Date: Thu, 8 Jan 2004 17:57:59 +0100 (CET) From: Bjoern Groenvall <bg@sics.se> To: FreeBSD-gnats-submit@FreeBSD.org Cc: bg@sics.se Subject: bin/61084: nfsd sometimes exits prematurely during port-scan Message-ID: <200401081657.i08Gvx5t020046@manian.sics.se> Resent-Message-ID: <200401081700.i08H0WOT058657@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 61084 >Category: bin >Synopsis: nfsd sometimes exits prematurely during port-scan >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 08 09:00:32 PST 2004 >Closed-Date: >Last-Modified: >Originator: Bjoern Groenvall >Release: FreeBSD 5.2-RC i386 >Organization: SICS >Environment: System: FreeBSD dim.sics.se 5.2-RC FreeBSD 5.2-RC #1: Fri Dec 19 16:32:35 CET 2003 root@dim.sics.se:/usr/src/sys/i386/compile/DIM i386 >Description: When an NFS server is port-scanned nfsd sometimes exits. This has happened 3 times the last few weeks. Nfsd has been written to exit when accept(2) fails. Unfortunately accept can sometimes make a "normal" return with errno ECONNABORTED and in this case nfsd exits prematurely (see below). Dec 22 16:25:59 dim kernel: Limiting closed port RST response from 363 to 200 packets/sec Dec 22 16:25:59 dim nfsd[417]: accept failed: Software caused connection abort Dec 22 16:26:00 dim kernel: Limiting closed port RST response from 215 to 200 packets/sec Dec 28 08:26:43 dim kernel: Limiting closed port RST response from 325 to 200 packets/sec Dec 28 08:26:43 dim nfsd[36538]: accept failed: Software caused connection abort Dec 28 08:26:45 dim kernel: Limiting closed port RST response from 431 to 200 packets/sec Jan 7 00:37:12 dim kernel: Limiting closed port RST response from 305 to 200 packets/sec Jan 7 00:37:12 dim nfsd[89133]: accept failed: Software caused connection abort Jan 7 00:37:14 dim kernel: Limiting closed port RST response from 371 to 200 packets/sec >How-To-Repeat: Unknown. Perhaps possible using a port-scan program of some sort. >Fix: This is a sample fix that also handles rare "normal" returns with errno EINTR. --- nfsd.c.orig Thu Jul 25 08:18:22 2002 +++ nfsd.c Wed Jan 7 18:02:18 2004 @@ -658,6 +658,8 @@ if (select(maxsock + 1, &ready, NULL, NULL, NULL) < 1) { syslog(LOG_ERR, "select failed: %m"); + if (errno == EINTR) + continue; nfsd_exit(1); } } @@ -668,6 +670,9 @@ if ((msgsock = accept(tcpsock, (struct sockaddr *)&inetpeer, &len)) < 0) { syslog(LOG_ERR, "accept failed: %m"); + if (errno == ECONNABORTED || + errno == EINTR) + continue; nfsd_exit(1); } memset(inetpeer.sin_zero, 0, @@ -688,6 +693,9 @@ &len)) < 0) { syslog(LOG_ERR, "accept failed: %m"); + if (errno == ECONNABORTED || + errno == EINTR) + continue; nfsd_exit(1); } if (setsockopt(msgsock, SOL_SOCKET, >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401081657.i08Gvx5t020046>