Error When Packet Dies
Sign in Pricing Blog Support Search GitHub This repository Watch 561 Star 9,038 Fork 1,270 influxdata/influxdb Code Issues 407 Pull requests 36 Projects 0 Wiki Pulse Graphs New issue Send a huge Collectd packet and InfluxDB dies (MaxPacketSize) #1231 Closed ymettier opened this Issue Dec 15, 2014 · 11 comments Projects None yet Labels None yet Milestone Longer term Assignees No one assigned 5 participants ymettier commented Dec 15, 2014 Hello, Here is how to crash InfluxDB with Collectd input plugin enabled 1/ Configure InfluxDB with Collectd Input plugin # Configure the collectd api [input_plugins.collectd] enabled = true address = "0.0.0.0" # If not set, is actually set to bind-address. port = 25826 database = "collectd" # types.db can be found in a collectd installation or on github: # https://github.com/collectd/collectd/blob/master/src/types.db # typesdb = "/usr/share/collectd/types.db" # The path to the collectd types.db file typesdb = "/usr/share/collectd/types.db" 2/ Configure Collectd normally Configure Collectd with MaxPacketSize unset or set to 1452. 3/ Run InfluxDB and Collectd Yeah, it's working. Metrics are coming and are stored normally in the DB. Thanks you all, you are doing a wonderful job... :) 4/ Reconfigure Collectd network plugin In Collectd configuration file, in the network plugin section, set MaxSize to a bigger value than the default
*buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen); ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags); Description The system calls send(), sendto(), and sendmsg() are used to transmit a message to another socket. The send() call may be used only when the socket is in a connected state (so that the intended recipient is known). The only difference between send() and write(2) is the presence of flags. With a zero flags argument, send() is equivalent to write(2). Also, the following call send(sockfd, buf, len, flags); is equivalent to sendto(sockfd, buf, len, flags, NULL, 0); The https://github.com/influxdata/influxdb/issues/1231 argument sockfd is the file descriptor of the sending socket. If sendto() is used on a connection-mode (SOCK_STREAM, SOCK_SEQPACKET) socket, the arguments dest_addr and addrlen are ignored (and the error EISCONN may be returned when they are not NULL and 0), and the error ENOTCONN is returned when the socket was not actually connected. Otherwise, the address of the target is given by dest_addr with addrlen specifying https://linux.die.net/man/2/send its size. For sendmsg(), the address of the target is given by msg.msg_name, with msg.msg_namelen specifying its size. For send() and sendto(), the message is found in buf and has length len. For sendmsg(), the message is pointed to by the elements of the array msg.msg_iov. The sendmsg() call also allows sending ancillary data (also known as control information). If the message is too long to pass atomically through the underlying protocol, the error EMSGSIZE is returned, and the message is not transmitted. No indication of failure to deliver is implicit in a send(). Locally detected errors are indicated by a return value of -1. When the message does not fit into the send buffer of the socket, send() normally blocks, unless the socket has been placed in nonblocking I/O mode. In nonblocking mode it would fail with the error EAGAIN or EWOULDBLOCK in this case. The select(2) call may be used to determine when it is possible to send more data. The flags argument is the bitwise OR of zero or more of the following flags. MSG_CONFIRM (Since Linux 2.3.15) Tell the link layer that forward progress happened: you got a successful reply from the other side. If
flooding it with traffic (effectively a DDoS attack) or violating the server's access policy or the NTP rules of engagement. One incident was branded NTP vandalism in an open letter from Poul-Henning Kamp to the https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse router manufacturer D-Link in 2006.[1] This term has later been extended by others to retroactively include other incidents. There is, however, no evidence that any of these problems are deliberate vandalism. They are more usually caused by shortsighted or poorly chosen default configurations. A deliberate form of NTP server abuse came to note at the end of 2013, when NTP servers were used as part of amplification denial-of-service attacks. Some NTP servers error when would respond to a single "monlist" UDP request packet, with packets describing up to 600 associations. By using a request with a spoofed IP address attackers could direct an amplified stream of packets at a network. This resulted in one of the largest distributed denial-of-service attacks known at the time.[2][3] Contents 1 Common NTP client problems 2 Notable cases 2.1 Tardis and Trinity College, Dublin 2.2 NETGEAR and the University of Wisconsin–Madison 2.3 error when packet SMC and CSIRO 2.4 D-Link and Poul-Henning Kamp 2.5 swisstime.ethz.ch and the Providers 3 Technical solutions 4 References 5 External links Common NTP client problems[edit] The most troublesome problems have involved NTP server addresses hardcoded in the firmware of consumer networking devices. As major manufacturers produce hundreds of thousands of devices and since most customers never upgrade the firmware, any problems will persist for as long as the devices are in service. One particularly common software error is to generate query packets at short (less than five second) intervals until a response is received. When such an implementation finds itself behind a packet filter that refuses to pass the incoming response, this results in a never-ending stream of requests to the NTP server. Such grossly over-eager clients (particularly those polling once per second) commonly make up more than 50% of the traffic of public NTP servers, despite being a minuscule fraction of the total clients. While it is reasonable to send a few initial packets at short intervals, it is essential for the health of any connectionless network that unacknowledged packets be generated at exponentially decreasing rates. This applies to any connectionless protocol, and many portions of connection-based protocols. Examples can be found in the TCP specification for connection establishment, zero-window probing, and keepalive t