[ previous ] [ next ] [ threads ]
 
 From:  Brian <belstsrv at nauticom dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Severe Problem with 1.2b1 HTTPS support
 Date:  Thu, 21 Oct 2004 11:35:40 -0400
Frederic BRET wrote:

> Hello
>
> So, it seems to be OK now. Following my idea that something was 
> limiting the creation of the processes, rather than simply killing 
> them, I looked at the scripts and guess one of the arguments of the 
> mini_httpd running on port 8001 (line 173 /etc/inc/captiveportal.inc) 
> ? -maxproc 16
> So if we cannot cure the way IE acts, perhaps we can change this 
> argument to lets say  ... 1000 ?
> I remade a boot image and tested... Now the https login panel is 
> accessed by an IE, a lot of mini_http are forked, but nothing dies and 
> login pannel appears a few seconds later.
>
> Here is the place to change the value in /etc/inc/captiveportal.inc :
>
>    ../..
>            fwrite($fd, "\n");
>            fwrite($fd, $key);
>            fclose($fd);
>                      mwexec("/usr/local/sbin/mini_httpd -S -a -M 0 -E 
> {$g['varetc_path']}/cert-portal.pem" .
>                " -u root -maxproc 1000 -p 8001" .                " -i 
> {$g['varrun_path']}/mini_httpd.cps.pid");
>        }
>                  /* start pruning process (interval = 60 seconds) */
>        mwexec("/usr/local/bin/minicron 60 
> {$g['varrun_path']}/minicron.pid " .
>    ../..
>
> perhaps a value of 1000 is way too big, I don't know. It's under the 
> maxprocperuid (sysctl -a). You need to try in your own environment.
>
> Happy evaluation !
>
> Fred
>
Perhaps this is something that could be made in to a parameter in m0n0?  
I am not sure of the logic of the 16 limitation, but it seems logical 
that something like this could/should be able to be changed.

Maybe someone on the dev team could respond?