Re: (changed subject) Re: net/i2pd: FD talk and limits and ISP routers too weak maybe
>>> >>> like I asked and no one answered: where >>>can I check HARD LIMIT of my >>> computer? >> >> you can't really. you can try increasing >>until you run into problems and back >> off a bit, but it probably depends on what >>else the kernel is doing. usual >> approach is to restrict the software to >>using the resources that you expect it >> to actually need and restrict it from making >>more demands than that to orotect >> the rest of the system. >this sounds like a bug to me >hard limit must be known, else is like playing >cards, you never know when you >lose (you crash) >and no one answered my question yet about >i2pd's connections to other routhers >with can well surpass 8192 up to +3 >connections, and if I am right then >each connection needs a FD? I worked with >networking and programming a little, >so this makes sense to me can anyone >verify? >if yes, then yes this is a bug and I am >disappointed that the only way is to >run blindly and trust before crash I might be out of line here since I’m new to OS dev stuff, but what you’re asking doesn’t really make sense to me. A file descriptor is a software abstraction built onto the hardware and the exact implementation changes from case to case dependent on hardware. It’s like if I asked my doctor “give me the exact limit of bicep curls I can do in an hour.” In the same way the body has no conception of a bicep curl(only the fatigue from moving), the hardware doesn’t know what you mean by a file descriptor(only the residual resources needed to maintain one), and there’s like 20 ways of doing a bicep curl, so demanding such a concrete hard limit number makes no sense. - Bruce On Tue, Jan 30, 2024 at 6:52 AM wrote: > On Tue, January 30, 2024 11:23 am, Stuart Henderson wrote: > > On 2024/01/30 10:53, beecdadd...@danwin1210.de wrote: > > > >> I see the confusion I made I am sorry, when I said routers crash I meant > >> actual ISP hardware routers. > > > > For an ISP "customer premises equipment" router (home/officr router)? > > That often means you made too many connections and exceeded the size of > > NAT/firewall state table that they can cope with. Also for ISPs with > > CGN, you might have a limited port-range that you're allowed to use and > > can't make more connections once that has been exceeded. > > is there way to verify it's the 1st thing, which can be fixed by custom > router, yes? > any computer with 2 NICs can be a OpenBSD router, yes? I seen people do > that, > is cool > > > > >> like I asked and no one answered: where can I check HARD LIMIT of my > >> computer? > > > > you can't really. you can try increasing until you run into problems and > back > > off a bit, but it probably depends on what else the kernel is doing. > usual > > approach is to restrict the software to using the resources that you > expect it > > to actually need and restrict it from making more demands than that to > orotect > > the rest of the system. > > this sounds like a bug to me > hard limit must be known, else is like playing cards, you never know when > you > lose (you crash) > and no one answered my question yet about i2pd's connections to other > routhers > with can well surpass 8192 up to +3 connections, and if I am right then > each connection needs a FD? I worked with networking and programming a > little, > so this makes sense to me can anyone verify? > if yes, then yes this is a bug and I am disappointed that the only way is > to > run blindly and trust before crash > > > > >> what it depends on, on CPU? where is utility that shows max FDs, and > >> per-running-process FD usage and their max setting? if this does not > exist, > >> I think why not? > >> I think if user has to manually set FD limits and know potential of > programs > >> and OpenBSD and hardware, where is utility to help with that? I did > search > >> on the internet, all shit.. > > > > fstat shows per-process FD use, but the kernel backend for it is a bit > buggy > > and can sometimes crash the kernel, so it is best to avoid running it on > an > > important system. > > > > > > oh really > I probably cannot verify the usage of I2Pd if it exceeds 8192 because my > router goes stupid and crashes, can you? > if you can't I'll give it a try, please tell me if you can.. I would try > increasing bandwidth speed to X and transit tunnels to maybe 10k, try with > a > floodfill maybe, too.. because even many tunnels - there can be many to 1 > i2pd > peer(i2pd router) which translates to 1 FD, right? > and if you go to web console of i2pd and go to Transit Tunnels tab, you > can see > => [some number like ID] 5.0 KiB, and then you see more of same, but the > arrow > '=>' is not there, so that maybe indicates it's the same peer/i2pd router > that > the following tunnels are to/from.. most have 1 tunnel, some have 6 > tunnels, a > lot have 2 tunnels > > but I am not getting FD count with fstat, the number is not the same with > 'Routers' in web console of i2pd, so maybe I was wrong > or may
Re: (changed subject) Re: net/i2pd: FD talk and limits and ISP routers too weak maybe
>I'm also not a OS dev >cannot the OS do some testing/benchmarking >to get a grasp on what the limit >could be? >YOU are the OS in your example, and you >would know the limit when you would do >curls slower and maybe you would get more >and more pain.. >and crash in your example would be your >muscle being in such pain you wouldn't >be able to do anything with your >arm/whatever So your body automatically benchmarks how many bicep curls you can do in an hour without you having to think about it? You use your body to measure the bicep curls it can do, it doesn’t automatically do that. You can use your OS to perform the benchmark, but to expect the OS to designate resources automatically to benchmark itself is equal portions naïve and obtuse. You have a very specific use-case, you should do the work to find your answer. On Tue, Jan 30, 2024 at 10:20 AM wrote: > I'm also not a OS dev > cannot the OS do some testing/benchmarking to get a grasp on what the limit > could be? > YOU are the OS in your example, and you would know the limit when you > would do > curls slower and maybe you would get more and more pain.. > and crash in your example would be your muscle being in such pain you > wouldn't > be able to do anything with your arm/whatever > > so you're saying the only fucking way to know a true hardware limit is the > worst that could be - a crash??? > what if crash doesn't happen right away? in my case hardware ISP router > could > be limiting the potential of i2pd software or torrenting software > boom corrupted data, processes, uncompleted important work, lost important > work, pain in ass, etc > literally couldn't that corrupt the entire system, a crash? > > tell me I am worrying too much, but even then a crash is the worst thing > someone can rely on, I think it's unprofessional that the OS allows for > that > sort of insecurity > if all you said and I said is correct, I consider that to be a security > vulnerability at least, not to mention other vulnerabilities > > On Tue, January 30, 2024 1:32 pm, Bruce Jagid wrote: > >>>> > > >>>> like I asked and no one answered: where >>>can I check HARD LIMIT of > my > >>>> computer? > >>> > >>> you can't really. you can try increasing >>until you run into problems > > and back > >>> off a bit, but it probably depends on what >>else the kernel is doing. > > usual > >>> approach is to restrict the software to >>using the resources that you > > expect it > >>> to actually need and restrict it from making >>more demands than that > to > > orotect > >>> the rest of the system. > > > >> this sounds like a bug to me hard limit must be known, else is like > playing > >> >cards, you never know when > > you > >> lose (you crash) and no one answered my question yet about >i2pd's > >> connections to other > > routhers > >> with can well surpass 8192 up to +3 >connections, and if I am right > > then > >> each connection needs a FD? I worked with >networking and programming a > > little, > >> so this makes sense to me can anyone >verify? if yes, then yes this is > a bug > >> and I am >disappointed that the only way is > > to > >> run blindly and trust before crash > > > > I might be out of line here since I’m new to OS dev stuff, but what > you’re > > asking doesn’t really make sense to me. A file descriptor is a software > > abstraction built onto the hardware and the exact implementation changes > from > > case to case dependent on hardware. It’s like if I asked my doctor “give > me > > the exact limit of bicep curls I can do in an hour.” In the same way the > body > > has no conception of a bicep curl(only the fatigue from moving), the > hardware > > doesn’t know what you mean by a file descriptor(only the residual > resources > > needed to maintain one), and there’s like 20 ways of doing a bicep curl, > so > > demanding such a concrete hard limit number makes no sense. > > > > - Bruce > > > > > > On Tue, Jan 30, 2024 at 6:52 AM wrote: > > > > > >> On Tue, January 30, 2024 11:23 am, Stuart Henderson wrote: > >> > >>> On 2024/01/30 10:53, beecdadd...@danwin1210.de wrote: > >>> > >>> > >>>> I see the confusion I made I am sorry, when I said routers crash I > >>>> meant actual ISP hardware routers. > >>> > >>> For an ISP "customer premises equipment&
Re: (changed subject) Re: net/i2pd: FD talk and limits and ISP routers too weak maybe
If you actually thought you knew what you were talking about, you wouldn’t feel the need to insert “I’m not an OS Dev” after everything you say On Tue, Jan 30, 2024 at 11:05 AM wrote: > oh, Theo, if I were to start changing thing to the perfect OS > security-wise, > it wouldn't even look like OpenBSD code anymore, but OpenBSD still best > what > world have to offer > > so do you agree with my logic? at least give me that > at least tell me is this how things stand FD-wise/limit-wise/whatever, you > probably know the best out of all I e-mailed with > > no attempt yet,in future I hope,it's not a I am too lazy reason > > On Tue, January 30, 2024 3:58 pm, Theo de Raadt wrote: > > beecdadd...@danwin1210.de wrote: > > > >> I know system shares all resources including FDs > >> as far as I know there's what kernel/OS needs and is using and the rest > of > >> users including but not limited to staff and daemon users/programs like > >> i2pd all I was wondering is the limit or amount of FDs and other > resources > >> the rest of users of daemon can use in my head is a total amount which > >> apparently is unknown (I have been told why, but how can anyone work > with > >> that? it's like relying on someone mentally unstable) which is then > devided, > >> kernel/OS gets all that it needs, users and daemons get the rest which > IS > >> DIVIDED (in my head) until there is no more to > >> divide/give away/share am I close? > >> > >> okay maybe not make all available resources to 1 program is not how it > >> works but why not if that's the only programs that's running? I do not > >> understand if it's even possible to do what I'm asking or questioning, > I am > >> not a OS dev because of reasons, but I like discussing such because I > like > >> OS-dev > >> > >> > >> and just because what I ask isn't how it works doesn't mean it's bad? it > >> could mean > > > > You've been provided with all the source code. > > > > > > Where is your attempt to change things? > > > > > > > > >
