[Tor-BSD] kernel: ... was killed: out of swap space

Felix zwiebel at quantentunnel.de
Mon Feb 19 15:21:20 EST 2018


Hi

>> Running some small Tor 0.3.1.9 exits on FreeBSD brings me problems
>> like these:
>>
>> Feb 18 16:16:07  kernel: [81279] pid 81691 (tor), uid 256, was
>> killed: out of swap space Feb 18 16:16:51  kernel: [81323] pid 3994
>> (tor), uid 256, was killed: out of swap space
>>
>> or
>>
>> Feb 14 17:51:46 kernel: [1129047] [zone: mbuf_cluster]
>> kern.ipc.nmbclusters limit reached.

>> provide me an idea or small script that would check for parameters
>> like these above and restart tor or reboot the system in a timely
>> manner?

You can put a script around
# netstat -m | grep "mbuf clusters in use"
and compare between the current and max values, not per tor instance but
on server level. But if the case is triggered the current value rises
within minutes. This is hard to handle.


> Restarting Tor is simple enough, but doesn't solve the issue.

If the buffers are exhausted sometimes one can't ssh the server. Then a
reboot by web interface is necessary.


> You *could* increase swap or kern.ipc.nmbclusters, which you can see the
> current setting with:
>
> $ sysctl kern.ip.nmbclusters

> I can say that the current security/tor-devel (0.3.3.2) does deal with
> it

Right, the dos mitigation helps best.

imho -on
My observation is in case of strong use (dos) the cpu(s) can't handle
the transport from tcp to application (tor). The tcp input buffers
(mbuf) fill up. Tuning is not easy so better mitigate it.
I looked into this by
# netstat -n | grep -v "tcp4       0      0" | grep tcp4
and see the non empty tcp input and output situation. Once the mbufs
fill up the input buffers are full and the output buffers are mostly empty.
imho -off

-- 
Cheers, Felix



More information about the Tor-BSD mailing list