socket: bump listen() backlog to INT_MAX everywhere

This is a rework of #24764 by Cristian Rodríguez <crodriguez@owncloud.com>, which stalled. Instead of assigning -1 we'll use a macro defined to INT_MAX however.
2024-10-27 01:55:22 +03:00 · 2023-06-13 10:15:59 +02:00 · 2023-06-13 10:15:59 +02:00 · 768fcd779f
commit 768fcd779f
parent 39b5f49f28
12 changed files with 28 additions and 20 deletions
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@ -341,12 +341,13 @@

      <varlistentry>
        <term><varname>Backlog=</varname></term>
-        <listitem><para>Takes an unsigned integer argument. Specifies
-        the number of connections to queue that have not been accepted
-        yet. This setting matters only for stream and sequential
-        packet sockets. See
-        <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry>
-        for details. Defaults to SOMAXCONN (128).</para></listitem>
+        <listitem><para>Takes an unsigned 32bit integer argument. Specifies the number of connections to
+        queue that have not been accepted yet. This setting matters only for stream and sequential packet
+        sockets. See
+        <citerefentry><refentrytitle>listen</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
+        details. Note that this value is silently capped by the <literal>net.core.somaxconn</literal> sysctl,
+        which typically defaults to 4096. By default this is set to 4294967295, so that the sysctl takes full
+        effect.</para></listitem>
      </varlistentry>

      <varlistentry>
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@ -354,3 +354,10 @@ int connect_unix_path(int fd, int dir_fd, const char *path);
 * protocol mismatch. */
 int socket_address_parse_unix(SocketAddress *ret_address, const char *s);
 int socket_address_parse_vsock(SocketAddress *ret_address, const char *s);
+
+/* libc's SOMAXCONN is defined to 128 or 4096 (at least on glibc). But actually, the value can be much
+ * larger. In our codebase we want to set it to the max usually, since noawadays socket memory is properly
+ * tracked by memcg, and hence we don't need to enforce extra limits here. Moreover, the kernel caps it to
+ * /proc/sys/net/core/somaxconn anyway, thus by setting this to unbounded we just make that sysctl file
+ * authoritative. */
+#define SOMAXCONN_DELUXE INT_MAX
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@ -972,7 +972,7 @@ int bus_init_private(Manager *m) {
        if (r < 0)
                return log_error_errno(errno, "Failed to bind private socket: %m");

-        r = listen(fd, SOMAXCONN);
+        r = listen(fd, SOMAXCONN_DELUXE);
        if (r < 0)
                return log_error_errno(errno, "Failed to make private socket listening: %m");

--- a/src/core/socket.c
+++ b/src/core/socket.c
@ -82,7 +82,7 @@ static void socket_init(Unit *u) {
        assert(u);
        assert(u->load_state == UNIT_STUB);

-        s->backlog = SOMAXCONN;
+        s->backlog = SOMAXCONN_DELUXE;
        s->timeout_usec = u->manager->default_timeout_start_usec;
        s->directory_mode = 0755;
        s->socket_mode = 0666;
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@ -938,7 +938,7 @@ int server_open_stdout_socket(Server *s, const char *stdout_socket) {

                (void) chmod(sa.un.sun_path, 0666);

-                if (listen(s->stdout_fd, SOMAXCONN) < 0)
+                if (listen(s->stdout_fd, SOMAXCONN_DELUXE) < 0)
                        return log_error_errno(errno, "listen(%s) failed: %m", sa.un.sun_path);
        } else
                (void) fd_nonblock(s->stdout_fd, true);
--- a/src/libsystemd/sd-bus/test-bus-watch-bind.c
+++ b/src/libsystemd/sd-bus/test-bus-watch-bind.c
@ -76,7 +76,7 @@ static void* thread_server(void *p) {
        assert_se(bind(fd, &u.sa, sa_len) >= 0);
        usleep(100 * USEC_PER_MSEC);

-        assert_se(listen(fd, SOMAXCONN) >= 0);
+        assert_se(listen(fd, SOMAXCONN_DELUXE) >= 0);
        usleep(100 * USEC_PER_MSEC);

        assert_se(touch(path) >= 0);
--- a/src/resolve/resolved-dns-stub.c
+++ b/src/resolve/resolved-dns-stub.c
@ -1205,7 +1205,7 @@ static int manager_dns_stub_fd(
                return -errno;

        if (type == SOCK_STREAM &&
-            listen(fd, SOMAXCONN) < 0)
+            listen(fd, SOMAXCONN_DELUXE) < 0)
                return -errno;

        r = sd_event_add_io(m->event, event_source, fd, EPOLLIN,
@ -1295,7 +1295,7 @@ static int manager_dns_stub_fd_extra(Manager *m, DnsStubListenerExtra *l, int ty
                goto fail;

        if (type == SOCK_STREAM &&
-            listen(fd, SOMAXCONN) < 0) {
+            listen(fd, SOMAXCONN_DELUXE) < 0) {
                r = -errno;
                goto fail;
        }
--- a/src/resolve/resolved-llmnr.c
+++ b/src/resolve/resolved-llmnr.c
@ -392,7 +392,7 @@ int manager_llmnr_ipv4_tcp_fd(Manager *m) {
                        return log_error_errno(r, "LLMNR-IPv4(TCP): Failed to set SO_REUSEADDR: %m");
        }

-        r = listen(s, SOMAXCONN);
+        r = listen(s, SOMAXCONN_DELUXE);
        if (r < 0)
                return log_error_errno(errno, "LLMNR-IPv4(TCP): Failed to listen the stream: %m");

@ -457,7 +457,7 @@ int manager_llmnr_ipv6_tcp_fd(Manager *m) {
                        return log_error_errno(r, "LLMNR-IPv6(TCP): Failed to set SO_REUSEADDR: %m");
        }

-        r = listen(s, SOMAXCONN);
+        r = listen(s, SOMAXCONN_DELUXE);
        if (r < 0)
                return log_error_errno(errno, "LLMNR-IPv6(TCP): Failed to listen the stream: %m");

--- a/src/shared/socket-netlink.c
+++ b/src/shared/socket-netlink.c
@ -180,7 +180,7 @@ int make_socket_fd(int log_level, const char* address, int type, int flags) {

        a.type = type;

-        fd = socket_address_listen(&a, type | flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT,
+        fd = socket_address_listen(&a, type | flags, SOMAXCONN_DELUXE, SOCKET_ADDRESS_DEFAULT,
                                   NULL, false, false, false, 0755, 0644, NULL);
        if (fd < 0 || log_get_max_level() >= log_level) {
                _cleanup_free_ char *p = NULL;
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@ -2750,7 +2750,7 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t
                        return r;
        }

-        if (listen(fd, SOMAXCONN) < 0)
+        if (listen(fd, SOMAXCONN_DELUXE) < 0)
                return -errno;

        r = varlink_server_create_listen_fd_socket(s, fd, &ss);
--- a/src/test/test-socket-util.c
+++ b/src/test/test-socket-util.c
@ -444,9 +444,9 @@ TEST(flush_accept) {
        assert_se(flush_accept(listen_dgram) < 0);
        assert_se(flush_accept(listen_seqpacket) < 0);

-        assert_se(listen(listen_stream, SOMAXCONN) >= 0);
-        assert_se(listen(listen_dgram, SOMAXCONN) < 0);
-        assert_se(listen(listen_seqpacket, SOMAXCONN) >= 0);
+        assert_se(listen(listen_stream, SOMAXCONN_DELUXE) >= 0);
+        assert_se(listen(listen_dgram, SOMAXCONN_DELUXE) < 0);
+        assert_se(listen(listen_seqpacket, SOMAXCONN_DELUXE) >= 0);

        assert_se(flush_accept(listen_stream) >= 0);
        assert_se(flush_accept(listen_dgram) < 0);
--- a/src/userdb/userdbd-manager.c
+++ b/src/userdb/userdbd-manager.c
@ -272,7 +272,7 @@ int manager_startup(Manager *m) {
                if (r < 0)
                        return log_error_errno(r, "Failed to bind io.systemd.Multiplexer: %m");

-                if (listen(m->listen_fd, SOMAXCONN) < 0)
+                if (listen(m->listen_fd, SOMAXCONN_DELUXE) < 0)
                        return log_error_errno(errno, "Failed to listen on socket: %m");
        }