Re: [Openvpn-devel] [PATCH] Increase listen() backlog queue to 32
Hi, On 16/08/2019 13:49, David Sommerseth wrote: > On 15/08/2019 17:53, Gert Doering wrote: >> For reasons historically unknown, OpenVPN sets the listen() backlog >> queue to "1", which signals the kernel "while there is one TCP connect >> waiting for OpenVPN to handle it, refuse all others" - which, on >> restarting a busy TCP server, will create connection issues. >> >> The exact "best" value of the backlog queue is subject of discussion, >> but for a server that is not extremely busy with many connections >> coming in in parallel, there is no real difference between "10" or "500", >> as long as it's "more than 1". >> >> Found and debugged by "mjo" in Trac. >> >> Trac: #1208 >> >> Signed-off-by: Gert Doering > > Acked-By: David Sommerseth > > I agree with Antonio, and we should make it somewhat easier to modify. I disagree with you on this point :D This is not something we expect people to play with. This is only a value that a developer with networking knowledge is expected to find and tweak. Hence my suggestion to make it a define in some header main header file. > I'm > not sure if there's value in having it as a runtime option, like > --socket-backlog (or something like that), or as a value you can pass to > ./configure at compile time. > Like above: yet another config option that the average joe can mess up and come up with unknown problems nobody will understand? nonono ;) Cheers, > > > > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > -- Antonio Quartulli signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Increase listen() backlog queue to 32
On 15/08/2019 17:53, Gert Doering wrote: > For reasons historically unknown, OpenVPN sets the listen() backlog > queue to "1", which signals the kernel "while there is one TCP connect > waiting for OpenVPN to handle it, refuse all others" - which, on > restarting a busy TCP server, will create connection issues. > > The exact "best" value of the backlog queue is subject of discussion, > but for a server that is not extremely busy with many connections > coming in in parallel, there is no real difference between "10" or "500", > as long as it's "more than 1". > > Found and debugged by "mjo" in Trac. > > Trac: #1208 > > Signed-off-by: Gert Doering Acked-By: David Sommerseth I agree with Antonio, and we should make it somewhat easier to modify. I'm not sure if there's value in having it as a runtime option, like --socket-backlog (or something like that), or as a value you can pass to ./configure at compile time. -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Increase listen() backlog queue to 32
Hi,
On 15/08/2019 17:53, Gert Doering wrote:
> For reasons historically unknown, OpenVPN sets the listen() backlog
> queue to "1", which signals the kernel "while there is one TCP connect
> waiting for OpenVPN to handle it, refuse all others" - which, on
> restarting a busy TCP server, will create connection issues.
>
> The exact "best" value of the backlog queue is subject of discussion,
> but for a server that is not extremely busy with many connections
> coming in in parallel, there is no real difference between "10" or "500",
> as long as it's "more than 1".
>
> Found and debugged by "mjo" in Trac.
>
> Trac: #1208
>
> Signed-off-by: Gert Doering
Having 1 is definitely unreasonable, and we need something larger.
On top of that, mjo explained what kind of other side effects we can
have when setting the queue to such a small value.
32 is reasonable and may even be worth a define so that it can be easily
tweaked by whoever wants to. But this is another story..
Acked-by: Antonio Quartulli
> ---
> src/openvpn/socket.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
> index c472cf1b..983ed38a 100644
> --- a/src/openvpn/socket.c
> +++ b/src/openvpn/socket.c
> @@ -1175,7 +1175,7 @@ socket_do_listen(socket_descriptor_t sd,
> ASSERT(local);
> msg(M_INFO, "Listening for incoming TCP connection on %s",
> print_sockaddr(local->ai_addr, ));
> -if (listen(sd, 1))
> +if (listen(sd, 32))
> {
> msg(M_ERR, "TCP: listen() failed");
> }
>
--
Antonio Quartulli
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
