From: Lennart Poettering Date: Tue, 13 Jun 2023 08:15:59 +0000 (+0200) Subject: socket: bump listen() backlog to INT_MAX everywhere X-Git-Tag: v254-rc1~225 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=768fcd779fbb9fd86932da4bef031260b88da210;p=thirdparty%2Fsystemd.git socket: bump listen() backlog to INT_MAX everywhere This is a rework of #24764 by Cristian Rodríguez , which stalled. Instead of assigning -1 we'll use a macro defined to INT_MAX however. --- diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 474f1d309d5..ec145c3710f 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -341,12 +341,13 @@ Backlog= - Takes an unsigned integer argument. Specifies - the number of connections to queue that have not been accepted - yet. This setting matters only for stream and sequential - packet sockets. See - listen2 - for details. Defaults to SOMAXCONN (128). + Takes an unsigned 32bit integer argument. Specifies the number of connections to + queue that have not been accepted yet. This setting matters only for stream and sequential packet + sockets. See + listen2 for + details. Note that this value is silently capped by the net.core.somaxconn sysctl, + which typically defaults to 4096. By default this is set to 4294967295, so that the sysctl takes full + effect. diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h index b323b1b99f5..37763446bd9 100644 --- a/src/basic/socket-util.h +++ b/src/basic/socket-util.h @@ -354,3 +354,10 @@ int connect_unix_path(int fd, int dir_fd, const char *path); * protocol mismatch. */ int socket_address_parse_unix(SocketAddress *ret_address, const char *s); int socket_address_parse_vsock(SocketAddress *ret_address, const char *s); + +/* libc's SOMAXCONN is defined to 128 or 4096 (at least on glibc). But actually, the value can be much + * larger. In our codebase we want to set it to the max usually, since noawadays socket memory is properly + * tracked by memcg, and hence we don't need to enforce extra limits here. Moreover, the kernel caps it to + * /proc/sys/net/core/somaxconn anyway, thus by setting this to unbounded we just make that sysctl file + * authoritative. */ +#define SOMAXCONN_DELUXE INT_MAX diff --git a/src/core/dbus.c b/src/core/dbus.c index 3fef44e6687..ba2cec4d771 100644 --- a/src/core/dbus.c +++ b/src/core/dbus.c @@ -972,7 +972,7 @@ int bus_init_private(Manager *m) { if (r < 0) return log_error_errno(errno, "Failed to bind private socket: %m"); - r = listen(fd, SOMAXCONN); + r = listen(fd, SOMAXCONN_DELUXE); if (r < 0) return log_error_errno(errno, "Failed to make private socket listening: %m"); diff --git a/src/core/socket.c b/src/core/socket.c index f8fe62c9191..8e7797139bf 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -82,7 +82,7 @@ static void socket_init(Unit *u) { assert(u); assert(u->load_state == UNIT_STUB); - s->backlog = SOMAXCONN; + s->backlog = SOMAXCONN_DELUXE; s->timeout_usec = u->manager->default_timeout_start_usec; s->directory_mode = 0755; s->socket_mode = 0666; diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c index 735e2c5e8ba..222b036698c 100644 --- a/src/journal/journald-stream.c +++ b/src/journal/journald-stream.c @@ -938,7 +938,7 @@ int server_open_stdout_socket(Server *s, const char *stdout_socket) { (void) chmod(sa.un.sun_path, 0666); - if (listen(s->stdout_fd, SOMAXCONN) < 0) + if (listen(s->stdout_fd, SOMAXCONN_DELUXE) < 0) return log_error_errno(errno, "listen(%s) failed: %m", sa.un.sun_path); } else (void) fd_nonblock(s->stdout_fd, true); diff --git a/src/libsystemd/sd-bus/test-bus-watch-bind.c b/src/libsystemd/sd-bus/test-bus-watch-bind.c index 987d151b55e..a504437ac50 100644 --- a/src/libsystemd/sd-bus/test-bus-watch-bind.c +++ b/src/libsystemd/sd-bus/test-bus-watch-bind.c @@ -76,7 +76,7 @@ static void* thread_server(void *p) { assert_se(bind(fd, &u.sa, sa_len) >= 0); usleep(100 * USEC_PER_MSEC); - assert_se(listen(fd, SOMAXCONN) >= 0); + assert_se(listen(fd, SOMAXCONN_DELUXE) >= 0); usleep(100 * USEC_PER_MSEC); assert_se(touch(path) >= 0); diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c index 3a7d6977f67..259f82eff4e 100644 --- a/src/resolve/resolved-dns-stub.c +++ b/src/resolve/resolved-dns-stub.c @@ -1205,7 +1205,7 @@ static int manager_dns_stub_fd( return -errno; if (type == SOCK_STREAM && - listen(fd, SOMAXCONN) < 0) + listen(fd, SOMAXCONN_DELUXE) < 0) return -errno; r = sd_event_add_io(m->event, event_source, fd, EPOLLIN, @@ -1295,7 +1295,7 @@ static int manager_dns_stub_fd_extra(Manager *m, DnsStubListenerExtra *l, int ty goto fail; if (type == SOCK_STREAM && - listen(fd, SOMAXCONN) < 0) { + listen(fd, SOMAXCONN_DELUXE) < 0) { r = -errno; goto fail; } diff --git a/src/resolve/resolved-llmnr.c b/src/resolve/resolved-llmnr.c index 4ab455eb2fe..8fac351ee6d 100644 --- a/src/resolve/resolved-llmnr.c +++ b/src/resolve/resolved-llmnr.c @@ -392,7 +392,7 @@ int manager_llmnr_ipv4_tcp_fd(Manager *m) { return log_error_errno(r, "LLMNR-IPv4(TCP): Failed to set SO_REUSEADDR: %m"); } - r = listen(s, SOMAXCONN); + r = listen(s, SOMAXCONN_DELUXE); if (r < 0) return log_error_errno(errno, "LLMNR-IPv4(TCP): Failed to listen the stream: %m"); @@ -457,7 +457,7 @@ int manager_llmnr_ipv6_tcp_fd(Manager *m) { return log_error_errno(r, "LLMNR-IPv6(TCP): Failed to set SO_REUSEADDR: %m"); } - r = listen(s, SOMAXCONN); + r = listen(s, SOMAXCONN_DELUXE); if (r < 0) return log_error_errno(errno, "LLMNR-IPv6(TCP): Failed to listen the stream: %m"); diff --git a/src/shared/socket-netlink.c b/src/shared/socket-netlink.c index e115dff5064..0ba57627615 100644 --- a/src/shared/socket-netlink.c +++ b/src/shared/socket-netlink.c @@ -180,7 +180,7 @@ int make_socket_fd(int log_level, const char* address, int type, int flags) { a.type = type; - fd = socket_address_listen(&a, type | flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT, + fd = socket_address_listen(&a, type | flags, SOMAXCONN_DELUXE, SOCKET_ADDRESS_DEFAULT, NULL, false, false, false, 0755, 0644, NULL); if (fd < 0 || log_get_max_level() >= log_level) { _cleanup_free_ char *p = NULL; diff --git a/src/shared/varlink.c b/src/shared/varlink.c index ab97af57e2f..333cd3af589 100644 --- a/src/shared/varlink.c +++ b/src/shared/varlink.c @@ -2750,7 +2750,7 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t return r; } - if (listen(fd, SOMAXCONN) < 0) + if (listen(fd, SOMAXCONN_DELUXE) < 0) return -errno; r = varlink_server_create_listen_fd_socket(s, fd, &ss); diff --git a/src/test/test-socket-util.c b/src/test/test-socket-util.c index 71ec766ca18..0259cbf3bb6 100644 --- a/src/test/test-socket-util.c +++ b/src/test/test-socket-util.c @@ -444,9 +444,9 @@ TEST(flush_accept) { assert_se(flush_accept(listen_dgram) < 0); assert_se(flush_accept(listen_seqpacket) < 0); - assert_se(listen(listen_stream, SOMAXCONN) >= 0); - assert_se(listen(listen_dgram, SOMAXCONN) < 0); - assert_se(listen(listen_seqpacket, SOMAXCONN) >= 0); + assert_se(listen(listen_stream, SOMAXCONN_DELUXE) >= 0); + assert_se(listen(listen_dgram, SOMAXCONN_DELUXE) < 0); + assert_se(listen(listen_seqpacket, SOMAXCONN_DELUXE) >= 0); assert_se(flush_accept(listen_stream) >= 0); assert_se(flush_accept(listen_dgram) < 0); diff --git a/src/userdb/userdbd-manager.c b/src/userdb/userdbd-manager.c index 80735b3fd9a..8101ac52db2 100644 --- a/src/userdb/userdbd-manager.c +++ b/src/userdb/userdbd-manager.c @@ -272,7 +272,7 @@ int manager_startup(Manager *m) { if (r < 0) return log_error_errno(r, "Failed to bind io.systemd.Multiplexer: %m"); - if (listen(m->listen_fd, SOMAXCONN) < 0) + if (listen(m->listen_fd, SOMAXCONN_DELUXE) < 0) return log_error_errno(errno, "Failed to listen on socket: %m"); }