Small patch for check_nrpe.c
Andreas Ericsson
ae at op5.se
Fri Sep 1 15:53:00 CEST 2006
Mark Plaksin wrote:
> Andreas Ericsson <ae at op5.se> writes:
>>
>> Did you do the packet-trace between NAT -> HPUX and Nagios -> NAT at the
>> same time, or only on one side?
>
> We actually mirrored all the ports involved (Nagios server plus 6 clients)
> onto a single switch port and ran the trace on the mirrored port. That
> made it a bit hard to read in Ethereal's (uh, I mean Wireshark's!) GUI.
> Wireshark thought there were lots of retransmissions and the like because
> it was seeing the same packet as it went out the server's port and into the
> client's port. Had I been thinking I might have run two traces--one of the
> server's port and one of the clients' ports.
>
> But Jay was able to make sense of the trace and come up with a theory and a
> solution :) So we didn't redo the trace. I still have it and could send
> the snippet that shows the problem.
Dear gods no. ;-) Thanks anyway though.
Save it in case you run into a similar problem later though.
>>
>> Btw, Linux uses ports ~45000 up to ~65000 in a round-robin manner, so on
>> a system with 20000 outbound connection attempts in the interval you
>> have between each check towards the failing system, you'll end up in the
>> rough neighbourhood of the same port-number. Some checks initiate more
>> than one connection, so for a busy Nagios server this isn't an unlikely
>> scenario.
>
> Jay said that 2.4 kernels use round-robin and 2.6 kernels select ports
> randomly (from a given range). I couldn't find this explicitly stated
> anywhere but I probably wasn't searching/reading the right way/thing.
>
Ah, true that.
$ sed -n 81,85p net/ipv4/inet_connection_sock.c
on the master branch of the current linux repo obviously proves him right:
if (!snum) {
int low = sysctl_local_port_range[0];
int high = sysctl_local_port_range[1];
int remaining = (high - low) + 1;
int rover = net_random() % (high - low) + low;
some error-checking stuff follows, but in essence, this is the top of
the code that determines what port an outgoing socket will receive.
A bit embarrassing that I even mentioned the same function this code
resides in in an earlier mail *blush*.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
More information about the Developers
mailing list