> So if the client disconnected and a packet with wrong checksum is
> received, that block occurs, as ocserv depended on select() to check for
> data. I've modified ocserv to use non-blocking sockets in master to
> avoid that. It seems to work fine in my setup, but I'd like to have more
> testing prior to a release.
After 20+ hours, there seem to be no negative effects.
I did notice something else, possibly related. A worker that?s not shut
down after the DPD timeout has long passed:
Oct 7 17:43:15 yocimuvu ocserv[5087]: sec-mod: received request from pid 3079 and uid 65534
Oct 7 18:51:01 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (199 secs, DPD is 90)
Oct 7 18:55:06 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (181 secs, DPD is 90)
Oct 7 18:55:36 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (211 secs, DPD is 90)
Oct 7 18:56:09 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (244 secs, DPD is 90)
Oct 7 19:04:44 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (185 secs, DPD is 90)
Oct 7 19:05:14 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (215 secs, DPD is 90)
Oct 7 19:19:11 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (181 secs, DPD is 90)
Oct 7 19:19:41 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (211 secs, DPD is 90)
Oct 7 19:23:24 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (189 secs, DPD is 90)
Oct 7 19:35:40 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (207 secs, DPD is 90)
Oct 7 19:51:30 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (193 secs, DPD is 90)
Oct 7 20:03:12 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (190 secs, DPD is 90)
Oct 7 20:03:45 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (223 secs, DPD is 90)
Oct 7 20:17:07 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (183 secs, DPD is 90)
Oct 7 20:17:42 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (218 secs, DPD is 90)
Oct 7 20:23:27 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (182 secs, DPD is 90)
Oct 7 20:34:21 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (212 secs, DPD is 90)
Oct 7 20:48:20 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (187 secs, DPD is 90)
Oct 7 20:48:51 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (218 secs, DPD is 90)
Oct 7 20:49:21 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (248 secs, DPD is 90)
Just in case this helps:
#1 0x000000000040ae1f in connect_handler (ws=ws at entry=0x19142f0) at worker-vpn.c:1932
req = 0x1914308
rfds = {fds_bits = {8592, 0 <repeats 15 times>}}
e = <optimized out>
max = 13
ret = <optimized out>
t = 2048
p = <optimized out>
tv = {tv_sec = 10, tv_nsec = 0}
tls_pending = 0
dtls_pending = 0
i = <optimized out>
tnow = {tv_sec = 1412686871, tv_nsec = 394033000}
proto_overhead = 28
ip6 = <optimized out>
sl = 4
emptyset = {__val = {0 <repeats 16 times>}}
blockset = {__val = {16384, 0 <repeats 15 times>}}
#2 0x000000000040cb84 in vpn_server (ws=ws at entry=0x19142f0) at worker-vpn.c:829
buf = "CONNECT /CSCOSSLC/tunnel HTTP/1.1\r\nHost: XXXX\r\nUser-Agent: OpenConnect VPN Agent (Java) v5.99-unknown\r\nCookie: webvpn=6i0hfAc2pOSZg6MFm7Ps0RZ5D6SHNoOWzdb79CcsSgURxiV705Yn0mq1WiC6uO9qvrobMqeb"...
ret = <optimized out>
nparsed = <optimized out>
nrecvd = <optimized out>
session = 0x1ba3e30
parser = {type = 0, flags = 0, state = 18, header_state = 0, index = 0, nread = 0, content_length = 18446744073709551615, http_major = 1, http_minor = 1, status_code = 0, method = 5, http_errno = 0,
upgrade = 1, data = 0x19142f0}
settings = {on_message_begin = 0, on_url = 0x409000 <url_cb>, on_status = 0, on_header_field = 0x4097c0 <header_field_cb>, on_header_value = 0x409840 <header_value_cb>,
on_headers_complete = 0x4097a0 <header_complete_cb>, on_body = 0x409100 <body_cb>, on_message_complete = 0x408ed0 <message_complete_cb>}
requests_left = <optimized out>
#3 0x000000000040772f in main (argc=<optimized out>, argv=<optimized out>) at main.c:1158
stype = 0
fd = 8
pid = <optimized out>
e = <optimized out>
ltmp = <optimized out>
ctmp = <optimized out>
cpos = <optimized out>
rd_set = {fds_bits = {16, 0 <repeats 15 times>}}
wr_set = {fds_bits = {0 <repeats 16 times>}}
n = 16
ret = <optimized out>
flags = <optimized out>
ts = {tv_sec = 30, tv_nsec = 0}
cmd_fd = {12, 13}
ws = 0x19142f0
worker_pool = <optimized out>
main_pool = 0x190a4c0
set = <optimized out>
s = 0x1914550
emptyset = {__val = {0 <repeats 16 times>}}
blockset = {__val = {90115, 0 <repeats 15 times>}}
creds = {xcred = 0x190b8a0, cprio = 0x1910840, dh_params = 0x18f1760}
Regards,
Niels
