nnrpd issue

Pavel V. Knyazev pasha at surnet.ru
Tue Nov 19 16:31:18 UTC 2002


----- Original Message -----
From: "Russ Allbery" <rra at stanford.edu>
To: <inn-workers at isc.org>


> > I've got problems even after 5-6 hours after an expiration process has
> > gone.  We refuse all cancel articles. As i understand checkart doesn't
> > play any role over here - 'next' must know if an article exists in the
> > spool. I didn't say there's a problem retreiving articles without 'next'
> > - nope it's all ok! Only 'next' slows down my system without giving any
> > answer in a proper time.
>
> If you have nnrpdcheckart turned on, it's still doing work, even if it
> doesn't need to.  I'd try turning that off and seeing if that helps any.

Believe me, i wouldn't ask such stupid questions that may sound like
"Who's guilty and what to do?". nnrpdcheckart has been disabled
a long time ago. nnrpdcheckart doesn't influence on how many time
'next' does its work. And this time depends on how many time has passed
since expireover has gone:
4.00am - exp finished,
3.20pm - 30 secs,
7.15pm - 55 secs,
9.10pm - 62 secs.

Don't you think 60 seconds is TOO much for a good work?
I do. Client software (and our customers) get "nervous" if they
can't receive an answer. Also, i wrote it already, nnrpd doesn't
hesitate to eat all CPU time. INN is susceptible to overload attacks
somehow. And for the moment there's no workaround ways -
i'd like to see 'max connections per reader' option at least.
At any moment now an attacker may open
a lot of sessions and ask for a 'next' command.

--
Pavel



More information about the inn-workers mailing list