New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug/leakybucket: poor design causing excessive & unnecessary load, stuck sending event #1519
Comments
Hello, can you try to upgrade to the latest version and see if this behavior still happen ? |
Makes no difference, the |
Hello, While adding buffered channel or waiting on time might seem a good idea at first, it is going to have a lot of undesirable side effects. |
What are the side effects and what context do you want? |
I have posted the auth.log to the discourse post |
Was the cause of the problem identified? If not why was the issue closed? |
Apparently making 300,000 attempts to do something simple is a non-issue according to @buixor 😱 |
Describe the bug
I was looking into an ssh attack and noticed many log lines like below in crowdsec. On looking at the code producing the log lines (for this blog post) it seems a poor design in PourItemToBucket.
There is a tight loop (no sleeps) that will repeat until an event is sent. This sometimes takes 300,000 attempts and more than a second.
It appears the intention was that the loop would block on a select call waiting for an event to happen. But this doesn't appear to be working. It seems there shouldn't be multiple select calls because you can wait on several events with a single select.
Either that or the loop needs a 100msec sleep to eliminate the unnecessary load.
time="03-05-2022 07:47:52" level=warning msg="stuck for 1.2835585s sending event to ff28ee5fb2ff72db65d783775f08425420084ca5 (sigclosed:0 keymiss:1 failed_sent:299998 attempts:300000)" cfg=crimson-paper file=/etc/crowdsec/scenarios/ssh-bf.yaml name=crowdsecurity/ssh-bf_user-enum
To Reproduce
Steps to reproduce the behavior:
Expected behavior
One or two failed loop attempts at most
Technical Information (please complete the following information):
The text was updated successfully, but these errors were encountered: