bin/58566: inetd spawn limits deny service unnecessarily aggressively

[campbell+netbsd%mumble.net@localhost]

>Number:         58566
>Category:       bin
>Synopsis:       inetd spawn limits deny service unnecessarily aggressively
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 10 12:50:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10
>Organization:
The InetBSD Connectiontimedoutation
>Environment:
>Description:
In inetd.conf you can request a spawn limit, like:

http		stream	tcp	nowait:600	_httpd	/usr/libexec/httpd	httpd /var/www

This is documented to limit the maximum number of server instances that may be spawned per minute.  But it goes farther than that:

     The wait/nowait entry is used to tell inetd if it should wait for the
     server program to return, or continue processing connections on the
     socket.  [...]                                  The optional "max" suffix
     (separated from "wait" or "nowait" by a dot or a colon) specifies the
     maximum number of server instances that may be spawned from inetd within
     an interval of 60 seconds.  When omitted, "max" defaults to 40.  If it
     reaches this maximum spawn rate, inetd will log the problem (via the
     syslogger using the LOG_DAEMON facility and LOG_ERR level) and stop
     handling the specific service for ten minutes.

This means making 601 connections in one minute renders the service inaccessible for ten minutes!
>How-To-Repeat:
download too many packages from ftp.netbsd.org, or browse too many files in the source tree published there
>Fix:
Yes, please!

Instead of cutting off the service for ten minutes, inetd should probably use a token bucket rate limiter so that within any minute, it only serves 600 connections and delays the 601st, but in the next minute serves that one and continues.