[Icecast] Re: Anyone seen this?
karl at xiph.org
Thu Apr 28 19:49:36 UTC 2005
Just to add to what Mike said
On Thu, 2005-04-28 at 18:30, Michael Smith wrote:
> > [2005-04-28 08:21:16] WARN connection/_accept_connection accept() failed
> > with error 24: Too many open files
> 1) file descriptor leak. If it's this, that's a pretty serious icecast
> bug, probably exploitable as a DoS attack.
agreed, on linux check the /proc/<pid>/fd directory, use of utilities
like lsof may indicate excessive file descriptor usage.
> 2) Hitting a compiled-in limit. Usually, this should only happen if
> you have quite a lot of clients connected (at least several hundred),
> AND you've compiled it using select() rather than poll() - which
> should only happen on systems that don't have poll(). You use linux,
> right? If so, it's pretty unlikely that this is your problem.
most have poll now, but select has a limit that was typically 1024 IIRC
> 3) Hitting a kernel limit (either per-user or global). Unlikely unless
> you have a lot of clients (hundreds or thousands). If it's a per-user
> limit, it should be easy to change. If it's global... well, you'd need
> at least a few thousand clients for that, so it's unlikely.
check ulimit (-n) for open files, the default is 1024.
> All in all, I'd say the first one (fd leak) is the most likely, but
> there's not enough info here for me to guess at where (and if there
> was, I couldn't do anything about it anyway - don't have my computer
> with me here in Berlin :-).
agreed, the logs may indicate an unusual pattern showing up
More information about the Icecast