Чашки - Возможные DDoS и Broken Pipe (errno = 32) - PullRequest
Новая
       12

Чашки - Возможные DDoS и Broken Pipe (errno = 32)

0 голосов
/ 19 февраля 2020

Я использую сервер чашек на IPPS с действующим сертификатом Letsencrypt. В последние месяцы это работало хорошо для клиентов с разными ОС (Win7-10, Ma c, Linux)

Все они используют один и тот же универсальный драйвер Post Script.

Для однако в последние несколько дней у меня есть клиент, который открывает много соединений (пример журнала ниже), запускающий мой MaxClientsPerHost 80 Limit. С одного IP / клиента открывается около 2-5 соединений в секунду.

В результате, когда клиенты пытаются печатать, это происходит с большой задержкой.

Мы попытались переустановить клиентская машина / драйверы. Удаление и повторное добавление принтера, но безрезультатно.

Обширное исследование Google не дало никаких намеков на то, почему это происходит.

Так что в надежде найти кого-то с подобной проблемой / глубокими чашками Знание я публикую свою конфигурацию ниже.

Изменить для конфигурации принтера / Информация

  • Принтер работает на Debian 10.
  • Используется cups-pdf как принтер, обернутый tea4cups - он выведет простой .ps файл
  • Требуется аутентификация, которая правильно настроена и работает на клиенте
  • Это не имеет значения, если в очереди уже есть задания
  • Все клиенты используют один и тот же драйвер

Любые советы приветствуются.

Соответствующая ошибка Строка: (из журнала ниже) 

cupsdReadClient: error=32, used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=0, request=(nil)(), file=-1

Пример журнала 

D [19/Feb/2020:12:43:18 +0100] [Client 29] Server address is "YYY.YYY.YYY.YYY".
D [19/Feb/2020:12:43:18 +0100] [Client 29] Accepted from XXX.XXX.XXX.XXX:63298 (IPv4)
D [19/Feb/2020:12:43:18 +0100] [Client 29] Waiting for request.
d [19/Feb/2020:12:43:18 +0100] [Client 29] cupsdReadClient: error=0, used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=0, request=(nil)(), file=-1
d [19/Feb/2020:12:43:18 +0100] [Client 29] Saw first byte 16, auto-negotiating SSL/TLS session.
D [19/Feb/2020:12:43:18 +0100] [Client 29] Connection now encrypted.
d [19/Feb/2020:12:43:18 +0100] [Client 29] cupsdReadClient: error=0, used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=0, request=(nil)(), file=-1
D [19/Feb/2020:12:43:18 +0100] [Client 29] POST /printers/PDF HTTP/1.1
D [19/Feb/2020:12:43:18 +0100] [Client 29] Read: status=200, state=6
d [19/Feb/2020:12:43:18 +0100] [Client 29] con->uri="/printers/PDF", con->best=0x55dfb097b7b0(/printers)
D [19/Feb/2020:12:43:18 +0100] [Client 29] No authentication data provided.
D [19/Feb/2020:12:43:18 +0100] [Client 29] 1.0 Get-Printer-Attributes 11
D [19/Feb/2020:12:43:18 +0100] [Client 29] Returning IPP successful-ok for Get-Printer-Attributes (https://example.com:632/printers/PDF) from XXX.XXX.XXX.XXX.
D [19/Feb/2020:12:43:18 +0100] [Client 29] Content-Length: 9508
D [19/Feb/2020:12:43:18 +0100] [Client 29] cupsdSendHeader: code=200, type="application/ipp", auth_type=0
D [19/Feb/2020:12:43:18 +0100] [Client 29] con->http=0x55dfb0b445a0
D [19/Feb/2020:12:43:18 +0100] [Client 29] cupsdWriteClient error=0, used=0, state=HTTP_STATE_POST_SEND, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=9508, response=0x55dfb0b549c0(IPP_STATE_DATA), pipe_pid=0, file=-1
D [19/Feb/2020:12:43:18 +0100] [Client 29] Writing IPP response, ipp_state=IPP_STATE_DATA, old wused=0, new wused=0
D [19/Feb/2020:12:43:18 +0100] [Client 29] bytes=0, http_state=0, data_remaining=9508
D [19/Feb/2020:12:43:18 +0100] [Client 29] Flushing write buffer.
D [19/Feb/2020:12:43:18 +0100] [Client 29] New state is HTTP_STATE_WAITING
D [19/Feb/2020:12:43:18 +0100] [Client 29] Waiting for request.
d [19/Feb/2020:12:43:18 +0100] [Client 29] cupsdReadClient: error=0, used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=0, request=(nil)(), file=-1
D [19/Feb/2020:12:43:18 +0100] [Client 29] POST /printers/PDF HTTP/1.1
D [19/Feb/2020:12:43:18 +0100] [Client 29] Read: status=200, state=6
d [19/Feb/2020:12:43:18 +0100] [Client 29] con->uri="/printers/PDF", con->best=0x55dfb097b7b0(/printers)
D [19/Feb/2020:12:43:18 +0100] [Client 29] No authentication data provided.
D [19/Feb/2020:12:43:18 +0100] [Client 29] 1.0 Get-Printer-Attributes 11
D [19/Feb/2020:12:43:18 +0100] [Client 29] Returning IPP successful-ok for Get-Printer-Attributes (https://example.com:632/printers/PDF) from XXX.XXX.XXX.XXX.
D [19/Feb/2020:12:43:18 +0100] [Client 29] Content-Length: 9508
D [19/Feb/2020:12:43:18 +0100] [Client 29] cupsdSendHeader: code=200, type="application/ipp", auth_type=0
D [19/Feb/2020:12:43:18 +0100] [Client 29] con->http=0x55dfb0b445a0
D [19/Feb/2020:12:43:18 +0100] [Client 29] cupsdWriteClient error=0, used=0, state=HTTP_STATE_POST_SEND, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=9508, response=0x55dfb0b3bbb0(IPP_STATE_DATA), pipe_pid=0, file=-1
D [19/Feb/2020:12:43:18 +0100] [Client 29] Writing IPP response, ipp_state=IPP_STATE_DATA, old wused=0, new wused=0
D [19/Feb/2020:12:43:18 +0100] [Client 29] bytes=0, http_state=0, data_remaining=9508
D [19/Feb/2020:12:43:18 +0100] [Client 29] Flushing write buffer.
D [19/Feb/2020:12:43:18 +0100] [Client 29] New state is HTTP_STATE_WAITING
D [19/Feb/2020:12:43:18 +0100] [Client 29] Waiting for request.
d [19/Feb/2020:12:44:27 +0100] [Client 29] cupsdReadClient: error=0, used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=0, request=(nil)(), file=-1
D [19/Feb/2020:12:44:27 +0100] [Client 29] HTTP_STATE_WAITING Closing for error 32 (Broken pipe)
D [19/Feb/2020:12:44:27 +0100] [Client 29] Closing connection.
D [19/Feb/2020:12:44:27 +0100] [Client 29] Waiting for socket close.
d [19/Feb/2020:12:44:27 +0100] [Client 29] cupsdReadClient: error=32, used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=0, request=(nil)(), file=-1
D [19/Feb/2020:12:44:27 +0100] [Client 29] Closing on EOF.
D [19/Feb/2020:12:44:27 +0100] [Client 29] Closing connection.

lpstat -v 

scheduler is running
no system default destination
device for PDF: tea4cups://
PDF accepting requests since Mi 20 Nov 2019 15:45:13 CET
printer PDF is idle.  enabled since Mi 20 Nov 2019 15:45:13 CET

cupsd.conf 

LogLevel warn
PageLogFormat
MaxLogSize 0

# Allow remote access
Port 632

MaxClients 400
MaxClientsPerHost 80

# Share local printers on the local network.
Browsing On
BrowseLocalProtocols dnssd
BrowseWebIF No

DefaultAuthType Basic
DefaultEncryption Required

WebInterface No

HostNameLookups On

ServerName example.com

<Location />
AuthType None
Encryption Required
# Allow shared printing...
Order allow,deny
Allow all
</Location>
<Location /printers>
AuthType None
Encryption Required
Order allow,deny
Allow all
</Location>
<Location /admin>
AuthType Basic
Require user @OWNER @SYSTEM @print_admins
Order allow,deny
Allow all
</Location>
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM @print_admins marc
Order allow,deny
Allow all
</Location>
<Location /admin/log>
AuthType Default
Require user @SYSTEM @print_admins marc
Order allow,deny
</Location>
<Policy authenticated>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Get-Notifications Send-Document Release-Job Validate-Job>
    AuthType Basic
    Require user @OWNER @SYSTEM @print_admins @print_users
    Order deny,allow
    Allow all
    Allow localhost
  </Limit>
  <Limit Send-URI Hold-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Basic
    Require user @OWNER @SYSTEM @print_admins @print_users
    Order deny,allow
    Allow all
    Allow localhost
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM @print_admins
    Order deny,allow
    Allow all
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM @print_admins
    Order deny,allow
    Allow all
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM @print_admins @print_users
    Order deny,allow
    Allow all
  </Limit>
  <Limit All>
    AuthType None
    Order deny,allow
    Allow all
  </Limit>
</Policy>

printers.conf 

# Printer configuration file for CUPS v2.2.10
# Written by cupsd
# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
<Printer PDF>
UUID urn:uuid:bb8eef67-3503-1234-1234-1234546464
Info PDF
MakeModel Generic CUPS-PDF Printer (w/ options)
#DeviceURI cups-pdf:/
DeviceURI tea4cups://
State Idle
StateTime 1574261113
ConfigTime 1551802733
Type 12644428
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
AllowUser @print_admins
AllowUser @print_users
OpPolicy authenticated
ErrorPolicy abort-job
</Printer>
...