Skip to content

Tor eats all mbufs on FreeBSD

I'm running tor relay on FreeBSD 11.1, and not long ago the system started to occasionally stop responding to the network with

kernel: [zone: mbuf_cluster] kern.ipc.nmbclusters limit reached

accompanied with

kernel: sonewconn: pcb 0xfffff80003c61570: Listen queue overflow: 193 already in queue awaiting acceptance (211 occurrences)

messages in the logs.

It first happened on Dec 13 and repeated 3 times, the approximate lifetime of the relay is ~1 day.

Seems like a DOS attack which makes tor open a lot of connections and eat all the mbuf space. I don't see any peaks on trafic or pps graphs though, and there are no messages in tor log.

I'm currently trying to gather more information.

Trac:
Username: AMDmi3

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information