LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* Hung Port
@ 2007-01-17 15:54 Lawrence MacIntyre
  2007-01-17 16:56 ` Jan Engelhardt
  0 siblings, 1 reply; 3+ messages in thread
From: Lawrence MacIntyre @ 2007-01-17 15:54 UTC (permalink / raw)
  To: linux-kernel

Last week I had a port (TCP:52557) that was mysteriously unavailable on
my ubuntu machine (running kernel 2.6.15-27-k7 #1 SMP PREEMPT).  If you
tried to bind to it, it was unavailable.  However, nmap (both to
localhost and from an external host) reported the port closed.  fuser,
lsof, and netstat had no record of the port being used.  Our firewall
logs didn't show any unusual traffic to the machine.  Nor did they show
any traffic at all to/from that port on the machine.  After checking
everything I could think of, I rebooted it, and there were no ports that
were unavailable in this way when it came back up.  This morning another
hung port has appeared (TCP:43355).  My best guess is that this is an
ephemeral port that has somehow gotten hung in the kernel somewhere.
Has anyone seen anything like this and/or is there anything else I could
look at to figure it out?
-- 
  Lawrence MacIntyre   865.574.8696   macintyrelp@ornl.gov
                Oak Ridge National Laboratory
Cyber Security and Information Infrastructure Research Group

Protect your digital freedom and privacy, eliminate DRM.
Learn more at http://www.defectivebydesign.org/what_is_drm

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Hung Port
  2007-01-17 15:54 Hung Port Lawrence MacIntyre
@ 2007-01-17 16:56 ` Jan Engelhardt
  2007-01-17 17:39   ` Lawrence MacIntyre
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Engelhardt @ 2007-01-17 16:56 UTC (permalink / raw)
  To: Lawrence MacIntyre; +Cc: linux-kernel


>Last week I had a port (TCP:52557) that was mysteriously unavailable on
>my ubuntu machine (running kernel 2.6.15-27-k7 #1 SMP PREEMPT).  If you
>tried to bind to it, it was unavailable.  However, nmap (both to
>localhost and from an external host) reported the port closed.  fuser,
>lsof, and netstat had no record of the port being used.

Did your application forgot to set SO_REUSEADDR?

>  Our firewall
>logs didn't show any unusual traffic to the machine.  Nor did they show
>any traffic at all to/from that port on the machine.  After checking
>everything I could think of, I rebooted it, and there were no ports that
>were unavailable in this way when it came back up.  This morning another
>hung port has appeared (TCP:43355).  My best guess is that this is an
>ephemeral port that has somehow gotten hung in the kernel somewhere.
>Has anyone seen anything like this and/or is there anything else I could
>look at to figure it out?

	-`J'
-- 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Hung Port
  2007-01-17 16:56 ` Jan Engelhardt
@ 2007-01-17 17:39   ` Lawrence MacIntyre
  0 siblings, 0 replies; 3+ messages in thread
From: Lawrence MacIntyre @ 2007-01-17 17:39 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: linux-kernel

If that was the case, would the port not show up in TIME_WAIT state?
Also, the kernel should only hold a closed socket in TIME_WAIT state for
2 minutes or so.  These hung ports stay around until the machine is
rebooted.

This one time, at band camp, Jan Engelhardt wrote:
>> Last week I had a port (TCP:52557) that was mysteriously unavailable on
>> my ubuntu machine (running kernel 2.6.15-27-k7 #1 SMP PREEMPT).  If you
>> tried to bind to it, it was unavailable.  However, nmap (both to
>> localhost and from an external host) reported the port closed.  fuser,
>> lsof, and netstat had no record of the port being used.
> 
> Did your application forgot to set SO_REUSEADDR?
> 
>>  Our firewall
>> logs didn't show any unusual traffic to the machine.  Nor did they show
>> any traffic at all to/from that port on the machine.  After checking
>> everything I could think of, I rebooted it, and there were no ports that
>> were unavailable in this way when it came back up.  This morning another
>> hung port has appeared (TCP:43355).  My best guess is that this is an
>> ephemeral port that has somehow gotten hung in the kernel somewhere.
>> Has anyone seen anything like this and/or is there anything else I could
>> look at to figure it out?
> 
> 	-`J'

-- 
  Lawrence MacIntyre   865.574.8696   macintyrelp@ornl.gov
                Oak Ridge National Laboratory
Cyber Security and Information Infrastructure Research Group

Protect your digital freedom and privacy, eliminate DRM.
Learn more at http://www.defectivebydesign.org/what_is_drm

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2007-01-17 17:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-01-17 15:54 Hung Port Lawrence MacIntyre
2007-01-17 16:56 ` Jan Engelhardt
2007-01-17 17:39   ` Lawrence MacIntyre

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).