Re: Bug#2133: inetd(8) doesn't say whether/when looping services reenabled
Ian Jackson wrote:
> The manpage inetd(8) describes the `.max' suffix in the inetd.conf:
> The optional ``max'' suffix (separated from
> ``wait'' or ``nowait'' by a dot) specifies the maximum number of server
> instances that may be spawned from inetd within an interval of 60 sec-
> onds. When omitted, ``max'' defaults to 40.
>
> However, it doesn't say whether disabled services are reenabled
> automatically, and if so when.
>
> If disabled services are not reenabled automatically after a timeout
> they should be, IMO. If they are the timeout should be documented.
The next netbase package uses (a patched version of) the latest FreeBSD
inetd. It doesn't support the ".max" suffix anymore (it uses a global
command line option instead). The behaviour is also documented in the
manpage:
- service/protocol server failing (looping), service terminated.
The number of requests for the specified service in the past minute ex-
ceeded the limit. The limit exists to prevent a broken program or a mali-
cious user from swamping the system. This message may occur for several
reasons: 1) there are lots of hosts requesting the service within a short
time period, 2) a 'broken' client program is requesting the service too
frequently, 3) a malicious user is running a program to invoke the ser-
vice in a 'denial of service' attack, or 4) the invoked service program
has an error that causes clients to retry quickly. Use the [-R] option,
as described above, to change the rate limit. Once the limit is reached,
the service will be reenabled automatically in 10 minutes.
Peter
--
Peter Tobias EMail:
Fachhochschule Ostfriesland tobias@et-inf.fho-emden.de
Fachbereich Elektrotechnik und Informatik tobias@perseus.fho-emden.de
Constantiaplatz 4, 26723 Emden, Germany
Reply to: