New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hung connections! #26
Comments
Can you post redsocks.conf too? |
This is the correct one. cat /etc/config/redsocks.conf redsocks { Note: I extended this tool with a new direct method. So that, no proxy is required. The implementation is simple. Basically, do nothing in relay but invoking start relay on read/write callback. It has a customized connect_relay method to connect to destination directly. I will post my code changes here when i got access to my code. |
Ok
Reads like that:
So it looks like quite valid situation. Moreover, age: 19581 is more than default Maybe that's bug in redsocks but there is another possible reason: descriptor leak in your browser (I've seen in in firefox long-long-ago). Open connection leaks to subprocess (e.g. PDF reader) and is stuck there for quite a long time. See http://bugs.debian.org/410671 for details Is 192.168.10.101 linux-based? Can you run And regarding your note: what is the reason to implement |
192.168.10.101 is for a Windows and it was shutdown when I noticed this issue. I plan to add some code in redsocks_shutdown() to detect such case and drop the clients. |
How long was 192.168.10.101 shut down? (to check if keepalive worked or not). I think, the better way is to use TCP_KEEP* options and to detect connection death. Am I right, that some websites are blocked when you connect like that: I would recommend to play with Another option to do quick-check is to run ubuntu live CD on |
Almost right. But, some differences. iptables -j TTL and iptables -j IPID are already applied in router2 as well as MAC clone in router1. |
Ok, I see. |
BTW: keepalive is not a silver bullet: http://lkml.indiana.edu/hypermail/linux/kernel/0508.2/0757.html |
Here is code for implementation of 'direct' method. void redsocks_direct_connect_relay(redsocks_client *client); static void direct_instance_fini(redsocks_instance *instance) void redsocks_direct_connect_relay(redsocks_client *client) |
Have you verified if TCPMSS helps ? |
No. But I will understand this option and try it later. Here is how I understand the hung connections:
|
Patch below works fine for me. diff --git a/redsocks.c b/redsocks.c
// I assume that -1 is invalid errno value |
EOF is forwarded only when the bi-directional connection is established. Thanks to semigodking for describing the test-case in #26 Moreover, linux kernel may reply SYN-ACK with RST if the now-connecting socket is brought down with shutdown(fd, SHUT_WR): connect(26, {sa_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("11.22.33.44")}, 16) = -1 EINPROGRESS (Operation now in progress) IP 192.168.10.254.42578 > 11.22.33.44.8080: Flags [S], seq 813066190, win 27200, options [...], length 0 epoll_ctl(3, EPOLL_CTL_ADD, 26, {EPOLLOUT, {u32=26, u64=26}}) = 0 epoll_wait(3, {{EPOLLIN, {u32=25, u64=25}}}, 32, -1) = 1 clock_gettime(CLOCK_MONOTONIC, {728135, 720450764}) = 0 gettimeofday({1457464453, 327070}, NULL) = 0 ioctl(25, FIONREAD, [0]) = 0 readv(25, [{"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], 1) = 0 epoll_ctl(3, EPOLL_CTL_DEL, 25, {EPOLLIN, {u32=25, u64=25}}) = 0 shutdown(25, SHUT_RD) = 0 shutdown(26, SHUT_WR) = 0 epoll_ctl(3, EPOLL_CTL_DEL, 26, {EPOLLOUT, {u32=26, u64=26}}) = 0 IP 11.22.33.44.8080 > 192.168.10.254.42578: Flags [S.], seq 481785732, ack 813066191, win 65535, options [...], length 0 IP 192.168.10.254.42578 > 11.22.33.44.8080: Flags [R], seq 813066191, win 0, length 0 epoll_wait(3, ...
While running resocks for one/two days, it stops providing service and generates error: too many open files.
After investigation, i believe this issue is caused by hung connections in some cases.
Here is dump for redsocks which runs for less than a day.
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: Dumping client list for instance 0x426288:
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: End of client list.
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: Dumping client list for instance 0x426168:
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: [192.168.10.101:41502->74.125.71.132:80]: client: 63 (-/W) SHUT_RD, relay: 64 (-/-) SHUT_WR, age: 19578 sec, idle: 19525 sec.
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: [192.168.10.101:46380->74.125.71.132:80]: client: 57 (-/W) SHUT_RD, relay: 58 (-/-) SHUT_WR, age: 19578 sec, idle: 19525 sec.
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: [192.168.10.101:60613->74.125.71.132:80]: client: 55 (-/W) SHUT_RD, relay: 56 (-/-) SHUT_WR, age: 19578 sec, idle: 19525 sec.
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: [192.168.10.101:38119->74.125.71.120:80]: client: 53 (-/W) SHUT_RD, relay: 54 (-/-) SHUT_WR, age: 19578 sec, idle: 19525 sec.
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: [192.168.10.101:47581->74.125.71.132:80]: client: 49 (-/W) SHUT_RD, relay: 50 (-/-) SHUT_WR, age: 19581 sec, idle: 19578 sec.
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: [192.168.10.101:37708->74.125.71.132:80]: client: 47 (-/W) SHUT_RD, relay: 48 (-/-) SHUT_WR, age: 19581 sec, idle: 19578 sec.
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: [192.168.10.101:47209->74.125.71.132:80]: client: 45 (-/W) SHUT_RD, relay: 46 (-/-) SHUT_WR, age: 19581 sec, idle: 19578 sec.
Aug 13 14:03:47 OpenWrt daemon.debug redsocks[3823]: [192.168.10.101:53661->74.125.71.120:80]: client: 41 (-/W) SHUT_RD, relay: 42 (-/-) SHUT_WR, age: 19581 sec, idle: 19578 sec.
root@OpenWrt:
# cat /proc/net/sockstat#sockets: used 75
TCP: inuse 6 orphan 0 tw 2 alloc 46 mem 1
UDP: inuse 2
UDPLITE: inuse 0
RAW: inuse 0
FRAG: inuse 0 memory 0
root@OpenWrt:
The text was updated successfully, but these errors were encountered: