|
|
On Friday 14 January 2005 04:45, James Yonan wrote:
>
> I don't think you're doing anything wrong, but I would be curious why the
> kernel thinks the address is already in use on the rebind attempt.
>
> There's definitely an argument to be made that OpenVPN should stay bound
> to the socket for the life of the daemon instance, rather than rebinding
> on client disconnect.
>
I've done some testing:
1) I've tried to bind to a higher port 31103, same problem when I exit.
The openvpn daemon dies when run as nobody.
2) I then proceeded to create a perl script which binds to 1103, and did:
# sudo -u nobody /data/perl/server.pl 1103
/data/perl/server.pl 7305: server started on port 1103 at
Fri Jan 14 13:04:37 2005
This works fine: It manages to bind to port 1103 as user nobody.
3) I ran ktrace on the openvpn server, running the server as
user nobody and root, respectively. The openvpn systemcalls are:
Server run as 'nobody'
----------------------
ktrace from the server, as I exit from the management interface:
Openvpn daemon dies.
19664 openvpn GIO fd 1 wrote 48 bytes
"Fri Jan 14 13:17:59 2005 MANAGEMENT: CMD 'exit'
"
19664 openvpn RET write 48/0x30
19664 openvpn CALL gettimeofday(0x1ffff75b0,0)
19664 openvpn RET gettimeofday 0
19664 openvpn CALL gettimeofday(0x1ffff75f8,0)
19664 openvpn RET gettimeofday 0
19664 openvpn CALL write(0x1,0x1200e8000,0x39)
19664 openvpn GIO fd 1 wrote 57 bytes
"Fri Jan 14 13:17:59 2005 MANAGEMENT: Client disconnected
"
19664 openvpn RET write 57/0x39
19664 openvpn CALL close(0x9)
19664 openvpn RET close 0
19664 openvpn CALL socket(0x2,0x1,0x6)
19664 openvpn RET socket 4
19664 openvpn CALL setsockopt(0x4,0xffff,0x4,0x1ffff7690,0x4)
19664 openvpn RET setsockopt 0
19664 openvpn CALL bind(0x4,0x1200e2884,0x10)
19664 openvpn RET bind -1 errno 48 Address already in use
19664 openvpn CALL sigprocmask(0x1,0xffffffffffffffff)
19664 openvpn RET sigprocmask 0
Server run as 'root'
----------------------
ktrace from the server, as I exit from the management interface:
Openvpn daemon does not die.
19682 openvpn GIO fd 1 wrote 48 bytes
"Fri Jan 14 13:25:36 2005 MANAGEMENT: CMD 'exit'
"
19682 openvpn RET write 48/0x30
19682 openvpn CALL gettimeofday(0x1ffff70f0,0)
19682 openvpn RET gettimeofday 0
19682 openvpn CALL gettimeofday(0x1ffff7138,0)
19682 openvpn RET gettimeofday 0
19682 openvpn CALL write(0x1,0x1200e8000,0x39)
19682 openvpn GIO fd 1 wrote 57 bytes
"Fri Jan 14 13:25:36 2005 MANAGEMENT: Client disconnected
"
19682 openvpn RET write 57/0x39
19682 openvpn CALL close(0x9)
19682 openvpn RET close 0
19682 openvpn CALL socket(0x2,0x1,0x6)
19682 openvpn RET socket 4
19682 openvpn CALL setsockopt(0x4,0xffff,0x4,0x1ffff71d0,0x4)
19682 openvpn RET setsockopt 0
19682 openvpn CALL bind(0x4,0x1200e2884,0x10)
19682 openvpn RET bind 0
19682 openvpn CALL listen(0x4,0x1)
19682 openvpn RET listen 0
Could it be that 'root' somehow "own" the filedescriptors (or similar)
belonging to the socket ? So when nobody tries to re-bind, it fails.
Christian
|