One of the more common issues I get at pyzmq is how to deal with running out of FDs. It is currently not possible to prevent libzmq aborting the process when the FD limit is exceeded, and inbound connections from peers are able to bring down whole server processes.
The reason for the abort is, if I recall, that for some of the places where allocating an FD fails, that failure would result in undefined behavior. My question is: Can we define the behavior for these failure cases? If so, that would eliminate the single most common remaining cause of libzmq aborts. I'm not sure where all of the FD requests are, but one is inbound connections. Is it possible/sensible to simply reject new connections if FD allocation fails? If anyone more familiar with the core can enumerate all of the FD allocations, then perhaps we can see if it's possible to have defined failures, rather than unrecoverable crashes. For pyzmq, it would even be preferable to render a Context and all of its sockets dead/unusable/closed, rather than aborting the process, but I doubt that would fly for libzmq devs. -MinRK
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
