<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Currently in all releases of tac_plus there is the possibility to leak file descriptors due to how accept() calls are handled. This should only impact versions where both v4 and v6 listeners exist or some
other setup where multiple listeners are being utilized.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
If you are using both ipv4 and ipv6 bound and you get a v4 and v6 request at the same time the for loop will accept both before hitting the fork call to handle the request. This results in one of the requests being properly handled and closed but the other
open descriptor will be orphaned and remain in close_wait status indefinitely, ultimately leading to hitting the open file limit and stopping all further requests from being processed.<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">This can be seen in the trace below… both fd 11 and 12 are accepted, but only fd 12 is closed since newsockfd is reassigned before anything is done with fd 11.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
poll([{fd=4, events=POLLIN|POLLERR|POLLHUP|POLLNVAL}, {fd=5, events=POLLIN|POLLERR|POLLHUP|POLLNVAL}], 2, 180000) = 2 ([{fd=4, revents=POLLIN}, {fd=5, revents=POLLIN}])<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">accept(4, {sa_family=AF_INET, sin_port=htons(41359), sin_addr=inet_addr("172.16.4.5")}, [16]) = 11<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">accept(5, {sa_family=AF_INET6, sin6_port=htons(47166), inet_pton(AF_INET6, "2601:600:9f80:3073::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 12<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f2760df0a50) = 3420565<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">close(12) = 0<br>
poll([{fd=4, events=POLLIN|POLLERR|POLLHUP|POLLNVAL}, {fd=5, events=POLLIN|POLLERR|POLLHUP|POLLNVAL}], 2, 180000) = 1 ([{fd=4, revents=POLLIN}])<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I temporarily got around this by checking newsockfd after accept, and if it is valid (>=0) breaking out of the loop to fully process that request before checking for more. This really isn’t ideal as in theory
you could block all requests on the other sockets from being processed if the first socket always has connections pending, but it works for the interim.<br>
<br>
Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">-jj<o:p></o:p></span></p>
</div>
</body>
</html>