Just to add to what Mike said On Thu, 2005-04-28 at 18:30, Michael Smith wrote:> > [2005-04-28 08:21:16] WARN connection/_accept_connection accept() failed > > with error 24: Too many open files...> 1) file descriptor leak. If it's this, that's a pretty serious icecast > bug, probably exploitable as a DoS attack.agreed, on linux check the /proc/<pid>/fd directory, use of utilities like lsof may indicate excessive file descriptor usage.> 2) Hitting a compiled-in limit. Usually, this should only happen if > you have quite a lot of clients connected (at least several hundred), > AND you've compiled it using select() rather than poll() - which > should only happen on systems that don't have poll(). You use linux, > right? If so, it's pretty unlikely that this is your problem.most have poll now, but select has a limit that was typically 1024 IIRC> 3) Hitting a kernel limit (either per-user or global). Unlikely unless > you have a lot of clients (hundreds or thousands). If it's a per-user > limit, it should be easy to change. If it's global... well, you'd need > at least a few thousand clients for that, so it's unlikely.check ulimit (-n) for open files, the default is 1024.> All in all, I'd say the first one (fd leak) is the most likely, but > there's not enough info here for me to guess at where (and if there > was, I couldn't do anything about it anyway - don't have my computer > with me here in Berlin :-).agreed, the logs may indicate an unusual pattern showing up karl.
Karl Heyes wrote:>> 1) file descriptor leak. If it's this, that's a pretty serious icecast >> bug, probably exploitable as a DoS attack. > > agreed, on linux check the /proc/<pid>/fd directory, use of utilities > like lsof may indicate excessive file descriptor usage.I don't appear to have lsof. What does it do? What should I be seeing in this directory? At time of writing, I see 92 entries.>> 3) Hitting a kernel limit (either per-user or global). Unlikely unless >> you have a lot of clients (hundreds or thousands). If it's a per-user >> limit, it should be easy to change. If it's global... well, you'd need >> at least a few thousand clients for that, so it's unlikely. > > check ulimit (-n) for open files, the default is 1024.Yeah it's 1024.>> All in all, I'd say the first one (fd leak) is the most likely, but >> there's not enough info here for me to guess at where (and if there >> was, I couldn't do anything about it anyway - don't have my computer >> with me here in Berlin :-). > > agreed, the logs may indicate an unusual pattern showing upWell, let me know if you want them, I wouldn't know what to look for. They're rather big. :) Geoff.
Geoff, lsof == List open files If you have it installed it should be in: /usr/sbin/lsof (At least that's where Debian puts it). You would use it like this: lsof -c icecast2 That would list every file (socket, pipe, regular file, etc.) open by every icecast2 process running. You could then grep for instances of values being present in particular fields in each record being returned, and count all instances of such values appearing in all records by using wc -l, etc. For example, you could use something like the following: root@aeicradio:~# lsof -c icecast2 | grep IPv4 | grep ESTABLISHED | wc -l 36 Which would tell you that you have 36 currently established TCP connections to your server. lsof is VERY usefull. What Linux version are you running? If Debian, just do an: apt-get install lsof If RedHat or a derivative, find the appropriate rpm and install it. On Apr 29, 2005, at 12:04 AM, Geoff Shang wrote:> Karl Heyes wrote: > >>> 1) file descriptor leak. If it's this, that's a pretty serious >>> icecast >>> bug, probably exploitable as a DoS attack. >> >> agreed, on linux check the /proc/<pid>/fd directory, use of utilities >> like lsof may indicate excessive file descriptor usage. > > I don't appear to have lsof. What does it do? > > What should I be seeing in this directory? At time of writing, I see > 92 entries. > >>> 3) Hitting a kernel limit (either per-user or global). Unlikely >>> unless >>> you have a lot of clients (hundreds or thousands). If it's a per-user >>> limit, it should be easy to change. If it's global... well, you'd >>> need >>> at least a few thousand clients for that, so it's unlikely. >> >> check ulimit (-n) for open files, the default is 1024. > > Yeah it's 1024. > >>> All in all, I'd say the first one (fd leak) is the most likely, but >>> there's not enough info here for me to guess at where (and if there >>> was, I couldn't do anything about it anyway - don't have my computer >>> with me here in Berlin :-). >> >> agreed, the logs may indicate an unusual pattern showing up > > Well, let me know if you want them, I wouldn't know what to look for. > They're rather big. :) > > Geoff. > > > _______________________________________________ > Icecast mailing list > Icecast@xiph.org > http://lists.xiph.org/mailman/listinfo/icecast >-- "Living is easy with eyes closed; misunderstanding all you see...." John Lennon Chuck Tellechea