Well, since changing the setting from 2048 to 200,000, my exit is still running fine, and I'm not seeing a drastic increase in RAM usage.
You said each orphan can use up to 64K of memory. Maybe "up to" is the magic phrase? On Aug 5, 2016 10:42 AM, "Christian Pietsch" < christian.piet...@digitalcourage.de> wrote: > The exit relay we (Digitalcourage) run gets this warning a lot, but it > started only recently. I guess it is related to the DDoS attacks (syn > flood) we get lately. > > Debian seems to set /proc/sys/net/ipv4/tcp_max_orphans automatically so > that up to a quarter of the installed amount of RAM is used for this. > (“Let me remind you again: each orphan eats up to 64K of unswappable > memory” – https://serverfault.com/questions/624911/what-does- > tcp-too-many-orphaned-sockets-mean) > > So 262,144 value in Torservers' config will eat up to 16 GiB. I am not > sure if overriding Debian's setting is a good idea. Any advice? Is this > warning more than an annoyance? > > Cheers, > Christian > > > On Mon, Aug 01, 2016 at 09:12:12PM -0500, Tristan wrote: > > My default setting was 2048. I changed it to 200,000 for now. I haven't > > really played with sysctl at all. The only change I've ever made in there > > was for swappiness. > > > > On Mon, Aug 1, 2016 at 8:04 PM, Green Dream <greendream...@gmail.com> > wrote: > > > > > It's related to /proc/sys/net/ipv4/tcp_max_orphans > > > > > > "Maximal number of TCP sockets not attached to any user file handle, > held > > > by system. If this number is exceeded orphaned connections are reset > > > immediately and warning is printed." > > > > > > So, I'd start by checking the value of tcp_max_orphans (with "cat > > > /proc/sys/net/ipv4/tcp_max_orphans"). The widely distributed > sysctl.conf > > > tweaks for Linux relays suggests a value of 262144. I think the > default in > > > many distros may be 4096, perhaps too low for an Exit. > > > > > > Some references: > > > > > > > > > https://serverfault.com/questions/624911/what-does- > tcp-too-many-orphaned-sockets-mean > > > > > > https://raw.githubusercontent.com/torservers/server-config- > templates/master/sysctl.conf > > > > > > If you need help making the sysctl tweaks let me know. > > > > > > > > > _______________________________________________ > > > tor-relays mailing list > > > tor-relays@lists.torproject.org > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > > > > > > > > > > -- > Digitalcourage e.V., Marktstr. 18, D-33602 Bielefeld, Germany > Tel: +49-521-1639 1639 | Fax: +49-521-61172 | m...@digitalcourage.de > https://digitalcourage.de | https://bigbrotherawards.de > > Vorratsdatenspeicherung? Nicht schon wieder! Unterstützen Sie > unsere Verfassungsbeschwerde: https://digitalcourage.de/weg-mit-vds > > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays