On Sat, 2014-10-04 at 21:36 +0800, Niels Peen wrote: > > Seeing it again there may be an issue in the way waitpid() is handled. > > That should fix it: > > http://git.infradead.org/ocserv.git/commitdiff/accdb24050a1de06c0408c9d783aa0575e35e831 > The problem seems to starts earlier than that. When I let the server untouched for a while > users started complaining that logins were rejected. The log indicates that ocserv believes > these users are already connected a maximum number of times: > ocserv[21306]: main: 1.2.3.4:58843 user ?XYZ' tried to connect more than 2 times > Doing a tcpdump on the interfaces created for this user showed no traffic at all, which is > unlikely is something was truly connected. So, if I understand correctly, there was a user connection at some point, which go stuck? > Just to be sure I also did a tcpdump on the external interface to see if there was at least > some DPD traffic going to the client?s IP. There was none. > Typical strace for these processes: > strace -p 21306 > Process 21306 attached - interrupt to quit > recvfrom(8, There are numerous places where this could occur. Would it be possible to run: $ gdb /usr/sbin/ocserv 21306 $ bt full > These are also the processes that didn?t die after I restart ocserv. There is a debug level log which should say: "removing client 'XYZ' with id 'PID' Do you see that message for these specific clients? regards, Nikos
