Thanks for the reply. Is there any way to predict what additional ports will be opened? Without that, we would be forced to have a more open firewall policy than we would like? Another solution would be to make the opening of additional ports an feature we could turn off. -----Original Message----- From: Steven Dake [mailto:sdake@xxxxxxxxxx] Sent: Monday, May 14, 2012 9:24 AM To: Bryan Bartone Cc: discuss@xxxxxxxxxxxx Subject: Re: corosync udpu mystery ports On 05/08/2012 07:22 AM, Bryan Bartone wrote: > Hi Steven - > > Thanks for the response. These are definitely not unix domain sockets: > > udp 0 0 0.0.0.0:60174 0.0.0.0:* 16198/corosync > udp 0 0 0.0.0.0:49193 0.0.0.0:* 16198/corosync > udp 0 0 192.168.40.19:694 0.0.0.0:* 16198/corosync > udp 0 0 192.168.10.19:694 0.0.0.0:* 16198/corosync > udp 0 0 0.0.0.0:34366 0.0.0.0:* 16198/corosync > udp 0 0 0.0.0.0:35409 0.0.0.0:* 16198/corosync > > Here is the related corosync config section: > > interface { > member { > memberaddr: 192.168.10.20 > } > member { > memberaddr: 192.168.10.19 > } > ringnumber: 0 > bindnetaddr: 192.168.10.0 > mcastport: 694 > ttl: 1 > } > interface { > member { > memberaddr: 192.168.40.220 > } > member { > memberaddr: 192.168.40.19 > } > ringnumber: 1 > bindnetaddr: 192.168.40.0 > mcastport: 694 > ttl: 1 > } > transport: udpu > rrp_mode: passive > > > -----Original Message----- > From: Steven Dake [mailto:sdake@xxxxxxxxxx] > Sent: Tuesday, May 01, 2012 11:22 AM > To: Bryan Bartone > Cc: discuss@xxxxxxxxxxxx > Subject: Re: corosync udpu mystery ports > > On 05/01/2012 08:10 AM, Bryan Bartone wrote: >> First, thanks for taking the time to read this email. I am using >> corosync and pacemaker on a security appliance we manufacture. I am >> running udpu mode. I see that for each interface I define, there is >> a udp listening socket using the mcastport I defined in corosync.conf >> and two other ephemeral listening ports. The mcastaddr port is bound >> to the interface I defined in corosync.conf. The ephemeral ports are bound to >> all interfaces. I would like to know what the purpose of those ports >> are, and why they are bound to 0.0.0.0. Thanks. >> >> Thanks to Honza for sorting this out: UDPU mode creates a socket descriptor per node in the configuration. The reason it does this is to avoid overloading one socket file descriptor under heavy load conditions. I believe the bug you see is that these sockets _should_ be bound to the bindnetaddr, rather then ANY. Regards -steve >> >> >> >> _______________________________________________ >> discuss mailing list >> discuss@xxxxxxxxxxxx >> http://lists.corosync.org/mailman/listinfo/discuss > > Probably a bug (udpu is a new feature). There should be one port for incoming packets and one port for outgoing packets, all bound to the proper interface. One of the listening ports may be a unix domain socke (used to setup shared memory ipc)t, are you sure that isn't the case? _______________________________________________ discuss mailing list discuss@xxxxxxxxxxxx http://lists.corosync.org/mailman/listinfo/discuss
