mod_measure_process: Report the enforced limit
The soft limit is what the kernel actually enforces, while the hard
limit is is how far you can change the soft limit without privileges.
Unless the process dynamically adjusts the soft limit, knowing the hard
limit is not as useful as knowing the soft limit.
Reporting the soft limit and the number of in-use FDs allows placing
alerts on expressions like 'process_open_fds / process_max_fds >= 0.95'
local st = require "util.stanza";
local whitelist = module:get_option_inherited_set("s2s_whitelist", {});
module:hook("route/remote", function (event)
if not whitelist:contains(event.to_host) then
module:send(st.error_reply(event.stanza, "cancel", "not-allowed", "Communication with this domain is restricted"));
return true;
end
end, 100);
module:hook("s2s-stream-features", function (event)
if not whitelist:contains(event.origin.from_host) then
event.origin:close({
condition = "policy-violation";
text = "Communication with this domain is restricted";
});
end
end, 1000);