Bug 164549

Summary:	sys-apps/ucspi-tcp - tcpserver: ignore some variables - limits
Product:	Gentoo Linux	Reporter:	tomas charvat <tc>
Component:	Current packages	Assignee:	Qmail Team (OBSOLETE) <qmail-bugs+disabled>
Status:	RESOLVED WONTFIX
Severity:	major	CC:	pribeiro-gentoo
Priority:	High
Version:	2006.1
Hardware:	All
OS:	Linux
URL:	http://linux.voyager.hr/ucspi-tcp/files/tcpserver-limits-2004-03-27.diff
Whiteboard:
Package list:		Runtime testing required:	---

Description tomas charvat 2007-01-30 14:33:15 UTC

Greeting,

i tried this with qmail and netqmail with the same result.
My qmail CDB file after rule check looks like this.
tcprulescheck /etc/tcprules.d/tcp.qmail-smtp.cdb
rule :
set environment variable QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl
set environment variable MAXCONNIP=2
set environment variable DIEMSG=421 , ze vseho nejhorsi jsou trpaslici
allow connection

my /etc/tcprules.d/tcp.qmail-smtp looks have just this 1 line.
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl",MAXCONNIP="2",DIEMSG="421 , ze vseho nejhorsi jsou trpaslici"

But when i open 3 or 4 TCP connections to 25 from telnet, nothing will happen. Tcpserver ignore MAXCONNIP variable. 
I would expect my DIEMSG for 3rd connection.

There are no error messages or anything odd in logs. 

From change log of UCSPI it seems, that patch which add this function is already applied.

Portage 2.1.1-r2 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.4-r4, 2.6.18-hardened i686)
=================================================================
System uname: 2.6.18-hardened i686 Intel(R) Xeon(TM) CPU 2.40GHz
Gentoo Base System release 1.12.6
Last Sync: Tue, 30 Jan 2007 02:30:02 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -mtune=pentium4 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo"
CXXFLAGS="-O2 -mtune=pentium4 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 Maildir alsa_cards_ali5451 alsa_cards_als4000 alsa_cards_atiixp alsa_cards_atiixp-modem alsa_cards_bt87x alsa_cards_ca0106 alsa_cards_cmipci alsa_cards_emu10k1x alsa_cards_ens1370 alsa_cards_ens1371 alsa_cards_es1938 alsa_cards_es1968 alsa_cards_fm801 alsa_cards_hda-intel alsa_cards_intel8x0 alsa_cards_intel8x0m alsa_cards_maestro3 alsa_cards_trident alsa_cards_usb-audio alsa_cards_via82xx alsa_cards_via82xx-modem alsa_cards_ymfpci alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol berkdb bitmap-fonts cli cracklib crypt dlloader dri elibc_glibc fortran gdbm gencertdaily gnutls gpm highvolume iconv input_devices_evdev input_devices_keyboard input_devices_mouse isdnlog kernel_linux lcd_devices_bayrad lcd_devices_cfontz lcd_devices_cfontz633 lcd_devices_glk lcd_devices_hd44780 lcd_devices_lb216 lcd_devices_lcdm001 lcd_devices_mtxorb lcd_devices_ncurses lcd_devices_text libg++ midi ncurses nls nptl nptlonly pam pcre perl perlsuid ppds pppd python qmail qmail-spp readline reflection session spl ssl tcpd tls tools truetype-fonts type1-fonts udev unicode userland_GNU video_cards_apm video_cards_ark video_cards_ati video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i740 video_cards_i810 video_cards_imstt video_cards_mga video_cards_neomagic video_cards_nsc video_cards_nv video_cards_rendition video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo xorg zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 1 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2007-01-30 19:16:45 UTC

In ucspi-tcp-0.88-r16, I dropped almost all of these custom patches. Because sooner or later this revision will be marked stable, you might want to use it already together with UCSPI_TCP_PATCH_DIR. Look into the ebuild's source on how to use it.

Comment 2 norbert kamenicky 2007-09-05 15:57:47 UTC

Quoted from ebuid:
ewarn "You enabled custom patches from ${UCSPI_TCP_PATCH_DIR}."
ewarn "Be warned that you won't get any support when using "
ewarn "this feature. You're on your own from now!"

Is it a joke ?  Isn't it agaist portage/gentoo philosophy ?
If everything is going to be "on my own", thank's
I am going to use another linux distro.

Comment 3 norbert kamenicky 2007-09-05 16:26:25 UTC

I tried to start tcpserver with "-C" switch using different patterns
directly in /services/qmail-smtp/run script, but no one worked.
(Still unlimited connections, until -c limit reached.)

Nevertheless I found one funny/weird thing ...
if I start tcpserver including  "-C a.b.c.d/32:1" switch (note semicolon),
which should allow only one incoming connection from ip a.b.c.d

I would expect, I find the switch in the output of this command:
ps -f `pgrep tcpserver` | cat
but found only  "-C a.b.c.d/32 1" - semicolon is stolen !
(I have to look inside the source code, to see, what's going on there.)

Comment 4 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2007-09-05 20:04:02 UTC

(In reply to comment #2)
> Is it a joke? 

No.

> Isn't it agaist portage/gentoo philosophy?

The other option would've been to completly leave this functionality out, in which case you'd have to hack around with /etc/portage/bashrc.

(In reply to comment #3)
> if I start tcpserver including  "-C a.b.c.d/32:1" switch (note semicolon),

There's no semicolon (;) in there. Do you mean a colon (:)?

Comment 5 Jakub Moc (RETIRED) gentoo-dev

2007-09-24 05:51:20 UTC

*** Bug 193579 has been marked as a duplicate of this bug. ***