concurrency

Julien ÉLIE julien at trigofacile.com
Sat Sep 13 06:44:58 UTC 2014


Hi Nick,

>>> So far, inn working well, but I need to do two things, firstly, limit
>>> max user concurrency (8) at any given time, the closest I can find is
>>> running innd with -H -X which does not sound appropriate,
>>
>> I believe you should do that with a Perl or Python auth hook.
>
> Oh, really? wow, hard to imagine inn's been around for so long without
> basic features

I bet the reason is that it is very easy to do what you want to achieve 
with the very efficient Perl hooks facilities INN provides.

After a few searches on Google, I found out a bit of code written by 
Frédéric Senault:
     http://news.lacave.net/inn/auth_rate.pl

For your needs, this code should be run at access time (instead of auth 
time).

He basically checks user concurrency this way:

   my $oc = 0;

   open(P, '/bin/ps -ax |') && do {
     while(<P>) {
       if(/nnrpd: (\S*)/) {
         if($1 eq $attributes{hostname}) {
           $oc++;
         }
       }
     }
     close(P);
   };

   if($oc > $MAX) {
     sleep(2);
     return ( '502', 'Too many connections from your host' );
   }



> my manager has already questioned why it has taken so long, he's
> very relaxed with time management, else I would have been ordered to
> dump inn 5 days ago, but even his patience is running dry, all these
> hassles when with dnews its simple as adding into access.conf
[...]
> inn is so so so much more complex and although free

I confess INN is not "newbie-friendly" as you also say but on the other 
hand, you can customize it and achieve pretty interesting and powerful 
things with its hooks facilities (in Perl or Python).
Well, of course it implies that you know such languages, though they are 
not in fact complex (see the previous Perl code).



Regarding the other dnews extensions you mention (quota, input/output 
bandwidth speed...), and even the one discussed here, I see in our 
inn-workers archives that we talked about them:
   https://lists.isc.org/pipermail/inn-workers/2003-September/012063.html
   https://lists.isc.org/pipermail/inn-workers/2000-July/003386.html

It appears that the best way to do that is the use of xinetd (or a 
similar utility).  You then get a few handy features for controlling 
access at the TCP level and also get the advantage of any further 
improvements in those programs.
"No need to reinvent the wheel." :)


> Thank you everyone for your help, I certainly learned a lot in this
> past week, even if it turns out to be of no immediate use to us here,
> it might be if I ever change jobs in an IPv6 only world.

Good luck with your projects!  I am a bit sorry that INN did not fit 
your needs.  If only you had used the straight-forward adequate program 
(like xinetd) to fulfil your expectations on user tracking and limiting, 
you would have had a more pleasant experience!

-- 
Julien ÉLIE

« Quousque tandem ? » (Cicéron)


More information about the inn-workers mailing list