-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I think the simple solution to this is
1) Make this a compile-time option in /src/config.h 2) Bump the default to 50. Does that sound reasonable? Cheers, Simon. On 16/12/16 19:31, Donatas Abraitis wrote: > Well, it depends, in our case it's enough 32, never hit this value > still. > > Sent from my iPhone > >> On 16 Dec 2016, at 18:43, Simon Kelley <[email protected]> >> wrote: >> > What backlog parameter works well for you? > > I'm happy to apply the patch if this is a dial that really needs to > be tweakable, but if there are no downsides to moving the fixed > backlog limit from 5 to 50 or 500, then let's just do that. There's > no point in making people apply arbitrary configuration options if > it can just work. > > > Cheers, > > Simon. > > > >>>> On 07/12/16 13:43, Donatas Abraitis wrote: Of course patch is >>>> tested ;-) Some output: % ./src/dnsmasq --port 1025 >>>> --listen-backlog 100 % ss -ntl sport = :1025 Recv-Q Send-Q >>>> Local Address:Port Peer Address:Port 0 100 :::1025 :::* 0 100 >>>> *:1025 >>>> >>>> On Wed, Dec 7, 2016 at 3:28 PM, Albert ARIBAUD >>>> <[email protected]> wrote: >>>> >>>>> Hi Donatas, >>>>> >>>>> Le Wed, 7 Dec 2016 14:43:22 +0200 Donatas Abraitis >>>>> <[email protected]> a écrit: >>>>> >>>>>> Hi folks, >>>>>> >>>>>> for our case at Hostinger, we have a problem while too >>>>>> much TcpListenOverflows: [root@us-imm-dns1 ~]# nstat -az >>>>>> | grep TcpExtListenOverflows TcpExtListenOverflows >>>>>> 299 0.0 [root@us-imm-dns1 ~]# ss -ntl sport = :53 State >>>>>> Recv-Q Send-Q Local Address:Port Peer Address:Port >>>>>> LISTEN 0 5 *:53 *:* LISTEN 0 5 :::53 :::* >>>>>> >>>>>> probe kernel.function("tcp_check_req") { tcphdr = >>>>>> __get_skb_tcphdr($skb); dport = __tcp_skb_dport(tcphdr) >>>>>> if ($sk->sk_ack_backlog > $sk->sk_max_ack_backlog) >>>>>> printf("listen queue for port(%d): %d/%d\n", dport, >>>>>> $sk->sk_ack_backlog, $sk->sk_max_ack_backlog); } >>>>>> >>>>>> [root@us-imm-dns1 ~]# staprun overflow.ko listen queue >>>>>> for port(53): 13/5 listen queue for port(53): 13/5 listen >>>>>> queue for port(53): 14/5 >>>>>> >>>>>> here is the proposed patch: >>>>>> >>>>>> commit fa610cd424b905720832afc8636373bb132f49c1 Author: >>>>>> Donatas Abraitis <[email protected]> Date: Sun >>>>>> Dec 9 09:58:51 2012 +0200 >>>>>> >>>>>> Add `listen-backlog` option to override default 5 (too >>>>>> small) >>>>>> >>>>>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h index >>>>>> 4b55bb5..b717df3 100644 --- a/src/dnsmasq.h +++ >>>>>> b/src/dnsmasq.h @@ -980,6 +980,7 @@ extern struct daemon >>>>>> { struct dhcp_netid_list *force_broadcast, >>>>>> *bootp_dynamic; struct hostsfile *dhcp_hosts_file, >>>>>> *dhcp_opts_file, *dynamic_dirs; int dhcp_max, tftp_max, >>>>>> tftp_mtu; + int listen_backlog; int dhcp_server_port, >>>>>> dhcp_client_port; int start_tftp_port, end_tftp_port; >>>>>> unsigned int min_leasetime; diff --git a/src/network.c >>>>>> b/src/network.c index d87d08f..1e9d188 100644 --- >>>>>> a/src/network.c +++ b/src/network.c @@ -746,7 +746,7 @@ >>>>>> static int make_sock(union mysockaddr *addr, int type, >>>>>> int dienow) >>>>>> >>>>>> if (type == SOCK_STREAM) { - if (listen(fd, 5) == >>>>>> -1) + if (listen(fd, daemon->listen_backlog) == -1) goto >>>>>> err; } else if (family == AF_INET) diff --git >>>>>> a/src/option.c b/src/option.c index d0d9509..220303e >>>>>> 100644 --- a/src/option.c +++ b/src/option.c @@ -159,6 >>>>>> +159,7 @@ struct myoption { #define LOPT_SCRIPT_ARP >>>>>> 347 #define LOPT_DHCPTTL 348 #define LOPT_TFTP_MTU >>>>>> 349 +#define LOPT_BACKLOG 350 >>>>>> >>>>>> #ifdef HAVE_GETOPT_LONG static const struct option opts[] >>>>>> = @@ -190,6 +191,7 @@ static const struct myoption opts[] >>>>>> = { "domain-suffix", 1, 0, 's' }, { "interface", 1, 0, >>>>>> 'i' }, { "listen-address", 1, 0, 'a' }, + { >>>>>> "listen-backlog", 1, 0, LOPT_BACKLOG }, { >>>>>> "local-service", 0, 0, LOPT_LOCAL_SERVICE }, { >>>>>> "bogus-priv", 0, 0, 'b' }, { "bogus-nxdomain", 1, 0, 'B' >>>>>> }, @@ -394,6 +396,7 @@ static struct { { 't', ARG_ONE, >>>>>> "<host_name>", gettext_noop("Specify default target in an >>>>>> MX record."), NULL }, { 'T', ARG_ONE, "<integer>", >>>>>> gettext_noop("Specify time-to-live in seconds for replies >>>>>> from /etc/hosts."), NULL }, { LOPT_NEGTTL, ARG_ONE, >>>>>> "<integer>", gettext_noop("Specify time-to-live in >>>>>> seconds for negative caching."), NULL }, + { >>>>>> LOPT_BACKLOG, ARG_ONE, "<integer>", gettext_noop("Set the >>>>>> backlog queue limit."), NULL }, { LOPT_MAXTTL, ARG_ONE, >>>>>> "<integer>", gettext_noop("Specify time-to-live in >>>>>> seconds for maximum TTL to send to clients."), NULL }, { >>>>>> LOPT_MAXCTTL, ARG_ONE, "<integer>", gettext_noop("Specify >>>>>> time-to-live ceiling for cache."), NULL }, { >>>>>> LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify >>>>>> time-to-live floor for cache."), NULL }, @@ -2286,7 >>>>>> +2289,11 @@ static int one_opt(int option, char *arg, >>>>>> char *errstr, char *gen_err, int comma ret_err(gen_err); >>>>>> /* error */ break; } - + + case LOPT_BACKLOG: /* >>>>>> --listen-backlog */ + if (!atoi_check(arg, >>>>>> &daemon->listen_backlog)) + ret_err(gen_err); + >>>>>> break; case 'a': /* --listen-address */ case >>>>>> LOPT_AUTHPEER: /* --auth-peer */ do { @@ -4517,6 +4524,7 >>>>>> @@ void read_opts(int argc, char **argv, char >>>>>> *compile_opts) daemon->cachesize = CACHESIZ; >>>>>> daemon->ftabsize = FTABSIZ; daemon->port = >>>>>> NAMESERVER_PORT; + daemon->listen_backlog = 5; >>>>>> daemon->dhcp_client_port = DHCP_CLIENT_PORT; >>>>>> daemon->dhcp_server_port = DHCP_SERVER_PORT; >>>>>> daemon->default_resolv.is_default = 1; >>>>> >>>>> I am not qualified to determine if your patch is the right >>>>> solution to your problem, but FWIW, I find this patch >>>>> clear enough and I assume you have tested it :) and that it >>>>> actually solves the issue for you. The only two remarks I >>>>> have are: >>>>> >>>>> - it would be nice to also add a description for the option >>>>> and its rationale to the manpage; >>>>> >>>>> - is there a way for dnsmasq to detect excessive backlog >>>>> and emit a diagnostic message pointing the operator to the >>>>> existence and use of the listen-backlog option, and if so, >>>>> could you add this to the patch? >>>>> >>>>> Note that I am in no way a maintainer of dnsmasq, so >>>>> neither my review nor my questions should be mistaken for >>>>> an acceptation of the patch -- only Simon can accept >>>>> patches. >>>>> >>>>> Amicalement, -- Albert. >>>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dnsmasq-discuss mailing list >>>> [email protected] >>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >>>> >> >> >>>> _______________________________________________ >> Dnsmasq-discuss mailing list >> [email protected] >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJYV8j6AAoJEBXN2mrhkTWiegEP/2ys9Er9HMtDlOWbqTURfzNR 7aMfVPHpEPcWMHQX9xROBWCw2I7uqpqKtNOQxmcWtU1E289CRMKCBztIxvxMCDgx kxVCWMuVfeVafH+4dbqAtOEQQbIwkKninZs8fi6zi4cWIhVB/7aEmD3kaFNRtKfq 8MeVc57Rd6yRJnft/fRupGrbPbHa0RuKLwVtaY3CXjmAELecObal/gZ2NsAMn6HE dbAJq9G6+Nl2yeePgSds/bG4h8IwDX5nD3RjI+iPqP/MM6ADgih5bTZyFmhtDksn ubBe6hkVgye11fP0wfVXYprPUacPn9SiVArJt216GndxFiOZ/Nvoq0TNwkjF0csf K78rdo3Zr5Bu9v+jQig48+Xo4e2Sx4lbgCnbslcqzTox92mU9zPZfLgoUah6CEQ4 XuNY2BuklMk8mPQxbDMHZLj3DxqqQl2pVgpmAwdYWmO9fcDeadF6DPfXUVzYRhMq jI2kBHBPhtP1rJmY6uobAAaXL1+eZ2iSlZ+17DgnLs3+mqrvNWCpwAO3BcL2hl7B tkRJO00+dybxbX7hE3m57iH3sVgSyE/XRrJ9g5ZV6wausoZuyNaNBzjTFq/5Pm9X FmZr7tp5/exQ2I8yhGRo3r0l30330IyoPRRW4iZvzn0k5J2zTHdAtqVN7g1vNYAd 0ciklq1NCYT4g3FJQmy3 =Ql1Y -----END PGP SIGNATURE----- _______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
