Kern Sibbald wrote:
> Hello Frank,
>
> When you run tls-test, what kind of error do you get? Could you show me the
> output? When I run it, the test runs to completion normally.
The test completes normally for me as well. From what I can tell, enabling
TLS doesn't cause the job to reliably fail, but instead creates something
along the lines of a race condition on closing the TCP socket. The difference
can be seen by monitoring the network traffic in the loopback device during
the test. You can either use wireshark, or tcpdump. The tcpdump command
tcpdump -i lo tcp port 8103
will watch all SD related traffic. For a normal job run, the last few packets
would look something like this (extra line breaks added for readability):
10:10:41.174055 IP localhost.localdomain.47823 > localhost.localdomain.8103: .
ack 1154 win 545 <nop,nop,timestamp 1279857681 1279857681>
10:10:41.174370 IP localhost.localdomain.47823 > localhost.localdomain.8103: P
158:162(4) ack 1154 win 545 <nop,nop,timestamp 1279857681 1279857681>
10:10:41.174399 IP localhost.localdomain.8103 > localhost.localdomain.47823: F
1154:1154(0) ack 162 win 512 <nop,nop,timestamp 1279857681 1279857681>
10:10:41.174446 IP localhost.localdomain.47823 > localhost.localdomain.8103: F
162:162(0) ack 1155 win 545 <nop,nop,timestamp 1279857681 1279857681>
10:10:41.174456 IP localhost.localdomain.8103 > localhost.localdomain.47823: .
ack 163 win 512 <nop,nop,timestamp 1279857681 1279857681>
The lines with an 'F' field are the FIN packets that signal a normal socket
close. The TLS test, however, will end with something like this:
10:07:26.545261 IP localhost.localdomain.49843 > localhost.localdomain.8103: P
4807:4844(37) ack 5986 win 772 <nop,nop,timestamp 1279663052 1279663052>
10:07:26.545323 IP localhost.localdomain.8103 > localhost.localdomain.49843: F
5986:5986(0) ack 4844 win 772 <nop,nop,timestamp 1279663052 1279663052>
10:07:26.545341 IP localhost.localdomain.8103 > localhost.localdomain.49843: R
5987:5987(0) ack 4844 win 772 <nop,nop,timestamp 1279663052 1279663052>
10:07:26.545422 IP localhost.localdomain.49843 > localhost.localdomain.8103: R
4844:4844(0) ack 5987 win 772 <nop,nop,timestamp 1279663052 1279663052>
The 'R' flags show that the TCP session closed down with RST packets, in what
the OS considers an unclean state. So far, every time that the connection
closed by peer error has occurred, TLS has been enabled, and the socket closed
with with RST instead of FIN.
So far I have seen this on my system, an FC 6 SD/Dir server, with clients
running FC 6, FC 4, and Windows XP. Dan Langille was also good enough to
provide me with a pair of packet captures that show the same correlation
between TLS and RST on FreeBSD as well.
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Bacula-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-devel
