Package: approx Version: 5.7-3 Severity: normal Tags: patch User: de...@kali.org Usertags: origin-kali
I have installed approx on a server where I run many tests with jenkins, the tests make heavy use of the debian repositories (debootstrap, install of large metapackages, etc) and since the system is working very quickly, it does trigger the default burst limit that systemd configures on socket. $ man systemd.socket [...] TriggerLimitIntervalSec=, TriggerLimitBurst= Configures a limit on how often this socket unit my be activated within a specific time interval. The TriggerLimitIntervalSec= may be used to configure the length of the time interval in the usual time units "us", "ms", "s", "min", "h", ... and defaults to 2s (See systemd.time(7) for details on the various time units understood). The TriggerLimitBurst= setting takes a positive integer value and specifies the number of permitted activations per time interval, and defaults to 200 for Accept=yes sockets (thus by default permitting 200 activations per 2s), and 20 otherwise (20 activations per 2s). Set either to 0 to disable any form of trigger rate limiting. If the limit is hit, the socket unit is placed into a failure mode, and will not be connectible anymore until restarted. Note that this limit is enforced before the service activation is enqueued. I worked around this with a custom configuration: # cat /etc/systemd/system/approx.socket.d/kali.conf [Socket] # Disable any trigger limit TriggerLimitIntervalSec=0 TriggerLimitBurst=0 But IMO the default configuration should work even when you make heavy use of the package repositories... so I would like to see this in your default approx.socket. Or at least you should raise the limit to something larger like a few thousands requests. --- etc/approx.socket.orig 2017-12-18 16:37:50.276492000 +0100 +++ etc/approx.socket 2017-12-18 16:39:01.132021756 +0100 @@ -5,6 +5,9 @@ [Socket] ListenStream=9999 Accept=yes +# apt makes many short requests in a small timeframe, disable the default +# burst limit +TriggerLimitBurst=0 [Install] WantedBy=sockets.target -- System Information: Debian Release: buster/sid APT prefers oldoldstable APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages approx depends on: ii adduser 3.116 ii bzip2 1.0.6-8.1 ii curl 7.57.0-1 ii debconf [debconf-2.0] 1.5.65 ii init-system-helpers 1.51 ii libc6 2.25-5 ii libgmp10 2:6.1.2+dfsg-1.1 ii libpcre3 2:8.39-8 ii openbsd-inetd [inet-superserver] 0.20160825-3 iu rsyslog [system-log-daemon] 8.31.0-2 ii update-inetd 4.44 ii xz-utils 5.2.2-1.3 ii zlib1g 1:1.2.8.dfsg-5 approx recommends no packages. Versions of packages approx suggests: ii libconfig-model-approx-perl 1.010-1