[hobbit] bug report on 4.1.2p1

Henrik Stoerner henrik at hswn.dk
Thu Mar 9 23:01:19 CET 2006


On Thu, Mar 09, 2006 at 02:49:55PM +0100, Olivier Beau wrote:
> Hi Henrik,
> 
> Doing content checks on "large" web pages (13M) disturbs hobbitd;
> in the log : "Data flooding from 10.33.254.87, closing connection"
> causing a bunch of network checks to go purple..

This is really a safety/security thing to avoid hobbitd consuming all 
of memory. Since hobbitd keeps everything in memory, it would be too 
easy to launch a denial-of-service attack by just flooding it with data.

> That url did 13M because of a big tomcat dump... and we (sysadmin) don't
> controls the size of the webpages...

I hope your developers weren't forced to explain every bit of that dump :-)

> Do you have a work arround for this ?

Try the attached patch for the network test tool. It limits the amount
of content data that is sent across to 1 MB, but the content check
itself is performed on the full amount of data.

Untested, but fairly simple so I would expect it to work.


Regards,
Henrik

-------------- next part --------------
--- bbnet/bbtest-net.h	2005/12/29 16:18:42	1.34
+++ bbnet/bbtest-net.h	2006/03/09 21:55:07
@@ -17,6 +17,8 @@
 #define STATUS_CONTENTMATCH_FAILED 902
 #define STATUS_CONTENTMATCH_BADREGEX 903
 
+#define MAX_CONTENT_DATA (1024*1024)	/* 1 MB should be enough for most */
+
 /*
  * Structure of the bbtest-net in-memory records
  *
--- bbnet/httpresult.c	2005/12/29 16:19:20	1.19
+++ bbnet/httpresult.c	2006/03/09 21:54:18
@@ -429,6 +429,12 @@
 		xfree(msgline);
 
 		if (req->output) {
+			/* Dont flood hobbitd with data */
+			if (req->outlen > MAX_CONTENT_DATA) {
+				*(req->output + MAX_CONTENT_DATA) = '\0';
+				req->outlen = MAX_CONTENT_DATA;
+			}
+
 			if ( (req->contenttype && (strncasecmp(req->contenttype, "text/html", 9) == 0)) ||
 			     (strncasecmp(req->output, "<html", 5) == 0) ) {
 				char *bodystart = NULL;


More information about the Xymon mailing list