Socket MaxTCPConnections Limiter (New Connections): Use system's maximum concurrent TCP connections, disable if undefined

Sven Göthel · Sven Göthel · commit 92f7113be52d · 2024-10-29T10:36:49.000+01:00
Used system value on a Linux kernel are - /proc/sys/net/ipv4/tcp_max_orphans See https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html - /proc/sys/net/nf_conntrack_max See https://www.kernel.org/doc/html/latest/networking/nf_conntrack-sysctl.html Previous confusion about 'max connections' semantics has been resolved, as this `net::Default::maxTCPConnections` is unrelated to session count but actual outfacing TCP connections only. Signed-off-by: Sven Göthel <sven.gothel@collabora.com> Change-Id: Iad74f253bdac5636757b130b299b5deacda658db
diff --git a/common/Util-desktop.cpp b/common/Util-desktop.cpp
@@ -11,6 +11,7 @@
 #include <config.h>
 
 #include "Util.hpp"
+#include "FileUtil.hpp"
 
 #ifdef __linux__
 #include <sys/time.h>
@@ -160,6 +161,21 @@ std::size_t getTotalSystemMemoryKb()
     return totalMemKb;
 }
 
+std::size_t getMaxConcurrentTCPConnections()
+{
+#ifdef __linux__
+    char line[1024+1]; // includes EOS
+    const ssize_t tcp_max_orphans = FileUtil::readDecimal("/proc/sys/net/ipv4/tcp_max_orphans", line, sizeof(line)-1, 0);
+    const ssize_t nf_conntrack_max = FileUtil::readDecimal("/proc/sys/net/nf_conntrack_max", line, sizeof(line)-1, 0);
+    LOG_DBG("MaxConcurrentTCPConnections: min(orphans " << tcp_max_orphans
+            << ", conntrack " << nf_conntrack_max << ") = "
+            << std::min(tcp_max_orphans, nf_conntrack_max));
+    return std::min(tcp_max_orphans, nf_conntrack_max);
+#else
+    return 0;
+#endif
+}
+
 std::size_t getFromCGroup(const std::string& group, const std::string& key)
 {
     std::size_t num = 0;
diff --git a/common/Util-mobile.cpp b/common/Util-mobile.cpp
@@ -21,6 +21,7 @@ int spawnProcess(const std::string& cmd, const StringVector& args) { return 0; }
 
 std::string getHumanizedBytes(unsigned long nBytes) { return std::string(); }
 size_t getTotalSystemMemoryKb() { return 0; }
+std::size_t getMaxConcurrentTCPConnections() { return 0; }
 std::size_t getFromFile(const char* path) { return 0; }
 std::size_t getCGroupMemLimit() { return 0; }
 std::size_t getCGroupMemSoftLimit() { return 0; }
diff --git a/common/Util.hpp b/common/Util.hpp
@@ -353,6 +353,9 @@ namespace Util
     /// Returns the total physical memory (in kB) available in the system
     size_t getTotalSystemMemoryKb();
 
+    /// Returns the maximum number of concurrent TCP connections, zero if undefined.
+    std::size_t getMaxConcurrentTCPConnections();
+
     /// Returns the numerical content of a file at @path
     std::size_t getFromFile(const char *path);
 
diff --git a/net/NetUtil.hpp b/net/NetUtil.hpp
@@ -36,15 +36,15 @@ class DefaultValues
     /// StreamSocket inactivity timeout in us (3600s default). Zero disables instrument.
     std::chrono::microseconds inactivityTimeout;
 
-    /// Maximum total connections (9999 or MAX_CONNECTIONS). Zero disables instrument.
-    size_t maxConnections;
+    /// Maximum number of concurrent TCP connections. Zero disables instrument.
+    size_t maxTCPConnections;
 
     std::ostream& stream(std::ostream& os) const
     {
-        os << "Socket[MaxConnections " << maxConnections
-           << "], Inactivity[timeout "
+        os << "Socket[maxTCPConnections " << maxTCPConnections
+           << "], Inactivity-timeout "
            << std::setw(5)
-           << inactivityTimeout.count() / 1000.0 << "ms]";
+           << inactivityTimeout.count() / 1000.0 << "ms";
         return os;
     }
 
diff --git a/net/Socket.cpp b/net/Socket.cpp
@@ -66,7 +66,7 @@ std::mutex SocketPoll::_statsMutex;
 std::atomic<size_t> SocketPoll::_statsConnectionCount(0);
 
 net::DefaultValues net::Defaults = { .inactivityTimeout = std::chrono::seconds(3600),
-                                     .maxConnections = 9999 };
+                                     .maxTCPConnections = 0 /* undefined default */};
 
 size_t SocketPoll::statsConnectionMod(size_t added, size_t removed) {
     if( added == 0 && removed == 0 ) {
diff --git a/test/UnitTimeoutConnections.cpp b/test/UnitTimeoutConnections.cpp
@@ -34,7 +34,7 @@ class UnitTimeoutConnections : public UnitTimeoutBase1
 {
     void configure(Poco::Util::LayeredConfiguration& /* config */) override
     {
-        net::Defaults.maxConnections = ConnectionLimit;
+        net::Defaults.maxTCPConnections = ConnectionLimit;
     }
 
 public:
diff --git a/wsd/COOLWSD.cpp b/wsd/COOLWSD.cpp
@@ -2336,7 +2336,7 @@ void COOLWSD::innerInitialize(Poco::Util::Application& self)
     UnitWSD::get().setWSD(this);
 
     // net::Defaults: Set MaxConnections field
-    net::Defaults.maxConnections = std::max<size_t>(3, MAX_CONNECTIONS);
+    net::Defaults.maxTCPConnections = std::max(Util::getMaxConcurrentTCPConnections(), std::max<size_t>(3, MAX_CONNECTIONS));
 
     // Allow UT to manipulate before using configuration values.
     UnitWSD::get().configure(conf);
@@ -2747,19 +2747,16 @@ void COOLWSD::innerInitialize(Poco::Util::Application& self)
     if (getConfigValue<bool>(conf, "home_mode.enable", false))
     {
         COOLWSD::MaxConnections = 20;
-        net::Defaults.maxConnections = COOLWSD::MaxConnections; // re-align
         COOLWSD::MaxDocuments = 10;
     }
     else
     {
         conf.setString("feedback.show", "true");
         conf.setString("welcome.enable", "true");
-        COOLWSD::MaxConnections = net::Defaults.maxConnections; // aligned w/ MAX_CONNECTIONS above
         COOLWSD::MaxDocuments = MAX_DOCUMENTS;
     }
 #else
     {
-        COOLWSD::MaxConnections = net::Defaults.maxConnections; // aligned w/ MAX_CONNECTIONS above
         COOLWSD::MaxDocuments = MAX_DOCUMENTS;
     }
 #endif
@@ -2935,7 +2932,7 @@ void COOLWSD::innerInitialize(Poco::Util::Application& self)
 #endif
 
     WebServerPoll = std::make_unique<TerminatingPoll>("websrv_poll");
-    WebServerPoll->setLimiter( net::Defaults.maxConnections );
+    WebServerPoll->setLimiter( net::Defaults.maxTCPConnections ); // enabled if `maxTCPConnections` > 0
 
 #if !MOBILEAPP
     net::AsyncDNS::startAsyncDNS();
diff --git a/wsd/DocumentBroker.cpp b/wsd/DocumentBroker.cpp
@@ -140,7 +140,7 @@ class DocumentBroker::DocumentBrokerPoll final : public TerminatingPoll
         TerminatingPoll(threadName),
         _docBroker(docBroker)
     {
-        setLimiter( net::Defaults.maxConnections );
+        setLimiter( net::Defaults.maxTCPConnections ); // enabled if `maxTCPConnections` > 0
     }
 
     void pollingThread() override

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ class UnitTimeoutConnections : public UnitTimeoutBase1`
`34`	`34`	`{`
`35`	`35`	`void configure(Poco::Util::LayeredConfiguration& /* config */) override`
`36`	`36`	`{`
`37`		`- net::Defaults.maxConnections = ConnectionLimit;`
	`37`	`+ net::Defaults.maxTCPConnections = ConnectionLimit;`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`public:`
Original file line number	Diff line number	Diff line change
`@@ -2336,7 +2336,7 @@ void COOLWSD::innerInitialize(Poco::Util::Application& self)`
`2336`	`2336`	`UnitWSD::get().setWSD(this);`
`2337`	`2337`
`2338`	`2338`	`// net::Defaults: Set MaxConnections field`
`2339`		`- net::Defaults.maxConnections = std::max<size_t>(3, MAX_CONNECTIONS);`
	`2339`	`+ net::Defaults.maxTCPConnections = std::max(Util::getMaxConcurrentTCPConnections(), std::max<size_t>(3, MAX_CONNECTIONS));`
`2340`	`2340`
`2341`	`2341`	`// Allow UT to manipulate before using configuration values.`
`2342`	`2342`	`UnitWSD::get().configure(conf);`
`@@ -2747,19 +2747,16 @@ void COOLWSD::innerInitialize(Poco::Util::Application& self)`
`2747`	`2747`	`if (getConfigValue<bool>(conf, "home_mode.enable", false))`
`2748`	`2748`	`{`
`2749`	`2749`	`COOLWSD::MaxConnections = 20;`
`2750`		`- net::Defaults.maxConnections = COOLWSD::MaxConnections; // re-align`
`2751`	`2750`	`COOLWSD::MaxDocuments = 10;`
`2752`	`2751`	`}`
`2753`	`2752`	`else`
`2754`	`2753`	`{`
`2755`	`2754`	`conf.setString("feedback.show", "true");`
`2756`	`2755`	`conf.setString("welcome.enable", "true");`
`2757`		`- COOLWSD::MaxConnections = net::Defaults.maxConnections; // aligned w/ MAX_CONNECTIONS above`
`2758`	`2756`	`COOLWSD::MaxDocuments = MAX_DOCUMENTS;`
`2759`	`2757`	`}`
`2760`	`2758`	`#else`
`2761`	`2759`	`{`
`2762`		`- COOLWSD::MaxConnections = net::Defaults.maxConnections; // aligned w/ MAX_CONNECTIONS above`
`2763`	`2760`	`COOLWSD::MaxDocuments = MAX_DOCUMENTS;`
`2764`	`2761`	`}`
`2765`	`2762`	`#endif`
`@@ -2935,7 +2932,7 @@ void COOLWSD::innerInitialize(Poco::Util::Application& self)`
`2935`	`2932`	`#endif`
`2936`	`2933`
`2937`	`2934`	`WebServerPoll = std::make_unique<TerminatingPoll>("websrv_poll");`
`2938`		`- WebServerPoll->setLimiter( net::Defaults.maxConnections );`
	`2935`	+ WebServerPoll->setLimiter( net::Defaults.maxTCPConnections ); // enabled if `maxTCPConnections` > 0
`2939`	`2936`
`2940`	`2937`	`#if !MOBILEAPP`
`2941`	`2938`	`net::AsyncDNS::startAsyncDNS();`
Original file line number	Diff line number	Diff line change
`@@ -140,7 +140,7 @@ class DocumentBroker::DocumentBrokerPoll final : public TerminatingPoll`
`140`	`140`	`TerminatingPoll(threadName),`
`141`	`141`	`_docBroker(docBroker)`
`142`	`142`	`{`
`143`		`- setLimiter( net::Defaults.maxConnections );`
	`143`	+ setLimiter( net::Defaults.maxTCPConnections ); // enabled if `maxTCPConnections` > 0
`144`	`144`	`}`
`145`	`145`
`146`	`146`	`void pollingThread() override`