| 1 |
swegener 14/06/29 18:18:56 |
| 2 |
|
| 3 |
Added: pdns-recursor-3.3-fdlimit.patch |
| 4 |
Log: |
| 5 |
Include bugfix for security bug #514946. |
| 6 |
|
| 7 |
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x64D4CF24) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 net-dns/pdns-recursor/files/pdns-recursor-3.3-fdlimit.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/pdns-recursor/files/pdns-recursor-3.3-fdlimit.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/pdns-recursor/files/pdns-recursor-3.3-fdlimit.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: pdns-recursor-3.3-fdlimit.patch |
| 16 |
=================================================================== |
| 17 |
--- pdns-recursor-3.3/misc.cc |
| 18 |
+++ pdns-recursor-3.3/misc.cc |
| 19 |
@@ -22,6 +22,7 @@ |
| 20 |
#include <netdb.h> |
| 21 |
#include <sys/time.h> |
| 22 |
#include <time.h> |
| 23 |
+#include <sys/resource.h> |
| 24 |
#include <netinet/in.h> |
| 25 |
#include <unistd.h> |
| 26 |
#endif // WIN32 |
| 27 |
@@ -697,3 +698,22 @@ |
| 28 |
} while(!strchr(buffer, '\n')); |
| 29 |
return true; |
| 30 |
} |
| 31 |
+ |
| 32 |
+unsigned int getFilenumLimit(bool hardOrSoft) |
| 33 |
+{ |
| 34 |
+ struct rlimit rlim; |
| 35 |
+ if(getrlimit(RLIMIT_NOFILE, &rlim) < 0) |
| 36 |
+ unixDie("Requesting number of available file descriptors"); |
| 37 |
+ return hardOrSoft ? rlim.rlim_max : rlim.rlim_cur; |
| 38 |
+} |
| 39 |
+ |
| 40 |
+void setFilenumLimit(unsigned int lim) |
| 41 |
+{ |
| 42 |
+ struct rlimit rlim; |
| 43 |
+ |
| 44 |
+ if(getrlimit(RLIMIT_NOFILE, &rlim) < 0) |
| 45 |
+ unixDie("Requesting number of available file descriptors"); |
| 46 |
+ rlim.rlim_cur=lim; |
| 47 |
+ if(setrlimit(RLIMIT_NOFILE, &rlim) < 0) |
| 48 |
+ unixDie("Setting number of available file descriptors"); |
| 49 |
+} |
| 50 |
--- pdns-recursor-3.3/misc.hh |
| 51 |
+++ pdns-recursor-3.3/misc.hh |
| 52 |
@@ -445,4 +445,7 @@ |
| 53 |
std::string dotConcat(const std::string& a, const std::string &b); |
| 54 |
int makeIPv6sockaddr(const std::string& addr, struct sockaddr_in6* ret); |
| 55 |
bool stringfgets(FILE* fp, std::string& line); |
| 56 |
+ |
| 57 |
+unsigned int getFilenumLimit(bool hardOrSoft=0); |
| 58 |
+void setFilenumLimit(unsigned int lim); |
| 59 |
#endif |
| 60 |
--- pdns-recursor-3.3/pdns_recursor.cc |
| 61 |
+++ pdns-recursor-3.3/pdns_recursor.cc |
| 62 |
@@ -1740,7 +1740,21 @@ |
| 63 |
|
| 64 |
g_tcpTimeout=::arg().asNum("client-tcp-timeout"); |
| 65 |
g_maxTCPPerClient=::arg().asNum("max-tcp-per-client"); |
| 66 |
- g_maxMThreads=::arg().asNum("max-mthreads"); |
| 67 |
+ g_maxMThreads=::arg().asNum("max-mthreads"); |
| 68 |
+ unsigned int availFDs=getFilenumLimit(); |
| 69 |
+ if(g_maxMThreads * g_numThreads > availFDs) { |
| 70 |
+ if(getFilenumLimit(true) >= g_maxMThreads * g_numThreads) { |
| 71 |
+ setFilenumLimit(g_maxMThreads * g_numThreads); |
| 72 |
+ L<<Logger::Warning<<"Raised soft limit on number of filedescriptors to "<<g_maxMThreads * g_numThreads<<" to match max-mthreads and threads settings"<<endl; |
| 73 |
+ } |
| 74 |
+ else { |
| 75 |
+ int newval = getFilenumLimit(true) / g_numThreads; |
| 76 |
+ L<<Logger::Warning<<"Insufficient number of filedescriptors available for max-mthreads*threads setting! ("<<availFDs<<" < "<<g_maxMThreads*g_numThreads<<"), reducing max-mthreads to "<<newval<<endl; |
| 77 |
+ g_maxMThreads = newval; |
| 78 |
+ } |
| 79 |
+ |
| 80 |
+ |
| 81 |
+ } |
| 82 |
|
| 83 |
if(g_numThreads == 1) { |
| 84 |
L<<Logger::Warning<<"Operating unthreaded"<<endl; |
Archives