MEDIUM: init: continue to enforce SYSTEM_MAXCONN with auto settings if set
Commit d025648 ("MAJOR: init: automatically set maxconn and/or maxsslconn
when possible") resulted in a case where if enough memory is available,
a maxconn value larger than SYSTEM_MAXCONN could be computed, resulting
in possibly overflowing other systems resources (eg: kernel socket buffers,
conntrack entries, etc). Let's bound any automatic maxconn to SYSTEM_MAXCONN
if it is defined. Note that the value is set to DEFAULT_MAXCONN since
SYSTEM_MAXCONN forces DEFAULT_MAXCONN, thus it is not an error.
diff --git a/src/haproxy.c b/src/haproxy.c
index 60a0ca2..c5ffa0f 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -801,7 +801,9 @@
* handshake once since it is not performed on the two sides at the
* same time (frontend-side is terminated before backend-side begins).
* The SSL stack is supposed to have filled ssl_session_cost and
- * ssl_handshake_cost during its initialization.
+ * ssl_handshake_cost during its initialization. In any case, if
+ * SYSTEM_MAXCONN is set, we still enforce it as an upper limit for
+ * maxconn in order to protect the system.
*/
if (!global.rlimit_memmax) {
if (global.maxconn == 0) {
@@ -834,6 +836,10 @@
global.ssl_handshake_max_cost); // 1 handshake per connection max
global.maxconn = round_2dig(global.maxconn);
+#ifdef SYSTEM_MAXCONN
+ if (global.maxconn > DEFAULT_MAXCONN)
+ global.maxconn = DEFAULT_MAXCONN;
+#endif /* SYSTEM_MAXCONN */
global.maxsslconn = sides * global.maxconn;
if (global.mode & (MODE_VERBOSE|MODE_DEBUG))
fprintf(stderr, "Note: setting global.maxconn to %d and global.maxsslconn to %d.\n",
@@ -894,6 +900,10 @@
global.maxconn = clearmem / (SESSION_MAX_COST + 2 * global.tune.bufsize);
global.maxconn = round_2dig(global.maxconn);
+#ifdef SYSTEM_MAXCONN
+ if (global.maxconn > DEFAULT_MAXCONN)
+ global.maxconn = DEFAULT_MAXCONN;
+#endif /* SYSTEM_MAXCONN */
if (clearmem <= 0 || !global.maxconn) {
Alert("Cannot compute the automatic maxconn because global.maxsslconn is already too "