Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[openbsd]

Just to add a facts-based confirmation: my i2pd router[*] is running with 
openfiles-cur=4096, openfiles-max=4096 and kern.maxfiles=8192 (as proposed by 
Klemens) without any problem since more than 3 days.

This is by no means an extensive survey, but these values seem definitely 
sufficient to me for a regular router.

I didn't try to run a floodfill due to my server's constraints.

Cheers.

[*] There's indeed a potential for confusion in the fact that each node of the 
I2P network is called a router...


On Monday, January 29th, 2024 at 10:12 PM, open...@systemfailure.net wrote:

> As far as I understand, a maximum limit of 4096 open file descriptors is 
> sufficient for most users.
> 

> This limit should be raised to 8192 for floodfills, but a router becomes a 
> floodfill only if 2 conditions are met:
> - it has a sufficiently high bandwidth
> - the user has set "floodfill = true" in i2pd.conf (by default it is false)
> 

> So this feature must be enabled explicitly, and AFAIK most routers are not 
> floodfills.
> 

> In your case, even 8192 doesn't seem enough, because you're torrenting. 
> You're certainly not the only one to use the I2P network for anonymous file 
> sharing, but IMHO this is not the most generic use case.
> 

> > why are yo uignoring my reply? 4096 doesn't cover everyone like I said 
> > people
> > can become floodfills automatically and floodfills means 8192
> > 

> > On Sun, January 28, 2024 7:52 pm, Klemens Nanni wrote:
> > 

> > > On Sun, Jan 28, 2024 at 06:15:52PM +, Stuart Henderson wrote:
> > > 

> > > > On 2024/01/27 21:54, open...@systemfailure.net wrote:
> > > > 

> > > > > According to i2pd's online documentation [1], the maximum number of 
> > > > > open
> > > > > file descriptors is 4096 for a regular node, and 8192 for a floodfill
> > > > > [2].
> > > > > 

> > > > > I have never measured how many FDs i2pd is really using, but this
> > > > > software for sure needs a lot of them.
> > > > > 

> > > > > So I guess we can set 4096 as default value, and inform users in the
> > > > > README file that this value should be raised to 8192 for floodfills.
> > > > 

> > > > 4096 doesn't seem too unreasonable, it's below default levels of
> > > > kern.maxfiles, so if that's enough for the software I'd be happy with 
> > > > setting
> > > > that in a login.conf.d file.
> > > 

> > > Thanks for all you feedback.
> > > OK?
> > > 

> > > Index: Makefile
> > > ===
> > > RCS file: /cvs/ports/net/i2pd/Makefile,v
> > > diff -u -p -r1.22 Makefile --- Makefile 13 Jan 2024 16:21:39 - 1.22
> > > +++ Makefile 24 Jan 2024 22:21:26 -
> > > @@ -3,6 +3,7 @@ COMMENT = client for the I2P anonymous n
> > > GH_ACCOUNT = PurpleI2P
> > > GH_PROJECT = i2pd
> > > GH_TAGNAME = 2.50.2
> > > +REVISION = 0
> > > 

> > > CATEGORIES = net
> > > HOMEPAGE = https://i2pd.website
> > > Index: pkg/PLIST
> > > ===
> > > RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
> > > diff -u -p -r1.12 PLIST --- pkg/PLIST 20 Dec 2023 22:19:44 - 1.12
> > > +++ pkg/PLIST 24 Jan 2024 22:30:37 -
> > > @@ -237,3 +237,7 @@ share/examples/i2pd/tunnels.conf
> > > @owner _i2pd
> > > @group _i2pd
> > > @sample ${SYSCONFDIR}/i2pd/tunnels.conf
> > > +@owner
> > > +@group
> > > +share/examples/login.conf.d/i2pd
> > > +@sample ${SYSCONFDIR}/login.conf.d/i2pd
> > > Index: pkg/README
> > > ===
> > > RCS file: /cvs/ports/net/i2pd/pkg/README,v
> > > diff -u -p -r1.3 README --- pkg/README 8 Nov 2022 12:41:42 - 1.3
> > > +++ pkg/README 28 Jan 2024 19:51:52 -
> > > @@ -5,20 +5,7 @@
> > > Resource Limits: File Descriptors
> > > =
> > > 

> > > -By default, the i2pd process runs in the login(1) class of "daemon".
> > > -The default limits on file descriptors are insufficient to run i2pd; 
> > > instead
> > > you -should put the _i2pd user and process in their own login(1) class 
> > > with
> > > tuned -resources.
> > > -You should also raise the system-wide maxfiles limit.
> > > +You should raise the system-wide maxfiles limit:
> > > 

> > > -1. Configure i2pd login class in the login.conf(5) file:
> > > -
> > > - i2pd:\
> > > - :openfiles-cur=8192:\
> > > - :openfiles-max=8192:\
> > > - :tc=daemon:
> > > -
> > > -2. Adjust kern.maxfiles, if needed:
> > > -
> > > - # sysctl kern.maxfiles=16000
> > > - # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
> > > + # sysctl kern.maxfiles=8192
> > > + # echo "kern.maxfiles=8192" >> /etc/sysctl.conf
> > > Index: pkg/i2pd.login
> > > ===
> > > RCS file: pkg/i2pd.login
> > > diff -N pkg/i2pd.login --- /dev/null 1 Jan 1970 00:00:00 -
> > > +++ pkg/i2pd.login 28 Jan 2024 19:51:32 -
> > > @@ -0,0 +1,4 @@
> > > +i2pd:\
> > > + :openfiles-cur=4096:\
> > > + :openfiles-max=4096:\
> > > + :tc=daemon:

Re: [Fwd: Re: net/i2pd: move login.conf(5) bits from README to i2pd.login]

[Stuart Henderson]

On 2024/01/30 10:53, beecdadd...@danwin1210.de wrote:
> I see the confusion I made I am sorry, when I said routers crash I meant
> actual ISP hardware routers.

For an ISP "customer premises equipment" router (home/officr router)?
That often means you made too many connections and exceeded the size of
NAT/firewall state table that they can cope with. Also for ISPs with
CGN, you might have a limited port-range that you're allowed to use and
can't make more connections once that has been exceeded.

> like I asked and no one answered: where can I check HARD LIMIT of my computer?

you can't really. you can try increasing until you run into problems and
back off a bit, but it probably depends on what else the kernel is
doing. usual approach is to restrict the software to using the resources
that you expect it to actually need and restrict it from making more
demands than that to orotect the rest of the system.

> what it depends on, on CPU? where is utility that shows max FDs, and
> per-running-process FD usage and their max setting?
> if this does not exist, I think why not?
> I think if user has to manually set FD limits and know potential of programs
> and OpenBSD and hardware, where is utility to help with that? I did search on
> the internet, all shit..

fstat shows per-process FD use, but the kernel backend for it is a bit
buggy and can sometimes crash the kernel, so it is best to avoid running
it on an important system.

Re: [Fwd: Re: net/i2pd: move login.conf(5) bits from README to i2pd.login]

[beecdaddict]

I see the confusion I made I am sorry, when I said routers crash I meant
actual ISP hardware routers.

not sure how torrenting with i2pd should increase crashing risk as connections
are pre-made with I2P, so qBitorrent I think is just using a proxy and
connections being made shouldn't increase FD count? I am not sure exactly, but
something tells me that the connections being made by torrenting and thus FD
count increased is pre-handled by i2pd already as I2Pd has connections
in-place already? I am not sure but this makes some sense

it should be the ideal OS choice because security shouldn't come with
compromises, and those that do are uncapable of divine intellect creation!
I think OpenBSD should suffice for the use-case, not sure.
if something crashes or is not at 100% potential, something should be fixed.

like I asked and no one answered: where can I check HARD LIMIT of my computer?
what it depends on, on CPU? where is utility that shows max FDs, and
per-running-process FD usage and their max setting?
if this does not exist, I think why not?
I think if user has to manually set FD limits and know potential of programs
and OpenBSD and hardware, where is utility to help with that? I did search on
the internet, all shit..

- best regards and with hope because I thought no one interested

On Mon, January 29, 2024 10:23 pm, open...@systemfailure.net wrote:
> As I implied in another message, this file limit problem, causing your i2pd
> instance to crash, is not related to i2pd itself but to torrenting. I guess
> OpenBSD, with its strict security defaults, may not be the ideal operating
> system for high volume torrenting...
>
>
> On Sunday, January 28th, 2024 at 11:41 AM, beecdaddict at danwin1210.de
>  wrote:
>
>
>> and that doesn't cover routers crashing/rebooting? is there anything to be
>> done about that? router als ocrashes with high normal clernet traffic
>> torrenting.. a little off topic so sorry, perhaps router ran out of file
>> descriptors xd
>>
>
>> On Sat, January 27, 2024 10:34 pm, open...@systemfailure.net wrote:
>>
>>
>
>>> i2pd has always been working fine for me with the port's default values
>>> of openfiles-cur=8192, openfiles-max=8192 and kern.maxfiles=16000. These
>>> values are probably even overkill according to i2pd's documentation.
>>>
>
>>> But I'm not using it for torrenting, and my router is not a floodfill. I
>>> guess that torrenting may exhaust available file descriptors pretty
>>> quickly.
>>>
>
>>> My 2 cents.
>>>
>>>
>
>>> On 2024-01-27 19:29 beecdadd...@danwin1210.de wrote:
>>>
>>>
>
>>>> -- Original Message
>>>> --
>>>> Subject: Re: net/i2pd: move login.conf(5) bits from README to i2pd.login
>>>>  From: beecdadd...@danwin1210.de
>>>> Date: Sat, January 27, 2024 7:16 pm
>>>> To: "Stuart Henderson" s...@spacehopper.org
>>>> 
>>>> 
>>>> --
>>>>
>>>
>
>>>> this software crashes all lower-bandwidth routers I tried using it on.
>>>> my computer crashed a few times, but probably not because of what you
>>>> said.. I did have kern.maxfiles set to 65565 or something like that,
>>>> which probably was able to cause the crash.. so I ask how can someone
>>>> check how many openfiles are supported? What depends on how many you can
>>>> have?
>>>
>
>>>> i2pd is something similar to torrenting, but anonymous meaning it
>>>> protects us from anyone including abusive governments and people you
>>>> make connection to routers(other peers runing I2P software like i2pd)
>>>> and do it so many times how many connections you make depends on how
>>>> many tunnels you allow (default
>>>> 5000) and probably speed bandwidth
>>>>
>>>
>
>>>> It can use as much as someone allows it.. which be tricky on openbsd
>>>> because user has to set openfiles, cannot be flexible at runtime. and no
>>>> idea what counts as openfile in i2pd, tunnels? routers maybe, too? so by
>>>> default if tunnels 5000 unchange from i2pd.conf, could up to 15k
>>>> openfiles, who knows? But default speed is I think 32 KB/sec, which is
>>>> very low, so almost everyone increases it.
>>>
>
>>>> would love to know how to find out what best number your computer can
>>>> handle openfiles, what about shminfo? maxproc? maxvnodes? somaxconn?
>>>
>
>>>> how can find out max connections my router can handle? maybe router
>>>> overheat? he does same with qbittorrent, internet connection goes
>>>> goodbye
>>>
>
>>>> i2pd very very good project, worked on by Russians, they have no
>>>> freedom of speech
>>>
>
>>>> I updated to -current and I still have to set /etc/login.conf.d/i2pd
>>>> manually, otherwise I2Pd status is "no descriptors"
>>>
>
>>>> so yes 8192 seems low, not excessive, is similar to running webserver
>>>> maybe
>>>
>
>>>> and if OpenBSD crashes because of whoops no openfiles to give, CRASH,
>>>> that is bad need fix
>>>
>
>>>> hope this helps, thanks for maintenance.
>>
>
>>
>
>> [ REDACTED ]

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[openbsd]

As far as I understand, a maximum limit of 4096 open file descriptors is 
sufficient for most users.

This limit should be raised to 8192 for floodfills, but a router becomes a 
floodfill only if 2 conditions are met:
- it has a sufficiently high bandwidth
- the user has set "floodfill = true" in i2pd.conf (by default it is false)

So this feature must be enabled explicitly, and AFAIK most routers are not 
floodfills.

In your case, even 8192 doesn't seem enough, because you're torrenting. You're 
certainly not the only one to use the I2P network for anonymous file sharing, 
but IMHO this is not the most generic use case.


> why are yo uignoring my reply? 4096 doesn't cover everyone like I said people
> can become floodfills automatically and floodfills means 8192
>
>
>On Sun, January 28, 2024 7:52 pm, Klemens Nanni wrote:
>> On Sun, Jan 28, 2024 at 06:15:52PM +, Stuart Henderson wrote:
>>
>>> On 2024/01/27 21:54, open...@systemfailure.net wrote:
>>>
 According to i2pd's online documentation [1], the maximum number of open
 file descriptors is 4096 for a regular node, and 8192 for a floodfill
 [2].


 I have never measured how many FDs i2pd is really using, but this
 software for sure needs a lot of them.

 So I guess we can set 4096 as default value, and inform users in the
 README file that this value should be raised to 8192 for floodfills.

>>>
>>> 4096 doesn't seem too unreasonable, it's below default levels of
>>> kern.maxfiles, so if that's enough for the software I'd be happy with 
>>> setting
>>> that in a login.conf.d file.
>>
>> Thanks for all you feedback.
>> OK?
>>
>>
>>
>> Index: Makefile
>> ===
>> RCS file: /cvs/ports/net/i2pd/Makefile,v
>> diff -u -p -r1.22 Makefile --- Makefile  13 Jan 2024 16:21:39 -  
>> 1.22
>> +++ Makefile 24 Jan 2024 22:21:26 -
>> @@ -3,6 +3,7 @@ COMMENT =client for the I2P anonymous n
>> GH_ACCOUNT = PurpleI2P
>> GH_PROJECT = i2pd
>> GH_TAGNAME = 2.50.2
>> +REVISION =  0
>>
>>
>> CATEGORIES = net
>> HOMEPAGE =   https://i2pd.website
>> Index: pkg/PLIST
>> ===
>> RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
>> diff -u -p -r1.12 PLIST --- pkg/PLIST20 Dec 2023 22:19:44 -  
>> 1.12
>> +++ pkg/PLIST24 Jan 2024 22:30:37 -
>> @@ -237,3 +237,7 @@ share/examples/i2pd/tunnels.conf
>> @owner _i2pd
>> @group _i2pd
>> @sample ${SYSCONFDIR}/i2pd/tunnels.conf
>> +@owner
>> +@group
>> +share/examples/login.conf.d/i2pd
>> +@sample ${SYSCONFDIR}/login.conf.d/i2pd
>> Index: pkg/README
>> ===
>> RCS file: /cvs/ports/net/i2pd/pkg/README,v
>> diff -u -p -r1.3 README --- pkg/README   8 Nov 2022 12:41:42 -   
>> 1.3
>> +++ pkg/README   28 Jan 2024 19:51:52 -
>> @@ -5,20 +5,7 @@
>> Resource Limits: File Descriptors
>> =
>>
>>
>> -By default, the i2pd process runs in the login(1) class of "daemon".
>> -The default limits on file descriptors are insufficient to run i2pd; instead
>> you -should put the _i2pd user and process in their own login(1) class with
>> tuned -resources.
>> -You should also raise the system-wide maxfiles limit.
>> +You should raise the system-wide maxfiles limit:
>>
>>
>> -1. Configure i2pd login class in the login.conf(5) file:
>> -
>> -i2pd:\
>> -:openfiles-cur=8192:\
>> -:openfiles-max=8192:\
>> -:tc=daemon:
>> -
>> -2. Adjust kern.maxfiles, if needed:
>> -
>> -# sysctl kern.maxfiles=16000
>> -# echo "kern.maxfiles=16000" >> /etc/sysctl.conf
>> +# sysctl kern.maxfiles=8192
>> +# echo "kern.maxfiles=8192" >> /etc/sysctl.conf
>> Index: pkg/i2pd.login
>> ===
>> RCS file: pkg/i2pd.login
>> diff -N pkg/i2pd.login --- /dev/null 1 Jan 1970 00:00:00 -
>> +++ pkg/i2pd.login   28 Jan 2024 19:51:32 -
>> @@ -0,0 +1,4 @@
>> +i2pd:\
>> +:openfiles-cur=4096:\
>> +:openfiles-max=4096:\
>> +:tc=daemon:
>>
>>

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[openbsd]

I'm globally OK with your proposal, which is fine for most users, but IMHO it 
would be nice to tell people running floodfills (a not-so-uncommon use case) in 
the README that they should raise the max file limits even more.

I hope the attached patch, with a rephrased README, is clearer...

Thank you and best regards.


On Sunday, January 28th, 2024 at 7:52 PM, Klemens Nanni wrote:

> On Sun, Jan 28, 2024 at 06:15:52PM +, Stuart Henderson wrote:
> 

> > On 2024/01/27 21:54, open...@systemfailure.net wrote:
> > 

> > > According to i2pd's online documentation [1], the maximum number of open 
> > > file descriptors is 4096 for a regular node, and 8192 for a floodfill [2].
> > > 

> > > I have never measured how many FDs i2pd is really using, but this 
> > > software for sure needs a lot of them.
> > > 

> > > So I guess we can set 4096 as default value, and inform users in the 
> > > README file that this value should be raised to 8192 for floodfills.
> > 

> > 4096 doesn't seem too unreasonable, it's below default levels of
> > kern.maxfiles, so if that's enough for the software I'd be happy with
> > setting that in a login.conf.d file.
> 

> 

> Thanks for all you feedback.
> OK?
> 

> 

> Index: Makefile
> ===
> RCS file: /cvs/ports/net/i2pd/Makefile,v
> diff -u -p -r1.22 Makefile
> --- Makefile 13 Jan 2024 16:21:39 - 1.22
> +++ Makefile 24 Jan 2024 22:21:26 -
> @@ -3,6 +3,7 @@ COMMENT = client for the I2P anonymous n
> GH_ACCOUNT = PurpleI2P
> GH_PROJECT = i2pd
> GH_TAGNAME = 2.50.2
> +REVISION = 0
> 

> CATEGORIES = net
> HOMEPAGE = https://i2pd.website
> Index: pkg/PLIST
> ===
> RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
> diff -u -p -r1.12 PLIST
> --- pkg/PLIST 20 Dec 2023 22:19:44 - 1.12
> +++ pkg/PLIST 24 Jan 2024 22:30:37 -
> @@ -237,3 +237,7 @@ share/examples/i2pd/tunnels.conf
> @owner _i2pd
> @group _i2pd
> @sample ${SYSCONFDIR}/i2pd/tunnels.conf
> +@owner
> +@group
> +share/examples/login.conf.d/i2pd
> +@sample ${SYSCONFDIR}/login.conf.d/i2pd
> Index: pkg/README
> ===
> RCS file: /cvs/ports/net/i2pd/pkg/README,v
> diff -u -p -r1.3 README
> --- pkg/README 8 Nov 2022 12:41:42 - 1.3
> +++ pkg/README 28 Jan 2024 19:51:52 -
> @@ -5,20 +5,7 @@
> Resource Limits: File Descriptors
> =
> 

> -By default, the i2pd process runs in the login(1) class of "daemon".
> -The default limits on file descriptors are insufficient to run i2pd; instead 
> you
> -should put the _i2pd user and process in their own login(1) class with tuned
> -resources.
> -You should also raise the system-wide maxfiles limit.
> +You should raise the system-wide maxfiles limit:
> 

> -1. Configure i2pd login class in the login.conf(5) file:
> -
> - i2pd:\
> - :openfiles-cur=8192:\
> - :openfiles-max=8192:\
> - :tc=daemon:
> -
> -2. Adjust kern.maxfiles, if needed:
> -
> - # sysctl kern.maxfiles=16000
> - # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
> 

> + # sysctl kern.maxfiles=8192
> + # echo "kern.maxfiles=8192" >> /etc/sysctl.conf
> 

> Index: pkg/i2pd.login
> ===
> RCS file: pkg/i2pd.login
> diff -N pkg/i2pd.login
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ pkg/i2pd.login 28 Jan 2024 19:51:32 -
> @@ -0,0 +1,4 @@
> +i2pd:\
> + :openfiles-cur=4096:\
> + :openfiles-max=4096:\
> + :tc=daemon:Index: Makefile
===
RCS file: /cvs/ports/net/i2pd/Makefile,v
diff -u -p -r1.22 Makefile
--- Makefile	13 Jan 2024 16:21:39 -	1.22
+++ Makefile	29 Jan 2024 21:33:59 -
@@ -3,6 +3,7 @@ COMMENT =	client for the I2P anonymous n
 GH_ACCOUNT =	PurpleI2P
 GH_PROJECT =	i2pd
 GH_TAGNAME =	2.50.2
+REVISION =	0
 
 CATEGORIES =	net
 HOMEPAGE =	https://i2pd.website
Index: pkg/PLIST
===
RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
diff -u -p -r1.12 PLIST
--- pkg/PLIST	20 Dec 2023 22:19:44 -	1.12
+++ pkg/PLIST	29 Jan 2024 21:33:59 -
@@ -237,3 +237,7 @@ share/examples/i2pd/tunnels.conf
 @owner _i2pd
 @group _i2pd
 @sample ${SYSCONFDIR}/i2pd/tunnels.conf
+@owner
+@group
+share/examples/login.conf.d/i2pd
+@sample ${SYSCONFDIR}/login.conf.d/i2pd
Index: pkg/README
===
RCS file: /cvs/ports/net/i2pd/pkg/README,v
diff -u -p -r1.3 README
--- pkg/README	8 Nov 2022 12:41:42 -	1.3
+++ pkg/README	29 Jan 2024 21:33:59 -
@@ -5,20 +5,22 @@
 Resource Limits: File Descriptors
 =
 
-By default, the i2pd process runs in the login(1) class of "daemon".
-The default limits on file descriptors are insufficient to run i2pd; instead you
-should put the _i2pd user and process in their own login(1) class with tuned
-resources.
-Yo

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[beecdaddict]

is good to know
some software does require a lot of file descriptors, and you might want to
get all potential out of software

On Mon, January 29, 2024 10:09 am, Stuart Henderson wrote:
> On 2024/01/28 20:09, beecdadd...@danwin1210.de wrote:
>
>> why are yo uignoring my reply? 4096 doesn't cover everyone like I said
>> people can become floodfills automatically and floodfills means 8192
>
> If 4096 is not enough and the software requires 8192 to work (which is
> above the default sysctl limit) we'd better just leave it in the readme and 
> not
> add the login.conf.d file. Automating just half of it leaves users in a worse
> position than doing nothing.
>
> Really the software should not assume that it has unlimited resources,
> and scale back when it runs into limits. But that seems a hard concept for 
> some
> programmers to understand.
>
>>
>> On Sun, January 28, 2024 7:52 pm, Klemens Nanni wrote:
>>
>>> On Sun, Jan 28, 2024 at 06:15:52PM +, Stuart Henderson wrote:
>>>
>>>
 On 2024/01/27 21:54, open...@systemfailure.net wrote:


> According to i2pd's online documentation [1], the maximum number of
> open file descriptors is 4096 for a regular node, and 8192 for a
> floodfill [2].
>
>
>
> I have never measured how many FDs i2pd is really using, but this
> software for sure needs a lot of them.
>
> So I guess we can set 4096 as default value, and inform users in the
> README file that this value should be raised to 8192 for floodfills.
>
>

 4096 doesn't seem too unreasonable, it's below default levels of
 kern.maxfiles, so if that's enough for the software I'd be happy with
 setting that in a login.conf.d file.
>>>
>>> Thanks for all you feedback.
>>> OK?
>>>
>>>
>>>
>>>
>>> Index: Makefile
>>> ===
>>> RCS file: /cvs/ports/net/i2pd/Makefile,v
>>> diff -u -p -r1.22 Makefile --- Makefile 13 Jan 2024 16:21:39 -  
>>> 1.22 +++
>>> Makefile24 Jan 2024 22:21:26 -
>>> @@ -3,6 +3,7 @@ COMMENT =   client for the I2P anonymous n
>>> GH_ACCOUNT =PurpleI2P
>>> GH_PROJECT =i2pd
>>> GH_TAGNAME =2.50.2
>>> +REVISION = 0
>>>
>>>
>>>
>>> CATEGORIES =net
>>> HOMEPAGE =  https://i2pd.website
>>> Index: pkg/PLIST
>>> ===
>>> RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
>>> diff -u -p -r1.12 PLIST --- pkg/PLIST   20 Dec 2023 22:19:44 -  
>>> 1.12 +++
>>> pkg/PLIST   24 Jan 2024 22:30:37 - @@ -237,3 +237,7 @@
>>> share/examples/i2pd/tunnels.conf @owner _i2pd
>>> @group _i2pd
>>> @sample ${SYSCONFDIR}/i2pd/tunnels.conf
>>> +@owner
>>> +@group
>>> +share/examples/login.conf.d/i2pd
>>> +@sample ${SYSCONFDIR}/login.conf.d/i2pd
>>> Index: pkg/README
>>> ===
>>> RCS file: /cvs/ports/net/i2pd/pkg/README,v
>>> diff -u -p -r1.3 README --- pkg/README  8 Nov 2022 12:41:42 -   
>>> 1.3 +++
>>> pkg/README  28 Jan 2024 19:51:52 - @@ -5,20 +5,7 @@
>>> Resource Limits: File Descriptors
>>> =
>>>
>>>
>>>
>>> -By default, the i2pd process runs in the login(1) class of "daemon".
>>> -The default limits on file descriptors are insufficient to run i2pd;
>>> instead you -should put the _i2pd user and process in their own login(1)
>>> class with tuned -resources. -You should also raise the system-wide
>>> maxfiles limit. +You should raise the system-wide maxfiles limit:
>>>
>>>
>>>
>>> -1. Configure i2pd login class in the login.conf(5) file:
>>> -
>>> -i2pd:\
>>> -:openfiles-cur=8192:\
>>> -:openfiles-max=8192:\
>>> -:tc=daemon:
>>> -
>>> -2. Adjust kern.maxfiles, if needed:
>>> -
>>> -   # sysctl kern.maxfiles=16000
>>> -   # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
>>> +   # sysctl kern.maxfiles=8192
>>> +   # echo "kern.maxfiles=8192" >> /etc/sysctl.conf
>>> Index: pkg/i2pd.login
>>> ===
>>> RCS file: pkg/i2pd.login
>>> diff -N pkg/i2pd.login --- /dev/null1 Jan 1970 00:00:00 - +++
>>> pkg/i2pd.login  28 Jan 2024 19:51:32 - @@ -0,0 +1,4 @@
>>> +i2pd:\
>>> +   :openfiles-cur=4096:\
>>> +   :openfiles-max=4096:\
>>> +   :tc=daemon:
>>>
>>>
>>>
>>>
>>
>>
>

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[Stuart Henderson]

On 2024/01/28 20:09, beecdadd...@danwin1210.de wrote:
> why are yo uignoring my reply? 4096 doesn't cover everyone like I said people
> can become floodfills automatically and floodfills means 8192

If 4096 is not enough and the software requires 8192 to work (which is
above the default sysctl limit) we'd better just leave it in the readme
and not add the login.conf.d file. Automating just half of it leaves
users in a worse position than doing nothing.

Really the software should not assume that it has unlimited resources,
and scale back when it runs into limits. But that seems a hard concept
for some programmers to understand.

> 
> On Sun, January 28, 2024 7:52 pm, Klemens Nanni wrote:
> > On Sun, Jan 28, 2024 at 06:15:52PM +, Stuart Henderson wrote:
> >
> >> On 2024/01/27 21:54, open...@systemfailure.net wrote:
> >>
> >>> According to i2pd's online documentation [1], the maximum number of open
> >>> file descriptors is 4096 for a regular node, and 8192 for a floodfill
> >>> [2].
> >>>
> >>>
> >>> I have never measured how many FDs i2pd is really using, but this
> >>> software for sure needs a lot of them.
> >>>
> >>> So I guess we can set 4096 as default value, and inform users in the
> >>> README file that this value should be raised to 8192 for floodfills.
> >>>
> >>
> >> 4096 doesn't seem too unreasonable, it's below default levels of
> >> kern.maxfiles, so if that's enough for the software I'd be happy with 
> >> setting
> >> that in a login.conf.d file.
> >
> > Thanks for all you feedback.
> > OK?
> >
> >
> >
> > Index: Makefile
> > ===
> > RCS file: /cvs/ports/net/i2pd/Makefile,v
> > diff -u -p -r1.22 Makefile --- Makefile 13 Jan 2024 16:21:39 -  
> > 1.22
> > +++ Makefile24 Jan 2024 22:21:26 -
> > @@ -3,6 +3,7 @@ COMMENT =   client for the I2P anonymous n
> > GH_ACCOUNT =PurpleI2P
> > GH_PROJECT =i2pd
> > GH_TAGNAME =2.50.2
> > +REVISION = 0
> >
> >
> > CATEGORIES =net
> > HOMEPAGE =  https://i2pd.website
> > Index: pkg/PLIST
> > ===
> > RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
> > diff -u -p -r1.12 PLIST --- pkg/PLIST   20 Dec 2023 22:19:44 -  
> > 1.12
> > +++ pkg/PLIST   24 Jan 2024 22:30:37 -
> > @@ -237,3 +237,7 @@ share/examples/i2pd/tunnels.conf
> > @owner _i2pd
> > @group _i2pd
> > @sample ${SYSCONFDIR}/i2pd/tunnels.conf
> > +@owner
> > +@group
> > +share/examples/login.conf.d/i2pd
> > +@sample ${SYSCONFDIR}/login.conf.d/i2pd
> > Index: pkg/README
> > ===
> > RCS file: /cvs/ports/net/i2pd/pkg/README,v
> > diff -u -p -r1.3 README --- pkg/README  8 Nov 2022 12:41:42 -   
> > 1.3
> > +++ pkg/README  28 Jan 2024 19:51:52 -
> > @@ -5,20 +5,7 @@
> > Resource Limits: File Descriptors
> > =
> >
> >
> > -By default, the i2pd process runs in the login(1) class of "daemon".
> > -The default limits on file descriptors are insufficient to run i2pd; 
> > instead
> > you -should put the _i2pd user and process in their own login(1) class with
> > tuned -resources.
> > -You should also raise the system-wide maxfiles limit.
> > +You should raise the system-wide maxfiles limit:
> >
> >
> > -1. Configure i2pd login class in the login.conf(5) file:
> > -
> > -i2pd:\
> > -:openfiles-cur=8192:\
> > -:openfiles-max=8192:\
> > -:tc=daemon:
> > -
> > -2. Adjust kern.maxfiles, if needed:
> > -
> > -   # sysctl kern.maxfiles=16000
> > -   # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
> > +   # sysctl kern.maxfiles=8192
> > +   # echo "kern.maxfiles=8192" >> /etc/sysctl.conf
> > Index: pkg/i2pd.login
> > ===
> > RCS file: pkg/i2pd.login
> > diff -N pkg/i2pd.login --- /dev/null1 Jan 1970 00:00:00 -
> > +++ pkg/i2pd.login  28 Jan 2024 19:51:32 -
> > @@ -0,0 +1,4 @@
> > +i2pd:\
> > +   :openfiles-cur=4096:\
> > +   :openfiles-max=4096:\
> > +   :tc=daemon:
> >
> >
> >
> 
> 

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[beecdaddict]

I took you for a serious man.. I guess I was wrong

On Sun, January 28, 2024 9:22 pm, Theo de Raadt wrote:
> there is another possibility is everyone is out to get you.
>
> beecdadd...@danwin1210.de wrote:
>
>> anyone who cares about it - is using i2pd, and those that don't should if
>> you understand me
>>
>> not everyone knows ins and outs of everything or have time, by enabling
>> their software to run at full potential should be priority
>>
>> unless there are some unknown to me consequences of high number of
>> openfiles? I tried searching online but found little, why does a limit
>> kern.maxfiles have to be manually set and how can someone even know the hard
>> true limit that wouldn't cause crashes (I assume that's what happens when
>> system runs out of file descriptors I read it)
>>
>> - best regards, didn't sleep who sleeps these days?
>>
>>
>> On Sun, January 28, 2024 8:21 pm, Theo de Raadt wrote:
>>
>>> beecdadd...@danwin1210.de wrote:
>>>
 why are yo uignoring my reply? 4096 doesn't cover everyone like I said
 people can become floodfills automatically and floodfills means 8192
>>>
>>> the 1 person who cares can change the default.
>>>
>>>
>>
>>
>
>

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[Theo de Raadt]

there is another possibility is everyone is out to get you.

beecdadd...@danwin1210.de wrote:

> anyone who cares about it - is using i2pd, and those that don't should if you
> understand me
> 
> not everyone knows ins and outs of everything or have time, by enabling their
> software to run at full potential should be priority
> 
> unless there are some unknown to me consequences of high number of openfiles?
> I tried searching online but found little, why does a limit kern.maxfiles have
> to be manually set and how can someone even know the hard true limit that
> wouldn't cause crashes (I assume that's what happens when system runs out of
> file descriptors I read it)
> 
> - best regards, didn't sleep who sleeps these days?
> 
> On Sun, January 28, 2024 8:21 pm, Theo de Raadt wrote:
> > beecdadd...@danwin1210.de wrote:
> >
> >> why are yo uignoring my reply? 4096 doesn't cover everyone like I said
> >> people can become floodfills automatically and floodfills means 8192
> >
> > the 1 person who cares can change the default.
> >
> >
> 
> 

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[beecdaddict]

anyone who cares about it - is using i2pd, and those that don't should if you
understand me

not everyone knows ins and outs of everything or have time, by enabling their
software to run at full potential should be priority

unless there are some unknown to me consequences of high number of openfiles?
I tried searching online but found little, why does a limit kern.maxfiles have
to be manually set and how can someone even know the hard true limit that
wouldn't cause crashes (I assume that's what happens when system runs out of
file descriptors I read it)

- best regards, didn't sleep who sleeps these days?

On Sun, January 28, 2024 8:21 pm, Theo de Raadt wrote:
> beecdadd...@danwin1210.de wrote:
>
>> why are yo uignoring my reply? 4096 doesn't cover everyone like I said
>> people can become floodfills automatically and floodfills means 8192
>
> the 1 person who cares can change the default.
>
>

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[Theo de Raadt]

beecdadd...@danwin1210.de wrote:

> why are yo uignoring my reply? 4096 doesn't cover everyone like I said people
> can become floodfills automatically and floodfills means 8192

the 1 person who cares can change the default.

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[beecdaddict]

why are yo uignoring my reply? 4096 doesn't cover everyone like I said people
can become floodfills automatically and floodfills means 8192


On Sun, January 28, 2024 7:52 pm, Klemens Nanni wrote:
> On Sun, Jan 28, 2024 at 06:15:52PM +, Stuart Henderson wrote:
>
>> On 2024/01/27 21:54, open...@systemfailure.net wrote:
>>
>>> According to i2pd's online documentation [1], the maximum number of open
>>> file descriptors is 4096 for a regular node, and 8192 for a floodfill
>>> [2].
>>>
>>>
>>> I have never measured how many FDs i2pd is really using, but this
>>> software for sure needs a lot of them.
>>>
>>> So I guess we can set 4096 as default value, and inform users in the
>>> README file that this value should be raised to 8192 for floodfills.
>>>
>>
>> 4096 doesn't seem too unreasonable, it's below default levels of
>> kern.maxfiles, so if that's enough for the software I'd be happy with setting
>> that in a login.conf.d file.
>
> Thanks for all you feedback.
> OK?
>
>
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/net/i2pd/Makefile,v
> diff -u -p -r1.22 Makefile --- Makefile   13 Jan 2024 16:21:39 -  
> 1.22
> +++ Makefile  24 Jan 2024 22:21:26 -
> @@ -3,6 +3,7 @@ COMMENT = client for the I2P anonymous n
> GH_ACCOUNT =  PurpleI2P
> GH_PROJECT =  i2pd
> GH_TAGNAME =  2.50.2
> +REVISION =   0
>
>
> CATEGORIES =  net
> HOMEPAGE =https://i2pd.website
> Index: pkg/PLIST
> ===
> RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
> diff -u -p -r1.12 PLIST --- pkg/PLIST 20 Dec 2023 22:19:44 -  1.12
> +++ pkg/PLIST 24 Jan 2024 22:30:37 -
> @@ -237,3 +237,7 @@ share/examples/i2pd/tunnels.conf
> @owner _i2pd
> @group _i2pd
> @sample ${SYSCONFDIR}/i2pd/tunnels.conf
> +@owner
> +@group
> +share/examples/login.conf.d/i2pd
> +@sample ${SYSCONFDIR}/login.conf.d/i2pd
> Index: pkg/README
> ===
> RCS file: /cvs/ports/net/i2pd/pkg/README,v
> diff -u -p -r1.3 README --- pkg/README8 Nov 2022 12:41:42 -   
> 1.3
> +++ pkg/README28 Jan 2024 19:51:52 -
> @@ -5,20 +5,7 @@
> Resource Limits: File Descriptors
> =
>
>
> -By default, the i2pd process runs in the login(1) class of "daemon".
> -The default limits on file descriptors are insufficient to run i2pd; instead
> you -should put the _i2pd user and process in their own login(1) class with
> tuned -resources.
> -You should also raise the system-wide maxfiles limit.
> +You should raise the system-wide maxfiles limit:
>
>
> -1. Configure i2pd login class in the login.conf(5) file:
> -
> -i2pd:\
> -:openfiles-cur=8192:\
> -:openfiles-max=8192:\
> -:tc=daemon:
> -
> -2. Adjust kern.maxfiles, if needed:
> -
> - # sysctl kern.maxfiles=16000
> - # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
> + # sysctl kern.maxfiles=8192
> + # echo "kern.maxfiles=8192" >> /etc/sysctl.conf
> Index: pkg/i2pd.login
> ===
> RCS file: pkg/i2pd.login
> diff -N pkg/i2pd.login --- /dev/null  1 Jan 1970 00:00:00 -
> +++ pkg/i2pd.login28 Jan 2024 19:51:32 -
> @@ -0,0 +1,4 @@
> +i2pd:\
> + :openfiles-cur=4096:\
> + :openfiles-max=4096:\
> + :tc=daemon:
>
>
>

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[Klemens Nanni]

On Sun, Jan 28, 2024 at 06:15:52PM +, Stuart Henderson wrote:
> On 2024/01/27 21:54, open...@systemfailure.net wrote:
> > According to i2pd's online documentation [1], the maximum number of open 
> > file descriptors is 4096 for a regular node, and 8192 for a floodfill [2].
> > 
> > I have never measured how many FDs i2pd is really using, but this software 
> > for sure needs a lot of them.
> > 
> > So I guess we can set 4096 as default value, and inform users in the README 
> > file that this value should be raised to 8192 for floodfills.
> 
> 4096 doesn't seem too unreasonable, it's below default levels of
> kern.maxfiles, so if that's enough for the software I'd be happy with
> setting that in a login.conf.d file.

Thanks for all you feedback.
OK?


Index: Makefile
===
RCS file: /cvs/ports/net/i2pd/Makefile,v
diff -u -p -r1.22 Makefile
--- Makefile13 Jan 2024 16:21:39 -  1.22
+++ Makefile24 Jan 2024 22:21:26 -
@@ -3,6 +3,7 @@ COMMENT =   client for the I2P anonymous n
 GH_ACCOUNT =   PurpleI2P
 GH_PROJECT =   i2pd
 GH_TAGNAME =   2.50.2
+REVISION = 0
 
 CATEGORIES =   net
 HOMEPAGE = https://i2pd.website
Index: pkg/PLIST
===
RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
diff -u -p -r1.12 PLIST
--- pkg/PLIST   20 Dec 2023 22:19:44 -  1.12
+++ pkg/PLIST   24 Jan 2024 22:30:37 -
@@ -237,3 +237,7 @@ share/examples/i2pd/tunnels.conf
 @owner _i2pd
 @group _i2pd
 @sample ${SYSCONFDIR}/i2pd/tunnels.conf
+@owner
+@group
+share/examples/login.conf.d/i2pd
+@sample ${SYSCONFDIR}/login.conf.d/i2pd
Index: pkg/README
===
RCS file: /cvs/ports/net/i2pd/pkg/README,v
diff -u -p -r1.3 README
--- pkg/README  8 Nov 2022 12:41:42 -   1.3
+++ pkg/README  28 Jan 2024 19:51:52 -
@@ -5,20 +5,7 @@
 Resource Limits: File Descriptors
 =
 
-By default, the i2pd process runs in the login(1) class of "daemon".
-The default limits on file descriptors are insufficient to run i2pd; instead 
you
-should put the _i2pd user and process in their own login(1) class with tuned
-resources.
-You should also raise the system-wide maxfiles limit.
+You should raise the system-wide maxfiles limit:
 
-1. Configure i2pd login class in the login.conf(5) file:
-
-i2pd:\
-:openfiles-cur=8192:\
-:openfiles-max=8192:\
-:tc=daemon:
-
-2. Adjust kern.maxfiles, if needed:
-
-   # sysctl kern.maxfiles=16000
-   # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
+   # sysctl kern.maxfiles=8192
+   # echo "kern.maxfiles=8192" >> /etc/sysctl.conf
Index: pkg/i2pd.login
===
RCS file: pkg/i2pd.login
diff -N pkg/i2pd.login
--- /dev/null   1 Jan 1970 00:00:00 -
+++ pkg/i2pd.login  28 Jan 2024 19:51:32 -
@@ -0,0 +1,4 @@
+i2pd:\
+   :openfiles-cur=4096:\
+   :openfiles-max=4096:\
+   :tc=daemon:

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[beecdaddict]

can we stop thinking of 4096 because i2pd software routers can automatically
become floodfilles so is 8192 at lowest, this is future-proof

and other replies I sent should indicate possibly much more, no one answered
yet, I do not understand OpenBSD well but something tells me each record of a
i2pd software router has it's own file descriptor, I did some programming in
past so this makes sense to me am I wrong?

On Sun, January 28, 2024 6:15 pm, Stuart Henderson wrote:
> On 2024/01/27 21:54, open...@systemfailure.net wrote:
>
>> According to i2pd's online documentation [1], the maximum number of open
>> file descriptors is 4096 for a regular node, and 8192 for a floodfill [2].
>>
>> I have never measured how many FDs i2pd is really using, but this software
>> for sure needs a lot of them.
>>
>> So I guess we can set 4096 as default value, and inform users in the README
>> file that this value should be raised to 8192 for floodfills.
>
> 4096 doesn't seem too unreasonable, it's below default levels of
> kern.maxfiles, so if that's enough for the software I'd be happy with setting
> that in a login.conf.d file.
>
>

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[Stuart Henderson]

On 2024/01/27 21:54, open...@systemfailure.net wrote:
> According to i2pd's online documentation [1], the maximum number of open file 
> descriptors is 4096 for a regular node, and 8192 for a floodfill [2].
> 
> I have never measured how many FDs i2pd is really using, but this software 
> for sure needs a lot of them.
> 
> So I guess we can set 4096 as default value, and inform users in the README 
> file that this value should be raised to 8192 for floodfills.

4096 doesn't seem too unreasonable, it's below default levels of
kern.maxfiles, so if that's enough for the software I'd be happy with
setting that in a login.conf.d file.

Re: [Fwd: Re: net/i2pd: move login.conf(5) bits from README to i2pd.login]

[beecdaddict]

and that doesn't cover routers crashing/rebooting?
is there anything to be done about that?
router als ocrashes with high normal clernet traffic torrenting..
a little off topic so sorry, perhaps router ran out of file descriptors xd

On Sat, January 27, 2024 10:34 pm, open...@systemfailure.net wrote:
> i2pd has always been working fine for me with the port's default values of
> openfiles-cur=8192, openfiles-max=8192 and kern.maxfiles=16000. These values
> are probably even overkill according to i2pd's documentation.
>
> But I'm not using it for torrenting, and my router is not a floodfill. I
> guess that torrenting may exhaust available file descriptors pretty quickly.
>
> My 2 cents.
>
>
>
> On 2024-01-27 19:29 beecdadd...@danwin1210.de wrote:
>
>> -- Original Message
>> --------------
>> Subject: Re: net/i2pd: move login.conf(5) bits from README to i2pd.login
>> From:beecdadd...@danwin1210.de
>> Date:Sat, January 27, 2024 7:16 pm
>> To:  "Stuart Henderson" 
>> 
>> --
>>
>>
>
>> this software crashes all lower-bandwidth routers I tried using it on. my
>> computer crashed a few times, but probably not because of what you said.. I
>>  did have kern.maxfiles set to 65565 or something like that, which probably
>> was able to cause the crash.. so I ask how can someone check how many
>> openfiles are supported? What depends on how many you can have?
>>
>
>> i2pd is something similar to torrenting, but anonymous meaning it protects
>> us from anyone including abusive governments and people you make connection
>> to routers(other peers runing I2P software like i2pd) and do it so many
>> times how many connections you make depends on how many tunnels you allow
>> (default
>> 5000) and probably speed bandwidth
>>
>>
>
>> It can use as much as someone allows it.. which be tricky on openbsd
>> because user has to set openfiles, cannot be flexible at runtime. and no idea
>> what counts as openfile in i2pd, tunnels? routers maybe, too? so by default
>> if tunnels 5000 unchange from i2pd.conf, could up to 15k openfiles, who
>> knows?  But default speed is I think 32 KB/sec, which is very low, so almost
>> everyone increases it.
>>
>
>> would love to know how to find out what best number your computer can
>> handle openfiles, what about shminfo? maxproc? maxvnodes? somaxconn?
>>
>
>> how can find out max connections my router can handle? maybe router
>> overheat? he does same with qbittorrent, internet connection goes goodbye
>>
>
>> i2pd very very good project, worked on by Russians, they have no freedom of
>>  speech
>>
>
>> I updated to -current and I still have to set /etc/login.conf.d/i2pd
>> manually, otherwise I2Pd status is "no descriptors"
>>
>
>> so yes 8192 seems low, not excessive, is similar to running webserver maybe
>>
>>
>
>> and if OpenBSD crashes because of whoops no openfiles to give, CRASH, that
>> is bad need fix
>>
>
>> hope this helps, thanks for maintenance.

[ REDACTED ]

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[beecdaddict]

still no idea how can someone connect to +10k routers.. isn't every router a
connection in need of a file-descriptor?
I understand you see documentation, but how does one logic here?

On Sat, January 27, 2024 9:54 pm, open...@systemfailure.net wrote:
> According to i2pd's online documentation [1], the maximum number of open file
> descriptors is 4096 for a regular node, and 8192 for a floodfill [2].
>
> I have never measured how many FDs i2pd is really using, but this software
> for sure needs a lot of them.
>
> So I guess we can set 4096 as default value, and inform users in the README
> file that this value should be raised to 8192 for floodfills.
>
> Apart from that, Klemens' idea of moving the login class definition to
> /etc/login.conf.d/i2pd seems right to me. In fact, I'm doing just that in an
> ansible role I maintain [3] - and never thought of achieving that at the port
> level. I tried the patch and it applies cleanly.
>
> [1]
> https://i2pd.readthedocs.io/en/latest/user-guide/FAQ/#help-i2pd-is-not-workin
> g-what-do-i-do
>
> [2] A floodfill is a special type of router (i2pd instance) which builds a
> lot of tunnels to distribute the I2P network database:
> https://geti2p.net/en/docs/how/network-database
>
>
> [3] https://codeberg.org/systemfailure.net/ansible_i2pd
>
>
>
>
> On 2024/01/25 08:05, Stuart Henderson wrote:
>
>>
>
>> On 2024/01/24 23:06, Klemens Nanni wrote:
>>
>>> Manual instructions are from 2020, we gained /etc/login.d/* support
>>> in 2022, so automate it.
>>
>
>> Comsidering that the default kern.maxfiles limit on amd64 is 7030,
>> bumping maxfiles in login.conf to 8192 without making the sysctl change means
>> that i2pd can consume all FDs in the system.
>>
>
>> I think it would be better for the login.conf.d file to stick something
>> lower if possible. 8192 seems a bit excessive. Is there someone using this
>> software who can confirm how many FDs it *really* is likely to use?
>>
>
>> If it really needs this many, perhaps it's better not to automate either
>> setting, at least then users who bump into the limits will only have problems
>> with i2pd not the rest of the system.
>>
>
>>> diff -u -p -r1.3 README --- pkg/README  8 Nov 2022 12:41:42 -   
>>> 1.3
>>> +++ pkg/README  24 Jan 2024 22:24:29 -
>>> @@ -5,20 +5,7 @@
>>> Resource Limits: File Descriptors
>>> =
>>>
>>>
>
>>> -By default, the i2pd process runs in the login(1) class of "daemon".
>>> -The default limits on file descriptors are insufficient to run i2pd;
>>> instead you -should put the _i2pd user and process in their own login(1)
>>> class with tuned -resources.
>>> -You should also raise the system-wide maxfiles limit.
>>> -
>>> -1. Configure i2pd login class in the login.conf(5) file:
>>> -
>>> -i2pd:\
>>> -:openfiles-cur=8192:\
>>> -:openfiles-max=8192:\
>>> -:tc=daemon:
>>> -
>>> -2. Adjust kern.maxfiles, if needed:
>>> +You should raise the system-wide maxfiles limit:
>>>
>>>
>
>>> # sysctl kern.maxfiles=16000
>>> # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
>>> Index: pkg/i2pd.login
>>> ===
>>> RCS file: pkg/i2pd.login
>>> diff -N pkg/i2pd.login --- /dev/null1 Jan 1970 00:00:00 -
>>> +++ pkg/i2pd.login  24 Jan 2024 22:23:46 -
>>> @@ -0,0 +1,4 @@
>>> +i2pd:\
>>> +   :openfiles-cur=8192:\
>>> +   :openfiles-max=8192:\
>>> +   :tc=daemon:
>>>
>>>
>
>

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[openbsd]

According to i2pd's online documentation [1], the maximum number of open file 
descriptors is 4096 for a regular node, and 8192 for a floodfill [2].

I have never measured how many FDs i2pd is really using, but this software for 
sure needs a lot of them.

So I guess we can set 4096 as default value, and inform users in the README 
file that this value should be raised to 8192 for floodfills.

Apart from that, Klemens' idea of moving the login class definition to 
/etc/login.conf.d/i2pd seems right to me. In fact, I'm doing just that in an 
ansible role I maintain [3] - and never thought of achieving that at the port 
level. I tried the patch and it applies cleanly.

[1] 
https://i2pd.readthedocs.io/en/latest/user-guide/FAQ/#help-i2pd-is-not-working-what-do-i-do

[2] A floodfill is a special type of router (i2pd instance) which builds a lot 
of tunnels to distribute the I2P network database: 
https://geti2p.net/en/docs/how/network-database

[3] https://codeberg.org/systemfailure.net/ansible_i2pd
 


On 2024/01/25 08:05, Stuart Henderson wrote:
> 

> On 2024/01/24 23:06, Klemens Nanni wrote:
> > Manual instructions are from 2020, we gained /etc/login.d/* support
> > in 2022, so automate it.
> 

> Comsidering that the default kern.maxfiles limit on amd64 is 7030,
> bumping maxfiles in login.conf to 8192 without making the sysctl
> change means that i2pd can consume all FDs in the system.
> 

> I think it would be better for the login.conf.d file to stick something
> lower if possible. 8192 seems a bit excessive. Is there someone using
> this software who can confirm how many FDs it *really* is likely to use?
> 

> If it really needs this many, perhaps it's better not to automate either
> setting, at least then users who bump into the limits will only have
> problems with i2pd not the rest of the system.
> 

> > diff -u -p -r1.3 README
> > --- pkg/README  8 Nov 2022 12:41:42 -   1.3
> > +++ pkg/README  24 Jan 2024 22:24:29 -
> > @@ -5,20 +5,7 @@
> >  Resource Limits: File Descriptors
> >  =
> >  

> > -By default, the i2pd process runs in the login(1) class of "daemon".
> > -The default limits on file descriptors are insufficient to run i2pd; 
> > instead you
> > -should put the _i2pd user and process in their own login(1) class with 
> > tuned
> > -resources.
> > -You should also raise the system-wide maxfiles limit.
> > -
> > -1. Configure i2pd login class in the login.conf(5) file:
> > -
> > -i2pd:\
> > -:openfiles-cur=8192:\
> > -:openfiles-max=8192:\
> > -:tc=daemon:
> > -
> > -2. Adjust kern.maxfiles, if needed:
> > +You should raise the system-wide maxfiles limit:
> >  

> > # sysctl kern.maxfiles=16000
> > # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
> > Index: pkg/i2pd.login
> > ===
> > RCS file: pkg/i2pd.login
> > diff -N pkg/i2pd.login
> > --- /dev/null   1 Jan 1970 00:00:00 -
> > +++ pkg/i2pd.login  24 Jan 2024 22:23:46 -
> > @@ -0,0 +1,4 @@
> > +i2pd:\
> > +   :openfiles-cur=8192:\
> > +   :openfiles-max=8192:\
> > +   :tc=daemon:
> > 

[Fwd: Re: net/i2pd: move login.conf(5) bits from README to i2pd.login]

[openbsd]

i2pd has always been working fine for me with the port's default values of 
openfiles-cur=8192, openfiles-max=8192 and kern.maxfiles=16000. These values 
are probably even overkill according to i2pd's documentation.

But I'm not using it for torrenting, and my router is not a floodfill. I guess 
that torrenting may exhaust available file descriptors pretty quickly.

My 2 cents.


On 2024-01-27 19:29 beecdadd...@danwin1210.de wrote:
> -- Original Message --
> Subject: Re: net/i2pd: move login.conf(5) bits from README to i2pd.login
> From:beecdadd...@danwin1210.de
> Date:Sat, January 27, 2024 7:16 pm
> To:  "Stuart Henderson" 
> --
> 

> this software crashes all lower-bandwidth routers I tried using it on.
> my computer crashed a few times, but probably not because of what you said.. I
> did have kern.maxfiles set to 65565 or something like that, which probably was
> able to cause the crash..
> so I ask how can someone check how many openfiles are supported? What depends
> on how many you can have?
> 

> i2pd is something similar to torrenting, but anonymous meaning it protects us
> from anyone including abusive governments and people
> you make connection to routers(other peers runing I2P software like i2pd) and
> do it so many times
> how many connections you make depends on how many tunnels you allow (default
> 5000) and probably speed bandwidth
> 

> It can use as much as someone allows it.. which be tricky on openbsd because
> user has to set openfiles, cannot be flexible at runtime.
> and no idea what counts as openfile in i2pd, tunnels? routers maybe, too? so
> by default if tunnels 5000 unchange from i2pd.conf, could up to 15k openfiles,
> who knows?  But default speed is I think 32 KB/sec, which is very low, so
> almost everyone increases it.
> 

> would love to know how to find out what best number your computer can handle
> openfiles, what about shminfo? maxproc? maxvnodes? somaxconn?
> 

> how can find out max connections my router can handle? maybe router overheat?
> he does same with qbittorrent, internet connection goes goodbye
> 

> i2pd very very good project, worked on by Russians, they have no freedom of
> speech
> 

> I updated to -current and I still have to set /etc/login.conf.d/i2pd manually,
> otherwise I2Pd status is "no descriptors"
> 

> so yes 8192 seems low, not excessive, is similar to running webserver maybe
> 

> and if OpenBSD crashes because of whoops no openfiles to give, CRASH, that is
> bad need fix
> 

> hope this helps, thanks for maintance
> 

> 

>On Thu, January 25, 2024 8:05 am, Stuart Henderson wrote:
>> On 2024/01/24 23:06, Klemens Nanni wrote:
>>
>>> Manual instructions are from 2020, we gained /etc/login.d/* support
>>> in 2022, so automate it.
>>
>> Comsidering that the default kern.maxfiles limit on amd64 is 7030,
>> bumping maxfiles in login.conf to 8192 without making the sysctl change means
>> that i2pd can consume all FDs in the system.
>>
>> I think it would be better for the login.conf.d file to stick something
>> lower if possible. 8192 seems a bit excessive. Is there someone using this
>> software who can confirm how many FDs it *really* is likely to use?
>>
>> If it really needs this many, perhaps it's better not to automate either
>> setting, at least then users who bump into the limits will only have problems
>> with i2pd not the rest of the system.
>>
>>> diff -u -p -r1.3 README --- pkg/README  8 Nov 2022 12:41:42 -   
>>> 1.3
>>> +++ pkg/README  24 Jan 2024 22:24:29 -
>>> @@ -5,20 +5,7 @@
>>> Resource Limits: File Descriptors
>>> =
>>>
>>>
>>> -By default, the i2pd process runs in the login(1) class of "daemon".
>>> -The default limits on file descriptors are insufficient to run i2pd;
>>> instead you -should put the _i2pd user and process in their own login(1)
>>> class with tuned -resources.
>>> -You should also raise the system-wide maxfiles limit.
>>> -
>>> -1. Configure i2pd login class in the login.conf(5) file:
>>> -
>>> -i2pd:\
>>> -:openfiles-cur=8192:\
>>> -:openfiles-max=8192:\
>>> -:tc=daemon:
>>> -
>>> -2. Adjust kern.maxfiles, if needed:
>>> +You should raise the system-wide maxfiles limit:
>>>
>>>
>>> # sysctl kern.maxfiles=16000
>>> # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
>>> Index: pkg/i2pd.login
>>> ===
>>> RCS file: pkg/i2pd.login
>>> diff -N pkg/i2pd.login --- /dev/null1 Jan 1970 00:00:00 -
>>> +++ pkg/i2pd.login  24 Jan 2024 22:23:46 -
>>> @@ -0,0 +1,4 @@
>>> +i2pd:\
>>> +   :openfiles-cur=8192:\
>>> +   :openfiles-max=8192:\
>>> +   :tc=daemon:
>>>
>>>
>>
>>

[Fwd: Re: net/i2pd: move login.conf(5) bits from README to i2pd.login]

[beecdaddict]

-- Original Message --
Subject: Re: net/i2pd: move login.conf(5) bits from README to i2pd.login
From:beecdadd...@danwin1210.de
Date:Sat, January 27, 2024 7:16 pm
To:  "Stuart Henderson" 
--

this software crashes all lower-bandwidth routers I tried using it on.
my computer crashed a few times, but probably not because of what you said.. I
did have kern.maxfiles set to 65565 or something like that, which probably was
able to cause the crash..
so I ask how can someone check how many openfiles are supported? What depends
on how many you can have?

i2pd is something similar to torrenting, but anonymous meaning it protects us
from anyone including abusive governments and people
you make connection to routers(other peers runing I2P software like i2pd) and
do it so many times
how many connections you make depends on how many tunnels you allow (default
5000) and probably speed bandwidth

It can use as much as someone allows it.. which be tricky on openbsd because
user has to set openfiles, cannot be flexible at runtime.
and no idea what counts as openfile in i2pd, tunnels? routers maybe, too? so
by default if tunnels 5000 unchange from i2pd.conf, could up to 15k openfiles,
who knows?  But default speed is I think 32 KB/sec, which is very low, so
almost everyone increases it.

would love to know how to find out what best number your computer can handle
openfiles, what about shminfo? maxproc? maxvnodes? somaxconn?

how can find out max connections my router can handle? maybe router overheat?
he does same with qbittorrent, internet connection goes goodbye

i2pd very very good project, worked on by Russians, they have no freedom of
speech

I updated to -current and I still have to set /etc/login.conf.d/i2pd manually,
otherwise I2Pd status is "no descriptors"

so yes 8192 seems low, not excessive, is similar to running webserver maybe

and if OpenBSD crashes because of whoops no openfiles to give, CRASH, that is
bad need fix

hope this helps, thanks for maintance


On Thu, January 25, 2024 8:05 am, Stuart Henderson wrote:
> On 2024/01/24 23:06, Klemens Nanni wrote:
>
>> Manual instructions are from 2020, we gained /etc/login.d/* support
>> in 2022, so automate it.
>
> Comsidering that the default kern.maxfiles limit on amd64 is 7030,
> bumping maxfiles in login.conf to 8192 without making the sysctl change means
> that i2pd can consume all FDs in the system.
>
> I think it would be better for the login.conf.d file to stick something
> lower if possible. 8192 seems a bit excessive. Is there someone using this
> software who can confirm how many FDs it *really* is likely to use?
>
> If it really needs this many, perhaps it's better not to automate either
> setting, at least then users who bump into the limits will only have problems
> with i2pd not the rest of the system.
>
>> diff -u -p -r1.3 README --- pkg/README   8 Nov 2022 12:41:42 -   
>> 1.3
>> +++ pkg/README   24 Jan 2024 22:24:29 -
>> @@ -5,20 +5,7 @@
>> Resource Limits: File Descriptors
>> =
>>
>>
>> -By default, the i2pd process runs in the login(1) class of "daemon".
>> -The default limits on file descriptors are insufficient to run i2pd;
>> instead you -should put the _i2pd user and process in their own login(1)
>> class with tuned -resources.
>> -You should also raise the system-wide maxfiles limit.
>> -
>> -1. Configure i2pd login class in the login.conf(5) file:
>> -
>> -i2pd:\
>> -:openfiles-cur=8192:\
>> -:openfiles-max=8192:\
>> -:tc=daemon:
>> -
>> -2. Adjust kern.maxfiles, if needed:
>> +You should raise the system-wide maxfiles limit:
>>
>>
>> # sysctl kern.maxfiles=16000
>> # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
>> Index: pkg/i2pd.login
>> ===
>> RCS file: pkg/i2pd.login
>> diff -N pkg/i2pd.login --- /dev/null 1 Jan 1970 00:00:00 -
>> +++ pkg/i2pd.login   24 Jan 2024 22:23:46 -
>> @@ -0,0 +1,4 @@
>> +i2pd:\
>> +:openfiles-cur=8192:\
>> +:openfiles-max=8192:\
>> +:tc=daemon:
>>
>>
>
>

Re: net/i2pd: move login.conf(5) bits from README to i2pd.login

[Stuart Henderson]

On 2024/01/24 23:06, Klemens Nanni wrote:
> Manual instructions are from 2020, we gained /etc/login.d/* support
> in 2022, so automate it.

Comsidering that the default kern.maxfiles limit on amd64 is 7030,
bumping maxfiles in login.conf to 8192 without making the sysctl
change means that i2pd can consume all FDs in the system.

I think it would be better for the login.conf.d file to stick something
lower if possible. 8192 seems a bit excessive. Is there someone using
this software who can confirm how many FDs it *really* is likely to use?

If it really needs this many, perhaps it's better not to automate either
setting, at least then users who bump into the limits will only have
problems with i2pd not the rest of the system.

> diff -u -p -r1.3 README
> --- pkg/README8 Nov 2022 12:41:42 -   1.3
> +++ pkg/README24 Jan 2024 22:24:29 -
> @@ -5,20 +5,7 @@
>  Resource Limits: File Descriptors
>  =
>  
> -By default, the i2pd process runs in the login(1) class of "daemon".
> -The default limits on file descriptors are insufficient to run i2pd; instead 
> you
> -should put the _i2pd user and process in their own login(1) class with tuned
> -resources.
> -You should also raise the system-wide maxfiles limit.
> -
> -1. Configure i2pd login class in the login.conf(5) file:
> -
> -i2pd:\
> -:openfiles-cur=8192:\
> -:openfiles-max=8192:\
> -:tc=daemon:
> -
> -2. Adjust kern.maxfiles, if needed:
> +You should raise the system-wide maxfiles limit:
>  
>   # sysctl kern.maxfiles=16000
>   # echo "kern.maxfiles=16000" >> /etc/sysctl.conf
> Index: pkg/i2pd.login
> ===
> RCS file: pkg/i2pd.login
> diff -N pkg/i2pd.login
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ pkg/i2pd.login24 Jan 2024 22:23:46 -
> @@ -0,0 +1,4 @@
> +i2pd:\
> + :openfiles-cur=8192:\
> + :openfiles-max=8192:\
> + :tc=daemon:
> 

net/i2pd: move login.conf(5) bits from README to i2pd.login

[Klemens Nanni]

Manual instructions are from 2020, we gained /etc/login.d/* support
in 2022, so automate it.

(I have no idea if/how i2pd actually works.)

Feedback? OK?

Index: Makefile
===
RCS file: /cvs/ports/net/i2pd/Makefile,v
diff -u -p -r1.22 Makefile
--- Makefile13 Jan 2024 16:21:39 -  1.22
+++ Makefile24 Jan 2024 22:21:26 -
@@ -3,6 +3,7 @@ COMMENT =   client for the I2P anonymous n
 GH_ACCOUNT =   PurpleI2P
 GH_PROJECT =   i2pd
 GH_TAGNAME =   2.50.2
+REVISION = 0
 
 CATEGORIES =   net
 HOMEPAGE = https://i2pd.website
Index: pkg/PLIST
===
RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
diff -u -p -r1.12 PLIST
--- pkg/PLIST   20 Dec 2023 22:19:44 -  1.12
+++ pkg/PLIST   24 Jan 2024 22:30:37 -
@@ -237,3 +237,7 @@ share/examples/i2pd/tunnels.conf
 @owner _i2pd
 @group _i2pd
 @sample ${SYSCONFDIR}/i2pd/tunnels.conf
+@owner
+@group
+share/examples/login.conf.d/i2pd
+@sample ${SYSCONFDIR}/login.conf.d/i2pd
Index: pkg/README
===
RCS file: /cvs/ports/net/i2pd/pkg/README,v
diff -u -p -r1.3 README
--- pkg/README  8 Nov 2022 12:41:42 -   1.3
+++ pkg/README  24 Jan 2024 22:24:29 -
@@ -5,20 +5,7 @@
 Resource Limits: File Descriptors
 =
 
-By default, the i2pd process runs in the login(1) class of "daemon".
-The default limits on file descriptors are insufficient to run i2pd; instead 
you
-should put the _i2pd user and process in their own login(1) class with tuned
-resources.
-You should also raise the system-wide maxfiles limit.
-
-1. Configure i2pd login class in the login.conf(5) file:
-
-i2pd:\
-:openfiles-cur=8192:\
-:openfiles-max=8192:\
-:tc=daemon:
-
-2. Adjust kern.maxfiles, if needed:
+You should raise the system-wide maxfiles limit:
 
# sysctl kern.maxfiles=16000
# echo "kern.maxfiles=16000" >> /etc/sysctl.conf
Index: pkg/i2pd.login
===
RCS file: pkg/i2pd.login
diff -N pkg/i2pd.login
--- /dev/null   1 Jan 1970 00:00:00 -
+++ pkg/i2pd.login  24 Jan 2024 22:23:46 -
@@ -0,0 +1,4 @@
+i2pd:\
+   :openfiles-cur=8192:\
+   :openfiles-max=8192:\
+   :tc=daemon: