Re: [Openvpn-devel] [PATCH] Increase listen() backlog queue to 32
Hi, On 16/08/2019 13:49, David Sommerseth wrote: > On 15/08/2019 17:53, Gert Doering wrote: >> For reasons historically unknown, OpenVPN sets the listen() backlog >> queue to "1", which signals the kernel "while there is one TCP connect >> waiting for OpenVPN to handle it, refuse all others" - which, on >> restarting a busy TCP server, will create connection issues. >> >> The exact "best" value of the backlog queue is subject of discussion, >> but for a server that is not extremely busy with many connections >> coming in in parallel, there is no real difference between "10" or "500", >> as long as it's "more than 1". >> >> Found and debugged by "mjo" in Trac. >> >> Trac: #1208 >> >> Signed-off-by: Gert Doering > > Acked-By: David Sommerseth > > I agree with Antonio, and we should make it somewhat easier to modify. I disagree with you on this point :D This is not something we expect people to play with. This is only a value that a developer with networking knowledge is expected to find and tweak. Hence my suggestion to make it a define in some header main header file. > I'm > not sure if there's value in having it as a runtime option, like > --socket-backlog (or something like that), or as a value you can pass to > ./configure at compile time. > Like above: yet another config option that the average joe can mess up and come up with unknown problems nobody will understand? nonono ;) Cheers, > > > > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > -- Antonio Quartulli signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Increase listen() backlog queue to 32
On 15/08/2019 17:53, Gert Doering wrote: > For reasons historically unknown, OpenVPN sets the listen() backlog > queue to "1", which signals the kernel "while there is one TCP connect > waiting for OpenVPN to handle it, refuse all others" - which, on > restarting a busy TCP server, will create connection issues. > > The exact "best" value of the backlog queue is subject of discussion, > but for a server that is not extremely busy with many connections > coming in in parallel, there is no real difference between "10" or "500", > as long as it's "more than 1". > > Found and debugged by "mjo" in Trac. > > Trac: #1208 > > Signed-off-by: Gert Doering Acked-By: David Sommerseth I agree with Antonio, and we should make it somewhat easier to modify. I'm not sure if there's value in having it as a runtime option, like --socket-backlog (or something like that), or as a value you can pass to ./configure at compile time. -- kind regards, David Sommerseth OpenVPN Inc signature.asc Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Increase listen() backlog queue to 32
Hi, On 15/08/2019 17:53, Gert Doering wrote: > For reasons historically unknown, OpenVPN sets the listen() backlog > queue to "1", which signals the kernel "while there is one TCP connect > waiting for OpenVPN to handle it, refuse all others" - which, on > restarting a busy TCP server, will create connection issues. > > The exact "best" value of the backlog queue is subject of discussion, > but for a server that is not extremely busy with many connections > coming in in parallel, there is no real difference between "10" or "500", > as long as it's "more than 1". > > Found and debugged by "mjo" in Trac. > > Trac: #1208 > > Signed-off-by: Gert Doering Having 1 is definitely unreasonable, and we need something larger. On top of that, mjo explained what kind of other side effects we can have when setting the queue to such a small value. 32 is reasonable and may even be worth a define so that it can be easily tweaked by whoever wants to. But this is another story.. Acked-by: Antonio Quartulli > --- > src/openvpn/socket.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c > index c472cf1b..983ed38a 100644 > --- a/src/openvpn/socket.c > +++ b/src/openvpn/socket.c > @@ -1175,7 +1175,7 @@ socket_do_listen(socket_descriptor_t sd, > ASSERT(local); > msg(M_INFO, "Listening for incoming TCP connection on %s", > print_sockaddr(local->ai_addr, )); > -if (listen(sd, 1)) > +if (listen(sd, 32)) > { > msg(M_ERR, "TCP: listen() failed"); > } > -- Antonio Quartulli ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel