Subject: Re: New sysctl "net.listen_backlog"?
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Todd Vierling <firstname.lastname@example.org>
Date: 09/14/1998 20:36:30
On Mon, 14 Sep 1998, Jonathan Stone wrote:
: * a default SOMAXCONN of 128 or more;
Actually, SOMAXCONN _should_ be set to the upper hard limit, i.e. UINT_MAX.
The reason is simple - your app compiles with the macro's define of 128, you
up the limit via sysctl, and your app is still stuck at 128.
: * add an rc.conf variable and rc machinery to set
: the knob via sysctl;
Ah, thanks. Didn't think about this, because it has to be done before
: Todd is worrying about is someone sending a "fork bomb" to a daemon by
: opening full-fledged connections[*] at a higher rate than, say, an
: 11/750 or a 16Mhz i386 can fork() off children. So Todd wants the
: default value enforced by listen(2) to be conservative to prevent DoS
Right. And 16MHz i386, or, say a 25MHz A3000 are definitely in the same
boat as to fork-bombs launched at inetd. Though shared text helps, all that
context switching is a _bitch_ and the system will still thrash doing it.
: The other problem is that if the compile-time SOMAXCONN is too low,
: you need to recompile all your apps to get its listen(2) calls to ask
: for more than the default SOMAXCONN (i.e., 128 now). So we don't want
: the value of SOMAXCONN in sys/socket.h to be too low, or too many
: people end up recompiling everything. If Todd really has a case where
: 128 is too small, this may be a good time to bump SOMAXCONN to 256.
: But then we'd want another option to set the boot-time default used by
: listen(2) back to no more than 128. Sigh.
Kernel option, or hard code it in the sysctl spot.
-- Todd Vierling (Personal email@example.com; Bus. firstname.lastname@example.org)