From nobody Tue Oct 11 15:20:08 2022 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mmzx81lDHz4dgrN for ; Tue, 11 Oct 2022 15:20:12 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta001.cacentral1.a.cloudfilter.net (omta001.cacentral1.a.cloudfilter.net [3.97.99.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mmzx72vCCz3rlT; Tue, 11 Oct 2022 15:20:11 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from shw-obgw-4001a.ext.cloudfilter.net ([10.228.9.142]) by cmsmtp with ESMTP id iEeUo9v4GS8WriH3Coj7to; Tue, 11 Oct 2022 15:20:10 +0000 Received: from spqr.komquats.com ([70.66.148.124]) by cmsmtp with ESMTPA id iH3Bo5XjCkTFZiH3BoXUV2; Tue, 11 Oct 2022 15:20:10 +0000 X-Authority-Analysis: v=2.4 cv=D8dUl9dj c=1 sm=1 tr=0 ts=634589aa a=Cwc3rblV8FOMdVN/wOAqyQ==:117 a=Cwc3rblV8FOMdVN/wOAqyQ==:17 a=kj9zAlcOel0A:10 a=Qawa6l4ZSaYA:10 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=EkcXrb_YAAAA:8 a=Bubd1knBAAAA:8 a=i-eEhX_x-6sRyihZppMA:9 a=CjuIK1q_8ugA:10 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 a=LK5xJRSDVpKd5WXXoEvA:22 a=VLaXyT1Qoc4OCXc6HSlz:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id C65AE13D; Tue, 11 Oct 2022 08:20:08 -0700 (PDT) Received: by slippy.cwsent.com (Postfix, from userid 1000) id A0F43C5; Tue, 11 Oct 2022 08:20:08 -0700 (PDT) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Roger Marquis cc: freeBSD ports , Michael Grimm , "cy@freebsd.org" Subject: Re: security/py-fail2ban quits working after some hours In-reply-to: <9sso211q-1r13-5702-s8rp-4306qq9q1q39@mx.roble.com> References: <6EF1B25D-3121-4FA1-BF47-DCE1FFD64A5E@ellael.org> <20221010204219.4A3ED19F@slippy.cwsent.com> <20221011042427.78E0BD1@slippy.cwsent.com> <9sso211q-1r13-5702-s8rp-4306qq9q1q39@mx.roble.com> Comments: In-reply-to Roger Marquis message dated "Tue, 11 Oct 2022 06:34:23 -0700." List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 11 Oct 2022 08:20:08 -0700 Message-Id: <20221011152008.A0F43C5@slippy.cwsent.com> X-CMAE-Envelope: MS4xfMfhNSipF1Idf91eJQGtSjIpp2fmiyD1VVn5HJKXDW2OZZelg0loR9JZ7wlkl5YNipP6TH1siGzfqB8G4Y8J7Hi8zp6V+fxUwzOnYVnnhNO0cBJoZiVz Mo6UsVjWEvqzHNJXJMGWlOXBckNIshk43iIx+ms+g8nICKM5IKvxSj3g6Ie53c9YON2HQU271MVvnKqckb2FVZQAuN4oB2anL5CZrhjJ2emUuAvNFUS/YIww 5/mTfJpVEnKp+k41osian/4o5kyW3IK7z8JM7OSi18KBZc8fZ+V+fbIHW6J8ggLO X-Rspamd-Queue-Id: 4Mmzx72vCCz3rlT X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF policy when checking 3.97.99.32) smtp.mailfrom=cy.schubert@cschubert.com X-Spamd-Result: default: False [-1.70 / 15.00]; AUTH_NA(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.998]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[3.97.99.32:from]; FROM_HAS_DN(0.00)[]; R_SPF_NA(0.00)[no SPF record]; MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; DMARC_NA(0.00)[cschubert.com: no valid DMARC record]; REPLYTO_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_DN_SOME(0.00)[]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com] X-ThisMailContainsUnwantedMimeParts: N Seems he hasn't rolled a new release. Bug like this should have precipitated a new dot release. I'll keep monitoring his git repo. If there are any interesting commits, I may want to add a fail2ban-devel port tracking development. But so far it appears his repo has been inactive since 1.0.1 except for a testsuite bugfix and this bugfix. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0 In message <9sso211q-1r13-5702-s8rp-4306qq9q1q39@mx.roble.com>, Roger Marquis w rites: > Patch is working as intended here Cy. Good catch and thanks! > > Roger Marquis > > > > > > In message , Roger > > Marquis w > > rites: > >> Cy Schubert wrote: > >>> Michael Grimm writes: > >>>> this is a recent stable/13-n252672-2bd3dbe3dd6 running = > >>>> py39-fail2ban-1.0.1_2 and python39-3.9.14 > >>>> I have been running fail2ban for years now, but immediately after = > >>>> upgrading py39-fail2ban fron 0.11.2 to 1.0.1 the fail2ban-server will = > >>>> end up as a runaway process consuming all CPU time. This happens between > = > >>>> 4 to 24 hours after initial fail2ban-server startup. > >> > >> Am running fail2ban-1.0.1_2 and python38-3.8.14 did have a similar > >> startup issue. Could not use the 'service' command and had to restort > >> to 'kill -9' to stop. Fix for that was to delete /var/{run,db}/fail2ban/* > >> and restart. > >> > >> Still seeing relatively high CPU utilization compared to the previous > >> version though it rotates cores quickly. > >> > >> PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND > >> 67125 root 17 20 0 74M 12M uwait 8 23.7H 102.94% python3.8 > >> > >> Voluntary Context SWitches seem high compared to other processes though > >> have no previous benchmark to compare. > >> > >> PID USERNAME VCSW IVCSW READ WRITE FAULT TOTAL PERCENT COMMAND > >> 67125 root 5907 23 0 0 0 0 0.00% python3.8 > >> > >> Only reading from 5 logfiles; kernel is 12.3-RELEASE-p7; fail2ban built > >> from ports; truss reporting mostly "ERR#60 'Operation timed out'"... > >> > >> Roger Marquis > >> > > > > I've been able to reproduce the problem here. Please try the attached patch > > obtained from our upstream. It fixes a dovecot regression that crept into > > the latest release. > > > > > > > >