Date: Fri, 8 Jan 2021 20:58:22 +0300 From: Vasily Postnicov <shamaz.mazum@gmail.com> To: Mark Johnston <markj@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: DNS using Name Service Switch module and Casper Message-ID: <CADnZ6B=nFt-a-0CX=sCDnEM_CjnDQmiotyZ9L6q6jTZ0qJ-FVQ@mail.gmail.com> In-Reply-To: <CADnZ6Bm96bjJN5gcpCWiNKbNou3XvxZmCD2-YbX34%2B00L=UdPw@mail.gmail.com> References: <CADnZ6Bke=9%2B_pMc6rkbheNUWS-H6_X14%2Bf%2BWz5cfUCD=BTwk=g@mail.gmail.com> <X/R7Ahz8sz5v%2BoFa@raichu> <CADnZ6BmUJxVZx155j8opJKNsHJBE5mWz9D=MBE0Y_xu-kgOBfQ@mail.gmail.com> <X/h%2BJRmXmrOfmXBM@raichu> <CADnZ6Bm96bjJN5gcpCWiNKbNou3XvxZmCD2-YbX34%2B00L=UdPw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nevermind my last question. ZeroMQ is written on C++. Here is shown how you can execute everything with almost empty main. https://stackoverflow.com/questions/38717534/how-do-i-start-a-c-thread-at-p= rogram-startup For C the only way is to use __attribute__((constructor)) AFAIK =D0=BF=D1=82, 8 =D1=8F=D0=BD=D0=B2. 2021 =D0=B3., 20:17 Vasily Postnicov <s= hamaz.mazum@gmail.com>: > I have noticed that after I kill stuck ping, the process spawned with > cap_init() remains. I cannot even kill it with SIGKILL. This is the > output of procstat on such a process. > > > vasily 969 0.0 0.1 26428 6532 v0 I 22:43 0:00.00 ping > vonbraun.local > vasily 983 0.0 0.1 26428 6532 v0 I 22:43 0:00.00 ping > resurrected.local > vasily 1024 0.0 0.1 26428 6532 v0 I 22:49 0:00.00 ping > resurrected.local > vasily 1028 0.0 0.1 26428 6532 v0 I 22:49 0:00.00 ping > resurrected.local > root 1089 0.0 0.0 12976 2512 v1 S+ 22:58 0:00.01 grep pin= g > PID TID COMM TDNAME KSTACK > 1028 100579 ping - mi_switch+0x155 > sleepq_switch+0x109 sleepq_catch_signals+0x266 sleepq_wait_sig+0x9 > _sleep+0x2aa umtxq_sleep+0x19e do_lock_umutex+0x744 > __umtx_op_wait_umutex+0x49 sys__umtx_op+0x7a amd64_syscall+0x12e > fast_syscall_common+0xf8 > > I checked ZeroMQ on which my NSS module is based. It does not use > pthread_atfork(), but uses lots of other unusual pthread functions, > like pthread_setaffinity_np() or pthread_setschedparam(). Do not know > if it matters. Also I do not quite understand when the code in my > module is executed. It should be executed after the capsicumized > sandbox is created, should it not? And I got hang in the process of > creating the sandbox. So I do not understand how my code affects this > process :) > > > =D0=BF=D1=82, 8 =D1=8F=D0=BD=D0=B2. 2021 =D0=B3. =D0=B2 18:45, Mark Johns= ton <markj@freebsd.org>: > > > > On Wed, Jan 06, 2021 at 07:08:14PM +0300, Vasily Postnicov wrote: > > > That's what I found. > > > > > > At first, ping calls cap_init() in capdns_setup(). cap_init() forks a > > > process, then the parent returns and the child calls > casper_main_loop(). > > > The child and the parent both have a socket to communicate. > > > casper_main_loop() calls zygote_init() and that one blocks on fork(). > I do > > > not know how it could be. How can fork() block? > > > > Does you module somehow use pthread_atfork()? > > > > > The parent process later calls cap_service_open() and that function > calls > > > cap_xfer_nvlist(). Because the child process is stuck somewhere in > > > zygote_init() it never sends an nvlist back. So ping blocks. > > > > Can you show output from "procstat -kk <pid>" when this hang occurs? > > > > > All this is figured out by inserting printf()'s. LLDB refuses to run > ping > > > with 'error: Child exec failed'. > > > > Presumably it needs to be run as root since ping(8) is a setuid > > executable. > > > > > =D0=B2=D1=82, 5 =D1=8F=D0=BD=D0=B2. 2021 =D0=B3. =D0=B2 17:43, Mark J= ohnston <markj@freebsd.org>: > > > > > > > On Tue, Jan 05, 2021 at 10:02:37AM +0300, Vasily Postnicov wrote: > > > > > Hello. I wrote a simple daemon called ZeroDNS which provides > > > > functionality > > > > > similar to multicast DNS, namely it discovers other participating > > > > machines > > > > > over the LAN and stores their hostname and IPv4 address pairs. > > > > > > > > > > Here is a NSS module which allows the system to use information > from that > > > > > daemon: > > > > > https://github.com/shamazmazum/nss-zero-dns > > > > > > > > > > You need to modify /etc/nsswitch.conf, changing the line 'hosts: > files > > > > dns' > > > > > to 'hosts: files dns zerodns'. > > > > > > > > > > It all works on FreeBSD 12.2-RELEASE, but sometimes not on > 13.0-CURRENT. > > > > > For example, ping(8) just blocks when trying to ping a host whose > name is > > > > > resolvable with ZeroDNS. Turns out that programs built with caspe= r > > > > support > > > > > (like ping(8) and some others) stop working with my NSS module > (they just > > > > > block trying to resolve the name). > > > > > > > > Presumably it's the casper process (i.e., cap_dns) that uses your > > > > module? If the main ping process is blocked trying to resolve a > name, > > > > it's waiting for the cap_dns process - where exactly is it getting > > > > stuck? > > > > > > > > > Is there some kind of manual on how to write casper-compatible NS= S > > > > modules? > > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADnZ6B=nFt-a-0CX=sCDnEM_CjnDQmiotyZ9L6q6jTZ0qJ-FVQ>