tcp: Actually enforce MAX_CONNS limit

and, given that the connection table is indexed by socket number, we also need to increase MAX_CONNS now as the ICMP implementation needs 2^17 sockets, that will be opened before TCP connections are accepted. This needs to be changed later: the connection table should be indexed by a translated number -- we're wasting 2^17 table entries otherwise. Move initialisation of TCP listening sockets as last per-protocol initialisation, this will make it easier. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2021-05-21 11:14:50 +02:00 · 2021-05-21 11:14:50 +02:00 · bd5aaaac7f
commit bd5aaaac7f
parent d303cfdd55
2 changed files with 12 additions and 2 deletions
--- a/passt.c
+++ b/passt.c
@ -787,7 +787,7 @@ int main(int argc, char **argv)

 	fd_unix = sock_unix();

-	if (icmp_sock_init(&c) || tcp_sock_init(&c) || udp_sock_init(&c))
+	if (icmp_sock_init(&c) || udp_sock_init(&c) || tcp_sock_init(&c))
 		exit(EXIT_FAILURE);

 	if (c.v6)
--- a/tcp.c
+++ b/tcp.c
@ -319,7 +319,7 @@
 #include "siphash.h"

 /* Approximately maximum number of open descriptors per process */
-#define MAX_CONNS			(256 * 1024)
+#define MAX_CONNS			(1024 * 1024)

 #define TCP_HASH_TABLE_LOAD		70		/* % */
 #define TCP_HASH_TABLE_SIZE		(MAX_CONNS * 100 / TCP_HASH_TABLE_LOAD)
@ -924,6 +924,11 @@ static void tcp_conn_from_tap(struct ctx *c, int af, void *addr,
 	if (s < 0)
 		return;

+	if (s >= MAX_CONNS) {
+		close(s);
+		return;
+	}
+
 	tc[s].mss_guest = tcp_opt_get(th, len, OPT_MSS, NULL, NULL);
 	if (tc[s].mss_guest < 0)
 		tc[s].mss_guest = MSS_DEFAULT;
@ -1003,6 +1008,11 @@ static void tcp_conn_from_sock(struct ctx *c, int fd, struct timespec *now)
 	if (s == -1)
 		return;

+	if (s >= MAX_CONNS) {
+		close(s);
+		return;
+	}
+
 	CHECK_SET_MIN_MAX(c->tcp.fd_, s);
 	CHECK_SET_MIN_MAX(c->tcp.fd_conn_, s);