[Dnsmasq-discuss] listen-backlog option to override default (too small) value

Simon Kelley simon at thekelleys.org.uk
Mon Dec 19 11:48:10 GMT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I think the simple solution to this is

1) Make this a compile-time option in /src/config.h
2) Bump the default to 50.


Does that sound reasonable?


Cheers,

Simon.


On 16/12/16 19:31, Donatas Abraitis wrote:
> Well, it depends, in our case it's enough 32, never hit this value
> still.
> 
> Sent from my iPhone
> 
>> On 16 Dec 2016, at 18:43, Simon Kelley <simon at thekelleys.org.uk>
>> wrote:
>> 
> What backlog parameter works well for you?
> 
> I'm happy to apply the patch if this is a dial that really needs to
> be tweakable, but if there are no downsides to moving the fixed
> backlog limit from 5 to 50 or 500, then let's just do that. There's
> no point in making people apply arbitrary configuration options if
> it can just work.
> 
> 
> Cheers,
> 
> Simon.
> 
> 
> 
>>>> On 07/12/16 13:43, Donatas Abraitis wrote: Of course patch is
>>>> tested ;-) Some output: % ./src/dnsmasq --port 1025
>>>> --listen-backlog 100 % ss -ntl sport = :1025 Recv-Q Send-Q 
>>>> Local Address:Port Peer Address:Port 0 100 :::1025 :::* 0 100
>>>>  *:1025
>>>> 
>>>> On Wed, Dec 7, 2016 at 3:28 PM, Albert ARIBAUD 
>>>> <albert.aribaud at free.fr> wrote:
>>>> 
>>>>> Hi Donatas,
>>>>> 
>>>>> Le Wed, 7 Dec 2016 14:43:22 +0200 Donatas Abraitis 
>>>>> <donatas.abraitis at gmail.com> a écrit:
>>>>> 
>>>>>> Hi folks,
>>>>>> 
>>>>>> for our case at Hostinger, we have a problem while too
>>>>>> much TcpListenOverflows: [root at us-imm-dns1 ~]# nstat -az
>>>>>> | grep TcpExtListenOverflows TcpExtListenOverflows
>>>>>> 299 0.0 [root at us-imm-dns1 ~]# ss -ntl sport = :53 State 
>>>>>> Recv-Q Send-Q Local Address:Port Peer Address:Port
>>>>>> LISTEN 0 5 *:53 *:* LISTEN      0 5 :::53 :::*
>>>>>> 
>>>>>> probe kernel.function("tcp_check_req") { tcphdr = 
>>>>>> __get_skb_tcphdr($skb); dport = __tcp_skb_dport(tcphdr)
>>>>>> if ($sk->sk_ack_backlog > $sk->sk_max_ack_backlog)
>>>>>> printf("listen queue for port(%d): %d/%d\n", dport,
>>>>>> $sk->sk_ack_backlog, $sk->sk_max_ack_backlog); }
>>>>>> 
>>>>>> [root at us-imm-dns1 ~]# staprun overflow.ko listen queue
>>>>>> for port(53): 13/5 listen queue for port(53): 13/5 listen
>>>>>> queue for port(53): 14/5
>>>>>> 
>>>>>> here is the proposed patch:
>>>>>> 
>>>>>> commit fa610cd424b905720832afc8636373bb132f49c1 Author:
>>>>>> Donatas Abraitis <donatas.abraitis at gmail.com> Date:   Sun
>>>>>> Dec 9 09:58:51 2012 +0200
>>>>>> 
>>>>>> Add `listen-backlog` option to override default 5 (too
>>>>>> small)
>>>>>> 
>>>>>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 
>>>>>> 4b55bb5..b717df3 100644 --- a/src/dnsmasq.h +++ 
>>>>>> b/src/dnsmasq.h @@ -980,6 +980,7 @@ extern struct daemon
>>>>>> { struct dhcp_netid_list *force_broadcast,
>>>>>> *bootp_dynamic; struct hostsfile *dhcp_hosts_file,
>>>>>> *dhcp_opts_file, *dynamic_dirs; int dhcp_max, tftp_max,
>>>>>> tftp_mtu; +  int listen_backlog; int dhcp_server_port,
>>>>>> dhcp_client_port; int start_tftp_port, end_tftp_port;
>>>>>> unsigned int min_leasetime; diff --git a/src/network.c
>>>>>> b/src/network.c index d87d08f..1e9d188 100644 ---
>>>>>> a/src/network.c +++ b/src/network.c @@ -746,7 +746,7 @@ 
>>>>>> static int make_sock(union mysockaddr *addr, int type,
>>>>>> int dienow)
>>>>>> 
>>>>>> if (type == SOCK_STREAM) { -      if (listen(fd, 5) ==
>>>>>> -1) + if (listen(fd, daemon->listen_backlog) == -1) goto
>>>>>> err; } else if (family == AF_INET) diff --git
>>>>>> a/src/option.c b/src/option.c index d0d9509..220303e
>>>>>> 100644 --- a/src/option.c +++ b/src/option.c @@ -159,6
>>>>>> +159,7 @@ struct myoption { #define LOPT_SCRIPT_ARP
>>>>>> 347 #define LOPT_DHCPTTL 348 #define LOPT_TFTP_MTU
>>>>>> 349 +#define LOPT_BACKLOG 350
>>>>>> 
>>>>>> #ifdef HAVE_GETOPT_LONG static const struct option opts[]
>>>>>> = @@ -190,6 +191,7 @@ static const struct myoption opts[]
>>>>>> = { "domain-suffix", 1, 0, 's' }, { "interface", 1, 0,
>>>>>> 'i' }, { "listen-address", 1, 0, 'a' }, +    {
>>>>>> "listen-backlog", 1, 0, LOPT_BACKLOG }, {
>>>>>> "local-service", 0, 0, LOPT_LOCAL_SERVICE }, {
>>>>>> "bogus-priv", 0, 0, 'b' }, { "bogus-nxdomain", 1, 0, 'B'
>>>>>> }, @@ -394,6 +396,7 @@ static struct { { 't', ARG_ONE, 
>>>>>> "<host_name>", gettext_noop("Specify default target in an
>>>>>> MX record."), NULL }, { 'T', ARG_ONE, "<integer>", 
>>>>>> gettext_noop("Specify time-to-live in seconds for replies
>>>>>> from /etc/hosts."), NULL }, { LOPT_NEGTTL, ARG_ONE,
>>>>>> "<integer>", gettext_noop("Specify time-to-live in
>>>>>> seconds for negative caching."), NULL }, +  {
>>>>>> LOPT_BACKLOG, ARG_ONE, "<integer>", gettext_noop("Set the
>>>>>> backlog queue limit."), NULL }, { LOPT_MAXTTL, ARG_ONE,
>>>>>> "<integer>", gettext_noop("Specify time-to-live in
>>>>>> seconds for maximum TTL to send to clients."), NULL }, {
>>>>>> LOPT_MAXCTTL, ARG_ONE, "<integer>", gettext_noop("Specify
>>>>>> time-to-live ceiling for cache."), NULL }, {
>>>>>> LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify
>>>>>>  time-to-live floor for cache."), NULL }, @@ -2286,7
>>>>>> +2289,11 @@ static int one_opt(int option, char *arg,
>>>>>> char *errstr, char *gen_err, int comma ret_err(gen_err);
>>>>>> /* error */ break; } - + +    case LOPT_BACKLOG: /*
>>>>>> --listen-backlog */ +      if (!atoi_check(arg,
>>>>>> &daemon->listen_backlog)) + ret_err(gen_err); +
>>>>>> break; case 'a':  /* --listen-address */ case
>>>>>> LOPT_AUTHPEER: /* --auth-peer */ do { @@ -4517,6 +4524,7
>>>>>> @@ void read_opts(int argc, char **argv, char 
>>>>>> *compile_opts) daemon->cachesize = CACHESIZ;
>>>>>> daemon->ftabsize = FTABSIZ; daemon->port =
>>>>>> NAMESERVER_PORT; + daemon->listen_backlog = 5;
>>>>>> daemon->dhcp_client_port = DHCP_CLIENT_PORT;
>>>>>> daemon->dhcp_server_port = DHCP_SERVER_PORT; 
>>>>>> daemon->default_resolv.is_default = 1;
>>>>> 
>>>>> I am not qualified to determine if your patch is the right 
>>>>> solution to your problem, but FWIW, I find this patch
>>>>> clear enough and I assume you have tested it :) and that it
>>>>> actually solves the issue for you. The only two remarks I
>>>>> have are:
>>>>> 
>>>>> - it would be nice to also add a description for the option
>>>>> and its rationale to the manpage;
>>>>> 
>>>>> - is there a way for dnsmasq to detect excessive backlog
>>>>> and emit a diagnostic message pointing the operator to the
>>>>> existence and use of the listen-backlog option, and if so,
>>>>> could you add this to the patch?
>>>>> 
>>>>> Note that I am in no way a maintainer of dnsmasq, so
>>>>> neither my review nor my questions should be mistaken for
>>>>> an acceptation of the patch -- only Simon can accept
>>>>> patches.
>>>>> 
>>>>> Amicalement, -- Albert.
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Dnsmasq-discuss mailing list
>>>> Dnsmasq-discuss at lists.thekelleys.org.uk 
>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>>
>>
>>
>>>> 
_______________________________________________
>> Dnsmasq-discuss mailing list 
>> Dnsmasq-discuss at lists.thekelleys.org.uk 
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJYV8j6AAoJEBXN2mrhkTWiegEP/2ys9Er9HMtDlOWbqTURfzNR
7aMfVPHpEPcWMHQX9xROBWCw2I7uqpqKtNOQxmcWtU1E289CRMKCBztIxvxMCDgx
kxVCWMuVfeVafH+4dbqAtOEQQbIwkKninZs8fi6zi4cWIhVB/7aEmD3kaFNRtKfq
8MeVc57Rd6yRJnft/fRupGrbPbHa0RuKLwVtaY3CXjmAELecObal/gZ2NsAMn6HE
dbAJq9G6+Nl2yeePgSds/bG4h8IwDX5nD3RjI+iPqP/MM6ADgih5bTZyFmhtDksn
ubBe6hkVgye11fP0wfVXYprPUacPn9SiVArJt216GndxFiOZ/Nvoq0TNwkjF0csf
K78rdo3Zr5Bu9v+jQig48+Xo4e2Sx4lbgCnbslcqzTox92mU9zPZfLgoUah6CEQ4
XuNY2BuklMk8mPQxbDMHZLj3DxqqQl2pVgpmAwdYWmO9fcDeadF6DPfXUVzYRhMq
jI2kBHBPhtP1rJmY6uobAAaXL1+eZ2iSlZ+17DgnLs3+mqrvNWCpwAO3BcL2hl7B
tkRJO00+dybxbX7hE3m57iH3sVgSyE/XRrJ9g5ZV6wausoZuyNaNBzjTFq/5Pm9X
FmZr7tp5/exQ2I8yhGRo3r0l30330IyoPRRW4iZvzn0k5J2zTHdAtqVN7g1vNYAd
0ciklq1NCYT4g3FJQmy3
=Ql1Y
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list