Opened 13 years ago

Closed 12 years ago

#100 closed Bug / Defect (notabug)

UDP sockets do not have the close on exec flag

Reported by: NickHibma Owned by:
Priority: major Milestone:
Component: Networking Version: OpenVPN 2.0.x (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

UDP sockets do not have the close on exec flag set (Dunno about TCP sockets). The flag is set, but too late.

I execute ntpdate in route-up script and it inherits the 1194 UDP port from openvpn. This is a major problem, as I first do ntpdate, then start the ntpd daemon (which also inherits port 1194) and openvpn fails to start afterwards.

Adding route-delay 1 to the config resolves the issue by delaying the route-up script until after do_init_socket_2() which sets the close-on-exec flag.

I think the close on exec flag should be set on all sockets right after the call to socket() or accept(), not much later.

Example where it goes wrong:

# /usr/local/etc/rc.d/openvpn start
Starting openvpn.
# sockstat | grep 94
root     ntpdate    8019  5  udp4   *:1194                *:*
root     openvpn    8010  5  udp4   *:1194                *:*
root     sh         8009  5  udp4   *:1194                *:*
...

Change History (2)

comment:1 Changed 13 years ago by David Sommerseth

Can you please try to reproduce this issue on the latest 2.2.0 release? We will not do any more development on the 2.0.x branch. But will take care of bugs in 2.2.x and newer versions.

comment:2 Changed 12 years ago by David Sommerseth

Resolution: notabug
Status: newclosed

Closing due to lack of response.

Note: See TracTickets for help on using tickets.