github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-16 08:27:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add a MaxWorkerRequests limit to mlogc to force recycling workers after they have processed a number of requests.

Browse Source
This commit is contained in:
b1v1r
2009-07-27 20:14:42 +00:00
parent 171ed2ec93
commit 5046369e0c
2 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apache2/mlogc-src/mlogc-default.conf
View File

@@ -64,6 +64,11 @@ ErrorLogLevel 3
# over a slow link (e.g. not over a LAN). # over a slow link (e.g. not over a LAN).
MaxConnections 10 MaxConnections 10
# How many requests a worker will process before recycling itself.
# This is to help prevent problems due to any memory leaks that may
# exists.
MaxWorkerRequests 1000
# The time each connection will sit idle before being reused, # The time each connection will sit idle before being reused,
# in milliseconds. Increase if you don't want ModSecurity Console # in milliseconds. Increase if you don't want ModSecurity Console
# to be hit with too many log collector requests. # to be hit with too many log collector requests.

23
apache2/mlogc-src/mlogc.c
View File

@@ -151,6 +151,7 @@ int keep_entries = 0;
const char *log_repository = NULL; const char *log_repository = NULL;
void *logline_regex = NULL; void *logline_regex = NULL;
int max_connections = 10; int max_connections = 10;
int max_worker_requests = 1000;
apr_global_mutex_t *gmutex = NULL; apr_global_mutex_t *gmutex = NULL;
apr_thread_mutex_t *mutex = NULL; apr_thread_mutex_t *mutex = NULL;
apr_pool_t *pool = NULL; apr_pool_t *pool = NULL;
@@ -835,6 +836,13 @@ static void init_configuration(void)
error_log(LOG_DEBUG2, NULL, "MaxConnections=%d", max_connections); error_log(LOG_DEBUG2, NULL, "MaxConnections=%d", max_connections);
} }
s = apr_table_get(conf, "MaxWorkerRequests");
if (s != NULL) {
int v = atoi(s);
if (v >= 0) max_worker_requests = v;
error_log(LOG_DEBUG2, NULL, "MaxWorkerRequests=%d", max_worker_requests);
}
s = apr_table_get(conf, "KeepAlive"); s = apr_table_get(conf, "KeepAlive");
if (s != NULL) { if (s != NULL) {
int v = atoi(s); int v = atoi(s);
@@ -1221,6 +1229,7 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data)
apr_pool_t *tpool; apr_pool_t *tpool;
struct curl_slist *headerlist = NULL; struct curl_slist *headerlist = NULL;
char curl_error_buffer[CURL_ERROR_SIZE] = ""; char curl_error_buffer[CURL_ERROR_SIZE] = "";
int num_requests = 0;
/* There is no need to do the sleep if this was an invalid entry /* There is no need to do the sleep if this was an invalid entry
* as the sleep is just to protect flooding the console server * as the sleep is just to protect flooding the console server
@@ -1311,6 +1320,11 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data)
error_log(LOG_DEBUG, thread, "Processing entry."); error_log(LOG_DEBUG, thread, "Processing entry.");
take_new = 0; take_new = 0;
/* Keep track of requests processed if we need to */
if (max_worker_requests > 0) {
num_requests++;
}
rc = pcre_exec(logline_regex, NULL, entry->line, entry->line_size, 0, 0, rc = pcre_exec(logline_regex, NULL, entry->line, entry->line_size, 0, 0,
capturevector, CAPTUREVECTORSIZE); capturevector, CAPTUREVECTORSIZE);
if (rc == PCRE_ERROR_NOMATCH) { /* No match. */ if (rc == PCRE_ERROR_NOMATCH) { /* No match. */
@@ -1479,6 +1493,15 @@ static void * APR_THREAD_FUNC thread_worker(apr_thread_t *thread, void *data)
take_new = 1; take_new = 1;
nodelay = 1; nodelay = 1;
} }
/* If we are tracking num_requests, then shutdown if we are
* over our threshold.
*/
if (num_requests && (num_requests >= max_worker_requests)) {
error_log(LOG_NOTICE, thread, "Reached max requests (%d) for this worker, exiting.", max_worker_requests);
goto THREAD_SHUTDOWN;
}
} }
THREAD_CLEANUP: THREAD_CLEANUP: