From d58bfb8a1b519afffa6796d16f49b9de7c4fef8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Pa=C3=B1eda?= Date: Wed, 4 Mar 2026 17:51:01 +0100 Subject: [PATCH] net/udprelay: use GOMAXPROCS instead of NumCPU for socket count MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit runtime.NumCPU() returns the number of CPUs on the host, which in containerized environments is the node's CPU count rather than the container's CPU limit. This causes excessive memory allocation in pods with low CPU requests running on large nodes, as each socket's packetReadLoop allocates significant buffer memory. Use runtime.GOMAXPROCS(0) instead, which is container-aware since Go 1.25 and respects CPU limits set via cgroups. Fixes #18774 Signed-off-by: Daniel PaƱeda --- net/udprelay/server.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/udprelay/server.go b/net/udprelay/server.go index 3d8709044..03d8e3dc3 100644 --- a/net/udprelay/server.go +++ b/net/udprelay/server.go @@ -651,8 +651,9 @@ func trySetSOMark(logf logger.Logf, netMon *netmon.Monitor, network, address str // single packet syscall operations. func (s *Server) bindSockets(desiredPort uint16) error { // maxSocketsPerAF is a conservative starting point, but is somewhat - // arbitrary. - maxSocketsPerAF := min(16, runtime.NumCPU()) + // arbitrary. Use GOMAXPROCS rather than NumCPU as it is container-aware + // and respects CPU limits/quotas set via cgroups. + maxSocketsPerAF := min(16, runtime.GOMAXPROCS(0)) listenConfig := &net.ListenConfig{ Control: func(network, address string, c syscall.RawConn) error { trySetReusePort(network, address, c)