Re: [exim] RFC1413 (ident), TCP Reset & Alarm

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Stephen Gran
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] RFC1413 (ident), TCP Reset & Alarm
On Fri, Jul 27, 2007 at 05:11:40PM +0200, Sander Smeenk said:
> Hi,
>
> Why is it that Exim4 (4.60) still waits for an alarm() to occur when a
> connection to ident has been rejected with a RST? At least, that is what
> seems to happen.


That doesn't look like what is happening to me.

> My nagios box rejects ident connections with a TCP RST packet, which
> results in a 'Connection refused'. This is the best way to block ident
> calls, but Exim still waits for something after connecting and receiving
> the connection refused according to this strace retrieved from 'strace
> -tt -ff -p $pid', the relevant part:


alarm() returns the number of seconds remaining until any previously
scheduled alarm was due to be delivered, or zero if there was no
previously scheduled alarm.

> | 16:55:05.340088 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
> | 16:55:05.340280 bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("213.136.0.191")}, 16) = 0
> | 16:55:05.340361 alarm(15)           = 0


Set an alarm for 15 seconds from now, no previously scheduled alarm.

> | 16:55:05.340467 connect(3, {sa_family=AF_INET, sin_port=htons(113), sin_addr=inet_addr("213.136.12.136")}, 16) = -1 ECONNREFUSED
> | 16:55:14.344961 alarm(0)            = 6


Cancellation of alarm, tells us that there were 6 seconds left. I don't
know why it pauses for 9 seconds after getting ECONNREFUSED before
noticing, though.

> | 16:55:14.345043 close(3)            = 0
> | 16:55:14.345108 close(3)            = -1 EBADF (Bad file descriptor)

>
> Hmm. This might be better for exim-dev?


Perhaps.

On Fri, Jul 27, 2007 at 04:52:59PM +0100, Dave Evans said:
> On Fri, Jul 27, 2007 at 05:11:40PM +0200, Sander Smeenk wrote:
> > Hi,
> >
> > Why is it that Exim4 (4.60) still waits for an alarm() to occur when a
> > connection to ident has been rejected with a RST? At least, that is what
> > seems to happen.
>
> Are you sure your box is receiving, and not firewalling out, the RST packet?


It looks that way - the connect() call gets ECONNREFUSED.
--
--------------------------------------------------------------------------
|  Stephen Gran                  | If voting could change the system, it   |
|  steve@???             | would be illegal.  If not voting could  |
|  http://www.lobefin.net/~steve | change the system, it would be illegal. |

--------------------------------------------------------------------------