[Dnsmasq-discuss] listen-backlog option to override default (too small) value

Fri Dec 16 16:43:05 GMT 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

What backlog parameter works well for you?

I'm happy to apply the patch if this is a dial that really needs to be
tweakable, but if there are no downsides to moving the fixed backlog
limit from 5 to 50 or 500, then let's just do that. There's no point
in making people apply arbitrary configuration options if it can just
work.

Cheers,

Simon.

On 07/12/16 13:43, Donatas Abraitis wrote:
> Of course patch is tested ;-) Some output: % ./src/dnsmasq --port
> 1025 --listen-backlog 100 % ss -ntl sport = :1025 Recv-Q Send-Q 
> Local Address:Port Peer Address:Port 0 100 :::1025 :::* 0 100 
> *:1025
> 
> On Wed, Dec 7, 2016 at 3:28 PM, Albert ARIBAUD
> <albert.aribaud at free.fr> wrote:
> 
>> Hi Donatas,
>> 
>> Le Wed, 7 Dec 2016 14:43:22 +0200 Donatas Abraitis
>> <donatas.abraitis at gmail.com> a écrit:
>> 
>>> Hi folks,
>>> 
>>> for our case at Hostinger, we have a problem while too much 
>>> TcpListenOverflows: [root at us-imm-dns1 ~]# nstat -az | grep
>>> TcpExtListenOverflows TcpExtListenOverflows           299
>>> 0.0 [root at us-imm-dns1 ~]# ss -ntl sport = :53 State
>>> Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN
>>> 0 5 *:53 *:* LISTEN      0 5 :::53 :::*
>>> 
>>> probe kernel.function("tcp_check_req") { tcphdr =
>>> __get_skb_tcphdr($skb); dport = __tcp_skb_dport(tcphdr) if
>>> ($sk->sk_ack_backlog > $sk->sk_max_ack_backlog) printf("listen
>>> queue for port(%d): %d/%d\n", dport, $sk->sk_ack_backlog, 
>>> $sk->sk_max_ack_backlog); }
>>> 
>>> [root at us-imm-dns1 ~]# staprun overflow.ko listen queue for
>>> port(53): 13/5 listen queue for port(53): 13/5 listen queue for
>>> port(53): 14/5
>>> 
>>> here is the proposed patch:
>>> 
>>> commit fa610cd424b905720832afc8636373bb132f49c1 Author: Donatas
>>> Abraitis <donatas.abraitis at gmail.com> Date:   Sun Dec 9
>>> 09:58:51 2012 +0200
>>> 
>>> Add `listen-backlog` option to override default 5 (too small)
>>> 
>>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h index
>>> 4b55bb5..b717df3 100644 --- a/src/dnsmasq.h +++
>>> b/src/dnsmasq.h @@ -980,6 +980,7 @@ extern struct daemon { 
>>> struct dhcp_netid_list *force_broadcast, *bootp_dynamic; struct
>>> hostsfile *dhcp_hosts_file, *dhcp_opts_file, *dynamic_dirs; int
>>> dhcp_max, tftp_max, tftp_mtu; +  int listen_backlog; int
>>> dhcp_server_port, dhcp_client_port; int start_tftp_port,
>>> end_tftp_port; unsigned int min_leasetime; diff --git
>>> a/src/network.c b/src/network.c index d87d08f..1e9d188 100644 
>>> --- a/src/network.c +++ b/src/network.c @@ -746,7 +746,7 @@
>>> static int make_sock(union mysockaddr *addr, int type, int
>>> dienow)
>>> 
>>> if (type == SOCK_STREAM) { -      if (listen(fd, 5) == -1) +
>>> if (listen(fd, daemon->listen_backlog) == -1) goto err; } else
>>> if (family == AF_INET) diff --git a/src/option.c
>>> b/src/option.c index d0d9509..220303e 100644 ---
>>> a/src/option.c +++ b/src/option.c @@ -159,6 +159,7 @@ struct
>>> myoption { #define LOPT_SCRIPT_ARP    347 #define LOPT_DHCPTTL
>>> 348 #define LOPT_TFTP_MTU      349 +#define LOPT_BACKLOG
>>> 350
>>> 
>>> #ifdef HAVE_GETOPT_LONG static const struct option opts[] = @@
>>> -190,6 +191,7 @@ static const struct myoption opts[] = {
>>> "domain-suffix", 1, 0, 's' }, { "interface", 1, 0, 'i' }, {
>>> "listen-address", 1, 0, 'a' }, +    { "listen-backlog", 1, 0,
>>> LOPT_BACKLOG }, { "local-service", 0, 0, LOPT_LOCAL_SERVICE }, 
>>> { "bogus-priv", 0, 0, 'b' }, { "bogus-nxdomain", 1, 0, 'B' }, 
>>> @@ -394,6 +396,7 @@ static struct { { 't', ARG_ONE,
>>> "<host_name>", gettext_noop("Specify default target in an MX
>>> record."), NULL }, { 'T', ARG_ONE, "<integer>",
>>> gettext_noop("Specify time-to-live in seconds for replies from
>>> /etc/hosts."), NULL }, { LOPT_NEGTTL, ARG_ONE, "<integer>",
>>> gettext_noop("Specify time-to-live in seconds for negative
>>> caching."), NULL }, +  { LOPT_BACKLOG, ARG_ONE, "<integer>",
>>> gettext_noop("Set the backlog queue limit."), NULL }, {
>>> LOPT_MAXTTL, ARG_ONE, "<integer>", gettext_noop("Specify 
>>> time-to-live in seconds for maximum TTL to send to clients."),
>>> NULL }, { LOPT_MAXCTTL, ARG_ONE, "<integer>",
>>> gettext_noop("Specify time-to-live ceiling for cache."), NULL
>>> }, { LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify 
>>> time-to-live floor for cache."), NULL }, @@ -2286,7 +2289,11 @@
>>> static int one_opt(int option, char *arg, char *errstr, char
>>> *gen_err, int comma ret_err(gen_err); /* error */ break; } - + 
>>> +    case LOPT_BACKLOG: /* --listen-backlog */ +      if
>>> (!atoi_check(arg, &daemon->listen_backlog)) +
>>> ret_err(gen_err); +      break; case 'a':  /* --listen-address
>>> */ case LOPT_AUTHPEER: /* --auth-peer */ do { @@ -4517,6
>>> +4524,7 @@ void read_opts(int argc, char **argv, char 
>>> *compile_opts) daemon->cachesize = CACHESIZ; daemon->ftabsize =
>>> FTABSIZ; daemon->port = NAMESERVER_PORT; +
>>> daemon->listen_backlog = 5; daemon->dhcp_client_port =
>>> DHCP_CLIENT_PORT; daemon->dhcp_server_port = DHCP_SERVER_PORT; 
>>> daemon->default_resolv.is_default = 1;
>> 
>> I am not qualified to determine if your patch is the right
>> solution to your problem, but FWIW, I find this patch clear
>> enough and I assume you have tested it :) and that it actually
>> solves the issue for you. The only two remarks I have are:
>> 
>> - it would be nice to also add a description for the option and
>> its rationale to the manpage;
>> 
>> - is there a way for dnsmasq to detect excessive backlog and emit
>> a diagnostic message pointing the operator to the existence and
>> use of the listen-backlog option, and if so, could you add this
>> to the patch?
>> 
>> Note that I am in no way a maintainer of dnsmasq, so neither my
>> review nor my questions should be mistaken for an acceptation of
>> the patch -- only Simon can accept patches.
>> 
>> Amicalement, -- Albert.
>> 
> 
> 
> 
> 
> 
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJYVBmZAAoJEBXN2mrhkTWiTikP+QEfhMDUQNZelntqhg/4u6n5
q6/VKjRetV3Aq6tYBPSXN08hDOcTcLeKBrn2i3zK+/E78NVMcvQ1VmHOH/9yNEtS
o/QnOGtAOA0vdRZOFJ4smnPoK/gNqswZIoZe1FUvK8IkdC6BFCh6MeXHh+tp5ZnY
Q8RUuS1B+ipI280UMb1E6h4D9F2k1M3fjEPyl3Gd8OIvQKRQMrk3DX3A15wpXEK7
CKMakA2PSKraLJuhKqvtjjsUQIKzV1PWcflZmh1bKyRTDRC4ft0KbQK4BH0luyGl
k0NvLwK8Pce00KaleOOdYS8Pwq6/5wNoq9Q6bJlYCnlRLLyfO0J2bsX8O5mX0rM3
/uT10Z+EM0UZ3feJP8CYs9+B5eX034C6pGVV5C8YD85EDlm/dVehhxKiPtS+L6oL
Q4+LjpGo9BgVdqXfOpq7nM+biZ89/Z3GPyTcBrd6PwAgvsQn94Uq8cC2MwmsHop9
KR9Miha9V7D0SyMh6FwdZEG5ZlJMQXzPWbvvnbOBW1pa8PJiuRWlh1ouh+bk+wgY
b7ynf5ay6ltJQjTgukD+uD/fq0Lo0S2ezJgJJChIcYK/66S5/IwSiUgsrQm1OCnm
G4KZKBsctWoXUERj9sqPtb5Jm8Itk7H32epscs0XxeLkI+Mb+GXHXi2+bpEUvZX8
t+vd1Xhykzt6PaMUYOfT
=vgdg
-----END PGP SIGNATURE-----