-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Done.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=09b768efa456fb 49f21e7ed19761ff24988464b9 Cheers, Simon. On 19/12/16 12:00, Donatas Abraitis wrote: > Ok > > Sent from my iPhone > >> On 19 Dec 2016, at 13:48, Simon Kelley <si...@thekelleys.org.uk> >> wrote: >> > I think the simple solution to this is > > 1) Make this a compile-time option in /src/config.h 2) Bump the > default to 50. > > > Does that sound reasonable? > > > Cheers, > > Simon. > > >>>> On 16/12/16 19:31, Donatas Abraitis wrote: Well, it depends, >>>> in our case it's enough 32, never hit this value still. >>>> >>>> Sent from my iPhone >>>> >>>>> On 16 Dec 2016, at 18:43, Simon Kelley >>>>> <si...@thekelleys.org.uk> wrote: >>>>> >>>> What backlog parameter works well for you? >>>> >>>> I'm happy to apply the patch if this is a dial that really >>>> needs to be tweakable, but if there are no downsides to >>>> moving the fixed backlog limit from 5 to 50 or 500, then >>>> let's just do that. There's no point in making people apply >>>> arbitrary configuration options if it can just work. >>>> >>>> >>>> Cheers, >>>> >>>> Simon. >>>> >>>> >>>> >>>>>>> On 07/12/16 13:43, Donatas Abraitis wrote: Of course >>>>>>> patch is tested ;-) Some output: % ./src/dnsmasq --port >>>>>>> 1025 --listen-backlog 100 % ss -ntl sport = :1025 >>>>>>> Recv-Q Send-Q Local Address:Port Peer Address:Port 0 >>>>>>> 100 :::1025 :::* 0 100 *:1025 >>>>>>> >>>>>>> On Wed, Dec 7, 2016 at 3:28 PM, Albert ARIBAUD >>>>>>> <albert.arib...@free.fr> wrote: >>>>>>> >>>>>>>> Hi Donatas, >>>>>>>> >>>>>>>> Le Wed, 7 Dec 2016 14:43:22 +0200 Donatas Abraitis >>>>>>>> <donatas.abrai...@gmail.com> a écrit: >>>>>>>> >>>>>>>>> Hi folks, >>>>>>>>> >>>>>>>>> for our case at Hostinger, we have a problem while >>>>>>>>> too much TcpListenOverflows: [root@us-imm-dns1 ~]# >>>>>>>>> nstat -az | grep TcpExtListenOverflows >>>>>>>>> TcpExtListenOverflows 299 0.0 [root@us-imm-dns1 ~]# >>>>>>>>> ss -ntl sport = :53 State Recv-Q Send-Q Local >>>>>>>>> Address:Port Peer Address:Port LISTEN 0 5 *:53 *:* >>>>>>>>> LISTEN 0 5 :::53 :::* >>>>>>>>> >>>>>>>>> probe kernel.function("tcp_check_req") { tcphdr = >>>>>>>>> __get_skb_tcphdr($skb); dport = >>>>>>>>> __tcp_skb_dport(tcphdr) if ($sk->sk_ack_backlog > >>>>>>>>> $sk->sk_max_ack_backlog) printf("listen queue for >>>>>>>>> port(%d): %d/%d\n", dport, $sk->sk_ack_backlog, >>>>>>>>> $sk->sk_max_ack_backlog); } >>>>>>>>> >>>>>>>>> [root@us-imm-dns1 ~]# staprun overflow.ko listen >>>>>>>>> queue for port(53): 13/5 listen queue for port(53): >>>>>>>>> 13/5 listen queue for port(53): 14/5 >>>>>>>>> >>>>>>>>> here is the proposed patch: >>>>>>>>> >>>>>>>>> commit fa610cd424b905720832afc8636373bb132f49c1 >>>>>>>>> Author: Donatas Abraitis >>>>>>>>> <donatas.abrai...@gmail.com> Date: Sun Dec 9 >>>>>>>>> 09:58:51 2012 +0200 >>>>>>>>> >>>>>>>>> Add `listen-backlog` option to override default 5 >>>>>>>>> (too small) >>>>>>>>> >>>>>>>>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h index >>>>>>>>> 4b55bb5..b717df3 100644 --- a/src/dnsmasq.h +++ >>>>>>>>> b/src/dnsmasq.h @@ -980,6 +980,7 @@ extern struct >>>>>>>>> daemon { struct dhcp_netid_list *force_broadcast, >>>>>>>>> *bootp_dynamic; struct hostsfile *dhcp_hosts_file, >>>>>>>>> *dhcp_opts_file, *dynamic_dirs; int dhcp_max, >>>>>>>>> tftp_max, tftp_mtu; + int listen_backlog; int >>>>>>>>> dhcp_server_port, dhcp_client_port; int >>>>>>>>> start_tftp_port, end_tftp_port; unsigned int >>>>>>>>> min_leasetime; diff --git a/src/network.c >>>>>>>>> b/src/network.c index d87d08f..1e9d188 100644 --- >>>>>>>>> a/src/network.c +++ b/src/network.c @@ -746,7 >>>>>>>>> +746,7 @@ static int make_sock(union mysockaddr >>>>>>>>> *addr, int type, int dienow) >>>>>>>>> >>>>>>>>> if (type == SOCK_STREAM) { - if (listen(fd, 5) >>>>>>>>> == -1) + if (listen(fd, daemon->listen_backlog) == >>>>>>>>> -1) goto err; } else if (family == AF_INET) diff >>>>>>>>> --git a/src/option.c b/src/option.c index >>>>>>>>> d0d9509..220303e 100644 --- a/src/option.c +++ >>>>>>>>> b/src/option.c @@ -159,6 +159,7 @@ struct myoption >>>>>>>>> { #define LOPT_SCRIPT_ARP 347 #define LOPT_DHCPTTL >>>>>>>>> 348 #define LOPT_TFTP_MTU 349 +#define LOPT_BACKLOG >>>>>>>>> 350 >>>>>>>>> >>>>>>>>> #ifdef HAVE_GETOPT_LONG static const struct option >>>>>>>>> opts[] = @@ -190,6 +191,7 @@ static const struct >>>>>>>>> myoption opts[] = { "domain-suffix", 1, 0, 's' }, { >>>>>>>>> "interface", 1, 0, 'i' }, { "listen-address", 1, 0, >>>>>>>>> 'a' }, + { "listen-backlog", 1, 0, LOPT_BACKLOG >>>>>>>>> }, { "local-service", 0, 0, LOPT_LOCAL_SERVICE }, >>>>>>>>> { "bogus-priv", 0, 0, 'b' }, { "bogus-nxdomain", 1, >>>>>>>>> 0, 'B' }, @@ -394,6 +396,7 @@ static struct { { >>>>>>>>> 't', ARG_ONE, "<host_name>", gettext_noop("Specify >>>>>>>>> default target in an MX record."), NULL }, { 'T', >>>>>>>>> ARG_ONE, "<integer>", gettext_noop("Specify >>>>>>>>> time-to-live in seconds for replies from >>>>>>>>> /etc/hosts."), NULL }, { LOPT_NEGTTL, ARG_ONE, >>>>>>>>> "<integer>", gettext_noop("Specify time-to-live in >>>>>>>>> seconds for negative caching."), NULL }, + { >>>>>>>>> LOPT_BACKLOG, ARG_ONE, "<integer>", >>>>>>>>> gettext_noop("Set the backlog queue limit."), NULL >>>>>>>>> }, { LOPT_MAXTTL, ARG_ONE, "<integer>", >>>>>>>>> gettext_noop("Specify time-to-live in seconds for >>>>>>>>> maximum TTL to send to clients."), NULL }, { >>>>>>>>> LOPT_MAXCTTL, ARG_ONE, "<integer>", >>>>>>>>> gettext_noop("Specify time-to-live ceiling for >>>>>>>>> cache."), NULL }, { LOPT_MINCTTL, ARG_ONE, >>>>>>>>> "<integer>", gettext_noop("Specify time-to-live >>>>>>>>> floor for cache."), NULL }, @@ -2286,7 +2289,11 @@ >>>>>>>>> static int one_opt(int option, char *arg, char >>>>>>>>> *errstr, char *gen_err, int comma >>>>>>>>> ret_err(gen_err); /* error */ break; } - + + >>>>>>>>> case LOPT_BACKLOG: /* --listen-backlog */ + if >>>>>>>>> (!atoi_check(arg, &daemon->listen_backlog)) + >>>>>>>>> ret_err(gen_err); + break; case 'a': /* >>>>>>>>> --listen-address */ case LOPT_AUTHPEER: /* >>>>>>>>> --auth-peer */ do { @@ -4517,6 +4524,7 @@ void >>>>>>>>> read_opts(int argc, char **argv, char >>>>>>>>> *compile_opts) daemon->cachesize = CACHESIZ; >>>>>>>>> daemon->ftabsize = FTABSIZ; daemon->port = >>>>>>>>> NAMESERVER_PORT; + daemon->listen_backlog = 5; >>>>>>>>> daemon->dhcp_client_port = DHCP_CLIENT_PORT; >>>>>>>>> daemon->dhcp_server_port = DHCP_SERVER_PORT; >>>>>>>>> daemon->default_resolv.is_default = 1; >>>>>>>> >>>>>>>> I am not qualified to determine if your patch is the >>>>>>>> right solution to your problem, but FWIW, I find this >>>>>>>> patch clear enough and I assume you have tested it :) >>>>>>>> and that it actually solves the issue for you. The >>>>>>>> only two remarks I have are: >>>>>>>> >>>>>>>> - it would be nice to also add a description for the >>>>>>>> option and its rationale to the manpage; >>>>>>>> >>>>>>>> - is there a way for dnsmasq to detect excessive >>>>>>>> backlog and emit a diagnostic message pointing the >>>>>>>> operator to the existence and use of the >>>>>>>> listen-backlog option, and if so, could you add this >>>>>>>> to the patch? >>>>>>>> >>>>>>>> Note that I am in no way a maintainer of dnsmasq, so >>>>>>>> neither my review nor my questions should be mistaken >>>>>>>> for an acceptation of the patch -- only Simon can >>>>>>>> accept patches. >>>>>>>> >>>>>>>> Amicalement, -- Albert. >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dnsmasq-discuss mailing list >>>>>>> Dnsmasq-discuss@lists.thekelleys.org.uk >>>>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >>>>>>> >>>>> >>>>> >>>>>>> > >>>>>>> _______________________________________________ >>>>> Dnsmasq-discuss mailing list >>>>> Dnsmasq-discuss@lists.thekelleys.org.uk >>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >>>> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJYXFYxAAoJEBXN2mrhkTWi2OcP/jl1Wc61cISmK1Ge350uUZL+ Xj3O0IztxoQtyARocZOn4XhlqAyy2ulLBZ2PJHRbku8+zQ89nmqiDFZQ1T97Zm+1 ndr3sHx0BP04JZY+jXWrWklQlOqSCZkpDLdDCQZICMXwG2FSjYfhu9hMgajrbjFI oZF7wB23fJ9Dh+fpXiR4ZDRmUfNqtC9cVCRjzk/NfeJqiJCa0WlYx/F/pSwPeR73 2yBgNvRUf39KW/x418ty5qo6fy+S1MEh1v72VsrGQIQctgmtdENhFR/sS1EXRRUf hQt2SedchmqOn7CIPsmzs0jcZc2y7fCZ+2YGdf+LCzx8jhSBJt31OYjAIDMKjPbE OoLdDex0FH5kDM3uBU0M+NuwxPgB/6rSh+YqrwG87pFy/GwxtQLj+8Yll6Ynq/0l XEkSkObjWbis2sjAW/vf9LokMAhRRCmp7/aG54csxJpNkY69B+cpy0AsQfh7seRz nN9d7MEXzxtmncg+3ZcAWLSD0BUFup5W2XSuKJPuqVhZICTGaXi3akBkMucVbYvh hE4klhGoOydCUZaLpao6pktZaDx4ZQW/RrmndxfGth3bdYsvcWTDJpIkemE6NB1g skpadZrMK1udKme/aZgPePtDn4mssumfhB2aFFpBfuCwLlD5gvn5Ib4jrxtjipR6 wv9ntpdh2JLxCcQH6sP8 =F7a8 -----END PGP SIGNATURE----- _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss