On September 17, 2014 4:08:48 PM CEST, Kaya Saman <kayasa...@gmail.com> wrote: >Ok, so this is just a quick follow up. > >Squid started dying too, checking the logs showed "not enough file >descriptors". > >After looking at both /etc/login.conf "openfiles-cur" and the sysctl >kern.maxfiles limits which were set extremely high to begin with.... >turns out that the: > >ulimit -n > >was only showing as 64. > >Changing that over to a value of 10000 (overkill but better safe then
For some definition of safe. The limits exists for a reason. ;-) But sure, one size does not fit all. >sorry), Dansguardian managed to start and now both DG and Squid seem to > >be online and stable! > >I wonder if it has something to do with the: > >openfiles parameter in /etc/login.conf? > > >A response by Philip suggests this: > >http://openbsd.7691.n7.nabble.com/setting-resource-limits-login-conf-and-ulimit-td223656.html > > >Just a quick observation, not sure if by design or other but ulimit >doesn't seem to have a man page? > >man ulimit >man: no entry for ulimit in the manual. > >man ulimit >man: no entry for ulimit in the manual. > >Though I did find a copy here: > >http://ss64.com/bash/ulimit.html Hint is in the url: "bash". ulimit is a shell command, not a binary. man $SHELL /Alexander > >:-) > > >So thanks Philip, looks like you saved my day twice! > > >Regards, > > >Kaya > >On 09/17/2014 03:55 AM, Philip Guenther wrote: >> On Tue, Sep 16, 2014 at 4:27 PM, Kaya Saman <kayasa...@gmail.com> >wrote: >>> I'm not sure what happened but after updating OpenBSD today, then >>> updating the installed packages Dansguardian seems to not be >working..... >> ... >>> The only error in the logs that I can see is: >>> >>> dansguardian[11832]: Error polling child process sockets: Invalid >argument >>> dansguardian[11832]: Error polling child process sockets: Invalid >argument >> So the error means that poll() is being passed an nfds argument too >> large, larger than the process could have open as fds. It looks like >> the code, for some reason I cannot understand, passes poll() a pollfd >> structure for each child process...with fd=-1, so that it will be >> ignored. Uh, why? Why is it passing pollfd structures to the kernel >> that it *wants* the kernel to ignore? It seems that the code could >> simply skip over allocating and filling in those pollfd structures >and >> have the exact same effect. >> >> As for what changed, well, something changed the number of child >> processes you're experiencing (load?), or the process fd limit >> (RLIMIT_NOFILE) for dansguardian changed. >> >> >> Philip Guenther