swegener 14/06/29 18:18:56 Added: pdns-recursor-3.3-fdlimit.patch Log: Include bugfix for security bug #514946. (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x64D4CF24)
Revision Changes Path 1.1 net-dns/pdns-recursor/files/pdns-recursor-3.3-fdlimit.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/pdns-recursor/files/pdns-recursor-3.3-fdlimit.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dns/pdns-recursor/files/pdns-recursor-3.3-fdlimit.patch?rev=1.1&content-type=text/plain Index: pdns-recursor-3.3-fdlimit.patch =================================================================== --- pdns-recursor-3.3/misc.cc +++ pdns-recursor-3.3/misc.cc @@ -22,6 +22,7 @@ #include <netdb.h> #include <sys/time.h> #include <time.h> +#include <sys/resource.h> #include <netinet/in.h> #include <unistd.h> #endif // WIN32 @@ -697,3 +698,22 @@ } while(!strchr(buffer, '\n')); return true; } + +unsigned int getFilenumLimit(bool hardOrSoft) +{ + struct rlimit rlim; + if(getrlimit(RLIMIT_NOFILE, &rlim) < 0) + unixDie("Requesting number of available file descriptors"); + return hardOrSoft ? rlim.rlim_max : rlim.rlim_cur; +} + +void setFilenumLimit(unsigned int lim) +{ + struct rlimit rlim; + + if(getrlimit(RLIMIT_NOFILE, &rlim) < 0) + unixDie("Requesting number of available file descriptors"); + rlim.rlim_cur=lim; + if(setrlimit(RLIMIT_NOFILE, &rlim) < 0) + unixDie("Setting number of available file descriptors"); +} --- pdns-recursor-3.3/misc.hh +++ pdns-recursor-3.3/misc.hh @@ -445,4 +445,7 @@ std::string dotConcat(const std::string& a, const std::string &b); int makeIPv6sockaddr(const std::string& addr, struct sockaddr_in6* ret); bool stringfgets(FILE* fp, std::string& line); + +unsigned int getFilenumLimit(bool hardOrSoft=0); +void setFilenumLimit(unsigned int lim); #endif --- pdns-recursor-3.3/pdns_recursor.cc +++ pdns-recursor-3.3/pdns_recursor.cc @@ -1740,7 +1740,21 @@ g_tcpTimeout=::arg().asNum("client-tcp-timeout"); g_maxTCPPerClient=::arg().asNum("max-tcp-per-client"); - g_maxMThreads=::arg().asNum("max-mthreads"); + g_maxMThreads=::arg().asNum("max-mthreads"); + unsigned int availFDs=getFilenumLimit(); + if(g_maxMThreads * g_numThreads > availFDs) { + if(getFilenumLimit(true) >= g_maxMThreads * g_numThreads) { + setFilenumLimit(g_maxMThreads * g_numThreads); + L<<Logger::Warning<<"Raised soft limit on number of filedescriptors to "<<g_maxMThreads * g_numThreads<<" to match max-mthreads and threads settings"<<endl; + } + else { + int newval = getFilenumLimit(true) / g_numThreads; + L<<Logger::Warning<<"Insufficient number of filedescriptors available for max-mthreads*threads setting! ("<<availFDs<<" < "<<g_maxMThreads*g_numThreads<<"), reducing max-mthreads to "<<newval<<endl; + g_maxMThreads = newval; + } + + + } if(g_numThreads == 1) { L<<Logger::Warning<<"Operating unthreaded"<<endl;