launchd(8) is known to modify kern.maxfiles and kern.maxfilesperproc
    34. 

  34. when it launches tor service (see launchd.plist(5) manpage). Also, 
    35. 

  35. kern.ipc.maxsockets is determined dynamically by the system and thus is 
    36. 

  36. read-only on OS X.
    37. 

  37. 

  38. OpenBSD
    39. 

  39. -------
    40. 

  40. 

  41. For recent versions of OpenBSD (5.5 and 5.6, and probably older releases
    42. 

  42. as well), the maximum number of file descriptors that can be opened is
    43. 

  43. 7030:
    44. 

  44. 

  45. http://unix.stackexchange.com/questions/104929/does-openbsd-have-a-limit-to-the-number-of-file-descriptors/104948#104948
    46. 

  46. 

  47. The maximum number of file descriptors that an OpenBSD machine can have
    48. 

  48. open is stored in the sysctl variable kern.maxfiles. This value defaults
    49. 

  49. to 7030 - to verify this, run sysctl kern.maxfiles.
    50. 

  50. 

  51. To immediately change a running system's file descriptor limit to, for
    52. 

  52. example, 20,000 files, run sudo sysctl kern.maxfiles=20000. All sysctl
    53. 

  53. variables are reset upon reboot using defaults and /etc/sysctl.conf, so
    54. 

  54. to make your change permanent you must add the line kern.maxfiles=20000
    55. 

  55. to /etc/sysctl.conf.
    56. 

  56. 

  57. One can also change a maximum number of allowed file descriptors for Tor
    58. 

  58. daemon alone by editing /etc/rc.d/tor and adding the following lines:
    59. 

  59. 

  60. tor:\
    61. 

  61.         :openfiles-max=8192:\
    62. 

  62.         :tc=daemon:
    63. 

  63. 

  64. However, there are stricter limits set on users. This is a security
    65. 

  65. feature intended to prevent one user from choking out others by opening
    66. 

  66. all possible file descriptors.
    67. 

  67. 

  68. The stricter limits are set in /etc/login.conf. This config file sets
    69. 

  69. resource access rules for user classes. You should be running
    70. 

  70. Tor as a non-privileged daemon user '_tor', which belongs to the 'daemon'
    71. 

  71. class. It will therefore be subject to the 'default' and 'daemon' rules.
    72. 

  72. There are two relevant rules: openfiles-cur and openfiles-max. The prior
    73. 

  73. is the initial limit upon login - the soft limit. The latter is the maximum
    74. 

  74. limit that can be set using 'ulimit -n' or setrlimit() without editing
    75. 

  75. /etc/login.conf and rebooting. This is known as the hard limit.
    76. 

  76. 

  77. Without editing /etc/login.conf, daemon-owned processes have
    78. 

  78. soft limit of 512 open files and a hard limit of 1024 open files.
    79. 

  79. Tor can increase the soft limit as needed, so you will therefore
    80. 

  80. eventually get warnings about running out of available file descriptors
    81. 

  81. once Tor reaches ~1024 open files.
    82. 

  82. 

  83. To increase the hard limit, add the following line to the daemon class
    84. 

  84. rules in /etc/login.conf:
    85. 

  85. 

  86. tor:\
    87. 

  87.         :openfiles-max=8192:\
    88. 

  88.         :tc=daemon:
    89. 

  89. 

  90. Upon restarting the machine, Tor will be able to open up to 6500 file
    91. 

  91. descriptors.
    92. 

  92. 

  93. Be aware that, by doing this, you are bypassing a security and stability
    94. 

  94. feature of the OS. If you are running your relay on a weak or old system,
    95. 

  95. watch your system load to ensure that it can handle this many open files.
    96. 

  96. Also, Tor may interfere with any other programs that open many files.
    97. 

  97. 

  98. Disclaimer
    99. 

  99. ----------
    100. 

  100. 

  101. Do note that this document is a draft and above information may be
    102. 

  102. technically incorrect and/or incomplete. If so, please open a ticket
    103. 

  103. on https://trac.torproject.org or post to tor-relays mailing list.
    104. 

  104. 

  105. Are you running a busy Tor relay? Let us know how you are solving
    106. 

  106. the out-of-sockets problem on your system.
    107. 

  107.