On Fri, 30 Apr 2004, Joe Maimon wrote:
; Andy Fiddaman wrote:
; >How about implementing this as a semaphore in the eom callback, i.e.
; >
; >decrement semaphore;
; >scan using clamd
; >increment semaphore;
; >
; >That would limit the number of simultaneous scans and keep the
; >synchronisation completely within the eom() callback, so fixing the
; >problem with some threads exiting without decrementing the current
; >counter.
; >
; >
; Yes but waiting around will cause sendmail processes to pile up,
; producing the DoS effect anyways (perhaps even worse). You are also
; delaying all other milters on the system.
I didn't put very much detail in the pseudo code (I should have) but I'd
assumed something like. Initialise the semaphore with the number of concurrent
scans you want and either return tempfail if you can't get a semaphore
or wait for a few seconds to see if one becomes available. This is certainly
no worse than the current implementation in terms of processes piling up.
What I actually want to limit on my boxes is the number of concurrent scans,
not the number of milter threads since 1 thread == 1 incoming email (over
the initial signal threads etc.) and sendmail can control that itself.
Other people may have different priorities.
I'm currently using something similar to the code below. Because each thread
that grabs a semaphore should return it fairly quickly and deterministically
(i.e. as soon as it reads a response from clamd) any waiting threads should
get a chance to run fairly quickly.
.. in main() ..
if (sem_init(&max_scans, 0, max_children) == -1)
{
syslog(LOG_ALERT, "Could not initialise thread semaphore - %s",
strerror(errno));
exit(1);
}
.. and in clamfi_eom() ..
i = 61;
while (sem_trywait(&max_scans) == -1)
{
if (errno != EAGAIN)
{
syslog(LOG_ALERT, "Couldn't get a semaphore, %s",
strerror(errno));
return SMFIS_TEMPFAIL;
}
if (!i--)
{
syslog(LOG_ALERT,
"No semaphores available, giving up.");
return SMFIS_TEMPFAIL;
}
if (!(i %10))
mlog(LOG_ALERT, "No semaphores available, sleeping.");
sleep(1);
}
.. do scan ..
if (sem_post(&max_scans) == -1)
syslog(LOG_ALERT, "Couldn't increment semaphore, %s",
strerror(errno));
if (debug_level)
{
int threads;
sem_getvalue(&max_scans, &threads);
mlog(LOG_DEBUG, "Scanning thread exiting, %d now available.",
threads);
}
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
