Date: Tue, 7 Mar 2006 17:43:37 -0500 From: Kris Kennaway <kris@obsecurity.org> To: Miguel Lopes Santos Ramos <miguel@anjos.strangled.net> Cc: kuriyama@imgsrc.co.jp, freebsd-stable@freebsd.org, kris@obsecurity.org Subject: Re: rpc.lockd brokenness (2) Message-ID: <20060307224337.GA28034@xor.obsecurity.org> In-Reply-To: <200603072204.k27M4kAo003069@compaq.anjos.strangled.net> References: <20060307211439.GA82113@xor.obsecurity.org> <200603072204.k27M4kAo003069@compaq.anjos.strangled.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 07, 2006 at 10:04:46PM +0000, Miguel Lopes Santos Ramos wrote: > > From: Kris Kennaway <kris@obsecurity.org> > > Subject: Re: rpc.lockd brokenness (2) > > > > > Ok. There are two versions: > > > http://mega.ist.utl.pt/~mlsr/nfs.dump > > > is the output of tcpdump -vvv host targa and udp port nfs > > > http://mega.ist.utl.pt/~mlsr/nfsx.dump > > > is the output of tcpdump -X -vvv host targa and udp port nfs > > > > Hmm, looks like you need -s 0 in addition to -X -vvv. >=20 > There. http://mega.ist.utl.pt/~mlsr/nfsxs.dump >=20 > I did just cron, instead of /etc/rc.d/cron start. It has much less garbag= e now. Thanks. Here is when pidfile_open() creates the file: 21:57:15.792751 IP (tos 0x0, ttl 64, id 10697, offset 0, flags [none], pro= to: UDP (17), length: 172) targa.anjos.strangled.net.1365908870 > ns1.anjos= .strangled.net.nfs: 144 create fh 1082,176026/1149552 "cron.pid" 0x0000: 4500 00ac 29c9 0000 4011 3a5d 0a00 011a E...)...@.:].... 0x0010: 0a00 0102 02ed 0801 0098 effb 516a 1d86 ............Qj.. 0x0020: 0000 0000 0000 0002 0001 86a3 0000 0002 ................ 0x0030: 0000 0009 0000 0001 0000 001c 0000 0000 ................ 0x0040: 0000 0000 0000 0000 0000 0000 0000 0002 ................ 0x0050: 0000 0000 0000 0005 0000 0000 0000 0000 ................ 0x0060: 9aaf a243 6dc5 8ae9 0c00 0000 708a 1100 ...Cm.......p... 0x0070: d586 7301 0000 0000 0000 0000 0000 0000 ..s............. 0x0080: 0000 0008 6372 6f6e 2e70 6964 0000 8180 ....cron.pid.... 0x0090: ffff ffff ffff ffff 0000 0000 ffff ffff ................ 0x00a0: ffff ffff ffff ffff ffff ffff ............ 21:57:15.793111 IP (tos 0x0, ttl 64, id 7899, offset 0, flags [none], prot= o: UDP (17), length: 156) ns1.anjos.strangled.net.nfs > targa.anjos.strangl= ed.net.1365908870: reply ok 128 create fh 1082,176026/1149685 REG 100600 id= s 0/0 sz 0 nlink 1 rdev 0 fsid 82 nodeid 118af5 a/m/ctime 1141768635.000000= 1141768635.000000 1141768635.000000 0x0000: 4500 009c 1edb 0000 4011 455b 0a00 0102 E.......@.E[.... 0x0010: 0a00 011a 0801 02ed 0088 5407 516a 1d86 ..........T.Qj.. 0x0020: 0000 0001 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0000 0000 0000 9aaf a243 6dc5 8ae9 ...........Cm... 0x0040: 0c00 0000 f58a 1100 34eb 3f5c 0000 0000 ........4.?\.... 0x0050: 0000 0000 0000 0000 0000 0001 0000 8180 ................ 0x0060: 0000 0001 0000 0000 0000 0000 0000 0000 ................ 0x0070: 0000 8000 0000 0000 0000 0000 0000 0082 ................ 0x0080: 0011 8af5 440e 01bb 0000 0000 440e 01bb ....D.......D... 0x0090: 0000 0000 440e 01bb 0000 0000 ....D....... It runs fstat() on it: 21:57:15.793314 IP (tos 0x0, ttl 64, id 10698, offset 0, flags [none], pro= to: UDP (17), length: 128) targa.anjos.strangled.net.1365908871 > ns1.anjos= .strangled.net.nfs: 100 getattr fh 1082,176026/1149685 0x0000: 4500 0080 29ca 0000 4011 3a88 0a00 011a E...)...@.:..... 0x0010: 0a00 0102 02ed 0801 006c 2bd9 516a 1d87 .........l+.Qj.. 0x0020: 0000 0000 0000 0002 0001 86a3 0000 0002 ................ 0x0030: 0000 0001 0000 0001 0000 001c 0000 0000 ................ 0x0040: 0000 0000 0000 0000 0000 0000 0000 0002 ................ 0x0050: 0000 0000 0000 0005 0000 0000 0000 0000 ................ 0x0060: 9aaf a243 6dc5 8ae9 0c00 0000 f58a 1100 ...Cm........... 0x0070: 34eb 3f5c 0000 0000 0000 0000 0000 0000 4.?\............ 21:57:15.793456 IP (tos 0x0, ttl 64, id 7900, offset 0, flags [none], prot= o: UDP (17), length: 124) ns1.anjos.strangled.net.nfs > targa.anjos.strangl= ed.net.1365908871: reply ok 96 getattr REG 100600 ids 0/0 sz 0 0x0000: 4500 007c 1edc 0000 4011 457a 0a00 0102 E..|....@.Ez.... 0x0010: 0a00 011a 0801 02ed 0068 10bb 516a 1d87 .........h..Qj.. 0x0020: 0000 0001 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0000 0000 0000 0000 0001 0000 8180 ................ 0x0040: 0000 0001 0000 0000 0000 0000 0000 0000 ................ 0x0050: 0000 8000 0000 0000 0000 0000 0000 0082 ................ 0x0060: 0011 8af5 440e 01bb 0000 0000 440e 01bb ....D.......D... 0x0070: 0000 0000 440e 01bb 0000 0000 ....D....... and returns to cron. Cron is supposed to daemonize and then write to the p= idfile: } else { if (daemon(1, 0) =3D=3D -1) { pidfile_remove(pfh); log_it("CRON",getpid(),"DEATH","can't become daemon= "); exit(0); } } pidfile_write(pfh); but there's no evidence in the trace that it ever tries to write. Can you also obtain a ktrace -i dump from cron? Kris --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (FreeBSD) iD8DBQFEDgyZWry0BWjoQKURArWOAJ4lVRQ+IhO/X6EOQU8QTO+AFae1CwCeKgZR ZlFUrNrfP3TKh/MQ2YxE5DY= =QX3N -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060307224337.GA28034>