nufw-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nufw-devel] DOS mode, packet logging

From: Eric Leblond
Subject: Re: [Nufw-devel] DOS mode, packet logging
Date: Sat, 27 Mar 2010 10:24:49 +0100
Hello

I m away from a real computer and can t test anything till tuesday. 

What you describe looks like a bug. To trigger the dos state you will need to have nuauth_max_unassigned_messages 
Unlogged packets. By default this is set to 2000 and you can icrease it if needed.

I will have a look at this issue has soon as possible. By the way don't hesitate to open an issue on nufw bugtracker:
http://www.nufw.org/projects/nufw/issues

Best regards

Eric Leblond, CTO
address@hidden, http://www.edenwall.com


Le 23 mars 2010 à 03:53, Glen Ogilvie <address@hidden> a écrit :

Hi,

I have noticed that on a couple of occasions problems with logging.
I've seen messages like:

nuauth[14187]: [7] No packet logging to avoid logger DOS

appear in nuauth log.  After this message, logging to the database for authenticated users
stops, and does not seem to start again until nuauth is restarted.  This breaks single sign on and traffic
accounting.

It looks to me like nuauth is supposed to switch back from DOS mode
when the g_thread_pool_unprocessed(nuauthdatas->user_loggers) < nuauthconf->max_unassigned_messages

called in: act_on_loggers_processing, which is called from the main_cleanup method in authsrv.c, which
appears to me to be called by nuauth_main_loop using a timer.

I am a little lost as to how the thread pool (nuauthdatas->user_loggers) empties itself.   Do the user_loggers thread have a timeout that will cause them to be destroyed or retry if they failed to log correctly, say for example that the DB was busy?

Any help around what I can do to:
1 - reduce the chance of packets not being logged
2 - get the system to come back out of DOS protection mode without a restart of nuauth would be appreciated.  
3 - if this is a bug, then a patch to fix it would be good.

The version I am looking at is: 2.2.21

Regards

--
Glen Ogilvie
Open Systems Specialists
Level 1, 162 Grafton Road
http://www.oss.co.nz/

Ph: +64 9 984 3000
Mobile: +64 21 684 146
GPG Key: ACED9C17


_______________________________________________
Nufw-devel mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/nufw-devel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]