On Saturday 23 June 2007 21:29, Frank Sweetser wrote: > Kern Sibbald wrote: > > Hello Frank, > > > > When you run tls-test, what kind of error do you get? Could you show me the > > output? When I run it, the test runs to completion normally. > > The test completes normally for me as well. From what I can tell, enabling > TLS doesn't cause the job to reliably fail, but instead creates something > along the lines of a race condition on closing the TCP socket. The difference > can be seen by monitoring the network traffic in the loopback device during > the test. You can either use wireshark, or tcpdump. The tcpdump command > > tcpdump -i lo tcp port 8103 > > will watch all SD related traffic. For a normal job run, the last few packets > would look something like this (extra line breaks added for readability):
I may want to look at tcpdump output later, but at the current time, I don't understand what the error is as far as Bacula sees it. Normally the socket is closed by the side sending the data, so there should be no race conditions. From what I recall from your bug report the error occurred in the middle of a transmission, but now you are talking about closing the socket, and that I don't understand. At the point that Bacula is closing the socket, to the best of my knowledge it ignores any errors. So, could you start by explaining this from the top down rather than from the bottom up? Regards, Kern > > 10:10:41.174055 IP localhost.localdomain.47823 > localhost.localdomain.8103: . > ack 1154 win 545 <nop,nop,timestamp 1279857681 1279857681> > > 10:10:41.174370 IP localhost.localdomain.47823 > localhost.localdomain.8103: P > 158:162(4) ack 1154 win 545 <nop,nop,timestamp 1279857681 1279857681> > > 10:10:41.174399 IP localhost.localdomain.8103 > localhost.localdomain.47823: F > 1154:1154(0) ack 162 win 512 <nop,nop,timestamp 1279857681 1279857681> > > 10:10:41.174446 IP localhost.localdomain.47823 > localhost.localdomain.8103: F > 162:162(0) ack 1155 win 545 <nop,nop,timestamp 1279857681 1279857681> > > 10:10:41.174456 IP localhost.localdomain.8103 > localhost.localdomain.47823: . > ack 163 win 512 <nop,nop,timestamp 1279857681 1279857681> > > The lines with an 'F' field are the FIN packets that signal a normal socket > close. The TLS test, however, will end with something like this: > > 10:07:26.545261 IP localhost.localdomain.49843 > localhost.localdomain.8103: P > 4807:4844(37) ack 5986 win 772 <nop,nop,timestamp 1279663052 1279663052> > > 10:07:26.545323 IP localhost.localdomain.8103 > localhost.localdomain.49843: F > 5986:5986(0) ack 4844 win 772 <nop,nop,timestamp 1279663052 1279663052> > > 10:07:26.545341 IP localhost.localdomain.8103 > localhost.localdomain.49843: R > 5987:5987(0) ack 4844 win 772 <nop,nop,timestamp 1279663052 1279663052> > > 10:07:26.545422 IP localhost.localdomain.49843 > localhost.localdomain.8103: R > 4844:4844(0) ack 5987 win 772 <nop,nop,timestamp 1279663052 1279663052> > > The 'R' flags show that the TCP session closed down with RST packets, in what > the OS considers an unclean state. So far, every time that the connection > closed by peer error has occurred, TLS has been enabled, and the socket closed > with with RST instead of FIN. > > So far I have seen this on my system, an FC 6 SD/Dir server, with clients > running FC 6, FC 4, and Windows XP. Dan Langille was also good enough to > provide me with a pair of packet captures that show the same correlation > between TLS and RST on FreeBSD as well. > > -- > Frank Sweetser fs at wpi.edu | For every problem, there is a solution that > WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken > GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-devel
