On Thu, Jan 21, 2010 at 3:21 AM, Steve Hill <st...@nexusuk.org> wrote:
> On Wed, 20 Jan 2010, Brett Henderson wrote: > > Matt's suggestion of running under strace might be the way to go here. >> I've >> never seen anything like this before. >> > > Got it! > > For some reason, one of the threads creates a PF_INET6 socket on an > ephemeral port, listenning on all network interfaces. The same thread then > creates a connection to that socket. Due to a misconfiguration on my > server, ip6tables was set to drop looped back IPv6 traffic, so it was > sitting there waiting for the connection to time out. > > Fixing the ip6tables config to allow looped bak IPv6 traffic has resolved > the problem. > Nice work! I'll try to remember this. I remember somebody on another list having similar problems with osm2pgsql and IPv6 the other day ... > > Some odd notes: > > 1. This connection can't be especially important since it was able to carry > on working just fine without the connection present. > 2. Since it is on an ephemeral port, the socket is presumably only be used > for internal communication between threads - as such, using a socket that is > listenning for connections on all network interfaces seems like a really bad > idea. This sort of stuff should be done with unix domain sockets, not > public network sockets. > 3. Of course, I have no idea if Osmosis or the JVM itself is responsible > for this. :) It must be the JVM ... The only socket stuff Osmosis does is making HTTP requests, it never listens on sockets. I'm very surprised it's listening on all interfaces though. I know there's some debug and profiling type ports that Java 6 opens but I thought they were only available locally and I (perhaps wrongly) assumed they were secured in some way (eg. You can connect using the jconsole tool and get stats on running JVMs). When I get a chance I'll take a look at it, but I suspect there's no much I can do about it. I'd be surprised if there was a security risk created by this, but who knows ... Brett
_______________________________________________ dev mailing list dev@openstreetmap.org http://lists.openstreetmap.org/listinfo/dev