[Icecast] Re: Anyone seen this?

Geoff Shang geoff at hitsandpieces.net
Fri Apr 29 03:55:55 UTC 2005

Michael Smith wrote:

> Generally speaking, this sort of thing happens for one of three reasons:
> 1) file descriptor leak. If it's this, that's a pretty serious icecast
> bug, probably exploitable as a DoS attack.
> 2) Hitting a compiled-in limit. Usually, this should only happen if
> you have quite a lot of clients connected (at least several hundred),

Presumably you mean concurrently.   I don't know the exact figure, but it 
was almost certainly fewer than 100, and quite probably fewer than 50.

> AND you've compiled it using select() rather than poll() - which
> should only happen on systems that don't have poll(). You use linux,
> right? If so, it's pretty unlikely that this is your problem.

configure:19034: checking for poll
configure:19084: gcc -o conftest -g -O2   conftest.c  >&5
configure:19087: $? = 0
configure:19090: test -s conftest
configure:19093: $? = 0
configure:19104: result: yes

> 3) Hitting a kernel limit (either per-user or global). Unlikely unless
> you have a lot of clients (hundreds or thousands). If it's a per-user
> limit, it should be easy to change. If it's global... well, you'd need
> at least a few thousand clients for that, so it's unlikely.

Like I said, definitely not a lot of concurrent users, particularly at the 
time of day it occured (08:21 GMT).

> All in all, I'd say the first one (fd leak) is the most likely, but
> there's not enough info here for me to guess at where (and if there
> was, I couldn't do anything about it anyway - don't have my computer
> with me here in Berlin :-).

Yeah, I realise the scarcity of information here, but there's really 
nothing to see.  Nothing unusual happened before it started, and obviously 
not a lot could happen after.

Apart from keeping an eye on things, is there anything else I can do?


More information about the Icecast mailing list