networkd: limit the number of routes to the kernel limit

Patch cherry-picked from upstream master. Gbp-Dch: Short
2026-02-03 22:44:41 +00:00 · 2016-09-11 09:06:34 +02:00 · 2016-09-11 09:06:34 +02:00 · 4d0a5249de
commit 4d0a5249de
parent fbc31e073e
2 changed files with 72 additions and 0 deletions
--- a/debian/patches/networkd-limit-the-number-of-routes-to-the-kernel-limit-4.patch
+++ b/debian/patches/networkd-limit-the-number-of-routes-to-the-kernel-limit-4.patch
@ -0,0 +1,71 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 21 Aug 2016 09:06:28 -0400
+Subject: networkd: limit the number of routes to the kernel limit (#4007)
+
+Fixes #3922.
+---
+ src/network/networkd-route.c | 35 +++++++++++++++++++++++++++++++----
+ 1 file changed, 31 insertions(+), 4 deletions(-)
+
+diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
+index cedaf47..d73b093 100644
+--- a/src/network/networkd-route.c
+++ b/src/network/networkd-route.c
+@@ -26,10 +26,37 @@
+ #include "parse-util.h"
+ #include "set.h"
+ #include "string-util.h"
+#include "sysctl-util.h"
+ #include "util.h"
+ 
+-#define ROUTES_PER_LINK_MAX 2048U
+-#define STATIC_ROUTES_PER_NETWORK_MAX 1024U
+#define ROUTES_DEFAULT_MAX_PER_FAMILY 4096U
+
+static unsigned routes_max(void) {
+        static thread_local unsigned cached = 0;
+
+        _cleanup_free_ char *s4 = NULL, *s6 = NULL;
+        unsigned val4 = ROUTES_DEFAULT_MAX_PER_FAMILY, val6 = ROUTES_DEFAULT_MAX_PER_FAMILY;
+
+        if (cached > 0)
+                return cached;
+
+        if (sysctl_read("net/ipv4/route/max_size", &s4) >= 0) {
+                truncate_nl(s4);
+                if (safe_atou(s4, &val4) >= 0 &&
+                    val4 == 2147483647U)
+                        /* This is the default "no limit" value in the kernel */
+                        val4 = ROUTES_DEFAULT_MAX_PER_FAMILY;
+        }
+
+        if (sysctl_read("net/ipv6/route/max_size", &s6) >= 0) {
+                truncate_nl(s6);
+                (void) safe_atou(s6, &val6);
+        }
+
+        cached = MAX(ROUTES_DEFAULT_MAX_PER_FAMILY, val4) +
+                 MAX(ROUTES_DEFAULT_MAX_PER_FAMILY, val6);
+        return cached;
+}
+ 
+ int route_new(Route **ret) {
+         _cleanup_route_free_ Route *route = NULL;
+@@ -67,7 +94,7 @@ int route_new_static(Network *network, unsigned section, Route **ret) {
+                 }
+         }
+ 
+-        if (network->n_static_routes >= STATIC_ROUTES_PER_NETWORK_MAX)
+        if (network->n_static_routes >= routes_max())
+                 return -E2BIG;
+ 
+         r = route_new(&route);
+@@ -492,7 +519,7 @@ int route_configure(
+         assert(route->family == AF_INET || route->family == AF_INET6);
+ 
+         if (route_get(link, route->family, &route->dst, route->dst_prefixlen, route->tos, route->priority, route->table, NULL) <= 0 &&
+-            set_size(link->routes) >= ROUTES_PER_LINK_MAX)
+            set_size(link->routes) >= routes_max())
+                 return -E2BIG;
+ 
+         r = sd_rtnl_message_new_route(link->manager->rtnl, &req,
--- a/debian/patches/series
+++ b/debian/patches/series
@ -11,6 +11,7 @@ sysv-generator-better-error-reporting-3977.patch
 seccomp-also-detect-if-seccomp-filtering-is-enabled.patch
 nspawn-detect-SECCOMP-availability-skip-audit-filter-if-u.patch
 shared-recognize-DNS-names-with-more-than-one-trailing-do.patch
+networkd-limit-the-number-of-routes-to-the-kernel-limit-4.patch
 debian/Use-Debian-specific-config-files.patch
 debian/don-t-try-to-start-autovt-units-when-not-running-wit.patch
 debian/Make-logind-hostnamed-localed-timedated-D-Bus-activa.patch