123468 – xinetd not honoring "instances" config

Bug 123468 - xinetd not honoring "instances" config

Summary: xinetd not honoring "instances" config

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	xinetd
Sub Component:
Version:	1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jay Fenlason
QA Contact:	Brock Organ
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-05-18 20:33 UTC by Chris Adams
Modified:	2014-08-31 23:26 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2006-10-28 17:19:07 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Chris Adams 2004-05-18 20:33:53 UTC

I run a Fedora mirror, mirror.hiwaay.net, and I run vsftpd from
xinetd.  I've got the following in /etc/xinetd.d/vsftpd:

# vsftpd is the secure FTP server.
service ftp
{
        disable = no
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/vsftpd
        server_args             = /etc/vsftpd/vsftpd.conf
        per_source              = 3
        instances               = 150
        cps                     = 50 5
        banner_fail             = /etc/vsftpd.busy_banner
        log_on_success          += PID HOST DURATION
        log_on_failure          += HOST
        flags                   = NOLIBWRAP KEEPALIVE
}

However, either xinetd is losing track of connections, not counting
correctly, or ignoring the "instances" line; right now (after the FC2
release), I've got 482 active connections (so the people downloading
are getting _really_ slow rates).

I think this used to work, but there haven't been any xinetd updates,
so unless a kernel update broke it, I don't know why it would have
stopped.

In a couple of weeks (i.e. after the initial FC2 rush is off) I'll
upgrade to FC2 and see what that does.  If I get a chance, I'll go
ahead and try the FC2 xinetd (rebuilt under FC1).

Comment 1 Chris Adams 2004-05-18 21:01:16 UTC

A little more poking: it really looks like xinetd "leaks" under load.
 I checked the log, and I do see "FAIL: ftp service_limit" messages. 
I stopped xinetd (and killed the open connections) and restarted it,
and it seems to be holding steady at 150.  It also is logging a _lot_
more "FAIL: ftp service_limit" messages now.

Comment 2 Matthew Miller 2006-07-11 17:41:20 UTC

Fedora Core 1 is maintained by the Fedora Legacy project for security updates
only. If this problem is a security issue, please reopen and reassign to the
Fedora Legacy product. If it is not a security issue and hasn't been resolved in
the current FC5 updates or in the FC6 test release, reopen and change the
version to match.

Thanks!

NOTE: Fedora Core 1 is reaching the final end of support even by the Legacy
project. After Fedora Core 6 Test 2 is released (currently scheduled for July
26th), there will be no more security updates for FC1. Please use these next two
weeks to upgrade any remaining FC1 systems to a current release.

Comment 3 John Thacker 2006-10-28 17:19:07 UTC

Note that FC1 and FC2 are no longer supported even by Fedora Legacy.  Many
changes have occurred since these older releases.  Please install a supported
version of Fedora Core and retest.  If this still occurs on FC3 or FC4, please
assign to that version and Fedora Legacy.  If it still occurs on FC5 or FC6,
please reopen and assign to the correct version.  Thanks!

Note You need to log in before you can comment on or make changes to this bug.