diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2010-11-30 14:38:46 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2010-11-30 14:38:46 +0000 |
| commit | 7ea40dff4280f76e0960ee9f89356940ef086de8 (patch) | |
| tree | 6b9fb3462a9cbdc8af6180a1105ce6e1ca1d2169 | |
| parent | 9620c54f3a872c8681d22dc31eaecc6545b83540 (diff) | |
The relayd processes did already bump up the socket file descriptor
resource limits to the maximum of the daemon class but the host check
process (hce/health checks) didn't and was limited to a fairly low
default of 128 open sockets (openfiles-cur=128 in login.conf). This
was reached fairly quickly with "check tcp" of many hosts. This diff
increases the maximum number of monitored hosts and concurrent health
checks in relayd in a significant way and may fix issues for people
that have around 100 or more hosts (or fewer hosts with multiple checked
ports).
tested by phessler@
ok jsg@
| -rw-r--r-- | usr.sbin/relayd/check_tcp.c | 11 | ||||
| -rw-r--r-- | usr.sbin/relayd/hce.c | 5 | ||||
| -rw-r--r-- | usr.sbin/relayd/log.c | 12 | ||||
| -rw-r--r-- | usr.sbin/relayd/relay.c | 17 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.c | 24 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.h | 7 |
6 files changed, 52 insertions, 24 deletions
diff --git a/usr.sbin/relayd/check_tcp.c b/usr.sbin/relayd/check_tcp.c index 65c3734b913..c7ea204b438 100644 --- a/usr.sbin/relayd/check_tcp.c +++ b/usr.sbin/relayd/check_tcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: check_tcp.c,v 1.37 2010/05/26 13:56:08 nicm Exp $ */ +/* $OpenBSD: check_tcp.c,v 1.38 2010/11/30 14:38:45 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -54,7 +54,7 @@ check_tcp(struct ctl_tcp_event *cte) socklen_t len; struct timeval tv; struct linger lng; - int he = HCE_TCP_CONNECT_ERROR; + int he = HCE_TCP_SOCKET_OPTION; switch (cte->host->conf.ss.ss_family) { case AF_INET: @@ -69,8 +69,13 @@ check_tcp(struct ctl_tcp_event *cte) len = ((struct sockaddr *)&cte->host->conf.ss)->sa_len; - if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1) + if ((s = socket(cte->host->conf.ss.ss_family, SOCK_STREAM, 0)) == -1) { + if (errno == EMFILE || errno == ENFILE) + he = HCE_TCP_SOCKET_LIMIT; + else + he = HCE_TCP_SOCKET_ERROR; goto bad; + } bzero(&lng, sizeof(lng)); if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) diff --git a/usr.sbin/relayd/hce.c b/usr.sbin/relayd/hce.c index 2eb5601d160..0b4fd042d64 100644 --- a/usr.sbin/relayd/hce.c +++ b/usr.sbin/relayd/hce.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hce.c,v 1.55 2010/05/14 11:13:36 reyk Exp $ */ +/* $OpenBSD: hce.c,v 1.56 2010/11/30 14:38:45 reyk Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -120,6 +120,9 @@ hce(struct relayd *x_env, int pipe_parent2pfe[2], int pipe_parent2hce[2], event_init(); + /* Allow maximum available sockets for TCP checks */ + socket_rlimit(-1); + if ((iev_pfe = calloc(1, sizeof(struct imsgev))) == NULL || (iev_main = calloc(1, sizeof(struct imsgev))) == NULL) fatal("hce"); diff --git a/usr.sbin/relayd/log.c b/usr.sbin/relayd/log.c index d19895a113a..4da021fb0fa 100644 --- a/usr.sbin/relayd/log.c +++ b/usr.sbin/relayd/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.15 2010/01/11 06:40:14 jsg Exp $ */ +/* $OpenBSD: log.c,v 1.16 2010/11/30 14:38:45 reyk Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -196,8 +196,14 @@ host_error(enum host_error he) case HCE_ICMP_WRITE_TIMEOUT: return ("icmp write timeout"); break; - case HCE_TCP_CONNECT_ERROR: - return ("tcp connect error"); + case HCE_TCP_SOCKET_ERROR: + return ("tcp socket error"); + break; + case HCE_TCP_SOCKET_LIMIT: + return ("tcp socket limit"); + break; + case HCE_TCP_SOCKET_OPTION: + return ("tcp socket option"); break; case HCE_TCP_CONNECT_FAIL: return ("tcp connect failed"); diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c index a9d9caff74b..a5825d5b281 100644 --- a/usr.sbin/relayd/relay.c +++ b/usr.sbin/relayd/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.125 2010/11/24 13:57:05 jsg Exp $ */ +/* $OpenBSD: relay.c,v 1.126 2010/11/30 14:38:45 reyk Exp $ */ /* * Copyright (c) 2006, 2007, 2008 Reyk Floeter <reyk@openbsd.org> @@ -24,7 +24,6 @@ #include <sys/un.h> #include <sys/tree.h> #include <sys/hash.h> -#include <sys/resource.h> #include <net/if.h> #include <netinet/in_systm.h> @@ -460,19 +459,9 @@ relay_init(void) struct relay *rlay; struct host *host; struct timeval tv; - struct rlimit rl; - if (getrlimit(RLIMIT_NOFILE, &rl) == -1) - fatal("relay_init: failed to get resource limit"); - log_debug("relay_init: max open files %d", rl.rlim_max); - - /* - * Allow the maximum number of open file descriptors for this - * login class (which should be the class "daemon" by default). - */ - rl.rlim_cur = rl.rlim_max; - if (setrlimit(RLIMIT_NOFILE, &rl) == -1) - fatal("relay_init: failed to set resource limit"); + /* Unlimited file descriptors (use system limits) */ + socket_rlimit(-1); TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) { if ((rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)) && diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c index 2e148297bcd..46ac4f7e4a2 100644 --- a/usr.sbin/relayd/relayd.c +++ b/usr.sbin/relayd/relayd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.c,v 1.98 2010/09/02 14:03:22 sobrado Exp $ */ +/* $OpenBSD: relayd.c,v 1.99 2010/11/30 14:38:45 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org> @@ -21,6 +21,7 @@ #include <sys/queue.h> #include <sys/socket.h> #include <sys/wait.h> +#include <sys/resource.h> #include <net/if.h> #include <netinet/in.h> @@ -1359,3 +1360,24 @@ map4to6(struct sockaddr_storage *in4, struct sockaddr_storage *map) return (0); } + +void +socket_rlimit(int maxfd) +{ + struct rlimit rl; + + if (getrlimit(RLIMIT_NOFILE, &rl) == -1) + fatal("socket_rlimit: failed to get resource limit"); + log_debug("socket_rlimit: max open files %d", rl.rlim_max); + + /* + * Allow the maximum number of open file descriptors for this + * login class (which should be the class "daemon" by default). + */ + if (maxfd == -1) + rl.rlim_cur = rl.rlim_max; + else + rl.rlim_cur = MAX(rl.rlim_max, (rlim_t)maxfd); + if (setrlimit(RLIMIT_NOFILE, &rl) == -1) + fatal("socket_rlimit: failed to set resource limit"); +} diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index d2d2369324a..bb8616b4cbd 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.138 2010/10/26 15:04:37 reyk Exp $ */ +/* $OpenBSD: relayd.h,v 1.139 2010/11/30 14:38:45 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -289,7 +289,9 @@ enum host_error { HCE_ICMP_OK, HCE_ICMP_READ_TIMEOUT, HCE_ICMP_WRITE_TIMEOUT, - HCE_TCP_CONNECT_ERROR, + HCE_TCP_SOCKET_ERROR, + HCE_TCP_SOCKET_LIMIT, + HCE_TCP_SOCKET_OPTION, HCE_TCP_CONNECT_FAIL, HCE_TCP_CONNECT_TIMEOUT, HCE_TCP_CONNECT_OK, @@ -916,6 +918,7 @@ int map4to6(struct sockaddr_storage *, struct sockaddr_storage *); void imsg_event_add(struct imsgev *); int imsg_compose_event(struct imsgev *, u_int16_t, u_int32_t, pid_t, int, void *, u_int16_t); +void socket_rlimit(int); /* carp.c */ int carp_demote_init(char *, int); |