From nobody Tue May 30 09:06:55 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QVmjq2XV1z4Y8J2; Tue, 30 May 2023 09:06:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QVmjq247sz3p5R; Tue, 30 May 2023 09:06:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685437615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+izvLl5SUhbBhpPWKq3W3I7EauBD7vwSOUnArzQuqFE=; b=glRkEf1RZsB5VeIxF13S4EmYM8fad4GUZRs5sNcaZsZ0P1Djwcc6S/B4lU1xk0s+Ujemus UqLbjUzsvxlMnia5zBVJo324JeoLDEVNEYbZcVLWd84R/4qwbp3zzaPHle/qoRSBdThheT ti7aaPEFSPkBZLjN9S1KJ5z5KVI0DYFF+Bvwn4go81lRc4LJ4RNfa0IbODEL40Dgh5rC9d 1eB/Ej4eZMaOoVR92HtOWrDYHkhT26jOD0qiYBFMzACfJ8rx1GuV1Y/4EmMNWw/1AVxwiH +3QX3RZTarf2hZ2P8HpkBdbwE0fTp4+a8xZ4TZeDD5Lo2e5wWlZ8HX1TTz1a1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685437615; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+izvLl5SUhbBhpPWKq3W3I7EauBD7vwSOUnArzQuqFE=; b=Zmh51m/ySpqvjYaYWGr/GML0qw7DN0n9bXiJW1Vu2XsGJ0SrPSWkOAOTh+e5rOtVLSbXss YKrflxP7nNjkVgOZt5bt77x9slFgUSgEkxKuGLxQIV3cAfhIqAQTcGYHSxlKahctHgItZM bfK33y9pkJ8eRcgC8VgXcdUiNxsKxai14elsNH8gEel0Mr5LRLg2S4Do8AFJvC/hFk0dwb 6LeuDvWA5CPjP/jnHJV3Y3LQ8sZWQcv4DAhdhwwrO46TBv8INZz3Z9Defnn4XzVtjJFjs1 TLyyYkEnw4nqyTOzyDWHn3f1LtmQ+aDXSyFSApMicB3ev1vIRRkpcJuNhbl/8A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685437615; a=rsa-sha256; cv=none; b=w23Jufu6N9XaFnub0nFVWJrhoGBTTOAQ6MuS9qW7CzMKLLAHmsTcOaDu9aINJtNhR93zes 1/uLtMWQetDBRb+46EbFP6xTI6SGGvtqkrcdkyFLhFN4aYVUWwFKCPgmi85ptLYjT++vIG YGgdNVHmidKxbrph9SnR0G9O8srtXNSrtDNM6L2InrY+jsqHIKStdFxY5tdi3BDcanVEtS LMuteBfNLl5pq1QqSWHLwBoGLepY05Z2JI8Qckfuy269e70MW2lWnKFaeGMnnQoYQo+6l7 KWNikhZTb0Q8Ly2E/KZhX6EXILnciaB1W0t2zbF6A3JPY8TsMuoivlrMEV2P6Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QVmjq131Nzn8T; Tue, 30 May 2023 09:06:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34U96tH0022490; Tue, 30 May 2023 09:06:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34U96tVn022489; Tue, 30 May 2023 09:06:55 GMT (envelope-from git) Date: Tue, 30 May 2023 09:06:55 GMT Message-Id: <202305300906.34U96tVn022489@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Eugene Grosbein Subject: git: 773c91ccc892 - stable/13 - MFC: listen(2): improve administrator control over logging List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: eugen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 773c91ccc8922c047d3632ae5849cd824992c313 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by eugen: URL: https://cgit.FreeBSD.org/src/commit/?id=773c91ccc8922c047d3632ae5849cd824992c313 commit 773c91ccc8922c047d3632ae5849cd824992c313 Author: Eugene Grosbein AuthorDate: 2023-04-30 20:14:30 +0000 Commit: Eugene Grosbein CommitDate: 2023-05-30 09:05:46 +0000 MFC: listen(2): improve administrator control over logging As documented in listen.2 manual page, the kernel emits a LOG_DEBUG syslog message if a socket listen queue overflows. For some appliances, it may be desirable to change the priority to some higher value like LOG_INFO while keeping other debugging suppressed. OTOH there are cases when such overflows are normal and expected. Then it may be desirable to suppress overflow logging altogether, so that dmesg buffer is not flooded over long run. In addition to existing sysctl kern.ipc.sooverinterval, introduce new sysctl kern.ipc.sooverprio that defaults to 7 (LOG_DEBUG) to preserve current behavior. It may be changed to any value in a range of 0..7 for corresponding priority or to -1 to suppress logging. Document it in the listen.2 manual page. (cherry picked from commit 4824d788725987bccff53dec8c103cbac455b3ed) --- lib/libc/sys/listen.2 | 15 +++++++++++++-- sys/kern/uipc_socket.c | 40 +++++++++++++++++++++++++++++++++------- 2 files changed, 46 insertions(+), 9 deletions(-) diff --git a/lib/libc/sys/listen.2 b/lib/libc/sys/listen.2 index 4d0962fd412c..076163548b72 100644 --- a/lib/libc/sys/listen.2 +++ b/lib/libc/sys/listen.2 @@ -28,7 +28,7 @@ .\" From: @(#)listen.2 8.2 (Berkeley) 12/11/93 .\" $FreeBSD$ .\" -.Dd April 14, 2020 +.Dd April 30, 2023 .Dt LISTEN 2 .Os .Sh NAME @@ -111,10 +111,20 @@ or less than zero is specified, is silently forced to .Va kern.ipc.soacceptqueue . .Pp -If the listen queue overflows, the kernel will emit a LOG_DEBUG syslog message. +If the listen queue overflows, the kernel will emit a syslog message +using default priority LOG_DEBUG (7). The .Xr sysctl 3 MIB variable +.Va kern.ipc.sooverprio +may be used to change this priority to any value in a range of 0..7 +(LOG_EMERG..LOG_DEBUG). +See +.Xr syslog 3 +for details. +It may be set to -1 to disable these messages. +.Pp +The variable .Va kern.ipc.sooverinterval specifies a per-socket limit on how often the kernel will emit these messages. .Sh INTERACTION WITH ACCEPT FILTERS @@ -164,6 +174,7 @@ The socket is not of a type that supports the operation .Xr connect 2 , .Xr socket 2 , .Xr sysctl 3 , +.Xr syslog 3 , .Xr sysctl 8 , .Xr accept_filter 9 .Sh HISTORY diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 5b1e572d786f..32ad819be81b 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -574,6 +574,10 @@ SYSCTL_INT(_regression, OID_AUTO, sonewconn_earlytest, CTLFLAG_RW, ®ression_sonewconn_earlytest, 0, "Perform early sonewconn limit test"); #endif +static int sooverprio = LOG_DEBUG; +SYSCTL_INT(_kern_ipc, OID_AUTO, sooverprio, CTLFLAG_RW, + &sooverprio, 0, "Log priority for listen socket overflows: 0..7 or -1 to disable"); + static struct timeval overinterval = { 60, 0 }; SYSCTL_TIMEVAL_SEC(_kern_ipc, OID_AUTO, sooverinterval, CTLFLAG_RW, &overinterval, @@ -612,7 +616,8 @@ sonewconn(struct socket *head, int connstatus) if (over) { #endif head->sol_overcount++; - dolog = !!ratecheck(&head->sol_lastover, &overinterval); + dolog = (sooverprio >= 0) && + !!ratecheck(&head->sol_lastover, &overinterval); /* * If we're going to log, copy the overflow count and queue @@ -694,12 +699,33 @@ sonewconn(struct socket *head, int connstatus) } KASSERT(sbuf_len(&descrsb) > 0, ("%s: sbuf creation failed", __func__)); - log(LOG_DEBUG, - "%s: pcb %p (%s): Listen queue overflow: " - "%i already in queue awaiting acceptance " - "(%d occurrences)\n", - __func__, head->so_pcb, sbuf_data(&descrsb), - qlen, overcount); + /* + * Preserve the historic listen queue overflow log + * message, that starts with "sonewconn:". It has + * been known to sysadmins for years and also test + * sys/kern/sonewconn_overflow checks for it. + */ + if (head->so_cred == 0) { + log(LOG_PRI(sooverprio), + "sonewconn: pcb %p (%s): " + "Listen queue overflow: %i already in " + "queue awaiting acceptance (%d " + "occurrences)\n", head->so_pcb, + sbuf_data(&descrsb), + qlen, overcount); + } else { + log(LOG_PRI(sooverprio), + "sonewconn: pcb %p (%s): " + "Listen queue overflow: " + "%i already in queue awaiting acceptance " + "(%d occurrences), euid %d, rgid %d, jail %s\n", + head->so_pcb, sbuf_data(&descrsb), qlen, + overcount, head->so_cred->cr_uid, + head->so_cred->cr_rgid, + head->so_cred->cr_prison ? + head->so_cred->cr_prison->pr_name : + "not_jailed"); + } sbuf_delete(&descrsb); overcount = 0;