Small patch for check_nrpe.c

Andreas Ericsson ae at op5.se
Fri Sep 1 15:53:00 CEST 2006


Mark Plaksin wrote:
> Andreas Ericsson <ae at op5.se> writes:
>>
>> Did you do the packet-trace between NAT -> HPUX and Nagios -> NAT at the 
>> same time, or only on one side?
> 
> We actually mirrored all the ports involved (Nagios server plus 6 clients)
> onto a single switch port and ran the trace on the mirrored port.  That
> made it a bit hard to read in Ethereal's (uh, I mean Wireshark's!) GUI.
> Wireshark thought there were lots of retransmissions and the like because
> it was seeing the same packet as it went out the server's port and into the
> client's port.  Had I been thinking I might have run two traces--one of the
> server's port and one of the clients' ports.
> 
> But Jay was able to make sense of the trace and come up with a theory and a
> solution :)  So we didn't redo the trace.  I still have it and could send
> the snippet that shows the problem.

Dear gods no. ;-) Thanks anyway though.
Save it in case you run into a similar problem later though.

>>
>> Btw, Linux uses ports ~45000 up to ~65000 in a round-robin manner, so on 
>> a system with 20000 outbound connection attempts in the interval you 
>> have between each check towards the failing system, you'll end up in the 
>> rough neighbourhood of the same port-number. Some checks initiate more 
>> than one connection, so for a busy Nagios server this isn't an unlikely 
>> scenario.
> 
> Jay said that 2.4 kernels use round-robin and 2.6 kernels select ports
> randomly (from a given range).  I couldn't find this explicitly stated
> anywhere but I probably wasn't searching/reading the right way/thing.
> 

Ah, true that.
  $ sed -n 81,85p net/ipv4/inet_connection_sock.c
on the master branch of the current linux repo obviously proves him right:

     if (!snum) {
         int low = sysctl_local_port_range[0];
         int high = sysctl_local_port_range[1];
         int remaining = (high - low) + 1;
         int rover = net_random() % (high - low) + low;

some error-checking stuff follows, but in essence, this is the top of 
the code that determines what port an outgoing socket will receive.

A bit embarrassing that I even mentioned the same function this code 
resides in in an earlier mail *blush*.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642




More information about the Developers mailing list