Clear netlink receive queue after reading to avoid an overflow

tlsdated only reads its NETLINK_ROUTE socket until finding the first
RTM_NEWROUTE message. After that, it will sleep at least
wait_between_tries seconds before reading the socket again.

On subnets with many hosts (such as a large public WiFi), the kernel
can generate a _lot_ of route updates for IPv6 solicited-node multicast
addresses. If tlsdated does not read them fast enough, they will queue
up and eventually overflow the socket receive buffer. This results in an
ENOBUFS error which will cause the process to terminate itself.

This patch ensures that tlsdated always reads all available packets in
its netlink receive queue before proceeding. As we only care if there
have been any route updates at all during one read, the additional
packets can simply be discarded. This also makes sure that they will not
be read at a later date (and misinterpreted as current packets at a time
when there are no more route updates).

TEST=Join GoogleGuest or a similar large network. strace tlsdated and
observe how it will not die despite occasional large bursts of netlink

Change-Id: Idbaf4be6d888c45256220055242b6f9b4d77bc93
Signed-off-by: Julius Werner <>
Reviewed-by: Elly Jones <>
1 file changed