[Icecast] Re: Anyone seen this?
geoff at hitsandpieces.net
Thu Apr 28 20:55:55 PDT 2005
Michael Smith wrote:
> Generally speaking, this sort of thing happens for one of three reasons:
> 1) file descriptor leak. If it's this, that's a pretty serious icecast
> bug, probably exploitable as a DoS attack.
> 2) Hitting a compiled-in limit. Usually, this should only happen if
> you have quite a lot of clients connected (at least several hundred),
Presumably you mean concurrently. I don't know the exact figure, but it
was almost certainly fewer than 100, and quite probably fewer than 50.
> AND you've compiled it using select() rather than poll() - which
> should only happen on systems that don't have poll(). You use linux,
> right? If so, it's pretty unlikely that this is your problem.
configure:19034: checking for poll
configure:19084: gcc -o conftest -g -O2 conftest.c >&5
configure:19087: $? = 0
configure:19090: test -s conftest
configure:19093: $? = 0
configure:19104: result: yes
> 3) Hitting a kernel limit (either per-user or global). Unlikely unless
> you have a lot of clients (hundreds or thousands). If it's a per-user
> limit, it should be easy to change. If it's global... well, you'd need
> at least a few thousand clients for that, so it's unlikely.
Like I said, definitely not a lot of concurrent users, particularly at the
time of day it occured (08:21 GMT).
> All in all, I'd say the first one (fd leak) is the most likely, but
> there's not enough info here for me to guess at where (and if there
> was, I couldn't do anything about it anyway - don't have my computer
> with me here in Berlin :-).
Yeah, I realise the scarcity of information here, but there's really
nothing to see. Nothing unusual happened before it started, and obviously
not a lot could happen after.
Apart from keeping an eye on things, is there anything else I can do?
More information about the Icecast