[Dnsmasq-discuss] listen-backlog option to override default (too small) value

Donatas Abraitis donatas.abraitis at gmail.com
Fri Dec 16 19:31:39 GMT 2016


Well, it depends, in our case it's enough 32, never hit this value still.

Sent from my iPhone

> On 16 Dec 2016, at 18:43, Simon Kelley <simon at thekelleys.org.uk> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> What backlog parameter works well for you?
> 
> I'm happy to apply the patch if this is a dial that really needs to be
> tweakable, but if there are no downsides to moving the fixed backlog
> limit from 5 to 50 or 500, then let's just do that. There's no point
> in making people apply arbitrary configuration options if it can just
> work.
> 
> 
> Cheers,
> 
> Simon.
> 
> 
> 
>> On 07/12/16 13:43, Donatas Abraitis wrote:
>> Of course patch is tested ;-) Some output: % ./src/dnsmasq --port
>> 1025 --listen-backlog 100 % ss -ntl sport = :1025 Recv-Q Send-Q 
>> Local Address:Port Peer Address:Port 0 100 :::1025 :::* 0 100 
>> *:1025
>> 
>> On Wed, Dec 7, 2016 at 3:28 PM, Albert ARIBAUD
>> <albert.aribaud at free.fr> wrote:
>> 
>>> Hi Donatas,
>>> 
>>> Le Wed, 7 Dec 2016 14:43:22 +0200 Donatas Abraitis
>>> <donatas.abraitis at gmail.com> a écrit:
>>> 
>>>> Hi folks,
>>>> 
>>>> for our case at Hostinger, we have a problem while too much 
>>>> TcpListenOverflows: [root at us-imm-dns1 ~]# nstat -az | grep
>>>> TcpExtListenOverflows TcpExtListenOverflows           299
>>>> 0.0 [root at us-imm-dns1 ~]# ss -ntl sport = :53 State
>>>> Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN
>>>> 0 5 *:53 *:* LISTEN      0 5 :::53 :::*
>>>> 
>>>> probe kernel.function("tcp_check_req") { tcphdr =
>>>> __get_skb_tcphdr($skb); dport = __tcp_skb_dport(tcphdr) if
>>>> ($sk->sk_ack_backlog > $sk->sk_max_ack_backlog) printf("listen
>>>> queue for port(%d): %d/%d\n", dport, $sk->sk_ack_backlog, 
>>>> $sk->sk_max_ack_backlog); }
>>>> 
>>>> [root at us-imm-dns1 ~]# staprun overflow.ko listen queue for
>>>> port(53): 13/5 listen queue for port(53): 13/5 listen queue for
>>>> port(53): 14/5
>>>> 
>>>> here is the proposed patch:
>>>> 
>>>> commit fa610cd424b905720832afc8636373bb132f49c1 Author: Donatas
>>>> Abraitis <donatas.abraitis at gmail.com> Date:   Sun Dec 9
>>>> 09:58:51 2012 +0200
>>>> 
>>>> Add `listen-backlog` option to override default 5 (too small)
>>>> 
>>>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h index
>>>> 4b55bb5..b717df3 100644 --- a/src/dnsmasq.h +++
>>>> b/src/dnsmasq.h @@ -980,6 +980,7 @@ extern struct daemon { 
>>>> struct dhcp_netid_list *force_broadcast, *bootp_dynamic; struct
>>>> hostsfile *dhcp_hosts_file, *dhcp_opts_file, *dynamic_dirs; int
>>>> dhcp_max, tftp_max, tftp_mtu; +  int listen_backlog; int
>>>> dhcp_server_port, dhcp_client_port; int start_tftp_port,
>>>> end_tftp_port; unsigned int min_leasetime; diff --git
>>>> a/src/network.c b/src/network.c index d87d08f..1e9d188 100644 
>>>> --- a/src/network.c +++ b/src/network.c @@ -746,7 +746,7 @@
>>>> static int make_sock(union mysockaddr *addr, int type, int
>>>> dienow)
>>>> 
>>>> if (type == SOCK_STREAM) { -      if (listen(fd, 5) == -1) +
>>>> if (listen(fd, daemon->listen_backlog) == -1) goto err; } else
>>>> if (family == AF_INET) diff --git a/src/option.c
>>>> b/src/option.c index d0d9509..220303e 100644 ---
>>>> a/src/option.c +++ b/src/option.c @@ -159,6 +159,7 @@ struct
>>>> myoption { #define LOPT_SCRIPT_ARP    347 #define LOPT_DHCPTTL
>>>> 348 #define LOPT_TFTP_MTU      349 +#define LOPT_BACKLOG
>>>> 350
>>>> 
>>>> #ifdef HAVE_GETOPT_LONG static const struct option opts[] = @@
>>>> -190,6 +191,7 @@ static const struct myoption opts[] = {
>>>> "domain-suffix", 1, 0, 's' }, { "interface", 1, 0, 'i' }, {
>>>> "listen-address", 1, 0, 'a' }, +    { "listen-backlog", 1, 0,
>>>> LOPT_BACKLOG }, { "local-service", 0, 0, LOPT_LOCAL_SERVICE }, 
>>>> { "bogus-priv", 0, 0, 'b' }, { "bogus-nxdomain", 1, 0, 'B' }, 
>>>> @@ -394,6 +396,7 @@ static struct { { 't', ARG_ONE,
>>>> "<host_name>", gettext_noop("Specify default target in an MX
>>>> record."), NULL }, { 'T', ARG_ONE, "<integer>",
>>>> gettext_noop("Specify time-to-live in seconds for replies from
>>>> /etc/hosts."), NULL }, { LOPT_NEGTTL, ARG_ONE, "<integer>",
>>>> gettext_noop("Specify time-to-live in seconds for negative
>>>> caching."), NULL }, +  { LOPT_BACKLOG, ARG_ONE, "<integer>",
>>>> gettext_noop("Set the backlog queue limit."), NULL }, {
>>>> LOPT_MAXTTL, ARG_ONE, "<integer>", gettext_noop("Specify 
>>>> time-to-live in seconds for maximum TTL to send to clients."),
>>>> NULL }, { LOPT_MAXCTTL, ARG_ONE, "<integer>",
>>>> gettext_noop("Specify time-to-live ceiling for cache."), NULL
>>>> }, { LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify 
>>>> time-to-live floor for cache."), NULL }, @@ -2286,7 +2289,11 @@
>>>> static int one_opt(int option, char *arg, char *errstr, char
>>>> *gen_err, int comma ret_err(gen_err); /* error */ break; } - + 
>>>> +    case LOPT_BACKLOG: /* --listen-backlog */ +      if
>>>> (!atoi_check(arg, &daemon->listen_backlog)) +
>>>> ret_err(gen_err); +      break; case 'a':  /* --listen-address
>>>> */ case LOPT_AUTHPEER: /* --auth-peer */ do { @@ -4517,6
>>>> +4524,7 @@ void read_opts(int argc, char **argv, char 
>>>> *compile_opts) daemon->cachesize = CACHESIZ; daemon->ftabsize =
>>>> FTABSIZ; daemon->port = NAMESERVER_PORT; +
>>>> daemon->listen_backlog = 5; daemon->dhcp_client_port =
>>>> DHCP_CLIENT_PORT; daemon->dhcp_server_port = DHCP_SERVER_PORT; 
>>>> daemon->default_resolv.is_default = 1;
>>> 
>>> I am not qualified to determine if your patch is the right
>>> solution to your problem, but FWIW, I find this patch clear
>>> enough and I assume you have tested it :) and that it actually
>>> solves the issue for you. The only two remarks I have are:
>>> 
>>> - it would be nice to also add a description for the option and
>>> its rationale to the manpage;
>>> 
>>> - is there a way for dnsmasq to detect excessive backlog and emit
>>> a diagnostic message pointing the operator to the existence and
>>> use of the listen-backlog option, and if so, could you add this
>>> to the patch?
>>> 
>>> Note that I am in no way a maintainer of dnsmasq, so neither my
>>> review nor my questions should be mistaken for an acceptation of
>>> the patch -- only Simon can accept patches.
>>> 
>>> Amicalement, -- Albert.
>>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________ Dnsmasq-discuss
>> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk 
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
> 
> iQIcBAEBCAAGBQJYVBmZAAoJEBXN2mrhkTWiTikP+QEfhMDUQNZelntqhg/4u6n5
> q6/VKjRetV3Aq6tYBPSXN08hDOcTcLeKBrn2i3zK+/E78NVMcvQ1VmHOH/9yNEtS
> o/QnOGtAOA0vdRZOFJ4smnPoK/gNqswZIoZe1FUvK8IkdC6BFCh6MeXHh+tp5ZnY
> Q8RUuS1B+ipI280UMb1E6h4D9F2k1M3fjEPyl3Gd8OIvQKRQMrk3DX3A15wpXEK7
> CKMakA2PSKraLJuhKqvtjjsUQIKzV1PWcflZmh1bKyRTDRC4ft0KbQK4BH0luyGl
> k0NvLwK8Pce00KaleOOdYS8Pwq6/5wNoq9Q6bJlYCnlRLLyfO0J2bsX8O5mX0rM3
> /uT10Z+EM0UZ3feJP8CYs9+B5eX034C6pGVV5C8YD85EDlm/dVehhxKiPtS+L6oL
> Q4+LjpGo9BgVdqXfOpq7nM+biZ89/Z3GPyTcBrd6PwAgvsQn94Uq8cC2MwmsHop9
> KR9Miha9V7D0SyMh6FwdZEG5ZlJMQXzPWbvvnbOBW1pa8PJiuRWlh1ouh+bk+wgY
> b7ynf5ay6ltJQjTgukD+uD/fq0Lo0S2ezJgJJChIcYK/66S5/IwSiUgsrQm1OCnm
> G4KZKBsctWoXUERj9sqPtb5Jm8Itk7H32epscs0XxeLkI+Mb+GXHXi2+bpEUvZX8
> t+vd1Xhykzt6PaMUYOfT
> =vgdg
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list