From owner-freebsd-net@FreeBSD.ORG Thu May 8 04:05:52 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AA3F37B401 for ; Thu, 8 May 2003 04:05:52 -0700 (PDT) Received: from mailspool.ops.uunet.co.za (mailspool.ops.uunet.co.za [196.7.0.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95AFF43FA3 for ; Thu, 8 May 2003 04:05:48 -0700 (PDT) (envelope-from ianf@wcom.com) Received: from copernicus.so.cpt1.za.uu.net ([196.30.72.32]) by mailspool.ops.uunet.co.za with esmtp (Exim 3.36 #1) id 19DjDJ-000Jbm-00; Thu, 08 May 2003 13:05:25 +0200 Received: from localhost ([127.0.0.1] helo=wcom.com) by copernicus.so.cpt1.za.uu.net with esmtp (Exim 3.36 #1) id 19DjDH-000ARV-00; Thu, 08 May 2003 13:05:23 +0200 To: Lars =?iso-8859-1?Q?K=F6ller?= References: <200305051311.h45DBJq26003@rayadm.hrz.uni-bielefeld.de> From: "Ian Freislich" X-image-url: http://www.digs.iafrica.com/gallery/ian-small.gif X-BOFH: true X-LART: Depleted uranium X-No-Junk-Mail: I do not want to get *any* junk mail. You have been deleted Date: Thu, 08 May 2003 13:05:23 +0200 Message-ID: <40144.1052391923@wcom.com> Sender: ianf@wcom.com cc: freebsd-net@freebsd.org Subject: Re: Please, Urgent: Need ideas/help to solve PR bin/51586 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 May 2003 11:05:52 -0000 Lars =?iso-8859-1?Q?K=F6ller?= wrote: > -------- > > Dear experts, > > i've discussed the reported problem with our experts here at the = > computing center, and we don't have a clue for the problem reported in = > PR 51586. It seems that your problem relates to rshd using privileged ports to create the stderr socket back to the originating rsh client. The interesting log message is in the messages file of the server running the remote shell daemon: May 8 12:45:11 brane rshd[13988]: can't get stderr port: Can't assign requested address rresvport_af(3) returns this error because I suspect that it thinks this address is already in use, perhaps because the address/port pair is in TIME_WAIT, although I don't have time to test this suspicion and my network programming and protocol experience is not good enough to say this is the case outright without testing. It seems that this problem is further compounded by inetd terminating the shell service when one of the rshd programs it ran returns an exit status other than 0, which rshd does when it encounters this error. This simple patch to rshd.c (which is an unholy cludge until someone can fix the rresvport_af(3) function) makes rshd return an exit status of 0 on this particular error so at least inetd doesn't stop the service requiring a SIGHUP to restart it. You can then test the return status of your rsh ($?) for a value of 1 and 'select: protocol failure in circuit setup' on stderr and retry that test. (/usr/src/libexec/rshd, apply this, make and make install the patched rshd) --- rshd.c.orig Thu May 8 12:55:46 2003 +++ rshd.c Thu May 8 12:43:31 2003 @@ -296,7 +296,7 @@ s = rresvport_af(&lport, af); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); - exit(1); + exit(0); } if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { I know this is a horrible solution and shouldn't be committed, but at least you have a work-around so you can get your virus scanner farm up in the mean time while someone fixes this propperly. Ian