When we write a network server program, I think lots of system calls have their own explicit parameters like socket(), bind(), accept(). But it’s very interesting when we use this system call listen(). Let’s see its prototype:

int listen(int sockfd, int backlog);

Yes, it’s very obvious that the first parameter is the socket fd. But, what’s the meaning of backlog number? Some body would tell us like manpage LISTEN(2) says: “The backlog parameter defines the maximum length the queue of pending connections may grow to. If a connection request arrives with the queue full the client may receive an error with an indication of ECONNREFUSED or, if the underlying protocol supports retransmission, the request may be ignored so that retries succeed.”

From a robust server’s perspective, what’s the maximum value it should be assign? At first, I assigned very large number like 1,024 (of course, listen system call still returns successfully). After saw the manpage LISTEN(2) in Linux, I was wrong..

If the socket is of type AF_INET, and the backlog argument is greater than the constant SOMAXCONN (128 in Linux 2.0 & 2.2), it is silently truncated to SOMAXCONN.

It doesn’t mention kernel 2.6. But it’s fine. Let’s investigate into Linux kernel source code.

In Linux kernel 2.6.20.1, we can see the listen system call implementation in net/socket.c line 1306. As it shows, the maximum number of backlog cannot be large than sysctl_somaxconn, which is assigned to SOMAXCONN. Furthermore, SOMAXCONN is defined 128 in include/linux/socket.h line 226.

In my opinion, in Linux 2.0 to 2.6, this means backlog cannot exceed 128 by default, or it would be truncated to SOMAXCONN silently like the manpage says.

How about FreeBSD? We can see the note of manpage LISTEN(2) in FreeBSD 6:

The listen() system call appeared in 4.2BSD. The ability to configure the maximum backlog at run-time, and to use a negative backlog to request the maximum allowable value, was introduced in FreeBSD 2.2.

I’m not very familiar with FreeBSD kernel, but let me try to trace. The start point is to check sys/kern/uipc_syscalls.c of cvstag RELENG_6 in FreeBSD. We can see listen system call will invoke solisten(so, uap->backlog, td). Thus, we go to sys/kern/uipc_socket.c now to see the implementation of solisten(struct socket *so, int backlog, struct thread *td). The same, the maximum value is somaxconn which is assigned to SOMAXCONN by default. Finally, we can see the value is defined in sys/sys/socket.h. The value is the same as Linux — 128.

To put it another way, if you’re writing a server program in either Linux or FreeBSD platform, it’s very appropriate to assign the value of backlog to 128. in FreeBSD, however, you can assign a negative backlog to request the maximum allowable value.

You may ask what’s the value of backlog in popular modern server? Let’s check the source of Apache HTTP Server. As you see in /server/listen.c, ap_listenbacklog is assigned to DEFAULT_LISTENBACKLOG which is defined 511 in /include/mpm_common.h.

Popularity: 57% [?]

從金山大長輩 tjs 在 CDPA 板上 post 知道的.

On January 31st, FreeBSD 4.11 and FreeBSD 6.0 will have reached their End of Life dates and will no longer be supported by the FreeBSD Security Team.

Users of either of these FreeBSD releases are strongly encouraged to upgrade to FreeBSD 5.5, FreeBSD 6.1, or the upcoming FreeBSD 6.2 before that date.

Popularity: 51% [?]

FreeBSD: Improved sendfile Facility, from KernelTrap.

The sendfile() facility allows a regular file to be sent out to a stream socket.

The system call was first implemented in FreeBSD 3.0. This provides many performance benefits for various server appliances.

Andre Opperman has implemented an improved sendfile() facility for FreeBSD that has so far shown 45% less CPU usage without TCP segmentation offload and 83% less CPU usage with TCP segmentation offload.

This is a great improvement over the previous implementation.

Popularity: 22% [?]

在看 Gentoo 的 portage log 時, 看到一個還蠻有趣的軟體, 叫做 cryctcat (portage/net-analyzer/cryptcat , ports/net/cryptcat).

雖然整體功能來說, 我覺得還是 socat (portage/net-misc/socat, ports/net/socat) 比較強, 不過就編密這方面, 因為 socat 是利用 OpenSSL 來達成這個效果, 就 netcat 簡而易用的角度, 不如用 cryptcat 所採用的 Twofish 這種 symmetric key block cipher 來的簡單易用了.

原先利用 netcat 來傳檔的方法如下:

MachineA:

nc -l 12345 < file.orig

MachineB:

nc MachineA.IP 12345 > file.sent.by.MachineA

要改成

MachineA:

cryptcat -l -p 12345 < file.orig

MachineB:

cryptcat MachineA.IP 12345 > file.sent.by.MachineA

這樣就會利用預設的密碼 metallica, 透過 Twofish 加密. 當然, 也可以用 -k 這個 option 來改變預設的密碼 ;-)

Popularity: 32% [?]

cvs commit log of adding files in ports for sysutils/xfsprogs.
New port for utilities for manipulating XFS filesystems. Originally ported by Alexander Kabaev (kan at freebsd.org) as part of the XFS for FreeBSD project and handed over to me for maintainership.

cvs commit log of adding files in src for sys/gnu/reiserfs.
Import of ReiserFS filesystem support (currently limited to read-only on i386).

Popularity: 16% [?]

FreeBSD 6.0 code freeze, from OSNews.

FreeBSD 6.0 schedule:

• June 10, 2005 - Feature freeze + code slush
• July 10, 2005 - RELENG_6 branch
• August 1, 2005 - RELENG_6_0 branch
• August 15, 2005 - 6.0-RELEASE

Popularity: 15% [?]