As I know, tcp port in 'time_wait' stat cann't be used. However, in my experiment, server reuses the 'time_wait' port? Why?
Firstly, in client machine, type command ehco 40000 40001 > /proc/sys/net/ipv4/ip_local_port_range. So, the maximum number of TCP ports is 2.
server code
while (1) {
int len = sizeof(struct sockaddr);
fd = accept(sfd, &remote, &len);
read(fd, buf, sizeof(buf));
close(fd);
}
client code
for (i = 0; i < 3; i++)
{
sleep(1);
pid_t pid = fork();
if (pid == 0)
{
handler();
exit(0);
}
}
void handler()
{
* ............. */
res = connect(sfd, result->ai_addr, result->ai_addrlen);
if (res == -1) {
perror("error");
exit(1);
}
printf("connect\n");
}
show
[root#livecd ~]# ./client
connect
[root#livecd ~]# connect
connect
It's up to 3 connections. I think, 2 connections at most. Why ?
server has 2 timewait connections.
[root#livecd ~]# netstat -anp | grep TIME
tcp 192.168.88.131:2016 192.168.88.132:40000 TIME_WAIT
tcp 192.168.88.131:2016 192.168.88.132:40001 TIME_WAIT
Environment
Linux livecd.centos 2.6.32-642.el6.i686 #1 SMP Tue May 10 16:13:51 UTC 2016
server config
[root#livecd ~]# cat /proc/sys/net/ipv4/tcp_fin_timeout
60
[root#livecd ~]# cat /proc/sys/net/ipv4/tcp_tw_recycle
0
[root#livecd ~]# cat /proc/sys/net/ipv4/tcp_tw_reuse
0
client config
[root#livecd ~]# cat /proc/sys/net/ipv4/ip_local_port_range
40000 40001
Important
I also try ubuntu server 14.04, but got the same result.
Related
I am trying to deploy a meteor Application, But I am receiving this error message on the Verifying Deployment section with the following error message -
------------------------------------STDERR------------------------------------
: (7) Failed to connect to 172.17.0.2 port 3000: Connection refused
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (7) Failed to connect to 172.17.0.2 port 3000: Connection refused
=> Logs:
=> Setting node version
NODE_VERSION=14.17.4
v14.17.4 is already installed.
Now using node v14.17.4 (npm v6.14.14)
default -> 14.17.4 (-> v14.17.4 *)
=> Starting meteor app on port 3000
=> Redeploying previous version of the app
When I do the sudo netstat -tulpn | grep LISTEN in the server it shows this
tcp 0 0 10.0.3.1:53 0.0.0.0:* LISTEN 609/dnsmasq
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 406/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 745/sshd: /usr/sbin
tcp6 0 0 :::22 :::* LISTEN 745/sshd: /usr/sbin
When I run sudo docker ps i receive the following message -
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e51b1b4bf3a3 mup-appName:latest "/bin/sh -c 'exec $M…" About an hour ago Restarting (1) 49 seconds ago appName
68b723183f3d mongo:3.4.1 "/entrypoint.sh mong…" 9 days ago Restarting (100) 9 seconds ago mongodb
In my firewall i have also opened the Port 3000
If I check the Docker is running it seems like there is no docker running!!
Also in my mup.js file I am using http and not https
module.exports = {
servers: {
one: {
host: 'xx.xx.xxx.xxx',
username: 'ubuntu',
pem: '/home/runner/.ssh/id_rsa'
}
},
meteor: {
name: 'appName',
path: '../../',
docker: {
image: 'zodern/meteor:latest',
},
servers: {
one: {}
},
buildOptions: {
serverOnly: true
},
env: {
PORT: 3000,
ROOT_URL: 'http://dev-api.appName.com/',
NODE_ENV: 'production',
MAIL_URL: 'smtp://xxxx:xxx/eLPCB3nw3jubkq:#email-smtp.eu-north-1.amazonaws.com:587',
MONGO_URL: 'mongodb+srv://xxx:xx#xxx.iiitd.mongodb.net/Development?retryWrites=true&w=majority'
},
deployCheckWaitTime: 15
}
proxy: {
domains: 'dev.xxx.com',
ssl: {
letsEncryptEmail: 'info#xxx.com'
}
}
}
Any idea what might cause this issue?
I don't know why, but in the MUP docs the correct image name is zodern/meteor:root
If your app is slow to start, increase the deployCheckWaitTime . In my complex apps I put 600, just to ensure the app is up.
I am no able to execute the radtest command and i cant figure out what the issue it i keep getting the error :
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=82, length=20
here is the execution:
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=75, length=20
root#localhost:/etc/freeradius# radtest testing password 127.0.0.1 0 testing123
Sending Access-Request of id 82 to 127.0.0.1 port 1812
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=82, length=20
here is the debug output:
+group authorize {
++[preprocess] = ok
++policy rewrite_calling_station_id {
+++? if (Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
(Attribute Calling-Station-Id was not found)
? Evaluating (Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) -> FALSE
+++? if (Calling-Station-Id =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) -> FALSE
+++else else {
++++[noop] = noop
+++} # else else = noop
++} # policy rewrite_calling_station_id = noop
[authorized_macs] expand: %{Calling-Station-ID} ->
++[authorized_macs] = noop
++? if (!ok)
? Evaluating !(ok) -> TRUE
++? if (!ok) -> TRUE
++if (!ok) {
+++[reject] = reject
++} # if (!ok) = reject
+} # group authorize = reject
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+group REJECT {
[eap] Request didn't contain an EAP-Message, not inserting EAP-Failure
++[eap] = noop
[attr_filter.access_reject] expand: %{User-Name} -> testing
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 82 to 127.0.0.1 port 55664
Waking up in 4.9 seconds.
Cleaning up request 2 ID 82 with timestamp +269
Ready to process requests.
this is my users:
testing Cleartext-Password := "password"
Setup
I currently have two NFS servers. And the plan is that they mirror their data to each other in realtime using DRBD and monitor each other using heartbeat.
This is my current /etc/drbd.d/t0.res config.
resource t0 {
protocol C;
incon-degr-cmd "halt -f";
startup {
degr-wfc-timeout 120; # 2 minutes.
}
disk {
on-io-error detach;
}
net {
}
syncer {
rate 10M;
group 1;
al-extents 257;
}
on node1 {
device /dev/drbd0;
disk /dev/loop0;
address 172.16.2.101:7788;
meta-disk internal;
}
on node2 {
device /dev/drbd0;
disk /dev/loop0;
address 172.16.2.102:7788;
meta-disk internal;
}
}
Error
When I try to use a drbdadm command I get the following error:
drbd.d/contentserver.res:4: Parse error: 'protocol | on | disk | net | syncer | startup | handlers | ignore-on | stacked-on-top-of' expected,
but got 'incon-degr-cmd' (TK 282)
I believe your resource file should read like this:
resource t0 {
protocol C;
pri-on-incon-degr "halt -f";
startup {
degr-wfc-timeout 120; # 2 minutes.
}
disk {
on-io-error detach;
}
net {
}
syncer {
rate 10M;
group 1;
al-extents 257;
}
on node1 {
device /dev/drbd0;
disk /dev/loop0;
address 172.16.2.101:7788;
meta-disk internal;
}
on node2 {
device /dev/drbd0;
disk /dev/loop0;
address 172.16.2.102:7788;
meta-disk internal;
}
}
I built a Linux kernel with CONFIG_IP_MULTICAST=y,however no UDP multicast package received in this kernel while UDP unicast works well.
ethtool -S eth0 | grep multicast
txmulticastframes_g: 0
txmulticastframes_gb: 0
rxmulticastframes_g: 0
Any hints how can I solve this problem?
Thx. Forrest G
=================================================================================
Additional:
tcpdump can get the packet
root#JHI # ./tcpdump port 3702
device eth0 entered promiscuous mode
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
-7:-48:-19.4151 IP 192.168.42.212.3702 > 239.255.255.250.3702: UDP, length 787
-7:-48:-19.4661 IP 192.168.42.212.3702 > 239.255.255.250.3702: UDP, length 803
^C
2 packets captured
2 padevice eth0 left promiscuous mode
ckets received by filter
0 packets dropped by kernel
I write this WS-devicediscovery function with gSOAP. It works on X86 machine. When running on ARM device, it can send out igmp packet but not receive anything.
void wsdd()
{
struct soap *soap_udp;
struct ip_mreq mreq;
soap_udp=soap_new();
soap_init1(soap_udp, SOAP_IO_UDP|SOAP_IO_FLUSH);
if (!soap_valid_socket(soap_bind(soap_udp, NULL, 3702, 100)))
{
soap_print_fault(soap_udp, stderr);
}
mreq.imr_multiaddr.s_addr = inet_addr("239.255.255.250");
mreq.imr_interface.s_addr = htonl(INADDR_ANY);
if(setsockopt(soap_ud->master,IPPROTO_IP,IP_ADD_MEMBERSHIP,&mreq,sizeof(mreq))==-1) {
perror("membership error\n");
}
int loop = 1;
int sock_opt = 1;
if ((setsockopt(soap_udp->master, SOL_SOCKET, SO_REUSEADDR, (void *) &sock_opt,
sizeof (sock_opt))) == -1) {
printf("setsockopt\n");
}
if ((setsockopt(soap_udp->master, IPPROTO_IP, IP_MULTICAST_LOOP,
&loop, sizeof (loop))) == -1) {
printf("setsockopt\n");
}
while(1){
soap_accept(soap_udp);
soap_serve(soap_udp);
soap_end(soap_udp);
}
}
Then I have tried these things but still not work
route add -net 224.0.0.0 netmask 240.0.0.0 eth0
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
Problem solved by changing..
ifconfig eth0 promisc
Can anyone explain the principle?
i am trying to run this script , and it shows no tcp connections any ideas? OS: centos 6.3
#! /usr/bin/env stap
probe begin {
printf("%6s %16s %6s %6s %16s\n",
"UID", "CMD", "PID", "PORT", "IP_SOURCE")
}
probe kernel.function("tcp_accept").return?,
kernel.function("inet_csk_accept").return? {
sock = $return
if (sock != 0)
printf("%6d %16s %6d %6d %16s\n", uid(), execname(), pid(),
inet_get_local_port(sock), inet_get_ip_source(sock))
}
OUTPUT:
[root#server src]# ./tcp_con.stp
Missing separate debuginfos, use: debuginfo-install kernel-2.6.32-279.1.1.el6.centos.plus.x86_64
UID CMD PID PORT IP_SOURCE
Follow systemtap's advice and install kernel-debuginfo.
The question marks after both kernel.function() probes let stap quietly drop both of those.