Opened 14 months ago

Last modified 13 days ago

#1207 new Bug / Defect

error handling in --inetd mode can caused a tight loop

Reported by: Gert Döring Owned by:
Priority: major Milestone: release 2.6
Component: Networking Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

there seems to be a race somewhere in the --inetd socket handling - I think it might be "if the client connection for whatever reason fails before accept() is called, we enter a loop". Maybe triggerable by adding a sleep() before the accept, haven't tried.

The loop looks like this:

messages-20190728.gz:Jul 26 21:24:27 gentoo openvpn[20393]: TCP: getpeername() failed: Transport endpoint is not connected (errno=107)
messages-20190728.gz:Jul 26 21:24:27 gentoo openvpn[20393]: TCP: accept(3) failed: Transport endpoint is not connected (errno=107)
messages-20190728.gz:Jul 26 21:24:28 gentoo openvpn[20393]: TCP: getpeername() failed: Transport endpoint is not connected (errno=107)
messages-20190728.gz:Jul 26 21:24:28 gentoo openvpn[20393]: TCP: accept(3) failed: Transport endpoint is not connected (errno=107)
messages-20190728.gz:Jul 26 21:24:29 gentoo openvpn[20393]: TCP: getpeername() failed: Transport endpoint is not connected (errno=107)
messages-20190728.gz:Jul 26 21:24:29 gentoo openvpn[20393]: TCP: accept(3) failed: Transport endpoint is not connected (errno=107)
messages-20190728.gz:Jul 26 21:24:30 gentoo openvpn[20393]: TCP: getpeername() failed: Transport endpoint is not connected (errno=107)
messages-20190728.gz:Jul 26 21:24:30 gentoo openvpn[20393]: TCP: accept(3) failed: Transport endpoint is not connected (errno=107)

I assume this is master and 2.4 - it was observed in master.

Change History (1)

comment:1 Changed 13 days ago by Gert Döring

Milestone: release 2.5release 2.6

It's not trivial to reproduce - if the socket is closed before openvpn starts up (insert a sleep(5) in a wrapper script, kill the client in between) openvpn logs

Sep  8 12:40:20 gentoo openvpn[23963]: TCP connection established with [AF_INET6]2001:608:4::ce:c0f:43882
Sep  8 12:40:20 gentoo openvpn[23963]: TCP_SERVER link local: [inetd]
Sep  8 12:40:20 gentoo openvpn[23963]: TCP_SERVER link remote: [AF_INET6]2001:608:4::ce:c0f:43882
Sep  8 12:40:20 gentoo openvpn[23963]: Connection reset, inetd/xinetd exit [0]

Even if sleep(5)'ing inside phase2_inetd(), this is not triggering.

If it happens, it's most annoying (because openvpn will never recover, the socket_listen_accept() function has no error-exit on accept() failure).

Revisit eventually...

Note: See TracTickets for help on using tickets.