Merge pull request #3198 from poettering/trigger-timeout-defaults

change trigger timeout defaults

TODO

@@ -33,6 +33,8 @@ Janitorial Clean-ups:
 
 Features:
 
+* make sure the ratelimit object can deal with USEC_INFINITY as way to turn off things
+
 * journalctl: make sure -f ends when the container indicated by -M terminates
 
 * rework fopen_temporary() to make use of open_tmpfile_linkable() (problem: the

man/systemd.socket.xml

@@ -814,13 +814,14 @@
         <listitem><para>Configures a limit on how often this socket unit my be activated within a specific time
         interval. The <varname>TriggerLimitIntervalSec=</varname> may be used to configure the length of the time
         interval in the usual time units <literal>us</literal>, <literal>ms</literal>, <literal>s</literal>,
-        <literal>min</literal>, <literal>h</literal>, … and defaults to 5s (See
+        <literal>min</literal>, <literal>h</literal>, … and defaults to 2s (See
         <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for details on
-        the various time units available). The <varname>TriggerLimitBurst=</varname> setting takes an integer value and
+        the various time units understood). The <varname>TriggerLimitBurst=</varname> setting takes a positive integer
-        specifies the numer of permitted activations per time interval, and defaults to 2500 (thus by default
+        value and specifies the number of permitted activations per time interval, and defaults to 200 for
-        permitting 2500 activations per 5s). Set either to 0 to disable any form of trigger rate limiting. If the limit
+        <varname>Accept=yes</varname> sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20
-        is hit, the socket unit is placed into a failure mode, and will not be connectible anymore until
+        activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the
-        restarted. Note that this limit is enforced before the service activation is enqueued.</para></listitem>
+        socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this
+        limit is enforced before the service activation is enqueued.</para></listitem>
       </varlistentry>
 
     </variablelist>

src/core/socket.c

@@ -100,7 +100,8 @@ static void socket_init(Unit *u) {
 
         s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
 
-        RATELIMIT_INIT(s->trigger_limit, 5*USEC_PER_SEC, 2500);
+        s->trigger_limit.interval = USEC_INFINITY;
+        s->trigger_limit.burst = (unsigned) -1;
 }
 
 static void socket_unwatch_control_pid(Socket *s) {
@@ -328,6 +329,25 @@ static int socket_add_extras(Socket *s) {
 
         assert(s);
 
+        /* Pick defaults for the trigger limit, if nothing was explicitly configured. We pick a relatively high limit
+         * in Accept=yes mode, and a lower limit for Accept=no. Reason: in Accept=yes mode we are invoking accept()
+         * ourselves before the trigger limit can hit, thus incoming connections are taken off the socket queue quickly
+         * and reliably. This is different for Accept=no, where the spawned service has to take the incoming traffic
+         * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
+         * process whatever is queued in one go, and thus should normally never have to be started frequently. This is
+         * different for Accept=yes where each connection is processed by a new service instance, and thus frequent
+         * service starts are typical. */
+
+        if (s->trigger_limit.interval == USEC_INFINITY)
+                s->trigger_limit.interval = 2 * USEC_PER_SEC;
+
+        if (s->trigger_limit.burst == (unsigned) -1) {
+                if (s->accept)
+                        s->trigger_limit.burst = 200;
+                else
+                        s->trigger_limit.burst = 20;
+        }
+
         if (have_non_accept_socket(s)) {
 
                 if (!UNIT_DEREF(s->service)) {
@@ -620,8 +640,8 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
 
         if (!isempty(s->user) || !isempty(s->group))
                 fprintf(f,
-                        "%sOwnerUser: %s\n"
+                        "%sSocketUser: %s\n"
-                        "%sOwnerGroup: %s\n",
+                        "%sSocketGroup: %s\n",
                         prefix, strna(s->user),
                         prefix, strna(s->group));
 
@@ -1271,11 +1291,13 @@ static int socket_open_fds(Socket *s) {
 
                         /* Apply the socket protocol */
                         switch(p->address.type) {
+
                         case SOCK_STREAM:
                         case SOCK_SEQPACKET:
                                 if (p->socket->socket_protocol == IPPROTO_SCTP)
                                         p->address.protocol = p->socket->socket_protocol;
                                 break;
+
                         case SOCK_DGRAM:
                                 if (p->socket->socket_protocol == IPPROTO_UDPLITE)
                                         p->address.protocol = p->socket->socket_protocol;
@@ -1339,8 +1361,7 @@ static int socket_open_fds(Socket *s) {
                         }
                         break;
 
-                case SOCKET_USB_FUNCTION:
+                case SOCKET_USB_FUNCTION: {
-                {
                         _cleanup_free_ char *ep = NULL;
 
                         ep = path_make_absolute("ep0", p->path);