[Dnsmasq-discuss] listen-backlog option to override default (too small) value

Simon Kelley simon at thekelleys.org.uk
Thu Dec 22 22:39:45 GMT 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Done.

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=09b768efa456fb
49f21e7ed19761ff24988464b9


Cheers,

Simon.


On 19/12/16 12:00, Donatas Abraitis wrote:
> Ok
> 
> Sent from my iPhone
> 
>> On 19 Dec 2016, at 13:48, Simon Kelley <simon at thekelleys.org.uk>
>> wrote:
>> 
> I think the simple solution to this is
> 
> 1) Make this a compile-time option in /src/config.h 2) Bump the
> default to 50.
> 
> 
> Does that sound reasonable?
> 
> 
> Cheers,
> 
> Simon.
> 
> 
>>>> On 16/12/16 19:31, Donatas Abraitis wrote: Well, it depends,
>>>> in our case it's enough 32, never hit this value still.
>>>> 
>>>> Sent from my iPhone
>>>> 
>>>>> On 16 Dec 2016, at 18:43, Simon Kelley
>>>>> <simon at thekelleys.org.uk> wrote:
>>>>> 
>>>> What backlog parameter works well for you?
>>>> 
>>>> I'm happy to apply the patch if this is a dial that really
>>>> needs to be tweakable, but if there are no downsides to
>>>> moving the fixed backlog limit from 5 to 50 or 500, then
>>>> let's just do that. There's no point in making people apply
>>>> arbitrary configuration options if it can just work.
>>>> 
>>>> 
>>>> Cheers,
>>>> 
>>>> Simon.
>>>> 
>>>> 
>>>> 
>>>>>>> On 07/12/16 13:43, Donatas Abraitis wrote: Of course
>>>>>>> patch is tested ;-) Some output: % ./src/dnsmasq --port
>>>>>>> 1025 --listen-backlog 100 % ss -ntl sport = :1025
>>>>>>> Recv-Q Send-Q Local Address:Port Peer Address:Port 0
>>>>>>> 100 :::1025 :::* 0 100 *:1025
>>>>>>> 
>>>>>>> On Wed, Dec 7, 2016 at 3:28 PM, Albert ARIBAUD 
>>>>>>> <albert.aribaud at free.fr> wrote:
>>>>>>> 
>>>>>>>> Hi Donatas,
>>>>>>>> 
>>>>>>>> Le Wed, 7 Dec 2016 14:43:22 +0200 Donatas Abraitis 
>>>>>>>> <donatas.abraitis at gmail.com> a écrit:
>>>>>>>> 
>>>>>>>>> Hi folks,
>>>>>>>>> 
>>>>>>>>> for our case at Hostinger, we have a problem while
>>>>>>>>> too much TcpListenOverflows: [root at us-imm-dns1 ~]#
>>>>>>>>> nstat -az | grep TcpExtListenOverflows
>>>>>>>>> TcpExtListenOverflows 299 0.0 [root at us-imm-dns1 ~]#
>>>>>>>>> ss -ntl sport = :53 State Recv-Q Send-Q Local
>>>>>>>>> Address:Port Peer Address:Port LISTEN 0 5 *:53 *:*
>>>>>>>>> LISTEN      0 5 :::53 :::*
>>>>>>>>> 
>>>>>>>>> probe kernel.function("tcp_check_req") { tcphdr = 
>>>>>>>>> __get_skb_tcphdr($skb); dport =
>>>>>>>>> __tcp_skb_dport(tcphdr) if ($sk->sk_ack_backlog >
>>>>>>>>> $sk->sk_max_ack_backlog) printf("listen queue for
>>>>>>>>> port(%d): %d/%d\n", dport, $sk->sk_ack_backlog,
>>>>>>>>> $sk->sk_max_ack_backlog); }
>>>>>>>>> 
>>>>>>>>> [root at us-imm-dns1 ~]# staprun overflow.ko listen
>>>>>>>>> queue for port(53): 13/5 listen queue for port(53):
>>>>>>>>> 13/5 listen queue for port(53): 14/5
>>>>>>>>> 
>>>>>>>>> here is the proposed patch:
>>>>>>>>> 
>>>>>>>>> commit fa610cd424b905720832afc8636373bb132f49c1
>>>>>>>>> Author: Donatas Abraitis
>>>>>>>>> <donatas.abraitis at gmail.com> Date:   Sun Dec 9
>>>>>>>>> 09:58:51 2012 +0200
>>>>>>>>> 
>>>>>>>>> Add `listen-backlog` option to override default 5
>>>>>>>>> (too small)
>>>>>>>>> 
>>>>>>>>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h index 
>>>>>>>>> 4b55bb5..b717df3 100644 --- a/src/dnsmasq.h +++ 
>>>>>>>>> b/src/dnsmasq.h @@ -980,6 +980,7 @@ extern struct
>>>>>>>>> daemon { struct dhcp_netid_list *force_broadcast, 
>>>>>>>>> *bootp_dynamic; struct hostsfile *dhcp_hosts_file, 
>>>>>>>>> *dhcp_opts_file, *dynamic_dirs; int dhcp_max,
>>>>>>>>> tftp_max, tftp_mtu; +  int listen_backlog; int
>>>>>>>>> dhcp_server_port, dhcp_client_port; int
>>>>>>>>> start_tftp_port, end_tftp_port; unsigned int
>>>>>>>>> min_leasetime; diff --git a/src/network.c 
>>>>>>>>> b/src/network.c index d87d08f..1e9d188 100644 --- 
>>>>>>>>> a/src/network.c +++ b/src/network.c @@ -746,7
>>>>>>>>> +746,7 @@ static int make_sock(union mysockaddr
>>>>>>>>> *addr, int type, int dienow)
>>>>>>>>> 
>>>>>>>>> if (type == SOCK_STREAM) { -      if (listen(fd, 5)
>>>>>>>>> == -1) + if (listen(fd, daemon->listen_backlog) ==
>>>>>>>>> -1) goto err; } else if (family == AF_INET) diff
>>>>>>>>> --git a/src/option.c b/src/option.c index
>>>>>>>>> d0d9509..220303e 100644 --- a/src/option.c +++
>>>>>>>>> b/src/option.c @@ -159,6 +159,7 @@ struct myoption
>>>>>>>>> { #define LOPT_SCRIPT_ARP 347 #define LOPT_DHCPTTL
>>>>>>>>> 348 #define LOPT_TFTP_MTU 349 +#define LOPT_BACKLOG
>>>>>>>>> 350
>>>>>>>>> 
>>>>>>>>> #ifdef HAVE_GETOPT_LONG static const struct option
>>>>>>>>> opts[] = @@ -190,6 +191,7 @@ static const struct
>>>>>>>>> myoption opts[] = { "domain-suffix", 1, 0, 's' }, {
>>>>>>>>> "interface", 1, 0, 'i' }, { "listen-address", 1, 0,
>>>>>>>>> 'a' }, +    { "listen-backlog", 1, 0, LOPT_BACKLOG
>>>>>>>>> }, { "local-service", 0, 0, LOPT_LOCAL_SERVICE },
>>>>>>>>> { "bogus-priv", 0, 0, 'b' }, { "bogus-nxdomain", 1,
>>>>>>>>> 0, 'B' }, @@ -394,6 +396,7 @@ static struct { {
>>>>>>>>> 't', ARG_ONE, "<host_name>", gettext_noop("Specify
>>>>>>>>> default target in an MX record."), NULL }, { 'T',
>>>>>>>>> ARG_ONE, "<integer>", gettext_noop("Specify
>>>>>>>>> time-to-live in seconds for replies from
>>>>>>>>> /etc/hosts."), NULL }, { LOPT_NEGTTL, ARG_ONE, 
>>>>>>>>> "<integer>", gettext_noop("Specify time-to-live in 
>>>>>>>>> seconds for negative caching."), NULL }, +  { 
>>>>>>>>> LOPT_BACKLOG, ARG_ONE, "<integer>",
>>>>>>>>> gettext_noop("Set the backlog queue limit."), NULL
>>>>>>>>> }, { LOPT_MAXTTL, ARG_ONE, "<integer>",
>>>>>>>>> gettext_noop("Specify time-to-live in seconds for
>>>>>>>>> maximum TTL to send to clients."), NULL }, { 
>>>>>>>>> LOPT_MAXCTTL, ARG_ONE, "<integer>",
>>>>>>>>> gettext_noop("Specify time-to-live ceiling for
>>>>>>>>> cache."), NULL }, { LOPT_MINCTTL, ARG_ONE,
>>>>>>>>> "<integer>", gettext_noop("Specify time-to-live
>>>>>>>>> floor for cache."), NULL }, @@ -2286,7 +2289,11 @@
>>>>>>>>> static int one_opt(int option, char *arg, char
>>>>>>>>> *errstr, char *gen_err, int comma
>>>>>>>>> ret_err(gen_err); /* error */ break; } - + +
>>>>>>>>> case LOPT_BACKLOG: /* --listen-backlog */ +      if
>>>>>>>>> (!atoi_check(arg, &daemon->listen_backlog)) +
>>>>>>>>> ret_err(gen_err); + break; case 'a':  /*
>>>>>>>>> --listen-address */ case LOPT_AUTHPEER: /*
>>>>>>>>> --auth-peer */ do { @@ -4517,6 +4524,7 @@ void
>>>>>>>>> read_opts(int argc, char **argv, char 
>>>>>>>>> *compile_opts) daemon->cachesize = CACHESIZ; 
>>>>>>>>> daemon->ftabsize = FTABSIZ; daemon->port = 
>>>>>>>>> NAMESERVER_PORT; + daemon->listen_backlog = 5; 
>>>>>>>>> daemon->dhcp_client_port = DHCP_CLIENT_PORT; 
>>>>>>>>> daemon->dhcp_server_port = DHCP_SERVER_PORT; 
>>>>>>>>> daemon->default_resolv.is_default = 1;
>>>>>>>> 
>>>>>>>> I am not qualified to determine if your patch is the
>>>>>>>> right solution to your problem, but FWIW, I find this
>>>>>>>> patch clear enough and I assume you have tested it :)
>>>>>>>> and that it actually solves the issue for you. The
>>>>>>>> only two remarks I have are:
>>>>>>>> 
>>>>>>>> - it would be nice to also add a description for the
>>>>>>>> option and its rationale to the manpage;
>>>>>>>> 
>>>>>>>> - is there a way for dnsmasq to detect excessive
>>>>>>>> backlog and emit a diagnostic message pointing the
>>>>>>>> operator to the existence and use of the
>>>>>>>> listen-backlog option, and if so, could you add this
>>>>>>>> to the patch?
>>>>>>>> 
>>>>>>>> Note that I am in no way a maintainer of dnsmasq, so 
>>>>>>>> neither my review nor my questions should be mistaken
>>>>>>>> for an acceptation of the patch -- only Simon can
>>>>>>>> accept patches.
>>>>>>>> 
>>>>>>>> Amicalement, -- Albert.
>>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> _______________________________________________ 
>>>>>>> Dnsmasq-discuss mailing list 
>>>>>>> Dnsmasq-discuss at lists.thekelleys.org.uk 
>>>>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>>>>>
>>>>>
>>>>>
>>>>>>>
>
>>>>>>> 
_______________________________________________
>>>>> Dnsmasq-discuss mailing list 
>>>>> Dnsmasq-discuss at lists.thekelleys.org.uk 
>>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJYXFYxAAoJEBXN2mrhkTWi2OcP/jl1Wc61cISmK1Ge350uUZL+
Xj3O0IztxoQtyARocZOn4XhlqAyy2ulLBZ2PJHRbku8+zQ89nmqiDFZQ1T97Zm+1
ndr3sHx0BP04JZY+jXWrWklQlOqSCZkpDLdDCQZICMXwG2FSjYfhu9hMgajrbjFI
oZF7wB23fJ9Dh+fpXiR4ZDRmUfNqtC9cVCRjzk/NfeJqiJCa0WlYx/F/pSwPeR73
2yBgNvRUf39KW/x418ty5qo6fy+S1MEh1v72VsrGQIQctgmtdENhFR/sS1EXRRUf
hQt2SedchmqOn7CIPsmzs0jcZc2y7fCZ+2YGdf+LCzx8jhSBJt31OYjAIDMKjPbE
OoLdDex0FH5kDM3uBU0M+NuwxPgB/6rSh+YqrwG87pFy/GwxtQLj+8Yll6Ynq/0l
XEkSkObjWbis2sjAW/vf9LokMAhRRCmp7/aG54csxJpNkY69B+cpy0AsQfh7seRz
nN9d7MEXzxtmncg+3ZcAWLSD0BUFup5W2XSuKJPuqVhZICTGaXi3akBkMucVbYvh
hE4klhGoOydCUZaLpao6pktZaDx4ZQW/RrmndxfGth3bdYsvcWTDJpIkemE6NB1g
skpadZrMK1udKme/aZgPePtDn4mssumfhB2aFFpBfuCwLlD5gvn5Ib4jrxtjipR6
wv9ntpdh2JLxCcQH6sP8
=F7a8
-----END PGP SIGNATURE-----

More information about the Dnsmasq-discuss mailing list