[tac_plus] SOMAXCONN too small

heasley heas at shrubbery.net
Mon Oct 20 21:13:02 UTC 2014


Fri, Oct 17, 2014 at 03:06:51PM -0700, Heasley:
> 
> 
> 
> > Am 17.10.2014 um 06:24 schrieb Stephen Satchell <satch at ine.com>:
> > 
> > In our shop, we have a number of NAS devices talking to a pair of tac_plus servers in a failover configuration.  The configuration file changes constantly.  (Don't ask.)  What we have been experiencing is that during periods of heavy login activity, some of the users have been left high and dry, sparking tech support calls and a degraded customer experience.
> > 
> > Investigating the source, I see that SOMAXCONN is set to 5 (by default?  Didn't see any way to adjust from ./configure) which for our application is, I suspect, too small.
> > 
> > Is there a particular reason your LISTEN queue is so short?  Or is this one of the those situations where "5 should be enough for the usual cases"?
> > 
> > I'll be patching the source to boost this to 50 to see what happens.
> 
> I dont see why 50 should be a problem. Fbsd default is 128. i suppose one may prefer a client find no connection and roll to another server vs wait. So, its probsbly better left to the default or cmdline option. 
> 
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus

Index: tac_plus.c
===================================================================
--- tac_plus.c	(revision 3661)
+++ tac_plus.c	(working copy)
@@ -270,9 +270,14 @@
 {
     extern char *optarg;
     FILE *fp;
-    int	c, *s, ns;
+    int	c, *s, ns, somaxconn;
     struct pollfd *pfds;
 
+#ifndef SOMAXCONN
+# define SOMAXCONN 64
+#endif
+    somaxconn = SOMAXCONN;
+
 #if PROFILE
     moncontrol(0);
 #endif
@@ -293,7 +298,7 @@
 	tac_exit(1);
     }
 
-    while ((c = getopt(argc, argv, "B:C:d:hiPp:tGgvSsLl:w:u:")) != EOF)
+    while ((c = getopt(argc, argv, "B:C:d:hiPp:tGgvSsLl:m:w:u:")) != EOF)
 	switch (c) {
 	case 'B':		/* bind() address*/
 	    bind_address = optarg;
@@ -338,6 +343,9 @@
 	case 'l':		/* logfile */
 	    logfile = tac_strdup(optarg);
 	    break;
+	case 'm':		/* SOMAXCONN */
+	    somaxconn = atoi(optarg);
+	    break;
 	case 'S':		/* enable single-connection */
 	    opt_S = 1;
 	    break;
@@ -501,12 +509,8 @@
 
     get_socket(&s, &ns);
 
-#ifndef SOMAXCONN
-#define SOMAXCONN 5
-#endif
-
     for (c = 0; c < ns; c++) {
-	if (listen(s[c], SOMAXCONN) < 0) {
+	if (listen(s[c], somaxconn) < 0) {
 	    console = 1;
 	    report(LOG_ERR, "listen: %s", strerror(errno));
 	    tac_exit(1);
Index: tac_plus.8.in
===================================================================
--- tac_plus.8.in	(revision 3661)
+++ tac_plus.8.in	(working copy)
@@ -1,6 +1,6 @@
 .\"
 .hys 50
-.TH tac_plus 8 "28 July 2009"
+.TH tac_plus 8 "20 October 2014"
 .\"
 .SH NAME
 tac_plus \- tacacs plus daemon
@@ -20,6 +20,9 @@
 .BI \-l
 <logfile>]
 [\c
+.BI \-m
+<max_listen_queue>]
+[\c
 .BI \-p
 <tcp_port>]
 [\c
@@ -135,6 +138,11 @@
 The logs are still posted to syslog.
 .\"
 .TP
+.B -m <max_listen_queue>
+Specify an alternative client listen queue limit.
+The default is SOMAXCONN or 64, if your O/S does not specify one.
+.\"
+.TP
 .B -L
 Lookup DNS PTR (Domain Name System PoinTeR) record of client addresses.
 The resulting FQDN (Fully Qualified Domain Name), if it resolves, will be
Index: CHANGES
===================================================================
--- CHANGES	(revision 3661)
+++ CHANGES	(working copy)
@@ -471,3 +471,5 @@
 	- update autoconf bits for autoconf 2.69
 	- put tac_plus daemon in sbin, where it ought to be
 	- fix hdr->datalength handling in dump_nas_pak()
+	- add -m option to specify the client listen queue max and increase
+	  the default to 64 if the O/S does not define SOMAXCONN



More information about the tac_plus mailing list