From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id CIrpJECS52JjHwAAbAwnHQ (envelope-from ) for ; Mon, 01 Aug 2022 10:43:44 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id wNbzJECS52JTFgEA9RJhRA (envelope-from ) for ; Mon, 01 Aug 2022 10:43:44 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 2789EE999 for ; Mon, 1 Aug 2022 10:43:44 +0200 (CEST) Received: from localhost ([::1]:44916 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oIR1a-00018h-Ik for larch@yhetil.org; Mon, 01 Aug 2022 04:43:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59026) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIQy2-0006sg-DD for bug-guix@gnu.org; Mon, 01 Aug 2022 04:40:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:49477) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oIQy2-00031z-4J for bug-guix@gnu.org; Mon, 01 Aug 2022 04:40:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oIQy1-0000L7-VP for bug-guix@gnu.org; Mon, 01 Aug 2022 04:40:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#56866: [Shepherd] inetd connections not correctly counted? Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 01 Aug 2022 08:40:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 56866 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 56866@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16593431941281 (code B ref -1); Mon, 01 Aug 2022 08:40:01 +0000 Received: (at submit) by debbugs.gnu.org; 1 Aug 2022 08:39:54 +0000 Received: from localhost ([127.0.0.1]:39226 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIQxt-0000KZ-LP for submit@debbugs.gnu.org; Mon, 01 Aug 2022 04:39:54 -0400 Received: from lists.gnu.org ([209.51.188.17]:56426) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIQxs-0000KQ-5A for submit@debbugs.gnu.org; Mon, 01 Aug 2022 04:39:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58994) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIQxr-0006iX-S7 for bug-guix@gnu.org; Mon, 01 Aug 2022 04:39:51 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45470) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIQxr-00030x-I3 for bug-guix@gnu.org; Mon, 01 Aug 2022 04:39:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=CVTN6diY9+x/Y7kJi1xEmRkjDl2abVtYptuIhPc6y7Q=; b=IUwDR0tQH9sIAf AouBiWoMrqeIY/IgiyvmBM3a2QgdlO2vFl5hwTgD5fZC5Pk84zNcrQYSTcV8jj6pcpqMpC5DBVRJy i7b5AlVuYdpX/EJRvACVTuDZThsytwjO6DMgDDhX3JFAGNAUlLLngbSSRCoxg1ZKKyt9EBUpo4FIa +VIxRwy/o/aMDGB08/4dlcvAMWfTZ3eAXPvrpSegygvqv6XmTUnkh/VxKMY9KhMKOroevyW3q0AaY t0PiN+C28VY1DzW/eBzq/Hwu+6+fTIR/VZjCBmzRSCIlA/55lMinRY2jD7wzoGIbwyllU3Gvho1Ru GWjVUd/O2ZZ0L0u7+cpg==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=54450 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIQxr-0002Jd-4D for bug-guix@gnu.org; Mon, 01 Aug 2022 04:39:51 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 14 Thermidor an 230 de la =?UTF-8?Q?R=C3=A9volution, ?= jour du Basilic X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 01 Aug 2022 10:39:47 +0200 Message-ID: <87bkt42w8c.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1659343424; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe: list-post:dkim-signature; bh=CVTN6diY9+x/Y7kJi1xEmRkjDl2abVtYptuIhPc6y7Q=; b=fKko1FxS6dUbbvE4HSIHBiPb3cHBiSPEipTe7UQGtY9B6tM+xneFSixFSTVfPofKraIpjS lM25Bc8HymIewa33QalwMGICNpnlCIeWP2WqUhQYk5w0rdo+YhZ9XChWlVX5FcxzCa5tKB yy9lPZRuL7e/9s6uAWh6tyWy2iEMElLJdrMDmRjNiFtITZy+k6HLLBYjlsMe68Ps2BpjRv inyPU6mQmUmnONARlsyNLoSLWrNxjDOfN/+oQ5LEj9IO1FzQYO+hW/2GkUiOwGAPADGcHF pWKiXiI7mWGh/GOooczjv9me+3BowVbML5EYuxaphj9uKWMdCn+OVhmTVXf0yA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1659343424; a=rsa-sha256; cv=none; b=lo0PZQ2ENJjNZ8Gh5LhyeIleLhq0tz7K/zEnITujqNRybgBc5TnS8FguFuOe5w1IIjgio2 kRBsnFWy0R+6RbQtYlNWpYUb8132VctDZd5Du0nu1Y7jVVC2XMRDDXg6NSvI4w2DYgXxCV S5I00higNWWCewGdAZOl+1ZJEaHqumlnTKucSpR/mKmI+prLWfBsGtJdgjio7RCehtoEgI Csweug9Y/XXmICxhG7ofAWgbwthWwfs5NmXCT/3F6WQRJWJExpEfVpkgSSzJ6nNig+iarY krf4ocWI/m8si1bg3o58qb2p3HU9txy7IPOLwoaDHfeftkga/yqltDa4sQWLeQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=IUwDR0tQ; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -0.92 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=IUwDR0tQ; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 2789EE999 X-Spam-Score: -0.92 X-Migadu-Scanner: scn0.migadu.com X-TUID: Ok56PgbmQ3mp --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, We recently experienced a bug on berlin.guix where we=E2=80=99d be locked o= ut of SSH access because shepherd (0.9.1) would say that the maximum connection number on the sshd inetd service had been reached. That threshold is a feature (see =E2=80=98max-connections=E2=80=99 in ) but there=E2=80=99s a possibility in this case tha= t a bug in =E2=80=98make-inetd-constructor=E2=80=99 or thereabout led it to get= a wrong idea of the number of active connections. Unfortunately, we lack syslogs that would give us info about the time where inetd connections started accumulating=C2=B9. I tried to come up with a scenario that could lead to that problem with the test below, to no avail. If you=E2=80=99ve experienced something simil= ar, or if you noticed that =E2=80=98sshd-*=E2=80=99 services have accumulated o= n a server of yours, please let us know! Thanks, Ludo=E2=80=99. =C2=B9 That, in turn, was a bug in the rottlog default config, fixed in e5a6900baf758a12024283171bf45f2fe90121ee. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/tests/inetd.sh b/tests/inetd.sh index 0301b68..894ce98 100644 --- a/tests/inetd.sh +++ b/tests/inetd.sh @@ -77,6 +77,15 @@ cat > "$conf" < + #:provides '(test-inetd-fail) + #:start (make-inetd-constructor '("$(type -P false)") + (list + (endpoint (make-socket-address + AF_INET + INADDR_LOOPBACK + $PORT)))) #:stop (make-inetd-destructor))) (start 'test-inetd) @@ -95,6 +104,11 @@ file_descriptor_count () ls -l /proc/$shepherd_pid/fd/[0-9]* | wc -l } +# Trigger startup of the finalizer thread, which creates a couple of pipes. +# That way, those extra file descriptors won't influence the comparison with +# INITIAL_FD_COUNT done at the end. +$herd eval root '(gc)' + initial_fd_count=$(file_descriptor_count) $herd status test-inetd | grep started @@ -203,3 +217,16 @@ $herd status # At this point, shepherd should have INITIAL_FD_COUNT - 1 file descriptors # opened. test $(file_descriptor_count) -lt $initial_fd_count + +# Now test a service that fails as soon as it's passed an incoming connection. +$herd start test-inetd-fail +for i in $(seq 1 10) +do + $herd status + test $($herd status | grep '\+' | wc -l) -eq 2 + ! converse_with_echo_server \ + "(make-socket-address AF_INET INADDR_LOOPBACK $PORT)" +done + +$herd stop test-inetd-unix +test $(file_descriptor_count) -lt $initial_fd_count --=-=-=--