[PATCH] net: set default value for somaxconn

[PATCH] net: set default value for somaxconn

[Roman Kapl]

The default value for somaxconn is set in sysctl_core_net_init(), but this
function is not called when kernel is configured without CONFIG_SYSCTL.

This results in the kernel not being able to accept TCP connections,
because the backlog has zero size. Usually, the user ends up with:
"TCP: request_sock_TCP: Possible SYN flooding on port 7. Dropping request.  Check SNMP counters."

Before ef547f2ac16 (tcp: remove max_qlen_log), the effects were less
severe, because the backlog was always at least eight slots long.

Signed-off-by: Roman Kapl <roman.kapl@sysgo.com>
---
 net/core/net_namespace.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 1934efd..4f3bbff 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -37,6 +37,9 @@ EXPORT_SYMBOL_GPL(net_namespace_list);
 struct net init_net = {
 	.count		= ATOMIC_INIT(1),
 	.dev_base_head	= LIST_HEAD_INIT(init_net.dev_base_head),
+	.core = {
+		.sysctl_somaxconn = SOMAXCONN,
+	},
 };
 EXPORT_SYMBOL(init_net);
 
-- 
2.10.1

Re: [PATCH] net: set default value for somaxconn

[David Miller]

From: Roman Kapl <roman.kapl@sysgo.com>
Date: Mon, 22 May 2017 14:22:41 +0200

> The default value for somaxconn is set in sysctl_core_net_init(), but this
> function is not called when kernel is configured without CONFIG_SYSCTL.
> 
> This results in the kernel not being able to accept TCP connections,
> because the backlog has zero size. Usually, the user ends up with:
> "TCP: request_sock_TCP: Possible SYN flooding on port 7. Dropping request.  Check SNMP counters."
> 
> Before ef547f2ac16 (tcp: remove max_qlen_log), the effects were less
> severe, because the backlog was always at least eight slots long.
> 
> Signed-off-by: Roman Kapl <roman.kapl@sysgo.com>

I see the problem, but this changes behavior.

Existing code will set somaxconn to the default value for every namespace
that is created.

But with you changes, any modification made to init_net's value will
get inherited by any namespace created as a child thereafterwards.

You really need to make this happen via pernet_operations, or even
inside of setup_net().

Re: [PATCH] net: set default value for somaxconn

[Roman Kapl]

On 05/22/2017 08:18 PM, David Miller wrote:
> From: Roman Kapl <roman.kapl@sysgo.com>
> Date: Mon, 22 May 2017 14:22:41 +0200
>
>> The default value for somaxconn is set in sysctl_core_net_init(), but this
>> function is not called when kernel is configured without CONFIG_SYSCTL.
>>
>> This results in the kernel not being able to accept TCP connections,
>> because the backlog has zero size. Usually, the user ends up with:
>> "TCP: request_sock_TCP: Possible SYN flooding on port 7. Dropping request.  Check SNMP counters."
>>
>> Before ef547f2ac16 (tcp: remove max_qlen_log), the effects were less
>> severe, because the backlog was always at least eight slots long.
>>
>> Signed-off-by: Roman Kapl <roman.kapl@sysgo.com>
> I see the problem, but this changes behavior.
>
> Existing code will set somaxconn to the default value for every namespace
> that is created.
>
> But with you changes, any modification made to init_net's value will
> get inherited by any namespace created as a child thereafterwards.
Hmm, I can not find where somaxconn is inherited. But I see this needs 
to be per-net.
>
> You really need to make this happen via pernet_operations, or even
> inside of setup_net().
I will create new pernet_operations in net_namespace.c, move the 
somaxconn initialization there and send a new patch.

Thanks for comments, Roman Kapl