Bug#367716: quagga: file descriptors not closed when spawning processes (!)

Wed, 17 May 2006 15:02:46 -0700 

Package: openvpn
Version: 2.0.6-1
Severity: important

Hi,

I noticed the following on my system:

[EMAIL PROTECTED]:~# lsof -ni |grep 1199
zebra     11348   quagga    6u  IPv4 1833114       UDP *:1199
ospfd     11352   quagga    6u  IPv4 1833114       UDP *:1199
openvpn   11354     root    6u  IPv4 1833114       UDP *:1199
[EMAIL PROTECTED]:~# grep 1199 /etc/openvpn/003-rowdy-to-kale.conf
port 1199
[EMAIL PROTECTED]:~# grep ^up /etc/openvpn/003-rowdy-to-kale.conf
up "/bin/sh -e /etc/init.d/quagga restart; echo"
up-restart
[EMAIL PROTECTED]:~# /etc/init.d/quagga restart
Stopping Quagga daemons (prio:0): (waiting) .. ospfd (waiting) . zebra
(bgpd) (ripd) (ripngd) (ospf6d) (isisd).
Removing all routes made by zebra.
Nothing to flush.
Loading capability module if not yet done.
Starting Quagga daemons (prio:10): zebra ospfd.
[EMAIL PROTECTED]:~# lsof -ni |grep 1199
openvpn   11354     root    6u  IPv4 1833114       UDP *:1199
[EMAIL PROTECTED]:~#


My system is configured to restart quagga whenever an openvpn tunnel
goes up or down.  It would appear that whenever openvpn spawns a
process, it inherits its file descriptors (including the listening
socket).  This is pretty bad.  you can see from the lsof that it's fd 6
that openvpn is listening on; if I shut down that tunnel without killing
quagga, I cannot start the tunnel again because processes (quagga) are
still "listening" on that port.  I imagine there's all kinds of
additional problems that this could cause.

As a quick workaround, using something that execs a process and closes
all file descriptors will do the trick; ie, sudo or start-stop-daemon:

[EMAIL PROTECTED]:/root# grep ^up /etc/openvpn/003-rowdy-to-kale.conf
up "start-stop-daemon --start --background --exec /etc/init.d/quagga --
restart; echo"
up-restart
[EMAIL PROTECTED]:/root# /etc/init.d/openvpn restart 003-rowdy-to-kale
Stopping virtual private network daemon: 003-rowdy-to-kale.
Starting virtual private network daemon: 003-rowdy-to-kaletun2 1300 1341
10.8.0.17 10.8.0.18 init
(OK).
[EMAIL PROTECTED]:/root# lsof -ni |grep 1199
openvpn   12068     root    6u  IPv4 1895725       UDP *:1199
[EMAIL PROTECTED]:/root#




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to