Re: [Nagios-devel] Small patch for check_nrpe.c
Posted: Fri Sep 01, 2006 5:53 am
Mark Plaksin wrote:
> Andreas Ericsson writes:
>>
>> Did you do the packet-trace between NAT -> HPUX and Nagios -> NAT at the
>> same time, or only on one side?
>
> We actually mirrored all the ports involved (Nagios server plus 6 clients)
> onto a single switch port and ran the trace on the mirrored port. That
> made it a bit hard to read in Ethereal's (uh, I mean Wireshark's!) GUI.
> Wireshark thought there were lots of retransmissions and the like because
> it was seeing the same packet as it went out the server's port and into the
> client's port. Had I been thinking I might have run two traces--one of the
> server's port and one of the clients' ports.
>
> But Jay was able to make sense of the trace and come up with a theory and a
> solution
So we didn't redo the trace. I still have it and could send
> the snippet that shows the problem.
Dear gods no.
Thanks anyway though.
Save it in case you run into a similar problem later though.
>>
>> Btw, Linux uses ports ~45000 up to ~65000 in a round-robin manner, so on
>> a system with 20000 outbound connection attempts in the interval you
>> have between each check towards the failing system, you'll end up in the
>> rough neighbourhood of the same port-number. Some checks initiate more
>> than one connection, so for a busy Nagios server this isn't an unlikely
>> scenario.
>
> Jay said that 2.4 kernels use round-robin and 2.6 kernels select ports
> randomly (from a given range). I couldn't find this explicitly stated
> anywhere but I probably wasn't searching/reading the right way/thing.
>
Ah, true that.
$ sed -n 81,85p net/ipv4/inet_connection_sock.c
on the master branch of the current linux repo obviously proves him right:
if (!snum) {
int low = sysctl_local_port_range[0];
int high = sysctl_local_port_range[1];
int remaining = (high - low) + 1;
int rover = net_random() % (high - low) + low;
some error-checking stuff follows, but in essence, this is the top of
the code that determines what port an outgoing socket will receive.
A bit embarrassing that I even mentioned the same function this code
resides in in an earlier mail *blush*.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> Andreas Ericsson writes:
>>
>> Did you do the packet-trace between NAT -> HPUX and Nagios -> NAT at the
>> same time, or only on one side?
>
> We actually mirrored all the ports involved (Nagios server plus 6 clients)
> onto a single switch port and ran the trace on the mirrored port. That
> made it a bit hard to read in Ethereal's (uh, I mean Wireshark's!) GUI.
> Wireshark thought there were lots of retransmissions and the like because
> it was seeing the same packet as it went out the server's port and into the
> client's port. Had I been thinking I might have run two traces--one of the
> server's port and one of the clients' ports.
>
> But Jay was able to make sense of the trace and come up with a theory and a
> solution
So we didn't redo the trace. I still have it and could send> the snippet that shows the problem.
Dear gods no.
Thanks anyway though.Save it in case you run into a similar problem later though.
>>
>> Btw, Linux uses ports ~45000 up to ~65000 in a round-robin manner, so on
>> a system with 20000 outbound connection attempts in the interval you
>> have between each check towards the failing system, you'll end up in the
>> rough neighbourhood of the same port-number. Some checks initiate more
>> than one connection, so for a busy Nagios server this isn't an unlikely
>> scenario.
>
> Jay said that 2.4 kernels use round-robin and 2.6 kernels select ports
> randomly (from a given range). I couldn't find this explicitly stated
> anywhere but I probably wasn't searching/reading the right way/thing.
>
Ah, true that.
$ sed -n 81,85p net/ipv4/inet_connection_sock.c
on the master branch of the current linux repo obviously proves him right:
if (!snum) {
int low = sysctl_local_port_range[0];
int high = sysctl_local_port_range[1];
int remaining = (high - low) + 1;
int rover = net_random() % (high - low) + low;
some error-checking stuff follows, but in essence, this is the top of
the code that determines what port an outgoing socket will receive.
A bit embarrassing that I even mentioned the same function this code
resides in in an earlier mail *blush*.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]