diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index 474f1d309d..ec145c3710 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -341,12 +341,13 @@
Backlog=
- Takes an unsigned integer argument. Specifies
- the number of connections to queue that have not been accepted
- yet. This setting matters only for stream and sequential
- packet sockets. See
- listen2
- for details. Defaults to SOMAXCONN (128).
+ Takes an unsigned 32bit integer argument. Specifies the number of connections to
+ queue that have not been accepted yet. This setting matters only for stream and sequential packet
+ sockets. See
+ listen2 for
+ details. Note that this value is silently capped by the net.core.somaxconn sysctl,
+ which typically defaults to 4096. By default this is set to 4294967295, so that the sysctl takes full
+ effect.
diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
index b323b1b99f..37763446bd 100644
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@@ -354,3 +354,10 @@ int connect_unix_path(int fd, int dir_fd, const char *path);
* protocol mismatch. */
int socket_address_parse_unix(SocketAddress *ret_address, const char *s);
int socket_address_parse_vsock(SocketAddress *ret_address, const char *s);
+
+/* libc's SOMAXCONN is defined to 128 or 4096 (at least on glibc). But actually, the value can be much
+ * larger. In our codebase we want to set it to the max usually, since noawadays socket memory is properly
+ * tracked by memcg, and hence we don't need to enforce extra limits here. Moreover, the kernel caps it to
+ * /proc/sys/net/core/somaxconn anyway, thus by setting this to unbounded we just make that sysctl file
+ * authoritative. */
+#define SOMAXCONN_DELUXE INT_MAX
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 3fef44e668..ba2cec4d77 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -972,7 +972,7 @@ int bus_init_private(Manager *m) {
if (r < 0)
return log_error_errno(errno, "Failed to bind private socket: %m");
- r = listen(fd, SOMAXCONN);
+ r = listen(fd, SOMAXCONN_DELUXE);
if (r < 0)
return log_error_errno(errno, "Failed to make private socket listening: %m");
diff --git a/src/core/socket.c b/src/core/socket.c
index f8fe62c919..8e7797139b 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -82,7 +82,7 @@ static void socket_init(Unit *u) {
assert(u);
assert(u->load_state == UNIT_STUB);
- s->backlog = SOMAXCONN;
+ s->backlog = SOMAXCONN_DELUXE;
s->timeout_usec = u->manager->default_timeout_start_usec;
s->directory_mode = 0755;
s->socket_mode = 0666;
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index 735e2c5e8b..222b036698 100644
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -938,7 +938,7 @@ int server_open_stdout_socket(Server *s, const char *stdout_socket) {
(void) chmod(sa.un.sun_path, 0666);
- if (listen(s->stdout_fd, SOMAXCONN) < 0)
+ if (listen(s->stdout_fd, SOMAXCONN_DELUXE) < 0)
return log_error_errno(errno, "listen(%s) failed: %m", sa.un.sun_path);
} else
(void) fd_nonblock(s->stdout_fd, true);
diff --git a/src/libsystemd/sd-bus/test-bus-watch-bind.c b/src/libsystemd/sd-bus/test-bus-watch-bind.c
index 987d151b55..a504437ac5 100644
--- a/src/libsystemd/sd-bus/test-bus-watch-bind.c
+++ b/src/libsystemd/sd-bus/test-bus-watch-bind.c
@@ -76,7 +76,7 @@ static void* thread_server(void *p) {
assert_se(bind(fd, &u.sa, sa_len) >= 0);
usleep(100 * USEC_PER_MSEC);
- assert_se(listen(fd, SOMAXCONN) >= 0);
+ assert_se(listen(fd, SOMAXCONN_DELUXE) >= 0);
usleep(100 * USEC_PER_MSEC);
assert_se(touch(path) >= 0);
diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c
index 3a7d6977f6..259f82eff4 100644
--- a/src/resolve/resolved-dns-stub.c
+++ b/src/resolve/resolved-dns-stub.c
@@ -1205,7 +1205,7 @@ static int manager_dns_stub_fd(
return -errno;
if (type == SOCK_STREAM &&
- listen(fd, SOMAXCONN) < 0)
+ listen(fd, SOMAXCONN_DELUXE) < 0)
return -errno;
r = sd_event_add_io(m->event, event_source, fd, EPOLLIN,
@@ -1295,7 +1295,7 @@ static int manager_dns_stub_fd_extra(Manager *m, DnsStubListenerExtra *l, int ty
goto fail;
if (type == SOCK_STREAM &&
- listen(fd, SOMAXCONN) < 0) {
+ listen(fd, SOMAXCONN_DELUXE) < 0) {
r = -errno;
goto fail;
}
diff --git a/src/resolve/resolved-llmnr.c b/src/resolve/resolved-llmnr.c
index 4ab455eb2f..8fac351ee6 100644
--- a/src/resolve/resolved-llmnr.c
+++ b/src/resolve/resolved-llmnr.c
@@ -392,7 +392,7 @@ int manager_llmnr_ipv4_tcp_fd(Manager *m) {
return log_error_errno(r, "LLMNR-IPv4(TCP): Failed to set SO_REUSEADDR: %m");
}
- r = listen(s, SOMAXCONN);
+ r = listen(s, SOMAXCONN_DELUXE);
if (r < 0)
return log_error_errno(errno, "LLMNR-IPv4(TCP): Failed to listen the stream: %m");
@@ -457,7 +457,7 @@ int manager_llmnr_ipv6_tcp_fd(Manager *m) {
return log_error_errno(r, "LLMNR-IPv6(TCP): Failed to set SO_REUSEADDR: %m");
}
- r = listen(s, SOMAXCONN);
+ r = listen(s, SOMAXCONN_DELUXE);
if (r < 0)
return log_error_errno(errno, "LLMNR-IPv6(TCP): Failed to listen the stream: %m");
diff --git a/src/shared/socket-netlink.c b/src/shared/socket-netlink.c
index e115dff506..0ba5762761 100644
--- a/src/shared/socket-netlink.c
+++ b/src/shared/socket-netlink.c
@@ -180,7 +180,7 @@ int make_socket_fd(int log_level, const char* address, int type, int flags) {
a.type = type;
- fd = socket_address_listen(&a, type | flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT,
+ fd = socket_address_listen(&a, type | flags, SOMAXCONN_DELUXE, SOCKET_ADDRESS_DEFAULT,
NULL, false, false, false, 0755, 0644, NULL);
if (fd < 0 || log_get_max_level() >= log_level) {
_cleanup_free_ char *p = NULL;
diff --git a/src/shared/varlink.c b/src/shared/varlink.c
index ab97af57e2..333cd3af58 100644
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@@ -2750,7 +2750,7 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t
return r;
}
- if (listen(fd, SOMAXCONN) < 0)
+ if (listen(fd, SOMAXCONN_DELUXE) < 0)
return -errno;
r = varlink_server_create_listen_fd_socket(s, fd, &ss);
diff --git a/src/test/test-socket-util.c b/src/test/test-socket-util.c
index 71ec766ca1..0259cbf3bb 100644
--- a/src/test/test-socket-util.c
+++ b/src/test/test-socket-util.c
@@ -444,9 +444,9 @@ TEST(flush_accept) {
assert_se(flush_accept(listen_dgram) < 0);
assert_se(flush_accept(listen_seqpacket) < 0);
- assert_se(listen(listen_stream, SOMAXCONN) >= 0);
- assert_se(listen(listen_dgram, SOMAXCONN) < 0);
- assert_se(listen(listen_seqpacket, SOMAXCONN) >= 0);
+ assert_se(listen(listen_stream, SOMAXCONN_DELUXE) >= 0);
+ assert_se(listen(listen_dgram, SOMAXCONN_DELUXE) < 0);
+ assert_se(listen(listen_seqpacket, SOMAXCONN_DELUXE) >= 0);
assert_se(flush_accept(listen_stream) >= 0);
assert_se(flush_accept(listen_dgram) < 0);
diff --git a/src/userdb/userdbd-manager.c b/src/userdb/userdbd-manager.c
index 80735b3fd9..8101ac52db 100644
--- a/src/userdb/userdbd-manager.c
+++ b/src/userdb/userdbd-manager.c
@@ -272,7 +272,7 @@ int manager_startup(Manager *m) {
if (r < 0)
return log_error_errno(r, "Failed to bind io.systemd.Multiplexer: %m");
- if (listen(m->listen_fd, SOMAXCONN) < 0)
+ if (listen(m->listen_fd, SOMAXCONN_DELUXE) < 0)
return log_error_errno(errno, "Failed to listen on socket: %m");
}