Mar 14 2008

apache 2 internal dummy connection

Category: 技术ssmax @ 22:54:17

这几天mima的机器经常死,看了一下apache的log,发现很多::1的请求

 ::1 – – [13/Mar/2008:23:59:02 +0800] “GET /” 400 460 “-” “-”

看不懂,到apache 的userlist里面问了一下,原来是::1是ipv6的本机表示,真实out了,ipv6都不知道。。。

然后就用tcpdump看了一下

tcpdump -A -s0 -i any tcp src host ::1

发现了请求内容,原来是。。。Apache internal dummy connection。。。汗啊汗,开头我还以为linux中木马了。。。

google了一下,官方没有找到什么说明,找到一个blog有写一点

http://vdachev.net/blog/2007/02/01/apache-internal-dummy-connection/ 

I Google’d for “(internal dummy connection)”. There were only a few results explaining what was really happening… many of them were rumors. I found an entry in Yenya’s blog with the same issue. It suggested this is a replacement in Apache 2.x of sending signals to its processes as signals are not available on all platforms. This means during graceful restart, instead a SIGUSR1 to be sent to all child processes, a subrequest is made. The CodeSearch results seem to confirm this. Now, let’s say my server is running ~100 processes and I change anything in my configuration. Would this mean ~100 subrequest at a time ? Yeah, this would be an overhead (over- an already loaded server’s -head) ! Oh, my web servers is being gracefully reloaded each time a log is rotated… ~50 times.  

It seems this feature exists in the whole 2.x series so a downgrade to 2.0 would not solve this issue. It’s just in versions prior to 2.2.0 there was no indication of such internal requests. Some people proposed switching to Worker MPM. However people say that on 2.6.x boxes (my case) Prefork MPM runs faster. Additionally, PHP is not thread-safe by default (the Worker MPM is thread based) and it should be compiled with Zend Thread Safety libraries (–enable-experimental-zts). I don’t think it’s worth… It would be great if there was a way to switch back to the old behaviour on platforms that support it… it’s odd otherwise. Now I’ve disabled the logging for the default website and I’ve left mod_redirect (as I don’t think Apache would follow redirects internally).

P.S.: I suppose signals are also used to terminate a child then the number of request reaches MaxRequestsPerChild, so I experimentaly disabled this limit as it’s used to protect the system from any memory leaks in child processes. However, I haven’t noticed any by now. I hope this will decrease the number of signals sent to the child processes. Let’s check this out…

大概就是一种新的内部通信机制,代替了发进程信号,好像是2.0就开始有了,但是2.2没有从log中过滤,不知道有什么影响,在官方的buglist上面看到好像2.2.6有点问题,tmd服务器刚好就是2.2.6,下周顺便升级了丫的。。。


Mar 14 2008

还是ip统计。。。

Category: 技术ssmax @ 09:55:29

昨晚小汪子过来,看见偶统计ip的程序,说。。。其实一行就可以做到了。。。

cat access_log|awk ‘{print $1}’|sort |uniq -c|sort -nr

 狂晕ing,对linux命令还是不熟悉啊。。。