Package: sysklogd
Version: 1.4.1-17
Because calls to syslog(3) are blocking and syslogd is
single-threaded and calls gethostbyaddr(3) for each line
logged, it is possible for syslogd to deadlock against
named. This occurs when all named threads are waiting in
syslog(3) (waiting for syslogd to process those packets)
and therefore unable to process the DNS requests generated
by gethostbyaddr(3).
The relevant code is this bit of syslog.c, from line 1123:
if (InetInuse && AcceptRemote && FD_ISSET(inetm, &readfds)) {
len = sizeof(frominet);
memset(line, '\0', sizeof(line));
i = recvfrom(finet, line, MAXLINE - 2, 0, \
(struct sockaddr *) &frominet, &len);
dprintf("Message from inetd socket: #%d, host: %s\n",
inetm, inet_ntoa(frominet.sin_addr));
if (i > 0) {
line[i] = line[i+1] = '\0';
from = (char *)cvthname(&frominet);
cvthname (line 2049) calls gethostbyaddr.
The workaround for this problem is to put the hostnames
and IP addresses of all of the hosts from which syslogd
receives log messages in /etc/hosts (or some other source
which can be accessed without the risk of deadlock).
Where this is not practical an obvious workaround would be
to disable calls to gethostbyaddr(3); there's no
command-line option for this, but the patch is trivial. A
better solution would be for syslogd to use an
asynchronous DNS library such as ARES so that name
resolution never blocked. A partial solution would be to
have syslogd fork a separate process for receiving lines
from the network, but this would only help in the case of
a *local* DNS server -- it could still deadlock against a
DNS server on a remote machine from which it was receiving
log lines.
See also this linux-kernel discussion:
http://www.ussg.iu.edu/hypermail/linux/kernel/0010.2/1130.html
though much of it (in particular the suggestion about
fsync) is irrelevant.
--
Chris Lightfoot
mySociety
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
