From 4d0a5249de80302e4daadd7b6b8a0ddd8878e1e4 Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Sun, 11 Sep 2016 09:06:34 +0200 Subject: [PATCH] networkd: limit the number of routes to the kernel limit Patch cherry-picked from upstream master. Gbp-Dch: Short --- ...mber-of-routes-to-the-kernel-limit-4.patch | 71 +++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 72 insertions(+) create mode 100644 debian/patches/networkd-limit-the-number-of-routes-to-the-kernel-limit-4.patch diff --git a/debian/patches/networkd-limit-the-number-of-routes-to-the-kernel-limit-4.patch b/debian/patches/networkd-limit-the-number-of-routes-to-the-kernel-limit-4.patch new file mode 100644 index 000000000..80ae12cfa --- /dev/null +++ b/debian/patches/networkd-limit-the-number-of-routes-to-the-kernel-limit-4.patch @@ -0,0 +1,71 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Sun, 21 Aug 2016 09:06:28 -0400 +Subject: networkd: limit the number of routes to the kernel limit (#4007) + +Fixes #3922. +--- + src/network/networkd-route.c | 35 +++++++++++++++++++++++++++++++---- + 1 file changed, 31 insertions(+), 4 deletions(-) + +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index cedaf47..d73b093 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -26,10 +26,37 @@ + #include "parse-util.h" + #include "set.h" + #include "string-util.h" ++#include "sysctl-util.h" + #include "util.h" + +-#define ROUTES_PER_LINK_MAX 2048U +-#define STATIC_ROUTES_PER_NETWORK_MAX 1024U ++#define ROUTES_DEFAULT_MAX_PER_FAMILY 4096U ++ ++static unsigned routes_max(void) { ++ static thread_local unsigned cached = 0; ++ ++ _cleanup_free_ char *s4 = NULL, *s6 = NULL; ++ unsigned val4 = ROUTES_DEFAULT_MAX_PER_FAMILY, val6 = ROUTES_DEFAULT_MAX_PER_FAMILY; ++ ++ if (cached > 0) ++ return cached; ++ ++ if (sysctl_read("net/ipv4/route/max_size", &s4) >= 0) { ++ truncate_nl(s4); ++ if (safe_atou(s4, &val4) >= 0 && ++ val4 == 2147483647U) ++ /* This is the default "no limit" value in the kernel */ ++ val4 = ROUTES_DEFAULT_MAX_PER_FAMILY; ++ } ++ ++ if (sysctl_read("net/ipv6/route/max_size", &s6) >= 0) { ++ truncate_nl(s6); ++ (void) safe_atou(s6, &val6); ++ } ++ ++ cached = MAX(ROUTES_DEFAULT_MAX_PER_FAMILY, val4) + ++ MAX(ROUTES_DEFAULT_MAX_PER_FAMILY, val6); ++ return cached; ++} + + int route_new(Route **ret) { + _cleanup_route_free_ Route *route = NULL; +@@ -67,7 +94,7 @@ int route_new_static(Network *network, unsigned section, Route **ret) { + } + } + +- if (network->n_static_routes >= STATIC_ROUTES_PER_NETWORK_MAX) ++ if (network->n_static_routes >= routes_max()) + return -E2BIG; + + r = route_new(&route); +@@ -492,7 +519,7 @@ int route_configure( + assert(route->family == AF_INET || route->family == AF_INET6); + + if (route_get(link, route->family, &route->dst, route->dst_prefixlen, route->tos, route->priority, route->table, NULL) <= 0 && +- set_size(link->routes) >= ROUTES_PER_LINK_MAX) ++ set_size(link->routes) >= routes_max()) + return -E2BIG; + + r = sd_rtnl_message_new_route(link->manager->rtnl, &req, diff --git a/debian/patches/series b/debian/patches/series index 2e37dfa3d..ff95c3d21 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -11,6 +11,7 @@ sysv-generator-better-error-reporting-3977.patch seccomp-also-detect-if-seccomp-filtering-is-enabled.patch nspawn-detect-SECCOMP-availability-skip-audit-filter-if-u.patch shared-recognize-DNS-names-with-more-than-one-trailing-do.patch +networkd-limit-the-number-of-routes-to-the-kernel-limit-4.patch debian/Use-Debian-specific-config-files.patch debian/don-t-try-to-start-autovt-units-when-not-running-wit.patch debian/Make-logind-hostnamed-localed-timedated-D-Bus-activa.patch