Re: bin/59645: inetd `rate-limiting' algorithm is stupid

["Taylor R Campbell via gnats" <gnats-admin%NetBSD.org@localhost>]

The following reply was made to PR bin/59645; it has been noted by GNATS.

From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Cc: Michael van Elst <mlelstv%NetBSD.org@localhost>
Subject: Re: bin/59645: inetd `rate-limiting' algorithm is stupid
Date: Fri, 13 Feb 2026 03:32:45 +0000

 Looks like a couple months ago mlelstv implemented a concurrency limit
 like I suggested.  It would be really nice if this had some tests and
 pullup-11 so we can put an end to the stupid self-inflicted catatonia
 in TNF's own deployments of inetd(8) for public- or CDN-facing
 services.
 
 
 Module Name:    src
 Committed By:   mlelstv
 Date:           Sat Dec 27 08:06:38 UTC 2025
 
 Modified Files:
         src/usr.sbin/inetd: inetd.8 inetd.c inetd.h parse.c parse_v2.c
 
 Log Message:
 Add an optional accept limit to stream/nowait services.
 
 Old syntax:
 
            socket-type[,accept-max][:accept-filter]
 
 New syntax adds the option:
 
      accept_max    Equivalent to accept-max in positional notation.
 
 accept_max is a positive integer. inetd will stop accepting new
 connections for a service, when the number of running and
 waited for instances reaches that number. Further connection
 attempts will be queued by the kernel and eventually time
 out.
 
 The limit acts in parallel to the wait maximum (default 40). If
 you want more than 40 instances being spawned, you also need to
 adjust the wait maximum to a higher value.
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.68 -r1.69 src/usr.sbin/inetd/inetd.8
 cvs rdiff -u -r1.141 -r1.142 src/usr.sbin/inetd/inetd.c
 cvs rdiff -u -r1.7 -r1.8 src/usr.sbin/inetd/inetd.h \
     src/usr.sbin/inetd/parse_v2.c
 cvs rdiff -u -r1.5 -r1.6 src/usr.sbin/inetd/parse.c
 
 https://mail-index.netbsd.org/source-changes/2025/12/27/msg159755.html