Restarting ocserv doesn't clean up all workers
Niels Peen
niels at peen.ch
Sat Oct 4 06:36:55 PDT 2014
> It is printed on debug level. I've modified it now to print it on info
> level, but you should see something like:
> "main: termination request received; waiting for children to die"
>
> Seeing it again there may be an issue in the way waitpid() is handled.
> That should fix it:
> http://git.infradead.org/ocserv.git/commitdiff/accdb24050a1de06c0408c9d783aa0575e35e831
The problem seems to starts earlier than that. When I let the server untouched for a while
users started complaining that logins were rejected. The log indicates that ocserv believes
these users are already connected a maximum number of times:
ocserv[21306]: main: 1.2.3.4:58843 user ‘XYZ' tried to connect more than 2 times
Doing a tcpdump on the interfaces created for this user showed no traffic at all, which is
unlikely is something was truly connected.
Just to be sure I also did a tcpdump on the external interface to see if there was at least
some DPD traffic going to the client’s IP. There was none.
Typical strace for these processes:
strace -p 21306
Process 21306 attached - interrupt to quit
recvfrom(8,
These are also the processes that didn’t die after I restart ocserv.
Regards,
Niels
More information about the openconnect-devel
mailing list