Hello
I m away from a real computer and can t test anything till tuesday.
What you describe looks like a bug. To trigger the dos state you will need to have nuauth_max_unassigned_messages Unlogged packets. By default this is set to 2000 and you can icrease it if needed.
I will have a look at this issue has soon as possible. By the way don't hesitate to open an issue on nufw bugtracker: http://www.nufw.org/projects/nufw/issues
Best regards Eric Leblond, CTO address@hidden, http://www.edenwall.com Le 23 mars 2010 à 03:53, Glen Ogilvie <address@hidden> a écrit :
Hi,
I have noticed that on a couple of occasions problems with logging. I've seen messages like:
nuauth[14187]: [7] No packet logging to avoid logger DOS
appear in nuauth log. After this message, logging to the database for authenticated users stops, and does not seem to start again until nuauth is restarted. This breaks single sign on and traffic accounting.
It looks to me like nuauth is supposed to switch back from DOS mode when the g_thread_pool_unprocessed(nuauthdatas->user_loggers) < nuauthconf->max_unassigned_messages
called in: act_on_loggers_processing, which is called from the main_cleanup method in authsrv.c, which appears to me to be called by nuauth_main_loop using a timer.
I am a little lost as to how the thread pool (nuauthdatas->user_loggers) empties itself. Do the user_loggers thread have a timeout that will cause them to be destroyed or retry if they failed to log correctly, say for example that the DB was busy?
Any help around what I can do to: 1 - reduce the chance of packets not being logged 2 - get the system to come back out of DOS protection mode without a restart of nuauth would be appreciated. 3 - if this is a bug, then a patch to fix it would be good.
The version I am looking at is: 2.2.21
Regards
-- Glen Ogilvie Open Systems Specialists Level 1, 162 Grafton Road http://www.oss.co.nz/
Ph: +64 9 984 3000 Mobile: +64 21 684 146 GPG Key: ACED9C17
_______________________________________________ Nufw-devel mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/nufw-devel
|