socket: bump listen() backlog to INT_MAX everywhere

This is a rework of #24764 by Cristian Rodríguez
<crodriguez@owncloud.com>, which stalled.

Instead of assigning -1 we'll use a macro defined to INT_MAX however.

diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index 474f1d309d5b76a2a58a3a3b6b9f75d7a15f866a..ec145c3710f518eaf00c5ff43690abae50edc775 100644 (file)
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -341,12 +341,13 @@
 
       <varlistentry>
         <term><varname>Backlog=</varname></term>
-        <listitem><para>Takes an unsigned integer argument. Specifies
-        the number of connections to queue that have not been accepted
-        yet. This setting matters only for stream and sequential
-        packet sockets. See
-        <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
-        for details. Defaults to SOMAXCONN (128).</para></listitem>
+        <listitem><para>Takes an unsigned 32bit integer argument. Specifies the number of connections to
+        queue that have not been accepted yet. This setting matters only for stream and sequential packet
+        sockets. See
+        <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
+        details. Note that this value is silently capped by the <literal>net.core.somaxconn</literal> sysctl,
+        which typically defaults to 4096. By default this is set to 4294967295, so that the sysctl takes full
+        effect.</para></listitem>
       </varlistentry>
 
       <varlistentry>

diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
index b323b1b99f57d02e5b5014ed34016ee0ca0f20e0..37763446bd9a3c48a507e148d9618df4f17c8492 100644 (file)
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@@ -354,3 +354,10 @@ int connect_unix_path(int fd, int dir_fd, const char *path);
  * protocol mismatch. */
 int socket_address_parse_unix(SocketAddress *ret_address, const char *s);
 int socket_address_parse_vsock(SocketAddress *ret_address, const char *s);
+
+/* libc's SOMAXCONN is defined to 128 or 4096 (at least on glibc). But actually, the value can be much
+ * larger. In our codebase we want to set it to the max usually, since noawadays socket memory is properly
+ * tracked by memcg, and hence we don't need to enforce extra limits here. Moreover, the kernel caps it to
+ * /proc/sys/net/core/somaxconn anyway, thus by setting this to unbounded we just make that sysctl file
+ * authoritative. */
+#define SOMAXCONN_DELUXE INT_MAX

diff --git a/src/core/dbus.c b/src/core/dbus.c
index 3fef44e6687575adf9a26d616017c216a7c4c99b..ba2cec4d7718ad3299108ab2d865f8d8f4665e51 100644 (file)
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -972,7 +972,7 @@ int bus_init_private(Manager *m) {
         if (r < 0)
                 return log_error_errno(errno, "Failed to bind private socket: %m");
 
-        r = listen(fd, SOMAXCONN);
+        r = listen(fd, SOMAXCONN_DELUXE);
         if (r < 0)
                 return log_error_errno(errno, "Failed to make private socket listening: %m");
 

diff --git a/src/core/socket.c b/src/core/socket.c
index f8fe62c9191f72056bfdcb64b54f9c31a11f7b3e..8e7797139bfe09b6aae0e4a6886bb3d6ee41964f 100644 (file)
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -82,7 +82,7 @@ static void socket_init(Unit *u) {
         assert(u);
         assert(u->load_state == UNIT_STUB);
 
-        s->backlog = SOMAXCONN;
+        s->backlog = SOMAXCONN_DELUXE;
         s->timeout_usec = u->manager->default_timeout_start_usec;
         s->directory_mode = 0755;
         s->socket_mode = 0666;

diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index 735e2c5e8bac63e4444cfae56315b2998347ece7..222b036698c86d4e2cfb16060dd718f6bc7a8aa0 100644 (file)
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -938,7 +938,7 @@ int server_open_stdout_socket(Server *s, const char *stdout_socket) {
 
                 (void) chmod(sa.un.sun_path, 0666);
 
-                if (listen(s->stdout_fd, SOMAXCONN) < 0)
+                if (listen(s->stdout_fd, SOMAXCONN_DELUXE) < 0)
                         return log_error_errno(errno, "listen(%s) failed: %m", sa.un.sun_path);
         } else
                 (void) fd_nonblock(s->stdout_fd, true);

diff --git a/src/libsystemd/sd-bus/test-bus-watch-bind.c b/src/libsystemd/sd-bus/test-bus-watch-bind.c
index 987d151b55ebfde5787f34eadf977a40b5224ed8..a504437ac50f6249f9d7983f22d58423f1f9a815 100644 (file)
--- a/src/libsystemd/sd-bus/test-bus-watch-bind.c
+++ b/src/libsystemd/sd-bus/test-bus-watch-bind.c
@@ -76,7 +76,7 @@ static void* thread_server(void *p) {
         assert_se(bind(fd, &u.sa, sa_len) >= 0);
         usleep(100 * USEC_PER_MSEC);
 
-        assert_se(listen(fd, SOMAXCONN) >= 0);
+        assert_se(listen(fd, SOMAXCONN_DELUXE) >= 0);
         usleep(100 * USEC_PER_MSEC);
 
         assert_se(touch(path) >= 0);

diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c
index 3a7d6977f67fac24926231d7bb77ec2df545f54f..259f82eff4e81d8610d28061837b5a202a4c3e34 100644 (file)
--- a/src/resolve/resolved-dns-stub.c
+++ b/src/resolve/resolved-dns-stub.c
@@ -1205,7 +1205,7 @@ static int manager_dns_stub_fd(
                 return -errno;
 
         if (type == SOCK_STREAM &&
-            listen(fd, SOMAXCONN) < 0)
+            listen(fd, SOMAXCONN_DELUXE) < 0)
                 return -errno;
 
         r = sd_event_add_io(m->event, event_source, fd, EPOLLIN,
@@ -1295,7 +1295,7 @@ static int manager_dns_stub_fd_extra(Manager *m, DnsStubListenerExtra *l, int ty
                 goto fail;
 
         if (type == SOCK_STREAM &&
-            listen(fd, SOMAXCONN) < 0) {
+            listen(fd, SOMAXCONN_DELUXE) < 0) {
                 r = -errno;
                 goto fail;
         }

diff --git a/src/resolve/resolved-llmnr.c b/src/resolve/resolved-llmnr.c
index 4ab455eb2fe45e4080c240913c9e423ebb3dae6b..8fac351ee6da033f97041a2cadc27227f83c6bff 100644 (file)
--- a/src/resolve/resolved-llmnr.c
+++ b/src/resolve/resolved-llmnr.c
@@ -392,7 +392,7 @@ int manager_llmnr_ipv4_tcp_fd(Manager *m) {
                         return log_error_errno(r, "LLMNR-IPv4(TCP): Failed to set SO_REUSEADDR: %m");
         }
 
-        r = listen(s, SOMAXCONN);
+        r = listen(s, SOMAXCONN_DELUXE);
         if (r < 0)
                 return log_error_errno(errno, "LLMNR-IPv4(TCP): Failed to listen the stream: %m");
 
@@ -457,7 +457,7 @@ int manager_llmnr_ipv6_tcp_fd(Manager *m) {
                         return log_error_errno(r, "LLMNR-IPv6(TCP): Failed to set SO_REUSEADDR: %m");
         }
 
-        r = listen(s, SOMAXCONN);
+        r = listen(s, SOMAXCONN_DELUXE);
         if (r < 0)
                 return log_error_errno(errno, "LLMNR-IPv6(TCP): Failed to listen the stream: %m");
 

diff --git a/src/shared/socket-netlink.c b/src/shared/socket-netlink.c
index e115dff5064f2bd9912a23629bed719647682a25..0ba57627615d89b773d51e613d4e6348bd232170 100644 (file)
--- a/src/shared/socket-netlink.c
+++ b/src/shared/socket-netlink.c
@@ -180,7 +180,7 @@ int make_socket_fd(int log_level, const char* address, int type, int flags) {
 
         a.type = type;
 
-        fd = socket_address_listen(&a, type | flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT,
+        fd = socket_address_listen(&a, type | flags, SOMAXCONN_DELUXE, SOCKET_ADDRESS_DEFAULT,
                                    NULL, false, false, false, 0755, 0644, NULL);
         if (fd < 0 || log_get_max_level() >= log_level) {
                 _cleanup_free_ char *p = NULL;

diff --git a/src/shared/varlink.c b/src/shared/varlink.c
index ab97af57e2fe09a11719a23f02791b900315b21d..333cd3af589dc657a3df1b8555d7ea8cda001e72 100644 (file)
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@@ -2750,7 +2750,7 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t
                         return r;
         }
 
-        if (listen(fd, SOMAXCONN) < 0)
+        if (listen(fd, SOMAXCONN_DELUXE) < 0)
                 return -errno;
 
         r = varlink_server_create_listen_fd_socket(s, fd, &ss);

diff --git a/src/test/test-socket-util.c b/src/test/test-socket-util.c
index 71ec766ca18d097a8d04f14e6df5b86cc23c1bcc..0259cbf3bb67c905c6565411d6b00e8ee0aeed13 100644 (file)
--- a/src/test/test-socket-util.c
+++ b/src/test/test-socket-util.c
@@ -444,9 +444,9 @@ TEST(flush_accept) {
         assert_se(flush_accept(listen_dgram) < 0);
         assert_se(flush_accept(listen_seqpacket) < 0);
 
-        assert_se(listen(listen_stream, SOMAXCONN) >= 0);
-        assert_se(listen(listen_dgram, SOMAXCONN) < 0);
-        assert_se(listen(listen_seqpacket, SOMAXCONN) >= 0);
+        assert_se(listen(listen_stream, SOMAXCONN_DELUXE) >= 0);
+        assert_se(listen(listen_dgram, SOMAXCONN_DELUXE) < 0);
+        assert_se(listen(listen_seqpacket, SOMAXCONN_DELUXE) >= 0);
 
         assert_se(flush_accept(listen_stream) >= 0);
         assert_se(flush_accept(listen_dgram) < 0);

diff --git a/src/userdb/userdbd-manager.c b/src/userdb/userdbd-manager.c
index 80735b3fd9af9f9369c5ea17b5fc3e84b4173efa..8101ac52db23167cab7b8204e407d0e2f997b8d1 100644 (file)
--- a/src/userdb/userdbd-manager.c
+++ b/src/userdb/userdbd-manager.c
@@ -272,7 +272,7 @@ int manager_startup(Manager *m) {
                 if (r < 0)
                         return log_error_errno(r, "Failed to bind io.systemd.Multiplexer: %m");
 
-                if (listen(m->listen_fd, SOMAXCONN) < 0)
+                if (listen(m->listen_fd, SOMAXCONN_DELUXE) < 0)
                         return log_error_errno(errno, "Failed to listen on socket: %m");
         }