Package: approx
Version: 5.7-3
Severity: normal
Tags: patch
User: de...@kali.org
Usertags: origin-kali
I have installed approx on a server where I run many tests with jenkins,
the tests make heavy use of the debian repositories (debootstrap, install
of large metapackages, etc) and since the system is working very quickly,
it does trigger the default burst limit that systemd configures on socket.
$ man systemd.socket
[...]
TriggerLimitIntervalSec=, TriggerLimitBurst=
Configures a limit on how often this socket unit my be
activated within a specific time interval. The
TriggerLimitIntervalSec= may be used to configure the length of
the time interval in the usual time units "us", "ms", "s",
"min", "h", ... and defaults to 2s (See systemd.time(7) for
details on the various time units understood). The
TriggerLimitBurst= setting takes a positive integer value and
specifies the number of permitted activations per time
interval, and defaults to 200 for Accept=yes sockets (thus by
default permitting 200 activations per 2s), and 20 otherwise
(20 activations per 2s). Set either to 0 to disable any form of
trigger rate limiting. If the limit is hit, the socket unit is
placed into a failure mode, and will not be connectible anymore
until restarted. Note that this limit is enforced before the
service activation is enqueued.
I worked around this with a custom configuration:
# cat /etc/systemd/system/approx.socket.d/kali.conf
[Socket]
# Disable any trigger limit
TriggerLimitIntervalSec=0
TriggerLimitBurst=0
But IMO the default configuration should work even when you make heavy use
of the package repositories... so I would like to see this in your default
approx.socket. Or at least you should raise the limit to something larger
like a few thousands requests.
--- etc/approx.socket.orig 2017-12-18 16:37:50.276492000 +0100
+++ etc/approx.socket 2017-12-18 16:39:01.132021756 +0100
@@ -5,6 +5,9 @@
[Socket]
ListenStream=9999
Accept=yes
+# apt makes many short requests in a small timeframe, disable the default
+# burst limit
+TriggerLimitBurst=0
[Install]
WantedBy=sockets.target
-- System Information:
Debian Release: buster/sid
APT prefers oldoldstable
APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500,
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages approx depends on:
ii adduser 3.116
ii bzip2 1.0.6-8.1
ii curl 7.57.0-1
ii debconf [debconf-2.0] 1.5.65
ii init-system-helpers 1.51
ii libc6 2.25-5
ii libgmp10 2:6.1.2+dfsg-1.1
ii libpcre3 2:8.39-8
ii openbsd-inetd [inet-superserver] 0.20160825-3
iu rsyslog [system-log-daemon] 8.31.0-2
ii update-inetd 4.44
ii xz-utils 5.2.2-1.3
ii zlib1g 1:1.2.8.dfsg-5
approx recommends no packages.
Versions of packages approx suggests:
ii libconfig-model-approx-perl 1.010-1
