From owner-freebsd-questions@FreeBSD.ORG Tue Jan 28 04:54:23 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 738A0528 for ; Tue, 28 Jan 2014 04:54:23 +0000 (UTC) Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123]) by mx1.freebsd.org (Postfix) with ESMTP id B73721694 for ; Tue, 28 Jan 2014 04:54:22 +0000 (UTC) Received: from [10.0.1.4] (static-71-177-216-148.lsanca.fios.verizon.net [71.177.216.148]) (authenticated bits=0) by zoom.lafn.org (8.14.7/8.14.2) with ESMTP id s0S4sEBf000290 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 27 Jan 2014 20:54:18 -0800 (PST) (envelope-from bc979@lafn.org) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: TCP Port Capture From: Doug Hardie In-Reply-To: <20140128005911.GA31430@neutralgood.org> Date: Mon, 27 Jan 2014 20:54:14 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <995B2B03-C742-4FF9-82FE-3D0EDA8529D2@lafn.org> <20140128005911.GA31430@neutralgood.org> To: kpneal@pobox.com X-Mailer: Apple Mail (2.1510) X-Virus-Scanned: clamav-milter 0.98 at zoom.lafn.org X-Virus-Status: Clean Cc: freebsd-questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jan 2014 04:54:23 -0000 On 27 January 2014, at 16:59, kpneal@pobox.com wrote: > On Mon, Jan 27, 2014 at 01:41:32AM -0800, Doug Hardie wrote: >> I have a process that is occasionally giving me a situation that I = don't understand. It listens to a well-known port and processes = requests received on that report. It does return data to the calling = system. When a request is received, a child process is created that = actually does most of the work. The child process uses another process = via a pipe during the processing to obtain some data it uses. >>=20 >> Occasionally, the main process exits with nothing logged. I suspect = its doing an exit, but thats just a guess at this time. Some of the = time (fairly infrequently), the main process cannot be restarted. The = process at the end of the pipe is now shown as having the port open. = lsof shows that. If I restart that process, then the main process can = be restarted properly. >>=20 >> Why would the process at the end of the pipe end up being attached to = the port? Unfortunately, the system always seems to be quiet (no = requests in process) when this happens so nothing is logged by any = process. Normally I have a monitoring process that detects the main = process being gone and restarts it. But that doesn't work when the port = is held by the final process. >=20 > It sounds like the process at the end of the pipe has inherited the = network > ports that are open in the parent at the time the process is created. >=20 > When using fork() the child process has all the same open files = (including > network connections and ports) as the parent. And after using one of = the > exec family of functions the child process _still_ has all the open = files > it had before the exec. >=20 > Good housekeeping is in order when creating child processes. Before = doing > the exec of the program at the end of the pipe that process should = close > all files that are not needed by the pipe-writing-program. That appears to be a reasonable explanation. I don't know if I have = access to all the source, but I will see if I can trace that out. = Thanks.