tcp: Actually enforce MAX_CONNS limit

and, given that the connection table is indexed by socket number,
we also need to increase MAX_CONNS now as the ICMP implementation
needs 2^17 sockets, that will be opened before TCP connections are
accepted.

This needs to be changed later: the connection table should be
indexed by a translated number -- we're wasting 2^17 table entries
otherwise. Move initialisation of TCP listening sockets as last
per-protocol initialisation, this will make it easier.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio 2021-05-21 11:14:50 +02:00
parent d303cfdd55
commit bd5aaaac7f
2 changed files with 12 additions and 2 deletions

View file

@ -787,7 +787,7 @@ int main(int argc, char **argv)
fd_unix = sock_unix();
if (icmp_sock_init(&c) || tcp_sock_init(&c) || udp_sock_init(&c))
if (icmp_sock_init(&c) || udp_sock_init(&c) || tcp_sock_init(&c))
exit(EXIT_FAILURE);
if (c.v6)

12
tcp.c
View file

@ -319,7 +319,7 @@
#include "siphash.h"
/* Approximately maximum number of open descriptors per process */
#define MAX_CONNS (256 * 1024)
#define MAX_CONNS (1024 * 1024)
#define TCP_HASH_TABLE_LOAD 70 /* % */
#define TCP_HASH_TABLE_SIZE (MAX_CONNS * 100 / TCP_HASH_TABLE_LOAD)
@ -924,6 +924,11 @@ static void tcp_conn_from_tap(struct ctx *c, int af, void *addr,
if (s < 0)
return;
if (s >= MAX_CONNS) {
close(s);
return;
}
tc[s].mss_guest = tcp_opt_get(th, len, OPT_MSS, NULL, NULL);
if (tc[s].mss_guest < 0)
tc[s].mss_guest = MSS_DEFAULT;
@ -1003,6 +1008,11 @@ static void tcp_conn_from_sock(struct ctx *c, int fd, struct timespec *now)
if (s == -1)
return;
if (s >= MAX_CONNS) {
close(s);
return;
}
CHECK_SET_MIN_MAX(c->tcp.fd_, s);
CHECK_SET_MIN_MAX(c->tcp.fd_conn_, s);